1 (edited by hstr 2016-08-04 04:06:15)

Topic: Error -501 with ECDHE-ECDSA-AES128-GCM-SHA256

Hello,

currently I am compiling my TLS client (wolfssl-3.9.6) with

#define WOLFSSL_LWIP
#define SIZEOF_LONG 4
#define SIZEOF_LONG_LONG 8
#define NO_WRITEV
#define NO_FILESYSTEM
#define USE_CERT_BUFFERS_1024
#define SINGLE_THREADED
#define CHAR_BIT 8
#define TFM_NO_ASM
#define USER_TIME
#define USER_TICKS
#define USE_FAST_MATH
#define NO_DEV_RANDOM
#define NO_WOLFSSL_SERVER
#define NO_OLD_TLS
#define NO_DES3
#define NO_ERROR_STRINGS
#define NO_MD4
#define NO_PSK
#define NO_RC4
#define NO_RABBIT

#define HAVE_ECC
#define HAVE_AESGCM
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

and my TLS server (wolfssl-3.9.6) with

#define WOLFSSL_LWIP
#define SIZEOF_LONG 4
#define SIZEOF_LONG_LONG 8
#define NO_WRITEV
#define NO_FILESYSTEM
#define USE_CERT_BUFFERS_1024
#define SINGLE_THREADED
#define CHAR_BIT 8
#define TFM_NO_ASM
#define USER_TIME
#define USER_TICKS
#define NO_DEV_RANDOM
#define NO_WOLFSSL_CLIENT
#define NO_OLD_TLS
#define NO_DES3
#define NO_ERROR_STRINGS
#define NO_MD4
#define NO_PSK
#define NO_RC4
#define NO_RABBIT

#define HAVE_ECC
#define HAVE_AESGCM
#define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

After the start the client is trying to connect to the server with "wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-ECDSA-AES128-GCM-SHA256");". However I get an error at the server side stating error = -501, which means that the cipher suite can't be matched and there is no response from the server to the Client Hello message.

Strangely the connection works perfectly fine when "ECDHE-RSA-AES128-GCM-SHA256" is used at the client and both are compiled with "BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256". So my guess is that there are some issues with the ECDSA algorithm.

Could you please provide me some help with this issue?

EDIT:
I just saw that there is no ecc key and ecc cert in the certs_test.h file, so this could also be problematic later on. However I can just disable the verification at the client for testing purposes. But currently I am still stuck at the Client Hello. (Maybe ecc stuff could also be added in certs_test.h for future wolfSSL versions so it also works on boards without file system)

Best regards
hstr

Share

Re: Error -501 with ECDHE-ECDSA-AES128-GCM-SHA256

Hi Hstr,

You'll also need to define HAVE_TLS_EXTENSIONS and HAVE_SUPPORTED_CURVES. Also you won't need to define "BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" as that is done automatically in internal.h when ECC, AES-GCM and SHA256 are enabled.

I see what you mean about the ecc-key and ecc-cert not being in the certs_test.h file. I'll see about getting that updated. Thanks for bringing that to our attention.

Thanks,
David Garske

Share

Re: Error -501 with ECDHE-ECDSA-AES128-GCM-SHA256

Hi Hstr,

I've added the ECC keys/certs to the certs_test.h on a branch. Still some work to do so the test code uses them in a NO_FILESYSTEM scenario. However if you want to use those as static const byte arrays they are there for you.

https://github.com/dgarske/wolfssl/comm … ec3da4f289

David

Share

4 (edited by hstr 2016-08-04 23:32:08)

Re: Error -501 with ECDHE-ECDSA-AES128-GCM-SHA256

Hi David,

thank you very much for the fast reply and the file update.

I have added HAVE_TLS_EXTENSIONS and HAVE_SUPPORTED_CURVES to the client and the server. Unfortunately the error is still -501.

About the byte arrays I am note quite sure which one should be used for what purpose. In the server-tls-ecdhe.c example the file server-ecc.pem is used as certificate and the file ecc-key.pem is used as private key. In the client-tls-ecdhe.c example the file server-ecc.pem is used as CA certificate. However the file server-ecc.pem is not included in your byte arrays (I assume that ecc-key.pem equals ecc-key.der, which is included in your byte array).

Finally I think the lack of the ECC certificate might be the overall problem, since I just enabled the debug flag and got the message "Not ECDSA cert signature".

EDIT:
Could you please tell me how to convert a .pem/.der file to a byte array as used in certs_test? So I can do that on my own and don't have to bother you.

Best regards
hstr

Share

5 (edited by hstr 2016-08-05 00:59:12)

Re: Error -501 with ECDHE-ECDSA-AES128-GCM-SHA256

Ok, I just fixed the problem, it works now with ECDHE-ECDSA-AES128-GCM-SHA256 and no filesystem.

For people who got the same problem, at first you need to add the following in the certs_test.h file:

/* ./certs/server-ecc.der */
static const unsigned char server_ecc_der[] =
{
        0x30, 0x82, 0x03, 0x0F, 0x30, 0x82, 0x02, 0xB5, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00,
        0xB2, 0x37, 0x31, 0x16, 0xF6, 0x5A, 0x0A, 0x06, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE,
        0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, 0x8F, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
        0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, 0x57,
        0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55,
        0x04, 0x07, 0x0C, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6C, 0x65, 0x31, 0x10, 0x30, 0x0E, 0x06,
        0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07, 0x45, 0x6C, 0x69, 0x70, 0x74, 0x69, 0x63, 0x31, 0x0C, 0x30,
        0x0A, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x03, 0x45, 0x43, 0x43, 0x31, 0x18, 0x30, 0x16, 0x06,
        0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73,
        0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7,
        0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73,
        0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x35, 0x30, 0x35, 0x30, 0x37,
        0x31, 0x38, 0x32, 0x31, 0x30, 0x31, 0x5A, 0x17, 0x0D, 0x31, 0x38, 0x30, 0x31, 0x33, 0x31, 0x31,
        0x38, 0x32, 0x31, 0x30, 0x31, 0x5A, 0x30, 0x81, 0x8F, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55,
        0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C,
        0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06,
        0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6C, 0x65, 0x31, 0x10, 0x30,
        0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07, 0x45, 0x6C, 0x69, 0x70, 0x74, 0x69, 0x63, 0x31,
        0x0C, 0x30, 0x0A, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x03, 0x45, 0x43, 0x43, 0x31, 0x18, 0x30,
        0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66,
        0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48,
        0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C,
        0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86,
        0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03,
        0x42, 0x00, 0x04, 0xBB, 0x33, 0xAC, 0x4C, 0x27, 0x50, 0x4A, 0xC6, 0x4A, 0xA5, 0x04, 0xC3, 0x3C,
        0xDE, 0x9F, 0x36, 0xDB, 0x72, 0x2D, 0xCE, 0x94, 0xEA, 0x2B, 0xFA, 0xCB, 0x20, 0x09, 0x39, 0x2C,
        0x16, 0xE8, 0x61, 0x02, 0xE9, 0xAF, 0x4D, 0xD3, 0x02, 0x93, 0x9A, 0x31, 0x5B, 0x97, 0x92, 0x21,
        0x7F, 0xF0, 0xCF, 0x18, 0xDA, 0x91, 0x11, 0x02, 0x34, 0x86, 0xE8, 0x20, 0x58, 0x33, 0x0B, 0x80,
        0x34, 0x89, 0xD8, 0xA3, 0x81, 0xF7, 0x30, 0x81, 0xF4, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E,
        0x04, 0x16, 0x04, 0x14, 0x5D, 0x5D, 0x26, 0xEF, 0xAC, 0x7E, 0x36, 0xF9, 0x9B, 0x76, 0x15, 0x2B,
        0x4A, 0x25, 0x02, 0x23, 0xEF, 0xB2, 0x89, 0x30, 0x30, 0x81, 0xC4, 0x06, 0x03, 0x55, 0x1D, 0x23,
        0x04, 0x81, 0xBC, 0x30, 0x81, 0xB9, 0x80, 0x14, 0x5D, 0x5D, 0x26, 0xEF, 0xAC, 0x7E, 0x36, 0xF9,
        0x9B, 0x76, 0x15, 0x2B, 0x4A, 0x25, 0x02, 0x23, 0xEF, 0xB2, 0x89, 0x30, 0xA1, 0x81, 0x95, 0xA4,
        0x81, 0x92, 0x30, 0x81, 0x8F, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
        0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, 0x57, 0x61, 0x73,
        0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07,
        0x0C, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6C, 0x65, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55,
        0x04, 0x0A, 0x0C, 0x07, 0x45, 0x6C, 0x69, 0x70, 0x74, 0x69, 0x63, 0x31, 0x0C, 0x30, 0x0A, 0x06,
        0x03, 0x55, 0x04, 0x0B, 0x0C, 0x03, 0x45, 0x43, 0x43, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55,
        0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E,
        0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
        0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C,
        0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, 0xB2, 0x37, 0x31, 0x16, 0xF6, 0x5A, 0x0A, 0x06, 0x30,
        0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0A, 0x06,
        0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, 0x45, 0x02, 0x20,
        0x35, 0x25, 0x33, 0xEA, 0x7C, 0x3B, 0xE2, 0x2E, 0xED, 0xE4, 0x2E, 0x9A, 0x91, 0xF1, 0xC3, 0x86,
        0xFF, 0xA7, 0x27, 0x35, 0xA9, 0xF6, 0x29, 0xD6, 0xF8, 0xD5, 0x9A, 0x0B, 0x35, 0xF1, 0x21, 0xC7,
        0x02, 0x21, 0x00, 0xBC, 0x79, 0xF7, 0xFD, 0x66, 0xD4, 0xD3, 0x46, 0x61, 0xE4, 0x19, 0xE5, 0xF7,
        0x74, 0x03, 0x83, 0x27, 0xF8, 0x26, 0xC0, 0x86, 0x15, 0xA9, 0xE2, 0x10, 0xE3, 0xAD, 0x6B, 0xB9,
        0x1C, 0x1D, 0xEB
};
static const int sizeof_server_ecc_der = sizeof(server_ecc_der);

/* ./certs/ecc-key.der */
static const unsigned char ecc_key_der[] =
{
        0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x45, 0xB6, 0x69, 0x02, 0x73, 0x9C, 0x6C, 0x85, 0xA1,
        0x38, 0x5B, 0x72, 0xE8, 0xE8, 0xC7, 0xAC, 0xC4, 0x03, 0x8D, 0x53, 0x35, 0x04, 0xFA, 0x6C, 0x28,
        0xDC, 0x34, 0x8D, 0xE1, 0xA8, 0x09, 0x8C, 0xA0, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D,
        0x03, 0x01, 0x07, 0xA1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xBB, 0x33, 0xAC, 0x4C, 0x27, 0x50, 0x4A,
        0xC6, 0x4A, 0xA5, 0x04, 0xC3, 0x3C, 0xDE, 0x9F, 0x36, 0xDB, 0x72, 0x2D, 0xCE, 0x94, 0xEA, 0x2B,
        0xFA, 0xCB, 0x20, 0x09, 0x39, 0x2C, 0x16, 0xE8, 0x61, 0x02, 0xE9, 0xAF, 0x4D, 0xD3, 0x02, 0x93,
        0x9A, 0x31, 0x5B, 0x97, 0x92, 0x21, 0x7F, 0xF0, 0xCF, 0x18, 0xDA, 0x91, 0x11, 0x02, 0x34, 0x86,
        0xE8, 0x20, 0x58, 0x33, 0x0B, 0x80, 0x34, 0x89, 0xD8
};
static const int sizeof_ecc_key_der = sizeof(ecc_key_der);

Now the client needs to be changed like this:

wolfSSL_CTX_load_verify_buffer(ctx, server_ecc_der, sizeof_server_ecc_der, SSL_FILETYPE_ASN1)

And the server like this:

wolfSSL_CTX_use_certificate_buffer(ctx, server_ecc_der, sizeof_server_ecc_der, SSL_FILETYPE_ASN1)
wolfSSL_CTX_use_PrivateKey_buffer(ctx, ecc_key_der, sizeof_ecc_key_der, SSL_FILETYPE_ASN1)

Without having a ECDSA certificate set at the server there will be a -501 error.

And another thing I'd like to add, the conversion of .pem certificate to a byte array as in certs_test.h works as follows:
Convert the .pem file to .der by using openssl (https://www.openssl.org/docs/manmaster/apps/x509.html) and then convert the .der file to a byte array, this can be achieved by reusing the code from mkyong (https://www.mkyong.com/java/how-to-conv … x-in-java/).

One last point: I figured out that the connection also works without having HAVE_TLS_EXTENSIONS and HAVE_SUPPORTED_CURVES.

Share

Re: Error -501 with ECDHE-ECDSA-AES128-GCM-SHA256

Hey Hstr,

That's great you figured it out. Thanks for the report and providing the details back for other users as well.

I'm going to make some corrections to the example, since the server and client should not both be using the server-ecc.pem. It works, but its not good practice for both to be using the same private key. I will also include DER versions of these. The server-ecc.pem is a CA and should be used on the client. The server needs to get a new cert signed by that CA. I'll let you know when this has been updated.

For reference the pem to der conversion using openssl is:
openssl x509  -inform pem -in ./certs/server-ecc.pem -outform der -out ./certs/server-ecc.der

In the wolfssl directory we have a script called ./gencertbuf.pl which does the byte array conversion and builds the wolfssl/certs_test.h file.

Thanks, David Garske, wolfSSL

Share