diff --git a/README.md b/README.md index 19e04c8..83e4f5f 100644 --- a/README.md +++ b/README.md @@ -30,6 +30,7 @@ This code needs 2 ~~3~~ external libraries to run, that you can install using th - [MKRGSM](https://www.arduino.cc/en/Reference/MKRGSM) in order to handle the GSM module on **Arduino MKR GSM 1400** - [WiFiNINA](https://www.arduino.cc/en/Reference/WiFiNINA) in order to handle WiFi module on **Arduino MKRWIFI 1010** and **Arduino Nano 33 IoT** - [WiFi101](https://www.arduino.cc/en/Reference/WiFi101) in order to handle WiFi module on **Arduino MKR 1000** +- [ArduinoBearSSL](https://www.arduino.cc/reference/en/libraries/arduinobearssl) in order to handle 2-way MQTTS connection through **IoT SAFE** (disabled by default, must be enabled by defining LIVE_OBJECTS_IOT_SAFE in LiveObjectsConfig.h) - ~~[ArduinoMqttClient](https://github.com/arduino-libraries/ArduinoMqttClient) that implements a MQTT client for Arduino~~ * @@ -42,6 +43,10 @@ This code needs 2 ~~3~~ external libraries to run, that you can install using th *mandatory for both Arduino, ESP and Adafruit boards - [ArduinoJson](https://arduinojson.org/), a powerful library used to parse, store and handle JSON easily +#### Library developed by Orange +*mandatory to handle 2-way MQTTS connection through **IoT SAFE** (disabled by default, must be enabled by defining LIVE_OBJECTS_IOT_SAFE) +- [IoT-SAFE-APDU-library](https://github.com/Orange-OpenSource/IoT-SAFE-APDU-library) + #### SAMD21 Arduino core - You also need to install the Arduino core for Atmel SAMD21 processor, used on the boards of the MKR family. Open the [Boards Manager](https://www.arduino.cc/en/guide/cores) and install the package called "Arduino SAMD Boards (32-bit ARM Cortex-M0+)". diff --git a/examples/7_send_data_iot_safe/7_send_data_iot_safe.ino b/examples/7_send_data_iot_safe/7_send_data_iot_safe.ino new file mode 100644 index 0000000..4155fc3 --- /dev/null +++ b/examples/7_send_data_iot_safe/7_send_data_iot_safe.ino @@ -0,0 +1,37 @@ +/****************************************************************************** + INCLUDES + ******************************************************************************/ +#include "arduino_secrets.h" +#include +/****************************************************************************** + USER VARIABLES + ******************************************************************************/ +uint32_t messageRate = 5000; // stores the current data message rate in Milliseconds +unsigned long uptime; // stores the device uptime (sent as fake sensor data) +unsigned long lastMessageTime = 0; // stores the time when last data message was sent + +/****************************************************************************** + USER PROGRAM + ******************************************************************************/ +void setup() { + Serial.begin(115200); + Serial.print("\n*** Live Objects for Arduino MKR boards, revision "); + Serial.print(SW_REVISION); + Serial.println("***"); + lo.setSecurity(MUTUAL_TLS_WITH_IOT_SAFE); + lo.begin(MQTT, TEXT, true); + lo.connect(); // connects to the network + Live Objects +} + +void loop() { + if (millis() - lastMessageTime > messageRate) { + // collect data periodically + Serial.println("Sampling data"); + uptime = millis(); + lo.addToPayload("uptime", uptime); // adding 'uptime' value to the current payload + Serial.println("Sending data to Live Objects"); + lo.sendData(); // send the data to Live Objects + lastMessageTime = millis(); + } + lo.loop(); // don't forget to keep this in your main loop +} diff --git a/examples/7_send_data_iot_safe/README.md b/examples/7_send_data_iot_safe/README.md new file mode 100644 index 0000000..3cd8c92 --- /dev/null +++ b/examples/7_send_data_iot_safe/README.md @@ -0,0 +1,28 @@ +# Send data to Live Objects thanks to IoT SAFE + +This example shows how to send some sample data (device uptime) to Live Objects using Arduino MKR NB 1500. +![diagram](img/send_data_diagram.png) +This example uses the IoT SAFE APDU library to establish a MQTTS connection with a client certificate and a private key securely stored in the (e)SIM. +[2-way authentication](https://liveobjects.orange-business.com/doc/html/lo_manual_v2.html#_go_further_and_use_2_way_authentication) must have been enabled for your API key. +The client certificate embedded in the IoT SAFE applet inside the (e)SIM must have been signed with one of the Certificate Authority associated with your API key. + +## Running +First of all, be sure that you installed the required libraries and generated an API key mentioned in the main README file, then: +1. Open "7_send_data.ino" sketch using Arduino IDE +2. Replace ```const char SECRET_LIVEOBJECTS_API_KEY[]="...";``` in arduino_secrets.h with API key you generated +3. Replace ```const char IOT_SAFE_CUSTOM_AID[]="...";``` in arduino_secrets.h with the Application ID of the IoT SAFE applet +4. Replace ```const char IOT_SAFE_CLIENT_CERTIFICATE_FILE_ID[]="...";``` in arduino_secrets.h with the ID of the client certificate file you saved in the IoT SAFE applet. +5. Replace ```const char IOT_SAFE_PRIVATE_KEY_ID[]="...";``` in arduino_secrets.h with the ID of the private key you saved in the IoT SAFE applet. +6. Upload *7_send_data.ino* sketch to your Arduino MKR NB 1500 board + + +## Verify +**Is device online:**
+If all went fine under **devices** tab on Live Live Objects portal you should see online your device identified by its modem IMEI: + +![device_online](img/device_online.png) + +**Is device sending data:**
+Under data tab on Live Objects portal you should see messages sent by your device, along with values *{ "uptime": xxxxx }* + +![data_portal](img/data_portal.png) diff --git a/examples/7_send_data_iot_safe/arduino_secrets.h b/examples/7_send_data_iot_safe/arduino_secrets.h new file mode 100644 index 0000000..fbda5b5 --- /dev/null +++ b/examples/7_send_data_iot_safe/arduino_secrets.h @@ -0,0 +1,29 @@ + // Cellular connection cerdentials, used only for GSM boards +extern const String SECRET_PINNUMBER = ""; // unless PIN is deactivated, specify your SIM card PIN number +extern const String SECRET_APN = ""; // specify the APN name (if needed) +extern const String SECRET_APN_USER = ""; // specify the username for your APN (if needed) +extern const String SECRET_APN_PASS = ""; // specify the password for your APN (if needed) +extern const String SECRET_SERVER_MSISDN = ""; // specify the number of server(gate) + +// WIFI connection credentials, used only for WiFi boards +extern const String SECRET_SSID = ""; // unless PIN is deactivated, specify your SIM card PIN number +extern const String SECRET_WIFI_PASS = ""; // specify the APN name (if needed) + +// IoT SAFE +// Use a custom AID +extern const uint8_t IOT_SAFE_CUSTOM_AID[] = { + 0xA0, 0x00, 0x00, 0x02, 0x48, 0x04, 0x00 +}; +extern const uint8_t IOT_SAFE_CUSTOM_AID_LEN = sizeof(IOT_SAFE_CUSTOM_AID); +// Define the private key ID inside the IoT SAFE applet +extern const uint8_t IOT_SAFE_PRIVATE_KEY_ID[] = { 0x01 }; +extern const uint8_t IOT_SAFE_PRIVATE_KEY_ID_LEN = sizeof(IOT_SAFE_PRIVATE_KEY_ID); +// Define the certificate file ID inside the IoT SAFE applet +extern const uint8_t IOT_SAFE_CLIENT_CERTIFICATE_FILE_ID[] = { 0x02 }; +extern const uint8_t IOT_SAFE_CLIENT_CERTIFICATE_FILE_ID_LEN = sizeof(IOT_SAFE_CLIENT_CERTIFICATE_FILE_ID); + + // Live Objects credential: paste below your API key (see Configuration > API keys on the portal). + // You API key must have at least the predefined 'MQTT Device' rights profile + // (alternatively: 'Device Access' read + write rights if need to customise the rights). + // Please note that you *must* use a TLS connection (MQTTS) if you grant more rights to the API key. +extern const String SECRET_LIVEOBJECTS_API_KEY = "..."; diff --git a/src/IoTSAFE.cpp b/src/IoTSAFE.cpp new file mode 100644 index 0000000..5896517 --- /dev/null +++ b/src/IoTSAFE.cpp @@ -0,0 +1,135 @@ +/* + * Copyright (C) Orange + * + * This software is distributed under the terms and conditions of the 'MIT' + * license which can be found in the file 'LICENSE.md' in this package distribution + */ + +#include "LiveObjectsBase.h" + +#ifdef LIVE_OBJECTS_IOT_SAFE + +#include "IoTSAFE.h" + +#define IOT_SAFE_MAX_COMMON_NAME_SIZE 64 + +IoTSAFE *g_iot_safe_ptr = nullptr; + +IoTSAFE::IoTSAFE(const uint8_t* pAID, uint8_t nAIDLength) + : + m_AID(pAID), + m_nAIDLength(nAIDLength), + m_nChannel(0) +{ + g_iot_safe_ptr = this; +} + +IoTSAFE::~IoTSAFE() +{} + +iot_safe_error_t IoTSAFE::init() +{ + return iot_safe_init(m_AID, m_nAIDLength, &m_nChannel); +} + +void IoTSAFE::finish() +{ + iot_safe_finish(m_nChannel); +} + +String IoTSAFE::getClientCertificateCommonName() +{ + char client_common_name[IOT_SAFE_MAX_COMMON_NAME_SIZE]; + + memset(client_common_name, 0, sizeof(client_common_name)); + + for (int i = 5; i < sizeof(m_ClientCertificate); i++) { + // Find common name + if (m_ClientCertificate[i-5] == 0x55 && m_ClientCertificate[i-4] == 0x04 && + m_ClientCertificate[i-3] == 0x03) + { + + if (m_ClientCertificate[i-1] > sizeof(client_common_name)) + return String(""); + + memcpy(client_common_name, &m_ClientCertificate[i], + m_ClientCertificate[i-1]); + } + } + return String(client_common_name); +} + +br_x509_certificate IoTSAFE::readClientCertificate() +{ + memset(m_ClientCertificate, 0, sizeof(m_ClientCertificate)); + + if (init() == IOT_SAFE_SUCCESS) + { + iot_safe_read_file(m_nChannel, IOT_SAFE_CLIENT_CERTIFICATE_FILE_ID, + IOT_SAFE_CLIENT_CERTIFICATE_FILE_ID_LEN, NULL, 0, + m_ClientCertificate, sizeof(m_ClientCertificate)); + + finish(); + } + + br_x509_certificate br_client_cert = + { (unsigned char *)m_ClientCertificate, + sizeof(m_ClientCertificate) }; + return br_client_cert; +} + +size_t IoTSAFE::trampolineSign(const br_ec_impl *pImpl, const br_hash_class *pHF, + const void *pHashValue, const br_ec_private_key *pSk, void *pSig) +{ + if (g_iot_safe_ptr) + return g_iot_safe_ptr->sign(pImpl, pHF, pHashValue, pSk, pSig); +} + +size_t IoTSAFE::sign(const br_ec_impl *pImpl, const br_hash_class *pHF, + const void *pHashValue, const br_ec_private_key *pSk, void *pSig) +{ + iot_safe_hash_t IoTSAFEHash = IOT_SAFE_HASH_SHA_256; + uint8_t nHashSize = (pHF->desc >> BR_HASHDESC_OUT_OFF) & BR_HASHDESC_OUT_MASK; + uint16_t nSignatureLength = 0; + + switch((pHF->desc >> BR_HASHDESC_ID_OFF) & BR_HASHDESC_ID_MASK) { + case 0: + // IoT SAFE does not support none as an hash algorithm + return -1; + case 1: + // IoT SAFE does not support the unsecure md5 hash algorithm + return -1; + case 2: + // IoT SAFE does not support the unsecure sha1 hash algorithm + return -1; + case 3: + // IoT SAFE does not support sha224 hash algorithm + return -1; + case 4: + IoTSAFEHash = IOT_SAFE_HASH_SHA_256; + break; + case 5: + IoTSAFEHash = IOT_SAFE_HASH_SHA_384; + break; + case 6: + IoTSAFEHash = IOT_SAFE_HASH_SHA_512; + break; + default: + // Unknown hash algorithm + return -1; + } + + if (init() == IOT_SAFE_SUCCESS) + { + iot_safe_sign(m_nChannel, IOT_SAFE_SIGNATURE_OPERATION_MODE_PAD_AND_SIGN, + IoTSAFEHash, IOT_SAFE_SIGNATURE_ECDSA, IOT_SAFE_PRIVATE_KEY_ID, + IOT_SAFE_PRIVATE_KEY_ID_LEN, NULL, 0, + (uint8_t*)pHashValue, nHashSize, (uint8_t*)pSig, 72, &nSignatureLength); + + finish(); + } + + return br_ecdsa_raw_to_asn1(pSig, nSignatureLength); +} + +#endif diff --git a/src/IoTSAFE.h b/src/IoTSAFE.h new file mode 100644 index 0000000..8aeaffb --- /dev/null +++ b/src/IoTSAFE.h @@ -0,0 +1,45 @@ +/* + * Copyright (C) Orange + * + * This software is distributed under the terms and conditions of the 'MIT' + * license which can be found in the file 'LICENSE.md' in this package distribution + */ +#pragma once + +#ifdef LIVE_OBJECTS_IOT_SAFE + +#include +#include + +#define IOT_SAFE_MAX_FILE_SIZE 512 + +class IoTSAFE +{ + public: + IoTSAFE(const uint8_t *pAID=IOT_SAFE_AID, + uint8_t nAIDLength=sizeof(IOT_SAFE_AID)); + ~IoTSAFE(); + br_x509_certificate readClientCertificate(); + String getClientCertificateCommonName(); + size_t sign(const br_ec_impl *pImpl, const br_hash_class *pHF, + const void *pHashValue, const br_ec_private_key *pSk, void *pSig); + static size_t trampolineSign(const br_ec_impl *pImpl, const br_hash_class *pHF, + const void *pHashValue, const br_ec_private_key *pSk, void *pSig); + private: + iot_safe_error_t init(); + void finish(); + private: + const uint8_t *m_AID; + uint8_t m_nAIDLength; + uint8_t m_nChannel; + uint8_t m_ClientCertificate[IOT_SAFE_MAX_FILE_SIZE]; +}; + +extern const uint8_t IOT_SAFE_CUSTOM_AID[]; +extern const uint8_t IOT_SAFE_CUSTOM_AID_LEN; +extern const uint8_t IOT_SAFE_PRIVATE_KEY_ID[]; +extern const uint8_t IOT_SAFE_PRIVATE_KEY_ID_LEN; +extern const uint8_t IOT_SAFE_CLIENT_CERTIFICATE_FILE_ID[]; +extern const uint8_t IOT_SAFE_CLIENT_CERTIFICATE_FILE_ID_LEN; + +#endif diff --git a/src/LiveObjectsBase.h b/src/LiveObjectsBase.h index 10367d1..753c193 100644 --- a/src/LiveObjectsBase.h +++ b/src/LiveObjectsBase.h @@ -6,6 +6,11 @@ */ #pragma once +#if defined __has_include + #if __has_include () + #include + #endif +#endif /****************************************************************************** DEFAULT VALUES FOR LIVEOBJECTS @@ -101,6 +106,9 @@ enum Security NONE ,TLS //,DTLS + #ifdef LIVE_OBJECTS_IOT_SAFE + ,MUTUAL_TLS_WITH_IOT_SAFE + #endif }; enum Encoding @@ -422,4 +430,4 @@ void LiveObjectsBase::addToStringPayload(T val, Args ... args) addToStringPayload(args...); } -extern const String SECRET_LIVEOBJECTS_API_KEY; \ No newline at end of file +extern const String SECRET_LIVEOBJECTS_API_KEY; diff --git a/src/LiveObjectsCellular.cpp b/src/LiveObjectsCellular.cpp index 8a20827..328240e 100644 --- a/src/LiveObjectsCellular.cpp +++ b/src/LiveObjectsCellular.cpp @@ -16,6 +16,9 @@ LiveObjectsCellular::LiveObjectsCellular() #ifdef GSMD ,m_GPRSAcces() #endif + #ifdef LIVE_OBJECTS_IOT_SAFE + ,m_IoTSafe(IOT_SAFE_CUSTOM_AID, IOT_SAFE_CUSTOM_AID_LEN) + #endif { String num = SECRET_SERVER_MSISDN; for (int i = 0; i < num.length(); i+=2) @@ -47,6 +50,18 @@ void LiveObjectsCellular::begin(Protocol p, Encoding s, bool bDebug) { switch(m_Security) { + #ifdef LIVE_OBJECTS_IOT_SAFE + case MUTUAL_TLS_WITH_IOT_SAFE: + #ifdef NBD + m_pClient = new NBClient(); + #elif defined GSMD + m_pClient = new GSMClient(); + #endif + m_pBearSSLClient = new BearSSLClient(*m_pClient, TAs, 1); + m_pMqttclient = new MqttClient(m_pBearSSLClient); + m_nPort = 8883; + break; + #endif case TLS: #ifdef NBD m_pClient = new NBSSLClient(); @@ -81,6 +96,19 @@ void LiveObjectsCellular::begin(Protocol p, Encoding s, bool bDebug) } m_bInitialized = true; } + +#ifdef LIVE_OBJECTS_IOT_SAFE +unsigned long LiveObjectsCellular::getTime() { + outputDebug(INFO,"Getting time from the cellular module..."); + // get the current time from the cellular module + return m_Acces.getTime(); +} + +unsigned long LiveObjectsCellular::trampolineGetTime() { + return LiveObjects::get().getTime(); +} +#endif + void LiveObjectsCellular::connectNetwork() { //Set client id as IMEI @@ -102,6 +130,23 @@ void LiveObjectsCellular::connectNetwork() #endif if(modem.begin()) { + #ifdef LIVE_OBJECTS_IOT_SAFE + if (m_Security == MUTUAL_TLS_WITH_IOT_SAFE) + { + // Set a callback to get the current time used to validate the servers certificate + ArduinoBearSSL.onGetTime(trampolineGetTime); + + // Wait a little before sending command to applet as we're getting strange + // behavior otherwise (i.e. an empty file is returned) + delay(2000); + + br_x509_certificate client_certificate = m_IoTSafe.readClientCertificate(); + m_pBearSSLClient->setEccCert(client_certificate); + m_sMqttid = m_IoTSafe.getClientCertificateCommonName(); + outputDebug(INFO,"m_sMqttid retrieved from client certificate: ", m_sMqttid); + m_pBearSSLClient->setEccSign(m_IoTSafe.trampolineSign); + } + #endif if(m_sMqttid.length()==0) { String imei=""; diff --git a/src/LiveObjectsCellular.h b/src/LiveObjectsCellular.h index 9f00f02..f6bf27f 100644 --- a/src/LiveObjectsCellular.h +++ b/src/LiveObjectsCellular.h @@ -5,6 +5,9 @@ * license which can be found in the file 'LICENSE.md' in this package distribution */ #include "LiveObjectsMKR.h" +#ifdef LIVE_OBJECTS_IOT_SAFE +#include "IoTSAFE.h" +#endif #if defined ARDUINO_SAMD_MKRNB1500 #define NBD #include @@ -37,6 +40,10 @@ class LiveObjectsCellular : public LiveObjectsMKR void checkNetwork() override; void disconnectNetwork() override; static void messageCallback(int msg); + #ifdef LIVE_OBJECTS_IOT_SAFE + unsigned long getTime(); + static unsigned long trampolineGetTime(); + #endif private: #ifdef NBD NB m_Acces; @@ -50,6 +57,9 @@ class LiveObjectsCellular : public LiveObjectsMKR GSM_SMS m_Sms; #endif String m_sNumber; + #ifdef LIVE_OBJECTS_IOT_SAFE + IoTSAFE m_IoTSafe; + #endif }; typedef LiveObjectsCellular LiveObjects; @@ -59,4 +69,4 @@ extern const String SECRET_PINNUMBER; extern const String SECRET_APN; extern const String SECRET_APN_USER; extern const String SECRET_APN_PASS; -#endif \ No newline at end of file +#endif diff --git a/src/LiveObjectsCert.h b/src/LiveObjectsCert.h index 90b942f..ca08210 100644 --- a/src/LiveObjectsCert.h +++ b/src/LiveObjectsCert.h @@ -9,6 +9,9 @@ #include #include +#ifdef LIVE_OBJECTS_IOT_SAFE +#include +#endif struct LORootCert { const char* name; @@ -248,4 +251,86 @@ static const struct LORootCertPem LO_ROOT_CERT_PEM[] PROGMEM = { } }; +#ifdef LIVE_OBJECTS_IOT_SAFE +// Needed for BearSSL +static const unsigned char TA0_DN[] = { + 0x30, 0x61, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, + 0x02, 0x55, 0x53, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, + 0x13, 0x0C, 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x49, + 0x6E, 0x63, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, + 0x10, 0x77, 0x77, 0x77, 0x2E, 0x64, 0x69, 0x67, 0x69, 0x63, 0x65, 0x72, + 0x74, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x20, 0x30, 0x1E, 0x06, 0x03, 0x55, + 0x04, 0x03, 0x13, 0x17, 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, + 0x20, 0x47, 0x6C, 0x6F, 0x62, 0x61, 0x6C, 0x20, 0x52, 0x6F, 0x6F, 0x74, + 0x20, 0x43, 0x41 +}; + +static const unsigned char TA0_RSA_N[] = { + 0xE2, 0x3B, 0xE1, 0x11, 0x72, 0xDE, 0xA8, 0xA4, 0xD3, 0xA3, 0x57, 0xAA, + 0x50, 0xA2, 0x8F, 0x0B, 0x77, 0x90, 0xC9, 0xA2, 0xA5, 0xEE, 0x12, 0xCE, + 0x96, 0x5B, 0x01, 0x09, 0x20, 0xCC, 0x01, 0x93, 0xA7, 0x4E, 0x30, 0xB7, + 0x53, 0xF7, 0x43, 0xC4, 0x69, 0x00, 0x57, 0x9D, 0xE2, 0x8D, 0x22, 0xDD, + 0x87, 0x06, 0x40, 0x00, 0x81, 0x09, 0xCE, 0xCE, 0x1B, 0x83, 0xBF, 0xDF, + 0xCD, 0x3B, 0x71, 0x46, 0xE2, 0xD6, 0x66, 0xC7, 0x05, 0xB3, 0x76, 0x27, + 0x16, 0x8F, 0x7B, 0x9E, 0x1E, 0x95, 0x7D, 0xEE, 0xB7, 0x48, 0xA3, 0x08, + 0xDA, 0xD6, 0xAF, 0x7A, 0x0C, 0x39, 0x06, 0x65, 0x7F, 0x4A, 0x5D, 0x1F, + 0xBC, 0x17, 0xF8, 0xAB, 0xBE, 0xEE, 0x28, 0xD7, 0x74, 0x7F, 0x7A, 0x78, + 0x99, 0x59, 0x85, 0x68, 0x6E, 0x5C, 0x23, 0x32, 0x4B, 0xBF, 0x4E, 0xC0, + 0xE8, 0x5A, 0x6D, 0xE3, 0x70, 0xBF, 0x77, 0x10, 0xBF, 0xFC, 0x01, 0xF6, + 0x85, 0xD9, 0xA8, 0x44, 0x10, 0x58, 0x32, 0xA9, 0x75, 0x18, 0xD5, 0xD1, + 0xA2, 0xBE, 0x47, 0xE2, 0x27, 0x6A, 0xF4, 0x9A, 0x33, 0xF8, 0x49, 0x08, + 0x60, 0x8B, 0xD4, 0x5F, 0xB4, 0x3A, 0x84, 0xBF, 0xA1, 0xAA, 0x4A, 0x4C, + 0x7D, 0x3E, 0xCF, 0x4F, 0x5F, 0x6C, 0x76, 0x5E, 0xA0, 0x4B, 0x37, 0x91, + 0x9E, 0xDC, 0x22, 0xE6, 0x6D, 0xCE, 0x14, 0x1A, 0x8E, 0x6A, 0xCB, 0xFE, + 0xCD, 0xB3, 0x14, 0x64, 0x17, 