Support TLS_PSK_WITH_AES_128_CCM_8 for IoT usecases

[daenney]

Summary

I'd like to request inclusion of at least one RFC 6655 cipher suite, TLS_PSK_WITH_AES_128_CCM_8. This suite is often used for IoT products, most notably IKEA Tradfri uses it for CoAP over DTLS.

Motivation

I'd like to use a Go native DTLS library in a number of my IoT projects. Some of these projects involve talking to (or exposing as) gateways that leverage this particular cipher suite as it's fairly common in IoT products. Currently bocajim/dtls exists which implements just that cipher.

Describe alternatives you've considered

I can always use this and the other DTLS library when I happen to need more than just TLS_PSK_WITH_AES_128_CCM_8. But I would much prefer to have one maintained library with all capabilities instead of being split between multiple packages from different maintainers.

Checklist

• Add CCM support Add AES-CCM support #46
• Add PSK support
• Add TLS_PSK_WITH_AES_128_CCM_8

[daenney]

@bocajim Would it be feasible to contribute TLS_PSK_WITH_AES_128_CCM_8 to this library instead?

[Sean-Der]

Hey @daenney

That would be fantastic! I am open to any/all improvements to the library. We are missing features just because they were not needed for pions/webrtc. I don't think I will have a lot of time, but would love to help this land.

This change won't be trivial, but we should totally do it! We don't support PSK, so we will need to handle that. The actual encrypt/decrypt is easy to update we already support CBC and GCM so adding CCM shouldn't be bad!

Hopefully we don't have the break the API for existing users, but if it is needed I understand.

If you want to join our Slack I can help and will try to explain a little bit here also.

---

The communication is split up into 'flights', I designed it this way so we can handle retransmissions/out of order packets.

each side accepts incoming messages, and when we get everything we want we start processing code

each side just keeps re-sending until it gets to the next flight code

[Sean-Der]

I started digging into this, the good news is OpenSSL does support PSK-AES128-CCM8

It is just a lot easier since my debug loop is much faster with OpenSSL (I just know the code base best)

thanks!

./openssl s_client -dtls1_2 -connect 127.0.0.1:5000 -psk abc123 -cipher PSK-AES128-CCM8
./openssl s_server -dtls1_2 -accept 5000 -nocert -psk abc123 -cipher PSK-AES128-CCM8

[daenney]

Funky. I couldn't get it to show up in openssl ciphers on my side:

~ $ openssl ciphers | tr ':' "\n" | sort | grep -i psk
DHE-PSK-AES128-CBC-SHA
DHE-PSK-AES128-CBC-SHA256
DHE-PSK-AES128-GCM-SHA256
DHE-PSK-AES256-CBC-SHA
DHE-PSK-AES256-CBC-SHA384
DHE-PSK-AES256-GCM-SHA384
DHE-PSK-CHACHA20-POLY1305
ECDHE-PSK-AES128-CBC-SHA
ECDHE-PSK-AES128-CBC-SHA256
ECDHE-PSK-AES256-CBC-SHA
ECDHE-PSK-AES256-CBC-SHA384
ECDHE-PSK-CHACHA20-POLY1305
PSK-AES128-CBC-SHA
PSK-AES128-CBC-SHA256
PSK-AES128-GCM-SHA256
PSK-AES256-CBC-SHA
PSK-AES256-CBC-SHA384
PSK-AES256-GCM-SHA384
PSK-CHACHA20-POLY1305
RSA-PSK-AES128-CBC-SHA
RSA-PSK-AES128-CBC-SHA256
RSA-PSK-AES128-GCM-SHA256
RSA-PSK-AES256-CBC-SHA
RSA-PSK-AES256-CBC-SHA384
RSA-PSK-AES256-GCM-SHA384
RSA-PSK-CHACHA20-POLY1305

Glad you found it though!

[Sean-Der]

@daenney what version of OpenSSL do you have, I was able to get this with OpenSSL 1.1.1b 26 Feb 2019

I also had to do openssl ciphers -V ALL@SECLEVEL=0; to see it

[daenney]

Same: OpenSSL 1.1.1b 26 Feb 2019. I had no idea about -V ALL@SECLEVEL=0 , now I see it too. Sneaky.

[Sean-Der]

Nice, I think that adds a whole new level of usefulness :)

Thank you so much for taking time for the reviews guys @daenney @igolaizola! If you guys have any opinions on things the library needs/where we should go next I am all ears :) I am back on Pion WebRTC for a while, but always ready to jump in