diff --git a/src/core/crypto_aos.c b/src/core/crypto_aos.c index d9aead6b..fafd4a41 100644 --- a/src/core/crypto_aos.c +++ b/src/core/crypto_aos.c @@ -360,31 +360,34 @@ int32_t Crypto_AOS_ApplySecurity(uint8_t *pTfBuffer) // Get Key crypto_key_t *ekp = NULL; crypto_key_t *akp = NULL; - ekp = key_if->get_key(sa_ptr->ekid); - akp = key_if->get_key(sa_ptr->akid); - - if (ekp == NULL || akp == NULL) + if (crypto_config.key_type != KEY_TYPE_KMC) { - status = CRYPTO_LIB_ERR_KEY_ID_ERROR; - mc_if->mc_log(status); - return status; - } - if (sa_ptr->est == 1) - { - if (ekp->key_state != KEY_ACTIVE) + ekp = key_if->get_key(sa_ptr->ekid); + akp = key_if->get_key(sa_ptr->akid); + + if (ekp == NULL || akp == NULL) { - status = CRYPTO_LIB_ERR_KEY_STATE_INVALID; + status = CRYPTO_LIB_ERR_KEY_ID_ERROR; mc_if->mc_log(status); return status; } - } - if (sa_ptr->ast == 1) - { - if (akp->key_state != KEY_ACTIVE) + if (sa_ptr->est == 1) { - status = CRYPTO_LIB_ERR_KEY_STATE_INVALID; - mc_if->mc_log(status); - return status; + if (ekp->key_state != KEY_ACTIVE) + { + status = CRYPTO_LIB_ERR_KEY_STATE_INVALID; + mc_if->mc_log(status); + return status; + } + } + if (sa_ptr->ast == 1) + { + if (akp->key_state != KEY_ACTIVE) + { + status = CRYPTO_LIB_ERR_KEY_STATE_INVALID; + mc_if->mc_log(status); + return status; + } } } @@ -1216,34 +1219,40 @@ int32_t Crypto_AOS_ProcessSecurity(uint8_t *p_ingest, uint16_t len_ingest, uint8 if (sa_ptr->est == 1) { - ekp = key_if->get_key(sa_ptr->ekid); - if (ekp == NULL) - { - status = CRYPTO_LIB_ERR_KEY_ID_ERROR; - mc_if->mc_log(status); - return status; - } - if (ekp->key_state != KEY_ACTIVE) + if (crypto_config.key_type != KEY_TYPE_KMC) { - status = CRYPTO_LIB_ERR_KEY_STATE_INVALID; - mc_if->mc_log(status); - return status; + ekp = key_if->get_key(sa_ptr->ekid); + if (ekp == NULL) + { + status = CRYPTO_LIB_ERR_KEY_ID_ERROR; + mc_if->mc_log(status); + return status; + } + if (ekp->key_state != KEY_ACTIVE) + { + status = CRYPTO_LIB_ERR_KEY_STATE_INVALID; + mc_if->mc_log(status); + return status; + } } } if (sa_ptr->ast == 1) { - akp = key_if->get_key(sa_ptr->akid); - if (akp == NULL) - { - status = CRYPTO_LIB_ERR_KEY_ID_ERROR; - mc_if->mc_log(status); - return status; - } - if (akp->key_state != KEY_ACTIVE) + if (crypto_config.key_type != KEY_TYPE_KMC) { - status = CRYPTO_LIB_ERR_KEY_STATE_INVALID; - mc_if->mc_log(status); - return status; + akp = key_if->get_key(sa_ptr->akid); + if (akp == NULL) + { + status = CRYPTO_LIB_ERR_KEY_ID_ERROR; + mc_if->mc_log(status); + return status; + } + if (akp->key_state != KEY_ACTIVE) + { + status = CRYPTO_LIB_ERR_KEY_STATE_INVALID; + mc_if->mc_log(status); + return status; + } } } diff --git a/src/core/crypto_tc.c b/src/core/crypto_tc.c index 92b65284..d1c0b678 100644 --- a/src/core/crypto_tc.c +++ b/src/core/crypto_tc.c @@ -354,34 +354,40 @@ int32_t Crypto_TC_Do_Encrypt_PLAINTEXT(uint8_t sa_service_type, SecurityAssociat if (sa_ptr->est == 1) { - ekp = key_if->get_key(sa_ptr->ekid); - if (ekp == NULL) + if (crypto_config.key_type != KEY_TYPE_KMC) { - status = CRYPTO_LIB_ERR_KEY_ID_ERROR; - mc_if->mc_log(status); - return status; - } - if (ekp->key_state != KEY_ACTIVE) - { - status = CRYPTO_LIB_ERR_KEY_STATE_INVALID; - mc_if->mc_log(status); - return status; + ekp = key_if->get_key(sa_ptr->ekid); + if (ekp == NULL) + { + status = CRYPTO_LIB_ERR_KEY_ID_ERROR; + mc_if->mc_log(status); + return status; + } + if (ekp->key_state != KEY_ACTIVE) + { + status = CRYPTO_LIB_ERR_KEY_STATE_INVALID; + mc_if->mc_log(status); + return status; + } } } if (sa_ptr->ast == 1) { - akp = key_if->get_key(sa_ptr->akid); - if (akp == NULL) - { - status = CRYPTO_LIB_ERR_KEY_ID_ERROR; - mc_if->mc_log(status); - return status; - } - if (akp->key_state != KEY_ACTIVE) + if (crypto_config.key_type != KEY_TYPE_KMC) { - status = CRYPTO_LIB_ERR_KEY_STATE_INVALID; - mc_if->mc_log(status); - return status; + akp = key_if->get_key(sa_ptr->akid); + if (akp == NULL) + { + status = CRYPTO_LIB_ERR_KEY_ID_ERROR; + mc_if->mc_log(status); + return status; + } + if (akp->key_state != KEY_ACTIVE) + { + status = CRYPTO_LIB_ERR_KEY_STATE_INVALID; + mc_if->mc_log(status); + return status; + } } } @@ -427,13 +433,16 @@ int32_t Crypto_TC_Do_Encrypt_PLAINTEXT(uint8_t sa_service_type, SecurityAssociat if (ecs_is_aead_algorithm == CRYPTO_TRUE) { - // Check that key length to be used ets the algorithm requirement - if ((int32_t)ekp->key_len != Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs)) + if (crypto_config.key_type != KEY_TYPE_KMC) { - Crypto_TC_Safe_Free_Ptr(*aad); - status = CRYPTO_LIB_ERR_KEY_LENGTH_ERROR; - mc_if->mc_log(status); - return status; + // Check that key length to be used ets the algorithm requirement + if ((int32_t)ekp->key_len != Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs)) + { + Crypto_TC_Safe_Free_Ptr(*aad); + status = CRYPTO_LIB_ERR_KEY_LENGTH_ERROR; + mc_if->mc_log(status); + return status; + } } status = cryptography_if->cryptography_aead_encrypt( @@ -460,11 +469,14 @@ int32_t Crypto_TC_Do_Encrypt_PLAINTEXT(uint8_t sa_service_type, SecurityAssociat // TODO - implement non-AEAD algorithm logic if (sa_service_type == SA_ENCRYPTION) { - // Check that key length to be used ets the algorithm requirement - if ((int32_t)ekp->key_len != Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs)) + if (crypto_config.key_type != KEY_TYPE_KMC) { - Crypto_TC_Safe_Free_Ptr(*aad); - return CRYPTO_LIB_ERR_KEY_LENGTH_ERROR; + // Check that key length to be used ets the algorithm requirement + if ((int32_t)ekp->key_len != Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs)) + { + Crypto_TC_Safe_Free_Ptr(*aad); + return CRYPTO_LIB_ERR_KEY_LENGTH_ERROR; + } } status = cryptography_if->cryptography_encrypt( @@ -1377,12 +1389,14 @@ int32_t Crypto_TC_Do_Decrypt(uint8_t sa_service_type, uint8_t ecs_is_aead_algori if (sa_service_type != SA_PLAINTEXT && ecs_is_aead_algorithm == CRYPTO_TRUE) { // Check that key length to be used meets the algorithm requirement - - status = Crypto_TC_Check_ECS_Keylen(ekp, sa_ptr); - if (status != CRYPTO_LIB_SUCCESS) + if (crypto_config.key_type != KEY_TYPE_KMC) { - Crypto_TC_Safe_Free_Ptr(aad); - return status; + status = Crypto_TC_Check_ECS_Keylen(ekp, sa_ptr); + if (status != CRYPTO_LIB_SUCCESS) + { + Crypto_TC_Safe_Free_Ptr(aad); + return status; + } } status = cryptography_if->cryptography_aead_decrypt( @@ -1412,12 +1426,15 @@ int32_t Crypto_TC_Do_Decrypt(uint8_t sa_service_type, uint8_t ecs_is_aead_algori // TODO - implement non-AEAD algorithm logic if (sa_service_type == SA_AUTHENTICATION || sa_service_type == SA_AUTHENTICATED_ENCRYPTION) { - // Check that key length to be used ets the algorithm requirement - status = Crypto_TC_Check_ACS_Keylen(akp, sa_ptr); - if (status != CRYPTO_LIB_SUCCESS) + if (crypto_config.key_type != KEY_TYPE_KMC) { - Crypto_TC_Safe_Free_Ptr(aad); - return status; + // Check that key length to be used ets the algorithm requirement + status = Crypto_TC_Check_ACS_Keylen(akp, sa_ptr); + if (status != CRYPTO_LIB_SUCCESS) + { + Crypto_TC_Safe_Free_Ptr(aad); + return status; + } } status = cryptography_if->cryptography_validate_authentication( @@ -1441,13 +1458,16 @@ int32_t Crypto_TC_Do_Decrypt(uint8_t sa_service_type, uint8_t ecs_is_aead_algori } if (sa_service_type == SA_ENCRYPTION || sa_service_type == SA_AUTHENTICATED_ENCRYPTION) { - // Check that key length to be used emets the algorithm requirement - if ((int32_t)ekp->key_len != Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs)) + if (crypto_config.key_type != KEY_TYPE_KMC) { - Crypto_TC_Safe_Free_Ptr(aad); - status = CRYPTO_LIB_ERR_KEY_LENGTH_ERROR; - mc_if->mc_log(status); - return status; + // Check that key length to be used emets the algorithm requirement + if ((int32_t)ekp->key_len != Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs)) + { + Crypto_TC_Safe_Free_Ptr(aad); + status = CRYPTO_LIB_ERR_KEY_LENGTH_ERROR; + mc_if->mc_log(status); + return status; + } } status = @@ -1578,33 +1598,43 @@ int32_t Crypto_TC_Prep_AAD(TC_t *tc_sdls_processed_frame, uint8_t fecf_len, uint int32_t Crypto_TC_Get_Keys(crypto_key_t **ekp, crypto_key_t **akp, SecurityAssociation_t *sa_ptr) { int32_t status = CRYPTO_LIB_SUCCESS; - *ekp = key_if->get_key(sa_ptr->ekid); - *akp = key_if->get_key(sa_ptr->akid); + + if (crypto_config.key_type != KEY_TYPE_KMC) + { + *ekp = key_if->get_key(sa_ptr->ekid); + *akp = key_if->get_key(sa_ptr->akid); + } if (sa_ptr->est == 1) { - if (*ekp == NULL) + if (crypto_config.key_type != KEY_TYPE_KMC) { - status = CRYPTO_LIB_ERR_KEY_ID_ERROR; - mc_if->mc_log(status); - } - if ((*ekp)->key_state != KEY_ACTIVE && (status == CRYPTO_LIB_SUCCESS)) - { - status = CRYPTO_LIB_ERR_KEY_STATE_INVALID; - mc_if->mc_log(status); + if (*ekp == NULL) + { + status = CRYPTO_LIB_ERR_KEY_ID_ERROR; + mc_if->mc_log(status); + } + if ((*ekp)->key_state != KEY_ACTIVE && (status == CRYPTO_LIB_SUCCESS)) + { + status = CRYPTO_LIB_ERR_KEY_STATE_INVALID; + mc_if->mc_log(status); + } } } if (sa_ptr->ast == 1 && status == CRYPTO_LIB_SUCCESS) { - if ((*akp == NULL) && (status == CRYPTO_LIB_SUCCESS)) + if (crypto_config.key_type != KEY_TYPE_KMC) { - status = CRYPTO_LIB_ERR_KEY_ID_ERROR; - mc_if->mc_log(status); - } - if ((*akp)->key_state != KEY_ACTIVE && (status == CRYPTO_LIB_SUCCESS)) - { - status = CRYPTO_LIB_ERR_KEY_STATE_INVALID; - mc_if->mc_log(status); + if ((*akp == NULL) && (status == CRYPTO_LIB_SUCCESS)) + { + status = CRYPTO_LIB_ERR_KEY_ID_ERROR; + mc_if->mc_log(status); + } + if ((*akp)->key_state != KEY_ACTIVE && (status == CRYPTO_LIB_SUCCESS)) + { + status = CRYPTO_LIB_ERR_KEY_STATE_INVALID; + mc_if->mc_log(status); + } } } diff --git a/src/core/crypto_tm.c b/src/core/crypto_tm.c index ac01ef7d..dce08d08 100644 --- a/src/core/crypto_tm.c +++ b/src/core/crypto_tm.c @@ -240,34 +240,40 @@ int32_t Crypto_TM_Get_Keys(crypto_key_t **ekp, crypto_key_t **akp, SecurityAssoc if (sa_ptr->est == 1) { - *ekp = key_if->get_key(sa_ptr->ekid); - if (*ekp == NULL) + if (crypto_config.key_type != KEY_TYPE_KMC) { - status = CRYPTO_LIB_ERR_KEY_ID_ERROR; - mc_if->mc_log(status); - return status; - } - if ((*ekp)->key_state != KEY_ACTIVE) - { - status = CRYPTO_LIB_ERR_KEY_STATE_INVALID; - mc_if->mc_log(status); - return status; + *ekp = key_if->get_key(sa_ptr->ekid); + if (*ekp == NULL) + { + status = CRYPTO_LIB_ERR_KEY_ID_ERROR; + mc_if->mc_log(status); + return status; + } + if ((*ekp)->key_state != KEY_ACTIVE) + { + status = CRYPTO_LIB_ERR_KEY_STATE_INVALID; + mc_if->mc_log(status); + return status; + } } } if (sa_ptr->ast == 1) { - *akp = key_if->get_key(sa_ptr->akid); - if (*akp == NULL) - { - status = CRYPTO_LIB_ERR_KEY_ID_ERROR; - mc_if->mc_log(status); - return status; - } - if ((*akp)->key_state != KEY_ACTIVE) + if (crypto_config.key_type != KEY_TYPE_KMC) { - status = CRYPTO_LIB_ERR_KEY_STATE_INVALID; - mc_if->mc_log(status); - return status; + *akp = key_if->get_key(sa_ptr->akid); + if (*akp == NULL) + { + status = CRYPTO_LIB_ERR_KEY_ID_ERROR; + mc_if->mc_log(status); + return status; + } + if ((*akp)->key_state != KEY_ACTIVE) + { + status = CRYPTO_LIB_ERR_KEY_STATE_INVALID; + mc_if->mc_log(status); + return status; + } } } return status; @@ -1510,13 +1516,16 @@ int32_t Crypto_TM_Do_Decrypt_NONAEAD(uint8_t sa_service_type, uint16_t pdu_len, } if (sa_service_type == SA_ENCRYPTION || sa_service_type == SA_AUTHENTICATED_ENCRYPTION) { - // Check that key length to be used meets the algorithm requirement - if ((int32_t)ekp->key_len != Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs)) + if (crypto_config.key_type != KEY_TYPE_KMC) { - // free(aad); - non-heap object - status = CRYPTO_LIB_ERR_KEY_LENGTH_ERROR; - mc_if->mc_log(status); - // return status; + // Check that key length to be used meets the algorithm requirement + if ((int32_t)ekp->key_len != Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs)) + { + // free(aad); - non-heap object + status = CRYPTO_LIB_ERR_KEY_LENGTH_ERROR; + mc_if->mc_log(status); + // return status; + } } if (status == CRYPTO_LIB_SUCCESS)