Merge branch 'dev' into 492-update-crypto-config-and-managed-parameters-major-changes

Author: Donnie-Ice

.github/workflows/codeql.yml

@@ -22,7 +22,7 @@ jobs:
     name: Analyze Build_Internal
     runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
     container:
-        image: ivvitc/cryptolib:20250108
+        image: ivvitc/cryptolib:dev
     permissions:
       # required for all workflows
       security-events: write
@@ -55,7 +55,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
+      uses: github/codeql-action/init@v4
       with:
         languages: ${{ matrix.language }}
         build-mode: ${{ matrix.build-mode }}
@@ -66,15 +66,15 @@ jobs:
         bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
+      uses: github/codeql-action/analyze@v4
       with:
         category: "/language:${{matrix.language}}"
 
   build_minimal:
       name: Analyze Build_Minimal
       runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
       container:
-        image: ivvitc/cryptolib:20250108
+        image: ivvitc/cryptolib:dev
       permissions:
         # required for all workflows
         security-events: write
@@ -107,7 +107,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
+        uses: github/codeql-action/init@v4
         with:
           languages: ${{ matrix.language }}
           build-mode: ${{ matrix.build-mode }}
@@ -118,15 +118,15 @@ jobs:
           bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3
+        uses: github/codeql-action/analyze@v4
         with:
           category: "/language:${{matrix.language}}"
 
   build_wolf:
       name: Analyze Build_Wolf
       runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
       container:
-        image: ivvitc/cryptolib:20250108
+        image: ivvitc/cryptolib:dev
       permissions:
         # required for all workflows
         security-events: write
@@ -185,7 +185,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
+        uses: github/codeql-action/init@v4
         with:
           languages: ${{ matrix.language }}
           build-mode: ${{ matrix.build-mode }}
@@ -196,15 +196,15 @@ jobs:
           bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3
+        uses: github/codeql-action/analyze@v4
         with:
           category: "/language:${{matrix.language}}"
 
   build_rhel:
       name: Analyze Build_RHEL
       runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
       container:
-        image: ivvitc/cryptolib:20250108
+        image: ivvitc/cryptolib:dev
       permissions:
         # required for all workflows
         security-events: write
@@ -237,7 +237,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
+        uses: github/codeql-action/init@v4
         with:
           languages: ${{ matrix.language }}
           build-mode: ${{ matrix.build-mode }}
@@ -248,15 +248,15 @@ jobs:
           bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3
+        uses: github/codeql-action/analyze@v4
         with:
           category: "/language:${{matrix.language}}"
 
   build_ep:
     name: Analyze Build_EP
     runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
     container:
-        image: ivvitc/cryptolib:20250108
+        image: ivvitc/cryptolib:dev
     permissions:
       # required for all workflows
       security-events: write
@@ -289,7 +289,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
+      uses: github/codeql-action/init@v4
       with:
         languages: ${{ matrix.language }}
         build-mode: ${{ matrix.build-mode }}
@@ -300,6 +300,6 @@ jobs:
         bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
+      uses: github/codeql-action/analyze@v4
       with:
         category: "/language:${{matrix.language}}"

LICENSE

@@ -19,7 +19,7 @@ Government Agency Original Software Title:
 User Registration Requested. Please Visit 
   https://github.com/nasa/CryptoLib
 Government Agency Point of Contact for Original Software:
-  John.P.Lucas@nasa.gov
+  Justin.R.Morris@nasa.gov
 
 1. DEFINITIONS
 
@@ -260,4 +260,4 @@ Recipient hereby agrees to all terms and conditions herein.
 
 F. Point of Contact: Any Recipient contact with Government Agency is
 to be directed to the designated representative as follows:
-  John.P.Lucas@nasa.gov
+  Justin.R.Morris@nasa.gov

include/crypto.h

@@ -350,7 +350,7 @@ extern CryptoConfigTC_t                      crypto_config_tc;
 extern CryptoConfigTM_t                      crypto_config_tm;
 extern CryptoConfigAOS_t                     crypto_config_aos;
 extern SadbMariaDBConfig_t                  *sa_mariadb_config;
-extern char                                 *mariadb_table_name;
+extern char                                  mariadb_table_name[26];
 extern CryptographyKmcCryptoServiceConfig_t *cryptography_kmc_crypto_config;
 extern CamConfig_t                          *cam_config;
 extern TCGvcidManagedParameters_t            tc_gvcid_managed_parameters_array[GVCID_MAX_PARAM_SIZE];
@@ -397,4 +397,4 @@ static const uint8_t crypto_gf_log[GF_SIZE] = {0, 0, 1, 4, 2, 8, 5, 10, 3, 14, 9
 // Generator polynomial coefficients for g(x) = x^4 + a^3x^3 + ax^2 + a^3x + 1
 static const uint8_t crypto_gen_poly[RS_PARITY + 1] = {1, 8, 2, 8, 1};
 
-#endif // CRYPTO_H
+#endif // CRYPTO_H

include/crypto_error.h

@@ -58,6 +58,7 @@
 #define CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_EMPTY_RESPONSE             513
 #define CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_DECRYPT_ERROR              514
 #define CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_ENCRYPT_ERROR              515
+#define CRYPTOGRAHPY_KMC_BASE64_DECRYPT_ERROR                      516
 
 #define CAM_CONFIG_NOT_SUPPORTED_ERROR                      600
 #define CAM_INVALID_COOKIE_FILE_CONFIGURATION_NULL          601
@@ -165,7 +166,7 @@
 #define CAM_ERROR_CODES_MAX 610
 
 #define KMC_ERROR_CODES     500
-#define KMC_ERROR_CODES_MAX 515
+#define KMC_ERROR_CODES_MAX 516
 
 #define CRYPTO_INTERFACE_ERROR_CODES     400
 #define CRYPTO_INTERFACE_ERROR_CODES_MAX 402

src/core/crypto.c

@@ -50,9 +50,9 @@ CCSDS_t          sdls_frame;
 TM_FramePrimaryHeader_t  tm_frame_pri_hdr; // Used to reduce bit math duplication
 TM_FrameSecurityHeader_t tm_frame_sec_hdr; // Used to reduce bit math duplication
 // AOS
-uint8_t                   aos_frame[AOS_MAX_FRAME_SIZE]; // AOS Global Frame
-AOS_FramePrimaryHeader_t  aos_frame_pri_hdr;             // Used to reduce bit math duplication
-AOS_FrameSecurityHeader_t aos_frame_sec_hdr;             // Used to reduce bit math duplication
+// uint8_t                   aos_frame[AOS_MAX_FRAME_SIZE]; // AOS Global Frame
+AOS_FramePrimaryHeader_t  aos_frame_pri_hdr; // Used to reduce bit math duplication
+AOS_FrameSecurityHeader_t aos_frame_sec_hdr; // Used to reduce bit math duplication
 // OCF
 uint8_t                    ocf = 0;
 Telemetry_Frame_Ocf_Fsr_t  report;
@@ -73,7 +73,7 @@ uint8_t parity[RS_PARITY];
 uint32_t crc32Table[CRC32TBL_SIZE];
 uint16_t crc16Table[CRC16TBL_SIZE];
 // Mariadb
-char *mariadb_table_name = "security_associations";
+char mariadb_table_name[] = "security_associations";
 
 /*
 ** Assisting Functions

src/core/crypto_aos.c

@@ -109,7 +109,7 @@ int32_t Crypto_AOS_ApplySecurity(uint8_t *pTfBuffer, uint16_t len_ingest)
 
     if (crypto_config_global.sa_type == SA_TYPE_MARIADB)
     {
-        mariadb_table_name = MARIADB_AOS_TABLE_NAME;
+        strncpy(mariadb_table_name, MARIADB_AOS_TABLE_NAME, sizeof(mariadb_table_name));
     }
     status = sa_if->sa_get_operational_sa_from_gvcid(tfvn, scid, vcid, 0, &sa_ptr);
 
@@ -1053,7 +1053,7 @@ int32_t Crypto_AOS_ProcessSecurity(uint8_t *p_ingest, uint16_t len_ingest, AOS_t
 
     if (crypto_config_global.sa_type == SA_TYPE_MARIADB)
     {
-        mariadb_table_name = MARIADB_AOS_TABLE_NAME;
+        strncpy(mariadb_table_name, MARIADB_AOS_TABLE_NAME, sizeof(mariadb_table_name));
     }
     status = sa_if->sa_get_from_spi(spi, &sa_ptr);
     // If no valid SPI, return

src/core/crypto_config.c

@@ -134,7 +134,8 @@ int32_t Crypto_SC_Init(void)
     SecurityAssociation_t *sa_ptr = NULL;
     if (crypto_config_global.sa_type == SA_TYPE_MARIADB)
     {
-        mariadb_table_name = MARIADB_TC_TABLE_NAME;
+        // mariadb_table_name = MARIADB_TC_TABLE_NAME;
+        strncpy(mariadb_table_name, MARIADB_TC_TABLE_NAME, sizeof(mariadb_table_name));
     }
     sa_if->sa_get_from_spi(1, &sa_ptr);
     sa_ptr->gvcid_blk.vcid = 0;
@@ -149,7 +150,7 @@ int32_t Crypto_SC_Init(void)
     sa_ptr->iv_len         = 0;
     if (crypto_config_global.sa_type == SA_TYPE_MARIADB)
     {
-        mariadb_table_name = MARIADB_TM_TABLE_NAME;
+        strncpy(mariadb_table_name, MARIADB_TM_TABLE_NAME, sizeof(mariadb_table_name));
     }
     sa_if->sa_get_from_spi(5, &sa_ptr);
     sa_ptr->sa_state       = SA_OPERATIONAL;

src/core/crypto_error.c

@@ -155,6 +155,7 @@ char *crypto_enum_errlist_crypto_kmc[] = {
     (char *)"CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_EMPTY_RESPONSE",
     (char *)"CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_DECRYPT_ERROR",
     (char *)"CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_ENCRYPT_ERROR",
+    (char *)"CRYPTOGRAHPY_KMC_BASE64_DECRYPT_ERROR",
 };
 
 char *crypto_enum_errlist_crypto_cam[] = {

src/core/crypto_mc.c

@@ -294,7 +294,7 @@ int32_t Crypto_SA_readARSN(uint8_t *ingest)
         // TODO: This is not correct
         if (crypto_config_global.sa_type == SA_TYPE_MARIADB)
         {
-            mariadb_table_name = MARIADB_TC_TABLE_NAME;
+            strncpy(mariadb_table_name, MARIADB_TC_TABLE_NAME, sizeof(mariadb_table_name));
         }
         status = sa_if->sa_get_from_spi(spi, &sa_ptr);
 

src/core/crypto_tc.c

@@ -841,7 +841,7 @@ int32_t Crytpo_TC_Validate_TC_Temp_Header(const uint16_t in_frame_length, TC_Fra
     }
     if (crypto_config_global.sa_type == SA_TYPE_MARIADB)
     {
-        mariadb_table_name = MARIADB_TC_TABLE_NAME;
+        strncpy(mariadb_table_name, MARIADB_TC_TABLE_NAME, sizeof(mariadb_table_name));
     }
     status = sa_if->sa_get_operational_sa_from_gvcid(temp_tc_header.tfvn, temp_tc_header.scid, temp_tc_header.vcid,
                                                      *map_id, sa_ptr);
@@ -1832,7 +1832,7 @@ uint32_t Crypto_TC_Sanity_Validations(TC_t *tc_sdls_processed_frame, SecurityAss
 
     if (crypto_config_global.sa_type == SA_TYPE_MARIADB)
     {
-        mariadb_table_name = MARIADB_TC_TABLE_NAME;
+        strncpy(mariadb_table_name, MARIADB_TC_TABLE_NAME, sizeof(mariadb_table_name));
     }
     status = sa_if->sa_get_from_spi(tc_sdls_processed_frame->tc_sec_header.spi, sa_ptr);
     // If no valid SPI, return