Merge branch 'master' into hardware-canary-one

This commit is contained in:
Huston Hedinger 2024-04-26 10:40:13 -06:00 committed by GitHub
commit 67f6d0515a
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
14 changed files with 105 additions and 20 deletions

View file

@ -7,6 +7,19 @@ sidebar_position: 3
description: "Understand Meshtastic's encryption: optional network-wide AES256 security for off-grid communication, ensuring confidentiality against passive eavesdropping." description: "Understand Meshtastic's encryption: optional network-wide AES256 security for off-grid communication, ensuring confidentiality against passive eavesdropping."
--- ---
## Explanation
Meshtastic provides AES256 encryption for the payload of each packet when sending via LoRa, with a different key for each [channel](/docs/configuration/radio/channels/). The [packet header](/docs/overview/mesh-algo/#layer-1-unreliable-zero-hop-messaging) is always sent unencrypted, which allows nodes to relay packets they can't decrypt as well. One can disable this by setting a different [rebroadcast mode](/docs/configuration/radio/device#rebroadcast-mode).
By default you have one primary channel which is encrypted with a simple known key ("AQ=="), so to use proper encryption you **must change** this key first, or create a new channel and share it with the ones you want to communicate with. However, if you don't have the default key, it means you will not be able to communicate with devices that don't have your key.
Direct messages to a specific node (e.g. text, traceroute or position requests) may use any channel you share with the recipient. Namely, the device will use the one where it most recently heard a NodeInfo packet from the recipient on. Client apps will not show messages directed to other nodes, but in principle they could be read by **anyone** who knows the used channel key. This means that if it uses the default key, you have to assume anyone could read your direct messages.
All periodic broadcasts (position, telemetry, etc.) the device sends out itself are sent over the primary channel and thus encrypted with that key.
The device will decrypt the payload before sending it to a client app via BLE, serial, Wi-Fi/Ethernet. For MQTT you can [specify](/docs/configuration/module/mqtt#encryption-enabled) whether you want to send an encrypted or unencrypted payload.
## Comments
Cryptography is tricky, so we've tried to 'simply' apply standard crypto solutions to our implementation. However, the project developers are not cryptography experts. Cryptography is tricky, so we've tried to 'simply' apply standard crypto solutions to our implementation. However, the project developers are not cryptography experts.
@ -33,7 +46,7 @@ Always keep in mind [xkcd's note on encryption](https://xkcd.com/538).
- Consider our existing solution 'alpha' and probably fairly secure against a not particularly aggressive adversary (but we can't yet make a more confident statement). - Consider our existing solution 'alpha' and probably fairly secure against a not particularly aggressive adversary (but we can't yet make a more confident statement).
## Notes for reviewers ### Notes for reviewers
If you are reviewing our implementation, this is a brief statement of our method. If you are reviewing our implementation, this is a brief statement of our method.
@ -46,7 +59,7 @@ If you are reviewing our implementation, this is a brief statement of our method
- Each 16 byte BLOCK for a packet has an incrementing COUNTER. COUNTER starts at zero for the first block of each packet. - Each 16 byte BLOCK for a packet has an incrementing COUNTER. COUNTER starts at zero for the first block of each packet.
- The IV for each block is constructed by concatenating the NONCE as the upper 96 bits of the IV and the COUNTER as the bottom 32 bits. Since our packets are small counter portion will really never be higher than 32 (five bits). - The IV for each block is constructed by concatenating the NONCE as the upper 96 bits of the IV and the COUNTER as the bottom 32 bits. Since our packets are small counter portion will really never be higher than 32 (five bits).
## Comments from reviewer #1 ### Comments from reviewer #1
This reviewer is a cryptography professional, but would like to remain anonymous. We thank them for their comments ;-): This reviewer is a cryptography professional, but would like to remain anonymous. We thank them for their comments ;-):

View file

@ -37,7 +37,7 @@ This layer is conventional non-reliable LoRa packet transmission. A packet gener
| 0x08 | 4 bytes | Integer | Packet Header: The sending node's unique packet ID for this packet. | | 0x08 | 4 bytes | Integer | Packet Header: The sending node's unique packet ID for this packet. |
| 0x0C | 1 byte | Bits | Packet Header: Flags. See the [header flags](#packet-header-flags) for usage. | | 0x0C | 1 byte | Bits | Packet Header: Flags. See the [header flags](#packet-header-flags) for usage. |
| 0x0D | 1 byte | Bits | Packet Header: Channel hash. Used as hint for decryption for the receiver. | | 0x0D | 1 byte | Bits | Packet Header: Channel hash. Used as hint for decryption for the receiver. |
| 0x0E | 2 bytes | Bytes | Packet Header: Padding for memory alignment. | | 0x0E | 2 bytes | Bytes | Packet Header: Reserved for future use. |
| 0x10 | Max. 237 bytes (excl. protobuf overhead) | Bytes | Actual packet data. Unused bytes are not transmitted. | | 0x10 | Max. 237 bytes (excl. protobuf overhead) | Bytes | Actual packet data. Unused bytes are not transmitted. |
#### Packet Header Flags #### Packet Header Flags
@ -47,7 +47,7 @@ This layer is conventional non-reliable LoRa packet transmission. A packet gener
| 0 | 3 | HopLimit (see note in Layer 3) | | 0 | 3 | HopLimit (see note in Layer 3) |
| 3 | 1 | WantAck | | 3 | 1 | WantAck |
| 4 | 1 | ViaMQTT (packet came via MQTT) | | 4 | 1 | ViaMQTT (packet came via MQTT) |
| 5 .. 7 | 3 | Currently unused | | 5 | 3 | HopStart (original HopLimit) |
#### Usage Details #### Usage Details

View file

@ -12,7 +12,12 @@ import Tropho from "/img/enclosures/3dp-tropho-heltec32.webp";
### Heltec LoRa32 v2.1+ Case ### Heltec LoRa32 v2.1+ Case
Download from [Printables](https://www.printables.com/model/118750-heltec-lora-32-case-for-meshtastic) or purchase from the creator's [Etsy Store](https://www.etsy.com/listing/1170868625/meshtastic-heltec-lora-32-case). Download from [Printables](https://www.printables.com/model/118750-heltec-lora-32-case-for-meshtastic) or purchase an already printed case below.
- US
- [QuantumShadow3D](https://www.etsy.com/listing/1170868625/meshtastic-heltec-lora-32-case).
- UK/EU
- [3DChicken](https://3dchicken.co.uk/)
#### Required Hardware #### Required Hardware

View file

@ -10,7 +10,13 @@ sidebar_position: 2
### T-Beam V5 Case ### T-Beam V5 Case
Download from [Printables](https://www.printables.com/model/127253-t-beam-case-for-meshtastic-v5) or purchase from the creator's [Etsy Store](https://www.etsy.com/listing/1173559418/meshtastic-t-beam-case-for-neo-m8n). Download from [Printables](https://www.printables.com/model/127253-t-beam-case-for-meshtastic-v5) or purchase an already printed case below.
Purchase Links:
- US
- [QuantumShadow3D](https://www.etsy.com/listing/1173559418/meshtastic-t-beam-case-for-neo-m8n)
- UK/EU
- [3DChicken](https://3dchicken.co.uk/)
#### Required Hardware #### Required Hardware

View file

@ -16,10 +16,40 @@ them for assistance in getting started or if you're interested in contributing t
organizer with an online presence and wish to be included in this list, please edit this page directly or reach out to organizer with an online presence and wish to be included in this list, please edit this page directly or reach out to
us on [Discord](https://discord.com/invite/ktMAKGBnBs) to add your group. us on [Discord](https://discord.com/invite/ktMAKGBnBs) to add your group.
## Australia
### Tasmania
- [Meshtastic User Group Tasmania](https://www.facebook.com/groups/1556630645195649)
## Canada ## Canada
### Alberta ### Alberta
- [YYC Mesh](https://yycmesh.com/) - [YYC Mesh](https://yycmesh.com/)
- [Mesht Calgary](https://t.me/meshtcalgary)
- [Mesht Alberta](https://t.me/meshtAlta)
### British Columbia
- [Meshtastic BC users group](https://t.me/Mesh_BC)
- [Meshtastic Dawson Creek BC users group](https://t.me/Mesh_BC_Dawson_Creek)
### Manitoba
- [Mesht Manitoba](https://t.me/MeshtManitoba)
### New Brunswick
- [Mesht New Brunswick](https://t.me/MeshtNB)
### Newfoundland
- [Mesht Newfoundland](https://t.me/MeshtNewfoundland)
### Northwest Territories
- [Mesht Northwest Territories](https://t.me/MeshtNWT)
### Nova Scotia
- [Mesht Nova Scotia](https://t.me/MeshtNovaScotia)
### Prince Edward Island
- [Mesht PEI](https://t.me/MeshtPEI)
### Saskatchewan
- [Mesht Saskatchewan](https://t.me/MeshtSaska)
##
## United States ## United States
### Arkansas ### Arkansas
@ -50,7 +80,7 @@ us on [Discord](https://discord.com/invite/ktMAKGBnBs) to add your group.
- [Michigan Meshtastic Network](https://discord.gg/3A5RREcBcc) - [Michigan Meshtastic Network](https://discord.gg/3A5RREcBcc)
### Oklahoma ### Oklahoma
- [Oklahoma Meshtastic Group] (https://www.facebook.com/groups/942404880478488) - [Oklahoma Meshtastic Group](https://www.facebook.com/groups/942404880478488)
### Texas ### Texas
- [Austin Mesh](https://austinmesh.org/) - [Austin Mesh](https://austinmesh.org/)

View file

@ -37,6 +37,8 @@ MQTT password to use (most useful for a custom MQTT server). If using a custom s
Whether to send encrypted or unencrypted packets to MQTT. This parameter is only honored if you also set server (the default official mqtt.meshtastic.org server can handle encrypted packets). Unencrypted packets may be useful for external systems that want to consume meshtastic packets. Whether to send encrypted or unencrypted packets to MQTT. This parameter is only honored if you also set server (the default official mqtt.meshtastic.org server can handle encrypted packets). Unencrypted packets may be useful for external systems that want to consume meshtastic packets.
Note: All messages are sent to the MQTT broker unencrypted if this option is not enabled, even when your uplink channels have encryption keys set.
### JSON Enabled ### JSON Enabled
:::note :::note

View file

@ -189,7 +189,7 @@ meshtastic --set store_forward.records 100
#### Web #### Web
:::info :::info
Store and Forward configuration is not currently available via the web client. All Store & Forward module config options are available in the Web UI at Config > Module Config > S&F.
::: :::
</TabItem> </TabItem>

View file

@ -70,7 +70,7 @@ The heading can be hard to read when 'INVERTED' or 'TWOCOLOR' display mode is us
### Wake on Tap or Motion ### Wake on Tap or Motion
This option enables the ability to wake the device screen when motion, such as a tap on the device, is detected via an attached accelerometer. This option enables the ability to wake the device screen when motion, such as a tap on the device, is detected via an attached accelerometer, or a capacitive touch button.
## Display Config Client Availability ## Display Config Client Availability

