Merge pull request #308 from bcmi-labs/se050_release

Prepare library to support SE050 crypto device

Author: pennam

Diff for: src/ArduinoIoTCloudTCP.cpp

@@ -28,6 +28,11 @@
   #include "tls/utility/CryptoUtil.h"
 #endif
 
+#ifdef BOARD_HAS_SE050
+  #include "tls/AIoTCSSCert.h"
+  #include "tls/utility/CryptoUtil.h"
+#endif
+
 #ifdef BOARD_HAS_OFFLOADED_ECCX08
 #include <ArduinoECCX08.h>
 #include "tls/utility/CryptoUtil.h"
@@ -203,7 +208,7 @@ int ArduinoIoTCloudTCP::begin(bool const enable_watchdog, String brokerAddress,
   _ota_img_sha256 = sha256_str;
 #endif /* OTA_ENABLED */
 
-  #ifdef BOARD_HAS_OFFLOADED_ECCX08
+#if defined(BOARD_HAS_ECCX08) || defined(BOARD_HAS_OFFLOADED_ECCX08) || defined(BOARD_HAS_SE050)
   if (!_crypto.begin())
   {
     DEBUG_ERROR("_crypto.begin() failed.");
@@ -214,34 +219,29 @@ int ArduinoIoTCloudTCP::begin(bool const enable_watchdog, String brokerAddress,
     DEBUG_ERROR("_crypto.readDeviceId(...) failed.");
     return 0;
   }
-  #endif
+#endif
 
-  #ifdef BOARD_HAS_ECCX08
-  if (!_crypto.begin())
-  {
-    DEBUG_ERROR("Cryptography processor failure. Make sure you have a compatible board.");
-    return 0;
-  }
-  if (!_crypto.readDeviceId(getDeviceId(), CryptoSlot::DeviceId))
-  {
-    DEBUG_ERROR("Cryptography processor read failure.");
-    return 0;
-  }
+#if defined(BOARD_HAS_ECCX08) || defined(BOARD_HAS_SE050)
   if (!_crypto.readCert(_cert, CryptoSlot::CompressedCertificate))
   {
     DEBUG_ERROR("Cryptography certificate reconstruction failure.");
     return 0;
   }
-  _sslClient.setClient(_connection->getClient());
   _sslClient.setEccSlot(static_cast<int>(CryptoSlot::Key), _cert.bytes(), _cert.length());
-  #elif defined(BOARD_ESP)
+#endif
+
+#if defined(BOARD_HAS_ECCX08)
+  _sslClient.setClient(_connection->getClient());
+#elif defined(BOARD_HAS_SE050)
+  _sslClient.appendCustomCACert(AIoTSSCert);
+#elif defined(BOARD_ESP)
   _sslClient.setInsecure();
-  #endif
+#endif
 
   _mqttClient.setClient(_sslClient);
-  #ifdef BOARD_ESP
+#ifdef BOARD_ESP
   _mqttClient.setUsernamePassword(getDeviceId(), _password);
-  #endif
+#endif
   _mqttClient.onMessage(ArduinoIoTCloudTCP::onMessage);
   _mqttClient.setKeepAliveInterval(30 * 1000);
   _mqttClient.setConnectionTimeout(1500);

Diff for: src/ArduinoIoTCloudTCP.h

@@ -31,6 +31,9 @@
   #include "tls/utility/CryptoUtil.h"
 #elif defined(BOARD_ESP)
   #include <WiFiClientSecure.h>
+#elif defined(BOARD_HAS_SE050)
+  #include "tls/utility/CryptoUtil.h"
+  #include <WiFiSSLSE050Client.h>
 #endif
 
 #ifdef BOARD_HAS_OFFLOADED_ECCX08
@@ -71,7 +74,7 @@ class ArduinoIoTCloudTCP: public ArduinoIoTCloudClass
     virtual int  connected     () override;
     virtual void printDebugInfo() override;
 
-    #if defined(BOARD_HAS_ECCX08) || defined(BOARD_HAS_OFFLOADED_ECCX08)
+    #if defined(BOARD_HAS_ECCX08) || defined(BOARD_HAS_OFFLOADED_ECCX08) || defined(BOARD_HAS_SE050)
     int begin(ConnectionHandler & connection, bool const enable_watchdog = true, String brokerAddress = DEFAULT_BROKER_ADDRESS_SECURE_AUTH, uint16_t brokerPort = DEFAULT_BROKER_PORT_SECURE_AUTH);
     #else
     int begin(ConnectionHandler & connection, bool const enable_watchdog = true, String brokerAddress = DEFAULT_BROKER_ADDRESS_USER_PASS_AUTH, uint16_t brokerPort = DEFAULT_BROKER_PORT_USER_PASS_AUTH);
@@ -143,6 +146,10 @@ class ArduinoIoTCloudTCP: public ArduinoIoTCloudClass
     #elif defined(BOARD_ESP)
     WiFiClientSecure _sslClient;
     String _password;
+    #elif defined(BOARD_HAS_SE050)
+    ArduinoIoTCloudCertClass _cert;
+    WiFiSSLSE050Client _sslClient;
+    CryptoUtil _crypto;
     #endif
 
     MqttClient _mqttClient;

Diff for: src/tls/AIoTCSSCert.h

@@ -0,0 +1,48 @@
+/*
+   This file is part of ArduinoIoTBearSSL.
+
+   Copyright 2019 ARDUINO SA (http://www.arduino.cc/)
+
+   This software is released under the GNU General Public License version 3,
+   which covers the main part of ArduinoIoTBearSSL.
+   The terms of this license can be found at:
+   https://www.gnu.org/licenses/gpl-3.0.en.html
+
+   You can be released from the requirements of the above licenses by purchasing
+   a commercial license. Buying such a license is mandatory if you want to modify or
+   otherwise use the software for commercial activities involving the Arduino
+   software without disclosing the source code of your own applications. To purchase
+   a commercial license, send an email to [email protected].
+
+*/
+
+#ifndef _AIOTC_SS_CERT_H_
+#define _AIOTC_SS_CERT_H_
+
+/******************************************************************************
+ * INCLUDE
+ ******************************************************************************/
+
+#include <AIoTC_Config.h>
+#ifdef BOARD_HAS_SE050
+
+/******************************************************************************
+ * CONSTANTS
+ ******************************************************************************/
+static const char AIoTSSCert[] =
+"-----BEGIN CERTIFICATE-----\n"
+"MIIBzzCCAXSgAwIBAgIUHxAd66fhJecnwaOR4+wNF03tSlkwCgYIKoZIzj0EAwIw\n"
+"RTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkFyZHVpbm8gTExDIFVTMQswCQYDVQQL\n"
+"EwJJVDEQMA4GA1UEAxMHQXJkdWlubzAeFw0xODA3MjQwOTQ3MDBaFw00ODA3MTYw\n"
+"OTQ3MDBaMEUxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5BcmR1aW5vIExMQyBVUzEL\n"
+"MAkGA1UECxMCSVQxEDAOBgNVBAMTB0FyZHVpbm8wWTATBgcqhkjOPQIBBggqhkjO\n"
+"PQMBBwNCAARtd2xaz2EcfUSYUfJe4QJAd7ecvUmio4xOq16YrIL8aVtEIne0TS6O\n"
+"3ypxwTls1jkUvdlrGEtL7LPV7kKJiVUio0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYD\n"
+"VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUWz4qa47JsBqoVOY2m4wJ+fzhuYAwCgYI\n"
+"KoZIzj0EAwIDSQAwRgIhAL/T3CNmaLUK3D8NDsNz4grH92CqEA3TIL/hApabawXY\n"
+"AiEA6tnZ2lrNElKXCajtZg/hjWRE/+giFzBP8riar8qOz2w=\n"
+"-----END CERTIFICATE-----\n";
+
+#endif /* #ifdef BOARD_HAS_SE050 */
+
+#endif /* _AIOTC_SS_CERT_H_ */

Diff for: src/tls/bearssl/dec32be.c

@@ -23,7 +23,7 @@
  */
 
 #include <AIoTC_Config.h>
-#if defined(BOARD_HAS_ECCX08) || defined(BOARD_HAS_OFFLOADED_ECCX08)
+#if defined(BOARD_HAS_ECCX08) || defined(BOARD_HAS_OFFLOADED_ECCX08) || defined(BOARD_HAS_SE050)
 
 #include "inner.h"
 

Diff for: src/tls/bearssl/enc32be.c

@@ -23,7 +23,7 @@
  */
 
 #include <AIoTC_Config.h>
-#if defined(BOARD_HAS_ECCX08) || defined(BOARD_HAS_OFFLOADED_ECCX08)
+#if defined(BOARD_HAS_ECCX08) || defined(BOARD_HAS_OFFLOADED_ECCX08) || defined(BOARD_HAS_SE050)
 
 #include "inner.h"
 

Diff for: src/tls/bearssl/sha2small.c

@@ -23,7 +23,7 @@
  */
 
 #include <AIoTC_Config.h>
-#if defined(BOARD_HAS_ECCX08) || defined(BOARD_HAS_OFFLOADED_ECCX08)
+#if defined(BOARD_HAS_ECCX08) || defined(BOARD_HAS_OFFLOADED_ECCX08) || defined(BOARD_HAS_SE050)
 
 #include "inner.h"
 

Diff for: src/tls/utility/Cert.cpp

@@ -23,7 +23,7 @@
 
 #include <AIoTC_Config.h>
 
-#if defined(BOARD_HAS_ECCX08) || defined(BOARD_HAS_OFFLOADED_ECCX08)
+#if defined(BOARD_HAS_ECCX08) || defined(BOARD_HAS_OFFLOADED_ECCX08) || defined(BOARD_HAS_SE050)
 
 #include "Cert.h"
 
@@ -915,4 +915,4 @@ int ArduinoIoTCloudCertClass::appendAuthorityKeyId(const byte authorityKeyId[],
   return length + 17;
 }
 
-#endif /* (BOARD_HAS_ECCX08) || defined(BOARD_HAS_OFFLOADED_ECCX08) */
+#endif /* (BOARD_HAS_ECCX08) || defined(BOARD_HAS_OFFLOADED_ECCX08) || defined(BOARD_HAS_SE050) */

Diff for: src/tls/utility/Cert.h

@@ -24,7 +24,7 @@
 
 #include <AIoTC_Config.h>
 
-#if defined(BOARD_HAS_ECCX08) || defined(BOARD_HAS_OFFLOADED_ECCX08)
+#if defined(BOARD_HAS_ECCX08) || defined(BOARD_HAS_OFFLOADED_ECCX08) || defined(BOARD_HAS_SE050)
 
 /******************************************************************************
  * DEFINE
@@ -182,6 +182,6 @@ class ArduinoIoTCloudCertClass {
 
 };
 
-#endif /* BOARD_HAS_ECCX08 || BOARD_HAS_OFFLOADED_ECCX08 */
+#endif /* BOARD_HAS_ECCX08 || BOARD_HAS_OFFLOADED_ECCX08 || BOARD_HAS_SE050*/
 
 #endif /* ARDUINO_IOT_CLOUD_CERT_H */

Diff for: src/tls/utility/CryptoUtil.cpp

@@ -21,7 +21,7 @@
 
 #include <AIoTC_Config.h>
 
-#if defined(BOARD_HAS_ECCX08) || defined(BOARD_HAS_OFFLOADED_ECCX08)
+#if defined(BOARD_HAS_ECCX08) || defined(BOARD_HAS_OFFLOADED_ECCX08) || defined(BOARD_HAS_SE050)
 
 #include "CryptoUtil.h"
 #include "SHA256.h"
@@ -36,7 +36,11 @@
  * CTOR/DTOR
  **************************************************************************************/
 CryptoUtil::CryptoUtil()
+#if defined(BOARD_HAS_SE050)
+: _crypto {SE05X}
+#else
 : _crypto {ECCX08}
+#endif
 {
 
 }
@@ -133,18 +137,35 @@ int CryptoUtil::writeDeviceId(String & device_id, const CryptoSlot device_id_slo
 
 int CryptoUtil::writeCert(ArduinoIoTCloudCertClass & cert, const CryptoSlot certSlot)
 {
+#if defined(BOARD_HAS_SE050)
+  if (!_crypto.writeSlot(static_cast<int>(certSlot), cert.bytes(), cert.length())) {
+    return 0;
+  }
+#else
   if (!_crypto.writeSlot(static_cast<int>(certSlot), cert.compressedCertSignatureAndDatesBytes(), cert.compressedCertSignatureAndDatesLength())) {
     return 0;
   }
 
   if (!_crypto.writeSlot(static_cast<int>(certSlot) + 1, cert.compressedCertSerialAndAuthorityKeyIdBytes(), cert.compressedCertSerialAndAuthorityKeyIdLenght())) {
     return 0;
   }
+#endif
   return 1;
 }
 
 int CryptoUtil::readCert(ArduinoIoTCloudCertClass & cert, const CryptoSlot certSlot)
 {
+#if defined(BOARD_HAS_SE050)
+  byte derBuffer[CRYPTO_CERT_BUFFER_LENGTH];
+  size_t derLen;
+  if (!_crypto.readBinaryObject(static_cast<int>(certSlot), derBuffer, sizeof(derBuffer), &derLen)) {
+    return 0;
+  }
+
+  if (!cert.importCert(derBuffer, derLen)) {
+    return 0;
+  }
+#else
   String deviceId;
   byte publicKey[CERT_PUBLIC_KEY_LENGTH];
 
@@ -183,7 +204,8 @@ int CryptoUtil::readCert(ArduinoIoTCloudCertClass & cert, const CryptoSlot certS
   if (!cert.signCert()) {
     return 0;
   }
+#endif
   return 1;
 }
 
-#endif /* (BOARD_HAS_ECCX08) || defined(BOARD_HAS_OFFLOADED_ECCX08) */
+#endif /* (BOARD_HAS_ECCX08) || defined(BOARD_HAS_OFFLOADED_ECCX08) || defined(BOARD_HAS_SE050) */

Diff for: src/tls/utility/CryptoUtil.h

@@ -24,20 +24,34 @@
 
 #include <AIoTC_Config.h>
 
-#if defined(BOARD_HAS_ECCX08) || defined(BOARD_HAS_OFFLOADED_ECCX08)
+#if defined(BOARD_HAS_ECCX08) || defined(BOARD_HAS_OFFLOADED_ECCX08) || defined(BOARD_HAS_SE050)
 #include <Arduino.h>
 #include "Cert.h"
+
+#if defined(BOARD_HAS_SE050)
+#include <SE05X.h>
+#else
 #include <ArduinoECCX08.h>
+#endif
+
+/******************************************************************************
+ * DEFINE
+ ******************************************************************************/
+#if defined(BOARD_HAS_SE050)
+#define CRYPTO_SLOT_OFFSET                100
+#else
+#define CRYPTO_SLOT_OFFSET                0
+#endif
 
 /******************************************************************************
    TYPEDEF
  ******************************************************************************/
 enum class CryptoSlot : int
 {
-  Key                                   = 0,
-  CompressedCertificate                 = 10,
-  SerialNumberAndAuthorityKeyIdentifier = 11,
-  DeviceId                              = 12
+  Key                                   = (0  + CRYPTO_SLOT_OFFSET),
+  CompressedCertificate                 = (10 + CRYPTO_SLOT_OFFSET),
+  SerialNumberAndAuthorityKeyIdentifier = (11 + CRYPTO_SLOT_OFFSET),
+  DeviceId                              = (12 + CRYPTO_SLOT_OFFSET)
 };
 
 /******************************************************************************
@@ -64,10 +78,14 @@ class CryptoUtil
   int readCert(ArduinoIoTCloudCertClass & cert, const CryptoSlot certSlot);
 
 private:
+#if defined(BOARD_HAS_SE050)
+  SE05XClass & _crypto;
+#else
   ECCX08Class & _crypto;
+#endif
 
 };
 
-#endif /* BOARD_HAS_ECCX08 || BOARD_HAS_OFFLOADED_ECCX08 */
+#endif /* BOARD_HAS_ECCX08 || BOARD_HAS_OFFLOADED_ECCX08 || BOARD_HAS_SE050 */
 
 #endif /* ARDUINO_IOT_CLOUD_UTILITY_CRYPTO_CRYPTO_UTIL_H_ */