lwesp icon indicating copy to clipboard operation
lwesp copied to clipboard
verified publisher icon MaJerle

Add lwesp_mfg_read for reading back certificate stored in MFG area

Open VinFar opened this issue 2 years ago • 9 comments

I added the feature for reading back the certificates stored in the MFG area.

  • Added the function lwesp_mfg_area in lwesp_flash.c.
  • Added mechanism for receiving the cert from ESP and storing it in the user supplied buffer.

It works fine, tested it with different namespaces and keys.

I am not sure on how to detect the beginning of the actual certificate in the input_process. Currently I am searching for "-----BEGIN CERTIFICATE-----\n" in the input process and then down-counting the received bytes until it matches the supplied length. Feedback is very much appreciated!

VinFar avatar Nov 26 '23 13:11 VinFar

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

CLAassistant avatar Nov 26 '23 13:11 CLAassistant

Why limit yourself to CERTIFICATE only? MFG shall be the classic write command, no?

What is the benefit to read certificates from ESP device?

MaJerle avatar Nov 26 '23 15:11 MaJerle

I needed to read back the certificate in order to check if the certificate was already written to ESP device. Without this mechanism you would need to write the certificate every time the device is booting, which may corrupt the flash memory too early.

So, I only write the certificate if its non-existing or needs to be updated.

With the limitation I agree. It would not work with public or private key. I will try to change this limitation :)

VinFar avatar Nov 26 '23 18:11 VinFar

Itbwouod be better to implement generic read, where you can specify length and (if AT supports?) offset, which is then loaded to user buffer.

You can then do whatever you want with the received data.

MaJerle avatar Nov 26 '23 20:11 MaJerle

In my view, and I will work on the implementation, there shall be a generic lwesp_mfg_read command that can read the data from partition at specific start address and offset.

Then, what you could do, is to analyze your certificate (that you expect to be loaded on ESP), and you find your BEGIN CERTIFICATE and END CERTIFICATE positions and data lengths.

Then you could do lwesp_mfg_read(...., buffer, max_read_len, offset) and you analyze if read data was BEGIN CERTIFICATE and you do the same for END CERTIFICATE.

Actually, even better would be if ESP could perform some integrity check if the data it holds and then we compare with expected values, if there is a match. I asked for this feature already: https://github.com/espressif/esp-at/issues/513#issuecomment-1656705633

MaJerle avatar Nov 27 '23 09:11 MaJerle

I think both options would be nice to have. With lwesp_mfg_area and predefined namespaces and keys the user does not need to care about start addresses and offset etc...

The user can just pass the same namespace and key, which is used for writing and then compare it.

Without the specific comparison against BEGIN CERTIFICATE inside lwesp, this is a good solution IMHO

VinFar avatar Nov 27 '23 19:11 VinFar

I think both options would be nice to have. With lwesp_mfg_area and predefined namespaces and keys the user does not need to care about start addresses and offset etc...

The user can just pass the same namespace and key, which is used for writing and then compare it.

Without the specific comparison against BEGIN CERTIFICATE inside lwesp, this is a good solution IMHO

What is user has BEGIN RSA CERTIFICATE instead? It would first make sense to have a generic read option, and then to use this as a base of other implementations. Sadly, AT+SYSMFG command is a bit stupid, as it returns error if you ask to read more data than available. Instead, it should return you actual number of bytes available to read.

MaJerle avatar Nov 27 '23 20:11 MaJerle

Yes, it would be great to have a generic read option. But, as you already have the implementation for the different namespaces and keys for the different certificates, we could use this to read the certificate. If the lwesp library then reads the ceritificate, it does not check against anny string like '---BEGIN CERTIFICATE---' etc. It just copies the received content into the user supplied buffer. It is then up to the user, to check the buffer for validity.

What do you think?

An then additionally add a generic read option with start adress + length for reading the flash area of the ESP device.

VinFar avatar Dec 03 '23 12:12 VinFar

I have implemented the read option, now to check if your certificate is there, you simply find the start position of your certificate -- BEGIN CERTIFICATE--- and --END CERTIFICATE-- in your own string (that you keep as a backup, in case ESP doesn't have it loaded). You have the length of these strings and position from the start of array.

Then simply use mfg to read twice, with 2 different offsets and length, and compare if read is successful

This also allows reading private key, which may be ECDH or RSA (so we need to know which one we look at...)

MaJerle avatar Dec 03 '23 13:12 MaJerle