Struct rustls::ticketer::TicketSwitcher

source ·
struct TicketSwitcher {
    generator: fn() -> Result<Box<dyn ProducesTickets>, GetRandomFailed>,
    lifetime: u32,
    state: Mutex<TicketSwitcherState>,
}
Expand description

A ticketer that has a ‘current’ sub-ticketer and a single ‘previous’ ticketer. It creates a new ticketer every so often, demoting the current ticketer.

Fields§

§generator: fn() -> Result<Box<dyn ProducesTickets>, GetRandomFailed>§lifetime: u32§state: Mutex<TicketSwitcherState>

Implementations§

source§

impl TicketSwitcher

source

fn new( lifetime: u32, generator: fn() -> Result<Box<dyn ProducesTickets>, GetRandomFailed>, ) -> Result<Self, Error>

lifetime is in seconds, and is how long the current ticketer is used to generate new tickets. Tickets are accepted for no longer than twice this duration. generator produces a new ProducesTickets implementation.

source

fn maybe_roll( &self, now: TimeBase, ) -> Option<MutexGuard<'_, TicketSwitcherState>>

If it’s time, demote the current ticketer to previous (so it does no new encryptions but can do decryption) and use next for a new current ticketer.

Calling this regularly will ensure timely key erasure. Otherwise, key erasure will be delayed until the next encrypt/decrypt call.

For efficiency, this is also responsible for locking the state mutex and returning the mutexguard.

Trait Implementations§

source§

impl ProducesTickets for TicketSwitcher

source§

fn lifetime(&self) -> u32

Returns the lifetime in seconds of tickets produced now. The lifetime is provided as a hint to clients that the ticket will not be useful after the given time. Read more
source§

fn enabled(&self) -> bool

Returns true if this implementation will encrypt/decrypt tickets. Should return false if this is a dummy implementation: the server will not send the SessionTicket extension and will not call the other functions.
source§

fn encrypt(&self, message: &[u8]) -> Option<Vec<u8>>

Encrypt and authenticate plain, returning the resulting ticket. Return None if plain cannot be encrypted for some reason: an empty ticket will be sent and the connection will continue.
source§

fn decrypt(&self, ciphertext: &[u8]) -> Option<Vec<u8>>

Decrypt cipher, validating its authenticity protection and recovering the plaintext. cipher is fully attacker controlled, so this decryption must be side-channel free, panic-proof, and otherwise bullet-proof. If the decryption fails, return None.

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

source§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.