kem: bound Encapsulate on TryKeyInit + KeyExport#2215
Merged
Conversation
The `Encapsulate` trait is for KEM public keys, which we need to be able to serialize/deserialize for them to be useful. We don't want to enforce a similar bound for `Decapsulate` though, since those are secret keys that may be stored in an HSM/SEP/TPM which prevents export.
tarcieri
added a commit
to RustCrypto/KEMs
that referenced
this pull request
Jan 23, 2026
Also adds a `KeySizeUser` impl. This is a companion PR to RustCrypto/traits#2215 which added a bound to the `Encapsulate` trait for `TryKeyInit + KeyExport` from `crypto-common`. These traits both have a supertrait bound on `KeySizeUser`, which defines an `ArraySize` for a fixed-size key. The other two provide common traits for fallible decoding and encoding respectively, where the former uses the common `InvalidKey` type also defined in the `crypto-common` crate. This was one big missing gap for generic KEM use. Some traits we need aren't being re-exported from `kem` and it doesn't do a re-export of `crypto-common` so this has a few TODOs to follow up on that. We need to get this landed first though.
tarcieri
added a commit
to RustCrypto/KEMs
that referenced
this pull request
Jan 23, 2026
Also adds a `KeySizeUser` impl. This is a companion PR to RustCrypto/traits#2215 which added a bound to the `Encapsulate` trait for `TryKeyInit + KeyExport` from `crypto-common`. These traits both have a supertrait bound on `KeySizeUser`, which defines an `ArraySize` for a fixed-size key. The other two provide common traits for fallible decoding and encoding respectively, where the former uses the common `InvalidKey` type also defined in the `crypto-common` crate. This was one big missing gap for generic KEM use. Some traits we need aren't being re-exported from `kem` and it doesn't do a re-export of `crypto-common` so this has a few TODOs to follow up on that. We need to get this landed first though.
tarcieri
added a commit
to RustCrypto/KEMs
that referenced
this pull request
Jan 23, 2026
Also adds a `KeySizeUser` impl. This is a companion PR to RustCrypto/traits#2215 which added a bound to the `Encapsulate` trait for `TryKeyInit + KeyExport` from `crypto-common`. These traits both have a supertrait bound on `KeySizeUser`, which defines an `ArraySize` for a fixed-size key. The other two provide common traits for fallible decoding and encoding respectively, where the former uses the common `InvalidKey` type also defined in the `crypto-common` crate. This was one big missing gap for generic KEM use. Some traits we need aren't being re-exported from `kem` and it doesn't do a re-export of `crypto-common` so this has a few TODOs to follow up on that. We need to get this landed first though.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The
Encapsulatetrait is for KEM public keys, which we need to be able to serialize/deserialize for them to be useful.We don't want to enforce a similar bound for
Decapsulatethough, since those are secret keys that may be stored in an HSM/SEP/TPM which prevents export.