From 174e896c0f1587f4b4a0b0ed21d567a6ba2496d6 Mon Sep 17 00:00:00 2001 From: "Lucas, John P" Date: Fri, 15 Mar 2024 09:23:17 -0400 Subject: [PATCH 1/7] [nasa/nos3#202] Updated standalone to use host to ip translation; --- support/standalone/standalone.c | 162 ++++++++++++++++++++++---------- support/standalone/standalone.h | 20 +++- 2 files changed, 131 insertions(+), 51 deletions(-) diff --git a/support/standalone/standalone.c b/support/standalone/standalone.c index 32d905d2..d3fc719f 100644 --- a/support/standalone/standalone.c +++ b/support/standalone/standalone.c @@ -219,7 +219,27 @@ int32_t crypto_standalone_process_command(int32_t cc, int32_t num_tokens, char* return status; } -int32_t crypto_standalone_udp_init(udp_info_t* sock, int32_t port) +int32_t crypto_host_to_ip(const char * hostname, char* ip) +{ + struct hostent *he; + struct in_addr **addr_list; + + if ( (he = gethostbyname( hostname ) ) == NULL ) + { + return 1; + } + + addr_list = (struct in_addr **) he->h_addr_list; + + for(int i=0; addr_list[i] != NULL; i++) + { + strcpy(ip, inet_ntoa(*addr_list[i]) ); + return 0; + } + return 1; +} + +int32_t crypto_standalone_udp_init(udp_info_t* sock, int32_t port, uint8_t bind_sock) { int status = CRYPTO_LIB_SUCCESS; int optval; @@ -231,19 +251,35 @@ int32_t crypto_standalone_udp_init(udp_info_t* sock, int32_t port) sock->sockfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_IP); if (sock->sockfd == -1) { - printf("udp_init: Socket create error port %d", sock->port); + printf("udp_init: Socket create error port %d \n", sock->port); } + /* Determine IP */ + sock->saddr.sin_family = AF_INET; + if(inet_addr(sock->ip_address) != INADDR_NONE) + { + sock->saddr.sin_addr.s_addr = inet_addr(sock->ip_address); + } + else + { + char ip[16]; + int check = crypto_host_to_ip(sock->ip_address, ip); + if(check == 0) + { + sock->saddr.sin_addr.s_addr = inet_addr(ip); + } + } + sock->saddr.sin_port = htons(sock->port); + /* Bind */ - struct sockaddr_in saddr; - saddr.sin_family = AF_INET; - saddr.sin_addr.s_addr = inet_addr("0.0.0.0"); - saddr.sin_port = htons(sock->port); - status = bind(sock->sockfd, (struct sockaddr*)&saddr, sizeof(saddr)); - if (status != 0) + if (bind_sock > 0) { - printf(" udp_init: Socker bind error with port %d", sock->port); - status = CRYPTO_LIB_ERROR; + status = bind(sock->sockfd, (struct sockaddr*)&sock->saddr, sizeof(sock->saddr)); + if (status != 0) + { + printf(" udp_init: Socker bind error with port %d \n", sock->port); + status = CRYPTO_LIB_ERROR; + } } /* Keep Alive */ @@ -297,10 +333,12 @@ void crypto_standalone_tc_frame(uint8_t* in_data, uint16_t in_length, uint8_t* o /* SDLS Trailer */ } -void *crypto_standalone_tc_apply(void* sock) +void *crypto_standalone_tc_apply(void* socks) { int32_t status = CRYPTO_LIB_SUCCESS; - udp_info_t* tc_sock = (udp_info_t* )sock; + udp_interface_t* tc_socks = (udp_interface_t*)socks; + udp_info_t* tc_read_sock = &tc_socks->read; + udp_info_t* tc_write_sock = &tc_socks->write; uint8_t tc_apply_in[TC_MAX_FRAME_SIZE]; uint16_t tc_in_len = 0; @@ -311,21 +349,15 @@ void *crypto_standalone_tc_apply(void* sock) uint8_t tc_framed[TC_MAX_FRAME_SIZE]; #endif - struct sockaddr_in rcv_addr; - struct sockaddr_in fwd_addr; int sockaddr_size = sizeof(struct sockaddr_in); - fwd_addr.sin_family = AF_INET; - fwd_addr.sin_addr.s_addr = inet_addr("0.0.0.0"); - fwd_addr.sin_port = htons(TC_APPLY_FWD_PORT); - /* Prepare */ memset(tc_apply_in, 0x00, sizeof(tc_apply_in)); while (keepRunning == CRYPTO_LIB_SUCCESS) { /* Receive */ - status = recvfrom(tc_sock->sockfd, tc_apply_in, sizeof(tc_apply_in), 