QtCOAP PSK put request to IKEA Tradfri Bridge doesn't work. -> Strange SSL Errors

Frime

Hi!

I want to write a simple app which controls my IKEA Tradfri light bulbs - Just for fun. The protocol works perfectly as described here: https://freesoft.dev/program/121979476

The following command works as expected when I run it in Terminal:

coap-client -m post -u "Client_identity" -k "$GATEWAYCODE" -e '{"9090":"$USERNAME"}' "coaps://$GATEWAYIP:5684/15011/9063"

Now I try to solve this with QtCOAP. This is my code:

 m_coapClient = new QCoapClient(QtCoap::SecurityMode::PreSharedKey, this);
    
    QCoapSecurityConfiguration configuration;
    configuration.setPreSharedKeyIdentity("Client_identity");
    configuration.setPreSharedKey("xxxxxxxxxxxxxxxx");
    m_configuration = configuration;
    m_coapClient->setSecurityConfiguration(m_configuration);
    QCoapRequest request;
    QUrl url;
    url.setHost("192.168.10.94");
    url.setPort(5684);
    url.setPath("/15011/9063");
    request.setUrl(url);
    request.setPayload("{\"9090\":\"frime\"}");
    m_coapClient->post(request);

But I only get the following error message:

qt.coap.connection: Handshake error:  "Im Ablauf des SSL-Protokolls ist ein Fehler aufgetreten: error:14102410:SSL routines:dtls1_read_bytes:sslv3 alert handshake failure"

What am I doing wrong?

Thanks in advance!
Friedemann

SGaist

Hi,

What OS are you on ?
What version of Qt are you running ?
What version of OpenSSL do you have ?

Frime

Thanks for fast reply!

What OS are you on ?

Ubuntu 20.04 LTS running in a VirtualBox

What version of Qt are you running ?

5.14.2

What version of OpenSSL do you have ?

OpenSSL 1.1.1f 31 Mar 2020

Thanks in advance!

Best,
Friedemann

SGaist

Did you check the network activity with a tool like Wireshark ?

Frime

This post is deleted!

Frime

I don't really see where the problem is. Unofortunately it is not possible to upload the Wireshark file.

Screenshot 2020-05-17 at 11.43.28.png

Frime

Frime

I found this discussion via google. I think the DTLS version is the problem..

https://www.qt.io/blog/2019/06/06/introducing-qtcoap

Screenshot 2020-05-17 at 15.30.44.png

Frime

But Qt uses the latest version of OpenSSL...

QSslSocket::sslLibraryBuildVersionString()

also returns

OpenSSL 1.1.1f 31 Mar 2020

Maybe a Qt Bug?

SGaist

Did you check the bug report system ?

Frime

Yep. I have already created a bug report...
https://bugreports.qt.io/browse/QTBUG-84273?filter=-2

SGaist

Thanks !

Frime

Thanks to the help of Sona Kurazyan in the Qt Bug Tracker everything works now:

From your capture I can see that your client has not used the mandatory ciphers TLS_PSK_WITH_AES_128_CCM* required by CoAP. Some libraries (e.g. libcoap, which is what IKEA Tradfri LightBulb seems to be using) are working only with those ciphers. The problem is, that OpenSSL does not use CCM ciphers by default, and you need to "force" their usage by setting the cipher string to QCoapSecurityConfiguration in the following way:

configuration.setDefaultCipherString("AESCCM");

After adding this line the handshake has worked. But I got a "BadRequest" error now.
It turned out that there was a small Qt bug at another place after all:

Just found that the payload set to the request is being ignored when calling post() without data, so the request is sent with an empty payload. I'm assuming that's the difference.
I'll prepare a fix for this.

A workaround is to change this line

request.setPayload("{\"9090\":\"frime\"}");
m_coapClient->post(request);

to

m_coapClient->post(request, "{\"9090\":\"frime\"}");

SGaist

Thanks for the follow up !