aljaz/sphinx-key
1
1
Fork 0
mirror of https://github.com/stakwork/sphinx-key.git synced 2025-12-17 07:14:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

sphinx-key: check integrity of ota bin file

Browse Source
This commit is contained in:
irriden
2023-11-18 02:06:01 +00:00
parent ac1a61f03b
commit 7102138217
7 changed files with 43 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
broker/Cargo.lock generated
View File

@@ -1691,7 +1691,7 @@ dependencies = [
[[package]]
name = "lss-connector"
version = "0.1.0"
source = "git+https://github.com/stakwork/sphinx-rs?rev=55c4b00dc079d21353904fec45b10c7f09ec8f85#55c4b00dc079d21353904fec45b10c7f09ec8f85"
source = "git+https://github.com/stakwork/sphinx-rs?rev=db9f902750742c1aa4dc96ebc97f7c0e69b015a5#db9f902750742c1aa4dc96ebc97f7c0e69b015a5"
dependencies = [
"anyhow",
"lightning-storage-server",
@@ -2693,7 +2693,7 @@ dependencies = [
[[package]]
name = "rmp-utils"
version = "0.1.0"
source = "git+https://github.com/stakwork/sphinx-rs?rev=55c4b00dc079d21353904fec45b10c7f09ec8f85#55c4b00dc079d21353904fec45b10c7f09ec8f85"
source = "git+https://github.com/stakwork/sphinx-rs?rev=db9f902750742c1aa4dc96ebc97f7c0e69b015a5#db9f902750742c1aa4dc96ebc97f7c0e69b015a5"
dependencies = [
"anyhow",
"log",
@@ -3268,7 +3268,7 @@ dependencies = [
[[package]]
name = "sphinx-auther"
version = "0.1.12"
source = "git+https://github.com/stakwork/sphinx-rs?rev=55c4b00dc079d21353904fec45b10c7f09ec8f85#55c4b00dc079d21353904fec45b10c7f09ec8f85"
source = "git+https://github.com/stakwork/sphinx-rs?rev=db9f902750742c1aa4dc96ebc97f7c0e69b015a5#db9f902750742c1aa4dc96ebc97f7c0e69b015a5"
dependencies = [
"anyhow",
"base64 0.21.2",
@@ -3280,7 +3280,7 @@ dependencies = [
[[package]]
name = "sphinx-glyph"
version = "0.1.2"
source = "git+https://github.com/stakwork/sphinx-rs?rev=55c4b00dc079d21353904fec45b10c7f09ec8f85#55c4b00dc079d21353904fec45b10c7f09ec8f85"
source = "git+https://github.com/stakwork/sphinx-rs?rev=db9f902750742c1aa4dc96ebc97f7c0e69b015a5#db9f902750742c1aa4dc96ebc97f7c0e69b015a5"
dependencies = [
"anyhow",
"hex",
@@ -3326,7 +3326,7 @@ dependencies = [
[[package]]
name = "sphinx-signer"
version = "0.1.0"
source = "git+https://github.com/stakwork/sphinx-rs?rev=55c4b00dc079d21353904fec45b10c7f09ec8f85#55c4b00dc079d21353904fec45b10c7f09ec8f85"
source = "git+https://github.com/stakwork/sphinx-rs?rev=db9f902750742c1aa4dc96ebc97f7c0e69b015a5#db9f902750742c1aa4dc96ebc97f7c0e69b015a5"
dependencies = [
"anyhow",
"bip39",

4
broker/Cargo.toml
View File

@@ -39,8 +39,8 @@ vls-proxy = { git = "https://gitlab.com/lightning-signer/validating-li
# vls-protocol-client = { path = "../../vls/vls-protocol-client" }
# vls-proxy = { path = "../../vls/vls-proxy" }
lss-connector = { git = "https://github.com/stakwork/sphinx-rs", rev = "55c4b00dc079d21353904fec45b10c7f09ec8f85" }
sphinx-signer = { git = "https://github.com/stakwork/sphinx-rs", rev = "55c4b00dc079d21353904fec45b10c7f09ec8f85" }
lss-connector = { git = "https://github.com/stakwork/sphinx-rs", rev = "db9f902750742c1aa4dc96ebc97f7c0e69b015a5" }
sphinx-signer = { git = "https://github.com/stakwork/sphinx-rs", rev = "db9f902750742c1aa4dc96ebc97f7c0e69b015a5" }
# lss-connector = { path = "../../sphinx-rs/lss-connector" }
# sphinx-signer = { path = "../../sphinx-rs/signer" }

