crypto/ecdh: add KeyExchanger interface

Updates #75300 Change-Id: I6a6a6964bbfa1f099c74d0a3fb3f7894d7b1b832 Reviewed-on: https://go-review.googlesource.com/c/go/+/705795 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Carlos Amedee <carlos@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Junyang Shao <shaojunyang@google.com> Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
2025-12-08 06:10:04 +00:00 · 2025-09-22 14:12:15 +02:00 · 2025-09-22 14:12:15 +02:00 · 6b83bd7146
commit 6b83bd7146
parent 4fef9f8b55
3 changed files with 18 additions and 0 deletions
--- a/api/next/75300.txt
+++ b/api/next/75300.txt
@ -0,0 +1,4 @@
+pkg crypto/ecdh, type KeyExchanger interface { Curve, ECDH, PublicKey } #75300
+pkg crypto/ecdh, type KeyExchanger interface, Curve() Curve #75300
+pkg crypto/ecdh, type KeyExchanger interface, ECDH(*PublicKey) ([]uint8, error) #75300
+pkg crypto/ecdh, type KeyExchanger interface, PublicKey() *PublicKey #75300
--- a/doc/next/6-stdlib/99-minor/crypto/ecdh/75300.md
+++ b/doc/next/6-stdlib/99-minor/crypto/ecdh/75300.md
@ -0,0 +1,2 @@
+The new [KeyExchanger] interface, implemented by [PrivateKey], makes it possible
+to accept abstract ECDH private keys, e.g. those implemented in hardware.
--- a/src/crypto/ecdh/ecdh.go
+++ b/src/crypto/ecdh/ecdh.go
@ -92,6 +92,18 @@ func (k *PublicKey) Curve() Curve {
 	return k.curve
 }

+// KeyExchanger is an interface for an opaque private key that can be used for
+// key exchange operations. For example, an ECDH key kept in a hardware module.
+//
+// It is implemented by [PrivateKey].
+type KeyExchanger interface {
+	PublicKey() *PublicKey
+	Curve() Curve
+	ECDH(*PublicKey) ([]byte, error)
+}
+
+var _ KeyExchanger = (*PrivateKey)(nil)
+
 // PrivateKey is an ECDH private key, usually kept secret.
 //
 // These keys can be parsed with [crypto/x509.ParsePKCS8PrivateKey] and encoded