Mirrors/OpenMQTTGateway
2
0
Fork 0
mirror of https://github.com/1technophile/OpenMQTTGateway.git synced 2026-03-08 08:17:13 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
8085f6bf16cc1bc5b2eae3c55cf0d42dd6775019
OpenMQTTGateway/main/blufiSec.cpp
Ryan Powell 585df9a420 [SYS] Update arduino core to 3.1.1 + refactor ino to cpp (#2177) 
* Update arduino core to 3.1.1

* Fix Blufi build

* Update arduinojson, fix build errors with idf

* Fix narrowing

* fix RF builds

* WIP-Convert ino files to cpp

* Fix pilight build

* Fix Somfy actuator build.

* Update esp32dev-rf partition

* Fix Weatherstation build

* Fix GFSunInverter build

* Fix esp32dev-ir build

* Fix ble-aws build

* Fix eth builds

* Fix m5Stack missing pins_arduino.h

* Fix build errors for M5 stack/tough, others are upstream issues.

* Fix RTL 433 build - remaining errors are from radolib

* Fix nodemcu build

* fix 2g builds

* Fix serial build

* Fix actuator on off builds

* Fix SSD1306 build - remaining errors are from radiolib

* Fix multiple definition of OTAserver_cert

* Fix nodemcu rf2 build

* Fix ADC builds

* Fix sensor builds

* Fix LORA builds

* Fix multi-receiver builds - remaining errors are in radiolib

* Fix fastled builds

* Fix theegns board builds

* Fix broker builds

* Update fastled - old version failed all-test build

* Fix RN8209 builds

* Fix max temp actuator builds

* Fix PWM builds

* Fix C37 sensor builds

* Fix HTU21 builds

* Fix INA266 builds

* Fix undefined variables in mqtt discovery

* Fix webui build

* Fix fastled invalid pin error

* Fix wifi manual setup builds

* Fix onewire/all-test build - bin too big error remaining

* Fix theengs plug build

* Fix rfbridge builds

* Fix blufi builds

* Fix undefined functions in serial

* Fix preprocessor definition checks

* Set IDF log level to erre

* Add delay in loop to prevent watchdog timeout

* Use xTaskCreateUniveral to support single core processors

* Remove old HTTPUpdate files - upsteam fixed.

* Cleanup and move common declarations to header file

* Use custom partiton table to fix builds where bin is too large

* Update M5StickC - fixs esp32-m5stick-c-ble build

* Revert to Arduino core 2.x for builds with incompatible libs

* Remove "Z" from file names and rename omg_common to TheengsCommon

* Fix gateway name when using MAC with new Arduino core

* Update IDF config to reduce loop task stack use

* Update esp-nimble-cpp version, corrects BLE uppercase ID's

* Update wifi manager to fix watchdog timeout error
2025-05-06 19:35:50 -05:00

229 lines
6.6 KiB
C++
Raw Blame History

/*
* SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Unlicense OR CC0-1.0
*/
#if defined(ESP32) && defined(USE_BLUFI)
# include <ArduinoLog.h>
# include "esp_blufi_api.h"
# include "esp_crc.h"
# include "esp_random.h"
# include "mbedtls/aes.h"
# include "mbedtls/dhm.h"
# include "mbedtls/md5.h"
/*
The SEC_TYPE_xxx is for self-defined packet data type in the procedure of "BLUFI negotiate key"
If user use other negotiation procedure to exchange(or generate) key, should redefine the type by yourself.
*/
# define SEC_TYPE_DH_PARAM_LEN 0x00
# define SEC_TYPE_DH_PARAM_DATA 0x01
# define SEC_TYPE_DH_P 0x02
# define SEC_TYPE_DH_G 0x03
# define SEC_TYPE_DH_PUBLIC 0x04
struct blufi_security {
# define DH_SELF_PUB_KEY_LEN 128
# define DH_SELF_PUB_KEY_BIT_LEN (DH_SELF_PUB_KEY_LEN * 8)
uint8_t self_public_key[DH_SELF_PUB_KEY_LEN];
# define SHARE_KEY_LEN 128
# define SHARE_KEY_BIT_LEN (SHARE_KEY_LEN * 8)
uint8_t share_key[SHARE_KEY_LEN];
size_t share_len;
# define PSK_LEN 16
uint8_t psk[PSK_LEN];
uint8_t* dh_param;
int dh_param_len;
uint8_t iv[16];
mbedtls_dhm_context dhm;
mbedtls_aes_context aes;
};
static struct blufi_security* blufi_sec;
static int myrand(void* rng_state, unsigned char* output, size_t len) {
esp_fill_random(output, len);
return (0);
}
extern "C" void btc_blufi_report_error(esp_blufi_error_state_t state);
void blufi_dh_negotiate_data_handler(uint8_t* data, int len, uint8_t** output_data, int* output_len, bool* need_free) {
if (data == NULL || len < 3) {
Log.error(F("BLUFI Invalid data format" CR));
btc_blufi_report_error(ESP_BLUFI_DATA_FORMAT_ERROR);
return;
}
int ret;
uint8_t type = data[0];
if (blufi_sec == NULL) {
Log.error(F("BLUFI Security is not initialized" CR));
btc_blufi_report_error(ESP_BLUFI_INIT_SECURITY_ERROR);
return;
}
switch (type) {
case SEC_TYPE_DH_PARAM_LEN:
blufi_sec->dh_param_len = ((data[1] << 8) | data[2]);
if (blufi_sec->dh_param) {
free(blufi_sec->dh_param);
blufi_sec->dh_param = NULL;
}
blufi_sec->dh_param = (uint8_t*)malloc(blufi_sec->dh_param_len);
if (blufi_sec->dh_param == NULL) {
blufi_sec->dh_param_len = 0; /* Reset length to avoid using unallocated memory */
btc_blufi_report_error(ESP_BLUFI_DH_MALLOC_ERROR);
Log.error(F("%s, malloc failed\n" CR), __func__);
return;
}
break;
case SEC_TYPE_DH_PARAM_DATA: {
if (blufi_sec->dh_param == NULL) {
Log.error(F("%s, blufi_sec->dh_param == NULL" CR), __func__);
btc_blufi_report_error(ESP_BLUFI_DH_PARAM_ERROR);
return;
}
if (len < (blufi_sec->dh_param_len + 1)) {
Log.error(F("%s, invalid dh param len" CR), __func__);
btc_blufi_report_error(ESP_BLUFI_DH_PARAM_ERROR);
return;
}
uint8_t* param = blufi_sec->dh_param;
memcpy(blufi_sec->dh_param, &data[1], blufi_sec->dh_param_len);
ret = mbedtls_dhm_read_params(&blufi_sec->dhm, &param, &param[blufi_sec->dh_param_len]);
if (ret) {
Log.error(F("%s read param failed %d" CR), __func__, ret);
btc_blufi_report_error(ESP_BLUFI_READ_PARAM_ERROR);
return;
}
free(blufi_sec->dh_param);
blufi_sec->dh_param = NULL;
const int dhm_len = mbedtls_dhm_get_len(&blufi_sec->dhm);
if (dhm_len > DH_SELF_PUB_KEY_LEN) {
Log.error(F("%s dhm len not support %d" CR), __func__, dhm_len);
btc_blufi_report_error(ESP_BLUFI_DH_PARAM_ERROR);
return;
}
ret = mbedtls_dhm_make_public(&blufi_sec->dhm, dhm_len, blufi_sec->self_public_key, DH_SELF_PUB_KEY_LEN, myrand, NULL);
if (ret) {
Log.error(F("%s make public failed %d" CR), __func__, ret);
btc_blufi_report_error(ESP_BLUFI_MAKE_PUBLIC_ERROR);
return;
}
ret = mbedtls_dhm_calc_secret(&blufi_sec->dhm,
blufi_sec->share_key,
SHARE_KEY_BIT_LEN,
&blufi_sec->share_len,
myrand, NULL);
if (ret) {
Log.error(F("%s mbedtls_dhm_calc_secret failed %d" CR), __func__, ret);
btc_blufi_report_error(ESP_BLUFI_DH_PARAM_ERROR);
return;
}
ret = mbedtls_md5(blufi_sec->share_key, blufi_sec->share_len, blufi_sec->psk);
if (ret) {
Log.error(F("%s mbedtls_md5 failed %d" CR), __func__, ret);
btc_blufi_report_error(ESP_BLUFI_CALC_MD5_ERROR);
return;
}
mbedtls_aes_setkey_enc(&blufi_sec->aes, blufi_sec->psk, PSK_LEN * 8);
/* alloc output data */
*output_data = &blufi_sec->self_public_key[0];
*output_len = dhm_len;
*need_free = false;
} break;
case SEC_TYPE_DH_P:
break;
case SEC_TYPE_DH_G:
break;
case SEC_TYPE_DH_PUBLIC:
break;
}
}
int blufi_aes_encrypt(uint8_t iv8, uint8_t* crypt_data, int crypt_len) {
int ret;
size_t iv_offset = 0;
uint8_t iv0[16];
memcpy(iv0, blufi_sec->iv, sizeof(blufi_sec->iv));
iv0[0] = iv8; /* set iv8 as the iv0[0] */
ret = mbedtls_aes_crypt_cfb128(&blufi_sec->aes, MBEDTLS_AES_ENCRYPT, crypt_len, &iv_offset, iv0, crypt_data, crypt_data);
if (ret) {
return -1;
}
return crypt_len;
}
int blufi_aes_decrypt(uint8_t iv8, uint8_t* crypt_data, int crypt_len) {
int ret;
size_t iv_offset = 0;
uint8_t iv0[16];
memcpy(iv0, blufi_sec->iv, sizeof(blufi_sec->iv));
iv0[0] = iv8; /* set iv8 as the iv0[0] */
ret = mbedtls_aes_crypt_cfb128(&blufi_sec->aes, MBEDTLS_AES_DECRYPT, crypt_len, &iv_offset, iv0, crypt_data, crypt_data);
if (ret) {
return -1;
}
return crypt_len;
}
uint16_t blufi_crc_checksum(uint8_t iv8, uint8_t* data, int len) {
/* This iv8 ignore, not used */
return esp_crc16_be(0, data, len);
}
esp_err_t blufi_security_init(void) {
blufi_sec = (struct blufi_security*)malloc(sizeof(struct blufi_security));
if (blufi_sec == NULL) {
return ESP_FAIL;
}
memset(blufi_sec, 0x0, sizeof(struct blufi_security));
mbedtls_dhm_init(&blufi_sec->dhm);
mbedtls_aes_init(&blufi_sec->aes);
memset(blufi_sec->iv, 0x0, 16);
return 0;
}
void blufi_security_deinit(void) {
if (blufi_sec == NULL) {
return;
}
if (blufi_sec->dh_param) {
free(blufi_sec->dh_param);
blufi_sec->dh_param = NULL;
}
mbedtls_dhm_free(&blufi_sec->dhm);
mbedtls_aes_free(&blufi_sec->aes);
memset(blufi_sec, 0x0, sizeof(struct blufi_security));
free(blufi_sec);
blufi_sec = NULL;
}
#endif // defined(ESP32) && defined(USE_BLUFI)
Reference in New Issue View Git Blame Copy Permalink