respect experiment_libcrux_blake2 feature flag

ciphers/Cargo.toml

@@ -10,14 +10,12 @@ repository = "https://github.com/rosenpass/rosenpass"
 readme = "readme.md"
 
 [features]
-#default = ["experiment_libcrux_all"]
-
 experiment_libcrux_all = [
     "experiment_libcrux_blake2",
     "experiment_libcrux_chachapoly",
     "experiment_libcrux_kyber",
 ]
-experiment_libcrux_blake2 = ["dep:libcrux-blake2"]
+experiment_libcrux_blake2 = ["dep:libcrux-blake2", "dep:thiserror"]
 experiment_libcrux_chachapoly = ["dep:libcrux-chacha20poly1305", "dep:libcrux"]
 experiment_libcrux_kyber = ["dep:libcrux-ml-kem", "dep:rand"]
 
@@ -39,6 +37,7 @@ libcrux-blake2 = { workspace = true, optional = true }
 libcrux-ml-kem = { workspace = true, optional = true, features = ["kyber"] }
 sha3 = { workspace = true }
 rand = { workspace = true, optional = true }
+thiserror = { workspace = true, optional = true }
 
 [dev-dependencies]
 rand = { workspace = true }

ciphers/src/subtle/custom/incorrect_hmac_blake2b.rs

@@ -1,4 +1,3 @@
-use anyhow::ensure;
 use rosenpass_cipher_traits::{
     algorithms::KeyedHashIncorrectHmacBlake2b,
     primitives::{InferKeyedHash, KeyedHash, KeyedHashTo},
@@ -7,7 +6,13 @@ use rosenpass_constant_time::xor;
 use rosenpass_to::{ops::copy_slice, To};
 use zeroize::Zeroizing;
 
-use crate::subtle::rust_crypto::blake2b;
+#[cfg(not(feature = "experiment_libcrux_blake2"))]
+use crate::subtle::rust_crypto::blake2b::Blake2b;
+#[cfg(not(feature = "experiment_libcrux_blake2"))]
+use anyhow::Error;
+
+#[cfg(feature = "experiment_libcrux_blake2")]
+use crate::subtle::libcrux::blake2b::{Blake2b, Error};
 
 /// The key length, 32 bytes or 256 bits.
 pub const KEY_LEN: usize = 32;
@@ -42,7 +47,7 @@ pub const HASH_LEN: usize = 32;
 pub struct IncorrectHmacBlake2bCore;
 
 impl KeyedHash<KEY_LEN, HASH_LEN> for IncorrectHmacBlake2bCore {
-    type Error = anyhow::Error;
+    type Error = Error;
 
     fn keyed_hash(
         key: &[u8; KEY_LEN],
@@ -52,21 +57,17 @@ impl KeyedHash<KEY_LEN, HASH_LEN> for IncorrectHmacBlake2bCore {
         const IPAD: [u8; KEY_LEN] = [0x36u8; KEY_LEN];
         const OPAD: [u8; KEY_LEN] = [0x5Cu8; KEY_LEN];
 
-        // Not bothering with padding; the implementation
-        // uses appropriately sized keys.
-        ensure!(key.len() == KEY_LEN);
-
         type Key = Zeroizing<[u8; KEY_LEN]>;
         let mut tmp_key = Key::default();
 
         copy_slice(key).to(tmp_key.as_mut());
         xor(&IPAD).to(tmp_key.as_mut());
         let mut outer_data = Key::default();
-        blake2b::Blake2b::keyed_hash_to(&tmp_key, data).to(&mut outer_data)?;
+        Blake2b::keyed_hash_to(&tmp_key, data).to(&mut outer_data)?;
 
         copy_slice(key).to(tmp_key.as_mut());
         xor(&OPAD).to(tmp_key.as_mut());
-        blake2b::Blake2b::keyed_hash_to(&tmp_key, outer_data.as_ref()).to(out)?;
+        Blake2b::keyed_hash_to(&tmp_key, outer_data.as_ref()).to(out)?;
 
         Ok(())
     }

ciphers/src/subtle/keyed_hash.rs

@@ -30,8 +30,10 @@ impl KeyedHashInstance<KEY_LEN, HASH_LEN> for KeyedHash {
         out: &mut [u8; HASH_LEN],
     ) -> Result<(), Self::Error> {
         match self {
-            Self::KeyedShake256(h) => h.keyed_hash(key, data, out),
-            Self::IncorrectHmacBlake2b(h) => h.keyed_hash(key, data, out),
-        }
+            Self::KeyedShake256(h) => h.keyed_hash(key, data, out)?,
+            Self::IncorrectHmacBlake2b(h) => h.keyed_hash(key, data, out)?,
+        };
+
+        Ok(())
     }
 }

ciphers/src/subtle/libcrux/blake2b.rs

@@ -3,8 +3,11 @@ use rosenpass_cipher_traits::primitives::KeyedHash;
 
 use libcrux_blake2::Blake2bBuilder;
 
+#[derive(Debug, thiserror::Error)]
 pub enum Error {
+    #[error("internal error")]
     InternalError,
+    #[error("data is too long")]
     DataTooLong,
 }