diff --git a/samples/cellular/nrf_provisioning/overlay-coap.conf b/samples/cellular/nrf_provisioning/overlay-coap.conf index e5d3e8b6707..0bbc77d225f 100644 --- a/samples/cellular/nrf_provisioning/overlay-coap.conf +++ b/samples/cellular/nrf_provisioning/overlay-coap.conf @@ -2,7 +2,6 @@ CONFIG_NRF_PROVISIONING_HTTP=n CONFIG_NRF_PROVISIONING_COAP=y CONFIG_NRF_PROVISIONING_ROOT_CA_SEC_TAG=42 -CONFIG_NRF_PROVISIONING_COAP_ATTESTTOKEN=y # CoAP client CONFIG_COAP=y diff --git a/samples/cellular/nrf_provisioning/overlay-jwt.conf b/samples/cellular/nrf_provisioning/overlay-jwt.conf new file mode 100644 index 00000000000..e817d0980c0 --- /dev/null +++ b/samples/cellular/nrf_provisioning/overlay-jwt.conf @@ -0,0 +1,5 @@ +# Client authentication with JWT token +CONFIG_NRF_PROVISIONING_JWT=y +CONFIG_MODEM_JWT=y + +CONFIG_NRF_PROVISIONING_ATTESTTOKEN=n diff --git a/samples/cellular/nrf_provisioning/prj.conf b/samples/cellular/nrf_provisioning/prj.conf index 63a65dcc5e7..129a43ddad0 100644 --- a/samples/cellular/nrf_provisioning/prj.conf +++ b/samples/cellular/nrf_provisioning/prj.conf @@ -15,15 +15,11 @@ CONFIG_SETTINGS_SHELL=y CONFIG_NRF_PROVISIONING_SHELL=y CONFIG_SHELL=y -CONFIG_NRF_PROVISIONING_AT=y - # Client authentication with JWT token -CONFIG_NRF_PROVISIONING_HTTP_JWT=n CONFIG_NRF_PROVISIONING_JWT=n CONFIG_MODEM_JWT=n # Client authentication with attestation token -CONFIG_NRF_PROVISIONING_HTTP_ATTESTTOKEN=y CONFIG_NRF_PROVISIONING_ATTESTTOKEN=y CONFIG_MODEM_ATTEST_TOKEN=y diff --git a/subsys/net/lib/nrf_provisioning/Kconfig b/subsys/net/lib/nrf_provisioning/Kconfig index c9ee4d83fe2..03934f0dd55 100644 --- a/subsys/net/lib/nrf_provisioning/Kconfig +++ b/subsys/net/lib/nrf_provisioning/Kconfig @@ -38,6 +38,9 @@ config NRF_PROVISIONING_WITH_CERT help Includes the root certificate used by the server side and provisions it if needed. +config NRF_PROVISIONING_ROOT_CA_SEC_TAG + int "Root CA for nRF Cloud Identity Service - security tag" + config NRF_PROVISIONING_SAVE_CMD_ID bool "Save the latest command id to storage" help @@ -53,6 +56,39 @@ config NRF_PROVISIONING_SETTINGS_STORAGE_PATH string "Settings storage path for provisioning" default "provisioning" +config NRF_PROVISIONING_RX_BUF_SZ + int "RX buffer size" + default 1024 + +config NRF_PROVISIONING_TX_BUF_SZ + int "TX buffer size" + default 2048 + +choice + prompt "Authentication token" + +config NRF_PROVISIONING_JWT + depends on MODEM_JWT + bool "Authenticate with JWT" + +config NRF_PROVISIONING_ATTESTTOKEN + bool "Authenticate with Attestation token" + +endchoice + +if NRF_PROVISIONING_JWT + +config NRF_PROVISIONING_JWT_SEC_TAG + int "Provision