DG4MLK/MeshCore-Evo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Revert identity change

Browse Source
This commit is contained in:
Alex Wolden
2025-03-05 19:37:22 -08:00
parent 86389579eb
commit 0fc85b8c59
2 changed files with 7 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
platformio.ini
View File

@@ -349,9 +349,9 @@ build_flags =
-D P_LORA_TX_LED=2 ; LED pin for TX indication -D P_LORA_TX_LED=2 ; LED pin for TX indication
-D PIN_VBAT_READ=35 ; Battery voltage reading (analog pin) -D PIN_VBAT_READ=35 ; Battery voltage reading (analog pin)
-D RADIO_CLASS=CustomSX1276 -D RADIO_CLASS=CustomSX1276
-D ARDUINO_LOOP_STACK_SIZE=16384
-D WRAPPER_CLASS=CustomSX1276Wrapper -D WRAPPER_CLASS=CustomSX1276Wrapper
-D LORA_TX_POWER=20 -D LORA_TX_POWER=20
-D USE_ESP32_ENCRYPTION=true
; ============= ; =============
[LilyGo_T3S3_sx1262] [LilyGo_T3S3_sx1262]

65
src/Identity.cpp
View File

@@ -3,11 +3,6 @@
#define ED25519_NO_SEED 1 #define ED25519_NO_SEED 1
#include <ed_25519.h> #include <ed_25519.h>
// For weaker ESP32 boards, we use libsodium for cryptographic operations to reduce stack usage
#ifdef USE_ESP32_ENCRYPTION
#include <sodium.h>
#endif
namespace mesh { namespace mesh {
Identity::Identity() { Identity::Identity() {
@@ -19,11 +14,7 @@ Identity::Identity(const char* pub_hex) {
} }
bool Identity::verify(const uint8_t* sig, const uint8_t* message, int msg_len) const { bool Identity::verify(const uint8_t* sig, const uint8_t* message, int msg_len) const {
#ifdef USE_ESP32_ENCRYPTION return ed25519_verify(sig, message, msg_len, pub_key);
return crypto_sign_ed25519_verify_detached(sig, message, msg_len, pub_key) == 0;
#else
return ed25519_verify(sig, message, msg_len, pub_key);
#endif
} }
bool Identity::readFrom(Stream& s) { bool Identity::readFrom(Stream& s) {
@@ -41,7 +32,6 @@ void Identity::printTo(Stream& s) const {
LocalIdentity::LocalIdentity() { LocalIdentity::LocalIdentity() {
memset(prv_key, 0, sizeof(prv_key)); memset(prv_key, 0, sizeof(prv_key));
} }
LocalIdentity::LocalIdentity(const char* prv_hex, const char* pub_hex) : Identity(pub_hex) { LocalIdentity::LocalIdentity(const char* prv_hex, const char* pub_hex) : Identity(pub_hex) {
Utils::fromHex(prv_key, PRV_KEY_SIZE, prv_hex); Utils::fromHex(prv_key, PRV_KEY_SIZE, prv_hex);
} }
@@ -49,21 +39,7 @@ LocalIdentity::LocalIdentity(const char* prv_hex, const char* pub_hex) : Identit
LocalIdentity::LocalIdentity(RNG* rng) { LocalIdentity::LocalIdentity(RNG* rng) {
uint8_t seed[SEED_SIZE]; uint8_t seed[SEED_SIZE];
rng->random(seed, SEED_SIZE); rng->random(seed, SEED_SIZE);
ed25519_create_keypair(pub_key, prv_key, seed);
#ifdef USE_ESP32_ENCRYPTION
// Use libsodium for keypair generation on ESP32 to reduce stack usage
// NOTE: Format differences between implementations:
// - The current ed25519 implementation (orlp/ed25519) uses a 64-byte private key format
// - Libsodium also uses a 64-byte format for Ed25519 secret keys, where:
// * First 32 bytes: the actual private key seed
// * Last 32 bytes: the corresponding public key
// Generate keypair using libsodium with the provided seed
// This avoids the deep stack usage of the default implementation
crypto_sign_ed25519_seed_keypair(pub_key, prv_key, seed);
#else
ed25519_create_keypair(pub_key, prv_key, seed);
#endif
} }
bool LocalIdentity::readFrom(Stream& s) { bool LocalIdentity::readFrom(Stream& s) {
@@ -101,46 +77,17 @@ void LocalIdentity::readFrom(const uint8_t* src, size_t len) {
memcpy(pub_key, &src[PRV_KEY_SIZE], PUB_KEY_SIZE); memcpy(pub_key, &src[PRV_KEY_SIZE], PUB_KEY_SIZE);
} else if (len == PRV_KEY_SIZE) { } else if (len == PRV_KEY_SIZE) {
memcpy(prv_key, src, PRV_KEY_SIZE); memcpy(prv_key, src, PRV_KEY_SIZE);
// now need to re-calculate the pub_key
#ifdef USE_ESP32_ENCRYPTION ed25519_derive_pub(pub_key, prv_key);
// In libsodium, the private key already contains the public key in its last 32 bytes
// We can just extract it directly, avoiding the expensive derivation calculation
memcpy(pub_key, prv_key + 32, 32);
#else
// now need to re-calculate the pub_key
ed25519_derive_pub(pub_key, prv_key);
#endif
} }
} }
void LocalIdentity::sign(uint8_t* sig, const uint8_t* message, int msg_len) const { void LocalIdentity::sign(uint8_t* sig, const uint8_t* message, int msg_len) const {
#ifdef USE_ESP32_ENCRYPTION ed25519_sign(sig, message, msg_len, pub_key, prv_key);
crypto_sign_ed25519_detached(sig, NULL, message, msg_len, prv_key);
#else
ed25519_sign(sig, message, msg_len, pub_key, prv_key);
#endif
} }
void LocalIdentity::calcSharedSecret(uint8_t* secret, const uint8_t* other_pub_key) { void LocalIdentity::calcSharedSecret(uint8_t* secret, const uint8_t* other_pub_key) {
#ifdef USE_ESP32_ENCRYPTION ed25519_key_exchange(secret, other_pub_key, prv_key);
// NOTE: To calculate a shared secret with Ed25519 keys and libsodium, we need to:
// Convert the Ed25519 keys to Curve25519 (X25519) format
// Perform the key exchange using the converted keys
//
// The default implementation handles this conversion internally,
// but with libsodium we need to do these steps explicitly.
unsigned char x25519_pk[crypto_scalarmult_curve25519_BYTES];
unsigned char x25519_sk[crypto_scalarmult_curve25519_BYTES];
// Convert Ed25519 keys to Curve25519 keys for ECDH
crypto_sign_ed25519_pk_to_curve25519(x25519_pk, other_pub_key);
crypto_sign_ed25519_sk_to_curve25519(x25519_sk, prv_key);
// Calculate shared secret using X25519
crypto_scalarmult_curve25519(secret, x25519_sk, x25519_pk);
#else
ed25519_key_exchange(secret, other_pub_key, prv_key);
#endif
} }
} }