Hi
I try use mbedTLS first time (my expierience with this is NULL), I compile and check(firefox clinet) SSL_Server on Linux, and is OK.
Now I use the same option (config file is the same as SSL_SERVER) in my STM32F107 project with LWIP stack and is problem.
Handshake is start, my serwer send certyficate and I has handshahe fail, expected mac is difirent that masega mac. What is wrong?
debug info:
ssl_tls.c(3738) l=4 dumping ‘input record from network’ (69 bytes)
ssl_tls.c(3738) l=4 0000: 16 03 03 00 40 41 80 81 fc 2d c7 9c f6 b9 4f 32 …@A…-…O2
ssl_tls.c(3738) l=4 0010: d8 4d 14 ed 2a 2c f4 ed 5e 56 ed 8b 09 02 62 a8 .M…*,…^V…b.
ssl_tls.c(3738) l=4 0020: 5c 1f 0a 81 59 74 ea 34 e3 1d fb 46 be aa 37 68 .…Yt.4…F…7h
ssl_tls.c(3738) l=4 0030: 81 57 3a 9a d3 0e 0e 29 99 bf 57 2b 5a dc 9c c9 .W:…)…W+Z…
ssl_tls.c(3738) l=4 0040: 9c d2 df 39 c3 …9.
ssl_tls.c(1619) l=2 => decrypt buf
ssl_tls.c(1955) l=4 dumping ‘raw buffer after decryption’ (48 bytes)
ssl_tls.c(1955) l=4 0000: aa 9e 60 d3 bf 96 3a 91 7a 2e 12 10 ec 75 a1 09 …`…:.z…u…
ssl_tls.c(1955) l=4 0010: 95 a0 70 44 7a a0 cd c3 8d 09 bb 87 da e2 25 12 …pDz…%.
ssl_tls.c(1955) l=4 0020: 7e a9 76 41 1e 67 7b ec 33 c6 f3 9c 5d 22 f1 6a ~.vA.g{.3…]“.j
ssl_tls.c(2025) l=3 dumping ‘expected mac’ (20 bytes)
ssl_tls.c(2025) l=3 0000: 43 c3 8d 1b 30 9d 28 71 17 35 fe 8a c8 8a 58 8e C…0.(q.5…X.
ssl_tls.c(2025) l=3 0010: 62 fe 50 ff b.P.
ssl_tls.c(2027) l=3 dumping ‘message mac’ (20 bytes)
ssl_tls.c(2027) l=3 0000: da e2 25 12 7e a9 76 41 1e 67 7b ec 33 c6 f3 9c …%.~.vA.g{.3…
ssl_tls.c(2027) l=3 0010: 5d 22 f1 6a ]”.j
ssl_tls.c(3760) l=1 ssl_decrypt_buf() returned -29056 (-0x7180)
ssl_tls.c(3820) l=1 mbedtls_ssl_read_record_layer() returned -29056 (-0x7180)
ssl_tls.c(5421) l=1 mbedtls_ssl_read_record() returned -29056 (-0x7180)
ssl_tls.c(6764) l=2 <= handshake
mbedtls_ssl_handshake failed: -29056
ssl_tls.c(7542) l=2 => free
ssl_tls.c(7607) l=2 <= free
config file
#ifndef MBEDTLS_CONFIG_H
#define MBEDTLS_CONFIG_H
#define MBEDTLS_DEBUG_C
#define MBEDTLS_NO_PLATFORM_ENTROPY
/* mbed TLS feature support */
#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
#define MBEDTLS_SSL_PROTO_TLS1_2
/* mbed TLS modules */
#define MBEDTLS_AES_C
#define MBEDTLS_CIPHER_MODE_CBC
#define MBEDTLS_CIPHER_C
#define MBEDTLS_CTR_DRBG_C
#define MBEDTLS_ENTROPY_C
#define MBEDTLS_MD_C
#define MBEDTLS_SHA1_C
#define MBEDTLS_SHA256_C
#define MBEDTLS_SSL_SRV_C
#define MBEDTLS_SSL_TLS_C
#define MBEDTLS_CERTS_C
#define MBEDTLS_PEM_PARSE_C
#define MBEDTLS_BASE64_C
#define MBEDTLS_X509_CRT_PARSE_C
#define MBEDTLS_X509_USE_C
#define MBEDTLS_BIGNUM_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_PK_PARSE_C
#define MBEDTLS_PK_C
#define MBEDTLS_RSA_C
#define MBEDTLS_PKCS1_V15
#define MBEDTLS_OID_C
//#define
//#define
//#define
/* Save RAM at the expense of ROM */
#define MBEDTLS_AES_ROM_TABLES
#define MBEDTLS_ENTROPY_MAX_SOURCES 2
/*
- Use only CCM_8 ciphersuites, and
- save ROM and a few bytes of RAM by specifying our own ciphersuite list
*/
#define MBEDTLS_SSL_CIPHERSUITES
MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8,
MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8,
MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA,
MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
/*
- Save RAM at the expense of interoperability: do this only if you controltype
- both ends of the connection! (See comments in “mbedtls/ssl.h”.)
- The optimal size here depends on the typical size of records.
*/
#define MBEDTLS_SSL_MAX_CONTENT_LEN 3072
#include “mbedtls/check_config.h”
#endif /* MBEDTLS_CONFIG_H */