From f36ecd44a11f201a51ad08109a4f50c50d70503b Mon Sep 17 00:00:00 2001 From: Juha Ylinen Date: Mon, 21 Aug 2023 12:57:51 +0300 Subject: [PATCH] net: lib: nrf_provisioning: Remove duplicate Kconfigs Remove duplicate Kconfigs from HTTP and CoAP configuration Add overlay to authenticate with JWT Signed-off-by: Juha Ylinen --- .../nrf_provisioning/overlay-coap.conf | 1 - .../nrf_provisioning/overlay-jwt.conf | 5 +++ samples/cellular/nrf_provisioning/prj.conf | 4 -- subsys/net/lib/nrf_provisioning/Kconfig | 36 ++++++++++++++++++ .../Kconfig.nrf_provisioning_attesttoken | 9 ----- .../Kconfig.nrf_provisioning_coap | 38 +------------------ .../Kconfig.nrf_provisioning_http | 30 --------------- .../Kconfig.nrf_provisioning_jwt | 24 ------------ .../src/nrf_provisioning_coap.c | 10 ++--- .../src/nrf_provisioning_http.c | 8 ++-- .../subsys/net/lib/nrf_provisioning/prj.conf | 2 - .../net/lib/nrf_provisioning/prj_coap.conf | 2 - .../net/lib/nrf_provisioning/prj_jwt.conf | 3 +- .../net/lib/nrf_provisioning/src/coap.c | 4 +- .../net/lib/nrf_provisioning/src/main.c | 16 ++++---- 15 files changed, 63 insertions(+), 129 deletions(-) create mode 100644 samples/cellular/nrf_provisioning/overlay-jwt.conf delete mode 100644 subsys/net/lib/nrf_provisioning/Kconfig.nrf_provisioning_attesttoken delete mode 100644 subsys/net/lib/nrf_provisioning/Kconfig.nrf_provisioning_jwt diff --git a/samples/cellular/nrf_provisioning/overlay-coap.conf b/samples/cellular/nrf_provisioning/overlay-coap.conf index e5d3e8b67077..0bbc77d225f3 100644 --- a/samples/cellular/nrf_provisioning/overlay-coap.conf +++ b/samples/cellular/nrf_provisioning/overlay-coap.conf @@ -2,7 +2,6 @@ CONFIG_NRF_PROVISIONING_HTTP=n CONFIG_NRF_PROVISIONING_COAP=y CONFIG_NRF_PROVISIONING_ROOT_CA_SEC_TAG=42 -CONFIG_NRF_PROVISIONING_COAP_ATTESTTOKEN=y # CoAP client CONFIG_COAP=y diff --git a/samples/cellular/nrf_provisioning/overlay-jwt.conf b/samples/cellular/nrf_provisioning/overlay-jwt.conf new file mode 100644 index 000000000000..e817d0980c01 --- /dev/null +++ b/samples/cellular/nrf_provisioning/overlay-jwt.conf @@ -0,0 +1,5 @@ +# Client authentication with JWT token +CONFIG_NRF_PROVISIONING_JWT=y +CONFIG_MODEM_JWT=y + +CONFIG_NRF_PROVISIONING_ATTESTTOKEN=n diff --git a/samples/cellular/nrf_provisioning/prj.conf b/samples/cellular/nrf_provisioning/prj.conf index 63a65dcc5e77..129a43ddad03 100644 --- a/samples/cellular/nrf_provisioning/prj.conf +++ b/samples/cellular/nrf_provisioning/prj.conf @@ -15,15 +15,11 @@ CONFIG_SETTINGS_SHELL=y CONFIG_NRF_PROVISIONING_SHELL=y CONFIG_SHELL=y -CONFIG_NRF_PROVISIONING_AT=y - # Client authentication with JWT token -CONFIG_NRF_PROVISIONING_HTTP_JWT=n CONFIG_NRF_PROVISIONING_JWT=n CONFIG_MODEM_JWT=n # Client authentication with attestation token -CONFIG_NRF_PROVISIONING_HTTP_ATTESTTOKEN=y CONFIG_NRF_PROVISIONING_ATTESTTOKEN=y CONFIG_MODEM_ATTEST_TOKEN=y diff --git a/subsys/net/lib/nrf_provisioning/Kconfig b/subsys/net/lib/nrf_provisioning/Kconfig index c9ee4d83fe2c..03934f0dd55b 100644 --- a/subsys/net/lib/nrf_provisioning/Kconfig +++ b/subsys/net/lib/nrf_provisioning/Kconfig @@ -38,6 +38,9 @@ config NRF_PROVISIONING_WITH_CERT help Includes the root certificate used by the server side and provisions it if needed. +config NRF_PROVISIONING_ROOT_CA_SEC_TAG + int "Root CA for nRF Cloud Identity Service - security tag" + config NRF_PROVISIONING_SAVE_CMD_ID bool "Save the latest command id to storage" help @@ -53,6 +56,39 @@ config NRF_PROVISIONING_SETTINGS_STORAGE_PATH string "Settings storage path for provisioning" default "provisioning" +config NRF_PROVISIONING_RX_BUF_SZ + int "RX buffer size" + default 1024 + +config NRF_PROVISIONING_TX_BUF_SZ + int "TX buffer size" + default 2048 + +choice + prompt "Authentication token" + +config NRF_PROVISIONING_JWT + depends on MODEM_JWT + bool "Authenticate with JWT" + +config NRF_PROVISIONING_ATTESTTOKEN + bool "Authenticate with Attestation token" + +endchoice + +if NRF_PROVISIONING_JWT + +config NRF_PROVISIONING_JWT_SEC_TAG + int "Provision Service's security tag, private Device Identity key used by default" + default 0 + +config NRF_PROVISIONING_JWT_MAX_VALID_TIME_S + int "Maximum JWT valid lifetime (seconds)" + range 0 604800 + default 300 + +endif + rsource "Kconfig.nrf_provisioning_http" rsource "Kconfig.nrf_provisioning_at" diff --git a/subsys/net/lib/nrf_provisioning/Kconfig.nrf_provisioning_attesttoken b/subsys/net/lib/nrf_provisioning/Kconfig.nrf_provisioning_attesttoken deleted file mode 100644 index da1960b6d734..000000000000 --- a/subsys/net/lib/nrf_provisioning/Kconfig.nrf_provisioning_attesttoken +++ /dev/null @@ -1,9 +0,0 @@ -# -# Copyright (c) 2023 Nordic Semiconductor -# -# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause -# - -config NRF_PROVISIONING_ATTESTTOKEN - bool "nRF Provisioning authentication bearer attestation token" - select EXPERIMENTAL diff --git a/subsys/net/lib/nrf_provisioning/Kconfig.nrf_provisioning_coap b/subsys/net/lib/nrf_provisioning/Kconfig.nrf_provisioning_coap index 81f63a6a0b8a..7090b7b5463b 100644 --- a/subsys/net/lib/nrf_provisioning/Kconfig.nrf_provisioning_coap +++ b/subsys/net/lib/nrf_provisioning/Kconfig.nrf_provisioning_coap @@ -12,9 +12,6 @@ menuconfig NRF_PROVISIONING_COAP if NRF_PROVISIONING_COAP -config NRF_PROVISIONING_ROOT_CA_SEC_TAG - int "Root CA for Nordic identity server - security tag" - config NRF_PROVISIONING_COAP_HOSTNAME string "nRF Provisioning COAP API hostname" default "coap.nrfcloud.com" @@ -23,41 +20,10 @@ config NRF_PROVISIONING_COAP_PORT string "Provision Service's port" default "5684" -config NRF_PROVISIONING_COAP_TIMEOUT_MS - int "Provision Service's timeout for COAP connection" - default 30000 - -config NRF_PROVISIONING_COAP_RX_BUF_SZ - int "RX buffer size" - default 1024 - -config NRF_PROVISIONING_COAP_TX_BUF_SZ - int "Request body size" - default 2048 - -config NRF_PROVISIONING_COAP_TLS_SESSION_CACHE - bool "TLS session cache usage" +config NRF_PROVISIONING_COAP_DTLS_SESSION_CACHE + bool "DTLS session cache usage" default y rsource "Kconfig.nrf_provisioning_codec" -choice - prompt "Authentication token" - -config NRF_PROVISIONING_COAP_JWT - bool "Authenticate with JWT" - -config NRF_PROVISIONING_COAP_ATTESTTOKEN - bool "Authenticate with Attestation token" - -endchoice - -if NRF_PROVISIONING_COAP_JWT -rsource "Kconfig.nrf_provisioning_jwt" -endif - -if NRF_PROVISIONING_COAP_ATTESTTOKEN -rsource "Kconfig.nrf_provisioning_attesttoken" -endif - endif diff --git a/subsys/net/lib/nrf_provisioning/Kconfig.nrf_provisioning_http b/subsys/net/lib/nrf_provisioning/Kconfig.nrf_provisioning_http index 40045e4431d8..a78b1765a02e 100644 --- a/subsys/net/lib/nrf_provisioning/Kconfig.nrf_provisioning_http +++ b/subsys/net/lib/nrf_provisioning/Kconfig.nrf_provisioning_http @@ -12,9 +12,6 @@ menuconfig NRF_PROVISIONING_HTTP if NRF_PROVISIONING_HTTP -config NRF_PROVISIONING_ROOT_CA_SEC_TAG - int "Root CA for Nordic identity server - security tag" - config NRF_PROVISIONING_HTTP_HOSTNAME string "nRF Provisioning HTTP API hostname" default "provisioning-http.nrfcloud.com" @@ -27,33 +24,6 @@ config NRF_PROVISIONING_HTTP_TIMEOUT_MS int "Provision Service's timeout for HTTP connection" default 30000 -config NRF_PROVISIONING_HTTP_RX_BUF_SZ - int "RX buffer size" - default 1536 - -config NRF_PROVISIONING_HTTP_TX_BUF_SZ - int "Request body size" - default 2048 - rsource "Kconfig.nrf_provisioning_codec" -choice - prompt "Authentication token" - -config NRF_PROVISIONING_HTTP_JWT - bool "Authenticate with JWT" - -config NRF_PROVISIONING_HTTP_ATTESTTOKEN - bool "Authenticate with Attestation token" - -endchoice - -if NRF_PROVISIONING_HTTP_JWT -rsource "Kconfig.nrf_provisioning_jwt" -endif - -if NRF_PROVISIONING_HTTP_ATTESTTOKEN -rsource "Kconfig.nrf_provisioning_attesttoken" -endif - endif diff --git a/subsys/net/lib/nrf_provisioning/Kconfig.nrf_provisioning_jwt b/subsys/net/lib/nrf_provisioning/Kconfig.nrf_provisioning_jwt deleted file mode 100644 index 855be23cf91c..000000000000 --- a/subsys/net/lib/nrf_provisioning/Kconfig.nrf_provisioning_jwt +++ /dev/null @@ -1,24 +0,0 @@ -# -# Copyright (c) 2023 Nordic Semiconductor -# -# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause -# - -menuconfig NRF_PROVISIONING_JWT - bool "nRF Provisioning authentication bearer JWT" - select EXPERIMENTAL - imply MODEM_JWT - imply NRF_PROVISIONING_AT - -if NRF_PROVISIONING_JWT - -config NRF_PROVISIONING_JWT_SEC_TAG - int "Provision Service's security tag, private Device Identity key used by default" - default 0 - -config NRF_PROVISIONING_JWT_MAX_VALID_TIME_S - int "Maximum JWT valid lifetime (seconds)" - range 0 604800 - default 300 - -endif diff --git a/subsys/net/lib/nrf_provisioning/src/nrf_provisioning_coap.c b/subsys/net/lib/nrf_provisioning/src/nrf_provisioning_coap.c index bc140e92e1be..ea0aef1d8b19 100644 --- a/subsys/net/lib/nrf_provisioning/src/nrf_provisioning_coap.c +++ b/subsys/net/lib/nrf_provisioning/src/nrf_provisioning_coap.c @@ -112,7 +112,7 @@ static int dtls_setup(int fd) return err; } - if (IS_ENABLED(CONFIG_NRF_PROVISIONING_COAP_TLS_SESSION_CACHE)) { + if (IS_ENABLED(CONFIG_NRF_PROVISIONING_COAP_DTLS_SESSION_CACHE)) { session_cache = TLS_SESSION_CACHE_ENABLED; } else { session_cache = TLS_SESSION_CACHE_DISABLED; @@ -468,8 +468,8 @@ static int request_commands(struct coap_client *client, { int ret; char after[NRF_PROVISIONING_CORRELATION_ID_SIZE]; - char *rx_buf_sz = STRINGIFY(CONFIG_NRF_PROVISIONING_COAP_RX_BUF_SZ); - char *tx_buf_sz = STRINGIFY(CONFIG_NRF_PROVISIONING_COAP_TX_BUF_SZ); + char *rx_buf_sz = STRINGIFY(CONFIG_NRF_PROVISIONING_RX_BUF_SZ); + char *tx_buf_sz = STRINGIFY(CONFIG_NRF_PROVISIONING_TX_BUF_SZ); char cmd[sizeof(CMDS_API_TEMPLATE) + NRF_PROVISIONING_CORRELATION_ID_SIZE + strlen(rx_buf_sz) + strlen(tx_buf_sz)]; @@ -532,10 +532,10 @@ int nrf_provisioning_coap_req(struct nrf_provisioning_coap_context *const coap_c /* Only one provisioning ongoing at a time*/ static union { - char coap[CONFIG_NRF_PROVISIONING_COAP_TX_BUF_SZ]; + char coap[CONFIG_NRF_PROVISIONING_TX_BUF_SZ]; char at[CONFIG_NRF_PROVISIONING_CODEC_AT_CMD_LEN]; } tx_buf; - static char rx_buf[CONFIG_NRF_PROVISIONING_COAP_RX_BUF_SZ]; + static char rx_buf[CONFIG_NRF_PROVISIONING_RX_BUF_SZ]; int ret; char *auth_token = NULL; diff --git a/subsys/net/lib/nrf_provisioning/src/nrf_provisioning_http.c b/subsys/net/lib/nrf_provisioning/src/nrf_provisioning_http.c index e4c4ca489766..6d78720842f4 100644 --- a/subsys/net/lib/nrf_provisioning/src/nrf_provisioning_http.c +++ b/subsys/net/lib/nrf_provisioning/src/nrf_provisioning_http.c @@ -312,8 +312,8 @@ static int gen_provisioning_url(struct rest_client_req_context *const req) { char *url; size_t buff_sz; - char *rx_buf_sz = STRINGIFY(CONFIG_NRF_PROVISIONING_HTTP_RX_BUF_SZ); - char *tx_buf_sz = STRINGIFY(CONFIG_NRF_PROVISIONING_HTTP_TX_BUF_SZ); + char *rx_buf_sz = STRINGIFY(CONFIG_NRF_PROVISIONING_RX_BUF_SZ); + char *tx_buf_sz = STRINGIFY(CONFIG_NRF_PROVISIONING_TX_BUF_SZ); char mver[128]; char *cver = STRINGIFY(1); int ret; @@ -454,10 +454,10 @@ int nrf_provisioning_http_req(struct nrf_provisioning_http_context *const rest_c /* Only one provisioning ongoing at a time*/ static union { - char http[CONFIG_NRF_PROVISIONING_HTTP_TX_BUF_SZ]; + char http[CONFIG_NRF_PROVISIONING_TX_BUF_SZ]; char at[CONFIG_NRF_PROVISIONING_CODEC_AT_CMD_LEN]; } tx_buf; - static char rx_buf[CONFIG_NRF_PROVISIONING_HTTP_RX_BUF_SZ]; + static char rx_buf[CONFIG_NRF_PROVISIONING_RX_BUF_SZ]; char *auth_hdr = NULL; struct rest_client_req_context