ecdh

package module

v0.5.0 Latest Latest Go to latest Published: May 19, 2020 License: MIT Imports: 8 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/hurae/ecdh

Links

Open Source Insights

README ¶

Fork of github.com/aead/ecdh

The ECDH key exchange

Elliptic curve Diffie–Hellman (ECDH) is an anonymous key agreement protocol that allows two parties,

each having an elliptic curve public–private key pair, to establish a shared secret over an insecure channel.

This package implements a generic interface for ECDH and supports the generic crypto/elliptic and the x/crypto/curve25519 out of the box.

Installation

Install in your GOPATH: go get -u github.com/hurae/ecdh

Difference:

always return a []byte type public key
use non-deprecated new X25519 API.
implement Check for Curve25519, just the same check inside golang.org/x/crypto/curve25519. That means length 32 and not all zero.
ComputeSecret will now pass the error which golang.org/x/crypto/curve25519 gives out.

Documentation ¶

Overview ¶

Package ecdh implements the Diffie-Hellman key exchange using elliptic curves (ECDH). It directly provides ECDH implementations for the NIST curves P224, P256, P384, and Bernstein's Cruve25519.

For generic curves this implementation of ECDH only uses the x-coordinate as the computed secret.

Index ¶

type CurveParams
type KeyExchange
- func Generic(c elliptic.Curve) KeyExchange
- func X25519() KeyExchange

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type CurveParams ¶

type CurveParams struct {
	Name    string // the canonical name of the curve
	BitSize int    // the size of the underlying field
}

CurveParams contains the parameters of an elliptic curve.

type KeyExchange ¶

type KeyExchange interface {
	// GenerateKey generates a private/public key pair using entropy from rand.
	// If rand is nil, crypto/rand.Reader will be used.
	GenerateKey(rand io.Reader) (private []byte, public []byte, err error)

	// Params returns the curve parameters - like the field size.
	Params() CurveParams

	// PublicKey returns the public key corresponding to the given private one.
	PublicKey(private []byte) (public []byte)

	// Check returns a non-nil error if the peers public key cannot used for the
	// key exchange - for instance the public key isn't a point on the elliptic curve.
	// Generally, Curve25519 do not need this check, but an all zero key or nil key is not permitted.
	// See https://cr.yp.to/ecdh.html for more detail about Curve25519.
	// It's recommended to check peer's public key before computing the secret.
	Check(peersPublic []byte) (err error)

	// ComputeSecret returns the secret value computed from the given private key
	// and the peers public key.
	ComputeSecret(private []byte, peersPublic []byte) (secret []byte, err error)
}

KeyExchange is the interface defining all functions necessary for ECDH.

func Generic ¶

func Generic(c elliptic.Curve) KeyExchange

Generic creates a new ecdh.KeyExchange with generic elliptic.Curve implementations.

Example ¶

An example for the ECDH key-exchange using the curve P256.

p256 := Generic(elliptic.P256())

privateAlice, publicAlice, err := p256.GenerateKey(rand.Reader)
if err != nil {
	fmt.Printf("Failed to generate Alice's private/public key pair: %s\n", err)
}
privateBob, publicBob, err := p256.GenerateKey(rand.Reader)
if err != nil {
	fmt.Printf("Failed to generate Bob's private/public key pair: %s\n", err)
}

if err := p256.Check(publicBob); err != nil {
	fmt.Printf("Bob's public key is not on the curve: %s\n", err)
}
secretAlice, _ := p256.ComputeSecret(privateAlice, publicBob)

if err := p256.Check(publicAlice); err != nil {
	fmt.Printf("Alice's public key is not on the curve: %s\n", err)
}
secretBob, _ := p256.ComputeSecret(privateBob, publicAlice)

if !bytes.Equal(secretAlice, secretBob) {
	fmt.Printf("key exchange failed - secret X coordinates not equal\n")
}

Output:

func X25519 ¶

func X25519() KeyExchange

X25519 creates a new ecdh.KeyExchange with the elliptic curve Curve25519.

Example ¶

An example for the ECDH key-exchange using Curve25519.

c25519 := X25519()

privateAlice, publicAlice, err := c25519.GenerateKey(rand.Reader)
if err != nil {
	fmt.Printf("Failed to generate Alice's private/public key pair: %s\n", err)
}
privateBob, publicBob, err := c25519.GenerateKey(rand.Reader)
if err != nil {
	fmt.Printf("Failed to generate Bob's private/public key pair: %s\n", err)
}
if err := c25519.Check(publicBob); err != nil {
	fmt.Printf("Bob's public key is not on the curve: %s\n", err)
}
secretAlice, err := c25519.ComputeSecret(privateAlice, publicBob)
if err != nil {
	fmt.Println("Failed to Compute secret for the key", err)
}
if err := c25519.Check(publicAlice); err != nil {
	fmt.Printf("Alice's public key is not on the curve: %s\n", err)
}
secretBob, err := c25519.ComputeSecret(privateBob, publicAlice)

if !bytes.Equal(secretAlice, secretBob) {
	fmt.Printf("key exchange failed - secret X coordinates not equal\n")
}

Output:

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL