jmg
/
lora-irrigation
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Implement a secure ICS protocol targeting LoRa Node151 microcontroller for controlling irrigation.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
10 Commits
4 Branches
18 MiB
 
 
 
 
 
 
Tree: 552d42c622
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '552d42c622'
${ noResults }
lora-irrigation/strobe/python/Strobe/Strobe.py

166 lines
6.2 KiB
Raw Blame History 

  1. """

  2. An example implementation of STROBE.  Doesn't include the key tree.

  3. 

  4. Copyright (c) Mike Hamburg, Cryptography Research, 2016.

  5. 

  6. I will need to contact legal to get a license for this; in the mean time it is

  7. for example purposes only.

  8. """

  9. 

  10. from __future__ import absolute_import

  11. from Strobe.Keccak import KeccakF

  12. 

  13. class AuthenticationFailed(Exception):

  14.     """Thrown when a MAC fails."""

  15.     pass

  16. 

  17. I,A,C,T,M,K = 1<<0, 1<<1, 1<<2, 1<<3, 1<<4, 1<<5

  18.    

  19. class Strobe(object):

  20.     def __init__(self, proto, F = KeccakF(1600), security = 128, copy_of=None, doInit=True):

  21.         if copy_of is None:

  22.             self.pos = self.posbegin = 0

  23.             self.I0 = None

  24.             self.F  = F

  25.             self.R  = F.nbytes - security//4

  26. 

  27.             # Domain separation doesn't use Strobe padding

  28.             self.initialized = False

  29.             self.st = bytearray(F.nbytes)

  30.             domain = bytearray([1,self.R,1,0,1,12*8]) \

  31.                    + bytearray(b"STROBEv1.0.2")

  32.             if doInit: self._duplex(domain, forceF=True)

  33.     

  34.             # cSHAKE separation is done.

  35.             # Turn on Strobe padding and do per-proto separation

  36.             self.R -= 2

  37.             self.initialized = True

  38.             if doInit: self.operate(A|M, proto)

  39.             

  40.         else:

  41.             self.R,self.pos,self.posbegin,self.I0,self.F = \

  42.                 (copy_of.R,copy_of.pos,copy_of.posbegin,copy_of.I0,

  43.                  copy_of.F.copy())

  44.             self.st = bytearray(copy_of.st)

  45.             self.initialized = True

  46.     

  47.     def copy(self): return Strobe(None,copy_of=self)

  48.     def deepcopy(self): return self.copy()

  49.  

  50.     def _runF(self):

  51.         if self.initialized:

  52.             self.st[self.pos]   ^= self.posbegin

  53.             self.st[self.pos+1] ^= 0x04

  54.             self.st[self.R+1]   ^= 0x80

  55.         self.st  = self.F(self.st)

  56.         self.pos = self.posbegin = 0

  57. 

  58.     def _duplex(self, data, cbefore=False, cafter=False, forceF=False):

  59.         assert not (cbefore and cafter)

  60.     

  61.         # Copy data, and convert string or int to bytearray

  62.         # This converts an integer n to an array of n zeros

  63.         data = bytearray(data)

  64. 

  65.         for i in range(len(data)):

  66.             if cbefore: data[i] ^= self.st[self.pos]

  67.             self.st[self.pos]   ^= data[i]

  68.             if cafter:  data[i]  = self.st[self.pos]

  69.         

  70.             self.pos += 1

  71.             if self.pos == self.R: self._runF()

  72.     

  73.         if forceF and self.pos != 0: self._runF()

  74.         return data

  75.           

  76.     def _beginOp(self, flags):

  77.         # Adjust direction information so that sender and receiver agree

  78.         if flags & T:

  79.             if self.I0 is None: self.I0 = flags & I

  80.             flags ^= self.I0

  81. 

  82.         # Update posbegin

  83.         oldbegin, self.posbegin = self.posbegin, self.pos+1

  84.     

  85.         self._duplex([oldbegin,flags], forceF = flags&(C|K))

  86.     

  87.     def operate(self, flags, data, more=False, meta_flags=A|M, metadata=None):

  88.         """

  89.         STROBE main duplexing mode.

  90.         

  91.         Op is a byte which describes the operating mode, per the STROBE paper.

  92.         

  93.         Data is either a string or bytearray of data, or else a length.  If it

  94.         is given as a length, the data is that many bytes of zeros.

  95.         

  96.         If metadata is not None, first apply the given metadata in the given

  97.         meta_op.

  98.         

  99.         STROBE operations are streamable.  If more is true, this operation

  100.         continues the previous operation.  It therefore ignores metadata and

  101.         doesn't use the beginOp code from the paper.

  102.         

  103.         Certain operations return data.  If an operation returns no data

  104.         (for example, AD and KEY don't return any data), it returns the empty

  105.         byte array.

  106.         

  107.         The meta-operation might also return data.  This is convenient for

  108.         explicit framing (meta_op = 0b11010/0b11011) or encrypted explicit

  109.         framing (meta_op = 0b11110/0b11111)

  110.         

  111.         If the operation is a MAC verification, this function returns the

  112.         empty byte array (plus any metadata returned) on success, and throws

  113.         AuthenticationFailed on failure.

  114.         """

  115.         assert not (flags & (K|1<<6|1<<7)) # Not implemented here

  116.         meta_out = bytearray()

  117.         if more:

  118.             assert flags == self.cur_flags

  119.         else:

  120.             if metadata is not None:

  121.                 meta_out = self.operate(meta_flags, metadata)

  122.             self._beginOp(flags)

  123.             self.cur_flags = flags

  124.     

  125.         if (flags & (I|T) != (I|T)) and (flags & (I|A) != A):

  126.             # Operation takes no input

  127.             assert isinstance(data,int)

  128. 

  129.         # The actual processing code is just duplex

  130.         cafter    = (flags & (C|I|T)) == (C|T)

  131.         cbefore   = (flags & C) and not cafter

  132.         processed = self._duplex(data, cbefore, cafter)

  133.     

  134.         # Determine what to do with the output.

  135.         if (flags & (I|A)) == (I|A):

  136.             # Return data to the application

  137.             return meta_out + processed 

  138.         

  139.         elif (flags & (I|T)) == T:

  140.             # Return data to the transport.

  141.             # A fancier implementation might send it directly.

  142.             return meta_out + processed 

  143.             

  144.         elif (flags & (I|A|T)) == (I|T):

  145.             # Check MAC

  146.             assert not more

  147.             failures = 0

  148.             for byte in processed: failures |= byte

  149.             if failures != 0: raise AuthenticationFailed()

  150.             return meta_out

  151. 

  152.         else:

  153.             # Operation has no output data, but maybe output metadata

  154.             return meta_out

  155. 

  156.     def ad      (self,data,   **kw): return self.operate(0b0010,data,**kw)

  157.     def key     (self,data,   **kw): return self.operate(0b0110,data,**kw)

  158.     def prf     (self,data,   **kw): return self.operate(0b0111,data,**kw)

  159.     def send_clr(self,data,   **kw): return self.operate(0b1010,data,**kw)

  160.     def recv_clr(self,data,   **kw): return self.operate(0b1011,data,**kw)

  161.     def send_enc(self,data,   **kw): return self.operate(0b1110,data,**kw)

  162.     def recv_enc(self,data,   **kw): return self.operate(0b1111,data,**kw)

  163.     def send_mac(self,data=16,**kw): return self.operate(0b1100,data,**kw)

  164.     def recv_mac(self,data   ,**kw): return self.operate(0b1101,data,**kw)

  165.     def ratchet (self,data=32,**kw): return self.operate(0b0100,data,**kw)