diff --git a/src/exchange.c b/src/exchange.c index b7c4d9cd..643ad4c8 100644 --- a/src/exchange.c +++ b/src/exchange.c @@ -247,7 +247,7 @@ static int p11prov_ecdh_derive(void *ctx, unsigned char *secret, } } - ec_point = p11prov_obj_get_attr(ecdhctx->peer_key, CKA_EC_POINT); + ec_point = p11prov_obj_get_ec_public_raw(ecdhctx->peer_key); if (ec_point == NULL) { return RET_OSSL_ERR; } diff --git a/src/objects.c b/src/objects.c index 82258071..84e39250 100644 --- a/src/objects.c +++ b/src/objects.c @@ -2175,6 +2175,65 @@ int p11prov_obj_get_ec_public_x_y(P11PROV_OBJ *obj, CK_ATTRIBUTE **pub_x, return ret; } +CK_ATTRIBUTE *p11prov_obj_get_ec_public_raw(P11PROV_OBJ *key) +{ + CK_ATTRIBUTE *pub_key; + + if (!key) { + return RET_OSSL_ERR; + } + + if (key->data.key.type != CKK_EC) { + P11PROV_raise(key->ctx, CKR_GENERAL_ERROR, "Unsupported key type"); + return RET_OSSL_ERR; + } + + if (key->class != CKO_PRIVATE_KEY && key->class != CKO_PUBLIC_KEY) { + P11PROV_raise(key->ctx, CKR_GENERAL_ERROR, "Invalid Object Class"); + return RET_OSSL_ERR; + } + + pub_key = p11prov_obj_get_attr(key, CKA_P11PROV_PUB_KEY); + if (!pub_key) { + CK_ATTRIBUTE *ec_point; + + ec_point = p11prov_obj_get_attr(key, CKA_EC_POINT); + if (ec_point) { + const unsigned char *val; + ASN1_OCTET_STRING *octet; + void *tmp_ptr; + + val = ec_point->pValue; + octet = d2i_ASN1_OCTET_STRING(NULL, (const unsigned char **)&val, + ec_point->ulValueLen); + if (!octet) { + P11PROV_raise(key->ctx, CKR_KEY_INDIGESTIBLE, + "Failed to decode CKA_EC_POINT"); + return NULL; + } + tmp_ptr = OPENSSL_realloc(key->attrs, sizeof(CK_ATTRIBUTE) + * (key->numattrs + 1)); + if (!tmp_ptr) { + P11PROV_raise(key->ctx, CKR_HOST_MEMORY, + "Failed to allocate memory key attributes"); + return NULL; + } + key->attrs = tmp_ptr; + + CKATTR_ASSIGN(key->attrs[key->numattrs], CKA_P11PROV_PUB_KEY, + octet->data, octet->length); + key->numattrs++; + + pub_key = &key->attrs[key->numattrs - 1]; + } + } + + if (!pub_key) { + P11PROV_debug("ECC Public Point not found"); + } + return pub_key; +} + static int cmp_attr(P11PROV_OBJ *key1, P11PROV_OBJ *key2, CK_ATTRIBUTE_TYPE attr) { diff --git a/src/objects.h b/src/objects.h index d325b3a7..33ec8529 100644 --- a/src/objects.h +++ b/src/objects.h @@ -55,6 +55,7 @@ int p11prov_obj_export_public_key(P11PROV_OBJ *obj, CK_KEY_TYPE key_type, int p11prov_obj_get_ec_public_x_y(P11PROV_OBJ *obj, CK_ATTRIBUTE **pub_x, CK_ATTRIBUTE **pub_y); int p11prov_obj_get_ed_pub_key(P11PROV_OBJ *obj, CK_ATTRIBUTE **pub); +CK_ATTRIBUTE *p11prov_obj_get_ec_public_raw(P11PROV_OBJ *key); #define OBJ_CMP_KEY_TYPE 0x00 #define OBJ_CMP_KEY_PUBLIC 0x01 diff --git a/tests/meson.build b/tests/meson.build index 297aec36..9ec9234a 100644 --- a/tests/meson.build +++ b/tests/meson.build @@ -120,7 +120,7 @@ tests = { 'certs': {'suites': ['softokn', 'softhsm', 'kryoptic']}, 'ecc': {'suites': ['softokn', 'softhsm', 'kryoptic']}, 'edwards': {'suites': ['softhsm']}, - 'ecdh': {'suites': ['softokn']}, + 'ecdh': {'suites': ['softokn', 'kryoptic']}, 'democa': {'suites': ['softokn', 'softhsm', 'kryoptic'], 'is_parallel': false}, 'digest': {'suites': ['softokn', 'softhsm', 'kryoptic']}, 'fork': {'suites': ['softokn', 'softhsm', 'kryoptic']},