Welcome to the wolfSSL Forums!

sbernard · 2015-07-27 08:58:58

sbernard
Member
Offline

Registered: 2015-07-27
Posts: 7

Topic: ECC extensions not sent in DTLS

Hi,
As I said in my previous post. I tried to connect wolfssl(3.6.0) to Eclipse Scandium(master).
As I failed to use PSK, I tried to use RPK with Elliptic curves using TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 cipher suite.
So I tried to configure wolfssl like this :

./configure --enable-dtls --enable-aesccm --enable-supportedcurves --enable-scep
./examples/client/client -h 127.0.0.1 -p 5684 -u -v 3

(I also tried adding --enable-tlsx)
But in all case, wolfssl did not add the "Supported Elliptic Curves" and "Supported Point Formats" extension in Client_Hello.
This is not really mandatory as the spec say : "A TLS client that proposes ECC cipher suites in its ClientHello message SHOULD include these extensions"
But, Scandium refuse to continue handshake, if those extensions are not present for ECC, I think this is mainly a scandium issue (I will open it). But I think wolfssl should add this extension as the specification recommend it.

The same issue was present in openssl in the past, it was fixed now.

Simon

Kaleb J. Himes · 2015-07-27 10:13:00

Kaleb J. Himes
Moderator
Offline

From: Bozeman
Registered: 2014-05-09
Posts: 777

Re: ECC extensions not sent in DTLS

Hi sbernard,

Try using the following options. I am providing flags for both server and client in the case you would like to test wolfSSL internally before testing an external connection:

For TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8

Server options:

./examples/server/server -u -v 3 -l ECDHE-ECDSA-AES128-CCM-8 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem

Client options:

./examples/client/client -u -v 3 -l ECDHE-ECDSA-AES128-CCM-8 -A ./certs/server-ecc.pem

To read more about these options and flags please use:

./examples/server/server -help

sbernard · 2015-07-28 06:53:45

sbernard
Member
Offline

Registered: 2015-07-27
Posts: 7

Re: ECC extensions not sent in DTLS

OK I tested with the option you proposed and a wolfssl client and server, and it works !

1) You didn't answered about the "Supported Elliptic Curves" and "Supported Point Formats" extension issue.
2) I workaround the "Supported Elliptic Curves" and "Supported Point Formats" extension issue by modifying scandium code, but I encountered another issue this time the handshake go to Server Hello Done, but the wolfssl client never answer

C=> Client Hello
S=> Hello Verify Request
C=> Client Hello
S=> Server Hello, Certificate, Server Key Exchange, Certificate Request, Server Hello Done

I compare the 2 wireshark captures (wolf/wolf and wolf/scandium) and I don't see any problems .
I tried to launch wolfssl in debug mode and it seems to be in a strange state :

connect state: HELLO_AGAIN_REPLY
wolfSSL Entering EmbedReceiveFrom()
wolfSSL Entering wolfSSL_get_using_nonblock
wolfSSL Leaving wolfSSL_get_using_nonblock, return 0
received record layer msg
wolfSSL Entering DoDtlsHandShakeMsg()
wolfSSL Entering DoHandShakeMsgType
processing server hello
wolfSSL Entering VerifyClientSuite
wolfSSL Leaving DoHandShakeMsgType(), return 0
wolfSSL Leaving DoDtlsHandShakeMsg(), return 0
More records in input
growing input buffer

wolfSSL Entering EmbedReceiveFrom()
wolfSSL Entering wolfSSL_get_using_nonblock
wolfSSL Leaving wolfSSL_get_using_nonblock, return 0
Embed Receive From error
wolfSSL Entering wolfSSL_get_using_nonblock
wolfSSL Leaving wolfSSL_get_using_nonblock, return 0
    Socket timeout
wolfSSL Entering EmbedReceiveFrom()
wolfSSL Entering wolfSSL_get_using_nonblock
wolfSSL Leaving wolfSSL_get_using_nonblock, return 0
Embed Receive From error
wolfSSL Entering wolfSSL_get_using_nonblock
wolfSSL Leaving wolfSSL_get_using_nonblock, return 0
    Socket timeout
... ... ... ....
wolfSSL Entering EmbedReceiveFrom()
wolfSSL Entering wolfSSL_get_using_nonblock
wolfSSL Leaving wolfSSL_get_using_nonblock, return 0
Embed Receive From error
wolfSSL Entering wolfSSL_get_using_nonblock
wolfSSL Leaving wolfSSL_get_using_nonblock, return 0
    Socket timeout

