SecureElement: move build functions in separate files

Author: pennam

src/SecureElement.cpp

@@ -41,65 +41,6 @@ SecureElement::SecureElement()
  * PUBLIC MEMBER FUNCTIONS
  ******************************************************************************/
 
-int SecureElement::buildCSR(ECP256Certificate & cert, const int keySlot, bool newPrivateKey)
-{
-  byte publicKey[ECP256_CERT_PUBLIC_KEY_LENGTH];
-  byte signature[ECP256_CERT_SIGNATURE_LENGTH];
-
-  if (newPrivateKey) {
-    if (!_secureElement.generatePrivateKey(keySlot, publicKey)) {
-      return 0;
-    }
-  } else {
-    if (!_secureElement.generatePublicKey(keySlot, publicKey)) {
-      return 0;
-    }
-  }
-
-  /* Store public key in csr */
-  if (!cert.setPublicKey(publicKey, ECP256_CERT_PUBLIC_KEY_LENGTH)) {
-    return 0;
-  }
-  
-  /* Build CSR */
-  if (!cert.buildCSR()) {
-    return 0;
-  }
-
-  /* compute CSR SHA256 */
-  byte sha256buf[SE_SHA256_BUFFER_LENGTH];
-  this->SHA256(cert.bytes(), cert.length(), sha256buf);
-
-  if (!_secureElement.ecSign(keySlot, sha256buf, signature)) {
-    return 0;
-  }
-
-  /* sign CSR */
-  return cert.signCSR(signature);
-}
-
-int SecureElement::buildCert(ECP256Certificate & cert, const int keySlot)
-{
-  byte publicKey[ECP256_CERT_PUBLIC_KEY_LENGTH];
-
-  if (!_secureElement.generatePublicKey(keySlot, publicKey)) {
-    return 0;
-  }
-
-  /* Store public key in csr */
-  if (!cert.setPublicKey(publicKey, ECP256_CERT_PUBLIC_KEY_LENGTH)) {
-    return 0;
-  }
-
-  /* Build CSR */
-  if (!cert.buildCert()) {
-    return 0;
-  }
-
-  /* sign CSR */
-  return cert.signCert();
-}
-
 int SecureElement::writeCert(ECP256Certificate & cert, const int certSlot)
 {
 #if defined(BOARD_HAS_SE050)

src/SecureElement.h

@@ -81,9 +81,6 @@ class SecureElement
   inline int writeConfiguration(const byte config[] = nullptr) { return _secureElement.writeConfiguration(config); }
 #endif
 
-  int buildCSR(ECP256Certificate & cert, const int keySlot, bool newPrivateKey);
-  int buildCert(ECP256Certificate & cert, const int keySlot);
-
   int writeCert(ECP256Certificate & cert, const int certSlot);
   int readCert(ECP256Certificate & cert, const int certSlot);
 

src/utility/SElementCSR.cpp

@@ -0,0 +1,61 @@
+/*
+  SElementCSR.cpp
+  Copyright (c) 2023 Arduino SA.  All right reserved.
+
+  This library is free software; you can redistribute it and/or
+  modify it under the terms of the GNU Lesser General Public
+  License as published by the Free Software Foundation; either
+  version 2.1 of the License, or (at your option) any later version.
+
+  This library is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public
+  License along with this library; if not, write to the Free Software
+  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+*/
+
+/******************************************************************************
+ * INCLUDE
+ ******************************************************************************/
+
+#include <utility/SElementCSR.h>
+
+int SElementCSR::build(SecureElement & se, ECP256Certificate & cert, const int keySlot, bool newPrivateKey)
+{
+  byte publicKey[ECP256_CERT_PUBLIC_KEY_LENGTH];
+  byte signature[ECP256_CERT_SIGNATURE_LENGTH];
+
+  if (newPrivateKey) {
+    if (!se.generatePrivateKey(keySlot, publicKey)) {
+      return 0;
+    }
+  } else {
+    if (!se.generatePublicKey(keySlot, publicKey)) {
+      return 0;
+    }
+  }
+
+  /* Store public key in CSR */
+  if (!cert.setPublicKey(publicKey, ECP256_CERT_PUBLIC_KEY_LENGTH)) {
+    return 0;
+  }
+  
+  /* Build CSR */
+  if (!cert.buildCSR()) {
+    return 0;
+  }
+
+  /* compute CSR SHA256 */
+  byte sha256buf[SE_SHA256_BUFFER_LENGTH];
+  se.SHA256(cert.bytes(), cert.length(), sha256buf);
+
+  if (!se.ecSign(keySlot, sha256buf, signature)) {
+    return 0;
+  }
+
+  /* sign CSR */
+  return cert.signCSR(signature);
+}

