PSK ciphersuits一些工作机制
PSK ciphersuit
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
CipherSuite Key Exchange Cipher Hash
TLS_PSK_WITH_RC4_128_SHA PSK RC4_128 SHA
TLS_PSK_WITH_3DES_EDE_CBC_SHA PSK 3DES_EDE_CBC SHA
TLS_PSK_WITH_AES_128_CBC_SHA PSK AES_128_CBC SHA
TLS_PSK_WITH_AES_256_CBC_SHA PSK AES_256_CBC SHA
TLS_DHE_PSK_WITH_RC4_128_SHA DHE_PSK RC4_128 SHA
TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA DHE_PSK 3DES_EDE_CBC SHA
TLS_DHE_PSK_WITH_AES_128_CBC_SHA DHE_PSK AES_128_CBC SHA
TLS_DHE_PSK_WITH_AES_256_CBC_SHA DHE_PSK AES_256_CBC SHA
TLS_RSA_PSK_WITH_RC4_128_SHA RSA_PSK RC4_128 SHA
TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA RSA_PSK 3DES_EDE_CBC SHA
TLS_RSA_PSK_WITH_AES_128_CBC_SHA RSA_PSK AES_128_CBC SHA
TLS_RSA_PSK_WITH_AES_256_CBC_SHA RSA_PSK AES_256_CBC SHA
|
引入了PSK、DHE_PSK、RSA_PSK三种key exchange方式。
PSK方式只使用对称算法。DHE_PSK使用PSK来校验DHE的交换参数。RSA_PSK则是混合模式,使用RSA certificate验证服务端,使用PSK验证客户端。
PSK key exchange
常规的TLS handshake如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
Client Server
------ ------
ClientHello -------->
ServerHello
(Certificate)
ServerKeyExchange*
(CertificateRequest)
<-------- ServerHelloDone
(Certificate)
ClientKeyExchange
(CertificateVerify)
ChangeCipherSpec
Finished -------->
ChangeCipherSpec
<-------- Finished
Application Data <-------> Application Data
|
使用PSK的时候括号内的消息不发送。带*号的消息根据条件发送。
客户端通过ClientHello消息发送支持的PSK ciphersuits,服务端回复ServerHello选中的ciphersuit。server可以通过ServerKeyExchange发送psk identity hint来提示客户端使用的PSK。客户端回复ClientKeyExchange选择制定的PSK。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
struct {
select (KeyExchangeAlgorithm) {
/* other cases for rsa, diffie_hellman, etc. */
case psk: /* NEW */
opaque psk_identity_hint<0..2^16-1>;
};
} ServerKeyExchange;
struct {
select (KeyExchangeAlgorithm) {
/* other cases for rsa, diffie_hellman, etc. */
case psk: /* NEW */
opaque psk_identity<0..2^16-1>;
} exchange_keys;
} ClientKeyExchange;
|
premaster secret的格式如下:
1
2
3
4
|
struct {
opaque other_secret<0..2^16-1>;
opaque psk<0..2^16-1>;
};
|
other_secret部分根据模式不同而不同。如果是PSK only则全为零,否则则是来自于DH或者RSA交换方式部分。
DHE_PSK key exchange
这种方式支持Perfect Forward Secrecy, 对应的SE,CE如下,
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
struct {
select (KeyExchangeAlgorithm) {
/* other cases for rsa, diffie_hellman, etc. */
case diffie_hellman_psk: /* NEW */
opaque psk_identity_hint<0..2^16-1>;
ServerDHParams params;
};
} ServerKeyExchange;
struct {
select (KeyExchangeAlgorithm) {
/* other cases for rsa, diffie_hellman, etc. */
case diffie_hellman_psk: /* NEW */
opaque psk_identity<0..2^16-1>;
ClientDiffieHellmanPublic public;
} exchange_keys;
} ClientKeyExchange;
与PSK only相比,多了DH相关的参数部分。premaster包括DH协商密钥部分和PSK部分。
|
RSA_PSK key exchange
这种方式与普通的RSA类似,server需要发送Certficate消息。对应的SE,CE如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
struct {
select (KeyExchangeAlgorithm) {
/* other cases for rsa, diffie_hellman, etc. */
case rsa_psk: /* NEW */
opaque psk_identity_hint<0..2^16-1>;
};
} ServerKeyExchange;
struct {
select (KeyExchangeAlgorithm) {
/* other cases for rsa, diffie_hellman, etc. */
case rsa_psk: /* NEW */
opaque psk_identity<0..2^16-1>;
EncryptedPreMasterSecret;
} exchange_keys;
} ClientKeyExchange;
|
客户端将含有随机数的特定组合数据使用server的public key加密形成EncryptedPreMasterSecret。最终的premaster规则和PSK only一致。其中other_secret包括magic, EncryptedPreMasterSecret 和 PSK等。