int s2n_dhe_server_key_recv_parse_data(struct s2n_connection *conn, union s2n_kex_raw_server_data *raw_server_data) { struct s2n_dhe_raw_server_points dhe_data = raw_server_data->dhe_data; /* Copy the DH details */ GUARD(s2n_dh_p_g_Ys_to_dh_params(&conn->secure.server_dh_params, &dhe_data.p, &dhe_data.g, &dhe_data.Ys)); return 0; }
static int s2n_dhe_server_key_recv(struct s2n_connection *conn) { struct s2n_hash_state signature_hash; struct s2n_stuffer *in = &conn->handshake.io; struct s2n_blob p, g, Ys, serverDHparams, signature; uint16_t p_length; uint16_t g_length; uint16_t Ys_length; uint16_t signature_length; /* Keep a copy to the start of the whole structure for the signature check */ serverDHparams.data = s2n_stuffer_raw_read(in, 0); notnull_check(serverDHparams.data); /* Read each of the three elements in */ GUARD(s2n_stuffer_read_uint16(in, &p_length)); p.size = p_length; p.data = s2n_stuffer_raw_read(in, p.size); notnull_check(p.data); GUARD(s2n_stuffer_read_uint16(in, &g_length)); g.size = g_length; g.data = s2n_stuffer_raw_read(in, g.size); notnull_check(g.data); GUARD(s2n_stuffer_read_uint16(in, &Ys_length)); Ys.size = Ys_length; Ys.data = s2n_stuffer_raw_read(in, Ys.size); notnull_check(Ys.data); /* Now we know the total size of the structure */ serverDHparams.size = 2 + p_length + 2 + g_length + 2 + Ys_length; GUARD(s2n_hash_init(&signature_hash, conn->secure.signature_digest_alg)); if (conn->actual_protocol_version == S2N_TLS12) { uint8_t hash_algorithm; uint8_t signature_algorithm; GUARD(s2n_stuffer_read_uint8(in, &hash_algorithm)); GUARD(s2n_stuffer_read_uint8(in, &signature_algorithm)); if (signature_algorithm != TLS_SIGNATURE_ALGORITHM_RSA) { S2N_ERROR(S2N_ERR_BAD_MESSAGE); } switch(hash_algorithm) { case TLS_HASH_ALGORITHM_MD5: GUARD(s2n_hash_init(&signature_hash, S2N_HASH_MD5)); break; case TLS_HASH_ALGORITHM_SHA1: GUARD(s2n_hash_init(&signature_hash, S2N_HASH_SHA1)); break; case TLS_HASH_ALGORITHM_SHA224: GUARD(s2n_hash_init(&signature_hash, S2N_HASH_SHA224)); break; case TLS_HASH_ALGORITHM_SHA256: GUARD(s2n_hash_init(&signature_hash, S2N_HASH_SHA256)); break; case TLS_HASH_ALGORITHM_SHA384: GUARD(s2n_hash_init(&signature_hash, S2N_HASH_SHA384)); break; case TLS_HASH_ALGORITHM_SHA512: GUARD(s2n_hash_init(&signature_hash, S2N_HASH_SHA512)); break; default: S2N_ERROR(S2N_ERR_BAD_MESSAGE); } } GUARD(s2n_hash_update(&signature_hash, conn->secure.client_random, S2N_TLS_RANDOM_DATA_LEN)); GUARD(s2n_hash_update(&signature_hash, conn->secure.server_random, S2N_TLS_RANDOM_DATA_LEN)); GUARD(s2n_hash_update(&signature_hash, serverDHparams.data, serverDHparams.size)); GUARD(s2n_stuffer_read_uint16(in, &signature_length)); signature.size = signature_length; signature.data = s2n_stuffer_raw_read(in, signature.size); notnull_check(signature.data); gt_check(signature_length, 0); if (s2n_rsa_verify(&conn->secure.server_rsa_public_key, &signature_hash, &signature) < 0) { S2N_ERROR(S2N_ERR_BAD_MESSAGE); } /* We don't need the key any more, so free it */ GUARD(s2n_rsa_public_key_free(&conn->secure.server_rsa_public_key)); /* Copy the DH details */ GUARD(s2n_dh_p_g_Ys_to_dh_params(&conn->secure.server_dh_params, &p, &g, &Ys)); return 0; }