Allow set prv.key over LoRa, clear ACL and validate key #1457
Conversation
|
Wondering if we should update the identity file, but not the in memory identity until a reboot? This would allow the user to replay the request until they get an OK response. Also potentially have the response include the new public key so the app could auto add as a new contact? I'm currently away, so just throwing out quick notes :) |
Yes, I like that idea |
|
Sounds good to me, I'll whip it up soon when I'm back at the desk. |
|
@ripplebiz @liamcottle It's not as straightforward as I thought, the problem is that the key is updated on disk and in memory at the same time by MyMesh::saveIdentity(). It would mean changing that to allow the option to only update on disk, and boot time logic to detect (somehow) that the key has changed and that we need to clear the ACL now. Is the outgoing advert with the new key not enough of a signal that it worked? I'll have a think about what other options there might be, maybe a flag to delay the rekeying until after the reply is sent? |
You could just remove the: in saveIdentity(). Looks like CommonCLI is only one using this method. So could change the method to just save to file, and not the 'live' identity |
|
Ok, this is ready to go. One question though, do we want to keep the refactoring of ClientACL and passing it to CommonCLI? It's not necessary anymore because the acl.clear() call has moved to MyMesh/SensorMesh but if we keep it then we could move the setperm and get acl handling from MyMesh::handleCommand() into CommonCLI::handleCommand(). |
oltaco
force-pushed
the
remote-set-prvkey
branch
2 times, most recently
from
f6a1f4d to
3399497
Compare
|
Just had another quick skim, looks like it would still reboot right away, and we wouldn't be able to replay the request over and over to get a reply. I feel this will be problematic for the app side. I personally think we should force a manual reboot after changing identity file. Similar to how it's done for radio settings changes for repeaters. You change them, you get confirmation (maybe after multiple attempts), then you manually reboot to load those new settings. Currently if I we send a request, the board might accept the command, rekey, send ok response, then reboot. But we may never get the reply due to multi hop issues, and maybe never get the flood advert on boot either. I think we need to keep in mind the potential for nodes to have boot adverts disabled. The app ideally needs to get that new public key from the response, so being able to replay is important. Otherwise the app side would need to implement the ed25519 code as well, to be able to derive the public key from the private key. Some might argue you don't need the public key in the response if you just provided the private key... I was actually thinking about this for the app, where the app could allow the user to generate privates until they find a selected public key prefix they like. Similar to the online tools, but since it's embedded in the app, it would be useable offline. This leads me to another fun side quest... I want to bring up this older issue and PR:
We currently throw away the seed when generating the private key, and once it's been put through sha512, it's impossible to retrieve the seed in the future. Most modern libs use the 32 byte seed value, instead of the 64 byte sha512 expanded private key version. Which means interacting with identity keys is a bit painful outside of MeshCore. I wonder if we are working on these new CLI commands, we might as well tackle this issue about the seed at the same time. Then we could just send a 32 byte private seed over the CLI, instead of the 64 byte expanded private key. If the user is performing a rekey, this would force them into the new format that's compatible across mainstream encryption libraries. Just a few thoughts to ponder :) |
|
Yep I get where you're coming from, the problem is still how do you know to clear the ACL on boot because the key has changed? You could write a file of course but I was really trying to avoid touching the filesystem 😂 I don't really know why we care about the reflection of the pubkey, because to me the fact that you're changing the private key implies that you're asking for a specific pubkey prefix so you already know what the pubkey will be because you generated for that reason.
|
Fair enough :) I still think having the ability to receive an OK response to confirm it actually happened is good. But I can probably live with it if it's too annoying to implement... I'm just thinking about the flow in the app side. There needs to be a way to tell the user it was successful. Otherwise they'll sit there clicking the button, and never get a reply, because it was successful, and now the keys have changed.
What about regenerating the That way if you had manually added a bunch of users to ACL without them needing a password, you wouldn't have to add them all back again. I guess the trade off here is now you need to do this on every reboot... Maybe could just check if one is invalid, and regenerate all shared secrets in that case... Similar to how
Yeah, ed25519 seeds are 32 bytes, and public keys are also 32 bytes. The seed gets sha512 hashed, along with a few other adjustments, to create the 64 byte expanded private key, which is what we save/use in MeshCore. We only really need to save the 32 byte seed, but we actually compute the 64 byte expanded key, and throw away the original seed. Migrating to a new method that allows you to just pass in the 32 byte seed would mean we store less data in file system, we send less data over LoRa, and it becomes compatible with mainstream encryption libs. The trade off here, is you wouldn't be able to import older identities, since no one has the seed for them. Ideally we move to newer standards, and this might be the way to go about it. |
Separately these days companions just compute |
oltaco
force-pushed
the
remote-set-prvkey
branch
from
3399497 to
96ef5e5
Compare
|
Ok, following discussion with @liamcottle I've made the changes, now upon I have left the CommonCLI/ClientACL refactor that allows access to ClientACL functions from CommonCLI in place, in case we want to move those command handlers out of MyMesh and into CommonCLI, what do you think @ripplebiz? I also left the now unused ClientACL::clear() function in just in case we want to wire that up to a command to easily clear out the ACL in one go, but it can be just as easily removed if that's desired. Once this is merged I think we should seriously consider moving towards seed instead of expanded private key as @liamcottle suggested. |
|
Looking good thanks! I'll load this on a few devices and give it a proper test. Keeping Keen to look at adding a new |
|
Tested rekeying of repeaters via companion over LoRa. All is working. Ran Then sent Looks good to me! |
3 participants
Allows setting the private key for repeaters, room servers and sensors over LoRa via the
set prv.keyCLI command. The ACL is cleared when the key changes to remove invalid shared secrets, and the key is validated before being applied.Note: After changing the private key, the device will reply with the new public key before rebooting.
Changes:
_fsreferenceClientACL&for use byset prv.keyClientACL::clear()functionLocalIdentity::validatePrivateKey()functionset prv.keynow clears the ACL and is available over the meshTested on: