Merge pull request #93 from nasa/59-add-hmac-support

59 add hmac support

include/crypto.h

@@ -111,6 +111,8 @@ uint16_t Crypto_Calc_FECF(uint8_t* ingest, int len_ingest);
 void Crypto_Calc_CRC_Init_Table(void);
 uint16_t Crypto_Calc_CRC16(uint8_t* data, int size);
 int32_t Crypto_Check_Anti_Replay(SecurityAssociation_t *sa_ptr, uint8_t *arsn, uint8_t *iv);
+int32_t Crypto_Get_ECS_Algo_Keylen(uint8_t algo);
+int32_t Crypto_Get_ACS_Algo_Keylen(uint8_t algo);
 
 // Key Management Functions
 int32_t Crypto_Key_OTAR(void);

include/crypto_config.h

@@ -103,7 +103,7 @@
 // Generic Defines
 #define NUM_SA 64
 #define SPI_LEN 2 /* bytes */
-#define KEY_SIZE 32
+#define KEY_SIZE 512 /* bytes */
 #define KEY_ID_SIZE 8
 #define NUM_KEYS 256
 #define DISABLED 0

include/crypto_config_structs.h

@@ -89,14 +89,15 @@ typedef enum
 */
 typedef enum
 {
-    CRYPTO_ACS_NONE,
-    CRYPTO_AES256_CMAC,
-    CRYPTO_AES256_GMAC
+    CRYPTO_MAC_NONE,
+    CRYPTO_MAC_CMAC_AES256,
+    CRYPTO_MAC_HMAC_SHA256,
+    CRYPTO_MAC_HMAC_SHA512
 } AuthCipherSuite;
 typedef enum
 {
-    CRYPTO_ECS_NONE,
-    CRYPTO_AES256_GCM
+    CRYPTO_CIPHER_NONE,
+    CRYPTO_CIPHER_AES256_GCM
 } EncCipherSuite;
 
 /*

include/crypto_error.h

@@ -82,5 +82,8 @@
 #define CRYPTO_LIB_ERR_INVALID_SA_CONFIGURATION (-28)
 #define CRYPTO_LIB_ERR_TC_FRAME_SIZE_EXCEEDS_MANAGED_PARAM_MAX_LIMIT (-29)
 #define CRYPTO_LIB_ERR_TC_FRAME_SIZE_EXCEEDS_SPEC_LIMIT (-30)
+#define CRYPTO_LIB_ERR_UNSUPPORTED_ECS (-31)
+#define CRYPTO_LIB_KEY_LENGTH_ERROR (-32)
+#define CRYPTO_LIB_ERR_NULL_ECS_PTR (-33)
 
 #endif //_crypto_error_h_

include/crypto_structs.h

@@ -33,6 +33,7 @@
 typedef struct
 {
     uint8_t value[KEY_SIZE];
+    uint32_t key_len;
     uint8_t key_state : 4;
 } crypto_key_t;
 #define CRYPTO_KEY_SIZE (sizeof(crypto_key_t))

include/cryptography_interface.h

@@ -60,7 +60,7 @@ typedef struct
                                          uint8_t* mac, uint32_t mac_size,
                                          uint8_t* aad, uint32_t aad_len,
                                          uint8_t encrypt_bool, uint8_t authenticate_bool,
-                                         uint8_t aad_bool);
+                                         uint8_t aad_bool, uint8_t* ecs, uint8_t* acs);
     int32_t (*cryptography_aead_decrypt)(uint8_t* data_out, size_t len_data_out,
                                          uint8_t* data_in, size_t len_data_in,
                                          uint8_t* key, uint32_t len_key,
@@ -69,8 +69,9 @@ typedef struct
                                          uint8_t* aad, uint32_t aad_len,
                                          uint8_t* mac, uint32_t mac_size,
                                          uint8_t decrypt_bool, uint8_t authenticate_bool,
-                                         uint8_t aad_bool);
+                                         uint8_t aad_bool, uint8_t* ecs, uint8_t* acs);
     int32_t (*cryptography_get_acs_algo)(int8_t algo_enum);
+    int32_t (*cryptography_get_ecs_algo)(int8_t algo_enum);
 
 } CryptographyInterfaceStruct, *CryptographyInterface;
 

src/src_cryptography/src_kmc_crypto_service/cryptography_interface_kmc_crypto_service.template.c

