Use ArduinoBearSSL library

.github/workflows/compile-examples.yml

@@ -105,6 +105,7 @@ jobs:
               # Install samd platform via Boards Manager
               - name: arduino:samd
             libraries: |
+              - name: ArduinoBearSSL
               - name: ArduinoECCX08
               - name: Blues Wireless Notecard
               - name: RTCZero
@@ -122,6 +123,7 @@ jobs:
               - name: arduino:samd
               - name: arduino:mbed_nano
             libraries: |
+              - name: ArduinoBearSSL
               - name: ArduinoECCX08
               - name: Blues Wireless Notecard
               - name: RTCZero
@@ -154,6 +156,7 @@ jobs:
               # Install samd platform via Boards Manager
               - name: arduino:samd
             libraries: |
+              - name: ArduinoBearSSL
               - name: ArduinoECCX08
               - name: Blues Wireless Notecard
               - name: RTCZero
@@ -170,6 +173,7 @@ jobs:
               # Install samd platform via Boards Manager
               - name: arduino:samd
             libraries: |
+              - name: ArduinoBearSSL
               - name: ArduinoECCX08
               - name: Blues Wireless Notecard
               - name: RTCZero
@@ -186,6 +190,7 @@ jobs:
               # Install mbed_portenta platform via Boards Manager
               - name: arduino:mbed_portenta
             libraries: |
+              - name: ArduinoBearSSL
               - name: ArduinoECCX08
               - name: Arduino_Cellular
               - name: Blues Wireless Notecard
@@ -214,6 +219,7 @@ jobs:
               # Install mbed_opta platform via Boards Manager
               - name: arduino:mbed_opta
             libraries: |
+              - name: ArduinoBearSSL
               - name: ArduinoECCX08
               - name: Blues Wireless Notecard
             sketch-paths: |
@@ -228,6 +234,7 @@ jobs:
               # Install mbed_giga platform via Boards Manager
               - name: arduino:mbed_giga
             libraries: |
+              - name: ArduinoBearSSL
               - name: ArduinoECCX08
               - name: Blues Wireless Notecard
             sketch-paths: |

examples/ArduinoIoTCloud-AWS-Basic/ArduinoIoTCloud-AWS-Basic.ino

@@ -0,0 +1,151 @@
+#include "arduino_secrets.h"
+/*
+  This sketch demonstrates how to connect to ArduinoIoTCloud and AWS IoT core.
+
+  The full list of compatible boards can be found here:
+   - https://github.com/arduino-libraries/ArduinoIoTCloud#what
+*/
+
+#include "thingProperties.h"
+#include "aws_secrets.h"
+
+Client& getDefaultClient() {
+  switch(ArduinoIoTPreferredConnection.getInterface()) {
+
+#ifdef BOARD_HAS_WIFI
+    case NetworkAdapter::WIFI:
+    static WiFiClient wclient;
+    return wclient;
+#endif
+
+#ifdef BOARD_HAS_ETHERNET
+    case NetworkAdapter::ETHERNET:
+    static EthernetClient eclient;
+    return eclient;
+#endif
+
+    default:
+    Serial.println("Error: could not create default AWS client");
+    break;
+  }
+}
+
+unsigned long publishMillis = 0;
+unsigned long connectMillis = 0;
+
+BearSSLClient sslClientAWS(getDefaultClient());
+MqttClient mqttClientAWS(sslClientAWS);
+
+void setup() {
+  /* Initialize serial and wait up to 5 seconds for port to open */
+  Serial.begin(9600);
+
+  /* Configure LED pin as an output */
+  pinMode(LED_BUILTIN, OUTPUT);
+
+  /* This function takes care of connecting your sketch variables to the ArduinoIoTCloud object */
+  initProperties();
+
+  /* Initialize Arduino IoT Cloud library */
+  ArduinoCloud.begin(ArduinoIoTPreferredConnection, true, "iot.arduino.cc");
+
+  setDebugMessageLevel(5);
+  ArduinoCloud.printDebugInfo();
+
+  /* Initialize AWS Client */
+  ArduinoBearSSL.onGetTime(getTime);
+  sslClientAWS.setEccSlot(AWS_SLOT, AWS_CERTIFICATE);
+
+  mqttClientAWS.setId("ArduinoAWSClient");
+  mqttClientAWS.onMessage(onMessageReceived);
+  mqttClientAWS.setConnectionTimeout(10 * 1000);
+  mqttClientAWS.setKeepAliveInterval(30 * 1000);
+  mqttClientAWS.setCleanSession(false);
+}
+
+void loop() {
+  ArduinoCloud.update();
+  potentiometer = analogRead(A0);
+  seconds = millis() / 1000;
+
+  if (!ArduinoCloud.connected()) {
+    return;
+  }
+
+  if (!mqttClientAWS.connected()) {
+    if (millis() - connectMillis > 5000) {
+      connectMillis = millis();
+      // MQTT client is disconnected, connect
+      if (!connectMQTT()) {
+        return;
+      }
+    } else {
+      return;
+    }
+  }
+
+  // poll for new MQTT messages and send keep alive
+  mqttClientAWS.poll();
+
+  // publish a message roughly every 5 seconds.
+  if (millis() - publishMillis > 5000) {
+    publishMillis = millis();
+
+    publishMessage();
+  }
+}
+
+/*
+ * 'onLedChange' is called when the "led" property of your Thing changes
+ */
+void onLedChange() {
+  Serial.print("LED set to ");
+  Serial.println(led);
+  digitalWrite(LED_BUILTIN, led);
+}
+
+void onMessageReceived(int messageSize)
+{
+  // we received a message, print out the topic and contents
+  Serial.print("Received a message with topic '");
+  Serial.print(mqttClientAWS.messageTopic());
+  Serial.print("', length ");
+  Serial.print(messageSize);
+  Serial.println(" bytes:");
+
+  for (int i = 0; i < messageSize; i++) {
+    const char c = mqttClientAWS.read();
+    Serial.print(c);
+  }
+  Serial.println();
+}
+
+int connectMQTT() {
+  Serial.print("Attempting to connect to MQTT broker: ");
+  Serial.print(AWS_BROKER);
+  Serial.println(" ");
+
+  if (!mqttClientAWS.connect(AWS_BROKER, 8883)) {
+    // failed, retry
+    Serial.print(".");
+    return 0;
+  }
+  Serial.println();
+
+  Serial.println("You're connected to the MQTT broker");
+  Serial.println();
+
+  // subscribe to a topic
+  mqttClientAWS.subscribe("arduino/incoming");
+  return 1;
+}
+
+void publishMessage() {
+  Serial.println("Publishing message");
+
+  // send message, the Print interface can be used to set the message contents
+  mqttClientAWS.beginMessage("arduino/outgoing");
+  mqttClientAWS.print("hello ");
+  mqttClientAWS.print(millis());
+  mqttClientAWS.endMessage();
+}

examples/ArduinoIoTCloud-AWS-Basic/arduino_secrets.h

@@ -0,0 +1,2 @@
+#define SECRET_SSID ""
+#define SECRET_OPTIONAL_PASS ""

examples/ArduinoIoTCloud-AWS-Basic/aws_secrets.h

@@ -0,0 +1,10 @@
+/* Fill in the hostname of your AWS IoT broker */
+#define AWS_BROKER ""
+
+#define AWS_SLOT 4
+
+/* Fill in the boards public certificate */
+const char AWS_CERTIFICATE[] = R"(
+-----BEGIN CERTIFICATE-----
+-----END CERTIFICATE-----
+)";

examples/ArduinoIoTCloud-AWS-Basic/thingProperties.h

@@ -0,0 +1,21 @@
+// Code generated by Arduino IoT Cloud, DO NOT EDIT.
+
+#include <ArduinoIoTCloud.h>
+#include <Arduino_ConnectionHandler.h>
+
+const char SSID[]     = SECRET_SSID;    // Network SSID (name)
+const char PASS[]     = SECRET_OPTIONAL_PASS;    // Network password (use for WPA, or use as key for WEP)
+
+void onLedChange();
+
+bool led;
+int potentiometer;
+int seconds;
+
+void initProperties() {
+  ArduinoCloud.addProperty(led, Permission::Write).onUpdate(onLedChange);
+  ArduinoCloud.addProperty(potentiometer, Permission::Read).publishOnChange(10);
+  ArduinoCloud.addProperty(seconds, Permission::Read).publishOnChange(1);
+}
+
+WiFiConnectionHandler ArduinoIoTPreferredConnection(SECRET_SSID, SECRET_OPTIONAL_PASS);

library.properties

@@ -8,4 +8,5 @@ category=Communication
 url=https://github.com/arduino-libraries/ArduinoIoTCloud
 architectures=mbed,samd,esp8266,mbed_nano,mbed_portenta,mbed_nicla,esp32,mbed_opta,mbed_giga,renesas_portenta,renesas_uno,mbed_edge,stm32
 includes=ArduinoIoTCloud.h
-depends=Arduino_ConnectionHandler,Arduino_DebugUtils,Arduino_SecureElement,ArduinoMqttClient,ArduinoECCX08,RTCZero,Adafruit SleepyDog Library,ArduinoHttpClient,Arduino_CloudUtils
+depends=Arduino_ConnectionHandler,Arduino_DebugUtils,Arduino_SecureElement,ArduinoMqttClient,ArduinoECCX08,RTCZero,Adafruit SleepyDog Library,ArduinoHttpClient,Arduino_CloudUtils,ArduinoBearSSL
+

src/AIoTC_Config.h

@@ -122,10 +122,6 @@
   #define HAS_TCP
 #endif
 
-#if defined(ARDUINO_NANO_RP2040_CONNECT)
-  #define BEAR_SSL_CLIENT_IBUF_SIZE (16384 + 325) // Allows download from storage API
-#endif
-
 #if defined(ARDUINO_EDGE_CONTROL)
   #define BOARD_HAS_SECRET_KEY
   #define HAS_TCP
@@ -149,7 +145,6 @@
 #endif // HAS_NOTECARD
 
 #if defined(ARDUINO_PORTENTA_H7_M7) || defined(ARDUINO_NICLA_VISION) || defined(ARDUINO_OPTA) || defined(ARDUINO_GIGA)
-  #define BEAR_SSL_CLIENT_IBUF_SIZE (16384 + 325) // Allows download from storage API
   #define BOARD_STM32H7
 #endif
 

src/ArduinoBearSSLConfig.h

@@ -0,0 +1,61 @@
+/*
+   This file is part of ArduinoIoTCloud.
+
+   Copyright 2024 ARDUINO SA (http://www.arduino.cc/)
+
+   This software is released under the GNU General Public License version 3,
+   which covers the main part of arduino-cli.
+   The terms of this license can be found at:
+   https://www.gnu.org/licenses/gpl-3.0.en.html
+
+   You can be released from the requirements of the above licenses by purchasing
+   a commercial license. Buying such a license is mandatory if you want to modify or
+   otherwise use the software for commercial activities involving the Arduino
+   software without disclosing the source code of your own applications. To purchase
+   a commercial license, send an email to [email protected].
+*/
+
+#ifndef ARDUINO_BEARSSL_CONFIG_H_
+#define ARDUINO_BEARSSL_CONFIG_H_
+
+/* Enabling this define allows the usage of ArduinoBearSSL without crypto chip. */
+//#define ARDUINO_DISABLE_ECCX08
+
+/* Enable/Disable global instances*/
+#define ARDUINO_BEARSSL_DISABLE_AES128
+#define ARDUINO_BEARSSL_DISABLE_DES
+#define ARDUINO_BEARSSL_DISABLE_MD5
+#define ARDUINO_BEARSSL_DISABLE_SHA1
+#define ARDUINO_BEARSSL_DISABLE_SHA256
+
+#define ARDUINO_BEARSSL_DISABLE_KEY_DECODER
+
+/* If uncommented profile should be configured using client.setProfile(...) */
+//#define ARDUINO_BEARSSL_DISABLE_FULL_CLIENT_PROFILE
+
+/* If uncommented TA should be configured via constructor */
+//#define ARDUINO_BEARSSL_DISABLE_BUILTIN_TRUST_ANCHORS
+
+/* If uncommented disables br_sslio_close call.From BearSSL docs:
+ *
+ * br_sslio_close(): perform the SSL closure protocol. This entails sending a
+ * close_notify alert, and receiving a close_notify response.
+ *
+ * Note that a number of deployed SSL implementations do not follow the protocol
+ * for closure, and may drop the underlying socket abruptly. As such, errors are
+ * often reported by br_sslio_close().
+ *
+ * In case of mbed-os + ArduinoIoTCloud br_sslio_close is endless looping
+ * blocking sketch execution.
+ */
+#define ARDUINO_BEARSSL_DISABLE_TLS_CLOSE
+
+#define BEAR_SSL_CLIENT_CHAIN_SIZE 1
+
+#if defined(ARDUINO_PORTENTA_H7_M7) || defined(ARDUINO_NICLA_VISION) || defined(ARDUINO_OPTA) ||\
+    defined(ARDUINO_GIGA) || defined(ARDUINO_NANO_RP2040_CONNECT)
+  /* Allows download from OTA storage API */
+  #define BEAR_SSL_CLIENT_IBUF_SIZE (16384 + 325)
+#endif
+
+#endif /* ARDUINO_BEARSSL_CONFIG_H_ */

src/tls/profile/aiotc_profile.c → src/tls/BearSSLClientProfile.c

@@ -22,10 +22,14 @@
  * SOFTWARE.
  */
 
+/******************************************************************************
+ * INCLUDE
+ ******************************************************************************/
+
 #include <AIoTC_Config.h>
 #ifdef BOARD_HAS_ECCX08
 
-#include "../bearssl/inner.h"
+#include "bearssl/inner.h"
 
 /* see bearssl_ssl.h */
 void aiotc_client_profile_init(br_ssl_client_context *cc, br_x509_minimal_context *xc, const br_x509_trust_anchor *trust_anchors, size_t trust_anchors_num)
@@ -99,3 +103,4 @@ void aiotc_client_profile_init(br_ssl_client_context *cc, br_x509_minimal_contex
 }
 
 #endif /* #ifdef BOARD_HAS_ECCX08 */
+

src/tls/bearssl/i32_add.c → src/tls/BearSSLClientProfile.h

@@ -22,35 +22,19 @@
  * SOFTWARE.
  */
 
-#include <AIoTC_Config.h>
-#ifdef BOARD_HAS_ECCX08
+#ifndef _BEAR_SSL_CLIENT_PROFILE_H_
+#define _BEAR_SSL_CLIENT_PROFILE_H_
 
-#include "inner.h"
+/******************************************************************************
+ * INCLUDE
+ ******************************************************************************/
 
-/* see inner.h */
-uint32_t
-br_i32_add(uint32_t *a, const uint32_t *b, uint32_t ctl)
-{
-	uint32_t cc;
-	size_t u, m;
+#include <AIoTC_Config.h>
+#ifdef BOARD_HAS_ECCX08
 
-	cc = 0;
-	m = (a[0] + 63) >> 5;
-	for (u = 1; u < m; u ++) {
-		uint32_t aw, bw, naw;
+extern "C" void aiotc_client_profile_init(br_ssl_client_context *cc, br_x509_minimal_context *xc, const br_x509_trust_anchor *trust_anchors, size_t trust_anchors_num);
 
-		aw = a[u];
-		bw = b[u];
-		naw = aw + bw + cc;
+#endif /* #ifdef BOARD_HAS_ECCX08 */
 
-		/*
-		 * Carry is 1 if naw < aw. Carry is also 1 if naw == aw
-		 * AND the carry was already 1.
-		 */
-		cc = (cc & EQ(naw, aw)) | LT(naw, aw);
-		a[u] = MUX(ctl, naw, aw);
-	}
-	return cc;
-}
+#endif /* _BEAR_SSL_CLIENT_PROFILE_H_ */
 
-#endif /* #ifdef BOARD_HAS_ECCX08 */