new: 'include_header' argument to HMAC and CRC32

libcsp · Nov 24, 2015 · 9a6e87d · 9a6e87d
1 parent a7f5dd2
commit 9a6e87d
Show file tree

Hide file tree

Showing 7 changed files with 49 additions and 25 deletions.
diff --git a/include/csp/csp_crc32.h b/include/csp/csp_crc32.h
@@ -21,6 +21,8 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 #ifndef _CSP_CRC32_H_
 #define _CSP_CRC32_H_
 
+#include <csp/csp.h>
+
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -33,16 +35,18 @@ void csp_crc32_gentab(void);
 /**
  * Append CRC32 checksum to packet
  * @param packet Packet to append checksum
+ * @param include_header use header in calculation (this will not modify the flags field)
  * @return 0 on success, -1 on error
  */
-int csp_crc32_append(csp_packet_t * packet);
+int csp_crc32_append(csp_packet_t * packet, bool include_header);
 
 /**
  * Verify CRC32 checksum on packet
  * @param packet Packet to verify
+ * @param include_header use header in calculation (this will not modify the flags field)
  * @return 0 if checksum is valid, -1 otherwise
  */
-int csp_crc32_verify(csp_packet_t * packet);
+int csp_crc32_verify(csp_packet_t * packet, bool include_header);
 
 /**
  * Calculate checksum for a given memory area

diff --git a/src/crypto/csp_hmac.c b/src/crypto/csp_hmac.c
@@ -22,6 +22,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 
 #include <stdint.h>
 #include <string.h>
+#include <stdbool.h>
 
 /* CSP includes */
 #include <csp/csp.h>
@@ -148,7 +149,7 @@ int csp_hmac_set_key(char * key, uint32_t keylen) {
 
 }
 
-int csp_hmac_append(csp_packet_t * packet) {
+int csp_hmac_append(csp_packet_t * packet, bool include_header) {
 
 	/* NULL pointer check */
 	if (packet == NULL)
@@ -157,7 +158,11 @@ int csp_hmac_append(csp_packet_t * packet) {
 	uint8_t hmac[SHA1_DIGESTSIZE];
 
 	/* Calculate HMAC */
-	csp_hmac_memory(csp_hmac_key, HMAC_KEY_LENGTH, packet->data, packet->length, hmac);
+	if (include_header) {
+		csp_hmac_memory(csp_hmac_key, HMAC_KEY_LENGTH, (uint8_t *) &packet->id, packet->length + sizeof(packet->id), hmac);
+	} else {
+		csp_hmac_memory(csp_hmac_key, HMAC_KEY_LENGTH, packet->data, packet->length, hmac);
+	}
 
 	/* Truncate hash and copy to packet */
 	memcpy(&packet->data[packet->length], hmac, CSP_HMAC_LENGTH);
@@ -167,7 +172,7 @@ int csp_hmac_append(csp_packet_t * packet) {
 
 }
 
-int csp_hmac_verify(csp_packet_t * packet) {
+int csp_hmac_verify(csp_packet_t * packet, bool include_header) {
 
 	/* NULL pointer check */
 	if (packet == NULL)
@@ -176,7 +181,11 @@ int csp_hmac_verify(csp_packet_t * packet) {
 	uint8_t hmac[SHA1_DIGESTSIZE];
 
 	/* Calculate HMAC */
-	csp_hmac_memory(csp_hmac_key, HMAC_KEY_LENGTH, packet->data, packet->length - CSP_HMAC_LENGTH, hmac);
+	if (include_header) {
+		csp_hmac_memory(csp_hmac_key, HMAC_KEY_LENGTH, (uint8_t *) &packet->id, packet->length + sizeof(packet->id) - CSP_HMAC_LENGTH, hmac);
+	} else {
+		csp_hmac_memory(csp_hmac_key, HMAC_KEY_LENGTH, packet->data, packet->length - CSP_HMAC_LENGTH, hmac);
+	}
 
 	/* Compare calculated HMAC with packet header */
 	if (memcmp(&packet->data[packet->length] - CSP_HMAC_LENGTH, hmac, CSP_HMAC_LENGTH) != 0) {

diff --git a/src/crypto/csp_hmac.h b/src/crypto/csp_hmac.h
@@ -26,22 +26,25 @@ extern "C" {
 #endif
 
 #include <stdint.h>
+#include <stdbool.h>
 
 #define CSP_HMAC_LENGTH	4
 
 /**
  * Append HMAC to packet
  * @param packet Pointer to packet
+ * @param include_header use header in hmac calculation (this will not modify the flags field)
  * @return 0 on success, -1 on failure
  */
-int csp_hmac_append(csp_packet_t * packet);
+int csp_hmac_append(csp_packet_t * packet, bool include_header);
 
 /**
  * Verify HMAC of packet
  * @param packet Pointer to packet
+ * @param include_header use header in hmac calculation (this will not modify the flags field)
  * @return 0 on correct HMAC, -1 if verification failed
  */
-int csp_hmac_verify(csp_packet_t * packet);
+int csp_hmac_verify(csp_packet_t * packet, bool include_header);
 
 #ifdef __cplusplus
 } /* extern "C" */

diff --git a/src/csp_crc32.c b/src/csp_crc32.c
@@ -80,7 +80,7 @@ uint32_t csp_crc32_memory(const uint8_t * data, uint32_t length) {
    return (crc ^ 0xFFFFFFFF);
 }
 
-int csp_crc32_append(csp_packet_t * packet) {
+int csp_crc32_append(csp_packet_t * packet, bool include_header) {
 
 	uint32_t crc;
 
@@ -89,7 +89,11 @@ int csp_crc32_append(csp_packet_t * packet) {
 		return CSP_ERR_INVAL;
 
 	/* Calculate CRC32, convert to network byte order */
-	crc = csp_crc32_memory(packet->data, packet->length);
+	if (include_header) {
+		crc = csp_crc32_memory((uint8_t *) &packet->id, packet->length + sizeof(packet->id));
+	} else {
+		crc = csp_crc32_memory(packet->data, packet->length);
+	}
 	crc = csp_hton32(crc);
 
 	/* Copy checksum to packet */
@@ -100,7 +104,7 @@ int csp_crc32_append(csp_packet_t * packet) {
 
 }
 
-int csp_crc32_verify(csp_packet_t * packet) {
+int csp_crc32_verify(csp_packet_t * packet, bool include_header) {
 
 	uint32_t crc;
 
@@ -112,7 +116,11 @@ int csp_crc32_verify(csp_packet_t * packet) {
 		return CSP_ERR_INVAL;
 
 	/* Calculate CRC32, convert to network byte order */
-	crc = csp_crc32_memory(packet->data, packet->length - sizeof(uint32_t));
+	if (include_header) {
+		crc = csp_crc32_memory((uint8_t *) &packet->id, packet->length + sizeof(packet->id) - sizeof(uint32_t));
+	} else {
+		crc = csp_crc32_memory(packet->data, packet->length - sizeof(uint32_t));
+	}
 	crc = csp_hton32(crc);
 
 	/* Compare calculated checksum with packet header */

diff --git a/src/csp_io.c b/src/csp_io.c
@@ -225,6 +225,9 @@ int csp_send_direct(csp_id_t idout, csp_packet_t * packet, csp_iface_t * ifout,
 	csp_log_packet("OUT: S %u, D %u, Dp %u, Sp %u, Pr %u, Fl 0x%02X, Sz %u VIA: %s",
 		idout.src, idout.dst, idout.dport, idout.sport, idout.pri, idout.flags, packet->length, ifout->name);
 
