refactors record encryption code (#122)

Este commit está contenido en:
Henry Case 2018-08-13 11:45:26 +01:00 cometido por GitHub
padre e81269b57e
commit a21fd9c1bc
No se encontró ninguna clave conocida en la base de datos para esta firma
ID de clave GPG: 4AEE18F83AFDEB23

22
conn.go
Ver fichero

@ -472,12 +472,6 @@ func (hc *halfConn) encrypt(b *block, explicitIVLen int) (bool, alert) {
case aead:
// explicitIVLen is always 0 for TLS1.3
payloadLen := len(b.data) - recordHeaderLen - explicitIVLen
overhead := c.Overhead()
if hc.version >= VersionTLS13 {
overhead++ // TODO(kk): why this is done?
}
b.resize(len(b.data) + overhead)
nonce := b.data[recordHeaderLen : recordHeaderLen+explicitIVLen]
if len(nonce) == 0 {
nonce = hc.seq[:]
@ -491,19 +485,23 @@ func (hc *halfConn) encrypt(b *block, explicitIVLen int) (bool, alert) {
copy(hc.additionalData[8:], b.data[:3])
binary.BigEndian.PutUint16(hc.additionalData[11:], uint16(payloadLen))
additionalData = hc.additionalData[:]
b.resize(len(b.data) + c.Overhead())
} else {
// opaque type
payload = payload[:len(payload)+1]
payload[len(payload)-1] = b.data[0]
// 1 byte of content type is appended to payload and encrypted
payload = append(payload, b.data[0])
// opaque_type
b.data[0] = byte(recordTypeApplicationData)
// Add AD header, see 5.2 of RFC8446
additionalData = make([]byte, 5)
additionalData[0] = byte(recordTypeApplicationData)
additionalData[0] = b.data[0]
binary.BigEndian.PutUint16(additionalData[1:], VersionTLS12)
binary.BigEndian.PutUint16(additionalData[3:], uint16(payloadLen+overhead))
}
binary.BigEndian.PutUint16(additionalData[3:], uint16(len(payload)+c.Overhead()))
// make room for TLSCiphertext.encrypted_record
b.resize(len(payload) + recordHeaderLen + c.Overhead())
}
c.Seal(payload[:0], nonce, payload, additionalData)
case cbcMode:
blockSize := c.BlockSize()