LWM2M Carrier Library Limitations

RE: LWM2M Carrier Library Limitations

Didrik Rokhaug — Mon, 25 Apr 2022 14:54:03 GMT

[quote user="wh-eric"]Is it possible to use a mix of offloaded and non-offloaded sockets? As in 1 TLS connection is offloaded to the modem and handled as specified by the carrier library limitations, while additional TLS/DTLS connections are handled on the application core?[/quote]

I haven't tried this myself, but I believe it is possible with the use of the SOCK_NATIVE_TLS socket flag. For the offloaded sockets, you simply don't use the flag, while you do use it for the non-offloaded/native sockets.

From the modem perspective, it should be just the same as you opening a mix of TLS/DTLS and unencrypted TCP/UDP sockets.

RE: LWM2M Carrier Library Limitations

wh-eric — Fri, 22 Apr 2022 17:04:53 GMT

I think I have one last related question. Is it possible to use a mix of offloaded and non-offloaded sockets? As in 1 TLS connection is offloaded to the modem and handled as specified by the carrier library limitations, while additional TLS/DTLS connections are handled on the application core?

I ask more out of understanding the technical limitations, I think for simplicity we would keep the TLS/DTLS all non-offloaded with an application which required the LWM2M carrier library.

RE: LWM2M Carrier Library Limitations

wh-eric — Fri, 22 Apr 2022 15:45:22 GMT

Awesome, thank you for digging that up for me. I'm sorry I was not able to find that on my own. Based on this, I think I have a better understanding. I will do some digging into the sample you pointed to and see if I have any more questions.

RE: LWM2M Carrier Library Limitations

Didrik Rokhaug — Fri, 22 Apr 2022 15:32:07 GMT

Hi,

[quote user=""]2. Where can I find information on the IP stack capabilities of the modem and how they are allocated? I have searched through the docs and modem firmware/library changelogs but came up empty unfortunately[/quote]

What exactly are you looking for?

The modem FW release notes (inside the modem FW .zip) and the modem_lib documentation are the best places to look for information about the modem.

Perhaps the most relevant for this ticket is this section from the modem release notes:

- TLS/DTLS
    - Up to three simultaneous TLS/DTLS connections are possible.
    - Maximum server certificate chain size has a limit of 4kB.
    - Server certificate expiry time is not verified.
    - pkcs#8 is not supported.
    - Absolute maximum number of supported credentials is 32. The actual amount depends on size of
      credentials as memory area reserved for credentials may be a limiting factor as well.
    - DTLS supports PSK authentication only.
    - 2kB secure socket buffer size.

Note that the maximum number of simultaneous TLS/DTLS connections depends on the mix of TLS and DTLS connections. However, I could not find a place listing the different combinations.

[quote user=""]1. If we have to include this library, how can we also include application code for our lwm2m client w/ DTLS? Are there specific configs that need to be enabled/modified?[/quote]

Not with the TLS/DTLS stack in the modem.

However, it is possible to not offload the TLS/DTLS stack, though at a significant flash and RAM cost in the application. We don't have any samples showing this for DTLS, but you can see how it is done for TLS (the procedure should be similar for DTLS) in the https_client sample: https://developer.nordicsemi.com/nRF_Connect_SDK/doc/1.9.0/nrf/samples/nrf9160/https_client/README.html#using-mbed-tls-and-tf-m

Best regards,

Didrik