pub struct SharedSecret(_);
Expand description

The result of a Diffie-Hellman key exchange.

Each party computes this using their EphemeralSecret or StaticSecret and their counterparty’s PublicKey.

Implementations§

source§

impl SharedSecret

source

pub fn to_bytes(&self) -> [u8; 32]

Convert this shared secret to a byte array.

source

pub fn as_bytes(&self) -> &[u8; 32]

View this shared secret key as a byte array.

source

pub fn was_contributory(&self) -> bool

Ensure in constant-time that this shared secret did not result from a key exchange with non-contributory behaviour.

In some more exotic protocols which need to guarantee “contributory” behaviour for both parties, that is, that each party contributed a public value which increased the security of the resulting shared secret. To take an example protocol attack where this could lead to undesirable results from Thái “thaidn” Dương:

If Mallory replaces Alice’s and Bob’s public keys with zero, which is a valid Curve25519 public key, he would be able to force the ECDH shared value to be zero, which is the encoding of the point at infinity, and thus get to dictate some publicly known values as the shared keys. It still requires an active man-in-the-middle attack to pull the trick, after which, however, not only Mallory can decode Alice’s data, but everyone too! It is also impossible for Alice and Bob to detect the intrusion, as they still share the same keys, and can communicate with each other as normal.

The original Curve25519 specification argues that checks for non-contributory behaviour are “unnecessary for Diffie-Hellman”. Whether this check is necessary for any particular given protocol is often a matter of debate, which we will not re-hash here, but simply cite some of the relevant public discussions.

Returns

Returns true if the key exchange was contributory (good), and false otherwise (can be bad for some protocols).

Trait Implementations§

source§

impl AsRef<[u8]> for SharedSecret

source§

fn as_ref(&self) -> &[u8]

View this shared secret key as a byte array.

source§

impl Zeroize for SharedSecret

source§

fn zeroize(&mut self)

Zero out this object from memory using Rust intrinsics which ensure the zeroization operation is not “optimized away” by the compiler.

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for Twhere T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for Twhere T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for Twhere T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for Twhere U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T, U> TryFrom<U> for Twhere U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for Twhere U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.