Security object implementation for LwM2M client using Wakaama
This implements the LwM2M Security object as specified in the Appendix E1 of the LwM2M specification.
So far only NO_SEC, PSK (Pre-shared key) and RPK (Raw public key) modes are available.
For an XML description of the object see https://raw.githubusercontent.com/OpenMobileAlliance/lwm2m-registry/prod/version_history/0-1_0.xml.
Name | ID | Mandatory | Type | Range | Units | Implemented |
---|---|---|---|---|---|---|
Server URI | 0 | Yes | String | Yes | ||
Bootstrap Server | 1 | Yes | Boolean | Yes | ||
Security Mode | 2 | Yes | Integer | 0-3 | Yes | |
Public Key or ID | 3 | Yes | Opaque | Yes | ||
Server Public Key | 4 | Yes | Opaque | Yes | ||
Secret Key | 5 | Yes | Opaque | Yes | ||
SMS Security Mode | 6 | No | Integer | 0-255 | No | |
SMS Binding Key Param. | 7 | No | Opaque | 6 B | No | |
SMS Binding Secret Keys | 8 | No | Opaque | 32-48 B | No | |
Server SMS Number | 9 | No | String | No | ||
Short Server ID | 10 | No | Integer | 1-65535 | Yes | |
Client Hold Off Time | 11 | No | Integer | s | Yes | |
BS Account Timeout | 12 | No | Integer | s | Yes |
To use this security mode the following keys are required:
SubjectPublicKeyInfo
DER encoded, according to RFC5280)SubjectPublicKeyInfo
DER encoded) and private (as a ECPrivateKey
DER encoded sequence, according to RFC5915)keys. See below on how they can be generated.It is possible that you may need to increase CONFIG_DTLS_HANDSHAKE_BUFSIZE_EXP when using RPK mode.
The local key pair can be generated using OpenSSL.
Following the example above we have:
Topics | |
LwM2M Security object compile configurations | |
Files | |
file | security.h |
Data Structures | |
struct | lwm2m_obj_security_args |
Arguments for a new Security object instance creation (lwm2m_object_security_instance_create). More... | |
Typedefs | |
typedef struct lwm2m_obj_security_args | lwm2m_obj_security_args_t |
Arguments for a new Security object instance creation (lwm2m_object_security_instance_create). | |
Functions | |
lwm2m_object_t * | lwm2m_object_security_init (lwm2m_client_data_t *client_data) |
Initialize the Security object. | |
int | lwm2m_object_security_instance_create (const lwm2m_obj_security_args_t *args, int32_t instance_id) |
Create a new Security instance and add it to the object list. | |
credman_tag_t | lwm2m_object_security_get_credential (uint16_t instance_id) |
Get the credential of a given instance of the security object. | |
LwM2M Security object security modes | |
#define | LWM2M_SECURITY_MODE_PRE_SHARED_KEY 0 |
Pre-Shared keys mode. | |
#define | LWM2M_SECURITY_MODE_RAW_PUBLIC_KEY 1 |
Raw public keys mode. | |
#define | LWM2M_SECURITY_MODE_CERTIFICATE 2 |
Certificate mode. | |
#define | LWM2M_SECURITY_MODE_NONE 3 |
No security mode. | |
Resource IDs for the LWM2M Security Object | |
#define | LWM2M_SECURITY_URI_ID 0 |
Server URI. | |
#define | LWM2M_SECURITY_BOOTSTRAP_ID 1 |
Bootstrap server. | |
#define | LWM2M_SECURITY_SECURITY_ID 2 |
Security mode. | |
#define | LWM2M_SECURITY_PUBLIC_KEY_ID 3 |
Public key or ID. | |
#define | LWM2M_SECURITY_SERVER_PUBLIC_KEY_ID 4 |
Server public key. | |
#define | LWM2M_SECURITY_SECRET_KEY_ID 5 |
Secret key. | |
#define | LWM2M_SECURITY_SMS_SECURITY_ID 6 |
SMS security mode. | |
#define | LWM2M_SECURITY_SMS_KEY_PARAM_ID 7 |
SMS binding key parameters. | |
#define | LWM2M_SECURITY_SMS_SECRET_KEY_ID 8 |
SMS binding secret keys. | |
#define | LWM2M_SECURITY_SMS_SERVER_NUMBER_ID 9 |
Server SMS number. | |
#define | LWM2M_SECURITY_SHORT_SERVER_ID 10 |
Short server ID. | |
#define | LWM2M_SECURITY_HOLD_OFF_ID 11 |
Client hold-off time. | |
#define | LWM2M_SECURITY_BOOTSTRAP_TIMEOUT_ID 12 |
Bootstrap server account timeout. | |
#define LWM2M_SECURITY_BOOTSTRAP_ID 1 |
Bootstrap server.
