Skip to content

Commit 11303ab

Browse files
dgarskedgarske
committed
Support for Public Key (PK) callbacks with PSK in TLS v1.2 and TLS v1.3 (client and server). ZD 17383
1 parent ee39a8f commit 11303ab

4 files changed

Lines changed: 182 additions & 137 deletions

File tree

src/internal.c

Lines changed: 80 additions & 73 deletions
Original file line numberDiff line numberDiff line change
@@ -31464,23 +31464,13 @@ int SendClientKeyExchange(WOLFSSL* ssl)
3146431464
case psk_kea:
3146531465
{
3146631466
byte* pms = ssl->arrays->preMasterSecret;
31467-
int cbret = (int)ssl->options.client_psk_cb(ssl,
31467+
ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl,
3146831468
ssl->arrays->server_hint, ssl->arrays->client_identity,
3146931469
MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
31470-
31471-
if (cbret == 0 || cbret > MAX_PSK_KEY_LEN) {
31472-
if (cbret != USE_HW_PSK) {
31473-
ERROR_OUT(PSK_KEY_ERROR, exit_scke);
31474-
}
31475-
}
31476-
31477-
if (cbret == USE_HW_PSK) {
31478-
/* USE_HW_PSK indicates that the hardware has the PSK
31479-
* and generates the premaster secret. */
31480-
ssl->arrays->psk_keySz = 0;
31481-
}
31482-
else {
31483-
ssl->arrays->psk_keySz = (word32)cbret;
31470+
if (ssl->arrays->psk_keySz == 0 ||
31471+
(ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN &&
31472+
(int)ssl->arrays->psk_keySz != USE_HW_PSK)) {
31473+
ERROR_OUT(PSK_KEY_ERROR, exit_scke);
3148431474
}
3148531475

3148631476
/* Ensure the buffer is null-terminated. */
@@ -31492,7 +31482,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
3149231482
XMEMCPY(args->encSecret, ssl->arrays->client_identity,
3149331483
args->encSz);
3149431484
ssl->options.peerAuthGood = 1;
31495-
if (cbret != USE_HW_PSK) {
31485+
if ((int)ssl->arrays->psk_keySz > 0) {
3149631486
/* CLIENT: Pre-shared Key for peer authentication. */
3149731487

3149831488
/* make psk pre master secret */
@@ -31508,8 +31498,8 @@ int SendClientKeyExchange(WOLFSSL* ssl)
3150831498
ssl->arrays->preMasterSz = (ssl->arrays->psk_keySz * 2)
3150931499
+ (2 * OPAQUE16_LEN);
3151031500
ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
31511-
ssl->arrays->psk_keySz = 0; /* No further need */
3151231501
}
31502+
ssl->arrays->psk_keySz = 0; /* No further need */
3151331503
break;
3151431504
}
3151531505
#endif /* !NO_PSK */
@@ -31520,12 +31510,14 @@ int SendClientKeyExchange(WOLFSSL* ssl)
3152031510
args->output = args->encSecret;
3152131511

3152231512
ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl,
31523-
ssl->arrays->server_hint, ssl->arrays->client_identity,
31524-
MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
31513+
ssl->arrays->server_hint, ssl->arrays->client_identity,
31514+
MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
3152531515
if (ssl->arrays->psk_keySz == 0 ||
31526-
ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
31516+
(ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN &&
31517+
(int)ssl->arrays->psk_keySz != USE_HW_PSK)) {
3152731518
ERROR_OUT(PSK_KEY_ERROR, exit_scke);
3152831519
}
31520+
3152931521
ssl->arrays->client_identity[MAX_PSK_ID_LEN] = '\0'; /* null term */
3153031522
esSz = (word32)XSTRLEN(ssl->arrays->client_identity);
3153131523

@@ -31601,12 +31593,14 @@ int SendClientKeyExchange(WOLFSSL* ssl)
3160131593

3160231594
/* Send PSK client identity */
3160331595
ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl,
31604-
ssl->arrays->server_hint, ssl->arrays->client_identity,
31605-
MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
31596+
ssl->arrays->server_hint, ssl->arrays->client_identity,
31597+
MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
3160631598
if (ssl->arrays->psk_keySz == 0 ||
31607-
ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
31599+
(ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN &&
31600+
(int)ssl->arrays->psk_keySz != USE_HW_PSK)) {
3160831601
ERROR_OUT(PSK_KEY_ERROR, exit_scke);
3160931602
}
31603+
3161031604
ssl->arrays->client_identity[MAX_PSK_ID_LEN] = '\0'; /* null term */
3161131605
esSz = (word32)XSTRLEN(ssl->arrays->client_identity);
3161231606
if (esSz > MAX_PSK_ID_LEN) {
@@ -31626,7 +31620,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
3162631620
args->length = MAX_ENCRYPT_SZ;
3162731621

