mbedtls with PSK resulting in error

Question

I'm trying to use PSK with mbedtls library combined with SGX. Without PSK the connection works fine as it should.

Here is the relevant client side code:

mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
mbedtls_x509_crt cacert;

mbedtls_net_init(&server_fd);
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
mbedtls_x509_crt_init(&cacert);
mbedtls_ctr_drbg_init(&ctr_drbg);


mbedtls_entropy_init( &entropy );
if ((mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char*) pers, strlen(pers))) != 0) {
    mbedtls_printf( " failed\n  ! mbedtls_ctr_drbg_seed returned %d\n", ret );
    ret = -1;
    break;
}

ret = mbedtls_x509_crt_parse(&cacert, (const unsigned char *) mbedtls_crt, mbedtls_crt_len);

if ((ret = mbedtls_net_connect(&server_fd, SERVER_NAME, SERVER_PORT, MBEDTLS_NET_PROTO_TCP )) != 0) {
    mbedtls_printf( " failed\n  ! mbedtls_net_connect returned %d\n\n", ret );
    break;
}

if ((ret = mbedtls_ssl_config_defaults(&conf,
                                       MBEDTLS_SSL_IS_CLIENT,
                                       MBEDTLS_SSL_TRANSPORT_STREAM,
                                       MBEDTLS_SSL_PRESET_DEFAULT)) != 0 )
{
    mbedtls_printf( " failed\n  ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
    break;
}

mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL );
mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_conf_dbg( &conf, my_debug, NULL );
mbedtls_ssl_conf_verify( &conf, my_verify, NULL );

const unsigned char psk_key[] = {
    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
};
size_t psk_len = sizeof( psk_key );
const char psk_id[] = "Client_identity";

if ((ret = mbedtls_ssl_conf_psk(&conf, psk_key, psk_len,
                                (const unsigned char *) psk_id,
                                strlen(psk_id))) != 0 )
{
    mbedtls_printf( "  mbedtls_ssl_conf_psk returned %d\n\n", ret );
    break;
}



if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
{
    mbedtls_printf( " failed\n  ! mbedtls_ssl_setup returned %d\n\n", ret );
    break;
}

if( ( ret = mbedtls_ssl_set_hostname( &ssl, "mbed TLS Server 1" ) ) != 0 )
{
    mbedtls_printf( " failed\n  ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
    break;
}

mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL );

mbedtls_printf( " ok\n" );
mbedtls_printf( "  . Performing the SSL/TLS handshake..." );

while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) {
    if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
        mbedtls_printf( " failed\n  ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret);
        break;
    }
}


....

I have the openssl test server running with:

 openssl s_server -accept 4433 -cert server.pem -psk 000102030405060708090a0b0c0d0e0f -psk_hint Client_identity -cipher PSK-AES256-CBC-SHA -debug

The server receives the connection and exchanges the PSK messages as well, but at the decryption point I receive the following error:

 error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac:s3_pkt.c:532: 

I have also tried to change the -cipher PSK-AES256-CBC-SHA to a different cipher but still the same error. When omitting the cipher entirely the connection works but no PSK is performed!?

Answer 1

After several attempts, I managed to get to the root cause of this issue. The reason for the failure, is implied from the following log in openssl s_server logs(I used -debug -tlsextdebug):

created PSK len=15

Which is originated from openssl code However, the key you are using is 16 bytes. when I changed the psk to "010102030405060708090a0b0c0d0e0f" , the TLS connection worked, with the following log:

created PSK len=16

I believe the root cause for this failure is within OPENSSL_hexstr2buf() implementation, which ignores the most significant zeros, thus returning a false length of the key.