diff --git a/crypto/ecies/asn1.go b/crypto/ecies/asn1.go deleted file mode 100644 index d3e77d8490..0000000000 --- a/crypto/ecies/asn1.go +++ /dev/null @@ -1,584 +0,0 @@ -// Copyright (c) 2013 Kyle Isom -// Copyright (c) 2012 The Go Authors. All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions are -// met: -// -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following disclaimer -// in the documentation and/or other materials provided with the -// distribution. -// * Neither the name of Google Inc. nor the names of its -// contributors may be used to endorse or promote products derived from -// this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -package ecies - -import ( - "bytes" - "crypto" - "crypto/elliptic" - "crypto/sha1" - "crypto/sha256" - "crypto/sha512" - "encoding/asn1" - "encoding/pem" - "fmt" - "hash" - "math/big" - - ethcrypto "github.com/ethereum/go-ethereum/crypto" -) - -var ( - secgScheme = []int{1, 3, 132, 1} - shaScheme = []int{2, 16, 840, 1, 101, 3, 4, 2} - ansiX962Scheme = []int{1, 2, 840, 10045} - x963Scheme = []int{1, 2, 840, 63, 0} -) - -var ErrInvalidPrivateKey = fmt.Errorf("ecies: invalid private key") - -func doScheme(base, v []int) asn1.ObjectIdentifier { - var oidInts asn1.ObjectIdentifier - oidInts = append(oidInts, base...) - return append(oidInts, v...) -} - -// curve OID code taken from crypto/x509, including -// - oidNameCurve* -// - namedCurveFromOID -// - oidFromNamedCurve -// RFC 5480, 2.1.1.1. Named Curve -// -// secp224r1 OBJECT IDENTIFIER ::= { -// iso(1) identified-organization(3) certicom(132) curve(0) 33 } -// -// secp256r1 OBJECT IDENTIFIER ::= { -// iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) -// prime(1) 7 } -// -// secp384r1 OBJECT IDENTIFIER ::= { -// iso(1) identified-organization(3) certicom(132) curve(0) 34 } -// -// secp521r1 OBJECT IDENTIFIER ::= { -// iso(1) identified-organization(3) certicom(132) curve(0) 35 } -// -// NB: secp256r1 is equivalent to prime256v1 -type secgNamedCurve asn1.ObjectIdentifier - -var ( - secgNamedCurveS256 = secgNamedCurve{1, 3, 132, 0, 10} - secgNamedCurveP256 = secgNamedCurve{1, 2, 840, 10045, 3, 1, 7} - secgNamedCurveP384 = secgNamedCurve{1, 3, 132, 0, 34} - secgNamedCurveP521 = secgNamedCurve{1, 3, 132, 0, 35} - rawCurveP256 = []byte{6, 8, 4, 2, 1, 3, 4, 7, 2, 2, 0, 6, 6, 1, 3, 1, 7} - rawCurveP384 = []byte{6, 5, 4, 3, 1, 2, 9, 4, 0, 3, 4} - rawCurveP521 = []byte{6, 5, 4, 3, 1, 2, 9, 4, 0, 3, 5} -) - -func rawCurve(curve elliptic.Curve) []byte { - switch curve { - case elliptic.P256(): - return rawCurveP256 - case elliptic.P384(): - return rawCurveP384 - case elliptic.P521(): - return rawCurveP521 - default: - return nil - } -} - -func (curve secgNamedCurve) Equal(curve2 secgNamedCurve) bool { - if len(curve) != len(curve2) { - return false - } - for i := range curve { - if curve[i] != curve2[i] { - return false - } - } - return true -} - -func namedCurveFromOID(curve secgNamedCurve) elliptic.Curve { - switch { - case curve.Equal(secgNamedCurveS256): - return ethcrypto.S256() - case curve.Equal(secgNamedCurveP256): - return elliptic.P256() - case curve.Equal(secgNamedCurveP384): - return elliptic.P384() - case curve.Equal(secgNamedCurveP521): - return elliptic.P521() - } - return nil -} - -func oidFromNamedCurve(curve elliptic.Curve) (secgNamedCurve, bool) { - switch curve { - case elliptic.P256(): - return secgNamedCurveP256, true - case elliptic.P384(): - return secgNamedCurveP384, true - case elliptic.P521(): - return secgNamedCurveP521, true - case ethcrypto.S256(): - return secgNamedCurveS256, true - } - - return nil, false -} - -// asnAlgorithmIdentifier represents the ASN.1 structure of the same name. See RFC -// 5280, section 4.1.1.2. -type asnAlgorithmIdentifier struct { - Algorithm asn1.ObjectIdentifier - Parameters asn1.RawValue `asn1:"optional"` -} - -func (a asnAlgorithmIdentifier) Cmp(b asnAlgorithmIdentifier) bool { - if len(a.Algorithm) != len(b.Algorithm) { - return false - } - for i := range a.Algorithm { - if a.Algorithm[i] != b.Algorithm[i] { - return false - } - } - return true -} - -type asnHashFunction asnAlgorithmIdentifier - -var ( - oidSHA1 = asn1.ObjectIdentifier{1, 3, 14, 3, 2, 26} - oidSHA224 = doScheme(shaScheme, []int{4}) - oidSHA256 = doScheme(shaScheme, []int{1}) - oidSHA384 = doScheme(shaScheme, []int{2}) - oidSHA512 = doScheme(shaScheme, []int{3}) -) - -func hashFromOID(oid asn1.ObjectIdentifier) func() hash.Hash { - switch { - case oid.Equal(oidSHA1): - return sha1.New - case oid.Equal(oidSHA224): - return sha256.New224 - case oid.Equal(oidSHA256): - return sha256.New - case oid.Equal(oidSHA384): - return sha512.New384 - case oid.Equal(oidSHA512): - return sha512.New - } - return nil -} - -func oidFromHash(hash crypto.Hash) (asn1.ObjectIdentifier, bool) { - switch hash { - case crypto.SHA1: - return oidSHA1, true - case crypto.SHA224: - return oidSHA224, true - case crypto.SHA256: - return oidSHA256, true - case crypto.SHA384: - return oidSHA384, true - case crypto.SHA512: - return oidSHA512, true - default: - return nil, false - } -} - -var ( - asnAlgoSHA1 = asnHashFunction{ - Algorithm: oidSHA1, - } - asnAlgoSHA224 = asnHashFunction{ - Algorithm: oidSHA224, - } - asnAlgoSHA256 = asnHashFunction{ - Algorithm: oidSHA256, - } - asnAlgoSHA384 = asnHashFunction{ - Algorithm: oidSHA384, - } - asnAlgoSHA512 = asnHashFunction{ - Algorithm: oidSHA512, - } -) - -// type ASNasnSubjectPublicKeyInfo struct { -// -// } -// - -type asnSubjectPublicKeyInfo struct { - Algorithm asn1.ObjectIdentifier - PublicKey asn1.BitString - Supplements ecpksSupplements `asn1:"optional"` -} - -type asnECPKAlgorithms struct { - Type asn1.ObjectIdentifier -} - -var idPublicKeyType = doScheme(ansiX962Scheme, []int{2}) -var idEcPublicKey = doScheme(idPublicKeyType, []int{1}) -var idEcPublicKeySupplemented = doScheme(idPublicKeyType, []int{0}) - -func curveToRaw(curve elliptic.Curve) (rv asn1.RawValue, ok bool) { - switch curve { - case elliptic.P256(), elliptic.P384(), elliptic.P521(): - raw := rawCurve(curve) - return asn1.RawValue{ - Tag: 30, - Bytes: raw[2:], - FullBytes: raw, - }, true - default: - return rv, false - } -} - -func asnECPublicKeyType(curve elliptic.Curve) (algo asnAlgorithmIdentifier, ok bool) { - raw, ok := curveToRaw(curve) - if !ok { - return - } else { - return asnAlgorithmIdentifier{Algorithm: idEcPublicKey, - Parameters: raw}, true - } -} - -type asnECPrivKeyVer int - -var asnECPrivKeyVer1 asnECPrivKeyVer = 1 - -type asnPrivateKey struct { - Version asnECPrivKeyVer - Private []byte - Curve secgNamedCurve `asn1:"optional"` - Public asn1.BitString -} - -var asnECDH = doScheme(secgScheme, []int{12}) - -type asnECDHAlgorithm asnAlgorithmIdentifier - -var ( - dhSinglePass_stdDH_sha1kdf = asnECDHAlgorithm{ - Algorithm: doScheme(x963Scheme, []int{2}), - } - dhSinglePass_stdDH_sha256kdf = asnECDHAlgorithm{ - Algorithm: doScheme(secgScheme, []int{11, 1}), - } - dhSinglePass_stdDH_sha384kdf = asnECDHAlgorithm{ - Algorithm: doScheme(secgScheme, []int{11, 