fix creating shared secret with ECC private only key

2017-08-24 17:05:17 -06:00 · 2017-08-24 17:05:17 -06:00 · a308a56044
commit a308a56044
parent 59358fd91d
2 changed files with 45 additions and 2 deletions
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@ -2689,7 +2689,8 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
   }

   /* type valid? */
-   if (private_key->type != ECC_PRIVATEKEY) {
+   if (private_key->type != ECC_PRIVATEKEY &&
+           private_key->type != ECC_PRIVATEKEY_ONLY) {
      return ECC_BAD_ARG_E;
   }

@ -2879,7 +2880,8 @@ int wc_ecc_shared_secret_ex(ecc_key* private_key, ecc_point* point,
    }

    /* type valid? */
-    if (private_key->type != ECC_PRIVATEKEY) {
+    if (private_key->type != ECC_PRIVATEKEY &&
+            private_key->type != ECC_PRIVATEKEY_ONLY) {
        return ECC_BAD_ARG_E;
    }

--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@ -10591,6 +10591,47 @@ static int ecc_test_make_pub(WC_RNG* rng)

 #endif /* HAVE_ECC_SIGN */

+#if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT)
+    /* now test private only key with creating a shared secret */
+    {
+        ecc_key pub;
+
+        x = sizeof(exportBuf);
+        ret = wc_ecc_export_private_only(&key, exportBuf, &x);
+        if (ret != 0)
+            goto exit_ecc_make_pub;
+
+        /* make private only key */
+        wc_ecc_free(&key);
+        wc_ecc_init(&key);
+        ret = wc_ecc_import_private_key(exportBuf, x, NULL, 0, &key);
+        if (ret != 0)
+            goto exit_ecc_make_pub;
+
+        /* check that public export fails with private only key */
+        x = sizeof(exportBuf);
+        ret = wc_ecc_export_x963_ex(&key, exportBuf, &x, 0);
+        if (ret == 0) {
+            ret = -6008;
+            goto exit_ecc_make_pub;
+        }
+
+        /* make public key for shared secret */
+        wc_ecc_init(&pub);
+        ret = wc_ecc_make_key(rng, 32, &pub);
+        if (ret != 0)
+            goto exit_ecc_make_pub;
+
+        x = sizeof(exportBuf);
+        ret = wc_ecc_shared_secret(&key, &pub, exportBuf, &x);
+        if (ret != 0) {
+            wc_ecc_free(&pub);
+            goto exit_ecc_make_pub;
+        }
+
+        wc_ecc_free(&pub);
+    }
+#endif /* defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT) */
 exit_ecc_make_pub:

    wc_ecc_del_point_h(pubPoint, HEAP_HINT);