Note that Encap is fallible.

cfrg / draft-irtf-cfrg-hpke

Hybrid Public Key Encryption

Other

49 stars 29 forks source link

Note that Encap is fallible. #234

Closed chris-wood closed 3 years ago

chris-wood commented 3 years ago

DH() can fail, so Encap() can fail as well. This PR makes this explicit, and notes that some implementations may choose to upcast errors if desired.

cc @rozbb

rozbb commented 3 years ago

One thing I think is still unclear: when DH() raises ValidationError when being called by Decap() does that get upcasted to a DecapError or not? If so, then is it optional like in Encap()? If not, then when is a DecapError ever created?

chris-wood commented 3 years ago

One thing I think is still unclear: when DH() raises ValidationError when being called by Decap() does that get upcasted to a DecapError or not? If so, then is it optional like in Encap()? If not, then when is a DecapError ever created?

This seems to be an implementation-specific decision, so, yes, it's optional. Future KEMs might make EncapError or DecapError more explicit, so I think it's best to leave them as-is for now.

rozbb commented 3 years ago

Ok I made a comment that clarifies that