Added pre-shared key handling for the server side of SSL / TLS

Server side handling of the pure PSK ciphersuites is now in the base
code.

library/ssl_srv.c

@@ -1026,14 +1026,16 @@ static int ssl_write_certificate_request( ssl_context *ssl )
     size_t n = 0, dn_size, total_dn_size;
     unsigned char *buf, *p;
     const x509_cert *crt;
+    const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
 
     SSL_DEBUG_MSG( 2, ( "=> write certificate request" ) );
 
     ssl->state++;
 
-    if( ssl->authmode == SSL_VERIFY_NONE )
+    if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
+        ssl->authmode == SSL_VERIFY_NONE )
     {
-        SSL_DEBUG_MSG( 2, ( "<= skip write certificate request" ) );
+        SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) );
         return( 0 );
     }
 
@@ -1536,6 +1538,57 @@ static int ssl_parse_encrypted_pms_secret( ssl_context *ssl )
     return( ret );
 }
 
+static int ssl_parse_client_psk_identity( ssl_context *ssl )
+{
+    int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
+
+#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
+    size_t n;
+    unsigned char *p = ssl->handshake->premaster;
+
+    if( ssl->psk == NULL || ssl->psk_identity == NULL ||
+        ssl->psk_identity_len == 0 || ssl->psk_len == 0 )
+    {
+        SSL_DEBUG_MSG( 1, ( "got no pre-shared key" ) );
+        return( POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED );
+    }
+
+    /*
+     * Receive client pre-shared key identiy name
+     */
+    n = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5];
+
+    if( n < 1 || n > 65535 )
+    {
+        SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
+        return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
+    }
+
+    if( n != ssl->psk_identity_len ||
+        memcmp( ssl->psk_identity, ssl->in_msg + 6, n ) != 0 )
+    {
+        SSL_DEBUG_BUF( 3, "Unknown PSK identity", ssl->in_msg + 6, n );
+        return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
+    }
+
+    *(p++) = (unsigned char)( ssl->psk_len >> 8 );
+    *(p++) = (unsigned char)( ssl->psk_len      );
+    p += ssl->psk_len;
+
+    *(p++) = (unsigned char)( ssl->psk_len >> 8 );
+    *(p++) = (unsigned char)( ssl->psk_len      );
+    memcpy( p, ssl->psk, ssl->psk_len );
+    p += ssl->psk_len;
+
+    ssl->handshake->pmslen = 4 + 2 * ssl->psk_len;
+
+    ret = 0;
+
+#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
+
+    return( ret );
+}
+
 static int ssl_parse_client_key_exchange( ssl_context *ssl )
 {
     int ret;
@@ -1579,6 +1632,14 @@ static int ssl_parse_client_key_exchange( ssl_context *ssl )
             return( ret );
         }
     }
+    else if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK )
+    {
+        if( ( ret = ssl_parse_client_psk_identity( ssl ) ) != 0 )
+        {
+            SSL_DEBUG_RET( 1, ( "ssl_parse_client_psk_identity" ), ret );
+            return( ret );
+        }
+    }
     else
     {
         if( ( ret = ssl_parse_encrypted_pms_secret( ssl ) ) != 0 )
@@ -1608,10 +1669,12 @@ static int ssl_parse_certificate_verify( ssl_context *ssl )
     unsigned char hash[48];
     md_type_t md_alg = POLARSSL_MD_NONE;
     unsigned int hashlen = 0;
+    const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
 
     SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) );
 
-    if( ssl->session_negotiate->peer_cert == NULL )
+    if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
+        ssl->session_negotiate->peer_cert == NULL )
     {
         SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) );
         ssl->state++;

programs/ssl/ssl_server2.c

@@ -56,6 +56,8 @@
 #define DFL_CA_PATH             ""
 #define DFL_CRT_FILE            ""
 #define DFL_KEY_FILE            ""
+#define DFL_PSK                 ""
+#define DFL_PSK_IDENTITY        "Client_identity"
 #define DFL_FORCE_CIPHER        0
 #define DFL_RENEGOTIATION       SSL_RENEGOTIATION_ENABLED
 #define DFL_ALLOW_LEGACY        SSL_LEGACY_NO_RENEGOTIATION
@@ -78,6 +80,8 @@ struct options
     char *ca_path;              /* the path with the CA certificate(s) reside */
     char *crt_file;             /* the file with the client certificate     */
     char *key_file;             /* the file with the client key             */
+    char *psk;                  /* the pre-shared key                       */
+    char *psk_identity;         /* the pre-shared key identity              */
     int force_ciphersuite[2];   /* protocol/ciphersuite to use, or all      */
     int renegotiation;          /* enable / disable renegotiation           */
     int allow_legacy;           /* allow legacy renegotiation               */
@@ -121,6 +125,9 @@ void my_debug( void *ctx, int level, const char *str )
     "                        options: ssl3, tls1, tls1_1, tls1_2\n" \
     "    auth_mode=%%s        default: \"optional\"\n"          \
     "                        options: none, optional, required\n" \
+    "    psk=%%s              default: \"\" (in hex, without 0x)\n" \
+    "    psk_identity=%%s     default: \"Client_identity\"\n" \
+    "\n"                                                    \
     "    force_ciphersuite=<name>    default: all enabled\n"\
     " acceptable ciphersuite names:\n"
 
@@ -146,6 +153,8 @@ int main( int argc, char *argv[] )
     int listen_fd;
     int client_fd = -1;
     unsigned char buf[1024];
+    unsigned char psk[256];
+    size_t psk_len = 0;
     char *pers = "ssl_server2";
 
     entropy_context entropy;
@@ -197,6 +206,8 @@ int main( int argc, char *argv[] )
     opt.ca_path             = DFL_CA_PATH;
     opt.crt_file            = DFL_CRT_FILE;
     opt.key_file            = DFL_KEY_FILE;
+    opt.psk                 = DFL_PSK;
+    opt.psk_identity        = DFL_PSK_IDENTITY;
     opt.force_ciphersuite[0]= DFL_FORCE_CIPHER;
     opt.renegotiation       = DFL_RENEGOTIATION;
     opt.allow_legacy        = DFL_ALLOW_LEGACY;
@@ -230,6 +241,10 @@ int main( int argc, char *argv[] )
             opt.crt_file = q;
         else if( strcmp( p, "key_file" ) == 0 )
             opt.key_file = q;
+        else if( strcmp( p, "psk" ) == 0 )
+            opt.psk = q;
+        else if( strcmp( p, "psk_identity" ) == 0 )
+            opt.psk_identity = q;
         else if( strcmp( p, "force_ciphersuite" ) == 0 )
         {
             opt.force_ciphersuite[0] = -1;
@@ -282,6 +297,54 @@ int main( int argc, char *argv[] )
             goto usage;
     }
 
+    /*
+     * Unhexify the pre-shared key if any is given
+     */
+    if( strlen( opt.psk ) )
+    {
+        unsigned char c;
+        size_t j;
+
+        if( strlen( opt.psk ) % 2 != 0 )
+        {
+            printf("pre-shared key not valid hex\n");
+            goto exit;
+        }
+
+        psk_len = strlen( opt.psk ) / 2;
+
+        for( j = 0; j < strlen( opt.psk ); j += 2 )
+        {
+            c = opt.psk[j];
+            if( c >= '0' && c <= '9' )
+                c -= '0';
+            else if( c >= 'a' && c <= 'f' )
+                c -= 'a' - 10;
+            else if( c >= 'A' && c <= 'F' )
+                c -= 'A' - 10;
+            else
+            {
+                printf("pre-shared key not valid hex\n");
+                goto exit;
+            }
+            psk[ j / 2 ] = c << 4;
+
+            c = opt.psk[j + 1];
+            if( c >= '0' && c <= '9' )
+                c -= '0';
+            else if( c >= 'a' && c <= 'f' )
+                c -= 'a' - 10;
+            else if( c >= 'A' && c <= 'F' )
+                c -= 'A' - 10;
+            else
+            {
+                printf("pre-shared key not valid hex\n");
+                goto exit;
+            }
+            psk[ j / 2 ] |= c;
+        }
+    }
+
     /*
      * 0. Initialize the RNG and the session data
      */
@@ -421,6 +484,8 @@ int main( int argc, char *argv[] )
 
     ssl_set_ca_chain( &ssl, &cacert, NULL, NULL );
     ssl_set_own_cert( &ssl, &srvcert, &rsa );
+    ssl_set_psk( &ssl, psk, psk_len, (unsigned char *) opt.psk_identity,
+                 strlen( opt.psk_identity ) );
 
 #if defined(POLARSSL_DHM_C)
     /*