From 11a14ef33ae6f23fdb67edd9c2d7d081e93ababb Mon Sep 17 00:00:00 2001 From: Robert Brown <91291114+rjbrown2@users.noreply.github.com> Date: Thu, 22 Feb 2024 12:54:47 -0500 Subject: [PATCH 001/174] 206 ci for rhel based latest (#223) * [#206] Add RHEL Convenience Script * Modify build.yml for RHEL testing * [#206] Fix Comment Syntax Error * [nasa/cryptolib#206] Update CI Tabs * [nasa/cryptolib#206] Tab fixes * [nasa/cryptolib#206] Remove sudo calls * [nasa/cryptolib#206] Add -y flag for RHEL update * Update build.yml for RHEL * [nasa/cryptolib#206] Update build.yml and convenience script for RHEL --- .github/workflows/build.yml | 23 +++++++++++++++++++++++ support/scripts/build_rhel.sh | 12 ++++++++++++ 2 files changed, 35 insertions(+) create mode 100644 support/scripts/build_rhel.sh diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 364b19fa..307904d6 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -116,3 +116,26 @@ jobs: - name: Wolf Build Script working-directory: ${{github.workspace}} run: bash ${GITHUB_WORKSPACE}/support/scripts/build_wolf.sh + + # + # RHEL Build + # + rhel_build: + # Container Setup + runs-on: ubuntu-latest + container: + image: rockylinux/rockylinux:8 + steps: + - uses: actions/checkout@v2 + - name: Update + run: yum update -y + - name: Install Dependencies + run: yum install -y python38-devel libcurl-devel libgpg-error-devel libgcrypt-devel git cmake gcc java-11-openjdk-devel openssl wget mariadb-devel mariadb-common mariadb-connector-c mariadb-connector-c-config mariadb-errmsg mariadb-gssapi-server + # Might want to trim this down, but these dependencies should work for KMC + - name: Install Python Dependencies + run: pip3 install pycryptodome + # End Container Setup + + - name: RHEL Build Script + working-directory: ${{github.workspace}} + run: bash ${GITHUB_WORKSPACE}/support/scripts/build_rhel.sh diff --git a/support/scripts/build_rhel.sh b/support/scripts/build_rhel.sh new file mode 100644 index 00000000..57800a21 --- /dev/null +++ b/support/scripts/build_rhel.sh @@ -0,0 +1,12 @@ +#!/bin/bash -i +# +# Convenience script for CryptoLib development +# Will build in current directory +# +# ./build_rhel.sh +# + +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +source $SCRIPT_DIR/env.sh + +cmake $BASE_DIR -DCODECOV=1 -DDEBUG=1 -DMC_INTERNAL=1 -DTEST=1 -DTEST_ENC=1 && make && make test From 08b2646f80db8caecf41bd3a3dfa0a3547ef1eab Mon Sep 17 00:00:00 2001 From: Robert Brown Date: Thu, 22 Feb 2024 13:43:10 -0500 Subject: [PATCH 002/174] [nasa/cryptolib#196] Improve cyc. comp. --- src/core/crypto_error.c | 104 +++++++++++++------------------------ src/crypto/kmc/base64url.c | 65 ++++++++++++----------- 2 files changed, 72 insertions(+), 97 deletions(-) diff --git a/src/core/crypto_error.c b/src/core/crypto_error.c index f049de06..a211ea4d 100644 --- a/src/core/crypto_error.c +++ b/src/core/crypto_error.c @@ -133,6 +133,34 @@ char *crypto_enum_errlist_crypto_cam[] = (char*) "CAM_KEYTAB_FILE_KINIT_FAILURE", }; +/* +** @brief: Helper Function. Get specific error code, given code, allowable max, and valid string expansion +** @param: int32_t, int32_t, char* + * @return: char* +*/ +char* Crypto_Get_Crypto_Error_Code_String(int32_t crypto_error_code, int32_t crypto_error_code_max, char* valid_output_string) +{ + if(crypto_error_code < crypto_error_code_max) + { + return CRYPTO_UNDEFINED_ERROR; + } + return valid_output_string; +} + +/* +** @brief: Helper Function. Get specific error code, given code, allowable max, and valid string expansion +** @param: int32_t, int32_t, char* + * @return: char* +*/ +char* Crypto_Get_Error_Code_String(int32_t crypto_error_code, int32_t crypto_error_code_max, char* valid_output_string) +{ + if(crypto_error_code > crypto_error_code_max) + { + return CRYPTO_UNDEFINED_ERROR; + } + return valid_output_string; +} + /* ** @brief: For a given crypto error code, return the associated error code enum string ** @param: int32_t @@ -140,92 +168,34 @@ char *crypto_enum_errlist_crypto_cam[] = */ char* Crypto_Get_Error_Code_Enum_String(int32_t crypto_error_code) { + char* return_string = CRYPTO_UNDEFINED_ERROR; if(crypto_error_code >= 600) // CAM Error Codes { - if(crypto_error_code > 610) - { - return CRYPTO_UNDEFINED_ERROR; - } - else - { - return crypto_enum_errlist_crypto_cam[crypto_error_code % 600]; - } - + return_string = Crypto_Get_Error_Code_String(crypto_error_code, 610, crypto_enum_errlist_crypto_cam[crypto_error_code % 600]); } else if(crypto_error_code >= 500) // KMC Error Codes { - if(crypto_error_code > 515) - { - return CRYPTO_UNDEFINED_ERROR; - } - else - { - return crypto_enum_errlist_crypto_kmc[crypto_error_code % 500]; - } + return_string = Crypto_Get_Error_Code_String(crypto_error_code, 515, crypto_enum_errlist_crypto_kmc[crypto_error_code % 500]); } else if(crypto_error_code >= 400) // Crypto Interface Error Codes { - if(crypto_error_code > 402) - { - return CRYPTO_UNDEFINED_ERROR; - } - else - { - return crypto_enum_errlist_crypto_if[crypto_error_code % 400]; - } - + return_string = Crypto_Get_Error_Code_String(crypto_error_code, 402, crypto_enum_errlist_crypto_if[crypto_error_code % 400]); } else if(crypto_error_code >= 300) // SADB MariadDB Error Codes { - if(crypto_error_code > 303) - { - return CRYPTO_UNDEFINED_ERROR; - } - else - { - return crypto_enum_errlist_sa_mariadb[crypto_error_code % 300]; - } - + return_string = Crypto_Get_Error_Code_String(crypto_error_code, 303, crypto_enum_errlist_sa_mariadb[crypto_error_code % 300]); } else if(crypto_error_code >= 200) // SADB Interface Error Codes { - if(crypto_error_code > 201) - { - return CRYPTO_UNDEFINED_ERROR; - } - else - { - return crypto_enum_errlist_sa_if[crypto_error_code % 200]; - } + return_string = Crypto_Get_Error_Code_String(crypto_error_code, 201, crypto_enum_errlist_sa_if[crypto_error_code % 200]); } else if(crypto_error_code >= 100) // Configuration Error Codes { - if(crypto_error_code > 103) - { - return CRYPTO_UNDEFINED_ERROR; - } - else - { - return crypto_enum_errlist_config[crypto_error_code % 100]; - } - } - else if(crypto_error_code > 0) // Unused Error Codes 1-100 - { - return CRYPTO_UNDEFINED_ERROR; + return_string = Crypto_Get_Error_Code_String(crypto_error_code, 103, crypto_enum_errlist_config[crypto_error_code % 100]); } else if(crypto_error_code <= 0) // Cryptolib Core Error Codes { - if(crypto_error_code < -45) - { - return CRYPTO_UNDEFINED_ERROR; - } - else - { - return crypto_enum_errlist_core[(crypto_error_code * (-1))]; - } - } - else - { - return CRYPTO_UNDEFINED_ERROR; + return_string = Crypto_Get_Crypto_Error_Code_String(crypto_error_code, -45, crypto_enum_errlist_core[(crypto_error_code * (-1))]); } + return return_string; } \ No newline at end of file diff --git a/src/crypto/kmc/base64url.c b/src/crypto/kmc/base64url.c index 0092a2df..e1c53cc5 100644 --- a/src/crypto/kmc/base64url.c +++ b/src/crypto/kmc/base64url.c @@ -167,6 +167,40 @@ void base64urlEncode(const void* input, size_t inputLen, char_t* output, } +void base64urlDecode_rempadding(size_t inputLen, uint32_t value, size_t *n, uint8_t* p) +{ + //All trailing pad characters are omitted in Base64url + if((inputLen % 4) == 2) + { + //The last block contains only 1 byte + if(p != NULL) + { + //Decode the last byte + p[*n] = (value >> 4) & 0xFF; + } + + //Adjust the length of the decoded data + *n = *n + 1; + } + else if((inputLen % 4) == 3) + { + //The last block contains only 2 bytes + if(p != NULL) + { + //Decode the last two bytes + p[*n] = (value >> 10) & 0xFF; + p[*n + 1] = (value >> 2) & 0xFF; + } + + //Adjust the length of the decoded data + *n = *n + 2; + } + else + { + //No pad characters in this case + } +} + /** * @brief Base64url decoding algorithm * @param[in] input Base64url-encoded string @@ -252,36 +286,7 @@ int32_t base64urlDecode(const char_t* input, size_t inputLen, void* output, //Check status code if(!error) { - //All trailing pad characters are omitted in Base64url - if((inputLen % 4) == 2) - { - //The last block contains only 1 byte - if(p != NULL) - { - //Decode the last byte - p[n] = (value >> 4) & 0xFF; - } - - //Adjust the length of the decoded data - n++; - } - else if((inputLen % 4) == 3) - { - //The last block contains only 2 bytes - if(p != NULL) - { - //Decode the last two bytes - p[n] = (value >> 10) & 0xFF; - p[n + 1] = (value >> 2) & 0xFF; - } - - //Adjust the length of the decoded data - n += 2; - } - else - { - //No pad characters in this case - } + base64urlDecode_rempadding(inputLen,value, n, p); } //Total number of bytes that have been written From acb4f73940e64017ab8d20c3bc87eb290f001130 Mon Sep 17 00:00:00 2001 From: Robert Brown Date: Mon, 26 Feb 2024 13:24:28 -0500 Subject: [PATCH 003/174] Refactor get SA Service Type --- src/core/crypto_tc.c | 83 +++++++++++++++++++++++++++++++------------- 1 file changed, 58 insertions(+), 25 deletions(-) diff --git a/src/core/crypto_tc.c b/src/core/crypto_tc.c index 7fbec841..2fd57e5c 100644 --- a/src/core/crypto_tc.c +++ b/src/core/crypto_tc.c @@ -813,6 +813,38 @@ int32_t Crypto_TC_ProcessSecurity(uint8_t* ingest, int* len_ingest, TC_t* tc_sdl return Crypto_TC_ProcessSecurity_Cam(ingest, len_ingest, tc_sdls_processed_frame, NULL); } +int32_t Crypto_TC_Get_SA_Service_Type(uint8_t* sa_service_type, SecurityAssociation_t* sa_ptr) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + + if ((sa_ptr->est == 0) && (sa_ptr->ast == 0)) + { + *sa_service_type = SA_PLAINTEXT; + } + else if ((sa_ptr->est == 0) && (sa_ptr->ast == 1)) + { + *sa_service_type = SA_AUTHENTICATION; + } + else if ((sa_ptr->est == 1) && (sa_ptr->ast == 0)) + { + *sa_service_type = SA_ENCRYPTION; + } + else if ((sa_ptr->est == 1) && (sa_ptr->ast == 1)) + { + *sa_service_type = SA_AUTHENTICATED_ENCRYPTION; + } + else + { + // Probably unnecessary check + // Leaving for now as it would be cleaner in SA to have an association enum returned I believe + printf(KRED "Error: SA Service Type is not defined! \n" RESET); + status = CRYPTO_LIB_ERROR; + mc_if->mc_log(status); + return status; + } + return status; +} + /** * @brief Function: Crypto_TC_ProcessSecurity * Performs Authenticated decryption, decryption, and authentication @@ -928,31 +960,32 @@ int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t* ingest, int* len_ingest, TC_t* tc tc_sdls_processed_frame->tc_sec_trailer.mac_field_len = sa_ptr->stmacf_len; // Determine SA Service Type - if ((sa_ptr->est == 0) && (sa_ptr->ast == 0)) - { - sa_service_type = SA_PLAINTEXT; - } - else if ((sa_ptr->est == 0) && (sa_ptr->ast == 1)) - { - sa_service_type = SA_AUTHENTICATION; - } - else if ((sa_ptr->est == 1) && (sa_ptr->ast == 0)) - { - sa_service_type = SA_ENCRYPTION; - } - else if ((sa_ptr->est == 1) && (sa_ptr->ast == 1)) - { - sa_service_type = SA_AUTHENTICATED_ENCRYPTION; - } - else - { - // Probably unnecessary check - // Leaving for now as it would be cleaner in SA to have an association enum returned I believe - printf(KRED "Error: SA Service Type is not defined! \n" RESET); - status = CRYPTO_LIB_ERROR; - mc_if->mc_log(status); - return status; - } + Crypto_TC_Get_SA_Service_Type(&sa_service_type, sa_ptr); + // if ((sa_ptr->est == 0) && (sa_ptr->ast == 0)) + // { + // sa_service_type = SA_PLAINTEXT; + // } + // else if ((sa_ptr->est == 0) && (sa_ptr->ast == 1)) + // { + // sa_service_type = SA_AUTHENTICATION; + // } + // else if ((sa_ptr->est == 1) && (sa_ptr->ast == 0)) + // { + // sa_service_type = SA_ENCRYPTION; + // } + // else if ((sa_ptr->est == 1) && (sa_ptr->ast == 1)) + // { + // sa_service_type = SA_AUTHENTICATED_ENCRYPTION; + // } + // else + // { + // // Probably unnecessary check + // // Leaving for now as it would be cleaner in SA to have an association enum returned I believe + // printf(KRED "Error: SA Service Type is not defined! \n" RESET); + // status = CRYPTO_LIB_ERROR; + // mc_if->mc_log(status); + // return status; + // } // Determine Algorithm cipher & mode. // TODO - Parse authentication_cipher, and handle AEAD cases properly if (sa_service_type != SA_PLAINTEXT) { From f206784e0891d54e816479e478f584ff4cd8bc80 Mon Sep 17 00:00:00 2001 From: Robert Brown Date: Mon, 26 Feb 2024 13:25:46 -0500 Subject: [PATCH 004/174] Refactor get SA Service Type --- src/core/crypto_tc.c | 26 +------------------------- 1 file changed, 1 insertion(+), 25 deletions(-) diff --git a/src/core/crypto_tc.c b/src/core/crypto_tc.c index 2fd57e5c..f3dad6c7 100644 --- a/src/core/crypto_tc.c +++ b/src/core/crypto_tc.c @@ -961,31 +961,7 @@ int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t* ingest, int* len_ingest, TC_t* tc tc_sdls_processed_frame->tc_sec_trailer.mac_field_len = sa_ptr->stmacf_len; // Determine SA Service Type Crypto_TC_Get_SA_Service_Type(&sa_service_type, sa_ptr); - // if ((sa_ptr->est == 0) && (sa_ptr->ast == 0)) - // { - // sa_service_type = SA_PLAINTEXT; - // } - // else if ((sa_ptr->est == 0) && (sa_ptr->ast == 1)) - // { - // sa_service_type = SA_AUTHENTICATION; - // } - // else if ((sa_ptr->est == 1) && (sa_ptr->ast == 0)) - // { - // sa_service_type = SA_ENCRYPTION; - // } - // else if ((sa_ptr->est == 1) && (sa_ptr->ast == 1)) - // { - // sa_service_type = SA_AUTHENTICATED_ENCRYPTION; - // } - // else - // { - // // Probably unnecessary check - // // Leaving for now as it would be cleaner in SA to have an association enum returned I believe - // printf(KRED "Error: SA Service Type is not defined! \n" RESET); - // status = CRYPTO_LIB_ERROR; - // mc_if->mc_log(status); - // return status; - // } + // Determine Algorithm cipher & mode. // TODO - Parse authentication_cipher, and handle AEAD cases properly if (sa_service_type != SA_PLAINTEXT) { From c402e6d8f892b03ebe155c35768bafcf85808ac0 Mon Sep 17 00:00:00 2001 From: Robert Brown Date: Thu, 29 Feb 2024 15:00:16 -0500 Subject: [PATCH 005/174] WIP - Committing to migrate VMS --- include/crypto.h | 2 + src/core/crypto_tc.c | 475 ++++++++++++++++++++++++++----------------- 2 files changed, 292 insertions(+), 185 deletions(-) diff --git a/include/crypto.h b/include/crypto.h index a153b774..3c7807aa 100644 --- a/include/crypto.h +++ b/include/crypto.h @@ -108,6 +108,8 @@ extern int32_t Crypto_TM_ProcessSecurity(uint8_t* p_ingest, uint16_t len_ingest, // Advanced Orbiting Systems (AOS) extern int32_t Crypto_AOS_ApplySecurity(uint8_t* pTfBuffer); extern int32_t Crypto_AOS_ProcessSecurity(uint8_t* p_ingest, uint16_t len_ingest, uint8_t** pp_processed_frame, uint16_t* p_decrypted_length); +int32_t Crytpo_TC_Parse_MAC_Prep_AAD(uint8_t sa_service_type, TC_t* tc_sdls_processed_frame, uint8_t fecf_len, SecurityAssociation_t* sa_ptr, uint8_t* ingest, uint16_t* aad_len_p, uint8_t ecs_is_aead_algorithm, uint8_t segment_hdr_len, uint8_t* aad); + // Crypo Error Support Functions extern char* Crypto_Get_Error_Code_Enum_String(int32_t crypto_error_code); diff --git a/src/core/crypto_tc.c b/src/core/crypto_tc.c index f3dad6c7..b2dd088e 100644 --- a/src/core/crypto_tc.c +++ b/src/core/crypto_tc.c @@ -845,6 +845,236 @@ int32_t Crypto_TC_Get_SA_Service_Type(uint8_t* sa_service_type, SecurityAssociat return status; } +int32_t Crypto_TC_Parse_Check_FECF(uint8_t* ingest, int* len_ingest, TC_t* tc_sdls_processed_frame) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + if (current_managed_parameters->has_fecf == TC_HAS_FECF) + { + tc_sdls_processed_frame->tc_sec_trailer.fecf = (((ingest[tc_sdls_processed_frame->tc_header.fl - 1] << 8) & 0xFF00) | + (ingest[tc_sdls_processed_frame->tc_header.fl] & 0x00FF)); + + if (crypto_config.crypto_check_fecf == TC_CHECK_FECF_TRUE) + { + uint16_t received_fecf = tc_sdls_processed_frame->tc_sec_trailer.fecf; + // Calculate our own + uint16_t calculated_fecf = Crypto_Calc_FECF(ingest, *len_ingest - 2); + // Compare + if (received_fecf != calculated_fecf) + { +#ifdef DEBUG + printf("Received FECF is 0x%04X\n", received_fecf); + printf("Calculated FECF is 0x%04X\n", calculated_fecf); + printf("FECF was Calced over %d bytes\n", *len_ingest - 2); +#endif + status = CRYPTO_LIB_ERR_INVALID_FECF; + mc_if->mc_log(status); + return status; + } + } + } + return status; +} + +int32_t Crypto_TC_Nontransmitted_IV_Increment(SecurityAssociation_t* sa_ptr, TC_t* tc_sdls_processed_frame) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + + if (sa_ptr->shivf_len < sa_ptr->iv_len && + crypto_config.ignore_anti_replay == TC_IGNORE_ANTI_REPLAY_FALSE && + crypto_config.crypto_increment_nontransmitted_iv == SA_INCREMENT_NONTRANSMITTED_IV_TRUE) + { + status = crypto_handle_incrementing_nontransmitted_counter(tc_sdls_processed_frame->tc_sec_header.iv, sa_ptr->iv, sa_ptr->iv_len, sa_ptr->shivf_len, sa_ptr->arsnw); + if (status != CRYPTO_LIB_SUCCESS) + { + mc_if->mc_log(status); + return status; + } + } + else // Not checking IV ARSNW or only non-transmitted portion is static; Note, non-transmitted IV in SA must match frame or will fail MAC check. + { + // Retrieve non-transmitted portion of IV from SA (if applicable) + memcpy(tc_sdls_processed_frame->tc_sec_header.iv, sa_ptr->iv, sa_ptr->iv_len - sa_ptr->shivf_len); + } + return status; +} + +int32_t Crypto_TC_Nontransmitted_SN_Increment(SecurityAssociation_t* sa_ptr, TC_t* tc_sdls_processed_frame) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + if (sa_ptr->shsnf_len < sa_ptr->arsn_len && + crypto_config.ignore_anti_replay == TC_IGNORE_ANTI_REPLAY_FALSE) + { + status = crypto_handle_incrementing_nontransmitted_counter(tc_sdls_processed_frame->tc_sec_header.sn, sa_ptr->arsn, sa_ptr->arsn_len, sa_ptr->shsnf_len, sa_ptr->arsnw); + if (status != CRYPTO_LIB_SUCCESS) + { + mc_if->mc_log(status); + return status; + } + } + else // Not checking ARSN in ARSNW + { + // Parse non-transmitted portion of ARSN from SA + memcpy(tc_sdls_processed_frame->tc_sec_header.sn, sa_ptr->arsn, sa_ptr->arsn_len - sa_ptr->shsnf_len); + } + return status; +} + +// uint8_t* ingest, uint8_t sa_service_type, uint8_t segment_hdr_len, uint8_t ecs_is_aead_algorithm, uint8_t fecf_len, uint8_t* aad, uint16_t* aad_len, SecurityAssociation_t* sa_ptr, TC_t* tc_sdls_processed_frame +int32_t Crytpo_TC_Parse_MAC_Prep_AAD(uint8_t sa_service_type, TC_t* tc_sdls_processed_frame, uint8_t fecf_len, SecurityAssociation_t* sa_ptr, uint8_t* ingest, uint16_t* aad_len_p, uint8_t ecs_is_aead_algorithm, uint8_t segment_hdr_len, uint8_t* aad) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + uint16_t aad_len = 0; + if ((sa_service_type == SA_AUTHENTICATION) || (sa_service_type == SA_AUTHENTICATED_ENCRYPTION)) + { + uint16_t tc_mac_start_index = tc_sdls_processed_frame->tc_header.fl + 1 - fecf_len - sa_ptr->stmacf_len; + + // Parse the received MAC + memcpy((tc_sdls_processed_frame->tc_sec_trailer.mac), + &(ingest[tc_mac_start_index]), sa_ptr->stmacf_len); + + #ifdef DEBUG + printf("MAC Parsed from Frame:\n"); + Crypto_hexprint(tc_sdls_processed_frame->tc_sec_trailer.mac, sa_ptr->stmacf_len); + #endif + aad_len = tc_mac_start_index; + if ((sa_service_type == SA_AUTHENTICATED_ENCRYPTION) && (ecs_is_aead_algorithm == CRYPTO_TRUE)) + { + aad_len = TC_FRAME_HEADER_SIZE + segment_hdr_len + SPI_LEN + sa_ptr->shivf_len + sa_ptr->shsnf_len + + sa_ptr->shplf_len; + } + + printf("AAD LEN: %d\n", aad_len); + if (sa_ptr->abm_len < aad_len) + { + aad_len_p = &aad_len; + aad_len_p = aad_len_p; + aad = aad; + status = CRYPTO_LIB_ERR_ABM_TOO_SHORT_FOR_AAD; + mc_if->mc_log(status); + return status; + } + aad = Crypto_Prepare_TC_AAD(ingest, aad_len, sa_ptr->abm); + } + return status; +} + +int32_t Crypto_TC_Do_Decrypt(uint8_t sa_service_type, uint8_t ecs_is_aead_algorithm, crypto_key_t* ekp, SecurityAssociation_t* sa_ptr, uint8_t* aad, TC_t* tc_sdls_processed_frame, uint8_t* ingest, uint16_t tc_enc_payload_start_index, uint16_t aad_len, char* cam_cookies, crypto_key_t* akp, uint8_t segment_hdr_len) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + + if (sa_service_type != SA_PLAINTEXT && ecs_is_aead_algorithm == CRYPTO_TRUE) + { + // Check that key length to be used meets the algorithm requirement + if ((int32_t)ekp->key_len != Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs)) + { + if (!aad) free(aad); + status = CRYPTO_LIB_ERR_KEY_LENGTH_ERROR; + mc_if->mc_log(status); + return status; + } + + status = cryptography_if->cryptography_aead_decrypt( + tc_sdls_processed_frame->tc_pdu, // plaintext output + (size_t)(tc_sdls_processed_frame->tc_pdu_len), // length of data + &(ingest[tc_enc_payload_start_index]), // ciphertext input + (size_t)(tc_sdls_processed_frame->tc_pdu_len), // in data length + &(ekp->value[0]), // Key + Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs), // + sa_ptr, // SA for key reference + tc_sdls_processed_frame->tc_sec_header.iv, // IV + sa_ptr->iv_len, // IV Length + tc_sdls_processed_frame->tc_sec_trailer.mac, // Frame Expected Tag + sa_ptr->stmacf_len, // tag size + aad, // additional authenticated data + aad_len, // length of AAD + (sa_ptr->est), // Decryption Bool + (sa_ptr->ast), // Authentication Bool + (sa_ptr->ast), // AAD Bool + &sa_ptr->ecs, // encryption cipher + &sa_ptr->acs, // authentication cipher + cam_cookies // + ); + } + else if (sa_service_type != SA_PLAINTEXT && ecs_is_aead_algorithm == CRYPTO_FALSE) // Non aead algorithm + { + // TODO - implement non-AEAD algorithm logic + if (sa_service_type == SA_AUTHENTICATION || sa_service_type == SA_AUTHENTICATED_ENCRYPTION) + { + // Check that key length to be used ets the algorithm requirement + if ((int32_t)akp->key_len != Crypto_Get_ACS_Algo_Keylen(sa_ptr->acs)) + { + if (!aad) free(aad); + status = CRYPTO_LIB_ERR_KEY_LENGTH_ERROR; + mc_if->mc_log(status); + return status; + } + + status = cryptography_if->cryptography_validate_authentication( + tc_sdls_processed_frame->tc_pdu, // plaintext output + (size_t)(tc_sdls_processed_frame->tc_pdu_len), // length of data + &(ingest[tc_enc_payload_start_index]), // ciphertext input + (size_t)(tc_sdls_processed_frame->tc_pdu_len), // in data length + &(akp->value[0]), // Key + Crypto_Get_ACS_Algo_Keylen(sa_ptr->acs), // + sa_ptr, // SA for key reference + tc_sdls_processed_frame->tc_sec_header.iv, // IV + sa_ptr->iv_len, // IV Length + tc_sdls_processed_frame->tc_sec_trailer.mac, // Frame Expected Tag + sa_ptr->stmacf_len, // tag size + aad, // additional authenticated data + aad_len, // length of AAD + CRYPTO_CIPHER_NONE, // encryption cipher + sa_ptr->acs, // authentication cipher + cam_cookies // + ); + } + if (sa_service_type == SA_ENCRYPTION || sa_service_type == SA_AUTHENTICATED_ENCRYPTION) + { + // Check that key length to be used emets the algorithm requirement + if ((int32_t)ekp->key_len != Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs)) + { + if (!aad) free(aad); + status = CRYPTO_LIB_ERR_KEY_LENGTH_ERROR; + mc_if->mc_log(status); + return status; + } + + status = cryptography_if->cryptography_decrypt( + tc_sdls_processed_frame->tc_pdu, // plaintext output + (size_t)(tc_sdls_processed_frame->tc_pdu_len), // length of data + &(ingest[tc_enc_payload_start_index]), // ciphertext input + (size_t)(tc_sdls_processed_frame->tc_pdu_len), // in data length + &(ekp->value[0]), // Key + Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs), // + sa_ptr, // SA for key reference + tc_sdls_processed_frame->tc_sec_header.iv, // IV + sa_ptr->iv_len, // IV Length + &sa_ptr->ecs, // encryption cipher + &sa_ptr->acs, // authentication cipher + cam_cookies // + ); + + // Handle Padding Removal + if (sa_ptr->shplf_len != 0) + { + int padding_location = TC_FRAME_HEADER_SIZE + segment_hdr_len + SPI_LEN + sa_ptr->shivf_len + + sa_ptr->shsnf_len; + uint16_t padding_amount = 0; + // Get Padding Amount from ingest frame + padding_amount = (int)ingest[padding_location]; + // Remove Padding from final decrypted portion + tc_sdls_processed_frame->tc_pdu_len -= padding_amount; + } + } + } + else if (sa_service_type == SA_PLAINTEXT) + { + memcpy(tc_sdls_processed_frame->tc_pdu, &(ingest[tc_enc_payload_start_index]), + tc_sdls_processed_frame->tc_pdu_len); + } + return status; +} + /** * @brief Function: Crypto_TC_ProcessSecurity * Performs Authenticated decryption, decryption, and authentication @@ -857,6 +1087,7 @@ int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t* ingest, int* len_ingest, TC_t* tc // Loads the ingest frame into the global tc_frame while performing decryption { // Local Variables + cam_cookies = cam_cookies; int32_t status = CRYPTO_LIB_SUCCESS; SecurityAssociation_t* sa_ptr = NULL; uint8_t sa_service_type = -1; @@ -1000,51 +1231,18 @@ int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t* ingest, int* len_ingest, TC_t* tc } // Parse & Check FECF - if (current_managed_parameters->has_fecf == TC_HAS_FECF) - { - tc_sdls_processed_frame->tc_sec_trailer.fecf = (((ingest[tc_sdls_processed_frame->tc_header.fl - 1] << 8) & 0xFF00) | - (ingest[tc_sdls_processed_frame->tc_header.fl] & 0x00FF)); + Crypto_TC_Parse_Check_FECF(ingest, len_ingest, tc_sdls_processed_frame); - if (crypto_config.crypto_check_fecf == TC_CHECK_FECF_TRUE) - { - uint16_t received_fecf = tc_sdls_processed_frame->tc_sec_trailer.fecf; - // Calculate our own - uint16_t calculated_fecf = Crypto_Calc_FECF(ingest, *len_ingest - 2); - // Compare - if (received_fecf != calculated_fecf) - { -#ifdef DEBUG - printf("Received FECF is 0x%04X\n", received_fecf); - printf("Calculated FECF is 0x%04X\n", calculated_fecf); - printf("FECF was Calced over %d bytes\n", *len_ingest - 2); -#endif - status = CRYPTO_LIB_ERR_INVALID_FECF; - mc_if->mc_log(status); - return status; - } - } - } // Parse transmitted portion of IV from received frame (Will be Whole IV if iv_len==shivf_len) memcpy((tc_sdls_processed_frame->tc_sec_header.iv + (sa_ptr->iv_len - sa_ptr->shivf_len)), &(ingest[TC_FRAME_HEADER_SIZE + segment_hdr_len + SPI_LEN]), sa_ptr->shivf_len); // Handle non-transmitted IV increment case (transmitted-portion roll-over) - if (sa_ptr->shivf_len < sa_ptr->iv_len && - crypto_config.ignore_anti_replay == TC_IGNORE_ANTI_REPLAY_FALSE && - crypto_config.crypto_increment_nontransmitted_iv == SA_INCREMENT_NONTRANSMITTED_IV_TRUE) - { - status = crypto_handle_incrementing_nontransmitted_counter(tc_sdls_processed_frame->tc_sec_header.iv, sa_ptr->iv, sa_ptr->iv_len, sa_ptr->shivf_len, sa_ptr->arsnw); - if (status != CRYPTO_LIB_SUCCESS) - { - mc_if->mc_log(status); - return status; - } - } - else // Not checking IV ARSNW or only non-transmitted portion is static; Note, non-transmitted IV in SA must match frame or will fail MAC check. + status = Crypto_TC_Nontransmitted_IV_Increment(sa_ptr, tc_sdls_processed_frame); + if (status != CRYPTO_LIB_SUCCESS) { - // Retrieve non-transmitted portion of IV from SA (if applicable) - memcpy(tc_sdls_processed_frame->tc_sec_header.iv, sa_ptr->iv, sa_ptr->iv_len - sa_ptr->shivf_len); + return status; } #ifdef DEBUG @@ -1057,20 +1255,10 @@ int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t* ingest, int* len_ingest, TC_t* tc &(ingest[TC_FRAME_HEADER_SIZE + segment_hdr_len + SPI_LEN + sa_ptr->shivf_len]), sa_ptr->shsnf_len); // Handle non-transmitted SN increment case (transmitted-portion roll-over) - if (sa_ptr->shsnf_len < sa_ptr->arsn_len && - crypto_config.ignore_anti_replay == TC_IGNORE_ANTI_REPLAY_FALSE) - { - status = crypto_handle_incrementing_nontransmitted_counter(tc_sdls_processed_frame->tc_sec_header.sn, sa_ptr->arsn, sa_ptr->arsn_len, sa_ptr->shsnf_len, sa_ptr->arsnw); - if (status != CRYPTO_LIB_SUCCESS) - { - mc_if->mc_log(status); - return status; - } - } - else // Not checking ARSN in ARSNW + status = Crypto_TC_Nontransmitted_SN_Increment(sa_ptr, tc_sdls_processed_frame); + if (status != CRYPTO_LIB_SUCCESS) { - // Parse non-transmitted portion of ARSN from SA - memcpy(tc_sdls_processed_frame->tc_sec_header.sn, sa_ptr->arsn, sa_ptr->arsn_len - sa_ptr->shsnf_len); + return status; } #ifdef DEBUG @@ -1085,31 +1273,57 @@ int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t* ingest, int* len_ingest, TC_t* tc sa_ptr->shplf_len); // Parse MAC, prepare AAD - if ((sa_service_type == SA_AUTHENTICATION) || (sa_service_type == SA_AUTHENTICATED_ENCRYPTION)) - { - uint16_t tc_mac_start_index = tc_sdls_processed_frame->tc_header.fl + 1 - fecf_len - sa_ptr->stmacf_len; - - // Parse the received MAC - memcpy((tc_sdls_processed_frame->tc_sec_trailer.mac), - &(ingest[tc_mac_start_index]), sa_ptr->stmacf_len); -#ifdef DEBUG - printf("MAC Parsed from Frame:\n"); - Crypto_hexprint(tc_sdls_processed_frame->tc_sec_trailer.mac, sa_ptr->stmacf_len); -#endif - aad_len = tc_mac_start_index; - if ((sa_service_type == SA_AUTHENTICATED_ENCRYPTION) && (ecs_is_aead_algorithm == CRYPTO_TRUE)) - { - aad_len = TC_FRAME_HEADER_SIZE + segment_hdr_len + SPI_LEN + sa_ptr->shivf_len + sa_ptr->shsnf_len + - sa_ptr->shplf_len; - } - if (sa_ptr->abm_len < aad_len) - { - status = CRYPTO_LIB_ERR_ABM_TOO_SHORT_FOR_AAD; - mc_if->mc_log(status); - return status; - } - aad = Crypto_Prepare_TC_AAD(ingest, aad_len, sa_ptr->abm); - } + status = Crytpo_TC_Parse_MAC_Prep_AAD(sa_service_type, tc_sdls_processed_frame, fecf_len, sa_ptr, ingest, &aad_len, ecs_is_aead_algorithm, segment_hdr_len, aad); +// if ((sa_service_type == SA_AUTHENTICATION) || (sa_service_type == SA_AUTHENTICATED_ENCRYPTION)) +// { +// uint16_t tc_mac_start_index = tc_sdls_processed_frame->tc_header.fl + 1 - fecf_len - sa_ptr->stmacf_len; + +// // Parse the received MAC +// memcpy((tc_sdls_processed_frame->tc_sec_trailer.mac), +// &(ingest[tc_mac_start_index]), sa_ptr->stmacf_len); +// #ifdef DEBUG +// printf("MAC Parsed from Frame:\n"); +// Crypto_hexprint(tc_sdls_processed_frame->tc_sec_trailer.mac, sa_ptr->stmacf_len); +// #endif +// aad_len = tc_mac_start_index; +// if ((sa_service_type == SA_AUTHENTICATED_ENCRYPTION) && (ecs_is_aead_algorithm == CRYPTO_TRUE)) +// { +// aad_len = TC_FRAME_HEADER_SIZE + segment_hdr_len + SPI_LEN + sa_ptr->shivf_len + sa_ptr->shsnf_len + +// sa_ptr->shplf_len; +// } +// if (sa_ptr->abm_len < aad_len) +// { +// status = CRYPTO_LIB_ERR_ABM_TOO_SHORT_FOR_AAD; +// mc_if->mc_log(status); +// return status; +// } +// aad = Crypto_Prepare_TC_AAD(ingest, aad_len, sa_ptr->abm); +// } +// if ((sa_service_type == SA_AUTHENTICATION) || (sa_service_type == SA_AUTHENTICATED_ENCRYPTION)) +// { +// uint16_t tc_mac_start_index = tc_sdls_processed_frame->tc_header.fl + 1 - fecf_len - sa_ptr->stmacf_len; + +// // Parse the received MAC +// memcpy((tc_sdls_processed_frame->tc_sec_trailer.mac), +// &(ingest[tc_mac_start_index]), sa_ptr->stmacf_len); +// #ifdef DEBUG +// printf("MAC Parsed from Frame:\n"); +// Crypto_hexprint(tc_sdls_processed_frame->tc_sec_trailer.mac, sa_ptr->stmacf_len); +// #endif +// aad_len = tc_mac_start_index; +// if ((sa_service_type == SA_AUTHENTICATED_ENCRYPTION) && (ecs_is_aead_algorithm == CRYPTO_TRUE)) +// { +// aad_len = TC_FRAME_HEADER_SIZE + segment_hdr_len + SPI_LEN + sa_ptr->shivf_len + sa_ptr->shsnf_len + +// sa_ptr->shplf_len; +// } +// if (sa_ptr->abm_len < aad_len) +// { +// status = CRYPTO_LIB_ERR_ABM_TOO_SHORT_FOR_AAD; +// mc_if->mc_log(status); +// return status; +// } +// aad = Crypto_Prepare_TC_AAD(ingest, aad_len, sa_ptr->abm); +// } uint16_t tc_enc_payload_start_index = TC_FRAME_HEADER_SIZE + segment_hdr_len + SPI_LEN + sa_ptr->shivf_len + sa_ptr->shsnf_len + sa_ptr->shplf_len; @@ -1147,116 +1361,7 @@ int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t* ingest, int* len_ingest, TC_t* tc return status; } - if (sa_service_type != SA_PLAINTEXT && ecs_is_aead_algorithm == CRYPTO_TRUE) - { - // Check that key length to be used ets the algorithm requirement - if ((int32_t)ekp->key_len != Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs)) - { - if (!aad) free(aad); - status = CRYPTO_LIB_ERR_KEY_LENGTH_ERROR; - mc_if->mc_log(status); - return status; - } - - status = cryptography_if->cryptography_aead_decrypt( - tc_sdls_processed_frame->tc_pdu, // plaintext output - (size_t)(tc_sdls_processed_frame->tc_pdu_len), // length of data - &(ingest[tc_enc_payload_start_index]), // ciphertext input - (size_t)(tc_sdls_processed_frame->tc_pdu_len), // in data length - &(ekp->value[0]), // Key - Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs), // - sa_ptr, // SA for key reference - tc_sdls_processed_frame->tc_sec_header.iv, // IV - sa_ptr->iv_len, // IV Length - tc_sdls_processed_frame->tc_sec_trailer.mac, // Frame Expected Tag - sa_ptr->stmacf_len, // tag size - aad, // additional authenticated data - aad_len, // length of AAD - (sa_ptr->est), // Decryption Bool - (sa_ptr->ast), // Authentication Bool - (sa_ptr->ast), // AAD Bool - &sa_ptr->ecs, // encryption