Mirror/markqvist___RNode_Firmware
1
0
Fork 0
mirror of https://github.com/markqvist/RNode_Firmware.git synced 2026-04-27 14:30:33 +00:00
Code Issues Projects Releases Packages Wiki Activity

Add IFAC crypto test vectors — all 4 tests pass

Browse source 
Firmware crypto test (debug command 'C') validates IfacAuth.h
against test vectors generated by scripts/test_ifac.py from
Reticulum's Python implementation:

  pk:   Ed25519 keypair from seed      PASS
  sig:  Ed25519 detached signature     PASS
  hkdf: HKDF-SHA256 mask generation    PASS
  ifac: Full IFAC packet wrapping      PASS

The IFAC crypto implementation matches Reticulum exactly.
The beacon reception failure is NOT a crypto bug — likely
an IFAC key provisioning issue (NVS storage mismatch) or
a beacon packet format issue before IFAC is applied.

Run: ./scripts/screenshot.py crypto
Generate vectors: python3 scripts/test_ifac.py

Also: guarded profiling variables for non-T-Watch builds
so T-Beam Supreme and other targets compile cleanly.
This commit is contained in:
GlassOnTin 2026-03-29 13:16:17 +01:00
commit 1672a65475
3 changed files with 296 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

79
Gui.h
View file

@ -800,6 +800,7 @@ bool gui_init() {
// 'L' (0x4C) — Log toggle: start/stop IMU logging to SD card
// 'F' (0x46) — File list: lists files on SD card
// 'P' (0x50) — Profile: runs standardized performance test, reports JSON results
// 'C' (0x43) — Crypto test: runs IFAC test vectors, reports pass/fail
#define GUI_CMD_PREFIX_LEN 3
static const uint8_t gui_cmd_prefix[] = {0x52, 0x57, 0x53}; // "RWS"
@ -1025,6 +1026,84 @@ static void gui_cmd_execute() {
break;
}
case 'C': { // Crypto test — IFAC test vectors
#if HAS_GPS == true
Serial.write(hdr, 4);
// Test vectors from scripts/test_ifac.py
const uint8_t tv_key[64] = {0x3a, 0xc2, 0xe0, 0x12, 0xa0, 0x86, 0x04, 0x3c, 0x67, 0xcc, 0xef, 0x40, 0x6a, 0x0b, 0xdb, 0x38, 0xc0, 0x66, 0xb2, 0xee, 0x0a, 0x7f, 0x18, 0x27, 0xfa, 0x1c, 0xb9, 0xdc, 0xcf, 0xbb, 0x8e, 0x9d, 0x53, 0x48, 0xc5, 0x56, 0xf0, 0x8e, 0xed, 0xf3, 0x0b, 0xce, 0x46, 0x2b, 0xb2, 0x09, 0x6b, 0x99, 0x26, 0x08, 0xf4, 0xfc, 0xfd, 0x12, 0x32, 0x4b, 0xb2, 0x45, 0x86, 0x2b, 0x59, 0xd6, 0x11, 0xc7};
const uint8_t tv_pk[32] = {0x1a, 0x54, 0x5d, 0x78, 0x34, 0xc3, 0xe1, 0x6c, 0x53, 0x9d, 0xd5, 0xf5, 0x3a, 0xd1, 0x5b, 0x67, 0xae, 0x57, 0x5e, 0x97, 0x06, 0x05, 0x38, 0x5b, 0xeb, 0x76, 0xe9, 0x85, 0x2e, 0xf9, 0xe1, 0xdf};
const uint8_t tv_msg[19] = {0x00, 0x00, 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99};
const uint8_t tv_sig[64] = {0x99, 0x80, 0x27, 0x05, 0xaf, 0xde, 0xb0, 0xe6, 0xfe, 0xe5, 0x2b, 0xbc, 0x35, 0x4a, 0x87, 0x93, 0xd8, 0xc2, 0x9c, 0x77, 0x41, 0x6c, 0x5c, 0x54, 0x62, 0x7e, 0x66, 0xc6, 0x50, 0x05, 0xe5, 0x0a, 0x02, 0x48, 0x94, 0x4b, 0xb1, 0x02, 0x5b, 0x3a, 0xaa, 0xa2, 0x9b, 0x26, 0xc4, 0x7f, 0x49, 0x4b, 0xa2, 0x1a, 0xf0, 0xb5, 0xd0, 0x08, 0x8f, 0x9b, 0x49, 0x5b, 0xf2, 0xc7, 0xe1, 0x83, 0x99, 0x01};
const uint8_t tv_mask[27] = {0x3b, 0x8f, 0x16, 0xab, 0xe6, 0x0b, 0x8e, 0x35, 0xcb, 0x47, 0x5a, 0x3d, 0x13, 0x00, 0x05, 0xe6, 0x79, 0x79, 0x99, 0x23, 0x35, 0x24, 0x64, 0xd8, 0x4b, 0xf5, 0x3c};
const uint8_t tv_result[27] = {0xbb, 0x8f, 0x49, 0x5b, 0xf2, 0xc7, 0xe1, 0x83, 0x99, 0x01, 0x48, 0x09, 0x45, 0x78, 0x9f, 0x5a, 0xa7, 0x89, 0x88, 0x01, 0x06, 0x60, 0x31, 0xbe, 0x3c, 0x7d, 0xa5};
// Test 1: Keypair derivation
uint8_t pk[32], sk[64];
crypto_sign_ed25519_seed_keypair(pk, sk, tv_key + 32);
bool pk_match = (memcmp(pk, tv_pk, 32) == 0);
// Test 2: Signature
uint8_t sig[64];
unsigned long long sig_len;
crypto_sign_ed25519_detached(sig, &sig_len, tv_msg, 19, sk);
bool sig_match = (memcmp(sig, tv_sig, 64) == 0);
// Test 3: HKDF
uint8_t mask[27];
rns_hkdf_var(sig + 56, 8, tv_key, 64, mask, 27);
bool mask_match = (memcmp(mask, tv_mask, 27) == 0);
// Test 4: Full IFAC apply
uint8_t pkt[64];
memcpy(pkt, tv_msg, 19);
// Save original ifac state and substitute test key
uint8_t saved_key[64]; bool saved_configured;
memcpy(saved_key, ifac_key, 64);
saved_configured = ifac_configured;
memcpy(ifac_key, tv_key, 64);
ifac_derive_keypair();
ifac_configured = true;
uint16_t result_len = ifac_apply(pkt, 19);
bool result_match = (result_len == 27) && (memcmp(pkt, tv_result, 27) == 0);
// Restore
memcpy(ifac_key, saved_key, 64);
if (saved_configured) ifac_derive_keypair();
ifac_configured = saved_configured;
// Report
Serial.printf("{\"pk\":%s,\"sig\":%s,\"hkdf\":%s,\"ifac\":%s",
pk_match ? "true" : "false",
sig_match ? "true" : "false",
mask_match ? "true" : "false",
result_match ? "true" : "false");
// Dump actual values on failure for debugging
if (!sig_match) {
Serial.printf(",\"actual_sig\":\"");
for (int i = 0; i < 64; i++) Serial.printf("%02x", sig[i]);
Serial.printf("\"");
}
if (!mask_match) {
Serial.printf(",\"actual_mask\":\"");
for (int i = 0; i < 27; i++) Serial.printf("%02x", mask[i]);
Serial.printf("\"");
}
if (!result_match) {
Serial.printf(",\"actual_result\":\"");
for (int i = 0; i < (int)result_len; i++) Serial.printf("%02x", pkt[i]);
Serial.printf("\",\"result_len\":%d", result_len);
}
Serial.println("}");
Serial.flush();
#else
Serial.write(hdr, 4);
Serial.println("{\"error\":\"no_gps\"}");
Serial.flush();
#endif
break;
}
case 'I': { // Invalidate — force full redraw
if (gui_screen) lv_obj_invalidate(gui_screen);
if (display_blanked) display_unblank();

37
scripts/screenshot.py
View file

@ -186,6 +186,38 @@ def cmd_profile(s, save_path=None):
print(f"Timeout ({len(buf)} bytes)")
def cmd_crypto(s):
"""Run IFAC crypto test vectors on firmware"""
send_cmd(s, ord('C'))
buf = b""
deadline = time.time() + 10
while time.time() < deadline:
chunk = s.read(max(1, s.in_waiting or 1))
if chunk:
buf += chunk
magic = PREFIX + b"C"
idx = buf.find(magic)
if idx >= 0:
nl = buf.find(b"\n", idx + 4)
if nl >= 0:
import json
data = json.loads(buf[idx + 4:nl])
all_pass = True
for test, result in data.items():
if test in ("pk", "sig", "hkdf", "ifac"):
status = "PASS" if result else "FAIL"
if not result:
all_pass = False
print(f" {test:>6}: {status}")
if not all_pass:
for k, v in data.items():
if k.startswith("actual_"):
print(f" {k}: {v}")
print(f"\n {'ALL PASS' if all_pass else 'FAILED'}")
return
print(f"Timeout ({len(buf)} bytes)")
def cmd_invalidate(s):
send_cmd(s, ord('I'))
print("Invalidated — full redraw requested")
@ -250,6 +282,9 @@ def main():
sub.add_parser("invalidate", aliases=["inv"])
sub.add_parser("crypto", aliases=["c"],
help="Run IFAC crypto test vectors on firmware")
p = sub.add_parser("profile", aliases=["p"],
help="Run standardized performance test")
p.add_argument("--save", metavar="FILE", help="Save raw JSON to file")
@ -279,6 +314,8 @@ def main():
cmd_navigate(s, args.screen)
elif args.command in ("invalidate", "inv"):
cmd_invalidate(s)
elif args.command in ("crypto", "c"):
cmd_crypto(s)
elif args.command in ("profile", "p"):
cmd_profile(s, getattr(args, 'save', None))
elif args.command in ("log", "l"):

180
scripts/test_ifac.py Normal file
View file

@ -0,0 +1,180 @@
#!/usr/bin/env python3
"""
IFAC Crypto Test compares IfacAuth.h C implementation against Reticulum Python
Tests each stage of the IFAC pipeline:
1. Ed25519 keypair derivation from seed
2. Ed25519 signing
3. HKDF expansion
4. Full IFAC apply on a test packet
Run standalone to generate test vectors, or with --firmware to
send test vectors to the watch and compare output.
Usage:
python3 scripts/test_ifac.py # generate test vectors
python3 scripts/test_ifac.py --firmware # compare with firmware
"""
import sys
import os
import hashlib
import hmac
# Add RNS to path
sys.path.insert(0, os.path.expanduser("~/.local/lib/python3.13/site-packages"))
import RNS
from RNS.Cryptography.pure25519 import ed25519_oop as ed25519
from RNS.Cryptography.pure25519._ed25519 import sign as ed25519_raw_sign
def hkdf_sha256(ikm, salt, length, context=None):
"""Replicate RNS.Cryptography.hkdf exactly"""
return RNS.Cryptography.hkdf(
length=length,
derive_from=ikm,
salt=salt,
context=context,
)
def hkdf_sha256_manual(ikm, salt, output_len):
"""Manual HKDF-SHA256 matching our C implementation"""
# Extract
prk = hmac.new(salt, ikm, hashlib.sha256).digest()
# Expand
output = b""
prev_block = b""
block_idx = 0
while len(output) < output_len:
expand_input = prev_block + bytes([(block_idx + 1) % 256])
block = hmac.new(prk, expand_input, hashlib.sha256).digest()
output += block
prev_block = block
block_idx += 1
return output[:output_len]
def ifac_apply_python(pkt, ifac_key, ifac_size=8):
"""Replicate Reticulum's Transport.transmit IFAC application"""
# Create identity from ifac_key (last 32 bytes = Ed25519 seed)
sig_seed = ifac_key[32:]
identity = RNS.Identity.from_bytes(ifac_key)
# 1. Sign the original packet
sig = identity.sign(pkt) # Returns 64-byte signature
assert len(sig) == 64, f"Signature length: {len(sig)}"
# 2. Extract IFAC: last 8 bytes of signature
ifac = sig[-ifac_size:]
# 3. Generate mask
mask = RNS.Cryptography.hkdf(
length=len(pkt) + ifac_size,
derive_from=ifac,
salt=ifac_key,
context=None,
)
# 4. Set IFAC flag + assemble
new_header = bytes([pkt[0] | 0x80, pkt[1]])
new_raw = new_header + ifac + pkt[2:]
# 5. Mask
masked = bytearray()
for i, byte in enumerate(new_raw):
if i == 0:
masked.append((byte ^ mask[i]) | 0x80)
elif i == 1 or i > ifac_size + 1:
masked.append(byte ^ mask[i])
else:
masked.append(byte) # Don't mask IFAC itself
return bytes(masked)
def main():
print("=" * 60)
print("IFAC Crypto Test Vectors")
print("=" * 60)
# Known IFAC key (helv4net / R3ticulum-priv8-m3sh)
network_name = "helv4net"
passphrase = "R3ticulum-priv8-m3sh"
ifac_origin = b""
ifac_origin += RNS.Identity.full_hash(network_name.encode("utf-8"))
ifac_origin += RNS.Identity.full_hash(passphrase.encode("utf-8"))
ifac_origin_hash = RNS.Identity.full_hash(ifac_origin)
ifac_key = hkdf_sha256(ifac_origin_hash, RNS.Reticulum.IFAC_SALT, 64)
print(f"\n1. IFAC Key Derivation")
print(f" Network: {network_name}")
print(f" Pass: {passphrase}")
print(f" Key: {ifac_key.hex()}")
# Ed25519 seed = last 32 bytes of ifac_key
ed25519_seed = ifac_key[32:]
print(f"\n2. Ed25519 Seed (ifac_key[32:64])")
print(f" Seed: {ed25519_seed.hex()}")
# Derive keypair
sk = ed25519.SigningKey(ed25519_seed)
pk = sk.get_verifying_key()
print(f" PK: {pk.to_bytes().hex()}")
# Also show the full sk_s (seed + pk, 64 bytes — libsodium format)
sk_s = sk.sk_s # This is the internal 64-byte representation
print(f" SK(64): {sk_s.hex()}")
# Test signing with a known message
test_msg = bytes([0x00, 0x00, 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC,
0xDE, 0xF0, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66,
0x77, 0x88, 0x99])
print(f"\n3. Ed25519 Signature Test")
print(f" Msg: {test_msg.hex()}")
sig = sk.sign(test_msg)
print(f" Sig: {sig.hex()}")
print(f" Last 8: {sig[-8:].hex()}")
# HKDF test
test_ikm = sig[-8:]
print(f"\n4. HKDF Test")
print(f" IKM: {test_ikm.hex()}")
print(f" Salt: {ifac_key.hex()}")
mask_rns = hkdf_sha256(test_ikm, ifac_key, 27)
mask_manual = hkdf_sha256_manual(test_ikm, ifac_key, 27)
print(f" RNS: {mask_rns.hex()}")
print(f" Manual: {mask_manual.hex()}")
print(f" Match: {mask_rns == mask_manual}")
# Full IFAC apply
print(f"\n5. Full IFAC Apply")
print(f" Input: {test_msg.hex()} ({len(test_msg)} bytes)")
result = ifac_apply_python(test_msg, ifac_key)
print(f" Output: {result.hex()} ({len(result)} bytes)")
print(f" Size: {len(test_msg)} -> {len(result)}")
# Generate C test vector
print(f"\n{'=' * 60}")
print(f"C Test Vectors (paste into firmware test)")
print(f"{'=' * 60}")
print(f"const uint8_t test_ifac_key[64] = {{{', '.join(f'0x{b:02x}' for b in ifac_key)}}};")
print(f"const uint8_t test_ed25519_seed[32] = {{{', '.join(f'0x{b:02x}' for b in ed25519_seed)}}};")
print(f"const uint8_t test_ed25519_pk[32] = {{{', '.join(f'0x{b:02x}' for b in pk.to_bytes())}}};")
print(f"const uint8_t test_msg[{len(test_msg)}] = {{{', '.join(f'0x{b:02x}' for b in test_msg)}}};")
print(f"const uint8_t test_sig[64] = {{{', '.join(f'0x{b:02x}' for b in sig)}}};")
print(f"const uint8_t test_ifac[8] = {{{', '.join(f'0x{b:02x}' for b in sig[-8:])}}};")
print(f"const uint8_t test_mask[{len(result)}] = {{{', '.join(f'0x{b:02x}' for b in mask_rns[:len(result)])}}};")
print(f"const uint8_t test_result[{len(result)}] = {{{', '.join(f'0x{b:02x}' for b in result)}}};")
if __name__ == "__main__":
main()