CC: DH: Diffie-Hellman-Merkle key exchange

README.md

@@ -32,6 +32,12 @@ let signed = try? CC.EC.signHash(keys!.0, hash: hash)
 let verified = try? CC.EC.verifyHash(keys!.1, hash: hash, signedData: signed!)
 let shared = try? CC.EC.computeSharedSecret(keys!.0, publicKey: keys!.1)
 ```
+### Diffie-Hellman functions
+```
+let dh = try CC.DH.DH(dhParam: .rfc3526Group5)
+let myPubKey = try dh.generateKey()
+let commonKey = try dh.computeKey(partnerPubKey!)
+```
 ### Encrypt, decrypt data with symmetric ciphers
 ```
 try CC.crypt(.encrypt, blockMode: .CBC, algorithm: .AES, padding: .PKCS7Padding, data: data, key: aesKey, iv: iv)

SwCrypt/SwCrypt.swift

@@ -975,6 +975,7 @@ public class CC {
 			KeyDerivation.available() &&
 			KeyWrap.available() &&
 			RSA.available() &&
+			DH.available() &&
 			EC.available() &&
 			GCM.available() &&
 			CCM.available()
@@ -1430,6 +1431,93 @@ public class CC {
 
 	}
 
+	public class DH {
+
+		public enum DHParam {
+			case rfc3526Group5
+		}
+
+		//this is stateful in CommonCrypto too, sry
+		public class DH {
+			private var ref: CCDHRef = nil
+
+			public init(dhParam: DHParam) throws {
+				ref = CCDHCreate!(dhParameter: kCCDHRFC3526Group5!)
+				guard ref != nil else {
+					throw CCError(.ParamError)
+				}
+			}
+
+			public func generateKey() throws -> NSData {
+				var outputLength = 8192
+				let output = NSMutableData(length: outputLength)!
+				let status = CCDHGenerateKey!(
+					ref: ref,
+					output: output.mutableBytes, outputLength: &outputLength)
+				output.length = outputLength
+				guard status != -1 else {
+					throw CCError(.ParamError)
+				}
+				return output
+			}
+
+			public func computeKey(peerKey: NSData) throws -> NSData {
+				var sharedKeyLength = 8192
+				let sharedKey = NSMutableData(length: sharedKeyLength)!
+				let status = CCDHComputeKey!(
+					sharedKey: sharedKey.mutableBytes, sharedKeyLen: &sharedKeyLength,
+					peerPubKey: peerKey.bytes, peerPubKeyLen: peerKey.length,
+					ref: ref)
+				sharedKey.length = sharedKeyLength
+				guard status == 0 else {
+					throw CCError(.ParamError)
+				}
+				return sharedKey
+			}
+
+			deinit {
+				if ref != nil {
+					CCDHRelease!(ref: ref)
+				}
+			}
+		}
+
+
+		public static func available() -> Bool {
+			return CCDHCreate != nil &&
+				CCDHRelease != nil &&
+				CCDHGenerateKey != nil &&
+				CCDHComputeKey != nil
+		}
+
+		private typealias CCDHParameters = UnsafePointer<Void>
+		private typealias CCDHRef = UnsafePointer<Void>
+
+		private typealias kCCDHRFC3526Group5TM = UnsafePointer<CCDHParameters>
+		private static let kCCDHRFC3526Group5M : kCCDHRFC3526Group5TM? =
+			getFunc(dl, f: "kCCDHRFC3526Group5")
+		private static let kCCDHRFC3526Group5 = kCCDHRFC3526Group5M?.memory
+
+		private typealias CCDHCreateT = @convention(c) (
+			dhParameter: CCDHParameters) -> CCDHRef
+		private static let CCDHCreate : CCDHCreateT? = getFunc(dl, f: "CCDHCreate")
+
+		private typealias CCDHReleaseT = @convention(c) (
+			ref: CCDHRef) -> Void
+		private static let CCDHRelease : CCDHReleaseT? = getFunc(dl, f: "CCDHRelease")
+
+		private typealias CCDHGenerateKeyT = @convention(c) (
+			ref: CCDHRef,
+			output: UnsafeMutablePointer<Void>, outputLength: UnsafeMutablePointer<size_t>) -> CInt
+		private static let CCDHGenerateKey : CCDHGenerateKeyT? = getFunc(dl, f: "CCDHGenerateKey")
+
+		private typealias CCDHComputeKeyT = @convention(c) (
+			sharedKey: UnsafeMutablePointer<Void>, sharedKeyLen: UnsafeMutablePointer<size_t>,
+			peerPubKey: UnsafePointer<Void>, peerPubKeyLen: size_t,
+			ref: CCDHRef) -> CInt
+		private static let CCDHComputeKey : CCDHComputeKeyT? = getFunc(dl, f: "CCDHComputeKey")
+	}
+
 	public class EC {
 
 		public static func generateKeyPair(keySize: Int) throws -> (NSData, NSData) {

SwCryptTests/SwCryptTests.swift

@@ -240,4 +240,23 @@ class SwCryptTest: XCTestCase {
 		let shared = try? CC.EC.computeSharedSecret(keys!.0, publicKey: keys!.1)
 		XCTAssert(shared != nil)
 	}
+
+	func testDH() {
+		XCTAssert(CC.DH.available())
+		let dh1 = try? CC.DH.DH(dhParam: .rfc3526Group5)
+		XCTAssert(dh1 != nil)
+		let dh2 = try? CC.DH.DH(dhParam: .rfc3526Group5)
+		XCTAssert(dh2 != nil)
+
+		let pub1 = try? dh1!.generateKey()
+		XCTAssert(pub1 != nil)
+		let pub2 = try? dh2!.generateKey()
+		XCTAssert(pub2 != nil)
+
+		let common1 = try? dh1!.computeKey(pub2!)
+		XCTAssert(common1 != nil)
+		let common2 = try? dh2!.computeKey(pub1!)
+		XCTAssert(common2 != nil)
+		XCTAssert(common1 == common2)
+	}
 }