Maxim Integrated / Mbed 2 deprecated DeepCover Embedded Security in IoT

MAXREFDES143#: DeepCover Embedded Security in IoT Authenticated Sensing & Notification

Dependencies:   MaximInterface mbed

The MAXREFDES143# is an Internet of Things (IoT) embedded security reference design, built to protect an industrial sensing node by means of authentication and notification to a web server. The hardware includes a peripheral module representing a protected sensor node monitoring operating temperature and remaining life of a filter (simulated through ambient light sensing) and an mbed shield representing a controller node responsible for monitoring one or more sensor nodes. The design is hierarchical with each controller node communicating data from connected sensor nodes to a web server that maintains a centralized log and dispatches notifications as necessary. The mbed shield contains a Wi-Fi module, a DS2465 coprocessor with 1-Wire® master function, an LCD, LEDs, and pushbuttons. The protected sensor node contains a DS28E15 authenticator, a DS7505 temperature sensor, and a MAX44009 light sensor. The mbed shield communicates to a web server by the onboard Wi-Fi module and to the protected sensor node with I2C and 1-Wire. The MAXREFDES143# is equipped with a standard shield connector for immediate testing using an mbed board such as the MAX32600MBED#. The simplicity of this design enables rapid integration into any star-topology IoT network requiring the heightened security with low overhead provided by the SHA-256 symmetric-key algorithm.

More information about the MAXREFDES143# is available on the Maxim Integrated website.

Diff: Factory.cpp

Revision:
1:e1c7c1c636af
Child:
2:e67d29a371db
diff -r 19b8608fc4ee -r e1c7c1c636af Factory.cpp
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/Factory.cpp	Thu Apr 14 19:48:01 2016 +0000
@@ -0,0 +1,191 @@
+/*******************************************************************************
+* Copyright (C) 2016 Maxim Integrated Products, Inc., All Rights Reserved.
+*
+* Permission is hereby granted, free of charge, to any person obtaining a
+* copy of this software and associated documentation files (the "Software"),
+* to deal in the Software without restriction, including without limitation
+* the rights to use, copy, modify, merge, publish, distribute, sublicense,
+* and/or sell copies of the Software, and to permit persons to whom the
+* Software is furnished to do so, subject to the following conditions:
+*
+* The above copyright notice and this permission notice shall be included
+* in all copies or substantial portions of the Software.
+*
+* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+* IN NO EVENT SHALL MAXIM INTEGRATED BE LIABLE FOR ANY CLAIM, DAMAGES
+* OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+* ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+* OTHER DEALINGS IN THE SOFTWARE.
+*
+* Except as contained in this notice, the name of Maxim Integrated
+* Products, Inc. shall not be used except as stated in the Maxim Integrated
+* Products, Inc. Branding Policy.
+*
+* The mere transfer of this software does not imply any licenses
+* of trade secrets, proprietary technology, copyrights, patents,
+* trademarks, maskwork rights, or any other form of intellectual
+* property whatsoever. Maxim Integrated Products, Inc. retains all
+* ownership rights.
+*******************************************************************************
+*/
+
+#include "Factory.hpp"
+#include "SensorNode.hpp"
+#include "common.hpp"
+#include "OneWire_Masters/DS2465/DS2465.hpp"
+#include "OneWire_Memory/Authenticators/DS28E15_22_25/DS28E15_22_25.hpp"
+#include "mbed.h"
+
+const std::uint8_t Factory::masterSecret[] = { 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x21,
+                                              0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x31, 0x32 };
+const std::uint8_t Factory::invalidMasterSecret[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                                                     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
+
+bool Factory::provision(DS2465 & ds2465)
+{
+  bool result = (ds2465.setMasterSecret(masterSecret) == ISha256MacCoprocessor::Success);
+  if (result)
+  {
+    SensorNode::AuthData authData;
+    DS28E15_22_25::Page pageData;
+    std::memset(pageData, SensorNode::defaultPaddingByte, pageData.length);
+    std::memcpy(pageData, authData.segment, authData.segment.length);
+    result = (ds2465.writeScratchpad(pageData, pageData.length) == OneWireMaster::Success);
+  }
+  if (result)
+  {
+    result = (ds2465.copyScratchpadToPage(0) == OneWireMaster::Success);
+    if (result)
+      wait_ms(DS2465::eepromPageWriteDelayMs);
+  }
+  
+  return result;
+}
+
+bool Factory::provision(SensorNode & sensorNode, bool validSecret)
+{
+  const int blockNum = sensorNode.authData.pageNum / 2;
+  const DS28E15_22_25::BlockProtection desiredProtection(false, false, false, true, blockNum); // Authentication Protection only
+  
+  // Reset to starting defaults
+  sensorNode.authData.reset();
+  
+  // Read current protection status
+  DS28E15_22_25::BlockProtection protectionStatus;
+  bool result;
+  // Select device through Skip ROM
+  result = (sensorNode.ds2465.OWSkipROM() == OneWireMaster::Success);
+  if (result)
+    result = (sensorNode.ds28e15_22_25.readBlockProtection(blockNum, protectionStatus) == OneWireSlave::Success);
+  // Check if invalid protections are set
+  if (result)
+    result = ((protectionStatus.statusByte() & ~(desiredProtection.statusByte())) == 0x00);
+  // Select device through Skip ROM
+  if (result)
+    result = (sensorNode.ds2465.OWSkipROM() == OneWireMaster::Success);
+  // Load secret into scratchpad
+  if (result)
+    result = (sensorNode.ds28e15_22_25.writeScratchpad(validSecret ? masterSecret : invalidMasterSecret) == OneWireSlave::Success);
+  // Select device through Skip ROM
+  if (result)
+    result = (sensorNode.ds2465.OWSkipROM() == OneWireMaster::Success);
+  // Load master secret from scratchpad without locking
+  if (result)
+    result = (sensorNode.ds28e15_22_25.loadSecret(false) == OneWireSlave::Success);
+  
+  // Setup is complete if not using a valid secret
+  if (!validSecret)
+    return result;
+  
+  // Create constant partial secret
+  DS28E15_22_25::Scratchpad partialSecret;
+  DS28E15_22_25::Page pageData;
+  std::memset(partialSecret, SensorNode::defaultPaddingByte, partialSecret.length);
+  
+  // Select device through Skip ROM
+  if (result)
+    result = (sensorNode.ds2465.OWSkipROM() == OneWireMaster::Success);
+  // Read page data
+  if (result)
+    result = (sensorNode.ds28e15_22_25.readPage(sensorNode.authData.pageNum, pageData, false) == OneWireSlave::Success);
+  // Select device through Skip ROM
+  if (result)
+    result = (sensorNode.ds2465.OWSkipROM() == OneWireMaster::Success);
+  // Load partial secret into scratchpad
+  if (result)
+    result = (sensorNode.ds28e15_22_25.writeScratchpad(partialSecret) == OneWireSlave::Success);
+  // Select device through Skip ROM
+  if (result)
+    result = (sensorNode.ds2465.OWSkipROM() == OneWireMaster::Success);
+  // Compute secret
+  if (result)
+    result = (sensorNode.ds28e15_22_25.computeSecret(sensorNode.authData.pageNum, false) == OneWireSlave::Success);
+  // Configure slave secret on DS2465
+  if (result)
+    result = (DS28E15_22_25::computeNextSecret(sensorNode.ds2465, pageData, sensorNode.authData.pageNum, partialSecret, sensorNode.ds28e15_22_25.romId, sensorNode.ds28e15_22_25.manId) == ISha256MacCoprocessor::Success);
+  // Select device through Skip ROM
+  if (result)
+    result = (sensorNode.ds2465.OWSkipROM() == OneWireMaster::Success);
+  // Enable authentication protection if not set
+  if (result && (protectionStatus != desiredProtection))
+    result = (sensorNode.ds28e15_22_25.writeAuthBlockProtection(sensorNode.ds2465, desiredProtection, protectionStatus) == OneWireSlave::Success);
+  // Select device through Skip ROM
+  if (result)
+    result = (sensorNode.ds2465.OWSkipROM() == OneWireMaster::Success);
+  // Write initial filter life and set all other segments to default value
+  if (result)
+  {
+    DS28E15_22_25::Segment blankSegment;
+    std::memset(blankSegment, SensorNode::defaultPaddingByte, blankSegment.length);
+    for (std::size_t i = 0; i < (DS28E15_22_25::Page::length / DS28E15_22_25::Segment::length); i++)
+    {
+      result = (sensorNode.ds2465.OWSkipROM() == OneWireMaster::Success);
+      if (result)
+        result = (sensorNode.ds28e15_22_25.writeAuthSegment(sensorNode.ds2465, sensorNode.authData.pageNum, i,
+                                                            ((i == sensorNode.authData.segmentNum) ? sensorNode.authData.segment : blankSegment),
+                                                            reinterpret_cast<const DS28E15_22_25::Segment::Buffer &>(static_cast<const DS28E15_22_25::Page::Buffer &>(pageData)[i * sizeof(DS28E15_22_25::Segment::Buffer)]), false) == OneWireSlave::Success);
+      
+      if (!result)
+        break;
+    }
+  }
+  
+  // Reload secret with known page values
+  // Select device through Skip ROM
+  if (result)
+    result = (sensorNode.ds2465.OWSkipROM() == OneWireMaster::Success);
+  // Load master secret into scratchpad
+  if (result)
+    result = (sensorNode.ds28e15_22_25.writeScratchpad(masterSecret) == OneWireSlave::Success);
+  // Select device through Skip ROM
+  if (result)
+    result = (sensorNode.ds2465.OWSkipROM() == OneWireMaster::Success);
+  // Load master secret
+  if (result)
+    result = (sensorNode.ds28e15_22_25.loadSecret(false) == OneWireSlave::Success);
+  // Select device through Skip ROM
+  if (result)
+    result = (sensorNode.ds2465.OWSkipROM() == OneWireMaster::Success);
+  // Read page data
+  if (result)
+    result = (sensorNode.ds28e15_22_25.readPage(sensorNode.authData.pageNum, pageData, false) == OneWireSlave::Success);
+  // Select device through Skip ROM
+  if (result)
+    result = (sensorNode.ds2465.OWSkipROM() == OneWireMaster::Success);
+  // Write partial secret to scratchpad
+  if (result)
+    result = (sensorNode.ds28e15_22_25.writeScratchpad(partialSecret) == OneWireSlave::Success);
+  // Select device through Skip ROM
+  if (result)
+    result = (sensorNode.ds2465.OWSkipROM() == OneWireMaster::Success);
+  // Compute secret
+  if (result)
+    result = (sensorNode.ds28e15_22_25.computeSecret(sensorNode.authData.pageNum, false) == OneWireSlave::Success);
+  // Configure slave secret on DS2465
+  if (result)
+    result = (DS28E15_22_25::computeNextSecret(sensorNode.ds2465, pageData, sensorNode.authData.pageNum, partialSecret, sensorNode.ds28e15_22_25.romId, sensorNode.ds28e15_22_25.manId) == ISha256MacCoprocessor::Success);
+
+  return result;
+}
\ No newline at end of file