Implement actual encryption

Author: bjorn3

src/key_exchange.rs

@@ -2,7 +2,7 @@ use std::str;
 
 use aws_lc_rs::{
     agreement::{self, EphemeralPrivateKey, UnparsedPublicKey, X25519},
-    cipher::{StreamingDecryptingKey, UnboundCipherKey, AES_128},
+    cipher::{StreamingDecryptingKey, StreamingEncryptingKey, UnboundCipherKey, AES_128},
     digest, hmac,
     rand::{self, SystemRandom},
     signature::KeyPair,
@@ -170,6 +170,26 @@ impl EcdhKeyExchange {
             ),
         );
 
+        conn.stream_write.set_encryption_key(
+            StreamingEncryptingKey::less_safe_ctr(
+                UnboundCipherKey::new(
+                    &AES_128,
+                    &raw_keys.server_to_client.encryption_key.as_ref()[..16],
+                )
+                .unwrap(),
+                aws_lc_rs::cipher::EncryptionContext::Iv128(
+                    raw_keys.server_to_client.initial_iv.as_ref()[..16]
+                        .try_into()
+                        .unwrap(),
+                ),
+            )
+            .unwrap(),
+            hmac::Key::new(
+                hmac::HMAC_SHA256,
+                &raw_keys.server_to_client.integrity_key.as_ref()[..32],
+            ),
+        );
+
         Ok(())
     }
 }
@@ -581,7 +601,6 @@ impl<'a, T: From<&'a str>> Decode<'a> for Vec<T> {
 /// The raw hashes from which we will derive the crypto keys.
 ///
 /// <https://www.rfc-editor.org/rfc/rfc4253#section-7.2>
-#[expect(dead_code)] // FIXME implement encryption/decryption and MAC
 struct RawKeySet {
     client_to_server: RawKeys,
     server_to_client: RawKeys,

src/proto.rs

@@ -289,6 +289,14 @@ impl<W: AsyncWriteExt + Unpin> EncryptingWriter<W> {
         Ok(())
     }
 
+    pub(crate) fn set_encryption_key(
+        &mut self,
+        encryption_key: StreamingEncryptingKey,
+        integrity_key: hmac::Key,
+    ) {
+        self.encryption_key = Some((encryption_key, integrity_key));
+    }
+
     /// Write a packet. Returns written [`Packet`].
     pub(crate) async fn write_packet(
         &mut self,
@@ -301,11 +309,29 @@ impl<W: AsyncWriteExt + Unpin> EncryptingWriter<W> {
         let packet_number = self.packet_number;
         self.packet_number = self.packet_number.wrapping_add(1);
 
+        let packet = Packet::builder(&mut self.buf).with_payload(payload);
+        update_exchange_hash(packet.payload()?);
+
         if let Some((encryption_key, integrity_key)) = &mut self.encryption_key {
-            todo!()
+            let block_len = encryption_key.algorithm().block_len();
+
+            let data = packet.without_mac()?;
+
+            self.encrypted_buf.resize(data.len() + block_len, 0);
+            let update = encryption_key
+                .update(data, &mut self.encrypted_buf)
+                .unwrap();
+            assert_eq!(update.remainder().len(), block_len);
+            self.encrypted_buf.truncate(data.len());
+
+            let mut hmac_ctx = hmac::Context::with_key(integrity_key);
+            hmac_ctx.update(&packet_number.to_be_bytes());
+            hmac_ctx.update(data);
+            let mac = hmac_ctx.sign();
+            self.encrypted_buf.extend_from_slice(mac.as_ref());
+
+            self.stream.write_all(&self.encrypted_buf).await?;
         } else {
-            let packet = Packet::builder(&mut self.buf).with_payload(payload);
-            update_exchange_hash(packet.payload()?);
             self.stream.write_all(packet.without_mac()?).await?;
         };
 
@@ -430,8 +456,6 @@ impl<'a> PacketBuilderWithPayload<'a> {
             }
         }
 
-        buf.extend_from_slice(&[]); // mac
-
         let packet_len = (buf.len() - start - 4) as u32;
         if let Some(packet_length_dst) = buf.get_mut(start..start + 4) {
             packet_length_dst.copy_from_slice(&packet_len.to_be_bytes());