trond-snekvik
commented
7 years ago We've looked into encryption for the Open Mesh before, but decided not to focus on it because of the complexity of key distribution and management. I agree that the packet format fits well with the nonce concept, but enforcing the "Once" part of it is tricky to get right, and I don't think we have the resources to take it all the way to a full-fledged solution at this point.
Hi, We pulled the mesh stack way back V0.7.8 I belive and we have made many modifications since then. Now we are revising the firmware of our product and want to incorperate our modifications with your fixes so I would much like if some of our modifications would become "standard" in the package.
I propose adding a encryption layer using AES-CCM hardware during the timeslots or using AES128 to emulate the AES-CCM at any time using the SD calls. AES-CCM requires Nonce that can be derived from the handle or access addr and counter from the version. I propose only encrypting the payload and not the handle or version as they would be required to create the Nonce and counter values.
I can not share any code as my code is confidential but we have implemented something similar to this.