Use PSK early secret when negotiated

author: Peter Dettman <peter.dettman@bouncycastle.org> 2021-07-27 01:36:50 +0700
committer: Peter Dettman <peter.dettman@bouncycastle.org> 2021-07-27 01:36:50 +0700
commit: 51cf1f5a4659b049ef3571f32ee349f22f88329d (patch)
tree: b913a66956a22f6bbf1f26e7542a7392824406a1
parent: OfferedPsks.Config and methods to build (diff)
download: BouncyCastle.NET-ed25519-51cf1f5a4659b049ef3571f32ee349f22f88329d.tar.xz
4 files changed, 15 insertions, 17 deletions
diff --git a/crypto/src/tls/SecurityParameters.cs b/crypto/src/tls/SecurityParameters.cs
index 1f63f6f33..23a83a65f 100644
--- a/crypto/src/tls/SecurityParameters.cs
+++ b/crypto/src/tls/SecurityParameters.cs
@@ -22,7 +22,6 @@ namespace Org.BouncyCastle.Tls
         internal TlsSecret m_exporterMasterSecret = null;
         internal TlsSecret m_handshakeSecret = null;
         internal TlsSecret m_masterSecret = null;
-        internal TlsSecret m_preSharedKey = null;
         internal TlsSecret m_sharedSecret = null;
         internal TlsSecret m_trafficSecretClient = null;
         internal TlsSecret m_trafficSecretServer = null;
@@ -79,7 +78,6 @@ namespace Org.BouncyCastle.Tls
             this.m_exporterMasterSecret = ClearSecret(m_exporterMasterSecret);
             this.m_handshakeSecret = ClearSecret(m_handshakeSecret);
             this.m_masterSecret = ClearSecret(m_masterSecret);
-            this.m_preSharedKey = null;
             this.m_sharedSecret = ClearSecret(m_sharedSecret);
         }
 
@@ -228,11 +226,6 @@ namespace Org.BouncyCastle.Tls
             get { return m_peerVerifyData; }
         }
 
-        public TlsSecret PreSharedKey
-        {
-            get { return m_preSharedKey; }
-        }
-
         public int PrfAlgorithm
         {
             get { return m_prfAlgorithm; }
diff --git a/crypto/src/tls/TlsClientProtocol.cs b/crypto/src/tls/TlsClientProtocol.cs
index 8fb1a39b7..190a1927f 100644
--- a/crypto/src/tls/TlsClientProtocol.cs
+++ b/crypto/src/tls/TlsClientProtocol.cs
@@ -954,7 +954,10 @@ namespace Org.BouncyCastle.Tls
                 agreement.ReceivePeerValue(keyShareEntry.KeyExchange);
                 securityParameters.m_sharedSecret = agreement.CalculateSecret();
 
-                TlsUtilities.Establish13PhaseSecrets(m_tlsClientContext);
+                // TODO[tls13-psk] Use PSK early secret if negotiated
+                TlsSecret pskEarlySecret = null;
+
+                TlsUtilities.Establish13PhaseSecrets(m_tlsClientContext, pskEarlySecret);
             }
 
             {
diff --git a/crypto/src/tls/TlsServerProtocol.cs b/crypto/src/tls/TlsServerProtocol.cs
index a7e0e0120..2afb625a8 100644
--- a/crypto/src/tls/TlsServerProtocol.cs
+++ b/crypto/src/tls/TlsServerProtocol.cs
@@ -332,7 +332,11 @@ namespace Org.BouncyCastle.Tls
 
                 agreement.ReceivePeerValue(clientShare.KeyExchange);
                 securityParameters.m_sharedSecret = agreement.CalculateSecret();
-                TlsUtilities.Establish13PhaseSecrets(m_tlsServerContext);
+
+                // TODO[tls13-psk] Use PSK early secret if negotiated
+                TlsSecret pskEarlySecret = null;
+
+                TlsUtilities.Establish13PhaseSecrets(m_tlsServerContext, pskEarlySecret);
             }
 
             this.m_serverExtensions = serverEncryptedExtensions;
diff --git a/crypto/src/tls/TlsUtilities.cs b/crypto/src/tls/TlsUtilities.cs
index e48a44452..a80e6da32 100644
--- a/crypto/src/tls/TlsUtilities.cs
+++ b/crypto/src/tls/TlsUtilities.cs
@@ -1559,7 +1559,7 @@ namespace Org.BouncyCastle.Tls
             return Prf(securityParameters, master_secret, asciiLabel, prfHash, verify_data_length).Extract();
         }
 
-        internal static void Establish13PhaseSecrets(TlsContext context)
+        internal static void Establish13PhaseSecrets(TlsContext context, TlsSecret pskEarlySecret)
         {
             TlsCrypto crypto = context.Crypto;
             SecurityParameters securityParameters = context.SecurityParameters;
@@ -1567,15 +1567,14 @@ namespace Org.BouncyCastle.Tls
             TlsSecret zeros = crypto.HkdfInit(cryptoHashAlgorithm);
             byte[] emptyTranscriptHash = crypto.CreateHash(cryptoHashAlgorithm).CalculateHash();
 
-            TlsSecret preSharedKey = securityParameters.PreSharedKey;
-            if (null == preSharedKey)
+            TlsSecret earlySecret = pskEarlySecret;
+            if (null == earlySecret)
             {
-                preSharedKey = zeros;
+                earlySecret = crypto
+                    .HkdfInit(cryptoHashAlgorithm)
+                    .HkdfExtract(cryptoHashAlgorithm, zeros);
             }
 
-            TlsSecret earlySecret = crypto.HkdfInit(cryptoHashAlgorithm)
-                .HkdfExtract(cryptoHashAlgorithm, preSharedKey);
-
             TlsSecret sharedSecret = securityParameters.SharedSecret;
             if (null == sharedSecret)
             {
@@ -1596,7 +1595,6 @@ namespace Org.BouncyCastle.Tls
             securityParameters.m_earlySecret = earlySecret;
             securityParameters.m_handshakeSecret = handshakeSecret;
             securityParameters.m_masterSecret = masterSecret;
-            securityParameters.m_preSharedKey = null;
             securityParameters.m_sharedSecret = null;
         }
author	Peter Dettman <peter.dettman@bouncycastle.org>	2021-07-27 01:36:50 +0700
committer	Peter Dettman <peter.dettman@bouncycastle.org>	2021-07-27 01:36:50 +0700
commit	51cf1f5a4659b049ef3571f32ee349f22f88329d (patch)
tree	b913a66956a22f6bbf1f26e7542a7392824406a1
parent	OfferedPsks.Config and methods to build (diff)
download	BouncyCastle.NET-ed25519-51cf1f5a4659b049ef3571f32ee349f22f88329d.tar.xz