software and system v1

2026-02-02 00:49:50 +01:00
parent 9c5082cd9e
commit a23dbf0828
21 changed files with 4400 additions and 137 deletions
--- a/design/components/crypto_utils/COMPONENT.md
+++ b/design/components/crypto_utils/COMPONENT.md
@@ -0,0 +1,123 @@
+# Crypto Utils Component
+## ASF Sensor Hub (Sub-Hub) Embedded System
+
+**Component ID:** C-CRYPTO-001  
+**Version:** 1.0  
+**Date:** 2025-02-01  
+**Location:** `application_layer/utils/crypto_utils/`  
+**Platform:** ESP32-S3, ESP-IDF v5.4
+
+---
+
+## 1. Component Overview
+
+The Crypto Utils component provides cryptographic utility functions including hash computation, encryption/decryption, digital signatures, secure random number generation, and key derivation. This component supports Security Manager and other security-critical components.
+
+**Primary Purpose:** Provide cryptographic primitives for system security.
+
+---
+
+## 2. Responsibilities
+
+### 2.1 In-Scope
+
+- Hash function computation (SHA-256, SHA-512)
+- Symmetric encryption/decryption (AES-128, AES-256)
+- Digital signature verification (RSA, ECDSA)
+- Secure random number generation
+- Key derivation functions (PBKDF2, HKDF)
+- Message authentication codes (HMAC)
+
+### 2.2 Out-of-Scope
+
+- Key storage (handled by Security Manager)
+- Certificate management (handled by Security Manager)
+- Secure boot (handled by ESP-IDF)
+
+---
+
+## 3. Provided Interfaces
+
+### 3.1 Hash Functions
+
+```c
+/**
+ * @brief Compute SHA-256 hash
+ * @param data Input data
+ * @param data_len Data length
+ * @param hash Output hash (32 bytes)
+ * @return true on success
+ */
+bool crypto_hash_sha256(const uint8_t* data, size_t data_len, uint8_t* hash);
+
+/**
+ * @brief Compute SHA-512 hash
+ * @param data Input data
+ * @param data_len Data length
+ * @param hash Output hash (64 bytes)
+ * @return true on success
+ */
+bool crypto_hash_sha512(const uint8_t* data, size_t data_len, uint8_t* hash);
+```
+
+### 3.2 Encryption Functions
+
+```c
+/**
+ * @brief Encrypt data using AES-256
+ * @param plaintext Input plaintext
+ * @param plaintext_len Plaintext length
+ * @param key Encryption key (32 bytes)
+ * @param iv Initialization vector (16 bytes)
+ * @param ciphertext Output ciphertext
+ * @return true on success
+ */
+bool crypto_encrypt_aes256(const uint8_t* plaintext, size_t plaintext_len,
+                           const uint8_t* key, const uint8_t* iv,
+                           uint8_t* ciphertext, size_t* ciphertext_len);
+```
+
+### 3.3 Random Number Generation
+
+```c
+/**
+ * @brief Generate secure random bytes
+ * @param buffer Output buffer
+ * @param length Number of bytes to generate
+ * @return true on success
+ */
+bool crypto_random_bytes(uint8_t* buffer, size_t length);
+```
+
+---
+
+## 4. ESP-IDF Integration
+
+### 4.1 ESP-IDF Services Used
+
+- `mbedtls/sha256.h` - SHA-256 computation
+- `mbedtls/aes.h` - AES encryption
+- `mbedtls/rsa.h` - RSA operations
+- `esp_random.h` - Secure random number generation
+- Hardware acceleration (ESP32-S3 crypto peripherals)
+
+### 4.2 Hardware Acceleration
+
+- AES encryption/decryption (hardware-accelerated)
+- SHA computation (hardware-accelerated)
+- Random number generation (hardware RNG)
+
+---
+
+## 5. Traceability
+
+### 11.1 Software Requirements
+
+- **SWR-SEC-022:** Secure random number generation
+- **SWR-SEC-023:** Key derivation functions
+- **SWR-OTA-007:** Firmware integrity validation (SHA-256)
+
+---
+
+**Document Status:** Complete  
+**Next Review:** Before implementation