/rust/git/checkouts/nss-rs-71e20fe79ef91440/9b94ca3/src/constants.rs

Source
// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
// http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
// <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your
// option. This file may not be copied, modified, or distributed
// except according to those terms.

use enum_map::Enum;
use strum::FromRepr;

use crate::{Error, ssl};

// Ideally all of these would be enums, but size matters and we need to allow
// for values outside of those that are defined here.

pub type Alert = u8;

#[derive(Default, Debug, Enum, Clone, Copy, PartialEq, Eq, PartialOrd, Ord, FromRepr)]
#[repr(u16)]
pub enum Epoch {
    // TLS doesn't really have an "initial" concept that maps to QUIC so directly,
    // but this should be clear enough.
    #[default]
    Initial = 0,
    ZeroRtt,
    Handshake,
    ApplicationData,
    // Also, we don't use TLS epochs > 3.
}

impl TryFrom<u16> for Epoch {
    type Error = Error;

    fn try_from(value: u16) -> Result<Self, Self::Error> {
        Self::from_repr(value).ok_or(Error::InvalidEpoch)
    }
}

impl From<Epoch> for usize {
    fn from(e: Epoch) -> Self {
        e as Self
    }
}

/// Rather than defining a type alias and a bunch of constants, which leads to a ton of repetition,
/// use this macro.
macro_rules! remap_enum {
    { $t:ident: $s:ty { $( $n:ident = $v:path ),+ $(,)? } } => {
        pub type $t = $s;
        $(#[expect(clippy::cast_possible_truncation, reason = "Inherent in macro use.")] pub const $n: $t = $v as $t; )+
    };
    { $t:ident: $s:ty => $e:ident { $( $n:ident = $v:ident ),+ $(,)? } } => {
        remap_enum!{ $t: $s { $( $n = $e::$v ),+ } }
    };
    { $t:ident: $s:ty => $p:ident::$e:ident { $( $n:ident = $v:ident ),+ $(,)? } } => {
        remap_enum!{ $t: $s { $( $n = $p::$e::$v ),+ } }
    };
}

remap_enum! {
    Version: u16 => ssl {
        TLS_VERSION_1_2 = SSL_LIBRARY_VERSION_TLS_1_2,
        TLS_VERSION_1_3 = SSL_LIBRARY_VERSION_TLS_1_3,
    }
}

#[expect(dead_code, reason = "Code is bindgen-generated.")]
mod ciphers {
    include!(concat!(env!("OUT_DIR"), "/nss_ciphers.rs"));
}

remap_enum! {
    Cipher: u16 => ciphers {
        TLS_AES_128_GCM_SHA256 = TLS_AES_128_GCM_SHA256,
        TLS_AES_256_GCM_SHA384 = TLS_AES_256_GCM_SHA384,
        TLS_CHACHA20_POLY1305_SHA256 = TLS_CHACHA20_POLY1305_SHA256,
    }
}

remap_enum! {
    Group: u16 => ssl::SSLNamedGroup {
        TLS_GRP_EC_SECP256R1 = ssl_grp_ec_secp256r1,
        TLS_GRP_EC_SECP384R1 = ssl_grp_ec_secp384r1,
        TLS_GRP_EC_SECP521R1 = ssl_grp_ec_secp521r1,
        TLS_GRP_EC_X25519 = ssl_grp_ec_curve25519,
        TLS_GRP_KEM_XYBER768D00 = ssl_grp_kem_xyber768d00,
        TLS_GRP_KEM_MLKEM768X25519 = ssl_grp_kem_mlkem768x25519,
    }
}

