Secure Element Refactoring

examples/CertificateSigningRequest/CertificateSigningRequest.ino

@@ -34,20 +34,18 @@ void setup() {
   Serial.begin(9600);
   while (!Serial);
 
-  SecureElement secureElement;
-
-  if (!secureElement.begin()) {
+  if (!SecureElement.begin()) {
     Serial.println("No SecureElement present!");
     while (1);
   }
 
-  String serialNumber = secureElement.serialNumber();
+  String serialNumber = SecureElement.serialNumber();
 
   Serial.print("SecureElement Serial Number = ");
   Serial.println(serialNumber);
   Serial.println();
 
-  if (!secureElement.locked()) {
+  if (!SecureElement.locked()) {
     String lock = promptAndReadLine("The SecureElement on your board is not locked, would you like to PERMANENTLY configure and lock it now? (y/N)", "N");
     lock.toLowerCase();
 
@@ -56,12 +54,12 @@ void setup() {
       while (1);
     }
 
-    if (!secureElement.writeConfiguration()) {
+    if (!SecureElement.writeConfiguration()) {
       Serial.println("Writing SecureElement configuration failed!");
       while (1);
     }
 
-    if (!secureElement.lock()) {
+    if (!SecureElement.lock()) {
       Serial.println("Locking SecureElement configuration failed!");
       while (1);
     }
@@ -96,7 +94,7 @@ void setup() {
   CSR.setSubjectOrganizationalUnitName(organizationalUnit);
   CSR.setSubjectCommonName(common);
 
-  if (!SElementCSR::build(secureElement, CSR, slot.toInt(), generateNewKey.startsWith("y"))) {
+  if (!SElementCSR::build(SecureElement, CSR, slot.toInt(), generateNewKey.startsWith("y"))) {
     Serial.println("Error starting CSR generation!");
     while (1);
   }

examples/ConfigurationLocking/ConfigurationLocking.ino

@@ -7,7 +7,7 @@
   https://github.com/arduino-libraries/ArduinoECCX08/blob/master/src/utility/ECCX08DefaultTLSConfig.h
 
   SE050 do not have EEPROM configuration and do not need to be locked
-  to work correctly. secureElement.locked() always returns true for SE050
+  to work correctly. SecureElement.locked() always returns true for SE050
   and the sketch does nothing.
 
   The circuit:
@@ -22,20 +22,18 @@ void setup() {
   Serial.begin(9600);
   while (!Serial);
 
-  SecureElement secureElement;
-
-  if (!secureElement.begin()) {
+  if (!SecureElement.begin()) {
     Serial.println("No SecureElement present!");
     while (1);
   }
 
-  String serialNumber = secureElement.serialNumber();
+  String serialNumber = SecureElement.serialNumber();
 
   Serial.print("SecureElement Serial Number = ");
   Serial.println(serialNumber);
   Serial.println();
 
-  if (!secureElement.locked()) {
+  if (!SecureElement.locked()) {
     String lock = promptAndReadLine("The SecureElement on your board is not locked, would you like to PERMANENTLY configure and lock it now? (y/N)", "N");
     lock.toLowerCase();
 
@@ -44,12 +42,12 @@ void setup() {
       while (1);
     }
 
-    if (!secureElement.writeConfiguration()) {
+    if (!SecureElement.writeConfiguration()) {
       Serial.println("Writing SecureElement configuration failed!");
       while (1);
     }
 
-    if (!secureElement.lock()) {
+    if (!SecureElement.lock()) {
       Serial.println("Locking SecureElement configuration failed!");
       while (1);
     }

examples/RandomNumber/RandomNumber.ino

@@ -16,26 +16,24 @@
 
 #include <Arduino_SecureElement.h>
 
-SecureElement secureElement;
-
 void setup() {
   Serial.begin(9600);
   while (!Serial);
 
-  if (!secureElement.begin()) {
+  if (!SecureElement.begin()) {
     Serial.println("Failed to communicate with SecureElement!");
     while (1);
   }
 
-  if (!secureElement.locked()) {
+  if (!SecureElement.locked()) {
     Serial.println("The SecureElement is not locked!");
     while (1);
   }
 }
 
 void loop() {
   Serial.print("Random number = ");
-  Serial.println(secureElement.random(65535));
+  Serial.println(SecureElement.random(65535));
 
   delay(1000);
 }

examples/SelfSignedCertificate/SelfSignedCertificate.ino

@@ -24,20 +24,18 @@ void setup() {
   Serial.begin(9600);
   while (!Serial);
 
-  SecureElement secureElement;
-
-  if (!secureElement.begin()) {
+  if (!SecureElement.begin()) {
     Serial.println("No SecureElement present!");
     while (1);
   }
 
