Skip to content

Commit a2b3af0

Browse files
douzzerdouzzer
authored
Merge pull request #9339 from effbiae/EcMakeKey
refactor to EcMakeKey
2 parents 9c03160 + 1c8e788 commit a2b3af0

File tree

1 file changed

+98
-170
lines changed

1 file changed

+98
-170
lines changed

src/internal.c

Lines changed: 98 additions & 170 deletions
Original file line numberDiff line numberDiff line change
@@ -33296,6 +33296,97 @@ static void MakePSKPreMasterSecret(Arrays* arrays, byte use_psk_key)
3329633296
}
3329733297
#endif /*!NO_PSK*/
3329833298

33299+
#if (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448))
33300+
static int EcMakeKey(WOLFSSL* ssl)
33301+
{
33302+
int ret = 0;
33303+
#ifdef HAVE_ECC
33304+
int kea = ssl->specs.kea;
33305+
ecc_key* peerKey;
33306+
#endif
33307+
#ifdef HAVE_CURVE25519
33308+
if (ssl->peerX25519KeyPresent) {
33309+
/* Check client ECC public key */
33310+
if (!ssl->peerX25519Key || !ssl->peerX25519Key->dp) {
33311+
return NO_PEER_KEY;
33312+
}
33313+
/* if callback then use it for shared secret */
33314+
#ifdef HAVE_PK_CALLBACKS
33315+
if (ssl->ecdhCurveOID == ECC_X25519_OID) {
33316+
if (ssl->ctx->X25519SharedSecretCb != NULL)
33317+
return 0;
33318+
}
33319+
#endif
33320+
/* create private key */
33321+
ssl->hsType = DYNAMIC_TYPE_CURVE25519;
33322+
ret = AllocKey(ssl, (int)(ssl->hsType), &ssl->hsKey);
33323+
if (ret != 0) {
33324+
return ret;
33325+
}
33326+
ret = X25519MakeKey(ssl, (curve25519_key*)ssl->hsKey,
33327+
ssl->peerX25519Key);
33328+
return ret;
33329+
}
33330+
#endif
33331+
#ifdef HAVE_CURVE448
33332+
if (ssl->peerX448KeyPresent) {
33333+
/* Check client ECC public key */
33334+
if (!ssl->peerX448Key) {
33335+
return NO_PEER_KEY;
33336+
}
33337+
#ifdef HAVE_PK_CALLBACKS
33338+
if (ssl->ecdhCurveOID == ECC_X448_OID) {
33339+
if (ssl->ctx->X448SharedSecretCb != NULL)
33340+
return 0;
33341+
}
33342+
#endif
33343+
/* create private key */
33344+
ssl->hsType = DYNAMIC_TYPE_CURVE448;
33345+
ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
33346+
if (ret != 0) {
33347+
return ret;
33348+
}
33349+
ret = X448MakeKey(ssl, (curve448_key*)ssl->hsKey,
33350+
ssl->peerX448Key);
33351+
return ret;
33352+
}
33353+
#endif
33354+
#ifdef HAVE_ECC
33355+
if (kea == ecc_diffie_hellman_kea && ssl->specs.static_ecdh) {
33356+
/* Note: EccDsa is really fixed Ecc key here */
33357+
if (!ssl->peerEccDsaKey || !ssl->peerEccDsaKeyPresent) {
33358+
return NO_PEER_KEY;
33359+
}
33360+
peerKey = ssl->peerEccDsaKey;
33361+
}
33362+
else {
33363+
/* Check client ECC public key */
33364+
if (!ssl->peerEccKey || !ssl->peerEccKeyPresent ||
33365+
!ssl->peerEccKey->dp) {
33366+
return NO_PEER_KEY;
33367+
}
33368+
peerKey = ssl->peerEccKey;
33369+
}
33370+
if (peerKey == NULL) {
33371+
return NO_PEER_KEY;
33372+
}
33373+
#ifdef HAVE_PK_CALLBACKS
33374+
if (ssl->ctx->EccSharedSecretCb != NULL) {
33375+
return 0;
33376+
}
33377+
#endif /* HAVE_PK_CALLBACKS*/
33378+
/* create ephemeral private key */
33379+
ssl->hsType = DYNAMIC_TYPE_ECC;
33380+
ret = AllocKey(ssl, (int)(ssl->hsType), &ssl->hsKey);
33381+
if (ret != 0) {
33382+
return ret;
33383+
}
33384+
ret = EccMakeKey(ssl, (ecc_key*)ssl->hsKey, ssl->peerEccKey);
33385+
#endif /*HAVE_ECC*/
33386+
return ret;
33387+
}
33388+
#endif /*defined(HAVE_ECC)||defined(HAVE_CURVE25519)||defined(HAVE_CURVE448)*/
33389+
3329933390
/* handle generation client_key_exchange (16) */
3330033391
int SendClientKeyExchange(WOLFSSL* ssl)
3330133392
{
@@ -33409,181 +33500,18 @@ int SendClientKeyExchange(WOLFSSL* ssl)
3340933500
WOLFSSL_MSG("No client PSK callback set");
3341033501
ERROR_OUT(PSK_KEY_ERROR, exit_scke);
3341133502
}
33412-
33413-
#ifdef HAVE_CURVE25519
33414-
if (ssl->peerX25519KeyPresent) {
33415-
/* Check client ECC public key */
33416-
if (!ssl->peerX25519Key || !ssl->peerX25519Key->dp) {
33417-
ERROR_OUT(NO_PEER_KEY, exit_scke);
33418-
}
33419-
33420-
#ifdef HAVE_PK_CALLBACKS
33421-
/* if callback then use it for shared secret */
33422-
if (ssl->ctx->X25519SharedSecretCb != NULL) {
33423-
break;
33424-
}
33425-
#endif
33426-
33427-
/* create private key */
33428-
ssl->hsType = DYNAMIC_TYPE_CURVE25519;
33429-
ret = AllocKey(ssl, (int)(ssl->hsType), &ssl->hsKey);
33430-
if (ret != 0) {
33431-
goto exit_scke;
33432-
}
33433-
33434-
ret = X25519MakeKey(ssl, (curve25519_key*)ssl->hsKey,
33435-
ssl->peerX25519Key);
33436-
break;
33437-
}
33438-
#endif
33439-
#ifdef HAVE_CURVE448
33440-
if (ssl->peerX448KeyPresent) {
33441-
/* Check client ECC public key */
33442-
if (!ssl->peerX448Key) {
33443-
ERROR_OUT(NO_PEER_KEY, exit_scke);
33444-
}
33445-
33446-
#ifdef HAVE_PK_CALLBACKS
33447-
/* if callback then use it for shared secret */
33448-
if (ssl->ctx->X448SharedSecretCb != NULL) {
33449-
break;
33450-
}
33451-
#endif
33452-
33453-
/* create private key */
33454-
ssl->hsType = DYNAMIC_TYPE_CURVE448;
33455-
ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
33456-
if (ret != 0) {
33457-
goto exit_scke;
33458-
}
33459-
33460-
ret = X448MakeKey(ssl, (curve448_key*)ssl->hsKey,
33461-
ssl->peerX448Key);
33462-
break;
33463-
}
33464-
#endif
33465-
/* Check client ECC public key */
33466-
if (!ssl->peerEccKey || !ssl->peerEccKeyPresent ||
33467-
!ssl->peerEccKey->dp) {
33468-
ERROR_OUT(NO_PEER_KEY, exit_scke);
33469-
}
33470-
33471-
#ifdef HAVE_PK_CALLBACKS
33472-
/* if callback then use it for shared secret */
33473-
if (ssl->ctx->EccSharedSecretCb != NULL) {
33474-
break;
33475-
}
33476-
#endif
33477-
33478-
/* create ephemeral private key */
33479-
ssl->hsType = DYNAMIC_TYPE_ECC;
33480-
ret = AllocKey(ssl, (int)(ssl->hsType), &ssl->hsKey);
33481-
if (ret != 0) {
33482-
goto exit_scke;
33483-
}
33484-
33485-
ret = EccMakeKey(ssl, (ecc_key*)ssl->hsKey, ssl->peerEccKey);
33486-
33503+
ret = EcMakeKey(ssl);
33504+
if (ret)
33505+
ERROR_OUT(ret, exit_scke);
3348733506
break;
33488-
#endif /* (HAVE_ECC || HAVE_CURVE25519 || HAVE_CURVE448) && !NO_PSK */
