Added pre-shared key handling for the client side of SSL / TLS
Client side handling of the pure PSK ciphersuites is now in the base
code.
diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index 850053c..29d4f0d 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -162,6 +162,21 @@
*/
/**
+ * \def POLARSSL_KEY_EXCHANGE_PSK_ENABLED
+ *
+ * Enable the PSK based ciphersuite modes in SSL / TLS
+ * In combination with POLARSSL_RSA_C it also enables RSA_PSK ciphersuites
+ * and in combination with POLARSSL_DHM_C it enables the DHE_PSK ciphersuites
+ *
+ * This enables the following ciphersuites:
+ * TLS_PSK_WITH_RC4_128_SHA
+ * TLS_PSK_WITH_3DES_EDE_CBC_SHA
+ * TLS_PSK_WITH_AES_128_CBC_SHA
+ * TLS_PSK_WITH_AES_256_CBC_SHA
+ */
+#define POLARSSL_KEY_EXCHANGE_PSK_ENABLED
+
+/**
* \def POLARSSL_ERROR_STRERROR_DUMMY
*
* Enable a dummy error function to make use of error_strerror() in
@@ -348,6 +363,8 @@
* TLS_RSA_WITH_AES_256_GCM_SHA384
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+ * TLS_PSK_WITH_AES_128_CBC_SHA
+ * TLS_PSK_WITH_AES_256_CBC_SHA
*
* PEM uses AES for decrypting encrypted keys.
*/
@@ -366,6 +383,7 @@
* TLS_RSA_WITH_RC4_128_MD5
* TLS_RSA_WITH_RC4_128_SHA
* TLS_ECDHE_RSA_WITH_RC4_128_SHA
+ * TLS_PSK_WITH_RC4_128_SHA
*/
#define POLARSSL_ARC4_C
@@ -511,6 +529,7 @@
* TLS_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
+ * TLS_PSK_WITH_3DES_EDE_CBC_SHA
*
* PEM uses DES/3DES for decrypting encrypted keys.
*/
diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index 43e8069..5c86bb3 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -201,6 +201,7 @@
#define SSL_ALERT_MSG_NO_RENEGOTIATION 100 /* 0x64 */
#define SSL_ALERT_MSG_UNSUPPORTED_EXT 110 /* 0x6E */
#define SSL_ALERT_MSG_UNRECOGNIZED_NAME 112 /* 0x70 */
+#define SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY 115 /* 0x73 */
#define SSL_HS_HELLO_REQUEST 0
#define SSL_HS_CLIENT_HELLO 1
@@ -226,7 +227,6 @@
#define TLS_EXT_RENEGOTIATION_INFO 0xFF01
-
/*
* Generic function pointers for allowing external RSA private key
* implementations.
@@ -441,6 +441,7 @@
size_t in_hslen; /*!< current handshake message length */
int nb_zero; /*!< # of 0-length encrypted messages */
+ int record_read; /*!< record is already present */
/*
* Record layer (outgoing data)
@@ -483,6 +484,16 @@
mpi dhm_G; /*!< generator for DHM */
#endif
+#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
+ /*
+ * PSK values
+ */
+ const unsigned char *psk;
+ size_t psk_len;
+ const unsigned char *psk_identity;
+ size_t psk_identity_len;
+#endif
+
/*
* TLS extensions
*/
@@ -780,6 +791,21 @@
rsa_sign_func rsa_sign,
rsa_key_len_func rsa_key_len );
+#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
+/**
+ * \brief Set the Pre Shared Key (PSK) and the identity name connected
+ * to it. The PSK is used in all PSK-based ciphersuites.
+ *
+ * \param ssl SSL context
+ * \param psk pointer to the pre-shared key
+ * \param psk_len pre-shared key length
+ * \param psk_identity pointer to the pre-shared key identity
+ * \param psk_identity_len identity key length
+ */
+void ssl_set_psk( ssl_context *ssl, const unsigned char *psk, size_t psk_len,
+ const unsigned char *psk_identity, size_t psk_identity_len );
+#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
+
#if defined(POLARSSL_DHM_C)
/**
* \brief Set the Diffie-Hellman public P and G values,
diff --git a/include/polarssl/ssl_ciphersuites.h b/include/polarssl/ssl_ciphersuites.h
index 7ec31ae..665c219 100644
--- a/include/polarssl/ssl_ciphersuites.h
+++ b/include/polarssl/ssl_ciphersuites.h
@@ -53,6 +53,7 @@
#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x33
#define TLS_RSA_WITH_AES_256_CBC_SHA 0x35
#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x39
+
#define TLS_RSA_WITH_AES_128_CBC_SHA256 0x3C /**< TLS 1.2 */
#define TLS_RSA_WITH_AES_256_CBC_SHA256 0x3D /**< TLS 1.2 */
#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x67 /**< TLS 1.2 */
@@ -62,6 +63,22 @@
#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x45
#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x84
#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x88
+
+#define TLS_PSK_WITH_RC4_128_SHA 0x8A
+#define TLS_PSK_WITH_3DES_EDE_CBC_SHA 0x8B
+#define TLS_PSK_WITH_AES_128_CBC_SHA 0x8C
+#define TLS_PSK_WITH_AES_256_CBC_SHA 0x8D
+
+#define TLS_DHE_PSK_WITH_RC4_128_SHA 0x8E
+#define TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 0x8F
+#define TLS_DHE_PSK_WITH_AES_128_CBC_SHA 0x90
+#define TLS_DHE_PSK_WITH_AES_256_CBC_SHA 0x91
+
+#define TLS_RSA_PSK_WITH_RC4_128_SHA 0x92
+#define TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 0x93
+#define TLS_RSA_PSK_WITH_AES_128_CBC_SHA 0x94
+#define TLS_RSA_PSK_WITH_AES_256_CBC_SHA 0x95
+
#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBA /**< TLS 1.2 */
#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBE /**< TLS 1.2 */
#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC0 /**< TLS 1.2 */
@@ -91,6 +108,9 @@
POLARSSL_KEY_EXCHANGE_RSA,
POLARSSL_KEY_EXCHANGE_DHE_RSA,
POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
+ POLARSSL_KEY_EXCHANGE_PSK,
+ POLARSSL_KEY_EXCHANGE_DHE_PSK,
+ POLARSSL_KEY_EXCHANGE_RSA_PSK,
} key_exchange_type_t;
typedef struct _ssl_ciphersuite_t ssl_ciphersuite_t;