From 9966904e4dbe7ed7b27adbeda6b35f1213af0a10 Mon Sep 17 00:00:00 2001 From: Pierre HUBERT Date: Fri, 16 Aug 2024 11:51:33 +0200 Subject: [PATCH] Get the CSR --- esp32_device/main/crypto.c | 68 ++++++++++++++++++++++++++++++++++++- esp32_device/main/crypto.h | 8 +++++ esp32_device/main/main.c | 4 +++ esp32_device/main/storage.c | 2 +- 4 files changed, 80 insertions(+), 2 deletions(-) diff --git a/esp32_device/main/crypto.c b/esp32_device/main/crypto.c index c7f1f67..08eb393 100644 --- a/esp32_device/main/crypto.c +++ b/esp32_device/main/crypto.c @@ -2,6 +2,7 @@ #include "system.h" #include "constants.h" #include "storage.h" +#include "dev_name.h" #include #include @@ -11,6 +12,7 @@ #include #include #include +#include #define ECPARAMS MBEDTLS_ECP_DP_SECP256R1 @@ -80,6 +82,10 @@ bool crypto_gen_priv_key() storage_set_priv_key(key_buff + PRV_KEY_DER_MAX_BYTES - ret, ret); free(key_buff); + mbedtls_pk_free(&key); + mbedtls_ctr_drbg_free(&ctr_drbg); + mbedtls_entropy_free(&entropy); + return true; } @@ -105,6 +111,7 @@ void crypto_print_priv_key() (unsigned int)-ret); reboot(); } + free(key_buff); printf("Show private key\n"); unsigned char *out = malloc(16000); @@ -119,5 +126,64 @@ void crypto_print_priv_key() printf("%s", out); free(out); - free(key_buff); + mbedtls_pk_free(&key); + mbedtls_ctr_drbg_free(&ctr_drbg); + mbedtls_entropy_free(&entropy); } + +char *crypto_get_csr() +{ + int ret; + + unsigned char *key_buff = malloc(PRV_KEY_DER_MAX_BYTES); + size_t key_len = storage_get_priv_key(key_buff); + assert(key_len > 0); + + mbedtls_pk_context key; + mbedtls_pk_init(&key); + + mbedtls_entropy_context entropy; + mbedtls_ctr_drbg_context ctr_drbg; + seed_ctr_drbg_context(&entropy, &ctr_drbg); + + printf("Parse private key (len = %d)\n", key_len); + if ((ret = mbedtls_pk_parse_key(&key, key_buff, key_len, NULL, 0, mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) + { + mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned -0x%04x", + (unsigned int)-ret); + reboot(); + } + free(key_buff); + + // Create CSR + mbedtls_x509write_csr req; + mbedtls_x509write_csr_init(&req); + mbedtls_x509write_csr_set_md_alg(&req, MBEDTLS_MD_SHA256); + + char subj[DEV_NAME_LEN + 4]; + char *n = dev_name(); + sprintf(subj, "CN=%s", n); + free(n); + if ((ret = mbedtls_x509write_csr_set_subject_name(&req, subj)) != 0) + { + mbedtls_printf(" failed\n ! mbedtls_x509write_csr_set_subject_name returned %d", ret); + reboot(); + } + + printf("Sign CSR with private key\n"); + mbedtls_x509write_csr_set_key(&req, &key); + + char *csr = malloc(4096); + if ((ret = mbedtls_x509write_csr_pem(&req, (u_char *)csr, 4096, mbedtls_ctr_drbg_random, &ctr_drbg)) < 0) + { + mbedtls_printf(" failed\n ! mbedtls_x509write_csr_pem returned %d", ret); + reboot(); + } + + mbedtls_x509write_csr_free(&req); + mbedtls_pk_free(&key); + mbedtls_ctr_drbg_free(&ctr_drbg); + mbedtls_entropy_free(&entropy); + + return csr; +} \ No newline at end of file diff --git a/esp32_device/main/crypto.h b/esp32_device/main/crypto.h index f11803e..ebeab06 100644 --- a/esp32_device/main/crypto.h +++ b/esp32_device/main/crypto.h @@ -23,6 +23,14 @@ extern "C" */ void crypto_print_priv_key(); + /** + * Get CSR + * + * @return NULL in case of failure or a buffer that must be + * freed in case of success + */ + char *crypto_get_csr(); + #ifdef __cplusplus } #endif diff --git a/esp32_device/main/main.c b/esp32_device/main/main.c index 8647c4c..39c3455 100755 --- a/esp32_device/main/main.c +++ b/esp32_device/main/main.c @@ -32,5 +32,9 @@ void app_main(void) printf("Device private key:\n"); crypto_print_priv_key(); + char *csr = crypto_get_csr(); + printf("Current CSR:\n%s\n", csr); + free(csr); + reboot(); } diff --git a/esp32_device/main/storage.c b/esp32_device/main/storage.c index 864dc9d..e805d31 100644 --- a/esp32_device/main/storage.c +++ b/esp32_device/main/storage.c @@ -31,7 +31,7 @@ void storage_set_dev_name(const char *name) ESP_ERROR_CHECK(nvs_open(STORAGE_NAMESPACE, NVS_READWRITE, &my_handle)); - ESP_ERROR_CHECK(nvs_set_blob(my_handle, DEV_NAME_KEY, name, strlen(name))); + ESP_ERROR_CHECK(nvs_set_blob(my_handle, DEV_NAME_KEY, name, strlen(name) + 1)); nvs_close(my_handle); }