diff --git a/include/crypto_config.h b/include/crypto_config.h index 8cde6adb..78112d9d 100644 --- a/include/crypto_config.h +++ b/include/crypto_config.h @@ -134,7 +134,7 @@ #define CHALLENGE_SIZE 16 /* bytes */ #define CHALLENGE_MAC_SIZE 16 /* bytes */ #define BYTE_LEN 8 /* bits */ -#define CRYPTOLIB_APPID 128 +#define CRYPTOLIB_APPID 128 // Monitoring and Control Defines #define EMV_SIZE 4 /* bytes */ diff --git a/include/crypto_error.h b/include/crypto_error.h index d50b5150..01a7111c 100644 --- a/include/crypto_error.h +++ b/include/crypto_error.h @@ -134,9 +134,15 @@ #define CRYPTO_LIB_ERR_KEY_STATE_INVALID (-61) #define CRYPTO_LIB_ERR_SDLS_EP_WRONG_SPI (-62) #define CRYPTO_LIB_ERR_SDLS_EP_NOT_BUILT (-63) -#define CRYPTO_LIB_ERR_BAD_TLV_LENGTH (-64) +#define CRYPTO_LIB_ERR_BAD_TLV_LENGTH (-64) +#define CRYPTO_LIB_ERR_SHIVF_LEN_GREATER_THAN_MAX_IV_SIZE (-65) +#define CRYPTO_LIB_ERR_SHSNF_LEN_GREATER_THAN_MAX_ARSN_SIZE (-66) +#define CRYPTO_LIB_ERR_ABM_LEN_GREATER_THAN_MAX_ABM_SIZE (-67) +#define CRYPTO_LIB_ERR_STMACF_LEN_GREATER_THAN_MAX_MAC_SIZE (-68) +#define CRYPTO_LIB_ERR_SHPLF_LEN_GREATER_THAN_MAX_PAD_SIZE (-69) + +#define CRYPTO_CORE_ERROR_CODES_MAX -69 -#define CRYPTO_CORE_ERROR_CODES_MAX -64 // Define codes for returning MDB Strings, and determining error based on strings #define CAM_ERROR_CODES 600 diff --git a/src/core/crypto_error.c b/src/core/crypto_error.c index 570528ca..99cb8f30 100644 --- a/src/core/crypto_error.c +++ b/src/core/crypto_error.c @@ -85,7 +85,12 @@ char *crypto_enum_errlist_core[] = {(char *)"CRYPTO_LIB_SUCCESS", (char *)"CRYPTO_LIB_ERR_KEY_STATE_INVALID", (char *)"CRYPTO_LIB_ERR_SDLS_EP_WRONG_SPI", (char *)"CRYPTO_LIB_ERR_SDLS_EP_NOT_BUILT", - (char *)"CRYPTO_LIB_ERR_BAD_TLV_LENGTH"}; + (char *)"CRYPTO_LIB_ERR_BAD_TLV_LENGTH", + (char *)"CRYPTO_LIB_ERR_SHIVF_LEN_GREATER_THAN_MAX_IV_SIZE", + (char *)"CRYPTO_LIB_ERR_SHSNF_LEN_GREATER_THAN_MAX_ARSN_SIZE", + (char *)"CRYPTO_LIB_ERR_ABM_LEN_GREATER_THAN_MAX_ABM_SIZE", + (char *)"CRYPTO_LIB_ERR_STMACF_LEN_GREATER_THAN_MAX_MAC_SIZE", + (char *)"CRYPTO_LIB_ERR_SHPLF_LEN_GREATER_THAN_MAX_PAD_SIZE"}; char *crypto_enum_errlist_config[] = { (char *)"CRYPTO_CONFIGURATION_NOT_COMPLETE", diff --git a/src/sa/internal/sa_interface_inmemory.template.c b/src/sa/internal/sa_interface_inmemory.template.c index 9ff488b0..e2597763 100644 --- a/src/sa/internal/sa_interface_inmemory.template.c +++ b/src/sa/internal/sa_interface_inmemory.template.c @@ -34,6 +34,9 @@ static int32_t sa_create(TC_t *tc_frame); static int32_t sa_setARSN(TC_t *tc_frame); static int32_t sa_setARSNW(TC_t *tc_frame); static int32_t sa_delete(TC_t *tc_frame); +// Security Association Local Functions +int32_t sa_verify_data(SecurityAssociation_t *); + /* ** Global Variables @@ -1344,10 +1347,10 @@ static int32_t sa_expire(TC_t *tc_frame) static int32_t sa_create(TC_t *tc_frame) { // Local variables + int32_t status = CRYPTO_LIB_SUCCESS; uint8_t count = 6; uint16_t spi = 0x0000; uint16_t control_spi = 0x0000; - int32_t status = CRYPTO_LIB_SUCCESS; int x; // Read sdls_frame.pdu.data @@ -1369,58 +1372,93 @@ static int32_t sa_create(TC_t *tc_frame) // Check if valid SPI if (spi < NUM_SA) { + SecurityAssociation_t *temp_sa; + sa_if->sa_get_from_spi(spi, &temp_sa); // Overwrite last PID : 8 bits // Bits from L-R // 1 : Procedure Type Flag (type) // 2 : User Flag (uf) // 3-4 : Service Group Field (sg) // 5-8 : Procedure Identification Field (pid) - sa[spi].lpid = (sdls_frame.pdu.hdr.type << 7) | (sdls_frame.pdu.hdr.uf << 6) | (sdls_frame.pdu.hdr.sg << 4) | + temp_sa->lpid = (sdls_frame.pdu.hdr.type << 7) | (sdls_frame.pdu.hdr.uf << 6) | (sdls_frame.pdu.hdr.sg << 4) | sdls_frame.pdu.hdr.pid; // Write SA Configuration - sa[spi].est = ((uint8_t)sdls_frame.pdu.data[2] & 0x80) >> 7; - sa[spi].ast = ((uint8_t)sdls_frame.pdu.data[2] & 0x40) >> 6; - sa[spi].shivf_len = ((uint8_t)sdls_frame.pdu.data[2] & 0x3F); - sa[spi].shsnf_len = ((uint8_t)sdls_frame.pdu.data[3] & 0xFC) >> 2; - sa[spi].shplf_len = ((uint8_t)sdls_frame.pdu.data[3] & 0x03); - sa[spi].stmacf_len = ((uint8_t)sdls_frame.pdu.data[4]); - sa[spi].ecs_len = ((uint8_t)sdls_frame.pdu.data[5]); - for (x = 0; x < sa[spi].ecs_len; x++) + temp_sa->est = ((uint8_t)sdls_frame.pdu.data[2] & 0x80) >> 7; + temp_sa->ast = ((uint8_t)sdls_frame.pdu.data[2] & 0x40) >> 6; + temp_sa->shivf_len = ((uint8_t)sdls_frame.pdu.data[2] & 0x3F); + temp_sa->shsnf_len = ((uint8_t)sdls_frame.pdu.data[3] & 0xFC) >> 2; + temp_sa->shplf_len = ((uint8_t)sdls_frame.pdu.data[3] & 0x03); + temp_sa->stmacf_len = ((uint8_t)sdls_frame.pdu.data[4]); + temp_sa->ecs_len = ((uint8_t)sdls_frame.pdu.data[5]); + for (x = 0; x < temp_sa->ecs_len; x++) { - sa[spi].ecs = ((uint8_t)sdls_frame.pdu.data[count++]); + temp_sa->ecs = ((uint8_t)sdls_frame.pdu.data[count++]); } - sa[spi].shivf_len = ((uint8_t)sdls_frame.pdu.data[count++]); - for (x = 0; x < sa[spi].shivf_len; x++) + temp_sa->shivf_len = ((uint8_t)sdls_frame.pdu.data[count++]); + for (x = 0; x < temp_sa->shivf_len; x++) { - sa[spi].iv[x] = ((uint8_t)sdls_frame.pdu.data[count++]); + temp_sa->iv[x] = ((uint8_t)sdls_frame.pdu.data[count++]); } - sa[spi].acs_len = ((uint8_t)sdls_frame.pdu.data[count++]); - for (x = 0; x < sa[spi].acs_len; x++) + temp_sa->acs_len = ((uint8_t)sdls_frame.pdu.data[count++]); + for (x = 0; x < temp_sa->acs_len; x++) { - sa[spi].acs = ((uint8_t)sdls_frame.pdu.data[count++]); + temp_sa->acs = ((uint8_t)sdls_frame.pdu.data[count++]); } - sa[spi].abm_len = (uint8_t)((sdls_frame.pdu.data[count] << BYTE_LEN) | (sdls_frame.pdu.data[count + 1])); + temp_sa->abm_len = (uint8_t)((sdls_frame.pdu.data[count] << BYTE_LEN) | (sdls_frame.pdu.data[count + 1])); count = count + 2; - for (x = 0; x < sa[spi].abm_len; x++) + for (x = 0; x < temp_sa->abm_len; x++) { - sa[spi].abm[x] = ((uint8_t)sdls_frame.pdu.data[count++]); + temp_sa->abm[x] = ((uint8_t)sdls_frame.pdu.data[count++]); } - sa[spi].arsn_len = ((uint8_t)sdls_frame.pdu.data[count++]); - for (x = 0; x < sa[spi].arsn_len; x++) + temp_sa->arsn_len = ((uint8_t)sdls_frame.pdu.data[count++]); + for (x = 0; x < temp_sa->arsn_len; x++) { - *(sa[spi].arsn + x) = ((uint8_t)sdls_frame.pdu.data[count++]); + *(temp_sa->arsn + x) = ((uint8_t)sdls_frame.pdu.data[count++]); } - sa[spi].arsnw_len = ((uint8_t)sdls_frame.pdu.data[count++]); - for (x = 0; x < sa[spi].arsnw_len; x++) + temp_sa->arsnw_len = ((uint8_t)sdls_frame.pdu.data[count++]); + for (x = 0; x < temp_sa->arsnw_len; x++) { - sa[spi].arsnw = sa[spi].arsnw | (((uint8_t)sdls_frame.pdu.data[count++]) << (sa[spi].arsnw_len - x)); + temp_sa->arsnw = temp_sa->arsnw | (((uint8_t)sdls_frame.pdu.data[count++]) << (temp_sa->arsnw_len - x)); } - // TODO: Checks for valid data - // Set state to unkeyed - sa[spi].sa_state = SA_UNKEYED; + temp_sa->sa_state = SA_UNKEYED; + + // Verify data + status = sa_verify_data(temp_sa); + + if (status == CRYPTO_LIB_SUCCESS) + { + // Copy data from temp_sa to sa[spi] + sa[spi].lpid = temp_sa->lpid; + sa[spi].est = temp_sa->est; + sa[spi].ast = temp_sa->ast; + sa[spi].shivf_len = temp_sa->shivf_len; + sa[spi].shsnf_len = temp_sa->shsnf_len; + sa[spi].shplf_len = temp_sa->shplf_len; + sa[spi].stmacf_len = temp_sa->stmacf_len; + sa[spi].ecs_len = temp_sa->ecs_len; + sa[spi].ecs = temp_sa->ecs; + for (x = 0; x < sa[spi].shivf_len; x++) + { + sa[spi].iv[x] = temp_sa->iv[x]; + } + sa[spi].acs = temp_sa->acs; + sa[spi].abm_len = temp_sa->abm_len; + for (x = 0; x < sa[spi].abm_len; x++) + { + sa[spi].abm[x] = temp_sa->abm[x]; + } + sa[spi].arsn_len = temp_sa->arsn_len; + for (x = 0; x < sa[spi].arsn_len; x++) + { + *(sa[spi].arsn + x) = *(temp_sa->arsn + x); + } + sa[spi].arsnw_len = temp_sa->arsnw_len; + sa[spi].arsnw = temp_sa->arsnw; + sa[spi].sa_state = temp_sa->sa_state; + } #ifdef PDU_DEBUG Crypto_saPrint(&sa[spi]); @@ -1433,7 +1471,7 @@ static int32_t sa_create(TC_t *tc_frame) #endif } - return CRYPTO_LIB_SUCCESS; + return status; } /** @@ -1679,5 +1717,31 @@ static int32_t sa_status(uint8_t *ingest) #endif } + return status; +} + +int32_t sa_verify_data(SecurityAssociation_t * sa_ptr) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + if (sa_ptr->shivf_len > IV_SIZE) + { + status = CRYPTO_LIB_ERR_SHIVF_LEN_GREATER_THAN_MAX_IV_SIZE; + } + if (sa_ptr->shsnf_len > ARSN_SIZE) + { + status = CRYPTO_LIB_ERR_SHSNF_LEN_GREATER_THAN_MAX_ARSN_SIZE; + } + if (sa_ptr->abm_len > ABM_SIZE) + { + status = CRYPTO_LIB_ERR_ABM_LEN_GREATER_THAN_MAX_ABM_SIZE; + } + if (sa_ptr->stmacf_len > MAC_SIZE) + { + status = CRYPTO_LIB_ERR_STMACF_LEN_GREATER_THAN_MAX_MAC_SIZE; + } + if (sa_ptr->shplf_len > PAD_SIZE) + { + status = CRYPTO_LIB_ERR_SHPLF_LEN_GREATER_THAN_MAX_PAD_SIZE; + } return status; } \ No newline at end of file