Skip to content

Commit

Permalink
Merge pull request #403 from nasa/402-quickfix-kmc-should-not-call-ge…
Browse files Browse the repository at this point in the history 
…t_key

Release 1.3.3 - KMC Quickfix
  • Loading branch information
@Donnie-Ice
Donnie-Ice authored Feb 5, 2025
2 parents c9b7265 + f04173c commit c09fdc2
Show file tree
Hide file tree
Showing 3 changed files with 183 additions and 135 deletions.
91 changes: 50 additions & 41 deletions src/core/crypto_aos.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -360,31 +360,34 @@ int32_t Crypto_AOS_ApplySecurity(uint8_t *pTfBuffer)
// Get Key
crypto_key_t *ekp = NULL;
crypto_key_t *akp = NULL;
ekp = key_if->get_key(sa_ptr->ekid);
akp = key_if->get_key(sa_ptr->akid);

if (ekp == NULL || akp == NULL)
if (crypto_config.key_type != KEY_TYPE_KMC)
{
status = CRYPTO_LIB_ERR_KEY_ID_ERROR;
mc_if->mc_log(status);
return status;
}
if (sa_ptr->est == 1)
{
if (ekp->key_state != KEY_ACTIVE)
ekp = key_if->get_key(sa_ptr->ekid);
akp = key_if->get_key(sa_ptr->akid);

if (ekp == NULL || akp == NULL)
{
status = CRYPTO_LIB_ERR_KEY_STATE_INVALID;
status = CRYPTO_LIB_ERR_KEY_ID_ERROR;
mc_if->mc_log(status);
return status;
}
}
if (sa_ptr->ast == 1)
{
if (akp->key_state != KEY_ACTIVE)
if (sa_ptr->est == 1)
{
status = CRYPTO_LIB_ERR_KEY_STATE_INVALID;
mc_if->mc_log(status);
return status;
if (ekp->key_state != KEY_ACTIVE)
{
status = CRYPTO_LIB_ERR_KEY_STATE_INVALID;
mc_if->mc_log(status);
return status;
}
}
if (sa_ptr->ast == 1)
{
if (akp->key_state != KEY_ACTIVE)
{
status = CRYPTO_LIB_ERR_KEY_STATE_INVALID;
mc_if->mc_log(status);
return status;
}
}
}

Expand Down Expand Up @@ -1216,34 +1219,40 @@ int32_t Crypto_AOS_ProcessSecurity(uint8_t *p_ingest, uint16_t len_ingest, uint8

if (sa_ptr->est == 1)
{
ekp = key_if->get_key(sa_ptr->ekid);
if (ekp == NULL)
{
status = CRYPTO_LIB_ERR_KEY_ID_ERROR;
mc_if->mc_log(status);
return status;
}
if (ekp->key_state != KEY_ACTIVE)
if (crypto_config.key_type != KEY_TYPE_KMC)
{
status = CRYPTO_LIB_ERR_KEY_STATE_INVALID;
mc_if->mc_log(status);
return status;
ekp = key_if->get_key(sa_ptr->ekid);
if (ekp == NULL)
{
status = CRYPTO_LIB_ERR_KEY_ID_ERROR;
mc_if->mc_log(status);
return status;
}
if (ekp->key_state != KEY_ACTIVE)
{
status = CRYPTO_LIB_ERR_KEY_STATE_INVALID;
mc_if->mc_log(status);
return status;
}
}
}
if (sa_ptr->ast == 1)
{
akp = key_if->get_key(sa_ptr->akid);
if (akp == NULL)
{
status = CRYPTO_LIB_ERR_KEY_ID_ERROR;
mc_if->mc_log(status);
return status;
}
if (akp->key_state != KEY_ACTIVE)
if (crypto_config.key_type != KEY_TYPE_KMC)
{
status = CRYPTO_LIB_ERR_KEY_STATE_INVALID;
mc_if->mc_log(status);
return status;
akp = key_if->get_key(sa_ptr->akid);
if (akp == NULL)
{
status = CRYPTO_LIB_ERR_KEY_ID_ERROR;
mc_if->mc_log(status);
return status;
}
if (akp->key_state != KEY_ACTIVE)
{
status = CRYPTO_LIB_ERR_KEY_STATE_INVALID;
mc_if->mc_log(status);
return status;
}
}
}

Expand Down
162 changes: 96 additions & 66 deletions src/core/crypto_tc.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -354,34 +354,40 @@ int32_t Crypto_TC_Do_Encrypt_PLAINTEXT(uint8_t sa_service_type, SecurityAssociat

if (sa_ptr->est == 1)
{
ekp = key_if->get_key(sa_ptr->ekid);
if (ekp == NULL)
if (crypto_config.key_type != KEY_TYPE_KMC)
{
status = CRYPTO_LIB_ERR_KEY_ID_ERROR;
mc_if->mc_log(status);
return status;
}
if (ekp->key_state != KEY_ACTIVE)
{
status = CRYPTO_LIB_ERR_KEY_STATE_INVALID;
mc_if->mc_log(status);
return status;
ekp = key_if->get_key(sa_ptr->ekid);
if (ekp == NULL)
{
status = CRYPTO_LIB_ERR_KEY_ID_ERROR;
mc_if->mc_log(status);
return status;
}
if (ekp->key_state != KEY_ACTIVE)
{
status = CRYPTO_LIB_ERR_KEY_STATE_INVALID;
mc_if->mc_log(status);
return status;
}
}
}
if (sa_ptr->ast == 1)
{
akp = key_if->get_key(sa_ptr->akid);
if (akp == NULL)
{
status = CRYPTO_LIB_ERR_KEY_ID_ERROR;
mc_if->mc_log(status);
return status;
}
if (akp->key_state != KEY_ACTIVE)
if (crypto_config.key_type != KEY_TYPE_KMC)
{
status = CRYPTO_LIB_ERR_KEY_STATE_INVALID;
mc_if->mc_log(status);
return status;
akp = key_if->get_key(sa_ptr->akid);
if (akp == NULL)
{
status = CRYPTO_LIB_ERR_KEY_ID_ERROR;
mc_if->mc_log(status);
return status;
}
if (akp->key_state != KEY_ACTIVE)
{
status = CRYPTO_LIB_ERR_KEY_STATE_INVALID;
mc_if->mc_log(status);
return status;
}
}
}

Expand Down Expand Up @@ -427,13 +433,16 @@ int32_t Crypto_TC_Do_Encrypt_PLAINTEXT(uint8_t sa_service_type, SecurityAssociat

if (ecs_is_aead_algorithm == CRYPTO_TRUE)
{
// Check that key length to be used ets the algorithm requirement
if ((int32_t)ekp->key_len != Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs))
if (crypto_config.key_type != KEY_TYPE_KMC)
{
Crypto_TC_Safe_Free_Ptr(*aad);
status = CRYPTO_LIB_ERR_KEY_LENGTH_ERROR;
mc_if->mc_log(status);
return status;
// Check that key length to be used ets the algorithm requirement
if ((int32_t)ekp->key_len != Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs))
{
Crypto_TC_Safe_Free_Ptr(*aad);
status = CRYPTO_LIB_ERR_KEY_LENGTH_ERROR;
mc_if->mc_log(status);
return status;
}
}

status = cryptography_if->cryptography_aead_encrypt(
Expand All @@ -460,11 +469,14 @@ int32_t Crypto_TC_Do_Encrypt_PLAINTEXT(uint8_t sa_service_type, SecurityAssociat
// TODO - implement non-AEAD algorithm logic
if (sa_service_type == SA_ENCRYPTION)
{
// Check that key length to be used ets the algorithm requirement
if ((int32_t)ekp->key_len != Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs))
if (crypto_config.key_type != KEY_TYPE_KMC)
{
Crypto_TC_Safe_Free_Ptr(*aad);
return CRYPTO_LIB_ERR_KEY_LENGTH_ERROR;
// Check that key length to be used ets the algorithm requirement
if ((int32_t)ekp->key_len != Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs))
{
Crypto_TC_Safe_Free_Ptr(*aad);
return CRYPTO_LIB_ERR_KEY_LENGTH_ERROR;
}
}

status = cryptography_if->cryptography_encrypt(
Expand Down Expand Up @@ -1377,12 +1389,14 @@ int32_t Crypto_TC_Do_Decrypt(uint8_t sa_service_type, uint8_t ecs_is_aead_algori
if (sa_service_type != SA_PLAINTEXT && ecs_is_aead_algorithm == CRYPTO_TRUE)
{
// Check that key length to be used meets the algorithm requirement

status = Crypto_TC_Check_ECS_Keylen(ekp, sa_ptr);
if (status != CRYPTO_LIB_SUCCESS)
if (crypto_config.key_type != KEY_TYPE_KMC)
{
Crypto_TC_Safe_Free_Ptr(aad);
return status;
status = Crypto_TC_Check_ECS_Keylen(ekp, sa_ptr);
if (status != CRYPTO_LIB_SUCCESS)
{
Crypto_TC_Safe_Free_Ptr(aad);
return status;
}
}

