From 8f957c6e45c73f08cde1ca3b81713ae89c0bf609 Mon Sep 17 00:00:00 2001 From: "D. Cody Cutright" Date: Wed, 22 Dec 2021 11:42:37 -0500 Subject: [PATCH 1/3] Change references from TC_FRAME_PRIMARYHEADER_STRUCT_SIZE to TC_FRAME_HEADER_SIZE --- src/src_main/crypto_tc.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/src/src_main/crypto_tc.c b/src/src_main/crypto_tc.c index 60496cc8..ee8185bd 100644 --- a/src/src_main/crypto_tc.c +++ b/src/src_main/crypto_tc.c @@ -258,8 +258,15 @@ int32_t Crypto_TC_ApplySecurity(const uint8_t *p_in_frame, const uint16_t in_fra } memset(p_new_enc_frame, 0, *p_enc_frame_len); - // Copy original TF header - memcpy(p_new_enc_frame, p_in_frame, TC_FRAME_PRIMARYHEADER_STRUCT_SIZE); + // Determine if segment header exists + uint8_t segment_hdr_len = SEGMENT_HDR_SIZE; + if (current_managed_parameters->has_segmentation_hdr == TC_NO_SEGMENT_HDRS) + { + segment_hdr_len = 0; + } + + // Copy original TF header, w/ segment header if applicable + memcpy(p_new_enc_frame, p_in_frame, TC_FRAME_HEADER_SIZE + segment_hdr_len); // Set new TF Header length // Recall: Length field is one minus total length per spec @@ -362,16 +369,13 @@ int32_t Crypto_TC_ApplySecurity(const uint8_t *p_in_frame, const uint16_t in_fra ** End Security Header Fields */ + // Determine if FECF exists uint8_t fecf_len = FECF_SIZE; if (current_managed_parameters->has_fecf == TC_NO_FECF) { fecf_len = 0; } - uint8_t segment_hdr_len = SEGMENT_HDR_SIZE; - if (current_managed_parameters->has_segmentation_hdr == TC_NO_SEGMENT_HDRS) - { - segment_hdr_len = 0; - } + // Copy in original TF data - except FECF // Will be over-written if using encryption later // and if it was present in the original TCTF @@ -381,7 +385,7 @@ int32_t Crypto_TC_ApplySecurity(const uint8_t *p_in_frame, const uint16_t in_fra tf_payload_len = temp_tc_header.fl - TC_FRAME_HEADER_SIZE - segment_hdr_len - fecf_len + 1; // if no FECF // tf_payload_len = temp_tc_header.fl - TC_FRAME_PRIMARYHEADER_STRUCT_SIZE; - memcpy((p_new_enc_frame + index), (p_in_frame + TC_FRAME_PRIMARYHEADER_STRUCT_SIZE), tf_payload_len); + memcpy((p_new_enc_frame + index), (p_in_frame + TC_FRAME_HEADER_SIZE + segment_hdr_len), tf_payload_len); // index += tf_payload_len; /* From b1a69d2a9d1a13a6f3a9d47d4acc32bd89a523e1 Mon Sep 17 00:00:00 2001 From: "D. Cody Cutright" Date: Wed, 22 Dec 2021 12:00:52 -0500 Subject: [PATCH 2/3] Update field length debug message --- src/src_main/crypto_tc.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/src/src_main/crypto_tc.c b/src/src_main/crypto_tc.c index ee8185bd..4a5a6147 100644 --- a/src/src_main/crypto_tc.c +++ b/src/src_main/crypto_tc.c @@ -235,19 +235,6 @@ int32_t Crypto_TC_ApplySecurity(const uint8_t *p_in_frame, const uint16_t in_fra break; } -#ifdef TC_DEBUG - printf(KYEL "DEBUG - Total TC Buffer to be malloced is: %d bytes\n" RESET, *p_enc_frame_len); - printf(KYEL "\tlen of TF\t = %d\n" RESET, temp_tc_header.fl); - // printf(KYEL "\tsegment hdr\t = 1\n" RESET); // TODO: Determine presence of this so not hard-coded - printf(KYEL "\tspi len\t\t = 2\n" RESET); - printf(KYEL "\tshivf_len\t = %d\n" RESET, sa_ptr->shivf_len); - printf(KYEL "\tshsnf_len\t = %d\n" RESET, sa_ptr->shsnf_len); - printf(KYEL "\tshplf len\t = %d\n" RESET, sa_ptr->shplf_len); - printf(KYEL "\tarc_len\t\t = %d\n" RESET, sa_ptr->arc_len); - printf(KYEL "\tpad_size\t = %d\n" RESET, TC_PAD_SIZE); - printf(KYEL "\tstmacf_len\t = %d\n" RESET, sa_ptr->stmacf_len); -#endif - // Accio buffer p_new_enc_frame = (uint8_t *)malloc((*p_enc_frame_len) * sizeof(uint8_t)); if (!p_new_enc_frame) @@ -265,6 +252,19 @@ int32_t Crypto_TC_ApplySecurity(const uint8_t *p_in_frame, const uint16_t in_fra segment_hdr_len = 0; } +#ifdef TC_DEBUG + printf(KYEL "DEBUG - Total TC Buffer to be malloced is: %d bytes\n" RESET, *p_enc_frame_len); + printf(KYEL "\tlen of TF\t = %d\n" RESET, temp_tc_header.fl); + printf(KYEL "\tsegment hdr len\t = %d\n" RESET, segment_hdr_len); + printf(KYEL "\tspi len\t\t = 2\n" RESET); + printf(KYEL "\tshivf_len\t = %d\n" RESET, sa_ptr->shivf_len); + printf(KYEL "\tshsnf_len\t = %d\n" RESET, sa_ptr->shsnf_len); + printf(KYEL "\tshplf len\t = %d\n" RESET, sa_ptr->shplf_len); + printf(KYEL "\tarc_len\t\t = %d\n" RESET, sa_ptr->arc_len); + printf(KYEL "\tpad_size\t = %d\n" RESET, TC_PAD_SIZE); + printf(KYEL "\tstmacf_len\t = %d\n" RESET, sa_ptr->stmacf_len); +#endif + // Copy original TF header, w/ segment header if applicable memcpy(p_new_enc_frame, p_in_frame, TC_FRAME_HEADER_SIZE + segment_hdr_len); From 0cef3a73b75df93878d089b6635bc033eba21a43 Mon Sep 17 00:00:00 2001 From: "D. Cody Cutright" Date: Wed, 22 Dec 2021 12:04:04 -0500 Subject: [PATCH 3/3] Remove old comments --- src/src_main/crypto_tc.c | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) diff --git a/src/src_main/crypto_tc.c b/src/src_main/crypto_tc.c index 4a5a6147..38f3ea2d 100644 --- a/src/src_main/crypto_tc.c +++ b/src/src_main/crypto_tc.c @@ -337,7 +337,6 @@ int32_t Crypto_TC_ApplySecurity(const uint8_t *p_in_frame, const uint16_t in_fra if (sa_ptr->shsnf_len > 0) { // If using anti-replay counter, increment it - // TODO: API call instead? // TODO: Check return code Crypto_increment(sa_ptr->arc, sa_ptr->shsnf_len); for (int i = 0; i < sa_ptr->shsnf_len; i++) @@ -378,15 +377,8 @@ int32_t Crypto_TC_ApplySecurity(const uint8_t *p_in_frame, const uint16_t in_fra // Copy in original TF data - except FECF // Will be over-written if using encryption later - // and if it was present in the original TCTF - // if FECF - // Even though FECF is not part of apply_security payload, we still have to subtract the length from the - // temp_tc_header.fl since that includes FECF length & segment header length. tf_payload_len = temp_tc_header.fl - TC_FRAME_HEADER_SIZE - segment_hdr_len - fecf_len + 1; - // if no FECF - // tf_payload_len = temp_tc_header.fl - TC_FRAME_PRIMARYHEADER_STRUCT_SIZE; memcpy((p_new_enc_frame + index), (p_in_frame + TC_FRAME_HEADER_SIZE + segment_hdr_len), tf_payload_len); - // index += tf_payload_len; /* ** Begin Security Trailer Fields @@ -441,9 +433,7 @@ int32_t Crypto_TC_ApplySecurity(const uint8_t *p_in_frame, const uint16_t in_fra if ((sa_service_type == SA_ENCRYPTION) || (sa_service_type == SA_AUTHENTICATED_ENCRYPTION)) { -// TODO: More robust calculation of this location -// uint16_t output_loc = TC_FRAME_PRIMARYHEADER_STRUCT_SIZE + 1 + 2 + temp_SA.shivf_len + temp_SA.shsnf_len + -// temp_SA.shplf_len; + #ifdef TC_DEBUG printf("Encrypted bytes output_loc is %d\n", index); printf("tf_payload_len is %d\n", tf_payload_len); @@ -480,7 +470,6 @@ int32_t Crypto_TC_ApplySecurity(const uint8_t *p_in_frame, const uint16_t in_fra status = CRYPTO_LIB_ERR_AUTHENTICATION_ERROR; return status; } - free(aad); } @@ -532,7 +521,6 @@ int32_t Crypto_TC_ApplySecurity(const uint8_t *p_in_frame, const uint16_t in_fra return status; } } - // Close cipher, so we can authenticate encrypted data gcry_cipher_close(tmp_hd); } @@ -631,7 +619,6 @@ int32_t Crypto_TC_ApplySecurity(const uint8_t *p_in_frame, const uint16_t in_fra // Only calculate & insert FECF if CryptoLib is configured to do so & gvcid includes FECF. if (current_managed_parameters->has_fecf == TC_HAS_FECF) { -// Set FECF Field if present #ifdef FECF_DEBUG printf(KCYN "Calcing FECF over %d bytes\n" RESET, new_enc_frame_header_field_length - 1); #endif @@ -646,7 +633,6 @@ int32_t Crypto_TC_ApplySecurity(const uint8_t *p_in_frame, const uint16_t in_fra *(p_new_enc_frame + new_enc_frame_header_field_length - 1) = (uint8_t)0x00; *(p_new_enc_frame + new_enc_frame_header_field_length) = (uint8_t)0x00; } - index += 2; }