diff --git a/provider-example/src/aead.rs b/provider-example/src/aead.rs index 2c9d410442..1dac211920 100644 --- a/provider-example/src/aead.rs +++ b/provider-example/src/aead.rs @@ -83,7 +83,7 @@ impl cipher::MessageEncrypter for Tls13Cipher { m: cipher::BorrowedPlainMessage, seq: u64, ) -> Result { - let total_len = m.payload.len() + 1 + CHACHAPOLY1305_OVERHEAD; + let total_len = self.encrypted_payload_len(m.payload.len()); // construct a TLSInnerPlaintext let mut payload = Vec::with_capacity(total_len); @@ -104,6 +104,10 @@ impl cipher::MessageEncrypter for Tls13Cipher { ) }) } + + fn encrypted_payload_len(&self, payload_len: usize) -> usize { + payload_len + 1 + CHACHAPOLY1305_OVERHEAD + } } impl cipher::MessageDecrypter for Tls13Cipher { @@ -132,7 +136,7 @@ impl cipher::MessageEncrypter for Tls12Cipher { m: cipher::BorrowedPlainMessage, seq: u64, ) -> Result { - let total_len = m.payload.len() + CHACHAPOLY1305_OVERHEAD; + let total_len = self.encrypted_payload_len(m.payload.len()); let mut payload = Vec::with_capacity(total_len); payload.extend_from_slice(m.payload); @@ -145,6 +149,10 @@ impl cipher::MessageEncrypter for Tls12Cipher { .map_err(|_| rustls::Error::EncryptError) .map(|_| cipher::OpaqueMessage::new(m.typ, m.version, payload)) } + + fn encrypted_payload_len(&self, payload_len: usize) -> usize { + payload_len + CHACHAPOLY1305_OVERHEAD + } } impl cipher::MessageDecrypter for Tls12Cipher { diff --git a/rustls/src/crypto/cipher.rs b/rustls/src/crypto/cipher.rs index 9491c74dac..f8828b5424 100644 --- a/rustls/src/crypto/cipher.rs +++ b/rustls/src/crypto/cipher.rs @@ -132,6 +132,10 @@ pub trait MessageEncrypter: Send + Sync { /// Encrypt the given TLS message `msg`, using the sequence number /// `seq which can be used to derive a unique [`Nonce`]. fn encrypt(&self, msg: BorrowedPlainMessage, seq: u64) -> Result; + + /// Return the length of the ciphertext that results from encrypting plaintext of + /// length `payload_len` + fn encrypted_payload_len(&self, payload_len: usize) -> usize; } impl dyn MessageEncrypter { @@ -300,6 +304,10 @@ impl MessageEncrypter for InvalidMessageEncrypter { fn encrypt(&self, _m: BorrowedPlainMessage, _seq: u64) -> Result { Err(Error::EncryptError) } + + fn encrypted_payload_len(&self, payload_len: usize) -> usize { + payload_len + } } /// A `MessageDecrypter` which doesn't work. diff --git a/rustls/src/crypto/ring/tls12.rs b/rustls/src/crypto/ring/tls12.rs index c18bce7306..9a6e9d9d83 100644 --- a/rustls/src/crypto/ring/tls12.rs +++ b/rustls/src/crypto/ring/tls12.rs @@ -266,8 +266,8 @@ impl MessageEncrypter for GcmMessageEncrypter { let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.iv, seq).0); let aad = aead::Aad::from(make_tls12_aad(seq, msg.typ, msg.version, msg.payload.len())); - let total_len = msg.payload.len() + self.enc_key.algorithm().tag_len(); - let mut payload = Vec::with_capacity(GCM_EXPLICIT_NONCE_LEN + total_len); + let total_len = self.encrypted_payload_len(msg.payload.len()); + let mut payload = Vec::with_capacity(total_len); payload.extend_from_slice(&nonce.as_ref()[4..]); payload.extend_from_slice(msg.payload); @@ -278,6 +278,10 @@ impl MessageEncrypter for GcmMessageEncrypter { Ok(OpaqueMessage::new(msg.typ, msg.version, payload)) } + + fn encrypted_payload_len(&self, payload_len: usize) -> usize { + payload_len + GCM_EXPLICIT_NONCE_LEN + self.enc_key.algorithm().tag_len() + } } /// The RFC7905/RFC7539 ChaCha20Poly1305 construction. @@ -335,7 +339,7 @@ impl MessageEncrypter for ChaCha20Poly1305MessageEncrypter { let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.enc_offset, seq).0); let aad = aead::Aad::from(make_tls12_aad(seq, msg.typ, msg.version, msg.payload.len())); - let total_len = msg.payload.len() + self.enc_key.algorithm().tag_len(); + let total_len = self.encrypted_payload_len(msg.payload.len()); let mut buf = Vec::with_capacity(total_len); buf.extend_from_slice(msg.payload); @@ -345,6 +349,10 @@ impl MessageEncrypter for ChaCha20Poly1305MessageEncrypter { Ok(OpaqueMessage::new(msg.typ, msg.version, buf)) } + + fn encrypted_payload_len(&self, payload_len: usize) -> usize { + payload_len + self.enc_key.algorithm().tag_len() + } } fn gcm_iv(write_iv: &[u8], explicit: &[u8]) -> Iv { diff --git a/rustls/src/crypto/ring/tls13.rs b/rustls/src/crypto/ring/tls13.rs index a4ea26968b..e24c593900 100644 --- a/rustls/src/crypto/ring/tls13.rs +++ b/rustls/src/crypto/ring/tls13.rs @@ -181,7 +181,7 @@ struct Tls13MessageDecrypter { impl MessageEncrypter for Tls13MessageEncrypter { fn encrypt(&self, msg: BorrowedPlainMessage, seq: u64) -> Result { - let total_len = msg.payload.len() + 1 + self.enc_key.algorithm().tag_len(); + let total_len = self.encrypted_payload_len(msg.payload.len()); let mut payload = Vec::with_capacity(total_len); payload.extend_from_slice(msg.payload); msg.typ.encode(&mut payload); @@ -198,6 +198,10 @@ impl MessageEncrypter for Tls13MessageEncrypter { payload, )) } + + fn encrypted_payload_len(&self, payload_len: usize) -> usize { + payload_len + 1 + self.enc_key.algorithm().tag_len() + } } impl MessageDecrypter for Tls13MessageDecrypter {