MBEDTLS_ERR_SSL_INVALID_MAC -0x7180 and MBEDTLS_ERR_SSL_INVALID_RECORD -0x7200

Mbed TLS Generic
1

I use STM32 configuration MBEDTLS function, I use the WIFI module to communication, I configuration the underlying function of sending and receiving module, time, etc., I set the maximum connection length MBEDTLS_SSL_MAX_CONTENT_LEN is 2048 bytes, when I connect to our server, with WIFI module ,the situation is shake hands connection is successful each time , however, after shake hands ,sending and receiving data will appear to verify the MAC errors or receive an invalid session, during CCM or GCM mode, data decryption error, two errors occur:

MBEDTLS_ERR_SSL_INVALID_MAC -0x7180 /< Verification of the message MAC failed. */MBEDTLS_ERR_SSL_INVALID_RECORD -0x7200 /< An invalid SSL record was received. */

As soon as the errors occurs, It’s not going back to normal communication until I reconnect and shake hands. I think sometimes it have something errors, but it should can go back to normal. The connection is very unstable. Any good suggestions, my configuration is as follows:
//TIME Support
#define MBEDTLS_HAVE_TIME
#define MBEDTLS_HAVE_TIME_DATE
#define MBEDTLS_TIMING_C
#define MBEDTLS_TIMING_ALT

// RNG Support
#define MBEDTLS_NO_PLATFORM_ENTROPY
#define MBEDTLS_ENTROPY_C
#define MBEDTLS_CTR_DRBG_C
#define MBEDTLS_HMAC_DRBG_C
#define MBEDTLS_ENTROPY_HARDWARE_ALT
#define MBEDTLS_ENTROPY_FORCE_SHA256
#define MBEDTLS_ENTROPY_MAX_SOURCES 2

/* mbed TLS feature support */
#define MBEDTLS_SSL_PROTO_TLS1_2
#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
#define MBEDTLS_CIPHER_MODE_CBC
#define MBEDTLS_CIPHER_MODE_CFB
#define MBEDTLS_CIPHER_MODE_CTR
#define MBEDTLS_SHA1_C
#define MBEDTLS_RSA_C
#define MBEDTLS_PKCS1_V21
#define MBEDTLS_PKCS1_V15
#define MBEDTLS_BIGNUM_C
#define MBEDTLS_AES_C
#define MBEDTLS_CCM_C
#define MBEDTLS_GCM_C
#define MBEDTLS_DES_C
#define MBEDTLS_SHA256_C
#define MBEDTLS_MD_C
#define MBEDTLS_CIPHER_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
#define MBEDTLS_OID_C
#define MBEDTLS_PK_PARSE_C
#define MBEDTLS_PK_C
#define MBEDTLS_X509_CRT_PARSE_C
#define MBEDTLS_X509_USE_C
#define MBEDTLS_X509_CREATE_C
#define MBEDTLS_X509_CRT_WRITE_C
#define MBEDTLS_PEM_PARSE_C
#define MBEDTLS_BASE64_C
#define MBEDTLS_ECDSA_DETERMINISTIC
#define MBEDTLS_SSL_SERVER_NAME_INDICATION
#define MBEDTLS_PK_WRITE_C

/* Save RAM at the expense of ROM */
#define MBEDTLS_AES_ROM_TABLES
#define MBEDTLS_SSL_MAX_CONTENT_LEN 2048

/* Save RAM by adjusting to our exact needs */
#define MBEDTLS_ECP_MAX_BITS 384 /**< Maximum bit size of groups */
#define MBEDTLS_MPI_MAX_SIZE 2048 // 384 bits is 48 bytes
#define MBEDTLS_MPI_WINDOW_SIZE 2

///* Save RAM at the expense of speed, see ecp.h */
#define MBEDTLS_ECP_WINDOW_SIZE 2 /< Maximum window size used */
#define MBEDTLS_ECP_FIXED_POINT_OPTIM 0 /< Enable fixed-point speed-up */

/* Significant speed benefit at the expense of some ROM */
#define MBEDTLS_ECP_NIST_OPTIM
#define MBEDTLS_SSL_ENCRYPT_THEN_MAC

/* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */
#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256

2

I am not an expert on this matter but I had seen error 0x7200 when my circular TCP receive buffer was overrun. What I did to fix the issue was to check how many free bytes were available in my circular buffer before calling my TCP recv() function, and limited the size of the buffer given to the recv() call to the available circular buffer size. At the TCP layer, it should send window size 0 telling the sending peer to slow down.

