From a6b283d023c5b9d5a7f1421d2086129da335cd32 Mon Sep 17 00:00:00 2001 From: Pierre HUBERT Date: Sun, 18 Aug 2024 19:42:40 +0200 Subject: [PATCH] Can get root CA --- esp32_device/main/constants.h | 5 +++++ esp32_device/main/main.c | 19 +++++++++++++++++++ esp32_device/main/storage.c | 9 +++++++-- esp32_device/main/storage.h | 12 +++++++++++- esp32_device/main/unsecure_api.c | 16 ++++++++++++++++ esp32_device/main/unsecure_api.h | 8 ++++++++ 6 files changed, 66 insertions(+), 3 deletions(-) diff --git a/esp32_device/main/constants.h b/esp32_device/main/constants.h index 77931cf..1056a7d 100644 --- a/esp32_device/main/constants.h +++ b/esp32_device/main/constants.h @@ -15,6 +15,11 @@ */ #define PRV_KEY_DER_MAX_BYTES 1500 +/** + * Root CA max length + */ +#define ROOT_CA_MAX_BYTES 3000 + /** * Secure origin len */ diff --git a/esp32_device/main/main.c b/esp32_device/main/main.c index b3032b0..dc0b64f 100755 --- a/esp32_device/main/main.c +++ b/esp32_device/main/main.c @@ -67,6 +67,25 @@ void app_main(void) ESP_LOGI(TAG, "Current secure origin: %s", sec_ori); free(sec_ori); + ESP_LOGI(TAG, "Check root CA"); + if (storage_get_root_ca(NULL) == 0) + { + char *root_ca = unsecure_api_get_root_ca(); + if (!root_ca) + { + ESP_LOGE(TAG, "Failed to fetch root CA!"); + reboot(); + } + storage_set_root_ca(root_ca); + free(root_ca); + } + + ESP_LOGI(TAG, "Get root CA"); + char *root_ca = calloc(ROOT_CA_MAX_BYTES, 1); + assert(storage_get_root_ca(root_ca) > 0); + ESP_LOGI(TAG, "Current root CA:\n%s", root_ca); + free(root_ca); + system_sleep(120); reboot(); diff --git a/esp32_device/main/storage.c b/esp32_device/main/storage.c index e64703f..d7fc540 100644 --- a/esp32_device/main/storage.c +++ b/esp32_device/main/storage.c @@ -10,6 +10,7 @@ #define DEV_NAME_KEY "dev_name" #define PRIVATE_KEY "prikey" #define SEC_ORIG_KEY "secureOrig" +#define SEC_ROOT_CA_KEY "rootCA" static const char *TAG = "storage"; @@ -99,6 +100,10 @@ size_t storage_get_priv_key(unsigned char *key) return len; } -void storage_set_secure_origin(const char *name) { storage_set_str(SEC_ORIG_KEY, name); } +void storage_set_secure_origin(const char *orig) { storage_set_str(SEC_ORIG_KEY, orig); } -size_t storage_get_secure_origin(char *dest) { return storage_get_str(SEC_ORIG_KEY, SEC_ORIG_LEN, dest); } \ No newline at end of file +size_t storage_get_secure_origin(char *dest) { return storage_get_str(SEC_ORIG_KEY, SEC_ORIG_LEN, dest); } + +void storage_set_root_ca(const char *ca) { storage_set_str(SEC_ROOT_CA_KEY, ca); } + +size_t storage_get_root_ca(char *dest) { return storage_get_str(SEC_ROOT_CA_KEY, ROOT_CA_MAX_BYTES, dest); } \ No newline at end of file diff --git a/esp32_device/main/storage.h b/esp32_device/main/storage.h index 58e3d0f..a36e0e7 100644 --- a/esp32_device/main/storage.h +++ b/esp32_device/main/storage.h @@ -40,13 +40,23 @@ extern "C" /** * Write secure origin */ - void storage_set_secure_origin(const char *name); + void storage_set_secure_origin(const char *orig); /** * Get current secure origin */ size_t storage_get_secure_origin(char *dest); + /** + * Write root CA + */ + void storage_set_root_ca(const char *ca); + + /** + * Get current root CA + */ + size_t storage_get_root_ca(char *dest); + #ifdef __cplusplus } #endif diff --git a/esp32_device/main/unsecure_api.c b/esp32_device/main/unsecure_api.c index 4a07215..3e459e3 100644 --- a/esp32_device/main/unsecure_api.c +++ b/esp32_device/main/unsecure_api.c @@ -18,5 +18,21 @@ char *unsecure_api_get_secure_origin() return NULL; } + return res; +} + +char *unsecure_api_get_root_ca() +{ + const char *url = BACKEND_UNSECURE_URL "/pki/root_ca.crt"; + + http_request_opts opts = {.url = url}; + char *res = http_client_exec(&opts); + + if (!res) + { + ESP_LOGE(TAG, "Failed to query root CA!"); + return NULL; + } + return res; } \ No newline at end of file diff --git a/esp32_device/main/unsecure_api.h b/esp32_device/main/unsecure_api.h index c1b7adb..851b1ec 100644 --- a/esp32_device/main/unsecure_api.h +++ b/esp32_device/main/unsecure_api.h @@ -17,6 +17,14 @@ extern "C" */ char *unsecure_api_get_secure_origin(); + /** + * Get root CA + * + * @returns The root CA or NULL in case of failure. Value must be + * released by caller. + */ + char *unsecure_api_get_root_ca(); + #ifdef __cplusplus } #endif