diff --git a/include/crypto_error.h b/include/crypto_error.h index 85cb3bd0..73d69ecc 100644 --- a/include/crypto_error.h +++ b/include/crypto_error.h @@ -76,6 +76,7 @@ #define CRYPTO_LIB_ERR_IV_OUTSIDE_WINDOW (-23) #define CRYPTO_LIB_ERR_NULL_ARSN (-24) #define CRYPTO_LIB_ERR_NULL_SA (-25) -#define CRYPTO_LIB_ERR_ENCRYPTION_ERROR (-26) +#define CRYPTO_LIB_ERR_UNSUPPORTED_ACS (-26) +#define CRYPTO_LIB_ERR_ENCRYPTION_ERROR (-27) #endif //_crypto_error_h_ diff --git a/include/cryptography_interface.h b/include/cryptography_interface.h index c42ffc13..a9159b32 100644 --- a/include/cryptography_interface.h +++ b/include/cryptography_interface.h @@ -70,6 +70,7 @@ typedef struct uint8_t* mac, uint32_t mac_size, uint8_t decrypt_bool, uint8_t authenticate_bool, uint8_t aad_bool); + int32_t (*cryptography_get_acs_algo)(int8_t algo_enum); } CryptographyInterfaceStruct, *CryptographyInterface; diff --git a/src/src_cryptography/src_kmc_crypto_service/cryptography_interface_kmc_crypto_service.template.c b/src/src_cryptography/src_kmc_crypto_service/cryptography_interface_kmc_crypto_service.template.c index 427cf1a0..f5ea6105 100644 --- a/src/src_cryptography/src_kmc_crypto_service/cryptography_interface_kmc_crypto_service.template.c +++ b/src/src_cryptography/src_kmc_crypto_service/cryptography_interface_kmc_crypto_service.template.c @@ -69,6 +69,8 @@ static int32_t cryptography_aead_decrypt(uint8_t* data_out, size_t len_data_out, uint8_t* aad, uint32_t aad_len, uint8_t decrypt_bool, uint8_t authenticate_bool, uint8_t aad_bool); +static int32_t cryptography_get_acs_algo(int8_t algo_enum); + // libcurl call back and support function declarations static void configure_curl_connect_opts(CURL* curl); @@ -129,6 +131,7 @@ CryptographyInterface get_cryptography_interface_kmc_crypto_service(void) cryptography_if_struct.cryptography_validate_authentication = cryptography_validate_authentication; cryptography_if_struct.cryptography_aead_encrypt = cryptography_aead_encrypt; cryptography_if_struct.cryptography_aead_decrypt = cryptography_aead_decrypt; + cryptography_if_struct.cryptography_get_acs_algo = cryptography_get_acs_algo; return &cryptography_if_struct; } @@ -1238,4 +1241,28 @@ static int jsoneq(const char* json, jsmntok_t* tok, const char* s) return 0; } return -1; +} + +/** + * @brief Function: cryptography_get_acs_algo. Maps Cryptolib ACS enums to KMC enums + * It is possible for supported algos to vary between crypto libraries + * @param algo_enum + **/ +int32_t cryptography_get_acs_algo(int8_t algo_enum) +{ + int32_t algo = CRYPTO_LIB_ERR_UNSUPPORTED_ACS; // All valid algo enums will be positive + switch (algo_enum) + { + // case CRYPTO_AES256_CMAC: + // algo = GCRY_MAC_CMAC_AES; + // break; + + default: +#ifdef DEBUG + printf("ACS Algo Enum not supported"); +#endif + break; + } + + return (int)algo; } \ No newline at end of file diff --git a/src/src_cryptography/src_libgcrypt/cryptography_interface_libgcrypt.template.c b/src/src_cryptography/src_libgcrypt/cryptography_interface_libgcrypt.template.c index 49988b8b..07b592d0 100644 --- a/src/src_cryptography/src_libgcrypt/cryptography_interface_libgcrypt.template.c +++ b/src/src_cryptography/src_libgcrypt/cryptography_interface_libgcrypt.template.c @@ -14,6 +14,7 @@ #include + #include "crypto.h" #include "crypto_error.h" #include "cryptography_interface.h" @@ -61,6 +62,7 @@ static int32_t cryptography_aead_decrypt(uint8_t* data_out, size_t len_data_out, uint8_t* aad, uint32_t aad_len, uint8_t decrypt_bool, uint8_t authenticate_bool, uint8_t aad_bool); +static int32_t cryptography_get_acs_algo(int8_t algo_enum); /* ** Module Variables */ @@ -81,6 +83,7 @@ CryptographyInterface get_cryptography_interface_libgcrypt(void) cryptography_if_struct.cryptography_validate_authentication = cryptography_validate_authentication; cryptography_if_struct.cryptography_aead_encrypt = cryptography_aead_encrypt; cryptography_if_struct.cryptography_aead_decrypt = cryptography_aead_decrypt; + cryptography_if_struct.cryptography_get_acs_algo = cryptography_get_acs_algo; return &cryptography_if_struct; } @@ -565,9 +568,16 @@ static int32_t cryptography_authenticate(uint8_t* data_out, size_t len_data_out, // Using to fix warning len_data_out = len_data_out; ecs = ecs; - acs = acs; + + // Select correct libgcrypt acs enum + int32_t algo = cryptography_get_acs_algo(acs); + if (algo == CRYPTO_LIB_ERR_UNSUPPORTED_ACS) + { + return CRYPTO_LIB_ERR_UNSUPPORTED_ACS; + } + + gcry_error = gcry_mac_open(&(tmp_mac_hd), algo, GCRY_MAC_FLAG_SECURE, NULL); - gcry_error = gcry_mac_open(&(tmp_mac_hd), GCRY_MAC_CMAC_AES, GCRY_MAC_FLAG_SECURE, NULL); if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR) { printf(KRED "ERROR: gcry_mac_open error code %d\n" RESET, gcry_error & GPG_ERR_CODE_MASK); @@ -575,7 +585,6 @@ static int32_t cryptography_authenticate(uint8_t* data_out, size_t len_data_out, status = CRYPTO_LIB_ERR_LIBGCRYPT_ERROR; return status; } - gcry_error = gcry_mac_setkey(tmp_mac_hd, key_ptr, len_key); #ifdef SA_DEBUG uint32_t i; @@ -670,9 +679,15 @@ static int32_t cryptography_validate_authentication(uint8_t* data_out, size_t le // Using to fix warning len_data_out = len_data_out; ecs = ecs; - acs = acs; - gcry_error = gcry_mac_open(&(tmp_mac_hd), GCRY_MAC_CMAC_AES, GCRY_MAC_FLAG_SECURE, NULL); + // Select correct libgcrypt acs enum + int32_t algo = cryptography_get_acs_algo(acs); + if (algo == CRYPTO_LIB_ERR_UNSUPPORTED_ACS) + { + return CRYPTO_LIB_ERR_UNSUPPORTED_ACS; + } + + gcry_error = gcry_mac_open(&(tmp_mac_hd), algo, GCRY_MAC_FLAG_SECURE, NULL); if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR) { printf(KRED "ERROR: gcry_mac_open error code %d\n" RESET, gcry_error & GPG_ERR_CODE_MASK); @@ -812,7 +827,7 @@ static int32_t cryptography_aead_encrypt(uint8_t* data_out, size_t len_data_out, printf("\n"); #endif - if( aad_bool == CRYPTO_TRUE ) // Authenticate with AAD! + if(aad_bool == CRYPTO_TRUE) // Authenticate with AAD! { gcry_error = gcry_cipher_authenticate(tmp_hd, aad, // additional authenticated data @@ -1012,3 +1027,27 @@ static int32_t cryptography_aead_decrypt(uint8_t* data_out, size_t len_data_out, gcry_cipher_close(tmp_hd); return status; } + +/** + * @brief Function: cryptography_get_acs_algo. Maps Cryptolib ACS enums to libgcrypt enums + * It is possible for supported algos to vary between crypto libraries + * @param algo_enum + **/ +int32_t cryptography_get_acs_algo(int8_t algo_enum) +{ + int32_t algo = CRYPTO_LIB_ERR_UNSUPPORTED_ACS; // All valid algos will be positive + switch (algo_enum) + { + case CRYPTO_AES256_CMAC: + algo = GCRY_MAC_CMAC_AES; + break; + + default: +#ifdef DEBUG + printf("ACS Algo Enum not supported"); +#endif + break; + } + + return (int)algo; +} diff --git a/src/src_main/crypto.c b/src/src_main/crypto.c index d281ad26..049eb850 100644 --- a/src/src_main/crypto.c +++ b/src/src_main/crypto.c @@ -20,7 +20,6 @@ ** Includes */ #include "crypto.h" - #include /* diff --git a/src/src_main/crypto_tc.c b/src/src_main/crypto_tc.c index f7ca974a..b837dde1 100644 --- a/src/src_main/crypto_tc.c +++ b/src/src_main/crypto_tc.c @@ -274,7 +274,7 @@ int32_t Crypto_TC_ApplySecurity(const uint8_t* p_in_frame, const uint16_t in_fra printf(KYEL "\tshivf_len\t = %d\n" RESET, sa_ptr->shivf_len); printf(KYEL "\tshsnf_len\t = %d\n" RESET, sa_ptr->shsnf_len); printf(KYEL "\tshplf len\t = %d\n" RESET, sa_ptr->shplf_len); - printf(KYEL "\tarsn_len\t\t = %d\n" RESET, sa_ptr->arsn_len); + printf(KYEL "\tarsn_len\t = %d\n" RESET, sa_ptr->arsn_len); printf(KYEL "\tpad_size\t = %d\n" RESET, TC_PAD_SIZE); printf(KYEL "\tstmacf_len\t = %d\n" RESET, sa_ptr->stmacf_len); #endif diff --git a/src/src_main/sadb_routine_inmemory.template.c b/src/src_main/sadb_routine_inmemory.template.c index 9cb63a5f..dc415125 100644 --- a/src/src_main/sadb_routine_inmemory.template.c +++ b/src/src_main/sadb_routine_inmemory.template.c @@ -244,7 +244,7 @@ int32_t sadb_init(void) sa[x].abm = NULL; sa[x].abm_len = 0; sa[x].acs_len = 0; - sa[x].acs = CRYPTO_ACS_NONE; + sa[x].acs = NULL; sa[x].arsn_len = 0; sa[x].arsn = NULL; } diff --git a/util/include/ut_crypto.h b/util/include/ut_crypto.h index c7e278c4..fb5cfe74 100644 --- a/util/include/ut_crypto.h +++ b/util/include/ut_crypto.h @@ -27,6 +27,7 @@ extern "C" #include "crypto.h" #include "shared_util.h" #include +#include "cryptography_interface.h" #ifdef __cplusplus } /* Close scope of 'extern "C"' declaration which encloses file. */ diff --git a/util/src_util/ut_crypto.c b/util/src_util/ut_crypto.c index ff5d6dcf..23bf5e96 100644 --- a/util/src_util/ut_crypto.c +++ b/util/src_util/ut_crypto.c @@ -24,6 +24,7 @@ #include "crypto_error.h" #include "sadb_routine.h" #include "utest.h" +#include "gcrypt.h" /** * @brief Unit Test: Crypto Calc/Verify CRC16 @@ -263,4 +264,20 @@ UTEST(CRYPTO_C, EXT_PROC_PDU) ASSERT_EQ(status, CRYPTO_LIB_SUCCESS); } +/** + * @brief Unit Test: Crypto ACS Get Algorithm response + **/ +UTEST(CRYPTO_C, GET_ACS_ALGO) +{ + // Convert CRYPTOAES enum to GCRY_MAC_CMAC_AES + int32_t libgcrypt_algo = -1; + uint8_t crypto_algo = CRYPTO_AES256_CMAC; + libgcrypt_algo = cryptography_if->cryptography_get_acs_algo(crypto_algo); + ASSERT_EQ(libgcrypt_algo, GCRY_MAC_CMAC_AES); + + crypto_algo = 99; // Invalid / unsupported + libgcrypt_algo = cryptography_if->cryptography_get_acs_algo(crypto_algo); + ASSERT_EQ(libgcrypt_algo, CRYPTO_LIB_ERR_UNSUPPORTED_ACS); +} + UTEST_MAIN(); \ No newline at end of file