Struct rustls::ticketer::TicketSwitcher
source · struct TicketSwitcher {
generator: fn() -> Result<Box<dyn ProducesTickets>, GetRandomFailed>,
lifetime: u32,
state: Mutex<TicketSwitcherState>,
}
Expand description
A ticketer that has a ‘current’ sub-ticketer and a single ‘previous’ ticketer. It creates a new ticketer every so often, demoting the current ticketer.
Fields§
§generator: fn() -> Result<Box<dyn ProducesTickets>, GetRandomFailed>
§lifetime: u32
§state: Mutex<TicketSwitcherState>
Implementations§
source§impl TicketSwitcher
impl TicketSwitcher
sourcefn new(
lifetime: u32,
generator: fn() -> Result<Box<dyn ProducesTickets>, GetRandomFailed>,
) -> Result<Self, Error>
fn new( lifetime: u32, generator: fn() -> Result<Box<dyn ProducesTickets>, GetRandomFailed>, ) -> Result<Self, Error>
lifetime
is in seconds, and is how long the current ticketer
is used to generate new tickets. Tickets are accepted for no
longer than twice this duration. generator
produces a new
ProducesTickets
implementation.
sourcefn maybe_roll(
&self,
now: TimeBase,
) -> Option<MutexGuard<'_, TicketSwitcherState>>
fn maybe_roll( &self, now: TimeBase, ) -> Option<MutexGuard<'_, TicketSwitcherState>>
If it’s time, demote the current
ticketer to previous
(so it
does no new encryptions but can do decryption) and use next for a
new current
ticketer.
Calling this regularly will ensure timely key erasure. Otherwise, key erasure will be delayed until the next encrypt/decrypt call.
For efficiency, this is also responsible for locking the state mutex and returning the mutexguard.
Trait Implementations§
source§impl ProducesTickets for TicketSwitcher
impl ProducesTickets for TicketSwitcher
source§fn lifetime(&self) -> u32
fn lifetime(&self) -> u32
Returns the lifetime in seconds of tickets produced now.
The lifetime is provided as a hint to clients that the
ticket will not be useful after the given time. Read more
source§fn enabled(&self) -> bool
fn enabled(&self) -> bool
Returns true if this implementation will encrypt/decrypt
tickets. Should return false if this is a dummy
implementation: the server will not send the SessionTicket
extension and will not call the other functions.
source§fn encrypt(&self, message: &[u8]) -> Option<Vec<u8>>
fn encrypt(&self, message: &[u8]) -> Option<Vec<u8>>
Encrypt and authenticate
plain
, returning the resulting
ticket. Return None if plain
cannot be encrypted for
some reason: an empty ticket will be sent and the connection
will continue.source§fn decrypt(&self, ciphertext: &[u8]) -> Option<Vec<u8>>
fn decrypt(&self, ciphertext: &[u8]) -> Option<Vec<u8>>
Decrypt
cipher
, validating its authenticity protection
and recovering the plaintext. cipher
is fully attacker
controlled, so this decryption must be side-channel free,
panic-proof, and otherwise bullet-proof. If the decryption
fails, return None.Auto Trait Implementations§
impl !Freeze for TicketSwitcher
impl RefUnwindSafe for TicketSwitcher
impl Send for TicketSwitcher
impl Sync for TicketSwitcher
impl Unpin for TicketSwitcher
impl UnwindSafe for TicketSwitcher
Blanket Implementations§
source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more