diff --git a/Cargo.lock b/Cargo.lock index 5e2d276..63c2cf6 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -355,7 +355,6 @@ dependencies = [ name = "dhkem" version = "0.1.0-pre.0" dependencies = [ - "crypto-common", "elliptic-curve", "getrandom", "hex-literal", @@ -684,7 +683,7 @@ dependencies = [ [[package]] name = "kem" version = "0.4.0-rc.4" -source = "git+https://github.com/RustCrypto/traits#4e195b4fc5062a9ccd0080070d2b05202b2b3108" +source = "git+https://github.com/RustCrypto/traits#55376359fd1375ebd63825a4c1394d3c3ee3e6de" dependencies = [ "crypto-common", "rand_core", @@ -717,7 +716,6 @@ version = "0.3.0-pre.3" dependencies = [ "const-oid", "criterion", - "crypto-common", "getrandom", "hex", "hex-literal", diff --git a/dhkem/Cargo.toml b/dhkem/Cargo.toml index cfc4516..cf36c8e 100644 --- a/dhkem/Cargo.toml +++ b/dhkem/Cargo.toml @@ -17,9 +17,6 @@ readme = "README.md" kem = "0.4.0-rc.4" rand_core = "0.10.0-rc-5" -# TODO(tarcieri): remove this and get these from `kem` -common = { package = "crypto-common", version = "0.2.0-rc.12" } - # optional dependencies elliptic-curve = { version = "0.14.0-rc.23", optional = true, default-features = false } k256 = { version = "0.14.0-rc.5", optional = true, default-features = false, features = ["arithmetic"] } diff --git a/dhkem/src/ecdh_kem.rs b/dhkem/src/ecdh_kem.rs index 106faf6..89faad7 100644 --- a/dhkem/src/ecdh_kem.rs +++ b/dhkem/src/ecdh_kem.rs @@ -1,20 +1,15 @@ //! Generic Elliptic Curve Diffie-Hellman KEM adapter. use crate::{DhDecapsulator, DhEncapsulator, DhKem}; -use core::{convert::Infallible, marker::PhantomData}; +use core::marker::PhantomData; use elliptic_curve::{ - AffinePoint, - CurveArithmetic, - FieldBytesSize, - Generate, - PublicKey, - common::InvalidKey, // TODO(tarcieri): get from `kem` crate + AffinePoint, CurveArithmetic, FieldBytesSize, Generate, PublicKey, ecdh::{EphemeralSecret, SharedSecret}, sec1::{ FromEncodedPoint, ModulusSize, ToEncodedPoint, UncompressedPoint, UncompressedPointSize, }, }; -use kem::{Decapsulate, Encapsulate, KeyExport, KeySizeUser, TryKeyInit}; +use kem::{Decapsulate, Encapsulate, InvalidKey, KeyExport, KeySizeUser, TryKeyInit}; use rand_core::{CryptoRng, TryCryptoRng}; /// Generic Elliptic Curve Diffie-Hellman KEM adapter compatible with curves implemented using @@ -86,12 +81,10 @@ where FieldBytesSize: ModulusSize, AffinePoint: FromEncodedPoint + ToEncodedPoint, { - type Error = Infallible; - fn encapsulate_with_rng( &self, rng: &mut R, - ) -> Result<(PublicKey, SharedSecret), Self::Error> { + ) -> Result<(PublicKey, SharedSecret), R::Error> { // ECDH encapsulation involves creating a new ephemeral key pair and then doing DH // TODO(tarcieri): propagate RNG errors let sk = EphemeralSecret::try_generate_from_rng(rng).expect("RNG failure"); @@ -109,12 +102,9 @@ where AffinePoint: FromEncodedPoint + ToEncodedPoint, { type Encapsulator = DhEncapsulator>; - type Error = Infallible; - - fn decapsulate(&self, encapsulated_key: &PublicKey) -> Result, Self::Error> { - let ss = self.0.diffie_hellman(encapsulated_key); - Ok(ss) + fn decapsulate(&self, encapsulated_key: &PublicKey) -> SharedSecret { + self.0.diffie_hellman(encapsulated_key) } fn encapsulator(&self) -> DhEncapsulator> { diff --git a/dhkem/src/x25519_kem.rs b/dhkem/src/x25519_kem.rs index e7982d9..802977f 100644 --- a/dhkem/src/x25519_kem.rs +++ b/dhkem/src/x25519_kem.rs @@ -1,12 +1,10 @@ use crate::{DhDecapsulator, DhEncapsulator, DhKem}; -use core::convert::Infallible; -use kem::{Decapsulate, Encapsulate, KeyExport, KeySizeUser, TryKeyInit, consts::U32}; +use kem::{ + Decapsulate, Encapsulate, InvalidKey, Key, KeyExport, KeySizeUser, TryKeyInit, consts::U32, +}; use rand_core::{CryptoRng, TryCryptoRng, UnwrapErr}; use x25519::{PublicKey, ReusableSecret, SharedSecret}; -// TODO(tarcieri): get these from `kem` -use common::{InvalidKey, Key}; - /// X22519 Diffie-Hellman KEM adapter. /// /// Implements a KEM interface that internally uses X25519 ECDH. @@ -50,12 +48,10 @@ impl KeyExport for DhEncapsulator { } impl Encapsulate for DhEncapsulator { - type Error = Infallible; - fn encapsulate_with_rng( &self, rng: &mut R, - ) -> Result<(PublicKey, SharedSecret), Self::Error> { + ) -> Result<(PublicKey, SharedSecret), R::Error> { // ECDH encapsulation involves creating a new ephemeral key pair and then doing DH let sk = ReusableSecret::random_from_rng(&mut UnwrapErr(rng)); let pk = PublicKey::from(&sk); @@ -67,10 +63,9 @@ impl Encapsulate for DhEncapsulator { impl Decapsulate for DhDecapsulator { type Encapsulator = DhEncapsulator; - type Error = Infallible; - fn decapsulate(&self, encapsulated_key: &PublicKey) -> Result { - Ok(self.0.diffie_hellman(encapsulated_key)) + fn decapsulate(&self, encapsulated_key: &PublicKey) -> SharedSecret { + self.0.diffie_hellman(encapsulated_key) } fn encapsulator(&self) -> DhEncapsulator { diff --git a/dhkem/tests/hpke_p256_test.rs b/dhkem/tests/hpke_p256_test.rs index 6ed7977..3cf21ff 100644 --- a/dhkem/tests/hpke_p256_test.rs +++ b/dhkem/tests/hpke_p256_test.rs @@ -91,7 +91,7 @@ fn test_dhkem_p256_hkdf_sha256() { .expect("never fails"); assert_eq!(pke.to_encoded_point(false).as_bytes(), &pke_hex); - let ss2 = skr.decapsulate(&pke).expect("never fails"); + let ss2 = skr.decapsulate(&pke); assert_eq!(ss1.raw_secret_bytes(), ss2.raw_secret_bytes()); diff --git a/dhkem/tests/tests.rs b/dhkem/tests/tests.rs index 9add889..b5f13e6 100644 --- a/dhkem/tests/tests.rs +++ b/dhkem/tests/tests.rs @@ -34,7 +34,7 @@ where let mut rng = SysRng.unwrap_err(); let (sk, pk) = K::random_keypair(&mut rng); let (ek, ss1) = pk.encapsulate_with_rng(&mut rng).expect("never fails"); - let ss2 = sk.decapsulate(&ek).expect("never fails"); + let ss2 = sk.decapsulate(&ek); assert_eq!(ss1.as_slice(), ss2.as_slice()); } diff --git a/ml-kem/Cargo.toml b/ml-kem/Cargo.toml index d8e2c73..ce3b25c 100644 --- a/ml-kem/Cargo.toml +++ b/ml-kem/Cargo.toml @@ -25,15 +25,12 @@ pkcs8 = ["dep:const-oid", "dep:pkcs8"] zeroize = ["dep:zeroize"] [dependencies] +array = { package = "hybrid-array", version = "0.4.4", features = ["extra-sizes", "subtle"] } kem = "0.4.0-rc.4" -hybrid-array = { version = "0.4.4", features = ["extra-sizes", "subtle"] } rand_core = "0.10.0-rc-5" sha3 = { version = "0.11.0-rc.3", default-features = false } subtle = { version = "2", default-features = false } -# TODO(tarcieri): remove this and get these from `kem` -common = { package = "crypto-common", version = "0.2.0-rc.12" } - # optional dependencies const-oid = { version = "0.10.1", optional = true, default-features = false, features = ["db"] } pkcs8 = { version = "0.11.0-rc.8", optional = true, default-features = false } diff --git a/ml-kem/benches/mlkem.rs b/ml-kem/benches/mlkem.rs index 177413f..b18db4f 100644 --- a/ml-kem/benches/mlkem.rs +++ b/ml-kem/benches/mlkem.rs @@ -32,7 +32,7 @@ fn criterion_benchmark(c: &mut Criterion) { c.bench_function("decapsulate", |b| { b.iter(|| { - dk.decapsulate(&ct).unwrap(); + dk.decapsulate(&ct); }) }); @@ -42,7 +42,7 @@ fn criterion_benchmark(c: &mut Criterion) { let dk = ml_kem_768::DecapsulationKey::generate_from_rng(&mut rng); let ek = dk.encapsulator(); let (ct, _sk) = ek.encapsulate_with_rng(&mut rng).unwrap(); - dk.decapsulate(&ct).unwrap(); + dk.decapsulate(&ct); }) }); } diff --git a/ml-kem/src/algebra.rs b/ml-kem/src/algebra.rs index 0fc5575..1f66597 100644 --- a/ml-kem/src/algebra.rs +++ b/ml-kem/src/algebra.rs @@ -1,5 +1,5 @@ +use array::{Array, typenum::U256}; use core::ops::{Add, Mul, Sub}; -use hybrid_array::{Array, typenum::U256}; use sha3::digest::XofReader; use subtle::{Choice, ConstantTimeEq}; @@ -525,7 +525,7 @@ impl NttMatrix { mod test { use super::*; use crate::util::Flatten; - use hybrid_array::typenum::{U2, U3, U8}; + use array::typenum::{U2, U3, U8}; // Multiplication in R_q, modulo X^256 + 1 impl Mul<&Polynomial> for &Polynomial { diff --git a/ml-kem/src/compress.rs b/ml-kem/src/compress.rs index 6f85861..21a1ae3 100644 --- a/ml-kem/src/compress.rs +++ b/ml-kem/src/compress.rs @@ -89,7 +89,7 @@ impl Compress for PolynomialVector { #[cfg(test)] pub(crate) mod test { use super::*; - use hybrid_array::typenum::{U1, U4, U5, U6, U10, U11, U12}; + use array::typenum::{U1, U4, U5, U6, U10, U11, U12}; use num_rational::Ratio; #[allow(clippy::cast_possible_truncation)] diff --git a/ml-kem/src/crypto.rs b/ml-kem/src/crypto.rs index 10d2250..3d2fcca 100644 --- a/ml-kem/src/crypto.rs +++ b/ml-kem/src/crypto.rs @@ -130,8 +130,8 @@ pub fn XOF(rho: &B32, i: u8, j: u8) -> impl XofReader { #[cfg(test)] mod test { use super::*; + use array::typenum::{U2, U3}; use hex_literal::hex; - use hybrid_array::typenum::{U2, U3}; #[test] fn g() { diff --git a/ml-kem/src/encode.rs b/ml-kem/src/encode.rs index dc74559..7247308 100644 --- a/ml-kem/src/encode.rs +++ b/ml-kem/src/encode.rs @@ -1,4 +1,4 @@ -use hybrid_array::{ +use array::{ Array, typenum::{U256, Unsigned}, }; @@ -144,10 +144,10 @@ where #[cfg(test)] pub(crate) mod test { use super::*; - use core::{fmt::Debug, ops::Rem}; - use hybrid_array::typenum::{ + use array::typenum::{ U1, U2, U3, U4, U5, U6, U8, U10, U11, U12, marker_traits::Zero, operator_aliases::Mod, }; + use core::{fmt::Debug, ops::Rem}; use rand_core::{RngCore, TryRngCore}; use crate::param::EncodedPolynomialVector; diff --git a/ml-kem/src/error.rs b/ml-kem/src/error.rs deleted file mode 100644 index 61f0ad8..0000000 --- a/ml-kem/src/error.rs +++ /dev/null @@ -1,13 +0,0 @@ -use core::fmt::{self, Display}; - -/// Error type: deliberately opaque to reduce potential sidechannel leakage. -#[derive(Clone, Copy, Debug)] -pub struct Error; - -impl Display for Error { - fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - f.write_str("ML-KEM error") - } -} - -impl core::error::Error for Error {} diff --git a/ml-kem/src/kem.rs b/ml-kem/src/kem.rs index c2b520e..d1bc9de 100644 --- a/ml-kem/src/kem.rs +++ b/ml-kem/src/kem.rs @@ -1,10 +1,13 @@ -//! +//! Key encapsulation mechanism implementation. // Re-export traits from the `kem` crate -pub use ::kem::{Decapsulate, Encapsulate, Generate, KeyExport, KeySizeUser, TryKeyInit}; +pub use ::kem::{ + Decapsulate, Encapsulate, Generate, InvalidKey, Key, KeyExport, KeyInit, KeySizeUser, + TryKeyInit, +}; use crate::{ - Encoded, EncodedSizeUser, Error, Seed, + Encoded, EncodedSizeUser, Seed, crypto::{G, H, J}, param::{ DecapsulationKeySize, EncapsulationKeySize, EncodedCiphertext, ExpandedDecapsulationKey, @@ -13,14 +16,13 @@ use crate::{ pke::{DecryptionKey, EncryptionKey}, util::B32, }; -use core::{convert::Infallible, marker::PhantomData}; -use hybrid_array::typenum::{U32, U64}; +use array::typenum::{U32, U64}; +use core::marker::PhantomData; use rand_core::{CryptoRng, TryCryptoRng, TryRngCore}; use subtle::{ConditionallySelectable, ConstantTimeEq}; -// TODO(tarcieri): get these from `kem` -use common::{InvalidKey, Key, KeyInit}; - +#[cfg(feature = "deterministic")] +use core::convert::Infallible; #[cfg(feature = "zeroize")] use zeroize::{Zeroize, ZeroizeOnDrop}; @@ -80,7 +82,7 @@ where { type EncodedSize = DecapsulationKeySize

