MAXREFDES143#: DeepCover Embedded Security in IoT Authenticated Sensing & Notification
Dependencies: MaximInterface mbed
The MAXREFDES143# is an Internet of Things (IoT) embedded security reference design, built to protect an industrial sensing node by means of authentication and notification to a web server. The hardware includes a peripheral module representing a protected sensor node monitoring operating temperature and remaining life of a filter (simulated through ambient light sensing) and an mbed shield representing a controller node responsible for monitoring one or more sensor nodes. The design is hierarchical with each controller node communicating data from connected sensor nodes to a web server that maintains a centralized log and dispatches notifications as necessary. The mbed shield contains a Wi-Fi module, a DS2465 coprocessor with 1-Wire® master function, an LCD, LEDs, and pushbuttons. The protected sensor node contains a DS28E15 authenticator, a DS7505 temperature sensor, and a MAX44009 light sensor. The mbed shield communicates to a web server by the onboard Wi-Fi module and to the protected sensor node with I2C and 1-Wire. The MAXREFDES143# is equipped with a standard shield connector for immediate testing using an mbed board such as the MAX32600MBED#. The simplicity of this design enables rapid integration into any star-topology IoT network requiring the heightened security with low overhead provided by the SHA-256 symmetric-key algorithm.
More information about the MAXREFDES143# is available on the Maxim Integrated website.
Diff: WebServerInterface.cpp
- Revision:
- 6:b6bafd0a7013
- Parent:
- 4:71d578d3af22
- Child:
- 8:594529956266
diff -r 63232ef22abe -r b6bafd0a7013 WebServerInterface.cpp --- a/WebServerInterface.cpp Wed Apr 20 20:13:33 2016 +0000 +++ b/WebServerInterface.cpp Thu May 12 14:40:14 2016 -0500 @@ -35,9 +35,12 @@ #include "WebServerInterface.hpp" #include "ESP8266.hpp" -#include "OneWire_Masters/ISha256MacCoprocessor.hpp" +#include "Authenticators/ISha256MacCoproc.h" #include "common.hpp" -#include "mbed.h" +#include "Serial.h" +#include "wait_api.h" + +using OneWire::Authenticators::ISha256MacCoproc; const char WebServerInterface::wifiSsid[] = "WifiSsid"; const char WebServerInterface::wifiPassword[] = "WifiPassword"; @@ -53,17 +56,17 @@ static const char sessionIdKey[] = "SessionId"; // Authentication MAC constants -static const std::size_t challengeLen = 32; -static const std::uint8_t defaultPaddingByte = 0x00; +static const size_t challengeLen = 32; +static const uint8_t defaultPaddingByte = 0x00; /// Select the Transport Secret for the web server in the Controller. /// @returns True on success. -static bool setHttpPostSecret(ISha256MacCoprocessor & MacCoproc) +static bool setHttpPostSecret(ISha256MacCoproc & MacCoproc) { - ISha256MacCoprocessor::DevicePage::Buffer fillData; - std::memset(fillData, defaultPaddingByte, ISha256MacCoprocessor::DevicePage::length); - // static_assert(ISha256MacCoprocessor::DevicePage::length > ISha256MacCoprocessor::SlaveSecretData::length); - return (MacCoproc.computeSlaveSecret(fillData, fillData, reinterpret_cast<const ISha256MacCoprocessor::SlaveSecretData::Buffer &>(fillData)) == ISha256MacCoprocessor::Success); + ISha256MacCoproc::DevicePage::Buffer fillData; + std::memset(fillData, defaultPaddingByte, ISha256MacCoproc::DevicePage::length); + // static_assert(ISha256MacCoproc::DevicePage::length > ISha256MacCoproc::SlaveSecretData::length); + return (MacCoproc.computeSlaveSecret(fillData, fillData, reinterpret_cast<const ISha256MacCoproc::SlaveSecretData::Buffer &>(fillData)) == ISha256MacCoproc::Success); } WebServerInterface::WebServerInterface(ESP8266 & esp8266, mbed::Serial * pc) @@ -121,11 +124,11 @@ /// @param input Message array used for MAC calculation. /// @param ilen Length of array input. /// @param output Calculated MAC output. -static void calculateHttpPostMac(const ISha256MacCoprocessor & macCoproc, const std::uint8_t * input, std::size_t ilen, ISha256MacCoprocessor::Mac & output) +static void calculateHttpPostMac(const ISha256MacCoproc & macCoproc, const uint8_t * input, size_t ilen, ISha256MacCoproc::Mac & output) { - ISha256MacCoprocessor::DeviceScratchpad block; - std::size_t index = 0; - ISha256MacCoprocessor::AuthMacData padding; + ISha256MacCoproc::DeviceScratchpad block; + size_t index = 0; + ISha256MacCoproc::AuthMacData padding; std::memset(padding, defaultPaddingByte, padding.length); std::memset(output, defaultPaddingByte, output.length); // Set initial hash value while (index < ilen) @@ -156,10 +159,10 @@ /// @param challenge Challenge previously received from web server for use in authentication MAC. /// @returns POST request string. static std::string formatHttpPost(const std::string & host, const std::string & path, const std::string & sessionId, - const ISha256MacCoprocessor & macCoproc, PostEvent event, const std::string & initialPostBody, - const std::uint8_t (&challenge)[challengeLen]) + const ISha256MacCoproc & macCoproc, PostEvent event, const std::string & initialPostBody, + const uint8_t (&challenge)[challengeLen]) { - const std::size_t headerReserve = 115, bodyReserve = 200; + const size_t headerReserve = 115, bodyReserve = 200; std::string httpPost; httpPost.reserve(initialPostBody.length() + headerReserve + bodyReserve); @@ -202,11 +205,11 @@ } // Combine initial post body with initial secret and hash - std::vector<std::uint8_t> hashInput; + std::vector<uint8_t> hashInput; hashInput.reserve(challengeLen + httpPost.length()); hashInput.insert(hashInput.end(), challenge, challenge + challengeLen); hashInput.insert(hashInput.end(), httpPost.begin(), httpPost.end()); - ISha256MacCoprocessor::Mac mac; + ISha256MacCoproc::Mac mac; calculateHttpPostMac(macCoproc, &hashInput[0], hashInput.size(), mac); char contentLen[5]; @@ -241,11 +244,11 @@ return httpPost; } -bool WebServerInterface::authPostHttpEvent(ISha256MacCoprocessor & macCoproc, PostEvent event, const std::string & postData, bool setSecret) +bool WebServerInterface::authPostHttpEvent(ISha256MacCoproc & macCoproc, PostEvent event, const std::string & postData, bool setSecret) { const std::string challengeSearch(newline + newline); bool result; - std::uint8_t challenge[challengeLen]; + uint8_t challenge[challengeLen]; std::string response; std::memset(challenge, defaultPaddingByte, challengeLen); @@ -292,11 +295,11 @@ esp8266.closeConnection(); // Parse challenge from response - std::size_t challengePos = response.find(challengeSearch); + size_t challengePos = response.find(challengeSearch); if ((challengePos != std::string::npos) && ((challengePos + challengeSearch.length() + (challengeLen * charsPerByte)) <= response.length())) { challengePos += challengeSearch.length(); - for (std::size_t i = 0; i < challengeLen; i++) + for (size_t i = 0; i < challengeLen; i++) { std::sscanf(response.substr(challengePos + (i * charsPerByte), charsPerByte).c_str(), "%2hhx", &challenge[i]); }