From: Filippo Valsorda <filippo@golang.org>
Date: Mon, 22 Sep 2025 12:12:15 +0000 (+0200)
Subject: crypto/ecdh: add KeyExchanger interface
X-Git-Tag: go1.26rc1~237
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=6b83bd7146259316655a5852392b1fa090ba5024;p=gostls13.git

crypto/ecdh: add KeyExchanger interface

Updates #75300

Change-Id: I6a6a6964bbfa1f099c74d0a3fb3f7894d7b1b832
Reviewed-on: https://go-review.googlesource.com/c/go/+/705795
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Carlos Amedee <carlos@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Junyang Shao <shaojunyang@google.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
---

diff --git a/api/next/75300.txt b/api/next/75300.txt
new file mode 100644
index 0000000000..9bc1e7f5db
--- /dev/null
+++ b/api/next/75300.txt
@@ -0,0 +1,4 @@
+pkg crypto/ecdh, type KeyExchanger interface { Curve, ECDH, PublicKey } #75300
+pkg crypto/ecdh, type KeyExchanger interface, Curve() Curve #75300
+pkg crypto/ecdh, type KeyExchanger interface, ECDH(*PublicKey) ([]uint8, error) #75300
+pkg crypto/ecdh, type KeyExchanger interface, PublicKey() *PublicKey #75300
diff --git a/doc/next/6-stdlib/99-minor/crypto/ecdh/75300.md b/doc/next/6-stdlib/99-minor/crypto/ecdh/75300.md
new file mode 100644
index 0000000000..5ca55b3215
--- /dev/null
+++ b/doc/next/6-stdlib/99-minor/crypto/ecdh/75300.md
@@ -0,0 +1,2 @@
+The new [KeyExchanger] interface, implemented by [PrivateKey], makes it possible
+to accept abstract ECDH private keys, e.g. those implemented in hardware.
diff --git a/src/crypto/ecdh/ecdh.go b/src/crypto/ecdh/ecdh.go
index 231f1ea04c..82daacf473 100644
--- a/src/crypto/ecdh/ecdh.go
+++ b/src/crypto/ecdh/ecdh.go
@@ -92,6 +92,18 @@ func (k *PublicKey) Curve() Curve {
 	return k.curve
 }
 
+// KeyExchanger is an interface for an opaque private key that can be used for
+// key exchange operations. For example, an ECDH key kept in a hardware module.
+//
+// It is implemented by [PrivateKey].
+type KeyExchanger interface {
+	PublicKey() *PublicKey
+	Curve() Curve
+	ECDH(*PublicKey) ([]byte, error)
+}
+
+var _ KeyExchanger = (*PrivateKey)(nil)
+
 // PrivateKey is an ECDH private key, usually kept secret.
 //
 // These keys can be parsed with [crypto/x509.ParsePKCS8PrivateKey] and encoded