rustls_graviola/lib.rs
1//! <h1 align="center">Graviola</h1>
2//! <img width="40%" align="right" src="https://raw.githubusercontent.com/ctz/graviola/main/admin/picture.png">
3//!
4//! This crate provides an integration between [rustls](https://github.com/rustls/rustls) and [Graviola](https://github.com/ctz/graviola/).
5//!
6//! Use it like:
7//!
8//! ```rust
9//! rustls_graviola::default_provider()
10//! .install_default()
11//! .unwrap();
12//! ```
13//!
14//! And then use rustls as normal.
15
16use rustls::crypto::CryptoProvider;
17
18mod aead;
19mod hash;
20mod hmac;
21mod sign;
22mod verify;
23
24/// Supported key exchange algorithms.
25pub mod kx;
26
27/// Supported cipher suites.
28pub mod suites;
29
30mod ticketer;
31pub use ticketer::Ticketer;
32
33/// This is a rustls [`CryptoProvider`] using cryptography from Graviola.
34///
35/// This provides the same algorithms as the rustls *ring*-based
36/// provider, which are interoperable and safe defaults for modern TLS.
37pub fn default_provider() -> CryptoProvider {
38 CryptoProvider {
39 cipher_suites: suites::ALL_CIPHER_SUITES.to_vec(),
40 kx_groups: kx::ALL_KX_GROUPS.to_vec(),
41 signature_verification_algorithms: verify::ALGORITHMS,
42 secure_random: &RngProvider,
43 key_provider: &sign::Provider,
44 }
45}
46
47#[derive(Debug)]
48struct RngProvider;
49
50impl rustls::crypto::SecureRandom for RngProvider {
51 fn fill(&self, bytes: &mut [u8]) -> Result<(), rustls::crypto::GetRandomFailed> {
52 graviola::random::fill(bytes).map_err(|_| rustls::crypto::GetRandomFailed)
53 }
54}