lib/Serialization/ObfuscationUtils.cpp

#include "ObfuscationUtils.h"

#include <Logging.h>
#include <base64.h>
#include <esp_mac.h>
#include <mbedtls/base64.h>

#include <cstring>

namespace obfuscation {

namespace {
constexpr size_t HW_KEY_LEN = 6;

// Simple lazy init — no thread-safety concern on single-core ESP32-C3.
const uint8_t* getHwKey() {
  static uint8_t key[HW_KEY_LEN] = {};
  static bool initialized = false;
  if (!initialized) {
    esp_efuse_mac_get_default(key);
    initialized = true;
  }
  return key;
}
}  // namespace

void xorTransform(std::string& data) {
  const uint8_t* key = getHwKey();
  for (size_t i = 0; i < data.size(); i++) {
    data[i] ^= key[i % HW_KEY_LEN];
  }
}

void xorTransform(std::string& data, const uint8_t* key, size_t keyLen) {
  if (keyLen == 0 || key == nullptr) return;
  for (size_t i = 0; i < data.size(); i++) {
    data[i] ^= key[i % keyLen];
  }
}

String obfuscateToBase64(const std::string& plaintext) {
  if (plaintext.empty()) return "";
  std::string temp = plaintext;
  xorTransform(temp);
  return base64::encode(reinterpret_cast<const uint8_t*>(temp.data()), temp.size());
}

std::string deobfuscateFromBase64(const char* encoded, bool* ok) {
  if (encoded == nullptr || encoded[0] == '\0') {
    if (ok) *ok = false;
    return "";
  }
  if (ok) *ok = true;
  size_t encodedLen = strlen(encoded);
  // First call: get required output buffer size
  size_t decodedLen = 0;
  int ret = mbedtls_base64_decode(nullptr, 0, &decodedLen, reinterpret_cast<const unsigned char*>(encoded), encodedLen);
  if (ret != 0 && ret != MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL) {
    LOG_ERR("OBF", "Base64 decode size query failed (ret=%d)", ret);
    if (ok) *ok = false;
    return "";
  }
  std::string result(decodedLen, '\0');
  ret = mbedtls_base64_decode(reinterpret_cast<unsigned char*>(&result[0]), decodedLen, &decodedLen,
                              reinterpret_cast<const unsigned char*>(encoded), encodedLen);
  if (ret != 0) {
    LOG_ERR("OBF", "Base64 decode failed (ret=%d)", ret);
    if (ok) *ok = false;
    return "";
  }
  result.resize(decodedLen);
  xorTransform(result);
  return result;
}

void selfTest() {
  const char* testInputs[] = {"", "hello", "WiFi P@ssw0rd!", "a"};
  bool allPassed = true;
  for (const char* input : testInputs) {
    String encoded = obfuscateToBase64(std::string(input));
    std::string decoded = deobfuscateFromBase64(encoded.c_str());
    if (decoded != input) {
      LOG_ERR("OBF", "FAIL: \"%s\" -> \"%s\" -> \"%s\"", input, encoded.c_str(), decoded.c_str());
      allPassed = false;
    }
  }
  // Verify obfuscated form differs from plaintext
  String enc = obfuscateToBase64("test123");
  if (enc == "test123") {
    LOG_ERR("OBF", "FAIL: obfuscated output identical to plaintext");
    allPassed = false;
  }
  if (allPassed) {
    LOG_DBG("OBF", "Obfuscation self-test PASSED");
  }
}

}  // namespace obfuscation
feat: Migrate binary settings to json (#920) ## Summary * This PR introduces a migration from binary file storage to JSON-based storage for application settings, state, and various credential stores. This improves readability, maintainability, and allows for easier manual configuration editing. * Benefits: - Settings files are now JSON and can be easily read/edited manually - Easier to inspect application state and settings during development - JSON structure is more flexible for future changes * Drawback: around 15k of additional flash usage * Compatibility: Seamless migration preserves existing user data ## Additional Context 1. New JSON I/O Infrastructure files: - JsonSettingsIO: Core JSON serialization/deserialization logic using ArduinoJson library - ObfuscationUtils: XOR-based password obfuscation for sensitive data 2. Migrated Components (now use JSON storage with automatic binary migration): - CrossPointSettings (settings.json): Main application settings - CrossPointState (state.json): Application state (open book, sleep mode, etc.) - WifiCredentialStore (wifi.json): WiFi network credentials (Password Obfuscation: Sensitive data like WiFi passwords, uses XOR encryption with fixed keys. Note: This is obfuscation, not cryptographic security - passwords can be recovered with the key) - KOReaderCredentialStore (koreader.json): KOReader sync credentials - RecentBooksStore (recent.json): Recently opened books list 3. Migration Logic - Forward Compatibility: New installations use JSON format - Backward Compatibility: Existing binary files are automatically migrated to JSON on first load - Backup Safety: Original binary files are renamed with .bak extension after successful migration - Fallback Handling: If JSON parsing fails, system falls back to binary loading 4. Infrastructure Updates - HalStorage: Added rename() method for backup operations --- ### AI Usage While CrossPoint doesn't have restrictions on AI tools in contributing, please be transparent about their usage as it helps set the right context for reviewers. Did you use AI tools to help write this code? _ YES_ --------- Co-authored-by: Dave Allie <dave@daveallie.com> 2026-02-22 07:18:25 +01:00			`#include "ObfuscationUtils.h"`

			`#include <Logging.h>`
			`#include <base64.h>`
			`#include <esp_mac.h>`
			`#include <mbedtls/base64.h>`

			`#include <cstring>`

			`namespace obfuscation {`

			`namespace {`
			`constexpr size_t HW_KEY_LEN = 6;`

			`// Simple lazy init — no thread-safety concern on single-core ESP32-C3.`
			`const uint8_t* getHwKey() {`
			`static uint8_t key[HW_KEY_LEN] = {};`
			`static bool initialized = false;`
			`if (!initialized) {`
			`esp_efuse_mac_get_default(key);`
			`initialized = true;`
			`}`
			`return key;`
			`}`
			`} // namespace`

			`void xorTransform(std::string& data) {`
			`const uint8_t* key = getHwKey();`
			`for (size_t i = 0; i < data.size(); i++) {`
			`data[i] ^= key[i % HW_KEY_LEN];`
			`}`
			`}`

			`void xorTransform(std::string& data, const uint8_t* key, size_t keyLen) {`
			`if (keyLen == 0 \|\| key == nullptr) return;`
			`for (size_t i = 0; i < data.size(); i++) {`
			`data[i] ^= key[i % keyLen];`
			`}`
			`}`

			`String obfuscateToBase64(const std::string& plaintext) {`
			`if (plaintext.empty()) return "";`
			`std::string temp = plaintext;`
			`xorTransform(temp);`
			`return base64::encode(reinterpret_cast<const uint8_t*>(temp.data()), temp.size());`
			`}`

			`std::string deobfuscateFromBase64(const char* encoded, bool* ok) {`
			`if (encoded == nullptr \|\| encoded[0] == '\0') {`
			`if (ok) *ok = false;`
			`return "";`
			`}`
			`if (ok) *ok = true;`
			`size_t encodedLen = strlen(encoded);`
			`// First call: get required output buffer size`
			`size_t decodedLen = 0;`
			`int ret = mbedtls_base64_decode(nullptr, 0, &decodedLen, reinterpret_cast<const unsigned char*>(encoded), encodedLen);`
			`if (ret != 0 && ret != MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL) {`
			`LOG_ERR("OBF", "Base64 decode size query failed (ret=%d)", ret);`
			`if (ok) *ok = false;`
			`return "";`
			`}`
			`std::string result(decodedLen, '\0');`
			`ret = mbedtls_base64_decode(reinterpret_cast<unsigned char*>(&result[0]), decodedLen, &decodedLen,`
			`reinterpret_cast<const unsigned char*>(encoded), encodedLen);`
			`if (ret != 0) {`
			`LOG_ERR("OBF", "Base64 decode failed (ret=%d)", ret);`
			`if (ok) *ok = false;`
			`return "";`
			`}`
			`result.resize(decodedLen);`
			`xorTransform(result);`
			`return result;`
			`}`

			`void selfTest() {`
			`const char* testInputs[] = {"", "hello", "WiFi P@ssw0rd!", "a"};`
			`bool allPassed = true;`
			`for (const char* input : testInputs) {`
			`String encoded = obfuscateToBase64(std::string(input));`
			`std::string decoded = deobfuscateFromBase64(encoded.c_str());`
			`if (decoded != input) {`
			`LOG_ERR("OBF", "FAIL: \"%s\" -> \"%s\" -> \"%s\"", input, encoded.c_str(), decoded.c_str());`
			`allPassed = false;`
			`}`
			`}`
			`// Verify obfuscated form differs from plaintext`
			`String enc = obfuscateToBase64("test123");`
			`if (enc == "test123") {`
			`LOG_ERR("OBF", "FAIL: obfuscated output identical to plaintext");`
			`allPassed = false;`
			`}`
			`if (allPassed) {`
			`LOG_DBG("OBF", "Obfuscation self-test PASSED");`
			`}`
			`}`

			`} // namespace obfuscation`