RubyGems - ecies - Versions diffs - 0.2.0 → 0.3.0 - Mend

ecies 0.2.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b9b17b5e59affac68ce47a7afe053747c90c287201202fffe9a97550644d6c5c
-  data.tar.gz: 161fb791e8f8e67252ce565fa06fd1196228629e45b3ccbc07384b5b9f207a4a
+  metadata.gz: e8ed7a562b019fdcd96fabaacd5a7617577b0b640812a4473997b82e0beb5bd2
+  data.tar.gz: bc8b871ae2ea77b8d3288c01dc741b5268ca165a8b154c4cf2ce821ce3abdc5e
 SHA512:
-  metadata.gz: df3185e4b726f977a8834c9718f0cbd9ffedec22f00ff597c7d7e877a1a730283b7d8ef66091a0351c3d5c71939cac60196b613a750c822d0d33e0b7d50b3d90
-  data.tar.gz: 148151802478d20abde87b33cfe0765bda7bf1714507c0e6c818105beeb57fcaf55f5735625c42f9cd7d8b524a09c2e5550b7d91c205e74830988c2f5718b503
+  metadata.gz: 7e2c2db8d8b2323d7854a265217ef03d0f82ae4e57b5c597a73e8e348ae9ac06cf981349c6b6cfc8e6bb7b6dd50ed31eb72e4701650e15ca6e42f2703d560022
+  data.tar.gz: 3a34f70a7d4cabe2712681b3ef1bc446a6ee53d578f7051f3e12b4b529d9ca82188471f7787933f28301e8e3008dacba2ae42cabfbc6a236e796c7d0efee73f7

checksums.yaml.gz.sig CHANGED

@@ -1,2 +1,2 @@
-�=�PX�]
-8� ohQPt0�5F{�����5��wf۟:��u�L/"Xs�G�*xR�O�(T~��Z9��Lf�����W�<gW�D��b��@�R�����Q�Yn�^D{I�e��_�pd��z�߂$����&`5�(�?��A�Q��p��
+����a*@hYԍ#F��-��3�?����%@+1��=-j�<X
+���{�%H,��y�[��Z2\9T���1[V����[<`Y�ړD\��L$)��G^ٛ��x��@��#:�Ҿ��Wwz������Ҳ:RU�iA��c��q�

data.tar.gz.sig CHANGED

Binary file

data/CHANGELOG.md CHANGED

@@ -4,9 +4,23 @@ Change log
 This gem follows [Semantic Versioning 2.0.0](http://semver.org/spec/v2.0.0.html).
 All classes and public methods are part of the public API.
+0.3.0
+---
+Released on 2018-04-22
+- Prevent benign malleability, as suggested in sec1-v2 page 97.
+  - The ECIES process is modified to prevent benign malleability by including the ephemeral public key as an input to the KDF.
+  - All encrypted output generated with previous versions cannot be decrypted with this version, and older versions cannot decrypt output generated with this version.
+  - The choice was made to simply break compatibility early in this library's life, rather than add an extra configuration parameter that should almost always be unused.
+- Add `Crypt.public_key_from_hex` method.
+- Add `Crypt.private_key_from_hex` method.
+- Remove support for hex-encoded keys in `Crypt#encrypt` and `Crypt#decrypt` methods. The above `*_from_hex` helper methods can be used instead.
+- Remove `ec_group` option from `Crypt` constructor.
+- Add `Crypt#to_s` method.
 0.2.0
 ---
-Release 2018-04-19
+Released on 2018-04-19
 - Add support for hex-encoded keys in `Crypt#encrypt` and `Crypt#decrypt` methods.
 - Add new option `ec_group` in `Crypt` constructor.

