BerriJ/keypitecc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Code cleanup

Browse Source
This commit is contained in:
Jonathan Berrisch
2026-02-28 17:09:40 +01:00
parent 0989a341e4
commit 593b9e1409
2 changed files with 55 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

91
main/zk_auth.h
View File

@@ -186,18 +186,6 @@ public:
memcpy(&ssh_blob[offset], atecc_pubkey, 64); memcpy(&ssh_blob[offset], atecc_pubkey, 64);
offset += 64; offset += 64;
// 4. Base64 Encode the blob
size_t b64_len = 0;
// Call once to get required length
mbedtls_base64_encode(NULL, 0, &b64_len, ssh_blob, 104);
unsigned char b64_out[b64_len];
// Call again to actually encode
mbedtls_base64_encode(b64_out, b64_len, &b64_len, ssh_blob, 104);
// 5. Print out the final authorized_keys line
printf("ecdsa-sha2-nistp256 %s esp32-atecc608b\n", b64_out);
memcpy(out_blob, ssh_blob, 104); memcpy(out_blob, ssh_blob, 104);
} }
@@ -238,10 +226,7 @@ public:
// Get device identity (for /api/identity endpoint) // Get device identity (for /api/identity endpoint)
char *get_identity_json() { char *get_identity_json() {
char pubkey_hex[131]; // 65 bytes * 2 + null
uint8_t atecc_pubkey[64]; // 65 bytes * 2 + null uint8_t atecc_pubkey[64]; // 65 bytes * 2 + null
uint8_t standard_pubkey[65];
standard_pubkey[0] = 0x04;
// Get public key from ATECC608B and convert to hex // Get public key from ATECC608B and convert to hex
ATCA_STATUS status = atcab_get_pubkey(0, atecc_pubkey); ATCA_STATUS status = atcab_get_pubkey(0, atecc_pubkey);
if (status != ATCA_SUCCESS) { if (status != ATCA_SUCCESS) {
@@ -252,32 +237,23 @@ public:
generate_ssh_authorized_key(atecc_pubkey, pubkey_blob); generate_ssh_authorized_key(atecc_pubkey, pubkey_blob);
// Print the authorized_keys line for debugging // 4. Base64 Encode the blob
printf("Generated authorized_keys line:\n"); size_t b64_len = 0;
for (int i = 0; i < 104; i++) { mbedtls_base64_encode(NULL, 0, &b64_len, pubkey_blob, 104);
printf("%02x", pubkey_blob[i]); unsigned char b64_out[b64_len];
} mbedtls_base64_encode(b64_out, b64_len, &b64_len, pubkey_blob, 104);
printf("\n"); printf("ecdsa-sha2-nistp256 %s esp32-atecc608b\n", b64_out);
memcpy(&standard_pubkey[1], atecc_pubkey, 64); // Concat type string with pubkey and identifier for authorized_keys format
bin_to_hex(standard_pubkey, 65, pubkey_hex); char authorized_keys_line[150]; // 19 + 1 + b64_len + 1 + 13 + 1 = 150
snprintf(authorized_keys_line, sizeof(authorized_keys_line),
// Get MAC address to use as salt "ecdsa-sha2-nistp256 %s esp32-atecc608b", b64_out);
uint8_t mac[6];
esp_read_mac(mac, ESP_MAC_WIFI_STA);
char mac_hex[13]; // 6 bytes * 2 + null
bin_to_hex(mac, 6, mac_hex);
cJSON *root = cJSON_CreateObject(); cJSON *root = cJSON_CreateObject();
cJSON_AddStringToObject(root, "pubKey", pubkey_hex); cJSON_AddStringToObject(root, "sshPublicKey", authorized_keys_line);
cJSON_AddStringToObject(root, "macAddress", mac_hex);
char *json_str = cJSON_PrintUnformatted(root); char *json_str = cJSON_PrintUnformatted(root);
cJSON_Delete(root); cJSON_Delete(root);
// Print the JSON for debugging
printf("Identity JSON: %s\n", json_str);
const char *username = "jonathan"; const char *username = "jonathan";
int sock; int sock;
@@ -374,7 +350,50 @@ public:
if (rc == 0) { if (rc == 0) {
printf("SSH authentication successful!\n"); printf("SSH authentication successful!\n");
// ... Continue SSH communication ...
// 1. Open a channel within the authenticated session
LIBSSH2_CHANNEL *channel = libssh2_channel_open_session(session);
if (!channel) {
printf("Failed to open a session channel!\n");
} else {
// 2. Execute the command
const char *cmd = "ls -la";
printf("Executing command: %s\n", cmd);
rc = libssh2_channel_exec(channel, cmd);
if (rc != 0) {
printf("Failed to execute command. Error: %d\n", rc);
} else {
printf("--- Command Output ---\n");
char buffer[256];
int bytes_read;
// 3. Read the output in a loop until the channel closes (EOF)
// libssh2_channel_read returns the amount of bytes read, 0 on EOF, or
// <0 on error
while ((bytes_read = libssh2_channel_read(channel, buffer,
sizeof(buffer) - 1)) > 0) {
buffer[bytes_read] =
'\0'; // Null-terminate the chunk so printf handles it safely
printf("%s", buffer);
}
if (bytes_read < 0) {
printf("\n[Read failed with error code: %d]\n", bytes_read);
}
printf("\n----------------------\n");
}
// 4. Gracefully close the channel and grab the exit code (e.g., 0 for
// success)
libssh2_channel_close(channel);
int exit_status = libssh2_channel_get_exit_status(channel);
printf("Command exited with status: %d\n", exit_status);
// 5. Free the channel memory
libssh2_channel_free(channel);
}
} else { } else {
printf("Authentication failed\n"); printf("Authentication failed\n");
} }

3
sdkconfig.defaults
View File

@@ -4,9 +4,6 @@
CONFIG_WIFI_SSID="DoNotSetTheRealValueHere" CONFIG_WIFI_SSID="DoNotSetTheRealValueHere"
CONFIG_WIFI_PASSWORD="PutTheRealPassInTheSdkconfigFile" CONFIG_WIFI_PASSWORD="PutTheRealPassInTheSdkconfigFile"
CONFIG_IDF_TARGET="esp32c6" CONFIG_IDF_TARGET="esp32c6"
CONFIG_ESPTOOLPY_FLASHSIZE_4MB=y
CONFIG_PARTITION_TABLE_CUSTOM=y
CONFIG_ESP_MAIN_TASK_STACK_SIZE=24000
CONFIG_ATECC608A_TCUSTOM=y CONFIG_ATECC608A_TCUSTOM=y
CONFIG_ATCA_I2C_SDA_PIN=22 CONFIG_ATCA_I2C_SDA_PIN=22
CONFIG_ATCA_I2C_SCL_PIN=23 CONFIG_ATCA_I2C_SCL_PIN=23