CoAP: added make option to specify CoAP DTLS keystore to use by default.
The currently available options are: * none - No keystore registered. * simple - Keystore using fixed PSK credentials. * lwm2m - Keystore based on LWM2M security objects If an application wants to provide its own keystore, it selects 'none' and registers its own at startup.
This commit is contained in:
Niclas Finne
parent
725e426c61
commit
ebb329de5c
|
|
@ -360,6 +360,9 @@ viewconf:
|
|||
@echo "##### \"MAKE_MAC\": ______________________________ $(MAKE_MAC)"
|
||||
@echo "##### \"MAKE_NET\": ______________________________ $(MAKE_NET)"
|
||||
@echo "##### \"MAKE_ROUTING\": __________________________ $(MAKE_ROUTING)"
|
||||
ifdef MAKE_COAP_DTLS_KEYSTORE
|
||||
@echo "##### \"MAKE_COAP_DTLS_KEYSTORE\": _______________ $(MAKE_COAP_DTLS_KEYSTORE)"
|
||||
endif
|
||||
@echo "----------------- C variables: -----------------"
|
||||
$(Q)$(CC) $(CFLAGS) -E $(CONTIKI)/tools/viewconf.c | grep \#\#\#\#\#
|
||||
@echo "------------------------------------------------"
|
||||
|
|
|
|||
|
|
@ -40,8 +40,6 @@
|
|||
|
||||
#define COAP_ENDPOINT_CUSTOM 1
|
||||
|
||||
#define LWM2M_SECURITY_CONF_REGISTER_KEY_STORE 0
|
||||
|
||||
typedef struct {
|
||||
int addr; /* if we want to switch on something... */
|
||||
unsigned int size;
|
||||
|
|
|
|||
|
|
@ -13,4 +13,20 @@ ifeq ($(MAKE_WITH_DTLS),1)
|
|||
MODULES += os/net/app-layer/coap/tinydtls-support
|
||||
MODULES += $(TINYDTLS_PATH) ${addprefix $(TINYDTLS_PATH)/,aes sha2 ecc}
|
||||
|
||||
MAKE_COAP_DTLS_KEYSTORE_NONE := 0
|
||||
MAKE_COAP_DTLS_KEYSTORE_SIMPLE := 1
|
||||
MAKE_COAP_DTLS_KEYSTORE_LWM2M := 2
|
||||
|
||||
MAKE_COAP_DTLS_KEYSTORE ?= MAKE_COAP_DTLS_KEYSTORE_LWM2M
|
||||
|
||||
ifeq ($(MAKE_COAP_DTLS_KEYSTORE),MAKE_COAP_DTLS_KEYSTORE_SIMPLE)
|
||||
CFLAGS += -DCOAP_DTLS_KEYSTORE_CONF_WITH_SIMPLE=1
|
||||
else ifeq ($(MAKE_COAP_DTLS_KEYSTORE),MAKE_COAP_DTLS_KEYSTORE_LWM2M)
|
||||
CFLAGS += -DCOAP_DTLS_KEYSTORE_CONF_WITH_LWM2M=1
|
||||
else ifeq ($(MAKE_COAP_DTLS_KEYSTORE),MAKE_COAP_DTLS_KEYSTORE_NONE)
|
||||
# No C flag needed for no keystore
|
||||
else
|
||||
${error Unsupported CoAP DTLS keystore: $(MAKE_COAP_DTLS_KEYSTORE)}
|
||||
endif
|
||||
|
||||
endif
|
||||
|
|
|
|||
|
|
@ -40,16 +40,10 @@
|
|||
#include "coap-keystore.h"
|
||||
#include <string.h>
|
||||
|
||||
/* #ifndef PSK_DEFAULT_IDENTITY */
|
||||
/* #define PSK_DEFAULT_IDENTITY "Client_identity" */
|
||||
/* #endif /\* PSK_DEFAULT_IDENTITY *\/ */
|
||||
|
||||
/* #ifndef PSK_DEFAULT_KEY */
|
||||
/* #define PSK_DEFAULT_KEY "secretPSK" */
|
||||
/* #endif /\* PSK_DEFAULT_KEY *\/ */
|
||||
/*---------------------------------------------------------------------------*/
|
||||
#ifdef WITH_DTLS
|
||||
#if defined(PSK_DEFAULT_IDENTITY) && defined(PSK_DEFAULT_KEY)
|
||||
#ifdef COAP_DTLS_PSK_DEFAULT_IDENTITY
|
||||
#ifdef COAP_DTLS_PSK_DEFAULT_KEY
|
||||
/*---------------------------------------------------------------------------*/
|
||||
static int
|
||||
get_default_psk_info(const coap_endpoint_t *address_info,
|
||||
coap_keystore_psk_entry_t *info)
|
||||
|
|
@ -57,17 +51,18 @@ get_default_psk_info(const coap_endpoint_t *address_info,
|
|||
if(info != NULL) {
|
||||
if(info->identity == NULL || info->identity_len == 0) {
|
||||
/* Identity requested */
|
||||
info->identity = (uint8_t *)PSK_DEFAULT_IDENTITY;
|
||||
info->identity_len = strlen(PSK_DEFAULT_IDENTITY);
|
||||
info->identity = (uint8_t *)COAP_DTLS_PSK_DEFAULT_IDENTITY;
|
||||
info->identity_len = strlen(COAP_DTLS_PSK_DEFAULT_IDENTITY);
|
||||
return 1;
|
||||
}
|
||||
if(info->identity_len != strlen(PSK_DEFAULT_IDENTITY) ||
|
||||
memcmp(info->identity, PSK_DEFAULT_IDENTITY, info->identity_len) != 0) {
|
||||
if(info->identity_len != strlen(COAP_DTLS_PSK_DEFAULT_IDENTITY) ||
|
||||
memcmp(info->identity, COAP_DTLS_PSK_DEFAULT_IDENTITY,
|
||||
info->identity_len) != 0) {
|
||||
/* Identity not matching */
|
||||
return 0;
|
||||
}
|
||||
info->key = (uint8_t *)PSK_DEFAULT_KEY;
|
||||
info->key_len = strlen(PSK_DEFAULT_KEY);
|
||||
info->key = (uint8_t *)COAP_DTLS_PSK_DEFAULT_KEY;
|
||||
info->key_len = strlen(COAP_DTLS_PSK_DEFAULT_KEY);
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
|
|
@ -75,16 +70,22 @@ get_default_psk_info(const coap_endpoint_t *address_info,
|
|||
static const coap_keystore_t simple_key_store = {
|
||||
.coap_get_psk_info = get_default_psk_info
|
||||
};
|
||||
#endif /* defined(PSK_DEFAULT_IDENTITY) && defined(PSK_DEFAULT_KEY) */
|
||||
/*---------------------------------------------------------------------------*/
|
||||
#endif /* COAP_DTLS_PSK_DEFAULT_KEY */
|
||||
#endif /* COAP_DTLS_PSK_DEFAULT_IDENTITY */
|
||||
#endif /* WITH_DTLS */
|
||||
/*---------------------------------------------------------------------------*/
|
||||
void
|
||||
coap_store_simple_init(void)
|
||||
coap_keystore_simple_init(void)
|
||||
{
|
||||
#ifdef WITH_DTLS
|
||||
#if defined(PSK_DEFAULT_IDENTITY) && defined(PSK_DEFAULT_KEY)
|
||||
#ifdef COAP_DTLS_PSK_DEFAULT_IDENTITY
|
||||
#ifdef COAP_DTLS_PSK_DEFAULT_KEY
|
||||
|
||||
coap_set_keystore(&simple_key_store);
|
||||
#endif /* defined(PSK_DEFAULT_IDENTITY) && defined(PSK_DEFAULT_KEY) */
|
||||
|
||||
#endif /* COAP_DTLS_PSK_DEFAULT_KEY */
|
||||
#endif /* COAP_DTLS_PSK_DEFAULT_IDENTITY */
|
||||
#endif /* WITH_DTLS */
|
||||
}
|
||||
/*---------------------------------------------------------------------------*/
|
||||
|
|
|
|||
|
|
@ -39,6 +39,14 @@
|
|||
#ifndef COAP_KEYSTORE_SIMPLE_H_
|
||||
#define COAP_KEYSTORE_SIMPLE_H_
|
||||
|
||||
void coap_keystore_simple(void);
|
||||
/*
|
||||
* Registers a simple CoAP DTLS keystore with fixed PSK credentials.
