From 06d7ca5821460b33f9d66b11323aa53965389699 Mon Sep 17 00:00:00 2001
From: Jonathan Bennett <jbennett@incomsystems.biz>
Date: Thu, 15 Aug 2024 16:32:42 -0500
Subject: [PATCH] Adds Admin session_passkey to prevent replay of admin packets
 (#558)

* Adds Admin session_passkey to prevent replay of admin packets

* Update comment on admin_passkey
---
 meshtastic/admin.options | 2 ++
 meshtastic/admin.proto   | 8 ++++++++
 2 files changed, 10 insertions(+)

diff --git a/meshtastic/admin.options b/meshtastic/admin.options
index 4804d89..022c4fd 100644
--- a/meshtastic/admin.options
+++ b/meshtastic/admin.options
@@ -1,5 +1,7 @@
 *AdminMessage.payload_variant anonymous_oneof:true
 
+*AdminMessage.session_passkey max_size:8
+
 *AdminMessage.set_canned_message_module_messages max_size:201
 *AdminMessage.get_canned_message_module_messages_response max_size:201
 *AdminMessage.delete_file_request max_size:201
diff --git a/meshtastic/admin.proto b/meshtastic/admin.proto
index 1c637c9..c461ffe 100644
--- a/meshtastic/admin.proto
+++ b/meshtastic/admin.proto
@@ -20,6 +20,14 @@ option swift_prefix = "";
  * (Prior to 1.2 these operations were done via special ToRadio operations)
  */
 message AdminMessage {
+
+  /*
+   * The node generates this key and sends it with any get_x_response packets.
+   * The client MUST include the same key with any set_x commands. Key expires after 300 seconds.
+   * Prevents replay attacks for admin messages.
+   */
+  bytes session_passkey = 101;
+
   /*
    * TODO: REPLACE
    */