Trait rustls::crypto::SupportedKxGroup

source ·
pub trait SupportedKxGroup:
    Send
    + Sync
    + Debug {
    // Required methods
    fn start(&self) -> Result<Box<dyn ActiveKeyExchange>, Error>;
    fn name(&self) -> NamedGroup;

    // Provided methods
    fn start_and_complete(
        &self,
        peer_pub_key: &[u8],
    ) -> Result<CompletedKeyExchange, Error> { ... }
    fn ffdhe_group(&self) -> Option<FfdheGroup<'static>> { ... }
    fn fips(&self) -> bool { ... }
}
Expand description

A supported key exchange group.

This type carries both configuration and implementation. Specifically, it has a TLS-level name expressed using the NamedGroup enum, and a function which produces a ActiveKeyExchange.

Compare with NamedGroup, which carries solely a protocol identifier.

Required Methods§

source

fn start(&self) -> Result<Box<dyn ActiveKeyExchange>, Error>

Start a key exchange.

This will prepare an ephemeral secret key in the supported group, and a corresponding public key. The key exchange can be completed by calling ActiveKeyExchange or discarded.

§Errors

This can fail if the random source fails during ephemeral key generation.

source

fn name(&self) -> NamedGroup

Named group the SupportedKxGroup operates in.

If the NamedGroup enum does not have a name for the algorithm you are implementing, you can use NamedGroup::Unknown.

Provided Methods§

source

fn start_and_complete( &self, peer_pub_key: &[u8], ) -> Result<CompletedKeyExchange, Error>

Start and complete a key exchange, in one operation.

The default implementation for this calls start() and then calls complete() on the result. This is suitable for Diffie-Hellman-like key exchange algorithms, where there is not a data dependency between our key share (named “pub_key” in this API) and the peer’s (peer_pub_key).

If there is such a data dependency (like key encapsulation mechanisms), this function should be implemented.

source

fn ffdhe_group(&self) -> Option<FfdheGroup<'static>>

FFDHE group the SupportedKxGroup operates in.

Return None if this group is not a FFDHE one.

The default implementation calls FfdheGroup::from_named_group: this function is extremely linker-unfriendly so it is recommended all key exchange implementers provide this function.

rustls::ffdhe_groups contains suitable values to return from this, for example rustls::ffdhe_groups::FFDHE2048.

source

fn fips(&self) -> bool

Return true if this is backed by a FIPS-approved implementation.

Implementors§