Definition at line 214 of file security.h.
#define LWM2M_SECURITY_BOOTSTRAP_TIMEOUT_ID 12 |
Bootstrap server account timeout.
Definition at line 269 of file security.h.
#define LWM2M_SECURITY_HOLD_OFF_ID 11 |
Client hold-off time.
Definition at line 264 of file security.h.
#define LWM2M_SECURITY_MODE_CERTIFICATE 2 |
Certificate mode.
Definition at line 194 of file security.h.
#define LWM2M_SECURITY_MODE_NONE 3 |
No security mode.
Definition at line 199 of file security.h.
#define LWM2M_SECURITY_MODE_PRE_SHARED_KEY 0 |
Pre-Shared keys mode.
Definition at line 184 of file security.h.
#define LWM2M_SECURITY_MODE_RAW_PUBLIC_KEY 1 |
Raw public keys mode.
Definition at line 189 of file security.h.
#define LWM2M_SECURITY_PUBLIC_KEY_ID 3 |
Public key or ID.
Definition at line 224 of file security.h.
#define LWM2M_SECURITY_SECRET_KEY_ID 5 |
Secret key.
Definition at line 234 of file security.h.
#define LWM2M_SECURITY_SECURITY_ID 2 |
Security mode.
Definition at line 219 of file security.h.
#define LWM2M_SECURITY_SERVER_PUBLIC_KEY_ID 4 |
Server public key.
Definition at line 229 of file security.h.
#define LWM2M_SECURITY_SHORT_SERVER_ID 10 |
Short server ID.
Definition at line 259 of file security.h.
#define LWM2M_SECURITY_SMS_KEY_PARAM_ID 7 |
SMS binding key parameters.
Definition at line 244 of file security.h.
#define LWM2M_SECURITY_SMS_SECRET_KEY_ID 8 |
SMS binding secret keys.
Definition at line 249 of file security.h.
#define LWM2M_SECURITY_SMS_SECURITY_ID 6 |
SMS security mode.
Definition at line 239 of file security.h.
#define LWM2M_SECURITY_SMS_SERVER_NUMBER_ID 9 |
Server SMS number.
Definition at line 254 of file security.h.
#define LWM2M_SECURITY_URI_ID 0 |
Server URI.
Definition at line 209 of file security.h.
credman_tag_t lwm2m_object_security_get_credential | ( | uint16_t | instance_id | ) |
Get the credential of a given instance of the security object.
[in] | instance_id | ID of the instance. |
CREDMAN_TAG_EMPTY | when no credential is assigned. |
lwm2m_object_t * lwm2m_object_security_init | ( | lwm2m_client_data_t * | client_data | ) |
Initialize the Security object.
[in] | client_data | LwM2M client data. |
int lwm2m_object_security_instance_create | ( | const lwm2m_obj_security_args_t * | args, |
int32_t | instance_id ) |
Create a new Security instance and add it to the object
list.
[in] | args | Initialize structure with the parameter for the instance. May not be NULL. |
[in] | instance_id | ID for the new instance. It must be between 0 and (UINT16_MAX - 1), if -1 the next available ID will be used. |
instance_id
is given