diff --git a/esp32_device/main/crypto.c b/esp32_device/main/crypto.c index 795aecd..c7f1f67 100644 --- a/esp32_device/main/crypto.c +++ b/esp32_device/main/crypto.c @@ -14,31 +14,39 @@ #define ECPARAMS MBEDTLS_ECP_DP_SECP256R1 -bool crypto_gen_priv_key() +static const char *pers = "ecdsa"; + +static void seed_ctr_drbg_context(mbedtls_entropy_context *entropy, mbedtls_ctr_drbg_context *ctr_drbg) { - // TODO : check if key exists in memory + int ret; - int ret = 1; - - const char *pers = "ecdsa"; - - mbedtls_entropy_context entropy; - mbedtls_entropy_init(&entropy); - - mbedtls_pk_context key; - mbedtls_pk_init(&key); - - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_ctr_drbg_init(&ctr_drbg); + mbedtls_entropy_init(entropy); + mbedtls_ctr_drbg_init(ctr_drbg); printf("Seed Mbedtls\n"); - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, + if ((ret = mbedtls_ctr_drbg_seed(ctr_drbg, mbedtls_entropy_func, entropy, (const unsigned char *)pers, strlen(pers))) != 0) { mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret); reboot(); } +} + +bool crypto_gen_priv_key() +{ + // Check if a private key has already been defined for this device + if (storage_get_priv_key(NULL) > 0) + return false; + + int ret = 1; + + mbedtls_pk_context key; + mbedtls_pk_init(&key); + + mbedtls_entropy_context entropy; + mbedtls_ctr_drbg_context ctr_drbg; + seed_ctr_drbg_context(&entropy, &ctr_drbg); printf("PK info from type\n"); if ((ret = mbedtls_pk_setup(&key, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY))) != 0) @@ -70,23 +78,46 @@ bool crypto_gen_priv_key() } storage_set_priv_key(key_buff + PRV_KEY_DER_MAX_BYTES - ret, ret); + free(key_buff); return true; } -/** - * // Show private key +void crypto_print_priv_key() +{ + int ret; + + unsigned char *key_buff = malloc(PRV_KEY_DER_MAX_BYTES); + size_t key_len = storage_get_priv_key(key_buff); + assert(key_len > 0); + + mbedtls_pk_context key; + mbedtls_pk_init(&key); + + mbedtls_entropy_context entropy; + mbedtls_ctr_drbg_context ctr_drbg; + seed_ctr_drbg_context(&entropy, &ctr_drbg); + + printf("Parse private key (len = %d)\n", key_len); + if ((ret = mbedtls_pk_parse_key(&key, key_buff, key_len, NULL, 0, mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) + { + mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned -0x%04x", + (unsigned int)-ret); + reboot(); + } + printf("Show private key\n"); - unsigned char *key_buff = malloc(16000); - memset(key_buff, 0, 16000); - if ((ret = mbedtls_pk_write_key_pem(&key, key_buff, 16000)) != 0) + unsigned char *out = malloc(16000); + memset(out, 0, 16000); + if ((ret = mbedtls_pk_write_key_pem(&key, out, 16000)) != 0) { mbedtls_printf(" failed\n ! mbedtls_pk_write_key_pem returned -0x%04x", (unsigned int)-ret); reboot(); } - printf("%s", key_buff); + printf("%s", out); + free(out); + free(key_buff); - printf("done\n"); -*/ \ No newline at end of file +} diff --git a/esp32_device/main/crypto.h b/esp32_device/main/crypto.h index 4f5950f..f11803e 100644 --- a/esp32_device/main/crypto.h +++ b/esp32_device/main/crypto.h @@ -18,6 +18,11 @@ extern "C" */ bool crypto_gen_priv_key(); + /** + * Print current device private key + */ + void crypto_print_priv_key(); + #ifdef __cplusplus } #endif diff --git a/esp32_device/main/main.c b/esp32_device/main/main.c index a0334b1..8647c4c 100755 --- a/esp32_device/main/main.c +++ b/esp32_device/main/main.c @@ -29,6 +29,8 @@ void app_main(void) { printf("Generated device private key!\n"); } + printf("Device private key:\n"); + crypto_print_priv_key(); reboot(); }