Skip to content

refactor to Make(Dhe)PSKPreMasterSecret #9290

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Oct 27, 2025
Merged

refactor to Make(Dhe)PSKPreMasterSecret #9290

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
202 changes: 64 additions & 138 deletions src/internal.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33197,6 +33197,59 @@ static void FreeSckeArgs(WOLFSSL* ssl, void* pArgs)
args->input = NULL;
}

#ifndef NO_PSK
static int AddPSKtoPreMasterSecret(WOLFSSL* ssl)
{
int ret = 0;
/* Use the PSK hint to look up the PSK and add it to the
* preMasterSecret here. */
ssl->arrays->psk_keySz = ssl->options.server_psk_cb(ssl,
ssl->arrays->client_identity, ssl->arrays->psk_key,
MAX_PSK_KEY_LEN);

if (ssl->arrays->psk_keySz == 0 ||
(ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN &&
(int)ssl->arrays->psk_keySz != WC_NO_ERR_TRACE(USE_HW_PSK))) {
#if defined(WOLFSSL_EXTRA_ALERTS) || defined(WOLFSSL_PSK_IDENTITY_ALERT)
SendAlert(ssl, alert_fatal, unknown_psk_identity);
#endif
ret = 1;
}
if (ret == 0)
/* Pre-shared Key for peer authentication. */
ssl->options.peerAuthGood = 1;
return ret;
}

static void MakePSKPreMasterSecret(Arrays* arrays, byte use_psk_key)
{
byte* pms = arrays->preMasterSecret;
word16 sz;

/* sz + (use_psk_key ? sz 0s : sz unaltered) + length of psk + psk */
if (!use_psk_key) {
sz = (word16)arrays->preMasterSz;
c16toa(sz, pms);
pms += OPAQUE16_LEN + sz;
}
if ((int)arrays->psk_keySz > 0) {
if (use_psk_key) {
sz = (word16)arrays->psk_keySz;
c16toa(sz, pms);
pms += OPAQUE16_LEN;
XMEMSET(pms, 0, sz);
pms += sz;
}
c16toa(arrays->psk_keySz, pms);
pms += OPAQUE16_LEN;
XMEMCPY(pms, arrays->psk_key, arrays->psk_keySz);
arrays->preMasterSz = sz + arrays->psk_keySz + OPAQUE16_LEN * 2;
ForceZero(arrays->psk_key, arrays->psk_keySz);
}
arrays->psk_keySz = 0; /* no further need */
}
#endif /*!NO_PSK*/

/* handle generation client_key_exchange (16) */
int SendClientKeyExchange(WOLFSSL* ssl)
{
Expand Down Expand Up @@ -33626,7 +33679,6 @@ int SendClientKeyExchange(WOLFSSL* ssl)
#ifndef NO_PSK
case psk_kea:
{
byte* pms = ssl->arrays->preMasterSecret;
ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl,
ssl->arrays->server_hint, ssl->arrays->client_identity,
MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
Expand All @@ -33645,24 +33697,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
XMEMCPY(args->encSecret, ssl->arrays->client_identity,
args->encSz);
ssl->options.peerAuthGood = 1;
if ((int)ssl->arrays->psk_keySz > 0) {
/* CLIENT: Pre-shared Key for peer authentication. */

/* make psk pre master secret */
/* length of key + length 0s + length of key + key */
c16toa((word16)ssl->arrays->psk_keySz, pms);
pms += OPAQUE16_LEN;
XMEMSET(pms, 0, ssl->arrays->psk_keySz);
pms += ssl->arrays->psk_keySz;
c16toa((word16)ssl->arrays->psk_keySz, pms);
pms += OPAQUE16_LEN;
XMEMCPY(pms, ssl->arrays->psk_key,
ssl->arrays->psk_keySz);
ssl->arrays->preMasterSz = (ssl->arrays->psk_keySz * 2)
+ (2 * OPAQUE16_LEN);
ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
}
ssl->arrays->psk_keySz = 0; /* No further need */
MakePSKPreMasterSecret(ssl->arrays, 1);
break;
}
#endif /* !NO_PSK */
Expand Down Expand Up @@ -34160,39 +34195,22 @@ int SendClientKeyExchange(WOLFSSL* ssl)
#if !defined(NO_DH) && !defined(NO_PSK)
case dhe_psk_kea:
{
byte* pms = ssl->arrays->preMasterSecret;

/* validate args */
if (args->output == NULL || args->length == 0) {
ERROR_OUT(BAD_FUNC_ARG, exit_scke);
}

c16toa((word16)args->length, args->output);
args->encSz += args->length + OPAQUE16_LEN;
c16toa((word16)ssl->arrays->preMasterSz, pms);
ssl->arrays->preMasterSz += OPAQUE16_LEN;
pms += ssl->arrays->preMasterSz;

/* make psk pre master secret */
if ((int)ssl->arrays->psk_keySz > 0) {
/* length of key + length 0s + length of key + key */
c16toa((word16)ssl->arrays->psk_keySz, pms);
pms += OPAQUE16_LEN;
XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
ssl->arrays->preMasterSz +=
ssl->arrays->psk_keySz + OPAQUE16_LEN;
ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
}
ssl->arrays->psk_keySz = 0; /* No further need */

MakePSKPreMasterSecret(ssl->arrays, 0);
break;
}
#endif /* !NO_DH && !NO_PSK */
#if (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \
defined(HAVE_CURVE448)) && !defined(NO_PSK)
case ecdhe_psk_kea:
{
byte* pms = ssl->arrays->preMasterSecret;

/* validate args */
if (args->output == NULL || args->length > ENCRYPT_LEN) {
ERROR_OUT(BAD_FUNC_ARG, exit_scke);
Expand All @@ -34204,19 +34222,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)

/* Create pre master secret is the concatenation of
* eccSize + eccSharedKey + pskSize + pskKey */
c16toa((word16)ssl->arrays->preMasterSz, pms);
ssl->arrays->preMasterSz += OPAQUE16_LEN;
pms += ssl->arrays->preMasterSz;

if ((int)ssl->arrays->psk_keySz > 0) {
c16toa((word16)ssl->arrays->psk_keySz, pms);
pms += OPAQUE16_LEN;
XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
ssl->arrays->preMasterSz += ssl->arrays->psk_keySz + OPAQUE16_LEN;

ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
}
ssl->arrays->psk_keySz = 0; /* No further need */
MakePSKPreMasterSecret(ssl->arrays, 0);
break;
}
#endif /* (HAVE_ECC || HAVE_CURVE25519 || HAVE_CURVE448) && !NO_PSK */
Expand Down Expand Up @@ -40999,7 +41005,6 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
#ifndef NO_PSK
case psk_kea:
{
byte* pms = ssl->arrays->preMasterSecret;
word16 ci_sz;

if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
Expand All @@ -41020,42 +41025,10 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
XMEMCPY(ssl->arrays->client_identity,
input + args->idx, ci_sz);
args->idx += ci_sz;

ssl->arrays->client_identity[ci_sz] = '\0'; /* null term */
ssl->arrays->psk_keySz = ssl->options.server_psk_cb(ssl,
ssl->arrays->client_identity, ssl->arrays->psk_key,
MAX_PSK_KEY_LEN);

if (ssl->arrays->psk_keySz == 0 ||
(ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN &&
(int)ssl->arrays->psk_keySz != WC_NO_ERR_TRACE(USE_HW_PSK))) {
#if defined(WOLFSSL_EXTRA_ALERTS) || \
defined(WOLFSSL_PSK_IDENTITY_ALERT)
SendAlert(ssl, alert_fatal,
unknown_psk_identity);
#endif
if (AddPSKtoPreMasterSecret(ssl))
ERROR_OUT(PSK_KEY_ERROR, exit_dcke);
}
/* SERVER: Pre-shared Key for peer authentication. */
ssl->options.peerAuthGood = 1;

/* make psk pre master secret */
if ((int)ssl->arrays->psk_keySz > 0) {
/* length of key + length 0s + length of key + key */
c16toa((word16) ssl->arrays->psk_keySz, pms);
pms += OPAQUE16_LEN;

XMEMSET(pms, 0, ssl->arrays->psk_keySz);
pms += ssl->arrays->psk_keySz;

c16toa((word16) ssl->arrays->psk_keySz, pms);
pms += OPAQUE16_LEN;

XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
ssl->arrays->preMasterSz = (ssl->arrays->psk_keySz * 2) +
(OPAQUE16_LEN * 2);
}
ssl->arrays->psk_keySz = 0; /* no further need */
MakePSKPreMasterSecret(ssl->arrays, 1);
break;
}
#endif /* !NO_PSK */
Expand Down Expand Up @@ -41854,82 +41827,35 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
#if !defined(NO_DH) && !defined(NO_PSK)
case dhe_psk_kea:
{
byte* pms = ssl->arrays->preMasterSecret;
word16 clientSz = (word16)args->sigSz;

args->idx += clientSz;
c16toa((word16)ssl->arrays->preMasterSz, pms);
ssl->arrays->preMasterSz += OPAQUE16_LEN;
pms += ssl->arrays->preMasterSz;

/* Use the PSK hint to look up the PSK and add it to the
* preMasterSecret here. */
ssl->arrays->psk_keySz = ssl->options.server_psk_cb(ssl,
ssl->arrays->client_identity, ssl->arrays->psk_key,
MAX_PSK_KEY_LEN);

if (ssl->arrays->psk_keySz == 0 ||
(ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN &&
(int)ssl->arrays->psk_keySz != WC_NO_ERR_TRACE(USE_HW_PSK))) {
#if defined(WOLFSSL_EXTRA_ALERTS) || \
defined(WOLFSSL_PSK_IDENTITY_ALERT)
SendAlert(ssl, alert_fatal,
unknown_psk_identity);
#endif
if (AddPSKtoPreMasterSecret(ssl))
ERROR_OUT(PSK_KEY_ERROR, exit_dcke);
}
/* SERVER: Pre-shared Key for peer authentication. */
ssl->options.peerAuthGood = 1;

if ((int)ssl->arrays->psk_keySz > 0) {
c16toa((word16) ssl->arrays->psk_keySz, pms);
pms += OPAQUE16_LEN;

XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
ssl->arrays->preMasterSz += ssl->arrays->psk_keySz + OPAQUE16_LEN;
ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
}
ssl->arrays->psk_keySz = 0; /* no further need */
MakePSKPreMasterSecret(ssl->arrays, 0);
break;
}
#endif /* !NO_DH && !NO_PSK */
#if (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \
defined(HAVE_CURVE448)) && !defined(NO_PSK)
case ecdhe_psk_kea:
{
byte* pms = ssl->arrays->preMasterSecret;
word16 clientSz = (word16)args->sigSz;

/* skip past the imported peer key */
args->idx += args->length;

/* Add preMasterSecret */
c16toa(clientSz, pms);
ssl->arrays->preMasterSz = OPAQUE16_LEN + clientSz;
pms += ssl->arrays->preMasterSz;
ssl->arrays->preMasterSz = clientSz;

/* Use the PSK hint to look up the PSK and add it to the
* preMasterSecret here. */
ssl->arrays->psk_keySz = ssl->options.server_psk_cb(ssl,
ssl->arrays->client_identity, ssl->arrays->psk_key,
MAX_PSK_KEY_LEN);

if (ssl->arrays->psk_keySz == 0 ||
(ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN &&
(int)ssl->arrays->psk_keySz != WC_NO_ERR_TRACE(USE_HW_PSK))) {
if (AddPSKtoPreMasterSecret(ssl))
ERROR_OUT(PSK_KEY_ERROR, exit_dcke);
}
/* SERVER: Pre-shared Key for peer authentication. */
ssl->options.peerAuthGood = 1;
if ((int)ssl->arrays->psk_keySz > 0) {
c16toa((word16) ssl->arrays->psk_keySz, pms);
pms += OPAQUE16_LEN;

XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
ssl->arrays->preMasterSz += ssl->arrays->psk_keySz + OPAQUE16_LEN;
ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
}
ssl->arrays->psk_keySz = 0; /* no further need */
MakePSKPreMasterSecret(ssl->arrays, 0);
break;
}
#endif /* (HAVE_ECC || CURVE25519 || CURVE448) && !NO_PSK */
Expand Down