rust/rustls
rust
/
rustls
mirror of https://github.com/ctz/rustls
1
0
Fork 0
Code Issues Releases Wiki Activity

Simplify key schedule.

This commit is contained in:
Brian Smith 2019-07-24 13:47:01 -10:00 committed by ctz
parent 7c7307070a
commit a039467f00
7 changed files with 101 additions and 97 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Cargo.toml
View File

@ -13,7 +13,7 @@ categories = ["network-programming", "cryptography"]
[dependencies]
base64 = "0.10"
log = { version = "0.4.4", optional = true }
ring = "0.16.2"
ring = "0.16.3"
sct = "0.6.0"
webpki = "0.21.0"

10
src/cipher.rs
View File

@ -123,9 +123,8 @@ pub fn new_tls12(scs: &'static SupportedCipherSuite,
pub fn new_tls13_read(scs: &'static SupportedCipherSuite,
secret: &[u8]) -> Box<dyn MessageDecrypter> {
let hash = scs.get_hash();
let key = derive_traffic_key(hash, secret, scs.enc_key_len);
let iv = derive_traffic_iv(hash, secret);
let key = derive_traffic_key(scs.hkdf_algorithm, secret, scs.enc_key_len);
let iv = derive_traffic_iv(scs.hkdf_algorithm, secret);
let aead_alg = scs.get_aead_alg();
Box::new(TLS13MessageDecrypter::new(aead_alg, &key, iv))
@ -133,9 +132,8 @@ pub fn new_tls13_read(scs: &'static SupportedCipherSuite,
pub fn new_tls13_write(scs: &'static SupportedCipherSuite,
secret: &[u8]) -> Box<dyn MessageEncrypter> {
let hash = scs.get_hash();
let key = derive_traffic_key(hash, secret, scs.enc_key_len);
let iv = derive_traffic_iv(hash, secret);
let key = derive_traffic_key(scs.hkdf_algorithm, secret, scs.enc_key_len);
let iv = derive_traffic_iv(scs.hkdf_algorithm, secret);
let aead_alg = scs.get_aead_alg();
Box::new(TLS13MessageEncrypter::new(aead_alg, &key, iv))

8
src/client/tls13.rs
View File

@ -125,7 +125,9 @@ pub fn fill_in_psk_binder(sess: &mut ClientSessionImpl,
hmp: &mut HandshakeMessagePayload) {
// We need to know the hash function of the suite we're trying to resume into.
let resuming = handshake.resuming_session.as_ref().unwrap();
let suite_hash = sess.find_cipher_suite(resuming.cipher_suite).unwrap().get_hash();
let suite = sess.find_cipher_suite(resuming.cipher_suite).unwrap();
let hkdf_alg = suite.hkdf_algorithm;
let suite_hash = suite.get_hash();
// The binder is calculated over the clienthello, but doesn't include itself or its
// length, or the length of its container.
@ -139,7 +141,7 @@ pub fn fill_in_psk_binder(sess: &mut ClientSessionImpl,
// Run a fake key_schedule to simulate what the server will do if it choses
// to resume.
let mut key_schedule = KeySchedule::new(suite_hash);
let mut key_schedule = KeySchedule::new(hkdf_alg);
key_schedule.input_secret(&resuming.master_secret.0);
let base_key = key_schedule.derive(SecretKind::ResumptionPSKBinderKey, &empty_hash);
let real_binder = key_schedule.sign_verify_data(&base_key, &handshake_hash);
@ -183,7 +185,7 @@ pub fn start_handshake_traffic(sess: &mut ClientSessionImpl,
// Discard the early data key schedule.
sess.early_data.rejected();
sess.common.early_traffic = false;
let mut key_schedule = KeySchedule::new(suite.get_hash());
let mut key_schedule = KeySchedule::new(suite.hkdf_algorithm);
key_schedule.input_empty();
sess.common.set_key_schedule(key_schedule);
handshake.resuming_session.take();

130
src/key_schedule.rs
View File

@ -1,6 +1,6 @@
/// Key schedule maintenance for TLS1.3
use ring::{hmac, digest};
use ring::{hkdf, hmac, digest};
use crate::msgs::codec::Codec;
use crate::error::TLSError;
use std::convert::TryInto;
@ -20,18 +20,6 @@ pub enum SecretKind {
DerivedSecret,
}
fn convert_digest_to_hmac_alg(hash: &'static digest::Algorithm) -> hmac::Algorithm {
if hash == &digest::SHA256 {
hmac::HMAC_SHA256
} else if hash == &digest::SHA384 {
hmac::HMAC_SHA384
} else if hash == &digest::SHA512 {
hmac::HMAC_SHA512
} else {
panic!("bad digest for prf");
}
}
impl SecretKind {
fn to_bytes(self) -> &'static [u8] {
match self {
@ -84,23 +72,20 @@ fn _hkdf_extract(salt: &hmac::Key, secret: &[u8]) -> hmac::Key {
pub struct KeySchedule {
current: hmac::Key,
need_derive_for_extract: bool,
hash: &'static digest::Algorithm,
hmac_alg: hmac::Algorithm,
algorithm: ring::hkdf::Algorithm,
pub current_client_traffic_secret: Vec<u8>,
pub current_server_traffic_secret: Vec<u8>,
pub current_exporter_secret: Vec<u8>,
}
impl KeySchedule {
pub fn new(hash: &'static digest::Algorithm) -> KeySchedule {
pub fn new(algorithm: hkdf::Algorithm) -> KeySchedule {
let zeroes = [0u8; digest::MAX_OUTPUT_LEN];
let zeroes = &zeroes[..algorithm.hmac_algorithm().digest_algorithm().output_len];
KeySchedule {
current: hmac::Key::new(convert_digest_to_hmac_alg(hash),
&zeroes[..hash.output_len]),
current: hmac::Key::new(algorithm.hmac_algorithm(), zeroes),
need_derive_for_extract: false,
hash,
hmac_alg: convert_digest_to_hmac_alg(hash),
algorithm,
current_server_traffic_secret: Vec::new(),
current_client_traffic_secret: Vec::new(),
current_exporter_secret: Vec::new(),
@ -110,7 +95,7 @@ impl KeySchedule {
/// Input the empty secret.
pub fn input_empty(&mut self) {
let zeroes = [0u8; digest::MAX_OUTPUT_LEN];
let hash_len = self.hash.output_len;
let hash_len = self.algorithm.hmac_algorithm().digest_algorithm().output_len;
self.input_secret(&zeroes[..hash_len]);
}
@ -118,7 +103,7 @@ impl KeySchedule {
pub fn input_secret(&mut self, secret: &[u8]) {
if self.need_derive_for_extract {
let derived = self.derive_for_empty_hash(SecretKind::DerivedSecret);
self.current = hmac::Key::new(self.hmac_alg,
self.current = hmac::Key::new(self.algorithm.hmac_algorithm(),
&derived);
}
self.need_derive_for_extract = true;
@ -128,12 +113,12 @@ impl KeySchedule {
/// Derive a secret of given `kind`, using current handshake hash `hs_hash`.
pub fn derive(&self, kind: SecretKind, hs_hash: &[u8]) -> Vec<u8> {
debug_assert_eq!(hs_hash.len(), self.hash.output_len);
debug_assert_eq!(hs_hash.len(), self.algorithm.hmac_algorithm().digest_algorithm().output_len);
_hkdf_expand_label_vec(&self.current,
kind.to_bytes(),
hs_hash,
self.hash.output_len)
hs_hash.len())
}
/// Derive a secret of given `kind` using the hash of the empty string
@ -141,11 +126,9 @@ impl KeySchedule {
/// `SecretKind::ResumptionPSKBinderKey` and
/// `SecretKind::DerivedSecret`.
pub fn derive_for_empty_hash(&self, kind: SecretKind) -> Vec<u8> {
let mut empty_hash = [0u8; digest::MAX_OUTPUT_LEN];
empty_hash[..self.hash.output_len]
.clone_from_slice(digest::digest(self.hash, &[]).as_ref());
self.derive(kind, &empty_hash[..self.hash.output_len])
let digest_alg = self.algorithm.hmac_algorithm().digest_algorithm();
let empty_hash = digest::digest(digest_alg, &[]);
self.derive(kind, empty_hash.as_ref())
}
