pub trait TicketProducer:
Debug
+ Send
+ Sync {
// Required methods
fn encrypt(&self, plain: &[u8]) -> Option<Vec<u8>>;
fn decrypt(&self, cipher: &[u8]) -> Option<Vec<u8>>;
fn lifetime(&self) -> Duration;
}Expand description
A trait for the ability to encrypt and decrypt tickets.
Required Methods§
Sourcefn encrypt(&self, plain: &[u8]) -> Option<Vec<u8>>
fn encrypt(&self, plain: &[u8]) -> Option<Vec<u8>>
Encrypt and authenticate plain, returning the resulting
ticket. Return None if plain cannot be encrypted for
some reason: an empty ticket will be sent and the connection
will continue.
Sourcefn decrypt(&self, cipher: &[u8]) -> Option<Vec<u8>>
fn decrypt(&self, cipher: &[u8]) -> Option<Vec<u8>>
Decrypt cipher, validating its authenticity protection
and recovering the plaintext. cipher is fully attacker
controlled, so this decryption must be side-channel free,
panic-proof, and otherwise bullet-proof. If the decryption
fails, return None.
Sourcefn lifetime(&self) -> Duration
fn lifetime(&self) -> Duration
Returns the lifetime of tickets produced now. The lifetime is provided as a hint to clients that the ticket will not be useful after the given time.
This lifetime must be implemented by key rolling and erasure, not by storing a lifetime in the ticket.
The objective is to limit damage to forward secrecy caused by tickets, not just limiting their lifetime.
Dyn Compatibility§
This trait is dyn compatible.
In older versions of Rust, dyn compatibility was called "object safety".