nasa · dccutrig · Mar 14, 2022 · Mar 11, 2022 · Mar 14, 2022 · Mar 14, 2022
diff --git a/include/crypto.h b/include/crypto.h
@@ -66,7 +66,7 @@ extern int32_t Crypto_Config_Kmc_Crypto_Service(char* protocol, char* kmc_crypto
                                                 char* mtls_client_cert_type, char* mtls_client_key_path,
                                                 char* mtls_client_key_pass, char* mtls_issuer_cert);
 extern int32_t Crypto_Config_Add_Gvcid_Managed_Parameter(uint8_t tfvn, uint16_t scid, uint8_t vcid, uint8_t has_fecf,
-                                                         uint8_t has_segmentation_hdr);
+                                                         uint8_t has_segmentation_hdr, uint16_t max_tc_frame_size);
 
 // Initialization
 extern int32_t Crypto_Init(void); // Initialize CryptoLib After Configuration Calls
@@ -147,6 +147,7 @@ int32_t Crypto_Get_Managed_Parameters_For_Gvcid(uint8_t tfvn, uint16_t scid, uin
                                                        GvcidManagedParameters_t** managed_parameters_out);
 int32_t crypto_config_add_gvcid_managed_parameter_recursion(uint8_t tfvn, uint16_t scid, uint8_t vcid,
                                                                    uint8_t has_fecf, uint8_t has_segmentation_hdr,
+                                                                   uint16_t max_tc_frame_size,
                                                                    GvcidManagedParameters_t* managed_parameter);
 void Crypto_Free_Managed_Parameters(GvcidManagedParameters_t* managed_parameters);
 

diff --git a/include/crypto_config_structs.h b/include/crypto_config_structs.h
@@ -126,6 +126,7 @@ struct _GvcidManagedParameters_t
     uint8_t vcid : 6;   // Virtual Channel ID
     TcFecfPresent has_fecf;
     TcSegmentHdrsPresent has_segmentation_hdr;
+    uint16_t max_tc_frame_size; // Maximum TC Frame Length with headers
     GvcidManagedParameters_t* next; // Will be a list of managed parameters!
 };
 #define GVCID_MANAGED_PARAMETERS_SIZE (sizeof(GvcidManagedParameters_t))

diff --git a/include/crypto_error.h b/include/crypto_error.h
@@ -79,5 +79,7 @@
 #define CRYPTO_LIB_ERR_UNSUPPORTED_ACS (-26)
 #define CRYPTO_LIB_ERR_ENCRYPTION_ERROR (-27)
 #define CRYPTO_LIB_ERR_INVALID_SA_CONFIGURATION (-28)
+#define CRYPTO_LIB_ERR_TC_FRAME_SIZE_EXCEEDS_MANAGED_PARAM_MAX_LIMIT (-29)
+#define CRYPTO_LIB_ERR_TC_FRAME_SIZE_EXCEEDS_SPEC_LIMIT (-30)
 
 #endif //_crypto_error_h_
diff --git a/src/src_main/crypto_config.c b/src/src_main/crypto_config.c
@@ -46,8 +46,8 @@ int32_t Crypto_Init_Unit_Test(void)
     Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR,
                             TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE,
                             TC_CHECK_FECF_TRUE, 0x3F);
-    Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS);
-    Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS);
+    Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024);
+    Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024);
     status = Crypto_Init();
     return status;
 }
@@ -329,10 +329,11 @@ extern int32_t Crypto_Config_Kmc_Crypto_Service(char* protocol, char* kmc_crypto
  * @param vcid: uint8
  * @param has_fecf: uint8
  * @param has_segmentation_hdr: uint8
+ * @param max_tc_frame_size: uint16
  * @return int32: Success/Failure
  **/
 int32_t Crypto_Config_Add_Gvcid_Managed_Parameter(uint8_t tfvn, uint16_t scid, uint8_t vcid, uint8_t has_fecf,
-                                                  uint8_t has_segmentation_hdr)
+                                                  uint8_t has_segmentation_hdr, uint16_t max_tc_frame_size)
 {
     int32_t status = CRYPTO_LIB_SUCCESS;
 
@@ -346,6 +347,7 @@ int32_t Crypto_Config_Add_Gvcid_Managed_Parameter(uint8_t tfvn, uint16_t scid, u
             gvcid_managed_parameters->vcid = vcid;
             gvcid_managed_parameters->has_fecf = has_fecf;
             gvcid_managed_parameters->has_segmentation_hdr = has_segmentation_hdr;
+            gvcid_managed_parameters->max_tc_frame_size = max_tc_frame_size;
             gvcid_managed_parameters->next = NULL;
             return status;
         }
@@ -358,8 +360,8 @@ int32_t Crypto_Config_Add_Gvcid_Managed_Parameter(uint8_t tfvn, uint16_t scid, u
     }
     else
     { // Recurse through nodes and add at end
-        return crypto_config_add_gvcid_managed_parameter_recursion(tfvn, scid, vcid, has_fecf, has_segmentation_hdr,
-                                                                   gvcid_managed_parameters);
+        return crypto_config_add_gvcid_managed_parameter_recursion(tfvn, scid, vcid, has_fecf, has_segmentation_hdr, 
+                                                                    max_tc_frame_size, gvcid_managed_parameters);
     }
 }
 
@@ -370,17 +372,18 @@ int32_t Crypto_Config_Add_Gvcid_Managed_Parameter(uint8_t tfvn, uint16_t scid, u
  * @param vcid: uint8
  * @param has_fecf: uint8
  * @param has_segmentation_hdr: uint8
+ * @param max_tc_frame_size: uint16
  * @param managed_parameter: GvcidManagedParameters_t*
  * @return int32: Success/Failure
  **/
 int32_t crypto_config_add_gvcid_managed_parameter_recursion(uint8_t tfvn, uint16_t scid, uint8_t vcid, uint8_t has_fecf,
-                                                            uint8_t has_segmentation_hdr,
+                                                            uint8_t has_segmentation_hdr, uint16_t max_tc_frame_size,
                                                             GvcidManagedParameters_t* managed_parameter)
 {
     if (managed_parameter->next != NULL)
     {
         return crypto_config_add_gvcid_managed_parameter_recursion(tfvn, scid, vcid, has_fecf, has_segmentation_hdr,
-                                                                   managed_parameter->next);
+                                                                   max_tc_frame_size, managed_parameter->next);
     }
     else
     {
@@ -390,6 +393,7 @@ int32_t crypto_config_add_gvcid_managed_parameter_recursion(uint8_t tfvn, uint16
         managed_parameter->next->vcid = vcid;
         managed_parameter->next->has_fecf = has_fecf;
         managed_parameter->next->has_segmentation_hdr = has_segmentation_hdr;
+        managed_parameter->next->max_tc_frame_size = max_tc_frame_size;
         managed_parameter->next->next = NULL;
         return CRYPTO_LIB_SUCCESS;
     }

diff --git a/src/src_main/crypto_print.c b/src/src_main/crypto_print.c
@@ -299,6 +299,7 @@ void Crypto_mpPrint(GvcidManagedParameters_t* managed_parameters, uint8_t print_
         printf("\t vcid: %d", managed_parameters->vcid);
         printf("\t has_fecf: %d", managed_parameters->has_fecf);
         printf("\t has_segmentation_headers: %d\n", managed_parameters->has_segmentation_hdr);
+        printf("\t max_tc_frame_size: %d\n", managed_parameters->max_tc_frame_size);
     }
     if (managed_parameters->next != NULL && print_children != 0)
     {

diff --git a/src/src_main/crypto_tc.c b/src/src_main/crypto_tc.c
@@ -249,6 +249,26 @@ int32_t Crypto_TC_ApplySecurity(const uint8_t* p_in_frame, const uint16_t in_fra
             break;
         }
 
+        // Ensure the frame to be created will not violate managed parameter maximum length
+        if (*p_enc_frame_len > current_managed_parameters->max_tc_frame_size)
+        {
+#ifdef DEBUG
+            printf("Managed length is: %d\n", current_managed_parameters->max_tc_frame_size);
+            printf("New enc frame length will be: %d\n", *p_enc_frame_len);
+#endif
+            printf(KRED "Error: New frame would violate maximum tc frame managed parameter! \n" RESET);
+            status = CRYPTO_LIB_ERR_TC_FRAME_SIZE_EXCEEDS_MANAGED_PARAM_MAX_LIMIT;
+            return status;
+        }
+
+        // Ensure the frame to be created will not violate spec max length
+        if (*p_enc_frame_len > 1024)
+        {
+            printf(KRED "Error: New frame would violate specification max TC frame size! \n" RESET);
+            status = CRYPTO_LIB_ERR_TC_FRAME_SIZE_EXCEEDS_SPEC_LIMIT;
+            return status;
+        }
+
         // Accio buffer
         p_new_enc_frame = (uint8_t* )malloc((*p_enc_frame_len) * sizeof(uint8_t));
         if (!p_new_enc_frame)

diff --git a/src/src_main/sadb_routine_inmemory.template.c b/src/src_main/sadb_routine_inmemory.template.c
@@ -408,6 +408,14 @@ static int32_t sadb_get_operational_sa_from_gvcid(uint8_t tfvn, uint16_t scid, u
                 status = CRYPTO_LIB_ERR_NO_OPERATIONAL_SA;
             }
         }
+            // Detailed debug block
+#ifdef SA_DEBUG
+            printf(KYEL "Incoming frame parameters:\n" RESET);
+            printf(KYEL "\ttfvn %02X\n" RESET, tfvn);
+            printf(KYEL "\tscid %04X\n" RESET, scid);
+            printf(KYEL "\tvcid %02X\n" RESET, vcid);
+            printf(KYEL "\tmapid %02X\n" RESET, mapid);
+#endif
     }
 
     return status;