-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Encrypt decrypt #2130
base: master
Are you sure you want to change the base?
Encrypt decrypt #2130
Changes from 1 commit
a2245a6
b9f98b6
9bbd1a4
1b9b22f
902f456
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
|
@@ -12,6 +12,7 @@ import ( | |||||||||||
"crypto/sha256" | ||||||||||||
"fmt" | ||||||||||||
secp "github.com/decred/dcrd/dcrec/secp256k1/v4" | ||||||||||||
"math/big" | ||||||||||||
) | ||||||||||||
|
||||||||||||
// GenerateSharedSecret generates a shared secret based on a private key and a | ||||||||||||
|
@@ -62,3 +63,44 @@ func Encrypt(pubKey *PublicKey, msg []byte) ([]byte, error) { | |||||||||||
|
||||||||||||
return pt.Bytes(), nil | ||||||||||||
} | ||||||||||||
|
||||||||||||
// Decrypt decrypts a passed message with a receiver private key, returns plaintext or decryption error | ||||||||||||
func Decrypt(privkey *PrivateKey, msg []byte) ([]byte, error) { | ||||||||||||
// Message cannot be less than length of public key (65) + nonce (16) + tag (16) | ||||||||||||
if len(msg) <= (1 + 32 + 32 + 16 + 16) { | ||||||||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Isn't the length of public key compressed 33 bytes? Maybe make comments clearer on how the number came about, what does 1 represent here? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. An uncompressed public key in Elliptic Curve Cryptography (ECC) consists of: There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Was actually referring to serialized compressed public key which is what was written into the bytes during the encryption. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. its actually an uncompressed public key. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Oh that is true, I can see that an uncompressed public key was used in the encrypt function. Maybe this code would be clearer this way:
Suggested change
Or something better |
||||||||||||
return nil, fmt.Errorf("invalid length of message") | ||||||||||||
} | ||||||||||||
|
||||||||||||
pb := new(big.Int).SetBytes(msg[:65]).Bytes() | ||||||||||||
pubKey, err := ParsePubKey(pb) | ||||||||||||
if err != nil { | ||||||||||||
return nil, err | ||||||||||||
} | ||||||||||||
|
||||||||||||
ecdhKey := GenerateSharedSecret(privkey, pubKey) | ||||||||||||
hashedSecret := sha256.Sum256(ecdhKey) | ||||||||||||
encryptionKey := hashedSecret[:16] | ||||||||||||
|
||||||||||||
msg = msg[65:] | ||||||||||||
nonce := msg[:16] | ||||||||||||
tag := msg[16:32] | ||||||||||||
|
||||||||||||
ciphertext := bytes.Join([][]byte{msg[32:], tag}, nil) | ||||||||||||
|
||||||||||||
block, err := aes.NewCipher(encryptionKey) | ||||||||||||
if err != nil { | ||||||||||||
return nil, fmt.Errorf("cannot create new aes block: %w", err) | ||||||||||||
} | ||||||||||||
|
||||||||||||
gcm, err := cipher.NewGCMWithNonceSize(block, 16) | ||||||||||||
if err != nil { | ||||||||||||
return nil, fmt.Errorf("cannot create gcm cipher: %w", err) | ||||||||||||
} | ||||||||||||
|
||||||||||||
plaintext, err := gcm.Open(nil, nonce, ciphertext, nil) | ||||||||||||
if err != nil { | ||||||||||||
return nil, fmt.Errorf("cannot decrypt ciphertext: %w", err) | ||||||||||||
} | ||||||||||||
|
||||||||||||
return plaintext, nil | ||||||||||||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
format: Line length
Edit:
80 cols limit