data/README.md CHANGED

@@ -1,6 +1,7 @@
 # ECIES - Elliptical Curve Integrated Encryption System
 [![Build Status](https://travis-ci.org/jamoes/ecies.svg?branch=master)](https://travis-ci.org/jamoes/ecies)
+[![Gem Version](https://badge.fury.io/rb/ecies.svg)](https://badge.fury.io/rb/ecies)
 ## Description
@@ -48,17 +49,17 @@ crypt.decrypt(key, encrypted) # => "secret message"
 Bitcoin P2PKH addresses themselves contain only *hashes* of public keys (hence the name, pay-to-public-key-hash). However, any time a P2PKH output is spent, the public key associated with the address is published on the blockchain in the transaction's scriptSig. This allows you to encrypt a message to any bitcoin address that has sent a transaction (or published its public key in other ways). To demonstrate this, we'll encrypt a message to Satoshi's public key from Bitcoin's genesis block:
 ```ruby
-public_key_hex =
+public_key = ECIES::Crypt.public_key_from_hex(
     "04678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb"\
-    "649f6bc3f4cef38c4f35504e51ec112de5c384df7ba0b8d578a4c702b6bf11d5f"
-encrypted = ECIES::Crypt.new.encrypt(public_key_hex, 'you rock!')
+    "649f6bc3f4cef38c4f35504e51ec112de5c384df7ba0b8d578a4c702b6bf11d5f")
+encrypted = ECIES::Crypt.new.encrypt(public_key, 'you rock!')
 ```
 To decrypt this message, Satoshi would follow these steps:
 ```ruby
-private_key_hex = "<satoshi's private key>"
-ECIES::Crypt.new.decrypt(private_key_hex, encrypted) # => "you rock!"
+private_key = ECIES::Crypt.private_key_from_hex("<satoshi's private key>")
+ECIES::Crypt.new.decrypt(private_key, encrypted) # => "you rock!"
 ```
 ### Default parameters
@@ -74,8 +75,7 @@ These defaults work well for encrypting messages to bitcoin keys. This library a
 ## Compatibility
-The sec1-v2 document allows for a many combinations of various algorithms for ECIES. This library only supports a subset of the allowable algorithms.
+The sec1-v2 document allows for many combinations of various algorithms for ECIES. This library only supports a subset of the allowable algorithms:
   - Key Derivation Functions
     - Supported:
       - ANSI-X9.63-KDF
@@ -119,6 +119,10 @@ The sec1-v2 document allows for a many combinations of various algorithms for EC
       - 3-key TDES in CBC mode
       - XOR encryption scheme
+In addition, the following options have been chosen:
+  - Elliptical curve points are represented in compressed form.
+  - Benign malleability is prevented by including the ephemeral public key as an input to the KDF (sec1-v2 p97).
 ## Supported platforms
 Ruby 2.0 and above.

data/lib/ecies/crypt.rb CHANGED

@@ -27,9 +27,6 @@ module ECIES
     #     length will be equal to half the mac_digest's digest_legnth. If
     #     :full, the mac length will be equal to the mac_digest's
     #     digest_length.
-    # @param ec_group [OpenSSL::PKey::EC::Group,String] The elliptical curve
-    #     group to use when the key is passed in hex form to `encrypt` or
-    #     `decrypt`.
     # @param kdf_digest [String,OpenSSL::Digest,nil] The digest algorithm to
     #     use for KDF. If not specified, the `digest` argument will be used.
     # @param mac_digest [String,OpenSSL::Digest,nil] The digest algorithm to
@@ -38,9 +35,8 @@ module ECIES
     #     info used for KDF, also known as SharedInfo1.
     # @param mac_shared_info [String] Optional. A string containing the shared
     #     info used for MAC, also known as SharedInfo2.
-    def initialize(cipher: 'AES-256-CTR', digest: 'SHA256', mac_length: :half, ec_group: 'secp256k1', kdf_digest: nil, mac_digest: nil, kdf_shared_info: '', mac_shared_info: '')
+    def initialize(cipher: 'AES-256-CTR', digest: 'SHA256', mac_length: :half, kdf_digest: nil, mac_digest: nil, kdf_shared_info: '', mac_shared_info: '')
       @cipher = OpenSSL::Cipher.new(cipher)
-      @ec_group = OpenSSL::PKey::EC::Group.new(ec_group)
       @mac_digest = OpenSSL::Digest.new(mac_digest || digest)
       @kdf_digest = OpenSSL::Digest.new(kdf_digest || digest)
       @kdf_shared_info = kdf_shared_info
@@ -57,27 +53,21 @@ module ECIES
     # Encrypts a message to a public key using ECIES.
     #
-    # @param key [OpenSSL::EC:PKey,String] The public key. An OpenSSL::EC:PKey
-    #     containing the public key, or a hex-encoded string representing the
-    #     public key on this Crypt's `ec_group`.
+    # @param key [OpenSSL::EC:PKey] The public key.
     # @param message [String] The plain-text message.
     # @return [String] The octet string of the encrypted message.
     def encrypt(key, message)
-      if key.is_a?(String)
-        new_key = OpenSSL::PKey::EC.new(@ec_group)
-        new_key.public_key = OpenSSL::PKey::EC::Point.new(@ec_group, OpenSSL::BN.new(key, 16))
-        key = new_key
-      end
       key.public_key? or raise "Must have public key to encrypt"
       @cipher.reset
       group_copy = OpenSSL::PKey::EC::Group.new(key.group)
       group_copy.point_conversion_form = :compressed
       ephemeral_key = OpenSSL::PKey::EC.new(group_copy).generate_key
+      ephemeral_public_key_octet = ephemeral_key.public_key.to_bn.to_s(2)
       shared_secret = ephemeral_key.dh_compute_key(key.public_key)
-      key_pair = kdf(shared_secret, @cipher.key_len + @mac_length)
+      key_pair = kdf(shared_secret, @cipher.key_len + @mac_length, ephemeral_public_key_octet)
       cipher_key = key_pair.byteslice(0, @cipher.key_len)
       hmac_key = key_pair.byteslice(-@mac_length, @mac_length)
@@ -88,23 +78,15 @@ module ECIES
       mac = OpenSSL::HMAC.digest(@mac_digest, hmac_key, ciphertext + @mac_shared_info).byteslice(0, @mac_length)
-      ephemeral_key.public_key.to_bn.to_s(2) + ciphertext + mac
+      ephemeral_public_key_octet + ciphertext + mac
     end
     # Decrypts a message with a private key using ECIES.
     #
     # @param key [OpenSSL::EC:PKey] The private key.
-    # @param key [OpenSSL::EC:PKey,String] The private key. An OpenSSL::EC:PKey
-    #     containing the private key, or a hex-encoded string representing the
-    #     private key on this Crypt's `ec_group`.
     # @param encrypted_message [String] Octet string of the encrypted message.
     # @return [String] The plain-text message.
     def decrypt(key, encrypted_message)
-      if key.is_a?(String)
-        new_key = OpenSSL::PKey::EC.new(@ec_group)
-        new_key.private_key = OpenSSL::BN.new(key, 16)
-        key = new_key
-      end
       key.private_key? or raise "Must have private key to decrypt"
       @cipher.reset
@@ -115,15 +97,15 @@ module ECIES
       ciphertext_length = encrypted_message.bytesize - ephemeral_public_key_length - @mac_length
       ciphertext_length > 0 or raise OpenSSL::PKey::ECError, "Encrypted message too short"
-      ephemeral_public_key_text = encrypted_message.byteslice(0, ephemeral_public_key_length)
+      ephemeral_public_key_octet = encrypted_message.byteslice(0, ephemeral_public_key_length)
       ciphertext = encrypted_message.byteslice(ephemeral_public_key_length, ciphertext_length)
       mac = encrypted_message.byteslice(-@mac_length, @mac_length)
-      ephemeral_public_key = OpenSSL::PKey::EC::Point.new(group_copy, OpenSSL::BN.new(ephemeral_public_key_text, 2))
+      ephemeral_public_key = OpenSSL::PKey::EC::Point.new(group_copy, OpenSSL::BN.new(ephemeral_public_key_octet, 2))
       shared_secret = key.dh_compute_key(ephemeral_public_key)
-      key_pair = kdf(shared_secret, @cipher.key_len + @mac_length)
+      key_pair = kdf(shared_secret, @cipher.key_len + @mac_length, ephemeral_public_key_octet)
       cipher_key = key_pair.byteslice(0, @cipher.key_len)
       hmac_key = key_pair.byteslice(-@mac_length, @mac_length)
@@ -139,11 +121,13 @@ module ECIES
     # Key-derivation function, compatible with ANSI-X9.63-KDF
     #
-    # @param shared_secret [String] The shared secret from which the key will be
-    #     derived.
+    # @param shared_secret [String] The shared secret from which the key will
+    #     be derived.
     # @param length [Integer] The length of the key to generate.
+    # @param shared_info_suffix [String] The suffix to append to the
+    #     shared_info.
     # @return [String] Octet string of the derived key.
-    def kdf(shared_secret, length)
+    def kdf(shared_secret, length, shared_info_suffix)
       length >=0 or raise "length cannot be negative"
       return "" if length == 0
@@ -158,11 +142,51 @@ module ECIES
         counter += 1
         counter_bytes = [counter].pack('N')
-        io << @kdf_digest.digest(shared_secret + counter_bytes + @kdf_shared_info)
+        io << @kdf_digest.digest(shared_secret + counter_bytes + @kdf_shared_info + shared_info_suffix)
         if io.pos >= length
           return io.string.byteslice(0, length)
         end
       end
     end
+    # @return [String] A string representing this Crypt's parameters.
+    def to_s
+      "KDF-#{@kdf_digest.name}_" +
+      "HMAC-SHA-#{@mac_digest.digest_length * 8}-#{@mac_length * 8}_" +
+      @cipher.name
+    end
+    # Converts a hex-encoded public key to an `OpenSSL::PKey::EC`.
+    #
+    # @param hex_string [String] The hex-encoded public key.
+    # @param ec_group [OpenSSL::PKey::EC::Group,String] The elliptical curve
+    #     group for this public key.
+    # @return [OpenSSL::PKey::EC] The public key.
+    # @raise [OpenSSL::PKey::EC::Point::Error] If the public key is invalid.
+    def self.public_key_from_hex(hex_string, ec_group = 'secp256k1')
+      ec_group = OpenSSL::PKey::EC::Group.new(ec_group) if ec_group.is_a?(String)
+      key = OpenSSL::PKey::EC.new(ec_group)
+      key.public_key = OpenSSL::PKey::EC::Point.new(ec_group, OpenSSL::BN.new(hex_string, 16))
+      key
+    end
+    # Converts a hex-encoded private key to an `OpenSSL::PKey::EC`.
+    #
+    # @param hex_string [String] The hex-encoded private key.
+    # @param ec_group [OpenSSL::PKey::EC::Group,String] The elliptical curve
+    #     group for this private key.
+    # @return [OpenSSL::PKey::EC] The private key.
+    # @note The returned key only contains the private component. In order to
+    #     populate the public component of the key, you must compute it as
+    #     follows: `key.public_key = key.group.generator.mul(key.private_key)`.
+    # @raise [OpenSSL::PKey::ECError] If the private key is invalid.
+    def self.private_key_from_hex(hex_string, ec_group = 'secp256k1')
+      ec_group = OpenSSL::PKey::EC::Group.new(ec_group) if ec_group.is_a?(String)
+      key = OpenSSL::PKey::EC.new(ec_group)
+      key.private_key = OpenSSL::BN.new(hex_string, 16)
+      key.private_key < ec_group.order or raise OpenSSL::PKey::ECError, "Private key greater than group's order"
+      key.private_key > 1 or raise OpenSSL::PKey::ECError, "Private key too small"
+      key
+    end
   end
 end

data/lib/ecies/version.rb CHANGED

@@ -1,4 +1,4 @@
 module ECIES
   # This gem's version.
-  VERSION = '0.2.0'
+  VERSION = '0.3.0'
 end

data/spec/crypt_spec.rb CHANGED

@@ -10,6 +10,9 @@ describe ECIES::Crypt do
       encrypted = crypt.encrypt(key, 'secret')
       expect(crypt.decrypt(key, encrypted)).to eq 'secret'
+      expect{ ECIES::Crypt.new(mac_length: :full).decrypt(key, encrypted) }.to raise_error(OpenSSL::PKey::ECError)
+      expect{ ECIES::Crypt.new(mac_digest: 'sha512').decrypt(key, encrypted) }.to raise_error(OpenSSL::PKey::ECError)
     end
     it 'Supports hex-encoded keys' do
@@ -17,73 +20,66 @@ describe ECIES::Crypt do
       public_key_hex = key.public_key.to_bn.to_s(16)
       private_key_hex = key.private_key.to_s(16)
-      crypt = ECIES::Crypt.new
+      public_key = ECIES::Crypt.public_key_from_hex(public_key_hex)
+      private_key = ECIES::Crypt.private_key_from_hex(private_key_hex)
-      encrypted = crypt.encrypt(public_key_hex, 'secret')
-      expect(crypt.decrypt(private_key_hex, encrypted)).to eq 'secret'
+      expect(public_key.public_key).to eq key.public_key
+      expect(private_key.private_key).to eq key.private_key
+      expect{ ECIES::Crypt.public_key_from_hex(public_key_hex, 'secp224k1') }.to raise_error(OpenSSL::PKey::EC::Point::Error)
+      expect{ ECIES::Crypt.private_key_from_hex(private_key_hex, 'secp224k1') }.to raise_error(OpenSSL::PKey::ECError)
+      expect{ ECIES::Crypt.private_key_from_hex("00") }.to raise_error(OpenSSL::PKey::ECError)
     end
     it 'Supports other EC curves' do
       key = OpenSSL::PKey::EC.new('secp224k1').generate_key
-      crypt = ECIES::Crypt.new(ec_group: key.group)
+      crypt = ECIES::Crypt.new
       encrypted = crypt.encrypt(key, 'secret')
       expect(crypt.decrypt(key, encrypted)).to eq 'secret'
-      encrypted = crypt.encrypt(key.public_key.to_bn.to_s(16), 'secret')
-      expect(crypt.decrypt(key.private_key.to_s(16), encrypted)).to eq 'secret'
     end
-    it 'Detects invalid hex-encoded points' do
-      key = OpenSSL::PKey::EC.new('secp224k1').generate_key
-      public_key_hex = key.public_key.to_bn.to_s(16)
+    context 'known value' do
+      before(:all) do
+        OpenSSL::PKey::EC.class_eval do
+          # Overwrites `generate_key` for both the key generated below, and the
+          # ephemeral_key generated in the `encrypt` method.
+          def generate_key
+            self.private_key = 2
+            self.public_key = group.generator.mul(private_key)
+            self
+          end
+        end
-      expect{ ECIES::Crypt.new.encrypt(public_key_hex, 'secret') }.to raise_error(OpenSSL::PKey::EC::Point::Error)
-    end
+        @key = OpenSSL::PKey::EC.new('secp256k1').generate_key
+      end
