enums.rs source code [crates/rustls/src/enums.rs]

1	#![allow(non_camel_case_types)]
2	#![allow(missing_docs)]
3	use crate::msgs::codec::{Codec, Reader};
4	use crate::msgs::enums::HashAlgorithm;
5
6	enum_builder! {
7	/// The `AlertDescription` TLS protocol enum. Values in this enum are taken
8	/// from the various RFCs covering TLS, and are listed by IANA.
9	/// The `Unknown` item is used when processing unrecognised ordinals.
10	#[repr(u8)]
11	pub enum AlertDescription {
12	CloseNotify => `0x00`,
13	UnexpectedMessage => `0x0a`,
14	BadRecordMac => `0x14`,
15	DecryptionFailed => `0x15`,
16	RecordOverflow => `0x16`,
17	DecompressionFailure => `0x1e`,
18	HandshakeFailure => `0x28`,
19	NoCertificate => `0x29`,
20	BadCertificate => `0x2a`,
21	UnsupportedCertificate => `0x2b`,
22	CertificateRevoked => `0x2c`,
23	CertificateExpired => `0x2d`,
24	CertificateUnknown => `0x2e`,
25	IllegalParameter => `0x2f`,
26	UnknownCA => `0x30`,
27	AccessDenied => `0x31`,
28	DecodeError => `0x32`,
29	DecryptError => `0x33`,
30	ExportRestriction => `0x3c`,
31	ProtocolVersion => `0x46`,
32	InsufficientSecurity => `0x47`,
33	InternalError => `0x50`,
34	InappropriateFallback => `0x56`,
35	UserCanceled => `0x5a`,
36	NoRenegotiation => `0x64`,
37	MissingExtension => `0x6d`,
38	UnsupportedExtension => `0x6e`,
39	CertificateUnobtainable => `0x6f`,
40	UnrecognisedName => `0x70`,
41	BadCertificateStatusResponse => `0x71`,
42	BadCertificateHashValue => `0x72`,
43	UnknownPSKIdentity => `0x73`,
44	CertificateRequired => `0x74`,
45	NoApplicationProtocol => `0x78`,
46	EncryptedClientHelloRequired => `0x79`, // https://datatracker.ietf.org/doc/html/draft-ietf-tls-esni-18#section-11.2
47	}
48	}
49
50	enum_builder! {
51	/// The `HandshakeType` TLS protocol enum. Values in this enum are taken
52	/// from the various RFCs covering TLS, and are listed by IANA.
53	/// The `Unknown` item is used when processing unrecognised ordinals.
54	#[repr(u8)]
55	pub enum HandshakeType {
56	HelloRequest => `0x00`,
57	ClientHello => `0x01`,
58	ServerHello => `0x02`,
59	HelloVerifyRequest => `0x03`,
60	NewSessionTicket => `0x04`,
61	EndOfEarlyData => `0x05`,
62	HelloRetryRequest => `0x06`,
63	EncryptedExtensions => `0x08`,
64	Certificate => `0x0b`,
65	ServerKeyExchange => `0x0c`,
66	CertificateRequest => `0x0d`,
67	ServerHelloDone => `0x0e`,
68	CertificateVerify => `0x0f`,
69	ClientKeyExchange => `0x10`,
70	Finished => `0x14`,
71	CertificateURL => `0x15`,
72	CertificateStatus => `0x16`,
73	KeyUpdate => `0x18`,
74	CompressedCertificate => `0x19`,
75	MessageHash => `0xfe`,
76	}
77	}
78
79	enum_builder! {
80	/// The `ContentType` TLS protocol enum. Values in this enum are taken
81	/// from the various RFCs covering TLS, and are listed by IANA.
82	/// The `Unknown` item is used when processing unrecognised ordinals.
83	#[repr(u8)]
84	pub enum ContentType {
85	ChangeCipherSpec => `0x14`,
86	Alert => `0x15`,
87	Handshake => `0x16`,
88	ApplicationData => `0x17`,
89	Heartbeat => `0x18`,
90	}
91	}
92
93	enum_builder! {
94	/// The `ProtocolVersion` TLS protocol enum. Values in this enum are taken
95	/// from the various RFCs covering TLS, and are listed by IANA.
96	/// The `Unknown` item is used when processing unrecognised ordinals.
97	#[repr(u16)]
98	pub enum ProtocolVersion {
99	SSLv2 => `0x0002`,
100	SSLv3 => `0x0300`,
101	TLSv1_0 => `0x0301`,
102	TLSv1_1 => `0x0302`,
103	TLSv1_2 => `0x0303`,
104	TLSv1_3 => `0x0304`,
105	DTLSv1_0 => `0xFEFF`,
106	DTLSv1_2 => `0xFEFD`,
107	DTLSv1_3 => `0xFEFC`,
108	}
109	}
110
111	enum_builder! {
112	/// The `CipherSuite` TLS protocol enum. Values in this enum are taken
113	/// from the various RFCs covering TLS, and are listed by IANA.
