ee5a5a7181
## New
- Read property files with `PropertiesFile`
- Support `boot.properties` so the user can specify the launcher app and an optional app to start after the launcher finishes. (see `BootProperties.cpp`)
- Create registry for CPU affinity and update code to make use of it
- `AppRegistration` and `ServiceRegistration` now also ensure that the `/data` directories always exist for all apps
- `Notes` is now the default app for opening text files. `TextViewer` is removed entirely. Created `tt::app:🎶:start(path)` function.
- WiFi settings moved from NVS to properties file.
- Specify `*.ap.properties` file on the SD card for automatic WiFi settings import on start-up.
- Added `file::getLock(path)` and `file::withLock(path, function)` to do safe file operations on SD cards
## Improvements
- Update TinyUSB to `1.7.6~1`
- Improved `Boot.cpp` code. General code quality fixes and some restructuring to improve readability.
- `tt::string` functionality improvements
- Rename `AppRegistry` to `AppRegistration`
- Rename `ServiceRegistry` to `ServiceRegistration`
- Cleanup in `Notes.cpp`
- `FileTest.cpp` fix for PC
- Created `TestFile` helper class for tests, which automatically deletes files after the test.
- Renamed `Partitions.h` to `MountPoints.h`
- Created `std::string getMountPoints()` function for easy re-use
- Other code quality improvements
- `SdCardDevice`'s `getState()` and `isMounted()` now have a timeout argument
## Fixes
- ELF loading now has a lock so to avoid a bug when 2 ELF apps are loaded in parallel
65 lines
2.0 KiB
C++
65 lines
2.0 KiB
C++
/** @file secure.h
|
|
*
|
|
* @brief Hardware-bound encryption methods.
|
|
* @warning Enable secure boot and flash encryption to increase security.
|
|
*
|
|
* Offers AES 256 CBC encryption with built-in key.
|
|
* The key is built from data including:
|
|
* - the internal factory MAC address
|
|
* - random data stored in NVS
|
|
*
|
|
* It's important to use flash encryption to avoid an attacker to get
|
|
* access to your encrypted data. If flash encryption is disabled,
|
|
* someone can fetch the key from the partitions.
|
|
*
|
|
* See:
|
|
* https://docs.espressif.com/projects/esp-idf/en/latest/esp32/security/secure-boot-v2.html
|
|
* https://docs.espressif.com/projects/esp-idf/en/latest/esp32/security/flash-encryption.html
|
|
*/
|
|
#pragma once
|
|
|
|
#include <cstdio>
|
|
#include <cstdint>
|
|
#include <string>
|
|
|
|
namespace tt::crypt {
|
|
|
|
/**
|
|
* @brief Fills the IV with zeros and then creates an IV based on the input data.
|
|
* @param[in] data input data
|
|
* @param[in] dataLength input data length
|
|
* @param[out] iv output IV
|
|
*/
|
|
void getIv(const void* data, size_t dataLength, uint8_t iv[16]);
|
|
|
|
/**
|
|
* @brief Encrypt data.
|
|
*
|
|
* Important: Use flash encryption to increase security.
|
|
* Important: input and output data must be aligned to 16 bytes.
|
|
*
|
|
* @param[in] iv the AES IV
|
|
* @param[in] inData input data
|
|
* @param[out] outData output data
|
|
* @param[in] dataLength data length, a multiple of 16 (for both inData and outData)
|
|
* @return the result of esp_aes_crypt_cbc() (MBEDTLS_ERR_*)
|
|
*/
|
|
int encrypt(const uint8_t iv[16], const uint8_t* inData, uint8_t* outData, size_t dataLength);
|
|
|
|
/**
|
|
* @brief Decrypt data.
|
|
*
|
|
* Important: Use flash encryption to increase security.
|
|
* Important: input and output data must be aligned to 16 bytes.
|
|
*
|
|
* @param[in] iv AES IV
|
|
* @param[in] inData input data
|
|
* @param[out] outData output data
|
|
* @param[in] dataLength data length, a multiple of 16 (for both inData and outData)
|
|
* @return the result of esp_aes_crypt_cbc() (MBEDTLS_ERR_*)
|
|
*/
|
|
int decrypt(const uint8_t iv[16], const uint8_t* inData, uint8_t* outData, size_t dataLength);
|
|
|
|
|
|
} // namespace
|