int main(int argc, char **argv) { BEGIN_TEST(); /* Test generate->write->read->compute_shared with all supported curves */ for (int i = 0; i < sizeof(s2n_ecc_supported_curves) / sizeof(s2n_ecc_supported_curves[0]); i++) { struct s2n_ecc_params server_params, client_params; struct s2n_stuffer wire; struct s2n_blob server_shared, client_shared, ecdh_params_sent, ecdh_params_received; EXPECT_SUCCESS(s2n_stuffer_growable_alloc(&wire, 1024)); /* Server generates a key for a given curve */ server_params.negotiated_curve = &s2n_ecc_supported_curves[i]; EXPECT_SUCCESS(s2n_ecc_generate_ephemeral_key(&server_params)); /* Server sends the public */ EXPECT_SUCCESS(s2n_ecc_write_ecc_params(&server_params, &wire, &ecdh_params_sent)); /* Client reads the public */ struct s2n_ecdhe_raw_server_params ecdhe_data = {{0}}; EXPECT_SUCCESS(s2n_ecc_read_ecc_params(&wire, &ecdh_params_received, &ecdhe_data)); EXPECT_SUCCESS(s2n_ecc_parse_ecc_params(&client_params, &ecdhe_data)); /* The client got the curve */ EXPECT_EQUAL(client_params.negotiated_curve, server_params.negotiated_curve); /* Client sends its public */ EXPECT_SUCCESS(s2n_ecc_compute_shared_secret_as_client(&client_params, &wire, &client_shared)); /* Server receives it */ EXPECT_SUCCESS(s2n_ecc_compute_shared_secret_as_server(&server_params, &wire, &server_shared)); /* Shared is the same for the client and the server */ EXPECT_EQUAL(client_shared.size, server_shared.size); EXPECT_BYTEARRAY_EQUAL(client_shared.data, server_shared.data, client_shared.size); /* Clean up */ EXPECT_SUCCESS(s2n_stuffer_free(&wire)); EXPECT_SUCCESS(s2n_free(&server_shared)); EXPECT_SUCCESS(s2n_free(&client_shared)); EXPECT_SUCCESS(s2n_ecc_params_free(&server_params)); EXPECT_SUCCESS(s2n_ecc_params_free(&client_params)); } END_TEST(); }
static int s2n_connection_free_keys(struct s2n_connection *conn) { /* Destroy any keys - we call destroy on the pending object as that is where * keys are allocated. */ if (conn->pending.cipher_suite && conn->pending.cipher_suite->cipher->destroy_key) { GUARD(conn->pending.cipher_suite->cipher->destroy_key(&conn->pending.client_key)); GUARD(conn->pending.cipher_suite->cipher->destroy_key(&conn->pending.server_key)); } /* Free any pending server key received (we may not have completed a * handshake, so this may not have been free'd yet) */ GUARD(s2n_rsa_public_key_free(&conn->pending.server_rsa_public_key)); GUARD(s2n_dh_params_free(&conn->pending.server_dh_params)); GUARD(s2n_dh_params_free(&conn->active.server_dh_params)); GUARD(s2n_ecc_params_free(&conn->pending.server_ecc_params)); GUARD(s2n_ecc_params_free(&conn->active.server_ecc_params)); GUARD(s2n_free(&conn->status_response)); return 0; }