Google Git
Sign in
apache / incubator-teaclave-website / refs/heads/asf-site / . / api-docs / crates-app / src / rustls / suites.rs.html
blob: db502a669e8cf8b29979fcb8e493dc6f8ea04703 [file] [log] [blame]
<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="Source of the Rust file `/root/.cargo/registry/src/github.com-1ecc6299db9ec823/rustls-0.19.1/src/suites.rs`."><meta name="keywords" content="rust, rustlang, rust-lang"><title>suites.rs - source</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceSerif4-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../FiraSans-Regular.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../FiraSans-Medium.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceCodePro-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceSerif4-Bold.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceCodePro-Semibold.ttf.woff2"><link rel="stylesheet" href="../../normalize.css"><link rel="stylesheet" href="../../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" href="../../ayu.css" disabled><link rel="stylesheet" href="../../dark.css" disabled><link rel="stylesheet" href="../../light.css" id="themeStyle"><script id="default-settings" ></script><script src="../../storage.js"></script><script defer src="../../source-script.js"></script><script defer src="../../source-files.js"></script><script defer src="../../main.js"></script><noscript><link rel="stylesheet" href="../../noscript.css"></noscript><link rel="alternate icon" type="image/png" href="../../favicon-16x16.png"><link rel="alternate icon" type="image/png" href="../../favicon-32x32.png"><link rel="icon" type="image/svg+xml" href="../../favicon.svg"></head><body class="rustdoc source"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="sidebar"><a class="sidebar-logo" href="../../rustls/index.html"><div class="logo-container"><img class="rust-logo" src="../../rust-logo.svg" alt="logo"></div></a></nav><main><div class="width-limiter"><nav class="sub"><a class="sub-logo-container" href="../../rustls/index.html"><img class="rust-logo" src="../../rust-logo.svg" alt="logo"></a><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><a href="../../help.html">?</a></div><div id="settings-menu" tabindex="-1"><a href="../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../wheel.svg"></a></div></div></form></nav><section id="main-content" class="content"><div class="example-wrap"><pre class="src-line-numbers"><span id="1">1</span>
<span id="2">2</span>
<span id="3">3</span>
<span id="4">4</span>
<span id="5">5</span>
<span id="6">6</span>
<span id="7">7</span>
<span id="8">8</span>
<span id="9">9</span>
<span id="10">10</span>
<span id="11">11</span>
<span id="12">12</span>
<span id="13">13</span>
<span id="14">14</span>
<span id="15">15</span>
<span id="16">16</span>
<span id="17">17</span>
<span id="18">18</span>
<span id="19">19</span>
<span id="20">20</span>
<span id="21">21</span>
<span id="22">22</span>
<span id="23">23</span>
<span id="24">24</span>
<span id="25">25</span>
<span id="26">26</span>
<span id="27">27</span>
<span id="28">28</span>
<span id="29">29</span>
<span id="30">30</span>
<span id="31">31</span>
<span id="32">32</span>
<span id="33">33</span>
<span id="34">34</span>
<span id="35">35</span>
<span id="36">36</span>
<span id="37">37</span>
<span id="38">38</span>
<span id="39">39</span>
<span id="40">40</span>
<span id="41">41</span>
<span id="42">42</span>
<span id="43">43</span>
<span id="44">44</span>
<span id="45">45</span>
<span id="46">46</span>
<span id="47">47</span>
<span id="48">48</span>
<span id="49">49</span>
<span id="50">50</span>
<span id="51">51</span>
<span id="52">52</span>
<span id="53">53</span>
<span id="54">54</span>
<span id="55">55</span>
<span id="56">56</span>
<span id="57">57</span>
<span id="58">58</span>
<span id="59">59</span>
<span id="60">60</span>
<span id="61">61</span>
<span id="62">62</span>
<span id="63">63</span>
<span id="64">64</span>
<span id="65">65</span>
<span id="66">66</span>
<span id="67">67</span>
<span id="68">68</span>
<span id="69">69</span>
<span id="70">70</span>
<span id="71">71</span>
<span id="72">72</span>
<span id="73">73</span>
<span id="74">74</span>
<span id="75">75</span>
<span id="76">76</span>
<span id="77">77</span>
<span id="78">78</span>
<span id="79">79</span>
<span id="80">80</span>
<span id="81">81</span>
<span id="82">82</span>
<span id="83">83</span>
<span id="84">84</span>
<span id="85">85</span>
<span id="86">86</span>
<span id="87">87</span>
<span id="88">88</span>
<span id="89">89</span>
<span id="90">90</span>
<span id="91">91</span>
<span id="92">92</span>
<span id="93">93</span>
<span id="94">94</span>
<span id="95">95</span>
<span id="96">96</span>
<span id="97">97</span>
<span id="98">98</span>
<span id="99">99</span>
<span id="100">100</span>
<span id="101">101</span>
<span id="102">102</span>
<span id="103">103</span>
<span id="104">104</span>
<span id="105">105</span>
<span id="106">106</span>
<span id="107">107</span>
<span id="108">108</span>
<span id="109">109</span>
<span id="110">110</span>
<span id="111">111</span>
<span id="112">112</span>
<span id="113">113</span>
<span id="114">114</span>
<span id="115">115</span>
<span id="116">116</span>
<span id="117">117</span>
<span id="118">118</span>
<span id="119">119</span>
<span id="120">120</span>
<span id="121">121</span>
<span id="122">122</span>
<span id="123">123</span>
<span id="124">124</span>
<span id="125">125</span>
<span id="126">126</span>
<span id="127">127</span>
<span id="128">128</span>
<span id="129">129</span>
<span id="130">130</span>
<span id="131">131</span>
<span id="132">132</span>
<span id="133">133</span>
<span id="134">134</span>
<span id="135">135</span>
<span id="136">136</span>
<span id="137">137</span>
<span id="138">138</span>
<span id="139">139</span>
<span id="140">140</span>
<span id="141">141</span>
<span id="142">142</span>
<span id="143">143</span>
<span id="144">144</span>
<span id="145">145</span>
<span id="146">146</span>
<span id="147">147</span>
<span id="148">148</span>
<span id="149">149</span>
<span id="150">150</span>
<span id="151">151</span>
<span id="152">152</span>
<span id="153">153</span>
<span id="154">154</span>
<span id="155">155</span>
<span id="156">156</span>
<span id="157">157</span>
<span id="158">158</span>
<span id="159">159</span>
<span id="160">160</span>
<span id="161">161</span>
<span id="162">162</span>
<span id="163">163</span>
<span id="164">164</span>
<span id="165">165</span>
<span id="166">166</span>
<span id="167">167</span>
<span id="168">168</span>
<span id="169">169</span>
<span id="170">170</span>
<span id="171">171</span>
<span id="172">172</span>
<span id="173">173</span>
<span id="174">174</span>
<span id="175">175</span>
<span id="176">176</span>
<span id="177">177</span>
<span id="178">178</span>
<span id="179">179</span>
<span id="180">180</span>
<span id="181">181</span>
<span id="182">182</span>
<span id="183">183</span>
<span id="184">184</span>
<span id="185">185</span>
<span id="186">186</span>
<span id="187">187</span>
<span id="188">188</span>
<span id="189">189</span>
<span id="190">190</span>
<span id="191">191</span>
<span id="192">192</span>
<span id="193">193</span>
<span id="194">194</span>
<span id="195">195</span>
<span id="196">196</span>
<span id="197">197</span>
<span id="198">198</span>
<span id="199">199</span>
<span id="200">200</span>
<span id="201">201</span>
<span id="202">202</span>
<span id="203">203</span>
<span id="204">204</span>
<span id="205">205</span>
<span id="206">206</span>
<span id="207">207</span>
<span id="208">208</span>
<span id="209">209</span>
<span id="210">210</span>
<span id="211">211</span>
<span id="212">212</span>
<span id="213">213</span>
<span id="214">214</span>
<span id="215">215</span>
<span id="216">216</span>
<span id="217">217</span>
<span id="218">218</span>
<span id="219">219</span>
<span id="220">220</span>
<span id="221">221</span>
<span id="222">222</span>
<span id="223">223</span>
<span id="224">224</span>
<span id="225">225</span>
<span id="226">226</span>
<span id="227">227</span>
<span id="228">228</span>
<span id="229">229</span>
<span id="230">230</span>
<span id="231">231</span>
<span id="232">232</span>
<span id="233">233</span>
<span id="234">234</span>
<span id="235">235</span>
<span id="236">236</span>
<span id="237">237</span>
<span id="238">238</span>
<span id="239">239</span>
<span id="240">240</span>
<span id="241">241</span>
<span id="242">242</span>
<span id="243">243</span>
<span id="244">244</span>
<span id="245">245</span>
<span id="246">246</span>
<span id="247">247</span>
<span id="248">248</span>
<span id="249">249</span>
<span id="250">250</span>
<span id="251">251</span>
<span id="252">252</span>
<span id="253">253</span>
<span id="254">254</span>
<span id="255">255</span>
<span id="256">256</span>
<span id="257">257</span>
<span id="258">258</span>
<span id="259">259</span>
<span id="260">260</span>
<span id="261">261</span>
<span id="262">262</span>
<span id="263">263</span>
<span id="264">264</span>
<span id="265">265</span>
<span id="266">266</span>
<span id="267">267</span>
<span id="268">268</span>
<span id="269">269</span>
<span id="270">270</span>
<span id="271">271</span>
<span id="272">272</span>
<span id="273">273</span>
<span id="274">274</span>
<span id="275">275</span>
<span id="276">276</span>
<span id="277">277</span>
<span id="278">278</span>
<span id="279">279</span>
<span id="280">280</span>
<span id="281">281</span>
<span id="282">282</span>
<span id="283">283</span>
<span id="284">284</span>
<span id="285">285</span>
<span id="286">286</span>
<span id="287">287</span>
<span id="288">288</span>
<span id="289">289</span>
<span id="290">290</span>
<span id="291">291</span>
<span id="292">292</span>
<span id="293">293</span>
<span id="294">294</span>
<span id="295">295</span>
<span id="296">296</span>
<span id="297">297</span>
<span id="298">298</span>
<span id="299">299</span>
<span id="300">300</span>
<span id="301">301</span>
<span id="302">302</span>
<span id="303">303</span>
<span id="304">304</span>
<span id="305">305</span>
<span id="306">306</span>
<span id="307">307</span>
<span id="308">308</span>
<span id="309">309</span>
<span id="310">310</span>
<span id="311">311</span>
<span id="312">312</span>
<span id="313">313</span>
<span id="314">314</span>
<span id="315">315</span>
<span id="316">316</span>
<span id="317">317</span>
<span id="318">318</span>
<span id="319">319</span>
<span id="320">320</span>
<span id="321">321</span>
<span id="322">322</span>
<span id="323">323</span>
<span id="324">324</span>
<span id="325">325</span>
<span id="326">326</span>
<span id="327">327</span>
<span id="328">328</span>
<span id="329">329</span>
<span id="330">330</span>
<span id="331">331</span>
<span id="332">332</span>
<span id="333">333</span>
<span id="334">334</span>
<span id="335">335</span>
<span id="336">336</span>
<span id="337">337</span>
<span id="338">338</span>
<span id="339">339</span>
<span id="340">340</span>
<span id="341">341</span>
<span id="342">342</span>
<span id="343">343</span>
<span id="344">344</span>
<span id="345">345</span>
<span id="346">346</span>
<span id="347">347</span>
<span id="348">348</span>
<span id="349">349</span>
<span id="350">350</span>
<span id="351">351</span>
<span id="352">352</span>
<span id="353">353</span>
<span id="354">354</span>
<span id="355">355</span>
<span id="356">356</span>
<span id="357">357</span>
<span id="358">358</span>
<span id="359">359</span>
<span id="360">360</span>
<span id="361">361</span>
<span id="362">362</span>
<span id="363">363</span>
<span id="364">364</span>
<span id="365">365</span>
<span id="366">366</span>
<span id="367">367</span>
<span id="368">368</span>
<span id="369">369</span>
<span id="370">370</span>
<span id="371">371</span>
<span id="372">372</span>
<span id="373">373</span>
<span id="374">374</span>
<span id="375">375</span>
<span id="376">376</span>
<span id="377">377</span>
<span id="378">378</span>
<span id="379">379</span>
<span id="380">380</span>
<span id="381">381</span>
<span id="382">382</span>
<span id="383">383</span>
<span id="384">384</span>
<span id="385">385</span>
<span id="386">386</span>
<span id="387">387</span>
<span id="388">388</span>
<span id="389">389</span>
<span id="390">390</span>
<span id="391">391</span>
<span id="392">392</span>
<span id="393">393</span>
<span id="394">394</span>
<span id="395">395</span>
<span id="396">396</span>
<span id="397">397</span>
<span id="398">398</span>
<span id="399">399</span>
<span id="400">400</span>
<span id="401">401</span>
<span id="402">402</span>
<span id="403">403</span>
<span id="404">404</span>
<span id="405">405</span>
<span id="406">406</span>
<span id="407">407</span>
<span id="408">408</span>
<span id="409">409</span>
<span id="410">410</span>
<span id="411">411</span>
<span id="412">412</span>
<span id="413">413</span>
<span id="414">414</span>
<span id="415">415</span>
<span id="416">416</span>
<span id="417">417</span>
<span id="418">418</span>
<span id="419">419</span>
<span id="420">420</span>
<span id="421">421</span>
<span id="422">422</span>
<span id="423">423</span>
<span id="424">424</span>
<span id="425">425</span>
<span id="426">426</span>
<span id="427">427</span>
<span id="428">428</span>
<span id="429">429</span>
<span id="430">430</span>
<span id="431">431</span>
<span id="432">432</span>
<span id="433">433</span>
<span id="434">434</span>
<span id="435">435</span>
<span id="436">436</span>
<span id="437">437</span>
<span id="438">438</span>
<span id="439">439</span>
<span id="440">440</span>
<span id="441">441</span>
<span id="442">442</span>
<span id="443">443</span>
<span id="444">444</span>
<span id="445">445</span>
<span id="446">446</span>
<span id="447">447</span>
<span id="448">448</span>
<span id="449">449</span>
<span id="450">450</span>
<span id="451">451</span>
<span id="452">452</span>
<span id="453">453</span>
<span id="454">454</span>
<span id="455">455</span>
<span id="456">456</span>
<span id="457">457</span>
<span id="458">458</span>
<span id="459">459</span>
<span id="460">460</span>
<span id="461">461</span>
<span id="462">462</span>
<span id="463">463</span>
<span id="464">464</span>
<span id="465">465</span>
<span id="466">466</span>
<span id="467">467</span>
<span id="468">468</span>
<span id="469">469</span>
<span id="470">470</span>
<span id="471">471</span>
<span id="472">472</span>
<span id="473">473</span>
<span id="474">474</span>
<span id="475">475</span>
<span id="476">476</span>
<span id="477">477</span>
<span id="478">478</span>
<span id="479">479</span>
<span id="480">480</span>
<span id="481">481</span>
<span id="482">482</span>
<span id="483">483</span>
<span id="484">484</span>
<span id="485">485</span>
<span id="486">486</span>
<span id="487">487</span>
<span id="488">488</span>
<span id="489">489</span>
<span id="490">490</span>
<span id="491">491</span>
<span id="492">492</span>
<span id="493">493</span>
<span id="494">494</span>
<span id="495">495</span>
<span id="496">496</span>
<span id="497">497</span>
<span id="498">498</span>
<span id="499">499</span>
<span id="500">500</span>
<span id="501">501</span>
<span id="502">502</span>
<span id="503">503</span>
<span id="504">504</span>
<span id="505">505</span>
<span id="506">506</span>
<span id="507">507</span>
<span id="508">508</span>
<span id="509">509</span>
<span id="510">510</span>
<span id="511">511</span>
<span id="512">512</span>
<span id="513">513</span>
<span id="514">514</span>
<span id="515">515</span>
<span id="516">516</span>
<span id="517">517</span>
<span id="518">518</span>
<span id="519">519</span>
<span id="520">520</span>
<span id="521">521</span>
<span id="522">522</span>
<span id="523">523</span>
<span id="524">524</span>
<span id="525">525</span>
<span id="526">526</span>
<span id="527">527</span>
<span id="528">528</span>
<span id="529">529</span>
<span id="530">530</span>
<span id="531">531</span>
<span id="532">532</span>
<span id="533">533</span>
<span id="534">534</span>
<span id="535">535</span>
<span id="536">536</span>
<span id="537">537</span>
<span id="538">538</span>
<span id="539">539</span>
<span id="540">540</span>
<span id="541">541</span>
<span id="542">542</span>
<span id="543">543</span>
<span id="544">544</span>
<span id="545">545</span>
<span id="546">546</span>
<span id="547">547</span>
<span id="548">548</span>
<span id="549">549</span>
<span id="550">550</span>
<span id="551">551</span>
<span id="552">552</span>
<span id="553">553</span>
<span id="554">554</span>
<span id="555">555</span>
<span id="556">556</span>
<span id="557">557</span>
<span id="558">558</span>
<span id="559">559</span>
<span id="560">560</span>
<span id="561">561</span>
<span id="562">562</span>
<span id="563">563</span>
<span id="564">564</span>
<span id="565">565</span>
<span id="566">566</span>
<span id="567">567</span>
<span id="568">568</span>
<span id="569">569</span>
<span id="570">570</span>
<span id="571">571</span>
<span id="572">572</span>
<span id="573">573</span>
<span id="574">574</span>
<span id="575">575</span>
<span id="576">576</span>
<span id="577">577</span>
<span id="578">578</span>
<span id="579">579</span>
<span id="580">580</span>
<span id="581">581</span>
<span id="582">582</span>
<span id="583">583</span>
<span id="584">584</span>
<span id="585">585</span>
<span id="586">586</span>
<span id="587">587</span>
<span id="588">588</span>
<span id="589">589</span>
<span id="590">590</span>
<span id="591">591</span>
<span id="592">592</span>
<span id="593">593</span>
<span id="594">594</span>
<span id="595">595</span>
<span id="596">596</span>
<span id="597">597</span>
<span id="598">598</span>
<span id="599">599</span>
<span id="600">600</span>
<span id="601">601</span>
<span id="602">602</span>
<span id="603">603</span>
<span id="604">604</span>
<span id="605">605</span>
<span id="606">606</span>
<span id="607">607</span>
<span id="608">608</span>
<span id="609">609</span>
<span id="610">610</span>
<span id="611">611</span>
<span id="612">612</span>
<span id="613">613</span>
<span id="614">614</span>
<span id="615">615</span>
<span id="616">616</span>
<span id="617">617</span>
<span id="618">618</span>
<span id="619">619</span>
<span id="620">620</span>
<span id="621">621</span>
<span id="622">622</span>
<span id="623">623</span>
</pre><pre class="rust"><code><span class="kw">use </span><span class="kw">crate</span>::cipher;
<span class="kw">use </span><span class="kw">crate</span>::msgs::codec::{Codec, Reader};
<span class="kw">use </span><span class="kw">crate</span>::msgs::enums::{CipherSuite, HashAlgorithm, SignatureAlgorithm, SignatureScheme};
<span class="kw">use </span><span class="kw">crate</span>::msgs::enums::{NamedGroup, ProtocolVersion};
<span class="kw">use </span><span class="kw">crate</span>::msgs::handshake::DecomposedSignatureScheme;
<span class="kw">use </span><span class="kw">crate</span>::msgs::handshake::KeyExchangeAlgorithm;
<span class="kw">use </span><span class="kw">crate</span>::msgs::handshake::{ClientECDHParams, ServerECDHParams};
<span class="kw">use </span>ring;
<span class="kw">use </span>std::fmt;
<span class="doccomment">/// Bulk symmetric encryption scheme used by a cipher suite.
</span><span class="attribute">#[allow(non_camel_case_types)]
#[derive(Debug, PartialEq)]
</span><span class="kw">pub enum </span>BulkAlgorithm {
<span class="doccomment">/// AES with 128-bit keys in Galois counter mode.
</span>AES_128_GCM,
<span class="doccomment">/// AES with 256-bit keys in Galois counter mode.
</span>AES_256_GCM,
<span class="doccomment">/// Chacha20 for confidentiality with poly1305 for authenticity.
</span>CHACHA20_POLY1305,
}
<span class="doccomment">/// The result of a key exchange. This has our public key,
/// and the agreed shared secret (also known as the &quot;premaster secret&quot;
/// in TLS1.0-era protocols, and &quot;Z&quot; in TLS1.3).
</span><span class="kw">pub struct </span>KeyExchangeResult {
<span class="kw">pub </span>pubkey: ring::agreement::PublicKey,
<span class="kw">pub </span>shared_secret: Vec&lt;u8&gt;,
}
<span class="doccomment">/// An in-progress key exchange. This has the algorithm,
/// our private key, and our public key.
