From 66e4a11759675dafad06ae8c423a10d1faf7c36e Mon Sep 17 00:00:00 2001 From: irriden Date: Wed, 22 Nov 2023 02:14:47 +0000 Subject: [PATCH] sphinx-key: secure boot adds two layers of signature checks one done by sphinx-key in ota.rs via secp256k1 another done by esp-idf via espsecure.py see docs below: https://docs.espressif.com/projects/esptool/en/latest/esp32c3/espsecure/index.html#remote-signing-using-an-external-hsm https://docs.espressif.com/projects/esp-idf/en/latest/esp32c3/security/secure-boot-v2.html#signed-app-verification-without-hardware-secure-boot https://docs.rs/secp256k1/latest/secp256k1/ --- .gitignore | 5 +++ broker/Cargo.lock | 10 +++--- broker/Cargo.toml | 4 +-- deploy.sh | 57 ++++++----------------------------- factory/sdkconfig.defaults | 3 ++ sphinx-key/Cargo.lock | 12 ++++---- sphinx-key/Cargo.toml | 6 ++-- sphinx-key/sdkconfig.defaults | 3 ++ sphinx-key/src/core/events.rs | 4 +-- sphinx-key/src/ota.rs | 40 ++++++++++++++++++------ sphinx-key/up.sh | 37 +++-------------------- tester/Cargo.lock | 12 ++++---- tester/Cargo.toml | 4 +-- tester/cmd.json | 3 +- tester/ota_cmd.json | 3 +- tester/src/ctrl.rs | 3 +- 16 files changed, 86 insertions(+), 120 deletions(-) diff --git a/.gitignore b/.gitignore index 3e11ee0..c3c3ce1 100644 --- a/.gitignore +++ b/.gitignore @@ -10,3 +10,8 @@ test-flash .env teststore teststore2 +*.pem +*.txt +*.bin +*.md +*.diff diff --git a/broker/Cargo.lock b/broker/Cargo.lock index 0e6e672..bc7b448 100644 --- a/broker/Cargo.lock +++ b/broker/Cargo.lock @@ -1691,7 +1691,7 @@ dependencies = [ [[package]] name = "lss-connector" version = "0.1.0" -source = "git+https://github.com/stakwork/sphinx-rs?rev=db9f902750742c1aa4dc96ebc97f7c0e69b015a5#db9f902750742c1aa4dc96ebc97f7c0e69b015a5" +source = "git+https://github.com/stakwork/sphinx-rs?rev=9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e#9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" dependencies = [ "anyhow", "lightning-storage-server", @@ -2693,7 +2693,7 @@ dependencies = [ [[package]] name = "rmp-utils" version = "0.1.0" -source = "git+https://github.com/stakwork/sphinx-rs?rev=db9f902750742c1aa4dc96ebc97f7c0e69b015a5#db9f902750742c1aa4dc96ebc97f7c0e69b015a5" +source = "git+https://github.com/stakwork/sphinx-rs?rev=9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e#9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" dependencies = [ "anyhow", "log", @@ -3268,7 +3268,7 @@ dependencies = [ [[package]] name = "sphinx-auther" version = "0.1.12" -source = "git+https://github.com/stakwork/sphinx-rs?rev=db9f902750742c1aa4dc96ebc97f7c0e69b015a5#db9f902750742c1aa4dc96ebc97f7c0e69b015a5" +source = "git+https://github.com/stakwork/sphinx-rs?rev=9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e#9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" dependencies = [ "anyhow", "base64 0.21.2", @@ -3280,7 +3280,7 @@ dependencies = [ [[package]] name = "sphinx-glyph" version = "0.1.2" -source = "git+https://github.com/stakwork/sphinx-rs?rev=db9f902750742c1aa4dc96ebc97f7c0e69b015a5#db9f902750742c1aa4dc96ebc97f7c0e69b015a5" +source = "git+https://github.com/stakwork/sphinx-rs?rev=9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e#9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" dependencies = [ "anyhow", "hex", @@ -3326,7 +3326,7 @@ dependencies = [ [[package]] name = "sphinx-signer" version = "0.1.0" -source = "git+https://github.com/stakwork/sphinx-rs?rev=db9f902750742c1aa4dc96ebc97f7c0e69b015a5#db9f902750742c1aa4dc96ebc97f7c0e69b015a5" +source = "git+https://github.com/stakwork/sphinx-rs?rev=9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e#9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" dependencies = [ "anyhow", "bip39", diff --git a/broker/Cargo.toml b/broker/Cargo.toml index 37cb668..35fe1de 100644 --- a/broker/Cargo.toml +++ b/broker/Cargo.toml @@ -39,8 +39,8 @@ vls-proxy = { git = "https://gitlab.com/lightning-signer/validating-li # vls-protocol-client = { path = "../../vls/vls-protocol-client" } # vls-proxy = { path = "../../vls/vls-proxy" } -lss-connector = { git = "https://github.com/stakwork/sphinx-rs", rev = "db9f902750742c1aa4dc96ebc97f7c0e69b015a5" } -sphinx-signer = { git = "https://github.com/stakwork/sphinx-rs", rev = "db9f902750742c1aa4dc96ebc97f7c0e69b015a5" } +lss-connector = { git = "https://github.com/stakwork/sphinx-rs", rev = "9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" } +sphinx-signer = { git = "https://github.com/stakwork/sphinx-rs", rev = "9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" } # lss-connector = { path = "../../sphinx-rs/lss-connector" } # sphinx-signer = { path = "../../sphinx-rs/signer" } diff --git a/deploy.sh b/deploy.sh index 25450ef..2b0967c 100755 --- a/deploy.sh +++ b/deploy.sh @@ -1,15 +1,3 @@ -# MODE=debug -MODE=release - -BIN=sphinx-key - -if [[ $1 = "clear" ]] -then -BIN=clear -fi - -echo "building and flashing $BIN" - check_exists() { command -v "$1" > /dev/null } @@ -49,42 +37,15 @@ then echo "Please set PASS to a password longer than 7 characters." exit 1 fi -for FILE in /dev/tty.* -do - # Check for port on macOS - if check_port $FILE - then - PORT=$FILE - break - fi -done -if [ -z "$PORT" ] -then - # Check for port on linux - if check_port /dev/ttyUSB0 - then - PORT=/dev/ttyUSB0 - fi -fi -if [ -z "$PORT" ] -then - echo "ESP likely not connected! Exiting now." - echo "Make sure the ESP is connected with a data USB cable, and try again." - exit 1 -fi -esptool.py erase_flash && +cargo espflash erase-flash git pull && cd factory && -cargo espflash flash --release --port $PORT && +cargo espflash flash --release && +cargo espflash save-image --release --chip esp32c3 factory.bin && +espsecure.py sign_data factory.bin --version 2 --keyfile ../secure_boot_signing_key.pem && +espflash write-bin 0x10000 factory.bin && cd ../sphinx-key && - -if [ $MODE = "release" ] -then - cargo build --release --bin $BIN -else - cargo build --bin $BIN -fi && - -esptool.py --chip esp32-c3 elf2image target/riscv32imc-esp-espidf/$MODE/$BIN && -esptool.py --chip esp32c3 -b 460800 --before=default_reset --after=hard_reset write_flash --flash_mode dio --flash_freq 40m --flash_size 4MB 0x50000 target/riscv32imc-esp-espidf/$MODE/$BIN.bin && -cargo espflash monitor --port $PORT +cargo espflash save-image --bin sphinx-key --release --chip esp32c3 sphinx-key.bin && +espsecure.py sign_data sphinx-key.bin --version 2 --keyfile ../secure_boot_signing_key.pem && +espflash write-bin 0x50000 sphinx-key.bin && +cargo espflash monitor diff --git a/factory/sdkconfig.defaults