Split and implement `OutgoingOpaqueMessage`

rustls/src/common_state.rs

@@ -8,9 +8,7 @@ use crate::msgs::enums::{AlertLevel, KeyUpdateRequest};
 use crate::msgs::fragmenter::MessageFragmenter;
 use crate::msgs::handshake::CertificateChain;
 use crate::msgs::message::MessagePayload;
-use crate::msgs::message::{
-    BorrowedPlainMessage, Message, OpaqueMessage, OutgoingOpaqueMessage, PlainMessage,
-};
+use crate::msgs::message::{BorrowedPlainMessage, Message, OutgoingOpaqueMessage, PlainMessage};
 use crate::quic;
 use crate::record_layer;
 use crate::suites::PartiallyExtractedSecrets;
@@ -373,7 +371,7 @@ impl CommonState {
 
     // Put m into sendable_tls for writing.
     fn queue_tls_message(&mut self, m: OutgoingOpaqueMessage) {
-        self.sendable_tls.append(m.encode());
+        self.sendable_tls.append(m.into_bytes());
     }
 
     /// Send a raw TLS message, fragmenting it if needed.
@@ -563,7 +561,7 @@ impl CommonState {
         self.queued_key_update_message = Some(
             self.record_layer
                 .encrypt_outgoing(message.borrow())
-                .encode(),
+                .into_bytes(),
         );
     }
 

rustls/src/crypto/aws_lc_rs/tls12.rs

@@ -300,16 +300,16 @@ impl MessageEncrypter for GcmMessageEncrypter {
         let aad = aead::Aad::from(make_tls12_aad(seq, msg.typ, msg.version, msg.payload.len()));
 
         let total_len = self.encrypted_payload_len(msg.payload.len());
-        let mut payload = Vec::with_capacity(total_len);
-        payload.extend_from_slice(&nonce.as_ref()[4..]);
-        payload.extend_from_slice(msg.payload);
+        let mut out = OutgoingOpaqueMessage::new(msg.typ, msg.version, total_len);
+        out.extend_from_slice(&nonce.as_ref()[4..]);
+        out.extend_from_slice(msg.payload);
 
         self.enc_key
-            .seal_in_place_separate_tag(nonce, aad, &mut payload[GCM_EXPLICIT_NONCE_LEN..])
-            .map(|tag| payload.extend(tag.as_ref()))
+            .seal_in_place_separate_tag(nonce, aad, &mut out.as_mut()[GCM_EXPLICIT_NONCE_LEN..])
+            .map(|tag| out.extend_from_slice(tag.as_ref()))
             .map_err(|_| Error::EncryptError)?;
 
-        Ok(OutgoingOpaqueMessage::new(msg.typ, msg.version, payload))
+        Ok(out)
     }
 
     fn encrypted_payload_len(&self, payload_len: usize) -> usize {
@@ -377,14 +377,14 @@ impl MessageEncrypter for ChaCha20Poly1305MessageEncrypter {
         let aad = aead::Aad::from(make_tls12_aad(seq, msg.typ, msg.version, msg.payload.len()));
 
         let total_len = self.encrypted_payload_len(msg.payload.len());
-        let mut buf = Vec::with_capacity(total_len);
-        buf.extend_from_slice(msg.payload);
+        let mut out = OutgoingOpaqueMessage::new(msg.typ, msg.version, total_len);
+        out.extend_from_slice(msg.payload);
 
         self.enc_key
-            .seal_in_place_append_tag(nonce, aad, &mut buf)
+            .seal_in_place_append_tag(nonce, aad, &mut out)
             .map_err(|_| Error::EncryptError)?;
 
-        Ok(OutgoingOpaqueMessage::new(msg.typ, msg.version, buf))
+        Ok(out)
     }
 
     fn encrypted_payload_len(&self, payload_len: usize) -> usize {

rustls/src/crypto/aws_lc_rs/tls13.rs

@@ -216,23 +216,23 @@ impl MessageEncrypter for AeadMessageEncrypter {
         seq: u64,
     ) -> Result<OutgoingOpaqueMessage, Error> {
         let total_len = self.encrypted_payload_len(msg.payload.len());
-        let mut payload = Vec::with_capacity(total_len);
-        payload.extend_from_slice(msg.payload);
-        msg.typ.encode(&mut payload);
-
-        let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.iv, seq).0);
-        let aad = aead::Aad::from(make_tls13_aad(total_len));
-        self.enc_key
-            .seal_in_place_append_tag(nonce, aad, &mut payload)
-            .map_err(|_| Error::EncryptError)?;
-
-        Ok(OutgoingOpaqueMessage::new(
+        let mut out = OutgoingOpaqueMessage::new(
             ContentType::ApplicationData,
             // Note: all TLS 1.3 application data records use TLSv1_2 (0x0303) as the legacy record
             // protocol version, see https://www.rfc-editor.org/rfc/rfc8446#section-5.1
             ProtocolVersion::TLSv1_2,
-            payload,
-        ))
+            total_len,
+        );
+        out.extend_from_slice(msg.payload);
+        out.extend_from_slice(&[msg.typ.get_u8()]);
+
+        let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.iv, seq).0);
+        let aad = aead::Aad::from(make_tls13_aad(total_len));
+        self.enc_key
+            .seal_in_place_append_tag(nonce, aad, &mut out)
+            .map_err(|_| Error::EncryptError)?;
+
+        Ok(out)
     }
 
