wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 11:44:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7302 from dgarske/pk_psk

Browse Source 
Support for Public Key (PK) callbacks with PSK
This commit is contained in:
JacobBarthelmeh
2024-03-14 00:02:23 +07:00
committed by GitHub
parent d2fd937075 11303ab796
commit 1e054b9613
4 changed files with 182 additions and 137 deletions
Download Patch File Download Diff File Expand all files Collapse all files

153
src/internal.c
View File

@@ -31464,23 +31464,13 @@ int SendClientKeyExchange(WOLFSSL* ssl)
case psk_kea:
{
byte* pms = ssl->arrays->preMasterSecret;
int cbret = (int)ssl->options.client_psk_cb(ssl,
ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl,
ssl->arrays->server_hint, ssl->arrays->client_identity,
MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
if (cbret == 0 || cbret > MAX_PSK_KEY_LEN) {
if (cbret != USE_HW_PSK) {
ERROR_OUT(PSK_KEY_ERROR, exit_scke);
}
}
if (cbret == USE_HW_PSK) {
/* USE_HW_PSK indicates that the hardware has the PSK
* and generates the premaster secret. */
ssl->arrays->psk_keySz = 0;
}
else {
ssl->arrays->psk_keySz = (word32)cbret;
if (ssl->arrays->psk_keySz == 0 ||
(ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN &&
(int)ssl->arrays->psk_keySz != USE_HW_PSK)) {
ERROR_OUT(PSK_KEY_ERROR, exit_scke);
}
/* Ensure the buffer is null-terminated. */
@@ -31492,7 +31482,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
XMEMCPY(args->encSecret, ssl->arrays->client_identity,
args->encSz);
ssl->options.peerAuthGood = 1;
if (cbret != USE_HW_PSK) {
if ((int)ssl->arrays->psk_keySz > 0) {
/* CLIENT: Pre-shared Key for peer authentication. */
/* make psk pre master secret */
@@ -31508,8 +31498,8 @@ int SendClientKeyExchange(WOLFSSL* ssl)
ssl->arrays->preMasterSz = (ssl->arrays->psk_keySz * 2)
+ (2 * OPAQUE16_LEN);
ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
ssl->arrays->psk_keySz = 0; /* No further need */
}
ssl->arrays->psk_keySz = 0; /* No further need */
break;
}
#endif /* !NO_PSK */
@@ -31520,12 +31510,14 @@ int SendClientKeyExchange(WOLFSSL* ssl)
args->output = args->encSecret;
ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl,
ssl->arrays->server_hint, ssl->arrays->client_identity,
MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
ssl->arrays->server_hint, ssl->arrays->client_identity,
MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
if (ssl->arrays->psk_keySz == 0 ||
ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
(ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN &&
(int)ssl->arrays->psk_keySz != USE_HW_PSK)) {
ERROR_OUT(PSK_KEY_ERROR, exit_scke);
}
ssl->arrays->client_identity[MAX_PSK_ID_LEN] = '\0'; /* null term */
esSz = (word32)XSTRLEN(ssl->arrays->client_identity);
@@ -31601,12 +31593,14 @@ int SendClientKeyExchange(WOLFSSL* ssl)
/* Send PSK client identity */
ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl,
ssl->arrays->server_hint, ssl->arrays->client_identity,
MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
ssl->arrays->server_hint, ssl->arrays->client_identity,
MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
if (ssl->arrays->psk_keySz == 0 ||
ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
(ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN &&
(int)ssl->arrays->psk_keySz != USE_HW_PSK)) {
ERROR_OUT(PSK_KEY_ERROR, exit_scke);
}
ssl->arrays->client_identity[MAX_PSK_ID_LEN] = '\0'; /* null term */
esSz = (word32)XSTRLEN(ssl->arrays->client_identity);
if (esSz > MAX_PSK_ID_LEN) {
@@ -31626,7 +31620,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
args->length = MAX_ENCRYPT_SZ;
/* Create shared ECC key leaving room at the beginning
of buffer for size of shared key. */
* of buffer for size of shared key. */
ssl->arrays->preMasterSz = ENCRYPT_LEN - OPAQUE16_LEN;
#ifdef HAVE_CURVE25519
@@ -32017,13 +32011,15 @@ int SendClientKeyExchange(WOLFSSL* ssl)
pms += ssl->arrays->preMasterSz;
/* make psk pre master secret */
/* length of key + length 0s + length of key + key */
c16toa((word16)ssl->arrays->psk_keySz, pms);
pms += OPAQUE16_LEN;
XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
ssl->arrays->preMasterSz +=
ssl->arrays->psk_keySz + OPAQUE16_LEN;
ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
if ((int)ssl->arrays->psk_keySz > 0) {
/* length of key + length 0s + length of key + key */
c16toa((word16)ssl->arrays->psk_keySz, pms);
pms += OPAQUE16_LEN;
XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
ssl->arrays->preMasterSz +=
ssl->arrays->psk_keySz + OPAQUE16_LEN;
ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
}
ssl->arrays->psk_keySz = 0; /* No further need */
break;
}
@@ -32044,18 +32040,19 @@ int SendClientKeyExchange(WOLFSSL* ssl)
args->encSz += args->length + OPAQUE8_LEN;
/* Create pre master secret is the concatenation of
eccSize + eccSharedKey + pskSize + pskKey */
* eccSize + eccSharedKey + pskSize + pskKey */
c16toa((word16)ssl->arrays->preMasterSz, pms);
ssl->arrays->preMasterSz += OPAQUE16_LEN;
pms += ssl->arrays->preMasterSz;
c16toa((word16)ssl->arrays->psk_keySz, pms);
pms += OPAQUE16_LEN;
XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
ssl->arrays->preMasterSz +=
ssl->arrays->psk_keySz + OPAQUE16_LEN;
if ((int)ssl->arrays->psk_keySz > 0) {
c16toa((word16)ssl->arrays->psk_keySz, pms);
pms += OPAQUE16_LEN;
XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
ssl->arrays->preMasterSz += ssl->arrays->psk_keySz + OPAQUE16_LEN;
ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
}
ssl->arrays->psk_keySz = 0; /* No further need */
break;
}
@@ -38691,31 +38688,35 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
MAX_PSK_KEY_LEN);
if (ssl->arrays->psk_keySz == 0 ||
ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
#if defined(WOLFSSL_EXTRA_ALERTS) || \
defined(WOLFSSL_PSK_IDENTITY_ALERT)
SendAlert(ssl, alert_fatal,
unknown_psk_identity);
#endif
(ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN &&
(int)ssl->arrays->psk_keySz != USE_HW_PSK)) {
#if defined(WOLFSSL_EXTRA_ALERTS) || \
defined(WOLFSSL_PSK_IDENTITY_ALERT)
SendAlert(ssl, alert_fatal,
unknown_psk_identity);
#endif
ERROR_OUT(PSK_KEY_ERROR, exit_dcke);
}
/* SERVER: Pre-shared Key for peer authentication. */
ssl->options.peerAuthGood = 1;
/* make psk pre master secret */
/* length of key + length 0s + length of key + key */
c16toa((word16) ssl->arrays->psk_keySz, pms);
pms += OPAQUE16_LEN;
if ((int)ssl->arrays->psk_keySz > 0) {
/* length of key + length 0s + length of key + key */
c16toa((word16) ssl->arrays->psk_keySz, pms);
pms += OPAQUE16_LEN;
XMEMSET(pms, 0, ssl->arrays->psk_keySz);
pms += ssl->arrays->psk_keySz;
XMEMSET(pms, 0, ssl->arrays->psk_keySz);
pms += ssl->arrays->psk_keySz;
c16toa((word16) ssl->arrays->psk_keySz, pms);
pms += OPAQUE16_LEN;
c16toa((word16) ssl->arrays->psk_keySz, pms);
pms += OPAQUE16_LEN;
XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
ssl->arrays->preMasterSz =
(ssl->arrays->psk_keySz * 2) + (OPAQUE16_LEN * 2);
XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
ssl->arrays->preMasterSz = (ssl->arrays->psk_keySz * 2) +
(OPAQUE16_LEN * 2);
}
ssl->arrays->psk_keySz = 0; /* no further need */
break;
}
#endif /* !NO_PSK */
@@ -39530,24 +39531,27 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
MAX_PSK_KEY_LEN);
if (ssl->arrays->psk_keySz == 0 ||
ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
#if defined(WOLFSSL_EXTRA_ALERTS) || \
defined(WOLFSSL_PSK_IDENTITY_ALERT)
SendAlert(ssl, alert_fatal,
unknown_psk_identity);
#endif
(ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN &&
(int)ssl->arrays->psk_keySz != USE_HW_PSK)) {
#if defined(WOLFSSL_EXTRA_ALERTS) || \
defined(WOLFSSL_PSK_IDENTITY_ALERT)
SendAlert(ssl, alert_fatal,
unknown_psk_identity);
#endif
ERROR_OUT(PSK_KEY_ERROR, exit_dcke);
}
/* SERVER: Pre-shared Key for peer authentication. */
ssl->options.peerAuthGood = 1;
c16toa((word16) ssl->arrays->psk_keySz, pms);
pms += OPAQUE16_LEN;
if ((int)ssl->arrays->psk_keySz > 0) {
c16toa((word16) ssl->arrays->psk_keySz, pms);
pms += OPAQUE16_LEN;
XMEMCPY(pms, ssl->arrays->psk_key,
ssl->arrays->psk_keySz);
ssl->arrays->preMasterSz += ssl->arrays->psk_keySz +
OPAQUE16_LEN;
XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
ssl->arrays->preMasterSz += ssl->arrays->psk_keySz + OPAQUE16_LEN;
ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
}
ssl->arrays->psk_keySz = 0; /* no further need */
break;
}
#endif /* !NO_DH && !NO_PSK */
@@ -39573,18 +39577,21 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
MAX_PSK_KEY_LEN);
if (ssl->arrays->psk_keySz == 0 ||
ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
(ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN &&
(int)ssl->arrays->psk_keySz != USE_HW_PSK)) {
ERROR_OUT(PSK_KEY_ERROR, exit_dcke);
}
/* SERVER: Pre-shared Key for peer authentication. */
ssl->options.peerAuthGood = 1;
if ((int)ssl->arrays->psk_keySz > 0) {
c16toa((word16) ssl->arrays->psk_keySz, pms);
pms += OPAQUE16_LEN;
c16toa((word16) ssl->arrays->psk_keySz, pms);
pms += OPAQUE16_LEN;
XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
ssl->arrays->preMasterSz +=
ssl->arrays->psk_keySz + OPAQUE16_LEN;
XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
ssl->arrays->preMasterSz += ssl->arrays->psk_keySz + OPAQUE16_LEN;
ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
}
ssl->arrays->psk_keySz = 0; /* no further need */
break;
}
#endif /* (HAVE_ECC || CURVE25519 || CURVE448) && !NO_PSK */

62
src/tls.c
View File

@@ -13341,7 +13341,7 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
else
#endif
if (ssl->options.client_psk_cb != NULL ||
ssl->options.client_psk_tls13_cb != NULL) {
ssl->options.client_psk_tls13_cb != NULL) {
/* Default cipher suite. */
byte cipherSuite0 = TLS13_BYTE;
byte cipherSuite = WOLFSSL_DEF_PSK_CIPHER;
@@ -13363,42 +13363,38 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
ssl->arrays->server_hint, ssl->arrays->client_identity,
MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
}
#if defined(OPENSSL_EXTRA)
/* OpenSSL treats 0 as a PSK key length of 0
* and meaning no PSK available.
*/
if (ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
return PSK_KEY_ERROR;
if (
#ifndef OPENSSL_EXTRA
/* OpenSSL treats a PSK key length of 0
* to indicate no PSK available.
*/
ssl->arrays->psk_keySz == 0 ||
#endif
(ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN &&
(int)ssl->arrays->psk_keySz != USE_HW_PSK)) {
ret = PSK_KEY_ERROR;
}
if (ssl->arrays->psk_keySz > 0) {
#else
if (ssl->arrays->psk_keySz == 0 ||
ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
return PSK_KEY_ERROR;
}
#endif
ssl->arrays->client_identity[MAX_PSK_ID_LEN] = '\0';
else {
ssl->arrays->client_identity[MAX_PSK_ID_LEN] = '\0';
ssl->options.cipherSuite0 = cipherSuite0;
ssl->options.cipherSuite = cipherSuite;
(void)cipherSuiteFlags;
ret = SetCipherSpecs(ssl);
ssl->options.cipherSuite0 = cipherSuite0;
ssl->options.cipherSuite = cipherSuite;
(void)cipherSuiteFlags;
ret = SetCipherSpecs(ssl);
if (ret == 0) {
ret = TLSX_PreSharedKey_Use(
&ssl->extensions,
(byte*)ssl->arrays->client_identity,
(word16)XSTRLEN(ssl->arrays->client_identity),
0, ssl->specs.mac_algorithm,
cipherSuite0, cipherSuite, 0,
NULL, ssl->heap);
}
if (ret == 0)
usingPSK = 1;
}
if (ret != 0)
return ret;
ret = TLSX_PreSharedKey_Use(&ssl->extensions,
(byte*)ssl->arrays->client_identity,
(word16)XSTRLEN(ssl->arrays->client_identity),
0, ssl->specs.mac_algorithm,
cipherSuite0, cipherSuite, 0,
NULL, ssl->heap);
if (ret != 0)
return ret;
usingPSK = 1;
#if defined(OPENSSL_EXTRA)
}
#endif
}
#endif /* !NO_PSK */
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)

39
src/tls13.c
View File

@@ -1127,6 +1127,12 @@ static int Tls13_HKDF_Extract(WOLFSSL *ssl, byte* prk, const byte* salt,
ret = cb(prk, salt, saltLen, ikm, ikmLen, digest, cb_ctx);
}
else
#endif
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
if ((int)ssl->arrays->psk_keySz < 0) {
ret = PSK_KEY_ERROR;
}
else
#endif
{
#if !defined(HAVE_FIPS) || \
@@ -3943,7 +3949,8 @@ static int SetupPskKey(WOLFSSL* ssl, PreSharedKey* psk, int clientHello)
ssl->options.cipherSuite = WOLFSSL_DEF_PSK_CIPHER;
}
if (ssl->arrays->psk_keySz == 0 ||
ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
(ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN &&
(int)ssl->arrays->psk_keySz != USE_HW_PSK)) {
WOLFSSL_ERROR_VERBOSE(PSK_KEY_ERROR);
return PSK_KEY_ERROR;
}
@@ -3956,7 +3963,7 @@ static int SetupPskKey(WOLFSSL* ssl, PreSharedKey* psk, int clientHello)
#endif /* !WOLFSSL_PSK_ONE_ID */
if (!clientHello && (psk->cipherSuite0 != suite[0] ||
psk->cipherSuite != suite[1])) {
psk->cipherSuite != suite[1])) {
WOLFSSL_ERROR_VERBOSE(PSK_KEY_ERROR);
return PSK_KEY_ERROR;
}
@@ -5839,7 +5846,8 @@ int FindPskSuite(const WOLFSSL* ssl, PreSharedKey* psk, byte* psk_key,
*found = (*psk_keySz != 0);
}
if (*found) {
if (*psk_keySz > MAX_PSK_KEY_LEN) {
if (*psk_keySz > MAX_PSK_KEY_LEN &&
*((int*)psk_keySz) != USE_HW_PSK) {
WOLFSSL_MSG("Key len too long in FindPsk()");
ret = PSK_KEY_ERROR;
WOLFSSL_ERROR_VERBOSE(ret);
@@ -5894,29 +5902,27 @@ static int FindPsk(WOLFSSL* ssl, PreSharedKey* psk, const byte* suite, int* err)
ret = FindPskSuite(ssl, psk, ssl->arrays->psk_key, &ssl->arrays->psk_keySz,
suite, &found, foundSuite);
if (ret == 0 && found) {
if ((ret == 0) && found) {
/* Default to ciphersuite if cb doesn't specify. */
ssl->options.resuming = 0;
/* Don't send certificate request when using PSK. */
ssl->options.verifyPeer = 0;
/* Default to ciphersuite if cb doesn't specify. */
ssl->options.resuming = 0;
/* Don't send certificate request when using PSK. */
ssl->options.verifyPeer = 0;
/* PSK age is always zero. */
if (psk->ticketAge != 0) {
ret = PSK_KEY_ERROR;
WOLFSSL_ERROR_VERBOSE(ret);
}
/* PSK age is always zero. */
if (psk->ticketAge != 0) {
ret = PSK_KEY_ERROR;
WOLFSSL_ERROR_VERBOSE(ret);
}
if ((ret == 0) && found) {
if (ret == 0) {
/* Set PSK ciphersuite into SSL. */
ssl->options.cipherSuite0 = foundSuite[0];
ssl->options.cipherSuite = foundSuite[1];
ret = SetCipherSpecs(ssl);
}
if ((ret == 0) && found) {
if (ret == 0) {
/* Derive the early secret using the PSK. */
ret = DeriveEarlySecret(ssl);
}
if ((ret == 0) && found) {
if (ret == 0) {
/* PSK negotiation has succeeded */
ssl->options.isPSK = 1;
/* SERVER: using PSK for peer authentication. */
@@ -7135,6 +7141,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
#ifdef HAVE_SESSION_TICKET
if (ssl->options.resuming) {
ssl->options.resuming = 0;
ssl->arrays->psk_keySz = 0;
XMEMSET(ssl->arrays->psk_key, 0, ssl->specs.hash_size);
}
#endif

65
wolfssl/test.h
View File

@@ -289,6 +289,14 @@
#endif
#endif
#if defined(DEBUG_PK_CB) || defined(TEST_PK_PRIVKEY) || defined(TEST_PK_PSK)
#define WOLFSSL_PKMSG(...) printf(__VA_ARGS__)
#else
#define WOLFSSL_PKMSG(...) WC_DO_NOTHING
#endif
#ifndef MY_EX_USAGE
#define MY_EX_USAGE 2
#endif
@@ -1807,7 +1815,6 @@ static WC_INLINE void tcp_set_blocking(SOCKET_T* sockfd)
#endif
}
#ifndef NO_PSK
/* identity is OpenSSL testing default for openssl s_client, keep same */
@@ -1817,6 +1824,8 @@ static WC_INLINE unsigned int my_psk_client_cb(WOLFSSL* ssl, const char* hint,
char* identity, unsigned int id_max_len, unsigned char* key,
unsigned int key_max_len)
{
unsigned int ret;
(void)ssl;
(void)hint;
(void)key_max_len;
@@ -1826,13 +1835,13 @@ static WC_INLINE unsigned int my_psk_client_cb(WOLFSSL* ssl, const char* hint,
if (wolfSSL_GetVersion(ssl) < WOLFSSL_TLSV1_3) {
/* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using
unsigned binary */
* unsigned binary */
key[0] = 0x1a;
key[1] = 0x2b;
key[2] = 0x3c;
key[3] = 0x4d;
return 4; /* length of key in octets or 0 for error */
ret = 4; /* length of key in octets or 0 for error */
}
else {
int i;
@@ -1844,14 +1853,23 @@ static WC_INLINE unsigned int my_psk_client_cb(WOLFSSL* ssl, const char* hint,
key[i] = b;
}
return 32; /* length of key in octets or 0 for error */
ret = 32; /* length of key in octets or 0 for error */
}
#if defined(HAVE_PK_CALLBACKS) && defined(TEST_PK_PSK)
WOLFSSL_PKMSG("PSK Client using HW (Len %d, Hint %s)\n", ret, hint);
