From 89469fcb88240617146dc11bc3cad01dcbf3f3a6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20Gjels=C3=B8?=
 <36234524+gjelsoe@users.noreply.github.com>
Date: Sun, 17 Nov 2024 19:36:41 +0100
Subject: [PATCH] Allows all 3 PKI keys to be added to userPrefs.h (#4969) and
 a tool. (#5368)

* more userPrefs.h

Added PKI Admin keys to userPrefs.h

* Update userPrefs.h

Allows all 3 PKI keys to be added to userPrefs.h (#4969)

* Update NodeDB.cpp

Trunk

* Update userPrefs.h

Changed wording

* Create base64_to_hex.py

A little tool for converting base64 PKI Keys to decoded byte that userPrefs.h can understand.

* more userPrefs.h

Added PKI Admin keys to userPrefs.h

* Update userPrefs.h

Allows all 3 PKI keys to be added to userPrefs.h (#4969)

* Update NodeDB.cpp

Trunk

* Update userPrefs.h

Changed wording

* Create base64_to_hex.py

A little tool for converting base64 PKI Keys to decoded byte that userPrefs.h can understand.
---
 bin/base64_to_hex.py | 33 +++++++++++++++++++++++++++++++++
 src/mesh/NodeDB.cpp  | 27 ++++++++++++++++++++++++---
 userPrefs.h          | 14 +++++++++++---
 3 files changed, 68 insertions(+), 6 deletions(-)
 create mode 100644 bin/base64_to_hex.py

diff --git a/bin/base64_to_hex.py b/bin/base64_to_hex.py
new file mode 100644
index 0000000000..07c559b9ea
--- /dev/null
+++ b/bin/base64_to_hex.py
@@ -0,0 +1,33 @@
+import sys
+import base64
+
+def base64_to_hex_string(b64_string):
+    try:
+        # Decode the Base64 string to raw bytes
+        decoded_bytes = base64.b64decode(b64_string)
+    except Exception as e:
+        raise ValueError(f"Invalid Base64 input: {e}")
+    
+    # Check if the decoded result is exactly 32 bytes
+    if len(decoded_bytes) != 32:
+        raise ValueError("Decoded Base64 input must be exactly 32 bytes.")
+    
+    # Convert each byte to its hex representation
+    hex_values = [f"0x{byte:02x}" for byte in decoded_bytes]
+    
+    # Join the formatted hex values with commas
+    formatted_output = "{ " + ", ".join(hex_values) + " };"
+    return formatted_output
+
+if __name__ == "__main__":
+    # Check if a Base64 string was provided in command line arguments
+    if len(sys.argv) != 2:
+        print("Usage: python script.py <base64-string>")
+        sys.exit(1)
+    
+    b64_string = sys.argv[1]
+    try:
+        formatted_hex = base64_to_hex_string(b64_string)
+        print(formatted_hex)
+    except ValueError as e:
+        print(e)
diff --git a/src/mesh/NodeDB.cpp b/src/mesh/NodeDB.cpp
index 102ac1f614..55b8c0b4da 100644
--- a/src/mesh/NodeDB.cpp
+++ b/src/mesh/NodeDB.cpp
@@ -407,9 +407,30 @@ void NodeDB::installDefaultConfig(bool preserveKey = false)
     config.lora.ignore_mqtt = false;
 #endif
 #ifdef USERPREFS_USE_ADMIN_KEY
-    memcpy(config.security.admin_key[0].bytes, USERPREFS_ADMIN_KEY, 32);
-    config.security.admin_key[0].size = 32;
-    config.security.admin_key_count = 1;
+    // Initialize admin_key_count to zero
+    byte numAdminKeys = 0;
+
+    // Check if USERPREFS_ADMIN_KEY_0 is non-empty
+    if (sizeof(USERPREFS_ADMIN_KEY_0) > 0) {
+        memcpy(config.security.admin_key[numAdminKeys].bytes, USERPREFS_ADMIN_KEY_0, 32);
+        config.security.admin_key[numAdminKeys].size = 32;
+        numAdminKeys++;
+    }
+
+    // Check if USERPREFS_ADMIN_KEY_1 is non-empty
+    if (sizeof(USERPREFS_ADMIN_KEY_1) > 0) {
+        memcpy(config.security.admin_key[numAdminKeys].bytes, USERPREFS_ADMIN_KEY_1, 32);
+        config.security.admin_key[numAdminKeys].size = 32;
+        numAdminKeys++;
+    }
+
+    // Check if USERPREFS_ADMIN_KEY_2 is non-empty
+    if (sizeof(USERPREFS_ADMIN_KEY_2) > 0) {
+        memcpy(config.security.admin_key[config.security.admin_key_count].bytes, USERPREFS_ADMIN_KEY_2, 32);
+        config.security.admin_key[config.security.admin_key_count].size = 32;
+        numAdminKeys++;
+    }
+    config.security.admin_key_count = numAdminKeys;
 #endif
     if (shouldPreserveKey) {
         config.security.private_key.size = 32;
diff --git a/userPrefs.h b/userPrefs.h
index c105e6b523..622a491c34 100644
--- a/userPrefs.h
+++ b/userPrefs.h
@@ -68,11 +68,19 @@ static unsigned char icon_bits[] = {
     0x98, 0x3F, 0xF0, 0x23, 0x00, 0xFC, 0x0F, 0xE0, 0x7F, 0x00, 0xFC, 0x03, 0x80, 0xFF, 0x01, 0xFC, 0x00, 0x00, 0x3E, 0x00, 0x70,
     0x00, 0x00, 0x1C, 0x00, 0x70, 0x00, 0x00, 0x1C, 0x00, 0x70, 0x00, 0x00, 0x1C, 0x00, 0x70, 0x00, 0x00, 0x1C, 0x00};
 */
+
+/*
+ * PKI Admin keys.
+ * If a Admin key is set with '{};'
+ * then it will be ignored, a PKI key must have a size of 32.
+ */
 /*
 #define USERPREFS_USE_ADMIN_KEY 1
-static unsigned char USERPREFS_ADMIN_KEY[] = {0xcd, 0xc0, 0xb4, 0x3c, 0x53, 0x24, 0xdf, 0x13, 0xca, 0x5a, 0xa6,
-                                       0x0c, 0x0d, 0xec, 0x85, 0x5a, 0x4c, 0xf6, 0x1a, 0x96, 0x04, 0x1a,
-                                       0x3e, 0xfc, 0xbb, 0x8e, 0x33, 0x71, 0xe5, 0xfc, 0xff, 0x3c};
+static unsigned char USERPREFS_ADMIN_KEY_0[] = {0xcd, 0xc0, 0xb4, 0x3c, 0x53, 0x24, 0xdf, 0x13, 0xca, 0x5a, 0xa6,
+                                                0x0c, 0x0d, 0xec, 0x85, 0x5a, 0x4c, 0xf6, 0x1a, 0x96, 0x04, 0x1a,
+                                                0x3e, 0xfc, 0xbb, 0x8e, 0x33, 0x71, 0xe5, 0xfc, 0xff, 0x3c};
+static unsigned char USERPREFS_ADMIN_KEY_1[] = {};
+static unsigned char USERPREFS_ADMIN_KEY_2[] = {};
 */
 
 /*