diff --git a/lib/std/crypto/tls.zig b/lib/std/crypto/tls.zig index 09a22f9a23..12401bff35 100644 --- a/lib/std/crypto/tls.zig +++ b/lib/std/crypto/tls.zig @@ -227,7 +227,7 @@ pub const CertificateType = enum(u8) { _, }; -pub fn CipherParamsT(comptime AeadType: type, comptime HashType: type) type { +pub fn HandshakeCipherT(comptime AeadType: type, comptime HashType: type) type { return struct { pub const AEAD = AeadType; pub const Hash = HashType; @@ -246,12 +246,12 @@ pub fn CipherParamsT(comptime AeadType: type, comptime HashType: type) type { }; } -pub const CipherParams = union(enum) { - AES_128_GCM_SHA256: CipherParamsT(crypto.aead.aes_gcm.Aes128Gcm, crypto.hash.sha2.Sha256), - AES_256_GCM_SHA384: CipherParamsT(crypto.aead.aes_gcm.Aes256Gcm, crypto.hash.sha2.Sha384), - CHACHA20_POLY1305_SHA256: CipherParamsT(crypto.aead.chacha_poly.ChaCha20Poly1305, crypto.hash.sha2.Sha256), - AEGIS_256_SHA384: CipherParamsT(crypto.aead.aegis.Aegis256, crypto.hash.sha2.Sha384), - AEGIS_128L_SHA256: CipherParamsT(crypto.aead.aegis.Aegis128L, crypto.hash.sha2.Sha256), +pub const HandshakeCipher = union(enum) { + AES_128_GCM_SHA256: HandshakeCipherT(crypto.aead.aes_gcm.Aes128Gcm, crypto.hash.sha2.Sha256), + AES_256_GCM_SHA384: HandshakeCipherT(crypto.aead.aes_gcm.Aes256Gcm, crypto.hash.sha2.Sha384), + CHACHA20_POLY1305_SHA256: HandshakeCipherT(crypto.aead.chacha_poly.ChaCha20Poly1305, crypto.hash.sha2.Sha256), + AEGIS_256_SHA384: HandshakeCipherT(crypto.aead.aegis.Aegis256, crypto.hash.sha2.Sha384), + AEGIS_128L_SHA256: HandshakeCipherT(crypto.aead.aegis.Aegis128L, crypto.hash.sha2.Sha256), }; pub fn ApplicationCipherT(comptime AeadType: type, comptime HashType: type) type { diff --git a/lib/std/crypto/tls/Client.zig b/lib/std/crypto/tls/Client.zig index 52ab1a55fa..eb1b1b80bc 100644 --- a/lib/std/crypto/tls/Client.zig +++ b/lib/std/crypto/tls/Client.zig @@ -11,7 +11,7 @@ const ApplicationCipher = tls.ApplicationCipher; const CipherSuite = tls.CipherSuite; const ContentType = tls.ContentType; const HandshakeType = tls.HandshakeType; -const CipherParams = tls.CipherParams; +const HandshakeCipher = tls.HandshakeCipher; const max_ciphertext_len = tls.max_ciphertext_len; const hkdfExpandLabel = tls.hkdfExpandLabel; const int2 = tls.int2; @@ -117,7 +117,7 @@ pub fn init(stream: net.Stream, ca_bundle: crypto.CertificateBundle, host: []con const client_hello_bytes1 = plaintext_header[5..]; - var cipher_params: CipherParams = undefined; + var handshake_cipher: HandshakeCipher = undefined; var handshake_buf: [8000]u8 = undefined; var len: usize = 0; @@ -243,8 +243,8 @@ pub fn init(stream: net.Stream, ca_bundle: crypto.CertificateBundle, host: []con .AEGIS_256_SHA384, .AEGIS_128L_SHA256, => |tag| { - const P = std.meta.TagPayloadByName(CipherParams, @tagName(tag)); - cipher_params = @unionInit(CipherParams, @tagName(tag), .{ + const P = std.meta.TagPayloadByName(HandshakeCipher, @tagName(tag)); + handshake_cipher = @unionInit(HandshakeCipher, @tagName(tag), .{ .handshake_secret = undefined, .master_secret = undefined, .client_handshake_key = undefined, @@ -255,7 +255,7 @@ pub fn init(stream: net.Stream, ca_bundle: crypto.CertificateBundle, host: []con .server_handshake_iv = undefined, .transcript_hash = P.Hash.init(.{}), }); - const p = &@field(cipher_params, @tagName(tag)); + const p = &@field(handshake_cipher, @tagName(tag)); p.transcript_hash.update(client_hello_bytes1); // Client Hello part 1 p.transcript_hash.update(host); // Client Hello part 2 p.transcript_hash.update(frag); // Server Hello @@ -329,7 +329,7 @@ pub fn init(stream: net.Stream, ca_bundle: crypto.CertificateBundle, host: []con }, .application_data => { var cleartext_buf: [8000]u8 = undefined; - const cleartext = switch (cipher_params) { + const cleartext = switch (handshake_cipher) { inline else => |*p| c: { const P = @TypeOf(p.*); const ciphertext_len = record_size - P.AEAD.tag_length; @@ -366,7 +366,7 @@ pub fn init(stream: net.Stream, ca_bundle: crypto.CertificateBundle, host: []con const handshake = cleartext[ct_i..next_handshake_i]; switch (handshake_type) { @enumToInt(HandshakeType.encrypted_extensions) => { - switch (cipher_params) { + switch (handshake_cipher) { inline else => |*p| p.transcript_hash.update(wrapped_handshake), } const total_ext_size = mem.readIntBig(u16, handshake[0..2]); @@ -390,7 +390,7 @@ pub fn init(stream: net.Stream, ca_bundle: crypto.CertificateBundle, host: []con } }, @enumToInt(HandshakeType.certificate) => cert: { - switch (cipher_params) { + switch (handshake_cipher) { inline else => |*p| p.transcript_hash.update(wrapped_handshake), } if (validated_cert) break :cert; @@ -445,7 +445,7 @@ pub fn init(stream: net.Stream, ca_bundle: crypto.CertificateBundle, host: []con } }, @enumToInt(HandshakeType.certificate_verify) => { - switch (cipher_params) { + switch (handshake_cipher) { inline else => |*p| p.transcript_hash.update(wrapped_handshake), } std.debug.print("ignoring certificate_verify\n", .{}); @@ -458,7 +458,7 @@ pub fn init(stream: net.Stream, ca_bundle: crypto.CertificateBundle, host: []con 0x00, 0x01, // length 0x01, }; - const app_cipher = switch (cipher_params) { + const app_cipher = switch (handshake_cipher) { inline else => |*p, tag| c: { const P = @TypeOf(p.*); const finished_digest = p.transcript_hash.peek();