Key not supported consider redundant

Question

Key not supported consider redundant

sonder-joker opened this issue 3 years ago · 3 comments

Durning design test, I notice one thing that error code key_not_supported can never return.
For the chosen algorithm doesn't support keys, when you try to generate by key_generate/key_import, it always return error code invaild_operation, which mean you never get a key that underlying algorithm doesn't support key.
And when you input other kind key, it always return a invaild_key before get key_not_supported

Answer 1 · 2022-01-29T09:25:49.000Z

key_not_supported is returned when a key was provided, but the function doesn't support keys.

WIth the current algorithms, it can be returned when a key has been supplied with SHA-2 (the hash function, not in a HMAC construction). Other hash functions can support an optional key.

Answer 2 · 2022-01-29T09:30:08.000Z

key_generate()/key_import() should return key_not_supported in that case. Or do you think the generic invalid_operation error would be good enough in that context?

The distinction can be useful to applications, but if this makes the implementation more complicated, we can indeed merge both error codes.

Answer 3 · 2022-01-29T09:32:24.000Z

Oh I misunderstood the code. Thanks, I think key_not_supported is well enough .