mqtt/ssl_ds example: Update the code to use `esp_secure_cert` component

pull/9702/head
Aditya Patwardhan 2022-08-24 23:21:02 +05:30
rodzic d64bda5946
commit 8387725c4f
4 zmienionych plików z 16 dodań i 97 usunięć

Wyświetl plik

@ -9,12 +9,4 @@ set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_exam
include($ENV{IDF_PATH}/tools/cmake/project.cmake) include($ENV{IDF_PATH}/tools/cmake/project.cmake)
project(mqtt_ssl_ds) project(mqtt_ssl_ds)
# Flash the custom partition named `pre_prov`.
set(partition pre_prov)
idf_build_get_property(project_dir PROJECT_DIR)
set(image_file ${project_dir}/esp_ds_data/${partition}.bin)
partition_table_get_partition_info(offset "--partition-name ${partition}" "offset")
esptool_py_flash_target_image(flash "${partition}" "${offset}" "${image_file}")
target_add_binary_data(${CMAKE_PROJECT_NAME}.elf "main/client.crt" TEXT)
target_add_binary_data(${CMAKE_PROJECT_NAME}.elf "main/mosquitto.org.crt" TEXT) target_add_binary_data(${CMAKE_PROJECT_NAME}.elf "main/mosquitto.org.crt" TEXT)

Wyświetl plik

@ -29,25 +29,10 @@
#include "esp_log.h" #include "esp_log.h"
#include "mqtt_client.h" #include "mqtt_client.h"
#include "rsa_sign_alt.h" #include "rsa_sign_alt.h"
#include "esp_secure_cert_read.h"
/* pre_prov - name of partition containing encrypted prv key parameters ( It is set as such to synchronize it with the pre provisioning service */
#define NVS_PARTITION_NAME "pre_prov"
/* esp_ds_ns - namespace used for defining values in esp_ds_nvs */
#define NVS_NAMESPACE "esp_ds_ns"
/* esp_ds_key_id - efuse key block id where 256 bit key is stored, which will be read by
* DS module to perform DS operation */
#define NVS_EFUSE_KEY_ID "esp_ds_key_id"
/* esp_ds_rsa_len - length of RSA private key (in bits) which is encrypted */
#define NVS_RSA_LEN "esp_ds_rsa_len"
/* following entries denote key(ASCII string) for particular value in key-value pair of esp_ds_nvs (which are defined in esp_ds_ns) */
/* ciphertext_c - encrypted RSA private key, see ESP32-S2 Techincal Reference Manual for more details */
#define NVS_CIPHER_C "esp_ds_c"
/* initialization vector (iv) - 256 bit value used to encrypt RSA private key (to generate ciphertext_c) */
#define NVS_IV "esp_ds_iv"
static const char *TAG = "MQTTS_EXAMPLE"; static const char *TAG = "MQTTS_EXAMPLE";
extern const uint8_t client_cert_pem_start[] asm("_binary_client_crt_start");
extern const uint8_t client_cert_pem_end[] asm("_binary_client_crt_end");
extern const uint8_t server_cert_pem_start[] asm("_binary_mosquitto_org_crt_start"); extern const uint8_t server_cert_pem_start[] asm("_binary_mosquitto_org_crt_start");
extern const uint8_t server_cert_pem_end[] asm("_binary_mosquitto_org_crt_end"); extern const uint8_t server_cert_pem_end[] asm("_binary_mosquitto_org_crt_end");
@ -109,80 +94,23 @@ static void mqtt_event_handler(void *handler_args, esp_event_base_t base, int32_
} }
} }
void *esp_read_ds_data_from_nvs(void)
{
esp_ds_data_ctx_t *ds_data_ctx;
ds_data_ctx = (esp_ds_data_ctx_t *)malloc(sizeof(esp_ds_data_ctx_t));
if (ds_data_ctx == NULL) {
ESP_LOGE(TAG, "Error in allocating memory for esp_ds_data_context");
goto exit;
}
ds_data_ctx->esp_ds_data = (esp_ds_data_t *)calloc(1, sizeof(esp_ds_data_t));
if (ds_data_ctx->esp_ds_data == NULL) {
ESP_LOGE(TAG, "Could not allocate memory for DS data handle ");
goto exit;
}
nvs_handle_t esp_ds_nvs_handle;
esp_err_t esp_ret;
esp_ret = nvs_flash_init_partition(NVS_PARTITION_NAME);
if (esp_ret != ESP_OK) {
ESP_LOGE(TAG, "Error in esp_ds_nvs partition init,\nreturned %02x (%s)", esp_ret, esp_err_to_name(esp_ret));
goto exit;
}
esp_ret = nvs_open_from_partition(NVS_PARTITION_NAME, NVS_NAMESPACE,
NVS_READONLY, &esp_ds_nvs_handle);
if (esp_ret != ESP_OK) {
ESP_LOGE(TAG, "Error in esp_ds_nvs partition open,\nreturned %02x (%s)", esp_ret, esp_err_to_name(esp_ret));
goto exit;
}
esp_ret = nvs_get_u8(esp_ds_nvs_handle, NVS_EFUSE_KEY_ID, &ds_data_ctx->efuse_key_id);
if (esp_ret != ESP_OK) {
ESP_LOGE(TAG, "Error in efuse_key_id value from nvs,\nreturned %02x (%s)", esp_ret, esp_err_to_name(esp_ret));
goto exit;
}
esp_ret = nvs_get_u16(esp_ds_nvs_handle, NVS_RSA_LEN, &ds_data_ctx->rsa_length_bits);
if (esp_ret != ESP_OK) {
ESP_LOGE(TAG, "Error in reading rsa key length value from nvs,\nreturned %02x (%s)", esp_ret, esp_err_to_name(esp_ret));
goto exit;
}
size_t blob_length = ESP_DS_C_LEN;
esp_ret = nvs_get_blob(esp_ds_nvs_handle, NVS_CIPHER_C, (void *)(ds_data_ctx->esp_ds_data->c), &blob_length);
if ((esp_ret != ESP_OK) || (blob_length != ESP_DS_C_LEN)) {
ESP_LOGE(TAG, "Error in reading ciphertext_c value from nvs,bytes_read = %d,\nreturned %02x (%s)", blob_length, esp_ret, esp_err_to_name(esp_ret));
goto exit;
}
blob_length = ESP_DS_IV_LEN;
esp_ret = nvs_get_blob(esp_ds_nvs_handle, NVS_IV, (void *)(ds_data_ctx->esp_ds_data->iv), &blob_length);
if ((esp_ret != ESP_OK) || (blob_length != ESP_DS_IV_LEN)) {
ESP_LOGE(TAG, "Error in reading initialization vector value from nvs,bytes_read = %d,\nreturned %02x (%s)", blob_length, esp_ret, esp_err_to_name(esp_ret));
goto exit;
}
return (void *)ds_data_ctx;
exit:
if (ds_data_ctx != NULL) {
free(ds_data_ctx->esp_ds_data);
}
free(ds_data_ctx);
return NULL;
}
static void mqtt_app_start(void) static void mqtt_app_start(void)
{ {
/* The context is used by the DS peripheral, should not be freed */ /* The context is used by the DS peripheral, should not be freed */
void *ds_data = esp_read_ds_data_from_nvs(); esp_ds_data_ctx_t *ds_data = esp_secure_cert_get_ds_ctx();
if (ds_data == NULL) { if (ds_data == NULL) {
ESP_LOGE(TAG, "Error in reading DS data from NVS"); ESP_LOGE(TAG, "Error in reading DS data from NVS");
vTaskDelete(NULL); vTaskDelete(NULL);
} }
char *device_cert = NULL;
esp_err_t ret;
uint32_t len;
ret = esp_secure_cert_get_device_cert(&device_cert, &len);
if (ret != ESP_OK) {
ESP_LOGE(TAG, "Failed to obtain the device certificate");
vTaskDelete(NULL);
}
const esp_mqtt_client_config_t mqtt_cfg = { const esp_mqtt_client_config_t mqtt_cfg = {
.broker = { .broker = {
.address.uri = "mqtts://test.mosquitto.org:8884", .address.uri = "mqtts://test.mosquitto.org:8884",
@ -190,9 +118,9 @@ static void mqtt_app_start(void)
}, },
.credentials = { .credentials = {
.authentication = { .authentication = {
.certificate = (const char *)client_cert_pem_start, .certificate = (const char *)device_cert,
.key = NULL, .key = NULL,
.ds_data = ds_data .ds_data = (void *)ds_data
}, },
}, },
}; };

Wyświetl plik

@ -1 +0,0 @@
Please paste your client certificate here (follow instructions in README.md)

Wyświetl plik

@ -1,6 +1,6 @@
# ESP-IDF Partition Table # ESP-IDF Partition Table
# Name, Type, SubType, Offset, Size, Flags # Name, Type, SubType, Offset, Size, Flags
nvs,data,nvs,0x9000,24K, esp_secure_cert,0x3F,,0xD000,0x2000,
phy_init,data,phy,0xf000,4K, nvs,data,nvs,,24K,
pre_prov,data,nvs,0x10000,0x3000, phy_init,data,phy,,4K,
factory,app,factory,0x20000,1M, factory,app,factory,0x20000,1M,

1 # ESP-IDF Partition Table
2 # Name, Type, SubType, Offset, Size, Flags
3 nvs,data,nvs,0x9000,24K, esp_secure_cert,0x3F,,0xD000,0x2000,
4 phy_init,data,phy,0xf000,4K, nvs,data,nvs,,24K,
5 pre_prov,data,nvs,0x10000,0x3000, phy_init,data,phy,,4K,
6 factory,app,factory,0x20000,1M,