From 788402db54f6e2f6a1bf77ab9a18743bf016cd51 Mon Sep 17 00:00:00 2001 From: Ibraheem Saleh Date: Tue, 12 Apr 2022 14:54:19 -0700 Subject: [PATCH 1/7] AMMOSGH-65: Rename sadb mariadb admin scripts to sadb-mariadb-sql --- src/CMakeLists.txt | 4 ++-- .../create_sadb.sql | 0 .../create_sadb_jpl_unit_test_security_associations.sql | 0 .../create_sadb_unit_test_security_associations.sql | 0 .../create_sadb_user_grant_permissions.sql | 0 .../delete_sadb.sql | 0 6 files changed, 2 insertions(+), 2 deletions(-) rename src/crypto_sadb/{sadb_mariadb_admin_scripts => sadb-mariadb-sql}/create_sadb.sql (100%) rename src/crypto_sadb/{sadb_mariadb_admin_scripts => sadb-mariadb-sql}/create_sadb_jpl_unit_test_security_associations.sql (100%) rename src/crypto_sadb/{sadb_mariadb_admin_scripts => sadb-mariadb-sql}/create_sadb_unit_test_security_associations.sql (100%) rename src/crypto_sadb/{sadb_mariadb_admin_scripts => sadb-mariadb-sql}/create_sadb_user_grant_permissions.sql (100%) rename src/crypto_sadb/{sadb_mariadb_admin_scripts => sadb-mariadb-sql}/delete_sadb.sql (100%) diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 692cdd39..dac84c9d 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -84,7 +84,7 @@ install(TARGETS Crypto PUBLIC_HEADER DESTINATION ${CMAKE_INSTALL_PREFIX}/include) IF(MYSQL) - file(GLOB MYSQL_SCRIPTS crypto_sadb/sadb_mariadb_admin_scripts/*.sql) + file(GLOB MYSQL_SCRIPTS crypto_sadb/sadb-mariadb-sql/*.sql) install(FILES ${MYSQL_SCRIPTS} - DESTINATION ${CMAKE_INSTALL_PREFIX}/etc/sadb_mariadb_admin_scripts) + DESTINATION ${CMAKE_INSTALL_PREFIX}/etc/sadb-mariadb-sql) endif() \ No newline at end of file diff --git a/src/crypto_sadb/sadb_mariadb_admin_scripts/create_sadb.sql b/src/crypto_sadb/sadb-mariadb-sql/create_sadb.sql similarity index 100% rename from src/crypto_sadb/sadb_mariadb_admin_scripts/create_sadb.sql rename to src/crypto_sadb/sadb-mariadb-sql/create_sadb.sql diff --git a/src/crypto_sadb/sadb_mariadb_admin_scripts/create_sadb_jpl_unit_test_security_associations.sql b/src/crypto_sadb/sadb-mariadb-sql/create_sadb_jpl_unit_test_security_associations.sql similarity index 100% rename from src/crypto_sadb/sadb_mariadb_admin_scripts/create_sadb_jpl_unit_test_security_associations.sql rename to src/crypto_sadb/sadb-mariadb-sql/create_sadb_jpl_unit_test_security_associations.sql diff --git a/src/crypto_sadb/sadb_mariadb_admin_scripts/create_sadb_unit_test_security_associations.sql b/src/crypto_sadb/sadb-mariadb-sql/create_sadb_unit_test_security_associations.sql similarity index 100% rename from src/crypto_sadb/sadb_mariadb_admin_scripts/create_sadb_unit_test_security_associations.sql rename to src/crypto_sadb/sadb-mariadb-sql/create_sadb_unit_test_security_associations.sql diff --git a/src/crypto_sadb/sadb_mariadb_admin_scripts/create_sadb_user_grant_permissions.sql b/src/crypto_sadb/sadb-mariadb-sql/create_sadb_user_grant_permissions.sql similarity index 100% rename from src/crypto_sadb/sadb_mariadb_admin_scripts/create_sadb_user_grant_permissions.sql rename to src/crypto_sadb/sadb-mariadb-sql/create_sadb_user_grant_permissions.sql diff --git a/src/crypto_sadb/sadb_mariadb_admin_scripts/delete_sadb.sql b/src/crypto_sadb/sadb-mariadb-sql/delete_sadb.sql similarity index 100% rename from src/crypto_sadb/sadb_mariadb_admin_scripts/delete_sadb.sql rename to src/crypto_sadb/sadb-mariadb-sql/delete_sadb.sql From bac4e644a96caa2642d40ceab343132d6a101626 Mon Sep 17 00:00:00 2001 From: Ibraheem Saleh Date: Tue, 12 Apr 2022 16:22:41 -0700 Subject: [PATCH 2/7] AMMOSGH-66: Add empty and list SQL scripts --- src/CMakeLists.txt | 4 ++-- .../{sadb-mariadb-sql => sadb_mariadb_sql}/create_sadb.sql | 0 .../create_sadb_jpl_unit_test_security_associations.sql | 0 .../create_sadb_unit_test_security_associations.sql | 0 .../create_sadb_user_grant_permissions.sql | 0 .../{sadb-mariadb-sql => sadb_mariadb_sql}/delete_sadb.sql | 0 src/crypto_sadb/sadb_mariadb_sql/empty_sadb.sql | 3 +++ src/crypto_sadb/sadb_mariadb_sql/list_sadb.sql | 3 +++ 8 files changed, 8 insertions(+), 2 deletions(-) rename src/crypto_sadb/{sadb-mariadb-sql => sadb_mariadb_sql}/create_sadb.sql (100%) rename src/crypto_sadb/{sadb-mariadb-sql => sadb_mariadb_sql}/create_sadb_jpl_unit_test_security_associations.sql (100%) rename src/crypto_sadb/{sadb-mariadb-sql => sadb_mariadb_sql}/create_sadb_unit_test_security_associations.sql (100%) rename src/crypto_sadb/{sadb-mariadb-sql => sadb_mariadb_sql}/create_sadb_user_grant_permissions.sql (100%) rename src/crypto_sadb/{sadb-mariadb-sql => sadb_mariadb_sql}/delete_sadb.sql (100%) create mode 100644 src/crypto_sadb/sadb_mariadb_sql/empty_sadb.sql create mode 100644 src/crypto_sadb/sadb_mariadb_sql/list_sadb.sql diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index dac84c9d..97c7765e 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -84,7 +84,7 @@ install(TARGETS Crypto PUBLIC_HEADER DESTINATION ${CMAKE_INSTALL_PREFIX}/include) IF(MYSQL) - file(GLOB MYSQL_SCRIPTS crypto_sadb/sadb-mariadb-sql/*.sql) + file(GLOB MYSQL_SCRIPTS crypto_sadb/sadb_mariadb_sql/*.sql) install(FILES ${MYSQL_SCRIPTS} - DESTINATION ${CMAKE_INSTALL_PREFIX}/etc/sadb-mariadb-sql) + DESTINATION ${CMAKE_INSTALL_PREFIX}/etc/sadb_mariadb_sql) endif() \ No newline at end of file diff --git a/src/crypto_sadb/sadb-mariadb-sql/create_sadb.sql b/src/crypto_sadb/sadb_mariadb_sql/create_sadb.sql similarity index 100% rename from src/crypto_sadb/sadb-mariadb-sql/create_sadb.sql rename to src/crypto_sadb/sadb_mariadb_sql/create_sadb.sql diff --git a/src/crypto_sadb/sadb-mariadb-sql/create_sadb_jpl_unit_test_security_associations.sql b/src/crypto_sadb/sadb_mariadb_sql/create_sadb_jpl_unit_test_security_associations.sql similarity index 100% rename from src/crypto_sadb/sadb-mariadb-sql/create_sadb_jpl_unit_test_security_associations.sql rename to src/crypto_sadb/sadb_mariadb_sql/create_sadb_jpl_unit_test_security_associations.sql diff --git a/src/crypto_sadb/sadb-mariadb-sql/create_sadb_unit_test_security_associations.sql b/src/crypto_sadb/sadb_mariadb_sql/create_sadb_unit_test_security_associations.sql similarity index 100% rename from src/crypto_sadb/sadb-mariadb-sql/create_sadb_unit_test_security_associations.sql rename to src/crypto_sadb/sadb_mariadb_sql/create_sadb_unit_test_security_associations.sql diff --git a/src/crypto_sadb/sadb-mariadb-sql/create_sadb_user_grant_permissions.sql b/src/crypto_sadb/sadb_mariadb_sql/create_sadb_user_grant_permissions.sql similarity index 100% rename from src/crypto_sadb/sadb-mariadb-sql/create_sadb_user_grant_permissions.sql rename to src/crypto_sadb/sadb_mariadb_sql/create_sadb_user_grant_permissions.sql diff --git a/src/crypto_sadb/sadb-mariadb-sql/delete_sadb.sql b/src/crypto_sadb/sadb_mariadb_sql/delete_sadb.sql similarity index 100% rename from src/crypto_sadb/sadb-mariadb-sql/delete_sadb.sql rename to src/crypto_sadb/sadb_mariadb_sql/delete_sadb.sql diff --git a/src/crypto_sadb/sadb_mariadb_sql/empty_sadb.sql b/src/crypto_sadb/sadb_mariadb_sql/empty_sadb.sql new file mode 100644 index 00000000..d580eee3 --- /dev/null +++ b/src/crypto_sadb/sadb_mariadb_sql/empty_sadb.sql @@ -0,0 +1,3 @@ +USE sadb; + +TRUNCATE TABLE security_associations; diff --git a/src/crypto_sadb/sadb_mariadb_sql/list_sadb.sql b/src/crypto_sadb/sadb_mariadb_sql/list_sadb.sql new file mode 100644 index 00000000..86d44828 --- /dev/null +++ b/src/crypto_sadb/sadb_mariadb_sql/list_sadb.sql @@ -0,0 +1,3 @@ +USE sadb; + +select spi,ekid,akid,sa_state,tfvn,scid,vcid,mapid,est,ast,shivf_len,shsnf_len,shplf_len,stmacf_len,ecs_len,HEX(ecs),iv_len,HEX(iv),acs_len,HEX(acs),abm_len,arsn_len,HEX(arsn),arsnw from security_associations; From 6d3636da70573f80a90e79dcc41c1d8886eb8923 Mon Sep 17 00:00:00 2001 From: Ibraheem Saleh Date: Wed, 13 Apr 2022 13:55:50 -0700 Subject: [PATCH 3/7] AMMOSGH-74, AMMOSGH-72, fix MySQL shutdown cleanup logic when no valid SA is returned --- ...r_path_unit_test_security_associations.sql | 35 ++++ src/src_mysql/sadb_routine_mariadb.template.c | 19 +-- util/src_util/ut_sadb_err_cases_kmc_crypto.c | 149 ++++++++++++++++++ 3 files changed, 194 insertions(+), 9 deletions(-) create mode 100644 src/crypto_sadb/sadb_mariadb_sql/create_sadb_error_path_unit_test_security_associations.sql create mode 100644 util/src_util/ut_sadb_err_cases_kmc_crypto.c diff --git a/src/crypto_sadb/sadb_mariadb_sql/create_sadb_error_path_unit_test_security_associations.sql b/src/crypto_sadb/sadb_mariadb_sql/create_sadb_error_path_unit_test_security_associations.sql new file mode 100644 index 00000000..0aa62172 --- /dev/null +++ b/src/crypto_sadb/sadb_mariadb_sql/create_sadb_error_path_unit_test_security_associations.sql @@ -0,0 +1,35 @@ +USE sadb; + +-- SCID 44 (MMT) Security Associations AES/GCM/NoPadding -- +-- SA 1 - Only Keyed SA Available (VC 33) +INSERT INTO security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid) +VALUES (1,'kmc/test/key130',2,X'01',1,1,12,12,16,X'000000000000000000000001',19,X'00000000000000000000000000000000000000',5,0,0,44,33,0); + +-- SA 2 - Only Unkeyed SA Available (VC 32) +INSERT INTO security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid) +VALUES (2,'kmc/test/key130',2,X'01',1,1,12,12,16,X'000000000000000000000001',19,X'00000000000000000000000000000000000000',5,0,0,44,32,0); + +-- SA 2 - OPERATIONAL; ENC + AUTH - ARSNW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 44, VC-1 +-- INSERT INTO security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid) +-- VALUES (2,'kmc/test/key130',3,X'01',1,1,12,12,16,X'000000000000000000000001',19,X'00000000000000000000000000000000000000',5,0,0,44,1,0); +-- +-- -- SA 3 - OPERATIONAL; ENC + AUTH - ARSNW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 44, VC-1 +-- INSERT INTO security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid) +-- VALUES (3,'kmc/test/key130',3,X'01',1,1,12,12,16,X'000000000000000000000001',19,X'00000000000000000000000000000000000000',5,0,0,44,2,0); +-- +-- -- SA 4 - OPERATIONAL; AUTH Only - ARSNW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 44, VC-3 +-- INSERT INTO security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid) +-- VALUES (4,'kmc/test/key130',3,X'01',0,1,12,12,16,X'000000000000000000000001',1024,X'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF',5,0,0,44,3,0); +-- +-- -- SCID 44 (MMT) Security Associations Authentication Only -- +-- -- SA 5 - OPERATIONAL; AUTH Only - ARSNW:5; None/AESCMAC ; ARSN_LEN=4; MAC-len:16; Key-ID: 130, SCID 44, VC-7 +-- INSERT INTO security_associations (spi,akid,sa_state,ecs,acs,est,ast,iv_len,shivf_len,shsnf_len,stmacf_len,arsn,arsn_len,abm_len,abm,arsnw,tfvn,scid,vcid,mapid) +-- VALUES (5,'kmc/test/key130',3,X'00',X'01',0,1,0,0,4,16,X'00000001',4,1024,X'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF',5,0,44,7,0); +-- +-- -- SA 6 - OPERATIONAL; AUTH Only - ARSNW:5; None/HmacSHA256 ; MAC-len:16; Key-ID: 130, SCID 44, VC-8 +-- INSERT INTO security_associations (spi,akid,sa_state,ecs,acs,est,ast,iv_len,shivf_len,shsnf_len,stmacf_len,arsn,arsn_len,abm_len,abm,arsnw,tfvn,scid,vcid,mapid) +-- VALUES (6,'kmc/test/hmacsha256',3,X'00',X'02',0,1,0,0,4,32,X'00000001',4,1024,X'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF',5,0,44,8,0); +-- +-- -- SA 7 - OPERATIONAL; AUTH Only - ARSNW:5; None/HmacSHA512 ; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 44, VC-9 +-- INSERT INTO security_associations (spi,akid,sa_state,ecs,acs,est,ast,iv_len,shivf_len,shsnf_len,stmacf_len,arsn,arsn_len,abm_len,abm,arsnw,tfvn,scid,vcid,mapid) +-- VALUES (7,'kmc/test/hmacsha512',3,X'00',X'03',0,1,0,0,4,64,X'00000001',4,1024,X'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF',5,0,44,9,0); diff --git a/src/src_mysql/sadb_routine_mariadb.template.c b/src/src_mysql/sadb_routine_mariadb.template.c index fd80e59a..93e46c55 100644 --- a/src/src_mysql/sadb_routine_mariadb.template.c +++ b/src/src_mysql/sadb_routine_mariadb.template.c @@ -42,7 +42,7 @@ static int32_t sadb_sa_setARSN(void); static int32_t sadb_sa_setARSNW(void); static int32_t sadb_sa_delete(void); // MySQL local functions -static int32_t finish_with_error(MYSQL *con, int err); +static int32_t finish_with_error(MYSQL **con_loc, int err); // MySQL Queries static const char* SQL_SADB_GET_SA_BY_SPI = "SELECT " @@ -144,7 +144,7 @@ static int32_t sadb_init(void) sadb_mariadb_config->mysql_port, NULL, 0) == NULL) { //0,NULL,0 are port number, unix socket, client flag - finish_with_error(con, SADB_MARIADB_CONNECTION_FAILED); + finish_with_error(&con, SADB_MARIADB_CONNECTION_FAILED); status = CRYPTO_LIB_ERROR; } else { status = CRYPTO_LIB_SUCCESS; @@ -220,7 +220,7 @@ static int32_t sadb_save_sa(SecurityAssociation_t* sa) // Crypto_saPrint(sa); if (mysql_query(con, update_sa_query)) { - status = finish_with_error(con, SADB_QUERY_FAILED); + status = finish_with_error(&con, SADB_QUERY_FAILED); return status; } // todo - if query fails, need to push failure message to error stack instead of just return code. @@ -287,7 +287,7 @@ static int32_t parse_sa_from_mysql_query(char* query, SecurityAssociation_t** se if (mysql_real_query(con, query, strlen(query))) { // query should be NUL terminated! - status = finish_with_error(con, SADB_QUERY_FAILED); + status = finish_with_error(&con, SADB_QUERY_FAILED); return status; } // todo - if query fails, need to push failure message to error stack instead of just return code. @@ -295,14 +295,14 @@ static int32_t parse_sa_from_mysql_query(char* query, SecurityAssociation_t** se MYSQL_RES *result = mysql_store_result(con); if (result == NULL) { - status = finish_with_error(con, SADB_QUERY_EMPTY_RESULTS); + status = finish_with_error(&con, SADB_QUERY_EMPTY_RESULTS); return status; } int num_rows = mysql_num_rows(result); if(num_rows == 0) // No rows returned in query!! { - status = finish_with_error(con, SADB_QUERY_EMPTY_RESULTS); + status = finish_with_error(&con, SADB_QUERY_EMPTY_RESULTS); return status; } @@ -548,9 +548,10 @@ static char* convert_byte_array_to_hexstring(void* src_buffer, size_t buffer_len return hexstr; } -static int32_t finish_with_error(MYSQL *con, int err) +static int32_t finish_with_error(MYSQL **con_loc, int err) { - fprintf(stderr, "%s\n", mysql_error(con)); // todo - if query fails, need to push failure message to error stack - mysql_close(con); + fprintf(stderr, "%s\n", mysql_error(*con_loc)); // todo - if query fails, need to push failure message to error stack + mysql_close(*con_loc); + *con_loc = NULL; return err; } \ No newline at end of file diff --git a/util/src_util/ut_sadb_err_cases_kmc_crypto.c b/util/src_util/ut_sadb_err_cases_kmc_crypto.c new file mode 100644 index 00000000..4bf5d67b --- /dev/null +++ b/util/src_util/ut_sadb_err_cases_kmc_crypto.c @@ -0,0 +1,149 @@ +/* Copyright (C) 2009 - 2022 National Aeronautics and Space Administration. + All Foreign Rights are Reserved to the U.S. Government. + + This software is provided "as is" without any warranty of any kind, either expressed, implied, or statutory, + including, but not limited to, any warranty that the software will conform to specifications, any implied warranties + of merchantability, fitness for a particular purpose, and freedom from infringement, and any warranty that the + documentation will conform to the program, or any warranty that the software will be error free. + + In no event shall NASA be liable for any damages, including, but not limited to direct, indirect, special or + consequential damages, arising out of, resulting from, or in any way connected with the software or its + documentation, whether or not based upon warranty, contract, tort or otherwise, and whether or not loss was sustained + from, or arose out of the results of, or use of, the software, documentation or services provided hereunder. + + ITC Team + NASA IV&V + jstar-development-team@mail.nasa.gov +*/ + +/** + * Unit Tests that make use of TC_ApplySecurity/TC_ProcessSecurity function on the data with KMC Crypto Service/MariaDB Functionality Enabled. + **/ +#include "crypto.h" +#include "crypto_error.h" +#include "sadb_routine.h" +#include "utest.h" + +#include "crypto.h" +#include "shared_util.h" +#include + +/** + * @brief Unit Test: Nominal Encryption with KMC Crypto Service && JPL Unit Test MariaDB + **/ +UTEST(KMC_CRYPTO, ONLY_KEYED_SA_AVAILABLE_FOR_GVCID) +{ + // Setup & Initialize CryptoLib + Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, + TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + Crypto_Config_MariaDB("localhost", "sadb", 3306, CRYPTO_FALSE, 0, NULL, NULL, NULL, NULL, NULL, "sadb_user", + "sadb_password"); + Crypto_Config_Kmc_Crypto_Service("https", "asec-cmdenc-srv1.jpl.nasa.gov", 8443, "crypto-service", + "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/ammos-ca-bundle.crt", NULL, + CRYPTO_FALSE, + "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-cert.pem", + "PEM", "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-key.pem", + NULL, NULL); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 2, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 3, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 33, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + int32_t status = Crypto_Init(); + ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); + + char* raw_tc_jpl_mmt_scid44_vcid1= "202c8408000169e2df"; + char* raw_tc_jpl_mmt_scid44_vcid1_expect = NULL; + int raw_tc_jpl_mmt_scid44_vcid1_expect_len = 0; + + hex_conversion(raw_tc_jpl_mmt_scid44_vcid1, &raw_tc_jpl_mmt_scid44_vcid1_expect, &raw_tc_jpl_mmt_scid44_vcid1_expect_len); + + uint8_t* ptr_enc_frame = NULL; + uint16_t enc_frame_len = 0; + + printf("Frame before encryption:\n"); + for (int i=0; i Date: Wed, 13 Apr 2022 14:47:59 -0700 Subject: [PATCH 4/7] AMMOSGH-71: Handle error case where no valid ECS set but EST=1 --- include/crypto_error.h | 1 + ...r_path_unit_test_security_associations.sql | 7 ++- src/src_main/crypto_print.c | 2 + src/src_main/crypto_tc.c | 7 +++ src/src_mysql/sadb_routine_mariadb.template.c | 6 +- util/src_util/ut_sadb_err_cases_kmc_crypto.c | 57 +++++++++++++++++++ 6 files changed, 78 insertions(+), 2 deletions(-) diff --git a/include/crypto_error.h b/include/crypto_error.h index 8bb1eed8..023a2eda 100644 --- a/include/crypto_error.h +++ b/include/crypto_error.h @@ -89,5 +89,6 @@ #define CRYPTO_LIB_ERR_NULL_ECS_PTR (-33) #define CRYPTO_LIB_ERR_IV_NOT_SUPPORTED_FOR_ACS_ALGO (-34) #define CRYPTO_LIB_ERR_NULL_CIPHERS (-35) +#define CRYPTO_LIB_ERR_NO_ECS_SET_FOR_ENCRYPTION_MODE (-36) #endif //_crypto_error_h_ diff --git a/src/crypto_sadb/sadb_mariadb_sql/create_sadb_error_path_unit_test_security_associations.sql b/src/crypto_sadb/sadb_mariadb_sql/create_sadb_error_path_unit_test_security_associations.sql index 0aa62172..daa76f80 100644 --- a/src/crypto_sadb/sadb_mariadb_sql/create_sadb_error_path_unit_test_security_associations.sql +++ b/src/crypto_sadb/sadb_mariadb_sql/create_sadb_error_path_unit_test_security_associations.sql @@ -7,7 +7,12 @@ VALUES (1,'kmc/test/key130',2,X'01',1,1,12,12,16,X'000000000000000000000001',19, -- SA 2 - Only Unkeyed SA Available (VC 32) INSERT INTO security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid) -VALUES (2,'kmc/test/key130',2,X'01',1,1,12,12,16,X'000000000000000000000001',19,X'00000000000000000000000000000000000000',5,0,0,44,32,0); +VALUES (2,'kmc/test/key130',1,X'01',1,1,12,12,16,X'000000000000000000000001',19,X'00000000000000000000000000000000000000',5,0,0,44,32,0); + +-- SA 3 - Null ECS & EKID for AESGCM Error (VC 34) +INSERT INTO security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid) +VALUES (3,NULL,3,'',1,1,12,12,16,X'000000000000000000000001',19,X'00000000000000000000000000000000000000',5,0,0,44,34,0); + -- SA 2 - OPERATIONAL; ENC + AUTH - ARSNW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 44, VC-1 -- INSERT INTO security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid) diff --git a/src/src_main/crypto_print.c b/src/src_main/crypto_print.c index 44672611..5509a62c 100644 --- a/src/src_main/crypto_print.c +++ b/src/src_main/crypto_print.c @@ -206,7 +206,9 @@ void Crypto_saPrint(SecurityAssociation_t* sa) } } printf("\t ekid = %d \n", sa->ekid); + printf("\t ek_ref = %s \n", sa->ek_ref); printf("\t akid = %d \n", sa->akid); + printf("\t ak_ref = %s \n", sa->ak_ref); printf("\t iv_len = %d \n", sa->shivf_len); if (sa->iv != NULL) { diff --git a/src/src_main/crypto_tc.c b/src/src_main/crypto_tc.c index 0d97fe58..edb87a96 100644 --- a/src/src_main/crypto_tc.c +++ b/src/src_main/crypto_tc.c @@ -194,6 +194,13 @@ int32_t Crypto_TC_ApplySecurity(const uint8_t* p_in_frame, const uint16_t in_fra ecs_is_aead_algorithm = Crypto_Is_AEAD_Algorithm(encryption_cipher); } + if ( encryption_cipher == CRYPTO_CIPHER_NONE && sa_ptr->est == 1) + { + status = CRYPTO_LIB_ERR_NO_ECS_SET_FOR_ENCRYPTION_MODE; + return status; + } + + #ifdef TC_DEBUG switch (sa_service_type) { diff --git a/src/src_mysql/sadb_routine_mariadb.template.c b/src/src_mysql/sadb_routine_mariadb.template.c index 93e46c55..0b832582 100644 --- a/src/src_mysql/sadb_routine_mariadb.template.c +++ b/src/src_mysql/sadb_routine_mariadb.template.c @@ -279,7 +279,7 @@ static int32_t sadb_sa_delete(void) static int32_t parse_sa_from_mysql_query(char* query, SecurityAssociation_t** security_association) { int32_t status = CRYPTO_LIB_SUCCESS; - SecurityAssociation_t* sa = malloc(sizeof(SecurityAssociation_t)); + SecurityAssociation_t* sa = calloc(1,sizeof(SecurityAssociation_t)); #ifdef SA_DEBUG fprintf(stderr, "MySQL Query: %s \n", query); @@ -502,6 +502,10 @@ static int32_t parse_sa_from_mysql_query(char* query, SecurityAssociation_t** se //arsnw_len is not necessary for mariadb interface, putty dummy/default value for prints. sa->arsnw_len = 1; +#ifdef DEBUG + printf("Parsed SA from SQL Query:\n"); + Crypto_saPrint(sa); +#endif *security_association = sa; mysql_free_result(result); diff --git a/util/src_util/ut_sadb_err_cases_kmc_crypto.c b/util/src_util/ut_sadb_err_cases_kmc_crypto.c index 4bf5d67b..bcc998cd 100644 --- a/util/src_util/ut_sadb_err_cases_kmc_crypto.c +++ b/util/src_util/ut_sadb_err_cases_kmc_crypto.c @@ -145,5 +145,62 @@ UTEST(KMC_CRYPTO, ONLY_UNKEYED_SA_AVAILABLE_FOR_GVCID) free(ptr_enc_frame); } +UTEST(KMC_CRYPTO, NULL_EKID_BLANK_ECS_ERROR) +{ + // Setup & Initialize CryptoLib + Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, + TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + Crypto_Config_MariaDB("localhost", "sadb", 3306, CRYPTO_FALSE, 0, NULL, NULL, NULL, NULL, NULL, "sadb_user", + "sadb_password"); + Crypto_Config_Kmc_Crypto_Service("https", "asec-cmdenc-srv1.jpl.nasa.gov", 8443, "crypto-service", + "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/ammos-ca-bundle.crt", NULL, + CRYPTO_FALSE, + "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-cert.pem", + "PEM", "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-key.pem", + NULL, NULL); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 2, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 3, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 34, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + int32_t status = Crypto_Init(); + ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); + + char* raw_tc_jpl_mmt_scid44_vcid1= "202c8808000169e2df"; + char* raw_tc_jpl_mmt_scid44_vcid1_expect = NULL; + int raw_tc_jpl_mmt_scid44_vcid1_expect_len = 0; + + hex_conversion(raw_tc_jpl_mmt_scid44_vcid1, &raw_tc_jpl_mmt_scid44_vcid1_expect, &raw_tc_jpl_mmt_scid44_vcid1_expect_len); + + uint8_t* ptr_enc_frame = NULL; + uint16_t enc_frame_len = 0; + + printf("Frame before encryption:\n"); + for (int i=0; i Date: Wed, 13 Apr 2022 15:07:17 -0700 Subject: [PATCH 5/7] AMMOSGH-73: Add test for misconfigured SA for with seg headers --- ...r_path_unit_test_security_associations.sql | 4 ++ util/src_util/ut_sadb_err_cases_kmc_crypto.c | 57 +++++++++++++++++++ 2 files changed, 61 insertions(+) diff --git a/src/crypto_sadb/sadb_mariadb_sql/create_sadb_error_path_unit_test_security_associations.sql b/src/crypto_sadb/sadb_mariadb_sql/create_sadb_error_path_unit_test_security_associations.sql index daa76f80..935c89c7 100644 --- a/src/crypto_sadb/sadb_mariadb_sql/create_sadb_error_path_unit_test_security_associations.sql +++ b/src/crypto_sadb/sadb_mariadb_sql/create_sadb_error_path_unit_test_security_associations.sql @@ -13,6 +13,10 @@ VALUES (2,'kmc/test/key130',1,X'01',1,1,12,12,16,X'000000000000000000000001',19, INSERT INTO security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid) VALUES (3,NULL,3,'',1,1,12,12,16,X'000000000000000000000001',19,X'00000000000000000000000000000000000000',5,0,0,44,34,0); +-- SA 4 - Invalid Frame Length with Seg Headers Config Set (VC 28) +INSERT INTO security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid) +VALUES (4,'kmc/test/key128',3,X'01',1,1,12,12,16,X'000000000000000000000001',19,X'0000000000000000000000000000000000000000',5,0,0,44,28,1); + -- SA 2 - OPERATIONAL; ENC + AUTH - ARSNW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 44, VC-1 -- INSERT INTO security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid) diff --git a/util/src_util/ut_sadb_err_cases_kmc_crypto.c b/util/src_util/ut_sadb_err_cases_kmc_crypto.c index bcc998cd..0b2551a2 100644 --- a/util/src_util/ut_sadb_err_cases_kmc_crypto.c +++ b/util/src_util/ut_sadb_err_cases_kmc_crypto.c @@ -202,5 +202,62 @@ UTEST(KMC_CRYPTO, NULL_EKID_BLANK_ECS_ERROR) free(ptr_enc_frame); } +UTEST(KMC_CRYPTO, INVALID_ABM_LENGTH_FOR_FRAME_WITH_SEG_HEADERS) +{ + // Setup & Initialize CryptoLib + Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, + TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + Crypto_Config_MariaDB("localhost", "sadb", 3306, CRYPTO_FALSE, 0, NULL, NULL, NULL, NULL, NULL, "sadb_user", + "sadb_password"); + Crypto_Config_Kmc_Crypto_Service("https", "asec-cmdenc-srv1.jpl.nasa.gov", 8443, "crypto-service", + "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/ammos-ca-bundle.crt", NULL, + CRYPTO_FALSE, + "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-cert.pem", + "PEM", "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-key.pem", + NULL, NULL); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 2, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 3, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 28, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + int32_t status = Crypto_Init(); + ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); + + char* raw_tc_jpl_mmt_scid44_vcid1= "202c7008000169e2df"; + char* raw_tc_jpl_mmt_scid44_vcid1_expect = NULL; + int raw_tc_jpl_mmt_scid44_vcid1_expect_len = 0; + + hex_conversion(raw_tc_jpl_mmt_scid44_vcid1, &raw_tc_jpl_mmt_scid44_vcid1_expect, &raw_tc_jpl_mmt_scid44_vcid1_expect_len); + + uint8_t* ptr_enc_frame = NULL; + uint16_t enc_frame_len = 0; + + printf("Frame before encryption:\n"); + for (int i=0; i Date: Wed, 13 Apr 2022 15:59:21 -0700 Subject: [PATCH 6/7] AMMOSGH-72: Remove code checking for crypto service truncated mac validation limitations --- include/crypto_error.h | 3 - ...db_jpl_unit_test_security_associations.sql | 8 +- ...hy_interface_kmc_crypto_service.template.c | 24 +--- src/src_mysql/sadb_routine_mariadb.template.c | 6 +- util/src_util/ut_kmc_crypto_auth_only.c | 130 +++++++++++++++++- 5 files changed, 137 insertions(+), 34 deletions(-) diff --git a/include/crypto_error.h b/include/crypto_error.h index 023a2eda..5f673e80 100644 --- a/include/crypto_error.h +++ b/include/crypto_error.h @@ -48,9 +48,6 @@ #define CRYPTOGRAHPY_KMC_NULL_ENCRYPTION_KEY_REFERENCE_IN_SA 512 #define CRYPTOGRAHPY_KMC_NULL_AUTHENTICATION_KEY_REFERENCE_IN_SA 513 #define CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_EMPTY_RESPONSE 514 -#define CRYPTOGRAHPY_KMC_CRYPTO_INVALID_HMAC_SADB_MAC_LENGTH_CONFIGURATION_NOT_32 515 -#define CRYPTOGRAHPY_KMC_CRYPTO_INVALID_HMAC_SADB_MAC_LENGTH_CONFIGURATION_NOT_64 516 - #define CRYPTO_LIB_SUCCESS (0) diff --git a/src/crypto_sadb/sadb_mariadb_sql/create_sadb_jpl_unit_test_security_associations.sql b/src/crypto_sadb/sadb_mariadb_sql/create_sadb_jpl_unit_test_security_associations.sql index 9be56081..48fcee98 100644 --- a/src/crypto_sadb/sadb_mariadb_sql/create_sadb_jpl_unit_test_security_associations.sql +++ b/src/crypto_sadb/sadb_mariadb_sql/create_sadb_jpl_unit_test_security_associations.sql @@ -22,10 +22,14 @@ VALUES (4,'kmc/test/key130',3,X'01',0,1,12,12,16,X'000000000000000000000001',102 INSERT INTO security_associations (spi,akid,sa_state,ecs,acs,est,ast,iv_len,shivf_len,shsnf_len,stmacf_len,arsn,arsn_len,abm_len,abm,arsnw,tfvn,scid,vcid,mapid) VALUES (5,'kmc/test/key130',3,X'00',X'01',0,1,0,0,4,16,X'00000001',4,1024,X'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF',5,0,44,7,0); --- SA 6 - OPERATIONAL; AUTH Only - ARSNW:5; None/HmacSHA256 ; MAC-len:16; Key-ID: 130, SCID 44, VC-8 +-- SA 6 - OPERATIONAL; AUTH Only - ARSNW:5; None/HmacSHA256 ; MAC-len:32; Key-ID: 130, SCID 44, VC-8 INSERT INTO security_associations (spi,akid,sa_state,ecs,acs,est,ast,iv_len,shivf_len,shsnf_len,stmacf_len,arsn,arsn_len,abm_len,abm,arsnw,tfvn,scid,vcid,mapid) VALUES (6,'kmc/test/hmacsha256',3,X'00',X'02',0,1,0,0,4,32,X'00000001',4,1024,X'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF',5,0,44,8,0); --- SA 7 - OPERATIONAL; AUTH Only - ARSNW:5; None/HmacSHA512 ; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 44, VC-9 +-- SA 7 - OPERATIONAL; AUTH Only - ARSNW:5; None/HmacSHA512 ; IV:00...01; IV-len:12; MAC-len:64; Key-ID: 130, SCID 44, VC-9 INSERT INTO security_associations (spi,akid,sa_state,ecs,acs,est,ast,iv_len,shivf_len,shsnf_len,stmacf_len,arsn,arsn_len,abm_len,abm,arsnw,tfvn,scid,vcid,mapid) VALUES (7,'kmc/test/hmacsha512',3,X'00',X'03',0,1,0,0,4,64,X'00000001',4,1024,X'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF',5,0,44,9,0); + +-- SA 8 - OPERATIONAL; AUTH Only - ARSNW:5; None/HmacSHA512 ; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 44, VC-9 +INSERT INTO security_associations (spi,akid,sa_state,ecs,acs,est,ast,iv_len,shivf_len,shsnf_len,stmacf_len,arsn,arsn_len,abm_len,abm,arsnw,tfvn,scid,vcid,mapid) +VALUES (8,'kmc/test/hmacsha512',3,X'00',X'03',0,1,0,0,4,16,X'00000001',4,1024,X'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF',5,0,44,10,0); diff --git a/src/src_cryptography/src_kmc_crypto_service/cryptography_interface_kmc_crypto_service.template.c b/src/src_cryptography/src_kmc_crypto_service/cryptography_interface_kmc_crypto_service.template.c index 1e8d0cfc..d3ccf641 100644 --- a/src/src_cryptography/src_kmc_crypto_service/cryptography_interface_kmc_crypto_service.template.c +++ b/src/src_cryptography/src_kmc_crypto_service/cryptography_interface_kmc_crypto_service.template.c @@ -295,17 +295,6 @@ static int32_t cryptography_authenticate(uint8_t* data_out, size_t len_data_out, } - if(acs == CRYPTO_MAC_HMAC_SHA256 && sa_ptr->stmacf_len != 32) - { - status = CRYPTOGRAHPY_KMC_CRYPTO_INVALID_HMAC_SADB_MAC_LENGTH_CONFIGURATION_NOT_32; - return status; - } - if(acs == CRYPTO_MAC_HMAC_SHA512 && sa_ptr->stmacf_len != 64) - { - status = CRYPTOGRAHPY_KMC_CRYPTO_INVALID_HMAC_SADB_MAC_LENGTH_CONFIGURATION_NOT_64; - return status; - } - // Need to copy the data over, since authentication won't change/move the data directly if(data_out != NULL){ memcpy(data_out, data_in, len_data_in); @@ -493,7 +482,7 @@ static int32_t cryptography_authenticate(uint8_t* data_out, size_t len_data_out, /* JSON Response Handling End */ - uint8_t* icv_decoded = malloc(mac_size + 1); + uint8_t* icv_decoded = malloc(strlen(icv_base64) + 1); size_t icv_decoded_len = 0; base64urlDecode(icv_base64,strlen(icv_base64),icv_decoded, &icv_decoded_len); #ifdef DEBUG @@ -536,17 +525,6 @@ static int32_t cryptography_validate_authentication(uint8_t* data_out, size_t le return CRYPTO_LIB_ERR_UNSUPPORTED_ACS; } - if(acs == CRYPTO_MAC_HMAC_SHA256 && sa_ptr->stmacf_len != 32) - { - status = CRYPTOGRAHPY_KMC_CRYPTO_INVALID_HMAC_SADB_MAC_LENGTH_CONFIGURATION_NOT_32; - return status; - } - if(acs == CRYPTO_MAC_HMAC_SHA512 && sa_ptr->stmacf_len != 64) - { - status = CRYPTOGRAHPY_KMC_CRYPTO_INVALID_HMAC_SADB_MAC_LENGTH_CONFIGURATION_NOT_64; - return status; - } - // Need to copy the data over, since authentication won't change/move the data directly if(data_out != NULL){ memcpy(data_out, data_in, len_data_in); diff --git a/src/src_mysql/sadb_routine_mariadb.template.c b/src/src_mysql/sadb_routine_mariadb.template.c index 0b832582..fa98dd47 100644 --- a/src/src_mysql/sadb_routine_mariadb.template.c +++ b/src/src_mysql/sadb_routine_mariadb.template.c @@ -209,8 +209,8 @@ static int32_t sadb_save_sa(SecurityAssociation_t* sa) char update_sa_query[2048]; snprintf(update_sa_query, sizeof(update_sa_query), SQL_SADB_UPDATE_IV_ARC_BY_SPI, - convert_byte_array_to_hexstring(sa->iv, sa->shivf_len), - convert_byte_array_to_hexstring(sa->arsn, sa->shsnf_len), sa->spi, sa->gvcid_tc_blk.tfvn, + convert_byte_array_to_hexstring(sa->iv, sa->iv_len), + convert_byte_array_to_hexstring(sa->arsn, sa->arsn_len), sa->spi, sa->gvcid_tc_blk.tfvn, sa->gvcid_tc_blk.scid, sa->gvcid_tc_blk.vcid, sa->gvcid_tc_blk.mapid); #ifdef SA_DEBUG @@ -488,7 +488,7 @@ static int32_t parse_sa_from_mysql_query(char* query, SecurityAssociation_t** se } // printf("\n"); } - sa->iv = (uint8_t* )calloc(1, sa->shivf_len * sizeof(uint8_t)); + sa->iv = (uint8_t* )calloc(1, sa->iv_len * sizeof(uint8_t)); sa->arsn = (uint8_t* )calloc(1, sa->arsn_len * sizeof(uint8_t)); sa->abm = (uint8_t* )calloc(1, sa->abm_len * sizeof(uint8_t)); sa->ecs = (uint8_t* )calloc(1, sa->ecs_len * sizeof(uint8_t)); diff --git a/util/src_util/ut_kmc_crypto_auth_only.c b/util/src_util/ut_kmc_crypto_auth_only.c index 39aecb3d..a76b7331 100644 --- a/util/src_util/ut_kmc_crypto_auth_only.c +++ b/util/src_util/ut_kmc_crypto_auth_only.c @@ -315,7 +315,9 @@ UTEST(KMC_CRYPTO, HAPPY_PATH_PROCESS_SEC_HMAC256_AUTH_ONLY) ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); } - +/** + * @brief Unit Test: See test name for description of whats being exercised! + **/ UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_HMAC512_AUTH_ONLY) { // Setup & Initialize CryptoLib @@ -369,8 +371,7 @@ UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_HMAC512_AUTH_ONLY) } /** - * @brief Unit Test: Nominal Encryption with KMC Crypto Service && JPL Unit Test MariaDB - * This doesn't work -- Apply Security Auth Only doesn't return the proper tag. + * @brief Unit Test: HAPPY_PATH_PROCESS_SEC_HMAC512_AUTH_ONLY **/ UTEST(KMC_CRYPTO, HAPPY_PATH_PROCESS_SEC_HMAC512_AUTH_ONLY) { @@ -431,6 +432,129 @@ UTEST(KMC_CRYPTO, HAPPY_PATH_PROCESS_SEC_HMAC512_AUTH_ONLY) free(ptr_enc_frame); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); } +/** + * @brief Unit Test: HAPPY_PATH_APPLY_SEC_HMAC512_TRUNCATED_16BYTE_MAC_AUTH_ONLY + **/ +UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_HMAC512_TRUNCATED_16BYTE_MAC_AUTH_ONLY) +{ + // Setup & Initialize CryptoLib + Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, + TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + Crypto_Config_MariaDB("localhost", "sadb", 3306, CRYPTO_FALSE, 0, NULL, NULL, NULL, NULL, NULL, "sadb_user", + "sadb_password"); + Crypto_Config_Kmc_Crypto_Service("https", "asec-cmdenc-srv1.jpl.nasa.gov", 8443, "crypto-service", + "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/ammos-ca-bundle.crt", NULL, + CRYPTO_FALSE, + "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-cert.pem", + "PEM", "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-key.pem", + NULL, NULL); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 10, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + int32_t status = Crypto_Init(); + + char* raw_tc_jpl_mmt_scid44_vcid1= "202c2808000001bb40"; + + char* raw_tc_jpl_mmt_scid44_vcid1_expect = NULL; + int raw_tc_jpl_mmt_scid44_vcid1_expect_len = 0; + + hex_conversion(raw_tc_jpl_mmt_scid44_vcid1, &raw_tc_jpl_mmt_scid44_vcid1_expect, &raw_tc_jpl_mmt_scid44_vcid1_expect_len); + + uint8_t* ptr_enc_frame = NULL; + uint16_t enc_frame_len = 0; + + ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); + + printf("Frame before encryption:\n"); + for (int i=0; itc_pdu_len; i++) + { + printf("%02x ", tc_processed_frame->tc_pdu[i]); + } + printf("\n"); + + ASSERT_EQ(0x00,tc_processed_frame->tc_pdu[0]); + ASSERT_EQ( 0x01,tc_processed_frame->tc_pdu[1]); + + Crypto_Shutdown(); + free(enc_tc_jpl_mmt_scid44_vcid1_expect); + free(ptr_enc_frame); + // ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); +} UTEST_MAIN(); From c59c38c20a4cb3fc513bf23bdf20457eda312669 Mon Sep 17 00:00:00 2001 From: Ibraheem Saleh Date: Wed, 13 Apr 2022 16:17:41 -0700 Subject: [PATCH 7/7] AMMOSGH-61: Add MariaDB Bad Password and BadUsername Tests --- util/src_util/ut_kmc_crypto_with_mtls_sadb.c | 38 ++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/util/src_util/ut_kmc_crypto_with_mtls_sadb.c b/util/src_util/ut_kmc_crypto_with_mtls_sadb.c index 9bab0e96..18d50443 100644 --- a/util/src_util/ut_kmc_crypto_with_mtls_sadb.c +++ b/util/src_util/ut_kmc_crypto_with_mtls_sadb.c @@ -127,5 +127,43 @@ UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_ENC_AND_AUTH_TLS) ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); } +UTEST(KMC_CRYPTO, SADB_BAD_USER_NAME) +{ + // Setup & Initialize CryptoLib + Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, + TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + Crypto_Config_MariaDB("asec-cmdenc-dev2.jpl.nasa.gov","sadb",3306,CRYPTO_TRUE,CRYPTO_TRUE,"/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/ammos-ca-bundle.crt",NULL, NULL, NULL, NULL,"testuser1_badname", "l0ngp@ssWord" ); + Crypto_Config_Kmc_Crypto_Service("https", "asec-cmdenc-srv1.jpl.nasa.gov", 8443, "crypto-service","/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/ammos-ca-bundle.crt",NULL, CRYPTO_FALSE, "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-cert.pem", "PEM","/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-key.pem", NULL, NULL); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 2, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 3, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + int32_t status = Crypto_Init(); + + ASSERT_EQ(CRYPTO_LIB_ERROR, status); + + Crypto_Shutdown(); +} + +UTEST(KMC_CRYPTO, SADB_BAD_PASSWORD) +{ + // Setup & Initialize CryptoLib + Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, + TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + Crypto_Config_MariaDB("asec-cmdenc-dev2.jpl.nasa.gov","sadb",3306,CRYPTO_TRUE,CRYPTO_TRUE,"/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/ammos-ca-bundle.crt",NULL, NULL, NULL, NULL,"testuser1", "l0ngp@ssWord_badPass!" ); + Crypto_Config_Kmc_Crypto_Service("https", "asec-cmdenc-srv1.jpl.nasa.gov", 8443, "crypto-service","/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/ammos-ca-bundle.crt",NULL, CRYPTO_FALSE, "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-cert.pem", "PEM","/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-key.pem", NULL, NULL); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 2, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 3, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + int32_t status = Crypto_Init(); + + ASSERT_EQ(CRYPTO_LIB_ERROR, status); + + Crypto_Shutdown(); +} + UTEST_MAIN();