8000 Add cryptographically signed update support by earlephilhower · Pull Request #5213 · esp8266/Arduino · GitHub
[go: up one dir, main page]
Skip to content

Add cryptographically signed update support #5213

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 27 commits into from
Dec 3, 2018
Merged

Add cryptographically signed update support #5213

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
27 commits
Select commit Hold shift + click to select a range
71bf243
Add cryptographically signed update support
earlephilhower Oct 6, 2018
ac25877
Add a simple example
earlephilhower Oct 6, 2018
882e546
Make verifier EC/RSA compatible at any bit length
earlephilhower Oct 6, 2018
29d8c63
Make certain hash bits constant
earlephilhower Oct 7, 2018
e33eb7d
Merge branch 'master' into signedupdates
d-a-v Oct 8, 2018
d9ce799
Merge branch 'master' into signedupdates
earlephilhower Oct 8, 2018
5fb8cd5
When update signed, don't do MD5 work or checking
earlephilhower Oct 10, 2018
b9344f6
Add python automatic signing if keys present
Oct 15, 2018
0ae91ae
Automatically include validation in updater
Oct 15, 2018
dd5c2b0 8000
Merge branch 'master' into signedupdates
earlephilhower Oct 26, 2018
68f703e
Merge branch 'master' into signedupdates
earlephilhower Nov 5, 2018
9823290
Add documentation on signing process
Nov 5, 2018
3de43d6
Update documentation formatting
earlephilhower Nov 6, 2018
3f1013e
Merge branch 'master' into signedupdates
earlephilhower Nov 9, 2018
b3b7477
Move to new BearSSL:: namespace for classes
Nov 9, 2018
2b4016e
Merge branch 'master' into signedupdates
earlephilhower Nov 19, 2018
31b22fb
Move 2 strings into PROGMEM
earlephilhower Nov 29, 2018
b3ed528
Merge branch 'master' into signedupdates
earlephilhower Nov 29, 2018
4164bce
Add openssl return code error checking
earlephilhower Nov 29, 2018
5b2a882
Merge branch 'signedupdates' of https://github.com/earlephilhower/Ard…
earlephilhower Nov 29, 2018
e530a8a
Completely silence normal unsigned builds
earlephilhower Nov 29, 2018
5b243e2
Move debug strings to PMEM
earlephilhower Nov 29, 2018
f1eca3f
Merge branch 'master' into signedupdates
earlephilhower Nov 30, 2018
30e9d9b
Fix prebuild numbering, typo in docs
Nov 30, 2018
15ca564
Warn about Windows incompatibility in build and docs
earlephilhower Nov 30, 2018
d61a8ff
Merge branch 'master' into signedupdates
earlephilhower Dec 1, 2018
f9d340c
Merge branch 'master' into signedupdates
devyte Dec 3, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Automatically include validation in updater
  • Loading branch information
Earle F. Philhower, III authored and Earle F. Philhower, III committed Oct 16, 2018
commit 0ae91aebde95628d6ac32cb290de0fd73bb18b18
15 changes: 15 additions & 0 deletions cores/esp8266/Updater.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,18 @@

//#define DEBUG_UPDATER Serial

#include <Updater_Signing.h>
#ifndef ARDUINO_SIGNING
#define ARDUINO_SIGNING 0
#endif

#if ARDUINO_SIGNING
#include "../../libraries/ESP8266WiFi/src/BearSSLHelpers.h"
static BearSSLPublicKey signPubKey(signing_pubkey);
static BearSSLHashSHA256 hash;
static BearSSLSigningVerifier sign(&signPubKey);
#endif

extern "C" {
#include "c_types.h"
#include "spi_flash.h"
Expand All @@ -26,6 +38,9 @@ UpdaterClass::UpdaterClass()
, _hash(nullptr)
, _verify(nullptr)
{
#if ARDUINO_SIGNING
installSignature(&hash, &sign);
#endif
}

void UpdaterClass::_reset() {
Expand Down
3 changes: 3 additions & 0 deletions cores/esp8266/Updater_Signing.h
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
// This file will be overridden when automatic signing is used.
// By default, no signing.
#define ARDUINO_SIGNING 0
15 changes: 15 additions & 0 deletions libraries/ESP8266httpUpdate/examples/httpUpdateSigned/httpUpdateSigned.ino
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,13 @@

ESP8266WiFiMulti WiFiMulti;

#define MANUAL_SIGNING 0

// This example is now configured to use the automated signing support
// present in the Arduino IDE by having a "private.key" and "public.key"
// in the sketch folder. You can also programmatically enable signing
// using the method shown here.

// This key is taken from the server public certificate in BearSSL examples
// You should make your own private/public key pair and guard the private
// key (never upload it to the 8266).
Expand All @@ -32,9 +39,11 @@ cuWNgTnDQd6KUzV0E4it2fNG+cHN4kEvofN6gHx8IbOrXwFttlpAH/o7bcfCnUVh
TQIDAQAB
-----END PUBLIC KEY-----
)EOF";
#if MANUAL_SIGNING
BearSSLPublicKey *signPubKey = nullptr;
BearSSLHashSHA256 *hash;
BearSSLSigningVerifier *sign;
#endif

void setup() {

Expand All @@ -54,9 +63,11 @@ void setup() {
WiFi.mode(WIFI_STA);
WiFiMulti.addAP("SSID", "PASS");

#if MANUAL_SIGNING
signPubKey = new BearSSLPublicKey(pubkey);
hash = new BearSSLHashSHA256();
sign = new BearSSLSigningVerifier(signPubKey);
#endif
}


Expand All @@ -66,8 +77,12 @@ void loop() {

WiFiClient client;

#if MANUAL_SIGNING
// Ensure all updates are signed appropriately. W/o this call, all will be accepted.
Update.installSignature(hash, sign);
#endif
// If the key files are present in the build directory, signing will be
// enabled using them automatically

ESPhttpUpdate.setLedPin(LED_BUILTIN, LOW);

Expand Down
27 changes: 27 additions & 0 deletions libraries/ESP8266httpUpdate/examples/httpUpdateSigned/private.key
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAu1Pt7yEk/xI+6cozLj5Bu4xV8gXDXcHS0rSJFfl4wBTk4UXp
aJRaLfR1k0juEEa5LBRZaoA0iLj2e6kfCibONx0VVoWmeqN2HBc3zkA1eqCksI0Q
Uudzto4KhKHp0odiZ2zo6c/2Tn1zqD/m3OLoSjVTbsJmGuwx8RGMBXozpg/uL0hH
flihX+HND4Xfw92QXv7SaPBhgvM9xyRxn0/w3J2nNjtuPuVN5vcQkd8ncMexVfy9
AWp+HSA5AT5N8CJ/EeIsdDMY1US28bUePzj1WIo75bZHKZNFw/iXe2xoPpm74qri
MNSlW2craFP2K3KYnI28vJeUU6t9I6LS9zt2zQIDAQABAoIBAE5GpuDKb8Qp4qIc
fMBxAVSWMn+cSuONj0O+bp4BDaTt1ioP5ZVukDQtt0ehLOEePFgf9LEc+1a6Ozy3
EaJTTs4W2Ai8djE+xqa8SPRlPjOMluSzPUP3NRHuTpTXd3YiXksrZjP1U02+/Cos
8ZIROtFvcPqSPso3MjMyitjrFFPqEtf1P+UiamjDrMSM72YX4W55kOkiCWCnAOmw
mGTlXOIqDSTBb1lloKWJfpB3RdnNo2izkU1HMBn7hVi433NUBA22o+RZhDFSZdD4
3kbkUqXd4p+vc/sh6muJtWS/COSIPFkLzdEYpBdt3XQ4FhlsRtILJaPWXa4OPjR6
ZoOwMB0CgYEA6OHfIofQiu4+HlTDN5YdyTmtYEYcrtbaQUxuQSEa2mshBphHP8uT
mYRVl2BzuprFmXZPz+FcjnPnfxqEehljvA3wMjA/PE+nQo9yyOC0N4ulXpkkqHdR
f+4KZVR7D+hesGe+57OQmvTqYZSHEt/ubjC9wZ90UFonLjsa4zibbrsCgYEAzexn
XDnThb3ffyBgvprP0IJjgMAEY0pXD++PKPQqPu9JMz68t7roYzkKFCFVOsaWpKxC
vX9mvYjTBjLpWh+ltIAN+EFz6seIbeSJ0RNybsAXYwT/mFWGHx2tMtlW6DgBu3UD
J2Yf76n0JaddBkfNMQI00Dl41+MU+AwwTB9fTBcCgYB2+f6Pm6d1cyYVROS/X1g0
V9011FwPDwFOXwftCka31Ad5YQ71jsIHqk44GjTF3xCYyJMZ917cAGcCzr9jydjk
WJKgcXm9DEy9ep//9Jzdy+BepgrObrcajriM8E424FaP9VDY+yojoICl/cXMZM9h
SFGJvDcmXgiqW9PuxhrSxQKBgAMN2oqXoPd+1W3BQS4ShbqF9IvYTThbxebKmsj0
thuw2NkVuR7Qetnd4rRhui3g/CL9GxBMb22oNdkFsEhR59dBfvOLpPh6dR+MIC8l
prDV0IL7c/8CZbbYbdUvPAa9rejl12IiNZ8MWj6kuNB7CCQN8FKWR6CMEaeMJrs6
S+OJAoGAbehNOUwEzmUKkfxf+279kBkgabcQ3NTaeSx0QOnI9KWHFGLYLQk9cMSu
maQJ1TYpbIoP1njzJ4bI2tynhwEuSMEhh4afP6U5H10NJX4PqSd0Rqc1vSJYcszr
5mUWil8FfbCBZ8jod2NQ55KYMVY5CphCqaK/s2bw2pvIR3uqJGg=
-----END RSA PRIVATE KEY-----
9 changes: 9 additions & 0 deletions libraries/ESP8266httpUpdate/examples/httpUpdateSigned/public.key
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1Pt7yEk/xI+6cozLj5B
u4xV8gXDXcHS0rSJFfl4wBTk4UXpaJRaLfR1k0juEEa5LBRZaoA0iLj2e6kfCibO
Nx0VVoWmeqN2HBc3zkA1eqCksI0QUudzto4KhKHp0odiZ2zo6c/2Tn1zqD/m3OLo
SjVTbsJmGuwx8RGMBXozpg/uL0hHflihX+HND4Xfw92QXv7SaPBhgvM9xyRxn0/w
3J2nNjtuPuVN5vcQkd8ncMexVfy9AWp+HSA5AT5N8CJ/EeIsdDMY1US28bUePzj1
WIo75bZHKZNFw/iXe2xoPpm74qriMNSlW2craFP2K3KYnI28vJeUU6t9I6LS9zt2
zQIDAQAB
-----END PUBLIC KEY-----
12 changes: 6 additions & 6 deletions tools/signing.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,9 +30,9 @@ def main():
val += "0x%02x, \n" % ord(i)
val = val[:-3]
val +="\n};\n"
print "Enabling binary signing\n"
sys.stderr.write("Enabling binary signing\n")
except:
print "Not enabling binary signing\n"
sys.stderr.write("Not enabling binary signing\n")
val += "#define ARDUINO_SIGNING 0\n"
with open(args.out, "w") as f:
f.write(val)
Expand All @@ -43,20 +43,20 @@ def main():
with open(args.bin, "rb") as b:
bin = b.read()
sha256 = hashlib.sha256(bin)
print "Binary SHA256 = " + sha256.hexdigest()
sys.stderr.write("Signing SHA256 = " + sha256.hexdigest() + "\n");
signcmd = [ 'openssl', 'rsautl', '-sign', '-inkey', args.privatekey ]
proc = subprocess.Popen(signcmd, stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=subprocess.PIPE)
signout = proc.communicate(input=sha256.digest())[0]
with open(args.out, "wb") as out:
out.write(bin)
out.write(signout)
out.write(b'\x00\x01\x00\x00')
print "Signed binary: " + args.out
sys.stderr.write("Signed binary: " + args.out + "\n")
except:
print "Not signing the generated binary\n"
sys.stderr.write("Not signing the generated binary\n")
return 0
else:
print "ERROR: Mode not specified as header or sign\n"
sys.stderr.write("ERROR: Mode not specified as header or sign\n")

if __name__ == '__main__':
sys.exit(main())
Expand Down
0