signed update working

tools/http2udb.py

@@ -16,6 +16,8 @@ from ecdsa import SigningKey, NIST256p
 
 import socket,json,base64,ssl,array,binascii
 
+from sign_firmware import *
+
 httpport = 8080
 udpport = 8111
 
@@ -41,16 +43,7 @@ if __name__ == '__main__':
         print(e)
 
 
-def to_websafe(data):
-    data = data.replace('+','-')
-    data = data.replace('/','_')
-    data = data.replace('=','')
-    return data
 
-def from_websafe(data):
-    data = data.replace('-','+')
-    data = data.replace('_','/')
-    return data + '=='[:(3*len(data)) % 4]
 
 def write(data):
     msg = from_websafe(data)
@@ -81,38 +74,6 @@ def read():
     msg = to_websafe(pkt)
     return msg
 
-def get_firmware_object():
-    sk = SigningKey.from_pem(open("signing_key.pem").read())
-    h = open(HEX_FILE,'r').read()
-    h = base64.b64encode(h.encode())
-    h = to_websafe(h.decode())
-
-    num_pages = 64
-    START = 0x4000
-    END = 2048 * (num_pages - 3) - 4
-
-    ih = IntelHex(HEX_FILE)
-    segs = ih.segments()
-    arr = ih.tobinarray(start = START, size = END-START)
-
-    im_size = END-START
-
-    print('im_size: ', im_size)
-    print('firmware_size: ', len(arr))
-
-    byts = (arr).tobytes() if hasattr(arr,'tobytes') else (arr).tostring()
-    sig = sha256(byts)
-    print('hash', binascii.hexlify(sig))
-    sig = sk.sign_digest(sig)
-
-    print('sig', binascii.hexlify(sig))
-
-    sig = base64.b64encode(sig)
-    sig = to_websafe(sig.decode())
-
-    #msg = {'data': read()}
-    msg = {'firmware': h, 'signature':sig}
-    return msg
 class UDPBridge(BaseHTTPRequestHandler):
     def end_headers (self):
         self.send_header('Access-Control-Allow-Origin', '*')
@@ -147,7 +108,7 @@ class UDPBridge(BaseHTTPRequestHandler):
         self.send_response(200)
         self.send_header('Content-type','text/json')
 
-        msg = get_firmware_object()
+        msg = get_firmware_object("signing_key.pem",HEX_FILE)
 
         self.end_headers()
 
@@ -162,7 +123,7 @@ try:
             certfile='../web/localhost.crt', server_side=True)
 
     print('Saving signed firmware to firmware.json')
-    msg = get_firmware_object()
+    msg = get_firmware_object("signing_key.pem",HEX_FILE)
     wfile = open('firmware.json','wb+')
     wfile.write(json.dumps(msg).encode())
     wfile.close()

tools/sign_firmware.py

@@ -0,0 +1,62 @@
+import sys
+import json,base64,array,binascii
+from hashlib import sha256
+
+from ecdsa import SigningKey, NIST256p
+from intelhex import IntelHex
+
+def to_websafe(data):
+    data = data.replace('+','-')
+    data = data.replace('/','_')
+    data = data.replace('=','')
+    return data
+
+def from_websafe(data):
+    data = data.replace('-','+')
+    data = data.replace('_','/')
+    return data + '=='[:(3*len(data)) % 4]
+
+def get_firmware_object(sk_name, hex_file):
+    sk = SigningKey.from_pem(open(sk_name).read())
+    fw = open(hex_file,'r').read()
+    fw = base64.b64encode(fw.encode())
+    fw = to_websafe(fw.decode())
+
+    START = 0x08008000
+    END = START + 1024 * 186 - 8
+
+    ih = IntelHex(hex_file)
+    segs = ih.segments()
+    arr = ih.tobinarray(start = START, size = END-START)
+
+    im_size = END-START
+
+    print('im_size: ', im_size)
+    print('firmware_size: ', len(arr))
+
+    byts = (arr).tobytes() if hasattr(arr,'tobytes') else (arr).tostring()
+    h = sha256()
+    h.update(byts)
+    sig = binascii.unhexlify(h.hexdigest())
+    print('hash', binascii.hexlify(sig))
+    sig = sk.sign_digest(sig)
+
+    print('sig', binascii.hexlify(sig))
+
+    sig = base64.b64encode(sig)
+    sig = to_websafe(sig.decode())
+
+    #msg = {'data': read()}
+    msg = {'firmware': fw, 'signature':sig}
+    return msg
+
+if __name__ == '__main__':
+    if len(sys.argv) != 4:
+        print('usage: %s <signing-key.pem> <app.hex> <output.json>' % sys.argv[0])
+    msg = get_firmware_object(sys.argv[1],sys.argv[2])
+    print('Saving signed firmware to firmware.json')
+    wfile = open(sys.argv[3],'wb+')
+    wfile.write(json.dumps(msg).encode())
+    wfile.close()
+
+