crypto/mlkem: enrich the DecapsulationKey768|1024 doc comments

Change-Id: If8b461f6adaad3a975611d191c266e66237b81d1 Reviewed-on: https://go-review.googlesource.com/c/go/+/764740 Reviewed-by: Filippo Valsorda <filippo@golang.org> Reviewed-by: David Chase <drchase@google.com> LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
2026-06-27 03:11:23 +00:00 · 2026-04-09 13:36:12 -04:00 · 2026-04-09 13:36:12 -04:00 · 79b47a7566
commit 79b47a7566
parent f0f2768dff
1 changed files with 8 additions and 2 deletions
--- a/src/crypto/mlkem/mlkem.go
+++ b/src/crypto/mlkem/mlkem.go
@ -72,7 +72,10 @@ func (dk *DecapsulationKey768) Bytes() []byte {
 }

 // Decapsulate generates a shared key from a ciphertext and a decapsulation
-// key. If the ciphertext is not valid, Decapsulate returns an error.
+// key. If the ciphertext is not the correct length, Decapsulate returns an
+// error. A ciphertext that is the correct length but otherwise invalid will
+// not return an error; instead, it will produce a shared key that does not
+// match the sender's, according to FIPS 203.
 //
 // The shared key must be kept secret.
 func (dk *DecapsulationKey768) Decapsulate(ciphertext []byte) (sharedKey []byte, err error) {
@ -164,7 +167,10 @@ func (dk *DecapsulationKey1024) Bytes() []byte {
 }

 // Decapsulate generates a shared key from a ciphertext and a decapsulation
-// key. If the ciphertext is not valid, Decapsulate returns an error.
+// key. If the ciphertext is not the correct length, Decapsulate returns an
+// error. A ciphertext that is the correct length but otherwise invalid will
+// not return an error; instead, it will produce a shared key that does not
+// match the sender's, according to FIPS 203.
 //
 // The shared key must be kept secret.
 func (dk *DecapsulationKey1024) Decapsulate(ciphertext []byte) (sharedKey []byte, err error) {