Dreaded_X/pico_p1
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Compare commits

base: Dreaded_X:df191603dda129317a971591e4609f113559bd02
Branches Tags
Dreaded_X:master
Dreaded_X:v0.0.2 Dreaded_X:v0.0.1
...
compare: Dreaded_X:v0.0.2
Branches Tags
Dreaded_X:master
Dreaded_X:v0.0.2 Dreaded_X:v0.0.1

4 Commits
df191603dd ... v0.0.2

Author SHA1 Message Date
Dreaded_X
eed8db4863 Firmware can now only be downloaded over TLS 2023-09-13 01:51:47 +02:00
Dreaded_X
98b81ae274 Include the wireless firmware in the release builds 2023-09-13 01:51:30 +02:00
Dreaded_X
ef5cb2c876 Added verifying status message 2023-09-13 01:50:57 +02:00
Dreaded_X
8ac6bbc7d8 Updates are now signed 2023-09-08 17:48:02 +02:00
5 changed files with 89 additions and 100 deletions
Expand all files Collapse all files

96
Cargo.lock generated
View File

@@ -563,6 +563,15 @@ dependencies = [
"serde", "serde",
] ]
[[package]]
name = "ed25519"
version = "1.5.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "91cff35c70bba8a626e3185d8cd48cc11b5437e1a5bcd15b9b5fa3c64b6dfee7"
dependencies = [
"signature",
]
[[package]] [[package]]
name = "either" name = "either"
version = "1.9.0" version = "1.9.0"
@@ -599,6 +608,7 @@ dependencies = [
"embassy-sync", "embassy-sync",
"embedded-storage", "embedded-storage",
"embedded-storage-async", "embedded-storage-async",
"salty",
"signature", "signature",
] ]
@@ -784,21 +794,6 @@ dependencies = [
"heapless 0.7.16", "heapless 0.7.16",
] ]
[[package]]
name = "embassy-usb"
version = "0.1.0"
source = "git+https://github.com/embassy-rs/embassy#af7c93abba768057f1d3299c7b4f4aa4501b3e56"
dependencies = [
"defmt",
"embassy-futures",
"embassy-net-driver-channel",
"embassy-sync",
"embassy-usb-driver",
"heapless 0.7.16",
"ssmarshal",
"usbd-hid",
]
[[package]] [[package]]
name = "embassy-usb-driver" name = "embassy-usb-driver"
version = "0.1.0" version = "0.1.0"
@@ -931,12 +926,6 @@ dependencies = [
"log", "log",
] ]
[[package]]
name = "encode_unicode"
version = "0.3.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a357d28ed41a50f9c765dbfe56cbc04a64e53e5fc58ba79fbc34c10ef3df831f"
[[package]] [[package]]
name = "equivalent" name = "equivalent"
version = "1.0.1" version = "1.0.1"
@@ -1761,7 +1750,6 @@ dependencies = [
"const_format", "const_format",
"cortex-m", "cortex-m",
"cortex-m-rt", "cortex-m-rt",
"crc16",
"cyw43", "cyw43",
"cyw43-pio", "cyw43-pio",
"defmt", "defmt",
@@ -1776,12 +1764,11 @@ dependencies = [
"embassy-rp", "embassy-rp",
"embassy-sync", "embassy-sync",
"embassy-time", "embassy-time",
"embassy-usb",
"embedded-io-async", "embedded-io-async",
"embedded-storage", "embedded-storage",
"embedded-tls",
"git-version", "git-version",
"heapless 0.7.16", "heapless 0.7.16",
"log",
"nourl", "nourl",
"panic-probe", "panic-probe",
"rand", "rand",
@@ -1866,6 +1853,16 @@ version = "1.0.15"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1ad4cc8da4ef723ed60bced201181d83791ad433213d8c24efffda1eec85d741" checksum = "1ad4cc8da4ef723ed60bced201181d83791ad433213d8c24efffda1eec85d741"
[[package]]
name = "salty"
version = "0.2.0"
source = "git+https://github.com/ycrypto/salty.git?rev=a9f17911a5024698406b75c0fac56ab5ccf6a8c7#a9f17911a5024698406b75c0fac56ab5ccf6a8c7"
dependencies = [
"ed25519",
"subtle",
"zeroize",
]
[[package]] [[package]]
name = "scopeguard" name = "scopeguard"
version = "1.2.0" version = "1.2.0"
@@ -1989,16 +1986,6 @@ dependencies = [
"lock_api", "lock_api",
] ]
[[package]]
name = "ssmarshal"
version = "1.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f3e6ad23b128192ed337dfa4f1b8099ced0c2bf30d61e551b65fda5916dbb850"
dependencies = [
"encode_unicode",
"serde",
]
[[package]] [[package]]
name = "stable_deref_trait" name = "stable_deref_trait"
version = "1.2.0" version = "1.2.0"
@@ -2144,47 +2131,6 @@ dependencies = [
"subtle", "subtle",
] ]
[[package]]
name = "usb-device"
version = "0.2.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1f6cc3adc849b5292b4075fc0d5fdcf2f24866e88e336dd27a8943090a520508"
[[package]]
name = "usbd-hid"
version = "0.6.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "975bd411f4a939986751ea09992a24fa47c4d25c6ed108d04b4c2999a4fd0132"
dependencies = [
"serde",
"ssmarshal",
"usb-device",
"usbd-hid-macros",
]
[[package]]
name = "usbd-hid-descriptors"
version = "0.1.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "dcbee8c6735e90894fba04770bc41e11fd3c5256018856e15dc4dd1e6c8a3dd1"
dependencies = [
"bitfield",
]
[[package]]
name = "usbd-hid-macros"
version = "0.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "261079a9ada015fa1acac7cc73c98559f3a92585e15f508034beccf6a2ab75a2"
dependencies = [
"byteorder",
"proc-macro2",
"quote",
"serde",
"syn 1.0.109",
"usbd-hid-descriptors",
]
[[package]] [[package]]
name = "vcell" name = "vcell"
version = "0.1.3" version = "0.1.3"

