STM32Cube_FW_F7 客户端 mbedTLS SSL 握手失败并显示 FATAL_ALERT

Posted

技术标签:

【中文标题】STM32Cube_FW_F7 客户端 mbedTLS SSL 握手失败并显示 FATAL_ALERT【英文标题】:STM32Cube_FW_F7 client mbedTLS SSL handshake fails with FATAL_ALERT 【发布时间】:2021-09-07 18:44:09 【问题描述】:

我正在尝试在我的 IoT 项目中实现 SSL 客户端。我已将在 STM32Cube_FW_F7_V1.15.0 中找到的 SSL_Client 示例复制到我的项目中,并且能够成功编译。但是 SSL 握手失败并显示 -0x7780 MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE。我附上控制台调试输出:

  . Seeding the random number generator... ok
  . Loading the CA root certificate ... ok (1 skipped)
  . Connecting to tcp/www.google.de/443... ok
  . Setting up the SSL/TLS structure... ok
  . Performing the SSL/TLS handshake...=> handshake
client state: 0
=> flush output
<= flush output
client state: 1
=> flush output
<= flush output
=> write client hello
client hello, max version: [3:3]
dumping 'client hello, random bytes' (32 bytes)
0000:  e2 13 bf 6d 61 b6 fb a6 82 a4 59 f0 0b ef e9 03  ...ma.....Y.....
0010:  44 be de 3c 49 3d 39 56 51 60 3b b6 49 c4 17 50  D..<I=9VQ`;.I..P
client hello, session id len.: 0
dumping 'client hello, session id' (0 bytes)
client hello, add ciphersuite: c02b
client hello, got 1 ciphersuites (excluding SCSVs)
adding EMPTY_RENEGOTIATION_INFO_SCSV
client hello, compress len.: 1
client hello, compress alg.: 0
client hello, adding server name extension: www.google.de
client hello, adding signature_algorithms extension
client hello, adding supported_elliptic_curves extension
client hello, adding supported_point_formats extension
client hello, adding encrypt_then_mac extension
client hello, adding extended_master_secret extension
client hello, adding session ticket extension
client hello, total extension length: 62
=> write handshake message
=> write record
output record: msgtype = 22, version = [3:3], msglen = 111
dumping 'output record sent to network' (116 bytes)
0000:  16 03 03 00 6f 01 00 00 6b 03 03 e2 13 bf 6d 61  ....o...k.....ma
0010:  b6 fb a6 82 a4 59 f0 0b ef e9 03 44 be de 3c 49  .....Y.....D..<I
0020:  3d 39 56 51 60 3b b6 49 c4 17 50 00 00 04 c0 2b  =9VQ`;.I..P....+
0030:  00 ff 01 00 00 3e 00 00 00 12 00 10 00 00 0d 77  .....>.........w
0040:  77 77 2e 67 6f 6f 67 6c 65 2e 64 65 00 0d 00 0a  ww.google.de....
0050:  00 08 04 03 04 01 03 03 03 01 00 0a 00 04 00 02  ................
0060:  00 15 00 0b 00 02 01 00 00 16 00 00 00 17 00 00  ................
0070:  00 23 00 00                                      .#..
=> flush output
message length: 116, out_left: 116
ssl->f_send() returned 116 (-0xffffff8c)
<= flush output
<= write record
<= write handshake message
<= write client hello
client state: 2
=> flush output
<= flush output
=> parse server hello
=> read record
=> fetch input
in_left: 0, nb_want: 5
in_left: 0, nb_want: 5
ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
<= fetch input
dumping 'input record header' (5 bytes)
0000:  15 03 03 00 02                                   .....
input record: msgtype = 21, version = [3:3], msglen = 2
=> fetch input
in_left: 5, nb_want: 7
in_left: 5, nb_want: 7
ssl->f_recv(_timeout)() returned 2 (-0xfffffffe)
<= fetch input
dumping 'input record from network' (7 bytes)
0000:  15 03 03 00 02 02 28                             ......(
got an alert message, type: [2:40]
is a fatal alert message (msg 40)
mbedtls_ssl_handle_message_type() returned -30592 (-0x7780)
mbedtls_ssl_read_record() returned -30592 (-0x7780)
ERR
<= handshake
 failed
  ! mbedtls_ssl_handshake returned -0x7780

非常感谢任何帮助!

更新: 问题是密钥交换方法。只有MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 处于活动状态。在我添加MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED(以及所需的MBEDTLS_RSA_CMBEDTLS_PKCS1_V21MBEDTLS_PKCS1_V15)之后,握手发生了。非常感谢 Gilles 为我指明了正确的方向

【问题讨论】:

【参考方案1】:

连接失败是因为服务器在收到第一条 TLS 消息 (ClientHello) 后决定立即关闭连接。它正在发送alert 40,即“握手失败”。不幸的是,这是一个通用的“我不喜欢我听到的,我不能和你说话”,它没有提供任何关于它不喜欢什么的信息。您的 TLS 客户端有问题,或者很可能配置错误并发送了 Google 服务器不接受的内容。

Wireshark 有助于诊断网络协议问题。让我们看看它对您的客户发送的数据有何看法。我不是 Wireshark 专家,所以我以手动方式完成,启动 Wireshark,告诉它收听 port 443 &amp;&amp; host www.google.de 并重播与

