Skip to content

pkg/tinydtls: add DTLS sock API implementation #11943

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Dec 5, 2019
Merged

pkg/tinydtls: add DTLS sock API implementation #11943

merged 3 commits into from
Dec 5, 2019

Conversation

pokgak
Copy link
Contributor

@pokgak pokgak commented Jul 31, 2019
edited
Loading

Contribution description

This PR implements the DTLS sock API introduced in #11909 using tinyDTLS. It adds an example application dtls-sock that follows the same behavior as the existing dtls-echo example.

Testing procedure

Run the example application using two nodes.

Start a DTLS server on one node and get the IP:

> dtlss start
> ifconfig
[...]

Send a message from the other node to the server:

> dtlsc <IP server> <message>

PSK credentials are used by default. To test with ECC credentials, uncomment following line in Makefile:

# CFLAGS += -DDTLS_ECC

Using ECC credentials is a bit iffy currently. It works but takes too long (>10s) to send and receive the data. Probably the same problem as #11859.

Issues/PRs references

Depends on PR #11909.
Earlier discussion in #10897

@pokgak pokgak mentioned this pull request Jul 31, 2019
Merged
@miri64 miri64 requested review from rfuentess and smlng August 5, 2019 09:34
@miri64 miri64 self-assigned this Aug 5, 2019
@miri64 miri64 added Area: pkg Area: External package ports Area: security Area: Security-related libraries and subsystems Type: enhancement The issue suggests enhanceable parts / The PR enhances parts of the codebase / documentation labels Aug 5, 2019
@miri64 miri64 added this to the Release 2019.10 milestone Aug 5, 2019
@rfuentess
Copy link
Contributor

I can start to review the PR until this weekend. Is it OK ?

@rfuentess
Copy link
Contributor

By the way, @pokgak can you put the link to the previous discussion ?

@miri64 miri64 added the State: waiting for other PR State: The PR requires another PR to be merged first label Aug 5, 2019
@miri64
Copy link
Member

miri64 commented Aug 5, 2019

I can start to review the PR until this weekend. Is it OK ?

#11909 needs to be reviewed and ACK'd first, so it still has some time (sorry, forgot to set the "State: waiting for other PR" label)

@pokgak pokgak mentioned this pull request Aug 6, 2019
Open
8 tasks
@pokgak
Copy link
Contributor Author

pokgak commented Aug 6, 2019

@rfuentess, it'd be great if you could review it, there are some places where I'm not really sure about the implementation but as @miri64 said we still have time. In the meantime, I've updated #10897 with a list to track the current status.

@pokgak
Copy link
Contributor Author

pokgak commented Aug 13, 2019

Added commits to update the implementation to use the latest API. There are not much changes to the implementation of the API in sock_dtls.c aside from function renaming and removal of sock_dtls_init_server().

I think there will no changes anymore to the API proposed in #11909, only refining the example left. So it should be okay to start reviewing this PR @rfuentess .

@rfuentess
Copy link
Contributor

I finally got some free time.

The interface seems to be elegant and clean. At simple glance I don't see anything that requires special attention.

I'll try to get some physical boards on the following weeks to play with it. Otherwise, I'll recover my IoT-lab account for it.

@miri64
Copy link
Member

miri64 commented Aug 28, 2019

I think with #11909 merged this can be rebased.

@miri64
Copy link
Member

miri64 commented Aug 28, 2019

I guess it also needs some adaptation to the changes we discussed there.

@pokgak pokgak mentioned this pull request Aug 28, 2019
Closed
miri64
miri64 reviewed Aug 29, 2019
View reviewed changes
miri64
miri64 reviewed Aug 29, 2019
View reviewed changes
miri64
miri64 reviewed Aug 30, 2019
View reviewed changes
@miri64 miri64 removed the State: waiting for other PR State: The PR requires another PR to be merged first label Aug 30, 2019
@pokgak pokgak mentioned this pull request Sep 24, 2019
Merged
@miri64
Copy link
Member

miri64 commented Sep 24, 2019

Please rebase, #12299 was merged.

@miri64
Copy link
Member

miri64 commented Sep 25, 2019

As 894ffe5 still does exist, I believe you did not rebase to current master ;-)

@pokgak
Copy link
Contributor Author

pokgak commented Sep 25, 2019

@rfuentess update on the review? I'm looking into constant-time when copying the credentials in credential callbacks (get_psk(), get_ecc()). So that part may still change.

@pokgak
Copy link
Contributor Author

pokgak commented Sep 25, 2019

As 894ffe5 still does exist, I believe you did not rebase to current master ;-)

No, that is not a workaround for the error stated in comment. After #12299 merged, compiling the example gives following error:

error: assignment discards 'const' qualifier from pointer target type

894ffe5 is needed to fix it. And I checked git log just in case and #12299 is in the history.

@pokgak
Copy link
Contributor Author

pokgak commented Nov 5, 2019
edited
Loading

cppcheck error fixed and squashed commits. I need to readd b7d0355 (originally included in #11909) because it somehow got removed from master.

@tcschmidt
Copy link
Member

tcschmidt commented Nov 27, 2019
edited
Loading

@smlng are your requests competed? Then, please remove the blocking.

@smlng smlng added Reviewed: 1-fundamentals The fundamentals of the PR were reviewed according to the maintainer guidelines Reviewed: 2-code-design The code design of the PR was reviewed according to the maintainer guidelines Reviewed: 4-code-style The adherence to coding conventions by the PR were reviewed according to the maintainer guidelines Reviewed: 5-documentation The documentation details of the PR were reviewed according to the maintainer guidelines labels Nov 27, 2019
@smlng smlng dismissed their stale review November 27, 2019 15:28

needs testing

@smlng
Copy link
Member

smlng commented Nov 27, 2019

please squash

@pokgak
Copy link
Contributor Author

pokgak commented Nov 28, 2019

Squashed.

smlng
smlng suggested changes Nov 28, 2019
View reviewed changes
Copy link
Member

@smlng smlng left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tested and works in general, however I observed 2 things:

  • cannot start, then stop and start server again, fails with:
dtlss stop
 dtlss stop
Stopping server...
Terminating
Success: DTLS server stopped
> dtlss start
dtlss start
Error cannot add credential to system: -1
  • further it would be nice to print the message send by dtlsc on server side and/or on client side (after echo). Currently both only report that a message was received but the content is not shown.

@pokgak
Copy link
Contributor Author

pokgak commented Nov 29, 2019 

* cannot start, then stop and start server again, fails with:

Fixed.

* further it would be nice to print the message send by `dtlsc` on server side and/or on client side (after echo). Currently both only report that a message was received but the content is not shown.

I had this discussion with @miri64 before (#11909 (comment)) and there decided against printing the message.

@smlng smlng added the Reviewed: 3-testing The PR was tested according to the maintainer guidelines label Dec 2, 2019
@smlng
Copy link
Member

smlng commented Dec 2, 2019

please squash, otherwise ACK.

@pokgak
Copy link
Contributor Author

pokgak commented Dec 5, 2019

@smlng sorry for the delay.

I tested part of the tests from #11943 (comment) again on native and all OK:

-------- -------------- -------- -------------- ---------------------
client   cipher suite   server   cipher suite   result
                                                ---------------------
                                                native 
-------- -------------- -------- -------------- ---------------------
sock     ecc            sock     ecc            OK     
sock     psk            sock     psk            OK    
sock     ecc            sock     psk            OK 1* 
sock     psk            sock     ecc            OK 1* 

1*: client got handshake failure as expected

@smlng
Copy link
Member

smlng commented Dec 5, 2019

okay ... cool, lets see what murdock thinks

@benpicco
Copy link
Contributor

benpicco commented Dec 5, 2019

Murdock is happy and so am I 😃

@smlng
Copy link
Member

smlng commented Dec 5, 2019

well then let's do this!

@smlng smlng merged commit 6e53e28 into RIOT-OS:master Dec 5, 2019
@rfuentess
Copy link
Contributor

Congrats @pokgak !

@pokgak
Copy link
Contributor Author

pokgak commented Dec 5, 2019

Thank you all for helping with the review :)

@kb2ma kb2ma mentioned this pull request Jan 11, 2020
Closed
@pokgak pokgak deleted the sock_dtls_impl branch February 27, 2020 10:34
benpicco
benpicco reviewed May 13, 2021
View reviewed changes
pkg/tinydtls/include/sock_dtls_types.h
Comment on lines +37 to +39
struct sock_dtls {
dtls_context_t *dtls_ctx; /**< TinyDTLS context for sock */
sock_udp_t *udp_sock; /**< Underlying UDP sock to use */
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What was the reason for not doing

Suggested change
struct sock_dtls {
dtls_context_t *dtls_ctx; /**< TinyDTLS context for sock */
sock_udp_t *udp_sock; /**< Underlying UDP sock to use */
sock_udp_t udp_sock; /**< Underlying UDP sock to use */
dtls_context_t *dtls_ctx; /**< TinyDTLS context for sock */

instead?

That way application code using UDP sockets could transparently handle DTLS sockets (after a custom setup procedure).
sock_udp_t would only need to be extended by a flag to indicate there is a DTLS context attached to it.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We might want to support other transports in the future. With that, it would be easier and better understandable to create the transport sock in the application first and then the DTLS sock. As we do not want to copy that transport sock, a pointer is the best way to go here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@miri64 miri64 miri64 left review comments

@benpicco benpicco benpicco left review comments

+2 more reviewers

@rfuentess rfuentess rfuentess requested changes

@smlng smlng smlng approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees

@miri64 miri64

Labels
Area: pkg Area: External package ports Area: security Area: Security-related libraries and subsystems CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR Reviewed: 1-fundamentals The fundamentals of the PR were reviewed according to the maintainer guidelines Reviewed: 2-code-design The code design of the PR was reviewed according to the maintainer guidelines Reviewed: 3-testing The PR was tested according to the maintainer guidelines Reviewed: 4-code-style The adherence to coding conventions by the PR were reviewed according to the maintainer guidelines Reviewed: 5-documentation The documentation details of the PR were reviewed according to the maintainer guidelines Type: enhancement The issue suggests enhanceable parts / The PR enhances parts of the codebase / documentation
Projects
None yet
Milestone
Release 2020.01
Development

Successfully merging this pull request may close these issues.
7 participants
@pokgak @rfuentess @miri64 @smlng @tcschmidt @benpicco @kb2ma