mbed-os-examples
Nanostack Border Router is a generic mbed border router implementation that provides the 6LoWPAN ND or Thread border router initialization logic.
Revision 94:0c008659750c, committed 2019-03-14
- Comitter:
- mbed_official
- Date:
- Thu Mar 14 16:02:36 2019 +0000
- Parent:
- 93:6c98c32f59e1
- Child:
- 95:930ccc91b349
- Commit message:
- Added Wi-SUN certificates and updated mbed TLS configuration
Added Wi-SUN certificates. Added mbed TLS configuration for Wi-SUN.
Enabled MBEDTLS_AES_FEWER_TABLES on both Thread and Wi-SUN configuration.
.
Commit copied from https://github.com/ARMmbed/nanostack-border-router
Changed in this revision
--- a/README.md Mon Mar 11 14:02:41 2019 +0000 +++ b/README.md Thu Mar 14 16:02:36 2019 +0000 @@ -165,6 +165,10 @@ | `uc-dwell-interval` | Unicast dwell interval. Range: 15-255 milliseconds | | `bc-interval` | Broadcast interval. Duration between broadcast dwell intervals. Range: 0-16777216 milliseconds | | `bc-dwell-interval` | Broadcast dwell interval. Range: 15-255 milliseconds | +| `certificate-header` | Wi-SUN certificate header file | +| `root-certificate` | Root certificate | +| `own-certificate` | Own certificate | +| `own-certificate-key` | Own certificate's key | Regulatory domain, operating class and operating mode are defined in the Wi-SUN PHY-specification.
--- a/configs/Wisun_Stm_s2lp_RF.json Mon Mar 11 14:02:41 2019 +0000
+++ b/configs/Wisun_Stm_s2lp_RF.json Thu Mar 14 16:02:36 2019 +0000
@@ -43,8 +43,26 @@
"operating-mode": 255,
"uc-fixed-channel": "0xffff",
"bc-fixed-channel": "0xffff",
- "network-name": "\"Wi-SUN Network\""
+ "network-name": "\"Wi-SUN Network\"",
+ "certificate-header": {
+ "help": "Certificate header",
+ "value": "\"wisun_certificates.h\""
+ },
+ "root-certificate": {
+ "help": "Root certificate in PEM format (must be a null terminated c-string)",
+ "value": "WISUN_ROOT_CERTIFICATE"
+ },
+ "own-certificate": {
+ "help": "Own certificate in PEM format (must be a null terminated c-string)",
+ "value": "WISUN_SERVER_CERTIFICATE"
+ },
+ "own-certificate-key": {
+ "help": "Own certificate's key in PEM format (must be a null terminated c-string)",
+ "value": "WISUN_SERVER_KEY"
+ }
+
},
+ "macros": ["MBEDTLS_USER_CONFIG_FILE=\"source/mbedtls_wisun_config.h\""],
"target_overrides": {
"*": {
"target.network-default-interface-type": "ETHERNET",
--- a/source/borderrouter_ws.c Mon Mar 11 14:02:41 2019 +0000
+++ b/source/borderrouter_ws.c Thu Mar 14 16:02:36 2019 +0000
@@ -28,6 +28,9 @@
#include "sw_mac.h"
#include "nwk_stats_api.h"
#include "randLIB.h"
+#ifdef MBED_CONF_APP_CERTIFICATE_HEADER
+#include MBED_CONF_APP_CERTIFICATE_HEADER
+#endif
#include "ns_trace.h"
#define TRACE_GROUP "brro"
@@ -309,6 +312,17 @@
}
}
+#if defined(MBED_CONF_APP_CERTIFICATE_HEADER)
+ arm_certificate_chain_entry_s chain_info;
+ memset(&chain_info, 0, sizeof(arm_certificate_chain_entry_s));
+ chain_info.cert_chain[0] = (const uint8_t *) MBED_CONF_APP_ROOT_CERTIFICATE;
+ chain_info.cert_len[0] = strlen((const char *) MBED_CONF_APP_ROOT_CERTIFICATE);
+ chain_info.cert_chain[1] = (const uint8_t *) MBED_CONF_APP_OWN_CERTIFICATE;
+ chain_info.cert_len[1] = strlen((const char *) MBED_CONF_APP_OWN_CERTIFICATE);
+ chain_info.key_chain[1] = (const uint8_t *) MBED_CONF_APP_OWN_CERTIFICATE_KEY;
+ chain_info.chain_length = 2;
+ arm_network_certificate_chain_set((const arm_certificate_chain_entry_s *) &chain_info);
+#endif
ret = arm_nwk_interface_up(ws_br_handler.ws_interface_id);
if (ret != 0) {
tr_error("mesh0 up Fail with code: %"PRIi32"", ret);
--- a/source/mbedtls_thread_config.h Mon Mar 11 14:02:41 2019 +0000 +++ b/source/mbedtls_thread_config.h Thu Mar 14 16:02:36 2019 +0000 @@ -47,6 +47,7 @@ /* Save RAM at the expense of ROM */ #define MBEDTLS_AES_ROM_TABLES +#define MBEDTLS_AES_FEWER_TABLES /* Save RAM by adjusting to our exact needs */ #define MBEDTLS_ECP_MAX_BITS 256
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/source/mbedtls_wisun_config.h Thu Mar 14 16:02:36 2019 +0000 @@ -0,0 +1,179 @@ +/* + * Copyright (c) 2016, 2019 ARM Limited. All rights reserved. + */ + +#ifndef MBEDTLS_WISUN_CONFIG_H_ +#define MBEDTLS_WISUN_CONFIG_H_ + +#define MBEDTLS_ENTROPY_MAX_SOURCES 4 // save 320 bytes of RAM (default is 20 entropy source) +#define MBEDTLS_SSL_MAX_CONTENT_LEN 4096 // Use 4kB buffers for input and output instead of 16kB + +//#define MBEDTLS_DEBUG_C + +/* mbed TLS feature support */ +#define MBEDTLS_ECP_NIST_OPTIM +#define MBEDTLS_ECP_DP_SECP256R1_ENABLED +#undef MBEDTLS_ECP_DP_SECP192R1_ENABLED +#undef MBEDTLS_ECP_DP_SECP224R1_ENABLED +#undef MBEDTLS_ECP_DP_SECP384R1_ENABLED +#undef MBEDTLS_ECP_DP_SECP521R1_ENABLED +#undef MBEDTLS_ECP_DP_SECP192K1_ENABLED +#undef MBEDTLS_ECP_DP_SECP224K1_ENABLED +#undef MBEDTLS_ECP_DP_SECP256K1_ENABLED +#undef MBEDTLS_ECP_DP_BP256R1_ENABLED +#undef MBEDTLS_ECP_DP_BP384R1_ENABLED +#undef MBEDTLS_ECP_DP_BP512R1_ENABLED +#undef MBEDTLS_ECP_DP_CURVE25519_ENABLED + +#ifdef MBEDTLS_SSL_TLS_C +#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +#define MBEDTLS_SSL_PROTO_TLS1_2 +#define MBEDTLS_SSL_EXPORT_KEYS +#define MBEDTLS_SSL_ALL_ALERT_MESSAGES +#endif + +/* mbed TLS modules */ +#define MBEDTLS_BIGNUM_C +#define MBEDTLS_CIPHER_C +#define MBEDTLS_AES_C +#define MBEDTLS_CCM_C +#define MBEDTLS_CTR_DRBG_C +#define MBEDTLS_ECP_C +#define MBEDTLS_MD_C +#define MBEDTLS_PK_C +#define MBEDTLS_SHA256_C +#ifdef MBEDTLS_SSL_TLS_C +#define MBEDTLS_SSL_COOKIE_C +#define MBEDTLS_SSL_CLI_C +#define MBEDTLS_SSL_SRV_C +#endif +#define MBEDTLS_NIST_KW_C +#define MBEDTLS_PEM_PARSE_C +#define MBEDTLS_BASE64_C +#define MBEDTLS_SHA1_C + +/* Save RAM at the expense of ROM */ +#define MBEDTLS_AES_ROM_TABLES +#define MBEDTLS_AES_FEWER_TABLES + +/* Save RAM by adjusting to our exact needs */ +#define MBEDTLS_ECP_MAX_BITS 256 +#undef MBEDTLS_MPI_MAX_SIZE +#define MBEDTLS_MPI_MAX_SIZE 128 // 256 bits is 32 bytes + +/* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */ +#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 + +/* Optimization. Remove all not needed stuff */ +#define MBEDTLS_X509_USE_C +#define MBEDTLS_X509_CRT_PARSE_C +#undef MBEDTLS_SSL_SERVER_NAME_INDICATION +#undef MBEDTLS_SELF_TEST +#undef MBEDTLS_SSL_ENCRYPT_THEN_MAC +#undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET +#define MBEDTLS_ASN1_PARSE_C +#define MBEDTLS_ASN1_WRITE_C +#define MBEDTLS_ECDH_C +#define MBEDTLS_ECDSA_C +#undef MBEDTLS_ERROR_C +#define MBEDTLS_GCM_C +#define MBEDTLS_OID_C +#define MBEDTLS_PK_PARSE_C +#define MBEDTLS_PK_WRITE_C +#undef MBEDTLS_RSA_C +#undef MBEDTLS_VERSION_C +#undef MBEDTLS_CERTS_C +#undef MBEDTLS_HMAC_DRBG_C +#define MBEDTLS_CIPHER_MODE_CBC +#undef MBEDTLS_CIPHER_PADDING_PKCS7 +#undef MBEDTLS_ECDSA_DETERMINISTIC +#undef MBEDTLS_SSL_SESSION_TICKETS +#undef MBEDTLS_VERSION_FEATURES +#undef MBEDTLS_X509_CHECK_KEY_USAGE +#undef MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE +#undef MBEDTLS_ERROR_STRERROR_DUMMY +#undef MBEDTLS_SSL_ALPN +#undef MBEDTLS_SSL_TICKET_C +#undef MBEDTLS_HAVE_SSE2 +#undef MBEDTLS_PLATFORM_MEMORY +#undef MBEDTLS_PLATFORM_NO_STD_FUNCTIONS +#undef MBEDTLS_DEPRECATED_WARNING +#undef MBEDTLS_DEPRECATED_REMOVED +#undef MBEDTLS_CAMELLIA_SMALL_MEMORY +#undef MBEDTLS_CIPHER_MODE_CFB +#undef MBEDTLS_CIPHER_MODE_CTR +#undef MBEDTLS_CIPHER_NULL_CIPHER +#undef MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS +#undef MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN +#undef MBEDTLS_CIPHER_PADDING_ZEROS +#undef MBEDTLS_ENABLE_WEAK_CIPHERSUITES +#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES +#undef MBEDTLS_ECP_DP_CURVE25519_ENABLED +#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +#undef MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED +#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +#undef MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED +#undef MBEDTLS_KEY_EXCHANGE_RSA_ENABLED +#undef MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED +#undef MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED +#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +#undef MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED +#undef MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED +#undef MBEDTLS_PK_PARSE_EC_EXTENDED +#undef MBEDTLS_GENPRIME +#undef MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES +#undef MBEDTLS_MEMORY_DEBUG +#undef MBEDTLS_MEMORY_BACKTRACE +#undef MBEDTLS_PK_RSA_ALT_SUPPORT +#undef MBEDTLS_PKCS1_V15 +#undef MBEDTLS_PKCS1_V21 +#undef MBEDTLS_RSA_NO_CRT +#undef MBEDTLS_SSL_AEAD_RANDOM_IV +#undef MBEDTLS_RSA_NO_CRT +#undef MBEDTLS_SSL_DEBUG_ALL +#undef MBEDTLS_SSL_FALLBACK_SCSV +#undef MBEDTLS_SSL_HW_RECORD_ACCEL +#undef MBEDTLS_SSL_CBC_RECORD_SPLITTING +#undef MBEDTLS_SSL_RENEGOTIATION +#undef MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO +#undef MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE +#undef MBEDTLS_SSL_PROTO_TLS1 +#undef MBEDTLS_SSL_PROTO_TLS1_1 +#undef MBEDTLS_SSL_DTLS_BADMAC_LIMIT +#undef MBEDTLS_SSL_TRUNCATED_HMAC +#undef MBEDTLS_THREADING_ALT +#undef MBEDTLS_THREADING_PTHREAD +#undef MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 +#undef MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION +#undef MBEDTLS_X509_RSASSA_PSS_SUPPORT +#undef MBEDTLS_ZLIB_SUPPORT +#undef MBEDTLS_AESNI_C +#undef MBEDTLS_ARC4_C +#undef MBEDTLS_BLOWFISH_C +#undef MBEDTLS_CAMELLIA_C +#undef MBEDTLS_DES_C +#undef MBEDTLS_DHM_C +#undef MBEDTLS_HAVEGE_C +#undef MBEDTLS_MD2_C +#undef MBEDTLS_MD4_C +#undef MBEDTLS_MD5_C +#undef MBEDTLS_MEMORY_BUFFER_ALLOC_C +#undef MBEDTLS_PADLOCK_C +#undef MBEDTLS_PEM_WRITE_C +#undef MBEDTLS_PKCS5_C +#undef MBEDTLS_PKCS11_C +#undef MBEDTLS_PKCS12_C +#undef MBEDTLS_PLATFORM_C +#undef MBEDTLS_RIPEMD160_C +#undef MBEDTLS_SHA512_C +#undef MBEDTLS_SSL_CACHE_C +#undef MBEDTLS_THREADING_C +#define MBEDTLS_X509_CREATE_C +#define MBEDTLS_X509_CRT_WRITE_C +#undef MBEDTLS_XTEA_C + + +#include "mbedtls/check_config.h" + +#endif /* MBEDTLS_WISUN_CONFIG_H */ +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/source/wisun_certificates.h Thu Mar 14 16:02:36 2019 +0000
@@ -0,0 +1,75 @@
+/*
+ * Copyright (c) 2019, Arm Limited and affiliates.
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef WISUN_TEST_CERTIFICATES_H_
+#define WISUN_TEST_CERTIFICATES_H_
+
+const uint8_t WISUN_ROOT_CERTIFICATE[] = {
+ "-----BEGIN CERTIFICATE-----\r\n"
+ "MIIBITCByaADAgECAgkAlbRr8sff1TAwCgYIKoZIzj0EAwIwDTELMAkGA1UEAwwC\r\n"
+ "Q0EwIBcNMTkwMTEwMTIzOTQwWhgPMjA1NDAxMDExMjM5NDBaMA0xCzAJBgNVBAMM\r\n"
+ "AkNBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEtxIrEZAp/o5tRajuwX89N/R7\r\n"
+ "aWnqBb0qqfWMz8eV4qIGDZ6nTVU8WnDbGfQmMiVJ7jBDO0t0u8hdJqD+BZSRTKMQ\r\n"
+ "MA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNHADBEAiAq2dDK4qq3tmJ3oG+T\r\n"
+ "+Sn3tTkJzh98EmbD+qM3H1A8bAIgbaeMCHBMVu+gsUvsr3GE0oPFivabSbG1ACPY\r\n"
+ "091AY8s=\r\n"
+ "-----END CERTIFICATE-----"
+};
+
+const uint8_t WISUN_SERVER_CERTIFICATE[] = {
+ "-----BEGIN CERTIFICATE-----\r\n"
+ "MIIBbjCCARUCCQDauDDaJgvpkTAKBggqhkjOPQQDAjANMQswCQYDVQQDDAJDQTAe\r\n"
+ "Fw0xOTAxMTAxMjU1MThaFw0yMTEwMzAxMjU1MThaMHIxCzAJBgNVBAYTAkZJMQ0w\r\n"
+ "CwYDVQQIDARPVUxVMQ0wCwYDVQQHDARPVUxVMQ0wCwYDVQQKDARURVNUMQ0wCwYD\r\n"
+ "VQQLDARURVNUMQ0wCwYDVQQDDARURVNUMRgwFgYJKoZIhvcNAQkBFgl0ZXN0QHRl\r\n"
+ "c3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATql/+fLHybIT1ffwtvWCRQo17+\r\n"
+ "NxYNHsqcLC7EwTaEFZ16Jq5ZfJONfdgi9JAhaJqPR5C39mHWRPrrb7Yz+WaxMAoG\r\n"
+ "CCqGSM49BAMCA0cAMEQCIBEVE5m35FH4/x12+4CGED5DTjq+MlG4tA9qzbRV1fLR\r\n"
+ "AiAVyDNhfHjqtSUHhq6n4eVFrkEZIKL15ghq/XrsquYpQA==\r\n"
+ "-----END CERTIFICATE-----"
+};
+
+const uint8_t WISUN_SERVER_KEY[] = {
+ "-----BEGIN EC PRIVATE KEY-----\r\n"
+ "MHcCAQEEILFyZOLupuFXvz8geCxYzno3yJsmvs5MOH5IAM2+BUNToAoGCCqGSM49\r\n"
+ "AwEHoUQDQgAE6pf/nyx8myE9X38Lb1gkUKNe/jcWDR7KnCwuxME2hBWdeiauWXyT\r\n"
+ "jX3YIvSQIWiaj0eQt/Zh1kT662+2M/lmsQ==\r\n"
+ "-----END EC PRIVATE KEY-----"
+};
+
+const uint8_t WISUN_CLIENT_CERTIFICATE[] = {
+ "-----BEGIN CERTIFICATE-----\r\n"
+ "MIIBbzCCARUCCQDauDDaJgvpkDAKBggqhkjOPQQDAjANMQswCQYDVQQDDAJDQTAe\r\n"
+ "Fw0xOTAxMTAxMjU0NThaFw0yMTEwMzAxMjU0NThaMHIxCzAJBgNVBAYTAkZJMQ0w\r\n"
+ "CwYDVQQIDARPVUxVMQ0wCwYDVQQHDARPVUxVMQ0wCwYDVQQKDARURVNUMQ0wCwYD\r\n"
+ "VQQLDARURVNUMQ0wCwYDVQQDDARURVNUMRgwFgYJKoZIhvcNAQkBFgl0ZXN0QHRl\r\n"
+ "c3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASiDwGGvooYkL98jjqiuIjNiY42\r\n"
+ "0Yp8EnZcT5QBfm2AHBN8Cv6ZLqatnOYW2qcBobTGNWYhjEiQSXFZWCbtTOrtMAoG\r\n"
+ "CCqGSM49BAMCA0gAMEUCIQCIa6wOCi56WXsMTYszQtS1HdRGWZbW9eJmtNAkrtu+\r\n"
+ "4QIgNXPvNTU/0QTEkssBp1olJI93sohauvLpcXjk89e9AOA=\r\n"
+ "-----END CERTIFICATE-----"
+};
+
+const uint8_t WISUN_CLIENT_KEY[] = {
+ "-----BEGIN EC PRIVATE KEY-----\r\n"
+ "MHcCAQEEIHKcVfg7aFwGqGnSph+XWaXoEcqrmR87s938l3B1NHLeoAoGCCqGSM49\r\n"
+ "AwEHoUQDQgAEog8Bhr6KGJC/fI46oriIzYmONtGKfBJ2XE+UAX5tgBwTfAr+mS6m\r\n"
+ "rZzmFtqnAaG0xjVmIYxIkElxWVgm7Uzq7Q==\r\n"
+ "-----END EC PRIVATE KEY-----"
+};
+
+#endif /* WISUN_TEST_CERTIFICATES_H_ */