• State Not Answered
  • Replies 4 replies
  • Subscribers 67 subscribers
  • Views 139 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 328669
Options

How to enable OC_OSCORE in nrf_knx_iot sample?

Llama12580

I found that OSCORE could be enabled in nrf-knx-iot samples.

But how can I configure and enable OSCORE?

  • 0

    Hello,

    It's still an experimental project. From my understanding this is something we are planning to eventually, but not looked into details yet, but I will check if someone can comment on what we believe is required to get started. 

    Kenneth

  • 0 in reply to Kenneth

    OK. Actually what I am concerned about is the securitry of communication betweens the knx sensor and the knx actuator. So for now,  the nrf-knx-iot demo does not contain any encryption algorithm?

  • 0

    Hello,
    As Kenneth mentioned - currently, nRF KNX IoT Point API is in experimental phase. In the current state we did not test OSCORE functionality. The SDK is full of security features used by different protocols. At the moment, OSCORE is not enabled by default nd we cannot state that it's fully functional. However, if you would like to test it itself I can show you how to enable it in our samples:

    1. Open CMakeLists.txt file of a sample you would like to use (or both), e.g.: knx/samples/light_switch_actuator/CMakeLists.txt

    2. Ensure that include directories contain ${BASE_DIR}/security entry like at the end of the following snippet:

    include_directories(app PUBLIC
${BASE_DIR}
${BASE_DIR}/deps
${BASE_DIR}/include 
${BASE_DIR}/port/ 
${BASE_DIR}/port/zephyr
${BASE_DIR}/security
)

    3. Add OC_OSCORE to compile definitions:

    add_compile_definitions(OC_CLIENT OC_SERVER OC_PUBLISHER_TABLE OC_BLOCK_WISE OC_OSCORE)

    4. Add the following files to the list of sources:

    ${BASE_DIR}/security/oc_oscore_engine.c
${BASE_DIR}/security/oc_oscore_context.c
${BASE_DIR}/security/oc_oscore_crypto.c
${BASE_DIR}/messaging/coap/oscore.c

    After these editions you should be able to build the firmware with OSCORE enabled. Also, regarding the security - KNX Point API uses CoAP messages which are transported with Thread Protocol which itself uses encryption. It means that you are unable to decode packets captured in the air without knowing the Thread network's key. OSCORE works on application layer and messages encrypted by it are later on encrypted by OpenThread during a transmission.

    Let me know if you need any help or information regarding this matter. 

  • 0 in reply to Konrad Derda

    OK, thank you so much!! I will try what you said, which branch should I use? 

Related