From 5845c217b2983570adc2edbec9b3951145ade063 Mon Sep 17 00:00:00 2001 From: pennam Date: Fri, 11 Mar 2022 13:39:36 +0100 Subject: [PATCH 01/14] Remove read and print serial number of the crypto chip --- firmware/provision/CryptoProvision/CryptoProvision.ino | 4 ---- 1 file changed, 4 deletions(-) diff --git a/firmware/provision/CryptoProvision/CryptoProvision.ino b/firmware/provision/CryptoProvision/CryptoProvision.ino index efbb7d7c..de65e61b 100644 --- a/firmware/provision/CryptoProvision/CryptoProvision.ino +++ b/firmware/provision/CryptoProvision/CryptoProvision.ino @@ -111,7 +111,6 @@ String issueMonth; String issueDay; String issueHour; String expireYears; -String serialNumber; String authorityKeyIdentifier; String signature; @@ -132,9 +131,6 @@ void setup() { } else { Serial1.println("Crypto-element installed"); } - - serialNumber = ECCX08.serialNumber(); - Serial1.println(serialNumber); } void loop() { From 91f6ebafec09e319e483028ceb9076d0bfea407f Mon Sep 17 00:00:00 2001 From: pennam Date: Fri, 11 Mar 2022 14:11:04 +0100 Subject: [PATCH 02/14] Update sketch to make it compatible with SE05X crypto and AduinoIoTCloud library version 1.6.0 --- .../CryptoProvision/CryptoProvision.ino | 85 +++++++++---------- 1 file changed, 42 insertions(+), 43 deletions(-) diff --git a/firmware/provision/CryptoProvision/CryptoProvision.ino b/firmware/provision/CryptoProvision/CryptoProvision.ino index de65e61b..eebadfff 100644 --- a/firmware/provision/CryptoProvision/CryptoProvision.ino +++ b/firmware/provision/CryptoProvision/CryptoProvision.ino @@ -16,21 +16,14 @@ */ #include -#include - -#include - #include "ECCX08TLSConfig.h" #include "uCRC16Lib.h" const uint8_t SKETCH_INFO[] = {0x55, 0xaa, 0x01, 0x00, 0x01, 0xff, 0xaa, 0x55}; const bool DEBUG = true; -const int keySlot = 0; -const int compressedCertSlot = 10; -const int serialNumberAndAuthorityKeyIdentifierSlot = 11; -const int deviceIdSlot = 12; -ECCX08CertClass ECCX08Cert; +ArduinoIoTCloudCertClass Cert; +CryptoUtil Crypto; enum class MESSAGE_TYPE { NONE = 0, COMMAND, DATA, RESPONSE }; enum class COMMAND { @@ -288,18 +281,23 @@ void processCommand() { } if (cmdCode == COMMAND::BEGIN_STORAGE) { Serial1.println("begin storage"); - if (!ECCX08.writeSlot(deviceIdSlot, (const byte*)deviceIDBytes, sizeof(deviceIDBytes))) { + if (!Crypto.writeDeviceId(deviceIDstring, CryptoSlot::DeviceId)) { Serial1.println("Error storing device id!"); char response[] = {char(RESPONSE::RESPONSE_ERROR)}; sendData(MESSAGE_TYPE::RESPONSE, response, 1); return; } - if (!ECCX08Cert.beginStorage(compressedCertSlot, serialNumberAndAuthorityKeyIdentifierSlot)) { - Serial1.println("Error starting ECCX08 storage!"); + if (!Cert.begin()) { + Serial1.println("Error starting Crypto storage!"); char response[] = {char(RESPONSE::RESPONSE_ERROR)}; sendData(MESSAGE_TYPE::RESPONSE, response, 1); return; } + Cert.setSubjectCommonName(deviceIDstring); + Cert.setIssuerCountryName("US"); + Cert.setIssuerOrganizationName("Arduino LLC US"); + Cert.setIssuerOrganizationalUnitName("IT"); + Cert.setIssuerCommonName("Arduino"); char response[] = {char(RESPONSE::RESPONSE_ACK)}; sendData(MESSAGE_TYPE::RESPONSE, response, 1); } @@ -323,7 +321,7 @@ void processCommand() { Serial1.println(); Serial1.print("set Cert YEAR to "); Serial1.println(yearString); - ECCX08Cert.setIssueYear(yearString.toInt()); + Cert.setIssueYear(yearString.toInt()); char response[] = {char(RESPONSE::RESPONSE_ACK)}; sendData(MESSAGE_TYPE::RESPONSE, response, 1); @@ -347,7 +345,7 @@ void processCommand() { Serial1.println(); Serial1.print("set Cert MONTH to "); Serial1.println(monthString); - ECCX08Cert.setIssueMonth(monthString.toInt()); + Cert.setIssueMonth(monthString.toInt()); char response[] = {char(RESPONSE::RESPONSE_ACK)}; sendData(MESSAGE_TYPE::RESPONSE, response, 1); @@ -372,7 +370,7 @@ void processCommand() { Serial1.println(); Serial1.print("set Cert day to "); Serial1.println(dayString); - ECCX08Cert.setIssueDay(dayString.toInt()); + Cert.setIssueDay(dayString.toInt()); char response[] = {char(RESPONSE::RESPONSE_ACK)}; sendData(MESSAGE_TYPE::RESPONSE, response, 1); @@ -397,7 +395,7 @@ void processCommand() { Serial1.println(); Serial1.print("set Cert hour to "); Serial1.println(hourString); - ECCX08Cert.setIssueHour(hourString.toInt()); + Cert.setIssueHour(hourString.toInt()); char response[] = {char(RESPONSE::RESPONSE_ACK)}; sendData(MESSAGE_TYPE::RESPONSE, response, 1); @@ -422,7 +420,7 @@ void processCommand() { Serial1.println(); Serial1.print("set Cert validity to "); Serial1.println(validityString); - ECCX08Cert.setExpireYears(validityString.toInt()); + Cert.setExpireYears(validityString.toInt()); char response[] = {char(RESPONSE::RESPONSE_ACK)}; sendData(MESSAGE_TYPE::RESPONSE, response, 1); @@ -452,7 +450,7 @@ void processCommand() { Serial1.println(certSerialString); - ECCX08Cert.setSerialNumber(certSerialBytes); + Cert.setSerialNumber(certSerialBytes, sizeof(certSerialBytes)); char response[] = {char(RESPONSE::RESPONSE_ACK)}; sendData(MESSAGE_TYPE::RESPONSE, response, 1); @@ -480,7 +478,7 @@ void processCommand() { Serial1.println(authKeyString); - ECCX08Cert.setAuthorityKeyIdentifier(authKeyBytes); + Cert.setAuthorityKeyId(authKeyBytes, sizeof(authKeyBytes)); char response[] = {char(RESPONSE::RESPONSE_ACK)}; sendData(MESSAGE_TYPE::RESPONSE, response, 1); @@ -509,7 +507,7 @@ void processCommand() { Serial1.println(signatureString); - ECCX08Cert.setSignature(signatureBytes); + Cert.setSignature(signatureBytes, sizeof(signatureBytes)); char response[] = {char(RESPONSE::RESPONSE_ACK)}; sendData(MESSAGE_TYPE::RESPONSE, response, 1); @@ -517,8 +515,15 @@ void processCommand() { } if (cmdCode == COMMAND::END_STORAGE) { Serial1.println("end storage"); - if (!ECCX08Cert.endStorage()) { - Serial1.println("Error storing ECCX08 compressed cert!"); + if (!Crypto.buildCert(Cert, CryptoSlot::Key)) { + Serial1.println("Error creating cert!"); + char response[] = {char(RESPONSE::RESPONSE_ERROR)}; + sendData(MESSAGE_TYPE::RESPONSE, response, 1); + return; + } + + if (!Crypto.writeCert(Cert, CryptoSlot::CompressedCertificate)) { + Serial1.println("Error storing Crypto cert!"); char response[] = {char(RESPONSE::RESPONSE_ERROR)}; sendData(MESSAGE_TYPE::RESPONSE, response, 1); return; @@ -531,21 +536,15 @@ void processCommand() { if (cmdCode == COMMAND::RECONSTRUCT_CERT) { - if (!ECCX08Cert.beginReconstruction(keySlot, compressedCertSlot, serialNumberAndAuthorityKeyIdentifierSlot)) { - Serial1.println("Error