Merge pull request #45 from aidantwoods/update-deps-2

Update dependencies
aidantwoods · Jul 27, 2023 · 8199925 · 8199925
2 parents 2d843ed + 9e9a966
commit 8199925
Show file tree

Hide file tree

Showing 4 changed files with 38 additions and 32 deletions.
diff --git a/go.mod b/go.mod
@@ -3,14 +3,14 @@ module aidanwoods.dev/go-paseto
 go 1.18
 
 require (
-	aidanwoods.dev/go-result v0.0.0-20230617093509-2c57d7732f54
+	aidanwoods.dev/go-result v0.1.0
 	github.com/stretchr/testify v1.7.0
-	golang.org/x/crypto v0.7.0
+	golang.org/x/crypto v0.11.0
 )
 
 require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	golang.org/x/sys v0.6.0 // indirect
+	golang.org/x/sys v0.10.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
diff --git a/go.sum b/go.sum
@@ -1,5 +1,5 @@
-aidanwoods.dev/go-result v0.0.0-20230617093509-2c57d7732f54 h1:D4xKM5zeP8OHMy8il4nwMssVBr9k3fM3iKeGH0lNIgw=
-aidanwoods.dev/go-result v0.0.0-20230617093509-2c57d7732f54/go.mod h1:yridkWghM7AXSFA6wzx0IbsurIm1Lhuro3rYef8FBHM=
+aidanwoods.dev/go-result v0.1.0 h1:y/BMIRX6q3HwaorX1Wzrjo3WUdiYeyWbvGe18hKS3K8=
+aidanwoods.dev/go-result v0.1.0/go.mod h1:yridkWghM7AXSFA6wzx0IbsurIm1Lhuro3rYef8FBHM=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -8,10 +8,10 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A=
-golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
-golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
-golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA=
+golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio=
+golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA=
+golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

diff --git a/keys_test.go b/keys_test.go
@@ -40,27 +40,29 @@ func TestV4AsymmetricSecretKeyImport(t *testing.T) {
 }
 
 func TestGoObjectsImports(t *testing.T) {
-	ed25519Pub, ed25519Priv, err := ed25519.GenerateKey(rand.Reader)
-	require.NoError(t, err)
-
-	_, err = paseto.NewV2AsymmetricPublicKeyFromEd25519(ed25519Pub)
-	require.NoError(t, err)
-	_, err = paseto.NewV2AsymmetricSecretKeyFromEd25519(ed25519Priv)
-	require.NoError(t, err)
-
-	ecdsaPriv, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader)
-	require.NoError(t, err)
-	ecdsaPub := ecdsaPriv.PublicKey
-
-	_, err = paseto.NewV3AsymmetricPublicKeyFromEcdsa(ecdsaPub)
-	require.NoError(t, err)
-	_, err = paseto.NewV3AsymmetricSecretKeyFromEcdsa(*ecdsaPriv)
-	require.NoError(t, err)
-
-	_, err = paseto.NewV4AsymmetricPublicKeyFromEd25519(ed25519Pub)
-	require.NoError(t, err)
-	_, err = paseto.NewV4AsymmetricSecretKeyFromEd25519(ed25519Priv)
-	require.NoError(t, err)
+	for i := 0; i < 1000; i++ {
+		ed25519Pub, ed25519Priv, err := ed25519.GenerateKey(rand.Reader)
+		require.NoError(t, err)
+
+		_, err = paseto.NewV2AsymmetricPublicKeyFromEd25519(ed25519Pub)
+		require.NoError(t, err)
+		_, err = paseto.NewV2AsymmetricSecretKeyFromEd25519(ed25519Priv)
+		require.NoError(t, err)
+
+		ecdsaPriv, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader)
+		require.NoError(t, err)
+		ecdsaPub := ecdsaPriv.PublicKey
+
+		_, err = paseto.NewV3AsymmetricPublicKeyFromEcdsa(ecdsaPub)
+		require.NoError(t, err)
+		_, err = paseto.NewV3AsymmetricSecretKeyFromEcdsa(*ecdsaPriv)
+		require.NoError(t, err)
+
+		_, err = paseto.NewV4AsymmetricPublicKeyFromEd25519(ed25519Pub)
+		require.NoError(t, err)
+		_, err = paseto.NewV4AsymmetricSecretKeyFromEd25519(ed25519Priv)
+		require.NoError(t, err)
+	}
 }
 
 func TestBadEcdsaCurveImport(t *testing.T) {

diff --git a/v3_keys.go b/v3_keys.go
@@ -109,7 +109,11 @@ func (k V3AsymmetricSecretKey) ExportHex() string {
 
 // ExportBytes export a V3AsymmetricSecretKey to raw byte array
 func (k V3AsymmetricSecretKey) ExportBytes() []byte {
-	return k.material.D.Bytes()
+	return paddedSecretBytes(k.material)
+}
+
+func paddedSecretBytes(private ecdsa.PrivateKey) []byte {
+	return private.D.FillBytes(make([]byte, 48))
 }
 
 // NewV3AsymmetricSecretKey generate a new secret key for use with asymmetric
@@ -157,7 +161,7 @@ func NewV3AsymmetricSecretKeyFromBytes(secretBytes []byte) (V3AsymmetricSecretKe
 // NewV3AsymmetricSecretKeyFromBytes creates a secret key from a standard Go object
 func NewV3AsymmetricSecretKeyFromEcdsa(privateKey ecdsa.PrivateKey) (V3AsymmetricSecretKey, error) {
 	// basic sanity check that public key is associated with key material
-	parsedPrivateKey, err := NewV3AsymmetricSecretKeyFromBytes(privateKey.D.Bytes())
+	parsedPrivateKey, err := NewV3AsymmetricSecretKeyFromBytes(paddedSecretBytes(privateKey))
 	if err != nil {
 		// even though we return error, return a random key here rather than
 		// a nil key