Merge pull request #253 from pennam/soft_se

Add software AT secure element support

Author: pennam

Diff for: .github/workflows/compile-examples.yml

@@ -95,6 +95,7 @@ jobs:
               - libraries/WiFiS3
               - libraries/OTAUpdate
               - libraries/OPAMP
+              - libraries/SoftwareATSE
               - libraries/Preferences
           - board:
               fqbn: "arduino-git:renesas:minima"

Diff for: libraries/SoftwareATSE/.unor4_only

@@ -0,0 +1,85 @@
+/*
+  Software Secure Element Certificate
+
+  This sketch uses the Software Secure Element to store device certificate and read it back.
+
+  Circuit:
+   - UNO R4 WiFi
+*/
+
+#include <SoftwareATSE.h>
+
+const byte certificate[410] = {
+  0x30 ,0x82 ,0x01 ,0x96 ,0x30 ,0x82 ,0x01 ,0x3D ,0xA0 ,0x03 ,0x02 ,0x01 ,0x02 ,0x02 ,0x10 ,0x37,
+  0xFE ,0x48 ,0x92 ,0xE6 ,0xC0 ,0xA0 ,0x64 ,0x68 ,0x91 ,0x66 ,0x5F ,0x7D ,0xE3 ,0x02 ,0xDE ,0x30,
+  0x0A ,0x06 ,0x08 ,0x2A ,0x86 ,0x48 ,0xCE ,0x3D ,0x04 ,0x03 ,0x02 ,0x30 ,0x45 ,0x31 ,0x0B ,0x30,
+  0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x17 ,0x30 ,0x15 ,0x06 ,0x03,
+  0x55 ,0x04 ,0x0A ,0x13 ,0x0E ,0x41 ,0x72 ,0x64 ,0x75 ,0x69 ,0x6E ,0x6F ,0x20 ,0x4C ,0x4C ,0x43,
+  0x20 ,0x55 ,0x53 ,0x31 ,0x0B ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x0B ,0x13 ,0x02 ,0x49 ,0x54,
+  0x31 ,0x10 ,0x30 ,0x0E ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 ,0x13 ,0x07 ,0x41 ,0x72 ,0x64 ,0x75 ,0x69,
+  0x6E ,0x6F ,0x30 ,0x20 ,0x17 ,0x0D ,0x32 ,0x33 ,0x30 ,0x33 ,0x33 ,0x31 ,0x30 ,0x37 ,0x30 ,0x30,
+  0x30 ,0x30 ,0x5A ,0x18 ,0x0F ,0x32 ,0x30 ,0x35 ,0x34 ,0x30 ,0x33 ,0x33 ,0x31 ,0x30 ,0x37 ,0x30,
+  0x30 ,0x30 ,0x30 ,0x5A ,0x30 ,0x2F ,0x31 ,0x2D ,0x30 ,0x2B ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 ,0x13,
+  0x24 ,0x37 ,0x61 ,0x31 ,0x39 ,0x39 ,0x65 ,0x62 ,0x30 ,0x2D ,0x38 ,0x33 ,0x64 ,0x38 ,0x2D ,0x34,
+  0x63 ,0x34 ,0x34 ,0x2D ,0x39 ,0x66 ,0x66 ,0x32 ,0x2D ,0x30 ,0x32 ,0x33 ,0x35 ,0x37 ,0x38 ,0x30,
+  0x31 ,0x35 ,0x64 ,0x33 ,0x39 ,0x30 ,0x59 ,0x30 ,0x13 ,0x06 ,0x07 ,0x2A ,0x86 ,0x48 ,0xCE ,0x3D,
+  0x02 ,0x01 ,0x06 ,0x08 ,0x2A ,0x86 ,0x48 ,0xCE ,0x3D ,0x03 ,0x01 ,0x07 ,0x03 ,0x42 ,0x00 ,0x04,
+  0x60 ,0x53 ,0x94 ,0x10 ,0x8C ,0xA6 ,0xB6 ,0xC8 ,0xD2 ,0x05 ,0x22 ,0x61 ,0xD9 ,0x5D ,0xF8 ,0xDB,
+  0xD1 ,0xF4 ,0xE4 ,0xAC ,0xC9 ,0x96 ,0x8E ,0xFF ,0xB8 ,0x7E ,0x0D ,0xDC ,0xA1 ,0xB8 ,0x0F ,0x4C,
+  0xF5 ,0x66 ,0x68 ,0xF0 ,0xF4 ,0xF0 ,0x70 ,0xF3 ,0xF6 ,0xFD ,0x70 ,0xD2 ,0x7A ,0xFB ,0x20 ,0x70,
+  0x30 ,0x82 ,0x5F ,0x34 ,0xF8 ,0x2A ,0x1B ,0xC5 ,0xB1 ,0x38 ,0xE5 ,0xA5 ,0xF7 ,0xC7 ,0xB4 ,0x62,
+  0xA3 ,0x23 ,0x30 ,0x21 ,0x30 ,0x1F ,0x06 ,0x03 ,0x55 ,0x1D ,0x23 ,0x04 ,0x18 ,0x30 ,0x16 ,0x80,
+  0x14 ,0x5B ,0x3E ,0x2A ,0x6B ,0x8E ,0xC9 ,0xB0 ,0x1A ,0xA8 ,0x54 ,0xE6 ,0x36 ,0x9B ,0x8C ,0x09,
+  0xF9 ,0xFC ,0xE1 ,0xB9 ,0x80 ,0x30 ,0x0A ,0x06 ,0x08 ,0x2A ,0x86 ,0x48 ,0xCE ,0x3D ,0x04 ,0x03,
+  0x02 ,0x03 ,0x47 ,0x00 ,0x30 ,0x44 ,0x02 ,0x20 ,0x16 ,0x85 ,0x8A ,0x58 ,0x07 ,0x28 ,0xEF ,0x6D,
+  0x93 ,0x86 ,0xA0 ,0x0E ,0xC8 ,0xB0 ,0x0A ,0xAD ,0x3B ,0xCE ,0xBB ,0x6A ,0x19 ,0x94 ,0xF9 ,0xD3,
+  0x05 ,0x2E ,0x15 ,0xF1 ,0x5E ,0x9F ,0x59 ,0xD2 ,0x02 ,0x20 ,0x45 ,0x30 ,0x88 ,0x1D ,0x24 ,0xDA,
+  0xE4 ,0x60 ,0xE2 ,0xD0 ,0x6E ,0x02 ,0xB0 ,0x7D ,0x65 ,0xA8 ,0x09 ,0x63 ,0x0B ,0x44 ,0xBC ,0x24,
+  0x1A ,0xE2 ,0xEC ,0x64 ,0x19 ,0xB4 ,0x59 ,0xB8 ,0x09 ,0x78
+};
+
+void printBufferHex(const byte input[], size_t inputLength) {
+    Serial.println(inputLength);
+  for (size_t i = 0; i < inputLength; i++) {
+    Serial.print(input[i] >> 4, HEX);
+    Serial.print(input[i] & 0x0f, HEX);
+  }
+  Serial.println();
+}
+
+void setup() {
+  Serial.begin(9600);
+  while (!Serial);
+
+  if (!SATSE.begin()) {
+    Serial.println("Failed to communicate with Software Secure Element!");
+    Serial.println("Make sure your WiFi firmware version is greater than 0.3.0");
+    while (1);
+  }
+
+  const int certId = 799;
+
+  if(SATSE.writeSlot(certId, certificate, sizeof(certificate))) {
+    Serial.println("Data stored");
+  } else {
+    Serial.println("Failed to store data");
+    return;
+  }
+
+  byte buf[512];
+  int ret = 0;
+
+  if((ret = SATSE.readSlot(certId, buf, sizeof(buf))) > 0) {
+    Serial.print("Readback data is:                ");
+    int len = (buf[2] << 8) + buf[3] + 4;
+    printBufferHex(buf, len);
+  } else {
+    Serial.println("Failed to read data");
+    return;
+  }
+
+}
+
+void loop() {
+
+}

