yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #5970 from zmstone/fix-lwm2m-psk-ciphers 

fix(lwm2m): add support for new cipher suites
This commit is contained in:
Zaiming (Stone) Shi 2021-10-21 16:56:28 +02:00 committed by GitHub
parent d2f4c55fd7 224cc0d5c7
commit fd34eb1f4e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 18 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/emqx_lwm2m/etc/emqx_lwm2m.conf
View File

@ -146,4 +146,4 @@ lwm2m.dtls.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,E
## Note that 'lwm2m.dtls.ciphers' and 'lwm2m.dtls.psk_ciphers' cannot ## Note that 'lwm2m.dtls.ciphers' and 'lwm2m.dtls.psk_ciphers' cannot
## be configured at the same time. ## be configured at the same time.
## See 'https://tools.ietf.org/html/rfc4279#section-2'. ## See 'https://tools.ietf.org/html/rfc4279#section-2'.
#lwm2m.dtls.psk_ciphers = PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA #lwm2m.dtls.psk_ciphers = RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,RSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,RSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA

17
apps/emqx_lwm2m/priv/emqx_lwm2m.schema
View File

@ -185,7 +185,7 @@ end}.
OldCert = cuttlefish:conf_get("lwm2m.certfile", Conf, undefined), OldCert = cuttlefish:conf_get("lwm2m.certfile", Conf, undefined),
%% Ciphers %% Ciphers
SplitFun = fun(undefined) -> undefined; (S) -> string:tokens(S, ",") end, SplitFun = fun(undefined) -> []; (S) -> string:tokens(S, ",") end,
Ciphers = Ciphers =
case cuttlefish:conf_get("lwm2m.dtls.ciphers", Conf, undefined) of case cuttlefish:conf_get("lwm2m.dtls.ciphers", Conf, undefined) of
undefined -> undefined ->
@ -198,16 +198,17 @@ end}.
undefined -> undefined ->
[]; [];
C2 -> C2 ->
Psk = lists:map(fun("PSK-AES128-CBC-SHA") -> {psk, aes_128_cbc, sha}; Psk = lists:map(fun("PSK-AES128-CBC-SHA") -> "RSA-PSK-AES128-CBC-SHA";
("PSK-AES256-CBC-SHA") -> {psk, aes_256_cbc, sha}; ("PSK-AES256-CBC-SHA") -> "RSA-PSK-AES256-CBC-SHA";
("PSK-3DES-EDE-CBC-SHA") -> {psk, '3des_ede_cbc', sha}; ("PSK-3DES-EDE-CBC-SHA") -> "RSA-PSK-3DES-EDE-CBC-SHA";
("PSK-RC4-SHA") -> {psk, rc4_128, sha} ("PSK-RC4-SHA") -> "RSA-PSK-RC4-SHA";
end, SplitFun(C2)), (Suite) -> Suite
end, SplitFun(C2)),
[{ciphers, Psk}, {user_lookup_fun, {fun emqx_psk:lookup/3, <<>>}}] [{ciphers, Psk}, {user_lookup_fun, {fun emqx_psk:lookup/3, <<>>}}]
end, end,
Ciphers /= [] Ciphers /= []
andalso PskCiphers /= [] andalso PskCiphers /= []
andalso cuttlefish:invalid("The 'lwm2m.dtls.ciphers' and 'lwm2m.dtls.psk_ciphers' cannot exist simultaneously."), andalso cuttlefish:invalid("The 'lwm2m.dtls.ciphers' and 'lwm2m.dtls.psk_ciphers' cannot coexist"),
NCiphers = Ciphers ++ PskCiphers, NCiphers = Ciphers ++ PskCiphers,

2
apps/emqx_lwm2m/src/emqx_lwm2m.app.src
View File

@ -1,6 +1,6 @@
{application,emqx_lwm2m, {application,emqx_lwm2m,
[{description,"EMQ X LwM2M Gateway"}, [{description,"EMQ X LwM2M Gateway"},
{vsn, "4.3.3"}, % strict semver, bump manually! {vsn, "4.3.4"}, % strict semver, bump manually!
{modules,[]}, {modules,[]},
{registered,[emqx_lwm2m_sup]}, {registered,[emqx_lwm2m_sup]},
{applications,[kernel,stdlib,lwm2m_coap]}, {applications,[kernel,stdlib,lwm2m_coap]},

12
apps/emqx_lwm2m/src/emqx_lwm2m.appup.src
View File

@ -1,19 +1,21 @@
%% -*-: erlang -*- %% -*-: erlang -*-
{"4.3.3", {"4.3.4",
[ [
{<<"4.3.[0-1]">>, [ {<<"4\\.3\\.[0-1]">>, [
{restart_application, emqx_lwm2m} {restart_application, emqx_lwm2m}
]}, ]},
{"4.3.2", [ {"4.3.2", [
{load_module, emqx_lwm2m_message, brutal_purge, soft_purge, []} {load_module, emqx_lwm2m_message, brutal_purge, soft_purge, []}
]} ]},
{"4.3.3", []} %% only config change
], ],
[ [
{<<"4.3.[0-1]">>, [ {<<"4\\.3\\.[0-1]">>, [
{restart_application, emqx_lwm2m} {restart_application, emqx_lwm2m}
]}, ]},
{"4.3.2", [ {"4.3.2", [
{load_module, emqx_lwm2m_message, brutal_purge, soft_purge, []} {load_module, emqx_lwm2m_message, brutal_purge, soft_purge, []}
]} ]},
{"4.3.3", []} %% only config change
] ]
}. }.