Merge branch 'contrib/github_pr_8535' into 'master'

Upgrade esp_encrypted_img version in pre-encrypted OTA example (GitHub PR) Closes IDFGH-6915 See merge request espressif/esp-idf!17432
2024-10-05 20:47:46 -04:00 · 2022-03-10 14:46:37 +08:00 · 2022-03-10 14:46:37 +08:00 · 4cdf2459f0
commit 4cdf2459f0
parent 6249b3d671 f17a3491e5
3 changed files with 21 additions and 15 deletions
--- a/examples/system/ota/pre_encrypted_ota/README.md
+++ b/examples/system/ota/pre_encrypted_ota/README.md
@ -1,11 +1,17 @@

 # Encrypted Binary OTA

-This example demonstrates OTA updates with pre-encrypted binary using `esp_encrypted_img` component's APIs and tool. Pre encrypted firmware binary must be hosted on OTA update server. This firmware will be fetched and then decrypted on device before being flashed. This allows firmware to remain `confidential` on the OTA update channel irrespective of underlying transport (e.g., non-TLS).
+This example demonstrates OTA updates with pre-encrypted binary using `esp_encrypted_img` component's APIs and tool.
+
+Pre-encrypted firmware binary must be hosted on OTA update server.
+This firmware will be fetched and then decrypted on device before being flashed.
+This allows firmware to remain `confidential` on the OTA update channel irrespective of underlying transport (e.g., non-TLS).

 ## ESP Encrypted Image Abstraction Layer

-This example uses `esp_encrypted_img` component hosted at https://github.com/espressif/idf-extra-components/blob/master/esp_encrypted_img through component manager. Please refer to its documentation [here](https://github.com/espressif/idf-extra-components/blob/master/esp_encrypted_img/README.md) for more details
+This example uses `esp_encrypted_img` component hosted at [idf-extra-components/esp_encrypted_img](https://github.com/espressif/idf-extra-components/blob/master/esp_encrypted_img) and available though the [IDF component manager](https://components.espressif.com/component/espressif/esp_encrypted_img).
+
+Please refer to its documentation [here](https://github.com/espressif/idf-extra-components/blob/master/esp_encrypted_img/README.md) for more details.


 ## How to use the example
--- a/examples/system/ota/pre_encrypted_ota/main/idf_component.yml
+++ b/examples/system/ota/pre_encrypted_ota/main/idf_component.yml
@ -1,3 +1,3 @@
 dependencies:
  idf: ">=4.4"
-  espressif/esp_encrypted_img: "^1.0.0"
+  espressif/esp_encrypted_img: "^2.0.1"
--- a/examples/system/ota/pre_encrypted_ota/main/pre_encrypted_ota.c
+++ b/examples/system/ota/pre_encrypted_ota/main/pre_encrypted_ota.c
@ -31,15 +31,15 @@
 #endif

 static const char *TAG = "pre_encrypted_ota_example";
-extern const uint8_t server_cert_pem_start[] asm("_binary_ca_cert_pem_start");
-extern const uint8_t server_cert_pem_end[] asm("_binary_ca_cert_pem_end");
+extern const char server_cert_pem_start[] asm("_binary_ca_cert_pem_start");
+extern const char server_cert_pem_end[] asm("_binary_ca_cert_pem_end");

-extern const uint8_t rsa_private_pem_start[] asm("_binary_private_pem_start");
-extern const uint8_t rsa_private_pem_end[]   asm("_binary_private_pem_end");
+extern const char rsa_private_pem_start[] asm("_binary_private_pem_start");
+extern const char rsa_private_pem_end[]   asm("_binary_private_pem_end");

 #define OTA_URL_SIZE 256

-static esp_decrypt_handle_t *ctx;
+static esp_decrypt_handle_t decrypt_handle;

 static esp_err_t _decrypt_cb(decrypt_cb_arg_t *args)
 {
@ -47,7 +47,7 @@ static esp_err_t _decrypt_cb(decrypt_cb_arg_t *args)
    pre_enc_decrypt_arg_t pargs = {};
    pargs.data_in = (char *) args->data_in;
    pargs.data_in_len = args->data_in_len;
-    err = esp_encrypted_img_decrypt_data(ctx, &pargs);
+    err = esp_encrypted_img_decrypt_data(decrypt_handle, &pargs);
    if (err != ESP_OK && err != ESP_ERR_NOT_FINISHED) {
        return err;
    }
@ -68,15 +68,15 @@ void pre_encrypted_ota_task(void *pvParameter)
    esp_err_t ota_finish_err = ESP_OK;
    esp_http_client_config_t config = {
        .url = CONFIG_EXAMPLE_FIRMWARE_UPGRADE_URL,
-        .cert_pem = (char *)server_cert_pem_start,
+        .cert_pem = server_cert_pem_start,
        .timeout_ms = CONFIG_EXAMPLE_OTA_RECV_TIMEOUT,
        .keep_alive_enable = true,
    };
    esp_decrypt_cfg_t cfg = {};
-    cfg.rsa_pub_key = (char *)rsa_private_pem_start;
+    cfg.rsa_pub_key = rsa_private_pem_start;
    cfg.rsa_pub_key_len = rsa_private_pem_end - rsa_private_pem_start;
-    ctx = esp_encrypted_img_decrypt_start(&cfg);
-    if (ctx == NULL) {
+    decrypt_handle = esp_encrypted_img_decrypt_start(&cfg);
+    if (!decrypt_handle) {
        ESP_LOGE(TAG, "OTA upgrade failed");
        vTaskDelete(NULL);
    }
@ -126,11 +126,11 @@ void pre_encrypted_ota_task(void *pvParameter)
        ESP_LOGD(TAG, "Image bytes read: %d", esp_https_ota_get_image_len_read(https_ota_handle));
    }

-    if (esp_https_ota_is_complete_data_received(https_ota_handle) != true) {
+    if (!esp_https_ota_is_complete_data_received(https_ota_handle)) {
        // the OTA image was not completely received and user can customise the response to this situation.
        ESP_LOGE(TAG, "Complete data was not received.");
    } else {
-        err = esp_encrypted_img_decrypt_end(ctx);
+        err = esp_encrypted_img_decrypt_end(decrypt_handle);
        if (err != ESP_OK) {
            goto ota_end;
        }