Skip to content

Support for Public Key (PK) callbacks with PSK#7302

Merged
JacobBarthelmeh merged 1 commit intowolfSSL:masterfrom
dgarske:pk_psk
Mar 13, 2024
Merged

Support for Public Key (PK) callbacks with PSK#7302
JacobBarthelmeh merged 1 commit intowolfSSL:masterfrom
dgarske:pk_psk

Conversation

@dgarske
Copy link
Copy Markdown
Member

@dgarske dgarske commented Mar 6, 2024

Description

Support for Public Key (PK) callbacks with PSK in TLS v1.2 and TLS v1.3 (client and server).

Add support for returning USE_HW_PSK from the PSK callbacks:

  • wolfSSL_CTX_set_psk_server_callback
  • wolfSSL_CTX_set_psk_client_callback
  • wolfSSL_CTX_set_psk_server_tls13_callback
  • wolfSSL_CTX_set_psk_client_tls13_callback

Fixes ZD 17383

Testing

./configure --enable-psk --enable-pkcallbacks CFLAGS="-DTEST_PK_PSK"
make check

Checklist

  • added tests
  • updated/added doxygen
  • updated appropriate READMEs
  • Updated manual and documentation

@dgarske dgarske self-assigned this Mar 6, 2024
@dgarske dgarske force-pushed the pk_psk branch 2 times, most recently from 84b487e to dfa2e30 Compare March 8, 2024 18:42
@dgarske dgarske marked this pull request as ready for review March 8, 2024 18:43
@dgarske
Copy link
Copy Markdown
Member Author

dgarske commented Mar 8, 2024

Retest this please

@dgarske dgarske requested a review from JacobBarthelmeh March 11, 2024 19:10
@dgarske dgarske added the For This Release Release version 5.9.1 label Mar 11, 2024
@dgarske dgarske assigned JacobBarthelmeh and unassigned dgarske Mar 11, 2024
Copy link
Copy Markdown
Contributor

@JacobBarthelmeh JacobBarthelmeh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On Mac OS with latest wolfSSL master branch + this PR I see a failure with the unit tests:

I hear you fa shizzle!
starting psk cipher suite tests
starting TLS 1.3 psk no identity extra cipher suite tests
trying server command line[2007]: SuiteTest -v 4 -s -l TLS13-AES128-GCM-SHA256 -d -2 -p 0 
trying client command line[2008]: SuiteTest -v 4 -s -l TLS13-AES128-GCM-SHA256 -2 -p 58037 
PSK Server TLS 1.3 using HW (Len 32, Hint Client_identitySHA256)
SSL_accept error -333, psk key callback error
wolfSSL error: SSL_accept failed
wolfSSL_connect error -313, received alert fatal error
wolfSSL error: wolfSSL_connect failed

This is with doing:

./configure --enable-psk --enable-pkcallbacks CFLAGS="-DTEST_PK_PSK" && make
./tests/unit.test

@dgarske
Copy link
Copy Markdown
Member Author

dgarske commented Mar 11, 2024

On Mac OS with latest wolfSSL master branch + this PR I see a failure with the unit tests:

I hear you fa shizzle!
starting psk cipher suite tests
starting TLS 1.3 psk no identity extra cipher suite tests
trying server command line[2007]: SuiteTest -v 4 -s -l TLS13-AES128-GCM-SHA256 -d -2 -p 0 
trying client command line[2008]: SuiteTest -v 4 -s -l TLS13-AES128-GCM-SHA256 -2 -p 58037 
PSK Server TLS 1.3 using HW (Len 32, Hint Client_identitySHA256)
SSL_accept error -333, psk key callback error
wolfSSL error: SSL_accept failed
wolfSSL_connect error -313, received alert fatal error
wolfSSL error: wolfSSL_connect failed

This is with doing:

./configure --enable-psk --enable-pkcallbacks CFLAGS="-DTEST_PK_PSK" && make
./tests/unit.test

Yes that is expected. The PK callback is not setup to inject a master secret, so this failure occurs. This work is being done for a customer's HSM. I understand if we need to hold off on merging until that is completed.

@JacobBarthelmeh JacobBarthelmeh merged commit 1e054b9 into wolfSSL:master Mar 13, 2024
dgarske added a commit to dgarske/wolfssl that referenced this pull request Mar 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

For This Release Release version 5.9.1

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants