Cryptolib#159 - Key Management

.gitignore

@@ -11,6 +11,6 @@
 __pycache__
 *.dat
 *.so
-build
+build*
 venv
 vgcore*

CMakeLists.txt

@@ -27,6 +27,9 @@ option(CODECOV "Code Coverage" OFF)
 option(CRYPTO_LIBGCRYPT "Cryptography Module - Libgcrypt" ON)
 option(CRYPTO_KMC "Cryptography Module - KMC" OFF)
 option(DEBUG "Debug" OFF)
+option(KEY_CUSTOM "Key Module - Custom" OFF)
+option(KEY_INTERNAL "Key Module - Internal" ON)
+option(KEY_KMC "Key Module - KMC OFF")
 option(SA_INTERNAL "Security Association - Internal" ON)
 option(SA_MARIADB "Security Association - MariaDB" OFF)
 option(SUPPORT "Support" OFF)

include/crypto.h

@@ -38,6 +38,7 @@
 #include "crypto_structs.h"
 #include "sadb_routine.h"
 #include "cryptography_interface.h"
+#include "key_interface.h"
 
 /*
 ** Crypto Version
@@ -57,9 +58,10 @@
 */
 
 // Crypto Library Configuration functions
-extern int32_t Crypto_Config_CryptoLib(uint8_t sadb_type, uint8_t cryptography_type, uint8_t crypto_create_fecf, uint8_t process_sdls_pdus,
-                                       uint8_t has_pus_hdr, uint8_t ignore_sa_state, uint8_t ignore_anti_replay,
-                                       uint8_t unique_sa_per_mapid, uint8_t crypto_check_fecf, uint8_t vcid_bitmask, uint8_t crypto_increment_nontransmitted_iv);
+extern int32_t Crypto_Config_CryptoLib(uint8_t key_type, uint8_t sadb_type, uint8_t cryptography_type, uint8_t crypto_create_fecf, 
+                                       uint8_t process_sdls_pdus, uint8_t has_pus_hdr, uint8_t ignore_sa_state, uint8_t ignore_anti_replay,
+                                       uint8_t unique_sa_per_mapid, uint8_t crypto_check_fecf, uint8_t vcid_bitmask, 
+                                       uint8_t crypto_increment_nontransmitted_iv);
 extern int32_t Crypto_Config_MariaDB(char* mysql_hostname, char* mysql_database, uint16_t mysql_port,
                                      uint8_t mysql_require_secure_transport, uint8_t mysql_tls_verify_server,
                                      char* mysql_tls_ca, char* mysql_tls_capath, char* mysql_mtls_cert,
@@ -187,6 +189,7 @@ extern CryptographyKmcCryptoServiceConfig_t* cryptography_kmc_crypto_config;
 extern CamConfig_t* cam_config;
 extern GvcidManagedParameters_t* gvcid_managed_parameters;
 extern GvcidManagedParameters_t* current_managed_parameters;
+extern KeyInterface key_if;
 extern SadbRoutine sadb_routine;
 extern CryptographyInterface cryptography_if;
 

include/crypto_config_structs.h

@@ -28,6 +28,12 @@ [email protected]
 
 // main config enums
 typedef enum
+{
+    KEY_TYPE_CUSTOM,
+    KEY_TYPE_INTERNAL,
+    KEY_TYPE_KMC
+} KeyType;
+typedef enum
 {
     SADB_TYPE_INMEMORY,
     SADB_TYPE_MARIADB
@@ -146,6 +152,7 @@ typedef enum
 */
 typedef struct
 {
+    KeyType key_type;
     SadbType sadb_type;
     CryptographyType cryptography_type;
     CreateFecfBool crypto_create_fecf; // Whether or not CryptoLib is expected to calculate TC FECFs and return

include/crypto_error.h

@@ -116,6 +116,7 @@
 #define CRYPTO_LIB_ERR_UNSUPPORTED_MODE (-44)
 #define CRYPTO_LIB_ERR_INPUT_FRAME_TOO_SHORT_FOR_TM_STANDARD (-45)
 #define CRYPTO_LIB_ERR_TC_ENUM_USED_FOR_TM_CONFIG (-46)
+#define CRYPTO_LIB_ERR_KEY_ID_ERROR (-47)
 
 extern char *crypto_enum_errlist_core[];
 extern char *crypto_enum_errlist_config[];

include/crypto_structs.h

@@ -25,19 +25,13 @@
 #include "common_types.h"
 #else // Assume build outside of NOS3/cFS infrastructure
 #include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
 #endif
 
