Relax curve validation

RFC8152 allows for unregistered curves, therefore we should not fail key validation if a curve is not recognised when marshalling. We should only fail when a known curve is used with an incorrect key type. Signed-off-by: setrofim <setrofim@gmail.com>
veraison · Jul 3, 2023 · c91ee92 · c91ee92
1 parent 2bfa631
commit c91ee92
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 12 deletions.
diff --git a/key.go b/key.go
@@ -454,23 +454,25 @@ func (k Key) Validate() error {
 	switch k.KeyType {
 	case KeyTypeEC2:
 		switch k.Curve {
-		case CurveP256, CurveP384, CurveP521:
-			// ok
-		default:
+		case CurveX25519, CurveX448, CurveEd25519, CurveEd448:
 			return fmt.Errorf(
-				"EC2 curve must be P-256, P-384, or P-521; found %q",
+				"Key type mismatch for curve %q (must be OKP, found EC2)",
 				k.Curve.String(),
 			)
+		default:
+			// ok -- a key may contain a currently unsupported curve
+			// see https://www.rfc-editor.org/rfc/rfc8152#section-13.1.1
 		}
 	case KeyTypeOKP:
 		switch k.Curve {
-		case CurveX25519, CurveX448, CurveEd25519, CurveEd448:
-			// ok
-		default:
+		case CurveP256, CurveP384, CurveP521:
 			return fmt.Errorf(
-				"OKP curve must be X25519, X448, Ed25519, or Ed448; found %q",
+				"Key type mismatch for curve %q (must be EC2, found OKP)",
 				k.Curve.String(),
 			)
+		default:
+			// ok -- a key may contain a currently unsupported curve
+			// see https://www.rfc-editor.org/rfc/rfc8152#section-13.2
 		}
 	case KeyTypeSymmetric:
 	default:

diff --git a/key_test.go b/key_test.go
@@ -230,7 +230,7 @@ func Test_Key_UnmarshalCBOR(t *testing.T) {
 				0x01, 0x01, // kty: OKP
 				0x20, 0x01, // curve: CurveP256
 			},
-			WantErr:  "OKP curve must be X25519, X448, Ed25519, or Ed448; found \"P-256\"",
+			WantErr:  "Key type mismatch for curve \"P-256\" (must be EC2, found OKP)",
 			Validate: nil,
 		},
 		{
@@ -240,7 +240,7 @@ func Test_Key_UnmarshalCBOR(t *testing.T) {
 				0x01, 0x02, // kty: EC2
 				0x20, 0x06, // curve: CurveEd25519
 			},
-			WantErr:  "EC2 curve must be P-256, P-384, or P-521; found \"Ed25519\"",
+			WantErr:  "Key type mismatch for curve \"Ed25519\" (must be OKP, found EC2)",
 			Validate: nil,
 		},
 		{
@@ -549,7 +549,7 @@ func Test_Key_signer_validation(t *testing.T) {
 
 	key.KeyType = KeyTypeEC2
 	_, err = key.Signer()
-	assertEqualError(t, err, "EC2 curve must be P-256, P-384, or P-521; found \"Ed25519\"")
+	assertEqualError(t, err, "Key type mismatch for curve \"Ed25519\" (must be OKP, found EC2)")
 
 	key.Curve = CurveP256
 	_, err = key.Signer()
@@ -587,7 +587,7 @@ func Test_Key_verifier_validation(t *testing.T) {
 
 	key.KeyType = KeyTypeEC2
 	_, err = key.Verifier()
-	assertEqualError(t, err, "EC2 curve must be P-256, P-384, or P-521; found \"Ed25519\"")
+	assertEqualError(t, err, "Key type mismatch for curve \"Ed25519\" (must be OKP, found EC2)")
 
 	key.KeyType = KeyTypeOKP
 	key.KeyOps = []KeyOp{}