rboot: Add cryptographic digest support for OTA images & SHA256 example

This commit is contained in:
Angus Gratton 2016-03-23 19:44:27 +11:00
parent 03559de5cb
commit 53b2b50241
5 changed files with 88 additions and 6 deletions

View file

@ -1,5 +1,5 @@
PROGRAM=ota_basic
OTA=1
EXTRA_COMPONENTS=extras/rboot-ota
EXTRA_COMPONENTS=extras/rboot-ota extras/mbedtls
include ../../common.mk

View file

@ -6,12 +6,14 @@
*
* NOT SUITABLE TO PUT ON THE INTERNET OR INTO A PRODUCTION ENVIRONMENT!!!!
*/
#include <string.h>
#include "espressif/esp_common.h"
#include "esp/uart.h"
#include "FreeRTOS.h"
#include "task.h"
#include "esp8266.h"
#include "ssid_config.h"
#include "mbedtls/sha256.h"
#include "ota-tftp.h"
#include "rboot.h"
@ -21,6 +23,9 @@
#define TFTP_IMAGE_FILENAME1 "firmware1.bin"
#define TFTP_IMAGE_FILENAME2 "firmware2.bin"
/* Output of the command 'sha256sum firmware1.bin' */
static const char *FIRMWARE1_SHA256 = "88199daff8b9e76975f685ec7f95bc1df3c61bd942a33a54a40707d2a41e5488";
void tftp_client_task(void *pvParameters)
{
printf("TFTP client task starting...\n");
@ -43,9 +48,43 @@ void tftp_client_task(void *pvParameters)
int res = ota_tftp_download(TFTP_IMAGE_SERVER, TFTP_PORT, TFTP_IMAGE_FILENAME1, 1000, slot);
printf("ota_tftp_download %s result %d\n", TFTP_IMAGE_FILENAME1, res);
if(res == 0) {
printf("Rebooting into slot %d...\n", slot);
rboot_set_current_rom(slot);
sdk_system_restart();
printf("Looks valid, calculating SHA256...\n");
uint32_t length;
bool valid = rboot_verify_image(conf.roms[slot], &length, NULL);
static mbedtls_sha256_context ctx;
mbedtls_sha256_init(&ctx);
mbedtls_sha256_starts(&ctx, 0);
valid = valid && rboot_digest_image(conf.roms[slot], length, (rboot_digest_update_fn)mbedtls_sha256_update, &ctx);
static uint8_t hash_result[32];
mbedtls_sha256_finish(&ctx, hash_result);
mbedtls_sha256_free(&ctx);
if(!valid)
{
printf("Not valid after all :(\n");
}
else
{
printf("Image SHA256 = ");
bool valid = true;
for(int i = 0; i < sizeof(hash_result); i++) {
char hexbuf[3];
snprintf(hexbuf, 3, "%02x", hash_result[i]);
printf(hexbuf);
if(strncmp(hexbuf, FIRMWARE1_SHA256+i*2, 2))
valid = false;
}
printf("\n");
if (valid) {
printf("SHA256 Matches. Rebooting into slot %d...\n", slot);
rboot_set_current_rom(slot);
sdk_system_restart();
}
else {
printf("Downloaded image SHA256 didn't match expected '%s'\n", FIRMWARE1_SHA256);
}
}
}
vTaskDelay(5000 / portTICK_RATE_MS);
@ -77,5 +116,5 @@ void user_init(void)
sdk_wifi_station_set_config(&config);
ota_tftp_init_server(TFTP_PORT);
xTaskCreate(&tftp_client_task, (signed char *)"tftp_client", 1024, NULL, 2, NULL);
xTaskCreate(&tftp_client_task, (signed char *)"tftp_client", 2048, NULL, 2, NULL);
}

View file

@ -369,7 +369,9 @@ static err_t tftp_receive_data(struct netconn *nc, size_t write_offs, size_t lim
it so the client gets an indication if things were successful.
*/
const char *err = "Unknown validation error";
if(!rboot_verify_image(start_offs, *received_len, &err)) {
uint32_t image_length;
if(!rboot_verify_image(start_offs, &image_length, &err)
|| image_length != *received_len) {
tftp_send_error(nc, TFTP_ERR_ILLEGAL, err);
return ERR_VAL;
}

View file

@ -355,6 +355,20 @@ bool rboot_verify_image(uint32_t initial_offset, uint32_t *image_length, const c
return false;
}
bool rboot_digest_image(uint32_t offset, uint32_t image_length, rboot_digest_update_fn update_fn, void *update_ctx)
{
uint8_t buf[32] __attribute__((aligned(4)));
for(int i = 0; i < image_length; i += sizeof(buf)) {
if(sdk_spi_flash_read(offset+i, buf, sizeof(buf)))
return false;
uint32_t digest_len = sizeof(buf);
if(i + digest_len > image_length)
digest_len = image_length - i;
update_fn(update_ctx, buf, digest_len);
}
return true;
}
#ifdef __cplusplus
}
#endif

View file

@ -144,6 +144,33 @@ uint32_t rboot_get_slot_offset(uint8_t slot);
**/
bool rboot_verify_image(uint32_t offset, uint32_t *image_length, const char **error_message);
/* @description Digest callback prototype, designed to be compatible with
mbedtls digest functions (SHA, MD5, etc.)
See the ota_basic example to see an example of calculating the
SHA256 digest of an OTA image.
*/
typedef void (*rboot_digest_update_fn)(void * ctx, void *data, size_t data_len);
/** @description Calculate a digest over the image at the offset specified
@note This function is actually a generic function that hashes SPI
flash contents, doesn't know anything about rboot image format. Use
rboot_verify_image to ensure a well-formed OTA image.
@param offset - Starting offset of image to hash (should be 4 byte aligned.)
@param image_length - Length of image to hash (should be 4 byte aligned.)
@param update_fn - Function to update digest (see rboot_digest_update_fn for details)
@param update_ctx - Context argument for digest update function.
@return True if digest completes successfully, false if digest function failed part way through
**/
bool rboot_digest_image(uint32_t offset, uint32_t image_length, rboot_digest_update_fn update_fn, void *update_ctx);
#ifdef __cplusplus
}
#endif