pub trait SupportedKxGroup:
Send
+ Sync
+ Debug {
// Required methods
fn start(&self) -> Result<Box<dyn ActiveKeyExchange>, Error>;
fn name(&self) -> NamedGroup;
// Provided methods
fn start_and_complete(
&self,
peer_pub_key: &[u8],
) -> Result<CompletedKeyExchange, Error> { ... }
fn ffdhe_group(&self) -> Option<FfdheGroup<'static>> { ... }
fn fips(&self) -> bool { ... }
fn usable_for_version(&self, _version: ProtocolVersion) -> bool { ... }
}展开描述
支持的密钥交换组。
This type carries both configuration 并 implementation. Specifically,
it has 一个 TLS-level name expressed using the NamedGroup enum, 并
一个 function which produces 一个 ActiveKeyExchange。
Compare with NamedGroup, which carries solely 一个 protocol 标识符。
必需方法§
Sourcefn start(&self) -> Result<Box<dyn ActiveKeyExchange>, Error>
fn start(&self) -> Result<Box<dyn ActiveKeyExchange>, Error>
Start 一个 key exchange.
This will prepare an ephemeral secret key in 受支持 group, 并 一个 corresponding 公钥. 此 key exchange can be completed by calling ActiveKeyExchange 或 discarded.
§Errors
若临时密钥生成期间随机源失败,则此操作可能失败。
Sourcefn name(&self) -> NamedGroup
fn name(&self) -> NamedGroup
SupportedKxGroup 所操作的命名组。
If the NamedGroup enum does not have 一个 名用于 the 算法 you are implementing,
you can use NamedGroup::Unknown。
提供方法§
Sourcefn start_and_complete(
&self,
peer_pub_key: &[u8],
) -> Result<CompletedKeyExchange, Error>
fn start_and_complete( &self, peer_pub_key: &[u8], ) -> Result<CompletedKeyExchange, Error>
Start 并 complete 一个 key exchange, in one operation.
此 default implementation 用于 this calls start() 并 then calls
complete() on 结果. This 适合于 Diffie-Hellman-like
key exchange algorithms, where there is not 一个 data dependency between
our key share (named “pub_key” in this API) 并 the peer’s (peer_pub_key)。
If there is such 一个 data dependency (like key encapsulation mechanisms), this function should be implemented.
Sourcefn ffdhe_group(&self) -> Option<FfdheGroup<'static>>
fn ffdhe_group(&self) -> Option<FfdheGroup<'static>>
FFDHE group the SupportedKxGroup operates in.
Return None if this group is not 一个 FFDHE one.
此 default implementation calls FfdheGroup::from_named_group: 此函数
is extremely linker-unfriendly so it is recommended all key exchange implementers
provide 此函数.
rustls::ffdhe_groups contains suitable values 到 return 从 this,
用于 example rustls::ffdhe_groups::FFDHE2048。
Sourcefn fips(&self) -> bool
fn fips(&self) -> bool
Return true if this is 由 FIPS 批准的实现支持。
Sourcefn usable_for_version(&self, _version: ProtocolVersion) -> bool
fn usable_for_version(&self, _version: ProtocolVersion) -> bool
Return true if this should be offered/selected with the given version.
此 default implementation 返回 true 用于 all versions.