libsec: add curve25519 diffie hellman

3 files changed, 39 insertions, 0 deletions

diff --git a/sys/include/libsec.h b/sys/include/libsec.h
index d275d6d47..38d8a67c5 100644
--- a/sys/include/libsec.h
+++ b/sys/include/libsec.h
@@ -459,3 +459,7 @@ void pbkdf2_hmac_sha1(uchar *p, ulong plen, uchar *s, ulong slen, ulong rounds,
 
 /* Curve25519 elliptic curve, public key function */
 void curve25519(uchar mypublic[32], uchar secret[32], uchar basepoint[32]);
+
+/* Curve25519 diffie hellman */
+void curve25519_dh_new(uchar x[32], uchar y[32]);
+void curve25519_dh_finish(uchar x[32], uchar y[32], uchar z[32]);
diff --git a/sys/src/libsec/port/curve25519_dh.c b/sys/src/libsec/port/curve25519_dh.c
new file mode 100644
index 000000000..efc16ac8d
--- /dev/null
+++ b/sys/src/libsec/port/curve25519_dh.c
@@ -0,0 +1,34 @@
+#include "os.h"
+#include <mp.h>
+#include <libsec.h>
+
+static uchar nine[32] = {9};
+
+void
+curve25519_dh_new(uchar x[32], uchar y[32])
+{
+	uchar b;
+
+	/* new public/private key pair */
+	genrandom(x, 32);
+	b = x[31];
+	x[0] &= ~7;			/* clear bit 0,1,2 */
+	x[31] = 0x40 | (b & 0x7f);	/* set bit 254, clear bit 255 */
+	curve25519(y, x, nine);
+
+	/* bit 255 is always 0, so make it random */
+	y[31] |= b & 0x80;
+}
+
+void
+curve25519_dh_finish(uchar x[32], uchar y[32], uchar z[32])
+{
+	/* remove the random bit */
+	y[31] &= 0x7f;
+
+	/* calculate dhx key */
+	curve25519(z, x, y);
+
+	memset(x, 0, 32);
+	memset(y, 0, 32);
+}
diff --git a/sys/src/libsec/port/mkfile b/sys/src/libsec/port/mkfile
index 641a70c16..bc9134a0c 100644
--- a/sys/src/libsec/port/mkfile
+++ b/sys/src/libsec/port/mkfile
@@ -23,6 +23,7 @@ CFILES = des.c desmodes.c desECB.c desCBC.c des3ECB.c des3CBC.c\
 	dh.c\
 	pbkdf2.c\
 	curve25519.c\
+	curve25519_dh.c\
 
 ALLOFILES=${CFILES:%.c=%.$O}