3

thanks to your reply,i will try it to set MBEDTLS_MPI_WINDOW_SIZE 0

4

Hi @ethan4731
Without looking at the logs, I would guess that the value of MBEDTLS_SSL_MAX_CONTENT_LEN is too low, considering you ar eusing an RSA based cipher suite. As mentioned here:

If you
 * change the value here, other clients / servers may not be able to
 * communicate with you anymore. Only change this value if you control
 * both sides of the connection and have it reduced at both sides

I believe the certificate message that the server is sending your client is larger than 2048 bytes, since RSA signed certificates are big. I suggest you change to an ECP based ciphersuite.
In addition, is there a reason why your chosen ciphersuite uses RSA Key Exchange? This is not recomended, for security reason. I suggest you change to one of the Diffie-Helmann based key exchanges (DH\DHE\ECDH\ECDHE)
Looking at your configuration, I see the following lines:

/* Save RAM by adjusting to our exact needs */
#define MBEDTLS_ECP_MAX_BITS 384 /**< Maximum bit size of groups */
#define MBEDTLS_MPI_MAX_SIZE 2048 // 384 bits is 48 bytes

If you want to save RAM, why are you setting your MBEDTLS_MPI_MAX_SIZE to 2KB? This fits a 16kbits RSA key size, but I believe the RSA key size is at most, 4096 bits. For this, you can set this definition to 512.
However, the comment mentions also “384 bits is 48 bytes”, which makes me believe that you want to use a 384 bit curve, but this doesn’t explain the ciphersuite.

In short, I think there is some confusion in your configuration, however my strongest guess for your error is the short content len you defined, as mentioned in the first sentence.

have you considered defining MBEDTLS_SSL_IN_CONTENT_LEN and MBEDTLS_SSL_OUT_CONTENT_LEN instead of MBEDTLS_SSL_MAX_CONTENT_LEN? This way, since you control the out message, you can set different values for inbound and outbound message buffers, saving some additional RAM.
Regards,
Mbed TLS Team member
Ron

5

thank you, i will try it as your said,

7

My log is:
…\mbedtls\library\ssl_tls.c:6740: <= handshake
ok
. Verifying server certificate… ok
done
…\mbedtls\library\ssl_tls.c:7334: => write
…\mbedtls\library\ssl_tls.c:2774: => write record
…\mbedtls\library\ssl_tls.c:1291: => encrypt buf
…\mbedtls\library\ssl_tls.c:1301: dumping ‘before encrypt: output payload’ (15 bytes)
…\mbedtls\library\ssl_tls.c:1301: 0000: 00 0d ef 01 0a 01 00 84 f3 eb 17 ec d2 00 41 …A
…\mbedtls\library\ssl_tls.c:1419: dumping ‘additional data used for AEAD’ (13 bytes)
…\mbedtls\library\ssl_tls.c:1419: 0000: 00 00 00 00 00 00 00 01 17 03 03 00 0f …
…\mbedtls\library\ssl_tls.c:1436: dumping ‘IV used’ (8 bytes)
…\mbedtls\library\ssl_tls.c:1436: 0000: 00 00 00 00 00 00 00 01 …
…\mbedtls\library\ssl_tls.c:1447: before encrypt: msglen = 23, including 0 bytes of padding
…\mbedtls\library\ssl_tls.c:1475: dumping ‘after encrypt: tag’ (16 bytes)
…\mbedtls\library\ssl_tls.c:1475: 0000: ed 18 2d 09 43 78 ed b5 5b b9 d7 4b e6 0f 3a 89 …-.Cx…[…K…:.
…\mbedtls\library\ssl_tls.c:1609: <= encrypt buf
…\mbedtls\library\ssl_tls.c:2917: output record: msgtype = 23, version = [3:3], msglen = 39
…\mbedtls\library\ssl_tls.c:2922: dumping ‘output record sent to network’ (44 bytes)
…\mbedtls\library\ssl_tls.c:2922: 0000: 17 03 03 00 27 00 00 00 00 00 00 00 01 27 d3 07 …‘…’…
…\mbedtls\library\ssl_tls.c:2922: 0010: ae ba 52 d4 3f ae 8c a4 ed d3 c3 ad ed 18 2d 09 …R.?..-.
…\mbedtls\library\ssl_tls.c:2922: 0020: 43 78 ed b5 5b b9 d7 4b e6 0f 3a 89 Cx…[…K…:.
…\mbedtls\library\ssl_tls.c:2482: => flush output
…\mbedtls\library\ssl_tls.c:2500: message length: 44, out_left: 44
…\mbedtls\library\ssl_tls.c:2507: ssl->f_send() returned 44 (-0xffffffd4)
…\mbedtls\library\ssl_tls.c:2533: <= flush output
…\mbedtls\library\ssl_tls.c:2932: <= write record
…\mbedtls\library\ssl_tls.c:7362: <= write
ADC2 Reading : 1470
Power Voltage : 3343
…\mbedtls\library\ssl_tls.c:7334: => write
…\mbedtls\library\ssl_tls.c:2774: => write record
…\mbedtls\library\ssl_tls.c:1291: => encrypt buf
…\mbedtls\library\ssl_tls.c:1301: dumping ‘before encrypt: output payload’ (33 bytes)
…\mbedtls\library\ssl_tls.c:1301: 0000: 00 1f ef 01 01 00 00 01 04 d2 46 01 00 53 c8 b7 …F…S…
…\mbedtls\library\ssl_tls.c:1301: 0010: 59 84 f3 eb 17 ec d2 00 01 00 01 01 03 00 01 07 Y…
…\mbedtls\library\ssl_tls.c:1301: 0020: 87 .
…\mbedtls\library\ssl_tls.c:1419: dumping ‘additional data used for AEAD’ (13 bytes)
…\mbedtls\library\ssl_tls.c:1419: 0000: 00 00 00 00 00 00 00 02 17 03 03 00 21 …!
…\mbedtls\library\ssl_tls.c:1436: dumping ‘IV used’ (8 bytes)
…\mbedtls\library\ssl_tls.c:1436: 0000: 00 00 00 00 00 00 00 02 …
…\mbedtls\library\ssl_tls.c:1447: before encrypt: msglen = 41, including 0 bytes of padding
…\mbedtls\library\ssl_tls.c:1475: dumping ‘after encrypt: tag’ (16 bytes)
…\mbedtls\library\ssl_tls.c:1475: 0000: 62 51 40 be 2e f0 3b 7a 39 ce d7 6d 14 d3 44 da bQ@…;z9…m…D.
…\mbedtls\library\ssl_tls.c:1609: <= encrypt buf
…\mbedtls\library\ssl_tls.c:2917: output record: msgtype = 23, version = [3:3], msglen = 57
…\mbedtls\library\ssl_tls.c:2922: dumping ‘output record sent to network’ (62 bytes)
…\mbedtls\library\ssl_tls.c:2922: 0000: 17 03 03 00 39 00 00 00 00 00 00 00 02 1c be 8b …9…
…\mbedtls\library\ssl_tls.c:2922: 0010: f0 82 58 65 8f 5f b9 cd 9b 8b e8 b0 3f 28 a3 89 …Xe._…?(…
…\mbedtls\library\ssl_tls.c:2922: 0020: 9e 28 f8 ef d0 3c 04 8a 4a a6 51 fb 04 59 62 51 .(…<…J.Q…YbQ
…\mbedtls\library\ssl_tls.c:2922: 0030: 40 be 2e f0 3b 7a 39 ce d7 6d 14 d3 44 da @…;z9…m…D.
…\mbedtls\library\ssl_tls.c:2482: => flush output
…\mbedtls\library\ssl_tls.c:2500: message length: 62, out_left: 62
…\mbedtls\library\ssl_tls.c:2507: ssl->f_send() returned 62 (-0xffffffc2)
…\mbedtls\library\ssl_tls.c:2533: <= flush output
…\mbedtls\library\ssl_tls.c:2932: <= write record
…\mbedtls\library\ssl_tls.c:7362: <= write
…\mbedtls\library\ssl_tls.c:7334: => write
…\mbedtls\library\ssl_tls.c:2774: => write record
…\mbedtls\library\ssl_tls.c:1291: => encrypt buf
…\mbedtls\library\ssl_tls.c:1301: dumping ‘before encrypt: output payload’ (10 bytes)
…\mbedtls\library\ssl_tls.c:1301: 0000: 00 08 ef 01 0a 01 f5 00 01 00 …
…\mbedtls\library\ssl_tls.c:1419: dumping ‘additional data used for AEAD’ (13 bytes)
…\mbedtls\library\ssl_tls.c:1419: 0000: 00 00 00 00 00 00 00 03 17 03 03 00 0a …
…\mbedtls\library\ssl_tls.c:1436: dumping ‘IV used’ (8 bytes)
…\mbedtls\library\ssl_tls.c:1436: 0000: 00 00 00 00 00 00 00 03 …
…\mbedtls\library\ssl_tls.c:1447: before encrypt: msglen = 18, including 0 bytes of padding
…\mbedtls\library\ssl_tls.c:1475: dumping ‘after encrypt: tag’ (16 bytes)
…\mbedtls\library\ssl_tls.c:1475: 0000: 31 fe 52 bb 54 54 15 b6 e5 99 e9 3c ca 2a d0 be 1.R.TT…<.
…\mbedtls\library\ssl_tls.c:1609: <= encrypt buf
…\mbedtls\library\ssl_tls.c:2917: output record: msgtype = 23, version = [3:3], msglen = 34
…\mbedtls\library\ssl_tls.c:2922: dumping ‘output record sent to network’ (39 bytes)
…\mbedtls\library\ssl_tls.c:2922: 0000: 17 03 03 00 22 00 00 00 00 00 00 00 03 fa 7b eb …"…{.
…\mbedtls\library\ssl_tls.c:2922: 0010: 04 b9 96 3c a3 db e7 31 fe 52 bb 54 54 15 b6 e5 …<…1.R.TT…
…\mbedtls\library\ssl_tls.c:2922: 0020: 99 e9 3c ca 2a d0 be …<.
…\mbedtls\library\ssl_tls.c:2482: => flush output
…\mbedtls\library\ssl_tls.c:2500: message length: 39, out_left: 39
…\mbedtls\library\ssl_tls.c:2507: ssl->f_send() returned 39 (-0xffffffd9)
…\mbedtls\library\ssl_tls.c:2533: <= flush output
…\mbedtls\library\ssl_tls.c:2932: <= write record
…\mbedtls\library\ssl_tls.c:7362: <= write
…\mbedtls\library\ssl_tls.c:6916: => read
…\mbedtls\library\ssl_tls.c:3823: => read record
…\mbedtls\library\ssl_tls.c:2254: => fetch input
…\mbedtls\library\ssl_tls.c:2415: in_left: 0, nb_want: 2108
…\mbedtls\library\ssl_tls.c:2443: in_left: 0, nb_want: 79
…\mbedtls\library\ssl_tls.c:2445: ssl->f_recv(_timeout)() returned 79 (-0xffffffb1)
…\mbedtls\library\ssl_tls.c:2469: <= fetch input
…\mbedtls\library\ssl_tls.c:3564: dumping ‘input record header’ (5 bytes)
…\mbedtls\library\ssl_tls.c:3564: 0000: 17 03 03 00 25 …%
…\mbedtls\library\ssl_tls.c:3572: input record: msgtype = 23, version = [3:3], msglen = 37
…\mbedtls\library\ssl_tls.c:3751: dumping ‘input record from network’ (42 bytes)
…\mbedtls\library\ssl_tls.c:3751: 0000: 17 03 03 00 25 40 c0 68 60 ed 1a 53 b1 a7 b8 62 …%@.h`…S…b
…\mbedtls\library\ssl_tls.c:3751: 0010: ca 35 01 17 fc 06 e1 af c9 f7 06 75 a8 69 2e 45 .5…u.i.E
…\mbedtls\library\ssl_tls.c:3751: 0020: cc 3c b7 0b 1f 2a ab 3f 70 7f .<….?p.
…\mbedtls\library\ssl_tls.c:1623: => decrypt buf
…\mbedtls\library\ssl_tls.c:1700: dumping ‘additional data used for AEAD’ (13 bytes)
…\mbedtls\library\ssl_tls.c:1700: 0000: 00 00 00 00 00 00 00 01 17 03 03 00 0d …
…\mbedtls\library\ssl_tls.c:1707: dumping ‘IV used’ (12 bytes)
…\mbedtls\library\ssl_tls.c:1707: 0000: 17 58 b4 99 40 c0 68 60 ed 1a 53 b1 .X…@.h`…S.
…\mbedtls\library\ssl_tls.c:1709: dumping ‘TAG used’ (16 bytes)
…\mbedtls\library\ssl_tls.c:1709: 0000: 06 75 a8 69 2e 45 cc 3c b7 0b 1f 2a ab 3f 70 7f .u.i.E.<….?p.
…\mbedtls\library\ssl_tls.c:1956: dumping ‘raw buffer after decryption’ (13 bytes)
…\mbedtls\library\ssl_tls.c:1956: 0000: ef 01 15 14 13 04 12 0a 38 33 04 00 cb …83…
…\mbedtls\library\ssl_tls.c:2094: <= decrypt buf
…\mbedtls\library\ssl_tls.c:3778: dumping ‘input payload after decrypt’ (13 bytes)
…\mbedtls\library\ssl_tls.c:3778: 0000: ef 01 15 14 13 04 12 0a 38 33 04 00 cb …83…
…\mbedtls\library\ssl_tls.c:3860: <= read record
…\mbedtls\library\ssl_tls.c:7232: <= read
…\mbedtls\library\ssl_tls.c:7334: => write
…\mbedtls\library\ssl_tls.c:2774: => write record
…\mbedtls\library\ssl_tls.c:1291: => encrypt buf
…\mbedtls\library\ssl_tls.c:1301: dumping ‘before encrypt: output payload’ (10 bytes)
…\mbedtls\library\ssl_tls.c:1301: 0000: 00 08 ef 01 0a 01 15 00 00 20 …
…\mbedtls\library\ssl_tls.c:1419: dumping ‘additional data used for AEAD’ (13 bytes)
…\mbedtls\library\ssl_tls.c:1419: 0000: 00 00 00 00 00 00 00 04 17 03 03 00 0a …
…\mbedtls\library\ssl_tls.c:1436: dumping ‘IV used’ (8 bytes)
…\mbedtls\library\ssl_tls.c:1436: 0000: 00 00 00 00 00 00 00 04 …
…\mbedtls\library\ssl_tls.c:1447: before encrypt: msglen = 18, including 0 bytes of padding
…\mbedtls\library\ssl_tls.c:1475: dumping ‘after encrypt: tag’ (16 bytes)
…\mbedtls\library\ssl_tls.c:1475: 0000: ba 53 d7 be 16 ee fb 32 e4 12 c2 19 2e c2 82 5a .S…2…Z
…\mbedtls\library\ssl_tls.c:1609: <= encrypt buf
…\mbedtls\library\ssl_tls.c:2917: output record: msgtype = 23, version = [3:3], msglen = 34
…\mbedtls\library\ssl_tls.c:2922: dumping ‘output record sent to network’ (39 bytes)
…\mbedtls\library\ssl_tls.c:2922: 0000: 17 03 03 00 22 00 00 00 00 00 00 00 04 9a f9 9a …“…
…\mbedtls\library\ssl_tls.c:2922: 0010: ee 9c 86 2d 90 97 e7 ba 53 d7 be 16 ee fb 32 e4 …-…S…2.
…\mbedtls\library\ssl_tls.c:2922: 0020: 12 c2 19 2e c2 82 5a …Z
…\mbedtls\library\ssl_tls.c:2482: => flush output
…\mbedtls\library\ssl_tls.c:2500: message length: 39, out_left: 39
…\mbedtls\library\ssl_tls.c:2507: ssl->f_send() returned 39 (-0xffffffd9)
…\mbedtls\library\ssl_tls.c:2533: <= flush output
…\mbedtls\library\ssl_tls.c:2932: <= write record
…\mbedtls\library\ssl_tls.c:7362: <= write
…\mbedtls\library\ssl_tls.c:7334: => write
…\mbedtls\library\ssl_tls.c:2774: => write record
…\mbedtls\library\ssl_tls.c:1291: => encrypt buf
…\mbedtls\library\ssl_tls.c:1301: dumping ‘before encrypt: output payload’ (10 bytes)
…\mbedtls\library\ssl_tls.c:1301: 0000: 00 08 ef 01 0a 01 f5 00 01 00 …
…\mbedtls\library\ssl_tls.c:1419: dumping ‘additional data used for AEAD’ (13 bytes)
…\mbedtls\library\ssl_tls.c:1419: 0000: 00 00 00 00 00 00 00 05 17 03 03 00 0a …
…\mbedtls\library\ssl_tls.c:1436: dumping ‘IV used’ (8 bytes)
…\mbedtls\library\ssl_tls.c:1436: 0000: 00 00 00 00 00 00 00 05 …
…\mbedtls\library\ssl_tls.c:1447: before encrypt: msglen = 18, including 0 bytes of padding
…\mbedtls\library\ssl_tls.c:1475: dumping ‘after encrypt: tag’ (16 bytes)
…\mbedtls\library\ssl_tls.c:1475: 0000: 01 2c 0f ab 39 e8 19 22 b9 27 f5 8b 16 a9 cf b1 .,…9…”.'…
…\mbedtls\library\ssl_tls.c:1609: <= encrypt buf
…\mbedtls\library\ssl_tls.c:2917: output record: msgtype = 23, version = [3:3], msglen = 34
…\mbedtls\library\ssl_tls.c:2922: dumping ‘output record sent to network’ (39 bytes)
…\mbedtls\library\ssl_tls.c:2922: 0000: 17 03 03 00 22 00 00 00 00 00 00 00 05 58 19 b5 …“…X…
…\mbedtls\library\ssl_tls.c:2922: 0010: b6 c8 e3 1b 8d 0d b3 01 2c 0f ab 39 e8 19 22 b9 …,…9…”.
…\mbedtls\library\ssl_tls.c:2922: 0020: 27 f5 8b 16 a9 cf b1 '…
…\mbedtls\library\ssl_tls.c:2482: => flush output
…\mbedtls\library\ssl_tls.c:2500: message length: 39, out_left: 39
…\mbedtls\library\ssl_tls.c:2507: ssl->f_send() returned 39 (-0xffffffd9)
…\mbedtls\library\ssl_tls.c:2533: <= flush output
…\mbedtls\library\ssl_tls.c:2932: <= write record
…\mbedtls\library\ssl_tls.c:7362: <= write
ADC2 Reading : 1471
Power Voltage : 3341
…\mbedtls\library\ssl_tls.c:7334: => write
…\mbedtls\library\ssl_tls.c:2774: => write record
…\mbedtls\library\ssl_tls.c:1291: => encrypt buf
…\mbedtls\library\ssl_tls.c:1301: dumping ‘before encrypt: output payload’ (33 bytes)
…\mbedtls\library\ssl_tls.c:1301: 0000: 00 1f ef 01 01 00 00 01 04 d2 46 01 00 5c c8 b7 …F…..
…\mbedtls\library\ssl_tls.c:1301: 0010: 59 84 f3 eb 17 ec d2 00 01 00 01 01 03 00 01 07 Y…
…\mbedtls\library\ssl_tls.c:1301: 0020: 90 .
…\mbedtls\library\ssl_tls.c:1419: dumping ‘additional data used for AEAD’ (13 bytes)
…\mbedtls\library\ssl_tls.c:1419: 0000: 00 00 00 00 00 00 00 06 17 03 03 00 21 …!
…\mbedtls\library\ssl_tls.c:1436: dumping ‘IV used’ (8 bytes)
…\mbedtls\library\ssl_tls.c:1436: 0000: 00 00 00 00 00 00 00 06 …
…\mbedtls\library\ssl_tls.c:1447: before encrypt: msglen = 41, including 0 bytes of padding
