torntrousers
commented
3 years ago I've tried this on the ESP32 and an Arduino Nano 33 IoT so can confirm it still works with both.
Closed torntrousers closed 2 years ago
torntrousers
commented
3 years ago I've tried this on the ESP32 and an Arduino Nano 33 IoT so can confirm it still works with both.
github-actions[bot]
commented
3 years ago Memory usage change @ 44baa6c96f6c1e591ab7f71bac01c7597b3a75fb
| Board | flash | % | RAM for global variables | % |
|---|---|---|---|---|
| arduino:samd:mkr1000 | 0 - 0 | 0.0 - 0.0 | 0 - 0 | 0.0 - 0.0 |
| arduino:samd:mkrgsm1400 | 0 - 0 | 0.0 - 0.0 | 0 - 0 | 0.0 - 0.0 |
| arduino:samd:mkrnb1500 | 0 - 0 | 0.0 - 0.0 | 0 - 0 | 0.0 - 0.0 |
| arduino:samd:mkrvidor4000 | 0 - 0 | 0.0 - 0.0 | 0 - 0 | 0.0 - 0.0 |
| arduino:samd:mkrwan1300 | 0 - 0 | 0.0 - 0.0 | 0 - 0 | 0.0 - 0.0 |
| arduino:samd:mkrwan1310 | 0 - 0 | 0.0 - 0.0 | 0 - 0 | 0.0 - 0.0 |
| arduino:samd:mkrwifi1010 | 0 - 0 | 0.0 - 0.0 | 0 - 0 | 0.0 - 0.0 |
| arduino:samd:nano_33_iot | 0 - 0 | 0.0 - 0.0 | 0 - 0 | 0.0 - 0.0 |
github-actions[bot]
commented
3 years ago Memory usage change @ 9864c4cfe5d3dc0d97aa0638056421fc5878a35a
| Board | flash | % | RAM for global variables | % |
|---|---|---|---|---|
| arduino:mbed:envie_m7 | 0 - 0 | 0.0 - 0.0 | 0 - 0 | 0.0 - 0.0 |
| arduino:megaavr:uno2018 | 0 - 0 | 0.0 - 0.0 | 0 - 0 | 0.0 - 0.0 |
| arduino:samd:mkr1000 | 0 - 0 | 0.0 - 0.0 | 0 - 0 | 0.0 - 0.0 |
| arduino:samd:mkrgsm1400 | 0 - 0 | 0.0 - 0.0 | 0 - 0 | 0.0 - 0.0 |
| arduino:samd:mkrnb1500 | 0 - 0 | 0.0 - 0.0 | 0 - 0 | 0.0 - 0.0 |
| arduino:samd:mkrvidor4000 | 0 - 0 | 0.0 - 0.0 | 0 - 0 | 0.0 - 0.0 |
| arduino:samd:mkrwan1300 | 0 - 0 | 0.0 - 0.0 | 0 - 0 | 0.0 - 0.0 |
| arduino:samd:mkrwan1310 | 0 - 0 | 0.0 - 0.0 | 0 - 0 | 0.0 - 0.0 |
| arduino:samd:mkrwifi1010 | 0 - 0 | 0.0 - 0.0 | 0 - 0 | 0.0 - 0.0 |
| arduino:samd:nano_33_iot | 0 - 0 | 0.0 - 0.0 | 0 - 0 | 0.0 - 0.0 |
CLAassistant
commented
3 years ago
All committers have signed the CLA.
rashedtalukder
commented
3 years ago @facchinm, would you be so kind as to review this PR and merge? This patch lets me use this library on other Arduino boards with external ECCx08 boards that have a different i2c address.
facchinm
commented
3 years ago Hi @rashedtalukder , reviewing right now, sorry but I lost the notification :sweat:
@torntrousers I really like the begin() overload; about the requestFrom change, I'd prefer to have the whole code without ifdefs, since the ESP32 version could not read more than 256 bytes and would wrap if more are requested while the other can (this shouldn't hurt the behaviour of the library but it's not very clear anyway).
Maybe it's better to convince the ESP32 people to patch their core to be compliant with the API specifications https://github.com/arduino/ArduinoCore-API/blob/173e8eadced2ad32eeb93bcbd5c49f8d6a055ea6/api/HardwareI2C.h#L39 :wink:
torntrousers
commented
2 years ago Maybe it's better to convince the ESP32 people to patch their core to be compliant with the API specifications https://github.com/arduino/ArduinoCore-API/blob/173e8eadced2ad32eeb93bcbd5c49f8d6a055ea6/api/HardwareI2C.h#L39 😉
@facchinm I can't work out how to do this from the ESP32 side, see https://github.com/espressif/arduino-esp32/pull/5768#issuecomment-944892717, any suggestions?
torntrousers
commented
2 years ago Hi @facchinm , how about simply changing the (size_t)responseSize to (uint8_t)responseSize on the requestFrom call? Maybe that will seem imperfect, but it would fix https://github.com/arduino-libraries/ArduinoECCX08/issues/25 and https://github.com/arduino-libraries/ArduinoECCX08/issues/36 and keep the existing Arduino boards working fine.
torntrousers
commented
2 years ago Happy days, the requestFrom function has now been updated in the ESP32 core code in https://github.com/espressif/arduino-esp32/pull/5768 thanks to help from @me-no-dev, and this is now out in the 2.0.1 release. So I've updated this PR to just have the I2C address update. How does this look now @facchinm ?
github-actions[bot]
commented
2 years ago Memory usage change @ 70563e0c8810ca64ab05cda71d73b5ac8abb1570
| Board | flash | % | RAM for global variables | % |
|---|---|---|---|---|
| arduino:mbed:envie_m7 | 0 - 0 | 0.0 - 0.0 | 0 - 0 | 0.0 - 0.0 |
| arduino:mbed_nano:nanorp2040connect | 0 - 0 | 0.0 - 0.0 | 0 - 0 | 0.0 - 0.0 |
| arduino:megaavr:uno2018 | 0 - 0 | 0.0 - 0.0 | 0 - 0 | 0.0 - 0.0 |
| arduino:samd:mkr1000 | 0 - 0 | 0.0 - 0.0 | 0 - 0 | 0.0 - 0.0 |
| arduino:samd:mkrgsm1400 | 0 - 0 | 0.0 - 0.0 | 0 - 0 | 0.0 - 0.0 |
| arduino:samd:mkrnb1500 | 0 - 0 | 0.0 - 0.0 | 0 - 0 | 0.0 - 0.0 |
| arduino:samd:mkrvidor4000 | 0 - 0 | 0.0 - 0.0 | 0 - 0 | 0.0 - 0.0 |
| arduino:samd:mkrwan1300 | 0 - 0 | 0.0 - 0.0 | 0 - 0 | 0.0 - 0.0 |
| arduino:samd:mkrwan1310 | 0 - 0 | 0.0 - 0.0 | 0 - 0 | 0.0 - 0.0 |
| arduino:samd:mkrwifi1010 | 0 - 0 | 0.0 - 0.0 | 0 - 0 | 0.0 - 0.0 |
| arduino:samd:nano_33_iot | 0 - 0 | 0.0 - 0.0 | 0 - 0 | 0.0 - 0.0 |
rashedtalukder
commented
2 years ago Awesome work @torntrousers! @facchinm, there shouldn't be any blockers to this getting merged at this point, correct?
facchinm
commented
2 years ago LGTM! I'm squashing into a single commit and merging! Thanks for the contribution
torntrousers
commented
2 years ago Any chance of a release of this library soon?
@rashedtalukder - I'm now trying to get a mutual TLS connection to AWS IoT with the client private key in the EduKit's 608. Using BearSSL as I've got that working with the 608 on a Nano 33 IoT board, but if you have this with MBedTLS or any ideas would be happy to hear about it.
rashedtalukder
commented
2 years ago @torntrousers, you can find an example of it working on the Core2 for AWS using BearSSL below. It would be great to have the device certificate get retrieved in BearSSL so there's less the user needs to do: https://github.com/aws-samples/aws-iot-edukit-examples/tree/main/Basic_Arduino
You can see how to generate the public key in either of these examples:
Here is how the device certificate is retrieved using the Microchip cryptoauthlib (along w/ espressif's port). You'll have to ignore the gibberish logging outputs in that function, it was clearly copied and pasted from the the signer cert retrieval.: https://github.com/espressif/esp-cryptoauthlib/blob/feature/add_firmware_source_code/esp_cryptoauth_utility/firmware/main/handlers.c#L513
gannaramu
commented
2 years ago @rashedtalukder I was able to extract the signer certificate and signer public key from the ATECC608B-TNGTLS but I am kind of stuck in reconstructing the certificate to X.509 format. with some guidance, I can get that going.
torntrousers
commented
2 years ago @rashedtalukder
It would be great to have the device certificate get retrieved in BearSSL so there's less the user needs to do
I guess that would need something like a new ArduinoECCX08 function that reconstructs a certificate to PEM format from a 608 slot and a new ArduinoBearSSL setEccSlot function that uses that:
void BearSSLClient::setEccSlot(int ecc508KeySlot, int ecc508CertificateSlot)
{
String certPEM = ECCX08Cert.certificate(ecc508CertificateSlot);
setEccSlot(ecc508KeySlot, certPEM.c_str());
}Seems pretty dooable, and I do actually need the ECCX08Cert.certificate function for another thing anyway .
torntrousers
commented
2 years ago @rashedtalukder I was able to extract the signer certificate and signer public key from the ATECC608B-TNGTLS but I am kind of stuck in reconstructing the certificate to X.509 format. with some guidance, I can get that going.
Hi @gannaramu , i could help you but I don't know what you know. The compressed certificates are described in section 2.2.1.3 here and the app note that refers too, here.
There is a really handy online utility for showing the ASN.1 structure https://lapo.it/asn1js/ which can be super helpful while debugging.
rashedtalukder
commented
2 years ago @torntrousers, that's correct you'd need to start by adding the function here to get the public key from the requested slot. I can't remember if it's in PEM or DER format, but I think it's DER. After that, BearSSL needs to have it modified that if using a secure element or PK from a slot, it just uses the certificate from the hardware instead.
gannaramu
commented
2 years ago @torntrousers Thanks for those links. Both the documents didn't cover where the organizationName, commonName is inferred from. I was using the Jupiter notebooks from this repository with Cryptoauth Trust Platform Development Kit. From resource generation notebook i was able extract the device certificate and signer certificate and used it for cross verify my functions on Arduino (Teensy) are generating it correctly. I observed the common name is a serial number appended with a " ATECC". do you know if there are application notes that talk about reconstructing the TNGTLS certificate
torntrousers
commented
2 years ago ... do you know if there are application notes that talk about reconstructing the TNGTLS certificate
How about section 4.5.3 in here: https://datasheet.octopart.com/ATSAMA5D27-WLSOM1-Microchip-datasheet-149595509.pdf
If thats not enough I have contacts in Microchip I can ask.
rashedtalukder
commented
2 years ago @gannaramu, the data sheet provided and looking at some of the function definitions in CryptoAuthLib, I can start to see how it comes together but it would take a while to trace through all the calls. I would start here though: https://github.com/MicrochipTech/cryptoauthlib/blob/d5fcc6002ab070264696a0621f40c626861630eb/app/tng/tng_atcacert_client.c#L58-L99
rashedtalukder
commented
2 years ago Here is a feature request issue in BearSSL for the subsequent feature after this repository supports the device certificate and public key feature: https://github.com/arduino-libraries/ArduinoBearSSL/issues/55
I'd like to use this library with the M5Stack Core2 IoT EduKit but there is a compile error on an ESP32 and the I2C address of the ATECC608 is different.
The compile error fix is from #25
For the I2C address I can see that with the existing code you can create your own instance with a custom I2C address, but then all the provided utilities don't work so you'd need you own of those too, so this new
begin(i2cAddr)function makes it all work more seemlessly.What do you think?