Skip to content

Commit be6bac8

Browse files
Donnie-IceDonnie-Ice
authored
Merge pull request #452 from nasa/451-switch-sa-interface-to-be-more-like-an-api
451 switch sa interface to be more like an api
2 parents 530bb17 + 91dd7c2 commit be6bac8

File tree

7 files changed

+91
-66
lines changed

7 files changed

+91
-66
lines changed

include/crypto_error.h

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -154,9 +154,10 @@
154154
#define CRYPTO_LIB_ERR_TM_SECONDARY_HDR_SIZE (-80)
155155
#define CRYPTO_LIB_ERR_TM_SECONDARY_HDR_VN (-81)
156156
#define CRYPTO_LIB_ERR_TC_FRAME_LENGTH_MISMATCH (-82)
157-
#define CRYPTO_LIB_ERR_INVALID_AOS_IZ_LENGTH (-83)
157+
#define CRYPTO_LIB_ERR_SHPLF_LEN_LESS_THAN_MIN_PAD_SIZE (-83)
158+
#define CRYPTO_LIB_ERR_INVALID_AOS_IZ_LENGTH (-84)
158159

159-
#define CRYPTO_CORE_ERROR_CODES_MAX -83
160+
#define CRYPTO_CORE_ERROR_CODES_MAX -84
160161

161162
// Define codes for returning MDB Strings, and determining error based on strings
162163
#define CAM_ERROR_CODES 600

include/sa_interface.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,7 @@ typedef struct
3636
int32_t (*sa_get_from_spi)(uint16_t, SecurityAssociation_t **);
3737
int32_t (*sa_get_operational_sa_from_gvcid)(uint8_t, uint16_t, uint16_t, uint8_t, SecurityAssociation_t **);
3838
int32_t (*sa_save_sa)(SecurityAssociation_t *);
39+
int32_t (*sa_setIV)(uint16_t, char *);
3940
// Security Association Utility Functions
4041
int32_t (*sa_stop)(TC_t *tc_frame);
4142
int32_t (*sa_start)(TC_t *tc_frame);

src/core/crypto_error.c

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -113,6 +113,7 @@ char *crypto_enum_errlist_core[] = {(char *)"CRYPTO_LIB_SUCCESS",
113113
(char *)"CRYPTO_LIB_ERR_TM_SECONDARY_HDR_SIZE",
114114
(char *)"CRYPTO_LIB_ERR_TM_SECONDARY_HDR_VN",
115115
(char *)"CRYPTO_LIB_ERR_TC_FRAME_LENGTH_MISMATCH",
116+
(char *)"CRYPTO_LIB_ERR_SHPLF_LEN_LESS_THAN_MIN_PAD_SIZE",
116117
(char *)"CRYPTO_LIB_ERR_INVALID_AOS_IZ_LENGTH"};
117118

118119
char *crypto_enum_errlist_config[] = {

src/core/crypto_tc.c

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1099,6 +1099,13 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t *p_in_frame, const uint16_t in
10991099
break;
11001100
}
11011101
#endif
1102+
if ((encryption_cipher == CRYPTO_CIPHER_AES256_CBC || encryption_cipher == CRYPTO_CIPHER_AES256_CBC_MAC) &&
1103+
sa_ptr->shplf_len == 0)
1104+
{
1105+
status = CRYPTO_LIB_ERR_SHPLF_LEN_LESS_THAN_MIN_PAD_SIZE;
1106+
mc_if->mc_log(status);
1107+
return status;
1108+
}
11021109

11031110
// Determine if segment header exists and FECF exists
11041111
uint8_t segment_hdr_len = TC_SEGMENT_HDR_SIZE;

src/sa/internal/sa_interface_inmemory.template.c

Lines changed: 68 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@ static int32_t sa_close(void);
2424
static int32_t sa_get_from_spi(uint16_t, SecurityAssociation_t **);
2525
static int32_t sa_get_operational_sa_from_gvcid(uint8_t, uint16_t, uint16_t, uint8_t, SecurityAssociation_t **);
2626
static int32_t sa_save_sa(SecurityAssociation_t *sa);
27+
static int32_t sa_setIV(uint16_t spi, char *iv);
2728
// Security Association Utility Functions
2829
static int32_t sa_stop(TC_t *tc_frame);
2930
static int32_t sa_start(TC_t *tc_frame);
@@ -65,6 +66,7 @@ SaInterface get_sa_interface_inmemory(void)
6566
sa_if_struct.sa_setARSN = sa_setARSN;
6667
sa_if_struct.sa_setARSNW = sa_setARSNW;
6768
sa_if_struct.sa_delete = sa_delete;
69+
sa_if_struct.sa_setIV = sa_setIV;
6870
return &sa_if_struct;
6971
}
7072

@@ -719,29 +721,39 @@ static int32_t sa_get_from_spi(uint16_t spi, SecurityAssociation_t **security_as
719721
#ifdef SA_DEBUG
720722
printf(KRED "sa_get_from_spi: SPI: %d > NUM_SA: %d.\n" RESET, spi, NUM_SA);
721723
#endif
722-
return CRYPTO_LIB_ERR_SPI_INDEX_OOB;
724+
status = CRYPTO_LIB_ERR_SPI_INDEX_OOB;
725+
mc_if->mc_log(status);
726+
return status;
723727
}
724728
*security_association = &sa[spi];
725729

726730
if ((sa[spi].abm_len == 0) && sa[spi].ast)
727731
{
728-
return CRYPTO_LIB_ERR_NULL_ABM;
732+
status = CRYPTO_LIB_ERR_NULL_ABM;
733+
mc_if->mc_log(status);
734+
return status;
729735
} // Must have abm if doing authentication
730736

731737
// ARSN must be 0 octets in length if not using Auth/Auth Enc
732738
// SHSNF is a better indicator as it's the actual presence accounted for in the header
733739
// CCSDS 3550b2 Section 4.1.1.4.4
734740
if (sa[spi].ast == 0 && sa[spi].shsnf_len != 0 && sa[spi].arsn_len != 0)
735741
{
742+
#ifdef SA_DEBUG
736743
printf("USING SA %d!\n", spi);
737-
printf("AST IS %d, snf_len is %d, arsn_len is %d\n", sa[spi].ast, sa[spi].shsnf_len, sa[spi].arsn_len);
738-
return CRYPTO_LIB_ERR_INVALID_SVC_TYPE_WITH_ARSN;
744+
printf("AST IS %d, shsnf_len is %d, arsn_len is %d\n", sa[spi].ast, sa[spi].shsnf_len, sa[spi].arsn_len);
745+
#endif
746+
status = CRYPTO_LIB_ERR_INVALID_SVC_TYPE_WITH_ARSN;
747+
mc_if->mc_log(status);
748+
return status;
739749
}
740750

741751
// ARSN length cannot be less than shsnf length
742752
if (sa[spi].shsnf_len > sa[spi].arsn_len)
743753
{
744-
return CRYPTO_LIB_ERR_ARSN_LT_SHSNF;
754+
status = CRYPTO_LIB_ERR_ARSN_LT_SHSNF;
755+
mc_if->mc_log(status);
756+
return status;
745757
}
746758

747759
#ifdef SA_DEBUG
@@ -1807,3 +1819,54 @@ int32_t sa_verify_data(SecurityAssociation_t *sa_ptr)
18071819
}
18081820
return status;
18091821
}
1822+
1823+
static int32_t sa_setIV(uint16_t spi, char *iv)
1824+
{
1825+
int32_t status = CRYPTO_LIB_SUCCESS;
1826+
1827+
if (iv == NULL) // NULL pointer
1828+
{
1829+
status = CRYPTO_LIB_ERR_NULL_BUFFER;
1830+
mc_if->mc_log(status);
1831+
return status;
1832+
}
1833+
1834+
uint16_t iv_len = strlen(iv) / 2;
1835+
1836+
if (iv_len > IV_SIZE)
1837+
{
1838+
#ifdef SA_DEBUG
1839+
printf("Specified IV longer than Config Maximum");
1840+
#endif
1841+
status = CRYPTO_LIB_ERROR;
1842+
mc_if->mc_log(status);
1843+
return status;
1844+
}
1845+
1846+
SecurityAssociation_t *sa;
1847+
sa_get_from_spi(spi, &sa);
1848+
1849+
if (sa->iv_len < iv_len) // make sure it wont underflow
1850+
{
1851+
iv_len = sa->iv_len;
1852+
}
1853+
1854+
int offset = sa->iv_len - iv_len;
1855+
1856+
unsigned int byte;
1857+
for (int i = 0; i < (int)strlen(iv); i += 2)
1858+
{
1859+
sscanf(&iv[i], "%02x", &byte);
1860+
sa->iv[i / 2 + offset] = byte;
1861+
}
1862+
1863+
#ifdef SA_DEBUG
1864+
printf(KYEL "IV set to: ");
1865+
for (int i = 0; i < sa->iv_len; i++)
1866+
{
1867+
printf("%02x", sa->iv[i]);
1868+
}
1869+
printf("\n" RESET);
1870+
#endif
1871+
return status;
1872+
}

test/unit/ut_tc_apply.c

Lines changed: 10 additions & 46 deletions
Original file line numberDiff line numberDiff line change
@@ -1130,12 +1130,6 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_1BP_1)
11301130
TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE,
11311131
TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE);
11321132

1133-
// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024,
1134-
// AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF,
1135-
// TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Config_Add_Gvcid_Managed_Parameter(0,
1136-
// 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0);
1137-
// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024,
1138-
// AOS_FHEC_NA, AOS_IZ_NA, 0);
11391133
GvcidManagedParameters_t TC_UT_Managed_Parameters = {
11401134
0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, TC_OCF_NA, 1};
11411135
Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters);
@@ -1152,18 +1146,9 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_1BP_1)
11521146
char *raw_tc_sdls_ping_b = NULL;
11531147
int raw_tc_sdls_ping_len = 0;
11541148

1155-
char *new_iv_h = "FFEEDDCCBBAA";
1156-
char *new_iv_b = NULL;
1157-
1158-
// char* expected_iv_h = "000000000001000000000001";
1159-
// char* expected_iv_b = NULL;
1160-
1161-
int new_iv_len = 12;
1162-
// int expected_iv_len = 0;
11631149
SaInterface sa_if = get_sa_interface_inmemory();
11641150

11651151
hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len);
1166-
hex_conversion(new_iv_h, &new_iv_b, &new_iv_len);
11671152

11681153
uint8_t *ptr_enc_frame = NULL;
11691154
uint16_t enc_frame_len = 0;
@@ -1179,23 +1164,25 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_1BP_1)
11791164
test_association->ecs = CRYPTO_CIPHER_AES256_CBC;
11801165
test_association->ast = 0;
11811166
test_association->arsn_len = 0;
1167+
test_association->shplf_len = 1;
11821168
test_association->iv_len = 12;
11831169
test_association->shivf_len = 12;
1184-
memcpy(test_association->iv + (test_association->iv_len - test_association->shivf_len), new_iv_b, new_iv_len);
1185-
sa_if->sa_get_from_spi(4, &test_association);
1170+
1171+
sa_if->sa_setIV(test_association->spi, "FFEEDDCCBBAA");
1172+
11861173
return_val =
11871174
Crypto_TC_ApplySecurity((uint8_t *)raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len);
11881175

1189-
char *truth_data_h = "200300260000000BFFEEDDCCBBAA00000000000001BD8722C9D22E0CB109AC402748F672067D37";
1176+
char *truth_data_h = "2003003600000004000000000000ffeeddccbbaa01db7cd0cea536980f6af1bbfc4ec0d7050000000000000000000"
1177+
"00000000000005FC0";
11901178
uint8_t *truth_data_b = NULL;
11911179
int truth_data_l = 0;
11921180

11931181
hex_conversion(truth_data_h, (char **)&truth_data_b, &truth_data_l);
1194-
// printf("Encrypted Frame:\n");
11951182
for (int i = 0; i < enc_frame_len; i++)
11961183
{
11971184
printf("%02x", ptr_enc_frame[i]);
1198-
// ASSERT_EQ(ptr_enc_frame[i], truth_data_b[i]);
1185+
ASSERT_EQ(ptr_enc_frame[i], truth_data_b[i]);
11991186
}
12001187
printf("\n");
12011188

@@ -1217,12 +1204,6 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_NULL_IV)
12171204
TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE,
12181205
TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE);
12191206

1220-
// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024,
1221-
// AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF,
1222-
// TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Config_Add_Gvcid_Managed_Parameter(0,
1223-
// 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0);
1224-
// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024,
1225-
// AOS_FHEC_NA, AOS_IZ_NA, 0);
12261207
GvcidManagedParameters_t TC_UT_Managed_Parameters = {
12271208
0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, TC_OCF_NA, 1};
12281209
Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters);
@@ -1240,17 +1221,10 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_NULL_IV)
12401221
int raw_tc_sdls_ping_len = 0;
12411222

12421223
char *new_iv_h = "FFEEDDCCBBAA";
1243-
char *new_iv_b = NULL;
1244-
1245-
// char* expected_iv_h = "000000000001000000000001";
1246-
// char* expected_iv_b = NULL;
12471224

1248-
int new_iv_len = 12;
1249-
// int expected_iv_len = 0;
12501225
SaInterface sa_if = get_sa_interface_inmemory();
12511226

12521227
hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len);
1253-
hex_conversion(new_iv_h, &new_iv_b, &new_iv_len);
12541228

12551229
uint8_t *ptr_enc_frame = NULL;
12561230
uint16_t enc_frame_len = 0;
@@ -1268,6 +1242,7 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_NULL_IV)
12681242
test_association->shivf_len = 0;
12691243
test_association->ecs = CRYPTO_CIPHER_AES256_CBC;
12701244
test_association->shplf_len = 1;
1245+
sa_if->sa_setIV(test_association->spi, new_iv_h);
12711246
return_val =
12721247
Crypto_TC_ApplySecurity((uint8_t *)raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len);
12731248

@@ -1301,12 +1276,6 @@ UTEST(TC_APPLY_SECURITY, CBC_NULL_IV_W_IVH)
13011276
TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE,
13021277
TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE);
13031278

1304-
// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024,
1305-
// AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF,
1306-
// TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Config_Add_Gvcid_Managed_Parameter(0,
1307-
// 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0);
1308-
// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024,
1309-
// AOS_FHEC_NA, AOS_IZ_NA, 0);
13101279
GvcidManagedParameters_t TC_UT_Managed_Parameters = {
13111280
0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, TC_OCF_NA, 1};
13121281
Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters);
@@ -1324,17 +1293,10 @@ UTEST(TC_APPLY_SECURITY, CBC_NULL_IV_W_IVH)
13241293
int raw_tc_sdls_ping_len = 0;
13251294

13261295
char *new_iv_h = "FFEEDDCCBBAA";
1327-
char *new_iv_b = NULL;
1328-
1329-
// char* expected_iv_h = "000000000001000000000001";
1330-
// char* expected_iv_b = NULL;
13311296

1332-
int new_iv_len = 12;
1333-
// int expected_iv_len = 0;
13341297
SaInterface sa_if = get_sa_interface_inmemory();
13351298

13361299
hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len);
1337-
hex_conversion(new_iv_h, &new_iv_b, &new_iv_len);
13381300

13391301
uint8_t enc_frame[2048];
13401302
uint8_t *ptr_enc_frame = &enc_frame[0];
@@ -1354,6 +1316,8 @@ UTEST(TC_APPLY_SECURITY, CBC_NULL_IV_W_IVH)
13541316
test_association->arsn_len = 0;
13551317
test_association->iv_len = 16;
13561318
test_association->shivf_len = 16;
1319+
sa_if->sa_setIV(test_association->spi, new_iv_h);
1320+
13571321
return_val =
13581322
Crypto_TC_ApplySecurity((uint8_t *)raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len);
13591323

test/unit/ut_tc_process.c

Lines changed: 1 addition & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -449,19 +449,7 @@ UTEST(TC_PROCESS, HAPPY_PATH_PROCESS_NONTRANSMITTED_INCREMENTING_IV_ROLLOVER)
449449
test_association->shivf_len = 6;
450450
test_association->iv_len = 12;
451451
test_association->ekid = 130;
452-
// IV = "000000000000FFFFFFFFFFFE"
453-
test_association->iv[0] = 0x00;
454-
test_association->iv[1] = 0x00;
455-
test_association->iv[2] = 0x00;
456-
test_association->iv[3] = 0x00;
457-
test_association->iv[4] = 0x00;
458-
test_association->iv[5] = 0x00;
459-
test_association->iv[6] = 0xFF;
460-
test_association->iv[7] = 0xFF;
461-
test_association->iv[8] = 0xFF;
462-
test_association->iv[9] = 0xFF;
463-
test_association->iv[10] = 0xFF;
464-
test_association->iv[11] = 0xFD;
452+
sa_if->sa_setIV(test_association->spi, "000000000000FFFFFFFFFFFD");
465453
test_association->ast = 1;
466454
test_association->est = 1;
467455
test_association->sa_state = SA_OPERATIONAL;

0 commit comments

Comments
 (0)