RubyGems - ecies - Versions diffs - 0.2.0 → 0.3.0 - Mend

ecies 0.2.0 → 0.3.0

Files changed (10) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b9b17b5e59affac68ce47a7afe053747c90c287201202fffe9a97550644d6c5c
-  data.tar.gz: 161fb791e8f8e67252ce565fa06fd1196228629e45b3ccbc07384b5b9f207a4a
+  metadata.gz: e8ed7a562b019fdcd96fabaacd5a7617577b0b640812a4473997b82e0beb5bd2
+  data.tar.gz: bc8b871ae2ea77b8d3288c01dc741b5268ca165a8b154c4cf2ce821ce3abdc5e
 SHA512:
-  metadata.gz: df3185e4b726f977a8834c9718f0cbd9ffedec22f00ff597c7d7e877a1a730283b7d8ef66091a0351c3d5c71939cac60196b613a750c822d0d33e0b7d50b3d90
-  data.tar.gz: 148151802478d20abde87b33cfe0765bda7bf1714507c0e6c818105beeb57fcaf55f5735625c42f9cd7d8b524a09c2e5550b7d91c205e74830988c2f5718b503
+  metadata.gz: 7e2c2db8d8b2323d7854a265217ef03d0f82ae4e57b5c597a73e8e348ae9ac06cf981349c6b6cfc8e6bb7b6dd50ed31eb72e4701650e15ca6e42f2703d560022
+  data.tar.gz: 3a34f70a7d4cabe2712681b3ef1bc446a6ee53d578f7051f3e12b4b529d9ca82188471f7787933f28301e8e3008dacba2ae42cabfbc6a236e796c7d0efee73f7

checksums.yaml.gz.sig CHANGED

@@ -1,2 +1,2 @@
-�=�PX�]
-8� ohQPt0�5F{�����5��wf۟:��u�L/"Xs�G�*xR�O�(T~��Z9��Lf�����W�<gW�D��b��@�R�����Q�Yn�^D{I�e��_�pd��z�߂$����&`5�(�?��A�Q��p��
+����a*@hYԍ#F��-��3�?����%@+1��=-j�<X
+���{�%H,��y�[��Z2\9T���1[V����[<`Y�ړD\��L$)��G^ٛ��x��@��#:�Ҿ��Wwz������Ҳ:RU�iA��c��q�

data.tar.gz.sig CHANGED

Binary file

data/CHANGELOG.md CHANGED

@@ -4,9 +4,23 @@ Change log
 This gem follows [Semantic Versioning 2.0.0](http://semver.org/spec/v2.0.0.html).
 All classes and public methods are part of the public API.
+0.3.0
+---
+Released on 2018-04-22
+- Prevent benign malleability, as suggested in sec1-v2 page 97.
+  - The ECIES process is modified to prevent benign malleability by including the ephemeral public key as an input to the KDF.
+  - All encrypted output generated with previous versions cannot be decrypted with this version, and older versions cannot decrypt output generated with this version.
+  - The choice was made to simply break compatibility early in this library's life, rather than add an extra configuration parameter that should almost always be unused.
+- Add `Crypt.public_key_from_hex` method.
+- Add `Crypt.private_key_from_hex` method.
+- Remove support for hex-encoded keys in `Crypt#encrypt` and `Crypt#decrypt` methods. The above `*_from_hex` helper methods can be used instead.
+- Remove `ec_group` option from `Crypt` constructor.
+- Add `Crypt#to_s` method.
 0.2.0
 ---
-Release 2018-04-19
+Released on 2018-04-19
 - Add support for hex-encoded keys in `Crypt#encrypt` and `Crypt#decrypt` methods.
 - Add new option `ec_group` in `Crypt` constructor.

data/README.md CHANGED

@@ -1,6 +1,7 @@
 # ECIES - Elliptical Curve Integrated Encryption System
 [![Build Status](https://travis-ci.org/jamoes/ecies.svg?branch=master)](https://travis-ci.org/jamoes/ecies)
+[![Gem Version](https://badge.fury.io/rb/ecies.svg)](https://badge.fury.io/rb/ecies)
 ## Description
@@ -48,17 +49,17 @@ crypt.decrypt(key, encrypted) # => "secret message"
 Bitcoin P2PKH addresses themselves contain only *hashes* of public keys (hence the name, pay-to-public-key-hash). However, any time a P2PKH output is spent, the public key associated with the address is published on the blockchain in the transaction's scriptSig. This allows you to encrypt a message to any bitcoin address that has sent a transaction (or published its public key in other ways). To demonstrate this, we'll encrypt a message to Satoshi's public key from Bitcoin's genesis block:
 ```ruby
-public_key_hex =
+public_key = ECIES::Crypt.public_key_from_hex(
     "04678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb"\
-    "649f6bc3f4cef38c4f35504e51ec112de5c384df7ba0b8d578a4c702b6bf11d5f"
-encrypted = ECIES::Crypt.new.encrypt(public_key_hex, 'you rock!')
+    "649f6bc3f4cef38c4f35504e51ec112de5c384df7ba0b8d578a4c702b6bf11d5f")
+encrypted = ECIES::Crypt.new.encrypt(public_key, 'you rock!')
 ```
 To decrypt this message, Satoshi would follow these steps:
 ```ruby
-private_key_hex = "<satoshi's private key>"
-ECIES::Crypt.new.decrypt(private_key_hex, encrypted) # => "you rock!"
+private_key = ECIES::Crypt.private_key_from_hex("<satoshi's private key>")
+ECIES::Crypt.new.decrypt(private_key, encrypted) # => "you rock!"
 ```
 ### Default parameters
@@ -74,8 +75,7 @@ These defaults work well for encrypting messages to bitcoin keys. This library a
 ## Compatibility
-The sec1-v2 document allows for a many combinations of various algorithms for ECIES. This library only supports a subset of the allowable algorithms.
+The sec1-v2 document allows for many combinations of various algorithms for ECIES. This library only supports a subset of the allowable algorithms:
   - Key Derivation Functions
     - Supported:
       - ANSI-X9.63-KDF
@@ -119,6 +119,10 @@ The sec1-v2 document allows for a many combinations of various algorithms for EC
       - 3-key TDES in CBC mode
       - XOR encryption scheme
+In addition, the following options have been chosen:
+  - Elliptical curve points are represented in compressed form.
+  - Benign malleability is prevented by including the ephemeral public key as an input to the KDF (sec1-v2 p97).
 ## Supported platforms
 Ruby 2.0 and above.

data/lib/ecies/crypt.rb CHANGED

@@ -27,9 +27,6 @@ module ECIES
     #     length will be equal to half the mac_digest's digest_legnth. If
     #     :full, the mac length will be equal to the mac_digest's
     #     digest_length.
-    # @param ec_group [OpenSSL::PKey::EC::Group,String] The elliptical curve
-    #     group to use when the key is passed in hex form to `encrypt` or
-    #     `decrypt`.
     # @param kdf_digest [String,OpenSSL::Digest,nil] The digest algorithm to
     #     use for KDF. If not specified, the `digest` argument will be used.
     # @param mac_digest [String,OpenSSL::Digest,nil] The digest algorithm to
@@ -38,9 +35,8 @@ module ECIES
     #     info used for KDF, also known as SharedInfo1.
     # @param mac_shared_info [String] Optional. A string containing the shared
     #     info used for MAC, also known as SharedInfo2.
-    def initialize(cipher: 'AES-256-CTR', digest: 'SHA256', mac_length: :half, ec_group: 'secp256k1', kdf_digest: nil, mac_digest: nil, kdf_shared_info: '', mac_shared_info: '')
+    def initialize(cipher: 'AES-256-CTR', digest: 'SHA256', mac_length: :half, kdf_digest: nil, mac_digest: nil, kdf_shared_info: '', mac_shared_info: '')
       @cipher = OpenSSL::Cipher.new(cipher)
-      @ec_group = OpenSSL::PKey::EC::Group.new(ec_group)
       @mac_digest = OpenSSL::Digest.new(mac_digest || digest)
       @kdf_digest = OpenSSL::Digest.new(kdf_digest || digest)
       @kdf_shared_info = kdf_shared_info
@@ -57,27 +53,21 @@ module ECIES
     # Encrypts a message to a public key using ECIES.
     #
-    # @param key [OpenSSL::EC:PKey,String] The public key. An OpenSSL::EC:PKey
-    #     containing the public key, or a hex-encoded string representing the
-    #     public key on this Crypt's `ec_group`.
+    # @param key [OpenSSL::EC:PKey] The public key.
     # @param message [String] The plain-text message.
     # @return [String] The octet string of the encrypted message.
     def encrypt(key, message)
-      if key.is_a?(String)
-        new_key = OpenSSL::PKey::EC.new(@ec_group)
-        new_key.public_key = OpenSSL::PKey::EC::Point.new(@ec_group, OpenSSL::BN.new(key, 16))
-        key = new_key
-      end
       key.public_key? or raise "Must have public key to encrypt"
       @cipher.reset
       group_copy = OpenSSL::PKey::EC::Group.new(key.group)
       group_copy.point_conversion_form = :compressed
       ephemeral_key = OpenSSL::PKey::EC.new(group_copy).generate_key
+      ephemeral_public_key_octet = ephemeral_key.public_key.to_bn.to_s(2)
       shared_secret = ephemeral_key.dh_compute_key(key.public_key)
-      key_pair = kdf(shared_secret, @cipher.key_len + @mac_length)
+      key_pair = kdf(shared_secret, @cipher.key_len + @mac_length, ephemeral_public_key_octet)
       cipher_key = key_pair.byteslice(0, @cipher.key_len)
       hmac_key = key_pair.byteslice(-@mac_length, @mac_length)
@@ -88,23 +78,15 @@ module ECIES
       mac = OpenSSL::HMAC.digest(@mac_digest, hmac_key, ciphertext + @mac_shared_info).byteslice(0, @mac_length)
-      ephemeral_key.public_key.to_bn.to_s(2) + ciphertext + mac
+      ephemeral_public_key_octet + ciphertext + mac
     end
     # Decrypts a message with a private key using ECIES.
     #
     # @param key [OpenSSL::EC:PKey] The private key.
-    # @param key [OpenSSL::EC:PKey,String] The private key. An OpenSSL::EC:PKey
-    #     containing the private key, or a hex-encoded string representing the
-    #     private key on this Crypt's `ec_group`.
     # @param encrypted_message [String] Octet string of the encrypted message.
     # @return [String] The plain-text message.
     def decrypt(key, encrypted_message)
-      if key.is_a?(String)
-        new_key = OpenSSL::PKey::EC.new(@ec_group)
-        new_key.private_key = OpenSSL::BN.new(key, 16)
-        key = new_key
-      end
       key.private_key? or raise "Must have private key to decrypt"
       @cipher.reset
@@ -115,15 +97,15 @@ module ECIES
       ciphertext_length = encrypted_message.bytesize - ephemeral_public_key_length - @mac_length
       ciphertext_length > 0 or raise OpenSSL::PKey::ECError, "Encrypted message too short"
-      ephemeral_public_key_text = encrypted_message.byteslice(0, ephemeral_public_key_length)
+      ephemeral_public_key_octet = encrypted_message.byteslice(0, ephemeral_public_key_length)
       ciphertext = encrypted_message.byteslice(ephemeral_public_key_length, ciphertext_length)
       mac = encrypted_message.byteslice(-@mac_length, @mac_length)
-      ephemeral_public_key = OpenSSL::PKey::EC::Point.new(group_copy, OpenSSL::BN.new(ephemeral_public_key_text, 2))
+      ephemeral_public_key = OpenSSL::PKey::EC::Point.new(group_copy, OpenSSL::BN.new(ephemeral_public_key_octet, 2))
       shared_secret = key.dh_compute_key(ephemeral_public_key)
-      key_pair = kdf(shared_secret, @cipher.key_len + @mac_length)
+      key_pair = kdf(shared_secret, @cipher.key_len + @mac_length, ephemeral_public_key_octet)
       cipher_key = key_pair.byteslice(0, @cipher.key_len)
       hmac_key = key_pair.byteslice(-@mac_length, @mac_length)
@@ -139,11 +121,13 @@ module ECIES
     # Key-derivation function, compatible with ANSI-X9.63-KDF
     #
-    # @param shared_secret [String] The shared secret from which the key will be
-    #     derived.
+    # @param shared_secret [String] The shared secret from which the key will
+    #     be derived.
     # @param length [Integer] The length of the key to generate.
+    # @param shared_info_suffix [String] The suffix to append to the
+    #     shared_info.
     # @return [String] Octet string of the derived key.
-    def kdf(shared_secret, length)
+    def kdf(shared_secret, length, shared_info_suffix)
       length >=0 or raise "length cannot be negative"
       return "" if length == 0
@@ -158,11 +142,51 @@ module ECIES
         counter += 1
         counter_bytes = [counter].pack('N')
-        io << @kdf_digest.digest(shared_secret + counter_bytes + @kdf_shared_info)
+        io << @kdf_digest.digest(shared_secret + counter_bytes + @kdf_shared_info + shared_info_suffix)
         if io.pos >= length
           return io.string.byteslice(0, length)
         end
       end
     end
+    # @return [String] A string representing this Crypt's parameters.
+    def to_s
+      "KDF-#{@kdf_digest.name}_" +
+      "HMAC-SHA-#{@mac_digest.digest_length * 8}-#{@mac_length * 8}_" +
+      @cipher.name
+    end
+    # Converts a hex-encoded public key to an `OpenSSL::PKey::EC`.
+    #
+    # @param hex_string [String] The hex-encoded public key.
+    # @param ec_group [OpenSSL::PKey::EC::Group,String] The elliptical curve
+    #     group for this public key.
+    # @return [OpenSSL::PKey::EC] The public key.
+    # @raise [OpenSSL::PKey::EC::Point::Error] If the public key is invalid.
+    def self.public_key_from_hex(hex_string, ec_group = 'secp256k1')
+      ec_group = OpenSSL::PKey::EC::Group.new(ec_group) if ec_group.is_a?(String)
+      key = OpenSSL::PKey::EC.new(ec_group)
+      key.public_key = OpenSSL::PKey::EC::Point.new(ec_group, OpenSSL::BN.new(hex_string, 16))
+      key
+    end
+    # Converts a hex-encoded private key to an `OpenSSL::PKey::EC`.
+    #
+    # @param hex_string [String] The hex-encoded private key.
+    # @param ec_group [OpenSSL::PKey::EC::Group,String] The elliptical curve
+    #     group for this private key.
+    # @return [OpenSSL::PKey::EC] The private key.
+    # @note The returned key only contains the private component. In order to
+    #     populate the public component of the key, you must compute it as
+    #     follows: `key.public_key = key.group.generator.mul(key.private_key)`.
+    # @raise [OpenSSL::PKey::ECError] If the private key is invalid.
+    def self.private_key_from_hex(hex_string, ec_group = 'secp256k1')
+      ec_group = OpenSSL::PKey::EC::Group.new(ec_group) if ec_group.is_a?(String)
+      key = OpenSSL::PKey::EC.new(ec_group)
+      key.private_key = OpenSSL::BN.new(hex_string, 16)
+      key.private_key < ec_group.order or raise OpenSSL::PKey::ECError, "Private key greater than group's order"
+      key.private_key > 1 or raise OpenSSL::PKey::ECError, "Private key too small"
+      key
+    end
   end
 end

data/lib/ecies/version.rb CHANGED

@@ -1,4 +1,4 @@
 module ECIES
   # This gem's version.
-  VERSION = '0.2.0'
+  VERSION = '0.3.0'
 end

data/spec/crypt_spec.rb CHANGED

@@ -10,6 +10,9 @@ describe ECIES::Crypt do
       encrypted = crypt.encrypt(key, 'secret')
       expect(crypt.decrypt(key, encrypted)).to eq 'secret'
+      expect{ ECIES::Crypt.new(mac_length: :full).decrypt(key, encrypted) }.to raise_error(OpenSSL::PKey::ECError)
+      expect{ ECIES::Crypt.new(mac_digest: 'sha512').decrypt(key, encrypted) }.to raise_error(OpenSSL::PKey::ECError)
     end
     it 'Supports hex-encoded keys' do
@@ -17,73 +20,66 @@ describe ECIES::Crypt do
       public_key_hex = key.public_key.to_bn.to_s(16)
       private_key_hex = key.private_key.to_s(16)
-      crypt = ECIES::Crypt.new
+      public_key = ECIES::Crypt.public_key_from_hex(public_key_hex)
+      private_key = ECIES::Crypt.private_key_from_hex(private_key_hex)
-      encrypted = crypt.encrypt(public_key_hex, 'secret')
-      expect(crypt.decrypt(private_key_hex, encrypted)).to eq 'secret'
+      expect(public_key.public_key).to eq key.public_key
+      expect(private_key.private_key).to eq key.private_key
+      expect{ ECIES::Crypt.public_key_from_hex(public_key_hex, 'secp224k1') }.to raise_error(OpenSSL::PKey::EC::Point::Error)
+      expect{ ECIES::Crypt.private_key_from_hex(private_key_hex, 'secp224k1') }.to raise_error(OpenSSL::PKey::ECError)
+      expect{ ECIES::Crypt.private_key_from_hex("00") }.to raise_error(OpenSSL::PKey::ECError)
     end
     it 'Supports other EC curves' do
       key = OpenSSL::PKey::EC.new('secp224k1').generate_key
-      crypt = ECIES::Crypt.new(ec_group: key.group)
+      crypt = ECIES::Crypt.new
       encrypted = crypt.encrypt(key, 'secret')
       expect(crypt.decrypt(key, encrypted)).to eq 'secret'
-      encrypted = crypt.encrypt(key.public_key.to_bn.to_s(16), 'secret')
-      expect(crypt.decrypt(key.private_key.to_s(16), encrypted)).to eq 'secret'
     end
-    it 'Detects invalid hex-encoded points' do
-      key = OpenSSL::PKey::EC.new('secp224k1').generate_key
-      public_key_hex = key.public_key.to_bn.to_s(16)
+    context 'known value' do
+      before(:all) do
+        OpenSSL::PKey::EC.class_eval do
+          # Overwrites `generate_key` for both the key generated below, and the
+          # ephemeral_key generated in the `encrypt` method.
+          def generate_key
+            self.private_key = 2
+            self.public_key = group.generator.mul(private_key)
+            self
+          end
+        end
-      expect{ ECIES::Crypt.new.encrypt(public_key_hex, 'secret') }.to raise_error(OpenSSL::PKey::EC::Point::Error)
-    end
+        @key = OpenSSL::PKey::EC.new('secp256k1').generate_key
+      end
-    it 'Encrypts to known values' do
-      OpenSSL::PKey::EC.class_eval do
-        # Overwrites `generate_key` for both the test code below, and the
-        # ephemeral_key generated in the `encrypt` method.
-        def generate_key
-          self.private_key = 2
-          self.public_key = group.generator.mul(private_key)
-          self
+      [
+        [ECIES::Crypt.new, "\x02\xC6\x04\x7F\x94A\xED}m0E@n\x95\xC0|\xD8\\w\x8EK\x8C\xEF<\xA7\xAB\xAC\t\xB9\\p\x9E\xE5C\x9E\xE0\x0FYBZ\xBB\xC8\x95\x93\xC1@\xC6+\xE2/yb\x065\xFF".b],
+        [ECIES::Crypt.new(mac_length: :full), "\x02\xC6\x04\x7F\x94A\xED}m0E@n\x95\xC0|\xD8\\w\x8EK\x8C\xEF<\xA7\xAB\xAC\t\xB9\\p\x9E\xE5C\x9E\xE0\x0FYB\x03.\x1E\x92,[\rI\xBC\xCC\xFD%\xCD)9\v!]]A\xE0\xADc\xBA[\xA4\xF2\xB1\xB5\xC5)\xA4".b],
+        [ECIES::Crypt.new(digest: 'sha512', mac_length: :full), "\x02\xC6\x04\x7F\x94A\xED}m0E@n\x95\xC0|\xD8\\w\x8EK\x8C\xEF<\xA7\xAB\xAC\t\xB9\\p\x9E\xE5\xA2Y\x1A\x7F\xB3\xB2\xA7\xDE\x03\xF4\xA6\e\xD1\x9F\xF9\xD5P\x06\x91\x8EiW\xC82\xD9\xBB\xD2\xC92\xE2\x9F\x15F.\x8C]\xE3Y2\xD3L\xE8\xC4\x9F\xBF\xA5S\x98\x9AYy_Y\xF8\x05\xE7\x19\x9E\xDA\vn;Bvm\xA2`i5:".b],
+        [ECIES::Crypt.new(cipher: 'aes-256-cbc', mac_length: :full), "\x02\xC6\x04\x7F\x94A\xED}m0E@n\x95\xC0|\xD8\\w\x8EK\x8C\xEF<\xA7\xAB\xAC\t\xB9\\p\x9E\xE5\xDF\xCD\x95\xAD!m\xAA/Xv\"\x97\x04\xEE\x9F\xEB^\x1F\xA7\xC9n\xE3\x94l;\xBA\xF2\xBE\xCD\x83\x02+\x02\x9D\x18\x11\x9A\xBEz_\x8A\xDB\xA3\x00\xF7\x8A\x94G".b],
+        [ECIES::Crypt.new(mac_digest: 'sha256', kdf_digest: 'sha512'), "\x02\xC6\x04\x7F\x94A\xED}m0E@n\x95\xC0|\xD8\\w\x8EK\x8C\xEF<\xA7\xAB\xAC\t\xB9\\p\x9E\xE5\xA2Y\x1A\x7F\xB3\xB2l\x9E|\xC4\xBCE r\xA6\xB1k\x93W\xE5d\xE4".b],
+      ].each do |crypt, expected_value|
+        it "matches for #{crypt.to_s}" do
+          encrypted = crypt.encrypt(@key, 'secret')
+          expect(encrypted).to eq expected_value
+          expect(crypt.decrypt(@key, encrypted)).to eq 'secret'
         end
       end
+    end
-      key = OpenSSL::PKey::EC.new('secp256k1').generate_key
-      crypt = ECIES::Crypt.new
-      crypt_full = ECIES::Crypt.new(mac_length: :full)
-      crypt_sha512 = ECIES::Crypt.new(digest: 'sha512', mac_length: :full)
-      crypt_cbc = ECIES::Crypt.new(cipher: 'aes-256-cbc', mac_length: :full)
-      crypt_mixed = ECIES::Crypt.new(mac_digest: 'sha256', kdf_digest: 'sha512')
-      encrypted = crypt.encrypt(key, 'secret')
-      expect(encrypted).to eq "\x02\xC6\x04\x7F\x94A\xED}m0E@n\x95\xC0|\xD8\\w\x8EK\x8C\xEF<\xA7\xAB\xAC\t\xB9\\p\x9E\xE5B;\x12:\x17\xCE\x84\xAB\x9F\x0E%\xCD\x94~\x1E\xBC\x89$\x11\xEE6\xE4".force_encoding(Encoding::BINARY)
-      expect(crypt.decrypt(key, encrypted)).to eq 'secret'
-      expect{ crypt_full.decrypt(key, encrypted) }.to raise_error(OpenSSL::PKey::ECError)
-      encrypted = crypt_full.encrypt(key, 'secret')
-      expect(encrypted).to eq "\x02\xC6\x04\x7F\x94A\xED}m0E@n\x95\xC0|\xD8\\w\x8EK\x8C\xEF<\xA7\xAB\xAC\t\xB9\\p\x9E\xE5B;\x12:\x17\xCEo\x9B\xA7\x955\x89\x9FR\xDF\x1C\xED\x00\x86<\n\x04\v\xD6(\x9D\xF5\xF9\x13\xC8/\xD7os(ZsF".force_encoding(Encoding::BINARY)
-      expect(crypt_full.decrypt(key, encrypted)).to eq 'secret'
-      expect{ crypt_sha512.decrypt(key, encrypted) }.to raise_error(OpenSSL::PKey::ECError)
-      encrypted = crypt_sha512.encrypt(key, 'secret')
-      expect(encrypted).to eq "\x02\xC6\x04\x7F\x94A\xED}m0E@n\x95\xC0|\xD8\\w\x8EK\x8C\xEF<\xA7\xAB\xAC\t\xB9\\p\x9E\xE5%\r^\xA9\xD9\xDC\xFB\xD7\x14b\xB4\x00\x84\xABl\xEAh\x0Fc\x805\xAF\x1DT\x05\x87`\xA5\xC4\xB7\xB5r\xF6\x89\xB1U0\x0E \xD4\x1E\x16\x184\xE9:\xE7\x951\xF4\xB3\x93\"A\x85\x1F\x9A\x8E\xAD\xE1(\x1D\xB3\xC4\x15\xD3\xB1\xA8\xFB\x1D".force_encoding(Encoding::BINARY)
-      expect(crypt_sha512.decrypt(key, encrypted)).to eq 'secret'
-      expect{ crypt_full.decrypt(key, encrypted) }.to raise_error(OpenSSL::PKey::ECError)
-      encrypted = crypt_cbc.encrypt(key, 'secret')
-      expect(encrypted).to eq "\x02\xC6\x04\x7F\x94A\xED}m0E@n\x95\xC0|\xD8\\w\x8EK\x8C\xEF<\xA7\xAB\xAC\t\xB9\\p\x9E\xE5\x1Fj\x04N\eg($\xD4\xFBD\xFFd\xA1\xA3z\x90T#\x1D\x12{3IM\x93!|\xA5\xAF&\xD4+;\e\xA6i.wD\x1F\xCB\xE1\x90{\xB6\x8B\xAF".force_encoding(Encoding::BINARY)
-      expect(crypt_cbc.decrypt(key, encrypted)).to eq 'secret'
-      expect{ crypt_mixed.decrypt(key, encrypted) }.to raise_error(OpenSSL::PKey::ECError)
-      encrypted = crypt_mixed.encrypt(key, 'secret')
-      expect(encrypted).to eq "\x02\xC6\x04\x7F\x94A\xED}m0E@n\x95\xC0|\xD8\\w\x8EK\x8C\xEF<\xA7\xAB\xAC\t\xB9\\p\x9E\xE5%\r^\xA9\xD9\xDC\xF5\\\x9A\x04\xE0T\x91\xEA=\xA6W\x84X\xBB\xCA\xB4".force_encoding(Encoding::BINARY)
-      expect(crypt_mixed.decrypt(key, encrypted)).to eq 'secret'
-      expect{ crypt_full.decrypt(key, encrypted) }.to raise_error(OpenSSL::PKey::ECError)
+    it '#to_s' do
+      [
+        [ECIES::Crypt.new,                                             "KDF-SHA256_HMAC-SHA-256-128_AES-256-CTR"],
+        [ECIES::Crypt.new(mac_length: :full),                          "KDF-SHA256_HMAC-SHA-256-256_AES-256-CTR"],
+        [ECIES::Crypt.new(digest: 'sha512'),                           "KDF-SHA512_HMAC-SHA-512-256_AES-256-CTR"],
+        [ECIES::Crypt.new(mac_digest: 'sha512'),                       "KDF-SHA256_HMAC-SHA-512-256_AES-256-CTR"],
+        [ECIES::Crypt.new(mac_digest: 'sha512', kdf_digest: 'sha224'), "KDF-SHA224_HMAC-SHA-512-256_AES-256-CTR"],
+        [ECIES::Crypt.new(cipher: 'aes-128-cbc'),                      "KDF-SHA256_HMAC-SHA-256-128_AES-128-CBC"],
+      ].each do |crypt, expected_value|
+        expect(crypt.to_s).to eq expected_value
+      end
     end
     it 'Raises on unknown cipher or digest' do
@@ -103,10 +99,8 @@ describe ECIES::Crypt do
     end
   end
   describe '#kdf' do
-    it 'derivates keys correctly' do
+    it 'derives keys correctly' do
       sha256_test_vectors = [
         # [shared_secret, shared_info, expected_key]
         ['96c05619d56c328ab95fe84b18264b08725b85e33fd34f08', '', '443024c3dae66b95e6f5670601558f71'],
@@ -120,16 +114,24 @@ describe ECIES::Crypt do
         shared_info = [shared_info].pack('H*')
         expected_key = [expected_key].pack('H*')
-        computed_key = ECIES::Crypt.new(kdf_shared_info: shared_info).kdf(shared_secret, expected_key.size)
+        computed_key = ECIES::Crypt.new(kdf_shared_info: shared_info).kdf(shared_secret, expected_key.size, '')
         expect(computed_key).to eq expected_key
       end
     end
+    it 'concats kdf_shared_info with shared_info_suffix' do
+      shared_secret = ['22518b10e70f2a3f243810ae3254139efbee04aa57c7af7d'].pack('H*')
+      shared_info = ['75eef81aa3041e33'].pack('H*')
+      shared_info_suffix = ['b80971203d2c0c52'].pack('H*')
+      expected_key = ['c498af77161cc59f2962b9a713e2b215152d139766ce34a776df11866a69bf2e52a13d9c7c6fc878c50c5ea0bc7b00e0da2447cfd874f6cf92f30d0097111485500c90c3af8b487872d04685d14c8d1dc8d7fa08beb0ce0ababc11f0bd496269142d43525a78e5bc79a17f59676a5706dc54d54d4d1f0bd7e386128ec26afc21'].pack('H*')
+      computed_key = ECIES::Crypt.new(kdf_shared_info: shared_info).kdf(shared_secret, expected_key.size, shared_info_suffix)
+      expect(computed_key).to eq expected_key
+    end
     it 'raises when size is invalid' do
-      expect{ ECIES::Crypt.new.kdf('a', -1) }.to raise_error(RuntimeError)
-      expect{ ECIES::Crypt.new.kdf('a', 32 * 2**32) }.to raise_error(RuntimeError)
+      expect{ ECIES::Crypt.new.kdf('a', -1, '') }.to raise_error(RuntimeError)
+      expect{ ECIES::Crypt.new.kdf('a', 32 * 2**32, '') }.to raise_error(RuntimeError)
     end
   end
 end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ecies
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Stephen McCarthy
@@ -30,7 +30,7 @@ cert_chain:
   kts216EGG4oP6dVuZmf2Ii2F4lQTBDdZM/cisW8jCkO7KeEzJAPhIw1JJwHltHya
   0TpOI3t2Mz/FJ+rudtz9PJ/d8QvhrF7M7+qH4w==
   -----END CERTIFICATE-----
-date: 2018-04-19 00:00:00.000000000 Z
+date: 2018-04-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler

metadata.gz.sig CHANGED

@@ -1,2 +1 @@
-'t�t��M�%Co�;��y/t=W6]\�@�(�p�/���%��:d>Ѷ3/�?����T���w�靺���`�*��Pj�)�܂��
-��x�jGZLۋ��k[r�\Ƙu;*�=�`��\/)
+Ġ�Jd�cs��?�	�-�ܞ���j��������`%4���@���]"�J�|]����v�k�F�Z�*��}�YZ+��EI�o�&|�MϲI�DB��7��QzŖI�8Oě�K�>�Tm�7��x�Ր:��Һ����0�7��i�'�p-װ�����{!0^�c-=赌��-�C"�ѿ�V5�Qs�bj�ꢳ�/e҃Lp����w&�:��/�xo��%��5L�c����(�e˚��F��