Add ML-KEM decapsulation key check.

Described in section 7.3 of FIPS 203. The check is only required if the private key is from an untrusted source. We do not distinguish between a trusted and untrusted source in the current API, so we'll perform the check every time we unmarshal the private key.
cloudflare · Aug 19, 2024 · 62385a8 · 62385a8
1 parent 2b4626d
commit 62385a8
Show file tree

Hide file tree

Showing 5 changed files with 79 additions and 9 deletions.
diff --git a/kem/kem.go b/kem/kem.go
@@ -113,6 +113,9 @@ var (
 	// ErrPubKey is the error used if the provided public key is invalid.
 	ErrPubKey = errors.New("invalid public key")
 
+	// ErrPrivKey is the error used if the provided private key is invalid.
+	ErrPrivKey = errors.New("invalid private key")
+
 	// ErrCipherText is the error used if the provided ciphertext is invalid.
 	ErrCipherText = errors.New("invalid ciphertext")
 )
diff --git a/kem/kyber/templates/pkg.templ.go b/kem/kyber/templates/pkg.templ.go
diff --git a/kem/mlkem/mlkem1024/kyber.go b/kem/mlkem/mlkem1024/kyber.go
diff --git a/kem/mlkem/mlkem512/kyber.go b/kem/mlkem/mlkem512/kyber.go
diff --git a/kem/mlkem/mlkem768/kyber.go b/kem/mlkem/mlkem768/kyber.go