remap_enum! {
    HandshakeMessage: u8 => ssl::SSLHandshakeType {
        TLS_HS_HELLO_REQUEST = ssl_hs_hello_request,
        TLS_HS_CLIENT_HELLO = ssl_hs_client_hello,
        TLS_HS_SERVER_HELLO = ssl_hs_server_hello,
        TLS_HS_HELLO_VERIFY_REQUEST = ssl_hs_hello_verify_request,
        TLS_HS_NEW_SESSION_TICKET = ssl_hs_new_session_ticket,
        TLS_HS_END_OF_EARLY_DATA = ssl_hs_end_of_early_data,
        TLS_HS_HELLO_RETRY_REQUEST = ssl_hs_hello_retry_request,
        TLS_HS_ENCRYPTED_EXTENSIONS = ssl_hs_encrypted_extensions,
        TLS_HS_CERTIFICATE = ssl_hs_certificate,
        TLS_HS_SERVER_KEY_EXCHANGE = ssl_hs_server_key_exchange,
        TLS_HS_CERTIFICATE_REQUEST = ssl_hs_certificate_request,
        TLS_HS_SERVER_HELLO_DONE = ssl_hs_server_hello_done,
        TLS_HS_CERTIFICATE_VERIFY = ssl_hs_certificate_verify,
        TLS_HS_CLIENT_KEY_EXCHANGE = ssl_hs_client_key_exchange,
        TLS_HS_FINISHED = ssl_hs_finished,
        TLS_HS_CERT_STATUS = ssl_hs_certificate_status,
        TLS_HS_KEY_UDPATE = ssl_hs_key_update,
    }
}

remap_enum! {
    ContentType: u8 => ssl::SSLContentType {
        TLS_CT_CHANGE_CIPHER_SPEC = ssl_ct_change_cipher_spec,
        TLS_CT_ALERT = ssl_ct_alert,
        TLS_CT_HANDSHAKE = ssl_ct_handshake,
        TLS_CT_APPLICATION_DATA = ssl_ct_application_data,
        TLS_CT_ACK = ssl_ct_ack,
    }
}

remap_enum! {
    Extension: u16 => ssl::SSLExtensionType {
        TLS_EXT_SERVER_NAME = ssl_server_name_xtn,
        TLS_EXT_CERT_STATUS = ssl_cert_status_xtn,
        TLS_EXT_GROUPS = ssl_supported_groups_xtn,
        TLS_EXT_EC_POINT_FORMATS = ssl_ec_point_formats_xtn,
        TLS_EXT_SIG_SCHEMES = ssl_signature_algorithms_xtn,
        TLS_EXT_USE_SRTP = ssl_use_srtp_xtn,
        TLS_EXT_ALPN = ssl_app_layer_protocol_xtn,
        TLS_EXT_SCT = ssl_signed_cert_timestamp_xtn,
        TLS_EXT_PADDING = ssl_padding_xtn,
        TLS_EXT_EMS = ssl_extended_master_secret_xtn,
        TLS_EXT_RECORD_SIZE = ssl_record_size_limit_xtn,
        TLS_EXT_SESSION_TICKET = ssl_session_ticket_xtn,
        TLS_EXT_PSK = ssl_tls13_pre_shared_key_xtn,
        TLS_EXT_EARLY_DATA = ssl_tls13_early_data_xtn,
        TLS_EXT_VERSIONS = ssl_tls13_supported_versions_xtn,
        TLS_EXT_COOKIE = ssl_tls13_cookie_xtn,
        TLS_EXT_PSK_MODES = ssl_tls13_psk_key_exchange_modes_xtn,
        TLS_EXT_CA = ssl_tls13_certificate_authorities_xtn,
        TLS_EXT_POST_HS_AUTH = ssl_tls13_post_handshake_auth_xtn,
        TLS_EXT_CERT_SIG_SCHEMES = ssl_signature_algorithms_cert_xtn,
        TLS_EXT_KEY_SHARE = ssl_tls13_key_share_xtn,
        TLS_EXT_RENEGOTIATION_INFO = ssl_renegotiation_info_xtn,
    }
}