status = cryptography_if->cryptography_aead_decrypt(
Expand Down Expand Up @@ -1412,12 +1426,15 @@ int32_t Crypto_TC_Do_Decrypt(uint8_t sa_service_type, uint8_t ecs_is_aead_algori
// TODO - implement non-AEAD algorithm logic
if (sa_service_type == SA_AUTHENTICATION || sa_service_type == SA_AUTHENTICATED_ENCRYPTION)
{
// Check that key length to be used ets the algorithm requirement
status = Crypto_TC_Check_ACS_Keylen(akp, sa_ptr);
if (status != CRYPTO_LIB_SUCCESS)
if (crypto_config.key_type != KEY_TYPE_KMC)
{
Crypto_TC_Safe_Free_Ptr(aad);
return status;
// Check that key length to be used ets the algorithm requirement
status = Crypto_TC_Check_ACS_Keylen(akp, sa_ptr);
if (status != CRYPTO_LIB_SUCCESS)
{
Crypto_TC_Safe_Free_Ptr(aad);
return status;
}
}

status = cryptography_if->cryptography_validate_authentication(
Expand All @@ -1441,13 +1458,16 @@ int32_t Crypto_TC_Do_Decrypt(uint8_t sa_service_type, uint8_t ecs_is_aead_algori
}
if (sa_service_type == SA_ENCRYPTION || sa_service_type == SA_AUTHENTICATED_ENCRYPTION)
{
// Check that key length to be used emets the algorithm requirement
if ((int32_t)ekp->key_len != Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs))
if (crypto_config.key_type != KEY_TYPE_KMC)
{
Crypto_TC_Safe_Free_Ptr(aad);
status = CRYPTO_LIB_ERR_KEY_LENGTH_ERROR;
mc_if->mc_log(status);
return status;
// Check that key length to be used emets the algorithm requirement
if ((int32_t)ekp->key_len != Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs))
{
Crypto_TC_Safe_Free_Ptr(aad);
status = CRYPTO_LIB_ERR_KEY_LENGTH_ERROR;
mc_if->mc_log(status);
return status;
}
}

status =
Expand Down Expand Up @@ -1578,33 +1598,43 @@ int32_t Crypto_TC_Prep_AAD(TC_t *tc_sdls_processed_frame, uint8_t fecf_len, uint
int32_t Crypto_TC_Get_Keys(crypto_key_t **ekp, crypto_key_t **akp, SecurityAssociation_t *sa_ptr)
{
int32_t status = CRYPTO_LIB_SUCCESS;
*ekp = key_if->get_key(sa_ptr->ekid);
*akp = key_if->get_key(sa_ptr->akid);

if (crypto_config.key_type != KEY_TYPE_KMC)
{
*ekp = key_if->get_key(sa_ptr->ekid);
*akp = key_if->get_key(sa_ptr->akid);
}

if (sa_ptr->est == 1)
{
if (*ekp == NULL)
if (crypto_config.key_type != KEY_TYPE_KMC)
{
status = CRYPTO_LIB_ERR_KEY_ID_ERROR;
mc_if->mc_log(status);
}
if ((*ekp)->key_state != KEY_ACTIVE && (status == CRYPTO_LIB_SUCCESS))
{
status = CRYPTO_LIB_ERR_KEY_STATE_INVALID;
mc_if->mc_log(status);
if (*ekp == NULL)
{
status = CRYPTO_LIB_ERR_KEY_ID_ERROR;
mc_if->mc_log(status);
}
if ((*ekp)->key_state != KEY_ACTIVE && (status == CRYPTO_LIB_SUCCESS))
{
status = CRYPTO_LIB_ERR_KEY_STATE_INVALID;
mc_if->mc_log(status);
}
}
}
if (sa_ptr->ast == 1 && status == CRYPTO_LIB_SUCCESS)
{
if ((*akp == NULL) && (status == CRYPTO_LIB_SUCCESS))
if (crypto_config.key_type != KEY_TYPE_KMC)
{
status = CRYPTO_LIB_ERR_KEY_ID_ERROR;
mc_if->mc_log(status);
}
if ((*akp)->key_state != KEY_ACTIVE && (status == CRYPTO_LIB_SUCCESS))
{
status = CRYPTO_LIB_ERR_KEY_STATE_INVALID;
mc_if->mc_log(status);
if ((*akp == NULL) && (status == CRYPTO_LIB_SUCCESS))
{
status = CRYPTO_LIB_ERR_KEY_ID_ERROR;
mc_if->mc_log(status);
}
if ((*akp)->key_state != KEY_ACTIVE && (status == CRYPTO_LIB_SUCCESS))
{
status = CRYPTO_LIB_ERR_KEY_STATE_INVALID;
mc_if->mc_log(status);
}
}
}

Expand Down
Loading

0 comments on commit c09fdc2

Please sign in to comment.