aranya-crypto 0.14.1

The Aranya Cryptography Engine
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152

use core::fmt;

use serde::{Deserialize, Serialize};
use zerocopy::{Immutable, IntoBytes, KnownLayout};

/// A TLS version.
#[repr(u16)]
#[derive(
    Copy,
    Clone,
    Debug,
    Eq,
    PartialEq,
    Hash,
    Immutable,
    IntoBytes,
    KnownLayout,
    Serialize,
    Deserialize,
)]
#[non_exhaustive]
pub(crate) enum Version {
    Tls13 = u16::to_be(0x0304),
}

/// A TLS 1.3 cipher suite.
#[repr(u16)]
#[derive(
    Copy,
    Clone,
    Debug,
    Eq,
    PartialEq,
    Hash,
    Immutable,
    IntoBytes,
    KnownLayout,
    Serialize,
    Deserialize,
)]
#[non_exhaustive]
pub enum CipherSuiteId {
    /// TLS_AES_128_GCM_SHA256
    #[serde(rename = "TLS_AES_128_GCM_SHA256")]
    TlsAes128GcmSha256 = u16::to_be(0x1301),
    /// TLS_AES_256_GCM_SHA384
    #[serde(rename = "TLS_AES_256_GCM_SHA384")]
    TlsAes256GcmSha384 = u16::to_be(0x1302),
    /// TLS_CHACHA20_POLY1305_SHA256
    #[serde(rename = "TLS_CHACHA20_POLY1305_SHA256")]
    TlsChaCha20Poly1305Sha256 = u16::to_be(0x1303),
    /// TLS_AES_128_CCM_SHA256
    #[serde(rename = "TLS_AES_128_CCM_SHA256")]
    TlsAes128CcmSha256 = u16::to_be(0x1304),
    /// TLS_AES_128_CCM_8_SHA256
    #[serde(rename = "TLS_AES_128_CCM_8_SHA256")]
    TlsAes128Ccm8Sha256 = u16::to_be(0x1305),
}

impl CipherSuiteId {
    /// Returns all of the cipher suites.
    pub const fn all() -> &'static [Self] {
        use CipherSuiteId::*;
        &[
            TlsAes128GcmSha256,
            TlsAes256GcmSha384,
            TlsChaCha20Poly1305Sha256,
            TlsAes128CcmSha256,
            TlsAes128Ccm8Sha256,
        ]
    }

    /// Converts the cipher suite to its (big endian) byte
    /// representation.
    pub const fn to_bytes(self) -> [u8; 2] {
        zerocopy::transmute!(self)
    }

    /// Attempts to create a cipher suite from its (big endian)
    /// byte representation.
    ///
    /// It returns `None` if `bytes` is not a valid cipher suite.
    pub const fn try_from_bytes(bytes: [u8; 2]) -> Option<Self> {
        use CipherSuiteId::*;
        let id = match u16::from_be_bytes(bytes) {
            0x1301 => TlsAes128GcmSha256,
            0x1302 => TlsAes256GcmSha384,
            0x1303 => TlsChaCha20Poly1305Sha256,
            0x1304 => TlsAes128CcmSha256,
            0x1305 => TlsAes128Ccm8Sha256,
            _ => return None,
        };
        Some(id)
    }
}

impl fmt::Display for CipherSuiteId {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        use CipherSuiteId::*;
        let name = match self {
            TlsAes128GcmSha256 => "TLS_AES_128_GCM_SHA256",
            TlsAes256GcmSha384 => "TLS_AES_256_GCM_SHA384",
            TlsChaCha20Poly1305Sha256 => "TLS_CHACHA20_POLY1305_SHA256",
            TlsAes128CcmSha256 => "TLS_AES_128_CCM_SHA256",
            TlsAes128Ccm8Sha256 => "TLS_AES_128_CCM_8_SHA256",
        };
        name.fmt(f)
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_cipher_suite_id() {
        use CipherSuiteId::*;
        let tests = [
            ([0x13, 0x01], Some(TlsAes128GcmSha256)),
            ([0x13, 0x02], Some(TlsAes256GcmSha384)),
            ([0x13, 0x03], Some(TlsChaCha20Poly1305Sha256)),
            ([0x13, 0x04], Some(TlsAes128CcmSha256)),
            ([0x13, 0x05], Some(TlsAes128Ccm8Sha256)),
            ([0x13, 0x00], None),
            ([0x13, 0x06], None),
        ];
        for (idx, (bytes, suite)) in tests.into_iter().enumerate() {
            let got = CipherSuiteId::try_from_bytes(bytes);
            assert_eq!(got, suite, "#{idx}");

            let Some(suite) = suite else {
                continue;
            };

            assert_eq!(suite.to_bytes(), bytes, "#{idx}");

            // Ensure that the `zerocopy` impls match the manual
            // methods.
            let got = suite.as_bytes();
            let want = suite.to_bytes();
            assert_eq!(got, want, "#{idx}");
        }
    }

    #[test]
    fn test_cipher_suite_round_trip() {
        for &suite in CipherSuiteId::all() {
            let got = CipherSuiteId::try_from_bytes(suite.to_bytes());
            assert_eq!(got, Some(suite), "{suite}");
        }
    }
}