working encryption?

This commit is contained in:
Cyberes 2024-06-30 19:00:22 -06:00
parent 3033e73840
commit e77a56e4bc
4 changed files with 53 additions and 62 deletions

1
.gitignore vendored
View File

@ -1,5 +1,6 @@
.idea
config.yml
.vscode
# ---> Python
# Byte-compiled / optimized / DLL files

View File

@ -305,25 +305,11 @@ bool TeleClientUDP::notify(byte event, const char* payload)
// decrypt received data
#if SERVER_ENCRYPTION_ENABLE == 1
Serial.println("decrypting data");
if (bytesRecv >= 12 + 16) {
char decrypted_data[bytesRecv - 12 - 16 + 1]; // +1 for null-terminator
decrypt_string((unsigned char *)data, bytesRecv, (unsigned char *)decrypted_data);
Serial.println("decrytion function exited");
if (decrypted_data[0] == '\0') {
continue;
}
data = decrypted_data;
bytesRecv = strlen(decrypted_data);
} else {
Serial.println("[CHACHA] Received data is too short to be decrypted");
continue;
}
Serial.println("decrypted data");
char decrypted_data[bytesRecv - 12 - 16 + 1]; // +1 for null-terminator
decrypt_string((unsigned char *)data, bytesRecv, (unsigned char *)decrypted_data);
data = decrypted_data;
bytesRecv = strlen(decrypted_data);
#endif
// verify checksum
if (!verifyChecksum(data)) {
Serial.print("[UDP] Checksum mismatch:");
@ -520,6 +506,14 @@ void TeleClientUDP::inbound()
}
if (!data || len == 0) break;
data[len] = 0;
#if SERVER_ENCRYPTION_ENABLE == 1
char decrypted_data[len - 12 - 16 + 1];
decrypt_string((unsigned char *)data, len, (unsigned char *)decrypted_data);
data = decrypted_data;
len = strlen(decrypted_data);
#endif
Serial.print("[UDP] ");
Serial.println(data);
rxBytes += len;

View File

@ -3,6 +3,7 @@
#include <stdio.h>
#include <ChaChaPoly.h>
#include <HardwareSerial.h>
#include "Crypto.h"
void print_hex(const unsigned char *data, size_t length) {
for (size_t i = 0; i < length; ++i) {
@ -12,7 +13,6 @@ void print_hex(const unsigned char *data, size_t length) {
}
void encrypt_string(const unsigned char *input, size_t length, unsigned char *output) {
// Create an instance of the ChaChaPoly class
ChaChaPoly chachaPoly;
// Initialize the encryption key
@ -20,8 +20,6 @@ void encrypt_string(const unsigned char *input, size_t length, unsigned char *ou
for (int i = 0; i < 32; ++i) {
sscanf(CHACHA20_KEY + 2*i, "%02x", &key[i]);
}
// Set the encryption key
chachaPoly.setKey(key, sizeof(key));
// Generate a random nonce (IV)
@ -38,12 +36,10 @@ void encrypt_string(const unsigned char *input, size_t length, unsigned char *ou
// Prepend the nonce to the output
memcpy(output, nonce, sizeof(nonce));
// Clear the encryption context
chachaPoly.clear();
}
void decrypt_string(const unsigned char *input, size_t length, unsigned char *output) {
// Create an instance of the ChaChaPoly class
ChaChaPoly chachaPoly;
// Initialize the decryption key
@ -51,14 +47,8 @@ void decrypt_string(const unsigned char *input, size_t length, unsigned char *ou
for (int i = 0; i < 32; ++i) {
sscanf(CHACHA20_KEY + 2*i, "%02x", &key[i]);
}
Serial.println("loaded key");
// Set the decryption key
chachaPoly.setKey(key, sizeof(key));
Serial.println("set key");
// Extract the nonce (IV) from the input
unsigned char nonce[12];
memcpy(nonce, input, sizeof(nonce));
@ -72,49 +62,55 @@ void decrypt_string(const unsigned char *input, size_t length, unsigned char *ou
return;
}
Serial.println("did nonce");
// Decrypt the input data
size_t decryptedLength = length - sizeof(nonce) - chachaPoly.tagSize();
chachaPoly.decrypt(output, input + sizeof(nonce), decryptedLength);
Serial.println("did decryption");
// String decryptedString = "";
// for (size_t i = 0; i < decryptedLength; i++) {
// decryptedString += (char)output[i];
// }
// Serial.println(decryptedString);
// Print the decrypted data as hex values
String decryptedString = "";
for (size_t i = 0; i < decryptedLength; i++) {
decryptedString += (char)output[i];
}
Serial.println(decryptedString);
// Verify the authentication tag
const unsigned char *tagPtr = input + sizeof(nonce) + decryptedLength;
Serial.print("Tag: ");
for (size_t i = 0; i < chachaPoly.tagSize(); i++) {
Serial.print(tagPtr[i], HEX);
Serial.print(" ");
}
Serial.println();
Serial.print("Computed Tag: ");
uint8_t computedTag[16];
const unsigned char *tagPtr = input + sizeof(nonce) + decryptedLength; // actual tag
uint8_t computedTag[16]; // computed tag
chachaPoly.computeTag(computedTag, sizeof(computedTag));
for (size_t i = 0; i < sizeof(computedTag); i++) {
Serial.print(computedTag[i], HEX);
Serial.print(" ");
}
Serial.println();
if (!chachaPoly.checkTag(tagPtr, chachaPoly.tagSize())) {
Serial.println("Authentication failed!");
// Serial.print("Tag: ");
// for (size_t i = 0; i < chachaPoly.tagSize(); i++) {
// Serial.print(tagPtr[i], HEX);
// Serial.print(" ");
// }
// Serial.println();
// Serial.print("Computed Tag: ");
// for (size_t i = 0; i < sizeof(computedTag); i++) {
// Serial.print(computedTag[i], HEX);
// Serial.print(" ");
// }
// Serial.println();
///// BEGIN TAG VERIFY
// The crypto library implementation of tag verification crashes.
// Can never match if the expected tag length is too long.
if (chachaPoly.tagSize() > 16) {
Serial.println("[CHACHA] Authentication failed: expected tag length is too long");
output[0] = '\0'; // Set output to an empty string
return;
}
///
// Compute the tag and check it.
bool equal = secure_compare(computedTag, tagPtr, chachaPoly.tagSize());
clean(computedTag);
// Clear the decryption context
if (!equal) {
Serial.println("[CHACHA] Authentication failed!");
output[0] = '\0';
return;
}
///// END TAG VERIFY
output[decryptedLength] = '\0';
chachaPoly.clear();
}

View File

@ -142,7 +142,7 @@ func main() {
return
}
fmt.Println(string(backendResponse[:]))
//fmt.Println(string(backendResponse[:]))
// Encrypt the backend's response.
encryptedBackendResponse, err := encryption.Encrypt(key, backendResponse[:n])