working encryption?

This commit is contained in:
Cyberes 2024-06-30 19:00:22 -06:00
parent 3033e73840
commit e77a56e4bc
4 changed files with 53 additions and 62 deletions

1
.gitignore vendored
View File

@ -1,5 +1,6 @@
.idea .idea
config.yml config.yml
.vscode
# ---> Python # ---> Python
# Byte-compiled / optimized / DLL files # Byte-compiled / optimized / DLL files

View File

@ -305,25 +305,11 @@ bool TeleClientUDP::notify(byte event, const char* payload)
// decrypt received data // decrypt received data
#if SERVER_ENCRYPTION_ENABLE == 1 #if SERVER_ENCRYPTION_ENABLE == 1
Serial.println("decrypting data"); char decrypted_data[bytesRecv - 12 - 16 + 1]; // +1 for null-terminator
decrypt_string((unsigned char *)data, bytesRecv, (unsigned char *)decrypted_data);
if (bytesRecv >= 12 + 16) { data = decrypted_data;
char decrypted_data[bytesRecv - 12 - 16 + 1]; // +1 for null-terminator bytesRecv = strlen(decrypted_data);
decrypt_string((unsigned char *)data, bytesRecv, (unsigned char *)decrypted_data);
Serial.println("decrytion function exited");
if (decrypted_data[0] == '\0') {
continue;
}
data = decrypted_data;
bytesRecv = strlen(decrypted_data);
} else {
Serial.println("[CHACHA] Received data is too short to be decrypted");
continue;
}
Serial.println("decrypted data");
#endif #endif
// verify checksum // verify checksum
if (!verifyChecksum(data)) { if (!verifyChecksum(data)) {
Serial.print("[UDP] Checksum mismatch:"); Serial.print("[UDP] Checksum mismatch:");
@ -520,6 +506,14 @@ void TeleClientUDP::inbound()
} }
if (!data || len == 0) break; if (!data || len == 0) break;
data[len] = 0; data[len] = 0;
#if SERVER_ENCRYPTION_ENABLE == 1
char decrypted_data[len - 12 - 16 + 1];
decrypt_string((unsigned char *)data, len, (unsigned char *)decrypted_data);
data = decrypted_data;
len = strlen(decrypted_data);
#endif
Serial.print("[UDP] "); Serial.print("[UDP] ");
Serial.println(data); Serial.println(data);
rxBytes += len; rxBytes += len;

View File

@ -3,6 +3,7 @@
#include <stdio.h> #include <stdio.h>
#include <ChaChaPoly.h> #include <ChaChaPoly.h>
#include <HardwareSerial.h> #include <HardwareSerial.h>
#include "Crypto.h"
void print_hex(const unsigned char *data, size_t length) { void print_hex(const unsigned char *data, size_t length) {
for (size_t i = 0; i < length; ++i) { for (size_t i = 0; i < length; ++i) {
@ -12,7 +13,6 @@ void print_hex(const unsigned char *data, size_t length) {
} }
void encrypt_string(const unsigned char *input, size_t length, unsigned char *output) { void encrypt_string(const unsigned char *input, size_t length, unsigned char *output) {
// Create an instance of the ChaChaPoly class
ChaChaPoly chachaPoly; ChaChaPoly chachaPoly;
// Initialize the encryption key // Initialize the encryption key
@ -20,8 +20,6 @@ void encrypt_string(const unsigned char *input, size_t length, unsigned char *ou
for (int i = 0; i < 32; ++i) { for (int i = 0; i < 32; ++i) {
sscanf(CHACHA20_KEY + 2*i, "%02x", &key[i]); sscanf(CHACHA20_KEY + 2*i, "%02x", &key[i]);
} }
// Set the encryption key
chachaPoly.setKey(key, sizeof(key)); chachaPoly.setKey(key, sizeof(key));
// Generate a random nonce (IV) // Generate a random nonce (IV)
@ -38,12 +36,10 @@ void encrypt_string(const unsigned char *input, size_t length, unsigned char *ou
// Prepend the nonce to the output // Prepend the nonce to the output
memcpy(output, nonce, sizeof(nonce)); memcpy(output, nonce, sizeof(nonce));
// Clear the encryption context
chachaPoly.clear(); chachaPoly.clear();
} }
void decrypt_string(const unsigned char *input, size_t length, unsigned char *output) { void decrypt_string(const unsigned char *input, size_t length, unsigned char *output) {
// Create an instance of the ChaChaPoly class
ChaChaPoly chachaPoly; ChaChaPoly chachaPoly;
// Initialize the decryption key // Initialize the decryption key
@ -51,14 +47,8 @@ void decrypt_string(const unsigned char *input, size_t length, unsigned char *ou
for (int i = 0; i < 32; ++i) { for (int i = 0; i < 32; ++i) {
sscanf(CHACHA20_KEY + 2*i, "%02x", &key[i]); sscanf(CHACHA20_KEY + 2*i, "%02x", &key[i]);
} }
Serial.println("loaded key");
// Set the decryption key
chachaPoly.setKey(key, sizeof(key)); chachaPoly.setKey(key, sizeof(key));
Serial.println("set key");
// Extract the nonce (IV) from the input // Extract the nonce (IV) from the input
unsigned char nonce[12]; unsigned char nonce[12];
memcpy(nonce, input, sizeof(nonce)); memcpy(nonce, input, sizeof(nonce));
@ -72,49 +62,55 @@ void decrypt_string(const unsigned char *input, size_t length, unsigned char *ou
return; return;
} }
Serial.println("did nonce");
// Decrypt the input data // Decrypt the input data
size_t decryptedLength = length - sizeof(nonce) - chachaPoly.tagSize(); size_t decryptedLength = length - sizeof(nonce) - chachaPoly.tagSize();
chachaPoly.decrypt(output, input + sizeof(nonce), decryptedLength); chachaPoly.decrypt(output, input + sizeof(nonce), decryptedLength);
Serial.println("did decryption"); // String decryptedString = "";
// for (size_t i = 0; i < decryptedLength; i++) {
// decryptedString += (char)output[i];
// }
// Serial.println(decryptedString);
// Print the decrypted data as hex values const unsigned char *tagPtr = input + sizeof(nonce) + decryptedLength; // actual tag
String decryptedString = ""; uint8_t computedTag[16]; // computed tag
for (size_t i = 0; i < decryptedLength; i++) {
decryptedString += (char)output[i];
}
Serial.println(decryptedString);
// Verify the authentication tag
const unsigned char *tagPtr = input + sizeof(nonce) + decryptedLength;
Serial.print("Tag: ");
for (size_t i = 0; i < chachaPoly.tagSize(); i++) {
Serial.print(tagPtr[i], HEX);
Serial.print(" ");
}
Serial.println();
Serial.print("Computed Tag: ");
uint8_t computedTag[16];
chachaPoly.computeTag(computedTag, sizeof(computedTag)); chachaPoly.computeTag(computedTag, sizeof(computedTag));
for (size_t i = 0; i < sizeof(computedTag); i++) {
Serial.print(computedTag[i], HEX);
Serial.print(" ");
}
Serial.println();
if (!chachaPoly.checkTag(tagPtr, chachaPoly.tagSize())) { // Serial.print("Tag: ");
Serial.println("Authentication failed!"); // for (size_t i = 0; i < chachaPoly.tagSize(); i++) {
// Serial.print(tagPtr[i], HEX);
// Serial.print(" ");
// }
// Serial.println();
// Serial.print("Computed Tag: ");
// for (size_t i = 0; i < sizeof(computedTag); i++) {
// Serial.print(computedTag[i], HEX);
// Serial.print(" ");
// }
// Serial.println();
///// BEGIN TAG VERIFY
// The crypto library implementation of tag verification crashes.
// Can never match if the expected tag length is too long.
if (chachaPoly.tagSize() > 16) {
Serial.println("[CHACHA] Authentication failed: expected tag length is too long");
output[0] = '\0'; // Set output to an empty string output[0] = '\0'; // Set output to an empty string
return; return;
} }
/// // Compute the tag and check it.
bool equal = secure_compare(computedTag, tagPtr, chachaPoly.tagSize());
clean(computedTag);
// Clear the decryption context if (!equal) {
Serial.println("[CHACHA] Authentication failed!");
output[0] = '\0';
return;
}
///// END TAG VERIFY
output[decryptedLength] = '\0';
chachaPoly.clear(); chachaPoly.clear();
} }

View File

@ -142,7 +142,7 @@ func main() {
return return
} }
fmt.Println(string(backendResponse[:])) //fmt.Println(string(backendResponse[:]))
// Encrypt the backend's response. // Encrypt the backend's response.
encryptedBackendResponse, err := encryption.Encrypt(key, backendResponse[:n]) encryptedBackendResponse, err := encryption.Encrypt(key, backendResponse[:n])