From bbbbd604104c67f2e1b3e09ddebee0beeca55026 Mon Sep 17 00:00:00 2001 From: pennam Date: Tue, 19 Mar 2024 10:52:32 +0100 Subject: [PATCH 01/11] BearSSLClient: allow configuration after object creation --- src/tls/BearSSLClient.cpp | 24 ++++++++++++++++++------ src/tls/BearSSLClient.h | 7 ++++++- 2 files changed, 24 insertions(+), 7 deletions(-) diff --git a/src/tls/BearSSLClient.cpp b/src/tls/BearSSLClient.cpp index cdc58794f..a92b42078 100644 --- a/src/tls/BearSSLClient.cpp +++ b/src/tls/BearSSLClient.cpp @@ -34,18 +34,30 @@ #include "BearSSLClient.h" -extern "C" void aiotc_client_profile_init(br_ssl_client_context *cc, br_x509_minimal_context *xc, const br_x509_trust_anchor *trust_anchors, size_t trust_anchors_num); +bool BearSSLClient::_sslio_closing = false; +extern "C" void aiotc_client_profile_init(br_ssl_client_context *cc, br_x509_minimal_context *xc, const br_x509_trust_anchor *trust_anchors, size_t trust_anchors_num); -bool BearSSLClient::_sslio_closing = false; +BearSSLClient::BearSSLClient() : + _noSNI(false), + _get_time_func(nullptr) +{ + _ecKey.curve = 0; + _ecKey.x = NULL; + _ecKey.xlen = 0; + _ecCert.data = NULL; + _ecCert.data_len = 0; + _ecCertDynamic = false; +} BearSSLClient::BearSSLClient(Client* client, const br_x509_trust_anchor* myTAs, int myNumTAs, GetTimeCallbackFunc func) : _client(client), _TAs(myTAs), _numTAs(myNumTAs), _noSNI(false), - _get_time_func(func) + _get_time_func(func), + _br_ssl_client_init_function(aiotc_client_profile_init) { assert(_get_time_func != nullptr); @@ -266,8 +278,8 @@ int BearSSLClient::connectSSL(const char* host) /* Ensure this flag is cleared so we don't terminate a just starting connection. */ _sslio_closing = false; - // initialize client context with all necessary algorithms and hardcoded trust anchors. - aiotc_client_profile_init(&_sc, &_xc, _TAs, _numTAs); + // initialize client context with enabled algorithms and trust anchors + _br_ssl_client_init_function(&_sc, &_xc, _TAs, _numTAs); br_ssl_engine_set_buffers_bidi(&_sc.eng, _ibuf, sizeof(_ibuf), _obuf, sizeof(_obuf)); @@ -278,7 +290,7 @@ int BearSSLClient::connectSSL(const char* host) // ECC508 random success, add custom ECDSA vfry and EC sign br_ssl_engine_set_ecdsa(&_sc.eng, eccX08_vrfy_asn1); br_x509_minimal_set_ecdsa(&_xc, br_ssl_engine_get_ec(&_sc.eng), br_ssl_engine_get_ecdsa(&_sc.eng)); - + // enable client auth using the ECCX08 if (_ecCert.data_len && _ecKey.xlen) { br_ssl_client_set_single_ec(&_sc, &_ecCert, 1, &_ecKey, BR_KEYTYPE_KEYX | BR_KEYTYPE_SIGN, BR_KEYTYPE_EC, br_ec_get_default(), eccX08_sign_asn1); diff --git a/src/tls/BearSSLClient.h b/src/tls/BearSSLClient.h index 457ef92f0..6ea64c714 100644 --- a/src/tls/BearSSLClient.h +++ b/src/tls/BearSSLClient.h @@ -48,11 +48,14 @@ class BearSSLClient : public Client { public: BearSSLClient(Client* client, const br_x509_trust_anchor* myTAs, int myNumTAs, GetTimeCallbackFunc func); + BearSSLClient(); virtual ~BearSSLClient(); inline void setClient(Client& client) { _client = &client; } - + inline void setProfile(void(*client_init_function)(br_ssl_client_context *cc, br_x509_minimal_context *xc, const br_x509_trust_anchor *trust_anchors, size_t trustrust_anchorst_anchors_num)) { _br_ssl_client_init_function = client_init_function; } + inline void setTrustAnchors(const br_x509_trust_anchor* myTAs, int myNumTAs) { _TAs = myTAs; _numTAs = myNumTAs; } + inline void onGetTime(GetTimeCallbackFunc callback) { _get_time_func = callback;} virtual int connect(IPAddress ip, uint16_t port); virtual int connect(const char* host, uint16_t port); @@ -103,6 +106,8 @@ class BearSSLClient : public Client { unsigned char _ibuf[BEAR_SSL_CLIENT_IBUF_SIZE]; unsigned char _obuf[BEAR_SSL_CLIENT_OBUF_SIZE]; br_sslio_context _ioc; + + void (*_br_ssl_client_init_function)(br_ssl_client_context *cc, br_x509_minimal_context *xc, const br_x509_trust_anchor *trust_anchors, size_t trust_anchors_num); }; #endif /* #ifdef BOARD_HAS_ECCX08 */ From 9731f86df40630e294d3a631c2407debdfa89a3d Mon Sep 17 00:00:00 2001 From: Andrea Gilardoni Date: Tue, 16 Apr 2024 16:29:45 +0200 Subject: [PATCH 02/11] BearSSLClient: allow clients to stop independently making _sslio_closing not static anymore, so that we are able to stop bearsslclients independently from one another --- src/tls/BearSSLClient.cpp | 23 ++++++++++++----------- src/tls/BearSSLClient.h | 2 +- 