Skip to content

Commit

Permalink
Merge pull request #359 from helium/macpie/session_key
Browse files Browse the repository at this point in the history 
Session Key
  • Loading branch information
@macpie
macpie authored Aug 3, 2023
2 parents d86b3e3 + 1adbce0 commit 8d81732
Show file tree
Hide file tree
Showing 3 changed files with 49 additions and 16 deletions.
30 changes: 15 additions & 15 deletions src/service/iot_config.proto
View file
Original file line number Diff line number Diff line change
Expand Up @@ -142,7 +142,7 @@ message org_list_req_v1 {}

message org_list_res_v1 {
repeated org_v1 orgs = 1;
// unix epoch timestamp in seconds
// in milliseconds since unix epoch
uint64 timestamp = 2;
// pubkey binary of the signing keypair
bytes signer = 3;
Expand Down Expand Up @@ -219,7 +219,7 @@ message org_res_v1 {
org_v1 org = 1;
uint32 net_id = 2;
repeated devaddr_constraint_v1 devaddr_constraints = 3;
// unix epoch timestamp in seconds
// in milliseconds since unix epoch
uint64 timestamp = 4;
// pubkey binary of the signing keypair
bytes signer = 5;
Expand All @@ -238,7 +238,7 @@ message org_disable_req_v1 {

message org_disable_res_v1 {
uint64 oui = 1;
// unix epoch timestamp in seconds
// in milliseconds since unix epoch
uint64 timestamp = 2;
// pubkey binary of the signing keypair
bytes signer = 3;
Expand All @@ -257,7 +257,7 @@ message org_enable_req_v1 {

message org_enable_res_v1 {
uint64 oui = 1;
// unix epoch timestamp in seconds
// in milliseconds since unix epoch
uint64 timestamp = 2;
// pubkey binary of the signing keypair
bytes signer = 3;
Expand All @@ -276,7 +276,7 @@ message route_list_req_v1 {

message route_list_res_v1 {
repeated route_v1 routes = 1;
// unix epoch timestamp in seconds
// in milliseconds since unix epoch
uint64 timestamp = 2;
// pubkey binary of the signing keypair
bytes signer = 3;
Expand Down Expand Up @@ -323,7 +323,7 @@ message route_delete_req_v1 {

message route_res_v1 {
route_v1 route = 1;
// unix epoch timestamp in seconds
// in milliseconds since unix epoch
uint64 timestamp = 2;
// pubkey binary of the signing keypair
bytes signer = 3;
Expand Down Expand Up @@ -351,7 +351,7 @@ message route_update_euis_req_v1 {
}

message route_euis_res_v1 {
// unix epoch timestamp in seconds
// in milliseconds since unix epoch
uint64 timestamp = 1;
// pubkey binary of the signing keypair
bytes signer = 2;
Expand Down Expand Up @@ -379,7 +379,7 @@ message route_update_devaddr_ranges_req_v1 {
}

message route_devaddr_ranges_res_v1 {
// unix epoch timestamp in seconds
// in milliseconds since unix epoch
uint64 timestamp = 1;
// pubkey binary of the signing keypair
bytes signer = 2;
Expand All @@ -396,7 +396,7 @@ message route_stream_req_v1 {
}

message route_stream_res_v1 {
// unix epoch timestamp in seconds
// in milliseconds since unix epoch
uint64 timestamp = 1;
// pubkey binary of the signing keypair
bytes signer = 2;
Expand Down Expand Up @@ -458,7 +458,7 @@ message route_skf_update_req_v1 {
}

message route_skf_update_res_v1 {
// unix epoch timestamp in seconds
// in milliseconds since unix epoch
uint64 timestamp = 1;
// pubkey binary of the signing keypair
bytes signer = 2;
Expand All @@ -478,7 +478,7 @@ message gateway_region_params_res_v1 {
uint64 gain = 3;
// Signature over the response by the config service
bytes signature = 4;
// unix epoch timestamp in seconds
// in milliseconds since unix epoch
uint64 timestamp = 5;
// pubkey binary of the signing keypair
bytes signer = 6;
Expand All @@ -493,7 +493,7 @@ message gateway_location_req_v1 {

message gateway_location_res_v1 {
string location = 1;
// unix epoch timestamp in seconds
// in milliseconds since unix epoch
uint64 timestamp = 2;
// pubkey binary of the signing keypair
bytes signer = 3;
Expand All @@ -513,7 +513,7 @@ message admin_load_region_req_v1 {
}

message admin_load_region_res_v1 {
// unix epoch timestamp in seconds
// in milliseconds since unix epoch
uint64 timestamp = 1;
// pubkey binary of the signing keypair
bytes signer = 2;
Expand Down Expand Up @@ -550,7 +550,7 @@ message admin_remove_key_req_v1 {
}

message admin_key_res_v1 {
// unix epoch timestamp in seconds
// in milliseconds since unix epoch
uint64 timestamp = 1;
// pubkey binary of the signing keypair
bytes signer = 2;
Expand Down Expand Up @@ -635,7 +635,7 @@ message region_params_res_v1 {
bytes signature = 3;
// pubkey binary of the signing keypair
bytes signer = 4;
// unix epoch timestamp in seconds
// in milliseconds since unix epoch
uint64 timestamp = 5;
}

Expand Down
1 change: 1 addition & 0 deletions src/service/local.proto
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ message router_req {}
message router_res {
string uri = 1;
bool connected = 2;
bytes session_key = 3;
}

message add_gateway_req {
Expand Down
34 changes: 33 additions & 1 deletion src/service/packet_router.proto
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,12 +50,41 @@ message packet_router_register_v1 {
uint64 timestamp = 1;
bytes gateway = 2;
bytes signature = 3;
bool session_capable = 4;
}

// Session offer from the packet router to the gateway. If the gateway wants to
// initiate a session key it should send a packet_router_session_init_v1 message
// to the packet router using data in this offer to propose a session key.
//
// This message is sent by packet router after the register command is sent by
// the gateway.
message packet_router_session_offer_v1 { bytes nonce = 1; }

// Initializes a session key with the packet router. The data in this init
// message has to be from the latest session offer the gateway has received, the
// session key is the public key that is to be used to verify packets by packet
// router, and this message is to be signed by the private key of the gateway.
// Once accepted the session key replaces the current (default is gateway) key
// as the verifier used by the packet router for upilnk packets.
//
// The session key is valid for the length of the current stream or until a next
// offer message is received from the packet router.
//
// Once the new verifier is set by the packet router, any signed packets that do
// not pass verification with the active verifier key are dropped.
message packet_router_session_init_v1 {
bytes gateway = 1;
bytes nonce = 2;
bytes session_key = 3;
bytes signature = 4;
}

message envelope_up_v1 {
oneof data {
packet_router_register_v1 register = 1;
packet_router_packet_up_v1 packet = 2;
packet_router_session_init_v1 session_init = 3;
}
}

Expand All @@ -74,7 +103,10 @@ message packet_router_packet_down_v1 {
}

message envelope_down_v1 {
oneof data { packet_router_packet_down_v1 packet = 1; }
oneof data {
packet_router_packet_down_v1 packet = 1;
packet_router_session_offer_v1 session_offer = 2;
}
}

service packet {
Expand Down

0 comments on commit 8d81732

Please sign in to comment.