Coverage Report

Created: 2025-11-16 06:39

next uncovered line (L), next uncovered region (R), next uncovered branch (B)
/rust/registry/src/index.crates.io-1949cf8c6b5b557f/rustls-0.23.35/src/enums.rs
Line
Count
Source
1
#![allow(non_camel_case_types)]
2
#![allow(missing_docs)]
3
use crate::msgs::codec::{Codec, Reader};
4
use crate::msgs::enums::HashAlgorithm;
5
6
enum_builder! {
7
    /// The `AlertDescription` TLS protocol enum.  Values in this enum are taken
8
    /// from the various RFCs covering TLS, and are listed by IANA.
9
    /// The `Unknown` item is used when processing unrecognised ordinals.
10
    #[repr(u8)]
11
    pub enum AlertDescription {
12
        CloseNotify => 0x00,
13
        UnexpectedMessage => 0x0a,
14
        BadRecordMac => 0x14,
15
        DecryptionFailed => 0x15,
16
        RecordOverflow => 0x16,
17
        DecompressionFailure => 0x1e,
18
        HandshakeFailure => 0x28,
19
        NoCertificate => 0x29,
20
        BadCertificate => 0x2a,
21
        UnsupportedCertificate => 0x2b,
22
        CertificateRevoked => 0x2c,
23
        CertificateExpired => 0x2d,
24
        CertificateUnknown => 0x2e,
25
        IllegalParameter => 0x2f,
26
        UnknownCA => 0x30,
27
        AccessDenied => 0x31,
28
        DecodeError => 0x32,
29
        DecryptError => 0x33,
30
        ExportRestriction => 0x3c,
31
        ProtocolVersion => 0x46,
32
        InsufficientSecurity => 0x47,
33
        InternalError => 0x50,
34
        InappropriateFallback => 0x56,
35
        UserCanceled => 0x5a,
36
        NoRenegotiation => 0x64,
37
        MissingExtension => 0x6d,
38
        UnsupportedExtension => 0x6e,
39
        CertificateUnobtainable => 0x6f,
40
        UnrecognisedName => 0x70,
41
        BadCertificateStatusResponse => 0x71,
42
        BadCertificateHashValue => 0x72,
43
        UnknownPSKIdentity => 0x73,
44
        CertificateRequired => 0x74,
45
        NoApplicationProtocol => 0x78,
46
        EncryptedClientHelloRequired => 0x79, // https://datatracker.ietf.org/doc/html/draft-ietf-tls-esni-18#section-11.2
47
    }
48
}
49
50
enum_builder! {
51
    /// The `HandshakeType` TLS protocol enum.  Values in this enum are taken
52
    /// from the various RFCs covering TLS, and are listed by IANA.
53
    /// The `Unknown` item is used when processing unrecognised ordinals.
54
    #[repr(u8)]
55
    pub enum HandshakeType {
56
        HelloRequest => 0x00,
57
        ClientHello => 0x01,
58
        ServerHello => 0x02,
59
        HelloVerifyRequest => 0x03,
60
        NewSessionTicket => 0x04,
61
        EndOfEarlyData => 0x05,
62
        HelloRetryRequest => 0x06,
63
        EncryptedExtensions => 0x08,
64
        Certificate => 0x0b,
65
        ServerKeyExchange => 0x0c,
66
        CertificateRequest => 0x0d,
67
        ServerHelloDone => 0x0e,
68
        CertificateVerify => 0x0f,
69
        ClientKeyExchange => 0x10,
70
        Finished => 0x14,
71
        CertificateURL => 0x15,
72
        CertificateStatus => 0x16,
73
        KeyUpdate => 0x18,
74
        CompressedCertificate => 0x19,
75
        MessageHash => 0xfe,
76
    }
77
}
78
79
enum_builder! {
80
    /// The `ContentType` TLS protocol enum.  Values in this enum are taken
81
    /// from the various RFCs covering TLS, and are listed by IANA.
82
    /// The `Unknown` item is used when processing unrecognised ordinals.
83
    #[repr(u8)]
84
    pub enum ContentType {
85
        ChangeCipherSpec => 0x14,
86
        Alert => 0x15,
87
        Handshake => 0x16,
88
        ApplicationData => 0x17,
89
        Heartbeat => 0x18,
90
    }
91
}
92
93
enum_builder! {
94
    /// The `ProtocolVersion` TLS protocol enum.  Values in this enum are taken
95
    /// from the various RFCs covering TLS, and are listed by IANA.
96
    /// The `Unknown` item is used when processing unrecognised ordinals.
97
    #[repr(u16)]
98
    pub enum ProtocolVersion {
99
        SSLv2 => 0x0002,
100
        SSLv3 => 0x0300,
101
        TLSv1_0 => 0x0301,
102
        TLSv1_1 => 0x0302,
103
        TLSv1_2 => 0x0303,
104
        TLSv1_3 => 0x0304,
105
        DTLSv1_0 => 0xFEFF,
106
        DTLSv1_2 => 0xFEFD,
107
        DTLSv1_3 => 0xFEFC,
108
    }
109
}
110
111
enum_builder! {
112
    /// The `CipherSuite` TLS protocol enum.  Values in this enum are taken
113
    /// from the various RFCs covering TLS, and are listed by IANA.
114
    /// The `Unknown` item is used when processing unrecognised ordinals.
115
    #[repr(u16)]
116
    pub enum CipherSuite {
117
        TLS_NULL_WITH_NULL_NULL => 0x0000,
118
        TLS_PSK_WITH_AES_128_GCM_SHA256 => 0x00a8,
119
        TLS_PSK_WITH_AES_256_GCM_SHA384 => 0x00a9,
120
        TLS_EMPTY_RENEGOTIATION_INFO_SCSV => 0x00ff,
121
        TLS13_AES_128_GCM_SHA256 => 0x1301,
122
        TLS13_AES_256_GCM_SHA384 => 0x1302,
123
        TLS13_CHACHA20_POLY1305_SHA256 => 0x1303,
124
        TLS13_AES_128_CCM_SHA256 => 0x1304,
125
        TLS13_AES_128_CCM_8_SHA256 => 0x1305,
126
        TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA => 0xc009,
127
        TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA => 0xc00a,
128
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA => 0xc013,
129
        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA => 0xc014,
130
        TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 => 0xc023,
131
        TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 => 0xc024,
132
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 => 0xc027,
133
        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 => 0xc028,
134
        TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 => 0xc02b,
135
        TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 => 0xc02c,
136
        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 => 0xc02f,
137
        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 => 0xc030,
138
        TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 => 0xcca8,
139
        TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 => 0xcca9,
140
141
    !Debug:
142
        TLS_RSA_WITH_NULL_MD5 => 0x0001,
143
        TLS_RSA_WITH_NULL_SHA => 0x0002,
144
        TLS_RSA_EXPORT_WITH_RC4_40_MD5 => 0x0003,
145
        TLS_RSA_WITH_RC4_128_MD5 => 0x0004,
146
        TLS_RSA_WITH_RC4_128_SHA => 0x0005,
147
        TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 => 0x0006,
148
        TLS_RSA_WITH_IDEA_CBC_SHA => 0x0007,
149
        TLS_RSA_EXPORT_WITH_DES40_CBC_SHA => 0x0008,
150
        TLS_RSA_WITH_DES_CBC_SHA => 0x0009,
151
        TLS_RSA_WITH_3DES_EDE_CBC_SHA => 0x000a,
152
        TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA => 0x000b,
153
        TLS_DH_DSS_WITH_DES_CBC_SHA => 0x000c,
154
        TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA => 0x000d,
155
        TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA => 0x000e,
156
        TLS_DH_RSA_WITH_DES_CBC_SHA => 0x000f,
157
        TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA => 0x0010,
158
        TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA => 0x0011,
159
        TLS_DHE_DSS_WITH_DES_CBC_SHA => 0x0012,
160
        TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA => 0x0013,
161
        TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA => 0x0014,
162
        TLS_DHE_RSA_WITH_DES_CBC_SHA => 0x0015,
163
        TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA => 0x0016,
164
        TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 => 0x0017,
165
        TLS_DH_anon_WITH_RC4_128_MD5 => 0x0018,
166
        TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA => 0x0019,
167
        TLS_DH_anon_WITH_DES_CBC_SHA => 0x001a,
168
        TLS_DH_anon_WITH_3DES_EDE_CBC_SHA => 0x001b,
169
        SSL_FORTEZZA_KEA_WITH_NULL_SHA => 0x001c,
170
        SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA => 0x001d,
171
        TLS_KRB5_WITH_DES_CBC_SHA_or_SSL_FORTEZZA_KEA_WITH_RC4_128_SHA => 0x001e,
172
        TLS_KRB5_WITH_3DES_EDE_CBC_SHA => 0x001f,
173
        TLS_KRB5_WITH_RC4_128_SHA => 0x0020,
174
        TLS_KRB5_WITH_IDEA_CBC_SHA => 0x0021,
175
        TLS_KRB5_WITH_DES_CBC_MD5 => 0x0022,
176
        TLS_KRB5_WITH_3DES_EDE_CBC_MD5 => 0x0023,
177
        TLS_KRB5_WITH_RC4_128_MD5 => 0x0024,
178
        TLS_KRB5_WITH_IDEA_CBC_MD5 => 0x0025,
179
        TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA => 0x0026,
180
        TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA => 0x0027,
181
        TLS_KRB5_EXPORT_WITH_RC4_40_SHA => 0x0028,
182
        TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 => 0x0029,
183
        TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 => 0x002a,
184
        TLS_KRB5_EXPORT_WITH_RC4_40_MD5 => 0x002b,
185
        TLS_PSK_WITH_NULL_SHA => 0x002c,
186
        TLS_DHE_PSK_WITH_NULL_SHA => 0x002d,
187
        TLS_RSA_PSK_WITH_NULL_SHA => 0x002e,
188
        TLS_RSA_WITH_AES_128_CBC_SHA => 0x002f,
189
        TLS_DH_DSS_WITH_AES_128_CBC_SHA => 0x0030,
190
        TLS_DH_RSA_WITH_AES_128_CBC_SHA => 0x0031,
191
        TLS_DHE_DSS_WITH_AES_128_CBC_SHA => 0x0032,
192
        TLS_DHE_RSA_WITH_AES_128_CBC_SHA => 0x0033,
193
        TLS_DH_anon_WITH_AES_128_CBC_SHA => 0x0034,
194
        TLS_RSA_WITH_AES_256_CBC_SHA => 0x0035,
195
        TLS_DH_DSS_WITH_AES_256_CBC_SHA => 0x0036,
196
        TLS_DH_RSA_WITH_AES_256_CBC_SHA => 0x0037,
197
        TLS_DHE_DSS_WITH_AES_256_CBC_SHA => 0x0038,
198
        TLS_DHE_RSA_WITH_AES_256_CBC_SHA => 0x0039,
199
        TLS_DH_anon_WITH_AES_256_CBC_SHA => 0x003a,
200
        TLS_RSA_WITH_NULL_SHA256 => 0x003b,
201
        TLS_RSA_WITH_AES_128_CBC_SHA256 => 0x003c,
202
        TLS_RSA_WITH_AES_256_CBC_SHA256 => 0x003d,
203
        TLS_DH_DSS_WITH_AES_128_CBC_SHA256 => 0x003e,
204
        TLS_DH_RSA_WITH_AES_128_CBC_SHA256 => 0x003f,
205
        TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 => 0x0040,
206
        TLS_RSA_WITH_CAMELLIA_128_CBC_SHA => 0x0041,
207
        TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA => 0x0042,
208
        TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA => 0x0043,
209
        TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA => 0x0044,
210
        TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA => 0x0045,
211
        TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA => 0x0046,
212
        TLS_ECDH_ECDSA_WITH_NULL_SHA_draft => 0x0047,
213
        TLS_ECDH_ECDSA_WITH_RC4_128_SHA_draft => 0x0048,
214
        TLS_ECDH_ECDSA_WITH_DES_CBC_SHA_draft => 0x0049,
215
        TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA_draft => 0x004a,
216
        TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA_draft => 0x004b,
217
        TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA_draft => 0x004c,
218
        TLS_ECDH_ECNRA_WITH_DES_CBC_SHA_draft => 0x004d,
219
        TLS_ECDH_ECNRA_WITH_3DES_EDE_CBC_SHA_draft => 0x004e,
220
        TLS_ECMQV_ECDSA_NULL_SHA_draft => 0x004f,
221
        TLS_ECMQV_ECDSA_WITH_RC4_128_SHA_draft => 0x0050,
222
        TLS_ECMQV_ECDSA_WITH_DES_CBC_SHA_draft => 0x0051,
223
        TLS_ECMQV_ECDSA_WITH_3DES_EDE_CBC_SHA_draft => 0x0052,
224
        TLS_ECMQV_ECNRA_NULL_SHA_draft => 0x0053,
225
        TLS_ECMQV_ECNRA_WITH_RC4_128_SHA_draft => 0x0054,
226
        TLS_ECMQV_ECNRA_WITH_DES_CBC_SHA_draft => 0x0055,
227
        TLS_ECMQV_ECNRA_WITH_3DES_EDE_CBC_SHA_draft => 0x0056,
228
        TLS_ECDH_anon_NULL_WITH_SHA_draft => 0x0057,
229
        TLS_ECDH_anon_WITH_RC4_128_SHA_draft => 0x0058,
230
        TLS_ECDH_anon_WITH_DES_CBC_SHA_draft => 0x0059,
231
        TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA_draft => 0x005a,
232
        TLS_ECDH_anon_EXPORT_WITH_DES40_CBC_SHA_draft => 0x005b,
233
        TLS_ECDH_anon_EXPORT_WITH_RC4_40_SHA_draft => 0x005c,
234
        TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 => 0x0060,
235
        TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 => 0x0061,
236
        TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA => 0x0062,
237
        TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA => 0x0063,
238
        TLS_RSA_EXPORT1024_WITH_RC4_56_SHA => 0x0064,
239
        TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA => 0x0065,
240
        TLS_DHE_DSS_WITH_RC4_128_SHA => 0x0066,
241
        TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 => 0x0067,
242
        TLS_DH_DSS_WITH_AES_256_CBC_SHA256 => 0x0068,
243
        TLS_DH_RSA_WITH_AES_256_CBC_SHA256 => 0x0069,
244
        TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 => 0x006a,
245
        TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 => 0x006b,
246
        TLS_DH_anon_WITH_AES_128_CBC_SHA256 => 0x006c,
247
        TLS_DH_anon_WITH_AES_256_CBC_SHA256 => 0x006d,
248
        TLS_DHE_DSS_WITH_3DES_EDE_CBC_RMD => 0x0072,
249
        TLS_DHE_DSS_WITH_AES_128_CBC_RMD => 0x0073,
250
        TLS_DHE_DSS_WITH_AES_256_CBC_RMD => 0x0074,
251
        TLS_DHE_RSA_WITH_3DES_EDE_CBC_RMD => 0x0077,
252
        TLS_DHE_RSA_WITH_AES_128_CBC_RMD => 0x0078,
253
        TLS_DHE_RSA_WITH_AES_256_CBC_RMD => 0x0079,
254
        TLS_RSA_WITH_3DES_EDE_CBC_RMD => 0x007c,
255
        TLS_RSA_WITH_AES_128_CBC_RMD => 0x007d,
256
        TLS_RSA_WITH_AES_256_CBC_RMD => 0x007e,
257
        TLS_GOSTR341094_WITH_28147_CNT_IMIT => 0x0080,
258
        TLS_GOSTR341001_WITH_28147_CNT_IMIT => 0x0081,
259
        TLS_GOSTR341094_WITH_NULL_GOSTR3411 => 0x0082,
260
        TLS_GOSTR341001_WITH_NULL_GOSTR3411 => 0x0083,
261
        TLS_RSA_WITH_CAMELLIA_256_CBC_SHA => 0x0084,
262
        TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA => 0x0085,
263
        TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA => 0x0086,
264
        TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA => 0x0087,
265
        TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA => 0x0088,
266
        TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA => 0x0089,
267
        TLS_PSK_WITH_RC4_128_SHA => 0x008a,
268
        TLS_PSK_WITH_3DES_EDE_CBC_SHA => 0x008b,
269
        TLS_PSK_WITH_AES_128_CBC_SHA => 0x008c,
270
        TLS_PSK_WITH_AES_256_CBC_SHA => 0x008d,
271
        TLS_DHE_PSK_WITH_RC4_128_SHA => 0x008e,
272
        TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA => 0x008f,
273
        TLS_DHE_PSK_WITH_AES_128_CBC_SHA => 0x0090,
274
        TLS_DHE_PSK_WITH_AES_256_CBC_SHA => 0x0091,
275
        TLS_RSA_PSK_WITH_RC4_128_SHA => 0x0092,
276
        TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA => 0x0093,
277
        TLS_RSA_PSK_WITH_AES_128_CBC_SHA => 0x0094,
278
        TLS_RSA_PSK_WITH_AES_256_CBC_SHA => 0x0095,
279
        TLS_RSA_WITH_SEED_CBC_SHA => 0x0096,
280
        TLS_DH_DSS_WITH_SEED_CBC_SHA => 0x0097,
281
        TLS_DH_RSA_WITH_SEED_CBC_SHA => 0x0098,
282
        TLS_DHE_DSS_WITH_SEED_CBC_SHA => 0x0099,
283
        TLS_DHE_RSA_WITH_SEED_CBC_SHA => 0x009a,
284
        TLS_DH_anon_WITH_SEED_CBC_SHA => 0x009b,
285
        TLS_RSA_WITH_AES_128_GCM_SHA256 => 0x009c,
286
        TLS_RSA_WITH_AES_256_GCM_SHA384 => 0x009d,
287
        TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 => 0x009e,
288
        TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 => 0x009f,
289
        TLS_DH_RSA_WITH_AES_128_GCM_SHA256 => 0x00a0,
290
        TLS_DH_RSA_WITH_AES_256_GCM_SHA384 => 0x00a1,
291
        TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 => 0x00a2,
292
        TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 => 0x00a3,
293
        TLS_DH_DSS_WITH_AES_128_GCM_SHA256 => 0x00a4,
294
        TLS_DH_DSS_WITH_AES_256_GCM_SHA384 => 0x00a5,
295
        TLS_DH_anon_WITH_AES_128_GCM_SHA256 => 0x00a6,
296
        TLS_DH_anon_WITH_AES_256_GCM_SHA384 => 0x00a7,
297
        TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 => 0x00aa,
298
        TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 => 0x00ab,
299
        TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 => 0x00ac,
300
        TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 => 0x00ad,
301
        TLS_PSK_WITH_AES_128_CBC_SHA256 => 0x00ae,
302
        TLS_PSK_WITH_AES_256_CBC_SHA384 => 0x00af,
303
        TLS_PSK_WITH_NULL_SHA256 => 0x00b0,
304
        TLS_PSK_WITH_NULL_SHA384 => 0x00b1,
305
        TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 => 0x00b2,
306
        TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 => 0x00b3,
307
        TLS_DHE_PSK_WITH_NULL_SHA256 => 0x00b4,
308
        TLS_DHE_PSK_WITH_NULL_SHA384 => 0x00b5,
309
        TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 => 0x00b6,
310
        TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 => 0x00b7,
311
        TLS_RSA_PSK_WITH_NULL_SHA256 => 0x00b8,
312
        TLS_RSA_PSK_WITH_NULL_SHA384 => 0x00b9,
313
        TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 => 0x00ba,
314
        TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 => 0x00bb,
315
        TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 => 0x00bc,
316
        TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 => 0x00bd,
317
        TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 => 0x00be,
318
        TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 => 0x00bf,
319
        TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 => 0x00c0,
320
        TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 => 0x00c1,
321
        TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 => 0x00c2,
322
        TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 => 0x00c3,
323
        TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 => 0x00c4,
324
        TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 => 0x00c5,
325
        TLS_ECDH_ECDSA_WITH_NULL_SHA => 0xc001,
326
        TLS_ECDH_ECDSA_WITH_RC4_128_SHA => 0xc002,
327
        TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA => 0xc003,
328
        TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA => 0xc004,
329
        TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA => 0xc005,
330
        TLS_ECDHE_ECDSA_WITH_NULL_SHA => 0xc006,
331
        TLS_ECDHE_ECDSA_WITH_RC4_128_SHA => 0xc007,
332
        TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA => 0xc008,
333
        TLS_ECDH_RSA_WITH_NULL_SHA => 0xc00b,
334
        TLS_ECDH_RSA_WITH_RC4_128_SHA => 0xc00c,
335
        TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA => 0xc00d,
336
        TLS_ECDH_RSA_WITH_AES_128_CBC_SHA => 0xc00e,
337
        TLS_ECDH_RSA_WITH_AES_256_CBC_SHA => 0xc00f,
338
        TLS_ECDHE_RSA_WITH_NULL_SHA => 0xc010,
339
        TLS_ECDHE_RSA_WITH_RC4_128_SHA => 0xc011,
340
        TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA => 0xc012,
341
        TLS_ECDH_anon_WITH_NULL_SHA => 0xc015,
342
        TLS_ECDH_anon_WITH_RC4_128_SHA => 0xc016,
343
        TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA => 0xc017,
344
        TLS_ECDH_anon_WITH_AES_128_CBC_SHA => 0xc018,
345
        TLS_ECDH_anon_WITH_AES_256_CBC_SHA => 0xc019,
346
        TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA => 0xc01a,
347
        TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA => 0xc01b,
348
        TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA => 0xc01c,
349
        TLS_SRP_SHA_WITH_AES_128_CBC_SHA => 0xc01d,
350
        TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA => 0xc01e,
351
        TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA => 0xc01f,
352
        TLS_SRP_SHA_WITH_AES_256_CBC_SHA => 0xc020,
353
        TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA => 0xc021,
354
        TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA => 0xc022,
355
        TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 => 0xc025,
356
        TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 => 0xc026,
357
        TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 => 0xc029,
358
        TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 => 0xc02a,
359
        TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 => 0xc02d,
360
        TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 => 0xc02e,
361
        TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 => 0xc031,
362
        TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 => 0xc032,
363
        TLS_ECDHE_PSK_WITH_RC4_128_SHA => 0xc033,
364
        TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA => 0xc034,
365
        TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA => 0xc035,
366
        TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA => 0xc036,
367
        TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 => 0xc037,
368
        TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 => 0xc038,
369
        TLS_ECDHE_PSK_WITH_NULL_SHA => 0xc039,
370
        TLS_ECDHE_PSK_WITH_NULL_SHA256 => 0xc03a,
371
        TLS_ECDHE_PSK_WITH_NULL_SHA384 => 0xc03b,
372
        TLS_RSA_WITH_ARIA_128_CBC_SHA256 => 0xc03c,
373
        TLS_RSA_WITH_ARIA_256_CBC_SHA384 => 0xc03d,
374
        TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256 => 0xc03e,
375
        TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384 => 0xc03f,
376
        TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256 => 0xc040,
377
        TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384 => 0xc041,
378
        TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256 => 0xc042,
379
        TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384 => 0xc043,
380
        TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 => 0xc044,
381
        TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 => 0xc045,
382
        TLS_DH_anon_WITH_ARIA_128_CBC_SHA256 => 0xc046,
383
        TLS_DH_anon_WITH_ARIA_256_CBC_SHA384 => 0xc047,
384
        TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 => 0xc048,
385
        TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 => 0xc049,
386
        TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 => 0xc04a,
387
        TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 => 0xc04b,
388
        TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 => 0xc04c,
389
        TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 => 0xc04d,
390
        TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 => 0xc04e,
391
        TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 => 0xc04f,
392
        TLS_RSA_WITH_ARIA_128_GCM_SHA256 => 0xc050,
393
        TLS_RSA_WITH_ARIA_256_GCM_SHA384 => 0xc051,
394
        TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 => 0xc052,
395
        TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 => 0xc053,
396
        TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256 => 0xc054,
397
        TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384 => 0xc055,
398
        TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 => 0xc056,
399
        TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 => 0xc057,
400
        TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256 => 0xc058,
401
        TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384 => 0xc059,
402
        TLS_DH_anon_WITH_ARIA_128_GCM_SHA256 => 0xc05a,
403
        TLS_DH_anon_WITH_ARIA_256_GCM_SHA384 => 0xc05b,
404
        TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 => 0xc05c,
405
        TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 => 0xc05d,
406
        TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 => 0xc05e,
407
        TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 => 0xc05f,
408
        TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 => 0xc060,
409
        TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 => 0xc061,
410
        TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 => 0xc062,
411
        TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 => 0xc063,
412
        TLS_PSK_WITH_ARIA_128_CBC_SHA256 => 0xc064,
413
        TLS_PSK_WITH_ARIA_256_CBC_SHA384 => 0xc065,
414
        TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 => 0xc066,
415
        TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 => 0xc067,
416
        TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 => 0xc068,
417
        TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 => 0xc069,
418
        TLS_PSK_WITH_ARIA_128_GCM_SHA256 => 0xc06a,
419
        TLS_PSK_WITH_ARIA_256_GCM_SHA384 => 0xc06b,
420
        TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 => 0xc06c,
421
        TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 => 0xc06d,
422
        TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 => 0xc06e,
423
        TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 => 0xc06f,
424
        TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 => 0xc070,
425
        TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 => 0xc071,
426
        TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 => 0xc072,
427
        TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 => 0xc073,
428
        TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 => 0xc074,
429
        TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 => 0xc075,
430
        TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 => 0xc076,
431
        TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 => 0xc077,
432
        TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 => 0xc078,
433
        TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 => 0xc079,
434
        TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 => 0xc07a,
435
        TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 => 0xc07b,
436
        TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 => 0xc07c,
437
        TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 => 0xc07d,
438
        TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256 => 0xc07e,
439
        TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384 => 0xc07f,
440
        TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 => 0xc080,
441
        TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 => 0xc081,
442
        TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256 => 0xc082,
443
        TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384 => 0xc083,
444
        TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256 => 0xc084,
445
        TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384 => 0xc085,
446
        TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 => 0xc086,
447
        TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 => 0xc087,
448
        TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 => 0xc088,
449
        TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 => 0xc089,
450
        TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 => 0xc08a,
451
        TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 => 0xc08b,
452
        TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 => 0xc08c,
453
        TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 => 0xc08d,
454
        TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 => 0xc08e,
455
        TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 => 0xc08f,
456
        TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 => 0xc090,
457
        TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 => 0xc091,
458
        TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 => 0xc092,
459
        TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 => 0xc093,
460
        TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 => 0xc094,
461
        TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 => 0xc095,
462
        TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 => 0xc096,
463
        TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 => 0xc097,
464
        TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 => 0xc098,
465
        TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 => 0xc099,
466
        TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 => 0xc09a,
467
        TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 => 0xc09b,
468
        TLS_RSA_WITH_AES_128_CCM => 0xc09c,
469
        TLS_RSA_WITH_AES_256_CCM => 0xc09d,
470
        TLS_DHE_RSA_WITH_AES_128_CCM => 0xc09e,
471
        TLS_DHE_RSA_WITH_AES_256_CCM => 0xc09f,
472
        TLS_RSA_WITH_AES_128_CCM_8 => 0xc0a0,
473
        TLS_RSA_WITH_AES_256_CCM_8 => 0xc0a1,
474
        TLS_DHE_RSA_WITH_AES_128_CCM_8 => 0xc0a2,
475
        TLS_DHE_RSA_WITH_AES_256_CCM_8 => 0xc0a3,
476
        TLS_PSK_WITH_AES_128_CCM => 0xc0a4,
477
        TLS_PSK_WITH_AES_256_CCM => 0xc0a5,
478
        TLS_DHE_PSK_WITH_AES_128_CCM => 0xc0a6,
479
        TLS_DHE_PSK_WITH_AES_256_CCM => 0xc0a7,
480
        TLS_PSK_WITH_AES_128_CCM_8 => 0xc0a8,
481
        TLS_PSK_WITH_AES_256_CCM_8 => 0xc0a9,
482
        TLS_PSK_DHE_WITH_AES_128_CCM_8 => 0xc0aa,
483
        TLS_PSK_DHE_WITH_AES_256_CCM_8 => 0xc0ab,
484
        TLS_ECDHE_ECDSA_WITH_AES_128_CCM => 0xc0ac,
485
        TLS_ECDHE_ECDSA_WITH_AES_256_CCM => 0xc0ad,
486
        TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 => 0xc0ae,
487
        TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 => 0xc0af,
488
        TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 => 0xccaa,
489
        TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 => 0xccab,
490
        TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 => 0xccac,
491
        TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 => 0xccad,
492
        TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 => 0xccae,
493
        SSL_RSA_FIPS_WITH_DES_CBC_SHA => 0xfefe,
494
        SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA => 0xfeff,
495
    }
496
}
497
498
enum_builder! {
499
    /// The `SignatureScheme` TLS protocol enum.  Values in this enum are taken
500
    /// from the various RFCs covering TLS, and are listed by IANA.
501
    /// The `Unknown` item is used when processing unrecognised ordinals.
502
    #[repr(u16)]
503
    pub enum SignatureScheme {
504
        RSA_PKCS1_SHA1 => 0x0201,
505
        ECDSA_SHA1_Legacy => 0x0203,
506
        RSA_PKCS1_SHA256 => 0x0401,
507
        ECDSA_NISTP256_SHA256 => 0x0403,
508
        RSA_PKCS1_SHA384 => 0x0501,
509
        ECDSA_NISTP384_SHA384 => 0x0503,
510
        RSA_PKCS1_SHA512 => 0x0601,
511
        ECDSA_NISTP521_SHA512 => 0x0603,
512
        RSA_PSS_SHA256 => 0x0804,
513
        RSA_PSS_SHA384 => 0x0805,
514
        RSA_PSS_SHA512 => 0x0806,
515
        ED25519 => 0x0807,
516
        ED448 => 0x0808,
517
        // https://datatracker.ietf.org/doc/html/draft-ietf-tls-mldsa-00#name-iana-considerations
518
        ML_DSA_44 => 0x0904,
519
        ML_DSA_65 => 0x0905,
520
        ML_DSA_87 => 0x0906,
521
    }
522
}
523
524
impl SignatureScheme {
525
0
    pub(crate) fn algorithm(&self) -> SignatureAlgorithm {
526
0
        match *self {
527
            Self::RSA_PKCS1_SHA1
528
            | Self::RSA_PKCS1_SHA256
529
            | Self::RSA_PKCS1_SHA384
530
            | Self::RSA_PKCS1_SHA512
531
            | Self::RSA_PSS_SHA256
532
            | Self::RSA_PSS_SHA384
533
0
            | Self::RSA_PSS_SHA512 => SignatureAlgorithm::RSA,
534
            Self::ECDSA_SHA1_Legacy
535
            | Self::ECDSA_NISTP256_SHA256
536
            | Self::ECDSA_NISTP384_SHA384
537
0
            | Self::ECDSA_NISTP521_SHA512 => SignatureAlgorithm::ECDSA,
538
0
            Self::ED25519 => SignatureAlgorithm::ED25519,
539
0
            Self::ED448 => SignatureAlgorithm::ED448,
540
0
            _ => SignatureAlgorithm::Unknown(0),
541
        }
542
0
    }
Unexecuted instantiation: <rustls::enums::SignatureScheme>::algorithm
Unexecuted instantiation: <rustls::enums::SignatureScheme>::algorithm
Unexecuted instantiation: <rustls::enums::SignatureScheme>::algorithm
543
544
    /// Whether a particular `SignatureScheme` is allowed for TLS protocol signatures
545
    /// in TLS1.3.
546
    ///
547
    /// This prevents (eg) RSA_PKCS1_SHA256 being offered or accepted, even if our
548
    /// verifier supports it for other protocol versions.
549
    ///
550
    /// See RFC8446 s4.2.3: <https://datatracker.ietf.org/doc/html/rfc8446#section-4.2.3>
551
    ///
552
    /// This is a denylist so that newly-allocated `SignatureScheme`s values are
553
    /// allowed in TLS1.3 by default.
554
0
    pub(crate) fn supported_in_tls13(&self) -> bool {
555
0
        let [hash, sign] = self.to_array();
556
557
        // This covers both disallowing SHA1 items in `SignatureScheme`, and
558
        // old hash functions.  See the section beginning "Legacy algorithms:"
559
        // and item starting "In TLS 1.2, the extension contained hash/signature
560
        // pairs" in RFC8446 section 4.2.3.
561
0
        match HashAlgorithm::from(hash) {
562
            HashAlgorithm::NONE
563
            | HashAlgorithm::MD5
564
            | HashAlgorithm::SHA1
565
0
            | HashAlgorithm::SHA224 => return false,
566
0
            _ => (),
567
        };
568
569
        // RSA-PKCS1 is also disallowed for TLS1.3, see the section beginning
570
        // "RSASSA-PKCS1-v1_5 algorithms:" in RFC8446 section 4.2.3.
571
        //
572
        // (nb. SignatureAlgorithm::RSA is RSA-PKCS1, and does not cover RSA-PSS
573
        // or RSAE-PSS.)
574
        //
575
        // This also covers the outlawing of DSA mentioned elsewhere in 4.2.3.
576
0
        !matches!(
577
0
            SignatureAlgorithm::from(sign),
578
            SignatureAlgorithm::Anonymous | SignatureAlgorithm::RSA | SignatureAlgorithm::DSA
579
        )
580
0
    }
Unexecuted instantiation: <rustls::enums::SignatureScheme>::supported_in_tls13
Unexecuted instantiation: <rustls::enums::SignatureScheme>::supported_in_tls13
Unexecuted instantiation: <rustls::enums::SignatureScheme>::supported_in_tls13
581
}
582
583
enum_builder! {
584
    /// The `SignatureAlgorithm` TLS protocol enum.  Values in this enum are taken
585
    /// from the various RFCs covering TLS, and are listed by IANA.
586
    /// The `Unknown` item is used when processing unrecognised ordinals.
