diff --git a/README.md b/README.md index ba18031..d925fd6 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,45 @@ -# Certificate authority on ESP32 -Used examples in this project +# Certifikacna autorita na procesore ESP32 +Softverova kniznica: ESP-IDF v4.2-dev-792-g6330b3345-dirty + +Struktura projektu: +/.vscode/-c_cpp_properties.json #podpora C/C++ v projekte pre VS Code + /launch.json # GDB debugger +/components/ca/-ca.c + -gen_key.c + /cmd_nvs/-cmd_nvs.c + /cmd_system/-cmd_system.c + /display/-display.c + /files/-file.c + /https_server/-https_server.c + /-url_decoder.c + /wifi/wifi.c + /@lv_port_esp32 #graficka kniznica +/main/main.c +/partitions_example.csv + +Stiahnutie projektu: +git clone git@git.kemt.fei.tuke.sk:db195kv/bakalarka.git +git submodule update --init --recursive + + + +Vyuzitie projektu na procesore ESP32: +Used static DRAM: 124440 bytes ( 56296 available, 68.9% used) +Used static IRAM: 97948 bytes ( 33124 available, 74.7% used) +Total image size:~1162779 bytes + + + +Pouzite priklady v projekte * https://github.com/espressif/esp-idf/tree/master/examples/wifi/getting_started/station * https://github.com/espressif/esp-idf/tree/master/examples/protocols/https_server * https://github.com/espressif/esp-idf/tree/master/examples/system/console * https://github.com/ARMmbed/mbedtls/blob/development/programs/pkey/gen_key.c -* https://github.com/ARMmbed/mbedtls/blob/development/programs/x509/cert_write.c \ No newline at end of file +* https://github.com/ARMmbed/mbedtls/blob/development/programs/x509/cert_write.c + + + +gen_key type=ec output_file=/spiffs/server_key.key +write_cert selfsign=1 issuer_key=/spiffs/keyfile.key issuer_name=CN=ESP32_CA,O=TUKE,C=SK is_ca=1 output_file=/spiffs/ca.crt +write_cert issuer_key=/spiffs/keyfile.key issuer_crt=/spiffs/ca.crt output_file=/spiffs/server.crt +write_cert request_file=/spiffs/certsignreq.csr issuer_key=/spiffs/keyfile.key issuer_crt=/spiffs/ca.crt output_file=/spiffs/user.crt \ No newline at end of file diff --git a/components/ca/ca.c b/components/ca/ca.c index c1520bb..79624a4 100644 --- a/components/ca/ca.c +++ b/components/ca/ca.c @@ -76,7 +76,7 @@ int main( void ) #else #define USAGE_CSR "" #endif /* MBEDTLS_X509_CSR_PARSE_C */ - +/*predvolene hodnoty pre certifikat*/ #define DFL_ISSUER_CRT "" #define DFL_REQUEST_FILE "" #define DFL_SUBJECT_KEY "/spiffs/subject.key" @@ -99,7 +99,7 @@ int main( void ) #define DFL_SUBJ_IDENT 1 #define DFL_CONSTRAINTS 1 #define DFL_DIGEST MBEDTLS_MD_SHA256 - +/*V pripade zle zadanych argumentov vypise USAGE*/ #define USAGE \ "\n usage: cert_write param=<>...\n" \ "\n acceptable parameters:\n" \ @@ -186,20 +186,20 @@ struct options int authority_identifier; /* add authority identifier to CRT */ int subject_identifier; /* add subject identifier to CRT */ int basic_constraints; /* add basic constraints ext to CRT */ - int version; /* CRT version */ + int version; /* CRT version b */ mbedtls_md_type_t md; /* Hash used for signing */ unsigned char key_usage; /* key usage flags */ unsigned char ns_cert_type; /* NS cert type */ } opt; +/*struktura pre ulozenie vsetkych argumentov v pamati z dovodu dealokacie povodnych obdrzanych z konzoly*/ struct pass_args { int argc; char **argv; }; - - struct pass_args global_arg; +/*Funkcia pre zapis certifikatu do suboru*/ int write_certificate( mbedtls_x509write_cert *crt, const char *output_file, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) @@ -211,6 +211,7 @@ int write_certificate( mbedtls_x509write_cert *crt, const char *output_file, memset( output_buf, 0, 4096 ); vTaskDelay(15); + /*Zapis certifikatu do premennej output_buff vo formate pem */ if( ( ret = mbedtls_x509write_crt_pem( crt, output_buf, 4096, f_rng, p_rng ) ) < 0 ) return( ret ); @@ -230,9 +231,10 @@ int write_certificate( mbedtls_x509write_cert *crt, const char *output_file, return( 0 ); } - +/*Logika pre vytvaranie certifikatov*/ static int connect( int argc, char *argv[] ) { + /*Definicia premennych*/ int ret = 1; int exit_code = MBEDTLS_EXIT_FAILURE; mbedtls_x509_crt issuer_crt; @@ -251,11 +253,9 @@ static int connect( int argc, char *argv[] ) mbedtls_mpi serial; mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; - const char *pers = "crt example app"; + const char *pers = "crt app"; - /* - * Set to sane values - */ + /*Nastavenie hodnot premennych*/ mbedtls_x509write_crt_init( &crt ); mbedtls_pk_init( &loaded_issuer_key ); mbedtls_pk_init( &loaded_subject_key ); @@ -274,7 +274,7 @@ static int connect( int argc, char *argv[] ) mbedtls_printf( USAGE ); goto exit; } - + /*Priradenie defaultnych hodnot do struktury options */ opt.issuer_crt = DFL_ISSUER_CRT; opt.request_file = DFL_REQUEST_FILE; opt.subject_key = DFL_SUBJECT_KEY; @@ -297,11 +297,14 @@ static int connect( int argc, char *argv[] ) opt.subject_identifier = DFL_SUBJ_IDENT; opt.authority_identifier = DFL_AUTH_IDENT; opt.basic_constraints = DFL_CONSTRAINTS; - + /*Nacitavanie hodnot z argumentov */ for( i = 1; i < argc; i++ ) { - + p = argv[i]; + /*rozdelenie argumentu na dva stringy + *prvy string p znaci do ktorej premennej sa budu ukladat hodnoty zo stringu q + */ if( ( q = strchr( p, '=' ) ) == NULL ) goto usage; *q++ = '\0'; @@ -515,7 +518,7 @@ static int connect( int argc, char *argv[] ) mbedtls_printf( " ok\n" ); - // Parse serial to MPI + // Nacitanie serioveho cisla // mbedtls_printf( " . Reading serial number..." ); fflush( stdout ); @@ -523,17 +526,18 @@ static int connect( int argc, char *argv[] ) FILE* f; f = fopen( opt.serial, "w+" ); - + //Nacitavanie serioveho cisla do premennej typu mpi zo suboru if( ( ret = mbedtls_mpi_read_file(&serial,10,f) ) != 0 ) - { + {//ak subor neexistuje tak sa nacita seriove cislo zo stringu "1" mbedtls_mpi_read_string( &serial, 10, "1"); // mbedtls_strerror( ret, buf, 1024 ); // mbedtls_printf( " failed\n ! mbedtls_mpi_read_string " // "returned -0x%04x - %s\n\n", -ret, buf ); //goto exit; } + /*Zvysenie serioveho cisla o +1*/ mbedtls_mpi_add_int(&serial,&serial,1); - + /*Zapis serioveho cisla do suboru*/ mbedtls_mpi_write_file(NULL,&serial,10,f); fclose( f ); @@ -549,7 +553,7 @@ static int connect( int argc, char *argv[] ) */ mbedtls_printf( " . Loading the issuer certificate ..." ); fflush( stdout ); - + //Nacitanie certifikatu certifikacnej autority zo suboru if( ( ret = mbedtls_x509_crt_parse_file( &issuer_crt, opt.issuer_crt ) ) != 0 ) { mbedtls_strerror( ret, buf, 1024 ); @@ -843,13 +847,16 @@ exit: return( exit_code ); } + static void ca_task_run(void *parameter){ - + /*Pretypovanie parametra na strukturu pass_args*/ struct pass_args local = *(struct pass_args*)parameter; + /*Logika pre vytvaranie certifikatov*/ connect(local.argc,local.argv); + /*Po vykonani funkcie connect sa uloha ukonci*/ vTaskDelete(NULL); } - +/*Funkcia skopiruje hodnoty v parametroch a vytvori ulohu na vytvaranie certifikatov*/ void task_create_ca(const int argc, const char *argv[]){ global_arg.argc = argc; int ii; @@ -859,15 +866,15 @@ void task_create_ca(const int argc, const char *argv[]){ strcpy(global_arg.argv[ii], argv[ii]); } - + /*vytvorenie ulohy kde sa bude vykonavat funkcia ca_task_run s argumentmi na druhom jadre s vysokou prioritou*/ xTaskCreatePinnedToCore(&ca_task_run,"cert_write",23000,&global_arg,30,NULL,1); - //xTaskCreate(&task_run,"gen_key",20000,NULL,12,NULL); } +/*Zaregistrovanie prikazu write_cert*/ void register_ca(void) { - const esp_console_cmd_t join_cmd = { + const esp_console_cmd_t ca_cmd = { .command = "write_cert", .help = "Write Certificate from CSR", .hint = NULL, @@ -875,7 +882,7 @@ void register_ca(void) .argtable = NULL }; - ESP_ERROR_CHECK( esp_console_cmd_register(&join_cmd) ); + ESP_ERROR_CHECK( esp_console_cmd_register(&ca_cmd) ); } #endif /* MBEDTLS_X509_CRT_WRITE_C && MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C && diff --git a/components/ca/gen_key.c b/components/ca/gen_key.c index 4444c7a..521c66a 100644 --- a/components/ca/gen_key.c +++ b/components/ca/gen_key.c @@ -58,7 +58,7 @@ #include #define DEV_RANDOM_THRESHOLD 32 - +/*struktura pre ulozenie vsetkych argumentov v pamati z dovodu dealokacie povodnych obdrzanych z konzoly*/ struct pass_args { int argc; @@ -464,9 +464,11 @@ exit: static void task_run(void *parameter){ - + /*Pretypovanie parametra na strukturu pass_args*/ struct pass_args local = *(struct pass_args*)parameter; + /*Logika pre vytvaranie klucov*/ connect(local.argc,local.argv); + /*Po vykonani funkcie connect sa uloha ukonci*/ vTaskDelete(NULL); } static void task_create(const int argc, const char *argv[]){ @@ -477,15 +479,10 @@ static void task_create(const int argc, const char *argv[]){ global_arg.argv[ii] = malloc(strlen(argv[ii])+1); strcpy(global_arg.argv[ii], argv[ii]); } - - - - - + /*vytvorenie ulohy kde sa bude vykonavat funkcia task_create_ca s argumentmi na druhom jadre s vysokou prioritou*/ xTaskCreatePinnedToCore(&task_run,"gen_key",40000,&global_arg,12,NULL,1); - //xTaskCreate(&task_run,"gen_key",20000,NULL,12,NULL); } - +/*Zaregistrovanie prikazu write_cert*/ void register_gen_key(void) { diff --git a/components/display/display.c b/components/display/display.c index d9a7f7b..741b656 100644 --- a/components/display/display.c +++ b/components/display/display.c @@ -1,13 +1,4 @@ -/* LVGL Example project - * - * Basic project to test LVGL on ESP32 based projects. - * - * This example code is in the Public Domain (or CC0 licensed, at your option.) - * - * Unless required by applicable law or agreed to in writing, this - * software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR - * CONDITIONS OF ANY KIND, either express or implied. - */ + #include #include #include @@ -43,15 +34,18 @@ #include "wifi.h" - +/*objekty ktorych hodnoty sa mozu menit inymi funkciami*/ static lv_obj_t* win; static lv_obj_t* table; -extern esp_netif_t *sta_netif; static lv_obj_t* label_bottom; +//ulozena instancia esp_netif objektu v tomto pripade potrebna kvoli zobrazeniu ip adresy na displej +extern esp_netif_t *sta_netif; static void IRAM_ATTR lv_tick_task(void *arg); +//vytvorenie sablony zobrazenej na displeji static lv_obj_t * status_create(void); +//doplnenie hodnot do tabulky static void fill_the_table(); @@ -109,6 +103,7 @@ void guiTask(void* parameter) { if (xSemaphoreTake(xGuiSemaphore, (TickType_t)10) == pdTRUE) { lv_task_handler(); xSemaphoreGive(xGuiSemaphore); + //aktualizovanie hodnot v tabulke fill_the_table(buff); } diff --git a/components/files/file.c b/components/files/file.c index 537635c..25717f8 100644 --- a/components/files/file.c +++ b/components/files/file.c @@ -16,7 +16,7 @@ static const char *TAG = "SPIFFS"; .max_files = 20, .format_if_mount_failed = true }; - +//inicializacia SPIFFS suboroveho systemu void init_memory(){ ESP_LOGI(TAG, "Initializing SPIFFS"); @@ -46,11 +46,7 @@ ESP_LOGI(TAG, "Initializing SPIFFS"); } } -void close_memory(){ - esp_vfs_spiffs_unregister(conf.partition_label); - ESP_LOGI(TAG, "SPIFFS unmounted"); -} - +//vytvorenie suboru s hodnotou zadanou v druhom parametri void create_file(char adresa[],char comment[]){ ESP_LOGI(TAG, "Opening file"); FILE* f = fopen(adresa, "w"); @@ -63,7 +59,7 @@ void create_file(char adresa[],char comment[]){ ESP_LOGI(TAG, "File written"); } - +//Citanie existujuceho suboru na uart void read_file(char adresa[]){ char line[120]; ESP_LOGI(TAG, "Reading file"); diff --git a/components/https_server/https_server.c b/components/https_server/https_server.c index 182b234..99176f6 100644 --- a/components/https_server/https_server.c +++ b/components/https_server/https_server.c @@ -26,7 +26,7 @@ /* A simple example that demonstrates how to create GET and POST * handlers and start an HTTPS server. */ - +/* struct pass_args { int argc; @@ -34,8 +34,8 @@ struct pass_args }; -struct pass_args global_arg_task; - +//struct pass_args global_arg_task; +*/ static const char *TAG = "server"; TaskHandle_t xHandleServer = NULL; @@ -114,10 +114,10 @@ static esp_err_t echo_post_handler(httpd_req_t *req) } strcat(formatted_out,csr_end); printf("%s",formatted_out); - + //Hodnoty predavane ulohe cert_write pre generovanie certifikatov pod CA const int argc = 5; const char* argv[] = {"write_cert","request_file=/spiffs/certsignreq.csr","issuer_key=/spiffs/keyfile.key","issuer_crt=/spiffs/ca.crt","output_file=/spiffs/user.crt"}; - global_arg_task.argc = argc; + //global_arg_task.argc = argc; //global_arg_task.argv = argv; /* int ii; @@ -126,15 +126,16 @@ static esp_err_t echo_post_handler(httpd_req_t *req) global_arg_task.argv[ii] = malloc(strlen(argv[ii])+1); strcpy(global_arg_task.argv[ii], argv[ii]); } -*/ +*/ /*Ulozenie CSR requestu*/ create_file("/spiffs/certsignreq.csr",formatted_out); + /*Volanie funkcie pre vytvorenie ulohy podpisu certifikatu*/ task_create_ca(argc,argv); memset(buf,'\0',sizeof(buf)-1); memset(buffered_out, '\0', strlen(url)); memset(formatted_out, '\0', strlen(url)); vTaskDelay(400); - /*nahradenie LF znaku za CRLF kvoli HTTP serveru */ + /*nahradenie LF znaku za CRLF v certifikate kvoli HTTP serveru */ FILE* f = fopen("/spiffs/user.crt", "r"); if(f!=NULL){ while(fgets(buffered_out, sizeof(buffered_out)-1, f)){ @@ -144,7 +145,7 @@ static esp_err_t echo_post_handler(httpd_req_t *req) fclose(f); - + /*Rozdelenie certifikatu do tokenov*/ token = NULL; token = strtok(buf, "\n"); @@ -175,7 +176,7 @@ static const httpd_uri_t echo = { .handler = echo_post_handler, .user_ctx = NULL }; - +/*Registrovanie URI*/ static const httpd_uri_t root = { .uri = "/", .method = HTTP_GET, @@ -189,20 +190,20 @@ static httpd_handle_t start_webserver(void) // Start the httpd server ESP_LOGI(TAG, "Starting server"); - + //Inicializacia konfiguracie pre http server httpd_ssl_config_t conf = HTTPD_SSL_CONFIG_DEFAULT(); conf.httpd.stack_size = 12000; - + //pridanie certifikatu do konfiguracie extern const unsigned char cacert_pem_start[] asm("_binary_cacert_pem_start"); extern const unsigned char cacert_pem_end[] asm("_binary_cacert_pem_end"); conf.cacert_pem = cacert_pem_start; conf.cacert_len = cacert_pem_end - cacert_pem_start; - + //pridanie sukromneho kluca do konfiguracie extern const unsigned char prvtkey_pem_start[] asm("_binary_prvtkey_pem_start"); extern const unsigned char prvtkey_pem_end[] asm("_binary_prvtkey_pem_end"); conf.prvtkey_pem = prvtkey_pem_start; conf.prvtkey_len = prvtkey_pem_end - prvtkey_pem_start; - + //vytvorenie HTTP + SSL servera esp_err_t ret = httpd_ssl_start(&server, &conf); if (ESP_OK != ret) { ESP_LOGI(TAG, "Error starting server!"); diff --git a/components/wifi/wifi.c b/components/wifi/wifi.c index 91e913c..d141630 100644 --- a/components/wifi/wifi.c +++ b/components/wifi/wifi.c @@ -41,10 +41,14 @@ static void initialise_wifi(void) wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT(); /*Inicializacia wifi drivera*/ ESP_ERROR_CHECK( esp_wifi_init(&cfg) ); + //registrovanie eventov do event loopu ESP_ERROR_CHECK( esp_event_handler_register(WIFI_EVENT, WIFI_EVENT_STA_DISCONNECTED, &event_handler, NULL) ); ESP_ERROR_CHECK( esp_event_handler_register(IP_EVENT, IP_EVENT_STA_GOT_IP, &event_handler, NULL) ); + //Ukladanie wifi konfiguracie do RAM ESP_ERROR_CHECK( esp_wifi_set_storage(WIFI_STORAGE_RAM) ); + ESP_ERROR_CHECK( esp_wifi_set_mode(WIFI_MODE_NULL) ); + ESP_ERROR_CHECK( esp_wifi_start() ); initialized = true; diff --git a/main/main.c b/main/main.c index f4ee946..6b6a1a3 100644 --- a/main/main.c +++ b/main/main.c @@ -59,24 +59,9 @@ static const char* TAG = "konzola"; * The easiest way to do this is to use FATFS filesystem on top of * wear_levelling library. */ +/*Historia prikazov moze byt ukladana a nacitana zo suboru*/ #if CONFIG_STORE_HISTORY - -#define MOUNT_PATH "/data" -#define HISTORY_PATH MOUNT_PATH "/history.txt" - -static void initialize_filesystem(void) -{ - static wl_handle_t wl_handle; - const esp_vfs_fat_mount_config_t mount_config = { - .max_files = 4, - .format_if_mount_failed = true - }; - esp_err_t err = esp_vfs_fat_spiflash_mount(MOUNT_PATH, "storage_fat", &mount_config, &wl_handle); - if (err != ESP_OK) { - ESP_LOGE(TAG, "Failed to mount FATFS (%s)", esp_err_to_name(err)); - return; - } -} +#define HISTORY_PATH "/spiffs/history.txt" #endif // CONFIG_STORE_HISTORY static void initialize_nvs(void) @@ -160,8 +145,6 @@ void app_main(void) init_memory(); #if CONFIG_STORE_HISTORY - /*Inicializacia FATFS*/ - initialize_filesystem(); ESP_LOGI(TAG, "Command history enabled"); #else ESP_LOGI(TAG, "Command history disabled"); @@ -170,15 +153,26 @@ void app_main(void) ESP_ERROR_CHECK(esp_netif_init()); /*Vytvorenie specialneho event loopu pre systemove eventy*/ ESP_ERROR_CHECK(esp_event_loop_create_default()); + initialize_console(); /* Registrovanie príkazov */ + /*Registrovanie prikazu help ktory vypise vsetky prikazy*/ esp_console_register_help_command(); + /*Registrovanie prikazov free pre zobrazenie aktualnej velkosti zasobnika, + *heap pre zobrazenie velkosti zasobnika pri spusteni zariadenia, + *restart pre restartovanie zariadenia, + */ register_system(); + /*Registrovanie prikazu join pre pripojenie na wifi*/ register_wifi(); + // register_nvs(); + /*Registrovanie prikazu write_cert pre vytvorenie certifikatov*/ register_ca(); + /*Registrovanie prikazu server_on pre HTTP + SSL servera*/ register_server(); + /*Registrovanie prikazu pre generovanie verejnych klucov*/ register_gen_key(); @@ -194,7 +188,6 @@ void app_main(void) const char* prompt = LOG_COLOR_I "esp32> " LOG_RESET_COLOR; printf("\n" - "This is an example of ESP-IDF console component.\n" "Type 'help' to get the list of commands.\n" "Use UP/DOWN arrows to navigate through command history.\n" "Press TAB when typing command name to auto-complete.\n"); @@ -233,6 +226,9 @@ void app_main(void) /* Try to run the command */ int ret; + /*Rozparsovanie riadku na argumenty, prvy argument je brany ako prikaz + *v pripade ze prikaz nie je registrovany tak funkcia vrati hodnotu ESP_ERR_NOT_FOUND + */ esp_err_t err = esp_console_run(line, &ret); if (err == ESP_ERR_NOT_FOUND) { printf("Unrecognized command\n");