Merge pull request #155 from nasa/140-tm-support

CryptoLib#140 - TM Authentication
nasa · Apr 14, 2023 · a5467c4 · a5467c4
2 parents b938827 + f9963ed
commit a5467c4
Show file tree

Hide file tree

Showing 40 changed files with 3,324 additions and 447 deletions.
diff --git a/.github/workflows/utest.yml b/.github/workflows/utest.yml
@@ -39,6 +39,24 @@ jobs:
       # Execute tests defined by the CMake configuration.  
       # See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail
       run: ${{github.workspace}}/build/bin/ut_tc_apply
+
+    - name: Test-TC_PROCESS
+      working-directory: ${{github.workspace}}/build
+      # Execute tests defined by the CMake configuration.  
+      # See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail
+      run: ${{github.workspace}}/build/bin/ut_tc_process
+
+    - name: Test-TM_APPLY
+      working-directory: ${{github.workspace}}/build
+      # Execute tests defined by the CMake configuration.  
+      # See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail
+      run: ${{github.workspace}}/build/bin/ut_tm_apply
+
+    - name: Test-TM_PROCESS
+      working-directory: ${{github.workspace}}/build
+      # Execute tests defined by the CMake configuration.  
+      # See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail
+      run: ${{github.workspace}}/build/bin/ut_tm_process
 
     - name: Test-CRYPTO_CONFIG
       working-directory: ${{github.workspace}}/build

diff --git a/include/crypto.h b/include/crypto.h
@@ -72,15 +72,16 @@ extern int32_t Crypto_Config_Kmc_Crypto_Service(char* protocol, char* kmc_crypto
                                                 char* mtls_client_key_pass, char* mtls_issuer_cert);
 extern int32_t Crypto_Config_Cam(uint8_t cam_enabled, char* cookie_file_path, char* keytab_file_path, uint8_t login_method, char* access_manager_uri, char* username, char* cam_home);
 extern int32_t Crypto_Config_Add_Gvcid_Managed_Parameter(uint8_t tfvn, uint16_t scid, uint8_t vcid, uint8_t has_fecf,
-                                                         uint8_t has_segmentation_hdr, uint16_t max_tc_frame_size);
+                                                         uint8_t has_segmentation_hdr, uint16_t max_frame_size);
 
 // Initialization
 extern int32_t Crypto_Init(void); // Initialize CryptoLib After Configuration Calls
 extern int32_t Crypto_Init_With_Configs(
     CryptoConfig_t* crypto_config_p, GvcidManagedParameters_t* gvcid_managed_parameters_p,
     SadbMariaDBConfig_t* sadb_mariadb_config_p,
     CryptographyKmcCryptoServiceConfig_t* cryptography_kmc_crypto_config_p); // Initialize CryptoLib With Application Defined Configuration
-extern int32_t Crypto_Init_Unit_Test(void);      // Initialize CryptoLib with unit test default Configurations
+extern int32_t Crypto_Init_TC_Unit_Test(void);      // Initialize CryptoLib with unit test default Configurations
+extern int32_t Crypto_Init_TM_Unit_Test(void);      // Initialize CryptoLib with unit test default Configurations
 
 // Cleanup
 extern int32_t Crypto_Shutdown(void); // Free all allocated memory
@@ -93,8 +94,8 @@ extern int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint
                                        uint8_t** pp_enc_frame, uint16_t* p_enc_frame_len, char* cam_cookies);
 extern int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t* ingest, int *len_ingest, TC_t* tc_sdls_processed_frame, char* cam_cookies);
 // Telemetry (TM)
-extern int32_t Crypto_TM_ApplySecurity(uint8_t* ingest, int *len_ingest);
-extern int32_t Crypto_TM_ProcessSecurity(uint8_t* ingest, int *len_ingest);
+extern int32_t Crypto_TM_ApplySecurity(SecurityAssociation_t *sa_ptr);
+extern int32_t Crypto_TM_ProcessSecurity(const uint8_t* p_ingest, const uint16_t len_ingest, uint8_t** pp_processed_frame, uint16_t *p_decrypted_length);
 // Advanced Orbiting Systems (AOS)
 extern int32_t Crypto_AOS_ApplySecurity(uint8_t* ingest, int *len_ingest);
 extern int32_t Crypto_AOS_ProcessSecurity(uint8_t* ingest, int *len_ingest);
@@ -113,13 +114,14 @@ uint8_t Crypto_Is_AEAD_Algorithm(uint32_t cipher_suite_id);
 uint8_t* Crypto_Prepare_TC_AAD(uint8_t* buffer, uint16_t len_aad, uint8_t* abm_buffer);
 void Crypto_TM_updatePDU(uint8_t* ingest, int len_ingest);
 void Crypto_TM_updateOCF(void);
+uint32_t Crypto_Prepare_TM_AAD(const uint8_t* buffer, uint16_t len_aad, const uint8_t* abm_buffer, uint8_t* aad);
 void Crypto_Local_Config(void);
 void Crypto_Local_Init(void);
 // int32_t  Crypto_gcm_err(int gcm_err);
 int32_t Crypto_window(uint8_t* actual, uint8_t* expected, int length, int window);
 // int32_t Crypto_compare_less_equal(uint8_t* actual, uint8_t* expected, int length);
 // int32_t  Crypto_FECF(int fecf, uint8_t* ingest, int len_ingest,TC_t* tc_frame);
-uint16_t Crypto_Calc_FECF(uint8_t* ingest, int len_ingest);
+uint16_t Crypto_Calc_FECF(const uint8_t* ingest, int len_ingest);
 void Crypto_Calc_CRC_Init_Table(void);
 uint16_t Crypto_Calc_CRC16(uint8_t* data, int size);
 int32_t Crypto_Check_Anti_Replay(SecurityAssociation_t *sa_ptr, uint8_t *arsn, uint8_t *iv);
@@ -161,7 +163,7 @@ int32_t Crypto_Get_Managed_Parameters_For_Gvcid(uint8_t tfvn, uint16_t scid, uin
                                                        GvcidManagedParameters_t** managed_parameters_out);
 int32_t crypto_config_add_gvcid_managed_parameter_recursion(uint8_t tfvn, uint16_t scid, uint8_t vcid,
                                                                    uint8_t has_fecf, uint8_t has_segmentation_hdr,
-                                                                   uint16_t max_tc_frame_size,
+                                                                   uint16_t max_frame_size,
                                                                    GvcidManagedParameters_t* managed_parameter);
 void Crypto_Free_Managed_Parameters(GvcidManagedParameters_t* managed_parameters);
 
@@ -173,7 +175,10 @@ extern char* crypto_deep_copy_string(char* src_string);
 */ 
 // Data stores used in multiple components
 extern CCSDS_t sdls_frame;
-extern TM_t tm_frame;
+// extern TM_t tm_frame;
+extern uint8_t tm_frame[1786];
+extern TM_FramePrimaryHeader_t tm_frame_pri_hdr; 
+extern TM_FrameSecurityHeader_t tm_frame_sec_hdr; // Used to reduce bit math duplication
 
 // Global configuration structs
 extern CryptoConfig_t* crypto_config;
@@ -187,8 +192,6 @@ extern CryptographyInterface cryptography_if;
 
 // extern crypto_key_t ak_ring[NUM_KEYS];
 extern CCSDS_t sdls_frame;
-extern TM_t tm_frame;
-extern CryptoConfig_t* crypto_config;
 extern SadbMariaDBConfig_t* sadb_mariadb_config;
 extern GvcidManagedParameters_t* gvcid_managed_parameters;
 extern GvcidManagedParameters_t* current_managed_parameters;
@@ -210,4 +213,4 @@ extern uint8_t badFECF;
 extern uint32_t crc32Table[256];
 extern uint16_t crc16Table[256];
 
-#endif // _crypto_h_
+#endif // _crypto_h_z
diff --git a/include/crypto_config.h b/include/crypto_config.h
@@ -61,7 +61,7 @@
 #define TC_MAX_FRAME_SIZE 1024
 
 // Spacecraft Defines
-#define SCID 0x0003 // 0xC3D2
+#define SCID 0x0003 //44 //0x0003 // 0xC3D2
 
 // Functionality Defines
 #define INCREMENT

diff --git a/include/crypto_config_structs.h b/include/crypto_config_structs.h
@@ -41,18 +41,31 @@ typedef enum
 typedef enum
 {
     TC_NO_FECF,
-    TC_HAS_FECF
-} TcFecfPresent;
+    TC_HAS_FECF,
+    TM_NO_FECF,
+    TM_HAS_FECF
+} FecfPresent;
 typedef enum
 {
-    TC_NO_SEGMENT_HDRS,
-    TC_HAS_SEGMENT_HDRS
-} TcSegmentHdrsPresent;
+    CRYPTO_TC_CREATE_FECF_FALSE,
+    CRYPTO_TC_CREATE_FECF_TRUE,
+    CRYPTO_TM_CREATE_FECF_FALSE,
+    CRYPTO_TM_CREATE_FECF_TRUE
+} CreateFecfBool;
 typedef enum
 {
-    CRYPTO_TC_CREATE_FECF_FALSE,
-    CRYPTO_TC_CREATE_FECF_TRUE
-} TcCreateFecfBool;
+    TC_CHECK_FECF_FALSE,
+    TC_CHECK_FECF_TRUE,
+    TM_CHECK_FECF_FALSE,
+    TM_CHECK_FECF_TRUE
+} CheckFecfBool;
+// TC specific enums
+typedef enum
+{
+    TC_NO_SEGMENT_HDRS,
+    TC_HAS_SEGMENT_HDRS,
+    TM_SEGMENT_HDRS_NA
+} TcSegmentHdrsPresent;
 typedef enum
 {
     TC_PROCESS_SDLS_PDUS_FALSE,
@@ -79,16 +92,24 @@ typedef enum
     TC_UNIQUE_SA_PER_MAP_ID_TRUE
 } TcUniqueSaPerMapId;
 typedef enum
-{
-    TC_CHECK_FECF_FALSE,
-    TC_CHECK_FECF_TRUE
-} TcCheckFecfBool;
-typedef enum
 {
     SA_INCREMENT_NONTRANSMITTED_IV_FALSE,
     SA_INCREMENT_NONTRANSMITTED_IV_TRUE
 } SaIncrementNonTransmittedIvPortion;
-
+// TM specific enums
+typedef enum
+{
+    AOS_NO_OCF,
+    AOS_HAS_OCF,
+    TC_OCF_NA,
+    TM_NO_OCF,
+    TM_HAS_OCF
+} OcfPresent;
+typedef enum
+{
+    TM_NO_SECONDARY_HDR,
+    TM_HAS_SECONDARY_HDR
+} TmSecondaryHdrPresent;
 typedef enum
 {
     CAM_ENABLED_FALSE,
@@ -125,14 +146,14 @@ typedef struct
 {
     SadbType sadb_type;
     CryptographyType cryptography_type;
-    TcCreateFecfBool crypto_create_fecf; // Whether or not CryptoLib is expected to calculate TC FECFs and return
+    CreateFecfBool crypto_create_fecf; // Whether or not CryptoLib is expected to calculate TC FECFs and return
                                          // payloads with the FECF
     TcProcessSdlsPdus process_sdls_pdus; // Config to process SDLS extended procedure PDUs in CryptoLib
     TcPusHdrPresent has_pus_hdr;
     TcIgnoreSaState ignore_sa_state; // TODO - add logic that uses this configuration
     TcIgnoreAntiReplay ignore_anti_replay;
     TcUniqueSaPerMapId unique_sa_per_mapid;
-    TcCheckFecfBool crypto_check_fecf;
+    CheckFecfBool crypto_check_fecf;
     uint8_t vcid_bitmask;
     uint8_t crypto_increment_nontransmitted_iv; // Whether or not CryptoLib increments the non-transmitted portion of the IV field
 } CryptoConfig_t;
@@ -144,9 +165,10 @@ struct _GvcidManagedParameters_t
     uint8_t tfvn : 4;   // Transfer Frame Version Number
     uint16_t scid : 10; // SpacecraftID
     uint8_t vcid : 6;   // Virtual Channel ID
-    TcFecfPresent has_fecf;
+    FecfPresent has_fecf;
     TcSegmentHdrsPresent has_segmentation_hdr;
-    uint16_t max_tc_frame_size; // Maximum TC Frame Length with headers
+    uint16_t max_frame_size; // Maximum TC/TM Frame Length with headers
+    OcfPresent has_ocf;
     GvcidManagedParameters_t* next; // Will be a list of managed parameters!
 };
 #define GVCID_MANAGED_PARAMETERS_SIZE (sizeof(GvcidManagedParameters_t))

diff --git a/include/crypto_error.h b/include/crypto_error.h
@@ -114,6 +114,8 @@
 #define CRYPTO_LIB_ERR_UNSUPPORTED_ECS_MODE (-42)
 #define CRYPTO_LIB_ERR_NULL_MODE_PTR (-43)
 #define CRYPTO_LIB_ERR_UNSUPPORTED_MODE (-44)
+#define CRYPTO_LIB_ERR_INPUT_FRAME_TOO_SHORT_FOR_TM_STANDARD (-45)
+#define CRYPTO_LIB_ERR_TC_ENUM_USED_FOR_TM_CONFIG (-46)
 
 extern char *crypto_enum_errlist_core[];
 extern char *crypto_enum_errlist_config[];

diff --git a/include/crypto_print.h b/include/crypto_print.h
@@ -34,7 +34,7 @@ void Crypto_clcwPrint(TM_FrameCLCW_t* clcw);
 void Crypto_fsrPrint(SDLS_FSR_t* report);
 void Crypto_ccsdsPrint(CCSDS_t* sdls_frame);
 void Crypto_saPrint(SecurityAssociation_t* sa);
-void Crypto_hexprint(void* c, size_t n);
+void Crypto_hexprint(const void* c, size_t n);
 void Crypto_binprint(void* c, size_t n);
 void Crypto_mpPrint(GvcidManagedParameters_t* managed_parameters, uint8_t print_children);
 #endif
diff --git a/include/crypto_structs.h b/include/crypto_structs.h
@@ -59,8 +59,8 @@ typedef struct
     char*    ek_ref; // Encryption Key Reference (Used with string-referenced keystores,EG-PKCS12 keystores, KMC crypto)
     char*    ak_ref; // Authentication Key Reference (Used with string-referenced keystores,EG-PKCS12 keystores, KMC crypto)
     uint8_t sa_state : 2;
-    crypto_gvcid_t gvcid_tc_blk;
-    crypto_gvcid_t gvcid_tm_blk[NUM_GVCID];
+    crypto_gvcid_t gvcid_blk;
+    // crypto_gvcid_t gvcid_tm_blk[NUM_GVCID];
     uint8_t lpid;
 
     // Configuration

diff --git a/include/cryptography_interface.h b/include/cryptography_interface.h
@@ -54,12 +54,12 @@ typedef struct
                                          uint8_t* aad, uint32_t aad_len,
                                          uint8_t ecs, uint8_t acs, char* cam_cookies);
     int32_t (*cryptography_validate_authentication)(uint8_t* data_out, size_t len_data_out,
-                                         uint8_t* data_in, size_t len_data_in,
+                                         const uint8_t* data_in, const size_t len_data_in,
                                          uint8_t* key, uint32_t len_key,
                                          SecurityAssociation_t* sa_ptr,
-                                         uint8_t* iv, uint32_t iv_len,
-                                         uint8_t* mac, uint32_t mac_size,
-                                         uint8_t* aad, uint32_t aad_len,
+                                         const uint8_t* iv, uint32_t iv_len,
+                                         const uint8_t* mac, uint32_t mac_size,
+                                         const uint8_t* aad, uint32_t aad_len,
                                          uint8_t ecs, uint8_t acs, char* cam_cookies);
     int32_t (*cryptography_aead_encrypt)(uint8_t* data_out, size_t len_data_out,
                                          uint8_t* data_in, size_t len_data_in,

diff --git a/..._cryptography/src_kmc_crypto_service/cryptography_interface_kmc_crypto_service.template.c b/..._cryptography/src_kmc_crypto_service/cryptography_interface_kmc_crypto_service.template.c
@@ -67,13 +67,13 @@ static int32_t cryptography_authenticate(uint8_t* data_out, size_t len_data_out,
                                          uint8_t* aad, uint32_t aad_len,
                                          uint8_t ecs, uint8_t acs, char* cam_cookies);
 static int32_t cryptography_validate_authentication(uint8_t* data_out, size_t len_data_out,
-                                                    uint8_t* data_in, size_t len_data_in,
-                                                    uint8_t* key, uint32_t len_key,
-                                                    SecurityAssociation_t* sa_ptr,
-                                                    uint8_t* iv, uint32_t iv_len,
-                                                    uint8_t* mac, uint32_t mac_size,
-                                                    uint8_t* aad, uint32_t aad_len,
-                                                    uint8_t ecs, uint8_t acs, char* cam_cookies);
+                                         const uint8_t* data_in, const size_t len_data_in,
+                                         uint8_t* key, uint32_t len_key,
+                                         SecurityAssociation_t* sa_ptr,
+                                         const uint8_t* iv, uint32_t iv_len,
+                                         const uint8_t* mac, uint32_t mac_size,
+                                         const uint8_t* aad, uint32_t aad_len,
+                                         uint8_t ecs, uint8_t acs, char* cam_cookies);
 static int32_t cryptography_aead_encrypt(uint8_t* data_out, size_t len_data_out,
                                          uint8_t* data_in, size_t len_data_in,
                                          uint8_t* key, uint32_t len_key,
@@ -653,7 +653,6 @@ static int32_t cryptography_decrypt(uint8_t* data_out, size_t len_data_out,
     return status;
 }
 
-
 static int32_t cryptography_authenticate(uint8_t* data_out, size_t len_data_out,
                                          uint8_t* data_in, size_t len_data_in,
                                          uint8_t* key, uint32_t len_key,
@@ -883,13 +882,14 @@ static int32_t cryptography_authenticate(uint8_t* data_out, size_t len_data_out,
     memcpy(mac,icv_decoded, mac_size);
     return status;
 }
+
 static int32_t cryptography_validate_authentication(uint8_t* data_out, size_t len_data_out,
-                                                    uint8_t* data_in, size_t len_data_in,
+                                                    const uint8_t* data_in, const size_t len_data_in,
                                                     uint8_t* key, uint32_t len_key,
                                                     SecurityAssociation_t* sa_ptr,
-                                                    uint8_t* iv, uint32_t iv_len,
-                                                    uint8_t* mac, uint32_t mac_size,
-                                                    uint8_t* aad, uint32_t aad_len,
+                                                    const uint8_t* iv, uint32_t iv_len,
+                                                    const uint8_t* mac, uint32_t mac_size,
+                                                    const uint8_t* aad, uint32_t aad_len,
                                                     uint8_t ecs, uint8_t acs, char* cam_cookies)
 {
     int32_t status = CRYPTO_LIB_SUCCESS;
@@ -922,7 +922,7 @@ static int32_t cryptography_validate_authentication(uint8_t* data_out, size_t le
     {
         return status;
     }
-    uint8_t* auth_payload = aad;
+    const uint8_t* auth_payload = aad;
     size_t auth_payload_len = aad_len;
 
     // Base64 URL encode MAC for KMC REST Encrypt
@@ -1075,6 +1075,7 @@ static int32_t cryptography_validate_authentication(uint8_t* data_out, size_t le
 
     return status;
 }
+
 static int32_t cryptography_aead_encrypt(uint8_t* data_out, size_t len_data_out,
                                          uint8_t* data_in, size_t len_data_in,
                                          uint8_t* key, uint32_t len_key,
@@ -1360,6 +1361,7 @@ static int32_t cryptography_aead_encrypt(uint8_t* data_out, size_t len_data_out,
     free(chunk_read);
     return status;
 }
+
 static int32_t cryptography_aead_decrypt(uint8_t* data_out, size_t len_data_out,
                                          uint8_t* data_in, size_t len_data_in,
                                          uint8_t* key, uint32_t len_key,