Add setEccSlot API to set private key slot and cert bytes

instead or in constructor

Author: sandeepmistry

Diff for: examples/WiFi101_AWS_IoT/WiFi101_AWS_IoT.ino

@@ -13,6 +13,8 @@
 #include <WiFi101.h>
 #include <MQTTClient.h>
 #include <ArduinoBearSSL.h>
+#include <utility/ECC508.h>
+#include <utility/ECC508Cert.h>
 
 // ssid and pass are the wifi settings
 const char ssid[] = "XXX";
@@ -22,19 +24,16 @@ const char pass[] = "XXX";
 const char server[] = "xxxxxxxxxxxxxx.iot.xx-xxxx-x.amazonaws.com";
 
 // id is the ThingName in aws IOT
-const char id[] = "XXX"
+const String id = "XXX";
 
 // Get the cert data by:
 // 1) Creating a CSR using the ArduinoBearSSL -> Tools -> ECC508CSR example for key slot 0
-// 2) Creating a new thing and uploading the CSR for it
-// 3) Downloading the public key for the thing in AWS IoT
-// 4) Convert the base64 encoded cert to binary
-const byte cert[] = {
-// ...
-};
+// 2) Use the "Go tool" to generate a public cert from the CSR
+// 3) Store the cert params in 1)
+// 4) Activate the cert in AWS IoT and attach policy + thing
 
 WiFiClient wifiClient;
-BearSSLClient net(wifiClient, 0, cert, sizeof(cert));
+BearSSLClient net(wifiClient);
 MQTTClient client;
 
 unsigned long lastMillis = 0;
@@ -45,8 +44,37 @@ unsigned long getTime() {
 
 void setup() {
   Serial.begin(115200);
+  while (!Serial);
+
+  if (!ECC508.begin()) {
+    Serial.println("No ECC508 present!");
+    while (1);
+  }
 
   ArduinoBearSSL.onGetTime(getTime);
+
+  ECC508Cert.begin(0, 9, 10);
+  ECC508Cert.setIssuerCountryName("US");
+  ECC508Cert.setIssuerOrganizationName("Arduino LLC US");
+  ECC508Cert.setIssuerOrganizationalUnitName("IT");
+  ECC508Cert.setIssuerCommonName("Arduino");
+  ECC508Cert.setSubjectCommonName(ECC508.serialNumber());
+  ECC508Cert.uncompress();
+
+  const byte* certData = ECC508Cert.bytes();
+  int certLength = ECC508Cert.length();
+
+  for (int i = 0; i < certLength; i++) {
+    byte b = certData[i];
+
+    if (b < 16) {
+      Serial.print('0');
+    }
+    Serial.print(b, HEX);
+  }
+  Serial.println();
+
+  net.setEccSlot(0, ECC508Cert.bytes(), ECC508Cert.length());
 
   WiFi.begin(ssid, pass);
 
@@ -68,7 +96,7 @@ void connect() {
   }
 
   Serial.print("\nconnecting...");
-  while (!client.connect(id)) {
+  while (!client.connect(id.c_str())) {
     Serial.print(".");
     delay(1000);
   }
@@ -94,4 +122,4 @@ void loop() {
 
 void messageReceived(String &topic, String &payload) {
   Serial.println("incoming: " + topic + " - " + payload);
-}
+}

Diff for: src/BearSSLClient.cpp

@@ -17,18 +17,6 @@ BearSSLClient::BearSSLClient(Client& client) :
   _ecCert.data_len = 0;
 }
 
-BearSSLClient::BearSSLClient(Client& client, int ecc508KeySlot, const byte cert[], int certLength) :
-  BearSSLClient(client)
-{
-  // HACK: put the key slot info. in the br_ec_private_key structure
-  _ecKey.curve = 23;
-  _ecKey.x = (unsigned char*)ecc508KeySlot;
-  _ecKey.xlen = 32;
-
-  _ecCert.data = (unsigned char*)cert;
-  _ecCert.data_len = certLength;
-}
-
 BearSSLClient::~BearSSLClient()
 {
 }
@@ -157,6 +145,17 @@ BearSSLClient::operator bool()
   return (*_client);  
 }
 
+void BearSSLClient::setEccSlot(int ecc508KeySlot, const byte cert[], int certLength)
+{
+  // HACK: put the key slot info. in the br_ec_private_key structure
+  _ecKey.curve = 23;
+  _ecKey.x = (unsigned char*)ecc508KeySlot;
+  _ecKey.xlen = 32;
+
+  _ecCert.data = (unsigned char*)cert;
+  _ecCert.data_len = certLength;
+}
+
 int BearSSLClient::connectSSL(const char* host)
 {
   /*

Diff for: src/BearSSLClient.h

@@ -10,7 +10,6 @@ class BearSSLClient : public Client {
 
 public:
   BearSSLClient(Client& client);
-  BearSSLClient(Client& client, int ecc508KeySlot, const byte cert[], int certLength);
   virtual ~BearSSLClient();
 
   virtual int connect(IPAddress ip, uint16_t port);
@@ -28,6 +27,8 @@ class BearSSLClient : public Client {
 
   using Print::write;
 
+  void setEccSlot(int ecc508KeySlot, const byte cert[], int certLength);
+
 private:
   int connectSSL(const char* host);
   static int clientRead(void *ctx, unsigned char *buf, size_t len);