Ambiguous PSK key length in "calculate_key_block"

Status: Alpha

Brought to you by: obgm

This project can now be found here.

#24 Ambiguous PSK key length in "calculate_key_block"

Milestone: 1.0

Status: closed

Owner: Olaf Bergmann

Labels: None

Updated: 2015-05-26

Created: 2015-05-26

Creator: Achim Kraus

Private: No

Function "calculate_key_block" uses "DTLS_PSK_MAX_KEY_LEN" (32) when calling "get_psk_info" and "MAX_KEYBLOCK_LENGTH" (referring "DTLS_KEY_LENGTH" (16) as max key length) when calling "dtls_psk_pre_master_secret". This leads to "the psk was too long, for the pre master secret", if the key is longer the 16 bytes. So either the pre_master_secret may be enlarged or the psk key length may be reduced.

Discussion

Olaf Bergmann - 2015-05-26

status: open --> closed

assigned_to: Olaf Bergmann
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Olaf Bergmann - 2015-05-26

I agree that this is unconvenient. Although different cipher suites would allow for different key lengths, this case should be handled before dtls_psk_pre_master_secret() is called. As by now, only AES-128 is supported for PSK, commit 1719a06 solves this issue by limiting DTLS_PSK_MAX_KEY_LEN to DTLS_KEY_LENGTH.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Ambiguous PSK key length in "calculate_key_block"

Milestone

Searches

Help

#24 Ambiguous PSK key length in "calculate_key_block"

Discussion