Merge pull request #400 from nasa/150-conditional-error-code-review

150 conditional error code review
nasa · Feb 5, 2025 · 1acbc5a · 1acbc5a
2 parents 7bc238b + 0111688
commit 1acbc5a
Show file tree

Hide file tree

Showing 6 changed files with 24 additions and 13 deletions.
diff --git a/include/crypto.h b/include/crypto.h
@@ -245,6 +245,7 @@ uint16_t       Crypto_Calc_CRC16(uint8_t *data, int size);
 int32_t        Crypto_Check_Anti_Replay(SecurityAssociation_t *sa_ptr, uint8_t *arsn, uint8_t *iv);
 int32_t        Crypto_Get_ECS_Algo_Keylen(uint8_t algo);
 int32_t        Crypto_Get_ACS_Algo_Keylen(uint8_t algo);
+uint8_t        Crypto_Is_ACS_Only_Algo(uint8_t algo);
 
 int32_t Crypto_Check_Anti_Replay_Verify_Pointers(SecurityAssociation_t *sa_ptr, uint8_t *arsn, uint8_t *iv);
 int32_t Crypto_Check_Anti_Replay_ARSNW(SecurityAssociation_t *sa_ptr, uint8_t *arsn, int8_t *arsn_valid);

diff --git a/include/crypto_config_structs.h b/include/crypto_config_structs.h
@@ -184,7 +184,8 @@ typedef enum
     CRYPTO_MAC_NONE,
     CRYPTO_MAC_CMAC_AES256,
     CRYPTO_MAC_HMAC_SHA256,
-    CRYPTO_MAC_HMAC_SHA512
+    CRYPTO_MAC_HMAC_SHA512,
+    CRYPTO_ACS_MAX = 3
 } AuthCipherSuite;
 typedef enum
 {

diff --git a/src/core/crypto.c b/src/core/crypto.c
@@ -122,6 +122,21 @@ uint8_t Crypto_Is_AEAD_Algorithm(uint32_t cipher_suite_id)
     return status;
 }
 
+/**
+ * @brief Function: Crypto_Is_ACS_Only_Algo
+ * Looks up cipher suite ID and determines if it's an ACS algorithm. Returns 1 if true, 0 if false;
+ * @param cipher_suite_id: uint8_t
+ * @return int: Success/Failure
+ **/
+uint8_t Crypto_Is_ACS_Only_Algo(uint8_t algo)
+{
+    if (algo > 0 && algo <= CRYPTO_ACS_MAX)
+    {
+        return CRYPTO_TRUE;
+    }
+    return CRYPTO_FALSE;
+}
+
 /**
  * @brief Function: Crypto_increment
  * Increments the bytes within a uint8_t array

diff --git a/src/core/crypto_aos.c b/src/core/crypto_aos.c
@@ -243,11 +243,9 @@ int32_t Crypto_AOS_ApplySecurity(uint8_t *pTfBuffer)
 
     if (sa_ptr->est == 0 && sa_ptr->ast == 1)
     {
-        if (sa_ptr->acs_len != 0)
+        if (sa_ptr->acs_len > 0)
         {
-            if ((sa_ptr->acs == CRYPTO_MAC_CMAC_AES256 || sa_ptr->acs == CRYPTO_MAC_HMAC_SHA256 ||
-                 sa_ptr->acs == CRYPTO_MAC_HMAC_SHA512) &&
-                sa_ptr->iv_len > 0)
+            if (Crypto_Is_ACS_Only_Algo(sa_ptr->acs) && sa_ptr->iv_len > 0)
             {
                 status = CRYPTO_LIB_ERR_IV_NOT_SUPPORTED_FOR_ACS_ALGO;
                 mc_if->mc_log(status);

diff --git a/src/core/crypto_tc.c b/src/core/crypto_tc.c
@@ -263,11 +263,9 @@ int32_t Crypto_TC_ACS_Algo_Check(SecurityAssociation_t *sa_ptr)
     int32_t status = CRYPTO_LIB_SUCCESS;
     if ((sa_ptr->est == 0) && (sa_ptr->ast == 1))
     {
-        if (sa_ptr->acs_len != 0)
+        if (sa_ptr->acs_len > 0)
         {
-            if ((sa_ptr->acs == CRYPTO_MAC_CMAC_AES256 || sa_ptr->acs == CRYPTO_MAC_HMAC_SHA256 ||
-                 sa_ptr->acs == CRYPTO_MAC_HMAC_SHA512) &&
-                sa_ptr->iv_len > 0)
+            if (Crypto_Is_ACS_Only_Algo(sa_ptr->acs) && sa_ptr->iv_len > 0)
             {
                 status = CRYPTO_LIB_ERR_IV_NOT_SUPPORTED_FOR_ACS_ALGO;
                 mc_if->mc_log(status);

diff --git a/src/core/crypto_tm.c b/src/core/crypto_tm.c
@@ -161,11 +161,9 @@ int32_t Crypto_TM_IV_Sanity_Check(uint8_t *sa_service_type, SecurityAssociation_
 
     if (sa_ptr->est == 0 && sa_ptr->ast == 1)
     {
-        if (sa_ptr->acs_len != 0)
+        if (sa_ptr->acs_len > 0)
         {
-            if ((sa_ptr->acs == CRYPTO_MAC_CMAC_AES256 || sa_ptr->acs == CRYPTO_MAC_HMAC_SHA256 ||
-                 sa_ptr->acs == CRYPTO_MAC_HMAC_SHA512) &&
-                sa_ptr->iv_len > 0)
+            if (Crypto_Is_ACS_Only_Algo(sa_ptr->acs) && sa_ptr->iv_len > 0)
             {
                 status = CRYPTO_LIB_ERR_IV_NOT_SUPPORTED_FOR_ACS_ALGO;
                 mc_if->mc_log(status);