[nasa/nos3#755] fix aos bugs, allow standalone to parse aos

src/core/crypto_aos.c

@@ -829,8 +829,8 @@ int32_t Crypto_AOS_ProcessSecurity(uint8_t *p_ingest, uint16_t len_ingest, uint8
 
     // Bit math to give concise access to values in the ingest
     aos_frame_pri_hdr.tfvn = ((uint8_t)p_ingest[0] & 0xC0) >> 6;
-    aos_frame_pri_hdr.scid = (((uint16_t)p_ingest[0] & 0x3F) << 4) | (((uint16_t)p_ingest[1] & 0xF0) >> 4);
-    aos_frame_pri_hdr.vcid = ((uint8_t)p_ingest[1] & 0x0E) >> 1;
+    aos_frame_pri_hdr.scid = (((uint16_t)p_ingest[0] & 0x3F) << 2) | (((uint16_t)p_ingest[1] & 0xC0) >> 6);
+    aos_frame_pri_hdr.vcid = ((uint8_t)p_ingest[1] & 0x3F);
 
 #ifdef DEBUG
     printf(KYEL "\n----- Crypto_AOS_ProcessSecurity START -----\n" RESET);
@@ -1117,7 +1117,7 @@ int32_t Crypto_AOS_ProcessSecurity(uint8_t *p_ingest, uint16_t len_ingest, uint8
     }
     // Increment byte_idx past Security Header Fields based on SA values
     byte_idx += sa_ptr->shivf_len;
-    byte_idx += (sa_ptr->arsn_len - sa_ptr->shsnf_len);
+    byte_idx += sa_ptr->shsnf_len;
     byte_idx += sa_ptr->shplf_len;
 
 #ifdef SA_DEBUG

src/core/crypto_config.c

@@ -94,6 +94,11 @@ int32_t Crypto_SC_Init(void)
     Crypto_Config_Add_Gvcid_Managed_Parameters(TM_UT_Managed_Parameters);
     TM_UT_Managed_Parameters.vcid = 5;
     Crypto_Config_Add_Gvcid_Managed_Parameters(TM_UT_Managed_Parameters);
+
+    // AOS
+    GvcidManagedParameters_t AOS_UT_Managed_Parameters = {
+        1, 0x0003, 6, AOS_NO_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, AOS_SEGMENT_HDRS_NA, 1786, AOS_NO_OCF, 1};
+    Crypto_Config_Add_Gvcid_Managed_Parameters(AOS_UT_Managed_Parameters);
     status = Crypto_Init();
 
     SecurityAssociation_t *sa_ptr = NULL;
@@ -132,6 +137,12 @@ int32_t Crypto_SC_Init(void)
     sa_ptr->gvcid_blk.vcid = 5;
     sa_ptr->shivf_len      = 0;
     sa_ptr->iv_len         = 0;
+    sa_if->sa_get_from_spi(10, &sa_ptr);
+    sa_ptr->acs            = CRYPTO_MAC_HMAC_SHA256;
+    sa_ptr->shsnf_len      = 2;
+    sa_ptr->ekid           = 128;
+    sa_ptr->akid           = 128;
+    sa_ptr->gvcid_blk.vcid = 6;
 
     return status;
 }

src/crypto/libgcrypt/cryptography_interface_libgcrypt.template.c

@@ -305,31 +305,31 @@ static int32_t cryptography_validate_authentication(uint8_t *data_out, size_t le
 
 #ifdef MAC_DEBUG
     // Commented out due to memory leaks with HMAC
-    // uint32_t *tmac_size = &mac_size;
-    // uint8_t  tmac[*tmac_size];
-    // gcry_error = gcry_mac_read(tmp_mac_hd,
-    //                            &tmac,               // tag output
-    //                            (size_t*)&mac_size // tag size
-    //              );
-    // if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR)
-    // {
-    //     printf(KRED "ERROR: gcry_mac_read error code %d\n" RESET, gcry_error & GPG_ERR_CODE_MASK);
-    //     status = CRYPTO_LIB_ERR_MAC_RETRIEVAL_ERROR;
-    //     return status;
-    // }
-
-    // printf("Calculated Mac Size: %d\n", *tmac_size);
-    // printf("Calculated MAC (full length):\n\t");
-    // for (uint32_t i = 0; i < *tmac_size; i++)
-    // {
-    //     printf("%02X", tmac[i]);
-    // }
-    // printf("\nCalculated MAC (truncated to sa_ptr->stmacf_len):\n\t");
-    // for (uint32_t i = 0; i < mac_size; i++)
-    // {
-    //     printf("%02X", tmac[i]);
-    // }
-    // printf("\n");
+    uint32_t *tmac_size = &mac_size;
+    uint8_t   tmac[*tmac_size];
+    gcry_error = gcry_mac_read(tmp_mac_hd,
+                               &tmac,              // tag output
+                               (size_t *)&mac_size // tag size
+    );
+    if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR)
+    {
+        printf(KRED "ERROR: gcry_mac_read error code %d\n" RESET, gcry_error & GPG_ERR_CODE_MASK);
+        status = CRYPTO_LIB_ERR_MAC_RETRIEVAL_ERROR;
+        return status;
+    }
+
+    printf("Calculated Mac Size: %d\n", *tmac_size);
+    printf("Calculated MAC (full length):\n\t");
+    for (uint32_t i = 0; i < *tmac_size; i++)
+    {
+        printf("%02X", tmac[i]);
+    }
+    printf("\nCalculated MAC (truncated to sa_ptr->stmacf_len):\n\t");
+    for (uint32_t i = 0; i < mac_size; i++)
+    {
+        printf("%02X", tmac[i]);
+    }
+    printf("\n");
 
     printf("Received MAC:\n\t");
     for (uint32_t i = 0; i < mac_size; i++)
@@ -666,7 +666,7 @@ static int32_t cryptography_aead_encrypt(
         );
         if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR)
         {
-            printf(KRED "ERROR: gcry_cipher_checktag error code %d\n" RESET, gcry_error & GPG_ERR_CODE_MASK);
+            printf(KRED "ERROR: gcry_cipher_gettag error code %d\n" RESET, gcry_error & GPG_ERR_CODE_MASK);
             printf(KRED "Failure: %s/%s\n", gcry_strsource(gcry_error), gcry_strerror(gcry_error));
             status = CRYPTO_LIB_ERR_MAC_RETRIEVAL_ERROR;
             gcry_cipher_close(tmp_hd);

support/standalone/standalone.c

@@ -788,11 +788,23 @@ void *crypto_standalone_tm_process(void *socks)
             // Process Security skipping prepended ASM
             crypto_standalone_tm_debug_process(tm_process_in);
             // Account for ASM length
-            status =
-                Crypto_TM_ProcessSecurity(tm_process_in + 4, (const uint16_t)tm_process_len - 4, &tm_ptr, &tm_out_len);
-            if (status != 0)
+            if (tm_process_in[4] == 0x40)
             {
-                printf("Crypto_TM_ProcessSecurity Failed with status = %d\n", status);
+                status = Crypto_AOS_ProcessSecurity(tm_process_in + 4, (const uint16_t)tm_process_len - 4, &tm_ptr,
+                                                    &tm_out_len);
+                if (status != 0)
+                {
+                    printf("Crypto_AOS_ProcessSecurity Failed with status = %d\n", status);
+                }
+            }
+            else
+            {
+                status = Crypto_TM_ProcessSecurity(tm_process_in + 4, (const uint16_t)tm_process_len - 4, &tm_ptr,
+                                                   &tm_out_len);
+                if (status != 0)
+                {
+                    printf("Crypto_TM_ProcessSecurity Failed with status = %d\n", status);
+                }
             }
 #else
             if (tm_debug == 1)

test/unit/ut_aos_apply.c

@@ -210,7 +210,7 @@ UTEST(AOS_APPLY, HAPPY_PATH_CLEAR_FECF)
 
     // Truth frame setup
     char *truth_aos_h =
-        "40C000000000000A112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+        "40C0000000000009000000000000000000000000DDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
         "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
         "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
         "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
@@ -242,7 +242,7 @@ UTEST(AOS_APPLY, HAPPY_PATH_CLEAR_FECF)
         "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
         "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
         "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
-        "BBAABBAABBAABBAA778A1E133306963F1D9DCA32D6D60C23966A";
+        "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAAC3D3";
     char *truth_aos_b   = NULL;
     int   truth_aos_len = 0;
     hex_conversion(truth_aos_h, &truth_aos_b, &truth_aos_len);
@@ -254,6 +254,9 @@ UTEST(AOS_APPLY, HAPPY_PATH_CLEAR_FECF)
 
     SecurityAssociation_t *test_association;
     sa_if->sa_get_from_spi(10, &test_association);
+    test_association->sa_state = SA_KEYED;
+    sa_if->sa_get_from_spi(9, &test_association);
+    test_association->sa_state = SA_OPERATIONAL;
 
     crypto_key_t *ekp = NULL;
     ekp               = key_if->get_key(test_association->ekid);
@@ -1342,15 +1345,11 @@ UTEST(AOS_APPLY, AEAD_GCM_BITMASK_1)
     aos_frame_pri_hdr.scid = (((uint16_t)test_aos_b[0] & 0x3F) << 2) | (((uint16_t)test_aos_b[1] & 0xC0) >> 6);
     aos_frame_pri_hdr.vcid = ((uint8_t)test_aos_b[1] & 0x3F);
 
-    // Expose/setup SA for testing
-    // Configure SA 14 off
-    sa_if->sa_get_from_spi(10, &sa_ptr);
-    sa_ptr->sa_state = SA_KEYED;
-
     // Configure SA 17 on
     sa_if->sa_get_from_spi(10, &sa_ptr);
     sa_ptr->sa_state = SA_OPERATIONAL;
     sa_ptr->ekid     = 130;
+    sa_ptr->akid     = 130;
     sa_ptr->ecs      = CRYPTO_CIPHER_AES256_GCM;
     sa_ptr->est      = 1;
     sa_ptr->ast      = 1;