diff --git a/src/core/crypto_config.c b/src/core/crypto_config.c index 54741bda..d0e8c7e6 100644 --- a/src/core/crypto_config.c +++ b/src/core/crypto_config.c @@ -88,13 +88,36 @@ int32_t Crypto_SC_Init(void) // TM GvcidManagedParameters_t TM_UT_Managed_Parameters = { - 0, 0x0003, 1, TM_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TM_SEGMENT_HDRS_NA, 1786, TM_NO_OCF, 1}; + 0, 0x0003, 1, TM_NO_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TM_SEGMENT_HDRS_NA, 1786, TM_NO_OCF, 1}; Crypto_Config_Add_Gvcid_Managed_Parameters(TM_UT_Managed_Parameters); TM_UT_Managed_Parameters.vcid = 4; Crypto_Config_Add_Gvcid_Managed_Parameters(TM_UT_Managed_Parameters); TM_UT_Managed_Parameters.vcid = 5; Crypto_Config_Add_Gvcid_Managed_Parameters(TM_UT_Managed_Parameters); status = Crypto_Init(); + + SecurityAssociation_t *sa_ptr = NULL; + sa_if->sa_get_from_spi(1, &sa_ptr); + sa_ptr->gvcid_blk.vcid = 0; + sa_if->sa_get_from_spi(2, &sa_ptr); + sa_ptr->gvcid_blk.vcid = 2; + sa_if->sa_get_from_spi(3, &sa_ptr); + sa_ptr->sa_state = SA_OPERATIONAL; + sa_ptr->gvcid_blk.vcid = 3; + sa_ptr->abm_len = ABM_SIZE; + sa_if->sa_get_from_spi(5, &sa_ptr); + sa_ptr->sa_state = SA_OPERATIONAL; + sa_ptr->shsnf_len = 0; + sa_ptr->arsn_len = 0; + sa_ptr->gvcid_blk.vcid = 1; + sa_if->sa_get_from_spi(6, &sa_ptr); + sa_ptr->sa_state = SA_OPERATIONAL; + sa_ptr->gvcid_blk.vcid = 4; + sa_if->sa_get_from_spi(7, &sa_ptr); + sa_ptr->sa_state = SA_OPERATIONAL; + sa_ptr->abm_len = ABM_SIZE; + sa_ptr->gvcid_blk.vcid = 5; + return status; } diff --git a/src/core/crypto_tm.c b/src/core/crypto_tm.c index e8e22b26..72f1fab1 100644 --- a/src/core/crypto_tm.c +++ b/src/core/crypto_tm.c @@ -927,7 +927,8 @@ int32_t Crypto_TM_ApplySecurity(uint8_t *pTfBuffer, uint16_t len_ingest) printf("Actual secondary header length: %d\n", secondary_hdr_len); #endif // Only validate SHVN if secondary header is present - if (idx > secondary_hdr_start && shvn > 0) // SHVN is 2 bits, 0b00 is the only allowed value + + if (idx > secondary_hdr_start && shvn != 0) // SHVN is 2 bits, so max value is 3 { status = CRYPTO_LIB_ERR_TM_SECONDARY_HDR_VN; mc_if->mc_log(status); diff --git a/src/sa/internal/sa_interface_inmemory.template.c b/src/sa/internal/sa_interface_inmemory.template.c index dd0c3502..bf3b1989 100644 --- a/src/sa/internal/sa_interface_inmemory.template.c +++ b/src/sa/internal/sa_interface_inmemory.template.c @@ -346,7 +346,7 @@ void sa_populate(void) sa[5].gvcid_blk.tfvn = 0; sa[5].gvcid_blk.scid = SCID & 0x3FF; sa[5].gvcid_blk.vcid = 1; - sa[5].gvcid_blk.mapid = TYPE_TM; + sa[5].gvcid_blk.mapid = TYPE_TC; // TM - Encryption Only - AES-CBC-256 (Keyed) // IV = 0...0, IV-Len = 16, TFVN = 0, VCID = 0; MAC-Len = 0, ARSNW = 5 @@ -368,7 +368,7 @@ void sa_populate(void) sa[6].gvcid_blk.tfvn = 0; sa[6].gvcid_blk.scid = SCID & 0x3FF; sa[6].gvcid_blk.vcid = 0; - sa[6].gvcid_blk.mapid = TYPE_TM; + sa[6].gvcid_blk.mapid = TYPE_TC; // TM - Authentication Only HMAC_SHA512 (Keyed) // IV = 0...0, IV-Len = 12, MAC-Len = 16, TFVN = 0, VCID = 0, ARSNW = 5 @@ -390,7 +390,7 @@ void sa_populate(void) sa[7].gvcid_blk.tfvn = 0; sa[7].gvcid_blk.scid = SCID & 0x3FF; sa[7].gvcid_blk.vcid = 0; - sa[7].gvcid_blk.mapid = TYPE_TM; + sa[7].gvcid_blk.mapid = TYPE_TC; // TM - Authenticated Encryption AES-CBC-256 (Keyed) // IV = 0...0, IV-Len = 16, MAC-Len = 16, TFVN = 0, VCID = 0, ARSNW = 5 @@ -413,7 +413,7 @@ void sa_populate(void) sa[8].gvcid_blk.tfvn = 0; sa[8].gvcid_blk.scid = SCID & 0x3FF; sa[8].gvcid_blk.vcid = 0; - sa[8].gvcid_blk.mapid = TYPE_TM; + sa[8].gvcid_blk.mapid = TYPE_TC; // AOS - Clear Mode // IV = 0...0, IV-Len = 12, MAC-Len = 0, TFVN = 1, VCID = 0, ARSNW = 5 @@ -546,7 +546,7 @@ void sa_populate(void) sa[15].arsn_len = 2; sa[15].gvcid_blk.tfvn = 2; sa[15].gvcid_blk.scid = SCID & 0x3FF; - sa[15].gvcid_blk.vcid = 3; + sa[15].gvcid_blk.vcid = 7; sa[15].gvcid_blk.mapid = TYPE_TC; sa_perform_save(&sa[0]); diff --git a/support/standalone/standalone.c b/support/standalone/standalone.c index b0afd926..e9aa8e01 100644 --- a/support/standalone/standalone.c +++ b/support/standalone/standalone.c @@ -163,7 +163,7 @@ int32_t crypto_standalone_process_command(int32_t cc, int32_t num_tokens, char * { Crypto_saPrint(test_association); } - + printf("Get_SA_Status: %d\n", status); if ((status == CRYPTO_LIB_SUCCESS) && (test_association->sa_state == SA_OPERATIONAL) && (test_association->gvcid_blk.mapid == TYPE_TC) && (test_association->gvcid_blk.scid == SCID)) { @@ -372,14 +372,10 @@ void crypto_standalone_tc_frame(uint8_t *in_data, uint16_t in_length, uint8_t *o /* TC Length */ if (DYNAMIC_LENGTHS) { - uint8_t segment_hdr_len = tc_current_managed_parameters_struct.has_segmentation_hdr ? 1 : 0; + uint8_t segment_hdr_len = 1; uint8_t fecf_len = tc_current_managed_parameters_struct.has_fecf ? 2 : 0; - SecurityAssociation_t *sa_ptr; - sa_if->sa_get_from_spi(tc_vcid, &sa_ptr); - - *out_length = TC_FRAME_HEADER_SIZE + segment_hdr_len + sa_ptr->arsn_len + sa_ptr->shivf_len + - sa_ptr->shplf_len + sa_ptr->shsnf_len + in_length + sa_ptr->stmacf_len + fecf_len; + *out_length = TC_FRAME_HEADER_SIZE + segment_hdr_len + in_length + fecf_len; } else { @@ -525,8 +521,9 @@ void crypto_standalone_tm_frame(uint8_t *in_data, uint16_t in_length, uint8_t *o } // Calculate security headers and trailers - uint8_t header_length = TM_PRI_HDR_LENGTH + SDLS_SPI_LENGTH + sa_ptr->shivf_len + sa_ptr->shplf_len + - sa_ptr->shsnf_len; // TODO: Why +40? + uint8_t header_length = + TM_PRI_HDR_LENGTH + SDLS_SPI_LENGTH + sa_ptr->shivf_len + sa_ptr->shplf_len + sa_ptr->shsnf_len; + uint8_t trailer_length = sa_ptr->stmacf_len; if (tm_current_managed_parameters_struct.has_fecf == TM_HAS_FECF) { @@ -571,85 +568,76 @@ void crypto_standalone_tm_debug_process(uint8_t *tm_process_in) } } -void crypto_standalone_spp_telem_or_idle(int32_t *status_p, uint8_t *tm_ptr, uint16_t *spp_len_p, - udp_interface_t *tm_socks, int *tm_process_len_p) +void crypto_standalone_spp_telem_or_idle(int32_t *status, uint8_t *tm_ptr, uint16_t *spp_len, udp_interface_t *tm_socks, + int *tm_process_len) { - int32_t status = *status_p; - uint16_t spp_len = *spp_len_p; - int tm_process_len = *tm_process_len_p; - udp_info_t *tm_write_sock = &tm_socks->write; if ((tm_ptr[0] == 0x08) || (tm_ptr[0] == 0x09) || ((tm_ptr[0] == 0x07) && (tm_ptr[1] == 0xff)) || - (tm_ptr[0] == 0x0F && tm_ptr[1] == 0xFD) || (tm_ptr[0] == 0x1F && tm_ptr[1] == 0xFD)) + (tm_ptr[0] == 0x0F && tm_ptr[1] == 0xFD)) { - spp_len = (((0xFFFF & tm_ptr[4]) << 8) | tm_ptr[5]) + 7; + *spp_len = (((0xFFFF & tm_ptr[4]) << 8) | tm_ptr[5]) + 7; #ifdef CRYPTO_STANDALONE_TM_PROCESS_DEBUG - printf("crypto_standalone_tm_process - SPP[%d]: 0x", spp_len); - for (int i = 0; i < spp_len; i++) + printf("crypto_standalone_tm_process - SPP[%d]: 0x", *spp_len); + for (int i = 0; i < *spp_len; i++) { printf("%02x", tm_ptr[i]); } printf("\n"); #endif - // Send all SPP telemetry packets // 0x09 for HK/Device TLM Packets (Generic Components) + // 0x0FFD = CFDP if (tm_ptr[0] == 0x08 || tm_ptr[0] == 0x09 || (tm_ptr[0] == 0x0f && tm_ptr[1] == 0xfd)) { - status = sendto(tm_write_sock->sockfd, tm_ptr, spp_len, 0, (struct sockaddr *)&tm_write_sock->saddr, - sizeof(tm_write_sock->saddr)); + *status = sendto(tm_write_sock->sockfd, tm_ptr, *spp_len, 0, (struct sockaddr *)&tm_write_sock->saddr, + sizeof(tm_write_sock->saddr)); } // Only send idle packets if configured to do so else { #ifdef CRYPTO_STANDALONE_DISCARD_IDLE_PACKETS // Don't forward idle packets - status = spp_len; + *status = *spp_len; #else - status = sendto(tm_write_sock->sockfd, tm_ptr, spp_len, 0, (struct sockaddr *)&tm_write_sock->saddr, + status = sendto(tm_write_sock->sockfd, tm_ptr, *spp_len, 0, (struct sockaddr *)&tm_write_sock->saddr, sizeof(tm_write_sock->saddr)); #endif } // Check status - if ((status == -1) || (status != spp_len)) + if ((*status == -1) || (*status != *spp_len)) { - printf("crypto_standalone_tm_process - Reply error %d \n", status); + printf("crypto_standalone_tm_process - Reply error %d \n", *status); } - tm_ptr = &tm_ptr[spp_len]; - tm_process_len = tm_process_len - spp_len; + + *tm_process_len -= *spp_len; } else if ((tm_ptr[0] == 0xFF && tm_ptr[1] == 0x48) || (tm_ptr[0] == 0x00 && tm_ptr[1] == 0x00) || - (tm_ptr[0] == 0x02 && tm_ptr[1] == 0x00) || (tm_ptr[0] == 0xFF && tm_ptr[1] == 0xFF) || - (tm_ptr[0] == 0x1F && tm_ptr[1] == 0xFE)) + (tm_ptr[0] == 0x02 && tm_ptr[1] == 0x00) || (tm_ptr[0] == 0xFF && tm_ptr[1] == 0xFF)) { // TODO: Why 0x0200? // Idle Frame // Idle Frame is entire length of remaining data #ifdef CRYPTO_STANDALONE_DISCARD_IDLE_FRAMES // Don't forward idle frame - status = spp_len; + *status = *spp_len; #else - status = sendto(tm_write_sock->sockfd, tm_ptr, spp_len, 0, (struct sockaddr *)&tm_write_sock->saddr, + status = sendto(tm_write_sock->sockfd, tm_ptr, *spp_len, 0, (struct sockaddr *)&tm_write_sock->saddr, sizeof(tm_write_sock->saddr)); - if ((status == -1) || (status != spp_len)) + if ((status == -1) || (status != *spp_len)) { - printf("crypto_standalone_tm_process - Reply error %d \n", status); + printf("crypto_standalone_tm_process - Reply error %d \n", *status); } - tm_ptr = &tm_ptr[spp_len]; #endif - tm_process_len = 0; + *tm_process_len = 0; } else { printf("crypto_standalone_tm_process - SPP loop error, expected idle packet or frame! tm_ptr = 0x%02x%02x \n", tm_ptr[0], tm_ptr[1]); - tm_process_len = 0; + *tm_process_len = 0; } - *status_p = status; - *spp_len_p = spp_len; - *tm_process_len_p = tm_process_len; } void *crypto_standalone_tm_process(void *socks) @@ -747,6 +735,7 @@ void *crypto_standalone_tm_process(void *socks) { // SPP Telemetry OR SPP Idle Packet crypto_standalone_spp_telem_or_idle(&status, tm_ptr, &spp_len, tm_socks, &tm_process_len); + tm_ptr = &tm_ptr[spp_len]; } } else @@ -757,13 +746,14 @@ void *crypto_standalone_tm_process(void *socks) /* Reset */ memset(tm_process_in, 0x00, sizeof(tm_process_in)); tm_process_len = 0; + memset(tm_ptr, 0x00, sizeof(tm_process_in)); #ifdef CRYPTO_STANDALONE_TM_PROCESS_DEBUG printf("\n"); #endif } /* Delay */ - usleep(100); + usleep(10); } close(tm_read_sock->port); close(tm_write_sock->port); diff --git a/test/unit/ut_sa_save.c b/test/unit/ut_sa_save.c index fce67aef..44a55a72 100644 --- a/test/unit/ut_sa_save.c +++ b/test/unit/ut_sa_save.c @@ -622,7 +622,7 @@ UTEST(SA_SAVE, VERIFY_SAVE_ADJACENT) ASSERT_EQ(test_association->gvcid_blk.tfvn, 0); ASSERT_EQ(test_association->gvcid_blk.scid, 3); ASSERT_EQ(test_association->gvcid_blk.vcid, 1); - ASSERT_EQ(test_association->gvcid_blk.mapid, 2); + ASSERT_EQ(test_association->gvcid_blk.mapid, 0); ASSERT_EQ(test_association->est, 0); ASSERT_EQ(test_association->ast, 0); ASSERT_EQ(test_association->shivf_len, 12); diff --git a/test/unit/ut_tm_apply.c b/test/unit/ut_tm_apply.c index d9823ea1..64e183be 100644 --- a/test/unit/ut_tm_apply.c +++ b/test/unit/ut_tm_apply.c @@ -2087,7 +2087,8 @@ UTEST(TM_APPLY_ENC_VAL, AEAD_AES_GCM_BITMASK_1) hex_conversion(next_iv_h, &next_iv_b, &next_iv_len); ASSERT_EQ(next_iv_len, iv_len); - Crypto_TM_ApplySecurity((uint8_t *)framed_tm_b, framed_tm_len); + status = Crypto_TM_ApplySecurity((uint8_t *)framed_tm_b, framed_tm_len); + ASSERT_EQ(status, CRYPTO_LIB_SUCCESS); printf("Static frame contents:\n\t"); for (int i = 0; i < 1786; i++)