From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Thu, 29 Aug 2019 09:52:46 +0000 (+0300)
Subject: lib-dcrypt: Fix key format in raw & jwk keys
X-Git-Tag: 2.3.8~39
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=24d8493fa75de43e0410c7e81910461e02b44415;p=thirdparty%2Fdovecot%2Fcore.git

lib-dcrypt: Fix key format in raw & jwk keys

It needs to be point compressed with named curve
---

diff --git a/src/lib-dcrypt/dcrypt-openssl.c b/src/lib-dcrypt/dcrypt-openssl.c
index 0599413fda..17bebde389 100644
--- a/src/lib-dcrypt/dcrypt-openssl.c
+++ b/src/lib-dcrypt/dcrypt-openssl.c
@@ -1595,6 +1595,10 @@ static bool load_jwk_ec_key(EVP_PKEY **key_r, bool want_private_key,
 		return dcrypt_openssl_error(error_r);
 	}
 
+	EC_KEY_precompute_mult(ec_key, NULL);
+	EC_KEY_set_asn1_flag(ec_key, OPENSSL_EC_NAMED_CURVE);
+	EC_KEY_set_conv_form(ec_key, POINT_CONVERSION_COMPRESSED);
+
 	/* return as EVP_PKEY */
 	EVP_PKEY *pkey = EVP_PKEY_new();
 	EVP_PKEY_set1_EC_KEY(pkey, ec_key);
@@ -3405,6 +3409,8 @@ dcrypt_openssl_key_load_private_raw(struct dcrypt_private_key **key_r,
 			EC_KEY_free(key);
 			return dcrypt_openssl_error(error_r);
 		}
+		EC_KEY_set_asn1_flag(key, OPENSSL_EC_NAMED_CURVE);
+		EC_KEY_set_conv_form(key, POINT_CONVERSION_COMPRESSED);
 
 		EVP_PKEY *pkey = EVP_PKEY_new();
 		EVP_PKEY_set1_EC_KEY(pkey, key);
@@ -3481,6 +3487,9 @@ dcrypt_openssl_key_load_public_raw(struct dcrypt_public_key **key_r,
 			return dcrypt_openssl_error(error_r);
 		}
 
+		EC_KEY_precompute_mult(key, NULL);
+		EC_KEY_set_asn1_flag(key, OPENSSL_EC_NAMED_CURVE);
+		EC_KEY_set_conv_form(key, POINT_CONVERSION_COMPRESSED);
 		EVP_PKEY *pkey = EVP_PKEY_new();
 		EVP_PKEY_set1_EC_KEY(pkey, key);
 		EC_KEY_free(key);
diff --git a/src/lib-dcrypt/test-crypto.c b/src/lib-dcrypt/test-crypto.c
index 9f378ce6a5..e783e2ba3f 100644
--- a/src/lib-dcrypt/test-crypto.c
+++ b/src/lib-dcrypt/test-crypto.c
@@ -1008,12 +1008,9 @@ static void test_raw_keys(void)
 	test_assert(dcrypt_key_store_public(pair.pub, DCRYPT_FORMAT_DOVECOT,
 					    buf, NULL));
 	test_assert_strcmp(str_c(buf),
-			   "2:3059301306072a8648ce3d020106082a8648ce3d030107034"
-			   "20004e87c6da029fe5d161ad66ac61c788a360ffb64e77f5813"
-			   "b3801f9945eea94ae2def388c637727fbe970294b22160a4984"
-			   "efb4619614cc5e19fe9b2d24dae834b:21d116b7b3e5c52e81f"
-			   "0437a10b0116cfafc467fb1b96e48926d021668fc1bea");
-
+		"2:3039301306072a8648ce3d020106082a8648ce3d03010703220003e87c6d"
+		"a029fe5d161ad66ac61c788a360ffb64e77f5813b3801f9945eea94ae2:21d"
+		"116b7b3e5c52e81f0437a10b0116cfafc467fb1b96e48926d021668fc1bea");
 	dcrypt_keypair_unref(&pair);
 
 	test_end();
@@ -1156,9 +1153,10 @@ static void test_jwk_keys(void)
           "\"kid\":\"123\","
 	  "\"d\":\"Po2z9rs86J2Qb_xWprr4idsWNPlgKf3G8-mftnE2ync\"}";
 	/* Acquired using another tool */
-	const char *pem_key = "-----BEGIN PUBLIC KEY-----\n"
-	  "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEKp0Y4+Wpt+D9t/2XenFIj0LmvaZB\n"
-	  "yLG69yOisek4aMLCMQ8HkGEflJE/DVwI3mCtassKmGtbX18IVHyntz07mg==\n"
+	const char *pem_key =
+	  "-----BEGIN PUBLIC KEY-----\n"
+	  "MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgACKp0Y4+Wpt+D9t/2XenFIj0LmvaZB\n"
+	  "yLG69yOisek4aMI=\n"
 	  "-----END PUBLIC KEY-----";
 
 	test_begin("test_jwk_keys");