feat(platform): add KAS_PUBLIC_KEY_ALG_ENUM_MLKEM_768 to proto (DSPX-2399)

[dmihalcik-virtru]

Summary

• Adds KAS_PUBLIC_KEY_ALG_ENUM_MLKEM_768 = 13 to KasPublicKeyAlgEnum in service/policy/objects.proto
• Regenerates all Go and OpenAPI stubs via buf generate

Context

Part of the ML-KEM-768 post-quantum key encapsulation mechanism feature.

Jira: https://virtru.atlassian.net/browse/DSPX-2399

Test scenario: xtest/scenarios/mechanism-mlkem.yaml

Depends on

Nothing — this is the proto-only cell. Downstream cells (platform-service, platform-go-sdk, java-sdk, web-sdk) depend on this PR.

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 0621ddb1-ec65-4976-81f0-71e74e5def9f

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch DSPX-2399-platform-proto

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces support for the ML-KEM-768 post-quantum key encapsulation mechanism by defining the necessary constant in the service protocol buffers and updating the associated documentation. This change serves as the foundational step for implementing post-quantum security features across the platform.

Highlights

• New Algorithm Support: Added KAS_PUBLIC_KEY_ALG_ENUM_MLKEM_768 to the KasPublicKeyAlgEnum definition in the protocol buffer files.
• Documentation Update: Updated the gRPC documentation to include the new ML-KEM-768 algorithm constant.

New Features

🧠 You can now enable Memory (public preview) to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Ignored Files

• Ignored by pattern: docs/openapi/**/* (12)
  • docs/openapi/authorization/authorization.openapi.yaml
  • docs/openapi/authorization/v2/authorization.openapi.yaml
  • docs/openapi/policy/actions/actions.openapi.yaml
  • docs/openapi/policy/attributes/attributes.openapi.yaml
  • docs/openapi/policy/kasregistry/key_access_server_registry.openapi.yaml
  • docs/openapi/policy/namespaces/namespaces.openapi.yaml
  • docs/openapi/policy/objects.openapi.yaml
  • docs/openapi/policy/obligations/obligations.openapi.yaml
  • docs/openapi/policy/registeredresources/registered_resources.openapi.yaml
  • docs/openapi/policy/resourcemapping/resource_mapping.openapi.yaml
  • docs/openapi/policy/subjectmapping/subject_mapping.openapi.yaml
  • docs/openapi/policy/unsafe/unsafe.openapi.yaml
• Ignored by pattern: protocol/**/* (2)
  • protocol/go/authorization/authorization.pb.go
  • protocol/go/policy/objects.pb.go

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize the Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counterproductive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

---

New keys for the quantum age, / ML-KEM on the center stage. / With bits and bytes we define the way, / To keep the future safe today.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request adds the ML-KEM-768 algorithm to the KasPublicKeyAlgEnum in the policy objects protobuf and updates the associated documentation. The reviewer pointed out that the modified enum is part of a deprecated structure and recommended adding the algorithm to the modern Algorithm enum to ensure it is supported by current platform components.

[gemini-code-assist]

The KasPublicKeyAlgEnum is part of the KasPublicKey message, which is explicitly marked as deprecated at line 398. Modern components of the platform, such as AsymmetricKey (line 619) and SimpleKasPublicKey (line 10), utilize the Algorithm enum (defined at line 559) instead. To ensure that the new ML-KEM-768 algorithm is supported across the platform's current cryptographic definitions and not just legacy structures, it should also be added to the Algorithm enum.

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	143.018319ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	70.778144ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	344.684942ms
Throughput	290.12 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	34.362069533s
Average Latency	342.061071ms
Throughput	145.51 requests/second

[github-actions]

⚠️ Govulncheck found vulnerabilities ⚠️

The following modules have known vulnerabilities:

• examples
• otdfctl
• sdk
• service
• lib/fixtures
• tests-bdd

See the workflow run for details.

[github-actions]

X-Test Results

✅ go@main-pull-3485
✅ go@main-v0.9.0
✅ java@main-pull-3485
✅ js@main-pull-3485
✅ java@main-v0.9.0
cukes-report
✅ js@main-v0.9.0
opentdfplatformVKC1RW.dockerbuild
govulncheck-failure-0
govulncheck-failure-8
govulncheck-failure-3
govulncheck-failure-2
govulncheck-failure-1
govulncheck-failure-5