-    it 'Encrypts to known values' do
-      OpenSSL::PKey::EC.class_eval do
-        # Overwrites `generate_key` for both the test code below, and the
-        # ephemeral_key generated in the `encrypt` method.
-        def generate_key
-          self.private_key = 2
-          self.public_key = group.generator.mul(private_key)
-          self
+      [
+        [ECIES::Crypt.new, "\x02\xC6\x04\x7F\x94A\xED}m0E@n\x95\xC0|\xD8\\w\x8EK\x8C\xEF<\xA7\xAB\xAC\t\xB9\\p\x9E\xE5C\x9E\xE0\x0FYBZ\xBB\xC8\x95\x93\xC1@\xC6+\xE2/yb\x065\xFF".b],
+        [ECIES::Crypt.new(mac_length: :full), "\x02\xC6\x04\x7F\x94A\xED}m0E@n\x95\xC0|\xD8\\w\x8EK\x8C\xEF<\xA7\xAB\xAC\t\xB9\\p\x9E\xE5C\x9E\xE0\x0FYB\x03.\x1E\x92,[\rI\xBC\xCC\xFD%\xCD)9\v!]]A\xE0\xADc\xBA[\xA4\xF2\xB1\xB5\xC5)\xA4".b],
+        [ECIES::Crypt.new(digest: 'sha512', mac_length: :full), "\x02\xC6\x04\x7F\x94A\xED}m0E@n\x95\xC0|\xD8\\w\x8EK\x8C\xEF<\xA7\xAB\xAC\t\xB9\\p\x9E\xE5\xA2Y\x1A\x7F\xB3\xB2\xA7\xDE\x03\xF4\xA6\e\xD1\x9F\xF9\xD5P\x06\x91\x8EiW\xC82\xD9\xBB\xD2\xC92\xE2\x9F\x15F.\x8C]\xE3Y2\xD3L\xE8\xC4\x9F\xBF\xA5S\x98\x9AYy_Y\xF8\x05\xE7\x19\x9E\xDA\vn;Bvm\xA2`i5:".b],
+        [ECIES::Crypt.new(cipher: 'aes-256-cbc', mac_length: :full), "\x02\xC6\x04\x7F\x94A\xED}m0E@n\x95\xC0|\xD8\\w\x8EK\x8C\xEF<\xA7\xAB\xAC\t\xB9\\p\x9E\xE5\xDF\xCD\x95\xAD!m\xAA/Xv\"\x97\x04\xEE\x9F\xEB^\x1F\xA7\xC9n\xE3\x94l;\xBA\xF2\xBE\xCD\x83\x02+\x02\x9D\x18\x11\x9A\xBEz_\x8A\xDB\xA3\x00\xF7\x8A\x94G".b],
+        [ECIES::Crypt.new(mac_digest: 'sha256', kdf_digest: 'sha512'), "\x02\xC6\x04\x7F\x94A\xED}m0E@n\x95\xC0|\xD8\\w\x8EK\x8C\xEF<\xA7\xAB\xAC\t\xB9\\p\x9E\xE5\xA2Y\x1A\x7F\xB3\xB2l\x9E|\xC4\xBCE r\xA6\xB1k\x93W\xE5d\xE4".b],
+      ].each do |crypt, expected_value|
+        it "matches for #{crypt.to_s}" do
+          encrypted = crypt.encrypt(@key, 'secret')
+          expect(encrypted).to eq expected_value
+          expect(crypt.decrypt(@key, encrypted)).to eq 'secret'
         end
       end
+    end
-      key = OpenSSL::PKey::EC.new('secp256k1').generate_key
-      crypt = ECIES::Crypt.new
-      crypt_full = ECIES::Crypt.new(mac_length: :full)
-      crypt_sha512 = ECIES::Crypt.new(digest: 'sha512', mac_length: :full)
-      crypt_cbc = ECIES::Crypt.new(cipher: 'aes-256-cbc', mac_length: :full)
-      crypt_mixed = ECIES::Crypt.new(mac_digest: 'sha256', kdf_digest: 'sha512')
-      encrypted = crypt.encrypt(key, 'secret')
-      expect(encrypted).to eq "\x02\xC6\x04\x7F\x94A\xED}m0E@n\x95\xC0|\xD8\\w\x8EK\x8C\xEF<\xA7\xAB\xAC\t\xB9\\p\x9E\xE5B;\x12:\x17\xCE\x84\xAB\x9F\x0E%\xCD\x94~\x1E\xBC\x89$\x11\xEE6\xE4".force_encoding(Encoding::BINARY)
-      expect(crypt.decrypt(key, encrypted)).to eq 'secret'
-      expect{ crypt_full.decrypt(key, encrypted) }.to raise_error(OpenSSL::PKey::ECError)
-      encrypted = crypt_full.encrypt(key, 'secret')
-      expect(encrypted).to eq "\x02\xC6\x04\x7F\x94A\xED}m0E@n\x95\xC0|\xD8\\w\x8EK\x8C\xEF<\xA7\xAB\xAC\t\xB9\\p\x9E\xE5B;\x12:\x17\xCEo\x9B\xA7\x955\x89\x9FR\xDF\x1C\xED\x00\x86<\n\x04\v\xD6(\x9D\xF5\xF9\x13\xC8/\xD7os(ZsF".force_encoding(Encoding::BINARY)
-      expect(crypt_full.decrypt(key, encrypted)).to eq 'secret'
-      expect{ crypt_sha512.decrypt(key, encrypted) }.to raise_error(OpenSSL::PKey::ECError)
-      encrypted = crypt_sha512.encrypt(key, 'secret')
-      expect(encrypted).to eq "\x02\xC6\x04\x7F\x94A\xED}m0E@n\x95\xC0|\xD8\\w\x8EK\x8C\xEF<\xA7\xAB\xAC\t\xB9\\p\x9E\xE5%\r^\xA9\xD9\xDC\xFB\xD7\x14b\xB4\x00\x84\xABl\xEAh\x0Fc\x805\xAF\x1DT\x05\x87`\xA5\xC4\xB7\xB5r\xF6\x89\xB1U0\x0E \xD4\x1E\x16\x184\xE9:\xE7\x951\xF4\xB3\x93\"A\x85\x1F\x9A\x8E\xAD\xE1(\x1D\xB3\xC4\x15\xD3\xB1\xA8\xFB\x1D".force_encoding(Encoding::BINARY)
-      expect(crypt_sha512.decrypt(key, encrypted)).to eq 'secret'
-      expect{ crypt_full.decrypt(key, encrypted) }.to raise_error(OpenSSL::PKey::ECError)
-      encrypted = crypt_cbc.encrypt(key, 'secret')
-      expect(encrypted).to eq "\x02\xC6\x04\x7F\x94A\xED}m0E@n\x95\xC0|\xD8\\w\x8EK\x8C\xEF<\xA7\xAB\xAC\t\xB9\\p\x9E\xE5\x1Fj\x04N\eg($\xD4\xFBD\xFFd\xA1\xA3z\x90T#\x1D\x12{3IM\x93!|\xA5\xAF&\xD4+;\e\xA6i.wD\x1F\xCB\xE1\x90{\xB6\x8B\xAF".force_encoding(Encoding::BINARY)
-      expect(crypt_cbc.decrypt(key, encrypted)).to eq 'secret'
-      expect{ crypt_mixed.decrypt(key, encrypted) }.to raise_error(OpenSSL::PKey::ECError)
-      encrypted = crypt_mixed.encrypt(key, 'secret')
-      expect(encrypted).to eq "\x02\xC6\x04\x7F\x94A\xED}m0E@n\x95\xC0|\xD8\\w\x8EK\x8C\xEF<\xA7\xAB\xAC\t\xB9\\p\x9E\xE5%\r^\xA9\xD9\xDC\xF5\\\x9A\x04\xE0T\x91\xEA=\xA6W\x84X\xBB\xCA\xB4".force_encoding(Encoding::BINARY)
-      expect(crypt_mixed.decrypt(key, encrypted)).to eq 'secret'
-      expect{ crypt_full.decrypt(key, encrypted) }.to raise_error(OpenSSL::PKey::ECError)
+    it '#to_s' do
+      [
+        [ECIES::Crypt.new,                                             "KDF-SHA256_HMAC-SHA-256-128_AES-256-CTR"],
+        [ECIES::Crypt.new(mac_length: :full),                          "KDF-SHA256_HMAC-SHA-256-256_AES-256-CTR"],
+        [ECIES::Crypt.new(digest: 'sha512'),                           "KDF-SHA512_HMAC-SHA-512-256_AES-256-CTR"],
+        [ECIES::Crypt.new(mac_digest: 'sha512'),                       "KDF-SHA256_HMAC-SHA-512-256_AES-256-CTR"],
+        [ECIES::Crypt.new(mac_digest: 'sha512', kdf_digest: 'sha224'), "KDF-SHA224_HMAC-SHA-512-256_AES-256-CTR"],
+        [ECIES::Crypt.new(cipher: 'aes-128-cbc'),                      "KDF-SHA256_HMAC-SHA-256-128_AES-128-CBC"],
+      ].each do |crypt, expected_value|
+        expect(crypt.to_s).to eq expected_value
+      end
     end
     it 'Raises on unknown cipher or digest' do
@@ -103,10 +99,8 @@ describe ECIES::Crypt do
     end
   end
   describe '#kdf' do
-    it 'derivates keys correctly' do
+    it 'derives keys correctly' do
       sha256_test_vectors = [
         # [shared_secret, shared_info, expected_key]
         ['96c05619d56c328ab95fe84b18264b08725b85e33fd34f08', '', '443024c3dae66b95e6f5670601558f71'],
@@ -120,16 +114,24 @@ describe ECIES::Crypt do
         shared_info = [shared_info].pack('H*')
         expected_key = [expected_key].pack('H*')
-        computed_key = ECIES::Crypt.new(kdf_shared_info: shared_info).kdf(shared_secret, expected_key.size)
+        computed_key = ECIES::Crypt.new(kdf_shared_info: shared_info).kdf(shared_secret, expected_key.size, '')
         expect(computed_key).to eq expected_key
       end
     end
+    it 'concats kdf_shared_info with shared_info_suffix' do
+      shared_secret = ['22518b10e70f2a3f243810ae3254139efbee04aa57c7af7d'].pack('H*')
+      shared_info = ['75eef81aa3041e33'].pack('H*')
+      shared_info_suffix = ['b80971203d2c0c52'].pack('H*')
+      expected_key = ['c498af77161cc59f2962b9a713e2b215152d139766ce34a776df11866a69bf2e52a13d9c7c6fc878c50c5ea0bc7b00e0da2447cfd874f6cf92f30d0097111485500c90c3af8b487872d04685d14c8d1dc8d7fa08beb0ce0ababc11f0bd496269142d43525a78e5bc79a17f59676a5706dc54d54d4d1f0bd7e386128ec26afc21'].pack('H*')
+      computed_key = ECIES::Crypt.new(kdf_shared_info: shared_info).kdf(shared_secret, expected_key.size, shared_info_suffix)
+      expect(computed_key).to eq expected_key
+    end
     it 'raises when size is invalid' do
-      expect{ ECIES::Crypt.new.kdf('a', -1) }.to raise_error(RuntimeError)
-      expect{ ECIES::Crypt.new.kdf('a', 32 * 2**32) }.to raise_error(RuntimeError)
+      expect{ ECIES::Crypt.new.kdf('a', -1, '') }.to raise_error(RuntimeError)
+      expect{ ECIES::Crypt.new.kdf('a', 32 * 2**32, '') }.to raise_error(RuntimeError)
     end
   end
 end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ecies
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Stephen McCarthy
@@ -30,7 +30,7 @@ cert_chain:
   kts216EGG4oP6dVuZmf2Ii2F4lQTBDdZM/cisW8jCkO7KeEzJAPhIw1JJwHltHya
   0TpOI3t2Mz/FJ+rudtz9PJ/d8QvhrF7M7+qH4w==
   -----END CERTIFICATE-----
-date: 2018-04-19 00:00:00.000000000 Z
+date: 2018-04-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler

metadata.gz.sig CHANGED

@@ -1,2 +1 @@
-'t�t��M�%Co�;��y/t=W6]\�@�(�p�/���%��:d>Ѷ3/�?����T���w�靺���`�*��Pj�)�܂��
-��x�jGZLۋ��k[r�\Ƙu;*�=�`��\/)
+Ġ�Jd�cs��?�	�-�ܞ���j��������`%4���@���]"�J�|]����v�k�F�Z�*��}�YZ+��EI�o�&|�MϲI�DB��7��QzŖI�8Oě�K�>�Tm�7��x�Ր:��Һ����0�7��i�'�p-װ�����{!0^�c-=赌��-�C"�ѿ�V5�Qs�bj�ꢳ�/e҃Lp����w&�:��/�xo��%��5L�c����(�e˚��F��