b/factory/sdkconfig.defaults index 604fef2..d2ca0ba 100644 --- a/factory/sdkconfig.defaults +++ b/factory/sdkconfig.defaults @@ -11,3 +11,6 @@ CONFIG_FATFS_LFN_STACK=y # Workaround for https://github.com/espressif/esp-idf/issues/7631 #CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n #CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_FULL=n + +CONFIG_SECURE_SIGNED_APPS_NO_SECURE_BOOT=y +CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES=n diff --git a/sphinx-key/Cargo.lock b/sphinx-key/Cargo.lock index 047fe2c..cfaee60 100644 --- a/sphinx-key/Cargo.lock +++ b/sphinx-key/Cargo.lock @@ -1161,7 +1161,7 @@ checksum = "b06a4cde4c0f271a446782e3eff8de789548ce57dbc8eca9292c27f4a42004b4" [[package]] name = "lss-connector" version = "0.1.0" -source = "git+https://github.com/stakwork/sphinx-rs.git?rev=db9f902750742c1aa4dc96ebc97f7c0e69b015a5#db9f902750742c1aa4dc96ebc97f7c0e69b015a5" +source = "git+https://github.com/stakwork/sphinx-rs.git?rev=9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e#9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" dependencies = [ "anyhow", "log", @@ -1530,7 +1530,7 @@ dependencies = [ [[package]] name = "rmp-utils" version = "0.1.0" -source = "git+https://github.com/stakwork/sphinx-rs.git?rev=db9f902750742c1aa4dc96ebc97f7c0e69b015a5#db9f902750742c1aa4dc96ebc97f7c0e69b015a5" +source = "git+https://github.com/stakwork/sphinx-rs.git?rev=9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e#9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" dependencies = [ "anyhow", "log", @@ -1728,7 +1728,7 @@ dependencies = [ [[package]] name = "sphinx-auther" version = "0.1.12" -source = "git+https://github.com/stakwork/sphinx-rs.git?rev=db9f902750742c1aa4dc96ebc97f7c0e69b015a5#db9f902750742c1aa4dc96ebc97f7c0e69b015a5" +source = "git+https://github.com/stakwork/sphinx-rs.git?rev=9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e#9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" dependencies = [ "anyhow", "base64", @@ -1740,7 +1740,7 @@ dependencies = [ [[package]] name = "sphinx-crypter" version = "0.1.0" -source = "git+https://github.com/stakwork/sphinx-rs.git?rev=db9f902750742c1aa4dc96ebc97f7c0e69b015a5#db9f902750742c1aa4dc96ebc97f7c0e69b015a5" +source = "git+https://github.com/stakwork/sphinx-rs.git?rev=9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e#9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" dependencies = [ "anyhow", "chacha20poly1305", @@ -1751,7 +1751,7 @@ dependencies = [ [[package]] name = "sphinx-glyph" version = "0.1.2" -source = "git+https://github.com/stakwork/sphinx-rs.git?rev=db9f902750742c1aa4dc96ebc97f7c0e69b015a5#db9f902750742c1aa4dc96ebc97f7c0e69b015a5" +source = "git+https://github.com/stakwork/sphinx-rs.git?rev=9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e#9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" dependencies = [ "anyhow", "hex", @@ -1783,7 +1783,7 @@ dependencies = [ [[package]] name = "sphinx-signer" version = "0.1.0" -source = "git+https://github.com/stakwork/sphinx-rs.git?rev=db9f902750742c1aa4dc96ebc97f7c0e69b015a5#db9f902750742c1aa4dc96ebc97f7c0e69b015a5" +source = "git+https://github.com/stakwork/sphinx-rs.git?rev=9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e#9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" dependencies = [ "anyhow", "bip39", diff --git a/sphinx-key/Cargo.toml b/sphinx-key/Cargo.toml index 942342f..a7e2223 100644 --- a/sphinx-key/Cargo.toml +++ b/sphinx-key/Cargo.toml @@ -21,9 +21,9 @@ serde_urlencoded = "0.7.1" url = "2" # sphinx-rs -lss-connector = { git = "https://github.com/stakwork/sphinx-rs.git", default-features = false, rev = "db9f902750742c1aa4dc96ebc97f7c0e69b015a5" } -sphinx-crypter = { git = "https://github.com/stakwork/sphinx-rs.git", rev = "db9f902750742c1aa4dc96ebc97f7c0e69b015a5" } -sphinx-signer = { git = "https://github.com/stakwork/sphinx-rs.git", optional = true, rev = "db9f902750742c1aa4dc96ebc97f7c0e69b015a5" } +lss-connector = { git = "https://github.com/stakwork/sphinx-rs.git", default-features = false, rev = "9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" } +sphinx-crypter = { git = "https://github.com/stakwork/sphinx-rs.git", rev = "9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" } +sphinx-signer = { git = "https://github.com/stakwork/sphinx-rs.git", optional = true, rev = "9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" } # local # lss-connector = { path = "../../sphinx-rs/lss-connector", default-features = false } # sphinx-crypter = { path = "../../sphinx-rs/crypter" } diff --git a/sphinx-key/sdkconfig.defaults b/sphinx-key/sdkconfig.defaults index 8659b17..32d3e14 100644 --- a/sphinx-key/sdkconfig.defaults +++ b/sphinx-key/sdkconfig.defaults @@ -19,6 +19,9 @@ CONFIG_MBEDTLS_DYNAMIC_BUFFER=y CONFIG_MBEDTLS_DYNAMIC_FREE_CONFIG_DATA=y CONFIG_MBEDTLS_DYNAMIC_FREE_CA_CERT=y +CONFIG_SECURE_SIGNED_APPS_NO_SECURE_BOOT=y +CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES=n + # All these settings below sum to a 60KB reduction in bin size CONFIG_MBEDTLS_HAVE_TIME=n CONFIG_MBEDTLS_ECDSA_DETERMINISTIC=n diff --git a/sphinx-key/src/core/events.rs b/sphinx-key/src/core/events.rs index 1b8f7db..22503c4 100644 --- a/sphinx-key/src/core/events.rs +++ b/sphinx-key/src/core/events.rs @@ -249,7 +249,7 @@ pub fn make_event_loop( let mut bb = ByteBuf::new(); serialize_controlresponse(&mut bb, &res).expect("failed serialize_lssresponse"); mqtt_pub(&mut mqtt, &client_id, topics::CONTROL_RES, bb.as_slice()); - if let ControlResponse::OtaConfirm(params) = res { + if let ControlResponse::OtaConfirm(ref params) = res { if let Err(e) = update_sphinx_key(params) { log::error!("OTA update failed {:?}", e.to_string()); } else { @@ -332,7 +332,7 @@ fn handle_control_response( } } } - ControlMessage::Ota(params) => { + ControlMessage::Ota(ref params) => { if let Err(e) = validate_ota_message(params) { log::error!("OTA update cannot launch {:?}", e.to_string()); control_res = diff --git a/sphinx-key/src/ota.rs b/sphinx-key/src/ota.rs index fb75abb..98b97a0 100644 --- a/sphinx-key/src/ota.rs +++ b/sphinx-key/src/ota.rs @@ -5,14 +5,19 @@ use esp_idf_svc::http::client::FollowRedirectsPolicy::FollowNone; use esp_idf_svc::http::Method; use esp_idf_svc::ota::EspOta; use log::{error, info}; -use sphinx_signer::lightning_signer::bitcoin::hashes::{self, Hash}; +use sphinx_signer::lightning_signer::bitcoin::hashes::{sha256, Hash}; +use sphinx_signer::lightning_signer::bitcoin::secp256k1::{ + schnorr::Signature, Message, PublicKey, Secp256k1, +}; use sphinx_signer::sphinx_glyph::control::OtaParams; use std::fs::{remove_file, File}; use std::io::Write; use std::io::{BufReader, BufWriter}; +use std::str::FromStr; const BUFFER_LEN: usize = 1024; const UPDATE_BIN_PATH: &str = "/sdcard/update.bin"; +const PUBLIC: &str = "039707459d92b1809a9f6f78feebf6f518e7319b851fe474a31d64307b86aaf38a"; fn factory_reset() -> Result<()> { let mut ota = EspOta::new()?; @@ -27,7 +32,7 @@ fn factory_reset() -> Result<()> { } } -fn get_update(params: OtaParams) -> Result<()> { +fn get_update(params: &OtaParams) -> Result<()> { let configuration = Configuration { buffer_size: Some(BUFFER_LEN), buffer_size_tx: Some(BUFFER_LEN / 3), @@ -62,22 +67,34 @@ fn get_update(params: OtaParams) -> Result<()> { Ok(()) } -fn check_integrity(params: OtaParams) -> Result<()> { +fn check_signature(params: &OtaParams) -> Result<()> { + let msg = Message::from_hashed_data::(params.sha256_hash.as_bytes()); + let sig = Signature::from_str(¶ms.schnorr_sig).unwrap(); + let pbk = PublicKey::from_str(PUBLIC).unwrap().x_only_public_key().0; + let secp = Secp256k1::verification_only(); + secp.verify_schnorr(&sig, &msg, &pbk).unwrap(); + Ok(()) +} +fn check_integrity(params: &OtaParams) -> Result<()> { let f = File::open(UPDATE_BIN_PATH)?; let mut reader = BufReader::new(f); - let mut engine = hashes::sha256::HashEngine::default(); + let mut engine = sha256::HashEngine::default(); std::io::copy(&mut reader, &mut engine)?; - let hash = hashes::sha256::Hash::from_engine(engine); + let hash = sha256::Hash::from_engine(engine); if hash.to_string() == params.sha256_hash { Ok(()) } else { - Err(anyhow!("Integrity check failed!")) + Err(anyhow!( + "Integrity check failed! params: {} vs sdcard: {}", + params.sha256_hash, + hash.to_string() + )) } } -pub fn update_sphinx_key(params: OtaParams) -> Result<()> { +pub fn update_sphinx_key(params: &OtaParams) -> Result<()> { info!("Getting the update..."); - get_update(params.clone())?; + get_update(params)?; info!("Update written to sd card, checking integrity..."); check_integrity(params)?; info!("Integrity check passed, performing factory reset..."); @@ -86,7 +103,10 @@ pub fn update_sphinx_key(params: OtaParams) -> Result<()> { Ok(()) } -pub fn validate_ota_message(params: OtaParams) -> Result<()> { +pub fn validate_ota_message(params: &OtaParams) -> Result<()> { + info!("Checking signature..."); + check_signature(params)?; + info!("Good signature, checking url..."); let configuration = Configuration { buffer_size: Some(BUFFER_LEN / 3), buffer_size_tx: Some(BUFFER_LEN / 3), @@ -120,7 +140,7 @@ pub fn validate_ota_message(params: OtaParams) -> Result<()> { } } -fn params_to_url(params: OtaParams) -> String { +fn params_to_url(params: &OtaParams) -> String { let mut url = params.url.clone(); url.push_str(¶ms.version.to_string()); url diff --git a/sphinx-key/up.sh b/sphinx-key/up.sh index 1cf0990..9e9e60e 100755 --- a/sphinx-key/up.sh +++ b/sphinx-key/up.sh @@ -1,5 +1,3 @@ -# MODE=debug -MODE=release check_exists() { command -v "$1" > /dev/null } @@ -39,35 +37,8 @@ then echo "Please set PASS to a password longer than 7 characters." exit 1 fi -for FILE in /dev/tty.