Ensure we use the correct curve for public key (#101)

re: AB#10116 Co-authored-by: jgough <[email protected]>
datatrails · Feb 6, 2025 · 34ae31d · 34ae31d
1 parent 0426bbf
commit 34ae31d
Showing 1 changed file with 18 additions and 5 deletions.
diff --git a/azkeys/coseSigner.go b/azkeys/coseSigner.go
@@ -105,6 +105,8 @@ func base64BEtoBigInt(in string) (*big.Int, error) {
 }
 
 // PublicKey returns the public key for this instance of CoseSignerKeyVault
+//
+// NOTE: Only valid for ECDSA
 func (kv *KeyVaultCoseSigner) PublicKey() (*ecdsa.PublicKey, error) {
 	if kv.key.Key.X == nil || kv.key.Key.Y == nil {
 		return nil, fmt.Errorf("public key is nil")
@@ -120,12 +122,23 @@ func (kv *KeyVaultCoseSigner) PublicKey() (*ecdsa.PublicKey, error) {
 		return nil, fmt.Errorf("unable to convert Y %s: %w", *kv.key.Key.Y, err)
 	}
 
+	var curve elliptic.Curve
+
+	switch kv.key.Key.Crv {
+	case keyvault.P256:
+		curve = elliptic.P256()
+	case keyvault.P384:
+		curve = elliptic.P384()
+	case keyvault.P521:
+		curve = elliptic.P521()
+	default:
+		return nil, fmt.Errorf("failed to find ecdsa curve for public key")
+	}
+
 	return &ecdsa.PublicKey{
-		Curve: &elliptic.CurveParams{
-			Name: "P-384",
-		},
-		X: X,
-		Y: Y,
+		Curve: curve,
+		X:     X,
+		Y:     Y,
 	}, nil
 }