Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
net: lwm2m: Add support for X509 certificates
Add support for using X509 certificates. Default settings use ECDSA certificates with SHA256 hash. When different settings are required clients should overwrite struct lwm2m_ctx->load_credentials() and struct lwm2m_ctx->set_socketoptions() Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
- Loading branch information
1 parent
402d4eb
commit 12796b5
Showing
8 changed files
with
294 additions
and
56 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
CONFIG_LWM2M_DTLS_SUPPORT=y | ||
CONFIG_LWM2M_PEER_PORT=5684 | ||
|
||
# I need room to store certificates | ||
CONFIG_LWM2M_SECURITY_KEY_SIZE=2048 | ||
|
||
# Select Zephyr mbedtls | ||
CONFIG_MBEDTLS=y | ||
CONFIG_MBEDTLS_TLS_VERSION_1_2=y | ||
|
||
# Special MbedTLS changes | ||
CONFIG_MBEDTLS_ENABLE_HEAP=y | ||
CONFIG_MBEDTLS_HEAP_SIZE=32768 | ||
CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN=1500 | ||
CONFIG_MBEDTLS_CIPHER_CCM_ENABLED=y | ||
|
||
# Disable RSA, use only ECC certificates | ||
CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED=n | ||
# Enable PSK and ECDHE_ECDSA | ||
CONFIG_MBEDTLS_KEY_EXCHANGE_PSK_ENABLED=y | ||
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED=y | ||
# We only need prime256v1 curve | ||
CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED=y | ||
CONFIG_MBEDTLS_ECDH_C=y | ||
CONFIG_MBEDTLS_ECDSA_C=y | ||
CONFIG_MBEDTLS_ECP_C=y | ||
CONFIG_MBEDTLS_CIPHER_CCM_ENABLED=y | ||
CONFIG_MBEDTLS_CIPHER_GCM_ENABLED=y | ||
# Optional: we could use just binary DER certificates | ||
CONFIG_MBEDTLS_PEM_CERTIFICATE_FORMAT=y | ||
|
||
CONFIG_NET_SOCKETS_SOCKOPT_TLS=y | ||
CONFIG_NET_SOCKETS_TLS_MAX_CONTEXTS=4 | ||
CONFIG_NET_SOCKETS_ENABLE_DTLS=y | ||
|
||
# MbedTLS needs a larger stack | ||
CONFIG_MAIN_STACK_SIZE=2048 | ||
CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE=2048 | ||
|
||
CONFIG_SHELL_BACKEND_SERIAL_RX_RING_BUFFER_SIZE=4096 | ||
CONFIG_SHELL_CMD_BUFF_SIZE=4096 | ||
CONFIG_LWM2M_SECURITY_KEY_SIZE=1024 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.