Merge pull request #2326 from embassy-rs/salty-update

Salty update
This commit is contained in:
Dario Nieuwenhuis 2023-12-19 21:30:32 +00:00 committed by GitHub
commit 97e919ea64
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 24 additions and 35 deletions

View File

@ -26,25 +26,22 @@ features = ["defmt"]
defmt = { version = "0.3", optional = true } defmt = { version = "0.3", optional = true }
digest = "0.10" digest = "0.10"
log = { version = "0.4", optional = true } log = { version = "0.4", optional = true }
ed25519-dalek = { version = "1.0.1", default_features = false, features = ["u32_backend"], optional = true } ed25519-dalek = { version = "2", default_features = false, features = ["digest"], optional = true }
embassy-embedded-hal = { version = "0.1.0", path = "../../embassy-embedded-hal" } embassy-embedded-hal = { version = "0.1.0", path = "../../embassy-embedded-hal" }
embassy-sync = { version = "0.5.0", path = "../../embassy-sync" } embassy-sync = { version = "0.5.0", path = "../../embassy-sync" }
embedded-storage = "0.3.1" embedded-storage = "0.3.1"
embedded-storage-async = { version = "0.4.1" } embedded-storage-async = { version = "0.4.1" }
salty = { git = "https://github.com/ycrypto/salty.git", rev = "a9f17911a5024698406b75c0fac56ab5ccf6a8c7", optional = true } salty = { version = "0.3", optional = true }
signature = { version = "1.6.4", default-features = false } signature = { version = "2.0", default-features = false }
[dev-dependencies] [dev-dependencies]
log = "0.4" log = "0.4"
env_logger = "0.9" env_logger = "0.9"
rand = "0.7" # ed25519-dalek v1.0.1 depends on this exact version rand = "0.8"
futures = { version = "0.3", features = ["executor"] } futures = { version = "0.3", features = ["executor"] }
sha1 = "0.10.5" sha1 = "0.10.5"
critical-section = { version = "1.1.1", features = ["std"] } critical-section = { version = "1.1.1", features = ["std"] }
ed25519-dalek = { version = "2", default_features = false, features = ["std", "rand_core", "digest"] }
[dev-dependencies.ed25519-dalek]
default_features = false
features = ["rand", "std", "u32_backend"]
[features] [features]
ed25519-dalek = ["dep:ed25519-dalek", "_verify"] ed25519-dalek = ["dep:ed25519-dalek", "_verify"]

View File

@ -1,6 +1,6 @@
use digest::typenum::U64; use digest::typenum::U64;
use digest::{FixedOutput, HashMarker, OutputSizeUser, Update}; use digest::{FixedOutput, HashMarker, OutputSizeUser, Update};
use ed25519_dalek::Digest as _; use ed25519_dalek::Digest;
pub struct Sha512(ed25519_dalek::Sha512); pub struct Sha512(ed25519_dalek::Sha512);
@ -12,7 +12,7 @@ impl Default for Sha512 {
impl Update for Sha512 { impl Update for Sha512 {
fn update(&mut self, data: &[u8]) { fn update(&mut self, data: &[u8]) {
self.0.update(data) Digest::update(&mut self.0, data)
} }
} }

