From 8387725c4f974ef92d02d8be4350b98a430740dc Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 24 Aug 2022 23:21:02 +0530 Subject: [PATCH] mqtt/ssl_ds example: Update the code to use `esp_secure_cert` component --- examples/protocols/mqtt/ssl_ds/CMakeLists.txt | 8 -- .../protocols/mqtt/ssl_ds/main/app_main.c | 98 +++---------------- .../protocols/mqtt/ssl_ds/main/client.crt | 1 - examples/protocols/mqtt/ssl_ds/partitions.csv | 6 +- 4 files changed, 16 insertions(+), 97 deletions(-) delete mode 100644 examples/protocols/mqtt/ssl_ds/main/client.crt diff --git a/examples/protocols/mqtt/ssl_ds/CMakeLists.txt b/examples/protocols/mqtt/ssl_ds/CMakeLists.txt index c45c2a0c8d..e821859459 100644 --- a/examples/protocols/mqtt/ssl_ds/CMakeLists.txt +++ b/examples/protocols/mqtt/ssl_ds/CMakeLists.txt @@ -9,12 +9,4 @@ set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_exam include($ENV{IDF_PATH}/tools/cmake/project.cmake) project(mqtt_ssl_ds) -# Flash the custom partition named `pre_prov`. -set(partition pre_prov) -idf_build_get_property(project_dir PROJECT_DIR) -set(image_file ${project_dir}/esp_ds_data/${partition}.bin) -partition_table_get_partition_info(offset "--partition-name ${partition}" "offset") -esptool_py_flash_target_image(flash "${partition}" "${offset}" "${image_file}") - -target_add_binary_data(${CMAKE_PROJECT_NAME}.elf "main/client.crt" TEXT) target_add_binary_data(${CMAKE_PROJECT_NAME}.elf "main/mosquitto.org.crt" TEXT) diff --git a/examples/protocols/mqtt/ssl_ds/main/app_main.c b/examples/protocols/mqtt/ssl_ds/main/app_main.c index 79b28bf34b..ba94cf0db3 100644 --- a/examples/protocols/mqtt/ssl_ds/main/app_main.c +++ b/examples/protocols/mqtt/ssl_ds/main/app_main.c @@ -29,25 +29,10 @@ #include "esp_log.h" #include "mqtt_client.h" #include "rsa_sign_alt.h" +#include "esp_secure_cert_read.h" -/* pre_prov - name of partition containing encrypted prv key parameters ( It is set as such to synchronize it with the pre provisioning service */ -#define NVS_PARTITION_NAME "pre_prov" -/* esp_ds_ns - namespace used for defining values in esp_ds_nvs */ -#define NVS_NAMESPACE "esp_ds_ns" -/* esp_ds_key_id - efuse key block id where 256 bit key is stored, which will be read by - * DS module to perform DS operation */ -#define NVS_EFUSE_KEY_ID "esp_ds_key_id" -/* esp_ds_rsa_len - length of RSA private key (in bits) which is encrypted */ -#define NVS_RSA_LEN "esp_ds_rsa_len" -/* following entries denote key(ASCII string) for particular value in key-value pair of esp_ds_nvs (which are defined in esp_ds_ns) */ -/* ciphertext_c - encrypted RSA private key, see ESP32-S2 Techincal Reference Manual for more details */ -#define NVS_CIPHER_C "esp_ds_c" -/* initialization vector (iv) - 256 bit value used to encrypt RSA private key (to generate ciphertext_c) */ -#define NVS_IV "esp_ds_iv" static const char *TAG = "MQTTS_EXAMPLE"; -extern const uint8_t client_cert_pem_start[] asm("_binary_client_crt_start"); -extern const uint8_t client_cert_pem_end[] asm("_binary_client_crt_end"); extern const uint8_t server_cert_pem_start[] asm("_binary_mosquitto_org_crt_start"); extern const uint8_t server_cert_pem_end[] asm("_binary_mosquitto_org_crt_end"); @@ -109,80 +94,23 @@ static void mqtt_event_handler(void *handler_args, esp_event_base_t base, int32_ } } -void *esp_read_ds_data_from_nvs(void) -{ - esp_ds_data_ctx_t *ds_data_ctx; - ds_data_ctx = (esp_ds_data_ctx_t *)malloc(sizeof(esp_ds_data_ctx_t)); - if (ds_data_ctx == NULL) { - ESP_LOGE(TAG, "Error in allocating memory for esp_ds_data_context"); - goto exit; - } - - ds_data_ctx->esp_ds_data = (esp_ds_data_t *)calloc(1, sizeof(esp_ds_data_t)); - if (ds_data_ctx->esp_ds_data == NULL) { - ESP_LOGE(TAG, "Could not allocate memory for DS data handle "); - goto exit; - } - - nvs_handle_t esp_ds_nvs_handle; - esp_err_t esp_ret; - esp_ret = nvs_flash_init_partition(NVS_PARTITION_NAME); - if (esp_ret != ESP_OK) { - ESP_LOGE(TAG, "Error in esp_ds_nvs partition init,\nreturned %02x (%s)", esp_ret, esp_err_to_name(esp_ret)); - goto exit; - } - - esp_ret = nvs_open_from_partition(NVS_PARTITION_NAME, NVS_NAMESPACE, - NVS_READONLY, &esp_ds_nvs_handle); - if (esp_ret != ESP_OK) { - ESP_LOGE(TAG, "Error in esp_ds_nvs partition open,\nreturned %02x (%s)", esp_ret, esp_err_to_name(esp_ret)); - goto exit; - } - - esp_ret = nvs_get_u8(esp_ds_nvs_handle, NVS_EFUSE_KEY_ID, &ds_data_ctx->efuse_key_id); - if (esp_ret != ESP_OK) { - ESP_LOGE(TAG, "Error in efuse_key_id value from nvs,\nreturned %02x (%s)", esp_ret, esp_err_to_name(esp_ret)); - goto exit; - } - - esp_ret = nvs_get_u16(esp_ds_nvs_handle, NVS_RSA_LEN, &ds_data_ctx->rsa_length_bits); - if (esp_ret != ESP_OK) { - ESP_LOGE(TAG, "Error in reading rsa key length value from nvs,\nreturned %02x (%s)", esp_ret, esp_err_to_name(esp_ret)); - goto exit; - } - - size_t blob_length = ESP_DS_C_LEN; - esp_ret = nvs_get_blob(esp_ds_nvs_handle, NVS_CIPHER_C, (void *)(ds_data_ctx->esp_ds_data->c), &blob_length); - if ((esp_ret != ESP_OK) || (blob_length != ESP_DS_C_LEN)) { - ESP_LOGE(TAG, "Error in reading ciphertext_c value from nvs,bytes_read = %d,\nreturned %02x (%s)", blob_length, esp_ret, esp_err_to_name(esp_ret)); - goto exit; - } - - blob_length = ESP_DS_IV_LEN; - esp_ret = nvs_get_blob(esp_ds_nvs_handle, NVS_IV, (void *)(ds_data_ctx->esp_ds_data->iv), &blob_length); - if ((esp_ret != ESP_OK) || (blob_length != ESP_DS_IV_LEN)) { - ESP_LOGE(TAG, "Error in reading initialization vector value from nvs,bytes_read = %d,\nreturned %02x (%s)", blob_length, esp_ret, esp_err_to_name(esp_ret)); - goto exit; - } - - return (void *)ds_data_ctx; -exit: - if (ds_data_ctx != NULL) { - free(ds_data_ctx->esp_ds_data); - } - free(ds_data_ctx); - return NULL; -} - static void mqtt_app_start(void) { - /* The context is used by the DS peripheral, should not be freed */ - void *ds_data = esp_read_ds_data_from_nvs(); + esp_ds_data_ctx_t *ds_data = esp_secure_cert_get_ds_ctx(); if (ds_data == NULL) { ESP_LOGE(TAG, "Error in reading DS data from NVS"); vTaskDelete(NULL); } + char *device_cert = NULL; + esp_err_t ret; + uint32_t len; + ret = esp_secure_cert_get_device_cert(&device_cert, &len); + if (ret != ESP_OK) { + ESP_LOGE(TAG, "Failed to obtain the device certificate"); + vTaskDelete(NULL); + } + const esp_mqtt_client_config_t mqtt_cfg = { .broker = { .address.uri = "mqtts://test.mosquitto.org:8884", @@ -190,9 +118,9 @@ static void mqtt_app_start(void) }, .credentials = { .authentication = { - .certificate = (const char *)client_cert_pem_start, + .certificate = (const char *)device_cert, .key = NULL, - .ds_data = ds_data + .ds_data = (void *)ds_data }, }, }; diff --git a/examples/protocols/mqtt/ssl_ds/main/client.crt b/examples/protocols/mqtt/ssl_ds/main/client.crt deleted file mode 100644 index 7a3074b907..0000000000 --- a/examples/protocols/mqtt/ssl_ds/main/client.crt +++ /dev/null @@ -1 +0,0 @@ -Please paste your client certificate here (follow instructions in README.md) diff --git a/examples/protocols/mqtt/ssl_ds/partitions.csv b/examples/protocols/mqtt/ssl_ds/partitions.csv index 2e1b23d522..d59df069f5 100644 --- a/examples/protocols/mqtt/ssl_ds/partitions.csv +++ b/examples/protocols/mqtt/ssl_ds/partitions.csv @@ -1,6 +1,6 @@ # ESP-IDF Partition Table # Name, Type, SubType, Offset, Size, Flags -nvs,data,nvs,0x9000,24K, -phy_init,data,phy,0xf000,4K, -pre_prov,data,nvs,0x10000,0x3000, +esp_secure_cert,0x3F,,0xD000,0x2000, +nvs,data,nvs,,24K, +phy_init,data,phy,,4K, factory,app,factory,0x20000,1M,