Skip to content

Commit

Permalink
Unit test updates / fixes
Browse files Browse the repository at this point in the history
  • Loading branch information
@dccutrig
dccutrig committed Sep 15, 2023
1 parent ac8766d commit eb19944
Show file tree
Hide file tree
Showing 7 changed files with 296 additions and 300 deletions.
2 changes: 1 addition & 1 deletion include/crypto_config.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@
#define TC_MAX_FRAME_SIZE 1024

// Spacecraft Defines
#define SCID 0x0042
#define SCID 0x0003

// Functionality Defines
#define INCREMENT
Expand Down
3 changes: 2 additions & 1 deletion src/core/crypto_config.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,8 @@ int32_t Crypto_Init_TM_Unit_Test(void)
TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE,
TM_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE);
// TM Tests
// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786);
Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786);
Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_NO_FECF, TM_SEGMENT_HDRS_NA, 1786);
Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0042, 0, TM_NO_FECF, TM_SEGMENT_HDRS_NA, 1786);
status = Crypto_Init();
return status;
Expand Down
86 changes: 45 additions & 41 deletions src/core/crypto_tm.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,13 @@ int32_t Crypto_TM_ApplySecurity(uint8_t* pTfBuffer)
uint8_t ecs_is_aead_algorithm;
SecurityAssociation_t* sa_ptr = NULL;

#ifdef DEBUG
// Passed a null, return an error
if (!pTfBuffer)
{
return CRYPTO_LIB_ERR_NULL_BUFFER;
}

#ifdef TM_DEBUG
printf(KYEL "\n----- Crypto_TM_ApplySecurity START -----\n" RESET);
printf("The following GVCID parameters will be used:\n");
printf("\tTVFN: 0x%04X\t", ((uint8_t)pTfBuffer[0] & 0xC0) >> 6);
Expand All @@ -72,41 +78,40 @@ int32_t Crypto_TM_ApplySecurity(uint8_t* pTfBuffer)
printf("\n");
#endif

if ((crypto_config.init_status == UNITIALIZED) || (mc_if == NULL) || (sa_if == NULL))
{
printf(KRED "ERROR: CryptoLib Configuration Not Set! -- CRYPTO_LIB_ERR_NO_CONFIG, Will Exit\n" RESET);
status = CRYPTO_LIB_ERR_NO_CONFIG;
// Can't mc_log since it's not configured
return status; // return immediately so a NULL crypto_config is not dereferenced later
}

status = sa_if->sa_get_operational_sa_from_gvcid(((uint8_t)pTfBuffer[0] & 0xC0) >> 6,
(((uint16_t)pTfBuffer[0] & 0x3F) << 4) | (((uint16_t)pTfBuffer[1] & 0xF0) >> 4),
((uint8_t)pTfBuffer[1] & 0x0E) >> 1, 0, &sa_ptr);

if (sa_ptr == NULL)
// No operational/valid SA found
if (status != CRYPTO_LIB_SUCCESS)
{
status = CRYPTO_LIB_ERR_NULL_SA;
printf(KRED "Error: Input SA NULL! \n" RESET);
#ifdef TM_DEBUG
printf(KRED "Error: Could not retrieve an SA!\n" RESET);
#endif
mc_if->mc_log(status);
return status; // Just return here, nothing can be done.
return status;
}

status = Crypto_Get_Managed_Parameters_For_Gvcid(((uint8_t)pTfBuffer[0] & 0xC0) >> 6,
(((uint16_t)pTfBuffer[0] & 0x3F) << 4) | (((uint16_t)pTfBuffer[1] & 0xF0) >> 4),
((uint8_t)pTfBuffer[1] & 0x0E) >> 1,
gvcid_managed_parameters, &current_managed_parameters);

if ((crypto_config.init_status == UNITIALIZED) || (mc_if == NULL) || (sa_if == NULL))
// No managed parameters found
if (status != CRYPTO_LIB_SUCCESS)
{
printf(KRED "ERROR: CryptoLib Configuration Not Set! -- CRYPTO_LIB_ERR_NO_CONFIG, Will Exit\n" RESET);
status = CRYPTO_LIB_ERR_NO_CONFIG;
// Can't mc_log since it's not configured
return status; // return immediately so a NULL crypto_config is not dereferenced later
#ifdef TM_DEBUG
printf(KRED "Error: No managed parameters found!\n" RESET);
#endif
mc_if->mc_log(status);
return status;
}
// * * TODO - THIS BLOCK MOVED INTO TO * *
/**
// Lookup-retrieve managed parameters for frame via gvcid:
// status = Crypto_Get_Managed_Parameters_For_Gvcid(tm_frame.tm_header.tfvn, tm_frame.tm_header.scid, tm_frame.tm_header.vcid,
// gvcid_managed_parameters, &current_managed_parameters);
// if (status != CRYPTO_LIB_SUCCESS)
// {
// mc_if->mc_log(status);
// return status;
// } // Unable to get necessary Managed Parameters for TM TF -- return with error.
**/

#ifdef TM_DEBUG
printf(KYEL "TM BEFORE Apply Sec:\n\t" RESET);
Expand All @@ -117,13 +122,6 @@ int32_t Crypto_TM_ApplySecurity(uint8_t* pTfBuffer)
printf("\n");
#endif

// If unable to get operational SA, can return
if (status != CRYPTO_LIB_SUCCESS)
{
mc_if->mc_log(status);
return status;
}

#ifdef SA_DEBUG
printf(KYEL "DEBUG - Printing SA Entry for current frame.\n" RESET);
Crypto_saPrint(sa_ptr);
Expand Down Expand Up @@ -480,7 +478,7 @@ int32_t Crypto_TM_ApplySecurity(uint8_t* pTfBuffer)
sa_ptr->acs, // authentication cipher
NULL);
}
if(sa_service_type == SA_ENCRYPTION || sa_service_type == SA_AUTHENTICATED_ENCRYPTION)
else if(sa_service_type == SA_ENCRYPTION || sa_service_type == SA_AUTHENTICATED_ENCRYPTION)
{
if (sa_service_type == SA_ENCRYPTION)
{
Expand All @@ -504,6 +502,10 @@ int32_t Crypto_TM_ApplySecurity(uint8_t* pTfBuffer)
// Do nothing, SDLS fields were already copied into static frame in memory
}
else{
#ifdef TM_DEBUG
printf(KRED "Service type reported as: %d\n" RESET, sa_service_type);
printf(KRED "ECS IS AEAD Value: %d\n" RESET, ecs_is_aead_algorithm);
#endif
status = CRYPTO_LIB_ERR_UNSUPPORTED_MODE;
}
}
Expand Down Expand Up @@ -597,7 +599,7 @@ int32_t Crypto_TM_ApplySecurity(uint8_t* pTfBuffer)
#endif
if (crypto_config.crypto_create_fecf == CRYPTO_TM_CREATE_FECF_TRUE)
{
new_fecf = Crypto_Calc_FECF((uint8_t*)&pTfBuffer, current_managed_parameters->max_frame_size - 2);
new_fecf = Crypto_Calc_FECF((uint8_t*)pTfBuffer, current_managed_parameters->max_frame_size - 2);
pTfBuffer[current_managed_parameters->max_frame_size - 2] = (uint8_t)((new_fecf & 0xFF00) >> 8);
pTfBuffer[current_managed_parameters->max_frame_size - 1] = (uint8_t)(new_fecf & 0x00FF);
}
Expand Down Expand Up @@ -932,8 +934,8 @@ int32_t Crypto_TM_ProcessSecurity(uint8_t* p_ingest, uint16_t len_ingest, uint8_
}

#ifdef TM_DEBUG
printf(KRED "TM Process Using following parameters:\n\t" RESET);
printf(KRED "tvfn: %d\t scid: %d\t vcid: %d\n" RESET, tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid );
printf(KGRN "TM Process Using following parameters:\n\t" RESET);
printf(KGRN "tvfn: %d\t scid: %d\t vcid: %d\n" RESET, tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid );
#endif

// Lookup-retrieve managed parameters for frame via gvcid:
Expand Down Expand Up @@ -1074,15 +1076,15 @@ int32_t Crypto_TM_ProcessSecurity(uint8_t* p_ingest, uint16_t len_ingest, uint8_
// Parse & Check FECF, if present, and update fecf length
if (current_managed_parameters->has_fecf == TM_HAS_FECF)
{
// fecf_len = 2;
uint16_t received_fecf = (((p_ingest[current_managed_parameters->max_frame_size - 2] << 8) & 0xFF00) |
(p_ingest[current_managed_parameters->max_frame_size - 1] & 0x00FF));

