Port of BearSSL to Arduino

Overview

ArduinoBearSSL

Compile Examples status Check Arduino status Spell Check status

Port of BearSSL to Arduino.

This library depends on ArduinoECCX08. This dependency could be disabled by defining ARDUINO_DISABLE_ECCX08 in ArduinoBearSSLConfig.h (see examples).

License

Copyright (c) 2018 Arduino SA. All rights reserved.

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Issues
  • Add ARDUINO_DISABLE_ECCX08

    Add ARDUINO_DISABLE_ECCX08

    This new compilation flag can be set through ArduinoBearSSLConfig.h and will allow the user to use ArduinoBearSSL without ECCX08.

    Indeed, the cryptographic operations could be done through the default software implementation or offloaded to another secure element such as an applet compliant with the GSMA IoT SAFE standard.

    Signed-off-by: Fabrice Fontaine [email protected]

    opened by ffontaine 30
  • Add support for not sending any SNI

    Add support for not sending any SNI

    Add support for not sending Server Name Indication even when host is a DNS name.

    This PR paves the way for supporting TLS servers with home-made/self-created PKI CAs and no SNI extension in server certificate.

    This PR has been tested on an Arduino MKR WiFi 1000 and an Arduino MKR WiFi 1010 connected to an in-house MQTT/S broker (mosquitto) with TLS support configured with security files generated via an in-house EasyRSA instance.

    The Arduino boards have been programmed with the AWS_IoT_WiFi.ino sketch.

    Certificates generation steps:

    • the certificate signing requests (CSRs) have been generated with the standard ArduinoECCX08 CSR tool
    • the CSRs have been signed with the in-house EasyRSA to generate the client certificates for the Arduino boards
    • the generated certificates have been added to the sketches.
    opened by manchoz 11
  • Enable setting client certificate parent

    Enable setting client certificate parent

    This is similar to #39 in that it enables setting the parent certificate of a client certificate, but the difference to #39 is that it works when the client certificate private key is using an ECC508/608 key slot.

    This change is based from #43 and with these two changes it makes it possible to use AWS JITP with an Arduino Nano 33 IoT with the private key stored in the ATECC608A.

    opened by torntrousers 7
  • Use two buffers instead of one buffer in split mode

    Use two buffers instead of one buffer in split mode

    Use two dedicated buffers for input and output instead of split mode, indeed some MQTT server (especially with TLS) needs a full 8k buffer as they send their Certificate Chain. On the other hand, on output, a 1k buffer seems to be enough

    Signed-off-by: Fabrice Fontaine [email protected]

    type: enhancement 
    opened by ffontaine 7
  • Add new API to set private key (and public certificate) for client based authentication

    Add new API to set private key (and public certificate) for client based authentication

    This pull request adds the following:

    • New API to set private key (and public certificate) for client based authentication
    • Adds the DigitCertGlobalRootCA as trust anchor

    Some IoT cloud providers do not support either:

    1. Elliptic Curve Cryptography (ECC)
    2. Generating a public certificate from a CSR

    This pull request would allow users to specify their own private key (RSA or ECC) and public certification in PEM format using:

    const char SECRET_CERTIFICATE[] = R"(
    -----BEGIN CERTIFICATE-----
    // ...
    -----END CERTIFICATE-----
    )";
    
    const char SECRET_KEY[] = R"(
    -----BEGIN RSA PRIVATE KEY-----
    ...
    -----END RSA PRIVATE KEY-----
    )";
    
    // ...
    sslClient.setKey(SECRET_KEY, SECRET_CERTIFICATE);
    

    They would also still be able leverage the TNG feature of the ECCX08 crypto chip with this library.

    Please let me know if you have any questions, or comments regarding the proposed changes.

    cc/ @skye0402

    type: enhancement 
    opened by sandeepmistry 4
  • Works with 1.5.0, not with 1.6.0

    Works with 1.5.0, not with 1.6.0

    I'm using ArduinoBearSSL to connect to server with TLS and its works with the 1.5.0 release butnot with the 1.6.0 release. Going back through the commits trying each it breaks with this change: https://github.com/arduino-libraries/ArduinoBearSSL/pull/31

    The server does have a certificate with an ECDSA key.

    Is there some bug, or am I suppose to explicitly call setEccVrfy/setEccSign now? And if so what would the arg be?

    type: imperfection 
    opened by torntrousers 4
  • failed to send a long data ( > 512bytes )

    failed to send a long data ( > 512bytes )

    Hello team,

    I failed to send a long data(> 512bytes), using BearSSLClient::write(const uint8_t *buf, size_t size)

    Suppose that buf stored 600 bytes data and br_sslio_write() could send 512 bytes at maximum each call.

    Call write(buf, 600)

    Expected behavior write() sends 600 bytes and returns 600

    Current behavior write() sends 1024 bytes and returns 1024

    Detail:

    1. User calls write(buf, 600)
    2. First time execution in the while loop
      • br_sslio_write() sends 512 bytes from &buf[0] and returns 512, buf points at &buf[512], written = 512
    3. written < size is true
    4. Second time execution in the while loop
      • br_sslio_write() sends 512 bytes from &buf[512] and returns 512, buf points at &buf[1024], written = 1024
    5. written < size is false and escaping from the loop
    6. write() returns 1024

    To fix this issue, I'd like to change here from:
    int result = br_sslio_write(&_ioc, buf, size); to:
    int result = br_sslio_write(&_ioc, buf, size - written);

    type: imperfection conclusion: resolved topic: code 
    opened by etakata 3
  • Bump actions/checkout from 2 to 2.3.4

    Bump actions/checkout from 2 to 2.3.4

    Bumps actions/checkout from 2 to 2.3.4.

    Release notes

    Sourced from actions/checkout's releases.

    v2.3.4

    v2.3.3

    v2.3.2

    Add Third Party License Information to Dist Files

    v2.3.1

    Fix default branch resolution for .wiki and when using SSH

    v2.3.0

    Fallback to the default branch

    v2.2.0

    Fetch all history for all tags and branches when fetch-depth=0

    v2.1.1

    Changes to support GHES (here and here)

    v2.1.0

    Changelog

    Sourced from actions/checkout's changelog.

    Changelog

    v2.3.1

    v2.3.0

    v2.2.0

    v2.1.1

    • Changes to support GHES (here and here)

    v2.1.0

    v2.0.0

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    topic: infrastructure 
    opened by dependabot[bot] 3
  • Making ArduinoECCX08 optional ?

    Making ArduinoECCX08 optional ?

    I'm opening this issue to know if it would be possible to make ArduinoECCX08 optional?

    Indeed, I'm currently using ArduinoBearSSL on an Arduino MKR NB 1500 but without using the ArduinoECCX08 (thanks to setEccVrfy, setEccSign, etc.). I'm planning to continue to use ArduinoBearSSL on a STM32 board so I made some modifications to protect all the ArduinoECC08 specific code by ifndef ARDUINO_DISABLE_ECCX08. Ideally, I would like to upstream this modification but I'm not sure if it makes sense for you and I don't know if there is a standard way to declare or manage optional dependency in the Arduino world (i.e. if Arduino was autotools/cmake/meson based, I would declare an option such as --disable-eccx08).

    opened by ffontaine 3
  • Custom CA certificate

    Custom CA certificate

    I'm trying to use ArduinoBearSSL on an Arduino Nano 33 IoT board to talk to a server that requires mutual TLS, but can't get it to work. I'm guessing its because the server is using a custom certificate which ArduinoBearSSL doesn't know about.

    I've tried using setInsecure(BearSSLClient::SNI::Insecure) but that I think must also disables presenting the client certificate thats set with sslClient.setEccSlot call, so the TLS connection still fails.

    How can I set a custom CA certificate? Is there any API to do that?

    TIA!

    opened by torntrousers 3
  •   sslClient.setInsecure(BearSSLClient::SNI::Insecure);

    sslClient.setInsecure(BearSSLClient::SNI::Insecure);

    Good day,

    We are developing an Arduino based device that sends an https post to a server. We use the Arduino MKR Zero and an ethernet shield. When we use this function:

    sslClient.setInsecure(BearSSLClient::SNI::Insecure);

    We get this error when the compilation is done:

    'class BearSSLClient' has no member named 'setInsecure'

    Do you know what could be the origin of this error?

    opened by TheEngineer2020 3
  • No Documentation or Forum Support for libary

    No Documentation or Forum Support for libary

    Besides the canned examples (in another libary) there is no documentation how to use the library or support in the forum.

    BearSSL reference is not a 1 for 1 match for the functions in this library so it can not be readily referenced.

    Some basic documentation or usable references would be helpful.