Service's security tag, private Device Identity key used by default" + default 0 + +config NRF_PROVISIONING_JWT_MAX_VALID_TIME_S + int "Maximum JWT valid lifetime (seconds)" + range 0 604800 + default 300 + +endif + rsource "Kconfig.nrf_provisioning_http" rsource "Kconfig.nrf_provisioning_at" diff --git a/subsys/net/lib/nrf_provisioning/Kconfig.nrf_provisioning_attesttoken b/subsys/net/lib/nrf_provisioning/Kconfig.nrf_provisioning_attesttoken deleted file mode 100644 index da1960b6d73..00000000000 --- a/subsys/net/lib/nrf_provisioning/Kconfig.nrf_provisioning_attesttoken +++ /dev/null @@ -1,9 +0,0 @@ -# -# Copyright (c) 2023 Nordic Semiconductor -# -# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause -# - -config NRF_PROVISIONING_ATTESTTOKEN - bool "nRF Provisioning authentication bearer attestation token" - select EXPERIMENTAL diff --git a/subsys/net/lib/nrf_provisioning/Kconfig.nrf_provisioning_coap b/subsys/net/lib/nrf_provisioning/Kconfig.nrf_provisioning_coap index 81f63a6a0b8..7090b7b5463 100644 --- a/subsys/net/lib/nrf_provisioning/Kconfig.nrf_provisioning_coap +++ b/subsys/net/lib/nrf_provisioning/Kconfig.nrf_provisioning_coap @@ -12,9 +12,6 @@ menuconfig NRF_PROVISIONING_COAP if NRF_PROVISIONING_COAP -config NRF_PROVISIONING_ROOT_CA_SEC_TAG - int "Root CA for Nordic identity server - security tag" - config NRF_PROVISIONING_COAP_HOSTNAME string "nRF Provisioning COAP API hostname" default "coap.nrfcloud.com" @@ -23,41 +20,10 @@ config NRF_PROVISIONING_COAP_PORT string "Provision Service's port" default "5684" -config NRF_PROVISIONING_COAP_TIMEOUT_MS - int "Provision Service's timeout for COAP connection" - default 30000 - -config NRF_PROVISIONING_COAP_RX_BUF_SZ - int "RX buffer size" - default 1024 - -config NRF_PROVISIONING_COAP_TX_BUF_SZ - int "Request body size" - default 2048 - -config NRF_PROVISIONING_COAP_TLS_SESSION_CACHE - bool "TLS session cache usage" +config NRF_PROVISIONING_COAP_DTLS_SESSION_CACHE + bool "DTLS session cache usage" default y rsource "Kconfig.nrf_provisioning_codec" -choice - prompt "Authentication token" - -config NRF_PROVISIONING_COAP_JWT - bool "Authenticate with JWT" - -config NRF_PROVISIONING_COAP_ATTESTTOKEN - bool "Authenticate with Attestation token" - -endchoice - -if NRF_PROVISIONING_COAP_JWT -rsource "Kconfig.nrf_provisioning_jwt" -endif - -if NRF_PROVISIONING_COAP_ATTESTTOKEN -rsource "Kconfig.nrf_provisioning_attesttoken" -endif - endif diff --git a/subsys/net/lib/nrf_provisioning/Kconfig.nrf_provisioning_http b/subsys/net/lib/nrf_provisioning/Kconfig.nrf_provisioning_http index 40045e4431d..a78b1765a02 100644 --- a/subsys/net/lib/nrf_provisioning/Kconfig.nrf_provisioning_http +++ b/subsys/net/lib/nrf_provisioning/Kconfig.nrf_provisioning_http @@ -12,9 +12,6 @@ menuconfig NRF_PROVISIONING_HTTP if NRF_PROVISIONING_HTTP -config NRF_PROVISIONING_ROOT_CA_SEC_TAG - int "Root CA for Nordic identity server - security tag" - config NRF_PROVISIONING_HTTP_HOSTNAME string "nRF Provisioning HTTP API hostname" default "provisioning-http.nrfcloud.com" @@ -27,33 +24,6 @@ config NRF_PROVISIONING_HTTP_TIMEOUT_MS int "Provision Service's timeout for HTTP connection" default 30000 -config NRF_PROVISIONING_HTTP_RX_BUF_SZ - int "RX buffer size" - default 1536 - -config NRF_PROVISIONING_HTTP_TX_BUF_SZ - int "Request body size" - default 2048 - rsource "Kconfig.nrf_provisioning_codec" -choice - prompt "Authentication token" - -config NRF_PROVISIONING_HTTP_JWT - bool "Authenticate with JWT" - -config NRF_PROVISIONING_HTTP_ATTESTTOKEN - bool "Authenticate with Attestation token" - -endchoice - -if NRF_PROVISIONING_HTTP_JWT -rsource "Kconfig.nrf_provisioning_jwt" -endif - -if NRF_PROVISIONING_HTTP_ATTESTTOKEN -rsource "Kconfig.nrf_provisioning_attesttoken" -endif - endif diff --git a/subsys/net/lib/nrf_provisioning/Kconfig.nrf_provisioning_jwt b/subsys/net/lib/nrf_provisioning/Kconfig.nrf_provisioning_jwt deleted file mode 100644 index 855be23cf91..00000000000 --- a/subsys/net/lib/nrf_provisioning/Kconfig.nrf_provisioning_jwt +++ /dev/null @@ -1,24 +0,0 @@ -# -# Copyright (c) 2023 Nordic Semiconductor -# -# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause -# - -menuconfig NRF_PROVISIONING_JWT - bool "nRF Provisioning authentication bearer JWT" - select EXPERIMENTAL - imply MODEM_JWT - imply NRF_PROVISIONING_AT - -if NRF_PROVISIONING_JWT - -config NRF_PROVISIONING_JWT_SEC_TAG - int "Provision Service's security tag, private Device Identity key used by default" - default 0 - -config NRF_PROVISIONING_JWT_MAX_VALID_TIME_S - int "Maximum JWT valid lifetime (seconds)" - range 0 604800 - default 300 - -endif diff --git a/subsys/net/lib/nrf_provisioning/src/nrf_provisioning_coap.c b/subsys/net/lib/nrf_provisioning/src/nrf_provisioning_coap.c index bc140e92e1b..ea0aef1d8b1 100644 --- a/subsys/net/lib/nrf_provisioning/src/nrf_provisioning_coap.c +++ b/subsys/net/lib/nrf_provisioning/src/nrf_provisioning_coap.c @@ -112,7 +112,7 @@ static int dtls_setup(int fd) return err; } - if (IS_ENABLED(CONFIG_NRF_PROVISIONING_COAP_TLS_SESSION_CACHE)) { + if (IS_ENABLED(CONFIG_NRF_PROVISIONING_COAP_DTLS_SESSION_CACHE)) { session_cache = TLS_SESSION_CACHE_ENABLED; } else { session_cache = TLS_SESSION_CACHE_DISABLED; @@ -468,8 +468,8 @@ static int request_commands(struct coap_client *client, { int ret; char after[NRF_PROVISIONING_CORRELATION_ID_SIZE]; - char *rx_buf_sz = STRINGIFY(CONFIG_NRF_PROVISIONING_COAP_RX_BUF_SZ); - char *tx_buf_sz = STRINGIFY(CONFIG_NRF_PROVISIONING_COAP_TX_BUF_SZ); + char *rx_buf_sz = STRINGIFY(CONFIG_NRF_PROVISIONING_RX_BUF_SZ); + char *tx_buf_sz = STRINGIFY(CONFIG_NRF_PROVISIONING_TX_BUF_SZ); char cmd[sizeof(CMDS_API_TEMPLATE) + NRF_PROVISIONING_CORRELATION_ID_SIZE + strlen(rx_buf_sz) + strlen(tx_buf_sz)]; @@ -532,10 +532,10 @@ int nrf_provisioning_coap_req(struct nrf_provisioning_coap_context *const coap_c /* Only one provisioning ongoing at a time*/ static union { - char coap[CONFIG_NRF_PROVISIONING_COAP_TX_BUF_SZ]; + char coap[CONFIG_NRF_PROVISIONING_TX_BUF_SZ]; char at[CONFIG_NRF_PROVISIONING_CODEC_AT_CMD_LEN]; } tx_buf; - static char rx_buf[CONFIG_NRF_PROVISIONING_COAP_RX_BUF_SZ]; + static char rx_buf[CONFIG_NRF_PROVISIONING_RX_BUF_SZ]; int ret; char *auth_token = NULL; diff --git a/subsys/net/lib/nrf_provisioning/src/nrf_provisioning_http.c b/subsys/net/lib/nrf_provisioning/src/nrf_provisioning_http.c index e4c4ca48976..6d78720842f 100644 --- a/subsys/net/lib/nrf_provisioning/src/nrf_provisioning_http.c +++ b/subsys/net/lib/nrf_provisioning/src/nrf_provisioning_http.c @@ -312,8 +312,8 @@ static int gen_provisioning_url(struct rest_client_req_context *const req) { char *url; size_t buff_sz; - char *rx_buf_sz = STRINGIFY(CONFIG_NRF_PROVISIONING_HTTP_RX_BUF_SZ); - char *tx_buf_sz = STRINGIFY(CONFIG_NRF_PROVISIONING_HTTP_TX_BUF_SZ); + char *rx_buf_sz = STRINGIFY(CONFIG_NRF_PROVISIONING_RX_BUF_SZ); + char *tx_buf_sz = STRINGIFY(CONFIG_NRF_PROVISIONING_TX_BUF_SZ); char mver[128]; char *cver = STRINGIFY(1); int ret; @@ -454,10 +454,10 @@ int nrf_provisioning_http_req(struct nrf_provisioning_http_context *const rest_c /* Only one provisioning ongoing at a time*/ static union { - char http[CONFIG_NRF_PROVISIONING_HTTP_TX_BUF_SZ]; + char http[CONFIG_NRF_PROVISIONING_TX_BUF_SZ]; char at[CONFIG_NRF_PROVISIONING_CODEC_AT_CMD_LEN]; } tx_buf; - static char rx_buf[CONFIG_NRF_PROVISIONING_HTTP_RX_BUF_SZ]; + static char rx_buf[CONFIG_NRF_PROVISIONING_RX_BUF_SZ]; char *auth_hdr = NULL; struct rest_client_req_context req; diff --git a/tests/subsys/net/lib/nrf_provisioning/prj.conf b/tests/subsys/net/lib/nrf_provisioning/prj.conf index 7d444a07e77..9bc051fcaf6 100644 --- a/tests/subsys/net/lib/nrf_provisioning/prj.conf +++ b/tests/subsys/net/lib/nrf_provisioning/prj.conf @@ -19,14 +19,12 @@ CONFIG_NRF_PROVISIONING_AT=n CONFIG_NRF_PROVISIONING=y CONFIG_NRF_PROVISIONING_HTTP=y -CONFIG_NRF_PROVISIONING_HTTP_JWT=n CONFIG_NRF_PROVISIONING_JWT=n CONFIG_NRF_PROVISIONING_ROOT_CA_SEC_TAG=-1 CONFIG_NRF_PROVISIONING_CODEC=y -CONFIG_NRF_PROVISIONING_HTTP_ATTESTTOKEN=y CONFIG_NRF_PROVISIONING_ATTESTTOKEN=y CONFIG_NRF_PROVISIONING_CBOR=y diff --git a/tests/subsys/net/lib/nrf_provisioning/prj_coap.conf b/tests/subsys/net/lib/nrf_provisioning/prj_coap.conf index b82eb567546..c79272ab93d 100644 --- a/tests/subsys/net/lib/nrf_provisioning/prj_coap.conf +++ b/tests/subsys/net/lib/nrf_provisioning/prj_coap.conf @@ -18,14 +18,12 @@ CONFIG_NRF_PROVISIONING_AT=n CONFIG_NRF_PROVISIONING=y CONFIG_NRF_PROVISIONING_COAP=y -CONFIG_NRF_PROVISIONING_HTTP_JWT=n CONFIG_NRF_PROVISIONING_JWT=n CONFIG_NRF_PROVISIONING_ROOT_CA_SEC_TAG=-1 CONFIG_NRF_PROVISIONING_CODEC=y -CONFIG_NRF_PROVISIONING_COAP_ATTESTTOKEN=y CONFIG_NRF_PROVISIONING_ATTESTTOKEN=y CONFIG_NRF_PROVISIONING_CBOR=y diff --git a/tests/subsys/net/lib/nrf_provisioning/prj_jwt.conf b/tests/subsys/net/lib/nrf_provisioning/prj_jwt.conf index 212c01161c7..ea8edf41687 100644 --- a/tests/subsys/net/lib/nrf_provisioning/prj_jwt.conf +++ b/tests/subsys/net/lib/nrf_provisioning/prj_jwt.conf @@ -14,14 +14,13 @@ CONFIG_MODEM_JWT=n CONFIG_NRF_PROVISIONING=y CONFIG_NRF_PROVISIONING_HTTP=y -CONFIG_NRF_PROVISIONING_HTTP_ATTESTTOKEN=n +CONFIG_NRF_PROVISIONING_ATTESTTOKEN=n CONFIG_NRF_PROVISIONING_ROOT_CA_SEC_TAG=-1 CONFIG_NRF_PROVISIONING_CODEC=y CONFIG_NRF_PROVISIONING_HTTP=y -CONFIG_NRF_PROVISIONING_HTTP_JWT=y CONFIG_NRF_PROVISIONING_JWT=y CONFIG_NRF_PROVISIONING_CODEC=y diff --git a/tests/subsys/net/lib/nrf_provisioning/src/coap.c b/tests/subsys/net/lib/nrf_provisioning/src/coap.c index 8a5ffec26eb..7dbfb52811d 100644 --- a/tests/subsys/net/lib/nrf_provisioning/src/coap.c +++ b/tests/subsys/net/lib/nrf_provisioning/src/coap.c @@ -249,8 +249,8 @@ static int coap_client_cmds_valid_path_cb(struct coap_client *client, int sock, struct coap_client_request *req, int retries, int cmock_num_calls) { - char path[] = "p/cmd?after=&rxMaxSize=" STRINGIFY(CONFIG_NRF_PROVISIONING_COAP_RX_BUF_SZ) - "&txMaxSize=" STRINGIFY(CONFIG_NRF_PROVISIONING_COAP_TX_BUF_SZ); + char path[] = "p/cmd?after=&rxMaxSize=" STRINGIFY(CONFIG_NRF_PROVISIONING_RX_BUF_SZ) + "&txMaxSize=" STRINGIFY(CONFIG_NRF_PROVISIONING_TX_BUF_SZ); if (strncmp(req->path, auth_path, strlen(auth_path)) == 0) { req->cb(COAP_RESPONSE_CODE_CREATED, 0, NULL, 0, true, req->user_data); diff --git a/tests/subsys/net/lib/nrf_provisioning/src/main.c b/tests/subsys/net/lib/nrf_provisioning/src/main.c index 245d0029023..13af8ad4ec4 100644 --- a/tests/subsys/net/lib/nrf_provisioning/src/main.c +++ b/tests/subsys/net/lib/nrf_provisioning/src/main.c @@ -389,11 +389,11 @@ static int rest_client_request_url_valid(struct rest_client_req_context *req_ctx } else if (strncmp(query_items[idx], "txMaxSize=", strlen("txMaxSize=")) == 0) { info.txMaxSize = &(query_items[idx][strlen("txMaxSize=")]); TEST_ASSERT_EQUAL_INT( - CONFIG_NRF_PROVISIONING_HTTP_TX_BUF_SZ, atoi(info.txMaxSize)); + CONFIG_NRF_PROVISIONING_TX_BUF_SZ, atoi(info.txMaxSize)); } else if (strncmp(query_items[idx], "rxMaxSize=", strlen("rxMaxSize=")) == 0) { info.rxMaxSize = &(query_items[idx][strlen("rxMaxSize=")]); TEST_ASSERT_EQUAL_INT( - CONFIG_NRF_PROVISIONING_HTTP_RX_BUF_SZ, atoi(info.rxMaxSize)); + CONFIG_NRF_PROVISIONING_RX_BUF_SZ, atoi(info.rxMaxSize)); } else if (strncmp(query_items[idx], "after=", strlen("after=")) == 0) { ; } else { @@ -641,7 +641,7 @@ void test_codec_finished_valid(void) { struct cdc_context cdc_ctx; char at_buff[CONFIG_NRF_PROVISIONING_CODEC_AT_CMD_LEN]; - char tx_buff[CONFIG_NRF_PROVISIONING_HTTP_RX_BUF_SZ]; + char tx_buff[CONFIG_NRF_PROVISIONING_RX_BUF_SZ]; int mm_cb_ret = 0; struct nrf_provisioning_mm_change dummy_cb = { @@ -680,7 +680,7 @@ void test_codec_priv_keygen_valid(void) { struct cdc_context cdc_ctx; char at_buff[CONFIG_NRF_PROVISIONING_CODEC_AT_CMD_LEN]; - char tx_buff[CONFIG_NRF_PROVISIONING_HTTP_RX_BUF_SZ]; + char tx_buff[CONFIG_NRF_PROVISIONING_RX_BUF_SZ]; int mm_cb_ret = 0; struct nrf_provisioning_mm_change dummy_cb = { @@ -733,7 +733,7 @@ void test_codec_priv_keygen_rejected_invalid(void) { struct cdc_context cdc_ctx; char at_buff[CONFIG_NRF_PROVISIONING_CODEC_AT_CMD_LEN]; - char tx_buff[CONFIG_NRF_PROVISIONING_HTTP_RX_BUF_SZ]; + char tx_buff[CONFIG_NRF_PROVISIONING_RX_BUF_SZ]; int mm_cb_ret = 0; struct nrf_provisioning_mm_change dummy_cb = { @@ -779,7 +779,7 @@ void test_codec_endorsement_keygen_valid(void) { struct cdc_context cdc_ctx; char at_buff[CONFIG_NRF_PROVISIONING_CODEC_AT_CMD_LEN]; - char tx_buff[CONFIG_NRF_PROVISIONING_HTTP_RX_BUF_SZ]; + char tx_buff[CONFIG_NRF_PROVISIONING_RX_BUF_SZ]; int mm_cb_ret = 0; struct nrf_provisioning_mm_change dummy_cb = { @@ -822,7 +822,7 @@ void test_codec_endorsement_keygen_invalid(void) { struct cdc_context cdc_ctx; char at_buff[CONFIG_NRF_PROVISIONING_CODEC_AT_CMD_LEN]; - char tx_buff[CONFIG_NRF_PROVISIONING_HTTP_RX_BUF_SZ]; + char tx_buff[CONFIG_NRF_PROVISIONING_RX_BUF_SZ]; int mm_cb_ret = 0; struct nrf_provisioning_mm_change dummy_cb = { @@ -866,7 +866,7 @@ void test_codec_config_store1_valid(void) { struct cdc_context cdc_ctx; char at_buff[CONFIG_NRF_PROVISIONING_CODEC_AT_CMD_LEN]; - char tx_buff[CONFIG_NRF_PROVISIONING_HTTP_RX_BUF_SZ]; + char tx_buff[CONFIG_NRF_PROVISIONING_RX_BUF_SZ]; int mm_cb_ret = 0; struct nrf_provisioning_mm_change dummy_cb = {