Implement a secure ICS protocol targeting LoRa Node151 microcontroller for controlling irrigation.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

253 lines
6.7 KiB

  1. /*-
  2. * Copyright 2021 John-Mark Gurney.
  3. *
  4. * Redistribution and use in source and binary forms, with or without
  5. * modification, are permitted provided that the following conditions
  6. * are met:
  7. * 1. Redistributions of source code must retain the above copyright
  8. * notice, this list of conditions and the following disclaimer.
  9. * 2. Redistributions in binary form must reproduce the above copyright
  10. * notice, this list of conditions and the following disclaimer in the
  11. * documentation and/or other materials provided with the distribution.
  12. *
  13. * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
  14. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  15. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  16. * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  17. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  18. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  19. * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  20. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  21. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  22. * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  23. * SUCH DAMAGE.
  24. *
  25. */
  26. #include <comms.h>
  27. #include <strobe_rng_init.h>
  28. static const size_t MAC_LEN = 8;
  29. static const size_t CHALLENGE_LEN = 16;
  30. static const uint8_t domain[] = "com.funkthat.lora.irrigation.shared.v0.0.1";
  31. static const uint8_t reqreset[] = "reqreset";
  32. static const uint8_t confirm[] = "confirm";
  33. static int comms_pktbuf_equal(struct pktbuf a, struct pktbuf b);
  34. /* returns 1 if equal, 0 if not equal */
  35. static int
  36. comms_pktbuf_equal(struct pktbuf a, struct pktbuf b)
  37. {
  38. if (a.pktlen != b.pktlen)
  39. return 0;
  40. return memcmp(a.pkt, b.pkt, a.pktlen) == 0;
  41. }
  42. size_t
  43. _comms_state_size()
  44. {
  45. return sizeof(struct comms_state);
  46. }
  47. size_t
  48. _strobe_state_size()
  49. {
  50. return sizeof(strobe_s);
  51. }
  52. void
  53. comms_init(struct comms_state *cs, process_msgfunc_t pmf, struct pktbuf *shared)
  54. {
  55. *cs = (struct comms_state){
  56. .cs_procmsg = pmf,
  57. };
  58. strobe_init(&cs->cs_start, domain, sizeof domain - 1);
  59. if (shared != NULL)
  60. strobe_key(&cs->cs_start, SYM_KEY, shared->pkt, shared->pktlen);
  61. /* copy starting state over to initial state */
  62. cs->cs_active = (struct comms_session){
  63. .cs_crypto = cs->cs_start,
  64. .cs_state = COMMS_WAIT_REQUEST,
  65. };
  66. cs->cs_pending = cs->cs_active;
  67. }
  68. #define CONFIRMED_STR_BASE "confirmed"
  69. #define CONFIRMED_STR ((const uint8_t *)CONFIRMED_STR_BASE)
  70. #define CONFIRMED_STR_LEN (sizeof(CONFIRMED_STR_BASE) - 1)
  71. static void
  72. _comms_process_session(struct comms_state *cs, struct comms_session *sess, struct pktbuf pbin, struct pktbuf *pbout)
  73. {
  74. strobe_s tmp;
  75. uint8_t buf[64] = {};
  76. struct pktbuf pbmsg, pbrep;
  77. ssize_t cnt, ret, msglen;
  78. /* save the state incase the message is bad */
  79. tmp = sess->cs_crypto;
  80. strobe_attach_buffer(&sess->cs_crypto, pbin.pkt, pbin.pktlen);
  81. cnt = strobe_get(&sess->cs_crypto, APP_CIPHERTEXT, buf, pbin.pktlen -
  82. MAC_LEN);
  83. msglen = cnt;
  84. cnt = strobe_get(&sess->cs_crypto, MAC, pbin.pkt +
  85. (pbin.pktlen - MAC_LEN), MAC_LEN);
  86. /* MAC check failed */
  87. if (cnt == -1) {
  88. badmsg:
  89. /* restore the previous state */
  90. sess->cs_crypto = tmp;
  91. pbout->pktlen = 0;
  92. return;
  93. }
  94. /*
  95. * if we have arrived here, MAC has been verified, and buf now
  96. * contains the data to operate upon.
  97. */
  98. /* attach the buffer for output */
  99. strobe_attach_buffer(&sess->cs_crypto, pbout->pkt, pbout->pktlen);
  100. ret = 0;
  101. switch (sess->cs_state) {
  102. case COMMS_WAIT_REQUEST:
  103. if (msglen != 24 || memcmp(reqreset, &buf[16],
  104. sizeof reqreset - 1) != 0)
  105. goto badmsg;
  106. bare_strobe_randomize(buf, CHALLENGE_LEN);
  107. ret = strobe_put(&sess->cs_crypto, APP_CIPHERTEXT, buf,
  108. CHALLENGE_LEN);
  109. ret += strobe_put(&sess->cs_crypto, MAC, NULL, MAC_LEN);
  110. strobe_operate(&sess->cs_crypto, RATCHET, NULL, 32);
  111. sess->cs_state = COMMS_WAIT_CONFIRM;
  112. break;
  113. case COMMS_WAIT_CONFIRM:
  114. if (msglen != 7 || memcmp(confirm, buf,
  115. sizeof confirm - 1) != 0)
  116. goto badmsg;
  117. ret = strobe_put(&sess->cs_crypto, APP_CIPHERTEXT, CONFIRMED_STR,
  118. CONFIRMED_STR_LEN);
  119. ret += strobe_put(&sess->cs_crypto, MAC, NULL, MAC_LEN);
  120. sess->cs_state = COMMS_PROCESS_MSGS;
  121. break;
  122. case COMMS_PROCESS_MSGS: {
  123. uint8_t repbuf[pbout->pktlen - MAC_LEN];
  124. memset(repbuf, '\x00', sizeof repbuf);
  125. pbmsg.pkt = buf;
  126. pbmsg.pktlen = msglen;
  127. pbrep.pkt = repbuf;
  128. pbrep.pktlen = sizeof repbuf;
  129. cs->cs_procmsg(pbmsg, &pbrep);
  130. ret = strobe_put(&sess->cs_crypto, APP_CIPHERTEXT, repbuf,
  131. pbrep.pktlen);
  132. ret += strobe_put(&sess->cs_crypto, MAC, NULL, MAC_LEN);
  133. break;
  134. }
  135. }
  136. /* set the output buffer length */
  137. pbout->pktlen = ret;
  138. }
  139. /*
  140. * encrypted data to be processed is passed in via pbin.
  141. *
  142. * The pktbuf pointed to by pbout contains the buffer that a [encrypted]
  143. * response will be written to. The length needs to be updated, where 0
  144. * means no reply.
  145. */
  146. void
  147. comms_process(struct comms_state *cs, struct pktbuf pbin, struct pktbuf *pbout)
  148. {
  149. struct pktbuf pbouttmp;
  150. /* if the current msg matches the previous */
  151. if (comms_pktbuf_equal(pbin, cs->cs_prevmsg)) {
  152. /* send the previous response */
  153. pbout->pktlen = cs->cs_prevmsgresp.pktlen;
  154. memcpy(pbout->pkt, cs->cs_prevmsgresp.pkt, pbout->pktlen);
  155. return;
  156. }
  157. /* try to use the active session */
  158. pbouttmp = *pbout;
  159. _comms_process_session(cs, &cs->cs_active, pbin, &pbouttmp);
  160. if (pbouttmp.pktlen != 0) {
  161. retmsg:
  162. /* we accepted a new message store it */
  163. *pbout = pbouttmp;
  164. /* store the req */
  165. cs->cs_prevmsg.pkt = cs->cs_prevmsgbuf;
  166. cs->cs_prevmsg.pktlen = pbin.pktlen;
  167. memcpy(cs->cs_prevmsg.pkt, pbin.pkt, pbin.pktlen);
  168. /* store the response */
  169. cs->cs_prevmsgresp.pkt = cs->cs_prevmsgrespbuf;
  170. cs->cs_prevmsgresp.pktlen = pbout->pktlen;
  171. memcpy(cs->cs_prevmsgresp.pkt, pbout->pkt, pbout->pktlen);
  172. } else {
  173. /* active session didn't work, try cs_pending */
  174. pbouttmp = *pbout;
  175. _comms_process_session(cs, &cs->cs_pending, pbin, &pbouttmp);
  176. if (cs->cs_pending.cs_state == COMMS_PROCESS_MSGS) {
  177. /* new active state */
  178. cs->cs_active = cs->cs_pending;
  179. cs->cs_pending = (struct comms_session){
  180. .cs_crypto = cs->cs_start,
  181. .cs_state = COMMS_WAIT_REQUEST,
  182. };
  183. goto retmsg;
  184. }
  185. /* pending session didn't work, maybe new */
  186. struct comms_session tmpsess;
  187. tmpsess = (struct comms_session){
  188. .cs_crypto = cs->cs_start,
  189. .cs_state = COMMS_WAIT_REQUEST,
  190. };
  191. pbouttmp = *pbout;
  192. _comms_process_session(cs, &tmpsess, pbin, &pbouttmp);
  193. if (tmpsess.cs_state == COMMS_WAIT_CONFIRM) {
  194. /* new request for session */
  195. cs->cs_pending = tmpsess;
  196. *pbout = pbouttmp;
  197. } else {
  198. /* no packet to reply with */
  199. pbout->pktlen = 0;
  200. }
  201. }
  202. }