#[non_exhaustive]pub enum WireError {
Codec(String),
NoSessionKey,
SealFailed,
OpenFailed,
SequenceExhausted,
NoConsent,
ConsentRevoked,
ConsentProtocolViolation(ConsentViolation),
}Expand description
Errors returned by the wire codec.
Variants (Non-exhaustive)§
This enum is marked as non-exhaustive
Codec(String)
Bincode encode or decode failure. Wraps the inner reason for logs.
NoSessionKey
Session has no current or previous key. The caller must install a key
via crate::Session::install_key before sealing or opening.
SealFailed
AEAD seal failed. In practice this means the key material was rejected by the underlying ChaCha20-Poly1305 implementation — should not happen with a valid 32-byte key and under-capacity plaintext.
OpenFailed
AEAD open failed. Either:
- the envelope is under the minimum length (12 nonce + 16 tag),
- the ciphertext fails Poly1305 verification (wrong key, corruption, or tampering), or
- the replay window rejected a valid-ciphertext envelope as a duplicate or too-old sequence.
Callers SHOULD NOT distinguish these sub-cases in production — doing so leaks timing or structure to an attacker. Drop the envelope and keep the session alive.
SequenceExhausted
The 32-bit nonce sequence space is exhausted. The caller must rekey before sealing more envelopes; continuing would wrap the sequence counter and cause nonce reuse, which catastrophically breaks ChaCha20-Poly1305 confidentiality and integrity.
Reached after 2^32 seals on a single installed key — approximately
4.5 years at 30 fps, or ~40 hours at 30 kHz. Any production deployment
should rekey on a much shorter cadence (the reference default is 30
minutes), so this variant surfaces a programming error: the caller
disabled or failed to trigger rekey.
NoConsent
consent only.Seal or open of an application FRAME (or FRAME_LZ4) payload
was attempted on a session whose consent state is not Approved.
The peer must complete the consent ceremony — seal a
ConsentRequest, receive an approving ConsentResponse — before
application data can flow.
Only surfaced when the consent feature is enabled. Sessions
compiled without the feature behave as draft-01 (no enforcement).
ConsentRevoked
consent only.Seal or open of an application FRAME (or FRAME_LZ4) payload
was attempted on a session that entered the Revoked terminal
state. The session is finished; the caller must tear it down
and — if appropriate — start a new one with a new consent
ceremony.
ConsentProtocolViolation(ConsentViolation)
consent only.Consent state machine transition is a protocol violation
(SPEC draft-03 §12.6). Surfaced by
crate::Session::observe_consent when the peer emits a
consent event that cannot legally follow the current state —
for example a Revocation from Requested (revoking something
that was never approved), or a Denied that contradicts a
prior Approved for the same request_id.
This variant signals “the peer’s state machine is broken or compromised.” The wire layer does NOT own the transport, so it cannot tear down the connection itself. Callers SHOULD treat this as a hard fault and terminate the session.
Implementations§
Trait Implementations§
Source§impl Error for WireError
impl Error for WireError
1.30.0 · Source§fn source(&self) -> Option<&(dyn Error + 'static)>
fn source(&self) -> Option<&(dyn Error + 'static)>
1.0.0 · Source§fn description(&self) -> &str
fn description(&self) -> &str
use the Display impl or to_string()