Skip to content

Commit 99c4c65

Browse files
JackDoanJackDoan
committed
bump nebula to current master for cert-v2 support
1 parent b93d4f7 commit 99c4c65

6 files changed

Lines changed: 66 additions & 76 deletions

File tree

client_test.go

Lines changed: 16 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -52,7 +52,7 @@ func TestEnroll(t *testing.T) {
5252
hostIP := "192.168.100.1"
5353
counter := uint(5)
5454
ca, _ := dnapitest.NebulaCACert()
55-
caPEM, err := ca.MarshalToPEM()
55+
caPEM, err := ca.MarshalPEM()
5656
require.NoError(t, err)
5757

5858
ts.ExpectEnrollment(code, message.NetworkCurve25519, func(req message.EnrollRequest) []byte {
@@ -76,7 +76,7 @@ func TestEnroll(t *testing.T) {
7676
HostID: hostID,
7777
Counter: counter,
7878
Config: cfg,
79-
TrustedKeys: marshalCAPublicKey(ca.Details.Curve, ca.Details.PublicKey),
79+
TrustedKeys: marshalCAPublicKey(ca.Curve(), ca.PublicKey()),
8080
Organization: message.HostOrgMetadata{
8181
ID: orgID,
8282
Name: orgName,
@@ -103,7 +103,7 @@ func TestEnroll(t *testing.T) {
103103
assert.Empty(t, ts.Errors())
104104
assert.Equal(t, 0, ts.RequestsRemaining())
105105

106-
tk, err := keys.NewTrustedKey(ed25519.PublicKey(ca.Details.PublicKey))
106+
tk, err := keys.NewTrustedKey(ed25519.PublicKey(ca.PublicKey()))
107107
require.NoError(t, err)
108108

109109
assert.Equal(t, hostID, creds.HostID)
@@ -123,7 +123,7 @@ func TestEnroll(t *testing.T) {
123123
}
124124
err = yaml.Unmarshal(cfg, &y)
125125
require.NoError(t, err)
126-
_, rest, err := cert.UnmarshalX25519PublicKey(y.Test.DHPubkey)
126+
_, rest, _, err := cert.UnmarshalPublicKeyFromPEM(y.Test.DHPubkey)
127127
assert.NoError(t, err)
128128
assert.Len(t, rest, 0)
129129
assert.Equal(t, code, y.Test.Code)
@@ -174,7 +174,7 @@ func TestDoUpdate(t *testing.T) {
174174
t.Cleanup(func() { ts.Close() })
175175

176176
ca, caPrivkey := dnapitest.NebulaCACert()
177-
caPEM, err := ca.MarshalToPEM()
177+
caPEM, err := ca.MarshalPEM()
178178
require.NoError(t, err)
179179

180180
c := NewClient(useragent, ts.URL)
@@ -201,7 +201,7 @@ func TestDoUpdate(t *testing.T) {
201201
HostID: "foobar",
202202
Counter: 1,
203203
Config: cfg,
204-
TrustedKeys: marshalCAPublicKey(ca.Details.Curve, ca.Details.PublicKey),
204+
TrustedKeys: marshalCAPublicKey(ca.Curve(), ca.PublicKey()),
205205
Organization: message.HostOrgMetadata{
206206
ID: "foobaz",
207207
Name: "foobar's foo org",
@@ -270,7 +270,7 @@ func TestDoUpdate(t *testing.T) {
270270
Config: dnapitest.NebulaCfg(caPEM),
271271
Counter: 2,
272272
Nonce: dnapitest.GetNonce(r),
273-
TrustedKeys: marshalCAPublicKey(ca.Details.Curve, ca.Details.PublicKey),
273+
TrustedKeys: marshalCAPublicKey(ca.Curve(), ca.PublicKey()),
274274
Organization: message.HostOrgMetadata{
275275
ID: "foobaz",
276276
Name: "foobar's foo org",
@@ -325,7 +325,7 @@ func TestDoUpdate(t *testing.T) {
325325
Config: dnapitest.NebulaCfg(caPEM),
326326
Counter: 0,
327327
Nonce: dnapitest.GetNonce(r),
328-
TrustedKeys: marshalCAPublicKey(ca.Details.Curve, ca.Details.PublicKey),
328+
TrustedKeys: marshalCAPublicKey(ca.Curve(), ca.PublicKey()),
329329
Organization: message.HostOrgMetadata{
330330
ID: "foobaz",
331331
Name: "foobar's foo org",
@@ -384,7 +384,7 @@ func TestDoUpdate(t *testing.T) {
384384
Config: dnapitest.NebulaCfg(caPEM),
385385
Counter: 3,
386386
Nonce: dnapitest.GetNonce(r),
387-
TrustedKeys: marshalCAPublicKey(ca.Details.Curve, ca.Details.PublicKey),
387+
TrustedKeys: marshalCAPublicKey(ca.Curve(), ca.PublicKey()),
388388
Organization: message.HostOrgMetadata{
389389
ID: orgID,
390390
Name: orgName,
@@ -438,7 +438,7 @@ func TestDoUpdate_P256(t *testing.T) {
438438
t.Cleanup(func() { ts.Close() })
439439