starting ECCX08 cert reconstruction!"); + if (!Cert.begin()) { + Serial1.println("Error starting Crypto cert reconstruction!"); char response[] = {char(RESPONSE::RESPONSE_ERROR)}; sendData(MESSAGE_TYPE::RESPONSE, response, 1); return; } - ECCX08Cert.setIssuerCountryName("US"); - ECCX08Cert.setIssuerOrganizationName("Arduino LLC US"); - ECCX08Cert.setIssuerOrganizationalUnitName("IT"); - ECCX08Cert.setIssuerCommonName("Arduino"); - ECCX08Cert.setSubjectCommonName((const char*)deviceIDBytes); - - if (!ECCX08Cert.endReconstruction()) { - Serial1.println("Error reconstructing ECCX08 compressed cert!"); + if (!Crypto.readCert(Cert, CryptoSlot::CompressedCertificate)) { + Serial1.println("Error reconstructing Crypto cert!"); char response[] = {char(RESPONSE::RESPONSE_ERROR)}; sendData(MESSAGE_TYPE::RESPONSE, response, 1); return; @@ -553,8 +552,8 @@ void processCommand() { Serial1.println("Compressed cert = "); - const byte *certData = ECCX08Cert.bytes(); - int certLength = ECCX08Cert.length(); + const byte *certData = Cert.bytes(); + int certLength = Cert.length(); for (int i = 0; i < certLength; i++) { byte b = certData[i]; @@ -635,7 +634,7 @@ uint8_t cryptoInit() { unsigned long ecctimeout = 1000; unsigned long beginOfTime = millis(); bool eccOK = 0; - while (!(eccOK = ECCX08.begin()) || (millis() - beginOfTime < ecctimeout)) { + while (!(eccOK = Crypto.begin()) || (millis() - beginOfTime < ecctimeout)) { } Serial1.print("ECC initialised: "); @@ -644,13 +643,13 @@ uint8_t cryptoInit() { } PROVISIONING_ERROR cryptoLock() { - if (!ECCX08.locked()) { + if (!Crypto.locked()) { - if (!ECCX08.writeConfiguration(DEFAULT_ECCX08_TLS_CONFIG)) { + if (!Crypto.writeConfiguration(DEFAULT_ECCX08_TLS_CONFIG)) { return PROVISIONING_ERROR::WRITE_CONFIG_FAIL; } - if (!ECCX08.lock()) { + if (!Crypto.lock()) { return PROVISIONING_ERROR::LOCK_FAIL; } return PROVISIONING_ERROR::LOCK_SUCCESS; @@ -659,20 +658,20 @@ PROVISIONING_ERROR cryptoLock() { } PROVISIONING_ERROR generateCSR() { - if (!ECCX08.locked()) { + if (!Crypto.locked()) { Serial1.println("Chip is not locked"); return PROVISIONING_ERROR::LOCK_FAIL; } Serial1.println("CSR generation in progress"); uint8_t csrSlot = 0; - //ECCX08Cert.beginCSR(0, true); - if (!ECCX08CSR.begin(csrSlot, true)) { + + if (!Cert.begin()) { Serial1.println("Error starting CSR generation!"); return PROVISIONING_ERROR::CSR_GEN_FAIL; } - ECCX08CSR.setCommonName(deviceIDstring); - csr = ECCX08CSR.end(); + Cert.setSubjectCommonName(deviceIDstring); + csr = Cert.getCSRPEM(); if (!csr) { Serial1.println("Error generating CSR!"); return PROVISIONING_ERROR::CSR_GEN_FAIL; From c8a5e1933a6c589d45af05ea0794487823c20ff6 Mon Sep 17 00:00:00 2001 From: pennam Date: Wed, 3 Aug 2022 17:31:36 +0200 Subject: [PATCH 03/14] Fix CSR generation --- .../provision/CryptoProvision/CryptoProvision.ino | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/firmware/provision/CryptoProvision/CryptoProvision.ino b/firmware/provision/CryptoProvision/CryptoProvision.ino index eebadfff..018232da 100644 --- a/firmware/provision/CryptoProvision/CryptoProvision.ino +++ b/firmware/provision/CryptoProvision/CryptoProvision.ino @@ -663,17 +663,22 @@ PROVISIONING_ERROR generateCSR() { return PROVISIONING_ERROR::LOCK_FAIL; } Serial1.println("CSR generation in progress"); - uint8_t csrSlot = 0; if (!Cert.begin()) { - Serial1.println("Error starting CSR generation!"); + Serial1.println("Error initializing CSR data!"); return PROVISIONING_ERROR::CSR_GEN_FAIL; } Cert.setSubjectCommonName(deviceIDstring); + + if (!Crypto.buildCSR(Cert, CryptoSlot::Key, true)) { + Serial.println("Error generating CSR!"); + return PROVISIONING_ERROR::CSR_GEN_FAIL; + } + csr = Cert.getCSRPEM(); if (!csr) { - Serial1.println("Error generating CSR!"); + Serial1.println("Error reading CSR PEM data!"); return PROVISIONING_ERROR::CSR_GEN_FAIL; } Serial1.println(csr.length()); From ca5418adafb04f309e9791bf7296f7c6433f4ee8 Mon Sep 17 00:00:00 2001 From: pennam Date: Thu, 4 Aug 2022 13:29:33 +0200 Subject: [PATCH 04/14] Fix debug print showing the same messages two times --- firmware/provision/CryptoProvision/CryptoProvision.ino | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/firmware/provision/CryptoProvision/CryptoProvision.ino b/firmware/provision/CryptoProvision/CryptoProvision.ino index 018232da..83974759 100644 --- a/firmware/provision/CryptoProvision/CryptoProvision.ino +++ b/firmware/provision/CryptoProvision/CryptoProvision.ino @@ -112,17 +112,17 @@ void setup() { Serial.begin(57600); Serial1.begin(115200); uint8_t cryptoInitOK = cryptoInit(); - if (!cryptoInit()) { + if (!cryptoInitOK) { Serial1.println("FAILED TO DETECT CRYPTO ELEMENT"); while (1); } else { - Serial1.println("Crypto-element installed"); + Serial1.println("Crypto-element initialized"); } if (cryptoLock() != PROVISIONING_ERROR::LOCK_SUCCESS) { Serial1.println("FAILED TO LOCK CRYPTO ELEMENT"); while (1); } else { - Serial1.println("Crypto-element installed"); + Serial1.println("Crypto-element locked"); } } From 9016e0afad7e5e20c42fad92c24fc0b1a286dfa3 Mon Sep 17 00:00:00 2001 From: pennam Date: Thu, 4 Aug 2022 13:31:56 +0200 Subject: [PATCH 05/14] Fix deviceIDstring initialization --- firmware/provision/CryptoProvision/CryptoProvision.ino | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/firmware/provision/CryptoProvision/CryptoProvision.ino b/firmware/provision/CryptoProvision/CryptoProvision.ino index 83974759..10f7b85a 100644 --- a/firmware/provision/CryptoProvision/CryptoProvision.ino +++ b/firmware/provision/CryptoProvision/CryptoProvision.ino @@ -262,11 +262,10 @@ void processCommand() { char charBuffer[2]; for (uint8_t i = 0; i < msgLength - CRC_SIZE - 1; i++) { Serial1.print(deviceIDBytes[i], HEX); - sprintf(charBuffer, "%02x", deviceIDBytes[i]); - deviceIDstring += charBuffer;//String(deviceIDBytes[i], 16); - //deviceIDstring += deviceIDBytes[i]; } + deviceIDstring = String((char*)deviceIDBytes); + Serial1.println(); Serial1.print("request for CSR with device ID "); Serial1.println(deviceIDstring); From 3666fec0b38cd12f43cb3ac6aa3f720f4679e42a Mon Sep 17 00:00:00 2001 From: pennam Date: Thu, 4 Aug 2022 13:34:14 +0200 Subject: [PATCH 06/14] Fix and cleanup certificate serial number parsing --- .../CryptoProvision/CryptoProvision.ino | 20 +++++++++---------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/firmware/provision/CryptoProvision/CryptoProvision.ino b/firmware/provision/CryptoProvision/CryptoProvision.ino index 10f7b85a..d4c3483a 100644 --- a/firmware/provision/CryptoProvision/CryptoProvision.ino +++ b/firmware/provision/CryptoProvision/CryptoProvision.ino @@ -428,28 +428,26 @@ void processCommand() { if (cmdCode == COMMAND::SET_CERT_SERIAL) { // extract payload from [1] to [payloadLength] - // this will be the device_id used to generate a valid CSR + // this will be the certificate serial number included in the device certificate Serial1.println("set CERT Serial"); - byte certSerialBytes[msgLength - CRC_SIZE]; + byte certSerialBytes[msgLength - CRC_SIZE - 1]; for (uint8_t i = 1; i < msgLength - CRC_SIZE; i++) { certSerialBytes[i - 1] = payloadBuffer[i]; } - // clear device ID string - // this will be sent to the host - String certSerialString = ""; Serial1.print("Serial Number from host: "); - char charBuffer[2]; for (uint8_t i = 0; i < msgLength - CRC_SIZE - 1; i++) { Serial1.print(certSerialBytes[i], HEX); - sprintf(charBuffer, "%02X", certSerialBytes[i]); - certSerialString += charBuffer;//String(deviceIDBytes[i], 16); } + Serial1.println(); - Serial1.println(certSerialString); - - Cert.setSerialNumber(certSerialBytes, sizeof(certSerialBytes)); + if(!Cert.setSerialNumber(certSerialBytes, sizeof(certSerialBytes))) { + Serial1.println("set CERT Error"); + char response[] = {char(RESPONSE::RESPONSE_ERROR)}; + sendData(MESSAGE_TYPE::RESPONSE, response, 1); + return; + } char response[] = {char(RESPONSE::RESPONSE_ACK)}; sendData(MESSAGE_TYPE::RESPONSE, response, 1); From 5150db5a741612adef761f77d32a03997558e592 Mon Sep 17 00:00:00 2001 From: pennam Date: Thu, 4 Aug 2022 13:38:06 +0200 Subject: [PATCH 07/14] Fix and cleanup authority key id parsing --- .../CryptoProvision/CryptoProvision.ino | 25 ++++++++----------- 1 file changed, 11 insertions(+), 14 deletions(-) diff --git a/firmware/provision/CryptoProvision/CryptoProvision.ino b/firmware/provision/CryptoProvision/CryptoProvision.ino index d4c3483a..360d9816 100644 --- a/firmware/provision/CryptoProvision/CryptoProvision.ino +++ b/firmware/provision/CryptoProvision/CryptoProvision.ino @@ -454,32 +454,29 @@ void processCommand() { } if (cmdCode == COMMAND::SET_AUTH_KEY) { // extract payload from [1] to [payloadLength] - // this will be the device_id used to generate a valid CSR - Serial1.println("set Auth Key "); - byte authKeyBytes[msgLength - CRC_SIZE]; + // this will be the authority key id included in the device certificate + Serial1.println("set Auth Key Id"); + byte authKeyBytes[msgLength - CRC_SIZE - 1]; for (uint8_t i = 1; i < msgLength - CRC_SIZE; i++) { authKeyBytes[i - 1] = payloadBuffer[i]; } - // clear device ID string - // this will be sent to the host - String authKeyString = ""; - Serial1.print("Authority Key from host: "); - char charBuffer[2]; + Serial1.print("Authority Key Id from host: "); for (uint8_t i = 0; i < msgLength - CRC_SIZE - 1; i++) { Serial1.print(authKeyBytes[i], HEX); - sprintf(charBuffer, "%02X", authKeyBytes[i]); - authKeyString += charBuffer;//String(deviceIDBytes[i], 16); } + Serial1.println(); - Serial1.println(authKeyString); - - Cert.setAuthorityKeyId(authKeyBytes, sizeof(authKeyBytes)); + if(!Cert.setAuthorityKeyId(authKeyBytes, sizeof(authKeyBytes))) { + Serial1.println("set AuthorityKeyId Error"); + char response[] = {char(RESPONSE::RESPONSE_ERROR)}; + sendData(MESSAGE_TYPE::RESPONSE, response, 1); + return; + } char response[] = {char(RESPONSE::RESPONSE_ACK)}; sendData(MESSAGE_TYPE::RESPONSE, response, 1); - } if (cmdCode == COMMAND::SET_SIGNATURE) { // extract payload from [1] to [payloadLength] From d367aa06218ac2f8d7211ac1729230d0620e3ed2 Mon Sep 17 00:00:00 2001 From: pennam Date: Thu, 4 Aug 2022 13:40:18 +0200 Subject: [PATCH 08/14] Fix and cleanup signature parsing --- .../CryptoProvision/CryptoProvision.ino | 22 +++++++++---------- 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/firmware/provision/CryptoProvision/CryptoProvision.ino b/firmware/provision/CryptoProvision/CryptoProvision.ino index 360d9816..f538591d 100644 --- a/firmware/provision/CryptoProvision/CryptoProvision.ino +++ b/firmware/provision/CryptoProvision/CryptoProvision.ino @@ -480,32 +480,30 @@ void processCommand() { } if (cmdCode == COMMAND::SET_SIGNATURE) { // extract payload from [1] to [payloadLength] - // this will be the device_id used to generate a valid CSR + // this will be the signature included in the device certificate Serial1.println("set Signature "); - byte signatureBytes[msgLength - CRC_SIZE]; + byte signatureBytes[msgLength - CRC_SIZE - 1]; for (uint8_t i = 1; i < msgLength - CRC_SIZE; i++) { signatureBytes[i - 1] = payloadBuffer[i]; } + Serial1.println(); - // clear device ID string - // this will be sent to the host - String signatureString = ""; Serial1.print("Signature from host: "); - char charBuffer[2]; for (uint8_t i = 0; i < msgLength - CRC_SIZE - 1; i++) { Serial1.print(signatureBytes[i], HEX); - sprintf(charBuffer, "%02X", signatureBytes[i]); - signatureString += charBuffer;//String(deviceIDBytes[i], 16); } + Serial1.println(); - Serial1.println(signatureString); - - Cert.setSignature(signatureBytes, sizeof(signatureBytes)); + if(!Cert.setSignature(signatureBytes, sizeof(signatureBytes))) { + Serial1.println("set signature Error"); + char response[] = {char(RESPONSE::RESPONSE_ERROR)}; + sendData(MESSAGE_TYPE::RESPONSE, response, 1); + return; + } char response[] = {char(RESPONSE::RESPONSE_ACK)}; sendData(MESSAGE_TYPE::RESPONSE, response, 1); - } if (cmdCode == COMMAND::END_STORAGE) { Serial1.println("end storage"); From a05148bc5c893034504b9bbc2aee6943ccc046a9 Mon Sep 17 00:00:00 2001 From: pennam Date: Thu, 4 Aug 2022 13:42:48 +0200 Subject: [PATCH 09/14] Add debug print of the stored certificate in PEM format --- firmware/provision/CryptoProvision/CryptoProvision.ino | 3 +++ 1 file changed, 3 insertions(+) diff --git a/firmware/provision/CryptoProvision/CryptoProvision.ino b/firmware/provision/CryptoProvision/CryptoProvision.ino index f538591d..7e599129 100644 --- a/firmware/provision/CryptoProvision/CryptoProvision.ino +++ b/firmware/provision/CryptoProvision/CryptoProvision.ino @@ -521,6 +521,9 @@ void processCommand() { return; } + Serial1.println("Certificate PEM file"); + Serial1.println(Cert.getCertPEM()); + char response[] = {char(RESPONSE::RESPONSE_ACK)}; sendData(MESSAGE_TYPE::RESPONSE, response, 1); } From 58fa3778b989ac23f2065fd177122304d6454cc0 Mon Sep 17 00:00:00 2001 From: pennam Date: Thu, 4 Aug 2022 13:45:25 +0200 Subject: [PATCH 10/14] Remove debug print --- firmware/provision/CryptoProvision/CryptoProvision.ino | 3 --- 1 file changed, 3 deletions(-) diff --git a/firmware/provision/CryptoProvision/CryptoProvision.ino b/firmware/provision/CryptoProvision/CryptoProvision.ino index 7e599129..fff784a4 100644 --- a/firmware/provision/CryptoProvision/CryptoProvision.ino +++ b/firmware/provision/CryptoProvision/CryptoProvision.ino @@ -631,9 +631,6 @@ uint8_t cryptoInit() { bool eccOK = 0; while (!(eccOK = Crypto.begin()) || (millis() - beginOfTime < ecctimeout)) { } - - Serial1.print("ECC initialised: "); - Serial1.println(eccOK); return eccOK; } From d9bfccbff90c35bbd22ea3ea902192c97471e7af Mon Sep 17 00:00:00 2001 From: pennam Date: Thu, 4 Aug 2022 13:46:13 +0200 Subject: [PATCH 11/14] Squashme:Fix debug print using Serial instead of Serial1 --- firmware/provision/CryptoProvision/CryptoProvision.ino | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/firmware/provision/CryptoProvision/CryptoProvision.ino b/firmware/provision/CryptoProvision/CryptoProvision.ino index fff784a4..0e6f2cc0 100644 --- a/firmware/provision/CryptoProvision/CryptoProvision.ino +++ b/firmware/provision/CryptoProvision/CryptoProvision.ino @@ -664,7 +664,7 @@ PROVISIONING_ERROR generateCSR() { Cert.setSubjectCommonName(deviceIDstring); if (!Crypto.buildCSR(Cert, CryptoSlot::Key, true)) { - Serial.println("Error generating CSR!"); + Serial1.println("Error generating CSR!"); return PROVISIONING_ERROR::CSR_GEN_FAIL; } From 747d207b425c83334fb74802c6fff141aa4d5063 Mon Sep 17 00:00:00 2001 From: pennam Date: Thu, 4 Aug 2022 13:50:58 +0200 Subject: [PATCH 12/14] Squashme:remove usless Serial.println() from signature message processing --- firmware/provision/CryptoProvision/CryptoProvision.ino | 1 - 1 file changed, 1 deletion(-) diff --git a/firmware/provision/CryptoProvision/CryptoProvision.ino b/firmware/provision/CryptoProvision/CryptoProvision.ino index 0e6f2cc0..57e50c59 100644 --- a/firmware/provision/CryptoProvision/CryptoProvision.ino +++ b/firmware/provision/CryptoProvision/CryptoProvision.ino @@ -487,7 +487,6 @@ void processCommand() { for (uint8_t i = 1; i < msgLength - CRC_SIZE; i++) { signatureBytes[i - 1] = payloadBuffer[i]; } - Serial1.println(); Serial1.print("Signature from host: "); for (uint8_t i = 0; i < msgLength - CRC_SIZE - 1; i++) { From 713e20c8b5aae209790c574d6a1d482da72fd24f Mon Sep 17 00:00:00 2001 From: pennam Date: Thu, 4 Aug 2022 14:09:35 +0200 Subject: [PATCH 13/14] Cosmetics changes: remove empty lines --- .../CryptoProvision/CryptoProvision.ino | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) diff --git a/firmware/provision/CryptoProvision/CryptoProvision.ino b/firmware/provision/CryptoProvision/CryptoProvision.ino index 57e50c59..b0a1b7b3 100644 --- a/firmware/provision/CryptoProvision/CryptoProvision.ino +++ b/firmware/provision/CryptoProvision/CryptoProvision.ino @@ -241,12 +241,12 @@ void processCommand() { Serial1.print("%%%%% "); Serial1.println(">> processing command"); COMMAND cmdCode = (COMMAND)payloadBuffer[0]; + if (cmdCode == COMMAND::GET_SKETCH_INFO) { Serial1.println("get sketch info"); char