ecies 0.2.0 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b9b17b5e59affac68ce47a7afe053747c90c287201202fffe9a97550644d6c5c
-  data.tar.gz: 161fb791e8f8e67252ce565fa06fd1196228629e45b3ccbc07384b5b9f207a4a
+  metadata.gz: ccdc4376e7e505685dafd7456609bee87adb7909ee863dea0a02a46bc10ea9ec
+  data.tar.gz: c2c8c601e446e361ea28d9605108ba52b5df6d3444b20093f410ac6cee73621a
 SHA512:
-  metadata.gz: df3185e4b726f977a8834c9718f0cbd9ffedec22f00ff597c7d7e877a1a730283b7d8ef66091a0351c3d5c71939cac60196b613a750c822d0d33e0b7d50b3d90
-  data.tar.gz: 148151802478d20abde87b33cfe0765bda7bf1714507c0e6c818105beeb57fcaf55f5735625c42f9cd7d8b524a09c2e5550b7d91c205e74830988c2f5718b503
+  metadata.gz: 14dcb2ccec245e71d68eb63b520d320c6e39b330a2f01fd59848ce9ff0d6436d90e100eb5b5857bda40b780dedf365d2bfc4f14dbca9ca8b612560bb82a5c111
+  data.tar.gz: dd259230ce124924f5269b1fbb966ea17207ee41dcc206669d1eccc74e62ccd35803f9c96c869011333526cf5c8a03175d671abbf27356d117e5502d42e54d51

checksums.yaml.gz.sig

@@ -1,2 +1,2 @@
-�=�PX�]
-8� ohQPt0�5F{�����5��wf۟:��u�L/"Xs�G�*xR�O�(T~��Z9��Lf�����W�<gW�D
��b��@�R�����Q�Yn�^D{I�e��_�pd��z�߂$��
��&`5�(�?��A�Q��p��
+�������=xu8
+x��;���Y�E�D]B��'�Z�����r���c$�{1�L���kWm�ѓ����2E
��6z�p���

data/.gitignore

@@ -5,3 +5,4 @@ Gemfile.lock
 coverage/
 doc/
 .yardoc/
+.bundle/

data/CHANGELOG.md

@@ -4,9 +4,33 @@ Change log
 This gem follows [Semantic Versioning 2.0.0](http://semver.org/spec/v2.0.0.html).
 All classes and public methods are part of the public API.
 
+0.4.0
+---
+Released on 2023-06-20
+
+- Add support for OpenSSL 3.0.
+- Remove `Crypt.private_key_from_hex` method.
+  - Users can still utilize `OpenSSL::PKey::EC.new` to construct a PKey.
+- `Crypt.public_key_from_hex` now raises `ArgumentError` on an invalid key, rather than an `OpenSSL::PKey::EC::Point::Error`.
+- Explicitly require 'stringio' (thanks thekuwayama!).
+
+0.3.0
+---
+Released on 2018-04-22
+
+- Prevent benign malleability, as suggested in sec1-v2 page 97.
+  - The ECIES process is modified to prevent benign malleability by including the ephemeral public key as an input to the KDF.
+  - All encrypted output generated with previous versions cannot be decrypted with this version, and older versions cannot decrypt output generated with this version.
+  - The choice was made to simply break compatibility early in this library's life, rather than add an extra configuration parameter that should almost always be unused.
+- Add `Crypt.public_key_from_hex` method.
+- Add `Crypt.private_key_from_hex` method.
+- Remove support for hex-encoded keys in `Crypt#encrypt` and `Crypt#decrypt` methods. The above `*_from_hex` helper methods can be used instead.
+- Remove `ec_group` option from `Crypt` constructor.
+- Add `Crypt#to_s` method.
+
 0.2.0
 ---
-Release 2018-04-19
+Released on 2018-04-19
 
 - Add support for hex-encoded keys in `Crypt#encrypt` and `Crypt#decrypt` methods.
 - Add new option `ec_group` in `Crypt` constructor.

data/README.md

@@ -1,14 +1,12 @@
 # ECIES - Elliptical Curve Integrated Encryption System
 
-[![Build Status](https://travis-ci.org/jamoes/ecies.svg?branch=master)](https://travis-ci.org/jamoes/ecies)
-
 ## Description
 
 This library implements Elliptical Curve Integrated Encryption System (ECIES), as specified by [SEC 1: Elliptic Curve Cryptography, Version 2.0](http://www.secg.org/sec1-v2.pdf).
 
 ECIES is a public-key encryption scheme based on ECC. It is designed to be semantically secure in the presence of an adversary capable of launching chosen-plaintext and chosen-ciphertext attacks.
 
-ECIES can be used to encrypt messages to bitcoin addresses with keys published on the blockchain, and subsequently to decrypt messages by the holders of the address's private key.
+ECIES can be used to encrypt messages to bitcoin addresses with public keys published on the blockchain, and subsequently to decrypt messages by the holders of the address's private key.
 
 ## Installation
 
@@ -27,7 +25,7 @@ require 'ecies'
 Intitlialize a key and a `Crypt` object.
 
 ```ruby
-key = OpenSSL::PKey::EC.new('secp256k1').generate_key
+key = OpenSSL::PKey::EC.generate('secp256k1')
 crypt = ECIES::Crypt.new
 ```
 
@@ -48,17 +46,17 @@ crypt.decrypt(key, encrypted) # => "secret message"
 Bitcoin P2PKH addresses themselves contain only *hashes* of public keys (hence the name, pay-to-public-key-hash). However, any time a P2PKH output is spent, the public key associated with the address is published on the blockchain in the transaction's scriptSig. This allows you to encrypt a message to any bitcoin address that has sent a transaction (or published its public key in other ways). To demonstrate this, we'll encrypt a message to Satoshi's public key from Bitcoin's genesis block:
 
 ```ruby
-public_key_hex =
+public_key = ECIES::Crypt.public_key_from_hex(
     "04678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb"\
-    "649f6bc3f4cef38c4f35504e51ec112de5c384df7ba0b8d578a4c702b6bf11d5f"
-encrypted = ECIES::Crypt.new.encrypt(public_key_hex, 'you rock!')
+    "649f6bc3f4cef38c4f35504e51ec112de5c384df7ba0b8d578a4c702b6bf11d5f")
+encrypted = ECIES::Crypt.new.encrypt(public_key, 'secret message')
 ```
 
 To decrypt this message, Satoshi would follow these steps:
 
 ```ruby
-private_key_hex = "<satoshi's private key>"
-ECIES::Crypt.new.decrypt(private_key_hex, encrypted) # => "you rock!"
+private_key = OpenSSL::PKey::EC.new("<PEM/DER encoded private key for genesis block>")
+ECIES::Crypt.new.decrypt(private_key, encrypted) # => "secret message"
 ```
 
 ### Default parameters
@@ -74,8 +72,7 @@ These defaults work well for encrypting messages to bitcoin keys. This library a
 
 ## Compatibility
 
-The sec1-v2 document allows for a many combinations of various algorithms for ECIES. This library only supports a subset of the allowable algorithms.
-
+The sec1-v2 document allows for many combinations of various algorithms for ECIES. This library only supports a subset of the allowable algorithms:
   - Key Derivation Functions
     - Supported:
       - ANSI-X9.63-KDF
@@ -119,6 +116,10 @@ The sec1-v2 document allows for a many combinations of various algorithms for EC
       - 3-key TDES in CBC mode
       - XOR encryption scheme
 
+In addition, the following options have been chosen:
+  - Elliptical curve points are represented in compressed form.
+  - Benign malleability is prevented by including the ephemeral public key as an input to the KDF (sec1-v2 p97).
+
 ## Supported platforms
 
 Ruby 2.0 and above.

data/certs/jamoes.pem

@@ -1,21 +1,26 @@
 -----BEGIN CERTIFICATE-----
-MIIDeDCCAmCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBBMRMwEQYDVQQDDApzam1j
+MIIEeDCCAuCgAwIBAgIBATANBgkqhkiG9w0BAQsFADBBMRMwEQYDVQQDDApzam1j
 Y2FydGh5MRUwEwYKCZImiZPyLGQBGRYFZ21haWwxEzARBgoJkiaJk/IsZAEZFgNj
-b20wHhcNMTgwNDExMDAxMzI4WhcNMTkwNDExMDAxMzI4WjBBMRMwEQYDVQQDDApz
+b20wHhcNMjMwNjIwMjEwMTI2WhcNMjQwNjE5MjEwMTI2WjBBMRMwEQYDVQQDDApz
 am1jY2FydGh5MRUwEwYKCZImiZPyLGQBGRYFZ21haWwxEzARBgoJkiaJk/IsZAEZ
-FgNjb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOk2n/6xgIgrG7
-avtiI8I9DtcdA326qWYpdQSDLhpSsLNiqiIpo8KF1Zfy3lnAj6JBBIbjiaUsbA/i
-Wcip0307dHNXZjr+AgYcL7OEp8EBkfAeZaYWMcVBbjiSxkzYesDxm7nvTOaD317h
-cThBfB9KW1vGEzazomTxSI9sgqCDtWrogMLGag7uTDJ7fKRK6YXz2xncI0uCsmGb
-7vekXpfn0xb6tr4ljSseCsPJHnXK7SKB4dzHsmQJ12A57aaV7C/bGqbQAC6odb6k
-V8dw0fnmHC9OSYjV1b2Xr0VmoiT3YA4XsR0/LbeZvGOyQj8S4eHxgFg7wTVhCkCZ
-D89+p8H5AgMBAAGjezB5MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQW
-BBQffCJK6PE+9XaH56VJoFoCl3ECeDAfBgNVHREEGDAWgRRzam1jY2FydGh5QGdt
-YWlsLmNvbTAfBgNVHRIEGDAWgRRzam1jY2FydGh5QGdtYWlsLmNvbTANBgkqhkiG
-9w0BAQUFAAOCAQEApvFGCB9uyF1mh1UV77YICagARejAIOhzOcZXjlpulI9xXjQY
-0QK6P1GdwwE/pgT7YjfJR7VNFobare4WdfCzoWCFc34t2vJwrqkkOB3U7v3TjB+p
-z/o2pZKLpNEL4bYJBEbd+vAad/nP1v5e2sCmLm86vSoOwiyQnifmP6PSORObbJF4
-455zxYw1un6NfN0m+pnIKwvshKoOCgI05VJGtEolJoo42fnolmNxa2t6B30Mfmf+
-kts216EGG4oP6dVuZmf2Ii2F4lQTBDdZM/cisW8jCkO7KeEzJAPhIw1JJwHltHya
-0TpOI3t2Mz/FJ+rudtz9PJ/d8QvhrF7M7+qH4w==
------END CERTIFICATE-----
+FgNjb20wggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDOGmdomo9zQxUD
+PMEtDYtzY7Fnb/T/TVXAhKMO06Fw84eEMdU4yOUOMapsv6DinBMm0kDjseFkuqm+
+BFYcU7AaGfKOuoPJQ23LuQOBXg5STw+pDKGdoq1th26M1v05Q9hCH4HVlGIiNPzx
+J+0jFoH9qmiNhHxCD03702etb/ppJsCbBGzpMzofbgKQEHIKZNAkVi2RU2QLqXDt
+A44wknz8NkiWahgN24cpLn/euz5G+J4nFgJ32YUBgA/mVXdeEOhxgMCPIbHIxiez
+3c/yymARogxf6e9b3Pcwo1k63zTZYf9YHIM+Q5lKiOWOGQ1lUG3nanB9NhFdUkAk
+PcuEzQUp5/pQmnoM/j+VpeXyvwiNLTzsxNRGfePSZU+oDpkEvlN1qaJXmHRpedWp
+zOcUlVUpwFSWM1WWDGm4FCxoYH8GdYdHVXmUWWm/iPcfLCkXwNUXL+i38OXbVSp2
+aqaXrRtkwZsfmE4PCHVUJyHFeVXLqvgK3DLVPfCGk6ty4X7wuXcCAwEAAaN7MHkw
+CQYDVR0TBAIwADALBgNVHQ8EBAMCBLAwHQYDVR0OBBYEFELj2NEPT2elfT1kefaM
+tcBz+k6QMB8GA1UdEQQYMBaBFHNqbWNjYXJ0aHlAZ21haWwuY29tMB8GA1UdEgQY
+MBaBFHNqbWNjYXJ0aHlAZ21haWwuY29tMA0GCSqGSIb3DQEBCwUAA4IBgQBvbFzT
+zHTVmJ2J3VvWf1J4HFTkLDtRi9lFLtPqvsNczd+FeO3s/pI9/gr56mBgpZ/vLypN
+9CBkk4wR4GLifl8+xuDtVkYYh3Ru9S3ru8iu225aOIfg6MpKH7x+IsShxm7jdEva
+AnqMQ47KEOdRetbBMIHeWtCSxyKhXSJsfoIh+fkQZlIM6+3l0ljTiRxo5Eb1JyEn
+Wb+jyVwJugHuGPb2tB9dx+khKgrv0YQ0lxsIaqSYRT5pb3xZuJNoxj00IsZGOx0J
+s5SzopHnmHWPS0h9CVcTa9QgEz5MbCk1X2rWhmUkGR0pzHdeq6vvWr0pxhpiWJdA
+eaD1Uldg06Zi31RbAARghTuRKzg+SA9/DmglkO479GuEhZvGA0P2fBvKTaVAZR+4
+Lb3ESftZmM+MReXZS5FfAeYJBG5+R/LDyMiuQIz6WLYcPpfHpSX873IXAcNYTCd4
+RVHpiTyCFYjchqoOvSC7rHgf1HpEQbuXsl9RKWhSQOyTGlUGbCCGFDx10Dg=
+-----END CERTIFICATE-----

