rustls/crypto/enums.rs
1use crate::crypto::hash;
2
3enum_builder! {
4 /// The `CipherSuite` TLS protocol enum. Values in this enum are taken
5 /// from the various RFCs covering TLS, and are listed by IANA.
6 pub struct CipherSuite(pub u16);
7
8 enum CipherSuiteName {
9 /// The `TLS_DHE_RSA_WITH_AES_128_GCM_SHA256` cipher suite. Recommended=Y. Defined in
10 /// <https://www.iana.org/go/rfc5288>
11 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 => 0x009e,
12
13 /// The `TLS_DHE_RSA_WITH_AES_256_GCM_SHA384` cipher suite. Recommended=Y. Defined in
14 /// <https://www.iana.org/go/rfc5288>
15 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 => 0x009f,
16
17 /// The `TLS_DHE_PSK_WITH_AES_128_GCM_SHA256` cipher suite. Recommended=Y. Defined in
18 /// <https://www.iana.org/go/rfc5487>
19 TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 => 0x00aa,
20
21 /// The `TLS_DHE_PSK_WITH_AES_256_GCM_SHA384` cipher suite. Recommended=Y. Defined in
22 /// <https://www.iana.org/go/rfc5487>
23 TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 => 0x00ab,
24
25 /// The `TLS_AES_128_GCM_SHA256` cipher suite. Recommended=Y. Defined in
26 /// <https://www.iana.org/go/rfc8446>
27 TLS13_AES_128_GCM_SHA256 => 0x1301,
28
29 /// The `TLS_AES_256_GCM_SHA384` cipher suite. Recommended=Y. Defined in
30 /// <https://www.iana.org/go/rfc8446>
31 TLS13_AES_256_GCM_SHA384 => 0x1302,
32
33 /// The `TLS_CHACHA20_POLY1305_SHA256` cipher suite. Recommended=Y. Defined in
34 /// <https://www.iana.org/go/rfc8446>
35 TLS13_CHACHA20_POLY1305_SHA256 => 0x1303,
36
37 /// The `TLS_AES_128_CCM_SHA256` cipher suite. Recommended=Y. Defined in
38 /// <https://www.iana.org/go/rfc8446>
39 TLS13_AES_128_CCM_SHA256 => 0x1304,
40
41 /// The `TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256` cipher suite. Recommended=Y. Defined in
42 /// <https://www.iana.org/go/rfc5289>
43 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 => 0xc02b,
44
45 /// The `TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384` cipher suite. Recommended=Y. Defined in
46 /// <https://www.iana.org/go/rfc5289>
47 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 => 0xc02c,
48
49 /// The `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256` cipher suite. Recommended=Y. Defined in
50 /// <https://www.iana.org/go/rfc5289>
51 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 => 0xc02f,
52
53 /// The `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384` cipher suite. Recommended=Y. Defined in
54 /// <https://www.iana.org/go/rfc5289>
55 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 => 0xc030,
56
57 /// The `TLS_DHE_RSA_WITH_AES_128_CCM` cipher suite. Recommended=Y. Defined in
58 /// <https://www.iana.org/go/rfc6655>
59 TLS_DHE_RSA_WITH_AES_128_CCM => 0xc09e,
60
61 /// The `TLS_DHE_RSA_WITH_AES_256_CCM` cipher suite. Recommended=Y. Defined in
62 /// <https://www.iana.org/go/rfc6655>
63 TLS_DHE_RSA_WITH_AES_256_CCM => 0xc09f,
64
65 /// The `TLS_DHE_PSK_WITH_AES_128_CCM` cipher suite. Recommended=Y. Defined in
66 /// <https://www.iana.org/go/rfc6655>
67 TLS_DHE_PSK_WITH_AES_128_CCM => 0xc0a6,
68
69 /// The `TLS_DHE_PSK_WITH_AES_256_CCM` cipher suite. Recommended=Y. Defined in
70 /// <https://www.iana.org/go/rfc6655>
71 TLS_DHE_PSK_WITH_AES_256_CCM => 0xc0a7,
72
73 /// The `TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256` cipher suite. Recommended=Y. Defined in
74 /// <https://www.iana.org/go/rfc7905>
75 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 => 0xcca8,