     fn encrypted_payload_len(&self, payload_len: usize) -> usize {
@@ -271,22 +271,22 @@ impl MessageEncrypter for GcmMessageEncrypter {
         msg: BorrowedPlainMessage,
         seq: u64,
     ) -> Result<OutgoingOpaqueMessage, Error> {
-        let total_len = msg.payload.len() + 1 + self.enc_key.algorithm().tag_len();
-        let mut payload = Vec::with_capacity(total_len);
-        payload.extend_from_slice(msg.payload);
-        msg.typ.encode(&mut payload);
+        let total_len = self.encrypted_payload_len(msg.payload.len());
+        let mut out = OutgoingOpaqueMessage::new(
+            ContentType::ApplicationData,
+            ProtocolVersion::TLSv1_2,
+            total_len,
+        );
+        out.extend_from_slice(msg.payload);
+        out.extend_from_slice(&[msg.typ.get_u8()]);
 
         let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.iv, seq).0);
         let aad = aead::Aad::from(make_tls13_aad(total_len));
         self.enc_key
-            .seal_in_place_append_tag(nonce, aad, &mut payload)
+            .seal_in_place_append_tag(nonce, aad, &mut out)
             .map_err(|_| Error::EncryptError)?;
 
-        Ok(OutgoingOpaqueMessage::new(
-            ContentType::ApplicationData,
-            ProtocolVersion::TLSv1_2,
-            payload,
-        ))
+        Ok(out)
     }
 
     fn encrypted_payload_len(&self, payload_len: usize) -> usize {

rustls/src/crypto/ring/tls12.rs

@@ -285,16 +285,16 @@ impl MessageEncrypter for GcmMessageEncrypter {
         let aad = aead::Aad::from(make_tls12_aad(seq, msg.typ, msg.version, msg.payload.len()));
 
         let total_len = self.encrypted_payload_len(msg.payload.len());
-        let mut payload = Vec::with_capacity(total_len);
-        payload.extend_from_slice(&nonce.as_ref()[4..]);
-        payload.extend_from_slice(msg.payload);
+        let mut out = OutgoingOpaqueMessage::new(msg.typ, msg.version, total_len);
+        out.extend_from_slice(&nonce.as_ref()[4..]);
+        out.extend_from_slice(msg.payload);
 
         self.enc_key
-            .seal_in_place_separate_tag(nonce, aad, &mut payload[GCM_EXPLICIT_NONCE_LEN..])
-            .map(|tag| payload.extend(tag.as_ref()))
+            .seal_in_place_separate_tag(nonce, aad, &mut out.as_mut()[GCM_EXPLICIT_NONCE_LEN..])
+            .map(|tag| out.extend_from_slice(tag.as_ref()))
             .map_err(|_| Error::EncryptError)?;
 
-        Ok(OutgoingOpaqueMessage::new(msg.typ, msg.version, payload))
+        Ok(out)
     }
 
     fn encrypted_payload_len(&self, payload_len: usize) -> usize {
@@ -362,14 +362,14 @@ impl MessageEncrypter for ChaCha20Poly1305MessageEncrypter {
         let aad = aead::Aad::from(make_tls12_aad(seq, msg.typ, msg.version, msg.payload.len()));
 
         let total_len = self.encrypted_payload_len(msg.payload.len());
-        let mut buf = Vec::with_capacity(total_len);
-        buf.extend_from_slice(msg.payload);
+        let mut out = OutgoingOpaqueMessage::new(msg.typ, msg.version, total_len);
+        out.extend_from_slice(msg.payload);
 
         self.enc_key
-            .seal_in_place_append_tag(nonce, aad, &mut buf)
+            .seal_in_place_append_tag(nonce, aad, &mut out)
             .map_err(|_| Error::EncryptError)?;
 
-        Ok(OutgoingOpaqueMessage::new(msg.typ, msg.version, buf))
+        Ok(out)
     }
 
     fn encrypted_payload_len(&self, payload_len: usize) -> usize {

rustls/src/crypto/ring/tls13.rs

@@ -188,23 +188,23 @@ impl MessageEncrypter for Tls13MessageEncrypter {
         seq: u64,
     ) -> Result<OutgoingOpaqueMessage, Error> {
         let total_len = self.encrypted_payload_len(msg.payload.len());
-        let mut payload = Vec::with_capacity(total_len);
-        payload.extend_from_slice(msg.payload);
-        msg.typ.encode(&mut payload);
-
-        let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.iv, seq).0);
-        let aad = aead::Aad::from(make_tls13_aad(total_len));
-        self.enc_key
-            .seal_in_place_append_tag(nonce, aad, &mut payload)
-            .map_err(|_| Error::EncryptError)?;
-
-        Ok(OutgoingOpaqueMessage::new(
+        let mut out = OutgoingOpaqueMessage::new(
             ContentType::ApplicationData,
             // Note: all TLS 1.3 application data records use TLSv1_2 (0x0303) as the legacy record
             // protocol version, see https://www.rfc-editor.org/rfc/rfc8446#section-5.1
             ProtocolVersion::TLSv1_2,
-            payload,
-        ))
+            total_len,
+        );
+        out.extend_from_slice(msg.payload);
+        out.extend_from_slice(&[msg.typ.get_u8()]);
+
+        let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.iv, seq).0);
+        let aad = aead::Aad::from(make_tls13_aad(total_len));
+        self.enc_key
+            .seal_in_place_append_tag(nonce, aad, &mut out)
+            .map_err(|_| Error::EncryptError)?;
+
+        Ok(out)
     }
 
     fn encrypted_payload_len(&self, payload_len: usize) -> usize {

rustls/src/msgs/message.rs

@@ -72,7 +72,46 @@ impl MessagePayload {
 }
 
 /// A TLS frame in the process of being sent, named TLSPlaintext in the standard.
-pub type OutgoingOpaqueMessage = OpaqueMessage;
+///
+/// This is stored pre-encoded.
+pub struct OutgoingOpaqueMessage(Vec<u8>);
+
+impl OutgoingOpaqueMessage {
+    /// Encode a new `OutgoingOpaqueMessage` from the header items.
+    ///
+    /// On exit, the interior `Vec` has a capacity of `body_len` plus `OpaqueMessage::HEADER_SIZE` bytes,
+    /// and has a size of `OpaqueMessage::HEADER_SIZE`.
+    ///
+    /// The caller must then append exactly `body_len` bytes.
+    pub fn new(typ: ContentType, version: ProtocolVersion, body_len: usize) -> Self {
+        let mut buf =
+            Vec::with_capacity(body_len.saturating_add(OpaqueMessage::HEADER_SIZE as usize));
+        typ.encode(&mut buf);
+        version.encode(&mut buf);
+        (body_len as u16).encode(&mut buf);
+        Self(buf)
+    }
+
+    pub fn extend_from_slice(&mut self, slice: &[u8]) {
+        self.0.extend_from_slice(slice);
+    }
+
+    pub(crate) fn into_bytes(self) -> Vec<u8> {
+        self.0
+    }
+}
+
+impl<'a> Extend<&'a u8> for OutgoingOpaqueMessage {
+    fn extend<T: IntoIterator<Item = &'a u8>>(&mut self, iter: T) {
+        self.0.extend(iter);
+    }
+}
+
+impl AsMut<[u8]> for OutgoingOpaqueMessage {
+    fn as_mut(&mut self) -> &mut [u8] {
+        &mut self.0[OpaqueMessage::HEADER_SIZE as usize..]
+    }
+}
 
 /// A TLS frame, named TLSPlaintext in the standard.
 ///
@@ -263,12 +302,10 @@ pub struct PlainMessage {
 }
 
 impl PlainMessage {
-    pub fn into_unencrypted_opaque(self) -> OpaqueMessage {
-        OpaqueMessage {
-            version: self.version,
-            typ: self.typ,
-            payload: self.payload,
-        }
+    pub fn into_unencrypted_opaque(self) -> OutgoingOpaqueMessage {
+        let mut r = OutgoingOpaqueMessage::new(self.typ, self.version, self.payload.0.len());
+        r.extend_from_slice(&self.payload.0);
+        r
     }
 
     pub fn borrow(&self) -> BorrowedPlainMessage<'_> {
@@ -345,12 +382,10 @@ pub struct BorrowedPlainMessage<'a> {
 }
 
 impl<'a> BorrowedPlainMessage<'a> {
-    pub fn to_unencrypted_opaque(&self) -> OpaqueMessage {
-        OpaqueMessage {
-            version: self.version,
-            typ: self.typ,
-            payload: Payload(self.payload.to_vec()),
-        }
+    pub fn to_unencrypted_opaque(&self) -> OutgoingOpaqueMessage {
+        let mut r = OutgoingOpaqueMessage::new(self.typ, self.version, self.payload.len());
+        r.extend_from_slice(self.payload);
+        r
     }
 }