Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

PSK Hint with OpenSSL

Tags:

openssl

hint

What is exactly the role of the PSK Hint in OpenSSL ? I think it's a sort of server identification for clients but I didn't found anything concrete about it.

like image 854
Guid Avatar asked Feb 03 '23 10:02

Guid

1 Answers

The PSK identity hint is not well defined (see RFC 4279). In a pre-shared key (PSK) scheme, both the client and the server have to be able to derive the same set of crypto keys. The identity hint is something the server provides to tell the client how to derive the key.

Since each server can have its own unique way of generating the key, the client has to know something about the server to know what to do with the PSK identity hint. And each implementation uses the hint differently.

For example, NETCONF uses the hint directly when generating the PSK (where + means concatenate):

PSK = SHA-1(SHA-1(psk_identity + "Key Pad for Netconf" + password) +  
            psk_identity_hint)

Whereas the Symbian Secure User Plane Location (SUPL) protocol uses it to present the protocol version and provide a list of PSK generators that the client can use.

Key Identifiers used in PSK-TLS MUST be in the form of RAND@SLP where SLP is in the FQDN format and RAND is a 128bits number. The following Key Identifiers are defined for SUPL 1.0:

...

PSK_H-SLP_Master_Key and PSK_SPC_Key MUST be either 128bits or 256bits long. Key Hints used in the PSK-TLS protocol MUST be set to “3GPP2 SUPL 1.0 Keys

Similarly TLS-PSK for EMV smart cards uses the identity hint to determine how to calculate the PSK.

When the parameter psk-identity-hint is not delivered by the server, a default mode is selected. This default mode works with a static PSK. Otherwise the psk-identity-hint determines a particular profile for xCDOL1 values and PSK calculation.

So as you can see, if you get a PSK hint from a server, you already have to know what information it provides and what to do with it or you won't be able to generate the same set of keys that the server generates.

Footnote: Nokia was responsible for the PSK-TLS draft RFC 4279 and also submitted the patch to OpenSSL implementing the spec.

like image 136
indiv Avatar answered Feb 06 '23 15:02

indiv
Sign in to Comment

Related questions

openssl Unable to load private key PEM_do_header:bad decrypt
How to verify a digital signature with openssl
Different signatures when using C routines and openssl dgst, rsautl commands
Building OpenSSL on Xcode 4.3 for Simulator fails
Do the openssl X509_verify_cert() verifies the signature in the certificate?
OpenSSL AES_set_encrypt_key differing depending on compilation target
Undefined reference to libssl function with Android NDK
Determining if a TLS/SSL certificate is 'trusted' from the command line?
Poco NetSSL Exception
OpenSSL in Android
How to perform code signing using osslsigncode
Problems with custom LIBFFI Heroku buildpack
OpenSSL AES_cfb128_encrypt C++
EVP Interface with AES-NI support
SSL_CTX_use_PrivateKey_file how to give password
Node.js TLS request with specific ciphers

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!