dominic/Tactiliest
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Tactiliest/TactilityCore/Include/Tactility/crypt/Crypt.h
Ken Van Hoeylandt c87200a80d
Project restructuring (fixes macOS builds) (#198) 
- Create `Include/` folder for all main projects
- Fix some issues here and there (found while moving things)
- All includes are now in `Tactility/` subfolder and must be included with that prefix. This fixes issues with clashing POSIX headers (e.g. `<semaphore.h>` versus Tactility's `Semaphore.h`)
2025-02-01 18:13:20 +01:00

64 lines
2.0 KiB
C++
Raw Blame History

/** @file secure.h
*
* @brief Hardware-bound encryption methods.
* @warning Enable secure boot and flash encryption to increase security.
*
* Offers AES 256 CBC encryption with built-in key.
* The key is built from data including:
* - the internal factory MAC address
* - random data stored in NVS
*
* It's important to use flash encryption to avoid an attacker to get
* access to your encrypted data. If flash encryption is disabled,
* someone can fetch the key from the partitions.
*
* See:
* https://docs.espressif.com/projects/esp-idf/en/latest/esp32/security/secure-boot-v2.html
* https://docs.espressif.com/projects/esp-idf/en/latest/esp32/security/flash-encryption.html
*/
#pragma once
#include <cstdio>
#include <cstdint>
#include <string>
namespace tt::crypt {
/**
* @brief Fills the IV with zeros and then creates an IV based on the input data.
* @param[in] data input data
* @param[in] dataLength input data length
* @param[out] iv output IV
*/
void getIv(const void* data, size_t dataLength, uint8_t iv[16]);
/**
* @brief Encrypt data.
*
* Important: Use flash encryption to increase security.
* Important: input and output data must be aligned to 16 bytes.
*
* @param[in] iv the AES IV
* @param[in] inData input data
* @param[out] outData output data
* @param[in] dataLength data length, a multiple of 16 (for both inData and outData)
* @return the result of esp_aes_crypt_cbc() (MBEDTLS_ERR_*)
*/
int encrypt(const uint8_t iv[16], uint8_t* inData, uint8_t* outData, size_t dataLength);
/**
* @brief Decrypt data.
*
* Important: Use flash encryption to increase security.
* Important: input and output data must be aligned to 16 bytes.
*
* @param[in] iv AES IV
* @param[in] inData input data
* @param[out] outData output data
* @param[in] dataLength data length, a multiple of 16 (for both inData and outData)
* @return the result of esp_aes_crypt_cbc() (MBEDTLS_ERR_*)
*/
int decrypt(const uint8_t iv[16], uint8_t* inData, uint8_t* outData, size_t dataLength);
} // namespace
Reference in New Issue View Git Blame Copy Permalink