| Re: [leshan-dev] Register Contiki-NG with Leshan via PSK |
Hi,
About javadoc you see in the code, I think this means that
EVEN java prior 1.7 is supported.
From my experience, I already succeed to use
TLS_PSK_WITH_AES_128_CCM_8 with more recent version of JAVA
without any problem.
About "MAC validation failed" on "Finished message", most of
the time this is due to bad PSK id or key. So I advice to
double/tripple check this. (In leshan server demo UI the identity
is the string value, the key is the hexadecimal value of the key)
HTH
Simon
I try to register a Contiki-NG node in Leshan demo server by using PSK. The cipher suit is TLS_PSK_WITH_AES_128_CCM_8.The node cannot be register and as I saw the issue happened in the processing of the client finished (20) in the decryption of the message.
Checking for the issue I find out that org.eclipse.californium.dtls.cipher.AeadBlockCipher library references the following. This means that is supported only for java versions before 1.7? Could this be related to the issue that I have?I attached also the LOG for the error.Thanks
/*** Support java prior 1.7, aes-ccm is a non-java-vm transformation and* handled as special transformation.** @see CCMBlockCipher*/
EROR LOG:
2019-12-02 11:40:21,077 DEBUG Handshaker - Processing Change Cipher Spec (20) message from peer [/fd00:0:0:0:212:4b00:615:aae0:5684]
2019-12-02 11:40:21,078 TRACE DTLSSession - Setting current read state to
DtlsAeadConnectionState:
Cipher suite: TLS_PSK_WITH_AES_128_CCM_8
Compression method: NULL
IV: not null
Encryption key: not null
2019-12-02 11:40:21,079 DEBUG Handshaker - Processed Change Cipher Spec (20) message from peer [/fd00:0:0:0:212:4b00:615:aae0:5684]
2019-12-02 11:40:21,086 DEBUG DTLSConnector - Received 1 DTLS records from /fd00:0:0:0:212:4b00:615:aae0:5684 using a 16490 byte datagram buffer
2019-12-02 11:40:21,087 TRACE DTLSConnector - connection available for /fd00:0:0:0:212:4b00:615:aae0:5684,null
2019-12-02 11:40:21,088 TRACE DTLSConnector - Received DTLS record of type [Handshake (22)], length: 40, [epoche:1,reqn:0]
2019-12-02 11:40:21,089 TRACE DtlsAeadConnectionState - decrypt: 24 bytes
2019-12-02 11:40:21,090 TRACE DtlsAeadConnectionState - nonce: 4CD5E61E0001000000000000
2019-12-02 11:40:21,090 TRACE DtlsAeadConnectionState - adata: 000100000000000016FEFD0018
2019-12-02 11:40:21,157 INFO DTLSConnector - error occurred while processing record from peer [/fd00:0:0:0:212:4b00:615:aae0:5684]
org.eclipse.californium.scandium.dtls.cipher.InvalidMacException: MAC validation failed
at org.eclipse.californium.scandium.dtls.cipher.CCMBlockCipher.decrypt(CCMBlockCipher.java:370)
at org.eclipse.californium.scandium.dtls.cipher.AeadBlockCipher.decrypt(AeadBlockCipher.java:83)
at org.eclipse.californium.scandium.dtls.DtlsAeadConnectionState.decrypt(DtlsAeadConnectionState.java:169)
at org.eclipse.californium.scandium.dtls.Record.decodeFragment(Record.java:677)
at org.eclipse.californium.scandium.dtls.Record.applySession(Record.java:598)
at org.eclipse.californium.scandium.DTLSConnector.processRecord(DTLSConnector.java:1192)
at org.eclipse.californium.scandium.DTLSConnector$11.run(DTLSConnector.java:1102)
at org.eclipse.californium.elements.util.SerialExecutor$1.run(SerialExecutor.java:276)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
_______________________________________________ leshan-dev mailing list leshan-dev@xxxxxxxxxxx To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/leshan-dev