dtls.c: enforce the default dtls user params to be configurable

[mariemC]

Contribution description Incorporating the tinydtls build package, this code addresses a failure encountered during the DTLS handshake between the client and the server. The issue arose from the client imposing default user parameters, which mandate setting extended master secret and renegotiation info to 1. However, not all servers support these extensions. To ensure greater flexibility, it's more appropriate to make these parameters user-configurable.

Testing procedure I utilized the 'examples/gcoap_dtls' from RIOT OS on a native environment for the client. However, for the server, I deployed it on my Ubuntu machine, which lacks support for these extensions

results when the extensions are set to 0:

2024-03-18 16:45:30,983 # RIOT native interrupts/signals initialized.
2024-03-18 16:45:30,984 # RIOT native board initialized.
2024-03-18 16:45:30,985 # RIOT native hardware initialization complete.
2024-03-18 16:45:30,985 # 
2024-03-18 16:45:30,986 # main(): This is RIOT! (Version: 2024.04-devel-390-ge5f033-Mariem/dtls_default_user_params_fix)
2024-03-18 16:45:30,987 # default credentials will be used
2024-03-18 16:45:30,987 # gcoap example app
2024-03-18 16:45:30,988 # All up, running the shell now
nib route add 7 :: fe80::58da:6eff:fe50:5b94re
2024-03-18 16:45:33,294 # nib route add 7 :: fe80::58da:6eff:fe50:5b94
coap get "[fe80::58da:6eff:fe50:5b94%7]" /.well-known/core
2024-03-18 16:45:34,715 # coap get "[fe80::58da:6eff:fe50:5b94%7]" /.well-known/core
2024-03-18 16:45:34,716 # gcoap_cli: sending msg ID 42940, 23 bytes
> 2024-03-18 16:45:34,774 # gcoap: response Success, code 2.05, 455 bytes
2024-03-18 16:45:34,776 # </fw>,</fw/1>;title="Retrieve a firmware update",</fw/1/d>,</fw/1/d/42>,</fw/1/m>,</fw/1/m/AAAAAA>,</fw/2>;title="Retrieve a firmware update, API version 2",</fw/2/d>,</fw/2/d/42>,</fw/2/m>,</fw/2/m/AAAAAA>,</t>,</t/1>;title="Retrieve system time in milliseconds since unix epoch",</din>,</din/1>;title="Data Record Input, version 1",</din/1/AAAAAA>,</cmd>,</cmd/1>;title="Retrieve commands for execution on the device",</cmd/1/AAAAAA>,</.well-known/core>

results when the extensions are set to 1:

2024-03-18 16:45:56,159 # main(): This is RIOT! (Version: 2024.04-devel-390-ge5f033-Mariem/dtls_default_user_params_fix)
2024-03-18 16:45:56,159 # default credentials will be used
2024-03-18 16:45:56,160 # gcoap example app
2024-03-18 16:45:56,160 # All up, running the shell now
nib route add 7 :: fe80::58da:6eff:fe50:5b94
2024-03-18 16:45:58,584 # nib route add 7 :: fe80::58da:6eff:fe50:5b94
coap get "[fe80::58da:6eff:fe50:5b94%7]" /.well-known/core
2024-03-18 16:46:00,738 # coap get "[fe80::58da:6eff:fe50:5b94%7]" /.well-known/core
2024-03-18 16:46:00,738 # gcoap_cli: sending msg ID 19650, 23 bytes
2024-03-18 16:46:00,745 # error in check_server_hello err: -552
2024-03-18 16:46:00,746 # error 0x0228 handling handshake packet of type: server_hello (2), state 8

[boaks]

1. please be very careful with servers which doesn't support the extended master secret or the renegotiation info.
2. there is a get_user_parameters callback to adapt the default configuration. Did you check, if that works for you?

[mariemC]

1. Sure! We just internally use a server that doesn't support yet these extensions.
2. I didn't test it yet! I will check it, thank you!

[mariemC]

It works via get_user_parameters Thank you

[boaks]

Maybe a question to improve the documentation:

What did you read, before you provided a fix?

The dtls_user_parameters_t in "crypto.h"? The default_user_parameters in "dtls.c"? Something else?

[mariemC]

I have read the default_user_parameters in dtls.c Also mainly debugging and checking the latest changes in Tinydtls upstream.

[boaks]

See PR #239

if you agree, that the callback works for you and so this PR isn*t required, I would like to close it.

[mariemC]

Yes, it does thank you