pub trait TicketProducer:
Debug
+ Send
+ Sync {
// Required methods
fn encrypt(&self, plain: &[u8]) -> Option<Vec<u8>>;
fn decrypt(&self, cipher: &[u8]) -> Option<Vec<u8>>;
fn lifetime(&self) -> Duration;
}Expand description
A trait for the ability to encrypt and decrypt tickets.
Required Methods§
Sourcefn encrypt(&self, plain: &[u8]) -> Option<Vec<u8>>
fn encrypt(&self, plain: &[u8]) -> Option<Vec<u8>>
Encrypt and authenticate plain, returning the resulting
ticket. Return None if plain cannot be encrypted for
some reason: an empty ticket will be sent and the connection
will continue.
Sourcefn decrypt(&self, cipher: &[u8]) -> Option<Vec<u8>>
fn decrypt(&self, cipher: &[u8]) -> Option<Vec<u8>>
Decrypt cipher, validating its authenticity protection
and recovering the plaintext. cipher is fully attacker
controlled, so this decryption must be side-channel free,
panic-proof, and otherwise bullet-proof. If the decryption
fails, return None.
Sourcefn lifetime(&self) -> Duration
fn lifetime(&self) -> Duration
Returns the lifetime of tickets produced now. The lifetime is provided as a hint to clients that the ticket will not be useful after the given time.
This lifetime must be implemented by key rolling and erasure, not by storing a lifetime in the ticket.
The objective is to limit damage to forward secrecy caused by tickets, not just limiting their lifetime.