Show device private key

esp32_device/main/crypto.c

@@ -14,31 +14,39 @@
 
 #define ECPARAMS MBEDTLS_ECP_DP_SECP256R1
 
-bool crypto_gen_priv_key()
+static const char *pers = "ecdsa";
+
+static void seed_ctr_drbg_context(mbedtls_entropy_context *entropy, mbedtls_ctr_drbg_context *ctr_drbg)
 {
-    // TODO : check if key exists in memory
+    int ret;
 
-    int ret = 1;
-
-    const char *pers = "ecdsa";
-
-    mbedtls_entropy_context entropy;
-    mbedtls_entropy_init(&entropy);
-
-    mbedtls_pk_context key;
-    mbedtls_pk_init(&key);
-
-    mbedtls_ctr_drbg_context ctr_drbg;
-    mbedtls_ctr_drbg_init(&ctr_drbg);
+    mbedtls_entropy_init(entropy);
+    mbedtls_ctr_drbg_init(ctr_drbg);
 
     printf("Seed Mbedtls\n");
-    if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+    if ((ret = mbedtls_ctr_drbg_seed(ctr_drbg, mbedtls_entropy_func, entropy,
                                      (const unsigned char *)pers,
                                      strlen(pers))) != 0)
     {
         mbedtls_printf(" failed\n  ! mbedtls_ctr_drbg_seed returned %d\n", ret);
         reboot();
     }
+}
+
+bool crypto_gen_priv_key()
+{
+    // Check if a private key has already been defined for this device
+    if (storage_get_priv_key(NULL) > 0)
+        return false;
+
+    int ret = 1;
+
+    mbedtls_pk_context key;
+    mbedtls_pk_init(&key);
+
+    mbedtls_entropy_context entropy;
+    mbedtls_ctr_drbg_context ctr_drbg;
+    seed_ctr_drbg_context(&entropy, &ctr_drbg);
 
     printf("PK info from type\n");
     if ((ret = mbedtls_pk_setup(&key, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY))) != 0)
@@ -70,23 +78,46 @@ bool crypto_gen_priv_key()
     }
 
     storage_set_priv_key(key_buff + PRV_KEY_DER_MAX_BYTES - ret, ret);
+    free(key_buff);
 
     return true;
 }
 
-/**
- * // Show private key
+void crypto_print_priv_key()
+{
+    int ret;
+
+    unsigned char *key_buff = malloc(PRV_KEY_DER_MAX_BYTES);
+    size_t key_len = storage_get_priv_key(key_buff);
+    assert(key_len > 0);
+
+    mbedtls_pk_context key;
+    mbedtls_pk_init(&key);
+
+    mbedtls_entropy_context entropy;
+    mbedtls_ctr_drbg_context ctr_drbg;
+    seed_ctr_drbg_context(&entropy, &ctr_drbg);
+
+    printf("Parse private key (len = %d)\n", key_len);
+    if ((ret = mbedtls_pk_parse_key(&key, key_buff, key_len, NULL, 0, mbedtls_ctr_drbg_random, &ctr_drbg)) != 0)
+    {
+        mbedtls_printf(" failed\n  !  mbedtls_pk_parse_key returned -0x%04x",
+                       (unsigned int)-ret);
+        reboot();
+    }
+
     printf("Show private key\n");
-    unsigned char *key_buff = malloc(16000);
-    memset(key_buff, 0, 16000);
-    if ((ret = mbedtls_pk_write_key_pem(&key, key_buff, 16000)) != 0)
+    unsigned char *out = malloc(16000);
+    memset(out, 0, 16000);
+    if ((ret = mbedtls_pk_write_key_pem(&key, out, 16000)) != 0)
     {
         mbedtls_printf(" failed\n  !  mbedtls_pk_write_key_pem returned -0x%04x",
                        (unsigned int)-ret);
         reboot();
     }
 
-    printf("%s", key_buff);
+    printf("%s", out);
+    free(out);
+
     free(key_buff);
-    printf("done\n");
-*/
+}

esp32_device/main/crypto.h

@@ -18,6 +18,11 @@ extern "C"
      */
     bool crypto_gen_priv_key();
 
+    /**
+     * Print current device private key
+     */
+    void crypto_print_priv_key();
+
 #ifdef __cplusplus
 }
 #endif

esp32_device/main/main.c

@@ -29,6 +29,8 @@ void app_main(void)
     {
         printf("Generated device private key!\n");
     }
+    printf("Device private key:\n");
+    crypto_print_priv_key();
 
     reboot();
 }