Curve25519#
Elliptic-curve Diffie-Hellman key agreement on Curve25519.
Available Implementations#
#include "Hacl_Curve25519_51.h"
A portable implementation.
#include "Hacl_Curve25519_64.h"
A fast 64-bit implementation that requires BMI2 & ADX CPU support.
API Reference#
Example
#define HACL_DH_CURVE25519_SECRETKEY_LEN 32
#define HACL_DH_CURVE25519_PUBLICKEY_LEN 32
#define HACL_DH_CURVE25519_SHARED_LEN 32
// Alice and Bob want to agree on a shared secret via X25519.
// Thus, Alice needs a secret and public key ...
uint8_t alice_sk[HACL_DH_CURVE25519_SECRETKEY_LEN];
uint8_t alice_pk[HACL_DH_CURVE25519_PUBLICKEY_LEN];
// Note: This function is not in HACL*.
// You need to bring your own random.
generate_random(alice_sk, HACL_DH_CURVE25519_SECRETKEY_LEN);
Hacl_Curve25519_51_secret_to_public(alice_pk, alice_sk);
// ... and Bob does as well.
uint8_t bob_sk[HACL_DH_CURVE25519_SECRETKEY_LEN];
uint8_t bob_pk[HACL_DH_CURVE25519_PUBLICKEY_LEN];
// Note: This function is not in HACL*.
// You need to bring your own random.
generate_random(bob_sk, HACL_DH_CURVE25519_SECRETKEY_LEN);
Hacl_Curve25519_51_secret_to_public(bob_pk, bob_sk);
// Now, Alice and Bob exchange their public keys so that
// Alice can compute her shared secret as ...
uint8_t shared_alice[HACL_DH_CURVE25519_SHARED_LEN];
bool res_alice = Hacl_Curve25519_51_ecdh(shared_alice, alice_sk, bob_pk);
// ... and Bob can compute his shared secret as ...
uint8_t shared_bob[HACL_DH_CURVE25519_SHARED_LEN];
bool res_bob = Hacl_Curve25519_51_ecdh(shared_bob, bob_sk, alice_pk);
// Now, both Alice and Bob should share the same secret value, i.e.,
//
// `shared_alice` == `shared_bob`
//
// ... and can use this to derive, e.g., an encryption key.
-
void Hacl_Curve25519_51_scalarmult(uint8_t *out, uint8_t *priv, uint8_t *pub)#
Compute the scalar multiple of a point.
- Parameters
out – Pointer to 32 bytes of memory, allocated by the caller, where the resulting point is written to.
priv – Pointer to 32 bytes of memory where the secret/private key is read from.
pub – Pointer to 32 bytes of memory where the public point is read from.
-
void Hacl_Curve25519_64_scalarmult(uint8_t *out, uint8_t *priv, uint8_t *pub)#
Compute the scalar multiple of a point.
- Parameters
out – Pointer to 32 bytes of memory, allocated by the caller, where the resulting point is written to.
priv – Pointer to 32 bytes of memory where the secret/private key is read from.
pub – Pointer to 32 bytes of memory where the public point is read from.
-
void Hacl_Curve25519_51_secret_to_public(uint8_t *pub, uint8_t *priv)#
Calculate a public point from a secret/private key.
This computes a scalar multiplication of the secret/private key with the curve’s basepoint.
- Parameters
pub – Pointer to 32 bytes of memory, allocated by the caller, where the resulting point is written to.
priv – Pointer to 32 bytes of memory where the secret/private key is read from.
-
void Hacl_Curve25519_64_secret_to_public(uint8_t *pub, uint8_t *priv)#
Calculate a public point from a secret/private key.
This computes a scalar multiplication of the secret/private key with the curve’s basepoint.
- Parameters
pub – Pointer to 32 bytes of memory, allocated by the caller, where the resulting point is written to.
priv – Pointer to 32 bytes of memory where the secret/private key is read from.
-
bool Hacl_Curve25519_51_ecdh(uint8_t *out, uint8_t *priv, uint8_t *pub)#
Execute the diffie-hellmann key exchange.
- Parameters
out – Pointer to 32 bytes of memory, allocated by the caller, where the resulting point is written to.
priv – Pointer to 32 bytes of memory where our secret/private key is read from.
pub – Pointer to 32 bytes of memory where their public point is read from.
-
bool Hacl_Curve25519_64_ecdh(uint8_t *out, uint8_t *priv, uint8_t *pub)#
Execute the diffie-hellmann key exchange.
- Parameters
out – Pointer to 32 bytes of memory, allocated by the caller, where the resulting point is written to.
priv – Pointer to 32 bytes of memory where our secret/private key is read from.
pub – Pointer to 32 bytes of memory where their public point is read from.