Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sending encrypted ESP-NOW #1

Open
ChuckMash opened this issue Sep 4, 2024 · 4 comments
Open

Sending encrypted ESP-NOW #1

ChuckMash opened this issue Sep 4, 2024 · 4 comments
Labels
enhancement New feature or request

Comments

@ChuckMash
Copy link
Owner

ChuckMash commented Sep 4, 2024
edited
Loading

ESPythoNOW does not currently support the encryption method optionally used with ESP-NOW.

According to the documentation

  • Uses the CCMP method, which is described in IEEE Std. 802.11-2012, to protect the vendor-specific action frame.
  • The lengths of both PMK and LMK are 16 bytes.
  • PMK is used to encrypt LMK with the AES-128 algorithm.
@ChuckMash ChuckMash added enhancement New feature or request help wanted Extra attention is needed labels Sep 4, 2024
@ChuckMash ChuckMash pinned this issue Sep 6, 2024
@ChuckMash ChuckMash added enhancement New feature or request Fixed/Solved Future Update and removed enhancement New feature or request help wanted Extra attention is needed Fixed/Solved Future Update labels Sep 10, 2024
@ChuckMash
Copy link
Owner Author

ChuckMash commented Sep 13, 2024
edited
Loading

Receiving encrypted ESP-NOW messages is now supported, but sending is not yet.

Possibly related to needing AAD/MIC calculation.

AAD/MIC may also benefit validating received encrypted messages.

@ChuckMash ChuckMash reopened this Sep 13, 2024
@ChuckMash ChuckMash changed the title Implement ESP-NOW encryption Sending encrypted ESP-NOW Sep 13, 2024
@ChuckMash
Copy link
Owner Author

ChuckMash commented Sep 16, 2024
edited
Loading

If the issue is the 8 byte MIC validation, it is made worse by the failing the validation check of received messages.

def callback(from_mac, to_mac, msg):
  packet = espnow.packet

  nonce = b'\x00'+bytes.fromhex(from_mac.replace(':',''))+struct.pack("BBBBBB",packet.PN5,packet.PN4,packet.PN3,packet.PN2,packet.PN1,packet.PN0)
  cipher = AES.new(espnow.key, AES.MODE_CCM, nonce, mac_len=8)

  try:
    data = cipher.decrypt_and_verify(packet.data[:-8], packet.data[-8:]) # does not validate
    print("success")
  except Exception as e:
    print("Error decrypting:",e)

If a solution is found to calculate MIC and validate correctly for receiving encrypted messages, it will be a big help for generating the MIC for sending encrypted messages.

CCMP documentation suggests the MIC is calculated/validated with AES CBC apart from the message itself encrypted with CCM

@ChuckMash
Copy link
Owner Author

ChuckMash commented Sep 17, 2024
edited
Loading

Compiled ESP-IDF from source with modified debug and ccmp.c to track through AAD and MIC.
Unable to see output of DEBUG statements in ccmp.c.

@ChuckMash
Copy link
Owner Author

ChuckMash commented Sep 17, 2024
edited
Loading

List of potentially helpful links found so far.
This comment will be updated

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ChuckMash