My OTA image is encrypted by AES 128 and it'is the same bin file what it's running.
Partitions table is:
When I read client data I must to decrypt bytes before writing memory. Data is decrypted successfull.# Name, Type, SubType, Offset, Size, Flags
# Note: if you have increased the bootloader size, make sure to update the offsets to avoid overlap
nvs, data, nvs, 0x9000, 0x4000,
otadata, data, ota, 0xd000, 0x2000,
phy_init, data, phy, 0xf000, 0x1000,
factory, app, factory, 0x10000, 4M,
ota_0, app, ota_0, 0x410000, 4M,
ota_1, app, ota_1, 0x810000, 4M,
storage, data, spiffs, , 0x10000,
( 1740 is a number of last package read by client and has 16 B padding,
first package is reduced by16 B length vector IV. )
Code: Select all
if ( !is_first_package ) {
mbedtls_base64_decode( (unsigned char*)k_out, 16, &o, (const unsigned char*)k, 24 );
mbedtls_aes_init( &aes );
mbedtls_aes_setkey_dec( &aes, (const unsigned char*) k_out, 16 * 8 );
memcpy( iv_out, (const void*)ota_write_data, 16 );
memcpy( out, (const void*)ota_write_data + 16, data_read - 16);
x = mbedtls_aes_crypt_cbc( &aes, MBEDTLS_AES_DECRYPT, data_read - 16, iv_out, out, (unsigned char*)ota_write);
data_to_write = data_read - 16;
}
else if( packages_no == 1740 ){
memcpy( out, (const void*)ota_write_data, BUFFSIZE );
x = mbedtls_aes_crypt_cbc( &aes, MBEDTLS_AES_DECRYPT, data_read, iv_out, out, (unsigned char*)ota_write);
data_to_write = data_read - 16;
} else {
memcpy( out, (const void*)ota_write_data, BUFFSIZE );
x = mbedtls_aes_crypt_cbc( &aes, MBEDTLS_AES_DECRYPT, data_read, iv_out, out, (unsigned char*)ota_write);
data_to_write = data_read;
}
Code: Select all
esp_ota_write( update_handle, ( const void* )ota_write, data_to_write );
This is log from console:
I (1296141) HTTP_CLIENT: HTTP_EVENT_ON_HEADER, key=Content-Length, value=1781616
I (1296151) HTTP_CLIENT: HTTP_EVENT_ON_HEADER, key=Content-Type, value=applicati
on/octet-stream
I (1296161) HTTP_CLIENT: HTTP_EVENT_ON_HEADER, key=Date, value=Tue, 31 May 2022
15:01:18 GMT
I (1296171) HTTP_CLIENT: HTTP_EVENT_ON_HEADER, key=Last-Modified, value=Tue, 31
May 2022 09:08:18 GMT
I (1296181) HTTP_CLIENT: HTTP_EVENT_ON_HEADER, key=Strict-Transport-Security, va
lue=max-age=63072000
I (1296191) HTTP_CLIENT: New firmware version: 1.3.0
I (1296201) HTTP_CLIENT: Running firmware version: 1.3.0
I (1351761) HTTP_CLIENT: Connection closed
I (1351761) HTTP_CLIENT: Total Write binary data length: 1781584
I (1351761) esp_image: segment 0: paddr=00410020 vaddr=3f400020 size=ea278h (959
096) map
I (1352071) esp_image: segment 1: paddr=004fa2a0 vaddr=3ffb0000 size=03cb0h ( 15
536)
I (1352081) esp_image: segment 2: paddr=004fdf58 vaddr=40080000 size=020c0h ( 8
384)
I (1352091) esp_image: segment 3: paddr=00500020 vaddr=400d0020 size=ae5fch (714
236) map
I (1352321) esp_image: segment 4: paddr=005ae624 vaddr=400820c0 size=148e4h ( 84
196)
I (1352351) esp_image: segment 5: paddr=005c2f10 vaddr=50000000 size=00010h (
16)
E (1352351) esp_image: Checksum failed. Calculated 0x5e read 0x71
E (1352351) HTTP_CLIENT: Image validation failed, image is corrupted
E (1352361) HTTP_CLIENT: esp_ota_end failed (ESP_ERR_OTA_VALIDATE_FAILED)!
I (1352371) HTTP_CLIENT: HTTP_EVENT_DISCONNECTED
bin file in Windows has 1,69 MB (bytes: 1 781 584)
Calculated checksum is different every time but read is const
Below is 33 bytes from the read checksum byte. Content checked by hex editor.
Code: Select all
71 e7 29 33 df cf 98 93 90 73 19 65 37 60 d5 88
79 d6 8f cb d6 72 b2 77 c0 9c a7 57 ba 48 ff a8 b2