mirror of https://github.com/ctz/rustls
Move key usage limits up into `CipherSuiteCommon`
This commit is contained in:
parent
cfec92ce70
commit
fdd1f8dd4f
|
@ -57,6 +57,8 @@ pub static TLS13_CHACHA20_POLY1305_SHA256: rustls::SupportedCipherSuite =
|
|||
common: rustls::CipherSuiteCommon {
|
||||
suite: rustls::CipherSuite::TLS13_CHACHA20_POLY1305_SHA256,
|
||||
hash_provider: &hash::Sha256,
|
||||
confidentiality_limit: u64::MAX,
|
||||
integrity_limit: 1 << 36,
|
||||
},
|
||||
hkdf_provider: &rustls::crypto::tls13::HkdfUsingHmac(&hmac::Sha256Hmac),
|
||||
aead_alg: &aead::Chacha20Poly1305,
|
||||
|
@ -68,6 +70,8 @@ pub static TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: rustls::SupportedCipherS
|
|||
common: rustls::CipherSuiteCommon {
|
||||
suite: rustls::CipherSuite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||
hash_provider: &hash::Sha256,
|
||||
confidentiality_limit: u64::MAX,
|
||||
integrity_limit: 1 << 36,
|
||||
},
|
||||
kx: rustls::crypto::KeyExchangeAlgorithm::ECDHE,
|
||||
sign: &[
|
||||
|
|
|
@ -167,7 +167,7 @@ impl quic::PacketKey for PacketKey {
|
|||
/// See <https://www.rfc-editor.org/rfc/rfc9001.html#name-confidentiality-limit>.
|
||||
#[inline]
|
||||
fn confidentiality_limit(&self) -> u64 {
|
||||
self.suite.confidentiality_limit
|
||||
self.suite.common.confidentiality_limit
|
||||
}
|
||||
|
||||
/// Number of times the packet key can be used without sacrificing integrity
|
||||
|
@ -175,7 +175,7 @@ impl quic::PacketKey for PacketKey {
|
|||
/// See <https://www.rfc-editor.org/rfc/rfc9001.html#name-integrity-limit>.
|
||||
#[inline]
|
||||
fn integrity_limit(&self) -> u64 {
|
||||
self.suite.integrity_limit
|
||||
self.suite.common.integrity_limit
|
||||
}
|
||||
|
||||
/// Tag length for the underlying AEAD algorithm
|
||||
|
|
|
@ -24,6 +24,8 @@ pub static TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite =
|
|||
common: CipherSuiteCommon {
|
||||
suite: CipherSuite::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||
hash_provider: &super::hash::SHA256,
|
||||
confidentiality_limit: u64::MAX,
|
||||
integrity_limit: 1 << 36,
|
||||
},
|
||||
kx: KeyExchangeAlgorithm::ECDHE,
|
||||
sign: TLS12_ECDSA_SCHEMES,
|
||||
|
@ -37,6 +39,8 @@ pub static TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite =
|
|||
common: CipherSuiteCommon {
|
||||
suite: CipherSuite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||
hash_provider: &super::hash::SHA256,
|
||||
confidentiality_limit: u64::MAX,
|
||||
integrity_limit: 1 << 36,
|
||||
},
|
||||
kx: KeyExchangeAlgorithm::ECDHE,
|
||||
sign: TLS12_RSA_SCHEMES,
|
||||
|
@ -50,6 +54,8 @@ pub static TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite =
|
|||
common: CipherSuiteCommon {
|
||||
suite: CipherSuite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||
hash_provider: &super::hash::SHA256,
|
||||
confidentiality_limit: 1 << 23,
|
||||
integrity_limit: 1 << 52,
|
||||
},
|
||||
kx: KeyExchangeAlgorithm::ECDHE,
|
||||
sign: TLS12_RSA_SCHEMES,
|
||||
|
@ -63,6 +69,8 @@ pub static TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite =
|
|||
common: CipherSuiteCommon {
|
||||
suite: CipherSuite::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
||||
hash_provider: &super::hash::SHA384,
|
||||
confidentiality_limit: 1 << 23,
|
||||
integrity_limit: 1 << 52,
|
||||
},
|
||||
kx: KeyExchangeAlgorithm::ECDHE,
|
||||
sign: TLS12_RSA_SCHEMES,
|
||||
|
@ -76,6 +84,8 @@ pub static TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite =
|
|||
common: CipherSuiteCommon {
|
||||
suite: CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
||||
hash_provider: &super::hash::SHA256,
|
||||
confidentiality_limit: 1 << 23,
|
||||
integrity_limit: 1 << 52,
|
||||
},
|
||||
kx: KeyExchangeAlgorithm::ECDHE,
|
||||
sign: TLS12_ECDSA_SCHEMES,
|
||||
|
@ -89,6 +99,8 @@ pub static TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite =
|
|||
common: CipherSuiteCommon {
|
||||
suite: CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
|
||||
hash_provider: &super::hash::SHA384,
|
||||
confidentiality_limit: 1 << 23,
|
||||
integrity_limit: 1 << 52,
|
||||
},
|
||||
kx: KeyExchangeAlgorithm::ECDHE,
|
||||
sign: TLS12_ECDSA_SCHEMES,
|
||||
|
|
|
@ -27,11 +27,11 @@ pub(crate) static TLS13_CHACHA20_POLY1305_SHA256_INTERNAL: &Tls13CipherSuite = &
|
|||
common: CipherSuiteCommon {
|
||||
suite: CipherSuite::TLS13_CHACHA20_POLY1305_SHA256,
|
||||
hash_provider: &super::hash::SHA256,
|
||||
confidentiality_limit: u64::MAX,
|
||||
integrity_limit: 1 << 36,
|
||||
},
|
||||
hkdf_provider: &RingHkdf(hkdf::HKDF_SHA256, hmac::HMAC_SHA256),
|
||||
aead_alg: &Chacha20Poly1305Aead(AeadAlgorithm(&aead::CHACHA20_POLY1305)),
|
||||
confidentiality_limit: u64::MAX,
|
||||
integrity_limit: 1 << 36,
|
||||
quic: Some(&super::quic::KeyBuilder(
|
||||
&aead::CHACHA20_POLY1305,
|
||||
&aead::quic::CHACHA20,
|
||||
|
@ -44,11 +44,11 @@ pub static TLS13_AES_256_GCM_SHA384: SupportedCipherSuite =
|
|||
common: CipherSuiteCommon {
|
||||
suite: CipherSuite::TLS13_AES_256_GCM_SHA384,
|
||||
hash_provider: &super::hash::SHA384,
|
||||
confidentiality_limit: 1 << 23,
|
||||
integrity_limit: 1 << 52,
|
||||
},
|
||||
hkdf_provider: &RingHkdf(hkdf::HKDF_SHA384, hmac::HMAC_SHA384),
|
||||
aead_alg: &Aes256GcmAead(AeadAlgorithm(&aead::AES_256_GCM)),
|
||||
confidentiality_limit: 1 << 23,
|
||||
integrity_limit: 1 << 52,
|
||||
quic: Some(&super::quic::KeyBuilder(
|
||||
&aead::AES_256_GCM,
|
||||
&aead::quic::AES_256,
|
||||
|
@ -63,11 +63,11 @@ pub(crate) static TLS13_AES_128_GCM_SHA256_INTERNAL: &Tls13CipherSuite = &Tls13C
|
|||
common: CipherSuiteCommon {
|
||||
suite: CipherSuite::TLS13_AES_128_GCM_SHA256,
|
||||
hash_provider: &super::hash::SHA256,
|
||||
confidentiality_limit: 1 << 23,
|
||||
integrity_limit: 1 << 52,
|
||||
},
|
||||
hkdf_provider: &RingHkdf(hkdf::HKDF_SHA256, hmac::HMAC_SHA256),
|
||||
aead_alg: &Aes128GcmAead(AeadAlgorithm(&aead::AES_128_GCM)),
|
||||
confidentiality_limit: 1 << 23,
|
||||
integrity_limit: 1 << 52,
|
||||
quic: Some(&super::quic::KeyBuilder(
|
||||
&aead::AES_128_GCM,
|
||||
&aead::quic::AES_128,
|
||||
|
|
|
@ -18,6 +18,23 @@ pub struct CipherSuiteCommon {
|
|||
|
||||
/// Which hash function the suite uses.
|
||||
pub hash_provider: &'static dyn crypto::hash::Hash,
|
||||
|
||||
/// The number of messages that can be encrypted by a single
|
||||
/// instance of `MessageEncrypter` produced for this suite before
|
||||
/// an attacker gains an advantage in distinguishing it from an ideal
|
||||
/// pseudorandom permutation (PRP).
|
||||
///
|
||||
/// This is to be set on the assumption that messages are maximally sized --
|
||||
/// at least 2 ** 14 bytes for TCP-TLS and 2 ** 16 for QUIC.
|
||||
pub confidentiality_limit: u64,
|
||||
|
||||
/// The number of messages an attacker can be allowed to unsuccessfully
|
||||
/// decrypt before the attacker gains an advantage in forging messages.
|
||||
///
|
||||
/// This is not relevant for TLS over TCP (which is implemented in this crate)
|
||||
/// because a single failed decryption is fatal to the connection. However,
|
||||
/// this quantity is used by QUIC.
|
||||
pub integrity_limit: u64,
|
||||
}
|
||||
|
||||
/// A cipher suite supported by rustls.
|
||||
|
|
|
@ -22,9 +22,6 @@ pub struct Tls13CipherSuite {
|
|||
/// [MessageEncrypter]: crate::crypto::cipher::MessageEncrypter
|
||||
pub aead_alg: &'static dyn crypto::cipher::Tls13AeadAlgorithm,
|
||||
|
||||
pub(crate) confidentiality_limit: u64,
|
||||
pub(crate) integrity_limit: u64,
|
||||
|
||||
/// How to create QUIC header and record protection algorithms
|
||||
/// for this suite.
|
||||
///
|
||||
|
|
Loading…
Reference in New Issue