[crypto] Generalise elliptic curve key exchange to ecdhe_key()

Split out the portion of tls_send_client_key_exchange_ecdhe() that
actually performs the elliptic curve key exchange into a separate
function ecdhe_key().

Signed-off-by: Michael Brown <mcb30@ipxe.org>

src/crypto/ecdhe.c

@@ -0,0 +1,66 @@
+/*
+ * Copyright (C) 2025 Michael Brown <mbrown@fensystems.co.uk>.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ *
+ * You can also choose to distribute this program under the terms of
+ * the Unmodified Binary Distribution Licence (as given in the file
+ * COPYING.UBDL), provided that you have satisfied its requirements.
+ */
+
+FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+
+/** @file
+ *
+ * Elliptic Curve Ephemeral Diffie-Hellman (ECDHE) key exchange
+ *
+ */
+
+#include <string.h>
+#include <ipxe/ecdhe.h>
+
+/**
+ * Calculate ECDHE key
+ *
+ * @v curve		Elliptic curve
+ * @v partner		Partner public curve point
+ * @v private		Private key
+ * @v public		Public curve point to fill in (may overlap partner key)
+ * @v shared		Shared secret curve point to fill in
+ * @ret rc		Return status code
+ */
+int ecdhe_key ( struct elliptic_curve *curve, const void *partner,
+		const void *private, void *public, void *shared ) {
+	int rc;
+
+	/* Construct shared key */
+	if ( ( rc = elliptic_multiply ( curve, partner, private,
+					shared ) ) != 0 ) {
+		DBGC ( curve, "CURVE %s could not generate shared key: %s\n",
+		       curve->name, strerror ( rc ) );
+		return rc;
+	}
+
+	/* Construct public key */
+	if ( ( rc = elliptic_multiply ( curve, NULL, private,
+					public ) ) != 0 ) {
+		DBGC ( curve, "CURVE %s could not generate public key: %s\n",
+		       curve->name, strerror ( rc ) );
+		return rc;
+	}
+
+	return 0;
+}

src/include/ipxe/ecdhe.h

@@ -0,0 +1,17 @@
+#ifndef _IPXE_ECDHE_H
+#define _IPXE_ECDHE_H
+
+/** @file
+ *
+ * Elliptic Curve Ephemeral Diffie-Hellman (ECDHE) key exchange
+ *
+ */
+
+FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+
+#include <ipxe/crypto.h>
+
+extern int ecdhe_key ( struct elliptic_curve *curve, const void *partner,
+		       const void *private, void *public, void *shared );
+
+#endif /* _IPXE_ECDHE_H */

src/net/tls.c

@@ -50,6 +50,7 @@ FILE_LICENCE ( GPL2_OR_LATER );
 #include <ipxe/validator.h>
 #include <ipxe/job.h>
 #include <ipxe/dhe.h>
+#include <ipxe/ecdhe.h>
 #include <ipxe/tls.h>
 #include <config/crypto.h>
 
@@ -1733,9 +1734,9 @@ static int tls_send_client_key_exchange_ecdhe ( struct tls_connection *tls ) {
 		}
 
 		/* Calculate pre-master secret */
-		if ( ( rc = elliptic_multiply ( curve->curve,
-						ecdh->public, private,
-						pre_master_secret ) ) != 0 ) {
+		if ( ( rc = ecdhe_key ( curve->curve, ecdh->public,
+					private, key_xchg.public,
+					pre_master_secret ) ) != 0 ) {
 			DBGC ( tls, "TLS %p could not exchange ECDHE key: %s\n",
 			       tls, strerror ( rc ) );
 			return rc;
@@ -1750,12 +1751,6 @@ static int tls_send_client_key_exchange_ecdhe ( struct tls_connection *tls ) {
 			  htonl ( sizeof ( key_xchg ) -
 				  sizeof ( key_xchg.type_length ) ) );
 		key_xchg.public_len = len;
-		if ( ( rc = elliptic_multiply ( curve->curve, NULL, private,
-						key_xchg.public ) ) != 0 ) {
-			DBGC ( tls, "TLS %p could not generate ECDHE key: %s\n",
-			       tls, strerror ( rc ) );
-			return rc;
-		}
 
 		/* Transmit Client Key Exchange record */
 		if ( ( rc = tls_send_handshake ( tls, &key_xchg,