diff --git a/.trunk/trunk.yaml b/.trunk/trunk.yaml index e31b026f4..66a16a152 100644 --- a/.trunk/trunk.yaml +++ b/.trunk/trunk.yaml @@ -1,25 +1,25 @@ version: 0.1 cli: - version: 1.17.1 + version: 1.17.2 plugins: sources: - id: trunk - ref: v1.2.6 + ref: v1.3.0 uri: https://github.com/trunk-io/plugins lint: enabled: - bandit@1.7.5 - - checkov@3.0.16 + - checkov@3.1.9 - terrascan@1.18.3 - - trivy@0.46.1 - - trufflehog@3.62.1 + - trivy@0.47.0 + - trufflehog@3.63.2-rc0 - taplo@0.8.1 - - ruff@0.1.3 - - yamllint@1.32.0 + - ruff@0.1.6 + - yamllint@1.33.0 - isort@5.12.0 - markdownlint@0.37.0 - oxipng@9.0.0 - - svgo@3.0.2 + - svgo@3.0.4 - actionlint@1.6.26 - flake8@6.1.0 - hadolint@2.12.0 @@ -27,9 +27,9 @@ lint: - shellcheck@0.9.0 - black@23.9.1 - git-diff-check - - gitleaks@8.18.0 + - gitleaks@8.18.1 - clang-format@16.0.3 - - prettier@3.0.3 + - prettier@3.1.0 runtimes: enabled: - python@3.10.8 diff --git a/arch/stm32/stm32wl5e.ini b/arch/stm32/stm32wl5e.ini index 524edd6b9..262da12a6 100644 --- a/arch/stm32/stm32wl5e.ini +++ b/arch/stm32/stm32wl5e.ini @@ -21,7 +21,7 @@ upload_protocol = stlink lib_deps = ${env.lib_deps} jgromes/RadioLib@^6.1.0 - https://github.com/kokke/tiny-AES-c.git#f06ac37fc31dfdaca2e0d9bec83f90d5663c319b + rweather/Crypto https://github.com/littlefs-project/littlefs.git#v2.5.1 https://github.com/stm32duino/STM32FreeRTOS.git#10.3.1 diff --git a/src/platform/stm32wl/STM32WLCryptoEngine.cpp b/src/platform/stm32wl/STM32WLCryptoEngine.cpp index 7367a2bc0..6187cf302 100644 --- a/src/platform/stm32wl/STM32WLCryptoEngine.cpp +++ b/src/platform/stm32wl/STM32WLCryptoEngine.cpp @@ -1,33 +1,63 @@ +#include "AES.h" +#include "CTR.h" #include "CryptoEngine.h" -#include "aes.hpp" #include "configuration.h" class STM32WLCryptoEngine : public CryptoEngine { + + CTRCommon *ctr = NULL; + public: STM32WLCryptoEngine() {} ~STM32WLCryptoEngine() {} + virtual void setKey(const CryptoKey &k) override + { + CryptoEngine::setKey(k); + LOG_DEBUG("Installing AES%d key!\n", key.length * 8); + if (ctr) { + delete ctr; + ctr = NULL; + } + if (key.length != 0) { + if (key.length == 16) + ctr = new CTR(); + else + ctr = new CTR(); + + ctr->setKey(key.bytes, key.length); + } + } /** * Encrypt a packet * * @param bytes is updated in place */ - virtual void encrypt(uint32_t fromNode, uint64_t packetNum, size_t numBytes, uint8_t *bytes) override + virtual void encrypt(uint32_t fromNode, uint64_t packetId, size_t numBytes, uint8_t *bytes) override { if (key.length > 0) { - AES_ctx ctx; - initNonce(fromNode, packetNum); - AES_init_ctx_iv(&ctx, key.bytes, nonce); - AES_CTR_xcrypt_buffer(&ctx, bytes, numBytes); + initNonce(fromNode, packetId); + if (numBytes <= MAX_BLOCKSIZE) { + static uint8_t scratch[MAX_BLOCKSIZE]; + memcpy(scratch, bytes, numBytes); + memset(scratch + numBytes, 0, + sizeof(scratch) - numBytes); // Fill rest of buffer with zero (in case cypher looks at it) + + ctr->setIV(nonce, sizeof(nonce)); + ctr->setCounterSize(4); + ctr->encrypt(bytes, scratch, numBytes); + } else { + LOG_ERROR("Packet too large for crypto engine: %d. noop encryption!\n", numBytes); + } } } - virtual void decrypt(uint32_t fromNode, uint64_t packetNum, size_t numBytes, uint8_t *bytes) override + virtual void decrypt(uint32_t fromNode, uint64_t packetId, size_t numBytes, uint8_t *bytes) override { // For CTR, the implementation is the same - encrypt(fromNode, packetNum, numBytes, bytes); + encrypt(fromNode, packetId, numBytes, bytes); } private: