From 36f24776b1cfa717fdf8b98b3f5bca6d8b7632d5 Mon Sep 17 00:00:00 2001 From: Ken Van Hoeylandt Date: Wed, 17 Jan 2024 23:21:45 +0100 Subject: [PATCH] Prepare code for non-ESP usage --- components/tactility-core/src/secure.c | 61 ++++++++++++++++++-------- 1 file changed, 43 insertions(+), 18 deletions(-) diff --git a/components/tactility-core/src/secure.c b/components/tactility-core/src/secure.c index 6b13f8c3..6db5c43f 100644 --- a/components/tactility-core/src/secure.c +++ b/components/tactility-core/src/secure.c @@ -1,16 +1,20 @@ #include "secure.h" -#include "aes/esp_aes.h" #include "check.h" -#include "esp_mac.h" -#include "esp_cpu.h" #include "log.h" +#include "mbedtls/aes.h" #include "nvs_flash.h" #include +#ifdef ESP_PLATFORM +#include "esp_cpu.h" +#include "esp_mac.h" +#endif + #define TAG "secure" #define TT_NVS_NAMESPACE "tt_secure" +#ifdef ESP_PLATFORM /** * Get a key based on hardware parameters. * @param[out] key the output key @@ -28,7 +32,9 @@ static void get_hardware_key(uint8_t key[32]) { key[i] = mac[i % mac_length]; } } +#endif +#ifdef ESP_PLATFORM /** * The key is built up as follows: * - Fetch 32 bytes from NVS storage and store as key data @@ -76,6 +82,7 @@ static void get_nvs_key(uint8_t key[32]) { nvs_close(handle); } +#endif /** * Performs XOR on 2 memory regions and stores it in a third @@ -103,23 +110,51 @@ static void get_key(uint8_t key[32]) { uint8_t hardware_key[32]; uint8_t nvs_key[32]; +#ifdef ESP_PLATFORM get_hardware_key(hardware_key); get_nvs_key(nvs_key); xor_key(hardware_key, nvs_key, key, 32); +#else + TT_LOG_W(TAG, "Using unsafe key for debugging purposes."); + memset(key, 0, 32); +#endif } void tt_secure_get_iv_from_string(const char* input, uint8_t iv[16]) { memset((void*)iv, 0, 16); char c = *input++; int index = 0; - printf("IV: "); while (c) { - printf(" %0X:%02d", c, index); iv[index] = c; index++; c = *input++; } - printf("\n"); +} + +static int tt_aes256_crypt_cbc( + const uint8_t key[32], + int mode, + size_t length, + const unsigned char iv[16], + const unsigned char* input, + unsigned char* output +) { + tt_check(key && iv && input && output); + + if ((length % AES_BLOCK_BYTES) || (length == 0)) { + return ERR_ESP_AES_INVALID_INPUT_LENGTH; + } + + mbedtls_aes_context master; + mbedtls_aes_init(&master); + if (mode == MBEDTLS_AES_ENCRYPT) { + mbedtls_aes_setkey_enc(&master, key, 256); + } else { + mbedtls_aes_setkey_dec(&master, key, 256); + } + int result = mbedtls_aes_crypt_ecb(&master, mode, input, output); + mbedtls_aes_free(&master); + return result; } int tt_secure_encrypt(const uint8_t iv[16], uint8_t* in_data, uint8_t* out_data, size_t length) { @@ -130,12 +165,7 @@ int tt_secure_encrypt(const uint8_t iv[16], uint8_t* in_data, uint8_t* out_data, uint8_t iv_copy[16]; memcpy(iv_copy, iv, sizeof(iv_copy)); - esp_aes_context ctx; - esp_aes_init(&ctx); - esp_aes_setkey(&ctx, key, 256); - int result = esp_aes_crypt_cbc(&ctx, ESP_AES_ENCRYPT, length, iv_copy, in_data, out_data); - esp_aes_free(&ctx); - return result; + return tt_aes256_crypt_cbc(key, MBEDTLS_AES_ENCRYPT, length, iv_copy, in_data, out_data); } int tt_secure_decrypt(const uint8_t iv[16], uint8_t* in_data, uint8_t* out_data, size_t length) { @@ -146,10 +176,5 @@ int tt_secure_decrypt(const uint8_t iv[16], uint8_t* in_data, uint8_t* out_data, uint8_t iv_copy[16]; memcpy(iv_copy, iv, sizeof(iv_copy)); - esp_aes_context ctx; - esp_aes_init(&ctx); - esp_aes_setkey(&ctx, key, 256); - int result = esp_aes_crypt_cbc(&ctx, ESP_AES_DECRYPT, length, iv_copy, in_data, out_data); - esp_aes_free(&ctx); - return result; + return tt_aes256_crypt_cbc(key, MBEDTLS_AES_DECRYPT, length, iv_copy, in_data, out_data); }