pub trait SupportedKxGroup:
Send
+ Sync
+ Debug {
// Required methods
fn start(&self) -> Result<Box<dyn ActiveKeyExchange>, Error>;
fn name(&self) -> NamedGroup;
// Provided methods
fn start_and_complete(
&self,
peer_pub_key: &[u8],
) -> Result<CompletedKeyExchange, Error> { ... }
fn ffdhe_group(&self) -> Option<FfdheGroup<'static>> { ... }
fn fips(&self) -> bool { ... }
fn usable_for_version(&self, _version: ProtocolVersion) -> bool { ... }
}Expand description
A supported key exchange group.
This type carries both configuration and implementation. Specifically,
it has a TLS-level name expressed using the NamedGroup enum, and
a function which produces a ActiveKeyExchange.
Compare with NamedGroup, which carries solely a protocol identifier.
Required Methods§
Sourcefn start(&self) -> Result<Box<dyn ActiveKeyExchange>, Error>
fn start(&self) -> Result<Box<dyn ActiveKeyExchange>, Error>
Start a key exchange.
This will prepare an ephemeral secret key in the supported group, and a corresponding public key. The key exchange can be completed by calling ActiveKeyExchange or discarded.
§Errors
This can fail if the random source fails during ephemeral key generation.
Sourcefn name(&self) -> NamedGroup
fn name(&self) -> NamedGroup
Named group the SupportedKxGroup operates in.
If the NamedGroup enum does not have a name for the algorithm you are implementing,
you can use NamedGroup::Unknown.
Provided Methods§
Sourcefn start_and_complete(
&self,
peer_pub_key: &[u8],
) -> Result<CompletedKeyExchange, Error>
fn start_and_complete( &self, peer_pub_key: &[u8], ) -> Result<CompletedKeyExchange, Error>
Start and complete a key exchange, in one operation.
The default implementation for this calls start() and then calls
complete() on the result. This is suitable for Diffie-Hellman-like
key exchange algorithms, where there is not a data dependency between
our key share (named “pub_key” in this API) and the peer’s (peer_pub_key).
If there is such a data dependency (like key encapsulation mechanisms), this function should be implemented.
Sourcefn ffdhe_group(&self) -> Option<FfdheGroup<'static>>
fn ffdhe_group(&self) -> Option<FfdheGroup<'static>>
FFDHE group the SupportedKxGroup operates in.
Return None if this group is not a FFDHE one.
The default implementation calls FfdheGroup::from_named_group: this function
is extremely linker-unfriendly so it is recommended all key exchange implementers
provide this function.
rustls::ffdhe_groups contains suitable values to return from this,
for example rustls::ffdhe_groups::FFDHE2048.
Sourcefn usable_for_version(&self, _version: ProtocolVersion) -> bool
fn usable_for_version(&self, _version: ProtocolVersion) -> bool
Return true if this should be offered/selected with the given version.
The default implementation returns true for all versions.
Dyn Compatibility§
This trait is dyn compatible.
In older versions of Rust, dyn compatibility was called "object safety".