; - fn from_encoded_bytes(expanded: &Encoded) -> Result { + fn from_encoded_bytes(expanded: &Encoded) -> Result { #[allow(deprecated)] Self::from_expanded(expanded) } @@ -126,21 +128,13 @@ where P: KemParams, { type Encapsulator = EncapsulationKey

; - type Error = Infallible; - fn decapsulate( - &self, - encapsulated_key: &EncodedCiphertext

, - ) -> Result { + fn decapsulate(&self, encapsulated_key: &EncodedCiphertext

) -> SharedKey { let mp = self.dk_pke.decrypt(encapsulated_key); let (Kp, rp) = G(&[&mp, &self.ek.h]); let Kbar = J(&[self.z.as_slice(), encapsulated_key.as_ref()]); let cp = self.ek.ek_pke.encrypt(&mp, &rp); - Ok(B32::conditional_select( - &Kbar, - &Kp, - cp.ct_eq(encapsulated_key), - )) + B32::conditional_select(&Kbar, &Kp, cp.ct_eq(encapsulated_key)) } fn encapsulator(&self) -> EncapsulationKey

{ @@ -166,9 +160,9 @@ where /// [`DecapsulationKey::from_seed`]. /// /// # Errors - /// - Returns [`Error`] in the event the expanded key failed validation + /// - Returns [`InvalidKey`] in the event the expanded key failed validation #[deprecated(since = "0.3.0", note = "use `DecapsulationKey::from_seed` instead")] - pub fn from_expanded(enc: &ExpandedDecapsulationKey

) -> Result { + pub fn from_expanded(enc: &ExpandedDecapsulationKey

) -> Result { let (dk_pke, ek_pke, h, z) = P::split_dk(enc); let ek_pke = EncryptionKey::from_bytes(ek_pke)?; @@ -260,7 +254,7 @@ where { type EncodedSize = EncapsulationKeySize

; - fn from_encoded_bytes(enc: &Encoded) -> Result { + fn from_encoded_bytes(enc: &Encoded) -> Result { Ok(Self::new(EncryptionKey::from_bytes(enc)?)) } @@ -300,13 +294,11 @@ impl

Encapsulate, SharedKey> for EncapsulationKey

where P: KemParams, { - type Error = Error; - fn encapsulate_with_rng( &self, rng: &mut R, - ) -> Result<(EncodedCiphertext

, SharedKey), Self::Error> { - let m = B32::try_generate_from_rng(rng).map_err(|_| Error)?; + ) -> Result<(EncodedCiphertext

, SharedKey), R::Error> { + let m = B32::try_generate_from_rng(rng)?; Ok(self.encapsulate_deterministic_inner(&m)) } } @@ -379,7 +371,7 @@ mod test { let ek = dk.encapsulation_key(); let (ct, k_send) = ek.encapsulate_with_rng(&mut rng).unwrap(); - let k_recv = dk.decapsulate(&ct).unwrap(); + let k_recv = dk.decapsulate(&ct); assert_eq!(k_send, k_recv); } diff --git a/ml-kem/src/lib.rs b/ml-kem/src/lib.rs index 576f19f..56800c0 100644 --- a/ml-kem/src/lib.rs +++ b/ml-kem/src/lib.rs @@ -26,9 +26,8 @@ //! //! use ml_kem::{ //! ml_kem_768::DecapsulationKey, -//! kem::{Decapsulate, Encapsulate, Generate} +//! kem::{Decapsulate, Encapsulate, Generate, KeyInit} //! }; -//! use common::KeyInit; // TODO(tarcieri): fix this! //! //! // Generate a decapsulation/encapsulation keypair //! let dk = DecapsulationKey::generate(); @@ -36,10 +35,12 @@ //! //! // Encapsulate a shared key to the holder of the decapsulation key, receive the shared //! // secret `k_send` and the encapsulated form `ct`. -//! let (ct, k_send) = ek.encapsulate().unwrap(); +//! let (ct, k_send) = ek.encapsulate(); //! -//! // Decapsulate the shared key and verify that it was faithfully received. -//! let k_recv = dk.decapsulate(&ct).unwrap(); +//! // Decapsulate the shared key +//! let k_recv = dk.decapsulate(&ct); +//! +//! // We've now established a shared key //! assert_eq!(k_send, k_recv); //! ``` //! @@ -73,31 +74,24 @@ mod param; pub mod pkcs8; -/// Error type -mod error; /// Trait definitions mod traits; -use core::fmt::Debug; -use hybrid_array::{ - Array, - typenum::{U2, U3, U4, U5, U10, U11, U64}, -}; - -pub use hybrid_array as array; - -#[cfg(feature = "deterministic")] -pub use util::B32; - -pub use error::Error; +pub use array; pub use ml_kem_512::MlKem512Params; pub use ml_kem_768::MlKem768Params; pub use ml_kem_1024::MlKem1024Params; pub use param::{ArraySize, ExpandedDecapsulationKey, ParameterSet}; pub use traits::*; -// TODO(tarcieri): get rid of this! -pub use common; +#[cfg(feature = "deterministic")] +pub use util::B32; + +use array::{ + Array, + typenum::{U2, U3, U4, U5, U10, U11, U64}, +}; +use core::fmt::Debug; /// ML-KEM seeds are decapsulation (private) keys, which are consistently 64-bytes across all /// security levels, and are the preferred serialization for representing such keys. @@ -217,7 +211,7 @@ mod test { let (dk, ek) = K::generate(&mut rng); let (ct, k_send) = ek.encapsulate_with_rng(&mut rng).unwrap(); - let k_recv = dk.decapsulate(&ct).unwrap(); + let k_recv = dk.decapsulate(&ct); assert_eq!(k_send, k_recv); } diff --git a/ml-kem/src/param.rs b/ml-kem/src/param.rs index b1f4ed6..f2e92c5 100644 --- a/ml-kem/src/param.rs +++ b/ml-kem/src/param.rs @@ -13,7 +13,7 @@ use core::fmt::Debug; use core::ops::{Add, Div, Mul, Rem, Sub}; -use hybrid_array::{ +use array::{ Array, typenum::{ Const, ToUInt, U0, U2, U3, U4, U6, U8, U12, U16, U32, U64, U384, @@ -30,9 +30,9 @@ use crate::util::{B32, Flatten, Unflatten}; use crate::Seed; /// An array length with other useful properties -pub trait ArraySize: hybrid_array::ArraySize + PartialEq + Debug {} +pub trait ArraySize: array::ArraySize + PartialEq + Debug {} -impl ArraySize for T where T: hybrid_array::ArraySize + PartialEq + Debug {} +impl ArraySize for T where T: array::ArraySize + PartialEq + Debug {} /// An integer that can be used as a length for encoded values. pub trait EncodingSize: ArraySize { diff --git a/ml-kem/src/pkcs8.rs b/ml-kem/src/pkcs8.rs index 26054da..8f2ee26 100644 --- a/ml-kem/src/pkcs8.rs +++ b/ml-kem/src/pkcs8.rs @@ -28,7 +28,7 @@ use ::pkcs8::{ }, spki, }; -use hybrid_array::Array; +use array::Array; #[cfg(feature = "alloc")] use { diff --git a/ml-kem/src/pke.rs b/ml-kem/src/pke.rs index 5654814..12a6c94 100644 --- a/ml-kem/src/pke.rs +++ b/ml-kem/src/pke.rs @@ -1,13 +1,12 @@ -use hybrid_array::typenum::{U1, Unsigned}; -use subtle::{Choice, ConstantTimeEq}; - use crate::algebra::{NttMatrix, NttVector, Polynomial, PolynomialVector}; use crate::compress::Compress; use crate::crypto::{G, PRF}; use crate::encode::Encode; -use crate::error::Error; use crate::param::{EncodedCiphertext, EncodedDecryptionKey, EncodedEncryptionKey, PkeParams}; use crate::util::B32; +use array::typenum::{U1, Unsigned}; +use kem::InvalidKey; +use subtle::{Choice, ConstantTimeEq}; #[cfg(feature = "zeroize")] use zeroize::Zeroize; @@ -158,9 +157,9 @@ where /// Parse an encryption key from a byte array `(t_hat || rho)`. /// /// # Errors - /// Returns [`Error`] in the event that the key fails the encapsulation key checks specified in - /// FIPS 203 §7.2. - pub fn from_bytes(enc: &EncodedEncryptionKey

