Re: [Lwip] Notes on draft-tschofenig-lwig-tls-minimal-03
Hauke Mehrtens <hauke@hauke-m.de> Thu, 10 October 2013 14:25 UTC
Return-Path: <hauke@hauke-m.de>
X-Original-To: lwip@ietfa.amsl.com
Delivered-To: lwip@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B1DE521E8126 for <lwip@ietfa.amsl.com>; Thu, 10 Oct 2013 07:25:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v+81wKFNKWsY for <lwip@ietfa.amsl.com>; Thu, 10 Oct 2013 07:25:45 -0700 (PDT)
Received: from hauke-m.de (Hauke-2-pt.tunnel.tserv6.fra1.ipv6.he.net [IPv6:2001:470:1f0a:465::2]) by ietfa.amsl.com (Postfix) with ESMTP id 5BEF721E808E for <lwip@ietf.org>; Thu, 10 Oct 2013 07:25:36 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by hauke-m.de (Postfix) with ESMTP id 5A81D8F62; Thu, 10 Oct 2013 16:25:35 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at hauke-m.de
Received: from hauke-m.de ([127.0.0.1]) by localhost (hauke-m.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qnscw5wMCxnj; Thu, 10 Oct 2013 16:25:28 +0200 (CEST)
Received: from [IPv6:2001:470:1f0b:447:1004:de17:406c:38e6] (unknown [IPv6:2001:470:1f0b:447:1004:de17:406c:38e6]) by hauke-m.de (Postfix) with ESMTPSA id 7A340857F; Thu, 10 Oct 2013 16:25:27 +0200 (CEST)
Message-ID: <5256B8D6.1070707@hauke-m.de>
Date: Thu, 10 Oct 2013 16:25:26 +0200
From: Hauke Mehrtens <hauke@hauke-m.de>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: Sye Loong Keoh <SyeLoong.Keoh@glasgow.ac.uk>
References: <B875B77E4A03DA45B3E6504119B5434DD713E836A0@CMS01.campus.gla.ac.uk>
In-Reply-To: <B875B77E4A03DA45B3E6504119B5434DD713E836A0@CMS01.campus.gla.ac.uk>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: "lwip@ietf.org" <lwip@ietf.org>
Subject: Re: [Lwip] Notes on draft-tschofenig-lwig-tls-minimal-03
X-BeenThere: lwip@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Lightweight IP stack <lwip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lwip>, <mailto:lwip-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/lwip>
List-Post: <mailto:lwip@ietf.org>
List-Help: <mailto:lwip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lwip>, <mailto:lwip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Oct 2013 14:25:53 -0000
Hi Sye, I am working on getting some numbers. ;-) The code is there, I also added reordering, and I started writing the stuff down for my master's thesis, so I plan to do some measurements soon. My current problem is that the ECC code is very slow, a handshake with client authentication takes 5 - 10 minutes in cooja on a simulated MSP430X, with a psk cipher it just takes 5 - 10 seconds, the problem are the ECC operations, mostly ecc multiply on the secp256r1 curve. Does someone know a fast and small ECC implementation supporting the secp256r1 curve? Hauke On 10/08/2013 08:53 AM, Sye Loong Keoh wrote: > Hi Hauke, > > Just to follow up on your previous discussion, how's your progress on the TinyDTLS implementation on the TI MSP430? > Do you have already have performance results that can be shared with us, by incorporating them into the Hitchhiker's guide LWIG document (http://www.ietf.org/internet-drafts/draft-ietf-lwig-tls-minimal-00.txt)? > > Cheers > Sye Loong > > -----Original Message----- > From: Hauke Mehrtens [mailto:hauke@hauke-m.de] > Sent: Wednesday, 28 August, 2013 6:53 AM > To: Sye Loong Keoh > Cc: lwip@ietf.org; hannes.tschofenig@gmx.net; sandeep.kumar@philips.com > Subject: [SPAM?] Re: [SPAM?] Re: [Lwip] Notes on draft-tschofenig-lwig-tls-minimal-03 > > Hi Sye Loong, > > I am using a simulated sensor node in cooja. wismote is a simulated wireless sensor node which simulates a TI MSP430 with 16kB RAM and 128 kB Rom, so this suites in the class 1 category. > Currently I am still in the state of getting tinydtls working on the TI MSP430. > > Hauke > > On 08/27/2013 03:32 AM, Keoh, Sye Loong wrote: >> Hi Hauke, >> >> What is a wismote? Do you have a use case for your work? and what are >> the assumptions of the nodes in your network? Are they class 1 devices >> as defined in the Terminology draft? >> >> Great that you are willing to contribute! >> >> cheers >> Sye Loong >> >> -----Original Message----- From: Hauke Mehrtens >> Sent: Monday, August 26, 2013 10:42 PM >> To: Sye Loong Keoh >> Cc: lwip@ietf.org ; hannes.tschofenig@gmx.net ; >> sandeep.kumar@philips.com >> Subject: [SPAM?] Re: [Lwip] Notes on >> draft-tschofenig-lwig-tls-minimal-03 >> >> Hi Sye Loong, >> >> I am currently at implementing reordering, it seams to work, but it is >> not committed to github yet. >> >> I am also sending only one message at a time, so a flight contains >> many UDP packages. >> >> I am currently trying to get it to work in cooja on a simulated >> wismote, the psk handshake already works, but I still have