Discrepancy between doc and implementation in KeyMaterial::concatenate #6
Description
Title
Discrepancy between documentation and implementation in KeyMaterial::concatenate
Description
I have noticed a contradiction between the rustdoc comments and the actual implementation of the KeyMaterial::concatenate method in crypto/core-interface/src/key_material.rs.
Documentation states- The documentation explicitly states that concatenating a full entropy key with a low entropy key should downgrade the result to a low entropy key:
"The resulting [KeyType] and security strength will be the lesser of the two keys."
...
"Concatenating a full entropy key with a low entropy key will result in a low entropy key."
(Source: crypto/core-interface/src/key_material.rs lines 156-164)
Implementation does- However, the implementation uses max() instead of min():
self.key_type = max(&self.key_type, &other.key_type()).clone();
self.security_strength = max(&self.security_strength, &other.security_strength()).clone();(Source: crypto/core-interface/src/key_material.rs lines 569-570)
The Conflict- According to the PartialOrd implementation for KeyType, BytesLowEntropy is less than BytesFullEntropy (BytesLowEntropy < BytesFullEntropy).
Therefore, calling max() on these two types will result in BytesFullEntropy, effectively "upgrading" the security level of the low entropy key, which contradicts the "safe usage" design philosophy described in the documentation.
Fix- The implementation should likely be changed to use min() to adhere to the conservative security model described in the docs.
// Proposed change
use bouncycastle_utils::min;
// ... inside concatenate ...
self.key_type = min(&self.key_type, &other.key_type()).clone();
self.security_strength = min(&self.security_strength, &other.security_strength()).clone();I hope this issue serves a good purpose...