feat(crypto): add NIST EC/ML-KEM hybrid key support

[sujankota]

Proposed Changes

Checklist

• I have added or updated unit tests
• I have added or updated integration tests (if appropriate)
• I have added or updated documentation

Testing Instructions

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 83478db3-26f3-49c3-8c3c-3edea6389db9

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex-nist-ec-ml-kem

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly expands the cryptographic capabilities by integrating NIST EC/ML-KEM and X-Wing hybrid key support. These changes enable the system to utilize advanced post-quantum safe key encapsulation mechanisms, affecting how data encryption keys are wrapped and unwrapped across the SDK and KAS components. The update includes new cryptographic implementations, schema definitions, and comprehensive test coverage to ensure robust and secure operation with these new key types.

Highlights

• Hybrid Key Support: Introduced support for NIST EC/ML-KEM hybrid key types (SecP256r1/ML-KEM-768 and SecP384r1/ML-KEM-1024) and the X-Wing hybrid key type, enhancing cryptographic capabilities.
• SDK and KAS Integration: Updated the SDK and Key Access Server (KAS) to recognize, generate, and process these new hybrid key types for wrapping and unwrapping data encryption keys.
• Documentation and Schema Updates: Modified documentation, API schemas, and protocol buffer definitions to reflect the new hybrid key algorithms and their usage, including a new 'hybrid-wrapped' key type.
• New Cryptographic Implementations: Added new Go files (hybrid_nist.go and xwing.go) within the ocrypto library to provide the core logic for hybrid key pair generation, encryption, and decryption.
• Dependency Update: Integrated the github.com/cloudflare/circl library to support the underlying ML-KEM and X-Wing cryptographic primitives.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Ignored Files

• Ignored by pattern: docs/openapi/**/* (13)
  • docs/openapi/authorization/authorization.openapi.yaml
  • docs/openapi/authorization/v2/authorization.openapi.yaml
  • docs/openapi/kas/kas.openapi.yaml
  • docs/openapi/policy/actions/actions.openapi.yaml
  • docs/openapi/policy/attributes/attributes.openapi.yaml
  • docs/openapi/policy/kasregistry/key_access_server_registry.openapi.yaml
  • docs/openapi/policy/namespaces/namespaces.openapi.yaml
  • docs/openapi/policy/objects.openapi.yaml
  • docs/openapi/policy/obligations/obligations.openapi.yaml
  • docs/openapi/policy/registeredresources/registered_resources.openapi.yaml
  • docs/openapi/policy/resourcemapping/resource_mapping.openapi.yaml
  • docs/openapi/policy/subjectmapping/subject_mapping.openapi.yaml
  • docs/openapi/policy/unsafe/unsafe.openapi.yaml
• Ignored by pattern: protocol/**/* (3)
  • protocol/go/kas/kas.pb.go
  • protocol/go/policy/kasregistry/key_access_server_registry.pb.go
  • protocol/go/policy/objects.pb.go

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

---

New keys now take their flight, Hybrid strength, a quantum shield, Data safe and bright.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request implements support for hybrid post-quantum cryptography (HPQC) algorithms, including X-Wing and NIST-based schemes, across the platform's crypto library, SDK, and KAS service. Key updates include the integration of the circl library, new hybrid wrapping logic for TDFs, and expanded algorithm support in the KAS registry. Review feedback identifies a critical type mismatch in the ocrypto library that prevents compilation, missing algorithm cases in legacy public key endpoints, and incomplete validation in protobuf definitions. Recommendations were also made to optimize slice concatenation and reduce redundant PEM parsing during decryption to improve performance.

[gemini-code-assist]

There is a type mismatch here. NewSaltedXWingDecryptor and newSaltedHybridECMLKEMDecryptor return pointers to specific decryptor types (e.g., *XWingDecryptor), but FromPrivatePEMWithSalt is declared to return an AsymDecryption struct. This will cause a compilation error. You likely need to wrap these decryptors in an AsymDecryption instance before returning.

[gemini-code-assist]

The LegacyPublicKey method is missing support for the newly added NIST hybrid algorithms (AlgorithmHPQTSecp256r1MLKEM768 and AlgorithmHPQTSecp384r1MLKEM1024). Only AlgorithmHPQTXWing was added to this case statement, which will cause requests for the other hybrid types to fail or return incorrect formats.

Suggested change

	case security.AlgorithmRSA2048, security.AlgorithmHPQTXWing, "":
	case security.AlgorithmRSA2048, security.AlgorithmHPQTXWing, security.AlgorithmHPQTSecp256r1MLKEM768, security.AlgorithmHPQTSecp384r1MLKEM1024, "":

[gemini-code-assist]

The validation expression for ListKeysRequest is incomplete. It should include the new hybrid algorithms (7 and 8) to allow filtering by these types, consistent with the updates made to CreateKeyRequest and RotateKeyRequest.

Suggested change

	expression: "this in [0, 1, 2, 3, 4, 5, 6]" // Allow unspecified and object.Algorithm values for currently supported RSA bit sizes, EC curve types, and X-Wing
	expression: "this in [0, 1, 2, 3, 4, 5, 6, 7, 8]" // Allow unspecified and object.Algorithm values for currently supported RSA bit sizes, EC curve types, and Hybrid types

[gemini-code-assist]

This slice concatenation is inefficient and difficult to read. Using make with the correct capacity and copy is clearer and avoids the double append call.

	hybridSharedSecret := make([]byte, params.sharedKeySize)
	copy(hybridSharedSecret, ecSharedSecret)
	copy(hybridSharedSecret[len(ecSharedSecret):], mlkemSharedSecret)

[gemini-code-assist]

The unwrapHybridCiphertext function parses the private key PEM on every decryption call. This is computationally expensive. It would be much more efficient to parse the PEM once during loadKey and store the resulting decryptor object in the StandardHybridCrypto struct.