commit 81f71a03114ebbc5ad2d3c7ed56d351fb0af5a3a
author Shubham Patil <shubham.patil@espressif.com> Wed Jun 07 01:16:02 2023 +0530
committer GitHub <noreply@github.com> Tue Jun 06 15:46:02 2023 -0400
tree 4dd484828497a3ad3eca01521957ed33d3e5ee7a
parent 89a612e796bf4926dc131a994ddc72493ccdb036

[ESP32] Support for using encrypted app binary for OTA upgrades (#26978)

* [ESP32] Link wpa_supplicant library to libchip

* [ESP32] Support for using encrypted app binary for OTA upgrades

* Changes in application code

* Guide for how to use encrypted ota

* remove ota configs from sdkconfig.defaults

* Added few words to wordlist

* changed keypair to "key pair"

src/platform/ESP32/OTAImageProcessorImpl.h

diff --git a/src/platform/ESP32/OTAImageProcessorImpl.h b/src/platform/ESP32/OTAImageProcessorImpl.h
index 5d0775c..03e1367 100644
--- a/src/platform/ESP32/OTAImageProcessorImpl.h
+++ b/src/platform/ESP32/OTAImageProcessorImpl.h
@@ -23,6 +23,10 @@
 #include <platform/CHIPDeviceLayer.h>
 #include <platform/OTAImageProcessor.h>
 
+#if CONFIG_ENABLE_ENCRYPTED_OTA
+#include <esp_encrypted_img.h>
+#endif // CONFIG_ENABLE_ENCRYPTED_OTA
+
 namespace chip {
 
 class OTAImageProcessorImpl : public OTAImageProcessorInterface
@@ -38,6 +42,13 @@
     bool IsFirstImageRun() override;
     CHIP_ERROR ConfirmCurrentImage() override;
 
+#if CONFIG_ENABLE_ENCRYPTED_OTA
+    // @brief This API initializes the handling of encrypted OTA image
+    // @param key null terminated RSA-3072 key in PEM format
+    // @return CHIP_NO_ERROR on success, appropriate error code otherwise
+    CHIP_ERROR InitEncryptedOTA(const CharSpan & key);
+#endif // CONFIG_ENABLE_ENCRYPTED_OTA
+
 private:
     static void HandlePrepareDownload(intptr_t context);
     static void HandleFinalize(intptr_t context);
@@ -54,6 +65,14 @@
     const esp_partition_t * mOTAUpdatePartition = nullptr;
     esp_ota_handle_t mOTAUpdateHandle;
     OTAImageHeaderParser mHeaderParser;
+
+#if CONFIG_ENABLE_ENCRYPTED_OTA
+    void EndDecryption();
+
+    CharSpan mKey;
+    bool mEncryptedOTAEnabled                 = false;
+    esp_decrypt_handle_t mOTADecryptionHandle = nullptr;
+#endif // CONFIG_ENABLE_ENCRYPTED_OTA
 };
 
 } // namespace chip