From 34ae31d7414ed64ed0e3d3210fd64c8753d4c5f2 Mon Sep 17 00:00:00 2001
From: Joe Gough <36932486+honourfish@users.noreply.github.com>
Date: Thu, 6 Feb 2025 08:33:11 +0000
Subject: [PATCH] Ensure we use the correct curve for public key (#101)

re: AB#10116

Co-authored-by: jgough <joe.gough@datatrails.ai>
---
 azkeys/coseSigner.go | 23 ++++++++++++++++++-----
 1 file changed, 18 insertions(+), 5 deletions(-)

diff --git a/azkeys/coseSigner.go b/azkeys/coseSigner.go
index 705e582..085285f 100644
--- a/azkeys/coseSigner.go
+++ b/azkeys/coseSigner.go
@@ -105,6 +105,8 @@ func base64BEtoBigInt(in string) (*big.Int, error) {
 }
 
 // PublicKey returns the public key for this instance of CoseSignerKeyVault
+//
+// NOTE: Only valid for ECDSA
 func (kv *KeyVaultCoseSigner) PublicKey() (*ecdsa.PublicKey, error) {
 	if kv.key.Key.X == nil || kv.key.Key.Y == nil {
 		return nil, fmt.Errorf("public key is nil")
@@ -120,12 +122,23 @@ func (kv *KeyVaultCoseSigner) PublicKey() (*ecdsa.PublicKey, error) {
 		return nil, fmt.Errorf("unable to convert Y %s: %w", *kv.key.Key.Y, err)
 	}
 
+	var curve elliptic.Curve
+
+	switch kv.key.Key.Crv {
+	case keyvault.P256:
+		curve = elliptic.P256()
+	case keyvault.P384:
+		curve = elliptic.P384()
+	case keyvault.P521:
+		curve = elliptic.P521()
+	default:
+		return nil, fmt.Errorf("failed to find ecdsa curve for public key")
+	}
+
 	return &ecdsa.PublicKey{
-		Curve: &elliptic.CurveParams{
-			Name: "P-384",
-		},
-		X: X,
-		Y: Y,
+		Curve: curve,
+		X:     X,
+		Y:     Y,
 	}, nil
 }