From 4dd393077f340d121b47aab69f3d5699a2d37074 Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 6 Dec 2016 13:00:48 -0800 Subject: [PATCH] Updated EccSharedSecret callback to use ecc_key* peer directly. Passes examples with "-P" tests and new pkcallback test script. --- src/internal.c | 32 ++++++++++++++------------------ wolfssl/ssl.h | 5 ++--- wolfssl/test.h | 41 ++++++++++++++++------------------------- 3 files changed, 32 insertions(+), 46 deletions(-) diff --git a/src/internal.c b/src/internal.c index 5e8933532..83ce2f4a0 100644 --- a/src/internal.c +++ b/src/internal.c @@ -2970,13 +2970,12 @@ int EccVerify(WOLFSSL* ssl, const byte* in, word32 inSz, const byte* out, * Client side: returns peer key * Server side: returns private key */ - static int EccGetKey(WOLFSSL* ssl, byte* otherKeyDer, - word32* otherKeySz, word32* otherKeyId) + static int EccGetKey(WOLFSSL* ssl, ecc_key** otherKey) { int ret = NO_PEER_KEY; - ecc_key* otherKey = NULL; + ecc_key* tmpKey = NULL; - if (ssl == NULL || otherKeyDer == NULL || otherKeySz == NULL) { + if (ssl == NULL || otherKey == NULL) { return BAD_FUNC_ARG; } @@ -2986,14 +2985,14 @@ int EccVerify(WOLFSSL* ssl, const byte* in, word32 inSz, const byte* out, !ssl->peerEccDsaKey->dp) { return NO_PEER_KEY; } - otherKey = (struct ecc_key*)ssl->peerEccDsaKey; + tmpKey = (struct ecc_key*)ssl->peerEccDsaKey; } else { if (!ssl->peerEccKey || !ssl->peerEccKeyPresent || !ssl->peerEccKey->dp) { return NO_PEER_KEY; } - otherKey = (struct ecc_key*)ssl->peerEccKey; + tmpKey = (struct ecc_key*)ssl->peerEccKey; } } else if (ssl->options.side == WOLFSSL_SERVER_END) { @@ -3001,20 +3000,19 @@ int EccVerify(WOLFSSL* ssl, const byte* in, word32 inSz, const byte* out, if (ssl->sigKey == NULL) { return NO_PRIVATE_KEY; } - otherKey = (struct ecc_key*)ssl->sigKey; + tmpKey = (struct ecc_key*)ssl->sigKey; } else { if (!ssl->eccTempKeyPresent) { return NO_PRIVATE_KEY; } - otherKey = (struct ecc_key*)ssl->eccTempKey; + tmpKey = (struct ecc_key*)ssl->eccTempKey; } } - if (otherKey) { - ret = wc_ecc_export_x963(otherKey, otherKeyDer, otherKeySz); - if (otherKeyId) - *otherKeyId = otherKey->dp->id; + if (tmpKey) { + *otherKey = tmpKey; + ret = 0; } return ret; @@ -3037,14 +3035,12 @@ int EccSharedSecret(WOLFSSL* ssl, ecc_key* priv_key, ecc_key* pub_key, #ifdef HAVE_PK_CALLBACKS if (ssl->ctx->EccSharedSecretCb) { - byte* otherKeyDer = NULL; - word32 otherKeySz = 0; - word32 otherKeyId = ECC_CURVE_DEF; + ecc_key* otherKey = NULL; - ret = EccGetKey(ssl, otherKeyDer, &otherKeySz, &otherKeyId); + ret = EccGetKey(ssl, &otherKey); if (ret == 0) { - ret = ssl->ctx->EccSharedSecretCb(ssl, otherKeyDer, otherKeySz, - otherKeyId, pubKeyDer, pubKeySz, out, outlen, side, ctx); + ret = ssl->ctx->EccSharedSecretCb(ssl, otherKey, pubKeyDer, + pubKeySz, out, outlen, side, ctx); } } else diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index