-
Notifications
You must be signed in to change notification settings - Fork 423
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Align PSK limits of example client and tinydtls binding. #709
Comments
This can be easily be done. However, this raises other questions and highlights potential issues. There needs to be consistency for keys and hints as well. I think keys consistency for TinyDTLS could be a challenge as it is limited to 16. The underlying (D)TLS library requests the identity, key and hint as appropriate, but indicate a maximum size. If the maximum size is not sufficient, the code currently silently returns 0 as the length of the returned entity. What should happen to an entity if the (D)TLS library storage space is not sufficient? |
Indeed.
If I remember that well, this is more a common misinterpretation, which made it into tinydtls. It was an assumption that using aes128 causes the the PSK secret to be limited to 16 bytes as well. See tinydtls, crypto.h
The AES keys are the output of PRF and there length is not related to the length of the secret. RFC4279 defines
as input of PRF for the premaster-secret, which indicates much larger possible secrets. FMPOV, a definition in tinydtls guarded by |
libcoap: v4.3.0-rc4 (tinydtls binding):
MAX_USER
in coap-client.c limits the identity to 128 bytesDTLS_PSK_MAX_CLIENT_IDENTITY_LEN
is set to 32 bytes in crypto.h.I would prefer consistent lengths, e.g. by overwriting the default
DTLS_PSK_MAX_CLIENT_IDENTITY_LEN
using a definition in the makefile.The text was updated successfully, but these errors were encountered: