DTLS support for CoAP (IDFGH-126) #1379
Comments
|
The libcoap submodule is not using the dtls branch |
|
But then how can I use DTLS with CoAP for esp32? DTLS is part of the CoAP standard as stated in RFC 7252. |
|
ESP-IDF has network protocol level DTLS support via mbedTLS. However the version of upstream libcoap we ship does not include DTLS support. It appears that DTLS support has since been added to the main branch of libcoap and there was a pre-4.1.2 release that uses a library called "tinydtls". There appears to also be openssl DTLS support, but no mbedTLS support yet. I agree that it's desirable for us to support CoAP over DTLS, as soon as possible. |
|
Any progress? |
|
Bump. We will need this feature and would really appreciate some advice on how to get this going - or an estimate on when we can expect progress on this issue. |
|
@JcBernack / @projectgus - it seems like there's support for OpenSSL in the upstream project now. Is that sufficient, or does there need to be support for mbedtls? |
|
@daveismith no because esp-idf openssl shim does not support required functions |
|
I would also like to have this function soon. |
|
Bump - It would be really great to have DTLS support |
projectgus
changed the title
mrdeep1
added a commit
to mrdeep1/esp-idf
that referenced
this issue
Mar 26, 2019
As TinyDTLS is already a submodule to libcoap, adding in DTLS support is straightforward, but only supports PSK at this point in time. components/coap/CMakeLists.txt: components/coap/component.mk: Add in the new files that have to be built components/coap/Makefile.projbuild: Update the compiler options with -DESPIDF_VERSION components/coap/libcoap: Update the version to include the correct version of tinydtls submodule components/coap/port/dtls_prng.c: components/coap/port/include/coap/dtls_config.h: New port files for DTLS components/coap/port/include/coap_config_posix.h: Include building with TinyDTLS examples/protocols/coap_client/README.md: examples/protocols/coap_client/main/Kconfig.projbuild: examples/protocols/coap_client/main/coap_client_example_main.c: Update CoAP client to support DTLS examples/protocols/coap_server/README.md: examples/protocols/coap_server/main/Kconfig.projbuild: examples/protocols/coap_server/main/coap_server_example_main.c: Update CoAP server to support DTLS See Issue espressif#1379
mrdeep1
added a commit
to mrdeep1/esp-idf
that referenced
this issue
Mar 27, 2019
As TinyDTLS is already a submodule to libcoap, adding in DTLS support is straightforward, but only supports PSK at this point in time. components/coap/CMakeLists.txt: components/coap/component.mk: Add in the new files that have to be built components/coap/Makefile.projbuild: Update the compiler options with -DESPIDF_VERSION components/coap/libcoap: Update the version to include the correct version of tinydtls submodule components/coap/port/dtls_prng.c: components/coap/port/include/coap/dtls_config.h: New port files for DTLS components/coap/port/include/coap_config_posix.h: Include building with TinyDTLS examples/protocols/coap_client/README.md: examples/protocols/coap_client/main/Kconfig.projbuild: examples/protocols/coap_client/main/coap_client_example_main.c: Update CoAP client to support DTLS examples/protocols/coap_server/README.md: examples/protocols/coap_server/main/Kconfig.projbuild: examples/protocols/coap_server/main/coap_server_example_main.c: Update CoAP server to support DTLS See Issue espressif#1379
|
According to the Changelog, libcoap 4.2.0 supports DTLS. Has anybody successfully tried it? |
|
I've used it with TinyDTLS on the desktop. I'd prefer an mbed implementation as TinyDTLS doesn't support x509 certificates and says they don't want to (even though the patches aren't too significant to make it do so) |
|
@cgawron I have used TinyDTLS with |
|
@jitin17 - agreed that PSK or RPK may be sufficient for some things, but IoT standards are starting to require PKI. An example would be dotdot, which requires the use of PKI with operational certificates to play on the application layer. It's important to have this capability in devices like the ESP for developers. |
mrdeep1
added a commit
to mrdeep1/esp-idf
that referenced
this issue
Apr 16, 2019
As TinyDTLS is already a submodule to libcoap, adding in DTLS support is straightforward, but only supports PSK at this point in time. components/coap/CMakeLists.txt: components/coap/component.mk: Add in the new files that have to be built Replace libcoap/src/coap_notls.c with libcoap/src/coap_tinydtls.c components/coap/libcoap: Update the version to include the correct version of tinydtls submodule components/coap/port/include/coap/dtls_config.h: New port file for DTLS components/coap/port/include/coap_config_posix.h: components/coap/port/rijndael.c Include building with TinyDTLS examples/protocols/coap_client/README.md: examples/protocols/coap_client/main/Kconfig.projbuild: examples/protocols/coap_client/main/coap_client_example_main.c: Update CoAP client to support DTLS examples/protocols/coap_server/README.md: examples/protocols/coap_server/main/Kconfig.projbuild: examples/protocols/coap_server/main/coap_server_example_main.c: Update CoAP server to support DTLS Change "no data" to "Hello World!" to prevent confusion See Issue espressif#1379
mrdeep1
added a commit
to mrdeep1/esp-idf
that referenced
this issue
Apr 20, 2019
As TinyDTLS is already a submodule to libcoap, adding in DTLS support is straightforward, but only supports PSK at this point in time. components/coap/CMakeLists.txt: components/coap/component.mk: Add in the new files that have to be built Replace libcoap/src/coap_notls.c with libcoap/src/coap_tinydtls.c components/coap/libcoap: Update the version to include the correct version of tinydtls submodule components/coap/port/include/coap/dtls_config.h: New port files for DTLS components/coap/port/include/coap_config_posix.h: components/coap/port/rijndael.c components/coap/port/sha2.c Include building with TinyDTLS examples/protocols/coap_client/README.md: examples/protocols/coap_client/main/Kconfig.projbuild: examples/protocols/coap_client/main/coap_client_example_main.c: Update CoAP client to support DTLS examples/protocols/coap_server/README.md: examples/protocols/coap_server/main/Kconfig.projbuild: examples/protocols/coap_server/main/coap_server_example_main.c: Update CoAP server to support DTLS Change "no data" to "Hello World!" to prevent confusion See Issue espressif#1379
mrdeep1
added a commit
to mrdeep1/esp-idf
that referenced
this issue
Apr 22, 2019
As TinyDTLS is already a submodule to libcoap, adding in DTLS support is straightforward, but only supports PSK at this point in time. components/coap/CMakeLists.txt: components/coap/component.mk: Add in the new files that have to be built Replace libcoap/src/coap_notls.c with libcoap/src/coap_tinydtls.c components/coap/libcoap: Update the version to include the correct version of tinydtls submodule components/coap/port/include/coap/dtls_config.h: components/coap/port/include/coap/hmac.h components/coap/port/rijndael.c New port files for DTLS components/coap/port/include/coap_config_posix.h: Include building with TinyDTLS examples/protocols/coap_client/README.md: examples/protocols/coap_client/main/Kconfig.projbuild: examples/protocols/coap_client/main/coap_client_example_main.c: Update CoAP client to support DTLS examples/protocols/coap_server/README.md: examples/protocols/coap_server/main/Kconfig.projbuild: examples/protocols/coap_server/main/coap_server_example_main.c: Update CoAP server to support DTLS Change "no data" to "Hello World!" to prevent confusion See Issue espressif#1379
mrdeep1
added a commit
to mrdeep1/esp-idf
that referenced
this issue
Jun 3, 2019
As TinyDTLS is already a submodule to libcoap, adding in DTLS support is straightforward, but only supports PSK at this point in time. components/coap/CMakeLists.txt: components/coap/component.mk: Add in the new files that have to be built Replace libcoap/src/coap_notls.c with libcoap/src/coap_tinydtls.c components/coap/libcoap: Update the version to include the correct version of tinydtls submodule components/coap/port/include/coap/dtls_config.h: components/coap/port/include/coap/hmac.h components/coap/port/rijndael.c New port files for DTLS components/coap/port/include/coap_config_posix.h: Include building with TinyDTLS examples/protocols/coap_client/README.md: examples/protocols/coap_client/main/Kconfig.projbuild: examples/protocols/coap_client/main/coap_client_example_main.c: Update CoAP client to support DTLS examples/protocols/coap_server/README.md: examples/protocols/coap_server/main/Kconfig.projbuild: examples/protocols/coap_server/main/coap_server_example_main.c: Update CoAP server to support DTLS Change "no data" to "Hello World!" to prevent confusion See Issue espressif#1379
