From 684dbe66d9615378bdb4d1ac1ede9f901591cb86 Mon Sep 17 00:00:00 2001
From: Alex Wilson <alex.wilson@joyent.com>
Date: Sun, 20 Jan 2019 13:14:48 -0800
Subject: [PATCH] joyent/node-sshpk#62 handle pkcs8 ECDSA keys with missing
 public parts Reviewed by: Cody Peter Mello <cody.mello@joyent.com>

---
 lib/formats/pkcs8.js        | 18 +++++++++++++++---
 package.json                |  2 +-
 test/assets/pkcs8-nopub.pem |  4 ++++
 test/private-key.js         | 11 +++++++++++
 4 files changed, 31 insertions(+), 4 deletions(-)
 create mode 100644 test/assets/pkcs8-nopub.pem

diff --git a/lib/formats/pkcs8.js b/lib/formats/pkcs8.js
index bf7a06b..2ca3ca7 100644
--- a/lib/formats/pkcs8.js
+++ b/lib/formats/pkcs8.js
@@ -301,10 +301,22 @@ function readPkcs8ECDSAPrivate(der) {
 	assert.equal(version[0], 1, 'unknown version of ECDSA key');
 
 	var d = der.readString(asn1.Ber.OctetString, true);
-	der.readSequence(0xa1);
+	var Q;
 
-	var Q = der.readString(asn1.Ber.BitString, true);
-	Q = utils.ecNormalize(Q);
+	if (der.peek() == 0xa0) {
+		der.readSequence(0xa0);
+		der._offset += der.length;
+	}
+	if (der.peek() == 0xa1) {
+		der.readSequence(0xa1);
+		Q = der.readString(asn1.Ber.BitString, true);
+		Q = utils.ecNormalize(Q);
+	}
+
+	if (Q === undefined) {
+		var pub = utils.publicFromPrivateECDSA(curveName, d);
+		Q = pub.part.Q.data;
+	}
 
 	var key = {
 		type: 'ecdsa',
diff --git a/package.json b/package.json
index 198d5e3..cc78787 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "sshpk",
-  "version": "1.16.0",
+  "version": "1.16.1",
   "description": "A library for finding and using SSH public keys",
   "main": "lib/index.js",
   "scripts": {
diff --git a/test/assets/pkcs8-nopub.pem b/test/assets/pkcs8-nopub.pem
new file mode 100644
index 0000000..0f1d958
--- /dev/null
+++ b/test/assets/pkcs8-nopub.pem
@@ -0,0 +1,4 @@
+-----BEGIN PRIVATE KEY-----
+MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCD1/r3zho5W2MpyZEk+
+2d7gxUcQYUJzvWSOiwkUxCj8Bw==
+-----END PRIVATE KEY-----
diff --git a/test/private-key.js b/test/private-key.js
index 0ed132f..3eb25ba 100644
--- a/test/private-key.js
+++ b/test/private-key.js
@@ -373,6 +373,17 @@ test('PrivateKey.generate ecdsa p-384', function (t) {
 	t.end();
 });
 
+test('pkcs8 PrivateKey without public part', function (t) {
+	var pem = fs.readFileSync(path.join(testDir, 'pkcs8-nopub.pem'));
+	var key = sshpk.parsePrivateKey(pem, 'pem');
+	t.strictEqual(key.type, 'ecdsa');
+	t.strictEqual(key.curve, 'nistp256');
+	var fp = sshpk.parseFingerprint(
+	    'SHA256:wU/JTqlHV21vv0tcaNOFUZD2FXciO2KwImEOW1+AH50');
+	t.ok(fp.matches(key));
+	t.end();
+});
+
 if (process.version.match(/^v0\.[0-9]\./))
 	return;