TlsFatalAlert: bad_record_mac(20)

[sonny82]

Hi,

I'm trying to use your library by using a real device but I'm getting the following error during the handshake (Cipher suite TCipherSuite.TLS_PSK_WITH_AES_128_CCM_8):

Org.BouncyCastle.Crypto.Tls.TlsFatalAlert: bad_recordmac(20) ---> Org.BouncyCastle.Crypto.InvalidCipherTextException: mac check in CCM failed at Org.BouncyCastle.Crypto.Modes.CcmBlockCipher.ProcessPacket(Byte[] input, Int32 inOff, Int32 inLen, Byte[] output, Int32 outOff) in //crypto/src/crypto/modes/CcmBlockCipher.cs:line 336 at Org.BouncyCastle.Crypto.Modes.CcmBlockCipher.DoFinal(Byte[] outBytes, Int32 outOff) in //crypto/src/crypto/modes/CcmBlockCipher.cs:line 157 at Org.BouncyCastle.Crypto.Tls.TlsAeadCipher.DecodeCiphertext(Int64 seqNo, Byte type, Byte[] ciphertext, Int32 offset, Int32 len) in //crypto/src/crypto/tls/TlsAeadCipher.cs:line 219

I also tried changing Cipher suite to TLS_PSK_WITH_AES_128_CBC_SHA256. This also doesn't work, I'm getting the following error:

Org.BouncyCastle.Crypto.Tls.TlsFatalAlert: bad_record_mac(20) at Org.BouncyCastle.Crypto.Tls.TlsBlockCipher.DecodeCiphertext(Int64 seqNo, Byte type, Byte[] ciphertext, Int32 offset, Int32 len) at DTLS.ServerHandshake.ProcessHandshake(DTLSRecord record) in C:\Users\MarcelKrizevnik\source\repos\Nomnio.DTLS.Net\Nomnio.DTLS.Net\ServerHandshake.cs:line 97 at DTLS.Server._ProcessRecord(SocketAddress address, Session session, DTLSRecord record) in C:\Users\MarcelKrizevnik\source\repos\Nomnio.DTLS.Net\Nomnio.DTLS.Net\Server.cs:line 392

This works with original DTLS.Net library. Do you maybe have any idea what could be wrong here? I saw that a similar issue has already been opened about a year ago, but then it was closed without any comment.

Best regards, Sonny

[kdurkin77]

I did not see that previous issue that was opened, I wasn't getting notifications apparently but have fixed that now. It's been a while since I've worked on this library. It does seem like I received that error at some point but I cannot recall offhand what the problem was, maybe something with the padding.

I'll look into the code and try to see what changes there were regarding this and let you know what I find.

Would you mind sharing your code?

[sonny82]

Unfortunatelly I do not have a test to reproduce this issue. Using a TestClient it works, it fails when using a real client (Elvaco NB-IoT module). Would it help if I provide Wireshark dump?

[PJ-Kowalski]

sonny82 did You solve this issue? i have currently identical problem (also Elvaco module) But in my case don't work also witch DTLS.Net

[sonny82]

Hi @PJ-Kowalski ,

we gave up and are now using Eclipse Scandium/Californium/Leshan stack (Java implementation):

• MQTT-SN server (Scandium)
• LWM2M Device mgmt server & Bootstrap Server (Leshan)

[PJ-Kowalski]

That's not good news ;) Thanks for info

[sonny82]

It was not just this problem. DTLS.Net (both original and DTLS2.Net) have several limitations:

• No ConnectionID support
• No graceful shutdown (all DTLS connections are lost on restart which means new handshakes are needed)
• etc.

I don't think this library is production-ready. I did quite a lot of research back then, tried out several libraries and tools and did not find and good library in .Net. Maybe there some new projects now that I'm not familiar with. Have you considered using WolfSSL .Net library? It also supports DTLS server.

However, if you are familiar with Java I would propose using Eclipse Scandium/Californium/Leshan stack.

[PJ-Kowalski]

Big thanks for advice, i will try WolfSSL, currently my MQTT-SN gateway is coded in .Net so i will tray to find some solution in c#

[kdurkin77]

I recently discovered that 2 extensions were being sent in the client hello messages that weren't actually implemented - encrypt then mac and extended master secret. The latest release has extended master secret actually implemented and stopped sending encrypt then mac in the client hello. I'm wondering if that could have been the cause of these issues