diff --git a/.github/workflows/go-test.yml b/.github/workflows/go-test.yml new file mode 100644 index 0000000..ebaf1a1 --- /dev/null +++ b/.github/workflows/go-test.yml @@ -0,0 +1,26 @@ +name: Go Test + +on: + push: + branches: ["master", "main"] + pull_request: + branches: ["master", "main"] + +jobs: + test: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version-file: 'go.mod' + cache: true + + - name: Install dependencies + run: go mod download + + - name: Run tests + run: go test ./... diff --git a/LICENSE b/LICENSE index 11f828e..d34b139 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,7 @@ The MIT License (MIT) Copyright (c) 2019 TRON-US +Copyright (c) 2025 Torus Labs Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/ecies.go b/ecies.go index d0aa88b..38d4bb1 100644 --- a/ecies.go +++ b/ecies.go @@ -35,7 +35,7 @@ func Encrypt(pubkeyHex string, plainbytes []byte) (string, *EciesMetadata, error return "", nil, errors.New("file exceeds the maximum file-size(lt 2G)") } - // derive Share Secret + // derive shared secret priv, err := GenerateKey() if err != nil { return "", nil, err @@ -46,6 +46,9 @@ func Encrypt(pubkeyHex string, plainbytes []byte) (string, *EciesMetadata, error return "", nil, err } shareSecret, err := priv.ECDH(pk) + if err != nil { + return "", nil, err + } // generate iv iv, err := randBytes(16) @@ -99,7 +102,7 @@ func Decrypt(privateKeyHex string, cipherText string, t *EciesMetadata) (string, return "", err } - // derive Share Secret + // derive shared secret ecdh, err := privKey.ECDH(epk) if err != nil { return "", err @@ -117,6 +120,19 @@ func Decrypt(privateKeyHex string, cipherText string, t *EciesMetadata) (string, ecdhHash := sha512.Sum512(ecdh[1:]) encryptionKey := ecdhHash[:32] + macKey := ecdhHash[32:] + + // Construct the buffer over which the MAC was originally calculated: + // IV (16) + Uncompressed EphemPubKey (65) + Ciphertext + macData := make([]byte, 0) + macData = append(macData, ivBytes...) + macData = append(macData, epk.Bytes(false)...) + macData = append(macData, cipherBytes...) + mac := getHmacCode(macKey, macData) + if mac != t.Mac { + return "", errors.New("invalid mac hash") + } + plaintext, e := aesCBCDec(encryptionKey, cipherBytes, ivBytes) if e != nil { return "", err diff --git a/ecies_test.go b/ecies_test.go index e53321d..370527d 100644 --- a/ecies_test.go +++ b/ecies_test.go @@ -1,8 +1,9 @@ package go_eccrypto import ( - "github.com/stretchr/testify/assert" "testing" + + "github.com/stretchr/testify/assert" ) const msg = "hello,world\n" @@ -13,7 +14,6 @@ const pkHex = "048903aca62f342426d0595597bcd4b03519723c7292f231a5d40c02" + const privHex = "0abfa58854e585d9bb04a1ffad0f5ac507ac042e7aa69abbcf18f3103a936f6f" func TestEncrypt(t *testing.T) { - twogBytes := make([]byte, 2*GB) twogBytes[2*GB-1] = 1 _, _, err := Encrypt(pkHex, twogBytes) @@ -25,4 +25,9 @@ func TestEncrypt(t *testing.T) { decrypted, err := Decrypt(privHex, s, m) assert.NoError(t, err) assert.Equal(t, msg, decrypted) + + // test invalid mac + m.Mac = "invalid" + _, err = Decrypt(privHex, s, m) + assert.Errorf(t, err, "") } diff --git a/go.mod b/go.mod index 6578e14..1e1fabb 100644 --- a/go.mod +++ b/go.mod @@ -1,4 +1,4 @@ -module github.com/TRON-US/go-eccrypto +module github.com/torusresearch/go-eccrypto go 1.13