Error if public parts missing on PrivateKey creation

setrofim · setrofim · commit efc9cd7755bc · 2023-07-03T13:19:35.000+01:00
RFC8152 allows public parts to be omitted from private keys, as they
could be derived (though it recommends that they are present).
crypto.PrivateKey implementations require for them to be present.

Signed-off-by: setrofim &lt;setrofim@gmail.com&gt;
diff --git a/errors.go b/errors.go
@@ -18,4 +18,6 @@ var (
 	ErrNotPrivKey            = errors.New("not a private key")
 	ErrSignOpNotSupported    = errors.New("sign key_op not supported by key")
 	ErrVerifyOpNotSupported  = errors.New("verify key_op not supported by key")
+	ErrEC2NoPub              = errors.New("cannot create PrivateKey from EC2 key: missing X or Y")
+	ErrOKPNoPub              = errors.New("cannot create PrivateKey from OKP key: missing X")
 )
diff --git a/key.go b/key.go
@@ -639,6 +639,13 @@ func (k *Key) PrivateKey() (crypto.PrivateKey, error) {
 
 	switch alg {
 	case AlgorithmES256, AlgorithmES384, AlgorithmES512:
+		// RFC8152 allows omitting X and Y from private keys;
+		// crypto.PrivateKey assumes they are available.
+		// see https://www.rfc-editor.org/rfc/rfc8152#section-13.1.1
+		if len(k.X) == 0 || len(k.Y) == 0 {
+			return nil, ErrEC2NoPub
+		}
+
 		var curve elliptic.Curve
 
 		switch alg {
@@ -660,6 +667,13 @@ func (k *Key) PrivateKey() (crypto.PrivateKey, error) {
 
 		return priv, nil
 	case AlgorithmEd25519:
+		// RFC8152 allows omitting X from private keys;
+		// crypto.PrivateKey assumes it is available.
+		// see https://www.rfc-editor.org/rfc/rfc8152#section-13.2
+		if len(k.X) == 0 {
+			return nil, ErrOKPNoPub
+		}
+
 		buf := make([]byte, ed25519.PrivateKeySize)
 
 		copy(buf, k.D)
diff --git a/key_test.go b/key_test.go
@@ -650,4 +650,19 @@ func Test_Key_crypto_keys(t *testing.T) {
 	assertEqualError(t, err, "unsupported curve \"X448\" for key type OKP")
 	_, err = k.PrivateKey()
 	assertEqualError(t, err, "unsupported curve \"X448\" for key type OKP")
+
+	k = Key{
+		KeyType: KeyTypeOKP,
+		Curve:   CurveEd25519,
+		D:       []byte{0xde, 0xad, 0xbe, 0xef},
+	}
+
+	_, err = k.PrivateKey()
+	assertEqualError(t, err, ErrOKPNoPub.Error())
+
+	k.KeyType = KeyTypeEC2
+	k.Curve = CurveP256
+
+	_, err = k.PrivateKey()
+	assertEqualError(t, err, ErrEC2NoPub.Error())
 }

Original file line number	Diff line number	Diff line change
`@@ -18,4 +18,6 @@ var (`
`18`	`18`	`ErrNotPrivKey = errors.New("not a private key")`
`19`	`19`	`ErrSignOpNotSupported = errors.New("sign key_op not supported by key")`
`20`	`20`	`ErrVerifyOpNotSupported = errors.New("verify key_op not supported by key")`
	`21`	`+ ErrEC2NoPub = errors.New("cannot create PrivateKey from EC2 key: missing X or Y")`
	`22`	`+ ErrOKPNoPub = errors.New("cannot create PrivateKey from OKP key: missing X")`
`21`	`23`	`)`