[FL-1490] FuriHal: crypto api. Crypto cli tool. (#702)

* FuriHal: crypto layer * Furi: add crash routine. * FuriHal: crypto api. Crypto: cli command to manipulate secure enclave and encrypt/decrypt plain text. * DeviceInfo: secure enclave verification. * Rename original to enclave_valid * Update expected enclave signature to match production keys * F7: remove unused files
2021-09-15 12:59:49 +03:00
parent 95d9140d24
commit 66f9d946ae
52 changed files with 1056 additions and 1609 deletions
--- a/firmware/targets/furi-hal-include/furi-hal-crypto.h
+++ b/firmware/targets/furi-hal-include/furi-hal-crypto.h
@@ -0,0 +1,66 @@
+#pragma once
+
+#include <stdbool.h>
+#include <stdint.h>
+#include <stddef.h>
+
+/** FuriHalCryptoKey Type */
+typedef enum {
+    FuriHalCryptoKeyTypeMaster, /**< Master key */
+    FuriHalCryptoKeyTypeSimple,  /**< Simple enencrypted key */
+    FuriHalCryptoKeyTypeEncrypted, /**< Encrypted with Master key */
+} FuriHalCryptoKeyType;
+
+/** FuriHalCryptoKey Size in bits */
+typedef enum {
+    FuriHalCryptoKeySize128,
+    FuriHalCryptoKeySize256,
+} FuriHalCryptoKeySize;
+
+/** FuriHalCryptoKey */
+typedef struct {
+    FuriHalCryptoKeyType type;
+    FuriHalCryptoKeySize size;
+    uint8_t* data;
+} FuriHalCryptoKey;
+
+/** Initialize cryptography layer
+ * This includes AES engines, PKA and RNG
+ */
+void furi_hal_crypto_init();
+
+/** Store key in crypto storage
+ * @param key - FuriHalCryptoKey to store. Only Master, Simple or Encrypted
+ * @param slot - pinter to int where store slot number will be saved
+ * @return true on success
+ */
+bool furi_hal_crypto_store_add_key(FuriHalCryptoKey* key, uint8_t* slot);
+
+/** Init AES engine and load key from crypto store
+ * @param slot - store slot number
+ * @return true on success
+ */
+bool furi_hal_crypto_store_load_key(uint8_t slot, const uint8_t* iv);
+
+/** Unload key engine and deinit AES engine
+ * @param slot - store slot number
+ * @return true on success
+ */
+bool furi_hal_crypto_store_unload_key(uint8_t slot);
+
+
+/** Encrypt data
+ * @param input - pointer to input data
+ * @param output - pointer to output data
+ * @param size - input/output buffer size in bytes
+ * @return true on success
+ */
+bool furi_hal_crypto_encrypt(const uint8_t *input, uint8_t *output, size_t size);
+
+/** Decrypt data
+ * @param input - pointer to input data
+ * @param output - pointer to output data
+ * @param size - input/output buffer size in bytes
+ * @return true on success
+ */
+bool furi_hal_crypto_decrypt(const uint8_t *input, uint8_t *output, size_t size);
--- a/firmware/targets/furi-hal-include/furi-hal.h
+++ b/firmware/targets/furi-hal-include/furi-hal.h
@@ -6,6 +6,7 @@ template <unsigned int N> struct STOP_EXTERNING_ME {};

 #include "furi-hal-boot.h"
 #include "furi-hal-clock.h"
+#include "furi-hal-crypto.h"
 #include "furi-hal-console.h"
 #include "furi-hal-os.h"
 #include "furi-hal-i2c.h"