Using PSKs with openssl app.

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Using PSKs with openssl app.

Phil Neumiller
H,

This is my method for using external PSKs with the openssl tool.  Does this
appear correct?  The application darta seems to be exchanged and if I change
a PSK it will fail.  I *think* this is correct...

Server side:

PSK=b2c9b9f57ef2fbbba8b624070b301d7f278f1b39c352d5fa849f85a3e7a3f77b
openssl s_server -accept 8400  -tls1_3  -nocert -psk $PSK -ciphersuites
TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256

Client side:

PSK=b2c9b9f57ef2fbbba8b624070b301d7f278f1b39c352d5fa849f85a3e7a3f77b
openssl s_client -connect 127.0.0.1:8400 -tls1_3 -psk $PSK -tlsextdebug

Here are the hello messages that are exchanged:

TLSv1.3 Record Layer: Handshake Protocol: Client Hello
    Content Type: Handshake (22)
    Version: TLS 1.0 (0x0301)
    Length: 282
    Handshake Protocol: Client Hello
        Handshake Type: Client Hello (1)
        Length: 278
        Version: TLS 1.2 (0x0303)
        Random: d9cd1e44a462699f2a2f794a7fb3dd129b183d3c22183bab…
        Session ID Length: 32
        Session ID: 5525acf9be6afd90e7a7853405157bc21cda45bd708a65f9…
        Cipher Suites Length: 8
        Cipher Suites (4 suites)
        Compression Methods Length: 1
        Compression Methods (1 method)
        Extensions Length: 197
        Extension: ec_point_formats (len=4)
            Type: ec_point_formats (11)
            Length: 4
            EC point formats Length: 3
            Elliptic curves point formats (3)
        Extension: supported_groups (len=22)
            Type: supported_groups (10)
            Length: 22
            Supported Groups List Length: 20
            Supported Groups (10 groups)
        Extension: session_ticket (len=0)
            Type: session_ticket (35)
            Length: 0
            Data (0 bytes)
        Extension: encrypt_then_mac (len=0)
            Type: encrypt_then_mac (22)
            Length: 0
        Extension: extended_master_secret (len=0)
            Type: extended_master_secret (23)
            Length: 0
        Extension: signature_algorithms (len=30)
            Type: signature_algorithms (13)
            Length: 30
            Signature Hash Algorithms Length: 28
            Signature Hash Algorithms (14 algorithms)
        Extension: supported_versions (len=3)
            Type: supported_versions (43)
            Length: 3
            Supported Versions length: 2
            Supported Version: TLS 1.3 (0x0304)
        Extension: psk_key_exchange_modes (len=2)
            Type: psk_key_exchange_modes (45)
            Length: 2
            PSK Key Exchange Modes Length: 1
            PSK Key Exchange Mode: PSK with (EC)DHE key establishment
(psk_dhe_ke) (1)
        Extension: key_share (len=38)
            Type: key_share (51)
            Length: 38
            Key Share extension
                Client Key Share Length: 36
                Key Share Entry: Group: x25519, Key Exchange length: 32
                    Group: x25519 (29)
                    Key Exchange Length: 32
                    Key Exchange:
eb7a84e24c88e64c0032bbdba0485281702c7929d72d1417…
        Extension: pre_shared_key (len=58)
            Type: pre_shared_key (41)
            Length: 58
            Pre-Shared Key extension
                Identities Length: 21
                PSK Identity (length: 15)
                PSK Binders length: 33
                PSK Binders


TLSv1.3 Record Layer: Handshake Protocol: Server Hello
    Content Type: Handshake (22)
    Version: TLS 1.2 (0x0303)
    Length: 128
    Handshake Protocol: Server Hello
        Handshake Type: Server Hello (2)
        Length: 124
        Version: TLS 1.2 (0x0303)
        Random: 4b491c81e70b2ded5bb9d922009b9d8579f9c4415f067f9b…
        Session ID Length: 32
        Session ID: 5525acf9be6afd90e7a7853405157bc21cda45bd708a65f9…
        Cipher Suite: TLS_CHACHA20_POLY1305_SHA256 (0x1303)
        Compression Method: null (0)
        Extensions Length: 52
        Extension: supported_versions (len=2)
            Type: supported_versions (43)
            Length: 2
            Supported Version: TLS 1.3 (0x0304)
        Extension: key_share (len=36)
            Type: key_share (51)
            Length: 36
            Key Share extension
                Key Share Entry: Group: x25519, Key Exchange length: 32
                    Group: x25519 (29)
                    Key Exchange Length: 32
                    Key Exchange:
33f67b055f03bb7ce049dc4cb338569d015acc5911f3c55f…
        Extension: pre_shared_key (len=2)
            Type: pre_shared_key (41)
            Length: 2
            Pre-Shared Key extension
                Selected Identity: 0


Here is the client output:

➜  scripts git:(working) ✗ ./client  
CONNECTED(00000003)
TLS server extension "supported versions" (id=43), len=2
0000 - 03 04                                             ..
TLS server extension "key share" (id=51), len=36
0000 - 00 1d 00 20 cd c7 59 0b-f3 98 90 e0 34 bc 01 32   ... ..Y.....4..2
0010 - ed 86 cd 9c 9e e4 89 be-fe 3a 57 d0 68 c7 e5 5f   .........:W.h.._
0020 - fc c1 f5 2f                                       .../
TLS server extension "psk" (id=41), len=2
0000 - 00 00                                             ..
Can't use SSL_get_servername
---
no peer certificate available
---
No client certificate CA names sent
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 225 bytes and written 351 bytes
Verification: OK
---
Reused, TLSv1.3, Cipher is TLS_CHACHA20_POLY1305_SHA256
Secure Renegotiation IS NOT supported
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_CHACHA20_POLY1305_SHA256
    Session-ID:
CA31612F1DF0EC3BCF9CB77641FBB9C9E52DDD60E87DDB213D33B5A80B8AB1CD
    Session-ID-ctx:
    Resumption PSK:
9BB195D4013A7B45176BD1B0BA04B9EF782E03F678A5373B68C659D24C06DCD7
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 304 (seconds)
    TLS session ticket:
    0000 - b2 b7 8d 84 0b 3c d7 9f-35 d1 2a a3 0a 1b 64 1f  
.....<..5.*...d.
    0010 - ba 0c b3 83 5e 3c 8b 83-3c 2a e3 f8 63 7b d7 0b  
....^<..<*..c{..
    0020 - 18 40 db 63 1e f7 df f4-2d 95 42 b8 08 be 47 2a  
.@.c....-.B...G*
    0030 - 75 5c 1f df 5f 0c ea 54-ec 9b e6 20 1c 74 d9 20   u\.._..T... .t.
    0040 - a9 5c af 29 5f 8a cf 12-03 7c ef 4a b8 3f fe 04  
.\.)_....|.J.?..
    0050 - 49 cc 6d eb 18 3b c8 86-0b b9 ba 41 83 2d f8 da  
I.m..;.....A.-..
    0060 - 0d 16 68 f9 7e d9 e6 69-e2 6e e5 77 2e 9c 0a 1a  
..h.~..i.n.w....
    0070 - a4 3f b0 9d f4 f2 f4 67-13 22 b6 ac 94 0a dc b5  
.?.....g."......
    0080 - cf 0f b8 39 cb 64 00 42-6f 8f 03 b2 be c9 3b 13  
...9.d.Bo.....;.
    0090 - a7 a0 de e7 0c 29 d5 0e-2e 2d be 5e a4 a7 37 00  
.....)...-.^..7.
    00a0 - 00 4e c5 a8 e5 dd 31 ad-20 27 c9 b1 cd 57 ec c1   .N....1.
'...W..
    00b0 - b3 35 05 9b 2f ee 12 54-f7 2e 2f 65 d0 d5 5e d9  
.5../..T../e..^.

    Start Time: 1573598575
    Timeout   : 304 (sec)
    Verify return code: 1 (unspecified certificate verification error)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
213

➜  scripts git:(working) ✗ ./server2  
Using default temp DH parameters
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
MHICAQECAgMEBAITAwQgq58EYhoHgoCQ2c5Vu6JK/6a4jSyMsKtSOaQkgy5Of/0E
IHEPU755SzYf7LVKFCel24+y2MYbjtZtJ/3ftEuPWyM3oQYCBF3LNRmiBAICATCk
BgQEAQAAAKUDAgEBrgYCBAGzBnI=
-----END SSL SESSION PARAMETERS-----
Shared
ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
Supported Elliptic Groups:
X25519:P-256:X448:P-521:P-384:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
Shared Elliptic groups:
X25519:P-256:X448:P-521:P-384:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
CIPHER is TLS_CHACHA20_POLY1305_SHA256
Reused session-id
Secure Renegotiation IS supported
ERROR
shutting down SSL
CONNECTION CLOSED
ERROR
C0:D5:15:08:01:00:00:00:error:SSL routines::binder does not
verify:ssl/statem/extensions.c:1614:
shutting down SSL
CONNECTION CLOSED
ERROR
C0:D5:15:08:01:00:00:00:error:SSL routines::binder does not
verify:ssl/statem/extensions.c:1614:
shutting down SSL
CONNECTION CLOSED
-----BEGIN SSL SESSION PARAMETERS-----
MHICAQECAgMEBAITAwQgGCCjChaAp/rv2yYw7BCn3x6AZy5JZocHzEhop5K0K3EE
IJuxldQBOntFF2vRsLoEue94LgP2eKU3O2jGWdJMBtzXoQYCBF3LNW+iBAICATCk
BgQEAQAAAKUDAgEBrgYCBDTrhfY=
-----END SSL SESSION PARAMETERS-----
Shared
ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
Supported Elliptic Groups:
X25519:P-256:X448:P-521:P-384:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
Shared Elliptic groups:
X25519:P-256:X448:P-521:P-384:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
CIPHER is TLS_CHACHA20_POLY1305_SHA256
Reused session-id
Secure Renegotiation IS supported
213






-----
Phillip Neumiller
Platform Engineering
Directstream, LLC
--
Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html
Phillip Neumiller Platform Engineering Directstream, LLC