Skip to content

Commit 0caf8e3

Browse files
authored
kem: use getrandom for Encapsulate::encapsulate (#2141)
Renames the previous `Encapsulate::encapsulate` to `encapsulate_with_rng`, replacing the original method with a `getrandom` feature-gated method which passes `SysRng` for you. To make this work, it's necessary for `crypto-common` to re-export its `SysRng`, which is currently vendored from `getrandom` v0.4 since there's not currently a prerelease available.
1 parent 6408448 commit 0caf8e3

4 files changed

Lines changed: 17 additions & 8 deletions

File tree

crypto-common/src/generate.rs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -86,7 +86,7 @@ impl<U: ArraySize> Generate for Array<u64, U> {
8686
}
8787

8888
#[cfg(feature = "getrandom")]
89-
mod sys_rng {
89+
pub(crate) mod sys_rng {
9090
use getrandom::Error;
9191
use rand_core::{TryCryptoRng, TryRngCore};
9292

crypto-common/src/lib.rs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -19,10 +19,10 @@ mod generate;
1919
pub use hybrid_array as array;
2020
pub use hybrid_array::typenum;
2121

22-
#[cfg(feature = "getrandom")]
23-
pub use getrandom::Error as RngError;
2422
#[cfg(feature = "rand_core")]
2523
pub use {generate::Generate, rand_core};
24+
#[cfg(feature = "getrandom")]
25+
pub use {generate::sys_rng::SysRng, getrandom::Error as RngError};
2626

2727
use core::fmt;
2828
use hybrid_array::{

kem/README.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -18,9 +18,9 @@ impl Encapsulate<SaberEncappedKey, SaberSharedSecret> for MyPubkey {
1818
// Encapsulation is infallible
1919
type Error = !;
2020

21-
fn encapsulate(
21+
fn encapsulate_with_rng<R: TryCryptoRng + ?Sized>(
2222
&self,
23-
csprng: impl CryptoRngCore,
23+
csprng: &mut R,
2424
) -> Result<(SaberEncappedKey, SaberSharedSecret), !> {
2525
let (ss, ek) = saber_encapsulate(&csprng, &self.0);
2626
Ok((ek, ss))
@@ -43,9 +43,9 @@ impl Encapsulate<EphemeralKey, SharedSecret> for EncapContext {
4343
// Encapsulation fails if signature verification fails
4444
type Error = SigError;
4545

46-
fn encapsulate(
46+
fn encapsulate_with_rng<R: TryCryptoRng + ?Sized>(
4747
&self,
48-
csprng: impl CryptoRngCore,
48+
csprng: &mut R,
4949
) -> Result<(EphemeralKey, SharedSecret), Self::Error> {
5050
// Make a new ephemeral key. This will be the encapped key
5151
let ek = EphemeralKey::gen(&mut csprng);

kem/src/lib.rs

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,16 @@ pub trait Encapsulate<EK, SS> {
2020
type Error: core::error::Error;
2121

2222
/// Encapsulates a fresh shared secret
23-
fn encapsulate<R: TryCryptoRng + ?Sized>(&self, rng: &mut R) -> Result<(EK, SS), Self::Error>;
23+
fn encapsulate_with_rng<R: TryCryptoRng + ?Sized>(
24+
&self,
25+
rng: &mut R,
26+
) -> Result<(EK, SS), Self::Error>;
27+
28+
/// Encapsulate a fresh shared secret generated using the system's secure RNG.
29+
#[cfg(feature = "getrandom")]
30+
fn encapsulate(&self) -> Result<(EK, SS), Self::Error> {
31+
self.encapsulate_with_rng(&mut crypto_common::SysRng)
32+
}
2433
}
2534

2635
/// A value that can be used to decapsulate an encapsulated key.

0 commit comments

Comments
 (0)