Open Source Kerberos Tooling


CURVE25519_NWAY - perform n-way curve25519 ECDH


        use CURVE25519_NWAY;

        use base qw/... CURVE25519_NWAY/;


CURVE25519_NWAY expects to be inherited by a class that will use its methods. This class is expected to be a hashref and provide an element ctx which is a Kerberos context. It will set state variables in the hashref of the form CURVE25519_NWAY_*.

It also expects that the class that inherits it will be using an OO RPC framework such as Kharon and that the methods curve25519_start() and curve25519_step() are exported by the derived objects. This means that many of the calls to curve25519_start()/curve25519_step() will in fact be network communications rather than be processed locally. This object should also override curve25519_final() to provide a method which takes shared secret which is returned and use it in whatever fashion is desired. This function will look roughy like this:

        sub curve25519_start {
                my ($self, $priv, @rest) = @_;

                my $key = $self->SUPER::curve25519_start($priv, @rest);

                ... do something with the key

                return;         # do not return the key.

To negotiate a key between N objects, the class method CURVE25519_NWAY::do_nway must be called to get all of the state setup. It must then be followed by $obj->curve25519_final for each object. The results of curve25519_final() must not be transmitted over the wire as it is the shared key.


There are no constructors which are not intended solely for testing.



performs N-way CURVE25519 ECDH. HOSTS is an array ref containing objects that implement CURVE25519_NWAY.


$ecdh->curve25519_final(HNUM, NONCES, PUBLICKEY)

returns the shared secret in exchange for host number (HNUM), the array reference of NONCES and the public key (PUBLICKEY) derived by using curve25519 with all of the other hosts secrets. Or more simply, one must pass in HNUM which is the position of the object in the hosts list provided to do_nway(), NONCES which is the array reference of nonces returned by each curve25519_start(), and PUBLICKEY which is the associated public key also returned by do_nway().

This function should never be directly exported on the wire as it returns the shared secret. This would invalidate the purpose of using ECDH. It is expected that that the class that inherits will override this function, consume its output, and act on it.