Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adds public_key and private_key for PKI #542

Merged
merged 9 commits into from
Aug 8, 2024
Merged

Adds public_key and private_key for PKI #542

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
d55be9e
Adds public_key and private_key for PKI
jp-bennett Aug 5, 2024
905d712
Add the key used to PKI decrypt to MeshPacket
jp-bennett Aug 5, 2024
1e1c4d9
Re-org some settings into a new SecurityConfig proto
jp-bennett Aug 7, 2024
951cca0
Also move device_logging_enabled from bluetooth to SecurityConfig
jp-bennett Aug 7, 2024
1696cdf
Add SecurityConfig to Localonly
jp-bennett Aug 7, 2024
f5a12c0
Add admin_channel_enabled to the security config
jp-bennett Aug 7, 2024
81fd9d3
No default for you, Proto3
jp-bennett Aug 7, 2024
4e58f9e
Update config.proto
garthvh Aug 8, 2024
b332e07
Update config.proto
garthvh Aug 8, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions meshtastic/config.options
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,3 +15,7 @@
*LoRaConfig.channel_num int_size:16

*PowerConfig.device_battery_ina_address int_size:8

*SecurityConfig.public_key max_size:32
*SecurityConfig.private_key max_size:32
*SecurityConfig.admin_key max_size:32
60 changes: 56 additions & 4 deletions meshtastic/config.proto
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -135,14 +135,16 @@ message Config {

/*
* Disabling this will disable the SerialConsole by not initilizing the StreamAPI
* Moved to SecurityConfig
*/
bool serial_enabled = 2;
bool serial_enabled = 2[deprecated = true];

/*
* By default we turn off logging as soon as an API client connects (to keep shared serial link quiet).
* Set this to true to leave the debug log outputting even when API is active.
* Moved to SecurityConfig
*/
bool debug_log_enabled = 3;
bool debug_log_enabled = 3[deprecated = true];

/*
* For boards without a hard wired button, this is the pin number that will be used
Expand Down Expand Up @@ -175,8 +177,9 @@ message Config {
/*
* If true, device is considered to be "managed" by a mesh administrator
* Clients should then limit available configuration and administrative options inside the user interface
* Moved to SecurityConfig
*/
bool is_managed = 9;
bool is_managed = 9[deprecated = true];

/*
* Disables the triple-press of user button to enable or disable GPS
Expand Down Expand Up @@ -1006,8 +1009,56 @@ message Config {

/*
* Enables device (serial style logs) over Bluetooth
* Moved to SecurityConfig
*/
bool device_logging_enabled = 4;
bool device_logging_enabled = 4[deprecated = true];
}

message SecurityConfig {

/*
* The public key of the user's device.
* Sent out to other nodes on the mesh to allow them to compute a shared secret key.
*/
bytes public_key = 1;

/*
* The private key of the device.
* Used to create a shared key with a remote device.
*/
bytes private_key = 2;

/*
* The public key authorized to send admin messages to this node.
*/
bytes admin_key = 3;

/*
* If true, device is considered to be "managed" by a mesh administrator via admin messages
* Device is managed by a mesh administrator.
*/
bool is_managed = 4;

/*
* Serial Console over the Stream API."
*/
bool serial_enabled = 5;

/*
* By default we turn off logging as soon as an API client connects (to keep shared serial link quiet).
* Output live debug logging over serial.
*/
bool debug_log_api_enabled = 6;

/*
* Enables device (serial style logs) over Bluetooth
*/
bool bluetooth_logging_enabled = 7;
thebentern marked this conversation as resolved.
Show resolved Hide resolved

/*
* Allow incoming device control over the insecure legacy admin channel.
*/
bool admin_channel_enabled = 8;
}

/*
Expand All @@ -1021,5 +1072,6 @@ message Config {
DisplayConfig display = 5;
LoRaConfig lora = 6;
BluetoothConfig bluetooth = 7;
SecurityConfig security = 8;
}
}
5 changes: 5 additions & 0 deletions meshtastic/localonly.proto
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,11 @@ message LocalConfig {
* NodeDB.cpp in the device code.
*/
uint32 version = 8;

/*
* The part of the config that is specific to Security settings
*/
Config.SecurityConfig security = 9;
}

message LocalModuleConfig {
Expand Down
1 change: 1 addition & 0 deletions meshtastic/mesh.options
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@

*macaddr max_size:6 fixed_length:true # macaddrs
*id max_size:16 # node id strings
*public_key max_size:32 # public key

*User.long_name max_size:40
*User.short_name max_size:5
Expand Down
16 changes: 16 additions & 0 deletions meshtastic/mesh.proto
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -665,6 +665,12 @@ message User {
* Indicates that the user's role in the mesh
*/
Config.DeviceConfig.Role role = 7;

/*
* The public key of the user's device.
* This is sent out to other nodes on the mesh to allow them to compute a shared secret key.
*/
bytes public_key = 8;
}

/*
Expand Down Expand Up @@ -1105,6 +1111,16 @@ message MeshPacket {
* When receiving a packet, the difference between hop_start and hop_limit gives how many hops it traveled.
*/
uint32 hop_start = 15;

/*
* Records the public key the packet was encrypted with, if applicable.
*/
bytes public_key = 16;

/*
* Indicates whether the packet was en/decrypted using PKI
*/
bool pki_encrypted = 17;
}

/*
Expand Down