cryptnox-sdk-esp32/Sign_2main_2main_8cpp_source.html

/*

 * SPDX-License-Identifier: LGPL-3.0-or-later

 * Copyright (c) 2026 Cryptnox SA

 */


#include <string.h>

#include "freertos/FreeRTOS.h"

#include "freertos/task.h"

#include "freertos/event_groups.h"

#include "driver/spi_master.h"

#include "esp_log.h"

#include "esp_wifi.h"

#include "esp_netif.h"

#include "esp_event.h"

#include "nvs_flash.h"

#include "pn532.h"

#include "CryptnoxWallet.h"

#include "Pn532NfcTransport.h"

#include "ESP32Logger.h"

#include "esp32_crypto_provider.h"

#include "ESP32Platform.h"

#include "config.h"


/* ── SPI wiring — ESP32-S3 dev kit + Keyestudio PN532 breakout ──── */

#define SPI_MOSI            11

#define SPI_MISO            13

#define SPI_SCLK            12

#define SPI_MAX_TRANSFER_SZ 4096

#define SPI_PIN_UNUSED      (-1)

#define NFC_CS              10


static const char *const TAG           = "sign";

static const uint32_t    LOOP_DELAY_MS  = 1000U;

static const uint32_t    WIFI_TIMEOUT_MS = 10000U;

static const int         WIFI_MAX_RETRY  = 5;


#define WIFI_CONNECTED_BIT BIT0

#define WIFI_FAIL_BIT      BIT1


static EventGroupHandle_t s_wifi_event_group;

static int                s_retry_num = 0;


static void wifi_event_handler(void *arg, esp_event_base_t event_base,

                               int32_t event_id, void *event_data)

{

    (void)arg;

    (void)event_data;

    if ((event_base == WIFI_EVENT) && (event_id == WIFI_EVENT_STA_START)) {

        esp_wifi_connect();

    } else if ((event_base == WIFI_EVENT) &&

               (event_id == WIFI_EVENT_STA_DISCONNECTED)) {

        if (s_retry_num < WIFI_MAX_RETRY) {

            esp_wifi_connect();

            s_retry_num++;

        } else {

            xEventGroupSetBits(s_wifi_event_group, WIFI_FAIL_BIT);

        }

    } else if ((event_base == IP_EVENT) && (event_id == IP_EVENT_STA_GOT_IP)) {

        s_retry_num = 0;

        xEventGroupSetBits(s_wifi_event_group, WIFI_CONNECTED_BIT);

    } else {

        /* other events ignored */

    }

}


static void wifi_start(void)

{

    s_wifi_event_group = xEventGroupCreate();

    s_retry_num = 0;

    ESP_ERROR_CHECK(esp_netif_init());

    ESP_ERROR_CHECK(esp_event_loop_create_default());

    (void)esp_netif_create_default_wifi_sta();

    wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT();

    ESP_ERROR_CHECK(esp_wifi_init(&cfg));

    esp_event_handler_instance_t h_any;

    esp_event_handler_instance_t h_ip;

    ESP_ERROR_CHECK(esp_event_handler_instance_register(

        WIFI_EVENT, ESP_EVENT_ANY_ID, &wifi_event_handler, NULL, &h_any));

    ESP_ERROR_CHECK(esp_event_handler_instance_register(

        IP_EVENT, IP_EVENT_STA_GOT_IP, &wifi_event_handler, NULL, &h_ip));

    wifi_config_t wifi_cfg;

    (void)memset(&wifi_cfg, 0, sizeof(wifi_cfg));

    (void)strncpy((char *)wifi_cfg.sta.ssid,     WIFI_SSID,

                  sizeof(wifi_cfg.sta.ssid)     - 1U);

    (void)strncpy((char *)wifi_cfg.sta.password, WIFI_PASSWORD,

                  sizeof(wifi_cfg.sta.password) - 1U);

    wifi_cfg.sta.threshold.authmode = WIFI_AUTH_WPA2_PSK;

    ESP_ERROR_CHECK(esp_wifi_set_mode(WIFI_MODE_STA));

    ESP_ERROR_CHECK(esp_wifi_set_config(WIFI_IF_STA, &wifi_cfg));

    ESP_ERROR_CHECK(esp_wifi_start());

    EventBits_t bits = xEventGroupWaitBits(s_wifi_event_group,

                                           WIFI_CONNECTED_BIT | WIFI_FAIL_BIT,

                                           pdFALSE, pdFALSE,

                                           pdMS_TO_TICKS(WIFI_TIMEOUT_MS));

    if ((bits & WIFI_CONNECTED_BIT) != 0U) {

        ESP_LOGI(TAG, "WiFi connected");

    } else {

        ESP_LOGW(TAG, "WiFi connect failed — TRNG entropy may be reduced");

    }

    (void)esp_event_handler_instance_unregister(IP_EVENT, IP_EVENT_STA_GOT_IP, h_ip);

    (void)esp_event_handler_instance_unregister(WIFI_EVENT, ESP_EVENT_ANY_ID, h_any);

    vEventGroupDelete(s_wifi_event_group);

}


static void run_sign_loop(CryptnoxWallet &wallet)

{

    /* Replace with the SHA-256 (or Keccak-256) digest of the real transaction. */

    static const uint8_t TEST_HASH[CW_HASH_SIZE] = {

        0x01U, 0x01U, 0x01U, 0x01U, 0x01U, 0x01U, 0x01U, 0x01U,

        0x01U, 0x01U, 0x01U, 0x01U, 0x01U, 0x01U, 0x01U, 0x01U,

        0x01U, 0x01U, 0x01U, 0x01U, 0x01U, 0x01U, 0x01U, 0x01U,

        0x01U, 0x01U, 0x01U, 0x01U, 0x01U, 0x01U, 0x01U, 0x01U,

    };

    /* Replace with the PIN set on the card (4–9 ASCII digits). */

    static const uint8_t DEMO_PIN[CW_MAX_PIN_LENGTH] = {

        '0', '0', '0', '0', '0', '0', '0', '0', '0'

    };


    bool keep_running = true;

    while (keep_running) {

        CW_SecureSession session{};

        bool connected = wallet.connect(session);


        if (!connected) {

            ESP_LOGW(TAG, "Card not detected");

        }


        if (connected) {

            CW_SignRequest req(session,

                               CW_SIGN_CURR_K1,

                               CW_SIGN_SIG_ECDSA_LOW_S,

                               CW_SIGN_WITH_PIN);

            req.hash       = TEST_HASH;

            req.hashLength = static_cast<uint8_t>(CW_HASH_SIZE);

            (void)CW_Utils::safe_memcpy(req.pin, sizeof(req.pin),

                                        DEMO_PIN, CW_MAX_PIN_LENGTH);


            CW_SignResult result = wallet.sign(req);


            if (result.errorCode == CW_OK) {

                ESP_LOGI(TAG, "Sign OK - r:");

                ESP_LOG_BUFFER_HEX_LEVEL(TAG, &result.signature[CW_SIG_R_OFFSET],

                                         CW_HASH_SIZE, ESP_LOG_INFO);

                ESP_LOGI(TAG, "s:");

                ESP_LOG_BUFFER_HEX_LEVEL(TAG, &result.signature[CW_SIG_S_OFFSET],

                                         CW_HASH_SIZE, ESP_LOG_INFO);

            } else if (result.errorCode == CW_SIGN_PIN_INCORRECT) {

                /* CRITICAL: do NOT retry — each wrong PIN decrements the card's

                 * retry counter. Reaching 0 permanently blocks the PIN.

                 * Fix DEMO_PIN before flashing again. */

                ESP_LOGE(TAG, "Wrong PIN — halting to protect retry counter");

                keep_running = false;

            } else {

                ESP_LOGE(TAG, "Sign failed: 0x%02X",

                         static_cast<unsigned int>(result.errorCode));

            }

        }


        wallet.disconnect(session);


        if (keep_running) {

            vTaskDelay(pdMS_TO_TICKS(LOOP_DELAY_MS));

        }

    }


    while (true) {

        vTaskDelay(pdMS_TO_TICKS(LOOP_DELAY_MS));

    }

}


extern "C" void app_main(void)

{

    esp_err_t nvs_ret = nvs_flash_init();

    if ((nvs_ret == ESP_ERR_NVS_NO_FREE_PAGES) ||

        (nvs_ret == ESP_ERR_NVS_NEW_VERSION_FOUND)) {

        ESP_ERROR_CHECK(nvs_flash_erase());

        nvs_ret = nvs_flash_init();

    }

    ESP_ERROR_CHECK(nvs_ret);

    wifi_start();


    spi_bus_config_t buscfg = {};

    buscfg.mosi_io_num     = SPI_MOSI;

    buscfg.miso_io_num     = SPI_MISO;

    buscfg.sclk_io_num     = SPI_SCLK;

    buscfg.quadwp_io_num   = SPI_PIN_UNUSED;

    buscfg.quadhd_io_num   = SPI_PIN_UNUSED;

    buscfg.max_transfer_sz = SPI_MAX_TRANSFER_SZ;

    ESP_ERROR_CHECK(spi_bus_initialize(SPI2_HOST, &buscfg, SPI_DMA_CH_AUTO));


    pn532_t nfc = {};

    pn532_config_t nfc_cfg = {};

    nfc_cfg.spi_host      = SPI2_HOST;

    nfc_cfg.pin_cs        = NFC_CS;

    nfc_cfg.skip_bus_init = true;

    esp_err_t nfc_ret = pn532_init(&nfc, &nfc_cfg);


    if (nfc_ret == ESP_OK) {

        ESP32Logger logger;

        (void)logger.begin(115200UL);


        ESP32CryptoProvider cryptoProvider;

        ESP32Platform platform;

        Pn532NfcTransport nfcTransport(&nfc, logger);

        CryptnoxWallet wallet(nfcTransport, logger, cryptoProvider, platform);


        if (wallet.begin()) {

            run_sign_loop(wallet);

        } else {

            ESP_LOGE(TAG, "Wallet init failed");

        }

    } else {

        ESP_LOGE(TAG, "PN532 init failed");

    }

}


WIFI_SSID
#define WIFI_SSID
Definition config.template.h:12

WIFI_PASSWORD
#define WIFI_PASSWORD
Definition config.template.h:13

NFC_CS
#define NFC_CS
Definition main.cpp:59

app_main
void app_main(void)
ESP-IDF application entry point.
Definition main.cpp:284

s_wifi_event_group
static EventGroupHandle_t s_wifi_event_group
Definition main.cpp:80

SPI_MAX_TRANSFER_SZ
#define SPI_MAX_TRANSFER_SZ
Definition main.cpp:57

WIFI_FAIL_BIT
#define WIFI_FAIL_BIT
Definition main.cpp:78

SPI_MOSI
#define SPI_MOSI
Definition main.cpp:54

SPI_PIN_UNUSED
#define SPI_PIN_UNUSED
Definition main.cpp:58

LOOP_DELAY_MS
static const uint32_t LOOP_DELAY_MS
Definition main.cpp:73

SPI_MISO
#define SPI_MISO
Definition main.cpp:55

wifi_event_handler
static void wifi_event_handler(void *arg, esp_event_base_t event_base, int32_t event_id, void *event_data)
FreeRTOS event handler driving the Wi-Fi station state machine.
Definition main.cpp:95

WIFI_CONNECTED_BIT
#define WIFI_CONNECTED_BIT
Definition main.cpp:77

s_retry_num
static int s_retry_num
Definition main.cpp:81

SPI_SCLK
#define SPI_SCLK
Definition main.cpp:56

wifi_start
static void wifi_start(void)
Initialise Wi-Fi station mode and block until connected or timeout.
Definition main.cpp:130

ESP32Logger.h
CW_Logger implementation that writes to ESP32 UART0 via printf.

ESP32Platform.h
CW_Platform implementation for ESP32 using FreeRTOS.

Pn532NfcTransport.h
CW_NfcTransport adapter wrapping the ESP-IDF PN532 NFC driver.

run_sign_loop
static void run_sign_loop(CryptnoxWallet &wallet)
Main application loop: connect, sign a test hash, and disconnect.
Definition main.cpp:169

ESP32CryptoProvider
CW_CryptoProvider backed by mbedTLS and the ESP32 hardware TRNG.
Definition esp32_crypto_provider.h:62

ESP32Logger
CW_Logger backed by ESP32 UART0.
Definition ESP32Logger.h:48

ESP32Logger::begin
bool begin(unsigned long baudRate=115200UL) override
Initialise UART0 at the given baud rate.
Definition ESP32Logger.cpp:95

ESP32Platform
CW_Platform backed by FreeRTOS vTaskDelay.
Definition ESP32Platform.h:38

Pn532NfcTransport
CW_NfcTransport implementation backed by the ESP-IDF PN532 driver.
Definition Pn532NfcTransport.h:80

esp32_crypto_provider.h
CW_CryptoProvider implementation for ESP32 using mbedTLS and the hardware TRNG.

TAG
static const char *const TAG
Definition esp32_random.cpp:14

WIFI_TIMEOUT_MS
#define WIFI_TIMEOUT_MS
Definition eth_rpc.cpp:28

WIFI_MAX_RETRY
#define WIFI_MAX_RETRY
Definition eth_rpc.cpp:27

pn532_init
esp_err_t pn532_init(pn532_t *dev, const pn532_config_t *config)
Initialise the PN532 and bring it to a ready state.
Definition pn532.c:657

pn532.h
Low-level PN532 NFC controller driver for ESP-IDF (SPI and I²C).

pn532_config_t
Compile-time configuration passed to pn532_init.
Definition pn532.h:111

pn532_config_t::spi_host
spi_host_device_t spi_host
Definition pn532.h:115

pn532_config_t::pin_cs
int pin_cs
Definition pn532.h:119

pn532_config_t::skip_bus_init
bool skip_bus_init
Definition pn532.h:120

pn532_t
Opaque-like runtime state for a single PN532 instance.
Definition pn532.h:141