bouncycastle pskserver error

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

bouncycastle pskserver error

Sukawanth psr

I am trying to write PSKServer to use PSK ciphers in bouncycastle.

Attached is the PSK server we wrote. And we are using org.bouncycastle.tls.test.PSKTlsClientTest as client for testing.

 

I see below error while tls handshake.

 

I am using 1.6.1 version.

 

org.bouncycastle.tls.TlsFatalAlert: bad_record_mac(20)

              at org.bouncycastle.tls.crypto.impl.TlsBlockCipher.decodeCiphertext(Unknown Source)

              at org.bouncycastle.tls.RecordStream.decodeAndVerify(Unknown Source)

              at org.bouncycastle.tls.RecordStream.readRecord(Unknown Source)

              at org.bouncycastle.tls.TlsProtocol.safeReadRecord(Unknown Source)

              at org.bouncycastle.tls.TlsProtocol.blockForHandshake(Unknown Source)

              at org.bouncycastle.tls.TlsServerProtocol.accept(Unknown Source)

              at com.oracle.test.TlsServerTest$ServerThread.run(TlsServerTest.java:62)

Exception in thread "Thread-1" java.lang.RuntimeException: org.bouncycastle.tls.TlsFatalAlert: bad_record_mac(20)

              at com.oracle.test.TlsServerTest$ServerThread.run(TlsServerTest.java:69)

Caused by: org.bouncycastle.tls.TlsFatalAlert: bad_record_mac(20)

              at org.bouncycastle.tls.crypto.impl.TlsBlockCipher.decodeCiphertext(Unknown Source)

              at org.bouncycastle.tls.RecordStream.decodeAndVerify(Unknown Source)

              at org.bouncycastle.tls.RecordStream.readRecord(Unknown Source)

              at org.bouncycastle.tls.TlsProtocol.safeReadRecord(Unknown Source)

              at org.bouncycastle.tls.TlsProtocol.blockForHandshake(Unknown Source)

              at org.bouncycastle.tls.TlsServerProtocol.accept(Unknown Source)

              at com.oracle.test.TlsServerTest$ServerThread.run(TlsServerTest.java:62)


TlsServerTest.java (3K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: bouncycastle pskserver error

Peter Dettman-3
Presumably you need to modify the psk_identity/psk in PSKTlsClientTest
to match the (only) configured PSK for MockPSKTlsServer (see the inner
class MyIdentityManager in MockPSKTlsServer).

PSKTlsClientTest changes (lines 38-39):

        String psk_identity = "client";
        byte[] psk = new byte[16];

Regards,
Pete Dettman

On 3/5/19 4:29 pm, Sukawanth psr wrote:

> I am trying to write PSKServer to use PSK ciphers in bouncycastle.
>
> Attached is the PSK server we wrote. And we are using
> org.bouncycastle.tls.test.PSKTlsClientTest as client for testing.
>
> I see below error while tls handshake.
>
> I am using 1.6.1 version.
>
> org.bouncycastle.tls.TlsFatalAlert: bad_record_mac(20)

Reply | Threaded
Open this post in threaded view
|

Re: bouncycastle pskserver error

kiranmayi boyapati
Hi,

Yes we changed the PSK identities to match on both sides. When i run it in debug mode, i figured out that in "TlsBlockCipher" class "useExplicitIV" flag is becoming true which should be false for TLS1.2 as i understand.

If i change that parameter to false in the class and run the test, client is successfully connecting to the server.

When i dive deep to understand under what conditions the flag will be true - found that for TLS 1.1 it should be true, but i am using TLS 1.2 still it is set to true.

Can some one help me to verify if my understanding is correct?

kiran

On Fri, May 3, 2019 at 5:02 PM Peter Dettman <[hidden email]> wrote:
Presumably you need to modify the psk_identity/psk in PSKTlsClientTest
to match the (only) configured PSK for MockPSKTlsServer (see the inner
class MyIdentityManager in MockPSKTlsServer).

PSKTlsClientTest changes (lines 38-39):

        String psk_identity = "client";
        byte[] psk = new byte[16];

Regards,
Pete Dettman

On 3/5/19 4:29 pm, Sukawanth psr wrote:
> I am trying to write PSKServer to use PSK ciphers in bouncycastle.
>
> Attached is the PSK server we wrote. And we are using
> org.bouncycastle.tls.test.PSKTlsClientTest as client for testing.
>
> I see below error while tls handshake.
>
> I am using 1.6.1 version.
>
> org.bouncycastle.tls.TlsFatalAlert: bad_record_mac(20)

Reply | Threaded
Open this post in threaded view
|

Re: bouncycastle pskserver error

Peter Dettman-3
You said you ran PSKTlsClientTest against the TlsServerTest code. I
tested this here and it worked fine (after changing address, port,
psk_identity, psk). You could also begin with TlsPSKProtocolTest as a
working client/server test.

Also, for me your test negotiates
TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 (which uses TlsAEADCipher),
not a block cipher (TlsBlockCipher), so I guess you have made other
changes which you did not mention; this makes it difficult to know what
the issue is.

'useExplicitIV' should be (and is) true for both TLS 1.1 and TLS 1.2, so
no, your understanding is not correct. Even so, it is very strange if
setting it to false makes your test work. I suggest you double-check
your test results.

If you're still seeing the error, please post the complete test classes
you are using.

Regards,
Pete Dettman


On 3/5/19 10:01 pm, kiranmayi boyapati wrote:

> Hi,
>
> Yes we changed the PSK identities to match on both sides. When i run it
> in debug mode, i figured out that in "TlsBlockCipher" class
> "useExplicitIV" flag is becoming true which should be false for TLS1.2
> as i understand.
>
> If i change that parameter to false in the class and run the test,
> client is successfully connecting to the server.
>
> When i dive deep to understand under what conditions the flag will be
> true - found that for TLS 1.1 it should be true, but i am using TLS 1.2
> still it is set to true.
>
> Can some one help me to verify if my understanding is correct?
>
> kiran
>
> On Fri, May 3, 2019 at 5:02 PM Peter Dettman
> <[hidden email] <mailto:[hidden email]>>
> wrote:
>
>     Presumably you need to modify the psk_identity/psk in PSKTlsClientTest
>     to match the (only) configured PSK for MockPSKTlsServer (see the inner
>     class MyIdentityManager in MockPSKTlsServer).
>
>     PSKTlsClientTest changes (lines 38-39):
>
>             String psk_identity = "client";
>             byte[] psk = new byte[16];
>
>     Regards,
>     Pete Dettman
>
>     On 3/5/19 4:29 pm, Sukawanth psr wrote:
>     > I am trying to write PSKServer to use PSK ciphers in bouncycastle.
>     >
>     > Attached is the PSK server we wrote. And we are using
>     > org.bouncycastle.tls.test.PSKTlsClientTest as client for testing.
>     >
>     > I see below error while tls handshake.
>     >
>     > I am using 1.6.1 version.
>     >
>     > org.bouncycastle.tls.TlsFatalAlert: bad_record_mac(20)
>


Reply | Threaded
Open this post in threaded view
|

Re: bouncycastle pskserver error

kiranmayi boyapati
I was running Mock server code from 1.58. So client and server negotiated on block cipher.

Now i downloaded the Mock server client code from 1.61. Still i face the same issue.  Now the " TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256" cipher is negotiated.

Below is the error i am facing.
Accepted Socket[addr=/127.0.0.1,port=51386,localport=5556]
TLS-PSK server negotiated TLS 1.2
Returning PSK 6161616161
TLS-PSK server received alert: warning(1), close_notify(0)
TLS-PSK server raised alert: warning(1), close_notify(0)
> Connection closed
TLS-PSK server raised alert: fatal(2), bad_record_mac(20)
> Failed to read record
org.bouncycastle.tls.TlsFatalAlert: bad_record_mac(20)
    at org.bouncycastle.tls.crypto.impl.TlsAEADCipher.decodeCiphertext(TlsAEADCipher.java:232)
    at org.bouncycastle.tls.RecordStream.decodeAndVerify(RecordStream.java:232)
    at org.bouncycastle.tls.RecordStream.readRecord(RecordStream.java:217)
    at org.bouncycastle.tls.TlsProtocol.safeReadRecord(TlsProtocol.java:686)
    at org.bouncycastle.tls.TlsProtocol.blockForHandshake(TlsProtocol.java:324)
    at org.bouncycastle.tls.TlsServerProtocol.accept(TlsServerProtocol.java:81)
    at com.oracle.test.TlsServerTest$ServerThread.run(TlsServerTest.java:62)
Caused by: org.bouncycastle.tls.TlsFatalAlert: bad_record_mac(20)
    at org.bouncycastle.tls.crypto.impl.bc.BcChaCha20Poly1305.doFinal(BcChaCha20Poly1305.java:70)
    at org.bouncycastle.tls.crypto.impl.TlsAEADCipher.decodeCiphertext(TlsAEADCipher.java:228)
    ... 6 more
Exception in thread "Thread-1" java.lang.RuntimeException: org.bouncycastle.tls.TlsFatalAlert: bad_record_mac(20)
    at com.oracle.test.TlsServerTest$ServerThread.run(TlsServerTest.java:69)
Caused by: org.bouncycastle.tls.TlsFatalAlert: bad_record_mac(20)
    at org.bouncycastle.tls.crypto.impl.TlsAEADCipher.decodeCiphertext(TlsAEADCipher.java:232)
    at org.bouncycastle.tls.RecordStream.decodeAndVerify(RecordStream.java:232)
    at org.bouncycastle.tls.RecordStream.readRecord(RecordStream.java:217)
    at org.bouncycastle.tls.TlsProtocol.safeReadRecord(TlsProtocol.java:686)
    at org.bouncycastle.tls.TlsProtocol.blockForHandshake(TlsProtocol.java:324)
    at org.bouncycastle.tls.TlsServerProtocol.accept(TlsServerProtocol.java:81)
    at com.oracle.test.TlsServerTest$ServerThread.run(TlsServerTest.java:62)
Caused by: org.bouncycastle.tls.TlsFatalAlert: bad_record_mac(20)
    at org.bouncycastle.tls.crypto.impl.bc.BcChaCha20Poly1305.doFinal(BcChaCha20Poly1305.java:70)
    at org.bouncycastle.tls.crypto.impl.TlsAEADCipher.decodeCiphertext(TlsAEADCipher.java:228)
    ... 6 more

In code i see that calculated MAC and received MAC are not matching.

Have attached TlsServerTest, MockPSKTlServer (i changed the PSK in this) and PSKTlsClientTest for reference. Can you point out what i am doing wrong.


On Fri, May 3, 2019 at 10:34 PM Peter Dettman <[hidden email]> wrote:
You said you ran PSKTlsClientTest against the TlsServerTest code. I
tested this here and it worked fine (after changing address, port,
psk_identity, psk). You could also begin with TlsPSKProtocolTest as a
working client/server test.

Also, for me your test negotiates
TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 (which uses TlsAEADCipher),
not a block cipher (TlsBlockCipher), so I guess you have made other
changes which you did not mention; this makes it difficult to know what
the issue is.

'useExplicitIV' should be (and is) true for both TLS 1.1 and TLS 1.2, so
no, your understanding is not correct. Even so, it is very strange if
setting it to false makes your test work. I suggest you double-check
your test results.

If you're still seeing the error, please post the complete test classes
you are using.

Regards,
Pete Dettman


On 3/5/19 10:01 pm, kiranmayi boyapati wrote:
> Hi,
>
> Yes we changed the PSK identities to match on both sides. When i run it
> in debug mode, i figured out that in "TlsBlockCipher" class
> "useExplicitIV" flag is becoming true which should be false for TLS1.2
> as i understand.
>
> If i change that parameter to false in the class and run the test,
> client is successfully connecting to the server.
>
> When i dive deep to understand under what conditions the flag will be
> true - found that for TLS 1.1 it should be true, but i am using TLS 1.2
> still it is set to true.
>
> Can some one help me to verify if my understanding is correct?
>
> kiran
>
> On Fri, May 3, 2019 at 5:02 PM Peter Dettman
> <[hidden email] <mailto:[hidden email]>>
> wrote:
>
>     Presumably you need to modify the psk_identity/psk in PSKTlsClientTest
>     to match the (only) configured PSK for MockPSKTlsServer (see the inner
>     class MyIdentityManager in MockPSKTlsServer).
>
>     PSKTlsClientTest changes (lines 38-39):
>
>             String psk_identity = "client";
>             byte[] psk = new byte[16];
>
>     Regards,
>     Pete Dettman
>
>     On 3/5/19 4:29 pm, Sukawanth psr wrote:
>     > I am trying to write PSKServer to use PSK ciphers in bouncycastle.
>     >
>     > Attached is the PSK server we wrote. And we are using
>     > org.bouncycastle.tls.test.PSKTlsClientTest as client for testing.
>     >
>     > I see below error while tls handshake.
>     >
>     > I am using 1.6.1 version.
>     >
>     > org.bouncycastle.tls.TlsFatalAlert: bad_record_mac(20)
>



MockPSKTlsServer.java (4K) Download Attachment
PSKTlsClientTest.java (3K) Download Attachment
TlsServerTest.java (3K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: bouncycastle pskserver error

Peter Dettman-3
Note that the test you are running is actually performing two
handshakes, the first of which is working, and the second one failing.

I investigated this and discovered a small issue whereby the value
returned from BasicTlsPSKIdentity.getPSK() is overwritten (zeroed out)
by TlsPSKKeyExchange at completion of the key exchange. This explains
why the second handshake fails since the client is sharing a single
instance of BasicTlsPSKIdentity.

This is now fixed so that getPSK returns a cloned array. You can work
around the issue by creating a second instance of BasicTlsPSKIdentity at
line 50 of your PSKTlsClientTest.

I have also added a PSKTlsServer class to our test classes and modified
PSKTlsClient to use the matching psk_identity/psk, so that they will
work together. This amounts to the same test as yours.

Regards,
Pete Dettman


On 4/5/19 5:22 pm, kiranmayi boyapati wrote:

> I was running Mock server code from 1.58. So client and server
> negotiated on block cipher.
>
> Now i downloaded the Mock server client code from 1.61. Still i face the
> same issue.  Now the " TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256"
> cipher is negotiated.
>
> Below is the error i am facing.
> Accepted Socket[addr=/127.0.0.1
> <http://127.0.0.1>,port=51386,localport=5556]
> TLS-PSK server negotiated TLS 1.2
> Returning PSK 6161616161
> TLS-PSK server received alert: warning(1), close_notify(0)
> TLS-PSK server raised alert: warning(1), close_notify(0)
>> Connection closed
> TLS-PSK server raised alert: fatal(2), bad_record_mac(20)
>> Failed to read record
> org.bouncycastle.tls.TlsFatalAlert: bad_record_mac(20)
>     at
> org.bouncycastle.tls.crypto.impl.TlsAEADCipher.decodeCiphertext(TlsAEADCipher.java:232)
>     at
> org.bouncycastle.tls.RecordStream.decodeAndVerify(RecordStream.java:232)
>     at org.bouncycastle.tls.RecordStream.readRecord(RecordStream.java:217)
>     at org.bouncycastle.tls.TlsProtocol.safeReadRecord(TlsProtocol.java:686)
>     at
> org.bouncycastle.tls.TlsProtocol.blockForHandshake(TlsProtocol.java:324)
>     at
> org.bouncycastle.tls.TlsServerProtocol.accept(TlsServerProtocol.java:81)
>     at com.oracle.test.TlsServerTest$ServerThread.run(TlsServerTest.java:62)
> Caused by: org.bouncycastle.tls.TlsFatalAlert: bad_record_mac(20)
>     at
> org.bouncycastle.tls.crypto.impl.bc.BcChaCha20Poly1305.doFinal(BcChaCha20Poly1305.java:70)
>     at
> org.bouncycastle.tls.crypto.impl.TlsAEADCipher.decodeCiphertext(TlsAEADCipher.java:228)
>     ... 6 more
> Exception in thread "Thread-1" java.lang.RuntimeException:
> org.bouncycastle.tls.TlsFatalAlert: bad_record_mac(20)
>     at com.oracle.test.TlsServerTest$ServerThread.run(TlsServerTest.java:69)
> Caused by: org.bouncycastle.tls.TlsFatalAlert: bad_record_mac(20)
>     at
> org.bouncycastle.tls.crypto.impl.TlsAEADCipher.decodeCiphertext(TlsAEADCipher.java:232)
>     at
> org.bouncycastle.tls.RecordStream.decodeAndVerify(RecordStream.java:232)
>     at org.bouncycastle.tls.RecordStream.readRecord(RecordStream.java:217)
>     at org.bouncycastle.tls.TlsProtocol.safeReadRecord(TlsProtocol.java:686)
>     at
> org.bouncycastle.tls.TlsProtocol.blockForHandshake(TlsProtocol.java:324)
>     at
> org.bouncycastle.tls.TlsServerProtocol.accept(TlsServerProtocol.java:81)
>     at com.oracle.test.TlsServerTest$ServerThread.run(TlsServerTest.java:62)
> Caused by: org.bouncycastle.tls.TlsFatalAlert: bad_record_mac(20)
>     at
> org.bouncycastle.tls.crypto.impl.bc.BcChaCha20Poly1305.doFinal(BcChaCha20Poly1305.java:70)
>     at
> org.bouncycastle.tls.crypto.impl.TlsAEADCipher.decodeCiphertext(TlsAEADCipher.java:228)
>     ... 6 more
>
> In code i see that calculated MAC and received MAC are not matching.
>
> Have attached TlsServerTest, MockPSKTlServer (i changed the PSK in this)
> and PSKTlsClientTest for reference. Can you point out what i am doing wrong.
>
>
> On Fri, May 3, 2019 at 10:34 PM Peter Dettman
> <[hidden email] <mailto:[hidden email]>>
> wrote:
>
>     You said you ran PSKTlsClientTest against the TlsServerTest code. I
>     tested this here and it worked fine (after changing address, port,
>     psk_identity, psk). You could also begin with TlsPSKProtocolTest as a
>     working client/server test.
>
>     Also, for me your test negotiates
>     TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 (which uses TlsAEADCipher),
>     not a block cipher (TlsBlockCipher), so I guess you have made other
>     changes which you did not mention; this makes it difficult to know what
>     the issue is.
>
>     'useExplicitIV' should be (and is) true for both TLS 1.1 and TLS 1.2, so
>     no, your understanding is not correct. Even so, it is very strange if
>     setting it to false makes your test work. I suggest you double-check
>     your test results.
>
>     If you're still seeing the error, please post the complete test classes
>     you are using.
>
>     Regards,
>     Pete Dettman
>
>
>     On 3/5/19 10:01 pm, kiranmayi boyapati wrote:
>     > Hi,
>     >
>     > Yes we changed the PSK identities to match on both sides. When i
>     run it
>     > in debug mode, i figured out that in "TlsBlockCipher" class
>     > "useExplicitIV" flag is becoming true which should be false for TLS1.2
>     > as i understand.
>     >
>     > If i change that parameter to false in the class and run the test,
>     > client is successfully connecting to the server.
>     >
>     > When i dive deep to understand under what conditions the flag will be
>     > true - found that for TLS 1.1 it should be true, but i am using
>     TLS 1.2
>     > still it is set to true.
>     >
>     > Can some one help me to verify if my understanding is correct?
>     >
>     > kiran
>     >
>     > On Fri, May 3, 2019 at 5:02 PM Peter Dettman
>     > <[hidden email]
>     <mailto:[hidden email]>
>     <mailto:[hidden email]
>     <mailto:[hidden email]>>>
>     > wrote:
>     >
>     >     Presumably you need to modify the psk_identity/psk in
>     PSKTlsClientTest
>     >     to match the (only) configured PSK for MockPSKTlsServer (see
>     the inner
>     >     class MyIdentityManager in MockPSKTlsServer).
>     >
>     >     PSKTlsClientTest changes (lines 38-39):
>     >
>     >             String psk_identity = "client";
>     >             byte[] psk = new byte[16];
>     >
>     >     Regards,
>     >     Pete Dettman
>     >
>     >     On 3/5/19 4:29 pm, Sukawanth psr wrote:
>     >     > I am trying to write PSKServer to use PSK ciphers in
>     bouncycastle.
>     >     >
>     >     > Attached is the PSK server we wrote. And we are using
>     >     > org.bouncycastle.tls.test.PSKTlsClientTest as client for
>     testing.
>     >     >
>     >     > I see below error while tls handshake.
>     >     >
>     >     > I am using 1.6.1 version.
>     >     >
>     >     > org.bouncycastle.tls.TlsFatalAlert: bad_record_mac(20)
>     >
>
>


Reply | Threaded
Open this post in threaded view
|

Re: bouncycastle pskserver error

kiranmayi boyapati
thank you very much. I got it working open SSL client as well.

On Mon, 6 May 2019, 19:14 Peter Dettman <[hidden email] wrote:
Note that the test you are running is actually performing two
handshakes, the first of which is working, and the second one failing.

I investigated this and discovered a small issue whereby the value
returned from BasicTlsPSKIdentity.getPSK() is overwritten (zeroed out)
by TlsPSKKeyExchange at completion of the key exchange. This explains
why the second handshake fails since the client is sharing a single
instance of BasicTlsPSKIdentity.

This is now fixed so that getPSK returns a cloned array. You can work
around the issue by creating a second instance of BasicTlsPSKIdentity at
line 50 of your PSKTlsClientTest.

I have also added a PSKTlsServer class to our test classes and modified
PSKTlsClient to use the matching psk_identity/psk, so that they will
work together. This amounts to the same test as yours.

Regards,
Pete Dettman


On 4/5/19 5:22 pm, kiranmayi boyapati wrote:
> I was running Mock server code from 1.58. So client and server
> negotiated on block cipher.
>
> Now i downloaded the Mock server client code from 1.61. Still i face the
> same issue.  Now the " TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256"
> cipher is negotiated.
>
> Below is the error i am facing.
> Accepted Socket[addr=/127.0.0.1
> <http://127.0.0.1>,port=51386,localport=5556]
> TLS-PSK server negotiated TLS 1.2
> Returning PSK 6161616161
> TLS-PSK server received alert: warning(1), close_notify(0)
> TLS-PSK server raised alert: warning(1), close_notify(0)
>> Connection closed
> TLS-PSK server raised alert: fatal(2), bad_record_mac(20)
>> Failed to read record
> org.bouncycastle.tls.TlsFatalAlert: bad_record_mac(20)
>     at
> org.bouncycastle.tls.crypto.impl.TlsAEADCipher.decodeCiphertext(TlsAEADCipher.java:232)
>     at
> org.bouncycastle.tls.RecordStream.decodeAndVerify(RecordStream.java:232)
>     at org.bouncycastle.tls.RecordStream.readRecord(RecordStream.java:217)
>     at org.bouncycastle.tls.TlsProtocol.safeReadRecord(TlsProtocol.java:686)
>     at
> org.bouncycastle.tls.TlsProtocol.blockForHandshake(TlsProtocol.java:324)
>     at
> org.bouncycastle.tls.TlsServerProtocol.accept(TlsServerProtocol.java:81)
>     at com.oracle.test.TlsServerTest$ServerThread.run(TlsServerTest.java:62)
> Caused by: org.bouncycastle.tls.TlsFatalAlert: bad_record_mac(20)
>     at
> org.bouncycastle.tls.crypto.impl.bc.BcChaCha20Poly1305.doFinal(BcChaCha20Poly1305.java:70)
>     at
> org.bouncycastle.tls.crypto.impl.TlsAEADCipher.decodeCiphertext(TlsAEADCipher.java:228)
>     ... 6 more
> Exception in thread "Thread-1" java.lang.RuntimeException:
> org.bouncycastle.tls.TlsFatalAlert: bad_record_mac(20)
>     at com.oracle.test.TlsServerTest$ServerThread.run(TlsServerTest.java:69)
> Caused by: org.bouncycastle.tls.TlsFatalAlert: bad_record_mac(20)
>     at
> org.bouncycastle.tls.crypto.impl.TlsAEADCipher.decodeCiphertext(TlsAEADCipher.java:232)
>     at
> org.bouncycastle.tls.RecordStream.decodeAndVerify(RecordStream.java:232)
>     at org.bouncycastle.tls.RecordStream.readRecord(RecordStream.java:217)
>     at org.bouncycastle.tls.TlsProtocol.safeReadRecord(TlsProtocol.java:686)
>     at
> org.bouncycastle.tls.TlsProtocol.blockForHandshake(TlsProtocol.java:324)
>     at
> org.bouncycastle.tls.TlsServerProtocol.accept(TlsServerProtocol.java:81)
>     at com.oracle.test.TlsServerTest$ServerThread.run(TlsServerTest.java:62)
> Caused by: org.bouncycastle.tls.TlsFatalAlert: bad_record_mac(20)
>     at
> org.bouncycastle.tls.crypto.impl.bc.BcChaCha20Poly1305.doFinal(BcChaCha20Poly1305.java:70)
>     at
> org.bouncycastle.tls.crypto.impl.TlsAEADCipher.decodeCiphertext(TlsAEADCipher.java:228)
>     ... 6 more
>
> In code i see that calculated MAC and received MAC are not matching.
>
> Have attached TlsServerTest, MockPSKTlServer (i changed the PSK in this)
> and PSKTlsClientTest for reference. Can you point out what i am doing wrong.
>
>
> On Fri, May 3, 2019 at 10:34 PM Peter Dettman
> <[hidden email] <mailto:[hidden email]>>
> wrote:
>
>     You said you ran PSKTlsClientTest against the TlsServerTest code. I
>     tested this here and it worked fine (after changing address, port,
>     psk_identity, psk). You could also begin with TlsPSKProtocolTest as a
>     working client/server test.
>
>     Also, for me your test negotiates
>     TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 (which uses TlsAEADCipher),
>     not a block cipher (TlsBlockCipher), so I guess you have made other
>     changes which you did not mention; this makes it difficult to know what
>     the issue is.
>
>     'useExplicitIV' should be (and is) true for both TLS 1.1 and TLS 1.2, so
>     no, your understanding is not correct. Even so, it is very strange if
>     setting it to false makes your test work. I suggest you double-check
>     your test results.
>
>     If you're still seeing the error, please post the complete test classes
>     you are using.
>
>     Regards,
>     Pete Dettman
>
>
>     On 3/5/19 10:01 pm, kiranmayi boyapati wrote:
>     > Hi,
>     >
>     > Yes we changed the PSK identities to match on both sides. When i
>     run it
>     > in debug mode, i figured out that in "TlsBlockCipher" class
>     > "useExplicitIV" flag is becoming true which should be false for TLS1.2
>     > as i understand.
>     >
>     > If i change that parameter to false in the class and run the test,
>     > client is successfully connecting to the server.
>     >
>     > When i dive deep to understand under what conditions the flag will be
>     > true - found that for TLS 1.1 it should be true, but i am using
>     TLS 1.2
>     > still it is set to true.
>     >
>     > Can some one help me to verify if my understanding is correct?
>     >
>     > kiran
>     >
>     > On Fri, May 3, 2019 at 5:02 PM Peter Dettman
>     > <[hidden email]
>     <mailto:[hidden email]>
>     <mailto:[hidden email]
>     <mailto:[hidden email]>>>
>     > wrote:
>     >
>     >     Presumably you need to modify the psk_identity/psk in
>     PSKTlsClientTest
>     >     to match the (only) configured PSK for MockPSKTlsServer (see
>     the inner
>     >     class MyIdentityManager in MockPSKTlsServer).
>     >
>     >     PSKTlsClientTest changes (lines 38-39):
>     >
>     >             String psk_identity = "client";
>     >             byte[] psk = new byte[16];
>     >
>     >     Regards,
>     >     Pete Dettman
>     >
>     >     On 3/5/19 4:29 pm, Sukawanth psr wrote:
>     >     > I am trying to write PSKServer to use PSK ciphers in
>     bouncycastle.
>     >     >
>     >     > Attached is the PSK server we wrote. And we are using
>     >     > org.bouncycastle.tls.test.PSKTlsClientTest as client for
>     testing.
>     >     >
>     >     > I see below error while tls handshake.
>     >     >
>     >     > I am using 1.6.1 version.
>     >     >
>     >     > org.bouncycastle.tls.TlsFatalAlert: bad_record_mac(20)
>     >
>
>