rustls/crypto/enums.rs
1#![expect(non_camel_case_types)]
2use crate::crypto::hash;
3
4enum_builder! {
5 /// The `CipherSuite` TLS protocol enum. Values in this enum are taken
6 /// from the various RFCs covering TLS, and are listed by IANA.
7 /// The `Unknown` item is used when processing unrecognized ordinals.
8 #[repr(u16)]
9 pub enum CipherSuite {
10 /// The `TLS_DHE_RSA_WITH_AES_128_GCM_SHA256` cipher suite. Recommended=Y. Defined in
11 /// <https://www.iana.org/go/rfc5288>
12 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 => 0x009e,
13
14 /// The `TLS_DHE_RSA_WITH_AES_256_GCM_SHA384` cipher suite. Recommended=Y. Defined in
15 /// <https://www.iana.org/go/rfc5288>
16 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 => 0x009f,
17
18 /// The `TLS_DHE_PSK_WITH_AES_128_GCM_SHA256` cipher suite. Recommended=Y. Defined in
19 /// <https://www.iana.org/go/rfc5487>
20 TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 => 0x00aa,
21
22 /// The `TLS_DHE_PSK_WITH_AES_256_GCM_SHA384` cipher suite. Recommended=Y. Defined in
23 /// <https://www.iana.org/go/rfc5487>
24 TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 => 0x00ab,
25
26 /// The `TLS_AES_128_GCM_SHA256` cipher suite. Recommended=Y. Defined in
27 /// <https://www.iana.org/go/rfc8446>
28 TLS13_AES_128_GCM_SHA256 => 0x1301,
29
30 /// The `TLS_AES_256_GCM_SHA384` cipher suite. Recommended=Y. Defined in
31 /// <https://www.iana.org/go/rfc8446>
32 TLS13_AES_256_GCM_SHA384 => 0x1302,
33
34 /// The `TLS_CHACHA20_POLY1305_SHA256` cipher suite. Recommended=Y. Defined in
35 /// <https://www.iana.org/go/rfc8446>
36 TLS13_CHACHA20_POLY1305_SHA256 => 0x1303,
37
38 /// The `TLS_AES_128_CCM_SHA256` cipher suite. Recommended=Y. Defined in
39 /// <https://www.iana.org/go/rfc8446>
40 TLS13_AES_128_CCM_SHA256 => 0x1304,
41
42 /// The `TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256` cipher suite. Recommended=Y. Defined in
43 /// <https://www.iana.org/go/rfc5289>
44 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 => 0xc02b,
45
46 /// The `TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384` cipher suite. Recommended=Y. Defined in
47 /// <https://www.iana.org/go/rfc5289>
48 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 => 0xc02c,
49
50 /// The `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256` cipher suite. Recommended=Y. Defined in
51 /// <https://www.iana.org/go/rfc5289>
52 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 => 0xc02f,
53
54 /// The `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384` cipher suite. Recommended=Y. Defined in
55 /// <https://www.iana.org/go/rfc5289>
56 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 => 0xc030,
57
58 /// The `TLS_DHE_RSA_WITH_AES_128_CCM` cipher suite. Recommended=Y. Defined in
59 /// <https://www.iana.org/go/rfc6655>
60 TLS_DHE_RSA_WITH_AES_128_CCM => 0xc09e,
61
62 /// The `TLS_DHE_RSA_WITH_AES_256_CCM` cipher suite. Recommended=Y. Defined in
63 /// <https://www.iana.org/go/rfc6655>
64 TLS_DHE_RSA_WITH_AES_256_CCM => 0xc09f,
65
66 /// The `TLS_DHE_PSK_WITH_AES_128_CCM` cipher suite. Recommended=Y. Defined in
67 /// <https://www.iana.org/go/rfc6655>
68 TLS_DHE_PSK_WITH_AES_128_CCM => 0xc0a6,
69
70 /// The `TLS_DHE_PSK_WITH_AES_256_CCM` cipher suite. Recommended=Y. Defined in
71 /// <https://www.iana.org/go/rfc6655>
72 TLS_DHE_PSK_WITH_AES_256_CCM => 0xc0a7,
73
74 /// The `TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256` cipher suite. Recommended=Y. Defined in
75 /// <https://www.iana.org/go/rfc7905>
76 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 => 0xcca8,
77
78 /// The `TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256` cipher suite. Recommended=Y. Defined in
79 /// <https://www.iana.org/go/rfc7905>
80 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 => 0xcca9,
81
82 /// The `TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256` cipher suite. Recommended=Y. Defined in
83 /// <https://www.iana.org/go/rfc7905>
84 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 => 0xccaa,
85
86 /// The `TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256` cipher suite. Recommended=Y. Defined in
87 /// <https://www.iana.org/go/rfc7905>
88 TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 => 0xccac,
89
90 /// The `TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256` cipher suite. Recommended=Y. Defined in
91 /// <https://www.iana.org/go/rfc7905>
92 TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 => 0xccad,
93
94 /// The `TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256` cipher suite. Recommended=Y. Defined in
95 /// <https://www.iana.org/go/rfc8442>
96 TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 => 0xd001,
97
98 /// The `TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384` cipher suite. Recommended=Y. Defined in
99 /// <https://www.iana.org/go/rfc8442>
100 TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384 => 0xd002,
101
102 /// The `TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256` cipher suite. Recommended=Y. Defined in
103 /// <https://www.iana.org/go/rfc8442>
104 TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256 => 0xd005,
105
106 !Debug:
107 /// The `TLS_RSA_WITH_AES_128_CBC_SHA` cipher suite. Recommended=N. Defined in
108 /// <https://www.iana.org/go/rfc5246>
109 TLS_RSA_WITH_AES_128_CBC_SHA => 0x002f,
110
111 /// The `TLS_DHE_RSA_WITH_AES_128_CBC_SHA` cipher suite. Recommended=N. Defined in
112 /// <https://www.iana.org/go/rfc5246>
113 TLS_DHE_RSA_WITH_AES_128_CBC_SHA => 0x0033,
114
115 /// The `TLS_RSA_WITH_AES_256_CBC_SHA` cipher suite. Recommended=N. Defined in
116 /// <https://www.iana.org/go/rfc5246>
117 TLS_RSA_WITH_AES_256_CBC_SHA => 0x0035,
118
119 /// The `TLS_DHE_RSA_WITH_AES_256_CBC_SHA` cipher suite. Recommended=N. Defined in
120 /// <https://www.iana.org/go/rfc5246>
121 TLS_DHE_RSA_WITH_AES_256_CBC_SHA => 0x0039,
122
123 /// The `TLS_RSA_WITH_AES_128_CBC_SHA256` cipher suite. Recommended=N. Defined in
124 /// <https://www.iana.org/go/rfc5246>
125 TLS_RSA_WITH_AES_128_CBC_SHA256 => 0x003c,
126
127 /// The `TLS_RSA_WITH_AES_256_CBC_SHA256` cipher suite. Recommended=N. Defined in
128 /// <https://www.iana.org/go/rfc5246>
129 TLS_RSA_WITH_AES_256_CBC_SHA256 => 0x003d,
130
131 /// The `TLS_DHE_RSA_WITH_AES_128_CBC_SHA256` cipher suite. Recommended=N. Defined in
132 /// <https://www.iana.org/go/rfc5246>
133 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 => 0x0067,
134
135 /// The `TLS_DHE_RSA_WITH_AES_256_CBC_SHA256` cipher suite. Recommended=N. Defined in
136 /// <https://www.iana.org/go/rfc5246>
137 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 => 0x006b,
138
139 /// The `TLS_PSK_WITH_AES_128_CBC_SHA` cipher suite. Recommended=N. Defined in
140 /// <https://www.iana.org/go/rfc4279>
141 TLS_PSK_WITH_AES_128_CBC_SHA => 0x008c,
142
143 /// The `TLS_PSK_WITH_AES_256_CBC_SHA` cipher suite. Recommended=N. Defined in
144 /// <https://www.iana.org/go/rfc4279>
145 TLS_PSK_WITH_AES_256_CBC_SHA => 0x008d,
146
147 /// The `TLS_DHE_PSK_WITH_AES_128_CBC_SHA` cipher suite. Recommended=N. Defined in
148 /// <https://www.iana.org/go/rfc4279>
149 TLS_DHE_PSK_WITH_AES_128_CBC_SHA => 0x0090,
150
151 /// The `TLS_DHE_PSK_WITH_AES_256_CBC_SHA` cipher suite. Recommended=N. Defined in
152 /// <https://www.iana.org/go/rfc4279>
153 TLS_DHE_PSK_WITH_AES_256_CBC_SHA => 0x0091,
154
155 /// The `TLS_RSA_PSK_WITH_AES_128_CBC_SHA` cipher suite. Recommended=N. Defined in
156 /// <https://www.iana.org/go/rfc4279>
157 TLS_RSA_PSK_WITH_AES_128_CBC_SHA => 0x0094,
158
159 /// The `TLS_RSA_PSK_WITH_AES_256_CBC_SHA` cipher suite. Recommended=N. Defined in
160 /// <https://www.iana.org/go/rfc4279>
161 TLS_RSA_PSK_WITH_AES_256_CBC_SHA => 0x0095,
162
163 /// The `TLS_RSA_WITH_AES_128_GCM_SHA256` cipher suite. Recommended=N. Defined in
164 /// <https://www.iana.org/go/rfc5288>
165 TLS_RSA_WITH_AES_128_GCM_SHA256 => 0x009c,
166
167 /// The `TLS_RSA_WITH_AES_256_GCM_SHA384` cipher suite. Recommended=N. Defined in
168 /// <https://www.iana.org/go/rfc5288>
169 TLS_RSA_WITH_AES_256_GCM_SHA384 => 0x009d,
170
171 /// The `TLS_PSK_WITH_AES_128_GCM_SHA256` cipher suite. Recommended=N. Defined in
172 /// <https://www.iana.org/go/rfc5487>
173 TLS_PSK_WITH_AES_128_GCM_SHA256 => 0x00a8,
174
175 /// The `TLS_PSK_WITH_AES_256_GCM_SHA384` cipher suite. Recommended=N. Defined in
176 /// <https://www.iana.org/go/rfc5487>
177 TLS_PSK_WITH_AES_256_GCM_SHA384 => 0x00a9,
178
179 /// The `TLS_RSA_PSK_WITH_AES_128_GCM_SHA256` cipher suite. Recommended=N. Defined in
180 /// <https://www.iana.org/go/rfc5487>
181 TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 => 0x00ac,
182
183 /// The `TLS_RSA_PSK_WITH_AES_256_GCM_SHA384` cipher suite. Recommended=N. Defined in
184 /// <https://www.iana.org/go/rfc5487>
185 TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 => 0x00ad,
186
187 /// The `TLS_PSK_WITH_AES_128_CBC_SHA256` cipher suite. Recommended=N. Defined in
188 /// <https://www.iana.org/go/rfc5487>
189 TLS_PSK_WITH_AES_128_CBC_SHA256 => 0x00ae,
190
191 /// The `TLS_PSK_WITH_AES_256_CBC_SHA384` cipher suite. Recommended=N. Defined in
192 /// <https://www.iana.org/go/rfc5487>
193 TLS_PSK_WITH_AES_256_CBC_SHA384 => 0x00af,
194
195 /// The `TLS_DHE_PSK_WITH_AES_128_CBC_SHA256` cipher suite. Recommended=N. Defined in
196 /// <https://www.iana.org/go/rfc5487>
197 TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 => 0x00b2,
198
199 /// The `TLS_DHE_PSK_WITH_AES_256_CBC_SHA384` cipher suite. Recommended=N. Defined in
200 /// <https://www.iana.org/go/rfc5487>
201 TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 => 0x00b3,
202
203 /// The `TLS_RSA_PSK_WITH_AES_128_CBC_SHA256` cipher suite. Recommended=N. Defined in
204 /// <https://www.iana.org/go/rfc5487>
205 TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 => 0x00b6,
206
207 /// The `TLS_RSA_PSK_WITH_AES_256_CBC_SHA384` cipher suite. Recommended=N. Defined in
208 /// <https://www.iana.org/go/rfc5487>
209 TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 => 0x00b7,
210
211 /// The `TLS_EMPTY_RENEGOTIATION_INFO_SCSV` cipher suite. Recommended=N. Defined in
212 /// <https://www.iana.org/go/rfc5746>
213 TLS_EMPTY_RENEGOTIATION_INFO_SCSV => 0x00ff,
214
215 /// The `TLS_AES_128_CCM_8_SHA256` cipher suite. Recommended=N. Defined in
216 /// <https://www.iana.org/go/rfc8446>
217 TLS13_AES_128_CCM_8_SHA256 => 0x1305,
218
219 /// The `TLS_FALLBACK_SCSV` cipher suite. Recommended=N. Defined in
220 /// <https://www.iana.org/go/rfc7507>
221 TLS_FALLBACK_SCSV => 0x5600,
222
223 /// The `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA` cipher suite. Recommended=N. Defined in
224 /// <https://www.iana.org/go/rfc8422>
225 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA => 0xc009,
226
227 /// The `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA` cipher suite. Recommended=N. Defined in
228 /// <https://www.iana.org/go/rfc8422>
229 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA => 0xc00a,
230
231 /// The `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA` cipher suite. Recommended=N. Defined in
232 /// <https://www.iana.org/go/rfc8422>
233 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA => 0xc013,
234
235 /// The `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA` cipher suite. Recommended=N. Defined in
236 /// <https://www.iana.org/go/rfc8422>
237 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA => 0xc014,
238
239 /// The `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256` cipher suite. Recommended=N. Defined in
240 /// <https://www.iana.org/go/rfc5289>
241 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 => 0xc023,
242
243 /// The `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384` cipher suite. Recommended=N. Defined in
244 /// <https://www.iana.org/go/rfc5289>
245 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 => 0xc024,
246
247 /// The `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256` cipher suite. Recommended=N. Defined in
248 /// <https://www.iana.org/go/rfc5289>
249 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 => 0xc027,
250
251 /// The `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384` cipher suite. Recommended=N. Defined in
252 /// <https://www.iana.org/go/rfc5289>
253 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 => 0xc028,
254
255 /// The `TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA` cipher suite. Recommended=N. Defined in
256 /// <https://www.iana.org/go/rfc5489>
257 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA => 0xc035,
258
259 /// The `TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA` cipher suite. Recommended=N. Defined in
260 /// <https://www.iana.org/go/rfc5489>
261 TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA => 0xc036,
262
263 /// The `TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256` cipher suite. Recommended=N. Defined in
264 /// <https://www.iana.org/go/rfc5489>
265 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 => 0xc037,
266
267 /// The `TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384` cipher suite. Recommended=N. Defined in
268 /// <https://www.iana.org/go/rfc5489>
269 TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 => 0xc038,
270
271 /// The `TLS_RSA_WITH_AES_128_CCM` cipher suite. Recommended=N. Defined in
272 /// <https://www.iana.org/go/rfc6655>
273 TLS_RSA_WITH_AES_128_CCM => 0xc09c,
274
275 /// The `TLS_RSA_WITH_AES_256_CCM` cipher suite. Recommended=N. Defined in
276 /// <https://www.iana.org/go/rfc6655>
277 TLS_RSA_WITH_AES_256_CCM => 0xc09d,
278
279 /// The `TLS_RSA_WITH_AES_128_CCM_8` cipher suite. Recommended=N. Defined in
280 /// <https://www.iana.org/go/rfc6655>
281 TLS_RSA_WITH_AES_128_CCM_8 => 0xc0a0,
282
283 /// The `TLS_RSA_WITH_AES_256_CCM_8` cipher suite. Recommended=N. Defined in
284 /// <https://www.iana.org/go/rfc6655>
285 TLS_RSA_WITH_AES_256_CCM_8 => 0xc0a1,
286
287 /// The `TLS_DHE_RSA_WITH_AES_128_CCM_8` cipher suite. Recommended=N. Defined in
288 /// <https://www.iana.org/go/rfc6655>
289 TLS_DHE_RSA_WITH_AES_128_CCM_8 => 0xc0a2,
290
291 /// The `TLS_DHE_RSA_WITH_AES_256_CCM_8` cipher suite. Recommended=N. Defined in
292 /// <https://www.iana.org/go/rfc6655>
293 TLS_DHE_RSA_WITH_AES_256_CCM_8 => 0xc0a3,
294
295 /// The `TLS_PSK_WITH_AES_128_CCM` cipher suite. Recommended=N. Defined in
296 /// <https://www.iana.org/go/rfc6655>
297 TLS_PSK_WITH_AES_128_CCM => 0xc0a4,
298
299 /// The `TLS_PSK_WITH_AES_256_CCM` cipher suite. Recommended=N. Defined in
300 /// <https://www.iana.org/go/rfc6655>
301 TLS_PSK_WITH_AES_256_CCM => 0xc0a5,
302
303 /// The `TLS_PSK_WITH_AES_128_CCM_8` cipher suite. Recommended=N. Defined in
304 /// <https://www.iana.org/go/rfc6655>
305 TLS_PSK_WITH_AES_128_CCM_8 => 0xc0a8,
306
307 /// The `TLS_PSK_WITH_AES_256_CCM_8` cipher suite. Recommended=N. Defined in
308 /// <https://www.iana.org/go/rfc6655>
309 TLS_PSK_WITH_AES_256_CCM_8 => 0xc0a9,
310
311 /// The `TLS_PSK_DHE_WITH_AES_128_CCM_8` cipher suite. Recommended=N. Defined in
312 /// <https://www.iana.org/go/rfc6655>
313 TLS_PSK_DHE_WITH_AES_128_CCM_8 => 0xc0aa,
314
315 /// The `TLS_PSK_DHE_WITH_AES_256_CCM_8` cipher suite. Recommended=N. Defined in
316 /// <https://www.iana.org/go/rfc6655>
317 TLS_PSK_DHE_WITH_AES_256_CCM_8 => 0xc0ab,
318
319 /// The `TLS_ECDHE_ECDSA_WITH_AES_128_CCM` cipher suite. Recommended=N. Defined in
320 /// <https://www.iana.org/go/rfc7251>
321 TLS_ECDHE_ECDSA_WITH_AES_128_CCM => 0xc0ac,
322
323 /// The `TLS_ECDHE_ECDSA_WITH_AES_256_CCM` cipher suite. Recommended=N. Defined in
324 /// <https://www.iana.org/go/rfc7251>
325 TLS_ECDHE_ECDSA_WITH_AES_256_CCM => 0xc0ad,
326
327 /// The `TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8` cipher suite. Recommended=N. Defined in
328 /// <https://www.iana.org/go/rfc7251>
329 TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 => 0xc0ae,
330
331 /// The `TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8` cipher suite. Recommended=N. Defined in
332 /// <https://www.iana.org/go/rfc7251>
333 TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 => 0xc0af,
334
335 /// The `TLS_SHA256_SHA256` cipher suite. Recommended=N. Defined in
336 /// <https://www.iana.org/go/rfc9150>
337 TLS_SHA256_SHA256 => 0xc0b4,
338
339 /// The `TLS_SHA384_SHA384` cipher suite. Recommended=N. Defined in
340 /// <https://www.iana.org/go/rfc9150>
341 TLS_SHA384_SHA384 => 0xc0b5,
342
343 /// The `TLS_PSK_WITH_CHACHA20_POLY1305_SHA256` cipher suite. Recommended=N. Defined in
344 /// <https://www.iana.org/go/rfc7905>
345 TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 => 0xccab,
346
347 /// The `TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256` cipher suite. Recommended=N. Defined in
348 /// <https://www.iana.org/go/rfc7905>
349 TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 => 0xccae,
350
351 /// The `TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256` cipher suite. Recommended=N. Defined in
352 /// <https://www.iana.org/go/rfc8442>
353 TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256 => 0xd003,
354 }
355}
356
357enum_builder! {
358 /// The `SignatureScheme` TLS protocol enum. Values in this enum are taken
359 /// from the various RFCs covering TLS, and are listed by IANA.
360 /// The `Unknown` item is used when processing unrecognized ordinals.
361 #[repr(u16)]
362 pub enum SignatureScheme {
363 RSA_PKCS1_SHA1 => 0x0201,
364 ECDSA_SHA1_Legacy => 0x0203,
365 RSA_PKCS1_SHA256 => 0x0401,
366 ECDSA_NISTP256_SHA256 => 0x0403,
367 RSA_PKCS1_SHA384 => 0x0501,
368 ECDSA_NISTP384_SHA384 => 0x0503,
369 RSA_PKCS1_SHA512 => 0x0601,
370 ECDSA_NISTP521_SHA512 => 0x0603,
371 RSA_PSS_SHA256 => 0x0804,
372 RSA_PSS_SHA384 => 0x0805,
373 RSA_PSS_SHA512 => 0x0806,
374 ED25519 => 0x0807,
375 ED448 => 0x0808,
376 // https://datatracker.ietf.org/doc/html/draft-ietf-tls-mldsa-00#name-iana-considerations
377 ML_DSA_44 => 0x0904,
378 ML_DSA_65 => 0x0905,
379 ML_DSA_87 => 0x0906,
380 }
381}
382
383impl SignatureScheme {
384 pub(crate) fn algorithm(&self) -> SignatureAlgorithm {
385 match *self {
386 Self::RSA_PKCS1_SHA1
387 | Self::RSA_PKCS1_SHA256
388 | Self::RSA_PKCS1_SHA384
389 | Self::RSA_PKCS1_SHA512
390 | Self::RSA_PSS_SHA256
391 | Self::RSA_PSS_SHA384
392 | Self::RSA_PSS_SHA512 => SignatureAlgorithm::RSA,
393 Self::ECDSA_SHA1_Legacy
394 | Self::ECDSA_NISTP256_SHA256
395 | Self::ECDSA_NISTP384_SHA384
396 | Self::ECDSA_NISTP521_SHA512 => SignatureAlgorithm::ECDSA,
397 Self::ED25519 => SignatureAlgorithm::ED25519,
398 Self::ED448 => SignatureAlgorithm::ED448,
399 _ => SignatureAlgorithm::Unknown(0),
400 }
401 }
402
403 /// Whether a particular `SignatureScheme` is allowed for TLS protocol signatures
404 /// in TLS1.3.
405 ///
406 /// This prevents (eg) RSA_PKCS1_SHA256 being offered or accepted, even if our
407 /// verifier supports it for other protocol versions.
408 ///
409 /// See RFC8446 s4.2.3: <https://datatracker.ietf.org/doc/html/rfc8446#section-4.2.3>
410 ///
411 /// This is a denylist so that newly-allocated `SignatureScheme`s values are
412 /// allowed in TLS1.3 by default.
413 pub(crate) fn supported_in_tls13(&self) -> bool {
414 let [hash, sign] = self.to_array();
415
416 // This covers both disallowing SHA1 items in `SignatureScheme`, and
417 // old hash functions. See the section beginning "Legacy algorithms:"
418 // and item starting "In TLS 1.2, the extension contained hash/signature
419 // pairs" in RFC8446 section 4.2.3.
420 match HashAlgorithm::from(hash) {
421 HashAlgorithm::NONE
422 | HashAlgorithm::MD5
423 | HashAlgorithm::SHA1
424 | HashAlgorithm::SHA224 => return false,
425 _ => (),
426 };
427
428 // RSA-PKCS1 is also disallowed for TLS1.3, see the section beginning
429 // "RSASSA-PKCS1-v1_5 algorithms:" in RFC8446 section 4.2.3.
430 //
431 // (nb. SignatureAlgorithm::RSA is RSA-PKCS1, and does not cover RSA-PSS
432 // or RSAE-PSS.)
433 //
434 // This also covers the outlawing of DSA mentioned elsewhere in 4.2.3.
435 !matches!(
436 SignatureAlgorithm::from(sign),
437 SignatureAlgorithm::Anonymous | SignatureAlgorithm::RSA | SignatureAlgorithm::DSA
438 )
439 }
440}
441
442enum_builder! {
443 /// The `HashAlgorithm` TLS protocol enum. Values in this enum are taken
444 /// from the various RFCs covering TLS, and are listed by IANA.
445 /// The `Unknown` item is used when processing unrecognized ordinals.
446 #[repr(u8)]
447 pub enum HashAlgorithm {
448 NONE => 0x00,
449 MD5 => 0x01,
450 SHA1 => 0x02,
451 SHA224 => 0x03,
452 SHA256 => 0x04,
453 SHA384 => 0x05,
454 SHA512 => 0x06,
455 }
456}
457
458impl HashAlgorithm {
459 /// Returns the hash of the empty input.