/// Return the current traffic secret, of given `kind`.
@ -170,14 +153,17 @@ impl KeySchedule {
/// Sign the finished message consisting of `hs_hash` using the key material
/// `base_key`.
pub fn sign_verify_data(&self, base_key: &[u8], hs_hash: &[u8]) -> Vec<u8> {
debug_assert_eq!(hs_hash.len(), self.hash.output_len);
let hmac_alg = self.algorithm.hmac_algorithm();
let digest_alg = hmac_alg.digest_algorithm();
let hmac_key = _hkdf_expand_label_vec(&hmac::Key::new(self.hmac_alg, base_key),
debug_assert_eq!(hs_hash.len(), digest_alg.output_len);
let hmac_key = _hkdf_expand_label_vec(&hmac::Key::new(hmac_alg, base_key),
b"finished",
&[],
self.hash.output_len);
digest_alg.output_len);
hmac::sign(&hmac::Key::new(self.hmac_alg, &hmac_key), hs_hash)
hmac::sign(&hmac::Key::new(hmac_alg, &hmac_key), hs_hash)
.as_ref()
.to_vec()
}
@ -185,20 +171,24 @@ impl KeySchedule {
/// Derive the next application traffic secret of given `kind`, returning
/// it.
pub fn derive_next(&self, kind: SecretKind) -> Vec<u8> {
let hmac_alg = self.algorithm.hmac_algorithm();
let digest_alg = hmac_alg.digest_algorithm();
let base_key = self.current_traffic_secret(kind);
_hkdf_expand_label_vec(&hmac::Key::new(self.hmac_alg, base_key),
_hkdf_expand_label_vec(&hmac::Key::new(hmac_alg, base_key),
b"traffic upd",
&[],
self.hash.output_len)
digest_alg.output_len)
}
/// Derive the PSK to use given a resumption_master_secret and
/// ticket_nonce.
pub fn derive_ticket_psk(&self, rms: &[u8], nonce: &[u8]) -> Vec<u8> {
_hkdf_expand_label_vec(&hmac::Key::new(self.hmac_alg, rms),
let hmac_alg = self.algorithm.hmac_algorithm();
let digest_alg = hmac_alg.digest_algorithm();
_hkdf_expand_label_vec(&hmac::Key::new(hmac_alg, rms),
b"resumption",
nonce,
self.hash.output_len)
digest_alg.output_len)
}
pub fn export_keying_material(&self, out: &mut [u8],
@ -208,32 +198,34 @@ impl KeySchedule {
return Err(TLSError::HandshakeNotComplete);
}
let h_empty = digest::digest(self.hash, &[]);
let hmac_alg = self.algorithm.hmac_algorithm();
let digest_alg = hmac_alg.digest_algorithm();
let h_empty = digest::digest(digest_alg, &[]);
let mut secret = [0u8; digest::MAX_OUTPUT_LEN];
_hkdf_expand_label(&mut secret[..self.hash.output_len],
&hmac::Key::new(self.hmac_alg,
let secret = &mut secret[..digest_alg.output_len];
_hkdf_expand_label(secret,
&hmac::Key::new(hmac_alg,
&self.current_exporter_secret),
label,
h_empty.as_ref());
let mut h_context = [0u8; digest::MAX_OUTPUT_LEN];
h_context[..self.hash.output_len]
.clone_from_slice(digest::digest(self.hash,
context.unwrap_or(&[]))
.as_ref());
let h_context = digest::digest(digest_alg, context.unwrap_or(&[]));
_hkdf_expand_label(out,
&hmac::Key::new(self.hmac_alg, &secret[..self.hash.output_len]),
&hmac::Key::new(hmac_alg, secret),
b"exporter",
&h_context[..self.hash.output_len]);
h_context.as_ref());
Ok(())
}
}
fn _hkdf_expand_label_vec(secret: &hmac::Key,
label: &[u8],
context: &[u8],
len: usize) -> Vec<u8> {
pub(crate) fn _hkdf_expand_label_vec(
secret: &hmac::Key,
label: &[u8],
context: &[u8],
len: usize) -> Vec<u8>
{
let mut v = Vec::new();
v.resize(len, 0u8);
_hkdf_expand_label(&mut v,
@ -260,14 +252,12 @@ fn _hkdf_expand_label(output: &mut [u8],
_hkdf_expand(secret, &hkdflabel, output)
}
pub fn derive_traffic_key(hash: &'static digest::Algorithm, secret: &[u8], len: usize) -> Vec<u8> {
let hmac_alg = convert_digest_to_hmac_alg(hash);
