Struct x25519_dalek::SharedSecret
source · [−]pub struct SharedSecret(_);
Expand description
The result of a Diffie-Hellman key exchange.
Each party computes this using their EphemeralSecret
or StaticSecret
and their
counterparty’s PublicKey
.
Implementations
sourceimpl SharedSecret
impl SharedSecret
sourcepub fn was_contributory(&self) -> bool
pub fn was_contributory(&self) -> bool
Ensure in constant-time that this shared secret did not result from a key exchange with non-contributory behaviour.
In some more exotic protocols which need to guarantee “contributory” behaviour for both parties, that is, that each party contibuted a public value which increased the security of the resulting shared secret. To take an example protocol attack where this could lead to undesireable results from Thái “thaidn” Dương:
If Mallory replaces Alice’s and Bob’s public keys with zero, which is a valid Curve25519 public key, he would be able to force the ECDH shared value to be zero, which is the encoding of the point at infinity, and thus get to dictate some publicly known values as the shared keys. It still requires an active man-in-the-middle attack to pull the trick, after which, however, not only Mallory can decode Alice’s data, but everyone too! It is also impossible for Alice and Bob to detect the intrusion, as they still share the same keys, and can communicate with each other as normal.
The original Curve25519 specification argues that checks for non-contributory behaviour are “unnecessary for Diffie-Hellman”. Whether this check is necessary for any particular given protocol is often a matter of debate, which we will not re-hash here, but simply cite some of the relevant public discussions.
Returns
Returns true
if the key exchange was contributory (good), and false
otherwise (can be bad for some protocols).
Trait Implementations
sourceimpl Drop for SharedSecret
impl Drop for SharedSecret
Auto Trait Implementations
impl RefUnwindSafe for SharedSecret
impl Send for SharedSecret
impl Sync for SharedSecret
impl Unpin for SharedSecret
impl UnwindSafe for SharedSecret
Blanket Implementations
sourceimpl<T> BorrowMut<T> for T where
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
const: unstable · sourcefn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more