From a6412a3d73e742ab0d067817298cf2bba9253832 Mon Sep 17 00:00:00 2001
From: Achim Kraus <achim.kraus@cloudcoap.net>
Date: Wed, 15 Nov 2023 20:03:06 +0100
Subject: [PATCH] dtls.c: support longer PSK secrets.

Use DTLS_KEY_LENGTH for DTLS_PSK_MAX_KEY_LEN only as default.

Signed-off-by: Achim Kraus <achim.kraus@cloudcoap.net>
---
 crypto.h              | 2 ++
 dtls.c                | 6 ++----
 zephyr/CMakeLists.txt | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/crypto.h b/crypto.h
index 6df46ff7..4902a49e 100644
--- a/crypto.h
+++ b/crypto.h
@@ -92,7 +92,9 @@ typedef struct {
 #endif /* DTLS_PSK_MAX_CLIENT_IDENTITY_LEN */
 
 /* This is the maximal supported length of the pre-shared key. */
+#ifndef DTLS_PSK_MAX_KEY_LEN
 #define DTLS_PSK_MAX_KEY_LEN DTLS_KEY_LENGTH
+#endif /* DTLS_PSK_MAX_KEY_LEN */
 
 typedef struct {
   uint16_t id_length;
diff --git a/dtls.c b/dtls.c
index 817473fc..8368a1cb 100644
--- a/dtls.c
+++ b/dtls.c
@@ -952,7 +952,7 @@ calculate_key_block(dtls_context_t *ctx,
 		    dtls_peer_type role) {
   (void) ctx;
   (void) session;
-  unsigned char *pre_master_secret;
+  unsigned char pre_master_secret[2 * (sizeof(uint16) + DTLS_PSK_MAX_KEY_LEN)];
   int pre_master_len = 0;
   dtls_security_parameters_t *security = dtls_security_params_next(peer);
   uint8 master_secret[DTLS_MASTER_SECRET_LENGTH];
@@ -962,7 +962,6 @@ calculate_key_block(dtls_context_t *ctx,
     return dtls_alert_fatal_create(DTLS_ALERT_INTERNAL_ERROR);
   }
 
-  pre_master_secret = security->key_block;
   switch (get_key_exchange_algorithm(handshake->cipher_index)) {
   case DTLS_KEY_EXCHANGE_PSK:
 #ifdef DTLS_PSK
@@ -978,10 +977,9 @@ calculate_key_block(dtls_context_t *ctx,
         dtls_crit("no psk key for session available\n");
         return len;
       }
-    /* Temporarily use the key_block storage space for the pre master secret. */
       pre_master_len = dtls_psk_pre_master_secret(psk, len,
                         pre_master_secret,
-                        MAX_KEYBLOCK_LENGTH);
+                        sizeof(pre_master_secret));
 
       dtls_debug_hexdump("psk", psk, len);
 
diff --git a/zephyr/CMakeLists.txt b/zephyr/CMakeLists.txt
index a279f770..2c8316a9 100644
--- a/zephyr/CMakeLists.txt
+++ b/zephyr/CMakeLists.txt
@@ -39,7 +39,7 @@ if(CONFIG_LIBTINYDTLS)
     set(DTLS_ECC Off)
   endif()
   add_subdirectory(.. build)
-  target_compile_definitions(tinydtls PUBLIC WITH_ZEPHYR)
+  target_compile_definitions(tinydtls PUBLIC WITH_ZEPHYR DTLS_PSK_MAX_KEY_LEN=32 DTLS_PSK_MAX_CLIENT_IDENTITY_LEN=48)
   target_link_libraries(tinydtls PUBLIC zephyr_interface)
   set_property(GLOBAL APPEND PROPERTY ZEPHYR_INTERFACE_LIBS tinydtls)
 endif()