From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Thu, 29 Aug 2019 14:09:55 +0000 (+0300)
Subject: lib-dcrypt: Only use compressed points with dovecot internal formats
X-Git-Tag: 2.3.8~34
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ef5de58e95b1763b030575a7b63b8033f8ce4f39;p=thirdparty%2Fdovecot%2Fcore.git

lib-dcrypt: Only use compressed points with dovecot internal formats
---

diff --git a/src/lib-dcrypt/dcrypt-openssl.c b/src/lib-dcrypt/dcrypt-openssl.c
index d235a10cf4..88a48fd0c5 100644
--- a/src/lib-dcrypt/dcrypt-openssl.c
+++ b/src/lib-dcrypt/dcrypt-openssl.c
@@ -695,8 +695,6 @@ dcrypt_openssl_generate_ec_key(int nid, EVP_PKEY **key, const char **error_r)
 	EVP_PKEY_CTX_free(ctx);
 	EC_KEY_set_asn1_flag(EVP_PKEY_get0_EC_KEY((*key)),
 			     OPENSSL_EC_NAMED_CURVE);
-	EC_KEY_set_conv_form(EVP_PKEY_get0_EC_KEY((*key)),
-			     POINT_CONVERSION_COMPRESSED);
 	return TRUE;
 }
 
@@ -786,7 +784,6 @@ dcrypt_openssl_ecdh_derive_secret_local(struct dcrypt_private_key *local_key,
 	    EC_KEY_set_public_key(ec_key, pub) != 1)
 		ec = -1;
 	else
-		EC_KEY_set_conv_form(ec_key, POINT_CONVERSION_COMPRESSED);
 	EC_POINT_free(pub);
 	BN_CTX_free(bn_ctx);
 
@@ -851,10 +848,10 @@ dcrypt_openssl_ecdh_derive_secret_peer(struct dcrypt_public_key *peer_key,
 	BN_CTX *bn_ctx = BN_CTX_new();
 	const EC_POINT *pub = EC_KEY_get0_public_key(EVP_PKEY_get0_EC_KEY(local));
 	const EC_GROUP *grp = EC_KEY_get0_group(EVP_PKEY_get0_EC_KEY(local));
-	size_t len = EC_POINT_point2oct(grp, pub, POINT_CONVERSION_COMPRESSED,
+	size_t len = EC_POINT_point2oct(grp, pub, POINT_CONVERSION_UNCOMPRESSED,
 					NULL, 0, bn_ctx);
 	unsigned char R_buf[len];
-	EC_POINT_point2oct(grp, pub, POINT_CONVERSION_COMPRESSED,
+	EC_POINT_point2oct(grp, pub, POINT_CONVERSION_UNCOMPRESSED,
 			   R_buf, len, bn_ctx);
 	BN_CTX_free(bn_ctx);
 	buffer_append(R, R_buf, len);
@@ -1108,7 +1105,6 @@ dcrypt_openssl_load_private_key_dovecot_v1(struct dcrypt_private_key **key_r,
 		EC_KEY_free(eckey);
 		return dcrypt_openssl_error(error_r);
 	}
-	EC_KEY_set_conv_form(eckey, POINT_CONVERSION_COMPRESSED);
 	EC_KEY_set_private_key(eckey, point);
 	EC_KEY_precompute_mult(eckey, bnctx);
 	EC_KEY_set_asn1_flag(eckey, OPENSSL_EC_NAMED_CURVE);
@@ -1400,7 +1396,6 @@ dcrypt_openssl_load_private_key_dovecot_v2(struct dcrypt_private_key **key_r,
 			BN_CTX_free(bnctx);
 			return dcrypt_openssl_error(error_r);
 		}
-		EC_KEY_set_conv_form(eckey, POINT_CONVERSION_COMPRESSED);
 		EC_KEY_set_private_key(eckey, point);
 		EC_KEY_precompute_mult(eckey, bnctx);
 		EC_KEY_set_asn1_flag(eckey, OPENSSL_EC_NAMED_CURVE);
@@ -1597,7 +1592,6 @@ static bool load_jwk_ec_key(EVP_PKEY **key_r, bool want_private_key,
 
 	EC_KEY_precompute_mult(ec_key, NULL);
 	EC_KEY_set_asn1_flag(ec_key, OPENSSL_EC_NAMED_CURVE);
-	EC_KEY_set_conv_form(ec_key, POINT_CONVERSION_COMPRESSED);
 
 	/* return as EVP_PKEY */
 	EVP_PKEY *pkey = EVP_PKEY_new();
@@ -2268,6 +2262,8 @@ dcrypt_openssl_store_private_key_dovecot(struct dcrypt_private_key *key,
 		/* because otherwise we get wrong nid */
 		obj = OBJ_nid2obj(EC_GROUP_get_curve_name(
 			EC_KEY_get0_group(EVP_PKEY_get0_EC_KEY(pkey))));
+		EC_KEY_set_conv_form(EVP_PKEY_get0_EC_KEY(pkey),
+				     POINT_CONVERSION_COMPRESSED);
 
 	} else {
 		obj = OBJ_nid2obj(EVP_PKEY_id(pkey));
@@ -2360,6 +2356,9 @@ dcrypt_openssl_store_public_key_dovecot(struct dcrypt_public_key *key,
 	unsigned char *tmp = NULL;
 	size_t dest_used = buffer_get_used_size(destination);
 
+	if (EVP_PKEY_base_id(pubkey) == EVP_PKEY_EC)
+		EC_KEY_set_conv_form(EVP_PKEY_get0_EC_KEY(pubkey),
+				     POINT_CONVERSION_COMPRESSED);
 	int rv = i2d_PUBKEY(pubkey, &tmp);
 
 	if (tmp == NULL)
@@ -2430,8 +2429,8 @@ dcrypt_openssl_load_private_key(struct dcrypt_private_key **key_r,
 	}
 
 	if (EVP_PKEY_base_id(key) == EVP_PKEY_EC) {
-		EC_KEY_set_conv_form(EVP_PKEY_get0_EC_KEY(key),
-				     POINT_CONVERSION_COMPRESSED);
+		EC_KEY_set_asn1_flag(EVP_PKEY_get0_EC_KEY(key),
+				     OPENSSL_EC_NAMED_CURVE);
 	}
 
 	*key_r = i_new(struct dcrypt_private_key, 1);
@@ -2495,7 +2494,6 @@ dcrypt_openssl_load_public_key(struct dcrypt_public_key **key_r,
 		}
 		EC_KEY *eckey = d2i_EC_PUBKEY_bio(b64, NULL);
 		if (eckey != NULL) {
-			EC_KEY_set_conv_form(eckey, POINT_CONVERSION_COMPRESSED);
 			EC_KEY_set_asn1_flag(eckey, OPENSSL_EC_NAMED_CURVE);
 			key = EVP_PKEY_new();
 			if (key != NULL)
@@ -2544,6 +2542,10 @@ dcrypt_openssl_store_private_key(struct dcrypt_private_key *key,
 		return ret;
 	}
 
+	if (EVP_PKEY_base_id(pkey) == EVP_PKEY_EC)
+		EC_KEY_set_conv_form(EVP_PKEY_get0_EC_KEY(pkey),
+				     POINT_CONVERSION_UNCOMPRESSED);
+
 	BIO *key_out = BIO_new(BIO_s_mem());
 	if (key_out == NULL)
 		return dcrypt_openssl_error(error_r);
@@ -2604,6 +2606,10 @@ dcrypt_openssl_store_public_key(struct dcrypt_public_key *key,
 		return ret;
 	}
 
+	if (EVP_PKEY_base_id(pkey) == EVP_PKEY_EC)
+		EC_KEY_set_conv_form(EVP_PKEY_get0_EC_KEY(pkey),
+				     POINT_CONVERSION_UNCOMPRESSED);
+
 	BIO *key_out = BIO_new(BIO_s_mem());
 	if (key_out == NULL)
 		return dcrypt_openssl_error(error_r);
@@ -3251,6 +3257,7 @@ dcrypt_openssl_key_store_private_raw(struct dcrypt_private_key *key,
 	} else if (EVP_PKEY_base_id(priv) == EVP_PKEY_EC) {
 		/* store OID */
 		EC_KEY *key = EVP_PKEY_get0_EC_KEY(priv);
+		EC_KEY_set_conv_form(key, POINT_CONVERSION_UNCOMPRESSED);
 		int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(key));
 		ASN1_OBJECT *obj = OBJ_nid2obj(nid);
 		int len = OBJ_length(obj);
@@ -3304,6 +3311,7 @@ dcrypt_openssl_key_store_public_raw(struct dcrypt_public_key *key,
 	} else if (EVP_PKEY_base_id(pub) == EVP_PKEY_EC) {
 		/* store OID */
 		EC_KEY *key = EVP_PKEY_get0_EC_KEY(pub);
+		EC_KEY_set_conv_form(key, POINT_CONVERSION_UNCOMPRESSED);
 		int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(key));
 		ASN1_OBJECT *obj = OBJ_nid2obj(nid);
 		int len = OBJ_length(obj);
@@ -3411,7 +3419,6 @@ dcrypt_openssl_key_load_private_raw(struct dcrypt_private_key **key_r,
 			return dcrypt_openssl_error(error_r);
 		}
 		EC_KEY_set_asn1_flag(key, OPENSSL_EC_NAMED_CURVE);
-		EC_KEY_set_conv_form(key, POINT_CONVERSION_COMPRESSED);
 
 		EVP_PKEY *pkey = EVP_PKEY_new();
 		EVP_PKEY_set1_EC_KEY(pkey, key);
@@ -3490,7 +3497,6 @@ dcrypt_openssl_key_load_public_raw(struct dcrypt_public_key **key_r,
 
 		EC_KEY_precompute_mult(key, NULL);
 		EC_KEY_set_asn1_flag(key, OPENSSL_EC_NAMED_CURVE);
-		EC_KEY_set_conv_form(key, POINT_CONVERSION_COMPRESSED);
 		EVP_PKEY *pkey = EVP_PKEY_new();
 		EVP_PKEY_set1_EC_KEY(pkey, key);
 		EC_KEY_free(key);
diff --git a/src/lib-dcrypt/test-crypto.c b/src/lib-dcrypt/test-crypto.c
index e783e2ba3f..2f5267eef0 100644
--- a/src/lib-dcrypt/test-crypto.c
+++ b/src/lib-dcrypt/test-crypto.c
@@ -453,11 +453,12 @@ static void test_load_v2_key(void)
 {
 	const char *keys[] = {
 		"-----BEGIN PRIVATE KEY-----\n"
-		"MGcCAQAwEwYHKoZIzj0CAQYIKoZIzj0D"
-			"AQcETTBLAgEBBCC25AkD65uhlZXCAdwN\n"
-		"yLJV2ui8A/CUyqyEMrezvwgMO6EkAyIA"
-			"AybRUR3MsH0+0PQcDwkrXOJ9aePwzTQV\n"
-		"DN51+n1JCxbI\n"
+		"MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgtu"
+		"QJA+uboZWVwgHc\n"
+		"DciyVdrovAPwlMqshDK3s78IDDuhRANCAAQm0VEdzLB9PtD0HA"
+		"8JK1zifWnj8M00\n"
+		"FQzedfp9SQsWyA8dzs5/NFR5MTe6Xbh/ndKEs1zZH3vZ4FlNri"
+		"lZc0st\n"
 		"-----END PRIVATE KEY-----\n",
 		"2:1.2.840.10045.3.1.7:0:0000002100b6e40903eb9ba195"
 		"95c201dc0dc8b255dae8bc03f094caac8432b7b3bf080c3b:a"
@@ -1155,10 +1156,9 @@ static void test_jwk_keys(void)
 	/* Acquired using another tool */
 	const char *pem_key =
 	  "-----BEGIN PUBLIC KEY-----\n"
-	  "MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgACKp0Y4+Wpt+D9t/2XenFIj0LmvaZB\n"
-	  "yLG69yOisek4aMI=\n"
+	  "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEKp0Y4+Wpt+D9t/2XenFIj0LmvaZB\n"
+	  "yLG69yOisek4aMLCMQ8HkGEflJE/DVwI3mCtassKmGtbX18IVHyntz07mg==\n"
 	  "-----END PUBLIC KEY-----";
-
 	test_begin("test_jwk_keys");
 	struct dcrypt_keypair pair;
 	buffer_t *pem = t_buffer_create(256);