) -> Result { + /// Returns [`InvalidKey`] in the event that the key fails the encapsulation key checks + /// specified in FIPS 203 §7.2. + pub fn from_bytes(enc: &EncodedEncryptionKey

) -> Result { let (t_hat, rho) = P::split_ek(enc); let t_hat = P::decode_u12(t_hat); let ret = Self { @@ -197,7 +196,7 @@ where if &ret.to_bytes() == enc { Ok(ret) } else { - Err(Error) + Err(InvalidKey) } } } diff --git a/ml-kem/src/traits.rs b/ml-kem/src/traits.rs index 3f95623..c1da123 100644 --- a/ml-kem/src/traits.rs +++ b/ml-kem/src/traits.rs @@ -1,9 +1,9 @@ //! Trait definitions -use crate::{ArraySize, Ciphertext, Error, Seed, SharedKey}; +use crate::{ArraySize, Ciphertext, Seed, SharedKey}; +use array::Array; use core::fmt::Debug; -use hybrid_array::Array; -use kem::{Decapsulate, Encapsulate}; +use kem::{Decapsulate, Encapsulate, InvalidKey}; use rand_core::CryptoRng; #[cfg(feature = "deterministic")] @@ -18,7 +18,7 @@ pub trait EncodedSizeUser: Sized { /// /// # Errors /// - If the object failed to decode successfully - fn from_encoded_bytes(enc: &Encoded) -> Result; + fn from_encoded_bytes(enc: &Encoded) -> Result; /// Serialize an object to its encoded form fn to_encoded_bytes(&self) -> Encoded; diff --git a/ml-kem/src/util.rs b/ml-kem/src/util.rs index 46f795e..26f22a7 100644 --- a/ml-kem/src/util.rs +++ b/ml-kem/src/util.rs @@ -1,13 +1,13 @@ -use core::mem::ManuallyDrop; -use core::ops::{Div, Mul, Rem}; -use core::ptr; -use hybrid_array::{ +use array::{ Array, ArraySize, typenum::{ U0, U32, Unsigned, operator_aliases::{Prod, Quot}, }, }; +use core::mem::ManuallyDrop; +use core::ops::{Div, Mul, Rem}; +use core::ptr; /// A 32-byte array, defined here for brevity because it is used several times pub type B32 = Array; @@ -115,7 +115,7 @@ where #[cfg(test)] mod test { use super::*; - use hybrid_array::typenum::consts::*; + use array::typenum::consts::*; #[test] fn flatten() { diff --git a/ml-kem/tests/encap-decap.rs b/ml-kem/tests/encap-decap.rs index 6b7101a..41c70af 100644 --- a/ml-kem/tests/encap-decap.rs +++ b/ml-kem/tests/encap-decap.rs @@ -3,7 +3,7 @@ use ml_kem::*; use ::kem::Decapsulate; -use hybrid_array::Array; +use array::Array; use std::{fs::read_to_string, path::PathBuf}; #[test] @@ -65,7 +65,7 @@ fn verify_decap(tc: &acvp::DecapTestCase, dk_slice: &[u8]) { let dk = K::DecapsulationKey::from_encoded_bytes(&dk_bytes).unwrap(); let c = Ciphertext::::try_from(tc.c.as_slice()).unwrap(); - let k = dk.decapsulate(&c).unwrap(); + let k = dk.decapsulate(&c); assert_eq!