diff --git a/tnc/data_handler.py b/tnc/data_handler.py index d52091ab..ac6dcb36 100644 --- a/tnc/data_handler.py +++ b/tnc/data_handler.py @@ -919,16 +919,20 @@ class DATA: # check if hmac signing enabled if TNC.enable_hmac: - # now check if we have valid hmac signature - salt_found = helpers.search_hmac_salt(self.dxcallsign, self.mycallsign, data_frame_crc, token_iters=100) + # now check if we have valid hmac signature - returns salt or bool + salt_found = helpers.search_hmac_salt(self.dxcallsign, self.mycallsign, data_frame_crc, data_frame, token_iters=100) if salt_found: # hmac digest received self.arq_process_received_data_frame(data_frame, snr, signed=True) else: + # hmac signature wrong self.arq_process_received_data_frame(data_frame, snr, signed=False) elif data_frame_crc == data_frame_crc_received: + self.log.warning( + "[TNC] [HMAC] Disabled, using CRC", + ) self.arq_process_received_data_frame(data_frame, snr, signed=False) else: self.send_data_to_socket_queue( @@ -1163,7 +1167,7 @@ class DATA: snr=snr, ) - def arq_transmit(self, data_out: bytes, hmac_salt: str): + def arq_transmit(self, data_out: bytes, hmac_salt: bytes): """ Transmit ARQ frame @@ -1219,6 +1223,7 @@ class DATA: # check if hmac signature is available if hmac_salt not in ['', False]: + print(data_out) # create hmac digest hmac_digest = hmac.new(hmac_salt, data_out, hashlib.sha256).digest() # truncate to 32bit diff --git a/tnc/helpers.py b/tnc/helpers.py index 28acaf2b..66465870 100644 --- a/tnc/helpers.py +++ b/tnc/helpers.py @@ -502,33 +502,55 @@ def get_hmac_salt(dxcallsign: bytes, mycallsign: bytes): try: with open(filename, "r") as file: line = file.readlines() - hmac_salt = line[-1] + hmac_salt = bytes(line[-1], "utf-8").split(b'\n') + hmac_salt = hmac_salt[0] return hmac_salt if delete_last_line_from_hmac_list(filename, -1) else False except Exception: return False def search_hmac_salt(dxcallsign: bytes, mycallsign: bytes, search_token, data_frame, token_iters): + print(data_frame) try: filename = f"freedata_hmac_STATION_{dxcallsign.decode('utf-8')}_REMOTE_{mycallsign.decode('utf-8')}.txt" - with open(filename, "w") as file: + with open(filename, "r") as file: token_list = file.readlines() token_iters = min(token_iters, len(token_list)) for _ in range(1, token_iters + 1): key = token_list[len(token_list) - _][:-1] + key = bytes(key, "utf-8") search_digest = hmac.new(key, data_frame, hashlib.sha256).digest()[:4] + print("-----------------------------------------") + print(_) + print(f" key-------------{key}") + print(f" key-------------{token_list[len(token_list) - _][:-1]}") + print(f" key-------------{key.hex()}") + print(f" search token----{search_token.hex()}") + print(f" search digest---{search_digest.hex()}") if search_token == search_digest: token_position = len(token_list) - _ delete_last_line_from_hmac_list(filename, token_position) + log.warning( + "[TNC] [HMAC] Signature found", expected=search_token, + ) return True + + log.warning( + "[TNC] [HMAC] Signature not found", expected=search_token, + ) return False - except Exception: + except Exception as e: + log.warning( + "[TNC] [HMAC] Lookup failed", e=e, expected=search_token, + ) return False def delete_last_line_from_hmac_list(filename, position): + # override + return True try: linearray = [] with open(filename, "r") as file: diff --git a/tnc/main.py b/tnc/main.py index 176e60c3..fa7ac8bb 100755 --- a/tnc/main.py +++ b/tnc/main.py @@ -255,7 +255,7 @@ if __name__ == "__main__": PARSER.add_argument( "--hmac", - dest="hmac_salt", + dest="enable_hmac", action="store_true", default=True, help="Enable and set hmac message salt", @@ -315,7 +315,7 @@ if __name__ == "__main__": TCIParam.port = ARGS.tci_port ModemParam.tx_delay = ARGS.tx_delay MeshParam.enable_protocol = ARGS.enable_mesh - TNC.enable_hmac = False + TNC.enable_hmac = ARGS.enable_hmac except Exception as e: