IETF Logo Mail Archive

Re: [Lwip] Notes on draft-tschofenig-lwig-tls-minimal-03

"Keoh, Sye Loong" <SyeLoong.Keoh@glasgow.ac.uk> Mon, 26 August 2013 10:04 UTC

Return-Path: <SyeLoong.Keoh@glasgow.ac.uk>
X-Original-To: lwip@ietfa.amsl.com
Delivered-To: lwip@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 120B321F991E for <lwip@ietfa.amsl.com>; Mon, 26 Aug 2013 03:04:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.739
X-Spam-Level:
X-Spam-Status: No, score=-4.739 tagged_above=-999 required=5 tests=[BAYES_20=-0.74, RCVD_IN_DNSWL_MED=-4, STOX_REPLY_TYPE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lJAC7X0QRVoF for <lwip@ietfa.amsl.com>; Mon, 26 Aug 2013 03:04:39 -0700 (PDT)
Received: from plockton.cent.gla.ac.uk (plockton.cent.gla.ac.uk [130.209.16.75]) by ietfa.amsl.com (Postfix) with ESMTP id 20F4221F9301 for <lwip@ietf.org>; Mon, 26 Aug 2013 03:04:32 -0700 (PDT)
Received: from cas06.campus.gla.ac.uk ([130.209.14.39]) by plockton.cent.gla.ac.uk with esmtp (Exim 4.72) (envelope-from <SyeLoong.Keoh@glasgow.ac.uk>) id 1VDtex-0002rm-2u; Mon, 26 Aug 2013 11:04:31 +0100
Received: from KeohSyeLoongPC (202.21.159.245) by smtp.campus.gla.ac.uk (130.209.14.40) with Microsoft SMTP Server (TLS) id 14.3.158.1; Mon, 26 Aug 2013 11:04:29 +0100
Message-ID: <5D963903D7084F1386D7F2EEA602F054@KeohSyeLoongPC>
From: "Keoh, Sye Loong" <SyeLoong.Keoh@glasgow.ac.uk>
To: lwip@ietf.org
Date: Mon, 26 Aug 2013 18:04:32 +0800
Organization: School of Computer Science, University of Glasgow Singapore
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="iso-8859-1"; reply-type="original"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Mailer: Microsoft Windows Live Mail 16.4.3505.912
X-MimeOLE: Produced By Microsoft MimeOLE V16.4.3505.912
X-Originating-IP: [202.21.159.245]
X-Mailman-Approved-At: Mon, 26 Aug 2013 03:50:48 -0700
Subject: Re: [Lwip] Notes on draft-tschofenig-lwig-tls-minimal-03
X-BeenThere: lwip@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: "Keoh, Sye Loong" <SyeLoong.Keoh@glasgow.ac.uk>
List-Id: Lightweight IP stack <lwip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lwip>, <mailto:lwip-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/lwip>
List-Post: <mailto:lwip@ietf.org>
List-Help: <mailto:lwip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lwip>, <mailto:lwip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Aug 2013 10:31:18 -0000

Hi Hauke,

Thank you for your interest in our draft. It is great to hear that you are 
extending TinyDTLS with raw public key support, and this is indeed the 
contribution that we needed in this document, as we only had performance and 
implementation details of PSK in TinyDTLS.

At least in your implementation, we needed the re-ordering because messages 
were not sent using message flights. Each message is sent individually.

I am sorry that the the modified TinyDTLS code cannot be made available due 
to some constraints that we have. But, we can discuss specific needs that 
you have.
When you compile and flash the application to the hardware, you can get the 
RAM size measurement.

Would be great if you could share your implementation details and 
measurements with us, so that they can be incorporated into our Internet 
Draft.

cheers
Sye Loong

>>>
Hi Hannes,

I have some notes on
https://tools.ietf.org/html/draft-tschofenig-lwig-tls-minimal-03

I am working on tinyDTLS and came across some problems. I extended it to
support raw public keys with TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 on the
SECP256R1 curve. The ECC code just supports this specific curve.

The ClientHello without a cookie is now 99 Bytes big (value in UDP
header) and on ieee802.15.4 it has to be fragmented somewhere. But to do
fragmentation we have to store a state somewhere.

For retransmission, instead of storing the whole message you could store
the data which is needed to recreate the message. Data like the server
certificate already has to be stored somewhere. I am planing to
implement this.

We have a high memory consumption in the handshake process, you could
make it possible to be able to just do one handshake at a time, but have
more than one DTLS session open at a time. All these DTLS session will
then share a common memory space to store their temporary handshake
data. I am planing to implement this.

If you have a pretty reliable medium you could leave out implementation
of reordering, the other peer will resend the messages if a message will
be lost and then the client could start at the position where the
package was lost again. This could save some ram to store the messages.

Is the code of the modified tinyDTLS version and a more detailed
description of the setup available somewhere? I am planing to so some
measurements with tinyDTLS and raw public keys. How was the RAM size
measurement done?

As already discussed in the meeting the sizes for the tls implementation
are pretty big. I haven't implemented a generic ASN.1 parser, I am just
supporting one type of raw public key, so I am doing a memcmp() to
ensure it is the one I excepted, then there is the public key at a
constant offset.

My tinyDTLS implementation with raw public keys and
TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 on the SECP256R1 curve is about 30%
bigger then the version just supporting PSK cipher. This measurement was
done on a AMD64 system without any compiler optimization for size. I am
planing to do a better measurement.

Hauke

[0]: https://github.com/hauke/tinydtls/tree/ecdh-merge

v2.23.0 | Report a Bug | By Email