src/pkg/crypto/tls/record_write.go - go - Git at Google

 // Copyright 2009 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.

 package tls

 import (
 	"fmt";
 	"hash";
 	"io";
 )

 // writerEnableApplicationData is a message which instructs recordWriter to
 // start reading and transmitting data from the application data channel.
 type writerEnableApplicationData struct{}

 // writerChangeCipherSpec updates the encryption and MAC functions and resets
 // the sequence count.
 type writerChangeCipherSpec struct {
 	encryptor	encryptor;
 	mac		hash.Hash;
 }

 // writerSetVersion sets the version number bytes that we included in the
 // record header for future records.
 type writerSetVersion struct {
 	major, minor uint8;
 }

 // A recordWriter accepts messages from the handshake processor and
 // application data. It writes them to the outgoing connection and blocks on
 // writing. It doesn't read from the application data channel until the
 // handshake processor has signaled that the handshake is complete.
 type recordWriter struct {
 	writer		io.Writer;
 	encryptor	encryptor;
 	mac		hash.Hash;
 	seqNum		uint64;
 	major, minor	uint8;
 	shutdown	bool;
 	appChan		<-chan []byte;
 	controlChan	<-chan interface{};
 	header		[13]byte;
 }

 func (w *recordWriter) loop(writer io.Writer, appChan <-chan []byte, controlChan <-chan interface{}) {
 	w.writer = writer;
 	w.encryptor = nop{};
 	w.mac = nop{};
 	w.appChan = appChan;
 	w.controlChan = controlChan;

 	for !w.shutdown {
 		msg := <-controlChan;
 		if _, ok := msg.(writerEnableApplicationData); ok {
 			break
 		}
 		w.processControlMessage(msg);
 	}

 	for !w.shutdown {
 		// Always process control messages first.
 		if controlMsg, ok := <-controlChan; ok {
 			w.processControlMessage(controlMsg);
 			continue;
 		}

 		select {
 		case controlMsg := <-controlChan:
 			w.processControlMessage(controlMsg)
 		case appMsg := <-appChan:
 			w.processAppMessage(appMsg)
 		}
 	}

 	if !closed(appChan) {
 		go func() {
 			for _ = range appChan {
 			}
 		}()
 	}
 	if !closed(controlChan) {
 		go func() {
 			for _ = range controlChan {
 			}
 		}()
 	}
 }

 // fillMACHeader generates a MAC header. See RFC 4346, section 6.2.3.1.
 func fillMACHeader(header *[13]byte, seqNum uint64, length int, r *record) {
 	header[0] = uint8(seqNum >> 56);
 	header[1] = uint8(seqNum >> 48);
 	header[2] = uint8(seqNum >> 40);
 	header[3] = uint8(seqNum >> 32);
 	header[4] = uint8(seqNum >> 24);
 	header[5] = uint8(seqNum >> 16);
 	header[6] = uint8(seqNum >> 8);
 	header[7] = uint8(seqNum);
 	header[8] = uint8(r.contentType);
 	header[9] = r.major;
 	header[10] = r.minor;
 	header[11] = uint8(length >> 8);
 	header[12] = uint8(length);
 }

 func (w *recordWriter) writeRecord(r *record) {
 	w.mac.Reset();

 	fillMACHeader(&w.header, w.seqNum, len(r.payload), r);

 	w.mac.Write(w.header[0:13]);
 	w.mac.Write(r.payload);
 	macBytes := w.mac.Sum();

 	w.encryptor.XORKeyStream(r.payload);
 	w.encryptor.XORKeyStream(macBytes);

 	length := len(r.payload) + len(macBytes);
 	w.header[11] = uint8(length >> 8);
 	w.header[12] = uint8(length);
 	w.writer.Write(w.header[8:13]);
 	w.writer.Write(r.payload);
 	w.writer.Write(macBytes);

 	w.seqNum++;
 }

 func (w *recordWriter) processControlMessage(controlMsg interface{}) {
 	if controlMsg == nil {
 		w.shutdown = true;
 		return;
 	}

 	switch msg := controlMsg.(type) {
 	case writerChangeCipherSpec:
 		w.writeRecord(&record{recordTypeChangeCipherSpec, w.major, w.minor, []byte{0x01}});
 		w.encryptor = msg.encryptor;
 		w.mac = msg.mac;
 		w.seqNum = 0;
 	case writerSetVersion:
 		w.major = msg.major;
 		w.minor = msg.minor;
 	case alert:
 		w.writeRecord(&record{recordTypeAlert, w.major, w.minor, []byte{byte(msg.level), byte(msg.error)}})
 	case handshakeMessage:
 		// TODO(agl): marshal may return a slice too large for a single record.
 		w.writeRecord(&record{recordTypeHandshake, w.major, w.minor, msg.marshal()})
 	default:
 		fmt.Printf("processControlMessage: unknown %#v\n", msg)
 	}
 }

 func (w *recordWriter) processAppMessage(appMsg []byte) {
 	if closed(w.appChan) {
 		w.writeRecord(&record{recordTypeApplicationData, w.major, w.minor, []byte{byte(alertCloseNotify)}});
 		w.shutdown = true;
 		return;
 	}

 	var done int;
 	for done < len(appMsg) {
 		todo := len(appMsg);
 		if todo > maxTLSPlaintext {
 			todo = maxTLSPlaintext
 		}
 		w.writeRecord(&record{recordTypeApplicationData, w.major, w.minor, appMsg[done : done+todo]});
 		done += todo;
 	}
 }
	// Copyright 2009 The Go Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style
	// license that can be found in the LICENSE file.

	package tls

	import (
	"fmt";
	"hash";
	"io";
	)

	// writerEnableApplicationData is a message which instructs recordWriter to
	// start reading and transmitting data from the application data channel.
	type writerEnableApplicationData struct{}

	// writerChangeCipherSpec updates the encryption and MAC functions and resets
	// the sequence count.
	type writerChangeCipherSpec struct {
	encryptor encryptor;
	mac hash.Hash;
	}

	// writerSetVersion sets the version number bytes that we included in the
	// record header for future records.
	type writerSetVersion struct {
	major, minor uint8;
	}

	// A recordWriter accepts messages from the handshake processor and
	// application data. It writes them to the outgoing connection and blocks on
	// writing. It doesn't read from the application data channel until the
	// handshake processor has signaled that the handshake is complete.
	type recordWriter struct {
	writer io.Writer;
	encryptor encryptor;
	mac hash.Hash;
	seqNum uint64;
	major, minor uint8;
	shutdown bool;
	appChan <-chan []byte;
	controlChan <-chan interface{};
	header [13]byte;
	}

	func (w *recordWriter) loop(writer io.Writer, appChan <-chan []byte, controlChan <-chan interface{}) {
	w.writer = writer;
	w.encryptor = nop{};
	w.mac = nop{};
	w.appChan = appChan;
	w.controlChan = controlChan;

	for !w.shutdown {
	msg := <-controlChan;
	if _, ok := msg.(writerEnableApplicationData); ok {
	break
	}
	w.processControlMessage(msg);
	}

	for !w.shutdown {
	// Always process control messages first.
	if controlMsg, ok := <-controlChan; ok {
	w.processControlMessage(controlMsg);
	continue;
	}

	select {
	case controlMsg := <-controlChan:
	w.processControlMessage(controlMsg)
	case appMsg := <-appChan:
	w.processAppMessage(appMsg)
	}
	}

	if !closed(appChan) {
	go func() {
	for _ = range appChan {
	}
	}()
	}
	if !closed(controlChan) {
	go func() {
	for _ = range controlChan {
	}
	}()
	}
	}

	// fillMACHeader generates a MAC header. See RFC 4346, section 6.2.3.1.
	func fillMACHeader(header [13]byte, seqNum uint64, length int, r record) {
	header[0] = uint8(seqNum >> 56);
	header[1] = uint8(seqNum >> 48);
	header[2] = uint8(seqNum >> 40);
	header[3] = uint8(seqNum >> 32);
	header[4] = uint8(seqNum >> 24);
	header[5] = uint8(seqNum >> 16);
	header[6] = uint8(seqNum >> 8);
	header[7] = uint8(seqNum);
	header[8] = uint8(r.contentType);
	header[9] = r.major;
	header[10] = r.minor;
	header[11] = uint8(length >> 8);
	header[12] = uint8(length);
	}

	func (w recordWriter) writeRecord(r record) {
	w.mac.Reset();

	fillMACHeader(&w.header, w.seqNum, len(r.payload), r);

	w.mac.Write(w.header[0:13]);
	w.mac.Write(r.payload);
	macBytes := w.mac.Sum();

	w.encryptor.XORKeyStream(r.payload);
	w.encryptor.XORKeyStream(macBytes);

	length := len(r.payload) + len(macBytes);
	w.header[11] = uint8(length >> 8);
	w.header[12] = uint8(length);
	w.writer.Write(w.header[8:13]);
	w.writer.Write(r.payload);
	w.writer.Write(macBytes);

	w.seqNum++;
	}

	func (w *recordWriter) processControlMessage(controlMsg interface{}) {
	if controlMsg == nil {
	w.shutdown = true;
	return;
	}

	switch msg := controlMsg.(type) {
	case writerChangeCipherSpec:
	w.writeRecord(&record{recordTypeChangeCipherSpec, w.major, w.minor, []byte{0x01}});
	w.encryptor = msg.encryptor;
	w.mac = msg.mac;
	w.seqNum = 0;
	case writerSetVersion:
	w.major = msg.major;
	w.minor = msg.minor;
	case alert:
	w.writeRecord(&record{recordTypeAlert, w.major, w.minor, []byte{byte(msg.level), byte(msg.error)}})
	case handshakeMessage:
	// TODO(agl): marshal may return a slice too large for a single record.
	w.writeRecord(&record{recordTypeHandshake, w.major, w.minor, msg.marshal()})
	default:
	fmt.Printf("processControlMessage: unknown %#v\n", msg)
	}
	}

	func (w *recordWriter) processAppMessage(appMsg []byte) {
	if closed(w.appChan) {
	w.writeRecord(&record{recordTypeApplicationData, w.major, w.minor, []byte{byte(alertCloseNotify)}});
	w.shutdown = true;
	return;
	}

	var done int;
	for done < len(appMsg) {
	todo := len(appMsg);
	if todo > maxTLSPlaintext {
	todo = maxTLSPlaintext
	}
	w.writeRecord(&record{recordTypeApplicationData, w.major, w.minor, appMsg[done : done+todo]});
	done += todo;
	}
	}