latchset · simo5 · Jul 22, 2024 · Jul 8, 2024
diff --git a/src/exchange.c b/src/exchange.c
@@ -247,7 +247,7 @@ static int p11prov_ecdh_derive(void *ctx, unsigned char *secret,
         }
     }
 
-    ec_point = p11prov_obj_get_attr(ecdhctx->peer_key, CKA_EC_POINT);
+    ec_point = p11prov_obj_get_ec_public_raw(ecdhctx->peer_key);
     if (ec_point == NULL) {
         return RET_OSSL_ERR;
     }

diff --git a/src/objects.c b/src/objects.c
@@ -2175,6 +2175,65 @@ int p11prov_obj_get_ec_public_x_y(P11PROV_OBJ *obj, CK_ATTRIBUTE **pub_x,
     return ret;
 }
 
+CK_ATTRIBUTE *p11prov_obj_get_ec_public_raw(P11PROV_OBJ *key)
+{
+    CK_ATTRIBUTE *pub_key;
+
+    if (!key) {
+        return RET_OSSL_ERR;
+    }
+
+    if (key->data.key.type != CKK_EC) {
+        P11PROV_raise(key->ctx, CKR_GENERAL_ERROR, "Unsupported key type");
+        return RET_OSSL_ERR;
+    }
+
+    if (key->class != CKO_PRIVATE_KEY && key->class != CKO_PUBLIC_KEY) {
+        P11PROV_raise(key->ctx, CKR_GENERAL_ERROR, "Invalid Object Class");
+        return RET_OSSL_ERR;
+    }
+
+    pub_key = p11prov_obj_get_attr(key, CKA_P11PROV_PUB_KEY);
+    if (!pub_key) {
+        CK_ATTRIBUTE *ec_point;
+
+        ec_point = p11prov_obj_get_attr(key, CKA_EC_POINT);
+        if (ec_point) {
+            const unsigned char *val;
+            ASN1_OCTET_STRING *octet;
+            void *tmp_ptr;
+
+            val = ec_point->pValue;
+            octet = d2i_ASN1_OCTET_STRING(NULL, (const unsigned char **)&val,
+                                          ec_point->ulValueLen);
+            if (!octet) {
+                P11PROV_raise(key->ctx, CKR_KEY_INDIGESTIBLE,
+                              "Failed to decode CKA_EC_POINT");
+                return NULL;
+            }
+            tmp_ptr = OPENSSL_realloc(key->attrs, sizeof(CK_ATTRIBUTE)
+                                                      * (key->numattrs + 1));
+            if (!tmp_ptr) {
+                P11PROV_raise(key->ctx, CKR_HOST_MEMORY,
+                              "Failed to allocate memory key attributes");
+                return NULL;
+            }
+            key->attrs = tmp_ptr;
+
+            CKATTR_ASSIGN(key->attrs[key->numattrs], CKA_P11PROV_PUB_KEY,
+                          octet->data, octet->length);
+            key->numattrs++;
+
+            pub_key = &key->attrs[key->numattrs - 1];
+        }
+    }
+
+    if (!pub_key) {
+        P11PROV_debug("ECC Public Point not found");
+    }
+    return pub_key;
+}
+
 static int cmp_attr(P11PROV_OBJ *key1, P11PROV_OBJ *key2,
                     CK_ATTRIBUTE_TYPE attr)
 {

diff --git a/src/objects.h b/src/objects.h
@@ -55,6 +55,7 @@ int p11prov_obj_export_public_key(P11PROV_OBJ *obj, CK_KEY_TYPE key_type,
 int p11prov_obj_get_ec_public_x_y(P11PROV_OBJ *obj, CK_ATTRIBUTE **pub_x,
                                   CK_ATTRIBUTE **pub_y);
 int p11prov_obj_get_ed_pub_key(P11PROV_OBJ *obj, CK_ATTRIBUTE **pub);
+CK_ATTRIBUTE *p11prov_obj_get_ec_public_raw(P11PROV_OBJ *key);
 
 #define OBJ_CMP_KEY_TYPE 0x00
 #define OBJ_CMP_KEY_PUBLIC 0x01

diff --git a/tests/meson.build b/tests/meson.build
@@ -120,7 +120,7 @@ tests = {
   'certs': {'suites': ['softokn', 'softhsm', 'kryoptic']},
   'ecc': {'suites': ['softokn', 'softhsm', 'kryoptic']},
   'edwards': {'suites': ['softhsm']},
-  'ecdh': {'suites': ['softokn']},
+  'ecdh': {'suites': ['softokn', 'kryoptic']},
   'democa': {'suites': ['softokn', 'softhsm', 'kryoptic'], 'is_parallel': false},
   'digest': {'suites': ['softokn', 'softhsm', 'kryoptic']},
   'fork': {'suites': ['softokn', 'softhsm', 'kryoptic']},