Rust guest example: fix unused functions for wasmtime

Also slightly change the DH and encapsulate APIs to be more explicit
about their parameters.

implementations/bindings/rust/Cargo.toml

@@ -9,4 +9,4 @@ publish = false
 forced-target = "wasm32-wasi"
 
 [dependencies]
-num_enum = "0.5"
+num_enum = "0.5"

implementations/bindings/rust/src/kx/low/mod.rs

@@ -6,11 +6,8 @@ pub use key_pair::*;
 pub use public_key::*;
 pub use secret_key::*;
 
-use crate::common::ArrayOutput;
-use crate::error::*;
-use crate::raw;
-
-pub fn kx_dh(public_key: KxPublicKey, secret_key: KxSecretKey) -> Result<Vec<u8>, Error> {
-    let shared_secret_handle = unsafe { raw::kx_dh(public_key.0.handle, secret_key.0.handle)? };
-    ArrayOutput::new(shared_secret_handle).into_vec()
+#[derive(Debug)]
+pub struct EncapsulatedSecret {
+    pub secret: Vec<u8>,
+    pub encapsulated_secret: Vec<u8>,
 }

implementations/bindings/rust/src/kx/low/public_key.rs

@@ -1,3 +1,5 @@
+use super::secret_key::*;
+use super::EncapsulatedSecret;
 use crate::asymmetric_common::*;
 use crate::common::ArrayOutput;
 use crate::error::*;
@@ -67,12 +69,20 @@ impl KxPublicKey {
         self.0.local()
     }
 
-    pub fn encapsulate(&self) -> Result<(Vec<u8>, Vec<u8>), Error> {
+    pub fn dh(&self, secret_key: &KxSecretKey) -> Result<Vec<u8>, Error> {
+        if self.0.alg != secret_key.0.alg {
+            return Err(Error::IncompatibleKeys);
+        }
+        let shared_secret_handle = unsafe { raw::kx_dh(self.0.handle, secret_key.0.handle)? };
+        ArrayOutput::new(shared_secret_handle).into_vec()
+    }
+
+    pub fn encapsulate(&self) -> Result<EncapsulatedSecret, Error> {
         let (secret_handle, encapsulated_secret_handle) =
             unsafe { raw::kx_encapsulate(self.0.handle) }?;
-        Ok((
-            ArrayOutput::new(secret_handle).into_vec()?,
-            ArrayOutput::new(encapsulated_secret_handle).into_vec()?,
-        ))
+        Ok(EncapsulatedSecret {
+            secret: ArrayOutput::new(secret_handle).into_vec()?,
+            encapsulated_secret: ArrayOutput::new(encapsulated_secret_handle).into_vec()?,
+        })
     }
 }

implementations/bindings/rust/src/kx/low/secret_key.rs

@@ -31,6 +31,14 @@ impl KxSecretKey {
         )?))
     }
 
+    pub fn from_sec(alg: &'static str, encoded: impl AsRef<[u8]>) -> Result<Self, Error> {
+        Ok(KxSecretKey(SecretKey::from_sec(
+            raw::ALGORITHM_TYPE_KEY_EXCHANGE,
+            alg,
+            encoded,
+        )?))
+    }
+
     pub fn from_local(alg: &'static str, encoded: impl AsRef<[u8]>) -> Result<Self, Error> {
         Ok(KxSecretKey(SecretKey::from_local(
             raw::ALGORITHM_TYPE_KEY_EXCHANGE,
@@ -51,11 +59,16 @@ impl KxSecretKey {
         self.0.pem()
     }
 
+    pub fn sec(&self) -> Result<Vec<u8>, Error> {
+        self.0.sec()
+    }
+
     pub fn local(&self) -> Result<Vec<u8>, Error> {
         self.0.local()
     }
 
-    pub fn decapsulate(&self, encapsulated_secret: &[u8]) -> Result<Vec<u8>, Error> {
+    pub fn decapsulate(&self, encapsulated_secret: impl AsRef<[u8]>) -> Result<Vec<u8>, Error> {
+        let encapsulated_secret = encapsulated_secret.as_ref();
         let secret_handle = unsafe {
             raw::kx_decapsulate(
                 self.0.handle,

implementations/bindings/rust/src/test.rs

@@ -5,7 +5,7 @@ mod test {
     fn test_symmetric() -> Result<(), WasiCryptoError> {
         let mut options = SymmetricOptions::new();
         let nonce = [0u8; 12];
-        options.set("nonce", &nonce)?;
+        options.set("nonce", nonce)?;
         let key = SymmetricKey::generate("AES-128-GCM", Some(&options))?;
         let mut state = SymmetricState::new("AES-128-GCM", Some(&key), Some(&options))?;
         let ciphertext = state.encrypt(b"test")?;
@@ -37,7 +37,7 @@ mod test {
 
     #[test]
     fn test_signatures() -> Result<(), WasiCryptoError> {
-        let _ = SignaturePublicKey::from_raw("Ed25519", &[0; 32])?;
+        let _ = SignaturePublicKey::from_raw("Ed25519", [0; 32])?;
 
         let kp = SignatureKeyPair::generate("Ed25519")?;
         let signature = kp.sign("hello")?;
@@ -104,7 +104,7 @@ mod test {
         let pk2 = kp2.publickey()?;
         let sk2 = kp2.secretkey()?;
 
-        assert_eq!(kx_dh(pk1, sk2)?, kx_dh(pk2, sk1)?);
+        assert_eq!(pk1.dh(&sk2)?, pk2.dh(&sk1)?);
 
         Ok(())
     }
@@ -115,11 +115,10 @@ mod test {
         let pk = kp.publickey()?;
         let sk = kp.secretkey()?;
 
-        let (secret, encapsulated_secret) = pk.encapsulate()?;
+        let kem_output = pk.encapsulate()?;
+        let decapsulated_secret = sk.decapsulate(kem_output.encapsulated_secret.as_slice())?;
 
-        let decapsulated_secret = sk.decapsulate(encapsulated_secret.as_slice())?;
-
-        assert_eq!(secret, decapsulated_secret);
+        assert_eq!(kem_output.secret, decapsulated_secret);
         Ok(())
     }
 }