Sternenlabor/nuki_hub
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

SPIFFS and self-sign fixes

Browse Source
This commit is contained in:
iranl
2025-02-18 15:27:03 +01:00
parent 21d5491e50
commit 3fa605b2b0
8 changed files with 211 additions and 196 deletions
Download Patch File Download Diff File Expand all files Collapse all files

154
src/util/SSLCert.hpp
View File

@@ -1,3 +1,27 @@
/*
MIT License
Copyright (c) 2017 Frank Hessel
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
*/
#ifndef SRC_SSLCERT_HPP_
#define SRC_SSLCERT_HPP_
@@ -11,6 +35,8 @@
#include <mbedtls/x509.h>
#include <mbedtls/x509_crt.h>
#include <mbedtls/x509_csr.h>
#include <mbedtls/asn1write.h>
#include <mbedtls/oid.h>
#define HTTPS_SERVER_ERROR_KEYGEN 0x0F
#define HTTPS_SERVER_ERROR_KEYGEN_RNG 0x02
@@ -26,146 +52,38 @@
#define HTTPS_SERVER_ERROR_CERTGEN_NAME 0x17
#define HTTPS_SERVER_ERROR_CERTGEN_SERIAL 0x18
#define HTTPS_SERVER_ERROR_CERTGEN_VALIDITY 0x19
#define HTTPS_SERVER_ERROR_CERTGEN_CN 0x1a
/**
* \brief Certificate and private key that can be passed to the HTTPSServer.
*
* **Converting PEM to DER Files**
*
* Certificate:
* ```bash
* openssl x509 -inform PEM -outform DER -in myCert.crt -out cert.der
* ```
*
* Private Key:
* ```bash
* openssl rsa -inform PEM -outform DER -in myCert.key -out key.der
* ```
*
* **Converting DER File to C Header**
*
* ```bash
* echo "#ifndef KEY_H_" > ./key.h
* echo "#define KEY_H_" >> ./key.h
* xxd -i key.der >> ./key.h
* echo "#endif" >> ./key.h
* ```
*/
class SSLCert {
public:
/**
* \brief Creates a new SSLCert.
*
* The certificate and key data may be NULL (default values) if the certificate is meant
* to be passed to createSelfSignedCert().
*
* Otherwise, the data must reside in a memory location that is not deleted until the server
* using the certificate is stopped.
*
* \param[in] certData The certificate data to use (DER format)
* \param[in] certLength The length of the certificate data
* \param[in] pkData The private key data to use (DER format)
* \param[in] pkLength The length of the private key
*/
SSLCert(
unsigned char * certData = NULL,
uint16_t certLength = 0,
unsigned char * pkData = NULL,
uint16_t pkLength = 0
uint16_t pkLength = 0,
String keyPEM = "",
String certPEM = ""
);
virtual ~SSLCert();
/**
* \brief Returns the length of the certificate in byte
*/
uint16_t getCertLength();
/**
* \brief Returns the length of the private key in byte
*/
uint16_t getPKLength();
/**
* \brief Returns the certificate data
*/
unsigned char * getCertData();
/**
* \brief Returns the private key data
*/
unsigned char * getPKData();
/**
* \brief Sets the private key in DER format
*
* The data has to reside in a place in memory that is not deleted as long as the
* server is running.
*
* See SSLCert() for some information on how to generate DER data.
*
* \param[in] _pkData The data of the private key
* \param[in] length The length of the private key
*/
void setPK(unsigned char * _pkData, uint16_t length);
/**
* \brief Sets the certificate data in DER format
*
* The data has to reside in a place in memory that is not deleted as long as the
* server is running.
*
* See SSLCert for some information on how to generate DER data.
*
* \param[in] _certData The data of the certificate
* \param[in] length The length of the certificate
*/
void setCert(unsigned char * _certData, uint16_t length);
/**
* \brief Clears the key buffers and deletes them.
*/
String getCertPEM();
String getKeyPEM();
void setPK(String _keyPEM);
void setCert(String _certPEM);
void clear();
private:
uint16_t _certLength;
unsigned char * _certData;
uint16_t _pkLength;
unsigned char * _pkData;
String _keyPEM;
String _certPEM;
};
/**
* \brief Defines the key size for key generation
*
* Not available if the `HTTPS_DISABLE_SELFSIGNING` compiler flag is set
*/
enum SSLKeySize {
/** \brief RSA key with 1024 bit */
KEYSIZE_1024 = 1024,
/** \brief RSA key with 2048 bit */
KEYSIZE_2048 = 2048,
/** \brief RSA key with 4096 bit */
KEYSIZE_4096 = 4096
};
/**
* \brief Creates a self-signed certificate on the ESP32
*
* This function creates a new self-signed certificate for the given hostname on the heap.
* Make sure to clear() it before you delete it.
*
* The distinguished name (dn) parameter has to follow the x509 specifications. An example
* would be:
* CN=myesp.local,O=acme,C=US
*
* The strings validFrom and validUntil have to be formatted like this:
* "20190101000000", "20300101000000"
*
* This will take some time, so you should probably write the certificate data to non-volatile
* storage when you are done.
*
* Setting the `HTTPS_DISABLE_SELFSIGNING` compiler flag will remove this function from the library
*/
int createSelfSignedCert(SSLCert &certCtx, SSLKeySize keySize, std::string dn, std::string validFrom = "20190101000000", std::string validUntil = "20300101000000");
#endif /* SRC_SSLCERT_HPP_ */