mesh protocol is not signed · evilsocket/pwnagotchi#530

(3 comments) (0 reactions) (1 assignee)JavaScript (6,243 stars) (978 forks)batch import

enhancementhelp wanted

Description

while developing the mesh protocol, i also implemented the signature for the payload so that impersonation/spoofing and in general sending fake data can't be done (relevant for things like #529) ... the idea is that each unit has a list of public keys of friendly units that are authorized to receive signed mesh data from.

The current implementation is however commented:

https://github.com/evilsocket/pwngrid/blob/master/mesh/peer.go#L147 https://github.com/evilsocket/pwngrid/blob/master/mesh/peer.go#L199

because with a signature the payload would become too big for a single frame, and the injection would fail here:

https://github.com/evilsocket/pwngrid/blob/master/mesh/packet_muxer.go#L107

Sending more than one frame is not doable as the interface is hopping unpredictably on the wifi channels.

Ideally we should find a way to use a signature scheme that would generate a small overhead in size, maybe something like BLS.

Contributor guide

Tech stack: go
Domain: securitybackend
Issue type: feature
Difficulty: 5
Estimated time: over 1 week
Activity status: stale
Clarity: clear
Prerequisites: Gomesh networkingcryptographyBLS signatures
Newbie friendliness: 15
Research direction: Research BLS signature scheme to minimize overhead for mesh frames. Examine peer.go lines 147 and 199 where signature checking is commented out, and modify packet muxer.go line 107 to handle smaller payloads. Refer to issue #530 and related comments for context.