feat(crypto): add hybrid X-Wing KEM support for TDF key wrapping

[sujankota]

• Adds hybrid post-quantum key wrapping using X-Wing KEM (X25519 + ML-KEM-768) via cloudflare/circl
• New HybridXWingKey ("hpqt:xwing") key type and "hybrid-wrapped" scheme type alongside existing RSA and EC
• Composite public key stored as raw concatenation (1216 bytes) in custom PEM block (XWING PUBLIC KEY)
• DEK wrapped in ASN.1 envelope (X-Wing ciphertext + AES-GCM encrypted DEK) in the existing wrapped_key field — no new KAO fields or
  schema changes needed
• Feature-flagged via hybrid_tdf_enabled in KAS config, matching the pattern used for EC support
• Changes span all layers: lib/ocrypto → service/internal/security → service/kas/access → sdk
• ALGORITHM_HPQT_XWING added to proto Algorithm and KasPublicKeyAlgEnum enums with updated CEL validation

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 3943c36b-14b7-4b73-877e-e799998c4780

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/hybrid-xwing-kem-support

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces support for hybrid post-quantum key wrapping using the X-Wing KEM algorithm. By integrating this into the existing TDF key wrapping infrastructure, the platform gains the ability to secure data using a combination of classical and post-quantum cryptographic primitives. The changes span the entire stack, including cryptographic libraries, service-level security logic, and protocol definitions, ensuring a consistent implementation across the SDK and KAS components.

Highlights

• X-Wing KEM Support: Added hybrid post-quantum key wrapping using X-Wing (X25519 + ML-KEM-768) via the cloudflare/circl library.
• New Key and Scheme Types: Introduced 'hpqt:xwing' key type and 'hybrid-wrapped' scheme type for TDF key wrapping.
• Feature Flagging: Implemented feature-flagging via 'hybrid_tdf_enabled' in the KAS configuration.
• Protocol Updates: Updated protobuf definitions to include ALGORITHM_HPQT_XWING and KasPublicKeyAlgEnum, with corresponding CEL validation updates.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Ignored Files

• Ignored by pattern: protocol/**/* (3)
  • protocol/go/go.mod
  • protocol/go/go.sum
  • protocol/go/policy/objects.pb.go

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

---

Quantum threats are on the way, But X-Wing keeps the keys at bay. With hybrid strength we hold the line, And make our crypto look just fine.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

Dependency Review

The following issues were found:

• ❌ 1 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 48 package(s) with unknown licenses.
• ⚠️ 3 packages with OpenSSF Scorecard issues.

View full job summary

[gemini-code-assist]

Code Review

This pull request implements support for hybrid post-quantum cryptography using the X-Wing KEM. Key additions include X-Wing key pair generation and DEK wrapping/unwrapping in the ocrypto library, along with integration into the SDK and Key Access Service (KAS) to handle hybrid-wrapped key access objects. Protobuf definitions and security providers were also updated to support the new ALGORITHM_HPQT_XWING type. Feedback was provided to optimize the public key export logic in the in-process provider by using a switch statement on the existing algorithm field instead of a trial-and-error approach.

[gemini-code-assist]

This trial-and-error approach to finding the public key is inefficient and can be brittle. Since the KeyDetailsAdapter already stores the key's algorithm in the k.algorithm field, it would be more direct and robust to use a switch statement on k.algorithm to call the appropriate public key retrieval method.

		switch k.algorithm {
		case ocrypto.RSA2048Key, ocrypto.RSA4096Key:
			return k.cryptoProvider.RSAPublicKey(kid)
		case ocrypto.EC256Key, ocrypto.EC384Key, ocrypto.EC521Key:
			return k.cryptoProvider.ECPublicKey(kid)
		case ocrypto.HybridXWingKey:
			return k.cryptoProvider.XWingPublicKey(kid)
		default:
			return "", fmt.Errorf("unsupported algorithm for PEM export: %s", k.algorithm)
		}

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	187.826415ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	105.75473ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	390.542469ms
Throughput	256.05 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	41.030395254s
Average Latency	408.981731ms
Throughput	121.86 requests/second

[github-actions]

X-Test Results

✅ go-pull-3239
✅ java-pull-3239
✅ go-v0.9.0
✅ js-pull-3239
✅ java-v0.9.0
test-cases-mapping-report
bats-test-results
✅ js-v0.9.0
cukes-report
opentdfplatformWSMLP0.dockerbuild