pkg/wakaama: add DTLS support

examples/lwm2m/Kconfig

@@ -0,0 +1,44 @@
+# Copyright (c) 2021 HAW Hamburg
+#
+# This file is subject to the terms and conditions of the GNU Lesser
+# General Public License v2.1. See the file LICENSE in the top level
+# directory for more details.
+#
+
+menu "Application configuration"
+
+config LWM2M_SERVER_URI
+    string "LwM2M Server URI to register/bootstrap with"
+    default "coap://[fd00:dead:beef::1]:5684"
+    help
+        The host part of the URI MUST be a valid IPv6 address.
+
+config LWM2M_SERVER_SHORT_ID
+    int "Server Short ID"
+    default 1
+    range 1 65534
+
+choice
+    bool "Credential type"
+
+menuconfig LWM2M_CRED_PSK
+    bool "PSK (Pre-shared keys)"
+    select DTLS_PSK
+
+if LWM2M_CRED_PSK
+    config LWM2M_PSK_ID
+        string "PSK Identity"
+        default "Client_Identity"
+
+    config LWM2M_PSK_KEY
+        string "PSK Key"
+        default "ThisIsRIOT!"
+endif # LWM2M_CRED_PSK
+
+config LWM2M_CRED_RPK
+    bool "RPK (Raw public keys)"
+    select DTLS_ECC
+
+endchoice
+
+endmenu # Application configuration

examples/lwm2m/Makefile

@@ -1,14 +1,12 @@
 # name of your application
-APPLICATION = wakaama
+APPLICATION = lwm2m
 
 # If no BOARD is found in the environment, use this default:
 BOARD ?= native
 
 # This has to be the absolute path to the RIOT base directory:
 RIOTBASE ?= $(CURDIR)/../..
 
-
-
 # Include packages that pull up and auto-init the link layer.
 # NOTE: 6LoWPAN will be included if IEEE802.15.4 devices are present
 USEMODULE += netdev_default
@@ -27,21 +25,34 @@ USEMODULE += ps
 # development process:
 DEVELHELP ?= 1
 
-# Specific the server URI  address (NOTE: Domain names not supported yet)
-SERVER_URI ?= '"coap://[fd00:dead:beef::1]"'
-
 # NOTE: Add the package for wakaama
 USEPKG += wakaama
 USEMODULE += wakaama_objects_light_control
-# Uncomment to enable Wakaama debug log
-#CFLAGS += -DCONFIG_LWM2M_WITH_LOGS=1
 
-# Uncomment to indicate that the server is a LwM2M bootstrap server
-# CFLAGS += -DCONFIG_LWM2M_BOOTSTRAP=1
+# add DTLS support
+USEMODULE += wakaama_client_dtls
+
+# Specify sock DTLS implementation
+USEPKG += tinydtls
+# tinydtls needs crypto secure PRNG
+USEMODULE += prng_sha1prng
+
+## Application-specific Configuration options
+LWM2M_SERVER_URI ?= '"coap://[fd00:dead:beef::1]:5684"'
+LWM2M_SERVER_SHORT_ID ?= 1
+
+CFLAGS += -DEVENT_THREAD_MEDIUM_STACKSIZE='(3*1024)'
 
 include $(RIOTBASE)/Makefile.include
 
-# Configure server via CFLAGS only if not done via Kconfig
+DTLS_MAX_BUF=1024
+
+# Configure via CFLAGS only if not done via Kconfig
 ifndef CONFIG_LWM2M_SERVER_URI
-  CFLAGS += -DCONFIG_LWM2M_SERVER_URI=$(SERVER_URI)
+  CFLAGS += -DCONFIG_LWM2M_SERVER_URI=$(LWM2M_SERVER_URI)
+  CFLAGS += -DCONFIG_LWM2M_SERVER_SHORT_ID=$(LWM2M_SERVER_SHORT_ID)
+  CFLAGS += -DCONFIG_DTLS_PEER_MAX=2
+  CFLAGS += -DCONFIG_MAX_BUF=1024
+  # Uncomment to enable Wakaama debug log
+  #CFLAGS += -DCONFIG_LWM2M_WITH_LOGS=1
 endif

