From c7e203c67b79d9de3ddbbb498ff05089539a8072 Mon Sep 17 00:00:00 2001 From: "Lucas, John P" Date: Thu, 21 Sep 2023 07:51:19 -0400 Subject: [PATCH] [nasa/cryptolib#144] Updates to crypto_config.c to autodetermine crypto module in use and added CMAC and SIV build flags to WolfSSL docker build; --- src/core/crypto_config.c | 26 +++++++------------ .../cryptography_interface_kmc.stub.c | 5 +--- .../cryptography_interface_libgcrypt.stub.c | 5 +--- .../cryptography_interface_wolfssl.template.c | 7 ++--- .../cryptography_interface_wolfssl.stub.c | 5 +--- support/Dockerfile | 2 +- 6 files changed, 16 insertions(+), 34 deletions(-) diff --git a/src/core/crypto_config.c b/src/core/crypto_config.c index 51b01f28..59467bcb 100644 --- a/src/core/crypto_config.c +++ b/src/core/crypto_config.c @@ -201,27 +201,22 @@ int32_t Crypto_Init(void) } // TODO: Error stack /* Crypto Interface */ - // Prepare Cryptographic Library from config - if(crypto_config.cryptography_type == CRYPTOGRAPHY_TYPE_LIBGCRYPT) + // Determine which cryptographic module is in use + cryptography_if = get_cryptography_interface_libgcrypt(); + if (cryptography_if == NULL) { - cryptography_if = get_cryptography_interface_libgcrypt(); + cryptography_if = get_cryptography_interface_wolfssl(); } - else if(crypto_config.cryptography_type == CRYPTOGRAPHY_TYPE_KMCCRYPTO) - { - if (cryptography_kmc_crypto_config == NULL) + if (cryptography_if == NULL) + { // Note this needs to be the last option in the chain due to addition configuration required + if (cryptography_kmc_crypto_config != NULL) { - status = CRYPTOGRAPHY_KMC_CRYPTO_SERVICE_CONFIGURATION_NOT_COMPLETE; - printf(KRED "ERROR: CryptoLib KMC Crypto Service Interface must be configured before intializing!\n" RESET); - return status; + cryptography_if = get_cryptography_interface_kmc_crypto_service(); } - cryptography_if = get_cryptography_interface_kmc_crypto_service(); - } - else if(crypto_config.cryptography_type == CRYPTOGRAPHY_TYPE_WOLFSSL) - { - cryptography_if = get_cryptography_interface_wolfssl(); } - else + if (cryptography_if == NULL) { + printf("Fatal Error: Unable to identify Cryptography Interface!\n"); status = CRYPTOGRAPHY_INVALID_CRYPTO_INTERFACE_TYPE; return status; } @@ -241,7 +236,6 @@ int32_t Crypto_Init(void) return status; } - // Init Security Associations status = sa_if->sa_init(); if (status==CRYPTO_LIB_SUCCESS) diff --git a/src/crypto/kmc_stub/cryptography_interface_kmc.stub.c b/src/crypto/kmc_stub/cryptography_interface_kmc.stub.c index 42386080..eb33eeb9 100644 --- a/src/crypto/kmc_stub/cryptography_interface_kmc.stub.c +++ b/src/crypto/kmc_stub/cryptography_interface_kmc.stub.c @@ -14,10 +14,7 @@ #include "cryptography_interface.h" -static CryptographyInterfaceStruct cryptography_if; - CryptographyInterface get_cryptography_interface_kmc_crypto_service(void) { - fprintf(stderr,"ERROR: Loading KMC Crypto Service cryptography interface stub source code. Rebuild CryptoLib with -DKMCCRYPTO=ON to use proper KMC Crytpo Service implementation.