2 files changed, 13 insertions(+), 12 deletions(-) diff --git a/src/tls/BearSSLClient.cpp b/src/tls/BearSSLClient.cpp index a92b42078..1ebd78653 100644 --- a/src/tls/BearSSLClient.cpp +++ b/src/tls/BearSSLClient.cpp @@ -34,13 +34,12 @@ #include "BearSSLClient.h" -bool BearSSLClient::_sslio_closing = false; - extern "C" void aiotc_client_profile_init(br_ssl_client_context *cc, br_x509_minimal_context *xc, const br_x509_trust_anchor *trust_anchors, size_t trust_anchors_num); BearSSLClient::BearSSLClient() : _noSNI(false), - _get_time_func(nullptr) + _get_time_func(nullptr), + _sslio_closing(false) { _ecKey.curve = 0; _ecKey.x = NULL; @@ -172,7 +171,7 @@ void BearSSLClient::stop() { if (_client->connected()) { if ((br_ssl_engine_current_state(&_sc.eng) & BR_SSL_CLOSED) == 0) { - BearSSLClient::_sslio_closing = true; + _sslio_closing = true; br_sslio_close(&_ioc); } @@ -314,7 +313,7 @@ int BearSSLClient::connectSSL(const char* host) br_x509_minimal_set_time(&_xc, days, sec); // use our own socket I/O operations - br_sslio_init(&_ioc, &_sc.eng, BearSSLClient::clientRead, _client, BearSSLClient::clientWrite, _client); + br_sslio_init(&_ioc, &_sc.eng, BearSSLClient::clientRead, this, BearSSLClient::clientWrite, this); br_sslio_flush(&_ioc); @@ -335,12 +334,13 @@ int BearSSLClient::connectSSL(const char* host) int BearSSLClient::clientRead(void *ctx, unsigned char *buf, size_t len) { - if (BearSSLClient::_sslio_closing) { + BearSSLClient* bc = (BearSSLClient*)ctx; + Client* c = bc->_client; + + if(bc->_sslio_closing) { return -1; } - Client* c = (Client*)ctx; - if (!c->connected()) { return -1; } @@ -370,12 +370,13 @@ int BearSSLClient::clientRead(void *ctx, unsigned char *buf, size_t len) int BearSSLClient::clientWrite(void *ctx, const unsigned char *buf, size_t len) { - if (BearSSLClient::_sslio_closing) { + BearSSLClient* bc = (BearSSLClient*)ctx; + Client* c = bc->_client; + + if(bc->_sslio_closing) { return -1; } - Client* c = (Client*)ctx; - #ifdef DEBUGSERIAL DEBUGSERIAL.print("BearSSLClient::clientWrite - "); DEBUGSERIAL.print(len); diff --git a/src/tls/BearSSLClient.h b/src/tls/BearSSLClient.h index 6ea64c714..2979eebf4 100644 --- a/src/tls/BearSSLClient.h +++ b/src/tls/BearSSLClient.h @@ -100,7 +100,7 @@ class BearSSLClient : public Client { br_x509_certificate _ecCert; bool _ecCertDynamic; - static bool _sslio_closing; + bool _sslio_closing; br_ssl_client_context _sc; br_x509_minimal_context _xc; unsigned char _ibuf[BEAR_SSL_CLIENT_IBUF_SIZE]; From 356d0c78a999545ca96f291af3e4f4445e9fe7e3 Mon Sep 17 00:00:00 2001 From: Andrea Gilardoni Date: Tue, 16 Apr 2024 16:31:53 +0200 Subject: [PATCH 03/11] BearSSLClient: removing trailing white spaces --- src/tls/BearSSLClient.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/tls/BearSSLClient.cpp b/src/tls/BearSSLClient.cpp index 1ebd78653..995718e93 100644 --- a/src/tls/BearSSLClient.cpp +++ b/src/tls/BearSSLClient.cpp @@ -196,7 +196,7 @@ uint8_t BearSSLClient::connected() BearSSLClient::operator bool() { - return (*_client); + return (*_client); } void BearSSLClient::setInsecure(SNI insecure) @@ -353,7 +353,7 @@ int BearSSLClient::clientRead(void *ctx, unsigned char *buf, size_t len) #ifdef DEBUGSERIAL DEBUGSERIAL.print("BearSSLClient::clientRead - "); DEBUGSERIAL.print(result); - DEBUGSERIAL.print(" - "); + DEBUGSERIAL.print(" - "); for (size_t i = 0; i < result; i++) { byte b = buf[i]; From 891c85f9edf19719d9f03ac8c08083ec9eb1af1b Mon Sep 17 00:00:00 2001 From: Andrea Gilardoni Date: Tue, 16 Apr 2024 16:39:08 +0200 Subject: [PATCH 04/11] BearSSLClient: adding FIXME comment --- src/tls/BearSSLClient.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/tls/BearSSLClient.h b/src/tls/BearSSLClient.h index 2979eebf4..32fb18727 100644 --- a/src/tls/BearSSLClient.h +++ b/src/tls/BearSSLClient.h @@ -100,6 +100,11 @@ class BearSSLClient : public Client { br_x509_certificate _ecCert; bool _ecCertDynamic; + /* FIXME By introducing _sslio_closing we are overriding the correct behaviour of SSL protocol + * where the client is require to correctly close the ssl session. In the way we use it + * we are blocking bearssl from sending any data on the underlying level, this fix requires + * further investigation in the bearssl code + */ bool _sslio_closing; br_ssl_client_context _sc; br_x509_minimal_context _xc; From 07b1a6ed4cb6addbc0c7a5b57578ad2dbf215603 Mon Sep 17 00:00:00 2001 From: pennam Date: Tue, 19 Mar 2024 09:28:15 +0100 Subject: [PATCH 05/11] Add TLSClientMqtt --- src/tls/utility/TLSClientMqtt.cpp | 68 ++++++++++++++++++++++++++++++ src/tls/utility/TLSClientMqtt.h | 69 +++++++++++++++++++++++++++++++ 2 files changed, 137 insertions(+) create mode 100644 src/tls/utility/TLSClientMqtt.cpp create mode 100644 src/tls/utility/TLSClientMqtt.h diff --git a/src/tls/utility/TLSClientMqtt.cpp b/src/tls/utility/TLSClientMqtt.cpp new file mode 100644 index 000000000..8c6c3f529 --- /dev/null +++ b/src/tls/utility/TLSClientMqtt.cpp @@ -0,0 +1,68 @@ +/* + This file is part of the ArduinoIoTCloud library. + + Copyright (c) 2024 Arduino SA + + This Source Code Form is subject to the terms of the Mozilla Public + License, v. 2.0. If a copy of the MPL was not distributed with this + file, You can obtain one at http://mozilla.org/MPL/2.0/. +*/ + +#include + +#ifdef HAS_TCP + +#include "TLSClientMqtt.h" + +#if defined(BOARD_HAS_SECRET_KEY) + #include "tls/AIoTCUPCert.h" +#endif + +#if defined(BOARD_HAS_SE050) || defined(BOARD_HAS_SOFTSE) + #include "tls/AIoTCSSCert.h" +#endif + +#ifdef BOARD_HAS_ECCX08 + #include "tls/BearSSLTrustAnchors.h" + extern "C" { + void aiotc_client_profile_init(br_ssl_client_context *cc, + br_x509_minimal_context *xc, + const br_x509_trust_anchor *trust_anchors, + size_t trust_anchors_num); + unsigned long getTime(); + } +#endif + +void TLSClientMqtt::begin(ConnectionHandler & connection) { + +#if defined(BOARD_HAS_OFFLOADED_ECCX08) + /* Arduino Root CA is configured in nina-fw + * https://github.com/arduino/nina-fw/blob/master/arduino/libraries/ArduinoBearSSL/src/BearSSLTrustAnchors.h + */ +#elif defined(BOARD_HAS_ECCX08) + setClient(connection.getClient()); + setProfile(aiotc_client_profile_init); + setTrustAnchors(ArduinoIoTCloudTrustAnchor, ArduinoIoTCloudTrustAnchor_NUM); + onGetTime(getTime); +#elif defined(ARDUINO_PORTENTA_C33) + setClient(connection.getClient()); + setCACert(AIoTSSCert); +#elif defined(ARDUINO_NICLA_VISION) + appendCustomCACert(AIoTSSCert); +#elif defined(ARDUINO_EDGE_CONTROL) + appendCustomCACert(AIoTUPCert); +#elif defined(ARDUINO_UNOR4_WIFI) + /* Arduino Root CA is configured in uno-r4-wifi-usb-bridge fw >= 0.4.1 + * https://github.com/arduino/uno-r4-wifi-usb-bridge/blob/main/certificates/cacrt_all.pem + * Boards using username/password authentication relies on Starfield Class 2 CA + * also present in older firmware revisions + * https://github.com/arduino/uno-r4-wifi-usb-bridge/blob/f09ca94fdcab845b8368d4435fdac9f6999d21d2/certificates/certificates.pem#L852 + */ +#elif defined(ARDUINO_ARCH_ESP32) + setCACertBundle(x509_crt_bundle); +#elif defined(ARDUINO_ARCH_ESP8266) + setInsecure(); +#endif +} + +#endif diff --git a/src/tls/utility/TLSClientMqtt.h b/src/tls/utility/TLSClientMqtt.h new file mode 100644 index 000000000..837e76dec --- /dev/null +++ b/src/tls/utility/TLSClientMqtt.h @@ -0,0 +1,69 @@ +/* + This file is part of the ArduinoIoTCloud library. + + Copyright (c) 2024 Arduino SA + + This Source Code Form is subject to the terms of the Mozilla Public + License, v. 2.0. If a copy of the MPL was not distributed with this + file, You can obtain one at http://mozilla.org/MPL/2.0/. +*/ + +#pragma once + +#include +#include + +#if defined(BOARD_HAS_OFFLOADED_ECCX08) + /* + * Arduino MKR WiFi1010 - WiFi + * Arduino NANO 33 IoT - WiFi + */ + #include "WiFiSSLClient.h" + class TLSClientMqtt : public WiFiBearSSLClient { +#elif defined(BOARD_HAS_ECCX08) + /* + * Arduino MKR GSM 1400 + * Arduino MKR NB 1500 + * Arduino Portenta H7 + * Arduino Giga R1 + * OPTA + */ + #include + class TLSClientMqtt : public BearSSLClient { +#elif defined(ARDUINO_PORTENTA_C33) + /* + * Arduino Portenta C33 + */ + #include + class TLSClientMqtt : public SSLClient { +#elif defined(ARDUINO_NICLA_VISION) + /* + * Arduino Nicla Vision + */ + #include + class TLSClientMqtt : public WiFiSSLSE050Client { +#elif defined(ARDUINO_EDGE_CONTROL) + /* + * Arduino Edge Control + */ + #include + class TLSClientMqtt : public GSMSSLClient { +#elif defined(ARDUINO_UNOR4_WIFI) + /* + * Arduino UNO R4 WiFi + */ + #include + class TLSClientMqtt : public WiFiSSLClient { +#elif defined(BOARD_ESP) + /* + * ESP32* + * ESP82* + */ + #include + class TLSClientMqtt : public WiFiClientSecure { +#endif + +public: + void begin(ConnectionHandler & connection); + +}; From 5de85593f9258f51f73d990825770a4c49ec7bcc Mon Sep 17 00:00:00 2001 From: pennam Date: Mon, 25 Mar 2024 15:57:35 +0100 Subject: [PATCH 06/11] Add TLSClientOta --- src/tls/utility/TLSClientOta.cpp | 64 +++++++++++++++++++++ src/tls/utility/TLSClientOta.h | 96 ++++++++++++++++++++++++++++++++ 2 files changed, 160 insertions(+) create mode 100644 src/tls/utility/TLSClientOta.cpp create mode 100644 src/tls/utility/TLSClientOta.h diff --git a/src/tls/utility/TLSClientOta.cpp b/src/tls/utility/TLSClientOta.cpp new file mode 100644 index 000000000..8aabf652e --- /dev/null +++ b/src/tls/utility/TLSClientOta.cpp @@ -0,0 +1,64 @@ +/* + This file is part of the ArduinoIoTCloud library. + + Copyright (c) 2024 Arduino SA + + This Source Code Form is subject to the terms of the Mozilla Public + License, v. 2.0. If a copy of the MPL was not distributed with this + file, You can obtain one at http://mozilla.org/MPL/2.0/. +*/ + +#include + +#if defined(HAS_TCP) && OTA_ENABLED + +#include "TLSClientOta.h" + +#if defined(BOARD_HAS_SECRET_KEY) + #include "tls/AIoTCUPCert.h" +#endif + +#if defined(BOARD_HAS_SE050) || defined(BOARD_HAS_SOFTSE) + #include "tls/AIoTCSSCert.h" +#endif + +#ifdef BOARD_HAS_ECCX08 + #include "tls/BearSSLTrustAnchors.h" + extern "C" { + void aiotc_client_profile_init(br_ssl_client_context *cc, + br_x509_minimal_context *xc, + const br_x509_trust_anchor *trust_anchors, + size_t trust_anchors_num); + unsigned long getTime(); + } +#endif + +void TLSClientOta::begin(ConnectionHandler &connection) { +#if defined(BOARD_HAS_OFFLOADED_ECCX08) + /* AWS Root CAs are configured in nina-fw + * https://github.com/arduino/nina-fw/blob/master/data/roots.pem + */ +#elif defined(BOARD_HAS_ECCX08) + setClient(*getNewClient(connection.getInterface())); + setProfile(aiotc_client_profile_init); + setTrustAnchors(ArduinoIoTCloudTrustAnchor, ArduinoIoTCloudTrustAnchor_NUM); + onGetTime(getTime); +#elif defined(ARDUINO_PORTENTA_C33) + setClient(*getNewClient(connection.getInterface())); + setCACert(AIoTSSCert); +#elif defined(ARDUINO_NICLA_VISION) + appendCustomCACert(AIoTSSCert); +#elif defined(ARDUINO_EDGE_CONTROL) + appendCustomCACert(AIoTUPCert); +#elif defined(ARDUINO_UNOR4_WIFI) + /* AWS Root CAs are configured in uno-r4-wifi-usb-bridge/libraries/Arduino_ESP32_OTA + * https://github.com/arduino-libraries/Arduino_ESP32_OTA/blob/fc755e7d1d3946232107e2590662ee08d6ccdec4/src/tls/amazon_root_ca.h + */ +#elif defined(ARDUINO_ARCH_ESP32) + setCACertBundle(x509_crt_bundle); +#elif defined(ARDUINO_ARCH_ESP8266) + setInsecure(); +#endif +} + +#endif diff --git a/src/tls/utility/TLSClientOta.h b/src/tls/utility/TLSClientOta.h new file mode 100644 index 000000000..3e76433ab --- /dev/null +++ b/src/tls/utility/TLSClientOta.h @@ -0,0 +1,96 @@ +/* + This file is part of the ArduinoIoTCloud library. + + Copyright (c) 2024 Arduino SA + + This Source Code Form is subject to the terms of the Mozilla Public + License, v. 2.0. If a copy of the MPL was not distributed with this + file, You can obtain one at http://mozilla.org/MPL/2.0/. +*/ + +#pragma once + +#include +#include + +#if defined(BOARD_HAS_OFFLOADED_ECCX08) + /* + * Arduino MKR WiFi1010 - WiFi + * Arduino NANO 33 IoT - WiFi + */ + #include "WiFiSSLClient.h" + class TLSClientOta : public WiFiBearSSLClient { +#elif defined(BOARD_HAS_ECCX08) + /* + * Arduino MKR GSM 1400 + * Arduino MKR NB 1500 + * Arduino Portenta H7 + * Arduino Giga R1 + * OPTA + */ + #include + class TLSClientOta : public BearSSLClient { +#elif defined(ARDUINO_PORTENTA_C33) + /* + * Arduino Portenta C33 + */ + #include + class TLSClientOta : public SSLClient { +#elif defined(ARDUINO_NICLA_VISION) + /* + * Arduino Nicla Vision + */ + #include + class TLSClientOta : public WiFiSSLSE050Client { +#elif defined(ARDUINO_EDGE_CONTROL) + /* + * Arduino Edge Control + */ + #include + class TLSClientOta : public GSMSSLClient { +#elif defined(ARDUINO_UNOR4_WIFI) + /* + * Arduino UNO R4 WiFi + */ + #include + class TLSClientOta : public WiFiSSLClient { +#elif defined(BOARD_ESP) + /* + * ESP32* + * ESP82* + */ + #include + class TLSClientOta : public WiFiClientSecure { +#endif + +public: + void begin(ConnectionHandler & connection); + +private: + inline Client* getNewClient(NetworkAdapter net) { + switch(net) { +#ifdef BOARD_HAS_WIFI + case NetworkAdapter::WIFI: + return new