Skip to content

Commit

Permalink
fix: additional security checks added
Browse files Browse the repository at this point in the history
  • Loading branch information
savely-krasovsky committed Dec 4, 2023
1 parent 82a1813 commit c6e7751
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 1 deletion.
8 changes: 8 additions & 0 deletions privatekey.go
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,10 @@ func (k *PrivateKey) Encapsulate(pub *PublicKey) ([]byte, error) {
return nil, fmt.Errorf("public key is empty")
}

if !k.Curve.IsOnCurve(pub.X, pub.Y) {
return nil, fmt.Errorf("invalid public key")
}

var secret bytes.Buffer
secret.Write(k.PublicKey.Bytes(false))

Expand All @@ -98,6 +102,10 @@ func (k *PrivateKey) ECDH(pub *PublicKey) ([]byte, error) {
return nil, fmt.Errorf("public key is empty")
}

if !k.Curve.IsOnCurve(pub.X, pub.Y) {
return nil, fmt.Errorf("invalid public key")
}

// Shared secret generation
sx, sy := pub.Curve.ScalarMult(pub.X, pub.Y, k.D.Bytes())

Expand Down
6 changes: 5 additions & 1 deletion publickey.go
Original file line number Diff line number Diff line change
Expand Up @@ -137,8 +137,12 @@ func (k *PublicKey) Hex(compressed bool) string {
// Decapsulate decapsulates key by using Key Encapsulation Mechanism and returns symmetric key;
// can be safely used as encryption key
func (k *PublicKey) Decapsulate(priv *PrivateKey) ([]byte, error) {
if !k.Curve.IsOnCurve(k.X, k.Y) {
return nil, fmt.Errorf("invalid public key")
}

if priv == nil {
return nil, fmt.Errorf("public key is empty")
return nil, fmt.Errorf("private key is empty")
}

var secret bytes.Buffer
Expand Down

0 comments on commit c6e7751

Please sign in to comment.