int s2n_dhe_server_key_send(struct s2n_connection *conn, struct s2n_blob *data_to_sign)
{
struct s2n_stuffer *out = &conn->handshake.io;
/* Duplicate the DH key from the config */
GUARD(s2n_dh_params_copy(conn->config->dhparams, &conn->secure.server_dh_params));
/* Generate an ephemeral key */
GUARD(s2n_dh_generate_ephemeral_key(&conn->secure.server_dh_params));
/* Write it out and calculate the data to sign later */
GUARD(s2n_dh_params_to_p_g_Ys(&conn->secure.server_dh_params, out, data_to_sign));
return 0;
}
static int s2n_dhe_server_key_send(struct s2n_connection *conn)
{
struct s2n_blob serverDHparams, signature;
struct s2n_stuffer *out = &conn->handshake.io;
struct s2n_hash_state signature_hash;
/* Duplicate the DH key from the config */
GUARD(s2n_dh_params_copy(conn->config->dhparams, &conn->secure.server_dh_params));
/* Generate an ephemeral key */
GUARD(s2n_dh_generate_ephemeral_key(&conn->secure.server_dh_params));
/* Write it out */
GUARD(s2n_dh_params_to_p_g_Ys(&conn->secure.server_dh_params, out, &serverDHparams));
if (conn->actual_protocol_version == S2N_TLS12) {
GUARD(s2n_stuffer_write_uint8(out, TLS_HASH_ALGORITHM_SHA1));
GUARD(s2n_stuffer_write_uint8(out, TLS_SIGNATURE_ALGORITHM_RSA));
}
GUARD(s2n_hash_init(&signature_hash, conn->secure.signature_digest_alg));
GUARD(s2n_hash_update(&signature_hash, conn->secure.client_random, S2N_TLS_RANDOM_DATA_LEN));
GUARD(s2n_hash_update(&signature_hash, conn->secure.server_random, S2N_TLS_RANDOM_DATA_LEN));
GUARD(s2n_hash_update(&signature_hash, serverDHparams.data, serverDHparams.size));
signature.size = s2n_rsa_private_encrypted_size(&conn->config->cert_and_key_pairs->private_key);
GUARD(s2n_stuffer_write_uint16(out, signature.size));
signature.data = s2n_stuffer_raw_write(out, signature.size);
notnull_check(signature.data);
if (s2n_rsa_sign(&conn->config->cert_and_key_pairs->private_key, &signature_hash, &signature) < 0) {
S2N_ERROR(S2N_ERR_DH_FAILED_SIGNING);
}
return 0;
}
