SupportedKxGroup

rustls::crypto

Trait SupportedKxGroup 

Source 
pub trait SupportedKxGroup:
    Send
    + Sync
    + Debug {
    // Required methods
    fn start(&self) -> Result<StartedKeyExchange, Error>;
    fn name(&self) -> NamedGroup;

    // Provided methods
    fn start_and_complete(
        &self,
        peer_pub_key: &[u8],
    ) -> Result<CompletedKeyExchange, Error> { ... }
    fn ffdhe_group(&self) -> Option<FfdheGroup<'static>> { ... }
    fn fips(&self) -> bool { ... }
}
Expand description

A supported key exchange group.

This type carries both configuration and implementation. Specifically, it has a TLS-level name expressed using the NamedGroup enum, and a function which produces a ActiveKeyExchange.

Compare with NamedGroup, which carries solely a protocol identifier.

Required Methods§

Source

fn start(&self) -> Result<StartedKeyExchange, Error>

Start a key exchange.

This will prepare an ephemeral secret key in the supported group, and a corresponding public key. The key exchange can be completed by calling ActiveKeyExchange::complete() or discarded.

Most implementations will want to return the StartedKeyExchange::Single(_) variant. Hybrid key exchange algorithms, which are constructed from two underlying algorithms, may wish to return StartedKeyExchange::Hybrid(_) variant which additionally allows one part of the key exchange to be completed separately. See the documentation on HybridKeyExchange for more detail.

§Errors

This can fail if the random source fails during ephemeral key generation.

Source

fn name(&self) -> NamedGroup

Named group the SupportedKxGroup operates in.

If the NamedGroup enum does not have a name for the algorithm you are implementing, you can use NamedGroup::Unknown.

Provided Methods§

Source

fn start_and_complete( &self, peer_pub_key: &[u8], ) -> Result<CompletedKeyExchange, Error>

Start and complete a key exchange, in one operation.

The default implementation for this calls start() and then calls complete() on the result. This is suitable for Diffie-Hellman-like key exchange algorithms, where there is not a data dependency between our key share (named “pub_key” in this API) and the peer’s (peer_pub_key).

If there is such a data dependency (like key encapsulation mechanisms), this function should be implemented.

Source

fn ffdhe_group(&self) -> Option<FfdheGroup<'static>>

FFDHE group the SupportedKxGroup operates in, if any.

The default implementation returns None, so non-FFDHE groups (the most common) do not need to do anything.

FFDHE groups must implement this. rustls::ffdhe_groups contains suitable values to return, for example rustls::ffdhe_groups::FFDHE2048.

Source

fn fips(&self) -> bool

Return true if this is backed by a FIPS-approved implementation.

Implementors§