Skip to content

Commit

Permalink
Merge pull request #199 from nasa/201-cryptolib-add-tm-support
Browse files Browse the repository at this point in the history
201 cryptolib add tm support
  • Loading branch information
dccutrig authored Sep 15, 2023
2 parents 7c34694 + 448e278 commit bd6b016
Show file tree
Hide file tree
Showing 12 changed files with 869 additions and 556 deletions.
7 changes: 6 additions & 1 deletion include/crypto.h
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@
#include <stdlib.h>
#endif

#include <string.h>
#include "crypto_config.h"
#include "crypto_config_structs.h"
#include "crypto_error.h"
Expand Down Expand Up @@ -100,7 +101,7 @@ extern int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint
uint8_t** pp_enc_frame, uint16_t* p_enc_frame_len, char* cam_cookies);
extern int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t* ingest, int *len_ingest, TC_t* tc_sdls_processed_frame, char* cam_cookies);
// Telemetry (TM)
extern int32_t Crypto_TM_ApplySecurity(SecurityAssociation_t *sa_ptr);
extern int32_t Crypto_TM_ApplySecurity(uint8_t* pTfBuffer);
extern int32_t Crypto_TM_ProcessSecurity(uint8_t* p_ingest, uint16_t len_ingest, uint8_t** pp_processed_frame, uint16_t *p_decrypted_length);
// Advanced Orbiting Systems (AOS)
extern int32_t Crypto_AOS_ApplySecurity(uint8_t* ingest, int *len_ingest);
Expand Down Expand Up @@ -163,6 +164,10 @@ int32_t Crypto_User_ModifyVCID(void);
int32_t Crypto_Process_Extended_Procedure_Pdu(TC_t* tc_sdls_processed_frame, uint8_t* ingest);
int32_t Crypto_PDU(uint8_t* ingest, TC_t* tc_frame);

// Helper length functions
int32_t Crypto_Get_Security_Header_Length(SecurityAssociation_t* sa_ptr);
int32_t Crypto_Get_Security_Trailer_Length(SecurityAssociation_t* sa_ptr);

// Managed Parameter Functions
int32_t Crypto_Get_Managed_Parameters_For_Gvcid(uint8_t tfvn, uint16_t scid, uint8_t vcid,
GvcidManagedParameters_t* managed_parameters_in,
Expand Down
13 changes: 11 additions & 2 deletions include/crypto_config.h
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@
#define TC_MAX_FRAME_SIZE 1024

// Spacecraft Defines
#define SCID 0x0003 //44 //0x0003 // 0xC3D2
#define SCID 0x0003

// Functionality Defines
#define INCREMENT
Expand Down Expand Up @@ -175,7 +175,7 @@
#define TLV_DATA_SIZE 494 /* bytes */

// TM Defines
#define TM_FRAME_DATA_SIZE 1740 /* bytes */
#define TM_FRAME_DATA_SIZE 1786 /* bytes */
#define TM_FILL_SIZE 1145 /* bytes */
#define TM_PAD_SIZE 2 /* bytes */

Expand All @@ -184,6 +184,15 @@
4 // VCID which has SDLS PDUs (JPL uses VCIDs to determine TC type, there is no space packet layer with APIDs). Set
// to -1 if uses SP APIDs.

// TM Behavior Defines
#define TM_CADU_HAS_ASM 1 // Skip 0x1acffc1d at beginning of each frame
// TM CADU based on ASM, currently only holds non-turbo ASM
#ifdef TM_CADU_HAS_ASM
#define TM_CADU_SIZE (TM_FRAME_DATA_SIZE + 6)
#else
#define TM_CADU_SIZE TM_FRAME_DATA_SIZE
#endif

// Logic Behavior Defines
#define CRYPTO_FALSE 0
#define CRYPTO_TRUE 1
Expand Down
144 changes: 93 additions & 51 deletions src/core/crypto.c
Original file line number Diff line number Diff line change
Expand Up @@ -35,8 +35,8 @@ CFS_MODULE_DECLARE_LIB(crypto);
// crypto_key_t ak_ring[NUM_KEYS];
CCSDS_t sdls_frame;
// TM_t tm_frame;
uint8_t tm_frame[1786]; // Testing
TM_FramePrimaryHeader_t tm_frame_pri_hdr; // Used to reduce bit math duplication
uint8_t tm_frame[1786]; // Testing
TM_FramePrimaryHeader_t tm_frame_pri_hdr; // Used to reduce bit math duplication
TM_FrameSecurityHeader_t tm_frame_sec_hdr; // Used to reduce bit math duplication
// OCF
uint8_t ocf = 0;
Expand Down Expand Up @@ -70,19 +70,18 @@ uint8_t Crypto_Is_AEAD_Algorithm(uint32_t cipher_suite_id)
// CryptoLib only supports AES-GCM, which is an AEAD (Authenticated Encryption with Associated Data) algorithm, so
// return true/1.
// TODO - Add cipher suite mapping to which algorithms are AEAD and which are not.
if((cipher_suite_id == CRYPTO_CIPHER_AES256_GCM) || (cipher_suite_id == CRYPTO_CIPHER_AES256_CBC_MAC))
if ((cipher_suite_id == CRYPTO_CIPHER_AES256_GCM) || (cipher_suite_id == CRYPTO_CIPHER_AES256_CBC_MAC))
{
#ifdef DEBUG
printf(KYEL "CRYPTO IS AEAD? : TRUE\n" RESET);
#endif
#ifdef DEBUG
printf(KYEL "CRYPTO IS AEAD? : TRUE\n" RESET);
#endif
return CRYPTO_TRUE;

}
else
{
#ifdef DEBUG
printf(KYEL "CRYPTO IS AEAD? : FALSE\n" RESET);
#endif
{
#ifdef DEBUG
printf(KYEL "CRYPTO IS AEAD? : FALSE\n" RESET);
#endif
return CRYPTO_FALSE;
}
}
Expand All @@ -109,7 +108,7 @@ int32_t Crypto_increment(uint8_t* num, int length)

if (i < 0) /* this means num[0] was incremented and overflowed */
{
for(i=0; i<length; i++)
for (i = 0; i < length; i++)
{
num[i] = 0;
}
Expand Down Expand Up @@ -141,7 +140,7 @@ int32_t Crypto_window(uint8_t* actual, uint8_t* expected, int length, int window
#ifdef DEBUG
printf("Crypto_Window expected ptr is NULL\n");
#endif
return status;
return status;
}
if (expected == NULL)
{
Expand All @@ -153,14 +152,14 @@ int32_t Crypto_window(uint8_t* actual, uint8_t* expected, int length, int window
// Check for special case where received value is all 0's and expected is all 0's (won't have -1 in sa!)
// Received ARSN is: 00000000, SA ARSN is: 00000000
uint8_t zero_case = CRYPTO_TRUE;
for(i = 0; i < length; i++)
for (i = 0; i < length; i++)
{
if (actual[i] != 0 || expected[i] != 0 )
if (actual[i] != 0 || expected[i] != 0)
{
zero_case = CRYPTO_FALSE;
}
}
if(zero_case == CRYPTO_TRUE)
if (zero_case == CRYPTO_TRUE)
{
status = CRYPTO_LIB_SUCCESS;
return status;
Expand All @@ -174,9 +173,9 @@ int32_t Crypto_window(uint8_t* actual, uint8_t* expected, int length, int window

#ifdef DEBUG
printf("Checking Frame Against Incremented Window:\n");
Crypto_hexprint(temp,length);
Crypto_hexprint(temp, length);
#endif

result = 0;
/* go from right (least significant) to left (most signifcant) */
for (j = length - 1; j >= 0; --j)
Expand Down Expand Up @@ -235,8 +234,9 @@ int32_t Crypto_compare_less_equal(uint8_t* actual, uint8_t* expected, int length
uint8_t Crypto_Prep_Reply(uint8_t* ingest, uint8_t appID)
{
uint8_t count = 0;
if(ingest == NULL) return count;

if (ingest == NULL)
return count;

// Prepare CCSDS for reply
sdls_frame.hdr.pvn = 0;
sdls_frame.hdr.type = 0;
Expand Down Expand Up @@ -805,7 +805,7 @@ int32_t Crypto_Process_Extended_Procedure_Pdu(TC_t* tc_sdls_processed_frame, uin
/*
** @brief: Check IVs and ARSNs to ensure within valid positive window if applicable
*/
int32_t Crypto_Check_Anti_Replay(SecurityAssociation_t *sa_ptr, uint8_t *arsn, uint8_t *iv)
int32_t Crypto_Check_Anti_Replay(SecurityAssociation_t* sa_ptr, uint8_t* arsn, uint8_t* iv)
{
int32_t status = CRYPTO_LIB_SUCCESS;
int8_t IV_VALID = -1;
Expand Down Expand Up @@ -861,7 +861,8 @@ int32_t Crypto_Check_Anti_Replay(SecurityAssociation_t *sa_ptr, uint8_t *arsn, u
if(crypto_config.crypto_increment_nontransmitted_iv == SA_INCREMENT_NONTRANSMITTED_IV_TRUE)
{
status = Crypto_window(iv, sa_ptr->iv, sa_ptr->iv_len, sa_ptr->arsnw);
} else // SA_INCREMENT_NONTRANSMITTED_IV_FALSE
}
else // SA_INCREMENT_NONTRANSMITTED_IV_FALSE
{
// Whole IV gets checked in MAC validation previously, this only verifies transmitted portion is what we expect.
status = Crypto_window(iv, sa_ptr->iv + (sa_ptr->iv_len - sa_ptr->shivf_len), sa_ptr->shivf_len, sa_ptr->arsnw);
Expand All @@ -888,11 +889,11 @@ int32_t Crypto_Check_Anti_Replay(SecurityAssociation_t *sa_ptr, uint8_t *arsn, u
else
{
IV_VALID = CRYPTO_TRUE;
//memcpy(sa_ptr->iv, iv, sa_ptr->iv_len);
// memcpy(sa_ptr->iv, iv, sa_ptr->iv_len);
}
}
// IV length is greater than zero, but not using an incrementing IV as in GCM
// we can't verify this internally as Crpytolib doesn't track previous IVs
// we can't verify this internally as Crpytolib doesn't track previous IVs
// or generate random ones
// else{}

