Skip to content

Commit 1c8e788

Browse files
effbiaedgarske
effbiae
authored and
dgarske
committed
refactor to EcMakeKey
1 parent 85bfc49 commit 1c8e788

File tree

1 file changed

+98
-170
lines changed

1 file changed

+98
-170
lines changed

src/internal.c

Lines changed: 98 additions & 170 deletions
Original file line numberDiff line numberDiff line change
@@ -33250,6 +33250,97 @@ static void MakePSKPreMasterSecret(Arrays* arrays, byte use_psk_key)
3325033250
}
3325133251
#endif /*!NO_PSK*/
3325233252

33253+
#if (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448))
33254+
static int EcMakeKey(WOLFSSL* ssl)
33255+
{
33256+
int ret = 0;
33257+
#ifdef HAVE_ECC
33258+
int kea = ssl->specs.kea;
33259+
ecc_key* peerKey;
33260+
#endif
33261+
#ifdef HAVE_CURVE25519
33262+
if (ssl->peerX25519KeyPresent) {
33263+
/* Check client ECC public key */
33264+
if (!ssl->peerX25519Key || !ssl->peerX25519Key->dp) {
33265+
return NO_PEER_KEY;
33266+
}
33267+
/* if callback then use it for shared secret */
33268+
#ifdef HAVE_PK_CALLBACKS
33269+
if (ssl->ecdhCurveOID == ECC_X25519_OID) {
33270+
if (ssl->ctx->X25519SharedSecretCb != NULL)
33271+
return 0;
33272+
}
33273+
#endif
33274+
/* create private key */
33275+
ssl->hsType = DYNAMIC_TYPE_CURVE25519;
33276+
ret = AllocKey(ssl, (int)(ssl->hsType), &ssl->hsKey);
33277+
if (ret != 0) {
33278+
return ret;
33279+
}
33280+
ret = X25519MakeKey(ssl, (curve25519_key*)ssl->hsKey,
33281+
ssl->peerX25519Key);
33282+
return ret;
33283+
}
33284+
#endif
33285+
#ifdef HAVE_CURVE448
33286+
if (ssl->peerX448KeyPresent) {
33287+
/* Check client ECC public key */
33288+
if (!ssl->peerX448Key) {
33289+
return NO_PEER_KEY;
33290+
}
33291+
#ifdef HAVE_PK_CALLBACKS
33292+
if (ssl->ecdhCurveOID == ECC_X448_OID) {
33293+
if (ssl->ctx->X448SharedSecretCb != NULL)
33294+
return 0;
33295+
}
33296+
#endif
33297+
/* create private key */
33298+
ssl->hsType = DYNAMIC_TYPE_CURVE448;
33299+
ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
33300+
if (ret != 0) {
33301+
return ret;
33302+
}
33303+
ret = X448MakeKey(ssl, (curve448_key*)ssl->hsKey,
33304+
ssl->peerX448Key);
33305+
return ret;
33306+
}
33307+
#endif
33308+
#ifdef HAVE_ECC
33309+
if (kea == ecc_diffie_hellman_kea && ssl->specs.static_ecdh) {
33310+
/* Note: EccDsa is really fixed Ecc key here */
33311+
if (!ssl->peerEccDsaKey || !ssl->peerEccDsaKeyPresent) {
33312+
return NO_PEER_KEY;
33313+
}
33314+
peerKey = ssl->peerEccDsaKey;
33315+
}
33316+
else {
33317+
/* Check client ECC public key */
33318+
if (!ssl->peerEccKey || !ssl->peerEccKeyPresent ||
33319+
!ssl->peerEccKey->dp) {
33320+
return NO_PEER_KEY;
33321+
}
33322+
peerKey = ssl->peerEccKey;
33323+
}
33324+
if (peerKey == NULL) {
33325+
return NO_PEER_KEY;
33326+
}
33327+
#ifdef HAVE_PK_CALLBACKS
33328+
if (ssl->ctx->EccSharedSecretCb != NULL) {
33329+
return 0;
33330+
}
33331+
#endif /* HAVE_PK_CALLBACKS*/
33332+
/* create ephemeral private key */
33333+
ssl->hsType = DYNAMIC_TYPE_ECC;
33334+
ret = AllocKey(ssl, (int)(ssl->hsType), &ssl->hsKey);
33335+
if (ret != 0) {
33336+
return ret;
33337+
}
33338+
ret = EccMakeKey(ssl, (ecc_key*)ssl->hsKey, ssl->peerEccKey);
33339+
#endif /*HAVE_ECC*/
33340+
return ret;
33341+
}
33342+
#endif /*defined(HAVE_ECC)||defined(HAVE_CURVE25519)||defined(HAVE_CURVE448)*/
33343+
3325333344
/* handle generation client_key_exchange (16) */
3325433345
int SendClientKeyExchange(WOLFSSL* ssl)
3325533346
{
@@ -33363,181 +33454,18 @@ int SendClientKeyExchange(WOLFSSL* ssl)
3336333454
WOLFSSL_MSG("No client PSK callback set");
3336433455
ERROR_OUT(PSK_KEY_ERROR, exit_scke);
3336533456
}
33366-
33367-
#ifdef HAVE_CURVE25519
33368-
if (ssl->peerX25519KeyPresent) {
33369-
/* Check client ECC public key */
33370-
if (!ssl->peerX25519Key || !ssl->peerX25519Key->dp) {
33371-
ERROR_OUT(NO_PEER_KEY, exit_scke);
33372-
}
33373-
33374-
#ifdef HAVE_PK_CALLBACKS
33375-
/* if callback then use it for shared secret */
33376-
if (ssl->ctx->X25519SharedSecretCb != NULL) {
33377-
break;
33378-
}
33379-
#endif
33380-
33381-
/* create private key */
33382-
ssl->hsType = DYNAMIC_TYPE_CURVE25519;
33383-
ret = AllocKey(ssl, (int)(ssl->hsType), &ssl->hsKey);
33384-
if (ret != 0) {
33385-
goto exit_scke;
33386-
}
33387-
33388-
ret = X25519MakeKey(ssl, (curve25519_key*)ssl->hsKey,
33389-
ssl->peerX25519Key);
33390-
break;
33391-
}
33392-
#endif
33393-
#ifdef HAVE_CURVE448
33394-
if (ssl->peerX448KeyPresent) {
33395-
/* Check client ECC public key */
33396-
if (!ssl->peerX448Key) {
33397-
ERROR_OUT(NO_PEER_KEY, exit_scke);
33398-
}
33399-
33400-
#ifdef HAVE_PK_CALLBACKS
33401-
/* if callback then use it for shared secret */
33402-
if (ssl->ctx->X448SharedSecretCb != NULL) {
33403-
break;
33404-
}
33405-
#endif
33406-
33407-
/* create private key */
33408-
ssl->hsType = DYNAMIC_TYPE_CURVE448;
33409-
ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
33410-
if (ret != 0) {
33411-
goto exit_scke;
33412-
}
33413-
33414-
ret = X448MakeKey(ssl, (curve448_key*)ssl->hsKey,
33415-
ssl->peerX448Key);
33416-
break;
33417-
}
33418-
#endif
33419-
/* Check client ECC public key */
33420-
if (!ssl->peerEccKey || !ssl->peerEccKeyPresent ||
33421-
!ssl->peerEccKey->dp) {
33422-
ERROR_OUT(NO_PEER_KEY, exit_scke);
33423-
}
33424-
33425-
#ifdef HAVE_PK_CALLBACKS
33426-
/* if callback then use it for shared secret */
33427-
if (ssl->ctx->EccSharedSecretCb != NULL) {
33428-
break;
33429-
}
33430-
#endif
33431-
33432-
/* create ephemeral private key */
33433-
ssl->hsType = DYNAMIC_TYPE_ECC;
33434-
ret = AllocKey(ssl, (int)(ssl->hsType), &ssl->hsKey);
33435-
if (ret != 0) {
33436-
goto exit_scke;
33437-
}
33438-
33439-
ret = EccMakeKey(ssl, (ecc_key*)ssl->hsKey, ssl->peerEccKey);
33440-
33457+
ret = EcMakeKey(ssl);
33458+
if (ret)
33459+
ERROR_OUT(ret, exit_scke);
3344133460
break;
33442-
#endif /* (HAVE_ECC || HAVE_CURVE25519 || HAVE_CURVE448) && !NO_PSK */
33461+
#endif /* (HAVE_ECC||HAVE_CURVE25519||HAVE_CURVE448) && !NO_PSK */
3344333462
#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \
3344433463
defined(HAVE_CURVE448)
3344533464
case ecc_diffie_hellman_kea:
3344633465
{
33447-
#ifdef HAVE_ECC
33448-
ecc_key* peerKey;
33449-
#endif
33450-
33451-
#ifdef HAVE_PK_CALLBACKS
33452-
/* if callback then use it for shared secret */
33453-
#ifdef HAVE_CURVE25519
33454-
if (ssl->ecdhCurveOID == ECC_X25519_OID) {
33455-
if (ssl->ctx->X25519SharedSecretCb != NULL)
33456-
break;
33457-
}
33458-
else
33459-
#endif
33460-
#ifdef HAVE_CURVE448
33461-
if (ssl->ecdhCurveOID == ECC_X448_OID) {
33462-
if (ssl->ctx->X448SharedSecretCb != NULL)
33463-
break;
33464-
}
33465-
else
33466-
#endif
33467-
#ifdef HAVE_ECC
33468-
if (ssl->ctx->EccSharedSecretCb != NULL) {
33469-
break;
33470-
}
33471-
else
33472-
#endif
33473-
{
33474-
}
33475-
#endif /* HAVE_PK_CALLBACKS */
33476-
33477-
#ifdef HAVE_CURVE25519
33478-
if (ssl->peerX25519KeyPresent) {
33479-
if (!ssl->peerX25519Key || !ssl->peerX25519Key->dp) {
33480-
ERROR_OUT(NO_PEER_KEY, exit_scke);
33481-
}
33482-
33483-
/* create private key */
33484-
ssl->hsType = DYNAMIC_TYPE_CURVE25519;
33485-
ret = AllocKey(ssl, (int)(ssl->hsType), &ssl->hsKey);
33486-
if (ret != 0) {
33487-
goto exit_scke;
33488-
}
33489-
33490-
ret = X25519MakeKey(ssl, (curve25519_key*)ssl->hsKey,
33491-
ssl->peerX25519Key);
33492-
break;
33493-
}
33494-
#endif
33495-
#ifdef HAVE_CURVE448
33496-
if (ssl->peerX448KeyPresent) {
33497-
if (!ssl->peerX448Key) {
33498-
ERROR_OUT(NO_PEER_KEY, exit_scke);
33499-
}
33500-
33501-
/* create private key */
33502-
ssl->hsType = DYNAMIC_TYPE_CURVE448;
33503-
ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
33504-
if (ret != 0) {
33505-
goto exit_scke;
33506-
}
33507-
33508-
ret = X448MakeKey(ssl, (curve448_key*)ssl->hsKey,
33509-
ssl->peerX448Key);
33510-
break;
33511-
}
33512-
#endif
33513-
#ifdef HAVE_ECC
33514-
if (ssl->specs.static_ecdh) {
33515-
/* Note: EccDsa is really fixed Ecc key here */
33516-
if (!ssl->peerEccDsaKey || !ssl->peerEccDsaKeyPresent) {
33517-
ERROR_OUT(NO_PEER_KEY, exit_scke);
33518-
}
33519-
peerKey = ssl->peerEccDsaKey;
33520-
}
33521-
else {
33522-
if (!ssl->peerEccKey || !ssl->peerEccKeyPresent) {
33523-
ERROR_OUT(NO_PEER_KEY, exit_scke);
33524-
}
33525-
peerKey = ssl->peerEccKey;
33526-
}
33527-
if (peerKey == NULL) {
33528-
ERROR_OUT(NO_PEER_KEY, exit_scke);
33529-
}
33530-
33531-
/* create ephemeral private key */
33532-
ssl->hsType = DYNAMIC_TYPE_ECC;
33533-
ret = AllocKey(ssl, (int)ssl->hsType, &ssl->hsKey);
33534-
if (ret != 0) {
33535-
goto exit_scke;
33536-
}
33537-
33538-
ret = EccMakeKey(ssl, (ecc_key*)ssl->hsKey, peerKey);
33539-
#endif /* HAVE_ECC */
33540-
33466+
ret = EcMakeKey(ssl);
33467+
if (ret)
33468+
ERROR_OUT(ret, exit_scke);
3354133469
break;
3354233470
}
3354333471
#endif /* HAVE_ECC || HAVE_CURVE25519 || HAVE_CURVE448 */

0 commit comments

Comments
 (0)