View File

@ -79,8 +79,8 @@ impl<'d, DFU: NorFlash, STATE: NorFlash> FirmwareUpdater<'d, DFU, STATE> {
#[cfg(feature = "_verify")] #[cfg(feature = "_verify")]
pub async fn verify_and_mark_updated( pub async fn verify_and_mark_updated(
&mut self, &mut self,
_public_key: &[u8], _public_key: &[u8; 32],
_signature: &[u8], _signature: &[u8; 64],
_update_len: u32, _update_len: u32,
) -> Result<(), FirmwareUpdaterError> { ) -> Result<(), FirmwareUpdaterError> {
assert!(_update_len <= self.dfu.capacity() as u32); assert!(_update_len <= self.dfu.capacity() as u32);
@ -89,14 +89,14 @@ impl<'d, DFU: NorFlash, STATE: NorFlash> FirmwareUpdater<'d, DFU, STATE> {
#[cfg(feature = "ed25519-dalek")] #[cfg(feature = "ed25519-dalek")]
{ {
use ed25519_dalek::{PublicKey, Signature, SignatureError, Verifier}; use ed25519_dalek::{Signature, SignatureError, Verifier, VerifyingKey};
use crate::digest_adapters::ed25519_dalek::Sha512; use crate::digest_adapters::ed25519_dalek::Sha512;
let into_signature_error = |e: SignatureError| FirmwareUpdaterError::Signature(e.into()); let into_signature_error = |e: SignatureError| FirmwareUpdaterError::Signature(e.into());
let public_key = PublicKey::from_bytes(_public_key).map_err(into_signature_error)?; let public_key = VerifyingKey::from_bytes(_public_key).map_err(into_signature_error)?;
let signature = Signature::from_bytes(_signature).map_err(into_signature_error)?; let signature = Signature::from_bytes(_signature);
let mut chunk_buf = [0; 2]; let mut chunk_buf = [0; 2];
let mut message = [0; 64]; let mut message = [0; 64];
@ -106,7 +106,6 @@ impl<'d, DFU: NorFlash, STATE: NorFlash> FirmwareUpdater<'d, DFU, STATE> {
} }
#[cfg(feature = "ed25519-salty")] #[cfg(feature = "ed25519-salty")]
{ {
use salty::constants::{PUBLICKEY_SERIALIZED_LENGTH, SIGNATURE_SERIALIZED_LENGTH};
use salty::{PublicKey, Signature}; use salty::{PublicKey, Signature};
use crate::digest_adapters::salty::Sha512; use crate::digest_adapters::salty::Sha512;
@ -115,10 +114,8 @@ impl<'d, DFU: NorFlash, STATE: NorFlash> FirmwareUpdater<'d, DFU, STATE> {
FirmwareUpdaterError::Signature(signature::Error::default()) FirmwareUpdaterError::Signature(signature::Error::default())
} }
let public_key: [u8; PUBLICKEY_SERIALIZED_LENGTH] = _public_key.try_into().map_err(into_signature_error)?; let public_key = PublicKey::try_from(_public_key).map_err(into_signature_error)?;
let public_key = PublicKey::try_from(&public_key).map_err(into_signature_error)?; let signature = Signature::try_from(_signature).map_err(into_signature_error)?;
let signature: [u8; SIGNATURE_SERIALIZED_LENGTH] = _signature.try_into().map_err(into_signature_error)?;
let signature = Signature::try_from(&signature).map_err(into_signature_error)?;
let mut message = [0; 64]; let mut message = [0; 64];
let mut chunk_buf = [0; 2]; let mut chunk_buf = [0; 2];

View File

@ -86,8 +86,8 @@ impl<'d, DFU: NorFlash, STATE: NorFlash> BlockingFirmwareUpdater<'d, DFU, STATE>
#[cfg(feature = "_verify")] #[cfg(feature = "_verify")]
pub fn verify_and_mark_updated( pub fn verify_and_mark_updated(
&mut self, &mut self,
_public_key: &[u8], _public_key: &[u8; 32],
_signature: &[u8], _signature: &[u8; 64],
_update_len: u32, _update_len: u32,
) -> Result<(), FirmwareUpdaterError> { ) -> Result<(), FirmwareUpdaterError> {
assert!(_update_len <= self.dfu.capacity() as u32); assert!(_update_len <= self.dfu.capacity() as u32);
@ -96,14 +96,14 @@ impl<'d, DFU: NorFlash, STATE: NorFlash> BlockingFirmwareUpdater<'d, DFU, STATE>
#[cfg(feature = "ed25519-dalek")] #[cfg(feature = "ed25519-dalek")]
{ {
use ed25519_dalek::{PublicKey, Signature, SignatureError, Verifier}; use ed25519_dalek::{Signature, SignatureError, Verifier, VerifyingKey};
use crate::digest_adapters::ed25519_dalek::Sha512; use crate::digest_adapters::ed25519_dalek::Sha512;
let into_signature_error = |e: SignatureError| FirmwareUpdaterError::Signature(e.into()); let into_signature_error = |e: SignatureError| FirmwareUpdaterError::Signature(e.into());
let public_key = PublicKey::from_bytes(_public_key).map_err(into_signature_error)?; let public_key = VerifyingKey::from_bytes(_public_key).map_err(into_signature_error)?;
let signature = Signature::from_bytes(_signature).map_err(into_signature_error)?; let signature = Signature::from_bytes(_signature);
let mut message = [0; 64]; let mut message = [0; 64];
let mut chunk_buf = [0; 2]; let mut chunk_buf = [0; 2];
@ -113,7 +113,6 @@ impl<'d, DFU: NorFlash, STATE: NorFlash> BlockingFirmwareUpdater<'d, DFU, STATE>
} }
#[cfg(feature = "ed25519-salty")] #[cfg(feature = "ed25519-salty")]
{ {
use salty::constants::{PUBLICKEY_SERIALIZED_LENGTH, SIGNATURE_SERIALIZED_LENGTH};
use salty::{PublicKey, Signature}; use salty::{PublicKey, Signature};
use crate::digest_adapters::salty::Sha512; use crate::digest_adapters::salty::Sha512;
@ -122,10 +121,8 @@ impl<'d, DFU: NorFlash, STATE: NorFlash> BlockingFirmwareUpdater<'d, DFU, STATE>
FirmwareUpdaterError::Signature(signature::Error::default()) FirmwareUpdaterError::Signature(signature::Error::default())
} }
let public_key: [u8; PUBLICKEY_SERIALIZED_LENGTH] = _public_key.try_into().map_err(into_signature_error)?; let public_key = PublicKey::try_from(_public_key).map_err(into_signature_error)?;
let public_key = PublicKey::try_from(&public_key).map_err(into_signature_error)?; let signature = Signature::try_from(_signature).map_err(into_signature_error)?;
let signature: [u8; SIGNATURE_SERIALIZED_LENGTH] = _signature.try_into().map_err(into_signature_error)?;
let signature = Signature::try_from(&signature).map_err(into_signature_error)?;
let mut message = [0; 64]; let mut message = [0; 64];
let mut chunk_buf = [0; 2]; let mut chunk_buf = [0; 2];

View File

@ -275,21 +275,19 @@ mod tests {
// The following key setup is based on: // The following key setup is based on:
// https://docs.rs/ed25519-dalek/latest/ed25519_dalek/#example // https://docs.rs/ed25519-dalek/latest/ed25519_dalek/#example
use ed25519_dalek::Keypair; use ed25519_dalek::{Digest, Sha512, Signature, Signer, SigningKey, VerifyingKey};
use rand::rngs::OsRng; use rand::rngs::OsRng;
let mut csprng = OsRng {}; let mut csprng = OsRng {};
let keypair: Keypair = Keypair::generate(&mut csprng); let keypair = SigningKey::generate(&mut csprng);
use ed25519_dalek::{Digest, Sha512, Signature, Signer};
let firmware: &[u8] = b"This are bytes that would otherwise be firmware bytes for DFU."; let firmware: &[u8] = b"This are bytes that would otherwise be firmware bytes for DFU.";
let mut digest = Sha512::new(); let mut digest = Sha512::new();
digest.update(&firmware); digest.update(&firmware);
let message = digest.finalize(); let message = digest.finalize();
let signature: Signature = keypair.sign(&message); let signature: Signature = keypair.sign(&message);
use ed25519_dalek::PublicKey; let public_key = keypair.verifying_key();
let public_key: PublicKey = keypair.public;
// Setup flash // Setup flash
let flash = BlockingTestFlash::new(BootLoaderConfig { let flash = BlockingTestFlash::new(BootLoaderConfig {