rustolio_utils/crypto/

encapsulation.rs

//
// SPDX-License-Identifier: MPL-2.0
//
// Copyright (c) 2026 Tobias Binnewies. All rights reserved.
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
//

use ml_kem::{
    kem::{self, Decapsulate as _},
    EncapsulateDeterministic, EncodedSizeUser, KemCore as _, MlKem1024, MlKem1024Params,
};

use super::rand;

pub type Result<T> = std::result::Result<T, Error>;

#[derive(Debug, Clone, Copy, PartialEq)]
pub enum Error {
    InvalidDecapsulationKey,
    InvalidEncapsulationKey,
    InvalidEncapsulated,
}

impl std::fmt::Display for Error {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        write!(f, "{self:?}")
    }
}

impl std::error::Error for Error {}

#[derive(Debug, Clone)]
#[repr(transparent)]
pub struct DecapsulationKey(kem::DecapsulationKey<MlKem1024Params>);

#[derive(Debug, Clone)]
#[repr(transparent)]
pub struct EncapsulationKey(kem::EncapsulationKey<MlKem1024Params>);

impl DecapsulationKey {
    pub fn generate() -> rand::Result<Self> {
        let d = rand::array()?;
        let z = rand::array()?;
        let (dk, _) = MlKem1024::generate_deterministic(&d.into(), &z.into());
        Ok(DecapsulationKey(dk))
    }

    pub fn encapsulation_key(&self) -> &EncapsulationKey {
        unsafe {
            // SAFETY: #[repr(transparent)] guarantees identical memory layout
            std::mem::transmute(self.0.encapsulation_key())
        }
    }

    pub fn to_bytes(&self) -> [u8; 3168] {
        self.0.as_bytes().into()
    }

    pub fn from_bytes(bytes: impl AsRef<[u8]>) -> Result<Self> {
        let Ok(enc) = bytes.as_ref().try_into() else {
            return Err(Error::InvalidDecapsulationKey);
        };
        Ok(Self(kem::DecapsulationKey::from_bytes(enc)))
    }

    pub fn decapsulate(&self, ct: &Encapsulated) -> SharedSecret {
        SharedSecret(
            self.0
                .decapsulate(&ct.0.into())
                .unwrap() // Infallible
                .into(),
        )
    }
}

impl EncapsulationKey {
    pub fn to_bytes(&self) -> [u8; 1568] {
        self.0.as_bytes().into()
    }

    pub fn from_bytes(bytes: impl AsRef<[u8]>) -> Result<Self> {
        let Ok(enc) = bytes.as_ref().try_into() else {
            return Err(Error::InvalidEncapsulationKey);
        };
        Ok(Self(kem::EncapsulationKey::from_bytes(enc)))
    }

    pub fn encapsulate(&self) -> rand::Result<(Encapsulated, SharedSecret)> {
        let seed = rand::array()?;
        let (ct, ss) = self.0.encapsulate_deterministic(&seed.into()).unwrap(); // Infallible
        Ok((Encapsulated(ct.into()), SharedSecret(ss.into())))
    }
}

#[derive(Debug, Clone, PartialEq, Eq)]
pub struct SharedSecret([u8; 32]);

#[derive(Debug, Clone, PartialEq, Eq)]
#[repr(transparent)]
pub struct Encapsulated([u8; 1568]);

impl Encapsulated {
    pub fn from_bytes(bytes: &[u8]) -> Result<&Self> {
        if bytes.len() != 1568 {
            return Err(Error::InvalidEncapsulated);
        }
        Ok(unsafe {
            // SAFETY: #[repr(transparent)] & length checked
            &*bytes.as_ptr().cast()
        })
    }

    pub fn to_bytes(&self) -> [u8; 1568] {
        self.0
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_encapsulation() {
        let dk = DecapsulationKey::generate().unwrap();
        let ek = dk.encapsulation_key().clone();
        let (ct, ss) = ek.encapsulate().unwrap();
        let ss_ = dk.decapsulate(&ct);
        assert_eq!(ss, ss_);
    }

    #[test]
    fn test_encapsulation_fail() {
        let dk = DecapsulationKey::generate().unwrap();
        let ek = dk.encapsulation_key().clone();
        let (ct, ss) = ek.encapsulate().unwrap();

        let b = [0; 1568];
        let ct_ = Encapsulated::from_bytes(&b).unwrap();
        let ss_ = dk.decapsulate(ct_);

        assert_ne!(&ct, ct_);
        assert_ne!(ss, ss_);
    }
}