Allow passing priv and pub parameters when creating EC pkey

anakinj · anakinj · commit c85f7a176c2b · 2022-12-28T20:54:28.000+02:00
diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c
@@ -439,11 +439,27 @@ add_ec_parameters_to_builder(VALUE key, VALUE value, VALUE arg) {
 
     const char * key_ptr = StringValueCStr(key);
 
-    if(strcmp(OSSL_PKEY_PARAM_GROUP_NAME, key_ptr) == 0)
-        if(!OSSL_PARAM_BLD_push_utf8_string(params_builder, key_ptr, StringValueCStr(value), 0))
+    if(strcmp(OSSL_PKEY_PARAM_GROUP_NAME, key_ptr) == 0) {
+        StringValue(value);
+        if(!OSSL_PARAM_BLD_push_utf8_string(params_builder, key_ptr, RSTRING_PTR(value), RSTRING_LENINT(value)))
             ossl_raise(ePKeyError, "OSSL_PARAM_BLD_push_utf8_string");
+        return ST_CONTINUE;
+    }
 
-    return ST_CONTINUE;
+    if(strcmp(OSSL_PKEY_PARAM_PUB_KEY, key_ptr) == 0) {
+        StringValue(value);
+        if(!OSSL_PARAM_BLD_push_octet_string(params_builder, OSSL_PKEY_PARAM_PUB_KEY, RSTRING_PTR(value), RSTRING_LENINT(value)))
+            ossl_raise(ePKeyError, "OSSL_PARAM_BLD_push_octet_string");
+        return ST_CONTINUE;
+    }
+
+    if(strcmp(OSSL_PKEY_PARAM_PRIV_KEY, key_ptr) == 0) {
+        if(!OSSL_PARAM_BLD_push_BN(params_builder, OSSL_PKEY_PARAM_PRIV_KEY, GetBNPtr(value))) // unsigned integer, but presented as BN will work just fine
+            ossl_raise(ePKeyError, "OSSL_PARAM_BLD_push_octet_string");
+        return ST_CONTINUE;
+    }
+
+    ossl_raise(ePKeyError, "Unsupported EC parameter \"%s\"", key_ptr);
 }
 
 static int
diff --git a/test/openssl/test_pkey.rb b/test/openssl/test_pkey.rb
@@ -267,12 +267,52 @@ def test_from_parameters_with_invalid_alg
       assert_equal e.message, '"ASR" is not a supported algorithm'
     end
 
-    def test_ec_from_parameters_with_minimal_data
+    def test_ec_from_parameters_pub_given_as_string
       source  = OpenSSL::PKey::EC.generate("prime256v1")
+      new_key = OpenSSL::PKey.from_parameters("EC", { group: source.group.curve_name,
+                                                      pub: source.public_key.to_bn.to_s(2) })
+      assert_instance_of OpenSSL::PKey::EC, new_key
+      assert_equal source.group.curve_name, new_key.group.curve_name
+      assert_equal source.public_key, new_key.public_key
+      assert_equal nil, new_key.private_key
+    end
 
-      new_key = OpenSSL::PKey.from_parameters("EC", { group: source.group.curve_name })
+    def test_ec_from_parameters_priv_given_as_bn
+      source  = OpenSSL::PKey::EC.generate("prime256v1")
+      new_key = OpenSSL::PKey.from_parameters("EC", { group: source.group.curve_name,
+                                                      priv: source.private_key.to_bn })
       assert_instance_of OpenSSL::PKey::EC, new_key
       assert_equal source.group.curve_name, new_key.group.curve_name
+      assert_equal source.private_key, new_key.private_key
+      assert_equal nil, new_key.public_key
+    end
+
+    def test_ec_from_parameters_priv_given_as_integer
+      source  = OpenSSL::PKey::EC.generate("prime256v1")
+      new_key = OpenSSL::PKey.from_parameters("EC", { group: source.group.curve_name,
+                                                      priv: source.private_key.to_i })
+      assert_instance_of OpenSSL::PKey::EC, new_key
+      assert_equal source.group.curve_name, new_key.group.curve_name
+      assert_equal source.private_key, new_key.private_key
+      assert_equal nil, new_key.public_key
+    end
+
+    def test_ec_from_parameters_priv_and_pub_given_for_different_curves
+      ["prime256v1", "secp256k1", "secp384r1", "secp521r1"].each do |curve|
+        source  = OpenSSL::PKey::EC.generate(curve)
+        new_key = OpenSSL::PKey.from_parameters("EC", { group: source.group.curve_name,
+                                                        pub: source.public_key.to_bn.to_s(2),
+                                                        priv: source.private_key.to_i })
+        assert_instance_of OpenSSL::PKey::EC, new_key
+        assert_equal source.group.curve_name, new_key.group.curve_name
+        assert_equal source.private_key, new_key.private_key
+        assert_equal source.public_key, new_key.public_key
+      end
+    end
+
+    def test_ec_from_parameters_pub_given_as_integer
+      e = assert_raise(TypeError) { OpenSSL::PKey.from_parameters("EC", { group: "prime256v1", pub: 12345 }) }
+      assert_equal "no implicit conversion of Integer into String", e.message
     end
   else
     def test_from_parameter_raises_on_pre_3_openssl