</span><span class="kw">pub struct </span>KeyExchange {
<span class="kw">pub </span>group: NamedGroup,
alg: <span class="kw-2">&amp;</span><span class="lifetime">&#39;static </span>ring::agreement::Algorithm,
privkey: ring::agreement::EphemeralPrivateKey,
<span class="kw">pub </span>pubkey: ring::agreement::PublicKey,
}
<span class="kw">impl </span>KeyExchange {
<span class="kw">pub fn </span>named_group_to_ecdh_alg(
group: NamedGroup,
) -&gt; <span class="prelude-ty">Option</span>&lt;<span class="kw-2">&amp;</span><span class="lifetime">&#39;static </span>ring::agreement::Algorithm&gt; {
<span class="kw">match </span>group {
NamedGroup::X25519 =&gt; <span class="prelude-val">Some</span>(<span class="kw-2">&amp;</span>ring::agreement::X25519),
NamedGroup::secp256r1 =&gt; <span class="prelude-val">Some</span>(<span class="kw-2">&amp;</span>ring::agreement::ECDH_P256),
NamedGroup::secp384r1 =&gt; <span class="prelude-val">Some</span>(<span class="kw-2">&amp;</span>ring::agreement::ECDH_P384),
<span class="kw">_ </span>=&gt; <span class="prelude-val">None</span>,
}
}
<span class="kw">pub fn </span>supported_groups() -&gt; <span class="kw-2">&amp;</span><span class="lifetime">&#39;static </span>[NamedGroup] {
<span class="comment">// in preference order
</span><span class="kw-2">&amp;</span>[
NamedGroup::X25519,
NamedGroup::secp384r1,
NamedGroup::secp256r1,
]
}
<span class="kw">pub fn </span>client_ecdhe(kx_params: <span class="kw-2">&amp;</span>[u8]) -&gt; <span class="prelude-ty">Option</span>&lt;KeyExchangeResult&gt; {
<span class="kw">let </span><span class="kw-2">mut </span>rd = Reader::init(kx_params);
<span class="kw">let </span>ecdh_params = ServerECDHParams::read(<span class="kw-2">&amp;mut </span>rd)<span class="question-mark">?</span>;
KeyExchange::start_ecdhe(ecdh_params.curve_params.named_group)<span class="question-mark">?
</span>.complete(<span class="kw-2">&amp;</span>ecdh_params.public.<span class="number">0</span>)
}
<span class="kw">pub fn </span>start_ecdhe(named_group: NamedGroup) -&gt; <span class="prelude-ty">Option</span>&lt;KeyExchange&gt; {
<span class="kw">let </span>alg = KeyExchange::named_group_to_ecdh_alg(named_group)<span class="question-mark">?</span>;
<span class="kw">let </span>rng = ring::rand::SystemRandom::new();
<span class="kw">let </span>ours = ring::agreement::EphemeralPrivateKey::generate(alg, <span class="kw-2">&amp;</span>rng).unwrap();
<span class="kw">let </span>pubkey = ours.compute_public_key().unwrap();
<span class="prelude-val">Some</span>(KeyExchange {
group: named_group,
alg,
privkey: ours,
pubkey,
})
}
<span class="kw">pub fn </span>check_client_params(<span class="kw-2">&amp;</span><span class="self">self</span>, kx_params: <span class="kw-2">&amp;</span>[u8]) -&gt; bool {
<span class="self">self</span>.decode_client_params(kx_params)
.is_some()
}
<span class="kw">fn </span>decode_client_params(<span class="kw-2">&amp;</span><span class="self">self</span>, kx_params: <span class="kw-2">&amp;</span>[u8]) -&gt; <span class="prelude-ty">Option</span>&lt;ClientECDHParams&gt; {
<span class="kw">let </span><span class="kw-2">mut </span>rd = Reader::init(kx_params);
<span class="kw">let </span>ecdh_params = ClientECDHParams::read(<span class="kw-2">&amp;mut </span>rd)<span class="question-mark">?</span>;
<span class="kw">if </span>rd.any_left() {
<span class="prelude-val">None
</span>} <span class="kw">else </span>{
<span class="prelude-val">Some</span>(ecdh_params)
}
}
<span class="kw">pub fn </span>server_complete(<span class="self">self</span>, kx_params: <span class="kw-2">&amp;</span>[u8]) -&gt; <span class="prelude-ty">Option</span>&lt;KeyExchangeResult&gt; {
<span class="self">self</span>.decode_client_params(kx_params)
.and_then(|ecdh| <span class="self">self</span>.complete(<span class="kw-2">&amp;</span>ecdh.public.<span class="number">0</span>))
}
<span class="kw">pub fn </span>complete(<span class="self">self</span>, peer: <span class="kw-2">&amp;</span>[u8]) -&gt; <span class="prelude-ty">Option</span>&lt;KeyExchangeResult&gt; {
<span class="kw">let </span>peer_key = ring::agreement::UnparsedPublicKey::new(<span class="self">self</span>.alg, peer);
<span class="kw">let </span>secret = ring::agreement::agree_ephemeral(<span class="self">self</span>.privkey, <span class="kw-2">&amp;</span>peer_key, (), |v| {
<span class="kw">let </span><span class="kw-2">mut </span>r = Vec::new();
r.extend_from_slice(v);
<span class="prelude-val">Ok</span>(r)
});
<span class="kw">if </span>secret.is_err() {
<span class="kw">return </span><span class="prelude-val">None</span>;
}
<span class="prelude-val">Some</span>(KeyExchangeResult {
pubkey: <span class="self">self</span>.pubkey,
shared_secret: secret.unwrap(),
})
}
}
<span class="doccomment">/// A cipher suite supported by rustls.
///
/// All possible instances of this class are provided by the library in
/// the `ALL_CIPHERSUITES` array.
</span><span class="kw">pub struct </span>SupportedCipherSuite {
<span class="doccomment">/// The TLS enumeration naming this cipher suite.
</span><span class="kw">pub </span>suite: CipherSuite,
<span class="doccomment">/// How to exchange/agree keys.
</span><span class="kw">pub </span>kx: KeyExchangeAlgorithm,
<span class="doccomment">/// How to do bulk encryption.
</span><span class="kw">pub </span>bulk: BulkAlgorithm,
<span class="doccomment">/// How to do hashing.
</span><span class="kw">pub </span>hash: HashAlgorithm,
<span class="doccomment">/// How to sign messages for authentication.
///
/// This is not present for TLS1.3, because authentication is orthogonal
/// to the ciphersuite concept there.
</span><span class="kw">pub </span>sign: <span class="prelude-ty">Option</span>&lt;<span class="kw-2">&amp;</span><span class="lifetime">&#39;static </span>[SignatureScheme]&gt;,
<span class="doccomment">/// Encryption key length, for the bulk algorithm.
</span><span class="kw">pub </span>enc_key_len: usize,
<span class="doccomment">/// How long the fixed part of the &#39;IV&#39; is.
///
/// This isn&#39;t usually an IV, but we continue the
/// terminology misuse to match the standard.
</span><span class="kw">pub </span>fixed_iv_len: usize,
<span class="doccomment">/// This is a non-standard extension which extends the
/// key block to provide an initial explicit nonce offset,
/// in a deterministic and safe way. GCM needs this,
/// chacha20poly1305 works this way by design.
</span><span class="kw">pub </span>explicit_nonce_len: usize,
<span class="kw">pub</span>(<span class="kw">crate</span>) hkdf_algorithm: ring::hkdf::Algorithm,
<span class="kw">pub</span>(<span class="kw">crate</span>) aead_algorithm: <span class="kw-2">&amp;</span><span class="lifetime">&#39;static </span>ring::aead::Algorithm,
<span class="kw">pub</span>(<span class="kw">crate</span>) build_tls12_encrypter: <span class="prelude-ty">Option</span>&lt;cipher::BuildTLS12Encrypter&gt;,
<span class="kw">pub</span>(<span class="kw">crate</span>) build_tls12_decrypter: <span class="prelude-ty">Option</span>&lt;cipher::BuildTLS12Decrypter&gt;,
}
<span class="kw">impl </span>PartialEq <span class="kw">for </span>SupportedCipherSuite {
<span class="kw">fn </span>eq(<span class="kw-2">&amp;</span><span class="self">self</span>, other: <span class="kw-2">&amp;</span>SupportedCipherSuite) -&gt; bool {
<span class="self">self</span>.suite == other.suite
}
}
<span class="kw">impl </span>fmt::Debug <span class="kw">for </span>SupportedCipherSuite {
<span class="kw">fn </span>fmt(<span class="kw-2">&amp;</span><span class="self">self</span>, f: <span class="kw-2">&amp;mut </span>fmt::Formatter&lt;<span class="lifetime">&#39;_</span>&gt;) -&gt; fmt::Result {
f.debug_struct(<span class="string">&quot;SupportedCipherSuite&quot;</span>)
.field(<span class="string">&quot;suite&quot;</span>, <span class="kw-2">&amp;</span><span class="self">self</span>.suite)
.field(<span class="string">&quot;kx&quot;</span>, <span class="kw-2">&amp;</span><span class="self">self</span>.kx)
.field(<span class="string">&quot;bulk&quot;</span>, <span class="kw-2">&amp;</span><span class="self">self</span>.bulk)
.field(<span class="string">&quot;hash&quot;</span>, <span class="kw-2">&amp;</span><span class="self">self</span>.hash)
.field(<span class="string">&quot;sign&quot;</span>, <span class="kw-2">&amp;</span><span class="self">self</span>.sign)
.field(<span class="string">&quot;enc_key_len&quot;</span>, <span class="kw-2">&amp;</span><span class="self">self</span>.enc_key_len)
.field(<span class="string">&quot;fixed_iv_len&quot;</span>, <span class="kw-2">&amp;</span><span class="self">self</span>.fixed_iv_len)
.field(<span class="string">&quot;explicit_nonce_len&quot;</span>, <span class="kw-2">&amp;</span><span class="self">self</span>.explicit_nonce_len)
.finish()
}
}
<span class="kw">impl </span>SupportedCipherSuite {
<span class="doccomment">/// Which hash function to use with this suite.
</span><span class="kw">pub fn </span>get_hash(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="kw-2">&amp;</span><span class="lifetime">&#39;static </span>ring::digest::Algorithm {
<span class="self">self</span>.hkdf_algorithm
.hmac_algorithm()
.digest_algorithm()
}
<span class="doccomment">/// We have parameters and a verified public key in `kx_params`.
/// Generate an ephemeral key, generate the shared secret, and
/// return it and the public half in a `KeyExchangeResult`.
</span><span class="kw">pub fn </span>do_client_kx(<span class="kw-2">&amp;</span><span class="self">self</span>, kx_params: <span class="kw-2">&amp;</span>[u8]) -&gt; <span class="prelude-ty">Option</span>&lt;KeyExchangeResult&gt; {
<span class="kw">match </span><span class="self">self</span>.kx {
KeyExchangeAlgorithm::ECDHE =&gt; KeyExchange::client_ecdhe(kx_params),
<span class="kw">_ </span>=&gt; <span class="prelude-val">None</span>,
}
}
<span class="doccomment">/// Start the KX process with the given group. This generates
/// the server&#39;s share, but we don&#39;t yet have the client&#39;s share.
</span><span class="kw">pub fn </span>start_server_kx(<span class="kw-2">&amp;</span><span class="self">self</span>, named_group: NamedGroup) -&gt; <span class="prelude-ty">Option</span>&lt;KeyExchange&gt; {
<span class="kw">match </span><span class="self">self</span>.kx {
KeyExchangeAlgorithm::ECDHE =&gt; KeyExchange::start_ecdhe(named_group),
<span class="kw">_ </span>=&gt; <span class="prelude-val">None</span>,
}
}
<span class="doccomment">/// Resolve the set of supported `SignatureScheme`s from the
/// offered `SupportedSignatureSchemes`. If we return an empty
/// set, the handshake terminates.
</span><span class="kw">pub fn </span>resolve_sig_schemes(<span class="kw-2">&amp;</span><span class="self">self</span>, offered: <span class="kw-2">&amp;</span>[SignatureScheme]) -&gt; Vec&lt;SignatureScheme&gt; {
<span class="kw">if let </span><span class="prelude-val">Some</span>(our_preference) = <span class="self">self</span>.sign {
our_preference
.iter()
.filter(|pref| offered.contains(pref))
.cloned()
.collect()
} <span class="kw">else </span>{
<span class="macro">vec!</span>[]
}
}
<span class="doccomment">/// Length of key block that needs to be output by the key
/// derivation phase for this suite.
</span><span class="kw">pub fn </span>key_block_len(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; usize {
(<span class="self">self</span>.enc_key_len + <span class="self">self</span>.fixed_iv_len) * <span class="number">2 </span>+ <span class="self">self</span>.explicit_nonce_len
}
<span class="doccomment">/// Return true if this suite is usable for TLS `version`.
</span><span class="kw">pub fn </span>usable_for_version(<span class="kw-2">&amp;</span><span class="self">self</span>, version: ProtocolVersion) -&gt; bool {
<span class="kw">match </span>version {
ProtocolVersion::TLSv1_3 =&gt; <span class="self">self</span>.build_tls12_encrypter.is_none(),
ProtocolVersion::TLSv1_2 =&gt; <span class="self">self</span>.build_tls12_encrypter.is_some(),
<span class="kw">_ </span>=&gt; <span class="bool-val">false</span>,
}
}
<span class="doccomment">/// Return true if this suite is usable for a key only offering `sigalg`
/// signatures. This resolves to true for all TLS1.3 suites.
</span><span class="kw">pub fn </span>usable_for_sigalg(<span class="kw-2">&amp;</span><span class="self">self</span>, sigalg: SignatureAlgorithm) -&gt; bool {
<span class="kw">match </span><span class="self">self</span>.sign {
<span class="prelude-val">None </span>=&gt; <span class="bool-val">true</span>, <span class="comment">// no constraint expressed by ciphersuite (eg, TLS1.3)
</span><span class="prelude-val">Some</span>(schemes) =&gt; schemes
.iter()
.any(|scheme| scheme.sign() == sigalg),
}
}
<span class="doccomment">/// Can a session using suite self resume using suite new_suite?
</span><span class="kw">pub fn </span>can_resume_to(<span class="kw-2">&amp;</span><span class="self">self</span>, new_suite: <span class="kw-2">&amp;</span>SupportedCipherSuite) -&gt; bool {
<span class="kw">if </span><span class="self">self</span>.usable_for_version(ProtocolVersion::TLSv1_3)
&amp;&amp; new_suite.usable_for_version(ProtocolVersion::TLSv1_3)
{
<span class="comment">// TLS1.3 actually specifies requirements here: suites are compatible
// for resumption if they have the same KDF hash
</span><span class="self">self</span>.hash == new_suite.hash
} <span class="kw">else if </span><span class="self">self</span>.usable_for_version(ProtocolVersion::TLSv1_2)
&amp;&amp; new_suite.usable_for_version(ProtocolVersion::TLSv1_2)
{
<span class="comment">// Previous versions don&#39;t specify any constraint, so we don&#39;t
// resume between suites to avoid bad interactions.
</span><span class="self">self</span>.suite == new_suite.suite
} <span class="kw">else </span>{
<span class="comment">// Suites for different versions definitely can&#39;t resume!
</span><span class="bool-val">false
</span>}
}
}
<span class="kw">static </span>TLS12_ECDSA_SCHEMES: <span class="kw-2">&amp;</span>[SignatureScheme] = <span class="kw-2">&amp;</span>[
SignatureScheme::ED25519,
SignatureScheme::ECDSA_NISTP521_SHA512,
SignatureScheme::ECDSA_NISTP384_SHA384,
SignatureScheme::ECDSA_NISTP256_SHA256,
];
<span class="kw">static </span>TLS12_RSA_SCHEMES: <span class="kw-2">&amp;</span>[SignatureScheme] = <span class="kw-2">&amp;</span>[
SignatureScheme::RSA_PSS_SHA512,
SignatureScheme::RSA_PSS_SHA384,
SignatureScheme::RSA_PSS_SHA256,
SignatureScheme::RSA_PKCS1_SHA512,
SignatureScheme::RSA_PKCS1_SHA384,
SignatureScheme::RSA_PKCS1_SHA256,
];
<span class="doccomment">/// The TLS1.2 ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256.
</span><span class="kw">pub static </span>TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite =
SupportedCipherSuite {
suite: CipherSuite::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
kx: KeyExchangeAlgorithm::ECDHE,
sign: <span class="prelude-val">Some</span>(TLS12_ECDSA_SCHEMES),
bulk: BulkAlgorithm::CHACHA20_POLY1305,
hash: HashAlgorithm::SHA256,
enc_key_len: <span class="number">32</span>,
fixed_iv_len: <span class="number">12</span>,
explicit_nonce_len: <span class="number">0</span>,
hkdf_algorithm: ring::hkdf::HKDF_SHA256,
aead_algorithm: <span class="kw-2">&amp;</span>ring::aead::CHACHA20_POLY1305,
build_tls12_encrypter: <span class="prelude-val">Some</span>(cipher::build_tls12_chacha_encrypter),
build_tls12_decrypter: <span class="prelude-val">Some</span>(cipher::build_tls12_chacha_decrypter),
};
<span class="doccomment">/// The TLS1.2 ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
</span><span class="kw">pub static </span>TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite =
SupportedCipherSuite {
suite: CipherSuite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
kx: KeyExchangeAlgorithm::ECDHE,
sign: <span class="prelude-val">Some</span>(TLS12_RSA_SCHEMES),
bulk: BulkAlgorithm::CHACHA20_POLY1305,
hash: HashAlgorithm::SHA256,
enc_key_len: <span class="number">32</span>,
fixed_iv_len: <span class="number">12</span>,
explicit_nonce_len: <span class="number">0</span>,
hkdf_algorithm: ring::hkdf::HKDF_SHA256,
aead_algorithm: <span class="kw-2">&amp;</span>ring::aead::CHACHA20_POLY1305,
build_tls12_encrypter: <span class="prelude-val">Some</span>(cipher::build_tls12_chacha_encrypter),
build_tls12_decrypter: <span class="prelude-val">Some</span>(cipher::build_tls12_chacha_decrypter),
};
<span class="doccomment">/// The TLS1.2 ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
</span><span class="kw">pub static </span>TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite = SupportedCipherSuite {
suite: CipherSuite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
kx: KeyExchangeAlgorithm::ECDHE,
sign: <span class="prelude-val">Some</span>(TLS12_RSA_SCHEMES),
bulk: BulkAlgorithm::AES_128_GCM,
hash: HashAlgorithm::SHA256,
enc_key_len: <span class="number">16</span>,
fixed_iv_len: <span class="number">4</span>,
explicit_nonce_len: <span class="number">8</span>,
hkdf_algorithm: ring::hkdf::HKDF_SHA256,
aead_algorithm: <span class="kw-2">&amp;</span>ring::aead::AES_128_GCM,
build_tls12_encrypter: <span class="prelude-val">Some</span>(cipher::build_tls12_gcm_128_encrypter),
build_tls12_decrypter: <span class="prelude-val">Some</span>(cipher::build_tls12_gcm_128_decrypter),
};
<span class="doccomment">/// The TLS1.2 ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
</span><span class="kw">pub static </span>TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite = SupportedCipherSuite {
suite: CipherSuite::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
kx: KeyExchangeAlgorithm::ECDHE,
sign: <span class="prelude-val">Some</span>(TLS12_RSA_SCHEMES),
bulk: BulkAlgorithm::AES_256_GCM,
hash: HashAlgorithm::SHA384,
enc_key_len: <span class="number">32</span>,
fixed_iv_len: <span class="number">4</span>,
explicit_nonce_len: <span class="number">8</span>,
hkdf_algorithm: ring::hkdf::HKDF_SHA384,
aead_algorithm: <span class="kw-2">&amp;</span>ring::aead::AES_256_GCM,
build_tls12_encrypter: <span class="prelude-val">Some</span>(cipher::build_tls12_gcm_256_encrypter),
build_tls12_decrypter: <span class="prelude-val">Some</span>(cipher::build_tls12_gcm_256_decrypter),
};
<span class="doccomment">/// The TLS1.2 ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
</span><span class="kw">pub static </span>TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite = SupportedCipherSuite {
suite: CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
kx: KeyExchangeAlgorithm::ECDHE,
sign: <span class="prelude-val">Some</span>(TLS12_ECDSA_SCHEMES),
bulk: BulkAlgorithm::AES_128_GCM,
hash: HashAlgorithm::SHA256,
enc_key_len: <span class="number">16</span>,
fixed_iv_len: <span class="number">4</span>,
explicit_nonce_len: <span class="number">8</span>,
hkdf_algorithm: ring::hkdf::HKDF_SHA256,
aead_algorithm: <span class="kw-2">&amp;</span>ring::aead::AES_128_GCM,
build_tls12_encrypter: <span class="prelude-val">Some</span>(cipher::build_tls12_gcm_128_encrypter),
