int s2n_ecdhe_server_key_send(struct s2n_connection *conn, struct s2n_blob *data_to_sign) { struct s2n_stuffer *out = &conn->handshake.io; /* Generate an ephemeral key and */ GUARD(s2n_ecc_generate_ephemeral_key(&conn->secure.server_ecc_params)); /* Write it out and calculate the data to sign later */ GUARD(s2n_ecc_write_ecc_params(&conn->secure.server_ecc_params, out, data_to_sign)); return 0; }
int main(int argc, char **argv) { BEGIN_TEST(); /* Test generate->write->read->compute_shared with all supported curves */ for (int i = 0; i < sizeof(s2n_ecc_supported_curves) / sizeof(s2n_ecc_supported_curves[0]); i++) { struct s2n_ecc_params server_params, client_params; struct s2n_stuffer wire; struct s2n_blob server_shared, client_shared, ecdh_params_sent, ecdh_params_received; EXPECT_SUCCESS(s2n_stuffer_growable_alloc(&wire, 1024)); /* Server generates a key for a given curve */ server_params.negotiated_curve = &s2n_ecc_supported_curves[i]; EXPECT_SUCCESS(s2n_ecc_generate_ephemeral_key(&server_params)); /* Server sends the public */ EXPECT_SUCCESS(s2n_ecc_write_ecc_params(&server_params, &wire, &ecdh_params_sent)); /* Client reads the public */ struct s2n_ecdhe_raw_server_params ecdhe_data = {{0}}; EXPECT_SUCCESS(s2n_ecc_read_ecc_params(&wire, &ecdh_params_received, &ecdhe_data)); EXPECT_SUCCESS(s2n_ecc_parse_ecc_params(&client_params, &ecdhe_data)); /* The client got the curve */ EXPECT_EQUAL(client_params.negotiated_curve, server_params.negotiated_curve); /* Client sends its public */ EXPECT_SUCCESS(s2n_ecc_compute_shared_secret_as_client(&client_params, &wire, &client_shared)); /* Server receives it */ EXPECT_SUCCESS(s2n_ecc_compute_shared_secret_as_server(&server_params, &wire, &server_shared)); /* Shared is the same for the client and the server */ EXPECT_EQUAL(client_shared.size, server_shared.size); EXPECT_BYTEARRAY_EQUAL(client_shared.data, server_shared.data, client_shared.size); /* Clean up */ EXPECT_SUCCESS(s2n_stuffer_free(&wire)); EXPECT_SUCCESS(s2n_free(&server_shared)); EXPECT_SUCCESS(s2n_free(&client_shared)); EXPECT_SUCCESS(s2n_ecc_params_free(&server_params)); EXPECT_SUCCESS(s2n_ecc_params_free(&client_params)); } END_TEST(); }
static int s2n_ecdhe_server_key_send(struct s2n_connection *conn) { struct s2n_blob signature; struct s2n_stuffer *out = &conn->handshake.io; struct s2n_hash_state signature_hash; struct s2n_blob ecdhparams; GUARD(s2n_hash_init(&signature_hash, conn->secure.signature_digest_alg)); /* Generate an ephemeral key and */ GUARD(s2n_ecc_generate_ephemeral_key(&conn->secure.server_ecc_params)); /* Write it out and calcualte the hash */ GUARD(s2n_ecc_write_ecc_params(&conn->secure.server_ecc_params, out, &ecdhparams)); if (conn->actual_protocol_version == S2N_TLS12) { GUARD(s2n_stuffer_write_uint8(out, TLS_HASH_ALGORITHM_SHA1)); GUARD(s2n_stuffer_write_uint8(out, TLS_SIGNATURE_ALGORITHM_RSA)); } /* Add the random data to the hash */ GUARD(s2n_hash_update(&signature_hash, conn->secure.client_random, S2N_TLS_RANDOM_DATA_LEN)); GUARD(s2n_hash_update(&signature_hash, conn->secure.server_random, S2N_TLS_RANDOM_DATA_LEN)); GUARD(s2n_hash_update(&signature_hash, ecdhparams.data, ecdhparams.size)); signature.size = s2n_rsa_private_encrypted_size(&conn->config->cert_and_key_pairs->private_key); GUARD(s2n_stuffer_write_uint16(out, signature.size)); signature.data = s2n_stuffer_raw_write(out, signature.size); notnull_check(signature.data); if (s2n_rsa_sign(&conn->config->cert_and_key_pairs->private_key, &signature_hash, &signature) < 0) { S2N_ERROR(S2N_ERR_DH_FAILED_SIGNING); } return 0; }