Validate ECC curve when creating signer/verifier

Author: yaronf

crypto.go

@@ -4,6 +4,7 @@ import (
 	"crypto"
 	"crypto/ecdsa"
 	"crypto/ed25519"
+	"crypto/elliptic"
 	"crypto/hmac"
 	"crypto/rand"
 	"crypto/rsa"
@@ -88,6 +89,9 @@ func NewP256Signer(keyID string, key ecdsa.PrivateKey, config *SignConfig, field
 	if keyID == "" {
 		return nil, fmt.Errorf("keyID must not be empty")
 	}
+	if key.Curve != elliptic.P256() {
+		return nil, fmt.Errorf("key curve must be P-256")
+	}
 	if config == nil {
 		config = NewSignConfig()
 	}
@@ -279,6 +283,9 @@ func NewP256Verifier(keyID string, key ecdsa.PublicKey, config *VerifyConfig, fi
 	if config.verifyKeyID && keyID == "" {
 		return nil, fmt.Errorf("keyID should not be empty")
 	}
+	if key.Curve != elliptic.P256() {
+		return nil, fmt.Errorf("key curve must be P-256")
+	}
 	return &Verifier{
 		keyID:  keyID,
 		key:    key,