Make an accelerated NRF52 implementation for AEX256-CTR crypto

This commit is contained in:
geeksville 2020-05-24 14:15:49 -07:00
parent 8f1b26bdda
commit e8f6504ec4
8 changed files with 80 additions and 7 deletions

3
.gitmodules vendored
View File

@ -1,3 +1,6 @@
[submodule "proto"] [submodule "proto"]
path = proto path = proto
url = https://github.com/meshtastic/Meshtastic-protobufs.git url = https://github.com/meshtastic/Meshtastic-protobufs.git
[submodule "sdk-nrfxlib"]
path = sdk-nrfxlib
url = https://github.com/nrfconnect/sdk-nrfxlib.git

View File

@ -55,6 +55,7 @@
"NEMAGPS", "NEMAGPS",
"Ublox", "Ublox",
"descs", "descs",
"ocrypto",
"protobufs" "protobufs"
] ]
} }

View File

@ -6,6 +6,7 @@
Minimum items needed to make sure hardware is good. Minimum items needed to make sure hardware is good.
- find out why we reboot while debugging
- install a hardfault handler for null ptrs (if one isn't already installed) - install a hardfault handler for null ptrs (if one isn't already installed)
- test my hackedup bootloader on the real hardware - test my hackedup bootloader on the real hardware
- Use the PMU driver on real hardware - Use the PMU driver on real hardware
@ -20,7 +21,7 @@ Needed to be fully functional at least at the same level of the ESP32 boards. At
- DONE get serial API working - DONE get serial API working
- get full BLE api working - get full BLE api working
- make a file system implementation (preferably one that can see the files the bootloader also sees) - use https://infocenter.nordicsemi.com/topic/com.nordic.infocenter.sdk5.v15.3.0/lib_fds_usage.html?cp=7_5_0_3_55_3 - make a file system implementation (preferably one that can see the files the bootloader also sees) - preferably https://github.com/adafruit/Adafruit_nRF52_Arduino/blob/master/libraries/InternalFileSytem/examples/Internal_ReadWrite/Internal_ReadWrite.ino else use https://infocenter.nordicsemi.com/topic/com.nordic.infocenter.sdk5.v15.3.0/lib_fds_usage.html?cp=7_5_0_3_55_3
- make power management/sleep work properly - make power management/sleep work properly
- make a settimeofday implementation - make a settimeofday implementation
- DONE increase preamble length? - will break other clients? so all devices must update - DONE increase preamble length? - will break other clients? so all devices must update

View File

@ -9,7 +9,7 @@
; https://docs.platformio.org/page/projectconf.html ; https://docs.platformio.org/page/projectconf.html
[platformio] [platformio]
default_envs = tbeam ; Note: the github actions CI test build can't yet build NRF52 targets default_envs = nrf52dk ; Note: the github actions CI test build can't yet build NRF52 targets
[common] [common]
; common is not currently used ; common is not currently used
@ -129,8 +129,9 @@ platform = nordicnrf52
framework = arduino framework = arduino
debug_tool = jlink debug_tool = jlink
build_type = debug ; I'm debugging with ICE a lot now build_type = debug ; I'm debugging with ICE a lot now
; note: liboberon provides the AES256 implementation for NRF52 (though not using the hardware acceleration of the NRF52840 - FIXME)
build_flags = build_flags =
${env.build_flags} -Wno-unused-variable -Isrc/nrf52 ${env.build_flags} -Wno-unused-variable -Isrc/nrf52 -Isdk-nrfxlib/crypto/nrf_oberon/include -Lsdk-nrfxlib/crypto/nrf_oberon/lib/cortex-m4/hard-float/ -lliboberon_3.0.3
;-DCFG_DEBUG=3 ;-DCFG_DEBUG=3
src_filter = src_filter =
${env.src_filter} -<esp32/> ${env.src_filter} -<esp32/>

1
sdk-nrfxlib Submodule

@ -0,0 +1 @@
Subproject commit 17e8453553d4cfc21ab87c53c9627f0cf1216429

View File

@ -11,7 +11,7 @@
#include "crypto/aes_wrap.h" #include "crypto/aes_wrap.h"
#include "mbedtls/aes.h" #include "mbedtls/aes.h"
#define MAX_BLOCKSIZE 256
class ESP32CryptoEngine : public CryptoEngine class ESP32CryptoEngine : public CryptoEngine
{ {

View File

@ -7,6 +7,8 @@
* *
*/ */
#define MAX_BLOCKSIZE 256
class CryptoEngine class CryptoEngine
{ {
protected: protected:

View File

@ -1,5 +1,69 @@
#include "CryptoEngine.h" #include "CryptoEngine.h"
#include "configuration.h"
#include "ocrypto_aes_ctr.h"
// FIXME, do a NRF52 version class NRF52CryptoEngine : public CryptoEngine
CryptoEngine *crypto = new CryptoEngine(); {
/// How many bytes in our key
uint8_t keySize = 0;
const uint8_t *keyBytes;
public:
NRF52CryptoEngine() {}
~NRF52CryptoEngine() {}
/**
* Set the key used for encrypt, decrypt.
*
* As a special case: If all bytes are zero, we assume _no encryption_ and send all data in cleartext.
*
* @param numBytes must be 16 (AES128), 32 (AES256) or 0 (no crypt)
* @param bytes a _static_ buffer that will remain valid for the life of this crypto instance (i.e. this class will cache the
* provided pointer)
*/
virtual void setKey(size_t numBytes, uint8_t *bytes)
{
keySize = numBytes;
keyBytes = bytes;
}
/**
* Encrypt a packet
*
* @param bytes is updated in place
*/
virtual void encrypt(uint32_t fromNode, uint64_t packetNum, size_t numBytes, uint8_t *bytes)
{
// DEBUG_MSG("NRF52 encrypt!\n");
if (keySize != 0) {
ocrypto_aes_ctr_ctx ctx;
initNonce(fromNode, packetNum);
ocrypto_aes_ctr_init(&ctx, keyBytes, keySize, nonce);
ocrypto_aes_ctr_encrypt(&ctx, bytes, bytes, numBytes);
}
}
virtual void decrypt(uint32_t fromNode, uint64_t packetNum, size_t numBytes, uint8_t *bytes)
{
// DEBUG_MSG("NRF52 decrypt!\n");
if (keySize != 0) {
ocrypto_aes_ctr_ctx ctx;
initNonce(fromNode, packetNum);
ocrypto_aes_ctr_init(&ctx, keyBytes, keySize, nonce);
ocrypto_aes_ctr_decrypt(&ctx, bytes, bytes, numBytes);
}
}
private:
};
CryptoEngine *crypto = new NRF52CryptoEngine();