114	/// The `Unknown` item is used when processing unrecognised ordinals.
115	#[repr(u16)]
116	pub enum CipherSuite {
117	TLS_NULL_WITH_NULL_NULL => `0x0000`,
118	TLS_PSK_WITH_AES_128_GCM_SHA256 => `0x00a8`,
119	TLS_PSK_WITH_AES_256_GCM_SHA384 => `0x00a9`,
120	TLS_EMPTY_RENEGOTIATION_INFO_SCSV => `0x00ff`,
121	TLS13_AES_128_GCM_SHA256 => `0x1301`,
122	TLS13_AES_256_GCM_SHA384 => `0x1302`,
123	TLS13_CHACHA20_POLY1305_SHA256 => `0x1303`,
124	TLS13_AES_128_CCM_SHA256 => `0x1304`,
125	TLS13_AES_128_CCM_8_SHA256 => `0x1305`,
126	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA => `0xc009`,
127	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA => `0xc00a`,
128	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA => `0xc013`,
129	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA => `0xc014`,
130	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 => `0xc023`,
131	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 => `0xc024`,
132	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 => `0xc027`,
133	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 => `0xc028`,
134	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 => `0xc02b`,
135	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 => `0xc02c`,
136	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 => `0xc02f`,
137	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 => `0xc030`,
138	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 => `0xcca8`,
139	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 => `0xcca9`,
140
141	!Debug:
142	TLS_RSA_WITH_NULL_MD5 => `0x0001`,
143	TLS_RSA_WITH_NULL_SHA => `0x0002`,
144	TLS_RSA_EXPORT_WITH_RC4_40_MD5 => `0x0003`,
145	TLS_RSA_WITH_RC4_128_MD5 => `0x0004`,
146	TLS_RSA_WITH_RC4_128_SHA => `0x0005`,
147	TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 => `0x0006`,
148	TLS_RSA_WITH_IDEA_CBC_SHA => `0x0007`,
149	TLS_RSA_EXPORT_WITH_DES40_CBC_SHA => `0x0008`,
150	TLS_RSA_WITH_DES_CBC_SHA => `0x0009`,
151	TLS_RSA_WITH_3DES_EDE_CBC_SHA => `0x000a`,
152	TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA => `0x000b`,
153	TLS_DH_DSS_WITH_DES_CBC_SHA => `0x000c`,
154	TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA => `0x000d`,
155	TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA => `0x000e`,
156	TLS_DH_RSA_WITH_DES_CBC_SHA => `0x000f`,
157	TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA => `0x0010`,
158	TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA => `0x0011`,
159	TLS_DHE_DSS_WITH_DES_CBC_SHA => `0x0012`,
160	TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA => `0x0013`,
161	TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA => `0x0014`,
162	TLS_DHE_RSA_WITH_DES_CBC_SHA => `0x0015`,
163	TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA => `0x0016`,
164	TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 => `0x0017`,
165	TLS_DH_anon_WITH_RC4_128_MD5 => `0x0018`,
166	TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA => `0x0019`,
167	TLS_DH_anon_WITH_DES_CBC_SHA => `0x001a`,
168	TLS_DH_anon_WITH_3DES_EDE_CBC_SHA => `0x001b`,
169	SSL_FORTEZZA_KEA_WITH_NULL_SHA => `0x001c`,
170	SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA => `0x001d`,
171	TLS_KRB5_WITH_DES_CBC_SHA_or_SSL_FORTEZZA_KEA_WITH_RC4_128_SHA => `0x001e`,
172	TLS_KRB5_WITH_3DES_EDE_CBC_SHA => `0x001f`,
173	TLS_KRB5_WITH_RC4_128_SHA => `0x0020`,
174	TLS_KRB5_WITH_IDEA_CBC_SHA => `0x0021`,
175	TLS_KRB5_WITH_DES_CBC_MD5 => `0x0022`,
176	TLS_KRB5_WITH_3DES_EDE_CBC_MD5 => `0x0023`,
177	TLS_KRB5_WITH_RC4_128_MD5 => `0x0024`,
178	TLS_KRB5_WITH_IDEA_CBC_MD5 => `0x0025`,
179	TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA => `0x0026`,
180	TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA => `0x0027`,
181	TLS_KRB5_EXPORT_WITH_RC4_40_SHA => `0x0028`,
182	TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 => `0x0029`,
183	TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 => `0x002a`,
184	TLS_KRB5_EXPORT_WITH_RC4_40_MD5 => `0x002b`,
185	TLS_PSK_WITH_NULL_SHA => `0x002c`,
186	TLS_DHE_PSK_WITH_NULL_SHA => `0x002d`,
187	TLS_RSA_PSK_WITH_NULL_SHA => `0x002e`,
188	TLS_RSA_WITH_AES_128_CBC_SHA => `0x002f`,
189	TLS_DH_DSS_WITH_AES_128_CBC_SHA => `0x0030`,
190	TLS_DH_RSA_WITH_AES_128_CBC_SHA => `0x0031`,
191	TLS_DHE_DSS_WITH_AES_128_CBC_SHA => `0x0032`,
192	TLS_DHE_RSA_WITH_AES_128_CBC_SHA => `0x0033`,
193	TLS_DH_anon_WITH_AES_128_CBC_SHA => `0x0034`,
194	TLS_RSA_WITH_AES_256_CBC_SHA => `0x0035`,
195	TLS_DH_DSS_WITH_AES_256_CBC_SHA => `0x0036`,
196	TLS_DH_RSA_WITH_AES_256_CBC_SHA => `0x0037`,
197	TLS_DHE_DSS_WITH_AES_256_CBC_SHA => `0x0038`,
198	TLS_DHE_RSA_WITH_AES_256_CBC_SHA => `0x0039`,
199	TLS_DH_anon_WITH_AES_256_CBC_SHA => `0x003a`,
200	TLS_RSA_WITH_NULL_SHA256 => `0x003b`,
201	TLS_RSA_WITH_AES_128_CBC_SHA256 => `0x003c`,
202	TLS_RSA_WITH_AES_256_CBC_SHA256 => `0x003d`,
203	TLS_DH_DSS_WITH_AES_128_CBC_SHA256 => `0x003e`,
204	TLS_DH_RSA_WITH_AES_128_CBC_SHA256 => `0x003f`,
205	TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 => `0x0040`,
206	TLS_RSA_WITH_CAMELLIA_128_CBC_SHA => `0x0041`,
207	TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA => `0x0042`,
208	TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA => `0x0043`,
209	TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA => `0x0044`,
210	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA => `0x0045`,
211	TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA => `0x0046`,
212	TLS_ECDH_ECDSA_WITH_NULL_SHA_draft => `0x0047`,
213	TLS_ECDH_ECDSA_WITH_RC4_128_SHA_draft => `0x0048`,
214	TLS_ECDH_ECDSA_WITH_DES_CBC_SHA_draft => `0x0049`,
215	TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA_draft => `0x004a`,
216	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA_draft => `0x004b`,
217	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA_draft => `0x004c`,
218	TLS_ECDH_ECNRA_WITH_DES_CBC_SHA_draft => `0x004d`,
219	TLS_ECDH_ECNRA_WITH_3DES_EDE_CBC_SHA_draft => `0x004e`,
220	TLS_ECMQV_ECDSA_NULL_SHA_draft => `0x004f`,
221	TLS_ECMQV_ECDSA_WITH_RC4_128_SHA_draft => `0x0050`,
222	TLS_ECMQV_ECDSA_WITH_DES_CBC_SHA_draft => `0x0051`,
223	TLS_ECMQV_ECDSA_WITH_3DES_EDE_CBC_SHA_draft => `0x0052`,
224	TLS_ECMQV_ECNRA_NULL_SHA_draft => `0x0053`,
225	TLS_ECMQV_ECNRA_WITH_RC4_128_SHA_draft => `0x0054`,
226	TLS_ECMQV_ECNRA_WITH_DES_CBC_SHA_draft => `0x0055`,
227	TLS_ECMQV_ECNRA_WITH_3DES_EDE_CBC_SHA_draft => `0x0056`,
228	TLS_ECDH_anon_NULL_WITH_SHA_draft => `0x0057`,
229	TLS_ECDH_anon_WITH_RC4_128_SHA_draft => `0x0058`,
230	TLS_ECDH_anon_WITH_DES_CBC_SHA_draft => `0x0059`,
231	TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA_draft => `0x005a`,
232	TLS_ECDH_anon_EXPORT_WITH_DES40_CBC_SHA_draft => `0x005b`,
233	TLS_ECDH_anon_EXPORT_WITH_RC4_40_SHA_draft => `0x005c`,
234	TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 => `0x0060`,
235	TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 => `0x0061`,
236	TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA => `0x0062`,
237	TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA => `0x0063`,
238	TLS_RSA_EXPORT1024_WITH_RC4_56_SHA => `0x0064`,
239	TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA => `0x0065`,
240	TLS_DHE_DSS_WITH_RC4_128_SHA => `0x0066`,
241	TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 => `0x0067`,
242	TLS_DH_DSS_WITH_AES_256_CBC_SHA256 => `0x0068`,
243	TLS_DH_RSA_WITH_AES_256_CBC_SHA256 => `0x0069`,
244	TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 => `0x006a`,
245	TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 => `0x006b`,
246	TLS_DH_anon_WITH_AES_128_CBC_SHA256 => `0x006c`,
247	TLS_DH_anon_WITH_AES_256_CBC_SHA256 => `0x006d`,
248	TLS_DHE_DSS_WITH_3DES_EDE_CBC_RMD => `0x0072`,
249	TLS_DHE_DSS_WITH_AES_128_CBC_RMD => `0x0073`,
250	TLS_DHE_DSS_WITH_AES_256_CBC_RMD => `0x0074`,
251	TLS_DHE_RSA_WITH_3DES_EDE_CBC_RMD => `0x0077`,
252	TLS_DHE_RSA_WITH_AES_128_CBC_RMD => `0x0078`,
253	TLS_DHE_RSA_WITH_AES_256_CBC_RMD => `0x0079`,
254	TLS_RSA_WITH_3DES_EDE_CBC_RMD => `0x007c`,
255	TLS_RSA_WITH_AES_128_CBC_RMD => `0x007d`,
256	TLS_RSA_WITH_AES_256_CBC_RMD => `0x007e`,
257	TLS_GOSTR341094_WITH_28147_CNT_IMIT => `0x0080`,
258	TLS_GOSTR341001_WITH_28147_CNT_IMIT => `0x0081`,
259	TLS_GOSTR341094_WITH_NULL_GOSTR3411 => `0x0082`,
260	TLS_GOSTR341001_WITH_NULL_GOSTR3411 => `0x0083`,
261	TLS_RSA_WITH_CAMELLIA_256_CBC_SHA => `0x0084`,
262	TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA => `0x0085`,
263	TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA => `0x0086`,
264	TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA => `0x0087`,
265	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA => `0x0088`,
266	TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA => `0x0089`,
267	TLS_PSK_WITH_RC4_128_SHA => `0x008a`,
268	TLS_PSK_WITH_3DES_EDE_CBC_SHA => `0x008b`,
269	TLS_PSK_WITH_AES_128_CBC_SHA => `0x008c`,
270	TLS_PSK_WITH_AES_256_CBC_SHA => `0x008d`,
271	TLS_DHE_PSK_WITH_RC4_128_SHA => `0x008e`,
272	TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA => `0x008f`,
273	TLS_DHE_PSK_WITH_AES_128_CBC_SHA => `0x0090`,
274	TLS_DHE_PSK_WITH_AES_256_CBC_SHA => `0x0091`,
275	TLS_RSA_PSK_WITH_RC4_128_SHA => `0x0092`,
276	TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA => `0x0093`,
277	TLS_RSA_PSK_WITH_AES_128_CBC_SHA => `0x0094`,
278	TLS_RSA_PSK_WITH_AES_256_CBC_SHA => `0x0095`,
279	TLS_RSA_WITH_SEED_CBC_SHA => `0x0096`,
280	TLS_DH_DSS_WITH_SEED_CBC_SHA => `0x0097`,
281	TLS_DH_RSA_WITH_SEED_CBC_SHA => `0x0098`,
282	TLS_DHE_DSS_WITH_SEED_CBC_SHA => `0x0099`,
283	TLS_DHE_RSA_WITH_SEED_CBC_SHA => `0x009a`,
284	TLS_DH_anon_WITH_SEED_CBC_SHA => `0x009b`,
285	TLS_RSA_WITH_AES_128_GCM_SHA256 => `0x009c`,
286	TLS_RSA_WITH_AES_256_GCM_SHA384 => `0x009d`,
287	TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 => `0x009e`,
288	TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 => `0x009f`,
289	TLS_DH_RSA_WITH_AES_128_GCM_SHA256 => `0x00a0`,
290	TLS_DH_RSA_WITH_AES_256_GCM_SHA384 => `0x00a1`,
291	TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 => `0x00a2`,
292	TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 => `0x00a3`,
293	TLS_DH_DSS_WITH_AES_128_GCM_SHA256 => `0x00a4`,
294	TLS_DH_DSS_WITH_AES_256_GCM_SHA384 => `0x00a5`,
295	TLS_DH_anon_WITH_AES_128_GCM_SHA256 => `0x00a6`,
296	TLS_DH_anon_WITH_AES_256_GCM_SHA384 => `0x00a7`,
297	TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 => `0x00aa`,
298	TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 => `0x00ab`,
299	TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 => `0x00ac`,
300	TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 => `0x00ad`,
301	TLS_PSK_WITH_AES_128_CBC_SHA256 => `0x00ae`,
302	TLS_PSK_WITH_AES_256_CBC_SHA384 => `0x00af`,
303	TLS_PSK_WITH_NULL_SHA256 => `0x00b0`,
304	TLS_PSK_WITH_NULL_SHA384 => `0x00b1`,
305	TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 => `0x00b2`,
306	TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 => `0x00b3`,
307	TLS_DHE_PSK_WITH_NULL_SHA256 => `0x00b4`,
308	TLS_DHE_PSK_WITH_NULL_SHA384 => `0x00b5`,
309	TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 => `0x00b6`,
310	TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 => `0x00b7`,
311	TLS_RSA_PSK_WITH_NULL_SHA256 => `0x00b8`,
312	TLS_RSA_PSK_WITH_NULL_SHA384 => `0x00b9`,
313	TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 => `0x00ba`,
314	TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 => `0x00bb`,
315	TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 => `0x00bc`,
316	TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 => `0x00bd`,
317	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 => `0x00be`,
318	TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 => `0x00bf`,
319	TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 => `0x00c0`,
320	TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 => `0x00c1`,
321	TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 => `0x00c2`,
322	TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 => `0x00c3`,
323	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 => `0x00c4`,
324	TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 => `0x00c5`,
325	TLS_ECDH_ECDSA_WITH_NULL_SHA => `0xc001`,
326	TLS_ECDH_ECDSA_WITH_RC4_128_SHA => `0xc002`,
327	TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA => `0xc003`,
328	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA => `0xc004`,
329	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA => `0xc005`,
330	TLS_ECDHE_ECDSA_WITH_NULL_SHA => `0xc006`,
331	TLS_ECDHE_ECDSA_WITH_RC4_128_SHA => `0xc007`,
332	TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA => `0xc008`,
333	TLS_ECDH_RSA_WITH_NULL_SHA => `0xc00b`,
334	TLS_ECDH_RSA_WITH_RC4_128_SHA => `0xc00c`,
335	TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA => `0xc00d`,
336	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA => `0xc00e`,
337	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA => `0xc00f`,
338	TLS_ECDHE_RSA_WITH_NULL_SHA => `0xc010`,
339	TLS_ECDHE_RSA_WITH_RC4_128_SHA => `0xc011`,
340	TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA => `0xc012`,
341	TLS_ECDH_anon_WITH_NULL_SHA => `0xc015`,
342	TLS_ECDH_anon_WITH_RC4_128_SHA => `0xc016`,
343	TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA => `0xc017`,
344	TLS_ECDH_anon_WITH_AES_128_CBC_SHA => `0xc018`,
345	TLS_ECDH_anon_WITH_AES_256_CBC_SHA => `0xc019`,
346	TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA => `0xc01a`,
347	TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA => `0xc01b`,
348	TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA => `0xc01c`,
349	TLS_SRP_SHA_WITH_AES_128_CBC_SHA => `0xc01d`,
350	TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA => `0xc01e`,
351	TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA => `0xc01f`,
352	TLS_SRP_SHA_WITH_AES_256_CBC_SHA => `0xc020`,
353	TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA => `0xc021`,
354	TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA => `0xc022`,
355	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 => `0xc025`,
356	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 => `0xc026`,
357	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 => `0xc029`,
358	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 => `0xc02a`,
359	TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 => `0xc02d`,
360	TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 => `0xc02e`,
361	TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 => `0xc031`,
362	TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 => `0xc032`,
363	TLS_ECDHE_PSK_WITH_RC4_128_SHA => `0xc033`,
364	TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA => `0xc034`,
365	TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA => `0xc035`,
366	TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA => `0xc036`,
367	TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 => `0xc037`,
368	TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 => `0xc038`,
369	TLS_ECDHE_PSK_WITH_NULL_SHA => `0xc039`,
370	TLS_ECDHE_PSK_WITH_NULL_SHA256 => `0xc03a`,
371	TLS_ECDHE_PSK_WITH_NULL_SHA384 => `0xc03b`,
372	TLS_RSA_WITH_ARIA_128_CBC_SHA256 => `0xc03c`,
373	TLS_RSA_WITH_ARIA_256_CBC_SHA384 => `0xc03d`,
374	TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256 => `0xc03e`,
375	TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384 => `0xc03f`,
376	TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256 => `0xc040`,
377	TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384 => `0xc041`,
378	TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256 => `0xc042`,
379	TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384 => `0xc043`,
380	TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 => `0xc044`,
381	TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 => `0xc045`,
382	TLS_DH_anon_WITH_ARIA_128_CBC_SHA256 => `0xc046`,
383	TLS_DH_anon_WITH_ARIA_256_CBC_SHA384 => `0xc047`,
384	TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 => `0xc048`,
385	TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 => `0xc049`,
386	TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 => `0xc04a`,
387	TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 => `0xc04b`,
388	TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 => `0xc04c`,
389	TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 => `0xc04d`,
390	TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 => `0xc04e`,
391	TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 => `0xc04f`,
392	TLS_RSA_WITH_ARIA_128_GCM_SHA256 => `0xc050`,
393	TLS_RSA_WITH_ARIA_256_GCM_SHA384 => `0xc051`,
394	TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 => `0xc052`,
395	TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 => `0xc053`,
396	TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256 => `0xc054`,
397	TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384 => `0xc055`,
398	TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 => `0xc056`,
399	TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 => `0xc057`,
400	TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256 => `0xc058`,
401	TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384 => `0xc059`,
402	TLS_DH_anon_WITH_ARIA_128_GCM_SHA256 => `0xc05a`,
403	TLS_DH_anon_WITH_ARIA_256_GCM_SHA384 => `0xc05b`,
404	TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 => `0xc05c`,
405	TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 => `0xc05d`,
406	TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 => `0xc05e`,
407	TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 => `0xc05f`,
408	TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 => `0xc060`,
409	TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 => `0xc061`,
410	TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 => `0xc062`,
411	TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 => `0xc063`,
412	TLS_PSK_WITH_ARIA_128_CBC_SHA256 => `0xc064`,
413	TLS_PSK_WITH_ARIA_256_CBC_SHA384 => `0xc065`,
414	TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 => `0xc066`,
415	TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 => `0xc067`,
416	TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 => `0xc068`,
417	TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 => `0xc069`,
418	TLS_PSK_WITH_ARIA_128_GCM_SHA256 => `0xc06a`,
419	TLS_PSK_WITH_ARIA_256_GCM_SHA384 => `0xc06b`,
420	TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 => `0xc06c`,
421	TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 => `0xc06d`,
422	TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 => `0xc06e`,
423	TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 => `0xc06f`,
424	TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 => `0xc070`,
425	TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 => `0xc071`,
426	TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 => `0xc072`,
427	TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 => `0xc073`,
428	TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 => `0xc074`,
429	TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 => `0xc075`,
430	TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 => `0xc076`,
431	TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 => `0xc077`,
432	TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 => `0xc078`,
433	TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 => `0xc079`,
434	TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 => `0xc07a`,
435	TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 => `0xc07b`,
436	TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 => `0xc07c`,
437	TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 => `0xc07d`,
438	TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256 => `0xc07e`,
439	TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384 => `0xc07f`,
440	TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 => `0xc080`,
441	TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 => `0xc081`,
442	TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256 => `0xc082`,
443	TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384 => `0xc083`,
444	TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256 => `0xc084`,
445	TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384 => `0xc085`,
446	TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 => `0xc086`,
447	TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 => `0xc087`,
448	TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 => `0xc088`,
449	TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 => `0xc089`,
450	TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 => `0xc08a`,
451	TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 => `0xc08b`,
452	TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 => `0xc08c`,
453	TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 => `0xc08d`,
454	TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 => `0xc08e`,
455	TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 => `0xc08f`,
456	TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 => `0xc090`,
457	TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 => `0xc091`,
458	TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 => `0xc092`,
459	TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 => `0xc093`,
460	TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 => `0xc094`,
461	TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 => `0xc095`,
462	TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 => `0xc096`,
463	TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 => `0xc097`,
464	TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 => `0xc098`,
465	TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 => `0xc099`,
466	TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 => `0xc09a`,
467	TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 => `0xc09b`,
468	TLS_RSA_WITH_AES_128_CCM => `0xc09c`,
469	TLS_RSA_WITH_AES_256_CCM => `0xc09d`,
470	TLS_DHE_RSA_WITH_AES_128_CCM => `0xc09e`,
471	TLS_DHE_RSA_WITH_AES_256_CCM => `0xc09f`,
472	TLS_RSA_WITH_AES_128_CCM_8 => `0xc0a0`,
473	TLS_RSA_WITH_AES_256_CCM_8 => `0xc0a1`,
474	TLS_DHE_RSA_WITH_AES_128_CCM_8 => `0xc0a2`,
475	TLS_DHE_RSA_WITH_AES_256_CCM_8 => `0xc0a3`,
476	TLS_PSK_WITH_AES_128_CCM => `0xc0a4`,
477	TLS_PSK_WITH_AES_256_CCM => `0xc0a5`,
478	TLS_DHE_PSK_WITH_AES_128_CCM => `0xc0a6`,
479	TLS_DHE_PSK_WITH_AES_256_CCM => `0xc0a7`,
480	TLS_PSK_WITH_AES_128_CCM_8 => `0xc0a8`,
481	TLS_PSK_WITH_AES_256_CCM_8 => `0xc0a9`,
482	TLS_PSK_DHE_WITH_AES_128_CCM_8 => `0xc0aa`,
483	TLS_PSK_DHE_WITH_AES_256_CCM_8 => `0xc0ab`,
484	TLS_ECDHE_ECDSA_WITH_AES_128_CCM => `0xc0ac`,
485	TLS_ECDHE_ECDSA_WITH_AES_256_CCM => `0xc0ad`,
486	TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 => `0xc0ae`,
487	TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 => `0xc0af`,
488	TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 => `0xccaa`,
489	TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 => `0xccab`,
490	TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 => `0xccac`,
491	TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 => `0xccad`,
492	TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 => `0xccae`,
493	SSL_RSA_FIPS_WITH_DES_CBC_SHA => `0xfefe`,
494	SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA => `0xfeff`,
495	}
496	}
497
498	enum_builder! {
499	/// The `SignatureScheme` TLS protocol enum. Values in this enum are taken
500	/// from the various RFCs covering TLS, and are listed by IANA.
501	/// The `Unknown` item is used when processing unrecognised ordinals.
502	#[repr(u16)]
503	pub enum SignatureScheme {
504	RSA_PKCS1_SHA1 => `0x0201`,
505	ECDSA_SHA1_Legacy => `0x0203`,
506	RSA_PKCS1_SHA256 => `0x0401`,
507	ECDSA_NISTP256_SHA256 => `0x0403`,
508	RSA_PKCS1_SHA384 => `0x0501`,
509	ECDSA_NISTP384_SHA384 => `0x0503`,
510	RSA_PKCS1_SHA512 => `0x0601`,
511	ECDSA_NISTP521_SHA512 => `0x0603`,
512	RSA_PSS_SHA256 => `0x0804`,
513	RSA_PSS_SHA384 => `0x0805`,
514	RSA_PSS_SHA512 => `0x0806`,
515	ED25519 => `0x0807`,
516	ED448 => `0x0808`,
517	}
518	}
519
520	impl SignatureScheme {
521	pub(crate) fn algorithm(&self) -> SignatureAlgorithm {
522	match *self {
523	Self::RSA_PKCS1_SHA1
524	\| Self::RSA_PKCS1_SHA256
525	\| Self::RSA_PKCS1_SHA384
526	\| Self::RSA_PKCS1_SHA512
527	\| Self::RSA_PSS_SHA256
528	\| Self::RSA_PSS_SHA384
529	\| Self::RSA_PSS_SHA512 => SignatureAlgorithm::RSA,
530	Self::ECDSA_SHA1_Legacy
531	\| Self::ECDSA_NISTP256_SHA256
532	\| Self::ECDSA_NISTP384_SHA384
533	\| Self::ECDSA_NISTP521_SHA512 => SignatureAlgorithm::ECDSA,
534	Self::ED25519 => SignatureAlgorithm::ED25519,
535	Self::ED448 => SignatureAlgorithm::ED448,
536	_ => SignatureAlgorithm::Unknown(`0`),
537	}
538	}
539
540	/// Whether a particular `SignatureScheme` is allowed for TLS protocol signatures
541	/// in TLS1.3.
542	///
543	/// This prevents (eg) RSA_PKCS1_SHA256 being offered or accepted, even if our
544	/// verifier supports it for other protocol versions.
545	///
546	/// See RFC8446 s4.2.3: <https://datatracker.ietf.org/doc/html/rfc8446#section-4.2.3>
547	///
548	/// This is a denylist so that newly-allocated `SignatureScheme`s values are
549	/// allowed in TLS1.3 by default.
550	pub(crate) fn supported_in_tls13(&self) -> bool {
551	let [hash, sign] = self.to_array();
552
553	// This covers both disallowing SHA1 items in `SignatureScheme`, and
554	// old hash functions. See the section beginning "Legacy algorithms:"
555	// and item starting "In TLS 1.2, the extension contained hash/signature
556	// pairs" in RFC8446 section 4.2.3.
557	match HashAlgorithm::from(hash) {
558	HashAlgorithm::NONE
559	\| HashAlgorithm::MD5
560	\| HashAlgorithm::SHA1
561	\| HashAlgorithm::SHA224 => return `false`,
562	_ => (),
563	};
564
565	// RSA-PKCS1 is also disallowed for TLS1.3, see the section beginning
566	// "RSASSA-PKCS1-v1_5 algorithms:" in RFC8446 section 4.2.3.
567	//
568	// (nb. SignatureAlgorithm::RSA is RSA-PKCS1, and does not cover RSA-PSS
569	// or RSAE-PSS.)
570	//
571	// This also covers the outlawing of DSA mentioned elsewhere in 4.2.3.
572	!matches!(
573	SignatureAlgorithm::from(sign),
574	SignatureAlgorithm::Anonymous \| SignatureAlgorithm::RSA \| SignatureAlgorithm::DSA
575	)
576	}
577	}
578
579	enum_builder! {
580	/// The `SignatureAlgorithm` TLS protocol enum. Values in this enum are taken
581	/// from the various RFCs covering TLS, and are listed by IANA.
582	/// The `Unknown` item is used when processing unrecognised ordinals.
583	#[repr(u8)]
584	pub enum SignatureAlgorithm {
585	Anonymous => `0x00`,
586	RSA => `0x01`,
587	DSA => `0x02`,
588	ECDSA => `0x03`,
589	ED25519 => `0x07`,
590	ED448 => `0x08`,
591	}
592	}
593
594	enum_builder! {
595	/// The "TLS Certificate Compression Algorithm IDs" TLS protocol enum.
596	/// Values in this enum are taken from [RFC8879].
597	///
598	/// [RFC8879]: https://www.rfc-editor.org/rfc/rfc8879.html#section-7.3
599	#[repr(u16)]
600	pub enum CertificateCompressionAlgorithm {
601	Zlib => `1`,
602	Brotli => `2`,
603	Zstd => `3`,
604	}
605	}
606
607	enum_builder! {
608	/// The type of Encrypted Client Hello (`EchClientHelloType`).
609	///
610	/// Specified in [draft-ietf-tls-esni Section 5].
611	///
612	/// [draft-ietf-tls-esni Section 5]: <https://www.ietf.org/archive/id/draft-ietf-tls-esni-18.html#section-5>
613	#[repr(u8)]
614	pub enum EchClientHelloType {
615	ClientHelloOuter => `0`,
616	ClientHelloInner => `1`
617	}
618	}
619
620	#[cfg(test)]
621	mod tests {
622	use super::*;
623	use crate::msgs::enums::tests::{test_enum8, test_enum16};
624
625	#[test]
626	fn test_enums() {
627	test_enum8::<SignatureAlgorithm>(SignatureAlgorithm::Anonymous, SignatureAlgorithm::ECDSA);
628	test_enum8::<ContentType>(ContentType::ChangeCipherSpec, ContentType::Heartbeat);
629	test_enum8::<HandshakeType>(HandshakeType::HelloRequest, HandshakeType::MessageHash);
630	test_enum8::<AlertDescription>(
631	AlertDescription::CloseNotify,
632	AlertDescription::NoApplicationProtocol,
633	);
634	test_enum16::<CertificateCompressionAlgorithm>(
635	CertificateCompressionAlgorithm::Zlib,
636	CertificateCompressionAlgorithm::Zstd,
637	);
638	}
639
640	#[test]
641	fn tls13_signature_restrictions() {
642	// rsa-pkcs1 denied
643	assert!(!SignatureScheme::RSA_PKCS1_SHA1.supported_in_tls13());
644	assert!(!SignatureScheme::RSA_PKCS1_SHA256.supported_in_tls13());
645	assert!(!SignatureScheme::RSA_PKCS1_SHA384.supported_in_tls13());
646	assert!(!SignatureScheme::RSA_PKCS1_SHA512.supported_in_tls13());
647
648	// dsa denied
649	assert!(!SignatureScheme::from(`0x0201`).supported_in_tls13());
650	assert!(!SignatureScheme::from(`0x0202`).supported_in_tls13());
651	assert!(!SignatureScheme::from(`0x0203`).supported_in_tls13());
652	assert!(!SignatureScheme::from(`0x0204`).supported_in_tls13());
653	assert!(!SignatureScheme::from(`0x0205`).supported_in_tls13());
654	assert!(!SignatureScheme::from(`0x0206`).supported_in_tls13());
655
656	// common
657	assert!(SignatureScheme::ED25519.supported_in_tls13());
658	assert!(SignatureScheme::ED448.supported_in_tls13());
659	assert!(SignatureScheme::RSA_PSS_SHA256.supported_in_tls13());
660	assert!(SignatureScheme::RSA_PSS_SHA384.supported_in_tls13());
661	assert!(SignatureScheme::RSA_PSS_SHA512.supported_in_tls13());
662
663	// rsa_pss_rsae_*
664	assert!(SignatureScheme::from(`0x0804`).supported_in_tls13());
665	assert!(SignatureScheme::from(`0x0805`).supported_in_tls13());
666	assert!(SignatureScheme::from(`0x0806`).supported_in_tls13());
667
668	// ecdsa_brainpool*
669	assert!(SignatureScheme::from(`0x081a`).supported_in_tls13());
670	assert!(SignatureScheme::from(`0x081b`).supported_in_tls13());
671	assert!(SignatureScheme::from(`0x081c`).supported_in_tls13());
672	}
673	}
674