cryptolib#133 - TC_t Types

.github/workflows/build.yml

@@ -4,6 +4,7 @@ on:
   push:
     branches: [ main, dev ]
   pull_request:
+    branches: [ main, dev ]
 
 jobs:
   #

.gitignore

@@ -15,3 +15,4 @@ build/
 venv
 vgcore*
 core.*
+log.txt

include/crypto.h

@@ -187,7 +187,7 @@ extern TM_FramePrimaryHeader_t tm_frame_pri_hdr;
 extern TM_FrameSecurityHeader_t tm_frame_sec_hdr; // Used to reduce bit math duplication
 
 // Global configuration structs
-extern CryptoConfig_t* crypto_config;
+extern CryptoConfig_t crypto_config;
 extern SadbMariaDBConfig_t* sa_mariadb_config;
 extern CryptographyKmcCryptoServiceConfig_t* cryptography_kmc_crypto_config;
 extern CamConfig_t* cam_config;

include/crypto_config.h

@@ -117,14 +117,15 @@
 #define IV_SIZE 16   /* TM IV size bytes */
 #define IV_SIZE_TC 4 /* TC IV size bytes */
 #define OCF_SIZE 4
-#define MAC_SIZE 16 /* bytes */ /* Deprecated, todo - remove throughout & use SA mac field specification */
+#define MAC_SIZE 16           /* bytes */
 #define FECF_SIZE 2
 #define SEGMENT_HDR_SIZE 1
-#define ECS_SIZE 4    /* bytes */
-#define ABM_SIZE 1786 // 20      /* bytes */
-#define ARSN_SIZE 20   /* total messages */
-#define ARSNW_SIZE 1   /* bytes */
-#define SN_SIZE 16
+#define ECS_SIZE 4            /* bytes */
+#define ABM_SIZE 1786         /* bytes */
+#define ARSN_SIZE 20          /* total messages */
+#define ARSNW_SIZE 1          /* bytes */
+#define SN_SIZE 16            /* bytes */
+#define PAD_SIZE 32           /* bytes */
 #define CHALLENGE_SIZE 16     /* bytes */
 #define CHALLENGE_MAC_SIZE 16 /* bytes */
 

include/crypto_config_structs.h

@@ -28,6 +28,11 @@ [email protected]
 
 // main config enums
 typedef enum
+{
+    UNITIALIZED = 0,
+    INITIALIZED
+} InitStatus;
+typedef enum
 {
     KEY_TYPE_CUSTOM,
     KEY_TYPE_INTERNAL,
@@ -163,6 +168,7 @@ typedef enum
 */
 typedef struct
 {
+    InitStatus init_status;
     KeyType key_type;
     McType mc_type;
     SadbType sa_type;

include/crypto_structs.h

@@ -255,18 +255,18 @@ typedef struct
 {
     uint8_t sh : TC_SH_SIZE;  // Segment Header
     uint16_t spi;             // Security Parameter Index
-    uint8_t* iv;      // Initialization Vector for encryption
+    uint8_t iv[IV_SIZE];      // Initialization Vector for encryption
     uint8_t iv_field_len;
-    uint8_t* sn;   // Sequence Number for anti-replay
+    uint8_t sn[SN_SIZE];      // Sequence Number for anti-replay
     uint8_t sn_field_len;
-    uint8_t* pad; // Count of the used fill Bytes
+    uint8_t pad[PAD_SIZE];    // Count of the used fill Bytes
     uint8_t pad_field_len;
 } TC_FrameSecurityHeader_t;
 #define TC_FRAME_SECHEADER_SIZE (sizeof(TC_FrameSecurityHeader_t))
 
 typedef struct
 {
-    uint8_t* mac; // Message Authentication Code
+    uint8_t mac[MAC_SIZE]; // Message Authentication Code
     uint8_t mac_field_len;
     uint16_t fecf;         // Frame Error Control Field
 } TC_FrameSecurityTrailer_t;

src/core/crypto.c

@@ -721,7 +721,7 @@ int32_t Crypto_Process_Extended_Procedure_Pdu(TC_t* tc_sdls_processed_frame, uin
     int32_t status = CRYPTO_LIB_SUCCESS;
     int x;
 
-    if (crypto_config->has_pus_hdr == TC_HAS_PUS_HDR)
+    if (crypto_config.has_pus_hdr == TC_HAS_PUS_HDR)
     {
         if ((tc_sdls_processed_frame->tc_pdu[0] == 0x18) && (tc_sdls_processed_frame->tc_pdu[1] == 0x80))
         // Crypto Lib Application ID
@@ -816,7 +816,7 @@ int32_t Crypto_Check_Anti_Replay(SecurityAssociation_t *sa_ptr, uint8_t *arsn, u
     {
         return CRYPTO_LIB_ERR_NULL_ARSN;
     }
-    if (iv == NULL && sa_ptr->shivf_len > 0 && crypto_config->cryptography_type != CRYPTOGRAPHY_TYPE_KMCCRYPTO)
+    if (iv == NULL && sa_ptr->shivf_len > 0 && crypto_config.cryptography_type != CRYPTOGRAPHY_TYPE_KMCCRYPTO)
     {
         return CRYPTO_LIB_ERR_NULL_IV;
     }
@@ -858,7 +858,7 @@ int32_t Crypto_Check_Anti_Replay(SecurityAssociation_t *sa_ptr, uint8_t *arsn, u
     if ((sa_ptr->iv_len > 0) && (sa_ptr->ecs == CRYPTO_CIPHER_AES256_GCM))
     {
         // Check IV is in ARSNW
-        if(crypto_config->crypto_increment_nontransmitted_iv == SA_INCREMENT_NONTRANSMITTED_IV_TRUE)
+        if(crypto_config.crypto_increment_nontransmitted_iv == SA_INCREMENT_NONTRANSMITTED_IV_TRUE)
         {
             status = Crypto_window(iv, sa_ptr->iv, sa_ptr->iv_len, sa_ptr->arsnw);
         } else // SA_INCREMENT_NONTRANSMITTED_IV_FALSE

src/core/crypto_config.c

@@ -25,14 +25,14 @@
 /*
 ** Global Variables
 */
+CryptographyInterface cryptography_if = NULL;
 KeyInterface key_if = NULL;
 McInterface mc_if = NULL;
 SaInterface sa_if = NULL;
 
 SadbMariaDBConfig_t* sa_mariadb_config = NULL;
 
-CryptographyInterface cryptography_if = NULL;
-CryptoConfig_t* crypto_config = NULL;
+CryptoConfig_t crypto_config;
 
 CryptographyKmcCryptoServiceConfig_t* cryptography_kmc_crypto_config = NULL;
 CamConfig_t* cam_config = NULL;
@@ -106,7 +106,11 @@ int32_t Crypto_Init_With_Configs(CryptoConfig_t* crypto_config_p, GvcidManagedPa
                                  SadbMariaDBConfig_t* sa_mariadb_config_p, CryptographyKmcCryptoServiceConfig_t* cryptography_kmc_crypto_config_p)
 {
     int32_t status = CRYPTO_LIB_SUCCESS;
-    crypto_config = crypto_config_p;
+    if(crypto_config_p != NULL)
+    {
+        memcpy(&crypto_config, crypto_config_p, CRYPTO_CONFIG_SIZE);
+        crypto_config.init_status = INITIALIZED;
+    }
     gvcid_managed_parameters = gvcid_managed_parameters_p;
     sa_mariadb_config = sa_mariadb_config_p;
     cryptography_kmc_crypto_config = cryptography_kmc_crypto_config_p;
@@ -122,7 +126,7 @@ int32_t Crypto_Init(void)
 {
     int32_t status = CRYPTO_LIB_SUCCESS;
 
-    if (crypto_config == NULL)
+    if (crypto_config.init_status == UNITIALIZED)
     {
         status = CRYPTO_CONFIGURATION_NOT_COMPLETE;
         printf(KRED "ERROR: CryptoLib must be configured before intializing!\n" RESET);
@@ -140,11 +144,11 @@ int32_t Crypto_Init(void)
 // #endif
 
     /* Key Interface */
-    if (crypto_config->key_type == KEY_TYPE_CUSTOM)
+    if (crypto_config.key_type == KEY_TYPE_CUSTOM)
     {
         key_if = get_key_interface_custom();
     }
-    else if (crypto_config->key_type == KEY_TYPE_INTERNAL)
+    else if (crypto_config.key_type == KEY_TYPE_INTERNAL)
     {
         key_if = get_key_interface_internal();
     }
@@ -156,7 +160,7 @@ int32_t Crypto_Init(void)
     // TODO: Check and return status on error
 
     /* MC Interface */
-    if (crypto_config->mc_type == MC_TYPE_CUSTOM)
+    if (crypto_config.mc_type == MC_TYPE_CUSTOM)
     {
         mc_if = get_mc_interface_custom();
     }
@@ -169,15 +173,15 @@ int32_t Crypto_Init(void)
 
     /* SA Interface */
     // Prepare SA type from config
-    if (crypto_config->sa_type == SA_TYPE_CUSTOM)
+    if (crypto_config.sa_type == SA_TYPE_CUSTOM)
     {
         sa_if = get_sa_interface_custom();
     }
-    else if (crypto_config->sa_type == SA_TYPE_INMEMORY)
+    else if (crypto_config.sa_type == SA_TYPE_INMEMORY)
     {
         sa_if = get_sa_interface_inmemory();
     }
-    else if (crypto_config->sa_type == SA_TYPE_MARIADB)
+    else if (crypto_config.sa_type == SA_TYPE_MARIADB)
     {
         if (sa_mariadb_config == NULL)
         {
@@ -195,11 +199,11 @@ int32_t Crypto_Init(void)
 
     /* Crypto Interface */
     // Prepare Cryptographic Library from config
-    if(crypto_config->cryptography_type == CRYPTOGRAPHY_TYPE_LIBGCRYPT)
+    if(crypto_config.cryptography_type == CRYPTOGRAPHY_TYPE_LIBGCRYPT)
     {
         cryptography_if = get_cryptography_interface_libgcrypt();
     }
-    else if (crypto_config->cryptography_type == CRYPTOGRAPHY_TYPE_KMCCRYPTO)
+    else if (crypto_config.cryptography_type == CRYPTOGRAPHY_TYPE_KMCCRYPTO)
     {
         if (cryptography_kmc_crypto_config == NULL)
         {
@@ -324,21 +328,21 @@ int32_t Crypto_Config_CryptoLib(uint8_t key_type, uint8_t mc_type, uint8_t sa_ty
                                 uint8_t unique_sa_per_mapid, uint8_t crypto_check_fecf, uint8_t vcid_bitmask, uint8_t crypto_increment_nontransmitted_iv)
 {
     int32_t status = CRYPTO_LIB_SUCCESS;
-    crypto_config = (CryptoConfig_t* )calloc(1, CRYPTO_CONFIG_SIZE);
-    crypto_config->key_type = key_type;
-    crypto_config->mc_type = mc_type;
-    crypto_config->sa_type = sa_type;
-    crypto_config->cryptography_type = cryptography_type;
-    crypto_config->iv_type = iv_type;
-    crypto_config->crypto_create_fecf = crypto_create_fecf;
-    crypto_config->process_sdls_pdus = process_sdls_pdus;
-    crypto_config->has_pus_hdr = has_pus_hdr;
-    crypto_config->ignore_sa_state = ignore_sa_state;
-    crypto_config->ignore_anti_replay = ignore_anti_replay;
-    crypto_config->unique_sa_per_mapid = unique_sa_per_mapid;
-    crypto_config->crypto_check_fecf = crypto_check_fecf;
-    crypto_config->vcid_bitmask = vcid_bitmask;
-    crypto_config->crypto_increment_nontransmitted_iv = crypto_increment_nontransmitted_iv;
+    crypto_config.init_status = INITIALIZED;
+    crypto_config.key_type = key_type;
+    crypto_config.mc_type = mc_type;
+    crypto_config.sa_type = sa_type;
+    crypto_config.cryptography_type = cryptography_type;
+    crypto_config.iv_type = iv_type;
+    crypto_config.crypto_create_fecf = crypto_create_fecf;
+    crypto_config.process_sdls_pdus = process_sdls_pdus;
+    crypto_config.has_pus_hdr = has_pus_hdr;
+    crypto_config.ignore_sa_state = ignore_sa_state;
+    crypto_config.ignore_anti_replay = ignore_anti_replay;
+    crypto_config.unique_sa_per_mapid = unique_sa_per_mapid;
+    crypto_config.crypto_check_fecf = crypto_check_fecf;
+    crypto_config.vcid_bitmask = vcid_bitmask;
+    crypto_config.crypto_increment_nontransmitted_iv = crypto_increment_nontransmitted_iv;
     return status;
 }
 
@@ -479,8 +483,8 @@ int32_t crypto_free_config_structs(void)
 {
     int32_t status = CRYPTO_LIB_SUCCESS;
 
-    free(crypto_config); //no strings in this struct, just free it.
-    crypto_config=NULL;
+    //free(crypto_config); //no strings in this struct, just free it.
+    crypto_config.init_status = UNITIALIZED;
 
     // Config structs with char* types that are malloc'd and must be freed individually.
     if(sa_mariadb_config != NULL)