1 use crate::cipher::{MessageDecrypter, MessageEncrypter}; 2 use crate::error::TLSError; 3 use crate::msgs::message::{BorrowMessage, Message}; 4 5 static SEQ_SOFT_LIMIT: u64 = 0xffff_ffff_ffff_0000u64; 6 static SEQ_HARD_LIMIT: u64 = 0xffff_ffff_ffff_fffeu64; 7 8 #[derive(PartialEq)] 9 enum DirectionState { 10 /// No keying material. 11 Invalid, 12 13 /// Keying material present, but not yet in use. 14 Prepared, 15 16 /// Keying material in use. 17 Active, 18 } 19 20 pub struct RecordLayer { 21 message_encrypter: Box<dyn MessageEncrypter>, 22 message_decrypter: Box<dyn MessageDecrypter>, 23 write_seq: u64, 24 read_seq: u64, 25 encrypt_state: DirectionState, 26 decrypt_state: DirectionState, 27 } 28 29 impl RecordLayer { new() -> RecordLayer30 pub fn new() -> RecordLayer { 31 RecordLayer { 32 message_encrypter: MessageEncrypter::invalid(), 33 message_decrypter: MessageDecrypter::invalid(), 34 write_seq: 0, 35 read_seq: 0, 36 encrypt_state: DirectionState::Invalid, 37 decrypt_state: DirectionState::Invalid, 38 } 39 } 40 is_encrypting(&self) -> bool41 pub fn is_encrypting(&self) -> bool { 42 self.encrypt_state == DirectionState::Active 43 } 44 is_decrypting(&self) -> bool45 pub fn is_decrypting(&self) -> bool { 46 self.decrypt_state == DirectionState::Active 47 } 48 49 /// Prepare to use the given `MessageEncrypter` for future message encryption. 50 /// It is not used until you call `start_encrypting`. prepare_message_encrypter(&mut self, cipher: Box<dyn MessageEncrypter>)51 pub fn prepare_message_encrypter(&mut self, cipher: Box<dyn MessageEncrypter>) { 52 self.message_encrypter = cipher; 53 self.write_seq = 0; 54 self.encrypt_state = DirectionState::Prepared; 55 } 56 57 /// Prepare to use the given `MessageDecrypter` for future message decryption. 58 /// It is not used until you call `start_decrypting`. prepare_message_decrypter(&mut self, cipher: Box<dyn MessageDecrypter>)59 pub fn prepare_message_decrypter(&mut self, cipher: Box<dyn MessageDecrypter>) { 60 self.message_decrypter = cipher; 61 self.read_seq = 0; 62 self.decrypt_state = DirectionState::Prepared; 63 } 64 65 /// Start using the `MessageEncrypter` previously provided to the previous 66 /// call to `prepare_message_encrypter`. start_encrypting(&mut self)67 pub fn start_encrypting(&mut self) { 68 debug_assert!(self.encrypt_state == DirectionState::Prepared); 69 self.encrypt_state = DirectionState::Active; 70 } 71 72 /// Start using the `MessageDecrypter` previously provided to the previous 73 /// call to `prepare_message_decrypter`. start_decrypting(&mut self)74 pub fn start_decrypting(&mut self) { 75 debug_assert!(self.decrypt_state == DirectionState::Prepared); 76 self.decrypt_state = DirectionState::Active; 77 } 78 79 /// Set and start using the given `MessageEncrypter` for future outgoing 80 /// message encryption. set_message_encrypter(&mut self, cipher: Box<dyn MessageEncrypter>)81 pub fn set_message_encrypter(&mut self, cipher: Box<dyn MessageEncrypter>) { 82 self.prepare_message_encrypter(cipher); 83 self.start_encrypting(); 84 } 85 86 /// Set and start using the given `MessageDecrypter` for future incoming 87 /// message decryption. set_message_decrypter(&mut self, cipher: Box<dyn MessageDecrypter>)88 pub fn set_message_decrypter(&mut self, cipher: Box<dyn MessageDecrypter>) { 89 self.prepare_message_decrypter(cipher); 90 self.start_decrypting(); 91 } 92 93 /// Return true if the peer appears to getting close to encrypting 94 /// too many messages with this key. 95 /// 96 /// Perhaps if we send an alert well before their counter wraps, a 97 /// buggy peer won't make a terrible mistake here? 98 /// 99 /// Note that there's no reason to refuse to decrypt: the security 100 /// failure has already happened. wants_close_before_decrypt(&self) -> bool101 pub fn wants_close_before_decrypt(&self) -> bool { 102 self.read_seq == SEQ_SOFT_LIMIT 103 } 104 105 /// Return true if we are getting close to encrypting too many 106 /// messages with our encryption key. wants_close_before_encrypt(&self) -> bool107 pub fn wants_close_before_encrypt(&self) -> bool { 108 self.write_seq == SEQ_SOFT_LIMIT 109 } 110 111 /// Return true if we outright refuse to do anything with the 112 /// encryption key. encrypt_exhausted(&self) -> bool113 pub fn encrypt_exhausted(&self) -> bool { 114 self.write_seq >= SEQ_HARD_LIMIT 115 } 116 117 /// Decrypt a TLS message. 118 /// 119 /// `encr` is a decoded message allegedly received from the peer. 120 /// If it can be decrypted, its decryption is returned. Otherwise, 121 /// an error is returned. decrypt_incoming(&mut self, encr: Message) -> Result<Message, TLSError>122 pub fn decrypt_incoming(&mut self, encr: Message) -> Result<Message, TLSError> { 123 debug_assert!(self.decrypt_state == DirectionState::Active); 124 let seq = self.read_seq; 125 self.read_seq += 1; 126 self.message_decrypter 127 .decrypt(encr, seq) 128 } 129 130 /// Encrypt a TLS message. 131 /// 132 /// `plain` is a TLS message we'd like to send. This function 133 /// panics if the requisite keying material hasn't been established yet. encrypt_outgoing(&mut self, plain: BorrowMessage) -> Message134 pub fn encrypt_outgoing(&mut self, plain: BorrowMessage) -> Message { 135 debug_assert!(self.encrypt_state == DirectionState::Active); 136 assert!(!self.encrypt_exhausted()); 137 let seq = self.write_seq; 138 self.write_seq += 1; 139 self.message_encrypter 140 .encrypt(plain, seq) 141 .unwrap() 142 } 143 } 144