ESP-IDF
Select one of the symbols to view example projects that use it.
 
Outline
#include <cstring>
#include "nvs_encrypted_partition.hpp"
#include "nvs_types.hpp"
nvs
Files
ESP-IDF
components
app_trace
app_update
bootloader_support
bt
cmock
console
cxx
driver
efuse
esp_adc
esp_app_format
esp_bootloader_format
esp_coex
esp_common
esp_driver_ana_cmpr
esp_driver_cam
esp_driver_dac
esp_driver_gpio
esp_driver_gptimer
esp_driver_i2c
esp_driver_i2s
esp_driver_jpeg
esp_driver_ledc
esp_driver_mcpwm
esp_driver_parlio
esp_driver_pcnt
esp_driver_rmt
esp_driver_sdio
esp_driver_sdm
esp_driver_sdmmc
esp_driver_sdspi
esp_driver_spi
esp_driver_tsens
esp_driver_uart
esp_driver_usb_serial_jtag
esp_eth
esp_event
esp_gdbstub
esp_hid
esp_http_client
esp_http_server
esp_https_ota
esp_https_server
esp_hw_support
esp_lcd
esp_local_ctrl
esp_mm
esp_netif
esp_partition
esp_phy
esp_pm
esp_psram
esp_ringbuf
esp_rom
esp_security
esp_system
esp_timer
esp_vfs_console
esp_wifi
esp-tls
espcoredump
hal
heap
http_parser
ieee802154
log
mqtt
newlib
nvs_flash
include
private_include
src
compressed_enum_table.hpp
intrusive_list.h
nvs_api.cpp
nvs_bootloader.c
nvs_cxx_api.cpp
nvs_encrypted_partition.cpp
nvs_encrypted_partition.hpp
nvs_handle_locked.cpp
nvs_handle_locked.hpp
nvs_handle_simple.cpp
nvs_handle_simple.hpp
nvs_item_hash_list.cpp
nvs_item_hash_list.hpp
nvs_memory_management.hpp
nvs_page.cpp
nvs_page.hpp
nvs_pagemanager.cpp
nvs_pagemanager.hpp
nvs_partition_lookup.cpp
nvs_partition_lookup.hpp
nvs_partition_manager.cpp
nvs_partition_manager.hpp
nvs_partition.cpp
nvs_partition.hpp
nvs_platform.cpp
nvs_platform.hpp
nvs_storage.cpp
nvs_storage.hpp
nvs_types.cpp
nvs_types.hpp
nvs.hpp
partition.hpp
nvs_sec_provider
openthread
perfmon
protobuf-c
protocomm
pthread
rt
sdmmc
soc
spi_flash
spiffs
tcp_transport
ulp
unity
vfs
wear_levelling
wifi_provisioning
wpa_supplicant
xtensa
examples
lwIP
FreeRTOS
cJSON
mbedTLS
SourceVuESP-IDF Framework and ExamplesESP-IDFcomponents/nvs_flash/src/nvs_encrypted_partition.cpp
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
/* * SPDX-FileCopyrightText: 2019-2022 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 *//* ... */ #include <cstring> #include "nvs_encrypted_partition.hpp" #include "nvs_types.hpp" namespace nvs { NVSEncryptedPartition::NVSEncryptedPartition(const esp_partition_t *partition) : NVSPartition(partition) { } esp_err_t NVSEncryptedPartition::init(nvs_sec_cfg_t* cfg) { uint8_t* eky = reinterpret_cast<uint8_t*>(cfg); mbedtls_aes_xts_init(&mEctxt); mbedtls_aes_xts_init(&mDctxt); if (mbedtls_aes_xts_setkey_enc(&mEctxt, eky, 2 * NVS_KEY_SIZE * 8) != 0) { return ESP_ERR_NVS_XTS_CFG_FAILED; }{...} if (mbedtls_aes_xts_setkey_dec(&mDctxt, eky, 2 * NVS_KEY_SIZE * 8) != 0) { return ESP_ERR_NVS_XTS_CFG_FAILED; }{...} return ESP_OK; }{ ... } esp_err_t NVSEncryptedPartition::read(size_t src_offset, void* dst, size_t size) { /** Currently upper layer of NVS reads entries one by one even for variable size * multi-entry data types. So length should always be equal to size of an entry.*//* ... */ if (size != sizeof(Item)) return ESP_ERR_INVALID_SIZE; // read data esp_err_t read_result = esp_partition_read(mESPPartition, src_offset, dst, size); if (read_result != ESP_OK) { return read_result; }{...} // decrypt data //sector num required as an arr by mbedtls. Should have been just uint64/32. uint8_t data_unit[16]; uint32_t relAddr = src_offset; memset(data_unit, 0, sizeof(data_unit)); memcpy(data_unit, &relAddr, sizeof(relAddr)); uint8_t *destination = reinterpret_cast<uint8_t*>(dst); if (mbedtls_aes_crypt_xts(&mDctxt, MBEDTLS_AES_DECRYPT, size, data_unit, destination, destination) != 0) { return ESP_ERR_NVS_XTS_DECR_FAILED; }{...} return ESP_OK; }{ ... } esp_err_t NVSEncryptedPartition::write(size_t addr, const void* src, size_t size) { if (size % ESP_ENCRYPT_BLOCK_SIZE != 0) return ESP_ERR_INVALID_SIZE; // copy data to buffer for encryption uint8_t* buf = new (std::nothrow) uint8_t [size]; if (!buf) return ESP_ERR_NO_MEM; memcpy(buf, src, size); // encrypt data uint8_t entrySize = sizeof(Item); //sector num required as an arr by mbedtls. Should have been just uint64/32. uint8_t data_unit[16]; /* Use relative address instead of absolute address (relocatable), so that host-generated * encrypted nvs images can be used*//* ... */ uint32_t relAddr = addr; memset(data_unit, 0, sizeof(data_unit)); for(uint8_t entry = 0; entry < (size/entrySize); entry++) { uint32_t offset = entry * entrySize; uint32_t *addr_loc = (uint32_t*) &data_unit[0]; *addr_loc = relAddr + offset; if (mbedtls_aes_crypt_xts(&mEctxt, MBEDTLS_AES_ENCRYPT, entrySize, data_unit, buf + offset, buf + offset) != 0) { delete [] buf; return ESP_ERR_NVS_XTS_ENCR_FAILED; }{...} }{...} // write data esp_err_t result = esp_partition_write(mESPPartition, addr, buf, size); delete [] buf; return result; }{ ... } }{...} // nvs
Details
Show:
from
Types: Columns: