func encryptEc256()

in sec/encrypt.go [174:206]

• 26 lines of code
• 4 McCabe index (conditional complexity)

func encryptEc256(peerPubK *ecdsa.PublicKey, plainSecret []byte) ([]byte, error) {
	pk, x, y, err := elliptic.GenerateKey(elliptic.P256(), rand.Reader)
	if err != nil {
		return nil, errors.Wrapf(err, "Could not generate ephemeral EC keypair")
	}

	pubk := elliptic.Marshal(elliptic.P256(), x, y)

	shared, _ := elliptic.P256().ScalarMult(peerPubK.X, peerPubK.Y, pk)

	kdf := hkdf.New(sha256.New, shared.Bytes(), nil, []byte("MCUBoot_ECIES_v1"))
	derived := make([]byte, 48)
	_, err = kdf.Read(derived)
	if err != nil {
		return nil, errors.Wrapf(err, "Error during key derivation")
	}

	cipherSecret, err := EncryptAES(plainSecret, derived[:16], nil)
	if err != nil {
		return nil, errors.Wrapf(err, "Error encrypting key")
	}

	h := hmac.New(sha256.New, derived[16:])
	h.Write(cipherSecret)
	mac := h.Sum(nil)

	var tlv []byte
	tlv = append(tlv, pubk...)
	tlv = append(tlv, mac...)
	tlv = append(tlv, cipherSecret...)

	return tlv, nil
}