Merge pull request #1120 from JacobBarthelmeh/Testing

fix creating shared secret with ECC private only key
2025-08-03 12:44:45 +02:00 · 2017-08-30 11:02:14 -07:00
parent 1ba77e4306 3dbe5d2af9
commit 9aef8a91fd
3 changed files with 48 additions and 5 deletions
--- a/src/internal.c
+++ b/src/internal.c
@@ -19610,7 +19610,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
        }

        /* Return the maximum signature length. */
-        *length = wc_ecc_sig_size((ecc_key*)ssl->hsKey);
+        *length = (word16)wc_ecc_sig_size((ecc_key*)ssl->hsKey);

        goto exit_dpk;
    }
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@@ -2689,7 +2689,8 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
   }

   /* type valid? */
-   if (private_key->type != ECC_PRIVATEKEY) {
+   if (private_key->type != ECC_PRIVATEKEY &&
+           private_key->type != ECC_PRIVATEKEY_ONLY) {
      return ECC_BAD_ARG_E;
   }

@@ -2879,7 +2880,8 @@ int wc_ecc_shared_secret_ex(ecc_key* private_key, ecc_point* point,
    }

    /* type valid? */
-    if (private_key->type != ECC_PRIVATEKEY) {
+    if (private_key->type != ECC_PRIVATEKEY &&
+            private_key->type != ECC_PRIVATEKEY_ONLY) {
        return ECC_BAD_ARG_E;
    }

@@ -3008,9 +3010,9 @@ static int wc_ecc_make_pub_ex(ecc_key* key, ecc_curve_spec* curveIn,
 {
    int err = MP_OKAY;
 #ifndef WOLFSSL_ATECC508A
-    ecc_point*     base = NULL;
-    DECLARE_CURVE_SPECS(ECC_CURVE_FIELD_COUNT)
+    ecc_point* base = NULL;
    ecc_point* pub;
+    DECLARE_CURVE_SPECS(ECC_CURVE_FIELD_COUNT)
 #endif

    if (key == NULL) {
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -10591,6 +10591,47 @@ static int ecc_test_make_pub(WC_RNG* rng)

 #endif /* HAVE_ECC_SIGN */

+#if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT)
+    /* now test private only key with creating a shared secret */
+    {
+        ecc_key pub;
+
+        x = sizeof(exportBuf);
+        ret = wc_ecc_export_private_only(&key, exportBuf, &x);
+        if (ret != 0)
+            goto exit_ecc_make_pub;
+
+        /* make private only key */
+        wc_ecc_free(&key);
+        wc_ecc_init(&key);
+        ret = wc_ecc_import_private_key(exportBuf, x, NULL, 0, &key);
+        if (ret != 0)
+            goto exit_ecc_make_pub;
+
+        /* check that public export fails with private only key */
+        x = sizeof(exportBuf);
+        ret = wc_ecc_export_x963_ex(&key, exportBuf, &x, 0);
+        if (ret == 0) {
+            ret = -6008;
+            goto exit_ecc_make_pub;
+        }
+
+        /* make public key for shared secret */
+        wc_ecc_init(&pub);
+        ret = wc_ecc_make_key(rng, 32, &pub);
+        if (ret != 0)
+            goto exit_ecc_make_pub;
+
+        x = sizeof(exportBuf);
+        ret = wc_ecc_shared_secret(&key, &pub, exportBuf, &x);
+        if (ret != 0) {
+            wc_ecc_free(&pub);
+            goto exit_ecc_make_pub;
+        }
+
+        wc_ecc_free(&pub);
+    }
+#endif /* defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT) */
 exit_ecc_make_pub:

    wc_ecc_del_point_h(pubPoint, HEAP_HINT);