crypto: fix megacheck warnings (#14917)
* crypto: fix megacheck warnings * crypto/ecies: remove ASN.1 support
This commit is contained in:
parent
9a7e99f75d
commit
10ce8b0e3c
|
@ -1,584 +0,0 @@
|
|||
// Copyright (c) 2013 Kyle Isom <kyle@tyrfingr.is>
|
||||
// Copyright (c) 2012 The Go Authors. All rights reserved.
|
||||
//
|
||||
// Redistribution and use in source and binary forms, with or without
|
||||
// modification, are permitted provided that the following conditions are
|
||||
// met:
|
||||
//
|
||||
// * Redistributions of source code must retain the above copyright
|
||||
// notice, this list of conditions and the following disclaimer.
|
||||
// * Redistributions in binary form must reproduce the above
|
||||
// copyright notice, this list of conditions and the following disclaimer
|
||||
// in the documentation and/or other materials provided with the
|
||||
// distribution.
|
||||
// * Neither the name of Google Inc. nor the names of its
|
||||
// contributors may be used to endorse or promote products derived from
|
||||
// this software without specific prior written permission.
|
||||
//
|
||||
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
package ecies
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"crypto"
|
||||
"crypto/elliptic"
|
||||
"crypto/sha1"
|
||||
"crypto/sha256"
|
||||
"crypto/sha512"
|
||||
"encoding/asn1"
|
||||
"encoding/pem"
|
||||
"fmt"
|
||||
"hash"
|
||||
"math/big"
|
||||
|
||||
ethcrypto "github.com/ethereum/go-ethereum/crypto"
|
||||
)
|
||||
|
||||
var (
|
||||
secgScheme = []int{1, 3, 132, 1}
|
||||
shaScheme = []int{2, 16, 840, 1, 101, 3, 4, 2}
|
||||
ansiX962Scheme = []int{1, 2, 840, 10045}
|
||||
x963Scheme = []int{1, 2, 840, 63, 0}
|
||||
)
|
||||
|
||||
var ErrInvalidPrivateKey = fmt.Errorf("ecies: invalid private key")
|
||||
|
||||
func doScheme(base, v []int) asn1.ObjectIdentifier {
|
||||
var oidInts asn1.ObjectIdentifier
|
||||
oidInts = append(oidInts, base...)
|
||||
return append(oidInts, v...)
|
||||
}
|
||||
|
||||
// curve OID code taken from crypto/x509, including
|
||||
// - oidNameCurve*
|
||||
// - namedCurveFromOID
|
||||
// - oidFromNamedCurve
|
||||
// RFC 5480, 2.1.1.1. Named Curve
|
||||
//
|
||||
// secp224r1 OBJECT IDENTIFIER ::= {
|
||||
// iso(1) identified-organization(3) certicom(132) curve(0) 33 }
|
||||
//
|
||||
// secp256r1 OBJECT IDENTIFIER ::= {
|
||||
// iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3)
|
||||
// prime(1) 7 }
|
||||
//
|
||||
// secp384r1 OBJECT IDENTIFIER ::= {
|
||||
// iso(1) identified-organization(3) certicom(132) curve(0) 34 }
|
||||
//
|
||||
// secp521r1 OBJECT IDENTIFIER ::= {
|
||||
// iso(1) identified-organization(3) certicom(132) curve(0) 35 }
|
||||
//
|
||||
// NB: secp256r1 is equivalent to prime256v1
|
||||
type secgNamedCurve asn1.ObjectIdentifier
|
||||
|
||||
var (
|
||||
secgNamedCurveS256 = secgNamedCurve{1, 3, 132, 0, 10}
|
||||
secgNamedCurveP256 = secgNamedCurve{1, 2, 840, 10045, 3, 1, 7}
|
||||
secgNamedCurveP384 = secgNamedCurve{1, 3, 132, 0, 34}
|
||||
secgNamedCurveP521 = secgNamedCurve{1, 3, 132, 0, 35}
|
||||
rawCurveP256 = []byte{6, 8, 4, 2, 1, 3, 4, 7, 2, 2, 0, 6, 6, 1, 3, 1, 7}
|
||||
rawCurveP384 = []byte{6, 5, 4, 3, 1, 2, 9, 4, 0, 3, 4}
|
||||
rawCurveP521 = []byte{6, 5, 4, 3, 1, 2, 9, 4, 0, 3, 5}
|
||||
)
|
||||
|
||||
func rawCurve(curve elliptic.Curve) []byte {
|
||||
switch curve {
|
||||
case elliptic.P256():
|
||||
return rawCurveP256
|
||||
case elliptic.P384():
|
||||
return rawCurveP384
|
||||
case elliptic.P521():
|
||||
return rawCurveP521
|
||||
default:
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
func (curve secgNamedCurve) Equal(curve2 secgNamedCurve) bool {
|
||||
if len(curve) != len(curve2) {
|
||||
return false
|
||||
}
|
||||
for i := range curve {
|
||||
if curve[i] != curve2[i] {
|
||||
return false
|
||||
}
|
||||
}
|
||||
return true
|
||||
}
|
||||
|
||||
func namedCurveFromOID(curve secgNamedCurve) elliptic.Curve {
|
||||
switch {
|
||||
case curve.Equal(secgNamedCurveS256):
|
||||
return ethcrypto.S256()
|
||||
case curve.Equal(secgNamedCurveP256):
|
||||
return elliptic.P256()
|
||||
case curve.Equal(secgNamedCurveP384):
|
||||
return elliptic.P384()
|
||||
case curve.Equal(secgNamedCurveP521):
|
||||
return elliptic.P521()
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func oidFromNamedCurve(curve elliptic.Curve) (secgNamedCurve, bool) {
|
||||
switch curve {
|
||||
case elliptic.P256():
|
||||
return secgNamedCurveP256, true
|
||||
case elliptic.P384():
|
||||
return secgNamedCurveP384, true
|
||||
case elliptic.P521():
|
||||
return secgNamedCurveP521, true
|
||||
case ethcrypto.S256():
|
||||
return secgNamedCurveS256, true
|
||||
}
|
||||
|
||||
return nil, false
|
||||
}
|
||||
|
||||
// asnAlgorithmIdentifier represents the ASN.1 structure of the same name. See RFC
|
||||
// 5280, section 4.1.1.2.
|
||||
type asnAlgorithmIdentifier struct {
|
||||
Algorithm asn1.ObjectIdentifier
|
||||
Parameters asn1.RawValue `asn1:"optional"`
|
||||
}
|
||||
|
||||
func (a asnAlgorithmIdentifier) Cmp(b asnAlgorithmIdentifier) bool {
|
||||
if len(a.Algorithm) != len(b.Algorithm) {
|
||||
return false
|
||||
}
|
||||
for i := range a.Algorithm {
|
||||
if a.Algorithm[i] != b.Algorithm[i] {
|
||||
return false
|
||||
}
|
||||
}
|
||||
return true
|
||||
}
|
||||
|
||||
type asnHashFunction asnAlgorithmIdentifier
|
||||
|
||||
var (
|
||||
oidSHA1 = asn1.ObjectIdentifier{1, 3, 14, 3, 2, 26}
|
||||
oidSHA224 = doScheme(shaScheme, []int{4})
|
||||
oidSHA256 = doScheme(shaScheme, []int{1})
|
||||
oidSHA384 = doScheme(shaScheme, []int{2})
|
||||
oidSHA512 = doScheme(shaScheme, []int{3})
|
||||
)
|
||||
|
||||
func hashFromOID(oid asn1.ObjectIdentifier) func() hash.Hash {
|
||||
switch {
|
||||
case oid.Equal(oidSHA1):
|
||||
return sha1.New
|
||||
case oid.Equal(oidSHA224):
|
||||
return sha256.New224
|
||||
case oid.Equal(oidSHA256):
|
||||
return sha256.New
|
||||
case oid.Equal(oidSHA384):
|
||||
return sha512.New384
|
||||
case oid.Equal(oidSHA512):
|
||||
return sha512.New
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func oidFromHash(hash crypto.Hash) (asn1.ObjectIdentifier, bool) {
|
||||
switch hash {
|
||||
case crypto.SHA1:
|
||||
return oidSHA1, true
|
||||
case crypto.SHA224:
|
||||
return oidSHA224, true
|
||||
case crypto.SHA256:
|
||||
return oidSHA256, true
|
||||
case crypto.SHA384:
|
||||
return oidSHA384, true
|
||||
case crypto.SHA512:
|
||||
return oidSHA512, true
|
||||
default:
|
||||
return nil, false
|
||||
}
|
||||
}
|
||||
|
||||
var (
|
||||
asnAlgoSHA1 = asnHashFunction{
|
||||
Algorithm: oidSHA1,
|
||||
}
|
||||
asnAlgoSHA224 = asnHashFunction{
|
||||
Algorithm: oidSHA224,
|
||||
}
|
||||
asnAlgoSHA256 = asnHashFunction{
|
||||
Algorithm: oidSHA256,
|
||||
}
|
||||
asnAlgoSHA384 = asnHashFunction{
|
||||
Algorithm: oidSHA384,
|
||||
}
|
||||
asnAlgoSHA512 = asnHashFunction{
|
||||
Algorithm: oidSHA512,
|
||||
}
|
||||
)
|
||||
|
||||
// type ASNasnSubjectPublicKeyInfo struct {
|
||||
//
|
||||
// }
|
||||
//
|
||||
|
||||
type asnSubjectPublicKeyInfo struct {
|
||||
Algorithm asn1.ObjectIdentifier
|
||||
PublicKey asn1.BitString
|
||||
Supplements ecpksSupplements `asn1:"optional"`
|
||||
}
|
||||
|
||||
type asnECPKAlgorithms struct {
|
||||
Type asn1.ObjectIdentifier
|
||||
}
|
||||
|
||||
var idPublicKeyType = doScheme(ansiX962Scheme, []int{2})
|
||||
var idEcPublicKey = doScheme(idPublicKeyType, []int{1})
|
||||
var idEcPublicKeySupplemented = doScheme(idPublicKeyType, []int{0})
|
||||
|
||||
func curveToRaw(curve elliptic.Curve) (rv asn1.RawValue, ok bool) {
|
||||
switch curve {
|
||||
case elliptic.P256(), elliptic.P384(), elliptic.P521():
|
||||
raw := rawCurve(curve)
|
||||
return asn1.RawValue{
|
||||
Tag: 30,
|
||||
Bytes: raw[2:],
|
||||
FullBytes: raw,
|
||||
}, true
|
||||
default:
|
||||
return rv, false
|
||||
}
|
||||
}
|
||||
|
||||
func asnECPublicKeyType(curve elliptic.Curve) (algo asnAlgorithmIdentifier, ok bool) {
|
||||
raw, ok := curveToRaw(curve)
|
||||
if !ok {
|
||||
return
|
||||
} else {
|
||||
return asnAlgorithmIdentifier{Algorithm: idEcPublicKey,
|
||||
Parameters: raw}, true
|
||||
}
|
||||
}
|
||||
|
||||
type asnECPrivKeyVer int
|
||||
|
||||
var asnECPrivKeyVer1 asnECPrivKeyVer = 1
|
||||
|
||||
type asnPrivateKey struct {
|
||||
Version asnECPrivKeyVer
|
||||
Private []byte
|
||||
Curve secgNamedCurve `asn1:"optional"`
|
||||
Public asn1.BitString
|
||||
}
|
||||
|
||||
var asnECDH = doScheme(secgScheme, []int{12})
|
||||
|
||||
type asnECDHAlgorithm asnAlgorithmIdentifier
|
||||
|
||||
var (
|
||||
dhSinglePass_stdDH_sha1kdf = asnECDHAlgorithm{
|
||||
Algorithm: doScheme(x963Scheme, []int{2}),
|
||||
}
|
||||
dhSinglePass_stdDH_sha256kdf = asnECDHAlgorithm{
|
||||
Algorithm: doScheme(secgScheme, []int{11, 1}),
|
||||
}
|
||||
dhSinglePass_stdDH_sha384kdf = asnECDHAlgorithm{
|
||||
Algorithm: doScheme(secgScheme, []int{11, 2}),
|
||||
}
|
||||
dhSinglePass_stdDH_sha224kdf = asnECDHAlgorithm{
|
||||
Algorithm: doScheme(secgScheme, []int{11, 0}),
|
||||
}
|
||||
dhSinglePass_stdDH_sha512kdf = asnECDHAlgorithm{
|
||||
Algorithm: doScheme(secgScheme, []int{11, 3}),
|
||||
}
|
||||
)
|
||||
|
||||
func (a asnECDHAlgorithm) Cmp(b asnECDHAlgorithm) bool {
|
||||
if len(a.Algorithm) != len(b.Algorithm) {
|
||||
return false
|
||||
}
|
||||
for i := range a.Algorithm {
|
||||
if a.Algorithm[i] != b.Algorithm[i] {
|
||||
return false
|
||||
}
|
||||
}
|
||||
return true
|
||||
}
|
||||
|
||||
// asnNISTConcatenation is the only supported KDF at this time.
|
||||
type asnKeyDerivationFunction asnAlgorithmIdentifier
|
||||
|
||||
var asnNISTConcatenationKDF = asnKeyDerivationFunction{
|
||||
Algorithm: doScheme(secgScheme, []int{17, 1}),
|
||||
}
|
||||
|
||||
func (a asnKeyDerivationFunction) Cmp(b asnKeyDerivationFunction) bool {
|
||||
if len(a.Algorithm) != len(b.Algorithm) {
|
||||
return false
|
||||
}
|
||||
for i := range a.Algorithm {
|
||||
if a.Algorithm[i] != b.Algorithm[i] {
|
||||
return false
|
||||
}
|
||||
}
|
||||
return true
|
||||
}
|
||||
|
||||
var eciesRecommendedParameters = doScheme(secgScheme, []int{7})
|
||||
var eciesSpecifiedParameters = doScheme(secgScheme, []int{8})
|
||||
|
||||
type asnECIESParameters struct {
|
||||
KDF asnKeyDerivationFunction `asn1:"optional"`
|
||||
Sym asnSymmetricEncryption `asn1:"optional"`
|
||||
MAC asnMessageAuthenticationCode `asn1:"optional"`
|
||||
}
|
||||
|
||||
type asnSymmetricEncryption asnAlgorithmIdentifier
|
||||
|
||||
var (
|
||||
aes128CTRinECIES = asnSymmetricEncryption{
|
||||
Algorithm: doScheme(secgScheme, []int{21, 0}),
|
||||
}
|
||||
aes192CTRinECIES = asnSymmetricEncryption{
|
||||
Algorithm: doScheme(secgScheme, []int{21, 1}),
|
||||
}
|
||||
aes256CTRinECIES = asnSymmetricEncryption{
|
||||
Algorithm: doScheme(secgScheme, []int{21, 2}),
|
||||
}
|
||||
)
|
||||
|
||||
func (a asnSymmetricEncryption) Cmp(b asnSymmetricEncryption) bool {
|
||||
if len(a.Algorithm) != len(b.Algorithm) {
|
||||
return false
|
||||
}
|
||||
for i := range a.Algorithm {
|
||||
if a.Algorithm[i] != b.Algorithm[i] {
|
||||
return false
|
||||
}
|
||||
}
|
||||
return true
|
||||
}
|
||||
|
||||
type asnMessageAuthenticationCode asnAlgorithmIdentifier
|
||||
|
||||
var (
|
||||
hmacFull = asnMessageAuthenticationCode{
|
||||
Algorithm: doScheme(secgScheme, []int{22}),
|
||||
}
|
||||
)
|
||||
|
||||
func (a asnMessageAuthenticationCode) Cmp(b asnMessageAuthenticationCode) bool {
|
||||
if len(a.Algorithm) != len(b.Algorithm) {
|
||||
return false
|
||||
}
|
||||
for i := range a.Algorithm {
|
||||
if a.Algorithm[i] != b.Algorithm[i] {
|
||||
return false
|
||||
}
|
||||
}
|
||||
return true
|
||||
}
|
||||
|
||||
type ecpksSupplements struct {
|
||||
ECDomain secgNamedCurve
|
||||
ECCAlgorithms eccAlgorithmSet
|
||||
}
|
||||
|
||||
type eccAlgorithmSet struct {
|
||||
ECDH asnECDHAlgorithm `asn1:"optional"`
|
||||
ECIES asnECIESParameters `asn1:"optional"`
|
||||
}
|
||||
|
||||
func marshalSubjectPublicKeyInfo(pub *PublicKey) (subj asnSubjectPublicKeyInfo, err error) {
|
||||
subj.Algorithm = idEcPublicKeySupplemented
|
||||
curve, ok := oidFromNamedCurve(pub.Curve)
|
||||
if !ok {
|
||||
err = ErrInvalidPublicKey
|
||||
return
|
||||
}
|
||||
subj.Supplements.ECDomain = curve
|
||||
if pub.Params != nil {
|
||||
subj.Supplements.ECCAlgorithms.ECDH = paramsToASNECDH(pub.Params)
|
||||
subj.Supplements.ECCAlgorithms.ECIES = paramsToASNECIES(pub.Params)
|
||||
}
|
||||
pubkey := elliptic.Marshal(pub.Curve, pub.X, pub.Y)
|
||||
subj.PublicKey = asn1.BitString{
|
||||
BitLength: len(pubkey) * 8,
|
||||
Bytes: pubkey,
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
// Encode a public key to DER format.
|
||||
func MarshalPublic(pub *PublicKey) ([]byte, error) {
|
||||
subj, err := marshalSubjectPublicKeyInfo(pub)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return asn1.Marshal(subj)
|
||||
}
|
||||
|
||||
// Decode a DER-encoded public key.
|
||||
func UnmarshalPublic(in []byte) (pub *PublicKey, err error) {
|
||||
var subj asnSubjectPublicKeyInfo
|
||||
|
||||
if _, err = asn1.Unmarshal(in, &subj); err != nil {
|
||||
return
|
||||
}
|
||||
if !subj.Algorithm.Equal(idEcPublicKeySupplemented) {
|
||||
err = ErrInvalidPublicKey
|
||||
return
|
||||
}
|
||||
pub = new(PublicKey)
|
||||
pub.Curve = namedCurveFromOID(subj.Supplements.ECDomain)
|
||||
x, y := elliptic.Unmarshal(pub.Curve, subj.PublicKey.Bytes)
|
||||
if x == nil {
|
||||
err = ErrInvalidPublicKey
|
||||
return
|
||||
}
|
||||
pub.X = x
|
||||
pub.Y = y
|
||||
pub.Params = new(ECIESParams)
|
||||
asnECIEStoParams(subj.Supplements.ECCAlgorithms.ECIES, pub.Params)
|
||||
asnECDHtoParams(subj.Supplements.ECCAlgorithms.ECDH, pub.Params)
|
||||
if pub.Params == nil {
|
||||
if pub.Params = ParamsFromCurve(pub.Curve); pub.Params == nil {
|
||||
err = ErrInvalidPublicKey
|
||||
}
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
func marshalPrivateKey(prv *PrivateKey) (ecprv asnPrivateKey, err error) {
|
||||
ecprv.Version = asnECPrivKeyVer1
|
||||
ecprv.Private = prv.D.Bytes()
|
||||
|
||||
var ok bool
|
||||
ecprv.Curve, ok = oidFromNamedCurve(prv.PublicKey.Curve)
|
||||
if !ok {
|
||||
err = ErrInvalidPrivateKey
|
||||
return
|
||||
}
|
||||
|
||||
var pub []byte
|
||||
if pub, err = MarshalPublic(&prv.PublicKey); err != nil {
|
||||
return
|
||||
} else {
|
||||
ecprv.Public = asn1.BitString{
|
||||
BitLength: len(pub) * 8,
|
||||
Bytes: pub,
|
||||
}
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
// Encode a private key to DER format.
|
||||
func MarshalPrivate(prv *PrivateKey) ([]byte, error) {
|
||||
ecprv, err := marshalPrivateKey(prv)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return asn1.Marshal(ecprv)
|
||||
}
|
||||
|
||||
// Decode a private key from a DER-encoded format.
|
||||
func UnmarshalPrivate(in []byte) (prv *PrivateKey, err error) {
|
||||
var ecprv asnPrivateKey
|
||||
|
||||
if _, err = asn1.Unmarshal(in, &ecprv); err != nil {
|
||||
return
|
||||
} else if ecprv.Version != asnECPrivKeyVer1 {
|
||||
err = ErrInvalidPrivateKey
|
||||
return
|
||||
}
|
||||
|
||||
privateCurve := namedCurveFromOID(ecprv.Curve)
|
||||
if privateCurve == nil {
|
||||
err = ErrInvalidPrivateKey
|
||||
return
|
||||
}
|
||||
|
||||
prv = new(PrivateKey)
|
||||
prv.D = new(big.Int).SetBytes(ecprv.Private)
|
||||
|
||||
if pub, err := UnmarshalPublic(ecprv.Public.Bytes); err != nil {
|
||||
return nil, err
|
||||
} else {
|
||||
prv.PublicKey = *pub
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// Export a public key to PEM format.
|
||||
func ExportPublicPEM(pub *PublicKey) (out []byte, err error) {
|
||||
der, err := MarshalPublic(pub)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
var block pem.Block
|
||||
block.Type = "ELLIPTIC CURVE PUBLIC KEY"
|
||||
block.Bytes = der
|
||||
|
||||
buf := new(bytes.Buffer)
|
||||
err = pem.Encode(buf, &block)
|
||||
if err != nil {
|
||||
return
|
||||
} else {
|
||||
out = buf.Bytes()
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
// Export a private key to PEM format.
|
||||
func ExportPrivatePEM(prv *PrivateKey) (out []byte, err error) {
|
||||
der, err := MarshalPrivate(prv)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
var block pem.Block
|
||||
block.Type = "ELLIPTIC CURVE PRIVATE KEY"
|
||||
block.Bytes = der
|
||||
|
||||
buf := new(bytes.Buffer)
|
||||
err = pem.Encode(buf, &block)
|
||||
if err != nil {
|
||||
return
|
||||
} else {
|
||||
out = buf.Bytes()
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
// Import a PEM-encoded public key.
|
||||
func ImportPublicPEM(in []byte) (pub *PublicKey, err error) {
|
||||
p, _ := pem.Decode(in)
|
||||
if p == nil || p.Type != "ELLIPTIC CURVE PUBLIC KEY" {
|
||||
return nil, ErrInvalidPublicKey
|
||||
}
|
||||
|
||||
pub, err = UnmarshalPublic(p.Bytes)
|
||||
return
|
||||
}
|
||||
|
||||
// Import a PEM-encoded private key.
|
||||
func ImportPrivatePEM(in []byte) (prv *PrivateKey, err error) {
|
||||
p, _ := pem.Decode(in)
|
||||
if p == nil || p.Type != "ELLIPTIC CURVE PRIVATE KEY" {
|
||||
return nil, ErrInvalidPrivateKey
|
||||
}
|
||||
|
||||
prv, err = UnmarshalPrivate(p.Bytes)
|
||||
return
|
||||
}
|
|
@ -151,14 +151,16 @@ var (
|
|||
func incCounter(ctr []byte) {
|
||||
if ctr[3]++; ctr[3] != 0 {
|
||||
return
|
||||
} else if ctr[2]++; ctr[2] != 0 {
|
||||
return
|
||||
} else if ctr[1]++; ctr[1] != 0 {
|
||||
return
|
||||
} else if ctr[0]++; ctr[0] != 0 {
|
||||
}
|
||||
if ctr[2]++; ctr[2] != 0 {
|
||||
return
|
||||
}
|
||||
if ctr[1]++; ctr[1] != 0 {
|
||||
return
|
||||
}
|
||||
if ctr[0]++; ctr[0] != 0 {
|
||||
return
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
// NIST SP 800-56 Concatenation Key Derivation Function (see section 5.8.1).
|
||||
|
|
|
@ -37,7 +37,6 @@ import (
|
|||
"encoding/hex"
|
||||
"flag"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"math/big"
|
||||
"testing"
|
||||
|
||||
|
@ -63,8 +62,7 @@ func TestKDF(t *testing.T) {
|
|||
t.FailNow()
|
||||
}
|
||||
if len(k) != 64 {
|
||||
fmt.Printf("KDF: generated key is the wrong size (%d instead of 64\n",
|
||||
len(k))
|
||||
fmt.Printf("KDF: generated key is the wrong size (%d instead of 64\n", len(k))
|
||||
t.FailNow()
|
||||
}
|
||||
}
|
||||
|
@ -74,14 +72,9 @@ var ErrBadSharedKeys = fmt.Errorf("ecies: shared keys don't match")
|
|||
// cmpParams compares a set of ECIES parameters. We assume, as per the
|
||||
// docs, that AES is the only supported symmetric encryption algorithm.
