Struct rustls::SupportedCipherSuite
[−]
[src]
pub struct SupportedCipherSuite { pub suite: CipherSuite, pub kx: KeyExchangeAlgorithm, pub bulk: BulkAlgorithm, pub hash: HashAlgorithm, pub sign: SignatureAlgorithm, pub enc_key_len: usize, pub fixed_iv_len: usize, pub explicit_nonce_len: usize, }
A cipher suite supported by rustls.
All possible instances of this class are provided by the library in
the ALL_CIPHERSUITES
array.
Fields
suite: CipherSuite
The TLS enumeration naming this cipher suite.
kx: KeyExchangeAlgorithm
How to exchange/agree keys.
bulk: BulkAlgorithm
How to do bulk encryption.
hash: HashAlgorithm
How to do hashing.
sign: SignatureAlgorithm
How to sign messages.
enc_key_len: usize
Encryption key length, for the bulk algorithm.
fixed_iv_len: usize
How long the fixed part of the 'IV' is.
This isn't usually an IV, but we continue the terminology misuse to match the standard.
explicit_nonce_len: usize
This is a non-standard extension which extends the key block to provide an initial explicit nonce offset, in a deterministic and safe way. GCM needs this, chacha20poly1305 works this way by design.
Methods
impl SupportedCipherSuite
[src]
fn get_hash(&self) -> &'static Algorithm
Which hash function to use with this suite.
fn do_client_kx(&self, kx_params: &[u8]) -> Option<KeyExchangeResult>
We have parameters and a verified public key in kx_params
.
Generate an ephemeral key, generate the shared secret, and
return it and the public half in a KeyExchangeResult
.
fn start_server_kx(&self, named_group: NamedGroup) -> Option<KeyExchange>
Start the KX process with the given group. This generates the server's share, but we don't yet have the client's share.
fn resolve_sig_scheme(
&self,
offered: &[SignatureScheme]
) -> Option<SignatureScheme>
&self,
offered: &[SignatureScheme]
) -> Option<SignatureScheme>
Resolve a single supported SignatureScheme
from the
offered SupportedSignatureSchemes
. If we return None,
the handshake terminates.
fn get_aead_alg(&self) -> &'static Algorithm
Which AEAD algorithm to use for this suite.
fn key_block_len(&self) -> usize
Length of key block that needs to be output by the key derivation phase for this suite.
fn usable_for_version(&self, version: ProtocolVersion) -> bool
Return true if this suite is usable for TLS version
.
fn can_resume_to(&self, new_suite: &SupportedCipherSuite) -> bool
Can a session using suite self resume using suite new_suite?