feat: server trust

Author: filipton

Cargo.lock

@@ -30,7 +30,7 @@ macros = { path = "./macros" }
 nb = "1.1.0"
 embassy-futures = "0.1.1"
 embassy-sync = "0.7.1"
-ws-framer = { version = "0.3.0", default-features = false, features = ["alloc", "http", "getrandom02"] }
+ws-framer = { version = "0.3.1", default-features = false, features = ["alloc", "http", "getrandom02"] }
 embedded-hal-async = "1.0.0"
 portable-atomic = { version = "1.11.1", default-features = false }
 critical-section = "1.2.0"

Cargo.toml

@@ -82,7 +82,6 @@ pub async fn battery_read_task(
                     level: Some(bat_percentage as f64),
                     voltage: Some(bat_calc_mv / 1000.0),
                 },
-                sign_key: Some(unsafe { crate::state::SIGN_KEY }),
             })
             .await;
         }

src/battery.rs

@@ -3,7 +3,7 @@ use adv_shift_registers::wrappers::ShifterValueRange;
 use anyhow::Result;
 use esp_hal::{
     gpio::{AnyPin, Input, InputConfig, Level, Output, Pin, Pull},
-    peripherals::{ADC1, BT, Peripherals, SPI2, TIMG0, TIMG1, UART1, WIFI},
+    peripherals::{ADC1, AES, BT, Peripherals, SPI2, TIMG0, TIMG1, UART1, WIFI},
     rng::Rng,
     timer::timg::TimerGroup,
 };
@@ -19,6 +19,7 @@ pub struct Board {
     pub wifi: WIFI<'static>,
     pub bt: BT<'static>,
     pub spi_dma: esp_hal::peripherals::DMA_CH0<'static>,
+    pub aes: AES<'static>,
 
     // spi
     pub miso: AnyPin<'static>,
@@ -49,6 +50,7 @@ impl Board {
         let adc1 = peripherals.ADC1;
         let wifi = peripherals.WIFI;
         let bt = peripherals.BT;
+        let aes = peripherals.AES;
 
         let sck = peripherals.GPIO4.degrade();
         let miso = peripherals.GPIO5.degrade();
@@ -95,6 +97,7 @@ impl Board {
             adc1,
             wifi,
             bt,
+            aes,
 
             miso,
             mosi,

src/board.rs

@@ -142,16 +142,17 @@ async fn submit_up(
     if !state_val.device_added.unwrap_or(false) {
         let mut sign_key = [0; 4];
         _ = getrandom::getrandom(&mut sign_key);
+        _ = state.nvs.invalidate_key(b"SIGN_KEY").await;
         _ = state.nvs.append_key(b"SIGN_KEY", &sign_key).await;
         unsafe { crate::state::SIGN_KEY = u32::from_be_bytes(sign_key) >> 1 };
+        unsafe { crate::state::TRUST_SERVER = true };
 
         crate::ws::send_packet(crate::structs::TimerPacket {
             tag: None,
             data: crate::structs::TimerPacketInner::Add {
                 firmware: alloc::string::ToString::to_string(crate::version::FIRMWARE),
                 sign_key: unsafe { crate::state::SIGN_KEY },
             },
-            sign_key: None,
         })
         .await;
 
@@ -380,6 +381,11 @@ async fn delegate_hold(
                 return Ok(false);
             }
 
+            if unsafe { !crate::state::TRUST_SERVER } {
+                log::error!("Skipping delegate hold. Server not trusted!");
+                return Ok(false);
+            }
+
             let inspection_time = if state_val.use_inspection()
                 && state_val.inspection_start.is_some()
                 && state_val.inspection_end.is_some()
@@ -404,6 +410,7 @@ async fn delegate_hold(
                 delegate: true,
                 inspection_time,
                 group_id: state_val.solve_group.clone().map(|r| r.group_id).expect(""),
+                sign_key: unsafe { crate::state::SIGN_KEY },
             };
 
             state_val.delegate_hold = Some(3);

src/buttons.rs

@@ -112,7 +112,7 @@ async fn main(spawner: Spawner) {
     log::info!("This firmware is in QA mode!");
 
     let nvs = Nvs::new_from_part_table().expect("Wrong partition configuration!");
-    let global_state = Rc::new(GlobalStateInner::new(&nvs));
+    let global_state = Rc::new(GlobalStateInner::new(&nvs, board.aes));
     let wifi_setup_sig = Rc::new(Signal::new());
 
