Introduce security sub-system

open-control-systems · Nov 19, 2024 · a892467 · a892467
1 parent 05878f5
commit a892467
Show file tree

Hide file tree

Showing 12 changed files with 382 additions and 0 deletions.
diff --git a/components/ocs_algo/CMakeLists.txt b/components/ocs_algo/CMakeLists.txt
@@ -10,6 +10,7 @@ idf_component_register(
     REQUIRES
     "ocs_storage"
     "ocs_status"
+    "ocs_security"
 
     INCLUDE_DIRS
     ".."

diff --git a/components/ocs_algo/sha_engine_ops.h b/components/ocs_algo/sha_engine_ops.h
@@ -0,0 +1,39 @@
+/*
+ * Copyright (c) 2024, Open Control Systems authors
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+#pragma once
+
+#include "freertos/FreeRTOSConfig.h"
+
+#include "ocs_security/isha_engine.h"
+
+namespace ocs {
+namespace algo {
+
+struct ShaEngineOps {
+    //! Return the maximum number of bytes the SHA algorithm can produce on the output.
+    static constexpr unsigned hash_lenght(security::IShaEngine::Algorithm algorithm) {
+        switch (algorithm) {
+        case security::IShaEngine::Algorithm::SHA1:
+            return 20;
+
+        case security::IShaEngine::Algorithm::SHA256:
+            return 32;
+
+        case security::IShaEngine::Algorithm::SHA512:
+            return 64;
+        }
+
+        configASSERT(false);
+
+        return 0;
+    }
+};
+
+} // namespace algo
+} // namespace ocs
diff --git a/components/ocs_security/CMakeLists.txt b/components/ocs_security/CMakeLists.txt
@@ -0,0 +1,15 @@
+idf_component_register(
+    SRCS
+    "sha_generator.cpp"
+    "sha_to_hex_str.cpp"
+    "basic_sha_engine.cpp"
+    "mbedtls_sha_engine.cpp"
+
+    REQUIRES
+    "mbedtls"
+    "ocs_status"
+    "ocs_algo"
+
+    INCLUDE_DIRS
+    ".."
+)
diff --git a/components/ocs_security/basic_sha_engine.cpp b/components/ocs_security/basic_sha_engine.cpp
@@ -0,0 +1,23 @@
+/*
+ * Copyright (c) 2024, Open Control Systems authors
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+#include "ocs_security/basic_sha_engine.h"
+
+namespace ocs {
+namespace security {
+
+BasicShaEngine::BasicShaEngine(IShaEngine::Algorithm algorithm)
+    : algorithm_(algorithm) {
+}
+
+IShaEngine::Algorithm BasicShaEngine::get_algorithm() const {
+    return algorithm_;
+}
+
+} // namespace security
+} // namespace ocs
diff --git a/components/ocs_security/basic_sha_engine.h b/components/ocs_security/basic_sha_engine.h
@@ -0,0 +1,33 @@
+/*
+ * Copyright (c) 2024, Open Control Systems authors
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+#pragma once
+
+#include "ocs_core/noncopyable.h"
+#include "ocs_security/isha_engine.h"
+
+namespace ocs {
+namespace security {
+
+class BasicShaEngine : public IShaEngine, public core::NonCopyable<BasicShaEngine> {
+public:
+    //! Destroy.
+    virtual ~BasicShaEngine() = default;
+
+    //! Initialize.
+    explicit BasicShaEngine(IShaEngine::Algorithm algorithm);
+
+    //! Return selected SHA algorithm.
+    IShaEngine::Algorithm get_algorithm() const override;
+
+protected:
+    const IShaEngine::Algorithm algorithm_ { IShaEngine::Algorithm::SHA1 };
+};
+
+} // namespace security
+} // namespace ocs
diff --git a/components/ocs_security/isha_engine.h b/components/ocs_security/isha_engine.h
@@ -0,0 +1,43 @@
+/*
+ * Copyright (c) 2024, Open Control Systems authors
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+#pragma once
+
+#include <cstdint>
+
+#include "ocs_status/code.h"
+
+namespace ocs {
+namespace security {
+
+class IShaEngine {
+public:
+    //! Known SHA algorithms.
+    enum class Algorithm {
+        SHA1,
+        SHA256,
+        SHA512,
+    };
+
+    //! Destroy.
+    virtual ~IShaEngine() = default;
+
+    //! Return algorithm used for SHA calculation.
+    virtual Algorithm get_algorithm() const = 0;
+
+    //! Generate SHA to @p buf from @p size bytes from @p src.
+    //!
+    //! @remarks
+    //!  - @p src should be at least @p size bytes long.
+    //!  - @p buf should be large enough to store the result of SHA calculation.
+    virtual status::StatusCode
+    generate(uint8_t* buf, const uint8_t* src, unsigned size) = 0;
+};
+
+} // namespace security
+} // namespace ocs
diff --git a/components/ocs_security/mbedtls_sha_engine.cpp b/components/ocs_security/mbedtls_sha_engine.cpp
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2024, Open Control Systems authors
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+#include "mbedtls/sha1.h"
+#include "mbedtls/sha256.h"
+
+#if SOC_SHA_SUPPORT_SHA512
+#include "mbedtls/sha512.h"
+#endif // SOC_SHA_SUPPORT_SHA512
+
+#include "ocs_security/mbedtls_sha_engine.h"
+
+namespace ocs {
+namespace security {
+
+MbedTlsShaEngine::MbedTlsShaEngine(IShaEngine::Algorithm algorithm)
+    : BasicShaEngine(algorithm) {
+}
+
+status::StatusCode
+MbedTlsShaEngine::generate(uint8_t* buf, const uint8_t* src, unsigned size) {
+    int result = 0;
+
+    switch (algorithm_) {
+    case IShaEngine::Algorithm::SHA1:
+        result = mbedtls_sha1(src, size, buf);
+        break;
+
+    case IShaEngine::Algorithm::SHA256:
+        result = mbedtls_sha256(src, size, buf, 0);
+        break;
+
+#if SOC_SHA_SUPPORT_SHA512
+    case IShaEngine::Algorithm::SHA512:
+        result = mbedtls_sha512(src, size, buf, 0);
+        break;
+#endif // SOC_SHA_SUPPORT_SHA512
+
+    default:
+        return status::StatusCode::InvalidArg;
+    }
+
+    return result == 0 ? status::StatusCode::OK : status::StatusCode::Error;
+}
+
+} // namespace security
+} // namespace ocs
diff --git a/components/ocs_security/mbedtls_sha_engine.h b/components/ocs_security/mbedtls_sha_engine.h
@@ -0,0 +1,27 @@
+/*
+ * Copyright (c) 2024, Open Control Systems authors
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+#pragma once
+
+#include "ocs_core/noncopyable.h"
+#include "ocs_security/basic_sha_engine.h"
+
+namespace ocs {
+namespace security {
+
+class MbedTlsShaEngine : public BasicShaEngine, public core::NonCopyable<> {
+public:
+    //! Initialize.
+    explicit MbedTlsShaEngine(IShaEngine::Algorithm algorithm);
+
+    //! Generate SHA by using the mbedTLS library.
+    status::StatusCode generate(uint8_t* buf, const uint8_t* src, unsigned size) override;
+};
+
+} // namespace security
+} // namespace ocs
diff --git a/components/ocs_security/sha_generator.cpp b/components/ocs_security/sha_generator.cpp
@@ -0,0 +1,35 @@
+/*
+ * Copyright (c) 2024, Open Control Systems authors
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+#include "ocs_security/sha_generator.h"
+#include "ocs_algo/sha_engine_ops.h"
+
+namespace ocs {
+namespace security {
+
+ShaGenerator::ShaGenerator(IShaEngine& engine)
+    : engine_(engine) {
+    sha_.resize(algo::ShaEngineOps::hash_lenght(engine_.get_algorithm()));
+}
+
+const ShaGenerator::Data& ShaGenerator::get_sha() const {
+    return sha_;
+}
+
+void ShaGenerator::add(const uint8_t* buf, unsigned size) {
+    for (unsigned n = 0; n < size; ++n) {
+        src_.push_back(buf[n]);
+    }
+}
+
+status::StatusCode ShaGenerator::generate() {
+    return engine_.generate(sha_.data(), src_.data(), src_.size());
+}
+
+} // namespace security
+} // namespace ocs
diff --git a/components/ocs_security/sha_generator.h b/components/ocs_security/sha_generator.h
@@ -0,0 +1,43 @@
+/*
+ * Copyright (c) 2024, Open Control Systems authors
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+#pragma once
+
+#include <vector>
+
+#include "ocs_core/noncopyable.h"
+#include "ocs_security/isha_engine.h"
+
+namespace ocs {
+namespace security {
+
+class ShaGenerator : public core::NonCopyable<> {
+public:
+    using Data = std::vector<uint8_t>;
+
+    //! Initialize.
+    explicit ShaGenerator(IShaEngine& engine);
+
+    //! Return the result of SHA calculation.
+    const Data& get_sha() const;
+
+    //! Add @p size bytes from @p buf to be used during SHA calculation.
+    void add(const uint8_t* buf, unsigned size);
+
+    //! Generate SHA based on the underlying data.
+    status::StatusCode generate();
+
+private:
+    IShaEngine& engine_;
+
+    Data src_;
+    Data sha_;
+};
+
+} // namespace security
+} // namespace ocs
diff --git a/components/ocs_security/sha_to_hex_str.cpp b/components/ocs_security/sha_to_hex_str.cpp
@@ -0,0 +1,34 @@
+/*
+ * Copyright (c) 2024, Open Control Systems authors
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+#include <cstdio>
+#include <cstring>
+
+#include "freertos/FreeRTOSConfig.h"
+
+#include "ocs_security/sha_to_hex_str.h"
+
+namespace ocs {
+namespace security {
+
+sha_to_hex_str::sha_to_hex_str(const uint8_t* sha, unsigned size) {
+    configASSERT(size <= max_hash_length_);
+
+    memset(buf_, 0, sizeof(buf_));
+
+    for (unsigned n = 0; n < size; ++n) {
+        sprintf(buf_ + n * 2, "%02X", sha[n]);
+    }
+}
+
+const char* sha_to_hex_str::c_str() const {
+    return buf_;
+}
+
+} // namespace security
+} // namespace ocs
diff --git a/components/ocs_security/sha_to_hex_str.h b/components/ocs_security/sha_to_hex_str.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright (c) 2024, Open Control Systems authors
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+#pragma once
+
+#include "ocs_algo/sha_engine_ops.h"
+#include "ocs_core/noncopyable.h"
+#include "ocs_security/isha_engine.h"
+
+namespace ocs {
+namespace security {
+
+class sha_to_hex_str : public core::NonCopyable<> {
+public:
+    //! Initialize.
+    //!
+    //! @params
+    //!  - @p sha - SHA data, @p size bytes long.
+    sha_to_hex_str(const uint8_t* sha, unsigned size);
+
+    //! Return SHA formatted as a hex string.
+    const char* c_str() const;
+
+private:
+    static const constexpr unsigned max_hash_length_ =
+        algo::ShaEngineOps::hash_lenght(IShaEngine::Algorithm::SHA512);
+
+    char buf_[max_hash_length_ + 1];
+};
+
+} // namespace security
+} // namespace ocs