Handling of algorithms which support variable key sizes #1952
Description
This issue a follow up on RustCrypto/block-ciphers#495
Right now API of the KeyInit/KeyIvInit/InnerInit traits support algorithms with variable key sizes (block ciphers and other algorithms built on top of them) using the new_from_slice(s) methods. For example, Blowfish supports key sizes from 4 to 56 bytes. The idea here is that the KeySize associated type indicates the "default" key size (usually the biggest key size), but if necessary algorithms could be initialized with key sizes which vary at runtime. The important difference between Blowfish and ciphers like AES (where we introduce separate block cipher types for each supported key size) is that for ciphers with variable key size support encryption/decryption does not depend on key size.
As argued by @tarcieri in the discussion, this approach may cause confusion when users want to support several key sizes, but do not know about the fact that we implemented support for them using the new_from_slice(s) methods. There is also a problem with some higher-level crates which do not properly account for variable key sizes. For example, ocb3 implements KeyInit directly without accounting for new_from_slice. Arguably, it should instead implement the InnerInit trait and rely on the blanket impls.
We have two options:
- Keep the current API and intent behind it intact. Improve docs to better explain how to deal with variable key sizes. Fix the higher-level crates.
- Make implementations generic over key sizes with appropriate trait bounds. It would make it clearer for users that the algorithm supports different key sizes. We would lose support for initializing algorithms with key sizes variable at runtime, but it's arguably an anti-pattern and not that important in practice. With this option it also may be reasonable to remove the
new_from_slice(s)methods from our traits.
Personally, I lean towards the first option, but it's not a strong opinion.