From a458550bdeff22175ff4ce5a5aea793a0b9fa868 Mon Sep 17 00:00:00 2001 From: Donnie-Ice Date: Tue, 27 Aug 2024 20:04:41 +0000 Subject: [PATCH 1/3] [nasa/cryptolib#283] Unit Test for Non-Operational SA --- test/unit/ut_tc_process.c | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/test/unit/ut_tc_process.c b/test/unit/ut_tc_process.c index 139bf6fa..037595bc 100644 --- a/test/unit/ut_tc_process.c +++ b/test/unit/ut_tc_process.c @@ -1059,4 +1059,41 @@ UTEST(TC_PROCESS, TC_SA_SEGFAULT_TEST) Crypto_Shutdown(); } +UTEST(TC_PROCESS, TC_SA_NOT_OPERATIONAL) +{ + // Local Variables + int32_t status = CRYPTO_LIB_SUCCESS; + + // Configure Parameters + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, + TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + // AOS Tests + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t AOS_Managed_Parameters = {0, 0x0003, 0, TC_NO_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_NO_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(AOS_Managed_Parameters); + + status = Crypto_Init(); + + TC_t* tc_sdls_processed_frame; + tc_sdls_processed_frame = malloc(sizeof(uint8_t) * TC_SIZE); + memset(tc_sdls_processed_frame, 0, (sizeof(uint8_t) * TC_SIZE)); + + // Test frame setup + char* test_frame_pt_h = "2003000C00002C414243444546"; + uint8_t *test_frame_pt_b = NULL; + int test_frame_pt_len = 0; + + // Convert input test frame + hex_conversion(test_frame_pt_h, (char**) &test_frame_pt_b, &test_frame_pt_len); + + status = Crypto_TC_ProcessSecurity(test_frame_pt_b, &test_frame_pt_len, tc_sdls_processed_frame); + + ASSERT_EQ(CRYPTO_LIB_ERR_SA_NOT_OPERATIONAL, status); + free(test_frame_pt_b); + free(tc_sdls_processed_frame); + Crypto_Shutdown(); +} + UTEST_MAIN(); From d8252c6f2638f308c980741f731a47b73b42a8f2 Mon Sep 17 00:00:00 2001 From: Donnie-Ice Date: Tue, 27 Aug 2024 20:19:19 +0000 Subject: [PATCH 2/3] [nasa/cryptolib#283] Added error enum for non-operational SA --- include/crypto_error.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/crypto_error.h b/include/crypto_error.h index c4d46652..a1f919af 100644 --- a/include/crypto_error.h +++ b/include/crypto_error.h @@ -126,6 +126,7 @@ #define CRYPTO_LIB_ERR_EXCEEDS_MANAGED_PARAMETER_MAX_LIMIT (-54) #define CRYPTO_LIB_ERR_KEY_VALIDATION (-55) #define CRYPTO_LIB_ERR_SPI_INDEX_OOB (-56) +#define CRYPTO_LIB_ERR_SA_NOT_OPERATIONAL (-57) extern char *crypto_enum_errlist_core[]; extern char *crypto_enum_errlist_config[]; From c2b47e3360514ef5323d3cbf7fc7f9db3e9a4aff Mon Sep 17 00:00:00 2001 From: Donnie-Ice Date: Wed, 28 Aug 2024 19:17:49 +0000 Subject: [PATCH 3/3] [nasa/cryptolib#283] Added SA_OPERATIONAL checkc --- src/core/crypto_tc.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/core/crypto_tc.c b/src/core/crypto_tc.c index 9cec1dbb..fce88b93 100644 --- a/src/core/crypto_tc.c +++ b/src/core/crypto_tc.c @@ -1977,6 +1977,10 @@ uint8_t* Crypto_Prepare_TC_AAD(uint8_t* buffer, uint16_t len_aad, uint8_t* abm_b **/ static int32_t crypto_tc_validate_sa(SecurityAssociation_t* sa) { + if (sa->sa_state != SA_OPERATIONAL) + { + return CRYPTO_LIB_ERR_SA_NOT_OPERATIONAL; + } if (sa->shivf_len > 0 && crypto_config.iv_type == IV_CRYPTO_MODULE && crypto_config.cryptography_type != CRYPTOGRAPHY_TYPE_KMCCRYPTO) { return CRYPTO_LIB_ERR_NULL_IV;