0.0.9

2020-04-05 12:27:20 +02:00 · 2020-04-05 12:27:20 +02:00 · 7cda2704e7
commit 7cda2704e7
parent bd7044b397
8 changed files with 122 additions and 88 deletions
--- a/README.md
+++ b/README.md
@ -1,7 +1,45 @@
-# Certificate authority on ESP32
+# Certifikacna autorita na procesore ESP32
-Used examples in this project
+Softverova kniznica: ESP-IDF v4.2-dev-792-g6330b3345-dirty
 Struktura projektu:
 /.vscode/-c_cpp_properties.json #podpora C/C++ v projekte pre VS Code
        /launch.json # GDB debugger
 /components/ca/-ca.c
               -gen_key.c
            /cmd_nvs/-cmd_nvs.c
            /cmd_system/-cmd_system.c
            /display/-display.c
            /files/-file.c
            /https_server/-https_server.c  
                         /-url_decoder.c
            /wifi/wifi.c
            /@lv_port_esp32 #graficka kniznica 
 /main/main.c
 /partitions_example.csv
 Stiahnutie projektu:
 git clone git@git.kemt.fei.tuke.sk:db195kv/bakalarka.git
 git submodule update --init --recursive
 Vyuzitie projektu na procesore ESP32: 
 Used static DRAM:  124440 bytes (  56296 available, 68.9% used)
 Used static IRAM:   97948 bytes (  33124 available, 74.7% used)
 Total image size:~1162779 bytes
 Pouzite priklady v projekte
 * https://github.com/espressif/esp-idf/tree/master/examples/wifi/getting_started/station
 * https://github.com/espressif/esp-idf/tree/master/examples/protocols/https_server
 * https://github.com/espressif/esp-idf/tree/master/examples/system/console
 * https://github.com/ARMmbed/mbedtls/blob/development/programs/pkey/gen_key.c
 * https://github.com/ARMmbed/mbedtls/blob/development/programs/x509/cert_write.c
 gen_key type=ec output_file=/spiffs/server_key.key
 write_cert selfsign=1 issuer_key=/spiffs/keyfile.key issuer_name=CN=ESP32_CA,O=TUKE,C=SK is_ca=1 output_file=/spiffs/ca.crt
 write_cert issuer_key=/spiffs/keyfile.key issuer_crt=/spiffs/ca.crt output_file=/spiffs/server.crt
 write_cert request_file=/spiffs/certsignreq.csr issuer_key=/spiffs/keyfile.key issuer_crt=/spiffs/ca.crt output_file=/spiffs/user.crt
--- a/components/ca/ca.c
+++ b/components/ca/ca.c
@ -76,7 +76,7 @@ int main( void )
 #else
 #define USAGE_CSR ""
 #endif /* MBEDTLS_X509_CSR_PARSE_C */
-
+/*predvolene hodnoty pre certifikat*/
 #define DFL_ISSUER_CRT          ""
 #define DFL_REQUEST_FILE        ""
 #define DFL_SUBJECT_KEY         "/spiffs/subject.key"
@ -99,7 +99,7 @@ int main( void )
 #define DFL_SUBJ_IDENT          1
 #define DFL_CONSTRAINTS         1
 #define DFL_DIGEST              MBEDTLS_MD_SHA256
-
+/*V pripade zle zadanych argumentov vypise USAGE*/
 #define USAGE \
    "\n usage: cert_write param=<>...\n"                \
    "\n acceptable parameters:\n"                       \
@ -186,20 +186,20 @@ struct options
    int authority_identifier;   /* add authority identifier to CRT      */
    int subject_identifier;     /* add subject identifier to CRT        */
    int basic_constraints;      /* add basic constraints ext to CRT     */
-    int version;                /* CRT version                          */
+    int version;                /* CRT version                     b     */
    mbedtls_md_type_t md;       /* Hash used for signing                */
    unsigned char key_usage;    /* key usage flags                      */
    unsigned char ns_cert_type; /* NS cert type                         */
 } opt;
