Nos3#769 otar

include/crypto.h

@@ -254,7 +254,7 @@ int32_t Crypto_Check_Anti_Replay_ARSNW(SecurityAssociation_t *sa_ptr, uint8_t *a
 int32_t Crypto_Check_Anti_Replay_GCM(SecurityAssociation_t *sa_ptr, uint8_t *iv, int8_t *iv_valid);
 
 // SDLS Related Functions
-extern uint8_t Crypto_Prep_Reply(uint8_t *ingest, uint8_t appID);
+extern uint8_t Crypto_Prep_Reply(uint8_t *ingest, uint16_t appID);
 extern void    Crypto_Print_Sdls_Ep_Reply(void);
 extern int32_t Crypto_Get_Sdls_Ep_Reply(uint8_t *buffer, uint16_t *length);
 

include/crypto_config.h

@@ -132,9 +132,21 @@
 #define CHALLENGE_SIZE      16   /* bytes */
 #define CHALLENGE_MAC_SIZE  16   /* bytes */
 #define BYTE_LEN            8    /* bits */
-#define CRYPTOLIB_APPID     128
+#define CRYPTOLIB_APPID     0x0180
 #define MAX_IV_LEN          32 /* bytes */
 
+// APPID Offsets for EP Replies (TLM)
+#define KEY_INVENTORY_OFFSET 0x1
+#define KEY_VERIFY_OFFSET    0x2
+#define MC_PING_OFFSET       0x3
+#define MC_STATUS_OFFSET     0x4
+#define MC_DUMP_OFFSET       0x5
+#define MC_ERASE_OFFSET      0x6
+#define MC_SELFTEST_OFFSET   0x7
+#define SA_READARSN_OFFSET   0x8
+#define SA_STATUS_OFFSET     0x9
+#define USER_IDLE_OFFSET     0xA
+
 // Configurable via build flags
 #ifndef NUM_SA
 #define NUM_SA 64

include/crypto_events.h

@@ -18,14 +18,14 @@
 #ifndef CRYPTO_EVENTS_H
 #define CRYPTO_EVENTS_H
 
-#define FECF_ERR_EID           0
-#define MKID_INVALID_EID       1
-#define MKID_STATE_ERR_EID     2
-#define KEY_TRANSITION_ERR_EID 3
-#define SPI_INVALID_EID        4
-#define IV_WINDOW_ERR_EID      5
-#define IV_REPLAY_ERR_EID      6
-#define OTAR_MK_ERR_EID        7
+#define FECF_ERR_EID           1
+#define MKID_INVALID_EID       2
+#define MKID_STATE_ERR_EID     3
+#define KEY_TRANSITION_ERR_EID 4
+#define SPI_INVALID_EID        5
+#define IV_WINDOW_ERR_EID      6
+#define IV_REPLAY_ERR_EID      7
+#define OTAR_MK_ERR_EID        8
 
 #define STARTUP_EID 10
 

include/crypto_structs.h

@@ -197,7 +197,7 @@ typedef struct
 typedef struct
 {
     uint16_t kid : 16;      // Key ID
-    uint16_t key_state : 8; // Key state
+    uint8_t  key_state : 8; // Key state
 } __attribute__((packed)) SDLS_KEY_INVENTORY_RPLY_t;
 #define SDLS_KEY_INVENTORY_RPLY_SIZE (sizeof(SDLS_KEY_INVENTORY_RPLY_t))
 

src/core/crypto.c

@@ -284,7 +284,7 @@ int32_t Crypto_window(uint8_t *actual, uint8_t *expected, int length, int window
  *
  * CCSDS Compliance: CCSDS 355.0-B-2 Section 7.4 (Management)
  **/
-uint8_t Crypto_Prep_Reply(uint8_t *reply, uint8_t appID)
+uint8_t Crypto_Prep_Reply(uint8_t *reply, uint16_t appID)
 {
     uint8_t count = 0;
     if (reply == NULL)
@@ -300,7 +300,7 @@ uint8_t Crypto_Prep_Reply(uint8_t *reply, uint8_t appID)
 
     // Fill reply with reply header
     reply[count++] = (sdls_frame.hdr.pvn << 5) | (sdls_frame.hdr.type << 4) | (sdls_frame.hdr.shdr << 3) |
-                     ((sdls_frame.hdr.appID & 0x700 >> 8));
+                     ((sdls_frame.hdr.appID & 0x700) >> 8);
     reply[count++] = (sdls_frame.hdr.appID & 0x00FF);
     reply[count++] = (sdls_frame.hdr.seq << 6) | ((sdls_frame.hdr.pktid & 0x3F00) >> 8);
     reply[count++] = (sdls_frame.hdr.pktid & 0x00FF);
@@ -348,7 +348,7 @@ int32_t Crypto_Get_Sdls_Ep_Reply(uint8_t *buffer, uint16_t *length)
         return status;
     }
 
-    pkt_length = sdls_frame.hdr.pkt_length + 1;
+    pkt_length = CCSDS_HDR_SIZE + sdls_frame.hdr.pkt_length + 1;
 
     // Sanity Check on length
     if (pkt_length > TC_MAX_FRAME_SIZE)
@@ -362,6 +362,9 @@ int32_t Crypto_Get_Sdls_Ep_Reply(uint8_t *buffer, uint16_t *length)
     // Update length externally
     *length = pkt_length;
 
+    memset(&sdls_ep_reply, 0x00, TC_MAX_FRAME_SIZE);
+    sdls_frame.hdr.pkt_length = 0;
+
     return status;
 }
 
@@ -1013,7 +1016,15 @@ int32_t Crypto_Process_Extended_Procedure_Pdu(TC_t *tc_sdls_processed_frame, uin
                     uint16_t max_tlv = tc_sdls_processed_frame->tc_header.fl - CCSDS_HDR_SIZE - SDLS_TLV_HDR_SIZE;
                     len_ingest       = len_ingest; // suppress error for now
 #ifdef PDU_DEBUG
+                    printf("sdls_frame.tlv_pdu.hdr.type: %d\n", sdls_frame.tlv_pdu.hdr.type);
+                    printf("sdls_frame.tlv_pdu.hdr.uf: %d\n", sdls_frame.tlv_pdu.hdr.uf);
+                    printf("sdls_frame.tlv_pdu.hdr.sg: %d\n", sdls_frame.tlv_pdu.hdr.sg);
+                    printf("sdls_frame.tlv_pdu.hdr.pid: %d\n", sdls_frame.tlv_pdu.hdr.pid);
+
                     printf("PDU_LEN: %d\n", sdls_frame.tlv_pdu.hdr.pdu_len);
+                    printf("MAX_TLV: %d\n", max_tlv);
+                    printf("TLV_DATA_SIZE: %d\n", TLV_DATA_SIZE);
+                    printf("sdls_frame.hdr.pkt_length: %d\n", sdls_frame.hdr.pkt_length);
 #endif
                     if ((sdls_frame.tlv_pdu.hdr.pdu_len / 8) > max_tlv)
                     {
@@ -1031,6 +1042,9 @@ int32_t Crypto_Process_Extended_Procedure_Pdu(TC_t *tc_sdls_processed_frame, uin
                     }
                     else
                     {
+#ifdef PDU_DEBUG
+                        printf(KRED "TLV_DATA_SIZE LT pkt_length OR max_tlv LT pkt_length\n" RESET);
+#endif
                         status = CRYPTO_LIB_ERR_BAD_TLV_LENGTH;
                         return status;
                     }

src/core/crypto_aos.c

@@ -81,7 +81,9 @@ int32_t Crypto_AOS_ApplySecurity(uint8_t *pTfBuffer, uint16_t len_ingest)
 
     if ((crypto_config.init_status == UNITIALIZED) || (mc_if == NULL) || (sa_if == NULL))
     {
+#ifdef AOS_DEBUG
         printf(KRED "ERROR: CryptoLib Configuration Not Set! -- CRYPTO_LIB_ERR_NO_CONFIG, Will Exit\n" RESET);
+#endif
         status = CRYPTO_LIB_ERR_NO_CONFIG;
         // Can't mc_log since it's not configured
         return status; // return immediately so a NULL crypto_config is not dereferenced later
@@ -216,7 +218,9 @@ int32_t Crypto_AOS_ApplySecurity(uint8_t *pTfBuffer, uint16_t len_ingest)
     {
         // Probably unnecessary check
         // Leaving for now as it would be cleaner in SA to have an association enum returned I believe
+#ifdef AOS_DEBUG
         printf(KRED "Error: SA Service Type is not defined! \n" RESET);
+#endif
         status = CRYPTO_LIB_ERROR;
         mc_if->mc_log(status);
         return status;
@@ -390,7 +394,9 @@ int32_t Crypto_AOS_ApplySecurity(uint8_t *pTfBuffer, uint16_t len_ingest)
     if (pkcs_padding < cbc_padding)
     {
         status = CRYPTO_LIB_ERROR;
+#ifdef AOS_DEBUG
         printf(KRED "Error: pkcs_padding length %d is less than required %d\n" RESET, pkcs_padding, cbc_padding);
+#endif
         mc_if->mc_log(status);
         return status;
     }
@@ -540,7 +546,9 @@ int32_t Crypto_AOS_ApplySecurity(uint8_t *pTfBuffer, uint16_t len_ingest)
             if (sa_ptr->abm_len < aad_len)
             {
                 status = CRYPTO_LIB_ERR_ABM_TOO_SHORT_FOR_AAD;
+#ifdef AOS_DEBUG
                 printf(KRED "Error: abm_len of %d < aad_len of %d\n" RESET, sa_ptr->abm_len, aad_len);
+#endif
                 mc_if->mc_log(status);
                 return status;
             }
@@ -860,7 +868,9 @@ int32_t Crypto_AOS_ProcessSecurity(uint8_t *p_ingest, uint16_t len_ingest, uint8
     // Query SA DB for active SA / SDLS parameters
     if (sa_if == NULL) // This should not happen, but tested here for safety
     {
+#ifdef AOS_DEBUG
         printf(KRED "ERROR: SA DB Not initalized! -- CRYPTO_LIB_ERR_NO_INIT, Will Exit\n" RESET);
+#endif
         status = CRYPTO_LIB_ERR_NO_INIT;
         return status;
     }