Key erase (#7018)

* Wipe keys if low entropy

* Client Notification Payload variant

* Don't call service before it's created

* Lucky Number 14

* Catch for low-entropy keys even before region is set

src/main.cpp

@@ -928,6 +928,11 @@ void setup()
     service = new MeshService();
     service->init();
 
+    if (nodeDB->keyIsLowEntropy) {
+        service->reloadConfig(SEGMENT_CONFIG);
+        rebootAtMsec = (millis() + DEFAULT_REBOOT_SECONDS * 1000);
+    }
+
     // Now that the mesh service is created, create any modules
     setupModules();
 

src/mesh/NodeDB.cpp

@@ -278,7 +278,6 @@ NodeDB::NodeDB()
             config.security.private_key.size = 32;
             owner.public_key.size = 32;
             memcpy(owner.public_key.bytes, config.security.public_key.bytes, 32);
-            keyIsLowEntropy = checkLowEntropyPublicKey(owner.public_key);
         }
     }
 #elif !(MESHTASTIC_EXCLUDE_PKI)
@@ -287,11 +286,17 @@ NodeDB::NodeDB()
         owner.public_key.size = config.security.public_key.size;
         memcpy(owner.public_key.bytes, config.security.public_key.bytes, config.security.public_key.size);
         crypto->setDHPrivateKey(config.security.private_key.bytes);
-        keyIsLowEntropy = checkLowEntropyPublicKey(owner.public_key);
     }
 #endif
+    keyIsLowEntropy = checkLowEntropyPublicKey(config.security.public_key);
     if (keyIsLowEntropy) {
-        LOG_WARN(LOW_ENTROPY_WARNING);
+        LOG_WARN("Erasing low entropy keys");
+        config.security.private_key.size = 0;
+        memfll(config.security.private_key.bytes, '\0', sizeof(config.security.private_key.bytes));
+        config.security.public_key.size = 0;
+        memfll(config.security.public_key.bytes, '\0', sizeof(config.security.public_key.bytes));
+        owner.public_key.size = 0;
+        memfll(owner.public_key.bytes, '\0', sizeof(owner.public_key.bytes));
     }
     // Include our owner in the node db under our nodenum
     meshtastic_NodeInfoLite *info = getOrCreateMeshNode(getNodeNum());
@@ -1572,6 +1577,7 @@ bool NodeDB::updateUser(uint32_t nodeId, meshtastic_User &p, uint8_t channelInde
                              "to regenerate your public keys.";
             LOG_WARN(warning, p.long_name);
             meshtastic_ClientNotification *cn = clientNotificationPool.allocZeroed();
+            cn->which_payload_variant = meshtastic_ClientNotification_duplicated_public_key_tag;
             cn->level = meshtastic_LogRecord_Level_WARNING;
             cn->time = getValidTime(RTCQualityFromNet);
             sprintf(cn->message, warning, p.long_name);
@@ -1751,8 +1757,9 @@ UserLicenseStatus NodeDB::getLicenseStatus(uint32_t nodeNum)
     return info->user.is_licensed ? UserLicenseStatus::Licensed : UserLicenseStatus::NotLicensed;
 }
 
-bool NodeDB::checkLowEntropyPublicKey(const meshtastic_User_public_key_t keyToTest)
+bool NodeDB::checkLowEntropyPublicKey(const meshtastic_Config_SecurityConfig_public_key_t keyToTest)
 {
+    if (keyToTest.size == 32) {
         uint8_t keyHash[32] = {0};
         memcpy(keyHash, keyToTest.bytes, keyToTest.size);
         crypto->hash(keyHash, 32);
@@ -1768,12 +1775,13 @@ bool NodeDB::checkLowEntropyPublicKey(const meshtastic_User_public_key_t keyToTe
             memcmp(keyHash, LOW_ENTROPY_HASH10, sizeof(LOW_ENTROPY_HASH10)) == 0 ||
             memcmp(keyHash, LOW_ENTROPY_HASH11, sizeof(LOW_ENTROPY_HASH11)) == 0 ||
             memcmp(keyHash, LOW_ENTROPY_HASH12, sizeof(LOW_ENTROPY_HASH12)) == 0 ||
-        memcmp(keyHash, LOW_ENTROPY_HASH13, sizeof(LOW_ENTROPY_HASH13)) == 0) {
+            memcmp(keyHash, LOW_ENTROPY_HASH13, sizeof(LOW_ENTROPY_HASH13)) == 0 ||
+            memcmp(keyHash, LOW_ENTROPY_HASH14, sizeof(LOW_ENTROPY_HASH14)) == 0) {
             return true;
-    } else {
-        return false;
         }
     }
+    return false;
+}
 
 bool NodeDB::backupPreferences(meshtastic_AdminMessage_BackupLocation location)
 {

src/mesh/NodeDB.h

@@ -58,6 +58,9 @@ static const uint8_t LOW_ENTROPY_HASH12[] = {0x48, 0x6f, 0x1e, 0x48, 0x97, 0x88,
 static const uint8_t LOW_ENTROPY_HASH13[] = {0x09, 0xb4, 0xe2, 0x6d, 0x28, 0x98, 0xc9, 0x47, 0x66, 0x46, 0xbf,
                                              0xff, 0x58, 0x17, 0x91, 0xaa, 0xc3, 0xbf, 0x4a, 0x9d, 0x0b, 0x88,
                                              0xb1, 0xf1, 0x03, 0xdd, 0x61, 0xd7, 0xba, 0x9e, 0x64, 0x98};
+static const uint8_t LOW_ENTROPY_HASH14[] = {0x39, 0x39, 0x84, 0xe0, 0x22, 0x2f, 0x7d, 0x78, 0x45, 0x18, 0x72,
+                                             0xb4, 0x13, 0xd2, 0x01, 0x2f, 0x3c, 0xa1, 0xb0, 0xfe, 0x39, 0xd0,
+                                             0xf1, 0x3c, 0x72, 0xd6, 0xef, 0x54, 0xd5, 0x77, 0x22, 0xa0};
 static const char LOW_ENTROPY_WARNING[] = "Your Device is configured with a low entropy key. Suggest regenerating DM keys";
 #endif
 /*
@@ -251,7 +254,7 @@ class NodeDB
 
     bool hasValidPosition(const meshtastic_NodeInfoLite *n);
 
-    bool checkLowEntropyPublicKey(const meshtastic_User_public_key_t keyToTest);
+    bool checkLowEntropyPublicKey(const meshtastic_Config_SecurityConfig_public_key_t keyToTest);
 
     bool backupPreferences(meshtastic_AdminMessage_BackupLocation location);
     bool restorePreferences(meshtastic_AdminMessage_BackupLocation location,

src/mesh/Router.cpp

@@ -554,6 +554,7 @@ meshtastic_Routing_Error perhapsEncode(meshtastic_MeshPacket *p)
                 LOG_WARN(LOW_ENTROPY_WARNING);
                 if (!nodeDB->hasWarned) {
                     meshtastic_ClientNotification *cn = clientNotificationPool.allocZeroed();
+                    cn->which_payload_variant = meshtastic_ClientNotification_low_entropy_key_tag;
                     cn->level = meshtastic_LogRecord_Level_WARNING;
                     cn->time = getValidTime(RTCQualityFromNet);
                     sprintf(cn->message, LOW_ENTROPY_WARNING);