Struct RecordLayer

pub(crate) struct RecordLayer {
    message_encrypter: Box<dyn MessageEncrypter>,
    message_decrypter: Box<dyn MessageDecrypter>,
    write_seq_max: u64,
    write_seq: u64,
    read_seq: u64,
    has_decrypted: bool,
    encrypt_state: DirectionState,
    decrypt_state: DirectionState,
    trial_decryption_len: Option<usize>,
}

Record layer that tracks decryption and encryption keys.

Fields

message_encrypter: Box<dyn MessageEncrypter>

message_decrypter: Box<dyn MessageDecrypter>

write_seq_max: u64

write_seq: u64

read_seq: u64

has_decrypted: bool

encrypt_state: DirectionState

decrypt_state: DirectionState

trial_decryption_len: Option<usize>

Implementations

impl RecordLayer

pub(crate) fn new() -> Self

Create new record layer with no keys.

pub(crate) fn decrypt_incoming<'a>( &mut self, encr: InboundOpaqueMessage<'a>, ) -> Result<Option<Decrypted<'a>>, Error>

Decrypt a TLS message.

encr is a decoded message allegedly received from the peer. If it can be decrypted, its decryption is returned. Otherwise, an error is returned.

pub(crate) fn encrypt_outgoing( &mut self, plain: OutboundPlainMessage<'_>, ) -> OutboundOpaqueMessage

Encrypt a TLS message.

plain is a TLS message we’d like to send. This function panics if the requisite keying material hasn’t been established yet.

pub(crate) fn prepare_message_encrypter( &mut self, cipher: Box<dyn MessageEncrypter>, max_messages: u64, )

Prepare to use the given MessageEncrypter for future message encryption. It is not used until you call start_encrypting.

pub(crate) fn prepare_message_decrypter( &mut self, cipher: Box<dyn MessageDecrypter>, )

Prepare to use the given MessageDecrypter for future message decryption. It is not used until you call start_decrypting.

pub(crate) fn start_encrypting(&mut self)

Start using the MessageEncrypter previously provided to the previous call to prepare_message_encrypter.

pub(crate) fn start_decrypting(&mut self)

Start using the MessageDecrypter previously provided to the previous call to prepare_message_decrypter.

pub(crate) fn set_message_encrypter( &mut self, cipher: Box<dyn MessageEncrypter>, max_messages: u64, )

Set and start using the given MessageEncrypter for future outgoing message encryption.

pub(crate) fn set_message_decrypter( &mut self, cipher: Box<dyn MessageDecrypter>, )

Set and start using the given MessageDecrypter for future incoming message decryption.

pub(crate) fn set_message_decrypter_with_trial_decryption( &mut self, cipher: Box<dyn MessageDecrypter>, max_length: usize, )

Set and start using the given MessageDecrypter for future incoming message decryption, and enable “trial decryption” mode for when TLS1.3 0-RTT is attempted but rejected by the server.

pub(crate) fn finish_trial_decryption(&mut self)

pub(crate) fn next_pre_encrypt_action(&self) -> PreEncryptAction

pub(crate) fn pre_encrypt_action(&self, add: u64) -> PreEncryptAction

Return a remedial action when we are near to encrypting too many messages.

add is added to the current sequence number. add as 0 means “the next message processed by encrypt_outgoing”

pub(crate) fn is_encrypting(&self) -> bool

pub(crate) fn has_decrypted(&self) -> bool

Return true if we have ever decrypted a message. This is used in place of checking the read_seq since that will be reset on key updates.

pub(crate) fn write_seq(&self) -> u64

pub(crate) fn read_seq(&self) -> u64

pub(crate) fn encrypted_len(&self, payload_len: usize) -> usize

fn doing_trial_decryption(&mut self, requested: usize) -> bool