private static void EncryptRecord(CipherSuite cipherSuite, Record record, ICryptoTransform cipher, byte[] nonceExplicit)
{
BulkCipherAlgorithmType cipherType = cipherSuite.BulkCipherAlgorithm.Type;
int recordIVLength = cipherSuite.BulkCipherAlgorithm.RecordIVLength;
// Add explicit IV if required by protocol version
if (cipherType == BulkCipherAlgorithmType.Block && record.Version.HasExplicitIV) {
byte[] explicitIV = new byte[recordIVLength];
RNGCryptoServiceProvider rngCsp = new RNGCryptoServiceProvider();
rngCsp.GetBytes(explicitIV);
// Replace the fragment with a new fragment including explicit IV
byte[] fragment = new byte[explicitIV.Length + record.Fragment.Length];
Buffer.BlockCopy(explicitIV, 0, fragment, 0, explicitIV.Length);
Buffer.BlockCopy(record.Fragment, 0, fragment, explicitIV.Length, record.Fragment.Length);
record.Fragment = fragment;
}
// Replace the unencrypted fragment with the encrypted fragment
record.Fragment = TransformRecordBytes(cipherType, cipher, record.Fragment);
// Add explicit part of the nonce if using AEAD
if (cipherType == BulkCipherAlgorithmType.AEAD) {
byte[] fragment = new byte[nonceExplicit.Length + record.Fragment.Length];
Buffer.BlockCopy(nonceExplicit, 0, fragment, 0, nonceExplicit.Length);
Buffer.BlockCopy(record.Fragment, 0, fragment, nonceExplicit.Length, record.Fragment.Length);
record.Fragment = fragment;
}
}