examples/lwm2m/Makefile.ci

@@ -1,14 +1,20 @@
 BOARD_INSUFFICIENT_MEMORY := \
     airfy-beacon \
+    arduino-mkr1000 \
     b-l072z-lrwan1 \
     blackpill-stm32f103c8 \
     blackpill-stm32f103cb \
     bluepill-stm32f030c8 \
     bluepill-stm32f103c8 \
     bluepill-stm32f103cb \
     calliope-mini \
+    cc1350-launchpad \
     cc2650-launchpad \
     cc2650stk \
+    e104-bt5010a-tb \
+    e104-bt5011a-tb \
+    feather-m0-wifi \
+    gd32vf103c-start \
     hifive1 \
     hifive1b \
     i-nucleo-lrwan1 \
@@ -24,16 +30,23 @@ BOARD_INSUFFICIENT_MEMORY := \
     nucleo-f042k6 \
     nucleo-f070rb \
     nucleo-f072rb \
+    nucleo-f103rb \
     nucleo-f302r8 \
     nucleo-f303k8 \
     nucleo-f334r8 \
     nucleo-l011k4 \
     nucleo-l031k6 \
     nucleo-l053r8 \
+    nucleo-l073rz \
+    olimexino-stm32 \
     opencm904 \
+    openmote-b \
     samd10-xmini \
     saml10-xpro \
     saml11-xpro \
+    seeedstudio-gd32 \
+    sipeed-longan-nano \
+    sipeed-longan-nano-tft \
     slstk3400a \
     spark-core \
     stk3200 \

examples/lwm2m/README.md

@@ -41,12 +41,19 @@ Router, you might want to specify:
 java -jar ./leshan-server-demo.jar -lh fd00:dead:beef::1
 ```
 
+In the security section click 'Add Security Information', select the security mode
+'Pre-Shared Key', and enter the Client endpoint name and the security information
+(Identity and Key).
+
 #### Bootstrap server
 LwM2M provides a bootstrapping mechanism to provide the clients with information
 to register to one or more servers. To test this mechanism both the previous server and a bootstrap server should be running. Eclipse Leshan also provides a bootstrap server demo.
 
-By default the bootstrap server option is disabled, it can be enabled by defining
-`CONFIG_LWM2M_BOOTSTRAP` as 1 (see the Makefile in this application).
+By default the security instance created in the application assumes that a standard LwM2M Server is
+used. To indicate that the configuration corresponds to a LwM2M Bootstrap Server, set the
+corresponding argument (`is_bootstrap`) to true. Also, bootstrap support needs to be enabled in the
+wakaama package configurations. This can be done via `make menuconfig` or by setting the CFLAG
+`CONFIG_LWM2M_BOOTSTRAP`.
 
 To run the bootstrap server, make sure that the ports it uses are different
 from the ones of previous server (default are 5683 for CoAP, 5684 for CoAPs,
@@ -66,34 +73,34 @@ BS_COAPSPORT=5686
 BS_WEBPORT=8888
 
 # run the server
-java -jar ./leshan-bsserver-demo.jar --coapport ${BS_COAPPORT} \
-            --coapsport ${BS_COAPSPORT} --webport ${BS_WEBPORT}
+java -jar ./leshan-bsserver-demo.jar --coap-port ${BS_COAPPORT} \
+            --coaps-port ${BS_COAPSPORT} --web-port ${BS_WEBPORT}
 ```
 
 To set up the configuration of the node and the server:
 1. Click the `Add new client bootstrap configuration` button.
-2. Fill in the name of the device, it **should** match the one set in
-   `lwm2m.h` as `CONFIG_LWM2M_DEVICE_NAME`.
+2. Fill in the name of the device, it **should** match the one set as `CONFIG_LWM2M_DEVICE_NAME`,
+   in `objects/device.h`.
 3. Using the `LWM2M Server` tab enter the address where the LwM2M server is
-   listening. For now only `No security` mode can be used.
+   listening. Here you can select `No security` or `Pre-Shared Key` modes.
 
 ### Running the client
-The address set as `CONFIG_LWM2M_SERVER_URI` (in `lwm2m.h` or via `menuconfig`)
-should be reachable from the node, e.g. either running on native with a tap
-interface or as a mote connected to a
+The server address is set by the application, during the instantiation of the Security object.
+It can be set via `menuconfig` or the environmental variable `LWM2M_SERVER_URI`. It should be
+reachable from the node, e.g. either running on native with a tap interface or as a mote connected
+to a
 [border router](https://github.com/RIOT-OS/RIOT/tree/master/examples/gnrc_border_router).
 
-Also, if a bootstrap server is being used the macro `CONFIG_LWM2M_BOOTSTRAP` should be
-defined as 1.
-
-The server URI for the example is being defined using the variable `SERVER_URI`
-in the Makefile, and can be changed when compiling.
+Also, if a bootstrap server is being used, it should be configured in the application via
+`menuconfig` or setting the environmental variable `LWM2M_SERVER_BOOTSTRAP` to 1. This information
+is used in the Security object instance.
 
 #### Configure, compile and run
 
 The Wakaama package can be configured via Kconfig. Its options are placed
-under `Packages > Configure Wakaama LwM2M`. To access the configuration
-interface you can run:
+under `Packages > Configure Wakaama LwM2M`. There is also an application-specific configuration
+menu. There the Server URI and credentials can be set. To access the configuration interface you
+can run:
 ```
 make menuconfig
 ```

examples/lwm2m/app.config

@@ -0,0 +1,2 @@
+CONFIG_DTLS_PEER_MAX=2
+CONFIG_DTLS_HANDSHAKE_BUFSIZE_EXP=9

examples/lwm2m/credentials.h

@@ -0,0 +1,79 @@
+/*
+ * Copyright (C) 2021 HAW Hamburg
+ *
+ * This file is subject to the terms and conditions of the GNU Lesser
+ * General Public License v2.1. See the file LICENSE in the top level
+ * directory for more details.
+ */
+
+/**
+ * @ingroup     examples
+ * @{
+ *
+ * @file
+ * @brief       PSK and RPK credentials for the LwM2M example.
+ *
+ * @author      Leandro Lanzieri <[email protected]>
+ *
+ * @}
+ */
+
+#ifndef CREDENTIALS_H
+#define CREDENTIALS_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <stdint.h>
+
+/**
+ * @brief Default PSK key ID.
+ */
+#ifndef CONFIG_LWM2M_PSK_ID
+#define CONFIG_LWM2M_PSK_ID "Client_Identity"
+#endif
+
+/**
+ * @brief Default PSK secret.
+ */
+#ifndef CONFIG_LWM2M_PSK_KEY
+#define CONFIG_LWM2M_PSK_KEY "ThisIsRIOT!"
+#endif
+
+static const uint8_t psk_id[] = CONFIG_LWM2M_PSK_ID;
+static const uint8_t psk_key[] = CONFIG_LWM2M_PSK_KEY;
+
+/* openssl ec -in keys.der -inform DER -pubout -outform DER | xxd -i */
+static const uint8_t rpk_pub[] = {
+    0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a,
+    0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xa0, 0xc3, 0x8e, 0xcb, 0xa1,
+    0x02, 0xeb, 0x5d, 0x25, 0x96, 0x98, 0xbb, 0x60, 0x8e, 0x28, 0x19, 0x56, 0x06, 0x96, 0x70, 0x15,
+    0x9b, 0x54, 0xff, 0xd9, 0x60, 0x32, 0xc3, 0x3e, 0x89, 0x08, 0xae, 0x3a, 0x33, 0x2f, 0x54, 0x5f,
+    0x68, 0xa2, 0xac, 0xd1, 0xb9, 0xdf, 0x2b, 0x79, 0x65, 0x49, 0x3f, 0x1c, 0xae, 0x64, 0x7a, 0x32,
+    0x02, 0xe4, 0x32, 0x8d, 0x6b, 0x22, 0x67, 0x83, 0x0d, 0x7c, 0xb2
+};
+
+/* openssl ec -in keys.der -inform DER -no_public -outform DER | xxd -i */
+static const uint8_t rpk_priv[] = {
+    0x30, 0x31, 0x02, 0x01, 0x01, 0x04, 0x20, 0xf9, 0x00, 0xb7, 0x31, 0xc4, 0xa7, 0x09, 0xcd, 0x90,
+    0x69, 0xc8, 0xac, 0x60, 0xc4, 0x70, 0x58, 0x12, 0xe9, 0xb8, 0x2e, 0x29, 0x12, 0x3c, 0xd1, 0x74,
+    0x12, 0xbc, 0xf5, 0x81, 0xe5, 0xb5, 0x04, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
+    0x03, 0x01, 0x07
+};
+
+/* provided by server */
+static const uint8_t server_rpk_pub[] = {
+    0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a,
+    0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x8b, 0xd5, 0x0f, 0x73, 0xe2,
+    0x1d, 0x8f, 0xa3, 0x04, 0x2c, 0x83, 0xd2, 0x1e, 0x85, 0x57, 0x0e, 0xcd, 0xee, 0xf0, 0xc1, 0x14,
+    0x9b, 0xeb, 0x05, 0x4f, 0xc9, 0x26, 0x3f, 0xab, 0x6d, 0x43, 0x0b, 0xf8, 0xb9, 0xc9, 0x18, 0x74,
+    0x6f, 0xa1, 0x89, 0x71, 0x92, 0xb2, 0x8f, 0x2f, 0x2a, 0xf2, 0xa1, 0xde, 0xed, 0xf2, 0x81, 0x8d,
+    0xe4, 0xc2, 0x76, 0xc3, 0x15, 0xff, 0x70, 0xd4, 0xa5, 0x7d, 0x88,
+};
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* CREDENTIALS_H */