Diff for: libraries/SoftwareATSE/examples/SATSECertificate/SATSECertificate.ino

@@ -0,0 +1,44 @@
+/*
+  Software Secure Element Private Key
+
+  This sketch uses the Software Secure Element to generate a new EC NIST P-256 keypair
+  and store it with id 999, then the public key is printed in raw format.
+
+  Circuit:
+   - UNO R4 WiFi
+*/
+
+#include <SoftwareATSE.h>
+#include <Wire.h>
+
+const int KeyId = 999;
+byte rawBuf[64];
+
+void printBufferHex(const byte input[], size_t inputLength) {
+  for (size_t i = 0; i < inputLength; i++) {
+    Serial.print(input[i] >> 4, HEX);
+    Serial.print(input[i] & 0x0f, HEX);
+  }
+  Serial.println();
+}
+
+void setup() {
+  Serial.begin(9600);
+  while (!Serial);
+
+  if (!SATSE.begin()) {
+    Serial.println("Failed to communicate with Software Secure Element!");
+    Serial.println("Make sure your WiFi firmware version is greater than 0.3.0");
+    while (1);
+  }
+
+  SATSE.generatePrivateKey(KeyId, rawBuf);
+  printBufferHex(rawBuf, sizeof(rawBuf));
+
+}
+
+void loop() {
+  SATSE.generatePublicKey(KeyId, rawBuf);
+  printBufferHex(rawBuf, sizeof(rawBuf));
+  delay(5000);
+}

Diff for: libraries/SoftwareATSE/examples/SATSEPrivateKey/SATSEPrivateKey.ino

@@ -0,0 +1,29 @@
+/*
+  Software Secure Element Random Number
+
+  This sketch uses the Software Secure Element to generate a random number
+  every second and print it to the Serial monitor
+
+  Circuit:
+   - UNO R4 WiFi
+*/
+
+#include <SoftwareATSE.h>
+
+void setup() {
+  Serial.begin(9600);
+  while (!Serial);
+
+  if (!SATSE.begin()) {
+    Serial.println("Failed to communicate with Software Secure Element!");
+    Serial.println("Make sure your WiFi firmware version is greater than 0.3.0");
+    while (1);
+  }
+}
+
+void loop() {
+  Serial.print("Random number = ");
+  Serial.println(SATSE.random(65535));
+
+  delay(1000);
+}

Diff for: libraries/SoftwareATSE/examples/SATSERandomNumber/SATSERandomNumber.ino

@@ -0,0 +1,29 @@
+/*
+  Software Secure Element serial number
+
+  This sketch prints the Software Secure Element serial number:
+  ESP32-S3-MINI-1 efuse mac address
+
+  Circuit:
+   - UNO R4 WiFi
+*/
+
+#include <SoftwareATSE.h>
+
+void setup() {
+  Serial.begin(9600);
+  while (!Serial);
+
+  if (!SATSE.begin()) {
+    Serial.println("Failed to communicate with Software Secure Element!");
+    Serial.println("Make sure your WiFi firmware version is greater than 0.3.0");
+    while (1);
+  }
+}
+
+void loop() {
+  Serial.print("S/N = ");
+  Serial.println(SATSE.serialNumber());
+
+  delay(1000);
+}

Diff for: libraries/SoftwareATSE/examples/SATSESerialNumber/SATSESerialNumber.ino

@@ -0,0 +1,84 @@
+/*
+  Software Secure Element SignAndVerify
+
+  This sketch uses the Software Secure Element to generate a new EC NIST P-256 keypair
+  and store it with id 999, then input buffer SHA256 is signed with the private
+  key and verified with the public key.
+
+  Circuit:
+   - UNO R4 WiFi
+*/
+
+#include <SoftwareATSE.h>
+
+const byte input[64] = {
+  0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+  0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+  0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+  0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f
+};
+
+void printBufferHex(const byte input[], size_t inputLength) {
+  for (size_t i = 0; i < inputLength; i++) {
+    Serial.print(input[i] >> 4, HEX);
+    Serial.print(input[i] & 0x0f, HEX);
+  }
+  Serial.println();
+}
+
+void setup() {
+  Serial.begin(9600);
+  while (!Serial);
+
+  if (!SATSE.begin()) {
+    Serial.println("Failed to communicate with Software Secure Element!");
+    Serial.println("Make sure your WiFi firmware version is greater than 0.3.0");
+    while (1);
+  }
+
+  const int KeyId = 999;
+  byte pubKey[256];
+
+  SATSE.generatePrivateKey(KeyId, pubKey);
+
+  // print the public key
+  Serial.print("Public key is:                ");
+  printBufferHex(pubKey, 64);
+
+  // print the input
+  Serial.print("Input is:                     ");
+  printBufferHex(input, sizeof(input));
+
+  // calculate the input SHA256
+  byte sha256[256];
+  size_t sha256Len;
+  SATSE.SHA256(input, sizeof(input), sha256);
+  Serial.print("Input SHA256 is:              ");
+  printBufferHex(sha256, 32);
+
+  // calculate the signature, input MUST be SHA256
+  byte signature[256];
+  SATSE.ecSign(KeyId, sha256, signature);
+
+  // print the signature
+  Serial.print("Signature using KeyId ");
+  Serial.print(KeyId);
+  Serial.print(" is: ");
+  printBufferHex(signature, 64);
+
+  Serial.println();
+
+  // To make the signature verifcation fail, uncomment the next line:
+  //  signature[0] = 0x00;
+
+  // validate the signature
+  if (SATSE.ecdsaVerify(sha256, signature, pubKey)) {
+    Serial.println("Verified signature successfully :D");
+  } else {
+    Serial.println("oh no! failed to verify signature :(");
+  }
+}
+
+void loop() {
+
+}

Diff for: libraries/SoftwareATSE/examples/SATSESignAndVerify/SATSESignAndVerify.ino

@@ -0,0 +1,9 @@
+name=SoftwareATSE
+version=0.0.1
+author=Arduino
+maintainer=Arduino <[email protected]>
+sentence=Arduino Library implementing base secure element functions in software
+paragraph=
+category=Communication
+url=
+architectures=renesas,renesas_uno