problems >> with the ECDH_ECDSA handshake, something is probably wrong in the ecc >> code, on >> x86 it works. Cooja also has a nice tool which shows the stack usage >> of the application running. >> >> Too bad you can not give me access to your modified tinydtls version. >> >> Most of my code is at github, it misses some of the things that I am >> currently working on and that are not cleaned up right now. >> >> I want to do some measurements similar to the ones, you did for the >> psk case with ECDH_ECDSA for my master's thesis and I would like to >> get them integrated into the draft. >> >> Hauke >> >> On 08/26/2013 12:04 PM, Keoh, Sye Loong wrote: >>> Hi Hauke, >>> >>> Thank you for your interest in our draft. It is great to hear that >>> you are extending TinyDTLS with raw public key support, and this is >>> indeed the contribution that we needed in this document, as we only >>> had performance and implementation details of PSK in TinyDTLS. >>> >>> At least in your implementation, we needed the re-ordering because >>> messages were not sent using message flights. Each message is sent >>> individually. >>> >>> I am sorry that the the modified TinyDTLS code cannot be made >>> available due to some constraints that we have. But, we can discuss >>> specific needs that you have. >>> When you compile and flash the application to the hardware, you can >>> get the RAM size measurement. >>> >>> Would be great if you could share your implementation details and >>> measurements with us, so that they can be incorporated into our >>> Internet Draft. >>> >>> cheers >>> Sye Loong >>> >>>>>> >>> Hi Hannes, >>> >>> I have some notes on >>> https://tools.ietf.org/html/draft-tschofenig-lwig-tls-minimal-03 >>> >>> I am working on tinyDTLS and came across some problems. I extended it >>> to support raw public keys with TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 on >>> the >>> SECP256R1 curve. The ECC code just supports this specific curve. >>> >>> The ClientHello without a cookie is now 99 Bytes big (value in UDP >>> header) and on ieee802.15.4 it has to be fragmented somewhere. But to >>> do fragmentation we have to store a state somewhere. >>> >>> For retransmission, instead of storing the whole message you could >>> store the data which is needed to recreate the message. Data like the >>> server certificate already has to be stored somewhere. I am planing >>> to implement this. >>> >>> We have a high memory consumption in the handshake process, you could >>> make it possible to be able to just do one handshake at a time, but >>> have more than one DTLS session open at a time. All these DTLS >>> session will then share a common memory space to store their >>> temporary handshake data. I am planing to implement this. >>> >>> If you have a pretty reliable medium you could leave out >>> implementation of reordering, the other peer will resend the messages >>> if a message will be lost and then the client could start at the >>> position where the package was lost again. This could save some ram to store the messages. >>> >>> Is the code of the modified tinyDTLS version and a more detailed >>> description of the setup available somewhere? I am planing to so some >>> measurements with tinyDTLS and raw public keys. How was the RAM size >>> measurement done? >>> >>> As already discussed in the meeting the sizes for the tls >>> implementation are pretty big. I haven't implemented a generic ASN.1 >>> parser, I am just supporting one type of raw public key, so I am >>> doing a memcmp() to ensure it is the one I excepted, then there is >>> the public key at a constant offset. >>> >>> My tinyDTLS implementation with raw public keys and >>> TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 on the SECP256R1 curve is about >>> 30% bigger then the version just supporting PSK cipher. This >>> measurement was done on a AMD64 system without any compiler >>> optimization for size. I am planing to do a better measurement. >>> >>> Hauke >>> >>> [0]: https://github.com/hauke/tinydtls/tree/ecdh-merge >> >
- [Lwip] Notes on draft-tschofenig-lwig-tls-minimal… Hauke Mehrtens
- Re: [Lwip] Notes on draft-tschofenig-lwig-tls-min… Keoh, Sye Loong
- Re: [Lwip] Notes on draft-tschofenig-lwig-tls-min… Hauke Mehrtens
- Re: [Lwip] [SPAM?] Re: Notes on draft-tschofenig-… Keoh, Sye Loong
- Re: [Lwip] [SPAM?] Re: Notes on draft-tschofenig-… Hauke Mehrtens
- Re: [Lwip] [SPAM?] Re: Notes on draft-tschofenig-… Behcet Sarikaya
- Re: [Lwip] [SPAM?] Re: Notes on draft-tschofenig-… Hauke Mehrtens
- Re: [Lwip] Notes on draft-tschofenig-lwig-tls-min… Sye Loong Keoh
- Re: [Lwip] Notes on draft-tschofenig-lwig-tls-min… Hauke Mehrtens
- Re: [Lwip] [SPAM?] Re: Notes on draft-tschofenig-… Sye Loong Keoh