diff --git a/include/crypto.h b/include/crypto.h index 12560ba9..8972dcb7 100644 --- a/include/crypto.h +++ b/include/crypto.h @@ -254,7 +254,7 @@ int32_t Crypto_Check_Anti_Replay_ARSNW(SecurityAssociation_t *sa_ptr, uint8_t *a int32_t Crypto_Check_Anti_Replay_GCM(SecurityAssociation_t *sa_ptr, uint8_t *iv, int8_t *iv_valid); // SDLS Related Functions -extern uint8_t Crypto_Prep_Reply(uint8_t *ingest, uint8_t appID); +extern uint8_t Crypto_Prep_Reply(uint8_t *ingest, uint16_t appID); extern void Crypto_Print_Sdls_Ep_Reply(void); extern int32_t Crypto_Get_Sdls_Ep_Reply(uint8_t *buffer, uint16_t *length); diff --git a/include/crypto_config.h b/include/crypto_config.h index d4bba63f..d89c3ea2 100644 --- a/include/crypto_config.h +++ b/include/crypto_config.h @@ -132,9 +132,21 @@ #define CHALLENGE_SIZE 16 /* bytes */ #define CHALLENGE_MAC_SIZE 16 /* bytes */ #define BYTE_LEN 8 /* bits */ -#define CRYPTOLIB_APPID 128 +#define CRYPTOLIB_APPID 0x0180 #define MAX_IV_LEN 32 /* bytes */ +// APPID Offsets for EP Replies (TLM) +#define KEY_INVENTORY_OFFSET 0x1 +#define KEY_VERIFY_OFFSET 0x2 +#define MC_PING_OFFSET 0x3 +#define MC_STATUS_OFFSET 0x4 +#define MC_DUMP_OFFSET 0x5 +#define MC_ERASE_OFFSET 0x6 +#define MC_SELFTEST_OFFSET 0x7 +#define SA_READARSN_OFFSET 0x8 +#define SA_STATUS_OFFSET 0x9 +#define USER_IDLE_OFFSET 0xA + // Configurable via build flags #ifndef NUM_SA #define NUM_SA 64 diff --git a/include/crypto_events.h b/include/crypto_events.h index bbb9bec4..2508a390 100644 --- a/include/crypto_events.h +++ b/include/crypto_events.h @@ -18,14 +18,14 @@ #ifndef CRYPTO_EVENTS_H #define CRYPTO_EVENTS_H -#define FECF_ERR_EID 0 -#define MKID_INVALID_EID 1 -#define MKID_STATE_ERR_EID 2 -#define KEY_TRANSITION_ERR_EID 3 -#define SPI_INVALID_EID 4 -#define IV_WINDOW_ERR_EID 5 -#define IV_REPLAY_ERR_EID 6 -#define OTAR_MK_ERR_EID 7 +#define FECF_ERR_EID 1 +#define MKID_INVALID_EID 2 +#define MKID_STATE_ERR_EID 3 +#define KEY_TRANSITION_ERR_EID 4 +#define SPI_INVALID_EID 5 +#define IV_WINDOW_ERR_EID 6 +#define IV_REPLAY_ERR_EID 7 +#define OTAR_MK_ERR_EID 8 #define STARTUP_EID 10 diff --git a/include/crypto_structs.h b/include/crypto_structs.h index cb2f1251..e8ce0ea5 100644 --- a/include/crypto_structs.h +++ b/include/crypto_structs.h @@ -197,7 +197,7 @@ typedef struct typedef struct { uint16_t kid : 16; // Key ID - uint16_t key_state : 8; // Key state + uint8_t key_state : 8; // Key state } __attribute__((packed)) SDLS_KEY_INVENTORY_RPLY_t; #define SDLS_KEY_INVENTORY_RPLY_SIZE (sizeof(SDLS_KEY_INVENTORY_RPLY_t)) diff --git a/src/core/crypto.c b/src/core/crypto.c index 02aeb0ce..c260b022 100644 --- a/src/core/crypto.c +++ b/src/core/crypto.c @@ -284,7 +284,7 @@ int32_t Crypto_window(uint8_t *actual, uint8_t *expected, int length, int window * * CCSDS Compliance: CCSDS 355.0-B-2 Section 7.4 (Management) **/ -uint8_t Crypto_Prep_Reply(uint8_t *reply, uint8_t appID) +uint8_t Crypto_Prep_Reply(uint8_t *reply, uint16_t appID) { uint8_t count = 0; if (reply == NULL) @@ -300,7 +300,7 @@ uint8_t Crypto_Prep_Reply(uint8_t *reply, uint8_t appID) // Fill reply with reply header reply[count++] = (sdls_frame.hdr.pvn << 5) | (sdls_frame.hdr.type << 4) | (sdls_frame.hdr.shdr << 3) | - ((sdls_frame.hdr.appID & 0x700 >> 8)); + ((sdls_frame.hdr.appID & 0x700) >> 8); reply[count++] = (sdls_frame.hdr.appID & 0x00FF); reply[count++] = (sdls_frame.hdr.seq << 6) | ((sdls_frame.hdr.pktid & 0x3F00) >> 8); reply[count++] = (sdls_frame.hdr.pktid & 0x00FF); @@ -348,7 +348,7 @@ int32_t Crypto_Get_Sdls_Ep_Reply(uint8_t *buffer, uint16_t *length) return status; } - pkt_length = sdls_frame.hdr.pkt_length + 1; + pkt_length = CCSDS_HDR_SIZE + sdls_frame.hdr.pkt_length + 1; // Sanity Check on length if (pkt_length > TC_MAX_FRAME_SIZE) @@ -362,6 +362,9 @@ int32_t Crypto_Get_Sdls_Ep_Reply(uint8_t *buffer, uint16_t *length) // Update length externally *length = pkt_length; + memset(&sdls_ep_reply, 0x00, TC_MAX_FRAME_SIZE); + sdls_frame.hdr.pkt_length = 0; + return status; } @@ -1013,7 +1016,15 @@ int32_t Crypto_Process_Extended_Procedure_Pdu(TC_t *tc_sdls_processed_frame, uin uint16_t max_tlv = tc_sdls_processed_frame->tc_header.fl - CCSDS_HDR_SIZE - SDLS_TLV_HDR_SIZE; len_ingest = len_ingest; // suppress error for now #ifdef PDU_DEBUG + printf("sdls_frame.tlv_pdu.hdr.type: %d\n", sdls_frame.tlv_pdu.hdr.type); + printf("sdls_frame.tlv_pdu.hdr.uf: %d\n", sdls_frame.tlv_pdu.hdr.uf); + printf("sdls_frame.tlv_pdu.hdr.sg: %d\n", sdls_frame.tlv_pdu.hdr.sg); + printf("sdls_frame.tlv_pdu.hdr.pid: %d\n", sdls_frame.tlv_pdu.hdr.pid); + printf("PDU_LEN: %d\n", sdls_frame.tlv_pdu.hdr.pdu_len); + printf("MAX_TLV: %d\n", max_tlv); + printf("TLV_DATA_SIZE: %d\n", TLV_DATA_SIZE); + printf("sdls_frame.hdr.pkt_length: %d\n", sdls_frame.hdr.pkt_length); #endif if ((sdls_frame.tlv_pdu.hdr.pdu_len / 8) > max_tlv) { @@ -1031,6 +1042,9 @@ int32_t Crypto_Process_Extended_Procedure_Pdu(TC_t *tc_sdls_processed_frame, uin } else { +#ifdef PDU_DEBUG + printf(KRED "TLV_DATA_SIZE LT pkt_length OR max_tlv LT pkt_length\n" RESET); +#endif status = CRYPTO_LIB_ERR_BAD_TLV_LENGTH; return status; } diff --git a/src/core/crypto_aos.c b/src/core/crypto_aos.c index dc52b9d7..027dae73 100644 --- a/src/core/crypto_aos.c +++ b/src/core/crypto_aos.c @@ -81,7 +81,9 @@ int32_t Crypto_AOS_ApplySecurity(uint8_t *pTfBuffer, uint16_t len_ingest) if ((crypto_config.init_status == UNITIALIZED) || (mc_if == NULL) || (sa_if == NULL)) { +#ifdef AOS_DEBUG printf(KRED "ERROR: CryptoLib Configuration Not Set! -- CRYPTO_LIB_ERR_NO_CONFIG, Will Exit\n" RESET); +#endif status = CRYPTO_LIB_ERR_NO_CONFIG; // Can't mc_log since it's not configured return status; // return immediately so a NULL crypto_config is not dereferenced later @@ -216,7 +218,9 @@ int32_t Crypto_AOS_ApplySecurity(uint8_t *pTfBuffer, uint16_t len_ingest) { // Probably unnecessary check // Leaving for now as it would be cleaner in SA to have an association enum returned I believe +#ifdef AOS_DEBUG printf(KRED "Error: SA Service Type is not defined! \n" RESET); +#endif status = CRYPTO_LIB_ERROR; mc_if->mc_log(status); return status; @@ -390,7 +394,9 @@ int32_t Crypto_AOS_ApplySecurity(uint8_t *pTfBuffer, uint16_t len_ingest) if (pkcs_padding < cbc_padding) { status = CRYPTO_LIB_ERROR; +#ifdef AOS_DEBUG printf(KRED "Error: pkcs_padding length %d is less than required %d\n" RESET, pkcs_padding, cbc_padding); +#endif mc_if->mc_log(status); return status; } @@ -540,7 +546,9 @@ int32_t Crypto_AOS_ApplySecurity(uint8_t *pTfBuffer, uint16_t len_ingest) if (sa_ptr->abm_len < aad_len) { status = CRYPTO_LIB_ERR_ABM_TOO_SHORT_FOR_AAD; +#ifdef AOS_DEBUG printf(KRED "Error: abm_len of %d < aad_len of %d\n" RESET, sa_ptr->abm_len, aad_len); +#endif mc_if->mc_log(status); return status; } @@ -860,7 +868,9 @@ int32_t Crypto_AOS_ProcessSecurity(uint8_t *p_ingest, uint16_t len_ingest, uint8 // Query SA DB for active SA / SDLS parameters if (sa_if == NULL) // This should not happen, but tested here for safety { +#ifdef AOS_DEBUG printf(KRED "ERROR: SA DB Not initalized! -- CRYPTO_LIB_ERR_NO_INIT, Will Exit\n" RESET); +#endif status = CRYPTO_LIB_ERR_NO_INIT; return status; } diff --git a/src/core/crypto_config.c b/src/core/crypto_config.c index 69917ade..efc315c6 100644 --- a/src/core/crypto_config.c +++ b/src/core/crypto_config.c @@ -78,29 +78,42 @@ int32_t Crypto_SC_Init(void) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // TC + // Plaintext GvcidManagedParameters_t TC_UT_Managed_Parameters = { 0, 0x0003, 0, TC_NO_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + // Encrypted TC_UT_Managed_Parameters.vcid = 2; Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + // Authenticated TC_UT_Managed_Parameters.vcid = 3; Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + // Extended Procedures + TC_UT_Managed_Parameters.vcid = 7; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); // TM + // Plaintext GvcidManagedParameters_t TM_UT_Managed_Parameters = { 0, 0x0003, 1, TM_NO_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TM_SEGMENT_HDRS_NA, 1786, TM_NO_OCF, 1}; Crypto_Config_Add_Gvcid_Managed_Parameters(TM_UT_Managed_Parameters); + // Encrypted TM_UT_Managed_Parameters.vcid = 4; Crypto_Config_Add_Gvcid_Managed_Parameters(TM_UT_Managed_Parameters); + // Authenticated TM_UT_Managed_Parameters.vcid = 5; Crypto_Config_Add_Gvcid_Managed_Parameters(TM_UT_Managed_Parameters); status = Crypto_Init(); SecurityAssociation_t *sa_ptr = NULL; + + // TC - Clear sa_if->sa_get_from_spi(1, &sa_ptr); sa_ptr->gvcid_blk.vcid = 0; + // TC - Enc sa_if->sa_get_from_spi(2, &sa_ptr); sa_ptr->gvcid_blk.vcid = 2; + // TC - Auth sa_if->sa_get_from_spi(3, &sa_ptr); sa_ptr->sa_state = SA_OPERATIONAL; sa_ptr->gvcid_blk.vcid = 3; @@ -108,11 +121,13 @@ int32_t Crypto_SC_Init(void) sa_ptr->abm_len = ABM_SIZE; sa_ptr->shivf_len = 0; sa_ptr->iv_len = 0; + // TM - Clear sa_if->sa_get_from_spi(5, &sa_ptr); sa_ptr->sa_state = SA_OPERATIONAL; sa_ptr->shsnf_len = 0; sa_ptr->arsn_len = 0; sa_ptr->gvcid_blk.vcid = 1; + // TM - Enc sa_if->sa_get_from_spi(6, &sa_ptr); sa_ptr->sa_state = SA_OPERATIONAL; sa_ptr->ecs = CRYPTO_CIPHER_AES256_GCM; @@ -123,6 +138,7 @@ int32_t Crypto_SC_Init(void) sa_ptr->shivf_len = 12; sa_ptr->iv_len = 12; sa_ptr->abm_len = ABM_SIZE; + // TM - Auth sa_if->sa_get_from_spi(7, &sa_ptr); sa_ptr->sa_state = SA_OPERATIONAL; sa_ptr->abm_len = ABM_SIZE; @@ -132,6 +148,12 @@ int32_t Crypto_SC_Init(void) sa_ptr->gvcid_blk.vcid = 5; sa_ptr->shivf_len = 0; sa_ptr->iv_len = 0; + // TC - EP Clear + sa_if->sa_get_from_spi(63, &sa_ptr); + sa_ptr->sa_state = SA_OPERATIONAL; + // Disabling 15 + sa_if->sa_get_from_spi(15, &sa_ptr); + sa_ptr->sa_state = SA_NONE; return status; } @@ -253,13 +275,17 @@ int32_t Crypto_Init(void) if (crypto_config.init_status == UNITIALIZED) { status = CRYPTO_CONFIGURATION_NOT_COMPLETE; +#ifdef DEBUG printf(KRED "ERROR: CryptoLib must be configured before intializing!\n" RESET); +#endif return status; // No configuration set -- return! } if (gvcid_managed_parameters_array[0].set_flag == 0) { status = CRYPTO_MANAGED_PARAM_CONFIGURATION_NOT_COMPLETE; +#ifdef DEBUG printf(KRED "ERROR: CryptoLib Managed Parameters must be configured before intializing!\n" RESET); +#endif return status; // No Managed Parameter configuration set -- return! } @@ -284,7 +310,7 @@ int32_t Crypto_Init(void) { return status; } - + /* MC Interface */ if (mc_if == NULL) { @@ -306,7 +332,7 @@ int32_t Crypto_Init(void) { return status; } - + /* SA Interface */ if (sa_if == NULL) { @@ -324,7 +350,9 @@ int32_t Crypto_Init(void) if (sa_mariadb_config == NULL) { status = CRYPTO_MARIADB_CONFIGURATION_NOT_COMPLETE; +#ifdef SA_DEBUG printf(KRED "ERROR: CryptoLib MariaDB must be configured before intializing!\n" RESET); +#endif return status; // MariaDB connection specified but no configuration exists, return! } sa_if = get_sa_interface_mariadb(); @@ -409,7 +437,7 @@ int32_t Crypto_Init(void) { status = Crypto_Local_Init(); } - + if (status == CRYPTO_LIB_SUCCESS) { status = Crypto_Local_Config(); @@ -537,7 +565,7 @@ int32_t Crypto_Config_MariaDB(char *mysql_hostname, char *mysql_database, uint16 if (sa_mariadb_config != NULL) { status = CRYPTO_LIB_SUCCESS; - + // Copy all string parameters, checking for errors if (status == CRYPTO_LIB_SUCCESS) status = crypto_deep_copy_string(mysql_username, &sa_mariadb_config->mysql_username); @@ -547,9 +575,9 @@ int32_t Crypto_Config_MariaDB(char *mysql_hostname, char *mysql_database, uint16 status = crypto_deep_copy_string(mysql_hostname, &sa_mariadb_config->mysql_hostname); if (status == CRYPTO_LIB_SUCCESS) status = crypto_deep_copy_string(mysql_database, &sa_mariadb_config->mysql_database); - + sa_mariadb_config->mysql_port = mysql_port; - + /*start - encrypted connection related parameters*/ if (status == CRYPTO_LIB_SUCCESS) status = crypto_deep_copy_string(mysql_mtls_cert, &sa_mariadb_config->mysql_mtls_cert); @@ -559,27 +587,37 @@ int32_t Crypto_Config_MariaDB(char *mysql_hostname, char *mysql_database, uint16 status = crypto_deep_copy_string(mysql_tls_ca, &sa_mariadb_config->mysql_mtls_ca); if (status == CRYPTO_LIB_SUCCESS) status = crypto_deep_copy_string(mysql_tls_capath, &sa_mariadb_config->mysql_mtls_capath); - + sa_mariadb_config->mysql_tls_verify_server = mysql_tls_verify_server; - + if (status == CRYPTO_LIB_SUCCESS) - status = crypto_deep_copy_string(mysql_mtls_client_key_password, &sa_mariadb_config->mysql_mtls_client_key_password); - + status = crypto_deep_copy_string(mysql_mtls_client_key_password, + &sa_mariadb_config->mysql_mtls_client_key_password); + sa_mariadb_config->mysql_require_secure_transport = mysql_require_secure_transport; /*end - encrypted connection related parameters*/ - + // If any string copying failed, clean up if (status != CRYPTO_LIB_SUCCESS) { - if (sa_mariadb_config->mysql_username) free(sa_mariadb_config->mysql_username); - if (sa_mariadb_config->mysql_password) free(sa_mariadb_config->mysql_password); - if (sa_mariadb_config->mysql_hostname) free(sa_mariadb_config->mysql_hostname); - if (sa_mariadb_config->mysql_database) free(sa_mariadb_config->mysql_database); - if (sa_mariadb_config->mysql_mtls_cert) free(sa_mariadb_config->mysql_mtls_cert); - if (sa_mariadb_config->mysql_mtls_key) free(sa_mariadb_config->mysql_mtls_key); - if (sa_mariadb_config->mysql_mtls_ca) free(sa_mariadb_config->mysql_mtls_ca); - if (sa_mariadb_config->mysql_mtls_capath) free(sa_mariadb_config->mysql_mtls_capath); - if (sa_mariadb_config->mysql_mtls_client_key_password) free(sa_mariadb_config->mysql_mtls_client_key_password); + if (sa_mariadb_config->mysql_username) + free(sa_mariadb_config->mysql_username); + if (sa_mariadb_config->mysql_password) + free(sa_mariadb_config->mysql_password); + if (sa_mariadb_config->mysql_hostname) + free(sa_mariadb_config->mysql_hostname); + if (sa_mariadb_config->mysql_database) + free(sa_mariadb_config->mysql_database); + if (sa_mariadb_config->mysql_mtls_cert) + free(sa_mariadb_config->mysql_mtls_cert); + if (sa_mariadb_config->mysql_mtls_key) + free(sa_mariadb_config->mysql_mtls_key); + if (sa_mariadb_config->mysql_mtls_ca) + free(sa_mariadb_config->mysql_mtls_ca); + if (sa_mariadb_config->mysql_mtls_capath) + free(sa_mariadb_config->mysql_mtls_capath); + if (sa_mariadb_config->mysql_mtls_client_key_password) + free(sa_mariadb_config->mysql_mtls_client_key_password); free(sa_mariadb_config); sa_mariadb_config = NULL; } @@ -596,20 +634,20 @@ int32_t Crypto_Config_Kmc_Crypto_Service(char *protocol, char *kmc_crypto_hostna int32_t status = CRYPTO_LIB_SUCCESS; cryptography_kmc_crypto_config = (CryptographyKmcCryptoServiceConfig_t *)calloc(1, CRYPTOGRAPHY_KMC_CRYPTO_SERVICE_CONFIG_SIZE); - + if (cryptography_kmc_crypto_config == NULL) { return CRYPTO_LIB_ERROR; } - + // Copy string parameters, checking for errors if (status == CRYPTO_LIB_SUCCESS) status = crypto_deep_copy_string(protocol, &cryptography_kmc_crypto_config->protocol); if (status == CRYPTO_LIB_SUCCESS) status = crypto_deep_copy_string(kmc_crypto_hostname, &cryptography_kmc_crypto_config->kmc_crypto_hostname); - + cryptography_kmc_crypto_config->kmc_crypto_port = kmc_crypto_port; - + if (kmc_crypto_app != NULL) { if (status == CRYPTO_LIB_SUCCESS) @@ -636,26 +674,36 @@ int32_t Crypto_Config_Kmc_Crypto_Service(char *protocol, char *kmc_crypto_hostna status = crypto_deep_copy_string(kmc_tls_ca_path, &cryptography_kmc_crypto_config->mtls_ca_path); if (status == CRYPTO_LIB_SUCCESS) status = crypto_deep_copy_string(mtls_issuer_cert, &cryptography_kmc_crypto_config->mtls_issuer_cert); - + cryptography_kmc_crypto_config->ignore_ssl_hostname_validation = kmc_ignore_ssl_hostname_validation; - + // If any string copying failed, clean up if (status != CRYPTO_LIB_SUCCESS) { - if (cryptography_kmc_crypto_config->protocol) free(cryptography_kmc_crypto_config->protocol); - if (cryptography_kmc_crypto_config->kmc_crypto_hostname) free(cryptography_kmc_crypto_config->kmc_crypto_hostname); - if (cryptography_kmc_crypto_config->kmc_crypto_app_uri) free(cryptography_kmc_crypto_config->kmc_crypto_app_uri); - if (cryptography_kmc_crypto_config->mtls_client_cert_path) free(cryptography_kmc_crypto_config->mtls_client_cert_path); - if (cryptography_kmc_crypto_config->mtls_client_cert_type) free(cryptography_kmc_crypto_config->mtls_client_cert_type); - if (cryptography_kmc_crypto_config->mtls_client_key_path) free(cryptography_kmc_crypto_config->mtls_client_key_path); - if (cryptography_kmc_crypto_config->mtls_client_key_pass) free(cryptography_kmc_crypto_config->mtls_client_key_pass); - if (cryptography_kmc_crypto_config->mtls_ca_bundle) free(cryptography_kmc_crypto_config->mtls_ca_bundle); - if (cryptography_kmc_crypto_config->mtls_ca_path) free(cryptography_kmc_crypto_config->mtls_ca_path); - if (cryptography_kmc_crypto_config->mtls_issuer_cert) free(cryptography_kmc_crypto_config->mtls_issuer_cert); + if (cryptography_kmc_crypto_config->protocol) + free(cryptography_kmc_crypto_config->protocol); + if (cryptography_kmc_crypto_config->kmc_crypto_hostname) + free(cryptography_kmc_crypto_config->kmc_crypto_hostname); + if (cryptography_kmc_crypto_config->kmc_crypto_app_uri) + free(cryptography_kmc_crypto_config->kmc_crypto_app_uri); + if (cryptography_kmc_crypto_config->mtls_client_cert_path) + free(cryptography_kmc_crypto_config->mtls_client_cert_path); + if (cryptography_kmc_crypto_config->mtls_client_cert_type) + free(cryptography_kmc_crypto_config->mtls_client_cert_type); + if (cryptography_kmc_crypto_config->mtls_client_key_path) + free(cryptography_kmc_crypto_config->mtls_client_key_path); + if (cryptography_kmc_crypto_config->mtls_client_key_pass) + free(cryptography_kmc_crypto_config->mtls_client_key_pass); + if (cryptography_kmc_crypto_config->mtls_ca_bundle) + free(cryptography_kmc_crypto_config->mtls_ca_bundle); + if (cryptography_kmc_crypto_config->mtls_ca_path) + free(cryptography_kmc_crypto_config->mtls_ca_path); + if (cryptography_kmc_crypto_config->mtls_issuer_cert) + free(cryptography_kmc_crypto_config->mtls_issuer_cert); free(cryptography_kmc_crypto_config); cryptography_kmc_crypto_config = NULL; } - + return status; } @@ -668,16 +716,16 @@ int32_t Crypto_Config_Cam(uint8_t cam_enabled, char *cookie_file_path, char *key char *access_manager_uri, char *username, char *cam_home) { int32_t status = CRYPTO_LIB_SUCCESS; - cam_config = (CamConfig_t *)calloc(1, CAM_CONFIG_SIZE); - + cam_config = (CamConfig_t *)calloc(1, CAM_CONFIG_SIZE); + if (cam_config == NULL) { return CRYPTO_LIB_ERROR; } - - cam_config->cam_enabled = cam_enabled; + + cam_config->cam_enabled = cam_enabled; cam_config->login_method = login_method; - + // Copy string parameters, checking for errors if (status == CRYPTO_LIB_SUCCESS) status = crypto_deep_copy_string(cookie_file_path, &cam_config->cookie_file_path); @@ -693,11 +741,16 @@ int32_t Crypto_Config_Cam(uint8_t cam_enabled, char *cookie_file_path, char *key // If any string copying failed, clean up if (status != CRYPTO_LIB_SUCCESS) { - if (cam_config->cookie_file_path) free(cam_config->cookie_file_path); - if (cam_config->keytab_file_path) free(cam_config->keytab_file_path); - if (cam_config->access_manager_uri) free(cam_config->access_manager_uri); - if (cam_config->username) free(cam_config->username); - if (cam_config->cam_home) free(cam_config->cam_home); + if (cam_config->cookie_file_path) + free(cam_config->cookie_file_path); + if (cam_config->keytab_file_path) + free(cam_config->keytab_file_path); + if (cam_config->access_manager_uri) + free(cam_config->access_manager_uri); + if (cam_config->username) + free(cam_config->username); + if (cam_config->cam_home) + free(cam_config->cam_home); free(cam_config); cam_config = NULL; } @@ -797,20 +850,20 @@ int32_t crypto_deep_copy_string(char *src_string, char **dst_string) { return CRYPTO_LIB_ERR_NULL_BUFFER; } - + if (src_string == NULL) { *dst_string = NULL; return CRYPTO_LIB_SUCCESS; } - + // Note that the strlen() function doesn't count the null character \0 while calculating the length. *dst_string = malloc((strlen(src_string) + 1) * sizeof(char)); if (*dst_string == NULL) { return CRYPTO_LIB_ERROR; } - + memcpy(*dst_string, src_string, strlen(src_string) + 1); return CRYPTO_LIB_SUCCESS; } @@ -846,7 +899,7 @@ int32_t Crypto_Local_Config(void) mc_log.blk[log_count].emv[3] = 0x41; mc_log.blk[log_count++].em_len = 4; } - + return CRYPTO_LIB_SUCCESS; } @@ -882,7 +935,7 @@ int32_t Crypto_Local_Init(void) report.bsaf = 0; // Invalid SPI Flag report.lspi = 0; // Last SPI Used report.snval = 0; // SN Value (LSB) - + return CRYPTO_LIB_SUCCESS; } @@ -932,6 +985,6 @@ int32_t Crypto_Calc_CRC_Init_Table(void) val ^= 0x9188; crc16Table[i] = val; } - + return CRYPTO_LIB_SUCCESS; } diff --git a/src/core/crypto_key_mgmt.c b/src/core/crypto_key_mgmt.c index 0676607d..0694941a 100644 --- a/src/core/crypto_key_mgmt.c +++ b/src/core/crypto_key_mgmt.c @@ -49,14 +49,19 @@ int32_t Crypto_Key_OTAR(void) { // Local variables SDLS_OTAR_t packet; - int count = 0; - int x = 0; - int y; + int count = 0; + int x = 0; + int y = 0; int32_t status = CRYPTO_LIB_SUCCESS; int pdu_keys = ((sdls_frame.tlv_pdu.hdr.pdu_len / BYTE_LEN) - SDLS_KEYID_LEN - SDLS_IV_LEN - MAC_SIZE) / (SDLS_KEYID_LEN + SDLS_KEY_LEN); - int w; + int w = 0; + +#ifdef DEBUG + printf("PDU_KEYS: %d\n", pdu_keys); +#endif + crypto_key_t *ekp = NULL; #ifdef DEBUG @@ -404,11 +409,13 @@ int32_t Crypto_Key_inventory(uint8_t *ingest) // Prepare for Reply range = packet.kid_last - packet.kid_first + 1; - sdls_frame.tlv_pdu.hdr.pdu_len = (SDLS_KEY_INVENTORY_RPLY_SIZE * (range)) * BYTE_LEN; - sdls_frame.hdr.pkt_length = CCSDS_HDR_SIZE + ECSS_PUS_SIZE + SDLS_TLV_HDR_SIZE + - (sdls_frame.tlv_pdu.hdr.pdu_len / BYTE_LEN) - 1 + - 2; // 2 = Num Keys Returned Field (2 Bytes) - count = Crypto_Prep_Reply(sdls_ep_reply, CRYPTOLIB_APPID); + sdls_frame.tlv_pdu.hdr.pdu_len = (2 + (SDLS_KEY_INVENTORY_RPLY_SIZE * (range))) * BYTE_LEN; + sdls_frame.hdr.pkt_length = SDLS_TLV_HDR_SIZE + (sdls_frame.tlv_pdu.hdr.pdu_len / BYTE_LEN) - 1; + if (crypto_config.has_pus_hdr == TC_HAS_PUS_HDR) + { + sdls_frame.hdr.pkt_length += ECSS_PUS_SIZE; + } + count = Crypto_Prep_Reply(sdls_ep_reply, CRYPTOLIB_APPID + KEY_INVENTORY_OFFSET); sdls_ep_reply[count++] = ((range & 0xFF00) >> BYTE_LEN); sdls_ep_reply[count++] = (range & 0x00FF); @@ -495,18 +502,20 @@ int32_t Crypto_Key_verify(TC_t *tc_frame) // length = pdu_len + HDR + PUS - 1 (per CCSDS Convention) if (crypto_config.has_pus_hdr == TC_HAS_PUS_HDR) { - sdls_frame.hdr.pkt_length = - CCSDS_HDR_SIZE + ECSS_PUS_SIZE + SDLS_TLV_HDR_SIZE + (sdls_frame.tlv_pdu.hdr.pdu_len / BYTE_LEN) - 1; - printf("NO PUS: sdls_frame.hdr.pkt_length Calced as %d\n", sdls_frame.hdr.pkt_length); + sdls_frame.hdr.pkt_length = ECSS_PUS_SIZE + SDLS_TLV_HDR_SIZE + (sdls_frame.tlv_pdu.hdr.pdu_len / BYTE_LEN) - 1; +#ifdef PDU_DEBUG + printf("WITH PUS: sdls_frame.hdr.pkt_length Calced as %d\n", sdls_frame.hdr.pkt_length); +#endif } else { - sdls_frame.hdr.pkt_length = - CCSDS_HDR_SIZE + SDLS_TLV_HDR_SIZE + (sdls_frame.tlv_pdu.hdr.pdu_len / BYTE_LEN) - 1; - printf("WITH PUS: sdls_frame.hdr.pkt_length Calced as %d\n", sdls_frame.hdr.pkt_length); + sdls_frame.hdr.pkt_length = SDLS_TLV_HDR_SIZE + (sdls_frame.tlv_pdu.hdr.pdu_len / BYTE_LEN) - 1; +#ifdef PDU_DEBUG + printf("NO PUS: sdls_frame.hdr.pkt_length Calced as %d\n", sdls_frame.hdr.pkt_length); +#endif } - count = Crypto_Prep_Reply(sdls_ep_reply, CRYPTOLIB_APPID); + count = Crypto_Prep_Reply(sdls_ep_reply, CRYPTOLIB_APPID + KEY_VERIFY_OFFSET); uint16_t pdu_data_idx = count; for (x = 0; x < pdu_keys; x++) @@ -581,7 +590,6 @@ int32_t Crypto_Key_verify(TC_t *tc_frame) pdu_data_idx += MAC_SIZE; count += CHALLENGE_SIZE + MAC_SIZE; // Don't forget to increment count! - printf("count = %d\n", count); } #ifdef PDU_DEBUG diff --git a/src/core/crypto_mc.c b/src/core/crypto_mc.c index 0c9d185a..d3ca0c8f 100644 --- a/src/core/crypto_mc.c +++ b/src/core/crypto_mc.c @@ -45,9 +45,12 @@ int32_t Crypto_MC_ping(uint8_t *ingest) // Prepare for Reply sdls_frame.tlv_pdu.hdr.pdu_len = 0; - sdls_frame.hdr.pkt_length = - CCSDS_HDR_SIZE + ECSS_PUS_SIZE + SDLS_TLV_HDR_SIZE + (sdls_frame.tlv_pdu.hdr.pdu_len / BYTE_LEN) - 1; - count = Crypto_Prep_Reply(sdls_ep_reply, CRYPTOLIB_APPID); + sdls_frame.hdr.pkt_length = SDLS_TLV_HDR_SIZE - 1; + if (crypto_config.has_pus_hdr == TC_HAS_PUS_HDR) + { + sdls_frame.hdr.pkt_length += ECSS_PUS_SIZE; + } + count = Crypto_Prep_Reply(sdls_ep_reply, CRYPTOLIB_APPID + MC_PING_OFFSET); #ifdef PDU_DEBUG printf("MC Ping Reply: \t 0x"); @@ -77,9 +80,12 @@ int32_t Crypto_MC_status(uint8_t *ingest) // Prepare for Reply sdls_frame.tlv_pdu.hdr.pdu_len = SDLS_MC_LOG_RPLY_SIZE * BYTE_LEN; - sdls_frame.hdr.pkt_length = - CCSDS_HDR_SIZE + ECSS_PUS_SIZE + SDLS_TLV_HDR_SIZE + (sdls_frame.tlv_pdu.hdr.pdu_len / BYTE_LEN) - 1; - count = Crypto_Prep_Reply(sdls_ep_reply, CRYPTOLIB_APPID); + sdls_frame.hdr.pkt_length = SDLS_TLV_HDR_SIZE + (sdls_frame.tlv_pdu.hdr.pdu_len / BYTE_LEN) - 1; + if (crypto_config.has_pus_hdr == TC_HAS_PUS_HDR) + { + sdls_frame.hdr.pkt_length += ECSS_PUS_SIZE; + } + count = Crypto_Prep_Reply(sdls_ep_reply, CRYPTOLIB_APPID + MC_STATUS_OFFSET); // PDU sdls_ep_reply[count] = (log_summary.num_se & 0xFF00) >> BYTE_LEN; count++; @@ -121,9 +127,12 @@ int32_t Crypto_MC_dump(uint8_t *ingest) // Prepare for Reply sdls_frame.tlv_pdu.hdr.pdu_len = (SDLS_MC_DUMP_RPLY_SIZE * log_count) * BYTE_LEN; - sdls_frame.hdr.pkt_length = - CCSDS_HDR_SIZE + ECSS_PUS_SIZE + SDLS_TLV_HDR_SIZE + (sdls_frame.tlv_pdu.hdr.pdu_len / BYTE_LEN) - 1; - count = Crypto_Prep_Reply(sdls_ep_reply, CRYPTOLIB_APPID); + sdls_frame.hdr.pkt_length = SDLS_TLV_HDR_SIZE + (sdls_frame.tlv_pdu.hdr.pdu_len / BYTE_LEN) - 1; + if (crypto_config.has_pus_hdr == TC_HAS_PUS_HDR) + { + sdls_frame.hdr.pkt_length += ECSS_PUS_SIZE; + } + count = Crypto_Prep_Reply(sdls_ep_reply, CRYPTOLIB_APPID + MC_DUMP_OFFSET); // PDU for (x = 0; x < log_count; x++) { @@ -198,9 +207,12 @@ int32_t Crypto_MC_erase(uint8_t *ingest) // Prepare for Reply sdls_frame.tlv_pdu.hdr.pdu_len = SDLS_MC_LOG_RPLY_SIZE * BYTE_LEN; // 4 - sdls_frame.hdr.pkt_length = - CCSDS_HDR_SIZE + ECSS_PUS_SIZE + SDLS_TLV_HDR_SIZE + (sdls_frame.tlv_pdu.hdr.pdu_len / BYTE_LEN) - 1; - count = Crypto_Prep_Reply(sdls_ep_reply, CRYPTOLIB_APPID); + sdls_frame.hdr.pkt_length = SDLS_TLV_HDR_SIZE + (sdls_frame.tlv_pdu.hdr.pdu_len / BYTE_LEN) - 1; + if (crypto_config.has_pus_hdr == TC_HAS_PUS_HDR) + { + sdls_frame.hdr.pkt_length += ECSS_PUS_SIZE; + } + count = Crypto_Prep_Reply(sdls_ep_reply, CRYPTOLIB_APPID + MC_ERASE_OFFSET); // PDU sdls_ep_reply[count] = (log_summary.num_se & 0xFF00) >> BYTE_LEN; count++; @@ -244,10 +256,13 @@ int32_t Crypto_MC_selftest(uint8_t *ingest) // Prepare for Reply sdls_frame.tlv_pdu.hdr.pdu_len = SDLS_MC_ST_RPLY_SIZE * BYTE_LEN; - sdls_frame.hdr.pkt_length = - CCSDS_HDR_SIZE + ECSS_PUS_SIZE + SDLS_TLV_HDR_SIZE + (sdls_frame.tlv_pdu.hdr.pdu_len / BYTE_LEN) - 1; + sdls_frame.hdr.pkt_length = SDLS_TLV_HDR_SIZE + (sdls_frame.tlv_pdu.hdr.pdu_len / BYTE_LEN) - 1; + if (crypto_config.has_pus_hdr == TC_HAS_PUS_HDR) + { + sdls_frame.hdr.pkt_length += ECSS_PUS_SIZE; + } sdls_frame.tlv_pdu.data[0] = result; - count = Crypto_Prep_Reply(sdls_ep_reply, CRYPTOLIB_APPID); + count = Crypto_Prep_Reply(sdls_ep_reply, CRYPTOLIB_APPID + MC_SELFTEST_OFFSET); sdls_ep_reply[count] = result; count++; @@ -301,18 +316,25 @@ int32_t Crypto_SA_readARSN(uint8_t *ingest) else { // Prepare for Reply - sdls_frame.tlv_pdu.hdr.pdu_len = (SPI_LEN + sa_ptr->arsn_len) * BYTE_LEN; // bits - sdls_frame.hdr.pkt_length = - CCSDS_HDR_SIZE + ECSS_PUS_SIZE + SDLS_TLV_HDR_SIZE + (sdls_frame.tlv_pdu.hdr.pdu_len / BYTE_LEN) - 1; - uint8_t count = Crypto_Prep_Reply(sdls_ep_reply, CRYPTOLIB_APPID); + sdls_frame.tlv_pdu.hdr.pdu_len = (SPI_LEN + ARSN_SIZE) * BYTE_LEN; // bits + sdls_frame.hdr.pkt_length = SDLS_TLV_HDR_SIZE + (sdls_frame.tlv_pdu.hdr.pdu_len / BYTE_LEN) - 1; + if (crypto_config.has_pus_hdr == TC_HAS_PUS_HDR) + { + sdls_frame.hdr.pkt_length += ECSS_PUS_SIZE; + } + uint8_t count = Crypto_Prep_Reply(sdls_ep_reply, CRYPTOLIB_APPID + SA_READARSN_OFFSET); // Write SPI to reply sdls_ep_reply[count] = (spi & 0xFF00) >> BYTE_LEN; count++; sdls_ep_reply[count] = (spi & 0x00FF); count++; - - for (x = 0; x < sa_ptr->arsn_len; x++) + for (x = 0; x < ARSN_SIZE - sa_ptr->shsnf_len; x++) + { + sdls_ep_reply[count] = 0x00; + count++; + } + for (x = 0; x < sa_ptr->shsnf_len; x++) { sdls_ep_reply[count] = *(sa_ptr->arsn + x); count++; diff --git a/src/core/crypto_print.c b/src/core/crypto_print.c index eadae288..8e93b0e7 100644 --- a/src/core/crypto_print.c +++ b/src/core/crypto_print.c @@ -32,6 +32,8 @@ **/ void Crypto_tcPrint(TC_t *tc_frame) { + tc_frame = tc_frame; +#ifdef DEBUG printf("Current TC in memory is: \n"); printf("\t Header\n"); printf("\t\t tfvn = 0x%01x \n", tc_frame->tc_header.tfvn); @@ -53,6 +55,7 @@ void Crypto_tcPrint(TC_t *tc_frame) printf("\t SDLS Trailer\n"); printf("\t\t FECF = 0x%04x \n", tc_frame->tc_sec_trailer.fecf); printf("\n"); +#endif } /** @@ -64,10 +67,12 @@ void Crypto_tcPrint(TC_t *tc_frame) void Crypto_tmPrint(TM_t *tm_frame) { tm_frame = tm_frame; +#ifdef DEBUG printf("Current TM in memory is: \n"); printf("\t Header\n"); printf("\t**** THIS IS BLANKED OUT CURRENTLY!!!!!!!***\n"); printf("\n"); +#endif } void Crypto_Print_Sdls_Ep_Reply(void) @@ -80,17 +85,21 @@ void Crypto_Print_Sdls_Ep_Reply(void) // Sanity check on length if (pkt_length > TC_MAX_FRAME_SIZE) { +#ifdef DEBUG printf(KRED "Unable to print SDLS Reply... invalid length of %d\n" RESET, pkt_length); +#endif return; } // Do the print +#ifdef DEBUG printf("SDLS Reply Global: 0x"); for (int i = 0; i < pkt_length; i++) { printf("%02X", sdls_ep_reply[i]); } printf("\n\n"); +#endif return; } @@ -102,6 +111,8 @@ void Crypto_Print_Sdls_Ep_Reply(void) **/ void Crypto_clcwPrint(Telemetry_Frame_Ocf_Clcw_t *clcw) { + clcw = clcw; +#ifdef DEBUG printf("Current CLCW in memory is: \n"); printf("\t cwt = 0x%01x \n", clcw->cwt); printf("\t cvn = 0x%01x \n", clcw->cvn); @@ -118,6 +129,7 @@ void Crypto_clcwPrint(Telemetry_Frame_Ocf_Clcw_t *clcw) printf("\t spare1 = 0x%01x \n", clcw->spare1); printf("\t rv = 0x%02x \n", clcw->rv); printf("\n"); +#endif } /** @@ -127,6 +139,8 @@ void Crypto_clcwPrint(Telemetry_Frame_Ocf_Clcw_t *clcw) **/ void Crypto_fsrPrint(Telemetry_Frame_Ocf_Fsr_t *report) { + report = report; +#ifdef DEBUG printf("Current FSR in memory is: \n"); printf("\t cwt = 0x%01x \n", report->cwt); printf("\t fvn = 0x%01x \n", report->fvn); @@ -137,6 +151,7 @@ void Crypto_fsrPrint(Telemetry_Frame_Ocf_Fsr_t *report) printf("\t lspi = 0x%01x \n", report->lspi); printf("\t snval = 0x%01x \n", report->snval); printf("\n"); +#endif } /** @@ -146,6 +161,7 @@ void Crypto_fsrPrint(Telemetry_Frame_Ocf_Fsr_t *report) **/ void Crypto_ccsdsPrint(CCSDS_t *sdls_frame) { +#ifdef DEBUG printf("Current CCSDS in memory is: \n"); printf("\t Primary Header\n"); printf("\t\t pvn = 0x%01x \n", sdls_frame->hdr.pvn); @@ -166,21 +182,34 @@ void Crypto_ccsdsPrint(CCSDS_t *sdls_frame) printf("\t\t sid = 0x%01x \n", sdls_frame->pus.sid); printf("\t\t spare = 0x%01x \n", sdls_frame->pus.spare); } - else - { - printf("\t PUS Header\n"); - printf("\t\t Config not configured for PUS Header, not printing\n"); - } printf("\t TLV PDU \n"); printf("\t\t type = 0x%01x \n", sdls_frame->tlv_pdu.hdr.type); printf("\t\t uf = 0x%01x \n", sdls_frame->tlv_pdu.hdr.uf); printf("\t\t sg = 0x%01x \n", sdls_frame->tlv_pdu.hdr.sg); printf("\t\t pid = 0x%01x \n", sdls_frame->tlv_pdu.hdr.pid); printf("\t\t pdu_len = 0x%04x \n", sdls_frame->tlv_pdu.hdr.pdu_len); - printf("\t\t data[0] = 0x%02x \n", sdls_frame->tlv_pdu.data[0]); - printf("\t\t data[1] = 0x%02x \n", sdls_frame->tlv_pdu.data[1]); - printf("\t\t data[2] = 0x%02x \n", sdls_frame->tlv_pdu.data[2]); +#endif + if ((sdls_frame->tlv_pdu.hdr.pdu_len / 8) >= 1) + { +#ifdef DEBUG + printf("\t\t data[0] = 0x%02x \n", sdls_frame->tlv_pdu.data[0]); +#endif + } + if ((sdls_frame->tlv_pdu.hdr.pdu_len / 8) >= 2) + { +#ifdef DEBUG + printf("\t\t data[1] = 0x%02x \n", sdls_frame->tlv_pdu.data[1]); +#endif + } + if ((sdls_frame->tlv_pdu.hdr.pdu_len / 8) >= 3) + { +#ifdef DEBUG + printf("\t\t data[2] = 0x%02x \n", sdls_frame->tlv_pdu.data[2]); +#endif + } +#ifdef DEBUG printf("\n"); +#endif } /** @@ -192,6 +221,7 @@ void Crypto_saPrint(SecurityAssociation_t *sa) { int i; +#ifdef SA_DEBUG printf("SA status: \n"); printf("\t spi = %d \n", sa->spi); printf("\t sa_state = 0x%01x \n", sa->sa_state); @@ -202,41 +232,55 @@ void Crypto_saPrint(SecurityAssociation_t *sa) printf("\t shplf_len = %d \n", sa->shplf_len); printf("\t stmacf_len = %d \n", sa->stmacf_len); printf("\t ecs_len = %d \n", sa->ecs_len); +#endif if (sa->ecs_len > 0) { for (i = 0; i < sa->ecs_len; i++) { +#ifdef SA_DEBUG printf("\t ecs[%d] = 0x%02x \n", i, (sa->ecs + i)); +#endif } } +#ifdef SA_DEBUG printf("\t ekid = %d \n", sa->ekid); printf("\t ek_ref = %s \n", sa->ek_ref); printf("\t akid = %d \n", sa->akid); printf("\t ak_ref = %s \n", sa->ak_ref); printf("\t iv_len = %d \n", sa->iv_len); +#endif if (sa->iv_len > 0) { for (i = 0; i < sa->iv_len; i++) { +#ifdef SA_DEBUG printf("\t iv[%d] = 0x%02x \n", i, *(sa->iv + i)); +#endif } } else { +#ifdef SA_DEBUG printf("\t iv = %s \n", sa->iv); +#endif } +#ifdef SA_DEBUG printf("\t acs_len = %d \n", sa->acs_len); printf("\t acs = 0x%02x \n", sa->acs); printf("\t abm_len = %d \n", sa->abm_len); +#endif if (sa->abm_len > 0) { +#ifdef SA_DEBUG printf("\t abm = "); for (i = 0; i < sa->abm_len; i++) { printf("%02x", *(sa->abm + i)); } printf("\n"); +#endif } +#ifdef SA_DEBUG printf("\t arsn_len = %d \n", sa->arsn_len); if (sa->arsn_len > 0) { @@ -250,6 +294,7 @@ void Crypto_saPrint(SecurityAssociation_t *sa) printf("\t arsnw_len = %d \n", sa->arsnw_len); printf("\t arsnw = %d \n", sa->arsnw); +#endif } /** @@ -260,16 +305,22 @@ void Crypto_saPrint(SecurityAssociation_t *sa) **/ void Crypto_hexprint(const void *c, size_t n) { - const uint8_t *t = c; - size_t idx = 0; + const uint8_t *t = c; + t = t; + size_t idx = 0; if (c == NULL) return; while (idx < n) { + +#ifdef DEBUG printf("%02x", t[idx]); +#endif idx++; } +#ifdef DEBUG printf("\n"); +#endif } /** @@ -281,7 +332,8 @@ void Crypto_hexprint(const void *c, size_t n) void Crypto_binprint(void *c, size_t n) { uint8_t *t = c; - int q; + t = t; + int q; if (c == NULL) return; @@ -289,9 +341,15 @@ void Crypto_binprint(void *c, size_t n) { --n; for (q = 0x80; q; q >>= 1) + { +#ifdef DEBUG printf("%x", !!