refactors record encryption code (#122)
This commit is contained in:
parent
e81269b57e
commit
a21fd9c1bc
22
conn.go
22
conn.go
@ -472,12 +472,6 @@ func (hc *halfConn) encrypt(b *block, explicitIVLen int) (bool, alert) {
|
|||||||
case aead:
|
case aead:
|
||||||
// explicitIVLen is always 0 for TLS1.3
|
// explicitIVLen is always 0 for TLS1.3
|
||||||
payloadLen := len(b.data) - recordHeaderLen - explicitIVLen
|
payloadLen := len(b.data) - recordHeaderLen - explicitIVLen
|
||||||
overhead := c.Overhead()
|
|
||||||
if hc.version >= VersionTLS13 {
|
|
||||||
overhead++ // TODO(kk): why this is done?
|
|
||||||
}
|
|
||||||
b.resize(len(b.data) + overhead)
|
|
||||||
|
|
||||||
nonce := b.data[recordHeaderLen : recordHeaderLen+explicitIVLen]
|
nonce := b.data[recordHeaderLen : recordHeaderLen+explicitIVLen]
|
||||||
if len(nonce) == 0 {
|
if len(nonce) == 0 {
|
||||||
nonce = hc.seq[:]
|
nonce = hc.seq[:]
|
||||||
@ -491,19 +485,23 @@ func (hc *halfConn) encrypt(b *block, explicitIVLen int) (bool, alert) {
|
|||||||
copy(hc.additionalData[8:], b.data[:3])
|
copy(hc.additionalData[8:], b.data[:3])
|
||||||
binary.BigEndian.PutUint16(hc.additionalData[11:], uint16(payloadLen))
|
binary.BigEndian.PutUint16(hc.additionalData[11:], uint16(payloadLen))
|
||||||
additionalData = hc.additionalData[:]
|
additionalData = hc.additionalData[:]
|
||||||
|
b.resize(len(b.data) + c.Overhead())
|
||||||
} else {
|
} else {
|
||||||
// opaque type
|
// 1 byte of content type is appended to payload and encrypted
|
||||||
payload = payload[:len(payload)+1]
|
payload = append(payload, b.data[0])
|
||||||
payload[len(payload)-1] = b.data[0]
|
|
||||||
|
// opaque_type
|
||||||
b.data[0] = byte(recordTypeApplicationData)
|
b.data[0] = byte(recordTypeApplicationData)
|
||||||
|
|
||||||
// Add AD header, see 5.2 of RFC8446
|
// Add AD header, see 5.2 of RFC8446
|
||||||
additionalData = make([]byte, 5)
|
additionalData = make([]byte, 5)
|
||||||
additionalData[0] = byte(recordTypeApplicationData)
|
additionalData[0] = b.data[0]
|
||||||
binary.BigEndian.PutUint16(additionalData[1:], VersionTLS12)
|
binary.BigEndian.PutUint16(additionalData[1:], VersionTLS12)
|
||||||
binary.BigEndian.PutUint16(additionalData[3:], uint16(payloadLen+overhead))
|
binary.BigEndian.PutUint16(additionalData[3:], uint16(len(payload)+c.Overhead()))
|
||||||
}
|
|
||||||
|
|
||||||
|
// make room for TLSCiphertext.encrypted_record
|
||||||
|
b.resize(len(payload) + recordHeaderLen + c.Overhead())
|
||||||
|
}
|
||||||
c.Seal(payload[:0], nonce, payload, additionalData)
|
c.Seal(payload[:0], nonce, payload, additionalData)
|
||||||
case cbcMode:
|
case cbcMode:
|
||||||
blockSize := c.BlockSize()
|
blockSize := c.BlockSize()
|
||||||
|
Loading…
Reference in New Issue
Block a user