Skip to content

Commit 649fda8

Browse files
CluEleSsUKCluEleSsUK
committed
normalised how public keys are parsed
1 parent 0676012 commit 649fda8

File tree

3 files changed

+46
-44
lines changed

3 files changed

+46
-44
lines changed

internal/integration_test.go

Lines changed: 3 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,6 @@ package internal
22

33
import (
44
"encoding/hex"
5-
"encoding/json"
65
"fmt"
76
"os"
87
"path"
@@ -292,24 +291,9 @@ func createUnsignedDepositData() api.UnsignedDepositData {
292291
}
293292
}
294293

295-
type fileWithPublicKey struct {
296-
PublicKey []byte `json:"pubKey"`
297-
}
298-
299294
func generateRSAKey(path string) error {
300-
suite := crypto.NewRSASuite()
301-
kp, err := suite.CreateKeypair()
302-
if err != nil {
303-
return err
304-
}
305-
306-
file := fileWithPublicKey{
307-
PublicKey: kp.Public,
308-
}
309-
bytes, err := json.Marshal(file)
310-
if err != nil {
311-
return err
312-
}
295+
// this json is a sample created from an SSV node that's created an encrypted key
296+
j := "{\"checksum\":{\"function\":\"sha256\",\"message\":\"46542dce0fe705e4ee991028eeae8f660fb0f4f3f070d9877b3a8816708be2e8\",\"params\":{}},\"cipher\":{\"function\":\"aes-128-ctr\",\"message\":\"5a2f1a5073f43473365161ee59b3a5a3c1b2a72df350533d80dc4d7ac9e4e3a2e2571cf1d0db545162c923b34ea93eff64016c61d7829d0845b0e58baa67706677013c8091bf755f7a7b2fe4d54e89558164c46bc7f1986449f424e00e3df232d23618e0631d6a016d94a3ddff94386db32102ee401e9449b1da223d7ffd13e23499f9956edf9b085283bb1490a4c341b0c7c909762c822a45fa31744c1c3fe80279c0efe037b6e979bddc5e48eae6934b670de970eaefa5d125671682e06773384cbad0c165b82d78e62512823c31a925ac855447805e31f73fd749ad18c5e1234541f8efe9ab850f2ac3e72ae5270b18b4f0c21583705d67e626598718f84d2c7abd0c1ea82686737369b08bf6553315beb79e847afc9224276a298dc76e7ba71075e33e21347adb4cd3669fb24e85f953928060cca692f6a8a205b75475fa83083cbe9cd975ca7f3bc0f23429c814ea02c2dfd2581d660515abc86344f14f7e88d22eda599fc5cd5ded55e3df920b5f5f0a9dfd127ff2716c70ed8d276ce961185c21034fc79c18ce92cad939856f4ee16aa5a6baea77c1d66c07539a40f67e23c76c25f4c98c89e087200541dd321fabf9104200f1ce56c2914bbcf258a376d833802e2548a524243eaaa3a3421b00d0999cf72cb486a453bbc57f8ccba885359064e404d033d6228265ab6b98112f16c0a1f050cc8fa3ca175ae03e330cac75c745e58fde06efb2f5259b6c84d13d6e4c0a27b2be62e003f56cfa76cfb64b104b6bedf13c86d43a3462176ef832b945723ba051e2ad06e09a7d84adf0c18f62b63a67d93c5f7a63ddc3ff72bbbd41fb64cfc24902a6840d910987c6d5f8cc8d44baaed32641dd38873ffddaa4cb9b7b5ebe9047e3295a5fab68a88edc6c3b54d9d3de44133d511008f612ea0d15d86b671ec89a2935977e543350550b67e4554e2d2a406005872bbfed1d5e4252fb35f7c9ab6d1b400abdca69f3f96836fae7c9558c276bc524f8a802531b6194d2bd187f618595f817013304cc1d12e5e42c2871732443d9798640c52be86c48270d47129e6c8706795290cb4f8b6f5d12f0f8e4dcfb5cf90aab61ccc249fd1a2fc97bf79d0248aef7a69e47c83e51bafb3ee9ebf6e41a1ae1dcab40dfd067ba70262a216f339e5af7041df16d1882dee68123454ac41354dd49a8195873f7184124d239a6e1a54d79e436716f8dacaf0f04877fa93448d38b55e885dddd9fe686ccec9237c06eda8a2e8ecf20c5fd9eb8bf09d6d020479c50ad70a099baf24ae2960c83b6e9e75929b7c6241a0429719a54249909f0647a5bc5ab6acef642cccd15be77ddfceff327588395cf4b6abdafcf53379debd876c6101127cb44154cd4b5e882bbf446f202a4ebb383d567ce0c4d7752c206546629d6a269874f00226cdf9a67c896f0f6d39e242686cf17d9d2cb71d13c4becc06b39cd65972a00fff1ae561e9a4afcc75c14464fcf55cf8fff7b783b8077366b20656b8bf493feded958beb2b81e94c6180c9df73656a9f6d4ce28770f8bbf275a3bc965287d38a7efd215da140b1af05f03e3e7d31500cc38b767516827c25b7de56c7d001e3702747abb9158e19f3dd6c9f71c650cdee829bb41ee63e29598e3a959aef452cbc1b769e6ca96fa76b116fc9a93232c653bc96d2f100c5423c794e6f6282b58de3ae1418e12cb6fa0c719b3e77d7de07ac0ac0c41163d670672a125c1e99d2817c18272d2b9b6e6565df3afd1f1efa3fde0407809870d564db0082c88e434fcba8c3c318d5cfe5c88f4063cf1598a824d28798cc90dbae4b24abae633ad7774f0eed042d0f5886699840cfe82bee0478a997fabc900293345cd580e4e97a0df0934be23224608de335dc7b29faa1e9f5b8de8cbdc77b44615c1313e27cba3364490fe7b0c7dbed993211471a64871c2f3c793d9684b8f4d621db4da25ab9e92d9c2ededa5e6df162d59bebe3faf72361df8ad42454fb56de17d306fb7ae33169e373505606015585a524f627e2539a82233e338a223812e6fa8611ffbd206af28966c913567ad8a4e81fa072a4dd6c9022146aca829275f252d34ca42b4d77477e7e11fb36088752fd6df662a50914dd5a10cf9424df5c1e198a642b6a238e6a037d8fa107019d86488d680f392dc7f4d8609ad80df0b80ddb56014047b04c24de6ef167f0b4010eca9efc8b2c288d0c3194ef2d2535d6b0e7117c59f52e7c38fbe2ac42f2e2a7769c0f64b07278873d4b2199508835bd965199d8e820f3fd6aa83e39ce1bb1c1c4924f29e591c3f07baff238a481f4c8b714bc952e54425d80d2b137626510e6196c8bba52332d9bc57d1494f1a57105e67608f0404c560f981\",\"params\":{\"iv\":\"2143cda25288d8225f4b21e3499542eb\"}},\"kdf\":{\"function\":\"pbkdf2\",\"message\":\"\",\"params\":{\"c\":262144,\"dklen\":32,\"prf\":\"hmac-sha256\",\"salt\":\"03491c71fe76a466417984ad440dcab381cd5f547f8648eea9b40714a93bde01\"}},\"pubKey\":\"LS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFWS0tLS0tCk1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBNG0xa2Y1NDBXZ0lkdVdzaFNCc2MKbzhnQUZUUmhQU0NvM2VuRHFEb1JaVnh1YTZWWGFOdmdkRkloVm42Mm43RkRlaHdrY2NDVHNyRUYzVWJTRTVBMApDUStXT05xMTRCcEFPaUlpT0gydlV6YUNuaVZ0NTIxMDlkWmQwRWxXZjY2NVIvZHB3MFlrdUxpaUhWZnVYNHZ6ClVjclN1RlBqNXdIenY4aWs0R1FkUGJMenphU0REdXVZQnhmaGVGaTk3SDJTS0ZJdUxiVWNOb1B1L25udUtWN0QKQW5CTzlOOU4rQW9tNUYyRTBUVmpKa1RqZXJ6dmtTTGVXU0x1U2w5TGlRL28xUUlhOHBsVE1QTlFxOVRZVDJhMgo1aG5qbTF3QW9uOFRjWmFDSkNPSitlclpyS0p3Si9FVlRGNlpqamlXVVNtSDIyTjFGanpTaWs4Q3lSN1dFZEcwCldRSURBUUFCCi0tLS0tRU5EIFJTQSBQVUJMSUMgS0VZLS0tLS0K\"}"
313297

