DeepCover Embedded Security in IoT - MAXREFDES143#: DeepCover Embedded Security in IoT…

Maxim Integrated » Code » DeepCover Embedded Security in IoT

Maxim Integrated / Mbed 2 deprecated DeepCover Embedded Security in IoT

MAXREFDES143#: DeepCover Embedded Security in IoT Authenticated Sensing & Notification

The MAXREFDES143# is an Internet of Things (IoT) embedded security reference design, built to protect an industrial sensing node by means of authentication and notification to a web server. The hardware includes a peripheral module representing a protected sensor node monitoring operating temperature and remaining life of a filter (simulated through ambient light sensing) and an mbed shield representing a controller node responsible for monitoring one or more sensor nodes. The design is hierarchical with each controller node communicating data from connected sensor nodes to a web server that maintains a centralized log and dispatches notifications as necessary. The mbed shield contains a Wi-Fi module, a DS2465 coprocessor with 1-Wire® master function, an LCD, LEDs, and pushbuttons. The protected sensor node contains a DS28E15 authenticator, a DS7505 temperature sensor, and a MAX44009 light sensor. The mbed shield communicates to a web server by the onboard Wi-Fi module and to the protected sensor node with I2C and 1-Wire. The MAXREFDES143# is equipped with a standard shield connector for immediate testing using an mbed board such as the MAX32600MBED#. The simplicity of this design enables rapid integration into any star-topology IoT network requiring the heightened security with low overhead provided by the SHA-256 symmetric-key algorithm.

More information about the MAXREFDES143# is available on the Maxim Integrated website.

Diff: WebServerInterface.cpp

Revision:: 25:37ea43ff81be
Parent:: 20:cdba71cb5506
Child:: 27:81a87d29bedd

--- a/WebServerInterface.cpp	Wed Oct 19 13:23:41 2016 -0500
+++ b/WebServerInterface.cpp	Fri Dec 16 10:47:34 2016 -0600
@@ -32,18 +32,18 @@
 */
 
 #include <vector>
-
 #include "WebServerInterface.hpp"
 #include "ESP8266.hpp"
 #include "Slaves/Authenticators/ISha256MacCoproc.h"
-#include "common.hpp"
+#include "SensorData.hpp"
+#include "HexConversions.hpp"
 #include "Serial.h"
 #include "wait_api.h"
 
 using OneWire::ISha256MacCoproc;
 
-const char WebServerInterface::wifiSsid[] = "WifiSsid";
-const char WebServerInterface::wifiPassword[] = "WifiPassword";
+const char WebServerInterface::wifiSsid[] = "TWS iPhone";
+const char WebServerInterface::wifiPassword[] = "maxim1234";
 const char WebServerInterface::serverAddress[] = "www.mxim-security.us";
 const unsigned int WebServerInterface::serverPort = 80;
 const char WebServerInterface::serverPostPath[] = "/post.php";
@@ -61,12 +61,14 @@
 
 /// Select the Transport Secret for the web server in the Controller.
 /// @returns True on success.
-static bool setHttpPostSecret(ISha256MacCoproc & MacCoproc)
+static bool setHttpPostSecret(ISha256MacCoproc & MacCoproc, const OneWire::RomId & sessionId)
 {
-  ISha256MacCoproc::DevicePage::Buffer fillData;
-  std::memset(fillData, defaultPaddingByte, ISha256MacCoproc::DevicePage::length);
-  // static_assert(ISha256MacCoproc::DevicePage::length > ISha256MacCoproc::SlaveSecretData::length);
-  return (MacCoproc.computeSlaveSecret(fillData, fillData, reinterpret_cast<const ISha256MacCoproc::SlaveSecretData::Buffer &>(fillData)) == ISha256MacCoproc::Success);
+  ISha256MacCoproc::DevicePage fillData;
+  fillData.fill(defaultPaddingByte);
+  ISha256MacCoproc::SlaveSecretData secretData;
+  secretData.fill(defaultPaddingByte);
+  std::copy(sessionId.buffer.begin(), sessionId.buffer.end(), secretData.begin());
+  return (MacCoproc.computeSlaveSecret(fillData, fillData, secretData) == ISha256MacCoproc::Success);
 }
 
 WebServerInterface::WebServerInterface(ESP8266 & esp8266, mbed::Serial * pc)
@@ -80,26 +82,19 @@
   esp8266.setPowered(true);
   esp8266.reset();
   bool result = (esp8266.performSelfTest() == ESP8266::AT_OK);
-  if (!result)
+  if (result)
   {
-    return false;
-  }
-  result = (esp8266.setCurrentWifiMode(ESP8266::softAP_station_mode) == ESP8266::AT_OK);
-  if (!result)
-  {
-    return false;
+    result = (esp8266.setCurrentWifiMode(ESP8266::softAP_station_mode) == ESP8266::AT_OK);
   }
-  result = (esp8266.setMaxRFTXPower(10) == ESP8266::AT_OK);
-  if (!result)
+  if (result)
   {
-    return false;
+    result = (esp8266.setMaxRFTXPower(10) == ESP8266::AT_OK);
   }
-  result = (esp8266.joinCurrentAccessPoint(wifiSsid, wifiPassword) == ESP8266::AT_OK);
-  if (!result)
+  if (result)
   {
-    return false;
+    result = (esp8266.joinCurrentAccessPoint(wifiSsid, wifiPassword) == ESP8266::AT_OK);
   }
-  return true;
+  return result;
 }
 
 /// Format an HTTP GET request as a string for transmission.
@@ -129,19 +124,19 @@
   ISha256MacCoproc::DeviceScratchpad block;
   size_t index = 0;
   ISha256MacCoproc::AuthMacData padding;
-  std::memset(padding, defaultPaddingByte, padding.length);
-  std::memset(output, defaultPaddingByte, output.length); // Set initial hash value
+  padding.fill(defaultPaddingByte);
+  output.fill(defaultPaddingByte); // Set initial hash value
   while (index < ilen)
   {
-    if ((index + block.length) <= ilen) // Full block
+    if ((index + block.size()) <= ilen) // Full block
     {
-      std::memcpy(block, &input[index], block.length);
-      index += block.length;
+      std::memcpy(block.data(), &input[index], block.size());
+      index += block.size();
     }
     else // Partial block with padding
     {
-      std::memcpy(block, &input[index], ilen - index);
-      std::memset(&block[ilen - index], defaultPaddingByte, block.length - (ilen - index));
+      std::memcpy(block.data(), &input[index], ilen - index);
+      std::memset(&block[ilen - index], defaultPaddingByte, block.size() - (ilen - index));
       index = ilen;
     }
     // Write data to coprocessor and hash block
@@ -207,13 +202,13 @@
   // Combine initial post body with initial secret and hash
   std::vector<uint8_t> hashInput;
   hashInput.reserve(challengeLen + httpPost.length());
-  hashInput.insert(hashInput.end(), challenge, challenge + challengeLen);
+  hashInput.assign(challenge, challenge + challengeLen);
   hashInput.insert(hashInput.end(), httpPost.begin(), httpPost.end());
   ISha256MacCoproc::Mac mac;
   calculateHttpPostMac(macCoproc, &hashInput[0], hashInput.size(), mac);
   
   char contentLen[5];
-  snprintf(contentLen, sizeof(contentLen) / sizeof(contentLen[0]), "%u", (hashInput.size() - challengeLen) + (mac.length * charsPerByte) + 5 /* &MAC= */);
+  snprintf(contentLen, sizeof(contentLen) / sizeof(contentLen[0]), "%u", (hashInput.size() - challengeLen) + (mac.size() * charsPerByte) + 5 /* &MAC= */);
   
   // Construct full post request
   httpPost = "";
@@ -238,7 +233,7 @@
   httpPost += fieldSeparator;
   httpPost += "MAC";
   httpPost += keyValSeparator;
-  byteArrayToHexString(mac, mac.length, httpPost);
+  byteArrayToHexString(mac.data(), mac.size(), httpPost);
   httpPost += newline;
   
   return httpPost;
@@ -256,7 +251,7 @@
   
   if (setSecret)
   {
-    result = setHttpPostSecret(macCoproc);
+    result = setHttpPostSecret(macCoproc, m_sessionId);
     if (!result)
       return result;
   }
@@ -267,7 +262,7 @@
   if (result)
   {
     // Request challenge
-    result = (esp8266.sendData(formatHttpGet(serverAddress, serverChallengePath, sessionId)) == ESP8266::AT_OK);
+    result = (esp8266.sendData(formatHttpGet(serverAddress, serverChallengePath, m_sessionIdString)) == ESP8266::AT_OK);
     if (result)
     {
       // Receive server response
@@ -309,7 +304,7 @@
       result = (esp8266.openConnection(ESP8266::TCP, serverAddress, serverPort) == ESP8266::AT_OK);
       if (result)
       {
-        result = (esp8266.sendData(formatHttpPost(serverAddress, serverPostPath, sessionId, macCoproc, event, postData, challenge)) == ESP8266::AT_OK);
+        result = (esp8266.sendData(formatHttpPost(serverAddress, serverPostPath, m_sessionIdString, macCoproc, event, postData, challenge)) == ESP8266::AT_OK);
         wait_ms(ESP8266::sendDataRecoveryTimeMs); // Wait for ESP8266 specified recovery time
       }
     }
@@ -333,4 +328,10 @@
   postBodyStream << fieldSeparator;
   postBodyStream << "FilterLifeAlarm" << keyValSeparator << (sensorData.filterLifeAlarm() ? "true" : "false");
   return postBodyStream.str();
+}
+
+void WebServerInterface::setSessionId(const OneWire::RomId & sessionId)
+{
+    m_sessionIdString = byteArrayToHexString(sessionId.buffer.data(), sessionId.buffer.size());
+    m_sessionId = sessionId;
 }
\ No newline at end of file

Repository toolbox

Export to desktop IDE

Build repository

Repository details

Type:	Program
Mbed OS support:	Mbed 2 deprecated
Created:	13 Apr 2016
Imports:	94
Forks:	0
Commits:	36
Dependents:	0
Dependencies:	2
Followers:	65

Components

MAXREFDES143#: DeepCover Embedded Security in IoT Authenticated Sensing & Notification

Diff: WebServerInterface.cpp

Repository toolbox

Repository details

Components

Important Information for this Arm website

Access Warning