Re: [leshan-dev] Strange exception?

["Kraus Achim (INST/ECS4)" <Achim.Kraus@xxxxxxxxxxxx>]

Hi Peter,

 

so one thing came into my mind, the secret key in leshan is provided in hexadecimal.

01020304 means 4 bytes, 0x01, 0x02, 0x03, 0x04.

 

So how does your client implementation handle the secret key? Is it also provided in HEX?

If not, try add an client using an ASCII secret key (converted to hex).

 

e.g:

secret:

in ASCII:  “secret” (used by your client)

in hex: 736563726574 (used for leshan)

 

Mit freundlichen Grüßen / Best regards

Achim Kraus

(INST/ECS4)
Bosch Software Innovations GmbH | Stuttgarter Straße 130 | 71332 Waiblingen | GERMANY | www.bosch-si.com

Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B
Aufsichtsratsvorsitzender: Dr.-Ing. Thorsten Lücke; Geschäftsführung: Dr.-Ing. Rainer Kallenbach, Michael Hahn

From: leshan-dev-bounces@xxxxxxxxxxx [mailto:leshan-dev-bounces@xxxxxxxxxxx] On Behalf Of Peter Waher
Sent: Donnerstag, 10. August 2017 12:35
To: leshan-dev@xxxxxxxxxxx
Subject: [leshan-dev] Strange exception?

 

Hello

 

I've experienced a seemingly strange error in the Leshan server. I'm implementing a DTLS library with which I try to establish a session with the Leshan server (leshan.eclipse.org, port 5684) using PSK (TLS_PSK_WITH_AES_128_CCM_8), using an identity (testid) created at http://leshan.eclipse.org/#/security.

 

If I use the correct identity, the server does not respond at all [1]. However, if I use an invalid identity (testid2), the server responds with an Alert message, telling me the handshake failed [2].

 

To try to figure out if there's something wrong with the calculations, a college of mine installed a Leshan server (https://github.com/gebart/leshan-docker) hoping to find something in the logs. After creating the same identity/key pair, the server displayed the same behavior as described above. However, looking at the logs [3], a strange error appears:

 

Aug 09, 2017 10:53:14 PM org.eclipse.californium.scandium.DTLSConnector terminateOngoingHandshake
INFO: Aborting handshake with peer [/90.224.165.60:5684]: Cannot authenticate client, identity [testid] is unknown

 

The error seems inverted somehow. It's when the correct id is used (testid), that no reply is returned (and the error is logged), while when an invalid id (testid2) is used, a correct alert message is returned to the client (but nothing logged about it in the log).

 

What is happening here? And how do I proceed? Is the Leshan server supposed to reply? How do I find out if there's something wrong in the calculations, or if something else is wrong in the communication? Or if an unexpected exception in the server caused it to abort the handshake (believing it was caused by an invalid identity)? Is there a way to get access to the debug log on leshan.eclipse.org for example? Or is there anybody with a working server that can help me troubleshoot the communication?

 

Best regards,

Peter Waher

 

 

[1] Using identity testid. No reply from the Leshan server:

 

[2] Using invalid identity (testid2). Server responds with an alert message:

 

[3] Log:

2017-08-09 22:50:54,639 INFO LeshanBootstrapServer - Bootstrap server started at coap://0.0.0.0/0.0.0.0:5783, coaps://0.0.0.0/0.0.0.0:5784.
2017-08-09 22:50:55,076 INFO LeshanBootstrapServerDemo - Web server started at http://172.17.0.16:8081/.
Aug 09, 2017 10:50:55 PM org.eclipse.californium.core.CoapServer start
INFO: Starting server
Aug 09, 2017 10:50:55 PM org.eclipse.californium.core.network.CoapEndpoint start
INFO: Starting endpoint at coap://0.0.0.0:5683
Aug 09, 2017 10:50:55 PM org.eclipse.californium.core.network.CoapEndpoint start
INFO: Started endpoint at coap://0.0.0.0:5683
Aug 09, 2017 10:50:55 PM org.eclipse.californium.core.network.CoapEndpoint start
INFO: Starting endpoint at coaps://0.0.0.0:5684
Aug 09, 2017 10:50:55 PM org.eclipse.californium.scandium.DTLSConnector start
INFO: DTLS connector listening on [0.0.0.0/0.0.0.0:5684] with MTU [1,280] using (inbound) datagram buffer size [16,474 bytes]
Aug 09, 2017 10:50:55 PM org.eclipse.californium.core.network.CoapEndpoint start
INFO: Started endpoint at coaps://0.0.0.0:5684
2017-08-09 22:50:55,147 INFO LeshanServer - LWM2M server started at coap://0.0.0.0/0.0.0.0:5683, coaps://0.0.0.0/0.0.0.0:5684.
2017-08-09 22:50:55,301 INFO LeshanServerDemo - Web server started at http://172.17.0.16:8080/.
Aug 09, 2017 10:53:14 PM org.eclipse.californium.scandium.DTLSConnector terminateOngoingHandshake
INFO: Aborting handshake with peer [/90.224.165.60:5684]: Cannot authenticate client, identity [testid] is unknown
2017-08-09 22:56:13,007 ERROR FileSecurityStore - Could not save security infos to file
java.io.IOException: No such file or directory
 at java.io.UnixFileSystem.createFileExclusively(Native Method) ~[?:1.8.0_141]
 at java.io.File.createNewFile(File.java:1012) ~[?:1.8.0_141]
 at org.eclipse.leshan.server.impl.FileSecurityStore.saveToFile(FileSecurityStore.java:119) [leshan-server-demo.jar:?]
 at org.eclipse.leshan.server.impl.FileSecurityStore.add(FileSecurityStore.java:68) [leshan-server-demo.jar:?]
 at org.eclipse.leshan.server.demo.servlet.SecurityServlet.doPut(SecurityServlet.java:87) [leshan-server-demo.jar:?]
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:710) [leshan-server-demo.jar:?]
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [leshan-server-demo.jar:?]
 at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:738) [leshan-server-demo.jar:?]
 at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:551) [leshan-server-demo.jar:?]
 at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) [leshan-server-demo.jar:?]
 at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:568) [leshan-server-demo.jar:?]
 at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:221) [leshan-server-demo.jar:?]
 at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1111) [leshan-server-demo.jar:?]
 at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:478) [leshan-server-demo.jar:?]
 at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:183) [leshan-server-demo.jar:?]
 at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1045) [leshan-server-demo.jar:?]
 at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) [leshan-server-demo.jar:?]
 at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97) [leshan-server-demo.jar:?]
 at org.eclipse.jetty.server.Server.handle(Server.java:462) [leshan-server-demo.jar:?]
 at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:279) [leshan-server-demo.jar:?]
 at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:232) [leshan-server-demo.jar:?]
 at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:534) [leshan-server-demo.jar:?]
 at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:607) [leshan-server-demo.jar:?]
 at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:536) [leshan-server-demo.jar:?]
 at java.lang.Thread.run(Thread.java:748) [?:1.8.0_141]