Search code examples
c#.netopensslbouncycastletls-psk

PskTlsClient with Bouncy castle, System.IO.IOException on Connect

I'm developing a client-server with psk by openssl.

At the moment the server side is not implemented yet, there is a stub on my Ubuntu Linux machine only for tests purpose as the following:

openssl s_server -accept 9999 -cipher ECDHE-PSK-CHACHA20-POLY1305 -nocert -psk 6161616161 -psk_identity admin

There are some problems on the client side, I'm stuck in a rut because everything seems implemented as the following

 class Program
    {

        private static readonly SecureRandom _secureRandom = new SecureRandom();


        internal static TlsClientProtocol OpenTlsConnection(string hostname, int port, Org.BouncyCastle.Crypto.Tls.TlsClient client)
        {
            var tcp = new TcpClient(hostname, port);


            var protocol = new TlsClientProtocol(tcp.GetStream(), _secureRandom);

            protocol.Connect(client);


            return protocol;
        }

        static void Main(string[] args)
        {

            var hostname = "192.168.132.160";
            var port = 9999;

            var psk_identity = "admin";


            // hardcoded psk
            var psk = new byte[] { 0x61, 0x61, 0x61, 0x61, 0x61 };

            var pskIdentity = new BasicTlsPskIdentity(psk_identity, psk);



            var client = new PskTlsClient(null, pskIdentity);




            var protocol = OpenTlsConnection(hostname, port, client);


            // Tryng to send something
            var req = Encoding.UTF8.GetBytes("GET / HTTP/1.1\r\n\r\n");

            var tlsStream = protocol.Stream;
            tlsStream.Write(req, 0, req.Length);
            tlsStream.Flush();

            var reader = new StreamReader(tlsStream);

            string line;
            while ((line = reader.ReadLine()) != null)
            {
                Console.WriteLine(">>> " + line);
            }

            protocol.Close();


        }
    }

I get this exception every time:

System.IO.IOException: 'Unable to read data from the transport connection: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.'

In addition, this code on my Linux Machine works

openssl s_client -connect 192.168.132.160:9999 -psk 6161616161  -psk_identity admin -tls1_2

Did I miss something on my client side? Can anyone help me? I'm going mad.

Thanks

Solution

  • PskTlsClient only provides some cipher by default, to add what I wanted I develop a little proxy (design pattern) of PskTlsClient overriding GetCipherSuites() as the following:

        public class PskTlsClientProxy : PskTlsClient
{
    public PskTlsClientProxy(TlsPskIdentity pskIdentity) : base(pskIdentity)
    {




    }

    public PskTlsClientProxy(TlsCipherFactory cipherFactory, TlsPskIdentity pskIdentity) : base(cipherFactory, pskIdentity)
    {
    }

    public PskTlsClientProxy(TlsCipherFactory cipherFactory, TlsDHVerifier dhVerifier, TlsPskIdentity pskIdentity) : base(cipherFactory, dhVerifier, pskIdentity)
    {
    }

    public override void NotifyServerVersion(ProtocolVersion serverVersion)
    {
        base.NotifyServerVersion(serverVersion);

        Console.WriteLine("TLS-PSK client negotiated " + serverVersion);
    }


    public override int[] GetCipherSuites()
    {
        return new int[] {
            CipherSuite.DRAFT_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
        };

    }



}