WiFiClient(); +#endif // BOARD_HAS_WIFI +#ifdef BOARD_HAS_ETHERNET + case NetworkAdapter::ETHERNET: + return new EthernetClient(); +#endif // BOARD_HAS_ETHERNET +#ifdef BOARD_HAS_NB + case NetworkAdapter::NB: + return new NBClient(); +#endif // BOARD_HAS_NB +#ifdef BOARD_HAS_GSM + case NetworkAdapter::GSM: + return new GSMClient(); +#endif // BOARD_HAS_GSM +#ifdef BOARD_HAS_CATM1_NBIOT + case NetworkAdapter::CATM1: + return new GSMClient(); +#endif // BOARD_HAS_CATM1_NBIOT + default: + return nullptr; + } + } +}; From f8f635c3f543416371cf5b434a450bb53d81915c Mon Sep 17 00:00:00 2001 From: pennam Date: Mon, 25 Mar 2024 15:54:19 +0100 Subject: [PATCH 07/11] BearSLL: increase input buffer size to allow file downloading --- src/AIoTC_Config.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/AIoTC_Config.h b/src/AIoTC_Config.h index dad0c38ac..26bc377ad 100644 --- a/src/AIoTC_Config.h +++ b/src/AIoTC_Config.h @@ -115,9 +115,14 @@ #endif #if defined(ARDUINO_PORTENTA_H7_M7) || defined(ARDUINO_NICLA_VISION) || defined(ARDUINO_OPTA) || defined(ARDUINO_GIGA) + #define BEAR_SSL_CLIENT_IBUF_SIZE (16384 + 325) // Allows download from storage API #define BOARD_STM32H7 #endif +#if defined(ARDUINO_NANO_RP2040_CONNECT) + #define BEAR_SSL_CLIENT_IBUF_SIZE (16384 + 325) // Allows download from storage API +#endif + #if defined(ARDUINO_EDGE_CONTROL) #define BOARD_HAS_SECRET_KEY #define HAS_TCP From 5a69c2eb9d2cfce8772269611f0791649961f3d0 Mon Sep 17 00:00:00 2001 From: Andrea Gilardoni Date: Wed, 17 Apr 2024 17:13:45 +0200 Subject: [PATCH 08/11] Removing x509_crt_bundle_len since not used anywhere --- src/tls/AIoTCUPCert.h | 1 - 1 file changed, 1 deletion(-) diff --git a/src/tls/AIoTCUPCert.h b/src/tls/AIoTCUPCert.h index 330b8cb78..46a933d73 100644 --- a/src/tls/AIoTCUPCert.h +++ b/src/tls/AIoTCUPCert.h @@ -224,7 +224,6 @@ static const unsigned char x509_crt_bundle[] = { 0x75, 0x40, 0x60, 0x17, 0x85, 0x02, 0x55, 0x39, 0x8b, 0x7f, 0x05, 0x02, 0x03, 0x01, 0x00, 0x01 }; -unsigned int x509_crt_bundle_len = 2164; #elif defined (ARDUINO_EDGE_CONTROL) /* From 828dc5377104d0ddb1619778cce99656dc89a922 Mon Sep 17 00:00:00 2001 From: pennam Date: Tue, 9 Apr 2024 09:46:42 +0200 Subject: [PATCH 09/11] Add ArduinoLCC certificate inside certificate bundle --- src/tls/AIoTCUPCert.h | 157 +++++++++++++++++++++++------------------- 1 file changed, 86 insertions(+), 71 deletions(-) diff --git a/src/tls/AIoTCUPCert.h b/src/tls/AIoTCUPCert.h index 46a933d73..1e942bcb8 100644 --- a/src/tls/AIoTCUPCert.h +++ b/src/tls/AIoTCUPCert.h @@ -38,11 +38,12 @@ * https://www.amazontrust.com/repository/AmazonRootCA4.pem * https://www.amazontrust.com/repository/SFSRootCAG2.pem * https://certs.secureserver.net/repository/sf-class2-root.crt + * https://iot.arduino.cc */ static const unsigned char x509_crt_bundle[] = { - 0x00, 0x06, 0x00, 0x3b, 0x01, 0x26, 0x30, 0x39, 0x31, 0x0b, 0x30, 0x09, + 0x00, 0x07, 0x00, 0x3b, 0x01, 0x26, 0x30, 0x39, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x06, 0x41, 0x6d, 0x61, 0x7a, 0x6f, 0x6e, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, @@ -151,78 +152,92 @@ static const unsigned char x509_crt_bundle[] = { 0xe0, 0xe3, 0xbd, 0x5f, 0x84, 0x62, 0xf3, 0x70, 0x64, 0x33, 0xa0, 0xcb, 0x24, 0x2f, 0x70, 0xba, 0x88, 0xa1, 0x2a, 0xa0, 0x75, 0xf8, 0x81, 0xae, 0x62, 0x06, 0xc4, 0x81, 0xdb, 0x39, 0x6e, 0x29, 0xb0, 0x1e, 0xfa, 0x2e, - 0x5c, 0x00, 0x6a, 0x01, 0x24, 0x30, 0x68, 0x31, 0x0b, 0x30, 0x09, 0x06, - 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x25, 0x30, 0x23, - 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x1c, 0x53, 0x74, 0x61, 0x72, 0x66, - 0x69, 0x65, 0x6c, 0x64, 0x20, 0x54, 0x65, 0x63, 0x68, 0x6e, 0x6f, 0x6c, - 0x6f, 0x67, 0x69, 0x65, 0x73, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, - 0x32, 0x30, 0x30, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x29, 0x53, 0x74, - 0x61, 0x72, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x20, 0x43, 0x6c, 0x61, 0x73, - 0x73, 0x20, 0x32, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, - 0x69, 0x74, 0x79, 0x30, 0x82, 0x01, 0x20, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, - 0x01, 0x0d, 0x00, 0x30, 0x82, 0x01, 0x08, 0x02, 0x82, 0x01, 0x01, 0x00, - 0xb7, 0x32, 0xc8, 0xfe, 0xe9, 0x71, 0xa6, 0x04, 0x85, 0xad, 0x0c, 0x11, - 0x64, 0xdf, 0xce, 0x4d, 0xef, 0xc8, 0x03, 0x18, 0x87, 0x3f, 0xa1, 0xab, - 0xfb, 0x3c, 0xa6, 