tinyDTLS / Tickets / #28 contiki example dtls-client and dtls-server handshake

prabhakaran kasinathan - 2015-06-12

--
update: contiki example DTLS client-server with PSK cipher suite only.
--
Setup1: DTLS-server (node1) / DTLS-client (node2) simulated within cooja.

I disabled DTLS_ECC in dtls_config.h and initiated the handshake from node2.

Result:
Handshake was not successful.

Logs:
Cooja Log and Pcap: https://drive.google.com/folderview?id=0B3h2CPasVhrufmJ6VUtjMzZNakRUV3htUXd6TEdGZldmbzJQMENkRFllbFpSSTlNN2MwcjA&usp=sharing

Setup2: Scandium-DTLS client example / DTLS-Server PSK only (node1) simulated within cooja.

Result:
Handshake was successful.

Logs:
Cooja, Scandium Log and Pcaps: https://drive.google.com/folderview?id=0B3h2CPasVhrufmluUk5TZVdlQ2pQRE5obGJJWE5qTXNDd29VYmw2UnpYTWpLaGxjejIyOU0&usp=sharing

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Achim Kraus - 2015-06-15

My first impression is:
- The not successful case contains several "retransmission" but no "change cipher spec".
- Line 256 (cooja-tinydtls-pskonly.txt) indicates, that the client (at least) tries to send that "change cipher spec"

00:15.739 ID:2 DEBG send header: (%zu bytes): 00:15.746 ID:2 00000000 14 FE FD 00 00 00 00 00 00 00 04 00 01 00:15.751 ID:2 DEBG send unencrypted: (%zu bytes): 00:15.753 ID:2 00000000 01

But then the message isn't shown in the pcap nor on the servers receive.
Usually the client should try to retransmit, but the "alert" stops it.

The successful case doesn't contains "retransmission" but a "change cipher spec".

So my approach to get a session succesful would be to increase the retransmission timeout (dtls.c, dtls_send_multi, values set "n->t" and "n->timeout").
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- prabhakaran kasinathan - 2015-06-15
  
  HI Achim Kraus,
  
  Thanks for your advice, I did try to increase the retransmission timeout
  as you have mentioned, but the results are the same. If you are successful
  with DTLS client and server, it would be great to know some more details.
  
  I will work on my free time to solve this issue and will report it if it's
  solved.
  
  Thank you for your time!
  
  Best Regards,
  Prabhakaran Kasinathan
  On Mon, Jun 15, 2015 at 10:20 AM, Achim Kraus boaks@users.sf.net wrote:
  
  My first impression is:
  - The not successful case contains several "retransmission" but no
  "change cipher spec".
  - Line 256 (cooja-tinydtls-pskonly.txt) indicates, that the client (at
  least) tries to send that "change cipher spec"
  
  00:15.739 ID:2 DEBG send header: (%zu bytes):00:15.746 ID:2 00000000 14 FE FD 00 00 00 00 00 00 00 04 00 01 00:15.751 ID:2 DEBG send unencrypted: (%zu bytes):00:15.753 ID:2 00000000 01
  
  But then the message isn't shown in the pcap nor on the servers receive.
  Usually the client should try to retransmit, but the "alert" stops it.
  
  The successful case doesn't contains "retransmission" but a
  "change cipher spec".
  
  So my approach to get a session succesful would be to increase the
  retransmission timeout (dtls.c, dtls_send_multi, values set "n->t" and
  "n->timeout").
  
  [tickets:#28] http://sourceforge.net/p/tinydtls/tickets/28 contiki
  example dtls-client and dtls-server handshake*
  
  Status: open
  Milestone: 1.0
  Labels: dtls handskake sequence number mismatch
  Created: Thu Jun 11, 2015 01:33 PM UTC by prabhakaran kasinathan
  Last Updated: Fri Jun 12, 2015 04:04 PM UTC
  Owner: Olaf Bergmann
  
  Hi,
  
  I tried to set up a cooja simulation network to test dtls-handshake
  between dtls-client and server. I used "wismote" as the target platform and
  current development release of contiki and tinydtls.
  
  By default the example provided in tinyDTLS doesn't start the handshake. I
  have to manually started the handshake from tinyDTLS-client by invoking
  @~~~~~~
  "try_send(dtls_context, &dst);" after a
  PROCESS_WAIT_EVENT_UNTIL(etimer_expired(&et1));
  @~~~~~~
  where et1 is set as 20 clock seconds to make sure rpl network is created.
  Please correct me, if I am doing some things wrongly.
  
  I get following errors such as sequence number mismatches and the
  handshake is never completed:
  @~~~~~~
  The message sequence number is too small, expected 2, got: 1
  ..
  retransmit buffer full
  @~~~~~~
  For more information, pls check the logs:
  Cooja Setup:
  https://drive.google.com/file/d/0B3h2CPasVhruMVhVOUVvZ3ZHSDg/view?usp=sharing
  Cooja Log:
  https://drive.google.com/file/d/0B3h2CPasVhruVl81TVZiX0hGWEU/view?usp=sharing
  Cooja Pcap:
  https://drive.google.com/file/d/0B3h2CPasVhruM2g3ZUpLMEZreDQ/view?usp=sharing
  
  I am not sure if this can be considered as a bug! but any help to solve
  this would be great.
  Thank you!
  
  Sent from sourceforge.net because you indicated interest in
  https://sourceforge.net/p/tinydtls/tickets/28/
  
  To unsubscribe from further messages, please visit
  https://sourceforge.net/auth/subscriptions/
  
  Related
  
  Tickets: #28
  
  If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Achim Kraus - 2015-06-16

I compile tinyDTLS using cgcc/ygwin under windows.
And sure, the client successfully connects the server when running under cygwin/posix/windows.

But, as mentioned above, your log indicate that a "very important" message (the cipher change spec) is missing. And that it was sent and never received.

So:
- to which value did you set the timeout? (code sniplet?)
- can you provide us the logs?

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

contiki example dtls-client and dtls-server handshake

Milestone

Searches

Help

#28 contiki example dtls-client and dtls-server handshake

Related

Discussion

Related