From 32eec1d4294826cfa2a70a1cc7ebf40bf67ec205 Mon Sep 17 00:00:00 2001 From: Alberto Panu Date: Fri, 7 Feb 2020 00:50:32 +0100 Subject: [PATCH 1/5] Tested the library with TI Tiva C TM4C1294 I have tested the lib on EK-TM4C1294XL Tiva C evaluation board and it works. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 027f60f..1576632 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ You can also view this README in [doxygen](https://openslab-osu.github.io/SSLCli SSLClient is a simple library to add [TLS 1.2](https://www.websecurity.symantec.com/security-topics/what-is-ssl-tls-https) functionality to any network library implementing the [Arduino Client interface](https://www.arduino.cc/en/Reference/ClientConstructor), including the Arduino [EthernetClient](https://www.arduino.cc/en/Reference/EthernetClient) and [WiFiClient](https://www.arduino.cc/en/Reference/WiFiClient) classes (though it is better to prefer WiFClient.connectSSL if implemented). In other words, SSLClient implements encrypted communication through SSL on devices that do not otherwise support it. -SSLClient has been tested on the SAMD21, ESP32, and STM32 (in progress). SSClient does not currently support the ESP8266 (see [this issue](https://github.com/OPEnSLab-OSU/SSLClient/issues/5#issuecomment-569968546)). +SSLClient has been tested on the SAMD21, ESP32, TIVA C, and STM32 (in progress). SSClient does not currently support the ESP8266 (see [this issue](https://github.com/OPEnSLab-OSU/SSLClient/issues/5#issuecomment-569968546)). ## Overview From eeeb385e33b0d20096a9728cad37e9ba1a4f0145 Mon Sep 17 00:00:00 2001 From: Alberto Panu Date: Fri, 7 Feb 2020 01:08:21 +0100 Subject: [PATCH 2/5] Added tivac architecture --- .travis/library.properties | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.travis/library.properties b/.travis/library.properties index 3bc0cad..a69a9fe 100644 --- a/.travis/library.properties +++ b/.travis/library.properties @@ -6,7 +6,7 @@ sentence=Arduino library to add SSL functionality to any Client class paragraph=including the Arduino EthernetClient and WiFiClient classes (though it is better to prefer WiFClient.connectSSL if implemented). In other words, SSLClient implements encrypted communication through SSL on devices that do not otherwise support it. category=Communication url=https://github.com/OPEnSLab-OSU/SSLClient -architectures=samd +architectures=samd,tivac includes=SSLClient.h precompiled=true -ldflags=-lSSLClient \ No newline at end of file +ldflags=-lSSLClient From 8b554f21451f961e79f3e2ebd2b2bb48e9d0d03f Mon Sep 17 00:00:00 2001 From: Alberto Panu Date: Fri, 7 Feb 2020 01:09:08 +0100 Subject: [PATCH 3/5] Added tivac architecture --- library.properties | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library.properties b/library.properties index e345065..abaccf9 100644 --- a/library.properties +++ b/library.properties @@ -6,6 +6,6 @@ sentence=Arduino library to add SSL functionality to any Client class paragraph=including the Arduino EthernetClient and WiFiClient classes (though it is better to prefer WiFClient.connectSSL if implemented). In other words, SSLClient implements encrypted communication through SSL on devices that do not otherwise support it. category=Communication url=https://github.com/OPEnSLab-OSU/SSLClient -architectures=samd +architectures=samd,tivac includes=SSLClient.h -dot_a_linkage=true \ No newline at end of file +dot_a_linkage=true From 65eb61d27c9cda8b90f430b4301ca99c8fb23628 Mon Sep 17 00:00:00 2001 From: Alberto Panu Date: Fri, 7 Feb 2020 01:15:34 +0100 Subject: [PATCH 4/5] Added sample for Texas Instruments Tiva C TM4C1294 Tested on EK-TM4C1294XL board with Energia 1.8.11E23 --- .../EthernetHTTPStivac/EthernetHTTPStivac.ino | 161 ++++++++++++++++++ 1 file changed, 161 insertions(+) create mode 100644 examples/EthernetHTTPStivac/EthernetHTTPStivac.ino diff --git a/examples/EthernetHTTPStivac/EthernetHTTPStivac.ino b/examples/EthernetHTTPStivac/EthernetHTTPStivac.ino new file mode 100644 index 0000000..b1f52da --- /dev/null +++ b/examples/EthernetHTTPStivac/EthernetHTTPStivac.ino @@ -0,0 +1,161 @@ +/* + Web client + + This sketch connects to a website (http://www.arduino.cc/asciilogo.txt) + using an Arduino Wiznet Ethernet shield. + + Circuit: + * Ethernet shield attached to pins 10, 11, 12, 13 + + created 18 Dec 2009 + by David A. Mellis + modified 9 Apr 2012 + by Noah Koontz, based on work by Adrian McEwen and Tom Igoe + + */ + + // NOTE: This example REQUIRES the EthernetLarge library. + // You can get it here: https://github.com/OPEnSLab-OSU/EthernetLarge + +#include +//#include +#include "Ethernet.h" +#include +#include "trust_anchors.h" + +#define BUFFLEN 80 + +// Enter a MAC address for your controller below. +// Newer Ethernet shields have a MAC address printed on a sticker on the shield +// byte mac[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED }; +// With Tiva C the mac address could be changed with LM Flash Programmer + +// if you don't want to use DNS (and reduce your sketch size) +// use the numeric IP instead of the name for the server: +//IPAddress server(54,85,55,79); // numeric IP for Google (no DNS) +const char server[] = "www.arduino.cc"; // name address for Arduino (using DNS) +const char server_host[] = "www.arduino.cc"; // leave this alone, change only above two + +// Set the static IP address to use if the DHCP fails to assign +IPAddress ip(192,168,2,177); +IPAddress myDns(8, 8, 8, 8); +IPAddress gw = IPAddress(192,168,2,1); +IPAddress mask = IPAddress(255,255,255,0); + +// Choose the analog pin to get semi-random data from for SSL +// Pick a pin that's not connected or attached to a randomish voltage source +const int rand_pin = A5; + +// Initialize the SSL client library +// We input an EthernetClient, our trust anchors, and the analog pin +EthernetClient base_client; +SSLClient client(base_client, TAs, (size_t)TAs_NUM, rand_pin); +// Variables to measure the speed +unsigned long beginMicros, endMicros; +unsigned long byteCount = 0; +bool printWebData = true; // set to false for better speed measurement + +void setup() { + // You can use Ethernet.init(pin) to configure the CS pin + //Ethernet.init(10); // Most Arduino shields + //Ethernet.init(5); // MKR ETH shield + //Ethernet.init(0); // Teensy 2.0 + //Ethernet.init(20); // Teensy++ 2.0 + //Ethernet.init(15); // ESP8266 with Adafruit Featherwing Ethernet + //Ethernet.init(33); // ESP32 with Adafruit Featherwing Ethernet + + // Open serial communications and wait for port to open: + Serial.begin(115200); + while (!Serial) { + ; // wait for serial port to connect. Needed for native USB port only + } + + // start the Ethernet connection: + Serial.println(F("Initialize Ethernet with DHCP:")); + //if (Ethernet.begin(mac) == 0) { + if (Ethernet.begin(0) == 0) { + Serial.println(F("Failed to configure Ethernet using DHCP")); + // Check for Ethernet hardware present +/* if (Ethernet.hardwareStatus() == EthernetNoHardware) { + Serial.println("Ethernet shield was not found. Sorry, can't run without hardware. :("); + while (true) { + delay(1); // do nothing, no point running without Ethernet hardware + } + }*/ +/* if (Ethernet.linkStatus() == LinkOFF) { + Serial.println("Ethernet cable is not connected."); + }*/ + // try to configure using IP address instead of DHCP: + //Ethernet.begin(mac, ip, myDns); + Ethernet.begin(0, ip, myDns, gw, mask); + } else { + Serial.print(F(" DHCP assigned IP ")); + Serial.println(Ethernet.localIP()); + } + // give the Ethernet shield a second to initialize: + delay(2000); + + Serial.print(F("connecting to ")); + Serial.print(server); + Serial.println(F("...")); + + // if you get a connection, report back via serial: + auto start = millis(); + // specify the server and port, 443 is the standard port for HTTPS + if (client.connect(server, 443)) { + auto time = millis() - start; + Serial.print(F("Took: ")); + Serial.println(time); + // Make a HTTP request: + client.println(F("GET /asciilogo.txt HTTP/1.1")); + client.println(F("User-Agent: SSLClientOverEthernet")); + client.print(F("Host: ")); + client.println(server_host); + client.println(F("Connection: close")); + client.println(); + } else { + // if you didn't get a connection to the server: + Serial.println(F("connection failed")); + } + beginMicros = micros(); +} + +void loop() { + // if there are incoming bytes available + // from the server, read them and print them: + int len = client.available(); + while (len > 0) { + //if (len > 0) { + byte buffer[BUFFLEN]; + if (len > BUFFLEN) len = BUFFLEN; + client.read(buffer, len); + if (printWebData) { + Serial.write(buffer, len); // show in the serial monitor (slows some boards) + } + byteCount = byteCount + len; + len = client.available(); + } + + // if the server's disconnected, stop the client: + if (!client.connected()) { + endMicros = micros(); + Serial.println(); + Serial.println(F("disconnecting.")); + client.stop(); + Serial.print(F("Received ")); + Serial.print(byteCount); + Serial.print(F(" bytes in ")); + float seconds = (float)(endMicros - beginMicros) / 1000000.0; + Serial.print(seconds, 4); + float rate = (float)byteCount / seconds / 1000.0; + Serial.print(F(", rate = ")); + Serial.print(rate); + Serial.print(F(" kbytes/second")); + Serial.println(); + + // do nothing forevermore: + while (true) { + delay(1); + } + } +} From 39e5211178cdf20717e20a66363b95038e7a055f Mon Sep 17 00:00:00 2001 From: Alberto Panu Date: Fri, 7 Feb 2020 01:16:08 +0100 Subject: [PATCH 5/5] Create trust_anchors.h --- examples/EthernetHTTPStivac/trust_anchors.h | 80 +++++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100644 examples/EthernetHTTPStivac/trust_anchors.h diff --git a/examples/EthernetHTTPStivac/trust_anchors.h b/examples/EthernetHTTPStivac/trust_anchors.h new file mode 100644 index 0000000..c456e9b --- /dev/null +++ b/examples/EthernetHTTPStivac/trust_anchors.h @@ -0,0 +1,80 @@ +#ifndef _CERTIFICATES_H_ +#define _CERTIFICATES_H_ + +#ifdef __cplusplus +extern "C" +{ +#endif + +/* This file is auto-generated by the pycert_bearssl tool. Do not change it manually. + * Certificates are BearSSL br_x509_trust_anchor format. Included certs: + * + * Index: 0 + * Label: AddTrust External CA Root + * Subject: C=SE,O=AddTrust AB,OU=AddTrust External TTP Network,CN=AddTrust External CA Root + * Domain(s): www.arduino.cc + */ + +#define TAs_NUM 1 + +static const unsigned char TA_DN0[] = { + 0x30, 0x6f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, + 0x02, 0x53, 0x45, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, + 0x13, 0x0b, 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x41, + 0x42, 0x31, 0x26, 0x30, 0x24, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1d, + 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x45, 0x78, 0x74, + 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x20, 0x54, 0x54, 0x50, 0x20, 0x4e, 0x65, + 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, + 0x04, 0x03, 0x13, 0x19, 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, + 0x20, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x20, 0x43, 0x41, + 0x20, 0x52, 0x6f, 0x6f, 0x74, +}; + +static const unsigned char TA_RSA_N0[] = { + 0xb7, 0xf7, 0x1a, 0x33, 0xe6, 0xf2, 0x00, 0x04, 0x2d, 0x39, 0xe0, 0x4e, + 0x5b, 0xed, 0x1f, 0xbc, 0x6c, 0x0f, 0xcd, 0xb5, 0xfa, 0x23, 0xb6, 0xce, + 0xde, 0x9b, 0x11, 0x33, 0x97, 0xa4, 0x29, 0x4c, 0x7d, 0x93, 0x9f, 0xbd, + 0x4a, 0xbc, 0x93, 0xed, 0x03, 0x1a, 0xe3, 0x8f, 0xcf, 0xe5, 0x6d, 0x50, + 0x5a, 0xd6, 0x97, 0x29, 0x94, 0x5a, 0x80, 0xb0, 0x49, 0x7a, 0xdb, 0x2e, + 0x95, 0xfd, 0xb8, 0xca, 0xbf, 0x37, 0x38, 0x2d, 0x1e, 0x3e, 0x91, 0x41, + 0xad, 0x70, 0x56, 0xc7, 0xf0, 0x4f, 0x3f, 0xe8, 0x32, 0x9e, 0x74, 0xca, + 0xc8, 0x90, 0x54, 0xe9, 0xc6, 0x5f, 0x0f, 0x78, 0x9d, 0x9a, 0x40, 0x3c, + 0x0e, 0xac, 0x61, 0xaa, 0x5e, 0x14, 0x8f, 0x9e, 0x87, 0xa1, 0x6a, 0x50, + 0xdc, 0xd7, 0x9a, 0x4e, 0xaf, 0x05, 0xb3, 0xa6, 0x71, 0x94, 0x9c, 0x71, + 0xb3, 0x50, 0x60, 0x0a, 0xc7, 0x13, 0x9d, 0x38, 0x07, 0x86, 0x02, 0xa8, + 0xe9, 0xa8, 0x69, 0x26, 0x18, 0x90, 0xab, 0x4c, 0xb0, 0x4f, 0x23, 0xab, + 0x3a, 0x4f, 0x84, 0xd8, 0xdf, 0xce, 0x9f, 0xe1, 0x69, 0x6f, 0xbb, 0xd7, + 0x42, 0xd7, 0x6b, 0x44, 0xe4, 0xc7, 0xad, 0xee, 0x6d, 0x41, 0x5f, 0x72, + 0x5a, 0x71, 0x08, 0x37, 0xb3, 0x79, 0x65, 0xa4, 0x59, 0xa0, 0x94, 0x37, + 0xf7, 0x00, 0x2f, 0x0d, 0xc2, 0x92, 0x72, 0xda, 0xd0, 0x38, 0x72, 0xdb, + 0x14, 0xa8, 0x45, 0xc4, 0x5d, 0x2a, 0x7d, 0xb7, 0xb4, 0xd6, 0xc4, 0xee, + 0xac, 0xcd, 0x13, 0x44, 0xb7, 0xc9, 0x2b, 0xdd, 0x43, 0x00, 0x25, 0xfa, + 0x61, 0xb9, 0x69, 0x6a, 0x58, 0x23, 0x11, 0xb7, 0xa7, 0x33, 0x8f, 0x56, + 0x75, 0x59, 0xf5, 0xcd, 0x29, 0xd7, 0x46, 0xb7, 0x0a, 0x2b, 0x65, 0xb6, + 0xd3, 0x42, 0x6f, 0x15, 0xb2, 0xb8, 0x7b, 0xfb, 0xef, 0xe9, 0x5d, 0x53, + 0xd5, 0x34, 0x5a, 0x27, +}; + +static const unsigned char TA_RSA_E0[] = { + 0x01, 0x00, 0x01, +}; + +static const br_x509_trust_anchor TAs[] = { + { + { (unsigned char *)TA_DN0, sizeof TA_DN0 }, + BR_X509_TA_CA, + { + BR_KEYTYPE_RSA, + { .rsa = { + (unsigned char *)TA_RSA_N0, sizeof TA_RSA_N0, + (unsigned char *)TA_RSA_E0, sizeof TA_RSA_E0, + } } + } + }, +}; + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* ifndef _CERTIFICATES_H_ */