-  String serialNumber = secureElement.serialNumber();
+  String serialNumber = SecureElement.serialNumber();
 
   Serial.print("SecureElement Serial Number = ");
   Serial.println(serialNumber);
   Serial.println();
 
-  if (!secureElement.locked()) {
+  if (!SecureElement.locked()) {
     String lock = promptAndReadLine("The SecureElement on your board is not locked, would you like to PERMANENTLY configure and lock it now? (y/N)", "N");
     lock.toLowerCase();
 
@@ -46,12 +44,12 @@ void setup() {
       while (1);
     }
 
-    if (!secureElement.writeConfiguration()) {
+    if (!SecureElement.writeConfiguration()) {
       Serial.println("Writing SecureElement configuration failed!");
       while (1);
     }
 
-    if (!secureElement.lock()) {
+    if (!SecureElement.lock()) {
       Serial.println("Locking SecureElement configuration failed!");
       while (1);
     }
@@ -78,15 +76,15 @@ void setup() {
   ECP256Certificate Certificate;
 
   Certificate.begin();
-  Certificate.setIssuerCommonName(secureElement.serialNumber());
-  Certificate.setSubjectCommonName(secureElement.serialNumber());
+  Certificate.setIssuerCommonName(SecureElement.serialNumber());
+  Certificate.setSubjectCommonName(SecureElement.serialNumber());
   Certificate.setIssueYear(issueYear.toInt());
   Certificate.setIssueMonth(issueMonth.toInt());
   Certificate.setIssueDay(issueDay.toInt());
   Certificate.setIssueHour(issueHour.toInt());
   Certificate.setExpireYears(expireYears.toInt());
 
-  if (!SElementCertificate::build(secureElement, Certificate, privateKeySlot.toInt(), generateNewKey.startsWith("y"), true /* self signed certificate */)) {
+  if (!SElementCertificate::build(SecureElement, Certificate, privateKeySlot.toInt(), generateNewKey.startsWith("y"), true /* self signed certificate */)) {
     Serial.println("Error starting certificate generation!");
     while (1);
   }

src/SecureElement.cpp

@@ -18,7 +18,7 @@
 /**************************************************************************************
  * CTOR/DTOR
  **************************************************************************************/
-SecureElement::SecureElement()
+SecureElementClass::SecureElementClass()
 #if defined(SECURE_ELEMENT_IS_SE050)
 : _secureElement {SE05X}
 #elif defined(SECURE_ELEMENT_IS_ECCX08)
@@ -36,7 +36,7 @@ SecureElement::SecureElement()
  * PUBLIC MEMBER FUNCTIONS
  ******************************************************************************/
 
-int SecureElement::SHA256(const uint8_t *buffer, size_t size, uint8_t *digest)
+int SecureElementClass::SHA256(const uint8_t *buffer, size_t size, uint8_t *digest)
 {
 #if defined(SECURE_ELEMENT_IS_SOFTSE)
   return _secureElement.SHA256(buffer, size, digest);
@@ -60,7 +60,7 @@ int SecureElement::SHA256(const uint8_t *buffer, size_t size, uint8_t *digest)
 #endif
 }
 
-int SecureElement::serialNumber(byte sn[], size_t length)
+int SecureElementClass::serialNumber(byte sn[], size_t length)
 {
 #if defined(SECURE_ELEMENT_IS_SE050)
   return _secureElement.serialNumber(sn, length);
@@ -77,3 +77,4 @@ int SecureElement::serialNumber(byte sn[], size_t length)
 #endif
 }
 
+SecureElementClass SecureElement;

src/SecureElement.h

@@ -49,11 +49,11 @@
  * CLASS DECLARATION
  ******************************************************************************/
 
-class SecureElement
+class SecureElementClass
 {
 public:
 
-  SecureElement();
+  SecureElementClass();
 
   inline int begin() { return _secureElement.begin(); }
   inline void end() { return _secureElement.end(); }
@@ -64,6 +64,7 @@ class SecureElement
 
   inline long random(long min, long max) { return this->_secureElement.random(min, max); };
   inline long random(long max) { return this->_secureElement.random(max); };
+  inline long random(uint8_t *arr, size_t len) { return this->_secureElement.random(arr, len); };
 
   inline int generatePrivateKey(int slot, byte publicKey[]) { return _secureElement.generatePrivateKey(slot, publicKey); };
   inline int generatePublicKey(int slot, byte publicKey[]) { return _secureElement.generatePublicKey(slot, publicKey); };
@@ -97,4 +98,7 @@ class SecureElement
 
 };
 
