Eun0us/espilon-source
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
d1b89f6fd5
espilon-source/espilon_bot/components/core/utils.h
Eun0us 8b6c1cd53d ε - ChaCha20-Poly1305 AEAD + HKDF crypto upgrade + C3PO rewrite + docs 
Crypto:
- Replace broken ChaCha20 (static nonce) with ChaCha20-Poly1305 AEAD
- HKDF-SHA256 key derivation from per-device factory NVS master keys
- Random 12-byte nonce per message (ESP32 hardware RNG)
- crypto_init/encrypt/decrypt API with mbedtls legacy (ESP-IDF v5.3.2)
- Custom partition table with factory NVS (fctry at 0x10000)

Firmware:
- crypto.c full rewrite, messages.c device_id prefix + AEAD encrypt
- crypto_init() at boot with esp_restart() on failure
- Fix command_t initializations across all modules (sub/help fields)
- Clean CMakeLists dependencies for ESP-IDF v5.3.2

C3PO (C2):
- Rename tools/c2 + tools/c3po -> tools/C3PO
- Per-device CryptoContext with HKDF key derivation
- KeyStore (keys.json) for master key management
- Transport parses device_id:base64(...) wire format

Tools:
- New tools/provisioning/provision.py for factory NVS key generation
- Updated flasher with mbedtls config for v5.3.2

Docs:
- Update all READMEs for new crypto, C3PO paths, provisioning
- Update roadmap, architecture diagrams, security sections
- Update CONTRIBUTING.md project structure
2026-02-10 21:28:45 +01:00

192 lines
4.4 KiB
C
Raw Blame History

#pragma once
#ifdef __cplusplus
extern "C" {
#endif
#include <stdbool.h>
#include <stddef.h>
#include <stdint.h>
#include <stdarg.h>
#include <inttypes.h>
#include <stdio.h>
#include "sdkconfig.h"
#include "esp_log.h"
/* >>> CRITIQUE <<< */
#include "c2.pb.h" /* c2_Command, c2_AgentMsgType */
/* ============================================================
* GLOBAL DEFINES
* ============================================================ */
#define MAX_ARGS 10
#define MAX_RESPONSE_SIZE 1024
/* ============================================================
* LOG HELPERS
* ============================================================ */
#ifdef CONFIG_LOG_COLORS
#define ESPILON_LOG_PURPLE "\033[0;35m"
#define ESPILON_LOG_RESET "\033[0m"
#else
#define ESPILON_LOG_PURPLE ""
#define ESPILON_LOG_RESET ""
#endif
static inline void espilon_log_purple(
const char *tag,
const char *fmt,
...
) {
va_list args;
va_start(args, fmt);
printf(ESPILON_LOG_PURPLE "I (%" PRIu32 ") %s: ",
(uint32_t)esp_log_timestamp(), tag);
vprintf(fmt, args);
printf(ESPILON_LOG_RESET "\n");
va_end(args);
}
#define ESPILON_LOGI_PURPLE(tag, fmt, ...) \
espilon_log_purple(tag, fmt, ##__VA_ARGS__)
/* Socket TCP global */
extern int sock;
/* ============================================================
* COM INIT
* ============================================================ */
bool com_init(void);
/* ============================================================
* CRYPTO API (ChaCha20-Poly1305 AEAD + HKDF)
* ============================================================ */
/* Init crypto: read master key from factory NVS, derive via HKDF-SHA256 */
bool crypto_init(void);
/*
* Encrypt (AEAD). Output: nonce[12] || ciphertext || tag[16]
* Returns total output length, or -1 on error.
*/
int crypto_encrypt(const uint8_t *plain, size_t plain_len,
uint8_t *out, size_t out_cap);
/*
* Decrypt + verify (AEAD). Input: nonce[12] || ciphertext || tag[16]
* Returns plaintext length, or -1 on error / auth failure.
*/
int crypto_decrypt(const uint8_t *in, size_t in_len,
uint8_t *out, size_t out_cap);
/* Base64 helpers */
char *base64_decode(const char *input, size_t *output_len);
char *base64_encode(const unsigned char *input, size_t input_len);
/* C2 decode + decrypt + protobuf + exec */
bool c2_decode_and_exec(const char *frame);
/* ============================================================
* ESP → C2 Messaging API
* ============================================================ */
bool agent_send(
c2_AgentMsgType type,
const char *source,
const char *request_id,
const void *data,
size_t len,
bool eof
);
/* Helpers globaux */
bool msg_info(
const char *src,
const char *msg,
const char *req
);
bool msg_error(
const char *src,
const char *msg,
const char *req
);
bool msg_data(
const char *src,
const void *data,
size_t len,
bool eof,
const char *req
);
/* ============================================================
* DEVICE
* ============================================================ */
bool device_id_matches(
const char *local_id,
const char *target_id
);
/* ============================================================
* CORE PROCESSING (C2 → ESP)
* ============================================================ */
void process_command(
const c2_Command *cmd
);
/*
* Compat legacy optionnel
*/
void process_command_from_buffer(
uint8_t *buffer,
size_t len
);
/* ============================================================
* WIFI
* ============================================================ */
#ifdef CONFIG_NETWORK_WIFI
void wifi_init(void);
void tcp_client_task(void *pvParameters);
#endif
/* ============================================================
* GPRS
* ============================================================ */
#ifdef CONFIG_NETWORK_GPRS
#define BUFF_SIZE 1024
#define UART_NUM UART_NUM_1
#define TXD_PIN 27
#define RXD_PIN 26
#define PWR_KEY 4
#define PWR_EN 23
#define RESET 5
#define LED_GPIO 13
void setup_uart(void);
void setup_modem(void);
bool connect_gprs(void);
bool connect_tcp(void);
bool gprs_send(const void *buf, size_t len);
void gprs_rx_poll(void);
void close_tcp_connection(void);
void gprs_client_task(void *pvParameters);
void send_at_command(const char *cmd);
#endif
#ifdef __cplusplus
}
#endif
Reference in New Issue View Git Blame Copy Permalink