Manage to perfom secure request

This commit is contained in:
Pierre HUBERT 2024-08-18 20:13:03 +02:00
parent a6b283d023
commit 3b5d2abcc0
6 changed files with 115 additions and 1 deletions

View File

@ -1,3 +1,3 @@
idf_component_register(SRCS "http_client.c" "ethernet.c" "unsecure_api.c" "system.c" "crypto.c" "random.c" "storage.c" "main.c" idf_component_register(SRCS "secure_api.c" "http_client.c" "ethernet.c" "unsecure_api.c" "system.c" "crypto.c" "random.c" "storage.c" "main.c"
"dev_name.c" "dev_name.c"
INCLUDE_DIRS ".") INCLUDE_DIRS ".")

View File

@ -127,6 +127,7 @@ char *http_client_exec(const http_request_opts *opts)
.user_data = local_response_buffer, .user_data = local_response_buffer,
.url = opts->url, .url = opts->url,
.disable_auto_redirect = true, .disable_auto_redirect = true,
.cert_pem = opts->root_ca,
}; };
esp_http_client_handle_t client = esp_http_client_init(&config); esp_http_client_handle_t client = esp_http_client_init(&config);

View File

@ -14,6 +14,7 @@ extern "C"
typedef struct typedef struct
{ {
char *url; char *url;
char *root_ca;
} http_request_opts; } http_request_opts;
/** /**

View File

@ -7,6 +7,7 @@
#include "system.h" #include "system.h"
#include "crypto.h" #include "crypto.h"
#include "unsecure_api.h" #include "unsecure_api.h"
#include "secure_api.h"
#include "ethernet.h" #include "ethernet.h"
#include "constants.h" #include "constants.h"
@ -18,12 +19,14 @@ void app_main(void)
ESP_LOGI(TAG, "SolarEnergy WT32-ETH01 device"); ESP_LOGI(TAG, "SolarEnergy WT32-ETH01 device");
// Initialize storage
if (storage_init() == false) if (storage_init() == false)
{ {
ESP_LOGE(TAG, "Failed to init storage!\n"); ESP_LOGE(TAG, "Failed to init storage!\n");
reboot(); reboot();
} }
// Give a name to the device
if (dev_generate_name()) if (dev_generate_name())
{ {
ESP_LOGI(TAG, "Generated a new device name\n"); ESP_LOGI(TAG, "Generated a new device name\n");
@ -33,6 +36,7 @@ void app_main(void)
ESP_LOGI(TAG, "Dev name: %s\n", name); ESP_LOGI(TAG, "Dev name: %s\n", name);
free(name); free(name);
// Generate private key, if needed
if (crypto_gen_priv_key()) if (crypto_gen_priv_key())
{ {
ESP_LOGI(TAG, "Generated device private key!\n"); ESP_LOGI(TAG, "Generated device private key!\n");
@ -40,14 +44,17 @@ void app_main(void)
ESP_LOGI(TAG, "Device private key:\n"); ESP_LOGI(TAG, "Device private key:\n");
crypto_print_priv_key(); crypto_print_priv_key();
// Show current private key
char *csr = crypto_get_csr(); char *csr = crypto_get_csr();
ESP_LOGI(TAG, "Current CSR:\n%s\n", csr); ESP_LOGI(TAG, "Current CSR:\n%s\n", csr);
free(csr); free(csr);
// Initialize network stack
ESP_LOGI(TAG, "Initialize network\n"); ESP_LOGI(TAG, "Initialize network\n");
ethernet_init(); ethernet_init();
ethernet_wait_for_network(); ethernet_wait_for_network();
// Get if secure origin endpoint is known
ESP_LOGI(TAG, "Check secure origin\n"); ESP_LOGI(TAG, "Check secure origin\n");
if (storage_get_secure_origin(NULL) == 0) if (storage_get_secure_origin(NULL) == 0)
{ {
@ -61,12 +68,14 @@ void app_main(void)
free(sec_ori); free(sec_ori);
} }
// Print secure origin endpoint for debugging purposes
ESP_LOGI(TAG, "Get secure origin\n"); ESP_LOGI(TAG, "Get secure origin\n");
char *sec_ori = calloc(SEC_ORIG_LEN, 1); char *sec_ori = calloc(SEC_ORIG_LEN, 1);
assert(storage_get_secure_origin(sec_ori) > 0); assert(storage_get_secure_origin(sec_ori) > 0);
ESP_LOGI(TAG, "Current secure origin: %s", sec_ori); ESP_LOGI(TAG, "Current secure origin: %s", sec_ori);
free(sec_ori); free(sec_ori);
// Check if root CA is available locally
ESP_LOGI(TAG, "Check root CA"); ESP_LOGI(TAG, "Check root CA");
if (storage_get_root_ca(NULL) == 0) if (storage_get_root_ca(NULL) == 0)
{ {
@ -80,12 +89,18 @@ void app_main(void)
free(root_ca); free(root_ca);
} }
// Print root CA for debugging purposes
ESP_LOGI(TAG, "Get root CA"); ESP_LOGI(TAG, "Get root CA");
char *root_ca = calloc(ROOT_CA_MAX_BYTES, 1); char *root_ca = calloc(ROOT_CA_MAX_BYTES, 1);
assert(storage_get_root_ca(root_ca) > 0); assert(storage_get_root_ca(root_ca) > 0);
ESP_LOGI(TAG, "Current root CA:\n%s", root_ca); ESP_LOGI(TAG, "Current root CA:\n%s", root_ca);
free(root_ca); free(root_ca);
// Check current device enrollment status
ESP_LOGI(TAG, "Check enrollment status");
int status = secure_api_get_device_enrollment_status();
printf("Current enrollment status: %d\n", status);
system_sleep(120); system_sleep(120);
reboot(); reboot();

View File

@ -0,0 +1,62 @@
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
#include "secure_api.h"
#include "storage.h"
#include "http_client.h"
#include "constants.h"
#include "esp_log.h"
static const char *TAG = "secure_api";
static char *process_secure_request(const char *uri)
{
char *url = calloc(1, 255);
assert(url);
size_t orig_len = storage_get_secure_origin(url);
assert(orig_len > 0);
strcat(url + strlen(url), uri);
ESP_LOGI(TAG, "HTTP request on %s", url);
char *root_cat = calloc(1, ROOT_CA_MAX_BYTES);
assert(root_cat);
assert(storage_get_root_ca(root_cat) > 0);
http_request_opts opts = {
.url = url,
.root_ca = root_cat};
char *res = http_client_exec(&opts);
free(url);
free(root_cat);
return res;
}
enum DevEnrollmentStatus secure_api_get_device_enrollment_status()
{
ESP_LOGI(TAG, "Will check device enrollment status");
// Prepare URI
char *uri = calloc(1, 255);
assert(uri);
sprintf(uri, "/devices_api/mgmt/enrollment_status?id=");
assert(storage_get_dev_name(uri + strlen(uri)) > 0);
char *res = process_secure_request(uri);
free(uri);
if (res == NULL)
{
ESP_LOGE(TAG, "Failed to query device enrollment status!");
return DevEnrollError;
}
// TODO : parse reponse
printf("response = %s\n", res);
free(res);
return DevEnrollError;
}

View File

@ -0,0 +1,35 @@
/**
* Secure API functions
*/
#pragma once
#ifdef __cplusplus
extern "C"
{
#endif
/**
* Device enrollment status
*/
enum DevEnrollmentStatus
{
/** An error occurred while retrieving device status */
DevEnrollError,
/** Device is unknown by the backend */
DevEnrollUnknown,
/** Device hasn't been validated yet */
DevEnrollPending,
/** Device has been validated by the backend */
DevEnrollValidated,
};
/**
* Get current device enrollment status
*/
enum DevEnrollmentStatus
secure_api_get_device_enrollment_status();
#ifdef __cplusplus
}
#endif