Startseite Erkunden Hilfe
Anmelden
torambo.com
/
Momentum-Apps
2
0
Fork 0
Dateien Issues 0 Pull-Requests 0 Wiki
Struktur: dec7b0d7c4
Branches Tags
Momentum-Apps
/
crypto_wrapper.c

crypto_wrapper.c 5.5 KB
Verlauf Originalformat

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229 
  1. #include <furi_hal.h>
    2. 

  2. #include <lib/mlib/m-dict.h>
    3. 

  3. #include <toolbox/sha256.h>
    4. 

  4. 

  5. #ifndef FURI_HAL_CRYPTO_ADVANCED_AVAIL
    6. 

  6. #include "crypto/gcm.h"
    7. 

  7. #endif /* FURI_HAL_CRYPTO_ADVANCED_AVAIL */
    8. 

  8. 

  9. #include "crypto_wrapper.h"
    10. 

  10. 

  11. DICT_DEF2(ESubGhzChatReplayDict, uint64_t, uint32_t)
    12. 

  12. 

  13. struct ESugGhzChatCryptoCtx {
    14. 

  14. 	uint8_t key[KEY_BITS / 8];
    15. 

  15. #ifndef FURI_HAL_CRYPTO_ADVANCED_AVAIL
    16. 

  16. 	gcm_context gcm_ctx;
    17. 

  17. #endif /* FURI_HAL_CRYPTO_ADVANCED_AVAIL */
    18. 

  18. 	ESubGhzChatReplayDict_t replay_dict;
    19. 

  19. 	uint64_t run_id;
    20. 

  20. 	uint32_t counter;
    21. 

  21. };
    22. 

  22. 

  23. struct ESubGhzChatCryptoMsg {
    24. 

  24. 	uint64_t run_id;
    25. 

  25. 	uint32_t counter;
    26. 

  26. 	uint8_t iv[IV_BYTES];
    27. 

  27. 	uint8_t tag[TAG_BYTES];
    28. 

  28. 	uint8_t data[0];
    29. 

  29. } __attribute__ ((packed));
    30. 

  30. 

  31. void crypto_init(void)
    32. 

  32. {
    33. 

  33. #ifndef FURI_HAL_CRYPTO_ADVANCED_AVAIL
    34. 

  34. 	/* init the GCM and AES tables */
    35. 

  35. 	gcm_initialize();
    36. 

  36. #endif /* FURI_HAL_CRYPTO_ADVANCED_AVAIL */
    37. 

  37. }
    38. 

  38. 

  39. void crypto_explicit_bzero(void *s, size_t len)
    40. 

  40. {
    41. 

  41. 	memset(s, 0, len);
    42. 

  42. 	asm volatile("" ::: "memory");
    43. 

  43. }
    44. 

  44. 

  45. ESubGhzChatCryptoCtx *crypto_ctx_alloc(void)
    46. 

  46. {
    47. 

  47. 	ESubGhzChatCryptoCtx *ret = malloc(sizeof(ESubGhzChatCryptoCtx));
    48. 

  48. 

  49. 	if (ret != NULL) {
    50. 

  50. 		memset(ret, 0, sizeof(ESubGhzChatCryptoCtx));
    51. 

  51. 		ESubGhzChatReplayDict_init(ret->replay_dict);
    52. 

  52. 		ret->run_id = 0;
    53. 

  53. 		ret->counter = 1;
    54. 

  54. 	}
    55. 

  55. 

  56. 	return ret;
    57. 

  57. }
    58. 

  58. 

  59. void crypto_ctx_free(ESubGhzChatCryptoCtx *ctx)
    60. 

  60. {
    61. 

  61. 	crypto_ctx_clear(ctx);
    62. 

  62. 	ESubGhzChatReplayDict_clear(ctx->replay_dict);
    63. 

  63. 	free(ctx);
    64. 

  64. }
    65. 

  65. 

  66. void crypto_ctx_clear(ESubGhzChatCryptoCtx *ctx)
    67. 

  67. {
    68. 

  68. 	crypto_explicit_bzero(ctx->key, sizeof(ctx->key));
    69. 

  69. #ifndef FURI_HAL_CRYPTO_ADVANCED_AVAIL
    70. 

  70. 	crypto_explicit_bzero(&(ctx->gcm_ctx), sizeof(ctx->gcm_ctx));
    71. 

  71. #endif /* FURI_HAL_CRYPTO_ADVANCED_AVAIL */
    72. 

  72. 	ESubGhzChatReplayDict_reset(ctx->replay_dict);
    73. 

  73. 	ctx->run_id = 0;
    74. 

  74. 	ctx->counter = 1;
    75. 

  75. }
    76. 

  76. 

  77. static uint64_t crypto_calc_run_id(FuriString *flipper_name, uint32_t tick)
    78. 

  78. {
    79. 

  79. 	const char *fn = furi_string_get_cstr(flipper_name);
    80. 

  80. 	size_t fn_len = strlen(fn);
    81. 

  81. 

  82. 	uint8_t h_in[fn_len + sizeof(uint32_t)];
    83. 

  83. 	memcpy(h_in, fn, fn_len);
    84. 

  84. 	memcpy(h_in + fn_len, &tick, sizeof(uint32_t));
    85. 

  85. 

  86. 	uint8_t h_out[256];
    87. 

  87. 	sha256(h_in, fn_len + sizeof(uint32_t), h_out);
    88. 

  88. 

  89. 	uint64_t run_id;
    90. 

  90. 	memcpy(&run_id, h_out, sizeof(uint64_t));
    91. 

  91. 

  92. 	return run_id;
    93. 

  93. }
    94. 

  94. 

  95. bool crypto_ctx_set_key(ESubGhzChatCryptoCtx *ctx, const uint8_t *key,
    96. 

  96. 		FuriString *flipper_name, uint32_t tick)
    97. 

  97. {
    98. 

  98. 	ctx->run_id = crypto_calc_run_id(flipper_name, tick);
    99. 

  99. 	ctx->counter = 1;
    100. 

  100. 

  101. 	memcpy(ctx->key, key, KEY_BITS / 8);
    102. 

  102. #ifdef FURI_HAL_CRYPTO_ADVANCED_AVAIL
    103. 

  103. 	return true;
    104. 

  104. #else /* FURI_HAL_CRYPTO_ADVANCED_AVAIL */
    105. 

  105. 	return (gcm_setkey(&(ctx->gcm_ctx), key, KEY_BITS / 8) == 0);
    106. 

  106. #endif /* FURI_HAL_CRYPTO_ADVANCED_AVAIL */
    107. 

  107. }
    108. 

  108. 

  109. void crypto_ctx_get_key(ESubGhzChatCryptoCtx *ctx, uint8_t *key)
    110. 

  110. {
    111. 

  111. 	memcpy(key, ctx->key, KEY_BITS / 8);
    112. 

  112. }
    113. 

  113. 

  114. bool crypto_ctx_decrypt(ESubGhzChatCryptoCtx *ctx, uint8_t *in, size_t in_len,
    115. 

  115. 		uint8_t *out)
    116. 

  116. {
    117. 

  117. 	if (in_len < MSG_OVERHEAD + 1) {
    118. 

  118. 		return false;
    119. 

  119. 	}
    120. 

  120. 

  121. 	struct ESubGhzChatCryptoMsg *msg = (struct ESubGhzChatCryptoMsg *) in;
    122. 

  122. 

  123. 	// check if message is stale, if yes, discard
    124. 

  124. 	uint32_t *counter = ESubGhzChatReplayDict_get(ctx->replay_dict,
    125. 

  125. 			msg->run_id);
    126. 

  126. 	if (counter != NULL) {
    127. 

  127. 		if (*counter >= __ntohl(msg->counter)) {
    128. 

  128. 			return false;
    129. 

  129. 		}
    130. 

  130. 	}
    131. 

  131. 

  132. 	// decrypt and auth message
    133. 

  133. #ifdef FURI_HAL_CRYPTO_ADVANCED_AVAIL
    134. 

  134. 	bool ret = (furi_hal_crypto_gcm_decrypt_and_verify(ctx->key,
    135. 

  135. 			msg->iv,
    136. 

  136. 			(uint8_t *) msg, RUN_ID_BYTES + COUNTER_BYTES,
    137. 

  137. 			msg->data, out,
    138. 

  138. 			in_len - MSG_OVERHEAD,
    139. 

  139. 			msg->tag) == FuriHalCryptoGCMStateOk);
    140. 

  140. #else /* FURI_HAL_CRYPTO_ADVANCED_AVAIL */
    141. 

  141. 	bool ret = (gcm_auth_decrypt(&(ctx->gcm_ctx),
    142. 

  142. 			msg->iv, IV_BYTES,
    143. 

  143. 			(uint8_t *) msg, RUN_ID_BYTES + COUNTER_BYTES,
    144. 

  144. 			msg->data, out,
    145. 

  145. 			in_len - MSG_OVERHEAD,
    146. 

  146. 			msg->tag, TAG_BYTES) == 0);
    147. 

  147. #endif /* FURI_HAL_CRYPTO_ADVANCED_AVAIL */
    148. 

  148. 

