Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

OSCORE fallback use cases

See original GitHub issue

Using OSCORE, I found a pretty simple use case where the client will not be able to connect to the server anymore.

  • I launch a leshan-server-demo
  • I create oscore config for my device in the UI
  • I launch a leshan-client-demo using the corresponding OSCORE setting
  • simulate a crash (kill -9 PID on linux), this way the client doesn’t send a deregister.
  • then I try to relaunch the client (same OSCORE config)
  • and I get a : Registration failed: UNAUTHORIZED(401) Replay detected.

@rikard-sics any idea about this ? and how we could handle this ?

Issue Analytics

  • State:open
  • Created a year ago
  • Comments:5 (5 by maintainers)

github_iconTop GitHub Comments

1reaction
rikard-sicscommented, Jul 8, 2022

@rikard-sics, I’m waiting for your help pray !

Hmm, it is hard to say what is going wrong from just a look at the output. I will try to take some time to test and see if I can figure out what is happening. Today is a bit tricky but I will try to do it as soon as I can.

0reactions
sbernard31commented, Jul 8, 2022

I try to investigate on this.

I don’t know what should be done in the code to be sure that appendex B.2 is used ?

Looking at cf test, I saw that maybe the carlifornium API to do that is :

// Enable context re-derivation functionality (in general)
ctx.setContextRederivationEnabled(true);
// Explicitly initiate the context re-derivation procedure
ctx.setContextRederivationPhase(PHASE.CLIENT_INITIATE);

So I tried to add this to InMemoryOscoreContextDB.deriveContext :

private static OSCoreCtx deriveContext(OscoreParameters oscoreParameters) {
    try {
        OSCoreCtx osCoreCtx = new OSCoreCtx(oscoreParameters.getMasterSecret(), true,
                oscoreParameters.getAeadAlgorithm(), oscoreParameters.getSenderId(),
                oscoreParameters.getRecipientId(), oscoreParameters.getHmacAlgorithm(), 32,
                oscoreParameters.getMasterSalt(), null, 1000);
        osCoreCtx.setContextRederivationEnabled(true);
        // 👇 I try to add this line below 👇
        osCoreCtx.setContextRederivationPhase(PHASE.CLIENT_INITIATE);
        return osCoreCtx;
    } catch (OSException e) {
        LOG.error("Unable to derive context from {}", oscoreParameters, e);
        return null;
    }
}

But then I’m not able to connect with OSCORE anymore because of : java.lang.IllegalArgumentException: Internal Leshan operations should always use a null ID Context. Raised by InMemoryOscoreContextDB.getContext(byte[] rid, byte[] IDContext)

So I tried to remove the check just for testing but this failed with :

org.eclipse.californium.scandium.dtls.cipher.InvalidMacException: MAC validation failed
	at org.eclipse.californium.scandium.dtls.cipher.CCMBlockCipher.decrypt(CCMBlockCipher.java:406)
	at org.eclipse.californium.scandium.dtls.cipher.CCMBlockCipher.decrypt(CCMBlockCipher.java:335)
	at org.eclipse.californium.cose.EncryptCommon.AES_CCM_Decrypt(EncryptCommon.java:134)
	at org.eclipse.californium.cose.EncryptCommon.decryptWithKey(EncryptCommon.java:74)
	at org.eclipse.californium.cose.Encrypt0Message.decrypt(Encrypt0Message.java:138)
	at org.eclipse.californium.oscore.Decryptor.decryptAndDecode(Decryptor.java:140)
	at org.eclipse.californium.oscore.RequestDecryptor.decrypt(RequestDecryptor.java:105)
	at org.eclipse.californium.oscore.ObjectSecurityLayer.prepareReceive(ObjectSecurityLayer.java:104)
	at org.eclipse.californium.oscore.ObjectSecurityLayer.receiveRequest(ObjectSecurityLayer.java:312)

Finally, I get to the conclusion that I’m not really able to do that without someone who really well understands OSCORE RFC and OSCORE Californium code, so I give up for now to try to do this alone.

@rikard-sics, I’m waiting for your help 🙏 !

You're my only hope

Read more comments on GitHub >

github_iconTop Results From Across the Web

What are some practical use cases of the fallback function?
A common use case is to program the fallback function on a front-facing “proxy” contract to delegate all received calls to an “implementation” ......
Read more >
Ethernaut Lvl 1 Walkthrough: how to abuse the Fallback function
Your winning fallback function call needs to contain some Ether value. Using Remix IDE: Paste the contract code into the UI. This gives...
Read more >
Solidity v0.6.0. Fallback functions. What are they needed for?
Another use case is for proxy contracts which routes the incoming requests to the upgradeable target contract. the fallback function in ...
Read more >
Control complexity in Bucklin and fallback voting: A theoretical ...
Since Bucklin voting is a special case of fallback voting, each resistance result for Bucklin voting strengthens the corresponding resistance result for ...
Read more >
Composite locator tuning tips—ArcGIS Pro | Documentation
Order by role and score—Participating locators are grouped by role and fallback order. It is recommended that you use this option if you...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

build failure with openjdk-17

Next page

Move LwM2mVersion in DefaultRegistrationEngine as a field instead of local variable