From ddb22a6e6b3bdb26506b5aa230c4b761c1f3088d Mon Sep 17 00:00:00 2001
From: Tony Arcieri <bascule@gmail.com>
Date: Sat, 31 Jan 2026 08:50:33 -0700
Subject: [PATCH] ml-kem: impl `KeyExport` for `DecapsulationKey`

With the current way we implement expanded key support, this currently
needs to be fallible.

Perhaps we can make a separate type which contains only `dk_pke` and `z`
like `ExpandedDecapsulationKey` so we can ensure `DecapsulationKey`
always has the seed.

For now, this at least lets us have an impl of `KeyExport`, even if
having a panicking condition is not ideal.
---
 ml-kem/src/decapsulation_key.rs | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/ml-kem/src/decapsulation_key.rs b/ml-kem/src/decapsulation_key.rs
index aa17487..30571a3 100644
--- a/ml-kem/src/decapsulation_key.rs
+++ b/ml-kem/src/decapsulation_key.rs
@@ -186,6 +186,7 @@ where
     type KeySize = U64;
 }
 
+/// Initialize [`DecapsulationKey`] from a 64-byte uniformly random [`Seed`] value.
 impl<P> KeyInit for DecapsulationKey<P>
 where
     P: KemParams,
@@ -196,6 +197,20 @@ where
     }
 }
 
+/// Serialize the 64-byte [`Seed`] value used to initialize this [`DecapsulationKey`].
+///
+/// # Panics
+/// If this [`DecapsulationKey`] was initialized using legacy expanded key support
+/// (see [`ExpandedKeyEncoding`]).
+impl<P> KeyExport for DecapsulationKey<P>
+where
+    P: KemParams,
+{
+    fn to_bytes(&self) -> Seed {
+        self.to_seed().expect("should be initialized from a seed")
+    }
+}
+
 /// DEPRECATED: support for encoding and decoding [`DecapsulationKey`]s in the legacy expanded form,
 /// as opposed to the more widely adopted [`Seed`] form.
 ///