I tried to introduce a Buffer type (#116, reverted in #118) for the in-place API which takes care of slicing the message and MAC portions of the in-place buffer for you, in hopes of improving the ergonomics and abstracting over the odd way in which the plaintext portion of a message starts in the middle of the buffer instead of the beginning.
My original goal was to have Buffer wrap a &[u8] and use Into<Buffer> to bound the buffer type passed into the in-place APIs, allowing the caller's choice of either a byte slice or a Buffer to be passed.
Unfortunately, this doesn't work because we'd need to coerce a reference into an owned type. We could do that with an unsafe pointer cast, but I was hoping to avoid that, so I experimented with having Buffer<T> wrap an owned type with bounds AsRef<&[u8]> and AsMut<&[u8]>, allowing it to wrap either Vec or fixed-sized arrays, and then just passing &Buffer<T> to all the in-place APIs (i.e. mandating use of Buffer instead of allowing either a buffer or a slice).
All of that was slightly annoying but the owned type seemed to be working ok. That was until I realized AsRef and AsMut, in a pre-const generics world, are only implemented for fixed-sized arrays up to 32, which was a showstopper.
I think having a Buffer type is still worth investigating, as the present in-place ergonomics still leave quite a bit to be desired. I think it might be worth investigating the unsafe pointer cast option, although it would violate Miscreant's "all safe Rust" selling point.
I tried to introduce a
Buffertype (#116, reverted in #118) for the in-place API which takes care of slicing the message and MAC portions of the in-place buffer for you, in hopes of improving the ergonomics and abstracting over the odd way in which the plaintext portion of a message starts in the middle of the buffer instead of the beginning.My original goal was to have
Bufferwrap a&[u8]and useInto<Buffer>to bound the buffer type passed into the in-place APIs, allowing the caller's choice of either a byte slice or aBufferto be passed.Unfortunately, this doesn't work because we'd need to coerce a reference into an owned type. We could do that with an unsafe pointer cast, but I was hoping to avoid that, so I experimented with having
Buffer<T>wrap an owned type with boundsAsRef<&[u8]>andAsMut<&[u8]>, allowing it to wrap eitherVecor fixed-sized arrays, and then just passing&Buffer<T>to all the in-place APIs (i.e. mandating use ofBufferinstead of allowing either a buffer or a slice).All of that was slightly annoying but the owned type seemed to be working ok. That was until I realized
AsRefandAsMut, in a pre-const generics world, are only implemented for fixed-sized arrays up to 32, which was a showstopper.I think having a
Buffertype is still worth investigating, as the present in-place ergonomics still leave quite a bit to be desired. I think it might be worth investigating the unsafe pointer cast option, although it would violate Miscreant's "all safe Rust" selling point.