#488 HMAC acceleration and seq_num changes

2024-08-30 18:22:34 +00:00 · 2024-06-29 02:27:55 +00:00
parent 2bc20ec312
commit d2bc4f6bc0
19 changed files with 355 additions and 385 deletions
--- a/scada-common/comms.lua
+++ b/scada-common/comms.lua
@ -17,7 +17,7 @@ local max_distance = nil
 local comms = {}

 -- protocol/data versions (protocol/data independent changes tracked by util.lua version)
-comms.version = "2.5.2"
+comms.version = "3.0.0"
 comms.api_version = "0.0.3"

 ---@enum PROTOCOL
@ -240,6 +240,8 @@ function comms.scada_packet()
    ---@nodiscard
    function public.modem_event() return self.modem_msg_in end
    ---@nodiscard
+    function public.raw_header() return { self.src_addr, self.dest_addr, self.seq_num, self.protocol } end
+    ---@nodiscard
    function public.raw_sendable() return self.raw end

    ---@nodiscard
@ -278,7 +280,7 @@ function comms.authd_packet()
        src_addr = comms.BROADCAST,
        dest_addr = comms.BROADCAST,
        mac = "",
-        payload = ""
+        payload = nil
    }

    ---@class authd_packet
@ -286,14 +288,13 @@ function comms.authd_packet()

    -- make an authenticated SCADA packet
    ---@param s_packet scada_packet scada packet to authenticate
-    ---@param mac function message authentication function
+    ---@param mac function message authentication hash function
    function public.make(s_packet, mac)
        self.valid = true
        self.src_addr = s_packet.src_addr()
        self.dest_addr = s_packet.dest_addr()
-        self.payload = textutils.serialize(s_packet.raw_sendable(), { allow_repetitions = true, compact = true })
-        self.mac = mac(self.payload)
-        self.raw = { self.src_addr, self.dest_addr, self.mac, self.payload }
+        self.mac = mac(textutils.serialize(s_packet.raw_header(), { allow_repetitions = true, compact = true }))
+        self.raw = { self.src_addr, self.dest_addr, self.mac, s_packet.data() }
    end

    -- parse in a modem message as an authenticated SCADA packet
@ -330,14 +331,14 @@ function comms.authd_packet()
                    self.src_addr = nil
                    self.dest_addr = nil
                    self.mac = ""
-                    self.payload = ""
+                    self.payload = {}
                end

                -- check if this packet is destined for this device
                local is_destination = (self.dest_addr == comms.BROADCAST) or (self.dest_addr == COMPUTER_ID)

                self.valid = is_destination and type(self.src_addr) == "number" and type(self.dest_addr) == "number" and
-                                type(self.mac) == "string" and type(self.payload) == "string"
+                                type(self.mac) == "string" and type(self.payload) == "table"
            end
        end

--- a/scada-common/network.lua
+++ b/scada-common/network.lua
@ -114,7 +114,7 @@ function network.nic(modem)
            modem.open(channel)
        end

-        -- link all public functions except for transmit
+        -- link all public functions except for transmit, open, and close
        for key, func in pairs(modem) do
            if key ~= "transmit" and key ~= "open" and key ~= "close" and key ~= "closeAll" then public[key] = func end
        end
@ -184,7 +184,7 @@ function network.nic(modem)
                ---@cast tx_packet authd_packet
                tx_packet.make(packet, compute_hmac)

-                -- log.debug("crypto.modem.transmit: data processing took " .. (util.time_ms() - start) .. "ms")
+                -- log.debug("network.modem.transmit: data processing took " .. (util.time_ms() - start) .. "ms")
            end

            modem.transmit(dest_channel, local_channel, tx_packet.raw_sendable())
@ -211,17 +211,18 @@ function network.nic(modem)
                a_packet.receive(side, sender, reply_to, message, distance)

                if a_packet.is_valid() then
-                    -- local start         = util.time_ms()
-                    local packet_hmac   = a_packet.mac()
-                    local msg           = a_packet.data()
-                    local computed_hmac = compute_hmac(msg)
+                    s_packet.receive(side, sender, reply_to, a_packet.data(), distance)

-                    if packet_hmac == computed_hmac then
-                        -- log.debug("crypto.modem.receive: HMAC verified in " .. (util.time_ms() - start) .. "ms")
-                        s_packet.receive(side, sender, reply_to, textutils.unserialize(msg), distance)
+                    if s_packet.is_valid() then
+                    -- local start         = util.time_ms()
+                        local computed_hmac = compute_hmac(textutils.serialize(s_packet.raw_header(), { allow_repetitions = true, compact = true }))
+
+                        if a_packet.mac() == computed_hmac then
+                            -- log.debug("network.modem.receive: HMAC verified in " .. (util.time_ms() - start) .. "ms")
                        s_packet.stamp_authenticated()
                    else
-                        -- log.debug("crypto.modem.receive: HMAC failed verification in " .. (util.time_ms() - start) .. "ms")
+                            -- log.debug("network.modem.receive: HMAC failed verification in " .. (util.time_ms() - start) .. "ms")
+                        end
                    end
                end
            else