8000 Signed updates by madpilot · Pull Request #3105 · esp8266/Arduino · GitHub
[go: up one dir, main page]
Skip to content

Signed updates #3105

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 15 commits into from
Closed

Signed updates #3105

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
991197c
Adding required axtls libraries. Code compiles. Untested though
madpilot Mar 22, 2017
1546732
Successfully reads bundled certificate and signature size from the flash
madpilot Mar 29, 2017
effbb3f
Succesfully loading the developer certificate from flash
madpilot Apr 1, 2017
0b69fa4
Successfully verifies the developer certificate and decrypts the hash…
madpilot Apr 2, 2017
e5e6747
Allow md5 and sha1 signed certs. Refactored so MD5 hash happens at th…
madpilot Apr 2, 2017
d4e81ed
Successfully parsed binary, verified signature, decrypted hash and ve…
madpilot Apr 2, 2017
60c1b5b
Adding axtls headers from axtls-esp8266 so I can use the binary blob …
madpilot Apr 3, 2017
b819b6c
Adding SDK path to test include path
madpilot Apr 5, 2017
9b880f9
Adding object fiels to gitignore
madpilot Apr 13, 2017
024ef36
Adding static version of libaxtls so the test suite will work. Removi…
madpilot Apr 13, 2017
68da99c
Merge branch 'master' into signed-updates
madpilot Apr 13, 2017
74a9b90
Adding tests/host/bin to gitignore
madpilot Apr 13, 2017
659c291
Merging from esp8266/master
madpilot Jul 13, 2017
84b0005
Saving works a lot better when you actually hit save
madpilot Jul 13, 2017
6616f03
Merge branch 'master' into signed-updates
earlephilhower Oct 4, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Successfully parsed binary, verified signature, decrypted hash and ve… 
…rified it.
  • Loading branch information
@madpilot
madpilot committed Apr 2, 2017
commit d4e81ed070701b4c28365785f738f12110dca8e0
16 changes: 7 additions & 9 deletions cores/esp8266/Updater.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -299,7 +299,7 @@ bool UpdaterClass::end(bool evenIfRemaining){
return res == X509_OK;
}

bool UpdaterClass::_decryptSignature(X509_CTX **ctx, unsigned char **hash) {
bool UpdaterClass::_decryptSignature(X509_CTX **ctx, char **hash) {
size_t num_of_bits = sizeof(uint8_t) * _signatureLen;
uint8_t *sig = (uint8_t *)malloc(num_of_bits + (num_of_bits % 32)); // Round up to the next uint32_t boundary
ESP.flashRead(_signatureStartAddress, (uint32_t *)sig, num_of_bits);
Expand Down Expand Up @@ -330,14 +330,13 @@ bool UpdaterClass::end(bool evenIfRemaining){
DEBUG_UPDATER.printf("Decryption successful.\n");
#endif

(*hash) = (unsigned char *)calloc((MD5_SIZE * 2) + 1, sizeof(unsigned char));
// Fetch the last part of the encrypted string - that is the MD5 hash, and then save the string
// version of it in to the hash pointer.
(*hash) = (char *)calloc((MD5_SIZE * 2) + 1, sizeof(char));
for(int i = 0; i < MD5_SIZE; i++) {
sprintf((char *)(*hash + (i * 2)), "%02x", sig_data[i]);
sprintf(*hash + (i * 2), "%02x", sig_data[len - MD5_SIZE + i]);
}

#ifdef DEBUG_UPDATER
DEBUG_UPDATER.printf("MD5 hash: %s\n", *hash);
#endif

return true;
}

Expand All @@ -352,12 +351,11 @@ bool UpdaterClass::end(bool evenIfRemaining){
return false;
}

unsigned char *hash;
char *hash;
if(!_decryptSignature(&ctx, &hash)) {
return false;
}

DEBUG_UPDATER.printf("Length of hash: %i\n", strlen((const char *)hash));
setMD5((const char *)hash);

return true;
Expand Down
3 changes: 1 addition & 2 deletions cores/esp8266/Updater.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -165,8 +165,7 @@ class UpdaterClass {
CA_CERT_CTX *_ca_ctx;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, i see now why the headers were needed. If you go for the approach with VerificationTraits interface (call it some other way if you like), you will not have to expose these internals to the users, introducing axTLS names into the sketch global namespace.

bool _loadCertificate(X509_CTX **ctx);
bool _verifyCertificate(X509_CTX **ctx);
bool _decryptSignature(X509_CTX **ctx, unsigned char **hash);
bool _compareHash(unsigned char **hash);
bool _decryptSignature(X509_CTX **ctx, char **hash);
bool _decryptMD5();

uint32_t _certificateStartAddress;
Expand Down
0