0, (struct sockaddr*)&rcv_addr, (socklen_t*)&sockaddr_size); + status = recvfrom(tc_read_sock->sockfd, tc_apply_in, sizeof(tc_apply_in), 0, (struct sockaddr*)&tc_read_sock->ip_address, (socklen_t*)&sockaddr_size); if (status != -1) { tc_in_len = status; @@ -371,7 +403,7 @@ void *crypto_standalone_tc_apply(void* sock) } /* Reply */ - status = sendto(tc_sock->sockfd, tc_out_ptr, tc_out_len, 0, (struct sockaddr*)&fwd_addr, sizeof(fwd_addr)); + status = sendto(tc_write_sock->sockfd, tc_out_ptr, tc_out_len, 0, (struct sockaddr*)&tc_write_sock->saddr, sizeof(tc_write_sock->saddr)); if ((status == -1) || (status != tc_out_len)) { printf("crypto_standalone_tc_apply - Reply error %d \n", status); @@ -398,8 +430,9 @@ void *crypto_standalone_tc_apply(void* sock) /* Delay */ usleep(100); } - close(tc_sock->port); - return tc_sock; + close(tc_read_sock->port); + close(tc_write_sock->port); + return tc_read_sock; } void crypto_standalone_tm_frame(uint8_t* in_data, uint16_t in_length, uint8_t* out_data, uint16_t* out_length, uint16_t spi) @@ -428,11 +461,13 @@ void crypto_standalone_tm_frame(uint8_t* in_data, uint16_t in_length, uint8_t* o memcpy(out_data, &in_data[header_length], in_length - header_length - trailer_length); } -void* crypto_standalone_tm_process(void* sock) +void* crypto_standalone_tm_process(void* socks) { int32_t status = CRYPTO_LIB_SUCCESS; - udp_info_t* tm_sock = (udp_info_t*)sock; - + udp_interface_t* tm_socks = (udp_interface_t*)socks; + udp_info_t* tm_read_sock = &tm_socks->read; + udp_info_t* tm_write_sock = &tm_socks->write; + uint8_t tm_process_in[TM_CADU_SIZE]; // Accounts for ASM automatically based on #def int tm_process_len = 0; uint16_t spp_len = 0; @@ -444,18 +479,12 @@ void* crypto_standalone_tm_process(void* sock) uint16_t tm_framed_len = 0; #endif - struct sockaddr_in rcv_addr; - struct sockaddr_in fwd_addr; int sockaddr_size = sizeof(struct sockaddr_in); - fwd_addr.sin_family = AF_INET; - fwd_addr.sin_addr.s_addr = inet_addr("0.0.0.0"); - fwd_addr.sin_port = htons(TM_PROCESS_FWD_PORT); - while (keepRunning == CRYPTO_LIB_SUCCESS) { /* Receive */ - status = recvfrom(tm_sock->sockfd, tm_process_in, sizeof(tm_process_in), 0, (struct sockaddr*)&rcv_addr, (socklen_t*)&sockaddr_size); + status = recvfrom(tm_read_sock->sockfd, tm_process_in, sizeof(tm_process_in), 0, (struct sockaddr*)&tm_read_sock->ip_address, (socklen_t*)&sockaddr_size); if (status != -1) { tm_process_len = status; @@ -554,7 +583,7 @@ void* crypto_standalone_tm_process(void* sock) // Send all SPP telemetry packets if (tm_ptr[0] == 0x08) { - status = sendto(tm_sock->sockfd, tm_ptr, spp_len, 0, (struct sockaddr*)&fwd_addr, sizeof(fwd_addr)); + status = sendto(tm_write_sock->sockfd, tm_ptr, spp_len, 0, (struct sockaddr*)&tm_write_sock->ip_address, sockaddr_size); } // Only send idle packets if configured to do so else @@ -563,7 +592,7 @@ void* crypto_standalone_tm_process(void* sock) // Don't forward idle packets status = spp_len; #else - status = sendto(tm_sock->sockfd, tm_ptr, spp_len, 0, (struct sockaddr*)&fwd_addr, sizeof(fwd_addr)); + status = sendto(tm_write_sock->sockfd, tm_ptr, spp_len, 0, (struct sockaddr*)&m_write_sock->ip_address, sockaddr_size); #endif } @@ -583,7 +612,7 @@ void* crypto_standalone_tm_process(void* sock) // Don't forward idle frame status = spp_len; #else - status = sendto(tm_sock->sockfd, tm_ptr, tm_process_len, 0, (struct sockaddr*)&fwd_addr, sizeof(fwd_addr)); + status = sendto(tm_write_sock->sockfd, tm_ptr, tm_process_len, 0, (struct sockaddr*)&tm_write_sock->ip_address, sockaddr_size); if ((status == -1) || (status != spp_len)) { printf("crypto_standalone_tm_process - Reply error %d \n", status); @@ -615,8 +644,9 @@ void* crypto_standalone_tm_process(void* sock) /* Delay */ usleep(100); } - close(tm_sock->port); - return tm_sock; + close(tm_read_sock->port); + close(tm_write_sock->port); + return tm_read_sock; } void crypto_standalone_cleanup(const int signal) @@ -642,15 +672,22 @@ int main(int argc, char* argv[]) int cmd; char* token_ptr; - udp_info_t tc_apply; - udp_info_t tm_process; + udp_interface_t tc_apply; + udp_interface_t tm_process; + pthread_t tc_apply_thread; pthread_t tm_process_thread; + tc_apply.read.ip_address = CRYPTOLIB_HOSTNAME; + tc_apply.read.port = TC_APPLY_PORT; + tc_apply.write.ip_address = SC_HOSTNAME; + tc_apply.write.port = TC_APPLY_FWD_PORT; + tm_process.read.ip_address = CRYPTOLIB_HOSTNAME; + tm_process.read.port = TM_PROCESS_PORT; + tm_process.write.ip_address = GSW_HOSTNAME; + tm_process.write.port = TM_PROCESS_FWD_PORT; + printf("Starting CryptoLib in standalone mode! \n"); - printf(" TC Apply - UDP %d \n", TC_APPLY_PORT); - printf(" TM Process - UDP %d \n", TM_PROCESS_PORT); - printf("\n"); if (argc != 1) { printf("Invalid number of arguments! \n"); @@ -668,18 +705,37 @@ int main(int argc, char* argv[]) /* Initialize sockets */ if (keepRunning == CRYPTO_LIB_SUCCESS) { - status = crypto_standalone_udp_init(&tc_apply, TC_APPLY_PORT); + status = crypto_standalone_udp_init(&tc_apply.read, TC_APPLY_PORT, 1); + if (status != CRYPTO_LIB_SUCCESS) + { + printf("crypto_standalone_udp_init tc_apply.read failed with status %d \n", status); + keepRunning = CRYPTO_LIB_ERROR; + } + else + { + status = crypto_standalone_udp_init(&tc_apply.write, TC_APPLY_FWD_PORT, 0); + if (status != CRYPTO_LIB_SUCCESS) + { + printf("crypto_standalone_udp_init tc_apply.write failed with status %d \n", status); + keepRunning = CRYPTO_LIB_ERROR; + } + } + } + + if (keepRunning == CRYPTO_LIB_SUCCESS) + { + status = crypto_standalone_udp_init(&tm_process.read, TM_PROCESS_PORT, 1); if (status != CRYPTO_LIB_SUCCESS) { - printf("crypto_standalone_udp_init tc_apply failed with status %d \n", status); + printf("crypto_standalone_udp_init tm_apply.read failed with status %d \n", status); keepRunning = CRYPTO_LIB_ERROR; } else { - status = crypto_standalone_udp_init(&tm_process, TM_PROCESS_PORT); + status = crypto_standalone_udp_init(&tm_process.write, TM_PROCESS_FWD_PORT, 0); if (status != CRYPTO_LIB_SUCCESS) { - printf("crypto_standalone_udp_init tm_process failed with status %d \n", status); + printf("crypto_standalone_udp_init tc_apply.write failed with status %d \n", status); keepRunning = CRYPTO_LIB_ERROR; } } @@ -691,6 +747,14 @@ int main(int argc, char* argv[]) /* Start threads */ if (keepRunning == CRYPTO_LIB_SUCCESS) { + printf(" TC Apply \n"); + printf(" Read, UDP - %s : %d \n", tc_apply.read.ip_address, tc_apply.read.port); + printf(" Write, UDP - %s : %d \n", tc_apply.write.ip_address, tc_apply.write.port); + printf(" TM Process \n"); + printf(" Read, UDP - %s : %d \n", tm_process.read.ip_address, tm_process.read.port); + printf(" Write, UDP - %s : %d \n", tm_process.write.ip_address, tm_process.write.port); + printf("\n"); + status = pthread_create(&tc_apply_thread, NULL, *crypto_standalone_tc_apply, &tc_apply); if (status < 0) { @@ -745,8 +809,10 @@ int main(int argc, char* argv[]) } /* Cleanup */ - close(tc_apply.port); - close(tm_process.port); + close(tc_apply.read.port); + close(tc_apply.write.port); + close(tm_process.read.port); + close(tm_process.write.port); Crypto_Shutdown(); diff --git a/support/standalone/standalone.h b/support/standalone/standalone.h index 75ae0179..2da7bc90 100644 --- a/support/standalone/standalone.h +++ b/support/standalone/standalone.h @@ -32,10 +32,12 @@ extern "C" #include #include #include +#include //hostent #include #include #include #include +#include #include #include "crypto.h" @@ -45,6 +47,9 @@ extern "C" /* ** Configuration */ +#define CRYPTOLIB_HOSTNAME "cryptolib" +#define GSW_HOSTNAME "cosmos" +#define SC_HOSTNAME "radio_sim" #define TC_APPLY_PORT 6010 #define TC_APPLY_FWD_PORT 8010 #define TM_PROCESS_PORT 8011 @@ -89,9 +94,17 @@ extern "C" typedef struct { int sockfd; + char* ip_address; int port; + struct sockaddr_in saddr; } udp_info_t; +typedef struct +{ + udp_info_t read; + udp_info_t write; +} udp_interface_t; + /* ** Prototypes @@ -101,12 +114,13 @@ void crypto_standalone_to_lower(char* str); void crypto_standalone_print_help(void); int32_t crypto_standalone_get_command(const char* str); int32_t crypto_standalone_process_command(int32_t cc, int32_t num_tokens, char* tokens); -int32_t crypto_standalone_udp_init(udp_info_t* sock, int32_t port); +int32_t crypto_host_to_ip(const char * hostname, char* ip); +int32_t crypto_standalone_udp_init(udp_info_t* sock, int32_t port, uint8_t bind_sock); int32_t crypto_reset(void); void crypto_standalone_tc_frame(uint8_t* in_data, uint16_t in_length, uint8_t* out_data, uint16_t* out_length); -void* crypto_standalone_tc_apply(void* sock); +void* crypto_standalone_tc_apply(void* socks); void crypto_standalone_tm_frame(uint8_t* in_data, uint16_t in_length, uint8_t* out_data, uint16_t* out_length, uint16_t spi); -void* crypto_standalone_tm_process(void* sock); +void* crypto_standalone_tm_process(void* socks); void crypto_standalone_cleanup(const int signal); From dd6065a084577af580cdc59b596aa726b03f1b3d Mon Sep 17 00:00:00 2001 From: "Lucas, John P" Date: Tue, 19 Mar 2024 20:10:54 -0400 Subject: [PATCH 2/7] [nasa/nos3#202] Updated sa_service_type check that caused error prints and made standalone TC calculate FECF; --- src/core/crypto_tc.c | 5 ++++- support/standalone/standalone.c | 6 ++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/src/core/crypto_tc.c b/src/core/crypto_tc.c index 7fbec841..3cce8601 100644 --- a/src/core/crypto_tc.c +++ b/src/core/crypto_tc.c @@ -322,7 +322,10 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in } } - if (sa_service_type != (SA_PLAINTEXT || SA_AUTHENTICATED_ENCRYPTION || SA_ENCRYPTION || SA_AUTHENTICATION)) + if ((sa_service_type != SA_PLAINTEXT) && + (sa_service_type != SA_AUTHENTICATED_ENCRYPTION) && + (sa_service_type != SA_ENCRYPTION) && + (sa_service_type != SA_AUTHENTICATION)) { printf(KRED "Unknown SA Service Type Detected!" RESET); } diff --git a/support/standalone/standalone.c b/support/standalone/standalone.c index d3fc719f..e3b0f685 100644 --- a/support/standalone/standalone.c +++ b/support/standalone/standalone.c @@ -344,6 +344,7 @@ void *crypto_standalone_tc_apply(void* socks) uint16_t tc_in_len = 0; uint8_t* tc_out_ptr; uint16_t tc_out_len = 0; + uint16_t fecf; #ifdef CRYPTO_STANDALONE_HANDLE_FRAMING uint8_t tc_framed[TC_MAX_FRAME_SIZE]; @@ -392,6 +393,11 @@ void *crypto_standalone_tc_apply(void* socks) status = Crypto_TC_ApplySecurity(tc_apply_in, tc_in_len, &tc_out_ptr, &tc_out_len); if (status == CRYPTO_LIB_SUCCESS) { + /* Calculate FECF */ + fecf = Crypto_Calc_FECF(tc_out_ptr, tc_out_len - 2); + tc_out_ptr[tc_out_len - 2] = (uint8_t)((fecf & 0xFF00) >> 8); + tc_out_ptr[tc_out_len - 1] = (uint8_t)(fecf & 0x00FF); + if (tc_debug == 1) { printf("crypto_standalone_tc_apply - status = %d, encrypted[%d]: 0x", status, tc_out_len); From 56e99b94ed9eba44b812a0b1279b584641fe1c5a Mon Sep 17 00:00:00 2001 From: "Lucas, John P" Date: Wed, 27 Mar 2024 08:29:51 -0400 Subject: [PATCH 3/7] [nasa/nos3#202] Changed back to use Crypto_Init_TC_Unit_Test and fixed tab offset; --- support/standalone/standalone.c | 35 +++++++++++++++++---------------- 1 file changed, 18 insertions(+), 17 deletions(-) diff --git a/support/standalone/standalone.c b/support/standalone/standalone.c index e3b0f685..9d82b44b 100644 --- a/support/standalone/standalone.c +++ b/support/standalone/standalone.c @@ -141,23 +141,23 @@ int32_t crypto_standalone_process_command(int32_t cc, int32_t num_tokens, char* } break; - case CRYPTO_CMD_VCID: - if (crypto_standalone_check_number_arguments(num_tokens, 1) == CRYPTO_LIB_SUCCESS) + case CRYPTO_CMD_VCID: + if (crypto_standalone_check_number_arguments(num_tokens, 1) == CRYPTO_LIB_SUCCESS) + { + uint8_t vcid = (uint8_t) atoi(&tokens[0]); + /* Confirm new VCID valid */ + if (vcid < 64) { - uint8_t vcid = (uint8_t) atoi(&tokens[0]); - /* Confirm new VCID valid */ - if (vcid < 64) + SaInterface sa_if = get_sa_interface_inmemory(); + SecurityAssociation_t* test_association = NULL; + sa_if->sa_get_from_spi(vcid, &test_association); + + /* Handle special case for VCID */ + if(vcid == 1) { - SaInterface sa_if = get_sa_interface_inmemory(); - SecurityAssociation_t* test_association = NULL; - sa_if->sa_get_from_spi(vcid, &test_association); - - /* Handle special case for VCID */ - if(vcid == 1) - { - printf("Special case for VCID 1! \n"); - vcid = 0; - } + printf("Special case for VCID 1! \n"); + vcid = 0; + } if ((test_association->sa_state == SA_OPERATIONAL) && (test_association->gvcid_blk.mapid == TYPE_TC) && @@ -300,8 +300,9 @@ int32_t crypto_reset(void) printf("CryptoLib initialization failed with error %d \n", status); } - status = Crypto_Init_TM_Unit_Test(); - // TODO: CryptoLib appears to be looking at the second byte and not specficially the SCID bits + status = Crypto_Init_TC_Unit_Test(); + // TODO: Crypto_Init_TM_Unit_Test() appears to be looking at the second byte and not specifically the SCID bits + // TODO: How to initialize for both TC and TM? if (status != CRYPTO_LIB_SUCCESS) { printf("CryptoLib initialization failed with error %d \n", status); From a344ffdd75c3275c756688da38fa73e303d1e518 Mon Sep 17 00:00:00 2001 From: "Lucas, John P" Date: Thu, 28 Mar 2024 10:52:10 -0400 Subject: [PATCH 4/7] [nasa/nos3#202] Rename to be SC_Init; --- include/crypto.h | 2 +- src/core/crypto_config.c | 17 ++++++++++++++--- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/include/crypto.h b/include/crypto.h index a153b774..b70ccb97 100644 --- a/include/crypto.h +++ b/include/crypto.h @@ -87,7 +87,7 @@ extern int32_t Crypto_Init_With_Configs( CryptoConfig_t* crypto_config_p, GvcidManagedParameters_t* gvcid_managed_parameters_p, SadbMariaDBConfig_t* sa_mariadb_config_p, CryptographyKmcCryptoServiceConfig_t* cryptography_kmc_crypto_config_p); // Initialize CryptoLib With Application Defined Configuration -extern int32_t Crypto_TC_Init(void); +extern int32_t Crypto_SC_Init(void); // Initialize CryptoLib with Spacecraft default Configurations extern int32_t Crypto_Init_TC_Unit_Test(void); // Initialize CryptoLib with unit test default Configurations extern int32_t Crypto_Init_TM_Unit_Test(void); // Initialize CryptoLib with unit test default Configurations extern int32_t Crypto_Init_AOS_Unit_Test(void); // Initialize CryptoLib with unit test default Configurations diff --git a/src/core/crypto_config.c