req; diff --git a/tests/subsys/net/lib/nrf_provisioning/prj.conf b/tests/subsys/net/lib/nrf_provisioning/prj.conf index 7d444a07e77f..9bc051fcaf61 100644 --- a/tests/subsys/net/lib/nrf_provisioning/prj.conf +++ b/tests/subsys/net/lib/nrf_provisioning/prj.conf @@ -19,14 +19,12 @@ CONFIG_NRF_PROVISIONING_AT=n CONFIG_NRF_PROVISIONING=y CONFIG_NRF_PROVISIONING_HTTP=y -CONFIG_NRF_PROVISIONING_HTTP_JWT=n CONFIG_NRF_PROVISIONING_JWT=n CONFIG_NRF_PROVISIONING_ROOT_CA_SEC_TAG=-1 CONFIG_NRF_PROVISIONING_CODEC=y -CONFIG_NRF_PROVISIONING_HTTP_ATTESTTOKEN=y CONFIG_NRF_PROVISIONING_ATTESTTOKEN=y CONFIG_NRF_PROVISIONING_CBOR=y diff --git a/tests/subsys/net/lib/nrf_provisioning/prj_coap.conf b/tests/subsys/net/lib/nrf_provisioning/prj_coap.conf index b82eb5675468..c79272ab93d4 100644 --- a/tests/subsys/net/lib/nrf_provisioning/prj_coap.conf +++ b/tests/subsys/net/lib/nrf_provisioning/prj_coap.conf @@ -18,14 +18,12 @@ CONFIG_NRF_PROVISIONING_AT=n CONFIG_NRF_PROVISIONING=y CONFIG_NRF_PROVISIONING_COAP=y -CONFIG_NRF_PROVISIONING_HTTP_JWT=n CONFIG_NRF_PROVISIONING_JWT=n CONFIG_NRF_PROVISIONING_ROOT_CA_SEC_TAG=-1 CONFIG_NRF_PROVISIONING_CODEC=y -CONFIG_NRF_PROVISIONING_COAP_ATTESTTOKEN=y CONFIG_NRF_PROVISIONING_ATTESTTOKEN=y CONFIG_NRF_PROVISIONING_CBOR=y diff --git a/tests/subsys/net/lib/nrf_provisioning/prj_jwt.conf b/tests/subsys/net/lib/nrf_provisioning/prj_jwt.conf index 212c01161c70..ea8edf41687a 100644 --- a/tests/subsys/net/lib/nrf_provisioning/prj_jwt.conf +++ b/tests/subsys/net/lib/nrf_provisioning/prj_jwt.conf @@ -14,14 +14,13 @@ CONFIG_MODEM_JWT=n CONFIG_NRF_PROVISIONING=y CONFIG_NRF_PROVISIONING_HTTP=y -CONFIG_NRF_PROVISIONING_HTTP_ATTESTTOKEN=n +CONFIG_NRF_PROVISIONING_ATTESTTOKEN=n CONFIG_NRF_PROVISIONING_ROOT_CA_SEC_TAG=-1 CONFIG_NRF_PROVISIONING_CODEC=y CONFIG_NRF_PROVISIONING_HTTP=y -CONFIG_NRF_PROVISIONING_HTTP_JWT=y CONFIG_NRF_PROVISIONING_JWT=y CONFIG_NRF_PROVISIONING_CODEC=y diff --git a/tests/subsys/net/lib/nrf_provisioning/src/coap.c b/tests/subsys/net/lib/nrf_provisioning/src/coap.c index 8a5ffec26eb8..7dbfb52811d8 100644 --- a/tests/subsys/net/lib/nrf_provisioning/src/coap.c +++ b/tests/subsys/net/lib/nrf_provisioning/src/coap.c @@ -249,8 +249,8 @@ static int coap_client_cmds_valid_path_cb(struct coap_client *client, int sock, struct coap_client_request *req, int retries, int cmock_num_calls) { - char path[] = "p/cmd?after=&rxMaxSize=" STRINGIFY(CONFIG_NRF_PROVISIONING_COAP_RX_BUF_SZ) - "&txMaxSize=" STRINGIFY(CONFIG_NRF_PROVISIONING_COAP_TX_BUF_SZ); + char path[] = "p/cmd?after=&rxMaxSize=" STRINGIFY(CONFIG_NRF_PROVISIONING_RX_BUF_SZ) + "&txMaxSize=" STRINGIFY(CONFIG_NRF_PROVISIONING_TX_BUF_SZ); if (strncmp(req->path, auth_path, strlen(auth_path)) == 0) { req->cb(COAP_RESPONSE_CODE_CREATED, 0, NULL, 0, true, req->user_data); diff --git a/tests/subsys/net/lib/nrf_provisioning/src/main.c b/tests/subsys/net/lib/nrf_provisioning/src/main.c index 245d0029023a..13af8ad4ec44 100644 --- a/tests/subsys/net/lib/nrf_provisioning/src/main.c +++ b/tests/subsys/net/lib/nrf_provisioning/src/main.c @@ -389,11 +389,11 @@ static int rest_client_request_url_valid(struct rest_client_req_context *req_ctx } else if (strncmp(query_items[idx], "txMaxSize=", strlen("txMaxSize=")) == 0) { info.txMaxSize = &(query_items[idx][strlen("txMaxSize=")]); TEST_ASSERT_EQUAL_INT( - CONFIG_NRF_PROVISIONING_HTTP_TX_BUF_SZ, atoi(info.txMaxSize)); + CONFIG_NRF_PROVISIONING_TX_BUF_SZ, atoi(info.txMaxSize)); } else if (strncmp(query_items[idx], "rxMaxSize=", strlen("rxMaxSize=")) == 0) { info.rxMaxSize = &(query_items[idx][strlen("rxMaxSize=")]); TEST_ASSERT_EQUAL_INT( - CONFIG_NRF_PROVISIONING_HTTP_RX_BUF_SZ, atoi(info.rxMaxSize)); + CONFIG_NRF_PROVISIONING_RX_BUF_SZ, atoi(info.rxMaxSize)); } else if (strncmp(query_items[idx], "after=", strlen("after=")) == 0) { ; } else { @@ -641,7 +641,7 @@ void test_codec_finished_valid(void) { struct cdc_context cdc_ctx; char at_buff[CONFIG_NRF_PROVISIONING_CODEC_AT_CMD_LEN]; - char tx_buff[CONFIG_NRF_PROVISIONING_HTTP_RX_BUF_SZ]; + char tx_buff[CONFIG_NRF_PROVISIONING_RX_BUF_SZ]; int mm_cb_ret = 0; struct nrf_provisioning_mm_change dummy_cb = { @@ -680,7 +680,7 @@ void test_codec_priv_keygen_valid(void) { struct cdc_context cdc_ctx; char at_buff[CONFIG_NRF_PROVISIONING_CODEC_AT_CMD_LEN]; - char tx_buff[CONFIG_NRF_PROVISIONING_HTTP_RX_BUF_SZ]; + char tx_buff[CONFIG_NRF_PROVISIONING_RX_BUF_SZ]; int mm_cb_ret = 0; struct nrf_provisioning_mm_change dummy_cb = { @@ -733,7 +733,7 @@ void test_codec_priv_keygen_rejected_invalid(void) { struct cdc_context cdc_ctx; char at_buff[CONFIG_NRF_PROVISIONING_CODEC_AT_CMD_LEN]; - char tx_buff[CONFIG_NRF_PROVISIONING_HTTP_RX_BUF_SZ]; + char tx_buff[CONFIG_NRF_PROVISIONING_RX_BUF_SZ]; int mm_cb_ret = 0; struct nrf_provisioning_mm_change dummy_cb = { @@ -779,7 +779,7 @@ void test_codec_endorsement_keygen_valid(void) { struct cdc_context cdc_ctx; char at_buff[CONFIG_NRF_PROVISIONING_CODEC_AT_CMD_LEN]; - char tx_buff[CONFIG_NRF_PROVISIONING_HTTP_RX_BUF_SZ]; + char tx_buff[CONFIG_NRF_PROVISIONING_RX_BUF_SZ]; int mm_cb_ret = 0; struct nrf_provisioning_mm_change dummy_cb = { @@ -822,7 +822,7 @@ void test_codec_endorsement_keygen_invalid(void) { struct cdc_context cdc_ctx; char at_buff[CONFIG_NRF_PROVISIONING_CODEC_AT_CMD_LEN]; - char tx_buff[CONFIG_NRF_PROVISIONING_HTTP_RX_BUF_SZ]; + char tx_buff[CONFIG_NRF_PROVISIONING_RX_BUF_SZ]; int mm_cb_ret = 0; struct nrf_provisioning_mm_change dummy_cb = { @@ -866,7 +866,7 @@ void test_codec_config_store1_valid(void) { struct cdc_context cdc_ctx; char at_buff[CONFIG_NRF_PROVISIONING_CODEC_AT_CMD_LEN]; - char tx_buff[CONFIG_NRF_PROVISIONING_HTTP_RX_BUF_SZ]; + char tx_buff[CONFIG_NRF_PROVISIONING_RX_BUF_SZ]; int mm_cb_ret = 0; struct nrf_provisioning_mm_change dummy_cb = {