@@ -234,11 +234,10 @@ impl KeyNegotiator {
234
234
) -> anyhow:: Result < ( EncryptionKey , DecryptionKey ) > {
235
235
let type_ = self . type_ . clone ( ) ;
236
236
let self_public_key = self . public_key ( ) . context ( "Couldn't get self public key" ) ?;
237
- let ( encryption_key , decryption_key ) = agreement:: agree_ephemeral (
237
+ agreement:: agree_ephemeral (
238
238
self . private_key ,
239
239
& agreement:: UnparsedPublicKey :: new ( KEY_AGREEMENT_ALGORITHM , peer_public_key) ,
240
- anyhow ! ( "Couldn't derive session keys" ) ,
241
- |key_material| {
240
+ |key_material| -> anyhow:: Result < ( EncryptionKey , DecryptionKey ) > {
242
241
let key_material = key_material
243
242
. try_into ( )
244
243
. map_err ( anyhow:: Error :: msg)
@@ -251,44 +250,54 @@ impl KeyNegotiator {
251
250
match type_ {
252
251
// On the server side `self_public_key` is the server key.
253
252
KeyNegotiatorType :: Server => {
254
- let encryption_key = Self :: key_derivation_function (
255
- key_material,
256
- SERVER_KEY_PURPOSE ,
257
- & self_public_key,
258
- & peer_public_key,
253
+ let encryption_key = EncryptionKey (
254
+ Self :: key_derivation_function (
255
+ key_material,
256
+ SERVER_KEY_PURPOSE ,
257
+ & self_public_key,
258
+ & peer_public_key,
259
+ )
260
+ . context ( "Couldn't derive decryption key" ) ?,
259
261
) ;
260
- let decryption_key = Self :: key_derivation_function (
261
- key_material,
262
- CLIENT_KEY_PURPOSE ,
263
- & self_public_key,
264
- & peer_public_key,
262
+ let decryption_key = DecryptionKey (
263
+ Self :: key_derivation_function (
264
+ key_material,
265
+ CLIENT_KEY_PURPOSE ,
266
+ & self_public_key,
267
+ & peer_public_key,
268
+ )
269
+ . context ( "Couldn't derive encryption key" ) ?,
265
270
) ;
266
271
Ok ( ( encryption_key, decryption_key) )
267
272
}
268
273
// On the client side `peer_public_key` is the server key.
269
274
KeyNegotiatorType :: Client => {
270
- let encryption_key = Self :: key_derivation_function (
271
- key_material,
272
- CLIENT_KEY_PURPOSE ,
273
- & peer_public_key,
274
- & self_public_key,
275
+ let encryption_key = EncryptionKey (
276
+ Self :: key_derivation_function (
277
+ key_material,
278
+ CLIENT_KEY_PURPOSE ,
279
+ & peer_public_key,
280
+ & self_public_key,
281
+ )
282
+ . context ( "Couldn't derive decryption key" ) ?,
275
283
) ;
276
- let decryption_key = Self :: key_derivation_function (
277
- key_material,
278
- SERVER_KEY_PURPOSE ,
279
- & peer_public_key,
280
- & self_public_key,
284
+ let decryption_key = DecryptionKey (
285
+ Self :: key_derivation_function (
286
+ key_material,
287
+ SERVER_KEY_PURPOSE ,
288
+ & peer_public_key,
289
+ & self_public_key,
290
+ )
291
+ . context ( "Couldn't derive encryption key" ) ?,
281
292
) ;
282
293
Ok ( ( encryption_key, decryption_key) )
283
294
}
284
295
}
285
296
} ,
286
297
)
287
- . context ( "Couldn't agree on session keys" ) ?;
288
- Ok ( (
289
- EncryptionKey ( encryption_key. context ( "Couldn't derive encryption key" ) ?) ,
290
- DecryptionKey ( decryption_key. context ( "Couldn't derive decryption key" ) ?) ,
291
- ) )
298
+ . map_err ( anyhow:: Error :: msg)
299
+ . context ( "Couldn't derive session keys" ) ?
300
+ . context ( "Couldn't agree on session keys" )
292
301
}
293
302
294
303
/// Derives a session key from `key_material` using HKDF.
@@ -351,8 +360,9 @@ impl Signer {
351
360
let rng = ring:: rand:: SystemRandom :: new ( ) ;
352
361
let key_pair_pkcs8 = EcdsaKeyPair :: generate_pkcs8 ( SIGNING_ALGORITHM , & rng)
353
362
. map_err ( |error| anyhow ! ( "Couldn't generate PKCS#8 key pair: {:?}" , error) ) ?;
354
- let key_pair = EcdsaKeyPair :: from_pkcs8 ( SIGNING_ALGORITHM , key_pair_pkcs8. as_ref ( ) )
355
- . map_err ( |error| anyhow ! ( "Couldn't parse generated key pair: {:?}" , error) ) ?;
363
+ let key_pair =
364
+ EcdsaKeyPair :: from_pkcs8 ( SIGNING_ALGORITHM , key_pair_pkcs8. as_ref ( ) , & rng)
365
+ . map_err ( |error| anyhow ! ( "Couldn't parse generated key pair: {:?}" , error) ) ?;
356
366
357
367
Ok ( Self { key_pair } )
358
368
}
0 commit comments