kopia lustrzana https://github.com/espressif/esp-idf
mqtt/ssl_ds example: Update the code to use `esp_secure_cert` component
rodzic
d64bda5946
commit
8387725c4f
|
@ -9,12 +9,4 @@ set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_exam
|
||||||
include($ENV{IDF_PATH}/tools/cmake/project.cmake)
|
include($ENV{IDF_PATH}/tools/cmake/project.cmake)
|
||||||
project(mqtt_ssl_ds)
|
project(mqtt_ssl_ds)
|
||||||
|
|
||||||
# Flash the custom partition named `pre_prov`.
|
|
||||||
set(partition pre_prov)
|
|
||||||
idf_build_get_property(project_dir PROJECT_DIR)
|
|
||||||
set(image_file ${project_dir}/esp_ds_data/${partition}.bin)
|
|
||||||
partition_table_get_partition_info(offset "--partition-name ${partition}" "offset")
|
|
||||||
esptool_py_flash_target_image(flash "${partition}" "${offset}" "${image_file}")
|
|
||||||
|
|
||||||
target_add_binary_data(${CMAKE_PROJECT_NAME}.elf "main/client.crt" TEXT)
|
|
||||||
target_add_binary_data(${CMAKE_PROJECT_NAME}.elf "main/mosquitto.org.crt" TEXT)
|
target_add_binary_data(${CMAKE_PROJECT_NAME}.elf "main/mosquitto.org.crt" TEXT)
|
||||||
|
|
|
@ -29,25 +29,10 @@
|
||||||
#include "esp_log.h"
|
#include "esp_log.h"
|
||||||
#include "mqtt_client.h"
|
#include "mqtt_client.h"
|
||||||
#include "rsa_sign_alt.h"
|
#include "rsa_sign_alt.h"
|
||||||
|
#include "esp_secure_cert_read.h"
|
||||||
|
|
||||||
/* pre_prov - name of partition containing encrypted prv key parameters ( It is set as such to synchronize it with the pre provisioning service */
|
|
||||||
#define NVS_PARTITION_NAME "pre_prov"
|
|
||||||
/* esp_ds_ns - namespace used for defining values in esp_ds_nvs */
|
|
||||||
#define NVS_NAMESPACE "esp_ds_ns"
|
|
||||||
/* esp_ds_key_id - efuse key block id where 256 bit key is stored, which will be read by
|
|
||||||
* DS module to perform DS operation */
|
|
||||||
#define NVS_EFUSE_KEY_ID "esp_ds_key_id"
|
|
||||||
/* esp_ds_rsa_len - length of RSA private key (in bits) which is encrypted */
|
|
||||||
#define NVS_RSA_LEN "esp_ds_rsa_len"
|
|
||||||
/* following entries denote key(ASCII string) for particular value in key-value pair of esp_ds_nvs (which are defined in esp_ds_ns) */
|
|
||||||
/* ciphertext_c - encrypted RSA private key, see ESP32-S2 Techincal Reference Manual for more details */
|
|
||||||
#define NVS_CIPHER_C "esp_ds_c"
|
|
||||||
/* initialization vector (iv) - 256 bit value used to encrypt RSA private key (to generate ciphertext_c) */
|
|
||||||
#define NVS_IV "esp_ds_iv"
|
|
||||||
static const char *TAG = "MQTTS_EXAMPLE";
|
static const char *TAG = "MQTTS_EXAMPLE";
|
||||||
|
|
||||||
extern const uint8_t client_cert_pem_start[] asm("_binary_client_crt_start");
|
|
||||||
extern const uint8_t client_cert_pem_end[] asm("_binary_client_crt_end");
|
|
||||||
extern const uint8_t server_cert_pem_start[] asm("_binary_mosquitto_org_crt_start");
|
extern const uint8_t server_cert_pem_start[] asm("_binary_mosquitto_org_crt_start");
|
||||||
extern const uint8_t server_cert_pem_end[] asm("_binary_mosquitto_org_crt_end");
|
extern const uint8_t server_cert_pem_end[] asm("_binary_mosquitto_org_crt_end");
|
||||||
|
|
||||||
|
@ -109,80 +94,23 @@ static void mqtt_event_handler(void *handler_args, esp_event_base_t base, int32_
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void *esp_read_ds_data_from_nvs(void)
|
|
||||||
{
|
|
||||||
esp_ds_data_ctx_t *ds_data_ctx;
|
|
||||||
ds_data_ctx = (esp_ds_data_ctx_t *)malloc(sizeof(esp_ds_data_ctx_t));
|
|
||||||
if (ds_data_ctx == NULL) {
|
|
||||||
ESP_LOGE(TAG, "Error in allocating memory for esp_ds_data_context");
|
|
||||||
goto exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
ds_data_ctx->esp_ds_data = (esp_ds_data_t *)calloc(1, sizeof(esp_ds_data_t));
|
|
||||||
if (ds_data_ctx->esp_ds_data == NULL) {
|
|
||||||
ESP_LOGE(TAG, "Could not allocate memory for DS data handle ");
|
|
||||||
goto exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
nvs_handle_t esp_ds_nvs_handle;
|
|
||||||
esp_err_t esp_ret;
|
|
||||||
esp_ret = nvs_flash_init_partition(NVS_PARTITION_NAME);
|
|
||||||
if (esp_ret != ESP_OK) {
|
|
||||||
ESP_LOGE(TAG, "Error in esp_ds_nvs partition init,\nreturned %02x (%s)", esp_ret, esp_err_to_name(esp_ret));
|
|
||||||
goto exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
