Merge pull request #7 from doublegate/dependabot/cargo/rand-0.9

deps(deps): Update rand requirement from 0.8 to 0.9

Author: doublegate

Cargo.toml

@@ -50,7 +50,8 @@ x25519-dalek = { version = "2.0", features = ["static_secrets"] }
 ed25519-dalek = { version = "2.1", features = ["rand_core"] }
 blake3 = "1.5"
 snow = "0.9"
-rand = "0.8"
+rand = "0.9"
+rand_core = "0.6"
 zeroize = { version = "1.7", features = ["derive"] }
 getrandom = "0.2"
 

crates/wraith-crypto/Cargo.toml

@@ -14,7 +14,7 @@ x25519-dalek = { workspace = true }
 ed25519-dalek = { workspace = true }
 blake3 = { workspace = true }
 snow = { workspace = true }
-rand = { workspace = true }
+rand_core = { workspace = true }
 zeroize = { workspace = true }
 getrandom = { workspace = true }
 thiserror = { workspace = true }

crates/wraith-crypto/src/elligator.rs

@@ -4,6 +4,7 @@
 //! making key exchange indistinguishable from random data.
 
 use crate::CryptoError;
+use rand_core::OsRng;
 
 /// Elligator2 representative (encoded public key)
 pub struct Representative([u8; 32]);
@@ -28,7 +29,7 @@ pub fn generate_encodable_keypair()
 -> Result<(x25519_dalek::StaticSecret, Representative), CryptoError> {
     // TODO: Implement proper Elligator2 encoding
     // For now, return a placeholder
-    let secret = x25519_dalek::StaticSecret::random_from_rng(rand::thread_rng());
+    let secret = x25519_dalek::StaticSecret::random_from_rng(OsRng);
     let public = x25519_dalek::PublicKey::from(&secret);
 
     // Placeholder: just use the public key bytes
@@ -42,3 +43,46 @@ pub fn decode_representative(repr: &Representative) -> x25519_dalek::PublicKey {
     // For now, treat representative as raw public key bytes
     x25519_dalek::PublicKey::from(repr.0)
 }
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn test_generate_encodable_keypair() {
+        // Test that keypair generation succeeds
+        let result = generate_encodable_keypair();
+        assert!(result.is_ok());
+
+        let (secret, representative) = result.unwrap();
+
+        // Verify representative has valid bytes
+        let repr_bytes = representative.as_bytes();
+        assert_eq!(repr_bytes.len(), 32);
+
+        // Verify the representative can be decoded back to a public key
+        let decoded_public = decode_representative(&representative);
+
+        // The decoded public key should match the one derived from the secret
+        let expected_public = x25519_dalek::PublicKey::from(&secret);
+        assert_eq!(decoded_public.as_bytes(), expected_public.as_bytes());
+    }
+
+    #[test]
+    fn test_representative_roundtrip() {
+        // Test Representative from_bytes and as_bytes
+        let original_bytes = [0x42u8; 32];
+        let repr = Representative::from_bytes(original_bytes);
+        assert_eq!(repr.as_bytes(), &original_bytes);
+    }
+
+    #[test]
+    fn test_multiple_keypairs_are_unique() {
+        // Generate multiple keypairs and verify they are different
+        let (_, repr1) = generate_encodable_keypair().unwrap();
+        let (_, repr2) = generate_encodable_keypair().unwrap();
+
+        // Representatives should be different (with overwhelming probability)
+        assert_ne!(repr1.as_bytes(), repr2.as_bytes());
+    }
+}