SCHC Datagram Transport Layer Security
With the DTLS version of Acklio FullSDK, all communications performed by the Network Interface and by the Datagram Interface are layered over DTLS (Datagram Transport Layer Security) version 1.2.
As required by DTLS, an initial handshake is requested by ATModem. The handshake is handled in a transparent way by Acklio FullSDK, but ATModem informs the application of success or failure.
Acklio FullSDK DTLS layer must be configured before performing the handshake. The device must be provided with the following by calling the associated AT command:
- A pre-shared key identity (
PSK_ID) - A pre-shared key value (
PSK_value) - A retry number (
retry_number) - A timeout period (
timeout)
Of course, these values must match the ones defined when provisioning the device on Acklio IPCore side.
In order to make things simpler for the application, ATModem automatically starts the handshake right after the join request has been accepted.
Configuration
The <PSK_Value> should be at least 32 characters long.
| What | Detail |
|---|---|
| Command | AT+SCHC=DTLSCONF,SET,<PSK_ID>,<PSK_value>,<retry_number>,<timeout> |
| Parameters | <PSK_ID> – The pre-shared key identity.It must be a 4-bytes, specified in hexadecimal (ASCII 8 characters). For example, specify 30313233 to configure the 0123 string. |
<PSK_value> – The pre-shared key value.It must be a binary string, at least 16-bytes long specified in hexadecimal (ASCII 16 characters at least). For example, specify 0001020304050607 to configure the binary string 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07. | |
<retry_number> – The number of times the handshake will be tried in case of problem | |
<timeout> – The maximum time period Acklio FullSDK waits for a handshake response from IPCore, in seconds | |
| Result codes | OK |
AT_PARAM_ERROR |
The configuration command must be issued before the join command (described below).
Join
| What | Detail |
|---|---|
| Command | AT+JOINDTLS=<class> |
| Parameter | <class> - A or C |
| Result codes | OK |
AT_PARAM_ERROR | |
AT_ERROR,1,<error> | |
+JOINED | |
+HANDSHAKEOK | |
+HANDSHAKEFAIL |
When the class is correct, the OK result code is returned immediately.
- If the join request succeeds, the
+JOINEDresult code is returned a few seconds later. - If it failed, no additional result code is returned.
Then, if the handshake succeeds, the +HANDSHAKEOK result code is returned a few seconds later.
If it does not succeed, the +HANDSHAKEFAIL result code is returned.
For the DTLS version of Acklio FullSDK, the JOINDTLS command replaces the JOIN command of the non-DTLS version.
The errors of the non-DTLS version of the join command of Acklio FullSDK may be returned, in case of problem.
Additionnally, this error may be returned:
AT_ERROR,6,<status> reports a DTLS layer error, with the following possible values for status:
| Numeric value | Error code | Comment |
|---|---|---|
| 20 | DTLS_NOT_INITIALIZED_ERR | DTLS layer has not been configured |