crypto/ecdh: add KeyExchanger interface

Updates #75300

Change-Id: I6a6a6964bbfa1f099c74d0a3fb3f7894d7b1b832
Reviewed-on: https://go-review.googlesource.com/c/go/+/705795
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Carlos Amedee <carlos@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Junyang Shao <shaojunyang@google.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>

api/next/75300.txt

@@ -0,0 +1,4 @@
+pkg crypto/ecdh, type KeyExchanger interface { Curve, ECDH, PublicKey } #75300
+pkg crypto/ecdh, type KeyExchanger interface, Curve() Curve #75300
+pkg crypto/ecdh, type KeyExchanger interface, ECDH(*PublicKey) ([]uint8, error) #75300
+pkg crypto/ecdh, type KeyExchanger interface, PublicKey() *PublicKey #75300

doc/next/6-stdlib/99-minor/crypto/ecdh/75300.md

@@ -0,0 +1,2 @@
+The new [KeyExchanger] interface, implemented by [PrivateKey], makes it possible
+to accept abstract ECDH private keys, e.g. those implemented in hardware.

src/crypto/ecdh/ecdh.go

@@ -92,6 +92,18 @@ func (k *PublicKey) Curve() Curve {
 	return k.curve
 }
 
+// KeyExchanger is an interface for an opaque private key that can be used for
+// key exchange operations. For example, an ECDH key kept in a hardware module.
+//
+// It is implemented by [PrivateKey].
+type KeyExchanger interface {
+	PublicKey() *PublicKey
+	Curve() Curve
+	ECDH(*PublicKey) ([]byte, error)
+}
+
+var _ KeyExchanger = (*PrivateKey)(nil)
+
 // PrivateKey is an ECDH private key, usually kept secret.
 //
 // These keys can be parsed with [crypto/x509.ParsePKCS8PrivateKey] and encoded