SecureElement: move functions to read/write certificate inside a dedicated ArduinoCloud utility class

Author: pennam

src/SecureElement.cpp

@@ -36,83 +36,6 @@ SecureElement::SecureElement()
  * PUBLIC MEMBER FUNCTIONS
  ******************************************************************************/
 
-int SecureElement::writeCert(ECP256Certificate & cert, const int certSlot)
-{
-#if defined(BOARD_HAS_SE050)
-  if (!_secureElement.writeSlot(certSlot, cert.bytes(), cert.length())) {
-    return 0;
-  }
-#else
-  if (!_secureElement.writeSlot(certSlot, cert.compressedCertSignatureAndDatesBytes(), cert.compressedCertSignatureAndDatesLength())) {
-    return 0;
-  }
-
-  if (!_secureElement.writeSlot(certSlot + 1, cert.compressedCertSerialAndAuthorityKeyIdBytes(), cert.compressedCertSerialAndAuthorityKeyIdLenght())) {
-    return 0;
-  }
-
-  if (!_secureElement.writeSlot(certSlot + 2, cert.subjectCommonNameBytes(), cert.subjectCommonNameLenght())) {
-    return 0;
-  }
-#endif
-  return 1;
-}
-
-int SecureElement::readCert(ECP256Certificate & cert, const int certSlot, const int keySlot)
-{
-#if defined(BOARD_HAS_SE050)
-  byte derBuffer[SE_CERT_BUFFER_LENGTH];
-  size_t derLen;
-  if (!_secureElement.readBinaryObject(certSlot, derBuffer, sizeof(derBuffer), &derLen)) {
-    return 0;
-  }
-
-  if (!cert.importCert(derBuffer, derLen)) {
-    return 0;
-  }
-#else
-  String deviceId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx";
-  byte publicKey[ECP256_CERT_PUBLIC_KEY_LENGTH];
-
-  cert.begin();
-
-  if (!_secureElement.readSlot(certSlot, cert.compressedCertSignatureAndDatesBytes(), cert.compressedCertSignatureAndDatesLength())) {
-    return 0;
-  }
-
-  if (!_secureElement.readSlot(certSlot + 1, cert.compressedCertSerialAndAuthorityKeyIdBytes(), cert.compressedCertSerialAndAuthorityKeyIdLenght())) {
-    return 0;
-  }
-
-  if (!_secureElement.readSlot(certSlot + 2, (byte*)deviceId.begin(), deviceId.length())) {
-    return 0;
-  }
-
-  if (!_secureElement.generatePublicKey(keySlot, publicKey)) {
-    return 0;
-  }
-
-  cert.setSubjectCommonName(deviceId);
-  cert.setIssuerCountryName("US");
-  cert.setIssuerOrganizationName("Arduino LLC US");
-  cert.setIssuerOrganizationalUnitName("IT");
-  cert.setIssuerCommonName("Arduino");
-
-  if (!cert.setPublicKey(publicKey, ECP256_CERT_PUBLIC_KEY_LENGTH)) {
-    return 0;
-  }
-
-  if (!cert.buildCert()) {
-    return 0;
-  }
-
-  if (!cert.signCert()) {
-    return 0;
-  }
-#endif
-  return 1;
-}
-
 int SecureElement::SHA256(const uint8_t *buffer, size_t size, uint8_t *digest)
 {
 #if defined(SECURE_ELEMENT_IS_SOFTSE)

src/utility/SElementArduinoCloud.h

@@ -0,0 +1,36 @@
+/*
+  This file is part of the Arduino_SecureElement library.
+
+  Copyright (c) 2024 Arduino SA
+
+  This Source Code Form is subject to the terms of the Mozilla Public
+  License, v. 2.0. If a copy of the MPL was not distributed with this
+  file, You can obtain one at http://mozilla.org/MPL/2.0/.
+*/
+
+#ifndef SECURE_ELEMENT_ARDUINO_CLOUD_H_
+#define SECURE_ELEMENT_ARDUINO_CLOUD_H_
+
+#include <Arduino_SecureElement.h>
+
+/******************************************************************************
+ * DEFINE
+ ******************************************************************************/
+#if defined(SECURE_ELEMENT_IS_SE050)
+#define SECURE_ELEMENT_SLOT_OFFSET                100
+#else
+#define SECURE_ELEMENT_SLOT_OFFSET                0
+#endif
+
+/******************************************************************************
+   TYPEDEF
+ ******************************************************************************/
+enum class SElementArduinoCloudSlot : int
+{
+  Key                                   = (0  + SECURE_ELEMENT_SLOT_OFFSET),
+  CompressedCertificate                 = (10 + SECURE_ELEMENT_SLOT_OFFSET),
+  SerialNumberAndAuthorityKeyIdentifier = (11 + SECURE_ELEMENT_SLOT_OFFSET),
+  DeviceId                              = (12 + SECURE_ELEMENT_SLOT_OFFSET)
+};
+
+#endif /* SECURE_ELEMENT_ARDUINO_CLOUD_H_ */

src/utility/SElementArduinoCloudCertificate.cpp

@@ -0,0 +1,95 @@
+/*
+  This file is part of the Arduino_SecureElement library.
+
+  Copyright (c) 2024 Arduino SA
+
+  This Source Code Form is subject to the terms of the Mozilla Public
+  License, v. 2.0. If a copy of the MPL was not distributed with this
+  file, You can obtain one at http://mozilla.org/MPL/2.0/.
+*/
+
+/******************************************************************************
+ * INCLUDE
+ ******************************************************************************/
+
+#include <utility/SElementArduinoCloudCertificate.h>
+
+int SElementArduinoCloudCertificate::write(SecureElement & se, ECP256Certificate & cert, const SElementArduinoCloudSlot certSlot)
+{
+#if defined(SECURE_ELEMENT_IS_SE050) || defined(SECURE_ELEMENT_IS_SOFTSE)
+  if (!se.writeSlot(static_cast<int>(certSlot), cert.bytes(), cert.length())) {
+    return 0;
+  }
+#else
+  if (!se.writeSlot(static_cast<int>(certSlot), cert.compressedCertSignatureAndDatesBytes(), cert.compressedCertSignatureAndDatesLength())) {
+    return 0;
+  }
+
+  if (!se.writeSlot(static_cast<int>(certSlot) + 1, cert.compressedCertSerialAndAuthorityKeyIdBytes(), cert.compressedCertSerialAndAuthorityKeyIdLenght())) {
+    return 0;
+  }
+
+  if (!se.writeSlot(static_cast<int>(certSlot) + 2, cert.subjectCommonNameBytes(), cert.subjectCommonNameLenght())) {
+    return 0;
+  }
+#endif
+  return 1;
+}
+
+int SElementArduinoCloudCertificate::read(SecureElement & se, ECP256Certificate & cert, const SElementArduinoCloudSlot certSlot, const SElementArduinoCloudSlot keySlot)
+{
+#if defined(SECURE_ELEMENT_IS_SE050) || defined(SECURE_ELEMENT_IS_SOFTSE)
+  byte derBuffer[SE_CERT_BUFFER_LENGTH];
+  size_t derLen;
+  if (!se.readSlot(static_cast<int>(certSlot), derBuffer, sizeof(derBuffer))) {
+    return 0;
+  }
+
+  derLen = (derBuffer[2] << 8 | derBuffer[3]) + 4;
+  Serial.print("derLen:");
+  Serial.println(derLen);
+  if (!cert.importCert(derBuffer, derLen)) {
+    return 0;
+  }
+#else
+  String deviceId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx";
+  byte publicKey[ECP256_CERT_PUBLIC_KEY_LENGTH];
+
+  cert.begin();
+
+  if (!se.readSlot(static_cast<int>(certSlot), cert.compressedCertSignatureAndDatesBytes(), cert.compressedCertSignatureAndDatesLength())) {
+    return 0;
+  }
+
+  if (!se.readSlot(static_cast<int>(certSlot) + 1, cert.compressedCertSerialAndAuthorityKeyIdBytes(), cert.compressedCertSerialAndAuthorityKeyIdLenght())) {
+    return 0;
+  }
+
+  if (!se.readSlot(static_cast<int>(certSlot) + 2, (byte*)deviceId.begin(), deviceId.length())) {
+    return 0;
+  }
+
+  if (!se.generatePublicKey(static_cast<int>(keySlot), publicKey)) {
+    return 0;
+  }
+
+  cert.setSubjectCommonName(deviceId);
+  cert.setIssuerCountryName("US");
+  cert.setIssuerOrganizationName("Arduino LLC US");
+  cert.setIssuerOrganizationalUnitName("IT");
+  cert.setIssuerCommonName("Arduino");
+
+  if (!cert.setPublicKey(publicKey, ECP256_CERT_PUBLIC_KEY_LENGTH)) {
+    return 0;
+  }
+
+  if (!cert.buildCert()) {
+    return 0;
+  }
+
+  if (!cert.signCert()) {
+    return 0;
+  }
+#endif
+  return 1;
+}

src/utility/SElementArduinoCloudCertificate.h

@@ -0,0 +1,34 @@
+/*
+  This file is part of the Arduino_SecureElement library.
+
+  Copyright (c) 2024 Arduino SA
+
+  This Source Code Form is subject to the terms of the Mozilla Public
+  License, v. 2.0. If a copy of the MPL was not distributed with this
+  file, You can obtain one at http://mozilla.org/MPL/2.0/.
+*/
+
+#ifndef SECURE_ELEMENT_ARDUINO_CLOUD_CERTIFICATE_H_
+#define SECURE_ELEMENT_ARDUINO_CLOUD_CERTIFICATE_H_
+
+/******************************************************************************
+ * INCLUDE
+ ******************************************************************************/
+
+#include <utility/SElementCertificate.h>
+#include <utility/SElementArduinoCloud.h>
+
+ /******************************************************************************
+ * CLASS DECLARATION
+ ******************************************************************************/
+
+class SElementArduinoCloudCertificate : public SElementCertificate
+{
+public:
+
+  static int write(SecureElement & se, ECP256Certificate & cert, const SElementArduinoCloudSlot certSlot);
+  static int read(SecureElement & se, ECP256Certificate & cert, const SElementArduinoCloudSlot certSlot, const SElementArduinoCloudSlot keySlot = SElementArduinoCloudSlot::Key);
+
+};
+
+#endif /* SECURE_ELEMENT_ARDUINO_CLOUD_CERTIFICATE_H_ */