| 113 | } |
| 114 | |
| 115 | encrypt(plain) { |
| 116 | const type = plain.slice(0, 1); |
| 117 | const version = plain.slice(1, 3); |
| 118 | const nonce = crypto.randomBytes(8); |
| 119 | const iv = Buffer.concat([this.client_writeIV.slice(0, 4), nonce]); |
| 120 | const bob = crypto.createCipheriv('aes-128-gcm', this.client_writeKey, iv); |
| 121 | const write_seq = Buffer.alloc(8); |
| 122 | write_seq.writeUInt32BE(this.write_seq++, 4); |
| 123 | const aad = Buffer.concat([write_seq, plain.slice(0, 5)]); |
| 124 | bob.setAAD(aad); |
| 125 | const encrypted1 = bob.update(plain.slice(5)); |
| 126 | const encrypted = Buffer.concat([encrypted1, bob.final()]); |
| 127 | const tag = bob.getAuthTag(); |
| 128 | const length = Buffer.alloc(2); |
| 129 | length.writeUInt16BE(nonce.length + encrypted.length + tag.length, 0); |
| 130 | return Buffer.concat([type, version, length, nonce, encrypted, tag]); |
| 131 | } |
| 132 | } |
| 133 | |
| 134 | function addRecordHeader(type, frame) { |