|
||||
func cmpParams(p1, p2 *ECIESParams) bool {
|
||||
if p1.hashAlgo != p2.hashAlgo {
|
||||
return false
|
||||
} else if p1.KeyLen != p2.KeyLen {
|
||||
return false
|
||||
} else if p1.BlockSize != p2.BlockSize {
|
||||
return false
|
||||
}
|
||||
return true
|
||||
return p1.hashAlgo == p2.hashAlgo &&
|
||||
p1.KeyLen == p2.KeyLen &&
|
||||
p1.BlockSize == p2.BlockSize
|
||||
}
|
||||
|
||||
// cmpPublic returns true if the two public keys represent the same pojnt.
|
||||
|
@ -212,118 +205,6 @@ func TestTooBigSharedKey(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
// Ensure a public key can be successfully marshalled and unmarshalled, and
|
||||
// that the decoded key is the same as the original.
|
||||
func TestMarshalPublic(t *testing.T) {
|
||||
prv, err := GenerateKey(rand.Reader, DefaultCurve, nil)
|
||||
if err != nil {
|
||||
t.Fatalf("GenerateKey error: %s", err)
|
||||
}
|
||||
|
||||
out, err := MarshalPublic(&prv.PublicKey)
|
||||
if err != nil {
|
||||
t.Fatalf("MarshalPublic error: %s", err)
|
||||
}
|
||||
|
||||
pub, err := UnmarshalPublic(out)
|
||||
if err != nil {
|
||||
t.Fatalf("UnmarshalPublic error: %s", err)
|
||||
}
|
||||
|
||||
if !cmpPublic(prv.PublicKey, *pub) {
|
||||
t.Fatal("ecies: failed to unmarshal public key")
|
||||
}
|
||||
}
|
||||
|
||||
// Ensure that a private key can be encoded into DER format, and that
|
||||
// the resulting key is properly parsed back into a public key.
|
||||
func TestMarshalPrivate(t *testing.T) {
|
||||
prv, err := GenerateKey(rand.Reader, DefaultCurve, nil)
|
||||
if err != nil {
|
||||
fmt.Println(err.Error())
|
||||
t.FailNow()
|
||||
}
|
||||
|
||||
out, err := MarshalPrivate(prv)
|
||||
if err != nil {
|
||||
fmt.Println(err.Error())
|
||||
t.FailNow()
|
||||
}
|
||||
|
||||
if dumpEnc {
|
||||
ioutil.WriteFile("test.out", out, 0644)
|
||||
}
|
||||
|
||||
prv2, err := UnmarshalPrivate(out)
|
||||
if err != nil {
|
||||
fmt.Println(err.Error())
|
||||
t.FailNow()
|
||||
}
|
||||
|
||||
if !cmpPrivate(prv, prv2) {
|
||||
fmt.Println("ecdh: private key import failed")
|
||||
t.FailNow()
|
||||
}
|
||||
}
|
||||
|
||||
// Ensure that a private key can be successfully encoded to PEM format, and
|
||||
// the resulting key is properly parsed back in.
|
||||
func TestPrivatePEM(t *testing.T) {
|
||||
prv, err := GenerateKey(rand.Reader, DefaultCurve, nil)
|
||||
if err != nil {
|
||||
fmt.Println(err.Error())
|
||||
t.FailNow()
|
||||
}
|
||||
|
||||
out, err := ExportPrivatePEM(prv)
|
||||
if err != nil {
|
||||
fmt.Println(err.Error())
|
||||
t.FailNow()
|
||||
}
|
||||
|
||||
if dumpEnc {
|
||||
ioutil.WriteFile("test.key", out, 0644)
|
||||
}
|
||||
|
||||
prv2, err := ImportPrivatePEM(out)
|
||||
if err != nil {
|
||||
fmt.Println(err.Error())
|
||||
t.FailNow()
|
||||
} else if !cmpPrivate(prv, prv2) {
|
||||
fmt.Println("ecdh: import from PEM failed")
|
||||
t.FailNow()
|
||||
}
|
||||
}
|
||||
|
||||
// Ensure that a public key can be successfully encoded to PEM format, and
|
||||
// the resulting key is properly parsed back in.
|
||||
func TestPublicPEM(t *testing.T) {
|
||||
prv, err := GenerateKey(rand.Reader, DefaultCurve, nil)
|
||||
if err != nil {
|
||||
fmt.Println(err.Error())
|
||||
t.FailNow()
|
||||
}
|
||||
|
||||
out, err := ExportPublicPEM(&prv.PublicKey)
|
||||
if err != nil {
|
||||
fmt.Println(err.Error())
|
||||
t.FailNow()
|
||||
}
|
||||
|
||||
if dumpEnc {
|
||||
ioutil.WriteFile("test.pem", out, 0644)
|
||||
}
|
||||
|
||||
pub2, err := ImportPublicPEM(out)
|
||||
if err != nil {
|
||||
fmt.Println(err.Error())
|
||||
t.FailNow()
|
||||
} else if !cmpPublic(prv.PublicKey, *pub2) {
|
||||
fmt.Println("ecdh: import from PEM failed")
|
||||
t.FailNow()
|
||||
}
|
||||
}
|
||||
|
||||
// Benchmark the generation of P256 keys.
|
||||
func BenchmarkGenerateKeyP256(b *testing.B) {
|
||||
for i := 0; i < b.N; i++ {
|
||||
|
@ -437,74 +318,27 @@ func TestDecryptShared2(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
// TestMarshalEncryption validates the encode/decode produces a valid
|
||||
// ECIES encryption key.
|
||||
func TestMarshalEncryption(t *testing.T) {
|
||||
prv1, err := GenerateKey(rand.Reader, DefaultCurve, nil)
|
||||
if err != nil {
|
||||
fmt.Println(err.Error())
|
||||
t.FailNow()
|
||||
}
|
||||
|
||||
out, err := MarshalPrivate(prv1)
|
||||
if err != nil {
|
||||
fmt.Println(err.Error())
|
||||
t.FailNow()
|
||||
}
|
||||
|
||||
prv2, err := UnmarshalPrivate(out)
|
||||
if err != nil {
|
||||
fmt.Println(err.Error())
|
||||
t.FailNow()
|
||||
}
|
||||
|
||||
message := []byte("Hello, world.")
|
||||
ct, err := Encrypt(rand.Reader, &prv2.PublicKey, message, nil, nil)
|
||||
if err != nil {
|
||||
fmt.Println(err.Error())
|
||||
t.FailNow()
|
||||
}
|
||||
|
||||
pt, err := prv2.Decrypt(rand.Reader, ct, nil, nil)
|
||||
if err != nil {
|
||||
fmt.Println(err.Error())
|
||||
t.FailNow()
|
||||
}
|
||||
|
||||
if !bytes.Equal(pt, message) {
|
||||
fmt.Println("ecies: plaintext doesn't match message")
|
||||
t.FailNow()
|
||||
}
|
||||
|
||||
_, err = prv1.Decrypt(rand.Reader, ct, nil, nil)
|
||||
if err != nil {
|
||||
fmt.Println(err.Error())
|
||||
t.FailNow()
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
type testCase struct {
|
||||
Curve elliptic.Curve
|
||||
Name string
|
||||
Expected bool
|
||||
Expected *ECIESParams
|
||||
}
|
||||
|
||||
var testCases = []testCase{
|
||||
{
|
||||
Curve: elliptic.P256(),
|
||||
Name: "P256",
|
||||
Expected: true,
|
||||
Expected: ECIES_AES128_SHA256,
|
||||
},
|
||||
{
|
||||
Curve: elliptic.P384(),
|
||||
Name: "P384",
|
||||
Expected: true,
|
||||
Expected: ECIES_AES256_SHA384,
|
||||
},
|
||||
{
|
||||
Curve: elliptic.P521(),
|
||||
Name: "P521",
|
||||
Expected: true,
|
||||
Expected: ECIES_AES256_SHA512,
|
||||
},
|
||||
}
|
||||
|
||||
|
@ -519,10 +353,10 @@ func TestParamSelection(t *testing.T) {
|
|||
|
||||
func testParamSelection(t *testing.T, c testCase) {
|
||||
params := ParamsFromCurve(c.Curve)
|
||||
if params == nil && c.Expected {
|
||||
if params == nil && c.Expected != nil {
|
||||
fmt.Printf("%s (%s)\n", ErrInvalidParams.Error(), c.Name)
|
||||
t.FailNow()
|
||||
} else if params != nil && !c.Expected {
|
||||
} else if params != nil && !cmpParams(params, c.Expected) {
|
||||
fmt.Printf("ecies: parameters should be invalid (%s)\n",
|
||||
c.Name)
|
||||
t.FailNow()
|
||||
|
|
|
@ -114,97 +114,4 @@ func AddParamsForCurve(curve elliptic.Curve, params *ECIESParams) {
|
|||
// Only the curves P256, P384, and P512 are supported.
|
||||
func ParamsFromCurve(curve elliptic.Curve) (params *ECIESParams) {
|
||||
return paramsFromCurve[curve]
|
||||
|
||||
/*
|
||||
switch curve {
|
||||
case elliptic.P256():
|
||||
return ECIES_AES128_SHA256
|
||||
case elliptic.P384():
|
||||
return ECIES_AES256_SHA384
|
||||
case elliptic.P521():
|
||||
return ECIES_AES256_SHA512
|
||||
default:
|
||||
return nil
|
||||
}
|
||||
*/
|
||||
}
|
||||
|
||||
// ASN.1 encode the ECIES parameters relevant to the encryption operations.
|
||||
func paramsToASNECIES(params *ECIESParams) (asnParams asnECIESParameters) {
|
||||
if nil == params {
|
||||
return
|
||||
}
|
||||
asnParams.KDF = asnNISTConcatenationKDF
|
||||
asnParams.MAC = hmacFull
|
||||
switch params.KeyLen {
|
||||
case 16:
|
||||
asnParams.Sym = aes128CTRinECIES
|
||||
case 24:
|
||||
asnParams.Sym = aes192CTRinECIES
|
||||
case 32:
|
||||
asnParams.Sym = aes256CTRinECIES
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
// ASN.1 encode the ECIES parameters relevant to ECDH.
|
||||
func paramsToASNECDH(params *ECIESParams) (algo asnECDHAlgorithm) {
|
||||
switch params.hashAlgo {
|
||||
case crypto.SHA224:
|
||||
algo = dhSinglePass_stdDH_sha224kdf
|
||||
case crypto.SHA256:
|
||||
algo = dhSinglePass_stdDH_sha256kdf
|
||||
case crypto.SHA384:
|
||||
algo = dhSinglePass_stdDH_sha384kdf
|
||||
case crypto.SHA512:
|
||||
algo = dhSinglePass_stdDH_sha512kdf
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
// ASN.1 decode the ECIES parameters relevant to the encryption stage.
|
||||
func asnECIEStoParams(asnParams asnECIESParameters, params *ECIESParams) {
|
||||
if !asnParams.KDF.Cmp(asnNISTConcatenationKDF) {
|
||||
params = nil
|
||||
return
|
||||
} else if !asnParams.MAC.Cmp(hmacFull) {
|
||||
params = nil
|
||||
return
|
||||
}
|
||||
|
||||
switch {
|
||||
case asnParams.Sym.Cmp(aes128CTRinECIES):
|
||||
params.KeyLen = 16
|
||||
params.BlockSize = 16
|
||||
params.Cipher = aes.NewCipher
|
||||
case asnParams.Sym.Cmp(aes192CTRinECIES):
|
||||
params.KeyLen = 24
|
||||
params.BlockSize = 16
|
||||
params.Cipher = aes.NewCipher
|
||||
case asnParams.Sym.Cmp(aes256CTRinECIES):
|
||||
params.KeyLen = 32
|
||||
params.BlockSize = 16
|
||||
params.Cipher = aes.NewCipher
|
||||
default:
|
||||
params = nil
|
||||
}
|
||||
}
|
||||
|
||||
// ASN.1 decode the ECIES parameters relevant to ECDH.
|
||||
func asnECDHtoParams(asnParams asnECDHAlgorithm, params *ECIESParams) {
|
||||
if asnParams.Cmp(dhSinglePass_stdDH_sha224kdf) {
|
||||
params.hashAlgo = crypto.SHA224
|
||||
params.Hash = sha256.New224
|
||||
} else if asnParams.Cmp(dhSinglePass_stdDH_sha256kdf) {
|
||||
params.hashAlgo = crypto.SHA256
|
||||
params.Hash = sha256.New
|
||||
} else if asnParams.Cmp(dhSinglePass_stdDH_sha384kdf) {
|
||||
params.hashAlgo = crypto.SHA384
|
||||
params.Hash = sha512.New384
|
||||
} else if asnParams.Cmp(dhSinglePass_stdDH_sha512kdf) {
|
||||
params.hashAlgo = crypto.SHA512
|
||||
params.Hash = sha512.New
|
||||
} else {
|
||||
params = nil
|
||||
}
|
||||
}
|
||||
|
|
|
@ -42,9 +42,8 @@ type state struct {
|
|||
storage [maxRate]byte
|
||||
|
||||
// Specific to SHA-3 and SHAKE.
|
||||
fixedOutput bool // whether this is a fixed-output-length instance
|
||||
outputLen int // the default output size in bytes
|
||||
state spongeDirection // whether the sponge is absorbing or squeezing
|
||||
outputLen int // the default output size in bytes
|
||||
state spongeDirection // whether the sponge is absorbing or squeezing
|
||||
}
|
||||
|
||||
// BlockSize returns the rate of sponge underlying this hash function.
|
||||
|
|
|
@ -53,15 +53,6 @@ var testShakes = map[string]func() ShakeHash{
|
|||
"SHAKE256": NewShake256,
|
||||
}
|
||||
|
||||
// decodeHex converts a hex-encoded string into a raw byte string.
|
||||
func decodeHex(s string) []byte {
|
||||
b, err := hex.DecodeString(s)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
return b
|
||||
}
|
||||
|
||||
// structs used to marshal JSON test-cases.
|
||||
type KeccakKats struct {
|
||||
Kats map[string][]struct {
|
||||
|
@ -125,7 +116,7 @@ func TestKeccakKats(t *testing.T) {
|
|||
|
||||
// TestUnalignedWrite tests that writing data in an arbitrary pattern with
|
||||
// small input buffers.
|
||||
func testUnalignedWrite(t *testing.T) {
|
||||
func TestUnalignedWrite(t *testing.T) {
|
||||
testUnalignedAndGeneric(t, func(impl string) {
|
||||
buf := sequentialBytes(0x10000)
|
||||
for alg, df := range testDigests {
|
||||
|
|
Loading…
Reference in New Issue