Remove CryptoGenerator and reduce BlockRng to BlockBuffer #68
Conversation
|
|
The names are consistent. What is the motivation for making |
|
Separation of concerns. IMO self.core.zeroize();
self.buffer = Default::default();
zeroize::optimization_barrier(&self.buffer)While the wrapper would result in a less straightforward code. The same applies to serialization as well. |
If they were truly separate components I'd agree, but the only pub methods not needing both parameters are I see you succeeded in convincing @tarcieri to make |
|
@newpavlov I made significant additions to this PR; please re-review. |
dhardy
changed the title
| impl<W: Word + Default, const N: usize, G: Generator<Output = [W; N]>> BlockRng<G> { | ||
| /// Create a new `BlockRng` from an existing RNG implementing | ||
| /// `Generator`. Results will be generated on first use. | ||
| impl<W: Word + Default, const N: usize, G: BlockRng<Output = [W; N]>> Default for BlockBuffer<G> { |
There was a problem hiding this comment.
Word is already bounded by Default via the Sealed trait.
And I think we can simplify the bound to just UPD: No, we use G::Output: Default, no?Word functionality in the implementation.
| /// | ||
| /// Returns `None` if `remaining_results` is too long. | ||
| pub fn reconstruct(core: G, remaining_results: &[W]) -> Option<Self> { | ||
| pub fn reconstruct(remaining_results: &[W]) -> Option<Self> { |
There was a problem hiding this comment.
Is this method used in practice? I think we had a discussion about this and came to conclusion that it's better to use serialization/deserialization over [W; N] instead of &[W].
There was a problem hiding this comment.
Yes, it is used: https://github.com/rust-random/rngs/blob/master/rand_isaac/src/isaac.rs#L171
And no, that is the conclusion that you came to. My conclusion was that where fixed-size serialization is preferred it is still possible with this approach (since N is known), while the reverse is not with your approach (and variable length serialization is preferable if the output format happens to be something like JSON).
There was a problem hiding this comment.
Sure, whatever...
But at least add methods for fixed-sized (de)serialization. It would mean that your struct has two ways of handling it, but so be it.
| - `BlockRng::reset` method ([#44]) | ||
| - `BlockRng::index` method (replaced with `BlockRng::word_offset`) ([#44]) | ||
| - `Generator::Item` associated type ([#26]) | ||
| - `CryptoBlockRng` ([#68]) |
| #[derive(Clone)] | ||
| pub struct BlockRng<G: Generator> { | ||
| #[allow(missing_debug_implementations)] | ||
| pub struct BlockBuffer<G: BlockRng> { |
There was a problem hiding this comment.
Use R instead of G like in all other bounds?
| @@ -98,32 +89,12 @@ pub trait Generator { | |||
| /// | |||
| /// This must fill `output` with random data. | |||
| fn generate(&mut self, output: &mut Self::Output); | |||
There was a problem hiding this comment.
Maybe rename the method to next_block for consistency with the Rng methods?
| /// | ||
| /// This type encompasses a [`Generator`] [`core`](Self::core) and a buffer. | ||
| /// This type does not encapuslate a [`BlockRng`], but is designed to be used | ||
| /// alongside one. |
There was a problem hiding this comment.
It would be nice to explicitly document that BlockBuffer::default() initializes all bits of the state to make it friendlier to the optimization_barrier-based zeroization.
|
Regarding the renaming, the largest problem is actually that we use 'core' to refer to the So,
The new The old name Since the main argument for separation of the core and the buffer seems to be zeroization and alternatives need specific documentation, why don't we just add a method like To avoid complicating history of a single PR too much I will close this one and replace it. |
CHANGELOG.mdentryMotivation
rust-random/rand#1722 makes this useless.
Other
Any suggestions for a new name for
trait Generator? As-is it matches its most importantgeneratemethod, so the name doesn't seem too bad.