bc_components/mlkem/mlkem_ciphertext.rs
1use anyhow::{ anyhow, Result };
2use pqcrypto_mlkem::*;
3use pqcrypto_traits::kem::Ciphertext;
4use dcbor::prelude::*;
5use crate::tags;
6use super::MLKEM;
7
8/// A ciphertext containing an encapsulated shared secret for ML-KEM.
9///
10/// `MLKEMCiphertext` represents a ciphertext produced by the ML-KEM
11/// (Module Lattice-based Key Encapsulation Mechanism) post-quantum algorithm
12/// during the encapsulation process. It contains an encapsulated shared secret
13/// that can only be recovered by the corresponding private key.
14///
15/// It supports multiple security levels through the variants:
16///
17/// - `MLKEM512`: NIST security level 1 (roughly equivalent to AES-128), 768 bytes
18/// - `MLKEM768`: NIST security level 3 (roughly equivalent to AES-192), 1088 bytes
19/// - `MLKEM1024`: NIST security level 5 (roughly equivalent to AES-256), 1568 bytes
20///
21/// # Examples
22///
23/// ```
24/// use bc_components::MLKEM;
25///
26/// // Generate a keypair
27/// let (private_key, public_key) = MLKEM::MLKEM512.keypair();
28///
29/// // Encapsulate a shared secret using the public key
30/// let (shared_secret_a, ciphertext) = public_key.encapsulate_new_shared_secret();
31///
32/// // Decapsulate the shared secret using the private key
33/// let shared_secret_b = private_key.decapsulate_shared_secret(&ciphertext).unwrap();
34///
35/// // Both shared secrets should be the same
36/// assert_eq!(shared_secret_a, shared_secret_b);
37/// ```
38#[derive(Clone, PartialEq)]
39pub enum MLKEMCiphertext {
40 /// An ML-KEM-512 ciphertext (NIST security level 1)
41 MLKEM512(Box<mlkem512::Ciphertext>),
42 /// An ML-KEM-768 ciphertext (NIST security level 3)
43 MLKEM768(Box<mlkem768::Ciphertext>),
44 /// An ML-KEM-1024 ciphertext (NIST security level 5)
45 MLKEM1024(Box<mlkem1024::Ciphertext>),
46}
47
48impl MLKEMCiphertext {
49 /// Returns the security level of this ML-KEM ciphertext.
50 pub fn level(&self) -> MLKEM {
51 match self {
52 MLKEMCiphertext::MLKEM512(_) => MLKEM::MLKEM512,
53 MLKEMCiphertext::MLKEM768(_) => MLKEM::MLKEM768,
54 MLKEMCiphertext::MLKEM1024(_) => MLKEM::MLKEM1024,
55 }
56 }
57
58 /// Returns the size of this ML-KEM ciphertext in bytes.
59 pub fn size(&self) -> usize {
60 self.level().ciphertext_size()
61 }
62
63 /// Returns the raw bytes of this ML-KEM ciphertext.
64 pub fn as_bytes(&self) -> &[u8] {
65 match self {
66 MLKEMCiphertext::MLKEM512(ct) => ct.as_ref().as_bytes(),
67 MLKEMCiphertext::MLKEM768(ct) => ct.as_ref().as_bytes(),
68 MLKEMCiphertext::MLKEM1024(ct) => ct.as_ref().as_bytes(),
69 }
70 }
71
72 /// Creates an ML-KEM ciphertext from raw bytes and a security level.
73 ///
74 /// # Parameters
75 ///
76 /// * `level` - The security level of the ciphertext.
77 /// * `bytes` - The raw bytes of the ciphertext.
78 ///
79 /// # Returns
80 ///
81 /// An `MLKEMCiphertext` if the bytes represent a valid ciphertext for the given level,
82 /// or an error otherwise.
83 ///
84 /// # Errors
85 ///
86 /// Returns an error if the bytes do not represent a valid ML-KEM ciphertext
87 /// for the specified security level.