+	/* Copy identifier to packet (before crc, xtea and hmac) */
+	packet->id.ext = idout.ext;
+
 #ifdef CSP_USE_PROMISC
 	/* Loopback traffic is added to promisc queue by the router */
 	if (idout.dst != my_address && idout.src == my_address) {
@@ -238,8 +241,8 @@ int csp_send_direct(csp_id_t idout, csp_packet_t * packet, csp_iface_t * ifout,
 		/* Append HMAC */
 		if (idout.flags & CSP_FHMAC) {
 #ifdef CSP_USE_HMAC
-			/* Calculate and add HMAC */
-			if (csp_hmac_append(packet) != 0) {
+			/* Calculate and add HMAC (does not include header for backwards compatability with csp1.x) */
+			if (csp_hmac_append(packet, false) != 0) {
 				/* HMAC append failed */
 				csp_log_warn("HMAC append failed!");
 				goto tx_err;
@@ -253,8 +256,8 @@ int csp_send_direct(csp_id_t idout, csp_packet_t * packet, csp_iface_t * ifout,
 		/* Append CRC32 */
 		if (idout.flags & CSP_FCRC32) {
 #ifdef CSP_USE_CRC32
-			/* Calculate and add CRC32 */
-			if (csp_crc32_append(packet) != 0) {
+			/* Calculate and add CRC32 (does not include header for backwards compatability with csp1.x) */
+			if (csp_crc32_append(packet, false) != 0) {
 				/* CRC32 append failed */
 				csp_log_warn("CRC32 append failed!");
 				goto tx_err;
@@ -291,9 +294,6 @@ int csp_send_direct(csp_id_t idout, csp_packet_t * packet, csp_iface_t * ifout,
 		}
 	}
 
-	/* Copy identifier to packet */
-	packet->id.ext = idout.ext;
-
 	/* Store length before passing to interface */
 	uint16_t bytes = packet->length;
 	uint16_t mtu = ifout->mtu;

diff --git a/src/csp_route.c b/src/csp_route.c
@@ -85,8 +85,8 @@ static int csp_route_security_check(uint32_t security_opts, csp_iface_t * interf
 #ifdef CSP_USE_CRC32
 		if (packet->length < 4)
 			csp_log_error("Too short packet for CRC32, %u", packet->length);
-		/* Verify CRC32  */
-		if (csp_crc32_verify(packet) != 0) {
+		/* Verify CRC32 (does not include header for backwards compatability with csp1.x) */
+		if (csp_crc32_verify(packet, false) != 0) {
 			/* Checksum failed */
 			csp_log_error("CRC32 verification error! Discarding packet");
 			interface->rx_error++;
@@ -104,8 +104,8 @@ static int csp_route_security_check(uint32_t security_opts, csp_iface_t * interf
 	/* HMAC authenticated packet */
 	if (packet->id.flags & CSP_FHMAC) {
 #ifdef CSP_USE_HMAC
-		/* Verify HMAC */
-		if (csp_hmac_verify(packet) != 0) {
+		/* Verify HMAC (does not include header for backwards compatability with csp1.x) */
+		if (csp_hmac_verify(packet, false) != 0) {
 			/* HMAC failed */
 			csp_log_error("HMAC verification error! Discarding packet");
 			interface->autherr++;

diff --git a/src/interfaces/csp_if_kiss.c b/src/interfaces/csp_if_kiss.c
@@ -52,7 +52,7 @@ static int csp_kiss_tx(csp_iface_t * interface, csp_packet_t * packet, uint32_t
 		return CSP_ERR_DRIVER;
 
 	/* Add CRC32 checksum */
-	csp_crc32_append(packet);
+	csp_crc32_append(packet, false);
 
 	/* Save the outgoing id in the buffer */
 	packet->id.ext = csp_hton32(packet->id.ext);
@@ -172,7 +172,7 @@ void csp_kiss_rx(csp_iface_t * interface, uint8_t * buf, int len, void * pxTaskW
 					driver->rx_packet->id.ext = csp_ntoh32(driver->rx_packet->id.ext);
 
 					/* Validate CRC */
-					if (csp_crc32_verify(driver->rx_packet) != CSP_ERR_NONE) {
+					if (csp_crc32_verify(driver->rx_packet, false) != CSP_ERR_NONE) {
 						csp_log_warn("KISS invalid crc frame skipped, len: %u", driver->rx_packet->length);
 						interface->rx_error++;
 						driver->rx_mode = KISS_MODE_NOT_STARTED;