mirror
/
meshtastic-firmware
kopia lustrzana https://github.com/meshtastic/firmware
1
0
Forkuj 1
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność

Just a bit of security hygiene. (#4313) 

* Make sure to call randomSeed() on esp32

* Randomize the top 22 bits of the Message ID

* Make it clear that we are not calling randomSeed() on purpose

---------

Co-authored-by: Ben Meadors <benmmeadors@gmail.com>
pull/4153/head^2
Jonathan Bennett 2024-07-23 11:52:14 -05:00 zatwierdzone przez GitHub
rodzic e27375d331
commit 300c3d32aa
Nie znaleziono w bazie danych klucza dla tego podpisu
ID klucza GPG: B5690EEEBB952194
2 zmienionych plików z 12 dodań i 7 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

15
src/mesh/Router.cpp
Wyświetl plik

@ -92,22 +92,23 @@ void Router::enqueueReceivedMessage(meshtastic_MeshPacket *p)
// FIXME, move this someplace better
PacketId generatePacketId()
{
static uint32_t i; // Note: trying to keep this in noinit didn't help for working across reboots
static uint32_t rollingPacketId; // Note: trying to keep this in noinit didn't help for working across reboots
static bool didInit = false;
uint32_t numPacketId = UINT32_MAX;
if (!didInit) {
didInit = true;
// pick a random initial sequence number at boot (to prevent repeated reboots always starting at 0)
// Note: we mask the high order bit to ensure that we never pass a 'negative' number to random
i = random(numPacketId & 0x7fffffff);
LOG_DEBUG("Initial packet id %u, numPacketId %u\n", i, numPacketId);
rollingPacketId = random(UINT32_MAX & 0x7fffffff);
LOG_DEBUG("Initial packet id %u\n", rollingPacketId);
}
i++;
PacketId id = (i % numPacketId) + 1; // return number between 1 and numPacketId (ie - never zero)
rollingPacketId++;
rollingPacketId &= UINT32_MAX >> 22; // Mask out the top 22 bits
PacketId id = rollingPacketId | random(UINT32_MAX & 0x7fffffff) << 10; // top 22 bits
LOG_DEBUG("Partially randomized packet id %u\n", id);
return id;
}

4
src/platform/esp32/main-esp32.cpp
Wyświetl plik

@ -91,8 +91,12 @@ void enableSlowCLK()
void esp32Setup()
{
/* We explicitly don't want to do call randomSeed,
// as that triggers the esp32 core to use a less secure pseudorandom function.
uint32_t seed = esp_random();
LOG_DEBUG("Setting random seed %u\n", seed);
randomSeed(seed);
*/
LOG_DEBUG("Total heap: %d\n", ESP.getHeapSize());
LOG_DEBUG("Free heap: %d\n", ESP.getFreeHeap());