Skip to content

Commit 43a6073

Browse files
committed
Adds ATECC608 secure element support for esp32 - DPS registration works correctly for device certificate and registration ID generated at runtime using added functions
1 parent e252264 commit 43a6073

File tree

6 files changed

+181
-0
lines changed

6 files changed

+181
-0
lines changed

.gitmodules

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,6 @@
11
[submodule "libs/azure-iot-middleware-freertos"]
22
path = libs/azure-iot-middleware-freertos
33
url = https://github.com/Azure/azure-iot-middleware-freertos.git
4+
[submodule "demos/projects/ESPRESSIF/esp32/components/esp-cryptoauthlib"]
5+
path = demos/projects/ESPRESSIF/esp32/components/esp-cryptoauthlib
6+
url = https://github.com/espressif/esp-cryptoauthlib

demos/projects/ESPRESSIF/esp32/components/sample-azure-iot/transport_tls_esp32.c

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -90,6 +90,11 @@ TlsTransportStatus_t TLS_Socket_Connect( NetworkContext_t * pNetworkContext,
9090
{
9191
esp_transport_ssl_set_cert_data_der( pNetworkContext->xTransport, ( const char * ) pNetworkCredentials->pucRootCa, pNetworkCredentials->xRootCaSize );
9292
}
93+
#if CONFIG_ESP_TLS_USE_SECURE_ELEMENT
94+
95+
esp_transport_ssl_use_secure_element( pNetworkContext->xTransport );
96+
97+
#else
9398

9499
if ( pNetworkCredentials->pucClientCert )
95100
{
@@ -101,6 +106,8 @@ TlsTransportStatus_t TLS_Socket_Connect( NetworkContext_t * pNetworkContext,
101106
esp_transport_ssl_set_client_key_data_der( pNetworkContext->xTransport, (const char *) pNetworkCredentials->pucPrivateKey, pNetworkCredentials->xPrivateKeySize );
102107
}
103108

109+
#endif
110+
104111
if ( esp_transport_connect( pNetworkContext->xTransport, pHostName, usPort, ulReceiveTimeoutMs ) < 0 )
105112
{
106113
ESP_LOGE( TAG, "Failed establishing TLS connection (esp_transport_connect failed)" );

demos/sample_azure_iot/sample_azure_iot.c

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,11 @@
2525
/* Crypto helper header. */
2626
#include "crypto.h"
2727

28+
/* For using the ATECC608 secure element if support is configured */
29+
#if CONFIG_ESP_TLS_USE_SECURE_ELEMENT && CONFIG_ATCA_MBEDTLS_ECDSA
30+
#include "cryptoauthlib.h"
31+
#endif
32+
2833
/*-----------------------------------------------------------*/
2934

3035
/* Compile time error for undefined configs. */
@@ -145,6 +150,20 @@ struct NetworkContext
145150
static AzureIoTHubClient_t xAzureIoTHubClient;
146151
/*-----------------------------------------------------------*/
147152

153+
#if CONFIG_ESP_TLS_USE_SECURE_ELEMENT
154+
/**
155+
* @brief Generates the registration ID using the ATECC608 chip dynamically using
156+
* cryptoauthlib API
157+
*
158+
*
159+
* @param[out] pucSecureElementSerNum An unsigned char buffer to hold the 9-byte serial number of the ATECC608 chip
160+
* @param[out] pcRegistrationID The string that will hold the registration ID - should be 21 bytes or more
161+
*/
162+
static uint32_t prvPrepareRegistrationIdFromATECC608( uint8_t *sernum,
163+
char *registration_id_string );
164+
165+
#endif /* CONFIG_ESP_TLS_USE_SECURE_ELEMENT */
166+
148167
#ifdef democonfigENABLE_DPS_SAMPLE
149168

150169
/**
@@ -471,6 +490,33 @@ static void prvAzureDemoTask( void * pvParameters )
471490
}
472491
/*-----------------------------------------------------------*/
473492

493+
#if CONFIG_ESP_TLS_USE_SECURE_ELEMENT
494+
/**
495+
* @brief Get the serial number of the ATECC608 chip and the registration ID that will be used
496+
* by the DPS client
497+
*
498+
*/
499+
static uint32_t prvPrepareRegistrationIdFromATECC608(uint8_t *sernum, char *registration_id_string) {
500+
if(sernum == NULL || registration_id_string == NULL || (strlen(registration_id_string) < 21)) {
501+
return -1; // improper parameters
502+
}
503+
504+
ATCA_STATUS s;
505+
s = atcab_read_serial_number(sernum);
506+
if(s != ATCA_SUCCESS) {
507+
return -3;
508+
}
509+
sprintf(registration_id_string,"sn%02X%02X%02X%02X%02X%02X%02X%02X%02X",sernum[0],sernum[1],\
510+
sernum[2],sernum[3],sernum[4],sernum[5],sernum[6],sernum[7],sernum[8]);
511+
registration_id_string[20] = '\0';
512+
513+
return 0;
514+
515+
}
516+
517+
#endif /* CONFIG_ESP_TLS_USE_SECURE_ELEMENT */
518+
519+
474520
#ifdef democonfigENABLE_DPS_SAMPLE
475521

476522
/**
@@ -503,6 +549,16 @@ static void prvAzureDemoTask( void * pvParameters )
503549
xTransport.xSend = TLS_Socket_Send;
504550
xTransport.xRecv = TLS_Socket_Recv;
505551

552+
#if CONFIG_ESP_TLS_USE_SECURE_ELEMENT
553+
/* Redefine the democonfigREGISTRATION_ID macro dynamically */
554+
#undef democonfigREGISTRATION_ID
555+
char registration_id_string[21];
556+
uint8_t sernum[9];
557+
ulStatus = prvPrepareRegistrationIdFromATECC608(sernum,registration_id_string);
558+
configASSERT( ulStatus == 0);
559+
#define democonfigREGISTRATION_ID registration_id_string
560+
#endif
561+
506562
xResult = AzureIoTProvisioningClient_Init( &xAzureIoTProvisioningClient,
507563
( const uint8_t * ) democonfigENDPOINT,
508564
sizeof( democonfigENDPOINT ) - 1,

demos/sample_azure_iot_gsg/sample_azure_iot_gsg.c

Lines changed: 58 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,12 @@
3232

3333
/* Board specific implementation */
3434
#include "sample_gsg_device.h"
35+
36+
/* For using the ATECC608 secure element if support is configured */
37+
#if CONFIG_ESP_TLS_USE_SECURE_ELEMENT && CONFIG_ATCA_MBEDTLS_ECDSA
38+
#include "cryptoauthlib.h"
39+
#endif
40+
3541
/*-----------------------------------------------------------*/
3642

3743
/* Compile time error for undefined configs. */
@@ -128,6 +134,21 @@ struct NetworkContext
128134
};
129135
/*-----------------------------------------------------------*/
130136

137+
#if CONFIG_ESP_TLS_USE_SECURE_ELEMENT
138+
/**
139+
* @brief Generates the registration ID using the ATECC608 chip dynamically using
140+
* cryptoauthlib API
141+
*
142+
*
143+
* @param[out] pucSecureElementSerNum An unsigned char buffer to hold the 9-byte serial number of the ATECC608 chip
144+
* @param[out] pcRegistrationID The string that will hold the registration ID - should be 21 bytes or more
145+
*/
146+
static uint32_t prvPrepareRegistrationIdFromATECC608( uint8_t *sernum,
147+
char *registration_id_string );
148+
149+
#endif /* CONFIG_ESP_TLS_USE_SECURE_ELEMENT */
150+
151+
131152
/* Define buffer for IoT Hub info. */
132153
#ifdef democonfigENABLE_DPS_SAMPLE
133154

@@ -603,6 +624,33 @@ static uint32_t prvConnectToServerWithBackoffRetries( const char * pcHostName,
603624
}
604625
/*-----------------------------------------------------------*/
605626

627+
#if CONFIG_ESP_TLS_USE_SECURE_ELEMENT
628+
/**
629+
* @brief Get the serial number of the ATECC608 chip and the registration ID that will be used
630+
* by the DPS client
631+
*
632+
*/
633+
static uint32_t prvPrepareRegistrationIdFromATECC608(uint8_t *sernum, char *registration_id_string) {
634+
if(sernum == NULL || registration_id_string == NULL || (strlen(registration_id_string) < 21)) {
635+
return -1; // improper parameters
636+
}
637+
638+
ATCA_STATUS s;
639+
s = atcab_read_serial_number(sernum);
640+
if(s != ATCA_SUCCESS) {
641+
return -3;
642+
}
643+
sprintf(registration_id_string,"sn%02X%02X%02X%02X%02X%02X%02X%02X%02X",sernum[0],sernum[1],\
644+
sernum[2],sernum[3],sernum[4],sernum[5],sernum[6],sernum[7],sernum[8]);
645+
registration_id_string[20] = '\0';
646+
647+
return 0;
648+
649+
}
650+
651+
#endif /* CONFIG_ESP_TLS_USE_SECURE_ELEMENT */
652+
653+
606654
#ifdef democonfigENABLE_DPS_SAMPLE
607655

608656
/**
@@ -643,6 +691,16 @@ static uint32_t prvConnectToServerWithBackoffRetries( const char * pcHostName,
643691
xTransport.xSend = TLS_Socket_Send;
644692
xTransport.xRecv = TLS_Socket_Recv;
645693

694+
#if CONFIG_ESP_TLS_USE_SECURE_ELEMENT
695+
/* Redefine the democonfigREGISTRATION_ID macro dynamically */
696+
#undef democonfigREGISTRATION_ID
697+
char registration_id_string[21];
698+
uint8_t sernum[9];
699+
ulStatus = prvPrepareRegistrationIdFromATECC608(sernum,registration_id_string);
700+
configASSERT( ulStatus == 0);
701+
#define democonfigREGISTRATION_ID registration_id_string
702+
#endif
703+
646704
xResult = AzureIoTProvisioningClient_Init( &xAzureIoTProvisioningClient,
647705
( const uint8_t * ) democonfigENDPOINT,
648706
sizeof( democonfigENDPOINT ) - 1,

demos/sample_azure_iot_pnp/sample_azure_iot_pnp.c

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,11 @@
3232

3333
/* Data Interface Definition */
3434
#include "sample_azure_iot_pnp_data_if.h"
35+
36+
/* For using the ATECC608 secure element if support is configured */
37+
#if CONFIG_ESP_TLS_USE_SECURE_ELEMENT && CONFIG_ATCA_MBEDTLS_ECDSA
38+
#include "cryptoauthlib.h"
39+
#endif
3540
/*-----------------------------------------------------------*/
3641

3742
/* Compile time error for undefined configs. */
@@ -153,6 +158,20 @@ static uint8_t ucReportedPropertiesUpdate[ 320 ];
153158
static uint32_t ulReportedPropertiesUpdateLength;
154159
/*-----------------------------------------------------------*/
155160

161+
#if CONFIG_ESP_TLS_USE_SECURE_ELEMENT
162+
/**
163+
* @brief Generates the registration ID using the ATECC608 chip dynamically using
164+
* cryptoauthlib API
165+
*
166+
*
167+
* @param[out] pucSecureElementSerNum An unsigned char buffer to hold the 9-byte serial number of the ATECC608 chip
168+
* @param[out] pcRegistrationID The string that will hold the registration ID - should be 21 bytes or more
169+
*/
170+
static uint32_t prvPrepareRegistrationIdFromATECC608( uint8_t *sernum,
171+
char *registration_id_string );
172+
173+
#endif /* CONFIG_ESP_TLS_USE_SECURE_ELEMENT */
174+
156175
#ifdef democonfigENABLE_DPS_SAMPLE
157176

158177
/**
@@ -486,6 +505,33 @@ static void prvAzureDemoTask( void * pvParameters )
486505
}
487506
/*-----------------------------------------------------------*/
488507

508+
#if CONFIG_ESP_TLS_USE_SECURE_ELEMENT
509+
/**
510+
* @brief Get the serial number of the ATECC608 chip and the registration ID that will be used
511+
* by the DPS client
512+
*
513+
*/
514+
static uint32_t prvPrepareRegistrationIdFromATECC608(uint8_t *sernum, char *registration_id_string) {
515+
if(sernum == NULL || registration_id_string == NULL || (strlen(registration_id_string) < 21)) {
516+
return -1; // improper parameters
517+
}
518+
519+
ATCA_STATUS s;
520+
s = atcab_read_serial_number(sernum);
521+
if(s != ATCA_SUCCESS) {
522+
return -3;
523+
}
524+
sprintf(registration_id_string,"sn%02X%02X%02X%02X%02X%02X%02X%02X%02X",sernum[0],sernum[1],\
525+
sernum[2],sernum[3],sernum[4],sernum[5],sernum[6],sernum[7],sernum[8]);
526+
registration_id_string[20] = '\0';
527+
528+
return 0;
529+
530+
}
531+
532+
#endif /* CONFIG_ESP_TLS_USE_SECURE_ELEMENT */
533+
534+
489535
#ifdef democonfigENABLE_DPS_SAMPLE
490536

491537
/**
@@ -518,6 +564,16 @@ static void prvAzureDemoTask( void * pvParameters )
518564
xTransport.xSend = TLS_Socket_Send;
519565
xTransport.xRecv = TLS_Socket_Recv;
520566

567+
#if CONFIG_ESP_TLS_USE_SECURE_ELEMENT
568+
/* Redefine the democonfigREGISTRATION_ID macro dynamically */
569+
#undef democonfigREGISTRATION_ID
570+
char registration_id_string[21];
571+
uint8_t sernum[9];
572+
ulStatus = prvPrepareRegistrationIdFromATECC608(sernum,registration_id_string);
573+
configASSERT( ulStatus == 0);
574+
#define democonfigREGISTRATION_ID registration_id_string
575+
#endif
576+
521577
xResult = AzureIoTProvisioningClient_Init( &xAzureIoTProvisioningClient,
522578
( const uint8_t * ) democonfigENDPOINT,
523579
sizeof( democonfigENDPOINT ) - 1,

0 commit comments

Comments
 (0)