QUIC - Some sketching of the crypto handshake.

net/quic/crypto/curve25519_key_exchange.cc

Index: net/quic/crypto/curve25519_key_exchange.cc
===================================================================
--- net/quic/crypto/curve25519_key_exchange.cc	(revision 0)
+++ net/quic/crypto/curve25519_key_exchange.cc	(revision 0)
@@ -0,0 +1,98 @@
+// Copyright (c) 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/quic/crypto/curve25519_key_exchange.h"
+
+#include <string.h>
+
+#include "base/logging.h"
+#include "net/quic/crypto/quic_random.h"
+
+// TODO(rtenneti): Remove the following two lines after support for curve25519
+// is added.
+#define crypto_scalarmult_curve25519_SCALARBYTES 32
+#define crypto_scalarmult_curve25519_BYTES 32
+
+using base::StringPiece;
+using std::string;
+
+namespace net {
+
+Curve25519KeyExchange::Curve25519KeyExchange() {
+}
+
+Curve25519KeyExchange::~Curve25519KeyExchange() {
+}
+
+// static
+Curve25519KeyExchange* Curve25519KeyExchange::New(
+    const StringPiece& private_key) {
+  Curve25519KeyExchange* ka;
+

[wtc, 2013/03/01 19:07:58]

Nit: delete this blank line. (This is not in the internal CL.)

[ramant (doing other things), 2013/03/01 22:02:04]

Done.

+  // We don't want to #include the NaCl headers in the public header file, so
+  // we use literals for the sizes of private_key_ and public_key_. Here we
+  // assert that those values are equal to the values from the NaCl header.
+  COMPILE_ASSERT(
+      sizeof(ka->private_key_) == crypto_scalarmult_curve25519_SCALARBYTES,
+      header_out_of_sync);
+  COMPILE_ASSERT(
+      sizeof(ka->public_key_) == crypto_scalarmult_curve25519_BYTES,
+      header_out_of_sync);
+
+  if (private_key.size() != crypto_scalarmult_curve25519_SCALARBYTES) {
+    return NULL;
+  }
+
+  ka = new Curve25519KeyExchange();
+  memcpy(ka->private_key_, private_key.data(),
+         crypto_scalarmult_curve25519_SCALARBYTES);
+// TODO(rtenneti): Add support for curve25519.
+#if 0
+  crypto_scalarmult_curve25519_base(ka->public_key_, ka->private_key_);
+#endif
+  return ka;
+}

[wtc, 2013/03/01 19:07:58]

It is better to do this as follows:

Curve25519KeyExchange* Curve25519KeyExchange::New(
    const StringPiece& private_key) {
  // TODO(rtenneti): Add support for curve25519.
#if 0
  original code
#else
  return NULL;
#endif
}

Use the same approach for Curve25519KeyExchange::CalculateSharedKey().

[ramant (doing other things), 2013/03/01 22:02:04]

Done.

+
+// static
+string Curve25519KeyExchange::NewPrivateKey(QuicRandom* rand) {
+  uint8 private_key[crypto_scalarmult_curve25519_SCALARBYTES];
+  rand->RandBytes(private_key, sizeof(private_key));
+
+  // This makes |private_key| a valid scalar, as specified on
+  // http://cr.yp.to/ecdh.html
+  private_key[0] &= 248;
+  private_key[31] &= 127;
+  private_key[31] |= 64;
+  return string(reinterpret_cast<char*>(private_key), sizeof(private_key));
+}
+
+bool Curve25519KeyExchange::CalculateSharedKey(
+    const StringPiece& public_value,
+    string* out_result) const {
+  if (public_value.size() != crypto_scalarmult_curve25519_BYTES) {
+    return false;
+  }
+
+// TODO(rtenneti): Add support for curve25519.
+#if 0
+  uint8 result[crypto_scalarmult_curve25519_BYTES];
+  crypto_scalarmult_curve25519(
+      result, private_key_,
+      reinterpret_cast<const uint8*>(public_value.data()));
+  out_result->assign(reinterpret_cast<char*>(result), sizeof(result));
+#endif
+
+  return true;
+}
+
+StringPiece Curve25519KeyExchange::public_value() const {
+  return StringPiece(reinterpret_cast<const char*>(public_key_),
+                     sizeof(public_key_));
+}
+
+CryptoTag Curve25519KeyExchange::tag() const {
+  return kC255;
+}
+
+}  // namespace net