[prev in list] [next in list] [prev in thread] [next in thread]
List: bouncycastle-crypto-dev
Subject: [dev-crypto] DTLS connection aborts after several minutes (rekeying problem?)
From: Michael Fritscher <michael.fritscher () telematik-zentrum ! de>
Date: 2019-07-03 6:25:01
Message-ID: 59e2b182-ad61-6ae3-0deb-7412dcd71bfc () telematik-zentrum ! de
[Download RAW message or body]
Good day,
I'm using bouncy castle to get DTLS functionality. I first tried to use adapt the \
DTLS test included in the package, but it doesn't seem to verify the certificates. \
So I tried https://github.com/mobius-software-ltd/java-dtls . It seems to work, but \
it seems to have problems with the rekeying process - so it aborts the connections \
after ca. 10 minutes with medium traffic. With a GCM suite, I get "GCM cipher cannot \
be reused for encryption, with CBC I get "org.bouncycastle.crypto.tls.TlsFatalAlert: \
bad_record_mac(20)"
Backtrace at Client:
> org.bouncycastle.crypto.tls.TlsFatalAlert: bad_record_mac(20)
> at com.mobius.software.iot.dal.crypto.AsyncDtlsRecordLayer.receive(AsyncDtlsRecordLayer.java:243)
> at com.mobius.software.iot.dal.crypto.AsyncDtlsClientProtocol.receivePacket(AsyncDtlsClientProtocol.java:125)
> at com.mobius.software.iot.dal.crypto.AsyncDtlsClientHandler.decode(AsyncDtlsClientHandler.java:49)
> at com.mobius.software.iot.dal.crypto.AsyncDtlsClientHandler.decode(AsyncDtlsClientHandler.java:1)
> at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:88)
> at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:374)
> at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:360)
> at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:352)
> at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1408)
> at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:374)
> at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:360)
> at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:930)
> at io.netty.channel.nio.AbstractNioMessageChannel$NioMessageUnsafe.read(AbstractNioMessageChannel.java:93)
> at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:697)
> at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:632)
> at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:549)
> at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:511)
> at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:918)
> at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
> at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
> at java.base/java.lang.Thread.run(Thread.java:844)
Backtrace at server:
> org.bouncycastle.crypto.tls.TlsFatalAlert: bad_record_mac(20)
> at org.bouncycastle.crypto.tls.TlsBlockCipher.decodeCiphertext(Unknown Source)
> at com.mobius.software.iot.dal.crypto.AsyncDtlsRecordLayer.receive(AsyncDtlsRecordLayer.java:220)
> at com.mobius.software.iot.dal.crypto.AsyncDtlsServerProtocol.receivePacket(AsyncDtlsServerProtocol.java:409)
> at com.mobius.software.iot.dal.crypto.AsyncDtlsServerHandler.decode(AsyncDtlsServerHandler.java:76)
> at com.mobius.software.iot.dal.crypto.AsyncDtlsServerHandler.decode(AsyncDtlsServerHandler.java:1)
> at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:88)
> at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:374)
> at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:360)
> at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:352)
> at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1408)
> at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:374)
> at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:360)
> at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:930)
> at io.netty.channel.nio.AbstractNioMessageChannel$NioMessageUnsafe.read(AbstractNioMessageChannel.java:93)
> at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:697)
> at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:632)
> at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:549)
> at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:511)
> at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:918)
> at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
> at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
> at java.base/java.lang.Thread.run(Thread.java:844)
I've also opened an issue at \
https://github.com/mobius-software-ltd/java-dtls/issues/1 , but I hope that you have \
an hint how to cope with this problem. If you know other ways to get DTLS in Java 8 \
up & running I'll interested as well.
Best regards,
Michael Fritscher
--
ZfT - Zentrum für Telematik e.V.
Michael Fritscher
Magdalene-Schoch-Straße 5
97074 Würzburg
Tel: +49 (931) 615 633 - 57
Fax: +49 (931) 615 633 - 11
Email: michael.fritscher@telematik-zentrum.de
Web: http://www.telematik-zentrum.de
Vorstand:
Prof. Dr. Klaus Schilling, Prof. Dr. Andreas Nüchter, Hans-Joachim Leistner
Sitz: Gerbrunn
USt.-ID Nr.: DE 257 244 580, Steuer-Nr.: 257/111/70203
Amtsgericht Würzburg, Vereinsregister-Nr.: VR 200 167
["michael_fritscher.vcf" (text/x-vcard)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic