2  * Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved.
17  * This is a demonstration of key exchange using ECDH.
19  * EC key exchange requires 2 parties (peers) to first agree on shared group
21  * key pair using the shared curve name. Each peer then gives their public key
22  * to the other peer. A peer can then derive the same shared secret using their
23  * private key and the other peers public key.
31     EVP_PKEY *pub;                  /* public key to send to other peer */
37  * The public key needs to be given to the other peer
38  * The following code extracts the public key data from the private key
39  * and then builds an EVP_KEY public key.
49     /* Get the EC encoded public key data from the peers private key */  in get_peer_public_key()
50     if (!EVP_PKEY_get_octet_string_param(peer->priv, OSSL_PKEY_PARAM_PUB_KEY,  in get_peer_public_key()
55     /* Create a EC public key from the public key data */  in get_peer_public_key()
60                                                  (char *)peer->curvename, 0);  in get_peer_public_key()
65           && (EVP_PKEY_fromdata(ctx, &peer->pub, EVP_PKEY_PUBLIC_KEY,  in get_peer_public_key()
78                                                  (char *)peer->curvename, 0);  in create_peer()
87             || EVP_PKEY_generate(ctx, &peer->priv) <= 0  in create_peer()
89         EVP_PKEY_free(peer->priv);  in create_peer()
90         peer->priv = NULL;  in create_peer()
101     EVP_PKEY_free(peer->priv);  in destroy_peer()
102     EVP_PKEY_free(peer->pub);  in destroy_peer()
112     /* Create an EVP_PKEY_CTX that contains peerA's private key */  in generate_secret()
113     derivectx = EVP_PKEY_CTX_new_from_pkey(libctx, peerA->priv, NULL);  in generate_secret()
119     /* Set up peerB's public key */  in generate_secret()
144      * pass the secret to a KDF to derive additional key data from the secret.  in generate_secret()
145      * See demos/kdf/hkdf.c for an example (where ikm is the secret key)  in generate_secret()
158      * which is 256 bits for P-256.  in generate_secret()
162     peerA->secret = secret;  in generate_secret()
163     peerA->secretlen = secretlen;  in generate_secret()
165     printf("Shared secret (%s):\n", peerA->name);  in generate_secret()
166     BIO_dump_indent_fp(stdout, peerA->secret, peerA->secretlen, 2);  in generate_secret()
180     PEER_DATA peer1 = {"peer 1", "P-256"};  in main()
181     PEER_DATA peer2 = {"peer 2", "P-256"};  in main()
196      * Each peer uses its private key and the other peers public key to  in main()