[#196] cryptography_aead_encrypt refactor

nasa · Mar 15, 2024 · 69846e9 · 69846e9
1 parent 6e6436d
commit 69846e9
Showing 1 changed file with 77 additions and 45 deletions.
diff --git a/src/crypto/libgcrypt/cryptography_interface_libgcrypt.template.c b/src/crypto/libgcrypt/cryptography_interface_libgcrypt.template.c
@@ -509,64 +509,54 @@ static int32_t cryptography_encrypt(uint8_t* data_out, size_t len_data_out,
     return status;
 }
 
-static int32_t cryptography_aead_encrypt(uint8_t* data_out, size_t len_data_out,
-                                         uint8_t* data_in, size_t len_data_in,
-                                         uint8_t* key, uint32_t len_key,
-                                         SecurityAssociation_t* sa_ptr, // For key index or key references (when key not passed in explicitly via key param)
-                                         uint8_t* iv, uint32_t iv_len,
-                                         uint8_t* mac, uint32_t mac_size,
-                                         uint8_t* aad, uint32_t aad_len,
-                                         uint8_t encrypt_bool, uint8_t authenticate_bool,
-                                         uint8_t aad_bool, uint8_t* ecs, uint8_t* acs, char* cam_cookies)
+int32_t cryptography_verify_ecs_enum_algo(uint8_t* ecs, int32_t* algo, int32_t* mode)
 {
-    gcry_error_t gcry_error = GPG_ERR_NO_ERROR;
-    gcry_cipher_hd_t tmp_hd;
     int32_t status = CRYPTO_LIB_SUCCESS;
-    uint8_t* key_ptr = key;
-
-    // Fix warning
-    acs = acs;
-    cam_cookies = cam_cookies;
-
-    sa_ptr = sa_ptr; // Unused in this implementation
-
-    // Select correct libgcrypt ecs enum
-    int32_t algo = -1;
     if (ecs != NULL)
     {
-        algo = cryptography_get_ecs_algo(*ecs);
-        if (algo == CRYPTO_LIB_ERR_UNSUPPORTED_ECS)
+        *algo = cryptography_get_ecs_algo(*ecs);
+        if (*algo == CRYPTO_LIB_ERR_UNSUPPORTED_ECS)
         {
-            return CRYPTO_LIB_ERR_UNSUPPORTED_ECS;
+            status = CRYPTO_LIB_ERR_UNSUPPORTED_ECS;
+            return status;
         }
     }
     else
     {
-        return CRYPTO_LIB_ERR_NULL_ECS_PTR;
+        status = CRYPTO_LIB_ERR_NULL_ECS_PTR;
+        return status;
     }
 
     // Verify the mode to accompany the ecs enum
-    int32_t mode = -1;
-    mode = cryptography_get_ecs_mode(*ecs);
-    if (mode == CRYPTO_LIB_ERR_UNSUPPORTED_ECS_MODE) return CRYPTO_LIB_ERR_UNSUPPORTED_ECS_MODE;
-
-    // TODO: Get Flag Functionality
+    *mode = cryptography_get_ecs_mode(*ecs);
+    if (*mode == CRYPTO_LIB_ERR_UNSUPPORTED_ECS_MODE) 
+    {
+        status = CRYPTO_LIB_ERR_UNSUPPORTED_ECS_MODE;
+        return status;
+    }
+    return status;
+}
+
+int32_t cryptography_gcry_setup(int32_t mode, int32_t algo, gcry_cipher_hd_t* tmp_hd, uint8_t* key_ptr, uint32_t len_key, uint8_t* iv, uint32_t iv_len, gcry_error_t* gcry_error)
+{
+    int32_t status = CRYPTO_LIB_SUCCESS;
+
     if(mode == CRYPTO_CIPHER_AES256_CBC_MAC)
     {
-        gcry_error = gcry_cipher_open(&(tmp_hd), algo, mode, GCRY_CIPHER_CBC_MAC);
+        *gcry_error = gcry_cipher_open(tmp_hd, algo, mode, GCRY_CIPHER_CBC_MAC);
     }
     else
     {
-        gcry_error = gcry_cipher_open(&(tmp_hd), algo, mode, GCRY_CIPHER_NONE);
+        *gcry_error = gcry_cipher_open(tmp_hd, algo, mode, GCRY_CIPHER_NONE);
     } 
-    if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR)
+    if ((*gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR)
     {
-        printf(KRED "ERROR: gcry_cipher_open error code %d\n" RESET, gcry_error & GPG_ERR_CODE_MASK);
-        printf(KRED "Failure: %s/%s\n", gcry_strsource(gcry_error), gcry_strerror(gcry_error));
+        printf(KRED "ERROR: gcry_cipher_open error code %d\n" RESET, *gcry_error & GPG_ERR_CODE_MASK);
+        printf(KRED "Failure: %s/%s\n", gcry_strsource(*gcry_error), gcry_strerror(*gcry_error));
         status = CRYPTO_LIB_ERR_LIBGCRYPT_ERROR;
         return status;
     }
-    gcry_error = gcry_cipher_setkey(tmp_hd, key_ptr, len_key);
+    *gcry_error = gcry_cipher_setkey(*tmp_hd, key_ptr, len_key);
 #ifdef SA_DEBUG
     uint32_t i;
     printf(KYEL "AEAD MAC: Printing Key:\n\t");
@@ -577,23 +567,64 @@ static int32_t cryptography_aead_encrypt(uint8_t* data_out, size_t len_data_out,
     printf("\n");
 #endif
 
-    if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR)
+    if ((*gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR)
     {
-        printf(KRED "ERROR: gcry_cipher_setkey error code %d\n" RESET, gcry_error & GPG_ERR_CODE_MASK);
-        printf(KRED "Failure: %s/%s\n", gcry_strsource(gcry_error), gcry_strerror(gcry_error));
+        printf(KRED "ERROR: gcry_cipher_setkey error code %d\n" RESET, *gcry_error & GPG_ERR_CODE_MASK);
+        printf(KRED "Failure: %s/%s\n", gcry_strsource(*gcry_error), gcry_strerror(*gcry_error));
         status = CRYPTO_LIB_ERR_LIBGCRYPT_ERROR;
-        gcry_cipher_close(tmp_hd);
+        gcry_cipher_close(*tmp_hd);
         return status;
     }
-    gcry_error = gcry_cipher_setiv(tmp_hd, iv, iv_len);
-    if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR)
+    *gcry_error = gcry_cipher_setiv(*tmp_hd, iv, iv_len);
+    if ((*gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR)
     {
-        printf(KRED "ERROR: gcry_cipher_setiv error code %d\n" RESET, gcry_error & GPG_ERR_CODE_MASK);
-        printf(KRED "Failure: %s/%s\n", gcry_strsource(gcry_error), gcry_strerror(gcry_error));
+        printf(KRED "ERROR: gcry_cipher_setiv error code %d\n" RESET, *gcry_error & GPG_ERR_CODE_MASK);
+        printf(KRED "Failure: %s/%s\n", gcry_strsource(*gcry_error), gcry_strerror(*gcry_error));
         status = CRYPTO_LIB_ERR_LIBGCRYPT_ERROR;
-        gcry_cipher_close(tmp_hd);
+        gcry_cipher_close(*tmp_hd);
         return status;
     }
+    return status;
+}
+
+static int32_t cryptography_aead_encrypt(uint8_t* data_out, size_t len_data_out,
+                                         uint8_t* data_in, size_t len_data_in,
+                                         uint8_t* key, uint32_t len_key,
+                                         SecurityAssociation_t* sa_ptr, // For key index or key references (when key not passed in explicitly via key param)
+                                         uint8_t* iv, uint32_t iv_len,
+                                         uint8_t* mac, uint32_t mac_size,
+                                         uint8_t* aad, uint32_t aad_len,
+                                         uint8_t encrypt_bool, uint8_t authenticate_bool,
+                                         uint8_t aad_bool, uint8_t* ecs, uint8_t* acs, char* cam_cookies)
+{
+    gcry_error_t gcry_error = GPG_ERR_NO_ERROR;
+    gcry_cipher_hd_t tmp_hd = 0;
+    int32_t status = CRYPTO_LIB_SUCCESS;
+    uint8_t* key_ptr = key;
+
+    // Fix warning
+    acs = acs;
+    cam_cookies = cam_cookies;
+
+    sa_ptr = sa_ptr; // Unused in this implementation
+
+    // Select correct libgcrypt ecs enum
+    int32_t algo = -1;
+    int32_t mode = -1;
+    status = cryptography_verify_ecs_enum_algo(ecs, &algo, &mode);
+    if(status != CRYPTO_LIB_SUCCESS)
+    {
+        mc_if->mc_log(status);
+        return status;   
+    }
+
+    // TODO: Get Flag Functionality
+    status = cryptography_gcry_setup(mode, algo, &tmp_hd, key_ptr, len_key, iv, iv_len, &gcry_error);
+    if(status != CRYPTO_LIB_SUCCESS)
+    {
+        mc_if->mc_log(status);
+        return status;   
+    }
 
 #ifdef DEBUG
     size_t j;
@@ -680,6 +711,7 @@ static int32_t cryptography_aead_encrypt(uint8_t* data_out, size_t len_data_out,
         }
 
 #ifdef MAC_DEBUG
+        uint32_t i = 0;
         printf("MAC = 0x");
         for (i = 0; i < mac_size; i++)
         {