Merge pull request #397 from nasa/202-enforce-arsn-only-with-auth-or-…

…aead 202 enforce arsn only with auth or aead
nasa · Feb 4, 2025 · 7bc238b · 7bc238b
2 parents 3bb4d53 + 91d935f
commit 7bc238b
Show file tree

Hide file tree

Showing 11 changed files with 442 additions and 447 deletions.
diff --git a/include/crypto_error.h b/include/crypto_error.h
@@ -140,8 +140,10 @@
 #define CRYPTO_LIB_ERR_ABM_LEN_GREATER_THAN_MAX_ABM_SIZE                    (-67)
 #define CRYPTO_LIB_ERR_STMACF_LEN_GREATER_THAN_MAX_MAC_SIZE                 (-68)
 #define CRYPTO_LIB_ERR_SHPLF_LEN_GREATER_THAN_MAX_PAD_SIZE                  (-69)
+#define CRYPTO_LIB_ERR_INVALID_SVC_TYPE_WITH_ARSN                           (-70)
+#define CRYPTO_LIB_ERR_ARSN_LT_SHSNF                                        (-71)
 
-#define CRYPTO_CORE_ERROR_CODES_MAX -69
+#define CRYPTO_CORE_ERROR_CODES_MAX -71
 
 // Define codes for returning MDB Strings, and determining error based on strings
 #define CAM_ERROR_CODES     600

diff --git a/src/core/crypto_error.c b/src/core/crypto_error.c
@@ -90,7 +90,9 @@ char *crypto_enum_errlist_core[] = {(char *)"CRYPTO_LIB_SUCCESS",
                                     (char *)"CRYPTO_LIB_ERR_SHSNF_LEN_GREATER_THAN_MAX_ARSN_SIZE",
                                     (char *)"CRYPTO_LIB_ERR_ABM_LEN_GREATER_THAN_MAX_ABM_SIZE",
                                     (char *)"CRYPTO_LIB_ERR_STMACF_LEN_GREATER_THAN_MAX_MAC_SIZE",
-                                    (char *)"CRYPTO_LIB_ERR_SHPLF_LEN_GREATER_THAN_MAX_PAD_SIZE"};
+                                    (char *)"CRYPTO_LIB_ERR_SHPLF_LEN_GREATER_THAN_MAX_PAD_SIZE",
+                                    (char *)"CRYPTO_LIB_ERR_INVALID_SVC_TYPE_WITH_ARSN",
+                                    (char *)"CRYPTO_LIB_ERR_ARSN_LT_SHSNF"};
 
 char *crypto_enum_errlist_config[] = {
     (char *)"CRYPTO_CONFIGURATION_NOT_COMPLETE",

diff --git a/src/core/crypto_mc.c b/src/core/crypto_mc.c
@@ -267,17 +267,18 @@ int32_t Crypto_SA_readARSN(uint8_t *ingest)
         uint16_t               spi = 0x0000;
         SecurityAssociation_t *sa_ptr;
         int                    x;
+        int                    status = CRYPTO_LIB_SUCCESS;
 
         // Read ingest
         spi = ((uint8_t)sdls_frame.pdu.data[0] << BYTE_LEN) | (uint8_t)sdls_frame.pdu.data[1];
+        status = sa_if->sa_get_from_spi(spi, &sa_ptr);
 
-        if (sa_if->sa_get_from_spi(spi, &sa_ptr) != CRYPTO_LIB_SUCCESS)
+        if (status != CRYPTO_LIB_SUCCESS)
         {
             // TODO - Error handling
-            status = CRYPTO_LIB_ERR_SA_NOT_OPERATIONAL; // Error -- unable to get SA from SPI.
+            return status; // Error -- unable to get SA from SPI.
         }
-
-        if (status == CRYPTO_LIB_SUCCESS)
+        else
         {
             // Prepare for Reply
             sdls_frame.pdu.hdr.pdu_len = (SPI_LEN + sa_ptr->arsn_len) * BYTE_LEN; // bits

diff --git a/src/sa/internal/sa_interface_inmemory.template.c b/src/sa/internal/sa_interface_inmemory.template.c
@@ -731,6 +731,19 @@ static int32_t sa_get_from_spi(uint16_t spi, SecurityAssociation_t **security_as
     {
         return CRYPTO_LIB_ERR_NULL_ABM;
     } // Must have abm if doing authentication
+
+    // ARSN must be 0 octets in length if not using Auth/Auth Enc
+    if (sa[spi].ast == 0 && sa[spi].arsn_len != 0)
+    {
+        return CRYPTO_LIB_ERR_INVALID_SVC_TYPE_WITH_ARSN;
+    }
+
+    // ARSN length cannot be less than shsnf length
+    if (sa[spi].shsnf_len > sa[spi].arsn_len)
+    {
+        return CRYPTO_LIB_ERR_ARSN_LT_SHSNF;
+    }
+
 #ifdef SA_DEBUG
     printf(KYEL "DEBUG - Printing local copy of SA Entry for current SPI.\n" RESET);
     Crypto_saPrint(*security_association);
@@ -860,6 +873,20 @@ void sa_non_operational_sa(int *i_p, int32_t *status, uint8_t tfvn, uint16_t sci
     *i_p = i;
 }
 
+void sa_mismatched_arsn(int *i_p, int32_t *status, uint8_t tfvn, uint16_t scid, uint16_t vcid, uint8_t mapid)
+{
+    int i = *i_p;
+    if ((sa[i].arsn_len > 0 && sa[i].ast == 0) && (sa[i].gvcid_blk.tfvn == tfvn) && (sa[i].gvcid_blk.scid == scid) && (sa[i].gvcid_blk.vcid == vcid) &&
+        (sa[i].gvcid_blk.mapid == mapid && sa[i].sa_state == SA_OPERATIONAL))
+    {
+#ifdef SA_DEBUG
+        printf(KRED "An operational SA (%d) was found - but invalid ARSN length.\n" RESET, sa[i].spi);
+#endif
+        *status = CRYPTO_LIB_ERR_INVALID_SVC_TYPE_WITH_ARSN;
+    }
+    *i_p = i;
+}
+
 void sa_debug_block(uint8_t tfvn, uint16_t scid, uint16_t vcid, uint8_t mapid)
 {
 // Detailed debug block
@@ -922,6 +949,12 @@ int32_t sa_get_operational_sa_from_gvcid_generate_error(int32_t *status, uint8_t
                 sa_debug_block(tfvn, scid, vcid, mapid);
                 return *status;
             }
+            sa_mismatched_arsn(&i, status, tfvn, scid, vcid, mapid);
+            if (*status != CRYPTO_LIB_SUCCESS)
+            {
+                sa_debug_block(tfvn, scid, vcid, mapid);
+                return *status;
+            }
         }
     }
     return *status;

diff --git a/test/unit/ut_aos_process.c b/test/unit/ut_aos_process.c
@@ -285,7 +285,9 @@ UTEST(AOS_PROCESS, HAPPY_PATH_CLEAR_FECF)
     sa_if->sa_get_from_spi(10, &sa_ptr); // Disable SPI 10
     sa_ptr->sa_state = SA_KEYED;
     sa_if->sa_get_from_spi(9, &sa_ptr); // Enable and setup 9
-    sa_ptr->sa_state = SA_OPERATIONAL;
+    sa_ptr->sa_state  = SA_OPERATIONAL;
+    sa_ptr->arsn_len  = 0;
+    sa_ptr->shsnf_len = 0;
 
     status =
         Crypto_AOS_ProcessSecurity((uint8_t *)framed_aos_b, framed_aos_len, &ptr_processed_frame, &processed_aos_len);
@@ -475,6 +477,8 @@ UTEST(AOS_PROCESS, INSERT_ZONE_PRESENT_PLAINTEXT)
     sa_ptr->sa_state = SA_KEYED;
     sa_if->sa_get_from_spi(9, &sa_ptr); // Enable and setup 9
     sa_ptr->sa_state = SA_OPERATIONAL;
+    sa_ptr->arsn_len = 0;
+    sa_ptr->shsnf_len = 0;
 
     status =
         Crypto_AOS_ProcessSecurity((uint8_t *)framed_aos_b, framed_aos_len, &ptr_processed_frame, &processed_aos_len);
@@ -517,16 +521,13 @@ UTEST(AOS_PROCESS, AES_CMAC_256_TEST_0)
                             TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE,
                             AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE);
     // AOS Tests
-    // Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786,
-    // AOS_FHEC_NA, AOS_IZ_NA, 0);
     GvcidManagedParameters_t AOS_UT_Managed_Parameters = {
         1, 0x002c, 0, AOS_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, AOS_SEGMENT_HDRS_NA, 1786, AOS_NO_OCF, 1};
     Crypto_Config_Add_Gvcid_Managed_Parameters(AOS_UT_Managed_Parameters);
     status = Crypto_Init();
 
     // Test frame setup
     // Note: SPI 11 (0x0B)
-    // Setup:             | hdr 6    |SPI| data | MAC | FECF
     char *framed_aos_h =
         "42C000001800000B08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAA"
         "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
@@ -582,7 +583,6 @@ UTEST(AOS_PROCESS, AES_CMAC_256_TEST_0)
     sa_ptr->gvcid_blk.scid = 0x44;
     sa_ptr->iv_len         = 0;
     sa_ptr->shivf_len      = 0;
-    memset(sa_ptr->abm, 0x00, (sa_ptr->abm_len * sizeof(uint8_t))); // Bitmask of zeros
 
     // Truth frame setup
     char *truth_aos_h =
@@ -623,11 +623,6 @@ UTEST(AOS_PROCESS, AES_CMAC_256_TEST_0)
     int   truth_aos_len = 0;
     hex_conversion(truth_aos_h, &truth_aos_b, &truth_aos_len);
 
-    // Test Specific Setup
-    // SaInterface sa_if = get_sa_interface_inmemory();
-    // Expose/setup SA for testing
-    // Configure SA 15
-
     status =
         Crypto_AOS_ProcessSecurity((uint8_t *)framed_aos_b, framed_aos_len, &ptr_processed_frame, &processed_aos_len);
     ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
@@ -1738,6 +1733,8 @@ UTEST(AOS_PROCESS, AEAD_GCM_BITMASK_1)
 
 UTEST(AOS_PROCESS, AOS_SA_SEGFAULT_TEST)
 {
+    remove("sa_save_file.bin");
+
     // Local Variables
     int32_t  status              = CRYPTO_LIB_SUCCESS;
     uint8_t *ptr_processed_frame = NULL;
@@ -1773,6 +1770,8 @@ UTEST(AOS_PROCESS, AOS_SA_SEGFAULT_TEST)
 
 UTEST(AOS_PROCESS, AOS_SA_NOT_OPERATIONAL)
 {
+    remove("sa_save_file.bin");
+
     // Local Variables
     int32_t  status              = CRYPTO_LIB_SUCCESS;
     uint8_t *ptr_processed_frame = NULL;
@@ -1792,17 +1791,17 @@ UTEST(AOS_PROCESS, AOS_SA_NOT_OPERATIONAL)
     status = Crypto_Init();
 
     // Test frame setup
-    char *framed_aos_h   = "42C00000000000050000000000000000FFFF";
+    char *framed_aos_h   = "42C00000000800090000000000000000FFFF";
     char *framed_aos_b   = NULL;
     int   framed_aos_len = 0;
     hex_conversion(framed_aos_h, &framed_aos_b, &framed_aos_len);
 