data/ecies.gemspec

@@ -14,17 +14,14 @@ Gem::Specification.new do |s|
   s.homepage    = 'https://github.com/jamoes/ecies'
   s.license     = 'MIT'
 
-  s.cert_chain  = ['certs/jamoes.pem']
-  s.signing_key = File.expand_path("~/.ssh/gem-private_key.pem") if $0 =~ /gem\z/
-
   s.files       = `git ls-files`.split("\n")
   s.executables = s.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
   s.test_files  = s.files.grep(%r{^(test|spec|features)/})
 
   s.required_ruby_version = '>= 2.0'
 
-  s.add_development_dependency 'bundler', '~> 1'
-  s.add_development_dependency 'rake', '~> 12'
+  s.add_development_dependency 'bundler', '~> 2'
+  s.add_development_dependency 'rake', '~> 13'
   s.add_development_dependency 'rspec', '~> 3.7'
   s.add_development_dependency 'simplecov', '~> 0'
   s.add_development_dependency 'yard', '~> 0.9.12'

data/lib/ecies/crypt.rb

@@ -27,9 +27,6 @@ module ECIES
     #     length will be equal to half the mac_digest's digest_legnth. If
     #     :full, the mac length will be equal to the mac_digest's
     #     digest_length.
-    # @param ec_group [OpenSSL::PKey::EC::Group,String] The elliptical curve
-    #     group to use when the key is passed in hex form to `encrypt` or
-    #     `decrypt`.
     # @param kdf_digest [String,OpenSSL::Digest,nil] The digest algorithm to
     #     use for KDF. If not specified, the `digest` argument will be used.
     # @param mac_digest [String,OpenSSL::Digest,nil] The digest algorithm to
@@ -38,9 +35,8 @@ module ECIES
     #     info used for KDF, also known as SharedInfo1.
     # @param mac_shared_info [String] Optional. A string containing the shared
     #     info used for MAC, also known as SharedInfo2.
-    def initialize(cipher: 'AES-256-CTR', digest: 'SHA256', mac_length: :half, ec_group: 'secp256k1', kdf_digest: nil, mac_digest: nil, kdf_shared_info: '', mac_shared_info: '')
+    def initialize(cipher: 'AES-256-CTR', digest: 'SHA256', mac_length: :half, kdf_digest: nil, mac_digest: nil, kdf_shared_info: '', mac_shared_info: '')
       @cipher = OpenSSL::Cipher.new(cipher)
-      @ec_group = OpenSSL::PKey::EC::Group.new(ec_group)
       @mac_digest = OpenSSL::Digest.new(mac_digest || digest)
       @kdf_digest = OpenSSL::Digest.new(kdf_digest || digest)
       @kdf_shared_info = kdf_shared_info
@@ -57,27 +53,19 @@ module ECIES
 
     # Encrypts a message to a public key using ECIES.
     #
-    # @param key [OpenSSL::EC:PKey,String] The public key. An OpenSSL::EC:PKey
-    #     containing the public key, or a hex-encoded string representing the
-    #     public key on this Crypt's `ec_group`.
+    # @param key [OpenSSL::EC:PKey] The public key.
     # @param message [String] The plain-text message.
     # @return [String] The octet string of the encrypted message.
     def encrypt(key, message)
-      if key.is_a?(String)
-        new_key = OpenSSL::PKey::EC.new(@ec_group)
-        new_key.public_key = OpenSSL::PKey::EC::Point.new(@ec_group, OpenSSL::BN.new(key, 16))
-        key = new_key
-      end
       key.public_key? or raise "Must have public key to encrypt"
       @cipher.reset
 