|
||||
*
|
||||
* The credentials can be configured in project-conf.h
|
||||
*
|
||||
* #define COAP_DTLS_PSK_DEFAULT_IDENTITY "user"
|
||||
* #define COAP_DTLS_PSK_DEFAULT_KEY "password"
|
||||
*/
|
||||
void coap_keystore_simple_init(void);
|
||||
|
||||
#endif /* COAP_KEYSTORE_SIMPLE_H_ */
|
||||
|
|
|
|||
|
|
@ -46,6 +46,7 @@
|
|||
#include "coap-transactions.h"
|
||||
#include "coap-constants.h"
|
||||
#include "coap-keystore.h"
|
||||
#include "coap-keystore-simple.h"
|
||||
|
||||
|
||||
#if UIP_CONF_IPV6_RPL
|
||||
|
|
@ -117,9 +118,6 @@ coap_endpoint_copy(coap_endpoint_t *destination,
|
|||
uip_ipaddr_copy(&destination->ipaddr, &from->ipaddr);
|
||||
destination->port = from->port;
|
||||
destination->secure = from->secure;
|
||||
|
||||
PRINTF("EP copy: from sec:%d to sec:%d\n", from->secure,
|
||||
destination->secure);
|
||||
}
|
||||
/*---------------------------------------------------------------------------*/
|
||||
int
|
||||
|
|
@ -296,8 +294,12 @@ coap_transport_init(void)
|
|||
#ifdef WITH_DTLS
|
||||
dtls_init();
|
||||
dtls_set_log_level(8);
|
||||
#endif /* WITH_DTLS */
|
||||
|
||||
#if COAP_DTLS_KEYSTORE_CONF_WITH_SIMPLE
|
||||
coap_keystore_simple_init();
|
||||
#endif /* COAP_DTLS_KEYSTORE_CONF_WITH_SIMPLE */
|
||||
|
||||
#endif /* WITH_DTLS */
|
||||
}
|
||||
/*---------------------------------------------------------------------------*/
|
||||
#ifdef WITH_DTLS
|
||||
|
|
|
|||
|
|
@ -67,12 +67,6 @@
|
|||
#define PRINTEP(ep)
|
||||
#endif
|
||||
|
||||
#ifdef LWM2M_SECURITY_CONF_REGISTER_KEY_STORE
|
||||
#define LWM2M_SECURITY_REGISTER_KEY_STORE LWM2M_SECURITY_CONF_REGISTER_KEY_STORE
|
||||
#else /* LWM2M_SECURITY_CONF_REGISTER_KEY_STORE */
|
||||
#define LWM2M_SECURITY_REGISTER_KEY_STORE 1
|
||||
#endif /* LWM2M_SECURITY_CONF_REGISTER_KEY_STORE */
|
||||
|
||||
#define MAX_COUNT LWM2M_SERVER_MAX_COUNT
|
||||
|
||||
static lwm2m_status_t lwm2m_callback(lwm2m_object_instance_t *object,
|
||||
|
|
@ -357,7 +351,7 @@ static lwm2m_object_t reg_object = {
|
|||
};
|
||||
/*---------------------------------------------------------------------------*/
|
||||
#ifdef WITH_DTLS
|
||||
#if LWM2M_SECURITY_REGISTER_KEY_STORE
|
||||
#if COAP_DTLS_KEYSTORE_CONF_WITH_LWM2M
|
||||
static int
|
||||
get_psk_info(const coap_endpoint_t *address_info,
|
||||
coap_keystore_psk_entry_t *info)
|
||||
|
|
@ -431,15 +425,10 @@ get_psk_info(const coap_endpoint_t *address_info,
|
|||
info->key_len = e->secret_key_len;
|
||||
return 1;
|
||||
}
|
||||
#endif /* LWM2M_SECURITY_REGISTER_KEY_STORE */
|
||||
#endif /* WITH_DTLS */
|
||||
/*---------------------------------------------------------------------------*/
|
||||
#ifdef WITH_DTLS
|
||||
#if LWM2M_SECURITY_REGISTER_KEY_STORE
|
||||
static const coap_keystore_t key_store = {
|
||||
.coap_get_psk_info = get_psk_info
|
||||
};
|
||||
#endif /* LWM2M_SECURITY_REGISTER_KEY_STORE */
|
||||
#endif /* COAP_DTLS_KEYSTORE_CONF_WITH_LWM2M */
|
||||
#endif /* WITH_DTLS */
|
||||
/*---------------------------------------------------------------------------*/
|
||||
void
|
||||
|
|
@ -447,7 +436,7 @@ lwm2m_security_init(void)
|
|||
{
|
||||
int i;
|
||||
|
||||
PRINTF("*** Init lwm2m-security\n");
|
||||
PRINTF("lwm2m-sec: init\n");
|
||||
|
||||
list_init(instances_list);
|
||||
|
||||
|
|
@ -457,11 +446,15 @@ lwm2m_security_init(void)
|
|||
if(lwm2m_engine_add_generic_object(®_object)) {
|
||||
|
||||
#ifdef WITH_DTLS
|
||||
#if LWM2M_SECURITY_REGISTER_KEY_STORE
|
||||
#if COAP_DTLS_KEYSTORE_CONF_WITH_LWM2M
|
||||
/* Security object handler added - register keystore */
|
||||
coap_set_keystore(&key_store);
|
||||
#endif /* LWM2M_SECURITY_REGISTER_KEY_STORE */
|
||||
PRINTF("lwm2m-sec: registered keystore\n");
|
||||
#endif /* COAP_DTLS_KEYSTORE_CONF_WITH_LWM2M */
|
||||
#endif /* WITH_DTLS */
|
||||
|
||||
} else {
|
||||
PRINTF("lwm2m-sec: failed to register\n");
|
||||
}
|
||||
}
|
||||
/*---------------------------------------------------------------------------*/
|
||||
|
|
|
|||
Loading…
Reference in New Issue