1// Copyright 2020 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14// 15//////////////////////////////////////////////////////////////////////////////// 16 17package subtle 18 19import "github.com/google/tink/go/subtle" 20 21// ECIESHKDFRecipientKem represents a HKDF-based KEM (key encapsulation mechanism) 22// for ECIES recipient. 23type ECIESHKDFRecipientKem struct { 24 recipientPrivateKey *ECPrivateKey 25} 26 27// decapsulate uses the KEM to generate a new HKDF-based key. 28func (s *ECIESHKDFRecipientKem) decapsulate(kem []byte, hashAlg string, salt []byte, info []byte, keySize uint32, pointFormat string) ([]byte, error) { 29 pubPoint, err := PointDecode(s.recipientPrivateKey.PublicKey.Curve, pointFormat, kem) 30 if err != nil { 31 return nil, err 32 } 33 secret, err := ComputeSharedSecret(pubPoint, s.recipientPrivateKey) 34 if err != nil { 35 return nil, err 36 } 37 i := make([]byte, 0, len(kem)+len(secret)) 38 i = append(i, kem...) 39 i = append(i, secret...) 40 return subtle.ComputeHKDF(hashAlg, i, salt, info, keySize) 41} 42