0x9f, 0xf0, 0xc3, 0xa1, 0xda, 0xd4, 0xd8, 0x6e, 0x2b, - 0x53, 0x90, 0xfb, 0x24, 0xa4, 0x3e, 0x84, 0xf0, 0x9e, 0xe8, 0x5f, 0xec, - 0xe5, 0x27, 0x44, 0xf5, 0x28, 0xa6, 0x3f, 0x7b, 0xde, 0xe0, 0x2a, 0xf0, - 0xc8, 0xaf, 0x53, 0x2f, 0x9e, 0xca, 0x05, 0x01, 0x93, 0x1e, 0x8f, 0x66, - 0x1c, 0x39, 0xa7, 0x4d, 0xfa, 0x5a, 0xb6, 0x73, 0x04, 0x25, 0x66, 0xeb, - 0x77, 0x7f, 0xe7, 0x59, 0xc6, 0x4a, 0x99, 0x25, 0x14, 0x54, 0xeb, 0x26, - 0xc7, 0xf3, 0x7f, 0x19, 0xd5, 0x30, 0x70, 0x8f, 0xaf, 0xb0, 0x46, 0x2a, - 0xff, 0xad, 0xeb, 0x29, 0xed, 0xd7, 0x9f, 0xaa, 0x04, 0x87, 0xa3, 0xd4, - 0xf9, 0x89, 0xa5, 0x34, 0x5f, 0xdb, 0x43, 0x91, 0x82, 0x36, 0xd9, 0x66, - 0x3c, 0xb1, 0xb8, 0xb9, 0x82, 0xfd, 0x9c, 0x3a, 0x3e, 0x10, 0xc8, 0x3b, - 0xef, 0x06, 0x65, 0x66, 0x7a, 0x9b, 0x19, 0x18, 0x3d, 0xff, 0x71, 0x51, - 0x3c, 0x30, 0x2e, 0x5f, 0xbe, 0x3d, 0x77, 0x73, 0xb2, 0x5d, 0x06, 0x6c, - 0xc3, 0x23, 0x56, 0x9a, 0x2b, 0x85, 0x26, 0x92, 0x1c, 0xa7, 0x02, 0xb3, - 0xe4, 0x3f, 0x0d, 0xaf, 0x08, 0x79, 0x82, 0xb8, 0x36, 0x3d, 0xea, 0x9c, - 0xd3, 0x35, 0xb3, 0xbc, 0x69, 0xca, 0xf5, 0xcc, 0x9d, 0xe8, 0xfd, 0x64, - 0x8d, 0x17, 0x80, 0x33, 0x6e, 0x5e, 0x4a, 0x5d, 0x99, 0xc9, 0x1e, 0x87, - 0xb4, 0x9d, 0x1a, 0xc0, 0xd5, 0x6e, 0x13, 0x35, 0x23, 0x5e, 0xdf, 0x9b, - 0x5f, 0x3d, 0xef, 0xd6, 0xf7, 0x76, 0xc2, 0xea, 0x3e, 0xbb, 0x78, 0x0d, - 0x1c, 0x42, 0x67, 0x6b, 0x04, 0xd8, 0xf8, 0xd6, 0xda, 0x6f, 0x8b, 0xf2, - 0x44, 0xa0, 0x01, 0xab, 0x02, 0x01, 0x03, 0x00, 0x9b, 0x01, 0x26, 0x30, - 0x81, 0x98, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, - 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, - 0x13, 0x07, 0x41, 0x72, 0x69, 0x7a, 0x6f, 0x6e, 0x61, 0x31, 0x13, 0x30, - 0x11, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x0a, 0x53, 0x63, 0x6f, 0x74, - 0x74, 0x73, 0x64, 0x61, 0x6c, 0x65, 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, + 0x5c, 0x00, 0x47, 0x00, 0x5b, 0x30, 0x45, 0x31, 0x0b, 0x30, 0x09, 0x06, + 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x17, 0x30, 0x15, + 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0e, 0x41, 0x72, 0x64, 0x75, 0x69, + 0x6e, 0x6f, 0x20, 0x4c, 0x4c, 0x43, 0x20, 0x55, 0x53, 0x31, 0x0b, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x02, 0x49, 0x54, 0x31, 0x10, + 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x07, 0x41, 0x72, 0x64, + 0x75, 0x69, 0x6e, 0x6f, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, + 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, + 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x6d, 0x77, 0x6c, 0x5a, 0xcf, + 0x61, 0x1c, 0x7d, 0x44, 0x98, 0x51, 0xf2, 0x5e, 0xe1, 0x02, 0x40, 0x77, + 0xb7, 0x9c, 0xbd, 0x49, 0xa2, 0xa3, 0x8c, 0x4e, 0xab, 0x5e, 0x98, 0xac, + 0x82, 0xfc, 0x69, 0x5b, 0x44, 0x22, 0x77, 0xb4, 0x4d, 0x2e, 0x8e, 0xdf, + 0x2a, 0x71, 0xc1, 0x39, 0x6c, 0xd6, 0x39, 0x14, 0xbd, 0xd9, 0x6b, 0x18, + 0x4b, 0x4b, 0xec, 0xb3, 0xd5, 0xee, 0x42, 0x89, 0x89, 0x55, 0x22, 0x00, + 0x6a, 0x01, 0x24, 0x30, 0x68, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x1c, 0x53, 0x74, 0x61, 0x72, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x20, 0x54, 0x65, 0x63, 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, - 0x69, 0x65, 0x73, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x3b, 0x30, - 0x39, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x32, 0x53, 0x74, 0x61, 0x72, - 0x66, 0x69, 0x65, 0x6c, 0x64, 0x20, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, - 0x65, 0x73, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, - 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, - 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x2d, 0x20, 0x47, 0x32, 0x30, 0x82, - 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, - 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, - 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xd5, 0x0c, 0x3a, 0xc4, 0x2a, - 0xf9, 0x4e, 0xe2, 0xf5, 0xbe, 0x19, 0x97, 0x5f, 0x8e, 0x88, 0x53, 0xb1, - 0x1f, 0x3f, 0xcb, 0xcf, 0x9f, 0x20, 0x13, 0x6d, 0x29, 0x3a, 0xc8, 0x0f, - 0x7d, 0x3c, 0xf7, 0x6b, 0x76, 0x38, 0x63, 0xd9, 0x36, 0x60, 0xa8, 0x9b, - 0x5e, 0x5c, 0x00, 0x80, 0xb2, 0x2f, 0x59, 0x7f, 0xf6, 0x87, 0xf9, 0x25, - 0x43, 0x86, 0xe7, 0x69, 0x1b, 0x52, 0x9a, 0x90, 0xe1, 0x71, 0xe3, 0xd8, - 0x2d, 0x0d, 0x4e, 0x6f, 0xf6, 0xc8, 0x49, 0xd9, 0xb6, 0xf3, 0x1a, 0x56, - 0xae, 0x2b, 0xb6, 0x74, 0x14, 0xeb, 0xcf, 0xfb, 0x26, 0xe3, 0x1a, 0xba, - 0x1d, 0x96, 0x2e, 0x6a, 0x3b, 0x58, 0x94, 0x89, 0x47, 0x56, 0xff, 0x25, - 0xa0, 0x93, 0x70, 0x53, 0x83, 0xda, 0x84, 0x74, 0x14, 0xc3, 0x67, 0x9e, - 0x04, 0x68, 0x3a, 0xdf, 0x8e, 0x40, 0x5a, 0x1d, 0x4a, 0x4e, 0xcf, 0x43, - 0x91, 0x3b, 0xe7, 0x56, 0xd6, 0x00, 0x70, 0xcb, 0x52, 0xee, 0x7b, 0x7d, - 0xae, 0x3a, 0xe7, 0xbc, 0x31, 0xf9, 0x45, 0xf6, 0xc2, 0x60, 0xcf, 0x13, - 0x59, 0x02, 0x2b, 0x80, 0xcc, 0x34, 0x47, 0xdf, 0xb9, 0xde, 0x90, 0x65, - 0x6d, 0x02, 0xcf, 0x2c, 0x91, 0xa6, 0xa6, 0xe7, 0xde, 0x85, 0x18, 0x49, - 0x7c, 0x66, 0x4e, 0xa3, 0x3a, 0x6d, 0xa9, 0xb5, 0xee, 0x34, 0x2e, 0xba, - 0x0d, 0x03, 0xb8, 0x33, 0xdf, 0x47, 0xeb, 0xb1, 0x6b, 0x8d, 0x25, 0xd9, - 0x9b, 0xce, 0x81, 0xd1, 0x45, 0x46, 0x32, 0x96, 0x70, 0x87, 0xde, 0x02, - 0x0e, 0x49, 0x43, 0x85, 0xb6, 0x6c, 0x73, 0xbb, 0x64, 0xea, 0x61, 0x41, - 0xac, 0xc9, 0xd4, 0x54, 0xdf, 0x87, 0x2f, 0xc7, 0x22, 0xb2, 0x26, 0xcc, - 0x9f, 0x59, 0x54, 0x68, 0x9f, 0xfc, 0xbe, 0x2a, 0x2f, 0xc4, 0x55, 0x1c, - 0x75, 0x40, 0x60, 0x17, 0x85, 0x02, 0x55, 0x39, 0x8b, 0x7f, 0x05, 0x02, - 0x03, 0x01, 0x00, 0x01 + 0x69, 0x65, 0x73, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x32, 0x30, + 0x30, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x29, 0x53, 0x74, 0x61, 0x72, + 0x66, 0x69, 0x65, 0x6c, 0x64, 0x20, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x20, + 0x32, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, + 0x79, 0x30, 0x82, 0x01, 0x20, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0d, + 0x00, 0x30, 0x82, 0x01, 0x08, 0x02, 0x82, 0x01, 0x01, 0x00, 0xb7, 0x32, + 0xc8, 0xfe, 0xe9, 0x71, 0xa6, 0x04, 0x85, 0xad, 0x0c, 0x11, 0x64, 0xdf, + 0xce, 0x4d, 0xef, 0xc8, 0x03, 0x18, 0x87, 0x3f, 0xa1, 0xab, 0xfb, 0x3c, + 0xa6, 0x9f, 0xf0, 0xc3, 0xa1, 0xda, 0xd4, 0xd8, 0x6e, 0x2b, 0x53, 0x90, + 0xfb, 0x24, 0xa4, 0x3e, 0x84, 0xf0, 0x9e, 0xe8, 0x5f, 0xec, 0xe5, 0x27, + 0x44, 0xf5, 0x28, 0xa6, 0x3f, 0x7b, 0xde, 0xe0, 0x2a, 0xf0, 0xc8, 0xaf, + 0x53, 0x2f, 0x9e, 0xca, 0x05, 0x01, 0x93, 0x1e, 0x8f, 0x66, 0x1c, 0x39, + 0xa7, 0x4d, 0xfa, 0x5a, 0xb6, 0x73, 0x04, 0x25, 0x66, 0xeb, 0x77, 0x7f, + 0xe7, 0x59, 0xc6, 0x4a, 0x99, 0x25, 0x14, 0x54, 0xeb, 0x26, 0xc7, 0xf3, + 0x7f, 0x19, 0xd5, 0x30, 0x70, 0x8f, 0xaf, 0xb0, 0x46, 0x2a, 0xff, 0xad, + 0xeb, 0x29, 0xed, 0xd7, 0x9f, 0xaa, 0x04, 0x87, 0xa3, 0xd4, 0xf9, 0x89, + 0xa5, 0x34, 0x5f, 0xdb, 0x43, 0x91, 0x82, 0x36, 0xd9, 0x66, 0x3c, 0xb1, + 0xb8, 0xb9, 0x82, 0xfd, 0x9c, 0x3a, 0x3e, 0x10, 0xc8, 0x3b, 0xef, 0x06, + 0x65, 0x66, 0x7a, 0x9b, 0x19, 0x18, 0x3d, 0xff, 0x71, 0x51, 0x3c, 0x30, + 0x2e, 0x5f, 0xbe, 0x3d, 0x77, 0x73, 0xb2, 0x5d, 0x06, 0x6c, 0xc3, 0x23, + 0x56, 0x9a, 0x2b, 0x85, 0x26, 0x92, 0x1c, 0xa7, 0x02, 0xb3, 0xe4, 0x3f, + 0x0d, 0xaf, 0x08, 0x79, 0x82, 0xb8, 0x36, 0x3d, 0xea, 0x9c, 0xd3, 0x35, + 0xb3, 0xbc, 0x69, 0xca, 0xf5, 0xcc, 0x9d, 0xe8, 0xfd, 0x64, 0x8d, 0x17, + 0x80, 0x33, 0x6e, 0x5e, 0x4a, 0x5d, 0x99, 0xc9, 0x1e, 0x87, 0xb4, 0x9d, + 0x1a, 0xc0, 0xd5, 0x6e, 0x13, 0x35, 0x23, 0x5e, 0xdf, 0x9b, 0x5f, 0x3d, + 0xef, 0xd6, 0xf7, 0x76, 0xc2, 0xea, 0x3e, 0xbb, 0x78, 0x0d, 0x1c, 0x42, + 0x67, 0x6b, 0x04, 0xd8, 0xf8, 0xd6, 0xda, 0x6f, 0x8b, 0xf2, 0x44, 0xa0, + 0x01, 0xab, 0x02, 0x01, 0x03, 0x00, 0x9b, 0x01, 0x26, 0x30, 0x81, 0x98, + 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, + 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, + 0x41, 0x72, 0x69, 0x7a, 0x6f, 0x6e, 0x61, 0x31, 0x13, 0x30, 0x11, 0x06, + 0x03, 0x55, 0x04, 0x07, 0x13, 0x0a, 0x53, 0x63, 0x6f, 0x74, 0x74, 0x73, + 0x64, 0x61, 0x6c, 0x65, 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55, 0x04, + 0x0a, 0x13, 0x1c, 0x53, 0x74, 0x61, 0x72, 0x66, 0x69, 0x65, 0x6c, 0x64, + 0x20, 0x54, 0x65, 0x63, 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x69, 0x65, + 0x73, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x3b, 0x30, 0x39, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x13, 0x32, 0x53, 0x74, 0x61, 0x72, 0x66, 0x69, + 0x65, 0x6c, 0x64, 0x20, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, + 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, + 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, + 0x69, 0x74, 0x79, 0x20, 0x2d, 0x20, 0x47, 0x32, 0x30, 0x82, 0x01, 0x22, + 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, + 0x02, 0x82, 0x01, 0x01, 0x00, 0xd5, 0x0c, 0x3a, 0xc4, 0x2a, 0xf9, 0x4e, + 0xe2, 0xf5, 0xbe, 0x19, 0x97, 0x5f, 0x8e, 0x88, 0x53, 0xb1, 0x1f, 0x3f, + 0xcb, 0xcf, 0x9f, 0x20, 0x13, 0x6d, 0x29, 0x3a, 0xc8, 0x0f, 0x7d, 0x3c, + 0xf7, 0x6b, 0x76, 0x38, 0x63, 0xd9, 0x36, 0x60, 0xa8, 0x9b, 0x5e, 0x5c, + 0x00, 0x80, 0xb2, 0x2f, 0x59, 0x7f, 0xf6, 0x87, 0xf9, 0x25, 0x43, 0x86, + 0xe7, 0x69, 0x1b, 0x52, 0x9a, 0x90, 0xe1, 0x71, 0xe3, 0xd8, 0x2d, 0x0d, + 0x4e, 0x6f, 0xf6, 0xc8, 0x49, 0xd9, 0xb6, 0xf3, 0x1a, 0x56, 0xae, 0x2b, + 0xb6, 0x74, 0x14, 0xeb, 0xcf, 0xfb, 0x26, 0xe3, 0x1a, 0xba, 0x1d, 0x96, + 0x2e, 0x6a, 0x3b, 0x58, 0x94, 0x89, 0x47, 0x56, 0xff, 0x25, 0xa0, 0x93, + 0x70, 0x53, 0x83, 0xda, 0x84, 0x74, 0x14, 0xc3, 0x67, 0x9e, 0x04, 0x68, + 0x3a, 0xdf, 0x8e, 0x40, 0x5a, 0x1d, 0x4a, 0x4e, 0xcf, 0x43, 0x91, 0x3b, + 0xe7, 0x56, 0xd6, 0x00, 0x70, 0xcb, 0x52, 0xee, 0x7b, 0x7d, 0xae, 0x3a, + 0xe7, 0xbc, 0x31, 0xf9, 0x45, 0xf6, 0xc2, 0x60, 0xcf, 0x13, 0x59, 0x02, + 0x2b, 0x80, 0xcc, 0x34, 0x47, 0xdf, 0xb9, 0xde, 0x90, 0x65, 0x6d, 0x02, + 0xcf, 0x2c, 0x91, 0xa6, 0xa6, 0xe7, 0xde, 0x85, 0x18, 0x49, 0x7c, 0x66, + 0x4e, 0xa3, 0x3a, 0x6d, 0xa9, 0xb5, 0xee, 0x34, 0x2e, 0xba, 0x0d, 0x03, + 0xb8, 0x33, 0xdf, 0x47, 0xeb, 0xb1, 0x6b, 0x8d, 0x25, 0xd9, 0x9b, 0xce, + 0x81, 0xd1, 0x45, 0x46, 0x32, 0x96, 0x70, 0x87, 0xde, 0x02, 0x0e, 0x49, + 0x43, 0x85, 0xb6, 0x6c, 0x73, 0xbb, 0x64, 0xea, 0x61, 0x41, 0xac, 0xc9, + 0xd4, 0x54, 0xdf, 0x87, 0x2f, 0xc7, 0x22, 0xb2, 0x26, 0xcc, 0x9f, 0x59, + 0x54, 0x68, 0x9f, 0xfc, 0xbe, 0x2a, 0x2f, 0xc4, 0x55, 0x1c, 0x75, 0x40, + 0x60, 0x17, 0x85, 0x02, 0x55, 0x39, 0x8b, 0x7f, 0x05, 0x02, 0x03, 0x01, + 0x00, 0x01 }; #elif defined (ARDUINO_EDGE_CONTROL) From 91a43380be6ac70eb83063f104dc55b9b1ae2360 Mon Sep 17 00:00:00 2001 From: pennam Date: Wed, 24 Apr 2024 09:07:22 +0200 Subject: [PATCH 10/11] BearSSL Trust Anchors: remove ces.iot.arduino.cc --- src/tls/BearSSLTrustAnchors.h | 36 ++--------------------------------- 1 file changed, 2 insertions(+), 34 deletions(-) diff --git a/src/tls/BearSSLTrustAnchors.h b/src/tls/BearSSLTrustAnchors.h index 802dff3a5..3646b6e8f 100644 --- a/src/tls/BearSSLTrustAnchors.h +++ b/src/tls/BearSSLTrustAnchors.h @@ -55,26 +55,7 @@ static const unsigned char TA0_EC_Q[] = { 0x42, 0x89, 0x89, 0x55, 0x22 }; -static const unsigned char TA1_DN[] = { - 0x30, 0x50, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, - 0x02, 0x55, 0x53, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0A, - 0x13, 0x0E, 0x41, 0x72, 0x64, 0x75, 0x69, 0x6E, 0x6F, 0x20, 0x4C, 0x4C, - 0x43, 0x20, 0x55, 0x53, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, - 0x0B, 0x13, 0x02, 0x49, 0x54, 0x31, 0x1B, 0x30, 0x19, 0x06, 0x03, 0x55, - 0x04, 0x03, 0x13, 0x12, 0x63, 0x65, 0x73, 0x2E, 0x69, 0x6F, 0x74, 0x2E, - 0x61, 0x72, 0x64, 0x75, 0x69, 0x6E, 0x6F, 0x2E, 0x63, 0x63 -}; - -static const unsigned char TA1_EC_Q[] = { - 0x04, 0x57, 0x4A, 0xF7, 0xFB, 0x20, 0x2A, 0x1E, 0xBD, 0x98, 0xD5, 0xA8, - 0xFF, 0xD4, 0xEF, 0x7B, 0x90, 0xB9, 0x37, 0xA0, 0xB7, 0x00, 0x16, 0x09, - 0x57, 0x3C, 0xD5, 0x92, 0x42, 0xAA, 0x9F, 0x78, 0xCF, 0xD5, 0x54, 0x21, - 0xE6, 0x28, 0x89, 0x73, 0x2A, 0x4E, 0xC3, 0x9D, 0xBC, 0x10, 0x57, 0x79, - 0x91, 0x87, 0x93, 0xD8, 0xAE, 0x15, 0xA7, 0xDB, 0x79, 0x56, 0x4D, 0x5F, - 0x96, 0x8D, 0xE3, 0xDC, 0x51 -}; - -static const br_x509_trust_anchor ArduinoIoTCloudTrustAnchor[2] = { +static const br_x509_trust_anchor ArduinoIoTCloudTrustAnchor[1] = { { { (unsigned char *)TA0_DN, sizeof TA0_DN }, BR_X509_TA_CA, @@ -87,23 +68,10 @@ static const br_x509_trust_anchor ArduinoIoTCloudTrustAnchor[2] = { } } } - }, - { - { (unsigned char *)TA1_DN, sizeof TA1_DN }, - 0, - { - BR_KEYTYPE_EC, - { - .ec = { - BR_EC_secp256r1, - (unsigned char *)TA1_EC_Q, sizeof TA1_EC_Q, - } - } - } } }; -#define ArduinoIoTCloudTrustAnchor_NUM (2) +#define ArduinoIoTCloudTrustAnchor_NUM (1) #endif /* #ifdef BOARD_HAS_ECCX08 */ From a4719bbbdf982aa2396c6c8f289aef67e8a26e76 Mon Sep 17 00:00:00 2001 From: pennam Date: Wed, 24 Apr 2024 09:13:33 +0200 Subject: [PATCH 11/11] UNO R4 WiFi: remove unused certificate bundle --- src/tls/AIoTCUPCert.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tls/AIoTCUPCert.h b/src/tls/AIoTCUPCert.h index 1e942bcb8..5c933da03 100644 --- a/src/tls/AIoTCUPCert.h +++ b/src/tls/AIoTCUPCert.h @@ -24,7 +24,7 @@ ******************************************************************************/ #include -#if defined(ARDUINO_ARCH_ESP32) || defined(ARDUINO_UNOR4_WIFI) +#if defined(ARDUINO_ARCH_ESP32) /****************************************************************************** * CONSTANTS