b/src/core/crypto_config.c index 03b0b5ef..a283a3e8 100644 --- a/src/core/crypto_config.c +++ b/src/core/crypto_config.c @@ -51,10 +51,22 @@ int32_t crypto_free_config_structs(void); * @brief Function: Crypto_Init_TC_Unit_Test * @return int32: status **/ -int32_t Crypto_TC_Init(void) +int32_t Crypto_SC_Init(void) { int32_t status = CRYPTO_LIB_SUCCESS; - status = Crypto_Init_TC_Unit_Test(); + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, + TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, + TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, + SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + // TC + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 4, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + + // TM + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + status = Crypto_Init(); return status; } @@ -75,7 +87,6 @@ int32_t Crypto_Init_TC_Unit_Test(void) Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 4, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); - printf("Crypto_Init TC Called.\n"); return status; } From 30e457d62bdbc561f622a8d620121e4fd556af30 Mon Sep 17 00:00:00 2001 From: "Lucas, John P" Date: Tue, 2 Apr 2024 15:50:47 -0400 Subject: [PATCH 5/7] [nos3#202] Setup SC init to use vcid[0] as TC clear, vcid[1] as TM clear, and vcid[4] as TC encrypted - also added startup delay to standalone; --- src/core/crypto_config.c | 3 +-- .../internal/sa_interface_inmemory.template.c | 26 ++++++++----------- support/standalone/standalone.c | 7 ++--- 3 files changed, 16 insertions(+), 20 deletions(-) diff --git a/src/core/crypto_config.c b/src/core/crypto_config.c index a283a3e8..7dec1c93 100644 --- a/src/core/crypto_config.c +++ b/src/core/crypto_config.c @@ -61,11 +61,10 @@ int32_t Crypto_SC_Init(void) SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // TC Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 4, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); // TM - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); return status; } diff --git a/src/sa/internal/sa_interface_inmemory.template.c b/src/sa/internal/sa_interface_inmemory.template.c index 15764669..211fd34d 100644 --- a/src/sa/internal/sa_interface_inmemory.template.c +++ b/src/sa/internal/sa_interface_inmemory.template.c @@ -73,8 +73,7 @@ int32_t sa_config(void) int32_t status = CRYPTO_LIB_SUCCESS; // Security Associations - // SA 1 - CLEAR MODE - // SA 1 VC0/1 is now SA 1-VC0, SA 8-VC1 + // SA 1 - TC CLEAR MODE sa[1].spi = 1; sa[1].sa_state = SA_OPERATIONAL; sa[1].est = 0; @@ -89,21 +88,18 @@ int32_t sa_config(void) sa[1].gvcid_blk.vcid = 0; sa[1].gvcid_blk.mapid = TYPE_TC; - // SA 2 - KEYED; ARSNW:5; AES-GCM; IV:00...00; IV-len:12; MAC-len:16; Key-ID: 128 - sa[2].spi = 2; - sa[2].ekid = 128; - sa[2].sa_state = SA_KEYED; - sa[2].est = 1; - sa[2].ast = 1; - sa[2].ecs_len = 1; - sa[2].ecs = CRYPTO_CIPHER_AES256_GCM; - sa[2].shivf_len = 12; - sa[2].iv_len = 12; - *(sa[2].iv + sa[2].shivf_len - 1) = 0; - sa[2].abm_len = ABM_SIZE; // 20 + // SA 2 - TM CLEAR MODE + sa[2].spi = 8; + sa[2].sa_state = SA_OPERATIONAL; + sa[2].est = 0; + sa[2].ast = 0; + sa[2].arsn_len = 1; sa[2].arsnw_len = 1; sa[2].arsnw = 5; - sa[2].arsn_len = (sa[2].arsnw * 2) + 1; + sa[2].gvcid_blk.tfvn = 0; + sa[2].gvcid_blk.scid = SCID & 0x3FF; + sa[2].gvcid_blk.vcid = 1; + sa[2].gvcid_blk.mapid = TYPE_TM; // SA 3 - KEYED; ARSNW:5; AES-GCM; IV:00...00; IV-len:12; MAC-len:16; Key-ID: 129 sa[3].spi = 3; diff --git a/support/standalone/standalone.c b/support/standalone/standalone.c index 9d82b44b..413311b5 100644 --- a/support/standalone/standalone.c +++ b/support/standalone/standalone.c @@ -300,9 +300,7 @@ int32_t crypto_reset(void) printf("CryptoLib initialization failed with error %d \n", status); } - status = Crypto_Init_TC_Unit_Test(); - // TODO: Crypto_Init_TM_Unit_Test() appears to be looking at the second byte and not specifically the SCID bits - // TODO: How to initialize for both TC and TM? + status = Crypto_SC_Init(); if (status != CRYPTO_LIB_SUCCESS) { printf("CryptoLib initialization failed with error %d \n", status); @@ -701,6 +699,9 @@ int main(int argc, char* argv[]) printf(" Expected zero but received: %s \n", argv[1]); } + /* Startup delay */ + sleep(5); + /* Initialize CryptoLib */ status = crypto_reset(); if (status != CRYPTO_LIB_SUCCESS) From f62cf1b428016cbf33c66fe8875bbb2cff369dd4 Mon Sep 17 00:00:00 2001 From: "Lucas, John P" Date: Mon, 15 Apr 2024 20:59:41 -0400 Subject: [PATCH 6/7] [nasa/nos3#202] Updated header_length to include additional fields currently in use by default SA (+40) and omitted other packets during TM SPP processing; --- support/standalone/standalone.c | 30 ++++++++++++++++++------------ 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/support/standalone/standalone.c b/support/standalone/standalone.c index 413311b5..6eb4ba70 100644 --- a/support/standalone/standalone.c +++ b/support/standalone/standalone.c @@ -452,7 +452,7 @@ void crypto_standalone_tm_frame(uint8_t* in_data, uint16_t in_length, uint8_t* o } // Calculate security headers and trailers - uint8_t header_length = 6 + 2 + sa_ptr->shivf_len + sa_ptr->shplf_len + sa_ptr->shsnf_len; + uint8_t header_length = 6 + 2 + sa_ptr->shivf_len + sa_ptr->shplf_len + sa_ptr->shsnf_len + 40; // TODO: Why +40? uint8_t trailer_length = sa_ptr->stmacf_len; if (current_managed_parameters->has_fecf == TM_HAS_FECF) { @@ -495,7 +495,7 @@ void* crypto_standalone_tm_process(void* socks) tm_process_len = status; if (tm_debug == 1) { - printf("crypto_standalone_tm_process - received[%d]: 0x", tm_process_len); + printf("crypto_standalone_tm_process: 0 - received[%d]: 0x", tm_process_len); for (int i = 0; i < status; i++) { printf("%02x", tm_process_in[i]); @@ -534,7 +534,7 @@ void* crypto_standalone_tm_process(void* socks) } else { - printf("crypto_standalone_tm_process - status = %d, decrypted[%d]: 0x", status, tm_out_len); + printf("crypto_standalone_tm_process: 1 - status = %d, decrypted[%d]: 0x", status, tm_out_len); for (int i = 0; i < tm_out_len; i++) { printf("%02x", tm_ptr[i]); @@ -560,7 +560,7 @@ void* crypto_standalone_tm_process(void* socks) if (tm_debug == 1) // Note: Need logic to allow broken packet assembly { - printf("crypto_standalone_tm_process - beginning after first header pointer - deframed[%d]: 0x", tm_process_len); + printf("crypto_standalone_tm_process: 2 - beginning after first header pointer - deframed[%d]: 0x", tm_process_len); for (int i = 0; i < tm_process_len; i++) { printf("%02x", tm_framed[i]); @@ -588,7 +588,7 @@ void* crypto_standalone_tm_process(void* socks) // Send all SPP telemetry packets if (tm_ptr[0] == 0x08) { - status = sendto(tm_write_sock->sockfd, tm_ptr, spp_len, 0, (struct sockaddr*)&tm_write_sock->ip_address, sockaddr_size); + status = sendto(tm_write_sock->sockfd, tm_ptr, spp_len, 0, (struct sockaddr*)&tm_write_sock->saddr, sizeof(tm_write_sock->saddr)); } // Only send idle packets if configured to do so else @@ -597,7 +597,7 @@ void* crypto_standalone_tm_process(void* socks) // Don't forward idle packets status = spp_len; #else - status = sendto(tm_write_sock->sockfd, tm_ptr, spp_len, 0, (struct sockaddr*)&m_write_sock->ip_address, sockaddr_size); + status = sendto(tm_write_sock->sockfd, tm_ptr, spp_len, 0, (struct sockaddr*)&tm_write_sock->saddr, sizeof(tm_write_sock->saddr)); #endif } @@ -609,7 +609,11 @@ void* crypto_standalone_tm_process(void* socks) tm_ptr = &tm_ptr[spp_len]; tm_process_len = tm_process_len - spp_len; } - else if (tm_ptr[0] == 0xff && tm_ptr[1] == 0x48) + else if ((tm_ptr[0] == 0xFF && tm_ptr[1] == 0x48) || + (tm_ptr[0] == 0x00 && tm_ptr[1] == 0x00) || + (tm_ptr[0] == 0x02 && tm_ptr[1] == 0x00) || + (tm_ptr[0] == 0xFF && tm_ptr[1] == 0xFF)) + // TODO: Why 0x0200? { // Idle Frame // Idle Frame is entire length of remaining data @@ -617,7 +621,7 @@ void* crypto_standalone_tm_process(void* socks) // Don't forward idle frame status = spp_len; #else - status = sendto(tm_write_sock->sockfd, tm_ptr, tm_process_len, 0, (struct sockaddr*)&tm_write_sock->ip_address, sockaddr_size); + status = sendto(tm_write_sock->sockfd, tm_ptr, spp_len, 0, (struct sockaddr*)&tm_write_sock->saddr, sizeof(tm_write_sock->saddr)); if ((status == -1) || (status != spp_len)) { printf("crypto_standalone_tm_process - Reply error %d \n", status); @@ -699,8 +703,13 @@ int main(int argc, char* argv[]) printf(" Expected zero but received: %s \n", argv[1]); } + /* Catch CTRL+C */ + signal(SIGINT, crypto_standalone_cleanup); + /* Startup delay */ - sleep(5); + sleep(10); + //printf("Press enter once ground software has finished initializing...\n"); + //fgets(input_buf, CRYPTO_MAX_INPUT_BUF, stdin); /* Initialize CryptoLib */ status = crypto_reset(); @@ -749,9 +758,6 @@ int main(int argc, char* argv[]) } } - /* Catch CTRL+C */ - signal(SIGINT, crypto_standalone_cleanup); - /* Start threads */ if (keepRunning == CRYPTO_LIB_SUCCESS) { From 393b621486a5dcd9474065bfb39e88c77099f21f Mon Sep 17 00:00:00 2001 From: "Lucas, John P" Date: Wed, 24 Apr 2024 20:19:23 -0400 Subject: [PATCH 7/7] [nasa/nos3#202] Removed badFECF option - likely was getting set due to an issue elsewhere; --- src/core/crypto.c | 8 ++++---- support/standalone/standalone.c | 8 +------- 2 files changed, 5 insertions(+), 11 deletions(-) diff --git a/src/core/crypto.c b/src/core/crypto.c index 528ece0c..d571e0ea 100644 --- a/src/core/crypto.c +++ b/src/core/crypto.c @@ -349,10 +349,10 @@ uint16_t Crypto_Calc_FECF(const uint8_t* ingest, int len_ingest) } } // Check if Testing - if (badFECF == 1) - { - fecf++; - } + //if (badFECF == 1) + //{ + // fecf++; + //} #ifdef FECF_DEBUG int x; diff --git a/support/standalone/standalone.c b/support/standalone/standalone.c index 6eb4ba70..e6fb264f 100644 --- a/support/standalone/standalone.c +++ b/support/standalone/standalone.c @@ -343,7 +343,6 @@ void *crypto_standalone_tc_apply(void* socks) uint16_t tc_in_len = 0; uint8_t* tc_out_ptr; uint16_t tc_out_len = 0; - uint16_t fecf; #ifdef CRYPTO_STANDALONE_HANDLE_FRAMING uint8_t tc_framed[TC_MAX_FRAME_SIZE]; @@ -392,11 +391,6 @@ void *crypto_standalone_tc_apply(void* socks) status = Crypto_TC_ApplySecurity(tc_apply_in, tc_in_len, &tc_out_ptr, &tc_out_len); if (status == CRYPTO_LIB_SUCCESS) { - /* Calculate FECF */ - fecf = Crypto_Calc_FECF(tc_out_ptr, tc_out_len - 2); - tc_out_ptr[tc_out_len - 2] = (uint8_t)((fecf & 0xFF00) >> 8); - tc_out_ptr[tc_out_len - 1] = (uint8_t)(fecf & 0x00FF); - if (tc_debug == 1) { printf("crypto_standalone_tc_apply - status = %d, encrypted[%d]: 0x", status, tc_out_len); @@ -416,7 +410,7 @@ void *crypto_standalone_tc_apply(void* socks) } else { - printf("crypto_standalone_tc_apply - AppySecurity error %d \n", status); + printf("crypto_standalone_tc_apply - ApplySecurity error %d \n", status); } /* Reset */