aboutsummaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authorFelix Lange <fjl@twurst.com>2016-02-10 03:05:49 +0800
committerFelix Lange <fjl@twurst.com>2016-02-12 16:49:18 +0800
commitfdb936ee95d09b1b98418735a813deba6770ad5a (patch)
treea53f1293b6cd4a87607d1dc8887cad0f6ee0aca7 /crypto
parentb05e472c076d30035233d6a8b5fb3360b236e3ff (diff)
downloaddexon-fdb936ee95d09b1b98418735a813deba6770ad5a.tar
dexon-fdb936ee95d09b1b98418735a813deba6770ad5a.tar.gz
dexon-fdb936ee95d09b1b98418735a813deba6770ad5a.tar.bz2
dexon-fdb936ee95d09b1b98418735a813deba6770ad5a.tar.lz
dexon-fdb936ee95d09b1b98418735a813deba6770ad5a.tar.xz
dexon-fdb936ee95d09b1b98418735a813deba6770ad5a.tar.zst
dexon-fdb936ee95d09b1b98418735a813deba6770ad5a.zip
crypto/ecies: make authenticated shared data work
The s2 parameter was not actually written to the MAC.
Diffstat (limited to 'crypto')
-rw-r--r--crypto/ecies/ecies.go12
-rw-r--r--crypto/ecies/ecies_test.go30
2 files changed, 36 insertions, 6 deletions
diff --git a/crypto/ecies/ecies.go b/crypto/ecies/ecies.go
index 65dc5b38b..ee4285617 100644
--- a/crypto/ecies/ecies.go
+++ b/crypto/ecies/ecies.go
@@ -192,11 +192,9 @@ func concatKDF(hash hash.Hash, z, s1 []byte, kdLen int) (k []byte, err error) {
// messageTag computes the MAC of a message (called the tag) as per
// SEC 1, 3.5.
func messageTag(hash func() hash.Hash, km, msg, shared []byte) []byte {
- if shared == nil {
- shared = make([]byte, 0)
- }
mac := hmac.New(hash, km)
mac.Write(msg)
+ mac.Write(shared)
tag := mac.Sum(nil)
return tag
}
@@ -243,9 +241,11 @@ func symDecrypt(rand io.Reader, params *ECIESParams, key, ct []byte) (m []byte,
return
}
-// Encrypt encrypts a message using ECIES as specified in SEC 1, 5.1. If
-// the shared information parameters aren't being used, they should be
-// nil.
+// Encrypt encrypts a message using ECIES as specified in SEC 1, 5.1.
+//
+// s1 and s2 contain shared information that is not part of the resulting
+// ciphertext. s1 is fed into key derivation, s2 is fed into the MAC. If the
+// shared information parameters aren't being used, they should be nil.
func Encrypt(rand io.Reader, pub *PublicKey, m, s1, s2 []byte) (ct []byte, err error) {
params := pub.Params
if params == nil {
diff --git a/crypto/ecies/ecies_test.go b/crypto/ecies/ecies_test.go
index 6a0ea3f02..cb09061ce 100644
--- a/crypto/ecies/ecies_test.go
+++ b/crypto/ecies/ecies_test.go
@@ -408,6 +408,36 @@ func TestEncryptDecrypt(t *testing.T) {
}
}
+func TestDecryptShared2(t *testing.T) {
+ prv, err := GenerateKey(rand.Reader, DefaultCurve, nil)
+ if err != nil {
+ t.Fatal(err)
+ }
+ message := []byte("Hello, world.")
+ shared2 := []byte("shared data 2")
+ ct, err := Encrypt(rand.Reader, &prv.PublicKey, message, nil, shared2)
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ // Check that decrypting with correct shared data works.
+ pt, err := prv.Decrypt(rand.Reader, ct, nil, shared2)
+ if err != nil {
+ t.Fatal(err)
+ }
+ if !bytes.Equal(pt, message) {
+ t.Fatal("ecies: plaintext doesn't match message")
+ }
+
+ // Decrypting without shared data or incorrect shared data fails.
+ if _, err = prv.Decrypt(rand.Reader, ct, nil, nil); err == nil {
+ t.Fatal("ecies: decrypting without shared data didn't fail")
+ }
+ if _, err = prv.Decrypt(rand.Reader, ct, nil, []byte("garbage")); err == nil {
+ t.Fatal("ecies: decrypting with incorrect shared data didn't fail")
+ }
+}
+
// TestMarshalEncryption validates the encode/decode produces a valid
// ECIES encryption key.
func TestMarshalEncryption(t *testing.T) {