#51 hmac verification

2023-06-11 18:26:55 +00:00
parent 302f3d913f
commit ef5567ad46
15 changed files with 286 additions and 2361 deletions
--- a/scada-common/crypto.lua
+++ b/scada-common/crypto.lua
@@ -2,15 +2,13 @@
 -- Cryptographic Communications Engine
 --

-local aes128   = require("lockbox.cipher.aes128")
-local ctr_mode = require("lockbox.cipher.mode.ctr")
-local sha1     = require("lockbox.digest.sha1")
+local md5      = require("lockbox.digest.md5")
 local sha2_256 = require("lockbox.digest.sha2_256")
 local pbkdf2   = require("lockbox.kdf.pbkdf2")
 local hmac     = require("lockbox.mac.hmac")
-local zero_pad = require("lockbox.padding.zero")
 local stream   = require("lockbox.util.stream")
 local array    = require("lockbox.util.array")
+local comms    = require("scada-common.comms")

 local log      = require("scada-common.log")
 local util     = require("scada-common.util")
@@ -19,136 +17,56 @@ local crypto = {}

 local c_eng = {
    key = nil,
-    cipher = nil,
-    decipher = nil,
    hmac = nil
 }

---@alias hex string
-
 -- initialize cryptographic system
-function crypto.init(password, server_port)
+function crypto.init(password)
    local key_deriv = pbkdf2()

    -- setup PBKDF2
-    -- the primary goal is to just turn our password into a 16 byte key
    key_deriv.setPassword(password)
-    key_deriv.setSalt("salty_salt_at_" .. server_port)
+    key_deriv.setSalt("pepper")
    key_deriv.setIterations(32)
    key_deriv.setBlockLen(8)
    key_deriv.setDKeyLen(16)

-    local start = util.time()
+    local start = util.time_ms()

    key_deriv.setPRF(hmac().setBlockSize(64).setDigest(sha2_256))
    key_deriv.finish()

-    log.dmesg("pbkdf2: key derivation took " .. (util.time() - start) .. "ms", "CRYPTO", colors.yellow)
+    local message = "pbkdf2 key derivation took " .. (util.time_ms() - start) .. "ms"
+    log.dmesg(message, "CRYPTO", colors.yellow)
+    log.info("crypto.init: " .. message)

    c_eng.key = array.fromHex(key_deriv.asHex())

-    -- initialize cipher
-    c_eng.cipher = ctr_mode.Cipher()
-    c_eng.cipher.setKey(c_eng.key)
-    c_eng.cipher.setBlockCipher(aes128)
-    c_eng.cipher.setPadding(zero_pad)
-
-    -- initialize decipher
-    c_eng.decipher = ctr_mode.Decipher()
-    c_eng.decipher.setKey(c_eng.key)
-    c_eng.decipher.setBlockCipher(aes128)
-    c_eng.decipher.setPadding(zero_pad)
-
    -- initialize HMAC
    c_eng.hmac = hmac()
    c_eng.hmac.setBlockSize(64)
-    c_eng.hmac.setDigest(sha1)
+    c_eng.hmac.setDigest(md5)
    c_eng.hmac.setKey(c_eng.key)

-    log.dmesg("init: completed in " .. (util.time() - start) .. "ms", "CRYPTO", colors.yellow)
-end
-
-- encrypt plaintext
---@nodiscard
---@param plaintext string
---@return table initial_value, string ciphertext
-function crypto.encrypt(plaintext)
-    local start = util.time()
-
-    -- initial value
-    local iv = {
-        math.random(0, 255),
-        math.random(0, 255),
-        math.random(0, 255),
-        math.random(0, 255),
-        math.random(0, 255),
-        math.random(0, 255),
-        math.random(0, 255),
-        math.random(0, 255),
-        math.random(0, 255),
-        math.random(0, 255),
-        math.random(0, 255),
-        math.random(0, 255),
-        math.random(0, 255),
-        math.random(0, 255),
-        math.random(0, 255),
-        math.random(0, 255)
-    }
-
-    log.debug("crypto.random: iv random took " .. (util.time() - start) .. "ms")
-
-    start = util.time()
-
-    c_eng.cipher.init()
-    c_eng.cipher.update(stream.fromArray(iv))
-    c_eng.cipher.update(stream.fromString(plaintext))
-    c_eng.cipher.finish()
-
-    local ciphertext = c_eng.cipher.asHex()    ---@type hex
-
-    log.debug("crypto.encrypt: aes128-ctr-mode took " .. (util.time() - start) .. "ms")
-    log.debug("ciphertext: " .. util.strval(ciphertext))
-
-    return iv, ciphertext
-end
-
-- decrypt ciphertext
---@nodiscard
---@param iv string CTR initial value
---@param ciphertext string ciphertext hex
---@return string plaintext
-function crypto.decrypt(iv, ciphertext)
-    local start = util.time()
-
-    c_eng.decipher.init()
-    c_eng.decipher.update(stream.fromArray(iv))
-    c_eng.decipher.update(stream.fromHex(ciphertext))
-    c_eng.decipher.finish()
-
-    local plaintext_hex = c_eng.decipher.asHex()   ---@type hex
-
-    local plaintext = stream.toString(stream.fromHex(plaintext_hex))
-
-    log.debug("crypto.decrypt: aes128-ctr-mode took " .. (util.time() - start) .. "ms")
-    log.debug("plaintext: " .. util.strval(plaintext))
-
-    return plaintext
+    message = "init: completed in " .. (util.time_ms() - start) .. "ms"
+    log.dmesg(message, "CRYPTO", colors.yellow)
+    log.info("crypto." .. message)
 end

