Merge pull request #333 from nasa/331-combine-extended-procedures-bra…

…nches-and-test-before-merging-to-dev

331 combine extended procedures branches and test before merging to dev

.github/workflows/build.yml

@@ -11,31 +11,33 @@ jobs:
   minimal_build:
     # Container Setup
     runs-on: ubuntu-latest
+    container:
+        image: ivvitc/cryptolib:20240814
     steps:
     - uses: actions/checkout@v4
     - name: Update
-      run: sudo apt-get update
+      run: apt-get update
     - name: Install Dependencies
-      run: sudo apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat python3 
+      run: apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat python3
     - name: Install Python Libraries
-      run: sudo pip install pycryptodome
+      run: pip install pycryptodome
     - name: Install Libgcrypt
       run: >
         curl  
         -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 
         -o /tmp/libgpg-error-1.50.tar.bz2 
         && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ 
         && cd /tmp/libgpg-error-1.50 
-        && sudo ./configure 
-        && sudo make install 
+        && ./configure 
+        && make install 
         && curl  
         -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 
         -o /tmp/libgcrypt-1.11.0.tar.bz2 
         && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ 
         && cd /tmp/libgcrypt-1.11.0 
-        && sudo ./configure 
-        && sudo make install
-        && sudo ldconfig
+        && ./configure 
+        && make install
+        && ldconfig
     # End Container Setup
 
     - name: Minimal Build Script
@@ -48,31 +50,33 @@ jobs:
   internal_build:
     # Container Setup
     runs-on: ubuntu-latest
+    container:
+        image: ivvitc/cryptolib:20240814
     steps:
     - uses: actions/checkout@v4
     - name: Update
-      run: sudo apt-get update
+      run: apt-get update
     - name: Install Dependencies
-      run: sudo apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat python3
+      run: apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat python3
     - name: Install Python Libraries
-      run: sudo pip install pycryptodome
+      run: pip install pycryptodome
     - name: Install Libgcrypt
       run: >
         curl  
         -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 
         -o /tmp/libgpg-error-1.50.tar.bz2 
         && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ 
         && cd /tmp/libgpg-error-1.50 
-        && sudo ./configure 
-        && sudo make install 
+        && ./configure 
+        && make install 
         && curl  
         -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 
         -o /tmp/libgcrypt-1.11.0.tar.bz2 
         && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ 
         && cd /tmp/libgcrypt-1.11.0 
-        && sudo ./configure 
-        && sudo make install
-        && sudo ldconfig
+        && ./configure 
+        && make install
+        && ldconfig
     # End Container Setup
 
     - name: Internal Build Script
@@ -146,31 +150,33 @@ jobs:
   wolf_build:
     # Container Setup
     runs-on: ubuntu-latest
+    container:
+        image: ivvitc/cryptolib:20240814
     steps:
     - uses: actions/checkout@v4
     - name: Update
-      run: sudo apt-get update
+      run: apt-get update
     - name: Install Dependencies
-      run: sudo apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat python3 autoconf libtool
+      run: apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat python3 autoconf libtool
     - name: Install Python Libraries
-      run: sudo pip install pycryptodome
+      run: pip install pycryptodome
     - name: Install Libgcrypt
       run: >
         curl  
         -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 
         -o /tmp/libgpg-error-1.50.tar.bz2 
         && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ 
         && cd /tmp/libgpg-error-1.50 
-        && sudo ./configure 
-        && sudo make install 
+        && ./configure 
+        && make install 
         && curl  
         -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 
         -o /tmp/libgcrypt-1.11.0.tar.bz2 
         && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ 
         && cd /tmp/libgcrypt-1.11.0 
-        && sudo ./configure 
-        && sudo make install
-        && sudo ldconfig
+        && ./configure 
+        && make install
+        && ldconfig
     - name: Clone WolfSSL
       run: git clone --depth 1 --branch v5.6.0-stable https://github.com/wolfSSL/wolfssl.git /tmp/wolfssl
 
@@ -188,8 +194,8 @@ jobs:
            cd /tmp/wolfssl/build;
            cmake -DWOLFSSL_AESCCM=yes -DWOLFSSL_AESSIV=yes -DWOLFSSL_CMAC=yes ..;
            cmake --build .;
-           sudo make install;
-           sudo ldconfig;
+           make install;
+           ldconfig;
     # End Container Setup
 
     - name: Wolf Build Script
@@ -262,4 +268,4 @@ jobs:
         CODECOV_TOKEN: 71699f25-12a3-44a4-8a83-be777b9e577a
       with:
         files: 'coverage/*.c.gcov'
-        verbose: true
+        verbose: true

.github/workflows/codeql.yml

@@ -21,6 +21,8 @@ jobs:
   build_internal:
     name: Analyze Build_Internal
     runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
+    container:
+        image: ivvitc/cryptolib:20240814
     permissions:
       # required for all workflows
       security-events: write
@@ -71,6 +73,8 @@ jobs:
   build_minimal:
       name: Analyze Build_Minimal
       runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
+      container:
+        image: ivvitc/cryptolib:20240814
       permissions:
         # required for all workflows
         security-events: write
@@ -121,6 +125,8 @@ jobs:
   build_wolf:
       name: Analyze Build_Wolf
       runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
+      container:
+        image: ivvitc/cryptolib:20240814
       permissions:
         # required for all workflows
         security-events: write
@@ -153,29 +159,29 @@ jobs:
            cd /tmp/wolfssl/build;
            cmake -DWOLFSSL_AESCCM=yes -DWOLFSSL_AESSIV=yes -DWOLFSSL_CMAC=yes ..;
            cmake --build .;
-           sudo make install;
-           sudo ldconfig;
+           make install;
+           ldconfig;
       - name: Install Dependencies
         run: |
-          sudo apt-get update
-          sudo apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat python3 autoconf libtool
+          apt-get update
+          apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat python3 autoconf libtool
 
       - name: Install Python Libraries
-        run: sudo pip install pycryptodome
+        run: pip install pycryptodome
 
       - name: Update Dependencies
         run: >
           curl -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 -o /tmp/libgpg-error-1.50.tar.bz2 
           && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ 
           && cd /tmp/libgpg-error-1.50 
-          && sudo ./configure 
-          && sudo make install 
+          && ./configure 
+          && make install 
           && curl -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 -o /tmp/libgcrypt-1.11.0.tar.bz2 
           && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ 
           && cd /tmp/libgcrypt-1.11.0 
-          && sudo ./configure 
-          && sudo make install
-          && sudo ldconfig
+          && ./configure 
+          && make install
+          && ldconfig
       
       - name: Checkout repository
         uses: actions/checkout@v4
@@ -200,6 +206,8 @@ jobs:
   build_rhel:
       name: Analyze Build_RHEL
       runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
+      container:
+        image: ivvitc/cryptolib:20240814
       permissions:
         # required for all workflows
         security-events: write

.gitignore

@@ -16,3 +16,17 @@ venv
 vgcore*
 core.*
 log.txt
+cmake_install.cmake
+CMakeCache.txt
+CTestTestfile.cmake
+DartConfiguration.tcl
+sa_save_file.bin
+bin/*
+CMakeFiles/*
+src/cmake_install.cmake
+src/CTestTestfile.cmake
+src/CMakeFiles/*
+test/cmake_install.cmake
+test/CTestTestfile.cmake
+test/CMakeFiles/*
+Testing/Temporary/*

include/crypto.h

@@ -176,8 +176,6 @@ void Crypto_TM_Calc_PDU_MAC(uint16_t* pdu_len, uint16_t byte_idx, SecurityAssoci
 int32_t Crypto_TM_Do_Decrypt(uint8_t sa_service_type, SecurityAssociation_t* sa_ptr, uint8_t ecs_is_aead_algorithm, uint16_t byte_idx, uint8_t* p_new_dec_frame, uint16_t pdu_len, uint8_t* p_ingest, crypto_key_t* ekp, crypto_key_t* akp, uint8_t iv_loc, int mac_loc, uint16_t aad_len, uint8_t* aad, uint8_t** pp_processed_frame, uint16_t* p_decrypted_length);
 void Crypto_TM_Process_Debug_Print(uint16_t byte_idx, uint16_t pdu_len, SecurityAssociation_t* sa_ptr);
 
-
-extern uint8_t Crypto_Prep_Reply(uint8_t* ingest, uint8_t appID);
 extern int32_t Crypto_increment(uint8_t* num, int length);
 int32_t Crypto_Get_tmLength(int len);
 uint8_t Crypto_Is_AEAD_Algorithm(uint32_t cipher_suite_id);
@@ -200,11 +198,16 @@ int32_t Crypto_Check_Anti_Replay_Verify_Pointers(SecurityAssociation_t* sa_ptr,
 int32_t Crypto_Check_Anti_Replay_ARSNW(SecurityAssociation_t* sa_ptr, uint8_t* arsn, int8_t* arsn_valid);
 int32_t Crypto_Check_Anti_Replay_GCM(SecurityAssociation_t* sa_ptr, uint8_t* iv, int8_t* iv_valid);
 
+// SDLS Related Functions
+extern uint8_t Crypto_Prep_Reply(uint8_t* ingest, uint8_t appID);
+extern void Crypto_Print_Sdls_Ep_Reply(void);
+extern int32_t Crypto_Get_Sdls_Ep_Reply(uint8_t* buffer, uint16_t* length);
+
 // Key Management Functions
 int32_t Crypto_Key_OTAR(void);
 int32_t Crypto_Key_update(uint8_t state);
-int32_t Crypto_Key_inventory(uint8_t* );
-int32_t Crypto_Key_verify(uint8_t* , TC_t* tc_frame);
+int32_t Crypto_Key_inventory(uint8_t*);
+int32_t Crypto_Key_verify(TC_t* tc_frame);
 
 // Security Monitoring & Control Procedure
 int32_t Crypto_MC_ping(uint8_t* ingest);
@@ -252,6 +255,8 @@ extern char* crypto_deep_copy_string(char* src_string);
 */ 
 // Data stores used in multiple components
 extern CCSDS_t sdls_frame;
+extern SDLS_KEYV_RPLY_t sdls_ep_keyv_reply;
+extern uint8_t sdls_ep_reply[TC_MAX_FRAME_SIZE];
 // extern TM_t tm_frame;
 extern uint8_t tm_frame[1786];
 extern TM_FramePrimaryHeader_t tm_frame_pri_hdr; 
@@ -276,7 +281,6 @@ extern SaInterface sa_if;
 extern CryptographyInterface cryptography_if;
 
 // extern crypto_key_t ak_ring[NUM_KEYS];
-extern CCSDS_t sdls_frame;
 extern SadbMariaDBConfig_t* sa_mariadb_config;
 extern GvcidManagedParameters_t* gvcid_managed_parameters;
 extern GvcidManagedParameters_t* current_managed_parameters;

include/crypto_config.h

@@ -158,13 +158,13 @@
 // Service Group - Security Association Management
 #define SG_SA_MGMT 0x01 // 0b01
 #define PID_CREATE_SA 0x01 //0b0001
-#define PID_REKEY_SA 0x05 //0b0110
+#define PID_REKEY_SA 0x06 //0b0110
 #define PID_START_SA 0x0B //0b1011
 #define PID_STOP_SA 0x0E // 0b1110
 #define PID_EXPIRE_SA 0x09 // 0b1001
 #define PID_DELETE_SA 0x04 // 0b0100
 #define PID_SET_ARSN 0x0A //0b1010
-#define PID_SET_ARSNW 0x06 // 0b0101
+#define PID_SET_ARSNW 0x05 // 0b0101
 #define PID_READ_ARSN 0x00 // 0b0000
 #define PID_SA_STATUS 0x0F // 0b1111
 // Service Group - Security Monitoring & Control
@@ -205,6 +205,12 @@
 #define AOS_FRAME_DATA_SIZE 1786 /* bytes */
 #define AOS_FILL_SIZE 1145       /* bytes */
 
+// SDLS Behavior Defines
+#define SDLS_KEYV_MAX_KEYS 21  /* keys */
+#define SDLS_IV_LEN 12         /* bytes */
+#define SDLS_KEYV_KEY_ID_LEN 2 /* bytes */
+#define SDLS_KEY_LEN 32        /* bytes */
+
 // TC Behavior Defines
 #define TC_SDLS_EP_VCID                                                                                                \
     4 // VCID which has SDLS PDUs (JPL uses VCIDs to determine TC type, there is no space packet layer with APIDs). Set

include/crypto_config_structs.h

@@ -233,7 +233,7 @@ struct _GvcidManagedParameters_t
     TcSegmentHdrsPresent has_segmentation_hdr;
     uint16_t max_frame_size; // Maximum TC/TM Frame Length with headers
     OcfPresent has_ocf;
-    int set_flag; // Will be a list of managed parameters!
+    int set_flag;
 };
 #define GVCID_MANAGED_PARAMETERS_SIZE (sizeof(GvcidManagedParameters_t))
 

include/crypto_error.h

@@ -129,6 +129,7 @@
 #define CRYPTO_LIB_ERR_SPI_INDEX_OOB (-56)
 #define CRYPTO_LIB_ERR_SA_NOT_OPERATIONAL (-57)
 #define CRYPTO_LIB_ERR_IV_GREATER_THAN_MAX_LENGTH (-58)
+#define CRYPTO_LIB_ERR_KEY_STATE_TRANSITION_ERROR (-59)
 
 // Define codes for returning MDB Strings, and determining error based on strings
 #define CAM_ERROR_CODES 600
@@ -149,7 +150,7 @@
 #define CONFIGURATION_ERROR_CODES 100
 #define CONFIGURATION_ERROR_CODES_MAX 103
 
-#define CRYPTO_CORE_ERROR_CODES_MAX -57
+#define CRYPTO_CORE_ERROR_CODES_MAX -59
 
 extern char *crypto_enum_errlist_core[];
 extern char *crypto_enum_errlist_config[];