Add file sha256 in 405.GetInfo.0.2.uavcan

Cherish-forever · September 27, 2021, 12:28pm

I think add file sha256 to GetInfo response will be better.
so that it can be verified after firmware has been download.
crc64 in file name is out of fashion.

pavel.kirienko · September 27, 2021, 1:38pm

This might be challenging to implement because SHA-256 may be too slow to compute for a large file to keep up with the timing constraints imposed by the service call. We used to have a CRC field in the v0 counterpart of this service that was removed for the same reason.

The preferred alternative is to keep the hash in a separate file, which is common practice with FTP servers on the Internet:

github.com

UAVCAN/public_regulated_data_types/blob/b02e6899a319ddefbab41b820d167c95dd00174d/uavcan/file/408.Read.1.1.uavcan#L13-L28


# It is easy to see that this protocol is prone to race conditions because the remote file can be modified
# between read operations which might result in the client obtaining a damaged file. To combat this,
# application designers are recommended to adhere to the following convention. Let every file whose integrity
# is of interest have a hash or a digital signature, which is stored in an adjacent file under the same name
# suffixed with the appropriate extension according to the type of hash or digital signature used.
# For example, let there be file "image.bin", integrity of which shall be ensured by the client upon downloading.
# Suppose that the file is hashed using SHA-256, so the appropriate file extension for the hash would be
# ".sha256". Following this convention, the hash of "image.bin" would be stored in "image.bin.sha256".
# After downloading the file, the client would read the hash (being small, the hash can be read in a single
# request) and check it against a locally computed value. Some servers may opt to generate such hash files
# automatically as necessary; for example, if such file is requested but it does not exist, the server would
# compute the necessary signature or hash (the type of hash/signature can be deduced from the requested file
# extension) and return it as if the file existed. Obviously, this would be impractical for very large files;
# in that case, hash/signature should be pre-computed and stored in a real file. If this approach is followed,
# implementers are advised to use only SHA-256 for hashing, in order to reduce the number of fielded
# incompatible implementations.

Cherish-forever · September 28, 2021, 5:59am

Thank you very much, very professional