Skip to main content

Interceptor

alterion_encrypt::interceptor

Struct Interceptor 

Source 
pub struct Interceptor {
    pub key_store: Arc<RwLock<KeyStore>>,
    pub handshake_store: HandshakeStore,
    pub replay_store: Option<ConnectionManager>,
}
Expand description

Actix-web middleware that transparently decrypts incoming request bodies and encrypts outgoing response bodies using the X25519 ECDH + AES-256-GCM + HMAC-SHA256 pipeline.

§Usage

use alterion_encrypt::interceptor::Interceptor;
use alterion_encrypt::{init_key_store, init_handshake_store, start_rotation};

let store = init_key_store(3600);
let hs    = init_handshake_store();
start_rotation(store.clone(), 3600, hs.clone());
// App::new().wrap(Interceptor { key_store: store, handshake_store: hs, replay_store: None })

Request path (POST / PUT / PATCH):

  1. Collect raw body bytes.
  2. MessagePack-decode a Request and validate timestamp.
  3. Perform X25519 ECDH using the server key identified by key_id and the client’s ephemeral public key from the packet.
  4. Derive a wrap key via HKDF-SHA256 and use it to AES-GCM-unwrap the client’s enc_key.
  5. AES-256-GCM-decrypt the payload using enc_key.
  6. Inject DecryptedBody and RequestSessionKeys into request extensions.

Requests whose body is not a valid Request are passed through unchanged.

Response path (only when RequestSessionKeys was set): JSON → deflate compress → msgpack → AES-256-GCM (enc_key) → HMAC-SHA256 (mac key derived from enc_key) → Response → msgpack.

Fields§

§key_store: Arc<RwLock<KeyStore>>§handshake_store: HandshakeStore§replay_store: Option<ConnectionManager>

Trait Implementations§

Source§

impl<S, B> Transform<S, ServiceRequest> for Interceptor
where S: Service<ServiceRequest, Response = ServiceResponse<B>, Error = Error> + 'static, B: MessageBody + 'static,

Source§

type Response = ServiceResponse<EitherBody<B>>

Responses produced by the service.
Source§

type Error = Error

Errors produced by the service.
Source§

type Transform = InterceptorService<S>

The TransformService value created by this factory
Source§

type InitError = ()

Errors produced while building a transform service.
Source§

type Future = Ready<Result<<Interceptor as Transform<S, ServiceRequest>>::Transform, <Interceptor as Transform<S, ServiceRequest>>::InitError>>

The future response value.
Source§

fn new_transform(&self, service: S) -> Self::Future

Creates and returns a new Transform component, asynchronously

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ManuallyDropMut for T

Source§

type Ret = ManuallyDrop<T>

Source§

fn manually_drop_mut<'__>(&'__ mut self) -> &'__ mut ManuallyDrop<T>

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more