33507+
#endif /* (HAVE_ECC||HAVE_CURVE25519||HAVE_CURVE448) && !NO_PSK */
3348933508
#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \
3349033509
defined(HAVE_CURVE448)
3349133510
case ecc_diffie_hellman_kea:
3349233511
{
33493-
#ifdef HAVE_ECC
33494-
ecc_key* peerKey;
33495-
#endif
33496-
33497-
#ifdef HAVE_PK_CALLBACKS
33498-
/* if callback then use it for shared secret */
33499-
#ifdef HAVE_CURVE25519
33500-
if (ssl->ecdhCurveOID == ECC_X25519_OID) {
33501-
if (ssl->ctx->X25519SharedSecretCb != NULL)
33502-
break;
33503-
}
33504-
else
33505-
#endif
33506-
#ifdef HAVE_CURVE448
33507-
if (ssl->ecdhCurveOID == ECC_X448_OID) {
33508-
if (ssl->ctx->X448SharedSecretCb != NULL)
33509-
break;
33510-
}
33511-
else
33512-
#endif
33513-
#ifdef HAVE_ECC
33514-
if (ssl->ctx->EccSharedSecretCb != NULL) {
33515-
break;
33516-
}
33517-
else
33518-
#endif
33519-
{
33520-
}
33521-
#endif /* HAVE_PK_CALLBACKS */
33522-
33523-
#ifdef HAVE_CURVE25519
33524-
if (ssl->peerX25519KeyPresent) {
33525-
if (!ssl->peerX25519Key || !ssl->peerX25519Key->dp) {
33526-
ERROR_OUT(NO_PEER_KEY, exit_scke);
33527-
}
33528-
33529-
/* create private key */
33530-
ssl->hsType = DYNAMIC_TYPE_CURVE25519;
33531-
ret = AllocKey(ssl, (int)(ssl->hsType), &ssl->hsKey);
33532-
if (ret != 0) {
33533-
goto exit_scke;
33534-
}
33535-
33536-
ret = X25519MakeKey(ssl, (curve25519_key*)ssl->hsKey,
33537-
ssl->peerX25519Key);
33538-
break;
33539-
}
33540-
#endif
33541-
#ifdef HAVE_CURVE448
33542-
if (ssl->peerX448KeyPresent) {
33543-
if (!ssl->peerX448Key) {
33544-
ERROR_OUT(NO_PEER_KEY, exit_scke);
33545-
}
33546-
33547-
/* create private key */
33548-
ssl->hsType = DYNAMIC_TYPE_CURVE448;
33549-
ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
33550-
if (ret != 0) {
33551-
goto exit_scke;
33552-
}
33553-
33554-
ret = X448MakeKey(ssl, (curve448_key*)ssl->hsKey,
33555-
ssl->peerX448Key);
33556-
break;
33557-
}
33558-
#endif
33559-
#ifdef HAVE_ECC
33560-
if (ssl->specs.static_ecdh) {
33561-
/* Note: EccDsa is really fixed Ecc key here */
33562-
if (!ssl->peerEccDsaKey || !ssl->peerEccDsaKeyPresent) {
33563-
ERROR_OUT(NO_PEER_KEY, exit_scke);
33564-
}
33565-
peerKey = ssl->peerEccDsaKey;
33566-
}
33567-
else {
33568-
if (!ssl->peerEccKey || !ssl->peerEccKeyPresent) {
33569-
ERROR_OUT(NO_PEER_KEY, exit_scke);
33570-
}
33571-
peerKey = ssl->peerEccKey;
33572-
}
33573-
if (peerKey == NULL) {
33574-
ERROR_OUT(NO_PEER_KEY, exit_scke);
33575-
}
33576-
33577-
/* create ephemeral private key */
33578-
ssl->hsType = DYNAMIC_TYPE_ECC;
33579-
ret = AllocKey(ssl, (int)ssl->hsType, &ssl->hsKey);
33580-
if (ret != 0) {
33581-
goto exit_scke;
33582-
}
33583-
33584-
ret = EccMakeKey(ssl, (ecc_key*)ssl->hsKey, peerKey);
33585-
#endif /* HAVE_ECC */
33586-
33512+
ret = EcMakeKey(ssl);
33513+
if (ret)
33514+
ERROR_OUT(ret, exit_scke);
3358733515
break;
3358833516
}
3358933517
#endif /* HAVE_ECC || HAVE_CURVE25519 || HAVE_CURVE448 */

0 commit comments

Comments
 (0)