From dd587419c7ae0f351b513822af128eb1d596c5ee Mon Sep 17 00:00:00 2001 From: Jonathan Bennett Date: Mon, 30 Sep 2024 17:06:31 -0500 Subject: [PATCH] Regenerate public key on boot, to avoid accidental mismatch. (#4916) * Regenerate public key on boot, to avoid accidental mismatch. * Fix ifdefs --- src/mesh/NodeDB.cpp | 46 +++++++++++++++++++-------------------------- 1 file changed, 19 insertions(+), 27 deletions(-) diff --git a/src/mesh/NodeDB.cpp b/src/mesh/NodeDB.cpp index 7760ae0e10..36b9f3ff48 100644 --- a/src/mesh/NodeDB.cpp +++ b/src/mesh/NodeDB.cpp @@ -132,39 +132,31 @@ NodeDB::NodeDB() config.security.serial_enabled = config.device.serial_enabled; config.security.is_managed = config.device.is_managed; } -#if !(MESHTASTIC_EXCLUDE_PKI) + +#if !(MESHTASTIC_EXCLUDE_PKI_KEYGEN || MESHTASTIC_EXCLUDE_PKI) + bool keygenSuccess = false; + if (config.security.private_key.size == 32) { + if (crypto->regeneratePublicKey(config.security.public_key.bytes, config.security.private_key.bytes)) { + keygenSuccess = true; + } + } else { + LOG_INFO("Generating new PKI keys\n"); + crypto->generateKeyPair(config.security.public_key.bytes, config.security.private_key.bytes); + keygenSuccess = true; + } + if (keygenSuccess) { + config.security.public_key.size = 32; + config.security.private_key.size = 32; + owner.public_key.size = 32; + memcpy(owner.public_key.bytes, config.security.public_key.bytes, 32); + } +#elif !(MESHTASTIC_EXCLUDE_PKI) // Calculate Curve25519 public and private keys - printBytes("Old Pubkey", config.security.public_key.bytes, 32); if (config.security.private_key.size == 32 && config.security.public_key.size == 32) { - LOG_INFO("Using saved PKI keys\n"); owner.public_key.size = config.security.public_key.size; memcpy(owner.public_key.bytes, config.security.public_key.bytes, config.security.public_key.size); crypto->setDHPrivateKey(config.security.private_key.bytes); - } else { -#if !(MESHTASTIC_EXCLUDE_PKI_KEYGEN) - bool keygenSuccess = false; - if (config.security.private_key.size == 32) { - LOG_INFO("Calculating PKI Public Key\n"); - if (crypto->regeneratePublicKey(config.security.public_key.bytes, config.security.private_key.bytes)) { - keygenSuccess = true; - } - } else { - LOG_INFO("Generating new PKI keys\n"); - crypto->generateKeyPair(config.security.public_key.bytes, config.security.private_key.bytes); - keygenSuccess = true; - } - if (keygenSuccess) { - config.security.public_key.size = 32; - config.security.private_key.size = 32; - printBytes("New Pubkey", config.security.public_key.bytes, 32); - owner.public_key.size = 32; - memcpy(owner.public_key.bytes, config.security.public_key.bytes, 32); - } -#else - LOG_INFO("No PKI keys set, and generation disabled!\n"); -#endif } - #endif info->user = TypeConversions::ConvertToUserLite(owner);