12
sphinx-key/Cargo.lock generated
View File

@@ -1161,7 +1161,7 @@ checksum = "b06a4cde4c0f271a446782e3eff8de789548ce57dbc8eca9292c27f4a42004b4"
[[package]]
name = "lss-connector"
version = "0.1.0"
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=55c4b00dc079d21353904fec45b10c7f09ec8f85#55c4b00dc079d21353904fec45b10c7f09ec8f85"
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=db9f902750742c1aa4dc96ebc97f7c0e69b015a5#db9f902750742c1aa4dc96ebc97f7c0e69b015a5"
dependencies = [
"anyhow",
"log",
@@ -1530,7 +1530,7 @@ dependencies = [
[[package]]
name = "rmp-utils"
version = "0.1.0"
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=55c4b00dc079d21353904fec45b10c7f09ec8f85#55c4b00dc079d21353904fec45b10c7f09ec8f85"
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=db9f902750742c1aa4dc96ebc97f7c0e69b015a5#db9f902750742c1aa4dc96ebc97f7c0e69b015a5"
dependencies = [
"anyhow",
"log",
@@ -1728,7 +1728,7 @@ dependencies = [
[[package]]
name = "sphinx-auther"
version = "0.1.12"
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=55c4b00dc079d21353904fec45b10c7f09ec8f85#55c4b00dc079d21353904fec45b10c7f09ec8f85"
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=db9f902750742c1aa4dc96ebc97f7c0e69b015a5#db9f902750742c1aa4dc96ebc97f7c0e69b015a5"
dependencies = [
"anyhow",
"base64",
@@ -1740,7 +1740,7 @@ dependencies = [
[[package]]
name = "sphinx-crypter"
version = "0.1.0"
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=55c4b00dc079d21353904fec45b10c7f09ec8f85#55c4b00dc079d21353904fec45b10c7f09ec8f85"
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=db9f902750742c1aa4dc96ebc97f7c0e69b015a5#db9f902750742c1aa4dc96ebc97f7c0e69b015a5"
dependencies = [
"anyhow",
"chacha20poly1305",
@@ -1751,7 +1751,7 @@ dependencies = [
[[package]]
name = "sphinx-glyph"
version = "0.1.2"
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=55c4b00dc079d21353904fec45b10c7f09ec8f85#55c4b00dc079d21353904fec45b10c7f09ec8f85"
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=db9f902750742c1aa4dc96ebc97f7c0e69b015a5#db9f902750742c1aa4dc96ebc97f7c0e69b015a5"
dependencies = [
"anyhow",
"hex",
@@ -1783,7 +1783,7 @@ dependencies = [
[[package]]
name = "sphinx-signer"
version = "0.1.0"
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=55c4b00dc079d21353904fec45b10c7f09ec8f85#55c4b00dc079d21353904fec45b10c7f09ec8f85"
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=db9f902750742c1aa4dc96ebc97f7c0e69b015a5#db9f902750742c1aa4dc96ebc97f7c0e69b015a5"
dependencies = [
"anyhow",
"bip39",

6
sphinx-key/Cargo.toml
View File

@@ -21,9 +21,9 @@ serde_urlencoded = "0.7.1"
url = "2"
# sphinx-rs
lss-connector = { git = "https://github.com/stakwork/sphinx-rs.git", default-features = false, rev = "55c4b00dc079d21353904fec45b10c7f09ec8f85" }
sphinx-crypter = { git = "https://github.com/stakwork/sphinx-rs.git", rev = "55c4b00dc079d21353904fec45b10c7f09ec8f85" }
sphinx-signer = { git = "https://github.com/stakwork/sphinx-rs.git", optional = true, rev = "55c4b00dc079d21353904fec45b10c7f09ec8f85" }
lss-connector = { git = "https://github.com/stakwork/sphinx-rs.git", default-features = false, rev = "db9f902750742c1aa4dc96ebc97f7c0e69b015a5" }
sphinx-crypter = { git = "https://github.com/stakwork/sphinx-rs.git", rev = "db9f902750742c1aa4dc96ebc97f7c0e69b015a5" }
sphinx-signer = { git = "https://github.com/stakwork/sphinx-rs.git", optional = true, rev = "db9f902750742c1aa4dc96ebc97f7c0e69b015a5" }
# local
# lss-connector = { path = "../../sphinx-rs/lss-connector", default-features = false }
# sphinx-crypter = { path = "../../sphinx-rs/crypter" }

22
sphinx-key/src/ota.rs
View File

@@ -5,10 +5,11 @@ use esp_idf_svc::http::client::FollowRedirectsPolicy::FollowNone;
use esp_idf_svc::http::Method;
use esp_idf_svc::ota::EspOta;
use log::{error, info};
use sphinx_signer::lightning_signer::bitcoin::hashes::{self, Hash};
use sphinx_signer::sphinx_glyph::control::OtaParams;
use std::fs::{remove_file, File};
use std::io::BufWriter;
use std::io::Write;
use std::io::{BufReader, BufWriter};
const BUFFER_LEN: usize = 1024;
const UPDATE_BIN_PATH: &str = "/sdcard/update.bin";
@@ -61,10 +62,25 @@ fn get_update(params: OtaParams) -> Result<()> {
Ok(())
}
fn check_integrity(params: OtaParams) -> Result<()> {
let f = File::open(UPDATE_BIN_PATH)?;
let mut reader = BufReader::new(f);
let mut engine = hashes::sha256::HashEngine::default();
std::io::copy(&mut reader, &mut engine)?;
let hash = hashes::sha256::Hash::from_engine(engine);
if hash.to_string() == params.sha256_hash {
Ok(())
} else {
Err(anyhow!("Integrity check failed!"))
}
}
pub fn update_sphinx_key(params: OtaParams) -> Result<()> {
info!("Getting the update...");
get_update(params)?;
info!("Update written to sd card, performing factory reset");
get_update(params.clone())?;
info!("Update written to sd card, checking integrity...");
check_integrity(params)?;
info!("Integrity check passed, performing factory reset...");
factory_reset()?;
info!("Factory reset completed!");
Ok(())

12
tester/Cargo.lock generated
View File

@@ -1151,7 +1151,7 @@ dependencies = [
[[package]]
name = "lss-connector"
version = "0.1.0"
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=55c4b00dc079d21353904fec45b10c7f09ec8f85#55c4b00dc079d21353904fec45b10c7f09ec8f85"
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=db9f902750742c1aa4dc96ebc97f7c0e69b015a5#db9f902750742c1aa4dc96ebc97f7c0e69b015a5"
dependencies = [
"anyhow",
"log",
@@ -1702,7 +1702,7 @@ dependencies = [
[[package]]
name = "rmp-utils"
version = "0.1.0"
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=55c4b00dc079d21353904fec45b10c7f09ec8f85#55c4b00dc079d21353904fec45b10c7f09ec8f85"
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=db9f902750742c1aa4dc96ebc97f7c0e69b015a5#db9f902750742c1aa4dc96ebc97f7c0e69b015a5"
dependencies = [
"anyhow",
"log",
@@ -2085,7 +2085,7 @@ dependencies = [
[[package]]
name = "sphinx-auther"
version = "0.1.12"
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=55c4b00dc079d21353904fec45b10c7f09ec8f85#55c4b00dc079d21353904fec45b10c7f09ec8f85"
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=db9f902750742c1aa4dc96ebc97f7c0e69b015a5#db9f902750742c1aa4dc96ebc97f7c0e69b015a5"
dependencies = [
"anyhow",
"base64 0.21.2",
@@ -2097,7 +2097,7 @@ dependencies = [
[[package]]
name = "sphinx-crypter"
version = "0.1.0"
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=55c4b00dc079d21353904fec45b10c7f09ec8f85#55c4b00dc079d21353904fec45b10c7f09ec8f85"
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=db9f902750742c1aa4dc96ebc97f7c0e69b015a5#db9f902750742c1aa4dc96ebc97f7c0e69b015a5"
dependencies = [
"anyhow",
"chacha20poly1305",
@@ -2108,7 +2108,7 @@ dependencies = [
[[package]]
name = "sphinx-glyph"
version = "0.1.2"
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=55c4b00dc079d21353904fec45b10c7f09ec8f85#55c4b00dc079d21353904fec45b10c7f09ec8f85"
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=db9f902750742c1aa4dc96ebc97f7c0e69b015a5#db9f902750742c1aa4dc96ebc97f7c0e69b015a5"
dependencies = [
"anyhow",
"hex",
@@ -2147,7 +2147,7 @@ dependencies = [
[[package]]
name = "sphinx-signer"
version = "0.1.0"
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=55c4b00dc079d21353904fec45b10c7f09ec8f85#55c4b00dc079d21353904fec45b10c7f09ec8f85"
source = "git+https://github.com/stakwork/sphinx-rs.git?rev=db9f902750742c1aa4dc96ebc97f7c0e69b015a5#db9f902750742c1aa4dc96ebc97f7c0e69b015a5"
dependencies = [
"anyhow",
"bip39",

4
tester/Cargo.toml
View File

@@ -24,8 +24,8 @@ serde_json = "1.0"
tokio = { version = "1.4.0", features = ["rt", "rt-multi-thread", "macros"] }
urlencoding = "2.1.0"
sphinx-crypter = { git = "https://github.com/stakwork/sphinx-rs.git", rev = "55c4b00dc079d21353904fec45b10c7f09ec8f85" }
sphinx-signer = { git = "https://github.com/stakwork/sphinx-rs.git", rev = "55c4b00dc079d21353904fec45b10c7f09ec8f85" }
sphinx-crypter = { git = "https://github.com/stakwork/sphinx-rs.git", rev = "db9f902750742c1aa4dc96ebc97f7c0e69b015a5" }
sphinx-signer = { git = "https://github.com/stakwork/sphinx-rs.git", rev = "db9f902750742c1aa4dc96ebc97f7c0e69b015a5" }
# sphinx-crypter = { path = "../../sphinx-rs/crypter" }
# sphinx-signer = { path = "../../sphinx-rs/signer" }