TLS 1.3 PSK succeeds even if then pre-shared key is wrong

Mon, 20 Apr 2020 05:15:02 -0700 

Hi,

I have been trying to perform/debug external PSK based handshake in TLS 1.3 for 
one of my projects. My team has implemented the "find_session_cb" as :


static int psk_find_session_cb(SSL *ssl, const unsigned char *identity,
                               size_t identity_len, SSL_SESSION **sess){

        SSL_SESSION *tmpsess = NULL;
        unsigned char *key;
        long key_len;
        const SSL_CIPHER *cipher = NULL;
        static char *psk_identity = "Client_identity";
        const char *psk_key = 
"0533c95c9ecc310ee07cb70a316c45448487c1f70bbea99fe6616f3348305677";
         //temperory fixed psk
        const unsigned char tls13_aes128gcmsha256_id[] = { 0x13, 0x01 };

        if (strlen(psk_identity) != identity_len)
        {
            wpa_printf(MSG_DEBUG, "PSK Identity length does not match.");
            return 0;
        }

        if(memcmp(psk_identity, identity, identity_len) != 0)
        {
                wpa_printf(MSG_DEBUG, "PSK Identity memory copy failed.");
            return 0;
        }

        key = OPENSSL_hexstr2buf(psk_key, &key_len);

        if (key == NULL) {
        wpa_printf(MSG_ERROR, "Could not convert PSK key '%s' to buffer\n",
                   psk_key);
        return 0;
    }

    cipher = SSL_CIPHER_find(ssl, tls13_aes128gcmsha256_id);
    if (cipher == NULL) {
        wpa_printf(MSG_DEBUG, "Error finding suitable ciphersuite\n");
        OPENSSL_free(key);
        return 0;
    }

    tmpsess = SSL_SESSION_new();
    if (tmpsess == NULL
            || !SSL_SESSION_set1_master_key(tmpsess, key, key_len)
            || !SSL_SESSION_set_cipher(tmpsess, cipher)
            || !SSL_SESSION_set_protocol_version(tmpsess, SSL_version(ssl))) {
        OPENSSL_free(key);
        return 0;
    }
    OPENSSL_free(key);
    *sess = tmpsess;
    wpa_printf(MSG_DEBUG, "Using external PSK.");
    return 1;
}


and attached the callback to the SSL object using 
"SSL_set_psk_find_session_callback()" method. From my client, we are sending 
creating and sending a session using "SSL_set_psk_use_session_callback(sssl, 
use_session_cb)".

>From what I noticed, the handshake completes successfully, regardless of the 
>value of "psk_key" (as long as PSK length is even). However, if the identity 
>value is mismatched between psk_find_session_cb and use_session_cb, the 
>handshake fails with the message:

   SSL: SSL3 alert: write (local SSL3 detected an error):fatal:internal error
   OpenSSL: openssl_handshake - SSL_connect error:141F906E:SSL 
routines:tls_parse_ctos_psk:bad extension

I am not sure what am I missing here

Thanks
Bran

Reply via email to