-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dhkem: add KEM providers for common ECDH schemes #16
Conversation
This should document the scheme being implemented (there are at least two that are applicable: HPKE and TLS), and include test vectors for at least one curve. For the encapsulator, you can test it decapsulates successfully. I’m also not wild about names like |
Is there an elegant way of handling the case where no features are enabled? I could theoretically write #[cfg(any(feature = "a", feature = "b", ...))] but this is a pain to extend. I also don't think disabling tests for no features is a viable option as well. |
I think ultimately the The main modification would be the addition of a |
… add docsrs support
/// This is a trait that all KEM models should implement, and should probably be | ||
/// promoted to the kem crate itself. It specifies the types of encapsulating and | ||
/// decapsulating keys created by key generation, the shared secret type, and the | ||
/// encapsulated key type | ||
pub trait DhKem { | ||
/// The type that will implement [`Decapsulate`] | ||
type DecapsulatingKey: Decapsulate<Self::EncapsulatedKey, Self::SharedSecret>; | ||
|
||
/// The type that will implement [`Encapsulate`] | ||
type EncapsulatingKey: Encapsulate<Self::EncapsulatedKey, Self::SharedSecret>; | ||
|
||
/// The type of the encapsulated key | ||
type EncapsulatedKey; | ||
|
||
/// The type of the shared secret | ||
type SharedSecret; | ||
|
||
/// Generates a new (decapsulating key, encapsulating key) keypair for the KEM | ||
/// model | ||
fn random_keypair( | ||
rng: &mut impl CryptoRngCore, | ||
) -> (Self::DecapsulatingKey, Self::EncapsulatingKey); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems somewhat similar to the EncappedKey
trait from kem
v0.2 which was removed in the latest prerelease: https://docs.rs/kem/0.2.0/kem/trait.EncappedKey.html
cc @rozbb
From my POV, I think the remaining TODOs are as follows:
Regarding |
Going to merge this as a spike and make some follow-up changes |
This replaces RustCrypto/traits#1556 and puts the
Encapsulate
andDecapsulate
implementations into their own newtype. It probably needs some actual documentation at some point as well.As an extension, maybe the
DhKem
trait should be promotedtraits/kem
asKEM
, asKeyGen() -> (PrivateKey, PublicKey)
is also part of the standard KEM model and provides a central trait forimpl<k1, k2> KEM for TlsKemCombiner<k1, k2> where k1, k2: KEM
. That way, we can just writetype X25519Kyber768Draft00 = TlsKemCombiner<dhkem::X25519, MlKem768>
once theml-kem
crate gets updated.