Added pre-shared key handling for the client side of SSL / TLS

Client side handling of the pure PSK ciphersuites is now in the base
code.

include/polarssl/config.h

@@ -161,6 +161,21 @@
 #define POLARSSL_ENABLE_WEAK_CIPHERSUITES
  */
 
+/**
+ * \def POLARSSL_KEY_EXCHANGE_PSK_ENABLED
+ *
+ * Enable the PSK based ciphersuite modes in SSL / TLS
+ * In combination with POLARSSL_RSA_C it also enables RSA_PSK ciphersuites
+ * and in combination with POLARSSL_DHM_C it enables the DHE_PSK ciphersuites
+ *
+ * This enables the following ciphersuites:
+ *      TLS_PSK_WITH_RC4_128_SHA
+ *      TLS_PSK_WITH_3DES_EDE_CBC_SHA
+ *      TLS_PSK_WITH_AES_128_CBC_SHA
+ *      TLS_PSK_WITH_AES_256_CBC_SHA
+ */
+#define POLARSSL_KEY_EXCHANGE_PSK_ENABLED
+
 /**
  * \def POLARSSL_ERROR_STRERROR_DUMMY
  *
@@ -348,6 +363,8 @@
  *      TLS_RSA_WITH_AES_256_GCM_SHA384
  *      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  *      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+ *      TLS_PSK_WITH_AES_128_CBC_SHA
+ *      TLS_PSK_WITH_AES_256_CBC_SHA
  *
  * PEM uses AES for decrypting encrypted keys.
  */
@@ -366,6 +383,7 @@
  *      TLS_RSA_WITH_RC4_128_MD5
  *      TLS_RSA_WITH_RC4_128_SHA
  *      TLS_ECDHE_RSA_WITH_RC4_128_SHA
+ *      TLS_PSK_WITH_RC4_128_SHA
  */
 #define POLARSSL_ARC4_C
 
@@ -511,6 +529,7 @@
  *      TLS_RSA_WITH_3DES_EDE_CBC_SHA
  *      TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
  *      TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
+ *      TLS_PSK_WITH_3DES_EDE_CBC_SHA
  *
  * PEM uses DES/3DES for decrypting encrypted keys.
  */

include/polarssl/ssl.h

@@ -201,6 +201,7 @@
 #define SSL_ALERT_MSG_NO_RENEGOTIATION     100  /* 0x64 */
 #define SSL_ALERT_MSG_UNSUPPORTED_EXT      110  /* 0x6E */
 #define SSL_ALERT_MSG_UNRECOGNIZED_NAME    112  /* 0x70 */
+#define SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY 115  /* 0x73 */
 
 #define SSL_HS_HELLO_REQUEST            0
 #define SSL_HS_CLIENT_HELLO             1
@@ -226,7 +227,6 @@
 
 #define TLS_EXT_RENEGOTIATION_INFO      0xFF01
 
-
 /*
  * Generic function pointers for allowing external RSA private key
  * implementations.
@@ -441,6 +441,7 @@ struct _ssl_context
 
     size_t in_hslen;            /*!< current handshake message length */
     int nb_zero;                /*!< # of 0-length encrypted messages */
+    int record_read;            /*!< record is already present        */
 
     /*
      * Record layer (outgoing data)
@@ -483,6 +484,16 @@ struct _ssl_context
     mpi dhm_G;                          /*!<  generator for DHM       */
 #endif
 
+#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
+    /*
+     * PSK values
+     */
+    const unsigned char *psk;
+    size_t         psk_len;
+    const unsigned char *psk_identity;
+    size_t         psk_identity_len;
+#endif
+
     /*
      * TLS extensions
      */
@@ -780,6 +791,21 @@ void ssl_set_own_cert_alt( ssl_context *ssl, x509_cert *own_cert,
                            rsa_sign_func rsa_sign,
                            rsa_key_len_func rsa_key_len );
 
+#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
+/**
+ * \brief          Set the Pre Shared Key (PSK) and the identity name connected
+ *                 to it. The PSK is used in all PSK-based ciphersuites.
+ *
+ * \param ssl      SSL context
+ * \param psk      pointer to the pre-shared key
+ * \param psk_len  pre-shared key length
+ * \param psk_identity      pointer to the pre-shared key identity
+ * \param psk_identity_len  identity key length
+ */
+void ssl_set_psk( ssl_context *ssl, const unsigned char *psk, size_t psk_len,
+                  const unsigned char *psk_identity, size_t psk_identity_len );
+#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
+
 #if defined(POLARSSL_DHM_C)
 /**
  * \brief          Set the Diffie-Hellman public P and G values,

include/polarssl/ssl_ciphersuites.h

@@ -53,6 +53,7 @@ extern "C" {
 #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA         0x33
 #define TLS_RSA_WITH_AES_256_CBC_SHA             0x35
 #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA         0x39
+
 #define TLS_RSA_WITH_AES_128_CBC_SHA256          0x3C   /**< TLS 1.2 */
 #define TLS_RSA_WITH_AES_256_CBC_SHA256          0x3D   /**< TLS 1.2 */
 #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256      0x67   /**< TLS 1.2 */
@@ -62,6 +63,22 @@ extern "C" {
 #define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA    0x45
 #define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA        0x84
 #define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA    0x88
+
+#define TLS_PSK_WITH_RC4_128_SHA                 0x8A
+#define TLS_PSK_WITH_3DES_EDE_CBC_SHA            0x8B
+#define TLS_PSK_WITH_AES_128_CBC_SHA             0x8C
+#define TLS_PSK_WITH_AES_256_CBC_SHA             0x8D
+
+#define TLS_DHE_PSK_WITH_RC4_128_SHA             0x8E
+#define TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA        0x8F
+#define TLS_DHE_PSK_WITH_AES_128_CBC_SHA         0x90
+#define TLS_DHE_PSK_WITH_AES_256_CBC_SHA         0x91
+
+#define TLS_RSA_PSK_WITH_RC4_128_SHA             0x92
+#define TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA        0x93
+#define TLS_RSA_PSK_WITH_AES_128_CBC_SHA         0x94
+#define TLS_RSA_PSK_WITH_AES_256_CBC_SHA         0x95
+
 #define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256     0xBA   /**< TLS 1.2 */
 #define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBE   /**< TLS 1.2 */
 #define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256     0xC0   /**< TLS 1.2 */
@@ -91,6 +108,9 @@ typedef enum {
     POLARSSL_KEY_EXCHANGE_RSA,
     POLARSSL_KEY_EXCHANGE_DHE_RSA,
     POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
+    POLARSSL_KEY_EXCHANGE_PSK,
+    POLARSSL_KEY_EXCHANGE_DHE_PSK,
+    POLARSSL_KEY_EXCHANGE_RSA_PSK,
 } key_exchange_type_t;
 
 typedef struct _ssl_ciphersuite_t ssl_ciphersuite_t;