CipherSuite

aprender::loading::cipher

Enum CipherSuite 

Source 
#[repr(u8)]
pub enum CipherSuite {
    Standard2025 = 1,
    PostQuantum2030 = 2,
    Hybrid2028 = 3,
    GovHighAssurance = 4,
    LegacyRSA = 255,
}
Expand description

Supported cipher suites for cryptographic agility.

Allows rotation from classical to post-quantum algorithms without breaking existing files.

§Design Rationale (Poka-yoke)

Hardcoding Ed25519 creates long-term risk. Post-quantum computers could break classical signatures by 2030-2040. This enum allows graceful migration without breaking existing files.

§Security Recommendations

  • Standard2025: Use for current deployments (fast, small keys)
  • Hybrid2028: Use for long-term sensitive data (transition period)
  • PostQuantum2030: Use when NIST PQC is fully standardized
  • GovHighAssurance: Use for government/defense applications
  • LegacyRSA: DEPRECATED - load-only for migration

Variants§

§

Standard2025 = 1

Current standard (2025): Fast, small keys

  • Sign: Ed25519 (ed25519-dalek)
  • Encrypt: XChaCha20-Poly1305
  • Hash: BLAKE3
  • KDF: Argon2id
§

PostQuantum2030 = 2

NIST PQC Standard (2030+): Post-Quantum resistant

  • Sign: ML-DSA-65 (Dilithium3)
  • KEM: ML-KEM-768 (Kyber768)
  • Hash: SHA3-256
  • KDF: HKDF-SHA3
§

Hybrid2028 = 3

Hybrid mode: Classical + Post-Quantum (transition period)

  • Sign: Ed25519 + ML-DSA-65 (both required)
  • KEM: X25519 + ML-KEM-768

Provides security against both classical and quantum adversaries

§

GovHighAssurance = 4

Government/High-Assurance (NSA Suite B compatible)

  • Sign: ECDSA P-384
  • Encrypt: AES-256-GCM
  • Hash: SHA-384

Required for some government/defense applications

§

LegacyRSA = 255

Legacy support (deprecated, load-only)

  • Sign: RSA-2048
  • Encrypt: AES-128-CBC

WARNING: Do not create new files with this suite

Implementations§

Source§

impl CipherSuite

Source

pub fn from_u8(value: u8) -> Option<Self>

Convert from u8 value with validation

Source

pub const fn to_u8(self) -> u8

Convert to u8 value

Source

pub const fn is_secure(&self) -> bool

Check if this suite is considered secure (not deprecated)

Source

pub const fn is_post_quantum(&self) -> bool

Check if this suite provides post-quantum resistance

Source

pub const fn is_government_approved(&self) -> bool

Check if this suite is government-approved

Source

pub const fn is_deprecated(&self) -> bool

Check if this suite is deprecated

Source

pub const fn signature_size(&self) -> usize

Get signature size in bytes

Source

pub const fn public_key_size(&self) -> usize

Get public key size in bytes

Source

pub const fn encryption_key_size(&self) -> usize

Get encryption key size in bytes

Source

pub const fn hash_size(&self) -> usize

Get hash output size in bytes

Source

pub const fn name(&self) -> &'static str

Get human-readable name

Source

pub const fn signature_algorithm(&self) -> &'static str

Get signature algorithm name

Source

pub const fn encryption_algorithm(&self) -> &'static str

Get encryption algorithm name

Source

pub const fn hash_algorithm(&self) -> &'static str

Get hash algorithm name

Source

pub const fn kdf_algorithm(&self) -> &'static str

Get KDF algorithm name

Source

pub const fn migration_target(&self) -> Option<Self>

Get recommended migration target

Source

pub const fn security_level_bits(&self) -> u32

Get security level in bits (classical equivalent)

Source

pub const fn meets_security_level(&self, min_bits: u32) -> bool

Check if suite meets minimum security level

Source

pub const fn all() -> &'static [Self]

Get all available suites

Source

pub const fn recommended() -> &'static [Self]

Get recommended suites for new deployments

Trait Implementations§

Source§

impl Clone for CipherSuite

Source§

fn clone(&self) -> CipherSuite

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for CipherSuite

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for CipherSuite

Source§

fn default() -> CipherSuite

Returns the “default value” for a type. Read more
Source§

impl<'de> Deserialize<'de> for CipherSuite

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl PartialEq for CipherSuite

Source§

fn eq(&self, other: &CipherSuite) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl Serialize for CipherSuite

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more
Source§

impl Copy for CipherSuite

Source§

impl Eq for CipherSuite

Source§

impl StructuralPartialEq for CipherSuite

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> Pointable for T

Source§

const ALIGN: usize

The alignment of pointer.
Source§

type Init = T

The type for initializers.
Source§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
Source§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
Source§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
Source§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,