Implement a secure ICS protocol targeting LoRa Node151 microcontroller for controlling irrigation.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

257 lines
6.8 KiB

  1. /*-
  2. * Copyright 2021 John-Mark Gurney.
  3. *
  4. * Redistribution and use in source and binary forms, with or without
  5. * modification, are permitted provided that the following conditions
  6. * are met:
  7. * 1. Redistributions of source code must retain the above copyright
  8. * notice, this list of conditions and the following disclaimer.
  9. * 2. Redistributions in binary form must reproduce the above copyright
  10. * notice, this list of conditions and the following disclaimer in the
  11. * documentation and/or other materials provided with the distribution.
  12. *
  13. * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
  14. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  15. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  16. * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  17. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  18. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  19. * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  20. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  21. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  22. * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  23. * SUCH DAMAGE.
  24. *
  25. */
  26. #include <comms.h>
  27. #include <strobe_rng_init.h>
  28. static const size_t MAC_LEN = 8;
  29. static const size_t CHALLENGE_LEN = 16;
  30. static const uint8_t domain[] = "com.funkthat.lora.irrigation.shared.v0.0.1";
  31. static const uint8_t reqreset[] = "reqreset";
  32. static const uint8_t confirm[] = "confirm";
  33. static int comms_pktbuf_equal(struct pktbuf a, struct pktbuf b);
  34. /* returns 1 if equal, 0 if not equal */
  35. static int
  36. comms_pktbuf_equal(struct pktbuf a, struct pktbuf b)
  37. {
  38. if (a.pktlen != b.pktlen)
  39. return 0;
  40. return memcmp(a.pkt, b.pkt, a.pktlen) == 0;
  41. }
  42. size_t
  43. _comms_state_size()
  44. {
  45. return sizeof(struct comms_state);
  46. }
  47. size_t
  48. _strobe_state_size()
  49. {
  50. return sizeof(strobe_s);
  51. }
  52. void
  53. comms_init(struct comms_state *cs, process_msgfunc_t pmf, struct pktbuf *shared)
  54. {
  55. *cs = (struct comms_state){
  56. .cs_procmsg = pmf,
  57. };
  58. strobe_init(&cs->cs_start, domain, sizeof domain - 1);
  59. if (shared != NULL)
  60. strobe_key(&cs->cs_start, SYM_KEY, shared->pkt, shared->pktlen);
  61. /* copy starting state over to initial state */
  62. cs->cs_active = (struct comms_session){
  63. .cs_crypto = cs->cs_start,
  64. .cs_state = COMMS_WAIT_REQUEST,
  65. };
  66. cs->cs_pending = cs->cs_active;
  67. }
  68. #define CONFIRMED_STR_BASE "confirmed"
  69. #define CONFIRMED_STR ((const uint8_t *)CONFIRMED_STR_BASE)
  70. #define CONFIRMED_STR_LEN (sizeof(CONFIRMED_STR_BASE) - 1)
  71. static void
  72. _comms_process_session(struct comms_state *cs, struct comms_session *sess, struct pktbuf pbin, struct pktbuf *pbout)
  73. {
  74. strobe_s tmp;
  75. uint8_t buf[64] = {};
  76. struct pktbuf pbmsg, pbrep;
  77. ssize_t cnt, ret, msglen;
  78. /* save the state incase the message is bad */
  79. tmp = sess->cs_crypto;
  80. strobe_attach_buffer(&sess->cs_crypto, pbin.pkt, pbin.pktlen);
  81. /* if the packet is too short, ignore */
  82. if (pbin.pktlen < MAC_LEN)
  83. goto badmsg;
  84. cnt = strobe_get(&sess->cs_crypto, APP_CIPHERTEXT, buf, pbin.pktlen -
  85. MAC_LEN);
  86. msglen = cnt;
  87. cnt = strobe_get(&sess->cs_crypto, MAC, pbin.pkt +
  88. (pbin.pktlen - MAC_LEN), MAC_LEN);
  89. /* MAC check failed */
  90. if (cnt == -1) {
  91. badmsg:
  92. /* restore the previous state */
  93. sess->cs_crypto = tmp;
  94. pbout->pktlen = 0;
  95. return;
  96. }
  97. /*
  98. * if we have arrived here, MAC has been verified, and buf now
  99. * contains the data to operate upon.