build_tls12_decrypter: <span class="prelude-val">Some</span>(cipher::build_tls12_gcm_128_decrypter),
};
<span class="doccomment">/// The TLS1.2 ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
</span><span class="kw">pub static </span>TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite = SupportedCipherSuite {
suite: CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
kx: KeyExchangeAlgorithm::ECDHE,
sign: <span class="prelude-val">Some</span>(TLS12_ECDSA_SCHEMES),
bulk: BulkAlgorithm::AES_256_GCM,
hash: HashAlgorithm::SHA384,
enc_key_len: <span class="number">32</span>,
fixed_iv_len: <span class="number">4</span>,
explicit_nonce_len: <span class="number">8</span>,
hkdf_algorithm: ring::hkdf::HKDF_SHA384,
aead_algorithm: <span class="kw-2">&amp;</span>ring::aead::AES_256_GCM,
build_tls12_encrypter: <span class="prelude-val">Some</span>(cipher::build_tls12_gcm_256_encrypter),
build_tls12_decrypter: <span class="prelude-val">Some</span>(cipher::build_tls12_gcm_256_decrypter),
};
<span class="doccomment">/// The TLS1.3 ciphersuite TLS_CHACHA20_POLY1305_SHA256
</span><span class="kw">pub static </span>TLS13_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = SupportedCipherSuite {
suite: CipherSuite::TLS13_CHACHA20_POLY1305_SHA256,
kx: KeyExchangeAlgorithm::BulkOnly,
sign: <span class="prelude-val">None</span>,
bulk: BulkAlgorithm::CHACHA20_POLY1305,
hash: HashAlgorithm::SHA256,
enc_key_len: <span class="number">32</span>,
fixed_iv_len: <span class="number">12</span>,
explicit_nonce_len: <span class="number">0</span>,
hkdf_algorithm: ring::hkdf::HKDF_SHA256,
aead_algorithm: <span class="kw-2">&amp;</span>ring::aead::CHACHA20_POLY1305,
build_tls12_encrypter: <span class="prelude-val">None</span>,
build_tls12_decrypter: <span class="prelude-val">None</span>,
};
<span class="doccomment">/// The TLS1.3 ciphersuite TLS_AES_256_GCM_SHA384
</span><span class="kw">pub static </span>TLS13_AES_256_GCM_SHA384: SupportedCipherSuite = SupportedCipherSuite {
suite: CipherSuite::TLS13_AES_256_GCM_SHA384,
kx: KeyExchangeAlgorithm::BulkOnly,
sign: <span class="prelude-val">None</span>,
bulk: BulkAlgorithm::AES_256_GCM,
hash: HashAlgorithm::SHA384,
enc_key_len: <span class="number">32</span>,
fixed_iv_len: <span class="number">12</span>,
explicit_nonce_len: <span class="number">0</span>,
hkdf_algorithm: ring::hkdf::HKDF_SHA384,
aead_algorithm: <span class="kw-2">&amp;</span>ring::aead::AES_256_GCM,
build_tls12_encrypter: <span class="prelude-val">None</span>,
build_tls12_decrypter: <span class="prelude-val">None</span>,
};
<span class="doccomment">/// The TLS1.3 ciphersuite TLS_AES_128_GCM_SHA256
</span><span class="kw">pub static </span>TLS13_AES_128_GCM_SHA256: SupportedCipherSuite = SupportedCipherSuite {
suite: CipherSuite::TLS13_AES_128_GCM_SHA256,
kx: KeyExchangeAlgorithm::BulkOnly,
sign: <span class="prelude-val">None</span>,
bulk: BulkAlgorithm::AES_128_GCM,
hash: HashAlgorithm::SHA256,
enc_key_len: <span class="number">16</span>,
fixed_iv_len: <span class="number">12</span>,
explicit_nonce_len: <span class="number">0</span>,
hkdf_algorithm: ring::hkdf::HKDF_SHA256,
aead_algorithm: <span class="kw-2">&amp;</span>ring::aead::AES_128_GCM,
build_tls12_encrypter: <span class="prelude-val">None</span>,
build_tls12_decrypter: <span class="prelude-val">None</span>,
};
<span class="doccomment">/// A list of all the cipher suites supported by rustls.
</span><span class="kw">pub static </span>ALL_CIPHERSUITES: [<span class="kw-2">&amp;</span>SupportedCipherSuite; <span class="number">9</span>] = [
<span class="comment">// TLS1.3 suites
</span><span class="kw-2">&amp;</span>TLS13_CHACHA20_POLY1305_SHA256,
<span class="kw-2">&amp;</span>TLS13_AES_256_GCM_SHA384,
<span class="kw-2">&amp;</span>TLS13_AES_128_GCM_SHA256,
<span class="comment">// TLS1.2 suites
</span><span class="kw-2">&amp;</span>TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
<span class="kw-2">&amp;</span>TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
<span class="kw-2">&amp;</span>TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
<span class="kw-2">&amp;</span>TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
<span class="kw-2">&amp;</span>TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
<span class="kw-2">&amp;</span>TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
];
<span class="comment">// These both O(N^2)!
</span><span class="kw">pub fn </span>choose_ciphersuite_preferring_client(
client_suites: <span class="kw-2">&amp;</span>[CipherSuite],
server_suites: <span class="kw-2">&amp;</span>[<span class="kw-2">&amp;</span><span class="lifetime">&#39;static </span>SupportedCipherSuite],
) -&gt; <span class="prelude-ty">Option</span>&lt;<span class="kw-2">&amp;</span><span class="lifetime">&#39;static </span>SupportedCipherSuite&gt; {
<span class="kw">for </span>client_suite <span class="kw">in </span>client_suites {
<span class="kw">if let </span><span class="prelude-val">Some</span>(selected) = server_suites
.iter()
.find(|x| <span class="kw-2">*</span>client_suite == x.suite)
{
<span class="kw">return </span><span class="prelude-val">Some</span>(<span class="kw-2">*</span>selected);
}
}
<span class="prelude-val">None
</span>}
<span class="kw">pub fn </span>choose_ciphersuite_preferring_server(
client_suites: <span class="kw-2">&amp;</span>[CipherSuite],
server_suites: <span class="kw-2">&amp;</span>[<span class="kw-2">&amp;</span><span class="lifetime">&#39;static </span>SupportedCipherSuite],
) -&gt; <span class="prelude-ty">Option</span>&lt;<span class="kw-2">&amp;</span><span class="lifetime">&#39;static </span>SupportedCipherSuite&gt; {
<span class="kw">if let </span><span class="prelude-val">Some</span>(selected) = server_suites
.iter()
.find(|x| client_suites.contains(<span class="kw-2">&amp;</span>x.suite))
{
<span class="kw">return </span><span class="prelude-val">Some</span>(<span class="kw-2">*</span>selected);
}
<span class="prelude-val">None
</span>}
<span class="doccomment">/// Return a list of the ciphersuites in `all` with the suites
/// incompatible with `SignatureAlgorithm` `sigalg` removed.
</span><span class="kw">pub fn </span>reduce_given_sigalg(
all: <span class="kw-2">&amp;</span>[<span class="kw-2">&amp;</span><span class="lifetime">&#39;static </span>SupportedCipherSuite],
sigalg: SignatureAlgorithm,
) -&gt; Vec&lt;<span class="kw-2">&amp;</span><span class="lifetime">&#39;static </span>SupportedCipherSuite&gt; {
all.iter()
.filter(|&amp;&amp;suite| suite.usable_for_sigalg(sigalg))
.cloned()
.collect()
}
<span class="doccomment">/// Return a list of the ciphersuites in `all` with the suites
/// incompatible with the chosen `version` removed.
</span><span class="kw">pub fn </span>reduce_given_version(
all: <span class="kw-2">&amp;</span>[<span class="kw-2">&amp;</span><span class="lifetime">&#39;static </span>SupportedCipherSuite],
version: ProtocolVersion,
) -&gt; Vec&lt;<span class="kw-2">&amp;</span><span class="lifetime">&#39;static </span>SupportedCipherSuite&gt; {
all.iter()
.filter(|&amp;&amp;suite| suite.usable_for_version(version))
.cloned()
.collect()
}
<span class="doccomment">/// Return true if `sigscheme` is usable by any of the given suites.
</span><span class="kw">pub fn </span>compatible_sigscheme_for_suites(
sigscheme: SignatureScheme,
common_suites: <span class="kw-2">&amp;</span>[<span class="kw-2">&amp;</span><span class="lifetime">&#39;static </span>SupportedCipherSuite],
) -&gt; bool {
<span class="kw">let </span>sigalg = sigscheme.sign();
common_suites
.iter()
.any(|<span class="kw-2">&amp;</span>suite| suite.usable_for_sigalg(sigalg))
}
<span class="attribute">#[cfg(test)]
</span><span class="kw">mod </span>test {
<span class="kw">use super</span>::<span class="kw-2">*</span>;
<span class="kw">use </span><span class="kw">crate</span>::msgs::enums::CipherSuite;
<span class="attribute">#[test]
</span><span class="kw">fn </span>test_client_pref() {
<span class="kw">let </span>client = <span class="macro">vec!</span>[
CipherSuite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
CipherSuite::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
];
<span class="kw">let </span>server = <span class="macro">vec!</span>[
<span class="kw-2">&amp;</span>TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
<span class="kw-2">&amp;</span>TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
];
<span class="kw">let </span>chosen = choose_ciphersuite_preferring_client(<span class="kw-2">&amp;</span>client, <span class="kw-2">&amp;</span>server);
<span class="macro">assert!</span>(chosen.is_some());
<span class="macro">assert_eq!</span>(chosen.unwrap(), <span class="kw-2">&amp;</span>TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256);
}
<span class="attribute">#[test]
</span><span class="kw">fn </span>test_server_pref() {
<span class="kw">let </span>client = <span class="macro">vec!</span>[
CipherSuite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
CipherSuite::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
];
<span class="kw">let </span>server = <span class="macro">vec!</span>[
<span class="kw-2">&amp;</span>TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
<span class="kw-2">&amp;</span>TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
];
<span class="kw">let </span>chosen = choose_ciphersuite_preferring_server(<span class="kw-2">&amp;</span>client, <span class="kw-2">&amp;</span>server);
<span class="macro">assert!</span>(chosen.is_some());
<span class="macro">assert_eq!</span>(chosen.unwrap(), <span class="kw-2">&amp;</span>TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384);
}
<span class="attribute">#[test]
</span><span class="kw">fn </span>test_pref_fails() {
<span class="macro">assert!</span>(
choose_ciphersuite_preferring_client(
<span class="kw-2">&amp;</span>[CipherSuite::TLS_NULL_WITH_NULL_NULL],
<span class="kw-2">&amp;</span>ALL_CIPHERSUITES
)
.is_none()
);
<span class="macro">assert!</span>(
choose_ciphersuite_preferring_server(
<span class="kw-2">&amp;</span>[CipherSuite::TLS_NULL_WITH_NULL_NULL],
<span class="kw-2">&amp;</span>ALL_CIPHERSUITES
)
.is_none()
);
}
<span class="attribute">#[test]
</span><span class="kw">fn </span>test_scs_is_debug() {
<span class="macro">println!</span>(<span class="string">&quot;{:?}&quot;</span>, ALL_CIPHERSUITES);
}
<span class="attribute">#[test]
</span><span class="kw">fn </span>test_usable_for_version() {
<span class="kw">fn </span>ok_tls13(scs: <span class="kw-2">&amp;</span>SupportedCipherSuite) {
<span class="macro">assert!</span>(!scs.usable_for_version(ProtocolVersion::TLSv1_0));
<span class="macro">assert!</span>(!scs.usable_for_version(ProtocolVersion::TLSv1_2));
<span class="macro">assert!</span>(scs.usable_for_version(ProtocolVersion::TLSv1_3));
}
<span class="kw">fn </span>ok_tls12(scs: <span class="kw-2">&amp;</span>SupportedCipherSuite) {
<span class="macro">assert!</span>(!scs.usable_for_version(ProtocolVersion::TLSv1_0));
<span class="macro">assert!</span>(scs.usable_for_version(ProtocolVersion::TLSv1_2));
<span class="macro">assert!</span>(!scs.usable_for_version(ProtocolVersion::TLSv1_3));
}
ok_tls13(<span class="kw-2">&amp;</span>TLS13_CHACHA20_POLY1305_SHA256);
ok_tls13(<span class="kw-2">&amp;</span>TLS13_AES_256_GCM_SHA384);
ok_tls13(<span class="kw-2">&amp;</span>TLS13_AES_128_GCM_SHA256);
ok_tls12(<span class="kw-2">&amp;</span>TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256);
ok_tls12(<span class="kw-2">&amp;</span>TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256);
ok_tls12(<span class="kw-2">&amp;</span>TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384);
ok_tls12(<span class="kw-2">&amp;</span>TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256);
ok_tls12(<span class="kw-2">&amp;</span>TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384);
}
<span class="attribute">#[test]
</span><span class="kw">fn </span>test_can_resume_to() {
<span class="macro">assert!</span>(TLS13_CHACHA20_POLY1305_SHA256.can_resume_to(<span class="kw-2">&amp;</span>TLS13_AES_128_GCM_SHA256));
<span class="macro">assert!</span>(!TLS13_CHACHA20_POLY1305_SHA256.can_resume_to(<span class="kw-2">&amp;</span>TLS13_AES_256_GCM_SHA384));
<span class="macro">assert!</span>(
!TLS13_CHACHA20_POLY1305_SHA256
.can_resume_to(<span class="kw-2">&amp;</span>TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256)
);
<span class="macro">assert!</span>(
!TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
.can_resume_to(<span class="kw-2">&amp;</span>TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256)
);
<span class="macro">assert!</span>(
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
.can_resume_to(<span class="kw-2">&amp;</span>TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256)
);
}
}
</code></pre></div>
</section></div></main><div id="rustdoc-vars" data-root-path="../../" data-current-crate="rustls" data-themes="ayu,dark,light" data-resource-suffix="" data-rustdoc-version="1.66.0-nightly (5c8bff74b 2022-10-21)" ></div></body></html>