Struct rustls::SupportedCipherSuite[][src]

pub struct SupportedCipherSuite {
    pub suite: CipherSuite,
    pub kx: KeyExchangeAlgorithm,
    pub bulk: BulkAlgorithm,
    pub hash: HashAlgorithm,
    pub sign: Option<&'static [SignatureScheme]>,
    pub enc_key_len: usize,
    pub fixed_iv_len: usize,
    pub explicit_nonce_len: usize,
    // some fields omitted
}

A cipher suite supported by rustls.

All possible instances of this class are provided by the library in the ALL_CIPHERSUITES array.

Fields

suite: CipherSuite

The TLS enumeration naming this cipher suite.

kx: KeyExchangeAlgorithm

How to exchange/agree keys.

bulk: BulkAlgorithm

How to do bulk encryption.

hash: HashAlgorithm

How to do hashing.

sign: Option<&'static [SignatureScheme]>

How to sign messages for authentication.

This is not present for TLS1.3, because authentication is orthogonal to the ciphersuite concept there.

enc_key_len: usize

Encryption key length, for the bulk algorithm.

fixed_iv_len: usize

How long the fixed part of the ‘IV’ is.

This isn’t usually an IV, but we continue the terminology misuse to match the standard.

explicit_nonce_len: usize

This is a non-standard extension which extends the key block to provide an initial explicit nonce offset, in a deterministic and safe way. GCM needs this, chacha20poly1305 works this way by design.

Implementations

impl SupportedCipherSuite[src]

pub fn get_hash(&self) -> &'static Algorithm[src]

Which hash function to use with this suite.

pub fn do_client_kx(&self, kx_params: &[u8]) -> Option<KeyExchangeResult>[src]

We have parameters and a verified public key in kx_params. Generate an ephemeral key, generate the shared secret, and return it and the public half in a KeyExchangeResult.

pub fn start_server_kx(&self, named_group: NamedGroup) -> Option<KeyExchange>[src]

Start the KX process with the given group. This generates the server’s share, but we don’t yet have the client’s share.

pub fn resolve_sig_schemes(
    &self,
    offered: &[SignatureScheme]
) -> Vec<SignatureScheme>
[src]

Resolve the set of supported SignatureSchemes from the offered SupportedSignatureSchemes. If we return an empty set, the handshake terminates.

pub fn key_block_len(&self) -> usize[src]

Length of key block that needs to be output by the key derivation phase for this suite.

pub fn usable_for_version(&self, version: ProtocolVersion) -> bool[src]

Return true if this suite is usable for TLS version.

pub fn usable_for_sigalg(&self, sigalg: SignatureAlgorithm) -> bool[src]

Return true if this suite is usable for a key only offering sigalg signatures. This resolves to true for all TLS1.3 suites.

pub fn can_resume_to(&self, new_suite: &SupportedCipherSuite) -> bool[src]

Can a session using suite self resume using suite new_suite?

Trait Implementations

impl Debug for SupportedCipherSuite[src]

impl PartialEq<SupportedCipherSuite> for SupportedCipherSuite[src]

Auto Trait Implementations

impl RefUnwindSafe for SupportedCipherSuite

impl Send for SupportedCipherSuite

impl Sync for SupportedCipherSuite

impl Unpin for SupportedCipherSuite

impl UnwindSafe for SupportedCipherSuite

Blanket Implementations

impl<T> Any for T where
    T: 'static + ?Sized
[src]

impl<T> Borrow<T> for T where
    T: ?Sized
[src]

impl<T> BorrowMut<T> for T where
    T: ?Sized
[src]

impl<T> From<T> for T[src]

impl<T, U> Into<U> for T where
    U: From<T>, 
[src]

impl<T, U> TryFrom<U> for T where
    U: Into<T>, 
[src]

type Error = Infallible

The type returned in the event of a conversion error.

impl<T, U> TryInto<U> for T where
    U: TryFrom<T>, 
[src]

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.