14
Cargo.toml
View File

@@ -28,14 +28,17 @@ embassy-rp = { version = "0.1", features = [
"critical-section-impl", "critical-section-impl",
] } ] }
embassy-boot-rp = { version = "0.1", features = ["nightly", "defmt"] } embassy-boot-rp = { version = "0.1", features = ["nightly", "defmt"] }
embassy-boot = { version = "0.1", features = ["nightly", "defmt"] } embassy-boot = { version = "0.1", features = [
"nightly",
"defmt",
"ed25519-salty",
] }
embassy-time = { version = "0.1", features = [ embassy-time = { version = "0.1", features = [
"defmt", "defmt",
"unstable-traits", "unstable-traits",
"defmt-timestamp-uptime", "defmt-timestamp-uptime",
"nightly", "nightly",
] } ] }
embassy-usb = { version = "0.1", features = ["defmt"] }
embassy-net = { version = "0.1", features = [ embassy-net = { version = "0.1", features = [
"tcp", "tcp",
"dhcpv4", "dhcpv4",
@@ -54,11 +57,9 @@ cyw43-pio = { git = "https://github.com/embassy-rs/embassy", features = [
"defmt", "defmt",
] } ] }
panic-probe = { version = "0.3", features = ["print-defmt"] } panic-probe = { version = "0.3", features = ["print-defmt"] }
log = "0.4"
static_cell = { version = "1.1", features = ["nightly"] } static_cell = { version = "1.1", features = ["nightly"] }
heapless = { version = "0.7.16", features = ["defmt", "serde"] } heapless = { version = "0.7.16", features = ["defmt", "serde"] }
embedded-io-async = { version = "0.5", features = ["defmt-03"] } embedded-io-async = { version = "0.5", features = ["defmt-03"] }
crc16 = "0.4"
dsmr5 = "0.3" dsmr5 = "0.3"
rust-mqtt = { version = "0.1.5", features = [ rust-mqtt = { version = "0.1.5", features = [
"defmt", "defmt",
@@ -84,12 +85,15 @@ reqwless = { version = "0.5.0", features = ["defmt"] }
embedded-storage = "0.3.0" embedded-storage = "0.3.0"
const_format = "0.2.31" const_format = "0.2.31"
git-version = "0.3.5" git-version = "0.3.5"
embedded-tls = { version = "0.15.0", default-features = false, features = [
"async",
"defmt",
] }
[patch.crates-io] [patch.crates-io]
embassy-executor = { git = "https://github.com/embassy-rs/embassy" } embassy-executor = { git = "https://github.com/embassy-rs/embassy" }
embassy-rp = { git = "https://github.com/embassy-rs/embassy" } embassy-rp = { git = "https://github.com/embassy-rs/embassy" }
embassy-time = { git = "https://github.com/embassy-rs/embassy" } embassy-time = { git = "https://github.com/embassy-rs/embassy" }
embassy-usb = { git = "https://github.com/embassy-rs/embassy" }
embassy-net = { git = "https://github.com/embassy-rs/embassy" } embassy-net = { git = "https://github.com/embassy-rs/embassy" }
embassy-sync = { git = "https://github.com/embassy-rs/embassy" } embassy-sync = { git = "https://github.com/embassy-rs/embassy" }
embassy-futures = { git = "https://github.com/embassy-rs/embassy" } embassy-futures = { git = "https://github.com/embassy-rs/embassy" }

BIN
key.pub Normal file
View File

Binary file not shown.

9
release.sh Executable file
View File

@@ -0,0 +1,9 @@
#!/bin/bash
mkdir -p target/firmware
cargo objcopy --release -- -O binary target/firmware/firmware
shasum -a 512 -b target/firmware/firmware | dd ibs=128 count=1 | xxd -p -r > target/firmware/checksum
signify -S -m target/firmware/checksum -s ~/Projects/crypt/R0/private/keys/firmware/pico_p1.sec -x target/firmware/checksum.sig
tail -n1 target/firmware/checksum.sig | base64 -d -i | dd ibs=10 skip=1 > target/firmware/signed
cat target/firmware/signed > target/firmware/firmware+signed
cat target/firmware/firmware >> target/firmware/firmware+signed

70
src/main.rs
View File

@@ -6,6 +6,7 @@ use core::cell::RefCell;
use embassy_boot_rp::{AlignedBuffer, BlockingFirmwareUpdater, FirmwareUpdaterConfig}; use embassy_boot_rp::{AlignedBuffer, BlockingFirmwareUpdater, FirmwareUpdaterConfig};
use embedded_storage::nor_flash::NorFlash; use embedded_storage::nor_flash::NorFlash;
use embedded_tls::{Aes128GcmSha256, NoVerify, TlsConfig, TlsConnection, TlsContext};
use heapless::{String, Vec}; use heapless::{String, Vec};
use rand::{ use rand::{
rngs::{SmallRng, StdRng}, rngs::{SmallRng, StdRng},
@@ -53,7 +54,7 @@ use serde::{Deserialize, Serialize};
use static_cell::make_static; use static_cell::make_static;
use const_format::formatcp; use const_format::formatcp;
use defmt::{debug, error, info, warn, Debug2Format}; use defmt::{debug, error, info, trace, warn, Debug2Format};
use {defmt_rtt as _, panic_probe as _}; use {defmt_rtt as _, panic_probe as _};
@@ -67,6 +68,7 @@ const TOPIC_BASE: &str = formatcp!("pico/{}", ID);
const TOPIC_STATUS: &str = formatcp!("{}/status", TOPIC_BASE); const TOPIC_STATUS: &str = formatcp!("{}/status", TOPIC_BASE);
const TOPIC_UPDATE: &str = formatcp!("{}/update", TOPIC_BASE); const TOPIC_UPDATE: &str = formatcp!("{}/update", TOPIC_BASE);
const VERSION: &str = git_version::git_version!(); const VERSION: &str = git_version::git_version!();
const PUBLIC_SIGNING_KEY: &[u8] = include_bytes!("../key.pub");
#[derive(Deserialize)] #[derive(Deserialize)]
struct UpdateMessage<'a> { struct UpdateMessage<'a> {
@@ -87,6 +89,7 @@ enum Status<'a> {
PreparingUpdate, PreparingUpdate,
Erasing, Erasing,
Writing { progress: u32 }, Writing { progress: u32 },
Verifying,
UpdateComplete, UpdateComplete,
} }
@@ -249,8 +252,7 @@ async fn main(spawner: Spawner) {
// Use the Ring Oscillator of the RP2040 as a source of true randomness to seed the // Use the Ring Oscillator of the RP2040 as a source of true randomness to seed the
// cryptographically secure PRNG // cryptographically secure PRNG
let mut rng_rosc = RoscRng; let mut rng = StdRng::from_rng(&mut RoscRng).unwrap();
let mut rng = StdRng::from_rng(&mut rng_rosc).unwrap();
let stack = make_static!(Stack::new( let stack = make_static!(Stack::new(
net_device, net_device,
@@ -279,7 +281,7 @@ async fn main(spawner: Spawner) {
info!("IP Address: {}", cfg.address.address()); info!("IP Address: {}", cfg.address.address());
let mut rx_buffer = [0; 1024]; let mut rx_buffer = [0; 1024];
let mut tx_buffer = [0; 4096]; let mut tx_buffer = [0; 1024];
let mut socket = TcpSocket::new(stack, &mut rx_buffer, &mut tx_buffer); let mut socket = TcpSocket::new(stack, &mut rx_buffer, &mut tx_buffer);
// socket.set_timeout(Some(Duration::from_secs(10))); // socket.set_timeout(Some(Duration::from_secs(10)));
@@ -299,7 +301,7 @@ async fn main(spawner: Spawner) {
MqttVersion::MQTTv5, MqttVersion::MQTTv5,
// Use fast and simple PRNG to generate packet identifiers, there is no need for this to be // Use fast and simple PRNG to generate packet identifiers, there is no need for this to be
// cryptographically secure // cryptographically secure
SmallRng::from_rng(&mut rng_rosc).unwrap(), SmallRng::from_rng(&mut RoscRng).unwrap(),
); );
config.add_username(env!("MQTT_USERNAME")); config.add_username(env!("MQTT_USERNAME"));
@@ -311,7 +313,7 @@ async fn main(spawner: Spawner) {
config.add_will(TOPIC_STATUS, &msg, true); config.add_will(TOPIC_STATUS, &msg, true);
let mut recv_buffer = [0; 1024]; let mut recv_buffer = [0; 1024];
let mut write_buffer = [0; 4096]; let mut write_buffer = [0; 1024];
let mut client = let mut client =
MqttClient::<_, 5, _>::new(socket, &mut write_buffer, &mut recv_buffer, config); MqttClient::<_, 5, _>::new(socket, &mut write_buffer, &mut recv_buffer, config);
@@ -386,7 +388,7 @@ async fn main(spawner: Spawner) {
let url = message.get_url(); let url = message.get_url();
let url = Url::parse(url.as_str()).unwrap(); let url = Url::parse(url.as_str()).unwrap();
attempt_update(stack, &mut updater, &mut client, url).await; attempt_update(stack, &mut updater, &mut rng, &mut client, url).await;
} }
} }
} }
@@ -410,6 +412,7 @@ const FLASH_SIZE: usize = 2 * 1024 * 1024;
async fn attempt_update<T, const MAX_PROPERTIES: usize, R, F>( async fn attempt_update<T, const MAX_PROPERTIES: usize, R, F>(
stack: &'static Stack<cyw43::NetDriver<'static>>, stack: &'static Stack<cyw43::NetDriver<'static>>,
updater: &mut BlockingFirmwareUpdater<'_, F, F>, updater: &mut BlockingFirmwareUpdater<'_, F, F>,
rng: &mut StdRng,
client: &mut MqttClient<'_, T, MAX_PROPERTIES, R>, client: &mut MqttClient<'_, T, MAX_PROPERTIES, R>,
url: Url<'_>, url: Url<'_>,
) where ) where
@@ -426,23 +429,33 @@ async fn attempt_update<T, const MAX_PROPERTIES: usize, R, F>(
let ip = stack.dns_query(url.host(), DnsQueryType::A).await.unwrap()[0]; let ip = stack.dns_query(url.host(), DnsQueryType::A).await.unwrap()[0];
let mut rx_buffer = [0; 4096 * 2]; let mut rx_buffer = [0; 1024];
let mut tx_buffer = [0; 1024]; let mut tx_buffer = [0; 1024];
let mut socket = TcpSocket::new(stack, &mut rx_buffer, &mut tx_buffer); let mut socket = TcpSocket::new(stack, &mut rx_buffer, &mut tx_buffer);
let addr = (ip, url.port_or_default()); let addr = (ip, url.port_or_default());
debug!("Addr: {}", addr); debug!("Addr: {}", addr);
socket.connect(addr).await.unwrap(); socket.connect(addr).await.unwrap();
debug!("Path: {}", url.path()); let mut read_record_buffer = [0; 16384 * 2];
Request::get(url.path()) let mut write_record_buffer = [0; 16384];
.build() let mut tls: TlsConnection<TcpSocket, Aes128GcmSha256> =
.write(&mut socket) TlsConnection::new(socket, &mut read_record_buffer, &mut write_record_buffer);
tls.open::<_, NoVerify>(TlsContext::new(&TlsConfig::new(), rng))
.await .await
.unwrap(); .unwrap();
let mut headers = [0; 4096]; debug!("Path: {}", url.path());
let resp = Response::read(&mut socket, Method::GET, &mut headers) Request::get(url.path())
.host(url.host())
.build()
.write(&mut tls)
.await
.unwrap();
let mut headers = [0; 1024];
let resp = Response::read(&mut tls, Method::GET, &mut headers)
.await .await
.unwrap(); .unwrap();
@@ -467,25 +480,42 @@ async fn attempt_update<T, const MAX_PROPERTIES: usize, R, F>(
.await .await
.unwrap(); .unwrap();
// The first 64 bytes of the file contain the signature
let mut signature = [0; 64];
body.read_exact(&mut signature).await.unwrap();
trace!("Signature: {:?}", signature);
let mut buffer = AlignedBuffer([0; 4096]); let mut buffer = AlignedBuffer([0; 4096]);
let mut offset = 0; let mut size = 0;
while let Ok(read) = body.read(&mut buffer.0).await { while let Ok(read) = body.read(&mut buffer.0).await {
if read == 0 { if read == 0 {
break; break;
} }
debug!("Writing chunk: {}", read); debug!("Writing chunk: {}", read);
writer.write(offset, &buffer.0[..read]).unwrap(); writer.write(size, &buffer.0[..read]).unwrap();
offset += read as u32; size += read as u32;
let status = Status::Writing { progress: offset }.vec(); let status = Status::Writing { progress: size }.vec();
client client
.send_message(TOPIC_STATUS, &status, QualityOfService::QoS1, false) .send_message(TOPIC_STATUS, &status, QualityOfService::QoS1, false)
.await .await
.unwrap(); .unwrap();
} }
debug!("Total size: {}", offset); debug!("Total size: {}", size);
updater.mark_updated().unwrap(); let status = Status::Verifying.vec();
client
.send_message(TOPIC_STATUS, &status, QualityOfService::QoS1, false)
.await
.unwrap();
updater
.verify_and_mark_updated(PUBLIC_SIGNING_KEY, &signature, size)
.unwrap();
// Update mqtt message should be send using retain
// TODO: Clear the message
let status = Status::UpdateComplete.vec(); let status = Status::UpdateComplete.vec();
client client