Merge pull request #476 from nasa/475-release-with-race-condition-fix

475 release with race condition fix

Author: Donnie-Ice

CMakeLists.txt

@@ -18,6 +18,8 @@
 cmake_minimum_required(VERSION 3.14.0)
 project(crypto C)
 
+#set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=address")
+
 #
 # CUSTOM PATH Definiton
 #

include/crypto.h

@@ -49,7 +49,7 @@
 ** Crypto Version
 */
 #define CRYPTO_LIB_MAJOR_VERSION 1
-#define CRYPTO_LIB_MINOR_VERSION 3
+#define CRYPTO_LIB_MINOR_VERSION 4
 #define CRYPTO_LIB_REVISION      1
 #define CRYPTO_LIB_MISSION_REV   0
 
@@ -329,7 +329,9 @@ extern CamConfig_t                          *cam_config;
 extern GvcidManagedParameters_t             *gvcid_managed_parameters;
 extern GvcidManagedParameters_t             *current_managed_parameters;
 extern GvcidManagedParameters_t              gvcid_managed_parameters_array[GVCID_MAX_PARAM_SIZE];
-extern GvcidManagedParameters_t              current_managed_parameters_struct;
+extern GvcidManagedParameters_t              tc_current_managed_parameters_struct;
+extern GvcidManagedParameters_t              tm_current_managed_parameters_struct;
+extern GvcidManagedParameters_t              aos_current_managed_parameters_struct;
 extern int                                   gvcid_counter;
 extern KeyInterface                          key_if;
 extern McInterface                           mc_if;

src/CMakeLists.txt

@@ -128,12 +128,13 @@ endif()
 
 # Create the app module
 if(DEFINED CFE_SYSTEM_PSPNAME)
-    set(CMAKE_INSTALL_RPATH "${CMAKE_INSTALL_PREFIX}/cpu${TGTSYS_${SYSVAR}}/${INSTALL_SUBDIR}")
+    set(CMAKE_INSTALL_RPATH "${CMAKE_INSTALL_PREFIX}/${TGTSYS_${SYSVAR}}/${INSTALL_SUBDIR}")
     add_cfe_app(crypto ${LIB_SRC_FILES})
     target_include_directories(crypto PUBLIC ../include)
 else() 
     # Standalone build
     add_library(crypto SHARED ${LIB_SRC_FILES})
+    target_include_directories(crypto PUBLIC ../include)
 endif()
 
 if(CRYPTO_LIBGCRYPT)
@@ -159,23 +160,25 @@ endif()
 
 file(GLOB CRYPTO_INCLUDES ../include/*.h)
 set_target_properties(crypto PROPERTIES PUBLIC_HEADER "${CRYPTO_INCLUDES}")
+file(GLOB CRYPTO_INCLUDES ../support/standalone/*.h)
+set_target_properties(crypto PROPERTIES PUBLIC_HEADER "${CRYPTO_INCLUDES}")
 # This causes the library to be installed as libcryptolib.so while still being
 # referred to as crypto from CMake. Without this, the library filename would be
 # libcrypto.so which would conflict with openssl
 set_target_properties(crypto PROPERTIES OUTPUT_NAME "cryptolib")
 
 add_custom_command(TARGET crypto POST_BUILD
-        COMMAND ${CMAKE_COMMAND} -E copy $<TARGET_FILE:crypto> ${PROJECT_BINARY_DIR}/lib/libcrypto.so
-        COMMENT "Created ${PROJECT_BINARY_DIR}/lib/libCrypto.so"
+        COMMAND ${CMAKE_COMMAND} -E copy $<TARGET_FILE:crypto> ${PROJECT_BINARY_DIR}/libcryptolib.so
+        COMMENT "Created ${PROJECT_BINARY_DIR}/libcryptolib.so"
         )
 
 if(DEFINED CFE_SYSTEM_PSPNAME)
     install(TARGETS crypto 
             DESTINATION ${CMAKE_INSTALL_PREFIX}/${TGTSYS_${SYSVAR}}/${INSTALL_SUBDIR}
-            PUBLIC_HEADER DESTINATION ${CMAKE_INSTALL_PREFIX}/host)
+            PUBLIC_HEADER DESTINATION ${CMAKE_INSTALL_PREFIX}/include)
 else()
     install(TARGETS crypto
-            DESTINATION ${CMAKE_INSTALL_PREFIX}/lib
+            DESTINATION ${CMAKE_INSTALL_PREFIX}/
             PUBLIC_HEADER DESTINATION ${CMAKE_INSTALL_PREFIX}/include)
 endif()
 

src/core/crypto.c

@@ -1447,8 +1447,8 @@ int32_t Crypto_Get_Security_Trailer_Length(SecurityAssociation_t *sa_ptr)
  **/
 void Crypto_Set_FSR(uint8_t *p_ingest, uint16_t byte_idx, uint16_t pdu_len, SecurityAssociation_t *sa_ptr)
 {
-    if (current_managed_parameters_struct.has_ocf == TM_HAS_OCF ||
-        current_managed_parameters_struct.has_ocf == AOS_HAS_OCF)
+    if (tm_current_managed_parameters_struct.has_ocf == TM_HAS_OCF ||
+        aos_current_managed_parameters_struct.has_ocf == AOS_HAS_OCF)
     {
         Telemetry_Frame_Ocf_Fsr_t temp_report;
         byte_idx += (pdu_len + sa_ptr->stmacf_len);

src/core/crypto_aos.c

@@ -45,9 +45,11 @@ CryptographyKmcCryptoServiceConfig_t *cryptography_kmc_crypto_config = NULL;
 CamConfig_t                          *cam_config                     = NULL;
 
 GvcidManagedParameters_t gvcid_managed_parameters_array[GVCID_MAN_PARAM_SIZE];
-int                      gvcid_counter                     = 0;
-GvcidManagedParameters_t gvcid_null_struct                 = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
-GvcidManagedParameters_t current_managed_parameters_struct = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
+int                      gvcid_counter                         = 0;
+GvcidManagedParameters_t gvcid_null_struct                     = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
+GvcidManagedParameters_t tc_current_managed_parameters_struct  = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
+GvcidManagedParameters_t tm_current_managed_parameters_struct  = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
+GvcidManagedParameters_t aos_current_managed_parameters_struct = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
 
 // GvcidManagedParameters_t* gvcid_managed_parameters = NULL;
 //  GvcidManagedParameters_t* current_managed_parameters = NULL;
@@ -72,28 +74,25 @@ int32_t Crypto_SC_Init(void)
 {
     int32_t status = CRYPTO_LIB_SUCCESS;
     Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT,
-                            IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR,
+                            IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_NO_PUS_HDR,
                             TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE,
                             TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE);
     // TC
-    // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024,
-    // AOS_FHEC_NA, AOS_IZ_NA, 0);
     GvcidManagedParameters_t TC_UT_Managed_Parameters = {
         0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, TC_OCF_NA, 1};
     Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters);
-
-    // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 4, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024,
-    // AOS_FHEC_NA, AOS_IZ_NA, 0);
     TC_UT_Managed_Parameters.vcid = 2;
     Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters);
+    TC_UT_Managed_Parameters.vcid = 3;
+    Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters);
 
     // TM
-    // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_HAS_OCF, 1786,
-    // AOS_FHEC_NA, AOS_IZ_NA, 0);
     GvcidManagedParameters_t TM_UT_Managed_Parameters = {
-        0, 0x0003, 1, TM_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TM_SEGMENT_HDRS_NA, 1786, TM_HAS_OCF, 1};
+        0, 0x0003, 1, TM_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TM_SEGMENT_HDRS_NA, 1786, TM_NO_OCF, 1};
+    Crypto_Config_Add_Gvcid_Managed_Parameters(TM_UT_Managed_Parameters);
+    TM_UT_Managed_Parameters.vcid = 4;
     Crypto_Config_Add_Gvcid_Managed_Parameters(TM_UT_Managed_Parameters);
-    TM_UT_Managed_Parameters.vcid = 2;
+    TM_UT_Managed_Parameters.vcid = 5;
     Crypto_Config_Add_Gvcid_Managed_Parameters(TM_UT_Managed_Parameters);
     status = Crypto_Init();
     return status;
@@ -397,7 +396,9 @@ int32_t Crypto_Shutdown(void)
     int32_t status = CRYPTO_LIB_SUCCESS;
 
     // current_managed_parameters = NULL;
-    current_managed_parameters_struct = gvcid_null_struct;
+    tc_current_managed_parameters_struct  = gvcid_null_struct;
+    tm_current_managed_parameters_struct  = gvcid_null_struct;
+    aos_current_managed_parameters_struct = gvcid_null_struct;
     for (int i = 0; i <= gvcid_counter; i++)
     {
         gvcid_managed_parameters_array[i] = gvcid_null_struct;

src/core/crypto_config.c

@@ -243,10 +243,10 @@ int32_t Crypto_TC_Frame_Validation(uint16_t *p_enc_frame_len)
     }
 
     // Check maximum managed parameter size
-    if (*p_enc_frame_len > current_managed_parameters_struct.max_frame_size)
+    if (*p_enc_frame_len > tc_current_managed_parameters_struct.max_frame_size)
     {
 #ifdef DEBUG
-        printf("Managed length is: %d\n", current_managed_parameters_struct.max_frame_size);
+        printf("Managed length is: %d\n", tc_current_managed_parameters_struct.max_frame_size);
         printf("New enc frame length will be: %d\n", *p_enc_frame_len);
 #endif
         printf(KRED "Error: New frame would violate maximum tc frame managed parameter! \n" RESET);
@@ -695,7 +695,7 @@ int32_t Crypto_TC_Do_Encrypt(uint8_t sa_service_type, SecurityAssociation_t *sa_
     */
 
     // Only calculate & insert FECF if CryptoLib is configured to do so & gvcid includes FECF.
-    if (current_managed_parameters_struct.has_fecf == TC_HAS_FECF)
+    if (tc_current_managed_parameters_struct.has_fecf == TC_HAS_FECF)
     {
 #ifdef FECF_DEBUG
         printf(KCYN "Calcing FECF over %d bytes\n" RESET, new_enc_frame_header_field_length - 1);
@@ -818,15 +818,15 @@ int32_t Crytpo_TC_Validate_TC_Temp_Header(const uint16_t in_frame_length, TC_Fra
     // Lookup-retrieve managed parameters for frame via gvcid:
     status =
         Crypto_Get_Managed_Parameters_For_Gvcid(temp_tc_header.tfvn, temp_tc_header.scid, temp_tc_header.vcid,
-                                                gvcid_managed_parameters_array, &current_managed_parameters_struct);
+                                                gvcid_managed_parameters_array, &tc_current_managed_parameters_struct);
 
     if (status != CRYPTO_LIB_SUCCESS)
     {
         mc_if->mc_log(status);
         return status;
     } // Unable to get necessary Managed Parameters for TC TF -- return with error.
 
-    if (current_managed_parameters_struct.has_segmentation_hdr == TC_HAS_SEGMENT_HDRS)
+    if (tc_current_managed_parameters_struct.has_segmentation_hdr == TC_HAS_SEGMENT_HDRS)
     {
         *segmentation_hdr = p_in_frame[5];
         *map_id           = *segmentation_hdr & 0x3F;
@@ -1194,7 +1194,7 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t *p_in_frame, const uint16_t in
     */
     uint16_t index = TC_FRAME_HEADER_SIZE; // Frame header is 5 bytes
 
-    if (current_managed_parameters_struct.has_segmentation_hdr == TC_HAS_SEGMENT_HDRS)
+    if (tc_current_managed_parameters_struct.has_segmentation_hdr == TC_HAS_SEGMENT_HDRS)
     {
         index++; // Add 1 byte to index because segmentation header used for this gvcid.
     }
@@ -1321,7 +1321,7 @@ int32_t Crypto_TC_ProcessSecurity(uint8_t *ingest, int *len_ingest, TC_t *tc_sdl
 int32_t Crypto_TC_Parse_Check_FECF(uint8_t *ingest, int *len_ingest, TC_t *tc_sdls_processed_frame)
 {
     int32_t status = CRYPTO_LIB_SUCCESS;
-    if (current_managed_parameters_struct.has_fecf == TC_HAS_FECF)
+    if (tc_current_managed_parameters_struct.has_fecf == TC_HAS_FECF)
     {
         tc_sdls_processed_frame->tc_sec_trailer.fecf =
             (((ingest[tc_sdls_processed_frame->tc_header.fl - 1] << 8) & 0xFF00) |
@@ -1665,7 +1665,7 @@ int32_t Crypto_TC_Prep_AAD(TC_t *tc_sdls_processed_frame, uint8_t fecf_len, uint
     if ((sa_service_type == SA_AUTHENTICATION) || (sa_service_type == SA_AUTHENTICATED_ENCRYPTION))
     {
         uint16_t tc_mac_start_index = tc_sdls_processed_frame->tc_header.fl + 1 - fecf_len - sa_ptr->stmacf_len;
-        if (current_managed_parameters_struct.max_frame_size < tc_mac_start_index)
+        if (tc_current_managed_parameters_struct.max_frame_size < tc_mac_start_index)
         {
             status = CRYPTO_LIB_ERR_TC_FRAME_LENGTH_UNDERFLOW;
             mc_if->mc_log(status);
@@ -1864,17 +1864,17 @@ void Crypto_TC_Get_Ciper_Mode_TCP(uint8_t sa_service_type, uint32_t *encryption_
  **/
 void Crypto_TC_Calc_Lengths(uint8_t *fecf_len, uint8_t *segment_hdr_len, uint8_t *ocf_len)
 {
-    if (current_managed_parameters_struct.has_fecf == TC_NO_FECF)
+    if (tc_current_managed_parameters_struct.has_fecf == TC_NO_FECF)
     {
         *fecf_len = 0;
     }
 
-    if (current_managed_parameters_struct.has_segmentation_hdr == TC_NO_SEGMENT_HDRS)
+    if (tc_current_managed_parameters_struct.has_segmentation_hdr == TC_NO_SEGMENT_HDRS)
     {
         *segment_hdr_len = 0;
     }
 
-    if (current_managed_parameters_struct.has_ocf == TC_OCF_NA)
+    if (tc_current_managed_parameters_struct.has_ocf == TC_OCF_NA)
     {
         *ocf_len = 0;
     }
@@ -1892,7 +1892,7 @@ void Crypto_TC_Calc_Lengths(uint8_t *fecf_len, uint8_t *segment_hdr_len, uint8_t
 void Crypto_TC_Set_Segment_Header(TC_t *tc_sdls_processed_frame, uint8_t *ingest, int *byte_idx)
 {
     int byte_idx_tmp = *byte_idx;
-    if (current_managed_parameters_struct.has_segmentation_hdr == TC_HAS_SEGMENT_HDRS)
+    if (tc_current_managed_parameters_struct.has_segmentation_hdr == TC_HAS_SEGMENT_HDRS)
     {
         tc_sdls_processed_frame->tc_sec_header.sh = (uint8_t)ingest[*byte_idx];
         byte_idx_tmp++;
@@ -1960,7 +1960,7 @@ int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t *ingest, int *len_ingest, TC_t *tc
     // Lookup-retrieve managed parameters for frame via gvcid:
     status = Crypto_Get_Managed_Parameters_For_Gvcid(
         tc_sdls_processed_frame->tc_header.tfvn, tc_sdls_processed_frame->tc_header.scid,
-        tc_sdls_processed_frame->tc_header.vcid, gvcid_managed_parameters_array, &current_managed_parameters_struct);
+        tc_sdls_processed_frame->tc_header.vcid, gvcid_managed_parameters_array, &tc_current_managed_parameters_struct);
 
     if (status != CRYPTO_LIB_SUCCESS)
     {