From 63696dc474d3bd410e056abdf5729d9481896774 Mon Sep 17 00:00:00 2001
From: Roman Zeyde <roman.zeyde@gmail.com>
Date: Fri, 10 Jun 2016 22:17:02 +0300
Subject: [PATCH] crypto: add ECDH session key generation

---
 firmware/crypto.c | 20 ++++++++++++++++++++
 firmware/crypto.h |  3 +++
 2 files changed, 23 insertions(+)

diff --git a/firmware/crypto.c b/firmware/crypto.c
index 8587f84..b9cd878 100644
--- a/firmware/crypto.c
+++ b/firmware/crypto.c
@@ -27,6 +27,7 @@
 #include "layout.h"
 #include "curves.h"
 #include "secp256k1.h"
+#include "macros.h"
 
 uint32_t ser_length(uint32_t len, uint8_t *out)
 {
@@ -100,6 +101,25 @@ int gpgMessageSign(const HDNode *node, const uint8_t *message, size_t message_le
 	return hdnode_sign_digest(node, message, signature + 1, NULL);
 }
 
+int cryptoGetECDHSessionKey(const HDNode *node, const uint8_t *peer_public_key, uint8_t *session_key)
+{
+	curve_point point;
+	const ecdsa_curve *curve = node->curve->params;
+	if (!ecdsa_read_pubkey(curve, peer_public_key, &point)) {
+		return 1;
+	}
+	bignum256 k;
+	bn_read_be(node->private_key, &k);
+	point_multiply(curve, &k, &point, &point);
+	MEMSET_BZERO(&k, sizeof(k));
+
+	session_key[0] = 0x04;
+	bn_write_be(&point.x, session_key + 1);
+	bn_write_be(&point.y, session_key + 33);
+	MEMSET_BZERO(&point, sizeof(point));
+	return 0;
+}
+
 int cryptoMessageSign(const CoinType *coin, const HDNode *node, const uint8_t *message, size_t message_len, uint8_t *signature)
 {
 	SHA256_CTX ctx;
diff --git a/firmware/crypto.h b/firmware/crypto.h
index 13b97bb..8425046 100644
--- a/firmware/crypto.h
+++ b/firmware/crypto.h
@@ -37,6 +37,9 @@ int sshMessageSign(const HDNode *node, const uint8_t *message, size_t message_le
 
 int gpgMessageSign(const HDNode *node, const uint8_t *message, size_t message_len, uint8_t *signature);
 
+int cryptoGetECDHSessionKey(const HDNode *node, const uint8_t *peer_public_key, uint8_t *session_key);
+
+
 int cryptoMessageSign(const CoinType *coin, const HDNode *node, const uint8_t *message, size_t message_len, uint8_t *signature);
 
 int cryptoMessageVerify(const CoinType *coin, const uint8_t *message, size_t message_len, const uint8_t *address_raw, const uint8_t *signature);