f331ff31b..64cfcbb3e 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1341,9 +1341,8 @@ WOLFSSL_API void wolfSSL_CTX_SetEccVerifyCb(WOLFSSL_CTX*, CallbackEccVerify); WOLFSSL_API void wolfSSL_SetEccVerifyCtx(WOLFSSL* ssl, void *ctx); WOLFSSL_API void* wolfSSL_GetEccVerifyCtx(WOLFSSL* ssl); -typedef int (*CallbackEccSharedSecret)(WOLFSSL* ssl, - const unsigned char* otherKeyDer, unsigned int otherKeySz, - unsigned int otherKeyId, +struct ecc_key; +typedef int (*CallbackEccSharedSecret)(WOLFSSL* ssl, struct ecc_key* otherKey, unsigned char* pubKeyDer, unsigned int* pubKeySz, unsigned char* out, unsigned int* outlen, int side, void* ctx); /* side is WOLFSSL_CLIENT_END or WOLFSSL_SERVER_END */ diff --git a/wolfssl/test.h b/wolfssl/test.h index eb53cae0c..632313b8d 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -1705,52 +1705,44 @@ static INLINE int myEccVerify(WOLFSSL* ssl, const byte* sig, word32 sigSz, return ret; } -static INLINE int myEccSharedSecret(WOLFSSL* ssl, - const unsigned char* otherKeyDer, unsigned int otherKeySz, - unsigned int otherKeyId, +static INLINE int myEccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey, unsigned char* pubKeyDer, unsigned int* pubKeySz, unsigned char* out, unsigned int* outlen, int side, void* ctx) { - int ret; - ecc_key privKey; - ecc_key pubKey; + int ret; + ecc_key* privKey; + ecc_key* pubKey; + ecc_key tmpKey; (void)ssl; (void)ctx; - ret = wc_ecc_init(&privKey); + ret = wc_ecc_init(&tmpKey); if (ret != 0) { return ret; } - ret = wc_ecc_init(&pubKey); - if (ret != 0) { - wc_ecc_free(&privKey); - return ret; - } /* for client: create and export public key */ if (side == WOLFSSL_CLIENT_END) { WC_RNG rng; ret = wc_InitRng(&rng); if (ret == 0) { - ret = wc_ecc_import_x963_ex(otherKeyDer, otherKeySz, &pubKey, - otherKeyId); + privKey = &tmpKey; + pubKey = otherKey; + ret = wc_ecc_make_key_ex(&rng, 0, privKey, otherKey->dp->id); if (ret == 0) - ret = wc_ecc_make_key_ex(&rng, 0, &privKey, otherKeyId); - if (ret == 0) - ret = wc_ecc_export_x963(&privKey, pubKeyDer, pubKeySz); + ret = wc_ecc_export_x963(privKey, pubKeyDer, pubKeySz); wc_FreeRng(&rng); } } /* for server: import public key */ else if (side == WOLFSSL_SERVER_END) { - ret = wc_ecc_import_x963_ex(otherKeyDer, otherKeySz, &privKey, - otherKeyId); - if (ret == 0) - ret = wc_ecc_import_x963_ex(pubKeyDer, *pubKeySz, &pubKey, - otherKeyId); + privKey = otherKey; + pubKey = &tmpKey; + ret = wc_ecc_import_x963_ex(pubKeyDer, *pubKeySz, pubKey, + otherKey->dp->id); } else { ret = -1; @@ -1758,11 +1750,10 @@ static INLINE int myEccSharedSecret(WOLFSSL* ssl, /* generate shared secret and return it */ if (ret == 0) { - ret = wc_ecc_shared_secret(&privKey, &pubKey, out, outlen); + ret = wc_ecc_shared_secret(privKey, pubKey, out, outlen); } - wc_ecc_free(&privKey); - wc_ecc_free(&pubKey); + wc_ecc_free(&tmpKey); return ret; }