From 3b6e79e5e41d7484a5394abaa516be5c698e21a2 Mon Sep 17 00:00:00 2001
From: Pierre HUBERT <pierre.git@communiquons.org>
Date: Sun, 18 Aug 2024 17:40:41 +0200
Subject: [PATCH] Store central secure origin

---
 esp32_device/main/constants.h   |  7 ++++++-
 esp32_device/main/http_client.c | 29 +++++++++++++++++++++--------
 esp32_device/main/main.c        | 21 ++++++++++++++++++---
 esp32_device/main/storage.c     | 27 +++++++++++++++++++++------
 esp32_device/main/storage.h     | 10 ++++++++++
 esp32_device/sdkconfig          |  9 ++++-----
 6 files changed, 80 insertions(+), 23 deletions(-)

diff --git a/esp32_device/main/constants.h b/esp32_device/main/constants.h
index 335c595..77931cf 100644
--- a/esp32_device/main/constants.h
+++ b/esp32_device/main/constants.h
@@ -13,4 +13,9 @@
 /**
  * Private key max length
  */
-#define PRV_KEY_DER_MAX_BYTES 1500
\ No newline at end of file
+#define PRV_KEY_DER_MAX_BYTES 1500
+
+/**
+ * Secure origin len
+ */
+#define SEC_ORIG_LEN 255
\ No newline at end of file
diff --git a/esp32_device/main/http_client.c b/esp32_device/main/http_client.c
index e55b18c..3fe5554 100644
--- a/esp32_device/main/http_client.c
+++ b/esp32_device/main/http_client.c
@@ -118,7 +118,7 @@ esp_err_t _http_event_handler(esp_http_client_event_t *evt)
 
 char *http_client_exec(const http_request_opts *opts)
 {
-    char local_response_buffer[MAX_HTTP_OUTPUT_BUFFER + 1] = {0};
+    char *local_response_buffer = calloc(MAX_HTTP_OUTPUT_BUFFER + 1, 1);
 
     ESP_LOGI(TAG, "Perform HTTP request on %s", opts->url);
 
@@ -129,26 +129,39 @@ char *http_client_exec(const http_request_opts *opts)
         .disable_auto_redirect = true,
     };
     esp_http_client_handle_t client = esp_http_client_init(&config);
+
+    if (client == NULL)
+    {
+        ESP_LOGE(TAG, "Failed to initialize HTTP connection!");
+        free(local_response_buffer);
+        return NULL;
+    }
+
+    ESP_LOGD(TAG, "esp_http_client_perform start");
     esp_err_t err = esp_http_client_perform(client);
+    ESP_LOGD(TAG, "esp_http_client_perform end");
+
+    if (err != ESP_OK)
+    {
+        esp_http_client_cleanup(client);
+        free(local_response_buffer);
+        ESP_LOGE(TAG, "HTTP request failed with code %d!", err);
+        return NULL;
+    }
 
     const int status = esp_http_client_get_status_code(client);
     const int64_t resp_len = esp_http_client_get_content_length(client);
 
     esp_http_client_cleanup(client);
 
-    if (err != ESP_OK)
-    {
-        ESP_LOGE(TAG, "HTTP request failed with code %xd!", err);
-        return NULL;
-    }
-
     if (status < 200 || status > 299)
     {
         ESP_LOGE(TAG, "HTTP request failed with status %d!", status);
+        free(local_response_buffer);
         return NULL;
     }
 
     local_response_buffer[resp_len] = 0;
 
-    return strdup(local_response_buffer);
+    return local_response_buffer;
 }
\ No newline at end of file
diff --git a/esp32_device/main/main.c b/esp32_device/main/main.c
index 1114d7f..b3032b0 100755
--- a/esp32_device/main/main.c
+++ b/esp32_device/main/main.c
@@ -8,6 +8,7 @@
 #include "crypto.h"
 #include "unsecure_api.h"
 #include "ethernet.h"
+#include "constants.h"
 
 static const char *TAG = "main";
 
@@ -48,9 +49,23 @@ void app_main(void)
     ethernet_wait_for_network();
 
     ESP_LOGI(TAG, "Check secure origin\n");
-    char *sec_orig = unsecure_api_get_secure_origin();
-    assert(sec_orig != NULL);
-    printf("Res = %s\n", sec_orig);
+    if (storage_get_secure_origin(NULL) == 0)
+    {
+        char *sec_ori = unsecure_api_get_secure_origin();
+        if (!sec_ori)
+        {
+            ESP_LOGE(TAG, "Failed to fetch secure origin!");
+            reboot();
+        }
+        storage_set_secure_origin(sec_ori);
+        free(sec_ori);
+    }
+
+    ESP_LOGI(TAG, "Get secure origin\n");
+    char *sec_ori = calloc(SEC_ORIG_LEN, 1);
+    assert(storage_get_secure_origin(sec_ori) > 0);
+    ESP_LOGI(TAG, "Current secure origin: %s", sec_ori);
+    free(sec_ori);
 
     system_sleep(120);
 
diff --git a/esp32_device/main/storage.c b/esp32_device/main/storage.c
index 46f5f1a..e64703f 100644
--- a/esp32_device/main/storage.c
+++ b/esp32_device/main/storage.c
@@ -9,6 +9,7 @@
 
 #define DEV_NAME_KEY "dev_name"
 #define PRIVATE_KEY "prikey"
+#define SEC_ORIG_KEY "secureOrig"
 
 static const char *TAG = "storage";
 
@@ -28,25 +29,25 @@ bool storage_init()
     return err == ESP_OK;
 }
 
-void storage_set_dev_name(const char *name)
+static void storage_set_str(const char *key, const char *value)
 {
     nvs_handle_t my_handle;
 
     ESP_ERROR_CHECK(nvs_open(STORAGE_NAMESPACE, NVS_READWRITE, &my_handle));
 
-    ESP_ERROR_CHECK(nvs_set_blob(my_handle, DEV_NAME_KEY, name, strlen(name) + 1));
+    ESP_ERROR_CHECK(nvs_set_blob(my_handle, key, value, strlen(value) + 1));
 
     nvs_close(my_handle);
 }
 
-size_t storage_get_dev_name(char *dest)
+static size_t storage_get_str(const char *key, size_t dest_len, char *dest)
 {
     nvs_handle_t my_handle;
 
     ESP_ERROR_CHECK(nvs_open(STORAGE_NAMESPACE, NVS_READWRITE, &my_handle));
 
-    size_t len = (dest == NULL ? 0 : DEV_NAME_LEN);
-    esp_err_t res = nvs_get_blob(my_handle, DEV_NAME_KEY, dest, &len);
+    size_t len = (dest == NULL ? 0 : dest_len);
+    esp_err_t res = nvs_get_blob(my_handle, key, dest, &len);
 
     nvs_close(my_handle);
 
@@ -58,6 +59,16 @@ size_t storage_get_dev_name(char *dest)
     return len;
 }
 
+void storage_set_dev_name(const char *name)
+{
+    storage_set_str(DEV_NAME_KEY, name);
+}
+
+size_t storage_get_dev_name(char *dest)
+{
+    return storage_get_str(DEV_NAME_KEY, DEV_NAME_LEN, dest);
+}
+
 void storage_set_priv_key(unsigned char *key, size_t len)
 {
     nvs_handle_t my_handle;
@@ -86,4 +97,8 @@ size_t storage_get_priv_key(unsigned char *key)
     ESP_ERROR_CHECK(res);
 
     return len;
-}
\ No newline at end of file
+}
+
+void storage_set_secure_origin(const char *name) { storage_set_str(SEC_ORIG_KEY, name); }
+
+size_t storage_get_secure_origin(char *dest) { return storage_get_str(SEC_ORIG_KEY, SEC_ORIG_LEN, dest); }
\ No newline at end of file
diff --git a/esp32_device/main/storage.h b/esp32_device/main/storage.h
index bc07246..58e3d0f 100644
--- a/esp32_device/main/storage.h
+++ b/esp32_device/main/storage.h
@@ -37,6 +37,16 @@ extern "C"
      */
     size_t storage_get_priv_key(unsigned char *key);
 
+    /**
+     * Write secure origin
+     */
+    void storage_set_secure_origin(const char *name);
+
+    /**
+     * Get current secure origin
+     */
+    size_t storage_get_secure_origin(char *dest);
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/esp32_device/sdkconfig b/esp32_device/sdkconfig
index fc2f675..34f3b54 100644
--- a/esp32_device/sdkconfig
+++ b/esp32_device/sdkconfig
@@ -1127,14 +1127,13 @@ CONFIG_HEAP_TRACING_OFF=y
 # CONFIG_LOG_DEFAULT_LEVEL_NONE is not set
 # CONFIG_LOG_DEFAULT_LEVEL_ERROR is not set
 # CONFIG_LOG_DEFAULT_LEVEL_WARN is not set
-CONFIG_LOG_DEFAULT_LEVEL_INFO=y
-# CONFIG_LOG_DEFAULT_LEVEL_DEBUG is not set
+# CONFIG_LOG_DEFAULT_LEVEL_INFO is not set
+CONFIG_LOG_DEFAULT_LEVEL_DEBUG=y
 # CONFIG_LOG_DEFAULT_LEVEL_VERBOSE is not set
-CONFIG_LOG_DEFAULT_LEVEL=3
+CONFIG_LOG_DEFAULT_LEVEL=4
 CONFIG_LOG_MAXIMUM_EQUALS_DEFAULT=y
-# CONFIG_LOG_MAXIMUM_LEVEL_DEBUG is not set
 # CONFIG_LOG_MAXIMUM_LEVEL_VERBOSE is not set
-CONFIG_LOG_MAXIMUM_LEVEL=3
+CONFIG_LOG_MAXIMUM_LEVEL=4
 # CONFIG_LOG_MASTER_LEVEL is not set
 CONFIG_LOG_COLORS=y
 CONFIG_LOG_TIMESTAMP_SOURCE_RTOS=y