mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Updated EccSharedSecret callback to use ecc_key* peer directly. Passes examples with "-P" tests and new pkcallback test script.

Browse Source
This commit is contained in:
David Garske 2016-12-06 13:00:48 -08:00
parent 45d26876c8
commit 4dd393077f
3 changed files with 32 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
src/internal.c
View File

@ -2970,13 +2970,12 @@ int EccVerify(WOLFSSL* ssl, const byte* in, word32 inSz, const byte* out,
* Client side: returns peer key
* Server side: returns private key
*/
static int EccGetKey(WOLFSSL* ssl, byte* otherKeyDer,
word32* otherKeySz, word32* otherKeyId)
static int EccGetKey(WOLFSSL* ssl, ecc_key** otherKey)
{
int ret = NO_PEER_KEY;
ecc_key* otherKey = NULL;
ecc_key* tmpKey = NULL;
if (ssl == NULL || otherKeyDer == NULL || otherKeySz == NULL) {
if (ssl == NULL || otherKey == NULL) {
return BAD_FUNC_ARG;
}
@ -2986,14 +2985,14 @@ int EccVerify(WOLFSSL* ssl, const byte* in, word32 inSz, const byte* out,
!ssl->peerEccDsaKey->dp) {
return NO_PEER_KEY;
}
otherKey = (struct ecc_key*)ssl->peerEccDsaKey;
tmpKey = (struct ecc_key*)ssl->peerEccDsaKey;
}
else {
if (!ssl->peerEccKey || !ssl->peerEccKeyPresent ||
!ssl->peerEccKey->dp) {
return NO_PEER_KEY;
}
otherKey = (struct ecc_key*)ssl->peerEccKey;
tmpKey = (struct ecc_key*)ssl->peerEccKey;
}
}
else if (ssl->options.side == WOLFSSL_SERVER_END) {
@ -3001,20 +3000,19 @@ int EccVerify(WOLFSSL* ssl, const byte* in, word32 inSz, const byte* out,
if (ssl->sigKey == NULL) {
return NO_PRIVATE_KEY;
}
otherKey = (struct ecc_key*)ssl->sigKey;
tmpKey = (struct ecc_key*)ssl->sigKey;
}
else {
if (!ssl->eccTempKeyPresent) {
return NO_PRIVATE_KEY;
}
otherKey = (struct ecc_key*)ssl->eccTempKey;
tmpKey = (struct ecc_key*)ssl->eccTempKey;
}
}
if (otherKey) {
ret = wc_ecc_export_x963(otherKey, otherKeyDer, otherKeySz);
if (otherKeyId)
*otherKeyId = otherKey->dp->id;
if (tmpKey) {
*otherKey = tmpKey;
ret = 0;
}
return ret;
@ -3037,14 +3035,12 @@ int EccSharedSecret(WOLFSSL* ssl, ecc_key* priv_key, ecc_key* pub_key,
#ifdef HAVE_PK_CALLBACKS
if (ssl->ctx->EccSharedSecretCb) {
byte* otherKeyDer = NULL;
word32 otherKeySz = 0;
word32 otherKeyId = ECC_CURVE_DEF;
ecc_key* otherKey = NULL;
ret = EccGetKey(ssl, otherKeyDer, &otherKeySz, &otherKeyId);
ret = EccGetKey(ssl, &otherKey);
if (ret == 0) {
ret = ssl->ctx->EccSharedSecretCb(ssl, otherKeyDer, otherKeySz,
otherKeyId, pubKeyDer, pubKeySz, out, outlen, side, ctx);
ret = ssl->ctx->EccSharedSecretCb(ssl, otherKey, pubKeyDer,
pubKeySz, out, outlen, side, ctx);
}
}
else

5
wolfssl/ssl.h
View File

@ -1341,9 +1341,8 @@ WOLFSSL_API void wolfSSL_CTX_SetEccVerifyCb(WOLFSSL_CTX*, CallbackEccVerify);
WOLFSSL_API void wolfSSL_SetEccVerifyCtx(WOLFSSL* ssl, void *ctx);
WOLFSSL_API void* wolfSSL_GetEccVerifyCtx(WOLFSSL* ssl);
typedef int (*CallbackEccSharedSecret)(WOLFSSL* ssl,
const unsigned char* otherKeyDer, unsigned int otherKeySz,
unsigned int otherKeyId,
struct ecc_key;
typedef int (*CallbackEccSharedSecret)(WOLFSSL* ssl, struct ecc_key* otherKey,
unsigned char* pubKeyDer, unsigned int* pubKeySz,
unsigned char* out, unsigned int* outlen,
int side, void* ctx); /* side is WOLFSSL_CLIENT_END or WOLFSSL_SERVER_END */

41
wolfssl/test.h
View File

@ -1705,52 +1705,44 @@ static INLINE int myEccVerify(WOLFSSL* ssl, const byte* sig, word32 sigSz,
return ret;
}
static INLINE int myEccSharedSecret(WOLFSSL* ssl,
const unsigned char* otherKeyDer, unsigned int otherKeySz,
unsigned int otherKeyId,
static INLINE int myEccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
unsigned char* pubKeyDer, unsigned int* pubKeySz,
unsigned char* out, unsigned int* outlen,
int side, void* ctx)
{
int ret;
ecc_key privKey;
ecc_key pubKey;
int ret;
ecc_key* privKey;
ecc_key* pubKey;
ecc_key tmpKey;
(void)ssl;
(void)ctx;
ret = wc_ecc_init(&privKey);
ret = wc_ecc_init(&tmpKey);
if (ret != 0) {
return ret;
}
ret = wc_ecc_init(&pubKey);
if (ret != 0) {
wc_ecc_free(&privKey);
return ret;
}
/* for client: create and export public key */
if (side == WOLFSSL_CLIENT_END) {
WC_RNG rng;
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ecc_import_x963_ex(otherKeyDer, otherKeySz, &pubKey,
otherKeyId);
privKey = &tmpKey;
pubKey = otherKey;
ret = wc_ecc_make_key_ex(&rng, 0, privKey, otherKey->dp->id);
if (ret == 0)
ret = wc_ecc_make_key_ex(&rng, 0, &privKey, otherKeyId);
if (ret == 0)
ret = wc_ecc_export_x963(&privKey, pubKeyDer, pubKeySz);
ret = wc_ecc_export_x963(privKey, pubKeyDer, pubKeySz);
wc_FreeRng(&rng);
}
}
/* for server: import public key */
else if (side == WOLFSSL_SERVER_END) {
ret = wc_ecc_import_x963_ex(otherKeyDer, otherKeySz, &privKey,
otherKeyId);
if (ret == 0)
ret = wc_ecc_import_x963_ex(pubKeyDer, *pubKeySz, &pubKey,
otherKeyId);
privKey = otherKey;
pubKey = &tmpKey;
ret = wc_ecc_import_x963_ex(pubKeyDer, *pubKeySz, pubKey,
otherKey->dp->id);
}
else {
ret = -1;
@ -1758,11 +1750,10 @@ static INLINE int myEccSharedSecret(WOLFSSL* ssl,
/* generate shared secret and return it */
if (ret == 0) {
ret = wc_ecc_shared_secret(&privKey, &pubKey, out, outlen);
ret = wc_ecc_shared_secret(privKey, pubKey, out, outlen);
}
wc_ecc_free(&privKey);
wc_ecc_free(&pubKey);
wc_ecc_free(&tmpKey);
return ret;
}