crypto/ecies: make authenticated shared data work
The s2 parameter was not actually written to the MAC.
This commit is contained in:
parent
b05e472c07
commit
fdb936ee95
@ -192,11 +192,9 @@ func concatKDF(hash hash.Hash, z, s1 []byte, kdLen int) (k []byte, err error) {
|
|||||||
// messageTag computes the MAC of a message (called the tag) as per
|
// messageTag computes the MAC of a message (called the tag) as per
|
||||||
// SEC 1, 3.5.
|
// SEC 1, 3.5.
|
||||||
func messageTag(hash func() hash.Hash, km, msg, shared []byte) []byte {
|
func messageTag(hash func() hash.Hash, km, msg, shared []byte) []byte {
|
||||||
if shared == nil {
|
|
||||||
shared = make([]byte, 0)
|
|
||||||
}
|
|
||||||
mac := hmac.New(hash, km)
|
mac := hmac.New(hash, km)
|
||||||
mac.Write(msg)
|
mac.Write(msg)
|
||||||
|
mac.Write(shared)
|
||||||
tag := mac.Sum(nil)
|
tag := mac.Sum(nil)
|
||||||
return tag
|
return tag
|
||||||
}
|
}
|
||||||
@ -243,9 +241,11 @@ func symDecrypt(rand io.Reader, params *ECIESParams, key, ct []byte) (m []byte,
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// Encrypt encrypts a message using ECIES as specified in SEC 1, 5.1. If
|
// Encrypt encrypts a message using ECIES as specified in SEC 1, 5.1.
|
||||||
// the shared information parameters aren't being used, they should be
|
//
|
||||||
// nil.
|
// s1 and s2 contain shared information that is not part of the resulting
|
||||||
|
// ciphertext. s1 is fed into key derivation, s2 is fed into the MAC. If the
|
||||||
|
// shared information parameters aren't being used, they should be nil.
|
||||||
func Encrypt(rand io.Reader, pub *PublicKey, m, s1, s2 []byte) (ct []byte, err error) {
|
func Encrypt(rand io.Reader, pub *PublicKey, m, s1, s2 []byte) (ct []byte, err error) {
|
||||||
params := pub.Params
|
params := pub.Params
|
||||||
if params == nil {
|
if params == nil {
|
||||||
|
@ -408,6 +408,36 @@ func TestEncryptDecrypt(t *testing.T) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestDecryptShared2(t *testing.T) {
|
||||||
|
prv, err := GenerateKey(rand.Reader, DefaultCurve, nil)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatal(err)
|
||||||
|
}
|
||||||
|
message := []byte("Hello, world.")
|
||||||
|
shared2 := []byte("shared data 2")
|
||||||
|
ct, err := Encrypt(rand.Reader, &prv.PublicKey, message, nil, shared2)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Check that decrypting with correct shared data works.
|
||||||
|
pt, err := prv.Decrypt(rand.Reader, ct, nil, shared2)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatal(err)
|
||||||
|
}
|
||||||
|
if !bytes.Equal(pt, message) {
|
||||||
|
t.Fatal("ecies: plaintext doesn't match message")
|
||||||
|
}
|
||||||
|
|
||||||
|
// Decrypting without shared data or incorrect shared data fails.
|
||||||
|
if _, err = prv.Decrypt(rand.Reader, ct, nil, nil); err == nil {
|
||||||
|
t.Fatal("ecies: decrypting without shared data didn't fail")
|
||||||
|
}
|
||||||
|
if _, err = prv.Decrypt(rand.Reader, ct, nil, []byte("garbage")); err == nil {
|
||||||
|
t.Fatal("ecies: decrypting with incorrect shared data didn't fail")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// TestMarshalEncryption validates the encode/decode produces a valid
|
// TestMarshalEncryption validates the encode/decode produces a valid
|
||||||
// ECIES encryption key.
|
// ECIES encryption key.
|
||||||
func TestMarshalEncryption(t *testing.T) {
|
func TestMarshalEncryption(t *testing.T) {
|
||||||
|
Loading…
Reference in New Issue
Block a user