mirror of
https://github.com/meshtastic/firmware.git
synced 2026-01-01 15:40:49 +00:00
Add DH25519 unit test
This commit is contained in:
Jonathan Bennett
@@ -45,7 +45,7 @@
|
||||
#define LOG_CRIT(...) SEGGER_RTT_printf(0, __VA_ARGS__)
|
||||
#define LOG_TRACE(...) SEGGER_RTT_printf(0, __VA_ARGS__)
|
||||
#else
|
||||
#if defined(DEBUG_PORT) && !defined(DEBUG_MUTE)
|
||||
#if defined(DEBUG_PORT) && !defined(DEBUG_MUTE) && !defined(PIO_UNIT_TESTING)
|
||||
#define LOG_DEBUG(...) DEBUG_PORT.log(MESHTASTIC_LOG_LEVEL_DEBUG, __VA_ARGS__)
|
||||
#define LOG_INFO(...) DEBUG_PORT.log(MESHTASTIC_LOG_LEVEL_INFO, __VA_ARGS__)
|
||||
#define LOG_WARN(...) DEBUG_PORT.log(MESHTASTIC_LOG_LEVEL_WARN, __VA_ARGS__)
|
||||
|
||||
@@ -24,7 +24,6 @@ void CryptoEngine::generateKeyPair(uint8_t *pubKey, uint8_t *privKey)
|
||||
memcpy(privKey, private_key, sizeof(private_key));
|
||||
}
|
||||
#endif
|
||||
uint8_t shared_key[32];
|
||||
void CryptoEngine::clearKeys()
|
||||
{
|
||||
memset(public_key, 0, sizeof(public_key));
|
||||
@@ -86,7 +85,7 @@ bool CryptoEngine::decryptCurve25519(uint32_t fromNode, uint64_t packetNum, size
|
||||
return aes_ccm_ad(shared_key, 32, nonce, 8, bytes, numBytes - 8, nullptr, 0, auth, bytesOut);
|
||||
}
|
||||
|
||||
void CryptoEngine::setPrivateKey(uint8_t *_private_key)
|
||||
void CryptoEngine::setDHPrivateKey(uint8_t *_private_key)
|
||||
{
|
||||
memcpy(private_key, _private_key, 32);
|
||||
}
|
||||
@@ -103,16 +102,8 @@ bool CryptoEngine::setDHKey(uint32_t nodeNum)
|
||||
return false;
|
||||
}
|
||||
|
||||
uint8_t *pubKey = node->user.public_key.bytes;
|
||||
uint8_t local_priv[32];
|
||||
memcpy(shared_key, pubKey, 32);
|
||||
memcpy(local_priv, private_key, 32);
|
||||
// Calculate the shared secret with the specified node's public key and our private key
|
||||
// This includes an internal weak key check, which among other things looks for an all 0 public key and shared key.
|
||||
if (!Curve25519::dh2(shared_key, local_priv)) {
|
||||
LOG_WARN("Curve25519DH step 2 failed!\n");
|
||||
if (!setDHPublicKey(node->user.public_key.bytes))
|
||||
return false;
|
||||
}
|
||||
|
||||
printBytes("DH Output: ", shared_key, 32);
|
||||
|
||||
@@ -171,6 +162,20 @@ void CryptoEngine::aesEncrypt(uint8_t *in, uint8_t *out)
|
||||
|
||||
#endif
|
||||
|
||||
bool CryptoEngine::setDHPublicKey(uint8_t *pubKey)
|
||||
{
|
||||
uint8_t local_priv[32];
|
||||
memcpy(shared_key, pubKey, 32);
|
||||
memcpy(local_priv, private_key, 32);
|
||||
// Calculate the shared secret with the specified node's public key and our private key
|
||||
// This includes an internal weak key check, which among other things looks for an all 0 public key and shared key.
|
||||
if (!Curve25519::dh2(shared_key, local_priv)) {
|
||||
LOG_WARN("Curve25519DH step 2 failed!\n");
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
concurrency::Lock *cryptLock;
|
||||
|
||||
void CryptoEngine::setKey(const CryptoKey &k)
|
||||
|
||||
@@ -23,15 +23,6 @@ struct CryptoKey {
|
||||
|
||||
class CryptoEngine
|
||||
{
|
||||
protected:
|
||||
/** Our per packet nonce */
|
||||
uint8_t nonce[16] = {0};
|
||||
|
||||
CryptoKey key = {};
|
||||
#if !(MESHTASTIC_EXCLUDE_PKI)
|
||||
uint8_t private_key[32] = {0};
|
||||
#endif
|
||||
|
||||
public:
|
||||
#if !(MESHTASTIC_EXCLUDE_PKI)
|
||||
uint8_t public_key[32] = {0};
|
||||
@@ -43,11 +34,12 @@ class CryptoEngine
|
||||
virtual void generateKeyPair(uint8_t *pubKey, uint8_t *privKey);
|
||||
#endif
|
||||
void clearKeys();
|
||||
void setPrivateKey(uint8_t *_private_key);
|
||||
void setDHPrivateKey(uint8_t *_private_key);
|
||||
virtual bool encryptCurve25519(uint32_t toNode, uint32_t fromNode, uint64_t packetNum, size_t numBytes, uint8_t *bytes,
|
||||
uint8_t *bytesOut);
|
||||
virtual bool decryptCurve25519(uint32_t fromNode, uint64_t packetNum, size_t numBytes, uint8_t *bytes, uint8_t *bytesOut);
|
||||
virtual bool setDHKey(uint32_t nodeNum);
|
||||
bool setDHKey(uint32_t nodeNum);
|
||||
virtual bool setDHPublicKey(uint8_t *publicKey);
|
||||
virtual void hash(uint8_t *bytes, size_t numBytes);
|
||||
|
||||
virtual void aesSetKey(const uint8_t *key, size_t key_len);
|
||||
@@ -75,8 +67,17 @@ class CryptoEngine
|
||||
*/
|
||||
virtual void encrypt(uint32_t fromNode, uint64_t packetId, size_t numBytes, uint8_t *bytes);
|
||||
virtual void decrypt(uint32_t fromNode, uint64_t packetId, size_t numBytes, uint8_t *bytes);
|
||||
|
||||
#ifndef PIO_UNIT_TESTING
|
||||
protected:
|
||||
#endif
|
||||
/** Our per packet nonce */
|
||||
uint8_t nonce[16] = {0};
|
||||
|
||||
CryptoKey key = {};
|
||||
#if !(MESHTASTIC_EXCLUDE_PKI)
|
||||
uint8_t shared_key[32] = {0};
|
||||
uint8_t private_key[32] = {0};
|
||||
#endif
|
||||
/**
|
||||
* Init our 128 bit nonce for a new packet
|
||||
*
|
||||
|
||||
@@ -152,7 +152,7 @@ NodeDB::NodeDB()
|
||||
LOG_INFO("Using saved PKI keys\n");
|
||||
owner.public_key.size = config.security.public_key.size;
|
||||
memcpy(owner.public_key.bytes, config.security.public_key.bytes, config.security.public_key.size);
|
||||
crypto->setPrivateKey(config.security.private_key.bytes);
|
||||
crypto->setDHPrivateKey(config.security.private_key.bytes);
|
||||
} else {
|
||||
#if !(MESHTASTIC_EXCLUDE_PKI_KEYGEN)
|
||||
LOG_INFO("Generating new PKI keys\n");
|
||||
|
||||
Reference in New Issue
Block a user