#62 handle pkcs8 ECDSA keys with missing public parts

Reviewed by: Cody Peter Mello <[email protected]>

Author: Alex Wilson

lib/formats/pkcs8.js

@@ -301,10 +301,22 @@ function readPkcs8ECDSAPrivate(der) {
 	assert.equal(version[0], 1, 'unknown version of ECDSA key');
 
 	var d = der.readString(asn1.Ber.OctetString, true);
-	der.readSequence(0xa1);
+	var Q;
 
-	var Q = der.readString(asn1.Ber.BitString, true);
-	Q = utils.ecNormalize(Q);
+	if (der.peek() == 0xa0) {
+		der.readSequence(0xa0);
+		der._offset += der.length;
+	}
+	if (der.peek() == 0xa1) {
+		der.readSequence(0xa1);
+		Q = der.readString(asn1.Ber.BitString, true);
+		Q = utils.ecNormalize(Q);
+	}
+
+	if (Q === undefined) {
+		var pub = utils.publicFromPrivateECDSA(curveName, d);
+		Q = pub.part.Q.data;
+	}
 
 	var key = {
 		type: 'ecdsa',

package.json

@@ -1,6 +1,6 @@
 {
   "name": "sshpk",
-  "version": "1.16.0",
+  "version": "1.16.1",
   "description": "A library for finding and using SSH public keys",
   "main": "lib/index.js",
   "scripts": {

test/assets/pkcs8-nopub.pem

@@ -0,0 +1,4 @@
+-----BEGIN PRIVATE KEY-----
+MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCD1/r3zho5W2MpyZEk+
+2d7gxUcQYUJzvWSOiwkUxCj8Bw==
+-----END PRIVATE KEY-----

test/private-key.js

@@ -373,6 +373,17 @@ test('PrivateKey.generate ecdsa p-384', function (t) {
 	t.end();
 });
 
+test('pkcs8 PrivateKey without public part', function (t) {
+	var pem = fs.readFileSync(path.join(testDir, 'pkcs8-nopub.pem'));
+	var key = sshpk.parsePrivateKey(pem, 'pem');
+	t.strictEqual(key.type, 'ecdsa');
+	t.strictEqual(key.curve, 'nistp256');
+	var fp = sshpk.parseFingerprint(
+	    'SHA256:wU/JTqlHV21vv0tcaNOFUZD2FXciO2KwImEOW1+AH50');
+	t.ok(fp.matches(key));
+	t.end();
+});
+
 if (process.version.match(/^v0\.[0-9]\./))
 	return;