 /*
-** Key Definitions
+** Definitions
 */
-typedef struct
-{
-    uint8_t value[KEY_SIZE];
-    uint32_t key_len;
-    uint8_t key_state : 4;
-} crypto_key_t;
-#define CRYPTO_KEY_SIZE (sizeof(crypto_key_t))
-
 typedef struct
 {                       // Global Virtual Channel ID / Global MAP ID
     uint8_t tfvn : 4;   // Transfer Frame Version Number

include/cryptography_interface.h

@@ -31,7 +31,6 @@ typedef struct
     // Cryptography Interface Initialization & Management Functions
     int32_t (*cryptography_config)(void);
     int32_t (*cryptography_init)(void);
-    crypto_key_t* (*get_ek_ring)(void);
     int32_t (*cryptography_shutdown)(void);
     // Cryptography Interface Functions
     int32_t (*cryptography_encrypt)(uint8_t* data_out, size_t len_data_out,

include/key_interface.h

@@ -0,0 +1,49 @@
+/* Copyright (C) 2009 - 2022 National Aeronautics and Space Administration.
+   All Foreign Rights are Reserved to the U.S. Government.
+
+   This software is provided "as is" without any warranty of any kind, either expressed, implied, or statutory,
+   including, but not limited to, any warranty that the software will conform to specifications, any implied warranties
+   of merchantability, fitness for a particular purpose, and freedom from infringement, and any warranty that the
+   documentation will conform to the program, or any warranty that the software will be error free.
+
+   In no event shall NASA be liable for any damages, including, but not limited to direct, indirect, special or
+   consequential damages, arising out of, resulting from, or in any way connected with the software or its
+   documentation, whether or not based upon warranty, contract, tort or otherwise, and whether or not loss was sustained
+   from, or arose out of the results of, or use of, the software, documentation or services provided hereunder.
+
+   ITC Team
+   NASA IV&V
+   [email protected]
+*/
+#ifndef _key_interface_h_
+#define _key_interface_h_
+
+#include "crypto_error.h"
+#include "crypto_structs.h"
+
+/* Structures */
+typedef struct
+{
+    uint8_t value[KEY_SIZE];
+    uint32_t key_len;
+    uint8_t key_state : 4;
+} crypto_key_t;
+#define CRYPTO_KEY_SIZE (sizeof(crypto_key_t))
+
+typedef struct
+{
+    /* Key Interface, SDLS */
+    crypto_key_t* (*get_key)(uint32_t key_id);
+    int32_t (*key_init)(void);
+    int32_t (*key_shutdown)(void);
+
+    /* Key Interface, SDLS-EP */
+
+}  KeyInterfaceStruct, *KeyInterface;
+
+/* Prototypes */
+KeyInterface get_key_interface_custom(void);
+KeyInterface get_key_interface_internal(void);
+KeyInterface get_key_interface_kmc(void);
+
+#endif /* _key_interface_h_ */

src/CMakeLists.txt

@@ -35,6 +35,31 @@ else()
     list(APPEND LIB_SRC_FILES ${KMC_FILES})
 endif()
 
+if(KEY_CUSTOM)
+    # Assumes CryptoLib is a Git submodule to project and custom directories and definitions exist at top level
+    aux_source_directory(../../key/custom KEY_CUSTOM_FILES)
+    list(APPEND LIB_SRC_FILES ${KEY_CUSTOM_FILES})
+else()
+    aux_source_directory(key/custom_stub KEY_CUSTOM_FILES)
+    list(APPEND LIB_SRC_FILES ${KEY_CUSTOM_FILES})
+endif()
+
+if(KEY_INTERNAL)
+    aux_source_directory(key/internal KEY_INTERNAL_FILES)
+    list(APPEND LIB_SRC_FILES ${KEY_INTERNAL_FILES})
+else()
+    aux_source_directory(key/internal_stub KEY_INTERNAL_FILES)
+    list(APPEND LIB_SRC_FILES ${KEY_INTERNAL_FILES})
+endif()
+
+if(KEY_KMC)
+    aux_source_directory(key/kmc KEY_KMC_FILES)
+    list(APPEND LIB_SRC_FILES ${KEY_KMC_FILES})
+else()
+    aux_source_directory(key/kmc_stub KEY_KMC_FILES)
+    list(APPEND LIB_SRC_FILES ${KEY_KMC_FILES})
+endif()
+
 if(SA_INTERNAL)
     aux_source_directory(sa/internal SA_INTERNAL_FILES)
     list(APPEND LIB_SRC_FILES ${SA_INTERNAL_FILES})
@@ -77,7 +102,8 @@ if(SA_MARIADB)
     target_link_libraries(Crypto ${MYSQL_LIBS})
 endif()
 