314-
return os.WriteFile(path, bytes, 0o644)
298+
return os.WriteFile(path, []byte(j), 0o644)
315299
}

shared/crypto/rsa_keys.go

Lines changed: 42 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,9 @@ import (
66
"crypto/rsa"
77
"crypto/sha256"
88
"crypto/x509"
9+
"encoding/pem"
10+
"errors"
11+
"fmt"
912
)
1013

1114
type RsaSuite struct{}
@@ -55,7 +58,7 @@ func (r RsaSuite) Verify(message []byte, publicKey []byte, signature []byte) err
5558
}
5659

5760
func (r RsaSuite) Encrypt(publicKey []byte, plaintext []byte) ([]byte, error) {
58-
pk, err := x509.ParsePKCS1PublicKey(publicKey)
61+
pk, err := parseRsaPublicKey(publicKey)
5962
if err != nil {
6063
return nil, err
6164
}
@@ -71,3 +74,41 @@ func (r RsaSuite) Decrypt(privateKey []byte, ciphertext []byte) ([]byte, error)
7174

7275
return rsa.DecryptPKCS1v15(rand.Reader, sk, ciphertext)
7376
}
77+
78+
// parseRsaPublicKey will unmarshal any bytes that have been normalised using `NormalisePublicKeyBytes`
79+
func parseRsaPublicKey(b []byte) (*rsa.PublicKey, error) {
80+
if len(b) == 0 {
81+
return nil, errors.New("public key was empty")
82+
}
83+
84+
return x509.ParsePKCS1PublicKey(b)
85+
}
86+
87+
// NormalisePublicKeyBytes takes bytes representing a public key from a variety of sources and transforms them
88+
// into a format usable by the sidecar and other apps
89+
func NormalisePublicKeyBytes(fileBytes []byte) ([]byte, error) {
90+
// if it's in pkcs1 format, just return it
91+
_, err := x509.ParsePKCS1PublicKey(fileBytes)
92+
if err == nil {
93+
return fileBytes, nil
94+
}
95+
96+
// otherwise try unwrapping the PEM
97+
block, _ := pem.Decode(fileBytes)
98+
if block == nil {
99+
return nil, fmt.Errorf("could not decode the public key - not in PEM or PKCS1 format")
100+
}
101+
102+
out, err := x509.ParsePKIXPublicKey(block.Bytes)
103+
if err != nil {
104+
return nil, fmt.Errorf("failed to parse PEM: %w", err)
105+
}
106+
107+
// and try to parse the interior key as an RSA key
108+
parsed, ok := out.(*rsa.PublicKey)
109+
if !ok {
110+
return nil, fmt.Errorf("failed to parse public key bytes wrapped in PEM: %w", err)
111+
}
112+
113+
return x509.MarshalPKCS1PublicKey(parsed), nil
114+
}

sidecar/internal/util/files.go

Lines changed: 1 addition & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,7 @@
11
package util
22

33
import (
4-
"crypto/rsa"
5-
"crypto/x509"
64
"encoding/json"
7-
"encoding/pem"
85
"fmt"
96
"os"
107
"path"
@@ -75,25 +72,5 @@ func LoadSsvPublicKey(filepath string) ([]byte, error) {
7572
return nil, fmt.Errorf("could not unmarshal public key from json in %s: %w", filepath, err)
7673
}
7774

78-
// if it's not in pkcs1 format
79-
if _, err := x509.ParsePKCS1PublicKey(key.PublicKey); err != nil {
80-
// we try unwrapping the PEM format
81-
block, _ := pem.Decode(key.PublicKey)
82-
if block == nil {
83-
return nil, fmt.Errorf("could not decode the public key - not in PEM or PKCS1 format")
84-
}
85-
86-
out, err := x509.ParsePKIXPublicKey(block.Bytes)
87-
if err != nil {
88-
return nil, fmt.Errorf("failed to parse PEM: %w", err)
89-
}
90-
91-
// and try to parse the interior key as an RSA key
92-
_, ok := out.(*rsa.PublicKey)
93-
if !ok {
94-
return nil, fmt.Errorf("failed to parse public key bytes wrapped in PEM: %w", err)
95-
}
96-
return block.Bytes, nil
97-
}
98-
return key.PublicKey, nil
75+
return crypto.NormalisePublicKeyBytes(key.PublicKey)
9976
}

0 commit comments

Comments
 (0)