From ae60c3091937cfeb6eaa519c1d3b736d2f4e6f83 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mario=20H=C3=BCttel?= Date: Sun, 3 Oct 2021 19:27:41 +0200 Subject: [PATCH] Implement SHA256 update file checking --- stm-firmware/CMakeLists.txt | 10 ++++- stm-firmware/updater/ram-code/itoa.c | 4 +- stm-firmware/updater/ram-code/main.c | 55 ++++++++++++++++++++++++++-- 3 files changed, 62 insertions(+), 7 deletions(-) diff --git a/stm-firmware/CMakeLists.txt b/stm-firmware/CMakeLists.txt index 31573fe..13dc1e2 100644 --- a/stm-firmware/CMakeLists.txt +++ b/stm-firmware/CMakeLists.txt @@ -136,8 +136,14 @@ add_custom_command( ) set(HEX_PATH "${CMAKE_CURRENT_BINARY_DIR}/${HEXFILE}") -add_custom_target(update-image ALL DEPENDS ${HEX_PATH}) +add_custom_target(update-image ALL DEPENDS ${HEX_PATH} "${HEX_PATH}.sha") add_custom_command( DEPENDS ${ELFFILE} OUTPUT ${HEX_PATH} - COMMAND ${CMAKE_OBJCOPY} -O ihex ${ELFFILE} ${HEX_PATH}) + COMMAND ${CMAKE_OBJCOPY} -O ihex ${ELFFILE} ${HEX_PATH} + ) +add_custom_command( + DEPENDS ${HEX_PATH} + OUTPUT "${HEX_PATH}.sha" + COMMAND sha256sum "${HEX_PATH}" | cut -d " " -f 1 > "${HEX_PATH}.sha" + ) diff --git a/stm-firmware/updater/ram-code/itoa.c b/stm-firmware/updater/ram-code/itoa.c index e645dd9..f952492 100644 --- a/stm-firmware/updater/ram-code/itoa.c +++ b/stm-firmware/updater/ram-code/itoa.c @@ -79,8 +79,8 @@ uint32_t bytes_to_hex_string(uint8_t *input, uint32_t count, char *output_buffer for (idx = 0; idx < count; idx++) { b = input[idx]; - output_buffer[idx] = num_to_hex_digit(b >> 4, capitalized); - output_buffer[idx+1] = num_to_hex_digit(b & 0xF, capitalized); + output_buffer[2*idx] = num_to_hex_digit(b >> 4, capitalized); + output_buffer[2*idx+1] = num_to_hex_digit(b & 0xF, capitalized); } return 0; diff --git a/stm-firmware/updater/ram-code/main.c b/stm-firmware/updater/ram-code/main.c index 12cabd8..a243b05 100644 --- a/stm-firmware/updater/ram-code/main.c +++ b/stm-firmware/updater/ram-code/main.c @@ -241,19 +241,47 @@ ret_noact: return ret; } +static int read_file_content(const char *fname, char *dest, size_t count) +{ + FIL f; + FRESULT fres; + UINT act_read; + int ret = 0; + + fres = f_open(&f, fname, FA_READ); + if (fres != FR_OK) { + return -1; + } + + fres = f_read(&f, dest, (UINT)count, &act_read); + if (fres != FR_OK) { + ret = -2; + goto exit_close_file; + } + + ret = (int)act_read; + +exit_close_file: + (void)f_close(&f); + return ret; +} + int ram_code_main(void) { FRESULT fres; int res; enum safety_memory_state safety_mem_state; static char filename[256]; + static char hash_file_name[256]; static char tmp_buff[256]; + static char sha_string[SIZE_OF_SHA_256_HASH*2+2]; uint32_t count; uint32_t update_size; int retries = 3; uint8_t sha_hash[SIZE_OF_SHA_256_HASH]; + SysTick_Config(168000UL); external_watchdog_disable(); __enable_irq(); @@ -289,12 +317,33 @@ int ram_code_main(void) } uart_send_string("SHA256: "); - bytes_to_hex_string(sha_hash, SIZE_OF_SHA_256_HASH, tmp_buff, false); - tmp_buff[SIZE_OF_SHA_256_HASH] = 0; - uart_send_string(tmp_buff); + bytes_to_hex_string(sha_hash, SIZE_OF_SHA_256_HASH, sha_string, false); + sha_string[SIZE_OF_SHA_256_HASH*2] = 0; + uart_send_string(sha_string); uart_send_string("\r\n"); + + strncpy(hash_file_name, filename, sizeof(hash_file_name)); + strcat(hash_file_name, ".sha"); + res = read_file_content(hash_file_name, tmp_buff, sizeof(tmp_buff)-1); + if (res < 0) { + uart_send_string("Error reading expected hash. Is the file present?\r\n"); + ram_code_exit(false); + } else if (res >= SIZE_OF_SHA_256_HASH*2) { + tmp_buff[res] = 0; + uart_send_string("Expected sha: "); + uart_send_string(tmp_buff); + uart_send_string("\r\n"); + if (strncmp(sha_string, tmp_buff, SIZE_OF_SHA_256_HASH*2) != 0) { + uart_send_string("SHA sums don't match!\r\n"); + ram_code_exit(false); + } + } else { + uart_send_string("Expected hash has wrong length!\r\n"); + ram_code_exit(false); + } + uart_send_string("Checking hex file "); uart_send_string(filename); uart_send_string("\r\n");