On Thu, Jun 27, 2019 at 05:40:19PM -0400, Yishuai Li wrote: > > RFC 8446 Section 4 Page 23 says: > > > Handshake messages are supplied to the TLS record layer, where they are > > encapsulated within one or more TLSPlaintext or TLSCiphertext structures > > which > > are processed and transmitted as specified by the current active connection > > state. > > RFC 8448 Section 3 Page 8 sends a handshake record, with content type > application_data (0x17). Should I read it as: "The handshake record is > encapsulated within a TLSCiphertext"? > > 1. If yes, RFC 8446 Section 5.2 Page 80 says: > > > encrypted_record: The AEAD-encrypted form of the serialized > > TLSInnerPlaintext structure. > > However, the payload does not follow the structure of TLSInnerPlaintext > (RFC > 8446 Section 5.2 Page 79), but that of Handshake (RFC 8446 Section 4 Page > 24) instead. > > 2. If no, which section of RFC8446 specifies the complete record?
The payload shown is TLSInnerPlaintext.content. It gets processed as follows: 1) 0x16 byte is appended to plaintext to yield TLSInnerPlaintext (since this is encrypted handshake message), together with 0 trailing zeroes (for padding, there could be more). 2) The TLSInnerPlaintext is AEAD-encrypted 3) The record header is prepended (with application_data type, since it is encrypted). Note that the size difference between payload and record is 22 bytes: - 5 bytes for the record header (0x17 0x03 0x03 0x02 0xa2). - 1 byte for the encrypted record type (whatever 0x16 encrypts to) - 0 bytes for padding - 16 bytes for the AES-GCM tag. Exactly matching the amount expected. -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
