arduino/esp8266
1
0
Fork 0
mirror of https://github.com/esp8266/Arduino.git synced 2025-04-21 10:26:06 +03:00
Code
esp8266/libraries/ESP8266WiFiMesh/src/EncryptedConnectionData.cpp
Anders f059e57322 - Use the new Crypto, TypeConversion and random() functionality added to the Arduino core, instead of the versions local to the mesh library. 
- Rearrange class variables to minimize storage padding.

- Add protected getters for EspnowMeshBackend and MeshBackendBase components.

- Partially update README.md
2020-05-18 22:09:34 +02:00

187 lines
7.0 KiB
C++
Raw Blame History

/*
* Copyright (C) 2019 Anders Löfgren
*
* License (MIT license):
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
#include "EncryptedConnectionData.h"
#include "UtilityFunctions.h"
#include "TypeConversionFunctions.h"
#include "JsonTranslator.h"
#include "MeshCryptoInterface.h"
#include "Serializer.h"
namespace
{
using EspnowProtocolInterpreter::hashKeyLength;
namespace TypeCast = MeshTypeConversionFunctions;
}
EncryptedConnectionData::EncryptedConnectionData(const uint8_t peerStaMac[6], const uint8_t peerApMac[6], const uint64_t peerSessionKey, const uint64_t ownSessionKey, const uint8_t hashKey[hashKeyLength])
: _peerSessionKey(peerSessionKey), _ownSessionKey(ownSessionKey)
{
std::copy_n(peerStaMac, 6, _peerStaMac);
std::copy_n(peerApMac, 6, _peerApMac);
std::copy_n(hashKey, hashKeyLength, _hashKey);
}
EncryptedConnectionData::EncryptedConnectionData(const uint8_t peerStaMac[6], const uint8_t peerApMac[6], const uint64_t peerSessionKey, const uint64_t ownSessionKey, const uint32_t duration, const uint8_t hashKey[hashKeyLength])
: EncryptedConnectionData(peerStaMac, peerApMac, peerSessionKey, ownSessionKey, hashKey)
{
setRemainingDuration(duration);
}
EncryptedConnectionData::EncryptedConnectionData(const EncryptedConnectionData &other)
: _peerSessionKey(other.getPeerSessionKey()), _ownSessionKey(other.getOwnSessionKey()),
_timeTracker(other.temporary() ? new ExpiringTimeTracker(*other.temporary()) : nullptr),
_desync(other.desync())
{
other.getPeerStaMac(_peerStaMac);
other.getPeerApMac(_peerApMac);
other.getHashKey(_hashKey);
}
EncryptedConnectionData & EncryptedConnectionData::operator=(const EncryptedConnectionData &other)
{
if(this != &other)
{
other.getPeerStaMac(_peerStaMac);
other.getPeerApMac(_peerApMac);
_peerSessionKey = other.getPeerSessionKey();
_ownSessionKey = other.getOwnSessionKey();
other.getHashKey(_hashKey);
_desync = other.desync();
_timeTracker = std::unique_ptr<ExpiringTimeTracker>(other.temporary() ? new ExpiringTimeTracker(*other.temporary()) : nullptr);
}
return *this;
}
uint8_t *EncryptedConnectionData::getEncryptedPeerMac(uint8_t *resultArray) const
{
return getPeerStaMac(resultArray);
}
uint8_t *EncryptedConnectionData::getUnencryptedPeerMac(uint8_t *resultArray) const
{
return getPeerApMac(resultArray);
}
uint8_t *EncryptedConnectionData::getPeerStaMac(uint8_t *resultArray) const
{
std::copy_n(_peerStaMac, 6, resultArray);
return resultArray;
}
uint8_t *EncryptedConnectionData::getPeerApMac(uint8_t *resultArray) const
{
std::copy_n(_peerApMac, 6, resultArray);
return resultArray;
}
void EncryptedConnectionData::setPeerApMac(const uint8_t *peerApMac)
{
std::copy_n(peerApMac, 6, _peerApMac);
}
bool EncryptedConnectionData::connectedTo(const uint8_t *peerMac) const
{
if(MeshUtilityFunctions::macEqual(peerMac, _peerStaMac) || MeshUtilityFunctions::macEqual(peerMac, _peerApMac))
{
return true;
}
return false;
}
void EncryptedConnectionData::setHashKey(const uint8_t hashKey[hashKeyLength])
{
assert(hashKey != nullptr);
std::copy_n(hashKey, hashKeyLength, _hashKey);
}
uint8_t *EncryptedConnectionData::getHashKey(uint8_t *resultArray) const
{
std::copy_n(_hashKey, hashKeyLength, resultArray);
return resultArray;
}
void EncryptedConnectionData::setPeerSessionKey(const uint64_t sessionKey) { _peerSessionKey = sessionKey; }
uint64_t EncryptedConnectionData::getPeerSessionKey() const { return _peerSessionKey; }
void EncryptedConnectionData::setOwnSessionKey(const uint64_t sessionKey) { _ownSessionKey = sessionKey; }
uint64_t EncryptedConnectionData::getOwnSessionKey() const { return _ownSessionKey; }
uint64_t EncryptedConnectionData::incrementSessionKey(const uint64_t sessionKey, const uint8_t *hashKey, const uint8_t hashKeyLength)
{
uint8_t inputArray[8] {0};
uint8_t hmacArray[experimental::crypto::SHA256::NATURAL_LENGTH] {0};
experimental::crypto::SHA256::hmac(TypeCast::uint64ToUint8Array(sessionKey, inputArray), 8, hashKey, hashKeyLength, hmacArray, experimental::crypto::SHA256::NATURAL_LENGTH);
/* HMAC truncation should be OK since hmac sha256 is a PRF and we are truncating to the leftmost (MSB) bits.
PRF: https://crypto.stackexchange.com/questions/26410/whats-the-gcm-sha-256-of-a-tls-protocol/26434#26434
Truncate to leftmost bits: https://tools.ietf.org/html/rfc2104#section-5 */
uint64_t newLeftmostBits = TypeCast::uint8ArrayToUint64(hmacArray) & EspnowProtocolInterpreter::uint64LeftmostBits;
if(newLeftmostBits == 0)
newLeftmostBits = ((uint64_t)ESP.random() | (1 << 31)) << 32; // We never want newLeftmostBits == 0 since that would indicate an unencrypted transmission.
uint64_t newRightmostBits = (uint32_t)(sessionKey + 1);
return newLeftmostBits | newRightmostBits;
}
void EncryptedConnectionData::incrementOwnSessionKey()
{
setOwnSessionKey(incrementSessionKey(getOwnSessionKey(), _hashKey, EspnowProtocolInterpreter::hashKeyLength));
}
void EncryptedConnectionData::setDesync(const bool desync) { _desync = desync; }
bool EncryptedConnectionData::desync() const { return _desync; }
String EncryptedConnectionData::serialize() const
{
return Serializer:: serializeEncryptedConnection((temporary() ? String(temporary()->remainingDuration()) : emptyString), String(desync()), TypeCast::uint64ToString(getOwnSessionKey()),
TypeCast::uint64ToString(getPeerSessionKey()), TypeCast::macToString(_peerStaMac), TypeCast::macToString(_peerApMac));
}
const ExpiringTimeTracker *EncryptedConnectionData::temporary() const
{
return _timeTracker.get();
}
void EncryptedConnectionData::setRemainingDuration(const uint32_t remainingDuration)
{
if(!_timeTracker)
{
_timeTracker = std::unique_ptr<ExpiringTimeTracker>(new ExpiringTimeTracker(remainingDuration)); // TODO: Change to std::make_unique<ExpiringTimeTracker>(remainingDuration); once compiler fully supports C++14
}
else
{
_timeTracker->setRemainingDuration(remainingDuration);
}
}
void EncryptedConnectionData::removeDuration()
{
_timeTracker = nullptr;
}
View Git Blame Copy Permalink