DG4MLK/MeshCore-Evo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

* Mesh::onAnonDataRecv() slight optimisation, so that shared-secret calc doesn't need to be repeated

Browse Source 
* SensporMesh: req_type now optionally encoded in anon_req payload (so can send various requests without a prior login)
This commit is contained in:
Scott Powell
2025-07-07 20:41:28 +10:00
parent 7fb7b69bbc
commit 810b1f8fe7
6 changed files with 76 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
examples/simple_repeater/main.cpp
View File

@@ -149,7 +149,6 @@ class MyMesh : public mesh::Mesh, public CommonCLICallbacks {
oldest->id = id; oldest->id = id;
oldest->out_path_len = -1; // initially out_path is unknown oldest->out_path_len = -1; // initially out_path is unknown
oldest->last_timestamp = 0; oldest->last_timestamp = 0;
self_id.calcSharedSecret(oldest->secret, id); // calc ECDH shared secret
return oldest; return oldest;
} }
@@ -341,8 +340,8 @@ protected:
return ((int)_prefs.agc_reset_interval) * 4000; // milliseconds return ((int)_prefs.agc_reset_interval) * 4000; // milliseconds
} }
void onAnonDataRecv(mesh::Packet* packet, uint8_t type, const mesh::Identity& sender, uint8_t* data, size_t len) override { void onAnonDataRecv(mesh::Packet* packet, const uint8_t* secret, const mesh::Identity& sender, uint8_t* data, size_t len) override {
if (type == PAYLOAD_TYPE_ANON_REQ) { // received an initial request by a possible admin client (unknown at this stage) if (packet->getPayloadType() == PAYLOAD_TYPE_ANON_REQ) { // received an initial request by a possible admin client (unknown at this stage)
uint32_t timestamp; uint32_t timestamp;
memcpy(&timestamp, data, 4); memcpy(&timestamp, data, 4);
@@ -369,6 +368,7 @@ protected:
client->last_timestamp = timestamp; client->last_timestamp = timestamp;
client->last_activity = getRTCClock()->getCurrentTime(); client->last_activity = getRTCClock()->getCurrentTime();
client->is_admin = is_admin; client->is_admin = is_admin;
memcpy(client->secret, secret, PUB_KEY_SIZE);
uint32_t now = getRTCClock()->getCurrentTimeUnique(); uint32_t now = getRTCClock()->getCurrentTimeUnique();
memcpy(reply_data, &now, 4); // response packets always prefixed with timestamp memcpy(reply_data, &now, 4); // response packets always prefixed with timestamp

6
examples/simple_room_server/main.cpp
View File

@@ -188,7 +188,6 @@ class MyMesh : public mesh::Mesh, public CommonCLICallbacks {
newClient->id = id; newClient->id = id;
newClient->out_path_len = -1; // initially out_path is unknown newClient->out_path_len = -1; // initially out_path is unknown
newClient->last_timestamp = 0; newClient->last_timestamp = 0;
self_id.calcSharedSecret(newClient->secret, id); // calc ECDH shared secret
return newClient; return newClient;
} }
@@ -432,8 +431,8 @@ protected:
return true; return true;
} }
void onAnonDataRecv(mesh::Packet* packet, uint8_t type, const mesh::Identity& sender, uint8_t* data, size_t len) override { void onAnonDataRecv(mesh::Packet* packet, const uint8_t* secret, const mesh::Identity& sender, uint8_t* data, size_t len) override {
if (type == PAYLOAD_TYPE_ANON_REQ) { // received an initial request by a possible admin client (unknown at this stage) if (packet->getPayloadType() == PAYLOAD_TYPE_ANON_REQ) { // received an initial request by a possible admin client (unknown at this stage)
uint32_t sender_timestamp, sender_sync_since; uint32_t sender_timestamp, sender_sync_since;
memcpy(&sender_timestamp, data, 4); memcpy(&sender_timestamp, data, 4);
memcpy(&sender_sync_since, &data[4], 4); // sender's "sync messags SINCE x" timestamp memcpy(&sender_sync_since, &data[4], 4); // sender's "sync messags SINCE x" timestamp
@@ -465,6 +464,7 @@ protected:
client->sync_since = sender_sync_since; client->sync_since = sender_sync_since;
client->pending_ack = 0; client->pending_ack = 0;
client->push_failures = 0; client->push_failures = 0;
memcpy(client->secret, secret, PUB_KEY_SIZE);
uint32_t now = getRTCClock()->getCurrentTime(); uint32_t now = getRTCClock()->getCurrentTime();
client->last_activity = now; client->last_activity = now;

