wsddn / go-ecdh Goto Github PK
View Code? Open in Web Editor NEWGolang implementation of the elliptical curve diffie-hellman
License: BSD 3-Clause "New" or "Revised" License
go-ecdh's People
Contributors
Stargazers
Watchers
Forkers
neutony karlpilkington xxxxxheng macfisherman tnytown dreamlords inkeliz tera-insights crazyguitar lvzhihao cbeuw huyntsgs loomnetwork khorevaa wudaoluo estabroo bitcard blockpointsystems xsxy007 iq-scmgo-ecdh's Issues
Curve25519 duplicated OR and AND
In the curve25519.go have the following code:
priv[0] &= 248
priv[31] &= 127
priv[31] |= 64
It's already done in the golang.org/x/crypto/curve25519.
How to import 'code.google.com/p/go.crypto/curve25519'
I cannot find 'code.google.com/p/go.crypto/curve25519', where is it?
Key is generated in wrong way :(
Function GenerateKey returns 32 random bytes. It does not apply further steps, described here:
mysecret[0] &= 248;
mysecret[31] &= 127;
mysecret[31] |= 64;
Security issues
I think you need to check that the public key you've been given (the other party's key, that is) is actually on the curve, otherwise it's possible for an attacker to derive your private key. See Practical Invalid Curve Attacks on TLS-ECDH.
It's this kind of thing, of course, that makes implementing cryptographic algorithms tricky.
It might also be worth reading this paper about security issues in Diffie-Hellman. Some of the things in there don't apply, as far as I can tell, to elliptic curve Diffie-Hellman because of properties of the group (having the identity at infinity, in particular, appears to rule out attacks that choose the identity as the public key), but it seems a decent overview of things you'd need to pay attention to to make a genuinely secure DH implementation.
Change Size of Keys
I have a current project that uses ECDH from this embedded library and was hoping to get your library to talk to it.
https://github.com/kmackay/micro-ecc
It uses different key sizes, where it looks like yours uses 32,32 public,private
Public Key (64 bytes)
Private Key (32 bytes)
I believe it's due to the way the referenced github library defaulted, but i cannot make changes to the embedded device that has it implemented using library above.
I am not familiar enough with the algorithm to know, in all the places you have a hard coded in size, how much would get corrupted by making the change and if the hash etc belongs to one of the key sizes.
Is it possible to wrap your sizes in a const () at the top, and make it easily changeable ?
Useless interface member of a structure
Structure curve25519ECDH has anonymous member ECDH. It is not needed there. An interface is implemented implicitly.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.