+#define SECURE_ELEMENT_GI
+extern SecureElementClass SecureElement;
+
 #endif /* SECURE_ELEMENT_H_ */

src/utility/SElementArduinoCloudCertificate.cpp

@@ -47,7 +47,7 @@ const char constexpr SElementArduinoCloudCertificate::SEACC_ISSUER_COMMON_NAME[]
  * PUBLIC MEMBER FUNCTIONS
  ******************************************************************************/
 
-int SElementArduinoCloudCertificate::write(SecureElement & se, ECP256Certificate & cert, const SElementArduinoCloudSlot certSlot)
+int SElementArduinoCloudCertificate::write(SecureElementClass & se, ECP256Certificate & cert, const SElementArduinoCloudSlot certSlot)
 {
 #if defined(SECURE_ELEMENT_IS_SE050) || defined(SECURE_ELEMENT_IS_SOFTSE)
   if (!se.writeSlot(static_cast<int>(certSlot), cert.bytes(), cert.length())) {
@@ -69,7 +69,7 @@ int SElementArduinoCloudCertificate::write(SecureElement & se, ECP256Certificate
   return 1;
 }
 
-int SElementArduinoCloudCertificate::read(SecureElement & se, ECP256Certificate & cert, const SElementArduinoCloudSlot certSlot, const SElementArduinoCloudSlot keySlot)
+int SElementArduinoCloudCertificate::read(SecureElementClass & se, ECP256Certificate & cert, const SElementArduinoCloudSlot certSlot, const SElementArduinoCloudSlot keySlot)
 {
 #if defined(SECURE_ELEMENT_IS_SE050) || defined(SECURE_ELEMENT_IS_SOFTSE)
   (void)keySlot;
@@ -146,7 +146,7 @@ int SElementArduinoCloudCertificate::signatureCompare(const byte * signatureA, c
 }
 
 int SElementArduinoCloudCertificate::rebuild(
-    SecureElement & se, ECP256Certificate & cert, const String & deviceId,
+    SecureElementClass & se, ECP256Certificate & cert, const String & deviceId,
     const String & notBefore, const String & notAfter, const String & serialNumber,
     const String & authorityKeyIdentifier, const String & signature,
     const SElementArduinoCloudSlot keySlot)

src/utility/SElementArduinoCloudCertificate.h

@@ -26,10 +26,10 @@ class SElementArduinoCloudCertificate : public SElementCertificate
 {
 public:
 
-  static int write(SecureElement & se, ECP256Certificate & cert, const SElementArduinoCloudSlot certSlot);
-  static int read(SecureElement & se, ECP256Certificate & cert, const SElementArduinoCloudSlot certSlot, const SElementArduinoCloudSlot keySlot = SElementArduinoCloudSlot::Key);
+  static int write(SecureElementClass & se, ECP256Certificate & cert, const SElementArduinoCloudSlot certSlot);
+  static int read(SecureElementClass & se, ECP256Certificate & cert, const SElementArduinoCloudSlot certSlot, const SElementArduinoCloudSlot keySlot = SElementArduinoCloudSlot::Key);
   static int signatureCompare(const byte * signatureA, const String & signatureB);
-  static int rebuild(SecureElement & se, ECP256Certificate & cert, const String & deviceId,
+  static int rebuild(SecureElementClass & se, ECP256Certificate & cert, const String & deviceId,
                     const String & notBefore, const String & notAfter, const String & serialNumber,
                     const String & authorityKeyIdentifier, const String & signature,
                     const SElementArduinoCloudSlot keySlot = SElementArduinoCloudSlot::Key);
@@ -43,4 +43,4 @@ class SElementArduinoCloudCertificate : public SElementCertificate
 
 };
 
-#endif /* SECURE_ELEMENT_ARDUINO_CLOUD_CERTIFICATE_H_ */
+#endif /* SECURE_ELEMENT_ARDUINO_CLOUD_CERTIFICATE_H_ */

src/utility/SElementArduinoCloudDeviceId.cpp

@@ -14,7 +14,7 @@
 
 #include <utility/SElementArduinoCloudDeviceId.h>
 
-int SElementArduinoCloudDeviceId::write(SecureElement & se, String & deviceId, const SElementArduinoCloudSlot idSlot)
+int SElementArduinoCloudDeviceId::write(SecureElementClass & se, String & deviceId, const SElementArduinoCloudSlot idSlot)
 {
   byte device_id_bytes[ECP256_CERT_COMPRESSED_CERT_SLOT_LENGTH] = {0};
 
@@ -26,7 +26,7 @@ int SElementArduinoCloudDeviceId::write(SecureElement & se, String & deviceId, c
   return 1;
 }
 
