[compat] add PKey::EC#derive and fix nil group

kares · kares · commit f67c0afddf84 · 2026-03-06T13:50:10.000+01:00
diff --git a/src/main/java/org/jruby/ext/openssl/PKeyEC.java b/src/main/java/org/jruby/ext/openssl/PKeyEC.java
@@ -597,6 +597,20 @@ public IRubyObject dh_compute_key(final ThreadContext context, final IRubyObject
         }
     }
 
+    // derive(peer_key) -- computes the ECDH shared secret with a peer EC public key.
+    // Equivalent to dh_compute_key(peer_key.public_key).
+    @JRubyMethod(name = "derive")
+    public IRubyObject derive(final ThreadContext context, final IRubyObject peer) {
+        if (!(peer instanceof PKeyEC)) {
+            throw context.runtime.newTypeError(peer, _EC(context.runtime));
+        }
+        final IRubyObject peerPublicKey = ((PKeyEC) peer).public_key(context);
+        if (peerPublicKey.isNil()) {
+            throw newECError(context.runtime, "no public key");
+        }
+        return dh_compute_key(context, peerPublicKey);
+    }
+
     @JRubyMethod
     public IRubyObject oid() {
         return getRuntime().newString("id-ecPublicKey");
@@ -617,8 +631,8 @@ public IRubyObject group(ThreadContext context) {
         Group group = this.group;
         if (group != null) return group;
 
-        if (publicKey == null && publicKey == null) {
-            return context.nil; // PKey::EC.new
+        if (getCurveName() == null) {
+            return context.nil; // PKey::EC.new with no args / no curve configured
         }
         group = getGroup(false);
         return group == null ? context.nil : group;
diff --git a/src/test/ruby/ec/test_ec.rb b/src/test/ruby/ec/test_ec.rb
@@ -432,6 +432,24 @@ def test_sign_verify
     assert_equal false, p256.verify("SHA256", signature1, data)
   end
 
+  def test_derive_key
+    # NIST CAVP, KAS_ECC_CDH_PrimitiveTest.txt, P-256 COUNT = 0
+    qCAVSx = "700c48f77f56584c5cc632ca65640db91b6bacce3a4df6b42ce7cc838833d287"
+    qCAVSy = "db71e509e3fd9b060ddb20ba5c51dcc5948d46fbf640dfe0441782cab85fa4ac"
+    dIUT   = "7d7dc5f71eb29ddaf80d6214632eeae03d9058af1fb6d22ed80badb62bc1a534"
+    zIUT   = "46fc62106420ff012e54a434fbdd2d25ccc5852060561e68040dd7778997bd7b"
+
+    a = OpenSSL::PKey::EC.new("prime256v1")
+    a.private_key = OpenSSL::BN.new(dIUT, 16)
+
+    b = OpenSSL::PKey::EC.new("prime256v1")
+    uncompressed = OpenSSL::BN.new("04" + qCAVSx + qCAVSy, 16)
+    b.public_key = OpenSSL::PKey::EC::Point.new(b.group, uncompressed)
+
+    assert_equal [zIUT].pack("H*"), a.derive(b)
+    assert_equal a.derive(b), a.dh_compute_key(b.public_key)
+  end
+
   def test_ec_group
     group1 = OpenSSL::PKey::EC::Group.new("prime256v1")
     key1 = OpenSSL::PKey::EC.new(group1)
