From 20e669a65a86d397c82556deb87e7296261d384b Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Wed, 1 Apr 2020 18:16:24 +0200
Subject: [PATCH] New API

Add `wc_ecc_import_point_der_ex` for correct importing DER ECC point and keep `wc_ecc_import_point_der` old functionality
---
 src/ssl.c               | 21 ++++++++++++++++++---
 wolfcrypt/src/ecc.c     | 19 ++++++++++++++-----
 wolfcrypt/test/test.c   | 28 ++++++++++++++++++++++++++--
 wolfssl/wolfcrypt/ecc.h |  3 +++
 4 files changed, 61 insertions(+), 10 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 98db464a4..d05e6b6a8 100755
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -36609,11 +36609,26 @@ int wolfSSL_ECPoint_d2i(unsigned char *in, unsigned int len,
         return WOLFSSL_FAILURE;
     }
 
-    if (wc_ecc_import_point_der(in, len, group->curve_idx,
-                                (ecc_point*)p->internal) != MP_OKAY) {
-        WOLFSSL_MSG("wc_ecc_import_point_der failed");
+#ifndef HAVE_SELFTEST
+    if (wc_ecc_import_point_der_ex(in, len, group->curve_idx,
+                                   (ecc_point*)p->internal, 0) != MP_OKAY) {
+        WOLFSSL_MSG("wc_ecc_import_point_der_ex failed");
         return WOLFSSL_FAILURE;
     }
+#else
+    /* ECC_POINT_UNCOMP is not defined CAVP self test so use magic number */
+    if (in[0] == 0x04) {
+        if (wc_ecc_import_point_der(in, len, group->curve_idx,
+                                    (ecc_point*)p->internal) != MP_OKAY) {
+            WOLFSSL_MSG("wc_ecc_import_point_der failed");
+            return WOLFSSL_FAILURE;
+        }
+    }
+    else {
+        WOLFSSL_MSG("Only uncompressed points supported with HAVE_SELFTEST");
+        return WOLFSSL_FAILURE;
+    }
+#endif
 
     /* Set new external point */
     if (SetECPointExternal(p) != WOLFSSL_SUCCESS) {
diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c
index 92578c316..6b9957dc7 100644
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@@ -6284,9 +6284,10 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
 #endif /* HAVE_ECC_VERIFY */
 
 #ifdef HAVE_ECC_KEY_IMPORT
-/* import point from der */
-int wc_ecc_import_point_der(byte* in, word32 inLen, const int curve_idx,
-                            ecc_point* point)
+/* import point from der
+ * if shortKeySize != 0 then keysize is always (inLen-1)>>1 */
+int wc_ecc_import_point_der_ex(byte* in, word32 inLen, const int curve_idx,
+                               ecc_point* point, char shortKeySize)
 {
     int err = 0;
 #ifdef HAVE_COMP_KEY
@@ -6337,8 +6338,9 @@ int wc_ecc_import_point_der(byte* in, word32 inLen, const int curve_idx,
     inLen -= 1;
     in += 1;
 
-    /* calculate key size based on inLen / 2 if uncompressed */
-    keysize = compressed ? inLen : inLen>>1;
+    /* calculate key size based on inLen / 2 if uncompressed or shortKeySize
+     * is true */
+    keysize = compressed && !shortKeySize ? inLen : inLen>>1;
 
     /* read data */
     if (err == MP_OKAY)
@@ -6441,6 +6443,13 @@ int wc_ecc_import_point_der(byte* in, word32 inLen, const int curve_idx,
 
     return err;
 }
+
+/* function for backwards compatiblity with previous implementations */
+int wc_ecc_import_point_der(byte* in, word32 inLen, const int curve_idx,
+                            ecc_point* point)
+{
+    return wc_ecc_import_point_der_ex(in, inLen, curve_idx, point, 1);
+}
 #endif /* HAVE_ECC_KEY_IMPORT */
 
 #ifdef HAVE_ECC_KEY_EXPORT
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index a09206356..da5e8a5f8 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -19106,17 +19106,41 @@ static int ecc_point_test(void)
     }
 
 #ifdef HAVE_COMP_KEY
-    ret = wc_ecc_import_point_der(derComp0, sizeof(derComp0), curve_idx, point3);
+    ret = wc_ecc_import_point_der(derComp0, sizeof(derComp0)*2-1, curve_idx, point3);
     if (ret != 0) {
         ret = -9726;
         goto done;
     }
 
-    ret = wc_ecc_import_point_der(derComp1, sizeof(derComp1), curve_idx, point4);
+    ret = wc_ecc_import_point_der_ex(derComp0, sizeof(derComp0), curve_idx, point4, 0);
     if (ret != 0) {
         ret = -9727;
         goto done;
     }
+
+    ret = wc_ecc_cmp_point(point3, point4);
+    if (ret != MP_EQ) {
+        ret = -9728;
+        goto done;
+    }
+
+    ret = wc_ecc_import_point_der(derComp1, sizeof(derComp1)*2-1, curve_idx, point3);
+    if (ret != 0) {
+        ret = -9729;
+        goto done;
+    }
+
+    ret = wc_ecc_import_point_der_ex(derComp1, sizeof(derComp1), curve_idx, point4, 0);
+    if (ret != 0) {
+        ret = -9730;
+        goto done;
+    }
+
+    ret = wc_ecc_cmp_point(point3, point4);
+    if (ret != MP_EQ) {
+        ret = -9731;
+        goto done;
+    }
 #endif
 
 done:
diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h
index b606f577a..88e4460dc 100644
--- a/wolfssl/wolfcrypt/ecc.h
+++ b/wolfssl/wolfcrypt/ecc.h
@@ -649,6 +649,9 @@ int wc_ecc_export_point_der_compressed(const int curve_idx, ecc_point* point,
 
 #ifdef HAVE_ECC_KEY_IMPORT
 WOLFSSL_API
+int wc_ecc_import_point_der_ex(byte* in, word32 inLen, const int curve_idx,
+                               ecc_point* point, char shortKeySize);
+WOLFSSL_API
 int wc_ecc_import_point_der(byte* in, word32 inLen, const int curve_idx,
                             ecc_point* point);
 #endif /* HAVE_ECC_KEY_IMPORT */