BerriJ/keypitecc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix preauth

Browse Source
This commit is contained in:
Jonathan Berrisch
2026-02-28 10:46:43 +01:00
parent 1e4fda0131
commit 81d9da5297
1 changed files with 121 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

133
main/zk_auth.h
View File

@@ -5,6 +5,7 @@
#include "host/atca_host.h" #include "host/atca_host.h"
#include "libssh2_config.h" #include "libssh2_config.h"
#include "mbedtls/sha256.h" #include "mbedtls/sha256.h"
#include "netdb.h"
#include <cJSON.h> #include <cJSON.h>
#include <esp_mac.h> #include <esp_mac.h>
#include <esp_system.h> #include <esp_system.h>
@@ -20,13 +21,14 @@
#include <mbedtls/sha256.h> #include <mbedtls/sha256.h>
#include <stdio.h> #include <stdio.h>
#include <string.h> #include <string.h>
// Added network headers for ESP-IDF (lwIP) sockets // Added network headers for ESP-IDF (lwIP) sockets
#include <arpa/inet.h> #include <arpa/inet.h>
#include <netinet/in.h> #include <netinet/in.h>
#include <sys/socket.h> #include <sys/socket.h>
#include <unistd.h> #include <unistd.h>
#define BUFSIZE 3200
class ZKAuth { class ZKAuth {
private: private:
mbedtls_ecp_group grp; mbedtls_ecp_group grp;
@@ -158,6 +160,41 @@ public:
memcpy(out_blob, ssh_blob, 104); memcpy(out_blob, ssh_blob, 104);
} }
static void my_trace_handler(LIBSSH2_SESSION *session, void *context,
const char *data, size_t length) {
// Print the trace data to the console
printf("LIBSSH2_TRACE: %.*s", (int)length, data);
}
static int waitsocket(int socket_fd, LIBSSH2_SESSION *session) {
struct timeval timeout;
int rc;
fd_set fd;
fd_set *writefd = NULL;
fd_set *readfd = NULL;
int dir;
timeout.tv_sec = 10;
timeout.tv_usec = 0;
FD_ZERO(&fd);
FD_SET(socket_fd, &fd);
/* now make sure we wait in the correct direction */
dir = libssh2_session_block_directions(session);
if (dir & LIBSSH2_SESSION_BLOCK_INBOUND)
readfd = &fd;
if (dir & LIBSSH2_SESSION_BLOCK_OUTBOUND)
writefd = &fd;
rc = select(socket_fd + 1, readfd, writefd, NULL, &timeout);
return rc;
}
// Get device identity (for /api/identity endpoint) // Get device identity (for /api/identity endpoint)
char *get_identity_json() { char *get_identity_json() {
char pubkey_hex[131]; // 65 bytes * 2 + null char pubkey_hex[131]; // 65 bytes * 2 + null
@@ -170,7 +207,7 @@ public:
printf("Failed to read public key from ATECC608B: 0x%02X\n", status); printf("Failed to read public key from ATECC608B: 0x%02X\n", status);
} }
uint8_t pubkey_blob[256]; uint8_t pubkey_blob[104];
generate_ssh_authorized_key(atecc_pubkey, pubkey_blob); generate_ssh_authorized_key(atecc_pubkey, pubkey_blob);
@@ -197,31 +234,99 @@ public:
char *json_str = cJSON_PrintUnformatted(root); char *json_str = cJSON_PrintUnformatted(root);
cJSON_Delete(root); cJSON_Delete(root);
// Print the JSON for debugging
printf("Identity JSON: %s\n", json_str);
const char *username = "jonathan";
int sock; int sock;
struct sockaddr_in sin; struct sockaddr_in sin;
const char *hostname = "192.168.4.1"; const char *hostname = "192.168.178.86";
unsigned short port = 22; unsigned short port = 22;
const char *username = "key";
void *my_abstract = NULL; void *my_abstract = NULL;
LIBSSH2_SESSION *session; LIBSSH2_SESSION *session;
LIBSSH2_CHANNEL *channel;
// Initialize libssh2 ESP_LOGI(TAG, "libssh2_version is %s", LIBSSH2_VERSION);
libssh2_init(0); int rc = libssh2_init(0);
if (rc) {
ESP_LOGE(TAG, "libssh2 initialization failed (%d)", rc);
while (1) {
vTaskDelay(1);
}
}
// Set up and connect socket ESP_LOGD(TAG, "hostname=%s", hostname);
sock = socket(AF_INET, SOCK_STREAM, 0); ESP_LOGD(TAG, "port=%d", port);
sin.sin_family = AF_INET; sin.sin_family = AF_INET;
// sin.sin_port = htons(22);
sin.sin_port = htons(port); sin.sin_port = htons(port);
inet_pton(AF_INET, hostname, &sin.sin_addr); sin.sin_addr.s_addr = inet_addr(hostname);
connect(sock, (struct sockaddr *)(&sin), sizeof(struct sockaddr_in)); ESP_LOGD(TAG, "sin.sin_addr.s_addr=%" PRIx32, sin.sin_addr.s_addr);
if (sin.sin_addr.s_addr == 0xffffffff) {
struct hostent *hp;
hp = gethostbyname(hostname);
if (hp == NULL) {
ESP_LOGE(TAG, "gethostbyname fail");
ESP_LOGE(TAG, "hostname=%s", hostname);
ESP_LOGE(TAG, "port=%d", port);
while (1) {
vTaskDelay(1);
}
}
struct ip4_addr *ip4_addr;
ip4_addr = (struct ip4_addr *)hp->h_addr;
sin.sin_addr.s_addr = ip4_addr->addr;
ESP_LOGD(TAG, "sin.sin_addr.s_addr=%" PRIx32, sin.sin_addr.s_addr);
}
sock = socket(AF_INET, SOCK_STREAM, 0);
if (sock == -1) {
ESP_LOGE(TAG, "failed to create socket!");
while (1) {
vTaskDelay(1);
}
}
if (connect(sock, (struct sockaddr *)(&sin), sizeof(struct sockaddr_in)) !=
0) {
ESP_LOGE(TAG, "failed to connect!");
ESP_LOGE(TAG, "hostname=%s", hostname);
ESP_LOGE(TAG, "port=%d", port);
while (1) {
vTaskDelay(1);
}
}
printf("Connected. Starting SSH handshake...\n");
// Create SSH session
session = libssh2_session_init(); session = libssh2_session_init();
libssh2_session_handshake(session, sock); if (!session) {
ESP_LOGE(TAG, "failed to session init");
while (1) {
vTaskDelay(1);
}
}
libssh2_trace(session, ~0);
libssh2_trace_sethandler(session, NULL, my_trace_handler);
printf("Session initialized. Setting timeout...\n");
// libssh2_session_set_timeout(session, 10000);
printf("Performing handshake...\n");
rc = libssh2_session_handshake(session, sock);
if (rc) {
ESP_LOGE(TAG, "Failure establishing SSH session: %d", rc);
while (1) {
vTaskDelay(1);
}
}
printf("Handshake completed. Authenticating with public key...\n");
// PUBLIC KEY AUTH: using custom callback // PUBLIC KEY AUTH: using custom callback
int rc = libssh2_userauth_publickey(session, username, pubkey_blob, rc = libssh2_userauth_publickey(session, username, pubkey_blob,
sizeof(pubkey_blob), sign_callback, sizeof(pubkey_blob), sign_callback,
&my_abstract); &my_abstract);