View file

@ -16,7 +16,8 @@ values={[
{label: 'GPS Module', value: 'GPS'}, {label: 'GPS Module', value: 'GPS'},
{label: 'Buzzer', value: 'Buzzer'}, {label: 'Buzzer', value: 'Buzzer'},
{label: 'I/O Module', value: 'IO'}, {label: 'I/O Module', value: 'IO'},
{label: 'Environmental Sensors', value:'Sensors'} {label: 'Environmental Sensors', value:'Sensors'},
{label: 'RTC Module', value:'RTC'}
]}> ]}>
<TabItem value="GPS"> <TabItem value="GPS">
@ -142,5 +143,19 @@ The [RAK1906 Environment Sensor](https://store.rakwireless.com/products/rak1906-
- [RAK Wireless RAK1906](https://store.rakwireless.com/products/rak1906-bme680-environment-sensor) - [RAK Wireless RAK1906](https://store.rakwireless.com/products/rak1906-bme680-environment-sensor)
</TabItem> </TabItem>
<TabItem value="RTC">
## RTC Module
The [RAK12002 WisBlock RTC Module](https://store.rakwireless.com/products/rtc-module-rak12002) is a real-time-clock with a supercapacitor backup, allowing a node to maintain the correct time across reboots and for up to seven days without power. It operates on a crystal oscilator and communicates via the i2c interface. The module can be inserted into slots A, B or C (some users have reported issues with slot D) and is plug and play - no settings are required.
### Resources
- [RAK Documentation Center RAK12002](https://docs.rakwireless.com/Product-Categories/WisBlock/RAK12002/Overview/)
- Purchase Links:
- US
- [Rokland](https://store.rokland.com/products/rak-wireless-rak12002-rtc-module-micro-crystal-rv-3028-c7-pid-100032)
- International
- [RAK Wireless](https://store.rakwireless.com/products/rtc-module-rak12002)
</TabItem>
</Tabs> </Tabs>

View file

@ -7,14 +7,22 @@ sidebar_position: 1
## Functionality ## Functionality
- **Capacitive Touch Button (Top):** - **Capacitive Touch Button (Top):**<br />
- **Short press:** Updates the e-ink display. *If "Wake on Tap or Motion" setting enabled:*
- **Touch:**
- Update the display
- *(at screensaver)* Wake the display.
- **Reset Button (Button 1):** - **Reset Button (Button 1):**
- **Single press:** Resets the device. - **Single press:** Power-on / reboot.
- **Double press:** Puts the device into bootloader mode which allows you to update the firmware. - **Double press:** Enter bootloader mode, for firmware update.
- **Program/Power Button (Button 2):** - **Program Button (Button 2):**
- **Single press:** Changes the information page displayed on the device's screen. - **Single press:**
- **Double press:** Turns the screen backlight on/off and sends an adhoc ping of the device's position to the network. - Display next page of information.
- **Long press:** Signals the device to shutdown after 5 seconds. - *(at screensaver)* Wake the display.
- *(when off)* Enter bootloader mode, for firmware update.
- **Double press:** Send an "adhoc ping": announce device to network.
- ** 3x press:** Enable / disable GPS.
- ** 4x press:** Enable / disable display's backlight.
- **Hold:** Shutdown.
![TechoButtons](/img/hardware/t-echo-lilygo.webp) ![TechoButtons](/img/hardware/t-echo-lilygo.webp)

View file

@ -2,6 +2,7 @@
id: privacy id: privacy
title: Meshtastic privacy policy title: Meshtastic privacy policy
sidebar_label: Privacy sidebar_label: Privacy
custom_edit_url: null
sidebar_position: 2 sidebar_position: 2
--- ---

View file

@ -31,7 +31,12 @@ export default function NotFoundContent({ className }) {
original URL and let them know their link is broken. original URL and let them know their link is broken.
</Translate> </Translate>
</p> </p>
<img src="/design/chirpy.png" alt="Chirpy" /> <img
src="/design/chirpy/chirpy.png"
alt="Chirpy"
className={clsx("col col--6 col--offset-3")}
style={{ maxWidth: "300px" }}
/>
</div> </div>
</div> </div>
</main> </main>

@ -1 +1 @@
Subproject commit 2865a55d39dea5f6d9f2c09ac1ec485666a833da Subproject commit eeddd10c108f1516e6e0c878fbaa8ed40a4d279d

Binary file not shown.

Before

Width:  |  Height:  |  Size: 44 KiB

After

Width:  |  Height:  |  Size: 16 KiB