src/utility/SElementCSR.h

@@ -0,0 +1,41 @@
+/*
+  SElementCSR.h
+  Copyright (c) 2023 Arduino SA.  All right reserved.
+
+  This library is free software; you can redistribute it and/or
+  modify it under the terms of the GNU Lesser General Public
+  License as published by the Free Software Foundation; either
+  version 2.1 of the License, or (at your option) any later version.
+
+  This library is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public
+  License along with this library; if not, write to the Free Software
+  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+*/
+
+#ifndef SECURE_ELEMENT_CSR_H_
+#define SECURE_ELEMENT_CSR_H_
+
+/******************************************************************************
+ * INCLUDE
+ ******************************************************************************/
+
+#include <Arduino_SecureElement.h>
+
+ /******************************************************************************
+ * CLASS DECLARATION
+ ******************************************************************************/
+
+class SElementCSR
+{
+public:
+
+  static int build(SecureElement & se, ECP256Certificate & cert, const int keySlot, bool newPrivateKey);
+
+};
+
+#endif /* SECURE_ELEMENT_CSR_H_ */

src/utility/SElementCertificate.cpp

@@ -0,0 +1,59 @@
+/*
+  SElementCertificate.cpp
+  Copyright (c) 2023 Arduino SA.  All right reserved.
+
+  This library is free software; you can redistribute it and/or
+  modify it under the terms of the GNU Lesser General Public
+  License as published by the Free Software Foundation; either
+  version 2.1 of the License, or (at your option) any later version.
+
+  This library is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public
+  License along with this library; if not, write to the Free Software
+  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+*/
+
+/******************************************************************************
+ * INCLUDE
+ ******************************************************************************/
+
+#include <utility/SElementCertificate.h>
+
+int SElementCertificate::build(SecureElement & se, ECP256Certificate & cert, const int keySlot, bool newPrivateKey, bool selfSign)
+{
+  byte publicKey[ECP256_CERT_PUBLIC_KEY_LENGTH];
+  byte signature[ECP256_CERT_SIGNATURE_LENGTH];
+
+  if (!se.generatePublicKey(keySlot, publicKey)) {
+    return 0;
+  }
+
+  /* Store public key in Certificate */
+  if (!cert.setPublicKey(publicKey, ECP256_CERT_PUBLIC_KEY_LENGTH)) {
+    return 0;
+  }
+
+  /* Build Certificate */
+  if (!cert.buildCert()) {
+    return 0;
+  }
+
+  if (selfSign) {
+    byte sha256buf[SE_SHA256_BUFFER_LENGTH];
+    se.SHA256(cert.bytes(), cert.length(), sha256buf);
+
+    if (!se.ecSign(keySlot, sha256buf, signature)) {
+      return 0;
+    }
+
+    /* self sign Certificate */
+    return cert.signCert(signature);
+  }
+
+  /* sign Certificate */
+  return cert.signCert();
+}

src/utility/SElementCertificate.h

@@ -0,0 +1,41 @@
+/*
+  SElementCertificate.h
+  Copyright (c) 2023 Arduino SA.  All right reserved.
+
+  This library is free software; you can redistribute it and/or
+  modify it under the terms of the GNU Lesser General Public
+  License as published by the Free Software Foundation; either
+  version 2.1 of the License, or (at your option) any later version.
+
+  This library is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public
+  License along with this library; if not, write to the Free Software
+  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+*/
+
+#ifndef SECURE_ELEMENT_SSC_H_
+#define SECURE_ELEMENT_SSC_H_
+
+/******************************************************************************
+ * INCLUDE
+ ******************************************************************************/
+
+#include <Arduino_SecureElement.h>
+
+ /******************************************************************************
+ * CLASS DECLARATION
+ ******************************************************************************/
+
+class SElementCertificate
+{
+public:
+
+  static int build(SecureElement & se, ECP256Certificate & cert, const int keySlot, bool newPrivateKey = true, bool selfSign = false);
+
+};
+
+#endif /* SECURE_ELEMENT_SSC_H_ */