pub trait SupportedKxGroup:
Send
+ Sync
+ Debug {
// Required methods
fn start(&self) -> Result<Box<dyn ActiveKeyExchange>, Error>;
fn name(&self) -> NamedGroup;
// Provided methods
fn start_and_complete(
&self,
peer_pub_key: &[u8],
) -> Result<CompletedKeyExchange, Error> { ... }
fn ffdhe_group(&self) -> Option<FfdheGroup<'static>> { ... }
fn fips(&self) -> bool { ... }
fn usable_for_version(&self, _version: ProtocolVersion) -> bool { ... }
}
Expand description
A supported key exchange group.
This type carries both configuration and implementation. Specifically,
it has a TLS-level name expressed using the NamedGroup
enum, and
a function which produces a ActiveKeyExchange
.
Compare with NamedGroup
, which carries solely a protocol identifier.
Required Methods§
Sourcefn start(&self) -> Result<Box<dyn ActiveKeyExchange>, Error>
fn start(&self) -> Result<Box<dyn ActiveKeyExchange>, Error>
Start a key exchange.
This will prepare an ephemeral secret key in the supported group, and a corresponding public key. The key exchange can be completed by calling ActiveKeyExchange or discarded.
§Errors
This can fail if the random source fails during ephemeral key generation.
Sourcefn name(&self) -> NamedGroup
fn name(&self) -> NamedGroup
Named group the SupportedKxGroup operates in.
If the NamedGroup
enum does not have a name for the algorithm you are implementing,
you can use NamedGroup::Unknown
.
Provided Methods§
Sourcefn start_and_complete(
&self,
peer_pub_key: &[u8],
) -> Result<CompletedKeyExchange, Error>
fn start_and_complete( &self, peer_pub_key: &[u8], ) -> Result<CompletedKeyExchange, Error>
Start and complete a key exchange, in one operation.
The default implementation for this calls start()
and then calls
complete()
on the result. This is suitable for Diffie-Hellman-like
key exchange algorithms, where there is not a data dependency between
our key share (named “pub_key” in this API) and the peer’s (peer_pub_key
).
If there is such a data dependency (like key encapsulation mechanisms), this function should be implemented.
Sourcefn ffdhe_group(&self) -> Option<FfdheGroup<'static>>
fn ffdhe_group(&self) -> Option<FfdheGroup<'static>>
FFDHE group the SupportedKxGroup
operates in.
Return None
if this group is not a FFDHE one.
The default implementation calls FfdheGroup::from_named_group
: this function
is extremely linker-unfriendly so it is recommended all key exchange implementers
provide this function.
rustls::ffdhe_groups
contains suitable values to return from this,
for example rustls::ffdhe_groups::FFDHE2048
.
Sourcefn usable_for_version(&self, _version: ProtocolVersion) -> bool
fn usable_for_version(&self, _version: ProtocolVersion) -> bool
Return true
if this should be offered/selected with the given version.
The default implementation returns true for all versions.