[crypto] Generalise elliptic curve key exchange to ecdhe_key()

Split out the portion of tls_send_client_key_exchange_ecdhe() that actually performs the elliptic curve key exchange into a separate function ecdhe_key(). Signed-off-by: Michael Brown <mcb30@ipxe.org>
2025-12-14 07:50:43 +03:00 · 2025-01-21 15:13:20 +00:00
parent cc38d7dd3e
commit df7ec31766
3 changed files with 87 additions and 9 deletions
--- a/src/net/tls.c
+++ b/src/net/tls.c
@@ -50,6 +50,7 @@ FILE_LICENCE ( GPL2_OR_LATER );
 #include <ipxe/validator.h>
 #include <ipxe/job.h>
 #include <ipxe/dhe.h>
+#include <ipxe/ecdhe.h>
 #include <ipxe/tls.h>
 #include <config/crypto.h>

@@ -1733,9 +1734,9 @@ static int tls_send_client_key_exchange_ecdhe ( struct tls_connection *tls ) {
 		}

 		/* Calculate pre-master secret */
-		if ( ( rc = elliptic_multiply ( curve->curve,
-						ecdh->public, private,
-						pre_master_secret ) ) != 0 ) {
+		if ( ( rc = ecdhe_key ( curve->curve, ecdh->public,
+					private, key_xchg.public,
+					pre_master_secret ) ) != 0 ) {
 			DBGC ( tls, "TLS %p could not exchange ECDHE key: %s\n",
 			       tls, strerror ( rc ) );
 			return rc;
@@ -1750,12 +1751,6 @@ static int tls_send_client_key_exchange_ecdhe ( struct tls_connection *tls ) {
 			  htonl ( sizeof ( key_xchg ) -
 				  sizeof ( key_xchg.type_length ) ) );
 		key_xchg.public_len = len;
-		if ( ( rc = elliptic_multiply ( curve->curve, NULL, private,
-						key_xchg.public ) ) != 0 ) {
-			DBGC ( tls, "TLS %p could not generate ECDHE key: %s\n",
-			       tls, strerror ( rc ) );
-			return rc;
-		}

 		/* Transmit Client Key Exchange record */
 		if ( ( rc = tls_send_handshake ( tls, &key_xchg,