Merge pull request #163 from nasa/dev

Release v1.2.2

.github/workflows/mariadb.yml

@@ -1,41 +1,42 @@
-name: MDB Build
-
-on: 
-  push:
-    branches: [ main,dev ]
-  pull_request:
-
-jobs:
-  mariadb_build:
-    # The CMake configure and build commands are platform agnostic and should work equally well on Windows or Mac.
-    # You can convert this to a matrix build if you need cross-platform coverage.
-    # See: https://docs.github.com/en/free-pro-team@latest/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix
-    runs-on: ubuntu-latest
-    container: rbrown00/cryptolib:latest
-    steps:
-      - uses: actions/checkout@v2
-      - name: Configure CMake
-        # Configure CMake in a 'build' subdirectory. `CMAKE_BUILD_TYPE` is only required if you are using a single-configuration generator such as make.
-        # See https://cmake.org/cmake/help/latest/variable/CMAKE_BUILD_TYPE.html?highlight=cmake_build_type
-        run: cmake -B ${{github.workspace}}/build -DDEBUG=1 -DMYSQL=1 -DLIBGCRYPT=1 -DKMCCRYPTO=0
-
-      - name: Build
-        # Build your program with the given configuration
-        run: cmake --build ${{github.workspace}}/build 
-
-      - name: Initailize SADB
-        working-directory: ${{github.workspace}}/build
-        #Maybe create a variable for this SQL location
-        run: |
-          cd /__w/CryptoLib/CryptoLib/src/crypto_sadb/sadb_mariadb_sql
-          echo "----------------"
-          /etc/init.d/mysql start
-          mysql --host=localhost -uroot -pitc123! < delete_sadb.sql
-          mysql --host=localhost -uroot -pitc123! < create_sadb.sql
-          cd /__w/CryptoLib/CryptoLib/src/crypto_sadb/test_sadb_mariadb_sql
-          mysql --host=localhost -uroot -pitc123! < create_sadb_unit_test_user_grant_permissions.sql
-          mysql --host=localhost -uroot -pitc123! < create_sadb_jpl_unit_test_security_associations.sql
-          cd /__w/CryptoLib/CryptoLib/build/bin
-          ./ut_mariadb
-          
-    # mysql --host=localhost -uroot -pitc123! < create_sadb_unit_test_security_associations.sql
+# Disabling this test for now, as there is no local containerization.
+#name: MDB Build
+#
+#on: 
+#  push:
+#    branches: [ main,dev ]
+#  pull_request:
+#
+#jobs:
+#  mariadb_build:
+#    # The CMake configure and build commands are platform agnostic and should work equally well on Windows or Mac.
+#    # You can convert this to a matrix build if you need cross-platform coverage.
+#    # See: https://docs.github.com/en/free-pro-team@latest/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix
+#    runs-on: ubuntu-latest
+#    container: rbrown00/cryptolib:latest
+#    steps:
+#      - uses: actions/checkout@v2
+#      - name: Configure CMake
+#        # Configure CMake in a 'build' subdirectory. `CMAKE_BUILD_TYPE` is only required if you are using a single-configuration generator such as make.
+#        # See https://cmake.org/cmake/help/latest/variable/CMAKE_BUILD_TYPE.html?highlight=cmake_build_type
+#        run: cmake -B ${{github.workspace}}/build -DDEBUG=1 -DMYSQL=1 -DLIBGCRYPT=1 -DKMCCRYPTO=0
+#
+#      - name: Build
+#        # Build your program with the given configuration
+#        run: cmake --build ${{github.workspace}}/build 
+#   
+#      - name: Initailize SADB
+#        working-directory: ${{github.workspace}}/build
+#        #Maybe create a variable for this SQL location
+#        run: |
+#          cd /__w/CryptoLib/CryptoLib/src/crypto_sadb/sadb_mariadb_sql
+#          echo "----------------"
+#          /etc/init.d/mysql start
+#          mysql --host=localhost -uroot -pitc123! < delete_sadb.sql
+#          mysql --host=localhost -uroot -pitc123! < create_sadb.sql
+#          cd /__w/CryptoLib/CryptoLib/src/crypto_sadb/test_sadb_mariadb_sql
+#          mysql --host=localhost -uroot -pitc123! < create_sadb_unit_test_user_grant_permissions.sql
+#          mysql --host=localhost -uroot -pitc123! < create_sadb_jpl_unit_test_security_associations.sql
+#          cd /__w/CryptoLib/CryptoLib/build/bin
+#          ./ut_mariadb
+#          
+#    # mysql --host=localhost -uroot -pitc123! < create_sadb_unit_test_security_associations.sql

.github/workflows/utest.yml

@@ -39,6 +39,24 @@ jobs:
       # Execute tests defined by the CMake configuration.  
       # See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail
       run: ${{github.workspace}}/build/bin/ut_tc_apply
+
+    - name: Test-TC_PROCESS
+      working-directory: ${{github.workspace}}/build
+      # Execute tests defined by the CMake configuration.  
+      # See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail
+      run: ${{github.workspace}}/build/bin/ut_tc_process
+
+    - name: Test-TM_APPLY
+      working-directory: ${{github.workspace}}/build
+      # Execute tests defined by the CMake configuration.  
+      # See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail
+      run: ${{github.workspace}}/build/bin/ut_tm_apply
+
+    - name: Test-TM_PROCESS
+      working-directory: ${{github.workspace}}/build
+      # Execute tests defined by the CMake configuration.  
+      # See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail
+      run: ${{github.workspace}}/build/bin/ut_tm_process
 
     - name: Test-CRYPTO_CONFIG
       working-directory: ${{github.workspace}}/build

CMakeLists.txt

@@ -28,6 +28,9 @@ OPTION(KMCCRYPTO "KmcCrypto" OFF) # Disabled by default, enable with: -DKMCCRYPT
 OPTION(ENCTEST "Encryption-Tests" OFF) # Disabled by default, enable with: -DENCTEST=ON
 OPTION(CODECOV "Code-Coverage" OFF) # Disabled by default, enable with: -DCODECOV=ON
 OPTION(SYSTEM_INSTALL "SystemInstall" OFF) #Disabled by default, enable with: -DSYSTEM_INSTALL=ON
+OPTION(KMC_MDB_RH "KMC-MDB-RedHat-Integration-Testing" OFF) #Disabled by default, enable with: -DKMC_MDB_RH=ON
+OPTION(KMC_MDB_DB "KMC-MDB-Debian-Integration-Testing" OFF) #Disabled by default, enable with: -DKMC_MDB_DB=ON
+
 
 set(CMAKE_INSTALL_RPATH "$ORIGIN/../lib")
 set(CMAKE_INSTALL_PREFIX ${PROJECT_SOURCE_DIR}/install)
@@ -50,12 +53,20 @@ IF(ENCTEST)
     ADD_DEFINITIONS(-DENCTEST)
 ENDIF(ENCTEST)
 
+IF(KMC_MDB_RH)
+    ADD_DEFINITIONS(-DKMC_MDB_RH)
+ENDIF(KMC_MDB_RH)
+
+IF(KMC_MDB_DB)
+    ADD_DEFINITIONS(-DKMC_MDB_DB)
+ENDIF(KMC_MDB_DB)
+
 if(CMAKE_PROJECT_NAME STREQUAL PROJECT_NAME)
     include(CTest)
     enable_testing()
 endif()
 
-set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Werror -g -O0")
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -pthread -Wall -Wextra -Werror -g -O0")
 
 if(CODECOV)
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fprofile-arcs -ftest-coverage")

include/crypto.h

@@ -72,15 +72,16 @@ extern int32_t Crypto_Config_Kmc_Crypto_Service(char* protocol, char* kmc_crypto
                                                 char* mtls_client_key_pass, char* mtls_issuer_cert);
 extern int32_t Crypto_Config_Cam(uint8_t cam_enabled, char* cookie_file_path, char* keytab_file_path, uint8_t login_method, char* access_manager_uri, char* username, char* cam_home);
 extern int32_t Crypto_Config_Add_Gvcid_Managed_Parameter(uint8_t tfvn, uint16_t scid, uint8_t vcid, uint8_t has_fecf,
-                                                         uint8_t has_segmentation_hdr, uint16_t max_tc_frame_size);
+                                                         uint8_t has_segmentation_hdr, uint16_t max_frame_size);
 
 // Initialization
 extern int32_t Crypto_Init(void); // Initialize CryptoLib After Configuration Calls
 extern int32_t Crypto_Init_With_Configs(
     CryptoConfig_t* crypto_config_p, GvcidManagedParameters_t* gvcid_managed_parameters_p,
     SadbMariaDBConfig_t* sadb_mariadb_config_p,
     CryptographyKmcCryptoServiceConfig_t* cryptography_kmc_crypto_config_p); // Initialize CryptoLib With Application Defined Configuration
-extern int32_t Crypto_Init_Unit_Test(void);      // Initialize CryptoLib with unit test default Configurations
+extern int32_t Crypto_Init_TC_Unit_Test(void);      // Initialize CryptoLib with unit test default Configurations
+extern int32_t Crypto_Init_TM_Unit_Test(void);      // Initialize CryptoLib with unit test default Configurations
 
 // Cleanup
 extern int32_t Crypto_Shutdown(void); // Free all allocated memory
@@ -93,8 +94,8 @@ extern int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint
                                        uint8_t** pp_enc_frame, uint16_t* p_enc_frame_len, char* cam_cookies);
 extern int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t* ingest, int *len_ingest, TC_t* tc_sdls_processed_frame, char* cam_cookies);
 // Telemetry (TM)
-extern int32_t Crypto_TM_ApplySecurity(uint8_t* ingest, int *len_ingest);
-extern int32_t Crypto_TM_ProcessSecurity(uint8_t* ingest, int *len_ingest);
+extern int32_t Crypto_TM_ApplySecurity(SecurityAssociation_t *sa_ptr);
+extern int32_t Crypto_TM_ProcessSecurity(const uint8_t* p_ingest, const uint16_t len_ingest, uint8_t** pp_processed_frame, uint16_t *p_decrypted_length);
 // Advanced Orbiting Systems (AOS)
 extern int32_t Crypto_AOS_ApplySecurity(uint8_t* ingest, int *len_ingest);
 extern int32_t Crypto_AOS_ProcessSecurity(uint8_t* ingest, int *len_ingest);
@@ -113,13 +114,14 @@ uint8_t Crypto_Is_AEAD_Algorithm(uint32_t cipher_suite_id);
 uint8_t* Crypto_Prepare_TC_AAD(uint8_t* buffer, uint16_t len_aad, uint8_t* abm_buffer);
 void Crypto_TM_updatePDU(uint8_t* ingest, int len_ingest);
 void Crypto_TM_updateOCF(void);
+uint32_t Crypto_Prepare_TM_AAD(const uint8_t* buffer, uint16_t len_aad, const uint8_t* abm_buffer, uint8_t* aad);
 void Crypto_Local_Config(void);
 void Crypto_Local_Init(void);
 // int32_t  Crypto_gcm_err(int gcm_err);
 int32_t Crypto_window(uint8_t* actual, uint8_t* expected, int length, int window);
 // int32_t Crypto_compare_less_equal(uint8_t* actual, uint8_t* expected, int length);
 // int32_t  Crypto_FECF(int fecf, uint8_t* ingest, int len_ingest,TC_t* tc_frame);
-uint16_t Crypto_Calc_FECF(uint8_t* ingest, int len_ingest);
+uint16_t Crypto_Calc_FECF(const uint8_t* ingest, int len_ingest);
 void Crypto_Calc_CRC_Init_Table(void);
 uint16_t Crypto_Calc_CRC16(uint8_t* data, int size);
 int32_t Crypto_Check_Anti_Replay(SecurityAssociation_t *sa_ptr, uint8_t *arsn, uint8_t *iv);
@@ -161,7 +163,7 @@ int32_t Crypto_Get_Managed_Parameters_For_Gvcid(uint8_t tfvn, uint16_t scid, uin
                                                        GvcidManagedParameters_t** managed_parameters_out);
 int32_t crypto_config_add_gvcid_managed_parameter_recursion(uint8_t tfvn, uint16_t scid, uint8_t vcid,
                                                                    uint8_t has_fecf, uint8_t has_segmentation_hdr,
-                                                                   uint16_t max_tc_frame_size,
+                                                                   uint16_t max_frame_size,
                                                                    GvcidManagedParameters_t* managed_parameter);
 void Crypto_Free_Managed_Parameters(GvcidManagedParameters_t* managed_parameters);
 
@@ -173,7 +175,10 @@ extern char* crypto_deep_copy_string(char* src_string);
 */ 
 // Data stores used in multiple components
 extern CCSDS_t sdls_frame;
-extern TM_t tm_frame;
+// extern TM_t tm_frame;
+extern uint8_t tm_frame[1786];
+extern TM_FramePrimaryHeader_t tm_frame_pri_hdr; 
+extern TM_FrameSecurityHeader_t tm_frame_sec_hdr; // Used to reduce bit math duplication
 
 // Global configuration structs
 extern CryptoConfig_t* crypto_config;
@@ -187,8 +192,6 @@ extern CryptographyInterface cryptography_if;
 
 // extern crypto_key_t ak_ring[NUM_KEYS];
 extern CCSDS_t sdls_frame;
-extern TM_t tm_frame;
-extern CryptoConfig_t* crypto_config;
 extern SadbMariaDBConfig_t* sadb_mariadb_config;
 extern GvcidManagedParameters_t* gvcid_managed_parameters;
 extern GvcidManagedParameters_t* current_managed_parameters;
@@ -210,4 +213,4 @@ extern uint8_t badFECF;
 extern uint32_t crc32Table[256];
 extern uint16_t crc16Table[256];
 
-#endif // _crypto_h_
+#endif // _crypto_h_z

include/crypto_config.h

@@ -35,6 +35,7 @@
 
 // Debug Colors
 #ifdef DEBUG
+#define CRYPTO_DEBUG printf("%s:%s: %d", __FILE__, __FUNCTION__, __LINE__);
 #define KRED "\x1B[31m"
 #define KGRN "\x1B[32m"
 #define KYEL "\x1B[33m"
@@ -43,6 +44,7 @@
 #define KCYN "\x1B[36m"
 #define RESET "\033[0m"
 #else
+#define CRYPTO_DEBUG
 #define KRED
 #define RED
 #define KGRN
@@ -59,7 +61,7 @@
 #define TC_MAX_FRAME_SIZE 1024
 
 // Spacecraft Defines
-#define SCID 0x0003 // 0xC3D2
+#define SCID 0x0003 //44 //0x0003 // 0xC3D2
 
 // Functionality Defines
 #define INCREMENT

include/crypto_config_structs.h

@@ -41,18 +41,31 @@ typedef enum
 typedef enum
 {
     TC_NO_FECF,
-    TC_HAS_FECF
-} TcFecfPresent;
+    TC_HAS_FECF,
+    TM_NO_FECF,
+    TM_HAS_FECF
+} FecfPresent;
 typedef enum
 {
-    TC_NO_SEGMENT_HDRS,
-    TC_HAS_SEGMENT_HDRS
-} TcSegmentHdrsPresent;
+    CRYPTO_TC_CREATE_FECF_FALSE,
+    CRYPTO_TC_CREATE_FECF_TRUE,
+    CRYPTO_TM_CREATE_FECF_FALSE,
+    CRYPTO_TM_CREATE_FECF_TRUE
+} CreateFecfBool;
 typedef enum
 {
-    CRYPTO_TC_CREATE_FECF_FALSE,
-    CRYPTO_TC_CREATE_FECF_TRUE
-} TcCreateFecfBool;
+    TC_CHECK_FECF_FALSE,
+    TC_CHECK_FECF_TRUE,
+    TM_CHECK_FECF_FALSE,
+    TM_CHECK_FECF_TRUE
+} CheckFecfBool;
+// TC specific enums
+typedef enum
+{
+    TC_NO_SEGMENT_HDRS,
+    TC_HAS_SEGMENT_HDRS,
+    TM_SEGMENT_HDRS_NA
+} TcSegmentHdrsPresent;
 typedef enum
 {
     TC_PROCESS_SDLS_PDUS_FALSE,
@@ -79,16 +92,24 @@ typedef enum
     TC_UNIQUE_SA_PER_MAP_ID_TRUE
 } TcUniqueSaPerMapId;
 typedef enum
-{
-    TC_CHECK_FECF_FALSE,
-    TC_CHECK_FECF_TRUE
-} TcCheckFecfBool;
-typedef enum
 {
     SA_INCREMENT_NONTRANSMITTED_IV_FALSE,
     SA_INCREMENT_NONTRANSMITTED_IV_TRUE
 } SaIncrementNonTransmittedIvPortion;
-
+// TM specific enums
+typedef enum
+{
+    AOS_NO_OCF,
+    AOS_HAS_OCF,
+    TC_OCF_NA,
+    TM_NO_OCF,
+    TM_HAS_OCF
+} OcfPresent;
+typedef enum
+{
+    TM_NO_SECONDARY_HDR,
+    TM_HAS_SECONDARY_HDR
+} TmSecondaryHdrPresent;
 typedef enum
 {
     CAM_ENABLED_FALSE,
@@ -115,7 +136,9 @@ typedef enum
 {
     CRYPTO_CIPHER_NONE,
     CRYPTO_CIPHER_AES256_GCM,
-    CRYPTO_CIPHER_AES256_CBC
+    CRYPTO_CIPHER_AES256_CBC,
+    CRYPTO_CIPHER_AES256_CBC_MAC,
+    CRYPTO_CIPHER_AES256_CCM
 } EncCipherSuite;
 
 /*
@@ -125,14 +148,14 @@ typedef struct
 {
     SadbType sadb_type;
     CryptographyType cryptography_type;
-    TcCreateFecfBool crypto_create_fecf; // Whether or not CryptoLib is expected to calculate TC FECFs and return
+    CreateFecfBool crypto_create_fecf; // Whether or not CryptoLib is expected to calculate TC FECFs and return
                                          // payloads with the FECF
     TcProcessSdlsPdus process_sdls_pdus; // Config to process SDLS extended procedure PDUs in CryptoLib
     TcPusHdrPresent has_pus_hdr;
     TcIgnoreSaState ignore_sa_state; // TODO - add logic that uses this configuration
     TcIgnoreAntiReplay ignore_anti_replay;
     TcUniqueSaPerMapId unique_sa_per_mapid;
-    TcCheckFecfBool crypto_check_fecf;
+    CheckFecfBool crypto_check_fecf;
     uint8_t vcid_bitmask;
     uint8_t crypto_increment_nontransmitted_iv; // Whether or not CryptoLib increments the non-transmitted portion of the IV field
 } CryptoConfig_t;
@@ -144,9 +167,10 @@ struct _GvcidManagedParameters_t
     uint8_t tfvn : 4;   // Transfer Frame Version Number
     uint16_t scid : 10; // SpacecraftID
     uint8_t vcid : 6;   // Virtual Channel ID
-    TcFecfPresent has_fecf;
+    FecfPresent has_fecf;
     TcSegmentHdrsPresent has_segmentation_hdr;
-    uint16_t max_tc_frame_size; // Maximum TC Frame Length with headers
+    uint16_t max_frame_size; // Maximum TC/TM Frame Length with headers
+    OcfPresent has_ocf;
     GvcidManagedParameters_t* next; // Will be a list of managed parameters!
 };
 #define GVCID_MANAGED_PARAMETERS_SIZE (sizeof(GvcidManagedParameters_t))

include/crypto_error.h

@@ -114,6 +114,8 @@
 #define CRYPTO_LIB_ERR_UNSUPPORTED_ECS_MODE (-42)
 #define CRYPTO_LIB_ERR_NULL_MODE_PTR (-43)
 #define CRYPTO_LIB_ERR_UNSUPPORTED_MODE (-44)
+#define CRYPTO_LIB_ERR_INPUT_FRAME_TOO_SHORT_FOR_TM_STANDARD (-45)
+#define CRYPTO_LIB_ERR_TC_ENUM_USED_FOR_TM_CONFIG (-46)
 
 extern char *crypto_enum_errlist_core[];
 extern char *crypto_enum_errlist_config[];

include/crypto_print.h

@@ -34,7 +34,7 @@ void Crypto_clcwPrint(TM_FrameCLCW_t* clcw);
 void Crypto_fsrPrint(SDLS_FSR_t* report);
 void Crypto_ccsdsPrint(CCSDS_t* sdls_frame);
 void Crypto_saPrint(SecurityAssociation_t* sa);
-void Crypto_hexprint(void* c, size_t n);
+void Crypto_hexprint(const void* c, size_t n);
 void Crypto_binprint(void* c, size_t n);
 void Crypto_mpPrint(GvcidManagedParameters_t* managed_parameters, uint8_t print_children);
 #endif

include/crypto_structs.h

@@ -59,8 +59,8 @@ typedef struct
     char*    ek_ref; // Encryption Key Reference (Used with string-referenced keystores,EG-PKCS12 keystores, KMC crypto)
     char*    ak_ref; // Authentication Key Reference (Used with string-referenced keystores,EG-PKCS12 keystores, KMC crypto)
     uint8_t sa_state : 2;
-    crypto_gvcid_t gvcid_tc_blk;
-    crypto_gvcid_t gvcid_tm_blk[NUM_GVCID];
+    crypto_gvcid_t gvcid_blk;
+    // crypto_gvcid_t gvcid_tm_blk[NUM_GVCID];
     uint8_t lpid;
 
     // Configuration