Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

net: lwm2m: DTLS x509 certificate based support #54376

Closed
RomainPelletant opened this issue Feb 2, 2023 · 6 comments
Closed

net: lwm2m: DTLS x509 certificate based support #54376

RomainPelletant opened this issue Feb 2, 2023 · 6 comments
Labels
area: LWM2M Enhancement Changes/Updates/Additions to existing features

Comments

@RomainPelletant
Copy link
Contributor

Is your enhancement proposal related to a problem? Please describe.
Zephyr currently supports NoSec and DTLS/PSK connection.

Describe the solution you'd like
Add support for security mode 2 (in LwM2M specifications) to support DTLS x509 certificate based.

I plan to implement it : do you see some limitations (max. certificate size for example, etc...?)
@RomainPelletant RomainPelletant added the Enhancement Changes/Updates/Additions to existing features label Feb 2, 2023
RomainPelletant pushed a commit to RomainPelletant/zephyr that referenced this issue Feb 3, 2023
net: lwm2m: add certificate support
75d7c10 
Add option for x509 certificate support according to Security object 1.1
3: client's certificate
4: server's certificate (CA)
5: client's pkey
Add optionnal CA check to be used easily with leshan default certificate
Issue zephyrproject-rtos#54376

Signed-off-by: romain pelletant <romainp@kickmaker.net>
@RomainPelletant RomainPelletant mentioned this issue Feb 3, 2023
Closed
RomainPelletant pushed a commit to RomainPelletant/zephyr that referenced this issue Feb 3, 2023
net: lwm2m: add certificate support
16cc062 
Add option for x509 certificate support according to Security object 1.1
3: client's certificate
4: server's certificate (CA)
5: client's pkey
Add optionnal CA check to be used easily with leshan default certificate
Issue zephyrproject-rtos#54376

Signed-off-by: romain pelletant <romainp@kickmaker.net>
RomainPelletant pushed a commit to RomainPelletant/zephyr that referenced this issue Feb 3, 2023
net: lwm2m: add certificate support
e6174ce 
Add option for x509 certificate support according to Security object 1.1
3: client's certificate
4: server's certificate (CA)
5: client's pkey
Add optionnal CA check to be used easily with leshan default certificate
Issue zephyrproject-rtos#54376

Signed-off-by: romain pelletant <romainp@kickmaker.net>
@boaks
Copy link

boaks commented Feb 9, 2023

Though zephyr uses mbedTLS, it's more enabling the configuration and provide the right credentials from the lwm2m security object (hope that the right lwm2m object name). There should be no other limits as for TLS. AFAIK in LWM2M support for ECDSA is mandatory (at least implicit by RFC 7252), so the certificate size should not be an too hard issue.

@RomainPelletant
Copy link
Contributor Author

@boaks Thanks for your message. You are right : it works with leshan with the block-wise transfer limitation (bootstrap to device when overwriting security data shall not exceed 1024 bytes).
I think that limitation could be a good opportunity to implement EST over CoAP (from my side) to have something fully operational.
I saw "Roadmap to EST" discussion on leshan GitHub, so will try it.

@walzsi
Copy link
Contributor

walzsi commented Apr 14, 2023

@RomainPelletant could you share the configs needed to get it work with the bootstrap?

@RomainPelletant
Copy link
Contributor Author

@walzsi the following PR works with direct x509 connection : #54420
Due to the blockwise limitation, the bootstrap security object send (for x509 certificate, client and server certificates) could fail if the message containing these 3 opaque data are greater than 1024 bytes.

@SeppoTakalo
Copy link
Collaborator

FYI: pending for review: #59019

@RomainPelletant
Copy link
Contributor Author

@SeppoTakalo solved this issue. Thank you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area: LWM2M Enhancement Changes/Updates/Additions to existing features
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@henrikbrixandersen @SeppoTakalo @boaks @RomainPelletant @walzsi