bc_components/mlkem/mlkem_ciphertext.rs
1use anyhow::{anyhow, bail, Error, Result};
2use dcbor::prelude::*;
3use pqcrypto_mlkem::*;
4use pqcrypto_traits::kem::Ciphertext;
5
6use crate::tags;
7
8use super::MLKEM;
9
10/// A ciphertext containing an encapsulated shared secret for ML-KEM.
11///
12/// `MLKEMCiphertext` represents a ciphertext produced by the ML-KEM
13/// (Module Lattice-based Key Encapsulation Mechanism) post-quantum algorithm
14/// during the encapsulation process. It contains an encapsulated shared secret
15/// that can only be recovered by the corresponding private key.
16///
17/// It supports multiple security levels through the variants:
18///
19/// - `MLKEM512`: NIST security level 1 (roughly equivalent to AES-128), 768 bytes
20/// - `MLKEM768`: NIST security level 3 (roughly equivalent to AES-192), 1088 bytes
21/// - `MLKEM1024`: NIST security level 5 (roughly equivalent to AES-256), 1568 bytes
22///
23/// # Examples
24///
25/// ```
26/// use bc_components::MLKEM;
27///
28/// // Generate a keypair
29/// let (private_key, public_key) = MLKEM::MLKEM512.keypair();
30///
31/// // Encapsulate a shared secret using the public key
32/// let (shared_secret_a, ciphertext) = public_key.encapsulate_new_shared_secret();
33///
34/// // Decapsulate the shared secret using the private key
35/// let shared_secret_b = private_key.decapsulate_shared_secret(&ciphertext).unwrap();
36///
37/// // Both shared secrets should be the same
38/// assert_eq!(shared_secret_a, shared_secret_b);
39/// ```
40#[derive(Clone, PartialEq)]
41pub enum MLKEMCiphertext {
42 /// An ML-KEM-512 ciphertext (NIST security level 1)
43 MLKEM512(Box<mlkem512::Ciphertext>),
44 /// An ML-KEM-768 ciphertext (NIST security level 3)
45 MLKEM768(Box<mlkem768::Ciphertext>),
46 /// An ML-KEM-1024 ciphertext (NIST security level 5)
47 MLKEM1024(Box<mlkem1024::Ciphertext>),
48}
49
50impl MLKEMCiphertext {
51 /// Returns the security level of this ML-KEM ciphertext.
52 pub fn level(&self) -> MLKEM {
53 match self {
54 MLKEMCiphertext::MLKEM512(_) => MLKEM::MLKEM512,
55 MLKEMCiphertext::MLKEM768(_) => MLKEM::MLKEM768,
56 MLKEMCiphertext::MLKEM1024(_) => MLKEM::MLKEM1024,
57 }
58 }
59
60 /// Returns the size of this ML-KEM ciphertext in bytes.
61 pub fn size(&self) -> usize {
62 self.level().ciphertext_size()
63 }
64
65 /// Returns the raw bytes of this ML-KEM ciphertext.
66 pub fn as_bytes(&self) -> &[u8] {
67 match self {
68 MLKEMCiphertext::MLKEM512(ct) => ct.as_ref().as_bytes(),
69 MLKEMCiphertext::MLKEM768(ct) => ct.as_ref().as_bytes(),
70 MLKEMCiphertext::MLKEM1024(ct) => ct.as_ref().as_bytes(),
71 }
72 }
73
74 /// Creates an ML-KEM ciphertext from raw bytes and a security level.
75 ///
76 /// # Parameters
77 ///
78 /// * `level` - The security level of the ciphertext.
79 /// * `bytes` - The raw bytes of the ciphertext.
80 ///
81 /// # Returns
82 ///
83 /// An `MLKEMCiphertext` if the bytes represent a valid ciphertext for the given level,
84 /// or an error otherwise.
85 ///
86 /// # Errors
87 ///
88 /// Returns an error if the bytes do not represent a valid ML-KEM ciphertext
89 /// for the specified security level.
90 pub fn from_bytes(level: MLKEM, bytes: &[u8]) -> Result<Self> {
91 match level {
92 MLKEM::MLKEM512 => Ok(MLKEMCiphertext::MLKEM512(Box::new(
93 mlkem512::Ciphertext::from_bytes(bytes).map_err(|e| anyhow!(e))?,
94 ))),
95 MLKEM::MLKEM768 => Ok(MLKEMCiphertext::MLKEM768(Box::new(
96 mlkem768::Ciphertext::from_bytes(bytes).map_err(|e| anyhow!(e))?,
97 ))),
98 MLKEM::MLKEM1024 => Ok(MLKEMCiphertext::MLKEM1024(Box::new(
99 mlkem1024::Ciphertext::from_bytes(bytes).map_err(|e| anyhow!(e))?,
100 ))),
101 }
102 }
103}
104
105/// Provides debug formatting for ML-KEM ciphertexts.
106impl std::fmt::Debug for MLKEMCiphertext {
107 /// Formats the ciphertext as a string for debugging purposes.
108 fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
109 match self {
110 MLKEMCiphertext::MLKEM512(_) => f.write_str("MLKEM512Ciphertext"),
111 MLKEMCiphertext::MLKEM768(_) => f.write_str("MLKEM768Ciphertext"),
112 MLKEMCiphertext::MLKEM1024(_) => f.write_str("MLKEM1024Ciphertext"),
113 }
114 }
115}
116
117/// Defines CBOR tags for ML-KEM ciphertexts.
118impl CBORTagged for MLKEMCiphertext {
119 /// Returns the CBOR tag for ML-KEM ciphertexts.
120 fn cbor_tags() -> Vec<Tag> {
121 tags_for_values(&[tags::TAG_MLKEM_CIPHERTEXT])
122 }
123}
124
125/// Converts an `MLKEMCiphertext` to CBOR.
126impl From<MLKEMCiphertext> for CBOR {
127 /// Converts to tagged CBOR.
128 fn from(value: MLKEMCiphertext) -> Self {
129 value.tagged_cbor()
130 }
131}
132
133/// Implements CBOR encoding for ML-KEM ciphertexts.
134impl CBORTaggedEncodable for MLKEMCiphertext {
135 /// Creates the untagged CBOR representation as an array with level and ciphertext bytes.
136 fn untagged_cbor(&self) -> CBOR {
137 vec![self.level().into(), CBOR::to_byte_string(self.as_bytes())].into()
138 }
139}
140
141/// Attempts to convert CBOR to an `MLKEMCiphertext`.
142impl TryFrom<CBOR> for MLKEMCiphertext {
143 type Error = Error;
144
145 /// Converts from tagged CBOR.
146 fn try_from(cbor: CBOR) -> Result<Self, Self::Error> {
147 Self::from_tagged_cbor(cbor)
148 }
149}
150
151/// Implements CBOR decoding for ML-KEM ciphertexts.
152impl CBORTaggedDecodable for MLKEMCiphertext {
153 /// Creates an `MLKEMCiphertext` from untagged CBOR.
154 ///
155 /// # Errors
156 /// Returns an error if the CBOR value doesn't represent a valid ML-KEM ciphertext.
157 fn from_untagged_cbor(untagged_cbor: CBOR) -> Result<Self> {
158 match untagged_cbor.as_case() {
159 CBORCase::Array(elements) => {
160 if elements.len() != 2 {
161 bail!("MLKEMCiphertext must have two elements");
162 }
163
164 let level = MLKEM::try_from(elements[0].clone())?;
165 let data = CBOR::try_into_byte_string(elements[1].clone())?;
166 MLKEMCiphertext::from_bytes(level, &data)
167 }
168 _ => bail!("MLKEMCiphertext must be an array"),
169 }
170 }
171}