mirror of
https://github.com/meshtastic/firmware.git
synced 2025-06-09 14:42:05 +00:00
Disentangle NodeDB from the CryptoEngine (#5013)
This commit is contained in:
parent
0cbade989e
commit
7ff4bafe22
@ -1,8 +1,6 @@
|
|||||||
#include "CryptoEngine.h"
|
#include "CryptoEngine.h"
|
||||||
#include "NodeDB.h"
|
// #include "NodeDB.h"
|
||||||
#include "RadioInterface.h"
|
|
||||||
#include "architecture.h"
|
#include "architecture.h"
|
||||||
#include "configuration.h"
|
|
||||||
|
|
||||||
#if !(MESHTASTIC_EXCLUDE_PKI)
|
#if !(MESHTASTIC_EXCLUDE_PKI)
|
||||||
#include "aes-ccm.h"
|
#include "aes-ccm.h"
|
||||||
@ -62,8 +60,8 @@ void CryptoEngine::clearKeys()
|
|||||||
*
|
*
|
||||||
* @param bytes is updated in place
|
* @param bytes is updated in place
|
||||||
*/
|
*/
|
||||||
bool CryptoEngine::encryptCurve25519(uint32_t toNode, uint32_t fromNode, uint64_t packetNum, size_t numBytes, uint8_t *bytes,
|
bool CryptoEngine::encryptCurve25519(uint32_t toNode, uint32_t fromNode, meshtastic_UserLite_public_key_t remotePublic,
|
||||||
uint8_t *bytesOut)
|
uint64_t packetNum, size_t numBytes, uint8_t *bytes, uint8_t *bytesOut)
|
||||||
{
|
{
|
||||||
uint8_t *auth;
|
uint8_t *auth;
|
||||||
long extraNonceTmp = random();
|
long extraNonceTmp = random();
|
||||||
@ -71,14 +69,14 @@ bool CryptoEngine::encryptCurve25519(uint32_t toNode, uint32_t fromNode, uint64_
|
|||||||
memcpy((uint8_t *)(auth + 8), &extraNonceTmp,
|
memcpy((uint8_t *)(auth + 8), &extraNonceTmp,
|
||||||
sizeof(uint32_t)); // do not use dereference on potential non aligned pointers : *extraNonce = extraNonceTmp;
|
sizeof(uint32_t)); // do not use dereference on potential non aligned pointers : *extraNonce = extraNonceTmp;
|
||||||
LOG_INFO("Random nonce value: %d\n", extraNonceTmp);
|
LOG_INFO("Random nonce value: %d\n", extraNonceTmp);
|
||||||
meshtastic_NodeInfoLite *node = nodeDB->getMeshNode(toNode);
|
if (remotePublic.size == 0) {
|
||||||
if (node->num < 1 || node->user.public_key.size == 0) {
|
|
||||||
LOG_DEBUG("Node %d or their public_key not found\n", toNode);
|
LOG_DEBUG("Node %d or their public_key not found\n", toNode);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
if (!crypto->setDHKey(toNode)) {
|
if (!crypto->setDHPublicKey(remotePublic.bytes)) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
crypto->hash(shared_key, 32);
|
||||||
initNonce(fromNode, packetNum, extraNonceTmp);
|
initNonce(fromNode, packetNum, extraNonceTmp);
|
||||||
|
|
||||||
// Calculate the shared secret with the destination node and encrypt
|
// Calculate the shared secret with the destination node and encrypt
|
||||||
@ -97,27 +95,27 @@ bool CryptoEngine::encryptCurve25519(uint32_t toNode, uint32_t fromNode, uint64_
|
|||||||
*
|
*
|
||||||
* @param bytes is updated in place
|
* @param bytes is updated in place
|
||||||
*/
|
*/
|
||||||
bool CryptoEngine::decryptCurve25519(uint32_t fromNode, uint64_t packetNum, size_t numBytes, uint8_t *bytes, uint8_t *bytesOut)
|
bool CryptoEngine::decryptCurve25519(uint32_t fromNode, meshtastic_UserLite_public_key_t remotePublic, uint64_t packetNum,
|
||||||
|
size_t numBytes, uint8_t *bytes, uint8_t *bytesOut)
|
||||||
{
|
{
|
||||||
uint8_t *auth; // set to last 8 bytes of text?
