Disentangle NodeDB from the CryptoEngine (#5013)

This commit is contained in:
Jonathan Bennett 2024-10-10 05:14:11 -05:00 committed by GitHub
parent 0cbade989e
commit 7ff4bafe22
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 25 additions and 57 deletions

View File

@ -1,8 +1,6 @@
#include "CryptoEngine.h" #include "CryptoEngine.h"
#include "NodeDB.h" // #include "NodeDB.h"
#include "RadioInterface.h"
#include "architecture.h" #include "architecture.h"
#include "configuration.h"
#if !(MESHTASTIC_EXCLUDE_PKI) #if !(MESHTASTIC_EXCLUDE_PKI)
#include "aes-ccm.h" #include "aes-ccm.h"
@ -62,8 +60,8 @@ void CryptoEngine::clearKeys()
* *
* @param bytes is updated in place * @param bytes is updated in place
*/ */
bool CryptoEngine::encryptCurve25519(uint32_t toNode, uint32_t fromNode, uint64_t packetNum, size_t numBytes, uint8_t *bytes, bool CryptoEngine::encryptCurve25519(uint32_t toNode, uint32_t fromNode, meshtastic_UserLite_public_key_t remotePublic,
uint8_t *bytesOut) uint64_t packetNum, size_t numBytes, uint8_t *bytes, uint8_t *bytesOut)
{ {
uint8_t *auth; uint8_t *auth;
long extraNonceTmp = random(); long extraNonceTmp = random();
@ -71,14 +69,14 @@ bool CryptoEngine::encryptCurve25519(uint32_t toNode, uint32_t fromNode, uint64_
memcpy((uint8_t *)(auth + 8), &extraNonceTmp, memcpy((uint8_t *)(auth + 8), &extraNonceTmp,
sizeof(uint32_t)); // do not use dereference on potential non aligned pointers : *extraNonce = extraNonceTmp; sizeof(uint32_t)); // do not use dereference on potential non aligned pointers : *extraNonce = extraNonceTmp;
LOG_INFO("Random nonce value: %d\n", extraNonceTmp); LOG_INFO("Random nonce value: %d\n", extraNonceTmp);
meshtastic_NodeInfoLite *node = nodeDB->getMeshNode(toNode); if (remotePublic.size == 0) {
if (node->num < 1 || node->user.public_key.size == 0) {
LOG_DEBUG("Node %d or their public_key not found\n", toNode); LOG_DEBUG("Node %d or their public_key not found\n", toNode);
return false; return false;
} }
if (!crypto->setDHKey(toNode)) { if (!crypto->setDHPublicKey(remotePublic.bytes)) {
return false; return false;
} }
crypto->hash(shared_key, 32);
initNonce(fromNode, packetNum, extraNonceTmp); initNonce(fromNode, packetNum, extraNonceTmp);
// Calculate the shared secret with the destination node and encrypt // Calculate the shared secret with the destination node and encrypt
@ -97,27 +95,27 @@ bool CryptoEngine::encryptCurve25519(uint32_t toNode, uint32_t fromNode, uint64_
* *
* @param bytes is updated in place * @param bytes is updated in place
*/ */
bool CryptoEngine::decryptCurve25519(uint32_t fromNode, uint64_t packetNum, size_t numBytes, uint8_t *bytes, uint8_t *bytesOut) bool CryptoEngine::decryptCurve25519(uint32_t fromNode, meshtastic_UserLite_public_key_t remotePublic, uint64_t packetNum,
size_t numBytes, uint8_t *bytes, uint8_t *bytesOut)
{ {
uint8_t *auth; // set to last 8 bytes of text? uint8_t *auth; // set to last 8 bytes of text?
uint32_t extraNonce; // pointer was not really used uint32_t extraNonce; // pointer was not really used
auth = bytes + numBytes - 12; auth = bytes + numBytes - 12;
memcpy(&extraNonce, auth + 8, memcpy(&extraNonce, auth + 8,
sizeof(uint32_t)); // do not use dereference on potential non aligned pointers : (uint32_t *)(auth + 8); sizeof(uint32_t)); // do not use dereference on potential non aligned pointers : (uint32_t *)(auth + 8);
#ifndef PIO_UNIT_TESTING
LOG_INFO("Random nonce value: %d\n", extraNonce); LOG_INFO("Random nonce value: %d\n", extraNonce);
meshtastic_NodeInfoLite *node = nodeDB->getMeshNode(fromNode);
if (node == nullptr || node->num < 1 || node->user.public_key.size == 0) { if (remotePublic.size == 0) {
LOG_DEBUG("Node or its public key not found in database\n"); LOG_DEBUG("Node or its public key not found in database\n");
return false; return false;
} }
// Calculate the shared secret with the sending node and decrypt // Calculate the shared secret with the sending node and decrypt
if (!crypto->setDHKey(fromNode)) { if (!crypto->setDHPublicKey(remotePublic.bytes)) {
return false; return false;
} }
#endif crypto->hash(shared_key, 32);
initNonce(fromNode, packetNum, extraNonce); initNonce(fromNode, packetNum, extraNonce);
printBytes("Attempting decrypt using nonce: ", nonce, 13); printBytes("Attempting decrypt using nonce: ", nonce, 13);
printBytes("Attempting decrypt using shared_key starting with: ", shared_key, 8); printBytes("Attempting decrypt using shared_key starting with: ", shared_key, 8);
@ -128,38 +126,6 @@ void CryptoEngine::setDHPrivateKey(uint8_t *_private_key)
{ {
memcpy(private_key, _private_key, 32); memcpy(private_key, _private_key, 32);
} }
/**
* Set the PKI key used for encrypt, decrypt.
*
* @param nodeNum the node number of the node who's public key we want to use
*/
bool CryptoEngine::setDHKey(uint32_t nodeNum)
{
meshtastic_NodeInfoLite *node = nodeDB->getMeshNode(nodeNum);
if (node->num < 1 || node->user.public_key.size == 0) {
LOG_DEBUG("Node %d or their public_key not found\n", nodeNum);
return false;
}
printBytes("Generating DH with remote pubkey: ", node->user.public_key.bytes, 32);
printBytes("And local pubkey: ", config.security.public_key.bytes, 32);
if (!setDHPublicKey(node->user.public_key.bytes))
return false;
// printBytes("DH Output: ", shared_key, 32);
/**
* D.J. Bernstein reccomends hashing the shared key. We want to do this because there are
* at least 128 bits of entropy in the 256-bit output of the DH key exchange, but we don't
* really know where. If you extract, for instance, the first 128 bits with basic truncation,
* then you don't know if you got all of your 128 entropy bits, or less, possibly much less.
*
* No exploitable bias is really known at that point, but we know enough to be wary.
* Hashing the DH output is a simple and safe way to gather all the entropy and spread
* it around as needed.
*/
crypto->hash(shared_key, 32);
return true;
}
/** /**
* Hash arbitrary data using SHA256. * Hash arbitrary data using SHA256.

View File

@ -39,10 +39,10 @@ class CryptoEngine
#endif #endif
void clearKeys(); void clearKeys();
void setDHPrivateKey(uint8_t *_private_key); void setDHPrivateKey(uint8_t *_private_key);
virtual bool encryptCurve25519(uint32_t toNode, uint32_t fromNode, uint64_t packetNum, size_t numBytes, uint8_t *bytes, virtual bool encryptCurve25519(uint32_t toNode, uint32_t fromNode, meshtastic_UserLite_public_key_t remotePublic,
uint8_t *bytesOut); uint64_t packetNum, size_t numBytes, uint8_t *bytes, uint8_t *bytesOut);
virtual bool decryptCurve25519(uint32_t fromNode, uint64_t packetNum, size_t numBytes, uint8_t *bytes, uint8_t *bytesOut); virtual bool decryptCurve25519(uint32_t fromNode, meshtastic_UserLite_public_key_t remotePublic, uint64_t packetNum,
bool setDHKey(uint32_t nodeNum); size_t numBytes, uint8_t *bytes, uint8_t *bytesOut);
virtual bool setDHPublicKey(uint8_t *publicKey); virtual bool setDHPublicKey(uint8_t *publicKey);
virtual void hash(uint8_t *bytes, size_t numBytes); virtual void hash(uint8_t *bytes, size_t numBytes);

View File

@ -333,7 +333,8 @@ bool perhapsDecode(meshtastic_MeshPacket *p)
rawSize > MESHTASTIC_PKC_OVERHEAD) { rawSize > MESHTASTIC_PKC_OVERHEAD) {
LOG_DEBUG("Attempting PKI decryption\n"); LOG_DEBUG("Attempting PKI decryption\n");
if (crypto->decryptCurve25519(p->from, p->id, rawSize, ScratchEncrypted, bytes)) { if (crypto->decryptCurve25519(p->from, nodeDB->getMeshNode(p->from)->user.public_key, p->id, rawSize, ScratchEncrypted,
bytes)) {
LOG_INFO("PKI Decryption worked!\n"); LOG_INFO("PKI Decryption worked!\n");
memset(&p->decoded, 0, sizeof(p->decoded)); memset(&p->decoded, 0, sizeof(p->decoded));
rawSize -= MESHTASTIC_PKC_OVERHEAD; rawSize -= MESHTASTIC_PKC_OVERHEAD;
@ -507,7 +508,7 @@ meshtastic_Routing_Error perhapsEncode(meshtastic_MeshPacket *p)
*node->user.public_key.bytes); *node->user.public_key.bytes);
return meshtastic_Routing_Error_PKI_FAILED; return meshtastic_Routing_Error_PKI_FAILED;
} }
crypto->encryptCurve25519(p->to, getFrom(p), p->id, numbytes, bytes, ScratchEncrypted); crypto->encryptCurve25519(p->to, getFrom(p), node->user.public_key, p->id, numbytes, bytes, ScratchEncrypted);
numbytes += MESHTASTIC_PKC_OVERHEAD; numbytes += MESHTASTIC_PKC_OVERHEAD;
memcpy(p->encrypted.bytes, ScratchEncrypted, numbytes); memcpy(p->encrypted.bytes, ScratchEncrypted, numbytes);
p->channel = 0; p->channel = 0;

View File

@ -111,7 +111,7 @@ void test_DH25519(void)
void test_PKC_Decrypt(void) void test_PKC_Decrypt(void)
{ {
uint8_t private_key[32]; uint8_t private_key[32];
uint8_t public_key[32]; meshtastic_UserLite_public_key_t public_key;
uint8_t expected_shared[32]; uint8_t expected_shared[32];
uint8_t expected_decrypted[32]; uint8_t expected_decrypted[32];
uint8_t radioBytes[128] __attribute__((__aligned__)); uint8_t radioBytes[128] __attribute__((__aligned__));
@ -119,7 +119,8 @@ void test_PKC_Decrypt(void)
uint8_t expected_nonce[16]; uint8_t expected_nonce[16];
uint32_t fromNode; uint32_t fromNode;
HexToBytes(public_key, "db18fc50eea47f00251cb784819a3cf5fc361882597f589f0d7ff820e8064457"); HexToBytes(public_key.bytes, "db18fc50eea47f00251cb784819a3cf5fc361882597f589f0d7ff820e8064457");
public_key.size = 32;
HexToBytes(private_key, "a00330633e63522f8a4d81ec6d9d1e6617f6c8ffd3a4c698229537d44e522277"); HexToBytes(private_key, "a00330633e63522f8a4d81ec6d9d1e6617f6c8ffd3a4c698229537d44e522277");
HexToBytes(expected_shared, "777b1545c9d6f9a2"); HexToBytes(expected_shared, "777b1545c9d6f9a2");
HexToBytes(expected_decrypted, "08011204746573744800"); HexToBytes(expected_decrypted, "08011204746573744800");
@ -127,9 +128,9 @@ void test_PKC_Decrypt(void)
HexToBytes(expected_nonce, "62d6b213036a792b2909000000"); HexToBytes(expected_nonce, "62d6b213036a792b2909000000");
fromNode = 0x0929; fromNode = 0x0929;
crypto->setDHPrivateKey(private_key); crypto->setDHPrivateKey(private_key);
TEST_ASSERT(crypto->setDHPublicKey(public_key)); // TEST_ASSERT(crypto->setDHPublicKey(public_key));
crypto->hash(crypto->shared_key, 32); // crypto->hash(crypto->shared_key, 32);
crypto->decryptCurve25519(fromNode, 0x13b2d662, 22, radioBytes + 16, decrypted); crypto->decryptCurve25519(fromNode, public_key, 0x13b2d662, 22, radioBytes + 16, decrypted);
TEST_ASSERT_EQUAL_MEMORY(expected_shared, crypto->shared_key, 8); TEST_ASSERT_EQUAL_MEMORY(expected_shared, crypto->shared_key, 8);
TEST_ASSERT_EQUAL_MEMORY(expected_nonce, crypto->nonce, 13); TEST_ASSERT_EQUAL_MEMORY(expected_nonce, crypto->nonce, 13);