forked from arduino-libraries/Arduino_SecureElement
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathCertificateSigningRequest.ino
156 lines (117 loc) · 4.02 KB
/
CertificateSigningRequest.ino
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
/*
Generate CSR (Certificate Signing Request)
This sketch can be used to generate a CSR for a private key
generated in an ECC508/ECC608 or SE050 crypto chip slot.
If the SecureElement is not configured and locked it prompts
the user to configure and lock the chip with a default TLS
configuration.
The user is prompted for the following information that is contained
in the generated CSR:
- country
- state or province
- locality
- organization
- organizational unit
- common name
The user can also select a slot number to use for the private key
A new private key can also be generated in this slot.
The circuit:
- A board equipped with ECC508 or ECC608 or SE050 chip
This example code is in the public domain.
*/
#include <Arduino_SecureElement.h>
#include <utility/SElementCSR.h>
void setup() {
Serial.begin(9600);
while (!Serial);
SecureElement secureElement;
if (!secureElement.begin()) {
Serial.println("No SecureElement present!");
while (1);
}
String serialNumber = secureElement.serialNumber();
Serial.print("SecureElement Serial Number = ");
Serial.println(serialNumber);
Serial.println();
if (!secureElement.locked()) {
String lock = promptAndReadLine("The SecureElement on your board is not locked, would you like to PERMANENTLY configure and lock it now? (y/N)", "N");
lock.toLowerCase();
if (!lock.startsWith("y")) {
Serial.println("Unfortunately you can't proceed without locking it :(");
while (1);
}
if (!secureElement.writeConfiguration()) {
Serial.println("Writing SecureElement configuration failed!");
while (1);
}
if (!secureElement.lock()) {
Serial.println("Locking SecureElement configuration failed!");
while (1);
}
Serial.println("SecureElement locked successfully");
Serial.println();
}
Serial.println("Hi there, in order to generate a new CSR for your board, we'll need the following information ...");
Serial.println();
String country = promptAndReadLine("Country Name (2 letter code)", "");
String stateOrProvince = promptAndReadLine("State or Province Name (full name)", "");
String locality = promptAndReadLine("Locality Name (eg, city)", "");
String organization = promptAndReadLine("Organization Name (eg, company)", "");
String organizationalUnit = promptAndReadLine("Organizational Unit Name (eg, section)", "");
String common = promptAndReadLine("Common Name (e.g. server FQDN or YOUR name)", serialNumber.c_str());
String slot = promptAndReadLine("What slot would you like to use? (0 - 4)", "0");
String generateNewKey = promptAndReadLine("Would you like to generate a new private key? (Y/n)", "Y");
Serial.println();
generateNewKey.toLowerCase();
ECP256Certificate CSR;
CSR.begin();
CSR.setSubjectCountryName(country);
CSR.setSubjectStateProvinceName(stateOrProvince);
CSR.setSubjectLocalityName(locality);
CSR.setSubjectOrganizationName(organization);
CSR.setSubjectOrganizationalUnitName(organizationalUnit);
CSR.setSubjectCommonName(common);
if (!SElementCSR::build(secureElement, CSR, slot.toInt(), generateNewKey.startsWith("y"))) {
Serial.println("Error starting CSR generation!");
while (1);
}
String csr = CSR.getCSRPEM();
if (!csr) {
Serial.println("Error generating CSR!");
while (1);
}
Serial.println("Here's your CSR, enjoy!");
Serial.println();
Serial.println(csr);
}
void loop() {
// do nothing
}
String promptAndReadLine(const char* prompt, const char* defaultValue) {
Serial.print(prompt);
Serial.print(" [");
Serial.print(defaultValue);
Serial.print("]: ");
String s = readLine();
if (s.length() == 0) {
s = defaultValue;
}
Serial.println(s);
return s;
}
String readLine() {
String line;
while (1) {
if (Serial.available()) {
char c = Serial.read();
if (c == '\r') {
// ignore
continue;
} else if (c == '\n') {
break;
}
line += c;
}
}
return line;
}