Implement a secure ICS protocol targeting LoRa Node151 microcontroller for controlling irrigation.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

283 lines
7.8 KiB

  1. # Copyright 2021 John-Mark Gurney.
  2. #
  3. # Redistribution and use in source and binary forms, with or without
  4. # modification, are permitted provided that the following conditions
  5. # are met:
  6. # 1. Redistributions of source code must retain the above copyright
  7. # notice, this list of conditions and the following disclaimer.
  8. # 2. Redistributions in binary form must reproduce the above copyright
  9. # notice, this list of conditions and the following disclaimer in the
  10. # documentation and/or other materials provided with the distribution.
  11. #
  12. # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
  13. # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  14. # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  15. # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  16. # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  17. # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  18. # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  19. # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  20. # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  21. # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  22. # SUCH DAMAGE.
  23. #
  24. import os
  25. import unittest
  26. from ctypes import Array, Structure, POINTER, CFUNCTYPE, pointer, sizeof
  27. from ctypes import c_uint8, c_uint16, c_ssize_t, c_size_t, c_uint64, c_int
  28. from ctypes import CDLL
  29. class StructureRepr(object):
  30. @staticmethod
  31. def __specialrepr(obj):
  32. if isinstance(obj, Array):
  33. return '[ %s ]' % ', '.join(hex(x) for x in obj)
  34. return repr(obj)
  35. def __repr__(self): #pragma: no cover
  36. return '%s(%s)' % (self.__class__.__name__, ', '.join('%s=%s' %
  37. (k, self.__specialrepr(getattr(self, k))) for k, v in self._fields_))
  38. class PktBuf(Structure):
  39. _fields_ = [
  40. ('pkt', POINTER(c_uint8)),
  41. ('pktlen', c_uint16),
  42. ]
  43. def _from(self):
  44. return bytes(self.pkt[:self.pktlen])
  45. def __repr__(self): #pragma: no cover
  46. return 'PktBuf(pkt=%s, pktlen=%s)' % (repr(self._from()),
  47. self.pktlen)
  48. def make_pktbuf(s):
  49. pb = PktBuf()
  50. if isinstance(s, bytearray):
  51. obj = s
  52. pb.pkt = pointer(c_uint8.from_buffer(s))
  53. else:
  54. obj = (c_uint8 * len(s))(*s)
  55. pb.pkt = obj
  56. pb.pktlen = len(s)
  57. pb._make_pktbuf_ref = (obj, s)
  58. return pb
  59. process_msgfunc_t = CFUNCTYPE(None, PktBuf, POINTER(PktBuf))
  60. try:
  61. _lib = CDLL('libsyote_test.dylib')
  62. except OSError:
  63. _lib = None
  64. if _lib is not None:
  65. _lib._strobe_state_size.restype = c_size_t
  66. _lib._strobe_state_size.argtypes = ()
  67. _strobe_state_u64_cnt = (_lib._strobe_state_size() + 7) // 8
  68. else:
  69. _strobe_state_u64_cnt = 1
  70. class CommsSession(Structure,StructureRepr):
  71. _fields_ = [
  72. ('cs_crypto', c_uint64 * _strobe_state_u64_cnt),
  73. ('cs_state', c_int),
  74. ]
  75. EC_PUBLIC_BYTES = 32
  76. EC_PRIVATE_BYTES = 32
  77. class CommsState(Structure,StructureRepr):
  78. _fields_ = [
  79. # The alignment of these may be off
  80. ('cs_active', CommsSession),
  81. ('cs_pending', CommsSession),
  82. ('cs_respkey', c_uint8 * EC_PRIVATE_BYTES),
  83. ('cs_resppubkey', c_uint8 * EC_PUBLIC_BYTES),
  84. ('cs_initpubkey', c_uint8 * EC_PUBLIC_BYTES),
  85. ('cs_start', CommsSession),
  86. ('cs_procmsg', process_msgfunc_t),
  87. ('cs_prevmsg', PktBuf),
  88. ('cs_prevmsgresp', PktBuf),
  89. ('cs_prevmsgbuf', c_uint8 * 64),
  90. ('cs_prevmsgrespbuf', c_uint8 * 64),
  91. ]
  92. if _lib is not None:
  93. _lib._comms_state_size.restype = c_size_t
  94. _lib._comms_state_size.argtypes = ()
  95. if _lib._comms_state_size() != sizeof(CommsState): # pragma: no cover
  96. raise RuntimeError('CommsState structure size mismatch!')
  97. X25519_BASE_POINT = (c_uint8 * (256//8)).in_dll(_lib, 'X25519_BASE_POINT')
  98. for func, ret, args in [
  99. ('comms_init', c_int, (POINTER(CommsState), process_msgfunc_t,
  100. POINTER(PktBuf), POINTER(PktBuf), POINTER(PktBuf))),
  101. ('comms_process', None, (POINTER(CommsState), PktBuf, POINTER(PktBuf))),
  102. ('strobe_seed_prng', None, (POINTER(c_uint8), c_ssize_t)),
  103. ('x25519', c_int, (c_uint8 * EC_PUBLIC_BYTES, c_uint8 * EC_PRIVATE_BYTES, c_uint8 * EC_PUBLIC_BYTES, c_int)),
  104. ]:
  105. f = getattr(_lib, func)
  106. f.restype = ret
  107. f.argtypes = args
  108. locals()[func] = f
  109. def x25519_wrap(out, scalar, base, clamp):
  110. outptr = (c_uint8 * EC_PUBLIC_BYTES).from_buffer_copy(out)
  111. scalarptr = (c_uint8 * EC_PRIVATE_BYTES).from_buffer_copy(scalar)
  112. baseptr = (c_uint8 * EC_PRIVATE_BYTES).from_buffer_copy(base)
  113. r = x25519(outptr, scalarptr, baseptr, clamp)
  114. if r != 0:
  115. raise RuntimeError('x25519 failed')
  116. return bytes(outptr)
  117. def x25519_genkey():
  118. return os.urandom(EC_PRIVATE_BYTES)
  119. def x25519_base(scalar, clamp):
  120. out = bytearray(EC_PUBLIC_BYTES)
  121. outptr = (c_uint8 * EC_PUBLIC_BYTES).from_buffer(out)
  122. scalarptr = (c_uint8 * EC_PRIVATE_BYTES).from_buffer_copy(scalar)
  123. r = x25519(outptr, scalarptr, X25519_BASE_POINT, clamp)
  124. if r != 0:
  125. raise RuntimeError('x25519 failed')
  126. return bytes(out)
  127. class X25519:
  128. '''Class to wrap the x25519 functions into something a bit more
  129. usable. This provides better key ingestion and better support
  130. for other key formats.
  131. Use either the gen method to generate a random key, or the frombytes
  132. method.
  133. a = X25519.gen()
  134. b = X25519.gen()
  135. a.dh(b.getpub()) == b.dh(a.getpub())
  136. That is, each party generates a key, sends their public part to the
  137. other party, and then uses their received public part as an argument
  138. to the dh method. The resulting value will be shared between the
  139. two parties.
  140. '''
  141. def __init__(self, key):
  142. self.privkey = key
  143. self.pubkey = x25519_base(key, 1)
  144. def dh(self, pub):
  145. '''Perform a DH operation using the public part pub.'''
  146. return x25519_wrap(self.pubkey, self.privkey, pub, 1)
  147. def getpub(self):
  148. '''Get the public part of the key. This is to be sent
  149. to the other party for key exchange.'''
  150. return self.pubkey
  151. def getpriv(self):
  152. return self.privkey
  153. @classmethod
  154. def gen(cls):
  155. '''Generate a random X25519 key.'''
  156. return cls(x25519_genkey())
  157. @classmethod
  158. def frombytes(cls, key):
  159. '''Generate an X25519 key from 32 bytes.'''
  160. return cls(key)
  161. def comms_process_wrap(state, input):
  162. '''A wrapper around comms_process that converts the argument
  163. into the buffer, and the returns the message as a bytes string.
  164. '''
  165. inpkt = make_pktbuf(input)
  166. outbytes = bytearray(64)
  167. outbuf = make_pktbuf(outbytes)
  168. comms_process(state, inpkt, outbuf)
  169. return outbuf._from()
  170. if __name__ == '__main__':
  171. key = X25519.gen()
  172. print(key.getpriv().hex())
  173. print(key.getpub().hex())
  174. class TestX25519(unittest.TestCase):
  175. PUBLIC_BYTES = EC_PUBLIC_BYTES
  176. PRIVATE_BYTES = EC_PRIVATE_BYTES
  177. def test_class(self):
  178. key = X25519.gen()
  179. pubkey = key.getpub()
  180. privkey = key.getpriv()
  181. apubkey = x25519_base(privkey, 1)
  182. self.assertEqual(apubkey, pubkey)
  183. self.assertEqual(X25519.frombytes(privkey).getpub(), pubkey)
  184. with self.assertRaises(ValueError):
  185. X25519(b'0'*31)
  186. def test_rfc7748_6_1(self):
  187. # KAT from https://datatracker.ietf.org/doc/html/rfc7748#section-6.1
  188. apriv = bytes.fromhex('77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a')
  189. akey = X25519(apriv)
  190. self.assertEqual(akey.getpub(), bytes.fromhex('8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a'))
  191. bpriv = bytes.fromhex('5dab087e624a8a4b79e17f8b83800ee66f3bb1292618b6fd1c2f8b27ff88e0eb')
  192. bkey = X25519(bpriv)
  193. self.assertEqual(bkey.getpub(), bytes.fromhex('de9edb7d7b7dc1b4d35b61c2ece435373f8343c85b78674dadfc7e146f882b4f'))
  194. ss = bytes.fromhex('4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742')
  195. self.assertEqual(akey.dh(bkey.getpub()), ss)
  196. self.assertEqual(bkey.dh(akey.getpub()), ss)
  197. def test_basic_ops(self):
  198. aprivkey = x25519_genkey()
  199. apubkey = x25519_base(aprivkey, 1)
  200. bprivkey = x25519_genkey()
  201. bpubkey = x25519_base(bprivkey, 1)
  202. self.assertNotEqual(aprivkey, bprivkey)
  203. self.assertNotEqual(apubkey, bpubkey)
  204. ra = x25519_wrap(apubkey, aprivkey, bpubkey, 1)
  205. rb = x25519_wrap(bpubkey, bprivkey, apubkey, 1)
  206. self.assertEqual(ra, rb)