From 770f17f3824a98c4867bc3afe788063786ee3517 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thomas=20G=C3=B6ttgens?= <tgoettgens@gmail.com>
Date: Mon, 25 Apr 2022 11:01:54 +0200
Subject: [PATCH] use nRF Hardware Cryptography. Removes the need for the
 sdk-nrfxlib submodule

---
 .gitmodules                     |  3 --
 platformio.ini                  |  4 +-
 sdk-nrfxlib                     |  1 -
 src/nrf52/NRF52CryptoEngine.cpp | 75 +++++++++------------------------
 4 files changed, 20 insertions(+), 63 deletions(-)
 delete mode 160000 sdk-nrfxlib

diff --git a/.gitmodules b/.gitmodules
index 4f9bb6b77..59efcedd3 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,9 +1,6 @@
 [submodule "proto"]
 	path = proto
 	url = https://github.com/meshtastic/Meshtastic-protobufs.git
-[submodule "sdk-nrfxlib"]
-	path = sdk-nrfxlib
-	url = https://github.com/nrfconnect/sdk-nrfxlib.git
 [submodule "design"]
 	path = design
 	url = https://github.com/meshtastic/meshtastic-design.git
diff --git a/platformio.ini b/platformio.ini
index 1036362b3..bb051e5e2 100644
--- a/platformio.ini
+++ b/platformio.ini
@@ -130,7 +130,6 @@ build_type = debug ; I'm debugging with ICE a lot now
 build_flags = 
   ${arduino_base.build_flags} -Wno-unused-variable 
   -Isrc/nrf52
-  -Isdk-nrfxlib/crypto/nrf_oberon/include -Lsdk-nrfxlib/crypto/nrf_oberon/lib/cortex-m4/hard-float/ -lliboberon_3.0.7 
 src_filter = 
   ${arduino_base.src_filter} -<esp32/> -<nimble/> -<mesh/wifi/> -<mesh/http/> -<modules/esp32> -<mqtt/>
 lib_ignore =
@@ -142,8 +141,7 @@ build_flags = ${nrf52_base.build_flags}
 lib_deps =
   ${arduino_base.lib_deps}
   ${environmental.lib_deps}
-  Adafruit nRFCrypto
-; https://github.com/Kongduino/Adafruit_nRFCrypto.git
+  https://github.com/Kongduino/Adafruit_nRFCrypto.git
 
 ; Note: By default no lora device is created for this build - it uses a simulated interface
 [env:nrf52840dk]
diff --git a/sdk-nrfxlib b/sdk-nrfxlib
deleted file mode 160000
index e6e02cb83..000000000
--- a/sdk-nrfxlib
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit e6e02cb83d238fae2f54f084858bd5e49a31afa1
diff --git a/src/nrf52/NRF52CryptoEngine.cpp b/src/nrf52/NRF52CryptoEngine.cpp
index d34a44b84..49f85a857 100644
--- a/src/nrf52/NRF52CryptoEngine.cpp
+++ b/src/nrf52/NRF52CryptoEngine.cpp
@@ -1,7 +1,6 @@
 #include "configuration.h"
 #include "CryptoEngine.h"
-#include "ocrypto_aes_ctr.h"
-// #include <Adafruit_nRFCrypto.h>
+#include <Adafruit_nRFCrypto.h>
 
 class NRF52CryptoEngine : public CryptoEngine
 {
@@ -20,12 +19,16 @@ class NRF52CryptoEngine : public CryptoEngine
 //        DEBUG_MSG("NRF52 encrypt!\n");
 
         if (key.length > 0) {
-            ocrypto_aes_ctr_ctx ctx;
-
+            nRFCrypto.begin();
+            nRFCrypto_AES ctx;
+            uint8_t myLen = ctx.blockLen(numBytes);
+            char encBuf[myLen] = {0};
+            memcpy(encBuf, bytes, numBytes);
             initNonce(fromNode, packetId);
-            ocrypto_aes_ctr_init(&ctx, key.bytes, key.length, nonce);
-
-            ocrypto_aes_ctr_encrypt(&ctx, bytes, bytes, numBytes);
+            ctx.begin();
+            ctx.Process(encBuf, numBytes, nonce, key.bytes, key.length, (char*)bytes, ctx.encryptFlag, ctx.ctrMode);
+            ctx.end();
+            nRFCrypto.end();
         }
     }
 
@@ -34,60 +37,20 @@ class NRF52CryptoEngine : public CryptoEngine
 //        DEBUG_MSG("NRF52 decrypt!\n");
 
         if (key.length > 0) {
-            ocrypto_aes_ctr_ctx ctx;
-
+            nRFCrypto.begin();
+            nRFCrypto_AES ctx;
+            uint8_t myLen = ctx.blockLen(numBytes);
+            char decBuf[myLen] = {0};
+            memcpy(decBuf, bytes, numBytes);
             initNonce(fromNode, packetId);
-            ocrypto_aes_ctr_init(&ctx, key.bytes, key.length, nonce);
-
-            ocrypto_aes_ctr_decrypt(&ctx, bytes, bytes, numBytes);
+            ctx.begin();
+            ctx.Process(decBuf, numBytes, nonce, key.bytes, key.length, (char*)bytes, ctx.decryptFlag, ctx.ctrMode);
+            ctx.end();
+            nRFCrypto.end();
         }
     }
 
   private:
 };
 
-    // /**
-    //  * Encrypt a packet
-    //  *
-    //  * @param bytes is updated in place
-    //  */
-    // virtual void encrypt(uint32_t fromNode, uint64_t packetId, size_t numBytes, uint8_t *bytes) override
-    // {
-    //     DEBUG_MSG("NRF52 encrypt!\n");
-
-    //     if (key.length > 0) {
-    //         nRFCrypto_AES ctx;
-    //         uint8_t myLen = ctx.blockLen(numBytes);
-    //         char encBuf[myLen] = {0};
-    //         memcpy(encBuf, bytes, numBytes);
-    //         initNonce(fromNode, packetId);
-    //         nRFCrypto.begin();
-    //         ctx.begin();
-    //         ctx.Process(encBuf, numBytes, nonce, key.bytes, key.length, (char*)bytes, ctx.encryptFlag, ctx.ctrMode);
-    //         ctx.end();
-    //         nRFCrypto.end();
-    //     }
-    // }
-
-    // virtual void decrypt(uint32_t fromNode, uint64_t packetId, size_t numBytes, uint8_t *bytes) override
-    // {
-    //     DEBUG_MSG("NRF52 decrypt!\n");
-
-    //     if (key.length > 0) {
-    //         nRFCrypto_AES ctx;
-    //         uint8_t myLen = ctx.blockLen(numBytes);
-    //         char decBuf[myLen] = {0};
-    //         memcpy(decBuf, bytes, numBytes);
-    //         initNonce(fromNode, packetId);
-    //         nRFCrypto.begin();
-    //         ctx.begin();
-    //         ctx.Process(decBuf, numBytes, nonce, key.bytes, key.length, (char*)bytes, ctx.decryptFlag, ctx.ctrMode);
-    //         ctx.end();
-    //         nRFCrypto.end();
-    //     }
-    // }
-
-//   private:
-// };
-
 CryptoEngine *crypto = new NRF52CryptoEngine();