-      group_copy = OpenSSL::PKey::EC::Group.new(key.group)
-      group_copy.point_conversion_form = :compressed
-      ephemeral_key = OpenSSL::PKey::EC.new(group_copy).generate_key
+      ephemeral_key = OpenSSL::PKey::EC.generate(key.group)
+      ephemeral_public_key_octet = ephemeral_key.public_key.to_octet_string(:compressed)
 
       shared_secret = ephemeral_key.dh_compute_key(key.public_key)
 
-      key_pair = kdf(shared_secret, @cipher.key_len + @mac_length)
+      key_pair = kdf(shared_secret, @cipher.key_len + @mac_length, ephemeral_public_key_octet)
       cipher_key = key_pair.byteslice(0, @cipher.key_len)
       hmac_key = key_pair.byteslice(-@mac_length, @mac_length)
 
@@ -88,42 +76,31 @@ module ECIES
 
       mac = OpenSSL::HMAC.digest(@mac_digest, hmac_key, ciphertext + @mac_shared_info).byteslice(0, @mac_length)
 
-      ephemeral_key.public_key.to_bn.to_s(2) + ciphertext + mac
+      ephemeral_public_key_octet + ciphertext + mac
     end
 
     # Decrypts a message with a private key using ECIES.
     #
     # @param key [OpenSSL::EC:PKey] The private key.
-    # @param key [OpenSSL::EC:PKey,String] The private key. An OpenSSL::EC:PKey
-    #     containing the private key, or a hex-encoded string representing the
-    #     private key on this Crypt's `ec_group`.
     # @param encrypted_message [String] Octet string of the encrypted message.
     # @return [String] The plain-text message.
     def decrypt(key, encrypted_message)
-      if key.is_a?(String)
-        new_key = OpenSSL::PKey::EC.new(@ec_group)
-        new_key.private_key = OpenSSL::BN.new(key, 16)
-        key = new_key
-      end
       key.private_key? or raise "Must have private key to decrypt"
       @cipher.reset
 
-      group_copy = OpenSSL::PKey::EC::Group.new(key.group)
-      group_copy.point_conversion_form = :compressed
-
-      ephemeral_public_key_length = group_copy.generator.to_bn.to_s(2).bytesize
+      ephemeral_public_key_length = key.group.generator.to_octet_string(:compressed).bytesize
       ciphertext_length = encrypted_message.bytesize - ephemeral_public_key_length - @mac_length
       ciphertext_length > 0 or raise OpenSSL::PKey::ECError, "Encrypted message too short"
 
-      ephemeral_public_key_text = encrypted_message.byteslice(0, ephemeral_public_key_length)
+      ephemeral_public_key_octet = encrypted_message.byteslice(0, ephemeral_public_key_length)
       ciphertext = encrypted_message.byteslice(ephemeral_public_key_length, ciphertext_length)
       mac = encrypted_message.byteslice(-@mac_length, @mac_length)
 
-      ephemeral_public_key = OpenSSL::PKey::EC::Point.new(group_copy, OpenSSL::BN.new(ephemeral_public_key_text, 2))
+      ephemeral_public_key = OpenSSL::PKey::EC::Point.new(key.group, OpenSSL::BN.new(ephemeral_public_key_octet, 2))
 
       shared_secret = key.dh_compute_key(ephemeral_public_key)
 
-      key_pair = kdf(shared_secret, @cipher.key_len + @mac_length)
+      key_pair = kdf(shared_secret, @cipher.key_len + @mac_length, ephemeral_public_key_octet)
       cipher_key = key_pair.byteslice(0, @cipher.key_len)
       hmac_key = key_pair.byteslice(-@mac_length, @mac_length)
 
@@ -139,11 +116,13 @@ module ECIES
 
     # Key-derivation function, compatible with ANSI-X9.63-KDF
     #
-    # @param shared_secret [String] The shared secret from which the key will be
-    #     derived.
+    # @param shared_secret [String] The shared secret from which the key will
+    #     be derived.
     # @param length [Integer] The length of the key to generate.
+    # @param shared_info_suffix [String] The suffix to append to the
+    #     shared_info.
     # @return [String] Octet string of the derived key.
-    def kdf(shared_secret, length)
+    def kdf(shared_secret, length, shared_info_suffix)
       length >=0 or raise "length cannot be negative"
       return "" if length == 0
 
@@ -158,11 +137,39 @@ module ECIES
         counter += 1
         counter_bytes = [counter].pack('N')
 
-        io << @kdf_digest.digest(shared_secret + counter_bytes + @kdf_shared_info)
+        io << @kdf_digest.digest(shared_secret + counter_bytes + @kdf_shared_info + shared_info_suffix)
         if io.pos >= length
           return io.string.byteslice(0, length)
         end
       end
     end
+
+    # @return [String] A string representing this Crypt's parameters.
+    def to_s
+      "KDF-#{@kdf_digest.name}_" +
+      "HMAC-SHA-#{@mac_digest.digest_length * 8}-#{@mac_length * 8}_" +
+      @cipher.name
+    end
+
+    # Converts a hex-encoded public key to an `OpenSSL::PKey::EC`.
+    #
+    # @param hex_string [String] The hex-encoded public key.
+    # @param ec_group [OpenSSL::PKey::EC::Group,String] The elliptical curve
+    #     group for this public key.
+    # @return [OpenSSL::PKey::EC] The public key.
+    # @raise [ArgumentError] If the public key is invalid.
+    def self.public_key_from_hex(hex_string, ec_group = 'secp256k1')
+      ec_group = OpenSSL::PKey::EC::Group.new(ec_group) if ec_group.is_a?(String)
+
+      sequence = OpenSSL::ASN1.Sequence([
+        OpenSSL::ASN1.Sequence([
+          OpenSSL::ASN1.ObjectId("id-ecPublicKey"),
+          OpenSSL::ASN1::ObjectId(ec_group.curve_name),
+        ]),
+        OpenSSL::ASN1.BitString([hex_string].pack('H*')),
+      ])
+
+      OpenSSL::PKey::EC.new(sequence.to_der)
+    end
   end
 end

data/lib/ecies/version.rb

@@ -1,4 +1,4 @@
 module ECIES
   # This gem's version.
-  VERSION = '0.2.0'
+  VERSION = '0.4.0'
 end

data/lib/ecies.rb

@@ -1,7 +1,8 @@
 require 'openssl'
+require 'stringio'
 
