// If the ciphertext is not valid, Decapsulate returns an error.
//
// The shared key must be kept secret.
-func Decapsulate(dk *DecapsulationKey, ciphertext []byte) (sharedKey []byte, err error) {
+func (dk *DecapsulationKey) Decapsulate(ciphertext []byte) (sharedKey []byte, err error) {
if len(ciphertext) != CiphertextSize {
return nil, errors.New("mlkem768: invalid ciphertext length")
}
if err != nil {
t.Fatal(err)
}
- Kd, err := Decapsulate(dk, c)
+ Kd, err := dk.Decapsulate(c)
if err != nil {
t.Fatal(err)
}
}
for i := 0; i < len(c)-1; i++ {
- if _, err := Decapsulate(dk, c[:i]); err == nil {
+ if _, err := dk.Decapsulate(c[:i]); err == nil {
t.Errorf("expected error for c length %d", i)
}
}
cLong := c
for i := 0; i < 100; i++ {
cLong = append(cLong, 0)
- if _, err := Decapsulate(dk, cLong); err == nil {
+ if _, err := dk.Decapsulate(cLong); err == nil {
t.Errorf("expected error for c length %d", len(cLong))
}
}
o.Write(ct)
o.Write(k)
- kk, err := Decapsulate(dk, ct)
+ kk, err := dk.Decapsulate(ct)
if err != nil {
t.Fatal(err)
}
}
s.Read(ct1)
- k1, err := Decapsulate(dk, ct1)
+ k1, err := dk.Decapsulate(ct1)
if err != nil {
t.Fatal(err)
}
ekS := dkS.EncapsulationKey()
sink ^= ekS[0]
- Ks, err := Decapsulate(dk, c)
+ Ks, err := dk.Decapsulate(c)
if err != nil {
b.Fatal(err)
}
// kyberDecapsulate implements decapsulation according to Kyber Round 3.
func kyberDecapsulate(dk *mlkem768.DecapsulationKey, c []byte) ([]byte, error) {
- K, err := mlkem768.Decapsulate(dk, c)
+ K, err := dk.Decapsulate(c)
if err != nil {
return nil, err
}