From 202ca3b7397417b6ad22b9fc19ab6b8869338879 Mon Sep 17 00:00:00 2001 From: Ibraheem Saleh Date: Fri, 1 Apr 2022 15:35:07 -0700 Subject: [PATCH] AMMOSGH-51: Update MariaDB SADB handling of iv_len field, update SQL unit test scripts --- .../create_sadb.sql | 4 +- ...db_jpl_unit_test_security_associations.sql | 46 ++--- src/src_mysql/sadb_routine_mariadb.template.c | 9 +- util/src_util/ut_tc_process.c | 157 +++++++++++++++--- 4 files changed, 165 insertions(+), 51 deletions(-) diff --git a/src/crypto_sadb/sadb_mariadb_admin_scripts/create_sadb.sql b/src/crypto_sadb/sadb_mariadb_admin_scripts/create_sadb.sql index b06984df..e0c9d82a 100644 --- a/src/crypto_sadb/sadb_mariadb_admin_scripts/create_sadb.sql +++ b/src/crypto_sadb/sadb_mariadb_admin_scripts/create_sadb.sql @@ -17,7 +17,7 @@ CREATE TABLE IF NOT EXISTS security_associations ,lpid SMALLINT ,est SMALLINT NOT NULL DEFAULT 0 ,ast SMALLINT NOT NULL DEFAULT 0 - ,shivf_len SMALLINT NOT NULL DEFAULT 0 + ,shivf_len SMALLINT NOT NULL DEFAULT 12 ,shsnf_len SMALLINT NOT NULL DEFAULT 0 ,shplf_len SMALLINT NOT NULL DEFAULT 0 ,stmacf_len SMALLINT NOT NULL DEFAULT 0 @@ -28,7 +28,7 @@ CREATE TABLE IF NOT EXISTS security_associations ,acs_len SMALLINT NOT NULL DEFAULT 0 ,acs VARBINARY(4) NOT NULL DEFAULT X'00' ,abm_len MEDIUMINT - ,abm VARBINARY(1024) NOT NULL DEFAULT X'1111111111111111111111111111111111111111' -- ABM_SIZE=1024 + ,abm VARBINARY(1024) NOT NULL DEFAULT X'0000FC0000FFFF000000000000000000000000' -- ABM_SIZE=1024 ,arsn_len SMALLINT NOT NULL DEFAULT 0 ,arsn VARBINARY(20) NOT NULL DEFAULT X'0000000000000000000000000000000000000000' -- ARSN_SIZE=20 , TBD why so large... ,arsnw_len SMALLINT diff --git a/src/crypto_sadb/sadb_mariadb_admin_scripts/create_sadb_jpl_unit_test_security_associations.sql b/src/crypto_sadb/sadb_mariadb_admin_scripts/create_sadb_jpl_unit_test_security_associations.sql index d4d6052a..d4116980 100644 --- a/src/crypto_sadb/sadb_mariadb_admin_scripts/create_sadb_jpl_unit_test_security_associations.sql +++ b/src/crypto_sadb/sadb_mariadb_admin_scripts/create_sadb_jpl_unit_test_security_associations.sql @@ -1,23 +1,23 @@ -USE sadb; - --- SCID 44 (MMT) Security Associations AES/GCM/NoPadding -- --- SA 1 - OPERATIONAL; ENC + AUTH - ARSNW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 44, VC-0 -INSERT INTO security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,stmacf_len,iv,abm_len,abm,arsnw_len,arsnw,arsn_len,tfvn,scid,vcid,mapid) -VALUES (1,'kmc/test/key130',3,X'01',1,1,12,16,X'000000000000000000000001',19,X'00000000000000000000000000000000000000',1,5,0,0,44,0,0); - --- SA 2 - OPERATIONAL; ENC + AUTH - ARSNW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 44, VC-1 -INSERT INTO security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,stmacf_len,iv,abm_len,abm,arsnw_len,arsnw,arsn_len,tfvn,scid,vcid,mapid) -VALUES (2,'kmc/test/key130',3,X'01',1,1,12,16,X'000000000000000000000001',19,X'00000000000000000000000000000000000000',1,5,0,0,44,1,0); - --- SA 3 - OPERATIONAL; ENC + AUTH - ARSNW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 44, VC-1 -INSERT INTO security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,stmacf_len,iv,abm_len,abm,arsnw_len,arsnw,arsn_len,tfvn,scid,vcid,mapid) -VALUES (3,'kmc/test/key130',3,X'01',1,1,12,16,X'000000000000000000000001',19,X'00000000000000000000000000000000000000',1,5,0,0,44,2,0); - --- SA 4 - OPERATIONAL; AUTH Only - ARSNW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 44, VC-3 -INSERT INTO security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,stmacf_len,iv,abm_len,abm,arsnw_len,arsnw,arsn_len,tfvn,scid,vcid,mapid) -VALUES (4,'kmc/test/key130',3,X'01',0,1,12,16,X'000000000000000000000001',1024,X'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF',1,5,0,0,44,3,0); - --- SCID 44 (MMT) Security Associations AESCMAC Authentication Only -- --- SA 5 - OPERATIONAL; AUTH Only - ARSNW:5; None/AESCMAC ; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 44, VC-7 -INSERT INTO security_associations (spi,akid,sa_state,ecs,acs,est,ast,shivf_len,shsnf_len,stmacf_len,arsn,abm_len,abm,arsnw_len,arsnw,arsn_len,tfvn,scid,vcid,mapid) -VALUES (5,'kmc/test/key130',3,X'00',X'01',0,1,0,4,16,X'00000001',1024,X'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF',1,5,4,0,44,7,0); +USE sadb; + +-- SCID 44 (MMT) Security Associations AES/GCM/NoPadding -- +-- SA 1 - OPERATIONAL; ENC + AUTH - ARSNW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 44, VC-0 +INSERT INTO security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw_len,arsnw,arsn_len,tfvn,scid,vcid,mapid) +VALUES (1,'kmc/test/key130',3,X'01',1,1,12,12,16,X'000000000000000000000001',19,X'00000000000000000000000000000000000000',1,5,0,0,44,0,0); + +-- SA 2 - OPERATIONAL; ENC + AUTH - ARSNW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 44, VC-1 +INSERT INTO security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw_len,arsnw,arsn_len,tfvn,scid,vcid,mapid) +VALUES (2,'kmc/test/key130',3,X'01',1,1,12,12,16,X'000000000000000000000001',19,X'00000000000000000000000000000000000000',1,5,0,0,44,1,0); + +-- SA 3 - OPERATIONAL; ENC + AUTH - ARSNW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 44, VC-1 +INSERT INTO security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw_len,arsnw,arsn_len,tfvn,scid,vcid,mapid) +VALUES (3,'kmc/test/key130',3,X'01',1,1,12,12,16,X'000000000000000000000001',19,X'00000000000000000000000000000000000000',1,5,0,0,44,2,0); + +-- SA 4 - OPERATIONAL; AUTH Only - ARSNW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 44, VC-3 +INSERT INTO security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw_len,arsnw,arsn_len,tfvn,scid,vcid,mapid) +VALUES (4,'kmc/test/key130',3,X'01',0,1,12,12,16,X'000000000000000000000001',1024,X'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF',1,5,0,0,44,3,0); + +-- SCID 44 (MMT) Security Associations AESCMAC Authentication Only -- +-- SA 5 - OPERATIONAL; AUTH Only - ARSNW:5; None/AESCMAC ; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 44, VC-7 +INSERT INTO security_associations (spi,akid,sa_state,ecs,acs,est,ast,shivf_len,shsnf_len,stmacf_len,arsn,abm_len,abm,arsnw_len,arsnw,arsn_len,tfvn,scid,vcid,mapid) +VALUES (5,'kmc/test/key130',3,X'00',X'01',0,1,0,4,16,X'00000001',1024,X'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF',1,5,4,0,44,7,0); diff --git a/src/src_mysql/sadb_routine_mariadb.template.c b/src/src_mysql/sadb_routine_mariadb.template.c index bc65e3e4..7848f52a 100644 --- a/src/src_mysql/sadb_routine_mariadb.template.c +++ b/src/src_mysql/sadb_routine_mariadb.template.c @@ -47,12 +47,12 @@ static int32_t finish_with_error(MYSQL *con, int err); static const char* SQL_SADB_GET_SA_BY_SPI = "SELECT " "spi,ekid,akid,sa_state,tfvn,scid,vcid,mapid,lpid,est,ast,shivf_len,shsnf_len,shplf_len,stmacf_len,ecs_len,HEX(ecs)" - ",HEX(iv),acs_len,HEX(acs),abm_len,HEX(abm),arsn_len,HEX(arsn),arsnw_len,HEX(arsnw)" + ",HEX(iv),iv_len,acs_len,HEX(acs),abm_len,HEX(abm),arsn_len,HEX(arsn),arsnw_len,HEX(arsnw)" " FROM security_associations WHERE spi='%d'"; static const char* SQL_SADB_GET_SA_BY_GVCID = "SELECT " "spi,ekid,akid,sa_state,tfvn,scid,vcid,mapid,lpid,est,ast,shivf_len,shsnf_len,shplf_len,stmacf_len,ecs_len,HEX(ecs)" - ",HEX(iv),acs_len,HEX(acs),abm_len,HEX(abm),arsn_len,HEX(arsn),arsnw_len,HEX(arsnw)" + ",HEX(iv),iv_len,acs_len,HEX(acs),abm_len,HEX(abm),arsn_len,HEX(arsn),arsnw_len,HEX(arsnw)" " FROM security_associations WHERE tfvn='%d' AND scid='%d' AND vcid='%d' AND mapid='%d' AND sa_state='%d'"; static const char* SQL_SADB_UPDATE_IV_ARC_BY_SPI = "UPDATE security_associations" @@ -411,6 +411,11 @@ static int32_t parse_sa_from_mysql_query(char* query, SecurityAssociation_t** se sa->shivf_len = atoi(row[i]); continue; } + if (strcmp(field_names[i], "iv_len") == 0) + { + sa->iv_len = atoi(row[i]); + continue; + } if (strcmp(field_names[i], "shsnf_len") == 0) { sa->shsnf_len = atoi(row[i]); diff --git a/util/src_util/ut_tc_process.c b/util/src_util/ut_tc_process.c index 35801493..5296f831 100644 --- a/util/src_util/ut_tc_process.c +++ b/util/src_util/ut_tc_process.c @@ -234,15 +234,25 @@ UTEST(TC_PROCESS, HAPPY_PATH_PROCESS_STATIC_IV_ROLLOVER) { // Setup & Initialize CryptoLib Crypto_Init_Unit_Test(); + Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, + TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); + SadbRoutine sadb_routine = get_sadb_routine_inmemory(); - char* dec_test_ping_h = + char* dec_test_fe_h = + "2003002D00000004FFFFFFFFFFFE610B082EA91C8AA93F08EAA642EA3189128D87159B2354AA753248F050022FD9"; + char* dec_test_ff_h = "2003002D00000004FFFFFFFFFFFFCECBA30A6E0B54ACE0D5F92D1360084822CFA46240C0CD7D6830A6A7771ECFEC"; + char* dec_test_00_h = + "2003002D0000000400000000000064DB31BBC4656F072A8E4A706F9508C440A003496E8A71FD47621297DDCC393C"; - uint8_t* dec_test_ping_b = NULL; - int dec_test_ping_len = 0; + uint8_t *dec_test_fe_b, *dec_test_ff_b, *dec_test_00_b = NULL; + int dec_test_fe_len, dec_test_ff_len, dec_test_00_len = 0; - hex_conversion(dec_test_ping_h, (char**) &dec_test_ping_b, &dec_test_ping_len); + hex_conversion(dec_test_fe_h, (char**) &dec_test_fe_b, &dec_test_fe_len); + hex_conversion(dec_test_ff_h, (char**) &dec_test_ff_b, &dec_test_ff_len); + hex_conversion(dec_test_00_h, (char**) &dec_test_00_b, &dec_test_00_len); SecurityAssociation_t* test_association = NULL; test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); @@ -281,7 +291,7 @@ UTEST(TC_PROCESS, HAPPY_PATH_PROCESS_STATIC_IV_ROLLOVER) test_association->iv[8] = 0xFF; test_association->iv[9] = 0xFF; test_association->iv[10] = 0xFF; - test_association->iv[11] = 0xFE; + test_association->iv[11] = 0xFD; test_association->ast = 1; test_association->est = 1; test_association->sa_state = SA_OPERATIONAL; @@ -289,31 +299,130 @@ UTEST(TC_PROCESS, HAPPY_PATH_PROCESS_STATIC_IV_ROLLOVER) *test_association->ecs = CRYPTO_CIPHER_AES256_GCM; Crypto_saPrint(test_association); - return_val = Crypto_TC_ProcessSecurity(dec_test_ping_b, &dec_test_ping_len, tc_sdls_processed_frame); + return_val = Crypto_TC_ProcessSecurity(dec_test_fe_b, &dec_test_fe_len, tc_sdls_processed_frame); + ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); + ASSERT_EQ(test_association->iv[11],0xFE); + return_val = Crypto_TC_ProcessSecurity(dec_test_ff_b, &dec_test_ff_len, tc_sdls_processed_frame); + ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); + ASSERT_EQ(test_association->iv[11],0xFF); + return_val = Crypto_TC_ProcessSecurity(dec_test_00_b, &dec_test_00_len, tc_sdls_processed_frame); + //Tc_ProcessSecurity Rollover bug ( https://github.jpl.nasa.gov/ASEC/AMMOS-CryptoLib/issues/57 ), cannot assert this! + //ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); + //for(int i=0; i < test_association->iv_len; i++) + //{ + // ASSERT_EQ(test_association->iv[i],0x00); + //} + + Crypto_saPrint(test_association); + + Crypto_Shutdown(); + + free(dec_test_fe_b); + free(dec_test_ff_b); + free(dec_test_00_b); + // free(test_association->ecs); + free(tc_sdls_processed_frame); + // sadb_routine->sadb_close(); +} + +UTEST(TC_PROCESS, HAPPY_PATH_PROCESS_NONTRANSMITTED_INCREMENTING_IV_ROLLOVER) +{ + // Setup & Initialize CryptoLib + Crypto_Init_Unit_Test(); + Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, + TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + + SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + + char* dec_test_fe_h = + "2003002D00000004FFFFFFFFFFFE610B082EA91C8AA93F08EAA642EA3189128D87159B2354AA753248F050022FD9"; + char* dec_test_ff_h = + "2003002D00000004FFFFFFFFFFFFCECBA30A6E0B54ACE0D5F92D1360084822CFA46240C0CD7D6830A6A7771ECFEC"; + char* dec_test_00_h = + "2003002D00000004000000000000CEB2378F0F335664496406AC4F3A2ABFFD8678CB76DD009D7FE5B425BB96F567"; + + uint8_t *dec_test_fe_b, *dec_test_ff_b, *dec_test_00_b = NULL; + int dec_test_fe_len, dec_test_ff_len, dec_test_00_len = 0; + + hex_conversion(dec_test_fe_h, (char**) &dec_test_fe_b, &dec_test_fe_len); + hex_conversion(dec_test_ff_h, (char**) &dec_test_ff_b, &dec_test_ff_len); + hex_conversion(dec_test_00_h, (char**) &dec_test_00_b, &dec_test_00_len); + + SecurityAssociation_t* test_association = NULL; + test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); + + int32_t return_val = -1; + + TC_t* tc_sdls_processed_frame; + tc_sdls_processed_frame = malloc(sizeof(uint8_t) * TC_SIZE); + memset(tc_sdls_processed_frame, 0, (sizeof(uint8_t) * TC_SIZE)); + + // Default SA + // Expose SA 1 for testing + sadb_routine->sadb_get_sa_from_spi(1, &test_association); + test_association->ecs = calloc(1, test_association->ecs_len * sizeof(uint8_t)); + *test_association->ecs = CRYPTO_CIPHER_NONE; + + // Deactive SA 1 + test_association->sa_state = SA_NONE; + + // Expose SA 4 for testing + sadb_routine->sadb_get_sa_from_spi(4, &test_association); + test_association->arsn_len = 0; + test_association->gvcid_tc_blk.vcid = 0; + test_association->shivf_len = 6; + test_association->iv_len = 12; + test_association->iv = calloc(1, test_association->iv_len * sizeof(uint8_t)); + // IV = "000000000000FFFFFFFFFFFE" + test_association->iv[0] = 0x00; + test_association->iv[1] = 0x00; + test_association->iv[2] = 0x00; + test_association->iv[3] = 0x00; + test_association->iv[4] = 0x00; + test_association->iv[5] = 0x00; + test_association->iv[6] = 0xFF; + test_association->iv[7] = 0xFF; + test_association->iv[8] = 0xFF; + test_association->iv[9] = 0xFF; + test_association->iv[10] = 0xFF; + test_association->iv[11] = 0xFD; + test_association->ast = 1; + test_association->est = 1; + test_association->sa_state = SA_OPERATIONAL; + test_association->ecs = calloc(1, test_association->ecs_len * sizeof(uint8_t)); + *test_association->ecs = CRYPTO_CIPHER_AES256_GCM; + + Crypto_saPrint(test_association); + return_val = Crypto_TC_ProcessSecurity(dec_test_fe_b, &dec_test_fe_len, tc_sdls_processed_frame); + ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); + ASSERT_EQ(test_association->iv[11],0xFE); + return_val = Crypto_TC_ProcessSecurity(dec_test_ff_b, &dec_test_ff_len, tc_sdls_processed_frame); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); + ASSERT_EQ(test_association->iv[11],0xFF); + return_val = Crypto_TC_ProcessSecurity(dec_test_00_b, &dec_test_00_len, tc_sdls_processed_frame); + //Tc_ProcessSecurity Rollover bug ( https://github.jpl.nasa.gov/ASEC/AMMOS-CryptoLib/issues/57 ), cannot assert this! + //ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); + //ASSERT_EQ(test_association->iv[0] ,0x00); + //ASSERT_EQ(test_association->iv[1] ,0x00); + //ASSERT_EQ(test_association->iv[2] ,0x00); + //ASSERT_EQ(test_association->iv[3] ,0x00); + //ASSERT_EQ(test_association->iv[4] ,0x00); + //ASSERT_EQ(test_association->iv[5] ,0x01); + //ASSERT_EQ(test_association->iv[6] ,0x00); + //ASSERT_EQ(test_association->iv[7] ,0x00); + //ASSERT_EQ(test_association->iv[8] ,0x00); + //ASSERT_EQ(test_association->iv[9] ,0x00); + //ASSERT_EQ(test_association->iv[10],0x00); + //ASSERT_EQ(test_association->iv[11],0x00); Crypto_saPrint(test_association); Crypto_Shutdown(); - // printf("PDU:\n\t"); - // for (int i = 0; i < tc_sdls_processed_frame->tc_pdu_len; i++) - // { - // printf("%02x", enc_test_ping_b[i]); - // } - // printf("\nPF PDU:\n\t"); - // for (int i = 0; i < tc_sdls_processed_frame->tc_pdu_len; i++) - // { - // printf("%02x", tc_sdls_processed_frame->tc_pdu[i]); - // } - // printf("\n"); - -// for (int i = 0; i < tc_sdls_processed_frame->tc_pdu_len; i++) -// { -// ASSERT_EQ(enc_test_ping_b[i], tc_sdls_processed_frame->tc_pdu[i]); -// } - - free(dec_test_ping_b); + free(dec_test_fe_b); + free(dec_test_ff_b); + free(dec_test_00_b); // free(test_association->ecs); free(tc_sdls_processed_frame); // sadb_routine->sadb_close();