Skip to main content

SupportedKxGroup

Trait SupportedKxGroup 

Source
pub trait SupportedKxGroup:
    Send
    + Sync
    + Debug {
    // Required methods
    fn start(&self) -> Result<Box<dyn ActiveKeyExchange>, Error>;
    fn name(&self) -> NamedGroup;

    // Provided methods
    fn start_and_complete(
        &self,
        peer_pub_key: &[u8],
    ) -> Result<CompletedKeyExchange, Error> { ... }
    fn ffdhe_group(&self) -> Option<FfdheGroup<'static>> { ... }
    fn fips(&self) -> bool { ... }
    fn usable_for_version(&self, _version: ProtocolVersion) -> bool { ... }
}
Expand description

A supported key exchange group.

This type carries both configuration and implementation. Specifically, it has a TLS-level name expressed using the NamedGroup enum, and a function which produces a ActiveKeyExchange.

Compare with NamedGroup, which carries solely a protocol identifier.

Required Methods§

Source

fn start(&self) -> Result<Box<dyn ActiveKeyExchange>, Error>

Start a key exchange.

This will prepare an ephemeral secret key in the supported group, and a corresponding public key. The key exchange can be completed by calling ActiveKeyExchange or discarded.

§Errors

This can fail if the random source fails during ephemeral key generation.

Source

fn name(&self) -> NamedGroup

Named group the SupportedKxGroup operates in.

If the NamedGroup enum does not have a name for the algorithm you are implementing, you can use NamedGroup::Unknown.

Provided Methods§

Source

fn start_and_complete( &self, peer_pub_key: &[u8], ) -> Result<CompletedKeyExchange, Error>

Start and complete a key exchange, in one operation.

The default implementation for this calls start() and then calls complete() on the result. This is suitable for Diffie-Hellman-like key exchange algorithms, where there is not a data dependency between our key share (named “pub_key” in this API) and the peer’s (peer_pub_key).

If there is such a data dependency (like key encapsulation mechanisms), this function should be implemented.

Source

fn ffdhe_group(&self) -> Option<FfdheGroup<'static>>

FFDHE group the SupportedKxGroup operates in.

Return None if this group is not a FFDHE one.

The default implementation calls FfdheGroup::from_named_group: this function is extremely linker-unfriendly so it is recommended all key exchange implementers provide this function.

rustls::ffdhe_groups contains suitable values to return from this, for example rustls::ffdhe_groups::FFDHE2048.

Source

fn fips(&self) -> bool

Return true if this is backed by a FIPS-approved implementation.

Source

fn usable_for_version(&self, _version: ProtocolVersion) -> bool

Return true if this should be offered/selected with the given version.

The default implementation returns true for all versions.

Dyn Compatibility§

This trait is dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety".

Implementors§