From 7342403927c49ae7c4968d995728c450f7e82b1b Mon Sep 17 00:00:00 2001 From: Alberto Iannaccone Date: Wed, 22 Aug 2018 17:52:58 +0200 Subject: [PATCH 1/3] add authority key identifier and put the thing id in the subject common name --- src/sketches/provisioning.ino.js | 48 +++++++++++++++++--------------- 1 file changed, 25 insertions(+), 23 deletions(-) diff --git a/src/sketches/provisioning.ino.js b/src/sketches/provisioning.ino.js index 15fa77b6..7c0a720e 100644 --- a/src/sketches/provisioning.ino.js +++ b/src/sketches/provisioning.ino.js @@ -13,10 +13,10 @@ export const provisioningSketch = { #include #include -const int keySlot = 0; -const int compressedCertSlot = 10; -const int serialNumberSlot = 11; -const int thingIdSlot = 12; +const int keySlot = 0; +const int compressedCertSlot = 10; +const int serialNumberAndAuthorityKeyIdentifierSlot = 11; +const int thingIdSlot = 12; void setup() { Serial.begin(9600); @@ -63,7 +63,8 @@ void setup() { while (1); } - ECCX08Cert.setSubjectCommonName(ECCX08.serialNumber()); + String thingId = promptAndReadLine("Please enter the thing id: "); + ECCX08Cert.setSubjectCommonName(thingId); String csr = ECCX08Cert.endCSR(); @@ -76,37 +77,37 @@ void setup() { Serial.println(); Serial.println(csr); - String thingId = promptAndReadLine("Please enter the thing id: "); - String issueYear = promptAndReadLine("Please enter the issue year of the certificate (2000 - 2031): "); - String issueMonth = promptAndReadLine("Please enter the issue month of the certificate (1 - 12): "); - String issueDay = promptAndReadLine("Please enter the issue day of the certificate (1 - 31): "); - String issueHour = promptAndReadLine("Please enter the issue hour of the certificate (0 - 23): "); - String expireYears = promptAndReadLine("Please enter how many years the certificate is valid for (0 - 31): "); - String serialNumber = promptAndReadLine("Please enter the certificates serial number: "); - String signature = promptAndReadLine("Please enter the certificates signature: "); - - serialNumber.toUpperCase(); - signature.toUpperCase(); + String issueYear = promptAndReadLine("Please enter the issue year of the certificate (2000 - 2031): "); + String issueMonth = promptAndReadLine("Please enter the issue month of the certificate (1 - 12): "); + String issueDay = promptAndReadLine("Please enter the issue day of the certificate (1 - 31): "); + String issueHour = promptAndReadLine("Please enter the issue hour of the certificate (0 - 23): "); + String expireYears = promptAndReadLine("Please enter how many years the certificate is valid for (0 - 31): "); + String serialNumber = promptAndReadLine("Please enter the certificates serial number: "); + String authorityKeyIdentifier = promptAndReadLine("Please enter the certificates authority key identifier: "); + String signature = promptAndReadLine("Please enter the certificates signature: "); byte thingIdBytes[72]; byte serialNumberBytes[16]; + byte authorityKeyIdentifierBytes[20]; byte signatureBytes[64]; thingId.getBytes(thingIdBytes, sizeof(thingIdBytes)); hexStringToBytes(serialNumber, serialNumberBytes, sizeof(serialNumberBytes)); - hexStringToBytes(signature, signatureBytes, 64); + hexStringToBytes(authorityKeyIdentifier, authorityKeyIdentifierBytes, sizeof(authorityKeyIdentifierBytes)); + hexStringToBytes(signature, signatureBytes, sizeof(signatureBytes)); if (!ECCX08.writeSlot(thingIdSlot, thingIdBytes, sizeof(thingIdBytes))) { Serial.println("Error storing thing id!"); while (1); } - if (!ECCX08Cert.beginStorage(compressedCertSlot, serialNumberSlot)) { + if (!ECCX08Cert.beginStorage(compressedCertSlot, serialNumberAndAuthorityKeyIdentifierSlot)) { Serial.println("Error starting ECCX08 storage!"); while (1); } ECCX08Cert.setSignature(signatureBytes); + ECCX08Cert.setAuthorityKeyIdentifier(authorityKeyIdentifierBytes); ECCX08Cert.setSerialNumber(serialNumberBytes); ECCX08Cert.setIssueYear(issueYear.toInt()); ECCX08Cert.setIssueMonth(issueMonth.toInt()); @@ -119,7 +120,7 @@ void setup() { while (1); } - if (!ECCX08Cert.beginReconstruction(keySlot, compressedCertSlot, serialNumberSlot)) { + if (!ECCX08Cert.beginReconstruction(keySlot, compressedCertSlot, serialNumberAndAuthorityKeyIdentifierSlot)) { Serial.println("Error starting ECCX08 cert reconstruction!"); while (1); } @@ -168,9 +169,9 @@ String readLine() { if (Serial.available()) { char c = Serial.read(); - if (c == '\\r') { + if (c == '\r') { // ignore - } else if (c == '\\n') { + } else if (c == '\n') { break; } @@ -183,8 +184,9 @@ String readLine() { return line; } -void hexStringToBytes(const String& in, byte out[], int length) { +void hexStringToBytes(String& in, byte