Maxim Integrated / Mbed 2 deprecated DeepCover Embedded Security in IoT

MAXREFDES143#: DeepCover Embedded Security in IoT Authenticated Sensing & Notification

Dependencies:   MaximInterface mbed

The MAXREFDES143# is an Internet of Things (IoT) embedded security reference design, built to protect an industrial sensing node by means of authentication and notification to a web server. The hardware includes a peripheral module representing a protected sensor node monitoring operating temperature and remaining life of a filter (simulated through ambient light sensing) and an mbed shield representing a controller node responsible for monitoring one or more sensor nodes. The design is hierarchical with each controller node communicating data from connected sensor nodes to a web server that maintains a centralized log and dispatches notifications as necessary. The mbed shield contains a Wi-Fi module, a DS2465 coprocessor with 1-Wire® master function, an LCD, LEDs, and pushbuttons. The protected sensor node contains a DS28E15 authenticator, a DS7505 temperature sensor, and a MAX44009 light sensor. The mbed shield communicates to a web server by the onboard Wi-Fi module and to the protected sensor node with I2C and 1-Wire. The MAXREFDES143# is equipped with a standard shield connector for immediate testing using an mbed board such as the MAX32600MBED#. The simplicity of this design enables rapid integration into any star-topology IoT network requiring the heightened security with low overhead provided by the SHA-256 symmetric-key algorithm.

More information about the MAXREFDES143# is available on the Maxim Integrated website.

Diff: WebServerInterface.cpp

Revision:
6:b6bafd0a7013
Parent:
4:71d578d3af22
Child:
8:594529956266
diff -r 63232ef22abe -r b6bafd0a7013 WebServerInterface.cpp
--- a/WebServerInterface.cpp	Wed Apr 20 20:13:33 2016 +0000
+++ b/WebServerInterface.cpp	Thu May 12 14:40:14 2016 -0500
@@ -35,9 +35,12 @@
 
 #include "WebServerInterface.hpp"
 #include "ESP8266.hpp"
-#include "OneWire_Masters/ISha256MacCoprocessor.hpp"
+#include "Authenticators/ISha256MacCoproc.h"
 #include "common.hpp"
-#include "mbed.h"
+#include "Serial.h"
+#include "wait_api.h"
+
+using OneWire::Authenticators::ISha256MacCoproc;
 
 const char WebServerInterface::wifiSsid[] = "WifiSsid";
 const char WebServerInterface::wifiPassword[] = "WifiPassword";
@@ -53,17 +56,17 @@
 static const char sessionIdKey[] = "SessionId";
 
 // Authentication MAC constants
-static const std::size_t challengeLen = 32;
-static const std::uint8_t defaultPaddingByte = 0x00;
+static const size_t challengeLen = 32;
+static const uint8_t defaultPaddingByte = 0x00;
 
 /// Select the Transport Secret for the web server in the Controller.
 /// @returns True on success.
-static bool setHttpPostSecret(ISha256MacCoprocessor & MacCoproc)
+static bool setHttpPostSecret(ISha256MacCoproc & MacCoproc)
 {
-  ISha256MacCoprocessor::DevicePage::Buffer fillData;
-  std::memset(fillData, defaultPaddingByte, ISha256MacCoprocessor::DevicePage::length);
-  // static_assert(ISha256MacCoprocessor::DevicePage::length > ISha256MacCoprocessor::SlaveSecretData::length);
-  return (MacCoproc.computeSlaveSecret(fillData, fillData, reinterpret_cast<const ISha256MacCoprocessor::SlaveSecretData::Buffer &>(fillData)) == ISha256MacCoprocessor::Success);
+  ISha256MacCoproc::DevicePage::Buffer fillData;
+  std::memset(fillData, defaultPaddingByte, ISha256MacCoproc::DevicePage::length);
+  // static_assert(ISha256MacCoproc::DevicePage::length > ISha256MacCoproc::SlaveSecretData::length);
+  return (MacCoproc.computeSlaveSecret(fillData, fillData, reinterpret_cast<const ISha256MacCoproc::SlaveSecretData::Buffer &>(fillData)) == ISha256MacCoproc::Success);
 }
 
 WebServerInterface::WebServerInterface(ESP8266 & esp8266, mbed::Serial * pc)
@@ -121,11 +124,11 @@
 /// @param input Message array used for MAC calculation.
 /// @param ilen Length of array input.
 /// @param output Calculated MAC output.
-static void calculateHttpPostMac(const ISha256MacCoprocessor & macCoproc, const std::uint8_t * input, std::size_t ilen, ISha256MacCoprocessor::Mac & output)
+static void calculateHttpPostMac(const ISha256MacCoproc & macCoproc, const uint8_t * input, size_t ilen, ISha256MacCoproc::Mac & output)
 {
-  ISha256MacCoprocessor::DeviceScratchpad block;
-  std::size_t index = 0;
-  ISha256MacCoprocessor::AuthMacData padding;
+  ISha256MacCoproc::DeviceScratchpad block;
+  size_t index = 0;
+  ISha256MacCoproc::AuthMacData padding;
   std::memset(padding, defaultPaddingByte, padding.length);
   std::memset(output, defaultPaddingByte, output.length); // Set initial hash value
   while (index < ilen)
@@ -156,10 +159,10 @@
 /// @param challenge Challenge previously received from web server for use in authentication MAC.
 /// @returns POST request string.
 static std::string formatHttpPost(const std::string & host, const std::string & path, const std::string & sessionId,
-                                  const ISha256MacCoprocessor & macCoproc, PostEvent event, const std::string & initialPostBody,
-                                  const std::uint8_t (&challenge)[challengeLen])
+                                  const ISha256MacCoproc & macCoproc, PostEvent event, const std::string & initialPostBody,
+                                  const uint8_t (&challenge)[challengeLen])
 {
-  const std::size_t headerReserve = 115, bodyReserve = 200;
+  const size_t headerReserve = 115, bodyReserve = 200;
   
   std::string httpPost;
   httpPost.reserve(initialPostBody.length() + headerReserve + bodyReserve);
@@ -202,11 +205,11 @@
   }
   
   // Combine initial post body with initial secret and hash
-  std::vector<std::uint8_t> hashInput;
+  std::vector<uint8_t> hashInput;
   hashInput.reserve(challengeLen + httpPost.length());
   hashInput.insert(hashInput.end(), challenge, challenge + challengeLen);
   hashInput.insert(hashInput.end(), httpPost.begin(), httpPost.end());
-  ISha256MacCoprocessor::Mac mac;
+  ISha256MacCoproc::Mac mac;
   calculateHttpPostMac(macCoproc, &hashInput[0], hashInput.size(), mac);
   
   char contentLen[5];
@@ -241,11 +244,11 @@
   return httpPost;
 }
 
-bool WebServerInterface::authPostHttpEvent(ISha256MacCoprocessor & macCoproc, PostEvent event, const std::string & postData, bool setSecret)
+bool WebServerInterface::authPostHttpEvent(ISha256MacCoproc & macCoproc, PostEvent event, const std::string & postData, bool setSecret)
 {
   const std::string challengeSearch(newline + newline);
   bool result;
-  std::uint8_t challenge[challengeLen];
+  uint8_t challenge[challengeLen];
   std::string response;
   
   std::memset(challenge, defaultPaddingByte, challengeLen);
@@ -292,11 +295,11 @@
       esp8266.closeConnection();
       
       // Parse challenge from response
-      std::size_t challengePos = response.find(challengeSearch);
+      size_t challengePos = response.find(challengeSearch);
       if ((challengePos != std::string::npos) && ((challengePos + challengeSearch.length() + (challengeLen * charsPerByte)) <= response.length()))
       {
         challengePos += challengeSearch.length();
-        for (std::size_t i = 0; i < challengeLen; i++)
+        for (size_t i = 0; i < challengeLen; i++)
         {
           std::sscanf(response.substr(challengePos + (i * charsPerByte), charsPerByte).c_str(), "%2hhx", &challenge[i]);
         }