move ECDH_CTX into cpp Change-Id: Ib28e0d0586f9e89fe2aaaaa3c6311ffd0325f8ad

commit: cfad98d1e810b09a8377afc535b9d21325d14b6b [log] [tgz]
author: Zhiyi Zhang <zhiyi@cs.ucla.edu> Sun Oct 11 11:25:14 2020 -0700
committer: Zhiyi Zhang <zhiyi@cs.ucla.edu> Sun Oct 11 11:25:14 2020 -0700
tree: d8a608fa7726b8f0cbac5d14983dfd8e67865bf0
parent: 3243728b44f03aeea853b2abb1ea0dae3466dd82 [diff]
diff --git a/src/ca-module.cpp b/src/ca-module.cpp
index 097c0d7..0318a05 100644
--- a/src/ca-module.cpp
+++ b/src/ca-module.cpp

@@ -231,8 +231,7 @@
   auto saltInt = random::generateSecureWord64();
   // hkdf
   uint8_t aesKey[AES_128_KEY_LEN];
-  hkdf(ecdh.context->sharedSecret, ecdh.context->sharedSecretLen,
-       (uint8_t*)&saltInt, sizeof(saltInt), aesKey, sizeof(aesKey));
+  hkdf(ecdh.m_sharedSecret, ecdh.m_sharedSecretLen, (uint8_t*)&saltInt, sizeof(saltInt), aesKey, sizeof(aesKey));
 
   // verify identity name
   if (!m_config.m_caItem.m_caPrefix.isPrefixOf(clientCert->getIdentity())

diff --git a/src/crypto-support/crypto-helper.cpp b/src/crypto-support/crypto-helper.cpp
index 2920fdb..286490d 100644
--- a/src/crypto-support/crypto-helper.cpp
+++ b/src/crypto-support/crypto-helper.cpp

@@ -36,9 +36,20 @@
 
 const size_t HASH_SIZE = 32;
 
-NDN_LOG_INIT(ndncert.crypto-support);
+NDN_LOG_INIT(ndncert.cryptosupport);
+
+struct ECDHState::ECDH_CTX {
+  int EC_NID;
+  EVP_PKEY_CTX* ctx_params;
+  EVP_PKEY_CTX* ctx_keygen;
+  EVP_PKEY* privkey;
+  EVP_PKEY* peerkey;
+  EVP_PKEY* params;
+};
 
 ECDHState::ECDHState()
+  : m_publicKeyLen(0)
+  , m_sharedSecretLen(0)
 {
   OpenSSL_add_all_algorithms();
   context = std::make_unique<ECDH_CTX>();
@@ -123,15 +134,15 @@
 
   auto ecPoint = EC_KEY_get0_public_key(privECKey);
   const EC_GROUP* group = EC_KEY_get0_group(privECKey);
-  context->publicKeyLen = EC_POINT_point2oct(group, ecPoint, POINT_CONVERSION_COMPRESSED,
-                                             context->publicKey, 256, nullptr);
+  m_publicKeyLen = EC_POINT_point2oct(group, ecPoint, POINT_CONVERSION_COMPRESSED,
+                                    m_publicKey, 256, nullptr);
   EC_KEY_free(privECKey);
-  if (context->publicKeyLen == 0) {
+  if (m_publicKeyLen == 0) {
     handleErrors("Could not convert EC_POINTS to octet string when calling EC_POINT_point2oct.");
     return nullptr;
   }
 
-  return context->publicKey;
+  return m_publicKey;
 }
 
 std::string
@@ -139,12 +150,11 @@
 {
   namespace t = ndn::security::transform;
 
-  if (context->publicKeyLen == 0) {
+  if (m_publicKeyLen == 0) {
     this->getRawSelfPubKey();
   }
-
   std::ostringstream os;
-  t::bufferSource(context->publicKey, context->publicKeyLen) >> t::base64Encode(false) >> t::streamSink(os);
+  t::bufferSource(m_publicKey, m_publicKeyLen) >> t::base64Encode(false) >> t::streamSink(os);
   return os.str();
 }
 
@@ -167,15 +177,14 @@
     handleErrors("Cannot convert peer's key into a EC point when calling EC_POINT_oct2point()");
   }
 
-  if (-1 == (context->sharedSecretLen = ECDH_compute_key(context->sharedSecret, 256,
-                                                         peerPoint, privECKey, nullptr))) {
+  if (-1 == (m_sharedSecretLen = ECDH_compute_key(m_sharedSecret, 256, peerPoint, privECKey, nullptr))) {
     EC_POINT_free(peerPoint);
     EC_KEY_free(privECKey);
     handleErrors("Cannot generate ECDH secret when calling ECDH_compute_key()");
   }
   EC_POINT_free(peerPoint);
   EC_KEY_free(privECKey);
-  return context->sharedSecret;
+  return m_sharedSecret;
 }
 
 uint8_t*
@@ -192,8 +201,8 @@
 
 int
 hmac_sha256(const uint8_t* data, const unsigned data_length,
-                        const uint8_t* key, const unsigned key_length,
-                        uint8_t* result)
+            const uint8_t* key, const unsigned key_length,
+            uint8_t* result)
 {
   HMAC(EVP_sha256(), key, key_length,
        (unsigned char*)data, data_length,

diff --git a/src/crypto-support/crypto-helper.hpp b/src/crypto-support/crypto-helper.hpp
index 3af83af..eb4122c 100644
--- a/src/crypto-support/crypto-helper.hpp
+++ b/src/crypto-support/crypto-helper.hpp

@@ -37,19 +37,6 @@
   using std::runtime_error::runtime_error;
 };
 
-struct ECDH_CTX {
-  int EC_NID;
-  EVP_PKEY_CTX* ctx_params;
-  EVP_PKEY_CTX* ctx_keygen;
-  EVP_PKEY* privkey;
-  EVP_PKEY* peerkey;
-  EVP_PKEY* params;
-  uint8_t publicKey[256];
-  int publicKeyLen;
-  uint8_t sharedSecret[256];
-  int sharedSecretLen;
-};
-
 class ECDHState {
 public:
   ECDHState();
@@ -61,7 +48,10 @@
   uint8_t*
   deriveSecret(const std::string& peerKeyStr);
 
-  unique_ptr<ECDH_CTX> context;
+  uint8_t m_publicKey[256];
+  size_t m_publicKeyLen;
+  uint8_t m_sharedSecret[256];
+  size_t m_sharedSecretLen;
 
 PUBLIC_WITH_TESTS_ELSE_PRIVATE:
   uint8_t*
@@ -69,6 +59,10 @@
 
   uint8_t*
   getRawSelfPubKey();
+
+private:
+  struct ECDH_CTX;
+  unique_ptr<ECDH_CTX> context;
 };
 
 /**

diff --git a/src/requester.cpp b/src/requester.cpp
index de2d1a6..c7717a7 100644
--- a/src/requester.cpp
+++ b/src/requester.cpp

@@ -202,7 +202,7 @@
 
   // ECDH and HKDF
   state.m_ecdh.deriveSecret(content.ecdhKey);
-  hkdf(state.m_ecdh.context->sharedSecret, state.m_ecdh.context->sharedSecretLen,
+  hkdf(state.m_ecdh.m_sharedSecret, state.m_ecdh.m_sharedSecretLen,
        (uint8_t*)&content.salt, sizeof(content.salt), state.m_aesKey, sizeof(state.m_aesKey));
 
   // update state
commit	cfad98d1e810b09a8377afc535b9d21325d14b6b	[log] [tgz]
author	Zhiyi Zhang <zhiyi@cs.ucla.edu>	Sun Oct 11 11:25:14 2020 -0700
committer	Zhiyi Zhang <zhiyi@cs.ucla.edu>	Sun Oct 11 11:25:14 2020 -0700
tree	d8a608fa7726b8f0cbac5d14983dfd8e67865bf0
parent	3243728b44f03aeea853b2abb1ea0dae3466dd82 [diff]