int s2n_dhe_server_key_send(struct s2n_connection *conn, struct s2n_blob *data_to_sign) { struct s2n_stuffer *out = &conn->handshake.io; /* Duplicate the DH key from the config */ GUARD(s2n_dh_params_copy(conn->config->dhparams, &conn->secure.server_dh_params)); /* Generate an ephemeral key */ GUARD(s2n_dh_generate_ephemeral_key(&conn->secure.server_dh_params)); /* Write it out and calculate the data to sign later */ GUARD(s2n_dh_params_to_p_g_Ys(&conn->secure.server_dh_params, out, data_to_sign)); return 0; }
static int s2n_dhe_server_key_send(struct s2n_connection *conn) { struct s2n_blob serverDHparams, signature; struct s2n_stuffer *out = &conn->handshake.io; struct s2n_hash_state signature_hash; /* Duplicate the DH key from the config */ GUARD(s2n_dh_params_copy(conn->config->dhparams, &conn->secure.server_dh_params)); /* Generate an ephemeral key */ GUARD(s2n_dh_generate_ephemeral_key(&conn->secure.server_dh_params)); /* Write it out */ GUARD(s2n_dh_params_to_p_g_Ys(&conn->secure.server_dh_params, out, &serverDHparams)); if (conn->actual_protocol_version == S2N_TLS12) { GUARD(s2n_stuffer_write_uint8(out, TLS_HASH_ALGORITHM_SHA1)); GUARD(s2n_stuffer_write_uint8(out, TLS_SIGNATURE_ALGORITHM_RSA)); } GUARD(s2n_hash_init(&signature_hash, conn->secure.signature_digest_alg)); GUARD(s2n_hash_update(&signature_hash, conn->secure.client_random, S2N_TLS_RANDOM_DATA_LEN)); GUARD(s2n_hash_update(&signature_hash, conn->secure.server_random, S2N_TLS_RANDOM_DATA_LEN)); GUARD(s2n_hash_update(&signature_hash, serverDHparams.data, serverDHparams.size)); signature.size = s2n_rsa_private_encrypted_size(&conn->config->cert_and_key_pairs->private_key); GUARD(s2n_stuffer_write_uint16(out, signature.size)); signature.data = s2n_stuffer_raw_write(out, signature.size); notnull_check(signature.data); if (s2n_rsa_sign(&conn->config->cert_and_key_pairs->private_key, &signature_hash, &signature) < 0) { S2N_ERROR(S2N_ERR_DH_FAILED_SIGNING); } return 0; }