440440
ca, caPrivkey := dnapitest.NebulaCACertP256()
441-
caPEM, err := ca.MarshalToPEM()
441+
caPEM, err := ca.MarshalPEM()
442442
require.NoError(t, err)
443443

444444
c := NewClient(useragent, ts.URL)
@@ -465,7 +465,7 @@ func TestDoUpdate_P256(t *testing.T) {
465465
HostID: "foobar",
466466
Counter: 1,
467467
Config: cfg,
468-
TrustedKeys: marshalCAPublicKey(ca.Details.Curve, ca.Details.PublicKey),
468+
TrustedKeys: marshalCAPublicKey(ca.Curve(), ca.PublicKey()),
469469
Organization: message.HostOrgMetadata{
470470
ID: "foobaz",
471471
Name: "foobar's foo org",
@@ -623,7 +623,7 @@ func TestDoUpdate_P256(t *testing.T) {
623623
Config: dnapitest.NebulaCfg(caPEM),
624624
Counter: 3,
625625
Nonce: dnapitest.GetNonce(r),
626-
TrustedKeys: marshalCAPublicKey(ca.Details.Curve, ca.Details.PublicKey),
626+
TrustedKeys: marshalCAPublicKey(ca.Curve(), ca.PublicKey()),
627627
Organization: message.HostOrgMetadata{
628628
ID: "foobaz",
629629
Name: "foobar's foo org",
@@ -678,7 +678,7 @@ func TestCommandResponse(t *testing.T) {
678678
t.Cleanup(func() { ts.Close() })
679679

680680
ca, _ := dnapitest.NebulaCACert()
681-
caPEM, err := ca.MarshalToPEM()
681+
caPEM, err := ca.MarshalPEM()
682682
require.NoError(t, err)
683683

684684
c := NewClient(useragent, ts.URL)
@@ -705,7 +705,7 @@ func TestCommandResponse(t *testing.T) {
705705
HostID: "foobar",
706706
Counter: 1,
707707
Config: cfg,
708-
TrustedKeys: marshalCAPublicKey(ca.Details.Curve, ca.Details.PublicKey),
708+
TrustedKeys: marshalCAPublicKey(ca.Curve(), ca.PublicKey()),
709709
Organization: message.HostOrgMetadata{
710710
ID: "foobaz",
711711
Name: "foobar's foo org",
@@ -780,7 +780,7 @@ func TestStreamCommandResponse(t *testing.T) {
780780
t.Cleanup(func() { ts.Close() })
781781

782782
ca, _ := dnapitest.NebulaCACert()
783-
caPEM, err := ca.MarshalToPEM()
783+
caPEM, err := ca.MarshalPEM()
784784
require.NoError(t, err)
785785

786786
c := NewClient(useragent, ts.URL)
@@ -807,7 +807,7 @@ func TestStreamCommandResponse(t *testing.T) {
807807
HostID: "foobar",
808808
Counter: 1,
809809
Config: cfg,
810-
TrustedKeys: marshalCAPublicKey(ca.Details.Curve, ca.Details.PublicKey),
810+
TrustedKeys: marshalCAPublicKey(ca.Curve(), ca.PublicKey()),
811811
Organization: message.HostOrgMetadata{
812812
ID: "foobaz",
813813
Name: "foobar's foo org",

dnapitest/dnapitest.go

Lines changed: 29 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -14,9 +14,9 @@ import (
1414
"fmt"
1515
"io"
1616
"math/big"
17-
"net"
1817
"net/http"
1918
"net/http/httptest"
19+
"net/netip"
2020
"time"
2121

2222
"github.com/DefinedNet/dnapi/keys"
@@ -470,33 +470,33 @@ func NebulaCfg(caCert []byte) []byte {
470470
return nebulaCfg
471471
}
472472

473-
func NebulaCACert() (*cert.NebulaCertificate, ed25519.PrivateKey) {
473+
func NebulaCACert() (cert.Certificate, ed25519.PrivateKey) {
474474
pub, priv, err := ed25519.GenerateKey(rand.Reader)
475475
if err != nil {
476476
panic(err)
477477
}
478478

