search

boncey / Flickr4Java

Java API For Flickr. Fork of FlickrJ
BSD 2-Clause "Simplified" License
174 stars 155 forks source link

bad record mac Alert- While using GCM #688

Closed AhamedFayaz closed 1 year ago

AhamedFayaz commented 1 year ago

Hi,

I am working on ssl client (Mocana ssl )because of some server update I was enabling the cipher TLS_DHE_RSA_WITH_AES_128_GCM_SHA256. While handshake with server I was facing bad record mac Alert message from the server.

I was verified the time stamp and encryption status that are correct. That doesn't make any problem. I have no idea how to debug kindly give me the support how to debug.

I have got the gcm code from https://github.com/BrianGladman/modes/blob/master/gcm.h

STATUS gcm_cipher_256b(BulkCtx ctx, ubyte nonce, ubyte4 nlen, ubyte adata, ubyte4 alen, ubyte* data, ubyte4 dlen, ubyte4 verifyLen, sbyte4 encrypt) {

gcm_ctx ptr_gcm_ctx = (gcm_ctx )ctx; char tag[2][16]={0};

return (STATUS)gcm_encrypt_message(nonce, nlen, adata, alen, data, dlen, tag[0], verifyLen, ptr_gcm_ctx); }

Regards, AhamedFayaz M

AhamedFayaz commented 1 year ago

========================================================== typedef struct gcm_ctx_256b { ubyte4 table[16][4]; ubyte4 tag4[4]; ubyte4 s[4]; sbyte4 hashBufferIndex; ubyte hashBuffer[AES_BLOCK_SIZE]; ubyte4 alen; ubyte4 dlen; AES_CTR_Ctx ctx; } gcm_ctx_256b;

typedef struct aesCTRCipherContext { aesCipherContext ctx; union { ubyte counterBlock[AES_BLOCK_SIZE]; / counter block / ubyte4 ctr[4]; } u; ubyte encBlock[AES_BLOCK_SIZE]; / encrypted counter block / ubyte offset; / offset of unused byte in the encBlock / } aesCTRCipherContext, AES_CTR_Ctx;

=========================================================== typedef struct {

gf_t256_a       gf_t256;                /* table 256*/
gcm_buf_t       ctr_val;                /* CTR counter value            */
gcm_buf_t       enc_ctr;                /* encrypted CTR block          */
gcm_buf_t       hdr_ghv;                /* ghash buffer (header)        */
gcm_buf_t       txt_ghv;                /* ghash buffer (ciphertext)    */
gf_t            ghash_h;                /* ghash H value                */
aes_encrypt_ctx aes[1];                 /* AES encryption context       */
uint_32t        y0_val;                 /* initial counter value        */
uint_32t        hdr_cnt;                /* header bytes so far          */
uint_32t        txt_ccnt;               /* text bytes so far (encrypt)  */
uint_32t        txt_acnt;               /* text bytes so far (auth)     */

} gcm_ctx;

https://github.com/BrianGladman/modes/blob/master/gcm.h

https://security.stackexchange.com/questions/100449/what-difference-between-aes-128-gcm-and-aes-128-and-aes-128-cbc-ciphers https://www.ietf.org/rfc/rfc5246.txt

AhamedFayaz commented 1 year ago

https://www.youtube.com/watch?v=ZkL10eoG1PY https://www.thesslstore.com/blog/explaining-ssl-handshake/ https://www.rfc-editor.org/rfc/rfc5246 https://security.stackexchange.com/questions/187016/where-is-hashing-used-in-the-tls-handshake