Added support for encrypted messages with the basic meshtastic key
This commit is contained in:
parent
f2d02be6d2
commit
4ebc56f57f
2
.env
2
.env
|
@ -28,3 +28,5 @@ MESH_HIDE_DESTINATION_DATA=false
|
||||||
FILTERED_PORTS=0
|
FILTERED_PORTS=0
|
||||||
## Hide message content in the TEXT_MESSAGE_APP packets (default: true) (Currently we only log message length, if we hide then all messages would have the same length)
|
## Hide message content in the TEXT_MESSAGE_APP packets (default: true) (Currently we only log message length, if we hide then all messages would have the same length)
|
||||||
HIDE_MESSAGE=false
|
HIDE_MESSAGE=false
|
||||||
|
## MQTT server Key for decoding
|
||||||
|
MQTT_SERVER_KEY=1PG7OiApB1nwvP+rz05pAQ==
|
|
@ -9,6 +9,8 @@ services:
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
extra_hosts:
|
extra_hosts:
|
||||||
- "host.docker.internal:host-gateway"
|
- "host.docker.internal:host-gateway"
|
||||||
|
ports:
|
||||||
|
- "9090:9090"
|
||||||
networks:
|
networks:
|
||||||
- mesh-bridge
|
- mesh-bridge
|
||||||
volumes:
|
volumes:
|
||||||
|
|
|
@ -1,9 +1,12 @@
|
||||||
|
import base64
|
||||||
import json
|
import json
|
||||||
import os
|
import os
|
||||||
|
|
||||||
import redis
|
import redis
|
||||||
|
from cryptography.hazmat.backends import default_backend
|
||||||
|
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
|
||||||
from meshtastic.config_pb2 import Config
|
from meshtastic.config_pb2 import Config
|
||||||
from meshtastic.mesh_pb2 import MeshPacket, HardwareModel
|
from meshtastic.mesh_pb2 import MeshPacket, HardwareModel, Data
|
||||||
from meshtastic.portnums_pb2 import PortNum
|
from meshtastic.portnums_pb2 import PortNum
|
||||||
from prometheus_client import CollectorRegistry, Counter, Histogram, Gauge
|
from prometheus_client import CollectorRegistry, Counter, Histogram, Gauge
|
||||||
|
|
||||||
|
@ -116,6 +119,21 @@ class MessageProcessor:
|
||||||
)
|
)
|
||||||
|
|
||||||
def process(self, mesh_packet: MeshPacket):
|
def process(self, mesh_packet: MeshPacket):
|
||||||
|
if getattr(mesh_packet, 'encrypted'):
|
||||||
|
key_bytes = base64.b64decode(os.getenv('MQTT_SERVER_KEY', '1PG7OiApB1nwvP+rz05pAQ==').encode('ascii'))
|
||||||
|
nonce_packet_id = getattr(mesh_packet, "id").to_bytes(8, "little")
|
||||||
|
nonce_from_node = getattr(mesh_packet, "from").to_bytes(8, "little")
|
||||||
|
|
||||||
|
# Put both parts into a single byte array.
|
||||||
|
nonce = nonce_packet_id + nonce_from_node
|
||||||
|
|
||||||
|
cipher = Cipher(algorithms.AES(key_bytes), modes.CTR(nonce), backend=default_backend())
|
||||||
|
decryptor = cipher.decryptor()
|
||||||
|
decrypted_bytes = decryptor.update(getattr(mesh_packet, "encrypted")) + decryptor.finalize()
|
||||||
|
|
||||||
|
data = Data()
|
||||||
|
data.ParseFromString(decrypted_bytes)
|
||||||
|
mesh_packet.decoded.CopyFrom(data)
|
||||||
port_num = int(mesh_packet.decoded.portnum)
|
port_num = int(mesh_packet.decoded.portnum)
|
||||||
payload = mesh_packet.decoded.payload
|
payload = mesh_packet.decoded.payload
|
||||||
|
|
||||||
|
|
|
@ -3,4 +3,4 @@ redis~=5.0.6
|
||||||
python-dotenv~=1.0.1
|
python-dotenv~=1.0.1
|
||||||
meshtastic~=2.3.11
|
meshtastic~=2.3.11
|
||||||
prometheus_client~=0.20.0
|
prometheus_client~=0.20.0
|
||||||
unishox2-py3~=1.0.0
|
cryptography~=42.0.8
|
Loading…
Reference in a new issue