Library
Module
Module type
Parameter
Class
Class type
Diffie-Hellman key exchange over Curve25519 (also known as X25519).
This implementation uses C code from Project Everest, an effort to build and deploy a verified HTTPS stack.
Generate a key pair. rng
should return a Cstruct.t
with the specified key length (in bytes) and fill it with random bytes.
If the cstruct returned by rng
does not have the correct length, raises Failure _
.
val pp_error : Stdlib.Format.formatter -> error -> unit
Pretty printer for errors
Perform Diffie-Hellman key exchange between a private part and a public part.
It checks length of the pub
key and returns an error if it has an incorrect length.
In DH terms, the private part corresponds to a scalar, and the public part corresponds to a point, and this computes the scalar multiplication.
The resulting shared secret is not truncated.
As described in RFC 7748, section 6.1, this function might internally generate an all-zero value. If this is the case Error `Low_order
will be returned instead. This check is necessary in the context of TLS 1.3, but might not in other protocols.