Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Crypto polish #7252

Merged
merged 1 commit into from
Apr 29, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion cores/esp8266/Crypto.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@

#include <assert.h>

namespace TypeCast = esp8266::TypeConversion;
namespace TypeCast = experimental::TypeConversion;

namespace
{
Expand Down
2 changes: 1 addition & 1 deletion cores/esp8266/Esp.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -542,7 +542,7 @@ uint8_t *EspClass::random(uint8_t *resultArray, const size_t outputSizeBytes) co
* It should be noted that the ESP8266 has no Bluetooth functionality, so turning the WiFi off is likely to cause RANDOM_REG32 to use pseudo-random numbers.
*
* It is possible that yield() must be called on the ESP8266 to properly feed the hardware random number generator new bits, since there is only one processor core available.
* However, no feeding requirements are mentioned in the ESP32 documentation, and using yield() could possibly cause extended delays during nonce generation.
* However, no feeding requirements are mentioned in the ESP32 documentation, and using yield() could possibly cause extended delays during number generation.
* Thus only delayMicroseconds() is used below.
*/

Expand Down
2 changes: 1 addition & 1 deletion cores/esp8266/TypeConversion.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
#include <assert.h>
#include "TypeConversion.h"

namespace esp8266
namespace experimental
{
namespace TypeConversion
{
Expand Down
2 changes: 1 addition & 1 deletion cores/esp8266/TypeConversion.h
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@

#include <Arduino.h>

namespace esp8266
namespace experimental
{
namespace TypeConversion
{
Expand Down
2 changes: 2 additions & 0 deletions doc/libraries.rst
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,8 @@ Some ESP-specific APIs related to deep sleep, RTC and flash memories are availab

``ESP.getCycleCount()`` returns the cpu instruction cycle count since start as an unsigned 32-bit. This is useful for accurate timing of very short actions like bit banging.

``ESP.random()`` should be used to generate true random numbers on the ESP. Returns an unsigned 32-bit integer with the random number. An alternate version is also available that fills an array of arbitrary length. Note that it seems as though the WiFi needs to be enabled to generate entropy for the random numbers, otherwise pseudo-random numbers are used.

``ESP.checkFlashCRC()`` calculates the CRC of the program memory (not including any filesystems) and compares it to the one embedded in the image. If this call returns ``false`` then the flash has been corrupted. At that point, you may want to consider trying to send a MQTT message, to start a re-download of the application, blink a LED in an `SOS` pattern, etc. However, since the flash is known corrupted at this point there is no guarantee the app will be able to perform any of these operations, so in safety critical deployments an immediate shutdown to a fail-safe mode may be indicated.

``ESP.getVcc()`` may be used to measure supply voltage. ESP needs to reconfigure the ADC at startup in order for this feature to be available. Add the following line to the top of your sketch to use ``getVcc``:
Expand Down
25 changes: 13 additions & 12 deletions libraries/esp8266/examples/HelloCrypto/HelloCrypto.ino
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,7 @@
#include <TypeConversion.h>
#include <Crypto.h>

namespace TypeCast = esp8266::TypeConversion;
using namespace experimental;
namespace TypeCast = experimental::TypeConversion;

/**
NOTE: Although we could define the strings below as normal String variables,
Expand Down Expand Up @@ -38,34 +37,36 @@ void setup() {
void loop() {
// This serves only to demonstrate the library use. See the header file for a full list of functions.

using namespace experimental::crypto;

String exampleData = F("Hello Crypto World!");
Serial.println(String(F("This is our example data: ")) + exampleData);

uint8_t resultArray[crypto::SHA256::NATURAL_LENGTH] { 0 };
uint8_t derivedKey[crypto::ENCRYPTION_KEY_LENGTH] { 0 };
uint8_t resultArray[SHA256::NATURAL_LENGTH] { 0 };
uint8_t derivedKey[ENCRYPTION_KEY_LENGTH] { 0 };

static uint32_t encryptionCounter = 0;


