TLS connection with PSK using Bouncycastle

Question

I have to establish a TLS connection to a remote server with a preshared key. I'm currently using PSKTlsClient from Bouncycastle. My initialization code looks like that:

 socket_ = new Socket(address,port);            
 tlsHandler_ = new TlsProtocolHandler(socket_.getInputStream(),socket_.getOutputStream());           
 pskTlsClient_ = new PSKTlsClient(tlsPskInfo_);            
 tlsHandler_.connect(pskTlsClient_);

However Im getting this stacktrace:

java.io.IOException: Internal TLS error, this could be an attack
at org.bouncycastle.crypto.tls.TlsProtocolHandler.failWithError(Unknown Source)
at org.bouncycastle.crypto.tls.TlsProtocolHandler.safeReadData(Unknown Source)
at org.bouncycastle.crypto.tls.TlsProtocolHandler.connect(Unknown Source)
at common.network.Transport.PskTlsClientSocket.connect(PskTlsClientSocket.java:61)

I also got a TLS Certificate in the message, where the PSK is transmitted, but I'm somehow stuck how to establish this connection. Do you have any suggestion how to proceed?

Answer 1

Solved. The problem was, that in the java bouncycastle library, the process server certificate method wasn't implemented and always throws an internal error. So i had to implement this and all worked fine after that.

Edit: In TlsPSKKeyExchange.java change the following method to:

public void processServerCertificate(Certificate serverCertificate) throws IOException
{
    SubjectPublicKeyInfo subPubKeyInfo = serverCertificate.certs[0].getTBSCertificate().getSubjectPublicKeyInfo();
    RSAPublicKey pubKey = RSAPublicKey.getInstance(subPubKeyInfo.getPublicKey());
    rsaServerPublicKey = new RSAKeyParameters(false,pubKey.getModulus(),pubKey.getPublicExponent());
}

The first public key in the first certificate is used for the RSA encryption.