     // TODO: add error handling here
@@ -341,7 +341,6 @@ async fn logger_task(global_state: GlobalState) {
             ws::send_packet(structs::TimerPacket {
                 tag: None,
                 data: structs::TimerPacketInner::Logs { logs: tmp_logs },
-                sign_key: None,
             })
             .await;
         }

src/main.rs

@@ -138,10 +138,16 @@ pub async fn rfid_task(
             continue;
         }
 
+        if unsafe { !crate::state::TRUST_SERVER } {
+            log::error!("Skipping card scan. Server not trusted!");
+            continue;
+        }
+
         let resp = crate::ws::send_request::<CardInfoResponsePacket>(
             crate::structs::TimerPacketInner::CardInfoRequest {
                 card_id: card_uid as u64,
                 attendance_device: None,
+                sign_key: unsafe { crate::state::SIGN_KEY },
             },
         )
         .await;
@@ -245,6 +251,11 @@ async fn process_card_info_response(
                     return Ok(());
                 }
 
+                if unsafe { !crate::state::TRUST_SERVER } {
+                    log::error!("Skipping solve send. Server not trusted!");
+                    return Ok(());
+                }
+
                 let resp = crate::ws::send_request::<SolveConfirmPacket>(
                     crate::structs::TimerPacketInner::Solve {
                         solve_time: state.solve_time.ok_or(anyhow!("Solve time is None"))?,
@@ -256,6 +267,7 @@ async fn process_card_info_response(
                         delegate: false,
                         inspection_time,
                         group_id: state.solve_group.clone().map(|r| r.group_id).expect(""),
+                        sign_key: unsafe { crate::state::SIGN_KEY },
                     },
                 )
                 .await;

src/rfid.rs

@@ -2,14 +2,18 @@ use crate::{structs::PossibleGroup, utils::signaled_mutex::SignaledMutex};
 use alloc::{rc::Rc, string::String, vec::Vec};
 use embassy_sync::{
     blocking_mutex::raw::{CriticalSectionRawMutex, NoopRawMutex},
+    mutex::Mutex,
     signal::Signal,
 };
 use embassy_time::{Duration, Instant, Timer};
+use esp_hal::aes::Aes;
 use esp_hal_wifimanager::Nvs;
 use serde::{Deserialize, Serialize};
 
-pub static mut EPOCH_BASE: u64 = 0;
 pub static mut SIGN_KEY: u32 = 0;
+pub static mut TRUST_SERVER: bool = false;
+
+pub static mut EPOCH_BASE: u64 = 0;
 pub static mut SLEEP_STATE: bool = false;
 pub static mut DEEPER_SLEEP: bool = false;
 pub static mut OTA_STATE: bool = false;
@@ -127,20 +131,22 @@ pub struct GlobalStateInner {
     pub update_progress: Signal<CriticalSectionRawMutex, u8>,
 
     pub nvs: Nvs,
+    pub aes: Mutex<NoopRawMutex, Aes<'static>>,
 
     #[cfg(feature = "e2e")]
     pub e2e: End2End,
 }
 
 impl GlobalStateInner {
-    pub fn new(nvs: &Nvs) -> Self {
+    pub fn new(nvs: &Nvs, aes: esp_hal::peripherals::AES<'static>) -> Self {
         Self {
             state: SignaledMutex::new(SignaledGlobalStateInner::new()),
             timer_signal: Signal::new(),
             show_battery: Signal::new(),
             update_progress: Signal::new(),
 
             nvs: nvs.clone(),
+            aes: Mutex::new(Aes::new(aes)),
 
             #[cfg(feature = "e2e")]
             e2e: End2End::new(),

src/state.rs

@@ -24,9 +24,6 @@ pub struct TimerPacket {
     #[serde(skip_serializing_if = "Option::is_none")]
     pub tag: Option<u64>,
     pub data: TimerPacketInner,
-
-    #[serde(skip_serializing_if = "Option::is_none")]
-    pub sign_key: Option<u32>,
 }
 
 #[derive(Serialize, Deserialize, Debug, Clone)]
@@ -49,6 +46,7 @@ pub enum TimerPacketInner {
         delegate: bool,
         inspection_time: i64,
         group_id: String,
+        sign_key: u32,
     },
     SolveConfirm(SolveConfirmPacket),
     DelegateResponse(DelegateResponsePacket),
@@ -63,6 +61,8 @@ pub enum TimerPacketInner {
 
         #[serde(skip_serializing_if = "Option::is_none")]
         attendance_device: Option<bool>,
+
+        sign_key: u32,
     },
     CardInfoResponse(CardInfoResponsePacket),
     AttendanceMarked,

src/structs.rs

@@ -14,6 +14,12 @@ pub fn set_brownout_detection(state: bool) {
     }
 }
 
+pub fn get_random_u64() -> u64 {
+    let mut buf = [0; 8];
+    _ = getrandom::getrandom(&mut buf);
+    u64::from_be_bytes(buf)
+}
+
 /// This function returns value with maximum of signed integer
 /// (2147483647) to easily store it in postgres db as integer
 pub fn get_efuse_u32() -> u32 {