460 ///
461 /// This returns `None` for some hash algorithms, so the caller
462 /// should be prepared to do the computation themselves in this case.
463 pub(crate) fn hash_for_empty_input(&self) -> Option<hash::Output> {
464 match self {
465 Self::SHA256 => Some(hash::Output::new(
466 b"\xe3\xb0\xc4\x42\x98\xfc\x1c\x14\
467 \x9a\xfb\xf4\xc8\x99\x6f\xb9\x24\
468 \x27\xae\x41\xe4\x64\x9b\x93\x4c\
469 \xa4\x95\x99\x1b\x78\x52\xb8\x55",
470 )),
471 Self::SHA384 => Some(hash::Output::new(
472 b"\x38\xb0\x60\xa7\x51\xac\x96\x38\
473 \x4c\xd9\x32\x7e\xb1\xb1\xe3\x6a\
474 \x21\xfd\xb7\x11\x14\xbe\x07\x43\
475 \x4c\x0c\xc7\xbf\x63\xf6\xe1\xda\
476 \x27\x4e\xde\xbf\xe7\x6f\x65\xfb\
477 \xd5\x1a\xd2\xf1\x48\x98\xb9\x5b",
478 )),
479 _ => None,
480 }
481 }
482}
483
484enum_builder! {
485 /// The `SignatureAlgorithm` TLS protocol enum. Values in this enum are taken
486 /// from the various RFCs covering TLS, and are listed by IANA.
487 /// The `Unknown` item is used when processing unrecognized ordinals.
488 #[repr(u8)]
489 pub enum SignatureAlgorithm {
490 Anonymous => 0x00,
491 RSA => 0x01,
492 DSA => 0x02,
493 ECDSA => 0x03,
494 ED25519 => 0x07,
495 ED448 => 0x08,
496 }
497}
498
499#[cfg(test)]
500mod tests {
501 use super::*;
502 use crate::msgs::enums::tests::test_enum8;
503
504 #[test]
505 fn test_enums() {
506 test_enum8::<HashAlgorithm>(HashAlgorithm::NONE, HashAlgorithm::SHA512);
507 test_enum8::<SignatureAlgorithm>(SignatureAlgorithm::Anonymous, SignatureAlgorithm::ECDSA);
508 }
509
510 #[test]
511 fn tls13_signature_restrictions() {
512 // rsa-pkcs1 denied
513 assert!(!SignatureScheme::RSA_PKCS1_SHA1.supported_in_tls13());
514 assert!(!SignatureScheme::RSA_PKCS1_SHA256.supported_in_tls13());
515 assert!(!SignatureScheme::RSA_PKCS1_SHA384.supported_in_tls13());
516 assert!(!SignatureScheme::RSA_PKCS1_SHA512.supported_in_tls13());
517
518 // dsa denied
519 assert!(!SignatureScheme::from(0x0201).supported_in_tls13());
520 assert!(!SignatureScheme::from(0x0202).supported_in_tls13());
521 assert!(!SignatureScheme::from(0x0203).supported_in_tls13());
522 assert!(!SignatureScheme::from(0x0204).supported_in_tls13());
523 assert!(!SignatureScheme::from(0x0205).supported_in_tls13());
524 assert!(!SignatureScheme::from(0x0206).supported_in_tls13());
525
526 // common
527 assert!(SignatureScheme::ED25519.supported_in_tls13());
528 assert!(SignatureScheme::ED448.supported_in_tls13());
529 assert!(SignatureScheme::RSA_PSS_SHA256.supported_in_tls13());
530 assert!(SignatureScheme::RSA_PSS_SHA384.supported_in_tls13());
531 assert!(SignatureScheme::RSA_PSS_SHA512.supported_in_tls13());
532
533 // rsa_pss_rsae_*
534 assert!(SignatureScheme::from(0x0804).supported_in_tls13());
535 assert!(SignatureScheme::from(0x0805).supported_in_tls13());
536 assert!(SignatureScheme::from(0x0806).supported_in_tls13());
537
538 // ecdsa_brainpool*
539 assert!(SignatureScheme::from(0x081a).supported_in_tls13());
540 assert!(SignatureScheme::from(0x081b).supported_in_tls13());
541 assert!(SignatureScheme::from(0x081c).supported_in_tls13());
542 }
543}