Strange bug in the TLS application protocol with PSK

> Hello,
>
> I've used GNUTLS for testing of the TLS with the PSK cipher suite
> (TLS_PSK_WITH_3DES_EDE_CBC_SHA). But I've faced a problem with PSK kind of
> authentication in the gnutls-cli. I see that handshake was successfully
> done. But then I tried to send part of application data, and I found that
> first cipher block (8 bytes) was corrupted. I think, GNUTLS calculates
> checksum for application data, injures first block and then do ciphering
> across all data. I think this is bug in GNUTLS, but I couldn't find any
> discussion at the forums about this fact.
>
> Has anyone else encountered this behaviour of the GNUTLS?
> Thanks very much in advance for any help!
>
> With best regards, Vlad.
>
> _______________________________________________
> Help-gnutls mailing list
> Help-gnutls@...
> http://lists.gnu.org/mailman/listinfo/help-gnutls
>
>

> Hi Nikos,
>
> Thanks for your answer. I've solved this problem. It was my error. I've
> reset IV for cipher after every message. But TLS uses the last cipher block
> of record as the CBC IV for next block. Thus, IV for first block of every
> new message was lost, and I wasn't able to decrypt the first cipher block of
> message. Now I call update() function instead of doFinal() and GNUTLS works
> fine.
>
> Thank you again,
> regards, Vlad.
>
> 2009/10/27 Nikos Mavrogiannopoulos <nmav@...>
>>
>> If you think this is a gnutls bug please send an example program that
>> reproduces this bug.
>>
>> regards,
>> Nikos
>>
>> On Tue, Oct 27, 2009 at 10:09 AM, Vladimir Estis <techdisser@...>
>> wrote:
>> > Hello,
>> >
>> > I've used GNUTLS for testing of the TLS with the PSK cipher suite
>> > (TLS_PSK_WITH_3DES_EDE_CBC_SHA). But I've faced a problem with PSK kind
>> > of
>> > authentication in the gnutls-cli. I see that handshake was successfully
>> > done. But then I tried to send part of application data, and I found
>> > that
>> > first cipher block (8 bytes) was corrupted. I think, GNUTLS calculates
>> > checksum for application data, injures first block and then do ciphering
>> > across all data. I think this is bug in GNUTLS, but I couldn't find any
>> > discussion at the forums about this fact.
>> >
>> > Has anyone else encountered this behaviour of the GNUTLS?
>> > Thanks very much in advance for any help!
>> >
>> > With best regards, Vlad.
>> >
>> > _______________________________________________
>> > Help-gnutls mailing list
>> > Help-gnutls@...
>> > http://lists.gnu.org/mailman/listinfo/help-gnutls
>> >
>> >
>
>

>
> I'm quite intrigued... How did you manage to do that? Do you use
> custom push and pull functions?
>
> regards,
> Nikos
>
> On Tue, Oct 27, 2009 at 3:06 PM, Vladimir Estis <techdisser@...> wrote:
> > Hi Nikos,
> >
> > Thanks for your answer. I've solved this problem. It was my error. I've
> > reset IV for cipher after every message. But TLS uses the last cipher block
> > of record as the CBC IV for next block. Thus, IV for first block of every
> > new message was lost, and I wasn't able to decrypt the first cipher block of
> > message. Now I call update() function instead of doFinal() and GNUTLS works
> > fine.
> >
> > Thank you again,
> > regards, Vlad.
> >
> > 2009/10/27 Nikos Mavrogiannopoulos <nmav@...>
> >>
> >> If you think this is a gnutls bug please send an example program that
> >> reproduces this bug.
> >>
> >> regards,
> >> Nikos
> >>
> >> On Tue, Oct 27, 2009 at 10:09 AM, Vladimir Estis <techdisser@...>
> >> wrote:
> >> > Hello,
> >> >
> >> > I've used GNUTLS for testing of the TLS with the PSK cipher suite
> >> > (TLS_PSK_WITH_3DES_EDE_CBC_SHA). But I've faced a problem with PSK kind
> >> > of
> >> > authentication in the gnutls-cli. I see that handshake was successfully
> >> > done. But then I tried to send part of application data, and I found
> >> > that
> >> > first cipher block (8 bytes) was corrupted. I think, GNUTLS calculates
> >> > checksum for application data, injures first block and then do ciphering
> >> > across all data. I think this is bug in GNUTLS, but I couldn't find any
> >> > discussion at the forums about this fact.
> >> >
> >> > Has anyone else encountered this behaviour of the GNUTLS?
> >> > Thanks very much in advance for any help!
> >> >
> >> > With best regards, Vlad.
> >> >
> >> > _______________________________________________
> >> > Help-gnutls mailing list
> >> > Help-gnutls@...
> >> > http://lists.gnu.org/mailman/listinfo/help-gnutls
> >> >
> >> >
> >
> >