76
77 /// The `TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256` cipher suite. Recommended=Y. Defined in
78 /// <https://www.iana.org/go/rfc7905>
79 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 => 0xcca9,
80
81 /// The `TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256` cipher suite. Recommended=Y. Defined in
82 /// <https://www.iana.org/go/rfc7905>
83 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 => 0xccaa,
84
85 /// The `TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256` cipher suite. Recommended=Y. Defined in
86 /// <https://www.iana.org/go/rfc7905>
87 TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 => 0xccac,
88
89 /// The `TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256` cipher suite. Recommended=Y. Defined in
90 /// <https://www.iana.org/go/rfc7905>
91 TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 => 0xccad,
92
93 /// The `TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256` cipher suite. Recommended=Y. Defined in
94 /// <https://www.iana.org/go/rfc8442>
95 TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 => 0xd001,
96
97 /// The `TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384` cipher suite. Recommended=Y. Defined in
98 /// <https://www.iana.org/go/rfc8442>
99 TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384 => 0xd002,
100
101 /// The `TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256` cipher suite. Recommended=Y. Defined in
102 /// <https://www.iana.org/go/rfc8442>
103 TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256 => 0xd005,
104
105 /// The `TLS_RSA_WITH_AES_128_CBC_SHA` cipher suite. Recommended=N. Defined in
106 /// <https://www.iana.org/go/rfc5246>
107 TLS_RSA_WITH_AES_128_CBC_SHA => 0x002f,
108
109 /// The `TLS_DHE_RSA_WITH_AES_128_CBC_SHA` cipher suite. Recommended=N. Defined in
110 /// <https://www.iana.org/go/rfc5246>
111 TLS_DHE_RSA_WITH_AES_128_CBC_SHA => 0x0033,
112
113 /// The `TLS_RSA_WITH_AES_256_CBC_SHA` cipher suite. Recommended=N. Defined in
114 /// <https://www.iana.org/go/rfc5246>
115 TLS_RSA_WITH_AES_256_CBC_SHA => 0x0035,
116
117 /// The `TLS_DHE_RSA_WITH_AES_256_CBC_SHA` cipher suite. Recommended=N. Defined in
118 /// <https://www.iana.org/go/rfc5246>
119 TLS_DHE_RSA_WITH_AES_256_CBC_SHA => 0x0039,
120
121 /// The `TLS_RSA_WITH_AES_128_CBC_SHA256` cipher suite. Recommended=N. Defined in
122 /// <https://www.iana.org/go/rfc5246>
123 TLS_RSA_WITH_AES_128_CBC_SHA256 => 0x003c,
124
125 /// The `TLS_RSA_WITH_AES_256_CBC_SHA256` cipher suite. Recommended=N. Defined in
126 /// <https://www.iana.org/go/rfc5246>
127 TLS_RSA_WITH_AES_256_CBC_SHA256 => 0x003d,
128
129 /// The `TLS_DHE_RSA_WITH_AES_128_CBC_SHA256` cipher suite. Recommended=N. Defined in
130 /// <https://www.iana.org/go/rfc5246>
131 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 => 0x0067,
132
133 /// The `TLS_DHE_RSA_WITH_AES_256_CBC_SHA256` cipher suite. Recommended=N. Defined in
134 /// <https://www.iana.org/go/rfc5246>
135 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 => 0x006b,
136
137 /// The `TLS_PSK_WITH_AES_128_CBC_SHA` cipher suite. Recommended=N. Defined in
138 /// <https://www.iana.org/go/rfc4279>
139 TLS_PSK_WITH_AES_128_CBC_SHA => 0x008c,
140
141 /// The `TLS_PSK_WITH_AES_256_CBC_SHA` cipher suite. Recommended=N. Defined in
142 /// <https://www.iana.org/go/rfc4279>
143 TLS_PSK_WITH_AES_256_CBC_SHA => 0x008d,
144
145 /// The `TLS_DHE_PSK_WITH_AES_128_CBC_SHA` cipher suite. Recommended=N. Defined in
