kem: remove tests, update to rand_core v0.9#1757
Conversation
|
|
||
| /// Encapsulates a fresh shared secret | ||
| fn encapsulate(&self, rng: &mut impl CryptoRngCore) -> Result<(EK, SS), Self::Error>; | ||
| fn encapsulate(&self, rng: &mut impl CryptoRng) -> Result<(EK, SS), Self::Error>; |
There was a problem hiding this comment.
Here I used CryptoRng instead of TryCryptoRng since it's not clear how implementers should deal with potential RNG errors.
One option is to define two separate methods:
// Find a better name?
pub enum EncRngError<EncErr, RngErr> {
// Encapsulation error
Enc(EncErr),
// RNG error
Rng(RngErr),
}
pub trait Encapsulate<EK, SS> {
type Error: Debug;
fn encapsulate<R: CryptoRng>(&self, rng: &mut R) -> Result<(EK, SS), Self::Error> {
self.encapsulate_with_try_rng(rng).map_err(|EncRngError::Enc(err)| err)
}
// Find a better name?
fn encapsulate_with_try_rng<R: TryCryptoRng>(
&self,
rng: &mut R,
) -> Result<(EK, SS), EncRngError<Self::Error, R::Error>>;
}But I think it's better to do it in a separate PR.
There was a problem hiding this comment.
Is there a detailed discussion for why TryCryptoRng is necessary? In the failure modes I’m imagining (finicky external hardware), the solution would be to just poll the hardware to get 32B and then seed a Chacha12Rng. It’d be nice to not support Try*
There was a problem hiding this comment.
It's primarily to support IO-based RNGs like OsRng (i.e. "to just poll hardware" in your comment) and to replace potential (albeit highly unlikely in practice) panic branches with explicit error processing. If you do not want to deal with this, you always can use the UnwrapErr wrapper.
2 participants
As discussed here the tests are not particularity useful and block migration to rand_core v0.9.
cc @rozbb