-
Notifications
You must be signed in to change notification settings - Fork 424
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Does libcoap support coap+DTLS1.3? #1285
Comments
@yangyangliuli Good questions
Support is not currently there for session resumption. This could be a project that someone takes on
As far as I can tell, none of the (D)TLS libraries that libcoap supports (OpenSSL, GnuTLS, Mbed TLS, TinyDTLS) have yet implemented DTLS1.3 support. When they do, it should be very easy to enable DTLS1.3 support. WolfSSL does support DTLS1.3, and is a possible addition to the libcoap supported (D)TLS libraries, but again needs someone to work on it. |
Hi, |
Yes, there are plans to integrate wolfSSL, but no specific time frames. I have set up a skeleton src/coap_wolfssl.c and updated some of the other environment to support wolfSSL. These changes can be found in my fork at https://github.com/mrdeep1/libcoap.git with the In simple terms, coap_wolfssl.c is the interface between libcoap functionality and the underlying wolfSSL library. I would initially work on the dtls functions that need to be coded following how one of the other TLS library interface file is coded. Start with the Client functionality with PSK and test against a known working coap-server that uses a different TLS library. WolfSSL needs to be set up to use the libcoap provided socket i/o functions to to the actual read / write across the network. How long? No real idea, but I would expect at least a week. |
wow, thank you very much, looking forward to your results , hope I am your first tester. |
The skeleton is there for you to work on to get things going. I don't have the time at present to do the work on this. |
OK, thanks. |
I have a wolfSSL integration here https://github.com/qursa-uc3m/libcoap-wolfssl using OpenSSL compatibility layer. There are still some TODOs to address (you can see them in the coap_wolfssl.c) but I've made significant progress. Take a look at the wolfssl_dev README.md for some info on the tests done so far. Any help or feedback is welcome. |
What a surprise, I will build according to README.md. I need your help with two questions: |
I haven't tried that yet, but I'll give it a try soon. I think you may need to compile wolfSSL with
Also set the hardcoded If you can contribute with any test for this feature, it will be greatly appreciated. |
Hi, root@M2M:/home/xx/libcoap_wolf/libcoap-wolfssl/examples# ./coap-server -A ::1 -c ./certs/server-cert.pem -j ./certs/server-key.pem xx@M2M:~/libcoap_wolf/libcoap-wolfssl/examples$ ./coap-client-wolfssl -m get coaps://[::1]/ 1)Is it rght? |
The log with the wolfSSL_dtls13_allow_ch_frag() thing on the server-side is no longer necessary, it's legacy from when I was making the handshake work with client hello fragmentation (a recent addition to wolfSSL), required por some PQ KEMs. I should remove that. The output on the client-side indicates that the message has been received succesfully. You may want to check with Wireshark that everything is working as expected (have into account that Wireshark doesn't have DTLS 1.3 support yet and everything is interpreted in the light of DTLS 1.2, but you can still get an idea). I'm not sure if you can get the session ressumption tested just with the sample server/client or if we need a to build a minimal app for this. Does anyone have any idea about this? Regarding PUT/POST support, yes it has. That is independent of the wolfSSL integration. I will be busy the next two days on a trip but after that I will also try to get a session resumption with 0-RTT after that. You have my email on my GitHub profile if you want more direct communication on this. Also, as this issue is not wolfSSL specific, perhaps we should move this discussion to #1021 . |
Ok, thank you for your help, we are developing coap+dtls1.3 client. I tried to connect wlfssl DTLS1.3 server, and response some fake data, and test. If libcoap supports coap_wolfssl_server, I will try connect to coap_wolfssl_server. Mainly testing
|
Thank you. I've been investigating this and it appears that the client side requires some modifications for session resumption to function properly. The server side should operate correctly by simply disabling HRR cookies. I'll give it a try over the next few days and keep you informed. |
PR #1358 to add in wolfSSL support has been created and is ready for testing. |
Not sure if I should create a dedicated issue for this. The following scenario, with coap-server -A ::1 -c server_cert.pem -j server_key.pem on server side, and coap-client -m get coaps://[::1]/ is not working when the flag The Client Hello is sent correctly, but this error is being thrown by wolfSSL debugging on server side Setting WOLFSSL_SSL to be server side
wolfSSL Entering wolfSSL_DTLS_SetCookieSecret
wolfSSL Leaving wolfSSL_DTLS_SetCookieSecret, return 0
Server missing certificate
wolfSSL error occurred, error = 317 line:9666 file:../src/ssl.c It seems |
It should really have been raised as a separate issue as this has nothing specifically to do with DTLS1.3. I need to dig further into what is happening here. |
This works as expected for me with HAVE_RPK both set and not set using the latest master for wolfSSL and develop for libcoap. It may be an issue with your I assume all works for you if HAVE_RPK is enabled? It would be best to raise this as a separate issue detailing both the libcoap and wolfSSL ./configure output and invocation lines along with the cert details if it cannot immediately be resolved. |
@mrdeep1 I am trying to figure out if the libcoap library uses DTLS 1.2 or what exactly it uses. I verified from the libcoap code that the minimum version required is set to DTLS1_2_VERSION but what is it exactly. I have a client code which is almost similar to libcoap_minimal client with DTLS enabled and I have set these based on my requirements, when I run my client my can see these logs in wireshark It says SSLv3/TLS what is it exactly, how do I get to know the exact version here that is being used? |
I'm not sure that your question is relevant to whether DTLS.13 is supported or not and perhaps should have been raised as a separate issue.
It appears that you are using OpenSSL for the DTLS support. DTLS1.3 is not (yet) supported by OpenSSL. Note that DTLS1.3 and TLS1.3 are not the same, but do have a lot of common features and are different in some areas. The logs you have provided are generated by libcoap, not Wireshark. Wireshark will tell what has been negotiated 'on the wire' when analyzing the packet caopture.
Do you mean the (D)TLS version? To set the libcoap version, you need to link against the correct library version of libcoap. No, there is not currently a libcoap API to set the min/max version of (D)TLS that can be negotiated. |
Thanks for your reply @mrdeep1, I understand that these logs are generated by libcoap but is there any log in libcoap where I can get the DTLS version used because I see in an issue you had mentioned,
I want to achieve this "does not report the specific (D)TLS protocol that has been negotiated between the 2 end points" I am aiming to address these 2 points,
|
I don't see why someone cannot come up with a libcoap public API which gives the ability to define min/max (D)TLS versions (stored in coap_context_t). These values are then used when initiating (D)TLS. Whatever is done needs to be generic enough to support the different ways that all the libcoap supported TLS libraries implement the max/min protos. In your case, it may be easier to hard code test changes to src/coap_openssl.c for your testing. |
DTLS 1.2 CID or DTLS 1.3 are the basic parts of such solutions, the other part will then be, how the DTLS sessions are managed. If the session are close after 10 minutes without traffic, the result may get disappointing. |
libcoap supports CID for MbedTLS (DTLS1.2), TinyDTLS (DTLS1.2 Client only) and wolfSSL (DTLS1.3, not DTLS1.2). The appropriate functionality needs to be enabled in the respective (D)TLS libraries. Server side checks for an incoming Tuple match, if no match then checks if there is a CID and whether that CID matches another tuple - if so the other tuple is updated to the new tuple so that the DTLS session is able to continue. However, if session associated with a tuple and CID enabled DTLS is not used for some time (libcoap default 300 secs), then the session will expire which will destroy any DTLS session information and so the (re-)use of the CID from any client IP will get dropped. It is worth considering doing some sort of keep-alive here. |
Thanks a lot for the explanation. Just as information: I guess, the session management applies also for DTLS 1.3? And also doesn't allow, to resume the DTLS 1.2 session? |
The libcoap session timeout can be set to (within reason) however long you want it to be - coap_context_set_session_timeout(3. However, there does need to be some sort of reasonable inactive timeout to manage server session garbage collection. libcoap also support limiting the number of idle/inactive sessions - coap_context_set_max_idle_sessions(3). Resume session is not currently supported by libcoap (session tickets etc. are not stored anywhere). I can't see any reason as to why this could not be added in by someone at some point.
Apart from the CID being transmitted differently between DTLS1.2 and DTLS1.3, there is no difference as to what happens to the tuple. |
I read the documentation for both functions. |
For "remove idle server sessions", "Idle" is when no packet sent / received (including (D)TLS packets) for the specified (session timeout) period of time, as well as there is no current reference count to the session. For "maximum number of idle server sessions", "Idle" is any session that is not transmit pending something and has a reference count of 0. The longest "Idle" session since the last transmit / receive is then removed if the number of "Idle" sessions exceeds the maximum number defined - this logic occurs when a new session/tuple needs to be created. |
And "reference count" means? |
For a client, the reference count is bumped so that its session does not go away until the client has finished. For the server, the reference count is bumped to make sure it does not unexpectedly go away. An example would be that an Observe relationship has been set up - and the reference count decremented when the Observe is cancelled/dropped. Other server examples would be when protecting critical code - for example bumping the reference count before sending a packet over a TCP socket so that if a socket closure needs to take place, the socket and session can be 'freed' off, but the caller can still reference the session on function return to do whatever, and then when the session reference count is decremented by the caller, the session can 'go away'. |
Closing as DTLS1.3 is now available with wolfSSL, and session resumption can occur with the the use of Connection-ID (CID) providing it is enabled in the underlying (D)TLS library. |
There are two problems:
1)Does coap-server-openssl support coap+DTLS1.2+session resumption? If supported, what CMD is needed to start the server?
2)Does libcoap support coap+DTLS1.3? If supported, which ciphersuites should be used?
The text was updated successfully, but these errors were encountered: