change the way to get keys
Status: Alpha
Brought to you by:
obgm
Menu
▾
▴
#1 change the way to get keys
I will talk about the PSK issue but there are the same issue for ECC.
Currently, to pass the key from user code to tinyDTLS, we must use the :
get_psk_key from dtls_handler_t.
The current implementation force user to store the key in a static way.
There are 2 problems for me with this :
- I'm working on a Lua Binding on tinyDTLS (luadtls), I would like to pass the key from lua to C. Currently I must create a static structure in memory to store statically the key in my C code while it is already store in Lua.
- Key is sensitive data. The time where the unencrypted key is store memory should be as short as possible to limit an attack by memory dump. Here a post which explains the idea.
So a better implementation could be that tinyDTLS allocate memory for the key, then call the get_psk_key which will fill the struct, then with a memset clean the memory.
I completely agree with your concerns and will fix this as suggested.
This is fixed for PSK in commit 046f9d62. To save some overhead, the psk_hint and psk are now retrieved independent from each other. dtls_psk_key_t is now obsolete and has been removed in 1fba423.
For ECC, this is a bit more difficult hence the bug is not yet closed.
Thx Olaf, I just integrate it now.
(off topic, but could you add ".project" entry to .gitignore as I can open tiny dtls in eclipse CDT)