From b5503a5412a132294d4f98962c74e1c31b69e940 Mon Sep 17 00:00:00 2001
From: Matias Denda <matutetandil@gmail.com>
Date: Wed, 25 Feb 2026 12:38:55 -0300
Subject: [PATCH] Add use_aead field to ChannelSettings

Add bool use_aead = 8 to ChannelSettings message to support optional
AES-CCM authenticated encryption on PSK channels. When enabled,
messages include a 12-byte authentication tag that prevents forgery
and bit-flipping attacks. Defaults to false (standard AES-CTR).

Part of firmware#4030.
---
 meshtastic/channel.proto | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/meshtastic/channel.proto b/meshtastic/channel.proto
index f49895a..89a0c6e 100644
--- a/meshtastic/channel.proto
+++ b/meshtastic/channel.proto
@@ -87,6 +87,15 @@ message ChannelSettings {
    * Per-channel module settings.
    */
   ModuleSettings module_settings = 7;
+
+  /*
+   * Enable authenticated encryption (AES-CCM) for this channel.
+   * When true, messages include a 12-byte authentication tag that prevents
+   * forgery and bit-flipping attacks. All nodes on the channel must have
+   * this enabled — unauthenticated (AES-CTR) packets are rejected.
+   * Experimental. Default: false (standard AES-CTR encryption).
+   */
+  bool use_aead = 8;
 }
 
 /*