diff options
author | Gustav Simonsson <gustav.simonsson@gmail.com> | 2015-02-12 03:03:52 +0800 |
---|---|---|
committer | Gustav Simonsson <gustav.simonsson@gmail.com> | 2015-02-12 03:28:42 +0800 |
commit | 52a46e61f948d9c5f4a4e993bc1870bd79a19b56 (patch) | |
tree | 3c54f34f53f0cca44c42069df3bc36f1b8c67fba | |
parent | d899334bba7bf4a157cab19d8ad836dcb1de0c34 (diff) | |
download | go-tangerine-52a46e61f948d9c5f4a4e993bc1870bd79a19b56.tar.gz go-tangerine-52a46e61f948d9c5f4a4e993bc1870bd79a19b56.tar.zst go-tangerine-52a46e61f948d9c5f4a4e993bc1870bd79a19b56.zip |
Correct ECIES shared key length check
* Ensure the ECIES shared key is padded with zero bytes if it's
smaller than the requested key length.
* Split the ECIES shared key error into two;
one for when the generated key is too big for the params
and one for when it's nil (point of infinity returned by the
curve scalar multiplication).
-rw-r--r-- | ecies.go | 29 |
1 files changed, 17 insertions, 12 deletions
@@ -13,11 +13,12 @@ import ( ) var ( - ErrImport = fmt.Errorf("ecies: failed to import key") - ErrInvalidCurve = fmt.Errorf("ecies: invalid elliptic curve") - ErrInvalidParams = fmt.Errorf("ecies: invalid ECIES parameters") - ErrInvalidPublicKey = fmt.Errorf("ecies: invalid public key") - ErrSharedKeyTooBig = fmt.Errorf("ecies: shared key is too big") + ErrImport = fmt.Errorf("ecies: failed to import key") + ErrInvalidCurve = fmt.Errorf("ecies: invalid elliptic curve") + ErrInvalidParams = fmt.Errorf("ecies: invalid ECIES parameters") + ErrInvalidPublicKey = fmt.Errorf("ecies: invalid public key") + ErrSharedKeyIsPointAtInfinity = fmt.Errorf("ecies: shared key is point at infinity") + ErrSharedKeyTooBig = fmt.Errorf("ecies: shared key params are too big") ) // PublicKey is a representation of an elliptic curve public key. @@ -90,16 +91,20 @@ func MaxSharedKeyLength(pub *PublicKey) int { // ECDH key agreement method used to establish secret keys for encryption. func (prv *PrivateKey) GenerateShared(pub *PublicKey, skLen, macLen int) (sk []byte, err error) { if prv.PublicKey.Curve != pub.Curve { - err = ErrInvalidCurve - return + return nil, ErrInvalidCurve + } + if skLen+macLen > MaxSharedKeyLength(pub) { + return nil, ErrSharedKeyTooBig } x, _ := pub.Curve.ScalarMult(pub.X, pub.Y, prv.D.Bytes()) - if x == nil || (x.BitLen()+7)/8 < (skLen+macLen) { - err = ErrSharedKeyTooBig - return + if x == nil { + return nil, ErrSharedKeyIsPointAtInfinity } - sk = x.Bytes()[:skLen+macLen] - return + + sk = make([]byte, skLen+macLen) + skBytes := x.Bytes() + copy(sk[len(sk)-len(skBytes):], skBytes) + return sk, nil } var ( |