Struct NoiseSession 

pub struct NoiseSession { /* private fields */ }

Completed Noise session for transport encryption.

Provides bidirectional authenticated encryption with replay protection. The send counter is monotonically incremented; received counters are validated against a sliding window to prevent replay attacks.

Implementations

impl NoiseSession

pub fn encrypt(&mut self, plaintext: &[u8]) -> Result<Vec<u8>, NoiseError>

Encrypt a message for sending (using internal counter).

Returns the ciphertext. The current send counter should be included in the wire format before calling this method.

pub fn current_send_counter(&self) -> u64

Get the current send counter (before incrementing).

Use this to get the counter to include in the wire format. The counter will be incremented when encrypt is called.

pub fn decrypt(&mut self, ciphertext: &[u8]) -> Result<Vec<u8>, NoiseError>

Decrypt a received message (using internal counter).

This is for handshake-phase decryption. For transport phase with explicit counters, use decrypt_with_replay_check instead.

pub fn check_replay(&self, counter: u64) -> Result<(), NoiseError>

Check if a counter passes the replay window.

Returns Ok(()) if the counter is acceptable, Err if it should be rejected. Call this before attempting decryption to avoid wasting CPU on replay attacks.

pub fn decrypt_with_replay_check( &mut self, ciphertext: &[u8], counter: u64, ) -> Result<Vec<u8>, NoiseError>

Decrypt with explicit counter and replay protection.

This is the primary decryption method for transport phase. The counter comes from the wire format and is validated against the replay window before and after decryption.

On success, the counter is accepted into the replay window.

pub fn encrypt_with_aad( &mut self, plaintext: &[u8], aad: &[u8], ) -> Result<Vec<u8>, NoiseError>

Encrypt a message with Additional Authenticated Data (AAD).

Returns the ciphertext. The current send counter should be included in the wire format before calling this method.

pub fn decrypt_with_replay_check_and_aad( &mut self, ciphertext: &[u8], counter: u64, aad: &[u8], ) -> Result<Vec<u8>, NoiseError>

Decrypt with explicit counter, replay protection, and AAD.

This is the primary decryption method for the FMP transport phase with AAD binding. The AAD (typically the 16-byte outer header) must match what was used during encryption.

pub fn decrypt_with_replay_check_and_aad_in_place( &mut self, buf: &mut [u8], counter: u64, aad: &[u8], ) -> Result<usize, NoiseError>

In-place variant of Self::decrypt_with_replay_check_and_aad.

On entry, buf holds ciphertext + 16-byte AEAD tag. On successful return, buf[..returned_len] holds the plaintext. The caller can then slice into buf without paying for an extra heap allocation + memcpy per packet — at multi-Gbps single-stream the by-value variant’s ciphertext.to_vec() alone is a measurable fraction of the rx_loop’s per-packet cost.

pub fn highest_received_counter(&self) -> u64

Get the highest received counter.

pub fn recv_cipher_clone(&self) -> Option<LessSafeKey>

Clone the recv-side AEAD instance, for off-task decrypt.

Returns None if the recv cipher has no key (transport phase has not begun). The cloned cipher pairs with decrypt_with_counter[_and_aad] on CipherState: a dispatcher can check_replay here, fan the AEAD work out to a worker holding the clone + counter + aad, then call accept_replay here once the worker reports success.

pub fn recv_replay_snapshot_owned(&self) -> ReplayWindow

Snapshot the current replay-window state as an owned ReplayWindow value, for hand-off to a shard-owning decrypt worker.

The worker becomes the sole authority for replay protection on this session after this snapshot. The local self.replay_window is no longer the source of truth — it only matters for rare-slow-path uses (rekey, drain-window fallback). The worker keeps its copy in its own thread-local HashMap, so there’s no Mutex / no Arc / no sharing — direct &mut access on every packet.

(Previously this returned an Arc<Mutex<ReplayWindow>> for concurrent access; the data-plane shard restructure now hands the worker exclusive ownership instead.)

pub fn send_cipher_clone(&self) -> Option<LessSafeKey>

Clone the send-side AEAD instance, for off-task encrypt.

Returns None if the send cipher has no key. Pairs with encrypt_with_counter[_and_aad] on CipherState. The caller must own counter sequencing — take_send_counter hands out monotonic counters under the session’s own &mut.

pub fn take_send_counter(&mut self) -> Result<u64, NoiseError>

Reserve and return the next send counter, advancing the internal nonce. For pipelined encrypt paths that call encrypt_with_counter on a cloned cipher: the dispatcher pre-assigns the counter here (under the session’s &mut) and the worker performs the AEAD with no further mutation of session state.

pub fn accept_replay(&mut self, counter: u64)

Accept a counter into the replay window after a successful out-of-task decrypt. Caller is responsible for verifying decrypt success first.

pub fn reset_replay_window(&mut self)

Reset the replay window (use when rekeying).

pub fn handshake_hash(&self) -> &[u8; 32]

Get the handshake hash for channel binding.

pub fn remote_static(&self) -> &PublicKey

Get the remote peer’s static public key.

pub fn remote_static_xonly(&self) -> XOnlyPublicKey

Get the remote peer’s x-only public key.

pub fn role(&self) -> HandshakeRole

Get our role in the handshake.

pub fn send_nonce(&self) -> u64

Get the send nonce (for debugging).

pub fn recv_nonce(&self) -> u64

Get the receive nonce (for debugging).

Trait Implementations

impl Debug for NoiseSession

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.