From 66cb090f79767e37b38fadf312b09923cd739638 Mon Sep 17 00:00:00 2001 From: pennam Date: Mon, 27 Jan 2025 11:49:24 +0100 Subject: [PATCH 1/2] Remove deprecated Arduino trust anchor --- src/tls/AIoTCSSCert.h | 13 ----------- src/tls/AIoTCUPCert.h | 13 ----------- src/tls/BearSSLTrustAnchors.h | 43 ++++------------------------------- 3 files changed, 5 insertions(+), 64 deletions(-) diff --git a/src/tls/AIoTCSSCert.h b/src/tls/AIoTCSSCert.h index 7ba9a3c5..b2046af2 100644 --- a/src/tls/AIoTCSSCert.h +++ b/src/tls/AIoTCSSCert.h @@ -30,19 +30,6 @@ * CONSTANTS ******************************************************************************/ static const char AIoTSSCert[] = -/* https://iot.arduino.cc:8883 */ -"-----BEGIN CERTIFICATE-----\n" -"MIIBzzCCAXSgAwIBAgIUHxAd66fhJecnwaOR4+wNF03tSlkwCgYIKoZIzj0EAwIw\n" -"RTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkFyZHVpbm8gTExDIFVTMQswCQYDVQQL\n" -"EwJJVDEQMA4GA1UEAxMHQXJkdWlubzAeFw0xODA3MjQwOTQ3MDBaFw00ODA3MTYw\n" -"OTQ3MDBaMEUxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5BcmR1aW5vIExMQyBVUzEL\n" -"MAkGA1UECxMCSVQxEDAOBgNVBAMTB0FyZHVpbm8wWTATBgcqhkjOPQIBBggqhkjO\n" -"PQMBBwNCAARtd2xaz2EcfUSYUfJe4QJAd7ecvUmio4xOq16YrIL8aVtEIne0TS6O\n" -"3ypxwTls1jkUvdlrGEtL7LPV7kKJiVUio0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYD\n" -"VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUWz4qa47JsBqoVOY2m4wJ+fzhuYAwCgYI\n" -"KoZIzj0EAwIDSQAwRgIhAL/T3CNmaLUK3D8NDsNz4grH92CqEA3TIL/hApabawXY\n" -"AiEA6tnZ2lrNElKXCajtZg/hjWRE/+giFzBP8riar8qOz2w=\n" -"-----END CERTIFICATE-----\n" /* https://iot.arduino.cc:8885 */ "-----BEGIN CERTIFICATE-----\n" "MIIB0DCCAXagAwIBAgIUb62eK/Vv1baaPAaY5DADBUbxB1owCgYIKoZIzj0EAwIw\n" diff --git a/src/tls/AIoTCUPCert.h b/src/tls/AIoTCUPCert.h index f13e7287..5ba783fd 100644 --- a/src/tls/AIoTCUPCert.h +++ b/src/tls/AIoTCUPCert.h @@ -135,19 +135,6 @@ static const char AIoTUPCert[] = "0q23KXB56jzaYyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCN\n" "sSi6\n" "-----END CERTIFICATE-----\n" -/* iot.arduino.cc:8883 / iot.oniudra.cc:8883 */ -"-----BEGIN CERTIFICATE-----\n" -"MIIBzzCCAXSgAwIBAgIUHxAd66fhJecnwaOR4+wNF03tSlkwCgYIKoZIzj0EAwIw\n" -"RTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkFyZHVpbm8gTExDIFVTMQswCQYDVQQL\n" -"EwJJVDEQMA4GA1UEAxMHQXJkdWlubzAeFw0xODA3MjQwOTQ3MDBaFw00ODA3MTYw\n" -"OTQ3MDBaMEUxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5BcmR1aW5vIExMQyBVUzEL\n" -"MAkGA1UECxMCSVQxEDAOBgNVBAMTB0FyZHVpbm8wWTATBgcqhkjOPQIBBggqhkjO\n" -"PQMBBwNCAARtd2xaz2EcfUSYUfJe4QJAd7ecvUmio4xOq16YrIL8aVtEIne0TS6O\n" -"3ypxwTls1jkUvdlrGEtL7LPV7kKJiVUio0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYD\n" -"VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUWz4qa47JsBqoVOY2m4wJ+fzhuYAwCgYI\n" -"KoZIzj0EAwIDSQAwRgIhAL/T3CNmaLUK3D8NDsNz4grH92CqEA3TIL/hApabawXY\n" -"AiEA6tnZ2lrNElKXCajtZg/hjWRE/+giFzBP8riar8qOz2w=\n" -"-----END CERTIFICATE--------\n" /* iot.arduino.cc:8885 */ "-----BEGIN CERTIFICATE-----\n" "MIIB0DCCAXagAwIBAgIUb62eK/Vv1baaPAaY5DADBUbxB1owCgYIKoZIzj0EAwIw\n" diff --git a/src/tls/BearSSLTrustAnchors.h b/src/tls/BearSSLTrustAnchors.h index 6cd87e81..dbd2c2fc 100644 --- a/src/tls/BearSSLTrustAnchors.h +++ b/src/tls/BearSSLTrustAnchors.h @@ -37,8 +37,7 @@ // // brssl ta *.cer -//iot.arduino.cc:8883 -//iot.oniudra.cc:8883 +//iot.arduino.cc:8885 static const unsigned char TA0_DN[] = { 0x30, 0x45, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0A, @@ -49,25 +48,6 @@ static const unsigned char TA0_DN[] = { }; static const unsigned char TA0_EC_Q[] = { - 0x04, 0x6D, 0x77, 0x6C, 0x5A, 0xCF, 0x61, 0x1C, 0x7D, 0x44, 0x98, 0x51, - 0xF2, 0x5E, 0xE1, 0x02, 0x40, 0x77, 0xB7, 0x9C, 0xBD, 0x49, 0xA2, 0xA3, - 0x8C, 0x4E, 0xAB, 0x5E, 0x98, 0xAC, 0x82, 0xFC, 0x69, 0x5B, 0x44, 0x22, - 0x77, 0xB4, 0x4D, 0x2E, 0x8E, 0xDF, 0x2A, 0x71, 0xC1, 0x39, 0x6C, 0xD6, - 0x39, 0x14, 0xBD, 0xD9, 0x6B, 0x18, 0x4B, 0x4B, 0xEC, 0xB3, 0xD5, 0xEE, - 0x42, 0x89, 0x89, 0x55, 0x22 -}; - -//iot.arduino.cc:8885 -static const unsigned char TA1_DN[] = { - 0x30, 0x45, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, - 0x02, 0x55, 0x53, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0A, - 0x13, 0x0E, 0x41, 0x72, 0x64, 0x75, 0x69, 0x6E, 0x6F, 0x20, 0x4C, 0x4C, - 0x43, 0x20, 0x55, 0x53, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, - 0x0B, 0x13, 0x02, 0x49, 0x54, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, - 0x04, 0x03, 0x13, 0x07, 0x41, 0x72, 0x64, 0x75, 0x69, 0x6E, 0x6F -}; - -static const unsigned char TA1_EC_Q[] = { 0x04, 0xA1, 0xE1, 0x53, 0x6C, 0x35, 0x52, 0x1A, 0x33, 0x0D, 0xE8, 0x2B, 0xAC, 0x5B, 0x12, 0xC1, 0x8F, 0x50, 0x37, 0xB3, 0x3E, 0x64, 0x9B, 0xA0, 0xEE, 0x27, 0x02, 0x35, 0xC7, 0x8D, 0x5A, 0x10, 0x45, 0xD0, 0xCA, 0xF5, @@ -77,7 +57,7 @@ static const unsigned char TA1_EC_Q[] = { }; //iot.oniudra.cc:8885 -static const unsigned char TA2_DN[] = { +static const unsigned char TA1_DN[] = { 0x30, 0x45, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x0E, 0x41, 0x72, 0x64, 0x75, 0x69, 0x6E, 0x6F, 0x20, 0x4C, 0x4C, @@ -86,7 +66,7 @@ static const unsigned char TA2_DN[] = { 0x04, 0x03, 0x13, 0x07, 0x41, 0x72, 0x64, 0x75, 0x69, 0x6E, 0x6F }; -static const unsigned char TA2_EC_Q[] = { +static const unsigned char TA1_EC_Q[] = { 0x04, 0x11, 0x70, 0x34, 0xE0, 0xC3, 0x3E, 0x00, 0xBD, 0x0B, 0x59, 0x03, 0x98, 0xA0, 0x5B, 0x6B, 0x0B, 0x50, 0xDF, 0x51, 0x66, 0x4E, 0xE7, 0x40, 0x5D, 0x5A, 0x46, 0x48, 0xE5, 0x30, 0x70, 0x35, 0xF9, 0xF3, 0x6C, 0xFC, @@ -95,7 +75,7 @@ static const unsigned char TA2_EC_Q[] = { 0xAE, 0xA6, 0x4C, 0x06, 0x48 }; -static const br_x509_trust_anchor ArduinoIoTCloudTrustAnchor[3] = { +static const br_x509_trust_anchor ArduinoIoTCloudTrustAnchor[2] = { { { (unsigned char *)TA0_DN, sizeof TA0_DN }, BR_X509_TA_CA, @@ -121,23 +101,10 @@ static const br_x509_trust_anchor ArduinoIoTCloudTrustAnchor[3] = { } } } - }, - { - { (unsigned char *)TA2_DN, sizeof TA2_DN }, - BR_X509_TA_CA, - { - BR_KEYTYPE_EC, - { - .ec = { - BR_EC_secp256r1, - (unsigned char *)TA2_EC_Q, sizeof TA2_EC_Q, - } - } - } } }; -#define ArduinoIoTCloudTrustAnchor_NUM (3) +#define ArduinoIoTCloudTrustAnchor_NUM (2) #endif /* #ifdef BOARD_HAS_ECCX08 */ From 6069b98239294abc8f784250046f78b3883bbf29 Mon Sep 17 00:00:00 2001 From: pennam Date: Tue, 25 Feb 2025 08:54:54 +0100 Subject: [PATCH 2/2] Remove mqtt 8883 fallback logic --- src/ArduinoIoTCloudTCP.cpp | 11 +---------- src/ArduinoIoTCloudTCP.h | 8 -------- 2 files changed, 1 insertion(+), 18 deletions(-) diff --git a/src/ArduinoIoTCloudTCP.cpp b/src/ArduinoIoTCloudTCP.cpp index 878a5c3b..cc6db00c 100644 --- a/src/ArduinoIoTCloudTCP.cpp +++ b/src/ArduinoIoTCloudTCP.cpp @@ -133,7 +133,7 @@ int ArduinoIoTCloudTCP::begin(ConnectionHandler & connection, bool const enable_ _otaClient.setEccSlot(static_cast(SElementArduinoCloudSlot::Key), _cert.bytes(), _cert.length()); #endif #endif - _brokerPort = (brokerPort == DEFAULT_BROKER_PORT_AUTO) ? mqttPort() : brokerPort; + _brokerPort = (brokerPort == DEFAULT_BROKER_PORT_AUTO) ? DEFAULT_BROKER_PORT_SECURE_AUTH : brokerPort; #endif } else @@ -586,15 +586,6 @@ int ArduinoIoTCloudTCP::write(String const topic, byte const data[], int const l } #if defined(BOARD_HAS_SECURE_ELEMENT) -int ArduinoIoTCloudTCP::mqttPort() -{ - if (memcmp(DEPRECATED_BROKER_AUTHORITY_KEY_IDENTIFIER, _cert.authorityKeyIdentifierBytes() , ECP256_CERT_AUTHORITY_KEY_ID_LENGTH) == 0) { - return DEPRECATED_BROKER_PORT_SECURE_AUTH; - } else { - return DEFAULT_BROKER_PORT_SECURE_AUTH; - } -} - int ArduinoIoTCloudTCP::updateCertificate(String authorityKeyIdentifier, String serialNumber, String notBefore, String notAfter, String signature) { if (!_selement.begin()) diff --git a/src/ArduinoIoTCloudTCP.h b/src/ArduinoIoTCloudTCP.h index 7456a264..ebd49f61 100644 --- a/src/ArduinoIoTCloudTCP.h +++ b/src/ArduinoIoTCloudTCP.h @@ -49,10 +49,6 @@ ******************************************************************************/ static constexpr char DEFAULT_BROKER_ADDRESS[] = "iot.arduino.cc"; static constexpr uint16_t DEFAULT_BROKER_PORT_SECURE_AUTH = 8885; -static constexpr uint16_t DEPRECATED_BROKER_PORT_SECURE_AUTH = 8883; -static constexpr uint8_t DEPRECATED_BROKER_AUTHORITY_KEY_IDENTIFIER[] = { - 0x5b, 0x3e, 0x2a, 0x6b, 0x8e, 0xc9, 0xb0, 0x1a, 0xa8, 0x54, - 0xe6, 0x36, 0x9b, 0x8c, 0x09, 0xf9, 0xfc, 0xe1, 0xb9, 0x80 }; static constexpr uint16_t DEFAULT_BROKER_PORT_USER_PASS_AUTH = 8884; static constexpr uint16_t DEFAULT_BROKER_PORT_AUTO = 0; @@ -189,10 +185,6 @@ class ArduinoIoTCloudTCP: public ArduinoIoTCloudClass void detachThing(); int write(String const topic, byte const data[], int const length); -#if defined(BOARD_HAS_SECURE_ELEMENT) - int mqttPort(); -#endif - }; /******************************************************************************