Skip to content

kem: use getrandom for Encapsulate::encapsulate #2141

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
tarcieri merged 1 commit into from
Dec 26, 2025
Merged

kem: use getrandom for Encapsulate::encapsulate #2141

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion crypto-common/src/generate.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ impl<U: ArraySize> Generate for Array<u64, U> {
}

#[cfg(feature = "getrandom")]
mod sys_rng {
pub(crate) mod sys_rng {
use getrandom::Error;
use rand_core::{TryCryptoRng, TryRngCore};

Expand Down
4 changes: 2 additions & 2 deletions crypto-common/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,10 +19,10 @@ mod generate;
pub use hybrid_array as array;
pub use hybrid_array::typenum;

#[cfg(feature = "getrandom")]
pub use getrandom::Error as RngError;
#[cfg(feature = "rand_core")]
pub use {generate::Generate, rand_core};
#[cfg(feature = "getrandom")]
pub use {generate::sys_rng::SysRng, getrandom::Error as RngError};

use core::fmt;
use hybrid_array::{
Expand Down
8 changes: 4 additions & 4 deletions kem/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,9 +18,9 @@ impl Encapsulate<SaberEncappedKey, SaberSharedSecret> for MyPubkey {
// Encapsulation is infallible
type Error = !;

fn encapsulate(
fn encapsulate_with_rng<R: TryCryptoRng + ?Sized>(
&self,
csprng: impl CryptoRngCore,
csprng: &mut R,
) -> Result<(SaberEncappedKey, SaberSharedSecret), !> {
let (ss, ek) = saber_encapsulate(&csprng, &self.0);
Ok((ek, ss))
Expand All @@ -43,9 +43,9 @@ impl Encapsulate<EphemeralKey, SharedSecret> for EncapContext {
// Encapsulation fails if signature verification fails
type Error = SigError;

fn encapsulate(
fn encapsulate_with_rng<R: TryCryptoRng + ?Sized>(
&self,
csprng: impl CryptoRngCore,
csprng: &mut R,
) -> Result<(EphemeralKey, SharedSecret), Self::Error> {
// Make a new ephemeral key. This will be the encapped key
let ek = EphemeralKey::gen(&mut csprng);
Expand Down
11 changes: 10 additions & 1 deletion kem/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,16 @@ pub trait Encapsulate<EK, SS> {
type Error: core::error::Error;

/// Encapsulates a fresh shared secret
fn encapsulate<R: TryCryptoRng + ?Sized>(&self, rng: &mut R) -> Result<(EK, SS), Self::Error>;
fn encapsulate_with_rng<R: TryCryptoRng + ?Sized>(
&self,
rng: &mut R,
) -> Result<(EK, SS), Self::Error>;

/// Encapsulate a fresh shared secret generated using the system's secure RNG.
#[cfg(feature = "getrandom")]
fn encapsulate(&self) -> Result<(EK, SS), Self::Error> {
self.encapsulate_with_rng(&mut crypto_common::SysRng)
}
}

/// A value that can be used to decapsulate an encapsulated key.
Expand Down