     SecurityAssociation_t *sa_ptr = NULL;
     SaInterface            sa_if  = get_sa_interface_inmemory();
-    sa_if->sa_get_from_spi(10, &sa_ptr); // Disable SPI 10
-    sa_ptr->sa_state = SA_KEYED;
-    sa_if->sa_get_from_spi(5, &sa_ptr); // Enable and setup 5
+    sa_if->sa_get_from_spi(9, &sa_ptr); // Disable SPI 10
     sa_ptr->sa_state = SA_NONE;
+    sa_ptr->arsn_len = 0;
+    sa_ptr->shsnf_len = 0;
 
     crypto_key_t *ekp = NULL;
     ekp               = key_if->get_key(sa_ptr->ekid);
@@ -1842,19 +1841,23 @@ UTEST(AOS_PROCESS, AOS_OCF_TEST)
     status = Crypto_Init();
 
     // Test frame setup
-    char *framed_aos_h   = "42C00000001500090000000000000000DEADBEEFFFFF";
+    char *framed_aos_h   = "42C00000000800090000000000000000DEADBEEFFFFF";
     char *framed_aos_b   = NULL;
     int   framed_aos_len = 0;
     hex_conversion(framed_aos_h, &framed_aos_b, &framed_aos_len);
 
     SecurityAssociation_t *sa_ptr = NULL;
     SaInterface            sa_if  = get_sa_interface_inmemory();
-    sa_if->sa_get_from_spi(9, &sa_ptr); // Enable and setup 5
-    sa_ptr->sa_state        = SA_OPERATIONAL;
-    sa_ptr->shivf_len       = 0;
-    sa_ptr->gvcid_blk.tfvn  = 1;
-    sa_ptr->gvcid_blk.vcid  = 0;
-    sa_ptr->gvcid_blk.mapid = 0;
+    sa_if->sa_get_from_spi(9, &sa_ptr); // Enable and setup 9
+    sa_ptr->sa_state   = SA_OPERATIONAL;
+    sa_ptr->shivf_len  = 0;
+    sa_ptr->shsnf_len  = 0;
+    sa_ptr->arsn_len   = 0;
+    sa_ptr->iv_len     = 0;
+    sa_ptr->shivf_len  = 0;
+    sa_ptr->stmacf_len = 0;
+    sa_ptr->arsnw_len  = 0;
+    sa_ptr->arsn_len   = 0;
 
     status =
         Crypto_AOS_ProcessSecurity((uint8_t *)framed_aos_b, framed_aos_len, &ptr_processed_frame, &processed_aos_len);
@@ -1898,9 +1901,11 @@ UTEST(AOS_PROCESS, AOS_KEY_STATE_TEST)
     sa_if->sa_get_from_spi(10, &sa_ptr); // Disable SPI 10
     sa_ptr->sa_state = SA_KEYED;
     sa_if->sa_get_from_spi(5, &sa_ptr); // Enable and setup 5
-    sa_ptr->sa_state = SA_OPERATIONAL;
-    sa_ptr->est      = 1;
-    sa_ptr->ecs      = CRYPTO_CIPHER_AES256_GCM;
+    sa_ptr->sa_state  = SA_OPERATIONAL;
+    sa_ptr->est       = 1;
+    sa_ptr->ecs       = CRYPTO_CIPHER_AES256_GCM;
+    sa_ptr->arsn_len  = 0;
+    sa_ptr->shsnf_len = 0;
 
     crypto_key_t *ekp = NULL;
     ekp               = key_if->get_key(sa_ptr->ekid);

diff --git a/test/unit/ut_crypto.c b/test/unit/ut_crypto.c
@@ -460,7 +460,7 @@ UTEST(CRYPTO_C, OTAR_0_140_142_FAIL_TEST)
     // Expect success on next valid IV && ARSN
     printf(KGRN "Checking  next valid IV && valid ARSN... should be able to receive it... \n" RESET);
     status = Crypto_TC_ProcessSecurity(buffer_OTAR_b, &buffer_OTAR_len, &tc_nist_processed_frame);
-    ASSERT_EQ(CRYPTO_LIB_ERR_SDLS_EP_NOT_BUILT, status);
+    ASSERT_NE(CRYPTO_LIB_SUCCESS, status);
 
     printf("\n");
     Crypto_Shutdown();