kychacha_crypto 6.0.1

A Post-Quantum Secure Encryption Protocol using chacha20poly1305 and CRYSTALS-kyber
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134

use crate::select_bincode_config;
use anyhow::Result;
use bincode::serde::{borrow_decode_from_slice, encode_to_vec};
use oqs::kem::{PublicKey as libPublicKey, SecretKey as libSecretKey};
use serde::{Deserialize, Serialize};

/// SecurityLevel defines the parameter sets (security strengths) supported by the ML-KEM algorithm.
///
/// Each variant corresponds to a NIST PQC Round 3 Kyber parameter set.
///
/// # Variants
/// - `MlKem512`: 512-bit security level
/// - `MlKem768`: 768-bit security level
/// - `MlKem1024`: 1024-bit security level
#[repr(u16)]
#[derive(Clone, Eq, PartialEq, Debug, Serialize, Deserialize)]
pub enum SecurityLevel {
    MlKem512 = 512,
    MlKem768 = 768,
    MlKem1024 = 1024,
}

/// SecretKey holds the private component of an ML-KEM key pair along with its security level.
///
/// Provides serialization (`to_vec`) and deserialization (`from_bytes`) helpers.
///
/// # Fields
/// * `security`: The chosen `SecurityLevel`.
/// * `key`: The underlying OQS secret key.
///
/// # Examples
/// ```
/// use kychacha_crypto::SecretKey;
/// use kychacha_crypto::generate_keypair;
///
/// let kp = generate_keypair().unwrap();
/// let sk = kp.private_key;
/// let bytes = sk.to_vec().unwrap();
/// let sk2 = SecretKey::from_bytes(&bytes).unwrap();
/// assert_eq!(sk, sk2);
/// ```
#[derive(Clone, Eq, PartialEq, Debug, Serialize, Deserialize)]
pub struct SecretKey {
    /// The security level associated with this secret key.
    pub security: SecurityLevel,
    /// The underlying OQS secret key blob.
    pub key: libSecretKey,
}

impl SecretKey {
    /// Serializes this `SecretKey` into a bincode-encoded `Vec<u8>`.
    pub fn to_vec(&self) -> Result<Vec<u8>> {
        Ok(encode_to_vec(self, select_bincode_config()?)?)
    }
    /// Deserializes a `SecretKey` from a bincode-encoded byte slice.
    pub fn from_bytes(bytes: &[u8]) -> Result<Self> {
        Ok(borrow_decode_from_slice(bytes, select_bincode_config()?)?.0)
    }
}

/// PublicKey holds the public component of an ML-KEM key pair along with its security level.
///
/// Provides serialization (`to_vec`) and deserialization (`from_bytes`) helpers.
///
/// # Fields
/// * `security`: The chosen `SecurityLevel`.
/// * `key`: The underlying OQS public key.
///
/// # Examples
/// ```
/// use kychacha_crypto::PublicKey;
/// use kychacha_crypto::generate_keypair;
///
/// let kp = generate_keypair().unwrap();
/// let pk = kp.public_key;
/// let bytes = pk.to_vec().unwrap();
/// let pk2 = PublicKey::from_bytes(&bytes).unwrap();
/// assert_eq!(pk, pk2);
/// ```
#[derive(Clone, Eq, PartialEq, Debug, Serialize, Deserialize)]
pub struct PublicKey {
    /// The security level associated with this public key.
    pub security: SecurityLevel,
    /// The underlying OQS public key blob.
    pub key: libPublicKey,
}

impl PublicKey {
    /// Serializes this `PublicKey` into a bincode-encoded `Vec<u8>`.
    pub fn to_vec(&self) -> Result<Vec<u8>> {
        Ok(encode_to_vec(self, select_bincode_config()?)?)
    }
    /// Deserializes a `PublicKey` from a bincode-encoded byte slice.
    pub fn from_bytes(bytes: &[u8]) -> Result<Self> {
        Ok(borrow_decode_from_slice(bytes, select_bincode_config()?)?.0)
    }
}

/// MlKemKeyPair contains both the private and public KEM keys for ML-KEM operations.
///
/// Provides serialization (`to_vec`) and deserialization (`from_bytes`) helpers.
///
/// # Fields
/// * `private_key`: The `SecretKey` component.
/// * `public_key`: The `PublicKey` component.
///
/// # Examples
/// ```
/// use kychacha_crypto::MlKemKeyPair;
/// use kychacha_crypto::generate_keypair;
///
/// let kp = generate_keypair().unwrap();
/// let bytes = kp.to_vec().unwrap();
/// let kp2 = MlKemKeyPair::from_bytes(&bytes).unwrap();
/// assert_eq!(kp, kp2);
/// ```
#[derive(Clone, Eq, PartialEq, Debug, Serialize, Deserialize)]
pub struct MlKemKeyPair {
    /// The `SecretKey` component (private key) of the key pair.
    pub private_key: SecretKey,
    /// The `PublicKey` component (public key) of the key pair.
    pub public_key: PublicKey,
}

impl MlKemKeyPair {
    /// Serializes this `MlKemKeyPair` into a bincode-encoded `Vec<u8>`.
    pub fn to_vec(&self) -> Result<Vec<u8>> {
        Ok(encode_to_vec(self, select_bincode_config()?)?)
    }
    /// Deserializes an `MlKemKeyPair` from a bincode-encoded byte slice.
    pub fn from_bytes(bytes: &[u8]) -> Result<Self> {
        Ok(borrow_decode_from_slice(bytes, select_bincode_config()?)?.0)
    }
}