 /*struktura pre ulozenie vsetkych argumentov v pamati z dovodu dealokacie povodnych obdrzanych z konzoly*/
 struct pass_args
 {
    int argc;
    char **argv;
 };
 struct pass_args global_arg;
 /*Funkcia pre zapis certifikatu do suboru*/
 int write_certificate( mbedtls_x509write_cert *crt, const char *output_file,
                       int (*f_rng)(void *, unsigned char *, size_t),
                       void *p_rng )
@ -211,6 +211,7 @@ int write_certificate( mbedtls_x509write_cert *crt, const char *output_file,
    memset( output_buf, 0, 4096 );
    vTaskDelay(15);
    /*Zapis certifikatu do premennej output_buff vo formate pem */
    if( ( ret = mbedtls_x509write_crt_pem( crt, output_buf, 4096,
                                           f_rng, p_rng ) ) < 0 )
        return( ret );
@ -230,9 +231,10 @@ int write_certificate( mbedtls_x509write_cert *crt, const char *output_file,
    return( 0 );
 }
-
+/*Logika pre vytvaranie certifikatov*/
 static int connect( int argc, char *argv[] )
 {
    /*Definicia premennych*/
    int ret = 1;
    int exit_code = MBEDTLS_EXIT_FAILURE;
    mbedtls_x509_crt issuer_crt;
@ -251,11 +253,9 @@ static int connect( int argc, char *argv[] )
    mbedtls_mpi serial;
    mbedtls_entropy_context entropy;
    mbedtls_ctr_drbg_context ctr_drbg;
-    const char *pers = "crt example app";
+    const char *pers = "crt app";
-    /*
+    /*Nastavenie hodnot premennych*/
     * Set to sane values
     */
    mbedtls_x509write_crt_init( &crt );
    mbedtls_pk_init( &loaded_issuer_key );
    mbedtls_pk_init( &loaded_subject_key );
@ -274,7 +274,7 @@ static int connect( int argc, char *argv[] )
        mbedtls_printf( USAGE );
        goto exit;
    }
-
+    /*Priradenie defaultnych hodnot do struktury options */
    opt.issuer_crt          = DFL_ISSUER_CRT;
    opt.request_file        = DFL_REQUEST_FILE;
    opt.subject_key         = DFL_SUBJECT_KEY;
@ -297,11 +297,14 @@ static int connect( int argc, char *argv[] )
    opt.subject_identifier   = DFL_SUBJ_IDENT;
    opt.authority_identifier = DFL_AUTH_IDENT;
    opt.basic_constraints    = DFL_CONSTRAINTS;
-
+    /*Nacitavanie hodnot z argumentov */
    for( i = 1; i < argc; i++ )
    {
        p = argv[i];
        /*rozdelenie argumentu na dva stringy
         *prvy string p znaci do ktorej premennej sa budu ukladat hodnoty zo stringu q
         */
        if( ( q = strchr( p, '=' ) ) == NULL )
            goto usage;
        *q++ = '\0';
@ -515,7 +518,7 @@ static int connect( int argc, char *argv[] )
    mbedtls_printf( " ok\n" );
-    // Parse serial to MPI
+    // Nacitanie serioveho cisla 
    //
    mbedtls_printf( "  . Reading serial number..." );
    fflush( stdout );
@ -523,17 +526,18 @@ static int connect( int argc, char *argv[] )
    FILE* f;
    f = fopen( opt.serial, "w+" );
-    
+    //Nacitavanie serioveho cisla do premennej typu mpi zo suboru
    if( ( ret = mbedtls_mpi_read_file(&serial,10,f) ) != 0 )
-    {
+    {//ak subor neexistuje tak sa nacita seriove cislo zo stringu "1"
        mbedtls_mpi_read_string( &serial, 10, "1");
       // mbedtls_strerror( ret, buf, 1024 );
       // mbedtls_printf( " failed\n  !  mbedtls_mpi_read_string "
        //                "returned -0x%04x - %s\n\n", -ret, buf );
        //goto exit;
    }
    /*Zvysenie serioveho cisla o +1*/
    mbedtls_mpi_add_int(&serial,&serial,1);
-
+    /*Zapis serioveho cisla do suboru*/
    mbedtls_mpi_write_file(NULL,&serial,10,f);
    fclose( f );
@ -549,7 +553,7 @@ static int connect( int argc, char *argv[] )
         */
        mbedtls_printf( "  . Loading the issuer certificate ..." );
        fflush( stdout );
-
+        //Nacitanie certifikatu certifikacnej autority zo suboru
        if( ( ret = mbedtls_x509_crt_parse_file( &issuer_crt, opt.issuer_crt ) ) != 0 )
        {
            mbedtls_strerror( ret, buf, 1024 );
@ -843,13 +847,16 @@ exit:
    return( exit_code );
 }
 static void ca_task_run(void *parameter){
 static void ca_task_run(void *parameter){
    /*Pretypovanie parametra na strukturu pass_args*/    
    struct pass_args local = *(struct pass_args*)parameter;
    /*Logika pre vytvaranie certifikatov*/
    connect(local.argc,local.argv);
    /*Po vykonani funkcie connect sa uloha ukonci*/
    vTaskDelete(NULL);
 }
-
+/*Funkcia skopiruje hodnoty v parametroch a vytvori ulohu na vytvaranie certifikatov*/
 void task_create_ca(const int argc, const char *argv[]){
    global_arg.argc = argc;
    int ii;
@ -859,15 +866,15 @@ void task_create_ca(const int argc, const char *argv[]){
    strcpy(global_arg.argv[ii], argv[ii]);
  }
-
+    /*vytvorenie ulohy kde sa bude vykonavat funkcia ca_task_run s argumentmi na druhom jadre s vysokou prioritou*/
    xTaskCreatePinnedToCore(&ca_task_run,"cert_write",23000,&global_arg,30,NULL,1);
    //xTaskCreate(&task_run,"gen_key",20000,NULL,12,NULL);
 }
 /*Zaregistrovanie prikazu write_cert*/
 void register_ca(void)
 {
-    const esp_console_cmd_t join_cmd = {
+    const esp_console_cmd_t ca_cmd = {
        .command = "write_cert",
        .help = "Write Certificate from CSR",
        .hint = NULL,
@ -875,7 +882,7 @@ void register_ca(void)
        .argtable = NULL
    };
-    ESP_ERROR_CHECK( esp_console_cmd_register(&join_cmd) );
+    ESP_ERROR_CHECK( esp_console_cmd_register(&ca_cmd) );
 }
 #endif /* MBEDTLS_X509_CRT_WRITE_C && MBEDTLS_X509_CRT_PARSE_C &&
          MBEDTLS_FS_IO && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
--- a/components/ca/gen_key.c
+++ b/components/ca/gen_key.c
@ -58,7 +58,7 @@
 #include <unistd.h>
 #define DEV_RANDOM_THRESHOLD        32
-
+/*struktura pre ulozenie vsetkych argumentov v pamati z dovodu dealokacie povodnych obdrzanych z konzoly*/
 struct pass_args
 {
    int argc;
@ -464,9 +464,11 @@ exit:
 static void task_run(void *parameter){
-    
+    /*Pretypovanie parametra na strukturu pass_args*/    
    struct pass_args local = *(struct pass_args*)parameter;
    /*Logika pre vytvaranie klucov*/
    connect(local.argc,local.argv);
    /*Po vykonani funkcie connect sa uloha ukonci*/
    vTaskDelete(NULL);
 }
 static void task_create(const int argc, const char *argv[]){
@ -477,15 +479,10 @@ static void task_create(const int argc, const char *argv[]){
    global_arg.argv[ii] = malloc(strlen(argv[ii])+1);
    strcpy(global_arg.argv[ii], argv[ii]);
  }
-  
+    /*vytvorenie ulohy kde sa bude vykonavat funkcia task_create_ca s argumentmi na druhom jadre s vysokou prioritou*/
    xTaskCreatePinnedToCore(&task_run,"gen_key",40000,&global_arg,12,NULL,1);
    //xTaskCreate(&task_run,"gen_key",20000,NULL,12,NULL);
 }
-
+/*Zaregistrovanie prikazu write_cert*/
 void register_gen_key(void)
 {
--- a/components/display/display.c
+++ b/components/display/display.c
@ -1,13 +1,4 @@
-/* LVGL Example project
+
 * 
 * Basic project to test LVGL on ESP32 based projects.
 *
 * This example code is in the Public Domain (or CC0 licensed, at your option.)
 *
 * Unless required by applicable law or agreed to in writing, this
 * software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
 * CONDITIONS OF ANY KIND, either express or implied.
 */
 #include <stdbool.h>
 #include <stdio.h>
 #include <stdlib.h>
@ -43,15 +34,18 @@
 #include "wifi.h"
-
+/*objekty ktorych hodnoty sa mozu menit inymi funkciami*/
 static lv_obj_t* win;
 static lv_obj_t* table;
 extern esp_netif_t *sta_netif;
 static lv_obj_t* label_bottom;
 //ulozena instancia esp_netif objektu v tomto pripade potrebna kvoli zobrazeniu ip adresy na displej
 extern esp_netif_t *sta_netif;
 static void IRAM_ATTR lv_tick_task(void *arg);
 //vytvorenie sablony zobrazenej na displeji
 static lv_obj_t * status_create(void);
 //doplnenie hodnot do tabulky
 static void fill_the_table();
@ -109,6 +103,7 @@ void guiTask(void* parameter) {
        if (xSemaphoreTake(xGuiSemaphore, (TickType_t)10) == pdTRUE) {
            lv_task_handler();
            xSemaphoreGive(xGuiSemaphore);
            //aktualizovanie hodnot v tabulke
            fill_the_table(buff);
        }
--- a/components/files/file.c
+++ b/components/files/file.c
@ -16,7 +16,7 @@ static const char *TAG = "SPIFFS";
      .max_files = 20,
      .format_if_mount_failed = true
    };
-
+//inicializacia SPIFFS suboroveho systemu
 void init_memory(){
 ESP_LOGI(TAG, "Initializing SPIFFS");
@ -46,11 +46,7 @@ ESP_LOGI(TAG, "Initializing SPIFFS");
    }  
 }
-void close_memory(){
+//vytvorenie suboru s hodnotou zadanou v druhom parametri
  esp_vfs_spiffs_unregister(conf.partition_label);
    ESP_LOGI(TAG, "SPIFFS unmounted");
 }
 void create_file(char adresa[],char comment[]){
  ESP_LOGI(TAG, "Opening file");
    FILE* f = fopen(adresa, "w");
@ -63,7 +59,7 @@ void create_file(char adresa[],char comment[]){
    ESP_LOGI(TAG, "File written");
 }
-
+//Citanie existujuceho suboru na uart
 void read_file(char adresa[]){
    char line[120];
  ESP_LOGI(TAG, "Reading file");
--- a/components/https_server/https_server.c
+++ b/components/https_server/https_server.c
@ -26,7 +26,7 @@
 /* A simple example that demonstrates how to create GET and POST
 * handlers and start an HTTPS server.
 */
-
+/*
 struct pass_args
 {
    int argc;
@ -34,8 +34,8 @@ struct pass_args
 };
-struct pass_args global_arg_task;
+//struct pass_args global_arg_task;
-
+*/
 static const char *TAG = "server";
 TaskHandle_t xHandleServer = NULL;
@ -114,10 +114,10 @@ static esp_err_t echo_post_handler(httpd_req_t *req)
    }
    strcat(formatted_out,csr_end);
    printf("%s",formatted_out);
-
+    //Hodnoty predavane ulohe cert_write pre generovanie certifikatov pod CA
    const int argc = 5;
    const char* argv[] = {"write_cert","request_file=/spiffs/certsignreq.csr","issuer_key=/spiffs/keyfile.key","issuer_crt=/spiffs/ca.crt","output_file=/spiffs/user.crt"};
-    global_arg_task.argc = argc;
+    //global_arg_task.argc = argc;
    //global_arg_task.argv = argv;
 /*
    int ii;
@ -126,15 +126,16 @@ static esp_err_t echo_post_handler(httpd_req_t *req)
    global_arg_task.argv[ii] = malloc(strlen(argv[ii])+1);
    strcpy(global_arg_task.argv[ii], argv[ii]);
  }
-*/
+*/  /*Ulozenie CSR requestu*/
    create_file("/spiffs/certsignreq.csr",formatted_out);
    /*Volanie funkcie pre vytvorenie ulohy podpisu certifikatu*/
    task_create_ca(argc,argv);
    memset(buf,'\0',sizeof(buf)-1);
    memset(buffered_out, '\0', strlen(url));
    memset(formatted_out, '\0', strlen(url));
    vTaskDelay(400);
-    /*nahradenie LF znaku za CRLF kvoli HTTP serveru */
+    /*nahradenie LF znaku za CRLF v certifikate kvoli HTTP serveru */
    FILE* f = fopen("/spiffs/user.crt", "r");
    if(f!=NULL){
        while(fgets(buffered_out, sizeof(buffered_out)-1, f)){
@ -144,7 +145,7 @@ static esp_err_t echo_post_handler(httpd_req_t *req)
    fclose(f);
-    
+    /*Rozdelenie certifikatu do tokenov*/
    token = NULL;
    token = strtok(buf, "\n");
@ -175,7 +176,7 @@ static const httpd_uri_t echo = {
    .handler   = echo_post_handler,
    .user_ctx  = NULL
 };
-
+/*Registrovanie URI*/
 static const httpd_uri_t root = {
    .uri       = "/",
    .method    = HTTP_GET,
@ -189,20 +190,20 @@ static httpd_handle_t start_webserver(void)
    // Start the httpd server
    ESP_LOGI(TAG, "Starting server");
-
+    //Inicializacia konfiguracie pre http server
    httpd_ssl_config_t conf = HTTPD_SSL_CONFIG_DEFAULT();
    conf.httpd.stack_size = 12000;
-
+    //pridanie certifikatu do konfiguracie
    extern const unsigned char cacert_pem_start[] asm("_binary_cacert_pem_start");
    extern const unsigned char cacert_pem_end[]   asm("_binary_cacert_pem_end");
    conf.cacert_pem = cacert_pem_start;
    conf.cacert_len = cacert_pem_end - cacert_pem_start;
-
+    //pridanie sukromneho kluca do konfiguracie
    extern const unsigned char prvtkey_pem_start[] asm("_binary_prvtkey_pem_start");
    extern const unsigned char prvtkey_pem_end[]   asm("_binary_prvtkey_pem_end");
    conf.prvtkey_pem = prvtkey_pem_start;
    conf.prvtkey_len = prvtkey_pem_end - prvtkey_pem_start;
-
+    //vytvorenie HTTP + SSL servera 
    esp_err_t ret = httpd_ssl_start(&server, &conf);
    if (ESP_OK != ret) {
        ESP_LOGI(TAG, "Error starting server!");
--- a/components/wifi/wifi.c
+++ b/components/wifi/wifi.c
@ -41,10 +41,14 @@ static void initialise_wifi(void)
    wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT();
    /*Inicializacia wifi drivera*/
    ESP_ERROR_CHECK( esp_wifi_init(&cfg) );
    //registrovanie eventov do event loopu
    ESP_ERROR_CHECK( esp_event_handler_register(WIFI_EVENT, WIFI_EVENT_STA_DISCONNECTED, &event_handler, NULL) );
    ESP_ERROR_CHECK( esp_event_handler_register(IP_EVENT, IP_EVENT_STA_GOT_IP, &event_handler, NULL) );
    //Ukladanie wifi konfiguracie do RAM
    ESP_ERROR_CHECK( esp_wifi_set_storage(WIFI_STORAGE_RAM) );
    ESP_ERROR_CHECK( esp_wifi_set_mode(WIFI_MODE_NULL) );
    ESP_ERROR_CHECK( esp_wifi_start() );
    initialized = true;
--- a/main/main.c
+++ b/main/main.c
@ -59,24 +59,9 @@ static const char* TAG = "konzola";
 * The easiest way to do this is to use FATFS filesystem on top of
 * wear_levelling library.
