Short version:
- Can you enable debug output in the mbedtls used for DTLS in OpenThread, available through the nRF SDK? If so, how?
- Can you at all change the list of supported ECC groups that will be communicated as part of a certificate based DTLS handshake performed with the included OpenThread libraries?
- Are there any recommendations for nrf52840 memory allocation to be used to support (ec) certificate based DTLS handshakes?
Longer version, including background & setup:
We have a project where we are programming a nrf52840 to use OpenThread and nRF SDK for Thread and Zigbee (4.1.0). It connects to and through a OT Border Router running on a raspberry pi, with a zolertia firefly as radio stick. On the border router we run a test server based on the example libcoap server.
Setting up the node to use PSK based DTLS handshake works like a charm, out of the box, with the unmodified nrf-config.h from the SDK. But with certificate based handshake, it fails, also after updating the relevant flags in nrf-config.h.
Using tcpdump/wireshark we can see that the node fails after receiving the combined ServerHello/Certificate/ServerKeyExchange/CertificateRequest/ServerHelloDone message. Despite having activated the MBEDTLS_SSL_ALL_ALERT_MESSAGES flag, only the generic “error in error” alert message is sent back to the server.
Some further findings: We can see that the node is advertising nine standard supported ec groups in its ClientHello message, despite that we have tried to undefine most of them in the nrf-config file. As a result, SECP521R1 gets selected by the server side. This group is not supported in our preferred micro-ecc crypto backend, but the same handshake error/behaviour occurs when using the mbedtls backend.
The above was done with the included OpenThread binaries. As a parallel track we have also recompiled the OpenThread libraries (following these instructions -- https://infocenter.nordicsemi.com/index.jsp?topic=%2Fsdk_tz_v3.1.0%2Fthread_ot_libraries_building.html ) --
Doing this we can set the MBEDTLS_SSL_PRESET_DEFAULT which does enforce a more limited set of groups being advertised in the ClientHello message. Also here we fail to activate the mbedtls debugging, despite setting the MBEDTLS_DEBUG_C, the linker doesn’t include the mbedtls debug.c. But we can insert some debugging into the OpenThread part of handshake processing, and it reports failing with MBEDTLS_ERR_ECP_ALLOC_FAILED. This leads to the question if there are special memory setup recommendations to accommodate certificate based handshakes.
