Make an accelerated NRF52 implementation for AEX256-CTR crypto

2020-05-24 14:15:49 -07:00 · 2020-05-24 14:15:49 -07:00 · e8f6504ec4
commit e8f6504ec4
--- a/.gitmodules
+++ b/.gitmodules
@ -1,3 +1,6 @@
 [submodule "proto"]
 	path = proto
 	url = https://github.com/meshtastic/Meshtastic-protobufs.git
+[submodule "sdk-nrfxlib"]
+	path = sdk-nrfxlib
+	url = https://github.com/nrfconnect/sdk-nrfxlib.git
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@ -55,6 +55,7 @@
        "NEMAGPS",
        "Ublox",
        "descs",
+        "ocrypto",
        "protobufs"
    ]
 }
--- a/docs/software/nrf52-TODO.md
+++ b/docs/software/nrf52-TODO.md
@ -6,6 +6,7 @@

 Minimum items needed to make sure hardware is good.

+- find out why we reboot while  debugging
 - install a hardfault handler for null ptrs (if one isn't already installed)
 - test my hackedup bootloader on the real hardware
 - Use the PMU driver on real hardware
@ -20,7 +21,7 @@ Needed to be fully functional at least at the same level of the ESP32 boards. At

 - DONE get serial API working
 - get full BLE api working
- make a file system implementation (preferably one that can see the files the bootloader also sees) - use https://infocenter.nordicsemi.com/topic/com.nordic.infocenter.sdk5.v15.3.0/lib_fds_usage.html?cp=7_5_0_3_55_3
+- make a file system implementation (preferably one that can see the files the bootloader also sees) - preferably https://github.com/adafruit/Adafruit_nRF52_Arduino/blob/master/libraries/InternalFileSytem/examples/Internal_ReadWrite/Internal_ReadWrite.ino else use https://infocenter.nordicsemi.com/topic/com.nordic.infocenter.sdk5.v15.3.0/lib_fds_usage.html?cp=7_5_0_3_55_3
 - make power management/sleep work properly
 - make a settimeofday implementation
 - DONE increase preamble length? - will break other clients? so all devices must update
--- a/platformio.ini
+++ b/platformio.ini
@ -9,7 +9,7 @@
 ; https://docs.platformio.org/page/projectconf.html

 [platformio]
-default_envs = tbeam ; Note: the github actions CI test build can't yet build NRF52 targets
+default_envs = nrf52dk ; Note: the github actions CI test build can't yet build NRF52 targets

 [common]
 ; common is not currently used
@ -84,7 +84,7 @@ src_filter =
 upload_speed = 921600
 debug_init_break = tbreak setup
 build_flags =
-  ${env.build_flags} -Wall -Wextra -Isrc/esp32
+  ${env.build_flags} -Wall -Wextra -Isrc/esp32 
 lib_ignore = segger_rtt

 ; The 1.0 release of the TBEAM board
@ -129,8 +129,9 @@ platform = nordicnrf52
 framework = arduino
 debug_tool = jlink
 build_type = debug ; I'm debugging with ICE a lot now
+; note: liboberon provides the AES256 implementation for NRF52 (though not using the hardware acceleration of the NRF52840 - FIXME)
 build_flags = 
-  ${env.build_flags} -Wno-unused-variable -Isrc/nrf52 
+  ${env.build_flags} -Wno-unused-variable -Isrc/nrf52 -Isdk-nrfxlib/crypto/nrf_oberon/include -Lsdk-nrfxlib/crypto/nrf_oberon/lib/cortex-m4/hard-float/ -lliboberon_3.0.3
 ;-DCFG_DEBUG=3
 src_filter = 
  ${env.src_filter} -<esp32/>
--- a/1
+++ b/1
@ -0,0 +1 @@
+Subproject commit 17e8453553d4cfc21ab87c53c9627f0cf1216429
--- a/src/esp32/ESP32CryptoEngine.cpp
+++ b/src/esp32/ESP32CryptoEngine.cpp
@ -11,7 +11,7 @@
 #include "crypto/aes_wrap.h"
 #include "mbedtls/aes.h"

-#define MAX_BLOCKSIZE 256
+

 class ESP32CryptoEngine : public CryptoEngine
 {
--- a/src/mesh/CryptoEngine.h
+++ b/src/mesh/CryptoEngine.h
@ -7,6 +7,8 @@
 *
 */

+#define MAX_BLOCKSIZE 256
+
 class CryptoEngine
 {
  protected:
--- a/src/nrf52/NRF52CryptoEngine.cpp
+++ b/src/nrf52/NRF52CryptoEngine.cpp
@ -1,5 +1,69 @@

 #include "CryptoEngine.h"
+#include "configuration.h"
+#include "ocrypto_aes_ctr.h"

-// FIXME, do a NRF52 version
-CryptoEngine *crypto = new CryptoEngine();
+class NRF52CryptoEngine : public CryptoEngine
+{
+
+    /// How many bytes in our key
+    uint8_t keySize = 0;
+    const uint8_t *keyBytes;
+
+  public:
+    NRF52CryptoEngine() {}
+
+    ~NRF52CryptoEngine() {}
+
+    /**
+     * Set the key used for encrypt, decrypt.
+     *
+     * As a special case: If all bytes are zero, we assume _no encryption_ and send all data in cleartext.
+     *
+     * @param numBytes must be 16 (AES128), 32 (AES256) or 0 (no crypt)
+     * @param bytes a _static_ buffer that will remain valid for the life of this crypto instance (i.e. this class will cache the
+     * provided pointer)
+     */
+    virtual void setKey(size_t numBytes, uint8_t *bytes)
+    {
+        keySize = numBytes;
+        keyBytes = bytes;
+    }
+
+    /**
+     * Encrypt a packet
+     *
+     * @param bytes is updated in place
+     */
+    virtual void encrypt(uint32_t fromNode, uint64_t packetNum, size_t numBytes, uint8_t *bytes)
+    {
+        // DEBUG_MSG("NRF52 encrypt!\n");
+
+        if (keySize != 0) {
+            ocrypto_aes_ctr_ctx ctx;
+
+            initNonce(fromNode, packetNum);
+            ocrypto_aes_ctr_init(&ctx, keyBytes, keySize, nonce);
+
+            ocrypto_aes_ctr_encrypt(&ctx, bytes, bytes, numBytes);
+        }
+    }
+
+    virtual void decrypt(uint32_t fromNode, uint64_t packetNum, size_t numBytes, uint8_t *bytes)
+    {
+        // DEBUG_MSG("NRF52 decrypt!\n");
+
+        if (keySize != 0) {
+            ocrypto_aes_ctr_ctx ctx;
+
+            initNonce(fromNode, packetNum);
+            ocrypto_aes_ctr_init(&ctx, keyBytes, keySize, nonce);
+
+            ocrypto_aes_ctr_decrypt(&ctx, bytes, bytes, numBytes);
+        }
+    }
+
+  private:
+};
+
+CryptoEngine *crypto = new NRF52CryptoEngine();
				`@ -0,0 +1 @@`
				`Subproject commit 17e8453553d4cfc21ab87c53c9627f0cf1216429`