146 /// <https://www.iana.org/go/rfc4279>
147 TLS_DHE_PSK_WITH_AES_128_CBC_SHA => 0x0090,
148
149 /// The `TLS_DHE_PSK_WITH_AES_256_CBC_SHA` cipher suite. Recommended=N. Defined in
150 /// <https://www.iana.org/go/rfc4279>
151 TLS_DHE_PSK_WITH_AES_256_CBC_SHA => 0x0091,
152
153 /// The `TLS_RSA_PSK_WITH_AES_128_CBC_SHA` cipher suite. Recommended=N. Defined in
154 /// <https://www.iana.org/go/rfc4279>
155 TLS_RSA_PSK_WITH_AES_128_CBC_SHA => 0x0094,
156
157 /// The `TLS_RSA_PSK_WITH_AES_256_CBC_SHA` cipher suite. Recommended=N. Defined in
158 /// <https://www.iana.org/go/rfc4279>
159 TLS_RSA_PSK_WITH_AES_256_CBC_SHA => 0x0095,
160
161 /// The `TLS_RSA_WITH_AES_128_GCM_SHA256` cipher suite. Recommended=N. Defined in
162 /// <https://www.iana.org/go/rfc5288>
163 TLS_RSA_WITH_AES_128_GCM_SHA256 => 0x009c,
164
165 /// The `TLS_RSA_WITH_AES_256_GCM_SHA384` cipher suite. Recommended=N. Defined in
166 /// <https://www.iana.org/go/rfc5288>
167 TLS_RSA_WITH_AES_256_GCM_SHA384 => 0x009d,
168
169 /// The `TLS_PSK_WITH_AES_128_GCM_SHA256` cipher suite. Recommended=N. Defined in
170 /// <https://www.iana.org/go/rfc5487>
171 TLS_PSK_WITH_AES_128_GCM_SHA256 => 0x00a8,
172
173 /// The `TLS_PSK_WITH_AES_256_GCM_SHA384` cipher suite. Recommended=N. Defined in
174 /// <https://www.iana.org/go/rfc5487>
175 TLS_PSK_WITH_AES_256_GCM_SHA384 => 0x00a9,
176
177 /// The `TLS_RSA_PSK_WITH_AES_128_GCM_SHA256` cipher suite. Recommended=N. Defined in
178 /// <https://www.iana.org/go/rfc5487>
179 TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 => 0x00ac,
180
181 /// The `TLS_RSA_PSK_WITH_AES_256_GCM_SHA384` cipher suite. Recommended=N. Defined in
182 /// <https://www.iana.org/go/rfc5487>
183 TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 => 0x00ad,
184
185 /// The `TLS_PSK_WITH_AES_128_CBC_SHA256` cipher suite. Recommended=N. Defined in
186 /// <https://www.iana.org/go/rfc5487>
187 TLS_PSK_WITH_AES_128_CBC_SHA256 => 0x00ae,
188
189 /// The `TLS_PSK_WITH_AES_256_CBC_SHA384` cipher suite. Recommended=N. Defined in
190 /// <https://www.iana.org/go/rfc5487>
191 TLS_PSK_WITH_AES_256_CBC_SHA384 => 0x00af,
192
193 /// The `TLS_DHE_PSK_WITH_AES_128_CBC_SHA256` cipher suite. Recommended=N. Defined in
194 /// <https://www.iana.org/go/rfc5487>
195 TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 => 0x00b2,
196
197 /// The `TLS_DHE_PSK_WITH_AES_256_CBC_SHA384` cipher suite. Recommended=N. Defined in
198 /// <https://www.iana.org/go/rfc5487>
199 TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 => 0x00b3,
200
201 /// The `TLS_RSA_PSK_WITH_AES_128_CBC_SHA256` cipher suite. Recommended=N. Defined in
202 /// <https://www.iana.org/go/rfc5487>
203 TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 => 0x00b6,
204
205 /// The `TLS_RSA_PSK_WITH_AES_256_CBC_SHA384` cipher suite. Recommended=N. Defined in
206 /// <https://www.iana.org/go/rfc5487>
207 TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 => 0x00b7,
208
209 /// The `TLS_SM4_GCM_SM3` cipher suite. Recommended=N. Defined in
210 /// <https://www.iana.org/go/rfc8998>
211 TLS13_SM4_GCM_SM3 => 0x00c6,
212
213 /// The `TLS_SM4_CCM_SM3` cipher suite. Recommended=N. Defined in
214 /// <https://www.iana.org/go/rfc8998>
215 TLS13_SM4_CCM_SM3 => 0x00c7,
216
217 /// The `TLS_EMPTY_RENEGOTIATION_INFO_SCSV` cipher suite. Recommended=N. Defined in
218 /// <https://www.iana.org/go/rfc5746>
219 TLS_EMPTY_RENEGOTIATION_INFO_SCSV => 0x00ff,
220
221 /// The `TLS_AES_128_CCM_8_SHA256` cipher suite. Recommended=N. Defined in
222 /// <https://www.iana.org/go/rfc8446>
223 TLS13_AES_128_CCM_8_SHA256 => 0x1305,
224
225 /// The `TLS_FALLBACK_SCSV` cipher suite. Recommended=N. Defined in
226 /// <https://www.iana.org/go/rfc7507>
227 TLS_FALLBACK_SCSV => 0x5600,
228
229 /// The `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA` cipher suite. Recommended=N. Defined in
230 /// <https://www.iana.org/go/rfc8422>
231 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA => 0xc009,
232
233 /// The `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA` cipher suite. Recommended=N. Defined in
234 /// <https://www.iana.org/go/rfc8422>
235 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA => 0xc00a,
236
237 /// The `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA` cipher suite. Recommended=N. Defined in
238 /// <https://www.iana.org/go/rfc8422>
239 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA => 0xc013,
240
241 /// The `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA` cipher suite. Recommended=N. Defined in
242 /// <https://www.iana.org/go/rfc8422>
243 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA => 0xc014,
244
245 /// The `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256` cipher suite. Recommended=N. Defined in
246 /// <https://www.iana.org/go/rfc5289>
247 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 => 0xc023,
248
249 /// The `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384` cipher suite. Recommended=N. Defined in
250 /// <https://www.iana.org/go/rfc5289>
251 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 => 0xc024,
252
253 /// The `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256` cipher suite. Recommended=N. Defined in
254 /// <https://www.iana.org/go/rfc5289>
255 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 => 0xc027,
256
257 /// The `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384` cipher suite. Recommended=N. Defined in
258 /// <https://www.iana.org/go/rfc5289>
259 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 => 0xc028,
260
261 /// The `TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA` cipher suite. Recommended=N. Defined in
262 /// <https://www.iana.org/go/rfc5489>
263 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA => 0xc035,
264
265 /// The `TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA` cipher suite. Recommended=N. Defined in
266 /// <https://www.iana.org/go/rfc5489>
267 TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA => 0xc036,
268
269 /// The `TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256` cipher suite. Recommended=N. Defined in
270 /// <https://www.iana.org/go/rfc5489>
271 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 => 0xc037,
272
273 /// The `TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384` cipher suite. Recommended=N. Defined in
274 /// <https://www.iana.org/go/rfc5489>
275 TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 => 0xc038,
276
277 /// The `TLS_RSA_WITH_AES_128_CCM` cipher suite. Recommended=N. Defined in
278 /// <https://www.iana.org/go/rfc6655>
279 TLS_RSA_WITH_AES_128_CCM => 0xc09c,
280
281 /// The `TLS_RSA_WITH_AES_256_CCM` cipher suite. Recommended=N. Defined in
282 /// <https://www.iana.org/go/rfc6655>
283 TLS_RSA_WITH_AES_256_CCM => 0xc09d,
284
285 /// The `TLS_RSA_WITH_AES_128_CCM_8` cipher suite. Recommended=N. Defined in
286 /// <https://www.iana.org/go/rfc6655>
287 TLS_RSA_WITH_AES_128_CCM_8 => 0xc0a0,
288
289 /// The `TLS_RSA_WITH_AES_256_CCM_8` cipher suite. Recommended=N. Defined in
290 /// <https://www.iana.org/go/rfc6655>
291 TLS_RSA_WITH_AES_256_CCM_8 => 0xc0a1,
292
293 /// The `TLS_DHE_RSA_WITH_AES_128_CCM_8` cipher suite. Recommended=N. Defined in
294 /// <https://www.iana.org/go/rfc6655>
295 TLS_DHE_RSA_WITH_AES_128_CCM_8 => 0xc0a2,
296
297 /// The `TLS_DHE_RSA_WITH_AES_256_CCM_8` cipher suite. Recommended=N. Defined in
298 /// <https://www.iana.org/go/rfc6655>
299 TLS_DHE_RSA_WITH_AES_256_CCM_8 => 0xc0a3,
300
301 /// The `TLS_PSK_WITH_AES_128_CCM` cipher suite. Recommended=N. Defined in
302 /// <https://www.iana.org/go/rfc6655>
303 TLS_PSK_WITH_AES_128_CCM => 0xc0a4,
304
305 /// The `TLS_PSK_WITH_AES_256_CCM` cipher suite. Recommended=N. Defined in
306 /// <https://www.iana.org/go/rfc6655>
307 TLS_PSK_WITH_AES_256_CCM => 0xc0a5,
308
309 /// The `TLS_PSK_WITH_AES_128_CCM_8` cipher suite. Recommended=N. Defined in
310 /// <https://www.iana.org/go/rfc6655>
311 TLS_PSK_WITH_AES_128_CCM_8 => 0xc0a8,
312
313 /// The `TLS_PSK_WITH_AES_256_CCM_8` cipher suite. Recommended=N. Defined in
314 /// <https://www.iana.org/go/rfc6655>
315 TLS_PSK_WITH_AES_256_CCM_8 => 0xc0a9,
316
317 /// The `TLS_PSK_DHE_WITH_AES_128_CCM_8` cipher suite. Recommended=N. Defined in
318 /// <https://www.iana.org/go/rfc6655>
319 TLS_PSK_DHE_WITH_AES_128_CCM_8 => 0xc0aa,
320
321 /// The `TLS_PSK_DHE_WITH_AES_256_CCM_8` cipher suite. Recommended=N. Defined in
322 /// <https://www.iana.org/go/rfc6655>
323 TLS_PSK_DHE_WITH_AES_256_CCM_8 => 0xc0ab,
324
325 /// The `TLS_ECDHE_ECDSA_WITH_AES_128_CCM` cipher suite. Recommended=N. Defined in
326 /// <https://www.iana.org/go/rfc7251>
327 TLS_ECDHE_ECDSA_WITH_AES_128_CCM => 0xc0ac,
328
329 /// The `TLS_ECDHE_ECDSA_WITH_AES_256_CCM` cipher suite. Recommended=N. Defined in
330 /// <https://www.iana.org/go/rfc7251>
331 TLS_ECDHE_ECDSA_WITH_AES_256_CCM => 0xc0ad,
332
333 /// The `TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8` cipher suite. Recommended=N. Defined in
334 /// <https://www.iana.org/go/rfc7251>
335 TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 => 0xc0ae,
336
337 /// The `TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8` cipher suite. Recommended=N. Defined in
338 /// <https://www.iana.org/go/rfc7251>
339 TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 => 0xc0af,
340
341 /// The `TLS_SHA256_SHA256` cipher suite. Recommended=N. Defined in
342 /// <https://www.iana.org/go/rfc9150>
343 TLS_SHA256_SHA256 => 0xc0b4,
344
345 /// The `TLS_SHA384_SHA384` cipher suite. Recommended=N. Defined in
346 /// <https://www.iana.org/go/rfc9150>
347 TLS_SHA384_SHA384 => 0xc0b5,
348
349 /// The `TLS_PSK_WITH_CHACHA20_POLY1305_SHA256` cipher suite. Recommended=N. Defined in
350 /// <https://www.iana.org/go/rfc7905>
351 TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 => 0xccab,
352
353 /// The `TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256` cipher suite. Recommended=N. Defined in
354 /// <https://www.iana.org/go/rfc7905>
355 TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 => 0xccae,
356
357 /// The `TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256` cipher suite. Recommended=N. Defined in
358 /// <https://www.iana.org/go/rfc8442>
359 TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256 => 0xd003,
360 }
361}
362
363enum_builder! {
364 /// The `SignatureScheme` TLS protocol enum. Values in this enum are taken
365 /// from the various RFCs covering TLS, and are listed by IANA.
366 pub struct SignatureScheme(pub u16);
367
368 enum SignatureSchemeName {
369 RSA_PKCS1_SHA1 => 0x0201,
370 ECDSA_SHA1_Legacy => 0x0203,
371 RSA_PKCS1_SHA256 => 0x0401,
372 ECDSA_NISTP256_SHA256 => 0x0403,
373 RSA_PKCS1_SHA384 => 0x0501,
374 ECDSA_NISTP384_SHA384 => 0x0503,
375 RSA_PKCS1_SHA512 => 0x0601,
376 ECDSA_NISTP521_SHA512 => 0x0603,
377 /// <https://www.iana.org/go/rfc8998>
378 SM2_SM3 => 0x0708,
379 RSA_PSS_SHA256 => 0x0804,
380 RSA_PSS_SHA384 => 0x0805,
381 RSA_PSS_SHA512 => 0x0806,
382 ED25519 => 0x0807,
383 ED448 => 0x0808,
384 // https://datatracker.ietf.org/doc/html/draft-ietf-tls-mldsa-00#name-iana-considerations
385 ML_DSA_44 => 0x0904,
386 ML_DSA_65 => 0x0905,
387 ML_DSA_87 => 0x0906,
388 }
389}
390
391impl SignatureScheme {
392 pub(crate) fn algorithm(&self) -> SignatureAlgorithm {
393 match *self {
394 Self::RSA_PKCS1_SHA1
395 | Self::RSA_PKCS1_SHA256
396 | Self::RSA_PKCS1_SHA384
397 | Self::RSA_PKCS1_SHA512
398 | Self::RSA_PSS_SHA256
399 | Self::RSA_PSS_SHA384
400 | Self::RSA_PSS_SHA512 => SignatureAlgorithm::RSA,
401 Self::ECDSA_SHA1_Legacy
402 | Self::ECDSA_NISTP256_SHA256
403 | Self::ECDSA_NISTP384_SHA384
404 | Self::ECDSA_NISTP521_SHA512 => SignatureAlgorithm::ECDSA,
405 Self::ED25519 => SignatureAlgorithm::ED25519,
406 Self::ED448 => SignatureAlgorithm::ED448,
407 _ => SignatureAlgorithm(0),
408 }
409 }
410
411 /// Whether a particular `SignatureScheme` is allowed for TLS protocol signatures
412 /// in TLS1.3.
413 ///
414 /// This prevents (eg) RSA_PKCS1_SHA256 being offered or accepted, even if our
415 /// verifier supports it for other protocol versions.
416 ///
417 /// See RFC8446 s4.2.3: <https://datatracker.ietf.org/doc/html/rfc8446#section-4.2.3>
418 ///
419 /// This is a denylist so that newly-allocated `SignatureScheme`s values are
420 /// allowed in TLS1.3 by default.
421 pub(crate) fn supported_in_tls13(&self) -> bool {
422 let [hash, sign] = self.to_array();
423
424 // This covers both disallowing SHA1 items in `SignatureScheme`, and
425 // old hash functions. See the section beginning "Legacy algorithms:"
426 // and item starting "In TLS 1.2, the extension contained hash/signature
427 // pairs" in RFC8446 section 4.2.3.
428 match HashAlgorithm::from(hash) {
429 HashAlgorithm::NONE
430 | HashAlgorithm::MD5
431 | HashAlgorithm::SHA1
432 | HashAlgorithm::SHA224 => return false,
433 _ => (),
434 };
435
436 // RSA-PKCS1 is also disallowed for TLS1.3, see the section beginning
437 // "RSASSA-PKCS1-v1_5 algorithms:" in RFC8446 section 4.2.3.
438 //
439 // (nb. SignatureAlgorithm::RSA is RSA-PKCS1, and does not cover RSA-PSS
440 // or RSAE-PSS.)
441 //
442 // This also covers the outlawing of DSA mentioned elsewhere in 4.2.3.
443 !matches!(
444 SignatureAlgorithm::from(sign),
445 SignatureAlgorithm::Anonymous | SignatureAlgorithm::RSA | SignatureAlgorithm::DSA
446 )
447 }
448}
449
450enum_builder! {
451 /// The `HashAlgorithm` TLS protocol enum. Values in this enum are taken
452 /// from the various RFCs covering TLS, and are listed by IANA.
453 pub struct HashAlgorithm(pub u8);
454
455 enum HashAlgorithmName {
456 NONE => 0x00,
457 MD5 => 0x01,
458 SHA1 => 0x02,
459 SHA224 => 0x03,
460 SHA256 => 0x04,
461 SHA384 => 0x05,
462 SHA512 => 0x06,
463 }
464}
465
466impl HashAlgorithm {
467 /// Returns the hash of the empty input.
468 ///
469 /// This returns `None` for some hash algorithms, so the caller
470 /// should be prepared to do the computation themselves in this case.
471 pub(crate) fn hash_for_empty_input(&self) -> Option<hash::Output> {
472 match *self {
473 Self::SHA256 => Some(hash::Output::new(
474 b"\xe3\xb0\xc4\x42\x98\xfc\x1c\x14\
475 \x9a\xfb\xf4\xc8\x99\x6f\xb9\x24\
476 \x27\xae\x41\xe4\x64\x9b\x93\x4c\
477 \xa4\x95\x99\x1b\x78\x52\xb8\x55",
478 )),
479 Self::SHA384 => Some(hash::Output::new(
480 b"\x38\xb0\x60\xa7\x51\xac\x96\x38\
481 \x4c\xd9\x32\x7e\xb1\xb1\xe3\x6a\
482 \x21\xfd\xb7\x11\x14\xbe\x07\x43\
483 \x4c\x0c\xc7\xbf\x63\xf6\xe1\xda\
484 \x27\x4e\xde\xbf\xe7\x6f\x65\xfb\
485 \xd5\x1a\xd2\xf1\x48\x98\xb9\x5b",
486 )),
487 _ => None,
488 }
489 }
490}
491
492enum_builder! {
493 /// The `SignatureAlgorithm` TLS protocol enum. Values in this enum are taken
494 /// from the various RFCs covering TLS, and are listed by IANA.
495 pub struct SignatureAlgorithm(pub u8);
496
497 enum SignatureAlgorithmName {
498 Anonymous => 0x00,
499 RSA => 0x01,
500 DSA => 0x02,
501 ECDSA => 0x03,
502 ED25519 => 0x07,
503 ED448 => 0x08,
504 }
505}
506
507#[cfg(test)]
508mod tests {
509 use super::*;
510 use crate::msgs::test_enum8;
511
512 #[test]
513 fn test_enums() {
514 test_enum8::<HashAlgorithm>(HashAlgorithm::NONE, HashAlgorithm::SHA512);
515 test_enum8::<SignatureAlgorithm>(SignatureAlgorithm::Anonymous, SignatureAlgorithm::ECDSA);
516 }
517
518 #[test]
519 fn tls13_signature_restrictions() {
520 // rsa-pkcs1 denied
521 assert!(!SignatureScheme::RSA_PKCS1_SHA1.supported_in_tls13());
522 assert!(!SignatureScheme::RSA_PKCS1_SHA256.supported_in_tls13());
523 assert!(!SignatureScheme::RSA_PKCS1_SHA384.supported_in_tls13());
524 assert!(!SignatureScheme::RSA_PKCS1_SHA512.supported_in_tls13());
525
526 // dsa denied
527 assert!(!SignatureScheme::from(0x0201).supported_in_tls13());
528 assert!(!SignatureScheme::from(0x0202).supported_in_tls13());
529 assert!(!SignatureScheme::from(0x0203).supported_in_tls13());
530 assert!(!SignatureScheme::from(0x0204).supported_in_tls13());
531 assert!(!SignatureScheme::from(0x0205).supported_in_tls13());
532 assert!(!SignatureScheme::from(0x0206).supported_in_tls13());
533
534 // common
535 assert!(SignatureScheme::ED25519.supported_in_tls13());
536 assert!(SignatureScheme::ED448.supported_in_tls13());
537 assert!(SignatureScheme::RSA_PSS_SHA256.supported_in_tls13());
538 assert!(SignatureScheme::RSA_PSS_SHA384.supported_in_tls13());
539 assert!(SignatureScheme::RSA_PSS_SHA512.supported_in_tls13());
540
541 // rsa_pss_rsae_*
542 assert!(SignatureScheme::from(0x0804).supported_in_tls13());
543 assert!(SignatureScheme::from(0x0805).supported_in_tls13());
544 assert!(SignatureScheme::from(0x0806).supported_in_tls13());
545
546 // ecdsa_brainpool*
547 assert!(SignatureScheme::from(0x081a).supported_in_tls13());
548 assert!(SignatureScheme::from(0x081b).supported_in_tls13());
549 assert!(SignatureScheme::from(0x081c).supported_in_tls13());
550
551 // sm2sig_sm3 (RFC 8998)
552 assert!(SignatureScheme::SM2_SM3.supported_in_tls13());
553 }
554}