Skip to main content

Crate rustls_ccm

Crate rustls_ccm 

Source
Expand description

AES-CCM cipher suites for rustls.

Neither aws-lc-rs nor ring expose AES-CCM, so rustls’s built-in providers cannot offer these suites. This crate fills the gap using the RustCrypto aes + ccm crates, plugged in via rustls’s CryptoProvider extension point.

CCM cipher suites are required or recommended by several IoT and energy protocols, including IEEE 2030.5 (Smart Energy), Matter, Thread, and constrained-device TLS profiles (RFC 7925).

§Cipher suites

§TLS 1.2 (RFC 7251)

§TLS 1.3 (RFC 8446)

SuiteTagKey
TLS13_AES_128_CCM_SHA25616 B128-bit
TLS13_AES_128_CCM_8_SHA2568 B128-bit

§Limitations

ConnectionTrafficSecrets extraction is not supported — extract_keys returns UnsupportedOperationError for all CCM suites. This means SSLKEYLOGFILE-style secret export will not work when a CCM suite is negotiated.

§Usage

Use crypto_provider() for an aws-lc-rs provider with all CCM suites prepended, or pick individual suites and build your own provider.

let provider = rustls_ccm::crypto_provider();
let config = rustls::ClientConfig::builder_with_provider(provider.into())
    .with_safe_default_protocol_versions()
    .unwrap();

Statics§

TLS13_AES_128_CCM_8_SHA256
TLS_AES_128_CCM_8_SHA256 (0x1305, RFC 8446).
TLS13_AES_128_CCM_SHA256
TLS_AES_128_CCM_SHA256 (0x1304, RFC 8446). Recommended=Y.
TLS_ECDHE_ECDSA_WITH_AES_128_CCM
TLS_ECDHE_ECDSA_WITH_AES_128_CCM (0xC0AC, RFC 7251).
TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 (0xC0AE, RFC 7251).
TLS_ECDHE_ECDSA_WITH_AES_256_CCM
TLS_ECDHE_ECDSA_WITH_AES_256_CCM (0xC0AD, RFC 7251).
TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 (0xC0AF, RFC 7251).

Functions§

all_suites
All CCM cipher suites provided by this crate (TLS 1.2 + TLS 1.3).
crypto_provider
Returns an aws-lc-rs CryptoProvider with all CCM suites prepended.