SecureMessageChannel

Mountain::IPC::Encryption::SecureChannel

Struct SecureMessageChannel 

Source 
pub struct SecureMessageChannel {
    encryption_key: LessSafeKey,
    hmac_key: Vec<u8>,
}
Expand description

Secure message channel with encryption and authentication

This structure provides AES-256-GCM encryption with HMAC authentication for secure IPC communication. It ensures message confidentiality and integrity.

§Encryption Flow

TauriIPCMessage
    |
    | 1. Serialize to JSON
    v
Serialized bytes
    |
    | 2. Encrypt with AES-256-GCM
    v
Encrypted bytes + auth tag
    |
    | 3. Generate HMAC
    v
EncryptedMessage (nonce, ciphertext, hmac_tag)

§Decryption Flow

EncryptedMessage
    |
    | 1. Verify HMAC
    v
HMAC valid
    |
    | 2. Decrypt with AES-256-GCM
    v
Serialized bytes
    |
    | 3. Deserialize to TauriIPCMessage
    v
TauriIPCMessage

§Security Features

  • AES-256-GCM: Industry-standard authenticated encryption
  • Unique Nonces: Each encryption uses a unique nonce
  • HMAC Authentication: Additional layer of message authentication
  • Secure Random Generation: Cryptographically secure random keys

§Example Usage

let secure_channel = SecureMessageChannel::new()?;

// Encrypt a message
let encrypted = secure_channel.encrypt_message(&message)?;

// Decrypt a message
let decrypted = secure_channel.decrypt_message(&encrypted)?;

// Rotate keys
secure_channel.rotate_keys()?;

Fields§

§encryption_key: LessSafeKey

AES-256-GCM encryption key

§hmac_key: Vec<u8>

HMAC key for message authentication

Implementations§

Source§

impl SecureMessageChannel

Source

pub fn new() -> Result<Self, String>

Create a new secure channel with randomly generated keys

This method generates cryptographically secure random keys for encryption and HMAC authentication.

§Returns
  • Ok(SecureMessageChannel): New secure channel
  • Err(String): Error message if key generation fails
§Example
let secure_channel = SecureMessageChannel::new()?;
Source

pub fn encrypt_message( &self, message: &TauriIPCMessage, ) -> Result<EncryptedMessage, String>

Encrypt and authenticate a message

This method serializes the message, encrypts it with AES-256-GCM, and adds an HMAC tag for authentication.

§Parameters
  • message: The message to encrypt
§Returns
  • Ok(EncryptedMessage): Encrypted message with nonce and HMAC tag
  • Err(String): Error message if encryption fails
§Example
let encrypted = secure_channel.encrypt_message(&message)?;
Source

pub fn decrypt_message( &self, encrypted: &EncryptedMessage, ) -> Result<TauriIPCMessage, String>

Decrypt and verify a message

This method verifies the HMAC tag, decrypts the message with AES-256-GCM, and deserializes it back to the original format.

§Parameters
  • encrypted: The encrypted message to decrypt
§Returns
  • Ok(TauriIPCMessage): Decrypted message
  • Err(String): Error message if decryption or verification fails
§Example
let decrypted = secure_channel.decrypt_message(&encrypted)?;
Source

pub fn rotate_keys(&mut self) -> Result<(), String>

Rotate encryption keys

This method generates new encryption and HMAC keys, effectively rotating the security credentials for the channel.

§Returns
  • Ok(()): Keys rotated successfully
  • Err(String): Error message if key rotation fails
§Example
secure_channel.rotate_keys()?;
Source

pub fn hmac_tag_length(&self) -> usize

Get the HMAC tag length (in bytes)

Source

pub fn nonce_length(&self) -> usize

Get the nonce length (in bytes)

Source

pub fn auth_tag_length(&self) -> usize

Get the authentication tag length (in bytes)

Source

pub fn key_length(&self) -> usize

Get the key length (in bytes)

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
§

impl<T> Downcast for T
where T: Any,

§

fn into_any(self: Box<T>) -> Box<dyn Any>

Convert Box<dyn Trait> (where Trait: Downcast) to Box<dyn Any>. Box<dyn Any> can then be further downcast into Box<ConcreteType> where ConcreteType implements Trait.
§

fn into_any_rc(self: Rc<T>) -> Rc<dyn Any>

Convert Rc<Trait> (where Trait: Downcast) to Rc<Any>. Rc<Any> can then be further downcast into Rc<ConcreteType> where ConcreteType implements Trait.
§

fn as_any(&self) -> &(dyn Any + 'static)

Convert &Trait (where Trait: Downcast) to &Any. This is needed since Rust cannot generate &Any’s vtable from &Trait’s.
§

fn as_any_mut(&mut self) -> &mut (dyn Any + 'static)

Convert &mut Trait (where Trait: Downcast) to &Any. This is needed since Rust cannot generate &mut Any’s vtable from &mut Trait’s.
§

impl<T> DowncastSync for T
where T: Any + Send + Sync,

§

fn into_any_arc(self: Arc<T>) -> Arc<dyn Any + Sync + Send>

Convert Arc<Trait> (where Trait: Downcast) to Arc<Any>. Arc<Any> can then be further downcast into Arc<ConcreteType> where ConcreteType implements Trait.
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

§

impl<T> FutureExt for T

§

fn with_context(self, otel_cx: Context) -> WithContext<Self>

Attaches the provided Context to this type, returning a WithContext wrapper. Read more
§

fn with_current_context(self) -> WithContext<Self>

Attaches the current Context to this type, returning a WithContext wrapper. Read more
§

impl<T> Instrument for T

§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided [Span], returning an Instrumented wrapper. Read more
§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

§

impl<T> IntoRequest<T> for T

§

fn into_request(self) -> Request<T>

Wrap the input message T in a tonic::Request
§

impl<L> LayerExt<L> for L

§

fn named_layer<S>(&self, service: S) -> Layered<<L as Layer<S>>::Service, S>
where L: Layer<S>,

Applies the layer to a service and wraps it in [Layered].
§

impl<T> Pointable for T

§

const ALIGN: usize

The alignment of pointer.
§

type Init = T

The type for initializers.
§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
§

impl<T> PolicyExt for T
where T: ?Sized,

§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns [Action::Follow] only if self and other return Action::Follow. Read more
§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns [Action::Follow] if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

§

fn vzip(self) -> V

§

impl<T> WithSubscriber for T

§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a [WithDispatch] wrapper. Read more
§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a [WithDispatch] wrapper. Read more
Source§

impl<T> AutoreleaseSafe for T
where T: ?Sized,