@@ -234,11 +234,10 @@ impl KeyNegotiator {
234234 ) -> anyhow:: Result < ( EncryptionKey , DecryptionKey ) > {
235235 let type_ = self . type_ . clone ( ) ;
236236 let self_public_key = self . public_key ( ) . context ( "Couldn't get self public key" ) ?;
237- let ( encryption_key , decryption_key ) = agreement:: agree_ephemeral (
237+ agreement:: agree_ephemeral (
238238 self . private_key ,
239239 & agreement:: UnparsedPublicKey :: new ( KEY_AGREEMENT_ALGORITHM , peer_public_key) ,
240- anyhow ! ( "Couldn't derive session keys" ) ,
241- |key_material| {
240+ |key_material| -> anyhow:: Result < ( EncryptionKey , DecryptionKey ) > {
242241 let key_material = key_material
243242 . try_into ( )
244243 . map_err ( anyhow:: Error :: msg)
@@ -251,44 +250,54 @@ impl KeyNegotiator {
251250 match type_ {
252251 // On the server side `self_public_key` is the server key.
253252 KeyNegotiatorType :: Server => {
254- let encryption_key = Self :: key_derivation_function (
255- key_material,
256- SERVER_KEY_PURPOSE ,
257- & self_public_key,
258- & peer_public_key,
253+ let encryption_key = EncryptionKey (
254+ Self :: key_derivation_function (
255+ key_material,
256+ SERVER_KEY_PURPOSE ,
257+ & self_public_key,
258+ & peer_public_key,
259+ )
260+ . context ( "Couldn't derive decryption key" ) ?,
259261 ) ;
260- let decryption_key = Self :: key_derivation_function (
261- key_material,
262- CLIENT_KEY_PURPOSE ,
263- & self_public_key,
264- & peer_public_key,
262+ let decryption_key = DecryptionKey (
263+ Self :: key_derivation_function (
264+ key_material,
265+ CLIENT_KEY_PURPOSE ,
266+ & self_public_key,
267+ & peer_public_key,
268+ )
269+ . context ( "Couldn't derive encryption key" ) ?,
265270 ) ;
266271 Ok ( ( encryption_key, decryption_key) )
267272 }
268273 // On the client side `peer_public_key` is the server key.
269274 KeyNegotiatorType :: Client => {
270- let encryption_key = Self :: key_derivation_function (
271- key_material,
272- CLIENT_KEY_PURPOSE ,
273- & peer_public_key,
274- & self_public_key,
275+ let encryption_key = EncryptionKey (
276+ Self :: key_derivation_function (
277+ key_material,
278+ CLIENT_KEY_PURPOSE ,
279+ & peer_public_key,
280+ & self_public_key,
281+ )
282+ . context ( "Couldn't derive decryption key" ) ?,
275283 ) ;
276- let decryption_key = Self :: key_derivation_function (
277- key_material,
278- SERVER_KEY_PURPOSE ,
279- & peer_public_key,
280- & self_public_key,
284+ let decryption_key = DecryptionKey (
285+ Self :: key_derivation_function (
286+ key_material,
287+ SERVER_KEY_PURPOSE ,
288+ & peer_public_key,
289+ & self_public_key,
290+ )
291+ . context ( "Couldn't derive encryption key" ) ?,
281292 ) ;
282293 Ok ( ( encryption_key, decryption_key) )
283294 }
284295 }
285296 } ,
286297 )
287- . context ( "Couldn't agree on session keys" ) ?;
288- Ok ( (
289- EncryptionKey ( encryption_key. context ( "Couldn't derive encryption key" ) ?) ,
290- DecryptionKey ( decryption_key. context ( "Couldn't derive decryption key" ) ?) ,
291- ) )
298+ . map_err ( anyhow:: Error :: msg)
299+ . context ( "Couldn't derive session keys" ) ?
300+ . context ( "Couldn't agree on session keys" )
292301 }
293302
294303 /// Derives a session key from `key_material` using HKDF.
@@ -351,8 +360,9 @@ impl Signer {
351360 let rng = ring:: rand:: SystemRandom :: new ( ) ;
352361 let key_pair_pkcs8 = EcdsaKeyPair :: generate_pkcs8 ( SIGNING_ALGORITHM , & rng)
353362 . map_err ( |error| anyhow ! ( "Couldn't generate PKCS#8 key pair: {:?}" , error) ) ?;
354- let key_pair = EcdsaKeyPair :: from_pkcs8 ( SIGNING_ALGORITHM , key_pair_pkcs8. as_ref ( ) )
355- . map_err ( |error| anyhow ! ( "Couldn't parse generated key pair: {:?}" , error) ) ?;
363+ let key_pair =
364+ EcdsaKeyPair :: from_pkcs8 ( SIGNING_ALGORITHM , key_pair_pkcs8. as_ref ( ) , & rng)
365+ . map_err ( |error| anyhow ! ( "Couldn't parse generated key pair: {:?}" , error) ) ?;
356366
357367 Ok ( Self { key_pair } )
358368 }
0 commit comments