This repository contains the firmware part of the CoAP/ACE-OAuth proof-of-concept implementation. The firmware is written in Rust, and designed to run on nRF52-DK hardware based on the S132 softdevice (but is easy to adjust to other nRF devices).
With this firmware, the device it is running on simulates a simple network enabled sensor -- it reports the temperature it measures over a radio interface to authorized users, and allows some users to alter the identification LEDs.
The technology stack it demonstrates by this is
- an [ACE-OAuth (RFC9200)] Resource Server (RS) -- this limits the interactions of users according to an authorization server's decisions
- the ACE OSCORE profile (RFC9203) -- this connects the ACE framework with OSCORE, and generates OSCORE keys
- OSCORE (RFC8613) -- this secures communication with symmetric keys, independent of the precise transport mechanism used
- CoAP (RFC7252) -- this gives a compact and versatile application protocol with flexible forwarding options
- CoAP-over-GATT (
draft-amsuess-core-coap-over-gatt-02) -- this allows transporting CoAP over Bluetooth Low Energy (BLE) without the need to set up a Bluetooth IP network
-
Obtain an nRF52-DK device; connect it via USB to a computer and move its power switch to the "on" position.
-
Download the latest build of this firmware from the build site as
coap-ace-poc-firmware-.d??.hex. When using just a single nRF52-DK, pick any of numbered images. When using multiple devices, pick distinct ones, and consider labelling the devices accordingly. -
Copy the file
coap-ace-poc-firmware-d??.hexonto the "JLINK" USB drive that has appeared on your computer. Once copying is done, the device will restart, show two LEDs indicating the application's readiness, and USB drive will reappear without the file. -
Direct a Bluetooth capable's cellphone web browser (Chrome or Chromium) to the corresponding web app. Follow the login instructions, picking either the role of the "junior" or the "senior". Note that in the course of the login, the BLE connection is severed and needs to be reestablished.
You may also install the mobile application through the browser's "Install app" button.
-
Use the web application's controls to read the device's temperature, to find the device (making its LEDs spin briefly), or to alter its identification LEDs ("senior" only).
For illustration purposes, the web application is not made aware of the permission levels, and unauthorized control attempts will fail.
-
Instructions on how to build the firmware, as well as how to alter or extend it, can be found in the firmware's documentation.
That also contains further references for the components used inside the firmware.
-
The web application is built from source at https://gitlab.com/oscore/coap-ace-poc-webapp/ and documented there as well. The web application is built into a static web site, which can be served by any modern web server.
-
Backing the authentication is an ACE Authorization Server (AS). Its setup and operatioins are described on TBD.
This project and all files contained in it is published under the
BSD-3-Clause license as defined in LICENSES/BSD-3-Clause.txt.
Copyright: 2022 EDF (Électricité de France S.A.)
Author: Christian Amsüss
Note that additional terms may apply to the built output. In particular, the softdevice's license terms become part of what governs the use of the resulting program.