Use ProtocolName for ALPN protocol pervasively

Author: ctz

rustls/src/client/client_conn.rs

@@ -19,7 +19,7 @@ use crate::error::Error;
 use crate::kernel::KernelConnection;
 use crate::log::trace;
 use crate::msgs::enums::NamedGroup;
-use crate::msgs::handshake::ClientExtension;
+use crate::msgs::handshake::{ClientExtension, ProtocolName};
 use crate::msgs::persist;
 use crate::suites::{ExtractedSecrets, SupportedCipherSuite};
 use crate::sync::Arc;
@@ -851,6 +851,10 @@ impl ConnectionCore<ClientConnectionData> {
         common_state.enable_secret_extraction = config.enable_secret_extraction;
         common_state.fips = config.fips();
         let mut data = ClientConnectionData::new();
+        let alpn_protocols = alpn_protocols
+            .into_iter()
+            .map(ProtocolName::from)
+            .collect();
 
         let mut cx = hs::ClientContext {
             common: &mut common_state,

rustls/src/client/common.rs

@@ -4,7 +4,7 @@ use alloc::vec::Vec;
 use super::ResolvesClientCert;
 use crate::log::{debug, trace};
 use crate::msgs::enums::ExtensionType;
-use crate::msgs::handshake::{CertificateChain, DistinguishedName, ServerExtension};
+use crate::msgs::handshake::{CertificateChain, DistinguishedName, ProtocolName, ServerExtension};
 use crate::sync::Arc;
 use crate::{SignatureScheme, compress, sign};
 
@@ -35,14 +35,14 @@ impl<'a> ServerCertDetails<'a> {
 }
 
 pub(super) struct ClientHelloDetails {
-    pub(super) alpn_protocols: Vec<Vec<u8>>,
+    pub(super) alpn_protocols: Vec<ProtocolName>,
     pub(super) sent_extensions: Vec<ExtensionType>,
     pub(super) extension_order_seed: u16,
     pub(super) offered_cert_compression: bool,
 }
 
 impl ClientHelloDetails {
-    pub(super) fn new(alpn_protocols: Vec<Vec<u8>>, extension_order_seed: u16) -> Self {
+    pub(super) fn new(alpn_protocols: Vec<ProtocolName>, extension_order_seed: u16) -> Self {
         Self {
             alpn_protocols,
             sent_extensions: Vec::new(),

rustls/src/client/hs.rs

@@ -99,7 +99,7 @@ fn find_session(
 
 pub(super) fn start_handshake(
     server_name: ServerName<'static>,
-    alpn_protocols: Vec<Vec<u8>>,
+    alpn_protocols: Vec<ProtocolName>,
     extra_exts: Vec<ClientExtension>,
     config: Arc<ClientConfig>,
     cx: &mut ClientContext<'_>,
@@ -359,12 +359,7 @@ fn emit_client_hello_for_retry(
     // Add ALPN extension if we have any protocols
     if !input.hello.alpn_protocols.is_empty() {
         exts.push(ClientExtension::Protocols(
-            input
-                .hello
-                .alpn_protocols
-                .iter()
-                .map(|proto| ProtocolName::from(proto.clone()))
-                .collect::<Vec<_>>(),
+            input.hello.alpn_protocols.clone(),
         ));
     }
 
@@ -668,10 +663,10 @@ fn prepare_resumption<'a>(
 
 pub(super) fn process_alpn_protocol(
     common: &mut CommonState,
-    offered_protocols: &[Vec<u8>],
-    proto: Option<&[u8]>,
+    offered_protocols: &[ProtocolName],
+    selected: Option<&ProtocolName>,
 ) -> Result<(), Error> {
-    common.alpn_protocol = proto.map(ToOwned::to_owned);
+    common.alpn_protocol = selected.map(ToOwned::to_owned);
 
     if let Some(alpn_protocol) = &common.alpn_protocol {
         if !offered_protocols.contains(alpn_protocol) {

rustls/src/common_state.rs

@@ -14,7 +14,7 @@ use crate::msgs::base::Payload;
 use crate::msgs::codec::Codec;
 use crate::msgs::enums::{AlertLevel, KeyUpdateRequest};
 use crate::msgs::fragmenter::MessageFragmenter;
-use crate::msgs::handshake::{CertificateChain, HandshakeMessagePayload};
+use crate::msgs::handshake::{CertificateChain, HandshakeMessagePayload, ProtocolName};
 use crate::msgs::message::{
     Message, MessagePayload, OutboundChunks, OutboundOpaqueMessage, OutboundPlainMessage,
     PlainMessage,
@@ -35,7 +35,7 @@ pub struct CommonState {
     pub(crate) record_layer: record_layer::RecordLayer,
     pub(crate) suite: Option<SupportedCipherSuite>,
     pub(crate) kx_state: KxState,
-    pub(crate) alpn_protocol: Option<Vec<u8>>,
+    pub(crate) alpn_protocol: Option<ProtocolName>,
     pub(crate) aligned_handshake: bool,
     pub(crate) may_send_application_data: bool,
     pub(crate) may_receive_application_data: bool,

rustls/src/msgs/handshake.rs

@@ -360,6 +360,20 @@ wrapped_payload!(
     pub(crate) struct ProtocolName, PayloadU8<NonEmpty>,
 );
 
+impl PartialEq for ProtocolName {
+    fn eq(&self, other: &Self) -> bool {
+        self.0 == other.0
+    }
+}
+
+impl Deref for ProtocolName {
+    type Target = [u8];
+
+    fn deref(&self) -> &Self::Target {
+        self.as_ref()
+    }
+}
+
 /// RFC7301: `ProtocolName protocol_name_list<2..2^16-1>`
 impl TlsListElement for ProtocolName {
     const SIZE_LEN: ListLength = ListLength::NonZeroU16 {
@@ -372,8 +386,8 @@ impl TlsListElement for ProtocolName {
 pub(crate) struct SingleProtocolName(ProtocolName);
 
 impl SingleProtocolName {
-    pub(crate) fn new(bytes: Vec<u8>) -> Self {
-        Self(ProtocolName::from(bytes))
+    pub(crate) fn new(single: ProtocolName) -> Self {
+        Self(single)
     }
 
     const SIZE_LEN: ListLength = ListLength::NonZeroU16 {
@@ -2224,10 +2238,10 @@ pub(crate) trait HasServerExtensions {
             .find(|x| x.ext_type() == ext)
     }
 
-    fn alpn_protocol(&self) -> Option<&[u8]> {
+    fn alpn_protocol(&self) -> Option<&ProtocolName> {
         let ext = self.find_extension(ExtensionType::ALProtocolNegotiation)?;
         match ext {
-            ServerExtension::Protocols(protos) => Some(protos.as_ref()),
+            ServerExtension::Protocols(protos) => Some(&protos.0),
             _ => None,
         }
     }

rustls/src/msgs/handshake_test.rs

@@ -1006,7 +1006,7 @@ fn sample_server_hello_payload() -> ServerHelloPayload {
             ServerExtension::ServerNameAck,
             ServerExtension::SessionTicketAck,
             ServerExtension::RenegotiationInfo(PayloadU8::new(vec![0])),
-            ServerExtension::Protocols(SingleProtocolName::new(vec![0])),
+            ServerExtension::Protocols(SingleProtocolName::new(ProtocolName::from(vec![0]))),
             ServerExtension::KeyShare(KeyShareEntry::new(NamedGroup::X25519, &[1, 2, 3][..])),
             ServerExtension::PresharedKey(3),
             ServerExtension::ExtendedMasterSecretAck,

rustls/src/msgs/persist.rs

@@ -9,9 +9,9 @@ use crate::enums::{CipherSuite, ProtocolVersion};
 use crate::error::InvalidMessage;
 use crate::msgs::base::{MaybeEmpty, PayloadU8, PayloadU16};
 use crate::msgs::codec::{Codec, Reader};
-use crate::msgs::handshake::CertificateChain;
 #[cfg(feature = "tls12")]
 use crate::msgs::handshake::SessionId;
+use crate::msgs::handshake::{CertificateChain, ProtocolName};
 use crate::sync::{Arc, Weak};
 #[cfg(feature = "tls12")]
 use crate::tls12::Tls12CipherSuite;
@@ -399,7 +399,7 @@ impl ServerSessionValue {
         cs: CipherSuite,
         ms: &[u8],
         client_cert_chain: Option<CertificateChain<'static>>,
-        alpn: Option<Vec<u8>>,
+        alpn: Option<ProtocolName>,
         application_data: Vec<u8>,
         creation_time: UnixTime,
         age_obfuscation_offset: u32,
@@ -411,7 +411,7 @@ impl ServerSessionValue {
             master_secret: Zeroizing::new(PayloadU8::new(ms.to_vec())),
             extended_ms: false,
             client_cert_chain,
-            alpn: alpn.map(PayloadU8::new),
+            alpn: alpn.map(|p| PayloadU8::new(p.as_ref().to_vec())),
             application_data: PayloadU16::new(application_data),
             creation_time_sec: creation_time.as_secs(),
             age_obfuscation_offset,

rustls/src/server/hs.rs

@@ -21,8 +21,8 @@ use crate::msgs::enums::{Compression, ExtensionType, NamedGroup};
 #[cfg(feature = "tls12")]
 use crate::msgs::handshake::SessionId;
 use crate::msgs::handshake::{
-    ClientHelloPayload, HandshakePayload, KeyExchangeAlgorithm, Random, ServerExtension,
-    ServerNamePayload, SingleProtocolName,
+    ClientHelloPayload, HandshakePayload, KeyExchangeAlgorithm, ProtocolName, Random,
+    ServerExtension, ServerNamePayload, SingleProtocolName,
 };
 use crate::msgs::message::{Message, MessagePayload};
 use crate::msgs::persist;
@@ -89,7 +89,7 @@ impl ExtensionProcessing {
                         .iter()
                         .any(|theirs| theirs.as_ref() == ours.as_slice())
                 })
-                .cloned();
+                .map(|bytes| ProtocolName::from(bytes.clone()));
             if let Some(selected_protocol) = &cx.common.alpn_protocol {
                 debug!("Chosen ALPN protocol {selected_protocol:?}");
                 self.exts

rustls/src/server/tls13.rs

@@ -652,7 +652,7 @@ mod client_hello {
             && resume.is_fresh()
             && Some(resume.version) == cx.common.negotiated_version
             && resume.cipher_suite == suite.common.suite
-            && resume.alpn.as_ref().map(|x| &x.0) == cx.common.alpn_protocol.as_ref();
+            && resume.alpn.as_ref().map(|p| &p.0[..]) == cx.common.alpn_protocol.as_deref();
 
         if early_data_configured && early_data_possible && !cx.data.early_data.was_rejected() {
             EarlyDataDecision::Accepted