1 use crate::cipher::{MessageDecrypter, MessageEncrypter};
2 use crate::error::TLSError;
3 use crate::msgs::message::{BorrowMessage, Message};
4 
5 static SEQ_SOFT_LIMIT: u64 = 0xffff_ffff_ffff_0000u64;
6 static SEQ_HARD_LIMIT: u64 = 0xffff_ffff_ffff_fffeu64;
7 
8 #[derive(PartialEq)]
9 enum DirectionState {
10     /// No keying material.
11     Invalid,
12 
13     /// Keying material present, but not yet in use.
14     Prepared,
15 
16     /// Keying material in use.
17     Active,
18 }
19 
20 pub struct RecordLayer {
21     message_encrypter: Box<dyn MessageEncrypter>,
22     message_decrypter: Box<dyn MessageDecrypter>,
23     write_seq: u64,
24     read_seq: u64,
25     encrypt_state: DirectionState,
26     decrypt_state: DirectionState,
27 }
28 
29 impl RecordLayer {
new() -> RecordLayer30     pub fn new() -> RecordLayer {
31         RecordLayer {
32             message_encrypter: MessageEncrypter::invalid(),
33             message_decrypter: MessageDecrypter::invalid(),
34             write_seq: 0,
35             read_seq: 0,
36             encrypt_state: DirectionState::Invalid,
37             decrypt_state: DirectionState::Invalid,
38         }
39     }
40 
is_encrypting(&self) -> bool41     pub fn is_encrypting(&self) -> bool {
42         self.encrypt_state == DirectionState::Active
43     }
44 
is_decrypting(&self) -> bool45     pub fn is_decrypting(&self) -> bool {
46         self.decrypt_state == DirectionState::Active
47     }
48 
49     /// Prepare to use the given `MessageEncrypter` for future message encryption.
50     /// It is not used until you call `start_encrypting`.
prepare_message_encrypter(&mut self, cipher: Box<dyn MessageEncrypter>)51     pub fn prepare_message_encrypter(&mut self, cipher: Box<dyn MessageEncrypter>) {
52         self.message_encrypter = cipher;
53         self.write_seq = 0;
54         self.encrypt_state = DirectionState::Prepared;
55     }
56 
57     /// Prepare to use the given `MessageDecrypter` for future message decryption.
58     /// It is not used until you call `start_decrypting`.
prepare_message_decrypter(&mut self, cipher: Box<dyn MessageDecrypter>)59     pub fn prepare_message_decrypter(&mut self, cipher: Box<dyn MessageDecrypter>) {
60         self.message_decrypter = cipher;
61         self.read_seq = 0;
62         self.decrypt_state = DirectionState::Prepared;
63     }
64 
65     /// Start using the `MessageEncrypter` previously provided to the previous
66     /// call to `prepare_message_encrypter`.
start_encrypting(&mut self)67     pub fn start_encrypting(&mut self) {
68         debug_assert!(self.encrypt_state == DirectionState::Prepared);
69         self.encrypt_state = DirectionState::Active;
70     }
71 
72     /// Start using the `MessageDecrypter` previously provided to the previous
73     /// call to `prepare_message_decrypter`.
start_decrypting(&mut self)74     pub fn start_decrypting(&mut self) {
75         debug_assert!(self.decrypt_state == DirectionState::Prepared);
76         self.decrypt_state = DirectionState::Active;
77     }
78 
79     /// Set and start using the given `MessageEncrypter` for future outgoing
80     /// message encryption.
set_message_encrypter(&mut self, cipher: Box<dyn MessageEncrypter>)81     pub fn set_message_encrypter(&mut self, cipher: Box<dyn MessageEncrypter>) {
82         self.prepare_message_encrypter(cipher);
83         self.start_encrypting();
84     }
85 
86     /// Set and start using the given `MessageDecrypter` for future incoming
87     /// message decryption.
set_message_decrypter(&mut self, cipher: Box<dyn MessageDecrypter>)88     pub fn set_message_decrypter(&mut self, cipher: Box<dyn MessageDecrypter>) {
89         self.prepare_message_decrypter(cipher);
90         self.start_decrypting();
91     }
92 
93     /// Return true if the peer appears to getting close to encrypting
94     /// too many messages with this key.
95     ///
96     /// Perhaps if we send an alert well before their counter wraps, a
97     /// buggy peer won't make a terrible mistake here?
98     ///
99     /// Note that there's no reason to refuse to decrypt: the security
100     /// failure has already happened.
wants_close_before_decrypt(&self) -> bool101     pub fn wants_close_before_decrypt(&self) -> bool {
102         self.read_seq == SEQ_SOFT_LIMIT
103     }
104 
105     /// Return true if we are getting close to encrypting too many
106     /// messages with our encryption key.
wants_close_before_encrypt(&self) -> bool107     pub fn wants_close_before_encrypt(&self) -> bool {
108         self.write_seq == SEQ_SOFT_LIMIT
109     }
110 
111     /// Return true if we outright refuse to do anything with the
112     /// encryption key.
encrypt_exhausted(&self) -> bool113     pub fn encrypt_exhausted(&self) -> bool {
114         self.write_seq >= SEQ_HARD_LIMIT
115     }
116 
117     /// Decrypt a TLS message.
118     ///
119     /// `encr` is a decoded message allegedly received from the peer.
120     /// If it can be decrypted, its decryption is returned.  Otherwise,
121     /// an error is returned.
decrypt_incoming(&mut self, encr: Message) -> Result<Message, TLSError>122     pub fn decrypt_incoming(&mut self, encr: Message) -> Result<Message, TLSError> {
123         debug_assert!(self.decrypt_state == DirectionState::Active);
124         let seq = self.read_seq;
125         self.read_seq += 1;
126         self.message_decrypter
127             .decrypt(encr, seq)
128     }
129 
130     /// Encrypt a TLS message.
131     ///
132     /// `plain` is a TLS message we'd like to send.  This function
133     /// panics if the requisite keying material hasn't been established yet.
encrypt_outgoing(&mut self, plain: BorrowMessage) -> Message134     pub fn encrypt_outgoing(&mut self, plain: BorrowMessage) -> Message {
135         debug_assert!(self.encrypt_state == DirectionState::Active);
136         assert!(!self.encrypt_exhausted());
137         let seq = self.write_seq;
138         self.write_seq += 1;
139         self.message_encrypter
140             .encrypt(plain, seq)
141             .unwrap()
142     }
143 }
144