Add extracted tools: CitrineOS, OpenOCPP, ShapeShifter

- CitrineOS core extracted (CSMS OCPP 2.0.1)
- OpenOCPP extracted (firmware OCPP 1.6J/2.0.1)
- ShapeShifter library installed (pip install -e)
- ShapeShifter specification extracted
- EVerest extracted

TODO updated with progress

tools/EVerest-main/lib/everest/tls/tests/pki/.gitignore

@@ -0,0 +1 @@
+*.pem

tools/EVerest-main/lib/everest/tls/tests/pki/alt_openssl-pki.conf

@@ -0,0 +1,143 @@
+openssl_conf = openssl_init
+
+[openssl_init]
+providers = provider_section
+
+[provider_section]
+default = default_section
+tpm2 = tpm2_section
+base = base_section
+
+[default_section]
+activate = 1
+
+[tpm2_section]
+activate = 1
+
+[base_section]
+activate = 1
+
+# server section
+# ==============
+[req_server_root]
+distinguished_name = req_dn_server_root
+utf8 = yes
+prompt = no
+req_extensions = v3_server_root
+
+[req_server_ca]
+distinguished_name = req_dn_server_ca
+utf8 = yes
+prompt = no
+req_extensions = v3_server_ca
+
+[req_server]
+distinguished_name = req_dn_server
+utf8 = yes
+prompt = no
+req_extensions = v3_server
+
+[req_dn_server_root]
+C = GB
+O = Pionix
+L = London
+CN = Alternate Root Trust Anchor
+
+[req_dn_server_ca]
+C = GB
+O = Pionix
+L = London
+CN = Alternate Intermediate CA
+
+[req_dn_server]
+C = GB
+O = Pionix
+L = London
+CN = 11111111
+
+[req_dn_client]
+C = GB
+O = Pionix
+L = London
+CN = 98765432
+
+[v3_server_root]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints = critical, CA:true, pathlen:2
+keyUsage = keyCertSign, cRLSign
+
+[v3_server_ca]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints = critical, CA:true
+keyUsage = keyCertSign, cRLSign
+
+[v3_server]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always
+keyUsage = digitalSignature, keyEncipherment, keyAgreement
+extendedKeyUsage = serverAuth, clientAuth
+subjectAltName = IP:192.168.245.1, DNS:evse.pionix.de
+
+# client section
+# ==============
+[req_client]
+distinguished_name = req_dn_client
+utf8 = yes
+prompt = no
+req_extensions = v3_client
+
+[req_client_root]
+distinguished_name = req_dn_client_root
+utf8 = yes
+prompt = no
+req_extensions = v3_client_root
+
+[req_client_ca]
+distinguished_name = req_dn_client_ca
+utf8 = yes
+prompt = no
+req_extensions = v3_client_ca
+
+[req_server]
+distinguished_name = req_dn_server
+utf8 = yes
+prompt = no
+req_extensions = v3_server
+
+[req_dn_client_root]
+C = DE
+O = Pionix
+L = Frankfurt
+CN = Alternate Root Trust Anchor
+
+[req_dn_client_ca]
+C = DE
+O = Pionix
+L = Frankfurt
+CN = Alternate Intermediate CA
+
+[req_dn_client]
+C = DE
+O = Pionix
+L = Frankfurt
+CN = 66666666
+
+[v3_client_root]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints = critical, CA:true, pathlen:2
+keyUsage = keyCertSign, cRLSign
+
+[v3_client_ca]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints = critical, CA:true
+keyUsage = keyCertSign, cRLSign
+
+[v3_client]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always
+keyUsage = digitalSignature, keyEncipherment, keyAgreement
+extendedKeyUsage = clientAuth

tools/EVerest-main/lib/everest/tls/tests/pki/iso_pkey.asn1

@@ -0,0 +1,11 @@
+asn1=SEQ:pkcs8c
+[pkcs8c]
+ver=INT:0
+algid=SEQ:algid
+data=OCTWRAP,SEQ:sec1
+[algid]
+alg=OID:id-ecPublicKey
+parm=OID:prime256v1
+[sec1]
+ver=INT:1
+privkey=FORMAT:HEX,OCT:b9134963f51c4414738435057f97bbf1010cabcb8dbde9c5d48138396aa94b9d

tools/EVerest-main/lib/everest/tls/tests/pki/openssl-pki.conf

@@ -0,0 +1,143 @@
+openssl_conf = openssl_init
+
+[openssl_init]
+providers = provider_section
+
+[provider_section]
+default = default_section
+tpm2 = tpm2_section
+base = base_section
+
+[default_section]
+activate = 1
+
+[tpm2_section]
+activate = 1
+
+[base_section]
+activate = 1
+
+# server section
+# ==============
+[req_server_root]
+distinguished_name = req_dn_server_root
+utf8 = yes
+prompt = no
+req_extensions = v3_server_root
+
+[req_server_ca]
+distinguished_name = req_dn_server_ca
+utf8 = yes
+prompt = no
+req_extensions = v3_server_ca
+
+[req_server]
+distinguished_name = req_dn_server
+utf8 = yes
+prompt = no
+req_extensions = v3_server
+
+[req_dn_server_root]
+C = GB
+O = Pionix
+L = London
+CN = Root Trust Anchor
+
+[req_dn_server_ca]
+C = GB
+O = Pionix
+L = London
+CN = Intermediate CA
+
+[req_dn_server]
+C = GB
+O = Pionix
+L = London
+CN = 00000000
+
+[req_dn_client]
+C = GB
+O = Pionix
+L = London
+CN = 12345678
+
+[v3_server_root]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints = critical, CA:true, pathlen:2
+keyUsage = keyCertSign, cRLSign
+
+[v3_server_ca]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints = critical, CA:true
+keyUsage = keyCertSign, cRLSign
+
+[v3_server]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always
+keyUsage = digitalSignature, keyEncipherment, keyAgreement
+extendedKeyUsage = serverAuth, clientAuth
+subjectAltName = IP:192.168.245.1, DNS:evse.pionix.de
+
+# client section
+# ==============
+[req_client]
+distinguished_name = req_dn_client
+utf8 = yes
+prompt = no
+req_extensions = v3_client
+
+[req_client_root]
+distinguished_name = req_dn_client_root
+utf8 = yes
+prompt = no
+req_extensions = v3_client_root
+
+[req_client_ca]
+distinguished_name = req_dn_client_ca
+utf8 = yes
+prompt = no
+req_extensions = v3_client_ca
+
+[req_server]
+distinguished_name = req_dn_server
+utf8 = yes
+prompt = no
+req_extensions = v3_server
+
+[req_dn_client_root]
+C = DE
+O = Pionix
+L = Frankfurt
+CN = Root Trust Anchor
+
+[req_dn_client_ca]
+C = DE
+O = Pionix
+L = Frankfurt
+CN = Intermediate CA
+
+[req_dn_client]
+C = DE
+O = Pionix
+L = Frankfurt
+CN = 12345678
+
+[v3_client_root]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints = critical, CA:true, pathlen:2
+keyUsage = keyCertSign, cRLSign
+
+[v3_client_ca]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints = critical, CA:true
+keyUsage = keyCertSign, cRLSign
+
+[v3_client]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always
+keyUsage = digitalSignature, keyEncipherment, keyAgreement
+extendedKeyUsage = clientAuth

tools/EVerest-main/lib/everest/tls/tests/pki/pki-tpm.sh

@@ -0,0 +1,57 @@
+#!/bin/sh
+
+base=.
+cfg=./openssl-pki.conf
+dir=tpm_pki
+
+[ ! -f "$cfg" ] && echo "missing openssl-pki.conf" && exit 1
+
+generate() {
+    local base=$1
+    local dir=$2
+    mkdir -p ${base}/${dir}
+
+    local root_priv=${base}/${dir}/server_root_priv.pem
+    local ca_priv=${base}/${dir}/server_ca_priv.pem
+    local server_priv=${base}/${dir}/server_priv.pem
+
+    local root_cert=${base}/${dir}/server_root_cert.pem
+    local ca_cert=${base}/${dir}/server_ca_cert.pem
+    local server_cert=${base}/${dir}/server_cert.pem
+    local cert_path=${base}/${dir}/server_chain.pem
+
+    local tpmA="-provider"
+    local tpmB="tpm2"
+    local propA="-propquery"
+    local propB="?provider=tpm2"
+
+    # generate keys
+    for i in ${root_priv} ${ca_priv} ${server_priv}
+    do
+        openssl genpkey -config ${cfg} ${tpmA} ${tpmB} ${propA} ${propB} -algorithm EC -pkeyopt ec_paramgen_curve:P-256 -out $i
+    done
+
+    export OPENSSL_CONF=${cfg}
+    # generate root cert
+    echo "Generate root"
+    openssl req ${tpmA} ${tpmB} -provider default ${propA} ${propB} \
+        -config ${cfg} -x509 -section req_server_root -extensions v3_server_root \
+        -key ${root_priv} -out ${root_cert}
+    # generate ca cert
+    echo "Generate ca"
+    openssl req ${tpmA} ${tpmB} -provider default ${propA} ${propB} \
+        -config ${cfg} -x509 -section req_server_ca -extensions v3_server_ca \
+        -key ${ca_priv} -CA ${root_cert} \
+        -CAkey ${root_priv} -out ${ca_cert}
+    # generate server cert
+    echo "Generate server"
+    openssl req ${tpmA} ${tpmB} -provider default ${propA} ${propB} \
+        -config ${cfg} -x509 -section req_server -extensions v3_server \
+        -key ${server_priv} -CA ${ca_cert} \
+        -CAkey ${ca_priv} -out ${server_cert}
+
+    # create bundle
+    cat ${server_cert} ${ca_cert} > ${cert_path}
+}
+
+generate $base $dir

tools/EVerest-main/lib/everest/tls/tests/pki/pki.sh

@@ -0,0 +1,80 @@
+#!/bin/sh
+
+generate() {
+    local base="$1"
+    # generate keys
+    for i in "${base}${server_root_priv}" "${base}${server_ca_priv}" "${base}${server_priv}" \
+             "${base}${client_root_priv}" "${base}${client_ca_priv}" "${base}${client_priv}"
+    do
+        openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:P-256 -out "$i"
+        chmod 644 "$i"
+    done
+
+    export OPENSSL_CONF="${base}${cfg}"
+
+    echo "Generate ${base}server_root"
+    openssl req \
+        -config "${base}${cfg}" -x509 -section req_server_root -extensions v3_server_root \
+        -key "${base}${server_root_priv}" -out "${base}${server_root_cert}"
+    echo "Generate ${base}server_ca"
+    openssl req \
+        -config "${base}${cfg}" -x509 -section req_server_ca -extensions v3_server_ca \
+        -key "${base}${server_ca_priv}" -CA "${base}${server_root_cert}" \
+        -CAkey "${base}${server_root_priv}" -out "${base}${server_ca_cert}"
+    echo "Generate ${base}server"
+    openssl req \
+        -config "${base}${cfg}" -x509 -section req_server -extensions v3_server \
+        -key "${base}${server_priv}" -CA "${base}${server_ca_cert}" \
+        -CAkey "${base}${server_ca_priv}" -out "${base}${server_cert}"
+    cat "${base}${server_cert}" "${base}${server_ca_cert}" > "${base}${server_chain}"
+
+    echo "Generate ${base}client_root"
+    openssl req \
+        -config "${base}${cfg}" -x509 -section req_client_root -extensions v3_client_root \
+        -key "${base}${client_root_priv}" -out "${base}${client_root_cert}"
+    echo "Generate ${base}client_ca"
+    openssl req \
+        -config "${base}${cfg}" -x509 -section req_client_ca -extensions v3_client_ca \
+        -key "${base}${client_ca_priv}" -CA "${base}${client_root_cert}" \
+        -CAkey "${base}${client_root_priv}" -out "${base}${client_ca_cert}"
+    echo "Generate ${base}client"
+    openssl req \
+        -config "${base}${cfg}" -x509 -section req_client -extensions v3_client \
+        -key "${base}${client_priv}" -CA "${base}${client_ca_cert}" \
+        -CAkey "${base}${client_ca_priv}" -out "${base}${client_cert}"
+
+    cat "${base}${client_cert}" "${base}${client_ca_cert}" > "${base}${client_chain}"
+}
+
+cfg=openssl-pki.conf
+
+server_root_priv=server_root_priv.pem
+server_ca_priv=server_ca_priv.pem
+server_priv=server_priv.pem
+
+server_root_cert=server_root_cert.pem
+server_ca_cert=server_ca_cert.pem
+server_cert=server_cert.pem
+server_chain=server_chain.pem
+
+client_root_priv=client_root_priv.pem
+client_ca_priv=client_ca_priv.pem
+client_priv=client_priv.pem
+
+client_root_cert=client_root_cert.pem
+client_ca_cert=client_ca_cert.pem
+client_cert=client_cert.pem
+client_chain=client_chain.pem
+
+generate
+generate alt_
+
+# cross signed intermediate certificate
+echo "Generate cross_ca"
+openssl req \
+    -config "${cfg}" -x509 -section req_server_ca -extensions v3_server_ca \
+    -key "${base}${server_ca_priv}" -CA "${base}${client_root_cert}" \
+    -CAkey "${base}${client_root_priv}" -out cross_ca_cert.pem
+
+# convert iso key to PEM
+openssl asn1parse -genconf iso_pkey.asn1 -noout -out -| openssl pkey -inform der -out iso_priv.pem