Skip to main content

Crypto: Create an ECDH key pair and calculate shared secret

I needed a way how to create an ECDH key pairs, share the public key, and calculate the shared secret.

For example, you want program A and program B to share encrypted data. Program A needs to use this key to encrypt data (for example with AES-256), send it to program B, and then let program B decrypt it. They both need to know what is the shared key.

However, may not want to distribute this shared key. You could have many such programs and you would need to distribute unique keys every time. The simpler way is to utilize public keys.

It works the following way:

  1. Program A and B create their own ECDH key pairs.
  2. Program A sends its own public key to program B.
  3. Program B sends its own public key to program A.
  4. Both A and B calculate shared secrets.
  5. Now you can communicate with symmetric encryption such as AES-256.

See the example usage code at the bottom.

Note! I am not a cryptography expert. Don’t use this for production code. This is simply an example code that shows how to generate ECDH key pairs and generate shared secret with OpenSSL.

I highly recommend reading more about ECDH before using the code below. Moreover, don’t reinvent cryptography from scratch, use an already existing solutions (not this).

For the code I have chosen to use OpenSSL. The following code was tested with OpenSSL version 3.1.7.

Header:

#pragma once

#include <memory>
#include <string>
#include <vector>

// Forward declaration
typedef struct evp_pkey_st EVP_PKEY;

class ECDH {
public:
    explicit ECDH(const std::string_view& curve = "secp384r1");
    ~ECDH();

    [[nodiscard]] std::string getPublicKey() const;
    std::vector<uint8_t> deriveSharedSecret(const std::string_view& other);

private:
    static void evpDeleter(EVP_PKEY* p);
    using EvpKeyPtr = std::unique_ptr<EVP_PKEY, decltype(&evpDeleter)>;

    EvpKeyPtr evp;
};

Source:

#pragma clang diagnostic push
#pragma clang diagnostic ignored "-Wdeprecated-declarations"

#include "ECDH.hpp"
#include <openssl/core_names.h>
#include <openssl/dh.h>
#include <openssl/ec.h>
#include <openssl/param_build.h>
#include <openssl/pem.h>

static bool isCurveSupported(const std::string_view& name) {
    const auto count = EC_get_builtin_curves(nullptr, 0);
    if (count <= 0) {
        throw std::runtime_error("EC_get_builtin_curves failed to get curves");
    }

    auto buffer = std::make_unique<EC_builtin_curve[]>(count);
    if (EC_get_builtin_curves(buffer.get(), count) != count) {
        throw std::runtime_error("EC_get_builtin_curves failed to get curves");
    }

    for (size_t i = 0; i < count; i++) {
        const auto* n = OBJ_nid2sn(buffer[i].nid);
        if (std::strncmp(n, name.data(), name.size()) == 0) {
            return true;
        }
    }

    return false;
}

using OsslParamBldPtr = std::unique_ptr<OSSL_PARAM_BLD, decltype(&OSSL_PARAM_BLD_free)>;
using OsslParamPtr = std::unique_ptr<OSSL_PARAM, decltype(&OSSL_PARAM_free)>;
using EvpPkeyCtxPtr = std::unique_ptr<EVP_PKEY_CTX, decltype(&EVP_PKEY_CTX_free)>;
using BioPtr = std::unique_ptr<BIO, decltype(&BIO_free)>;

ECDH::ECDH(const std::string_view& curve) : evp{nullptr, &evpDeleter} {
    if (!isCurveSupported(curve)) {
        throw std::runtime_error("The ECDH curve is not supported");
    }

    OsslParamBldPtr paramBuild{OSSL_PARAM_BLD_new(), &OSSL_PARAM_BLD_free};
    if (!paramBuild) {
        throw std::runtime_error("OSSL_PARAM_BLD_new failed to generate param builder");
    }

    if (!OSSL_PARAM_BLD_push_utf8_string(paramBuild.get(), OSSL_PKEY_PARAM_GROUP_NAME, curve.data(), curve.size())) {
        throw std::runtime_error("OSSL_PARAM_BLD_push failed to set curve name");
    }

    OsslParamPtr params{OSSL_PARAM_BLD_to_param(paramBuild.get()), &OSSL_PARAM_free};
    if (!params) {
        throw std::runtime_error("OSSL_PARAM_BLD_to_param failed to convert to params");
    }

    EvpPkeyCtxPtr ctx{EVP_PKEY_CTX_new_from_name(nullptr, "EC", nullptr), &EVP_PKEY_CTX_free};
    if (!ctx) {
        throw std::runtime_error("EVP_PKEY_CTX_new_from_name failed to generate context");
    }

    if (EVP_PKEY_keygen_init(ctx.get()) <= 0) {
        throw std::runtime_error("EVP_PKEY_keygen_init failed to initialize context");
    }

    if (!EVP_PKEY_CTX_set_params(ctx.get(), params.get())) {
        throw std::runtime_error("EVP_PKEY_CTX_set_params failed to set params");
    }

    EVP_PKEY* keyPair = nullptr;
    if (EVP_PKEY_generate(ctx.get(), &keyPair) <= 0) {
        throw std::runtime_error("EVP_PKEY_generate failed to generate keypair");
    }

    evp.reset(keyPair);
}

ECDH::~ECDH() = default;

std::string ECDH::getPublicKey() const {
    BioPtr bio{BIO_new(BIO_s_mem()), &BIO_free};

    if (!PEM_write_bio_PUBKEY(bio.get(), evp.get())) {
        throw std::runtime_error("Failed to read public key");
    }

    const auto len = BIO_pending(bio.get());
    if (!len) {
        throw std::runtime_error("Failed to read public key length");
    }

    std::string result;
    result.resize(len);
    if (!BIO_read(bio.get(), &result[0], static_cast<int>(result.size()))) {
        throw std::runtime_error("Failed to read public key data");
    }

    return result;
}

std::vector<uint8_t> ECDH::deriveSharedSecret(const std::string_view& other) {
    BioPtr bio{BIO_new(BIO_s_mem()), &BIO_free};

    if (!BIO_write(bio.get(), other.data(), static_cast<int>(other.size()))) {
        throw std::runtime_error("BIO_write failed to read public key data");
    }

    auto ptr = PEM_read_bio_EC_PUBKEY(bio.get(), nullptr, nullptr, nullptr);
    if (!ptr) {
        throw std::runtime_error("PEM_read_bio_EC_PUBKEY failed to parse public key");
    }

    EvpKeyPtr pubKey{EVP_PKEY_new(), &evpDeleter};
    if (!EVP_PKEY_assign_EC_KEY(pubKey.get(), ptr)) {
        EC_KEY_free(ptr);
        throw std::runtime_error("EVP_PKEY_assign_EC_KEY failed");
    }

    EvpPkeyCtxPtr ctx{EVP_PKEY_CTX_new(evp.get(), nullptr), &EVP_PKEY_CTX_free};
    if (!ctx) {
        throw std::runtime_error("EVP_PKEY_CTX_new failed to create derivation context");
    }

    if (EVP_PKEY_derive_init(ctx.get()) <= 0) {
        throw std::runtime_error("EVP_PKEY_derive_init failed to initialize derivation context");
    }

    if (EVP_PKEY_derive_set_peer(ctx.get(), pubKey.get()) <= 0) {
        throw std::runtime_error("EVP_PKEY_derive_set_peer failed to set peer public key");
    }

    size_t length{0};
    if (EVP_PKEY_derive(ctx.get(), nullptr, &length) <= 0 || length == 0) {
        throw std::runtime_error("EVP_PKEY_derive failed to get shared secret length");
    }

    std::vector<uint8_t> result;
    result.resize(length);

    if (EVP_PKEY_derive(ctx.get(), &result[0], &length) <= 0 || length == 0) {
        throw std::runtime_error("EVP_PKEY_derive failed to get shared secret data");
    }

    return result;
}

void ECDH::evpDeleter(EVP_PKEY* p) {
    EVP_PKEY_free(p);
}

#pragma clang diagnostic pop

Example usage:

#include "ECDH.hpp"

int main() {
    // Create ECDH key pairs for A and B
    ECDH a;
    ECDH b;
    
    std::cout << "Public key of A: " << a.getPublicKey() << std::endl;
    std::cout << "Public key of B: " << b.getPublicKey() << std::endl;
    
    // Exchange public keys and calculate shared secrets
    std::vector<uint8_t> sharedA = a.deriveSharedSecret(b.getPublicKey());
    std::vector<uint8_t> sharedB = b.deriveSharedSecret(a.getPublicKey());
    
    // Do both shared secrets share the same length?
    assert(sharedA.size() == sharedB.size());
    
    // Do both shared secrets equal?
    int cmp = std::memcmp(sharedA.data(), sharedB.data(), sharedA.size());
    assert(cmp == 0);
}