ESP32 support for M5Stack Core2 IoT EduKit #30
Conversation
|
I've tried this on the ESP32 and an Arduino Nano 33 IoT so can confirm it still works with both. |
|
Memory usage change @ 44baa6c
Click for full report table
Click for full report CSV |
|
Memory usage change @ 9864c4c
Click for full report table
Click for full report CSV |
|
|
|
@facchinm, would you be so kind as to review this PR and merge? This patch lets me use this library on other Arduino boards with external ECCx08 boards that have a different i2c address. |
|
Hi @rashedtalukder , reviewing right now, sorry but I lost the notification 😓 @torntrousers I really like the Maybe it's better to convince the ESP32 people to patch their core to be compliant with the API specifications https://github.com/arduino/ArduinoCore-API/blob/173e8eadced2ad32eeb93bcbd5c49f8d6a055ea6/api/HardwareI2C.h#L39 😉 |
@facchinm I can't work out how to do this from the ESP32 side, see espressif/arduino-esp32#5768 (comment), any suggestions? |
|
Hi @facchinm , how about simply changing the |
|
Happy days, the requestFrom function has now been updated in the ESP32 core code in espressif/arduino-esp32#5768 thanks to help from @me-no-dev, and this is now out in the 2.0.1 release. |
|
Memory usage change @ 70563e0
Click for full report table
Click for full report CSV |
|
Awesome work @torntrousers! @facchinm, there shouldn't be any blockers to this getting merged at this point, correct? |
|
LGTM! I'm squashing into a single commit and merging! Thanks for the contribution |
|
Any chance of a release of this library soon? @rashedtalukder - I'm now trying to get a mutual TLS connection to AWS IoT with the client private key in the EduKit's 608. Using BearSSL as I've got that working with the 608 on a Nano 33 IoT board, but if you have this with MBedTLS or any ideas would be happy to hear about it. |
|
@torntrousers, you can find an example of it working on the Core2 for AWS using BearSSL below. It would be great to have the device certificate get retrieved in BearSSL so there's less the user needs to do: You can see how to generate the public key in either of these examples:
Here is how the device certificate is retrieved using the Microchip cryptoauthlib (along w/ espressif's port). You'll have to ignore the gibberish logging outputs in that function, it was clearly copied and pasted from the the signer cert retrieval.: https://github.com/espressif/esp-cryptoauthlib/blob/feature/add_firmware_source_code/esp_cryptoauth_utility/firmware/main/handlers.c#L513 |
|
@rashedtalukder I was able to extract the signer certificate and signer public key from the ATECC608B-TNGTLS but I am kind of stuck in reconstructing the certificate to X.509 format. with some guidance, I can get that going. |
I guess that would need something like a new ArduinoECCX08 function that reconstructs a certificate to PEM format from a 608 slot and a new ArduinoBearSSL setEccSlot function that uses that: Seems pretty dooable, and I do actually need the ECCX08Cert.certificate function for another thing anyway . |
Hi @gannaramu , i could help you but I don't know what you know. The compressed certificates are described in section 2.2.1.3 here and the app note that refers too, here. There is a really handy online utility for showing the ASN.1 structure https://lapo.it/asn1js/ which can be super helpful while debugging. |
|
@torntrousers, that's correct you'd need to start by adding the function here to get the public key from the requested slot. I can't remember if it's in PEM or DER format, but I think it's DER. After that, BearSSL needs to have it modified that if using a secure element or PK from a slot, it just uses the certificate from the hardware instead. |
|
@torntrousers Thanks for those links. Both the documents didn't cover where the organizationName, commonName is inferred from. I was using the Jupiter notebooks from this repository with Cryptoauth Trust Platform Development Kit. |
How about section 4.5.3 in here: https://datasheet.octopart.com/ATSAMA5D27-WLSOM1-Microchip-datasheet-149595509.pdf If thats not enough I have contacts in Microchip I can ask. |
|
@gannaramu, the data sheet provided and looking at some of the function definitions in CryptoAuthLib, I can start to see how it comes together but it would take a while to trace through all the calls. I would start here though: |
|
Here is a feature request issue in BearSSL for the subsequent feature after this repository supports the device certificate and public key feature: arduino-libraries/ArduinoBearSSL#55 |
I'd like to use this library with the M5Stack Core2 IoT EduKit but there is a compile error on an ESP32 and the I2C address of the ATECC608 is different.
The compile error fix is from #25
For the I2C address I can see that with the existing code you can create your own instance with a custom I2C address, but then all the provided utilities don't work so you'd need you own of those too, so this new
begin(i2cAddr)function makes it all work more seemlessly.What do you think?