(state []byte, ticketKeys []ticketKey)
| 323 | } |
| 324 | |
| 325 | func (c *Config) encryptTicket(state []byte, ticketKeys []ticketKey) ([]byte, error) { |
| 326 | if len(ticketKeys) == 0 { |
| 327 | return nil, errors.New("tls: internal error: session ticket keys unavailable") |
| 328 | } |
| 329 | |
| 330 | encrypted := make([]byte, aes.BlockSize+len(state)+sha256.Size) |
| 331 | iv := encrypted[:aes.BlockSize] |
| 332 | ciphertext := encrypted[aes.BlockSize : len(encrypted)-sha256.Size] |
| 333 | authenticated := encrypted[:len(encrypted)-sha256.Size] |
| 334 | macBytes := encrypted[len(encrypted)-sha256.Size:] |
| 335 | |
| 336 | if _, err := io.ReadFull(c.rand(), iv); err != nil { |
| 337 | return nil, err |
| 338 | } |
| 339 | key := ticketKeys[0] |
| 340 | block, err := aes.NewCipher(key.aesKey[:]) |
| 341 | if err != nil { |
| 342 | return nil, errors.New("tls: failed to create cipher while encrypting ticket: " + err.Error()) |
| 343 | } |
| 344 | cipher.NewCTR(block, iv).XORKeyStream(ciphertext, state) |
| 345 | |
| 346 | mac := hmac.New(sha256.New, key.hmacKey[:]) |
| 347 | mac.Write(authenticated) |
| 348 | mac.Sum(macBytes[:0]) |
| 349 | |
| 350 | return encrypted, nil |
| 351 | } |
| 352 | |
| 353 | // DecryptTicket decrypts a ticket encrypted by [Config.EncryptTicket]. It can |
| 354 | // be used as a [Config.UnwrapSession] implementation. |
no test coverage detected