Struct rustls::SupportedCipherSuite
[−]
[src]
pub struct SupportedCipherSuite { pub suite: CipherSuite, pub kx: KeyExchangeAlgorithm, pub bulk: BulkAlgorithm, pub hash: HashAlgorithm, pub sign: SignatureAlgorithm, pub enc_key_len: usize, pub fixed_iv_len: usize, pub explicit_nonce_len: usize, }
A cipher suite supported by rustls.
All possible instances of this class are provided by the library in
the ALL_CIPHERSUITES
array.
Fields
suite: CipherSuite
The TLS enumeration naming this cipher suite.
kx: KeyExchangeAlgorithm
bulk: BulkAlgorithm
hash: HashAlgorithm
sign: SignatureAlgorithm
enc_key_len: usize
fixed_iv_len: usize
explicit_nonce_len: usize
This is a non-standard extension which extends the key block to provide an initial explicit nonce offset, in a deterministic and safe way. GCM needs this, chacha20poly1305 works this way by design.
Methods
impl SupportedCipherSuite
[src]
fn get_hash(&self) -> &'static Algorithm
fn do_client_kx(&self, kx_params: &[u8]) -> Option<KeyExchangeResult>
We have parameters and a verified public key in kx_params
.
Generate an ephemeral key, generate the shared secret, and
return it and the public half in a KeyExchangeResult
.
fn start_server_kx(&self, named_group: NamedGroup) -> Option<KeyExchange>
fn resolve_sig_scheme(&self,
offered: &[SignatureScheme])
-> Option<SignatureScheme>
offered: &[SignatureScheme])
-> Option<SignatureScheme>
Resolve a single supported SignatureScheme
from the
offered SupportedSignatureSchemes
. If we return None,
the handshake terminates.
fn get_aead_alg(&self) -> &'static Algorithm
fn key_block_len(&self) -> usize
fn usable_for_version(&self, version: ProtocolVersion) -> bool
Return true if this suite is usable for TLS version
.
fn can_resume_to(&self, new_suite: &SupportedCipherSuite) -> bool
Can a session using suite self resume using suite new_suite?