    Thanks

    Bruce

    type: imperfection topic: documentation 
    opened by bvernham 1
  • Missing data at the end of a read

    Missing data at the end of a read

    Here the connection might already by closed but there may still be data available in the client's buffer. To work correctly, it should be changed to

    return c->read(buf, len);

    type: imperfection 
    opened by Jeroen88 1
  • Support for ATECC608A-TNGTLS thumbprint certificate

    Support for ATECC608A-TNGTLS thumbprint certificate

    Hello Team,

    The ATECC608B-TNGTLS comes pre-configured and pre-provisioned with default thumbprint certificates and keys which can be used the cloud infrastructure would not require verification of the thumbprint certificate by a certificate authority. Can ArduinoBearSSL along with ArduinoECCX08 leverage this functionality eliminating the need to create a CSR ( coming from this tutorial ) and register it with AWS using Multi-Account Registration?

    opened by gannaramu 3
  • undefined reference to `_gettimeofday' when compiling on a Teensy4.0

    undefined reference to `_gettimeofday' when compiling on a Teensy4.0

    I keep getting undefined reference to `_gettimeofday issue when importing the ArduinoBearSSL library.

    undefined reference to `_gettimeofday'

    Linking .pio\build\teensy40\firmware.elf
    c:/users/ganna/.platformio/packages/toolchain-gccarmnoneeabi/bin/../lib/gcc/arm-none-eabi/5.4.1/../../../../arm-none-eabi/lib/armv7e-m/fpu/fpv5-d16\libc.a(lib_a-gettimeofdayr.o): In function `_gettimeofday_r':
    gettimeofdayr.c:(.text._gettimeofday_r+0x10): undefined reference to `_gettimeofday'
    collect2.exe: error: ld returned 1 exit status
    *** [.pio\build\teensy40\firmware.elf] Error 1
    

    the fix mentioned https://github.com/arduino/Arduino/issues/9413 seems to solve it.

    But wanted to understand the reason for this issue? any help is appreciated.

    Thanks

    opened by gannaramu 6
  • Handshake SSL Certificate

    Handshake SSL Certificate

    hello friend how can I use this function so that it recevies Auto handshake without certificate??? exp : when using class esp8266secure can get data handshake & its dosent need cert.h class or function & gets the certificate automaticaly the same as chrome browser when searching the web site thx

    opened by elexal 0
  • RSA support

    RSA support

    Digital Signatures are a very big need and they usually rely in PKCS1.5 algorithm. Currently BearSSL provides the algorithmic implementation but it cannot be accessed through the ArduinoBearSSL library since the object layer is missing. It would be great if this could be made and shared.

    type: enhancement 
    opened by lucatoldo 1
Releases(1.7.2)
  • 1.7.1(Jul 5, 2021)

    • Singletons for AES128, SHA256, MD5, DES are not instantiated by default on resource constrained platforms (starting with MEGAAVR) Fixes the CI build failure in https://github.com/arduino/ArduinoCore-megaavr core
    Source code(tar.gz)
    Source code(zip)
  • 1.7.0(Apr 12, 2021)

    Changelog

    • Update CI workflows to modern standards (#40)
    • Add setEccChain function (#39) (This will allow the user to specifiy a client certificate chain instead of a single client certificate).
    • Enable setting client certificate parent (#44)
    • Add ARDUINO_DISABLE_ECCX08 (#45) This new compilation flag can be set through ArduinoBearSSLConfig.h and will allow the user to use ArduinoBearSSL without ECCX08).
    Source code(tar.gz)
    Source code(zip)
  • 1.6.0(Feb 4, 2021)

    Changelog

    • Add _ecVrfy and _ecSign (#31, #36)
    • Add MD5 API and example (#32)
    • Allow the user to set his own client certificate (#33)
    • Adding symmetric encryption (#34)
    Source code(tar.gz)
    Source code(zip)
  • 1.5.0(Jun 2, 2020)

    :hammer: Features

    • Use two dedicated buffers for input and output instead of split mode (#18)
    • Use GitHub actions for continuous integration (#26)
    • Support for disabling SNI (Server-Name-Identification) (#20, #24)
    • Additional BearSSL constructor as well as a method setClient to allow late initialisation (#29)
    Source code(tar.gz)
    Source code(zip)
Owner
Arduino Libraries
This org contains the official Arduino Libraries. See @arduino for the tools (IDE, Pro IDE, CLI...)
Arduino Libraries
Arduino Arduino library for the CloudStorage server project. The library provides easy access to server-stored values and operations.

Arduino-CloudStorage Arduino/ESP8266 library that allows you to easly store and retreive data from a remote (cloud) storage in a key/value fashion. Cl

Gil Maimon 7 Jan 30, 2022
Arduino library for making an IHC in or output module using an Arduino

Introduction This is an Arduino library for making an IHC in or output module using an Arduino. (IHC controller is a home automation controller made b

Jens Ƙstergaard Nielsen 2 Mar 26, 2020
ArduinoIoTCloud library is the central element of the firmware enabling certain Arduino boards to connect to the Arduino IoT Cloud

ArduinoIoTCloud What? The ArduinoIoTCloud library is the central element of the firmware enabling certain Arduino boards to connect to the Arduino IoT

Arduino Libraries 60 Jul 20, 2022
JerryScript port to ArduinoCore-Mbed

JerryScript port to ArduinoCore-Mbed Overview Integrate ArduinoCore-mbed and modern JavaScript standards (ECMAScript 5/6/6+) powered by JerryScript. W

Damiano Mazzella 4 Jul 20, 2022
Arduino library for controlling the MCP2515 in order to receive/transmit CAN frames.

107-Arduino-MCP2515 Arduino library for controlling the MCP2515 in order to receive/transmit CAN frames. This library is prepared to interface easily

107-Systems 46 Aug 3, 2022
Arduino library for interfacing with any GPS, GLONASS, Galileo or GNSS module and interpreting its NMEA messages.

107-Arduino-NMEA-Parser Arduino library for interfacing with any GPS, GLONASS, Galileo or GNSS module and interpreting its NMEA messages. This library

107-Systems 12 May 16, 2022
Arduino library for providing a convenient C++ interface for accessing UAVCAN.

107-Arduino-UAVCAN Arduino library for providing a convenient C++ interface for accessing UAVCAN (v1.0-beta) utilizing libcanard. This library works f

107-Systems 49 Jul 24, 2022
A RESTful environment for Arduino

aREST Overview A simple library that implements a REST API for Arduino & the ESP8266 WiFi chip. It is designed to be universal and currently supports

null 1.2k Jul 27, 2022
Arduino web server library.

aWOT Arduino web server library. Documentation 1. Getting started Hello World Basic routing Application generator Serving static files 2. Guide Routin

Lasse Lukkari 235 Jul 21, 2022
Arduino, esp32 and esp8266 library for ABB (ex PowerOne) Aurora Inverter, implement a full methods to retrieve data from the Inverter via RS-485

ABB Aurora protocol You can refer the complete documentation on my site ABB Aurora PV inverter library for Arduino, esp8266 and esp32 I create this li

Renzo Mischianti 20 May 30, 2022
MCP2515 CAN Controller Driver for Arduino

MCP2515 CAN Controller Library for Arduino Compatibility with the ACAN library This library is fully compatible with the Teensy 3.x ACAN library https

Pierre Molinaro 40 Jul 13, 2022
Arduino library for the MCP2515 CAN Controller

MCP2515 CAN Controller Library for Arduino Compatibility with the ACAN library This library is fully compatible with the Teensy 3.x ACAN library https

Pierre Molinaro 3 Oct 1, 2021
Arduino CAN driver for MCP2517FD CAN Controller (in CAN 2.0B mode)

MCP2517FD CAN Controller Library for Arduino (in CAN 2.0B mode) Compatibility with the other ACAN libraries This library is fully compatible with the

Pierre Molinaro 11 Jun 10, 2022
Distribution of Arduino driver for MCP2517FD CAN controller (CANFD mode)

MCP2517FD and MCP2518FD CAN Controller Library for Arduino (in CAN FD mode) Compatibility with the other ACAN libraries This library is fully compatib

Pierre Molinaro 27 Jul 19, 2022
CAN / CANFD Arduino Library for Teensy 4.0

CAN Library for Teensy 4.0 / 4.1 It handles Controller Area Network (CAN) for CAN1, CAN2 and CAN3, and Controller Area Network with Flexible Data (CAN

Pierre Molinaro 9 Jul 6, 2022
Unified interface for selecting hardware or software SPI implementations on Arduino platforms

AceSPI Unified interface for selecting hardware or software SPI implementations on Arduino platforms. The code was initially part of the AceSegment li

Brian Park 1 Oct 22, 2021
Unified interface for selecting different implementations for communicating with a TM1637 LED controller chip on Arduino platforms

AceTMI Unified interface for communicating with a TM1637 LED controller chip on Arduino platforms. The code was initially part of the AceSegment libra

Brian Park 0 Feb 2, 2022
Unified interface for selecting different I2C implementations on Arduino platforms

AceWire Wrapper classes that provide a simple, unified interface for different I2C implementations on Arduino platforms. The code was initially part o

Brian Park 4 Feb 3, 2022
Analog Devices Analog Digital Converter AD7173 Arduino library

AD7173-Arduino Analog Devices AD7173 analog digital converter Arduino library Mostly tested setup for this library: 1007 data rate external crystal co

brain-duino 8 Jan 13, 2022