[ESP32] Support for using encrypted app binary for OTA upgrades (#26978)
* [ESP32] Link wpa_supplicant library to libchip
* [ESP32] Support for using encrypted app binary for OTA upgrades
* Changes in application code
* Guide for how to use encrypted ota
* remove ota configs from sdkconfig.defaults
* Added few words to wordlist
* changed keypair to "key pair"
diff --git a/src/platform/ESP32/OTAImageProcessorImpl.h b/src/platform/ESP32/OTAImageProcessorImpl.h
index 5d0775c..03e1367 100644
--- a/src/platform/ESP32/OTAImageProcessorImpl.h
+++ b/src/platform/ESP32/OTAImageProcessorImpl.h
@@ -23,6 +23,10 @@
#include <platform/CHIPDeviceLayer.h>
#include <platform/OTAImageProcessor.h>
+#if CONFIG_ENABLE_ENCRYPTED_OTA
+#include <esp_encrypted_img.h>
+#endif // CONFIG_ENABLE_ENCRYPTED_OTA
+
namespace chip {
class OTAImageProcessorImpl : public OTAImageProcessorInterface
@@ -38,6 +42,13 @@
bool IsFirstImageRun() override;
CHIP_ERROR ConfirmCurrentImage() override;
+#if CONFIG_ENABLE_ENCRYPTED_OTA
+ // @brief This API initializes the handling of encrypted OTA image
+ // @param key null terminated RSA-3072 key in PEM format
+ // @return CHIP_NO_ERROR on success, appropriate error code otherwise
+ CHIP_ERROR InitEncryptedOTA(const CharSpan & key);
+#endif // CONFIG_ENABLE_ENCRYPTED_OTA
+
private:
static void HandlePrepareDownload(intptr_t context);
static void HandleFinalize(intptr_t context);
@@ -54,6 +65,14 @@
const esp_partition_t * mOTAUpdatePartition = nullptr;
esp_ota_handle_t mOTAUpdateHandle;
OTAImageHeaderParser mHeaderParser;
+
+#if CONFIG_ENABLE_ENCRYPTED_OTA
+ void EndDecryption();
+
+ CharSpan mKey;
+ bool mEncryptedOTAEnabled = false;
+ esp_decrypt_handle_t mOTADecryptionHandle = nullptr;
+#endif // CONFIG_ENABLE_ENCRYPTED_OTA
};
} // namespace chip