... | ... | @@ -5,6 +5,56 @@ CoAP is an standardized REST-based protocol for constrained nodes and networks w |
|
|
|
|
|
The project jRECMA provides an integrity and authenticity protection for CoAP at the application layer. This is realized by signing CoAP messages as a whole.
|
|
|
|
|
|
The following example shows how the authentication process of RECMA works.
|
|
|
|
|
|
Assume, that the following example message require to be authenticated.
|
|
|
|
|
|
```
|
|
|
V=0x01,T=0x00,TKL=0x01,C=0x02,MID=0x01
|
|
|
Token: 0x0A
|
|
|
Uri-Path: 0x6974656D73
|
|
|
Content-Format: 0x32
|
|
|
Payload-Length: 0xF
|
|
|
0xFF
|
|
|
{"item":"pork"}
|
|
|
```
|
|
|
|
|
|
Then the byte array to be signed is built to:
|
|
|
|
|
|
```
|
|
|
0x14D14486B51 #tvp
|
|
|
|| 0x01 #Version
|
|
|
|| 0x00 #Type
|
|
|
|| 0x01 #TokenLength
|
|
|
|| 0x02 #Code
|
|
|
|| 0x01 #Message-ID
|
|
|
|| 0x0A #Token
|
|
|
|| 0x00 #Uri-Host(3)
|
|
|
|| 0x00 #Uri-Port(7)
|
|
|
|| hash(0x6974656D73) #Uri-Path(11)
|
|
|
|| 0x32 #Content-Format(12)
|
|
|
|| 0x00 #Max-Age(14)
|
|
|
|| 0x00 #Uri-Query(15)
|
|
|
|| 0x0F #Payload-Length (65001)
|
|
|
|| hash(UTF8({"item":"pork"})) #Body
|
|
|
```
|
|
|
|
|
|
After signing the message, the CoAP message has the following shape.
|
|
|
|
|
|
```
|
|
|
V=0x01,T=0x00,TKL=0x01,C=0x02 MID=0x01
|
|
|
Token: 0x0A
|
|
|
Uri-Path: "items"
|
|
|
Content-Format: 0x32
|
|
|
Payload-Length: 0x0F
|
|
|
Signatur-Algorithm: 0x01
|
|
|
Hash-Algorithm: 0x01
|
|
|
TVP: 0x14D14486B51
|
|
|
Signatur-Value: <$sv$>
|
|
|
Key-ID: <$kid$>
|
|
|
0xFF
|
|
|
{"item":"pork"}
|
|
|
```
|
|
|
## Signing CoAP requests with jRECMA
|
|
|
This an example showing how to sign a CoAP request with HMAC-SHA256.
|
|
|
```java
|
... | ... | |