Nanostack Border Router is a generic mbed border router implementation that provides the 6LoWPAN ND or Thread border router initialization logic.
Revision 94:0c008659750c, committed 2019-03-14
- Comitter:
- mbed_official
- Date:
- Thu Mar 14 16:02:36 2019 +0000
- Parent:
- 93:6c98c32f59e1
- Child:
- 95:930ccc91b349
- Commit message:
- Added Wi-SUN certificates and updated mbed TLS configuration
Added Wi-SUN certificates. Added mbed TLS configuration for Wi-SUN.
Enabled MBEDTLS_AES_FEWER_TABLES on both Thread and Wi-SUN configuration.
.
Commit copied from https://github.com/ARMmbed/nanostack-border-router
Changed in this revision
--- a/README.md Mon Mar 11 14:02:41 2019 +0000 +++ b/README.md Thu Mar 14 16:02:36 2019 +0000 @@ -165,6 +165,10 @@ | `uc-dwell-interval` | Unicast dwell interval. Range: 15-255 milliseconds | | `bc-interval` | Broadcast interval. Duration between broadcast dwell intervals. Range: 0-16777216 milliseconds | | `bc-dwell-interval` | Broadcast dwell interval. Range: 15-255 milliseconds | +| `certificate-header` | Wi-SUN certificate header file | +| `root-certificate` | Root certificate | +| `own-certificate` | Own certificate | +| `own-certificate-key` | Own certificate's key | Regulatory domain, operating class and operating mode are defined in the Wi-SUN PHY-specification.
--- a/configs/Wisun_Stm_s2lp_RF.json Mon Mar 11 14:02:41 2019 +0000 +++ b/configs/Wisun_Stm_s2lp_RF.json Thu Mar 14 16:02:36 2019 +0000 @@ -43,8 +43,26 @@ "operating-mode": 255, "uc-fixed-channel": "0xffff", "bc-fixed-channel": "0xffff", - "network-name": "\"Wi-SUN Network\"" + "network-name": "\"Wi-SUN Network\"", + "certificate-header": { + "help": "Certificate header", + "value": "\"wisun_certificates.h\"" + }, + "root-certificate": { + "help": "Root certificate in PEM format (must be a null terminated c-string)", + "value": "WISUN_ROOT_CERTIFICATE" + }, + "own-certificate": { + "help": "Own certificate in PEM format (must be a null terminated c-string)", + "value": "WISUN_SERVER_CERTIFICATE" + }, + "own-certificate-key": { + "help": "Own certificate's key in PEM format (must be a null terminated c-string)", + "value": "WISUN_SERVER_KEY" + } + }, + "macros": ["MBEDTLS_USER_CONFIG_FILE=\"source/mbedtls_wisun_config.h\""], "target_overrides": { "*": { "target.network-default-interface-type": "ETHERNET",
--- a/source/borderrouter_ws.c Mon Mar 11 14:02:41 2019 +0000 +++ b/source/borderrouter_ws.c Thu Mar 14 16:02:36 2019 +0000 @@ -28,6 +28,9 @@ #include "sw_mac.h" #include "nwk_stats_api.h" #include "randLIB.h" +#ifdef MBED_CONF_APP_CERTIFICATE_HEADER +#include MBED_CONF_APP_CERTIFICATE_HEADER +#endif #include "ns_trace.h" #define TRACE_GROUP "brro" @@ -309,6 +312,17 @@ } } +#if defined(MBED_CONF_APP_CERTIFICATE_HEADER) + arm_certificate_chain_entry_s chain_info; + memset(&chain_info, 0, sizeof(arm_certificate_chain_entry_s)); + chain_info.cert_chain[0] = (const uint8_t *) MBED_CONF_APP_ROOT_CERTIFICATE; + chain_info.cert_len[0] = strlen((const char *) MBED_CONF_APP_ROOT_CERTIFICATE); + chain_info.cert_chain[1] = (const uint8_t *) MBED_CONF_APP_OWN_CERTIFICATE; + chain_info.cert_len[1] = strlen((const char *) MBED_CONF_APP_OWN_CERTIFICATE); + chain_info.key_chain[1] = (const uint8_t *) MBED_CONF_APP_OWN_CERTIFICATE_KEY; + chain_info.chain_length = 2; + arm_network_certificate_chain_set((const arm_certificate_chain_entry_s *) &chain_info); +#endif ret = arm_nwk_interface_up(ws_br_handler.ws_interface_id); if (ret != 0) { tr_error("mesh0 up Fail with code: %"PRIi32"", ret);
--- a/source/mbedtls_thread_config.h Mon Mar 11 14:02:41 2019 +0000 +++ b/source/mbedtls_thread_config.h Thu Mar 14 16:02:36 2019 +0000 @@ -47,6 +47,7 @@ /* Save RAM at the expense of ROM */ #define MBEDTLS_AES_ROM_TABLES +#define MBEDTLS_AES_FEWER_TABLES /* Save RAM by adjusting to our exact needs */ #define MBEDTLS_ECP_MAX_BITS 256
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/source/mbedtls_wisun_config.h Thu Mar 14 16:02:36 2019 +0000 @@ -0,0 +1,179 @@ +/* + * Copyright (c) 2016, 2019 ARM Limited. All rights reserved. + */ + +#ifndef MBEDTLS_WISUN_CONFIG_H_ +#define MBEDTLS_WISUN_CONFIG_H_ + +#define MBEDTLS_ENTROPY_MAX_SOURCES 4 // save 320 bytes of RAM (default is 20 entropy source) +#define MBEDTLS_SSL_MAX_CONTENT_LEN 4096 // Use 4kB buffers for input and output instead of 16kB + +//#define MBEDTLS_DEBUG_C + +/* mbed TLS feature support */ +#define MBEDTLS_ECP_NIST_OPTIM +#define MBEDTLS_ECP_DP_SECP256R1_ENABLED +#undef MBEDTLS_ECP_DP_SECP192R1_ENABLED +#undef MBEDTLS_ECP_DP_SECP224R1_ENABLED +#undef MBEDTLS_ECP_DP_SECP384R1_ENABLED +#undef MBEDTLS_ECP_DP_SECP521R1_ENABLED +#undef MBEDTLS_ECP_DP_SECP192K1_ENABLED +#undef MBEDTLS_ECP_DP_SECP224K1_ENABLED +#undef MBEDTLS_ECP_DP_SECP256K1_ENABLED +#undef MBEDTLS_ECP_DP_BP256R1_ENABLED +#undef MBEDTLS_ECP_DP_BP384R1_ENABLED +#undef MBEDTLS_ECP_DP_BP512R1_ENABLED +#undef MBEDTLS_ECP_DP_CURVE25519_ENABLED + +#ifdef MBEDTLS_SSL_TLS_C +#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +#define MBEDTLS_SSL_PROTO_TLS1_2 +#define MBEDTLS_SSL_EXPORT_KEYS +#define MBEDTLS_SSL_ALL_ALERT_MESSAGES +#endif + +/* mbed TLS modules */ +#define MBEDTLS_BIGNUM_C +#define MBEDTLS_CIPHER_C +#define MBEDTLS_AES_C +#define MBEDTLS_CCM_C +#define MBEDTLS_CTR_DRBG_C +#define MBEDTLS_ECP_C +#define MBEDTLS_MD_C +#define MBEDTLS_PK_C +#define MBEDTLS_SHA256_C +#ifdef MBEDTLS_SSL_TLS_C +#define MBEDTLS_SSL_COOKIE_C +#define MBEDTLS_SSL_CLI_C +#define MBEDTLS_SSL_SRV_C +#endif +#define MBEDTLS_NIST_KW_C +#define MBEDTLS_PEM_PARSE_C +#define MBEDTLS_BASE64_C +#define MBEDTLS_SHA1_C + +/* Save RAM at the expense of ROM */ +#define MBEDTLS_AES_ROM_TABLES +#define MBEDTLS_AES_FEWER_TABLES + +/* Save RAM by adjusting to our exact needs */ +#define MBEDTLS_ECP_MAX_BITS 256 +#undef MBEDTLS_MPI_MAX_SIZE +#define MBEDTLS_MPI_MAX_SIZE 128 // 256 bits is 32 bytes + +/* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */ +#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 + +/* Optimization. Remove all not needed stuff */ +#define MBEDTLS_X509_USE_C +#define MBEDTLS_X509_CRT_PARSE_C +#undef MBEDTLS_SSL_SERVER_NAME_INDICATION +#undef MBEDTLS_SELF_TEST +#undef MBEDTLS_SSL_ENCRYPT_THEN_MAC +#undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET +#define MBEDTLS_ASN1_PARSE_C +#define MBEDTLS_ASN1_WRITE_C +#define MBEDTLS_ECDH_C +#define MBEDTLS_ECDSA_C +#undef MBEDTLS_ERROR_C +#define MBEDTLS_GCM_C +#define MBEDTLS_OID_C +#define MBEDTLS_PK_PARSE_C +#define MBEDTLS_PK_WRITE_C +#undef MBEDTLS_RSA_C +#undef MBEDTLS_VERSION_C +#undef MBEDTLS_CERTS_C +#undef MBEDTLS_HMAC_DRBG_C +#define MBEDTLS_CIPHER_MODE_CBC +#undef MBEDTLS_CIPHER_PADDING_PKCS7 +#undef MBEDTLS_ECDSA_DETERMINISTIC +#undef MBEDTLS_SSL_SESSION_TICKETS +#undef MBEDTLS_VERSION_FEATURES +#undef MBEDTLS_X509_CHECK_KEY_USAGE +#undef MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE +#undef MBEDTLS_ERROR_STRERROR_DUMMY +#undef MBEDTLS_SSL_ALPN +#undef MBEDTLS_SSL_TICKET_C +#undef MBEDTLS_HAVE_SSE2 +#undef MBEDTLS_PLATFORM_MEMORY +#undef MBEDTLS_PLATFORM_NO_STD_FUNCTIONS +#undef MBEDTLS_DEPRECATED_WARNING +#undef MBEDTLS_DEPRECATED_REMOVED +#undef MBEDTLS_CAMELLIA_SMALL_MEMORY +#undef MBEDTLS_CIPHER_MODE_CFB +#undef MBEDTLS_CIPHER_MODE_CTR +#undef MBEDTLS_CIPHER_NULL_CIPHER +#undef MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS +#undef MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN +#undef MBEDTLS_CIPHER_PADDING_ZEROS +#undef MBEDTLS_ENABLE_WEAK_CIPHERSUITES +#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES +#undef MBEDTLS_ECP_DP_CURVE25519_ENABLED +#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +#undef MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED +#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +#undef MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED +#undef MBEDTLS_KEY_EXCHANGE_RSA_ENABLED +#undef MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED +#undef MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED +#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +#undef MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED +#undef MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED +#undef MBEDTLS_PK_PARSE_EC_EXTENDED +#undef MBEDTLS_GENPRIME +#undef MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES +#undef MBEDTLS_MEMORY_DEBUG +#undef MBEDTLS_MEMORY_BACKTRACE +#undef MBEDTLS_PK_RSA_ALT_SUPPORT +#undef MBEDTLS_PKCS1_V15 +#undef MBEDTLS_PKCS1_V21 +#undef MBEDTLS_RSA_NO_CRT +#undef MBEDTLS_SSL_AEAD_RANDOM_IV +#undef MBEDTLS_RSA_NO_CRT +#undef MBEDTLS_SSL_DEBUG_ALL +#undef MBEDTLS_SSL_FALLBACK_SCSV +#undef MBEDTLS_SSL_HW_RECORD_ACCEL +#undef MBEDTLS_SSL_CBC_RECORD_SPLITTING +#undef MBEDTLS_SSL_RENEGOTIATION +#undef MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO +#undef MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE +#undef MBEDTLS_SSL_PROTO_TLS1 +#undef MBEDTLS_SSL_PROTO_TLS1_1 +#undef MBEDTLS_SSL_DTLS_BADMAC_LIMIT +#undef MBEDTLS_SSL_TRUNCATED_HMAC +#undef MBEDTLS_THREADING_ALT +#undef MBEDTLS_THREADING_PTHREAD +#undef MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 +#undef MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION +#undef MBEDTLS_X509_RSASSA_PSS_SUPPORT +#undef MBEDTLS_ZLIB_SUPPORT +#undef MBEDTLS_AESNI_C +#undef MBEDTLS_ARC4_C +#undef MBEDTLS_BLOWFISH_C +#undef MBEDTLS_CAMELLIA_C +#undef MBEDTLS_DES_C +#undef MBEDTLS_DHM_C +#undef MBEDTLS_HAVEGE_C +#undef MBEDTLS_MD2_C +#undef MBEDTLS_MD4_C +#undef MBEDTLS_MD5_C +#undef MBEDTLS_MEMORY_BUFFER_ALLOC_C +#undef MBEDTLS_PADLOCK_C +#undef MBEDTLS_PEM_WRITE_C +#undef MBEDTLS_PKCS5_C +#undef MBEDTLS_PKCS11_C +#undef MBEDTLS_PKCS12_C +#undef MBEDTLS_PLATFORM_C +#undef MBEDTLS_RIPEMD160_C +#undef MBEDTLS_SHA512_C +#undef MBEDTLS_SSL_CACHE_C +#undef MBEDTLS_THREADING_C +#define MBEDTLS_X509_CREATE_C +#define MBEDTLS_X509_CRT_WRITE_C +#undef MBEDTLS_XTEA_C + + +#include "mbedtls/check_config.h" + +#endif /* MBEDTLS_WISUN_CONFIG_H */ +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/source/wisun_certificates.h Thu Mar 14 16:02:36 2019 +0000 @@ -0,0 +1,75 @@ +/* + * Copyright (c) 2019, Arm Limited and affiliates. + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef WISUN_TEST_CERTIFICATES_H_ +#define WISUN_TEST_CERTIFICATES_H_ + +const uint8_t WISUN_ROOT_CERTIFICATE[] = { + "-----BEGIN CERTIFICATE-----\r\n" + "MIIBITCByaADAgECAgkAlbRr8sff1TAwCgYIKoZIzj0EAwIwDTELMAkGA1UEAwwC\r\n" + "Q0EwIBcNMTkwMTEwMTIzOTQwWhgPMjA1NDAxMDExMjM5NDBaMA0xCzAJBgNVBAMM\r\n" + "AkNBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEtxIrEZAp/o5tRajuwX89N/R7\r\n" + "aWnqBb0qqfWMz8eV4qIGDZ6nTVU8WnDbGfQmMiVJ7jBDO0t0u8hdJqD+BZSRTKMQ\r\n" + "MA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNHADBEAiAq2dDK4qq3tmJ3oG+T\r\n" + "+Sn3tTkJzh98EmbD+qM3H1A8bAIgbaeMCHBMVu+gsUvsr3GE0oPFivabSbG1ACPY\r\n" + "091AY8s=\r\n" + "-----END CERTIFICATE-----" +}; + +const uint8_t WISUN_SERVER_CERTIFICATE[] = { + "-----BEGIN CERTIFICATE-----\r\n" + "MIIBbjCCARUCCQDauDDaJgvpkTAKBggqhkjOPQQDAjANMQswCQYDVQQDDAJDQTAe\r\n" + "Fw0xOTAxMTAxMjU1MThaFw0yMTEwMzAxMjU1MThaMHIxCzAJBgNVBAYTAkZJMQ0w\r\n" + "CwYDVQQIDARPVUxVMQ0wCwYDVQQHDARPVUxVMQ0wCwYDVQQKDARURVNUMQ0wCwYD\r\n" + "VQQLDARURVNUMQ0wCwYDVQQDDARURVNUMRgwFgYJKoZIhvcNAQkBFgl0ZXN0QHRl\r\n" + "c3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATql/+fLHybIT1ffwtvWCRQo17+\r\n" + "NxYNHsqcLC7EwTaEFZ16Jq5ZfJONfdgi9JAhaJqPR5C39mHWRPrrb7Yz+WaxMAoG\r\n" + "CCqGSM49BAMCA0cAMEQCIBEVE5m35FH4/x12+4CGED5DTjq+MlG4tA9qzbRV1fLR\r\n" + "AiAVyDNhfHjqtSUHhq6n4eVFrkEZIKL15ghq/XrsquYpQA==\r\n" + "-----END CERTIFICATE-----" +}; + +const uint8_t WISUN_SERVER_KEY[] = { + "-----BEGIN EC PRIVATE KEY-----\r\n" + "MHcCAQEEILFyZOLupuFXvz8geCxYzno3yJsmvs5MOH5IAM2+BUNToAoGCCqGSM49\r\n" + "AwEHoUQDQgAE6pf/nyx8myE9X38Lb1gkUKNe/jcWDR7KnCwuxME2hBWdeiauWXyT\r\n" + "jX3YIvSQIWiaj0eQt/Zh1kT662+2M/lmsQ==\r\n" + "-----END EC PRIVATE KEY-----" +}; + +const uint8_t WISUN_CLIENT_CERTIFICATE[] = { + "-----BEGIN CERTIFICATE-----\r\n" + "MIIBbzCCARUCCQDauDDaJgvpkDAKBggqhkjOPQQDAjANMQswCQYDVQQDDAJDQTAe\r\n" + "Fw0xOTAxMTAxMjU0NThaFw0yMTEwMzAxMjU0NThaMHIxCzAJBgNVBAYTAkZJMQ0w\r\n" + "CwYDVQQIDARPVUxVMQ0wCwYDVQQHDARPVUxVMQ0wCwYDVQQKDARURVNUMQ0wCwYD\r\n" + "VQQLDARURVNUMQ0wCwYDVQQDDARURVNUMRgwFgYJKoZIhvcNAQkBFgl0ZXN0QHRl\r\n" + "c3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASiDwGGvooYkL98jjqiuIjNiY42\r\n" + "0Yp8EnZcT5QBfm2AHBN8Cv6ZLqatnOYW2qcBobTGNWYhjEiQSXFZWCbtTOrtMAoG\r\n" + "CCqGSM49BAMCA0gAMEUCIQCIa6wOCi56WXsMTYszQtS1HdRGWZbW9eJmtNAkrtu+\r\n" + "4QIgNXPvNTU/0QTEkssBp1olJI93sohauvLpcXjk89e9AOA=\r\n" + "-----END CERTIFICATE-----" +}; + +const uint8_t WISUN_CLIENT_KEY[] = { + "-----BEGIN EC PRIVATE KEY-----\r\n" + "MHcCAQEEIHKcVfg7aFwGqGnSph+XWaXoEcqrmR87s938l3B1NHLeoAoGCCqGSM49\r\n" + "AwEHoUQDQgAEog8Bhr6KGJC/fI46oriIzYmONtGKfBJ2XE+UAX5tgBwTfAr+mS6m\r\n" + "rZzmFtqnAaG0xjVmIYxIkElxWVgm7Uzq7Q==\r\n" + "-----END EC PRIVATE KEY-----" +}; + +#endif /* WISUN_TEST_CERTIFICATES_H_ */