Automatically include validation in updater

Author: Earle F. Philhower, III

cores/esp8266/Updater.cpp

@@ -6,6 +6,18 @@
 
 //#define DEBUG_UPDATER Serial
 
+#include <Updater_Signing.h>
+#ifndef ARDUINO_SIGNING
+  #define ARDUINO_SIGNING 0
+#endif
+
+#if ARDUINO_SIGNING
+  #include "../../libraries/ESP8266WiFi/src/BearSSLHelpers.h"
+  static BearSSLPublicKey signPubKey(signing_pubkey);
+  static BearSSLHashSHA256 hash;
+  static BearSSLSigningVerifier sign(&signPubKey);
+#endif
+
 extern "C" {
     #include "c_types.h"
     #include "spi_flash.h"
@@ -26,6 +38,9 @@ UpdaterClass::UpdaterClass()
 , _hash(nullptr)
 , _verify(nullptr)
 {
+#if ARDUINO_SIGNING
+  installSignature(&hash, &sign);
+#endif
 }
 
 void UpdaterClass::_reset() {

cores/esp8266/Updater_Signing.h

@@ -0,0 +1,3 @@
+// This file will be overridden when automatic signing is used.
+// By default, no signing.
+#define ARDUINO_SIGNING 0

libraries/ESP8266httpUpdate/examples/httpUpdateSigned/httpUpdateSigned.ino

@@ -18,6 +18,13 @@
 
 ESP8266WiFiMulti WiFiMulti;
 
+#define MANUAL_SIGNING 0
+
+// This example is now configured to use the automated signing support
+// present in the Arduino IDE by having a "private.key" and "public.key"
+// in the sketch folder.  You can also programmatically enable signing
+// using the method shown here.
+
 // This key is taken from the server public certificate in BearSSL examples
 // You should make your own private/public key pair and guard the private
 // key (never upload it to the 8266).
@@ -32,9 +39,11 @@ cuWNgTnDQd6KUzV0E4it2fNG+cHN4kEvofN6gHx8IbOrXwFttlpAH/o7bcfCnUVh
 TQIDAQAB
 -----END PUBLIC KEY-----
 )EOF";
+#if MANUAL_SIGNING
 BearSSLPublicKey *signPubKey = nullptr;
 BearSSLHashSHA256 *hash;
 BearSSLSigningVerifier *sign;
+#endif
 
 void setup() {
 
@@ -54,9 +63,11 @@ void setup() {
   WiFi.mode(WIFI_STA);
   WiFiMulti.addAP("SSID", "PASS");
 
+  #if MANUAL_SIGNING
   signPubKey = new BearSSLPublicKey(pubkey);
   hash = new BearSSLHashSHA256();
   sign = new BearSSLSigningVerifier(signPubKey);
+  #endif
 }
 
 
@@ -66,8 +77,12 @@ void loop() {
 
     WiFiClient client;
 
+    #if MANUAL_SIGNING
     // Ensure all updates are signed appropriately.  W/o this call, all will be accepted.
     Update.installSignature(hash, sign);
+    #endif
+    // If the key files are present in the build directory, signing will be
+    // enabled using them automatically
 
     ESPhttpUpdate.setLedPin(LED_BUILTIN, LOW);
 

libraries/ESP8266httpUpdate/examples/httpUpdateSigned/private.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAu1Pt7yEk/xI+6cozLj5Bu4xV8gXDXcHS0rSJFfl4wBTk4UXp
+aJRaLfR1k0juEEa5LBRZaoA0iLj2e6kfCibONx0VVoWmeqN2HBc3zkA1eqCksI0Q
+Uudzto4KhKHp0odiZ2zo6c/2Tn1zqD/m3OLoSjVTbsJmGuwx8RGMBXozpg/uL0hH
+flihX+HND4Xfw92QXv7SaPBhgvM9xyRxn0/w3J2nNjtuPuVN5vcQkd8ncMexVfy9
+AWp+HSA5AT5N8CJ/EeIsdDMY1US28bUePzj1WIo75bZHKZNFw/iXe2xoPpm74qri
+MNSlW2craFP2K3KYnI28vJeUU6t9I6LS9zt2zQIDAQABAoIBAE5GpuDKb8Qp4qIc
+fMBxAVSWMn+cSuONj0O+bp4BDaTt1ioP5ZVukDQtt0ehLOEePFgf9LEc+1a6Ozy3
+EaJTTs4W2Ai8djE+xqa8SPRlPjOMluSzPUP3NRHuTpTXd3YiXksrZjP1U02+/Cos
+8ZIROtFvcPqSPso3MjMyitjrFFPqEtf1P+UiamjDrMSM72YX4W55kOkiCWCnAOmw
+mGTlXOIqDSTBb1lloKWJfpB3RdnNo2izkU1HMBn7hVi433NUBA22o+RZhDFSZdD4
+3kbkUqXd4p+vc/sh6muJtWS/COSIPFkLzdEYpBdt3XQ4FhlsRtILJaPWXa4OPjR6
+ZoOwMB0CgYEA6OHfIofQiu4+HlTDN5YdyTmtYEYcrtbaQUxuQSEa2mshBphHP8uT
+mYRVl2BzuprFmXZPz+FcjnPnfxqEehljvA3wMjA/PE+nQo9yyOC0N4ulXpkkqHdR
+f+4KZVR7D+hesGe+57OQmvTqYZSHEt/ubjC9wZ90UFonLjsa4zibbrsCgYEAzexn
+XDnThb3ffyBgvprP0IJjgMAEY0pXD++PKPQqPu9JMz68t7roYzkKFCFVOsaWpKxC
+vX9mvYjTBjLpWh+ltIAN+EFz6seIbeSJ0RNybsAXYwT/mFWGHx2tMtlW6DgBu3UD
+J2Yf76n0JaddBkfNMQI00Dl41+MU+AwwTB9fTBcCgYB2+f6Pm6d1cyYVROS/X1g0
+V9011FwPDwFOXwftCka31Ad5YQ71jsIHqk44GjTF3xCYyJMZ917cAGcCzr9jydjk
+WJKgcXm9DEy9ep//9Jzdy+BepgrObrcajriM8E424FaP9VDY+yojoICl/cXMZM9h
+SFGJvDcmXgiqW9PuxhrSxQKBgAMN2oqXoPd+1W3BQS4ShbqF9IvYTThbxebKmsj0
+thuw2NkVuR7Qetnd4rRhui3g/CL9GxBMb22oNdkFsEhR59dBfvOLpPh6dR+MIC8l
+prDV0IL7c/8CZbbYbdUvPAa9rejl12IiNZ8MWj6kuNB7CCQN8FKWR6CMEaeMJrs6
+S+OJAoGAbehNOUwEzmUKkfxf+279kBkgabcQ3NTaeSx0QOnI9KWHFGLYLQk9cMSu
+maQJ1TYpbIoP1njzJ4bI2tynhwEuSMEhh4afP6U5H10NJX4PqSd0Rqc1vSJYcszr
+5mUWil8FfbCBZ8jod2NQ55KYMVY5CphCqaK/s2bw2pvIR3uqJGg=
+-----END RSA PRIVATE KEY-----

libraries/ESP8266httpUpdate/examples/httpUpdateSigned/public.key

@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1Pt7yEk/xI+6cozLj5B
+u4xV8gXDXcHS0rSJFfl4wBTk4UXpaJRaLfR1k0juEEa5LBRZaoA0iLj2e6kfCibO
+Nx0VVoWmeqN2HBc3zkA1eqCksI0QUudzto4KhKHp0odiZ2zo6c/2Tn1zqD/m3OLo
+SjVTbsJmGuwx8RGMBXozpg/uL0hHflihX+HND4Xfw92QXv7SaPBhgvM9xyRxn0/w
+3J2nNjtuPuVN5vcQkd8ncMexVfy9AWp+HSA5AT5N8CJ/EeIsdDMY1US28bUePzj1
+WIo75bZHKZNFw/iXe2xoPpm74qriMNSlW2craFP2K3KYnI28vJeUU6t9I6LS9zt2
+zQIDAQAB
+-----END PUBLIC KEY-----

tools/signing.py

@@ -30,9 +30,9 @@ def main():
                     val += "0x%02x, \n" % ord(i)
                 val = val[:-3]
                 val +="\n};\n"
-                print "Enabling binary signing\n"
+                sys.stderr.write("Enabling binary signing\n")
         except:
-            print "Not enabling binary signing\n"
+            sys.stderr.write("Not enabling binary signing\n")
             val += "#define ARDUINO_SIGNING 0\n"
         with open(args.out, "w") as f:
             f.write(val)
@@ -43,20 +43,20 @@ def main():
             with open(args.bin, "rb") as b:
                 bin = b.read()
                 sha256 = hashlib.sha256(bin)
-                print "Binary SHA256 = " + sha256.hexdigest()
+                sys.stderr.write("Signing SHA256 = " + sha256.hexdigest() + "\n");
                 signcmd = [ 'openssl', 'rsautl', '-sign', '-inkey', args.privatekey ]
                 proc = subprocess.Popen(signcmd, stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=subprocess.PIPE)
                 signout = proc.communicate(input=sha256.digest())[0]
                 with open(args.out, "wb") as out:
                     out.write(bin)
                     out.write(signout)
                     out.write(b'\x00\x01\x00\x00')
-                    print "Signed binary: " + args.out
+                    sys.stderr.write("Signed binary: " + args.out + "\n")
         except:
-            print "Not signing the generated binary\n"
+            sys.stderr.write("Not signing the generated binary\n")
         return 0
     else:
-        print "ERROR: Mode not specified as header or sign\n"
+        sys.stderr.write("ERROR: Mode not specified as header or sign\n")
 
 if __name__ == '__main__':
     sys.exit(main())