if (crypto_config.crypto_check_fecf == TM_CHECK_FECF_TRUE)
{
// Calculate our own
uint16_t calculated_fecf = Crypto_Calc_FECF(p_ingest, len_ingest - 2);
// Compare
// Compare FECFs
// Invalid FECF
if (received_fecf != calculated_fecf)
{
#ifdef FECF_DEBUG
Expand All @@ -1094,22 +1096,24 @@ int32_t Crypto_TM_ProcessSecurity(uint8_t* p_ingest, uint16_t len_ingest, uint8_
mc_if->mc_log(status);
return status;
}
#ifdef FECF_DEBUG
// Valid FECF, zero out the field
else
{
#ifdef FECF_DEBUG
printf(KYEL "FECF CALC MATCHES! - GOOD\n" RESET);
}
#endif
;
}
}
}
// Need to be TM_HAS_FECF (checked above_ or TM_NO_FECF)
// Needs to be TM_HAS_FECF (checked above_ or TM_NO_FECF)
else if (current_managed_parameters->has_fecf != TM_NO_FECF)
{
// #ifdef DEBUG
#ifdef TM_DEBUG
printf(KRED "TM_Process Error...tfvn: %d scid: 0x%04X vcid: 0x%02X fecf_enum: %d\n" RESET,
current_managed_parameters->tfvn, current_managed_parameters->scid,
current_managed_parameters->vcid, current_managed_parameters->has_fecf);
// #endif
#endif
status = CRYPTO_LIB_ERR_TC_ENUM_USED_FOR_TM_CONFIG;
mc_if->mc_log(status);
return status;
Expand Down
11 changes: 9 additions & 2 deletions src/crypto/libgcrypt/cryptography_interface_libgcrypt.template.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -252,6 +252,7 @@ static int32_t cryptography_validate_authentication(uint8_t* data_out, size_t le

// Need to copy the data over, since authentication won't change/move the data directly
// If you don't want data out, don't set a data out length

if(data_out != NULL)
{
memcpy(data_out, data_in, len_data_out);
Expand Down Expand Up @@ -419,7 +420,10 @@ static int32_t cryptography_encrypt(uint8_t* data_out, size_t len_data_out,
// Verify the mode to accompany the algorithm enum
int32_t mode = -1;
mode = cryptography_get_ecs_mode(*ecs);
if (mode == CRYPTO_LIB_ERR_UNSUPPORTED_MODE) return CRYPTO_LIB_ERR_UNSUPPORTED_MODE;
if (mode == CRYPTO_LIB_ERR_UNSUPPORTED_MODE)
{
return CRYPTO_LIB_ERR_UNSUPPORTED_MODE;
}

gcry_error = gcry_cipher_open(&(tmp_hd), algo, mode, GCRY_CIPHER_NONE);
if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR)
Expand Down Expand Up @@ -725,7 +729,10 @@ static int32_t cryptography_decrypt(uint8_t* data_out, size_t len_data_out,
// Verify the mode to accompany the algorithm enum
int32_t mode = -1;
mode = cryptography_get_ecs_mode(*ecs);
if (mode == CRYPTO_LIB_ERR_UNSUPPORTED_MODE) return CRYPTO_LIB_ERR_UNSUPPORTED_MODE;
if (mode == CRYPTO_LIB_ERR_UNSUPPORTED_MODE)
{
return CRYPTO_LIB_ERR_UNSUPPORTED_MODE;
}

gcry_error = gcry_cipher_open(&(tmp_hd), algo, mode, GCRY_CIPHER_NONE);
if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR)
Expand Down
26 changes: 16 additions & 10 deletions src/sa/internal/sa_interface_inmemory.template.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ int32_t sa_config(void)
// SA 1 - CLEAR MODE
// SA 1 VC0/1 is now SA 1-VC0, SA 8-VC1
sa[1].spi = 1;
sa[1].sa_state = SA_KEYED;
sa[1].sa_state = SA_OPERATIONAL;
sa[1].est = 0;
sa[1].ast = 0;
sa[1].shivf_len = 0;
Expand All @@ -88,7 +88,7 @@ int32_t sa_config(void)
sa[1].gvcid_blk.tfvn = 0;
sa[1].gvcid_blk.scid = SCID & 0x3FF;
sa[1].gvcid_blk.vcid = 0;
sa[1].gvcid_blk.mapid = TYPE_TM;
sa[1].gvcid_blk.mapid = TYPE_TC;

// SA 2 - KEYED; ARSNW:5; AES-GCM; IV:00...00; IV-len:12; MAC-len:16; Key-ID: 128
sa[2].spi = 2;
Expand Down Expand Up @@ -276,7 +276,7 @@ int32_t sa_config(void)
// SA 12 - TM CLEAR MODE
// SA 12
sa[12].spi = 12;
sa[12].sa_state = SA_KEYED;
sa[12].sa_state = SA_OPERATIONAL;
sa[12].est = 0;
sa[12].ast = 0;
sa[12].shivf_len = 0;
Expand Down Expand Up @@ -413,14 +413,14 @@ static int32_t sa_get_operational_sa_from_gvcid(uint8_t tfvn, uint16_t scid, uin
{
int32_t status = CRYPTO_LIB_ERR_NO_OPERATIONAL_SA;
int i;

if (sa == NULL)
{
return CRYPTO_LIB_ERR_NO_INIT;
}

for (i = 0; i < NUM_SA; i++)
{
// If valid match found
if ((sa[i].gvcid_blk.tfvn == tfvn) && (sa[i].gvcid_blk.scid == scid) &&
(sa[i].gvcid_blk.vcid == vcid) && (sa[i].sa_state == SA_OPERATIONAL) &&
(crypto_config.unique_sa_per_mapid == TC_UNIQUE_SA_PER_MAP_ID_FALSE ||
Expand All @@ -429,14 +429,17 @@ static int32_t sa_get_operational_sa_from_gvcid(uint8_t tfvn, uint16_t scid, uin
// when using segmentation hdrs)
{
*security_association = &sa[i];

// Must have IV if using libgcrypt and auth/enc
if (sa[i].iv == NULL && (sa[i].ast == 1 || sa[i].est == 1) && crypto_config.cryptography_type != CRYPTOGRAPHY_TYPE_KMCCRYPTO)
{
return CRYPTO_LIB_ERR_NULL_IV;
}
// Must have ABM if doing authentication
if (sa[i].abm == NULL && sa[i].ast)
{
return CRYPTO_LIB_ERR_NULL_ABM;
} // Must have ABM if doing authentication
}

#ifdef SA_DEBUG
printf("Valid operational SA found at index %d.\n", i);
Expand All @@ -456,7 +459,6 @@ static int32_t sa_get_operational_sa_from_gvcid(uint8_t tfvn, uint16_t scid, uin
#ifdef SA_DEBUG
printf(KRED "Error - Making best attempt at a useful error code:\n\t" RESET);
#endif

for (i = 0; i < NUM_SA; i++)
{
// Could possibly have more than one field mismatched,
Expand All @@ -471,7 +473,7 @@ static int32_t sa_get_operational_sa_from_gvcid(uint8_t tfvn, uint16_t scid, uin
#endif
status = CRYPTO_LIB_ERR_INVALID_TFVN;
}
if ((sa[i].gvcid_blk.tfvn == tfvn) && (sa[i].gvcid_blk.scid != scid) &&
else if ((sa[i].gvcid_blk.tfvn == tfvn) && (sa[i].gvcid_blk.scid != scid) &&
(sa[i].gvcid_blk.vcid == vcid) &&
(sa[i].gvcid_blk.mapid == mapid && sa[i].sa_state == SA_OPERATIONAL))
{
Expand All @@ -483,7 +485,7 @@ static int32_t sa_get_operational_sa_from_gvcid(uint8_t tfvn, uint16_t scid, uin
#endif
status = CRYPTO_LIB_ERR_INVALID_SCID;
}
if ((sa[i].gvcid_blk.tfvn == tfvn) && (sa[i].gvcid_blk.scid == scid) &&
else if ((sa[i].gvcid_blk.tfvn == tfvn) && (sa[i].gvcid_blk.scid == scid) &&
(sa[i].gvcid_blk.vcid != vcid) &&
(sa[i].gvcid_blk.mapid == mapid && sa[i].sa_state == SA_OPERATIONAL))
{
Expand All @@ -493,7 +495,7 @@ static int32_t sa_get_operational_sa_from_gvcid(uint8_t tfvn, uint16_t scid, uin
#endif
status = CRYPTO_LIB_ERR_INVALID_VCID;
}
if ((sa[i].gvcid_blk.tfvn == tfvn) && (sa[i].gvcid_blk.scid == scid) &&
else if ((sa[i].gvcid_blk.tfvn == tfvn) && (sa[i].gvcid_blk.scid == scid) &&
(sa[i].gvcid_blk.vcid == vcid) &&
(sa[i].gvcid_blk.mapid != mapid && sa[i].sa_state == SA_OPERATIONAL))
{
Expand All @@ -502,7 +504,7 @@ static int32_t sa_get_operational_sa_from_gvcid(uint8_t tfvn, uint16_t scid, uin
#endif
status = CRYPTO_LIB_ERR_INVALID_MAPID;
}
if ((sa[i].gvcid_blk.tfvn == tfvn) && (sa[i].gvcid_blk.scid == scid) &&
else if ((sa[i].gvcid_blk.tfvn == tfvn) && (sa[i].gvcid_blk.scid == scid) &&
(sa[i].gvcid_blk.vcid == vcid) &&
(sa[i].gvcid_blk.mapid == mapid && sa[i].sa_state != SA_OPERATIONAL))
{
Expand All @@ -511,6 +513,10 @@ static int32_t sa_get_operational_sa_from_gvcid(uint8_t tfvn, uint16_t scid, uin
#endif
status = CRYPTO_LIB_ERR_NO_OPERATIONAL_SA;
}
else
{
// Don't set status, could overwrite useful error message above
}
}
// Detailed debug block
#ifdef SA_DEBUG
Expand Down
Loading

0 comments on commit eb19944

Please sign in to comment.