Expand description
User-facing TLS and DTLS protocol surface for the NoxTLS Rust port.
This crate wires together a modeled protocol handshake and record layer, deterministic key-share
helpers for interop, optional PSK ticket persistence, and re-exports noxtls_io::transport adapters
for blocking, async, and embedded I/O profiles.
Re-exports§
pub use noxtls_platform as platform;
Modules§
- transport
- Transport abstractions for blocking and async byte I/O.
Structs§
- Client
Hello Extensions - Captures parsed extension data from a minimally-modeled ClientHello.
- Client
Hello Info - Summarizes parsed suite and extension data from ClientHello.
- Connection
- Holds connection version, handshake state, and transcript bytes.
- Dtls
Epoch Replay Tracker - Tracks DTLS anti-replay state across epoch transitions.
- Dtls
Flight Record - Stores one outbound DTLS packet entry for potential retransmission.
- Dtls
Flight Retransmit Tracker - Tracks outbound DTLS flight packets for retransmission and ack processing.
- Dtls
Operational Policy - Captures transport-facing DTLS retry and timeout knobs.
- Dtls
Record Header - Represents a DTLS record-layer header for datagram framing.
- Dtls
Replay Window - Tracks a DTLS anti-replay bitmap for one epoch.
- External
KeyHandle - Opaque external key handle used by providers to locate key material.
- KeyDecrypt
Request - Carries one provider decrypt operation request.
- KeyDerive
Request - Carries one provider key-derivation operation request.
- KeySign
Request - Carries one provider sign operation request.
- Protected
Record - Represents one protected TLS record carrying ciphertext and authentication tag.
- Resumption
Ticket - Captures minimal TLS 1.3 resumption ticket material for PSK flows.
- Software
KeyProvider - In-tree software provider implementing the same external key-provider trait boundary.
- Ticket
Store - In-memory server ticket cache with simple lifecycle operations.
- Tls13
Early Data Operational Policy - Captures tunable policy controls for TLS 1.3 modeled early-data handling.
- Tls13
Early Data Replay State - Serializable replay-window state for carrying TLS 1.3 early-data anti-replay continuity.
- Tls13
Early Data Telemetry - Tracks counters for modeled TLS 1.3 early-data accept/reject outcomes.
- Tls13
Quic Initial Secrets - Captures QUIC Initial secrets derived from destination connection ID.
- Tls13
Quic Next Traffic Secrets - Captures next-generation QUIC 1-RTT traffic secrets derived via
quic ku. - Tls13
Quic Packet Protection Keys - Captures one QUIC packet-protection keyset derived from one traffic secret.
- Tls13
Quic Traffic Secret Snapshot - Captures current QUIC handshake and 1-RTT traffic secret snapshots.
Enums§
- Alert
Description - TLS alert description codepoints used by this port.
- Alert
Level - TLS alert level codes.
- Cipher
Suite - Identifies modeled cipher suites and their transcript hash algorithms.
- Dtls
Operational Profile - Names pre-tuned DTLS operational profiles for common deployment environments.
- Handshake
State - Represents coarse handshake phases used by the prototype state machine.
- Hash
Algorithm - Identifies the hash algorithm selected by a cipher suite or version profile for HKDF and transcript work.
- KeyDecrypt
Algorithm - Names supported decryption operations for external/provider-backed keys.
- KeyDerive
Algorithm - Names supported key-derivation operations for external/provider-backed keys.
- KeySign
Algorithm - Names supported signing operations for external/provider-backed keys.
- Record
Content Type - TLS record content types used by outer and inner TLS 1.3 framing.
- Ticket
Usage Policy - Controls whether accepted PSK resumption tickets remain reusable.
- Tls13
Early Data Operational Profile - Names pre-tuned operational profiles for TLS 1.3 modeled early-data policy.
- Tls13
Ocsp Staple Verification - Describes validation outcome for one stapled OCSP response.
- TlsVersion
- Enumerates currently modeled TLS and DTLS protocol versions.
Constants§
- TLS13_
QUIC_ EXPORTER_ LABEL_ CLIENT_ 1RTT - QUIC exporter label for client 1-RTT secret derivations.
- TLS13_
QUIC_ EXPORTER_ LABEL_ SERVER_ 1RTT - QUIC exporter label for server 1-RTT secret derivations.
Traits§
- External
KeyProvider - Trait boundary for external key operations backed by software, HSM, or remote KMS providers.
Functions§
- derive_
deterministic_ p256_ private - Derives a deterministic P-256 private scalar from a seed and domain label for modeled TLS 1.3.
- derive_
deterministic_ x25519_ private - Derives deterministic X25519 private scalar bytes from a seed and domain label using SHA-256.
- derive_
tls13_ p256_ shared_ secret - Derives a TLS 1.3 ECDHE shared secret for
secp256r1from the local private key and peer uncompressed point. - derive_
tls13_ x25519_ shared_ secret - Derives a TLS 1.3 X25519 ECDHE shared secret from the local private key and peer
key_sharebytes. - dtls13_
aes128gcm_ record_ size - Computes serialized DTLS1.3 AES-128-GCM record packet size for a plaintext length.
- encode_
dtls_ record_ header - Encodes DTLS record header fields into the 13-byte wire format.
- encode_
dtls_ record_ packet - Encodes a full DTLS record packet (
header || payload). - hkdf_
extract_ for_ hash - Extracts HKDF PRK using the selected hash algorithm and an all-zero salt of digest length.
- hkdf_
extract_ with_ salt_ for_ hash - Extracts HKDF PRK using caller-provided salt for TLS 1.3 stage chaining.
- open_
dtls13_ aes128gcm_ record - Opens one DTLS1.3-style protected record packet using AES-GCM and replay checks.
- parse_
dtls12_ handshake_ fragment - Parses one encoded DTLS1.2 handshake fragment.
- parse_
dtls_ record_ header - Parses a DTLS record header and returns header + remaining bytes.
- parse_
dtls_ record_ packet - Parses a full DTLS record packet and validates payload length match.
- reassemble_
dtls12_ handshake_ fragments - Reassembles DTLS1.2 handshake fragments into one complete message body.
- seal_
dtls13_ aes128gcm_ record - Seals one DTLS1.3-style protected record packet using AES-GCM.
- tls13_
client_ hello_ offers_ supported_ key_ exchange - Evaluates whether ClientHello extension offers satisfy modeled TLS 1.3 key-exchange policy.
- tls13_
expand_ label_ for_ hash - Expands TLS 1.3 HKDF-Label structure bytes using the selected hash backend.
- tls13_
key_ share_ group_ supported - Returns
truewhen the given TLS 1.3key_sharenamed group is supported by this build. - tls13_
signature_ algorithm_ supported - Returns
truewhen the given TLS 1.3 signature algorithm is supported by this build.
Type Aliases§
- Tls13
Ocsp Staple Verifier - Function-pointer hook used to validate one stapled OCSP response payload.