111
examples/simple_sensor/SensorMesh.cpp
View File

@@ -46,6 +46,7 @@
/* ------------------------------ Code -------------------------------- */ /* ------------------------------ Code -------------------------------- */
#define REQ_TYPE_LOGIN 0x00
#define REQ_TYPE_GET_STATUS 0x01 #define REQ_TYPE_GET_STATUS 0x01
#define REQ_TYPE_KEEP_ALIVE 0x02 #define REQ_TYPE_KEEP_ALIVE 0x02
#define REQ_TYPE_GET_TELEMETRY_DATA 0x03 #define REQ_TYPE_GET_TELEMETRY_DATA 0x03
@@ -139,12 +140,10 @@ void SensorMesh::saveContacts() {
} }
} }
int SensorMesh::handleRequest(ContactInfo& sender, uint32_t sender_timestamp, uint8_t* payload, size_t payload_len) { uint8_t SensorMesh::handleRequest(bool is_admin, uint32_t sender_timestamp, uint8_t req_type, uint8_t* payload, size_t payload_len) {
// uint32_t now = getRTCClock()->getCurrentTimeUnique();
// memcpy(reply_data, &now, 4); // response packets always prefixed with timestamp
memcpy(reply_data, &sender_timestamp, 4); // reflect sender_timestamp back in response packet (kind of like a 'tag') memcpy(reply_data, &sender_timestamp, 4); // reflect sender_timestamp back in response packet (kind of like a 'tag')
switch (payload[0]) { switch (req_type) {
case REQ_TYPE_GET_TELEMETRY_DATA: { case REQ_TYPE_GET_TELEMETRY_DATA: {
telemetry.reset(); telemetry.reset();
telemetry.addVoltage(TELEM_CHANNEL_SELF, (float)board.getBattMilliVolts() / 1000.0f); telemetry.addVoltage(TELEM_CHANNEL_SELF, (float)board.getBattMilliVolts() / 1000.0f);
@@ -253,63 +252,79 @@ int SensorMesh::getAGCResetInterval() const {
return ((int)_prefs.agc_reset_interval) * 4000; // milliseconds return ((int)_prefs.agc_reset_interval) * 4000; // milliseconds
} }
void SensorMesh::onAnonDataRecv(mesh::Packet* packet, uint8_t type, const mesh::Identity& sender, uint8_t* data, size_t len) { uint8_t SensorMesh::handleLoginReq(const mesh::Identity& sender, const uint8_t* secret, uint32_t sender_timestamp, const uint8_t* data) {
if (type == PAYLOAD_TYPE_ANON_REQ) { // received an initial request by a possible admin client (unknown at this stage) bool is_admin;
if (strcmp((char *) data, _prefs.password) == 0) { // check for valid password
is_admin = true;
} else if (strcmp((char *) data, _prefs.guest_password) == 0) { // check guest password
is_admin = false;
} else {
#if MESH_DEBUG
MESH_DEBUG_PRINTLN("Invalid password: %s", &data[4]);
#endif
return 0;
}
auto client = putContact(sender); // add to contacts (if not already known)
if (sender_timestamp <= client->last_timestamp) {
MESH_DEBUG_PRINTLN("Possible login replay attack!");
return 0; // FATAL: client table is full -OR- replay attack
}
MESH_DEBUG_PRINTLN("Login success!");
client->last_timestamp = sender_timestamp;
client->last_activity = getRTCClock()->getCurrentTime();
client->type = is_admin ? 1 : 0;
memcpy(client->shared_secret, secret, PUB_KEY_SIZE);
if (is_admin) {
// only need to saveContacts() if this is an admin
dirty_contacts_expiry = futureMillis(LAZY_CONTACTS_WRITE_DELAY);
}
uint32_t now = getRTCClock()->getCurrentTimeUnique();
memcpy(reply_data, &now, 4); // response packets always prefixed with timestamp
reply_data[4] = RESP_SERVER_LOGIN_OK;
reply_data[5] = 0; // NEW: recommended keep-alive interval (secs / 16)
reply_data[6] = client->type;
reply_data[7] = 0; // FUTURE: reserved
getRNG()->random(&reply_data[8], 4); // random blob to help packet-hash uniqueness
return 12; // reply length
}
void SensorMesh::onAnonDataRecv(mesh::Packet* packet, const uint8_t* secret, const mesh::Identity& sender, uint8_t* data, size_t len) {
if (packet->getPayloadType() == PAYLOAD_TYPE_ANON_REQ) { // received an initial request by a possible admin client (unknown at this stage)
uint32_t timestamp; uint32_t timestamp;
memcpy(&timestamp, data, 4); memcpy(&timestamp, data, 4);
bool is_admin;
data[len] = 0; // ensure null terminator data[len] = 0; // ensure null terminator
if (strcmp((char *) &data[4], _prefs.password) == 0) { // check for valid password
is_admin = true; uint8_t req_code;
} else if (strcmp((char *) &data[4], _prefs.guest_password) == 0) { // check guest password uint8_t i = 4;
is_admin = false; if (data[4] < 32) { // non-print char, is a request code
req_code = data[i++];
} else { } else {
#if MESH_DEBUG req_code = REQ_TYPE_LOGIN;
MESH_DEBUG_PRINTLN("Invalid password: %s", &data[4]);
#endif
return;
} }
auto client = putContact(sender); // add to contacts (if not already known) uint8_t reply_len;
if (timestamp <= client->last_timestamp) { if (req_code == REQ_TYPE_LOGIN) {
MESH_DEBUG_PRINTLN("Possible login replay attack!"); reply_len = handleLoginReq(sender, secret, timestamp, &data[i]);
return; // FATAL: client table is full -OR- replay attack } else {
reply_len = handleRequest(false, timestamp, req_code, &data[i], len - i);
} }
MESH_DEBUG_PRINTLN("Login success!"); if (reply_len == 0) return; // invalid request
client->last_timestamp = timestamp;
client->last_activity = getRTCClock()->getCurrentTime();
client->type = is_admin ? 1 : 0;
self_id.calcSharedSecret(client->shared_secret, client->id); // calc ECDH shared secret
if (is_admin) {
// only need to saveContacts() if this is an admin
dirty_contacts_expiry = futureMillis(LAZY_CONTACTS_WRITE_DELAY);
}
uint32_t now = getRTCClock()->getCurrentTimeUnique();
memcpy(reply_data, &now, 4); // response packets always prefixed with timestamp
reply_data[4] = RESP_SERVER_LOGIN_OK;
reply_data[5] = 0; // NEW: recommended keep-alive interval (secs / 16)
reply_data[6] = client->type;
reply_data[7] = 0; // FUTURE: reserved
getRNG()->random(&reply_data[8], 4); // random blob to help packet-hash uniqueness
if (packet->isRouteFlood()) { if (packet->isRouteFlood()) {
// let this sender know path TO here, so they can use sendDirect(), and ALSO encode the response // let this sender know path TO here, so they can use sendDirect(), and ALSO encode the response
mesh::Packet* path = createPathReturn(sender, client->shared_secret, packet->path, packet->path_len, mesh::Packet* path = createPathReturn(sender, secret, packet->path, packet->path_len,
PAYLOAD_TYPE_RESPONSE, reply_data, 12); PAYLOAD_TYPE_RESPONSE, reply_data, reply_len);
if (path) sendFlood(path, SERVER_RESPONSE_DELAY); if (path) sendFlood(path, SERVER_RESPONSE_DELAY);
} else { } else {
mesh::Packet* reply = createDatagram(PAYLOAD_TYPE_RESPONSE, sender, client->shared_secret, reply_data, 12); mesh::Packet* reply = createDatagram(PAYLOAD_TYPE_RESPONSE, sender, secret, reply_data, reply_len);
if (reply) { if (reply) sendFlood(reply, SERVER_RESPONSE_DELAY);
if (client->out_path_len >= 0) { // we have an out_path, so send DIRECT
sendDirect(reply, client->out_path, client->out_path_len, SERVER_RESPONSE_DELAY);
} else {
sendFlood(reply, SERVER_RESPONSE_DELAY);
}
}
} }
} }
} }
@@ -361,7 +376,7 @@ void SensorMesh::onPeerDataRecv(mesh::Packet* packet, uint8_t type, int sender_i
memcpy(&timestamp, data, 4); memcpy(&timestamp, data, 4);
if (timestamp > from.last_timestamp) { // prevent replay attacks if (timestamp > from.last_timestamp) { // prevent replay attacks
int reply_len = handleRequest(from, timestamp, &data[4], len - 4); uint8_t reply_len = handleRequest(from.isAdmin(), timestamp, data[4], &data[5], len - 5);
if (reply_len == 0) return; // invalid command if (reply_len == 0) return; // invalid command
from.last_timestamp = timestamp; from.last_timestamp = timestamp;

7
examples/simple_sensor/SensorMesh.h
View File

@@ -103,10 +103,10 @@ protected:
uint32_t getDirectRetransmitDelay(const mesh::Packet* packet) override; uint32_t getDirectRetransmitDelay(const mesh::Packet* packet) override;
int getInterferenceThreshold() const override; int getInterferenceThreshold() const override;
int getAGCResetInterval() const override; int getAGCResetInterval() const override;
void onAnonDataRecv(mesh::Packet* packet, uint8_t type, const mesh::Identity& sender, uint8_t* data, size_t len) override; void onAnonDataRecv(mesh::Packet* packet, const uint8_t* secret, const mesh::Identity& sender, uint8_t* data, size_t len) override;
int searchPeersByHash(const uint8_t* hash) override; int searchPeersByHash(const uint8_t* hash) override;
void getPeerSharedSecret(uint8_t* dest_secret, int peer_idx) override; void getPeerSharedSecret(uint8_t* dest_secret, int peer_idx) override;
void onAdvertRecv(mesh::Packet* packet, const mesh::Identity& id, uint32_t timestamp, const uint8_t* app_data, size_t app_data_len); void onAdvertRecv(mesh::Packet* packet, const mesh::Identity& id, uint32_t timestamp, const uint8_t* app_data, size_t app_data_len) override;
void onPeerDataRecv(mesh::Packet* packet, uint8_t type, int sender_idx, const uint8_t* secret, uint8_t* data, size_t len) override; void onPeerDataRecv(mesh::Packet* packet, uint8_t type, int sender_idx, const uint8_t* secret, uint8_t* data, size_t len) override;
bool onPeerPathRecv(mesh::Packet* packet, int sender_idx, const uint8_t* secret, uint8_t* path, uint8_t path_len, uint8_t extra_type, uint8_t* extra, uint8_t extra_len) override; bool onPeerPathRecv(mesh::Packet* packet, int sender_idx, const uint8_t* secret, uint8_t* path, uint8_t path_len, uint8_t extra_type, uint8_t* extra, uint8_t extra_len) override;
@@ -125,7 +125,8 @@ private:
void loadContacts(); void loadContacts();
void saveContacts(); void saveContacts();
int handleRequest(ContactInfo& sender, uint32_t sender_timestamp, uint8_t* payload, size_t payload_len); uint8_t handleLoginReq(const mesh::Identity& sender, const uint8_t* secret, uint32_t sender_timestamp, const uint8_t* data);
uint8_t handleRequest(bool is_admin, uint32_t sender_timestamp, uint8_t req_type, uint8_t* payload, size_t payload_len);
mesh::Packet* createSelfAdvert(); mesh::Packet* createSelfAdvert();
ContactInfo* putContact(const mesh::Identity& id); ContactInfo* putContact(const mesh::Identity& id);

2
src/Mesh.cpp
View File

@@ -181,7 +181,7 @@ DispatcherAction Mesh::onRecvPacket(Packet* pkt) {
uint8_t data[MAX_PACKET_PAYLOAD]; uint8_t data[MAX_PACKET_PAYLOAD];
int len = Utils::MACThenDecrypt(secret, data, macAndData, pkt->payload_len - i); int len = Utils::MACThenDecrypt(secret, data, macAndData, pkt->payload_len - i);
if (len > 0) { // success! if (len > 0) { // success!
onAnonDataRecv(pkt, pkt->getPayloadType(), sender, data, len); onAnonDataRecv(pkt, secret, sender, data, len);
pkt->markDoNotRetransmit(); pkt->markDoNotRetransmit();
} }
} }

4
src/Mesh.h
View File

@@ -107,10 +107,10 @@ protected:
/** /**
* \brief A (now decrypted) data packet has been received. * \brief A (now decrypted) data packet has been received.
* NOTE: these can be received multiple times (per sender/contents), via different routes * NOTE: these can be received multiple times (per sender/contents), via different routes
* \param type one of: PAYLOAD_TYPE_ANON_REQ * \param secret ECDH shared secret
* \param sender public key provided by sender * \param sender public key provided by sender
*/ */
virtual void onAnonDataRecv(Packet* packet, uint8_t type, const Identity& sender, uint8_t* data, size_t len) { } virtual void onAnonDataRecv(Packet* packet, const uint8_t* secret, const Identity& sender, uint8_t* data, size_t len) { }
/** /**
* \brief A path TO 'sender' has been received. (also with optional 'extra' data encoded) * \brief A path TO 'sender' has been received. (also with optional 'extra' data encoded)