Skip to content

crypto/ecdh: document, that a key-derivation function is necessary #55977

New issue
New issue
Open
Open
crypto/ecdh: document, that a key-derivation function is necessary#55977
Labels
DocumentationIssues describing a change to documentation.NeedsInvestigationSomeone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
Backlog
@ostcar

Description

@ostcar
ostcar
opened on Sep 30, 2022

I am excited for the new package crypto/ecdh that will be added to go 1.20.

In the current documentation it says, that Curve.ECHD() returns a shared secret. Later it says, that it performs ECDH as specified in RFC 7748, Section 6.1.

In RFC 7748 in Section 6.1 there is the sentence:

Alice and Bob can then use a key-derivation function that includes K, K_A, and K_B to derive a symmetric key.

The current code of X25519().ECHD does not do the key-derivation but returns the shared secret. This is the documented behavior.

I have two questions about this:

  1. Is it really necessary to use a key-derivation function or could the shared secret be used directly as a symmetric key if the algorithms has the correct key-length?
  2. If it is necessary to use a key-derivation function, then it might be important to add a warning in the documentation of the package, that the returned value should not be used as a key. It is quite easy to forget the key-derivation function. In this case you have code that works, but it not secure. For example:
key, err := X25519().ECDH(privateLocalKey, publicRemoteKey)
if err != nil {
  ...
}
block, err := aes.NewCipher(key)

Metadata

Metadata

Assignees

No one assigned

    Labels

    DocumentationIssues describing a change to documentation.NeedsInvestigationSomeone must examine and confirm this is a valid issue and not a duplicate of an existing one.

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions