COAPS CONNECT command is failing between FTD binaries on KW41z

[Marimuthu V]

Hi,

we are running FTD cli binary in two KW41z board(One is leader and another one is child). The coap transfer is successful where as coaps(coap secure) transfer is failing. the coaps connect command is failed with error message 'coaps disconnected'.

below is the executed command sequence,

at FTD leader side,

panid 0x1234
channel 15
ifconfig up
thread start
coaps psk PSK pskid
coaps start false
coaps resource testm

 at FTD child, 

panid 0x1234
channel 15
ifconfig up
thread start
coaps psk PSK pskid
coaps start false
coaps connect <ip6 address of leader>

also observing the child state is changed into router state, once got the coaps disconnect results.

Please find the wireshark log for the coaps connect request and response. looking for your suggestions to understand the issue and would help us work towards the solution. also let me is there any limitation on KW41z hardware for coaps communication. Is that open thread is limiting the coaps communication? or do we need to enable the coaps communication in some where for KW41z hardware?

Regards,

Marimuthu V 

[Jonathan Hui]

Thank you for raising this issue! I submitted a fix in PR4024. Please take a look and see if it helps fix the issue.

--

Jonathan Hui

--
You received this message because you are subscribed to the Google Groups "openthread-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openthread-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/openthread-users/e2e08654-9b0e-4607-8e7e-4e86f5f09c8e%40googlegroups.com.

[Marimuthu V]

Hi Jonathan,

Thank you for the solution. I will merge the fix and keep update you the behavior.

Regards,

Marimuthu V

On Thursday, 25 July 2019 03:53:38 UTC+5:30, Jonathan Hui wrote:

Thank you for raising this issue! I submitted a fix in PR4024. Please take a look and see if it helps fix the issue.

--

Jonathan Hui

To unsubscribe from this group and stop receiving emails from it, send an email to openthre...@googlegroups.com.

[Marimuthu V]

Hi Jonathan,

The provided fix is resolving the issue. Thank you very much.

May I request your suggestions/answers for below our questions,

1. May I request you describe the actual issue and how the fix helping for resolving that? your answers will help us to analyze and understand the code.

2. In one of the previous mail thread, we were discussing about the issue that root cause might be due to not supporting of hardware ECC for crypt functions in KW41z hardware. that means is this fix accelerating the crypto functions in hardware? or is this fix also part of SW acceleration?

3. How to disable the SW acceleration for crypto functions in KW41z?

Thanks and Regards,

Marimuthu V

[Jonathan Hui]

Thanks for validating and reporting back!

To answer your questions:

1. The issue was that the SSL server was not setting the SSL client id when only CoAP secure is enabled (OPENTHREAD_ENABLE_APPLICATION_COAP_SECURE). This PR ensures a call to set the SSL client id whenever the SSL server functionality is enabled.
2. This fix has nothing to do with ECC. The OpenThread CoAP Secure implementation currently relies on the TLS_PSK_WITH_AES_128_CCM_8 ciphersuite, which does not use ECC.
3. I assume by "disable the SW acceleration", you mean to enable HW acceleration. As mentioned in my previous posts, the KW41Z does not provide ECC HW acceleration.

Hope that helps.

--

Jonathan Hui

To unsubscribe from this group and stop receiving emails from it, send an email to openthread-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/openthread-users/70f1b4b7-4062-417c-96d0-09801fa095aa%40googlegroups.com.

[Marimuthu V]

Hi Jonathan,

Thanks for your answers.

I have follow-up question as below. Could you please share your thoughts on that?

The KW41z platform doesn't supporting ECC hardware acceleration and it causing to 'no radio communication' during the handshake function, means will it be any impact for open thread application? Is there any limitation with open thread in KW41z with respect to not supporting of hardware ECC? or how open thread is overcoming the hardware limitation?

Regards,

Marimuthu V

On Monday, 29 July 2019 20:51:14 UTC+5:30, Jonathan Hui wrote:

Thanks for validating and reporting back!

To answer your questions:

1. The issue was that the SSL server was not setting the SSL client id when only CoAP secure is enabled (OPENTHREAD_ENABLE_APPLICATION_COAP_SECURE). This PR ensures a call to set the SSL client id whenever the SSL server functionality is enabled.
2. This fix has nothing to do with ECC. The OpenThread CoAP Secure implementation currently relies on the TLS_PSK_WITH_AES_128_CCM_8 ciphersuite, which does not use ECC.
3. I assume by "disable the SW acceleration", you mean to enable HW acceleration. As mentioned in my previous posts, the KW41Z does not provide ECC HW acceleration.

Hope that helps.

--

Jonathan Hui

To view this discussion on the web visit https://groups.google.com/d/msgid/openthread-users/70f1b4b7-4062-417c-96d0-09801fa095aa%40googlegroups.com.

[Jonathan Hui]

Because the KW41Z does not provide HW acceleration for ECC, there will be significant delays when performing ECC operations. OpenThread currently ECC-based ciphersuites with Thread Commissioning and certificate-based CoAP secure. In both cases, ECC is only performed during the DTLS handshake (i.e. session establishment). After the DTLS session has been established, then a symmetric ciphersuite (i.e. AES) is used. OpenThread can use SW-based ECC implementation (provided by mbedTLS), but as you noticed, performance (and ultimately user experience) will be poor on platforms that have limited compute capabilities.

--

Jonathan Hui

To unsubscribe from this group and stop receiving emails from it, send an email to openthread-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/openthread-users/5a3c346a-39f3-4d99-b87d-55097b74cc49%40googlegroups.com.

[Marimuthu V]

Hi Jonathan,

Thanks for your answers.

Regards,

Marimuthu V

On Tuesday, 30 July 2019 22:02:03 UTC+5:30, Jonathan Hui wrote:

Because the KW41Z does not provide HW acceleration for ECC, there will be significant delays when performing ECC operations. OpenThread currently ECC-based ciphersuites with Thread Commissioning and certificate-based CoAP secure. In both cases, ECC is only performed during the DTLS handshake (i.e. session establishment). After the DTLS session has been established, then a symmetric ciphersuite (i.e. AES) is used. OpenThread can use SW-based ECC implementation (provided by mbedTLS), but as you noticed, performance (and ultimately user experience) will be poor on platforms that have limited compute capabilities.

--

Jonathan Hui

To view this discussion on the web visit https://groups.google.com/d/msgid/openthread-users/5a3c346a-39f3-4d99-b87d-55097b74cc49%40googlegroups.com.