response[] = {char(RESPONSE::RESPONSE_ACK)}; sendData(MESSAGE_TYPE::RESPONSE, response, 1); } - if (cmdCode == COMMAND::GET_CSR) { // extract payload from [1] to [payloadLength] // this will be the device_id used to generate a valid CSR @@ -300,8 +300,6 @@ void processCommand() { char response[] = {char(RESPONSE::RESPONSE_ACK)}; sendData(MESSAGE_TYPE::RESPONSE, response, 1); } - - if (cmdCode == COMMAND::SET_YEAR) { Serial1.println("set year"); char yearBytes[4]; @@ -324,7 +322,6 @@ void processCommand() { char response[] = {char(RESPONSE::RESPONSE_ACK)}; sendData(MESSAGE_TYPE::RESPONSE, response, 1); - } if (cmdCode == COMMAND::SET_MONTH) { Serial1.println("set month"); @@ -348,9 +345,7 @@ void processCommand() { char response[] = {char(RESPONSE::RESPONSE_ACK)}; sendData(MESSAGE_TYPE::RESPONSE, response, 1); - } - if (cmdCode == COMMAND::SET_DAY) { Serial1.println("set day"); char dayBytes[4]; @@ -373,9 +368,7 @@ void processCommand() { char response[] = {char(RESPONSE::RESPONSE_ACK)}; sendData(MESSAGE_TYPE::RESPONSE, response, 1); - } - if (cmdCode == COMMAND::SET_HOUR) { Serial1.println("set hour"); char hourBytes[4]; @@ -398,9 +391,7 @@ void processCommand() { char response[] = {char(RESPONSE::RESPONSE_ACK)}; sendData(MESSAGE_TYPE::RESPONSE, response, 1); - } - if (cmdCode == COMMAND::SET_VALIDITY) { Serial1.println("set validity"); char validityBytes[4]; @@ -423,9 +414,7 @@ void processCommand() { char response[] = {char(RESPONSE::RESPONSE_ACK)}; sendData(MESSAGE_TYPE::RESPONSE, response, 1); - } - if (cmdCode == COMMAND::SET_CERT_SERIAL) { // extract payload from [1] to [payloadLength] // this will be the certificate serial number included in the device certificate @@ -526,8 +515,6 @@ void processCommand() { char response[] = {char(RESPONSE::RESPONSE_ACK)}; sendData(MESSAGE_TYPE::RESPONSE, response, 1); } - - if (cmdCode == COMMAND::RECONSTRUCT_CERT) { if (!Cert.begin()) { @@ -556,7 +543,6 @@ void processCommand() { Serial1.print('0'); } Serial1.print(b, HEX); - } Serial1.println(); char response[] = {char(RESPONSE::RESPONSE_ACK)}; From 757fb280d14ffa8f058773fcaa7ed71dc09e0eec Mon Sep 17 00:00:00 2001 From: pennam Date: Thu, 4 Aug 2022 14:11:08 +0200 Subject: [PATCH 14/14] Remove Cert.begin() usless call and add missing debug print about received cmdCode --- firmware/provision/CryptoProvision/CryptoProvision.ino | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/firmware/provision/CryptoProvision/CryptoProvision.ino b/firmware/provision/CryptoProvision/CryptoProvision.ino index b0a1b7b3..5095a948 100644 --- a/firmware/provision/CryptoProvision/CryptoProvision.ino +++ b/firmware/provision/CryptoProvision/CryptoProvision.ino @@ -516,14 +516,7 @@ void processCommand() { sendData(MESSAGE_TYPE::RESPONSE, response, 1); } if (cmdCode == COMMAND::RECONSTRUCT_CERT) { - - if (!Cert.begin()) { - Serial1.println("Error starting Crypto cert reconstruction!"); - char response[] = {char(RESPONSE::RESPONSE_ERROR)}; - sendData(MESSAGE_TYPE::RESPONSE, response, 1); - return; - } - + Serial1.println("reconstruct certificate"); if (!Crypto.readCert(Cert, CryptoSlot::CompressedCertificate)) { Serial1.println("Error reconstructing Crypto cert!"); char response[] = {char(RESPONSE::RESPONSE_ERROR)};