(k.as_slice(), tc.k.as_slice()); } diff --git a/ml-kem/tests/key-gen.rs b/ml-kem/tests/key-gen.rs index 73b5140..ff4d5b9 100644 --- a/ml-kem/tests/key-gen.rs +++ b/ml-kem/tests/key-gen.rs @@ -2,7 +2,7 @@ use ml_kem::*; -use hybrid_array::Array; +use array::Array; use std::{fs::read_to_string, path::PathBuf}; #[test] diff --git a/x-wing/src/lib.rs b/x-wing/src/lib.rs index 1afb9b0..1f83d23 100644 --- a/x-wing/src/lib.rs +++ b/x-wing/src/lib.rs @@ -20,18 +20,22 @@ //! use kem::{Decapsulate, Encapsulate}; //! //! let (sk, pk) = x_wing::generate_key_pair(); -//! let (ct, ss_sender) = pk.encapsulate().unwrap(); -//! let ss_receiver = sk.decapsulate(&ct).unwrap(); +//! let (ct, ss_sender) = pk.encapsulate(); +//! let ss_receiver = sk.decapsulate(&ct); //! assert_eq!(ss_sender, ss_receiver); //! ``` -pub use kem::{self, Decapsulate, Encapsulate, Generate, KeyExport, KeySizeUser, TryKeyInit}; +pub use kem::{ + self, Decapsulate, Encapsulate, Generate, InvalidKey, Key, KeyExport, KeyInit, KeySizeUser, + TryKeyInit, +}; -use core::convert::Infallible; use ml_kem::{ - B32, EncodedSizeUser, Error, KemCore, MlKem768, MlKem768Params, - array::{ArrayN, typenum::consts::U32}, - common::{InvalidKey, Key, KeyInit, array::sizes::U1216}, + B32, EncodedSizeUser, KemCore, MlKem768, MlKem768Params, + array::{ + ArrayN, + sizes::{U32, U1216}, + }, }; use rand_core::{CryptoRng, TryCryptoRng, TryRngCore}; use sha3::{ @@ -76,12 +80,10 @@ pub struct EncapsulationKey { } impl Encapsulate for EncapsulationKey { - type Error = Error; - fn encapsulate_with_rng( &self, rng: &mut R, - ) -> Result<(Ciphertext, SharedSecret), Self::Error> { + ) -> Result<(Ciphertext, SharedSecret), R::Error> { // Swapped order of operations compared to RFC, so that usage of the rng matches the RFC let (ct_m, ss_m) = self.pk_m.encapsulate_with_rng(rng)?; @@ -143,19 +145,17 @@ pub struct DecapsulationKey { impl Decapsulate for DecapsulationKey { type Encapsulator = EncapsulationKey; - type Error = Infallible; #[allow(clippy::similar_names)] // So we can use the names as in the RFC - fn decapsulate(&self, ct: &Ciphertext) -> Result { + fn decapsulate(&self, ct: &Ciphertext) -> SharedSecret { let (sk_m, sk_x, _pk_m, pk_x) = self.expand_key(); - let ss_m = sk_m.decapsulate(&ct.ct_m)?; + let ss_m = sk_m.decapsulate(&ct.ct_m); // equal to ss_x = x25519(sk_x, ct_x) let ss_x = sk_x.diffie_hellman(&ct.ct_x); - let ss = combiner(&ss_m, &ss_x, &ct.ct_x, &pk_x); - Ok(ss) + combiner(&ss_m, &ss_x, &ct.ct_x, &pk_x) } fn encapsulator(&self) -> EncapsulationKey { @@ -386,7 +386,7 @@ mod tests { assert_eq!(ss, test_vector.ss); assert_eq!(&ct.to_bytes(), test_vector.ct.as_slice()); - let ss = sk.decapsulate(&ct).unwrap(); + let ss = sk.decapsulate(&ct); assert_eq!(ss, test_vector.ss); }