\n"); - return &cryptography_if; + return NULL; } \ No newline at end of file diff --git a/src/crypto/libgcrypt_stub/cryptography_interface_libgcrypt.stub.c b/src/crypto/libgcrypt_stub/cryptography_interface_libgcrypt.stub.c index c51b2b71..94871769 100644 --- a/src/crypto/libgcrypt_stub/cryptography_interface_libgcrypt.stub.c +++ b/src/crypto/libgcrypt_stub/cryptography_interface_libgcrypt.stub.c @@ -14,10 +14,7 @@ #include "cryptography_interface.h" -static CryptographyInterfaceStruct cryptography_if; - CryptographyInterface get_cryptography_interface_libgcrypt(void) { - fprintf(stderr,"ERROR: Loading libgcrypt cryptography interface stub source code. Rebuild CryptoLib with -DCRYPTO_LIBGCRYPT=ON to use proper libgcrypt implementation.\n"); - return &cryptography_if; + return NULL; } \ No newline at end of file diff --git a/src/crypto/wolfssl/cryptography_interface_wolfssl.template.c b/src/crypto/wolfssl/cryptography_interface_wolfssl.template.c index f2332321..6e771d3e 100644 --- a/src/crypto/wolfssl/cryptography_interface_wolfssl.template.c +++ b/src/crypto/wolfssl/cryptography_interface_wolfssl.template.c @@ -144,7 +144,8 @@ static int32_t cryptography_authenticate(uint8_t* data_out, size_t len_data_out, uint8_t ecs, uint8_t acs, char* cam_cookies) { int32_t status = CRYPTO_LIB_SUCCESS; - //int32_t tmp; + uint32_t tmp; + Cmac cmac; Hmac hmac; // Unused in this implementation @@ -170,8 +171,6 @@ static int32_t cryptography_authenticate(uint8_t* data_out, size_t len_data_out, { // Reference: https://www.wolfssl.com/documentation/manuals/wolfssl/group__CMAC.html case CRYPTO_MAC_CMAC_AES256: - /* - Cmac cmac; status = wc_InitCmac(&cmac, key, len_key, WC_CMAC_AES, NULL); if (status == 0) { @@ -185,8 +184,6 @@ static int32_t cryptography_authenticate(uint8_t* data_out, size_t len_data_out, { status = wc_CmacFinal(&cmac, mac, &tmp); } - */ - status = CRYPTO_LIB_ERR_UNSUPPORTED_ACS; break; // Reference: https://www.wolfssl.com/documentation/manuals/wolfssl/group__HMAC.html diff --git a/src/crypto/wolfssl_stub/cryptography_interface_wolfssl.stub.c b/src/crypto/wolfssl_stub/cryptography_interface_wolfssl.stub.c index 37185e83..0393a840 100644 --- a/src/crypto/wolfssl_stub/cryptography_interface_wolfssl.stub.c +++ b/src/crypto/wolfssl_stub/cryptography_interface_wolfssl.stub.c @@ -14,10 +14,7 @@ #include "cryptography_interface.h" -static CryptographyInterfaceStruct cryptography_if; - CryptographyInterface get_cryptography_interface_wolfssl(void) { - fprintf(stderr,"ERROR: Loading WolfSSL cryptography interface stub source code. Rebuild CryptoLib with -DCRYPTO_WOLFSSL=ON to use proper WolfSSL implementation.\n"); - return &cryptography_if; + return NULL; } \ No newline at end of file diff --git a/support/Dockerfile b/support/Dockerfile index 487759b4..5a6c614b 100644 --- a/support/Dockerfile +++ b/support/Dockerfile @@ -38,7 +38,7 @@ RUN cd /tmp \ RUN mkdir /tmp/wolfssl/build \ && cd /tmp/wolfssl/build \ - && cmake -DCMAKE_C_FLAGS="-DWOLFSSL_AESGCM_STREAM" .. \ + && cmake -DWOLFSSL_AESCCM=yes -DWOLFSSL_AESSIV=yes -DWOLFSSL_CMAC=yes .. \ && make install \ && rm -rf /tmp/wolfssl