Stowage/go
2
0
Fork 0
mirror of https://github.com/golang/go.git synced 2025-12-08 06:10:04 +00:00
Code Issues Projects Releases Packages Wiki Activity

crypto: add Encapsulator and Decapsulator interfaces

Browse source 
Updates #75300

Change-Id: I6a6a6964a0ab36ee3132d8481515c34c86011c13
Reviewed-on: https://go-review.googlesource.com/c/go/+/705796
Reviewed-by: Mark Freeman <markfreeman@google.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Junyang Shao <shaojunyang@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
This commit is contained in:
Filippo Valsorda 2025-09-22 14:12:53 +02:00
parent 6b83bd7146
commit a2946f2385
5 changed files with 55 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

8
api/next/75300.txt
View file

@ -1,4 +1,12 @@
pkg crypto, type Decapsulator interface { Decapsulate, Encapsulator } #75300
pkg crypto, type Decapsulator interface, Decapsulate([]uint8) ([]uint8, error) #75300
pkg crypto, type Decapsulator interface, Encapsulator() Encapsulator #75300
pkg crypto, type Encapsulator interface { Bytes, Encapsulate } #75300
pkg crypto, type Encapsulator interface, Bytes() []uint8 #75300
pkg crypto, type Encapsulator interface, Encapsulate() ([]uint8, []uint8) #75300
pkg crypto/ecdh, type KeyExchanger interface { Curve, ECDH, PublicKey } #75300 pkg crypto/ecdh, type KeyExchanger interface { Curve, ECDH, PublicKey } #75300
pkg crypto/ecdh, type KeyExchanger interface, Curve() Curve #75300 pkg crypto/ecdh, type KeyExchanger interface, Curve() Curve #75300
pkg crypto/ecdh, type KeyExchanger interface, ECDH(*PublicKey) ([]uint8, error) #75300 pkg crypto/ecdh, type KeyExchanger interface, ECDH(*PublicKey) ([]uint8, error) #75300
pkg crypto/ecdh, type KeyExchanger interface, PublicKey() *PublicKey #75300 pkg crypto/ecdh, type KeyExchanger interface, PublicKey() *PublicKey #75300
pkg crypto/mlkem, method (*DecapsulationKey1024) Encapsulator() crypto.Encapsulator #75300
pkg crypto/mlkem, method (*DecapsulationKey768) Encapsulator() crypto.Encapsulator #75300

2
doc/next/6-stdlib/99-minor/crypto/75300.md Normal file
View file

@ -0,0 +1,2 @@
The new [Encapsulator] and [Decapsulator] interfaces allow accepting abstract
KEM encapsulation or decapsulation keys.

3
doc/next/6-stdlib/99-minor/crypto/mlkem/75300.md Normal file
View file

@ -0,0 +1,3 @@
The new [DecapsulationKey768.Encapsulator] and
[DecapsulationKey1024.Encapsulator] methods implement the new
[crypto.Decapsulator] interface.

18
src/crypto/crypto.go
View file

@ -253,3 +253,21 @@ func SignMessage(signer Signer, rand io.Reader, msg []byte, opts SignerOpts) (si
} }
return signer.Sign(rand, msg, opts) return signer.Sign(rand, msg, opts)
} }
// Decapsulator is an interface for an opaque private KEM key that can be used for
// decapsulation operations. For example, an ML-KEM key kept in a hardware module.
//
// It is implemented, for example, by [crypto/mlkem.DecapsulationKey768].
type Decapsulator interface {
Encapsulator() Encapsulator
Decapsulate(ciphertext []byte) (sharedKey []byte, err error)
}
// Encapsulator is an interface for a public KEM key that can be used for
// encapsulation operations.
//
// It is implemented, for example, by [crypto/mlkem.EncapsulationKey768].
type Encapsulator interface {
Bytes() []byte
Encapsulate() (sharedKey, ciphertext []byte)
}

25
src/crypto/mlkem/mlkem.go
View file

@ -11,7 +11,10 @@
// [NIST FIPS 203]: https://doi.org/10.6028/NIST.FIPS.203 // [NIST FIPS 203]: https://doi.org/10.6028/NIST.FIPS.203
package mlkem package mlkem
import "crypto/internal/fips140/mlkem" import (
"crypto"
"crypto/internal/fips140/mlkem"
)
const ( const (
// SharedKeySize is the size of a shared key produced by ML-KEM. // SharedKeySize is the size of a shared key produced by ML-KEM.
@ -82,6 +85,16 @@ func (dk *DecapsulationKey768) EncapsulationKey() *EncapsulationKey768 {
return &EncapsulationKey768{dk.key.EncapsulationKey()} return &EncapsulationKey768{dk.key.EncapsulationKey()}
} }
// Encapsulator returns the encapsulation key, like
// [DecapsulationKey768.EncapsulationKey].
//
// It implements [crypto.Decapsulator].
func (dk *DecapsulationKey768) Encapsulator() crypto.Encapsulator {
return dk.EncapsulationKey()
}
var _ crypto.Decapsulator = (*DecapsulationKey768)(nil)
// An EncapsulationKey768 is the public key used to produce ciphertexts to be // An EncapsulationKey768 is the public key used to produce ciphertexts to be
// decapsulated by the corresponding DecapsulationKey768. // decapsulated by the corresponding DecapsulationKey768.
type EncapsulationKey768 struct { type EncapsulationKey768 struct {
@ -164,6 +177,16 @@ func (dk *DecapsulationKey1024) EncapsulationKey() *EncapsulationKey1024 {
return &EncapsulationKey1024{dk.key.EncapsulationKey()} return &EncapsulationKey1024{dk.key.EncapsulationKey()}
} }
// Encapsulator returns the encapsulation key, like
// [DecapsulationKey1024.EncapsulationKey].
//
// It implements [crypto.Decapsulator].
func (dk *DecapsulationKey1024) Encapsulator() crypto.Encapsulator {
return dk.EncapsulationKey()
}
var _ crypto.Decapsulator = (*DecapsulationKey1024)(nil)
// An EncapsulationKey1024 is the public key used to produce ciphertexts to be // An EncapsulationKey1024 is the public key used to produce ciphertexts to be
// decapsulated by the corresponding DecapsulationKey1024. // decapsulated by the corresponding DecapsulationKey1024.
type EncapsulationKey1024 struct { type EncapsulationKey1024 struct {