Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[nasa/cryptolib#241] Resolve convert SA character pointers to arrays. #245

Merged
merged 5 commits into from
May 31, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions include/crypto.h
Original file line number Diff line number Diff line change
Expand Up @@ -238,6 +238,10 @@ int32_t Crypto_User_ModifyVCID(void);
// SA Save Functions
int32_t sa_perform_save(SecurityAssociation_t* sa);

// Clean REF
void clean_ekref(SecurityAssociation_t* sa);
void clean_akref(SecurityAssociation_t* sa);

// Determine Payload Data Unit
int32_t Crypto_Process_Extended_Procedure_Pdu(TC_t* tc_sdls_processed_frame, uint8_t* ingest);
int32_t Crypto_PDU(uint8_t* ingest, TC_t* tc_frame);
Expand Down
1 change: 1 addition & 0 deletions include/crypto_config.h
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,7 @@
#define ENABLED 1
#define IV_SIZE 16 /* TM IV size bytes */
#define IV_SIZE_TC 4 /* TC IV size bytes */
#define REF_SIZE 250
#define OCF_SIZE 4
#define MAC_SIZE 16 /* bytes */
#define FECF_SIZE 2
Expand Down
4 changes: 2 additions & 2 deletions include/crypto_structs.h
Original file line number Diff line number Diff line change
Expand Up @@ -52,8 +52,8 @@ typedef struct
uint16_t spi; // Security Parameter Index
uint16_t ekid; // Encryption Key ID (Used with numerically indexed keystores, EG inmemory keyring)
uint16_t akid; // Authentication Key ID
char* ek_ref; // Encryption Key Reference (Used with string-referenced keystores,EG-PKCS12 keystores, KMC crypto)
char* ak_ref; // Authentication Key Reference (Used with string-referenced keystores,EG-PKCS12 keystores, KMC crypto)
char ek_ref[REF_SIZE]; // Encryption Key Reference (Used with string-referenced keystores,EG-PKCS12 keystores, KMC crypto)
char ak_ref[REF_SIZE]; // Authentication Key Reference (Used with string-referenced keystores,EG-PKCS12 keystores, KMC crypto)
uint8_t sa_state : 2;
crypto_gvcid_t gvcid_blk;
// crypto_gvcid_t gvcid_tm_blk[NUM_GVCID];
Expand Down
26 changes: 26 additions & 0 deletions src/core/crypto.c
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,32 @@ uint16_t crc16Table[256];
** Assisting Functions
*/

/**
* @brief Function: clean_ekref
* Null terminates the entire array for EKREF
* @param sa: SecurityAssocation_t*
**/
void clean_ekref(SecurityAssociation_t* sa)
{
for(int y = 0; y < REF_SIZE; y++)
{
sa->ek_ref[y] = '\0';
}
}

/**
* @brief Function: clean_akref
* Null terminates the entire array for AKREF
* @param sa: SecurityAssocation_t*
**/
void clean_akref(SecurityAssociation_t* sa)
{
for(int y = 0; y < REF_SIZE; y++)
{
sa->ak_ref[y] = '\0';
}
}

/**
* @brief Function: Crypto_Is_AEAD_Algorithm
* Looks up cipher suite ID and determines if it's an AEAD algorithm. Returns 1 if true, 0 if false;
Expand Down
4 changes: 2 additions & 2 deletions src/core/crypto_print.c
Original file line number Diff line number Diff line change
Expand Up @@ -209,9 +209,9 @@ void Crypto_saPrint(SecurityAssociation_t* sa)
}
}
printf("\t ekid = %d \n", sa->ekid);
//printf("\t ek_ref = %s \n", sa->ek_ref);
printf("\t ek_ref = %s \n", sa->ek_ref);
printf("\t akid = %d \n", sa->akid);
//printf("\t ak_ref = %s \n", sa->ak_ref);
printf("\t ak_ref = %s \n", sa->ak_ref);
printf("\t iv_len = %d \n", sa->iv_len);
if (sa->iv_len > 0)
{
Expand Down
6 changes: 4 additions & 2 deletions src/core/crypto_tc.c
Original file line number Diff line number Diff line change
Expand Up @@ -1593,8 +1593,10 @@ int32_t Crypto_TC_Check_IV_ARSN(SecurityAssociation_t* sa_ptr,TC_t* tc_sdls_proc
{
if (crypto_config.sa_type == SA_TYPE_MARIADB)
{
if (sa_ptr->ek_ref != NULL)
free(sa_ptr->ek_ref);
if (sa_ptr->ek_ref[0] != '\0')
clean_ekref(sa_ptr);
if (sa_ptr->ak_ref[0] != '\0')
clean_akref(sa_ptr);
free(sa_ptr);
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -320,7 +320,7 @@ static int32_t cryptography_encrypt(uint8_t* data_out, size_t len_data_out,
printf("IV Base64 URL Encoded: %s\n",iv_base64);
#endif

if(sa_ptr->ek_ref == NULL)
if(sa_ptr->ek_ref[0] == '\0')
{
status = CRYPTOGRAHPY_KMC_NULL_ENCRYPTION_KEY_REFERENCE_IN_SA;
return status;
Expand Down Expand Up @@ -565,7 +565,7 @@ static int32_t cryptography_decrypt(uint8_t* data_out, size_t len_data_out,
#endif


if(sa_ptr->ek_ref == NULL)
if(sa_ptr->ek_ref[0] == '\0')
{
status = CRYPTOGRAHPY_KMC_NULL_ENCRYPTION_KEY_REFERENCE_IN_SA;
return status;
Expand Down Expand Up @@ -762,7 +762,7 @@ static int32_t cryptography_authenticate(uint8_t* data_out, size_t len_data_out,
return CRYPTO_LIB_ERR_NULL_BUFFER;
}

if(sa_ptr->ak_ref == NULL)
if(sa_ptr->ak_ref[0] == '\0')
{
status = CRYPTOGRAHPY_KMC_NULL_AUTHENTICATION_KEY_REFERENCE_IN_SA;
return status;
Expand Down Expand Up @@ -995,7 +995,7 @@ static int32_t cryptography_validate_authentication(uint8_t* data_out, size_t le
Crypto_hexprint(mac,mac_size);
#endif

if(sa_ptr->ak_ref == NULL)
if(sa_ptr->ak_ref[0] == '\0')
{
status = CRYPTOGRAHPY_KMC_NULL_AUTHENTICATION_KEY_REFERENCE_IN_SA;
return status;
Expand Down Expand Up @@ -1177,7 +1177,7 @@ static int32_t cryptography_aead_encrypt(uint8_t* data_out, size_t len_data_out,
printf("IV Base64 URL Encoded: %s\n",iv_base64);
#endif

if(sa_ptr->ek_ref == NULL)
if(sa_ptr->ek_ref[0] == '\0')
{
status = CRYPTOGRAHPY_KMC_NULL_ENCRYPTION_KEY_REFERENCE_IN_SA;
free(iv_base64);
Expand Down Expand Up @@ -1553,7 +1553,7 @@ static int32_t cryptography_aead_decrypt(uint8_t* data_out, size_t len_data_out,
#endif


if(sa_ptr->ek_ref == NULL)
if(sa_ptr->ek_ref[0] == '\0')
{
status = CRYPTOGRAHPY_KMC_NULL_ENCRYPTION_KEY_REFERENCE_IN_SA;
return status;
Expand Down
17 changes: 10 additions & 7 deletions src/sa/internal/sa_interface_inmemory.template.c
Original file line number Diff line number Diff line change
Expand Up @@ -123,8 +123,8 @@ void update_sa_from_ptr(SecurityAssociation_t* sa_ptr)
sa[location].spi = sa_ptr->spi;
sa[location].ekid = sa_ptr->ekid;
sa[location].akid = sa_ptr->akid;
sa[location].ek_ref = sa_ptr->ek_ref;
sa[location].ak_ref = sa_ptr->ak_ref;
memcpy(sa[location].ek_ref, sa_ptr->ek_ref, REF_SIZE);
memcpy(sa[location].ak_ref, sa_ptr->ak_ref, REF_SIZE);
sa[location].sa_state = sa_ptr->sa_state;
sa[location].gvcid_blk = sa_ptr->gvcid_blk;
sa[location].lpid = sa_ptr->lpid;
Expand All @@ -140,7 +140,6 @@ void update_sa_from_ptr(SecurityAssociation_t* sa_ptr)
{
sa[location].iv[i] = sa_ptr->iv[i];
}
//sa[location].iv[0] = sa_ptr->iv;
sa[location].iv_len = sa_ptr->iv_len;
sa[location].acs_len = sa_ptr->acs_len;
sa[location].acs = sa_ptr->acs;
Expand All @@ -149,13 +148,11 @@ void update_sa_from_ptr(SecurityAssociation_t* sa_ptr)
{
sa[location].abm[i] = sa_ptr->abm[i];
}
//sa[location].abm[0] = sa_ptr->abm;
sa[location].arsn_len = sa_ptr->arsn_len;
for(int i = 0; i<sa_ptr->arsn_len; i++)
{
sa[location].arsn[i] = sa_ptr->arsn[i];
}
//sa[location].arsn[0] = sa_ptr->arsn;
sa[location].arsnw_len = sa_ptr->arsnw_len;
sa[location].arsnw = sa_ptr->arsnw;
}
Expand Down Expand Up @@ -412,7 +409,8 @@ void sa_populate(void)
sa[10].gvcid_blk.scid = 0x002C;
sa[10].gvcid_blk.vcid = 1;
sa[10].gvcid_blk.mapid = TYPE_TC;
sa[10].ek_ref = (char*) "kmc/test/key130";
char ek_ref_string[20] = "kmc/test/key130";
memcpy(sa[10].ek_ref, ek_ref_string, strlen(ek_ref_string));

// SA 11 - KEYED; ARSNW:5; AES-GCM; IV:00...00; IV-len:12; MAC-len:16; Key-ID: 130
// SA 11 VC0/1 is now 4-VC0, 7-VC1
Expand All @@ -436,7 +434,7 @@ void sa_populate(void)
sa[11].gvcid_blk.scid = SCID & 0x3FF;
sa[11].gvcid_blk.vcid = 0;
sa[11].gvcid_blk.mapid = TYPE_TC;
sa[11].ek_ref = (char*) "kmc/test/key130";
memcpy(sa[11].ek_ref, ek_ref_string, strlen(ek_ref_string));

// SA 12 - TM CLEAR MODE
// SA 12
Expand Down Expand Up @@ -612,6 +610,11 @@ int32_t sa_init(void)
{
sa[x].abm[y] = 0;
}
for( int y = 0; y < REF_SIZE; y++)
{
sa[x].ek_ref[y] = '\0';
sa[x].ak_ref[y] = '\0';
}
sa[x].abm_len = 0;
sa[x].acs_len = 0;
sa[x].acs = 0;
Expand Down
11 changes: 5 additions & 6 deletions src/sa/mariadb/sa_interface_mariadb.template.c
Original file line number Diff line number Diff line change
Expand Up @@ -252,11 +252,12 @@ static int32_t sa_save_sa(SecurityAssociation_t* sa)
// todo - if query fails, need to push failure message to error stack instead of just return code.

// We free the allocated SA memory in the save function.
if (sa->ek_ref != NULL)
free(sa->ek_ref);
if (sa->ak_ref != NULL)
free(sa->ak_ref);
if (sa->ek_ref[0] != '\0')
clean_ekref(sa);
if (sa->ak_ref[0] != '\0')
clean_akref(sa);
free(sa);

return status;
}
// Security Association Utility Functions
Expand Down Expand Up @@ -376,7 +377,6 @@ static int32_t parse_sa_from_mysql_query(char* query, SecurityAssociation_t** se
} else // Cryptography Type KMC Crypto Service with PKCS12 String Key References
{
sa->ekid = 0;
sa->ek_ref = malloc((strlen(row[i])+1) * sizeof(char));
memcpy(sa->ek_ref, row[i], strlen(row[i])+1);
}
continue;
Expand All @@ -388,7 +388,6 @@ static int32_t parse_sa_from_mysql_query(char* query, SecurityAssociation_t** se
sa->akid = atoi(row[i]);
} else // Cryptography Type KMC Crypto Service with PKCS12 String Key References
{
sa->ak_ref = malloc((strlen(row[i])+1) * sizeof(char));
memcpy(sa->ak_ref, row[i], strlen(row[i])+1);
}
continue;
Expand Down
8 changes: 4 additions & 4 deletions test/kmc/ut_mariadb.c
Original file line number Diff line number Diff line change
Expand Up @@ -40,10 +40,10 @@

void cleanup_sa(SecurityAssociation_t* test_association)
{
if (test_association->ek_ref != NULL)
free(test_association->ek_ref);
if (test_association->ak_ref != NULL)
free(test_association->ak_ref);
if (test_association->ek_ref[0] != '\0')
clean_ek_ref(test_association);
if (test_association->ak_ref[0] != '\0')
clean_ak_ref(test_association);

free(test_association);
}
Expand Down
34 changes: 28 additions & 6 deletions test/unit/ut_sa_save.c
Original file line number Diff line number Diff line change
Expand Up @@ -46,8 +46,11 @@ UTEST(SA_SAVE, VERIFY_INTERNAL)
ASSERT_EQ(test_association->spi, 4);
ASSERT_EQ(test_association->ekid, 130);
ASSERT_EQ(test_association->akid, 4);
//test_association->ek_ref = sa_ptr->ek_ref;
//test_association->ak_ref = sa_ptr->ak_ref;
int str_cmp_output = 0;
str_cmp_output = strcmp(test_association->ek_ref, "");
ASSERT_EQ(0, str_cmp_output);
str_cmp_output = strcmp(test_association->ak_ref, "");
ASSERT_EQ(0, str_cmp_output);
ASSERT_EQ(test_association->sa_state, SA_OPERATIONAL);
ASSERT_EQ(test_association->gvcid_blk.tfvn, 0);
ASSERT_EQ(test_association->gvcid_blk.scid, (SCID & 0x3FF));
Expand Down Expand Up @@ -122,6 +125,8 @@ UTEST(SA_SAVE, INTERNAL_DEFAULT_PASS_1)
test_association->shivf_len = 6;
test_association->iv_len = 12;
test_association->arsn_len = 0;
strcpy(test_association->ek_ref, "TEST_EK_REF");
strcpy(test_association->ak_ref, "TEST_AK_REF");
memcpy(test_association->iv + (test_association->iv_len - test_association->shivf_len), new_iv_b, new_iv_len);

return_val =
Expand Down Expand Up @@ -168,8 +173,16 @@ UTEST(SA_SAVE, VERIFY_DEFAULT_PASS_1_SAVE)
ASSERT_EQ(test_association->spi, 4);
ASSERT_EQ(test_association->ekid, 130);
ASSERT_EQ(test_association->akid, 4);
//test_association->ek_ref = sa_ptr->ek_ref;
//test_association->ak_ref = sa_ptr->ak_ref;
int str_cmp_output = 0;
str_cmp_output = strcmp(test_association->ek_ref, "TEST_EK_REF");
ASSERT_EQ(0, str_cmp_output);
str_cmp_output = strcmp(test_association->ek_ref, "TEST_EK_REF_BAD");
ASSERT_NE(0, str_cmp_output);
str_cmp_output = strcmp(test_association->ak_ref, "TEST_AK_REF");
ASSERT_EQ(0, str_cmp_output);
str_cmp_output = strcmp(test_association->ak_ref, "TEST_AK_REF_BAD");
ASSERT_NE(0, str_cmp_output);

ASSERT_EQ(test_association->sa_state, SA_OPERATIONAL);
ASSERT_EQ(test_association->gvcid_blk.tfvn, 0);
ASSERT_EQ(test_association->gvcid_blk.scid, (SCID & 0x3FF));
Expand Down Expand Up @@ -254,6 +267,8 @@ UTEST(SA_SAVE, SAVE_PASS_1)
test_association->shivf_len = 6;
test_association->iv_len = 12;
test_association->arsn_len = 0;
clean_akref(test_association);
clean_ekref(test_association);
memcpy(test_association->iv + (test_association->iv_len - test_association->shivf_len), new_iv_b, new_iv_len);

return_val =
Expand Down Expand Up @@ -300,8 +315,15 @@ UTEST(SA_SAVE, VERIFY_SAVE_PASS_1_SAVE)
ASSERT_EQ(test_association->spi, 4);
ASSERT_EQ(test_association->ekid, 130);
ASSERT_EQ(test_association->akid, 4);
//test_association->ek_ref = sa_ptr->ek_ref;
//test_association->ak_ref = sa_ptr->ak_ref;
int str_cmp_output = 0;
str_cmp_output = strcmp(test_association->ek_ref, "");
ASSERT_EQ(0, str_cmp_output);
str_cmp_output = strcmp(test_association->ek_ref, "TEST_EK_REF_BAD");
ASSERT_NE(0, str_cmp_output);
str_cmp_output = strcmp(test_association->ak_ref, "");
ASSERT_EQ(0, str_cmp_output);
str_cmp_output = strcmp(test_association->ak_ref, "TEST_AK_REF_BAD");
ASSERT_NE(0, str_cmp_output);
ASSERT_EQ(test_association->sa_state, SA_OPERATIONAL);
ASSERT_EQ(test_association->gvcid_blk.tfvn, 0);
ASSERT_EQ(test_association->gvcid_blk.scid, (SCID & 0x3FF));
Expand Down
Loading