README ¶
# NOTE This implementation is direct fork of Kylom's implementation. I claim no authorship over this code apart from some minor modifications. Please be aware this code **has not yet been reviewed**. ecies implements the Elliptic Curve Integrated Encryption Scheme. The package is designed to be compliant with the appropriate NIST standards, and therefore doesn't support the full SEC 1 algorithm set. STATUS: ecies should be ready for use. The ASN.1 support is only complete so far as to supported the listed algorithms before. CAVEATS 1. CMAC support is currently not present. SUPPORTED ALGORITHMS SYMMETRIC CIPHERS HASH FUNCTIONS AES128 SHA-1 AES192 SHA-224 AES256 SHA-256 SHA-384 ELLIPTIC CURVE SHA-512 P256 P384 KEY DERIVATION FUNCTION P521 NIST SP 800-65a Concatenation KDF Curve P224 isn't supported because it does not provide a minimum security level of AES128 with HMAC-SHA1. According to NIST SP 800-57, the security level of P224 is 112 bits of security. Symmetric ciphers use CTR-mode; message tags are computed using HMAC-<HASH> function. CURVE SELECTION According to NIST SP 800-57, the following curves should be selected: +----------------+-------+ | SYMMETRIC SIZE | CURVE | +----------------+-------+ | 128-bit | P256 | +----------------+-------+ | 192-bit | P384 | +----------------+-------+ | 256-bit | P521 | +----------------+-------+ TODO 1. Look at serialising the parameters with the SEC 1 ASN.1 module. 2. Validate ASN.1 formats with SEC 1. TEST VECTORS The only test vectors I've found so far date from 1993, predating AES and including only 163-bit curves. Therefore, there are no published test vectors to compare to. LICENSE ecies is released under the same license as the Go source code. See the LICENSE file for details. REFERENCES * SEC (Standard for Efficient Cryptography) 1, version 2.0: Elliptic Curve Cryptography; Certicom, May 2009. http://www.secg.org/sec1-v2.pdf * GEC (Guidelines for Efficient Cryptography) 2, version 0.3: Test Vectors for SEC 1; Certicom, September 1999. http://read.pudn.com/downloads168/doc/772358/TestVectorsforSEC%201-gec2.pdf * NIST SP 800-56a: Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography. National Institute of Standards and Technology, May 2007. http://csrc.nist.gov/publications/nistpubs/800-56A/SP800-56A_Revision1_Mar08-2007.pdf * Suite B Implementer’s Guide to NIST SP 800-56A. National Security Agency, July 28, 2009. http://www.nsa.gov/ia/_files/SuiteB_Implementer_G-113808.pdf * NIST SP 800-57: Recommendation for Key Management – Part 1: General (Revision 3). National Institute of Standards and Technology, July 2012. http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf
Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( ErrImport = fmt.Errorf("ecies: failed to import key") ErrInvalidCurve = fmt.Errorf("ecies: invalid elliptic curve") ErrInvalidParams = fmt.Errorf("ecies: invalid ECIES parameters") ErrInvalidPublicKey = fmt.Errorf("ecies: invalid public key") )
var ( ErrKeyDataTooLong = fmt.Errorf("ecies: can't supply requested key data") ErrInvalidMessage = fmt.Errorf("ecies: invalid message") )
var ( DefaultCurve = ethcrypto.S256() ErrUnsupportedECDHAlgorithm = fmt.Errorf("ecies: unsupported ECDH algorithm") ErrUnsupportedECIESParameters = fmt.Errorf("ecies: unsupported ECIES parameters") )
var ( ECIES_AES128_SHA256 = &ECIESParams{ Hash: sha256.New, hashAlgo: crypto.SHA256, Cipher: aes.NewCipher, BlockSize: aes.BlockSize, KeyLen: 16, } ECIES_AES256_SHA256 = &ECIESParams{ Hash: sha256.New, hashAlgo: crypto.SHA256, Cipher: aes.NewCipher, BlockSize: aes.BlockSize, KeyLen: 32, } ECIES_AES256_SHA384 = &ECIESParams{ Hash: sha512.New384, hashAlgo: crypto.SHA384, Cipher: aes.NewCipher, BlockSize: aes.BlockSize, KeyLen: 32, } ECIES_AES256_SHA512 = &ECIESParams{ Hash: sha512.New, hashAlgo: crypto.SHA512, Cipher: aes.NewCipher, BlockSize: aes.BlockSize, KeyLen: 32, } )
Functions ¶
func AddParamsForCurve ¶
func AddParamsForCurve(curve elliptic.Curve, params *ECIESParams)
func Encrypt ¶
Encrypt encrypts a message using ECIES as specified in SEC 1, 5.1.
s1 and s2 contain shared information that is not part of the resulting ciphertext. s1 is fed into key derivation, s2 is fed into the MAC. If the shared information parameters aren't being used, they should be nil.
func MaxSharedKeyLength ¶
MaxSharedKeyLength returns the maximum length of the shared key the public key can produce.
Types ¶
type ECIESParams ¶
type ECIESParams struct { Hash func() hash.Hash // hash function Cipher func([]byte) (cipher.Block, error) // symmetric cipher BlockSize int // block size of symmetric cipher KeyLen int // length of symmetric key // contains filtered or unexported fields }
func ParamsFromCurve ¶
func ParamsFromCurve(curve elliptic.Curve) (params *ECIESParams)
ParamsFromCurve selects parameters optimal for the selected elliptic curve. Only the curves P256, P384, and P512 are supported.
type PrivateKey ¶
PrivateKey is a representation of an elliptic curve private key.
func GenerateKey ¶
func GenerateKey(rand io.Reader, curve elliptic.Curve, params *ECIESParams) (prv *PrivateKey, err error)
Generate an elliptic curve public / private keypair. If params is nil, the recommended default parameters for the key will be chosen.
func ImportECDSA ¶
func ImportECDSA(prv *ecdsa.PrivateKey) *PrivateKey
Import an ECDSA private key as an ECIES private key.
func (*PrivateKey) Decrypt ¶
func (prv *PrivateKey) Decrypt(c, s1, s2 []byte) (m []byte, err error)
Decrypt decrypts an ECIES ciphertext.
func (*PrivateKey) ExportECDSA ¶
func (prv *PrivateKey) ExportECDSA() *ecdsa.PrivateKey
Export an ECIES private key as an ECDSA private key.
func (*PrivateKey) GenerateShared ¶
func (prv *PrivateKey) GenerateShared(pub *PublicKey, skLen, macLen int) (sk []byte, err error)
ECDH key agreement method used to establish secret keys for encryption.
type PublicKey ¶
PublicKey is a representation of an elliptic curve public key.
func ImportECDSAPublic ¶
Import an ECDSA public key as an ECIES public key.
func (*PublicKey) ExportECDSA ¶
Export an ECIES public key as an ECDSA public key.