Jacob · 2015-07-29 13:13:38

Jacob
Moderator
Offline

Registered: 2014-08-21
Posts: 79

Re: ECC extensions not sent in DTLS

Hi sbernard,

To answer the question about Supported Elliptic Curves after enabling them as a configure option they then need to be added to the client ssl struct. In example,

code to init ssl struct ....
if (wolfSSL_UseSupportedCurve(ssl, WOLFSSL_ECC_SECP160R1) != SSL_SUCCESS)
printf("handle error\n);
...code to make connection and then clean up

If using the example wolfSSL client this function call can be added in at line 788 of the current one. As soon as one has been added then the client sends out the ECC curve extension. With wireshark there should then be Extension: elliptic_curves when looking at the client hello. Just as farther info when using, all available curve options are

WOLFSSL_ECC_SECP160R1 = 0x10,
WOLFSSL_ECC_SECP192R1 = 0x13,
WOLFSSL_ECC_SECP224R1 = 0x15,
WOLFSSL_ECC_SECP256R1 = 0x17,
WOLFSSL_ECC_SECP384R1 = 0x18,
WOLFSSL_ECC_SECP521R1 = 0x19

Unfortunately the ECC Point Format Extension has not yet been added. There is some internal code started for it but it has gotten pushed to the back burner.

Regards,
Jacob

sbernard · 2015-08-31 07:21:40

sbernard
Member
Offline

Registered: 2015-07-27
Posts: 7

Re: ECC extensions not sent in DTLS

Re,
Scandium now supports that a client does not send "Supported Elliptic Curves" and "Supported Point Formats" extension.
So I taked time to retest that with wolfssl.
I successfully passed the ClientHello message but I still encountered the same problem as I described previously.
I also tested what you proposed about modifying the client.c example.
But In all case, the client never answer after the "Server Hello Done" from the server... no error in output even when debug mod is activated.
Too bad :'( !
Simon

Jacob · 2015-09-02 14:56:09

Jacob
Moderator
Offline

Registered: 2014-08-21
Posts: 79

Re: ECC extensions not sent in DTLS

Hi Simon,

I tried connecting to the example Scandium server using Eclipse across a local host connection and saw Scandium send all of DTLS 1.2 flight 4 at once for a grand size of 1,985 bytes. Then the scenario you described earlier. The reason for this is our MTU size for DTLS is set to a conservative 1,500 but is not large enough to handle that size. This is a larger size than what is expected to be sent. A temporary fix for this is to adjust the size in wolfssl/internal.h about line 811 setting MAX_MTU to be 2500 rather than 1500. After doing that I was then able to get farther in the handshake.

Regards,
Jacob

Welcome to the wolfSSL Forums!

ECC extensions not sent in DTLS

Posts: 6

1 Topic by sbernard 2015-07-27 08:58:58 (edited by sbernard 2015-07-27 08:59:46)

Topic: ECC extensions not sent in DTLS

2 Reply by Kaleb J. Himes 2015-07-27 10:13:00 (edited by Kaleb J. Himes 2015-07-27 10:16:31)

Re: ECC extensions not sent in DTLS

3 Reply by sbernard 2015-07-28 06:53:45

Re: ECC extensions not sent in DTLS

4 Reply by Jacob 2015-07-29 13:13:38

Re: ECC extensions not sent in DTLS

5 Reply by sbernard 2015-08-31 07:21:40

Re: ECC extensions not sent in DTLS

6 Reply by Jacob 2015-09-02 14:56:09

Re: ECC extensions not sent in DTLS

Posts: 6