dsfx/pkg/crypto/keyexchange/ecdh.go

package keyexchange

import (
	"crypto/ecdh"
	"crypto/hkdf"
	"crypto/rand"
	"crypto/sha256"
)

var (
	// DefaultDHCurve is the default elliptic curve used for signing.
	DefaultDHCurve = ecdh.P384
)

// GenerateDHKey generates a new ECDH private key for key exchange.
func GenerateDHKey() (*ecdh.PrivateKey, error) {
	return DefaultDHCurve().GenerateKey(rand.Reader)
}

// ComputeDHSecret computes the shared secret from the private key and the public key.
func ComputeDHSecret(priv *ecdh.PrivateKey, pub *ecdh.PublicKey) ([]byte, error) {
	secret, err := priv.ECDH(pub)
	if err != nil {
		return nil, err
	}

	key, err := hkdf.Key(sha256.New, secret, nil, "", 32)
	if err != nil {
		return nil, err
	}

	return key, nil
}

// ExportPublicKey exports the public key as a byte slice.
func ExportPublicKey(pub *ecdh.PublicKey) ([]byte, error) {
	return pub.Bytes(), nil
}

// ImportPublicKey imports the public key from a byte slice.
func ImportPublicKey(data []byte) (*ecdh.PublicKey, error) {
	return DefaultDHCurve().NewPublicKey(data)
}
reorganize everything 2025-03-09 15:52:33 -04:00			`package keyexchange`
initial commit 2025-03-07 21:05:37 -05:00
			`import (`
			`"crypto/ecdh"`
reorganize everything 2025-03-09 15:52:33 -04:00			`"crypto/hkdf"`
initial commit 2025-03-07 21:05:37 -05:00			`"crypto/rand"`
reorganize everything 2025-03-09 15:52:33 -04:00			`"crypto/sha256"`
initial commit 2025-03-07 21:05:37 -05:00			`)`

			`var (`
			`// DefaultDHCurve is the default elliptic curve used for signing.`
			`DefaultDHCurve = ecdh.P384`
			`)`

			`// GenerateDHKey generates a new ECDH private key for key exchange.`
			`func GenerateDHKey() (*ecdh.PrivateKey, error) {`
			`return DefaultDHCurve().GenerateKey(rand.Reader)`
			`}`

			`// ComputeDHSecret computes the shared secret from the private key and the public key.`
			`func ComputeDHSecret(priv ecdh.PrivateKey, pub ecdh.PublicKey) ([]byte, error) {`
reorganize everything 2025-03-09 15:52:33 -04:00			`secret, err := priv.ECDH(pub)`
			`if err != nil {`
			`return nil, err`
			`}`

			`key, err := hkdf.Key(sha256.New, secret, nil, "", 32)`
			`if err != nil {`
			`return nil, err`
			`}`

			`return key, nil`
initial commit 2025-03-07 21:05:37 -05:00			`}`

refactoring time 2025-03-09 17:09:21 -04:00			`// ExportPublicKey exports the public key as a byte slice.`
			`func ExportPublicKey(pub *ecdh.PublicKey) ([]byte, error) {`
initial commit 2025-03-07 21:05:37 -05:00			`return pub.Bytes(), nil`
			`}`

refactoring time 2025-03-09 17:09:21 -04:00			`// ImportPublicKey imports the public key from a byte slice.`
			`func ImportPublicKey(data []byte) (*ecdh.PublicKey, error) {`
initial commit 2025-03-07 21:05:37 -05:00			`return DefaultDHCurve().NewPublicKey(data)`
			`}`