crypto: remove unused error sets

[Rexicon226]

This chain of functions can't return NonCanonicalError and KeyMismatchError.
cc @jedisct1

[jedisct1]

Using the correct public key with EdDSA is critical.

These errors are included intentionally in the error set, for functions that accept both the secret scalar and the public key, because we can recompute the public key and verify that it is consistent with the one that was given to the function.

It comes with a performance hit, so this is something that may be enabled only in Debug mode. But applications should be aware that these functions may eventually return such errors.

[Rexicon226]

Ah, so these errors just haven't been implemented yet?

I see that there's an assert right now,

zig/lib/std/crypto/25519/ed25519.zig

Lines 298 to 302 in 0cf6ae2

	if (std.debug.runtime_safety) {
	const pk_p = try Curve.fromBytes(secret_key.publicKeyBytes());
	const recomputed_kp = try generateDeterministic(secret_key.seed());
	debug.assert(mem.eql(u8, &recomputed_kp.public_key.toBytes(), &pk_p.toBytes()));
	}

Will this eventually be turned into an error instead of an assertion?

[jedisct1]

Turning that assertion into an error is a good idea.

fromSecretKey() is a bit different from other functions, as it checks the consistency of a secret key. There's a public key embedded in it, but from an application perspective, the entire thing is just a secret key. Returning EncodingError would make more sense than KeyMismatch here, and it is already in the error set.
Edit: #22944

[jedisct1]

Ah, so these errors just haven't been implemented yet?

Yes, but implementing this has always been part of the plan, so the error set is intended to future-proof these functions.

[Rexicon226]

Makes sense! I'll close this then :)