Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

365 rework tc status magic #368

Merged
merged 12 commits into from
Dec 18, 2024
Merged

365 rework tc status magic #368

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
7d1df06
[nasa/cryptolib#365] Re-arrange to remove magic nums in tc_process
dccutrig Dec 12, 2024
bb1191e
[nasa/cryptolib#365] Fix unused variable error in crypto.c depending …
dccutrig Dec 13, 2024
5950979
[nasa/Cryptolib#365] Adjust boolean logic for SPI assessment
dccutrig Dec 13, 2024
f98c58b
[nasa/cryptolib#365] Fix security bot warnings
dccutrig Dec 13, 2024
3a6a6f5
[nasa/cryptolib#365] Remove bool in favor of #defines
dccutrig Dec 16, 2024
8e1d546
[nasa/cryptolib#365] Fix reversed boolean logic
dccutrig Dec 16, 2024
52a694d
[nasa/cryptolib#265] Believe this resolves the SDLS EP processing w o…
dccutrig Dec 16, 2024
9ae5e13
[nasa/cryptolib#365] Minor typo
dccutrig Dec 16, 2024
6fe9516
[nasa/cryptolib#365] WIP on SDLS EP test with no PUS header. no worki…
dccutrig Dec 16, 2024
0a85354
[nasa/cryptolib#365] Adjust UT for key deactivation, No PUS Header
dccutrig Dec 17, 2024
b5e5c8c
[nasa/cryptolib#365] Add UTs with and without PUS Header for EPs
dccutrig Dec 17, 2024
4567cee
[nasa/cryptolib#365] Address a review comment, and update a code comment
dccutrig Dec 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion include/crypto_error.h
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
/* Copyright (C) 2009 - 2022 National Aeronautics and Space Administration.

Check notice on line 1 in include/crypto_error.h

View workflow job for this annotation

GitHub Actions / cpp-linter

Run clang-format on include/crypto_error.h 

File include/crypto_error.h does not conform to Custom style guidelines. (lines 137)
All Foreign Rights are Reserved to the U.S. Government.

This software is provided "as is" without any warranty of any kind, either expressed, implied, or statutory,
Expand Down Expand Up @@ -134,8 +134,9 @@
#define CRYPTO_LIB_ERR_KEY_STATE_INVALID (-61)
#define CRYPTO_LIB_ERR_SDLS_EP_WRONG_SPI (-62)
#define CRYPTO_LIB_ERR_SDLS_EP_NOT_BUILT (-63)
#define CRYPTO_LIB_ERR_BAD_TLV_LENGTH (-64)

#define CRYPTO_CORE_ERROR_CODES_MAX -63
#define CRYPTO_CORE_ERROR_CODES_MAX -64

// Define codes for returning MDB Strings, and determining error based on strings
#define CAM_ERROR_CODES 600
Expand Down
180 changes: 128 additions & 52 deletions src/core/crypto.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -768,27 +768,40 @@ int32_t Crypto_Get_Managed_Parameters_For_Gvcid(uint8_t tfvn, uint16_t scid, uin
* @param ingest: uint8_t*
* @return int32: Success/Failure
* @note TODO - Actually update based on variable config
* @note Allows EPs to be processed one of two ways.
* @note - 1) By using a packet layer with APID 0x1880
* @note - 2) By using a defined Virtual Channel ID
* @note Requires this to happen on either SPI_MIN (0) or SPI_MAX (configurable)
**/
int32_t Crypto_Process_Extended_Procedure_Pdu(TC_t *tc_sdls_processed_frame, uint8_t *ingest)
{
int32_t status = CRYPTO_LIB_SUCCESS;
int x;
ingest = ingest; // Suppress unused variable error depending on build

// Check for null pointers
if (tc_sdls_processed_frame == NULL)
{
status = CRYPTO_LIB_ERR_NULL_BUFFER;
}

// Validate correct SA for EPs
uint8_t valid_ep_sa = CRYPTO_FALSE;
if ((tc_sdls_processed_frame->tc_sec_header.spi == SPI_MIN) || (tc_sdls_processed_frame->tc_sec_header.spi == SPI_MAX))
{
valid_ep_sa = CRYPTO_TRUE;
}

if (status == CRYPTO_LIB_SUCCESS)
{
if (crypto_config.has_pus_hdr == TC_HAS_PUS_HDR)
// Check for specific App ID for EPs - the CryptoLib Apid in this case
if ((tc_sdls_processed_frame->tc_pdu[0] == 0x18) && (tc_sdls_processed_frame->tc_pdu[1] == 0x80))
{
if ((tc_sdls_processed_frame->tc_pdu[0] == 0x18) && (tc_sdls_processed_frame->tc_pdu[1] == 0x80))
// Crypto Lib Application ID

#ifdef CRYPTO_EPROC
// Check validity of SAs used for EP
if(valid_ep_sa == CRYPTO_TRUE)
{
#ifdef CRYPTO_EPROC
#ifdef DEBUG
printf(KGRN "Received SDLS command: " RESET);
printf(KGRN "Received SDLS command w/ packet header:\n\t " RESET);
#endif
// CCSDS Header
sdls_frame.hdr.pvn = (tc_sdls_processed_frame->tc_pdu[0] & 0xE0) >> 5;
Expand All @@ -802,67 +815,130 @@ int32_t Crypto_Process_Extended_Procedure_Pdu(TC_t *tc_sdls_processed_frame, uin
sdls_frame.hdr.pkt_length =
(tc_sdls_processed_frame->tc_pdu[4] << 8) | tc_sdls_processed_frame->tc_pdu[5];

// CCSDS PUS
sdls_frame.pus.shf = (tc_sdls_processed_frame->tc_pdu[6] & 0x80) >> 7;
sdls_frame.pus.pusv = (tc_sdls_processed_frame->tc_pdu[6] & 0x70) >> 4;
sdls_frame.pus.ack = (tc_sdls_processed_frame->tc_pdu[6] & 0x0F);
sdls_frame.pus.st = tc_sdls_processed_frame->tc_pdu[7];
sdls_frame.pus.sst = tc_sdls_processed_frame->tc_pdu[8];
sdls_frame.pus.sid = (tc_sdls_processed_frame->tc_pdu[9] & 0xF0) >> 4;
sdls_frame.pus.spare = (tc_sdls_processed_frame->tc_pdu[9] & 0x0F);
// Using PUS Header
if (crypto_config.has_pus_hdr == TC_HAS_PUS_HDR)
{
// If ECSS PUS Header is being used
sdls_frame.pus.shf = (tc_sdls_processed_frame->tc_pdu[6] & 0x80) >> 7;
sdls_frame.pus.pusv = (tc_sdls_processed_frame->tc_pdu[6] & 0x70) >> 4;
sdls_frame.pus.ack = (tc_sdls_processed_frame->tc_pdu[6] & 0x0F);
sdls_frame.pus.st = tc_sdls_processed_frame->tc_pdu[7];
sdls_frame.pus.sst = tc_sdls_processed_frame->tc_pdu[8];
sdls_frame.pus.sid = (tc_sdls_processed_frame->tc_pdu[9] & 0xF0) >> 4;
sdls_frame.pus.spare = (tc_sdls_processed_frame->tc_pdu[9] & 0x0F);

// SDLS TLV PDU
sdls_frame.pdu.hdr.type = (tc_sdls_processed_frame->tc_pdu[10] & 0x80) >> 7;
sdls_frame.pdu.hdr.uf = (tc_sdls_processed_frame->tc_pdu[10] & 0x40) >> 6;
sdls_frame.pdu.hdr.sg = (tc_sdls_processed_frame->tc_pdu[10] & 0x30) >> 4;
sdls_frame.pdu.hdr.pid = (tc_sdls_processed_frame->tc_pdu[10] & 0x0F);
sdls_frame.pdu.hdr.pdu_len =
(tc_sdls_processed_frame->tc_pdu[11] << 8) | tc_sdls_processed_frame->tc_pdu[12];
for (x = 13; x < (13 + sdls_frame.hdr.pkt_length); x++)
sdls_frame.pdu.hdr.type = (tc_sdls_processed_frame->tc_pdu[10] & 0x80) >> 7;
sdls_frame.pdu.hdr.uf = (tc_sdls_processed_frame->tc_pdu[10] & 0x40) >> 6;
sdls_frame.pdu.hdr.sg = (tc_sdls_processed_frame->tc_pdu[10] & 0x30) >> 4;
sdls_frame.pdu.hdr.pid = (tc_sdls_processed_frame->tc_pdu[10] & 0x0F);
sdls_frame.pdu.hdr.pdu_len =
(tc_sdls_processed_frame->tc_pdu[11] << 8) | tc_sdls_processed_frame->tc_pdu[12];

// Subtract headers from total frame length
// uint16_t max_tlv = tc_sdls_processed_frame->tc_header.fl - CCSDS_HDR_SIZE - CCSDS_PUS_SIZE - SDLS_TLV_HDR_SIZE;
if (sdls_frame.hdr.pkt_length < TLV_DATA_SIZE) // && (sdls_frame.hdr.pkt_length < max_tlv))
{
for (int x = 13; x < (13 + sdls_frame.hdr.pkt_length); x++)
{
sdls_frame.pdu.data[x - 13] = tc_sdls_processed_frame->tc_pdu[x];
}
}
else
{
status = CRYPTO_LIB_ERR_BAD_TLV_LENGTH;
return status;
}
}
// Not using PUS Header
else
{
sdls_frame.pdu.data[x - 13] = tc_sdls_processed_frame->tc_pdu[x];
// SDLS TLV PDU
sdls_frame.pdu.hdr.type = (tc_sdls_processed_frame->tc_pdu[6] & 0x80) >> 7;
sdls_frame.pdu.hdr.uf = (tc_sdls_processed_frame->tc_pdu[6] & 0x40) >> 6;
sdls_frame.pdu.hdr.sg = (tc_sdls_processed_frame->tc_pdu[6] & 0x30) >> 4;
sdls_frame.pdu.hdr.pid = (tc_sdls_processed_frame->tc_pdu[6] & 0x0F);
sdls_frame.pdu.hdr.pdu_len =
(tc_sdls_processed_frame->tc_pdu[7] << 8) | tc_sdls_processed_frame->tc_pdu[8];

// Make sure TLV isn't larger than we have allocated, and it is sane given total frame length
uint16_t max_tlv = tc_sdls_processed_frame->tc_header.fl - CCSDS_HDR_SIZE - SDLS_TLV_HDR_SIZE;
if ((sdls_frame.hdr.pkt_length < TLV_DATA_SIZE) && (sdls_frame.hdr.pkt_length < max_tlv))
{
for (int x = 9; x < (9 + sdls_frame.hdr.pkt_length); x++)
{
sdls_frame.pdu.data[x - 9] = tc_sdls_processed_frame->tc_pdu[x];
}
}
else
{
status = CRYPTO_LIB_ERR_BAD_TLV_LENGTH;
return status;
}
}



#ifdef CCSDS_DEBUG
Crypto_ccsdsPrint(&sdls_frame);
#endif

// Determine type of PDU
status = Crypto_PDU(ingest, tc_sdls_processed_frame);
#else
status = CRYPTO_LIB_ERR_SDLS_EP_NOT_BUILT;
#endif //CRYPTO_EPROC

// Determine type of PDU
status = Crypto_PDU(ingest, tc_sdls_processed_frame);
}
// Received EP PDU on invalid SA
else
{
#ifdef CCSDS_DEBUG
printf(KRED "Received EP PDU on invalid SA! SPI %d\n" RESET, tc_sdls_processed_frame->tc_sec_header.spi);
dccutrig marked this conversation as resolved.
Show resolved Hide resolved
#endif
status = CRYPTO_LIB_ERR_SDLS_EP_WRONG_SPI;
}

#else // Received an EP command without EPs being built
valid_ep_sa = valid_ep_sa; // Suppress build error
status = CRYPTO_LIB_ERR_SDLS_EP_NOT_BUILT;
#endif //CRYPTO_EPROC
}
else if (tc_sdls_processed_frame->tc_header.vcid == TC_SDLS_EP_VCID) // TC SDLS PDU with no packet layer

// If not a specific APID, check if using VCIDs for SDLS PDUs with no packet layer
else if (tc_sdls_processed_frame->tc_header.vcid == TC_SDLS_EP_VCID)
{
#ifdef DEBUG
printf(KGRN "Received SDLS command (No Packet Header or PUS): " RESET);
#ifdef CRYPTO_EPROC
// Check validity of SAs used for EP
if(valid_ep_sa == CRYPTO_TRUE)
{
#ifdef CCSDS_DEBUG
printf(KGRN "Received SDLS command (No Packet Header or PUS): " RESET);
#endif
// No Packet HDR or PUS in these frames
// SDLS TLV PDU
sdls_frame.hdr.type = (tc_sdls_processed_frame->tc_pdu[0] & 0x80) >> 7;
sdls_frame.pdu.hdr.uf = (tc_sdls_processed_frame->tc_pdu[0] & 0x40) >> 6;
sdls_frame.pdu.hdr.sg = (tc_sdls_processed_frame->tc_pdu[0] & 0x30) >> 4;
sdls_frame.pdu.hdr.pid = (tc_sdls_processed_frame->tc_pdu[0] & 0x0F);
sdls_frame.pdu.hdr.pdu_len = (tc_sdls_processed_frame->tc_pdu[1] << 8) | tc_sdls_processed_frame->tc_pdu[2];
for (x = 3; x < (3 + tc_sdls_processed_frame->tc_header.fl); x++)
{
// Todo - Consider how this behaves with large OTAR PDUs that are larger than 1 TC in size. Most likely
// fails. Must consider Uplink Sessions (sequence numbers).
sdls_frame.pdu.data[x - 3] = tc_sdls_processed_frame->tc_pdu[x];
}
// No Packet HDR or PUS in these frames
// SDLS TLV PDU
sdls_frame.hdr.type = (tc_sdls_processed_frame->tc_pdu[0] & 0x80) >> 7;
sdls_frame.pdu.hdr.uf = (tc_sdls_processed_frame->tc_pdu[0] & 0x40) >> 6;
sdls_frame.pdu.hdr.sg = (tc_sdls_processed_frame->tc_pdu[0] & 0x30) >> 4;
sdls_frame.pdu.hdr.pid = (tc_sdls_processed_frame->tc_pdu[0] & 0x0F);
sdls_frame.pdu.hdr.pdu_len = (tc_sdls_processed_frame->tc_pdu[1] << 8) | tc_sdls_processed_frame->tc_pdu[2];
for (int x = 3; x < (3 + tc_sdls_processed_frame->tc_header.fl); x++)
{
// Todo - Consider how this behaves with large OTAR PDUs that are larger than 1 TC in size. Most likely
// fails. Must consider Uplink Sessions (sequence numbers).
sdls_frame.pdu.data[x - 3] = tc_sdls_processed_frame->tc_pdu[x];
}

#ifdef CCSDS_DEBUG
Crypto_ccsdsPrint(&sdls_frame);
Crypto_ccsdsPrint(&sdls_frame);
#endif

// Determine type of PDU
status = Crypto_PDU(ingest, tc_sdls_processed_frame);
}
else
{
// TODO - Process SDLS PDU with Packet Layer without PUS_HDR
// Determine type of PDU
status = Crypto_PDU(ingest, tc_sdls_processed_frame);
}
#else // Received an EP command without EPs being built
#ifdef CCSDS_DEBUG
printf(KRED "PDU DEBUG %s %d\n" RESET, __FILE__, __LINE__);
#endif
valid_ep_sa = valid_ep_sa; // Suppress build error
dccutrig marked this conversation as resolved.
Show resolved Hide resolved
status = CRYPTO_LIB_ERR_SDLS_EP_NOT_BUILT;
#endif //CRYPTO_EPROC
}
}
return status;
Expand Down
3 changes: 2 additions & 1 deletion src/core/crypto_error.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,8 @@ char *crypto_enum_errlist_core[] = {(char *)"CRYPTO_LIB_SUCCESS",
(char *)"CRYPTO_LIB_ERR_SPI_INDEX_MISMATCH",
(char *)"CRYPTO_LIB_ERR_KEY_STATE_INVALID",
(char *)"CRYPTO_LIB_ERR_SDLS_EP_WRONG_SPI",
(char *)"CRYPTO_LIB_ERR_SDLS_EP_NOT_BUILT"};
(char *)"CRYPTO_LIB_ERR_SDLS_EP_NOT_BUILT",
(char *)"CRYPTO_LIB_ERR_BAD_TLV_LENGTH"};

char *crypto_enum_errlist_config[] = {
(char *)"CRYPTO_CONFIGURATION_NOT_COMPLETE",
Expand Down
2 changes: 1 addition & 1 deletion src/core/crypto_key_mgmt.c
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
/* Copyright (C) 2009 - 2022 National Aeronautics and Space Administration.

Check notice on line 1 in src/core/crypto_key_mgmt.c

View workflow job for this annotation

GitHub Actions / cpp-linter

Run clang-format on src/core/crypto_key_mgmt.c 

File src/core/crypto_key_mgmt.c does not conform to Custom style guidelines. (lines 48, 104, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 217, 336, 354, 355, 399, 416, 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, 511, 512)
All Foreign Rights are Reserved to the U.S. Government.

This software is provided "as is" without any warranty of any kind, either expressed, implied, or statutory,
Expand Down Expand Up @@ -224,7 +224,7 @@
}

#ifdef PDU_DEBUG
printf("Keys ");
printf("Key(s) ");
#endif
// Read in PDU
for (x = 0; x < pdu_keys; x++)
Expand Down
24 changes: 16 additions & 8 deletions src/core/crypto_print.c
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
/* Copyright (C) 2009 - 2022 National Aeronautics and Space Administration.

Check notice on line 1 in src/core/crypto_print.c

View workflow job for this annotation

GitHub Actions / cpp-linter

Run clang-format on src/core/crypto_print.c 

File src/core/crypto_print.c does not conform to Custom style guidelines. (lines 186)
All Foreign Rights are Reserved to the U.S. Government.

This software is provided "as is" without any warranty of any kind, either expressed, implied, or statutory,
Expand Down Expand Up @@ -183,14 +183,22 @@
printf("\t\t seq = 0x%01x \n", sdls_frame->hdr.seq);
printf("\t\t pktid = 0x%04x \n", sdls_frame->hdr.pktid);
printf("\t\t pkt_length = 0x%04x \n", sdls_frame->hdr.pkt_length);
printf("\t PUS Header\n");
printf("\t\t shf = 0x%01x \n", sdls_frame->pus.shf);
printf("\t\t pusv = 0x%01x \n", sdls_frame->pus.pusv);
printf("\t\t ack = 0x%01x \n", sdls_frame->pus.ack);
printf("\t\t st = 0x%02x \n", sdls_frame->pus.st);
printf("\t\t sst = 0x%02x \n", sdls_frame->pus.sst);
printf("\t\t sid = 0x%01x \n", sdls_frame->pus.sid);
printf("\t\t spare = 0x%01x \n", sdls_frame->pus.spare);
if(crypto_config.has_pus_hdr == TC_HAS_PUS_HDR)
{
printf("\t PUS Header\n");
printf("\t\t shf = 0x%01x \n", sdls_frame->pus.shf);
printf("\t\t pusv = 0x%01x \n", sdls_frame->pus.pusv);
printf("\t\t ack = 0x%01x \n", sdls_frame->pus.ack);
printf("\t\t st = 0x%02x \n", sdls_frame->pus.st);
printf("\t\t sst = 0x%02x \n", sdls_frame->pus.sst);
printf("\t\t sid = 0x%01x \n", sdls_frame->pus.sid);
printf("\t\t spare = 0x%01x \n", sdls_frame->pus.spare);
}
else
{
printf("\t PUS Header\n");
printf("\t\t Config not configured for PUS Header, not printing\n");
}
printf("\t PDU \n");
printf("\t\t type = 0x%01x \n", sdls_frame->pdu.hdr.type);
printf("\t\t uf = 0x%01x \n", sdls_frame->pdu.hdr.uf);
Expand Down
12 changes: 1 addition & 11 deletions src/core/crypto_tc.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1967,17 +1967,7 @@ int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t *ingest, int *len_ingest, TC_t *tc

if (status == CRYPTO_LIB_SUCCESS && crypto_config.process_sdls_pdus == TC_PROCESS_SDLS_PDUS_TRUE)
{
if((sa_ptr->spi == SPI_MIN) || sa_ptr->spi == SPI_MAX)
{
status = Crypto_Process_Extended_Procedure_Pdu(tc_sdls_processed_frame, ingest);
}
else
{
// Some Magic here to log that an inappropriate SA was attempted to be used for EP
status = CRYPTO_LIB_ERR_SPI_INDEX_OOB;
mc_if->mc_log(status);
status = CRYPTO_LIB_SUCCESS;
}
status = Crypto_Process_Extended_Procedure_Pdu(tc_sdls_processed_frame, ingest);
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we still need the SPI_MIN and SPI_MAX check above?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes

}

Crypto_TC_Safe_Free_Ptr(aad);
Expand Down
Loading
Loading