Eun0us/espilon-source
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
d1b89f6fd5
espilon-source/espilon_bot/main/bot-lwip.c
Eun0us 8b6c1cd53d ε - ChaCha20-Poly1305 AEAD + HKDF crypto upgrade + C3PO rewrite + docs 
Crypto:
- Replace broken ChaCha20 (static nonce) with ChaCha20-Poly1305 AEAD
- HKDF-SHA256 key derivation from per-device factory NVS master keys
- Random 12-byte nonce per message (ESP32 hardware RNG)
- crypto_init/encrypt/decrypt API with mbedtls legacy (ESP-IDF v5.3.2)
- Custom partition table with factory NVS (fctry at 0x10000)

Firmware:
- crypto.c full rewrite, messages.c device_id prefix + AEAD encrypt
- crypto_init() at boot with esp_restart() on failure
- Fix command_t initializations across all modules (sub/help fields)
- Clean CMakeLists dependencies for ESP-IDF v5.3.2

C3PO (C2):
- Rename tools/c2 + tools/c3po -> tools/C3PO
- Per-device CryptoContext with HKDF key derivation
- KeyStore (keys.json) for master key management
- Transport parses device_id:base64(...) wire format

Tools:
- New tools/provisioning/provision.py for factory NVS key generation
- Updated flasher with mbedtls config for v5.3.2

Docs:
- Update all READMEs for new crypto, C3PO paths, provisioning
- Update roadmap, architecture diagrams, security sections
- Update CONTRIBUTING.md project structure
2026-02-10 21:28:45 +01:00

121 lines
2.8 KiB
C
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include "esp_log.h"
#include "nvs_flash.h"
#include "freertos/FreeRTOS.h"
#include "freertos/task.h"
#include "utils.h"
#include "command.h"
#include "cmd_system.h"
/* Module headers */
#ifdef CONFIG_MODULE_NETWORK
#include "cmd_network.h"
#endif
#ifdef CONFIG_MODULE_FAKEAP
#include "cmd_fakeAP.h"
#endif
#ifdef CONFIG_MODULE_RECON
#include "cmd_recon.h"
#endif
static const char *TAG = "MAIN";
static esp_log_level_t espilon_log_level_from_kconfig(void)
{
#if defined(CONFIG_ESPILON_LOG_LEVEL_ERROR)
return ESP_LOG_ERROR;
#elif defined(CONFIG_ESPILON_LOG_LEVEL_WARN)
return ESP_LOG_WARN;
#elif defined(CONFIG_ESPILON_LOG_LEVEL_INFO)
return ESP_LOG_INFO;
#elif defined(CONFIG_ESPILON_LOG_LEVEL_DEBUG)
return ESP_LOG_DEBUG;
#elif defined(CONFIG_ESPILON_LOG_LEVEL_VERBOSE)
return ESP_LOG_VERBOSE;
#else
return ESP_LOG_INFO;
#endif
}
static void espilon_log_init(void)
{
esp_log_level_set("*", espilon_log_level_from_kconfig());
#ifdef CONFIG_ESPILON_LOG_BOOT_SUMMARY
ESPILON_LOGI_PURPLE(TAG, "===== BOOT SUMMARY =====");
#endif
}
static void init_nvs(void)
{
esp_err_t ret = nvs_flash_init();
if (ret == ESP_ERR_NVS_NO_FREE_PAGES ||
ret == ESP_ERR_NVS_NEW_VERSION_FOUND) {
ESP_ERROR_CHECK(nvs_flash_erase());
ESP_ERROR_CHECK(nvs_flash_init());
}
}
void app_main(void)
{
espilon_log_init();
ESP_LOGI(TAG, "Booting system");
init_nvs();
/* Crypto: read master key from factory NVS, derive encryption key */
if (!crypto_init()) {
ESP_LOGE(TAG, "CRYPTO INIT FAILED no master key in factory NVS?");
esp_restart();
}
/* =====================================================
* Command system
* ===================================================== */
command_async_init(); // Async worker (Core 1)
mod_system_register_commands();
/* Register enabled modules */
#ifdef CONFIG_MODULE_NETWORK
mod_network_register_commands();
ESPILON_LOGI_PURPLE(TAG, "Network module loaded");
#endif
#ifdef CONFIG_MODULE_FAKEAP
mod_fakeap_register_commands();
ESPILON_LOGI_PURPLE(TAG, "FakeAP module loaded");
#endif
#ifdef CONFIG_MODULE_RECON
#ifdef CONFIG_RECON_MODE_CAMERA
mod_camera_register_commands();
ESPILON_LOGI_PURPLE(TAG, "Camera module loaded");
#endif
#ifdef CONFIG_RECON_MODE_MLAT
mod_mlat_register_commands();
ESPILON_LOGI_PURPLE(TAG, "MLAT module loaded");
#endif
#endif
command_log_registry_summary();
/* =====================================================
* Network backend
* ===================================================== */
vTaskDelay(pdMS_TO_TICKS(1200));
if (!com_init()) {
ESP_LOGE(TAG, "Network backend init failed");
return;
}
ESP_LOGI(TAG, "System ready");
}
Reference in New Issue View Git Blame Copy Permalink