  100. */
  101. /* attach the buffer for output */
  102. strobe_attach_buffer(&sess->cs_crypto, pbout->pkt, pbout->pktlen);
  103. ret = 0;
  104. switch (sess->cs_state) {
  105. case COMMS_WAIT_REQUEST:
  106. if (msglen != 24 || memcmp(reqreset, &buf[16],
  107. sizeof reqreset - 1) != 0)
  108. goto badmsg;
  109. bare_strobe_randomize(buf, CHALLENGE_LEN);
  110. ret = strobe_put(&sess->cs_crypto, APP_CIPHERTEXT, buf,
  111. CHALLENGE_LEN);
  112. ret += strobe_put(&sess->cs_crypto, MAC, NULL, MAC_LEN);
  113. strobe_operate(&sess->cs_crypto, RATCHET, NULL, 32);
  114. sess->cs_state = COMMS_WAIT_CONFIRM;
  115. break;
  116. case COMMS_WAIT_CONFIRM:
  117. if (msglen != 7 || memcmp(confirm, buf,
  118. sizeof confirm - 1) != 0)
  119. goto badmsg;
  120. ret = strobe_put(&sess->cs_crypto, APP_CIPHERTEXT, CONFIRMED_STR,
  121. CONFIRMED_STR_LEN);
  122. ret += strobe_put(&sess->cs_crypto, MAC, NULL, MAC_LEN);
  123. sess->cs_state = COMMS_PROCESS_MSGS;
  124. break;
  125. case COMMS_PROCESS_MSGS: {
  126. uint8_t repbuf[pbout->pktlen - MAC_LEN];
  127. memset(repbuf, '\x00', sizeof repbuf);
  128. pbmsg.pkt = buf;
  129. pbmsg.pktlen = msglen;
  130. pbrep.pkt = repbuf;
  131. pbrep.pktlen = sizeof repbuf;
  132. cs->cs_procmsg(pbmsg, &pbrep);
  133. ret = strobe_put(&sess->cs_crypto, APP_CIPHERTEXT, repbuf,
  134. pbrep.pktlen);
  135. ret += strobe_put(&sess->cs_crypto, MAC, NULL, MAC_LEN);
  136. break;
  137. }
  138. }
  139. /* set the output buffer length */
  140. pbout->pktlen = ret;
  141. }
  142. /*
  143. * encrypted data to be processed is passed in via pbin.
  144. *
  145. * The pktbuf pointed to by pbout contains the buffer that a [encrypted]
  146. * response will be written to. The length needs to be updated, where 0
  147. * means no reply.
  148. */
  149. void
  150. comms_process(struct comms_state *cs, struct pktbuf pbin, struct pktbuf *pbout)
  151. {
  152. struct pktbuf pbouttmp;
  153. /* if the current msg matches the previous */
  154. if (comms_pktbuf_equal(pbin, cs->cs_prevmsg)) {
  155. /* send the previous response */
  156. pbout->pktlen = cs->cs_prevmsgresp.pktlen;
  157. memcpy(pbout->pkt, cs->cs_prevmsgresp.pkt, pbout->pktlen);
  158. return;
  159. }
  160. /* try to use the active session */
  161. pbouttmp = *pbout;
  162. _comms_process_session(cs, &cs->cs_active, pbin, &pbouttmp);
  163. if (pbouttmp.pktlen != 0) {
  164. retmsg:
  165. /* we accepted a new message store it */
  166. *pbout = pbouttmp;
  167. /* store the req */
  168. cs->cs_prevmsg.pkt = cs->cs_prevmsgbuf;
  169. cs->cs_prevmsg.pktlen = pbin.pktlen;
  170. memcpy(cs->cs_prevmsg.pkt, pbin.pkt, pbin.pktlen);
  171. /* store the response */
  172. cs->cs_prevmsgresp.pkt = cs->cs_prevmsgrespbuf;
  173. cs->cs_prevmsgresp.pktlen = pbout->pktlen;
  174. memcpy(cs->cs_prevmsgresp.pkt, pbout->pkt, pbout->pktlen);
  175. } else {
  176. /* active session didn't work, try cs_pending */
  177. pbouttmp = *pbout;
  178. _comms_process_session(cs, &cs->cs_pending, pbin, &pbouttmp);
  179. if (cs->cs_pending.cs_state == COMMS_PROCESS_MSGS) {
  180. /* new active state */
  181. cs->cs_active = cs->cs_pending;
  182. cs->cs_pending = (struct comms_session){
  183. .cs_crypto = cs->cs_start,
  184. .cs_state = COMMS_WAIT_REQUEST,
  185. };
  186. goto retmsg;
  187. }
  188. /* pending session didn't work, maybe new */
  189. struct comms_session tmpsess;
  190. tmpsess = (struct comms_session){
  191. .cs_crypto = cs->cs_start,
  192. .cs_state = COMMS_WAIT_REQUEST,
  193. };
  194. pbouttmp = *pbout;
  195. _comms_process_session(cs, &tmpsess, pbin, &pbouttmp);
  196. if (tmpsess.cs_state == COMMS_WAIT_CONFIRM) {
  197. /* new request for session */
  198. cs->cs_pending = tmpsess;
  199. *pbout = pbouttmp;
  200. } else {
  201. /* no packet to reply with */
  202. pbout->pktlen = 0;
  203. }
  204. }
  205. }