lib-dcrypt: Fix key format in raw & jwk keys

It needs to be point compressed with named curve

diff --git a/src/lib-dcrypt/dcrypt-openssl.c b/src/lib-dcrypt/dcrypt-openssl.c
index 0599413fda58835dea8975756e8d5f75a9f482f0..17bebde3899461273d82e6afa6327c3829035e2c 100644 (file)
--- a/src/lib-dcrypt/dcrypt-openssl.c
+++ b/src/lib-dcrypt/dcrypt-openssl.c
@@ -1595,6 +1595,10 @@ static bool load_jwk_ec_key(EVP_PKEY **key_r, bool want_private_key,
                return dcrypt_openssl_error(error_r);
        }
 
+       EC_KEY_precompute_mult(ec_key, NULL);
+       EC_KEY_set_asn1_flag(ec_key, OPENSSL_EC_NAMED_CURVE);
+       EC_KEY_set_conv_form(ec_key, POINT_CONVERSION_COMPRESSED);
+
        /* return as EVP_PKEY */
        EVP_PKEY *pkey = EVP_PKEY_new();
        EVP_PKEY_set1_EC_KEY(pkey, ec_key);
@@ -3405,6 +3409,8 @@ dcrypt_openssl_key_load_private_raw(struct dcrypt_private_key **key_r,
                        EC_KEY_free(key);
                        return dcrypt_openssl_error(error_r);
                }
+               EC_KEY_set_asn1_flag(key, OPENSSL_EC_NAMED_CURVE);
+               EC_KEY_set_conv_form(key, POINT_CONVERSION_COMPRESSED);
 
                EVP_PKEY *pkey = EVP_PKEY_new();
                EVP_PKEY_set1_EC_KEY(pkey, key);
@@ -3481,6 +3487,9 @@ dcrypt_openssl_key_load_public_raw(struct dcrypt_public_key **key_r,
                        return dcrypt_openssl_error(error_r);
                }
 
+               EC_KEY_precompute_mult(key, NULL);
+               EC_KEY_set_asn1_flag(key, OPENSSL_EC_NAMED_CURVE);
+               EC_KEY_set_conv_form(key, POINT_CONVERSION_COMPRESSED);
                EVP_PKEY *pkey = EVP_PKEY_new();
                EVP_PKEY_set1_EC_KEY(pkey, key);
                EC_KEY_free(key);

diff --git a/src/lib-dcrypt/test-crypto.c b/src/lib-dcrypt/test-crypto.c
index 9f378ce6a5615593830f8d3a474d8287ba3ad2a8..e783e2ba3fd993529990488039ba43d2b8f21a66 100644 (file)
--- a/src/lib-dcrypt/test-crypto.c
+++ b/src/lib-dcrypt/test-crypto.c
@@ -1008,12 +1008,9 @@ static void test_raw_keys(void)
        test_assert(dcrypt_key_store_public(pair.pub, DCRYPT_FORMAT_DOVECOT,
                                            buf, NULL));
        test_assert_strcmp(str_c(buf),
-                          "2:3059301306072a8648ce3d020106082a8648ce3d030107034"
-                          "20004e87c6da029fe5d161ad66ac61c788a360ffb64e77f5813"
-                          "b3801f9945eea94ae2def388c637727fbe970294b22160a4984"
-                          "efb4619614cc5e19fe9b2d24dae834b:21d116b7b3e5c52e81f"
-                          "0437a10b0116cfafc467fb1b96e48926d021668fc1bea");
-
+               "2:3039301306072a8648ce3d020106082a8648ce3d03010703220003e87c6d"
+               "a029fe5d161ad66ac61c788a360ffb64e77f5813b3801f9945eea94ae2:21d"
+               "116b7b3e5c52e81f0437a10b0116cfafc467fb1b96e48926d021668fc1bea");
        dcrypt_keypair_unref(&pair);
 
        test_end();
@@ -1156,9 +1153,10 @@ static void test_jwk_keys(void)
           "\"kid\":\"123\","
          "\"d\":\"Po2z9rs86J2Qb_xWprr4idsWNPlgKf3G8-mftnE2ync\"}";
        /* Acquired using another tool */
-       const char *pem_key = "-----BEGIN PUBLIC KEY-----\n"
-         "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEKp0Y4+Wpt+D9t/2XenFIj0LmvaZB\n"
-         "yLG69yOisek4aMLCMQ8HkGEflJE/DVwI3mCtassKmGtbX18IVHyntz07mg==\n"
+       const char *pem_key =
+         "-----BEGIN PUBLIC KEY-----\n"
+         "MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgACKp0Y4+Wpt+D9t/2XenFIj0LmvaZB\n"
+         "yLG69yOisek4aMI=\n"
          "-----END PUBLIC KEY-----";
 
        test_begin("test_jwk_keys");