Merge pull request #59 from nats-io/empty

derekcollison · web-flow · commit d2e442ebad85 · 2023-10-23T08:42:11.000-07:00
[FIXED] Make sure to use byte slice to receive proper copy
diff --git a/xkeys.go b/xkeys.go
@@ -1,4 +1,4 @@
-// Copyright 2022 The NATS Authors
+// Copyright 2022-2023 The NATS Authors
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
@@ -38,12 +38,13 @@ type ckp struct {
 	seed [curveKeyLen]byte // Private raw key.
 }
 
-// CreateUser will create a User typed KeyPair.
+// CreateCurveKeys will create a Curve typed KeyPair.
 func CreateCurveKeys() (KeyPair, error) {
 	return CreateCurveKeysWithRand(rand.Reader)
 }
 
-// CreateUser will create a User typed KeyPair with specified rand source.
+// CreateCurveKeysWithRand will create a Curve typed KeyPair
+// with specified rand source.
 func CreateCurveKeysWithRand(rr io.Reader) (KeyPair, error) {
 	var kp ckp
 	_, err := io.ReadFull(rr, kp.seed[:])
@@ -85,7 +86,7 @@ func (pair *ckp) PrivateKey() ([]byte, error) {
 	return Encode(PrefixBytePrivate, pair.seed[:])
 }
 
-func decodePubCurveKey(src string, dest [curveKeyLen]byte) error {
+func decodePubCurveKey(src string, dest []byte) error {
 	var raw [curveDecodeLen]byte // should always be 35
 	n, err := b32Enc.Decode(raw[:], []byte(src))
 	if err != nil {
@@ -112,7 +113,7 @@ func decodePubCurveKey(src string, dest [curveKeyLen]byte) error {
 	}
 
 	// Copy over, ignore prefix byte.
-	copy(dest[:], raw[1:end])
+	copy(dest, raw[1:end])
 	return nil
 }
 
@@ -134,7 +135,7 @@ func (pair *ckp) SealWithRand(input []byte, recipient string, rr io.Reader) ([]b
 		err   error
 	)
 
-	if err = decodePubCurveKey(recipient, rpub); err != nil {
+	if err = decodePubCurveKey(recipient, rpub[:]); err != nil {
 		return nil, ErrInvalidRecipient
 	}
 	if _, err := io.ReadFull(rr, nonce[:]); err != nil {
@@ -159,7 +160,7 @@ func (pair *ckp) Open(input []byte, sender string) ([]byte, error) {
 	}
 	copy(nonce[:], input[vlen:vlen+curveNonceLen])
 
-	if err = decodePubCurveKey(sender, spub); err != nil {
+	if err = decodePubCurveKey(sender, spub[:]); err != nil {
 		return nil, ErrInvalidSender
 	}
 
diff --git a/xkeys_test.go b/xkeys_test.go
@@ -1,4 +1,4 @@
-// Copyright 2022 The NATS Authors
+// Copyright 2022-2023 The NATS Authors
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
@@ -154,3 +154,32 @@ func TestCurvePublic(t *testing.T) {
 		t.Fatalf("Expected %v but got %v", ErrCannotSeal, err)
 	}
 }
+
+func TestCurvePublicEmptyBug(t *testing.T) {
+	kp, _ := CreateCurveKeys()
+	pub, _ := kp.PublicKey()
+
+	rkp, _ := CreateCurveKeys()
+	rpub, _ := rkp.PublicKey()
+
+	msg := []byte("Empty public better not work!")
+	encrypted, err := kp.Seal(msg, rpub)
+	if err != nil {
+		t.Fatalf("Received an error on Seal: %v", err)
+	}
+	decrypted, err := rkp.Open(encrypted, pub)
+	if err != nil {
+		t.Fatalf("Received an error on Open: %v", err)
+	}
+	if !bytes.Equal(decrypted, msg) {
+		t.Fatalf("Expected %q to be %q", decrypted, msg)
+	}
+	// Check an empty pub key.
+	var empty [curveKeyLen]byte
+	epub, _ := Encode(PrefixByteCurve, empty[:])
+
+	_, err = rkp.Open(encrypted, string(epub))
+	if err == nil {
+		t.Fatalf("Expected a failure with empty pub key")
+	}
+}