2}), - } - dhSinglePass_stdDH_sha224kdf = asnECDHAlgorithm{ - Algorithm: doScheme(secgScheme, []int{11, 0}), - } - dhSinglePass_stdDH_sha512kdf = asnECDHAlgorithm{ - Algorithm: doScheme(secgScheme, []int{11, 3}), - } -) - -func (a asnECDHAlgorithm) Cmp(b asnECDHAlgorithm) bool { - if len(a.Algorithm) != len(b.Algorithm) { - return false - } - for i := range a.Algorithm { - if a.Algorithm[i] != b.Algorithm[i] { - return false - } - } - return true -} - -// asnNISTConcatenation is the only supported KDF at this time. -type asnKeyDerivationFunction asnAlgorithmIdentifier - -var asnNISTConcatenationKDF = asnKeyDerivationFunction{ - Algorithm: doScheme(secgScheme, []int{17, 1}), -} - -func (a asnKeyDerivationFunction) Cmp(b asnKeyDerivationFunction) bool { - if len(a.Algorithm) != len(b.Algorithm) { - return false - } - for i := range a.Algorithm { - if a.Algorithm[i] != b.Algorithm[i] { - return false - } - } - return true -} - -var eciesRecommendedParameters = doScheme(secgScheme, []int{7}) -var eciesSpecifiedParameters = doScheme(secgScheme, []int{8}) - -type asnECIESParameters struct { - KDF asnKeyDerivationFunction `asn1:"optional"` - Sym asnSymmetricEncryption `asn1:"optional"` - MAC asnMessageAuthenticationCode `asn1:"optional"` -} - -type asnSymmetricEncryption asnAlgorithmIdentifier - -var ( - aes128CTRinECIES = asnSymmetricEncryption{ - Algorithm: doScheme(secgScheme, []int{21, 0}), - } - aes192CTRinECIES = asnSymmetricEncryption{ - Algorithm: doScheme(secgScheme, []int{21, 1}), - } - aes256CTRinECIES = asnSymmetricEncryption{ - Algorithm: doScheme(secgScheme, []int{21, 2}), - } -) - -func (a asnSymmetricEncryption) Cmp(b asnSymmetricEncryption) bool { - if len(a.Algorithm) != len(b.Algorithm) { - return false - } - for i := range a.Algorithm { - if a.Algorithm[i] != b.Algorithm[i] { - return false - } - } - return true -} - -type asnMessageAuthenticationCode asnAlgorithmIdentifier - -var ( - hmacFull = asnMessageAuthenticationCode{ - Algorithm: doScheme(secgScheme, []int{22}), - } -) - -func (a asnMessageAuthenticationCode) Cmp(b asnMessageAuthenticationCode) bool { - if len(a.Algorithm) != len(b.Algorithm) { - return false - } - for i := range a.Algorithm { - if a.Algorithm[i] != b.Algorithm[i] { - return false - } - } - return true -} - -type ecpksSupplements struct { - ECDomain secgNamedCurve - ECCAlgorithms eccAlgorithmSet -} - -type eccAlgorithmSet struct { - ECDH asnECDHAlgorithm `asn1:"optional"` - ECIES asnECIESParameters `asn1:"optional"` -} - -func marshalSubjectPublicKeyInfo(pub *PublicKey) (subj asnSubjectPublicKeyInfo, err error) { - subj.Algorithm = idEcPublicKeySupplemented - curve, ok := oidFromNamedCurve(pub.Curve) - if !ok { - err = ErrInvalidPublicKey - return - } - subj.Supplements.ECDomain = curve - if pub.Params != nil { - subj.Supplements.ECCAlgorithms.ECDH = paramsToASNECDH(pub.Params) - subj.Supplements.ECCAlgorithms.ECIES = paramsToASNECIES(pub.Params) - } - pubkey := elliptic.Marshal(pub.Curve, pub.X, pub.Y) - subj.PublicKey = asn1.BitString{ - BitLength: len(pubkey) * 8, - Bytes: pubkey, - } - return -} - -// Encode a public key to DER format. -func MarshalPublic(pub *PublicKey) ([]byte, error) { - subj, err := marshalSubjectPublicKeyInfo(pub) - if err != nil { - return nil, err - } - return asn1.Marshal(subj) -} - -// Decode a DER-encoded public key. -func UnmarshalPublic(in []byte) (pub *PublicKey, err error) { - var subj asnSubjectPublicKeyInfo - - if _, err = asn1.Unmarshal(in, &subj); err != nil { - return - } - if !subj.Algorithm.Equal(idEcPublicKeySupplemented) { - err = ErrInvalidPublicKey - return - } - pub = new(PublicKey) - pub.Curve = namedCurveFromOID(subj.Supplements.ECDomain) - x, y := elliptic.Unmarshal(pub.Curve, subj.PublicKey.Bytes) - if x == nil { - err = ErrInvalidPublicKey - return - } - pub.X = x - pub.Y = y - pub.Params = new(ECIESParams) - asnECIEStoParams(subj.Supplements.ECCAlgorithms.ECIES, pub.Params) - asnECDHtoParams(subj.Supplements.ECCAlgorithms.ECDH, pub.Params) - if pub.Params == nil { - if pub.Params = ParamsFromCurve(pub.Curve); pub.Params == nil { - err = ErrInvalidPublicKey - } - } - return -} - -func marshalPrivateKey(prv *PrivateKey) (ecprv asnPrivateKey, err error) { - ecprv.Version = asnECPrivKeyVer1 - ecprv.Private = prv.D.Bytes() - - var ok bool - ecprv.Curve, ok = oidFromNamedCurve(prv.PublicKey.Curve) - if !ok { - err = ErrInvalidPrivateKey - return - } - - var pub []byte - if pub, err = MarshalPublic(&prv.PublicKey); err != nil { - return - } else { - ecprv.Public = asn1.BitString{ - BitLength: len(pub) * 8, - Bytes: pub, - } - } - return -} - -// Encode a private key to DER format. -func MarshalPrivate(prv *PrivateKey) ([]byte, error) { - ecprv, err := marshalPrivateKey(prv) - if err != nil { - return nil, err - } - return asn1.Marshal(ecprv) -} - -// Decode a private key from a DER-encoded format. -func UnmarshalPrivate(in []byte) (prv *PrivateKey, err error) { - var ecprv asnPrivateKey - - if _, err = asn1.Unmarshal(in, &ecprv); err != nil { - return - } else if ecprv.Version != asnECPrivKeyVer1 { - err = ErrInvalidPrivateKey - return - } - - privateCurve := namedCurveFromOID(ecprv.Curve) - if privateCurve == nil { - err = ErrInvalidPrivateKey - return - } - - prv = new(PrivateKey) - prv.D = new(big.Int).SetBytes(ecprv.Private) - - if pub, err := UnmarshalPublic(ecprv.Public.Bytes); err != nil { - return nil, err - } else { - prv.PublicKey = *pub - } - - return -} - -// Export a public key to PEM format. -func ExportPublicPEM(pub *PublicKey) (out []byte, err error) { - der, err := MarshalPublic(pub) - if err != nil { - return - } - - var block pem.Block - block.Type = "ELLIPTIC CURVE PUBLIC KEY" - block.Bytes = der - - buf := new(bytes.Buffer) - err = pem.Encode(buf, &block) - if err != nil { - return - } else { - out = buf.Bytes() - } - return -} - -// Export a private key to PEM format. -func ExportPrivatePEM(prv *PrivateKey) (out []byte, err error) { - der, err := MarshalPrivate(prv) - if err != nil { - return - } - - var block pem.Block - block.Type = "ELLIPTIC CURVE PRIVATE KEY" - block.Bytes = der - - buf := new(bytes.Buffer) - err = pem.Encode(buf, &block) - if err != nil { - return - } else { - out = buf.Bytes() - } - return -} - -// Import a PEM-encoded public key. -func ImportPublicPEM(in []byte) (pub *PublicKey, err error) { - p, _ := pem.Decode(in) - if p == nil || p.Type != "ELLIPTIC CURVE PUBLIC KEY" { - return nil, ErrInvalidPublicKey - } - - pub, err = UnmarshalPublic(p.Bytes) - return -} - -// Import a PEM-encoded private key. -func ImportPrivatePEM(in []byte) (prv *PrivateKey, err error) { - p, _ := pem.Decode(in) - if p == nil || p.Type != "ELLIPTIC CURVE PRIVATE KEY" { - return nil, ErrInvalidPrivateKey - } - - prv, err = UnmarshalPrivate(p.Bytes) - return -} diff --git a/crypto/ecies/ecies.go b/crypto/ecies/ecies.go index 2a16f20a2e..1d5f96ed27 100644 --- a/crypto/ecies/ecies.go +++ b/crypto/ecies/ecies.go @@ -151,14 +151,16 @@ var ( func incCounter(ctr []byte) { if ctr[3]++; ctr[3] != 0 { return - } else if ctr[2]++; ctr[2] != 0 { + } + if ctr[2]++; ctr[2] != 0 { return - } else if ctr[1]++; ctr[1] != 0 { + } + if ctr[1]++; ctr[1] != 0 { return - } else if ctr[0]++; ctr[0] != 0 { + } + if ctr[0]++; ctr[0] != 0 { return } - return } // NIST SP 800-56 Concatenation Key Derivation Function (see section 5.8.1). diff --git a/crypto/ecies/ecies_test.go b/crypto/ecies/ecies_test.go index 7c454aa730..9cd5c79f7e 100644 --- a/crypto/ecies/ecies_test.go +++ b/crypto/ecies/ecies_test.go @@ -37,7 +37,6 @@ import ( "encoding/hex" "flag" "fmt" - "io/ioutil" "math/big" "testing" @@ -63,8 +62,7 @@ func TestKDF(t *testing.T) { t.FailNow() } if len(k) != 64 { - fmt.Printf("KDF: generated key is the wrong size (%d instead of 64\n", - len(k)) + fmt.Printf("KDF: generated key is the wrong size (%d instead of 64\n", len(k)) t.FailNow() } } @@ -74,14 +72,9 @@ var ErrBadSharedKeys = fmt.Errorf("ecies: shared keys don't match") // cmpParams compares a set of ECIES parameters. We assume, as per the // docs, that AES is the only supported symmetric encryption algorithm. func cmpParams(p1, p2 *ECIESParams) bool { - if p1.hashAlgo != p2.hashAlgo { - return false - } else if p1.KeyLen != p2.KeyLen { - return false - } else if p1.BlockSize != p2.BlockSize { - return false - } - return true + return p1.hashAlgo == p2.hashAlgo && + p1.KeyLen == p2.KeyLen && + p1.BlockSize == p2.BlockSize } // cmpPublic returns true if the two public keys represent the same pojnt. @@ -212,118 +205,6 @@ func TestTooBigSharedKey(t *testing.T) { } } -// Ensure a public key can be successfully marshalled and unmarshalled, and -// that the decoded key is the same as the original. -func TestMarshalPublic(t *testing.T) { - prv, err := GenerateKey(rand.Reader, DefaultCurve, nil) - if err != nil { - t.Fatalf("GenerateKey error: %s", err) - } - - out, err := MarshalPublic(&prv.PublicKey) - if err != nil { - t.Fatalf("MarshalPublic error: %s", err) - } - - pub, err := UnmarshalPublic(out) - if err != nil { - t.Fatalf("UnmarshalPublic error: %s", err) - } - - if !cmpPublic(prv.PublicKey, *pub) { - t.Fatal("ecies: failed to unmarshal public key") - } -} - -// Ensure that a private key can be encoded into DER format, and that -// the resulting key is properly parsed back into a public key. -func TestMarshalPrivate(t *testing.T) { - prv, err := GenerateKey(rand.Reader, DefaultCurve, nil) - if err != nil { - fmt.Println(err.Error()) - t.FailNow() - } - - out, err := MarshalPrivate(prv) - if err != nil { - fmt.Println(err.Error()) - t.FailNow() - } - - if dumpEnc { - ioutil.WriteFile("test.out", out, 0644) - } - - prv2, err := UnmarshalPrivate(out) - if err != nil { - fmt.Println(err.Error()) - t.FailNow() - } - - if !cmpPrivate(prv, prv2) { - fmt.Println("ecdh: private key import failed") - t.FailNow() - } -} - -// Ensure that a private key can be successfully encoded to PEM format, and -// the resulting key is properly parsed back in. -func TestPrivatePEM(t *testing.T) { - prv, err := GenerateKey(rand.Reader, DefaultCurve, nil) - if err != nil { - fmt.Println(err.Error()) - t.FailNow() - } - - out, err := ExportPrivatePEM(prv) - if err != nil { - fmt.Println(err.Error()) - t.FailNow() - } - - if dumpEnc { - ioutil.WriteFile("test.key", out, 0644) - } - - prv2, err := ImportPrivatePEM(out) - if err != nil { - fmt.Println(err.Error()) - t.FailNow() - } else if !cmpPrivate(prv, prv2) { - fmt.Println("ecdh: import from PEM failed") - t.FailNow() - } -} - -// Ensure that a public key can be successfully encoded to PEM format, and -// the resulting key is properly parsed back in. -func TestPublicPEM(t *testing.T) { - prv, err := GenerateKey(rand.Reader, DefaultCurve, nil) - if err != nil { - fmt.Println(err.Error()) - t.FailNow() - } - - out, err := ExportPublicPEM(&prv.PublicKey) - if err != nil { - fmt.Println(err.Error()) - t.FailNow() - } - - if dumpEnc { - ioutil.WriteFile("test.pem", out, 0644) - } - - pub2, err := ImportPublicPEM(out) - if err != nil { - fmt.Println(err.Error()) - t.FailNow() - } else if !cmpPublic(prv.PublicKey, *pub2) { - fmt.Println("ecdh: import from PEM failed") - t.FailNow() - } -} - // Benchmark the generation of P256 keys. func BenchmarkGenerateKeyP256(b *testing.B) { for i := 0; i < b.N; i++ { @@ -437,74 +318,27 @@ func TestDecryptShared2(t *testing.T) { } } -// TestMarshalEncryption validates the encode/decode produces a valid -// ECIES encryption key. -func TestMarshalEncryption(t *testing.T) { - prv1, err := GenerateKey(rand.Reader, DefaultCurve, nil) - if err != nil { - fmt.Println(err.Error()) - t.FailNow() - } - - out, err := MarshalPrivate(prv1) - if err != nil { - fmt.Println(err.Error()) - t.FailNow() - } - - prv2, err := UnmarshalPrivate(out) - if err != nil { - fmt.Println(err.Error()) - t.FailNow() - } - - message := []byte("Hello, world.") - ct, err := Encrypt(rand.Reader, &prv2.PublicKey, message, nil, nil) - if err != nil { - fmt.Println(err.Error()) - t.FailNow() - } - - pt, err := prv2.Decrypt(rand.Reader, ct, nil, nil) - if err != nil { - fmt.Println(err.Error()) - t.FailNow() - } - - if !bytes.Equal(pt, message) { - fmt.Println("ecies: plaintext doesn't match message") - t.FailNow() - } - - _, err = prv1.Decrypt(rand.Reader, ct, nil, nil) - if err != nil { - fmt.Println(err.Error()) - t.FailNow() - } - -} - type testCase struct { Curve elliptic.Curve Name string - Expected bool + Expected *ECIESParams } var testCases = []testCase{ { Curve: elliptic.P256(), Name: "P256", - Expected: true, + Expected: ECIES_AES128_SHA256, }, { Curve: elliptic.P384(), Name: "P384", - Expected: true, + Expected: ECIES_AES256_SHA384, }, { Curve: elliptic.P521(), Name: "P521", - Expected: true, + Expected: ECIES_AES256_SHA512, }, } @@ -519,10 +353,10 @@ func TestParamSelection(t *testing.T) { func testParamSelection(t *testing.T, c testCase) { params := ParamsFromCurve(c.Curve) - if params == nil && c.Expected { + if params == nil && c.Expected != nil { fmt.Printf("%s (%s)\n", ErrInvalidParams.Error(), c.Name) t.FailNow() - } else if params != nil && !c.Expected { + } else if params != nil && !cmpParams(params, c.Expected) { fmt.Printf("ecies: parameters should be invalid (%s)\n", c.Name) t.FailNow() diff --git a/crypto/ecies/params.go b/crypto/ecies/params.go index 826d90c845..6312daf5a1 100644 --- a/crypto/ecies/params.go +++ b/crypto/ecies/params.go @@ -114,97 +114,4 @@ func AddParamsForCurve(curve elliptic.Curve, params *ECIESParams) { // Only the curves P256, P384, and P512 are supported. func ParamsFromCurve(curve elliptic.Curve) (params *ECIESParams) { return paramsFromCurve[curve] - - /* - switch curve { - case elliptic.P256(): - return ECIES_AES128_SHA256 - case elliptic.P384(): - return ECIES_AES256_SHA384 - case elliptic.P521(): - return ECIES_AES256_SHA512 - default: - return nil - } - */ -} - -// ASN.1 encode the ECIES parameters relevant to the encryption operations. -func paramsToASNECIES(params *ECIESParams) (asnParams asnECIESParameters) { - if nil == params { - return - } - asnParams.KDF = asnNISTConcatenationKDF - asnParams.MAC = hmacFull - switch params.KeyLen { - case 16: - asnParams.Sym = aes128CTRinECIES - case 24: - asnParams.Sym = aes192CTRinECIES - case 32: - asnParams.Sym = aes256CTRinECIES - } - return -} - -// ASN.1 encode the ECIES parameters relevant to ECDH. -func paramsToASNECDH(params *ECIESParams) (algo asnECDHAlgorithm) { - switch params.hashAlgo { - case crypto.SHA224: - algo = dhSinglePass_stdDH_sha224kdf - case crypto.SHA256: - algo = dhSinglePass_stdDH_sha256kdf - case crypto.SHA384: - algo = dhSinglePass_stdDH_sha384kdf - case crypto.SHA512: - algo = dhSinglePass_stdDH_sha512kdf - } - return -} - -// ASN.1 decode the ECIES parameters relevant to the encryption stage. -func asnECIEStoParams(asnParams asnECIESParameters, params *ECIESParams) { - if !asnParams.KDF.Cmp(asnNISTConcatenationKDF) { - params = nil - return - } else if !asnParams.MAC.Cmp(hmacFull) { - params = nil - return - } - - switch { - case asnParams.Sym.Cmp(aes128CTRinECIES): - params.KeyLen = 16 - params.BlockSize = 16 - params.Cipher = aes.NewCipher - case asnParams.Sym.Cmp(aes192CTRinECIES): - params.KeyLen = 24 - params.BlockSize = 16 - params.Cipher = aes.NewCipher - case asnParams.Sym.Cmp(aes256CTRinECIES): - params.KeyLen = 32 - params.BlockSize = 16 - params.Cipher = aes.NewCipher - default: - params = nil - } -} - -// ASN.1 decode the ECIES parameters relevant to ECDH. -func asnECDHtoParams(asnParams asnECDHAlgorithm, params *ECIESParams) { - if asnParams.Cmp(dhSinglePass_stdDH_sha224kdf) { - params.hashAlgo = crypto.SHA224 - params.Hash = sha256.New224 - } else if asnParams.Cmp(dhSinglePass_stdDH_sha256kdf) { - params.hashAlgo = crypto.SHA256 - params.Hash = sha256.New - } else if asnParams.Cmp(dhSinglePass_stdDH_sha384kdf) { - params.hashAlgo = crypto.SHA384 - params.Hash = sha512.New384 - } else if asnParams.Cmp(dhSinglePass_stdDH_sha512kdf) { - params.hashAlgo = crypto.SHA512 - params.Hash = sha512.New - } else { - params = nil - } } diff --git a/crypto/sha3/sha3.go b/crypto/sha3/sha3.go index c86167c0b4..b12a35c87f 100644 --- a/crypto/sha3/sha3.go +++ b/crypto/sha3/sha3.go @@ -42,9 +42,8 @@ type state struct { storage [maxRate]byte // Specific to SHA-3 and SHAKE. - fixedOutput bool // whether this is a fixed-output-length instance - outputLen int // the default output size in bytes - state spongeDirection // whether the sponge is absorbing or squeezing + outputLen int // the default output size in bytes + state spongeDirection // whether the sponge is absorbing or squeezing } // BlockSize returns the rate of sponge underlying this hash function. diff --git a/crypto/sha3/sha3_test.go b/crypto/sha3/sha3_test.go index c433761a8a..0e33676ce6 100644 --- a/crypto/sha3/sha3_test.go +++ b/crypto/sha3/sha3_test.go @@ -53,15 +53,6 @@ var testShakes = map[string]func() ShakeHash{ "SHAKE256": NewShake256, } -// decodeHex converts a hex-encoded string into a raw byte string. -func decodeHex(s string) []byte { - b, err := hex.DecodeString(s) - if err != nil { - panic(err) - } - return b -} - // structs used to marshal JSON test-cases. type KeccakKats struct { Kats map[string][]struct { @@ -125,7 +116,7 @@ func TestKeccakKats(t *testing.T) { // TestUnalignedWrite tests that writing data in an arbitrary pattern with // small input buffers. -func testUnalignedWrite(t *testing.T) { +func TestUnalignedWrite(t *testing.T) { testUnalignedAndGeneric(t, func(impl string) { buf := sequentialBytes(0x10000) for alg, df := range testDigests {