@@ -49,6 +49,44 @@ impl crypto::ActiveKeyExchange for X25519KeyExchange {
4949 }
5050}
5151
52+ #[ derive( Debug ) ]
53+ pub struct X448 ;
54+
55+ impl crypto:: SupportedKxGroup for X448 {
56+ fn name ( & self ) -> rustls:: NamedGroup {
57+ rustls:: NamedGroup :: X448
58+ }
59+
60+ fn start ( & self ) -> Result < Box < dyn crypto:: ActiveKeyExchange > , rustls:: Error > {
61+ let mut rng = UnwrapErr ( getrandom:: SysRng ) ;
62+ let priv_key = x448:: EphemeralSecret :: try_generate_from_rng ( & mut rng)
63+ . map_err ( |_| rustls:: Error :: from ( rustls:: PeerMisbehaved :: InvalidKeyShare ) ) ?;
64+ let pub_key = ( & priv_key) . into ( ) ;
65+ Ok ( Box :: new ( X448KeyExchange { priv_key, pub_key } ) )
66+ }
67+ }
68+
69+ pub struct X448KeyExchange {
70+ priv_key : x448:: EphemeralSecret ,
71+ pub_key : x448:: PublicKey ,
72+ }
73+
74+ impl crypto:: ActiveKeyExchange for X448KeyExchange {
75+ fn complete ( self : Box < X448KeyExchange > , peer : & [ u8 ] ) -> Result < SharedSecret , rustls:: Error > {
76+ let peer = x448:: PublicKey :: from_bytes ( peer)
77+ . ok_or_else ( || rustls:: Error :: from ( rustls:: PeerMisbehaved :: InvalidKeyShare ) ) ?;
78+ Ok ( self . priv_key . diffie_hellman ( & peer) . as_bytes ( ) [ ..] . into ( ) )
79+ }
80+
81+ fn pub_key ( & self ) -> & [ u8 ] {
82+ self . pub_key . as_bytes ( )
83+ }
84+
85+ fn group ( & self ) -> rustls:: NamedGroup {
86+ X448 . name ( )
87+ }
88+ }
89+
5290macro_rules! impl_kx {
5391 ( $name: ident, $kx_name: ty, $secret: ty, $public_key: ty) => {
5492 paste! {
@@ -108,5 +146,6 @@ macro_rules! impl_kx {
108146
109147impl_kx ! { SecP256R1 , rustls:: NamedGroup :: secp256r1, p256:: ecdh:: EphemeralSecret , p256:: PublicKey }
110148impl_kx ! { SecP384R1 , rustls:: NamedGroup :: secp384r1, p384:: ecdh:: EphemeralSecret , p384:: PublicKey }
149+ impl_kx ! { SecP521R1 , rustls:: NamedGroup :: secp521r1, p521:: ecdh:: EphemeralSecret , p521:: PublicKey }
111150
112- pub const ALL_KX_GROUPS : & [ & dyn SupportedKxGroup ] = & [ & X25519 , & SecP256R1 , & SecP384R1 ] ;
151+ pub const ALL_KX_GROUPS : & [ & dyn SupportedKxGroup ] = & [ & X25519 , & X448 , & SecP256R1 , & SecP384R1 , & SecP521R1 ] ;
0 commit comments