ASF-Nabd/ASF_01_sys_sw_arch
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity
Files
a23dbf0828c214c0f1689bbcfc84f6293316e276
ASF_01_sys_sw_arch/1 software design/components/crypto_utils/COMPONENT.md
mahmamdouh a23dbf0828 software and system v1
2026-02-02 00:49:50 +01:00

3.1 KiB
Raw Blame History

Crypto Utils Component

ASF Sensor Hub (Sub-Hub) Embedded System

Component ID: C-CRYPTO-001
Version: 1.0
Date: 2025-02-01
Location: application_layer/utils/crypto_utils/
Platform: ESP32-S3, ESP-IDF v5.4

1. Component Overview

The Crypto Utils component provides cryptographic utility functions including hash computation, encryption/decryption, digital signatures, secure random number generation, and key derivation. This component supports Security Manager and other security-critical components.

Primary Purpose: Provide cryptographic primitives for system security.

2. Responsibilities

2.1 In-Scope

  • Hash function computation (SHA-256, SHA-512)
  • Symmetric encryption/decryption (AES-128, AES-256)
  • Digital signature verification (RSA, ECDSA)
  • Secure random number generation
  • Key derivation functions (PBKDF2, HKDF)
  • Message authentication codes (HMAC)

2.2 Out-of-Scope

  • Key storage (handled by Security Manager)
  • Certificate management (handled by Security Manager)
  • Secure boot (handled by ESP-IDF)

3. Provided Interfaces

3.1 Hash Functions

/**
 * @brief Compute SHA-256 hash
 * @param data Input data
 * @param data_len Data length
 * @param hash Output hash (32 bytes)
 * @return true on success
 */
bool crypto_hash_sha256(const uint8_t* data, size_t data_len, uint8_t* hash);

/**
 * @brief Compute SHA-512 hash
 * @param data Input data
 * @param data_len Data length
 * @param hash Output hash (64 bytes)
 * @return true on success
 */
bool crypto_hash_sha512(const uint8_t* data, size_t data_len, uint8_t* hash);

3.2 Encryption Functions

/**
 * @brief Encrypt data using AES-256
 * @param plaintext Input plaintext
 * @param plaintext_len Plaintext length
 * @param key Encryption key (32 bytes)
 * @param iv Initialization vector (16 bytes)
 * @param ciphertext Output ciphertext
 * @return true on success
 */
bool crypto_encrypt_aes256(const uint8_t* plaintext, size_t plaintext_len,
                           const uint8_t* key, const uint8_t* iv,
                           uint8_t* ciphertext, size_t* ciphertext_len);

3.3 Random Number Generation

/**
 * @brief Generate secure random bytes
 * @param buffer Output buffer
 * @param length Number of bytes to generate
 * @return true on success
 */
bool crypto_random_bytes(uint8_t* buffer, size_t length);

4. ESP-IDF Integration

4.1 ESP-IDF Services Used

  • mbedtls/sha256.h - SHA-256 computation
  • mbedtls/aes.h - AES encryption
  • mbedtls/rsa.h - RSA operations
  • esp_random.h - Secure random number generation
  • Hardware acceleration (ESP32-S3 crypto peripherals)

4.2 Hardware Acceleration

  • AES encryption/decryption (hardware-accelerated)
  • SHA computation (hardware-accelerated)
  • Random number generation (hardware RNG)

5. Traceability

11.1 Software Requirements

  • SWR-SEC-022: Secure random number generation
  • SWR-SEC-023: Key derivation functions
  • SWR-OTA-007: Firmware integrity validation (SHA-256)

Document Status: Complete
Next Review: Before implementation