mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-08-03 20:54:41 +02:00
Updated EccSharedSecret callback to use ecc_key* peer directly. Passes examples with "-P" tests and new pkcallback test script.
This commit is contained in:
David Garske
@@ -2970,13 +2970,12 @@ int EccVerify(WOLFSSL* ssl, const byte* in, word32 inSz, const byte* out,
|
|||||||
* Client side: returns peer key
|
* Client side: returns peer key
|
||||||
* Server side: returns private key
|
* Server side: returns private key
|
||||||
*/
|
*/
|
||||||
static int EccGetKey(WOLFSSL* ssl, byte* otherKeyDer,
|
static int EccGetKey(WOLFSSL* ssl, ecc_key** otherKey)
|
||||||
word32* otherKeySz, word32* otherKeyId)
|
|
||||||
{
|
{
|
||||||
int ret = NO_PEER_KEY;
|
int ret = NO_PEER_KEY;
|
||||||
ecc_key* otherKey = NULL;
|
ecc_key* tmpKey = NULL;
|
||||||
|
|
||||||
if (ssl == NULL || otherKeyDer == NULL || otherKeySz == NULL) {
|
if (ssl == NULL || otherKey == NULL) {
|
||||||
return BAD_FUNC_ARG;
|
return BAD_FUNC_ARG;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -2986,14 +2985,14 @@ int EccVerify(WOLFSSL* ssl, const byte* in, word32 inSz, const byte* out,
|
|||||||
!ssl->peerEccDsaKey->dp) {
|
!ssl->peerEccDsaKey->dp) {
|
||||||
return NO_PEER_KEY;
|
return NO_PEER_KEY;
|
||||||
}
|
}
|
||||||
otherKey = (struct ecc_key*)ssl->peerEccDsaKey;
|
tmpKey = (struct ecc_key*)ssl->peerEccDsaKey;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
if (!ssl->peerEccKey || !ssl->peerEccKeyPresent ||
|
if (!ssl->peerEccKey || !ssl->peerEccKeyPresent ||
|
||||||
!ssl->peerEccKey->dp) {
|
!ssl->peerEccKey->dp) {
|
||||||
return NO_PEER_KEY;
|
return NO_PEER_KEY;
|
||||||
}
|
}
|
||||||
otherKey = (struct ecc_key*)ssl->peerEccKey;
|
tmpKey = (struct ecc_key*)ssl->peerEccKey;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else if (ssl->options.side == WOLFSSL_SERVER_END) {
|
else if (ssl->options.side == WOLFSSL_SERVER_END) {
|
||||||
@@ -3001,20 +3000,19 @@ int EccVerify(WOLFSSL* ssl, const byte* in, word32 inSz, const byte* out,
|
|||||||
if (ssl->sigKey == NULL) {
|
if (ssl->sigKey == NULL) {
|
||||||
return NO_PRIVATE_KEY;
|
return NO_PRIVATE_KEY;
|
||||||
}
|
}
|
||||||
otherKey = (struct ecc_key*)ssl->sigKey;
|
tmpKey = (struct ecc_key*)ssl->sigKey;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
if (!ssl->eccTempKeyPresent) {
|
if (!ssl->eccTempKeyPresent) {
|
||||||
return NO_PRIVATE_KEY;
|
return NO_PRIVATE_KEY;
|
||||||
}
|
}
|
||||||
otherKey = (struct ecc_key*)ssl->eccTempKey;
|
tmpKey = (struct ecc_key*)ssl->eccTempKey;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (otherKey) {
|
if (tmpKey) {
|
||||||
ret = wc_ecc_export_x963(otherKey, otherKeyDer, otherKeySz);
|
*otherKey = tmpKey;
|
||||||
if (otherKeyId)
|
ret = 0;
|
||||||
*otherKeyId = otherKey->dp->id;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
@@ -3037,14 +3035,12 @@ int EccSharedSecret(WOLFSSL* ssl, ecc_key* priv_key, ecc_key* pub_key,
|
|||||||
|
|
||||||
#ifdef HAVE_PK_CALLBACKS
|
#ifdef HAVE_PK_CALLBACKS
|
||||||
if (ssl->ctx->EccSharedSecretCb) {
|
if (ssl->ctx->EccSharedSecretCb) {
|
||||||
byte* otherKeyDer = NULL;
|
ecc_key* otherKey = NULL;
|
||||||
word32 otherKeySz = 0;
|
|
||||||
word32 otherKeyId = ECC_CURVE_DEF;
|
|
||||||
|
|
||||||
ret = EccGetKey(ssl, otherKeyDer, &otherKeySz, &otherKeyId);
|
ret = EccGetKey(ssl, &otherKey);
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
ret = ssl->ctx->EccSharedSecretCb(ssl, otherKeyDer, otherKeySz,
|
ret = ssl->ctx->EccSharedSecretCb(ssl, otherKey, pubKeyDer,
|
||||||
otherKeyId, pubKeyDer, pubKeySz, out, outlen, side, ctx);
|
pubKeySz, out, outlen, side, ctx);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
|||||||
@@ -1341,9 +1341,8 @@ WOLFSSL_API void wolfSSL_CTX_SetEccVerifyCb(WOLFSSL_CTX*, CallbackEccVerify);
|
|||||||
WOLFSSL_API void wolfSSL_SetEccVerifyCtx(WOLFSSL* ssl, void *ctx);
|
WOLFSSL_API void wolfSSL_SetEccVerifyCtx(WOLFSSL* ssl, void *ctx);
|
||||||
WOLFSSL_API void* wolfSSL_GetEccVerifyCtx(WOLFSSL* ssl);
|
WOLFSSL_API void* wolfSSL_GetEccVerifyCtx(WOLFSSL* ssl);
|
||||||
|
|
||||||
typedef int (*CallbackEccSharedSecret)(WOLFSSL* ssl,
|
struct ecc_key;
|
||||||
const unsigned char* otherKeyDer, unsigned int otherKeySz,
|
typedef int (*CallbackEccSharedSecret)(WOLFSSL* ssl, struct ecc_key* otherKey,
|
||||||
unsigned int otherKeyId,
|
|
||||||
unsigned char* pubKeyDer, unsigned int* pubKeySz,
|
unsigned char* pubKeyDer, unsigned int* pubKeySz,
|
||||||
unsigned char* out, unsigned int* outlen,
|
unsigned char* out, unsigned int* outlen,
|
||||||
int side, void* ctx); /* side is WOLFSSL_CLIENT_END or WOLFSSL_SERVER_END */
|
int side, void* ctx); /* side is WOLFSSL_CLIENT_END or WOLFSSL_SERVER_END */
|
||||||
|
|||||||
@@ -1705,52 +1705,44 @@ static INLINE int myEccVerify(WOLFSSL* ssl, const byte* sig, word32 sigSz,
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
static INLINE int myEccSharedSecret(WOLFSSL* ssl,
|
static INLINE int myEccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
|
||||||
const unsigned char* otherKeyDer, unsigned int otherKeySz,
|
|
||||||
unsigned int otherKeyId,
|
|
||||||
unsigned char* pubKeyDer, unsigned int* pubKeySz,
|
unsigned char* pubKeyDer, unsigned int* pubKeySz,
|
||||||
unsigned char* out, unsigned int* outlen,
|
unsigned char* out, unsigned int* outlen,
|
||||||
int side, void* ctx)
|
int side, void* ctx)
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
ecc_key privKey;
|
ecc_key* privKey;
|
||||||
ecc_key pubKey;
|
ecc_key* pubKey;
|
||||||
|
ecc_key tmpKey;
|
||||||
|
|
||||||
(void)ssl;
|
(void)ssl;
|
||||||
(void)ctx;
|
(void)ctx;
|
||||||
|
|
||||||
ret = wc_ecc_init(&privKey);
|
ret = wc_ecc_init(&tmpKey);
|
||||||
if (ret != 0) {
|
if (ret != 0) {
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
ret = wc_ecc_init(&pubKey);
|
|
||||||
if (ret != 0) {
|
|
||||||
wc_ecc_free(&privKey);
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* for client: create and export public key */
|
/* for client: create and export public key */
|
||||||
if (side == WOLFSSL_CLIENT_END) {
|
if (side == WOLFSSL_CLIENT_END) {
|
||||||
WC_RNG rng;
|
WC_RNG rng;
|
||||||
ret = wc_InitRng(&rng);
|
ret = wc_InitRng(&rng);
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
ret = wc_ecc_import_x963_ex(otherKeyDer, otherKeySz, &pubKey,
|
privKey = &tmpKey;
|
||||||
otherKeyId);
|
pubKey = otherKey;
|
||||||
|
ret = wc_ecc_make_key_ex(&rng, 0, privKey, otherKey->dp->id);
|
||||||
if (ret == 0)
|
if (ret == 0)
|
||||||
ret = wc_ecc_make_key_ex(&rng, 0, &privKey, otherKeyId);
|
ret = wc_ecc_export_x963(privKey, pubKeyDer, pubKeySz);
|
||||||
if (ret == 0)
|
|
||||||
ret = wc_ecc_export_x963(&privKey, pubKeyDer, pubKeySz);
|
|
||||||
wc_FreeRng(&rng);
|
wc_FreeRng(&rng);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* for server: import public key */
|
/* for server: import public key */
|
||||||
else if (side == WOLFSSL_SERVER_END) {
|
else if (side == WOLFSSL_SERVER_END) {
|
||||||
ret = wc_ecc_import_x963_ex(otherKeyDer, otherKeySz, &privKey,
|
privKey = otherKey;
|
||||||
otherKeyId);
|
pubKey = &tmpKey;
|
||||||
if (ret == 0)
|
ret = wc_ecc_import_x963_ex(pubKeyDer, *pubKeySz, pubKey,
|
||||||
ret = wc_ecc_import_x963_ex(pubKeyDer, *pubKeySz, &pubKey,
|
otherKey->dp->id);
|
||||||
otherKeyId);
|
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
ret = -1;
|
ret = -1;
|
||||||
@@ -1758,11 +1750,10 @@ static INLINE int myEccSharedSecret(WOLFSSL* ssl,
|
|||||||
|
|
||||||
/* generate shared secret and return it */
|
/* generate shared secret and return it */
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
ret = wc_ecc_shared_secret(&privKey, &pubKey, out, outlen);
|
ret = wc_ecc_shared_secret(privKey, pubKey, out, outlen);
|
||||||
}
|
}
|
||||||
|
|
||||||
wc_ecc_free(&privKey);
|
wc_ecc_free(&tmpKey);
|
||||||
wc_ecc_free(&pubKey);
|
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user