Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add symmetric keys example (CA-14) #74

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 12 additions & 2 deletions component.mk
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,8 @@ azure-iot-sdk-c/c-utility/src/base64.o \
azure-iot-sdk-c/iothub_client/src/iothub_device_client_ll.o \
azure-iot-sdk-c/iothub_client/src/iothub_client_ll.o \
azure-iot-sdk-c/iothub_client/src/iothub_client_core_ll.o \
azure-iot-sdk-c/iothub_client/src/iothub_module_client_ll.o \
azure-iot-sdk-c/iothub_client/src/iothub_module_client.o \
azure-iot-sdk-c/iothub_client/src/iothub_client_ll_uploadtoblob.o \
azure-iot-sdk-c/iothub_client/src/iothub_client_authorization.o \
azure-iot-sdk-c/iothub_client/src/iothub_client_retry_control.o \
Expand Down Expand Up @@ -129,6 +131,10 @@ ifdef CONFIG_DEVICE_COMMON_NAME
COMPONENT_OBJS += azure-iot-sdk-c/provisioning_client/src/iothub_auth_client.o
endif

ifdef CONFIG_SYMM_KEY
COMPONENT_OBJS += azure-iot-sdk-c/provisioning_client/src/iothub_auth_client.o
endif

ifdef CONFIG_TARGET_PLATFORM_ESP8266
COMPONENT_OBJS += port/src/certs.o
endif
Expand Down Expand Up @@ -159,8 +165,12 @@ ifndef CONFIG_TARGET_PLATFORM_ESP8266
COMPONENT_SRCDIRS += azure-iot-sdk-c/certs
endif

CFLAGS += -Wno-unused-function -Wno-missing-braces -Wno-missing-field-initializers -DHSM_TYPE_X509 -DHSM_TYPE_SAS_TOKEN
CFLAGS += -Wno-unused-function -Wno-missing-braces -Wno-missing-field-initializers -DHSM_TYPE_SAS_TOKEN

ifdef CONFIG_DEVICE_COMMON_NAME
CFLAGS += -DUSE_PROV_MODULE
CFLAGS += -DUSE_PROV_MODULE -DHSM_TYPE_X509
endif

ifdef CONFIG_SYMM_KEY
CFLAGS += -DUSE_PROV_MODULE -DHSM_TYPE_SYMM_KEY
endif
7 changes: 7 additions & 0 deletions examples/prov_dev_client_ll_sample_symm_keys/CMakeLists.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
# The following five lines of boilerplate have to be in your project's
# CMakeLists in this exact order for cmake to work correctly
cmake_minimum_required(VERSION 3.5)

include($ENV{IDF_PATH}/tools/cmake/project.cmake)
set (EXTRA_COMPONENT_DIRS "${CMAKE_CURRENT_BINARY_DIR}/../../../port")
project(prov_dev_client_ll_sample)
10 changes: 10 additions & 0 deletions examples/prov_dev_client_ll_sample_symm_keys/Makefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
#
# This is a project Makefile. It is assumed the directory this Makefile resides in is a
# project subdirectory.
#

PROJECT_NAME := prov_dev_client_ll_sample_symm_keys

EXTRA_COMPONENT_DIRS += $(PROJECT_PATH)/../../../esp-azure

include $(IDF_PATH)/make/project.mk
63 changes: 63 additions & 0 deletions examples/prov_dev_client_ll_sample_symm_keys/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
# Azure Provisioning Demo

This example demonstrates Device Authentication using Symmetric Keys. Refer [this azure documentation](https://docs.microsoft.com/en-us/azure/iot-dps/concepts-symmetric-key-attestation) to learn more about this.

# Provisioning Setup

### Device Provisioning Service

- In the upper left-hand corner of the Azure portal, click Create a resource.
- In the Search box, type "device provisioning" and select `IoT Hub Device Provisioning Service` from the suggestions.
- Fill out the IoT Hub Device Provisioning Service form and click "Create" at the bottom.
- Select this newly created resource, select `Linked IoT hubs` under `Settings` and click on `Add`.
- In the Add link to IoT hub page
- IoT hub: Select the IoT hub that you want to link with this Device Provisioning Service instance.
- Access Policy: Select `iothubowner`.
- Go to `Manage Enrollments` under `Settings` and click on `Add individual enrollment`.
- Select Mechanism as "Symmetric Key".
- Enter name under which device will attempt to register under "Registration ID"
- Enter the appropriate IoT Hub Device ID. Mark IoT Edge device as "False".
- Click "Save" at the top.

## Device Configuration

- Execute `make menuconfig`. In the menu, go to `Example Configuration` and configure `WiFi SSID` and `WiFi Password` so that the device can connect to the appropriate Wi-Fi network on boot up.

> Note: While changing the value, please ensure that you have completely cleared the older value, before pasting the new one. If you face any run time connection issues, double check this value.

- Enter the `Device registration ID` which was set during [device provisioning](#device-provisioning-service)
- Copy the `Primary Key` of the device, which you can find under "Manage Enrollments" section of the service, select "Individual enrollments", then the enrollment you just created
- Copy the ID Scope of the device provisioning service which you can find on the Azure portal under "Overview" section of the service and paste in `ID Scope` field.
- Save and exit `menuconfig`.

## Trying out the example

- Run the following command to flash the example and monitor the output

``` bash
$ make -j8 flash monitor
```

- In a separate window, monitor the Azure IoT events using the following:

```
$ az iot hub monitor-events -n [IoTHub Name] --login '[Connection string - primary key]'
```

- Once the device connects to the Wi-Fi network, it starts publishing MQTT messages. The Azure IoT monitor will show these messages like below:

```
{
"event": {
"origin": "<azure-iot-device-id>",
"payload": "{ \"message_index\" : \"0\" }"
}
}
{
"event": {
"origin": "<azure-iot-device-id>",
"payload": "{ \"message_index\" : \"1\" }"
}
}

```
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
set(COMPONENT_SRCS "azure_main.c"
"custom_hsm_symm_key.c"
"prov_dev_client_ll_sample.c"
)
set(COMPONENT_ADD_INCLUDEDIRS ".")

register_component()
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
menu "Example Configuration"

config WIFI_SSID
string "WiFi SSID"
default "myssid"
help
SSID (network name) for the example to connect to.

config WIFI_PASSWORD
string "WiFi Password"
default "myssid"
help
WiFi password (WPA or WPA2) for the example to use.

Can be left blank if the network has no security set.

config SYMM_KEY
string "Symmetric key"
default "key"
help
Symmetric key, which will be used for the device

config REGISTRATION_ID
string "Device registration ID"
default "reg-id"
help
Device registration ID to be used for registration through Device Provisioning Service

config DPS_ID_SCOPE
string "ID Scope of Device provisioning service"
default "myidscope"
help
This is the unique ID scope of Device Provisioning Service (DPS), and can be found under "Overview"
section of your DPS on azure IoT portal

endmenu
106 changes: 106 additions & 0 deletions examples/prov_dev_client_ll_sample_symm_keys/main/azure_main.c
Original file line number Diff line number Diff line change
@@ -0,0 +1,106 @@
/* esp-azure example

This example code is in the Public Domain (or CC0 licensed, at your option.)

Unless required by applicable law or agreed to in writing, this
software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
CONDITIONS OF ANY KIND, either express or implied.
*/
#include <stdio.h>
#include "freertos/FreeRTOS.h"
#include "freertos/task.h"
#include "freertos/event_groups.h"

#include "esp_system.h"
#include "esp_system.h"
#include "esp_wifi.h"
#include "esp_event_loop.h"
#include "esp_log.h"

#include "nvs_flash.h"

#define EXAMPLE_WIFI_SSID CONFIG_WIFI_SSID
#define EXAMPLE_WIFI_PASS CONFIG_WIFI_PASSWORD

/* FreeRTOS event group to signal when we are connected & ready to make a request */
static EventGroupHandle_t wifi_event_group;

#ifndef BIT0
#define BIT0 (0x1 << 0)
#endif
/* The event group allows multiple bits for each event,
but we only care about one event - are we connected
to the AP with an IP? */
const int CONNECTED_BIT = BIT0;

static const char *TAG = "azure";

static esp_err_t event_handler(void *ctx, system_event_t *event)
{
switch(event->event_id) {
case SYSTEM_EVENT_STA_START:
esp_wifi_connect();
break;
case SYSTEM_EVENT_STA_GOT_IP:
xEventGroupSetBits(wifi_event_group, CONNECTED_BIT);
break;
case SYSTEM_EVENT_STA_DISCONNECTED:
/* This is a workaround as ESP platform WiFi libs don't currently
auto-reassociate. */
esp_wifi_connect();
xEventGroupClearBits(wifi_event_group, CONNECTED_BIT);
break;
default:
break;
}
return ESP_OK;
}

static void initialise_wifi(void)
{
tcpip_adapter_init();
wifi_event_group = xEventGroupCreate();
ESP_ERROR_CHECK( esp_event_loop_init(event_handler, NULL) );
wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT();
ESP_ERROR_CHECK( esp_wifi_init(&cfg) );
ESP_ERROR_CHECK( esp_wifi_set_storage(WIFI_STORAGE_RAM) );
wifi_config_t wifi_config = {
.sta = {
.ssid = EXAMPLE_WIFI_SSID,
.password = EXAMPLE_WIFI_PASS,
},
};
ESP_LOGI(TAG, "Setting WiFi configuration SSID %s...", wifi_config.sta.ssid);
ESP_ERROR_CHECK( esp_wifi_set_mode(WIFI_MODE_STA) );
ESP_ERROR_CHECK( esp_wifi_set_config(ESP_IF_WIFI_STA, &wifi_config) );
ESP_ERROR_CHECK( esp_wifi_start() );
}

extern int prov_dev_client_ll_sample_run();
void azure_task(void *pvParameter)
{
xEventGroupWaitBits(wifi_event_group, CONNECTED_BIT,
false, true, portMAX_DELAY);
ESP_LOGI(TAG, "Connected to AP success!");

prov_dev_client_ll_sample_run();

vTaskDelete(NULL);
}

void app_main()
{
// Initialize NVS
esp_err_t ret = nvs_flash_init();
if (ret == ESP_ERR_NVS_NO_FREE_PAGES) {
ESP_ERROR_CHECK(nvs_flash_erase());
ret = nvs_flash_init();
}
ESP_ERROR_CHECK( ret );

initialise_wifi();

if ( xTaskCreate(&azure_task, "azure_task", 1024 * 5, NULL, 5, NULL) != pdPASS ) {
printf("create azure task failed\r\n");
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
#
# Main component makefile.
#
# This Makefile can be left empty. By default, it will take the sources in the
# src/ directory, compile them and link them into lib(subdirectory_name).a
# in the build directory. This behaviour is entirely configurable,
# please read the ESP-IDF documents if you need to do this.
#
Loading