Add new API to set private key (and public certificate) for client based authentication

arduino-libraries / ArduinoBearSSL

Port of BearSSL to Arduino

MIT License

84 stars 49 forks source link

Add new API to set private key (and public certificate) for client based authentication #51

Closed sandeepmistry closed 3 years ago

sandeepmistry commented 3 years ago

This pull request adds the following:

New API to set private key (and public certificate) for client based authentication
Adds the DigitCertGlobalRootCA as trust anchor

Some IoT cloud providers do not support either: 1) Elliptic Curve Cryptography (ECC) 2) Generating a public certificate from a CSR

This pull request would allow users to specify their own private key (RSA or ECC) and public certification in PEM format using:

const char SECRET_CERTIFICATE[] = R"(
-----BEGIN CERTIFICATE-----
// ...
-----END CERTIFICATE-----
)";

const char SECRET_KEY[] = R"(
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
)";

// ...
sslClient.setKey(SECRET_KEY, SECRET_CERTIFICATE);

They would also still be able leverage the TNG feature of the ECCX08 crypto chip with this library.

Please let me know if you have any questions, or comments regarding the proposed changes.

cc/ @skye0402

CLAassistant commented 3 years ago

All committers have signed the CLA.

github-actions[bot] commented 3 years ago

Memory usage change @ 026f17465048cddb2530d54028474dae40146cee

Board	flash	%	RAM for global variables	%
arduino:megaavr:uno2018	0 - 0	0.0 - 0.0	0 - 0	0.0 - 0.0
arduino:samd:mkr1000	:small_red_triangle: 0 - +2592	0.0 - +0.99	0 - 0	0.0 - 0.0
arduino:samd:mkrgsm1400	:small_red_triangle: 0 - +2592	0.0 - +0.99	0 - 0	0.0 - 0.0

Click for full report table

Board|examples/SHA1
flash|%|examples/SHA1
RAM for global variables|%|examples/SHA256
flash|%|examples/SHA256
RAM for global variables|%|examples/WiFiSSLClient
flash|%|examples/WiFiSSLClient
RAM for global variables|%|examples/MKRGSMSSLClient
flash|%|examples/MKRGSMSSLClient
RAM for global variables|% -|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|- arduino:megaavr:uno2018|0|0.0|0|0.0|0|0.0|0|0.0 arduino:samd:mkr1000|0|0.0|0|0.0|0|0.0|0|0.0|2592|0.99|0|0.0 arduino:samd:mkrgsm1400|0|0.0|0|0.0|0|0.0|0|0.0|||||2592|0.99|0|0.0

Click for full report CSV

``` Board,examples/SHA1
flash,%,examples/SHA1
RAM for global variables,%,examples/SHA256
flash,%,examples/SHA256
RAM for global variables,%,examples/WiFiSSLClient
flash,%,examples/WiFiSSLClient
RAM for global variables,%,examples/MKRGSMSSLClient
flash,%,examples/MKRGSMSSLClient
RAM for global variables,% arduino:megaavr:uno2018,0,0.0,0,0.0,0,0.0,0,0.0 arduino:samd:mkr1000,0,0.0,0,0.0,0,0.0,0,0.0,2592,0.99,0,0.0 arduino:samd:mkrgsm1400,0,0.0,0,0.0,0,0.0,0,0.0,,,,,2592,0.99,0,0.0 ```

facchinm commented 3 years ago

Hi Sandeep! Glad to see you again on this side of town :wink: Thanks for the PR, I'd merge it immediately but I need you to sign the CLA beforehand (due to the new policies). Apart from that, everything looks good :+1:

sandeepmistry commented 3 years ago

@facchinm thank you for reviewing!

Apologies for the delay with the CLA, there was some paperwork I needed to go through that took longer than expected.