-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1 from SystemsCyber/CMACTests
Cmac tests
- Loading branch information
Showing
17 changed files
with
7,156 additions
and
298 deletions.
There are no files selected for viewing
Large diffs are not rendered by default.
Oops, something went wrong.
4,188 changes: 4,188 additions & 0 deletions
4,188
CANConditionerSketch/CANConditionerSketch.ino.TEENSY40.hex
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -4,9 +4,31 @@ Project files to embed cryptographic message authentication data within J1939 an | |
| ## Key Management Strategy | ||
| Each device is equipped with an ATECC608A security module. The module needs to be provisioned with its own public/private key pair. Additionally, a server public key needs to be installed and locked on the device. Once the device public key is shared, then the device and server can calculate the same secret and use that shared secret to exchange data. | ||
|
|
||
| ### Creating a Root Certificate Authority (CA) | ||
| In this project, a root CA was created using the Amazon console using these steps: | ||
| 1. Login to AWS console. Select a region. | ||
| 2. Select the AWS Certificate Manager (ACM) | ||
| 3. Get Started wih a Private Certificate Authority | ||
| 4. Select the certificate authority (CA) type as Root CA. | ||
| 5. Fill out the form for hte distinguished name. The common name is `CSU Systems Cyber Root Certificate` | ||
| 6. Choose ECDSA P256 for the key under the advanced tab. This is the same key used on the ATECC608A chip. | ||
| 7. Configure certificate revocation by enabling CRL distribution. Create a new S3 bucket named `systemscyber-revocation-list` | ||
| 8. A project tag was added. | ||
| 9. Configure CA permissions bu authorizing ACM to use the CA for renewals. | ||
| 10. Review and confirm that private CA's are chargable, so confirm we will be billed. | ||
| 11. We have just created a CA: | ||
| ``` | ||
| Type: Root | ||
| CA common name: CSU Systems Cyber Root Certificate | ||
| ARN: arn:aws:acm-pca:us-east-1:XXXXXXXXXXXX:certificate-authority/cxxxxxx7-7xx2-4xxx-9xxx-exxxxxxxxxxf | ||
| ``` | ||
| 12. Click Get Started. Create a Valid Certificate that lasts for many years. Use the `SHA256WITHECDSA` algorithm. | ||
| 13. Confirm and install. | ||
|
|
||
| 14. This certificate can now be used to sign device certificates at provisioning (I think.) | ||
|
|
||
| ## Initial Setup | ||
| This project uses the Amazon Web Services Key Management System as the root of trust. We have requested a Master KMS key. | ||
| This project uses the Amazon Web Services Key Management System as the root of trust for managing keys. We have requested a Master KMS key. | ||
|
|
||
| ### KMS Key | ||
| Here are the steps taken to create a master key for CANWatermarking. | ||
|
|
@@ -42,8 +64,7 @@ Cognito -> App Integration -> Domain Name enter canconditioner | |
|
|
||
|
|
||
| ### Provisioning Sketch | ||
| The Teensy 4.0 needs to use the Wire library to communicate with the ATECC608. | ||
| The Teensy 4.0 needs to use the Wire library to communicate with the ATECC608A. | ||
|
|
||
| #include <Arduino.h> | ||
| #include <i2c_driver_wire.h> | ||
| [email protected] | ||
Binary file not shown.
Oops, something went wrong.