…\mbedtls\library\ssl_tls.c:1475: dumping ‘after encrypt: tag’ (16 bytes)
…\mbedtls\library\ssl_tls.c:1475: 0000: b1 f3 a9 98 7b 02 29 98 c4 d4 ae 8e 9a ea 5b 2a …{.)…[*
…\mbedtls\library\ssl_tls.c:1609: <= encrypt buf
…\mbedtls\library\ssl_tls.c:2917: output record: msgtype = 23, version = [3:3], msglen = 57
…\mbedtls\library\ssl_tls.c:2922: dumping ‘output record sent to network’ (62 bytes)
…\mbedtls\library\ssl_tls.c:2922: 0000: 17 03 03 00 39 00 00 00 00 00 00 00 06 74 28 60 …9…t(`
…\mbedtls\library\ssl_tls.c:2922: 0010: b0 1a a8 9e 4d 58 bc c6 95 3c 15 72 3a 0a 61 24 …MX…<.r:.a$
…\mbedtls\library\ssl_tls.c:2922: 0020: 31 70 c5 03 54 d1 8b f5 44 ef f9 1e da 8e b1 f3 1p…T…D…
…\mbedtls\library\ssl_tls.c:2922: 0030: a9 98 7b 02 29 98 c4 d4 ae 8e 9a ea 5b 2a …{.)…[*
…\mbedtls\library\ssl_tls.c:2482: => flush output
…\mbedtls\library\ssl_tls.c:2500: message length: 62, out_left: 62
…\mbedtls\library\ssl_tls.c:2507: ssl->f_send() returned 62 (-0xffffffc2)
…\mbedtls\library\ssl_tls.c:2533: <= flush output
…\mbedtls\library\ssl_tls.c:2932: <= write record
…\mbedtls\library\ssl_tls.c:7362: <= write
…\mbedtls\library\ssl_tls.c:6916: => read
…\mbedtls\library\ssl_tls.c:3823: => read record
…\mbedtls\library\ssl_tls.c:2254: => fetch input
…\mbedtls\library\ssl_tls.c:2415: in_left: 0, nb_want: 2108
…\mbedtls\library\ssl_tls.c:2443: in_left: 0, nb_want: 37
…\mbedtls\library\ssl_tls.c:2445: ssl->f_recv(_timeout)() returned 37 (-0xffffffdb)
…\mbedtls\library\ssl_tls.c:2469: <= fetch input
…\mbedtls\library\ssl_tls.c:3564: dumping ‘input record header’ (5 bytes)
…\mbedtls\library\ssl_tls.c:3564: 0000: 17 03 03 00 20 …
…\mbedtls\library\ssl_tls.c:3572: input record: msgtype = 23, version = [3:3], msglen = 32
…\mbedtls\library\ssl_tls.c:3751: dumping ‘input record from network’ (37 bytes)
…\mbedtls\library\ssl_tls.c:3751: 0000: 17 03 03 00 20 40 c0 68 60 ed 1a 53 b3 70 f9 e2 … @.h`…S.p…
…\mbedtls\library\ssl_tls.c:3751: 0010: 41 2b 4f 57 d3 62 03 4f 6a a0 79 4b 1d 09 bf 19 A+OW.b.Oj.yK…
…\mbedtls\library\ssl_tls.c:3751: 0020: 7f ae 77 4c 22 …wL"
…\mbedtls\library\ssl_tls.c:1623: => decrypt buf
…\mbedtls\library\ssl_tls.c:1700: dumping ‘additional data used for AEAD’ (13 bytes)
…\mbedtls\library\ssl_tls.c:1700: 0000: 00 00 00 00 00 00 00 02 17 03 03 00 08 …
…\mbedtls\library\ssl_tls.c:1707: dumping ‘IV used’ (12 bytes)
…\mbedtls\library\ssl_tls.c:1707: 0000: 17 58 b4 99 40 c0 68 60 ed 1a 53 b3 .X…@.h`…S.
…\mbedtls\library\ssl_tls.c:1709: dumping ‘TAG used’ (16 bytes)
…\mbedtls\library\ssl_tls.c:1709: 0000: 62 03 4f 6a a0 79 4b 1d 09 bf 19 7f ae 77 4c 22 b.Oj.yK…wL"
…\mbedtls\library\ssl_tls.c:1722: mbedtls_cipher_auth_decrypt() returned -25344 (-0x6300)
…\mbedtls\library\ssl_tls.c:3774: ssl_decrypt_buf() returned -29056 (-0x7180)
…\mbedtls\library\ssl_tls.c:3834: mbedtls_ssl_read_record_layer() returned -29056 (-0x7180)
…\mbedtls\library\ssl_tls.c:7009: mbedtls_ssl_read_record() returned -29056 (-0x7180)
ssl close