的连接 
<clienthello.hex xxd -r -p | socket www.google.de 443 | xxd -p

这是 Wireshark 提供的 ClientHello 的转储:

TLSv1.2 Record Layer: Handshake Protocol: Client Hello
    Content Type: Handshake (22)
    Version: TLS 1.2 (0x0303)
    Length: 111
    Handshake Protocol: Client Hello
        Handshake Type: Client Hello (1)
        Length: 107
        Version: TLS 1.2 (0x0303)
        Random: e213bf6d61b6fba682a459f00befe90344bede3c493d3956…
            GMT Unix Time: Mar 11, 2090 20:50:05.000000000 CET
            Random Bytes: 61b6fba682a459f00befe90344bede3c493d395651603bb6…
        Session ID Length: 0
        Cipher Suites Length: 4
        Cipher Suites (2 suites)
            Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
            Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
        Compression Methods Length: 1
        Compression Methods (1 method)
            Compression Method: null (0)
        Extensions Length: 62
        Extension: server_name (len=18)
            Type: server_name (0)
            Length: 18
            Server Name Indication extension
                Server Name list length: 16
                Server Name Type: host_name (0)
                Server Name length: 13
                Server Name: www.google.de
        Extension: signature_algorithms (len=10)
            Type: signature_algorithms (13)
            Length: 10
            Signature Hash Algorithms Length: 8
            Signature Hash Algorithms (4 algorithms)
                Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
                    Signature Hash Algorithm Hash: SHA256 (4)
                    Signature Hash Algorithm Signature: ECDSA (3)
                Signature Algorithm: rsa_pkcs1_sha256 (0x0401)
                    Signature Hash Algorithm Hash: SHA256 (4)
                    Signature Hash Algorithm Signature: RSA (1)
                Signature Algorithm: SHA224 ECDSA (0x0303)
                    Signature Hash Algorithm Hash: SHA224 (3)
                    Signature Hash Algorithm Signature: ECDSA (3)
                Signature Algorithm: SHA224 RSA (0x0301)
                    Signature Hash Algorithm Hash: SHA224 (3)
                    Signature Hash Algorithm Signature: RSA (1)
        Extension: supported_groups (len=4)
            Type: supported_groups (10)
            Length: 4
            Supported Groups List Length: 2
            Supported Groups (1 group)
                Supported Group: secp224r1 (0x0015)
        Extension: ec_point_formats (len=2)
            Type: ec_point_formats (11)
            Length: 2
            EC point formats Length: 1
            Elliptic curves point formats (1)
                EC point format: uncompressed (0)
        Extension: encrypt_then_mac (len=0)
            Type: encrypt_then_mac (22)
            Length: 0
        Extension: extended_master_secret (len=0)
            Type: extended_master_secret (23)
            Length: 0
        Extension: session_ticket (len=0)
            Type: session_ticket (35)
            Length: 0
            Data (0 bytes)

看了这个,除了这个,大部分的东西都不足为奇:

            Supported Groups (1 group)
                Supported Group: secp224r1 (0x0015)

Secp224r1 是一条很少使用且已被官方弃用的曲线。很少有服务器接受它。

重新配置 Mbed TLS 以支持 secp256r1。 这是 ECDH+ECDSA 的资源受限设备的事实上的标准曲线(或者,Curve25519+Ed25519 用于 ECDH+EdDSA)。在mbedtls/config.h 中,不是列出MBEDTLS_ECP_DP_SECP224R1_ENABLED,而是列出MBEDTLS_ECP_DP_SECP256R1_ENABLED。如果您设置了MBEDTLS_ECP_MAX_BITS,请确保将其设置为 256(或更多)。

【讨论】:

非常感谢您的努力!!答案虽然不正确。即使在添加 MBEDTLS_ECP_DP_SECP256R1_ENABLED 之后它仍然无法工作。问题是密钥交换方法。只有 MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 处于活动状态。在我添加 MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 后,握手发生了。非常感谢您指出我正确的方向! @Jan 您可以使用MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 作为密码套件连接到www.google.de 不,这是不正确的。只有当我添加 MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 时它才有效,我仔细检查了。它稍后失败,mbedtls_x509_crt_parse_der() 返回 -15104 (-0x3b00) 但我会问一个不同的问题。再次感谢! @Jan 也许您的配置中还缺少其他内容?我没有要测试的 STM32,但我确认我的答案适用于 mbedtls 源代码树中的 programs/ssl/ssl_client1.c 的 PC,编辑为指向 www.google.de 并使用所需的密码套件。 -15104 是“PK - 公钥标签或值无效(仅支持 RSA 和 EC)”,这也表明您正在尝试使用在构建时禁用的功能(算法或曲线)。 好吧,我发现这篇文章forums.mbed.com/t/… 并将 MBEDTLS_MPI_MAX_SIZE 更改为 512,现在握手一直运行到最后。这对你有意义吗?

以上是关于STM32Cube_FW_F7 客户端 mbedTLS SSL 握手失败并显示 FATAL_ALERT的主要内容,如果未能解决你的问题,请参考以下文章

STM32Cube_FW_F4_V1.16.0固件库文件配置

STM32 CubeMX 学习:001-GPIO的使用

STM32CubeIDE 中的 CMSIS DSP

浅析STM32之usbh_def.H

STM32CubeMX第八篇之DMA

STM32CubeMX第八篇之DMA