结构体 KernelConnection 

pub struct KernelConnection<Data> { /* private fields */ }

内核连接。

This does not directly wrap 一个 kernel connection, rather it gives you the minimal interfaces you need 到 implement 一个 well-behaved TLS connection on top of kTLS.

，请参见 crate::kernel module docs 用于 more details.

实现

impl<Data> KernelConnection<Data>

pub fn negotiated_cipher_suite(&self) -> SupportedCipherSuite

检索与对等方协商的密码套件。

pub fn protocol_version(&self) -> ProtocolVersion

检索与对等方协商的协议版本。

pub fn update_tx_secret( &mut self, ) -> Result<(u64, ConnectionTrafficSecrets), Error>

Update the traffic secret 用 用于 encrypting messages sent 到 the peer.

Returns the new traffic secret 并 initial sequence number 到 use.

In order 到 use the new secret you should send 一个 TLS 1.3 key update 到 the peer 并 then use the new traffic secrets 到 encrypt any future messages.

Note that it is only possible 到 update the traffic secrets on 一个 TLS 1.3 connection. Attempting 到 do so on 一个 non-TLS 1.3 connection will result in an error.

pub fn update_rx_secret( &mut self, ) -> Result<(u64, ConnectionTrafficSecrets), Error>

Update the traffic secret 用 用于 decrypting messages received 从 the peer.

Returns the new traffic secret 并 initial sequence number 到 use.

You should call this method once you receive 一个 TLS 1.3 key update message 从 the peer.

Note that it is only possible 到 update the traffic secrets on 一个 TLS 1.3 connection. Attempting 到 do so on 一个 non-TLS 1.3 connection will result in an error.

impl KernelConnection<ClientConnectionData>

pub fn handle_new_session_ticket(&mut self, payload: &[u8]) -> Result<(), Error>

Handle 一个 new_session_ticket message 从 the peer.

This will register the session ticket within with rustls so that it can be 用 到 establish future TLS connections.

Getting the right payload

This method expects 到 be passed the inner payload of the handshake message. This means that you will need 到 parse the header of the handshake message in order 到 determine the correct payload 到 pass in. 此 message format is described in RFC 8446 section 4。 payload should not include the msg_type 或 length fields.

Code 到 parse out the payload should look something like this

use rustls::{ContentType, HandshakeType};
use rustls::kernel::KernelConnection;
use rustls::client::ClientConnectionData;

let conn: &mut KernelConnection<ClientConnectionData> = // ...
let typ: ContentType = // ...
let mut message: &[u8] = // ...

// Processing for other messages not included in this example
assert_eq!(typ, ContentType::Handshake);

// There may be multiple handshake payloads within a single handshake message.
while !message.is_empty() {
    let (typ, len, rest) = match message {
        &[typ, a, b, c, ref rest @ ..] => (
            HandshakeType::from(typ),
            u32::from_be_bytes([0, a, b, c]) as usize,
            rest
        ),
        _ => panic!("error handling not included in this example")
    };

    // Processing for other messages not included in this example.
    assert_eq!(typ, HandshakeType::NewSessionTicket);
    assert!(rest.len() >= len, "invalid handshake message");

    let (payload, rest) = rest.split_at(len);
    message = rest;

    conn.handle_new_session_ticket(payload)?;
}

Errors

This method will return an error if:

• This connection is not a TLS 1.3 connection (in TLS 1.2 session tickets are sent as part of the handshake).
• The provided payload is not a valid new_session_ticket payload or has extra unparsed trailing data.
• An error occurs while the connection updates the session ticket store.