out[], int length) { int inLength = in.length(); + in.toUpperCase(); int outLength = 0; for (int i = 0; i < inLength && outLength < length; i += 2) { @@ -194,7 +196,7 @@ void hexStringToBytes(const String& in, byte out[], int length) { byte highByte = (highChar <= '9') ? (highChar - '0') : (highChar + 10 - 'A'); byte lowByte = (lowChar <= '9') ? (lowChar - '0') : (lowChar + 10 - 'A'); - out[outLength++] = (highByte << 4) | lowByte; + out[outLength++] = (highByte << 4) | (lowByte & 0xF); } } ` From c15d6cf45e56a9f3eb2702e523cbc51f2eb084ff Mon Sep 17 00:00:00 2001 From: Alberto Iannaccone Date: Wed, 22 Aug 2018 17:54:40 +0200 Subject: [PATCH 2/3] store authority key identifier --- src/board-configuration.js | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/src/board-configuration.js b/src/board-configuration.js index 2c843157..379577e7 100644 --- a/src/board-configuration.js +++ b/src/board-configuration.js @@ -90,6 +90,10 @@ export default class BoardConfiguration { partialMessage = ''; this.daemon.writeSerial(board.port, 'y\n'); } + if (partialMessage.indexOf('Please enter the thing id:') !== -1) { + partialMessage = ''; + this.daemon.writeSerial(board.port, `${board.deviceId}\n`); + } const begin = partialMessage.indexOf('-----BEGIN CERTIFICATE REQUEST-----'); const end = partialMessage.indexOf('-----END CERTIFICATE REQUEST-----'); @@ -121,13 +125,13 @@ export default class BoardConfiguration { const notBefore = new Date(compressedCert.not_before); const notAfter = new Date(compressedCert.not_after); // eslint-disable-next-line prefer-template - const answers = board.deviceId + '\n' + - notBefore.getUTCFullYear() + '\n' + + const answers = notBefore.getUTCFullYear() + '\n' + (notBefore.getUTCMonth() + 1) + '\n' + notBefore.getUTCDate() + '\n' + notBefore.getUTCHours() + '\n' + (notAfter.getUTCFullYear() - notBefore.getUTCFullYear()) + '\n' + compressedCert.serial + '\n' + + compressedCert.authority_key_identifier + '\n' + compressedCert.signature + '\n'; this.daemon.writeSerial(board.port, answers); }); @@ -168,7 +172,7 @@ export default class BoardConfiguration { * @param {Object} board contains the board data * @param {function} createDeviceCb used to create the device associated to the user */ - configure(compiledSketch, board, createDeviceCb) { + configure(compiledSketch, board, createDeviceCb, generateCertificateCb) { this.daemon.initUpload(); this.configuring.next({ status: this.CONFIGURE_IN_PROGRESS, msg: 'Uploading provisioning sketch...' }); if (!this.daemon.channelOpen.getValue()) { @@ -196,7 +200,7 @@ export default class BoardConfiguration { this.daemon.uploadingDone.subscribe(() => { this.configuring.next({ status: this.CONFIGURE_IN_PROGRESS, - msg: 'Provisioning sketch uploaded successfully. Opening serial monitor...' + msg: 'Provisioning sketch uploaded successfully. Creating device...' }); this.daemon.serialMonitorOpened.pipe(takeUntil(this.daemon.serialMonitorOpened.pipe(filter(open => open)))) .subscribe(() => { @@ -208,14 +212,14 @@ export default class BoardConfiguration { .then(csr => { this.configuring.next({ status: this.CONFIGURE_IN_PROGRESS, - msg: 'CSR generated. Creating device...' + msg: 'CSR generated. Generating certificate...' }); - return createDeviceCb(csr); + return generateCertificateCb(csr); }) .then(data => { this.configuring.next({ status: this.CONFIGURE_IN_PROGRESS, - msg: 'Device created. Storing certificate...' + msg: 'Certificate generated. Storing certificate...' }); return this.storeCertificate(data.compressed, board); }) @@ -234,7 +238,15 @@ export default class BoardConfiguration { err: error.toString() }); }); - this.daemon.openSerialMonitor(board.port, BAUDRATE); + createDeviceCb() + .then(data => { + this.configuring.next({ + status: this.CONFIGURE_IN_PROGRESS, + msg: 'Device created. Opening serial monitor...' + }); + board.deviceId = data.id; // eslint-disable-line no-param-reassign + this.daemon.openSerialMonitor(board.port, BAUDRATE); + }); }); this.daemon.uploadingError.subscribe(upload => { From 1cf0fd75d33b64b9ac63280af77f178c4edd53f0 Mon Sep 17 00:00:00 2001 From: Alberto Iannaccone Date: Wed, 22 Aug 2018 17:58:22 +0200 Subject: [PATCH 3/3] add backslashes --- src/sketches/provisioning.ino.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/sketches/provisioning.ino.js b/src/sketches/provisioning.ino.js index 7c0a720e..637d65fb 100644 --- a/src/sketches/provisioning.ino.js +++ b/src/sketches/provisioning.ino.js @@ -169,9 +169,9 @@ String readLine() { if (Serial.available()) { char c = Serial.read(); - if (c == '\r') { + if (c == '\\r') { // ignore - } else if (c == '\n') { + } else if (c == '\\n') { break; }