Skip to content

Commit 62385a8

Browse files
bwesterbarmfazh
bwesterb
authored and
armfazh
committed
Add ML-KEM decapsulation key check.
Described in section 7.3 of FIPS 203. The check is only required if the private key is from an untrusted source. We do not distinguish between a trusted and untrusted source in the current API, so we'll perform the check every time we unmarshal the private key.
1 parent 2b4626d commit 62385a8

File tree

5 files changed

+79
-9
lines changed

5 files changed

+79
-9
lines changed

kem/kem.go

+3
Original file line numberDiff line numberDiff line change
@@ -113,6 +113,9 @@ var (
113113
// ErrPubKey is the error used if the provided public key is invalid.
114114
ErrPubKey = errors.New("invalid public key")
115115

116+
// ErrPrivKey is the error used if the provided private key is invalid.
117+
ErrPrivKey = errors.New("invalid private key")
118+
116119
// ErrCipherText is the error used if the provided ciphertext is invalid.
117120
ErrCipherText = errors.New("invalid ciphertext")
118121
)

kem/kyber/templates/pkg.templ.go

+28
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

kem/mlkem/mlkem1024/kyber.go

+16-3
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

kem/mlkem/mlkem512/kyber.go

+16-3
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

kem/mlkem/mlkem768/kyber.go

+16-3
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)