88 pub fn from_bytes(level: MLKEM, bytes: &[u8]) -> Result<Self> {
89 match level {
90 MLKEM::MLKEM512 =>
91 Ok(
92 MLKEMCiphertext::MLKEM512(
93 Box::new(mlkem512::Ciphertext::from_bytes(bytes).map_err(|e| anyhow!(e))?)
94 )
95 ),
96 MLKEM::MLKEM768 =>
97 Ok(
98 MLKEMCiphertext::MLKEM768(
99 Box::new(mlkem768::Ciphertext::from_bytes(bytes).map_err(|e| anyhow!(e))?)
100 )
101 ),
102 MLKEM::MLKEM1024 =>
103 Ok(
104 MLKEMCiphertext::MLKEM1024(
105 Box::new(mlkem1024::Ciphertext::from_bytes(bytes).map_err(|e| anyhow!(e))?)
106 )
107 ),
108 }
109 }
110}
111
112/// Provides debug formatting for ML-KEM ciphertexts.
113impl std::fmt::Debug for MLKEMCiphertext {
114 /// Formats the ciphertext as a string for debugging purposes.
115 fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
116 match self {
117 MLKEMCiphertext::MLKEM512(_) => f.write_str("MLKEM512Ciphertext"),
118 MLKEMCiphertext::MLKEM768(_) => f.write_str("MLKEM768Ciphertext"),
119 MLKEMCiphertext::MLKEM1024(_) => f.write_str("MLKEM1024Ciphertext"),
120 }
121 }
122}
123
124/// Defines CBOR tags for ML-KEM ciphertexts.
125impl CBORTagged for MLKEMCiphertext {
126 /// Returns the CBOR tag for ML-KEM ciphertexts.
127 fn cbor_tags() -> Vec<Tag> {
128 tags_for_values(&[tags::TAG_MLKEM_CIPHERTEXT])
129 }
130}
131
132/// Converts an `MLKEMCiphertext` to CBOR.
133impl From<MLKEMCiphertext> for CBOR {
134 /// Converts to tagged CBOR.
135 fn from(value: MLKEMCiphertext) -> Self {
136 value.tagged_cbor()
137 }
138}
139
140/// Implements CBOR encoding for ML-KEM ciphertexts.
141impl CBORTaggedEncodable for MLKEMCiphertext {
142 /// Creates the untagged CBOR representation as an array with level and ciphertext bytes.
143 fn untagged_cbor(&self) -> CBOR {
144 vec![self.level().into(), CBOR::to_byte_string(self.as_bytes())].into()
145 }
146}
147
148/// Attempts to convert CBOR to an `MLKEMCiphertext`.
149impl TryFrom<CBOR> for MLKEMCiphertext {
150 type Error = dcbor::Error;
151
152 /// Converts from tagged CBOR.
153 fn try_from(cbor: CBOR) -> dcbor::Result<Self> {
154 Self::from_tagged_cbor(cbor)
155 }
156}
157
158/// Implements CBOR decoding for ML-KEM ciphertexts.
159impl CBORTaggedDecodable for MLKEMCiphertext {
160 /// Creates an `MLKEMCiphertext` from untagged CBOR.
161 ///
162 /// # Errors
163 /// Returns an error if the CBOR value doesn't represent a valid ML-KEM ciphertext.
164 fn from_untagged_cbor(untagged_cbor: CBOR) -> dcbor::Result<Self> {
165 match untagged_cbor.as_case() {
166 CBORCase::Array(elements) => {
167 if elements.len() != 2 {
168 return Err("MLKEMCiphertext must have two elements".into());
169 }
170
171 let level = MLKEM::try_from(elements[0].clone())?;
172 let data = CBOR::try_into_byte_string(elements[1].clone())?;
173 Ok(MLKEMCiphertext::from_bytes(level, &data)?)
174 }
175 _ => {
176 return Err("MLKEMCiphertext must be an array".into());
177 }
178 }
179 }
180}