Implement AEGIS-X Cipher family

[andevatikul]

Hi,
I would like to have the AEGIS-X Cipher family in rustls-ffi to use with Apache mod_tls as this Cipher family is robust and high-performance than other AES based algos.

TLS_AEGIS_128L_SHA256 and TLS_AEGIS_256_SHA512 were included in iana.org here with IANA assigned identifiers 0x13,0x07 and 0x13,0x06

Here some useful links and libraries:
https://github.com/jedisct1/libaegis
https://github.com/jedisct1/rust-aegis
https://github.com/cfrg/draft-irtf-cfrg-aegis-aead?tab=readme-ov-file#known-implementations
https://httpd.apache.org/docs/current/mod/mod_tls.html

How can I achieve this if I want to build/integrate?
Is it enough if I add the Ciphers like below in cipher.rs?

 &rustls::crypto::ring::cipher_suite::TLS_AEGIS_128L_SHA256
        as *const SupportedCipherSuite as *const _,
 &rustls::crypto::ring::cipher_suite::TLS_AEGIS_256_SHA512
        as *const SupportedCipherSuite as *const _,

[ctz]

So rustls now has a public extension point for this which should work for all AEAD-shaped algorithms, though you will need to do quite a bit of integration work. But AIUI that is not currently surfaced in rustls-ffi (and I doubt we want to expose those extension points over FFI). So that integration would currently look like: write some rust to add AEGIS suites to an existing CryptoProvider in rustls, then fork rustls-ffi to use your provider instead of one of the built-in ones.

AEGIS is great but I'm not sure it would meet rustls main goal of sticking to mainstream, widely-deployed crypto. So I don't think I'd be interested it in supporting it in the built-in providers (even if ring/aws-lc-rs had support, which they do not).

[andevatikul]

Okay. Thank you for your response.

[cpu]

write some rust to add AEGIS suites to an existing CryptoProvider in rustls, then fork rustls-ffi to use your provider instead of one of the built-in ones.

I think if #441 lands it will make this integration possible without needing a fork of rustls-ffi.