479-
nc := &cert.NebulaCertificate{
480-
Details: cert.NebulaCertificateDetails{
481-
Name: "UnitTesting",
482-
Groups: []string{"testa", "testb"},
483-
Ips: []*net.IPNet{},
484-
Subnets: []*net.IPNet{},
485-
NotBefore: time.Now(),
486-
NotAfter: time.Now().Add(24 * time.Hour),
487-
PublicKey: pub,
488-
IsCA: true,
489-
},
479+
nc := cert.TBSCertificate{
480+
Version: cert.Version1,
481+
Curve: cert.Curve_CURVE25519,
482+
Name: "UnitTesting",
483+
Groups: []string{"testa", "testb"},
484+
Networks: []netip.Prefix{},
485+
UnsafeNetworks: []netip.Prefix{},
486+
NotBefore: time.Now(),
487+
NotAfter: time.Now().Add(24 * time.Hour),
488+
PublicKey: pub,
489+
IsCA: true,
490490
}
491-
err = nc.Sign(nc.Details.Curve, priv)
491+
out, err := nc.Sign(nil, nc.Curve, priv)
492492
if err != nil {
493493
panic(err)
494494
}
495495

496-
return nc, priv
496+
return out, priv
497497
}
498498

499-
func NebulaCACertP256() (*cert.NebulaCertificate, *ecdsa.PrivateKey) {
499+
func NebulaCACertP256() (cert.Certificate, *ecdsa.PrivateKey) {
500500
key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
501501
if err != nil {
502502
panic(err)
@@ -512,23 +512,22 @@ func NebulaCACertP256() (*cert.NebulaCertificate, *ecdsa.PrivateKey) {
512512
rawPriv := eKey.Bytes()
513513
pub := eKey.PublicKey().Bytes()
514514

515-
nc := &cert.NebulaCertificate{
516-
Details: cert.NebulaCertificateDetails{
517-
Curve: cert.Curve_P256,
518-
Name: "UnitTesting",
519-
Groups: []string{"testa", "testb"},
520-
Ips: []*net.IPNet{},
521-
Subnets: []*net.IPNet{},
522-
NotBefore: time.Now(),
523-
NotAfter: time.Now().Add(24 * time.Hour),
524-
PublicKey: pub,
525-
IsCA: true,
526-
},
515+
nc := cert.TBSCertificate{
516+
Version: cert.Version1,
517+
Curve: cert.Curve_P256,
518+
Name: "UnitTesting",
519+
Groups: []string{"testa", "testb"},
520+
Networks: []netip.Prefix{},
521+
UnsafeNetworks: []netip.Prefix{},
522+
NotBefore: time.Now(),
523+
NotAfter: time.Now().Add(24 * time.Hour),
524+
PublicKey: pub,
525+
IsCA: true,
527526
}
528-
err = nc.Sign(nc.Details.Curve, rawPriv)
527+
out, err := nc.Sign(nil, nc.Curve, rawPriv)
529528
if err != nil {
530529
panic(err)
531530
}
532531

533-
return nc, key
532+
return out, key
534533
}

go.mod

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,11 @@
11
module github.com/DefinedNet/dnapi
22

3-
go 1.24.0
3+
go 1.25
44

55
require (
6-
github.com/sirupsen/logrus v1.9.2
7-
github.com/slackhq/nebula v1.7.1
8-
github.com/stretchr/testify v1.8.2
6+
github.com/sirupsen/logrus v1.9.3
7+
github.com/slackhq/nebula v1.9.5-0.20250929184312-f1e992f6dd6c
8+
github.com/stretchr/testify v1.11.1
99
golang.org/x/crypto v0.42.0
1010
gopkg.in/yaml.v2 v2.4.0
1111
)
@@ -16,7 +16,7 @@ require (
1616
github.com/kr/pretty v0.3.1 // indirect
1717
github.com/pmezard/go-difflib v1.0.0 // indirect
1818
golang.org/x/sys v0.36.0 // indirect
19-
google.golang.org/protobuf v1.30.0 // indirect
19+
google.golang.org/protobuf v1.36.6 // indirect
2020
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
2121
gopkg.in/yaml.v3 v3.0.1 // indirect
2222
)

go.sum

Lines changed: 9 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -2,8 +2,6 @@ github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ3
22
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
33
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
44
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
5-
github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
6-
github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
75
github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
86
github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
97
github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
@@ -16,32 +14,23 @@ github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
1614
github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
1715
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
1816
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
17+
github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=
1918
github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
20-
github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
21-
github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
22-
github.com/sirupsen/logrus v1.9.2 h1:oxx1eChJGI6Uks2ZC4W1zpLlVgqB8ner4EuQwV4Ik1Y=
23-
github.com/sirupsen/logrus v1.9.2/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
24-
github.com/slackhq/nebula v1.7.1 h1:+kzPkx9rMXJKj43N7Zcdb+ZsHAX+/u2beS7qPHbWhdw=
25-
github.com/slackhq/nebula v1.7.1/go.mod h1:cnaoahkUipDs1vrNoIszyp0QPRIQN9Pm68ppQEW1Fhg=
19+
github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
20+
github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
21+
github.com/slackhq/nebula v1.9.5-0.20250929184312-f1e992f6dd6c h1:4GAogL52sMHv0K3GuMcaT3OEdwbqOksheeT378AfIA0=
22+
github.com/slackhq/nebula v1.9.5-0.20250929184312-f1e992f6dd6c/go.mod h1:VYBz79cUkThq4FtM0GOG1OROiY50Wdvoh+USyIxB4ww=
2623
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
27-
github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
28-
github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
2924
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
30-
github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
31-
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
32-
github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8=
33-
github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
25+
github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
26+
github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
3427
golang.org/x/crypto v0.42.0 h1:chiH31gIWm57EkTXpwnqf8qeuMUi0yekh6mT2AvFlqI=
3528
golang.org/x/crypto v0.42.0/go.mod h1:4+rDnOTJhQCx2q7/j6rAN5XDw8kPjeaXEUR2eL94ix8=
36-
golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE=
37-
golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg=
3829
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
3930
golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k=
4031
golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
41-
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
42-
google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
43-
google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng=
44-
google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
32+
google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY=
33+
google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY=
4534
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
4635
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
4736
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=

keys/crypto.go

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -156,7 +156,7 @@ func newNebulaX25519KeypairPEM() ([]byte, []byte, error) {
156156
if err != nil {
157157
return nil, nil, err
158158
}
159-
pubkey, privkey = cert.MarshalX25519PublicKey(pubkey), cert.MarshalX25519PrivateKey(privkey)
159+
pubkey, privkey = cert.MarshalPublicKeyToPEM(cert.Curve_CURVE25519, pubkey), cert.MarshalPrivateKeyToPEM(cert.Curve_P256, privkey)
160160

161161
return pubkey, privkey, nil
162162
}
@@ -173,8 +173,8 @@ func newNebulaP256KeypairPEM() ([]byte, []byte, error) {
173173
return nil, nil, err
174174
}
175175

176-
pubkey := cert.MarshalPublicKey(cert.Curve_P256, ecdhPrivkey.PublicKey().Bytes())
177-
privkey := cert.MarshalPrivateKey(cert.Curve_P256, ecdhPrivkey.Bytes())
176+
pubkey := cert.MarshalPublicKeyToPEM(cert.Curve_P256, ecdhPrivkey.PublicKey().Bytes())
177+
privkey := cert.MarshalPrivateKeyToPEM(cert.Curve_P256, ecdhPrivkey.Bytes())
178178

179179
return pubkey, privkey, nil
180180
}

keys/pem.go

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,8 +14,10 @@ const HostEd25519PrivateKeyBanner = "DEFINED HOST ED25519 PRIVATE KEY"
1414
const HostP256PublicKeyBanner = "DEFINED HOST P256 PUBLIC KEY"
1515
const HostP256PrivateKeyBanner = "DEFINED HOST P256 PRIVATE KEY"
1616

17+
const NebulaP256PublicKeyBanner = "NEBULA P256 PUBLIC KEY"
1718
const NebulaECDSAP256PublicKeyBanner = "NEBULA ECDSA P256 PUBLIC KEY"
1819
const NebulaEd25519PublicKeyBanner = "NEBULA ED25519 PUBLIC KEY"
20+
const NebulaX25519PublicKeyBanner = "NEBULA X25519 PUBLIC KEY"
1921

2022
func MarshalHostEd25519PublicKey(k ed25519.PublicKey) ([]byte, error) {
2123
b, err := x509.MarshalPKIXPublicKey(k)
@@ -164,14 +166,14 @@ func UnmarshalTrustedKey(b []byte) (TrustedKey, []byte, error) {
164166
}
165167

166168
switch k.Type {
167-
case NebulaECDSAP256PublicKeyBanner:
169+
case NebulaECDSAP256PublicKeyBanner, NebulaP256PublicKeyBanner:
168170
if len(k.Bytes) != 65 {
169171
return nil, r, fmt.Errorf("key was not 65 bytes, is invalid P256 public key")
170172
}
171173

172174
x, y := elliptic.Unmarshal(elliptic.P256(), k.Bytes)
173175
return P256TrustedKey{&ecdsa.PublicKey{X: x, Y: y, Curve: elliptic.P256()}}, r, nil
174-
case NebulaEd25519PublicKeyBanner:
176+
case NebulaEd25519PublicKeyBanner, NebulaX25519PublicKeyBanner:
175177
if len(k.Bytes) != ed25519.PublicKeySize {
176178
return nil, r, fmt.Errorf("key was not 32 bytes, is invalid ed25519 public key")
177179
}

0 commit comments

Comments
 (0)