rustls_post_quantum/
lib.rs

1//! This crate provide a [`CryptoProvider`] built on the default aws-lc-rs default provider.
2//!
3//! Features:
4//!
5//! - `aws-lc-rs-unstable`: adds support for three variants of the experimental ML-DSA signature
6//!   algorithm.
7//!
8//! Before rustls 0.23.22, this crate additionally provided support for the ML-KEM key exchange
9//! (both "pure" and hybrid variants), but these have been moved to the rustls crate itself.
10//! In rustls 0.23.22 and later, you can use rustls' `prefer-post-quantum` feature to determine
11//! whether the ML-KEM key exchange is preferred over non-post-quantum key exchanges.
12
13#[cfg(feature = "aws-lc-rs-unstable")]
14use rustls::SignatureScheme;
15use rustls::crypto::CryptoProvider;
16#[cfg(feature = "aws-lc-rs-unstable")]
17use rustls::crypto::WebPkiSupportedAlgorithms;
18pub use rustls::crypto::aws_lc_rs::kx_group::{MLKEM768, X25519MLKEM768};
19#[cfg(feature = "aws-lc-rs-unstable")]
20use webpki::aws_lc_rs as webpki_algs;
21
22pub fn provider() -> CryptoProvider {
23    #[cfg_attr(not(feature = "aws-lc-rs-unstable"), allow(unused_mut))]
24    let mut provider = rustls::crypto::aws_lc_rs::default_provider();
25    #[cfg(feature = "aws-lc-rs-unstable")]
26    {
27        provider.signature_verification_algorithms = SUPPORTED_SIG_ALGS;
28    }
29    provider
30}
31
32/// Keep in sync with the `SUPPORTED_SIG_ALGS` in `rustls::crypto::aws_lc_rs`.
33#[cfg(feature = "aws-lc-rs-unstable")]
34static SUPPORTED_SIG_ALGS: WebPkiSupportedAlgorithms = WebPkiSupportedAlgorithms {
35    all: &[
36        webpki_algs::ECDSA_P256_SHA256,
37        webpki_algs::ECDSA_P256_SHA384,
38        webpki_algs::ECDSA_P384_SHA256,
39        webpki_algs::ECDSA_P384_SHA384,
40        webpki_algs::ECDSA_P521_SHA256,
41        webpki_algs::ECDSA_P521_SHA384,
42        webpki_algs::ECDSA_P521_SHA512,
43        webpki_algs::ED25519,
44        webpki_algs::RSA_PSS_2048_8192_SHA256_LEGACY_KEY,
45        webpki_algs::RSA_PSS_2048_8192_SHA384_LEGACY_KEY,
46        webpki_algs::RSA_PSS_2048_8192_SHA512_LEGACY_KEY,
47        webpki_algs::RSA_PKCS1_2048_8192_SHA256,
48        webpki_algs::RSA_PKCS1_2048_8192_SHA384,
49        webpki_algs::RSA_PKCS1_2048_8192_SHA512,
50        webpki_algs::RSA_PKCS1_2048_8192_SHA256_ABSENT_PARAMS,
51        webpki_algs::RSA_PKCS1_2048_8192_SHA384_ABSENT_PARAMS,
52        webpki_algs::RSA_PKCS1_2048_8192_SHA512_ABSENT_PARAMS,
53        #[cfg(feature = "aws-lc-rs-unstable")]
54        webpki_algs::ML_DSA_44,
55        #[cfg(feature = "aws-lc-rs-unstable")]
56        webpki_algs::ML_DSA_65,
57        #[cfg(feature = "aws-lc-rs-unstable")]
58        webpki_algs::ML_DSA_87,
59    ],
60    mapping: &[
61        // Note: for TLS1.2 the curve is not fixed by SignatureScheme. For TLS1.3 it is.
62        (
63            SignatureScheme::ECDSA_NISTP384_SHA384,
64            &[
65                webpki_algs::ECDSA_P384_SHA384,
66                webpki_algs::ECDSA_P256_SHA384,
67                webpki_algs::ECDSA_P521_SHA384,
68            ],
69        ),
70        (
71            SignatureScheme::ECDSA_NISTP256_SHA256,
72            &[
73                webpki_algs::ECDSA_P256_SHA256,
74                webpki_algs::ECDSA_P384_SHA256,
75                webpki_algs::ECDSA_P521_SHA256,
76            ],
77        ),
78        (
79            SignatureScheme::ECDSA_NISTP521_SHA512,
80            &[webpki_algs::ECDSA_P521_SHA512],
81        ),
82        (SignatureScheme::ED25519, &[webpki_algs::ED25519]),
83        (
84            SignatureScheme::RSA_PSS_SHA512,
85            &[webpki_algs::RSA_PSS_2048_8192_SHA512_LEGACY_KEY],
86        ),
87        (
88            SignatureScheme::RSA_PSS_SHA384,
89            &[webpki_algs::RSA_PSS_2048_8192_SHA384_LEGACY_KEY],
90        ),
91        (
92            SignatureScheme::RSA_PSS_SHA256,
93            &[webpki_algs::RSA_PSS_2048_8192_SHA256_LEGACY_KEY],
94        ),
95        (
96            SignatureScheme::RSA_PKCS1_SHA512,
97            &[webpki_algs::RSA_PKCS1_2048_8192_SHA512],
98        ),
99        (
100            SignatureScheme::RSA_PKCS1_SHA384,
101            &[webpki_algs::RSA_PKCS1_2048_8192_SHA384],
102        ),
103        (
104            SignatureScheme::RSA_PKCS1_SHA256,
105            &[webpki_algs::RSA_PKCS1_2048_8192_SHA256],
106        ),
107        #[cfg(feature = "aws-lc-rs-unstable")]
108        (SignatureScheme::ML_DSA_44, &[webpki_algs::ML_DSA_44]),
109        #[cfg(feature = "aws-lc-rs-unstable")]
110        (SignatureScheme::ML_DSA_65, &[webpki_algs::ML_DSA_65]),
111        #[cfg(feature = "aws-lc-rs-unstable")]
112        (SignatureScheme::ML_DSA_87, &[webpki_algs::ML_DSA_87]),
113    ],
114};