# Diffie-Hellman Key Exchange

In [None]:
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import dh
from cryptography.hazmat.primitives.kdf.hkdf import HKDF
from cryptography.hazmat.primitives.serialization import (
    Encoding, ParameterFormat, PublicFormat,
    load_pem_parameters, load_pem_public_key
)

We play the role of Alice and generate the parameters ($p$, $g$, $q$)

In [None]:
parameters = dh.generate_parameters(generator=2, key_size=1024)

We need to send the parameters to Bob, so we serialize the parameters into a string that can be sent over the Internet.
Bob will load the parameters with the command `parameters = load_pem_parameters(b'...string...')`

In [None]:
# If you are Bob, comment the following line
parameters.parameter_bytes(Encoding.PEM,ParameterFormat.PKCS3)

# If you are Bob, uncomment the following line and write the DH parameter string that you received from Alice
# parameters = load_pem_parameters(b'...parameter string...')

In [None]:
# Now generate the local keypair
local_private_key = parameters.generate_private_key()
local_public_key = local_private_key.public_key()

In [None]:
# We need to send the local public key to the remote host
# The remote host will load with the command
# remote_public_key = load_pem_public_key(b'...string...')
local_public_key.public_bytes(Encoding.PEM,PublicFormat.SubjectPublicKeyInfo)

In [None]:
# If you have the remote public key, uncomment the following line
# remote_public_key = load_pem_public_key("...string...")

# If you do not have the remote public key and are just testing, you can generate a test key with the following lines
# If you have the remote public key, comment the following lines
test_private_key = parameters.generate_private_key()
remote_public_key = test_private_key.public_key()

In [None]:
# This is the shared group element
shared_secret = local_private_key.exchange(remote_public_key)

In [None]:
# You can use derived_key to encrypt a message using any symmetric cipher
# If possible prefer an authenticated
derived_key = HKDF(
    algorithm=hashes.SHA256(),
    length=32,
    salt=None,
    info=b'some shared data',
).derive(shared_secret)
derived_key

## Laboratory

Pick a classmate, decide who's Alice and who's Bob. Generate a key and send a message.
You can use email or chat to exchange the protocol messages.