sig-net 0.7.0

Sig-Net secure CoAP-based DMX512 lighting control protocol library
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298

use hmac::{Hmac, Mac};
use sha2::Sha256;

use crate::*;

pub fn hmac_sha256(key: &[u8], message: &[u8], output: &mut [u8; HMAC_SHA256_LENGTH]) -> Result<()> {
    let mut mac = Hmac::<Sha256>::new_from_slice(key).map_err(|_| SigNetError::Crypto)?;
    mac.update(message);
    output.copy_from_slice(&mac.finalize().into_bytes());
    Ok(())
}

pub fn hkdf_expand(prk: &[u8], info: &[u8], output: &mut [u8; DERIVED_KEY_LENGTH]) -> Result<()> {
    let hk = hkdf::Hkdf::<Sha256>::from_prk(prk).map_err(|_| SigNetError::Crypto)?;
    hk.expand(info, output).map_err(|_| SigNetError::Crypto)
}

pub fn derive_k0_from_passphrase(passphrase: &[u8], k0_output: &mut [u8; K0_KEY_LENGTH]) -> Result<()> {
    if passphrase.is_empty() {
        return Err(SigNetError::InvalidArgument);
    }
    pbkdf2::pbkdf2::<Hmac<Sha256>>(passphrase, PBKDF2_SALT, PBKDF2_ITERATIONS, k0_output)
        .map_err(|_| SigNetError::Crypto)
}

pub fn derive_sender_key(k0: &[u8; K0_KEY_LENGTH], sender_key: &mut [u8; DERIVED_KEY_LENGTH]) -> Result<()> {
    hkdf_expand(k0, HKDF_INFO_SENDER, sender_key)
}

pub fn derive_citizen_key(k0: &[u8; K0_KEY_LENGTH], citizen_key: &mut [u8; DERIVED_KEY_LENGTH]) -> Result<()> {
    hkdf_expand(k0, HKDF_INFO_CITIZEN, citizen_key)
}

pub fn derive_manager_global_key(k0: &[u8; K0_KEY_LENGTH], mgr_key: &mut [u8; DERIVED_KEY_LENGTH]) -> Result<()> {
    hkdf_expand(k0, HKDF_INFO_MANAGER_GLOBAL, mgr_key)
}

pub fn derive_manager_local_key(
    k0: &[u8; K0_KEY_LENGTH],
    tuid: &[u8; TUID_LENGTH],
    mgr_local_key: &mut [u8; DERIVED_KEY_LENGTH],
) -> Result<()> {
    let hex = TUID(*tuid).to_hex_upper();
    let mut info = [0u8; HKDF_INFO_INPUT_MAX];
    let prefix_len = HKDF_INFO_MANAGER_LOCAL_PREFIX.len();
    info[..prefix_len].copy_from_slice(HKDF_INFO_MANAGER_LOCAL_PREFIX);
    info[prefix_len..prefix_len + TUID_HEX_LENGTH].copy_from_slice(&hex);
    hkdf_expand(k0, &info[..prefix_len + TUID_HEX_LENGTH], mgr_local_key)
}

pub fn tuid_from_hex_string(hex_string: &[u8]) -> Result<[u8; TUID_LENGTH]> {
    TUID::from_hex(hex_string).map(|t| t.0)
}

pub fn generate_dynamic_tuid(mfg_code: u16) -> Result<[u8; TUID_LENGTH]> {
    let mut random_bytes = [0u8; 4];
    getrandom::getrandom(&mut random_bytes).map_err(|_| SigNetError::Crypto)?;
    let device_id = (random_bytes[0] as u32) << 24
        | (random_bytes[1] as u32) << 16
        | (random_bytes[2] as u32) << 8
        | (random_bytes[3] as u32);
    let device_id = (device_id | 0x80000000).min(0xFFFFFFEF);
    let mut tuid = [0u8; TUID_LENGTH];
    tuid[0] = (mfg_code >> 8) as u8;
    tuid[1] = (mfg_code & 0xFF) as u8;
    tuid[2] = (device_id >> 24) as u8;
    tuid[3] = (device_id >> 16) as u8;
    tuid[4] = (device_id >> 8) as u8;
    tuid[5] = device_id as u8;
    Ok(tuid)
}

#[derive(Debug, Clone)]
pub struct PassphraseChecks {
    pub length: usize,
    pub length_ok: bool,
    pub class_count: i32,
    pub has_upper: bool,
    pub has_lower: bool,
    pub has_digit: bool,
    pub has_symbol: bool,
    pub classes_ok: bool,
    pub no_identical: bool,
    pub no_sequential: bool,
}

impl Default for PassphraseChecks {
    fn default() -> Self {
        PassphraseChecks {
            length: 0,
            length_ok: false,
            class_count: 0,
            has_upper: false,
            has_lower: false,
            has_digit: false,
            has_symbol: false,
            classes_ok: false,
            no_identical: true,
            no_sequential: true,
        }
    }
}

pub fn validate_passphrase(passphrase: &[u8]) -> Result<()> {
    analyse_passphrase(passphrase).map(|_| ())
}

pub fn analyse_passphrase(passphrase: &[u8]) -> Result<PassphraseChecks> {
    let length = passphrase.len();
    let mut checks = PassphraseChecks { length, ..Default::default() };

    // Bug 3 fix: empty passphrase must return error, not Ok
    if passphrase.is_empty() {
        return Err(SigNetError::PassphraseTooShort);
    }

    checks.length_ok = checks.length >= PASSPHRASE_MIN_LENGTH && checks.length <= PASSPHRASE_MAX_LENGTH;
    if !checks.length_ok {
        return if checks.length < PASSPHRASE_MIN_LENGTH {
            Err(SigNetError::PassphraseTooShort)
        } else {
            Err(SigNetError::PassphraseTooLong)
        };
    }

    for &c in passphrase {
        if c.is_ascii_uppercase() {
            checks.has_upper = true;
        } else if c.is_ascii_lowercase() {
            checks.has_lower = true;
        } else if c.is_ascii_digit() {
            checks.has_digit = true;
        } else if PASSPHRASE_SYMBOLS.contains(&c) {
            checks.has_symbol = true;
        }
    }

    checks.class_count = [checks.has_upper, checks.has_lower, checks.has_digit, checks.has_symbol]
        .iter()
        .filter(|&&b| b)
        .count() as i32;
    checks.classes_ok = checks.class_count >= 3;

    for i in 2..passphrase.len() {
        if passphrase[i] == passphrase[i - 1] && passphrase[i] == passphrase[i - 2] {
            checks.no_identical = false;
            break;
        }
    }

    // Bug 2 fix: check both ascending and descending sequences, matching C++
    for i in 3..passphrase.len() {
        let asc = passphrase[i] == passphrase[i - 1].wrapping_add(1)
            && passphrase[i - 1] == passphrase[i - 2].wrapping_add(1)
            && passphrase[i - 2] == passphrase[i - 3].wrapping_add(1);
        let desc = passphrase[i] == passphrase[i - 1].wrapping_sub(1)
            && passphrase[i - 1] == passphrase[i - 2].wrapping_sub(1)
            && passphrase[i - 2] == passphrase[i - 3].wrapping_sub(1);
        if asc || desc {
            checks.no_sequential = false;
            break;
        }
    }

    // Bug 4 fix: error priority matches C++: identical → sequential → classes
    if !checks.no_identical {
        return Err(SigNetError::PassphraseConsecutiveIdentical);
    }
    if !checks.no_sequential {
        return Err(SigNetError::PassphraseConsecutiveSequential);
    }
    if !checks.classes_ok {
        return Err(SigNetError::PassphraseInsufficientClasses);
    }

    Ok(checks)
}

pub fn generate_random_passphrase(buf: &mut [u8; 11]) -> Result<()> {
    let sets: &[&[u8]] = &[
        PASSPHRASE_GEN_UPPERCASE,
        PASSPHRASE_GEN_LOWERCASE,
        PASSPHRASE_GEN_DIGITS,
        PASSPHRASE_GEN_SYMBOLS,
    ];

    for _ in 0..100 {
        let mut phrase = [0u8; PASSPHRASE_GENERATED_LENGTH];
        getrandom::getrandom(&mut phrase).map_err(|_| SigNetError::Crypto)?;

        for b in &mut phrase {
            let idx = *b as usize;
            let set_idx = idx % 4;
            let set = sets[set_idx];
            *b = set[idx % set.len()];
        }

        if analyse_passphrase(&phrase).is_ok() {
            buf[..PASSPHRASE_GENERATED_LENGTH].copy_from_slice(&phrase);
            buf[PASSPHRASE_GENERATED_LENGTH] = 0;
            return Ok(());
        }
    }

    Err(SigNetError::Crypto)
}

pub fn generate_random_k0(k0_output: &mut [u8; K0_KEY_LENGTH]) -> Result<()> {
    getrandom::getrandom(k0_output).map_err(|_| SigNetError::Crypto)
}

/// Export guest keys (Km_global, Ks, Kc) from K0.
/// Guest Managers possess only these global keys, not K0 or Km_local,
/// enforcing a cryptographically restricted Read-Only administrative state.
pub struct GuestKeys {
    pub km_global: [u8; DERIVED_KEY_LENGTH],
    pub ks: [u8; DERIVED_KEY_LENGTH],
    pub kc: [u8; DERIVED_KEY_LENGTH],
}

pub fn export_guest_keys(k0: &[u8; K0_KEY_LENGTH]) -> Result<GuestKeys> {
    let mut keys = GuestKeys {
        km_global: [0u8; DERIVED_KEY_LENGTH],
        ks: [0u8; DERIVED_KEY_LENGTH],
        kc: [0u8; DERIVED_KEY_LENGTH],
    };
    derive_manager_global_key(k0, &mut keys.km_global)?;
    derive_sender_key(k0, &mut keys.ks)?;
    derive_citizen_key(k0, &mut keys.kc)?;
    Ok(keys)
}

pub fn build_hmac_input(
    uri_string: &str,
    options: &SigNetOptions,
    payload: &[u8],
    output: &mut [u8],
) -> Result<usize> {
    let mut pos = 0;
    let uri = uri_string.as_bytes();
    output[pos..pos + uri.len()].copy_from_slice(uri);
    pos += uri.len();
    output[pos] = options.security_mode;
    pos += 1;
    output[pos..pos + SENDER_ID_LENGTH].copy_from_slice(&options.sender_id);
    pos += SENDER_ID_LENGTH;
    output[pos..pos + 2].copy_from_slice(&options.mfg_code.to_be_bytes());
    pos += 2;
    output[pos..pos + 4].copy_from_slice(&options.session_id.to_be_bytes());
    pos += 4;
    output[pos..pos + 4].copy_from_slice(&options.seq_num.to_be_bytes());
    pos += 4;
    output[pos..pos + payload.len()].copy_from_slice(payload);
    pos += payload.len();
    Ok(pos)
}

pub fn verify_packet_hmac(
    uri_string: &str,
    options: &SigNetOptions,
    payload: &[u8],
    role_key: &[u8],
) -> Result<()> {
    use subtle::ConstantTimeEq;

    let input_len = uri_string.len() + 1 + SENDER_ID_LENGTH + 2 + 4 + 4 + payload.len();
    if input_len > HMAC_INPUT_MAX {
        return Err(SigNetError::InvalidArgument);
    }
    let mut hmac_input = [0u8; HMAC_INPUT_MAX];
    build_hmac_input(uri_string, options, payload, &mut hmac_input[..input_len])?;

    let mut computed = [0u8; HMAC_SHA256_LENGTH];
    hmac_sha256(role_key, &hmac_input[..input_len], &mut computed)?;

    if computed.ct_eq(&options.hmac).into() {
        Ok(())
    } else {
        Err(SigNetError::HmacFailed)
    }
}

pub fn compute_packet_hmac(
    uri_string: &str,
    options: &SigNetOptions,
    payload: &[u8],
    signing_key: &[u8],
) -> Result<[u8; HMAC_SHA256_LENGTH]> {
    let input_len = uri_string.len() + 1 + SENDER_ID_LENGTH + 2 + 4 + 4 + payload.len();
    if input_len > HMAC_INPUT_MAX {
        return Err(SigNetError::InvalidArgument);
    }
    let mut hmac_input = [0u8; HMAC_INPUT_MAX];
    build_hmac_input(uri_string, options, payload, &mut hmac_input[..input_len])?;
    let mut hmac = [0u8; HMAC_SHA256_LENGTH];
    hmac_sha256(signing_key, &hmac_input[..input_len], &mut hmac)?;
    Ok(hmac)
}