Expand Down Expand Up @@ -927,47 +928,88 @@ int32_t Crypto_Check_Anti_Replay(SecurityAssociation_t *sa_ptr, uint8_t *arsn, u
*/
int32_t Crypto_Get_ECS_Algo_Keylen(uint8_t algo)
{
int32_t retval= -1;
int32_t retval = -1;

switch(algo){
case CRYPTO_CIPHER_AES256_GCM:
retval = 32;
break;
case CRYPTO_CIPHER_AES256_CBC:
retval = 32;
break;
case CRYPTO_CIPHER_AES256_CCM:
retval = 32;
break;
default:
break;
switch (algo)
{
case CRYPTO_CIPHER_AES256_GCM:
retval = 32;
break;
case CRYPTO_CIPHER_AES256_CBC:
retval = 32;
break;
case CRYPTO_CIPHER_AES256_CCM:
retval = 32;
break;
default:
break;
}

return retval;
}


/*
** @brief: For a given algorithm, return the associated key length in bytes
** @param: algo
*/
int32_t Crypto_Get_ACS_Algo_Keylen(uint8_t algo)
{
int32_t retval= -1;
int32_t retval = -1;

switch(algo){
case CRYPTO_MAC_CMAC_AES256:
retval = 32;
break;
case CRYPTO_MAC_HMAC_SHA256:
retval = 32;
break;
case CRYPTO_MAC_HMAC_SHA512:
retval = 64;
break;
default:
break;
switch (algo)
{
case CRYPTO_MAC_CMAC_AES256:
retval = 32;
break;
case CRYPTO_MAC_HMAC_SHA256:
retval = 32;
break;
case CRYPTO_MAC_HMAC_SHA512:
retval = 64;
break;
default:
break;
}

return retval;
}

int32_t Crypto_Get_Security_Header_Length(SecurityAssociation_t* sa_ptr)
{
/* Narrator's Note: Leaving this here for future work
** eventually we need a way to reconcile cryptolib managed parameters with TO managed parameters
GvcidManagedParameters_t* temp_current_managed_parameters = NULL;
Crypto_Get_Managed_Parameters_For_Gvcid(tfvn, scid, vcid,
gvcid_managed_parameters, temp_current_managed_parameters);
*/

if (!sa_ptr)
{
#ifdef DEBUG
printf(KRED "Get_Security_Header_Length passed Null SA!\n" RESET);
#endif
return CRYPTO_LIB_ERR_NULL_SA;
}
uint16_t securityHeaderLength = 2; // Start with SPI

securityHeaderLength += sa_ptr->shivf_len + sa_ptr->shsnf_len + sa_ptr->shplf_len;

return securityHeaderLength;
}

int32_t Crypto_Get_Security_Trailer_Length(SecurityAssociation_t* sa_ptr)
{
if (!sa_ptr)
{
#ifdef DEBUG
printf(KRED "Get_Trailer_Header_Length passed Null SA!\n" RESET);
#endif
return CRYPTO_LIB_ERR_NULL_SA;
}
uint16_t securityTrailerLength = 0;

securityTrailerLength = sa_ptr->stmacf_len;

return securityTrailerLength;

}
5 changes: 4 additions & 1 deletion src/core/crypto_config.c
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,7 @@ int32_t Crypto_Init_TC_Unit_Test(void)
Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024);
Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 4, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024);
status = Crypto_Init();
printf("Crypto_Init TC Called.\n");
return status;
}

Expand All @@ -90,7 +91,9 @@ int32_t Crypto_Init_TM_Unit_Test(void)
TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE,
TM_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE);
// TM Tests
Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786);
Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786);
Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_NO_FECF, TM_SEGMENT_HDRS_NA, 1786);
Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0042, 0, TM_NO_FECF, TM_SEGMENT_HDRS_NA, 1786);
status = Crypto_Init();
return status;
}
Expand Down
Loading

0 comments on commit bd6b016

Please sign in to comment.