Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
I
iotivity-lite
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 41
    • Issues 41
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 12
    • Merge Requests 12
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • IoTivity
  • iotivity-lite
  • Issues
  • #25

Closed
Open
Opened Nov 19, 2019 by Rami Alshafi@ramiOwner

Lite client ignores PSK creds when it has an identity cert

Found in IUTSimulator on android, not teststed on ubuntu.
When a Lite client opens a secure connection to a server, while both in RFNOP, and the client has a PSK to the server's UUID and an identity certificate, then the Lite client does not include the PSK cipher suite in the Client Hello. Instead, it includes only ECDHE cipher suites:
 

4.540s 11:19:07 DEBUG: DTLS PSK Server: Received Client Hello, sequence=0, length=88
4.540s 11:19:07 DEBUG: DTLS PSK Server: Client offered cipher suites: C0AE, C0AC, C0AF, C0AD, 
, C023, 00FF
4.540s 11:19:07 DEBUG: DTLS PSK Server: Found no matching cipher suite
4.540s 11:19:07 DEBUG: DTLS PSK Server: Alert handshake_failure(40) was raised
4.540s 11:19:07 DEBUG: DTLS PSK Server: Handshake ended with failure

This makes it impossible to pass the whole test run for clients in the CTT. In all Resource Model test cases for clients the CTT onboards both the IUT and the simulator and ensures that both have a PSK credential for secure communication in RFNOP. If those test cases are executed alone, the problem does not appear. However, it the IUT has an idenity certificate installed, e.g. after running some of Security test cases or CT2.1.6, then the IUT won't be able to talk to the simulator because it ignores the fact it has the PSK credential for the simulator and offers only ECDHE cipher suites in Client Hello. The simulator rejects the handhake attampt since it does not own an identity certificate (it doesn't have to).


JIRA migration meta data

  • JIRA Issue ID: LITE-102
  • Reporter: krzysztof.j.wlodarczyk
  • Assignee: krzysztof.j.wlodarczyk
  • Creator: krzysztof.j.wlodarczyk
  • Created at: 2019-11-19T03:57:01.000-0800
  • Found in Version: master
  • Fix in Version: None
  • Issue Severity: Major
  • Reproducibility: Always (100%)
  • Operating System: Android
  • Hardware/ OEM Platform: None
  • External URL: None
  • Bugzilla ID: None
  • Product: None
  • Status: Done
  • Components: security
  • Priority: Undecided
  • Due Date: None
  • Issue Type: Bug
    END of JIRA migration meta data

Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: iotivity/iotivity-lite#25