ret = (unsigned int)USE_HW_PSK;
#endif
return ret;
}
static WC_INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity,
unsigned char* key, unsigned int key_max_len)
{
unsigned int ret;
(void)ssl;
(void)key_max_len;
@@ -1861,13 +1879,13 @@ static WC_INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identit
if (wolfSSL_GetVersion(ssl) < WOLFSSL_TLSV1_3) {
/* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using
unsigned binary */
* unsigned binary */
key[0] = 0x1a;
key[1] = 0x2b;
key[2] = 0x3c;
key[3] = 0x4d;
return 4; /* length of key in octets or 0 for error */
ret = 4; /* length of key in octets or 0 for error */
}
else {
int i;
@@ -1879,8 +1897,14 @@ static WC_INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identit
key[i] = b;
}
return 32; /* length of key in octets or 0 for error */
ret = 32; /* length of key in octets or 0 for error */
}
#if defined(HAVE_PK_CALLBACKS) && defined(TEST_PK_PSK)
WOLFSSL_PKMSG("PSK Server using HW (Len %d, Hint %s)\n", ret, identity);
ret = (unsigned int)USE_HW_PSK;
#endif
return ret;
}
#ifdef WOLFSSL_TLS13
@@ -1888,6 +1912,7 @@ static WC_INLINE unsigned int my_psk_client_tls13_cb(WOLFSSL* ssl,
const char* hint, char* identity, unsigned int id_max_len,
unsigned char* key, unsigned int key_max_len, const char** ciphersuite)
{
unsigned int ret;
int i;
int b = 0x01;
const char* userCipher = (const char*)wolfSSL_get_psk_callback_ctx(ssl);
@@ -1907,7 +1932,14 @@ static WC_INLINE unsigned int my_psk_client_tls13_cb(WOLFSSL* ssl,
*ciphersuite = userCipher ? userCipher : "TLS13-AES128-GCM-SHA256";
return 32; /* length of key in octets or 0 for error */
ret = 32; /* length of key in octets or 0 for error */
#if defined(HAVE_PK_CALLBACKS) && defined(TEST_PK_PSK)
WOLFSSL_PKMSG("PSK Client TLS 1.3 using HW (Len %d, Hint %s)\n", ret, hint);
ret = (unsigned int)USE_HW_PSK;
#endif
return ret;
}
@@ -1915,6 +1947,7 @@ static WC_INLINE unsigned int my_psk_server_tls13_cb(WOLFSSL* ssl,
const char* identity, unsigned char* key, unsigned int key_max_len,
const char** ciphersuite)
{
unsigned int ret;
int i;
int b = 0x01;
int kIdLen = (int)XSTRLEN(kIdentityStr);
@@ -1938,7 +1971,15 @@ static WC_INLINE unsigned int my_psk_server_tls13_cb(WOLFSSL* ssl,
*ciphersuite = userCipher ? userCipher : "TLS13-AES128-GCM-SHA256";
return 32; /* length of key in octets or 0 for error */
ret = 32; /* length of key in octets or 0 for error */
#if defined(HAVE_PK_CALLBACKS) && defined(TEST_PK_PSK)
WOLFSSL_PKMSG("PSK Server TLS 1.3 using HW (Len %d, Hint %s)\n",
ret, identity);
ret = (unsigned int)USE_HW_PSK;
#endif
return ret;
}
#endif
@@ -3086,12 +3127,6 @@ typedef struct PkCbInfo {
#endif
} PkCbInfo;
#if defined(DEBUG_PK_CB) || defined(TEST_PK_PRIVKEY)
#define WOLFSSL_PKMSG(...) printf(__VA_ARGS__)
#else
#define WOLFSSL_PKMSG(...) WC_DO_NOTHING
#endif
#ifdef HAVE_ECC
static WC_INLINE int myEccKeyGen(WOLFSSL* ssl, ecc_key* key, word32 keySz,