-require 'ecies/crypt.rb'
-require 'ecies/version.rb'
+require_relative 'ecies/crypt.rb'
+require_relative 'ecies/version.rb'
 
 # The top-level module for the ecies gem.
 module ECIES

data/spec/crypt_spec.rb

@@ -5,89 +5,79 @@ describe ECIES::Crypt do
   describe 'Encryption and decryption' do
 
     it 'Encrypts and decrypts' do
-      key = OpenSSL::PKey::EC.new('secp256k1').generate_key
+      key = OpenSSL::PKey::EC.generate('secp256k1')
       crypt = ECIES::Crypt.new
 
       encrypted = crypt.encrypt(key, 'secret')
       expect(crypt.decrypt(key, encrypted)).to eq 'secret'
+
+      expect{ ECIES::Crypt.new(mac_length: :full).decrypt(key, encrypted) }.to raise_error(OpenSSL::PKey::ECError)
+      expect{ ECIES::Crypt.new(mac_digest: 'sha512').decrypt(key, encrypted) }.to raise_error(OpenSSL::PKey::ECError)
     end
 
     it 'Supports hex-encoded keys' do
-      key = OpenSSL::PKey::EC.new('secp256k1').generate_key
+      key = OpenSSL::PKey::EC.generate('secp256k1')
       public_key_hex = key.public_key.to_bn.to_s(16)
-      private_key_hex = key.private_key.to_s(16)
 
-      crypt = ECIES::Crypt.new
+      public_key = ECIES::Crypt.public_key_from_hex(public_key_hex)
+
+      expect(public_key.public_key).to eq key.public_key
 
-      encrypted = crypt.encrypt(public_key_hex, 'secret')
-      expect(crypt.decrypt(private_key_hex, encrypted)).to eq 'secret'
+      expect{ ECIES::Crypt.public_key_from_hex(public_key_hex, 'secp224k1') }.to raise_error(ArgumentError)
     end
 
     it 'Supports other EC curves' do
-      key = OpenSSL::PKey::EC.new('secp224k1').generate_key
-      crypt = ECIES::Crypt.new(ec_group: key.group)
+      key = OpenSSL::PKey::EC.generate('secp224k1')
+      crypt = ECIES::Crypt.new
 
       encrypted = crypt.encrypt(key, 'secret')
       expect(crypt.decrypt(key, encrypted)).to eq 'secret'
-
-      encrypted = crypt.encrypt(key.public_key.to_bn.to_s(16), 'secret')
-      expect(crypt.decrypt(key.private_key.to_s(16), encrypted)).to eq 'secret'
     end
 
-    it 'Detects invalid hex-encoded points' do
-      key = OpenSSL::PKey::EC.new('secp224k1').generate_key
-      public_key_hex = key.public_key.to_bn.to_s(16)
+    context 'known value' do
+      before(:all) do
+        OpenSSL::PKey::EC.instance_eval do
+          # Overwrites `generate` for both the key generated below, and the
+          # ephemeral_key generated in the `encrypt` method.
+          # The private_key is equal to '2', and the group is 'secp256k1'.
+          def generate(group)
+            OpenSSL::PKey::EC.new("0t\x02\x01\x01\x04 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\xA0\a\x06\x05+\x81\x04\x00\n\xA1D\x03B\x00\x04\xC6\x04\x7F\x94A\xED}m0E@n\x95\xC0|\xD8\\w\x8EK\x8C\xEF<\xA7\xAB\xAC\t\xB9\\p\x9E\xE5\x1A\xE1h\xFE\xA6=\xC39\xA3\xC5\x84\x19Fl\xEA\xEE\xF7\xF62e2f\xD0\xE1#d1\xA9P\xCF\xE5*")
+          end
+        end
 
-      expect{ ECIES::Crypt.new.encrypt(public_key_hex, 'secret') }.to raise_error(OpenSSL::PKey::EC::Point::Error)
-    end
+        @key = OpenSSL::PKey::EC.generate('secp256k1')
+      end
 
-    it 'Encrypts to known values' do
-      OpenSSL::PKey::EC.class_eval do
-        # Overwrites `generate_key` for both the test code below, and the
-        # ephemeral_key generated in the `encrypt` method.
-        def generate_key
-          self.private_key = 2
-          self.public_key = group.generator.mul(private_key)
-          self
+      [
+        [ECIES::Crypt.new, "\x02\xC6\x04\x7F\x94A\xED}m0E@n\x95\xC0|\xD8\\w\x8EK\x8C\xEF<\xA7\xAB\xAC\t\xB9\\p\x9E\xE5C\x9E\xE0\x0FYBZ\xBB\xC8\x95\x93\xC1@\xC6+\xE2/yb\x065\xFF".b],
+        [ECIES::Crypt.new(mac_length: :full), "\x02\xC6\x04\x7F\x94A\xED}m0E@n\x95\xC0|\xD8\\w\x8EK\x8C\xEF<\xA7\xAB\xAC\t\xB9\\p\x9E\xE5C\x9E\xE0\x0FYB\x03.\x1E\x92,[\rI\xBC\xCC\xFD%\xCD)9\v!]]A\xE0\xADc\xBA[\xA4\xF2\xB1\xB5\xC5)\xA4".b],
+        [ECIES::Crypt.new(digest: 'sha512', mac_length: :full), "\x02\xC6\x04\x7F\x94A\xED}m0E@n\x95\xC0|\xD8\\w\x8EK\x8C\xEF<\xA7\xAB\xAC\t\xB9\\p\x9E\xE5\xA2Y\x1A\x7F\xB3\xB2\xA7\xDE\x03\xF4\xA6\e\xD1\x9F\xF9\xD5P\x06\x91\x8EiW\xC82\xD9\xBB\xD2\xC92\xE2\x9F\x15F.\x8C]\xE3Y2\xD3L\xE8\xC4\x9F\xBF\xA5S\x98\x9AYy_Y\xF8\x05\xE7\x19\x9E\xDA\vn;Bvm\xA2`i5:".b],
+        [ECIES::Crypt.new(cipher: 'aes-256-cbc', mac_length: :full), "\x02\xC6\x04\x7F\x94A\xED}m0E@n\x95\xC0|\xD8\\w\x8EK\x8C\xEF<\xA7\xAB\xAC\t\xB9\\p\x9E\xE5\xDF\xCD\x95\xAD!m\xAA/Xv\"\x97\x04\xEE\x9F\xEB^\x1F\xA7\xC9n\xE3\x94l;\xBA\xF2\xBE\xCD\x83\x02+\x02\x9D\x18\x11\x9A\xBEz_\x8A\xDB\xA3\x00\xF7\x8A\x94G".b],
+        [ECIES::Crypt.new(mac_digest: 'sha256', kdf_digest: 'sha512'), "\x02\xC6\x04\x7F\x94A\xED}m0E@n\x95\xC0|\xD8\\w\x8EK\x8C\xEF<\xA7\xAB\xAC\t\xB9\\p\x9E\xE5\xA2Y\x1A\x7F\xB3\xB2l\x9E|\xC4\xBCE r\xA6\xB1k\x93W\xE5d\xE4".b],
+      ].each do |crypt, expected_value|
+        it "matches for #{crypt.to_s}" do
+          encrypted = crypt.encrypt(@key, 'secret')
+          expect(encrypted).to eq expected_value
+          expect(crypt.decrypt(@key, encrypted)).to eq 'secret'
         end
       end
+    end
 
-      key = OpenSSL::PKey::EC.new('secp256k1').generate_key
-
-      crypt = ECIES::Crypt.new
-      crypt_full = ECIES::Crypt.new(mac_length: :full)
-      crypt_sha512 = ECIES::Crypt.new(digest: 'sha512', mac_length: :full)
-      crypt_cbc = ECIES::Crypt.new(cipher: 'aes-256-cbc', mac_length: :full)
-      crypt_mixed = ECIES::Crypt.new(mac_digest: 'sha256', kdf_digest: 'sha512')
-
-      encrypted = crypt.encrypt(key, 'secret')
-      expect(encrypted).to eq "\x02\xC6\x04\x7F\x94A\xED}m0E@n\x95\xC0|\xD8\\w\x8EK\x8C\xEF<\xA7\xAB\xAC\t\xB9\\p\x9E\xE5B;\x12:\x17\xCE\x84\xAB\x9F\x0E%\xCD\x94~\x1E\xBC\x89$\x11\xEE6\xE4".force_encoding(Encoding::BINARY)
-      expect(crypt.decrypt(key, encrypted)).to eq 'secret'
-      expect{ crypt_full.decrypt(key, encrypted) }.to raise_error(OpenSSL::PKey::ECError)
-
-      encrypted = crypt_full.encrypt(key, 'secret')
-      expect(encrypted).to eq "\x02\xC6\x04\x7F\x94A\xED}m0E@n\x95\xC0|\xD8\\w\x8EK\x8C\xEF<\xA7\xAB\xAC\t\xB9\\p\x9E\xE5B;\x12:\x17\xCEo\x9B\xA7\x955\x89\x9FR\xDF\x1C\xED\x00\x86<\n\x04\v\xD6(\x9D\xF5\xF9\x13\xC8/\xD7os(ZsF".force_encoding(Encoding::BINARY)
-      expect(crypt_full.decrypt(key, encrypted)).to eq 'secret'
-      expect{ crypt_sha512.decrypt(key, encrypted) }.to raise_error(OpenSSL::PKey::ECError)
-
-      encrypted = crypt_sha512.encrypt(key, 'secret')
-      expect(encrypted).to eq "\x02\xC6\x04\x7F\x94A\xED}m0E@n\x95\xC0|\xD8\\w\x8EK\x8C\xEF<\xA7\xAB\xAC\t\xB9\\p\x9E\xE5%\r^\xA9\xD9\xDC\xFB\xD7\x14b\xB4\x00\x84\xABl\xEAh\x0Fc\x805\xAF\x1DT\x05\x87`\xA5\xC4\xB7\xB5r\xF6\x89\xB1U0\x0E \xD4\x1E\x16\x184\xE9:\xE7\x951\xF4\xB3\x93\"A\x85\x1F\x9A\x8E\xAD\xE1(\x1D\xB3\xC4\x15\xD3\xB1\xA8\xFB\x1D".force_encoding(Encoding::BINARY)
-      expect(crypt_sha512.decrypt(key, encrypted)).to eq 'secret'
-      expect{ crypt_full.decrypt(key, encrypted) }.to raise_error(OpenSSL::PKey::ECError)
-
-      encrypted = crypt_cbc.encrypt(key, 'secret')
-      expect(encrypted).to eq "\x02\xC6\x04\x7F\x94A\xED}m0E@n\x95\xC0|\xD8\\w\x8EK\x8C\xEF<\xA7\xAB\xAC\t\xB9\\p\x9E\xE5\x1Fj\x04N\eg($\xD4\xFBD\xFFd\xA1\xA3z\x90T#\x1D\x12{3IM\x93!|\xA5\xAF&\xD4+;\e\xA6i.wD\x1F\xCB\xE1\x90{\xB6\x8B\xAF".force_encoding(Encoding::BINARY)
-      expect(crypt_cbc.decrypt(key, encrypted)).to eq 'secret'
-      expect{ crypt_mixed.decrypt(key, encrypted) }.to raise_error(OpenSSL::PKey::ECError)
-
-      encrypted = crypt_mixed.encrypt(key, 'secret')
-      expect(encrypted).to eq "\x02\xC6\x04\x7F\x94A\xED}m0E@n\x95\xC0|\xD8\\w\x8EK\x8C\xEF<\xA7\xAB\xAC\t\xB9\\p\x9E\xE5%\r^\xA9\xD9\xDC\xF5\\\x9A\x04\xE0T\x91\xEA=\xA6W\x84X\xBB\xCA\xB4".force_encoding(Encoding::BINARY)
-      expect(crypt_mixed.decrypt(key, encrypted)).to eq 'secret'
-      expect{ crypt_full.decrypt(key, encrypted) }.to raise_error(OpenSSL::PKey::ECError)
+    it '#to_s' do
+      [
+        [ECIES::Crypt.new,                                             "KDF-SHA256_HMAC-SHA-256-128_AES-256-CTR"],
+        [ECIES::Crypt.new(mac_length: :full),                          "KDF-SHA256_HMAC-SHA-256-256_AES-256-CTR"],
+        [ECIES::Crypt.new(digest: 'sha512'),                           "KDF-SHA512_HMAC-SHA-512-256_AES-256-CTR"],
+        [ECIES::Crypt.new(mac_digest: 'sha512'),                       "KDF-SHA256_HMAC-SHA-512-256_AES-256-CTR"],
+        [ECIES::Crypt.new(mac_digest: 'sha512', kdf_digest: 'sha224'), "KDF-SHA224_HMAC-SHA-512-256_AES-256-CTR"],
+        [ECIES::Crypt.new(cipher: 'aes-128-cbc'),                      "KDF-SHA256_HMAC-SHA-256-128_AES-128-CBC"],
+      ].each do |crypt, expected_value|
+        expect(crypt.to_s).to eq expected_value
+      end
     end
 
     it 'Raises on unknown cipher or digest' do
-      key = OpenSSL::PKey::EC.new('secp256k1').generate_key
+      key = OpenSSL::PKey::EC.generate('secp256k1')
 
       expect{ ECIES::Crypt.new(digest: 'foo') }.to raise_error(RuntimeError)
       expect{ ECIES::Crypt.new(digest: 'md5') }.to raise_error(RuntimeError)
@@ -103,10 +93,8 @@ describe ECIES::Crypt do
     end
   end
 
-
-
   describe '#kdf' do
-    it 'derivates keys correctly' do
+    it 'derives keys correctly' do
       sha256_test_vectors = [
         # [shared_secret, shared_info, expected_key]
         ['96c05619d56c328ab95fe84b18264b08725b85e33fd34f08', '', '443024c3dae66b95e6f5670601558f71'],
@@ -120,16 +108,24 @@ describe ECIES::Crypt do
         shared_info = [shared_info].pack('H*')
         expected_key = [expected_key].pack('H*')
 
-        computed_key = ECIES::Crypt.new(kdf_shared_info: shared_info).kdf(shared_secret, expected_key.size)
-
+        computed_key = ECIES::Crypt.new(kdf_shared_info: shared_info).kdf(shared_secret, expected_key.size, '')
         expect(computed_key).to eq expected_key
       end
     end
 
+    it 'concats kdf_shared_info with shared_info_suffix' do
+      shared_secret = ['22518b10e70f2a3f243810ae3254139efbee04aa57c7af7d'].pack('H*')
+      shared_info = ['75eef81aa3041e33'].pack('H*')
+      shared_info_suffix = ['b80971203d2c0c52'].pack('H*')
+      expected_key = ['c498af77161cc59f2962b9a713e2b215152d139766ce34a776df11866a69bf2e52a13d9c7c6fc878c50c5ea0bc7b00e0da2447cfd874f6cf92f30d0097111485500c90c3af8b487872d04685d14c8d1dc8d7fa08beb0ce0ababc11f0bd496269142d43525a78e5bc79a17f59676a5706dc54d54d4d1f0bd7e386128ec26afc21'].pack('H*')
+
+      computed_key = ECIES::Crypt.new(kdf_shared_info: shared_info).kdf(shared_secret, expected_key.size, shared_info_suffix)
+      expect(computed_key).to eq expected_key
+    end
+
     it 'raises when size is invalid' do
-      expect{ ECIES::Crypt.new.kdf('a', -1) }.to raise_error(RuntimeError)
-      expect{ ECIES::Crypt.new.kdf('a', 32 * 2**32) }.to raise_error(RuntimeError)
+      expect{ ECIES::Crypt.new.kdf('a', -1, '') }.to raise_error(RuntimeError)
+      expect{ ECIES::Crypt.new.kdf('a', 32 * 2**32, '') }.to raise_error(RuntimeError)
     end
   end
-
 end

metadata

@@ -1,36 +1,41 @@
 --- !ruby/object:Gem::Specification
 name: ecies
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.4.0
 platform: ruby
 authors:
 - Stephen McCarthy
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain:
 - |
   -----BEGIN CERTIFICATE-----
-  MIIDeDCCAmCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBBMRMwEQYDVQQDDApzam1j
+  MIIEeDCCAuCgAwIBAgIBATANBgkqhkiG9w0BAQsFADBBMRMwEQYDVQQDDApzam1j
   Y2FydGh5MRUwEwYKCZImiZPyLGQBGRYFZ21haWwxEzARBgoJkiaJk/IsZAEZFgNj
-  b20wHhcNMTgwNDExMDAxMzI4WhcNMTkwNDExMDAxMzI4WjBBMRMwEQYDVQQDDApz
+  b20wHhcNMjMwNjIwMjEwMTI2WhcNMjQwNjE5MjEwMTI2WjBBMRMwEQYDVQQDDApz
   am1jY2FydGh5MRUwEwYKCZImiZPyLGQBGRYFZ21haWwxEzARBgoJkiaJk/IsZAEZ
-  FgNjb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOk2n/6xgIgrG7
-  avtiI8I9DtcdA326qWYpdQSDLhpSsLNiqiIpo8KF1Zfy3lnAj6JBBIbjiaUsbA/i
-  Wcip0307dHNXZjr+AgYcL7OEp8EBkfAeZaYWMcVBbjiSxkzYesDxm7nvTOaD317h
-  cThBfB9KW1vGEzazomTxSI9sgqCDtWrogMLGag7uTDJ7fKRK6YXz2xncI0uCsmGb
-  7vekXpfn0xb6tr4ljSseCsPJHnXK7SKB4dzHsmQJ12A57aaV7C/bGqbQAC6odb6k
-  V8dw0fnmHC9OSYjV1b2Xr0VmoiT3YA4XsR0/LbeZvGOyQj8S4eHxgFg7wTVhCkCZ
-  D89+p8H5AgMBAAGjezB5MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQW
-  BBQffCJK6PE+9XaH56VJoFoCl3ECeDAfBgNVHREEGDAWgRRzam1jY2FydGh5QGdt
-  YWlsLmNvbTAfBgNVHRIEGDAWgRRzam1jY2FydGh5QGdtYWlsLmNvbTANBgkqhkiG
-  9w0BAQUFAAOCAQEApvFGCB9uyF1mh1UV77YICagARejAIOhzOcZXjlpulI9xXjQY
-  0QK6P1GdwwE/pgT7YjfJR7VNFobare4WdfCzoWCFc34t2vJwrqkkOB3U7v3TjB+p
-  z/o2pZKLpNEL4bYJBEbd+vAad/nP1v5e2sCmLm86vSoOwiyQnifmP6PSORObbJF4
-  455zxYw1un6NfN0m+pnIKwvshKoOCgI05VJGtEolJoo42fnolmNxa2t6B30Mfmf+
-  kts216EGG4oP6dVuZmf2Ii2F4lQTBDdZM/cisW8jCkO7KeEzJAPhIw1JJwHltHya
-  0TpOI3t2Mz/FJ+rudtz9PJ/d8QvhrF7M7+qH4w==
+  FgNjb20wggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDOGmdomo9zQxUD
+  PMEtDYtzY7Fnb/T/TVXAhKMO06Fw84eEMdU4yOUOMapsv6DinBMm0kDjseFkuqm+
+  BFYcU7AaGfKOuoPJQ23LuQOBXg5STw+pDKGdoq1th26M1v05Q9hCH4HVlGIiNPzx
+  J+0jFoH9qmiNhHxCD03702etb/ppJsCbBGzpMzofbgKQEHIKZNAkVi2RU2QLqXDt
+  A44wknz8NkiWahgN24cpLn/euz5G+J4nFgJ32YUBgA/mVXdeEOhxgMCPIbHIxiez
+  3c/yymARogxf6e9b3Pcwo1k63zTZYf9YHIM+Q5lKiOWOGQ1lUG3nanB9NhFdUkAk
+  PcuEzQUp5/pQmnoM/j+VpeXyvwiNLTzsxNRGfePSZU+oDpkEvlN1qaJXmHRpedWp
+  zOcUlVUpwFSWM1WWDGm4FCxoYH8GdYdHVXmUWWm/iPcfLCkXwNUXL+i38OXbVSp2
+  aqaXrRtkwZsfmE4PCHVUJyHFeVXLqvgK3DLVPfCGk6ty4X7wuXcCAwEAAaN7MHkw
+  CQYDVR0TBAIwADALBgNVHQ8EBAMCBLAwHQYDVR0OBBYEFELj2NEPT2elfT1kefaM
+  tcBz+k6QMB8GA1UdEQQYMBaBFHNqbWNjYXJ0aHlAZ21haWwuY29tMB8GA1UdEgQY
+  MBaBFHNqbWNjYXJ0aHlAZ21haWwuY29tMA0GCSqGSIb3DQEBCwUAA4IBgQBvbFzT
+  zHTVmJ2J3VvWf1J4HFTkLDtRi9lFLtPqvsNczd+FeO3s/pI9/gr56mBgpZ/vLypN
+  9CBkk4wR4GLifl8+xuDtVkYYh3Ru9S3ru8iu225aOIfg6MpKH7x+IsShxm7jdEva
+  AnqMQ47KEOdRetbBMIHeWtCSxyKhXSJsfoIh+fkQZlIM6+3l0ljTiRxo5Eb1JyEn
+  Wb+jyVwJugHuGPb2tB9dx+khKgrv0YQ0lxsIaqSYRT5pb3xZuJNoxj00IsZGOx0J
+  s5SzopHnmHWPS0h9CVcTa9QgEz5MbCk1X2rWhmUkGR0pzHdeq6vvWr0pxhpiWJdA
+  eaD1Uldg06Zi31RbAARghTuRKzg+SA9/DmglkO479GuEhZvGA0P2fBvKTaVAZR+4
+  Lb3ESftZmM+MReXZS5FfAeYJBG5+R/LDyMiuQIz6WLYcPpfHpSX873IXAcNYTCd4
+  RVHpiTyCFYjchqoOvSC7rHgf1HpEQbuXsl9RKWhSQOyTGlUGbCCGFDx10Dg=
   -----END CERTIFICATE-----
-date: 2018-04-19 00:00:00.000000000 Z
+date: 2023-06-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -38,28 +43,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1'
+        version: '2'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1'
+        version: '2'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '12'
+        version: '13'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '12'
+        version: '13'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -158,7 +163,7 @@ homepage: https://github.com/jamoes/ecies
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -173,9 +178,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
-signing_key: 
+rubygems_version: 3.3.25
+signing_key:
 specification_version: 4
 summary: Elliptical Curve Integrated Encryption System (ECIES), as specified by SEC
   1 - Ver. 2.0