feat: Support KEY_ENCAPSULATION purpose and quantum-safe algorithms ML_KEM_768, ML_KEM_1024 and KEM_XWING

Google APIs · copybara-github · commit f8146b4dbeb9 · 2025-09-10T11:40:00.000-07:00
feat: Add PublicKeyFormat enums XWING_RAW_BYTES (used for KEM_XWING) and DER

PiperOrigin-RevId: 805449810
diff --git a/google/cloud/kms/v1/resources.proto b/google/cloud/kms/v1/resources.proto
@@ -100,6 +100,12 @@ message CryptoKey {
     // [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used
     // with [MacSign][google.cloud.kms.v1.KeyManagementService.MacSign].
     MAC = 9;
+
+    // [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used
+    // with
+    // [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]
+    // and [Decapsulate][google.cloud.kms.v1.KeyManagementService.Decapsulate].
+    KEY_ENCAPSULATION = 10;
   }
 
   // Output only. The resource name for this
@@ -469,6 +475,16 @@ message CryptoKeyVersion {
     // Algorithm representing symmetric encryption by an external key manager.
     EXTERNAL_SYMMETRIC_ENCRYPTION = 18;
 
+    // ML-KEM-768 (FIPS 203)
+    ML_KEM_768 = 47;
+
+    // ML-KEM-1024 (FIPS 203)
+    ML_KEM_1024 = 48;
+
+    // X-Wing hybrid KEM combining ML-KEM-768 with X25519 following
+    // datatracker.ietf.org/doc/draft-connolly-cfrg-xwing-kem/.
+    KEM_XWING = 63;
+
     // The post-quantum Module-Lattice-Based Digital Signature Algorithm, at
     // security level 3. Randomized version.
     PQ_SIGN_ML_DSA_65 = 56;
@@ -719,10 +735,18 @@ message PublicKey {
     // (https://tools.ietf.org/html/rfc7468#section-13) for more information.
     PEM = 1;
 
+    // The returned public key will be encoded in DER format (the
+    // PrivateKeyInfo structure from RFC 5208).
+    DER = 2;
+
     // This is supported only for PQC algorithms.
     // The key material is returned in the format defined by NIST PQC
     // standards (FIPS 203, FIPS 204, and FIPS 205).
     NIST_PQC = 3;
+
+    // The returned public key is in raw bytes format defined in its standard
+    // https://datatracker.ietf.org/doc/draft-connolly-cfrg-xwing-kem.
+    XWING_RAW_BYTES = 4;
   }
 
   // The public key, encoded in PEM format. For more information, see the
diff --git a/google/cloud/kms/v1/service.proto b/google/cloud/kms/v1/service.proto
@@ -390,6 +390,18 @@ service KeyManagementService {
     option (google.api.method_signature) = "name,data,mac";
   }
 
+  // Decapsulates data that was encapsulated with a public key retrieved from
+  // [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]
+  // corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
+  // with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
+  // KEY_ENCAPSULATION.
+  rpc Decapsulate(DecapsulateRequest) returns (DecapsulateResponse) {
+    option (google.api.http) = {
+      post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:decapsulate"
+      body: "*"
+    };
+  }
+
   // Generate random bytes using the Cloud KMS randomness source in the provided
   // location.
   rpc GenerateRandomBytes(GenerateRandomBytesRequest)
@@ -1544,6 +1556,47 @@ message MacVerifyRequest {
       [(google.api.field_behavior) = OPTIONAL];
 }
 
+// Request message for
+// [KeyManagementService.Decapsulate][google.cloud.kms.v1.KeyManagementService.Decapsulate].
+message DecapsulateRequest {
+  // Required. The resource name of the
+  // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for
+  // decapsulation.
+  string name = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "cloudkms.googleapis.com/CryptoKeyVersion"
+    }
+  ];
+
+  // Required. The ciphertext produced from encapsulation with the
+  // named [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] public
+  // key(s).
+  bytes ciphertext = 2 [(google.api.field_behavior) = REQUIRED];
+
+  // Optional. A CRC32C checksum of the
+  // [DecapsulateRequest.ciphertext][google.cloud.kms.v1.DecapsulateRequest.ciphertext].
+  // If specified,
+  // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
+  // verify the integrity of the received
+  // [DecapsulateRequest.ciphertext][google.cloud.kms.v1.DecapsulateRequest.ciphertext]
+  // using this checksum.
+  // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
+  // report an error if the checksum verification fails. If you receive a
+  // checksum error, your client should verify that
+  // CRC32C([DecapsulateRequest.ciphertext][google.cloud.kms.v1.DecapsulateRequest.ciphertext])
+  // is equal to
+  // [DecapsulateRequest.ciphertext_crc32c][google.cloud.kms.v1.DecapsulateRequest.ciphertext_crc32c],
+  // and if so, perform a limited number of retries. A persistent mismatch may
+  // indicate an issue in your computation of the CRC32C checksum. Note: This
+  // field is defined as int64 for reasons of compatibility across different
+  // languages. However, it is a non-negative integer, which will never exceed
+  // 2^32-1, and can be safely downconverted to uint32 in languages that support
+  // this type.
+  google.protobuf.Int64Value ciphertext_crc32c = 3
+      [(google.api.field_behavior) = OPTIONAL];
+}
+
 // Request message for
 // [KeyManagementService.GenerateRandomBytes][google.cloud.kms.v1.KeyManagementService.GenerateRandomBytes].
 message GenerateRandomBytesRequest {
@@ -2047,6 +2100,60 @@ message MacVerifyResponse {
   ProtectionLevel protection_level = 6;
 }
 
+// Response message for
+// [KeyManagementService.Decapsulate][google.cloud.kms.v1.KeyManagementService.Decapsulate].
+message DecapsulateResponse {
+  // The resource name of the
+  // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for
+  // decapsulation. Check this field to verify that the intended resource was
+  // used for decapsulation.
+  string name = 1;
+
+  // The decapsulated shared_secret originally encapsulated with the matching
+  // public key.
+  bytes shared_secret = 2;
+
+  // Integrity verification field. A CRC32C checksum of the returned
+  // [DecapsulateResponse.shared_secret][google.cloud.kms.v1.DecapsulateResponse.shared_secret].
+  // An integrity check of
+  // [DecapsulateResponse.shared_secret][google.cloud.kms.v1.DecapsulateResponse.shared_secret]
+  // can be performed by computing the CRC32C checksum of
+  // [DecapsulateResponse.shared_secret][google.cloud.kms.v1.DecapsulateResponse.shared_secret]
+  // and comparing your results to this field. Discard the response in case of
+  // non-matching checksum values, and perform a limited number of retries. A
+  // persistent mismatch may indicate an issue in your computation of the CRC32C
+  // checksum. Note: receiving this response message indicates that
+  // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] is able to
+  // successfully decrypt the
+  // [ciphertext][google.cloud.kms.v1.DecapsulateRequest.ciphertext]. Note: This
+  // field is defined as int64 for reasons of compatibility across different
+  // languages. However, it is a non-negative integer, which will never exceed
+  // 2^32-1, and can be safely downconverted to uint32 in languages that support
+  // this type.
+  optional int64 shared_secret_crc32c = 3;
+
+  // Integrity verification field. A flag indicating whether
+  // [DecapsulateRequest.ciphertext_crc32c][google.cloud.kms.v1.DecapsulateRequest.ciphertext_crc32c]
+  // was received by
+  // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used
+  // for the integrity verification of the
+  // [ciphertext][google.cloud.kms.v1.DecapsulateRequest.ciphertext]. A false
+  // value of this field indicates either that
+  // [DecapsulateRequest.ciphertext_crc32c][google.cloud.kms.v1.DecapsulateRequest.ciphertext_crc32c]
+  // was left unset or that it was not delivered to
+  // [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've
+  // set
+  // [DecapsulateRequest.ciphertext_crc32c][google.cloud.kms.v1.DecapsulateRequest.ciphertext_crc32c]
+  // but this field is still false, discard the response and perform a limited
+  // number of retries.
+  bool verified_ciphertext_crc32c = 4;
+
+  // The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the
+  // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used in
+  // decapsulation.
+  ProtectionLevel protection_level = 5;
+}
+
 // Response message for
 // [KeyManagementService.GenerateRandomBytes][google.cloud.kms.v1.KeyManagementService.GenerateRandomBytes].
 message GenerateRandomBytesResponse {
