diff options
| author | Gustav Simonsson <gustav.simonsson@gmail.com> | 2015-02-12 03:03:52 +0800 |
|---|---|---|
| committer | Gustav Simonsson <gustav.simonsson@gmail.com> | 2015-02-12 03:28:42 +0800 |
| commit | 52a46e61f948d9c5f4a4e993bc1870bd79a19b56 (patch) | |
| tree | 3c54f34f53f0cca44c42069df3bc36f1b8c67fba /ecies.go | |
| parent | d899334bba7bf4a157cab19d8ad836dcb1de0c34 (diff) | |
| download | go-tangerine-52a46e61f948d9c5f4a4e993bc1870bd79a19b56.tar.gz go-tangerine-52a46e61f948d9c5f4a4e993bc1870bd79a19b56.tar.zst go-tangerine-52a46e61f948d9c5f4a4e993bc1870bd79a19b56.zip | |
Correct ECIES shared key length check
* Ensure the ECIES shared key is padded with zero bytes if it's
smaller than the requested key length.
* Split the ECIES shared key error into two;
one for when the generated key is too big for the params
and one for when it's nil (point of infinity returned by the
curve scalar multiplication).
Diffstat (limited to 'ecies.go')
| -rw-r--r-- | ecies.go | 29 |
1 files changed, 17 insertions, 12 deletions
@@ -13,11 +13,12 @@ import ( ) var ( - ErrImport = fmt.Errorf("ecies: failed to import key") - ErrInvalidCurve = fmt.Errorf("ecies: invalid elliptic curve") - ErrInvalidParams = fmt.Errorf("ecies: invalid ECIES parameters") - ErrInvalidPublicKey = fmt.Errorf("ecies: invalid public key") - ErrSharedKeyTooBig = fmt.Errorf("ecies: shared key is too big") + ErrImport = fmt.Errorf("ecies: failed to import key") + ErrInvalidCurve = fmt.Errorf("ecies: invalid elliptic curve") + ErrInvalidParams = fmt.Errorf("ecies: invalid ECIES parameters") + ErrInvalidPublicKey = fmt.Errorf("ecies: invalid public key") + ErrSharedKeyIsPointAtInfinity = fmt.Errorf("ecies: shared key is point at infinity") + ErrSharedKeyTooBig = fmt.Errorf("ecies: shared key params are too big") ) // PublicKey is a representation of an elliptic curve public key. @@ -90,16 +91,20 @@ func MaxSharedKeyLength(pub *PublicKey) int { // ECDH key agreement method used to establish secret keys for encryption. func (prv *PrivateKey) GenerateShared(pub *PublicKey, skLen, macLen int) (sk []byte, err error) { if prv.PublicKey.Curve != pub.Curve { - err = ErrInvalidCurve - return + return nil, ErrInvalidCurve + } + if skLen+macLen > MaxSharedKeyLength(pub) { + return nil, ErrSharedKeyTooBig } x, _ := pub.Curve.ScalarMult(pub.X, pub.Y, prv.D.Bytes()) - if x == nil || (x.BitLen()+7)/8 < (skLen+macLen) { - err = ErrSharedKeyTooBig - return + if x == nil { + return nil, ErrSharedKeyIsPointAtInfinity } - sk = x.Bytes()[:skLen+macLen] - return + + sk = make([]byte, skLen+macLen) + skBytes := x.Bytes() + copy(sk[len(sk)-len(skBytes):], skBytes) + return sk, nil } var ( |