search

eclipse-californium / californium

CoAP/DTLS Java Implementation
https://www.eclipse.org/californium/
Other
727 stars 364 forks source link

Custom Cipher suit support #2293

Open madhushreegc opened 4 days ago

madhushreegc commented 4 days ago

Californium version : 3.9.1

I am using the Californium library at the server side.

The device is running in very constrained environment with very less memory. Cipher TLS_PSK_WITH_AES_128_GCM_SHA256 cannot be used for generation of master secret so the device side they have their custom cipher and they are providing the DTLS stack along with that .

Question is , Does californium library allows us to set the custom cipher suit? I could not find a way, please help if setting is possible.

dtlsConfig.setAsList(DtlsConfig.DTLS_CIPHER_SUITES,CipherSuite.TLS_PSK_WITH_AES_128_CCM_8, CipherSuite.TLS_PSK_WITH_AES_128_CBC_SHA256, CipherSuite.TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256); Here, I am not allowed to set the custom cipher suit.

boaks commented 3 days ago

cannot be used for generation of master secret

The generation of the master secret is pretty much the same for all PSK_WITH_AES_128 suite and doesn't require much RAM nor CPU. I don't see, that the device is not going to implement such cipher suites in a compliant way, because of constraints. All other hundreds of users do so, they use a compliant dtls stack on their devices.

they have their custom cipher and they are providing the DTLS stack along with that

Sorry, that doesn't make sense. Before we continue, would it be possible for you to provide an ip-capture? You may basically just provide the capture file with the "Client_Hello" selected. If you get a "Server_Hello", please select that as well. The "Client_Hello" will contain the list of supported compliant cipher suites by the device. If it's completely custom, that will not work, but then I can't do anything for you.

Does californium library allows us to set the custom cipher suit?

No. It's not only to add the cipher suite ID, it's also to chose the right key exchange, encryption and MAC algorithm along with the intended parameters, e.g. key-size. It's only possible to add compliant cipher suites, which are then either supported by the sun JCE or Bouncy Castle JCE.

madhushreegc commented 1 day ago

Here, I am attaching the copy of client_hello request received. Custom

Let me know if you need anything else to check .

boaks commented 1 day ago

Yes, somehow it helps.

The cipher suite ID is 0xD08C, which is not assigned at IANA.

0xD0,0x06-FF    Unassigned

Also did a short web search for that cipher suite ID without result.

I checked also mbedtls, no sucess either.

So, either the device implements one of the supported cipher suites of Californium, or at least one of the listed in IANA (what then means, not working, but may be extended somehow in the future on common interest). Or you just use the server the device is build for.

Just to mention: The device indicates to support even asymmetric encryption, see "ecdsa_secp256r1_sha256" signature and hash algorithm.

So: The device manufacturer has for sure some reasons not to choose a common cipher suite, but either the algorithm list is wrong, or the device is far away from being too constraint for the supported cipher suites.

madhushreegc commented 1 hour ago

ok . I will check with them for tls stack .

one more thing even TLS_PSK_WITH_AES_128_CBC_SHA is not supported by californium right?

boaks commented 1 hour ago

CBC is not recommended, because some implementations are suspected to be vulnerable of lucky13 attacks.

Anyway, we support "TLS_PSK_WITH_AES_128_CBC_SHA256" but not "TLS_PSK_WITH_AES_128_CBC_SHA". But I would recommend to go for CCM or GCM.