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-// Copyright 2022 The NATS Authors`
	`1`	`+// Copyright 2022-2023 The NATS Authors`
`2`	`2`	`// Licensed under the Apache License, Version 2.0 (the "License");`
`3`	`3`	`// you may not use this file except in compliance with the License.`
`4`	`4`	`// You may obtain a copy of the License at`
`@@ -38,12 +38,13 @@ type ckp struct {`
`38`	`38`	`seed [curveKeyLen]byte // Private raw key.`
`39`	`39`	`}`
`40`	`40`
`41`		`-// CreateUser will create a User typed KeyPair.`
	`41`	`+// CreateCurveKeys will create a Curve typed KeyPair.`
`42`	`42`	`func CreateCurveKeys() (KeyPair, error) {`
`43`	`43`	`return CreateCurveKeysWithRand(rand.Reader)`
`44`	`44`	`}`
`45`	`45`
`46`		`-// CreateUser will create a User typed KeyPair with specified rand source.`
	`46`	`+// CreateCurveKeysWithRand will create a Curve typed KeyPair`
	`47`	`+// with specified rand source.`
`47`	`48`	`func CreateCurveKeysWithRand(rr io.Reader) (KeyPair, error) {`
`48`	`49`	`var kp ckp`
`49`	`50`	`_, err := io.ReadFull(rr, kp.seed[:])`
`@@ -85,7 +86,7 @@ func (pair *ckp) PrivateKey() ([]byte, error) {`
`85`	`86`	`return Encode(PrefixBytePrivate, pair.seed[:])`
`86`	`87`	`}`
`87`	`88`
`88`		`-func decodePubCurveKey(src string, dest [curveKeyLen]byte) error {`
	`89`	`+func decodePubCurveKey(src string, dest []byte) error {`
`89`	`90`	`var raw [curveDecodeLen]byte // should always be 35`
`90`	`91`	`n, err := b32Enc.Decode(raw[:], []byte(src))`
`91`	`92`	`if err != nil {`
`@@ -112,7 +113,7 @@ func decodePubCurveKey(src string, dest [curveKeyLen]byte) error {`
`112`	`113`	`}`
`113`	`114`
`114`	`115`	`// Copy over, ignore prefix byte.`
`115`		`- copy(dest[:], raw[1:end])`
	`116`	`+ copy(dest, raw[1:end])`
`116`	`117`	`return nil`
`117`	`118`	`}`
`118`	`119`
`@@ -134,7 +135,7 @@ func (pair *ckp) SealWithRand(input []byte, recipient string, rr io.Reader) ([]b`
`134`	`135`	`err error`
`135`	`136`	`)`
`136`	`137`
`137`		`- if err = decodePubCurveKey(recipient, rpub); err != nil {`
	`138`	`+ if err = decodePubCurveKey(recipient, rpub[:]); err != nil {`
`138`	`139`	`return nil, ErrInvalidRecipient`
`139`	`140`	`}`
`140`	`141`	`if _, err := io.ReadFull(rr, nonce[:]); err != nil {`
`@@ -159,7 +160,7 @@ func (pair *ckp) Open(input []byte, sender string) ([]byte, error) {`
`159`	`160`	`}`
`160`	`161`	`copy(nonce[:], input[vlen:vlen+curveNonceLen])`
`161`	`162`
`162`		`- if err = decodePubCurveKey(sender, spub); err != nil {`
	`163`	`+ if err = decodePubCurveKey(sender, spub[:]); err != nil {`
`163`	`164`	`return nil, ErrInvalidSender`
`164`	`165`	`}`
`165`	`166`