added signature len

Author: gb88

src/esp32FOTA.cpp

@@ -41,7 +41,6 @@
 #pragma GCC diagnostic ignored "-Wmissing-field-initializers"
 #pragma GCC diagnostic ignored "-Wdeprecated-declarations"
 
-#define FW_SIGNATURE_LENGTH     512
 
 
 static int64_t getHTTPStream( esp32FOTA* fota, int partition );
@@ -181,13 +180,14 @@ void esp32FOTA::setConfig( FOTAConfig_t cfg )
     _cfg.use_device_id = cfg.use_device_id;
     _cfg.root_ca       = cfg.root_ca;
     _cfg.pub_key       = cfg.pub_key;
+    _cfg.signature_len = cfg.signature_len;
 }
 
 
 void esp32FOTA::printConfig( FOTAConfig_t *cfg )
 {
   if( cfg == nullptr ) cfg = &_cfg;
-  log_d("Name: %s\nManifest URL:%s\nSemantic Version: %d.%d.%d\nCheck Sig: %s\nUnsafe: %s\nUse Device ID: %s\nRootCA: %s\nPubKey: %s\n",
+  log_d("Name: %s\nManifest URL:%s\nSemantic Version: %d.%d.%d\nCheck Sig: %s\nUnsafe: %s\nUse Device ID: %s\nRootCA: %s\nPubKey: %s\nSignatureLen: %d\n",
     cfg->name ? cfg->name : "None",
     cfg->manifest_url ? cfg->manifest_url : "None",
     cfg->sem.ver()->major,
@@ -197,11 +197,17 @@ void esp32FOTA::printConfig( FOTAConfig_t *cfg )
     cfg->unsafe ?"true":"false",
     cfg->use_device_id ?"true":"false",
     cfg->root_ca ?"true":"false",
-    cfg->pub_key ?"true":"false"
+    cfg->pub_key ?"true":"false",
+    cfg->signature_len
   );
 }
 
 
+void esp32FOTA::setSignatureLen( size_t len )
+{
+    _cfg.signature_len = len;
+}
+
 
 void esp32FOTA::setCertFileSystem( fs::FS *cert_filesystem )
 {
@@ -327,7 +333,7 @@ bool esp32FOTA::validate_sig( const esp_partition_t* partition, unsigned char *s
     }
     mbedtls_md_finish( &rsa, hash );
 
-    ret = mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256, hash, mdinfo->size, (unsigned char*)signature, FW_SIGNATURE_LENGTH );
+    ret = mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256, hash, mdinfo->size, (unsigned char*)signature, _cfg.signature_len );
 
     free( hash );
     mbedtls_md_free( &rsa );
@@ -513,11 +519,11 @@ bool esp32FOTA::execOTA( int partition, bool restart_after )
             log_e("Compressed && signed image is not (yet) supported");
             return false;
         }
-        if( updateSize == UPDATE_SIZE_UNKNOWN || updateSize <= FW_SIGNATURE_LENGTH ) {
+        if( updateSize == UPDATE_SIZE_UNKNOWN || updateSize <= _cfg.signature_len ) {
             log_e("Malformed signature+fw combo");
             return false;
         }
-        updateSize -= FW_SIGNATURE_LENGTH;
+        updateSize -= _cfg.signature_len;
     }
 
     // If using compression, the size is implicitely unknown
@@ -541,9 +547,9 @@ bool esp32FOTA::execOTA( int partition, bool restart_after )
         });
     }
 
-    unsigned char signature[FW_SIGNATURE_LENGTH];
+    unsigned char* signature = new unsigned char[_cfg.signature_len];
     if( _cfg.check_sig ) {
-        _stream->readBytes( signature, FW_SIGNATURE_LENGTH );
+        _stream->readBytes( signature, _cfg.signature_len );
     }
 
     log_i("Begin %s OTA. This may take 2 - 5 mins to complete. Things might be quiet for a while.. Patience!", partition==U_FLASH?"Firmware":"Filesystem");
@@ -560,11 +566,13 @@ bool esp32FOTA::execOTA( int partition, bool restart_after )
     } else {
         log_e("Written only : %d/%d Premature end of stream?", written, updateSize);
         F_abort();
+        delete[] signature;
         return false;
     }
 
     if (!F_UpdateEnd()) {
         log_e("An Update Error Occurred. Error #: %s", F_Update.getError());
+        delete[] signature;
         return false;
     }
 
@@ -582,6 +590,7 @@ bool esp32FOTA::execOTA( int partition, bool restart_after )
         if( !_target_partition ) {
             log_e("Can't access partition #%d to check signature!", partition);
             if( onUpdateCheckFail ) onUpdateCheckFail( partition, CHECK_SIG_ERROR_PARTITION_NOT_FOUND );
+            delete[] signature;
             return false;
         }
 
@@ -601,6 +610,7 @@ bool esp32FOTA::execOTA( int partition, bool restart_after )
         }
 
         if( !validate_sig( _target_partition, signature, updateSize ) ) {
+            delete[] signature;
             // erase partition
             esp_partition_erase_range( _target_partition, _target_partition->address, _target_partition->size );
 
@@ -613,6 +623,7 @@ bool esp32FOTA::execOTA( int partition, bool restart_after )
             }
             return false;
         } else {
+            delete[] signature;
             log_d("Signature check successful!");
             if( partition == U_FLASH ) {
                 // Set updated partition as bootable now that it's been verified

src/esp32FOTA.hpp

@@ -147,7 +147,7 @@ extern "C" {
   #define F_writeStream() F_Update.writeStream(*_stream);
 #endif
 
-
+#define FW_SIGNATURE_LENGTH     512
 
 struct SemverClass
 {
@@ -211,6 +211,7 @@ struct FOTAConfig_t
   bool         use_device_id { false };
   CryptoAsset* root_ca { nullptr };
   CryptoAsset* pub_key { nullptr };
+  size_t       signature_len {FW_SIGNATURE_LENGTH};
   FOTAConfig_t() = default;
 };
 
@@ -267,6 +268,9 @@ class esp32FOTA
   // use this to set "Authorization: Basic" or other specific headers to be sent with the queries
   void setExtraHTTPHeader( String name, String value ) { extraHTTPHeaders[name] = value; }
 
+  // set the signature len
+  void setSignatureLen( size_t len );
+
   // /!\ Only use this to change filesystem for **default** RootCA and PubKey paths.
   // Otherwise use setPubKey() and setRootCA()
   void setCertFileSystem( fs::FS *cert_filesystem = nullptr );