pohui_pohui/firmware
1
0
Fork 0
mirror of https://github.com/meshtastic/firmware.git synced 2025-06-21 04:22:22 +00:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

Failure returns PKI_FAILED message if client requested PKI

Browse Source
This commit is contained in:
Jonathan Bennett 2024-08-13 17:16:40 -05:00
parent ff89dca5b3
commit b528290fde
1 changed files with 16 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/mesh/Router.cpp
View File

@ -415,6 +415,8 @@ meshtastic_Routing_Error perhapsEncode(meshtastic_MeshPacket *p)
{ {
concurrency::LockGuard g(cryptLock); concurrency::LockGuard g(cryptLock);
int16_t hash;
// If the packet is not yet encrypted, do so now // If the packet is not yet encrypted, do so now
if (p->which_payload_variant == meshtastic_MeshPacket_decoded_tag) { if (p->which_payload_variant == meshtastic_MeshPacket_decoded_tag) {
size_t numbytes = pb_encode_to_bytes(bytes, sizeof(bytes), &meshtastic_Data_msg, &p->decoded); size_t numbytes = pb_encode_to_bytes(bytes, sizeof(bytes), &meshtastic_Data_msg, &p->decoded);
@ -460,19 +462,20 @@ meshtastic_Routing_Error perhapsEncode(meshtastic_MeshPacket *p)
// printBytes("plaintext", bytes, numbytes); // printBytes("plaintext", bytes, numbytes);
ChannelIndex chIndex = p->channel; // keep as a local because we are about to change it ChannelIndex chIndex = p->channel; // keep as a local because we are about to change it
auto hash = channels.setActiveByIndex(chIndex);
// Now that we are encrypting the packet channel should be the hash (no longer the index)
p->channel = hash;
#if !(MESHTASTIC_EXCLUDE_PKI) #if !(MESHTASTIC_EXCLUDE_PKI)
meshtastic_NodeInfoLite *node = nodeDB->getMeshNode(p->to); meshtastic_NodeInfoLite *node = nodeDB->getMeshNode(p->to);
if (!owner.is_licensed && p->to != NODENUM_BROADCAST && node != nullptr && node->user.public_key.size > 0 && if (!owner.is_licensed && config.security.private_key.size == 32 && p->to != NODENUM_BROADCAST && node != nullptr &&
numbytes <= MAX_RHPACKETLEN - 8 && p->decoded.portnum != meshtastic_PortNum_TRACEROUTE_APP && node->user.public_key.size > 0 && p->decoded.portnum != meshtastic_PortNum_TRACEROUTE_APP &&
p->decoded.portnum != meshtastic_PortNum_NODEINFO_APP && p->decoded.portnum != meshtastic_PortNum_ROUTING_APP && p->decoded.portnum != meshtastic_PortNum_NODEINFO_APP && p->decoded.portnum != meshtastic_PortNum_ROUTING_APP &&
p->decoded.portnum != meshtastic_PortNum_POSITION_APP) { p->decoded.portnum != meshtastic_PortNum_POSITION_APP) {
LOG_DEBUG("Using PKI!\n"); LOG_DEBUG("Using PKI!\n");
if (numbytes + 8 > MAX_RHPACKETLEN) if (numbytes + 8 > MAX_RHPACKETLEN)
return meshtastic_Routing_Error_TOO_LARGE; return meshtastic_Routing_Error_TOO_LARGE;
if (memcmp(p->public_key.bytes, node->user.public_key.bytes, 32) != 0) {
LOG_WARN("Client public key for client differs from requested!\n");
return meshtastic_Routing_Error_PKI_FAILED;
}
crypto->encryptCurve25519(p->to, getFrom(p), p->id, numbytes, bytes, ScratchEncrypted); crypto->encryptCurve25519(p->to, getFrom(p), p->id, numbytes, bytes, ScratchEncrypted);
numbytes += 8; numbytes += 8;
memcpy(p->encrypted.bytes, ScratchEncrypted, numbytes); memcpy(p->encrypted.bytes, ScratchEncrypted, numbytes);
@ -483,6 +486,10 @@ meshtastic_Routing_Error perhapsEncode(meshtastic_MeshPacket *p)
// Client specifically requested PKI encryption // Client specifically requested PKI encryption
return meshtastic_Routing_Error_PKI_FAILED; return meshtastic_Routing_Error_PKI_FAILED;
} }
hash = channels.setActiveByIndex(chIndex);
// Now that we are encrypting the packet channel should be the hash (no longer the index)
p->channel = hash;
if (hash < 0) { if (hash < 0) {
// No suitable channel could be found for sending // No suitable channel could be found for sending
return meshtastic_Routing_Error_NO_CHANNEL; return meshtastic_Routing_Error_NO_CHANNEL;
@ -495,6 +502,10 @@ meshtastic_Routing_Error perhapsEncode(meshtastic_MeshPacket *p)
// Client specifically requested PKI encryption // Client specifically requested PKI encryption
return meshtastic_Routing_Error_PKI_FAILED; return meshtastic_Routing_Error_PKI_FAILED;
} }
hash = channels.setActiveByIndex(chIndex);
// Now that we are encrypting the packet channel should be the hash (no longer the index)
p->channel = hash;
if (hash < 0) { if (hash < 0) {
// No suitable channel could be found for sending // No suitable channel could be found for sending
return meshtastic_Routing_Error_NO_CHANNEL; return meshtastic_Routing_Error_NO_CHANNEL;