esp_ret = nvs_open_from_partition(NVS_PARTITION_NAME, NVS_NAMESPACE,
|
|
||||||
NVS_READONLY, &esp_ds_nvs_handle);
|
|
||||||
if (esp_ret != ESP_OK) {
|
|
||||||
ESP_LOGE(TAG, "Error in esp_ds_nvs partition open,\nreturned %02x (%s)", esp_ret, esp_err_to_name(esp_ret));
|
|
||||||
goto exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
esp_ret = nvs_get_u8(esp_ds_nvs_handle, NVS_EFUSE_KEY_ID, &ds_data_ctx->efuse_key_id);
|
|
||||||
if (esp_ret != ESP_OK) {
|
|
||||||
ESP_LOGE(TAG, "Error in efuse_key_id value from nvs,\nreturned %02x (%s)", esp_ret, esp_err_to_name(esp_ret));
|
|
||||||
goto exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
esp_ret = nvs_get_u16(esp_ds_nvs_handle, NVS_RSA_LEN, &ds_data_ctx->rsa_length_bits);
|
|
||||||
if (esp_ret != ESP_OK) {
|
|
||||||
ESP_LOGE(TAG, "Error in reading rsa key length value from nvs,\nreturned %02x (%s)", esp_ret, esp_err_to_name(esp_ret));
|
|
||||||
goto exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
size_t blob_length = ESP_DS_C_LEN;
|
|
||||||
esp_ret = nvs_get_blob(esp_ds_nvs_handle, NVS_CIPHER_C, (void *)(ds_data_ctx->esp_ds_data->c), &blob_length);
|
|
||||||
if ((esp_ret != ESP_OK) || (blob_length != ESP_DS_C_LEN)) {
|
|
||||||
ESP_LOGE(TAG, "Error in reading ciphertext_c value from nvs,bytes_read = %d,\nreturned %02x (%s)", blob_length, esp_ret, esp_err_to_name(esp_ret));
|
|
||||||
goto exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
blob_length = ESP_DS_IV_LEN;
|
|
||||||
esp_ret = nvs_get_blob(esp_ds_nvs_handle, NVS_IV, (void *)(ds_data_ctx->esp_ds_data->iv), &blob_length);
|
|
||||||
if ((esp_ret != ESP_OK) || (blob_length != ESP_DS_IV_LEN)) {
|
|
||||||
ESP_LOGE(TAG, "Error in reading initialization vector value from nvs,bytes_read = %d,\nreturned %02x (%s)", blob_length, esp_ret, esp_err_to_name(esp_ret));
|
|
||||||
goto exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
return (void *)ds_data_ctx;
|
|
||||||
exit:
|
|
||||||
if (ds_data_ctx != NULL) {
|
|
||||||
free(ds_data_ctx->esp_ds_data);
|
|
||||||
}
|
|
||||||
free(ds_data_ctx);
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
static void mqtt_app_start(void)
|
static void mqtt_app_start(void)
|
||||||
{
|
{
|
||||||
|
|
||||||
/* The context is used by the DS peripheral, should not be freed */
|
/* The context is used by the DS peripheral, should not be freed */
|
||||||
void *ds_data = esp_read_ds_data_from_nvs();
|
esp_ds_data_ctx_t *ds_data = esp_secure_cert_get_ds_ctx();
|
||||||
if (ds_data == NULL) {
|
if (ds_data == NULL) {
|
||||||
ESP_LOGE(TAG, "Error in reading DS data from NVS");
|
ESP_LOGE(TAG, "Error in reading DS data from NVS");
|
||||||
vTaskDelete(NULL);
|
vTaskDelete(NULL);
|
||||||
}
|
}
|
||||||
|
char *device_cert = NULL;
|
||||||
|
esp_err_t ret;
|
||||||
|
uint32_t len;
|
||||||
|
ret = esp_secure_cert_get_device_cert(&device_cert, &len);
|
||||||
|
if (ret != ESP_OK) {
|
||||||
|
ESP_LOGE(TAG, "Failed to obtain the device certificate");
|
||||||
|
vTaskDelete(NULL);
|
||||||
|
}
|
||||||
|
|
||||||
const esp_mqtt_client_config_t mqtt_cfg = {
|
const esp_mqtt_client_config_t mqtt_cfg = {
|
||||||
.broker = {
|
.broker = {
|
||||||
.address.uri = "mqtts://test.mosquitto.org:8884",
|
.address.uri = "mqtts://test.mosquitto.org:8884",
|
||||||
|
@ -190,9 +118,9 @@ static void mqtt_app_start(void)
|
||||||
},
|
},
|
||||||
.credentials = {
|
.credentials = {
|
||||||
.authentication = {
|
.authentication = {
|
||||||
.certificate = (const char *)client_cert_pem_start,
|
.certificate = (const char *)device_cert,
|
||||||
.key = NULL,
|
.key = NULL,
|
||||||
.ds_data = ds_data
|
.ds_data = (void *)ds_data
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
Please paste your client certificate here (follow instructions in README.md)
|
|
|
@ -1,6 +1,6 @@
|
||||||
# ESP-IDF Partition Table
|
# ESP-IDF Partition Table
|
||||||
# Name, Type, SubType, Offset, Size, Flags
|
# Name, Type, SubType, Offset, Size, Flags
|
||||||
nvs,data,nvs,0x9000,24K,
|
esp_secure_cert,0x3F,,0xD000,0x2000,
|
||||||
phy_init,data,phy,0xf000,4K,
|
nvs,data,nvs,,24K,
|
||||||
pre_prov,data,nvs,0x10000,0x3000,
|
phy_init,data,phy,,4K,
|
||||||
factory,app,factory,0x20000,1M,
|
factory,app,factory,0x20000,1M,
|
||||||
|
|
|
Ładowanie…
Reference in New Issue