@@ -86,13 +86,15 @@ impl aead::NonceSequence for OneNonceSequence {
86
86
}
87
87
}
88
88
89
+ type Key = [ u8 ; KEY_AGREEMENT_ALGORITHM_KEY_LENGTH ] ;
90
+
89
91
/// Convenience struct for passing an encryption key as an argument.
90
92
#[ derive( PartialEq ) ]
91
- pub ( crate ) struct EncryptionKey ( pub ( crate ) [ u8 ; KEY_AGREEMENT_ALGORITHM_KEY_LENGTH ] ) ;
93
+ pub ( crate ) struct EncryptionKey ( pub ( crate ) Key ) ;
92
94
93
95
/// Convenience struct for passing a decryption key as an argument.
94
96
#[ derive( PartialEq ) ]
95
- pub ( crate ) struct DecryptionKey ( pub ( crate ) [ u8 ; KEY_AGREEMENT_ALGORITHM_KEY_LENGTH ] ) ;
97
+ pub ( crate ) struct DecryptionKey ( pub ( crate ) Key ) ;
96
98
97
99
/// Implementation of Authenticated Encryption with Associated Data (AEAD).
98
100
///
@@ -234,11 +236,10 @@ impl KeyNegotiator {
234
236
) -> anyhow:: Result < ( EncryptionKey , DecryptionKey ) > {
235
237
let type_ = self . type_ . clone ( ) ;
236
238
let self_public_key = self . public_key ( ) . context ( "Couldn't get self public key" ) ?;
237
- let ( encryption_key , decryption_key ) = agreement:: agree_ephemeral (
239
+ agreement:: agree_ephemeral (
238
240
self . private_key ,
239
241
& agreement:: UnparsedPublicKey :: new ( KEY_AGREEMENT_ALGORITHM , peer_public_key) ,
240
- anyhow ! ( "Couldn't derive session keys" ) ,
241
- |key_material| {
242
+ |key_material| -> anyhow:: Result < ( EncryptionKey , DecryptionKey ) > {
242
243
let key_material = key_material
243
244
. try_into ( )
244
245
. map_err ( anyhow:: Error :: msg)
@@ -251,44 +252,54 @@ impl KeyNegotiator {
251
252
match type_ {
252
253
// On the server side `self_public_key` is the server key.
253
254
KeyNegotiatorType :: Server => {
254
- let encryption_key = Self :: key_derivation_function (
255
- key_material,
256
- SERVER_KEY_PURPOSE ,
257
- & self_public_key,
258
- & peer_public_key,
255
+ let encryption_key = EncryptionKey (
256
+ Self :: key_derivation_function (
257
+ key_material,
258
+ SERVER_KEY_PURPOSE ,
259
+ & self_public_key,
260
+ & peer_public_key,
261
+ )
262
+ . context ( "Couldn't derive decryption key" ) ?,
259
263
) ;
260
- let decryption_key = Self :: key_derivation_function (
261
- key_material,
262
- CLIENT_KEY_PURPOSE ,
263
- & self_public_key,
264
- & peer_public_key,
264
+ let decryption_key = DecryptionKey (
265
+ Self :: key_derivation_function (
266
+ key_material,
267
+ CLIENT_KEY_PURPOSE ,
268
+ & self_public_key,
269
+ & peer_public_key,
270
+ )
271
+ . context ( "Couldn't derive encryption key" ) ?,
265
272
) ;
266
273
Ok ( ( encryption_key, decryption_key) )
267
274
}
268
275
// On the client side `peer_public_key` is the server key.
269
276
KeyNegotiatorType :: Client => {
270
- let encryption_key = Self :: key_derivation_function (
271
- key_material,
272
- CLIENT_KEY_PURPOSE ,
273
- & peer_public_key,
274
- & self_public_key,
277
+ let encryption_key = EncryptionKey (
278
+ Self :: key_derivation_function (
279
+ key_material,
280
+ CLIENT_KEY_PURPOSE ,
281
+ & peer_public_key,
282
+ & self_public_key,
283
+ )
284
+ . context ( "Couldn't derive decryption key" ) ?,
275
285
) ;
276
- let decryption_key = Self :: key_derivation_function (
277
- key_material,
278
- SERVER_KEY_PURPOSE ,
279
- & peer_public_key,
280
- & self_public_key,
286
+ let decryption_key = DecryptionKey (
287
+ Self :: key_derivation_function (
288
+ key_material,
289
+ SERVER_KEY_PURPOSE ,
290
+ & peer_public_key,
291
+ & self_public_key,
292
+ )
293
+ . context ( "Couldn't derive encryption key" ) ?,
281
294
) ;
282
295
Ok ( ( encryption_key, decryption_key) )
283
296
}
284
297
}
285
298
} ,
286
299
)
287
- . context ( "Couldn't agree on session keys" ) ?;
288
- Ok ( (
289
- EncryptionKey ( encryption_key. context ( "Couldn't derive encryption key" ) ?) ,
290
- DecryptionKey ( decryption_key. context ( "Couldn't derive decryption key" ) ?) ,
291
- ) )
300
+ . map_err ( anyhow:: Error :: msg)
301
+ . context ( "Couldn't derive session keys" ) ?
302
+ . context ( "Couldn't agree on session keys" )
292
303
}
293
304
294
305
/// Derives a session key from `key_material` using HKDF.
@@ -351,8 +362,9 @@ impl Signer {
351
362
let rng = ring:: rand:: SystemRandom :: new ( ) ;
352
363
let key_pair_pkcs8 = EcdsaKeyPair :: generate_pkcs8 ( SIGNING_ALGORITHM , & rng)
353
364
. map_err ( |error| anyhow ! ( "Couldn't generate PKCS#8 key pair: {:?}" , error) ) ?;
354
- let key_pair = EcdsaKeyPair :: from_pkcs8 ( SIGNING_ALGORITHM , key_pair_pkcs8. as_ref ( ) )
355
- . map_err ( |error| anyhow ! ( "Couldn't parse generated key pair: {:?}" , error) ) ?;
365
+ let key_pair =
366
+ EcdsaKeyPair :: from_pkcs8 ( SIGNING_ALGORITHM , key_pair_pkcs8. as_ref ( ) , & rng)
367
+ . map_err ( |error| anyhow ! ( "Couldn't parse generated key pair: {:?}" , error) ) ?;
356
368
357
369
Ok ( Self { key_pair } )
358
370
}
0 commit comments