Bump kem crate dependency to v0.4.0-rc.0 (#169)

This primarily includes changes to key generation, notably leveraging
the `crypto_common::Generate` trait and changing
`Encapsulate::encapsulate` to `Encapsulate::encapsulate_with_rng`.

See RustCrypto/traits#2140 and RustCrypto/traits#2141

It also adds a `getrandom` feature to every crate with `kem` crate
support.

Author: tarcieri

Cargo.lock

@@ -15,6 +15,7 @@ ml-kem = { path = "./ml-kem" }
 
 elliptic-curve = { git = "https://github.com/RustCrypto/traits" }
 ff = { git = "https://github.com/tarcieri/ff", branch = "rand_core/v0.10.0-rc-2" }
+getrandom = { git = "https://github.com/rust-random/getrandom" }
 group = { git = "https://github.com/tarcieri/group", branch = "rand_core/v0.10.0-rc-2" }
 p256 = { git = "https://github.com/RustCrypto/elliptic-curves " }
 primefield = { git = "https://github.com/RustCrypto/elliptic-curves " }

Cargo.toml

@@ -14,7 +14,7 @@ keywords = ["crypto", "ecdh", "ecc"]
 readme = "README.md"
 
 [dependencies]
-kem = "=0.4.0-pre.2"
+kem = "0.4.0-rc.0"
 rand_core = "0.10.0-rc-2"
 
 # optional dependencies
@@ -27,14 +27,16 @@ x25519 = { version = "=3.0.0-pre.1", package = "x25519-dalek", optional = true,
 zeroize = { version = "1.8.1", optional = true, default-features = false }
 
 [dev-dependencies]
+getrandom = { version = "0.3.4", features = ["sys_rng"] }
 hex-literal = "1"
 hkdf = "0.13.0-rc.3"
-rand = "0.10.0-rc.1"
 sha2 = "0.11.0-rc.3"
 
 [features]
 default = ["zeroize"]
+
 ecdh = ["dep:elliptic-curve", "elliptic-curve/ecdh"]
+getrandom = ["kem/getrandom"]
 k256 = ["dep:k256", "ecdh"]
 p256 = ["dep:p256", "ecdh"]
 p384 = ["dep:p384", "ecdh"]

dhkem/Cargo.toml

@@ -21,7 +21,7 @@ where
 {
     type Error = Infallible;
 
-    fn encapsulate<R: TryCryptoRng + ?Sized>(
+    fn encapsulate_with_rng<R: TryCryptoRng + ?Sized>(
         &self,
         rng: &mut R,
     ) -> Result<(PublicKey<C>, SharedSecret<C>), Self::Error> {

dhkem/src/ecdh_kem.rs

@@ -12,7 +12,7 @@ pub struct X25519Kem;
 impl Encapsulate<PublicKey, SharedSecret> for DhEncapsulator<PublicKey> {
     type Error = Infallible;
 
-    fn encapsulate<R: TryCryptoRng + ?Sized>(
+    fn encapsulate_with_rng<R: TryCryptoRng + ?Sized>(
         &self,
         rng: &mut R,
     ) -> Result<(PublicKey, SharedSecret), Self::Error> {

dhkem/src/x25519_kem.rs

@@ -81,7 +81,7 @@ fn test_dhkem_p256_hkdf_sha256() {
     assert_eq!(pkr.to_encoded_point(false).as_bytes(), &pkr_hex);
 
     let (pke, ss1) = pkr
-        .encapsulate(&mut ConstantRng(&hex!(
+        .encapsulate_with_rng(&mut ConstantRng(&hex!(
             "4995788ef4b9d6132b249ce59a77281493eb39af373d236a1fe415cb0c2d7beb"
         )))
         .expect("never fails");

dhkem/tests/hpke_p256_test.rs

@@ -1,6 +1,7 @@
 use dhkem::DhKem;
+use getrandom::SysRng;
 use kem::{Decapsulate, Encapsulate};
-use rand::rng;
+use rand_core::TryRngCore;
 
 trait SecretBytes {
     fn as_slice(&self) -> &[u8];
@@ -30,9 +31,9 @@ fn test_kem<K: DhKem>()
 where
     <K as DhKem>::SharedSecret: SecretBytes,
 {
-    let mut rng = rng();
+    let mut rng = SysRng.unwrap_err();
     let (sk, pk) = K::random_keypair(&mut rng);
-    let (ek, ss1) = pk.encapsulate(&mut rng).expect("never fails");
+    let (ek, ss1) = pk.encapsulate_with_rng(&mut rng).expect("never fails");
     let ss2 = sk.decapsulate(&ek).expect("never fails");
 
     assert_eq!(ss1.as_slice(), ss2.as_slice());

dhkem/tests/tests.rs

@@ -58,7 +58,7 @@ serde = ["dep:hex", "dep:serde"]
 aes = { version = "0.9.0-rc.2", optional = true }
 hex = { version = "0.4", optional = true }
 openssl-sys = { version = "0.9.104", optional = true }
-rand_core = { version = "0.10.0-rc-2", features = [] }
+rand_core = { version = "0.10.0-rc-3", features = [] }
 serde = { version = "1.0", features = ["derive"], optional = true }
 serdect = "0.4"
 subtle = "2.6"
@@ -80,10 +80,10 @@ zeroize = "1"
 [dev-dependencies]
 aes = "0.9.0-rc.2"
 criterion = "0.7"
+getrandom = { version = "0.3.4", features = ["sys_rng"] }
 hex = "0.4"
 hybrid-array = "0.4"
-rand = "0.10.0-rc.1"
-chacha20 = "0.10.0-rc.3"
+chacha20 = { version = "0.10.0-rc.6", features = ["rng"] }
 rstest = "0.26"
 postcard = { version = "1.0", features = ["use-std"] }
 serde_bare = "0.5"

frodo-kem/Cargo.toml

@@ -6,9 +6,10 @@
 //!
 //! ```
 //! use frodo_kem::Algorithm;
-//! use rand::{rngs::OsRng, TryRngCore};
+//! use getrandom::SysRng;
+//! use rand_core::TryRngCore;
 //!
-//! let mut rng = OsRng.unwrap_err();
+//! let mut rng = SysRng.unwrap_err();
 //! let alg = Algorithm::FrodoKem640Shake;
 //! let (ek, dk) = alg.generate_keypair(&mut rng);
 //! let (ct, enc_ss) = alg.encapsulate_with_rng(&ek, &mut rng).unwrap();
@@ -28,9 +29,10 @@
 //!
 //! ```
 //! use frodo_kem::Algorithm;
-//! use rand::{rngs::OsRng, RngCore, TryRngCore};
+//! use getrandom::SysRng;
+//! use rand_core::{RngCore, TryRngCore};
 //!
-//! let mut rng = OsRng.unwrap_err();
+//! let mut rng = SysRng.unwrap_err();
 //! let alg = Algorithm::FrodoKem1344Shake;
 //! let params = alg.params();
 //! let (ek, dk) = alg.generate_keypair(&mut rng);

frodo-kem/src/lib.rs

@@ -19,14 +19,15 @@ exclude = ["tests/key-gen.rs", "tests/key-gen.json", "tests/encap-decap.rs", "te
 alloc = ["pkcs8?/alloc"]
 
 deterministic = [] # Expose deterministic encapsulation functions
+getrandom = ["kem/getrandom"]
 pem = ["pkcs8/pem"]
 pkcs8 = ["dep:const-oid", "dep:pkcs8"]
 zeroize = ["dep:zeroize"]
 
 [dependencies]
-kem = "=0.4.0-pre.2"
+kem = "0.4.0-rc.0"
 hybrid-array = { version = "0.4.4", features = ["extra-sizes", "subtle"] }
-rand_core = "0.10.0-rc-2"
+rand_core = "0.10.0-rc-3"
 sha3 = { version = "0.11.0-rc.3", default-features = false }
 subtle = { version = "2", default-features = false }
 
@@ -37,10 +38,10 @@ zeroize = { version = "1.8.1", optional = true, default-features = false }
 
 [dev-dependencies]
 criterion = "0.7"
+getrandom = { version = "0.3.4", features = ["sys_rng"] }
 hex = { version = "0.4.3", features = ["serde"] }
 hex-literal = "1"
 num-rational = { version = "0.4.2", default-features = false, features = ["num-bigint"] }
-rand = "0.10.0-rc.1"
 serde = { version = "1.0.208", features = ["derive"] }
 serde_json = "1.0.125"