Returning an alert when PSK authentication fails. (#458)

jaredwolff · web-flow · commit bf685897fd3d · 2023-06-17T21:49:39.000-07:00
diff --git a/dtls/src/alert/mod.rs b/dtls/src/alert/mod.rs
@@ -62,6 +62,7 @@ pub(crate) enum AlertDescription {
     UserCanceled = 90,
     NoRenegotiation = 100,
     UnsupportedExtension = 110,
+    UnknownPskIdentity = 115,
     Invalid,
 }
 
@@ -93,6 +94,7 @@ impl fmt::Display for AlertDescription {
             AlertDescription::UserCanceled => write!(f, "UserCanceled"),
             AlertDescription::NoRenegotiation => write!(f, "NoRenegotiation"),
             AlertDescription::UnsupportedExtension => write!(f, "UnsupportedExtension"),
+            AlertDescription::UnknownPskIdentity => write!(f, "UnknownPskIdentity"),
             _ => write!(f, "Invalid alert description"),
         }
     }
@@ -126,6 +128,7 @@ impl From<u8> for AlertDescription {
             90 => AlertDescription::UserCanceled,
             100 => AlertDescription::NoRenegotiation,
             110 => AlertDescription::UnsupportedExtension,
+            115 => AlertDescription::UnknownPskIdentity,
             _ => AlertDescription::Invalid,
         }
     }
diff --git a/dtls/src/conn/mod.rs b/dtls/src/conn/mod.rs
@@ -968,7 +968,20 @@ impl DTLSConn {
                     Ok(pkt) => pkt,
                     Err(err) => {
                         debug!("{}: decrypt failed: {}", srv_cli_str(ctx.is_client), err);
-                        return (false, None, None);
+
+                        // If we get an error for PSK we need to return an error.
+                        if cipher_suite.is_psk() {
+                            return (
+                                false,
+                                Some(Alert {
+                                    alert_level: AlertLevel::Fatal,
+                                    alert_description: AlertDescription::UnknownPskIdentity,
+                                }),
+                                None,
+                            );
+                        } else {
+                            return (false, None, None);
+                        }
                     }
                 };
             }

Original file line number	Diff line number	Diff line change
`@@ -62,6 +62,7 @@ pub(crate) enum AlertDescription {`
`62`	`62`	`UserCanceled = 90,`
`63`	`63`	`NoRenegotiation = 100,`
`64`	`64`	`UnsupportedExtension = 110,`
	`65`	`+ UnknownPskIdentity = 115,`
`65`	`66`	`Invalid,`
`66`	`67`	`}`
`67`	`68`
`@@ -93,6 +94,7 @@ impl fmt::Display for AlertDescription {`
`93`	`94`	`AlertDescription::UserCanceled => write!(f, "UserCanceled"),`
`94`	`95`	`AlertDescription::NoRenegotiation => write!(f, "NoRenegotiation"),`
`95`	`96`	`AlertDescription::UnsupportedExtension => write!(f, "UnsupportedExtension"),`
	`97`	`+ AlertDescription::UnknownPskIdentity => write!(f, "UnknownPskIdentity"),`
`96`	`98`	`_ => write!(f, "Invalid alert description"),`
`97`	`99`	`}`
`98`	`100`	`}`
`@@ -126,6 +128,7 @@ impl From<u8> for AlertDescription {`
`126`	`128`	`90 => AlertDescription::UserCanceled,`
`127`	`129`	`100 => AlertDescription::NoRenegotiation,`
`128`	`130`	`110 => AlertDescription::UnsupportedExtension,`
	`131`	`+ 115 => AlertDescription::UnknownPskIdentity,`
`129`	`132`	`_ => AlertDescription::Invalid,`
`130`	`133`	`}`
`131`	`134`	`}`