Struct Session 

pub struct Session {
    pub id: u64,
    pub rng: SeedRng,
    pub data_key: [u8; 32],
    pub packet_counter: u64,
    pub active: bool,
    pub key_index: u64,
}

An established SRX session holding all runtime state.

Fields

id: u64

Session identifier.

rng: SeedRng

Current seed RNG (shared with peer).

data_key: [u8; 32]

Current data encryption key.

packet_counter: u64

Packet counter for this session.

active: bool

Whether the session is still active.

key_index: u64

Key derivation epoch (incremented on each re-key).

Implementations

impl Session

pub fn from_master_secret( id: u64, master_key: &[u8; 32], timestamp: u64, session_nonce: &[u8], ) -> Result<Self>

Build session state from K_master and handshake parameters (matches peer’s derive_initial_seed).

pub fn new(id: u64, seed: [u8; 32], data_key: [u8; 32]) -> Self

Create a new session from handshake results.

pub fn next_packet_counter(&mut self) -> u64

Increment the packet counter and return the new value.

pub fn rekey(&mut self) -> Result<[u8; 32]>

Rotate the data key using KDF.

Derives data_key[key_index+1] = HKDF(seed, key_index+1) and increments key_index. Returns the new key.

pub fn close(&mut self)

Mark the session as closed.

pub fn encrypt_with_pipeline( &mut self, pipeline: &AeadPipeline, plaintext: &[u8], ) -> Result<Vec<u8>>

Encrypt application payload using the parallel AEAD pool and a KDF-derived nonce.

Advances Session::packet_counter and derives nonce = HKDF(seed ‖ counter).

pub fn decrypt_with_pipeline( &self, pipeline: &AeadPipeline, nonce: [u8; 12], ciphertext: Vec<u8>, ) -> Result<Vec<u8>>

Decrypt using an explicit nonce (e.g. derived on receive from frame metadata or inner payload).