-
-
Notifications
You must be signed in to change notification settings - Fork 748
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto: add support for AES CCM #2579
Conversation
74c3d5e
to
065aeed
Compare
Should this be enabled on Puck.js? |
065aeed
to
fd8ae8b
Compare
Thanks - just looking at this, I'm not quite sure what the differences are but is there any way code can be reused from jswrap_crypto_AEScrypt so we're not having quite so much duplication? Or at the very least, doing like we do in jswrap_crypto_AEScrypt where we have one function we call from jswrap_crypto_AES_encrypt and jswrap_crypto_AES_decrypt, as it looks like there's a bunch of duplicated code in jswrap_crypto_AES_ccmDecrypt and jswrap_crypto_AES_ccmEncrypt? On the Puck.js front, maybe I'd leave it out for now - I've spent a lot of time trying to free up hundreds of bytes here and there for Puck.js builds so I'd rather not suddenly fill it up with an extra 3.5k! |
fd8ae8b
to
3c98dd4
Compare
Not really (apart from getting the iv, the
I've now moved both encrypting and decrypting into
Alright, removed from the Puck.js build 👍 |
3c98dd4
to
5423dd2
Compare
Turns out the Bangle.js 2 build can be 1424 B smaller (still an increase compared to current master though) by not configuring mbedtls to enable all AES stuff if the board doesn't use AES. |
Thanks for that! Combining the two functions still helps a lot.
Great! Is that done now? Some description in the JSON header for ccmEncrypt/Decrypt would be really handy. I know we don't seem to have anything for AES but ideally a small comment that it's for CCM encryption and a very small bit of example code would be perfect. So what's your main reason for doing this? BTHome? Before merging, have you tested and got it working with BTHome? It'd be good to ensure we've got everything you need for it to be useful. |
Should be as of my last push 👍
Oops, totally forgot about that 🙈 I'll try to come up with something.
Yup: Sending encrypted BTHome advertisements in the general direction of Home Assistant. I discovered BTHome like four days ago, but didn't want to use something wireless without some form of security - hence this crypto stuff. By the way, would you be open to adding the Seeed XIAO BLE to the list of supported boards?
Just tested this again; sending encrypted BTHome advertisements and having Home Assistant do something seems to work nicely 👍 |
Sorry for the delay, I missed this...
Actually no (just the usual JS)... for base64 there's
My feeling with it was if someone can get close enough to read the BLE advertisement with my Office's temperature, they're probably close enough to look in the window anyway :) Still, it's nice to have the option...
Yes, that'd be good, thanks! |
No worries :) I'm still gonna create a PR soon-ish with some docs for this, probably with something along the lines of
I hadn't thought of it that way 🙈 |
This adds support for AES CCM and enables it on Linux, Bangle.js 2 and the Bangle.js 2 emulator.
Can be used for creating encrypted BTHome advertisements.
Example that follows https://bthome.io/encryption to encrypt and decrypt a BTHome advertisement:
https://gist.github.com/ssievert42/dd979303b228cbd1c52733a3f63004cf
WIP BTHome module that creates encrypted advertisements (planning on submitting this soon™; check first comment below the gist for creating and setting an encryption key):
https://gist.github.com/ssievert42/1305e4a036d8a3d4a6e14229c2eb01e5