Skip to content

Commit

Permalink
fix(weaversdk): ecies decrypt bug when z is less than 32Bytes
Browse files Browse the repository at this point in the history
Signed-off-by: Sandeep Nishad <[email protected]>
  • Loading branch information
sandeepnRES committed Apr 25, 2023
1 parent b6fa3ac commit b9066a9
Showing 1 changed file with 12 additions and 5 deletions.
17 changes: 12 additions & 5 deletions weaver/sdks/fabric/interoperation-node-sdk/src/eciesCrypto.js
Original file line number Diff line number Diff line change
Expand Up @@ -98,18 +98,25 @@ function eciesDecryptMessage(recipientPrivateKey, cipherText, options) {
const privKey = ecdsa.keyFromPrivate(recipientPrivateKey.prvKeyHex, "hex");

const Z = privKey.derive(ephPubKey.pub); // 'z'
const kdfOutput = hkdf(Z.toArray(), ECIESKDFOutput, null, null, options); // The 'null's correspond to 's1' and 's2', which are both
// empty in our SNAMCC and ESCC plugin implementations
// Append missing leading zeros to Z
let ZArray = Z.toArray();
const zerosToAdd = 32 - ZArray.length;
for (let ii=0; ii<zerosToAdd; ii++) {
ZArray = new Uint8Array([0, ...ZArray]);
}
// The 'null's below correspond to 's1' and 's2',
// which are both set to nil in golang implementation of the encryption function
const kdfOutput = hkdf(ZArray, ECIESKDFOutput, null, null, options);

const kbuf = Buffer.from(kdfOutput);
const aesKey = kdfOutput.slice(0, AESKeyLength); // 'Ke'
const hmacKey = kdfOutput.slice(AESKeyLength, AESKeyLength + HMACKeyLength); // 'Km'
const hmacKey = kdfOutput.slice(AESKeyLength, AESKeyLength + HMACKeyLength);

const hmacKeyHash = new options.hashFunctionKeyDerivation();
hmacKeyHash.update(bytesToBits(hmacKey));
const hKm = bitsToBytes(hmacKeyHash.finalize());
const hKm = bitsToBytes(hmacKeyHash.finalize()); // 'Km'

const recoveredD = hmac(hKm, EM, options);

if (D.compare(Buffer.from(recoveredD)) !== 0) {
throw new Error("HMAC verify failed");
}
Expand Down

0 comments on commit b9066a9

Please sign in to comment.