nasa · dccutrig · Mar 8, 2022 · Mar 3, 2022 · Mar 7, 2022 · Mar 7, 2022
diff --git a/include/crypto_error.h b/include/crypto_error.h
@@ -76,6 +76,7 @@
 #define CRYPTO_LIB_ERR_IV_OUTSIDE_WINDOW (-23)
 #define CRYPTO_LIB_ERR_NULL_ARSN (-24)
 #define CRYPTO_LIB_ERR_NULL_SA (-25)
-#define CRYPTO_LIB_ERR_ENCRYPTION_ERROR (-26)
+#define CRYPTO_LIB_ERR_UNSUPPORTED_ACS (-26)
+#define CRYPTO_LIB_ERR_ENCRYPTION_ERROR (-27)
 
 #endif //_crypto_error_h_
diff --git a/include/cryptography_interface.h b/include/cryptography_interface.h
@@ -70,6 +70,7 @@ typedef struct
                                          uint8_t* mac, uint32_t mac_size,
                                          uint8_t decrypt_bool, uint8_t authenticate_bool,
                                          uint8_t aad_bool);
+    int32_t (*cryptography_get_acs_algo)(int8_t algo_enum);
 
 } CryptographyInterfaceStruct, *CryptographyInterface;
 

diff --git a/..._cryptography/src_kmc_crypto_service/cryptography_interface_kmc_crypto_service.template.c b/..._cryptography/src_kmc_crypto_service/cryptography_interface_kmc_crypto_service.template.c
@@ -69,6 +69,8 @@ static int32_t cryptography_aead_decrypt(uint8_t* data_out, size_t len_data_out,
                                          uint8_t* aad, uint32_t aad_len,
                                          uint8_t decrypt_bool, uint8_t authenticate_bool,
                                          uint8_t aad_bool);
+static int32_t cryptography_get_acs_algo(int8_t algo_enum);
+
 
 // libcurl call back and support function declarations
 static void configure_curl_connect_opts(CURL* curl);
@@ -129,6 +131,7 @@ CryptographyInterface get_cryptography_interface_kmc_crypto_service(void)
     cryptography_if_struct.cryptography_validate_authentication = cryptography_validate_authentication;
     cryptography_if_struct.cryptography_aead_encrypt = cryptography_aead_encrypt;
     cryptography_if_struct.cryptography_aead_decrypt = cryptography_aead_decrypt;
+    cryptography_if_struct.cryptography_get_acs_algo = cryptography_get_acs_algo;
     return &cryptography_if_struct;
 }
 
@@ -1238,4 +1241,28 @@ static int jsoneq(const char* json, jsmntok_t* tok, const char* s)
         return 0;
     }
     return -1;
+}
+
+/**
+ * @brief Function: cryptography_get_acs_algo. Maps Cryptolib ACS enums to KMC enums 
+ * It is possible for supported algos to vary between crypto libraries
+ * @param algo_enum
+ **/
+int32_t cryptography_get_acs_algo(int8_t algo_enum)
+{
+    int32_t algo = CRYPTO_LIB_ERR_UNSUPPORTED_ACS; // All valid algo enums will be positive
+    switch (algo_enum)
+    {
+        // case CRYPTO_AES256_CMAC:
+        //     algo = GCRY_MAC_CMAC_AES;
+        //     break;
+
+        default:
+#ifdef DEBUG
+            printf("ACS Algo Enum not supported");
+#endif
+            break;
+    }
+
+    return (int)algo;
 }
diff --git a/src/src_cryptography/src_libgcrypt/cryptography_interface_libgcrypt.template.c b/src/src_cryptography/src_libgcrypt/cryptography_interface_libgcrypt.template.c
@@ -14,6 +14,7 @@
 
 #include <gcrypt.h>
 
+
 #include "crypto.h"
 #include "crypto_error.h"
 #include "cryptography_interface.h"
@@ -61,6 +62,7 @@ static int32_t cryptography_aead_decrypt(uint8_t* data_out, size_t len_data_out,
                                          uint8_t* aad, uint32_t aad_len,
                                          uint8_t decrypt_bool, uint8_t authenticate_bool,
                                          uint8_t aad_bool);
+static int32_t cryptography_get_acs_algo(int8_t algo_enum);
 /*
 ** Module Variables
 */
@@ -81,6 +83,7 @@ CryptographyInterface get_cryptography_interface_libgcrypt(void)
     cryptography_if_struct.cryptography_validate_authentication = cryptography_validate_authentication;
     cryptography_if_struct.cryptography_aead_encrypt = cryptography_aead_encrypt;
     cryptography_if_struct.cryptography_aead_decrypt = cryptography_aead_decrypt;
+    cryptography_if_struct.cryptography_get_acs_algo = cryptography_get_acs_algo;
     return &cryptography_if_struct;
 }
 
@@ -565,17 +568,23 @@ static int32_t cryptography_authenticate(uint8_t* data_out, size_t len_data_out,
     // Using to fix warning
     len_data_out = len_data_out;
     ecs = ecs;
-    acs = acs;
+
+    // Select correct libgcrypt acs enum
+    int32_t algo = cryptography_get_acs_algo(acs);
+    if (algo == CRYPTO_LIB_ERR_UNSUPPORTED_ACS)
+    {
+        return CRYPTO_LIB_ERR_UNSUPPORTED_ACS;
+    }
+
+    gcry_error = gcry_mac_open(&(tmp_mac_hd), algo, GCRY_MAC_FLAG_SECURE, NULL);
 
-    gcry_error = gcry_mac_open(&(tmp_mac_hd), GCRY_MAC_CMAC_AES, GCRY_MAC_FLAG_SECURE, NULL);
     if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR)
     {
         printf(KRED "ERROR: gcry_mac_open error code %d\n" RESET, gcry_error & GPG_ERR_CODE_MASK);
         printf(KRED "Failure: %s/%s\n", gcry_strsource(gcry_error), gcry_strerror(gcry_error));
         status = CRYPTO_LIB_ERR_LIBGCRYPT_ERROR;
         return status;
     }
-
     gcry_error = gcry_mac_setkey(tmp_mac_hd, key_ptr, len_key);
 #ifdef SA_DEBUG
     uint32_t i;
@@ -670,9 +679,15 @@ static int32_t cryptography_validate_authentication(uint8_t* data_out, size_t le
     // Using to fix warning
     len_data_out = len_data_out;
     ecs = ecs;
-    acs = acs;
 
-    gcry_error = gcry_mac_open(&(tmp_mac_hd), GCRY_MAC_CMAC_AES, GCRY_MAC_FLAG_SECURE, NULL);
+    // Select correct libgcrypt acs enum
+    int32_t algo = cryptography_get_acs_algo(acs);
+    if (algo == CRYPTO_LIB_ERR_UNSUPPORTED_ACS)
+    {
+        return CRYPTO_LIB_ERR_UNSUPPORTED_ACS;
+    }
+
+    gcry_error = gcry_mac_open(&(tmp_mac_hd), algo, GCRY_MAC_FLAG_SECURE, NULL);
     if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR)
     {
         printf(KRED "ERROR: gcry_mac_open error code %d\n" RESET, gcry_error & GPG_ERR_CODE_MASK);
@@ -812,7 +827,7 @@ static int32_t cryptography_aead_encrypt(uint8_t* data_out, size_t len_data_out,
     printf("\n");
 #endif
 
-    if( aad_bool == CRYPTO_TRUE ) // Authenticate with AAD!
+    if(aad_bool == CRYPTO_TRUE) // Authenticate with AAD!
     {
         gcry_error = gcry_cipher_authenticate(tmp_hd,
                                               aad,      // additional authenticated data
@@ -1012,3 +1027,27 @@ static int32_t cryptography_aead_decrypt(uint8_t* data_out, size_t len_data_out,
     gcry_cipher_close(tmp_hd);
     return status;
 }
+
+/**
+ * @brief Function: cryptography_get_acs_algo. Maps Cryptolib ACS enums to libgcrypt enums 
+ * It is possible for supported algos to vary between crypto libraries
+ * @param algo_enum
+ **/
+int32_t cryptography_get_acs_algo(int8_t algo_enum)
+{
+    int32_t algo = CRYPTO_LIB_ERR_UNSUPPORTED_ACS; // All valid algos will be positive
+    switch (algo_enum)
+    {
+        case CRYPTO_AES256_CMAC:
+            algo = GCRY_MAC_CMAC_AES;
+            break;
+
+        default:
+#ifdef DEBUG
+            printf("ACS Algo Enum not supported");
+#endif
+            break;
+    }
+
+    return (int)algo;
+}
diff --git a/src/src_main/crypto.c b/src/src_main/crypto.c
@@ -20,7 +20,6 @@
 ** Includes
 */
 #include "crypto.h"
-
 #include <string.h>
 
 /*

diff --git a/src/src_main/crypto_tc.c b/src/src_main/crypto_tc.c
@@ -274,7 +274,7 @@ int32_t Crypto_TC_ApplySecurity(const uint8_t* p_in_frame, const uint16_t in_fra
         printf(KYEL "\tshivf_len\t = %d\n" RESET, sa_ptr->shivf_len);
         printf(KYEL "\tshsnf_len\t = %d\n" RESET, sa_ptr->shsnf_len);
         printf(KYEL "\tshplf len\t = %d\n" RESET, sa_ptr->shplf_len);
-        printf(KYEL "\tarsn_len\t\t = %d\n" RESET, sa_ptr->arsn_len);
+        printf(KYEL "\tarsn_len\t = %d\n" RESET, sa_ptr->arsn_len);
         printf(KYEL "\tpad_size\t = %d\n" RESET, TC_PAD_SIZE);
         printf(KYEL "\tstmacf_len\t = %d\n" RESET, sa_ptr->stmacf_len);
 #endif

diff --git a/src/src_main/sadb_routine_inmemory.template.c b/src/src_main/sadb_routine_inmemory.template.c
@@ -244,7 +244,7 @@ int32_t sadb_init(void)
         sa[x].abm = NULL;
         sa[x].abm_len = 0;
         sa[x].acs_len = 0;
-        sa[x].acs = CRYPTO_ACS_NONE;
+        sa[x].acs = NULL;
         sa[x].arsn_len = 0;
         sa[x].arsn = NULL;
     }

diff --git a/util/include/ut_crypto.h b/util/include/ut_crypto.h
@@ -27,6 +27,7 @@ extern "C"
 #include "crypto.h"
 #include "shared_util.h"
 #include <stdio.h>
+#include "cryptography_interface.h"
 
 #ifdef __cplusplus
 } /* Close scope of 'extern "C"' declaration which encloses file. */

diff --git a/util/src_util/ut_crypto.c b/util/src_util/ut_crypto.c
@@ -24,6 +24,7 @@
 #include "crypto_error.h"
 #include "sadb_routine.h"
 #include "utest.h"
+#include "gcrypt.h"
 
 /**
  * @brief Unit Test: Crypto Calc/Verify CRC16
@@ -263,4 +264,20 @@ UTEST(CRYPTO_C, EXT_PROC_PDU)
     ASSERT_EQ(status, CRYPTO_LIB_SUCCESS);
 }
 
+/**
+ * @brief Unit Test: Crypto ACS Get Algorithm response
+ **/
+UTEST(CRYPTO_C, GET_ACS_ALGO)
+{
+    // Convert CRYPTOAES enum to GCRY_MAC_CMAC_AES
+    int32_t libgcrypt_algo = -1;
+    uint8_t crypto_algo = CRYPTO_AES256_CMAC;
+    libgcrypt_algo = cryptography_if->cryptography_get_acs_algo(crypto_algo);
+    ASSERT_EQ(libgcrypt_algo, GCRY_MAC_CMAC_AES);
+
+    crypto_algo = 99; // Invalid / unsupported
+    libgcrypt_algo = cryptography_if->cryptography_get_acs_algo(crypto_algo);
+    ASSERT_EQ(libgcrypt_algo, CRYPTO_LIB_ERR_UNSUPPORTED_ACS);
+}
+
 UTEST_MAIN();