Mbed forum

TLS handshake mac problem


(Tomasz Wilczak) #1

Hi
I try use mbedTLS first time (my expierience with this is NULL), I compile and check(firefox clinet) SSL_Server on Linux, and is OK.
Now I use the same option (config file is the same as SSL_SERVER) in my STM32F107 project with LWIP stack and is problem.
Handshake is start, my serwer send certyficate and I has handshahe fail, expected mac is difirent that masega mac. What is wrong?

debug info:

ssl_tls.c(3738) l=4 dumping ‘input record from network’ (69 bytes)
ssl_tls.c(3738) l=4 0000: 16 03 03 00 40 41 80 81 fc 2d c7 9c f6 b9 4f 32 …@A…-…O2
ssl_tls.c(3738) l=4 0010: d8 4d 14 ed 2a 2c f4 ed 5e 56 ed 8b 09 02 62 a8 .M…*,…^V…b.
ssl_tls.c(3738) l=4 0020: 5c 1f 0a 81 59 74 ea 34 e3 1d fb 46 be aa 37 68 …Yt.4…F…7h
ssl_tls.c(3738) l=4 0030: 81 57 3a 9a d3 0e 0e 29 99 bf 57 2b 5a dc 9c c9 .W:…)…W+Z…
ssl_tls.c(3738) l=4 0040: 9c d2 df 39 c3 …9.
ssl_tls.c(1619) l=2 => decrypt buf
ssl_tls.c(1955) l=4 dumping ‘raw buffer after decryption’ (48 bytes)
ssl_tls.c(1955) l=4 0000: aa 9e 60 d3 bf 96 3a 91 7a 2e 12 10 ec 75 a1 09 …`…:.z…u…
ssl_tls.c(1955) l=4 0010: 95 a0 70 44 7a a0 cd c3 8d 09 bb 87 da e2 25 12 …pDz…%.
ssl_tls.c(1955) l=4 0020: 7e a9 76 41 1e 67 7b ec 33 c6 f3 9c 5d 22 f1 6a ~.vA.g{.3…]".j
ssl_tls.c(2025) l=3 dumping ‘expected mac’ (20 bytes)
ssl_tls.c(2025) l=3 0000: 43 c3 8d 1b 30 9d 28 71 17 35 fe 8a c8 8a 58 8e C…0.(q.5…X.
ssl_tls.c(2025) l=3 0010: 62 fe 50 ff b.P.
ssl_tls.c(2027) l=3 dumping ‘message mac’ (20 bytes)
ssl_tls.c(2027) l=3 0000: da e2 25 12 7e a9 76 41 1e 67 7b ec 33 c6 f3 9c …%.~.vA.g{.3…
ssl_tls.c(2027) l=3 0010: 5d 22 f1 6a ]".j
ssl_tls.c(3760) l=1 ssl_decrypt_buf() returned -29056 (-0x7180)
ssl_tls.c(3820) l=1 mbedtls_ssl_read_record_layer() returned -29056 (-0x7180)
ssl_tls.c(5421) l=1 mbedtls_ssl_read_record() returned -29056 (-0x7180)
ssl_tls.c(6764) l=2 <= handshake
mbedtls_ssl_handshake failed: -29056
ssl_tls.c(7542) l=2 => free
ssl_tls.c(7607) l=2 <= free

config file

#ifndef MBEDTLS_CONFIG_H
#define MBEDTLS_CONFIG_H

#define MBEDTLS_DEBUG_C

#define MBEDTLS_NO_PLATFORM_ENTROPY

/* mbed TLS feature support */
#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
#define MBEDTLS_SSL_PROTO_TLS1_2

/* mbed TLS modules */
#define MBEDTLS_AES_C
#define MBEDTLS_CIPHER_MODE_CBC
#define MBEDTLS_CIPHER_C
#define MBEDTLS_CTR_DRBG_C
#define MBEDTLS_ENTROPY_C
#define MBEDTLS_MD_C

#define MBEDTLS_SHA1_C
#define MBEDTLS_SHA256_C
#define MBEDTLS_SSL_SRV_C
#define MBEDTLS_SSL_TLS_C

#define MBEDTLS_CERTS_C
#define MBEDTLS_PEM_PARSE_C
#define MBEDTLS_BASE64_C
#define MBEDTLS_X509_CRT_PARSE_C
#define MBEDTLS_X509_USE_C
#define MBEDTLS_BIGNUM_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_PK_PARSE_C
#define MBEDTLS_PK_C
#define MBEDTLS_RSA_C
#define MBEDTLS_PKCS1_V15
#define MBEDTLS_OID_C

//#define
//#define
//#define
/* Save RAM at the expense of ROM */
#define MBEDTLS_AES_ROM_TABLES

#define MBEDTLS_ENTROPY_MAX_SOURCES 2

/*

  • Use only CCM_8 ciphersuites, and
  • save ROM and a few bytes of RAM by specifying our own ciphersuite list
    */
    #define MBEDTLS_SSL_CIPHERSUITES
    MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8,
    MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8,
    MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA,
    MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA

/*

  • Save RAM at the expense of interoperability: do this only if you controltype
  • both ends of the connection! (See comments in “mbedtls/ssl.h”.)
  • The optimal size here depends on the typical size of records.
    */
    #define MBEDTLS_SSL_MAX_CONTENT_LEN 3072

#include “mbedtls/check_config.h”

#endif /* MBEDTLS_CONFIG_H */


(Tomasz Wilczak) #2

I check my device with ssl_client1 from example and noticed that “premaster secret” is different in client and server also “master secret” are different, but why? They should be the same.


(Ron Eldor) #3

Hi @wilkxt
Thank you for your interest in Mbed TLS!
If you are new to Mbed TLS, I would suggest you read the [ Mbed TLStutorial] (https://tls.mbed.org/kb/how-to/mbedtls-tutorial). There are other articles that may interest you as well.
Your issue sounds similar to the issue posted here. Could this be same issue? Have you implemented your server as referenced in our sample application? Please check that you are starting with a clean session.
Regards,
Mbed TLS Team member
Ron


(Tomasz Wilczak) #4

Hi
Thanks for info
I have mbedtls_ssl_session_reset(&state->ssl_context);
after
/* tell mbedtls about our I/O functions */
mbedtls_ssl_set_bio(&state->ssl_context, conn, altcp_mbedtls_bio_send, altcp_mbedtls_bio_recv, NULL);

I use LWIP ALTCP_TLS_MBEDTLS to port my aplication.

I attache may session debug, someone can help?

https://drive.google.com/open?id=1L6Pt5L0X250dMqz2UPp_UTIk0dPOEm6L ssl_server
https://drive.google.com/open?id=1v3AobDOnsUgiCo9tZCFA9zbJOETj_HKP ssl cient


(Tomasz Wilczak) #5

The problem was solved.
This was caused by too little free memory on the heap. I had about 7KB free, now I increased to 15KB and it’s ok.


(Ron Eldor) #6

@wilkxtI am glad you managed to resolve this issue!