It turns out that there was a secret version 0.5.0 in the repository. Lesson learned, don't rely on downloads pages to be uptodate.
Anyway. PSK is now fixed in that you get the ID of the peer, and can hence choose the right key for the peer in the key callback (useful eh?) :P
In addition they have added support for TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, which means you can use elliptic curve keypairs. I haven't checked which curves they use and whether or not they are the dodgy NSA ones or not.
I have to do some work on setting a suitably random seed for the PRNG, which is on my TODO list.
One thing I noticed when testing this library is that the handshake can be unreliable. The reason is that packets sometimes get lost by the mbed. I wrote a test program to flood the mbed with UDP packets, and indeed you can see it missing packets if you fire them fast enough. I was able to send about 200 packets per second before the mbed started losing UDP packets.
But of course, this loss depends on the load of the mbed. The reason the handshake is more sensitive is because the load is quite heavy due to the cryptographic work. There are a couple of issues here:
- The handshake protocol should be robust to packet loss. DTLS is designed to re-transmit lost packets, so regardless of whether the mbed is losing packets when it shouldn't, the handshake should not fail. Some work needs to be done to look at ensuring retransmissions are done during the handshake. An interim solution might be to retry the whole handshake at the application layer until it works. This isn't as crazy as it sounds as once you've shook hands you can maintain the session for a very long time. To be fair on tinydtls, I will state that even CyaSSL on mbed also seems to have a non-robust handshake procedure that is very sensitive to packet loss (although I've not tried the absolute latest version).
- I am a little worried that the mbed is not good at receiving network traffic when under load. Obviously there are limits here as to what can be done. Flooding the mbed with 200 packets a second is not a sensible use case, but receiving one or two packets whilst under heavy CPU load is. I've got some ideas how to explore this further.
I'm going to start using tinydtls in anger over the next couple of months, and I'll discover whether it can be used for a real application in this context. I hope so.
The mbed would benefit hugely from some kind of robust AAA framework for secure comms.
I notice that someone was working on a yaSSL port a while ago:
Have you used this? I'm interested in what people are doing for M2M security on the mbed, care to share your best practices?