Allows all 3 PKI keys to be added to userPrefs.h (#4969) and a tool.

bin/base64_to_hex.py

@@ -0,0 +1,33 @@
+import sys
+import base64
+
+def base64_to_hex_string(b64_string):
+    try:
+        # Decode the Base64 string to raw bytes
+        decoded_bytes = base64.b64decode(b64_string)
+    except Exception as e:
+        raise ValueError(f"Invalid Base64 input: {e}")
+
+    # Check if the decoded result is exactly 32 bytes
+    if len(decoded_bytes) != 32:
+        raise ValueError("Decoded Base64 input must be exactly 32 bytes.")
+
+    # Convert each byte to its hex representation
+    hex_values = [f"0x{byte:02x}" for byte in decoded_bytes]
+
+    # Join the formatted hex values with commas
+    formatted_output = "{ " + ", ".join(hex_values) + " };"
+    return formatted_output
+
+if __name__ == "__main__":
+    # Check if a Base64 string was provided in command line arguments
+    if len(sys.argv) != 2:
+        print("Usage: python script.py <base64-string>")
+        sys.exit(1)
+
+    b64_string = sys.argv[1]
+    try:
+        formatted_hex = base64_to_hex_string(b64_string)
+        print(formatted_hex)
+    except ValueError as e:
+        print(e)

src/mesh/NodeDB.cpp

@@ -407,9 +407,30 @@ void NodeDB::installDefaultConfig(bool preserveKey = false)
     config.lora.ignore_mqtt = false;
 #endif
 #ifdef USERPREFS_USE_ADMIN_KEY
-    memcpy(config.security.admin_key[0].bytes, USERPREFS_ADMIN_KEY, 32);
-    config.security.admin_key[0].size = 32;
-    config.security.admin_key_count = 1;
+    // Initialize admin_key_count to zero
+    byte numAdminKeys = 0;
+
+    // Check if USERPREFS_ADMIN_KEY_0 is non-empty
+    if (sizeof(USERPREFS_ADMIN_KEY_0) > 0) {
+        memcpy(config.security.admin_key[numAdminKeys].bytes, USERPREFS_ADMIN_KEY_0, 32);
+        config.security.admin_key[numAdminKeys].size = 32;
+        numAdminKeys++;
+    }
+
+    // Check if USERPREFS_ADMIN_KEY_1 is non-empty
+    if (sizeof(USERPREFS_ADMIN_KEY_1) > 0) {
+        memcpy(config.security.admin_key[numAdminKeys].bytes, USERPREFS_ADMIN_KEY_1, 32);
+        config.security.admin_key[numAdminKeys].size = 32;
+        numAdminKeys++;
+    }
+
+    // Check if USERPREFS_ADMIN_KEY_2 is non-empty
+    if (sizeof(USERPREFS_ADMIN_KEY_2) > 0) {
+        memcpy(config.security.admin_key[config.security.admin_key_count].bytes, USERPREFS_ADMIN_KEY_2, 32);
+        config.security.admin_key[config.security.admin_key_count].size = 32;
+        numAdminKeys++;
+    }
+    config.security.admin_key_count = numAdminKeys;
 #endif
     if (shouldPreserveKey) {
         config.security.private_key.size = 32;

userPrefs.h

@@ -68,11 +68,19 @@ static unsigned char icon_bits[] = {
     0x98, 0x3F, 0xF0, 0x23, 0x00, 0xFC, 0x0F, 0xE0, 0x7F, 0x00, 0xFC, 0x03, 0x80, 0xFF, 0x01, 0xFC, 0x00, 0x00, 0x3E, 0x00, 0x70,
     0x00, 0x00, 0x1C, 0x00, 0x70, 0x00, 0x00, 0x1C, 0x00, 0x70, 0x00, 0x00, 0x1C, 0x00, 0x70, 0x00, 0x00, 0x1C, 0x00};
 */
+
+/*
+ * PKI Admin keys.
+ * If a Admin key is set with '{};'
+ * then it will be ignored, a PKI key must have a size of 32.
+ */
 /*
 #define USERPREFS_USE_ADMIN_KEY 1
-static unsigned char USERPREFS_ADMIN_KEY[] = {0xcd, 0xc0, 0xb4, 0x3c, 0x53, 0x24, 0xdf, 0x13, 0xca, 0x5a, 0xa6,
-                                       0x0c, 0x0d, 0xec, 0x85, 0x5a, 0x4c, 0xf6, 0x1a, 0x96, 0x04, 0x1a,
-                                       0x3e, 0xfc, 0xbb, 0x8e, 0x33, 0x71, 0xe5, 0xfc, 0xff, 0x3c};
+static unsigned char USERPREFS_ADMIN_KEY_0[] = {0xcd, 0xc0, 0xb4, 0x3c, 0x53, 0x24, 0xdf, 0x13, 0xca, 0x5a, 0xa6,
+                                                0x0c, 0x0d, 0xec, 0x85, 0x5a, 0x4c, 0xf6, 0x1a, 0x96, 0x04, 0x1a,
+                                                0x3e, 0xfc, 0xbb, 0x8e, 0x33, 0x71, 0xe5, 0xfc, 0xff, 0x3c};
+static unsigned char USERPREFS_ADMIN_KEY_1[] = {};
+static unsigned char USERPREFS_ADMIN_KEY_2[] = {};
 */
 
 /*