evilsocket/pwnagotchi

mesh protocol is not signed

Open

#530 opened on Nov 5, 2019

View on GitHub
 (3 comments) (0 reactions) (1 assignee)JavaScript (978 forks)batch import
enhancementhelp wanted

Repository metrics

Stars
 (6,243 stars)
PR merge metrics
 (No merged PRs in 30d)

Description

while developing the mesh protocol, i also implemented the signature for the payload so that impersonation/spoofing and in general sending fake data can't be done (relevant for things like #529) ... the idea is that each unit has a list of public keys of friendly units that are authorized to receive signed mesh data from.

The current implementation is however commented:

https://github.com/evilsocket/pwngrid/blob/master/mesh/peer.go#L147 https://github.com/evilsocket/pwngrid/blob/master/mesh/peer.go#L199

because with a signature the payload would become too big for a single frame, and the injection would fail here:

https://github.com/evilsocket/pwngrid/blob/master/mesh/packet_muxer.go#L107

Sending more than one frame is not doable as the interface is hopping unpredictably on the wifi channels.

Ideally we should find a way to use a signature scheme that would generate a small overhead in size, maybe something like BLS.

Contributor guide