X25519
Algorithm
X25519 maps scalars and Montgomery u-coordinates to a 32-byte shared secret. In TLS 1.3, each side contributes an ephemeral key share inside ClientHello / ServerHello extensions.
Purpose
RFC 7748 Curve25519 ECDH for TLS 1.3 x25519 key shares and general key agreement.
Rust API
- Crate:
noxtls-crypto - Module path (conceptual):
noxtls_crypto::pkc - Primary symbols:
X25519PrivateKeyX25519PublicKeynoxtls_x25519_shared_secretnoxtls_x25519_generate_private_key_autonoxtls_x25519_basepoint
Functions and types:
noxtls_x25519_generate_private_key_auto(drbg)- Parameters:drbgsupplies random bytes for scalar generation. Behavior: creates an ephemeral/private X25519 key scalar. Returns: generatedX25519PrivateKeyinResult.X25519PrivateKey::public_key()- Parameters: private key instance. Behavior: derives Montgomery public key share from the private scalar. Returns:X25519PublicKey.noxtls_x25519_shared_secret(local_private, remote_public)- Parameters: local private key and peer public key. Behavior: computes RFC 7748 X25519 shared secret (private key is consumed by value). Returns: 32-byte shared secret inResult.
Feature flags and policy
Default.
Examples
use noxtls_crypto::{noxtls_x25519_generate_private_key_auto, noxtls_x25519_shared_secret, HmacDrbgSha256};
let mut drbg = HmacDrbgSha256::new(b"0123456789abcdef", b"nonce", b"")?;
let alice = noxtls_x25519_generate_private_key_auto(&mut drbg)?;
let bob = noxtls_x25519_generate_private_key_auto(&mut drbg)?;
let alice_pk = alice.public_key();
let bob_pk = bob.public_key();
let s_alice = noxtls_x25519_shared_secret(alice.clone(), bob_pk)?;
let s_bob = noxtls_x25519_shared_secret(bob, alice_pk)?;
assert_eq!(s_alice, s_bob);
# Ok::<(), noxtls_core::Error>(())
Security and compatibility
Follow RFC 7748 / TLS guidance on public-key validation and constant-time expectations for your threat model.