My ciphersuit is MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

8

If i use the MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, the log is :
…\mbedtls\library\ssl_tls.c:2443: in_left: 0, nb_want: 53
…\mbedtls\library\ssl_tls.c:2445: ssl->f_recv(_timeout)() returned 53 (-0xffffffcb)
…\mbedtls\library\ssl_tls.c:2469: <= fetch input
…\mbedtls\library\ssl_tls.c:3564: dumping ‘input record header’ (5 bytes)
…\mbedtls\library\ssl_tls.c:3564: 0000: 17 03 03 00 30 …0
…\mbedtls\library\ssl_tls.c:3572: input record: msgtype = 23, version = [3:3], msglen = 48
…\mbedtls\library\ssl_tls.c:3751: dumping ‘input record from network’ (53 bytes)
…\mbedtls\library\ssl_tls.c:3751: 0000: 17 03 03 00 30 ff 83 3c 40 df 9b b4 74 56 41 93 …0…<@…tVA.
…\mbedtls\library\ssl_tls.c:3751: 0010: 83 0f 33 0f 3e 83 d5 88 97 63 ac 9c c4 81 ee 58 …3.>…c…X
…\mbedtls\library\ssl_tls.c:3751: 0020: 02 e9 1e ec dc 8c 08 b2 6a 66 6b 30 b8 c8 f7 e1 …jfk0…
…\mbedtls\library\ssl_tls.c:3751: 0030: ee a1 12 fb 72 …r
…\mbedtls\library\ssl_tls.c:1623: => decrypt buf
…\mbedtls\library\ssl_tls.c:1956: dumping ‘raw buffer after decryption’ (28 bytes)
…\mbedtls\library\ssl_tls.c:1956: 0000: ef 01 f5 00 00 00 00 f5 c3 00 b0 84 dd 73 e3 18 …s…
…\mbedtls\library\ssl_tls.c:1956: 0010: 8a fd 95 9b 54 95 d9 27 69 c2 15 f3 …T…'i…
…\mbedtls\library\ssl_tls.c:2027: dumping ‘expected mac’ (20 bytes)
…\mbedtls\library\ssl_tls.c:2027: 0000: d2 fc 81 8f 68 49 e4 f3 67 84 e0 c4 89 da 99 ce …hI…g…
…\mbedtls\library\ssl_tls.c:2027: 0010: d4 d9 86 c3 …
…\mbedtls\library\ssl_tls.c:2028: dumping ‘message mac’ (20 bytes)
…\mbedtls\library\ssl_tls.c:2028: 0000: c3 00 b0 84 dd 73 e3 18 8a fd 95 9b 54 95 d9 27 …s…T…’
…\mbedtls\library\ssl_tls.c:2028: 0010: 69 c2 15 f3 i…
…\mbedtls\library\ssl_tls.c:3774: ssl_decrypt_buf() returned -29056 (-0x7180)
…\mbedtls\library\ssl_tls.c:3834: mbedtls_ssl_read_record_layer() returned -29056 (-0x7180)
…\mbedtls\library\ssl_tls.c:7009: mbedtls_ssl_read_record() returned -29056 (-0x7180)
myssl.c:534: ssl close

the message mac is different

9

Hi @ethan4731
Thank you for your logs, however they don’t help much. They only show the error that happened on your client.
In order to identify the root cause, you will need to compare the IV, key material used on both peers. In addition, you will need to check the certificate verification result, and key exchange result ( did you set the authmode to optional?)

I suggest you look at the following posts, they might shed some light:

In addition, in case the certificate verification failed, if you set your authmode to optional, then it could lead to undefined behavior later in the process.
Regards,
Ron

10

Hi @ethan4731,

Were you able to resolve the issue? I seem to have the same issue here.
Handshake is successful with CCM. But decryption fails.

Best regards,
Navin