_hkdf_expand_label_vec(&hmac::Key::new(hmac_alg, secret), b"key", &[], len)
pub fn derive_traffic_key(algorithm: hkdf::Algorithm, secret: &[u8], len: usize) -> Vec<u8> {
_hkdf_expand_label_vec(&hmac::Key::new(algorithm.hmac_algorithm(), secret), b"key", &[], len)
}
pub(crate) fn derive_traffic_iv(hash: &'static digest::Algorithm, secret: &[u8]) -> Iv {
let hmac_alg = convert_digest_to_hmac_alg(hash);
let iv = _hkdf_expand_label_vec(&hmac::Key::new(hmac_alg, secret), b"iv", &[],
pub(crate) fn derive_traffic_iv(algorithm: hkdf::Algorithm, secret: &[u8]) -> Iv {
let iv = _hkdf_expand_label_vec(&hmac::Key::new(algorithm.hmac_algorithm(), secret), b"iv", &[],
ring::aead::NONCE_LEN);
Iv::new(iv[..].try_into().unwrap())
}
@ -275,13 +265,13 @@ pub(crate) fn derive_traffic_iv(hash: &'static digest::Algorithm, secret: &[u8])
#[cfg(test)]
mod test {
use super::{KeySchedule, SecretKind, derive_traffic_key, derive_traffic_iv};
use ring::digest;
use ring::hkdf;
#[test]
fn smoke_test() {
let fake_handshake_hash = [0u8; 32];
let mut ks = KeySchedule::new(&digest::SHA256);
let mut ks = KeySchedule::new(hkdf::HKDF_SHA256);
ks.input_empty(); // no PSK
ks.derive(SecretKind::ResumptionPSKBinderKey, &fake_handshake_hash);
ks.input_secret(&[1u8, 2u8, 3u8, 4u8]);
@ -378,8 +368,8 @@ mod test {
0x0d, 0xb2, 0x8f, 0x98, 0x85, 0x86, 0xa1, 0xb7, 0xe4, 0xd5, 0xc6, 0x9c
];
let hash = &digest::SHA256;
let mut ks = KeySchedule::new(hash);
let hkdf = hkdf::HKDF_SHA256;
let mut ks = KeySchedule::new(hkdf);
ks.input_empty();
ks.input_secret(&ecdhe_secret);
@ -387,17 +377,17 @@ mod test {
&hs_start_hash);
assert_eq!(got_client_hts,
client_hts.to_vec());
assert_eq!(derive_traffic_key(hash, &got_client_hts, client_hts_key.len()),
assert_eq!(derive_traffic_key(hkdf, &got_client_hts, client_hts_key.len()),
client_hts_key.to_vec());
assert_eq!(derive_traffic_iv(hash, &got_client_hts).value(), &client_hts_iv);
assert_eq!(derive_traffic_iv(hkdf, &got_client_hts).value(), &client_hts_iv);
let got_server_hts = ks.derive(SecretKind::ServerHandshakeTrafficSecret,
&hs_start_hash);
assert_eq!(got_server_hts,
server_hts.to_vec());
assert_eq!(derive_traffic_key(hash, &got_server_hts, server_hts_key.len()),
assert_eq!(derive_traffic_key(hkdf, &got_server_hts, server_hts_key.len()),
server_hts_key.to_vec());
assert_eq!(derive_traffic_iv(hash, &got_server_hts).value(), &server_hts_iv);
assert_eq!(derive_traffic_iv(hkdf, &got_server_hts).value(), &server_hts_iv);
ks.input_empty();
@ -405,17 +395,17 @@ mod test {
&hs_full_hash);
assert_eq!(got_client_ats,
client_ats.to_vec());
assert_eq!(derive_traffic_key(hash, &got_client_ats, client_ats_key.len()),
assert_eq!(derive_traffic_key(hkdf, &got_client_ats, client_ats_key.len()),
client_ats_key.to_vec());
assert_eq!(derive_traffic_iv(hash, &got_client_ats).value(), &client_ats_iv);
assert_eq!(derive_traffic_iv(hkdf, &got_client_ats).value(), &client_ats_iv);
let got_server_ats = ks.derive(SecretKind::ServerApplicationTrafficSecret,
&hs_full_hash);
assert_eq!(got_server_ats,
server_ats.to_vec());
assert_eq!(derive_traffic_key(hash, &got_server_ats, server_ats_key.len()),
assert_eq!(derive_traffic_key(hkdf, &got_server_ats, server_ats_key.len()),
server_ats_key.to_vec());
assert_eq!(derive_traffic_iv(hash, &got_server_ats).value(), &server_ats_iv);
assert_eq!(derive_traffic_iv(hkdf, &got_server_ats).value(), &server_ats_iv);
}
}

22
src/quic.rs
View File

@ -5,10 +5,11 @@ use crate::msgs::handshake::{ClientExtension, ServerExtension};
use crate::msgs::message::{Message, MessagePayload};
use crate::server::{ServerConfig, ServerSession, ServerSessionImpl};
use crate::error::TLSError;
use crate::key_schedule::{KeySchedule, SecretKind};
use crate::key_schedule;
use crate::session::{SessionCommon, Protocol};
use std::sync::Arc;
use ring::hmac;
use webpki;
/// Secrets used to encrypt/decrypt traffic
@ -123,14 +124,19 @@ fn write_hs(this: &mut SessionCommon, buf: &mut Vec<u8>) -> Option<Secrets> {
}
fn update_secrets(this: &SessionCommon, client: &[u8], server: &[u8]) -> Secrets {
let suite = this.get_suite_assert();
// TODO: Don't clone
let mut key_schedule = KeySchedule::new(suite.get_hash());
key_schedule.current_client_traffic_secret = client.into();
key_schedule.current_server_traffic_secret = server.into();
let hmac_alg= this.get_suite_assert().hkdf_algorithm.hmac_algorithm();
let digest_alg = hmac_alg.digest_algorithm();
Secrets {
client: key_schedule.derive_next(SecretKind::ClientApplicationTrafficSecret),
server: key_schedule.derive_next(SecretKind::ServerApplicationTrafficSecret),
client: key_schedule::_hkdf_expand_label_vec(
&hmac::Key::new(hmac_alg, client),
b"traffic upd",
&[],
digest_alg.output_len),
server: key_schedule::_hkdf_expand_label_vec(
&hmac::Key::new(hmac_alg, server),
b"traffic upd",
&[],
digest_alg.output_len)
}
}

8
src/server/tls13.rs
View File

@ -68,10 +68,12 @@ impl CompleteClientHelloHandling {
_ => unreachable!(),
};
let suite_hash = sess.common.get_suite_assert().get_hash();
let suite = sess.common.get_suite_assert();
let hkdf_alg = suite.hkdf_algorithm;
let suite_hash = suite.get_hash();
let handshake_hash = self.handshake.transcript.get_hash_given(suite_hash, &binder_plaintext);
let mut key_schedule = KeySchedule::new(suite_hash);
let mut key_schedule = KeySchedule::new(hkdf_alg);
key_schedule.input_secret(psk);
let base_key = key_schedule.derive_for_empty_hash(SecretKind::ResumptionPSKBinderKey);
let real_binder = key_schedule.sign_verify_data(&base_key, &handshake_hash);
@ -153,7 +155,7 @@ impl CompleteClientHelloHandling {
// Start key schedule
let suite = sess.common.get_suite_assert();
let mut key_schedule = KeySchedule::new(suite.get_hash());
let mut key_schedule = KeySchedule::new(suite.hkdf_algorithm);
if let Some(psk) = resuming_psk {
key_schedule.input_secret(psk);

