feat/espressif_jitp_cert_fix: Fixes the handline of JITP certs (#1520)

supreetd21 · dan4thewin · commit 53b496fc1268 · 2019-12-01T19:09:18.000-08:00
Description:
In the PAL layer(iot_pkcs_pal.c) adding the handling for fetching the JITP certificate from NVS.
diff --git a/vendors/espressif/boards/esp32/ports/pkcs11/iot_pkcs11_pal.c b/vendors/espressif/boards/esp32/ports/pkcs11/iot_pkcs11_pal.c
@@ -44,14 +44,16 @@ static const char *TAG = "PKCS11";
 #define pkcs11palFILE_NAME_CLIENT_CERTIFICATE    "P11_Cert"
 #define pkcs11palFILE_NAME_KEY                   "P11_Key"
 #define pkcs11palFILE_CODE_SIGN_PUBLIC_KEY       "P11_CSK"
+#define pkcs11palFILE_JITP_CERTIFICATE           "P11_JITP"
 
 enum eObjectHandles
 {
     eInvalidHandle = 0, /* According to PKCS #11 spec, 0 is never a valid object handle. */
     eAwsDevicePrivateKey = 1,
     eAwsDevicePublicKey,
     eAwsDeviceCertificate,
-    eAwsCodeSigningKey
+    eAwsCodeSigningKey,
+    eAwsJITPCertificate
 };
 /*-----------------------------------------------------------*/
 
@@ -86,6 +88,7 @@ static void initialize_nvs_partition()
 
         esp_err_t ret = nvs_flash_secure_init_partition(NVS_PART_NAME, &cfg);
         if (ret == ESP_ERR_NVS_NO_FREE_PAGES || ret == ESP_ERR_NVS_NEW_VERSION_FOUND) {
+            ESP_LOGW(TAG, "Error initialising the NVS partition [%d]. Erasing the partition.", ret);
             ESP_ERROR_CHECK(nvs_flash_erase_partition(NVS_PART_NAME));
             ret = nvs_flash_secure_init_partition(NVS_PART_NAME, &cfg);
         }
@@ -94,6 +97,7 @@ static void initialize_nvs_partition()
 #endif // CONFIG_NVS_ENCRYPTION
         esp_err_t ret = nvs_flash_init_partition(NVS_PART_NAME);
         if (ret == ESP_ERR_NVS_NO_FREE_PAGES || ret == ESP_ERR_NVS_NEW_VERSION_FOUND) {
+            ESP_LOGW(TAG, "Error initialising the NVS partition [%d]. Erasing the partition.", ret);
             ESP_ERROR_CHECK(nvs_flash_erase_partition(NVS_PART_NAME));
             ret = nvs_flash_init_partition(NVS_PART_NAME);
         }
@@ -143,6 +147,13 @@ void prvLabelToFilenameHandle( uint8_t * pcLabel,
             *pcFileName = pkcs11palFILE_CODE_SIGN_PUBLIC_KEY;
             *pHandle = eAwsCodeSigningKey;
         }
+        else if( 0 == memcmp( pcLabel,
+                              pkcs11configLABEL_JITP_CERTIFICATE,
+                              strlen( (char*)pkcs11configLABEL_JITP_CERTIFICATE ) ) )
+        {
+            *pcFileName = pkcs11palFILE_JITP_CERTIFICATE;
+            *pHandle = eAwsJITPCertificate;
+        }
         else
         {
             *pcFileName = NULL;
@@ -300,6 +311,11 @@ CK_RV PKCS11_PAL_GetObjectValue( CK_OBJECT_HANDLE xHandle,
         pcFileName = pkcs11palFILE_CODE_SIGN_PUBLIC_KEY;
         *pIsPrivate = CK_FALSE;
     }
+    else if( xHandle == eAwsJITPCertificate )
+    {
+        pcFileName = pkcs11palFILE_JITP_CERTIFICATE;
+        *pIsPrivate = CK_FALSE;
+    }
     else
     {
         ulReturn = CKR_OBJECT_HANDLE_INVALID;
