Switch to keybase go-crypto (for some elliptic curve key) + test (#1925)

* Switch to keybase go-crypto (for some elliptic curve key) + test

* Use assert.NoError 

and add a little more context to failing test description

* Use assert.(No)Error everywhere 🌈

and assert.Error in place of .Nil/.NotNil

vendor/github.com/keybase/go-crypto/openpgp/packet/ecdh.go

@@ -0,0 +1,104 @@
+package packet
+
+import (
+	"bytes"
+	"io"
+	"math/big"
+
+	"github.com/keybase/go-crypto/openpgp/ecdh"
+	"github.com/keybase/go-crypto/openpgp/errors"
+	"github.com/keybase/go-crypto/openpgp/s2k"
+)
+
+// ECDHKdfParams generates KDF parameters sequence for given
+// PublicKey. See https://tools.ietf.org/html/rfc6637#section-8
+func ECDHKdfParams(pub *PublicKey) []byte {
+	buf := new(bytes.Buffer)
+	oid := pub.ec.oid
+	buf.WriteByte(byte(len(oid)))
+	buf.Write(oid)
+	buf.WriteByte(18) // ECDH TYPE
+	pub.ecdh.serialize(buf)
+	buf.WriteString("Anonymous Sender    ")
+	buf.Write(pub.Fingerprint[:])
+	return buf.Bytes()
+}
+
+func decryptKeyECDH(priv *PrivateKey, X, Y *big.Int, C []byte) (out []byte, err error) {
+	ecdhpriv, ok := priv.PrivateKey.(*ecdh.PrivateKey)
+	if !ok {
+		return nil, errors.InvalidArgumentError("bad internal ECDH key")
+	}
+
+	Sx := ecdhpriv.DecryptShared(X, Y)
+
+	kdfParams := ECDHKdfParams(&priv.PublicKey)
+	hash, ok := s2k.HashIdToHash(byte(priv.ecdh.KdfHash))
+	if !ok {
+		return nil, errors.InvalidArgumentError("invalid hash id in private key")
+	}
+
+	key := ecdhpriv.KDF(Sx, kdfParams, hash)
+	keySize := CipherFunction(priv.ecdh.KdfAlgo).KeySize()
+
+	decrypted, err := ecdh.AESKeyUnwrap(key[:keySize], C)
+	if err != nil {
+		return nil, err
+	}
+
+	// We have to "read ahead" to discover real length of the
+	// encryption key and properly unpad buffer.
+	cipherFunc := CipherFunction(decrypted[0])
+	// +3 bytes = 1-byte cipher id and checksum 2-byte checksum.
+	out = ecdh.UnpadBuffer(decrypted, cipherFunc.KeySize()+3)
+	if out == nil {
+		return nil, errors.InvalidArgumentError("invalid padding while ECDH")
+	}
+	return out, nil
+}
+
+func serializeEncryptedKeyECDH(w io.Writer, rand io.Reader, header [10]byte, pub *PublicKey, keyBlock []byte) error {
+	ecdhpub := pub.PublicKey.(*ecdh.PublicKey)
+	kdfParams := ECDHKdfParams(pub)
+
+	hash, ok := s2k.HashIdToHash(byte(pub.ecdh.KdfHash))
+	if !ok {
+		return errors.InvalidArgumentError("invalid hash id in private key")
+	}
+
+	kdfKeySize := CipherFunction(pub.ecdh.KdfAlgo).KeySize()
+	Vx, Vy, C, err := ecdhpub.Encrypt(rand, kdfParams, keyBlock, hash, kdfKeySize)
+	if err != nil {
+		return err
+	}
+
+	mpis, mpiBitLen := ecdh.Marshal(ecdhpub.Curve, Vx, Vy)
+
+	packetLen := len(header) /* header length in bytes */
+	packetLen += 2 /* mpi length in bits */ + len(mpis)
+	packetLen += 1 /* ciphertext size in bytes */ + len(C)
+
+	err = serializeHeader(w, packetTypeEncryptedKey, packetLen)
+	if err != nil {
+		return err
+	}
+
+	_, err = w.Write(header[:])
+	if err != nil {
+		return err
+	}
+
+	_, err = w.Write([]byte{byte(mpiBitLen >> 8), byte(mpiBitLen)})
+	if err != nil {
+		return err
+	}
+
+	_, err = w.Write(mpis[:])
+	if err != nil {
+		return err
+	}
+
+	w.Write([]byte{byte(len(C))})
+	w.Write(C[:])
+	return nil
+}