Sending encrypted ESP-NOW

ChuckMash / ESPythoNOW

A python library for sending, receiving, and monitoring ESP-NOW messages

MIT License

44 stars 6 forks source link

Sending encrypted ESP-NOW #1

Open ChuckMash opened 2 months ago

ChuckMash commented 2 months ago

~ESPythoNOW does not currently support the encryption method optionally used with ESP-NOW.~

According to the documentation

Uses the CCMP method, which is described in IEEE Std. 802.11-2012, to protect the vendor-specific action frame.
The lengths of both PMK and LMK are 16 bytes.
PMK is used to encrypt LMK with the AES-128 algorithm.

ChuckMash commented 2 months ago

Receiving encrypted ESP-NOW messages is now supported, but sending is not yet.

Possibly related to needing AAD/MIC calculation.

AAD/MIC may also benefit validating received encrypted messages.

ChuckMash commented 2 months ago

If the issue is the 8 byte MIC validation, it is made worse by the failing the validation check of received messages.

def callback(from_mac, to_mac, msg):
  packet = espnow.packet

  nonce = b'\x00'+bytes.fromhex(from_mac.replace(':',''))+struct.pack("BBBBBB",packet.PN5,packet.PN4,packet.PN3,packet.PN2,packet.PN1,packet.PN0)
  cipher = AES.new(espnow.key, AES.MODE_CCM, nonce, mac_len=8)

  try:
    data = cipher.decrypt_and_verify(packet.data[:-8], packet.data[-8:]) # does not validate
    print("success")
  except Exception as e:
    print("Error decrypting:",e)

If a solution is found to calculate MIC and validate correctly for receiving encrypted messages, it will be a big help for generating the MIC for sending encrypted messages.

CCMP documentation suggests the MIC is calculated/validated with AES CBC apart from the message itself encrypted with CCM

ChuckMash commented 2 months ago

Compiled ESP-IDF from source with modified debug and ccmp.c to track through AAD and MIC. Unable to see output of DEBUG statements in ccmp.c.

ChuckMash commented 2 months ago

List of potentially helpful links found so far. This comment will be updated