@@ -59,7 +59,7 @@ static int32_t cryptography_aead_encrypt(uint8_t* data_out, size_t len_data_out,
                                          uint8_t* mac, uint32_t mac_size,
                                          uint8_t* aad, uint32_t aad_len,
                                          uint8_t encrypt_bool, uint8_t authenticate_bool,
-                                         uint8_t aad_bool);
+                                         uint8_t aad_bool, uint8_t* ecs, uint8_t* acs);
 static int32_t cryptography_aead_decrypt(uint8_t* data_out, size_t len_data_out,
                                          uint8_t* data_in, size_t len_data_in,
                                          uint8_t* key, uint32_t len_key,
@@ -68,8 +68,9 @@ static int32_t cryptography_aead_decrypt(uint8_t* data_out, size_t len_data_out,
                                          uint8_t* mac, uint32_t mac_size,
                                          uint8_t* aad, uint32_t aad_len,
                                          uint8_t decrypt_bool, uint8_t authenticate_bool,
-                                         uint8_t aad_bool);
+                                         uint8_t aad_bool, uint8_t* ecs, uint8_t* acs);
 static int32_t cryptography_get_acs_algo(int8_t algo_enum);
+static int32_t cryptography_get_ecs_algo(int8_t algo_enum);
 
 
 // libcurl call back and support function declarations
@@ -132,6 +133,7 @@ CryptographyInterface get_cryptography_interface_kmc_crypto_service(void)
     cryptography_if_struct.cryptography_aead_encrypt = cryptography_aead_encrypt;
     cryptography_if_struct.cryptography_aead_decrypt = cryptography_aead_decrypt;
     cryptography_if_struct.cryptography_get_acs_algo = cryptography_get_acs_algo;
+    cryptography_if_struct.cryptography_get_ecs_algo = cryptography_get_ecs_algo;
     return &cryptography_if_struct;
 }
 
@@ -698,11 +700,13 @@ static int32_t cryptography_aead_encrypt(uint8_t* data_out, size_t len_data_out,
                                          uint8_t* mac, uint32_t mac_size,
                                          uint8_t* aad, uint32_t aad_len,
                                          uint8_t encrypt_bool, uint8_t authenticate_bool,
-                                         uint8_t aad_bool)
+                                         uint8_t aad_bool, uint8_t* ecs, uint8_t* acs)
 {
     int32_t status = CRYPTO_LIB_SUCCESS;
     key = key; // Direct key input is not supported in KMC interface
     len_key = len_key; // Direct key input is not supported in KMC interface
+    ecs = ecs;
+    acs = acs;
 
     curl_easy_reset(curl);
     configure_curl_connect_opts(curl);
@@ -945,10 +949,12 @@ static int32_t cryptography_aead_decrypt(uint8_t* data_out, size_t len_data_out,
                                          uint8_t* mac, uint32_t mac_size,
                                          uint8_t* aad, uint32_t aad_len,
                                          uint8_t decrypt_bool, uint8_t authenticate_bool,
-                                         uint8_t aad_bool)
+                                         uint8_t aad_bool, uint8_t* ecs, uint8_t* acs)
 {
     int32_t status = CRYPTO_LIB_SUCCESS;
     key = key; // Direct key input is not supported in KMC interface
+    ecs = ecs;
+    acs = acs;
 
     // Get the key length in bits, in string format.
     // TODO -- Parse the key length from the keyInfo endpoint of the Crypto Service!
@@ -1306,13 +1312,37 @@ int32_t cryptography_get_acs_algo(int8_t algo_enum)
     int32_t algo = CRYPTO_LIB_ERR_UNSUPPORTED_ACS; // All valid algo enums will be positive
     switch (algo_enum)
     {
-         case CRYPTO_AES256_CMAC:
-             algo = CRYPTO_AES256_CMAC;
-             break;
+        // case CRYPTO_MAC_CMAC_AES256:
+        //     algo = GCRY_MAC_CMAC_AES;
+        //     break;
+
+        default:
+#ifdef DEBUG
+            printf("ACS Algo Enum not supported\n");
+#endif
+            break;
+    }
+
+    return (int)algo;
+}
+
+/**
+ * @brief Function: cryptography_get_ecs_algo. Maps Cryptolib ECS enums to KMC enums 
+ * It is possible for supported algos to vary between crypto libraries
+ * @param algo_enum
+ **/
+int32_t cryptography_get_ecs_algo(int8_t algo_enum)
+{
+    int32_t algo = CRYPTO_LIB_ERR_UNSUPPORTED_ECS; // All valid algo enums will be positive
+    switch (algo_enum)
+    {
+        // case CRYPTO_MAC_CMAC_AES256:
+        //     algo = GCRY_MAC_CMAC_AES;
+        //     break;
 
         default:
 #ifdef DEBUG
-            printf("ACS Algo Enum not supported");
+            printf("ECS Algo Enum not supported\n");
 #endif
             break;
     }