Use ArduinoBearSSL library

.github/workflows/compile-examples.yml

@@ -101,6 +101,7 @@ jobs:
               # Install samd platform via Boards Manager
               - name: arduino:samd
             libraries: |
+              - name: ArduinoBearSSL
               - name: ArduinoECCX08
               - name: RTCZero
               - name: WiFi101
@@ -115,6 +116,7 @@ jobs:
               - name: arduino:samd
               - name: arduino:mbed_nano
             libraries: |
+              - name: ArduinoBearSSL
               - name: ArduinoECCX08
               - name: RTCZero
               - name: WiFiNINA
@@ -142,6 +144,7 @@ jobs:
               # Install samd platform via Boards Manager
               - name: arduino:samd
             libraries: |
+              - name: ArduinoBearSSL
               - name: ArduinoECCX08
               - name: RTCZero
               - name: MKRGSM
@@ -155,6 +158,7 @@ jobs:
               # Install samd platform via Boards Manager
               - name: arduino:samd
             libraries: |
+              - name: ArduinoBearSSL
               - name: ArduinoECCX08
               - name: RTCZero
               - name: MKRNB
@@ -168,6 +172,7 @@ jobs:
               # Install mbed_portenta platform via Boards Manager
               - name: arduino:mbed_portenta
             libraries: |
+              - name: ArduinoBearSSL
               - name: ArduinoECCX08
               - name: Arduino_Portenta_OTA
             sketch-paths: |
@@ -180,6 +185,7 @@ jobs:
               # Install mbed_nicla platform via Boards Manager
               - name: arduino:mbed_nicla
             libraries: |
+              - name: ArduinoBearSSL
               - name: Arduino_Portenta_OTA
             sketch-paths: |
               - examples/ArduinoIoTCloud-DeferredOTA
@@ -191,6 +197,7 @@ jobs:
               # Install mbed_opta platform via Boards Manager
               - name: arduino:mbed_opta
             libraries: |
+              - name: ArduinoBearSSL
               - name: ArduinoECCX08
               - name: Arduino_Portenta_OTA
             sketch-paths: |
@@ -203,6 +210,7 @@ jobs:
               # Install mbed_giga platform via Boards Manager
               - name: arduino:mbed_giga
             libraries: |
+              - name: ArduinoBearSSL
               - name: ArduinoECCX08
               - name: Arduino_Portenta_OTA
             sketch-paths: |
@@ -214,6 +222,8 @@ jobs:
             platforms: |
               # Install renesas_portenta platform via Boards Manager
               - name: arduino:renesas_portenta
+            libraries: |
+              - name: ArduinoBearSSL
             sketch-paths: |
               - examples/utility/Provisioning
           # UNO R4 WiFi
@@ -222,13 +232,16 @@ jobs:
             platforms: |
               # Install renesas_uno platform via Boards Manager
               - name: arduino:renesas_uno
+            libraries: |
+              - name: ArduinoBearSSL
           # Nano ESP32
           - board:
               type: arduino_esp32
             platforms: |
               # Install arduino_esp32 platform via Boards Manager
               - name: arduino:esp32
             libraries: |
+              - name: ArduinoBearSSL
               - name: Arduino_ESP32_OTA
             sketch-paths: |
               - examples/ArduinoIoTCloud-DeferredOTA
@@ -257,6 +270,7 @@ jobs:
               - name: esp32:esp32
                 source-url: https://raw.githubusercontent.com/espressif/arduino-esp32/gh-pages/package_esp32_index.json
             libraries: |
+              - name: ArduinoBearSSL
               - name: Arduino_ESP32_OTA
             sketch-paths: |
               - examples/ArduinoIoTCloud-DeferredOTA

examples/ArduinoIoTCloud-AWS-Basic/ArduinoIoTCloud-AWS-Basic.ino

@@ -0,0 +1,138 @@
+/*
+  This sketch demonstrates how to exchange data between your board and the Arduino IoT Cloud.
+
+  * Connect a potentiometer (or other analog sensor) to A0.
+  * When the potentiometer (or sensor) value changes the data is sent to the Cloud.
+  * When you flip the switch in the Cloud dashboard the onboard LED lights gets turned ON or OFF.
+
+  IMPORTANT:
+  This sketch works with WiFi, GSM, NB, Ethernet and Lora enabled boards supported by Arduino IoT Cloud.
+  On a LoRa board, if it is configured as a class A device (default and preferred option),
+  values from Cloud dashboard are received only after a value is sent to Cloud.
+
+  The full list of compatible boards can be found here:
+   - https://github.com/arduino-libraries/ArduinoIoTCloud#what
+*/
+
+#include "thingProperties.h"
+
+unsigned long publishMillis = 0;
+unsigned long connectMillis = 0;
+
+void setup() {
+  /* Initialize serial and wait up to 5 seconds for port to open */
+  Serial.begin(9600);
+
+  /* Configure LED pin as an output */
+  pinMode(LED_BUILTIN, OUTPUT);
+
+  /* This function takes care of connecting your sketch variables to the ArduinoIoTCloud object */
+  initProperties();
+
+  /* Initialize Arduino IoT Cloud library */
+  ArduinoCloud.begin(ArduinoIoTPreferredConnection, true, "iot.arduino.cc");
+
+  setDebugMessageLevel(5);
+  ArduinoCloud.printDebugInfo();
+
+  /* Initialize AWS Client */
+  ArduinoBearSSL.onGetTime(getTime);
+  sslClientAWS.setEccSlot(AWS_SLOT, AWS_CERTIFICATE);
+
+  mqttClientAWS.setId("ArduinoAWSClient");
+  mqttClientAWS.onMessage(onMessageReceived);
+  mqttClientAWS.setConnectionTimeout(10 * 1000);
+  mqttClientAWS.setKeepAliveInterval(30 * 1000);
+  mqttClientAWS.setCleanSession(false);
+}
+
+void loop() {
+  ArduinoCloud.update();
+  potentiometer = analogRead(A0);
+  seconds = millis() / 1000;
+
+  if (!ArduinoCloud.connected()) {
+    return;
+  }
+
+  if (AWSIoTPreferredConnection.check() != NetworkConnectionState::CONNECTED) {
+    return;
+  }
+
+  if (!mqttClientAWS.connected()) {
+    if (millis() - connectMillis > 5000) {
+      connectMillis = millis();
+      // MQTT client is disconnected, connect
+      if (!connectMQTT()) {
+        return;
+      }
+    } else {
+      return;
+    }
+  }
+
+  // poll for new MQTT messages and send keep alive
+  mqttClientAWS.poll();
+
+  // publish a message roughly every 5 seconds.
+  if (millis() - publishMillis > 5000) {
+    publishMillis = millis();
+
+    publishMessage();
+  }
+}
+
+/*
+ * 'onLedChange' is called when the "led" property of your Thing changes
+ */
+void onLedChange() {
+  Serial.print("LED set to ");
+  Serial.println(led);
+  digitalWrite(LED_BUILTIN, led);
+}
+
+void onMessageReceived(int messageSize)
+{
+  // we received a message, print out the topic and contents
+  Serial.print("Received a message with topic '");
+  Serial.print(mqttClientAWS.messageTopic());
+  Serial.print("', length ");
+  Serial.print(messageSize);
+  Serial.println(" bytes:");
+
+  for (int i = 0; i < messageSize; i++) {
+    const char c = mqttClientAWS.read();
+    Serial.print(c);
+  }
+  Serial.println();
+}
+
+int connectMQTT() {
+  Serial.print("Attempting to connect to MQTT broker: ");
+  Serial.print(AWS_BROKER);
+  Serial.println(" ");
+
+  if (!mqttClientAWS.connect(AWS_BROKER, 8883)) {
+    // failed, retry
+    Serial.print(".");
+    return 0;
+  }
+  Serial.println();
+
+  Serial.println("You're connected to the MQTT broker");
+  Serial.println();
+
+  // subscribe to a topic
+  mqttClientAWS.subscribe("arduino/incoming");
+  return 1;
+}
+
+void publishMessage() {
+  Serial.println("Publishing message");
+
+  // send message, the Print interface can be used to set the message contents
+  mqttClientAWS.beginMessage("arduino/outgoing");
+  mqttClientAWS.print("hello ");
+  mqttClientAWS.print(millis());
+  mqttClientAWS.endMessage();
+}

examples/ArduinoIoTCloud-AWS-Basic/arduino_secrets.h

@@ -0,0 +1,25 @@
+#include <Arduino_ConnectionHandler.h>
+
+/* A complete list of supported boards with WiFi is available here:
+ * https://github.com/arduino-libraries/ArduinoIoTCloud/#what
+ */
+#if defined(BOARD_HAS_WIFI) && defined(USE_WIFI_CONNECTION)
+  #define SECRET_WIFI_SSID ""
+  #define SECRET_WIFI_PASS ""
+#endif
+
+/* Portenta H7 + Ethernet shield */
+#if defined(BOARD_HAS_ETHERNET) && defined(USE_ETHERNET_MANUAL_CONNECTION)
+  #define SECRET_ETH_OPTIONAL_IP ""
+  #define SECRET_ETH_OPTIONAL_DNS ""
+  #define SECRET_ETH_OPTIONAL_GATEWAY ""
+  #define SECRET_ETH_OPTIONAL_NETMASK ""
+#endif
+
+/* Portenta CAT.M1/NB IoT GNSS Shield */
+#if defined(BOARD_HAS_CATM1_NBIOT) && defined(USE_CATM1_NBIOT_CONNECTION)
+  #define SECRET_CATM_PIN ""
+  #define SECRET_CATM_APN ""
+  #define SECRET_CATM_LOGIN ""
+  #define SECRET_CATM_PASS ""
+#endif

examples/ArduinoIoTCloud-AWS-Basic/aws_config.h

@@ -0,0 +1,10 @@
+/* Fill in the hostname of your AWS IoT broker */
+#define AWS_BROKER ""
+
+#define AWS_SLOT 4
+
+/* Fill in the boards public certificate */
+const char AWS_CERTIFICATE[] = R"(
+-----BEGIN CERTIFICATE-----
+-----END CERTIFICATE-----
+)";

examples/ArduinoIoTCloud-AWS-Basic/thingProperties.h

@@ -0,0 +1,45 @@
+#include <ArduinoIoTCloud.h>
+#include <Arduino_ConnectionHandler.h>
+#include "aws_config.h"
+
+#if !(defined(BOARD_STM32H7))
+  #error "Please check Arduino IoT Cloud supported boards list: https://github.com/arduino-libraries/ArduinoIoTCloud/#what"
+#endif
+
+void onLedChange();
+
+bool led;
+int potentiometer;
+int seconds;
+
+void initProperties() {
+  ArduinoCloud.addProperty(led, Permission::Write).onUpdate(onLedChange);
+  ArduinoCloud.addProperty(potentiometer, Permission::Read).publishOnChange(10);
+  ArduinoCloud.addProperty(seconds, Permission::Read).publishOnChange(1);
+}
+
+//#define USE_ETHERNET_DHCP_CONNECTION
+//#define USE_ETHERNET_MANUAL_CONNECTION
+#define USE_WIFI_CONNECTION
+//#define USE_CATM1_NBIOT_CONNECTION
+
+#include "arduino_secrets.h"
+
+#if defined(BOARD_HAS_ETHERNET) && defined(USE_ETHERNET_CONNECTION)
+  /* DHCP mode */
+  EthernetConnectionHandler ArduinoIoTPreferredConnection;
+  EthernetConnectionHandler AWSIoTPreferredConnection;
+#elif defined(BOARD_HAS_ETHERNET) && defined(USE_ETHERNET_MANUAL_CONNECTION)
+  /* Manual mode. It will fallback in DHCP mode if SECRET_OPTIONAL_IP is invalid or equal to "0.0.0.0" */
+  EthernetConnectionHandler ArduinoIoTPreferredConnection(SECRET_ETH_OPTIONAL_IP, SECRET_ETH_OPTIONAL_DNS, SECRET_ETH_OPTIONAL_GATEWAY, SECRET_ETH_OPTIONAL_NETMASK);
+  EthernetConnectionHandler AWSIoTPreferredConnection(SECRET_ETH_OPTIONAL_IP, SECRET_ETH_OPTIONAL_DNS, SECRET_ETH_OPTIONAL_GATEWAY, SECRET_ETH_OPTIONAL_NETMASK);
+#elif defined(BOARD_HAS_WIFI) && defined(USE_WIFI_CONNECTION)
+  WiFiConnectionHandler ArduinoIoTPreferredConnection(SECRET_WIFI_SSID, SECRET_WIFI_PASS);
+  WiFiConnectionHandler AWSIoTPreferredConnection(SECRET_WIFI_SSID, SECRET_WIFI_PASS);
+#elif defined(BOARD_HAS_CATM1_NBIOT) && defined(USE_CATM1_NBIOT_CONNECTION)
+  CatM1ConnectionHandler ArduinoIoTPreferredConnection(SECRET_CATM_PIN, SECRET_CATM_APN, SECRET_CATM_LOGIN, SECRET_CATM_PASS);
+  CatM1ConnectionHandler AWSIoTPreferredConnection(SECRET_CATM_PIN, SECRET_CATM_APN, SECRET_CATM_LOGIN, SECRET_CATM_PASS);
+#endif
+
+BearSSLClient sslClientAWS(AWSIoTPreferredConnection.getClient());
+MqttClient mqttClientAWS(sslClientAWS);

examples/utility/SelfProvisioning/ECCX08Cert.cpp

@@ -22,7 +22,7 @@
 #include <ArduinoIoTCloud.h>
 #include <ArduinoECCX08.h>
 #include "ECCX08Cert.h"
-#include "tls/utility/SHA256.h"
+#include <SHA256.h>
 
 /******************************************************************************
  * DEFINE
@@ -188,13 +188,14 @@ String ECCX08CertClass::endCSR() {
   *out++ = 0xa0;
   *out++ = 0x00;
 
-  SHA256 sha256;
-  byte csrInfoSha256[64];
+  SHA256Class sha256;
+  byte csrInfoSha256[SHA256_DIGEST_SIZE];
   byte signature[64];
 
-  sha256.begin();
-  sha256.update(csrInfo, csrInfoHeaderLen + csrInfoLen);
-  sha256.finalize(csrInfoSha256);
+  sha256.beginHash();
+  sha256.write(csrInfo, csrInfoHeaderLen + csrInfoLen);
+  sha256.endHash();
+  sha256.readBytes(csrInfoSha256, SHA256_DIGEST_SIZE);
 
   if (!ECCX08.ecSign(_keySlot, csrInfoSha256, signature)) {
     return "";

src/ArduinoBearSSLConfig.h

@@ -0,0 +1,41 @@
+/*
+   This file is part of ArduinoIoTCloud.
+
+   Copyright 2024 ARDUINO SA (http://www.arduino.cc/)
+
+   This software is released under the GNU General Public License version 3,
+   which covers the main part of arduino-cli.
+   The terms of this license can be found at:
+   https://www.gnu.org/licenses/gpl-3.0.en.html
+
+   You can be released from the requirements of the above licenses by purchasing
+   a commercial license. Buying such a license is mandatory if you want to modify or
+   otherwise use the software for commercial activities involving the Arduino
+   software without disclosing the source code of your own applications. To purchase
+   a commercial license, send an email to [email protected].
+*/
+
+#ifndef ARDUINO_BEARSSL_CONFIG_H_
+#define ARDUINO_BEARSSL_CONFIG_H_
+
+/* Enabling this define allows the usage of ArduinoBearSSL without crypto chip. */
+//#define ARDUINO_DISABLE_ECCX08
+
+/* Enable/Disable global instances*/
+#define ARDUINO_BEARSSL_DISABLE_AES128
+#define ARDUINO_BEARSSL_DISABLE_DES
+#define ARDUINO_BEARSSL_DISABLE_MD5
+#define ARDUINO_BEARSSL_DISABLE_SHA1
+#define ARDUINO_BEARSSL_DISABLE_SHA256
+
+#define ARDUINO_BEARSSL_DISABLE_KEY_DECODER
+
+/* If uncommented profile should be configured using client.setProfile(...) */
+//#define ARDUINO_BEARSSL_DISABLE_FULL_CLIENT_PROFILE
+
+/* If uncommented TA should be configured via constructor */
+//#define ARDUINO_BEARSSL_DISABLE_BUILTIN_TRUST_ANCHORS
+
+#define BEAR_SSL_CLIENT_CHAIN_SIZE 1
+
+#endif /* ARDUINO_BEARSSL_CONFIG_H_ */