diff --git a/.gitmodules b/.gitmodules index ddc929e1..785c573a 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,3 +1,6 @@ [submodule "proto"] path = proto url = https://github.com/meshtastic/Meshtastic-protobufs.git +[submodule "sdk-nrfxlib"] + path = sdk-nrfxlib + url = https://github.com/nrfconnect/sdk-nrfxlib.git diff --git a/.vscode/settings.json b/.vscode/settings.json index ebed6434..62c6cdf0 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -55,6 +55,7 @@ "NEMAGPS", "Ublox", "descs", + "ocrypto", "protobufs" ] } \ No newline at end of file diff --git a/docs/software/nrf52-TODO.md b/docs/software/nrf52-TODO.md index 048c9903..47df1ef5 100644 --- a/docs/software/nrf52-TODO.md +++ b/docs/software/nrf52-TODO.md @@ -6,6 +6,7 @@ Minimum items needed to make sure hardware is good. +- find out why we reboot while debugging - install a hardfault handler for null ptrs (if one isn't already installed) - test my hackedup bootloader on the real hardware - Use the PMU driver on real hardware @@ -20,7 +21,7 @@ Needed to be fully functional at least at the same level of the ESP32 boards. At - DONE get serial API working - get full BLE api working -- make a file system implementation (preferably one that can see the files the bootloader also sees) - use https://infocenter.nordicsemi.com/topic/com.nordic.infocenter.sdk5.v15.3.0/lib_fds_usage.html?cp=7_5_0_3_55_3 +- make a file system implementation (preferably one that can see the files the bootloader also sees) - preferably https://github.com/adafruit/Adafruit_nRF52_Arduino/blob/master/libraries/InternalFileSytem/examples/Internal_ReadWrite/Internal_ReadWrite.ino else use https://infocenter.nordicsemi.com/topic/com.nordic.infocenter.sdk5.v15.3.0/lib_fds_usage.html?cp=7_5_0_3_55_3 - make power management/sleep work properly - make a settimeofday implementation - DONE increase preamble length? - will break other clients? so all devices must update diff --git a/platformio.ini b/platformio.ini index 761bf298..cff9006d 100644 --- a/platformio.ini +++ b/platformio.ini @@ -9,7 +9,7 @@ ; https://docs.platformio.org/page/projectconf.html [platformio] -default_envs = tbeam ; Note: the github actions CI test build can't yet build NRF52 targets +default_envs = nrf52dk ; Note: the github actions CI test build can't yet build NRF52 targets [common] ; common is not currently used @@ -84,7 +84,7 @@ src_filter = upload_speed = 921600 debug_init_break = tbreak setup build_flags = - ${env.build_flags} -Wall -Wextra -Isrc/esp32 + ${env.build_flags} -Wall -Wextra -Isrc/esp32 lib_ignore = segger_rtt ; The 1.0 release of the TBEAM board @@ -129,8 +129,9 @@ platform = nordicnrf52 framework = arduino debug_tool = jlink build_type = debug ; I'm debugging with ICE a lot now +; note: liboberon provides the AES256 implementation for NRF52 (though not using the hardware acceleration of the NRF52840 - FIXME) build_flags = - ${env.build_flags} -Wno-unused-variable -Isrc/nrf52 + ${env.build_flags} -Wno-unused-variable -Isrc/nrf52 -Isdk-nrfxlib/crypto/nrf_oberon/include -Lsdk-nrfxlib/crypto/nrf_oberon/lib/cortex-m4/hard-float/ -lliboberon_3.0.3 ;-DCFG_DEBUG=3 src_filter = ${env.src_filter} - diff --git a/sdk-nrfxlib b/sdk-nrfxlib new file mode 160000 index 00000000..17e84535 --- /dev/null +++ b/sdk-nrfxlib @@ -0,0 +1 @@ +Subproject commit 17e8453553d4cfc21ab87c53c9627f0cf1216429 diff --git a/src/esp32/ESP32CryptoEngine.cpp b/src/esp32/ESP32CryptoEngine.cpp index bccfae55..613d5cc1 100644 --- a/src/esp32/ESP32CryptoEngine.cpp +++ b/src/esp32/ESP32CryptoEngine.cpp @@ -11,7 +11,7 @@ #include "crypto/aes_wrap.h" #include "mbedtls/aes.h" -#define MAX_BLOCKSIZE 256 + class ESP32CryptoEngine : public CryptoEngine { diff --git a/src/mesh/CryptoEngine.h b/src/mesh/CryptoEngine.h index 04e592e2..b97abed5 100644 --- a/src/mesh/CryptoEngine.h +++ b/src/mesh/CryptoEngine.h @@ -7,6 +7,8 @@ * */ +#define MAX_BLOCKSIZE 256 + class CryptoEngine { protected: diff --git a/src/nrf52/NRF52CryptoEngine.cpp b/src/nrf52/NRF52CryptoEngine.cpp index ee1650ea..2bf16f23 100644 --- a/src/nrf52/NRF52CryptoEngine.cpp +++ b/src/nrf52/NRF52CryptoEngine.cpp @@ -1,5 +1,69 @@ #include "CryptoEngine.h" +#include "configuration.h" +#include "ocrypto_aes_ctr.h" -// FIXME, do a NRF52 version -CryptoEngine *crypto = new CryptoEngine(); \ No newline at end of file +class NRF52CryptoEngine : public CryptoEngine +{ + + /// How many bytes in our key + uint8_t keySize = 0; + const uint8_t *keyBytes; + + public: + NRF52CryptoEngine() {} + + ~NRF52CryptoEngine() {} + + /** + * Set the key used for encrypt, decrypt. + * + * As a special case: If all bytes are zero, we assume _no encryption_ and send all data in cleartext. + * + * @param numBytes must be 16 (AES128), 32 (AES256) or 0 (no crypt) + * @param bytes a _static_ buffer that will remain valid for the life of this crypto instance (i.e. this class will cache the + * provided pointer) + */ + virtual void setKey(size_t numBytes, uint8_t *bytes) + { + keySize = numBytes; + keyBytes = bytes; + } + + /** + * Encrypt a packet + * + * @param bytes is updated in place + */ + virtual void encrypt(uint32_t fromNode, uint64_t packetNum, size_t numBytes, uint8_t *bytes) + { + // DEBUG_MSG("NRF52 encrypt!\n"); + + if (keySize != 0) { + ocrypto_aes_ctr_ctx ctx; + + initNonce(fromNode, packetNum); + ocrypto_aes_ctr_init(&ctx, keyBytes, keySize, nonce); + + ocrypto_aes_ctr_encrypt(&ctx, bytes, bytes, numBytes); + } + } + + virtual void decrypt(uint32_t fromNode, uint64_t packetNum, size_t numBytes, uint8_t *bytes) + { + // DEBUG_MSG("NRF52 decrypt!\n"); + + if (keySize != 0) { + ocrypto_aes_ctr_ctx ctx; + + initNonce(fromNode, packetNum); + ocrypto_aes_ctr_init(&ctx, keyBytes, keySize, nonce); + + ocrypto_aes_ctr_decrypt(&ctx, bytes, bytes, numBytes); + } + } + + private: +}; + +CryptoEngine *crypto = new NRF52CryptoEngine();