From 2837a9998965b0b347de4d5e6b985e7b2ea8b5e5 Mon Sep 17 00:00:00 2001 From: Mariano Cano Date: Tue, 24 Sep 2024 12:18:31 -0700 Subject: [PATCH] Fix suggestions from code review --- v2/piv/key.go | 7 ++++--- v2/piv/key_go120.go | 11 +++++------ v2/piv/key_go120_test.go | 2 +- v2/piv/key_legacy.go | 6 +++--- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/v2/piv/key.go b/v2/piv/key.go index c6c51b1..45bfa72 100644 --- a/v2/piv/key.go +++ b/v2/piv/key.go @@ -1006,7 +1006,8 @@ func (yk *YubiKey) PrivateKey(slot Slot, public crypto.PublicKey, auth KeyAuth) case *rsa.PublicKey: return &keyRSA{yk, slot, pub, auth, pp}, nil default: - return yk.privateKey(slot, public, auth, pp) + // Add support for X25519 keys using build tags + return yk.tryX25519PrivateKey(slot, public, auth, pp) } } @@ -1086,9 +1087,9 @@ func (yk *YubiKey) SetPrivateKeyInsecure(key []byte, slot Slot, private crypto.P copy(privateKey, priv[:32]) params = append(params, privateKey) default: - // Add support for ecdh.PrivateKey using build tags + // Add support for X25519 keys using build tags var err error - params, paramTag, elemLen, err = yk.setPrivateKeyInsecure(private) + params, paramTag, elemLen, err = yk.tryX22519PrivateKeyInsecure(private) if err != nil { return err } diff --git a/v2/piv/key_go120.go b/v2/piv/key_go120.go index 2c50a6a..e01d4a2 100644 --- a/v2/piv/key_go120.go +++ b/v2/piv/key_go120.go @@ -20,7 +20,6 @@ package piv import ( "crypto" "crypto/ecdh" - "errors" "fmt" ) @@ -46,7 +45,7 @@ func (k *X25519PrivateKey) SharedKey(peer *ecdh.PublicKey) ([]byte, error) { }) } -func (yk *YubiKey) privateKey(slot Slot, public crypto.PublicKey, auth KeyAuth, pp PINPolicy) (crypto.PrivateKey, error) { +func (yk *YubiKey) tryX25519PrivateKey(slot Slot, public crypto.PublicKey, auth KeyAuth, pp PINPolicy) (crypto.PrivateKey, error) { switch pub := public.(type) { case *ecdh.PublicKey: if crv := pub.Curve(); crv != ecdh.X25519() { @@ -58,18 +57,18 @@ func (yk *YubiKey) privateKey(slot Slot, public crypto.PublicKey, auth KeyAuth, } } -func (yk *YubiKey) setPrivateKeyInsecure(private crypto.PrivateKey) ([][]byte, byte, int, error) { +func (yk *YubiKey) tryX22519PrivateKeyInsecure(private crypto.PrivateKey) ([][]byte, byte, int, error) { switch priv := private.(type) { case *ecdh.PrivateKey: - if priv.Curve() != ecdh.X25519() { - return nil, 0, 0, errors.New("unsupported private key type") + if crv := priv.Curve(); crv != ecdh.X25519() { + return nil, 0, 0, fmt.Errorf("unsupported ecdh curve: %v", crv) } // seed params := make([][]byte, 0) params = append(params, priv.Bytes()) return params, 0x08, 32, nil default: - return nil, 0, 0, errors.New("unsupported private key type") + return nil, 0, 0, fmt.Errorf("unsupported private key type: %T", private) } } diff --git a/v2/piv/key_go120_test.go b/v2/piv/key_go120_test.go index 220d885..9785f7a 100644 --- a/v2/piv/key_go120_test.go +++ b/v2/piv/key_go120_test.go @@ -29,7 +29,7 @@ import ( func TestYubiKeyX25519ImportKey(t *testing.T) { importKey, err := ecdh.X25519().GenerateKey(rand.Reader) if err != nil { - t.Fatalf("error geneating X25519 key: %v", err) + t.Fatalf("error generating X25519 key: %v", err) } yk, close := newTestYubiKey(t) diff --git a/v2/piv/key_legacy.go b/v2/piv/key_legacy.go index 8e9768c..d3b0f47 100644 --- a/v2/piv/key_legacy.go +++ b/v2/piv/key_legacy.go @@ -23,12 +23,12 @@ import ( "fmt" ) -func (yk *YubiKey) privateKey(slot Slot, public crypto.PublicKey, auth KeyAuth, pp PINPolicy) (crypto.PrivateKey, error) { +func (yk *YubiKey) tryX25519PrivateKey(slot Slot, public crypto.PublicKey, auth KeyAuth, pp PINPolicy) (crypto.PrivateKey, error) { return nil, fmt.Errorf("unsupported public key type: %T", public) } -func (yk *YubiKey) setPrivateKeyInsecure(private crypto.PrivateKey) ([][]byte, byte, int, error) { - return nil, 0, 0, errors.New("unsupported private key type") +func (yk *YubiKey) tryX22519PrivateKeyInsecure(private crypto.PrivateKey) ([][]byte, byte, int, error) { + return nil, 0, 0, errors.New("unsupported private key type: %T", private) } func decodeX25519Public(b []byte) (crypto.PublicKey, error) {