* -do - # Check for port on macOS - if check_port $FILE - then - PORT=$FILE - break - fi -done -if [ -z "$PORT" ] -then - # Check for port on linux - if check_port /dev/ttyUSB0 - then - PORT=/dev/ttyUSB0 - fi -fi -if [ -z "$PORT" ] -then - echo "ESP likely not connected! Exiting now." - echo "Make sure the ESP is connected with a data USB cable, and try again." - exit 1 -fi -if [ $MODE = "release" ] -then - cargo build --release --bin sphinx-key -else - cargo build --bin sphinx-key -fi && -esptool.py --chip esp32-c3 elf2image target/riscv32imc-esp-espidf/$MODE/sphinx-key && -esptool.py --chip esp32c3 -b 460800 --before=default_reset --after=hard_reset write_flash --flash_mode dio --flash_freq 40m --flash_size 4MB 0x50000 target/riscv32imc-esp-espidf/$MODE/sphinx-key.bin && +cargo build --release --bin sphinx-key && +cargo espflash save-image --bin sphinx-key --release --chip esp32c3 sphinx-key.bin && +espsecure.py sign_data sphinx-key.bin --version 2 --keyfile ../secure_boot_signing_key.pem && +espflash write-bin 0x50000 sphinx-key.bin && cargo espflash monitor --port $PORT diff --git a/tester/Cargo.lock b/tester/Cargo.lock index 604ec62..269b7a7 100644 --- a/tester/Cargo.lock +++ b/tester/Cargo.lock @@ -1151,7 +1151,7 @@ dependencies = [ [[package]] name = "lss-connector" version = "0.1.0" -source = "git+https://github.com/stakwork/sphinx-rs.git?rev=db9f902750742c1aa4dc96ebc97f7c0e69b015a5#db9f902750742c1aa4dc96ebc97f7c0e69b015a5" +source = "git+https://github.com/stakwork/sphinx-rs.git?rev=9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e#9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" dependencies = [ "anyhow", "log", @@ -1702,7 +1702,7 @@ dependencies = [ [[package]] name = "rmp-utils" version = "0.1.0" -source = "git+https://github.com/stakwork/sphinx-rs.git?rev=db9f902750742c1aa4dc96ebc97f7c0e69b015a5#db9f902750742c1aa4dc96ebc97f7c0e69b015a5" +source = "git+https://github.com/stakwork/sphinx-rs.git?rev=9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e#9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" dependencies = [ "anyhow", "log", @@ -2085,7 +2085,7 @@ dependencies = [ [[package]] name = "sphinx-auther" version = "0.1.12" -source = "git+https://github.com/stakwork/sphinx-rs.git?rev=db9f902750742c1aa4dc96ebc97f7c0e69b015a5#db9f902750742c1aa4dc96ebc97f7c0e69b015a5" +source = "git+https://github.com/stakwork/sphinx-rs.git?rev=9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e#9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" dependencies = [ "anyhow", "base64 0.21.2", @@ -2097,7 +2097,7 @@ dependencies = [ [[package]] name = "sphinx-crypter" version = "0.1.0" -source = "git+https://github.com/stakwork/sphinx-rs.git?rev=db9f902750742c1aa4dc96ebc97f7c0e69b015a5#db9f902750742c1aa4dc96ebc97f7c0e69b015a5" +source = "git+https://github.com/stakwork/sphinx-rs.git?rev=9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e#9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" dependencies = [ "anyhow", "chacha20poly1305", @@ -2108,7 +2108,7 @@ dependencies = [ [[package]] name = "sphinx-glyph" version = "0.1.2" -source = "git+https://github.com/stakwork/sphinx-rs.git?rev=db9f902750742c1aa4dc96ebc97f7c0e69b015a5#db9f902750742c1aa4dc96ebc97f7c0e69b015a5" +source = "git+https://github.com/stakwork/sphinx-rs.git?rev=9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e#9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" dependencies = [ "anyhow", "hex", @@ -2147,7 +2147,7 @@ dependencies = [ [[package]] name = "sphinx-signer" version = "0.1.0" -source = "git+https://github.com/stakwork/sphinx-rs.git?rev=db9f902750742c1aa4dc96ebc97f7c0e69b015a5#db9f902750742c1aa4dc96ebc97f7c0e69b015a5" +source = "git+https://github.com/stakwork/sphinx-rs.git?rev=9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e#9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" dependencies = [ "anyhow", "bip39", diff --git a/tester/Cargo.toml b/tester/Cargo.toml index b6a6f94..2ba4ee9 100644 --- a/tester/Cargo.toml +++ b/tester/Cargo.toml @@ -24,8 +24,8 @@ serde_json = "1.0" tokio = { version = "1.4.0", features = ["rt", "rt-multi-thread", "macros"] } urlencoding = "2.1.0" -sphinx-crypter = { git = "https://github.com/stakwork/sphinx-rs.git", rev = "db9f902750742c1aa4dc96ebc97f7c0e69b015a5" } -sphinx-signer = { git = "https://github.com/stakwork/sphinx-rs.git", rev = "db9f902750742c1aa4dc96ebc97f7c0e69b015a5" } +sphinx-crypter = { git = "https://github.com/stakwork/sphinx-rs.git", rev = "9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" } +sphinx-signer = { git = "https://github.com/stakwork/sphinx-rs.git", rev = "9dd17b98fbe6ce1e60969ef8ba32bb2313d55e1e" } # sphinx-crypter = { path = "../../sphinx-rs/crypter" } # sphinx-signer = { path = "../../sphinx-rs/signer" } diff --git a/tester/cmd.json b/tester/cmd.json index a24e862..a5f5db3 100644 --- a/tester/cmd.json +++ b/tester/cmd.json @@ -2,6 +2,7 @@ "Ota": { "url": "https://jolliness.ddns.net/sphinx-update-", "version": 0, - "sha256_hash": "f3da0b52a0d6b3de68c042ab8209179766021c7420fe631e5e487ebedfd9a10b" + "sha256_hash": "204534038f2aa84cb8fa435dd9d762309d33a9129eaacfb3986df144bf8008a7", + "schnorr_sig": "ff34c0a598329468f74a21704221b49fe6aacfd32f9090ba02252cb0f64058b12d619c5c6cd172087ae679d1d7402d3b77d53f4de889047597737fd425f63a34" } } diff --git a/tester/ota_cmd.json b/tester/ota_cmd.json index a24e862..266954d 100644 --- a/tester/ota_cmd.json +++ b/tester/ota_cmd.json @@ -2,6 +2,7 @@ "Ota": { "url": "https://jolliness.ddns.net/sphinx-update-", "version": 0, - "sha256_hash": "f3da0b52a0d6b3de68c042ab8209179766021c7420fe631e5e487ebedfd9a10b" + "sha256_hash": "bbd3e4a74564278bad1b9248799749ce64620dea34c3a5ca31fb3a8879f63aec", + "schnorr_sig": "2949f14399ddab8a59ddea33cc3e04079298fb9ffb5bb826537ed2a10fce4917f4e70e739bf8da6ecf29a5ed9221eb855828306b3918790838173fd9110658ea" } } diff --git a/tester/src/ctrl.rs b/tester/src/ctrl.rs index fa1e208..0102be2 100644 --- a/tester/src/ctrl.rs +++ b/tester/src/ctrl.rs @@ -20,6 +20,7 @@ async fn main() -> anyhow::Result<()> { let nonce: u64 = nonce_string.parse::().expect("failed to parse nonce"); let broker_url: String = env::var("BROKER_URL").unwrap_or(DEFAULT_URL.to_string()); + println!("{}", broker_url); let seed_string: String = env::var("SEED").expect("no seed"); let seed = hex::decode(seed_string).expect("yo"); @@ -37,7 +38,7 @@ async fn main() -> anyhow::Result<()> { .expect("couldnt build reqwest client"); let res = client - .post(format!("{}/control?msg={}&cid={}", broker_url, msg_hex, "2a79fae7f7c5349621242192f8a4a11d")) + .post(format!("{}/control?msg={}&cid={}", broker_url, msg_hex, "df106bf2092378bba4f49058cdbec2bf")) .header("Content-Type", "application/json") .send() .await?;