Skip to main content

ReplayWindow

Struct ReplayWindow

pub struct ReplayWindow { /* private fields */ }

Expand description

Sliding-window replay protection for multiple independent streams.

Streams are keyed by (source_id, payload_type, key_epoch) — see module-level docs on why the key epoch matters across rekey. Use Self::accept to atomically check-and-mark a sequence as received.

Implementations§

impl ReplayWindow

pub fn new() -> Self

Create an empty replay window with the default 64-bit width.

pub fn with_window_bits(bits: u32) -> Self

Create an empty replay window with a caller-chosen width.

bits MUST be a multiple of 64, at least 64, at most MAX_WINDOW_BITS (1024). Panics otherwise.

pub fn window_bits(&self) -> u32

Current window width in bits.

pub fn clear(&mut self)

Reset all tracked streams. Primarily useful for tests and for session teardown. Rekey-driven cleanup is narrower — use Self::drop_epoch to forget only the old key’s windows while preserving the current one.

pub fn accept( &mut self, source_id: u64, payload_type: u8, key_epoch: u8, seq: u64, ) -> bool

Atomically check whether seq is acceptable for the given (source_id, payload_type, key_epoch) tuple, and mark it as received if so.

Returns true if the message should be processed (sequence is new and within the window), false if it should be dropped (duplicate or too old).

source_id is the 6-byte random identifier from the AEAD nonce interpreted as little-endian u64. payload_type is the nonce byte 6. key_epoch is a receiver-local counter that advances on every install_key call — the caller MUST pass the epoch of the key that verified the AEAD tag, not (for example) the current epoch if the previous key is what actually opened the envelope.

pub fn drop_epoch(&mut self, key_epoch: u8)

Drop all stream state associated with a specific key_epoch. Called by crate::Session::tick when the previous-key grace period ends — at that point the old key’s envelopes can no longer verify anyway, so the old window is pure memory overhead and should be reclaimed. Safe to call for an epoch that has no entries (no-op).

pub fn stream_count(&self) -> usize

Number of distinct streams currently tracked. Mostly for tests and observability; not part of the protection guarantee.

Trait Implementations§

impl Clone for ReplayWindow

fn clone(&self) -> ReplayWindow

Returns a duplicate of the value. Read more

1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more

impl Debug for ReplayWindow

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

impl Default for ReplayWindow

fn default() -> Self

Returns the “default value” for a type. Read more

Auto Trait Implementations§

impl Freeze for ReplayWindow

impl RefUnwindSafe for ReplayWindow

impl Send for ReplayWindow

impl Sync for ReplayWindow

impl Unpin for ReplayWindow

impl UnsafeUnpin for ReplayWindow

impl UnwindSafe for ReplayWindow

Blanket Implementations§

impl<T> Any for T
where T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T
where T: ?Sized,

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T
where T: ?Sized,

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> CloneToUninit for T
where T: Clone,

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)

Performs copy-assignment from self to dest. Read more

impl<T> From<T> for T

fn from(t: T) -> T

Returns the argument unchanged.

impl<T, U> Into<U> for T
where U: From<T>,

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T> Same for T

type Output = T

Should always be Self

impl<T> ToOwned for T
where T: Clone,

type Owned = T

The resulting type after obtaining ownership.

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more

impl<T, U> TryFrom<U> for T
where U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

fn vzip(self) -> V