From c4fe30840e80e51e4c7b7809a94141cc13f02c30 Mon Sep 17 00:00:00 2001 From: Jacob Hageman Date: Wed, 6 Jan 2021 16:05:30 -0500 Subject: [PATCH 1/4] Fix #15, Remove unimplemented crc cases --- cfe_ts_crc.c | 42 +++++++++++------------------------------- 1 file changed, 11 insertions(+), 31 deletions(-) diff --git a/cfe_ts_crc.c b/cfe_ts_crc.c index 1932915..118d5c5 100644 --- a/cfe_ts_crc.c +++ b/cfe_ts_crc.c @@ -54,20 +54,15 @@ #include "cfe_fs_extern_typedefs.h" #include "cfe_tbl_extern_typedefs.h" -#define CFE_ES_CRC_8 1 /**< \brief CRC ( 8 bit additive - returns 32 bit total) (Currently not implemented) */ -#define CFE_ES_CRC_16 2 /**< \brief CRC (16 bit additive - returns 32 bit total) */ -#define CFE_ES_CRC_32 3 /**< \brief CRC (32 bit additive - returns 32 bit total) (Currently not implemented) */ -#define CFE_ES_DEFAULT_CRC CFE_ES_CRC_16 /**< \brief mission specific CRC type */ - /* ** Function Prologue ** -** Function: CFE_ES_CalculateCRC (taken directly from lro-cfe-4.2.1 delivery - 2/4/09) +** Function: CalculateCRC (originated from lro-cfe-4.2.1 delivery - 2/4/09) ** ** Purpose: Perform a CRC calculation on a range of memory. ** */ -uint32 CFE_ES_CalculateCRC(void *DataPtr, uint32 DataLength, uint32 InputCRC, uint32 TypeCRC) +uint32 CalculateCRC(void *DataPtr, uint32 DataLength, uint32 InputCRC) { int32 i; int16 Index; @@ -96,33 +91,18 @@ uint32 CFE_ES_CalculateCRC(void *DataPtr, uint32 DataLength, uint32 InputCRC, ui 0x4C80, 0x8C41, 0x4400, 0x84C1, 0x8581, 0x4540, 0x8701, 0x47C0, 0x4680, 0x8641, 0x8201, 0x42C0, 0x4380, 0x8341, 0x4100, 0x81C1, 0x8081, 0x4040}; - switch (TypeCRC) - { - /* case CFE_ES_CRC_32: */ - /* CFE_ES_WriteToSysLog("CFE ES Calculate CRC32 not Implemented\n"); */ - /* break; */ - - case CFE_ES_CRC_16: - Crc = (int16)(0xFFFF & InputCRC); - BufPtr = (uint8 *)DataPtr; - - for (i = 0; i < DataLength; i++, BufPtr++) - { - Index = ((Crc ^ *BufPtr) & 0x00FF); - Crc = ((Crc >> 8) & 0x00FF) ^ CrcTable[Index]; - } - break; + Crc = (int16)(0xFFFF & InputCRC); + BufPtr = (uint8 *)DataPtr; - /* case CFE_ES_CRC_8: */ - /* CFE_ES_WriteToSysLog("CFE ES Calculate CRC8 not Implemented\n"); */ - /* break; */ - - default: - break; + for (i = 0; i < DataLength; i++, BufPtr++) + { + Index = ((Crc ^ *BufPtr) & 0x00FF); + Crc = ((Crc >> 8) & 0x00FF) ^ CrcTable[Index]; } + return (Crc); -} /* End of CFE_ES_CalculateCRC() */ +} int main(int argc, char **argv) { @@ -158,7 +138,7 @@ int main(int argc, char **argv) while (done == 0) { readSize = read(fd, buffer, 100); - fileCRC = CFE_ES_CalculateCRC(buffer, readSize, fileCRC, CFE_ES_CRC_16); + fileCRC = CalculateCRC(buffer, readSize, fileCRC); fileSize += readSize; if (readSize != 100) done = 1; From b3007c981a97b9fd8b2916841e45c700cc8ccf7b Mon Sep 17 00:00:00 2001 From: Ariel Adams Date: Thu, 7 Jan 2021 12:45:25 -0600 Subject: [PATCH 2/4] Fix #27, Create Security Policy --- SECURITY.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..0961cb6 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,15 @@ +# Security Policy + +## Reporting a Vulnerability + +To report a vulnerability for the tblCRCTool subsystem please [submit an issue](https://github.com/nasa/tblCRCTool/issues/new/choose). + +For general cFS vulnerabilities please [open a cFS framework issue](https://github.com/nasa/cfs/issues/new/choose) and see our [top-level security policy](https://github.com/nasa/cFS/security/policy). + +In either case please use the "Bug Report" template and provide as much information as possible. Apply appropraite labels for each report. For security related reports, tag the issue with the "security" label. + +## Additional Support + +For additional support, email us at cfs-program@lists.nasa.gov. For help using OSAL and cFS, [subscribe to our mailing list](https://lists.nasa.gov/mailman/listinfo/cfs-community) that includes all the community members/users of the NASA core Flight Software (cFS) product line. The mailing list is used to communicate any information related to the cFS product such as current releases, bug findings and fixes, enhancement requests, community meeting notifications, sending out meeting minutes, etc. + +If you wish to report a cybersecurity incident or concern please contact the NASA Security Operations Center either by phone at 1-877-627-2732 or via email address soc@nasa.gov. From f5740d114204f55f33b69408d165e36c59ef6327 Mon Sep 17 00:00:00 2001 From: Jacob Hageman Date: Tue, 26 Jan 2021 10:56:15 -0500 Subject: [PATCH 3/4] Fix #20, Replace LRO reference with algorithm details --- cfe_ts_crc.c | 43 ++++++++++++++++++++----------------------- 1 file changed, 20 insertions(+), 23 deletions(-) diff --git a/cfe_ts_crc.c b/cfe_ts_crc.c index 1932915..04a18d2 100644 --- a/cfe_ts_crc.c +++ b/cfe_ts_crc.c @@ -16,29 +16,25 @@ ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ** See the License for the specific language governing permissions and ** limitations under the License. -** -** lro_ts_crc -** -** This program calculates the CRC of a given file using the same -** algorithm as the LRO spacecraft cFE Table Services flight software uses. -** -** Inputs: One string containing the filename of the file to CRC. -** -** -** Outputs: Prints to the terminal the filename, size, and CRC. -** Returns the CRC. -** -** Author: Mike Blau, GSFC Code 582 -** -** Date: 1/28/08 -** -** Modified 4/24/08 MDB Added option to skip a specified number of header bytes -** Modified 2/04/09 BDT Modified to compute cFE table services CS -** Modified 4/01/09 STS Modified to always skip header (116 bytes) -** Modified 4/01/09 STS Removed option to skip a specified number of header bytes -** Modified 6/15/12 WFM Replaced the CRC Table with the table used in -** CFE_ES_CalculateCRC */ + +/* + * This program calculates the CRC-16/ARC of a given table file. + * + * Algorithm: + * - Name: CRC-16/ARC + * - Polynomial: 0x8005 + * - Initialization: 0x0000 + * - Reflect Input/Output: true + * - XorOut: 0x0000 + * + * Inputs: One string containing the filename of the table file to CRC. + * + * Outputs: Prints to the terminal the filename, size, and CRC. + * Returns the CRC. + * + * Author: Mike Blau, GSFC Code 582 + */ #include #include #include @@ -49,7 +45,8 @@ /* These headers are needed for CFE_FS_Header_t and CFE_TBL_File_Hdr_t, respectively. * This uses the OSAL definition of fixed-width types, even thought this tool - * is not using OSAL itself. */ + * is not using OSAL itself. + */ #include "common_types.h" #include "cfe_fs_extern_typedefs.h" #include "cfe_tbl_extern_typedefs.h" From 9d0dedd08ffcb9ff8a9de67a1cde43a2ba066dae Mon Sep 17 00:00:00 2001 From: astrogeco <59618057+astrogeco@users.noreply.github.com> Date: Tue, 26 Jan 2021 19:52:35 -0500 Subject: [PATCH 4/4] Bump to v1.2.0-rc1+dev12 Update ReadMe --- README.md | 8 +++++++- cfe_ts_crc_version.h | 2 +- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index c35d09d..76ddd13 100644 --- a/README.md +++ b/README.md @@ -6,12 +6,18 @@ This lab application is a ground utility to generate binary table CRCs for cFS. ## Version Notes +### Development Build: 1.2.0-rc1+dev9 + +- Documentation: Add `Security.md` with instructions on reporting vulnerabilities +- Removes unimplemented CRC cases to eliminate static analysis warnings +- See + ### Development Build: 1.2.0-rc1+dev3 - Use `sizeof()` instead of a hard coded value for the table file header size to keep this tool in sync if the size of the cFE file or table header should ever change. - Update version baseline to v1.2.0-rc1 - Set REVISION number to 99 to indicate development version -See +- See ### Development Build: 1.1.0+dev7 diff --git a/cfe_ts_crc_version.h b/cfe_ts_crc_version.h index acd2591..9a88508 100644 --- a/cfe_ts_crc_version.h +++ b/cfe_ts_crc_version.h @@ -31,7 +31,7 @@ /* * Development Build Macro Definitions */ -#define CFE_TS_CRC_BUILD_NUMBER 3 /*!< @brief Number of commits since baseline */ +#define CFE_TS_CRC_BUILD_NUMBER 9 /*!< @brief Number of commits since baseline */ #define CFE_TS_CRC_BUILD_BASELINE \ "v1.2.0+dev" /*!< @brief Development Build: git tag that is the base for the current */