Added support for encrypted messages with the basic meshtastic key
This commit is contained in:
parent
f2d02be6d2
commit
4ebc56f57f
4
.env
4
.env
|
@ -27,4 +27,6 @@ MESH_HIDE_DESTINATION_DATA=false
|
|||
## Filtered ports in the exporter (default: 1, can be a comma-separated list of ports)
|
||||
FILTERED_PORTS=0
|
||||
## Hide message content in the TEXT_MESSAGE_APP packets (default: true) (Currently we only log message length, if we hide then all messages would have the same length)
|
||||
HIDE_MESSAGE=false
|
||||
HIDE_MESSAGE=false
|
||||
## MQTT server Key for decoding
|
||||
MQTT_SERVER_KEY=1PG7OiApB1nwvP+rz05pAQ==
|
|
@ -9,6 +9,8 @@ services:
|
|||
restart: unless-stopped
|
||||
extra_hosts:
|
||||
- "host.docker.internal:host-gateway"
|
||||
ports:
|
||||
- "9090:9090"
|
||||
networks:
|
||||
- mesh-bridge
|
||||
volumes:
|
||||
|
|
|
@ -1,9 +1,12 @@
|
|||
import base64
|
||||
import json
|
||||
import os
|
||||
|
||||
import redis
|
||||
from cryptography.hazmat.backends import default_backend
|
||||
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
|
||||
from meshtastic.config_pb2 import Config
|
||||
from meshtastic.mesh_pb2 import MeshPacket, HardwareModel
|
||||
from meshtastic.mesh_pb2 import MeshPacket, HardwareModel, Data
|
||||
from meshtastic.portnums_pb2 import PortNum
|
||||
from prometheus_client import CollectorRegistry, Counter, Histogram, Gauge
|
||||
|
||||
|
@ -116,6 +119,21 @@ class MessageProcessor:
|
|||
)
|
||||
|
||||
def process(self, mesh_packet: MeshPacket):
|
||||
if getattr(mesh_packet, 'encrypted'):
|
||||
key_bytes = base64.b64decode(os.getenv('MQTT_SERVER_KEY', '1PG7OiApB1nwvP+rz05pAQ==').encode('ascii'))
|
||||
nonce_packet_id = getattr(mesh_packet, "id").to_bytes(8, "little")
|
||||
nonce_from_node = getattr(mesh_packet, "from").to_bytes(8, "little")
|
||||
|
||||
# Put both parts into a single byte array.
|
||||
nonce = nonce_packet_id + nonce_from_node
|
||||
|
||||
cipher = Cipher(algorithms.AES(key_bytes), modes.CTR(nonce), backend=default_backend())
|
||||
decryptor = cipher.decryptor()
|
||||
decrypted_bytes = decryptor.update(getattr(mesh_packet, "encrypted")) + decryptor.finalize()
|
||||
|
||||
data = Data()
|
||||
data.ParseFromString(decrypted_bytes)
|
||||
mesh_packet.decoded.CopyFrom(data)
|
||||
port_num = int(mesh_packet.decoded.portnum)
|
||||
payload = mesh_packet.decoded.payload
|
||||
|
||||
|
|
|
@ -3,4 +3,4 @@ redis~=5.0.6
|
|||
python-dotenv~=1.0.1
|
||||
meshtastic~=2.3.11
|
||||
prometheus_client~=0.20.0
|
||||
unishox2-py3~=1.0.0
|
||||
cryptography~=42.0.8
|
Loading…
Reference in a new issue