Skip to main content

Crate noxtls

Crate noxtls 

Source
Expand description

User-facing TLS and DTLS protocol surface for the NoxTLS Rust port.

This crate wires together a modeled protocol handshake and record layer, deterministic key-share helpers for interop, optional PSK ticket persistence, and re-exports noxtls_io::transport adapters for blocking, async, and embedded I/O profiles.

Re-exports§

pub use noxtls_platform as platform;

Modules§

transport
Transport abstractions for blocking and async byte I/O.

Structs§

Certificate
Captures parsed certificate fields needed for PKI and TLS flows.
ClientHelloExtensions
Captures parsed extension data from a minimally-modeled ClientHello.
ClientHelloInfo
Summarizes parsed suite and extension data from ClientHello.
Connection
Holds connection version, handshake state, and transcript bytes.
Dtls13AckRange
Represents one inclusive DTLS 1.3 ACK range.
Dtls13Flight
Represents one outbound DTLS 1.3 flight tracked by packet keys.
Dtls13RecordHeader
Represents one RFC 9147 DTLS 1.3 unified record header.
DtlsEpochReplayTracker
Tracks DTLS anti-replay state across epoch transitions.
DtlsFlightRecord
Stores one outbound DTLS packet entry for potential retransmission.
DtlsFlightRetransmitTracker
Tracks outbound DTLS flight packets for retransmission and ack processing.
DtlsOperationalPolicy
Captures transport-facing DTLS retry and timeout knobs.
DtlsRecordHeader
Represents a DTLS record-layer header for datagram framing.
DtlsReplayWindow
Tracks a DTLS anti-replay bitmap for one epoch.
ExternalKeyHandle
Opaque external key handle used by providers to locate key material.
KeyDecryptRequest
Carries one provider decrypt operation request.
KeyDeriveRequest
Carries one provider key-derivation operation request.
KeySignRequest
Carries one provider sign operation request.
Pkcs8PrivateKeyInfoDerParts
Holds PKCS#8 PrivateKeyInfo fields for noxtls_algorithm dispatch and key extraction.
ProtectedRecord
Represents one protected TLS record carrying ciphertext and authentication tag.
ResumptionTicket
Captures minimal TLS 1.3 resumption ticket material for PSK flows.
SoftwareKeyProvider
In-tree software provider implementing the same external key-provider trait boundary.
TicketStore
In-memory server ticket cache with simple lifecycle operations.
Tls13EarlyDataOperationalPolicy
Captures tunable policy controls for TLS 1.3 modeled early-data handling.
Tls13EarlyDataReplayState
Serializable replay-window state for carrying TLS 1.3 early-data anti-replay continuity.
Tls13EarlyDataTelemetry
Tracks counters for modeled TLS 1.3 early-data accept/reject outcomes.
Tls13OcspStapleInfo
Parsed freshness and revocation summary for a stapled OCSP response.
Tls13QuicInitialSecrets
Captures QUIC Initial secrets derived from destination connection ID.
Tls13QuicNextTrafficSecrets
Captures next-generation QUIC 1-RTT traffic secrets derived via quic ku.
Tls13QuicPacketProtectionKeys
Captures one QUIC packet-protection keyset derived from one traffic secret.
Tls13QuicTrafficSecretSnapshot
Captures current QUIC handshake and 1-RTT traffic secret snapshots.
Tls13ServerIdentity
Bundles a TLS 1.3 server certificate chain with the signing key used for CertificateVerify.
TlsRecordDeframer
Buffers incoming TLS octets and yields complete record packets (header + payload).

Enums§

AlertDescription
TLS alert description codepoints used by this port.
AlertLevel
TLS alert level codes.
CipherSuite
Identifies modeled cipher suites and their transcript hash algorithms.
Dtls13TransportEvent
Transport-facing events emitted by the DTLS 1.3 datagram driver.
DtlsOperationalProfile
Names pre-tuned DTLS operational profiles for common deployment environments.
HandshakeState
Represents coarse handshake phases used by the prototype state machine.
HashAlgorithm
Identifies the hash noxtls_algorithm selected by a cipher suite or version profile for HKDF and transcript work.
KeyDecryptAlgorithm
Names supported decryption operations for external/provider-backed keys.
KeyDeriveAlgorithm
Names supported key-derivation operations for external/provider-backed keys.
KeySignAlgorithm
Names supported signing operations for external/provider-backed keys.
RecordContentType
TLS record content types used by outer and inner TLS 1.3 framing.
TicketUsagePolicy
Controls whether accepted PSK resumption tickets remain reusable.
Tls13EarlyDataOperationalProfile
Names pre-tuned operational profiles for TLS 1.3 modeled early-data policy.
Tls13OcspStapleVerification
Describes validation outcome for one stapled OCSP response.
Tls13ServerIdentityKey
Holds configured TLS 1.3 server identity signing material for CertificateVerify.
TlsRole
Identifies whether a connection endpoint acts as TLS client or server.
TlsVersion
Enumerates currently modeled TLS and DTLS protocol versions.
ValidationError
Describes why certificate path validation failed.

Constants§

TLS13_QUIC_EXPORTER_LABEL_CLIENT_1RTT
QUIC exporter label for client 1-RTT secret derivations.
TLS13_QUIC_EXPORTER_LABEL_SERVER_1RTT
QUIC exporter label for server 1-RTT secret derivations.
TLS_MAX_RECORD_PAYLOAD_LEN
Maximum TLS record payload length permitted by RFC 5246 / RFC 8446 outer length field.
TLS_RECORD_HEADER_LEN
Length of a TLS 1.x TLSPlaintext outer header (type || version || length).

Traits§

ExternalKeyProvider
Trait boundary for external key operations backed by software, HSM, or remote KMS providers.

Functions§

noxtls_apply_dtls13_ack_ranges
Marks retransmit records acknowledged by DTLS 1.3 ACK ranges.
noxtls_cert_validation_time_now
Returns PKIX GeneralizedTime now for certificate chain validation.
noxtls_certificate_chain_pem_to_der_blocks
Parses all PEM CERTIFICATE blocks into DER bytes.
noxtls_certificate_matches_hostname
Matches hostname against certificate DNS identities.
noxtls_certificate_pem_to_der
Parses one PEM CERTIFICATE block into DER bytes.
noxtls_derive_deterministic_p256_private
Derives a deterministic P-256 private scalar from a seed and domain label for modeled TLS 1.3.
noxtls_derive_deterministic_x25519_private
Derives deterministic X25519 private scalar bytes from a seed and domain label using SHA-256.
noxtls_derive_tls13_p256_shared_secret
Derives a TLS 1.3 ECDHE shared secret for secp256r1 from the local private key and peer uncompressed point.
noxtls_derive_tls13_x25519_shared_secret
Derives a TLS 1.3 X25519 ECDHE shared secret from the local private key and peer key_share bytes.
noxtls_dtls13_aes128gcm_record_size
Computes serialized DTLS1.3 AES-128-GCM record packet size for a plaintext length.
noxtls_ec_private_key_pem_to_der_sec1
Parses one PEM SEC1 EC private-key block into DER bytes.
noxtls_encode_dtls13_ack
Encodes DTLS 1.3 ACK ranges as an ACK handshake message body.
noxtls_encode_dtls13_record_header
Encodes an RFC 9147 DTLS 1.3 unified record header without Connection ID.
noxtls_encode_dtls13_record_packet
Encodes one DTLS 1.3 unified-header packet without Connection ID.
noxtls_encode_dtls_record_header
Encodes DTLS record header fields into the 13-byte wire format.
noxtls_encode_dtls_record_packet
Encodes a full DTLS record packet (header || payload).
noxtls_fill_random
Fills out with unpredictable bytes from entropy.
noxtls_hkdf_extract_for_hash
Extracts HKDF PRK using the selected hash noxtls_algorithm and an all-zero salt of digest length.
noxtls_hkdf_extract_with_salt_for_hash
Extracts HKDF PRK using caller-provided salt for TLS 1.3 stage chaining.
noxtls_hmac_drbg_from_entropy
Instantiates an HMAC-DRBG from platform entropy (minimum 32 bytes entropy + 16 byte nonce).
noxtls_open_dtls13_aes128gcm_record
Opens one DTLS1.3-style protected record packet using AES-GCM and replay checks.
noxtls_open_dtls13_unified_aes128gcm_record
Opens one RFC 9147-style DTLS 1.3 protected record using a unified header.
noxtls_p256_generate_private_key_with_entropy
Generates a P-256 private key using noxtls_platform::EntropySource.
noxtls_p256_private_key_from_pem_pkcs8
Builds P256PrivateKey from PEM PKCS#8 PRIVATE KEY text.
noxtls_p256_private_key_from_pem_sec1
Builds P256PrivateKey from PEM SEC1 EC PRIVATE KEY text.
noxtls_p256_private_key_from_pkcs8_der
Builds P256PrivateKey from PKCS#8 DER bytes for id-ecPublicKey + prime256v1.
noxtls_p384_private_key_from_pem_pkcs8
Builds P384PrivateKey from PEM PKCS#8 PRIVATE KEY text.
noxtls_p384_private_key_from_pem_sec1
Builds P384PrivateKey from PEM SEC1 EC PRIVATE KEY text.
noxtls_p384_private_key_from_pkcs8_der
Builds P384PrivateKey from PKCS#8 DER bytes for id-ecPublicKey + secp384r1.
noxtls_p521_private_key_from_pem_pkcs8
Builds NamedEcPrivateKey from PEM PKCS#8 PRIVATE KEY text for secp521r1.
noxtls_p521_private_key_from_pem_sec1
Builds NamedEcPrivateKey from PEM SEC1 EC PRIVATE KEY text for secp521r1.
noxtls_p521_private_key_from_pkcs8_der
Builds NamedEcPrivateKey from PKCS#8 DER bytes for id-ecPublicKey + secp521r1.
noxtls_parse_certificate
Parses a top-level DER certificate sequence and extracts core fields.
noxtls_parse_dtls12_handshake_fragment
Parses one encoded DTLS1.2 handshake fragment.
noxtls_parse_dtls13_ack
Parses DTLS 1.3 ACK ranges from an ACK handshake message body.
noxtls_parse_dtls13_record_header
Parses one RFC 9147 DTLS 1.3 unified record header without Connection ID.
noxtls_parse_dtls13_record_packet
Parses one DTLS 1.3 unified-header packet and validates the explicit length.
noxtls_parse_dtls_record_header
Parses a DTLS record header and returns header + remaining bytes.
noxtls_parse_dtls_record_packet
Parses a full DTLS record packet and validates payload length match.
noxtls_parse_pkcs8_private_key_info_der
Parses PKCS#8 PrivateKeyInfo DER and extracts noxtls_algorithm OID and key octets.
noxtls_parse_tls13_ocsp_staple_info
Parses and validates a stapled OCSP response against a validation time.
noxtls_pem_file_to_der_blocks
Reads all matching PEM blocks from file and decodes DER payloads for label.
noxtls_pem_to_der
Parses PEM armor into DER bytes and verifies expected label markers.
noxtls_pem_to_der_blocks
Parses all PEM blocks matching label into DER payload bytes.
noxtls_private_key_pem_to_der_pkcs8
Parses one PEM PKCS#8 private-key block into DER bytes.
noxtls_reassemble_dtls12_handshake_fragments
Reassembles DTLS1.2 handshake fragments into one complete message body.
noxtls_rsa_private_key_from_pem_pkcs1
Builds RsaPrivateKey from PEM PKCS#1 RSA PRIVATE KEY text.
noxtls_rsa_private_key_from_pem_pkcs8
Builds RsaPrivateKey from PEM PKCS#8 PRIVATE KEY text.
noxtls_rsa_private_key_from_pkcs1_der
Builds RsaPrivateKey from PKCS#1 DER bytes.
noxtls_rsa_private_key_from_pkcs8_der
Builds RsaPrivateKey from PKCS#8 DER bytes for RSA keys.
noxtls_rsa_pss_private_key_from_pem_pkcs8
Builds RsaPrivateKey from PEM PKCS#8 PRIVATE KEY text for RSASSA-PSS keys.
noxtls_rsa_pss_private_key_from_pkcs8_der
Builds RsaPrivateKey from PKCS#8 DER bytes for RSASSA-PSS keys.
noxtls_seal_dtls13_aes128gcm_record
Seals one DTLS1.3-style protected record packet using AES-GCM.
noxtls_seal_dtls13_unified_aes128gcm_record
Seals one RFC 9147-style DTLS 1.3 protected record using a unified header.
noxtls_tls13_client_hello_offers_supported_key_exchange
Evaluates whether ClientHello extension offers satisfy modeled TLS 1.3 key-exchange policy.
noxtls_tls13_expand_label_for_hash
Expands TLS 1.3 HKDF-Label structure bytes using the selected hash backend.
noxtls_tls13_key_share_group_supported
Returns true when the given TLS 1.3 key_share named group is supported by this build.
noxtls_tls13_signature_algorithm_supported
Returns true when the given TLS 1.3 signature noxtls_algorithm is supported by this build.
noxtls_validate_certificate_chain
Validates certificate chain with signature enforcement at each hop.
noxtls_verify_tls13_ocsp_staple
Validates a stapled OCSP response and returns its revocation/freshness status.
noxtls_x25519_generate_private_key_with_entropy
Generates an X25519 private key using noxtls_platform::EntropySource.
split_tls13_handshake_payload
Splits one TLS Handshake inner payload into individual handshake messages.

Type Aliases§

Tls13OcspStapleVerifier
Function-pointer hook used to validate one stapled OCSP response payload.