 */
 /*Historia prikazov moze byt ukladana a nacitana zo suboru*/
 #if CONFIG_STORE_HISTORY
-
+#define HISTORY_PATH "/spiffs/history.txt"
 #define MOUNT_PATH "/data"
 #define HISTORY_PATH MOUNT_PATH "/history.txt"
 static void initialize_filesystem(void)
 {
    static wl_handle_t wl_handle;
    const esp_vfs_fat_mount_config_t mount_config = {
            .max_files = 4,
            .format_if_mount_failed = true
    };
    esp_err_t err = esp_vfs_fat_spiflash_mount(MOUNT_PATH, "storage_fat", &mount_config, &wl_handle);
    if (err != ESP_OK) {
        ESP_LOGE(TAG, "Failed to mount FATFS (%s)", esp_err_to_name(err));
        return;
    }
 }
 #endif // CONFIG_STORE_HISTORY
 static void initialize_nvs(void)
@ -160,8 +145,6 @@ void app_main(void)
    init_memory();
 #if CONFIG_STORE_HISTORY
    /*Inicializacia FATFS*/
    initialize_filesystem();
    ESP_LOGI(TAG, "Command history enabled");
 #else
    ESP_LOGI(TAG, "Command history disabled");
@ -170,15 +153,26 @@ void app_main(void)
    ESP_ERROR_CHECK(esp_netif_init());
    /*Vytvorenie specialneho event loopu pre systemove eventy*/
    ESP_ERROR_CHECK(esp_event_loop_create_default());
    initialize_console();
    /* Registrovanie príkazov */
    /*Registrovanie prikazu help ktory vypise vsetky prikazy*/
    esp_console_register_help_command();
    /*Registrovanie prikazov free pre zobrazenie aktualnej velkosti zasobnika,
     *heap pre zobrazenie velkosti zasobnika pri spusteni zariadenia,
     *restart pre restartovanie zariadenia,
     */
    register_system();
    /*Registrovanie prikazu join pre pripojenie na wifi*/
    register_wifi();
    //
    register_nvs();
    /*Registrovanie prikazu write_cert pre vytvorenie certifikatov*/
    register_ca();
    /*Registrovanie prikazu server_on pre HTTP + SSL servera*/
    register_server();
    /*Registrovanie prikazu pre generovanie verejnych klucov*/
    register_gen_key();
@ -194,7 +188,6 @@ void app_main(void)
    const char* prompt = LOG_COLOR_I "esp32> " LOG_RESET_COLOR;
    printf("\n"
           "This is an example of ESP-IDF console component.\n"
           "Type 'help' to get the list of commands.\n"
           "Use UP/DOWN arrows to navigate through command history.\n"
           "Press TAB when typing command name to auto-complete.\n");
@ -233,6 +226,9 @@ void app_main(void)
        /* Try to run the command */
        int ret;
        /*Rozparsovanie riadku na argumenty, prvy argument je brany ako prikaz
         *v pripade ze prikaz nie je registrovany tak funkcia vrati hodnotu ESP_ERR_NOT_FOUND
         */
        esp_err_t err = esp_console_run(line, &ret);
        if (err == ESP_ERR_NOT_FOUND) {
            printf("Unrecognized command\n");