diff --git a/Cargo.lock b/Cargo.lock index feb7411..28b48e4 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -563,6 +563,15 @@ dependencies = [ "serde", ] +[[package]] +name = "ed25519" +version = "1.5.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "91cff35c70bba8a626e3185d8cd48cc11b5437e1a5bcd15b9b5fa3c64b6dfee7" +dependencies = [ + "signature", +] + [[package]] name = "either" version = "1.9.0" @@ -599,6 +608,7 @@ dependencies = [ "embassy-sync", "embedded-storage", "embedded-storage-async", + "salty", "signature", ] @@ -784,21 +794,6 @@ dependencies = [ "heapless 0.7.16", ] -[[package]] -name = "embassy-usb" -version = "0.1.0" -source = "git+https://github.com/embassy-rs/embassy#af7c93abba768057f1d3299c7b4f4aa4501b3e56" -dependencies = [ - "defmt", - "embassy-futures", - "embassy-net-driver-channel", - "embassy-sync", - "embassy-usb-driver", - "heapless 0.7.16", - "ssmarshal", - "usbd-hid", -] - [[package]] name = "embassy-usb-driver" version = "0.1.0" @@ -931,12 +926,6 @@ dependencies = [ "log", ] -[[package]] -name = "encode_unicode" -version = "0.3.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a357d28ed41a50f9c765dbfe56cbc04a64e53e5fc58ba79fbc34c10ef3df831f" - [[package]] name = "equivalent" version = "1.0.1" @@ -1761,7 +1750,6 @@ dependencies = [ "const_format", "cortex-m", "cortex-m-rt", - "crc16", "cyw43", "cyw43-pio", "defmt", @@ -1776,12 +1764,10 @@ dependencies = [ "embassy-rp", "embassy-sync", "embassy-time", - "embassy-usb", "embedded-io-async", "embedded-storage", "git-version", "heapless 0.7.16", - "log", "nourl", "panic-probe", "rand", @@ -1866,6 +1852,16 @@ version = "1.0.15" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1ad4cc8da4ef723ed60bced201181d83791ad433213d8c24efffda1eec85d741" +[[package]] +name = "salty" +version = "0.2.0" +source = "git+https://github.com/ycrypto/salty.git?rev=a9f17911a5024698406b75c0fac56ab5ccf6a8c7#a9f17911a5024698406b75c0fac56ab5ccf6a8c7" +dependencies = [ + "ed25519", + "subtle", + "zeroize", +] + [[package]] name = "scopeguard" version = "1.2.0" @@ -1989,16 +1985,6 @@ dependencies = [ "lock_api", ] -[[package]] -name = "ssmarshal" -version = "1.0.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f3e6ad23b128192ed337dfa4f1b8099ced0c2bf30d61e551b65fda5916dbb850" -dependencies = [ - "encode_unicode", - "serde", -] - [[package]] name = "stable_deref_trait" version = "1.2.0" @@ -2144,47 +2130,6 @@ dependencies = [ "subtle", ] -[[package]] -name = "usb-device" -version = "0.2.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1f6cc3adc849b5292b4075fc0d5fdcf2f24866e88e336dd27a8943090a520508" - -[[package]] -name = "usbd-hid" -version = "0.6.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "975bd411f4a939986751ea09992a24fa47c4d25c6ed108d04b4c2999a4fd0132" -dependencies = [ - "serde", - "ssmarshal", - "usb-device", - "usbd-hid-macros", -] - -[[package]] -name = "usbd-hid-descriptors" -version = "0.1.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dcbee8c6735e90894fba04770bc41e11fd3c5256018856e15dc4dd1e6c8a3dd1" -dependencies = [ - "bitfield", -] - -[[package]] -name = "usbd-hid-macros" -version = "0.6.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "261079a9ada015fa1acac7cc73c98559f3a92585e15f508034beccf6a2ab75a2" -dependencies = [ - "byteorder", - "proc-macro2", - "quote", - "serde", - "syn 1.0.109", - "usbd-hid-descriptors", -] - [[package]] name = "vcell" version = "0.1.3" diff --git a/Cargo.toml b/Cargo.toml index 76a046c..9e57078 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -28,14 +28,17 @@ embassy-rp = { version = "0.1", features = [ "critical-section-impl", ] } embassy-boot-rp = { version = "0.1", features = ["nightly", "defmt"] } -embassy-boot = { version = "0.1", features = ["nightly", "defmt"] } +embassy-boot = { version = "0.1", features = [ + "nightly", + "defmt", + "ed25519-salty", +] } embassy-time = { version = "0.1", features = [ "defmt", "unstable-traits", "defmt-timestamp-uptime", "nightly", ] } -embassy-usb = { version = "0.1", features = ["defmt"] } embassy-net = { version = "0.1", features = [ "tcp", "dhcpv4", @@ -54,11 +57,9 @@ cyw43-pio = { git = "https://github.com/embassy-rs/embassy", features = [ "defmt", ] } panic-probe = { version = "0.3", features = ["print-defmt"] } -log = "0.4" static_cell = { version = "1.1", features = ["nightly"] } heapless = { version = "0.7.16", features = ["defmt", "serde"] } embedded-io-async = { version = "0.5", features = ["defmt-03"] } -crc16 = "0.4" dsmr5 = "0.3" rust-mqtt = { version = "0.1.5", features = [ "defmt", @@ -89,7 +90,6 @@ git-version = "0.3.5" embassy-executor = { git = "https://github.com/embassy-rs/embassy" } embassy-rp = { git = "https://github.com/embassy-rs/embassy" } embassy-time = { git = "https://github.com/embassy-rs/embassy" } -embassy-usb = { git = "https://github.com/embassy-rs/embassy" } embassy-net = { git = "https://github.com/embassy-rs/embassy" } embassy-sync = { git = "https://github.com/embassy-rs/embassy" } embassy-futures = { git = "https://github.com/embassy-rs/embassy" } diff --git a/key.pub b/key.pub new file mode 100644 index 0000000..198a298 Binary files /dev/null and b/key.pub differ diff --git a/release.sh b/release.sh new file mode 100755 index 0000000..ba0fac3 --- /dev/null +++ b/release.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +mkdir -p target/firmware +cargo objcopy --release --features=exclude_firmwares -- -O binary target/firmware/firmware +shasum -a 512 -b target/firmware/firmware | dd ibs=128 count=1 | xxd -p -r > target/firmware/checksum +signify -S -m target/firmware/checksum -s ~/Projects/crypt/R0/private/keys/firmware/pico_p1.sec -x target/firmware/checksum.sig +tail -n1 target/firmware/checksum.sig | base64 -d -i | dd ibs=10 skip=1 > target/firmware/signed +cat target/firmware/signed > target/firmware/firmware+signed +cat target/firmware/firmware >> target/firmware/firmware+signed diff --git a/src/main.rs b/src/main.rs index 42a4f86..c2f2127 100644 --- a/src/main.rs +++ b/src/main.rs @@ -53,7 +53,7 @@ use serde::{Deserialize, Serialize}; use static_cell::make_static; use const_format::formatcp; -use defmt::{debug, error, info, warn, Debug2Format}; +use defmt::{debug, error, info, trace, warn, Debug2Format}; use {defmt_rtt as _, panic_probe as _}; @@ -67,6 +67,7 @@ const TOPIC_BASE: &str = formatcp!("pico/{}", ID); const TOPIC_STATUS: &str = formatcp!("{}/status", TOPIC_BASE); const TOPIC_UPDATE: &str = formatcp!("{}/update", TOPIC_BASE); const VERSION: &str = git_version::git_version!(); +const PUBLIC_SIGNING_KEY: &[u8] = include_bytes!("../key.pub"); #[derive(Deserialize)] struct UpdateMessage<'a> { @@ -467,25 +468,34 @@ async fn attempt_update( .await .unwrap(); + // The first 64 bytes of the file contain the signature + let mut signature = [0; 64]; + body.read_exact(&mut signature).await.unwrap(); + + trace!("Signature: {:?}", signature); + let mut buffer = AlignedBuffer([0; 4096]); - let mut offset = 0; + let mut size = 0; while let Ok(read) = body.read(&mut buffer.0).await { if read == 0 { break; } debug!("Writing chunk: {}", read); - writer.write(offset, &buffer.0[..read]).unwrap(); - offset += read as u32; + writer.write(size, &buffer.0[..read]).unwrap(); + size += read as u32; - let status = Status::Writing { progress: offset }.vec(); + let status = Status::Writing { progress: size }.vec(); client .send_message(TOPIC_STATUS, &status, QualityOfService::QoS1, false) .await .unwrap(); } - debug!("Total size: {}", offset); + debug!("Total size: {}", size); - updater.mark_updated().unwrap(); + updater.verify_and_mark_updated(PUBLIC_SIGNING_KEY, &signature, size).unwrap(); + + // Update mqtt message should be send using retain + // TODO: Clear the message let status = Status::UpdateComplete.vec(); client