From abd22bf3baffefe022c38446ef2f96758fb9fe44 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Fri, 27 Sep 2024 13:14:42 -0400
Subject: [PATCH] Implement support for ec point compression query

OpenSSL TLS code needs to know if the EC public key is in compressed or
uncompressed representation, for peer keys.
Add support to return this information from public keys.

Signed-off-by: Simo Sorce <simo@redhat.com>
---
 src/keymgmt.c | 15 ++++++++++++++-
 src/objects.c | 14 ++++++++++++++
 src/objects.h |  1 +
 3 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/src/keymgmt.c b/src/keymgmt.c
index f6fd9cc6..0f7a7310 100644
--- a/src/keymgmt.c
+++ b/src/keymgmt.c
@@ -1640,6 +1640,18 @@ static int p11prov_ec_get_params(void *keydata, OSSL_PARAM params[])
             memcpy(p->data, pub_key->pValue, pub_key->ulValueLen);
         }
     }
+    p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT);
+    if (p) {
+        bool compressed = p11prov_obj_get_ec_compressed(key);
+        if (compressed) {
+            ret = OSSL_PARAM_set_utf8_string(p, "compressed");
+        } else {
+            ret = OSSL_PARAM_set_utf8_string(p, "uncompressed");
+        }
+        if (ret != RET_OSSL_OK) {
+            return ret;
+        }
+    }
 
     return RET_OSSL_OK;
 }
@@ -1655,10 +1667,11 @@ static const OSSL_PARAM *p11prov_ec_gettable_params(void *provctx)
         OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_PUB_X, NULL, 0),
         OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_PUB_Y, NULL, 0),
         OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0),
+        OSSL_PARAM_utf8_string(
+            OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, NULL, 0),
         /*
          * OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAM
          * OSSL_PKEY_PARAM_EC_ENCODING
-         * OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT
          * OSSL_PKEY_PARAM_EC_FIELD_TYPE
          * OSSL_PKEY_PARAM_EC_P
          * OSSL_PKEY_PARAM_EC_A
diff --git a/src/objects.c b/src/objects.c
index ab7d61ff..a754a3e3 100644
--- a/src/objects.c
+++ b/src/objects.c
@@ -1728,6 +1728,20 @@ const char *p11prov_obj_get_ec_group_name(P11PROV_OBJ *obj)
     return (const char *)attr->pValue;
 }
 
+bool p11prov_obj_get_ec_compressed(P11PROV_OBJ *obj)
+{
+    CK_ATTRIBUTE *pub_key;
+    uint8_t *buf;
+
+    pub_key = p11prov_obj_get_attr(obj, CKA_P11PROV_PUB_KEY);
+    if (!pub_key) {
+        return false;
+    }
+    buf = pub_key->pValue;
+
+    return (buf[0] & 0x01) == 0x01;
+}
+
 static int ossl_param_construct_bn(P11PROV_CTX *provctx, OSSL_PARAM *param,
                                    const char *key, const BIGNUM *val)
 {
diff --git a/src/objects.h b/src/objects.h
index 4a06cc30..c6ee04ff 100644
--- a/src/objects.h
+++ b/src/objects.h
@@ -52,6 +52,7 @@ CK_RV p11prov_obj_set_attributes(P11PROV_CTX *ctx, P11PROV_SESSION *session,
                                  P11PROV_OBJ *obj, CK_ATTRIBUTE *template,
                                  CK_ULONG tsize);
 const char *p11prov_obj_get_ec_group_name(P11PROV_OBJ *obj);
+bool p11prov_obj_get_ec_compressed(P11PROV_OBJ *obj);
 int p11prov_obj_export_public_key(P11PROV_OBJ *obj, CK_KEY_TYPE key_type,
                                   bool search_related, OSSL_CALLBACK *cb_fn,
                                   void *cb_arg);