ECDH
X25519是一种快速密钥交换的算法,使用GO语言实现其密钥交换流程。
Go语言版本1.20,之前版本的一些方法已经被弃用
[root@node2 client]# go version
go version go1.20.6 linux/amd64
client.go
package main
import (
"bytes"
"encoding/hex"
"encoding/json"
"fmt"
"math/rand"
"net/http"
"golang.org/x/crypto/curve25519"
)
type KeyExchangeRequest struct {
ClientPublicKey string `json:"public_key"`
}
type KeyExchangeResponse struct {
ServerPublicKey string `json:"public_key"`
}
func generateKeyPair() ([]byte, []byte) {
var privateKey [32]byte
for i := range privateKey[:] {
privateKey[i] = byte(rand.Intn(256))
}
var publicKey [32]byte
curve25519.ScalarBaseMult(&publicKey, &privateKey)
return privateKey[:], publicKey[:]
}
func ECDH_sharekey(privateKey, peerPublicKey []byte) ([]byte, error) {
//var sharedKey [32]byte
// 使用私钥和对方的公钥计算共享密钥
sharedKey, err := curve25519.X25519(privateKey, peerPublicKey)
if err != nil {
return sharedKey, err
}
return sharedKey, nil
}
func do_exchange(url string) error {
fmt.Printf("开始密钥交换\n")
pri_key, pubkey := generateKeyPair()
// 创建请求体
requestBody := KeyExchangeRequest{
ClientPublicKey: hex.EncodeToString(pubkey),
}
// 将请求体转换为JSON
requestBodyJSON, err := json.Marshal(requestBody)
if err != nil {
return err
}
// 发送HTTP POST请求
response, err := http.Post(url, "application/json", bytes.NewBuffer(requestBodyJSON))
if err != nil {
return err
}
defer response.Body.Close()
// 解析响应
var responseBody KeyExchangeResponse
decoder := json.NewDecoder(response.Body)
if err := decoder.Decode(&responseBody); err != nil {
return err
}
// 解析JSON请求体
peer_pubkey, err := hex.DecodeString(responseBody.ServerPublicKey)
if err != nil {
return err
}
sharedKey, err := curve25519.X25519(pri_key, peer_pubkey)
if err != nil {
return err
}
fmt.Printf("共享密钥:%s \n", hex.EncodeToString(sharedKey))
return nil
}
func main() {
do_exchange("http://127.0.0.1:8080/keyexchange")
}
server.go
package main
import (
"encoding/hex"
"encoding/json"
"fmt"
"io"
"math/rand"
"net/http"
"golang.org/x/crypto/curve25519"
)
type KeyExchangeRequest struct {
ClientPublicKey string `json:"public_key"`
}
type KeyExchangeResponse struct {
ServerPublicKey string `json:"public_key"`
}
func generateKeyPair() ([]byte, []byte) {
var privateKey [32]byte
for i := range privateKey[:] {
privateKey[i] = byte(rand.Intn(256))
}
var publicKey [32]byte
curve25519.ScalarBaseMult(&publicKey, &privateKey)
return privateKey[:], publicKey[:]
}
func ECDH_sharekey(privateKey, peerPublicKey []byte) ([]byte, error) {
//var sharedKey [32]byte
// 使用私钥和对方的公钥计算共享密钥
sharedKey, err := curve25519.X25519(privateKey, peerPublicKey)
if err != nil {
return sharedKey, err
}
return sharedKey, nil
}
func keyExchangeHandler(w http.ResponseWriter, r *http.Request) {
fmt.Printf("接受密钥交换请求\n")
// 读取请求体
body, err := io.ReadAll(r.Body)
if err != nil {
http.Error(w, "Error reading request body", http.StatusBadRequest)
return
}
// 解析JSON请求体
var request KeyExchangeRequest
err = json.Unmarshal(body, &request)
if err != nil {
http.Error(w, "Error parsing JSON", http.StatusBadRequest)
return
}
peer_pubkey, err := hex.DecodeString(request.ClientPublicKey)
if err != nil {
http.Error(w, "Error decode client pub key", http.StatusInternalServerError)
return
}
// 生成服务器的X25519密钥对
priv_key, pub_key := generateKeyPair()
// 计算共享密钥(ECDH)
sharedKey, err := curve25519.X25519(priv_key, peer_pubkey)
if err != nil {
http.Error(w, "Error calculating shared key", http.StatusInternalServerError)
return
}
fmt.Printf("共享密钥:%s \n", hex.EncodeToString(sharedKey))
pub_key_str := hex.EncodeToString(pub_key)
// 返回响应
response := KeyExchangeResponse{
ServerPublicKey: pub_key_str,
}
// 将响应序列化为JSON并发送给客户端
responseJSON, err := json.Marshal(response)
if err != nil {
http.Error(w, "Error serializing response", http.StatusInternalServerError)
return
}
w.Header().Set("Content-Type", "application/json")
//w.WriteHeader(http.StatusOK)
w.Write(responseJSON)
}
func main() {
mux := http.NewServeMux()
mux.HandleFunc("/keyexchange", keyExchangeHandler)
// 创建一个HTTP服务器并指定地址和端口
server := &http.Server{
Addr: ":8080",
Handler: mux,
}
// 启动HTTP服务器
err := server.ListenAndServe()
if err != nil {
fmt.Println("Error starting server:", err)
}
}
测试
成功协商出共享密钥
[root@node2 server]# go build
[root@node2 server]#
[root@node2 server]#
[root@node2 server]# ./server
接受密钥交换请求
共享密钥:7bc00e9275f38097fb6e919bc20e2479f88ee03bbcdda5b6a59ef66b810fc401
[root@node2 client]# ./client
开始密钥交换
共享密钥:7bc00e9275f38097fb6e919bc20e2479f88ee03bbcdda5b6a59ef66b810fc401