src/platform/esp32/ESP32CryptoEngine.cpp

#include "CryptoEngine.h"
#include "configuration.h"

#include "mbedtls/aes.h"


class ESP32CryptoEngine : public CryptoEngine
{

    mbedtls_aes_context aes;

  public:
    ESP32CryptoEngine() { mbedtls_aes_init(&aes); }

    ~ESP32CryptoEngine() { mbedtls_aes_free(&aes); }

    /**
     * Set the key used for encrypt, decrypt.
     *
     * As a special case: If all bytes are zero, we assume _no encryption_ and send all data in cleartext.
     *
     * @param numBytes must be 16 (AES128), 32 (AES256) or 0 (no crypt)
     * @param bytes a _static_ buffer that will remain valid for the life of this crypto instance (i.e. this class will cache the
     * provided pointer)
     */
    virtual void setKey(const CryptoKey &k) override
    {
        CryptoEngine::setKey(k);

        if (key.length != 0) {
            auto res = mbedtls_aes_setkey_enc(&aes, key.bytes, key.length * 8);
            assert(!res);
        }
    }

    /**
     * Encrypt a packet
     *
     * @param bytes is updated in place
     */
    virtual void encrypt(uint32_t fromNode, uint64_t packetId, size_t numBytes, uint8_t *bytes) override
    {
        if (key.length > 0) {
            LOG_DEBUG("ESP32 crypt fr=%x, num=%x, numBytes=%d!\n", fromNode, (uint32_t) packetId, numBytes);
            initNonce(fromNode, packetId);
            if (numBytes <= MAX_BLOCKSIZE) {
                static uint8_t scratch[MAX_BLOCKSIZE];
                uint8_t stream_block[16];
                size_t nc_off = 0;
                memcpy(scratch, bytes, numBytes);
                memset(scratch + numBytes, 0,
                   sizeof(scratch) - numBytes); // Fill rest of buffer with zero (in case cypher looks at it)

                auto res = mbedtls_aes_crypt_ctr(&aes, numBytes, &nc_off, nonce, stream_block, scratch, bytes);
                assert(!res);
            } else {
                LOG_ERROR("Packet too large for crypto engine: %d. noop encryption!\n", numBytes);
            }
        }
    }

    virtual void decrypt(uint32_t fromNode, uint64_t packetId, size_t numBytes, uint8_t *bytes) override
    {
        // For CTR, the implementation is the same
        encrypt(fromNode, packetId, numBytes, bytes);
    }

  private:
};

CryptoEngine *crypto = new ESP32CryptoEngine();
Crypto works! 2020-05-09 19:08:04 -07:00			`#include "CryptoEngine.h"`
			`#include "configuration.h"`

Modified to be compatible with the new version of sdk, compatible with esp32s3 2022-09-03 23:38:40 +08:00			`#include "mbedtls/aes.h"`
use the new ESP Framework for our older boards too 2022-09-09 22:31:30 +02:00
Make an accelerated NRF52 implementation for AEX256-CTR crypto 2020-05-24 14:15:49 -07:00
Crypto works! 2020-05-09 19:08:04 -07:00
			`class ESP32CryptoEngine : public CryptoEngine`
			`{`

			`mbedtls_aes_context aes;`

			`public:`
			`ESP32CryptoEngine() { mbedtls_aes_init(&aes); }`

			`~ESP32CryptoEngine() { mbedtls_aes_free(&aes); }`

			`/**`
			`* Set the key used for encrypt, decrypt.`
			`*`
			`* As a special case: If all bytes are zero, we assume _no encryption_ and send all data in cleartext.`
			`*`
			`* @param numBytes must be 16 (AES128), 32 (AES256) or 0 (no crypt)`
			`* @param bytes a _static_ buffer that will remain valid for the life of this crypto instance (i.e. this class will cache the`
			`* provided pointer)`
			`*/`
more cppcheck warnings fixes 2022-01-24 17:24:40 +00:00			`virtual void setKey(const CryptoKey &k) override`
Crypto works! 2020-05-09 19:08:04 -07:00			`{`
clean up the crypto api 2021-02-23 10:10:35 +08:00			`CryptoEngine::setKey(k);`

			`if (key.length != 0) {`
			`auto res = mbedtls_aes_setkey_enc(&aes, key.bytes, key.length * 8);`
Crypto works! 2020-05-09 19:08:04 -07:00			`assert(!res);`
			`}`
			`}`

			`/**`
			`* Encrypt a packet`
			`*`
			`* @param bytes is updated in place`
			`*/`
Rename packetNum to packetId 2022-03-20 11:40:13 +11:00			`virtual void encrypt(uint32_t fromNode, uint64_t packetId, size_t numBytes, uint8_t *bytes) override`
Crypto works! 2020-05-09 19:08:04 -07:00			`{`
clean up the crypto api 2021-02-23 10:10:35 +08:00			`if (key.length > 0) {`
Log levels refactoring 2022-12-29 20:41:37 -06:00			`LOG_DEBUG("ESP32 crypt fr=%x, num=%x, numBytes=%d!\n", fromNode, (uint32_t) packetId, numBytes);`
Rename packetNum to packetId 2022-03-20 11:40:13 +11:00			`initNonce(fromNode, packetId);`
fingers crossed 2023-01-07 15:24:46 +01:00			`if (numBytes <= MAX_BLOCKSIZE) {`
			`static uint8_t scratch[MAX_BLOCKSIZE];`
ah feck 2023-01-07 15:43:17 +01:00			`uint8_t stream_block[16];`
			`size_t nc_off = 0;`
fingers crossed 2023-01-07 15:24:46 +01:00			`memcpy(scratch, bytes, numBytes);`
			`memset(scratch + numBytes, 0,`
Crypto works! 2020-05-09 19:08:04 -07:00			`sizeof(scratch) - numBytes); // Fill rest of buffer with zero (in case cypher looks at it)`

fingers crossed 2023-01-07 15:24:46 +01:00			`auto res = mbedtls_aes_crypt_ctr(&aes, numBytes, &nc_off, nonce, stream_block, scratch, bytes);`
			`assert(!res);`
			`} else {`
			`LOG_ERROR("Packet too large for crypto engine: %d. noop encryption!\n", numBytes);`
			`}`
Crypto works! 2020-05-09 19:08:04 -07:00			`}`
			`}`

Rename packetNum to packetId 2022-03-20 11:40:13 +11:00			`virtual void decrypt(uint32_t fromNode, uint64_t packetId, size_t numBytes, uint8_t *bytes) override`
Crypto works! 2020-05-09 19:08:04 -07:00			`{`
			`// For CTR, the implementation is the same`
Rename packetNum to packetId 2022-03-20 11:40:13 +11:00			`encrypt(fromNode, packetId, numBytes, bytes);`
Crypto works! 2020-05-09 19:08:04 -07:00			`}`

			`private:`
			`};`

			`CryptoEngine *crypto = new ESP32CryptoEngine();`