Diffie-Hellman key agreement based on the elliptic curve modulo 2^255 - 19. More...

#include <Curve25519.h>

Static Public Member Functions
static bool	eval (uint8_t result[32], const uint8_t s[32], const uint8_t x[32])
	Evaluates the raw Curve25519 function. More...

static void	dh1 (uint8_t k[32], uint8_t f[32])
	Performs phase 1 of a Diffie-Hellman key exchange using Curve25519. More...

static bool	dh2 (uint8_t k[32], uint8_t f[32])
	Performs phase 2 of a Diffie-Hellman key exchange using Curve25519. More...

Friends
class	Ed25519

Detailed Description

Diffie-Hellman key agreement based on the elliptic curve modulo 2^255 - 19.

Note: The public functions in this class need a substantial amount of stack space to store intermediate results while the curve function is being evaluated. About 1k of free stack space is recommended for safety.

References: http://cr.yp.to/ecdh.html, RFC 7748

See also: Ed25519

Definition at line 30 of file Curve25519.h.

Member Function Documentation

◆ dh1()

void Curve25519::dh1	(	uint8_t	k[32],
		uint8_t	f[32]
	)

static

Performs phase 1 of a Diffie-Hellman key exchange using Curve25519.

Parameters

k	The key value to send to the other party as part of the exchange.
f	The generated secret value for this party. This must not be transmitted to any party or stored in permanent storage. It only needs to be kept in memory until dh2() is called.

The f value is generated with RNG.rand(). It is the caller's responsibility to ensure that the global random number pool has sufficient entropy to generate the 32 bytes of f safely before calling this function.

The following example demonstrates how to perform a full Diffie-Hellman key exchange using dh1() and dh2():

uint8_t f[32];
uint8_t k[32];
 
// Generate the secret value "f" and the public value "k".
Curve25519::dh1(k, f);
 
// Send "k" to the other party.
...
 
// Read the "k" value that the other party sent to us.
...
 
// Generate the shared secret in "k" using the previous secret value "f".
if (!Curve25519::dh2(k, f)) {
    // The received "k" value was invalid - abort the session.
    ...
}
 
// The "k" value can now be used to generate session keys for encryption.
...

Reference: RFC 7748

See also: dh2()

Definition at line 245 of file Curve25519.cpp.

◆ dh2()

bool Curve25519::dh2	(	uint8_t	k[32],
		uint8_t	f[32]
	)

static

Performs phase 2 of a Diffie-Hellman key exchange using Curve25519.

Parameters

k	On entry, this is the key value that was received from the other party as part of the exchange. On exit, this will be the shared secret.
f	The secret value for this party that was generated by dh1(). The f value will be destroyed by this function.

Returns: Returns true if the key exchange was successful, or false if the k value is invalid.

Reference: RFC 7748

See also: dh1()

Definition at line 283 of file Curve25519.cpp.

◆ eval()

bool Curve25519::eval	(	uint8_t	result[32],
		const uint8_t	s[32],
		const uint8_t	x[32]
	)

static

Evaluates the raw Curve25519 function.

Parameters

result	The result of evaluating the curve function.
s	The S parameter to the curve function.
x	The X(Q) parameter to the curve function. If this pointer is NULL then the value 9 is used for x.

This function is provided to assist with implementating other algorithms with the curve. Normally applications should use dh1() and dh2() directly instead.

Returns: Returns true if the function was evaluated; false if x is not a proper member of the field modulo (2^255 - 19).

Reference: RFC 7748

See also: dh1(), dh2()

Definition at line 80 of file Curve25519.cpp.

The documentation for this class was generated from the following files:

Static Public Member Functions

Friends

Detailed Description

Member Function Documentation

◆ dh1()

◆ dh2()

◆ eval()