rustls/
record_layer.rs

1use crate::cipher::{MessageDecrypter, MessageEncrypter};
2use crate::error::TLSError;
3use crate::msgs::message::{BorrowMessage, Message};
4
5static SEQ_SOFT_LIMIT: u64 = 0xffff_ffff_ffff_0000u64;
6static SEQ_HARD_LIMIT: u64 = 0xffff_ffff_ffff_fffeu64;
7
8#[derive(PartialEq)]
9enum DirectionState {
10    /// No keying material.
11    Invalid,
12
13    /// Keying material present, but not yet in use.
14    Prepared,
15
16    /// Keying material in use.
17    Active,
18}
19
20pub struct RecordLayer {
21    message_encrypter: Box<dyn MessageEncrypter>,
22    message_decrypter: Box<dyn MessageDecrypter>,
23    write_seq: u64,
24    read_seq: u64,
25    encrypt_state: DirectionState,
26    decrypt_state: DirectionState,
27}
28
29impl RecordLayer {
30    pub fn new() -> RecordLayer {
31        RecordLayer {
32            message_encrypter: MessageEncrypter::invalid(),
33            message_decrypter: MessageDecrypter::invalid(),
34            write_seq: 0,
35            read_seq: 0,
36            encrypt_state: DirectionState::Invalid,
37            decrypt_state: DirectionState::Invalid,
38        }
39    }
40
41    pub fn is_encrypting(&self) -> bool {
42        self.encrypt_state == DirectionState::Active
43    }
44
45    pub fn is_decrypting(&self) -> bool {
46        self.decrypt_state == DirectionState::Active
47    }
48
49    /// Prepare to use the given `MessageEncrypter` for future message encryption.
50    /// It is not used until you call `start_encrypting`.
51    pub fn prepare_message_encrypter(&mut self, cipher: Box<dyn MessageEncrypter>) {
52        self.message_encrypter = cipher;
53        self.write_seq = 0;
54        self.encrypt_state = DirectionState::Prepared;
55    }
56
57    /// Prepare to use the given `MessageDecrypter` for future message decryption.
58    /// It is not used until you call `start_decrypting`.
59    pub fn prepare_message_decrypter(&mut self, cipher: Box<dyn MessageDecrypter>) {
60        self.message_decrypter = cipher;
61        self.read_seq = 0;
62        self.decrypt_state = DirectionState::Prepared;
63    }
64
65    /// Start using the `MessageEncrypter` previously provided to the previous
66    /// call to `prepare_message_encrypter`.
67    pub fn start_encrypting(&mut self) {
68        debug_assert!(self.encrypt_state == DirectionState::Prepared);
69        self.encrypt_state = DirectionState::Active;
70    }
71
72    /// Start using the `MessageDecrypter` previously provided to the previous
73    /// call to `prepare_message_decrypter`.
74    pub fn start_decrypting(&mut self) {
75        debug_assert!(self.decrypt_state == DirectionState::Prepared);
76        self.decrypt_state = DirectionState::Active;
77    }
78
79    /// Set and start using the given `MessageEncrypter` for future outgoing
80    /// message encryption.
81    pub fn set_message_encrypter(&mut self, cipher: Box<dyn MessageEncrypter>) {
82        self.prepare_message_encrypter(cipher);
83        self.start_encrypting();
84    }
85
86    /// Set and start using the given `MessageDecrypter` for future incoming
87    /// message decryption.
88    pub fn set_message_decrypter(&mut self, cipher: Box<dyn MessageDecrypter>) {
89        self.prepare_message_decrypter(cipher);
90        self.start_decrypting();
91    }
92
93    /// Return true if the peer appears to getting close to encrypting
94    /// too many messages with this key.
95    ///
96    /// Perhaps if we send an alert well before their counter wraps, a
97    /// buggy peer won't make a terrible mistake here?
98    ///
99    /// Note that there's no reason to refuse to decrypt: the security
100    /// failure has already happened.
101    pub fn wants_close_before_decrypt(&self) -> bool {
102        self.read_seq == SEQ_SOFT_LIMIT
103    }
104
105    /// Return true if we are getting close to encrypting too many
106    /// messages with our encryption key.
107    pub fn wants_close_before_encrypt(&self) -> bool {
108        self.write_seq == SEQ_SOFT_LIMIT
109    }
110
111    /// Return true if we outright refuse to do anything with the
112    /// encryption key.
113    pub fn encrypt_exhausted(&self) -> bool {
114        self.write_seq >= SEQ_HARD_LIMIT
115    }
116
117    /// Decrypt a TLS message.
118    ///
119    /// `encr` is a decoded message allegedly received from the peer.
120    /// If it can be decrypted, its decryption is returned.  Otherwise,
121    /// an error is returned.
122    pub fn decrypt_incoming(&mut self, encr: Message) -> Result<Message, TLSError> {
123        debug_assert!(self.decrypt_state == DirectionState::Active);
124        let seq = self.read_seq;
125        self.read_seq += 1;
126        self.message_decrypter
127            .decrypt(encr, seq)
128    }
129
130    /// Encrypt a TLS message.
131    ///
132    /// `plain` is a TLS message we'd like to send.  This function
133    /// panics if the requisite keying material hasn't been established yet.
134    pub fn encrypt_outgoing(&mut self, plain: BorrowMessage) -> Message {
135        debug_assert!(self.encrypt_state == DirectionState::Active);
136        assert!(!self.encrypt_exhausted());
137        let seq = self.write_seq;
138        self.write_seq += 1;
139        self.message_encrypter
140            .encrypt(plain, seq)
141            .unwrap()
142    }
143}