remap_enum! {
    SignatureScheme: u16 => ssl::SSLSignatureScheme {
        TLS_SIG_NONE = ssl_sig_none,
        TLS_SIG_RSA_PKCS1_SHA256 = ssl_sig_rsa_pkcs1_sha256,
        TLS_SIG_RSA_PKCS1_SHA384 = ssl_sig_rsa_pkcs1_sha384,
        TLS_SIG_RSA_PKCS1_SHA512 = ssl_sig_rsa_pkcs1_sha512,
        TLS_SIG_ECDSA_SECP256R1_SHA256 = ssl_sig_ecdsa_secp256r1_sha256,
        TLS_SIG_ECDSA_SECP384R1_SHA384 = ssl_sig_ecdsa_secp384r1_sha384,
        TLS_SIG_ECDSA_SECP512R1_SHA512 = ssl_sig_ecdsa_secp521r1_sha512,
        TLS_SIG_RSA_PSS_RSAE_SHA256 = ssl_sig_rsa_pss_rsae_sha256,
        TLS_SIG_RSA_PSS_RSAE_SHA384 = ssl_sig_rsa_pss_rsae_sha384,
        TLS_SIG_RSA_PSS_RSAE_SHA512 = ssl_sig_rsa_pss_rsae_sha512,
        TLS_SIG_ED25519 = ssl_sig_ed25519,
        TLS_SIG_ED448 = ssl_sig_ed448,
        TLS_SIG_RSA_PSS_PSS_SHA256 = ssl_sig_rsa_pss_pss_sha256,
        TLS_SIG_RSA_PSS_PSS_SHA384 = ssl_sig_rsa_pss_pss_sha384,
        TLS_SIG_RSA_PSS_PSS_SHA512 = ssl_sig_rsa_pss_pss_sha512,
    }
}

#[cfg(test)]
#[cfg_attr(coverage_nightly, coverage(off))]
mod tests {
    use super::Epoch;

    #[test]
    fn epoch_into_usize() {
        assert_eq!(usize::from(Epoch::Initial), 0);
        assert_eq!(usize::from(Epoch::ZeroRtt), 1);
        assert_eq!(usize::from(Epoch::Handshake), 2);
        assert_eq!(usize::from(Epoch::ApplicationData), 3);
    }
}

Coverage Report

Created: 2026-05-18 06:32

Line	Count	Source
1		// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
2		// http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
3		// <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your
4		// option. This file may not be copied, modified, or distributed
5		// except according to those terms.
6
7		use enum_map::Enum;
8		use strum::FromRepr;
9
10		use crate::{Error, ssl};
11
12		// Ideally all of these would be enums, but size matters and we need to allow
13		// for values outside of those that are defined here.
14
15		pub type Alert = u8;
16
17		#[derive(Default, Debug, Enum, Clone, Copy, PartialEq, Eq, PartialOrd, Ord, FromRepr)]
18		#[repr(u16)]
19		pub enum Epoch {
20		// TLS doesn't really have an "initial" concept that maps to QUIC so directly,
21		// but this should be clear enough.
22		#[default]
23		Initial = 0,
24		ZeroRtt,
25		Handshake,
26		ApplicationData,
27		// Also, we don't use TLS epochs > 3.
28		}
29
30		impl TryFrom<u16> for Epoch {
31		type Error = Error;
32
33	4.19k	fn try_from(value: u16) -> Result<Self, Self::Error> {
34	4.19k	Self::from_repr(value).ok_or(Error::InvalidEpoch)
35	4.19k	}
36		}
37
38		impl From<Epoch> for usize {
39	10.3k	fn from(e: Epoch) -> Self {
40	10.3k	e as Self
41	10.3k	}
42		}
43
44		/// Rather than defining a type alias and a bunch of constants, which leads to a ton of repetition,
45		/// use this macro.
46		macro_rules! remap_enum {
47		{ $t:ident: $s:ty { $( $n:ident = $v:path ),+ $(,)? } } => {
48		pub type $t = $s;
49		$(#[expect(clippy::cast_possible_truncation, reason = "Inherent in macro use.")] pub const $n: $t = $v as $t; )+
50		};
51		{ $t:ident: $s:ty => $e:ident { $( $n:ident = $v:ident ),+ $(,)? } } => {
52		remap_enum!{ $t: $s { $( $n = $e::$v ),+ } }
53		};
54		{ $t:ident: $s:ty => $p:ident::$e:ident { $( $n:ident = $v:ident ),+ $(,)? } } => {
55		remap_enum!{ $t: $s { $( $n = $p::$e::$v ),+ } }
56		};
57		}
58
59		remap_enum! {
60		Version: u16 => ssl {
61		TLS_VERSION_1_2 = SSL_LIBRARY_VERSION_TLS_1_2,
62		TLS_VERSION_1_3 = SSL_LIBRARY_VERSION_TLS_1_3,
63		}
64		}
65
66		#[expect(dead_code, reason = "Code is bindgen-generated.")]
67		mod ciphers {
68		include!(concat!(env!("OUT_DIR"), "/nss_ciphers.rs"));
69		}
70
71		remap_enum! {
72		Cipher: u16 => ciphers {
73		TLS_AES_128_GCM_SHA256 = TLS_AES_128_GCM_SHA256,
74		TLS_AES_256_GCM_SHA384 = TLS_AES_256_GCM_SHA384,
75		TLS_CHACHA20_POLY1305_SHA256 = TLS_CHACHA20_POLY1305_SHA256,
76		}
77		}
78
79		remap_enum! {
80		Group: u16 => ssl::SSLNamedGroup {
81		TLS_GRP_EC_SECP256R1 = ssl_grp_ec_secp256r1,
82		TLS_GRP_EC_SECP384R1 = ssl_grp_ec_secp384r1,
83		TLS_GRP_EC_SECP521R1 = ssl_grp_ec_secp521r1,
84		TLS_GRP_EC_X25519 = ssl_grp_ec_curve25519,
85		TLS_GRP_KEM_XYBER768D00 = ssl_grp_kem_xyber768d00,
86		TLS_GRP_KEM_MLKEM768X25519 = ssl_grp_kem_mlkem768x25519,
87		}
88		}
89
90		remap_enum! {
91		HandshakeMessage: u8 => ssl::SSLHandshakeType {
92		TLS_HS_HELLO_REQUEST = ssl_hs_hello_request,
93		TLS_HS_CLIENT_HELLO = ssl_hs_client_hello,
94		TLS_HS_SERVER_HELLO = ssl_hs_server_hello,
95		TLS_HS_HELLO_VERIFY_REQUEST = ssl_hs_hello_verify_request,
96		TLS_HS_NEW_SESSION_TICKET = ssl_hs_new_session_ticket,
97		TLS_HS_END_OF_EARLY_DATA = ssl_hs_end_of_early_data,
98		TLS_HS_HELLO_RETRY_REQUEST = ssl_hs_hello_retry_request,
99		TLS_HS_ENCRYPTED_EXTENSIONS = ssl_hs_encrypted_extensions,
