Support >16 byte serial numbers

This makes use of the flags field to indicate that the rest of the OTP
area should be used for the serial number. This lets you have up to 48
byte serial numbers which certainly seems like way more than anyone
would ever need.

This change also beefs up the OTP section tests to ensure that the code
is backwards compatible since it's assumed that most users will continue
to have <= 16 byte serial numbers.

Author: fhunleth

README.md

@@ -208,7 +208,7 @@ device's X.509 certificate is signed, so cloud servers can trust the
 manufacturer serial number.
 
 At this point, you're the manufacturer. Decide how you'd like your serial
-numbers to look. Whatever you pick, it must fit in 16-bytes. Representing the
+numbers to look. Whatever you pick, it must fit in 48-bytes. Representing the
 serial number is ASCII is commonly done. If you don't want to deal with this, do
 what we do (Base32-encode the ATECC508A/608A's globally unique identifier):
 
@@ -388,7 +388,8 @@ following layout:
 Bytes  | Name              | Contents
 ------ | ----------------- | -------------------------
 0-3    | Magic             | 4e 72 76 73
-4-5    | Flags             | TBD. Set to 0
+4      | Flags_MSB         | 0
+5      | Flags_LSB         | 0 = 16 byte serial number, 1 = 32 byte serial number
 6-15   | Board name        | 10 byte name for the board in ASCII (set unused bytes to 0)
-16-31  | Mfg serial number | 16 byte manufacturer-assigned serial number in ASCII (set unused bytes to 0)
-32-63  | User              | These are unassigned
+16-31  | Mfg serial number | Serial number in ASCII (set unused bytes to 0)
+32-63  | Serial# or User   | If Flags == 1, then the rest of the serial number

lib/nerves_key/otp.ex

@@ -21,14 +21,32 @@ defmodule NervesKey.OTP do
           user: <<_::256>>
         }
 
+  @type raw() :: <<_::512>>
+
   @doc """
   Create a NervesKey OTP data struct
   """
-  @spec new(String.t(), String.t(), binary()) :: t()
-  def new(board_name, manufacturer_sn, user \\ <<0::size(256)>>) do
-    %__MODULE__{flags: 0, board_name: board_name, manufacturer_sn: manufacturer_sn, user: user}
+  @spec new(String.t(), String.t(), binary() | nil) :: t()
+  def new(board_name, manufacturer_sn, user \\ nil)
+
+  def new(board_name, manufacturer_sn, nil)
+      when byte_size(manufacturer_sn) > 16 and byte_size(manufacturer_sn) <= 32 do
+    %__MODULE__{flags: 1, board_name: board_name, manufacturer_sn: manufacturer_sn, user: <<>>}
   end
 
+  def new(board_name, manufacturer_sn, user)
+      when byte_size(manufacturer_sn) <= 16 do
+    %__MODULE__{
+      flags: 0,
+      board_name: board_name,
+      manufacturer_sn: manufacturer_sn,
+      user: check_user(user)
+    }
+  end
+
+  defp check_user(nil), do: <<0::256>>
+  defp check_user(user) when byte_size(user) <= 32, do: user
+
   @doc """
   Read NervesKey information from the OTP data.
   """
@@ -42,15 +60,27 @@ defmodule NervesKey.OTP do
   @doc """
   Write NervesKey information to the OTP zone.
   """
-  @spec write(Transport.t(), <<_::512>>) :: :ok | {:error, atom()}
+  @spec write(Transport.t(), raw()) :: :ok | {:error, atom()}
   defdelegate write(transport, data), to: OTPZone
 
   @doc """
   Convert a raw configuration to a nice map.
   """
-  @spec from_raw(<<_::512>>) :: {:ok, t()} | {:error, atom()}
+  @spec from_raw(raw()) :: {:ok, t()} | {:error, atom()}
+  def from_raw(<<@magic::binary(), flags::16, board_name::10-bytes, manufacturer_sn::48-bytes>>)
+      when flags == 1 do
+    # Long serial number flag
+    {:ok,
+     %__MODULE__{
+       flags: flags,
+       board_name: Util.trim_zeros(board_name),
+       manufacturer_sn: Util.trim_zeros(manufacturer_sn),
+       user: <<>>
+     }}
+  end
+
   def from_raw(
-        <<@magic::binary(), flags::size(16), board_name::10-bytes, manufacturer_sn::16-bytes,
+        <<@magic::binary(), flags::16, board_name::10-bytes, manufacturer_sn::16-bytes,
           user::32-bytes>>
       ) do
     {:ok,
@@ -67,7 +97,7 @@ defmodule NervesKey.OTP do
   @doc """
   Convert a raw configuration to a nice map. Raise if there is an error.
   """
-  @spec from_raw!(<<_::512>>) :: t() | no_return()
+  @spec from_raw!(raw()) :: t()
   def from_raw!(raw) do
     {:ok, raw} = from_raw(raw)
     raw
@@ -76,8 +106,15 @@ defmodule NervesKey.OTP do
   @doc """
   Convert a nice config map back to a raw configuration
   """
-  @spec to_raw(t()) :: <<_::512>>
-  def to_raw(info) do
+  @spec to_raw(t()) :: raw()
+  def to_raw(%__MODULE__{flags: 1} = info) do
+    board_name = Util.pad_zeros(info.board_name, 10)
+    manufacturer_sn = Util.pad_zeros(info.manufacturer_sn, 48)
+
+    <<@magic::binary(), info.flags::size(16), board_name::binary(), manufacturer_sn::binary()>>
+  end
+
+  def to_raw(%__MODULE__{} = info) do
     board_name = Util.pad_zeros(info.board_name, 10)
     manufacturer_sn = Util.pad_zeros(info.manufacturer_sn, 16)
     user = Util.pad_zeros(info.user, 32)

test/nerves_key/otp_test.exs

@@ -3,22 +3,59 @@ defmodule NervesKey.OTPTest do
 
   alias NervesKey.OTP
 
-  @test_data %OTP{
-    flags: 1234,
-    manufacturer_sn: "1234578",
-    board_name: "my_board",
-    user:
-      <<0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24,
-        25, 26, 27, 28, 29, 30, 31>>
-  }
-
-  test "to raw and back" do
-    raw_and_back = @test_data |> OTP.to_raw() |> OTP.from_raw!()
-    assert raw_and_back == @test_data
+  defp assert_raw_and_back(otp) do
+    raw_and_back = otp |> OTP.to_raw() |> OTP.from_raw!()
+
+    assert otp == raw_and_back
   end
 
   test "magic is right" do
-    <<magic::4-bytes, _rest::binary()>> = OTP.to_raw(@test_data)
+    <<magic::4-bytes, _rest::binary()>> = OTP.to_raw(OTP.new("", ""))
     assert magic == <<0x4E, 0x72, 0x76, 0x73>>
   end
+
+  test "encode normal length serial numbers" do
+    otp =
+      OTP.new(
+        "my_board",
+        "1234578",
+        <<0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23,
+          24, 25, 26, 27, 28, 29, 30, 31>>
+      )
+
+    assert OTP.to_raw(otp) ==
+             <<0x4E, 0x72, 0x76, 0x73, 0x00, 0x00, "my_board", 0, 0, "1234578", 0, 0, 0, 0, 0, 0,
+               0, 0, 0, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20,
+               21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31>>
+
+    assert_raw_and_back(otp)
+  end
+
+  test "encode 16 byte serial" do
+    otp = OTP.new("my_board", "1234567890123456")
+
+    assert OTP.to_raw(otp) ==
+             <<0x4E, 0x72, 0x76, 0x73, 0x00, 0x00, "my_board", 0, 0, "1234567890123456", 0::256>>
+
+    assert_raw_and_back(otp)
+  end
+
+  test "encode 17 byte serial" do
+    otp = OTP.new("my_board", "12345678901234567")
+
+    assert OTP.to_raw(otp) ==
+             <<0x4E, 0x72, 0x76, 0x73, 0x00, 0x01, "my_board", 0, 0, "12345678901234567", 0::248>>
+
+    assert_raw_and_back(otp)
+  end
+
+  test "encode 32 byte serial" do
+    otp = OTP.new("my_board", "12345678901234567890123456789012")
+
+    assert OTP.to_raw(otp) ==
+             <<0x4E, 0x72, 0x76, 0x73, 0x00, 0x01, "my_board", 0, 0,
+               "12345678901234567890123456789012", 0::128>>
+
+    assert_raw_and_back(otp)
+  end
 end