diff --git a/include/crypto.h b/include/crypto.h index 698f2704..6849f2d9 100644 --- a/include/crypto.h +++ b/include/crypto.h @@ -245,6 +245,7 @@ uint16_t Crypto_Calc_CRC16(uint8_t *data, int size); int32_t Crypto_Check_Anti_Replay(SecurityAssociation_t *sa_ptr, uint8_t *arsn, uint8_t *iv); int32_t Crypto_Get_ECS_Algo_Keylen(uint8_t algo); int32_t Crypto_Get_ACS_Algo_Keylen(uint8_t algo); +uint8_t Crypto_Is_ACS_Only_Algo(uint8_t algo); int32_t Crypto_Check_Anti_Replay_Verify_Pointers(SecurityAssociation_t *sa_ptr, uint8_t *arsn, uint8_t *iv); int32_t Crypto_Check_Anti_Replay_ARSNW(SecurityAssociation_t *sa_ptr, uint8_t *arsn, int8_t *arsn_valid); diff --git a/include/crypto_config_structs.h b/include/crypto_config_structs.h index 7a2e42d8..37419f23 100644 --- a/include/crypto_config_structs.h +++ b/include/crypto_config_structs.h @@ -184,7 +184,8 @@ typedef enum CRYPTO_MAC_NONE, CRYPTO_MAC_CMAC_AES256, CRYPTO_MAC_HMAC_SHA256, - CRYPTO_MAC_HMAC_SHA512 + CRYPTO_MAC_HMAC_SHA512, + CRYPTO_ACS_MAX = 3 } AuthCipherSuite; typedef enum { diff --git a/src/core/crypto.c b/src/core/crypto.c index 1799322a..f0ee88b0 100644 --- a/src/core/crypto.c +++ b/src/core/crypto.c @@ -122,6 +122,21 @@ uint8_t Crypto_Is_AEAD_Algorithm(uint32_t cipher_suite_id) return status; } +/** + * @brief Function: Crypto_Is_ACS_Only_Algo + * Looks up cipher suite ID and determines if it's an ACS algorithm. Returns 1 if true, 0 if false; + * @param cipher_suite_id: uint8_t + * @return int: Success/Failure + **/ +uint8_t Crypto_Is_ACS_Only_Algo(uint8_t algo) +{ + if (algo > 0 && algo <= CRYPTO_ACS_MAX) + { + return CRYPTO_TRUE; + } + return CRYPTO_FALSE; +} + /** * @brief Function: Crypto_increment * Increments the bytes within a uint8_t array diff --git a/src/core/crypto_aos.c b/src/core/crypto_aos.c index d9aead6b..7689501b 100644 --- a/src/core/crypto_aos.c +++ b/src/core/crypto_aos.c @@ -243,11 +243,9 @@ int32_t Crypto_AOS_ApplySecurity(uint8_t *pTfBuffer) if (sa_ptr->est == 0 && sa_ptr->ast == 1) { - if (sa_ptr->acs_len != 0) + if (sa_ptr->acs_len > 0) { - if ((sa_ptr->acs == CRYPTO_MAC_CMAC_AES256 || sa_ptr->acs == CRYPTO_MAC_HMAC_SHA256 || - sa_ptr->acs == CRYPTO_MAC_HMAC_SHA512) && - sa_ptr->iv_len > 0) + if (Crypto_Is_ACS_Only_Algo(sa_ptr->acs) && sa_ptr->iv_len > 0) { status = CRYPTO_LIB_ERR_IV_NOT_SUPPORTED_FOR_ACS_ALGO; mc_if->mc_log(status); diff --git a/src/core/crypto_tc.c b/src/core/crypto_tc.c index 66c263bc..c9253710 100644 --- a/src/core/crypto_tc.c +++ b/src/core/crypto_tc.c @@ -263,11 +263,9 @@ int32_t Crypto_TC_ACS_Algo_Check(SecurityAssociation_t *sa_ptr) int32_t status = CRYPTO_LIB_SUCCESS; if ((sa_ptr->est == 0) && (sa_ptr->ast == 1)) { - if (sa_ptr->acs_len != 0) + if (sa_ptr->acs_len > 0) { - if ((sa_ptr->acs == CRYPTO_MAC_CMAC_AES256 || sa_ptr->acs == CRYPTO_MAC_HMAC_SHA256 || - sa_ptr->acs == CRYPTO_MAC_HMAC_SHA512) && - sa_ptr->iv_len > 0) + if (Crypto_Is_ACS_Only_Algo(sa_ptr->acs) && sa_ptr->iv_len > 0) { status = CRYPTO_LIB_ERR_IV_NOT_SUPPORTED_FOR_ACS_ALGO; mc_if->mc_log(status); diff --git a/src/core/crypto_tm.c b/src/core/crypto_tm.c index ac01ef7d..bf6a2468 100644 --- a/src/core/crypto_tm.c +++ b/src/core/crypto_tm.c @@ -161,11 +161,9 @@ int32_t Crypto_TM_IV_Sanity_Check(uint8_t *sa_service_type, SecurityAssociation_ if (sa_ptr->est == 0 && sa_ptr->ast == 1) { - if (sa_ptr->acs_len != 0) + if (sa_ptr->acs_len > 0) { - if ((sa_ptr->acs == CRYPTO_MAC_CMAC_AES256 || sa_ptr->acs == CRYPTO_MAC_HMAC_SHA256 || - sa_ptr->acs == CRYPTO_MAC_HMAC_SHA512) && - sa_ptr->iv_len > 0) + if (Crypto_Is_ACS_Only_Algo(sa_ptr->acs) && sa_ptr->iv_len > 0) { status = CRYPTO_LIB_ERR_IV_NOT_SUPPORTED_FOR_ACS_ALGO; mc_if->mc_log(status);