Struct rustls::crypto::CipherSuiteCommon

source · 
pub struct CipherSuiteCommon {
    pub suite: CipherSuite,
    pub hash_provider: &'static dyn Hash,
    pub confidentiality_limit: u64,
}
Expand description

Common state for cipher suites (both for TLS 1.2 and TLS 1.3)

Fields§

§suite: CipherSuite

The TLS enumeration naming this cipher suite.

§hash_provider: &'static dyn Hash

Which hash function the suite uses.

§confidentiality_limit: u64

Number of TCP-TLS messages that can be safely encrypted with a single key of this type

Once a MessageEncrypter produced for this suite has encrypted more than confidentiality_limit messages, an attacker gains an advantage in distinguishing it from an ideal pseudorandom permutation (PRP).

This is to be set on the assumption that messages are maximally sized – each is 214 bytes. It does not consider confidentiality limits for QUIC connections - see the [quic::KeyBuilder.confidentiality_limit] field for this context.

For AES-GCM implementations, this should be set to 224 to limit attack probability to one in 260. See AEBounds (Table 1) and draft-irtf-aead-limits-08:

>>> p = 2 ** -60
>>> L = (2 ** 14 // 16) + 1
>>> qlim = (math.sqrt(p) * (2 ** (129 // 2)) - 1) / (L + 1)
>>> print(int(qlim).bit_length())
24

For chacha20-poly1305 implementations, this should be set to u64::MAX: see https://www.ietf.org/archive/id/draft-irtf-cfrg-aead-limits-08.html#section-5.2.1

Implementations§

source§

impl CipherSuiteCommon

source

pub fn fips(&self) -> bool

Return true if this is backed by a FIPS-approved implementation.

This means all the constituent parts that do cryptography return true for fips().

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

source§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.

Layout§

Note: Most layout information is completely unstable and may even differ between compilations. The only exception is types with certain repr(...) attributes. Please see the Rust Reference's “Type Layout” chapter for details on type layout guarantees.

Size: 32 bytes