100		TLS_HS_CERTIFICATE = ssl_hs_certificate,
101		TLS_HS_SERVER_KEY_EXCHANGE = ssl_hs_server_key_exchange,
102		TLS_HS_CERTIFICATE_REQUEST = ssl_hs_certificate_request,
103		TLS_HS_SERVER_HELLO_DONE = ssl_hs_server_hello_done,
104		TLS_HS_CERTIFICATE_VERIFY = ssl_hs_certificate_verify,
105		TLS_HS_CLIENT_KEY_EXCHANGE = ssl_hs_client_key_exchange,
106		TLS_HS_FINISHED = ssl_hs_finished,
107		TLS_HS_CERT_STATUS = ssl_hs_certificate_status,
108		TLS_HS_KEY_UDPATE = ssl_hs_key_update,
109		}
110		}
111
112		remap_enum! {
113		ContentType: u8 => ssl::SSLContentType {
114		TLS_CT_CHANGE_CIPHER_SPEC = ssl_ct_change_cipher_spec,
115		TLS_CT_ALERT = ssl_ct_alert,
116		TLS_CT_HANDSHAKE = ssl_ct_handshake,
117		TLS_CT_APPLICATION_DATA = ssl_ct_application_data,
118		TLS_CT_ACK = ssl_ct_ack,
119		}
120		}
121
122		remap_enum! {
123		Extension: u16 => ssl::SSLExtensionType {
124		TLS_EXT_SERVER_NAME = ssl_server_name_xtn,
125		TLS_EXT_CERT_STATUS = ssl_cert_status_xtn,
126		TLS_EXT_GROUPS = ssl_supported_groups_xtn,
127		TLS_EXT_EC_POINT_FORMATS = ssl_ec_point_formats_xtn,
128		TLS_EXT_SIG_SCHEMES = ssl_signature_algorithms_xtn,
129		TLS_EXT_USE_SRTP = ssl_use_srtp_xtn,
130		TLS_EXT_ALPN = ssl_app_layer_protocol_xtn,
131		TLS_EXT_SCT = ssl_signed_cert_timestamp_xtn,
132		TLS_EXT_PADDING = ssl_padding_xtn,
133		TLS_EXT_EMS = ssl_extended_master_secret_xtn,
134		TLS_EXT_RECORD_SIZE = ssl_record_size_limit_xtn,
135		TLS_EXT_SESSION_TICKET = ssl_session_ticket_xtn,
136		TLS_EXT_PSK = ssl_tls13_pre_shared_key_xtn,
137		TLS_EXT_EARLY_DATA = ssl_tls13_early_data_xtn,
138		TLS_EXT_VERSIONS = ssl_tls13_supported_versions_xtn,
139		TLS_EXT_COOKIE = ssl_tls13_cookie_xtn,
140		TLS_EXT_PSK_MODES = ssl_tls13_psk_key_exchange_modes_xtn,
141		TLS_EXT_CA = ssl_tls13_certificate_authorities_xtn,
142		TLS_EXT_POST_HS_AUTH = ssl_tls13_post_handshake_auth_xtn,
143		TLS_EXT_CERT_SIG_SCHEMES = ssl_signature_algorithms_cert_xtn,
144		TLS_EXT_KEY_SHARE = ssl_tls13_key_share_xtn,
145		TLS_EXT_RENEGOTIATION_INFO = ssl_renegotiation_info_xtn,
146		}
147		}
148
149		remap_enum! {
150		SignatureScheme: u16 => ssl::SSLSignatureScheme {
151		TLS_SIG_NONE = ssl_sig_none,
152		TLS_SIG_RSA_PKCS1_SHA256 = ssl_sig_rsa_pkcs1_sha256,
153		TLS_SIG_RSA_PKCS1_SHA384 = ssl_sig_rsa_pkcs1_sha384,
154		TLS_SIG_RSA_PKCS1_SHA512 = ssl_sig_rsa_pkcs1_sha512,
155		TLS_SIG_ECDSA_SECP256R1_SHA256 = ssl_sig_ecdsa_secp256r1_sha256,
156		TLS_SIG_ECDSA_SECP384R1_SHA384 = ssl_sig_ecdsa_secp384r1_sha384,
157		TLS_SIG_ECDSA_SECP512R1_SHA512 = ssl_sig_ecdsa_secp521r1_sha512,
158		TLS_SIG_RSA_PSS_RSAE_SHA256 = ssl_sig_rsa_pss_rsae_sha256,
159		TLS_SIG_RSA_PSS_RSAE_SHA384 = ssl_sig_rsa_pss_rsae_sha384,
160		TLS_SIG_RSA_PSS_RSAE_SHA512 = ssl_sig_rsa_pss_rsae_sha512,
161		TLS_SIG_ED25519 = ssl_sig_ed25519,
162		TLS_SIG_ED448 = ssl_sig_ed448,
163		TLS_SIG_RSA_PSS_PSS_SHA256 = ssl_sig_rsa_pss_pss_sha256,
164		TLS_SIG_RSA_PSS_PSS_SHA384 = ssl_sig_rsa_pss_pss_sha384,
165		TLS_SIG_RSA_PSS_PSS_SHA512 = ssl_sig_rsa_pss_pss_sha512,
166		}
167		}
168
169		#[cfg(test)]
170		#[cfg_attr(coverage_nightly, coverage(off))]
171		mod tests {
172		use super::Epoch;
173
174		#[test]
175		fn epoch_into_usize() {
176		assert_eq!(usize::from(Epoch::Initial), 0);
177		assert_eq!(usize::from(Epoch::ZeroRtt), 1);
178		assert_eq!(usize::from(Epoch::Handshake), 2);
179		assert_eq!(usize::from(Epoch::ApplicationData), 3);
180		}
181		}