pub trait ProducesTickets:
Debug
+ Send
+ Sync {
// Required methods
fn enabled(&self) -> bool;
fn lifetime(&self) -> u32;
fn encrypt(&self, plain: &[u8]) -> Option<Vec<u8>>;
fn decrypt(&self, cipher: &[u8]) -> Option<Vec<u8>>;
}
Expand description
A trait for the ability to encrypt and decrypt tickets.
Required Methods§
sourcefn enabled(&self) -> bool
fn enabled(&self) -> bool
Returns true if this implementation will encrypt/decrypt tickets. Should return false if this is a dummy implementation: the server will not send the SessionTicket extension and will not call the other functions.
sourcefn lifetime(&self) -> u32
fn lifetime(&self) -> u32
Returns the lifetime in seconds of tickets produced now. The lifetime is provided as a hint to clients that the ticket will not be useful after the given time.
This lifetime must be implemented by key rolling and erasure, not by storing a lifetime in the ticket.
The objective is to limit damage to forward secrecy caused by tickets, not just limiting their lifetime.
sourcefn encrypt(&self, plain: &[u8]) -> Option<Vec<u8>>
fn encrypt(&self, plain: &[u8]) -> Option<Vec<u8>>
Encrypt and authenticate plain
, returning the resulting
ticket. Return None if plain
cannot be encrypted for
some reason: an empty ticket will be sent and the connection
will continue.
sourcefn decrypt(&self, cipher: &[u8]) -> Option<Vec<u8>>
fn decrypt(&self, cipher: &[u8]) -> Option<Vec<u8>>
Decrypt cipher
, validating its authenticity protection
and recovering the plaintext. cipher
is fully attacker
controlled, so this decryption must be side-channel free,
panic-proof, and otherwise bullet-proof. If the decryption
fails, return None.