// Generate the salt to use for HKDF
uint8_t hkdfSalt[16] { 0 };
crypto::getNonceGenerator()(hkdfSalt, sizeof hkdfSalt);
getNonceGenerator()(hkdfSalt, sizeof hkdfSalt);

// Generate the key to use for HMAC and encryption
crypto::HKDF hkdfInstance(FPSTR(masterKey), (sizeof masterKey) - 1, hkdfSalt, sizeof hkdfSalt); // (sizeof masterKey) - 1 removes the terminating null value of the c-string
HKDF hkdfInstance(FPSTR(masterKey), (sizeof masterKey) - 1, hkdfSalt, sizeof hkdfSalt); // (sizeof masterKey) - 1 removes the terminating null value of the c-string
hkdfInstance.produce(derivedKey, sizeof derivedKey);

// Hash
crypto::SHA256::hash(exampleData.c_str(), exampleData.length(), resultArray);
SHA256::hash(exampleData.c_str(), exampleData.length(), resultArray);
Serial.println(String(F("\nThis is the SHA256 hash of our example data, in HEX format:\n")) + TypeCast::uint8ArrayToHexString(resultArray, sizeof resultArray));
Serial.println(String(F("This is the SHA256 hash of our example data, in HEX format, using String output:\n")) + crypto::SHA256::hash(exampleData));
Serial.println(String(F("This is the SHA256 hash of our example data, in HEX format, using String output:\n")) + SHA256::hash(exampleData));


// HMAC
// Note that HMAC output length is limited
crypto::SHA256::hmac(exampleData.c_str(), exampleData.length(), derivedKey, sizeof derivedKey, resultArray, sizeof resultArray);
SHA256::hmac(exampleData.c_str(), exampleData.length(), derivedKey, sizeof derivedKey, resultArray, sizeof resultArray);
Serial.println(String(F("\nThis is the SHA256 HMAC of our example data, in HEX format:\n")) + TypeCast::uint8ArrayToHexString(resultArray, sizeof resultArray));
Serial.println(String(F("This is the SHA256 HMAC of our example data, in HEX format, using String output:\n")) + crypto::SHA256::hmac(exampleData, derivedKey, sizeof derivedKey, crypto::SHA256::NATURAL_LENGTH));
Serial.println(String(F("This is the SHA256 HMAC of our example data, in HEX format, using String output:\n")) + SHA256::hmac(exampleData, derivedKey, sizeof derivedKey, SHA256::NATURAL_LENGTH));


// Authenticated Encryption with Associated Data (AEAD)
Expand All @@ -76,10 +77,10 @@ void loop() {
Serial.println(String(F("\nThis is the data to encrypt: ")) + dataToEncrypt);

// Note that the key must be ENCRYPTION_KEY_LENGTH long.
crypto::ChaCha20Poly1305::encrypt(dataToEncrypt.begin(), dataToEncrypt.length(), derivedKey, &encryptionCounter, sizeof encryptionCounter, resultingNonce, resultingTag);
ChaCha20Poly1305::encrypt(dataToEncrypt.begin(), dataToEncrypt.length(), derivedKey, &encryptionCounter, sizeof encryptionCounter, resultingNonce, resultingTag);
Serial.println(String(F("Encrypted data: ")) + dataToEncrypt);

bool decryptionSucceeded = crypto::ChaCha20Poly1305::decrypt(dataToEncrypt.begin(), dataToEncrypt.length(), derivedKey, &encryptionCounter, sizeof encryptionCounter, resultingNonce, resultingTag);
bool decryptionSucceeded = ChaCha20Poly1305::decrypt(dataToEncrypt.begin(), dataToEncrypt.length(), derivedKey, &encryptionCounter, sizeof encryptionCounter, resultingNonce, resultingTag);
encryptionCounter++;

if (decryptionSucceeded) {
Expand Down
1 change: 0 additions & 1 deletion libraries/esp8266/keywords.txt
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,6 @@

ESP KEYWORD1

crypto KEYWORD1
nonceGeneratorType KEYWORD1
MD5 KEYWORD1
SHA1 KEYWORD1
Expand Down