 -- generate HMAC of message
 ---@nodiscard
---@param message_hex string initial value concatenated with ciphertext
-function crypto.hmac(message_hex)
-    local start = util.time()
+---@param message string initial value concatenated with ciphertext
+function crypto.hmac(message)
+    local start = util.time_ms()

    c_eng.hmac.init()
-    c_eng.hmac.update(stream.fromHex(message_hex))
+    c_eng.hmac.update(stream.fromString(message))
    c_eng.hmac.finish()

-    local hash = c_eng.hmac.asHex()    ---@type hex
+    local hash = c_eng.hmac.asHex()

-    log.debug("crypto.hmac: hmac-sha1 took " .. (util.time() - start) .. "ms")
-    log.debug("hmac: " .. util.strval(hash))
+    log.debug("crypto.hmac: hmac-md5 took " .. (util.time_ms() - start) .. "ms")
+    log.debug("crypto.hmac: hmac = " .. util.strval(hash))

    return hash
 end
@@ -173,7 +91,6 @@ function crypto.secure_modem(modem)

    -- wrap a modem
    ---@param reconnected_modem table
---@diagnostic disable-next-line: redefined-local
    function public.wrap(reconnected_modem)
        modem = reconnected_modem
        for key, func in pairs(modem) do
@@ -184,58 +101,49 @@ function crypto.secure_modem(modem)
    -- wrap modem functions, then we replace transmit
    public.wrap(modem)

-    -- send a packet with encryption
-    ---@param channel integer
-    ---@param reply_channel integer
-    ---@param payload table packet raw_sendable
-    function public.transmit(channel, reply_channel, payload)
-        local plaintext = textutils.serialize(payload, { allow_repetitions = true, compact = true })
+    -- send a packet with message authentication
+    ---@param packet scada_packet packet raw_sendable
+    function public.transmit(packet)
+        local start = util.time_ms()
+        local message = textutils.serialize(packet.raw_verifiable(), { allow_repetitions = true, compact = true })
+        local computed_hmac = crypto.hmac(message)

-        local iv, ciphertext = crypto.encrypt(plaintext)
---@diagnostic disable-next-line: redefined-local
-        local computed_hmac = crypto.hmac(iv .. ciphertext)
+        packet.set_mac(computed_hmac)

-        modem.transmit(channel, reply_channel, { computed_hmac, iv, ciphertext })
+        log.debug("crypto.transmit: data processing took " .. (util.time_ms() - start) .. "ms")
+
+        modem.transmit(packet.remote_channel(), packet.local_channel(), packet.raw_sendable())
    end

    -- parse in a modem message as a network packet
    ---@nodiscard
    ---@param side string modem side
-    ---@param sender integer sender port
-    ---@param reply_to integer reply port
-    ---@param message any encrypted packet sent with secure_modem.transmit
+    ---@param sender integer sender channel
+    ---@param reply_to integer reply channel
+    ---@param message any packet sent with message authentication
    ---@param distance integer transmission distance
-    ---@return string side, integer sender, integer reply_to, any plaintext_message, integer distance
+    ---@return scada_packet|nil packet received packet if valid and passed authentication check
    function public.receive(side, sender, reply_to, message, distance)
-        local body = ""
+        local packet = nil
+        local s_packet = comms.scada_packet()

-        if type(message) == "table" then
-            if #message == 3 then
---@diagnostic disable-next-line: redefined-local
-                local rx_hmac = message[1]
-                local iv = message[2]
-                local ciphertext = message[3]
+        -- parse packet as generic SCADA packet
+        s_packet.receive(side, sender, reply_to, message, distance)

-                local computed_hmac = crypto.hmac(iv .. ciphertext)
+        if s_packet.is_valid() then
+            local start = util.time_ms()
+            local packet_hmac = s_packet.mac()
+            local computed_hmac = crypto.hmac(textutils.serialize(s_packet.raw_verifiable(), { allow_repetitions = true, compact = true }))

-                if rx_hmac == computed_hmac then
-                    -- message intact
-                    local plaintext = crypto.decrypt(iv, ciphertext)
-                    body = textutils.unserialize(plaintext)
-
-                    if body == nil then
-                        -- failed decryption
-                        log.debug("crypto.secure_modem: decryption failed")
-                        body = ""
-                    end
-                else
-                    -- something went wrong
-                    log.debug("crypto.secure_modem: hmac mismatch violation")
-                end
+            if packet_hmac == computed_hmac then
+                log.debug("crypto.secure_modem.receive: HMAC verified in " .. (util.time_ms() - start) .. "ms")
+                packet = s_packet
+            else
+                log.debug("crypto.secure_modem.receive: HMAC failed verification in " .. (util.time_ms() - start) .. "ms")
            end
        end

-        return side, sender, reply_to, body, distance
+        return packet
    end

    return public