* Mesh::onAnonDataRecv() slight optimisation, so that shared-secret calc doesn't need to be repeated

* SensporMesh: req_type now optionally encoded in anon_req payload (so can send various requests without a prior login)
11 months ago · 810b1f8fe7
6 changed files with 76 additions and 60 deletions
--- a/examples/simple_repeater/main.cpp
+++ b/examples/simple_repeater/main.cpp
@ -149,7 +149,6 @@ class MyMesh : public mesh::Mesh, public CommonCLICallbacks {
    oldest->id = id;
    oldest->out_path_len = -1;  // initially out_path is unknown
    oldest->last_timestamp = 0;
-    self_id.calcSharedSecret(oldest->secret, id);   // calc ECDH shared secret
    return oldest;
  }

@ -341,8 +340,8 @@ protected:
    return ((int)_prefs.agc_reset_interval) * 4000;   // milliseconds
  }

-  void onAnonDataRecv(mesh::Packet* packet, uint8_t type, const mesh::Identity& sender, uint8_t* data, size_t len) override {
-    if (type == PAYLOAD_TYPE_ANON_REQ) {  // received an initial request by a possible admin client (unknown at this stage)
+  void onAnonDataRecv(mesh::Packet* packet, const uint8_t* secret, const mesh::Identity& sender, uint8_t* data, size_t len) override {
+    if (packet->getPayloadType() == PAYLOAD_TYPE_ANON_REQ) {  // received an initial request by a possible admin client (unknown at this stage)
      uint32_t timestamp;
      memcpy(&timestamp, data, 4);

@ -369,6 +368,7 @@ protected:
      client->last_timestamp = timestamp;
      client->last_activity = getRTCClock()->getCurrentTime();
      client->is_admin = is_admin;
+      memcpy(client->secret, secret, PUB_KEY_SIZE);

      uint32_t now = getRTCClock()->getCurrentTimeUnique();
      memcpy(reply_data, &now, 4);   // response packets always prefixed with timestamp
--- a/examples/simple_room_server/main.cpp
+++ b/examples/simple_room_server/main.cpp
@ -188,7 +188,6 @@ class MyMesh : public mesh::Mesh, public CommonCLICallbacks {
    newClient->id = id;
    newClient->out_path_len = -1;  // initially out_path is unknown
    newClient->last_timestamp = 0;
-    self_id.calcSharedSecret(newClient->secret, id);   // calc ECDH shared secret
    return newClient;
  }

@ -432,8 +431,8 @@ protected:
    return true;
  }

-  void onAnonDataRecv(mesh::Packet* packet, uint8_t type, const mesh::Identity& sender, uint8_t* data, size_t len) override {
-    if (type == PAYLOAD_TYPE_ANON_REQ) {  // received an initial request by a possible admin client (unknown at this stage)
+  void onAnonDataRecv(mesh::Packet* packet, const uint8_t* secret, const mesh::Identity& sender, uint8_t* data, size_t len) override {
+    if (packet->getPayloadType() == PAYLOAD_TYPE_ANON_REQ) {  // received an initial request by a possible admin client (unknown at this stage)
      uint32_t sender_timestamp, sender_sync_since;
      memcpy(&sender_timestamp, data, 4);
      memcpy(&sender_sync_since, &data[4], 4);  // sender's "sync messags SINCE x" timestamp
@ -465,6 +464,7 @@ protected:
      client->sync_since = sender_sync_since;
      client->pending_ack = 0;
      client->push_failures = 0;
+      memcpy(client->secret, secret, PUB_KEY_SIZE);

      uint32_t now = getRTCClock()->getCurrentTime();
      client->last_activity = now;
--- a/examples/simple_sensor/SensorMesh.cpp
+++ b/examples/simple_sensor/SensorMesh.cpp
@ -46,6 +46,7 @@

 /* ------------------------------ Code -------------------------------- */

+#define REQ_TYPE_LOGIN               0x00
 #define REQ_TYPE_GET_STATUS          0x01
 #define REQ_TYPE_KEEP_ALIVE          0x02
 #define REQ_TYPE_GET_TELEMETRY_DATA  0x03
@ -139,12 +140,10 @@ void SensorMesh::saveContacts() {
  }
 }

-int SensorMesh::handleRequest(ContactInfo& sender, uint32_t sender_timestamp, uint8_t* payload, size_t payload_len) {
-  // uint32_t now = getRTCClock()->getCurrentTimeUnique();
-  // memcpy(reply_data, &now, 4);   // response packets always prefixed with timestamp
+uint8_t SensorMesh::handleRequest(bool is_admin, uint32_t sender_timestamp, uint8_t req_type, uint8_t* payload, size_t payload_len) {
  memcpy(reply_data, &sender_timestamp, 4);   // reflect sender_timestamp back in response packet (kind of like a 'tag')

-  switch (payload[0]) {
+  switch (req_type) {
    case REQ_TYPE_GET_TELEMETRY_DATA: {
      telemetry.reset();
      telemetry.addVoltage(TELEM_CHANNEL_SELF, (float)board.getBattMilliVolts() / 1000.0f);
@ -253,63 +252,79 @@ int SensorMesh::getAGCResetInterval() const {
  return ((int)_prefs.agc_reset_interval) * 4000;   // milliseconds
 }

-void SensorMesh::onAnonDataRecv(mesh::Packet* packet, uint8_t type, const mesh::Identity& sender, uint8_t* data, size_t len) {
-  if (type == PAYLOAD_TYPE_ANON_REQ) {  // received an initial request by a possible admin client (unknown at this stage)
+uint8_t SensorMesh::handleLoginReq(const mesh::Identity& sender, const uint8_t* secret, uint32_t sender_timestamp, const uint8_t* data) {
+  bool is_admin;
+  if (strcmp((char *) data, _prefs.password) == 0) {  // check for valid password
+    is_admin = true;
+  } else if (strcmp((char *) data, _prefs.guest_password) == 0) {  // check guest password
+    is_admin = false;
+  } else {
+  #if MESH_DEBUG
+    MESH_DEBUG_PRINTLN("Invalid password: %s", &data[4]);
+  #endif
+    return 0;
+  }
+
+  auto client = putContact(sender);  // add to contacts (if not already known)
+  if (sender_timestamp <= client->last_timestamp) {
+    MESH_DEBUG_PRINTLN("Possible login replay attack!");
+    return 0;  // FATAL: client table is full -OR- replay attack
+  }
+
+  MESH_DEBUG_PRINTLN("Login success!");
+  client->last_timestamp = sender_timestamp;
+  client->last_activity = getRTCClock()->getCurrentTime();
+  client->type = is_admin ? 1 : 0;
+  memcpy(client->shared_secret, secret, PUB_KEY_SIZE);
+
+  if (is_admin) {
+    // only need to saveContacts() if this is an admin
+    dirty_contacts_expiry = futureMillis(LAZY_CONTACTS_WRITE_DELAY);
+  }
+
+  uint32_t now = getRTCClock()->getCurrentTimeUnique();
+  memcpy(reply_data, &now, 4);   // response packets always prefixed with timestamp
+  reply_data[4] = RESP_SERVER_LOGIN_OK;
+  reply_data[5] = 0;  // NEW: recommended keep-alive interval (secs / 16)
+  reply_data[6] = client->type;
+  reply_data[7] = 0;  // FUTURE: reserved
+  getRNG()->random(&reply_data[8], 4);   // random blob to help packet-hash uniqueness
+
+  return 12;  // reply length
+}
+
+void SensorMesh::onAnonDataRecv(mesh::Packet* packet, const uint8_t* secret, const mesh::Identity& sender, uint8_t* data, size_t len) {
+  if (packet->getPayloadType() == PAYLOAD_TYPE_ANON_REQ) {  // received an initial request by a possible admin client (unknown at this stage)
    uint32_t timestamp;
    memcpy(&timestamp, data, 4);

-    bool is_admin;
    data[len] = 0;  // ensure null terminator
-    if (strcmp((char *) &data[4], _prefs.password) == 0) {  // check for valid password
-      is_admin = true;
-    } else if (strcmp((char *) &data[4], _prefs.guest_password) == 0) {  // check guest password
-      is_admin = false;
-    } else {
-    #if MESH_DEBUG
-      MESH_DEBUG_PRINTLN("Invalid password: %s", &data[4]);
-    #endif
-      return;
-    }

-    auto client = putContact(sender);  // add to contacts (if not already known)
-    if (timestamp <= client->last_timestamp) {
-      MESH_DEBUG_PRINTLN("Possible login replay attack!");
-      return;  // FATAL: client table is full -OR- replay attack
+    uint8_t req_code;
+    uint8_t i = 4;
+    if (data[4] < 32) {   // non-print char, is a request code
+      req_code = data[i++];
+    } else {
+      req_code = REQ_TYPE_LOGIN;
    }

-    MESH_DEBUG_PRINTLN("Login success!");
-    client->last_timestamp = timestamp;
-    client->last_activity = getRTCClock()->getCurrentTime();
-    client->type = is_admin ? 1 : 0;
-    self_id.calcSharedSecret(client->shared_secret, client->id);   // calc ECDH shared secret
-
-    if (is_admin) {
-      // only need to saveContacts() if this is an admin
-      dirty_contacts_expiry = futureMillis(LAZY_CONTACTS_WRITE_DELAY);
+    uint8_t reply_len;
+    if (req_code == REQ_TYPE_LOGIN) {
+      reply_len = handleLoginReq(sender, secret, timestamp, &data[i]);
+    } else {
+      reply_len = handleRequest(false, timestamp, req_code, &data[i], len - i);
    }

-    uint32_t now = getRTCClock()->getCurrentTimeUnique();
-    memcpy(reply_data, &now, 4);   // response packets always prefixed with timestamp
-    reply_data[4] = RESP_SERVER_LOGIN_OK;
-    reply_data[5] = 0;  // NEW: recommended keep-alive interval (secs / 16)
-    reply_data[6] = client->type;
-    reply_data[7] = 0;  // FUTURE: reserved
-    getRNG()->random(&reply_data[8], 4);   // random blob to help packet-hash uniqueness
+    if (reply_len == 0) return;   // invalid request

    if (packet->isRouteFlood()) {
      // let this sender know path TO here, so they can use sendDirect(), and ALSO encode the response
-      mesh::Packet* path = createPathReturn(sender, client->shared_secret, packet->path, packet->path_len,
-                                            PAYLOAD_TYPE_RESPONSE, reply_data, 12);
+      mesh::Packet* path = createPathReturn(sender, secret, packet->path, packet->path_len,
+                                            PAYLOAD_TYPE_RESPONSE, reply_data, reply_len);
      if (path) sendFlood(path, SERVER_RESPONSE_DELAY);
    } else {
-      mesh::Packet* reply = createDatagram(PAYLOAD_TYPE_RESPONSE, sender, client->shared_secret, reply_data, 12);
-      if (reply) {
-        if (client->out_path_len >= 0) {  // we have an out_path, so send DIRECT
-          sendDirect(reply, client->out_path, client->out_path_len, SERVER_RESPONSE_DELAY);
-        } else {
-          sendFlood(reply, SERVER_RESPONSE_DELAY);
-        }
-      }
+      mesh::Packet* reply = createDatagram(PAYLOAD_TYPE_RESPONSE, sender, secret, reply_data, reply_len);
+      if (reply) sendFlood(reply, SERVER_RESPONSE_DELAY);
    }
  }
 }
@ -361,7 +376,7 @@ void SensorMesh::onPeerDataRecv(mesh::Packet* packet, uint8_t type, int sender_i
    memcpy(&timestamp, data, 4);

    if (timestamp > from.last_timestamp) {  // prevent replay attacks
-      int reply_len = handleRequest(from, timestamp, &data[4], len - 4);
+      uint8_t reply_len = handleRequest(from.isAdmin(), timestamp, data[4], &data[5], len - 5);
      if (reply_len == 0) return;  // invalid command

      from.last_timestamp = timestamp;
--- a/examples/simple_sensor/SensorMesh.h
+++ b/examples/simple_sensor/SensorMesh.h
@ -103,10 +103,10 @@ protected:
  uint32_t getDirectRetransmitDelay(const mesh::Packet* packet) override;
  int getInterferenceThreshold() const override;
  int getAGCResetInterval() const override;
-  void onAnonDataRecv(mesh::Packet* packet, uint8_t type, const mesh::Identity& sender, uint8_t* data, size_t len) override;
+  void onAnonDataRecv(mesh::Packet* packet, const uint8_t* secret, const mesh::Identity& sender, uint8_t* data, size_t len) override;
  int searchPeersByHash(const uint8_t* hash) override;
  void getPeerSharedSecret(uint8_t* dest_secret, int peer_idx) override;
-  void onAdvertRecv(mesh::Packet* packet, const mesh::Identity& id, uint32_t timestamp, const uint8_t* app_data, size_t app_data_len);
+  void onAdvertRecv(mesh::Packet* packet, const mesh::Identity& id, uint32_t timestamp, const uint8_t* app_data, size_t app_data_len) override;
  void onPeerDataRecv(mesh::Packet* packet, uint8_t type, int sender_idx, const uint8_t* secret, uint8_t* data, size_t len) override;
  bool onPeerPathRecv(mesh::Packet* packet, int sender_idx, const uint8_t* secret, uint8_t* path, uint8_t path_len, uint8_t extra_type, uint8_t* extra, uint8_t extra_len) override;

@ -125,7 +125,8 @@ private:

  void loadContacts();
  void saveContacts();
-  int handleRequest(ContactInfo& sender, uint32_t sender_timestamp, uint8_t* payload, size_t payload_len);
+  uint8_t handleLoginReq(const mesh::Identity& sender, const uint8_t* secret, uint32_t sender_timestamp, const uint8_t* data);
+  uint8_t handleRequest(bool is_admin, uint32_t sender_timestamp, uint8_t req_type, uint8_t* payload, size_t payload_len);
  mesh::Packet* createSelfAdvert();
  ContactInfo* putContact(const mesh::Identity& id);

--- a/src/Mesh.cpp
+++ b/src/Mesh.cpp
@ -181,7 +181,7 @@ DispatcherAction Mesh::onRecvPacket(Packet* pkt) {
          uint8_t data[MAX_PACKET_PAYLOAD];
          int len = Utils::MACThenDecrypt(secret, data, macAndData, pkt->payload_len - i);
          if (len > 0) {  // success!
-            onAnonDataRecv(pkt, pkt->getPayloadType(), sender, data, len);
+            onAnonDataRecv(pkt, secret, sender, data, len);
            pkt->markDoNotRetransmit();
          }
        }
--- a/src/Mesh.h
+++ b/src/Mesh.h
@ -107,10 +107,10 @@ protected:
  /**
   * \brief  A (now decrypted) data packet has been received.
   *         NOTE: these can be received multiple times (per sender/contents), via different routes
-   * \param  type  one of: PAYLOAD_TYPE_ANON_REQ
+   * \param  secret  ECDH shared secret
   * \param  sender  public key provided by sender
  */
-  virtual void onAnonDataRecv(Packet* packet, uint8_t type, const Identity& sender, uint8_t* data, size_t len) { }
+  virtual void onAnonDataRecv(Packet* packet, const uint8_t* secret, const Identity& sender, uint8_t* data, size_t len) { }

  /**
   * \brief  A path TO 'sender' has been received. (also with optional 'extra' data encoded)