Test commit for XEdDSA support

arch/esp32/esp32.ini

@@ -59,7 +59,7 @@ lib_deps =
   # renovate: datasource=git-refs depName=meshtastic-ESP32_Codec2 packageName=https://github.com/meshtastic/ESP32_Codec2 gitBranch=master
   https://github.com/meshtastic/ESP32_Codec2/archive/633326c78ac251c059ab3a8c430fcdf25b41672f.zip
   # renovate: datasource=custom.pio depName=rweather/Crypto packageName=rweather/library/Crypto
-  rweather/Crypto@0.4.0
+  https://github.com/jp-bennett/crypto/archive/148e65930c5bea2b4f1bddfcb200f585413e8961.zip
 
 lib_ignore = 
   segger_rtt

arch/esp32/esp32c6.ini

@@ -32,7 +32,7 @@ lib_deps =
   # renovate: datasource=git-refs depName=meshtastic-ESP32_Codec2 packageName=https://github.com/meshtastic/ESP32_Codec2 gitBranch=master
   https://github.com/meshtastic/ESP32_Codec2/archive/633326c78ac251c059ab3a8c430fcdf25b41672f.zip
   # renovate: datasource=custom.pio depName=rweather/Crypto packageName=rweather/library/Crypto
-  rweather/Crypto@0.4.0
+  https://github.com/jp-bennett/crypto/archive/148e65930c5bea2b4f1bddfcb200f585413e8961.zip
 
 build_src_filter = 
  ${esp32_base.build_src_filter} -<mesh/http> 

arch/nrf52/nrf52.ini

@@ -29,7 +29,7 @@ lib_deps=
   ${arduino_base.lib_deps}
   ${radiolib_base.lib_deps}
   # renovate: datasource=custom.pio depName=rweather/Crypto packageName=rweather/library/Crypto
-  rweather/Crypto@0.4.0
+  https://github.com/jp-bennett/crypto/archive/148e65930c5bea2b4f1bddfcb200f585413e8961.zip
 
 lib_ignore =
   BluetoothOTA

arch/portduino/portduino.ini

@@ -25,7 +25,8 @@ lib_deps =
   ${radiolib_base.lib_deps}
   ${environmental_base.lib_deps}
   # renovate: datasource=custom.pio depName=rweather/Crypto packageName=rweather/library/Crypto
-  rweather/Crypto@0.4.0
+  #rweather/Crypto@0.4.0
+  https://github.com/jp-bennett/crypto/archive/148e65930c5bea2b4f1bddfcb200f585413e8961.zip
   # renovate: datasource=custom.pio depName=LovyanGFX packageName=lovyan03/library/LovyanGFX
   lovyan03/LovyanGFX@^1.2.0
   # renovate: datasource=git-refs depName=libch341-spi-userspace packageName=https://github.com/pine64/libch341-spi-userspace gitBranch=main

arch/rp2xx0/rp2040.ini

@@ -31,4 +31,4 @@ lib_deps =
   ${environmental_extra.lib_deps}
   ${radiolib_base.lib_deps}
   # renovate: datasource=custom.pio depName=rweather/Crypto packageName=rweather/library/Crypto
-  rweather/Crypto@0.4.0
+  https://github.com/jp-bennett/crypto/archive/148e65930c5bea2b4f1bddfcb200f585413e8961.zip

arch/rp2xx0/rp2350.ini

@@ -28,4 +28,4 @@ lib_deps =
   ${environmental_extra.lib_deps}
   ${radiolib_base.lib_deps}
   # renovate: datasource=custom.pio depName=rweather/Crypto packageName=rweather/library/Crypto
-  rweather/Crypto@0.4.0
+  https://github.com/jp-bennett/crypto/archive/148e65930c5bea2b4f1bddfcb200f585413e8961.zip

src/mesh/CryptoEngine.cpp

@@ -6,10 +6,18 @@
 #include "NodeDB.h"
 #include "aes-ccm.h"
 #include "meshUtils.h"
+#include "xeddsa.h"
 #include <Crypto.h>
 #include <Curve25519.h>
+#include <Ed25519.h>
 #include <RNG.h>
 #include <SHA256.h>
+
+#ifndef NUM_LIMBS_256BIT
+#define NUM_LIMBS_BITS(n) (((n) + sizeof(limb_t) * 8 - 1) / (8 * sizeof(limb_t)))
+#define NUM_LIMBS_256BIT NUM_LIMBS_BITS(256)
+#endif
+
 #if !(MESHTASTIC_EXCLUDE_PKI_KEYGEN)
 #if !defined(ARCH_STM32WL)
 #define CryptRNG RNG
@@ -35,6 +43,7 @@ void CryptoEngine::generateKeyPair(uint8_t *pubKey, uint8_t *privKey)
     Curve25519::dh1(public_key, private_key);
     memcpy(pubKey, public_key, sizeof(public_key));
     memcpy(privKey, private_key, sizeof(private_key));
+    priv_curve_to_ed_keys(private_key, xeddsa_private_key, xeddsa_public_key);
 }
 
 /**
@@ -54,12 +63,109 @@ bool CryptoEngine::regeneratePublicKey(uint8_t *pubKey, uint8_t *privKey)
         }
         memcpy(private_key, privKey, sizeof(private_key));
         memcpy(public_key, pubKey, sizeof(public_key));
+        priv_curve_to_ed_keys(private_key, xeddsa_private_key, xeddsa_public_key);
     } else {
         LOG_WARN("X25519 key generation failed due to blank private key");
         return false;
     }
     return true;
 }
+
+bool CryptoEngine::xeddsa_sign(uint8_t *message, size_t len, uint8_t *signature)
+{
+    Ed25519::sign(signature, xeddsa_private_key, xeddsa_public_key, message,
+                  len); // sign will need modified to use the raw secret scalar, and not hash it first.
+    return true;
+}
+bool CryptoEngine::xeddsa_verify(uint8_t *pubKey, uint8_t *message, size_t len, uint8_t *signature)
+{
+    uint8_t publicKey[32] = {0};
+    curve_to_ed_pub(pubKey, publicKey);
+
+    return Ed25519::verify(signature, publicKey, message, len);
+}
+
+void CryptoEngine::curve_to_ed_pub(uint8_t *curve_pubkey, uint8_t *ed_pubkey)
+{
+
+    // Apply the birational map defined in RFC 7748, section 4.1 "Curve25519" to calculate an Ed25519 public
+    // key from a Curve25519 public key. Because the serialization format of Curve25519 public keys only
+    // contains the u coordinate, the x coordinate of the corresponding Ed25519 public key can't be uniquely
+    // calculated as defined by the birational map. The x coordinate is represented in the serialization
+    // format of Ed25519 public keys only in a single sign bit. This function assumes that the sign bit is
+    // known to the user and is passed accordingly.
+    fe u, y;
+    fe one;
+    fe u_minus_one, u_plus_one, u_plus_one_inv;
+
+    // Parse the Curve25519 public key input as a field element containing the u coordinate. RFC 7748,
+    // section 5 "The X25519 and X448 Functions", mandates that the most significant bit of the Curve25519
+    // public key has to be zeroized. This is handled by fe_frombytes internally.
+    fe_frombytes(u, curve_pubkey);
+
+    // Calculate the parameters (u - 1) and (u + 1)
+    fe_1(one);
+    fe_sub(u_minus_one, u, one);
+    fe_add(u_plus_one, u, one);
+
+    // Invert u + 1
+    fe_invert(u_plus_one_inv, u_plus_one);
+
+    // Calculate y = (u - 1) * inv(u + 1) (mod p)
+    fe_mul(y, u_minus_one, u_plus_one_inv);
+
+    // Serialize the field element containing the y coordinate to the Ed25519 public key output
+    fe_tobytes(ed_pubkey, y);
+
+    // Set the sign bit to zero
+    ed_pubkey[31] &= 0x7f;
+
+    // need to convert the pubkey y = ( u - 1) * inv( u + 1) (mod p).
+}
+void CryptoEngine::priv_curve_to_ed_keys(uint8_t *curve_privkey, uint8_t *ed_privkey, uint8_t *ed_pubkey)
+{
+    limb_t a[NUM_LIMBS_256BIT];
+    limb_t a2[NUM_LIMBS_256BIT];
+    uint8_t negKey[32] = {0};
+    Ed25519::Point ptA;
+    Ed25519::Point ptA2;
+
+    for (uint8_t i = 0; i < 32; i++) {
+        ed_privkey[i] = curve_privkey[i];
+    }
+
+    ed_privkey[0] &= 0xF8;
+    ed_privkey[31] &= 0x7F;
+    ed_privkey[31] |= 0x40;
+
+    Ed25519::deriveKeys(nullptr, a, ed_privkey);
+    Ed25519::mul(ptA, a);
+    Ed25519::encodePoint(ed_pubkey, ptA);
+
+    clean(a);
+    clean(ptA);
+
+    // check sign
+    if ((ed_pubkey[31] & 0x80) >> 7 == 0) {
+        return;
+    }
+    sc_muladd(negKey, MINUS_ONE, ed_privkey, ZERO);
+
+    for (uint8_t i = 0; i < 32; i++) {
+        ed_privkey[i] = negKey[i];
+    }
+
+    BigNumberUtil::unpackLE(a2, NUM_LIMBS_256BIT, negKey, 32);
+    Ed25519::mul(ptA2, a2);
+    Ed25519::encodePoint(ed_pubkey, ptA2);
+    if ((ed_pubkey[31] & 0x80) >> 7 == 0) {
+    }
+
+    // Clean up and exit.
+    clean(a);
+    clean(ptA);
+}
+
 #endif
 void CryptoEngine::clearKeys()
 {

src/mesh/CryptoEngine.h

@@ -35,6 +35,8 @@ class CryptoEngine
 #if !(MESHTASTIC_EXCLUDE_PKI_KEYGEN)
     virtual void generateKeyPair(uint8_t *pubKey, uint8_t *privKey);
     virtual bool regeneratePublicKey(uint8_t *pubKey, uint8_t *privKey);
+    bool xeddsa_sign(uint8_t *message, size_t len, uint8_t *signature);
+    bool xeddsa_verify(uint8_t *pubKey, uint8_t *message, size_t len, uint8_t *signature);
 
 #endif
     void clearKeys();
@@ -82,6 +84,10 @@ class CryptoEngine
 #if !(MESHTASTIC_EXCLUDE_PKI)
     uint8_t shared_key[32] = {0};
     uint8_t private_key[32] = {0};
+    uint8_t xeddsa_public_key[32] = {0};
+    uint8_t xeddsa_private_key[32] = {0};
+    void curve_to_ed_pub(uint8_t *curve_pubkey, uint8_t *ed_pubkey);
+    void priv_curve_to_ed_keys(uint8_t *curve_privkey, uint8_t *ed_privkey, uint8_t *ed_pubkey);
 #endif
     /**
      * Init our 128 bit nonce for a new packet

src/mesh/NodeDB.h

@@ -353,6 +353,9 @@ extern uint32_t error_address;
 #define NODEINFO_BITFIELD_IS_KEY_MANUALLY_VERIFIED_SHIFT 0
 #define NODEINFO_BITFIELD_IS_KEY_MANUALLY_VERIFIED_MASK (1 << NODEINFO_BITFIELD_IS_KEY_MANUALLY_VERIFIED_SHIFT)
 
+#define NODEINFO_BITFIELD_HAS_XEDDSA_SIGNED_SHIFT 1
+#define NODEINFO_BITFIELD_HAS_XEDDSA_SIGNED_MASK (1 << NODEINFO_BITFIELD_HAS_XEDDSA_SIGNED_SHIFT)
+
 #define Module_Config_size                                                                                                       \
     (ModuleConfig_CannedMessageConfig_size + ModuleConfig_ExternalNotificationConfig_size + ModuleConfig_MQTTConfig_size +       \
      ModuleConfig_RangeTestConfig_size + ModuleConfig_SerialConfig_size + ModuleConfig_StoreForwardConfig_size +                 \

src/mesh/Router.cpp

@@ -422,6 +422,25 @@ DecodeState perhapsDecode(meshtastic_MeshPacket *p)
         if (p->decoded.has_bitfield)
             p->decoded.want_response |= p->decoded.bitfield & BITFIELD_WANT_RESPONSE_MASK;
 
+        if (p->decoded.has_xeddsa_signature) {
+            LOG_WARN("packet shows XEdDSA");
+            meshtastic_NodeInfoLite *node = nodeDB->getMeshNode(p->from);
+            if (node && node->user.public_key.size == 32) {
+                LOG_WARN("attempting to verify");
+                p->xeddsa_signed = crypto->xeddsa_verify(node->user.public_key.bytes, p->decoded.payload.bytes,
+                                                         p->decoded.payload.size, p->decoded.xeddsa_signature.bytes);
+            } else {
+                LOG_WARN("Don't have key to verify");
+            }
+        }
+        if (p->xeddsa_signed) {
+            LOG_WARN("Received XEdDSA Signed Packet!");
+        } else if (p->decoded.has_xeddsa_signature) {
+            LOG_ERROR("Node sent signed packet, but cannot verify!");
+        } else {
+            LOG_WARN("Received Unsigned Packet!");
+        }
+
         /* Not actually ever used.
         // Decompress if needed. jm
         if (p->decoded.portnum == meshtastic_PortNum_TEXT_MESSAGE_COMPRESSED_APP) {
@@ -471,6 +490,12 @@ meshtastic_Routing_Error perhapsEncode(meshtastic_MeshPacket *p)
             p->decoded.has_bitfield = true;
             p->decoded.bitfield |= (config.lora.config_ok_to_mqtt << BITFIELD_OK_TO_MQTT_SHIFT);
             p->decoded.bitfield |= (p->decoded.want_response << BITFIELD_WANT_RESPONSE_SHIFT);
+            if (p->pki_encrypted == false && isBroadcast(p->to) && p->decoded.payload.size < 120) {
+                crypto->xeddsa_sign(p->decoded.payload.bytes, p->decoded.payload.size, p->decoded.xeddsa_signature.bytes);
+                p->decoded.xeddsa_signature.size = 64;
+                p->decoded.has_xeddsa_signature = true;
+                LOG_WARN("XEDDSA Signed!");
+            }
         }
 
         size_t numbytes = pb_encode_to_bytes(bytes, sizeof(bytes), &meshtastic_Data_msg, &p->decoded);
@@ -653,7 +678,9 @@ void Router::handleReceived(meshtastic_MeshPacket *p, RxSource src)
 
     // call modules here
     if (!skipHandle) {
+        if (p->from != nodeDB->getNodeNum()) {
             MeshModule::callModules(*p, src);
+        }
 
 #if !MESHTASTIC_EXCLUDE_MQTT
         // Mark as pki_encrypted if it is not yet decoded and MQTT encryption is also enabled, hash matches and it's a DM not to

src/mesh/TypeConversions.cpp

@@ -14,6 +14,7 @@ meshtastic_NodeInfo TypeConversions::ConvertToNodeInfo(const meshtastic_NodeInfo
     info.is_favorite = lite->is_favorite;
     info.is_ignored = lite->is_ignored;
     info.is_key_manually_verified = lite->bitfield & NODEINFO_BITFIELD_IS_KEY_MANUALLY_VERIFIED_MASK;
+    info.has_xeddsa_signed = lite->bitfield & NODEINFO_BITFIELD_HAS_XEDDSA_SIGNED_MASK;
 
     if (lite->has_hops_away) {
         info.has_hops_away = true;

src/mesh/generated/meshtastic/deviceonly.pb.h

@@ -362,7 +362,7 @@ extern const pb_msgdesc_t meshtastic_BackupPreferences_msg;
 #define MESHTASTIC_MESHTASTIC_DEVICEONLY_PB_H_MAX_SIZE meshtastic_BackupPreferences_size
 #define meshtastic_BackupPreferences_size        2271
 #define meshtastic_ChannelFile_size              718
-#define meshtastic_DeviceState_size              1737
+#define meshtastic_DeviceState_size              1944
 #define meshtastic_NodeInfoLite_size             196
 #define meshtastic_PositionLite_size             28
 #define meshtastic_UserLite_size                 98

src/mesh/generated/meshtastic/mesh.pb.h

@@ -710,6 +710,7 @@ typedef struct _meshtastic_Routing {
 } meshtastic_Routing;
 
 typedef PB_BYTES_ARRAY_T(233) meshtastic_Data_payload_t;
+typedef PB_BYTES_ARRAY_T(64) meshtastic_Data_xeddsa_signature_t;
 /* (Formerly called SubPacket)
  The payload portion fo a packet, this is the actual bytes that are sent
  inside a radio packet (because from/to are broken out by the comms library) */
@@ -743,6 +744,9 @@ typedef struct _meshtastic_Data {
     /* Bitfield for extra flags. First use is to indicate that user approves the packet being uploaded to MQTT. */
     bool has_bitfield;
     uint8_t bitfield;
+    /* XEdDSA signature for the payload */
+    bool has_xeddsa_signature;
+    meshtastic_Data_xeddsa_signature_t xeddsa_signature;
 } meshtastic_Data;
 
 typedef PB_BYTES_ARRAY_T(32) meshtastic_KeyVerification_hash1_t;
@@ -885,6 +889,8 @@ typedef struct _meshtastic_MeshPacket {
     uint32_t tx_after;
     /* Indicates which transport mechanism this packet arrived over */
     meshtastic_MeshPacket_TransportMechanism transport_mechanism;
+    /* Indicates whether the packet has a valid signature */
+    bool xeddsa_signed;
 } meshtastic_MeshPacket;
 
 /* The bluetooth to device link:
@@ -938,6 +944,10 @@ typedef struct _meshtastic_NodeInfo {
  Persists between NodeDB internal clean ups
  LSB 0 of the bitfield */
     bool is_key_manually_verified;
+    /* True if node is signing its packets via XEdDSA
+ Persists between NodeDB internal clean ups
+ LSB 1 of the bitfield */
+    bool has_xeddsa_signed;
 } meshtastic_NodeInfo;
 
 typedef PB_BYTES_ARRAY_T(16) meshtastic_MyNodeInfo_device_id_t;
@@ -1350,12 +1360,12 @@ extern "C" {
 #define meshtastic_User_init_default             {"", "", "", {0}, _meshtastic_HardwareModel_MIN, 0, _meshtastic_Config_DeviceConfig_Role_MIN, {0, {0}}, false, 0}
 #define meshtastic_RouteDiscovery_init_default   {0, {0, 0, 0, 0, 0, 0, 0, 0}, 0, {0, 0, 0, 0, 0, 0, 0, 0}, 0, {0, 0, 0, 0, 0, 0, 0, 0}, 0, {0, 0, 0, 0, 0, 0, 0, 0}}
 #define meshtastic_Routing_init_default          {0, {meshtastic_RouteDiscovery_init_default}}
-#define meshtastic_Data_init_default             {_meshtastic_PortNum_MIN, {0, {0}}, 0, 0, 0, 0, 0, 0, false, 0}
+#define meshtastic_Data_init_default             {_meshtastic_PortNum_MIN, {0, {0}}, 0, 0, 0, 0, 0, 0, false, 0, false, {0, {0}}}
 #define meshtastic_KeyVerification_init_default  {0, {0, {0}}, {0, {0}}}
 #define meshtastic_Waypoint_init_default         {0, false, 0, false, 0, 0, 0, "", "", 0}
 #define meshtastic_MqttClientProxyMessage_init_default {"", 0, {{0, {0}}}, 0}
-#define meshtastic_MeshPacket_init_default       {0, 0, 0, 0, {meshtastic_Data_init_default}, 0, 0, 0, 0, 0, _meshtastic_MeshPacket_Priority_MIN, 0, _meshtastic_MeshPacket_Delayed_MIN, 0, 0, {0, {0}}, 0, 0, 0, 0, _meshtastic_MeshPacket_TransportMechanism_MIN}
+#define meshtastic_MeshPacket_init_default       {0, 0, 0, 0, {meshtastic_Data_init_default}, 0, 0, 0, 0, 0, _meshtastic_MeshPacket_Priority_MIN, 0, _meshtastic_MeshPacket_Delayed_MIN, 0, 0, {0, {0}}, 0, 0, 0, 0, _meshtastic_MeshPacket_TransportMechanism_MIN, 0}
-#define meshtastic_NodeInfo_init_default         {0, false, meshtastic_User_init_default, false, meshtastic_Position_init_default, 0, 0, false, meshtastic_DeviceMetrics_init_default, 0, 0, false, 0, 0, 0, 0}
+#define meshtastic_NodeInfo_init_default         {0, false, meshtastic_User_init_default, false, meshtastic_Position_init_default, 0, 0, false, meshtastic_DeviceMetrics_init_default, 0, 0, false, 0, 0, 0, 0, 0}
 #define meshtastic_MyNodeInfo_init_default       {0, 0, 0, {0, {0}}, "", _meshtastic_FirmwareEdition_MIN, 0}
 #define meshtastic_LogRecord_init_default        {"", 0, "", _meshtastic_LogRecord_Level_MIN}
 #define meshtastic_QueueStatus_init_default      {0, 0, 0, 0}
@@ -1381,12 +1391,12 @@ extern "C" {
 #define meshtastic_User_init_zero                {"", "", "", {0}, _meshtastic_HardwareModel_MIN, 0, _meshtastic_Config_DeviceConfig_Role_MIN, {0, {0}}, false, 0}
 #define meshtastic_RouteDiscovery_init_zero      {0, {0, 0, 0, 0, 0, 0, 0, 0}, 0, {0, 0, 0, 0, 0, 0, 0, 0}, 0, {0, 0, 0, 0, 0, 0, 0, 0}, 0, {0, 0, 0, 0, 0, 0, 0, 0}}
 #define meshtastic_Routing_init_zero             {0, {meshtastic_RouteDiscovery_init_zero}}
-#define meshtastic_Data_init_zero                {_meshtastic_PortNum_MIN, {0, {0}}, 0, 0, 0, 0, 0, 0, false, 0}
+#define meshtastic_Data_init_zero                {_meshtastic_PortNum_MIN, {0, {0}}, 0, 0, 0, 0, 0, 0, false, 0, false, {0, {0}}}
 #define meshtastic_KeyVerification_init_zero     {0, {0, {0}}, {0, {0}}}
 #define meshtastic_Waypoint_init_zero            {0, false, 0, false, 0, 0, 0, "", "", 0}
 #define meshtastic_MqttClientProxyMessage_init_zero {"", 0, {{0, {0}}}, 0}
-#define meshtastic_MeshPacket_init_zero          {0, 0, 0, 0, {meshtastic_Data_init_zero}, 0, 0, 0, 0, 0, _meshtastic_MeshPacket_Priority_MIN, 0, _meshtastic_MeshPacket_Delayed_MIN, 0, 0, {0, {0}}, 0, 0, 0, 0, _meshtastic_MeshPacket_TransportMechanism_MIN}
+#define meshtastic_MeshPacket_init_zero          {0, 0, 0, 0, {meshtastic_Data_init_zero}, 0, 0, 0, 0, 0, _meshtastic_MeshPacket_Priority_MIN, 0, _meshtastic_MeshPacket_Delayed_MIN, 0, 0, {0, {0}}, 0, 0, 0, 0, _meshtastic_MeshPacket_TransportMechanism_MIN, 0}
-#define meshtastic_NodeInfo_init_zero            {0, false, meshtastic_User_init_zero, false, meshtastic_Position_init_zero, 0, 0, false, meshtastic_DeviceMetrics_init_zero, 0, 0, false, 0, 0, 0, 0}
+#define meshtastic_NodeInfo_init_zero            {0, false, meshtastic_User_init_zero, false, meshtastic_Position_init_zero, 0, 0, false, meshtastic_DeviceMetrics_init_zero, 0, 0, false, 0, 0, 0, 0, 0}
 #define meshtastic_MyNodeInfo_init_zero          {0, 0, 0, {0, {0}}, "", _meshtastic_FirmwareEdition_MIN, 0}
 #define meshtastic_LogRecord_init_zero           {"", 0, "", _meshtastic_LogRecord_Level_MIN}
 #define meshtastic_QueueStatus_init_zero         {0, 0, 0, 0}
@@ -1458,6 +1468,7 @@ extern "C" {
 #define meshtastic_Data_reply_id_tag             7
 #define meshtastic_Data_emoji_tag                8
 #define meshtastic_Data_bitfield_tag             9
+#define meshtastic_Data_xeddsa_signature_tag     10
 #define meshtastic_KeyVerification_nonce_tag     1
 #define meshtastic_KeyVerification_hash1_tag     2
 #define meshtastic_KeyVerification_hash2_tag     3
@@ -1494,6 +1505,7 @@ extern "C" {
 #define meshtastic_MeshPacket_relay_node_tag     19
 #define meshtastic_MeshPacket_tx_after_tag       20
 #define meshtastic_MeshPacket_transport_mechanism_tag 21
+#define meshtastic_MeshPacket_xeddsa_signed_tag  22
 #define meshtastic_NodeInfo_num_tag              1
 #define meshtastic_NodeInfo_user_tag             2
 #define meshtastic_NodeInfo_position_tag         3
@@ -1506,6 +1518,7 @@ extern "C" {
 #define meshtastic_NodeInfo_is_favorite_tag      10
 #define meshtastic_NodeInfo_is_ignored_tag       11
 #define meshtastic_NodeInfo_is_key_manually_verified_tag 12
+#define meshtastic_NodeInfo_has_xeddsa_signed_tag 13
 #define meshtastic_MyNodeInfo_my_node_num_tag    1
 #define meshtastic_MyNodeInfo_reboot_count_tag   8
 #define meshtastic_MyNodeInfo_min_app_version_tag 11
@@ -1666,7 +1679,8 @@ X(a, STATIC,   SINGULAR, FIXED32,  source,            5) \
 X(a, STATIC,   SINGULAR, FIXED32,  request_id,        6) \
 X(a, STATIC,   SINGULAR, FIXED32,  reply_id,          7) \
 X(a, STATIC,   SINGULAR, FIXED32,  emoji,             8) \
-X(a, STATIC,   OPTIONAL, UINT32,   bitfield,          9)
+X(a, STATIC,   OPTIONAL, UINT32,   bitfield,          9) \
+X(a, STATIC,   OPTIONAL, BYTES,    xeddsa_signature,  10)
 #define meshtastic_Data_CALLBACK NULL
 #define meshtastic_Data_DEFAULT NULL
 
@@ -1718,7 +1732,8 @@ X(a, STATIC,   SINGULAR, BOOL,     pki_encrypted,    17) \
 X(a, STATIC,   SINGULAR, UINT32,   next_hop,         18) \
 X(a, STATIC,   SINGULAR, UINT32,   relay_node,       19) \
 X(a, STATIC,   SINGULAR, UINT32,   tx_after,         20) \
-X(a, STATIC,   SINGULAR, UENUM,    transport_mechanism,  21)
+X(a, STATIC,   SINGULAR, UENUM,    transport_mechanism,  21) \
+X(a, STATIC,   SINGULAR, BOOL,     xeddsa_signed,    22)
 #define meshtastic_MeshPacket_CALLBACK NULL
 #define meshtastic_MeshPacket_DEFAULT NULL
 #define meshtastic_MeshPacket_payload_variant_decoded_MSGTYPE meshtastic_Data
@@ -1735,7 +1750,8 @@ X(a, STATIC,   SINGULAR, BOOL,     via_mqtt,          8) \
 X(a, STATIC,   OPTIONAL, UINT32,   hops_away,         9) \
 X(a, STATIC,   SINGULAR, BOOL,     is_favorite,      10) \
 X(a, STATIC,   SINGULAR, BOOL,     is_ignored,       11) \
-X(a, STATIC,   SINGULAR, BOOL,     is_key_manually_verified,  12)
+X(a, STATIC,   SINGULAR, BOOL,     is_key_manually_verified,  12) \
+X(a, STATIC,   SINGULAR, BOOL,     has_xeddsa_signed,  13)
 #define meshtastic_NodeInfo_CALLBACK NULL
 #define meshtastic_NodeInfo_DEFAULT NULL
 #define meshtastic_NodeInfo_user_MSGTYPE meshtastic_User
@@ -2018,7 +2034,7 @@ extern const pb_msgdesc_t meshtastic_ChunkedPayloadResponse_msg;
 #define meshtastic_ChunkedPayload_size           245
 #define meshtastic_ClientNotification_size       482
 #define meshtastic_Compressed_size               239
-#define meshtastic_Data_size                     269
+#define meshtastic_Data_size                     335
 #define meshtastic_DeviceMetadata_size           54
 #define meshtastic_DuplicatedPublicKey_size      0
 #define meshtastic_FileInfo_size                 236
@@ -2030,12 +2046,12 @@ extern const pb_msgdesc_t meshtastic_ChunkedPayloadResponse_msg;
 #define meshtastic_KeyVerification_size          79
 #define meshtastic_LogRecord_size                426
 #define meshtastic_LowEntropyKey_size            0
-#define meshtastic_MeshPacket_size               381
+#define meshtastic_MeshPacket_size               450
 #define meshtastic_MqttClientProxyMessage_size   501
 #define meshtastic_MyNodeInfo_size               83
 #define meshtastic_NeighborInfo_size             258
 #define meshtastic_Neighbor_size                 22
-#define meshtastic_NodeInfo_size                 323
+#define meshtastic_NodeInfo_size                 325
 #define meshtastic_NodeRemoteHardwarePin_size    29
 #define meshtastic_Position_size                 144
 #define meshtastic_QueueStatus_size              23

src/mesh/xeddsa.h

@@ -0,0 +1,40 @@
+#include <Arduino.h>
+// imported from SUPERCOP by Daniel J. Bernstein which is public domain
+
+// Byte-representation of the scalar value of 0 on the Ed25519 curve. Needed by `sc_neg`.
+static const uint8_t ZERO[32] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
+
+// Byte-representation of the scalar value of -1 on the Ed25519 curve. Needed by `sc_neg`.
+static const uint8_t MINUS_ONE[32] = {0xec, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7,
+                                      0xa2, 0xde, 0xf9, 0xde, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                                      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10};
+
+typedef uint64_t crypto_uint64;
+typedef int64_t crypto_int64;
+
+typedef int32_t crypto_int32;
+
+typedef crypto_int32 fe[10];
+
+static crypto_uint64 load_3(const unsigned char *in);
+
+static crypto_uint64 load_4(const unsigned char *in);
+
+void sc_muladd(unsigned char *s, const unsigned char *a, const unsigned char *b, const unsigned char *c);
+
+void fe_sub(fe h, fe f, fe g);
+
+void fe_frombytes(fe h, const unsigned char *s);
+
+void fe_1(fe h);
+
+void fe_add(fe h, const fe f, const fe g);
+
+void fe_sq(fe h, const fe f);
+
+void fe_mul(fe h, const fe f, const fe g);
+
+void fe_invert(fe out, const fe z);
+
+void fe_tobytes(unsigned char *s, const fe h);

src/modules/NodeInfoModule.cpp

@@ -18,6 +18,10 @@ bool NodeInfoModule::handleReceivedProtobuf(const meshtastic_MeshPacket &mp, mes
         LOG_WARN("Invalid nodeInfo detected, is_licensed mismatch!");
         return true;
     }
+    NodeNum sourceNum = getFrom(&mp);
+    auto node = nodeDB->getMeshNode(sourceNum);
+    if ((node->bitfield & NODEINFO_BITFIELD_HAS_XEDDSA_SIGNED_MASK) && !mp.xeddsa_signed)
+        return true;
 
     // Coerce user.id to be derived from the node number
     snprintf(p.id, sizeof(p.id), "!%08x", getFrom(&mp));

test/test_crypto/test_main.cpp

@@ -152,6 +152,31 @@ void test_PKC(void)
     TEST_ASSERT_EQUAL_MEMORY(expected_decrypted, decrypted, 10);
 }
 
+void test_XEdDSA(void)
+{
+    uint8_t private_key[32];
+    uint8_t x_public_key[32];
+    uint8_t ed_private_key[32];
+    uint8_t ed_public_key[32];
+    uint8_t ed_public_key2[32];
+    meshtastic_UserLite_public_key_t public_key;
+    uint8_t message[] = "This is a test!";
+    uint8_t message2[] = "This is a test.";
+    uint8_t signature[64];
+    for (int times = 0; times < 10; times++) {
+        printf("Start of time %u\n", times);
+        crypto->generateKeyPair(x_public_key, private_key);
+        // crypto->setDHPrivateKey(private_key);
+        crypto->priv_curve_to_ed_keys(private_key, ed_private_key, ed_public_key);
+        crypto->curve_to_ed_pub(x_public_key, ed_public_key2);
+        TEST_ASSERT_EQUAL_MEMORY(ed_public_key, ed_public_key2, 32);
+
+        crypto->xeddsa_sign(private_key, message, sizeof(message), signature);
+        TEST_ASSERT(crypto->xeddsa_verify(x_public_key, message, sizeof(message), signature));
+        TEST_ASSERT_FALSE(crypto->xeddsa_verify(x_public_key, message2, sizeof(message), signature));
+    }
+}
+
 void test_AES_CTR(void)
 {
     uint8_t expected[32];
@@ -192,6 +217,7 @@ void setup()
     RUN_TEST(test_DH25519);
     RUN_TEST(test_AES_CTR);
     RUN_TEST(test_PKC);
+    RUN_TEST(test_XEdDSA);
     exit(UNITY_END()); // stop unit testing
 }