view release on metacpan or  search on metacpan

src/ltc/pk/x25519/x25519_shared_secret.c  view on Meta::CPAN

/* LibTomCrypt, modular cryptographic library -- Tom St Denis */
/* SPDX-License-Identifier: Unlicense */
#include "tomcrypt_private.h"

/**
  @file x25519_shared_secret.c
  Create a X25519 shared secret, Steffen Jaeckel
*/

#ifdef LTC_CURVE25519

/**
   Create a X25519 shared secret.
   @param private_key     The private X25519 key in the pair
   @param public_key      The public X25519 key in the pair
   @param out             [out] The destination of the shared data
   @param outlen          [in/out] The max size and resulting size of the shared data.
   @return CRYPT_OK if successful
*/
int x25519_shared_secret(const    curve25519_key *private_key,
                         const    curve25519_key *public_key,
                               unsigned char *out, unsigned long *outlen)
{
   unsigned char nonzero = 0;
   unsigned long x;

   LTC_ARGCHK(private_key        != NULL);
   LTC_ARGCHK(public_key         != NULL);
   LTC_ARGCHK(out                != NULL);
   LTC_ARGCHK(outlen             != NULL);

   if (public_key->pka != LTC_PKA_X25519) return CRYPT_PK_INVALID_TYPE;
   if (private_key->type != PK_PRIVATE) return CRYPT_PK_INVALID_TYPE;

   if (*outlen < 32uL) {
      *outlen = 32uL;
      return CRYPT_BUFFER_OVERFLOW;
   }

   tweetnacl_crypto_scalarmult(out, private_key->priv, public_key->pub);
   *outlen = 32uL;

   /* Reject all-zero shared secrets; RFC 7748 Section 6.1 says peers MAY check for this */
   for (x = 0; x < *outlen; ++x) nonzero |= out[x];
   if (nonzero == 0) return CRYPT_INVALID_PACKET;

   return CRYPT_OK;
}

#endif