Struct rustls::SupportedCipherSuite
source · [−]pub struct SupportedCipherSuite {
pub suite: CipherSuite,
pub kx: KeyExchangeAlgorithm,
pub bulk: BulkAlgorithm,
pub hash: HashAlgorithm,
pub sign: Option<&'static [SignatureScheme]>,
pub enc_key_len: usize,
pub fixed_iv_len: usize,
pub explicit_nonce_len: usize,
/* private fields */
}
Expand description
A cipher suite supported by rustls.
All possible instances of this class are provided by the library in
the ALL_CIPHERSUITES
array.
Fields
suite: CipherSuite
The TLS enumeration naming this cipher suite.
kx: KeyExchangeAlgorithm
How to exchange/agree keys.
bulk: BulkAlgorithm
How to do bulk encryption.
hash: HashAlgorithm
How to do hashing.
sign: Option<&'static [SignatureScheme]>
How to sign messages for authentication.
This is not present for TLS1.3, because authentication is orthogonal to the ciphersuite concept there.
enc_key_len: usize
Encryption key length, for the bulk algorithm.
fixed_iv_len: usize
How long the fixed part of the ‘IV’ is.
This isn’t usually an IV, but we continue the terminology misuse to match the standard.
explicit_nonce_len: usize
This is a non-standard extension which extends the key block to provide an initial explicit nonce offset, in a deterministic and safe way. GCM needs this, chacha20poly1305 works this way by design.
Implementations
sourceimpl SupportedCipherSuite
impl SupportedCipherSuite
sourcepub fn do_client_kx(&self, kx_params: &[u8]) -> Option<KeyExchangeResult>
pub fn do_client_kx(&self, kx_params: &[u8]) -> Option<KeyExchangeResult>
We have parameters and a verified public key in kx_params
.
Generate an ephemeral key, generate the shared secret, and
return it and the public half in a KeyExchangeResult
.
sourcepub fn start_server_kx(&self, named_group: NamedGroup) -> Option<KeyExchange>
pub fn start_server_kx(&self, named_group: NamedGroup) -> Option<KeyExchange>
Start the KX process with the given group. This generates the server’s share, but we don’t yet have the client’s share.
sourcepub fn resolve_sig_schemes(
&self,
offered: &[SignatureScheme]
) -> Vec<SignatureScheme>
pub fn resolve_sig_schemes(
&self,
offered: &[SignatureScheme]
) -> Vec<SignatureScheme>
Resolve the set of supported SignatureScheme
s from the
offered SupportedSignatureSchemes
. If we return an empty
set, the handshake terminates.
sourcepub fn key_block_len(&self) -> usize
pub fn key_block_len(&self) -> usize
Length of key block that needs to be output by the key derivation phase for this suite.
sourcepub fn usable_for_version(&self, version: ProtocolVersion) -> bool
pub fn usable_for_version(&self, version: ProtocolVersion) -> bool
Return true if this suite is usable for TLS version
.
sourcepub fn usable_for_sigalg(&self, sigalg: SignatureAlgorithm) -> bool
pub fn usable_for_sigalg(&self, sigalg: SignatureAlgorithm) -> bool
Return true if this suite is usable for a key only offering sigalg
signatures. This resolves to true for all TLS1.3 suites.
sourcepub fn can_resume_to(&self, new_suite: &SupportedCipherSuite) -> bool
pub fn can_resume_to(&self, new_suite: &SupportedCipherSuite) -> bool
Can a session using suite self resume using suite new_suite?
Trait Implementations
sourceimpl Debug for SupportedCipherSuite
impl Debug for SupportedCipherSuite
Auto Trait Implementations
impl RefUnwindSafe for SupportedCipherSuite
impl Send for SupportedCipherSuite
impl Sync for SupportedCipherSuite
impl Unpin for SupportedCipherSuite
impl UnwindSafe for SupportedCipherSuite
Blanket Implementations
sourceimpl<T> BorrowMut<T> for T where
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
const: unstable · sourcepub fn borrow_mut(&mut self) -> &mut T
pub fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more