jmg
/
lora-irrigation
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Implement a secure ICS protocol targeting LoRa Node151 microcontroller for controlling irrigation.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
4 Branches
18 MiB
 
 
 
 
 
 
Tree: af00e2f94b
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'af00e2f94b'
${ noResults }
lora-irrigation/strobe/python/Strobe/Strobe.py

165 lines
6.2 KiB
Raw Blame History 

  1. """

  2. An example implementation of STROBE.  Doesn't include the key tree.

  3. 

  4. Copyright (c) Mike Hamburg, Cryptography Research, 2016.

  5. 

  6. I will need to contact legal to get a license for this; in the mean time it is

  7. for example purposes only.

  8. """

  9. 

  10. from __future__ import absolute_import

  11. from Strobe.Keccak import KeccakF

  12. 

  13. class AuthenticationFailed(Exception):

  14.     """Thrown when a MAC fails."""

  15.     pass

  16. 

  17. I,A,C,T,M,K = 1<<0, 1<<1, 1<<2, 1<<3, 1<<4, 1<<5

  18.    

  19. class Strobe(object):

  20.     def __init__(self, proto, F = KeccakF(1600), security = 128, copy_of=None, doInit=True):

  21.         if copy_of is None:

  22.             self.pos = self.posbegin = 0

  23.             self.I0 = None

  24.             self.F  = F

  25.             self.R  = F.nbytes - security//4

  26. 

  27.             # Domain separation doesn't use Strobe padding

  28.             self.initialized = False

  29.             self.st = bytearray(F.nbytes)

  30.             domain = bytearray([1,self.R,1,0,1,12*8]) \

  31.                    + bytearray("STROBEv1.0.2")

  32.             if doInit: self._duplex(domain, forceF=True)

  33.     

  34.             # cSHAKE separation is done.

  35.             # Turn on Strobe padding and do per-proto separation

  36.             self.R -= 2

  37.             self.initialized = True

  38.             if doInit: self.operate(A|M, proto)

  39.             

  40.         else:

  41.             self.R,self.pos,self.posbegin,self.I0,self.F = \

  42.                 (copy_of.R,copy_of.pos,copy_of.posbegin,copy_of.I0,

  43.                  copy_of.F.copy())

  44.             self.st = bytearray(copy_of.st)

  45.     

  46.     def copy(self): return Strobe(None,copy_of=self)

  47.     def deepcopy(self): return self.copy()

  48.  

  49.     def _runF(self):

  50.         if self.initialized:

  51.             self.st[self.pos]   ^= self.posbegin

  52.             self.st[self.pos+1] ^= 0x04

  53.             self.st[self.R+1]   ^= 0x80

  54.         self.st  = self.F(self.st)

  55.         self.pos = self.posbegin = 0

  56. 

  57.     def _duplex(self, data, cbefore=False, cafter=False, forceF=False):

  58.         assert not (cbefore and cafter)

  59.     

  60.         # Copy data, and convert string or int to bytearray

  61.         # This converts an integer n to an array of n zeros

  62.         data = bytearray(data)

  63. 

  64.         for i in range(len(data)):

  65.             if cbefore: data[i] ^= self.st[self.pos]

  66.             self.st[self.pos]   ^= data[i]

  67.             if cafter:  data[i]  = self.st[self.pos]

  68.         

  69.             self.pos += 1

  70.             if self.pos == self.R: self._runF()

  71.     

  72.         if forceF and self.pos != 0: self._runF()

  73.         return data

  74.           

  75.     def _beginOp(self, flags):

  76.         # Adjust direction information so that sender and receiver agree

  77.         if flags & T:

  78.             if self.I0 is None: self.I0 = flags & I

  79.             flags ^= self.I0

  80. 

  81.         # Update posbegin

  82.         oldbegin, self.posbegin = self.posbegin, self.pos+1

  83.     

  84.         self._duplex([oldbegin,flags], forceF = flags&(C|K))

  85.     

  86.     def operate(self, flags, data, more=False, meta_flags=A|M, metadata=None):

  87.         """

  88.         STROBE main duplexing mode.

  89.         

  90.         Op is a byte which describes the operating mode, per the STROBE paper.

  91.         

  92.         Data is either a string or bytearray of data, or else a length.  If it

  93.         is given as a length, the data is that many bytes of zeros.

  94.         

  95.         If metadata is not None, first apply the given metadata in the given

  96.         meta_op.

  97.         

  98.         STROBE operations are streamable.  If more is true, this operation

  99.         continues the previous operation.  It therefore ignores metadata and

  100.         doesn't use the beginOp code from the paper.

  101.         

  102.         Certain operations return data.  If an operation returns no data

  103.         (for example, AD and KEY don't return any data), it returns the empty

  104.         byte array.

  105.         

  106.         The meta-operation might also return data.  This is convenient for

  107.         explicit framing (meta_op = 0b11010/0b11011) or encrypted explicit

  108.         framing (meta_op = 0b11110/0b11111)

  109.         

  110.         If the operation is a MAC verification, this function returns the

  111.         empty byte array (plus any metadata returned) on success, and throws

  112.         AuthenticationFailed on failure.

  113.         """

  114.         assert not (flags & (K|1<<6|1<<7)) # Not implemented here

  115.         meta_out = bytearray()

  116.         if more:

  117.             assert flags == self.cur_flags

  118.         else:

  119.             if metadata is not None:

  120.                 meta_out = self.operate(meta_flags, metadata)

  121.             self._beginOp(flags)

  122.             self.cur_flags = flags

  123.     

  124.         if (flags & (I|T) != (I|T)) and (flags & (I|A) != A):

  125.             # Operation takes no input

  126.             assert isinstance(data,int)

  127. 

  128.         # The actual processing code is just duplex

  129.         cafter    = (flags & (C|I|T)) == (C|T)

  130.         cbefore   = (flags & C) and not cafter

  131.         processed = self._duplex(data, cbefore, cafter)

  132.     

  133.         # Determine what to do with the output.

  134.         if (flags & (I|A)) == (I|A):

  135.             # Return data to the application

  136.             return meta_out + processed 

  137.         

  138.         elif (flags & (I|T)) == T:

  139.             # Return data to the transport.

  140.             # A fancier implementation might send it directly.

  141.             return meta_out + processed 

  142.             

  143.         elif (flags & (I|A|T)) == (I|T):

  144.             # Check MAC

  145.             assert not more

  146.             failures = 0

  147.             for byte in processed: failures |= byte

  148.             if failures != 0: raise AuthenticationFailed()

  149.             return meta_out

  150. 

  151.         else:

  152.             # Operation has no output data, but maybe output metadata

  153.             return meta_out

  154. 

  155.     def ad      (self,data,   **kw): return self.operate(0b0010,data,**kw)

  156.     def key     (self,data,   **kw): return self.operate(0b0110,data,**kw)

  157.     def prf     (self,data,   **kw): return self.operate(0b0111,data,**kw)

  158.     def send_clr(self,data,   **kw): return self.operate(0b1010,data,**kw)

  159.     def recv_clr(self,data,   **kw): return self.operate(0b1011,data,**kw)

  160.     def send_enc(self,data,   **kw): return self.operate(0b1110,data,**kw)

  161.     def recv_enc(self,data,   **kw): return self.operate(0b1111,data,**kw)

  162.     def send_mac(self,data=16,**kw): return self.operate(0b1100,data,**kw)

  163.     def recv_mac(self,data   ,**kw): return self.operate(0b1101,data,**kw)

  164.     def ratchet (self,data=32,**kw): return self.operate(0b0100,data,**kw)