Skip to content

GitLab

Switch branch/tag
Find file Normal viewHistoryPermalink
dh.go 2.15 KB
Newer Older
Christopher Dudley's avatar
add shared secret derivation and test for ECDH.  
Christopher Dudley committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 
// Copyright (C) 2017. See AUTHORS.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//   http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package openssl

// #include "shim.h"
import "C"
import (
	"errors"
	"unsafe"
)

// DeriveSharedSecret derives a shared secret using a private key and a peer's
// public key.
// The specific algorithm that is used depends on the types of the
// keys, but it is most commonly a variant of Diffie-Hellman.
func DeriveSharedSecret(private PrivateKey, public PublicKey) ([]byte, error) {
	// Create context for the shared secret derivation
	dhCtx := C.EVP_PKEY_CTX_new(private.evpPKey(), nil)
	if dhCtx == nil {
		return nil, errors.New("failed creating shared secret derivation context")
	}
	defer C.EVP_PKEY_CTX_free(dhCtx)

	// Initialize the context
Christopher Dudley's avatar
change error checking style to match existing code.  
Christopher Dudley committed
37 
	if int(C.EVP_PKEY_derive_init(dhCtx)) != 1 {
Christopher Dudley's avatar
add shared secret derivation and test for ECDH.  
Christopher Dudley committed
38 39 40 41 
		return nil, errors.New("failed initializing shared secret derivation context")
	}

	// Provide the peer's public key
Christopher Dudley's avatar
change error checking style to match existing code.  
Christopher Dudley committed
42 
	if int(C.EVP_PKEY_derive_set_peer(dhCtx, public.evpPKey())) != 1 {
Christopher Dudley's avatar
add shared secret derivation and test for ECDH.  
Christopher Dudley committed
43 44 45 46 47 
		return nil, errors.New("failed adding peer public key to context")
	}

	// Determine how large of a buffer we need for the shared secret
	var buffLen C.size_t
Christopher Dudley's avatar
change error checking style to match existing code.  
Christopher Dudley committed
48 
	if int(C.EVP_PKEY_derive(dhCtx, nil, &buffLen)) != 1 {
Christopher Dudley's avatar
add shared secret derivation and test for ECDH.  
Christopher Dudley committed
49 50 51 52 53 54 55 56 57 58 59 
		return nil, errors.New("failed determining shared secret length")
	}

	// Allocate a buffer
	buffer := C.X_OPENSSL_malloc(buffLen)
	if buffer == nil {
		return nil, errors.New("failed allocating buffer for shared secret")
	}
	defer C.X_OPENSSL_free(buffer)

	// Derive the shared secret
Christopher Dudley's avatar
change error checking style to match existing code.  
Christopher Dudley committed
60 
	if int(C.EVP_PKEY_derive(dhCtx, (*C.uchar)(buffer), &buffLen)) != 1 {
Christopher Dudley's avatar
add shared secret derivation and test for ECDH.  
Christopher Dudley committed
61 62 63 64 65 66 
		return nil, errors.New("failed deriving the shared secret")
	}

	secret := C.GoBytes(unsafe.Pointer(buffer), C.int(buffLen))
	return secret, nil
}