Skip to main content

DeRecMessage

derec_proto

Struct DeRecMessage 

Source 
pub struct DeRecMessage {
    pub protocol_version_major: u32,
    pub protocol_version_minor: u32,
    pub sequence: u32,
    pub channel_id: u64,
    pub timestamp: Option<Timestamp>,
    pub message: Vec<u8>,
}
Expand description

DeRecMessage is the top-level protocol envelope for all DeRec messages, except ContactMessage which is exchanged out-of-band during pairing.

This message represents the unit of communication between an Owner and a Helper once a secure channel has been established. Every protocol exchange (pairing, sharing, verification, recovery, etc.) is carried inside this envelope.

§Security Model

The DeRecMessage envelope itself is not responsible for confidentiality or authenticity. Instead:

  • The message field contains encrypted bytes representing the inner message
  • Encryption and signing are applied at the payload level prior to transport

Implementations MUST ensure that:

  • The inner message is encrypted using the agreed channel keys
  • The envelope metadata is treated as untrusted until the payload is verified

§Semantics

A DeRecMessage provides:

  • protocol versioning information for compatibility handling
  • ordering guarantees via a monotonically increasing sequence number
  • channel identification for routing and key selection
  • a timestamp for replay protection and observability
  • an encrypted payload containing exactly one protocol message

The envelope is transport-agnostic and can be delivered over any supported transport (e.g., HTTPS, message queues), as defined by TransportProtocol.

§Ordering and Idempotency

Communication follows a request/response pattern:

  • The Owner sends a request message
  • The Helper replies with a corresponding response

The sequence field is used to:

  • enforce message ordering
  • detect duplicates or out-of-order delivery
  • support replay protection

Implementations SHOULD treat messages as idempotent and be resilient to retries and duplicate deliveries.

§Key Rotation

The sequence number may also be used as a trigger for automatic key rotation. When a configured threshold is reached, implementations MAY initiate a key rotation flow to maintain forward secrecy.

§Versioning

The protocolVersionMajor and protocolVersionMinor fields allow peers to:

  • detect incompatible protocol versions
  • apply backward-compatible parsing logic when possible

Implementations MUST define behavior for handling version mismatches.

§Payload Encoding

The message field contains encrypted raw bytes. When decrypted, these bytes MUST deserialize into a MessageBody, which contains exactly one concrete protocol message.

The oneof structure ensures that each DeRecMessage carries a single logical operation.

Fields§

§protocol_version_major: u32

DeRec protocol major version.

Incremented for breaking changes that are not backward compatible.

§protocol_version_minor: u32

DeRec protocol minor version.

Incremented for backward-compatible changes such as adding new fields or message types.

§sequence: u32

Monotonically increasing message sequence number.

This value increments by 1 for each message sent on a given channel. It is used to:

  • enforce ordering
  • detect duplicates or missing messages
  • support replay protection

Implementations MAY also use this value to trigger automatic key rotation once a predefined threshold is reached.

§channel_id: u64

Channel identifier associated with this communication session.

This value uniquely identifies the logical channel between an Owner and a Helper for a given secret. It is established during pairing and used thereafter to:

  • route messages to the correct channel state
  • select the appropriate cryptographic keys

This MUST match the channelId exchanged during the ContactMessage phase.

§timestamp: Option<Timestamp>

Timestamp indicating when the sender created this message.

This value is expressed in UTC and can be used for:

  • replay detection
  • timeout handling
  • logging and observability

Implementations SHOULD NOT rely solely on this value for security-critical decisions without additional protections.

§message: Vec<u8>

Encrypted message payload.

This field contains the encrypted bytes of a serialized MessageBody. The encryption scheme and key material are defined by the pairing process and subsequent key management flows.

Upon decryption, this field MUST deserialize into a valid MessageBody containing exactly one protocol message.

Trait Implementations§

Source§

impl Clone for DeRecMessage

Source§

fn clone(&self) -> DeRecMessage

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for DeRecMessage

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for DeRecMessage

Source§

fn default() -> Self

Returns the “default value” for a type. Read more
Source§

impl Hash for DeRecMessage

Source§

fn hash<__H: Hasher>(&self, state: &mut __H)

Feeds this value into the given Hasher. Read more
1.3.0 · Source§

fn hash_slice<H>(data: &[Self], state: &mut H)
where H: Hasher, Self: Sized,

Feeds a slice of this type into the given Hasher. Read more
Source§

impl Message for DeRecMessage

Source§

fn encoded_len(&self) -> usize

Returns the encoded length of the message without a length delimiter.
Source§

fn clear(&mut self)

Clears the message, resetting all fields to their default.
Source§

fn encode(&self, buf: &mut impl BufMut) -> Result<(), EncodeError>
where Self: Sized,

Encodes the message to a buffer. Read more
Source§

fn encode_to_vec(&self) -> Vec<u8>
where Self: Sized,

Encodes the message to a newly allocated buffer.
Source§

fn encode_length_delimited( &self, buf: &mut impl BufMut, ) -> Result<(), EncodeError>
where Self: Sized,

Encodes the message with a length-delimiter to a buffer. Read more
Source§

fn encode_length_delimited_to_vec(&self) -> Vec<u8>
where Self: Sized,

Encodes the message with a length-delimiter to a newly allocated buffer.
Source§

fn decode(buf: impl Buf) -> Result<Self, DecodeError>
where Self: Default,

Decodes an instance of the message from a buffer. Read more
Source§

fn decode_length_delimited(buf: impl Buf) -> Result<Self, DecodeError>
where Self: Default,

Decodes a length-delimited instance of the message from the buffer.
Source§

fn merge(&mut self, buf: impl Buf) -> Result<(), DecodeError>
where Self: Sized,

Decodes an instance of the message from a buffer, and merges it into self. Read more
Source§

fn merge_length_delimited(&mut self, buf: impl Buf) -> Result<(), DecodeError>
where Self: Sized,

Decodes a length-delimited instance of the message from buffer, and merges it into self.
Source§

impl PartialEq for DeRecMessage

Source§

fn eq(&self, other: &DeRecMessage) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl Eq for DeRecMessage

Source§

impl StructuralPartialEq for DeRecMessage

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.