int main(int argc, char **argv)
{
BEGIN_TEST();
/* Test generate->write->read->compute_shared with all supported curves */
for (int i = 0; i < sizeof(s2n_ecc_supported_curves) / sizeof(s2n_ecc_supported_curves[0]); i++) {
struct s2n_ecc_params server_params, client_params;
struct s2n_stuffer wire;
struct s2n_blob server_shared, client_shared, ecdh_params_sent, ecdh_params_received;
EXPECT_SUCCESS(s2n_stuffer_growable_alloc(&wire, 1024));
/* Server generates a key for a given curve */
server_params.negotiated_curve = &s2n_ecc_supported_curves[i];
EXPECT_SUCCESS(s2n_ecc_generate_ephemeral_key(&server_params));
/* Server sends the public */
EXPECT_SUCCESS(s2n_ecc_write_ecc_params(&server_params, &wire, &ecdh_params_sent));
/* Client reads the public */
struct s2n_ecdhe_raw_server_params ecdhe_data = {{0}};
EXPECT_SUCCESS(s2n_ecc_read_ecc_params(&wire, &ecdh_params_received, &ecdhe_data));
EXPECT_SUCCESS(s2n_ecc_parse_ecc_params(&client_params, &ecdhe_data));
/* The client got the curve */
EXPECT_EQUAL(client_params.negotiated_curve, server_params.negotiated_curve);
/* Client sends its public */
EXPECT_SUCCESS(s2n_ecc_compute_shared_secret_as_client(&client_params, &wire, &client_shared));
/* Server receives it */
EXPECT_SUCCESS(s2n_ecc_compute_shared_secret_as_server(&server_params, &wire, &server_shared));
/* Shared is the same for the client and the server */
EXPECT_EQUAL(client_shared.size, server_shared.size);
EXPECT_BYTEARRAY_EQUAL(client_shared.data, server_shared.data, client_shared.size);
/* Clean up */
EXPECT_SUCCESS(s2n_stuffer_free(&wire));
EXPECT_SUCCESS(s2n_free(&server_shared));
EXPECT_SUCCESS(s2n_free(&client_shared));
EXPECT_SUCCESS(s2n_ecc_params_free(&server_params));
EXPECT_SUCCESS(s2n_ecc_params_free(&client_params));
}
END_TEST();
}
static int s2n_connection_free_keys(struct s2n_connection *conn)
{
/* Destroy any keys - we call destroy on the pending object as that is where
* keys are allocated. */
if (conn->pending.cipher_suite && conn->pending.cipher_suite->cipher->destroy_key) {
GUARD(conn->pending.cipher_suite->cipher->destroy_key(&conn->pending.client_key));
GUARD(conn->pending.cipher_suite->cipher->destroy_key(&conn->pending.server_key));
}
/* Free any pending server key received (we may not have completed a
* handshake, so this may not have been free'd yet) */
GUARD(s2n_rsa_public_key_free(&conn->pending.server_rsa_public_key));
GUARD(s2n_dh_params_free(&conn->pending.server_dh_params));
GUARD(s2n_dh_params_free(&conn->active.server_dh_params));
GUARD(s2n_ecc_params_free(&conn->pending.server_ecc_params));
GUARD(s2n_ecc_params_free(&conn->active.server_ecc_params));
GUARD(s2n_free(&conn->status_response));
return 0;
}
