- Generated by
1.15.0
|
cryptnox-sdk-cpp 1.0.0
Platform-independent C++ core SDK for Cryptnox Hardware Wallet
|
Portable utility functions for cryptographic and security operations. More...
#include <CW_Utils.h>
Static Public Member Functions | |
| static bool | secure_compare (const uint8_t *a, const uint8_t *b, size_t len) |
| Constant-time buffer comparison, resistant to timing side-channel attacks. | |
| static void | secure_wipe (uint8_t *buf, size_t len) |
| Securely zero a buffer, guaranteed not to be optimised away. | |
| static bool | safe_memcpy (uint8_t *dst, size_t dstSize, const uint8_t *src, size_t count) |
| Safe memcpy — validates pointers, sizes, and checks for overlap. | |
| static bool | fill_secure_random (uint8_t *dest, size_t len) |
Fill len bytes at dest with cryptographically random data. | |
Portable utility functions for cryptographic and security operations.
All methods here are platform-independent pure C++ with no dependency on Arduino or any hardware-specific library.
Hardware-specific helpers (e.g. TRNG byte generation) live in the concrete crypto provider implementation (ArduinoCryptoProvider).
Definition at line 45 of file CW_Utils.h.
|
static |
Fill len bytes at dest with cryptographically random data.
The implementation is platform-specific. On ESP32 it calls esp_fill_random() after verifying that Wi-Fi or Bluetooth is active, ensuring the hardware TRNG is properly seeded. Returns false (hard failure) if neither radio is on (SEC-001).
| dest | Destination buffer. |
| len | Number of random bytes to generate. |
|
static |
Safe memcpy — validates pointers, sizes, and checks for overlap.
Safe memcpy — checks src, dst and size before copying.
| dst | Destination buffer. |
| dstSize | Capacity of the destination buffer. |
| src | Source buffer. |
| count | Number of bytes to copy. |
Definition at line 50 of file CW_Utils.cpp.
Referenced by CW_SecureChannel::aesCbcDecrypt(), CW_SecureChannel::aesCbcEncrypt(), CryptnoxWallet::buildSignPayload(), CryptnoxWallet::extractRawSignature(), CW_SecureChannel::getCardCertificate(), CryptnoxWallet::getCardInfo(), CW_SecureChannel::getManufacturerCertificate(), CW_SecureChannel::mutuallyAuthenticate(), CW_SecureChannel::openSecureChannel(), CryptnoxWallet::parseDerSignature(), CW_SecureChannel::parseDerSigToRaw(), and CryptnoxWallet::verifyPin().
|
static |
Constant-time buffer comparison, resistant to timing side-channel attacks.
Always iterates over the full length regardless of where the first difference occurs, preventing an attacker from inferring the correct value byte-by-byte via timing measurements.
| a | Pointer to the first buffer. |
| b | Pointer to the second buffer. |
| len | Number of bytes to compare. |
Definition at line 22 of file CW_Utils.cpp.
Referenced by CW_SecureChannel::aesCbcDecrypt(), and CW_SecureChannel::verifyCertificateChain().
|
static |
Securely zero a buffer, guaranteed not to be optimised away.
Uses a volatile pointer so the compiler cannot elide the writes, ensuring sensitive material is actually erased from memory.
| buf | Pointer to the buffer to wipe. |
| len | Number of bytes to zero. |
Definition at line 37 of file CW_Utils.cpp.
Referenced by CW_SecureChannel::aesCbcDecrypt(), CW_SecureChannel::aesCbcEncrypt(), CW_SecureSession::clear(), CryptnoxWallet::establishSecureChannel(), CryptnoxWallet::extractRawSignature(), CryptnoxWallet::getCardInfo(), CW_SecureChannel::mutuallyAuthenticate(), CryptnoxWallet::sign(), CW_SecureChannel::verifyCertificateChain(), CryptnoxWallet::verifyPin(), and CW_SignRequest::~CW_SignRequest().
1.15.0