* fix: add null check for getMeshNode() in NodeInfoModule
getMeshNode() can return nullptr for unknown nodes. Dereferencing
without a check crashes the firmware when receiving NodeInfo from
a node not yet in the database.
* fix: enforce XEdDSA signature verification and prevent stripping
Previously, failed signature verification still allowed the packet
through, making signatures purely cosmetic. Now:
- Failed verification drops the packet (DECODE_FAILURE)
- Successfully verified nodes get HAS_XEDDSA_SIGNED bitfield set
- Unsigned packets from previously-signing nodes are rejected
- Log levels reduced from WARN/ERROR to DEBUG/WARN as appropriate
* fix: include packet metadata in XEdDSA signature
The signature now covers [fromNode | packetId | portnum | payload]
instead of just the payload bytes. This prevents:
- Replay attacks (different packetId fails verification)
- Reattribution (different fromNode fails verification)
- Portnum redirection (different portnum fails verification)
Also adds a key initialization check to xeddsa_sign (returns false
if XEdDSA keys are all zeros) and checks the return value in the
encode path.
* fix: handle existing key pair in AdminModule security config
When a user provides both a valid private key and public key via
admin config, the crypto engine's DH private key and owner public
key were never loaded. DMs and XEdDSA signing would silently break.
Add an else branch to load both keys into the crypto engine.
* perf: cache Ed25519 public key conversion in xeddsa_verify
curve_to_ed_pub() performs field element parsing, inversion, and
multiplication on every call. Since packets from the same node
tend to arrive in bursts, a single-entry cache avoids repeating
this expensive conversion for consecutive packets from one sender.
* fix: skip identity cleanup when node number is unchanged
createNewIdentity() was called on every generateCryptoKeyPair(),
including normal boots where the same key is regenerated. This
caused unnecessary NodeDB writes and old-node cleanup logic to
run when the node number hadn't actually changed.
Also fixes only zeroing byte[0] of the old node's public key
instead of clearing the entire array.
* fix: replace hardcoded 120 with derived XEDDSA_SIGNATURE_SIZE constant
The payload size check for XEdDSA signing used a magic number (120).
Replace with a derivation from DATA_PAYLOAD_LEN and XEDDSA_SIGNATURE_SIZE
so the limit adjusts automatically if constants change. This also
increases the max signable payload from 120 to 169 bytes, which is
still safe since the actual encoded size is checked after pb_encode.
* fix: add const qualifiers to XEdDSA verify and curve_to_ed_pub inputs
pubKey, payload, and signature parameters in xeddsa_verify are
input-only and should not be modified. Same for curve_pubkey in
curve_to_ed_pub.
* chore: remove commented-out old Crypto dependency in portduino.ini
* Leave out the admin module change for now
---------
Co-authored-by: Jonathan Bennett <jbennett@incomsystems.biz>
* RoutingModule::sendAckNak takes ackWantsAck arg to set want_ack on the ACK itself
* Use reliable delivery for traceroute requests (which will be copied to traceroute responses by setReplyTo)
* Update ReliableRouter::sniffReceived to use ReliableRouter::shouldSuccessAckWithWantAck
* Use isFromUs
* Update MockRoutingModule::sendAckNak to include ackWantsAck argument (currently ignored)
---------
Co-authored-by: Ben Meadors <benmmeadors@gmail.com>
* Make phone queues use a static pointer queue
* Static init
* Compile time constants now
* Instead, lets just use the normal pointerqueue for linux native builds and static for IoT platforms
* Add missing method
* Missing methods
* Update variant.h
289f90bdbe
merged a commit that relied on
5b9db81819
but the latter commit was not merged.
This does manual wrangling to make sure the same file that exists on develop
right now ends up on master.
* Added map report precision bounds
* Log warning
* Precision range should be 12-15
* Missed commit
* Update tests
* That method was renamed
* Removed now-defunct test call
* Remove defunct test
* Sanity check configuration for the default MQTT server
* Skip for MESHTASTIC_EXCLUDE_MQTT
---------
Co-authored-by: Ben Meadors <benmmeadors@gmail.com>
* Re-implement PKI from #1509
co-authored-by: edinnen <ethanjdinnen@protonmail.com>
* Set the key lengnth to actually make PKI work.
* Remove unused variable and initialize keys to null
* move printBytes() to meshUtils
* Don't reset PKI key son reboot unless needed.
* Remove double encryption for PKI messages
* Cleanup encrypt logic
* Add the MESHTASTIC_EXCLUDE_PKI option, and set it for minimal builds. Required for STM32 targets for now.
* Use SHA-256 for PKI key hashing, and add MESHTASTIC_EXCLUDE_PKI_KEYGEN for STM32
* Fix a crash when node is null
* Don't send PKI encrypted packets while licensed
* use chIndex 8 for PKI
* Don't be so clever, that you corrupt incoming packets
* Pass on channel 8 for now
* Typo
* Lock keys once non-zero
* We in fact need 2 scratch buffers, to store the encrypted bytes, unencrypted bytes, and decoded protobuf.
* Lighter approach to retaining known key
* Attach the public key to PKI decrypted packets in device memory
* Turn PKI back off for STM32 :(
* Don't just memcp over a protobuf
* Don't PKI encrypt nodeinfo packets
* Add a bit more memory logging around nodeDB
* Use the proper macro to refer to NODENUM_BROADCAST
* Typo fix
* Don't PKI encrypt ROUTING (naks and acks)
* Adds SecurityConfig protobuf
* Add admin messages over PKI
* Disable PKI for the WIO-e5
* Add MINIMUM_SAFE_FREE_HEAP macro and set to safe 1.5k
* Add missed "has_security"
* Add the admin_channel_enabled option
* STM32 again
* add missed configuration.h at the top of files
* Add EXCLUDE_TZ and RTC
* Enable PKI build on STM32 once again
* Attempt 1 at moving PKI to aes-ccm
* Fix buffers for encrypt/decrypt
* Eliminate unused aes variable
* Add debugging lines
* Set hash to 0 for PKI
* Fix debug lines so they don't print pointers.
* logic fix and more debug
* Rather important typo
* Check for short packets before attempting decrypt
* Don't forget to give cryptoEngine the keys!
* Use the right scratch buffer
* Cleanup
* moar cleanups
* Minor hardening
* Remove some in-progress stuff
* Turn PKI back off on STM32
* Return false
* 2.5 protos
* Sync up protos
* Add initial cryptography test vector tests
* re-add MINIMUM_SAFE_FREE_HEAP
* Housekeeping and comment fixes
* Add explanatory comment about weak dh25519 keys
---------
Co-authored-by: Ben Meadors <benmmeadors@gmail.com>
