This commit is contained in:
Mithras 2020-04-05 12:27:20 +02:00
parent bd7044b397
commit 7cda2704e7
8 changed files with 122 additions and 88 deletions

View File

@ -1,7 +1,45 @@
# Certificate authority on ESP32
Used examples in this project
# Certifikacna autorita na procesore ESP32
Softverova kniznica: ESP-IDF v4.2-dev-792-g6330b3345-dirty
Struktura projektu:
/.vscode/-c_cpp_properties.json #podpora C/C++ v projekte pre VS Code
/launch.json # GDB debugger
/components/ca/-ca.c
-gen_key.c
/cmd_nvs/-cmd_nvs.c
/cmd_system/-cmd_system.c
/display/-display.c
/files/-file.c
/https_server/-https_server.c
/-url_decoder.c
/wifi/wifi.c
/@lv_port_esp32 #graficka kniznica
/main/main.c
/partitions_example.csv
Stiahnutie projektu:
git clone git@git.kemt.fei.tuke.sk:db195kv/bakalarka.git
git submodule update --init --recursive
Vyuzitie projektu na procesore ESP32:
Used static DRAM: 124440 bytes ( 56296 available, 68.9% used)
Used static IRAM: 97948 bytes ( 33124 available, 74.7% used)
Total image size:~1162779 bytes
Pouzite priklady v projekte
* https://github.com/espressif/esp-idf/tree/master/examples/wifi/getting_started/station
* https://github.com/espressif/esp-idf/tree/master/examples/protocols/https_server
* https://github.com/espressif/esp-idf/tree/master/examples/system/console
* https://github.com/ARMmbed/mbedtls/blob/development/programs/pkey/gen_key.c
* https://github.com/ARMmbed/mbedtls/blob/development/programs/x509/cert_write.c
gen_key type=ec output_file=/spiffs/server_key.key
write_cert selfsign=1 issuer_key=/spiffs/keyfile.key issuer_name=CN=ESP32_CA,O=TUKE,C=SK is_ca=1 output_file=/spiffs/ca.crt
write_cert issuer_key=/spiffs/keyfile.key issuer_crt=/spiffs/ca.crt output_file=/spiffs/server.crt
write_cert request_file=/spiffs/certsignreq.csr issuer_key=/spiffs/keyfile.key issuer_crt=/spiffs/ca.crt output_file=/spiffs/user.crt

View File

@ -76,7 +76,7 @@ int main( void )
#else
#define USAGE_CSR ""
#endif /* MBEDTLS_X509_CSR_PARSE_C */
/*predvolene hodnoty pre certifikat*/
#define DFL_ISSUER_CRT ""
#define DFL_REQUEST_FILE ""
#define DFL_SUBJECT_KEY "/spiffs/subject.key"
@ -99,7 +99,7 @@ int main( void )
#define DFL_SUBJ_IDENT 1
#define DFL_CONSTRAINTS 1
#define DFL_DIGEST MBEDTLS_MD_SHA256
/*V pripade zle zadanych argumentov vypise USAGE*/
#define USAGE \
"\n usage: cert_write param=<>...\n" \
"\n acceptable parameters:\n" \
@ -186,20 +186,20 @@ struct options
int authority_identifier; /* add authority identifier to CRT */
int subject_identifier; /* add subject identifier to CRT */
int basic_constraints; /* add basic constraints ext to CRT */
int version; /* CRT version */
int version; /* CRT version b */
mbedtls_md_type_t md; /* Hash used for signing */
unsigned char key_usage; /* key usage flags */
unsigned char ns_cert_type; /* NS cert type */
} opt;
/*struktura pre ulozenie vsetkych argumentov v pamati z dovodu dealokacie povodnych obdrzanych z konzoly*/
struct pass_args
{
int argc;
char **argv;
};
struct pass_args global_arg;
/*Funkcia pre zapis certifikatu do suboru*/
int write_certificate( mbedtls_x509write_cert *crt, const char *output_file,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
@ -211,6 +211,7 @@ int write_certificate( mbedtls_x509write_cert *crt, const char *output_file,
memset( output_buf, 0, 4096 );
vTaskDelay(15);
/*Zapis certifikatu do premennej output_buff vo formate pem */
if( ( ret = mbedtls_x509write_crt_pem( crt, output_buf, 4096,
f_rng, p_rng ) ) < 0 )
return( ret );
@ -230,9 +231,10 @@ int write_certificate( mbedtls_x509write_cert *crt, const char *output_file,
return( 0 );
}
/*Logika pre vytvaranie certifikatov*/
static int connect( int argc, char *argv[] )
{
/*Definicia premennych*/
int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_x509_crt issuer_crt;
@ -251,11 +253,9 @@ static int connect( int argc, char *argv[] )
mbedtls_mpi serial;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
const char *pers = "crt example app";
const char *pers = "crt app";
/*
* Set to sane values
*/
/*Nastavenie hodnot premennych*/
mbedtls_x509write_crt_init( &crt );
mbedtls_pk_init( &loaded_issuer_key );
mbedtls_pk_init( &loaded_subject_key );
@ -274,7 +274,7 @@ static int connect( int argc, char *argv[] )
mbedtls_printf( USAGE );
goto exit;
}
/*Priradenie defaultnych hodnot do struktury options */
opt.issuer_crt = DFL_ISSUER_CRT;
opt.request_file = DFL_REQUEST_FILE;
opt.subject_key = DFL_SUBJECT_KEY;
@ -297,11 +297,14 @@ static int connect( int argc, char *argv[] )
opt.subject_identifier = DFL_SUBJ_IDENT;
opt.authority_identifier = DFL_AUTH_IDENT;
opt.basic_constraints = DFL_CONSTRAINTS;
/*Nacitavanie hodnot z argumentov */
for( i = 1; i < argc; i++ )
{
p = argv[i];
/*rozdelenie argumentu na dva stringy
*prvy string p znaci do ktorej premennej sa budu ukladat hodnoty zo stringu q
*/
if( ( q = strchr( p, '=' ) ) == NULL )
goto usage;
*q++ = '\0';
@ -515,7 +518,7 @@ static int connect( int argc, char *argv[] )
mbedtls_printf( " ok\n" );
// Parse serial to MPI
// Nacitanie serioveho cisla
//
mbedtls_printf( " . Reading serial number..." );
fflush( stdout );
@ -523,17 +526,18 @@ static int connect( int argc, char *argv[] )
FILE* f;
f = fopen( opt.serial, "w+" );
//Nacitavanie serioveho cisla do premennej typu mpi zo suboru
if( ( ret = mbedtls_mpi_read_file(&serial,10,f) ) != 0 )
{
{//ak subor neexistuje tak sa nacita seriove cislo zo stringu "1"
mbedtls_mpi_read_string( &serial, 10, "1");
// mbedtls_strerror( ret, buf, 1024 );
// mbedtls_printf( " failed\n ! mbedtls_mpi_read_string "
// "returned -0x%04x - %s\n\n", -ret, buf );
//goto exit;
}
/*Zvysenie serioveho cisla o +1*/
mbedtls_mpi_add_int(&serial,&serial,1);
/*Zapis serioveho cisla do suboru*/
mbedtls_mpi_write_file(NULL,&serial,10,f);
fclose( f );
@ -549,7 +553,7 @@ static int connect( int argc, char *argv[] )
*/
mbedtls_printf( " . Loading the issuer certificate ..." );
fflush( stdout );
//Nacitanie certifikatu certifikacnej autority zo suboru
if( ( ret = mbedtls_x509_crt_parse_file( &issuer_crt, opt.issuer_crt ) ) != 0 )
{
mbedtls_strerror( ret, buf, 1024 );
@ -843,13 +847,16 @@ exit:
return( exit_code );
}
static void ca_task_run(void *parameter){
static void ca_task_run(void *parameter){
/*Pretypovanie parametra na strukturu pass_args*/
struct pass_args local = *(struct pass_args*)parameter;
/*Logika pre vytvaranie certifikatov*/
connect(local.argc,local.argv);
/*Po vykonani funkcie connect sa uloha ukonci*/
vTaskDelete(NULL);
}
/*Funkcia skopiruje hodnoty v parametroch a vytvori ulohu na vytvaranie certifikatov*/
void task_create_ca(const int argc, const char *argv[]){
global_arg.argc = argc;
int ii;
@ -859,15 +866,15 @@ void task_create_ca(const int argc, const char *argv[]){
strcpy(global_arg.argv[ii], argv[ii]);
}
/*vytvorenie ulohy kde sa bude vykonavat funkcia ca_task_run s argumentmi na druhom jadre s vysokou prioritou*/
xTaskCreatePinnedToCore(&ca_task_run,"cert_write",23000,&global_arg,30,NULL,1);
//xTaskCreate(&task_run,"gen_key",20000,NULL,12,NULL);
}
/*Zaregistrovanie prikazu write_cert*/
void register_ca(void)
{
const esp_console_cmd_t join_cmd = {
const esp_console_cmd_t ca_cmd = {
.command = "write_cert",
.help = "Write Certificate from CSR",
.hint = NULL,
@ -875,7 +882,7 @@ void register_ca(void)
.argtable = NULL
};
ESP_ERROR_CHECK( esp_console_cmd_register(&join_cmd) );
ESP_ERROR_CHECK( esp_console_cmd_register(&ca_cmd) );
}
#endif /* MBEDTLS_X509_CRT_WRITE_C && MBEDTLS_X509_CRT_PARSE_C &&
MBEDTLS_FS_IO && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&

View File

@ -58,7 +58,7 @@
#include <unistd.h>
#define DEV_RANDOM_THRESHOLD 32
/*struktura pre ulozenie vsetkych argumentov v pamati z dovodu dealokacie povodnych obdrzanych z konzoly*/
struct pass_args
{
int argc;
@ -464,9 +464,11 @@ exit:
static void task_run(void *parameter){
/*Pretypovanie parametra na strukturu pass_args*/
struct pass_args local = *(struct pass_args*)parameter;
/*Logika pre vytvaranie klucov*/
connect(local.argc,local.argv);
/*Po vykonani funkcie connect sa uloha ukonci*/
vTaskDelete(NULL);
}
static void task_create(const int argc, const char *argv[]){
@ -477,15 +479,10 @@ static void task_create(const int argc, const char *argv[]){
global_arg.argv[ii] = malloc(strlen(argv[ii])+1);
strcpy(global_arg.argv[ii], argv[ii]);
}
/*vytvorenie ulohy kde sa bude vykonavat funkcia task_create_ca s argumentmi na druhom jadre s vysokou prioritou*/
xTaskCreatePinnedToCore(&task_run,"gen_key",40000,&global_arg,12,NULL,1);
//xTaskCreate(&task_run,"gen_key",20000,NULL,12,NULL);
}
/*Zaregistrovanie prikazu write_cert*/
void register_gen_key(void)
{

View File

@ -1,13 +1,4 @@
/* LVGL Example project
*
* Basic project to test LVGL on ESP32 based projects.
*
* This example code is in the Public Domain (or CC0 licensed, at your option.)
*
* Unless required by applicable law or agreed to in writing, this
* software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied.
*/
#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>
@ -43,15 +34,18 @@
#include "wifi.h"
/*objekty ktorych hodnoty sa mozu menit inymi funkciami*/
static lv_obj_t* win;
static lv_obj_t* table;
extern esp_netif_t *sta_netif;
static lv_obj_t* label_bottom;
//ulozena instancia esp_netif objektu v tomto pripade potrebna kvoli zobrazeniu ip adresy na displej
extern esp_netif_t *sta_netif;
static void IRAM_ATTR lv_tick_task(void *arg);
//vytvorenie sablony zobrazenej na displeji
static lv_obj_t * status_create(void);
//doplnenie hodnot do tabulky
static void fill_the_table();
@ -109,6 +103,7 @@ void guiTask(void* parameter) {
if (xSemaphoreTake(xGuiSemaphore, (TickType_t)10) == pdTRUE) {
lv_task_handler();
xSemaphoreGive(xGuiSemaphore);
//aktualizovanie hodnot v tabulke
fill_the_table(buff);
}

View File

@ -16,7 +16,7 @@ static const char *TAG = "SPIFFS";
.max_files = 20,
.format_if_mount_failed = true
};
//inicializacia SPIFFS suboroveho systemu
void init_memory(){
ESP_LOGI(TAG, "Initializing SPIFFS");
@ -46,11 +46,7 @@ ESP_LOGI(TAG, "Initializing SPIFFS");
}
}
void close_memory(){
esp_vfs_spiffs_unregister(conf.partition_label);
ESP_LOGI(TAG, "SPIFFS unmounted");
}
//vytvorenie suboru s hodnotou zadanou v druhom parametri
void create_file(char adresa[],char comment[]){
ESP_LOGI(TAG, "Opening file");
FILE* f = fopen(adresa, "w");
@ -63,7 +59,7 @@ void create_file(char adresa[],char comment[]){
ESP_LOGI(TAG, "File written");
}
//Citanie existujuceho suboru na uart
void read_file(char adresa[]){
char line[120];
ESP_LOGI(TAG, "Reading file");

View File

@ -26,7 +26,7 @@
/* A simple example that demonstrates how to create GET and POST
* handlers and start an HTTPS server.
*/
/*
struct pass_args
{
int argc;
@ -34,8 +34,8 @@ struct pass_args
};
struct pass_args global_arg_task;
//struct pass_args global_arg_task;
*/
static const char *TAG = "server";
TaskHandle_t xHandleServer = NULL;
@ -114,10 +114,10 @@ static esp_err_t echo_post_handler(httpd_req_t *req)
}
strcat(formatted_out,csr_end);
printf("%s",formatted_out);
//Hodnoty predavane ulohe cert_write pre generovanie certifikatov pod CA
const int argc = 5;
const char* argv[] = {"write_cert","request_file=/spiffs/certsignreq.csr","issuer_key=/spiffs/keyfile.key","issuer_crt=/spiffs/ca.crt","output_file=/spiffs/user.crt"};
global_arg_task.argc = argc;
//global_arg_task.argc = argc;
//global_arg_task.argv = argv;
/*
int ii;
@ -126,15 +126,16 @@ static esp_err_t echo_post_handler(httpd_req_t *req)
global_arg_task.argv[ii] = malloc(strlen(argv[ii])+1);
strcpy(global_arg_task.argv[ii], argv[ii]);
}
*/
*/ /*Ulozenie CSR requestu*/
create_file("/spiffs/certsignreq.csr",formatted_out);
/*Volanie funkcie pre vytvorenie ulohy podpisu certifikatu*/
task_create_ca(argc,argv);
memset(buf,'\0',sizeof(buf)-1);
memset(buffered_out, '\0', strlen(url));
memset(formatted_out, '\0', strlen(url));
vTaskDelay(400);
/*nahradenie LF znaku za CRLF kvoli HTTP serveru */
/*nahradenie LF znaku za CRLF v certifikate kvoli HTTP serveru */
FILE* f = fopen("/spiffs/user.crt", "r");
if(f!=NULL){
while(fgets(buffered_out, sizeof(buffered_out)-1, f)){
@ -144,7 +145,7 @@ static esp_err_t echo_post_handler(httpd_req_t *req)
fclose(f);
/*Rozdelenie certifikatu do tokenov*/
token = NULL;
token = strtok(buf, "\n");
@ -175,7 +176,7 @@ static const httpd_uri_t echo = {
.handler = echo_post_handler,
.user_ctx = NULL
};
/*Registrovanie URI*/
static const httpd_uri_t root = {
.uri = "/",
.method = HTTP_GET,
@ -189,20 +190,20 @@ static httpd_handle_t start_webserver(void)
// Start the httpd server
ESP_LOGI(TAG, "Starting server");
//Inicializacia konfiguracie pre http server
httpd_ssl_config_t conf = HTTPD_SSL_CONFIG_DEFAULT();
conf.httpd.stack_size = 12000;
//pridanie certifikatu do konfiguracie
extern const unsigned char cacert_pem_start[] asm("_binary_cacert_pem_start");
extern const unsigned char cacert_pem_end[] asm("_binary_cacert_pem_end");
conf.cacert_pem = cacert_pem_start;
conf.cacert_len = cacert_pem_end - cacert_pem_start;
//pridanie sukromneho kluca do konfiguracie
extern const unsigned char prvtkey_pem_start[] asm("_binary_prvtkey_pem_start");
extern const unsigned char prvtkey_pem_end[] asm("_binary_prvtkey_pem_end");
conf.prvtkey_pem = prvtkey_pem_start;
conf.prvtkey_len = prvtkey_pem_end - prvtkey_pem_start;
//vytvorenie HTTP + SSL servera
esp_err_t ret = httpd_ssl_start(&server, &conf);
if (ESP_OK != ret) {
ESP_LOGI(TAG, "Error starting server!");

View File

@ -41,10 +41,14 @@ static void initialise_wifi(void)
wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT();
/*Inicializacia wifi drivera*/
ESP_ERROR_CHECK( esp_wifi_init(&cfg) );
//registrovanie eventov do event loopu
ESP_ERROR_CHECK( esp_event_handler_register(WIFI_EVENT, WIFI_EVENT_STA_DISCONNECTED, &event_handler, NULL) );
ESP_ERROR_CHECK( esp_event_handler_register(IP_EVENT, IP_EVENT_STA_GOT_IP, &event_handler, NULL) );
//Ukladanie wifi konfiguracie do RAM
ESP_ERROR_CHECK( esp_wifi_set_storage(WIFI_STORAGE_RAM) );
ESP_ERROR_CHECK( esp_wifi_set_mode(WIFI_MODE_NULL) );
ESP_ERROR_CHECK( esp_wifi_start() );
initialized = true;

View File

@ -59,24 +59,9 @@ static const char* TAG = "konzola";
* The easiest way to do this is to use FATFS filesystem on top of
* wear_levelling library.
*/
/*Historia prikazov moze byt ukladana a nacitana zo suboru*/
#if CONFIG_STORE_HISTORY
#define MOUNT_PATH "/data"
#define HISTORY_PATH MOUNT_PATH "/history.txt"
static void initialize_filesystem(void)
{
static wl_handle_t wl_handle;
const esp_vfs_fat_mount_config_t mount_config = {
.max_files = 4,
.format_if_mount_failed = true
};
esp_err_t err = esp_vfs_fat_spiflash_mount(MOUNT_PATH, "storage_fat", &mount_config, &wl_handle);
if (err != ESP_OK) {
ESP_LOGE(TAG, "Failed to mount FATFS (%s)", esp_err_to_name(err));
return;
}
}
#define HISTORY_PATH "/spiffs/history.txt"
#endif // CONFIG_STORE_HISTORY
static void initialize_nvs(void)
@ -160,8 +145,6 @@ void app_main(void)
init_memory();
#if CONFIG_STORE_HISTORY
/*Inicializacia FATFS*/
initialize_filesystem();
ESP_LOGI(TAG, "Command history enabled");
#else
ESP_LOGI(TAG, "Command history disabled");
@ -170,15 +153,26 @@ void app_main(void)
ESP_ERROR_CHECK(esp_netif_init());
/*Vytvorenie specialneho event loopu pre systemove eventy*/
ESP_ERROR_CHECK(esp_event_loop_create_default());
initialize_console();
/* Registrovanie príkazov */
/*Registrovanie prikazu help ktory vypise vsetky prikazy*/
esp_console_register_help_command();
/*Registrovanie prikazov free pre zobrazenie aktualnej velkosti zasobnika,
*heap pre zobrazenie velkosti zasobnika pri spusteni zariadenia,
*restart pre restartovanie zariadenia,
*/
register_system();
/*Registrovanie prikazu join pre pripojenie na wifi*/
register_wifi();
//
register_nvs();
/*Registrovanie prikazu write_cert pre vytvorenie certifikatov*/
register_ca();
/*Registrovanie prikazu server_on pre HTTP + SSL servera*/
register_server();
/*Registrovanie prikazu pre generovanie verejnych klucov*/
register_gen_key();
@ -194,7 +188,6 @@ void app_main(void)
const char* prompt = LOG_COLOR_I "esp32> " LOG_RESET_COLOR;
printf("\n"
"This is an example of ESP-IDF console component.\n"
"Type 'help' to get the list of commands.\n"
"Use UP/DOWN arrows to navigate through command history.\n"
"Press TAB when typing command name to auto-complete.\n");
@ -233,6 +226,9 @@ void app_main(void)
/* Try to run the command */
int ret;
/*Rozparsovanie riadku na argumenty, prvy argument je brany ako prikaz
*v pripade ze prikaz nie je registrovany tak funkcia vrati hodnotu ESP_ERR_NOT_FOUND
*/
esp_err_t err = esp_console_run(line, &ret);
if (err == ESP_ERR_NOT_FOUND) {
printf("Unrecognized command\n");