Open martiwi opened 7 years ago
I'll take a look, but in the meantime could you clarify exactly what code you are running here (and what version of BC)?
Thanks. I use the BC v1.58-SNAPSHOT https://github.com/bcgit/bc-java/commit/890fed48252a067a68603e75edba2c53f021d440
Here the piece of code:
Client side
private class TestTlsClient extends DefaultTlsClient {
private TestTlsClient() {
super(new BcTlsCrypto(new SecureRandom()));
}
@Override
public int[] getCipherSuites() {
return new int[]{CipherSuite.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256};
}
@Override
public TlsAuthentication getAuthentication() throws IOException {
return new TestTlsAuthentication(this.context);
}
}
private class TestTlsAuthentication implements TlsAuthentication {
private final TlsClientContext clientContext;
public TestTlsAuthentication(TlsClientContext context) {
this.clientContext = context;
}
@Override
public TlsCredentials getClientCredentials(CertificateRequest certificateRequest) throws IOException {
AsymmetricKeyParameter asymmetricKeyParameter = PrivateKeyFactory.createKey(privateKey.getEncoded());
return new BcDefaultTlsCredentialedAgreement(new BcTlsCrypto(new SecureRandom()), certificate, asymmetricKeyParameter);
}
}
Server
public class MockTlsServer extends DefaultTlsServer {
MockTlsServer() {
super(new BcTlsCrypto(new SecureRandom()));
}
@Override
protected int[] getCipherSuites() {
return new int[]{CipherSuite.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256};
}
@Override
protected ProtocolVersion getMaximumVersion() {
return ProtocolVersion.TLSv12;
}
@Override
public void notifyAlertRaised(short alertLevel, short alertDescription, String message, Throwable cause) {
System.out.println("----------------------------- SERVER------------------------------");
System.out.println("TLS server raised alert: " + AlertLevel.getText(alertLevel)
+ ", " + AlertDescription.getText(alertDescription));
if (message != null) {
System.out.println("> " + message);
}
if (cause != null) {
cause.printStackTrace();
}
}
@Override
public CertificateRequest getCertificateRequest() throws IOException {
short[] certificateTypes = new short[]{ClientCertificateType.ecdsa_fixed_ecdh};
Vector serverSigAlgs = null;
if (TlsUtils.isSignatureAlgorithmsExtensionAllowed(serverVersion)) {
serverSigAlgs = TlsUtils.getDefaultSupportedSignatureAlgorithms(context);
}
Vector certificateAuthorities = new Vector();
return new CertificateRequest(certificateTypes, serverSigAlgs, certificateAuthorities);
}
@Override
public TlsCredentials getCredentials() throws IOException {
return TlsTestUtils.loadAgreementCredentials(context,
new String[]{"/com/test/security/tls/wolf/server-ecc.pem"},
"/com/test/security/tls/wolf/ecc-keyPkcs8.pem");
}
}
Thanks for the detail. I've now tracked down the problem(s) and fixed them in our git (delayed mirror to github). We'll try to get a new beta up in the next day or two - please confirm the fix when you are able.
Please prefer to use the ephemeral (i.e.. ECDHE) cipher suites wherever possible.
@martiwi Were you able to confirm this resolved the issue for you (with either v1.58 or the latest beta at https://downloads.bouncycastle.org/betas/)?
When running server and client with CipherSuite it's working fine.
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
But when adapting the Client and Server to use the CipherSuiteTLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
I got the following error:
Caused by: org.bouncycastle.tls.TlsFatalAlert: bad_record_mac(20) at org.bouncycastle.tls.crypto.impl.TlsBlockCipher.decodeCiphertext(TlsBlockCipher.java:315) at org.bouncycastle.tls.RecordStream.decodeAndVerify(RecordStream.java:232) at org.bouncycastle.tls.RecordStream.readRecord(RecordStream.java:221) at org.bouncycastle.tls.TlsProtocol.safeReadRecord(TlsProtocol.java:594) at org.bouncycastle.tls.TlsProtocol.offerInput(TlsProtocol.java:862)
Below all exchanges between the client and the server: