# Crypto Utils Component ## ASF Sensor Hub (Sub-Hub) Embedded System **Component ID:** C-CRYPTO-001 **Version:** 1.0 **Date:** 2025-02-01 **Location:** `application_layer/utils/crypto_utils/` **Platform:** ESP32-S3, ESP-IDF v5.4 --- ## 1. Component Overview The Crypto Utils component provides cryptographic utility functions including hash computation, encryption/decryption, digital signatures, secure random number generation, and key derivation. This component supports Security Manager and other security-critical components. **Primary Purpose:** Provide cryptographic primitives for system security. --- ## 2. Responsibilities ### 2.1 In-Scope - Hash function computation (SHA-256, SHA-512) - Symmetric encryption/decryption (AES-128, AES-256) - Digital signature verification (RSA, ECDSA) - Secure random number generation - Key derivation functions (PBKDF2, HKDF) - Message authentication codes (HMAC) ### 2.2 Out-of-Scope - Key storage (handled by Security Manager) - Certificate management (handled by Security Manager) - Secure boot (handled by ESP-IDF) --- ## 3. Provided Interfaces ### 3.1 Hash Functions ```c /** * @brief Compute SHA-256 hash * @param data Input data * @param data_len Data length * @param hash Output hash (32 bytes) * @return true on success */ bool crypto_hash_sha256(const uint8_t* data, size_t data_len, uint8_t* hash); /** * @brief Compute SHA-512 hash * @param data Input data * @param data_len Data length * @param hash Output hash (64 bytes) * @return true on success */ bool crypto_hash_sha512(const uint8_t* data, size_t data_len, uint8_t* hash); ``` ### 3.2 Encryption Functions ```c /** * @brief Encrypt data using AES-256 * @param plaintext Input plaintext * @param plaintext_len Plaintext length * @param key Encryption key (32 bytes) * @param iv Initialization vector (16 bytes) * @param ciphertext Output ciphertext * @return true on success */ bool crypto_encrypt_aes256(const uint8_t* plaintext, size_t plaintext_len, const uint8_t* key, const uint8_t* iv, uint8_t* ciphertext, size_t* ciphertext_len); ``` ### 3.3 Random Number Generation ```c /** * @brief Generate secure random bytes * @param buffer Output buffer * @param length Number of bytes to generate * @return true on success */ bool crypto_random_bytes(uint8_t* buffer, size_t length); ``` --- ## 4. ESP-IDF Integration ### 4.1 ESP-IDF Services Used - `mbedtls/sha256.h` - SHA-256 computation - `mbedtls/aes.h` - AES encryption - `mbedtls/rsa.h` - RSA operations - `esp_random.h` - Secure random number generation - Hardware acceleration (ESP32-S3 crypto peripherals) ### 4.2 Hardware Acceleration - AES encryption/decryption (hardware-accelerated) - SHA computation (hardware-accelerated) - Random number generation (hardware RNG) --- ## 5. Traceability ### 11.1 Software Requirements - **SWR-SEC-022:** Secure random number generation - **SWR-SEC-023:** Key derivation functions - **SWR-OTA-007:** Firmware integrity validation (SHA-256) --- **Document Status:** Complete **Next Review:** Before implementation