TLS error with CipherSuite TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256

martiwi commented 7 years ago

When running server and client with CipherSuite it's working fine. TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 But when adapting the Client and Server to use the CipherSuite TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256

I got the following error: Caused by: org.bouncycastle.tls.TlsFatalAlert: bad_record_mac(20) at org.bouncycastle.tls.crypto.impl.TlsBlockCipher.decodeCiphertext(TlsBlockCipher.java:315) at org.bouncycastle.tls.RecordStream.decodeAndVerify(RecordStream.java:232) at org.bouncycastle.tls.RecordStream.readRecord(RecordStream.java:221) at org.bouncycastle.tls.TlsProtocol.safeReadRecord(TlsProtocol.java:594) at org.bouncycastle.tls.TlsProtocol.offerInput(TlsProtocol.java:862)

Below all exchanges between the client and the server:

>---- CLIENT send Hex: 1603030078010000740303d934e0dbcf6179cd5684318a4747bfb328388c53fc880d0e8a883209948281ed000004c00400ff010000470017000000160000000a0006000400170018000500050100000000000d0020001e020103010401050106010202030204020502060202030303040305030603000b000403000102
<---- SERVER receive Hex: 1603030078010000740303d934e0dbcf6179cd5684318a4747bfb328388c53fc880d0e8a883209948281ed000004c00400ff010000470017000000160000000a0006000400170018000500050100000000000d0020001e020103010401050106010202030204020502060202030303040305030603000b000403000102
TLS server negotiated TLS 1.2
TLS server get certificate request
>---- SERVER send Hex: 1603030045020000410303d8ab8dcfda3d620179e256046fcf5e2a38c23f2d5c3c35c83804f8055fa1e25800c004000019000500000017000000160000ff01000100000b00040300010216030304630b00045f00045c00022b30820227308201cea003020102020900aa5e07c6314e02a9300906072a8648ce3d04013045310b3009060355040613024155311330110603550408130a536f6d652d53746174653121301f060355040a1318496e7465726e6574205769646769747320507479204c7464301e170d3137303732353132353235375a170d3236313031313132353235375a3045310b3009060355040613024155311330110603550408130a536f6d652d53746174653121301f060355040a1318496e7465726e6574205769646769747320507479204c74643059301306072a8648ce3d020106082a8648ce3d03010703420004fa9324577c8ecb5db62bbd7124c43c7c0864166bee38215547d2a4e81022a46df95328bfe3697184b96886d31550645168bfd2c035b91952a701943cad25de1aa381a73081a4301d0603551d0e0416041457ba11a0292e3685f76f7ba741fe3885d93ab47b30750603551d23046e306c801457ba11a0292e3685f76f7ba741fe3885d93ab47ba149a4473045310b3009060355040613024155311330110603550408130a536f6d652d53746174653121301f060355040a1318496e7465726e6574205769646769747320507479204c7464820900aa5e07c6314e02a9300c0603551d13040530030101ff300906072a8648ce3d04010348003045022100e0e36d7cb78210359e22ad9cf2fd28b14d75a919af7cf6d7f813e539cb98ce8f02207221947dbbd73f050cfa35b2c1e9085e0d5791e9b5307e8917b274cc59ffe12d00022b30820227308201cea0030201020209008397bea900fcbdb4300906072a8648ce3d04013045310b3009060355040613024155311330110603550408130a536f6d652d53746174653121301f060355040a1318496e7465726e6574205769646769747320507479204c7464301e170d3137303732353132353331355a170d3236313031313132353331355a3045310b3009060355040613024155311330110603550408130a536f6d652d53746174653121301f060355040a1318496e7465726e6574205769646769747320507479204c74643059301306072a8648ce3d020106082a8648ce3d030107034200046dcc67429c7753bd15f395aa40f5470ee3ee71957640d4df616092eaf89ba5a76b67335d808de1c66d823ce6210731a311243b6448ab6349034a532ac4482648a381a73081a4301d0603551d0e041604141914ca5cdab6a447ba4eb32eeae18a1010629f2730750603551d23046e306c80141914ca5cdab6a447ba4eb32eeae18a1010629f27a149a4473045310b3009060355040613024155311330110603550408130a536f6d652d53746174653121301f060355040a1318496e7465726e6574205769646769747320507479204c74648209008397bea900fcbdb4300c0603551d13040530030101ff300906072a8648ce3d04010348003045022100c135e374d013e8b20f9ff54b208da6f45f9f740690bec896e4c059c8df48f10802205e074e2a9ce23b6d762375e8ff8ff747461d6f2692aad8f02bf12785d552d79816030300280d0000240142001e020103010401050106010202030204020502060202030303040305030603000016030300040e000000
<---- CLIENT receive Hex: 1603030045020000410303d8ab8dcfda3d620179e256046fcf5e2a38c23f2d5c3c35c83804f8055fa1e25800c004000019000500000017000000160000ff01000100000b00040300010216030304630b00045f00045c00022b30820227308201cea003020102020900aa5e07c6314e02a9300906072a8648ce3d04013045310b3009060355040613024155311330110603550408130a536f6d652d53746174653121301f060355040a1318496e7465726e6574205769646769747320507479204c7464301e170d3137303732353132353235375a170d3236313031313132353235375a3045310b3009060355040613024155311330110603550408130a536f6d652d53746174653121301f060355040a1318496e7465726e6574205769646769747320507479204c74643059301306072a8648ce3d020106082a8648ce3d03010703420004fa9324577c8ecb5db62bbd7124c43c7c0864166bee38215547d2a4e81022a46df95328bfe3697184b96886d31550645168bfd2c035b91952a701943cad25de1aa381a73081a4301d0603551d0e0416041457ba11a0292e3685f76f7ba741fe3885d93ab47b30750603551d23046e306c801457ba11a0292e3685f76f7ba741fe3885d93ab47ba149a4473045310b3009060355040613024155311330110603550408130a536f6d652d53746174653121301f060355040a1318496e7465726e6574205769646769747320507479204c7464820900aa5e07c6314e02a9300c0603551d13040530030101ff300906072a8648ce3d04010348003045022100e0e36d7cb78210359e22ad9cf2fd28b14d75a919af7cf6d7f813e539cb98ce8f02207221947dbbd73f050cfa35b2c1e9085e0d5791e9b5307e8917b274cc59ffe12d00022b30820227308201cea0030201020209008397bea900fcbdb4300906072a8648ce3d04013045310b3009060355040613024155311330110603550408130a536f6d652d53746174653121301f060355040a1318496e7465726e6574205769646769747320507479204c7464301e170d3137303732353132353331355a170d3236313031313132353331355a3045310b3009060355040613024155311330110603550408130a536f6d652d53746174653121301f060355040a1318496e7465726e6574205769646769747320507479204c74643059301306072a8648ce3d020106082a8648ce3d030107034200046dcc67429c7753bd15f395aa40f5470ee3ee71957640d4df616092eaf89ba5a76b67335d808de1c66d823ce6210731a311243b6448ab6349034a532ac4482648a381a73081a4301d0603551d0e041604141914ca5cdab6a447ba4eb32eeae18a1010629f2730750603551d23046e306c80141914ca5cdab6a447ba4eb32eeae18a1010629f27a149a4473045310b3009060355040613024155311330110603550408130a536f6d652d53746174653121301f060355040a1318496e7465726e6574205769646769747320507479204c74648209008397bea900fcbdb4300c0603551d13040530030101ff300906072a8648ce3d04010348003045022100c135e374d013e8b20f9ff54b208da6f45f9f740690bec896e4c059c8df48f10802205e074e2a9ce23b6d762375e8ff8ff747461d6f2692aad8f02bf12785d552d79816030300280d0000240142001e020103010401050106010202030204020502060202030303040305030603000016030300040e000000
TlsClient : notifySecureRenegotiation
TLS client received server certificate
>---- CLIENT send Hex: 16030302350b00023100022e00022b30820227308201cea0030201020209008397bea900fcbdb4300906072a8648ce3d04013045310b3009060355040613024155311330110603550408130a536f6d652d53746174653121301f060355040a1318496e7465726e6574205769646769747320507479204c7464301e170d3137303732353132353331355a170d3236313031313132353331355a3045310b3009060355040613024155311330110603550408130a536f6d652d53746174653121301f060355040a1318496e7465726e6574205769646769747320507479204c74643059301306072a8648ce3d020106082a8648ce3d030107034200046dcc67429c7753bd15f395aa40f5470ee3ee71957640d4df616092eaf89ba5a76b67335d808de1c66d823ce6210731a311243b6448ab6349034a532ac4482648a381a73081a4301d0603551d0e041604141914ca5cdab6a447ba4eb32eeae18a1010629f2730750603551d23046e306c80141914ca5cdab6a447ba4eb32eeae18a1010629f27a149a4473045310b3009060355040613024155311330110603550408130a536f6d652d53746174653121301f060355040a1318496e7465726e6574205769646769747320507479204c74648209008397bea900fcbdb4300c0603551d13040530030101ff300906072a8648ce3d04010348003045022100c135e374d013e8b20f9ff54b208da6f45f9f740690bec896e4c059c8df48f10802205e074e2a9ce23b6d762375e8ff8ff747461d6f2692aad8f02bf12785d552d7981603030004100000001403030001011603030044006719410104b77697d11a78f897428ee86dfdb2e10f1347883fbd269e2583fe45289a84723a69453fe218b55d7e1660ec7303e723cdba21130ddfcdc93097f36ec2de2b
<---- SERVER receive Hex: 16030302350b00023100022e00022b30820227308201cea0030201020209008397bea900fcbdb4300906072a8648ce3d04013045310b3009060355040613024155311330110603550408130a536f6d652d53746174653121301f060355040a1318496e7465726e6574205769646769747320507479204c7464301e170d3137303732353132353331355a170d3236313031313132353331355a3045310b3009060355040613024155311330110603550408130a536f6d652d53746174653121301f060355040a1318496e7465726e6574205769646769747320507479204c74643059301306072a8648ce3d020106082a8648ce3d030107034200046dcc67429c7753bd15f395aa40f5470ee3ee71957640d4df616092eaf89ba5a76b67335d808de1c66d823ce6210731a311243b6448ab6349034a532ac4482648a381a73081a4301d0603551d0e041604141914ca5cdab6a447ba4eb32eeae18a1010629f2730750603551d23046e306c80141914ca5cdab6a447ba4eb32eeae18a1010629f27a149a4473045310b3009060355040613024155311330110603550408130a536f6d652d53746174653121301f060355040a1318496e7465726e6574205769646769747320507479204c74648209008397bea900fcbdb4300c0603551d13040530030101ff300906072a8648ce3d04010348003045022100c135e374d013e8b20f9ff54b208da6f45f9f740690bec896e4c059c8df48f10802205e074e2a9ce23b6d762375e8ff8ff747461d6f2692aad8f02bf12785d552d7981603030004100000001403030001011603030044006719410104b77697d11a78f897428ee86dfdb2e10f1347883fbd269e2583fe45289a84723a69453fe218b55d7e1660ec7303e723cdba21130ddfcdc93097f36ec2de2b
TLS server received client certificate chain of length 1
    fingerprint:SHA-256 71:AD:CE:39:93:23:6A:D9:08:83:C7:D9:18:88:7D:9C:55:75:2D:F4:68:F6:54:9F:5A:E8:70:56:25:8C:C8:81 (C=AU,ST=Some-State,O=Internet Widgits Pty Ltd)
TLS server raised alert: fatal(2), bad_record_mac(20)
> Failed to read record : org.bouncycastle.tls.TlsFatalAlert: bad_record_mac(20)

peterdettman commented 7 years ago

I'll take a look, but in the meantime could you clarify exactly what code you are running here (and what version of BC)?

martiwi commented 7 years ago

Thanks. I use the BC v1.58-SNAPSHOT https://github.com/bcgit/bc-java/commit/890fed48252a067a68603e75edba2c53f021d440

Here the piece of code:

Client side

private class TestTlsClient extends DefaultTlsClient {

    private TestTlsClient() {
        super(new BcTlsCrypto(new SecureRandom()));
    }

    @Override
    public int[] getCipherSuites() {
        return new int[]{CipherSuite.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256};
    }

    @Override
    public TlsAuthentication getAuthentication() throws IOException {
        return new TestTlsAuthentication(this.context);
    }
}

private class TestTlsAuthentication implements TlsAuthentication {

        private final TlsClientContext clientContext;

        public TestTlsAuthentication(TlsClientContext context) {
            this.clientContext = context;
        }

        @Override
        public TlsCredentials getClientCredentials(CertificateRequest certificateRequest) throws IOException {
            AsymmetricKeyParameter asymmetricKeyParameter = PrivateKeyFactory.createKey(privateKey.getEncoded());

            return new BcDefaultTlsCredentialedAgreement(new BcTlsCrypto(new SecureRandom()), certificate, asymmetricKeyParameter);
        }
    }

Server


public class MockTlsServer extends DefaultTlsServer {

MockTlsServer() {
    super(new BcTlsCrypto(new SecureRandom()));
}

@Override
protected int[] getCipherSuites() {
    return new int[]{CipherSuite.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256};
}

@Override
protected ProtocolVersion getMaximumVersion() {
    return ProtocolVersion.TLSv12;
}

@Override
public void notifyAlertRaised(short alertLevel, short alertDescription, String message, Throwable cause) {
    System.out.println("----------------------------- SERVER------------------------------");
    System.out.println("TLS server raised alert: " + AlertLevel.getText(alertLevel)
            + ", " + AlertDescription.getText(alertDescription));
    if (message != null) {
        System.out.println("> " + message);
    }
    if (cause != null) {
        cause.printStackTrace();
    }
}

@Override
public CertificateRequest getCertificateRequest() throws IOException {
    short[] certificateTypes = new short[]{ClientCertificateType.ecdsa_fixed_ecdh};

    Vector serverSigAlgs = null;
    if (TlsUtils.isSignatureAlgorithmsExtensionAllowed(serverVersion)) {
        serverSigAlgs = TlsUtils.getDefaultSupportedSignatureAlgorithms(context);
    }

    Vector certificateAuthorities = new Vector();
    return new CertificateRequest(certificateTypes, serverSigAlgs, certificateAuthorities);
}

@Override
public TlsCredentials getCredentials() throws IOException {
    return TlsTestUtils.loadAgreementCredentials(context,
            new String[]{"/com/test/security/tls/wolf/server-ecc.pem"},
            "/com/test/security/tls/wolf/ecc-keyPkcs8.pem");
}

}

peterdettman commented 7 years ago

Thanks for the detail. I've now tracked down the problem(s) and fixed them in our git (delayed mirror to github). We'll try to get a new beta up in the next day or two - please confirm the fix when you are able.

Please prefer to use the ephemeral (i.e.. ECDHE) cipher suites wherever possible.

peterdettman commented 7 years ago

@martiwi Were you able to confirm this resolved the issue for you (with either v1.58 or the latest beta at https://downloads.bouncycastle.org/betas/)?

bcgit / bc-java

TLS error with CipherSuite TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 #204