add test for GOEXPERIMENT=boringcrypto (#861)

* add test for GOEXPERIMENT=boringcrypto * fix NebulaCertificate.Sign Set the PublicKey field in a more compatible way for the tests. The current method grabs the public key from the certificate, but the correct thing to do is to derive it from the private key. Either way doesn't really matter as I don't think the Sign method actually even uses the PublicKey field. * assert boring * cleanup tests
2025-11-22 08:24:25 +01:00 · 2023-05-08 13:27:01 -04:00
parent 48eb63899f
commit 31ed9269d7
5 changed files with 48 additions and 9 deletions
--- a/cert/cert.go
+++ b/cert/cert.go
@@ -522,15 +522,15 @@ func (nc *NebulaCertificate) Sign(curve Curve, key []byte) error {
 		signer := ed25519.PrivateKey(key)
 		sig = ed25519.Sign(signer, b)
 	case Curve_P256:
-		x, y := elliptic.Unmarshal(elliptic.P256(), nc.Details.PublicKey)
 		signer := &ecdsa.PrivateKey{
 			PublicKey: ecdsa.PublicKey{
 				Curve: elliptic.P256(),
-				X:     x, Y: y,
 			},
 			// ref: https://github.com/golang/go/blob/go1.19/src/crypto/x509/sec1.go#L95
 			D: new(big.Int).SetBytes(key),
 		}
+		// ref: https://github.com/golang/go/blob/go1.19/src/crypto/x509/sec1.go#L119
+		signer.X, signer.Y = signer.Curve.ScalarBaseMult(key)

 		// We need to hash first for ECDSA
 		// - https://pkg.go.dev/crypto/ecdsa#SignASN1