0xC7, 0x5B, 0x29, 0x9E, 0x32, 0xBF, 0xF2, + 0xEE, 0xFA, 0xD3, 0x0B, 0x42, 0xD4, 0xAB, 0xB7, 0x41, 0x32, 0xDA, 0x0C, + 0xD4, 0xEF, 0xF8, 0x81, 0xD5, 0xBB, 0x8D, 0x58, 0x3F, 0xB5, 0x1B, 0xE8, + 0x49, 0x28, 0xA2, 0x70, 0xDA, 0x31, 0x04, 0xDD, 0xF7, 0xB2, 0x16, 0xF2, + 0x4C, 0x0A, 0x4E, 0x07, 0xA8, 0xED, 0x4A, 0x3D, 0x5E, 0xB5, 0x7F, 0xA3, + 0x90, 0xC3, 0xAF, 0x27 +}; + +static const unsigned char TA0_RSA_E[] = { + 0x01, 0x00, 0x01 +}; + +static const unsigned char TA1_DN[] = { + 0x30, 0x81, 0x84, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, + 0x13, 0x02, 0x46, 0x52, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, + 0x08, 0x0C, 0x08, 0x42, 0x72, 0x65, 0x74, 0x61, 0x67, 0x6E, 0x65, 0x31, + 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x06, 0x52, 0x65, + 0x6E, 0x6E, 0x65, 0x73, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, + 0x0A, 0x0C, 0x06, 0x4F, 0x72, 0x61, 0x6E, 0x67, 0x65, 0x31, 0x14, 0x30, + 0x12, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0B, 0x45, 0x43, 0x43, 0x5F, + 0x52, 0x4F, 0x4F, 0x54, 0x5F, 0x43, 0x41, 0x31, 0x2A, 0x30, 0x28, 0x06, + 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x1B, + 0x66, 0x61, 0x62, 0x72, 0x69, 0x63, 0x65, 0x2E, 0x66, 0x6F, 0x6E, 0x74, + 0x61, 0x69, 0x6E, 0x65, 0x40, 0x6F, 0x72, 0x61, 0x6E, 0x67, 0x65, 0x2E, + 0x63, 0x6F, 0x6D +}; + +static const unsigned char TA1_EC_Q[] = { + 0x04, 0x08, 0x09, 0x21, 0x06, 0xF1, 0x7D, 0xFC, 0x2E, 0x43, 0xEA, 0xE0, + 0x8C, 0x1F, 0x6D, 0x31, 0x99, 0x65, 0xBE, 0xA3, 0x43, 0x51, 0xC1, 0x5D, + 0xFB, 0xB6, 0xF5, 0x24, 0x2A, 0xF3, 0x68, 0x85, 0xAA, 0xDB, 0x35, 0x83, + 0x9F, 0xDF, 0x76, 0x8E, 0x77, 0xE6, 0xB2, 0x16, 0xCF, 0xEE, 0xE0, 0xE9, + 0x53, 0xDF, 0x15, 0x8B, 0x95, 0xD3, 0x41, 0xC7, 0x07, 0x36, 0x55, 0x15, + 0x41, 0x93, 0x49, 0x54, 0x71 +}; + +static const br_x509_trust_anchor TAs[1] = { + { + { (unsigned char *)TA0_DN, sizeof TA0_DN }, + BR_X509_TA_CA, + { + BR_KEYTYPE_RSA, + { .rsa = { + (unsigned char *)TA0_RSA_N, sizeof TA0_RSA_N, + (unsigned char *)TA0_RSA_E, sizeof TA0_RSA_E, + } } + } + } +}; +#endif + #endif diff --git a/src/LiveObjectsConfig.h b/src/LiveObjectsConfig.h new file mode 100644 index 0000000..77b27b9 --- /dev/null +++ b/src/LiveObjectsConfig.h @@ -0,0 +1,10 @@ +/* + * Copyright (C) Orange + * + * This software is distributed under the terms and conditions of the 'MIT' + * license which can be found in the file 'LICENSE.md' in this package distribution + */ +#pragma once + +/* Enabling this define allows the usage of IoT SAFE. */ +//#define LIVE_OBJECTS_IOT_SAFE diff --git a/src/LiveObjectsMKR.h b/src/LiveObjectsMKR.h index a36637e..24e4795 100644 --- a/src/LiveObjectsMKR.h +++ b/src/LiveObjectsMKR.h @@ -8,6 +8,9 @@ /****************************************************************************** MKR BOARDS BASE CLASS ******************************************************************************/ +#ifdef LIVE_OBJECTS_IOT_SAFE +#include +#endif #include "LiveObjectsBase.h" #include "MqttClient.h" class LiveObjectsMKR : public LiveObjectsBase @@ -33,4 +36,7 @@ class LiveObjectsMKR : public LiveObjectsBase protected: Client* m_pClient; MqttClient *m_pMqttclient; + #ifdef LIVE_OBJECTS_IOT_SAFE + BearSSLClient *m_pBearSSLClient; + #endif };