Re: [Lwip] Notes on draft-tschofenig-lwig-tls-minimal-03
Hauke Mehrtens <hauke@hauke-m.de> Mon, 26 August 2013 14:42 UTC
Return-Path: <hauke@hauke-m.de>
X-Original-To: lwip@ietfa.amsl.com
Delivered-To: lwip@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 45AAE11E8193 for <lwip@ietfa.amsl.com>; Mon, 26 Aug 2013 07:42:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 362TNWGkkEIg for <lwip@ietfa.amsl.com>; Mon, 26 Aug 2013 07:42:50 -0700 (PDT)
Received: from hauke-m.de (Hauke-2-pt.tunnel.tserv6.fra1.ipv6.he.net [IPv6:2001:470:1f0a:465::2]) by ietfa.amsl.com (Postfix) with ESMTP id 252FB21F9FD5 for <lwip@ietf.org>; Mon, 26 Aug 2013 07:42:49 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by hauke-m.de (Postfix) with ESMTP id 2C9CA8F68; Mon, 26 Aug 2013 16:42:48 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at hauke-m.de
Received: from hauke-m.de ([127.0.0.1]) by localhost (hauke-m.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IAdL0us0vC4X; Mon, 26 Aug 2013 16:42:37 +0200 (CEST)
Received: from [IPv6:2001:638:708:30da:fdcc:780c:b104:5da1] (unknown [IPv6:2001:638:708:30da:fdcc:780c:b104:5da1]) by hauke-m.de (Postfix) with ESMTPSA id 728D58F65; Mon, 26 Aug 2013 16:42:37 +0200 (CEST)
Message-ID: <521B695C.9000802@hauke-m.de>
Date: Mon, 26 Aug 2013 16:42:36 +0200
From: Hauke Mehrtens <hauke@hauke-m.de>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130803 Thunderbird/17.0.8
MIME-Version: 1.0
To: "Keoh, Sye Loong" <SyeLoong.Keoh@glasgow.ac.uk>
References: <5D963903D7084F1386D7F2EEA602F054@KeohSyeLoongPC>
In-Reply-To: <5D963903D7084F1386D7F2EEA602F054@KeohSyeLoongPC>
X-Enigmail-Version: 1.4.6
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: lwip@ietf.org
Subject: Re: [Lwip] Notes on draft-tschofenig-lwig-tls-minimal-03
X-BeenThere: lwip@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Lightweight IP stack <lwip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lwip>, <mailto:lwip-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/lwip>
List-Post: <mailto:lwip@ietf.org>
List-Help: <mailto:lwip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lwip>, <mailto:lwip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Aug 2013 14:42:51 -0000
Hi Sye Loong, I am currently at implementing reordering, it seams to work, but it is not committed to github yet. I am also sending only one message at a time, so a flight contains many UDP packages. I am currently trying to get it to work in cooja on a simulated wismote, the psk handshake already works, but I still have problems with the ECDH_ECDSA handshake, something is probably wrong in the ecc code, on x86 it works. Cooja also has a nice tool which shows the stack usage of the application running. Too bad you can not give me access to your modified tinydtls version. Most of my code is at github, it misses some of the things that I am currently working on and that are not cleaned up right now. I want to do some measurements similar to the ones, you did for the psk case with ECDH_ECDSA for my master's thesis and I would like to get them integrated into the draft. Hauke On 08/26/2013 12:04 PM, Keoh, Sye Loong wrote: > Hi Hauke, > > Thank you for your interest in our draft. It is great to hear that you > are extending TinyDTLS with raw public key support, and this is indeed > the contribution that we needed in this document, as we only had > performance and implementation details of PSK in TinyDTLS. > > At least in your implementation, we needed the re-ordering because > messages were not sent using message flights. Each message is sent > individually. > > I am sorry that the the modified TinyDTLS code cannot be made available > due to some constraints that we have. But, we can discuss specific needs > that you have. > When you compile and flash the application to the hardware, you can get > the RAM size measurement. > > Would be great if you could share your implementation details and > measurements with us, so that they can be incorporated into our Internet > Draft. > > cheers > Sye Loong > >>>> > Hi Hannes, > > I have some notes on > https://tools.ietf.org/html/draft-tschofenig-lwig-tls-minimal-03 > > I am working on tinyDTLS and came across some problems. I extended it to > support raw public keys with TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 on the > SECP256R1 curve. The ECC code just supports this specific curve. > > The ClientHello without a cookie is now 99 Bytes big (value in UDP > header) and on ieee802.15.4 it has to be fragmented somewhere. But to do > fragmentation we have to store a state somewhere. > > For retransmission, instead of storing the whole message you could store > the data which is needed to recreate the message. Data like the server > certificate already has to be stored somewhere. I am planing to > implement this. > > We have a high memory consumption in the handshake process, you could > make it possible to be able to just do one handshake at a time, but have > more than one DTLS session open at a time. All these DTLS session will > then share a common memory space to store their temporary handshake > data. I am planing to implement this. > > If you have a pretty reliable medium you could leave out implementation > of reordering, the other peer will resend the messages if a message will > be lost and then the client could start at the position where the > package was lost again. This could save some ram to store the messages. > > Is the code of the modified tinyDTLS version and a more detailed > description of the setup available somewhere? I am planing to so some > measurements with tinyDTLS and raw public keys. How was the RAM size > measurement done? > > As already discussed in the meeting the sizes for the tls implementation > are pretty big. I haven't implemented a generic ASN.1 parser, I am just > supporting one type of raw public key, so I am doing a memcmp() to > ensure it is the one I excepted, then there is the public key at a > constant offset. > > My tinyDTLS implementation with raw public keys and > TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 on the SECP256R1 curve is about 30% > bigger then the version just supporting PSK cipher. This measurement was > done on a AMD64 system without any compiler optimization for size. I am > planing to do a better measurement. > > Hauke > > [0]: https://github.com/hauke/tinydtls/tree/ecdh-merge
- [Lwip] Notes on draft-tschofenig-lwig-tls-minimal… Hauke Mehrtens
- Re: [Lwip] Notes on draft-tschofenig-lwig-tls-min… Keoh, Sye Loong
- Re: [Lwip] Notes on draft-tschofenig-lwig-tls-min… Hauke Mehrtens
- Re: [Lwip] [SPAM?] Re: Notes on draft-tschofenig-… Keoh, Sye Loong
- Re: [Lwip] [SPAM?] Re: Notes on draft-tschofenig-… Hauke Mehrtens
- Re: [Lwip] [SPAM?] Re: Notes on draft-tschofenig-… Behcet Sarikaya
- Re: [Lwip] [SPAM?] Re: Notes on draft-tschofenig-… Hauke Mehrtens
- Re: [Lwip] Notes on draft-tschofenig-lwig-tls-min… Sye Loong Keoh
- Re: [Lwip] Notes on draft-tschofenig-lwig-tls-min… Hauke Mehrtens
- Re: [Lwip] [SPAM?] Re: Notes on draft-tschofenig-… Sye Loong Keoh