• State TI Thinks Resolved
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 40 subscribers
  • Views 1023 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CC3200: Problem with verifying downloaded image files with signature/certificate

Michael Burakov
Prodigy 50 points
Part Number: CC3200
Other Parts Discussed in Thread: TEST2

Dear support,

I'm developing on CC3200 device and right now working with OTA reference code example to make it suite our needs. What I try to do is to make verification functionality of downloaded files by OTA library working. It seems to be already implemented and working to some extent as service pack comes with it's signature and is successfully validated (I tested and it works very well). However, I'm not sure how to sign my own files with either certificate or signature, security is not as important as integrity here.

I found a guide to create a certificate for CC3200 devices: http://processors.wiki.ti.com/index.php/CC3100_%26_CC3200_Generate_Certificate where I created a sha1 and signed it with certificate (which I created and signed with self-signed CA). Then I sended all 3 files: f07_sys_filename.hex, f00_sys_filename.cer and f00_sys_filename.sig to the tag. I could also verify that .sig and .cer files are saved on internal SFLASH before .hex file was downloaded. However, when .hex file downloads successfully file on SFLASH could not be closed, sl_FsClose throws SL_FS_ERR_FILE_NOT_EXISTS (-11) for some reason (I know that both .sig and .cer files still exist).

I also tried to only provide sha1 with the following setup: f03_filename.hex and f00_filename.sig, where .sig file was generated as follows: 

openssl dgst -sha1 f03_filename.hex > f00_filename.sig

, without any success.

Is it something I'm doing wrong or there is another way to do it better?

Thank you in advance,

Best Regards,

Michael

  • 0
    TI__Mastermind 25955 points
    Hi Michael,

    Could step through the debug steps presented in this post? e2e.ti.com/.../1513283

    In the linked post, the issue was actually with an expired dropbox oauth token.

    If the oauth token is not the issue, please enable logs in the OTA library and share the output. Thanks!

    Sincerely,
    Bryan Kahler
  • 0 in reply to Bryan Kahler
    Prodigy 50 points

    Hi Bryan,

    First of all, thank you for the prompt response.

    My problem is definitely not related to dropbox API as I wrote my own JAVA servlet to answer with JSON exactly as expected by OTA library.

    Here I just created a simple unsigned text file:

    echo "12345" > f00_sys_test1.txt

    , and successfully uploaded through OTA, output as follows:

    EXTLIB_OTA_GET_OPT_IS_PENDING_COMMIT? 0
    Starting OTA (for testing? 0)...
    sl_extLib_OtaRun: call OtaClient_ConnectServer OTA server=
    OtaClient_ConnectServer: http_connect_server
    sl_extLib_OtaRun: OtaClient_UpdateCheck, vendorStr=ETech_CC3200_PERS090630
    OtaClient_UpdateCheck: call http_build_request /etags/metadata/
    resource file=/ETech_CC3200_PERS090630/D0B5C2BD6548/f00_sys_test1.txt, size=6
    sl_extLib_OtaRun: OtaClient_UpdateCheck, numUpdates=1
    sl_extLib_OtaRun: OtaClient_GetNextUpdate: file=/ETech_CC3200_PERS090630/D0B5C2BD6548/f00_sys_test1.txt, size=6
    OtaClient_ResourceMetadata: call http_build_request /etags/media
    OtaClient_ResourceMetadata: file flags=0,metadata flags=0
    sl_extLib_OtaRun: ResourceMetadata CDN file URL = 10.17.3.169:8888/.../f00_sys_test1.txt
    _ReadFileHeaders: domain=10.17.3.169, file=/etags/download/571288442/f00_sys_test1.txt
    _ReadFileHeaders: skip http headers
    CdnClient_Run: Create/Open for write file /sys/test1.txt
    CdnClient_Run: file opened
    CdnClient_Run: Write size 6 to file /sys/test1.txt total 0.
    CdnClient_Run: End of file
    CdnClient_Run: Downloading File Completed - Size=6
    sl_extLib_OtaRun: ---- Download file completed /sys/test1.txt
    sl_extLib_OtaRun: -------- end of updates
    LogClient_ConnectServer: http_connect_server
    OTA run = 2
    _OtaCleanToIdle: close OTA client and CDN client and back to IDLE
    OTA: FILE/CONFIG DOWNLOAD COMPLETE

    However, when I try to repeat procedure with signed file:

    echo "12345" > f03_sys_test2.txt
openssl dgst -sha1 f03_sys_test2.txt > f00_sys_test2.sig

    OTA fails on last step (closing signed file):

    EXTLIB_OTA_GET_OPT_IS_PENDING_COMMIT? 0
    Starting OTA (for testing? 0)...
    sl_extLib_OtaRun: call OtaClient_ConnectServer OTA server=
    OtaClient_ConnectServer: http_connect_server
    sl_extLib_OtaRun: OtaClient_UpdateCheck, vendorStr=ETech_CC3200_PERS090630
    OtaClient_UpdateCheck: call http_build_request /etags/metadata/
    resource file=/ETech_CC3200_PERS090630/D0B5C2BD6548/f00_sys_test2.sig, size=66
    resource file=/ETech_CC3200_PERS090630/D0B5C2BD6548/f03_sys_test2.txt, size=6
    sl_extLib_OtaRun: OtaClient_UpdateCheck, numUpdates=2
    sl_extLib_OtaRun: OtaClient_GetNextUpdate: file=/ETech_CC3200_PERS090630/D0B5C2BD6548/f00_sys_test2.sig, size=66
    OtaClient_ResourceMetadata: call http_build_request /etags/media
    OtaClient_ResourceMetadata: file flags=0,metadata flags=0
    OtaClient_ResourceMetadata: remove old signature file /sys/test2.sig
    sl_extLib_OtaRun: ResourceMetadata CDN file URL = 10.17.3.169:8888/.../f00_sys_test2.sig
    _ReadFileHeaders: domain=10.17.3.169, file=/etags/download/590662089/f00_sys_test2.sig
    _ReadFileHeaders: skip http headers
    CdnClient_Run: Create/Open for write file /sys/test2.sig
    CdnClient_Run: file opened
    CdnClient_Run: Write size 66 to file /sys/test2.sig total 0.
    CdnClient_Run: End of file
    CdnClient_Run: Downloading File Completed - Size=66
    sl_extLib_OtaRun: ---- Download file completed /sys/test2.sig
    sl_extLib_OtaRun: OtaClient_GetNextUpdate: file=/ETech_CC3200_PERS090630/D0B5C2BD6548/f03_sys_test2.txt, size=6
    OtaClient_ResourceMetadata: call http_build_request /etags/media
    OtaClient_ResourceMetadata: file flags=3,metadata flags=3
    OtaClient_ResourceMetadata: file=/sys/test2.txt is secured with signature
    sl_extLib_OtaRun: ResourceMetadata CDN file URL = 10.17.3.169:8888/.../f03_sys_test2.txt
    _ReadFileHeaders: domain=10.17.3.169, file=/etags/download/441451580/f03_sys_test2.txt
    _ReadFileHeaders: skip http headers
    CdnClient_Run: Create/Open for write file /sys/test2.txt
    CdnClient_Run: file opened
    CdnClient_Run: Write size 6 to file /sys/test2.txt total 0.
    CdnClient_Run: End of file
    CdnClient_Run: error on pCloseFile, status=-11
    sl_extLib_OtaRun ERROR: Failed on CdnClient_Run
    OTA run = -7
    OTA: Error with OTA server

    The same happens when I try with certificate. I wonder is it right signing procedure I perform? The service pack signature is a binary and exactly 256 bytes which is max allocated size for signature file in OTA library as well, while my sig is only 66 bytes. I have also tried with different flags for dgst (-binary, -sha256) when creating a signature without any success.

    Would be nice if you could help,

    Thank you,

    Michael