SHA_256 Not matching

Ritu21
Posts: 123
Joined: Sat Aug 04, 2018 9:58 am

SHA_256 Not matching

Postby Ritu21 » Mon Apr 15, 2019 6:07 am

Hi,

I am calculating SHA-256 of the running partition as below:

esp_partition_get_sha256(esp_ota_get_running_partition(), sha_256);
With this, I am getting - 02dae1d8986dc3d6842fd260b7a3fc57e0b600388955c5947ae617bd3a4af937

Also calculating SHA-256 from the utility (available in linux)of the same bin file uploaded to the above partition using ota, getting different SHA values.
Here, it is - 4eeede3a85261466f464ad3d801ffc8b86041c98444bac02e5aff708c23022e9 for the same bin file.

Why is it so???
My application is to compare the SHA-256 generated by my app and other coming from the server where the image is, and accordingly apply the rollback function.

Please clarify why is it different???

Please treat this as very urgent.

Looking forward for your response.

Thanks
R.

WiFive
Posts: 3529
Joined: Tue Dec 01, 2015 7:35 am

Re: SHA_256 Not matching

Postby WiFive » Mon Apr 15, 2019 10:10 am

They are different lengths. Bin file is not padded.

Ritu21
Posts: 123
Joined: Sat Aug 04, 2018 9:58 am

Re: SHA_256 Not matching

Postby Ritu21 » Mon Apr 15, 2019 10:40 am

Hi,

No, it is of same length, i.e 64 bytes.

How to calculate sha256 of binary file??

Thanks
Ritu

WiFive
Posts: 3529
Joined: Tue Dec 01, 2015 7:35 am

Re: SHA_256 Not matching

Postby WiFive » Mon Apr 15, 2019 12:53 pm

Bin length != Partition length

Ritu21
Posts: 123
Joined: Sat Aug 04, 2018 9:58 am

Re: SHA_256 Not matching

Postby Ritu21 » Mon Apr 15, 2019 1:31 pm

Hi,

Could you please help me with the possible ways of image validation in esp32?

As described earlier, my aim is to compare the SHA-256 generated by my app and other coming from the cloud where the same image is downloaded , and accordingly apply the rollback function.

Something like this:

if(SHA-256_RunningImage == SHA_256_DownloadedImage){ //Both variable should be same if the image is same
esp_ota_mark_app_valid_cancel_rollback();
}
else{
esp_ota_mark_app_invalid_rollback_and_reboot();
}

I hope to receive something positive from you.

Thanks
R.

ESP_Angus
Posts: 2344
Joined: Sun May 08, 2016 4:11 am

Re: SHA_256 Not matching

Postby ESP_Angus » Mon Apr 15, 2019 11:49 pm

Hi Ritu21,

App .bin files have a SHA-256 hash appended to them for verification. The bootloader checks this SHA-256 hash before it boots the app, and the esp_partition_getsha256() function verifies the app is valid and the embedded SHA-256 hash matches. (In this way, the behaviour is different for app partitions vs other partitions where it just takes SHA256 of all bytes in the partition regardless of content.)

This is why the sha256 calculated on the .bin file is different, it's returning the appended hash inside the .bin file.

For more details see the API documentation for esp_partition_get_sha256().

To identify the binary image in the way you need, there are a couple of options:
  • Use "esptool.py --chip esp32 image_info app_file.bin" and copy the SHA256 from this output. This is the same hash embedded in the .bin file.
  • Use the esp_ota_get_app_description() or esp_ota_get_app_elf_sha256() functions (both new in v3.3). This can get you the SHA-256 of the ELF file that the binary was built from (this is the actual sha256sum of the whole .elf file). Then use this for comparison. (Note that the app_desc_t structure includes both this SHA-256 and some other information about the app like the version string, if you want other ways to embed metadata in the app.)

Ritu21
Posts: 123
Joined: Sat Aug 04, 2018 9:58 am

Re: SHA_256 Not matching

Postby Ritu21 » Wed Apr 17, 2019 7:12 am

Hi Angus,

Thanks for your reply, It helped me!!!


Ritu. :D

Who is online

Users browsing this forum: No registered users and 118 guests