(t[n] & q)); +#endif + } } +#ifdef DEBUG printf("\n"); +#endif } void Crypto_mpPrint(GvcidManagedParameters_t *managed_parameters, uint8_t print_children) @@ -300,6 +358,7 @@ void Crypto_mpPrint(GvcidManagedParameters_t *managed_parameters, uint8_t print_ print_children = print_children; if (managed_parameters != NULL) { +#ifdef DEBUG printf("Managed Parameter: \n"); printf("\t tfvn: %d", managed_parameters->tfvn); printf("\t scid: %d", managed_parameters->scid); @@ -308,6 +367,7 @@ void Crypto_mpPrint(GvcidManagedParameters_t *managed_parameters, uint8_t print_ printf("\t has_segmentation_headers: %d\n", managed_parameters->has_segmentation_hdr); printf("\t max_frame_size: %d\n", managed_parameters->max_frame_size); printf("\t TM has ocf %d\n", managed_parameters->has_ocf); +#endif } } #endif \ No newline at end of file diff --git a/src/core/crypto_tc.c b/src/core/crypto_tc.c index 8c8621cf..c29e7a29 100644 --- a/src/core/crypto_tc.c +++ b/src/core/crypto_tc.c @@ -75,7 +75,9 @@ int32_t Crypto_TC_Get_SA_Service_Type(uint8_t *sa_service_type, SecurityAssociat { // Probably unnecessary check // Leaving for now as it would be cleaner in SA to have an association enum returned I believe +#ifdef SA_DEBUG printf(KRED "Error: SA Service Type is not defined! \n" RESET); +#endif status = CRYPTO_LIB_ERROR; mc_if->mc_log(status); return status; @@ -168,7 +170,9 @@ int32_t Crypto_TC_Validate_SA_Service_Type(uint8_t sa_service_type) if ((sa_service_type != SA_PLAINTEXT) && (sa_service_type != SA_AUTHENTICATED_ENCRYPTION) && (sa_service_type != SA_ENCRYPTION) && (sa_service_type != SA_AUTHENTICATION)) { +#ifdef SA_DEBUG printf(KRED "Unknown SA Service Type Detected!\n" RESET); +#endif status = CRYPTO_LIB_ERR_INVALID_SA_SERVICE_TYPE; } return status; @@ -236,7 +240,9 @@ int32_t Crypto_TC_Frame_Validation(uint16_t *p_enc_frame_len) // Check minimum frame size per CCSDS 232.0-B-3 if (*p_enc_frame_len < TC_MIN_FRAME_SIZE) { +#ifdef TC_DEBUG printf(KRED "Error: New frame would violate minimum TC frame size requirement! \n" RESET); +#endif status = CRYPTO_LIB_ERR_TC_FRAME_TOO_SHORT; mc_if->mc_log(status); return status; @@ -248,8 +254,8 @@ int32_t Crypto_TC_Frame_Validation(uint16_t *p_enc_frame_len) #ifdef DEBUG printf("Managed length is: %d\n", tc_current_managed_parameters_struct.max_frame_size); printf("New enc frame length will be: %d\n", *p_enc_frame_len); -#endif printf(KRED "Error: New frame would violate maximum tc frame managed parameter! \n" RESET); +#endif status = CRYPTO_LIB_ERR_TC_FRAME_SIZE_EXCEEDS_MANAGED_PARAM_MAX_LIMIT; mc_if->mc_log(status); return status; @@ -257,7 +263,9 @@ int32_t Crypto_TC_Frame_Validation(uint16_t *p_enc_frame_len) // Ensure the frame to be created will not violate spec max length if ((*p_enc_frame_len > 1024) && status == CRYPTO_LIB_SUCCESS) { +#ifdef TC_DEBUG printf(KRED "Error: New frame would violate specification max TC frame size! \n" RESET); +#endif status = CRYPTO_LIB_ERR_TC_FRAME_SIZE_EXCEEDS_SPEC_LIMIT; mc_if->mc_log(status); return status; @@ -278,7 +286,9 @@ int32_t Crypto_TC_Accio_Buffer(uint8_t **p_new_enc_frame, uint16_t *p_enc_frame_ *p_new_enc_frame = (uint8_t *)malloc((*p_enc_frame_len) * sizeof(uint8_t)); if (!(*p_new_enc_frame)) // Fix the check to properly verify the allocation { +#ifdef TC_DEBUG printf(KRED "Error: Malloc for encrypted output buffer failed! \n" RESET); +#endif status = CRYPTO_LIB_ERROR; mc_if->mc_log(status); return status; @@ -731,7 +741,9 @@ int32_t Crypto_TC_Check_Init_Setup(uint16_t in_frame_length) if ((crypto_config.init_status == UNITIALIZED) || (mc_if == NULL) || (sa_if == NULL)) { +#ifdef TC_DEBUG printf(KRED "ERROR: CryptoLib Configuration Not Set! -- CRYPTO_LIB_ERR_NO_CONFIG, Will Exit\n" RESET); +#endif status = CRYPTO_LIB_ERR_NO_CONFIG; // Can't mc_log since it's not configured return status; // return immediately so a NULL crypto_config is not dereferenced later @@ -762,7 +774,9 @@ int32_t Crypto_TC_Sanity_Setup(const uint8_t *p_in_frame, const uint16_t in_fram if (p_in_frame == NULL) { status = CRYPTO_LIB_ERR_NULL_BUFFER; +#ifdef TC_DEBUG printf(KRED "Error: Input Buffer NULL! \n" RESET); +#endif mc_if->mc_log(status); return status; // Just return here, nothing can be done. } @@ -1626,7 +1640,9 @@ int32_t Crypto_TC_Process_Sanity_Check(int *len_ingest) if ((mc_if == NULL) || (crypto_config.init_status == UNITIALIZED)) { +#ifdef TC_DEBUG printf(KRED "ERROR: CryptoLib Configuration Not Set! -- CRYPTO_LIB_ERR_NO_CONFIG, Will Exit\n" RESET); +#endif status = CRYPTO_LIB_ERR_NO_CONFIG; mc_if->mc_log(status); } @@ -1938,7 +1954,7 @@ int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t *ingest, int *len_ingest, TC_t *tc tc_sdls_processed_frame->tc_header.bypass = ((uint8_t)ingest[byte_idx] & 0x20) >> 5; tc_sdls_processed_frame->tc_header.cc = ((uint8_t)ingest[byte_idx] & 0x10) >> 4; tc_sdls_processed_frame->tc_header.spare = ((uint8_t)ingest[byte_idx] & 0x0C) >> 2; - tc_sdls_processed_frame->tc_header.scid = ((uint8_t)ingest[byte_idx] & 0x03) << 8; + tc_sdls_processed_frame->tc_header.scid = ((uint16_t)ingest[byte_idx] & 0x03) << 8; byte_idx++; tc_sdls_processed_frame->tc_header.scid = tc_sdls_processed_frame->tc_header.scid | (uint8_t)ingest[byte_idx]; byte_idx++; diff --git a/src/core/crypto_tm.c b/src/core/crypto_tm.c index b906991f..08eaf07d 100644 --- a/src/core/crypto_tm.c +++ b/src/core/crypto_tm.c @@ -54,7 +54,9 @@ int32_t Crypto_TM_Sanity_Check(uint8_t *pTfBuffer) if ((status == CRYPTO_LIB_SUCCESS) && ((crypto_config.init_status == UNITIALIZED) || (mc_if == NULL) || (sa_if == NULL))) { +#ifdef TM_DEBUG printf(KRED "ERROR: CryptoLib Configuration Not Set! -- CRYPTO_LIB_ERR_NO_CONFIG, Will Exit\n" RESET); +#endif status = CRYPTO_LIB_ERR_NO_CONFIG; // Can't mc_log since it's not configured } @@ -93,7 +95,9 @@ int32_t Crypto_TM_Determine_SA_Service_Type(uint8_t *sa_service_type, SecurityAs { // Probably unnecessary check // Leaving for now as it would be cleaner in SA to have an association enum returned I believe +#ifdef TM_DEBUG printf(KRED "Error: SA Service Type is not defined! \n" RESET); +#endif status = CRYPTO_LIB_ERROR; } if (status != CRYPTO_LIB_SUCCESS) @@ -393,7 +397,9 @@ int32_t Crypto_TM_Do_Encrypt_NONPLAINTEXT(uint8_t sa_service_type, uint16_t *aad if (sa_ptr->abm_len < *aad_len) { status = CRYPTO_LIB_ERR_ABM_TOO_SHORT_FOR_AAD; +#ifdef TM_DEBUG printf(KRED "Error: abm_len of %d < *aad_len of %d\n" RESET, sa_ptr->abm_len, *aad_len); +#endif mc_if->mc_log(status); } if (status == CRYPTO_LIB_SUCCESS) @@ -1095,7 +1101,9 @@ int32_t Crypto_TM_Process_Setup(uint16_t len_ingest, uint16_t *byte_idx, uint8_t // Query SA DB for active SA / SDLS parameters if ((sa_if == NULL) && (status == CRYPTO_LIB_SUCCESS)) // This should not happen, but tested here for safety { +#ifdef TM_DEBUG printf(KRED "ERROR: SA DB Not initalized! -- CRYPTO_LIB_ERR_NO_INIT, Will Exit\n" RESET); +#endif status = CRYPTO_LIB_ERR_NO_INIT; } @@ -1216,7 +1224,7 @@ int32_t Crypto_TM_Determine_Cipher_Mode(uint8_t sa_service_type, SecurityAssocia if (sa_ptr->ecs != CRYPTO_CIPHER_NONE) { *encryption_cipher = sa_ptr->ecs; -#ifdef TC_DEBUG +#ifdef TM_DEBUG printf(KYEL "SA Encryption Cipher: %d\n", *encryption_cipher); #endif } diff --git a/src/core/crypto_user.c b/src/core/crypto_user.c index 626f1f5d..e13abb17 100644 --- a/src/core/crypto_user.c +++ b/src/core/crypto_user.c @@ -33,7 +33,7 @@ int32_t Crypto_User_IdleTrigger(uint8_t *ingest) // Prepare for Reply sdls_frame.tlv_pdu.hdr.pdu_len = 0; sdls_frame.hdr.pkt_length = sdls_frame.tlv_pdu.hdr.pdu_len + 9; - count = Crypto_Prep_Reply(ingest, 144); + count = Crypto_Prep_Reply(ingest, CRYPTOLIB_APPID + USER_IDLE_OFFSET); return count; } @@ -136,11 +136,15 @@ int32_t Crypto_User_ModifyKey(void) { case 1: // Invalidate Key ekp->value[KEY_SIZE - 1]++; +#ifdef DEBUG printf("Key %d value invalidated! \n", kid); +#endif break; case 2: // Modify key state ekp->key_state = (uint8_t)sdls_frame.tlv_pdu.data[3] & 0x0F; +#ifdef DEBUG printf("Key %d state changed to %d! \n", kid, mod); +#endif break; default: // Error @@ -191,7 +195,9 @@ int32_t Crypto_User_ModifyVCID(void) { // TODO Check this tm_frame_sec_hdr.spi = i; +#ifdef DEBUG printf("TM Frame SPI changed to %d \n", i); +#endif break; } } diff --git a/src/crypto/kmc/cryptography_interface_kmc_crypto_service.template.c b/src/crypto/kmc/cryptography_interface_kmc_crypto_service.template.c index c3d72ace..8c8788ce 100644 --- a/src/crypto/kmc/cryptography_interface_kmc_crypto_service.template.c +++ b/src/crypto/kmc/cryptography_interface_kmc_crypto_service.template.c @@ -149,7 +149,9 @@ static int32_t cryptography_config(void) // Error out if Crypto_Config_Kmc_Crypto_Service(...) function was not called before intializing library. if (cryptography_kmc_crypto_config == NULL) { +#ifdef DEBUG fprintf(stderr, "You must configure the KMC Crypto Service before starting the interface!\n"); +#endif status = CRYPTOGRAPHY_KMC_CRYPTO_SERVICE_CONFIGURATION_NOT_COMPLETE; return status; } @@ -346,7 +348,9 @@ static int32_t cryptography_encrypt(uint8_t *data_out, size_t len_data_out, uint if (parse_result < 0) { status = CRYPTOGRAHPY_KMC_CRYPTO_JSON_PARSE_ERROR; +#ifdef DEBUG printf("Failed to parse JSON: %d\n", parse_result); +#endif return status; } @@ -448,7 +452,9 @@ static int32_t cryptography_encrypt(uint8_t *data_out, size_t len_data_out, uint if (http_code != 200) { status = CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_GENERIC_FAILURE; +#ifdef DEBUG fprintf(stderr, "KMC Crypto Failure Response:\n%s\n", chunk_write->response); +#endif return status; } free(http_code_str); @@ -589,7 +595,9 @@ static int32_t cryptography_decrypt(uint8_t *data_out, size_t len_data_out, uint if (parse_result < 0) { status = CRYPTOGRAHPY_KMC_CRYPTO_JSON_PARSE_ERROR; +#ifdef DEBUG printf("Failed to parse JSON: %d\n", parse_result); +#endif return status; } @@ -635,7 +643,9 @@ static int32_t cryptography_decrypt(uint8_t *data_out, size_t len_data_out, uint if (http_code != 200) { status = CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_GENERIC_FAILURE; +#ifdef DEBUG fprintf(stderr, "KMC Crypto Failure Response:\n%s\n", chunk_write->response); +#endif return status; } free(http_code_str); @@ -786,7 +796,9 @@ static int32_t cryptography_authenticate(uint8_t *data_out, size_t len_data_out, if (parse_result < 0) { status = CRYPTOGRAHPY_KMC_CRYPTO_JSON_PARSE_ERROR; +#ifdef DEBUG printf("Failed to parse JSON: %d\n", parse_result); +#endif return status; } @@ -869,7 +881,9 @@ static int32_t cryptography_authenticate(uint8_t *data_out, size_t len_data_out, if (http_code != 200) { status = CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_GENERIC_FAILURE; +#ifdef DEBUG fprintf(stderr, "KMC Crypto Failure Response:\n%s\n", chunk_write->response); +#endif return status; } json_idx++; @@ -1033,7 +1047,9 @@ static int32_t cryptography_validate_authentication(uint8_t *data_out, size_t le if (parse_result < 0) { status = CRYPTOGRAHPY_KMC_CRYPTO_JSON_PARSE_ERROR; +#ifdef DEBUG printf("Failed to parse JSON: %d\n", parse_result); +#endif return status; } @@ -1060,7 +1076,9 @@ static int32_t cryptography_validate_authentication(uint8_t *data_out, size_t le if (http_code != 200) { status = CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_GENERIC_FAILURE; +#ifdef DEBUG fprintf(stderr, "KMC Crypto Generic Failure Response:\n%s\n", chunk_write->response); +#endif return status; } json_idx++; @@ -1085,7 +1103,9 @@ static int32_t cryptography_validate_authentication(uint8_t *data_out, size_t le if (strcmp(result_str, "true") != 0) // KMC crypto service returns true string if ICV check succeeds. { status = CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_MAC_VALIDATION_ERROR; +#ifdef DEBUG fprintf(stderr, "KMC Crypto MAC Validation Failure Response:\n%s\n", chunk_write->response); +#endif return status; } continue; @@ -1094,7 +1114,9 @@ static int32_t cryptography_validate_authentication(uint8_t *data_out, size_t le if (http_status_found == CRYPTO_FALSE) { status = CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_GENERIC_FAILURE; +#ifdef DEBUG fprintf(stderr, "KMC Crypto Generic Failure Response:\n%s\n", chunk_write->response); +#endif return status; } @@ -1301,7 +1323,9 @@ static int32_t cryptography_aead_encrypt(uint8_t *data_out, size_t len_data_out, if (parse_result < 0) { status = CRYPTOGRAHPY_KMC_CRYPTO_JSON_PARSE_ERROR; +#ifdef DEBUG printf("Failed to parse JSON: %d\n", parse_result); +#endif if (iv_base64 != NULL) free(iv_base64); if (encrypt_uri != NULL) @@ -1413,7 +1437,9 @@ static int32_t cryptography_aead_encrypt(uint8_t *data_out, size_t len_data_out, if (http_code != 200) { status = CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_GENERIC_FAILURE; +#ifdef DEBUG fprintf(stderr, "KMC Crypto Failure Response:\n%s\n", chunk_write->response); +#endif if (iv_base64 != NULL) free(iv_base64); if (encrypt_uri != NULL) @@ -1687,7 +1713,9 @@ static int32_t cryptography_aead_decrypt(uint8_t *data_out, size_t len_data_out, if (parse_result < 0) { status = CRYPTOGRAHPY_KMC_CRYPTO_JSON_PARSE_ERROR; +#ifdef DEBUG printf("Failed to parse JSON: %d\n", parse_result); +#endif free(decrypt_payload); free(decrypt_uri); free(iv_base64); @@ -1736,7 +1764,9 @@ static int32_t cryptography_aead_decrypt(uint8_t *data_out, size_t len_data_out, if (http_code != 200) { status = CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_GENERIC_FAILURE; +#ifdef DEBUG fprintf(stderr, "KMC Crypto Failure Response:\n%s\n", chunk_write->response); +#endif free(chunk_read); free(chunk_write); free(http_code_str); @@ -2058,7 +2088,9 @@ static int32_t get_cam_sso_token() if (res != CURLE_OK) // This is not return code, this is successful response that's unusable! { status = CAM_GET_SSO_TOKEN_FAILURE; +#ifdef DEBUG fprintf(stderr, "curl_easy_perform() failed: %s\n", curl_easy_strerror(res)); +#endif // return status; } @@ -2155,8 +2187,10 @@ int32_t curl_response_error_check(CURL *curl_handle, char *response) if (response == NULL) // No response, possibly because service is CAM secured. { response_status = CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_EMPTY_RESPONSE; +#ifdef DEBUG fprintf(stderr, "curl_easy_perform() unexpected empty response: \n%s\n", "Empty Crypto Service response can be caused by CAM security, is CAM configured?"); +#endif return response_status; } @@ -2178,7 +2212,9 @@ int32_t curl_perform_with_cam_retries(CURL *curl_handle, memory_write *chunk_wri if (res != CURLE_OK) // This is not a response w/return code, this is something breaking! { status = CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_GENERIC_FAILURE; +#ifdef DEBUG fprintf(stderr, "curl_easy_perform() failed: %s\n", curl_easy_strerror(res)); +#endif break; // Go to Post retry loop cleanup and return status. } diff --git a/src/crypto/libgcrypt/cryptography_interface_libgcrypt.template.c b/src/crypto/libgcrypt/cryptography_interface_libgcrypt.template.c index 1b1cd884..689f66fb 100644 --- a/src/crypto/libgcrypt/cryptography_interface_libgcrypt.template.c +++ b/src/crypto/libgcrypt/cryptography_interface_libgcrypt.template.c @@ -88,13 +88,17 @@ static int32_t cryptography_init(void) // Initialize libgcrypt if (!gcry_check_version(GCRYPT_VERSION)) { +#ifdef DEBUG fprintf(stderr, "Gcrypt Version: %s", GCRYPT_VERSION); printf(KRED "\tERROR: gcrypt version mismatch! \n" RESET); +#endif } if (gcry_control(GCRYCTL_SELFTEST) != GPG_ERR_NO_ERROR) { status = CRYPTOGRAPHY_LIBRARY_INITIALIZIATION_ERROR; +#ifdef DEBUG printf(KRED "ERROR: gcrypt self test failed\n" RESET); +#endif } gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); @@ -143,8 +147,10 @@ static int32_t cryptography_authenticate( gcry_error = gcry_mac_open(&(tmp_mac_hd), algo, GCRY_MAC_FLAG_SECURE, NULL); if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR) { +#ifdef DEBUG printf(KRED "ERROR: gcry_mac_open error code %d\n" RESET, gcry_error & GPG_ERR_CODE_MASK); printf(KRED "Failure: %s/%s\n", gcry_strsource(gcry_error), gcry_strerror(gcry_error)); +#endif status = CRYPTO_LIB_ERR_LIBGCRYPT_ERROR; return status; } @@ -161,8 +167,10 @@ static int32_t cryptography_authenticate( #endif if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR) { +#ifdef DEBUG printf(KRED "ERROR: gcry_mac_setkey error code %d\n" RESET, gcry_error & GPG_ERR_CODE_MASK); printf(KRED "Failure: %s/%s\n", gcry_strsource(gcry_error), gcry_strerror(gcry_error)); +#endif status = CRYPTO_LIB_ERR_LIBGCRYPT_ERROR; gcry_mac_close(tmp_mac_hd); return status; @@ -174,8 +182,10 @@ static int32_t cryptography_authenticate( gcry_error = gcry_mac_setiv(tmp_mac_hd, iv, iv_len); if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR) { +#ifdef DEBUG printf(KRED "ERROR: gcry_mac_setiv error code %d\n" RESET, gcry_error & GPG_ERR_CODE_MASK); printf(KRED "Failure: %s/%s\n", gcry_strsource(gcry_error), gcry_strerror(gcry_error)); +#endif status = CRYPTO_LIB_ERROR; gcry_mac_close(tmp_mac_hd); return status; @@ -188,8 +198,10 @@ static int32_t cryptography_authenticate( ); if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR) { +#ifdef DEBUG printf(KRED "ERROR: gcry_mac_write error code %d\n" RESET, gcry_error & GPG_ERR_CODE_MASK); printf(KRED "Failure: %s/%s\n", gcry_strsource(gcry_error), gcry_strerror(gcry_error)); +#endif status = CRYPTO_LIB_ERROR; gcry_mac_close(tmp_mac_hd); return status; @@ -202,8 +214,10 @@ static int32_t cryptography_authenticate( ); if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR) { +#ifdef DEBUG printf(KRED "ERROR: gcry_mac_read error code %d\n" RESET, gcry_error & GPG_ERR_CODE_MASK); printf(KRED "Failure: %s/%s\n", gcry_strsource(gcry_error), gcry_strerror(gcry_error)); +#endif status = CRYPTO_LIB_ERR_MAC_RETRIEVAL_ERROR; gcry_mac_close(tmp_mac_hd); return status; @@ -253,8 +267,10 @@ static int32_t cryptography_validate_authentication(uint8_t *data_out, size_t le gcry_error = gcry_mac_open(&(tmp_mac_hd), algo, GCRY_MAC_FLAG_SECURE, NULL); if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR) { +#ifdef DEBUG printf(KRED "ERROR: gcry_mac_open error code %d\n" RESET, gcry_error & GPG_ERR_CODE_MASK); printf(KRED "Failure: %s/%s\n" RESET, gcry_strsource(gcry_error), gcry_strerror(gcry_error)); +#endif status = CRYPTO_LIB_ERR_LIBGCRYPT_ERROR; return status; } @@ -271,8 +287,10 @@ static int32_t cryptography_validate_authentication(uint8_t *data_out, size_t le #endif if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR) { +#ifdef DEBUG printf(KRED "ERROR: gcry_mac_setkey error code %d\n" RESET, gcry_error & GPG_ERR_CODE_MASK); printf(KRED "Failure: %s/%s\n" RESET, gcry_strsource(gcry_error), gcry_strerror(gcry_error)); +#endif gcry_mac_close(tmp_mac_hd); status = CRYPTO_LIB_ERR_LIBGCRYPT_ERROR; return status; @@ -283,8 +301,10 @@ static int32_t cryptography_validate_authentication(uint8_t *data_out, size_t le gcry_error = gcry_mac_setiv(tmp_mac_hd, iv, iv_len); if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR) { +#ifdef DEBUG printf(KRED "ERROR: gcry_mac_setiv error code %d\n" RESET, gcry_error & GPG_ERR_CODE_MASK); printf(KRED "Failure: %s/%s\n" RESET, gcry_strsource(gcry_error), gcry_strerror(gcry_error)); +#endif gcry_mac_close(tmp_mac_hd); status = CRYPTO_LIB_ERROR; return status; @@ -296,8 +316,10 @@ static int32_t cryptography_validate_authentication(uint8_t *data_out, size_t le ); if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR) { +#ifdef DEBUG printf(KRED "ERROR: gcry_mac_write error code %d\n" RESET, gcry_error & GPG_ERR_CODE_MASK); printf(KRED "Failure: %s/%s\n" RESET, gcry_strsource(gcry_error), gcry_strerror(gcry_error)); +#endif gcry_mac_close(tmp_mac_hd); status = CRYPTO_LIB_ERROR; return status; @@ -346,8 +368,10 @@ static int32_t cryptography_validate_authentication(uint8_t *data_out, size_t le ); if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR) { +#ifdef DEBUG printf(KRED "ERROR: gcry_mac_verify error code %d\n" RESET, gcry_error & GPG_ERR_CODE_MASK); printf(KRED "Failure: %s/%s\n" RESET, gcry_strsource(gcry_error), gcry_strerror(gcry_error)); +#endif gcry_mac_close(tmp_mac_hd); status = CRYPTO_LIB_ERR_MAC_VALIDATION_ERROR; return status; @@ -406,8 +430,10 @@ static int32_t cryptography_encrypt(uint8_t *data_out, size_t len_data_out, uint gcry_error = gcry_cipher_open(&(tmp_hd), algo, mode, GCRY_CIPHER_NONE); if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR) { +#ifdef DEBUG printf(KRED "ERROR: gcry_cipher_open error code %d\n" RESET, gcry_error & GPG_ERR_CODE_MASK); printf(KRED "Failure: %s/%s\n", gcry_strsource(gcry_error), gcry_strerror(gcry_error)); +#endif status = CRYPTO_LIB_ERR_LIBGCRYPT_ERROR; return status; } @@ -425,8 +451,10 @@ static int32_t cryptography_encrypt(uint8_t *data_out, size_t len_data_out, uint if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR) { +#ifdef DEBUG printf(KRED "ERROR: gcry_cipher_setkey error code %d\n" RESET, gcry_error & GPG_ERR_CODE_MASK); printf(KRED "Failure: %s/%s\n", gcry_strsource(gcry_error), gcry_strerror(gcry_error)); +#endif status = CRYPTO_LIB_ERR_LIBGCRYPT_ERROR; gcry_cipher_close(tmp_hd); return status; @@ -434,8 +462,10 @@ static int32_t cryptography_encrypt(uint8_t *data_out, size_t len_data_out, uint gcry_error = gcry_cipher_setiv(tmp_hd, iv, iv_len); if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR) { +#ifdef DEBUG printf(KRED "ERROR: gcry_cipher_setiv error code %d\n" RESET, gcry_error & GPG_ERR_CODE_MASK); printf(KRED "Failure: %s/%s\n", gcry_strsource(gcry_error), gcry_strerror(gcry_error)); +#endif status = CRYPTO_LIB_ERR_LIBGCRYPT_ERROR; gcry_cipher_close(tmp_hd); return status; @@ -456,8 +486,10 @@ static int32_t cryptography_encrypt(uint8_t *data_out, size_t len_data_out, uint if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR) { +#ifdef DEBUG printf(KRED "ERROR: gcry_cipher_encrypt error code %d\n" RESET, gcry_error & GPG_ERR_CODE_MASK); printf(KRED "Failure: %s/%s\n", gcry_strsource(gcry_error), gcry_strerror(gcry_error)); +#endif status = CRYPTO_LIB_ERR_ENCRYPTION_ERROR; gcry_cipher_close(tmp_hd); return status; @@ -520,8 +552,10 @@ int32_t cryptography_gcry_setup(int32_t mode, int32_t algo, gcry_cipher_hd_t *tm } if ((*gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR) { +#ifdef DEBUG printf(KRED "ERROR: gcry_cipher_open error code %d\n" RESET, *gcry_error & GPG_ERR_CODE_MASK); printf(KRED "Failure: %s/%s\n", gcry_strsource(*gcry_error), gcry_strerror(*gcry_error)); +#endif status = CRYPTO_LIB_ERR_LIBGCRYPT_ERROR; return status; } @@ -538,8 +572,10 @@ int32_t cryptography_gcry_setup(int32_t mode, int32_t algo, gcry_cipher_hd_t *tm if ((*gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR) { +#ifdef DEBUG printf(KRED "ERROR: gcry_cipher_setkey error code %d\n" RESET, *gcry_error & GPG_ERR_CODE_MASK); printf(KRED "Failure: %s/%s\n", gcry_strsource(*gcry_error), gcry_strerror(*gcry_error)); +#endif status = CRYPTO_LIB_ERR_LIBGCRYPT_ERROR; gcry_cipher_close(*tmp_hd); return status; @@ -547,8 +583,10 @@ int32_t cryptography_gcry_setup(int32_t mode, int32_t algo, gcry_cipher_hd_t *tm *gcry_error = gcry_cipher_setiv(*tmp_hd, iv, iv_len); if ((*gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR) { +#ifdef DEBUG printf(KRED "ERROR: gcry_cipher_setiv error code %d\n" RESET, *gcry_error & GPG_ERR_CODE_MASK); printf(KRED "Failure: %s/%s\n", gcry_strsource(*gcry_error), gcry_strerror(*gcry_error)); +#endif status = CRYPTO_LIB_ERR_LIBGCRYPT_ERROR; gcry_cipher_close(*tmp_hd); return status; @@ -610,8 +648,10 @@ static int32_t cryptography_aead_encrypt( ); if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR) { +#ifdef DEBUG printf(KRED "ERROR: gcry_cipher_authenticate error code %d\n" RESET, gcry_error & GPG_ERR_CODE_MASK); printf(KRED "Failure: %s/%s\n", gcry_strsource(gcry_error), gcry_strerror(gcry_error)); +#endif status = CRYPTO_LIB_ERR_AUTHENTICATION_ERROR; gcry_cipher_close(tmp_hd); return status; @@ -641,8 +681,10 @@ static int32_t cryptography_aead_encrypt( } if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR) { +#ifdef DEBUG printf(KRED "ERROR: gcry_cipher_encrypt error code %d\n" RESET, gcry_error & GPG_ERR_CODE_MASK); printf(KRED "Failure: %s/%s\n", gcry_strsource(gcry_error), gcry_strerror(gcry_error)); +#endif status = CRYPTO_LIB_ERR_ENCRYPTION_ERROR; gcry_cipher_close(tmp_hd); return status; @@ -666,8 +708,10 @@ static int32_t cryptography_aead_encrypt( ); if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR) { +#ifdef DEBUG printf(KRED "ERROR: gcry_cipher_checktag error code %d\n" RESET, gcry_error & GPG_ERR_CODE_MASK); printf(KRED "Failure: %s/%s\n", gcry_strsource(gcry_error), gcry_strerror(gcry_error)); +#endif status = CRYPTO_LIB_ERR_MAC_RETRIEVAL_ERROR; gcry_cipher_close(tmp_hd); return status; @@ -729,16 +773,20 @@ static int32_t cryptography_decrypt(uint8_t *data_out, size_t len_data_out, uint gcry_error = gcry_cipher_open(&(tmp_hd), algo, mode, GCRY_CIPHER_NONE); if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR) { +#ifdef DEBUG printf(KRED "ERROR: gcry_cipher_open error code %d\n" RESET, gcry_error & GPG_ERR_CODE_MASK); printf(KRED "Failure: %s/%s\n", gcry_strsource(gcry_error), gcry_strerror(gcry_error)); +#endif status = CRYPTO_LIB_ERR_LIBGCRYPT_ERROR; return status; } gcry_error = gcry_cipher_setkey(tmp_hd, key_ptr, len_key); if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR) { +#ifdef DEBUG printf(KRED "ERROR: gcry_cipher_setkey error code %d\n" RESET, gcry_error & GPG_ERR_CODE_MASK); printf(KRED "Failure: %s/%s\n", gcry_strsource(gcry_error), gcry_strerror(gcry_error)); +#endif gcry_cipher_close(tmp_hd); status = CRYPTO_LIB_ERR_LIBGCRYPT_ERROR; return status; @@ -747,8 +795,10 @@ static int32_t cryptography_decrypt(uint8_t *data_out, size_t len_data_out, uint gcry_error = gcry_cipher_setiv(tmp_hd, iv, iv_len); if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR) { +#ifdef DEBUG printf(KRED "ERROR: gcry_cipher_setiv error code %d\n" RESET, gcry_error & GPG_ERR_CODE_MASK); printf(KRED "Failure: %s/%s\n", gcry_strsource(gcry_error), gcry_strerror(gcry_error)); +#endif gcry_cipher_close(tmp_hd); status = CRYPTO_LIB_ERR_LIBGCRYPT_ERROR; return status; @@ -762,7 +812,9 @@ static int32_t cryptography_decrypt(uint8_t *data_out, size_t len_data_out, uint ); if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR) { +#ifdef DEBUG printf(KRED "ERROR: gcry_cipher_decrypt error code %d\n" RESET, gcry_error & GPG_ERR_CODE_MASK); +#endif gcry_cipher_close(tmp_hd); status = CRYPTO_LIB_ERR_DECRYPT_ERROR; return status; @@ -813,7 +865,9 @@ static int32_t cryptography_aead_decrypt(uint8_t *data_out, size_t len_data_out, // Sanity check for future developers if (algo != GCRY_CIPHER_AES256) { +#ifdef DEBUG printf(KRED "Warning - only AES256 supported for AEAD decrypt - exiting!\n" RESET); +#endif status = CRYPTO_LIB_ERR_UNSUPPORTED_ECS; return status; } @@ -821,16 +875,20 @@ static int32_t cryptography_aead_decrypt(uint8_t *data_out, size_t len_data_out, gcry_error = gcry_cipher_open(&(tmp_hd), GCRY_CIPHER_AES256, mode, GCRY_CIPHER_NONE); if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR) { +#ifdef DEBUG printf(KRED "ERROR: gcry_cipher_open error code %d\n" RESET, gcry_error & GPG_ERR_CODE_MASK); printf(KRED "Failure: %s/%s\n", gcry_strsource(gcry_error), gcry_strerror(gcry_error)); +#endif status = CRYPTO_LIB_ERR_LIBGCRYPT_ERROR; return status; } gcry_error = gcry_cipher_setkey(tmp_hd, key_ptr, len_key); if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR) { +#ifdef DEBUG printf(KRED "ERROR: gcry_cipher_setkey error code %d\n" RESET, gcry_error & GPG_ERR_CODE_MASK); printf(KRED "Failure: %s/%s\n", gcry_strsource(gcry_error), gcry_strerror(gcry_error)); +#endif gcry_cipher_close(tmp_hd); status = CRYPTO_LIB_ERR_LIBGCRYPT_ERROR; return status; @@ -838,8 +896,10 @@ static int32_t cryptography_aead_decrypt(uint8_t *data_out, size_t len_data_out, gcry_error = gcry_cipher_setiv(tmp_hd, iv, iv_len); if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR) { +#ifdef DEBUG printf(KRED "ERROR: gcry_cipher_setiv error code %d\n" RESET, gcry_error & GPG_ERR_CODE_MASK); printf(KRED "Failure: %s/%s\n", gcry_strsource(gcry_error), gcry_strerror(gcry_error)); +#endif gcry_cipher_close(tmp_hd); status = CRYPTO_LIB_ERR_LIBGCRYPT_ERROR; return status; @@ -853,8 +913,10 @@ static int32_t cryptography_aead_decrypt(uint8_t *data_out, size_t len_data_out, ); if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR) { +#ifdef DEBUG printf(KRED "ERROR: gcry_cipher_authenticate error code %d\n" RESET, gcry_error & GPG_ERR_CODE_MASK); printf(KRED "Failure: %s/%s\n", gcry_strsource(gcry_error), gcry_strerror(gcry_error)); +#endif gcry_cipher_close(tmp_hd); status = CRYPTO_LIB_ERR_AUTHENTICATION_ERROR; return status; @@ -875,8 +937,10 @@ static int32_t cryptography_aead_decrypt(uint8_t *data_out, size_t len_data_out, ); if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR) { +#ifdef DEBUG printf(KRED "ERROR: gcry_cipher_decrypt error code %d\n" RESET, gcry_error & GPG_ERR_CODE_MASK); printf(KRED "Failure: %s/%s\n", gcry_strsource(gcry_error), gcry_strerror(gcry_error)); +#endif gcry_cipher_close(tmp_hd); status = CRYPTO_LIB_ERR_DECRYPT_ERROR; return status; @@ -891,8 +955,10 @@ static int32_t cryptography_aead_decrypt(uint8_t *data_out, size_t len_data_out, if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR) { +#ifdef DEBUG printf(KRED "ERROR: gcry_cipher_decrypt error code %d\n" RESET, gcry_error & GPG_ERR_CODE_MASK); printf(KRED "Failure: %s/%s\n", gcry_strsource(gcry_error), gcry_strerror(gcry_error)); +#endif gcry_cipher_close(tmp_hd); status = CRYPTO_LIB_ERR_DECRYPT_ERROR; return status; @@ -929,8 +995,10 @@ static int32_t cryptography_aead_decrypt(uint8_t *data_out, size_t len_data_out, if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR) { +#ifdef DEBUG printf(KRED "ERROR: gcry_cipher_checktag error code %d\n" RESET, gcry_error & GPG_ERR_CODE_MASK); printf(KRED "Failure: %s/%s\n", gcry_strsource(gcry_error), gcry_strerror(gcry_error)); +#endif gcry_cipher_close(tmp_hd); status = CRYPTO_LIB_ERR_MAC_VALIDATION_ERROR; return status; diff --git a/src/crypto/wolfssl/cryptography_interface_wolfssl.template.c b/src/crypto/wolfssl/cryptography_interface_wolfssl.template.c index ab8faa61..f434e085 100644 --- a/src/crypto/wolfssl/cryptography_interface_wolfssl.template.c +++ b/src/crypto/wolfssl/cryptography_interface_wolfssl.template.c @@ -102,7 +102,9 @@ static int32_t cryptography_init(void) if (LIBWOLFSSL_VERSION_HEX != wolfSSL_lib_version_hex()) { status = CRYPTOGRAPHY_LIBRARY_INITIALIZIATION_ERROR; +#ifdef DEBUG printf(KRED "ERROR: wolfssl version mismatch!\n" RESET); +#endif } return status; diff --git a/src/mc/internal/mc_interface_internal.template.c b/src/mc/internal/mc_interface_internal.template.c index d104e891..66459775 100644 --- a/src/mc/internal/mc_interface_internal.template.c +++ b/src/mc/internal/mc_interface_internal.template.c @@ -47,7 +47,9 @@ static int32_t mc_initialize(void) if (mc_file_ptr == NULL) { status = CRYPTO_LIB_ERR_MC_INIT; +#ifdef DEBUG printf(KRED "ERROR: Monitoring and control initialization - internal failed\n" RESET); +#endif } return status; diff --git a/src/sa/internal/sa_interface_inmemory.template.c b/src/sa/internal/sa_interface_inmemory.template.c index bddabad7..b1d195d8 100644 --- a/src/sa/internal/sa_interface_inmemory.template.c +++ b/src/sa/internal/sa_interface_inmemory.template.c @@ -130,13 +130,13 @@ int32_t update_sa_from_ptr(SecurityAssociation_t *sa_ptr) { return CRYPTO_LIB_ERR_NULL_SA; } - - int location = sa_ptr->spi; + + int location = sa_ptr->spi; if (location < 0 || location >= NUM_SA) { return CRYPTO_LIB_ERR_SPI_INDEX_OOB; } - + sa[location].spi = sa_ptr->spi; sa[location].ekid = sa_ptr->ekid; sa[location].akid = sa_ptr->akid; @@ -172,7 +172,7 @@ int32_t update_sa_from_ptr(SecurityAssociation_t *sa_ptr) } sa[location].arsnw_len = sa_ptr->arsnw_len; sa[location].arsnw = sa_ptr->arsnw; - + return CRYPTO_LIB_SUCCESS; } @@ -567,6 +567,24 @@ int32_t sa_populate(void) sa[15].gvcid_blk.vcid = 7; sa[15].gvcid_blk.mapid = TYPE_TC; + // TC - Operational + sa[63].spi = 63; + sa[63].ekid = 63; + sa[63].sa_state = SA_OPERATIONAL; + sa[63].ecs = CRYPTO_CIPHER_NONE; + sa[63].est = 0; + sa[63].ast = 0; + sa[63].shivf_len = 0; + sa[63].iv_len = 0; + sa[63].shsnf_len = 0; + sa[63].arsnw = 5; + sa[63].arsnw_len = 1; + sa[63].arsn_len = 0; + sa[63].gvcid_blk.tfvn = 0; + sa[63].gvcid_blk.scid = SCID & 0x3FF; + sa[63].gvcid_blk.vcid = 7; + sa[63].gvcid_blk.mapid = TYPE_TC; + int32_t status = sa_perform_save(&sa[0]); return status; } @@ -1030,7 +1048,9 @@ static int32_t sa_start(TC_t *tc_frame) int i; int num_gvcid = (((sdls_frame.tlv_pdu.hdr.pdu_len / 8) - 2) / 4); +#ifdef SA_DEBUG printf("\nParsed GVCID: %d\n", num_gvcid); +#endif // Read ingest spi = ((uint8_t)sdls_frame.tlv_pdu.data[0] << 8) | (uint8_t)sdls_frame.tlv_pdu.data[1]; @@ -1069,7 +1089,6 @@ static int32_t sa_start(TC_t *tc_frame) } count += 4; - printf("\tMAPID: %d\n", gvcid.mapid); // TC if (gvcid.vcid != tc_frame->tc_header.vcid) @@ -1299,7 +1318,7 @@ static int32_t sa_rekey(TC_t *tc_frame) ((uint8_t)sdls_frame.tlv_pdu.data[count] << BYTE_LEN) | (uint8_t)sdls_frame.tlv_pdu.data[count + 1]; count = count + 2; - // Anti-Replay Seq Num + // IV #ifdef PDU_DEBUG printf("SPI %d IV updated to: 0x", spi); #endif @@ -1466,8 +1485,8 @@ static int32_t sa_create(TC_t *tc_frame) { temp_sa->ecs = ((uint8_t)sdls_frame.tlv_pdu.data[count++]); } - temp_sa->shivf_len = ((uint8_t)sdls_frame.tlv_pdu.data[count++]); - for (x = 0; x < temp_sa->shivf_len; x++) + temp_sa->iv_len = ((uint8_t)sdls_frame.tlv_pdu.data[count++]); + for (x = 0; x < temp_sa->iv_len; x++) { temp_sa->iv[x] = ((uint8_t)sdls_frame.tlv_pdu.data[count++]); } @@ -1477,7 +1496,7 @@ static int32_t sa_create(TC_t *tc_frame) temp_sa->acs = ((uint8_t)sdls_frame.tlv_pdu.data[count++]); } temp_sa->abm_len = - (uint8_t)((sdls_frame.tlv_pdu.data[count] << BYTE_LEN) | (sdls_frame.tlv_pdu.data[count + 1])); + (uint16_t)((sdls_frame.tlv_pdu.data[count] << BYTE_LEN) | (sdls_frame.tlv_pdu.data[count + 1])); count = count + 2; for (x = 0; x < temp_sa->abm_len; x++) { @@ -1486,12 +1505,13 @@ static int32_t sa_create(TC_t *tc_frame) temp_sa->arsn_len = ((uint8_t)sdls_frame.tlv_pdu.data[count++]); for (x = 0; x < temp_sa->arsn_len; x++) { - *(temp_sa->arsn + x) = ((uint8_t)sdls_frame.tlv_pdu.data[count++]); + temp_sa->arsn[x] = ((uint8_t)sdls_frame.tlv_pdu.data[count++]); } temp_sa->arsnw_len = ((uint8_t)sdls_frame.tlv_pdu.data[count++]); for (x = 0; x < temp_sa->arsnw_len; x++) { - temp_sa->arsnw = temp_sa->arsnw | (((uint8_t)sdls_frame.tlv_pdu.data[count++]) << (temp_sa->arsnw_len - x)); + temp_sa->arsnw = + temp_sa->arsnw | (((uint8_t)sdls_frame.tlv_pdu.data[count++]) << ((temp_sa->arsnw_len - 1 - x) * 8)); } // Set state to unkeyed @@ -1503,33 +1523,33 @@ static int32_t sa_create(TC_t *tc_frame) if (status == CRYPTO_LIB_SUCCESS) { // Copy data from temp_sa to sa[spi] - sa[spi].lpid = temp_sa->lpid; - sa[spi].est = temp_sa->est; - sa[spi].ast = temp_sa->ast; - sa[spi].shivf_len = temp_sa->shivf_len; - sa[spi].shsnf_len = temp_sa->shsnf_len; - sa[spi].shplf_len = temp_sa->shplf_len; - sa[spi].stmacf_len = temp_sa->stmacf_len; - sa[spi].ecs_len = temp_sa->ecs_len; - sa[spi].ecs = temp_sa->ecs; + sa[spi].lpid = (*temp_sa).lpid; + sa[spi].est = (*temp_sa).est; + sa[spi].ast = (*temp_sa).ast; + sa[spi].shivf_len = (*temp_sa).shivf_len; + sa[spi].shsnf_len = (*temp_sa).shsnf_len; + sa[spi].shplf_len = (*temp_sa).shplf_len; + sa[spi].stmacf_len = (*temp_sa).stmacf_len; + sa[spi].ecs_len = (*temp_sa).ecs_len; + sa[spi].ecs = (*temp_sa).ecs; for (x = 0; x < sa[spi].shivf_len; x++) { - sa[spi].iv[x] = temp_sa->iv[x]; + sa[spi].iv[x] = (*temp_sa).iv[x]; } - sa[spi].acs = temp_sa->acs; - sa[spi].abm_len = temp_sa->abm_len; + sa[spi].acs = (*temp_sa).acs; + sa[spi].abm_len = (*temp_sa).abm_len; for (x = 0; x < sa[spi].abm_len; x++) { - sa[spi].abm[x] = temp_sa->abm[x]; + sa[spi].abm[x] = (*temp_sa).abm[x]; } - sa[spi].arsn_len = temp_sa->arsn_len; + sa[spi].arsn_len = (*temp_sa).arsn_len; for (x = 0; x < sa[spi].arsn_len; x++) { - *(sa[spi].arsn + x) = *(temp_sa->arsn + x); + sa[spi].arsn[x] = (*temp_sa).arsn[x]; } - sa[spi].arsnw_len = temp_sa->arsnw_len; - sa[spi].arsnw = temp_sa->arsnw; - sa[spi].sa_state = temp_sa->sa_state; + sa[spi].arsnw_len = (*temp_sa).arsnw_len; + sa[spi].arsnw = (*temp_sa).arsnw; + sa[spi].sa_state = (*temp_sa).sa_state; } #ifdef PDU_DEBUG @@ -1651,10 +1671,11 @@ static int32_t sa_delete(TC_t *tc_frame) static int32_t sa_setARSN(TC_t *tc_frame) { // Local variables - uint16_t spi = 0x0000; - uint16_t control_spi = 0x0000; - int32_t status = CRYPTO_LIB_SUCCESS; - int x; + uint16_t spi = 0x0000; + uint16_t control_spi = 0x0000; + int32_t status = CRYPTO_LIB_SUCCESS; + SecurityAssociation_t *temp_sa = NULL; + int x; // Read ingest spi = ((uint8_t)sdls_frame.tlv_pdu.data[0] << BYTE_LEN) | (uint8_t)sdls_frame.tlv_pdu.data[1]; @@ -1675,17 +1696,18 @@ static int32_t sa_setARSN(TC_t *tc_frame) // Check SPI exists if (spi < NUM_SA) { + sa_if->sa_get_from_spi(spi, &temp_sa); // Check if Auth or Auth Enc - if ((sa[spi].est == 1 && sa[spi].ast == 1) || sa[spi].ast == 1) + if ((temp_sa->est == 1 && temp_sa->ast == 1) || temp_sa->ast == 1) { // Set SN #ifdef PDU_DEBUG printf("SPI %d ARSN updated to: 0x", spi); #endif - for (x = 0; x < sa[spi].arsn_len; x++) + for (x = 0; x < temp_sa->arsn_len; x++) { - *(sa[spi].arsn + x) = (uint8_t)sdls_frame.tlv_pdu.data[x + 2]; + temp_sa->arsn[x] = (uint8_t)sdls_frame.tlv_pdu.data[x + 2]; #ifdef PDU_DEBUG - printf("%02x", *(sa[spi].arsn + x)); + printf("%02x", temp_sa->arsn[x]); #endif } #ifdef PDU_DEBUG @@ -1695,13 +1717,15 @@ static int32_t sa_setARSN(TC_t *tc_frame) else { #ifdef PDU_DEBUG - printf("Failed setARSN on SPI %d, ECS %d, ACS %d\n", spi, sa[spi].ecs, sa[spi].acs); + printf("Failed setARSN on SPI %d, ECS %d, ACS %d\n", spi, temp_sa->ecs, temp_sa->acs); #endif } } else { +#ifdef PDU_DEBUG printf("sa_setARSN ERROR: SPI %d does not exist.\n", spi); +#endif } return CRYPTO_LIB_SUCCESS; @@ -1745,7 +1769,7 @@ static int32_t sa_setARSNW(TC_t *tc_frame) sa[spi].arsnw = (((uint8_t)sdls_frame.tlv_pdu.data[2])); #ifdef PDU_DEBUG - printf("ARSN set to: %d\n", sa[spi].arsnw); + printf("ARSNW set to: %d\n", sa[spi].arsnw); #endif } else @@ -1785,12 +1809,17 @@ static int32_t sa_status(uint8_t *ingest) // Check SPI exists if (spi < NUM_SA) { - // printf("SIZE: %ld\n", SDLS_SA_STATUS_RPLY_SIZE); + // Prepare for Reply sdls_frame.tlv_pdu.hdr.pdu_len = SDLS_SA_STATUS_RPLY_SIZE * BYTE_LEN; - sdls_frame.hdr.pkt_length = - CCSDS_HDR_SIZE + ECSS_PUS_SIZE + SDLS_TLV_HDR_SIZE + (sdls_frame.tlv_pdu.hdr.pdu_len / BYTE_LEN) - 1; - count = Crypto_Prep_Reply(sdls_ep_reply, CRYPTOLIB_APPID); + + sdls_frame.hdr.pkt_length = SDLS_TLV_HDR_SIZE + SDLS_SA_STATUS_RPLY_SIZE - 1; + if (crypto_config.has_pus_hdr == TC_HAS_PUS_HDR) + { + sdls_frame.hdr.pkt_length += ECSS_PUS_SIZE; + } + + count = Crypto_Prep_Reply(sdls_ep_reply, CRYPTOLIB_APPID + SA_STATUS_OFFSET); // PDU sdls_ep_reply[count++] = (spi & 0xFF00) >> BYTE_LEN; sdls_ep_reply[count++] = (spi & 0x00FF); @@ -1798,7 +1827,9 @@ static int32_t sa_status(uint8_t *ingest) } else { +#ifdef SA_DEBUG printf("sa_status ERROR: SPI %d does not exist.\n", spi); +#endif status = CRYPTO_LIB_ERR_SPI_INDEX_OOB; } diff --git a/support/CMakeLists.txt b/support/CMakeLists.txt index 86061045..be9b57a3 100644 --- a/support/CMakeLists.txt +++ b/support/CMakeLists.txt @@ -25,4 +25,7 @@ target_compile_definitions(standalone PUBLIC $<$:STANDALONE_TCP=1> $<$>:STANDALONE_TCP=0> ) + +set_target_properties(standalone PROPERTIES PUBLIC_HEADER "./standalone/standalone.h") + target_link_libraries(standalone crypto pthread) diff --git a/support/standalone/standalone.c b/support/standalone/standalone.c index 4ebac6ff..561e0d66 100644 --- a/support/standalone/standalone.c +++ b/support/standalone/standalone.c @@ -23,6 +23,14 @@ #include "standalone.h" +#define _POSIX_C_SOURCE 200809L +#include +#include +#include +#include +#include +#include + /* ** Global Variables */ @@ -30,14 +38,33 @@ static volatile uint8_t keepRunning = CRYPTO_LIB_SUCCESS; static volatile uint8_t tc_seq_num = 0; -static volatile uint8_t tc_vcid = CRYPTO_STANDALONE_FRAMING_VCID; static volatile uint8_t tc_debug = 1; static volatile uint8_t tm_debug = 0; static volatile uint8_t crypto_use_tcp = STANDALONE_TCP ? 1 : 0; +static volatile uint8_t tc_vcid = CRYPTO_STANDALONE_FRAMING_VCID; /* ** Functions */ +int32_t crypto_reset(void) +{ + int32_t status; + + status = Crypto_Shutdown(); + if (status != CRYPTO_LIB_SUCCESS) + { + printf("CryptoLib shutdown failed with error %d \n", status); + } + + status = Crypto_SC_Init(); + if (status != CRYPTO_LIB_SUCCESS) + { + printf("CryptoLib initialization failed with error %d \n", status); + } + + return status; +} + int32_t crypto_standalone_check_number_arguments(int actual, int expected) { int32_t status = CRYPTO_LIB_SUCCESS; @@ -78,7 +105,8 @@ void crypto_standalone_print_help(void) int32_t crypto_standalone_get_command(const char *str) { int32_t status = CRYPTO_CMD_UNKNOWN; - char lcmd[CRYPTO_MAX_INPUT_TOKEN_SIZE]; + str = str; + char lcmd[CRYPTO_MAX_INPUT_TOKEN_SIZE]; strncpy(lcmd, str, CRYPTO_MAX_INPUT_TOKEN_SIZE); crypto_standalone_to_lower(lcmd); @@ -407,7 +435,8 @@ int32_t crypto_standalone_socket_init(udp_info_t *sock, int32_t port, uint8_t bi else { // UDP: bind only if needed - if (bind_sock == 0 && sock->port != TM_PROCESS_FWD_PORT && sock->port != TC_APPLY_FWD_PORT) + if (bind_sock == 0 && sock->port != TM_PROCESS_FWD_PORT && sock->port != TC_APPLY_FWD_PORT && + sock->port != 6061) { status = bind(sock->sockfd, (struct sockaddr *)&sock->saddr, sizeof(sock->saddr)); if (status != 0) @@ -428,6 +457,17 @@ int32_t crypto_standalone_socket_init(udp_info_t *sock, int32_t port, uint8_t bi { perror("bind"); + printf("udp_init: Bind failed on port %d\n", sock->port); + return CRYPTO_LIB_ERROR; + } + } + else if (bind_sock == 1 && sock->port == 6061) + { + status = bind(sock->sockfd, (struct sockaddr *)&sock->saddr, sizeof(sock->saddr)); + if (status != 0) + { + perror("bind"); + printf("udp_init: Bind failed on port %d\n", sock->port); return CRYPTO_LIB_ERROR; } @@ -443,25 +483,6 @@ int32_t crypto_standalone_socket_init(udp_info_t *sock, int32_t port, uint8_t bi return status; } -int32_t crypto_reset(void) -{ - int32_t status; - - status = Crypto_Shutdown(); - if (status != CRYPTO_LIB_SUCCESS) - { - printf("CryptoLib initialization failed with error %d \n", status); - } - - status = Crypto_SC_Init(); - if (status != CRYPTO_LIB_SUCCESS) - { - printf("CryptoLib initialization failed with error %d \n", status); - } - - return status; -} - void crypto_standalone_tc_frame(uint8_t *in_data, uint16_t in_length, uint8_t *out_data, uint16_t *out_length) { /* TC Length */ @@ -477,6 +498,7 @@ void crypto_standalone_tc_frame(uint8_t *in_data, uint16_t in_length, uint8_t *o *out_length = CRYPTO_STANDALONE_FRAMING_TC_DATA_LEN + 6; } + // printf("VCID: %d\n", read_vcid()); /* TC Header */ out_data[0] = 0x20; out_data[1] = CRYPTO_STANDALONE_FRAMING_SCID; @@ -524,7 +546,7 @@ void *crypto_standalone_tc_apply(void *socks) if (status != -1) { tc_in_len = status; - if (tc_debug == 1) + if (tc_debug) { printf("crypto_standalone_tc_apply - received[%d]: 0x", tc_in_len); for (int i = 0; i < status; i++) @@ -540,7 +562,7 @@ void *crypto_standalone_tc_apply(void *socks) memcpy(tc_apply_in, tc_framed, tc_out_len); tc_in_len = tc_out_len; tc_out_len = 0; - if (tc_debug == 1) + if (tc_debug) { printf("crypto_standalone_tc_apply - framed[%d]: 0x", tc_in_len); for (int i = 0; i < tc_in_len; i++) @@ -555,7 +577,7 @@ void *crypto_standalone_tc_apply(void *socks) status = Crypto_TC_ApplySecurity(tc_apply_in, tc_in_len, &tc_out_ptr, &tc_out_len); if (status == CRYPTO_LIB_SUCCESS) { - if (tc_debug == 1) + if (tc_debug) { printf("crypto_standalone_tc_apply - status = %d, encrypted[%d]: 0x", status, tc_out_len); for (int i = 0; i < tc_out_len; i++) @@ -593,7 +615,7 @@ void *crypto_standalone_tc_apply(void *socks) tc_out_len = 0; if (!tc_out_ptr) free(tc_out_ptr); - if (tc_debug == 1) + if (tc_debug) { #ifdef CRYPTO_STANDALONE_TC_APPLY_DEBUG printf("\n"); @@ -645,7 +667,7 @@ void crypto_standalone_tm_frame(uint8_t *in_data, uint16_t in_length, uint8_t *o void crypto_standalone_tm_debug_recv(int32_t status, int tm_process_len, uint8_t *tm_process_in) { - if (tm_debug == 1) + if (tm_debug) { printf("crypto_standalone_tm_process - received[%d]: 0x", tm_process_len); for (int i = 0; i < status; i++) @@ -658,7 +680,7 @@ void crypto_standalone_tm_debug_recv(int32_t status, int tm_process_len, uint8_t void crypto_standalone_tm_debug_process(uint8_t *tm_process_in) { - if (tm_debug == 1) + if (tm_debug) { printf("Printing first bytes of Tf Pri Hdr:\n\t"); for (int i = 0; i < 6; i++) @@ -795,7 +817,7 @@ void *crypto_standalone_tm_process(void *socks) printf("Crypto_TM_ProcessSecurity Failed with status = %d\n", status); } #else - if (tm_debug == 1) + if (tm_debug) { printf("Processing frame without ASM...\n"); } @@ -807,7 +829,7 @@ void *crypto_standalone_tm_process(void *socks) #endif if (status == CRYPTO_LIB_SUCCESS) { - if (tm_debug == 1) + if (tm_debug) { if ((tm_ptr[4] == 0x07) && (tm_ptr[5] == 0xFF)) { @@ -837,7 +859,7 @@ void *crypto_standalone_tm_process(void *socks) tm_process_len = tm_framed_len; tm_framed_len = 0; - if (tm_debug == 1) + if (tm_debug) // Note: Need logic to allow broken packet assembly { printf("crypto_standalone_tm_process: 2 - beginning after first header pointer - deframed[%d]: 0x", @@ -894,6 +916,181 @@ void crypto_standalone_cleanup(const int signal) return; } +int32_t crypto_standalone_set_vcid(uint8_t *cmd_in) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + uint8_t vcid = cmd_in[0]; + /* Confirm new VCID valid */ + if (vcid < 64) + { + SaInterface sa_if = get_sa_interface_inmemory(); + SecurityAssociation_t *test_association = NULL; + + status = sa_if->sa_get_operational_sa_from_gvcid(0, SCID, vcid, 0, &test_association); + if (status != CRYPTO_LIB_SUCCESS) + { + return status; + } + Crypto_saPrint(test_association); + + if ((test_association->sa_state == SA_OPERATIONAL) && (test_association->gvcid_blk.mapid == TYPE_TC) && + (test_association->gvcid_blk.scid == SCID)) + { + tc_vcid = vcid; + printf("Changed active virtual channel (VCID) to %d \n", vcid); + } + else + { + printf("Error - virtual channel (VCID) %d invalid! Sticking with prior vcid %d\n", vcid, tc_vcid); + status = CRYPTO_LIB_SUCCESS; + } + } + else + { + printf("Error - virtual channel (VCID) %d must be less than 64! Sticking with prior vcid %d\n", vcid, tc_vcid); + } + return status; +} + +int32_t crypto_standalone_direct_process_command(uint8_t *cmd_in) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + + if ((cmd_in[0] << 8 | cmd_in[1]) != 0x1980) + { + status = CRYPTO_LIB_ERROR; + return status; + } + + // Parse CMD ID + uint8_t cmd = cmd_in[2]; + + switch (cmd) + { + case CRYPTO_CMD_EXIT: + printf("Exit command received\n"); + keepRunning = CRYPTO_LIB_ERROR; + break; + + case CRYPTO_CMD_NOOP: + printf("NOOP command received\n"); + break; + + case CRYPTO_CMD_RESET: + printf("Reset command received\n"); + status = crypto_reset(); + break; + + case CRYPTO_CMD_VCID: + printf("VCID command received\n"); + status = crypto_standalone_set_vcid(&cmd_in[3]); + break; + + case CRYPTO_CMD_TC_DEBUG: + printf("TC Debug command received\n"); + + if (tc_debug == 0) + { + tc_debug = 1; + printf("Enabled TC debug prints! \n"); + } + else + { + tc_debug = 0; + printf("Disabled TC debug prints! \n"); + } + break; + + case CRYPTO_CMD_TM_DEBUG: + printf("TM Debug command received\n"); + + if (tm_debug == 0) + { + tm_debug = 1; + printf("Enabled TM debug prints! \n"); + } + else + { + tm_debug = 0; + printf("Disabled TM debug prints! \n"); + } + break; + + case CRYPTO_CMD_ACTIVE: + printf("Active command received\n"); + // TODO + break; + + default: + printf("CMD not recognized\n"); + status = CRYPTO_LIB_ERROR; + break; + } + return status; +} + +void *crypto_standalone_direct_command(void *socks) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + + udp_interface_t *cmd_socks = (udp_interface_t *)socks; + udp_info_t *cmd_sock = &cmd_socks->read; + udp_info_t *tlm_sock = &cmd_socks->write; + int sockaddr_size = sizeof(struct sockaddr_in); + + uint8_t cmd_in[TC_MAX_FRAME_SIZE]; + uint16_t cmd_in_len = 0; + uint8_t tlm_out[TC_MAX_FRAME_SIZE]; + uint16_t tlm_out_len = 0; + + memset(cmd_in, 0x00, sizeof(cmd_in)); + + while (keepRunning == CRYPTO_LIB_SUCCESS) + { + // /* Receive */ + status = recvfrom(cmd_sock->sockfd, cmd_in, sizeof(cmd_in), 0, (struct sockaddr *)&cmd_sock->ip_address, + (socklen_t *)&sockaddr_size); + if (status != -1) + { + cmd_in_len = status; + printf("crypto_standalone_direct_command - received[%d]: 0x", cmd_in_len); + for (int i = 0; i < status; i++) + { + printf("%02x", cmd_in[i]); + } + printf("\n"); + + status = crypto_standalone_direct_process_command(cmd_in); + + tlm_out_len = cmd_in_len + 1; + // craft tlm + memcpy(&tlm_out, &cmd_in, cmd_in_len); + + // set tlm msgid + tlm_out[0] = 0x09; + tlm_out[1] = 0x80; + + if (status == CRYPTO_LIB_SUCCESS) + { + // set status + tlm_out[tlm_out_len - 1] = 0x01; + } + else + { + // set status + tlm_out[tlm_out_len - 1] = 0x00; + } + + sendto(tlm_sock->sockfd, &tlm_out, tlm_out_len, 0, (struct sockaddr *)&tlm_sock->saddr, + sizeof(tlm_sock->saddr)); + } + usleep(100); + } + + close(cmd_sock->sockfd); + return cmd_sock; +} + int main(int argc, char *argv[]) { int32_t status = CRYPTO_LIB_SUCCESS; @@ -901,24 +1098,32 @@ int main(int argc, char *argv[]) char input_buf[CRYPTO_MAX_INPUT_BUF]; char input_tokens[CRYPTO_MAX_INPUT_TOKENS][CRYPTO_MAX_INPUT_TOKEN_SIZE]; int num_input_tokens; - int cmd; + int command; char *token_ptr; udp_interface_t tc_apply; udp_interface_t tm_process; + udp_interface_t cmd; pthread_t tc_apply_thread; pthread_t tm_process_thread; + pthread_t cmd_thread; + + tc_apply.read.ip_address = CRYPTOLIB_HOSTNAME; + tc_apply.read.port = TC_APPLY_PORT; + tc_apply.write.ip_address = SC_HOSTNAME; + tc_apply.write.port = TC_APPLY_FWD_PORT; - tc_apply.read.ip_address = CRYPTOLIB_HOSTNAME; - tc_apply.read.port = TC_APPLY_PORT; - tc_apply.write.ip_address = SC_HOSTNAME; - tc_apply.write.port = TC_APPLY_FWD_PORT; tm_process.read.ip_address = CRYPTOLIB_HOSTNAME; tm_process.read.port = TM_PROCESS_PORT; tm_process.write.ip_address = GSW_HOSTNAME; tm_process.write.port = TM_PROCESS_FWD_PORT; + cmd.read.ip_address = "cryptolib"; + cmd.read.port = CRYPTO_CMD_PORT; + cmd.write.ip_address = GSW_HOSTNAME; + cmd.write.port = CRYPTO_TLM_PORT; + printf("Starting CryptoLib in standalone mode! \n"); if (argc != 1) { @@ -982,6 +1187,25 @@ int main(int argc, char *argv[]) } } + if (keepRunning == CRYPTO_LIB_SUCCESS) + { + status = crypto_standalone_socket_init(&cmd.read, CRYPTO_CMD_PORT, 0, 0); // udp 6060 + if (status != CRYPTO_LIB_SUCCESS) + { + printf("crypto_standalone_socket_init cmd.read failed with status %d \n", status); + keepRunning = CRYPTO_LIB_ERROR; + } + else + { + status = crypto_standalone_socket_init(&cmd.write, CRYPTO_TLM_PORT, 0, 0); // udp 6061 + if (status != CRYPTO_LIB_SUCCESS) + { + printf("crypto_standalone_socket_init cmd.write failed with status %d \n", status); + keepRunning = CRYPTO_LIB_ERROR; + } + } + } + /* Start threads */ if (keepRunning == CRYPTO_LIB_SUCCESS) { @@ -993,6 +1217,10 @@ int main(int argc, char *argv[]) printf(" Read, %s - %s : %d \n", crypto_use_tcp ? "TCP" : "UDP", tm_process.read.ip_address, tm_process.read.port); printf(" Write, UDP - %s : %d \n", tm_process.write.ip_address, tm_process.write.port); + printf(" CMD \n"); + printf(" Read, UDP - %s : %d \n", cmd.read.ip_address, cmd.read.port); + printf(" TLM \n"); + printf(" Write, UDP - %s : %d \n", cmd.write.ip_address, cmd.write.port); printf("\n"); status = pthread_create(&tc_apply_thread, NULL, *crypto_standalone_tc_apply, &tc_apply); @@ -1001,14 +1229,19 @@ int main(int argc, char *argv[]) perror("Failed to create tc_apply_thread thread"); keepRunning = CRYPTO_LIB_ERROR; } - else + + status = pthread_create(&tm_process_thread, NULL, *crypto_standalone_tm_process, &tm_process); + if (status < 0) { - status = pthread_create(&tm_process_thread, NULL, *crypto_standalone_tm_process, &tm_process); - if (status < 0) - { - perror("Failed to create tm_process_thread thread"); - keepRunning = CRYPTO_LIB_ERROR; - } + perror("Failed to create tm_process_thread thread"); + keepRunning = CRYPTO_LIB_ERROR; + } + + status = pthread_create(&cmd_thread, NULL, *crypto_standalone_direct_command, &cmd); + if (status < 0) + { + perror("Failed to create cmd_thread thread"); + keepRunning = CRYPTO_LIB_ERROR; } } @@ -1016,10 +1249,10 @@ int main(int argc, char *argv[]) while (keepRunning == CRYPTO_LIB_SUCCESS) { num_input_tokens = -1; - cmd = CRYPTO_CMD_UNKNOWN; + command = CRYPTO_CMD_UNKNOWN; /* Read user input */ - printf(CRYPTO_PROMPT); + // printf(CRYPTO_PROMPT); fgets(input_buf, CRYPTO_MAX_INPUT_BUF, stdin); /* Tokenize line buffer */ @@ -1029,7 +1262,7 @@ int main(int argc, char *argv[]) if (num_input_tokens == -1) { /* First token is command */ - cmd = crypto_standalone_get_command(token_ptr); + command = crypto_standalone_get_command(token_ptr); } else { @@ -1042,7 +1275,7 @@ int main(int argc, char *argv[]) /* Process command if valid */ if (num_input_tokens >= 0) { - crypto_standalone_process_command(cmd, num_input_tokens, &input_tokens[0][0]); + crypto_standalone_process_command(command, num_input_tokens, &input_tokens[0][0]); } } @@ -1051,6 +1284,8 @@ int main(int argc, char *argv[]) close(tc_apply.write.sockfd); close(tm_process.read.sockfd); close(tm_process.write.sockfd); + close(cmd.read.sockfd); + close(cmd.write.sockfd); Crypto_Shutdown(); diff --git a/support/standalone/standalone.h b/support/standalone/standalone.h index c4857b5b..2ce884de 100644 --- a/support/standalone/standalone.h +++ b/support/standalone/standalone.h @@ -63,6 +63,9 @@ extern "C" #define TM_PROCESS_FWD_PORT 6011 #endif +#define CRYPTO_CMD_PORT 6060 +#define CRYPTO_TLM_PORT 6061 + #define CRYPTO_STANDALONE_HANDLE_FRAMING #define CRYPTO_STANDALONE_FRAMING_SCID 3 #define CRYPTO_STANDALONE_FRAMING_VCID 0x00 @@ -113,24 +116,6 @@ extern "C" udp_info_t write; } udp_interface_t; - /* - ** Prototypes - */ - int32_t crypto_standalone_check_number_arguments(int actual, int expected); - void crypto_standalone_to_lower(char *str); - void crypto_standalone_print_help(void); - int32_t crypto_standalone_get_command(const char *str); - int32_t crypto_standalone_process_command(int32_t cc, int32_t num_tokens, char *tokens); - int32_t crypto_host_to_ip(const char *hostname, char *ip); - int32_t crypto_standalone_udp_init(udp_info_t *sock, int32_t port, uint8_t bind_sock); - int32_t crypto_reset(void); - void crypto_standalone_tc_frame(uint8_t *in_data, uint16_t in_length, uint8_t *out_data, uint16_t *out_length); - void *crypto_standalone_tc_apply(void *socks); - void crypto_standalone_tm_frame(uint8_t *in_data, uint16_t in_length, uint8_t *out_data, uint16_t *out_length, - uint16_t spi); - void *crypto_standalone_tm_process(void *socks); - void crypto_standalone_cleanup(const int signal); - #ifdef __cplusplus } /* Close scope of 'extern "C"' declaration which encloses file. */ #endif diff --git a/test/unit/ut_ep_sa_mgmt.c b/test/unit/ut_ep_sa_mgmt.c index 7e025b36..c05656b6 100644 --- a/test/unit/ut_ep_sa_mgmt.c +++ b/test/unit/ut_ep_sa_mgmt.c @@ -683,4 +683,59 @@ UTEST(EP_SA_MGMT, SA_STOP_SELF) free(buffer_STOP_b); } +UTEST(EP_SA_MGMT, SA_CREATE_60) +{ + remove("sa_save_file.bin"); + // Setup & Initialize CryptoLib + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_NO_PUS_HDR, + TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, + TC_CHECK_FECF_FALSE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + + GvcidManagedParameters_t TC_0_Managed_Parameters = { + 0, 0x0003, 7, TC_NO_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 86, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_0_Managed_Parameters); + + int status = Crypto_Init(); + ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); + SaInterface sa_if = get_sa_interface_inmemory(); + + status = CRYPTO_LIB_SUCCESS; + + char *buffer_CREATE_h = "20031c5400c0003f1980c000004a110230003ccc0810010110deadbeefdeadbeefdeadbeefdeadbeef01020020" + "deadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef0400000000020005"; + + uint8_t *buffer_CREATE_b = NULL; + int buffer_CREATE_len = 0; + + // Setup Processed Frame For Decryption + TC_t tc_nist_processed_frame; + + // Expose/setup SAs for testing + SecurityAssociation_t *test_association; + + // Modify SA 0 + sa_if->sa_get_from_spi(63, &test_association); + test_association->shivf_len = 0; + test_association->sa_state = SA_OPERATIONAL; + test_association->iv_len = 12; + test_association->shsnf_len = 0; + test_association->arsnw = 5; + test_association->arsnw_len = 1; + test_association->arsn_len = 0; + test_association->gvcid_blk.scid = SCID & 0x3FF; + test_association->gvcid_blk.vcid = 7; + + // Convert frames that will be processed + hex_conversion(buffer_CREATE_h, (char **)&buffer_CREATE_b, &buffer_CREATE_len); + + status = Crypto_TC_ProcessSecurity(buffer_CREATE_b, &buffer_CREATE_len, &tc_nist_processed_frame); + ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); + + printf("\n"); + Crypto_Shutdown(); + + free(buffer_CREATE_b); +} + UTEST_MAIN(); \ No newline at end of file