-int SElementArduinoCloudDeviceId::read(SecureElement & se, String & deviceId, const SElementArduinoCloudSlot idSlot)
+int SElementArduinoCloudDeviceId::read(SecureElementClass & se, String & deviceId, const SElementArduinoCloudSlot idSlot)
 {
   byte device_id_bytes[ECP256_CERT_COMPRESSED_CERT_SLOT_LENGTH] = {0};
 

src/utility/SElementArduinoCloudDeviceId.h

@@ -25,9 +25,9 @@ class SElementArduinoCloudDeviceId
 {
 public:
 
-  static int write(SecureElement & se, String & deviceId, const SElementArduinoCloudSlot idSlot);
-  static int read(SecureElement & se, String & deviceId, const SElementArduinoCloudSlot idSlot);
+  static int write(SecureElementClass & se, String & deviceId, const SElementArduinoCloudSlot idSlot);
+  static int read(SecureElementClass & se, String & deviceId, const SElementArduinoCloudSlot idSlot);
 
 };
 
-#endif /* SECURE_ELEMENT_ARDUINO_CLOUD_DEVICE_ID_H_ */
+#endif /* SECURE_ELEMENT_ARDUINO_CLOUD_DEVICE_ID_H_ */

src/utility/SElementArduinoCloudJWT.cpp

@@ -10,7 +10,7 @@
 #include "SElementArduinoCloudJWT.h"
 
 constexpr char JWT_HEADER[] = "{\"alg\":\"ES256\",\"typ\":\"JWT\"}";
-String getAIoTCloudJWT(SecureElement &se, String issuer, uint64_t iat, uint8_t slot)
+String getAIoTCloudJWT(SecureElementClass &se, String issuer, uint64_t iat, uint8_t slot)
 {
   SElementJWS jws;
   String jwtClaim = "{\"iat\":";

src/utility/SElementArduinoCloudJWT.h

@@ -12,6 +12,6 @@
 #define SECURE_ELEMENT_AIoTCloud_JWT_H_
 #include "SElementJWS.h"
 
-String getAIoTCloudJWT(SecureElement &se, String issuer, uint64_t iat, uint8_t slot = 1);
+String getAIoTCloudJWT(SecureElementClass &se, String issuer, uint64_t iat, uint8_t slot = 1);
 
 #endif

src/utility/SElementCSR.cpp

@@ -14,7 +14,7 @@
 
 #include <utility/SElementCSR.h>
 
-int SElementCSR::build(SecureElement & se, ECP256Certificate & cert, const int keySlot, bool newPrivateKey)
+int SElementCSR::build(SecureElementClass & se, ECP256Certificate & cert, const int keySlot, bool newPrivateKey)
 {
   byte publicKey[ECP256_CERT_PUBLIC_KEY_LENGTH];
   byte signature[ECP256_CERT_SIGNATURE_LENGTH];
@@ -49,4 +49,4 @@ int SElementCSR::build(SecureElement & se, ECP256Certificate & cert, const int k
 
   /* sign CSR */
   return cert.signCSR(signature);
-}
+}

src/utility/SElementCSR.h

@@ -25,7 +25,7 @@ class SElementCSR
 {
 public:
 
-  static int build(SecureElement & se, ECP256Certificate & cert, const int keySlot, bool newPrivateKey);
+  static int build(SecureElementClass & se, ECP256Certificate & cert, const int keySlot, bool newPrivateKey);
 
 };
 

src/utility/SElementCertificate.cpp

@@ -14,7 +14,7 @@
 
 #include <utility/SElementCertificate.h>
 
-int SElementCertificate::build(SecureElement & se, ECP256Certificate & cert, const int keySlot, bool newPrivateKey, bool selfSign)
+int SElementCertificate::build(SecureElementClass & se, ECP256Certificate & cert, const int keySlot, bool newPrivateKey, bool selfSign)
 {
   byte publicKey[ECP256_CERT_PUBLIC_KEY_LENGTH];
   byte signature[ECP256_CERT_SIGNATURE_LENGTH];

src/utility/SElementCertificate.h

@@ -25,8 +25,8 @@ class SElementCertificate
 {
 public:
 
-  static int build(SecureElement & se, ECP256Certificate & cert, const int keySlot, bool newPrivateKey = false, bool selfSign = false);
+  static int build(SecureElementClass & se, ECP256Certificate & cert, const int keySlot, bool newPrivateKey = false, bool selfSign = false);
 
 };
 
-#endif /* SECURE_ELEMENT_CERTIFICATE_H_ */
+#endif /* SECURE_ELEMENT_CERTIFICATE_H_ */