Merge pull request #8 from aidantwoods/ed25519-validation

Validate ed25519 private keys during import

Author: aidantwoods

errors.go

@@ -34,6 +34,8 @@ var errorPayloadShort = fmt.Errorf("payload is not long enough to be a valid PAS
 var errorBadSignature = fmt.Errorf("bad signature")
 var errorBadMAC = fmt.Errorf("bad message authentication code")
 
+var errorKeyInvalid = fmt.Errorf("key was not valid")
+
 func errorDecrypt(err error) error {
 	return fmt.Errorf("the message could not be decrypted: %w", err)
 }

keys_test.go

@@ -0,0 +1,32 @@
+package paseto_test
+
+import (
+	"testing"
+
+	"aidanwoods.dev/go-paseto"
+	"github.com/stretchr/testify/require"
+)
+
+func TestV2AsymmetricSecretKeyImport(t *testing.T) {
+	badKey := "4737385058576e39434c7537735233507544516e3337744f4245666e53376835636d664437784b646e44663454435257594a6356443530465177704a694b6f4c"
+
+	_, err := paseto.NewV2AsymmetricSecretKeyFromHex(badKey)
+	require.Error(t, err)
+
+	goodKey := "b4cbfb43df4ce210727d953e4a713307fa19bb7d9f85041438d9e11b942a37741eb9dbbbbc047c03fd70604e0071f0987e16b28b757225c11f00415d0e20b1a2"
+
+	_, err = paseto.NewV2AsymmetricSecretKeyFromHex(goodKey)
+	require.NoError(t, err)
+}
+
+func TestV4AsymmetricSecretKeyImport(t *testing.T) {
+	badKey := "4737385058576e39434c7537735233507544516e3337744f4245666e53376835636d664437784b646e44663454435257594a6356443530465177704a694b6f4c"
+
+	_, err := paseto.NewV4AsymmetricSecretKeyFromHex(badKey)
+	require.Error(t, err)
+
+	goodKey := "b4cbfb43df4ce210727d953e4a713307fa19bb7d9f85041438d9e11b942a37741eb9dbbbbc047c03fd70604e0071f0987e16b28b757225c11f00415d0e20b1a2"
+
+	_, err = paseto.NewV4AsymmetricSecretKeyFromHex(goodKey)
+	require.NoError(t, err)
+}

v2_keys.go

@@ -110,6 +110,14 @@ func NewV2AsymmetricSecretKeyFromBytes(privateKey []byte) (V2AsymmetricSecretKey
 		return NewV2AsymmetricSecretKey(), errorKeyLength(64, len(privateKey))
 	}
 
+	if isEd25519KeyPairMalformed(privateKey) {
+		// even though we return error, return a random key here rather than
+		// a nil key
+		// This should catch poorly formed private keys (ones that do not embed
+		// a public key which corresponds to their private portion)
+		return NewV2AsymmetricSecretKey(), errorKeyInvalid
+	}
+
 	return V2AsymmetricSecretKey{privateKey}, nil
 }
 

v4_keys.go

@@ -104,6 +104,15 @@ func NewV4AsymmetricSecretKeyFromHex(hexEncoded string) (V4AsymmetricSecretKey,
 	return NewV4AsymmetricSecretKeyFromBytes(privateKey)
 }
 
+func isEd25519KeyPairMalformed(privateKey []byte) bool {
+	seed := privateKey[:32]
+
+	pubKeyFromGiven := ed25519.PrivateKey(privateKey).Public().(ed25519.PublicKey)
+	pubKeyFromSeed := ed25519.NewKeyFromSeed(seed).Public().(ed25519.PublicKey)
+
+	return !pubKeyFromGiven.Equal(pubKeyFromSeed)
+}
+
 // NewV4AsymmetricSecretKeyFromBytes creates a secret key from bytes
 func NewV4AsymmetricSecretKeyFromBytes(privateKey []byte) (V4AsymmetricSecretKey, error) {
 	if len(privateKey) != 64 {
@@ -112,6 +121,14 @@ func NewV4AsymmetricSecretKeyFromBytes(privateKey []byte) (V4AsymmetricSecretKey
 		return NewV4AsymmetricSecretKey(), errorKeyLength(64, len(privateKey))
 	}
 
+	if isEd25519KeyPairMalformed(privateKey) {
+		// even though we return error, return a random key here rather than
+		// a nil key
+		// This should catch poorly formed private keys (ones that do not embed
+		// a public key which corresponds to their private portion)
+		return NewV4AsymmetricSecretKey(), errorKeyInvalid
+	}
+
 	return V4AsymmetricSecretKey{privateKey}, nil
 }