Without atecc608b
This commit is contained in:
@@ -1,6 +1,6 @@
|
||||
#include "ssh_client.h"
|
||||
|
||||
#include "cryptoauthlib.h"
|
||||
#include "efuse_ecdsa.h"
|
||||
#include "sdkconfig.h"
|
||||
#include <arpa/inet.h>
|
||||
#include <esp_log.h>
|
||||
@@ -67,10 +67,12 @@ static uint32_t write_mpint(uint8_t *buf, const uint8_t *val, uint32_t size)
|
||||
* [uint32 8] "nistp256"
|
||||
* [uint32 65] 0x04 || X(32) || Y(32)
|
||||
*
|
||||
* @param atecc_pubkey 64-byte raw public key (X||Y) from ATECC608B.
|
||||
* @param out_blob Must point to a buffer of at least 104 bytes.
|
||||
* @param pub_x 32-byte X coordinate (big-endian).
|
||||
* @param pub_y 32-byte Y coordinate (big-endian).
|
||||
* @param out_blob Must point to a buffer of at least 104 bytes.
|
||||
*/
|
||||
static void build_pubkey_blob(const uint8_t *atecc_pubkey, uint8_t *out_blob)
|
||||
static void build_pubkey_blob(const uint8_t *pub_x, const uint8_t *pub_y,
|
||||
uint8_t *out_blob)
|
||||
{
|
||||
uint32_t off = 0;
|
||||
|
||||
@@ -87,12 +89,13 @@ static void build_pubkey_blob(const uint8_t *atecc_pubkey, uint8_t *out_blob)
|
||||
/* Uncompressed EC point: 0x04 || X || Y */
|
||||
write_be32(&out_blob[off], 65); off += 4;
|
||||
out_blob[off++] = 0x04;
|
||||
memcpy(&out_blob[off], atecc_pubkey, 64);
|
||||
/* off += 64 — total = 104 */
|
||||
memcpy(&out_blob[off], pub_x, 32); off += 32;
|
||||
memcpy(&out_blob[off], pub_y, 32);
|
||||
/* off += 32 — total = 104 */
|
||||
}
|
||||
|
||||
/* -------------------------------------------------------------------------
|
||||
* libssh2 signing callback (ATECC608B signs the hash)
|
||||
* libssh2 signing callback (eFuse ECDSA signs the hash)
|
||||
* ---------------------------------------------------------------------- */
|
||||
static int sign_callback(LIBSSH2_SESSION *session,
|
||||
unsigned char **sig, size_t *sig_len,
|
||||
@@ -103,14 +106,14 @@ static int sign_callback(LIBSSH2_SESSION *session,
|
||||
(void)abstract;
|
||||
|
||||
uint8_t digest[32];
|
||||
uint8_t raw_sig[64];
|
||||
uint8_t r_raw[32], s_raw[32];
|
||||
|
||||
/* Hash the challenge data */
|
||||
mbedtls_sha256(data, data_len, digest, 0);
|
||||
|
||||
/* Sign with the ATECC608B hardware key in slot 0 */
|
||||
if (atcab_sign(0, digest, raw_sig) != ATCA_SUCCESS) {
|
||||
ESP_LOGE(TAG, "ATECC608B signing failed!");
|
||||
/* Sign with the eFuse hardware ECDSA key */
|
||||
if (!efuse_ecdsa_sign(digest, r_raw, s_raw)) {
|
||||
ESP_LOGE(TAG, "eFuse ECDSA signing failed!");
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -119,8 +122,8 @@ static int sign_callback(LIBSSH2_SESSION *session,
|
||||
if (!buf) return -1;
|
||||
|
||||
uint32_t off = 0;
|
||||
off += write_mpint(&buf[off], &raw_sig[0], 32); /* R */
|
||||
off += write_mpint(&buf[off], &raw_sig[32], 32); /* S */
|
||||
off += write_mpint(&buf[off], r_raw, 32); /* R */
|
||||
off += write_mpint(&buf[off], s_raw, 32); /* S */
|
||||
|
||||
*sig = buf;
|
||||
*sig_len = off;
|
||||
@@ -132,15 +135,14 @@ static int sign_callback(LIBSSH2_SESSION *session,
|
||||
* ---------------------------------------------------------------------- */
|
||||
void ssh_print_public_key(void)
|
||||
{
|
||||
uint8_t raw_key[64];
|
||||
ATCA_STATUS st = atcab_get_pubkey(0, raw_key);
|
||||
if (st != ATCA_SUCCESS) {
|
||||
ESP_LOGE(TAG, "atcab_get_pubkey failed: 0x%02X", st);
|
||||
uint8_t pub_x[32], pub_y[32];
|
||||
if (!efuse_ecdsa_get_pubkey(pub_x, pub_y)) {
|
||||
ESP_LOGE(TAG, "Failed to export public key from eFuse");
|
||||
return;
|
||||
}
|
||||
|
||||
uint8_t blob[104];
|
||||
build_pubkey_blob(raw_key, blob);
|
||||
build_pubkey_blob(pub_x, pub_y, blob);
|
||||
|
||||
size_t b64_len = 0;
|
||||
mbedtls_base64_encode(NULL, 0, &b64_len, blob, sizeof(blob));
|
||||
@@ -165,14 +167,13 @@ bool ssh_execute_command(const char *cmd)
|
||||
if (!cmd) return false;
|
||||
|
||||
/* --- Read public key blob ------------------------------------------ */
|
||||
uint8_t raw_key[64];
|
||||
ATCA_STATUS st = atcab_get_pubkey(0, raw_key);
|
||||
if (st != ATCA_SUCCESS) {
|
||||
ESP_LOGE(TAG, "atcab_get_pubkey failed: 0x%02X", st);
|
||||
uint8_t pub_x[32], pub_y[32];
|
||||
if (!efuse_ecdsa_get_pubkey(pub_x, pub_y)) {
|
||||
ESP_LOGE(TAG, "Failed to export public key from eFuse");
|
||||
return false;
|
||||
}
|
||||
uint8_t pubkey_blob[104];
|
||||
build_pubkey_blob(raw_key, pubkey_blob);
|
||||
build_pubkey_blob(pub_x, pub_y, pubkey_blob);
|
||||
|
||||
/* --- TCP connect ------------------------------------------------------- */
|
||||
int rc;
|
||||
@@ -227,7 +228,7 @@ bool ssh_execute_command(const char *cmd)
|
||||
}
|
||||
ESP_LOGI(TAG, "SSH handshake OK");
|
||||
|
||||
/* --- Authenticate with ATECC608B hardware key ------------------------- */
|
||||
/* --- Authenticate with eFuse ECDSA hardware key ---------------------- */
|
||||
void *abstract = NULL;
|
||||
rc = libssh2_userauth_publickey(session, CONFIG_SSH_USERNAME,
|
||||
pubkey_blob, sizeof(pubkey_blob),
|
||||
|
||||
Reference in New Issue
Block a user