|
@JcBernack @lancegerday @cgawron @daveismith We have worked on adding DTLS support in libcoap with the help of mbedtls, which will help us support both PSK and PKI based authentication. Please take a look at this PR: obgm/libcoap#353 |
mrdeep1
added a commit
to mrdeep1/esp-idf
that referenced
this issue
Jul 9, 2019
This update supports DTLS, TLS is a future TODO components/coap/CMakeLists.txt: components/coap/component.mk: Add in the new files that have to be built Replace libcoap/src/coap_notls.c with libcoap/src/coap_mbedtls.c components/coap/libcoap: Update the version to include the current version for supporting MbedTLS components/coap/port/coap_debug.c: components/coap/port/coap_mbedtls.c: components/coap/port/include/coap/coap_dtls.h: New port files for DTLS components/coap/port/include/coap_config_posix.h: Include building with MbedTLS examples/protocols/coap_client/README.md: examples/protocols/coap_client/main/CMakeLists.txt: examples/protocols/coap_client/main/Kconfig.projbuild: examples/protocols/coap_client/main/coap_client_example_main.c: examples/protocols/coap_client/main/component.mk: Update CoAP client to support DTLS examples/protocols/coap_client/main/coap_ca.pem examples/protocols/coap_client/main/coap_client.crt examples/protocols/coap_client/main/coap_client.key New PKI Certs for CoAP client (copied from wpa2_enterprise example) examples/protocols/coap_server/README.md: examples/protocols/coap_server/main/CMakeLists.txt: examples/protocols/coap_server/main/Kconfig.projbuild: examples/protocols/coap_server/main/coap_server_example_main.c: examples/protocols/coap_server/main/component.mk: Update CoAP server to support DTLS Change "no data" to "Hello World!" to prevent confusion examples/protocols/coap_server/main/coap_ca.pem examples/protocols/coap_server/main/coap_server.crt examples/protocols/coap_server/main/coap_server.key New PKI Certs for CoAP server (copied from wpa2_enterprise example) See Issue espressif#1379
mrdeep1
added a commit
to mrdeep1/esp-idf
that referenced
this issue
Jul 20, 2019
This update supports DTLS, TLS is a future TODO components/coap/CMakeLists.txt: components/coap/component.mk: Add in the new files that have to be built Replace libcoap/src/coap_notls.c with libcoap/src/coap_mbedtls.c components/coap/libcoap: Update the version to include the current version for supporting MbedTLS components/coap/port/coap_debug.c: components/coap/port/coap_mbedtls.c: components/coap/port/include/coap/coap_dtls.h: New port files for DTLS components/coap/port/include/coap_config_posix.h: Include building with MbedTLS examples/protocols/coap_client/README.md: examples/protocols/coap_client/main/CMakeLists.txt: examples/protocols/coap_client/main/Kconfig.projbuild: examples/protocols/coap_client/main/coap_client_example_main.c: examples/protocols/coap_client/main/component.mk: Update CoAP client to support DTLS examples/protocols/coap_client/main/coap_ca.pem examples/protocols/coap_client/main/coap_client.crt examples/protocols/coap_client/main/coap_client.key New PKI Certs for CoAP client (copied from wpa2_enterprise example) examples/protocols/coap_server/README.md: examples/protocols/coap_server/main/CMakeLists.txt: examples/protocols/coap_server/main/Kconfig.projbuild: examples/protocols/coap_server/main/coap_server_example_main.c: examples/protocols/coap_server/main/component.mk: Update CoAP server to support DTLS Change "no data" to "Hello World!" to prevent confusion examples/protocols/coap_server/main/coap_ca.pem examples/protocols/coap_server/main/coap_server.crt examples/protocols/coap_server/main/coap_server.key New PKI Certs for CoAP server (copied from wpa2_enterprise example) See Issue espressif#1379
0xFEEDC0DE64
pushed a commit
to 0xFEEDC0DE64/esp-idf
that referenced
this issue
May 5, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
After using make menuconfig and component config->mbedTLS->support DTLS protocol (all versions).
I see no way to use DTLS with CoAP using the example client-server code no additional .h files to be included appear.
My final goal is to implement simple a client/server using CoAP with DTLS in PreSharedKey mode which means using cipher-suite AEAD_AES_128_CCM_8 which should be able to use the built-in AES hardware acceleration.
The text was updated successfully, but these errors were encountered: