Merge commit from fork

Donnie-Ice · web-flow · commit 3c74445b2e32 · 2026-01-06T10:34:25.000-05:00
add additional AOS Process length checks
diff --git a/include/crypto_error.h b/include/crypto_error.h
@@ -156,8 +156,9 @@
 #define CRYPTO_LIB_ERR_TC_FRAME_LENGTH_MISMATCH                             (-82)
 #define CRYPTO_LIB_ERR_SHPLF_LEN_LESS_THAN_MIN_PAD_SIZE                     (-83)
 #define CRYPTO_LIB_ERR_INVALID_AOS_IZ_LENGTH                                (-84)
+#define CRYPTO_LIB_ERR_INVALID_AOS_FRAME_LENGTH                             (-85)
 
-#define CRYPTO_CORE_ERROR_CODES_MAX -84
+#define CRYPTO_CORE_ERROR_CODES_MAX -85
 
 // Define codes for returning MDB Strings, and determining error based on strings
 #define CAM_ERROR_CODES     600
diff --git a/include/crypto_structs.h b/include/crypto_structs.h
@@ -637,6 +637,6 @@ typedef struct
 } __attribute__((packed)) AOS_t;
 #define AOS_SIZE (sizeof(AOS_t))
 
-#define AOS_MIN_SIZE 7
+#define AOS_MIN_SIZE 6
 
 #endif // CRYPTO_STRUCTS_H
diff --git a/src/core/crypto_aos.c b/src/core/crypto_aos.c
@@ -804,6 +804,20 @@ int32_t Crypto_AOS_ApplySecurity(uint8_t *pTfBuffer, uint16_t len_ingest)
     return status;
 }
 
+int32_t Crypto_AOS_Verify_Frame_Lengths(uint16_t len_ingest)
+{
+    uint8_t fhec_len = aos_current_managed_parameters_struct.aos_has_fhec == AOS_HAS_FHEC ? FHECF_SIZE : 0;
+    uint16_t iz_len  = aos_current_managed_parameters_struct.aos_has_iz == AOS_HAS_IZ ? aos_current_managed_parameters_struct.aos_iz_len : 0;
+    uint8_t ocf_len  = aos_current_managed_parameters_struct.has_ocf == AOS_HAS_OCF ? OCF_SIZE : 0;
+    uint8_t fecf_len = aos_current_managed_parameters_struct.has_fecf == AOS_HAS_FECF ? FECF_SIZE : 0;
+    uint16_t expected_frame_length = AOS_MIN_SIZE + fhec_len + SPI_LEN + iz_len + ocf_len + fecf_len;
+    if (len_ingest < expected_frame_length)
+    {
+        return CRYPTO_LIB_ERR_INVALID_AOS_FRAME_LENGTH;
+    }
+    return CRYPTO_LIB_SUCCESS;
+}
+
 /**
  * @brief Function: Crypto_AOS_ProcessSecurity
  * @param ingest: uint8_t*
@@ -889,6 +903,12 @@ int32_t Crypto_AOS_ProcessSecurity(uint8_t *p_ingest, uint16_t len_ingest, AOS_t
         return status;
     } // Unable to get necessary Managed Parameters for AOS TF -- return with error.
 
+    status = Crypto_AOS_Verify_Frame_Lengths(len_ingest);
+    if (status != CRYPTO_LIB_SUCCESS)
+    {
+        return status;
+    }
+    
     // Increment to end of Primary Header start, depends on FHECF presence
     byte_idx = 6;
     if (aos_current_managed_parameters_struct.aos_has_fhec == AOS_HAS_FHEC)
diff --git a/src/core/crypto_error.c b/src/core/crypto_error.c
@@ -114,7 +114,8 @@ char *crypto_enum_errlist_core[] = {(char *)"CRYPTO_LIB_SUCCESS",
                                     (char *)"CRYPTO_LIB_ERR_TM_SECONDARY_HDR_VN",
                                     (char *)"CRYPTO_LIB_ERR_TC_FRAME_LENGTH_MISMATCH",
                                     (char *)"CRYPTO_LIB_ERR_SHPLF_LEN_LESS_THAN_MIN_PAD_SIZE",
-                                    (char *)"CRYPTO_LIB_ERR_INVALID_AOS_IZ_LENGTH"};
+                                    (char *)"CRYPTO_LIB_ERR_INVALID_AOS_IZ_LENGTH",
+                                    (char *)"CRYPTO_LIB_ERR_INVALID_AOS_FRAME_LENGTH"};
 
 char *crypto_enum_errlist_config[] = {
     (char *)"CRYPTO_CONFIGURATION_NOT_COMPLETE",
diff --git a/src/crypto/libgcrypt/cryptography_interface_libgcrypt.template.c b/src/crypto/libgcrypt/cryptography_interface_libgcrypt.template.c
@@ -305,38 +305,38 @@ static int32_t cryptography_validate_authentication(uint8_t *data_out, size_t le
 
 #ifdef MAC_DEBUG
     // Commented out due to memory leaks with HMAC
-    uint32_t *tmac_size = &mac_size;
-    uint8_t   tmac[*tmac_size];
-    gcry_error = gcry_mac_read(tmp_mac_hd,
-                               &tmac,              // tag output
-                               (size_t *)&mac_size // tag size
-    );
-    if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR)
-    {
-        printf(KRED "ERROR: gcry_mac_read error code %d\n" RESET, gcry_error & GPG_ERR_CODE_MASK);
-        status = CRYPTO_LIB_ERR_MAC_RETRIEVAL_ERROR;
-        return status;
-    }
-
-    printf("Calculated Mac Size: %d\n", *tmac_size);
-    printf("Calculated MAC (full length):\n\t");
-    for (uint32_t i = 0; i < *tmac_size; i++)
-    {
-        printf("%02X", tmac[i]);
-    }
-    printf("\nCalculated MAC (truncated to sa_ptr->stmacf_len):\n\t");
-    for (uint32_t i = 0; i < mac_size; i++)
-    {
-        printf("%02X", tmac[i]);
-    }
-    printf("\n");
-
-    printf("Received MAC:\n\t");
-    for (uint32_t i = 0; i < mac_size; i++)
-    {
-        printf("%02X", mac[i]);
-    }
-    printf("\n");
+    // uint32_t *tmac_size = &mac_size;
+    // uint8_t   tmac[*tmac_size];
+    // gcry_error = gcry_mac_read(tmp_mac_hd,
+    //                            &tmac,              // tag output
+    //                            (size_t *)&mac_size // tag size
+    // );
+    // if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR)
+    // {
+    //     printf(KRED "ERROR: gcry_mac_read error code %d\n" RESET, gcry_error & GPG_ERR_CODE_MASK);
+    //     status = CRYPTO_LIB_ERR_MAC_RETRIEVAL_ERROR;
+    //     return status;
+    // }
+
+    // printf("Calculated Mac Size: %d\n", *tmac_size);
+    // printf("Calculated MAC (full length):\n\t");
+    // for (uint32_t i = 0; i < *tmac_size; i++)
+    // {
+    //     printf("%02X", tmac[i]);
+    // }
+    // printf("\nCalculated MAC (truncated to sa_ptr->stmacf_len):\n\t");
+    // for (uint32_t i = 0; i < mac_size; i++)
+    // {
+    //     printf("%02X", tmac[i]);
+    // }
+    // printf("\n");
+
+    // printf("Received MAC:\n\t");
+    // for (uint32_t i = 0; i < mac_size; i++)
+    // {
+    //     printf("%02X", mac[i]);
+    // }
+    // printf("\n");
 #endif
 
     // Compare computed mac with MAC in frame
diff --git a/test/unit/ut_aos_process.c b/test/unit/ut_aos_process.c
@@ -1887,7 +1887,7 @@ UTEST(AOS_PROCESS, AOS_SA_SEGFAULT_TEST)
     memset(aos_frame, 0, (sizeof(uint8_t) * AOS_SIZE));
 
     status = Crypto_AOS_ProcessSecurity((uint8_t *)framed_aos_b, framed_aos_len, aos_frame, &processed_aos_len);
-    ASSERT_EQ(CRYPTO_LIB_ERR_SPI_INDEX_OOB, status);
+    ASSERT_EQ(CRYPTO_LIB_ERR_INVALID_AOS_FRAME_LENGTH, status);
 
     Crypto_Shutdown();
     free(framed_aos_b);
@@ -2166,4 +2166,112 @@ UTEST(AOS_PROCESS, AOS_FHECF_TEST)
     free(aos_frame);
 }
 
+UTEST(AOS_PROCESS, AOS_6BYTE_TEST)
+{
+    remove("sa_save_file.bin");
+    // Local Variables
+    int32_t status = CRYPTO_LIB_SUCCESS;
+
+    uint16_t processed_aos_len;
+
+    // Configure Parameters
+    Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT,
+                            IV_INTERNAL, CRYPTO_AOS_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR,
+                            TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE,
+                            AOS_CHECK_FECF_FALSE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE);
+    // AOS Test
+    GvcidManagedParameters_t AOS_UT_Managed_Parameters = {
+        1, 0x0003, 0, AOS_HAS_FECF, AOS_NO_FHEC, AOS_IZ_NA, 0, AOS_SEGMENT_HDRS_NA, 6, AOS_NO_OCF, 1};
+    Crypto_Config_Add_Gvcid_Managed_Parameters(AOS_UT_Managed_Parameters);
+    status = Crypto_Init();
+
+    // Test frame setup
+    char *framed_aos_h   = "40C0FEDCBA98";
+    char *framed_aos_b   = NULL;
+    int   framed_aos_len = 0;
+    hex_conversion(framed_aos_h, &framed_aos_b, &framed_aos_len);
+
+    SecurityAssociation_t *sa_ptr = NULL;
+    SaInterface            sa_if  = get_sa_interface_inmemory();
+    sa_if->sa_get_from_spi(10, &sa_ptr); // Disable SPI 10
+    sa_ptr->sa_state = SA_KEYED;
+    sa_if->sa_get_from_spi(5, &sa_ptr); // Enable and setup 5
+    sa_ptr->sa_state  = SA_OPERATIONAL;
+    sa_ptr->est       = 1;
+    sa_ptr->ecs       = CRYPTO_CIPHER_AES256_GCM;
+    sa_ptr->arsn_len  = 0;
+    sa_ptr->shsnf_len = 0;
+
+    crypto_key_t *ekp = NULL;
+    ekp               = key_if->get_key(sa_ptr->ekid);
+    ekp->key_state    = KEY_ACTIVE;
+
+    AOS_t *aos_frame;
+    aos_frame = malloc(sizeof(uint8_t) * AOS_SIZE);
+    memset(aos_frame, 0, (sizeof(uint8_t) * AOS_SIZE));
+
+    status = Crypto_AOS_ProcessSecurity((uint8_t *)framed_aos_b, framed_aos_len, aos_frame, &processed_aos_len);
+    ASSERT_EQ(CRYPTO_LIB_ERR_INVALID_AOS_FRAME_LENGTH, status);
+
+    Crypto_aosPrint(aos_frame);
+
+    Crypto_Shutdown();
+    free(framed_aos_b);
+    free(aos_frame);
+}
+
+UTEST(AOS_PROCESS, AOS_8BYTE_TEST)
+{
+    remove("sa_save_file.bin");
+    // Local Variables
+    int32_t status = CRYPTO_LIB_SUCCESS;
+
+    uint16_t processed_aos_len;
+
+    // Configure Parameters
+    Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT,
+                            IV_INTERNAL, CRYPTO_AOS_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR,
+                            TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE,
+                            AOS_CHECK_FECF_FALSE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE);
+    // AOS Test
+    GvcidManagedParameters_t AOS_UT_Managed_Parameters = {
+        1, 0x0003, 0, AOS_HAS_FECF, AOS_NO_FHEC, AOS_IZ_NA, 0, AOS_SEGMENT_HDRS_NA, 8, AOS_NO_OCF, 1};
+    Crypto_Config_Add_Gvcid_Managed_Parameters(AOS_UT_Managed_Parameters);
+    status = Crypto_Init();
+
+    // Test frame setup
+    char *framed_aos_h   = "40C0FEDCBA987605";
+    char *framed_aos_b   = NULL;
+    int   framed_aos_len = 0;
+    hex_conversion(framed_aos_h, &framed_aos_b, &framed_aos_len);
+
+    SecurityAssociation_t *sa_ptr = NULL;
+    SaInterface            sa_if  = get_sa_interface_inmemory();
+    sa_if->sa_get_from_spi(10, &sa_ptr); // Disable SPI 10
+    sa_ptr->sa_state = SA_KEYED;
+    sa_if->sa_get_from_spi(5, &sa_ptr); // Enable and setup 5
+    sa_ptr->sa_state  = SA_OPERATIONAL;
+    sa_ptr->est       = 1;
+    sa_ptr->ecs       = CRYPTO_CIPHER_AES256_GCM;
+    sa_ptr->arsn_len  = 0;
+    sa_ptr->shsnf_len = 0;
+
+    crypto_key_t *ekp = NULL;
+    ekp               = key_if->get_key(sa_ptr->ekid);
+    ekp->key_state    = KEY_ACTIVE;
+
+    AOS_t *aos_frame;
+    aos_frame = malloc(sizeof(uint8_t) * AOS_SIZE);
+    memset(aos_frame, 0, (sizeof(uint8_t) * AOS_SIZE));
+
+    status = Crypto_AOS_ProcessSecurity((uint8_t *)framed_aos_b, framed_aos_len, aos_frame, &processed_aos_len);
+    ASSERT_EQ(CRYPTO_LIB_ERR_INVALID_AOS_FRAME_LENGTH, status);
+
+    Crypto_aosPrint(aos_frame);
+
+    Crypto_Shutdown();
+    free(framed_aos_b);
+    free(aos_frame);
+}
+
 UTEST_MAIN();