-set_target_properties(Crypto PROPERTIES PUBLIC_HEADER "../include/crypto.h;../include/crypto_config_structs.h;../include/crypto_error.h;../include/crypto_print.h;../include/crypto_structs.h;../include/crypto_config.h;")
+file(GLOB CRYPTO_INCLUDES ../include/*.h)
+set_target_properties(Crypto PROPERTIES PUBLIC_HEADER "${CRYPTO_INCLUDES}")
 
 add_custom_command(TARGET Crypto POST_BUILD
         COMMAND ${CMAKE_COMMAND} -E copy $<TARGET_FILE:Crypto> ${PROJECT_BINARY_DIR}/lib/libCrypto.so

src/core/crypto_config.c

@@ -25,12 +25,17 @@
 /*
 ** Global Variables
 */
+KeyInterface key_if = NULL;
+
 SadbRoutine sadb_routine = NULL;
+SadbMariaDBConfig_t* sadb_mariadb_config = NULL;
+
 CryptographyInterface cryptography_if = NULL;
 CryptoConfig_t* crypto_config = NULL;
-SadbMariaDBConfig_t* sadb_mariadb_config = NULL;
+
 CryptographyKmcCryptoServiceConfig_t* cryptography_kmc_crypto_config = NULL;
 CamConfig_t* cam_config = NULL;
+
 GvcidManagedParameters_t* gvcid_managed_parameters = NULL;
 GvcidManagedParameters_t* current_managed_parameters = NULL;
 
@@ -48,7 +53,7 @@ int32_t crypto_free_config_structs(void);
 int32_t Crypto_Init_TC_Unit_Test(void)
 {
     int32_t status = CRYPTO_LIB_SUCCESS;
-    Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR,
+    Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR,
                             TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE,
                             TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE);
     // TC Tests
@@ -66,7 +71,7 @@ int32_t Crypto_Init_TC_Unit_Test(void)
 int32_t Crypto_Init_TM_Unit_Test(void)
 {
     int32_t status = CRYPTO_LIB_SUCCESS;
-    Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR,
+    Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR,
                             TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE,
                             TM_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE);
     // TM Tests
@@ -119,6 +124,23 @@ int32_t Crypto_Init(void)
     // Crypto_mpPrint(gvcid_managed_parameters, 1);
 // #endif
 
+    /* Key Interface */
+    if (crypto_config->key_type == KEY_TYPE_CUSTOM)
+    {
+        key_if = get_key_interface_custom();
+    }
+    else if (crypto_config->key_type == KEY_TYPE_INTERNAL)
+    {
+        key_if = get_key_interface_internal();
+    }
+    else // KEY_TYPE_KMC
+    {
+        key_if = get_key_interface_kmc();
+    }
+    key_if->key_init();
+    // TODO: Check and return status on error
+
+    /* SA Interface */
     // Prepare SADB type from config
     if (crypto_config->sadb_type == SADB_TYPE_INMEMORY)
     {
@@ -140,6 +162,7 @@ int32_t Crypto_Init(void)
         return status;
     } // TODO: Error stack
 
+    /* Crypto Interface */
     // Prepare Cryptographic Library from config
     if(crypto_config->cryptography_type == CRYPTOGRAPHY_TYPE_LIBGCRYPT)
     {
@@ -224,6 +247,11 @@ int32_t Crypto_Shutdown(void)
         gvcid_managed_parameters = NULL;
     }
 
+    if(key_if != NULL)
+    {
+        key_if->key_shutdown();
+    }
+
     if (sadb_routine != NULL)
     {
         sadb_routine->sadb_close();
@@ -241,6 +269,7 @@ int32_t Crypto_Shutdown(void)
 
 /**
  * @brief Function: Crypto_Config_CryptoLib
+ * @param key_type: uint8
  * @param sadb_type: uint8
  * @param crypto_create_fecf: uint8
  * @param process_sdls_pdus: uint8
@@ -252,12 +281,13 @@ int32_t Crypto_Shutdown(void)
  * @param vcid_bitmask: uint8
  * @return int32: Success/Failure
  **/
-int32_t Crypto_Config_CryptoLib(uint8_t sadb_type, uint8_t cryptography_type, uint8_t crypto_create_fecf, uint8_t process_sdls_pdus,
+int32_t Crypto_Config_CryptoLib(uint8_t key_type, uint8_t sadb_type, uint8_t cryptography_type, uint8_t crypto_create_fecf, uint8_t process_sdls_pdus,
                                 uint8_t has_pus_hdr, uint8_t ignore_sa_state, uint8_t ignore_anti_replay,
                                 uint8_t unique_sa_per_mapid, uint8_t crypto_check_fecf, uint8_t vcid_bitmask, uint8_t crypto_increment_nontransmitted_iv)
 {
     int32_t status = CRYPTO_LIB_SUCCESS;
     crypto_config = (CryptoConfig_t* )calloc(1, CRYPTO_CONFIG_SIZE);
+    crypto_config->key_type = key_type;
     crypto_config->sadb_type = sadb_type;
     crypto_config->cryptography_type = cryptography_type;
     crypto_config->crypto_create_fecf = crypto_create_fecf;