dominic/Tactiliest
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Tactiliest/TactilityCore/Source/crypt/Crypt.h
Ken Van Hoeylandt 415096c3b2
Update docs and fix bugs (#149) 
Improved the docs for the 3 main Tactility projects. I also fixed some inaccuracies and bugs in certain APIs as I went through the code.
2025-01-07 20:45:23 +01:00

64 lines
2.0 KiB
C++
Raw Blame History

/** @file secure.h
*
* @brief Hardware-bound encryption methods.
* @warning Enable secure boot and flash encryption to increase security.
*
* Offers AES 256 CBC encryption with built-in key.
* The key is built from data including:
* - the internal factory MAC address
* - random data stored in NVS
*
* It's important to use flash encryption to avoid an attacker to get
* access to your encrypted data. If flash encryption is disabled,
* someone can fetch the key from the partitions.
*
* See:
* https://docs.espressif.com/projects/esp-idf/en/latest/esp32/security/secure-boot-v2.html
* https://docs.espressif.com/projects/esp-idf/en/latest/esp32/security/flash-encryption.html
*/
#pragma once
#include <cstdio>
#include <cstdint>
#include <string>
namespace tt::crypt {
/**
* @brief Fills the IV with zeros and then creates an IV based on the input data.
* @param[in] data input data
* @param[in] dataLength input data length
* @param[out] iv output IV
*/
void getIv(const void* data, size_t dataLength, uint8_t iv[16]);
/**
* @brief Encrypt data.
*
* Important: Use flash encryption to increase security.
* Important: input and output data must be aligned to 16 bytes.
*
* @param[in] iv the AES IV
* @param[in] inData input data
* @param[out] outData output data
* @param[in] dataLength data length, a multiple of 16 (for both inData and outData)
* @return the result of esp_aes_crypt_cbc() (MBEDTLS_ERR_*)
*/
int encrypt(const uint8_t iv[16], uint8_t* inData, uint8_t* outData, size_t dataLength);
/**
* @brief Decrypt data.
*
* Important: Use flash encryption to increase security.
* Important: input and output data must be aligned to 16 bytes.
*
* @param[in] iv AES IV
* @param[in] inData input data
* @param[out] outData output data
* @param[in] dataLength data length, a multiple of 16 (for both inData and outData)
* @return the result of esp_aes_crypt_cbc() (MBEDTLS_ERR_*)
*/
int decrypt(const uint8_t iv[16], uint8_t* inData, uint8_t* outData, size_t dataLength);
} // namespace
Reference in New Issue View Git Blame Copy Permalink