Open Schamper opened 7 years ago
This hasn’t been implemented yet, mostly because I haven’t run into a need for it in my projects.
I’m not opposed to it being added.
That would be a fine addition to this great project!
I need this and have started coding something up for my use. I'll see about putting it on a branch for review and/or pulling.
I can do the OpenSSL and MacOSX backends, but I have no access to (nor interest in) the Windows environment, so someone else would have to implement that part.
I have something reasonably tidy I could push to a branch now. However, the EVP-based key agreement support only showed up in OpenSSL 1.0.2. Is it worth coding a fallback for 0.9.8–1.0.1 that uses the lower-level ECDH_compute_key()
function? @wbond what do you think?
I appreciate your interest in contributing @wiml. I don't have time to work on this now, and probably not for a while. That said, I wouldn't plan on merging until a Windows solution was present, since the the idea of the package is to provide a consistent API across platforms.
I think it would be worth pushing your work up into a PR if you are interested. I personally would prefer code that works on OpenSSL versions before 1.0.2, just because I am almost certain they are still in the wild and supported on various long-term support Linux distros.
Even my oldish LTS install is at 1.0.2, but it turns out not to be too hard to support older OpenSSL versions as well. I set up a tox thing to test the crossproduct of python versions / OpenSSL versions / FFI.
I did have to add a pure-Python implementation of the X9.63 KDF, but that's pretty simple.
I'll push it to GitHub in a few days probably.
All right, I've pushed a few branches to my fork which should be of interest to anyone else who needs this feature:
SecKeyCopyKeyExchangeResult()
call, which was introduced in 10.12. I've only tested this on a few configurations but I would expect it to work on anything from 10.12 forward. It might be possible to support older versions using the CSSM/CDSA APIs, I'm not sure.So, if someone writes a Microsoft backend, it and these branches could be octopus-merged to produce a final feature branch.
In addition there are a few utility branches containing stuff that's likely in common across backends; pull them into a Microsoft backend branch if useful, ignore otherwise (they're already incorporated into the above branches):
Happy hacking and I hope someone finds this useful.
I can see functions to generate EC keys, but not one to calculate the ECDH shared secret. Am I missing it or does it need to be added?
Thanks