[rs-dev] Interop with Arduino / IoT firmware update signing
Dirk-Willem van Gulik
dirkx at webweaving.org
Sat Apr 18 17:29:45 CEST 2020
Some minor joy - got RedWax timestamp/sign interop server nicely compatible with IoT firmware updates for Arduino.
And the lovely thing is that it requires very little change in the core infra tools of Arduino (ESP32, etc) and similar 'Over the Air' configs.
+ from pyasn1.codec.der import encoder
+ import rfc3161ng
+
+ timestamper = rfc3161ng.RemoteTimestamper(tsurl,hashname='sha256',include_tsa_certificate=True)
+ tsr = timestamper(data=firmware, return_tsr=True)
+
+ payload = encoder.encode(tsr) + firmware
Dw
[D][SecureUpdateProcessors.cpp:165] process_header(): Ignoring params: rfc3161=2315 payload=867232
[D][SecureUpdateProcessors.cpp:189] process_header(): RFC 3161 signed payload
[D][SecureUpdateProcessors.cpp:218] process_header(): Processing RFC 3161 signed payload
[D][SecureUpdateProcessors.cpp:233] process_header(): Processed RFC 3161 signed payload
[I][SecureUpdateProcessors.cpp:241] process_header(): Processing payload with SHA256 RFC3161 digest.
[D][SecureUpdateProcessors.cpp:252] process_header(): RFC3161 payload its signature verified (next; check signature, check playload).
[D][SecureUpdateProcessors.cpp:261] process_header(): Signatures in the trust chain:
[D][SecureUpdateProcessors.cpp:265] process_header(): - cert. version : 3
- serial number : 6F:11:B7:D8:55:D2:7D:9A:14:F3:B6:E9:15:2B:60:CA:8C:4B:E2:AA
- issuer name : CN=Redwax Interop Testing Root Certificate Authority 2040, O=Redwax Project
- subject name : CN=Redwax Interop Testing Root Certificate Authority 2040, O=Redwax Project
- issued on : 2020-02-11 16:38:56
- expires on : 2040-02-06 16:38:56
- signed using : RSA with SHA1
- RSA key size : 2048 bits
- basic constraints : CA=true
[D][SecureUpdateProcessors.cpp:268] process_header(): Signatures in the RFC3161 wrapper:
[D][SecureUpdateProcessors.cpp:272] process_header(): - cert. version : 3
- serial number : 05
- issuer name : CN=Redwax Interop Testing Root Certificate Authority 2040, O=Redwax Project
- subject name : C=NL, ST=Zuid-Holland, L=Leiden, O=TimeServices, CN=Redwax Interop Test
- issued on : 2020-02-15 20:51:52
- expires on : 2040-02-10 20:51:52
- signed using : RSA with SHA-256
- RSA key size : 4096 bits
- basic constraints : CA=false
- key usage : Digital Signature
- ext key usage : Time Stamping
[I][SecureUpdateProcessors.cpp:280] process_header(): RFC3161 payload its signature verified (next; check playload).
[D][SecureUpdateProcessors.cpp:290] process_header(): Commencing to payload.
[D][SecureUpdateProcessors.cpp:51] process_header(): Valid magic at start of flash header
[D][SecureUpdateProcessors.cpp:345] process_end(): Finalizing
[D][SecureUpdateProcessors.cpp:361] process_end(): Calculated SHA256 Digest 32:77a622f5e49a6e903818d100c59e9813f87e40d49e9aca634fdb354d8f93
[D][SecureUpdateProcessors.cpp:366] process_end(): Receveived SHA256 Digest 32:77a622f5e49a6e903818d100c59e9813f87e40d49e9aca634fdb354d8f93
[I][SecureUpdateProcessors.cpp:381] process_end(): Payload digest matches signed digest.
[D][SecureUpdater.cpp:400] end(): Reporting an OK back up the chain
[D][SecureArduinoOTA.cpp:558] _runUpdate(): OTA Outer Digest matched.
Firmware accepted; activating & rebooting
More information about the rs-dev
mailing list