Fix admin key loading from userPrefs.h (#5417)

* Fix LED pinout for T-Echo board marked v1.0, date 2021-6-28 * Merge PR #420 * Fixed double and missing Default class. * Use correct format specifier and fixed typo. * Removed duplicate code. * Fix error: #if with no expression * Fix warning: extra tokens at end of #endif directive. * Fix antenna switching logic. Complementary-pin control logic is required on the rp2040-lora board. * Fix deprecated macros. * Set RP2040 in dormant mode when deep sleep is triggered. * Fix array out of bounds read. * Admin key count needs to be set otherwise the key will be zero loaded after reset. * Don't reset the admin key size when loading defaults. Preserve an existing key in config if possible. * Remove log spam when reading INA voltage sensor. * Remove static declaration for admin keys from userPrefs.h. Load hard coded admin keys in case config file has empty slots. * Removed newlines from log. --------- Co-authored-by: Ben Meadors <benmmeadors@gmail.com> Co-authored-by: Thomas Göttgens <tgoettgens@gmail.com>
2025-02-01 10:19:59 +00:00 · 2024-11-23 16:08:18 +01:00 · 2024-11-23 16:08:18 +01:00 · dd7140b7a1
commit dd7140b7a1
parent fadcbd597f
2 changed files with 91 additions and 27 deletions
--- a/src/mesh/NodeDB.cpp
+++ b/src/mesh/NodeDB.cpp
@ -61,6 +61,16 @@ meshtastic_LocalConfig config;
 meshtastic_LocalModuleConfig moduleConfig;
 meshtastic_ChannelFile channelFile;

+#ifdef USERPREFS_USE_ADMIN_KEY_0
+static unsigned char userprefs_admin_key_0[] = USERPREFS_USE_ADMIN_KEY_0;
+#endif
+#ifdef USERPREFS_USE_ADMIN_KEY_1
+static unsigned char userprefs_admin_key_1[] = USERPREFS_USE_ADMIN_KEY_1;
+#endif
+#ifdef USERPREFS_USE_ADMIN_KEY_2
+static unsigned char userprefs_admin_key_2[] = USERPREFS_USE_ADMIN_KEY_2;
+#endif
+
 bool meshtastic_DeviceState_callback(pb_istream_t *istream, pb_ostream_t *ostream, const pb_field_iter_t *field)
 {
    if (ostream) {
@ -406,32 +416,37 @@ void NodeDB::installDefaultConfig(bool preserveKey = false)
 #else
    config.lora.ignore_mqtt = false;
 #endif
-#ifdef USERPREFS_USE_ADMIN_KEY
    // Initialize admin_key_count to zero
    byte numAdminKeys = 0;

+#ifdef USERPREFS_USE_ADMIN_KEY_0
    // Check if USERPREFS_ADMIN_KEY_0 is non-empty
-    if (sizeof(USERPREFS_ADMIN_KEY_0) > 0) {
-        memcpy(config.security.admin_key[numAdminKeys].bytes, USERPREFS_ADMIN_KEY_0, 32);
-        config.security.admin_key[numAdminKeys].size = 32;
+    if (sizeof(userprefs_admin_key_0) > 0) {
+        memcpy(config.security.admin_key[0].bytes, userprefs_admin_key_0, 32);
+        config.security.admin_key[0].size = 32;
        numAdminKeys++;
    }
-
-    // Check if USERPREFS_ADMIN_KEY_1 is non-empty
-    if (sizeof(USERPREFS_ADMIN_KEY_1) > 0) {
-        memcpy(config.security.admin_key[numAdminKeys].bytes, USERPREFS_ADMIN_KEY_1, 32);
-        config.security.admin_key[numAdminKeys].size = 32;
-        numAdminKeys++;
-    }
-
-    // Check if USERPREFS_ADMIN_KEY_2 is non-empty
-    if (sizeof(USERPREFS_ADMIN_KEY_2) > 0) {
-        memcpy(config.security.admin_key[config.security.admin_key_count].bytes, USERPREFS_ADMIN_KEY_2, 32);
-        config.security.admin_key[config.security.admin_key_count].size = 32;
-        numAdminKeys++;
-    }
-    config.security.admin_key_count = numAdminKeys;
 #endif
+
+#ifdef USERPREFS_USE_ADMIN_KEY_1
+    // Check if USERPREFS_ADMIN_KEY_1 is non-empty
+    if (sizeof(userprefs_admin_key_1) > 0) {
+        memcpy(config.security.admin_key[1].bytes, userprefs_admin_key_1, 32);
+        config.security.admin_key[1].size = 32;
+        numAdminKeys++;
+    }
+#endif
+
+#ifdef USERPREFS_USE_ADMIN_KEY_2
+    // Check if USERPREFS_ADMIN_KEY_2 is non-empty
+    if (sizeof(userprefs_admin_key_2) > 0) {
+        memcpy(config.security.admin_key[2].bytes, userprefs_admin_key_2, 32);
+        config.security.admin_key[2].size = 32;
+        numAdminKeys++;
+    }
+#endif
+    config.security.admin_key_count = numAdminKeys;
+
    if (shouldPreserveKey) {
        config.security.private_key.size = 32;
        memcpy(config.security.private_key.bytes, private_key_temp, config.security.private_key.size);
@ -888,6 +903,54 @@ void NodeDB::loadFromDisk()
        }
    }

+    // Make sure we load hard coded admin keys even when the configuration file has none.
+    // Initialize admin_key_count to zero
+    byte numAdminKeys = 0;
+    uint16_t sum = 0;
+#ifdef USERPREFS_USE_ADMIN_KEY_0
+    for (uint8_t b = 0; b < 32; b++) {
+        sum += config.security.admin_key[0].bytes[b];
+    }
+    if (sum == 0) {
+        numAdminKeys += 1;
+        LOG_INFO("Admin 0 key zero. Loading hard coded key from user preferences.");
+        memcpy(config.security.admin_key[0].bytes, userprefs_admin_key_0, 32);
+        config.security.admin_key[0].size = 32;
+        config.security.admin_key_count = numAdminKeys;
+        saveToDisk(SEGMENT_CONFIG);
+    }
+#endif
+
+#ifdef USERPREFS_USE_ADMIN_KEY_1
+    sum = 0;
+    for (uint8_t b = 0; b < 32; b++) {
+        sum += config.security.admin_key[1].bytes[b];
+    }
+    if (sum == 0) {
+        numAdminKeys += 1;
+        LOG_INFO("Admin 1 key zero. Loading hard coded key from user preferences.");
+        memcpy(config.security.admin_key[1].bytes, userprefs_admin_key_1, 32);
+        config.security.admin_key[1].size = 32;
+        config.security.admin_key_count = numAdminKeys;
+        saveToDisk(SEGMENT_CONFIG);
+    }
+#endif
+
+#ifdef USERPREFS_USE_ADMIN_KEY_2
+    sum = 0;
+    for (uint8_t b = 0; b < 32; b++) {
+        sum += config.security.admin_key[2].bytes[b];
+    }
+    if (sum == 0) {
+        numAdminKeys += 1;
+        LOG_INFO("Admin 2 key zero. Loading hard coded key from user preferences.");
+        memcpy(config.security.admin_key[2].bytes, userprefs_admin_key_2, 32);
+        config.security.admin_key[2].size = 32;
+        config.security.admin_key_count = numAdminKeys;
+        saveToDisk(SEGMENT_CONFIG);
+    }
+#endif
+
    state = loadProto(moduleConfigFileName, meshtastic_LocalModuleConfig_size, sizeof(meshtastic_LocalModuleConfig),
                      &meshtastic_LocalModuleConfig_msg, &moduleConfig);
    if (state != LoadFileResult::LOAD_SUCCESS) {
@ -1346,4 +1409,4 @@ void recordCriticalError(meshtastic_CriticalErrorCode code, uint32_t address, co
    LOG_ERROR("A critical failure occurred, portduino is exiting");
    exit(2);
 #endif
-}
+}
--- a/userPrefs.h
+++ b/userPrefs.h
@ -72,16 +72,17 @@ static unsigned char icon_bits[] = {
 /*
 * PKI Admin keys.
 * If a Admin key is set with '{};'
- * then it will be ignored, a PKI key must have a size of 32.
+ * then it will be ignored, a PKI key must have a size of 32 byte.
 */
 /*
-#define USERPREFS_USE_ADMIN_KEY 1
-static unsigned char USERPREFS_ADMIN_KEY_0[] = {0xcd, 0xc0, 0xb4, 0x3c, 0x53, 0x24, 0xdf, 0x13, 0xca, 0x5a, 0xa6,
-                                                0x0c, 0x0d, 0xec, 0x85, 0x5a, 0x4c, 0xf6, 0x1a, 0x96, 0x04, 0x1a,
-                                                0x3e, 0xfc, 0xbb, 0x8e, 0x33, 0x71, 0xe5, 0xfc, 0xff, 0x3c};
-static unsigned char USERPREFS_ADMIN_KEY_1[] = {};
-static unsigned char USERPREFS_ADMIN_KEY_2[] = {};
+#define USERPREFS_USE_ADMIN_KEY_0 \
+    {                                                                                                                           \
+        0xcd, 0xc0, 0xb4, 0x3c, 0x53, 0x24, 0xdf, 0x13, 0xca, 0x5a, 0xa6, 0x0c, 0x0d, 0xec, 0x85, 0x5a, 0x4c, 0xf6, 0x1a, 0x96, \
+        0x04, 0x1a, 0x3e, 0xfc, 0xbb, 0x8e, 0x33, 0x71, 0xe5, 0xfc, 0xff, 0x3c                                                  \
+    };
 */
+// #define USERPREFS_USE_ADMIN_KEY_1 {};
+// #define USERPREFS_USE_ADMIN_KEY_2 {};

 /*
 * USERPREF_FIXED_GPS_LAT and USERPREF_FIXED_GPS_LON must be set, USERPREF_FIXED_GPS_ALT is optional