  149. 	// if auth was successful update replay dict
    150. 

  150. 	if (ret) {
    151. 

  151. 		ESubGhzChatReplayDict_set_at(ctx->replay_dict, msg->run_id,
    152. 

  152. 				__ntohl(msg->counter));
    153. 

  153. 	}
    154. 

  154. 

  155. 	return ret;
    156. 

  156. }
    157. 

  157. 

  158. bool crypto_ctx_encrypt(ESubGhzChatCryptoCtx *ctx, uint8_t *in, size_t in_len,
    159. 

  159. 		uint8_t *out)
    160. 

  160. {
    161. 

  161. 	struct ESubGhzChatCryptoMsg *msg = (struct ESubGhzChatCryptoMsg *) out;
    162. 

  162. 

  163. 	// fill message header
    164. 

  164. 	msg->run_id = ctx->run_id;
    165. 

  165. 	msg->counter = __htonl(ctx->counter);
    166. 

  166. 	furi_hal_random_fill_buf(msg->iv, IV_BYTES);
    167. 

  167. 

  168. 	// encrypt message and store tag in header
    169. 

  169. #ifdef FURI_HAL_CRYPTO_ADVANCED_AVAIL
    170. 

  170. 	bool ret = (furi_hal_crypto_gcm_encrypt_and_tag(ctx->key,
    171. 

  171. 			msg->iv,
    172. 

  172. 			(uint8_t *) msg, RUN_ID_BYTES + COUNTER_BYTES,
    173. 

  173. 			in, msg->data,
    174. 

  174. 			in_len,
    175. 

  175. 			msg->tag) == FuriHalCryptoGCMStateOk);
    176. 

  176. #else /* FURI_HAL_CRYPTO_ADVANCED_AVAIL */
    177. 

  177. 	bool ret = (gcm_crypt_and_tag(&(ctx->gcm_ctx), ENCRYPT,
    178. 

  178. 			msg->iv, IV_BYTES,
    179. 

  179. 			(uint8_t *) msg, RUN_ID_BYTES + COUNTER_BYTES,
    180. 

  180. 			in, msg->data,
    181. 

  181. 			in_len,
    182. 

  182. 			msg->tag, TAG_BYTES) == 0);
    183. 

  183. #endif /* FURI_HAL_CRYPTO_ADVANCED_AVAIL */
    184. 

  184. 

  185. 	// update replay dict and increase internal counter
    186. 

  186. 	if (ret) {
    187. 

  187. 		ESubGhzChatReplayDict_set_at(ctx->replay_dict, ctx->run_id,
    188. 

  188. 				ctx->counter);
    189. 

  189. 		ctx->counter++;
    190. 

  190. 	}
    191. 

  191. 

  192. 	return ret;
    193. 

  193. }
    194. 

  194. 

  195. size_t crypto_ctx_dump_replay_dict(ESubGhzChatCryptoCtx *ctx,
    196. 

  196. 		CryptoCtxReplayDictWriter writer, void *writer_ctx)
    197. 

  197. {
    198. 

  198. 	size_t ret = 0;
    199. 

  199. 	ESubGhzChatReplayDict_it_t i;
    200. 

  200. 

  201. 	for (ESubGhzChatReplayDict_it(i, ctx->replay_dict);
    202. 

  202. 			!ESubGhzChatReplayDict_end_p(i);
    203. 

  203. 			ESubGhzChatReplayDict_next(i), ret++) {
    204. 

  204. 		ESubGhzChatReplayDict_itref_t *ref =
    205. 

  205. 			ESubGhzChatReplayDict_ref(i);
    206. 

  206. 		if (!writer(ref->key, ref->value, writer_ctx)) {
    207. 

  207. 			break;
    208. 

  208. 		}
    209. 

  209. 	}
    210. 

  210. 

  211. 	return ret;
    212. 

  212. }
    213. 

  213. 

  214. size_t crypto_ctx_read_replay_dict(ESubGhzChatCryptoCtx *ctx,
    215. 

  215. 		CryptoCtxReplayDictReader reader, void *reader_ctx)
    216. 

  216. {
    217. 

  217. 	size_t ret = 0;
    218. 

  218. 

  219. 	uint64_t run_id;
    220. 

  220. 	uint32_t counter;
    221. 

  221. 

  222. 	while (reader(&run_id, &counter, reader_ctx)) {
    223. 

  223. 		ESubGhzChatReplayDict_set_at(ctx->replay_dict, run_id,
    224. 

  224. 				counter);
    225. 

  225. 		ret++;
    226. 

  226. 	}
    227. 

  227. 

  228. 	return ret;
    229. 

  229. }
    230.