3162831622
/* Create shared ECC key leaving room at the beginning
31629-
of buffer for size of shared key. */
31623+
* of buffer for size of shared key. */
3163031624
ssl->arrays->preMasterSz = ENCRYPT_LEN - OPAQUE16_LEN;
3163131625

3163231626
#ifdef HAVE_CURVE25519
@@ -32017,13 +32011,15 @@ int SendClientKeyExchange(WOLFSSL* ssl)
3201732011
pms += ssl->arrays->preMasterSz;
3201832012

3201932013
/* make psk pre master secret */
32020-
/* length of key + length 0s + length of key + key */
32021-
c16toa((word16)ssl->arrays->psk_keySz, pms);
32022-
pms += OPAQUE16_LEN;
32023-
XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
32024-
ssl->arrays->preMasterSz +=
32025-
ssl->arrays->psk_keySz + OPAQUE16_LEN;
32026-
ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
32014+
if ((int)ssl->arrays->psk_keySz > 0) {
32015+
/* length of key + length 0s + length of key + key */
32016+
c16toa((word16)ssl->arrays->psk_keySz, pms);
32017+
pms += OPAQUE16_LEN;
32018+
XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
32019+
ssl->arrays->preMasterSz +=
32020+
ssl->arrays->psk_keySz + OPAQUE16_LEN;
32021+
ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
32022+
}
3202732023
ssl->arrays->psk_keySz = 0; /* No further need */
3202832024
break;
3202932025
}
@@ -32044,18 +32040,19 @@ int SendClientKeyExchange(WOLFSSL* ssl)
3204432040
args->encSz += args->length + OPAQUE8_LEN;
3204532041

3204632042
/* Create pre master secret is the concatenation of
32047-
eccSize + eccSharedKey + pskSize + pskKey */
32043+
* eccSize + eccSharedKey + pskSize + pskKey */
3204832044
c16toa((word16)ssl->arrays->preMasterSz, pms);
3204932045
ssl->arrays->preMasterSz += OPAQUE16_LEN;
3205032046
pms += ssl->arrays->preMasterSz;
3205132047

32052-
c16toa((word16)ssl->arrays->psk_keySz, pms);
32053-
pms += OPAQUE16_LEN;
32054-
XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
32055-
ssl->arrays->preMasterSz +=
32056-
ssl->arrays->psk_keySz + OPAQUE16_LEN;
32048+
if ((int)ssl->arrays->psk_keySz > 0) {
32049+
c16toa((word16)ssl->arrays->psk_keySz, pms);
32050+
pms += OPAQUE16_LEN;
32051+
XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
32052+
ssl->arrays->preMasterSz += ssl->arrays->psk_keySz + OPAQUE16_LEN;
3205732053

32058-
ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
32054+
ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
32055+
}
3205932056
ssl->arrays->psk_keySz = 0; /* No further need */
3206032057
break;
3206132058
}
@@ -38691,31 +38688,35 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
3869138688
MAX_PSK_KEY_LEN);
3869238689

3869338690
if (ssl->arrays->psk_keySz == 0 ||
38694-
ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
38695-
#if defined(WOLFSSL_EXTRA_ALERTS) || \
38696-
defined(WOLFSSL_PSK_IDENTITY_ALERT)
38697-
SendAlert(ssl, alert_fatal,
38698-
unknown_psk_identity);
38699-
#endif
38691+
(ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN &&
38692+
(int)ssl->arrays->psk_keySz != USE_HW_PSK)) {
38693+
#if defined(WOLFSSL_EXTRA_ALERTS) || \
38694+
defined(WOLFSSL_PSK_IDENTITY_ALERT)
38695+
SendAlert(ssl, alert_fatal,
38696+
unknown_psk_identity);
38697+
#endif
3870038698
ERROR_OUT(PSK_KEY_ERROR, exit_dcke);
3870138699
}
3870238700
/* SERVER: Pre-shared Key for peer authentication. */
3870338701
ssl->options.peerAuthGood = 1;
3870438702

3870538703
/* make psk pre master secret */
38706-
/* length of key + length 0s + length of key + key */
38707-
c16toa((word16) ssl->arrays->psk_keySz, pms);
38708-
pms += OPAQUE16_LEN;
38704+
if ((int)ssl->arrays->psk_keySz > 0) {
38705+
/* length of key + length 0s + length of key + key */
38706+
c16toa((word16) ssl->arrays->psk_keySz, pms);
38707+
pms += OPAQUE16_LEN;
3870938708

38710-
XMEMSET(pms, 0, ssl->arrays->psk_keySz);
38711-
pms += ssl->arrays->psk_keySz;
38709+
XMEMSET(pms, 0, ssl->arrays->psk_keySz);
38710+
pms += ssl->arrays->psk_keySz;
3871238711

38713-
c16toa((word16) ssl->arrays->psk_keySz, pms);
38714-
pms += OPAQUE16_LEN;
38712+
c16toa((word16) ssl->arrays->psk_keySz, pms);
38713+
pms += OPAQUE16_LEN;
3871538714

38716-
XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
38717-
ssl->arrays->preMasterSz =
38718-
(ssl->arrays->psk_keySz * 2) + (OPAQUE16_LEN * 2);
38715+
XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
38716+
ssl->arrays->preMasterSz = (ssl->arrays->psk_keySz * 2) +
38717+
(OPAQUE16_LEN * 2);
38718+
}
38719+
ssl->arrays->psk_keySz = 0; /* no further need */
3871938720
break;
3872038721
}
3872138722
#endif /* !NO_PSK */
@@ -39530,24 +39531,27 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
3953039531
MAX_PSK_KEY_LEN);
3953139532

3953239533
if (ssl->arrays->psk_keySz == 0 ||
39533-
ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
39534-
#if defined(WOLFSSL_EXTRA_ALERTS) || \
39535-
defined(WOLFSSL_PSK_IDENTITY_ALERT)
39536-
SendAlert(ssl, alert_fatal,
39537-
unknown_psk_identity);
39538-
#endif
39534+
(ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN &&
39535+
(int)ssl->arrays->psk_keySz != USE_HW_PSK)) {
39536+
#if defined(WOLFSSL_EXTRA_ALERTS) || \
39537+
defined(WOLFSSL_PSK_IDENTITY_ALERT)
39538+
SendAlert(ssl, alert_fatal,
39539+
unknown_psk_identity);
39540+
#endif
3953939541
ERROR_OUT(PSK_KEY_ERROR, exit_dcke);
3954039542
}
3954139543
/* SERVER: Pre-shared Key for peer authentication. */
3954239544
ssl->options.peerAuthGood = 1;
3954339545

39544-
c16toa((word16) ssl->arrays->psk_keySz, pms);
39545-
pms += OPAQUE16_LEN;
39546+
if ((int)ssl->arrays->psk_keySz > 0) {
39547+
c16toa((word16) ssl->arrays->psk_keySz, pms);
39548+
pms += OPAQUE16_LEN;
3954639549

39547-
XMEMCPY(pms, ssl->arrays->psk_key,
39548-
ssl->arrays->psk_keySz);
39549-
ssl->arrays->preMasterSz += ssl->arrays->psk_keySz +
39550-
OPAQUE16_LEN;
39550+
XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
39551+
ssl->arrays->preMasterSz += ssl->arrays->psk_keySz + OPAQUE16_LEN;
39552+
ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
39553+
}
39554+
ssl->arrays->psk_keySz = 0; /* no further need */
3955139555
break;
3955239556
}
3955339557
#endif /* !NO_DH && !NO_PSK */
@@ -39573,18 +39577,21 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
3957339577
MAX_PSK_KEY_LEN);
3957439578

3957539579
if (ssl->arrays->psk_keySz == 0 ||
39576-
ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
39580+
(ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN &&
39581+
(int)ssl->arrays->psk_keySz != USE_HW_PSK)) {
3957739582
ERROR_OUT(PSK_KEY_ERROR, exit_dcke);
3957839583
}
3957939584
/* SERVER: Pre-shared Key for peer authentication. */
3958039585
ssl->options.peerAuthGood = 1;
39586+
if ((int)ssl->arrays->psk_keySz > 0) {
39587+
c16toa((word16) ssl->arrays->psk_keySz, pms);
39588+
pms += OPAQUE16_LEN;
3958139589

39582-
c16toa((word16) ssl->arrays->psk_keySz, pms);
39583-
pms += OPAQUE16_LEN;
39584-
39585-
XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
39586-
ssl->arrays->preMasterSz +=
39587-
ssl->arrays->psk_keySz + OPAQUE16_LEN;
39590+
XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
39591+
ssl->arrays->preMasterSz += ssl->arrays->psk_keySz + OPAQUE16_LEN;
39592+
ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
39593+
}
39594+
ssl->arrays->psk_keySz = 0; /* no further need */
3958839595
break;
3958939596
}
3959039597
#endif /* (HAVE_ECC || CURVE25519 || CURVE448) && !NO_PSK */

src/tls.c

Lines changed: 29 additions & 33 deletions
Original file line numberDiff line numberDiff line change
@@ -13327,7 +13327,7 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
1332713327
else
1332813328
#endif
1332913329
if (ssl->options.client_psk_cb != NULL ||
13330-
ssl->options.client_psk_tls13_cb != NULL) {
13330+
ssl->options.client_psk_tls13_cb != NULL) {
1333113331
/* Default cipher suite. */
1333213332
byte cipherSuite0 = TLS13_BYTE;
1333313333
byte cipherSuite = WOLFSSL_DEF_PSK_CIPHER;
@@ -13349,42 +13349,38 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
1334913349
ssl->arrays->server_hint, ssl->arrays->client_identity,
1335013350
MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
1335113351
}
13352-
#if defined(OPENSSL_EXTRA)
13353-
/* OpenSSL treats 0 as a PSK key length of 0
13354-
* and meaning no PSK available.
13355-
*/
13356-
if (ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
13357-
return PSK_KEY_ERROR;
13358-
}
13359-
if (ssl->arrays->psk_keySz > 0) {
13360-
#else
13361-
if (ssl->arrays->psk_keySz == 0 ||
13362-
ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
13363-
return PSK_KEY_ERROR;
13352+
if (
13353+
#ifndef OPENSSL_EXTRA
13354+
/* OpenSSL treats a PSK key length of 0
13355+
* to indicate no PSK available.
13356+
*/
13357+
ssl->arrays->psk_keySz == 0 ||
13358+
#endif
13359+
(ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN &&
13360+
(int)ssl->arrays->psk_keySz != USE_HW_PSK)) {
13361+
ret = PSK_KEY_ERROR;
1336413362
}
13365-
#endif
13366-
ssl->arrays->client_identity[MAX_PSK_ID_LEN] = '\0';
13367-
13368-
ssl->options.cipherSuite0 = cipherSuite0;
13369-
ssl->options.cipherSuite = cipherSuite;
13370-
(void)cipherSuiteFlags;
13371-
ret = SetCipherSpecs(ssl);
13372-
if (ret != 0)
13373-
return ret;
13363+
else {
13364+
ssl->arrays->client_identity[MAX_PSK_ID_LEN] = '\0';
1337413365

13375-
ret = TLSX_PreSharedKey_Use(&ssl->extensions,
13376-
(byte*)ssl->arrays->client_identity,
13377-
(word16)XSTRLEN(ssl->arrays->client_identity),
13378-
0, ssl->specs.mac_algorithm,
13379-
cipherSuite0, cipherSuite, 0,
13380-
NULL, ssl->heap);
13366+
ssl->options.cipherSuite0 = cipherSuite0;
13367+
ssl->options.cipherSuite = cipherSuite;
13368+
(void)cipherSuiteFlags;
13369+
ret = SetCipherSpecs(ssl);
13370+
if (ret == 0) {
13371+
ret = TLSX_PreSharedKey_Use(
13372+
&ssl->extensions,
13373+
(byte*)ssl->arrays->client_identity,
13374+
(word16)XSTRLEN(ssl->arrays->client_identity),
13375+
0, ssl->specs.mac_algorithm,
13376+
cipherSuite0, cipherSuite, 0,
13377+
NULL, ssl->heap);
13378+
}
13379+
if (ret == 0)
13380+
usingPSK = 1;
13381+
}
1338113382
if (ret != 0)
1338213383
return ret;
13383-
13384-
usingPSK = 1;
13385-
#if defined(OPENSSL_EXTRA)
13386-
}
13387-
#endif
1338813384
}
1338913385
#endif /* !NO_PSK */
1339013386
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)

0 commit comments

Comments
 (0)