Re: PSK generation for TLS 1.3

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On Mon, Jul 3, 2017 at 2:11 AM, Matt Caswell <matt@xxxxxxxxxxx> wrote:


On 30/06/17 22:18, Neetish Pathak wrote:
> Hi All,
> Can anyone provide me pointers on how can we generate external PSK to be
> used inTLS 1.3.
>
> When I save a a session using SSL_CTX_sess_set_new_cb(), it provides an
> in-band PSK for next resumption connection.
> I use PEM_write_bio_SSL_SESSION to save the session.
>
>
> How do we use PSK externally. Can I use the same session file which was
> saved during in-band connection. I believe in case of an external PSK,
> both client and server should have a copy in advance.

Yes, you can do if you want - like you said you just need to make sure
that the session file is used on both the client and the server.
Alternatively you can "create" a new session file, e.g.
s_server/s_client do it like this:

        usesess = SSL_SESSION_new();
        if (usesess == NULL
                || !SSL_SESSION_set1_master_key(usesess, key, key_len)
                || !SSL_SESSION_set_cipher(usesess, cipher)
                || !SSL_SESSION_set_protocol_version(usesess,
TLS1_3_VERSION)) {
            OPENSSL_free(key);
            goto err;
        }


Thanks Matt. This is quite useful.
Just to clarify my understanding based on your comments, OpenSSL code  and Draft for TLS 1.3/RFC for TLS1.2, please help me with following queries

1) So, when using external PSK (by creating the new session file), client should mandatorily use SSL_CTX_set_psk_use_session_callback while server should mandatorily use SSL_CTX_set_psk_find_session_callback.
They both should use a common key (psk_key) to generate the new session file and this common key is the one shared in advance to both client and server. From the OpenSSL code, this key is used as char * type. So does it mean that any pre-decided string can be used as a key and it does not need any format etc. Both client and server create sessions based on the key and connect based on the created session?
In one of the examples, strspn(psk_key, "abcdefABCDEF1234567890") is used. So, I believe I can use any hex value string of my choice as psk_key.


2) Also, from the man page , I found that PSK are used in TLS1.2 and lower versions too and SSL_CTX_set_psk_server_callback and SSL_CTX_set_psk_client_callback are used to set callback there. PSK  identity and Pre shared key is set there which can be used during the connection. It is also written that these values are required when using PSK cipher-suites. So, is my understanding correct that the role of PSK in version <= TLS1.2 is only for using PSK ciphersuites (e.g: ECDHE-PSK-AES256-CBC-SHA384) and do not have anything to do with session resumption and thereby do not provide any performance enhancement.
Also, this PSK type ciphersuites are no longer valid for TLS 1.3.


Thanks
BR,
Neetish


 
Matt


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux