Merge remote-tracking branch 'origin/dev' into cryptolib#144-WolfSSL

nasa · Sep 20, 2023 · bc252d1 · bc252d1
2 parents df2159c + bd6b016
commit bc252d1
Show file tree

Hide file tree

Showing 12 changed files with 869 additions and 556 deletions.
diff --git a/include/crypto.h b/include/crypto.h
@@ -30,6 +30,7 @@
 #include <stdlib.h>
 #endif
 
+#include <string.h>
 #include "crypto_config.h"
 #include "crypto_config_structs.h"
 #include "crypto_error.h"
@@ -100,7 +101,7 @@ extern int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint
                                        uint8_t** pp_enc_frame, uint16_t* p_enc_frame_len, char* cam_cookies);
 extern int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t* ingest, int *len_ingest, TC_t* tc_sdls_processed_frame, char* cam_cookies);
 // Telemetry (TM)
-extern int32_t Crypto_TM_ApplySecurity(SecurityAssociation_t *sa_ptr);
+extern int32_t Crypto_TM_ApplySecurity(uint8_t* pTfBuffer);
 extern int32_t Crypto_TM_ProcessSecurity(uint8_t* p_ingest, uint16_t len_ingest, uint8_t** pp_processed_frame, uint16_t *p_decrypted_length);
 // Advanced Orbiting Systems (AOS)
 extern int32_t Crypto_AOS_ApplySecurity(uint8_t* ingest, int *len_ingest);
@@ -163,6 +164,10 @@ int32_t Crypto_User_ModifyVCID(void);
 int32_t Crypto_Process_Extended_Procedure_Pdu(TC_t* tc_sdls_processed_frame, uint8_t* ingest);
 int32_t Crypto_PDU(uint8_t* ingest, TC_t* tc_frame);
 
+// Helper length functions
+int32_t Crypto_Get_Security_Header_Length(SecurityAssociation_t* sa_ptr);
+int32_t Crypto_Get_Security_Trailer_Length(SecurityAssociation_t* sa_ptr);
+
 // Managed Parameter Functions
 int32_t Crypto_Get_Managed_Parameters_For_Gvcid(uint8_t tfvn, uint16_t scid, uint8_t vcid,
                                                        GvcidManagedParameters_t* managed_parameters_in,

diff --git a/include/crypto_config.h b/include/crypto_config.h
@@ -61,7 +61,7 @@
 #define TC_MAX_FRAME_SIZE 1024
 
 // Spacecraft Defines
-#define SCID 0x0003 //44 //0x0003 // 0xC3D2
+#define SCID 0x0003
 
 // Functionality Defines
 #define INCREMENT
@@ -175,7 +175,7 @@
 #define TLV_DATA_SIZE 494 /* bytes */
 
 // TM Defines
-#define TM_FRAME_DATA_SIZE 1740 /* bytes */
+#define TM_FRAME_DATA_SIZE 1786 /* bytes */
 #define TM_FILL_SIZE 1145       /* bytes */
 #define TM_PAD_SIZE 2           /* bytes */
 
@@ -184,6 +184,15 @@
     4 // VCID which has SDLS PDUs (JPL uses VCIDs to determine TC type, there is no space packet layer with APIDs). Set
       // to -1 if uses SP APIDs.
 
+// TM Behavior Defines
+#define TM_CADU_HAS_ASM 1 // Skip 0x1acffc1d at beginning of each frame
+// TM CADU based on ASM, currently only holds non-turbo ASM
+#ifdef TM_CADU_HAS_ASM
+   #define TM_CADU_SIZE (TM_FRAME_DATA_SIZE + 6)
+#else
+   #define TM_CADU_SIZE TM_FRAME_DATA_SIZE
+#endif
+
 // Logic Behavior Defines
 #define CRYPTO_FALSE 0
 #define CRYPTO_TRUE 1

diff --git a/src/core/crypto.c b/src/core/crypto.c
@@ -35,8 +35,8 @@ CFS_MODULE_DECLARE_LIB(crypto);
 // crypto_key_t ak_ring[NUM_KEYS];
 CCSDS_t sdls_frame;
 // TM_t tm_frame;
-uint8_t tm_frame[1786]; // Testing
-TM_FramePrimaryHeader_t tm_frame_pri_hdr; // Used to reduce bit math duplication
+uint8_t tm_frame[1786];                    // Testing
+TM_FramePrimaryHeader_t tm_frame_pri_hdr;  // Used to reduce bit math duplication
 TM_FrameSecurityHeader_t tm_frame_sec_hdr; // Used to reduce bit math duplication
 // OCF
 uint8_t ocf = 0;
@@ -70,19 +70,18 @@ uint8_t Crypto_Is_AEAD_Algorithm(uint32_t cipher_suite_id)
     // CryptoLib only supports AES-GCM, which is an AEAD (Authenticated Encryption with Associated Data) algorithm, so
     // return true/1.
     // TODO - Add cipher suite mapping to which algorithms are AEAD and which are not.
-    if((cipher_suite_id == CRYPTO_CIPHER_AES256_GCM) || (cipher_suite_id == CRYPTO_CIPHER_AES256_CBC_MAC))
+    if ((cipher_suite_id == CRYPTO_CIPHER_AES256_GCM) || (cipher_suite_id == CRYPTO_CIPHER_AES256_CBC_MAC))
     {
-        #ifdef DEBUG
-            printf(KYEL "CRYPTO IS AEAD? : TRUE\n" RESET);
-        #endif
+#ifdef DEBUG
+        printf(KYEL "CRYPTO IS AEAD? : TRUE\n" RESET);
+#endif
         return CRYPTO_TRUE;
-
     }
     else
-    {   
-        #ifdef DEBUG
-            printf(KYEL "CRYPTO IS AEAD? : FALSE\n" RESET);
-        #endif
+    {
+#ifdef DEBUG
+        printf(KYEL "CRYPTO IS AEAD? : FALSE\n" RESET);
+#endif
         return CRYPTO_FALSE;
     }
 }
@@ -109,7 +108,7 @@ int32_t Crypto_increment(uint8_t* num, int length)
 
     if (i < 0) /* this means num[0] was incremented and overflowed */
     {
-        for(i=0; i<length; i++)
+        for (i = 0; i < length; i++)
         {
             num[i] = 0;
         }
@@ -141,7 +140,7 @@ int32_t Crypto_window(uint8_t* actual, uint8_t* expected, int length, int window
 #ifdef DEBUG
         printf("Crypto_Window expected ptr is NULL\n");
 #endif
-        return status;        
+        return status;
     }
     if (expected == NULL)
     {
@@ -153,14 +152,14 @@ int32_t Crypto_window(uint8_t* actual, uint8_t* expected, int length, int window
     // Check for special case where received value is all 0's and expected is all 0's (won't have -1 in sa!)
     // Received ARSN is: 00000000, SA ARSN is: 00000000
     uint8_t zero_case = CRYPTO_TRUE;
-    for(i = 0; i < length; i++)
+    for (i = 0; i < length; i++)
     {
-        if (actual[i] != 0 || expected[i] != 0 )
+        if (actual[i] != 0 || expected[i] != 0)
         {
             zero_case = CRYPTO_FALSE;
         }
     }
-    if(zero_case == CRYPTO_TRUE)
+    if (zero_case == CRYPTO_TRUE)
     {
         status = CRYPTO_LIB_SUCCESS;
         return status;
@@ -174,9 +173,9 @@ int32_t Crypto_window(uint8_t* actual, uint8_t* expected, int length, int window
 
 #ifdef DEBUG
         printf("Checking Frame Against Incremented Window:\n");
-        Crypto_hexprint(temp,length);
+        Crypto_hexprint(temp, length);
 #endif
-        
+
         result = 0;
         /* go from right (least significant) to left (most signifcant) */
         for (j = length - 1; j >= 0; --j)
@@ -235,8 +234,9 @@ int32_t Crypto_compare_less_equal(uint8_t* actual, uint8_t* expected, int length
 uint8_t Crypto_Prep_Reply(uint8_t* ingest, uint8_t appID)
 {
     uint8_t count = 0;
-    if(ingest == NULL) return count;
-
+    if (ingest == NULL)
+        return count;
+
     // Prepare CCSDS for reply
     sdls_frame.hdr.pvn = 0;
     sdls_frame.hdr.type = 0;
@@ -805,7 +805,7 @@ int32_t Crypto_Process_Extended_Procedure_Pdu(TC_t* tc_sdls_processed_frame, uin
 /*
 ** @brief: Check IVs and ARSNs to ensure within valid positive window if applicable
 */
-int32_t Crypto_Check_Anti_Replay(SecurityAssociation_t *sa_ptr, uint8_t *arsn, uint8_t *iv)
+int32_t Crypto_Check_Anti_Replay(SecurityAssociation_t* sa_ptr, uint8_t* arsn, uint8_t* iv)
 {
     int32_t status = CRYPTO_LIB_SUCCESS;
     int8_t IV_VALID = -1;
@@ -861,7 +861,8 @@ int32_t Crypto_Check_Anti_Replay(SecurityAssociation_t *sa_ptr, uint8_t *arsn, u
         if(crypto_config.crypto_increment_nontransmitted_iv == SA_INCREMENT_NONTRANSMITTED_IV_TRUE)
         {
             status = Crypto_window(iv, sa_ptr->iv, sa_ptr->iv_len, sa_ptr->arsnw);
-        } else // SA_INCREMENT_NONTRANSMITTED_IV_FALSE
+        }
+        else // SA_INCREMENT_NONTRANSMITTED_IV_FALSE
         {
             // Whole IV gets checked in MAC validation previously, this only verifies transmitted portion is what we expect.
             status = Crypto_window(iv, sa_ptr->iv + (sa_ptr->iv_len - sa_ptr->shivf_len), sa_ptr->shivf_len, sa_ptr->arsnw);
@@ -888,11 +889,11 @@ int32_t Crypto_Check_Anti_Replay(SecurityAssociation_t *sa_ptr, uint8_t *arsn, u
         else
         {
             IV_VALID = CRYPTO_TRUE;
-            //memcpy(sa_ptr->iv, iv, sa_ptr->iv_len);
+            // memcpy(sa_ptr->iv, iv, sa_ptr->iv_len);
         }
     }
     // IV length is greater than zero, but not using an incrementing IV as in GCM
-    // we can't verify this internally as Crpytolib doesn't track previous IVs 
+    // we can't verify this internally as Crpytolib doesn't track previous IVs
     // or generate random ones
     // else{}
 
@@ -927,47 +928,88 @@ int32_t Crypto_Check_Anti_Replay(SecurityAssociation_t *sa_ptr, uint8_t *arsn, u
 */
 int32_t Crypto_Get_ECS_Algo_Keylen(uint8_t algo)
 {
-    int32_t retval= -1;
+    int32_t retval = -1;
 
-    switch(algo){
-        case CRYPTO_CIPHER_AES256_GCM:
-            retval = 32;
-            break;
-        case CRYPTO_CIPHER_AES256_CBC:
-            retval = 32;
-            break;
-        case CRYPTO_CIPHER_AES256_CCM:
-            retval = 32;
-            break;
-        default:
-            break;
+    switch (algo)
+    {
+    case CRYPTO_CIPHER_AES256_GCM:
+        retval = 32;
+        break;
+    case CRYPTO_CIPHER_AES256_CBC:
+        retval = 32;
+        break;
+    case CRYPTO_CIPHER_AES256_CCM:
+        retval = 32;
+        break;
+    default:
+        break;
     }
 
     return retval;
 }
 
-
 /*
 ** @brief: For a given algorithm, return the associated key length in bytes
 ** @param: algo
 */
 int32_t Crypto_Get_ACS_Algo_Keylen(uint8_t algo)
 {
-    int32_t retval= -1;
+    int32_t retval = -1;
 
-    switch(algo){
-        case CRYPTO_MAC_CMAC_AES256:
-            retval = 32;
-            break;
-        case CRYPTO_MAC_HMAC_SHA256:
-            retval = 32;
-            break;
-        case CRYPTO_MAC_HMAC_SHA512:
-            retval = 64;
-            break;
-        default:
-            break;
+    switch (algo)
+    {
+    case CRYPTO_MAC_CMAC_AES256:
+        retval = 32;
+        break;
+    case CRYPTO_MAC_HMAC_SHA256:
+        retval = 32;
+        break;
+    case CRYPTO_MAC_HMAC_SHA512:
+        retval = 64;
+        break;
+    default:
+        break;
     }
 
     return retval;
+}
+
+int32_t Crypto_Get_Security_Header_Length(SecurityAssociation_t* sa_ptr)
+{
+    /* Narrator's Note: Leaving this here for future work
+    ** eventually we need a way to reconcile cryptolib managed parameters with TO managed parameters
+    GvcidManagedParameters_t* temp_current_managed_parameters = NULL;
+    Crypto_Get_Managed_Parameters_For_Gvcid(tfvn, scid, vcid,
+                                            gvcid_managed_parameters, temp_current_managed_parameters);
+    */
+
+    if (!sa_ptr) 
+    { 
+#ifdef DEBUG
+        printf(KRED "Get_Security_Header_Length passed Null SA!\n" RESET);
+#endif
+        return CRYPTO_LIB_ERR_NULL_SA;
+    }
+    uint16_t securityHeaderLength = 2; // Start with SPI
+
+    securityHeaderLength += sa_ptr->shivf_len + sa_ptr->shsnf_len + sa_ptr->shplf_len;
+
+    return securityHeaderLength;
+}
+
+int32_t Crypto_Get_Security_Trailer_Length(SecurityAssociation_t* sa_ptr)
+{
+    if (!sa_ptr) 
+    { 
+#ifdef DEBUG
+        printf(KRED "Get_Trailer_Header_Length passed Null SA!\n" RESET);
+#endif
+        return CRYPTO_LIB_ERR_NULL_SA;
+    }
+    uint16_t securityTrailerLength = 0;
+
+    securityTrailerLength = sa_ptr->stmacf_len;
+
+    return securityTrailerLength;
+
 }
diff --git a/src/core/crypto_config.c b/src/core/crypto_config.c
@@ -75,6 +75,7 @@ int32_t Crypto_Init_TC_Unit_Test(void)
     Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024);
     Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 4, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024);
     status = Crypto_Init();
+    printf("Crypto_Init TC Called.\n");
     return status;
 }
 
@@ -90,7 +91,9 @@ int32_t Crypto_Init_TM_Unit_Test(void)
                             TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE,
                             TM_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE);
     // TM Tests
-    Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786);
+    Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786);
+    Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_NO_FECF, TM_SEGMENT_HDRS_NA, 1786);
+    Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0042, 0, TM_NO_FECF, TM_SEGMENT_HDRS_NA, 1786);
     status = Crypto_Init();
     return status;
 }