Opened 10 months ago

Closed 8 months ago

#2344 closed defect (fixed)

Error when add router family

Reported by: fuggy Owned by: zzz
Priority: minor Milestone: 0.9.38
Component: api/crypto Version: 0.9.37
Keywords: Cc:
Parent Tickets: Sensitive: no

Description

I try to create a router family in Debian 7.
I enter the family name and restart the debian router. I see "Client manager I2CP Error - check logs". Then I leave the family.
I successfully create a router family in Fedora 28 and export family key.
I try to import this secret key in Debian. After that, I immediatly see the following error.

Error 500: /configfamily - java.security.ProviderException: java.security.InvalidKeyException: EC parameters error

Subtickets

Attachments (1)

wrapper.log (15.8 KB) - added by fuggy 10 months ago.

Download all attachments as: .zip

Change History (7)

comment:1 Changed 10 months ago by slumlord

Thanks for the ticket.

I use family certificates and have not noticed this, will test & update.


Tue Oct 30 19:30 UTC 2018

Following steps, all performed on a single router worked - router is functioning. Will test further.

  1. Leave a router family
  2. Restart router
  3. Generate a new router family
  4. Restart router
  5. Export family file
  6. Leave a router family
  7. Restart router
  8. Import family file
  9. Restart router

Are both the Debian and Fedora 28 routers version 0.9.37?

Last edited 10 months ago by slumlord (previous) (diff)

Changed 10 months ago by fuggy

Attachment: wrapper.log added

comment:2 Changed 10 months ago by fuggy

Yes, both 0.9.37. I think my Debian Wheezy and Java are old.
Sorry. I forgot to attach logs.

I2P version:	0.9.37-0-1~precise+1
Java version:	Oracle Corporation 1.7.0_171 (OpenJDK Runtime Environment 1.7.0_171-b02)
Wrapper version:	3.5.25
Server version:	9.2.25.v20180606
Servlet version:	Jasper JSP 2.3 Engine
JSTL version:	standard-taglib 1.2.0
Platform:	Linux i386 3.2.0-4-686-pae
Processor:	Ivy Bridge (coreisbr)
JBigI status:	Locally optimized native BigInteger library loaded from file
GMP version:	5.0.5
JBigI version:	4
JCpuId version:	3
Encoding:	UTF-8
Charset:	UTF-8
Built By:	debian
I2P version:	0.9.37-0
Java version:	Oracle Corporation 1.8.0_181 (OpenJDK Runtime Environment 1.8.0_181-b15)
Wrapper version:	3.5.34
Server version:	9.2.25.v20180606
Servlet version:	Jasper JSP 2.3 Engine
JSTL version:	standard-taglib 1.2.0
Platform:	Linux amd64 4.18.16-200.fc28.x86_64
Processor:	Ivy Bridge (coreisbr)
JBigI status:	Locally optimized library libjbigi-linux-coreisbr_64.so loaded from file
GMP version:	6.0.0
JBigI version:	3
JCpuId version:	3
Encoding:	UTF-8
Charset:	UTF-8
Built By:	zzz

comment:3 Changed 9 months ago by zzz

Component: unspecifiedapi/crypto
Milestone: undecided0.9.38
Owner: set to zzz
Status: newaccepted

comment:4 Changed 9 months ago by zzz

Possibly a similar cause as for #2296

ProviderException? is unchecked so this is ripping all the way up the stack and
killing the router. At a minimum need to catch this somewhere in SelfSignedGenerator?,
probably other places as well.

It appears that your ECDSA support in Java is broken. It appears to be available
in our tests but doesn't actually work.

Pulling out the essential info from the attached log:

CRIT  [JobQueue 3/4] net.i2p.router.JobQueueRunner : Error processing job [Publish Local Router Info] on thread 2: java.security.InvalidKeyException: EC parameters error
java.security.ProviderException: java.security.InvalidKeyException: EC parameters error
	at sun.security.pkcs11.P11Key$P11ECPublicKey.getEncodedInternal(P11Key.java:1024)
	at sun.security.pkcs11.P11Key.getEncoded(P11Key.java:131)
	at net.i2p.crypto.SelfSignedGenerator.genTBS(SelfSignedGenerator.java:382)
	at net.i2p.crypto.SelfSignedGenerator.generate(SelfSignedGenerator.java:187)
	at net.i2p.crypto.SelfSignedGenerator.generate(SelfSignedGenerator.java:145)
	at net.i2p.crypto.KeyStoreUtil.createKeysAndCRL(KeyStoreUtil.java:864)
	at net.i2p.crypto.KeyStoreUtil.createKeysAndCRL(KeyStoreUtil.java:784)
	at net.i2p.crypto.KeyStoreUtil.createKeysAndCRL(KeyStoreUtil.java:734)
	at net.i2p.router.crypto.FamilyKeyCrypto.createKeyStore(FamilyKeyCrypto.java:373)
	at net.i2p.router.crypto.FamilyKeyCrypto.verifyKeyStore(FamilyKeyCrypto.java:352)
	at net.i2p.router.crypto.FamilyKeyCrypto.initialize(FamilyKeyCrypto.java:106)
	at net.i2p.router.crypto.FamilyKeyCrypto.<init>(FamilyKeyCrypto.java:93)
	at net.i2p.router.Router.getFamilyKeyCrypto(Router.java:971)
	at net.i2p.router.StatisticsManager.publishStatistics(StatisticsManager.java:211)
	at net.i2p.router.StatisticsManager.publishStatistics(StatisticsManager.java:60)
	at net.i2p.router.networkdb.PublishLocalRouterInfoJob.runJob(PublishLocalRouterInfoJob.java:116)
	at net.i2p.router.JobQueueRunner.runCurrentJob(JobQueueRunner.java:135)
	at net.i2p.router.JobQueueRunner.run(JobQueueRunner.java:78)
Caused by: java.security.InvalidKeyException: EC parameters error
	at sun.security.ec.ECParameters.getAlgorithmParameters(ECParameters.java:284)
	at sun.security.ec.ECPublicKeyImpl.<init>(ECPublicKeyImpl.java:59)
	at sun.security.pkcs11.P11Key$P11ECPublicKey.getEncodedInternal(P11Key.java:1021)
	... 17 more
Caused by: java.security.NoSuchProviderException: no such provider: SunEC
	at sun.security.jca.GetInstance.getService(GetInstance.java:83)
	at sun.security.jca.GetInstance.getInstance(GetInstance.java:206)
	at java.security.Security.getImpl(Security.java:697)
	at java.security.AlgorithmParameters.getInstance(AlgorithmParameters.java:199)
	at sun.security.ec.ECParameters.getAlgorithmParameters(ECParameters.java:279)
	... 19 more

CRIT  [JobQueue 1/1] net.i2p.router.JobQueueRunner : Error processing job [Boot Communication System] on thread 0: java.security.InvalidKeyException: EC parameters error
java.security.ProviderException: java.security.InvalidKeyException: EC parameters error
	at sun.security.pkcs11.P11Key$P11ECPublicKey.getEncodedInternal(P11Key.java:1024)
	at sun.security.pkcs11.P11Key.getEncoded(P11Key.java:131)
	at net.i2p.crypto.SelfSignedGenerator.genTBS(SelfSignedGenerator.java:382)
	at net.i2p.crypto.SelfSignedGenerator.generate(SelfSignedGenerator.java:187)
	at net.i2p.crypto.SelfSignedGenerator.generate(SelfSignedGenerator.java:145)
	at net.i2p.crypto.KeyStoreUtil.createKeysAndCRL(KeyStoreUtil.java:864)
	at net.i2p.crypto.KeyStoreUtil.createKeysAndCRL(KeyStoreUtil.java:784)
	at net.i2p.crypto.KeyStoreUtil.createKeysAndCRL(KeyStoreUtil.java:734)
	at net.i2p.router.crypto.FamilyKeyCrypto.createKeyStore(FamilyKeyCrypto.java:373)
	at net.i2p.router.crypto.FamilyKeyCrypto.verifyKeyStore(FamilyKeyCrypto.java:352)
	at net.i2p.router.crypto.FamilyKeyCrypto.initialize(FamilyKeyCrypto.java:106)
	at net.i2p.router.crypto.FamilyKeyCrypto.<init>(FamilyKeyCrypto.java:93)
	at net.i2p.router.Router.getFamilyKeyCrypto(Router.java:971)
	at net.i2p.router.StatisticsManager.publishStatistics(StatisticsManager.java:211)
	at net.i2p.router.StatisticsManager.publishStatistics(StatisticsManager.java:60)
	at net.i2p.router.Router.locked_rebuildRouterInfo(Router.java:931)
	at net.i2p.router.Router.rebuildRouterInfo(Router.java:911)
	at net.i2p.router.Router.rebuildRouterInfo(Router.java:894)
	at net.i2p.router.transport.TransportManager.startListening(TransportManager.java:352)
	at net.i2p.router.transport.CommSystemFacadeImpl.startup(CommSystemFacadeImpl.java:63)
	at net.i2p.router.startup.BootCommSystemJob.runJob(BootCommSystemJob.java:44)
	at net.i2p.router.JobQueueRunner.runCurrentJob(JobQueueRunner.java:135)
	at net.i2p.router.JobQueueRunner.run(JobQueueRunner.java:78)
Caused by: java.security.InvalidKeyException: EC parameters error
	at sun.security.ec.ECParameters.getAlgorithmParameters(ECParameters.java:284)
	at sun.security.ec.ECPublicKeyImpl.<init>(ECPublicKeyImpl.java:59)
	at sun.security.pkcs11.P11Key$P11ECPublicKey.getEncodedInternal(P11Key.java:1021)
	... 22 more
Caused by: java.security.NoSuchProviderException: no such provider: SunEC
	at sun.security.jca.GetInstance.getService(GetInstance.java:83)
	at sun.security.jca.GetInstance.getInstance(GetInstance.java:206)
	at java.security.Security.getImpl(Security.java:697)
	at java.security.AlgorithmParameters.getInstance(AlgorithmParameters.java:199)
	at sun.security.ec.ECParameters.getAlgorithmParameters(ECParameters.java:279)
	... 24 more

comment:5 Changed 9 months ago by zzz

Catch ProviderException? in SelfSignedGenerator? in 92d2b394486d4285efdaef74609864314a08ff1e to be 0.9.37-7.
This doesn't fix the underlying problem with your lack of ECDSA support but it should keep it from crashing the whole router.

comment:6 Changed 8 months ago by zzz

Resolution: fixed
Status: acceptedclosed
Note: See TracTickets for help on using tickets.