Authentication

[felixdoerre]

Hi there,

This is another issue where I already have a hacky solution and I wanted to get feedback if it is worth cleaning up and creating a pull request:

Right now, anyone in the local net who knows the target ip can down- and upload arbitrary firmware if the pico is in the bootloader.

I locally implemented authentication for both the connection as such, and in particular the firmware. Right now these changes are incompatible with the current serial-flasher protocol, and we could think about how to make them compatible, even if only compatible between a version of picowota where authentication is enabled at compile time and one where it isn't.

In terms of size, the authentication seems to add 3k from the cryptography and a small bit for changes to the logic. This results in a total bootloader size of 300k (station mode, 227k wlan firmware incl. bluetooth for sharing with micropython).

Regarding the security guarantees:

• The connection authentication is safe against eavesdroppers (i.e. someone listening to the connection will not learn the password)
• The booted image is separately authenticated. So any attacker will not be able to upload and run an image that has not been uploaded before. I currently don't have protection against replay implemented
• I also don't protect the booted image from being eavesdropped in transit.

Is this something you would want to merge?