From fbb17804d870fe4f86d7fe9187130e62fb3df22f Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Wed, 17 Apr 2013 19:10:21 +0200 Subject: [PATCH] Added pre-shared key handling for the server side of SSL / TLS Server side handling of the pure PSK ciphersuites is now in the base code. --- library/ssl_srv.c | 69 ++++++++++++++++++++++++++++++++++++-- programs/ssl/ssl_server2.c | 65 +++++++++++++++++++++++++++++++++++ 2 files changed, 131 insertions(+), 3 deletions(-) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 6545733d0..27d7a7ebe 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -1026,14 +1026,16 @@ static int ssl_write_certificate_request( ssl_context *ssl ) size_t n = 0, dn_size, total_dn_size; unsigned char *buf, *p; const x509_cert *crt; + const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; SSL_DEBUG_MSG( 2, ( "=> write certificate request" ) ); ssl->state++; - if( ssl->authmode == SSL_VERIFY_NONE ) + if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK || + ssl->authmode == SSL_VERIFY_NONE ) { - SSL_DEBUG_MSG( 2, ( "<= skip write certificate request" ) ); + SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) ); return( 0 ); } @@ -1536,6 +1538,57 @@ static int ssl_parse_encrypted_pms_secret( ssl_context *ssl ) return( ret ); } +static int ssl_parse_client_psk_identity( ssl_context *ssl ) +{ + int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE; + +#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) + size_t n; + unsigned char *p = ssl->handshake->premaster; + + if( ssl->psk == NULL || ssl->psk_identity == NULL || + ssl->psk_identity_len == 0 || ssl->psk_len == 0 ) + { + SSL_DEBUG_MSG( 1, ( "got no pre-shared key" ) ); + return( POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED ); + } + + /* + * Receive client pre-shared key identiy name + */ + n = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5]; + + if( n < 1 || n > 65535 ) + { + SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); + return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + } + + if( n != ssl->psk_identity_len || + memcmp( ssl->psk_identity, ssl->in_msg + 6, n ) != 0 ) + { + SSL_DEBUG_BUF( 3, "Unknown PSK identity", ssl->in_msg + 6, n ); + return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + } + + *(p++) = (unsigned char)( ssl->psk_len >> 8 ); + *(p++) = (unsigned char)( ssl->psk_len ); + p += ssl->psk_len; + + *(p++) = (unsigned char)( ssl->psk_len >> 8 ); + *(p++) = (unsigned char)( ssl->psk_len ); + memcpy( p, ssl->psk, ssl->psk_len ); + p += ssl->psk_len; + + ssl->handshake->pmslen = 4 + 2 * ssl->psk_len; + + ret = 0; + +#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */ + + return( ret ); +} + static int ssl_parse_client_key_exchange( ssl_context *ssl ) { int ret; @@ -1579,6 +1632,14 @@ static int ssl_parse_client_key_exchange( ssl_context *ssl ) return( ret ); } } + else if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ) + { + if( ( ret = ssl_parse_client_psk_identity( ssl ) ) != 0 ) + { + SSL_DEBUG_RET( 1, ( "ssl_parse_client_psk_identity" ), ret ); + return( ret ); + } + } else { if( ( ret = ssl_parse_encrypted_pms_secret( ssl ) ) != 0 ) @@ -1608,10 +1669,12 @@ static int ssl_parse_certificate_verify( ssl_context *ssl ) unsigned char hash[48]; md_type_t md_alg = POLARSSL_MD_NONE; unsigned int hashlen = 0; + const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) ); - if( ssl->session_negotiate->peer_cert == NULL ) + if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK || + ssl->session_negotiate->peer_cert == NULL ) { SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) ); ssl->state++; diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index abca186d6..73c332796 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -56,6 +56,8 @@ #define DFL_CA_PATH "" #define DFL_CRT_FILE "" #define DFL_KEY_FILE "" +#define DFL_PSK "" +#define DFL_PSK_IDENTITY "Client_identity" #define DFL_FORCE_CIPHER 0 #define DFL_RENEGOTIATION SSL_RENEGOTIATION_ENABLED #define DFL_ALLOW_LEGACY SSL_LEGACY_NO_RENEGOTIATION @@ -78,6 +80,8 @@ struct options char *ca_path; /* the path with the CA certificate(s) reside */ char *crt_file; /* the file with the client certificate */ char *key_file; /* the file with the client key */ + char *psk; /* the pre-shared key */ + char *psk_identity; /* the pre-shared key identity */ int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */ int renegotiation; /* enable / disable renegotiation */ int allow_legacy; /* allow legacy renegotiation */ @@ -121,6 +125,9 @@ void my_debug( void *ctx, int level, const char *str ) " options: ssl3, tls1, tls1_1, tls1_2\n" \ " auth_mode=%%s default: \"optional\"\n" \ " options: none, optional, required\n" \ + " psk=%%s default: \"\" (in hex, without 0x)\n" \ + " psk_identity=%%s default: \"Client_identity\"\n" \ + "\n" \ " force_ciphersuite= default: all enabled\n"\ " acceptable ciphersuite names:\n" @@ -146,6 +153,8 @@ int main( int argc, char *argv[] ) int listen_fd; int client_fd = -1; unsigned char buf[1024]; + unsigned char psk[256]; + size_t psk_len = 0; char *pers = "ssl_server2"; entropy_context entropy; @@ -197,6 +206,8 @@ int main( int argc, char *argv[] ) opt.ca_path = DFL_CA_PATH; opt.crt_file = DFL_CRT_FILE; opt.key_file = DFL_KEY_FILE; + opt.psk = DFL_PSK; + opt.psk_identity = DFL_PSK_IDENTITY; opt.force_ciphersuite[0]= DFL_FORCE_CIPHER; opt.renegotiation = DFL_RENEGOTIATION; opt.allow_legacy = DFL_ALLOW_LEGACY; @@ -230,6 +241,10 @@ int main( int argc, char *argv[] ) opt.crt_file = q; else if( strcmp( p, "key_file" ) == 0 ) opt.key_file = q; + else if( strcmp( p, "psk" ) == 0 ) + opt.psk = q; + else if( strcmp( p, "psk_identity" ) == 0 ) + opt.psk_identity = q; else if( strcmp( p, "force_ciphersuite" ) == 0 ) { opt.force_ciphersuite[0] = -1; @@ -282,6 +297,54 @@ int main( int argc, char *argv[] ) goto usage; } + /* + * Unhexify the pre-shared key if any is given + */ + if( strlen( opt.psk ) ) + { + unsigned char c; + size_t j; + + if( strlen( opt.psk ) % 2 != 0 ) + { + printf("pre-shared key not valid hex\n"); + goto exit; + } + + psk_len = strlen( opt.psk ) / 2; + + for( j = 0; j < strlen( opt.psk ); j += 2 ) + { + c = opt.psk[j]; + if( c >= '0' && c <= '9' ) + c -= '0'; + else if( c >= 'a' && c <= 'f' ) + c -= 'a' - 10; + else if( c >= 'A' && c <= 'F' ) + c -= 'A' - 10; + else + { + printf("pre-shared key not valid hex\n"); + goto exit; + } + psk[ j / 2 ] = c << 4; + + c = opt.psk[j + 1]; + if( c >= '0' && c <= '9' ) + c -= '0'; + else if( c >= 'a' && c <= 'f' ) + c -= 'a' - 10; + else if( c >= 'A' && c <= 'F' ) + c -= 'A' - 10; + else + { + printf("pre-shared key not valid hex\n"); + goto exit; + } + psk[ j / 2 ] |= c; + } + } + /* * 0. Initialize the RNG and the session data */ @@ -421,6 +484,8 @@ int main( int argc, char *argv[] ) ssl_set_ca_chain( &ssl, &cacert, NULL, NULL ); ssl_set_own_cert( &ssl, &srvcert, &rsa ); + ssl_set_psk( &ssl, psk, psk_len, (unsigned char *) opt.psk_identity, + strlen( opt.psk_identity ) ); #if defined(POLARSSL_DHM_C) /*