|
|
|
@@ -472,12 +472,6 @@ func (hc *halfConn) encrypt(b *block, explicitIVLen int) (bool, alert) { |
|
|
|
case aead: |
|
|
|
// explicitIVLen is always 0 for TLS1.3 |
|
|
|
payloadLen := len(b.data) - recordHeaderLen - explicitIVLen |
|
|
|
overhead := c.Overhead() |
|
|
|
if hc.version >= VersionTLS13 { |
|
|
|
overhead++ // TODO(kk): why this is done? |
|
|
|
} |
|
|
|
b.resize(len(b.data) + overhead) |
|
|
|
|
|
|
|
nonce := b.data[recordHeaderLen : recordHeaderLen+explicitIVLen] |
|
|
|
if len(nonce) == 0 { |
|
|
|
nonce = hc.seq[:] |
|
|
|
@@ -491,19 +485,23 @@ func (hc *halfConn) encrypt(b *block, explicitIVLen int) (bool, alert) { |
|
|
|
copy(hc.additionalData[8:], b.data[:3]) |
|
|
|
binary.BigEndian.PutUint16(hc.additionalData[11:], uint16(payloadLen)) |
|
|
|
additionalData = hc.additionalData[:] |
|
|
|
b.resize(len(b.data) + c.Overhead()) |
|
|
|
} else { |
|
|
|
// opaque type |
|
|
|
payload = payload[:len(payload)+1] |
|
|
|
payload[len(payload)-1] = b.data[0] |
|
|
|
// 1 byte of content type is appended to payload and encrypted |
|
|
|
payload = append(payload, b.data[0]) |
|
|
|
|
|
|
|
// opaque_type |
|
|
|
b.data[0] = byte(recordTypeApplicationData) |
|
|
|
|
|
|
|
// Add AD header, see 5.2 of RFC8446 |
|
|
|
additionalData = make([]byte, 5) |
|
|
|
additionalData[0] = byte(recordTypeApplicationData) |
|
|
|
additionalData[0] = b.data[0] |
|
|
|
binary.BigEndian.PutUint16(additionalData[1:], VersionTLS12) |
|
|
|
binary.BigEndian.PutUint16(additionalData[3:], uint16(payloadLen+overhead)) |
|
|
|
} |
|
|
|
binary.BigEndian.PutUint16(additionalData[3:], uint16(len(payload)+c.Overhead())) |
|
|
|
|
|
|
|
// make room for TLSCiphertext.encrypted_record |
|
|
|
b.resize(len(payload) + recordHeaderLen + c.Overhead()) |
|
|
|
} |
|
|
|
c.Seal(payload[:0], nonce, payload, additionalData) |
|
|
|
case cbcMode: |
|
|
|
blockSize := c.BlockSize() |
|
|
|
|
GitHub