prepareCiphertextRecord
Source
Implementation
fn prepareCiphertextRecord(
c: *Client,
ciphertext_buf: []u8,
bytes: []const u8,
inner_content_type: tls.ContentType,
) struct {
ciphertext_end: usize,
cleartext_len: usize,
} {
// Due to the trailing inner content type byte in the ciphertext, we need
// an additional buffer for storing the cleartext into before encrypting.
var cleartext_buf: [max_ciphertext_len]u8 = undefined;
var ciphertext_end: usize = 0;
var bytes_i: usize = 0;
switch (c.application_cipher) {
inline else => |*p| switch (c.tls_version) {
.tls_1_3 => {
const pv = &p.tls_1_3;
const P = @TypeOf(p.*);
const overhead_len = tls.record_header_len + P.AEAD.tag_length + 1;
while (true) {
const encrypted_content_len: u16 = @min(
bytes.len - bytes_i,
tls.max_ciphertext_inner_record_len,
ciphertext_buf.len -| (overhead_len + ciphertext_end),
);
if (encrypted_content_len == 0) return .{
.ciphertext_end = ciphertext_end,
.cleartext_len = bytes_i,
};
@memcpy(cleartext_buf[0..encrypted_content_len], bytes[bytes_i..][0..encrypted_content_len]);
cleartext_buf[encrypted_content_len] = @intFromEnum(inner_content_type);
bytes_i += encrypted_content_len;
const ciphertext_len = encrypted_content_len + 1;
const cleartext = cleartext_buf[0..ciphertext_len];
const ad = ciphertext_buf[ciphertext_end..][0..tls.record_header_len];
ad.* = .{@intFromEnum(tls.ContentType.application_data)} ++
int(u16, @intFromEnum(tls.ProtocolVersion.tls_1_2)) ++
int(u16, ciphertext_len + P.AEAD.tag_length);
ciphertext_end += ad.len;
const ciphertext = ciphertext_buf[ciphertext_end..][0..ciphertext_len];
ciphertext_end += ciphertext_len;
const auth_tag = ciphertext_buf[ciphertext_end..][0..P.AEAD.tag_length];
ciphertext_end += auth_tag.len;
const nonce = nonce: {
const V = @Vector(P.AEAD.nonce_length, u8);
const pad = [1]u8{0} ** (P.AEAD.nonce_length - 8);
const operand: V = pad ++ mem.toBytes(big(c.write_seq));
break :nonce @as(V, pv.client_iv) ^ operand;
};
P.AEAD.encrypt(ciphertext, auth_tag, cleartext, ad, nonce, pv.client_key);
c.write_seq += 1; // TODO send key_update on overflow
}
},
.tls_1_2 => {
const pv = &p.tls_1_2;
const P = @TypeOf(p.*);
const overhead_len = tls.record_header_len + P.record_iv_length + P.mac_length;
while (true) {
const message_len: u16 = @min(
bytes.len - bytes_i,
tls.max_ciphertext_inner_record_len,
ciphertext_buf.len -| (overhead_len + ciphertext_end),
);
if (message_len == 0) return .{
.ciphertext_end = ciphertext_end,
.cleartext_len = bytes_i,
};
@memcpy(cleartext_buf[0..message_len], bytes[bytes_i..][0..message_len]);
bytes_i += message_len;
const cleartext = cleartext_buf[0..message_len];
const record_header = ciphertext_buf[ciphertext_end..][0..tls.record_header_len];
ciphertext_end += tls.record_header_len;
record_header.* = .{@intFromEnum(inner_content_type)} ++
int(u16, @intFromEnum(tls.ProtocolVersion.tls_1_2)) ++
int(u16, P.record_iv_length + message_len + P.mac_length);
const ad = mem.toBytes(big(c.write_seq)) ++ record_header[0 .. 1 + 2] ++ int(u16, message_len);
const record_iv = ciphertext_buf[ciphertext_end..][0..P.record_iv_length];
ciphertext_end += P.record_iv_length;
const nonce: [P.AEAD.nonce_length]u8 = nonce: {
const V = @Vector(P.AEAD.nonce_length, u8);
const pad = [1]u8{0} ** (P.AEAD.nonce_length - 8);
const operand: V = pad ++ @as([8]u8, @bitCast(big(c.write_seq)));
break :nonce @as(V, pv.client_write_IV ++ pv.client_salt) ^ operand;
};
record_iv.* = nonce[P.fixed_iv_length..].*;
const ciphertext = ciphertext_buf[ciphertext_end..][0..message_len];
ciphertext_end += message_len;
const auth_tag = ciphertext_buf[ciphertext_end..][0..P.mac_length];
ciphertext_end += P.mac_length;
P.AEAD.encrypt(ciphertext, auth_tag, cleartext, ad, nonce, pv.client_write_key);
c.write_seq += 1; // TODO send key_update on overflow
}
},
else => unreachable,
},
}
}