## NAME

`X25519`

,
`X25519_keypair`

—
Elliptic Curve Diffie-Hellman primitive
based on Curve25519

## SYNOPSIS

```
#include
<openssl/curve25519.h>
```

`int`

`X25519`

(`uint8_t
out_shared_key[X25519_KEY_LENGTH]`, `const uint8_t
private_key[X25519_KEY_LENGTH]`, `const uint8_t
peer_public_value[X25519_KEY_LENGTH]`);

`void`

`X25519_keypair`

(`uint8_t
out_public_value[X25519_KEY_LENGTH]`, `uint8_t
out_private_key[X25519_KEY_LENGTH]`);

## DESCRIPTION

Curve25519 is an elliptic curve over a prime field specified in RFC 7748. The prime field is defined by the prime number 2^255 - 19.

`X25519`

()
is the Diffie-Hellman primitive built from Curve25519 as described in RFC
7748 section 5. Section 6.1 describes the intended use in an Elliptic Curve
Diffie-Hellman (ECDH) protocol.

`X25519`

()
writes a shared key to `out_shared_key` that is
calculated from the given `private_key` and the
`peer_public_value` by scalar multiplication. Do not use
the shared key directly, rather use a key derivation function and also
include the two public values as inputs.

`X25519_keypair`

()
sets `out_public_value` and
`out_private_key` to a freshly generated public/private
key pair. First, the `out_private_key` is generated with
arc4random_buf(3). Then, the opposite of the masking
described in RFC 7748 section 5 is applied to it to make sure that the
generated private key is never correctly masked. The purpose is to cause
incorrect implementations on the peer side to consistently fail. Correct
implementations will decode the key correctly even when it is not correctly
masked. Finally, the `out_public_value` is calculated
from the `out_private_key` by multiplying it with the
Montgomery base point `uint8_t u[32]`
= {9}.

The size of a public and private key is
`X25519_KEY_LENGTH`

= 32 bytes
each.

## RETURN VALUES

`X25519`

() returns 1 on success or 0 on
error. Failure can occur when the input is a point of small order.

## SEE ALSO

D. J. Bernstein, A state-of-the-art Diffie-Hellman function: How do I use Curve25519 in my own software?, http://cr.yp.to/ecdh.html.

## STANDARDS

RFC 7748: Elliptic Curves for Security