Struct KxGroup

struct KxGroup {
    name: NamedGroup,
    agreement_algorithm: &'static Algorithm,
    fips_allowed: bool,
    pub_key_validator: fn(_: &[u8]) -> bool,
}

A key-exchange group supported by ring.

Fields

name: NamedGroup

The IANA “TLS Supported Groups” name of the group

agreement_algorithm: &'static Algorithm

The corresponding ring agreement::Algorithm

fips_allowed: bool

Whether the algorithm is allowed by FIPS

SupportedKxGroup::fips() is true if and only if the algorithm is allowed, and the implementation is FIPS-validated.

pub_key_validator: fn(_: &[u8]) -> bool

aws-lc-rs 1.9 and later accepts more formats of public keys than just uncompressed.

That is not compatible with TLS:

• TLS1.3 outlaws other encodings,
• TLS1.2 negotiates other encodings (we only offer uncompressed), and defaults to uncompressed if negotiation is not done.

This function should return true if the basic shape of its argument is consistent with an uncompressed point encoding. It does not need to verify that the point is on the curve (if the curve requires that for security); aws-lc-rs/ring must do that.

Trait Implementations

impl Debug for KxGroup

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl SupportedKxGroup for KxGroup

fn start(&self) -> Result<Box<dyn ActiveKeyExchange>, Error>

Start a key exchange.

fn ffdhe_group(&self) -> Option<FfdheGroup<'static>>

FFDHE group the SupportedKxGroup operates in.

fn name(&self) -> NamedGroup

Named group the SupportedKxGroup operates in.

fn fips(&self) -> bool

Return true if this is backed by a FIPS-approved implementation.

fn start_and_complete( &self, peer_pub_key: &[u8], ) -> Result<CompletedKeyExchange, Error>

Start and complete a key exchange, in one operation.

fn usable_for_version(&self, _version: ProtocolVersion) -> bool

Return true if this should be offered/selected with the given version.