search

eclipse-leshan / leshan

Java Library for LWM2M
https://www.eclipse.org/leshan/
BSD 3-Clause "New" or "Revised" License
653 stars 408 forks source link

Issue with running Contiki-NG with latest release of Leshan (2.0.0-M15) #1627

Closed joakimeriksson closed 4 months ago

joakimeriksson commented 4 months ago

Version(s)

v2.0.0-M15

Which components

leshan-server-demo

Tested With

Contiki-NG LwM2M IPSO Objects example

What happened

When the client tries to join the server using DTLS there is an issue at the client hello stage:

2024-06-26 15:44:40,517 DTLSConnector        [WARN] Processing new CLIENT_HELLO from peer [[fd00:0:0:0:302:304:506:708]:5684] failed! PEER=[fd00:0:0:0:302:304:506:708]:5684 
java.lang.IllegalArgumentException: Bad arguments
    at java.base/javax.crypto.Mac.update(Mac.java:528)
    at org.eclipse.californium.scandium.dtls.ClientHello.updateForCookie(ClientHello.java:371)
    at org.eclipse.californium.scandium.CookieGenerator.generateCookie(CookieGenerator.java:175)
    at org.eclipse.californium.scandium.CookieGenerator.generateCookie(CookieGenerator.java:196)
    at org.eclipse.californium.scandium.DTLSConnector.processNewClientHello(DTLSConnector.java:2677)
    at org.eclipse.californium.scandium.DTLSConnector.access$1500(DTLSConnector.java:262)
    at org.eclipse.californium.scandium.DTLSConnector$16.run(DTLSConnector.java:2087)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
    at java.base/java.lang.Thread.run(Thread.java:1589)

It might be related to an update in the Scandium DTLS implementation that seems to have a change in the implementation of the client hello (including that specific line).

How to reproduce

Likely possible to reproduce with any client using PSK and DTLS with our settings in contiki-ng's lwm2m example. Run the leshan demo server locally then do the following in contiki-ng.

>contiki-ng/examples/lwm2m-ipso-objects
make MAKE_WITH_DTLS=1 MAKE_COAP_DTLS_WITH_PSK=1 MAKE_COAP_DTLS_WITH_CLIENT=1 MAKE_COAP_DTLS_KEYSTORE=MAKE_COAP_DTLS_KEYSTORE_SIMPLE
sudo ./build/native/example-ipso-objects.native
...

This will cause the problem.

Relevant Output

No response

sbernard31 commented 4 months ago

I'm busy on another task for now. I could try to look at this just after. But at first sight it seems this is relative to scanidum, so maybe better to open an issue directly there ?

joakimeriksson commented 4 months ago

I can do a copy of this there also. It should work well there also. I did not check the commit log for Leshan so I am not sure if there are any changes w.r.t to this in Leshan. https://github.com/eclipse-californium/californium/issues/2255

joakimeriksson commented 4 months ago

This bug is now fixed in Californium/Scandium - so now I guess we wait for the next release of Leshan! The fix was this one: https://github.com/eclipse-californium/californium/pull/2256 .

sbernard31 commented 4 months ago

Thx for taking to report that here and at californium project :pray: That really helps !

so now I guess we wait for the next release of Leshan!

More exactly, you need to wait for a Californium 3.13 release.

Once this will be done, Leshan will be able to integrate it in master and maybe later a Leshan release will be done with that fixed version of californium.

But generally Californium/Scandium does not break too much public API, so probably you will be able to use Californium 3.13 with Leshan 2.0.0-M15 and so no need to wait for a Leshan 2.0.0-M16 or M17 release.

sbernard31 commented 4 months ago

So Californium 3.13 should be release end of July : https://github.com/eclipse-californium/californium/issues/2255#issuecomment-2202335217

A possible workaround not tested : https://github.com/eclipse-californium/californium/issues/2255#issuecomment-2202372768

joakimeriksson commented 4 months ago

Yes, I have a patched M15 with the fixed class that seems to work well.

sbernard31 commented 4 months ago

Finally a 3.12.1 sooner than expected ? https://github.com/eclipse-californium/californium/issues/2258

joakimeriksson commented 4 months ago

Yes, very good - that can for sure be used for fixing our issue! (I did test the fix).

sbernard31 commented 4 months ago

Californium 3.12.1 is integrated in master. Leshan sandbox will be updated soon. (this is automatic and should take few minutes)

The fix will be available in Leshan 2.0.0-M16 (#1629)

joakimeriksson commented 2 months ago

M16 works! (sorry for being a bit late to the testing but I can confirm it works with Contiki-NG).