Topic: Interoperabilty with tinyDTLS

I am trying to get Wolfssl to interoperate with tiny dtls server or client and vice versa but I always get different master secrets and different keys. I am using PSK_AES128_CCM
I ran WOLFSSL server using against tinyDTLS client using

./examples/client/client -s -u -v 3 -l PSK-AES128-CCM-8

And i Ran into

wolfSSL Entering EmbedReceiveFrom()
wolfSSL Entering wolfSSL_get_using_nonblock
wolfSSL Leaving wolfSSL_get_using_nonblock, return 0
Decrypt failed
wolfSSL error occurred, error = -305
wolfSSL error occurred, error = -312
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -312
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -312
wolfSSL Entering ERR_error_string
error = -312, error during decryption
wolfSSL error: SSL_accept failed

And I ran wolfssl client against tinyDTLS server using

./examples/client/client -s -u -v 3 -l PSK-AES128-CCM-8

And I ran into :

wolfSSL Entering EmbedReceiveFrom()
wolfSSL Entering wolfSSL_get_using_nonblock
wolfSSL Leaving wolfSSL_get_using_nonblock, return 0
received record layer msg
got ALERT!
Got alert
wolfSSL error occurred, error = 51
wolfSSL error occurred, error = -313
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -313
wolfSSL Entering ERR_error_string
 err = -313, revcd alert fatal error
wolfSSL Entering SSL_free
CTX ref count not 0 yet, no free
Shrinking input buffer

wolfSSL Leaving SSL_free, return 0
wolfSSL Entering SSL_CTX_free
CTX ref count down to 0, doing full free
wolfSSL Entering wolfSSL_CertManagerFree
wolfSSL Leaving SSL_CTX_free, return 0
wolfSSL error: wolfSSL_connect failed

Can anyone help me find out where this problem originates from ?

Share

Re: Interoperabilty with tinyDTLS

Hi yrekik,

wolfSSL sets a default PSK key using the my_psk_client_cb() and my_psk_server_cb() callbacks in <wolfssl_root>/wolfssl/test.h.  In those functions, you'll see where we set the key, then return the key size:

key[0] = 26;
key[1] = 43;
key[2] = 60;
key[3] = 77;
...
return 4;

Can you verify that this matches the key that you are using on your tiny dtls client/server?

Best Regards,
Chris

Re: Interoperabilty with tinyDTLS

chrisc wrote:

Hi yrekik,

wolfSSL sets a default PSK key using the my_psk_client_cb() and my_psk_server_cb() callbacks in <wolfssl_root>/wolfssl/test.h.  In those functions, you'll see where we set the key, then return the key size:

key[0] = 26;
key[1] = 43;
key[2] = 60;
key[3] = 77;
...
return 4;

Can you verify that this matches the key that you are using on your tiny dtls client/server?

Best Regards,
Chris

Thank you , yes the default PSK keys match

Share

Re: Interoperabilty with tinyDTLS

Hi yrekik,

One other thing to check is the identity hint being sent to the server. Are you sending the correct "client identity hint" so the server knows the correct key to select for that client?


Warm Regards,

Kaleb

Re: Interoperabilty with tinyDTLS

Kaleb J. Himes wrote:

Hi yrekik,

One other thing to check is the identity hint being sent to the server. Are you sending the correct "client identity hint" so the server knows the correct key to select for that client?


Warm Regards,

Kaleb

Actually the identity hints are correct and both tinyDTLS and WOLFSSL agree on the same keys at last.
The problem now is that the handshake fails at "MAC did not match" from WOLFSSL side when comparing (input+msglen) with tag, I am using TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xCCAB by the way.

Share

Re: Interoperabilty with tinyDTLS

Hi yrekik,

Are you positive tinyDTLS support POLY1305 and CHACHA? That is a pretty cutting edge cipher suite that will make it into TLS 1.3 but very few vendors support it today. wolfSSL and BoringSSL support that cipher suite but very few other SSL/TLS/DTLS providers have taken that step so far, I am skeptical that tinyDTLS supports it.

That being said I can confirm the issues you previously noted when using PSK-AES128-CCM-8 and I am looking into the issue. I should have more info for you by Friday morning Mountain Standard Time (U.S).


Warmest Regards,

Kaleb

Re: Interoperabilty with tinyDTLS

Thank you Kaleb.
Actually I implemented full support for that cipher in tinyDTLS and handshake fails with wolfSSL because the poly1305 MAC tag doesn't match.
I will await your response.
Best Regards.

Share

Re: Interoperabilty with tinyDTLS

Hi yrekik,


I talked to our DTLS expert and there is a known interop bug with tinyDTLS. wolfSSL can interop with GnuTLS and vise-versa.

Neither, GnuTLS nor wolfSSL can interop with tinyDTLS. This is a tinyDTLS issue.

On the Poly1305/ChaCha implementation, one caution would be to make sure you are using the "Official" ChaCha Poly RFC when implementing as there is a "Google Standard" out there as well that was incorrect to begin with. Google has since updated to the RFC standard and wolfSSL also has implemented the RFC standard.


Best Regards,

Kaleb