Programming via secure connection

Discussion to talk about software related topics only.
SeeCwriter
Posts: 606
Joined: Mon May 12, 2008 10:55 am

Programming via secure connection

Post by SeeCwriter »

Is there a way for Autoupdate to send an image file over a TLS connection?

Are you aware of a file transfer process where, the file itself is first encrypted using a TLS certificate & key, then sent to another host via a TLS connection that uses a different certificate & key? In this case, the file would be the image file for the NB module.

I'm using v2.9.5 with a MOD5441X.
User avatar
pbreed
Posts: 1080
Joined: Thu Apr 24, 2008 3:58 pm

Re: Programming via secure connection

Post by pbreed »

With the 3.X tools this is a simple setting...
With the 2.X tools you need to do some more work.

1)Get TLS HTTPS webserver running on the board.
2)Get the PostapplicationUpdate example working.
3)Combine 1+2

Paul
SeeCwriter
Posts: 606
Joined: Mon May 12, 2008 10:55 am

Re: Programming via secure connection

Post by SeeCwriter »

Just to confirm, with v3.x tools it is easy to do both, encrypt the image with one cert and send it over a secure connection with another cert?
SeeCwriter
Posts: 606
Joined: Mon May 12, 2008 10:55 am

Re: Programming via secure connection

Post by SeeCwriter »

I installed v3.3.2, and before I could even add a project it started rebuilding the system, which is odd. Is that normal? As usual, the build failed with the infamous "Couldn't reserve for cygwin's heap" error. I will have to install it on another PC, build the system, then copy it to my PC. But before I do, I want to find out if I need to modify any system files first. With v2.x I needed to modify predef.h to enable SSL & SSH, but I can't find predef.h. I can't even find the top-level include files (c:\nburn\include). Is this step not needed for 3.x?

Regarding the example programs you mentioned, by "TLS HTTPS webserver", did you mean sslserver, because I find no example with the name you used?

In addition, in the Introduction section of v3.3.2 Docs, it says that the first example program, called Template, can be used as a starting point. Again, I don't find an example program by that name.
User avatar
Jon
Posts: 79
Joined: Mon Feb 05, 2018 10:54 am

Re: Programming via secure connection

Post by Jon »

Hi SeeCwriter,

In 3.x, the system libraries have been moved to \nburn\nbrtos. There you will find the source and include directories.

For predef.h, SSL/TLS, and SSH are on by default, so you shouldn't need to make any changes there, unless you want to turn it off.

By TLS HTTPS webserver, I think Paul was referring to the example, SslWebDemo, which basically starts a secure webserver.

For the documentation, that is certainly confusing. I think it's referring to the templates that are created when you build a project using the Application Project Wizard.

As for the system libraries building when you first open NBEclipse, usually it waits until you've at least created a project. I'm not sure where it would put them otherwise, as in 3.x, unlike 2.x, each project gets its own separate build copy of the system libraries so that you can make custom changes on a per project basis if needed.

Hopefully that helps, but let us know if you have any other questions.

Kind Regards,
Jon
User avatar
pbreed
Posts: 1080
Joined: Thu Apr 24, 2008 3:58 pm

Re: Programming via secure connection

Post by pbreed »

3.0 makes it easy to send via TLS where the connection is encrypted.

If you want the actual image encrypted... then you statement makes no sense.
A certificate is used for a public/private key system.

So if you want the actual image to be encrypted (not just encrypted during the transfer AKA TLS, but actually stored on DISK /distributed encryped
that is a differnt problem.)

Can you explain EXACTLY what you are trying to acomplish?

Are you trying to have a signed image? (rather than encrypted) In that case your usage of the word certificate makes sense...


Options:
Certificate with public key.

A)Device holds private key...
Anyone with access to the public key can encrypt the image only the device can decrypt the image.
Needs a differnt certificate for each device.


B)Developer holds private key.
Devices all have the same public key,
Device can decrypt payload only if signed with private key. Makeing sure the app its loading
was written/created by the person holding the private key.
This is most commonly thought of as signing, as anyone with the public key can decrypt, but the autor is verified.


c)The developer and Device hold a shared secret. (usually no certificate involved)
Devloper/Code autor encrypts the image with a Symetrical Cipher using the shared secret.
Device decryps the image using the shared secret. Only entitiies that hold the shared secret can create or decode the image.


Os are you lookign for somethign else I've missed here?

Please be as detailed and precise about what you are trying to do?
What is the threat model you are trying to protect against?
Running unauthorized code?
Code Theft?
Subscription Model where you want specific feature for specific devices where all share common code distribution?

Something else?
SeeCwriter
Posts: 606
Joined: Mon May 12, 2008 10:55 am

Re: Programming via secure connection

Post by SeeCwriter »

I relayed what I thought one of our customers was requesting. But I admit I may have misunderstood. You've probably dealt with this customer if you've ever bought any books online.

They were talking about including a key in the header of the image file. Perhaps they referring to signing the image file. They are paranoid about someone being able to load firmware from an unauthorized source. Is there a way to sign and verify signatures?
User avatar
pbreed
Posts: 1080
Joined: Thu Apr 24, 2008 3:58 pm

Re: Programming via secure connection

Post by pbreed »

Sign and verify makes much more sense....
This should be an example, it presently is not...
This is going to take a bit of time, my guess is 2 weeks, but 100% doable.
(not because its 2 weeks hard, its that we have 2 weeks of stuff in front of this)
SeeCwriter
Posts: 606
Joined: Mon May 12, 2008 10:55 am

Re: Programming via secure connection

Post by SeeCwriter »

That's great. Thank you.
User avatar
pbreed
Posts: 1080
Joined: Thu Apr 24, 2008 3:58 pm

Re: Programming via secure connection

Post by pbreed »

We are going to do a bit more here than my original intent.
We are going to add tools to the build chain to make signing automatic and seamless if set correctly.
We ar egoing to make validity checking on the device seamless and transparent as well.
We have started this project as of Today.
This is probably going to take longer than my original estimate... stay tuned...

Basic operations:
1)Create a public/private key pair.
2)Turn on option in eclipse and or command line to sign code.
(Each build will prompt you for private key).

3)On the device either compile in or download to the device the public key from #1.

From that point on device will not accept unsigned app loading via web or serial.
If you loose access to the private key, the only way to recover the device is with
physical access to the recovery jumper on the device.
Post Reply