• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  *  Copyright (c) 2018, The OpenThread Authors.
3  *  All rights reserved.
4  *
5  *  Redistribution and use in source and binary forms, with or without
6  *  modification, are permitted provided that the following conditions are met:
7  *  1. Redistributions of source code must retain the above copyright
8  *     notice, this list of conditions and the following disclaimer.
9  *  2. Redistributions in binary form must reproduce the above copyright
10  *     notice, this list of conditions and the following disclaimer in the
11  *     documentation and/or other materials provided with the distribution.
12  *  3. Neither the name of the copyright holder nor the
13  *     names of its contributors may be used to endorse or promote products
14  *     derived from this software without specific prior written permission.
15  *
16  *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
17  *  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18  *  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19  *  ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
20  *  LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
21  *  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
22  *  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
23  *  INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
24  *  CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
25  *  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
26  *  POSSIBILITY OF SUCH DAMAGE.
27  */
28 
29 /**
30  * @file
31  * @brief
32  *  This file contains the X.509 certificate and private key for Application
33  *  CoAP Secure use with cipher suite ECDHE_ECDSA_WITH_AES_128_CCM8.
34  */
35 
36 #ifndef SRC_CLI_X509_CERT_KEY_HPP_
37 #define SRC_CLI_X509_CERT_KEY_HPP_
38 
39 #ifdef __cplusplus
40 extern "C" {
41 #endif
42 
43 #if OPENTHREAD_CONFIG_COAP_SECURE_API_ENABLE
44 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
45 
46 /**SERVER
47  * Generate your own private key and certificate using openssl.
48  *
49  * 1. Generate a EC (Elliptic Curve) Private Key.
50  *      'openssl ecparam -genkey -out myECKey.pem -name prime256v1 -noout'
51  * 2. Generate a .X509 Certificate (Contains Public Key).
52  *      'openssl req -x509 -new -key myECKey.pem -out myX509Cert.pem'
53  */
54 
55 /**
56  * place your X.509 certificate (PEM format) for ssl session
57  * with ECDHE_ECDSA_WITH_AES_128_CCM_8 here.
58  */
59 #define OT_CLI_COAPS_X509_CERT                                             \
60     "-----BEGIN CERTIFICATE-----\r\n"                                      \
61     "MIIBrTCCAVICBgDRArfDJTAKBggqhkjOPQQDAjBcMQswCQYDVQQGEwJaWTESMBAG\r\n" \
62     "A1UECAwJWW91clN0YXRlMRAwDgYDVQQKDAdZb3VyT3JnMRQwEgYDVQQLDAtZb3Vy\r\n" \
63     "T3JnVW5pdDERMA8GA1UEAwwIVmVuZG9yQ0EwIBcNMTgwNzEzMTIzNzA3WhgPMjI5\r\n" \
64     "MjA0MjYxMjM3MDdaMGExCzAJBgNVBAYTAlpZMRIwEAYDVQQIDAlZb3VyU3RhdGUx\r\n" \
65     "EDAOBgNVBAoMB1lvdXJPcmcxFDASBgNVBAsMC1lvdXJPcmdVbml0MRYwFAYDVQQD\r\n" \
66     "DA1QWEMzLkU3NS0xMDBBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIUtlV99w\r\n" \
67     "OggiASflg6CVsGMzXMXYrNgQ1piLIybCkrq+YoqJ3mwcbJHWlvxGPxNIQw6i8kzK\r\n" \
68     "bkC642ZWgBT5MzAKBggqhkjOPQQDAgNJADBGAiEA/1yk69A+37kLBvdOWPDRXGwe\r\n" \
69     "0AoICTGaLqzB3cF5mtACIQC28WwmzHb5gqe3nOPAM73py1v17EXZj07PU89BAEcb\r\n" \
70     "yg==\r\n"                                                             \
71     "-----END CERTIFICATE-----\r\n"
72 
73 /**
74  * place your private key (PEM format) for ssl session
75  * with ECDHE_ECDSA_WITH_AES_128_CCM_8 here.
76  */
77 #define OT_CLI_COAPS_PRIV_KEY                                              \
78     "-----BEGIN EC PRIVATE KEY-----\r\n"                                   \
79     "MHcCAQEEIFYQh2R7M48qOHePw+VE4b034UlZmWWC/iNAK34sQbucoAoGCCqGSM49\r\n" \
80     "AwEHoUQDQgAEIUtlV99wOggiASflg6CVsGMzXMXYrNgQ1piLIybCkrq+YoqJ3mwc\r\n" \
81     "bJHWlvxGPxNIQw6i8kzKbkC642ZWgBT5Mw==\r\n"                             \
82     "-----END EC PRIVATE KEY-----\r\n"
83 
84 /**
85  * Place peers CA certificate (PEM format) here.
86  * It's necessary to validate the peers certificate. If you haven't a
87  * CA certificate, you must run the coaps without checking certificate.
88  */
89 #define OT_CLI_COAPS_TRUSTED_ROOT_CERTIFICATE                              \
90     "-----BEGIN CERTIFICATE-----\r\n"                                      \
91     "MIICDzCCAbWgAwIBAgIESZYC0jAKBggqhkjOPQQDAjBcMQswCQYDVQQGEwJaWTES\r\n" \
92     "MBAGA1UECAwJWW91clN0YXRlMRAwDgYDVQQKDAdZb3VyT3JnMRQwEgYDVQQLDAtZ\r\n" \
93     "b3VyT3JnVW5pdDERMA8GA1UEAwwIVmVuZG9yQ0EwIBcNMTgwNzEzMTE1NjA5WhgP\r\n" \
94     "MjI5MjA0MjYxMTU2MDlaMFwxCzAJBgNVBAYTAlpZMRIwEAYDVQQIDAlZb3VyU3Rh\r\n" \
95     "dGUxEDAOBgNVBAoMB1lvdXJPcmcxFDASBgNVBAsMC1lvdXJPcmdVbml0MREwDwYD\r\n" \
96     "VQQDDAhWZW5kb3JDQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGAAuYcBIgP0\r\n" \
97     "fMC1Bd+1nAH5S1goR0TaDAIadK4hULQr5LwziuDk9XTQaOTwmWB9iR1eiHC6RY8W\r\n" \
98     "wyrGBbnEbzujYzBhMB0GA1UdDgQWBBQ+yCpIszhzbmXe2At1GofREjnBxjAfBgNV\r\n" \
99     "HSMEGDAWgBQ+yCpIszhzbmXe2At1GofREjnBxjAPBgNVHRMBAf8EBTADAQH/MA4G\r\n" \
100     "A1UdDwEB/wQEAwIBhjAKBggqhkjOPQQDAgNIADBFAiBW60XgdSRD24rbTgdneS+V\r\n" \
101     "SHVix8LuXunPYW50LmxbrwIhAOw4gMroRIOS26y0TcND03FnyO3wBNF9MjM0hWKQ\r\n" \
102     "JXk3\r\n"                                                             \
103     "-----END CERTIFICATE-----\r\n"
104 
105 #endif // MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
106 #endif // OPENTHREAD_CONFIG_COAP_SECURE_API_ENABLE
107 
108 /**
109  * @}
110  *
111  */
112 
113 #ifdef __cplusplus
114 } // extern "C"
115 #endif
116 
117 #endif /* SRC_CLI_X509_CERT_KEY_HPP_ */
118