From f63b058d4a270d4ffff5e9ca36fccc02c5bce092 Mon Sep 17 00:00:00 2001
From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com>
Date: Sun, 4 May 2025 17:07:26 -0400
Subject: [PATCH] crypto/internal/mlkem768: add -768 suffix to all exported
 identifiers In preparation for introducing ML-KEM-1024.

Aside from the constants at the top, all other changes were automated.

Change-Id: I0fafce9a776c7b0b9179be1c858709cabf60e80f
Reviewed-on: https://go-review.googlesource.com/c/go/+/621981
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
---
 handshake_client.go       | 2 +-
 handshake_client_tls13.go | 2 +-
 handshake_server_tls13.go | 2 +-
 key_schedule.go           | 6 +++---
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/handshake_client.go b/handshake_client.go
index 679f1a6..f3a0738 100644
--- a/handshake_client.go
+++ b/handshake_client.go
@@ -164,7 +164,7 @@ func (c *Conn) makeClientHello() (*clientHelloMsg, *keySharePrivateKeys, *echCon
 			if _, err := io.ReadFull(config.rand(), seed); err != nil {
 				return nil, nil, nil, err
 			}
-			keyShareKeys.kyber, err = mlkem768.NewDecapsulationKey(seed)
+			keyShareKeys.kyber, err = mlkem768.NewDecapsulationKey768(seed)
 			if err != nil {
 				return nil, nil, nil, err
 			}
diff --git a/handshake_client_tls13.go b/handshake_client_tls13.go
index 31509fa..62aee55 100644
--- a/handshake_client_tls13.go
+++ b/handshake_client_tls13.go
@@ -481,7 +481,7 @@ func (hs *clientHandshakeStateTLS13) establishHandshakeKeys() error {
 
 	ecdhePeerData := hs.serverHello.serverShare.data
 	if hs.serverHello.serverShare.group == x25519Kyber768Draft00 {
-		if len(ecdhePeerData) != x25519PublicKeySize+mlkem768.CiphertextSize {
+		if len(ecdhePeerData) != x25519PublicKeySize+mlkem768.CiphertextSize768 {
 			c.sendAlert(alertIllegalParameter)
 			return errors.New("tls: invalid server key share")
 		}
diff --git a/handshake_server_tls13.go b/handshake_server_tls13.go
index f97381e..abdb8ae 100644
--- a/handshake_server_tls13.go
+++ b/handshake_server_tls13.go
@@ -276,7 +276,7 @@ func (hs *serverHandshakeStateTLS13) processClientHello() error {
 	ecdhData := clientKeyShare.data
 	if selectedGroup == x25519Kyber768Draft00 {
 		ecdhGroup = X25519
-		if len(ecdhData) != x25519PublicKeySize+mlkem768.EncapsulationKeySize {
+		if len(ecdhData) != x25519PublicKeySize+mlkem768.EncapsulationKeySize768 {
 			c.sendAlert(alertIllegalParameter)
 			return errors.New("tls: invalid Kyber client key share")
 		}
diff --git a/key_schedule.go b/key_schedule.go
index f05a991..8d96223 100644
--- a/key_schedule.go
+++ b/key_schedule.go
@@ -55,11 +55,11 @@ func (c *cipherSuiteTLS13) exportKeyingMaterial(s *tls13.MasterSecret, transcrip
 type keySharePrivateKeys struct {
 	curveID CurveID
 	ecdhe   *ecdh.PrivateKey
-	kyber   *mlkem768.DecapsulationKey
+	kyber   *mlkem768.DecapsulationKey768
 }
 
 // kyberDecapsulate implements decapsulation according to Kyber Round 3.
-func kyberDecapsulate(dk *mlkem768.DecapsulationKey, c []byte) ([]byte, error) {
+func kyberDecapsulate(dk *mlkem768.DecapsulationKey768, c []byte) ([]byte, error) {
 	K, err := dk.Decapsulate(c)
 	if err != nil {
 		return nil, err
@@ -69,7 +69,7 @@ func kyberDecapsulate(dk *mlkem768.DecapsulationKey, c []byte) ([]byte, error) {
 
 // kyberEncapsulate implements encapsulation according to Kyber Round 3.
 func kyberEncapsulate(ek []byte) (c, ss []byte, err error) {
-	k, err := mlkem768.NewEncapsulationKey(ek)
+	k, err := mlkem768.NewEncapsulationKey768(ek)
 	if err != nil {
 		return nil, nil, err
 	}