Skip to content

Use 2nd stack for update signature verification #7149

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Mar 14, 2020
Merged

Use 2nd stack for update signature verification #7149

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
fe02cb3
Use 2nd stack for update signature verification
earlephilhower Mar 11, 2020
32a0a3a
Reset state on any error condition in Updater::end
earlephilhower Mar 11, 2020
9e84878
Merge branch 'master' into safesign
earlephilhower Mar 14, 2020
File filter

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions cores/esp8266/Updater.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
#include "Updater.h"
#include "eboot_command.h"
#include <esp8266_peri.h>
#include "StackThunk.h"

//#define DEBUG_UPDATER Serial

Expand Down Expand Up @@ -40,6 +41,14 @@ UpdaterClass::UpdaterClass()
{
#if ARDUINO_SIGNING
installSignature(&esp8266::updaterSigningHash, &esp8266::updaterSigningVerifier);
stack_thunk_add_ref();
#endif
}

UpdaterClass::~UpdaterClass()
{
#if ARDUINO_SIGNING
stack_thunk_del_ref();
#endif
}

Expand Down Expand Up @@ -263,8 +272,10 @@ bool UpdaterClass::end(bool evenIfRemaining){
#endif
if (!_verify->verify(_hash, (void *)sig, sigLen)) {
_setError(UPDATE_ERROR_SIGN);
free(sig);
return false;
}
free(sig);
#ifdef DEBUG_UPDATER
DEBUG_UPDATER.printf_P(PSTR("[Updater] Signature matches\n"));
#endif
Expand Down
1 change: 1 addition & 0 deletions cores/esp8266/Updater.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,7 @@ class UpdaterClass {
typedef std::function<void(size_t, size_t)> THandlerFunction_Progress;

UpdaterClass();
~UpdaterClass();

/* Optionally add a cryptographic signature verification hash and method */
void installSignature(UpdaterHashClass *hash, UpdaterVerifyClass *verify) { _hash = hash; _verify = verify; }
Expand Down
20 changes: 17 additions & 3 deletions libraries/ESP8266WiFi/src/BearSSLHelpers.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -870,9 +870,9 @@ uint32_t SigningVerifier::length()
}
}

bool SigningVerifier::verify(UpdaterHashClass *hash, const void *signature, uint32_t signatureLen) {
if (!_pubKey || !hash || !signature || signatureLen != length()) return false;

// We need to use the 2nd stack to do a verification, so do the thunk
// directly inside the class function for ease of use.
extern "C" bool SigningVerifier_verify(PublicKey *_pubKey, UpdaterHashClass *hash, const void *signature, uint32_t signatureLen) {
if (_pubKey->isRSA()) {
bool ret;
unsigned char vrf[hash->len()];
Expand All @@ -890,6 +890,20 @@ bool SigningVerifier::verify(UpdaterHashClass *hash, const void *signature, uint
}
};

#if !CORE_MOCK
make_stack_thunk(SigningVerifier_verify);
extern "C" bool thunk_SigningVerifier_verify(PublicKey *_pubKey, UpdaterHashClass *hash, const void *signature, uint32_t signatureLen);
#endif

bool SigningVerifier::verify(UpdaterHashClass *hash, const void *signature, uint32_t signatureLen) {
if (!_pubKey || !hash || !signature || signatureLen != length()) return false;
#if !CORE_MOCK
return thunk_SigningVerifier_verify(_pubKey, hash, signature, signatureLen);
#else
return SigningVerifier_verify(_pubKey, hash, signature, signatureLen);
#endif
}

#if !CORE_MOCK

// Second stack thunked helpers
Expand Down