aws_kms_tls_auth

Struct PskReceiver

Source 
pub struct PskReceiver { /* private fields */ }
Expand description

The PskReceiver is used along with the [PskProvider] to perform TLS 1.3 out-of-band PSK authentication, using PSK’s generated from KMS.

This struct can be enabled on a config with s2n_tls::config::Builder::set_client_hello_callback.

Implementations§

Source§

impl PskReceiver

Source

pub fn new( kms_client: Client, trusted_key_arns: Vec<KeyArn>, obfuscation_keys: Vec<ObfuscationKey>, ) -> Self

Create a new PskReceiver.

This will receive the ciphertext datakey identities from a TLS client hello, then decrypt them using KMS. This establishes a mutually authenticated TLS handshake between parties with IAM permissions to generate and decrypt data keys

  • kms_client: The KMS Client that will be used for the decrypt calls

  • trusted_key_arns: The list of KMS KeyArns that the PskReceiver will accept PSKs from. This is necessary because an attacker could grant the server decrypt permissions on AttackerKeyArn, but the PskReceiver should not trust any Psk’s from AttackerKeyArn.

  • obfuscation_keys: The keys that will be used to deobfuscate the received identities. The client PskProvider must be using one of the obfuscation keys in this list. If the PskReceiver receives a Psk identity obfuscated using a key not on this list, then the handshake will fail.

Trait Implementations§

Source§

impl ClientHelloCallback for PskReceiver

Source§

fn on_client_hello( &self, connection: &mut Connection, ) -> Result<Option<Pin<Box<dyn ConnectionFuture>>>, Error>

The application can return an Ok(None) to resolve the callback synchronously or return an Ok(Some(ConnectionFuture)) if it wants to run some asynchronous task before resolving the callback. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<Unshared, Shared> IntoShared<Shared> for Unshared
where Shared: FromUnshared<Unshared>,

Source§

fn into_shared(self) -> Shared

Creates a shared type from an unshared type.
Source§

impl<T> Pointable for T

Source§

const ALIGN: usize

The alignment of pointer.
Source§

type Init = T

The type for initializers.
Source§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
Source§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
Source§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
Source§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more