|
uint8_t *auth; // set to last 8 bytes of text?
|
||||||
uint32_t extraNonce; // pointer was not really used
|
uint32_t extraNonce; // pointer was not really used
|
||||||
auth = bytes + numBytes - 12;
|
auth = bytes + numBytes - 12;
|
||||||
memcpy(&extraNonce, auth + 8,
|
memcpy(&extraNonce, auth + 8,
|
||||||
sizeof(uint32_t)); // do not use dereference on potential non aligned pointers : (uint32_t *)(auth + 8);
|
sizeof(uint32_t)); // do not use dereference on potential non aligned pointers : (uint32_t *)(auth + 8);
|
||||||
#ifndef PIO_UNIT_TESTING
|
|
||||||
LOG_INFO("Random nonce value: %d\n", extraNonce);
|
LOG_INFO("Random nonce value: %d\n", extraNonce);
|
||||||
meshtastic_NodeInfoLite *node = nodeDB->getMeshNode(fromNode);
|
|
||||||
|
|
||||||
if (node == nullptr || node->num < 1 || node->user.public_key.size == 0) {
|
if (remotePublic.size == 0) {
|
||||||
LOG_DEBUG("Node or its public key not found in database\n");
|
LOG_DEBUG("Node or its public key not found in database\n");
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Calculate the shared secret with the sending node and decrypt
|
// Calculate the shared secret with the sending node and decrypt
|
||||||
if (!crypto->setDHKey(fromNode)) {
|
if (!crypto->setDHPublicKey(remotePublic.bytes)) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
#endif
|
crypto->hash(shared_key, 32);
|
||||||
|
|
||||||
initNonce(fromNode, packetNum, extraNonce);
|
initNonce(fromNode, packetNum, extraNonce);
|
||||||
printBytes("Attempting decrypt using nonce: ", nonce, 13);
|
printBytes("Attempting decrypt using nonce: ", nonce, 13);
|
||||||
printBytes("Attempting decrypt using shared_key starting with: ", shared_key, 8);
|
printBytes("Attempting decrypt using shared_key starting with: ", shared_key, 8);
|
||||||
@ -128,38 +126,6 @@ void CryptoEngine::setDHPrivateKey(uint8_t *_private_key)
|
|||||||
{
|
{
|
||||||
memcpy(private_key, _private_key, 32);
|
memcpy(private_key, _private_key, 32);
|
||||||
}
|
}
|
||||||
/**
|
|
||||||
* Set the PKI key used for encrypt, decrypt.
|
|
||||||
*
|
|
||||||
* @param nodeNum the node number of the node who's public key we want to use
|
|
||||||
*/
|
|
||||||
bool CryptoEngine::setDHKey(uint32_t nodeNum)
|
|
||||||
{
|
|
||||||
meshtastic_NodeInfoLite *node = nodeDB->getMeshNode(nodeNum);
|
|
||||||
if (node->num < 1 || node->user.public_key.size == 0) {
|
|
||||||
LOG_DEBUG("Node %d or their public_key not found\n", nodeNum);
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
printBytes("Generating DH with remote pubkey: ", node->user.public_key.bytes, 32);
|
|
||||||
printBytes("And local pubkey: ", config.security.public_key.bytes, 32);
|
|
||||||
if (!setDHPublicKey(node->user.public_key.bytes))
|
|
||||||
return false;
|
|
||||||
|
|
||||||
// printBytes("DH Output: ", shared_key, 32);
|
|
||||||
|
|
||||||
/**
|
|
||||||
* D.J. Bernstein reccomends hashing the shared key. We want to do this because there are
|
|
||||||
* at least 128 bits of entropy in the 256-bit output of the DH key exchange, but we don't
|
|
||||||
* really know where. If you extract, for instance, the first 128 bits with basic truncation,
|
|
||||||
* then you don't know if you got all of your 128 entropy bits, or less, possibly much less.
|
|
||||||
*
|
|
||||||
* No exploitable bias is really known at that point, but we know enough to be wary.
|
|
||||||
* Hashing the DH output is a simple and safe way to gather all the entropy and spread
|
|
||||||
* it around as needed.
|
|
||||||
*/
|
|
||||||
crypto->hash(shared_key, 32);
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Hash arbitrary data using SHA256.
|
* Hash arbitrary data using SHA256.
|
||||||
|
@ -39,10 +39,10 @@ class CryptoEngine
|
|||||||
#endif
|
#endif
|
||||||
void clearKeys();
|
void clearKeys();
|
||||||
void setDHPrivateKey(uint8_t *_private_key);
|
void setDHPrivateKey(uint8_t *_private_key);
|
||||||
virtual bool encryptCurve25519(uint32_t toNode, uint32_t fromNode, uint64_t packetNum, size_t numBytes, uint8_t *bytes,
|
virtual bool encryptCurve25519(uint32_t toNode, uint32_t fromNode, meshtastic_UserLite_public_key_t remotePublic,
|
||||||
uint8_t *bytesOut);
|
uint64_t packetNum, size_t numBytes, uint8_t *bytes, uint8_t *bytesOut);
|
||||||
virtual bool decryptCurve25519(uint32_t fromNode, uint64_t packetNum, size_t numBytes, uint8_t *bytes, uint8_t *bytesOut);
|
virtual bool decryptCurve25519(uint32_t fromNode, meshtastic_UserLite_public_key_t remotePublic, uint64_t packetNum,
|
||||||
bool setDHKey(uint32_t nodeNum);
|
size_t numBytes, uint8_t *bytes, uint8_t *bytesOut);
|
||||||
virtual bool setDHPublicKey(uint8_t *publicKey);
|
virtual bool setDHPublicKey(uint8_t *publicKey);
|
||||||
virtual void hash(uint8_t *bytes, size_t numBytes);
|
virtual void hash(uint8_t *bytes, size_t numBytes);
|
||||||
|
|
||||||
|
@ -333,7 +333,8 @@ bool perhapsDecode(meshtastic_MeshPacket *p)
|
|||||||
rawSize > MESHTASTIC_PKC_OVERHEAD) {
|
rawSize > MESHTASTIC_PKC_OVERHEAD) {
|
||||||
LOG_DEBUG("Attempting PKI decryption\n");
|
LOG_DEBUG("Attempting PKI decryption\n");
|
||||||
|
|
||||||
if (crypto->decryptCurve25519(p->from, p->id, rawSize, ScratchEncrypted, bytes)) {
|
if (crypto->decryptCurve25519(p->from, nodeDB->getMeshNode(p->from)->user.public_key, p->id, rawSize, ScratchEncrypted,
|
||||||
|
bytes)) {
|
||||||
LOG_INFO("PKI Decryption worked!\n");
|
LOG_INFO("PKI Decryption worked!\n");
|
||||||
memset(&p->decoded, 0, sizeof(p->decoded));
|
memset(&p->decoded, 0, sizeof(p->decoded));
|
||||||
rawSize -= MESHTASTIC_PKC_OVERHEAD;
|
rawSize -= MESHTASTIC_PKC_OVERHEAD;
|
||||||
@ -507,7 +508,7 @@ meshtastic_Routing_Error perhapsEncode(meshtastic_MeshPacket *p)
|
|||||||
*node->user.public_key.bytes);
|
*node->user.public_key.bytes);
|
||||||
return meshtastic_Routing_Error_PKI_FAILED;
|
return meshtastic_Routing_Error_PKI_FAILED;
|
||||||
}
|
}
|
||||||
crypto->encryptCurve25519(p->to, getFrom(p), p->id, numbytes, bytes, ScratchEncrypted);
|
crypto->encryptCurve25519(p->to, getFrom(p), node->user.public_key, p->id, numbytes, bytes, ScratchEncrypted);
|
||||||
numbytes += MESHTASTIC_PKC_OVERHEAD;
|
numbytes += MESHTASTIC_PKC_OVERHEAD;
|
||||||
memcpy(p->encrypted.bytes, ScratchEncrypted, numbytes);
|
memcpy(p->encrypted.bytes, ScratchEncrypted, numbytes);
|
||||||
p->channel = 0;
|
p->channel = 0;
|
||||||
|
@ -111,7 +111,7 @@ void test_DH25519(void)
|
|||||||
void test_PKC_Decrypt(void)
|
void test_PKC_Decrypt(void)
|
||||||
{
|
{
|
||||||
uint8_t private_key[32];
|
uint8_t private_key[32];
|
||||||
uint8_t public_key[32];
|
meshtastic_UserLite_public_key_t public_key;
|
||||||
uint8_t expected_shared[32];
|
uint8_t expected_shared[32];
|
||||||
uint8_t expected_decrypted[32];
|
uint8_t expected_decrypted[32];
|
||||||
uint8_t radioBytes[128] __attribute__((__aligned__));
|
uint8_t radioBytes[128] __attribute__((__aligned__));
|
||||||
@ -119,7 +119,8 @@ void test_PKC_Decrypt(void)
|
|||||||
uint8_t expected_nonce[16];
|
uint8_t expected_nonce[16];
|
||||||
|
|
||||||
uint32_t fromNode;
|
uint32_t fromNode;
|
||||||
HexToBytes(public_key, "db18fc50eea47f00251cb784819a3cf5fc361882597f589f0d7ff820e8064457");
|
HexToBytes(public_key.bytes, "db18fc50eea47f00251cb784819a3cf5fc361882597f589f0d7ff820e8064457");
|
||||||
|
public_key.size = 32;
|
||||||
HexToBytes(private_key, "a00330633e63522f8a4d81ec6d9d1e6617f6c8ffd3a4c698229537d44e522277");
|
HexToBytes(private_key, "a00330633e63522f8a4d81ec6d9d1e6617f6c8ffd3a4c698229537d44e522277");
|
||||||
HexToBytes(expected_shared, "777b1545c9d6f9a2");
|
HexToBytes(expected_shared, "777b1545c9d6f9a2");
|
||||||
HexToBytes(expected_decrypted, "08011204746573744800");
|
HexToBytes(expected_decrypted, "08011204746573744800");
|
||||||
@ -127,9 +128,9 @@ void test_PKC_Decrypt(void)
|
|||||||
HexToBytes(expected_nonce, "62d6b213036a792b2909000000");
|
HexToBytes(expected_nonce, "62d6b213036a792b2909000000");
|
||||||
fromNode = 0x0929;
|
fromNode = 0x0929;
|
||||||
crypto->setDHPrivateKey(private_key);
|
crypto->setDHPrivateKey(private_key);
|
||||||
TEST_ASSERT(crypto->setDHPublicKey(public_key));
|
// TEST_ASSERT(crypto->setDHPublicKey(public_key));
|
||||||
crypto->hash(crypto->shared_key, 32);
|
// crypto->hash(crypto->shared_key, 32);
|
||||||
crypto->decryptCurve25519(fromNode, 0x13b2d662, 22, radioBytes + 16, decrypted);
|
crypto->decryptCurve25519(fromNode, public_key, 0x13b2d662, 22, radioBytes + 16, decrypted);
|
||||||
TEST_ASSERT_EQUAL_MEMORY(expected_shared, crypto->shared_key, 8);
|
TEST_ASSERT_EQUAL_MEMORY(expected_shared, crypto->shared_key, 8);
|
||||||
TEST_ASSERT_EQUAL_MEMORY(expected_nonce, crypto->nonce, 13);
|
TEST_ASSERT_EQUAL_MEMORY(expected_nonce, crypto->nonce, 13);
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user