18
src/suites.rs
View File

@ -156,6 +156,8 @@ pub struct SupportedCipherSuite {
/// in a deterministic and safe way. GCM needs this,
/// chacha20poly1305 works this way by design.
pub explicit_nonce_len: usize,
pub(crate) hkdf_algorithm: ring::hkdf::Algorithm,
}
impl PartialEq for SupportedCipherSuite {
@ -167,12 +169,7 @@ impl PartialEq for SupportedCipherSuite {
impl SupportedCipherSuite {
/// Which hash function to use with this suite.
pub fn get_hash(&self) -> &'static ring::digest::Algorithm {
match self.hash {
HashAlgorithm::SHA256 => &ring::digest::SHA256,
HashAlgorithm::SHA384 => &ring::digest::SHA384,
HashAlgorithm::SHA512 => &ring::digest::SHA512,
_ => unreachable!(),
}
self.hkdf_algorithm.hmac_algorithm().digest_algorithm()
}
/// We have parameters and a verified public key in `kx_params`.
@ -276,6 +273,7 @@ pub static TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite =
enc_key_len: 32,
fixed_iv_len: 12,
explicit_nonce_len: 0,
hkdf_algorithm: ring::hkdf::HKDF_SHA256,
};
pub static TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite =
@ -288,6 +286,7 @@ pub static TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite =
enc_key_len: 32,
fixed_iv_len: 12,
explicit_nonce_len: 0,
hkdf_algorithm: ring::hkdf::HKDF_SHA256,
};
pub static TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite = SupportedCipherSuite {
@ -299,6 +298,7 @@ pub static TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite = Support
enc_key_len: 16,
fixed_iv_len: 4,
explicit_nonce_len: 8,
hkdf_algorithm: ring::hkdf::HKDF_SHA256,
};
pub static TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite = SupportedCipherSuite {
@ -310,6 +310,7 @@ pub static TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite = Support
enc_key_len: 32,
fixed_iv_len: 4,
explicit_nonce_len: 8,
hkdf_algorithm: ring::hkdf::HKDF_SHA384,
};
pub static TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite = SupportedCipherSuite {
@ -321,6 +322,7 @@ pub static TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite = Suppo
enc_key_len: 16,
fixed_iv_len: 4,
explicit_nonce_len: 8,
hkdf_algorithm: ring::hkdf::HKDF_SHA256,
};
pub static TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite = SupportedCipherSuite {
@ -332,6 +334,7 @@ pub static TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite = Suppo
enc_key_len: 32,
fixed_iv_len: 4,
explicit_nonce_len: 8,
hkdf_algorithm: ring::hkdf::HKDF_SHA384,
};
pub static TLS13_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = SupportedCipherSuite {
@ -343,6 +346,7 @@ pub static TLS13_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = SupportedCiphe
enc_key_len: 32,
fixed_iv_len: 12,
explicit_nonce_len: 0,
hkdf_algorithm: ring::hkdf::HKDF_SHA256,
};
pub static TLS13_AES_256_GCM_SHA384: SupportedCipherSuite = SupportedCipherSuite {
@ -354,6 +358,7 @@ pub static TLS13_AES_256_GCM_SHA384: SupportedCipherSuite = SupportedCipherSuite
enc_key_len: 32,
fixed_iv_len: 12,
explicit_nonce_len: 0,
hkdf_algorithm: ring::hkdf::HKDF_SHA384,
};
pub static TLS13_AES_128_GCM_SHA256: SupportedCipherSuite = SupportedCipherSuite {
@ -365,6 +370,7 @@ pub static TLS13_AES_128_GCM_SHA256: SupportedCipherSuite = SupportedCipherSuite
enc_key_len: 16,
fixed_iv_len: 12,
explicit_nonce_len: 0,
hkdf_algorithm: ring::hkdf::HKDF_SHA256,
};
/// A list of all the cipher suites supported by rustls.