"crypto"
"crypto/internal/boring"
"crypto/subtle"
+ "errors"
"io"
"sync"
)
publicKeyOnce sync.Once
}
-// ECDH performs a ECDH exchange and returns the shared secret.
+// ECDH performs a ECDH exchange and returns the shared secret. The PrivateKey
+// and PublicKey must use the same curve.
//
// For NIST curves, this performs ECDH as specified in SEC 1, Version 2.0,
// Section 3.3.1, and returns the x-coordinate encoded according to SEC 1,
// For X25519, this performs ECDH as specified in RFC 7748, Section 6.1. If
// the result is the all-zero value, ECDH returns an error.
func (k *PrivateKey) ECDH(remote *PublicKey) ([]byte, error) {
+ if k.curve != remote.curve {
+ return nil, errors.New("crypto/ecdh: private key and public key curves do not match")
+ }
return k.curve.ecdh(k, remote)
}
t.Error("no P384 symbols found in program using ecdh.P384, test is broken")
}
}
+
+func TestMismatchedCurves(t *testing.T) {
+ curves := []struct {
+ name string
+ curve ecdh.Curve
+ }{
+ {"P256", ecdh.P256()},
+ {"P384", ecdh.P384()},
+ {"P521", ecdh.P521()},
+ {"X25519", ecdh.X25519()},
+ }
+
+ for _, privCurve := range curves {
+ priv, err := privCurve.curve.GenerateKey(rand.Reader)
+ if err != nil {
+ t.Fatalf("failed to generate test key: %s", err)
+ }
+
+ for _, pubCurve := range curves {
+ if privCurve == pubCurve {
+ continue
+ }
+ t.Run(fmt.Sprintf("%s/%s", privCurve.name, pubCurve.name), func(t *testing.T) {
+ pub, err := pubCurve.curve.GenerateKey(rand.Reader)
+ if err != nil {
+ t.Fatalf("failed to generate test key: %s", err)
+ }
+ expected := "crypto/ecdh: private key and public key curves do not match"
+ _, err = priv.ECDH(pub.PublicKey())
+ if err.Error() != expected {
+ t.Fatalf("unexpected error: want %q, got %q", expected, err)
+ }
+ })
+ }
+ }
+}