Trait rustls::quic::PacketKey

source ·
pub trait PacketKey: Send + Sync {
    // Required methods
    fn encrypt_in_place(
        &self,
        packet_number: u64,
        header: &[u8],
        payload: &mut [u8],
    ) -> Result<Tag, Error>;
    fn decrypt_in_place<'a>(
        &self,
        packet_number: u64,
        header: &[u8],
        payload: &'a mut [u8],
    ) -> Result<&'a [u8], Error>;
    fn tag_len(&self) -> usize;
    fn confidentiality_limit(&self) -> u64;
    fn integrity_limit(&self) -> u64;
}
Expand description

Keys to encrypt or decrypt the payload of a packet

Required Methods§

source

fn encrypt_in_place( &self, packet_number: u64, header: &[u8], payload: &mut [u8], ) -> Result<Tag, Error>

Encrypt a QUIC packet

Takes a packet_number, used to derive the nonce; the packet header, which is used as the additional authenticated data; and the payload. The authentication tag is returned if encryption succeeds.

Fails if and only if the payload is longer than allowed by the cipher suite’s AEAD algorithm.

source

fn decrypt_in_place<'a>( &self, packet_number: u64, header: &[u8], payload: &'a mut [u8], ) -> Result<&'a [u8], Error>

Decrypt a QUIC packet

Takes the packet header, which is used as the additional authenticated data, and the payload, which includes the authentication tag.

If the return value is Ok, the decrypted payload can be found in payload, up to the length found in the return value.

source

fn tag_len(&self) -> usize

Tag length for the underlying AEAD algorithm

source

fn confidentiality_limit(&self) -> u64

Number of QUIC messages that can be safely encrypted with a single key of this type.

Once a MessageEncrypter produced for this suite has encrypted more than confidentiality_limit messages, an attacker gains an advantage in distinguishing it from an ideal pseudorandom permutation (PRP).

This is to be set on the assumption that messages are maximally sized – 2 ** 16. For non-QUIC TCP connections see CipherSuiteCommon::confidentiality_limit.

source

fn integrity_limit(&self) -> u64

Number of QUIC messages that can be safely decrypted with a single key of this type

Once a MessageDecrypter produced for this suite has failed to decrypt integrity_limit messages, an attacker gains an advantage in forging messages.

This is not relevant for TLS over TCP (which is also implemented in this crate) because a single failed decryption is fatal to the connection. However, this quantity is used by QUIC.

Implementors§