587
    #[repr(u8)]
588
    pub enum SignatureAlgorithm {
589
        Anonymous => 0x00,
590
        RSA => 0x01,
591
        DSA => 0x02,
592
        ECDSA => 0x03,
593
        ED25519 => 0x07,
594
        ED448 => 0x08,
595
    }
596
}
597
598
enum_builder! {
599
    /// The "TLS Certificate Compression Algorithm IDs" TLS protocol enum.
600
    /// Values in this enum are taken from [RFC8879].
601
    ///
602
    /// [RFC8879]: https://www.rfc-editor.org/rfc/rfc8879.html#section-7.3
603
    #[repr(u16)]
604
    pub enum CertificateCompressionAlgorithm {
605
        Zlib => 1,
606
        Brotli => 2,
607
        Zstd => 3,
608
    }
609
}
610
611
enum_builder! {
612
    /// The `CertificateType` enum sent in the cert_type extensions.
613
    /// Values in this enum are taken from the various RFCs covering TLS, and are listed by IANA.
614
    ///
615
    /// [RFC 6091 Section 5]: <https://datatracker.ietf.org/doc/html/rfc6091#section-5>
616
    /// [RFC 7250 Section 7]: <https://datatracker.ietf.org/doc/html/rfc7250#section-7>
617
    #[repr(u8)]
618
    #[derive(Default)]
619
    pub enum CertificateType {
620
        #[default]
621
        X509 => 0x00,
622
        RawPublicKey => 0x02,
623
    }
624
}
625
626
enum_builder! {
627
    /// The type of Encrypted Client Hello (`EchClientHelloType`).
628
    ///
629
    /// Specified in [draft-ietf-tls-esni Section 5].
630
    ///
631
    /// [draft-ietf-tls-esni Section 5]: <https://www.ietf.org/archive/id/draft-ietf-tls-esni-18.html#section-5>
632
    #[repr(u8)]
633
    pub enum EchClientHelloType {
634
        ClientHelloOuter => 0,
635
        ClientHelloInner => 1
636
    }
637
}
638
639
#[cfg(test)]
640
mod tests {
641
    use super::*;
642
    use crate::msgs::enums::tests::{test_enum8, test_enum16};
643
644
    #[test]
645
    fn test_enums() {
646
        test_enum8::<SignatureAlgorithm>(SignatureAlgorithm::Anonymous, SignatureAlgorithm::ECDSA);
647
        test_enum8::<ContentType>(ContentType::ChangeCipherSpec, ContentType::Heartbeat);
648
        test_enum8::<HandshakeType>(HandshakeType::HelloRequest, HandshakeType::MessageHash);
649
        test_enum8::<AlertDescription>(
650
            AlertDescription::CloseNotify,
651
            AlertDescription::NoApplicationProtocol,
652
        );
653
        test_enum16::<CertificateCompressionAlgorithm>(
654
            CertificateCompressionAlgorithm::Zlib,
655
            CertificateCompressionAlgorithm::Zstd,
656
        );
657
        test_enum8::<CertificateType>(CertificateType::X509, CertificateType::RawPublicKey);
658
    }
659
660
    #[test]
661
    fn tls13_signature_restrictions() {
662
        // rsa-pkcs1 denied
663
        assert!(!SignatureScheme::RSA_PKCS1_SHA1.supported_in_tls13());
664
        assert!(!SignatureScheme::RSA_PKCS1_SHA256.supported_in_tls13());
665
        assert!(!SignatureScheme::RSA_PKCS1_SHA384.supported_in_tls13());
666
        assert!(!SignatureScheme::RSA_PKCS1_SHA512.supported_in_tls13());
667
668
        // dsa denied
669
        assert!(!SignatureScheme::from(0x0201).supported_in_tls13());
670
        assert!(!SignatureScheme::from(0x0202).supported_in_tls13());
671
        assert!(!SignatureScheme::from(0x0203).supported_in_tls13());
672
        assert!(!SignatureScheme::from(0x0204).supported_in_tls13());
673
        assert!(!SignatureScheme::from(0x0205).supported_in_tls13());
674
        assert!(!SignatureScheme::from(0x0206).supported_in_tls13());
675
676
        // common
677
        assert!(SignatureScheme::ED25519.supported_in_tls13());
678
        assert!(SignatureScheme::ED448.supported_in_tls13());
679
        assert!(SignatureScheme::RSA_PSS_SHA256.supported_in_tls13());
680
        assert!(SignatureScheme::RSA_PSS_SHA384.supported_in_tls13());
681
        assert!(SignatureScheme::RSA_PSS_SHA512.supported_in_tls13());
682
683
        // rsa_pss_rsae_*
684
        assert!(SignatureScheme::from(0x0804).supported_in_tls13());
685
        assert!(SignatureScheme::from(0x0805).supported_in_tls13());
686
        assert!(SignatureScheme::from(0x0806).supported_in_tls13());
687
688
        // ecdsa_brainpool*
689
        assert!(SignatureScheme::from(0x081a).supported_in_tls13());
690
        assert!(SignatureScheme::from(0x081b).supported_in_tls13());
691
        assert!(SignatureScheme::from(0x081c).supported_in_tls13());
692
    }
693
}