Merge pull request #59 from nats-io/empty

[FIXED] Make sure to use byte slice to receive proper copy
nats-io · Oct 23, 2023 · d2e442e · d2e442e
2 parents 3e454c8 + 58fb9d6
commit d2e442e
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 8 deletions.
diff --git a/xkeys.go b/xkeys.go
@@ -1,4 +1,4 @@
-// Copyright 2022 The NATS Authors
+// Copyright 2022-2023 The NATS Authors
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
@@ -38,12 +38,13 @@ type ckp struct {
 	seed [curveKeyLen]byte // Private raw key.
 }
 
-// CreateUser will create a User typed KeyPair.
+// CreateCurveKeys will create a Curve typed KeyPair.
 func CreateCurveKeys() (KeyPair, error) {
 	return CreateCurveKeysWithRand(rand.Reader)
 }
 
-// CreateUser will create a User typed KeyPair with specified rand source.
+// CreateCurveKeysWithRand will create a Curve typed KeyPair
+// with specified rand source.
 func CreateCurveKeysWithRand(rr io.Reader) (KeyPair, error) {
 	var kp ckp
 	_, err := io.ReadFull(rr, kp.seed[:])
@@ -85,7 +86,7 @@ func (pair *ckp) PrivateKey() ([]byte, error) {
 	return Encode(PrefixBytePrivate, pair.seed[:])
 }
 
-func decodePubCurveKey(src string, dest [curveKeyLen]byte) error {
+func decodePubCurveKey(src string, dest []byte) error {
 	var raw [curveDecodeLen]byte // should always be 35
 	n, err := b32Enc.Decode(raw[:], []byte(src))
 	if err != nil {
@@ -112,7 +113,7 @@ func decodePubCurveKey(src string, dest [curveKeyLen]byte) error {
 	}
 
 	// Copy over, ignore prefix byte.
-	copy(dest[:], raw[1:end])
+	copy(dest, raw[1:end])
 	return nil
 }
 
@@ -134,7 +135,7 @@ func (pair *ckp) SealWithRand(input []byte, recipient string, rr io.Reader) ([]b
 		err   error
 	)
 
-	if err = decodePubCurveKey(recipient, rpub); err != nil {
+	if err = decodePubCurveKey(recipient, rpub[:]); err != nil {
 		return nil, ErrInvalidRecipient
 	}
 	if _, err := io.ReadFull(rr, nonce[:]); err != nil {
@@ -159,7 +160,7 @@ func (pair *ckp) Open(input []byte, sender string) ([]byte, error) {
 	}
 	copy(nonce[:], input[vlen:vlen+curveNonceLen])
 
-	if err = decodePubCurveKey(sender, spub); err != nil {
+	if err = decodePubCurveKey(sender, spub[:]); err != nil {
 		return nil, ErrInvalidSender
 	}
 

diff --git a/xkeys_test.go b/xkeys_test.go
@@ -1,4 +1,4 @@
-// Copyright 2022 The NATS Authors
+// Copyright 2022-2023 The NATS Authors
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
@@ -154,3 +154,32 @@ func TestCurvePublic(t *testing.T) {
 		t.Fatalf("Expected %v but got %v", ErrCannotSeal, err)
 	}
 }
+
+func TestCurvePublicEmptyBug(t *testing.T) {
+	kp, _ := CreateCurveKeys()
+	pub, _ := kp.PublicKey()
+
+	rkp, _ := CreateCurveKeys()
+	rpub, _ := rkp.PublicKey()
+
+	msg := []byte("Empty public better not work!")
+	encrypted, err := kp.Seal(msg, rpub)
+	if err != nil {
+		t.Fatalf("Received an error on Seal: %v", err)
+	}
+	decrypted, err := rkp.Open(encrypted, pub)
+	if err != nil {
+		t.Fatalf("Received an error on Open: %v", err)
+	}
+	if !bytes.Equal(decrypted, msg) {
+		t.Fatalf("Expected %q to be %q", decrypted, msg)
+	}
+	// Check an empty pub key.
+	var empty [curveKeyLen]byte
+	epub, _ := Encode(PrefixByteCurve, empty[:])
+
+	_, err = rkp.Open(encrypted, string(epub))
+	if err == nil {
+		t.Fatalf("Expected a failure with empty pub key")
+	}
+}