add crypto support to ESP

boardesp/.gitignore

@@ -2,3 +2,4 @@ proxy
 *.bin
 esp-open-sdk
 a.out
+cert.h

boardesp/Makefile

@@ -20,11 +20,19 @@ proxy: proxy.o tcp_ota.o
 proxy.o: proxy.c
 
 tcp_ota.o: tcp_ota.c
+	../crypto/getcertheader.py $(CERT).pub > cert.h
+	$(CC) $(CFLAGS) -c $^ -o $@
+
+sha.o: ../crypto/sha.c
+	$(CC) $(CFLAGS) -c $^ -o $@
+
+rsa.o: ../crypto/rsa.c
+	$(CC) $(CFLAGS) -c $^ -o $@
 
 oldflash: proxy-0x00000.bin
 	./tools/esptool.py write_flash 0 proxy-0x00000.bin 0x40000 proxy-0x40000.bin
 
-user1.bin: proxy.o tcp_ota.o st_ota.o elm327.o webserver.o ../crypto/sha.c ../crypto/rsa.c
+user1.bin: proxy.o tcp_ota.o st_ota.o elm327.o webserver.o sha.o rsa.o
 	$(CC) $(CFLAGS) $^ -o a.out -L$(SDK_BASE)/ld -T$(SDK_BASE)/ld/eagle.app.v6.new.1024.app1.ld $(LDLIBS)
 	$(OBJCP) --only-section .text -O binary a.out eagle.app.v6.text.bin
 	$(OBJCP) --only-section .data -O binary a.out eagle.app.v6.data.bin
@@ -34,7 +42,7 @@ user1.bin: proxy.o tcp_ota.o st_ota.o elm327.o webserver.o ../crypto/sha.c ../cr
 	rm -f eagle.app.v6.*.bin
 	../crypto/sign.py eagle.app.flash.bin $@ $(CERT)
 
-user2.bin: proxy.o tcp_ota.o st_ota.o elm327.o webserver.o ../crypto/sha.c ../crypto/rsa.c
+user2.bin: proxy.o tcp_ota.o st_ota.o elm327.o webserver.o sha.o rsa.o
 	$(CC) $(CFLAGS) $^ -o a.out -L$(SDK_BASE)/ld -T$(SDK_BASE)/ld/eagle.app.v6.new.1024.app2.ld $(LDLIBS)
 	$(OBJCP) --only-section .text -O binary a.out eagle.app.v6.text.bin
 	$(OBJCP) --only-section .data -O binary a.out eagle.app.v6.data.bin
@@ -48,4 +56,4 @@ ota: user1.bin user2.bin
 	./tools/tcp_flash.py 192.168.0.10 user1.bin user2.bin
 
 clean:
-	rm -f proxy proxy.o proxy-0x00000.bin proxy-0x40000.bin eagle.app.* user1.bin user2.bin a.out
+	rm -f proxy proxy.o proxy-0x00000.bin proxy-0x40000.bin eagle.app.* user1.bin user2.bin a.out *.o cert.h

boardesp/tcp_ota.c

@@ -20,6 +20,11 @@
 #include "espmissingincludes.h"
 #include "tcp_ota.h"
 
+#include "crypto/rsa.h"
+#include "crypto/sha.h"
+
+#include "cert.h"
+
 #define FIRMWARE_SIZE 503808
 
 // The TCP port used to listen to for connections.
@@ -267,7 +272,7 @@ LOCAL void ICACHE_FLASH_ATTR ota_rx_cb(void *arg, char *data, uint16_t len) {
                     }
 
                     // Find out the starting address for the flash write.
-                    int address;
+                    int address, start_address;
                     uint8_t current = system_upgrade_userbin_check();
                     if (current == UPGRADE_FW_BIN1) {
                         // The next flash, user2.bin, will start after 4KB boot, user1, 16KB user params, 4KB reserved.
@@ -276,6 +281,7 @@ LOCAL void ICACHE_FLASH_ATTR ota_rx_cb(void *arg, char *data, uint16_t len) {
                         // The next flash, user1.bin, will start after 4KB boot.
                         address = 4*1024;
                     }
+                    start_address = address;
                     address += ota_firmware_received - ota_firmware_len;
 
 
@@ -295,19 +301,25 @@ LOCAL void ICACHE_FLASH_ATTR ota_rx_cb(void *arg, char *data, uint16_t len) {
                     }
 
                     if (ota_firmware_received == ota_firmware_size) {
-                        // We've flashed all of the firmware now, reboot into the new firmware.
-                        os_printf("Preparing to update firmware.\n");
-                        espconn_send(conn, "Flash upgrade success. Rebooting in 2s.\r\n", 41);
-                        os_free(ota_firmware);
-                        ota_firmware_size = 0;
-                        ota_firmware_received = 0;
-                        ota_firmware_len = 0;
-                        ota_state = REBOOTING;
-                        system_upgrade_flag_set(UPGRADE_FLAG_FINISH);
-                        os_printf("Scheduling reboot.\n");
-                        os_timer_disarm(&ota_reboot_timer);
-                        os_timer_setfn(&ota_reboot_timer, (os_timer_func_t *)system_upgrade_reboot, NULL);
-                        os_timer_arm(&ota_reboot_timer, 2000, 1);
+                        /*char digest[SHA_DIGEST_SIZE];
+                        SHA_hash(start_address, ota_firmware_size-RSANUMBYTES, digest);
+                        if (!RSA_verify(&rsa_key, start_address+ota_firmware_size-RSANUMBYTES, RSANUMBYTES, digest, SHA_DIGEST_SIZE)) {
+                          espconn_send(conn, "Signature check FAILED. OTA fail.......\r\n", 41);
+                        } else {*/
+                          // We've flashed all of the firmware now, reboot into the new firmware.
+                          os_printf("Preparing to update firmware.\n");
+                          espconn_send(conn, "Signature check truth. Rebooting in 2s.\r\n", 41);
+                          os_free(ota_firmware);
+                          ota_firmware_size = 0;
+                          ota_firmware_received = 0;
+                          ota_firmware_len = 0;
+                          ota_state = REBOOTING;
+                          system_upgrade_flag_set(UPGRADE_FLAG_FINISH);
+                          os_printf("Scheduling reboot.\n");
+                          os_timer_disarm(&ota_reboot_timer);
+                          os_timer_setfn(&ota_reboot_timer, (os_timer_func_t *)system_upgrade_reboot, NULL);
+                          os_timer_arm(&ota_reboot_timer, 2000, 1);
+                        //}
                     }
                 }
                 break;