crypto: offer HpkeSuite from Hpke trait

This will make it easier to drop the `HpkeProvider` trait. The only
implementation, in the `provider-example` crate, is reworked to support
the new trait fn. We can make this breaking change without worrying
about semver because the `crypto::hpke` module is docs-hidden and has
been considered an internal unstable API.

This change also allows deriving `Debug` for the provider example
`HpkeRs` struct.

1 files changed, 20 insertions, 15 deletions

diff --git a/provider-example/src/hpke.rs b/provider-example/src/hpke.rs
index 8fbbd952..a2269f27 100644
--- a/provider-example/src/hpke.rs
+++ b/provider-example/src/hpke.rs
@@ -1,7 +1,7 @@
 use alloc::boxed::Box;
 use alloc::sync::Arc;
 use alloc::vec::Vec;
-use core::fmt::{Debug, Formatter};
+use core::fmt::Debug;
 use std::error::Error as StdError;
 
 use hpke_rs_crypto::types::{AeadAlgorithm, KdfAlgorithm, KemAlgorithm};
@@ -21,12 +21,7 @@ struct HpkeRsProvider {}
 
 impl HpkeProvider for HpkeRsProvider {
     fn start(&self, suite: &HpkeSuite) -> Result<Box<dyn Hpke + 'static>, Error> {
-        Ok(Box::new(HpkeRs(hpke_rs::Hpke::new(
-            hpke_rs::Mode::Base,
-            KemAlgorithm::try_from(u16::from(suite.kem)).map_err(other_err)?,
-            KdfAlgorithm::try_from(u16::from(suite.sym.kdf_id)).map_err(other_err)?,
-            AeadAlgorithm::try_from(u16::from(suite.sym.aead_id)).map_err(other_err)?,
-        ))))
+        Ok(Box::new(HpkeRs(*suite)))
     }
 
     fn supports_suite(&self, suite: &HpkeSuite) -> bool {
@@ -44,11 +39,17 @@ impl HpkeProvider for HpkeRsProvider {
     }
 }
 
-struct HpkeRs(hpke_rs::Hpke<HpkeRustCrypto>);
+#[derive(Debug)]
+struct HpkeRs(HpkeSuite);
 
-impl Debug for HpkeRs {
-    fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
-        f.debug_struct("HpkeRsHpke").finish()
+impl HpkeRs {
+    fn start(&self) -> Result<hpke_rs::Hpke<HpkeRustCrypto>, Error> {
+        Ok(hpke_rs::Hpke::new(
+            hpke_rs::Mode::Base,
+            KemAlgorithm::try_from(u16::from(self.0.kem)).map_err(other_err)?,
+            KdfAlgorithm::try_from(u16::from(self.0.sym.kdf_id)).map_err(other_err)?,
+            AeadAlgorithm::try_from(u16::from(self.0.sym.aead_id)).map_err(other_err)?,
+        ))
     }
 }
 
@@ -62,7 +63,7 @@ impl Hpke for HpkeRs {
     ) -> Result<(EncapsulatedSecret, Vec<u8>), Error> {
         let pk_r = hpke_rs::HpkePublicKey::new(pub_key.0.clone());
         let (enc, ciphertext) = self
-            .0
+            .start()?
             .seal(&pk_r, info, aad, plaintext, None, None, None)
             .map_err(other_err)?;
         Ok((EncapsulatedSecret(enc.to_vec()), ciphertext))
@@ -75,7 +76,7 @@ impl Hpke for HpkeRs {
     ) -> Result<(EncapsulatedSecret, Box<dyn HpkeSealer + 'static>), Error> {
         let pk_r = hpke_rs::HpkePublicKey::new(pub_key.0.clone());
         let (enc, context) = self
-            .0
+            .start()?
             .setup_sender(&pk_r, info, None, None, None)
             .map_err(other_err)?;
         Ok((
@@ -93,7 +94,7 @@ impl Hpke for HpkeRs {
         secret_key: &HpkePrivateKey,
     ) -> Result<Vec<u8>, Error> {
         let sk_r = hpke_rs::HpkePrivateKey::new(secret_key.secret_bytes().to_vec());
-        self.0
+        self.start()?
             .open(
                 enc.0.as_slice(),
                 &sk_r,
@@ -116,11 +117,15 @@ impl Hpke for HpkeRs {
         let sk_r = hpke_rs::HpkePrivateKey::new(secret_key.secret_bytes().to_vec());
         Ok(Box::new(HpkeRsReceiver {
             context: self
-                .0
+                .start()?
                 .setup_receiver(enc.0.as_slice(), &sk_r, info, None, None, None)
                 .map_err(other_err)?,
         }))
     }
+
+    fn suite(&self) -> HpkeSuite {
+        self.0
+    }
 }
 
 #[derive(Debug)]