cipher - &sa_ptr->acs, // authentication cipher - cam_cookies // - ); - } - else if (sa_service_type != SA_PLAINTEXT && ecs_is_aead_algorithm == CRYPTO_FALSE) // Non aead algorithm - { - // TODO - implement non-AEAD algorithm logic - if (sa_service_type == SA_AUTHENTICATION || sa_service_type == SA_AUTHENTICATED_ENCRYPTION) - { - // Check that key length to be used ets the algorithm requirement - if ((int32_t)akp->key_len != Crypto_Get_ACS_Algo_Keylen(sa_ptr->acs)) - { - if (!aad) free(aad); - status = CRYPTO_LIB_ERR_KEY_LENGTH_ERROR; - mc_if->mc_log(status); - return status; - } - - status = cryptography_if->cryptography_validate_authentication( - tc_sdls_processed_frame->tc_pdu, // plaintext output - (size_t)(tc_sdls_processed_frame->tc_pdu_len), // length of data - &(ingest[tc_enc_payload_start_index]), // ciphertext input - (size_t)(tc_sdls_processed_frame->tc_pdu_len), // in data length - &(akp->value[0]), // Key - Crypto_Get_ACS_Algo_Keylen(sa_ptr->acs), // - sa_ptr, // SA for key reference - tc_sdls_processed_frame->tc_sec_header.iv, // IV - sa_ptr->iv_len, // IV Length - tc_sdls_processed_frame->tc_sec_trailer.mac, // Frame Expected Tag - sa_ptr->stmacf_len, // tag size - aad, // additional authenticated data - aad_len, // length of AAD - CRYPTO_CIPHER_NONE, // encryption cipher - sa_ptr->acs, // authentication cipher - cam_cookies // - ); - } - if (sa_service_type == SA_ENCRYPTION || sa_service_type == SA_AUTHENTICATED_ENCRYPTION) - { - // Check that key length to be used emets the algorithm requirement - if ((int32_t)ekp->key_len != Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs)) - { - if (!aad) free(aad); - status = CRYPTO_LIB_ERR_KEY_LENGTH_ERROR; - mc_if->mc_log(status); - return status; - } - - status = cryptography_if->cryptography_decrypt( - tc_sdls_processed_frame->tc_pdu, // plaintext output - (size_t)(tc_sdls_processed_frame->tc_pdu_len), // length of data - &(ingest[tc_enc_payload_start_index]), // ciphertext input - (size_t)(tc_sdls_processed_frame->tc_pdu_len), // in data length - &(ekp->value[0]), // Key - Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs), // - sa_ptr, // SA for key reference - tc_sdls_processed_frame->tc_sec_header.iv, // IV - sa_ptr->iv_len, // IV Length - &sa_ptr->ecs, // encryption cipher - &sa_ptr->acs, // authentication cipher - cam_cookies // - ); - - // Handle Padding Removal - if (sa_ptr->shplf_len != 0) - { - int padding_location = TC_FRAME_HEADER_SIZE + segment_hdr_len + SPI_LEN + sa_ptr->shivf_len + - sa_ptr->shsnf_len; - uint16_t padding_amount = 0; - // Get Padding Amount from ingest frame - padding_amount = (int)ingest[padding_location]; - // Remove Padding from final decrypted portion - tc_sdls_processed_frame->tc_pdu_len -= padding_amount; - } - } - } - else if (sa_service_type == SA_PLAINTEXT) - { - memcpy(tc_sdls_processed_frame->tc_pdu, &(ingest[tc_enc_payload_start_index]), - tc_sdls_processed_frame->tc_pdu_len); - } + status = Crypto_TC_Do_Decrypt(sa_service_type, ecs_is_aead_algorithm, ekp, sa_ptr, aad, tc_sdls_processed_frame, ingest, tc_enc_payload_start_index, aad_len, cam_cookies, akp, segment_hdr_len); if (status != CRYPTO_LIB_SUCCESS) { From ff72a58d420d984bebc656a211ef0d31ee6f334b Mon Sep 17 00:00:00 2001 From: Robert Brown Date: Tue, 5 Mar 2024 20:34:18 +0000 Subject: [PATCH 006/174] [nasa/cryptolib#196] TC_Process Refactor --- include/crypto.h | 1 - src/core/crypto_tc.c | 422 ++++++++++++++++++++++++------------------- 2 files changed, 236 insertions(+), 187 deletions(-) diff --git a/include/crypto.h b/include/crypto.h index 3c7807aa..212f2388 100644 --- a/include/crypto.h +++ b/include/crypto.h @@ -108,7 +108,6 @@ extern int32_t Crypto_TM_ProcessSecurity(uint8_t* p_ingest, uint16_t len_ingest, // Advanced Orbiting Systems (AOS) extern int32_t Crypto_AOS_ApplySecurity(uint8_t* pTfBuffer); extern int32_t Crypto_AOS_ProcessSecurity(uint8_t* p_ingest, uint16_t len_ingest, uint8_t** pp_processed_frame, uint16_t* p_decrypted_length); -int32_t Crytpo_TC_Parse_MAC_Prep_AAD(uint8_t sa_service_type, TC_t* tc_sdls_processed_frame, uint8_t fecf_len, SecurityAssociation_t* sa_ptr, uint8_t* ingest, uint16_t* aad_len_p, uint8_t ecs_is_aead_algorithm, uint8_t segment_hdr_len, uint8_t* aad); // Crypo Error Support Functions diff --git a/src/core/crypto_tc.c b/src/core/crypto_tc.c index b2dd088e..9f904c53 100644 --- a/src/core/crypto_tc.c +++ b/src/core/crypto_tc.c @@ -919,45 +919,33 @@ int32_t Crypto_TC_Nontransmitted_SN_Increment(SecurityAssociation_t* sa_ptr, TC_ return status; } -// uint8_t* ingest, uint8_t sa_service_type, uint8_t segment_hdr_len, uint8_t ecs_is_aead_algorithm, uint8_t fecf_len, uint8_t* aad, uint16_t* aad_len, SecurityAssociation_t* sa_ptr, TC_t* tc_sdls_processed_frame -int32_t Crytpo_TC_Parse_MAC_Prep_AAD(uint8_t sa_service_type, TC_t* tc_sdls_processed_frame, uint8_t fecf_len, SecurityAssociation_t* sa_ptr, uint8_t* ingest, uint16_t* aad_len_p, uint8_t ecs_is_aead_algorithm, uint8_t segment_hdr_len, uint8_t* aad) +int32_t Crypto_TC_Check_ACS_Keylen(crypto_key_t* akp, SecurityAssociation_t* sa_ptr) { int32_t status = CRYPTO_LIB_SUCCESS; - uint16_t aad_len = 0; - if ((sa_service_type == SA_AUTHENTICATION) || (sa_service_type == SA_AUTHENTICATED_ENCRYPTION)) + if ((int32_t)akp->key_len != Crypto_Get_ACS_Algo_Keylen(sa_ptr->acs)) { - uint16_t tc_mac_start_index = tc_sdls_processed_frame->tc_header.fl + 1 - fecf_len - sa_ptr->stmacf_len; - - // Parse the received MAC - memcpy((tc_sdls_processed_frame->tc_sec_trailer.mac), - &(ingest[tc_mac_start_index]), sa_ptr->stmacf_len); - - #ifdef DEBUG - printf("MAC Parsed from Frame:\n"); - Crypto_hexprint(tc_sdls_processed_frame->tc_sec_trailer.mac, sa_ptr->stmacf_len); - #endif - aad_len = tc_mac_start_index; - if ((sa_service_type == SA_AUTHENTICATED_ENCRYPTION) && (ecs_is_aead_algorithm == CRYPTO_TRUE)) - { - aad_len = TC_FRAME_HEADER_SIZE + segment_hdr_len + SPI_LEN + sa_ptr->shivf_len + sa_ptr->shsnf_len + - sa_ptr->shplf_len; - } - - printf("AAD LEN: %d\n", aad_len); - if (sa_ptr->abm_len < aad_len) - { - aad_len_p = &aad_len; - aad_len_p = aad_len_p; - aad = aad; - status = CRYPTO_LIB_ERR_ABM_TOO_SHORT_FOR_AAD; - mc_if->mc_log(status); - return status; - } - aad = Crypto_Prepare_TC_AAD(ingest, aad_len, sa_ptr->abm); + status = CRYPTO_LIB_ERR_KEY_LENGTH_ERROR; + mc_if->mc_log(status); } return status; } +int32_t Crypto_TC_Check_ECS_Keylen(crypto_key_t* ekp, SecurityAssociation_t* sa_ptr) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + if ((int32_t)ekp->key_len != Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs)) + { + status = CRYPTO_LIB_ERR_KEY_LENGTH_ERROR; + mc_if->mc_log(status); + } + return status; +} + +void Crypto_TC_Safe_Free_Ptr(uint8_t* ptr) +{ + if (!ptr) free(ptr); +} + int32_t Crypto_TC_Do_Decrypt(uint8_t sa_service_type, uint8_t ecs_is_aead_algorithm, crypto_key_t* ekp, SecurityAssociation_t* sa_ptr, uint8_t* aad, TC_t* tc_sdls_processed_frame, uint8_t* ingest, uint16_t tc_enc_payload_start_index, uint16_t aad_len, char* cam_cookies, crypto_key_t* akp, uint8_t segment_hdr_len) { int32_t status = CRYPTO_LIB_SUCCESS; @@ -965,11 +953,10 @@ int32_t Crypto_TC_Do_Decrypt(uint8_t sa_service_type, uint8_t ecs_is_aead_algori if (sa_service_type != SA_PLAINTEXT && ecs_is_aead_algorithm == CRYPTO_TRUE) { // Check that key length to be used meets the algorithm requirement - if ((int32_t)ekp->key_len != Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs)) - { - if (!aad) free(aad); - status = CRYPTO_LIB_ERR_KEY_LENGTH_ERROR; - mc_if->mc_log(status); + + status = Crypto_TC_Check_ECS_Keylen(ekp, sa_ptr); + if(status!= CRYPTO_LIB_SUCCESS){ + Crypto_TC_Safe_Free_Ptr(aad); return status; } @@ -1001,11 +988,10 @@ int32_t Crypto_TC_Do_Decrypt(uint8_t sa_service_type, uint8_t ecs_is_aead_algori if (sa_service_type == SA_AUTHENTICATION || sa_service_type == SA_AUTHENTICATED_ENCRYPTION) { // Check that key length to be used ets the algorithm requirement - if ((int32_t)akp->key_len != Crypto_Get_ACS_Algo_Keylen(sa_ptr->acs)) + status = Crypto_TC_Check_ACS_Keylen(akp, sa_ptr); + if(status!= CRYPTO_LIB_SUCCESS) { - if (!aad) free(aad); - status = CRYPTO_LIB_ERR_KEY_LENGTH_ERROR; - mc_if->mc_log(status); + Crypto_TC_Safe_Free_Ptr(aad); return status; } @@ -1033,7 +1019,7 @@ int32_t Crypto_TC_Do_Decrypt(uint8_t sa_service_type, uint8_t ecs_is_aead_algori // Check that key length to be used emets the algorithm requirement if ((int32_t)ekp->key_len != Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs)) { - if (!aad) free(aad); + Crypto_TC_Safe_Free_Ptr(aad); status = CRYPTO_LIB_ERR_KEY_LENGTH_ERROR; mc_if->mc_log(status); return status; @@ -1075,6 +1061,177 @@ int32_t Crypto_TC_Do_Decrypt(uint8_t sa_service_type, uint8_t ecs_is_aead_algori return status; } +int32_t Crypto_TC_Process_Sanity_Check(int* len_ingest) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + +#ifdef DEBUG + printf(KYEL "\n----- Crypto_TC_ProcessSecurity START -----\n" RESET); +#endif + + if ((mc_if == NULL) || (crypto_config.init_status == UNITIALIZED)) + { + printf(KRED "ERROR: CryptoLib Configuration Not Set! -- CRYPTO_LIB_ERR_NO_CONFIG, Will Exit\n" RESET); + status = CRYPTO_LIB_ERR_NO_CONFIG; + mc_if->mc_log(status); + return status; + } + if (*len_ingest < 5) // Frame length doesn't even have enough bytes for header -- error out. + { + status = CRYPTO_LIB_ERR_INPUT_FRAME_TOO_SHORT_FOR_TC_STANDARD; + mc_if->mc_log(status); + return status; + } + return status; +} + +int32_t Crypto_TC_Prep_AAD(TC_t* tc_sdls_processed_frame, uint8_t fecf_len, uint8_t sa_service_type, uint8_t ecs_is_aead_algorithm, uint16_t* aad_len, SecurityAssociation_t* sa_ptr, uint8_t segment_hdr_len, uint8_t* ingest, uint8_t** aad) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + uint16_t aad_len_temp = *aad_len; + + if ((sa_service_type == SA_AUTHENTICATION) || (sa_service_type == SA_AUTHENTICATED_ENCRYPTION)) + { + uint16_t tc_mac_start_index = tc_sdls_processed_frame->tc_header.fl + 1 - fecf_len - sa_ptr->stmacf_len; + + // Parse the received MAC + memcpy((tc_sdls_processed_frame->tc_sec_trailer.mac), + &(ingest[tc_mac_start_index]), sa_ptr->stmacf_len); +#ifdef DEBUG + printf("MAC Parsed from Frame:\n"); + Crypto_hexprint(tc_sdls_processed_frame->tc_sec_trailer.mac, sa_ptr->stmacf_len); +#endif + aad_len_temp = tc_mac_start_index; + + + if ((sa_service_type == SA_AUTHENTICATED_ENCRYPTION) && (ecs_is_aead_algorithm == CRYPTO_TRUE)) + { + aad_len_temp = TC_FRAME_HEADER_SIZE + segment_hdr_len + SPI_LEN + sa_ptr->shivf_len + sa_ptr->shsnf_len + + sa_ptr->shplf_len; + } + if (sa_ptr->abm_len < aad_len_temp) + { + status = CRYPTO_LIB_ERR_ABM_TOO_SHORT_FOR_AAD; + mc_if->mc_log(status); + return status; + } + *aad = Crypto_Prepare_TC_AAD(ingest, aad_len_temp, sa_ptr->abm); + *aad_len = aad_len_temp; + aad = aad; + } + return status; +} + +int32_t Crypto_TC_Get_Keys(crypto_key_t** ekp, crypto_key_t** akp, SecurityAssociation_t* sa_ptr) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + *ekp = key_if->get_key(sa_ptr->ekid); + if (ekp == NULL) + { + status = CRYPTO_LIB_ERR_KEY_ID_ERROR; + mc_if->mc_log(status); + return status; + } + + *akp = key_if->get_key(sa_ptr->akid); + if (akp == NULL) + { + status = CRYPTO_LIB_ERR_KEY_ID_ERROR; + mc_if->mc_log(status); + return status; + } + return status; +} + +int32_t Crypto_TC_Check_IV_ARSN(SecurityAssociation_t* sa_ptr,TC_t* tc_sdls_processed_frame) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + + if (crypto_config.ignore_anti_replay == TC_IGNORE_ANTI_REPLAY_FALSE && status == CRYPTO_LIB_SUCCESS) + { + status = Crypto_Check_Anti_Replay(sa_ptr, tc_sdls_processed_frame->tc_sec_header.sn, tc_sdls_processed_frame->tc_sec_header.iv); + + if (status != CRYPTO_LIB_SUCCESS) + { + mc_if->mc_log(status); + return status; + } + + // Only save the SA (IV/ARSN) if checking the anti-replay counter; Otherwise we don't update. + status = sa_if->sa_save_sa(sa_ptr); + if (status != CRYPTO_LIB_SUCCESS) + { + mc_if->mc_log(status); + return status; + } + } + else + { + if (crypto_config.sa_type == SA_TYPE_MARIADB) + { + if (sa_ptr->ek_ref != NULL) + free(sa_ptr->ek_ref); + free(sa_ptr); + } + } + return status; +} + +uint32_t Crypto_TC_Sanity_Validations(TC_t* tc_sdls_processed_frame, SecurityAssociation_t** sa_ptr) +{ + uint32_t status = CRYPTO_LIB_SUCCESS; + + status = sa_if->sa_get_from_spi(tc_sdls_processed_frame->tc_sec_header.spi, sa_ptr); + // If no valid SPI, return + if (status != CRYPTO_LIB_SUCCESS) + { + mc_if->mc_log(status); + return status; + } + // Try to assure SA is sane + status = crypto_tc_validate_sa(*sa_ptr); + if (status != CRYPTO_LIB_SUCCESS) + { + mc_if->mc_log(status); + return status; + } + + return status; +} + +void Crypto_TC_Get_Ciper_Mode(uint8_t sa_service_type, uint32_t* encryption_cipher, uint8_t* ecs_is_aead_algorithm, SecurityAssociation_t* sa_ptr) +{ + if (sa_service_type != SA_PLAINTEXT) + { + *encryption_cipher = sa_ptr->ecs; + *ecs_is_aead_algorithm = Crypto_Is_AEAD_Algorithm(*encryption_cipher); + } +} + +void Crypto_TC_Calc_Lengths(uint8_t* fecf_len, uint8_t* segment_hdr_len) +{ + if (current_managed_parameters->has_fecf == TC_NO_FECF) + { + *fecf_len = 0; + } + + if (current_managed_parameters->has_segmentation_hdr == TC_NO_SEGMENT_HDRS) + { + *segment_hdr_len = 0; + } +} + +void Crypto_TC_Set_Segment_Header(TC_t* tc_sdls_processed_frame, uint8_t* ingest, int* byte_idx) +{ + int byte_idx_tmp = *byte_idx; + if (current_managed_parameters->has_segmentation_hdr == TC_HAS_SEGMENT_HDRS) + { + tc_sdls_processed_frame->tc_sec_header.sh = (uint8_t)ingest[*byte_idx]; + byte_idx_tmp++; + } + *byte_idx = byte_idx_tmp; +} + /** * @brief Function: Crypto_TC_ProcessSecurity * Performs Authenticated decryption, decryption, and authentication @@ -1096,27 +1253,16 @@ int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t* ingest, int* len_ingest, TC_t* tc uint32_t encryption_cipher; uint8_t ecs_is_aead_algorithm = -1; crypto_key_t* ekp = NULL; + crypto_key_t* akp = NULL; - if ((mc_if == NULL) || (crypto_config.init_status == UNITIALIZED)) - { - printf(KRED "ERROR: CryptoLib Configuration Not Set! -- CRYPTO_LIB_ERR_NO_CONFIG, Will Exit\n" RESET); - status = CRYPTO_LIB_ERR_NO_CONFIG; - mc_if->mc_log(status); - return status; - } - -#ifdef DEBUG - printf(KYEL "\n----- Crypto_TC_ProcessSecurity START -----\n" RESET); -#endif + int byte_idx = 0; - if (*len_ingest < 5) // Frame length doesn't even have enough bytes for header -- error out. + status = Crypto_TC_Process_Sanity_Check(len_ingest); + if (status != CRYPTO_LIB_SUCCESS) { - status = CRYPTO_LIB_ERR_INPUT_FRAME_TOO_SHORT_FOR_TC_STANDARD; - mc_if->mc_log(status); return status; - } + } - int byte_idx = 0; // Primary Header tc_sdls_processed_frame->tc_header.tfvn = ((uint8_t)ingest[byte_idx] & 0xC0) >> 6; tc_sdls_processed_frame->tc_header.bypass = ((uint8_t)ingest[byte_idx] & 0x20) >> 5; @@ -1151,33 +1297,21 @@ int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t* ingest, int* len_ingest, TC_t* tc mc_if->mc_log(status); return status; } // Unable to get necessary Managed Parameters for TC TF -- return with error. + // Segment Header - if (current_managed_parameters->has_segmentation_hdr == TC_HAS_SEGMENT_HDRS) - { - tc_sdls_processed_frame->tc_sec_header.sh = (uint8_t)ingest[byte_idx]; - byte_idx++; - } + Crypto_TC_Set_Segment_Header(tc_sdls_processed_frame, ingest, &byte_idx); + // Security Header tc_sdls_processed_frame->tc_sec_header.spi = ((uint8_t)ingest[byte_idx] << 8) | (uint8_t)ingest[byte_idx + 1]; byte_idx += 2; + #ifdef TC_DEBUG printf("vcid = %d \n", tc_sdls_processed_frame->tc_header.vcid); printf("spi = %d \n", tc_sdls_processed_frame->tc_sec_header.spi); #endif - status = sa_if->sa_get_from_spi(tc_sdls_processed_frame->tc_sec_header.spi, &sa_ptr); - // If no valid SPI, return - if (status != CRYPTO_LIB_SUCCESS) - { - mc_if->mc_log(status); - return status; - } - // Try to assure SA is sane - status = crypto_tc_validate_sa(sa_ptr); - if (status != CRYPTO_LIB_SUCCESS) - { - mc_if->mc_log(status); - return status; - } + + status = Crypto_TC_Sanity_Validations(tc_sdls_processed_frame, &sa_ptr); + // Allocate the necessary byte arrays within the security header + trailer given the SA //tc_sdls_processed_frame->tc_sec_header.iv = calloc(1, sa_ptr->iv_len); //tc_sdls_processed_frame->tc_sec_header.sn = calloc(1, sa_ptr->arsn_len); @@ -1194,11 +1328,8 @@ int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t* ingest, int* len_ingest, TC_t* tc Crypto_TC_Get_SA_Service_Type(&sa_service_type, sa_ptr); // Determine Algorithm cipher & mode. // TODO - Parse authentication_cipher, and handle AEAD cases properly - if (sa_service_type != SA_PLAINTEXT) - { - encryption_cipher = sa_ptr->ecs; - ecs_is_aead_algorithm = Crypto_Is_AEAD_Algorithm(encryption_cipher); - } + Crypto_TC_Get_Ciper_Mode(sa_service_type, &encryption_cipher, &ecs_is_aead_algorithm, sa_ptr); + #ifdef TC_DEBUG switch (sa_service_type) { @@ -1219,16 +1350,9 @@ int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t* ingest, int* len_ingest, TC_t* tc // TODO: Calculate lengths when needed uint8_t fecf_len = FECF_SIZE; - if (current_managed_parameters->has_fecf == TC_NO_FECF) - { - fecf_len = 0; - } - uint8_t segment_hdr_len = TC_SEGMENT_HDR_SIZE; - if (current_managed_parameters->has_segmentation_hdr == TC_NO_SEGMENT_HDRS) - { - segment_hdr_len = 0; - } + + Crypto_TC_Calc_Lengths(&fecf_len, &segment_hdr_len); // Parse & Check FECF Crypto_TC_Parse_Check_FECF(ingest, len_ingest, tc_sdls_processed_frame); @@ -1273,57 +1397,14 @@ int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t* ingest, int* len_ingest, TC_t* tc sa_ptr->shplf_len); // Parse MAC, prepare AAD - status = Crytpo_TC_Parse_MAC_Prep_AAD(sa_service_type, tc_sdls_processed_frame, fecf_len, sa_ptr, ingest, &aad_len, ecs_is_aead_algorithm, segment_hdr_len, aad); -// if ((sa_service_type == SA_AUTHENTICATION) || (sa_service_type == SA_AUTHENTICATED_ENCRYPTION)) -// { -// uint16_t tc_mac_start_index = tc_sdls_processed_frame->tc_header.fl + 1 - fecf_len - sa_ptr->stmacf_len; - -// // Parse the received MAC -// memcpy((tc_sdls_processed_frame->tc_sec_trailer.mac), -// &(ingest[tc_mac_start_index]), sa_ptr->stmacf_len); -// #ifdef DEBUG -// printf("MAC Parsed from Frame:\n"); -// Crypto_hexprint(tc_sdls_processed_frame->tc_sec_trailer.mac, sa_ptr->stmacf_len); -// #endif -// aad_len = tc_mac_start_index; -// if ((sa_service_type == SA_AUTHENTICATED_ENCRYPTION) && (ecs_is_aead_algorithm == CRYPTO_TRUE)) -// { -// aad_len = TC_FRAME_HEADER_SIZE + segment_hdr_len + SPI_LEN + sa_ptr->shivf_len + sa_ptr->shsnf_len + -// sa_ptr->shplf_len; -// } -// if (sa_ptr->abm_len < aad_len) -// { -// status = CRYPTO_LIB_ERR_ABM_TOO_SHORT_FOR_AAD; -// mc_if->mc_log(status); -// return status; -// } -// aad = Crypto_Prepare_TC_AAD(ingest, aad_len, sa_ptr->abm); -// } -// if ((sa_service_type == SA_AUTHENTICATION) || (sa_service_type == SA_AUTHENTICATED_ENCRYPTION)) -// { -// uint16_t tc_mac_start_index = tc_sdls_processed_frame->tc_header.fl + 1 - fecf_len - sa_ptr->stmacf_len; - -// // Parse the received MAC -// memcpy((tc_sdls_processed_frame->tc_sec_trailer.mac), -// &(ingest[tc_mac_start_index]), sa_ptr->stmacf_len); -// #ifdef DEBUG -// printf("MAC Parsed from Frame:\n"); -// Crypto_hexprint(tc_sdls_processed_frame->tc_sec_trailer.mac, sa_ptr->stmacf_len); -// #endif -// aad_len = tc_mac_start_index; -// if ((sa_service_type == SA_AUTHENTICATED_ENCRYPTION) && (ecs_is_aead_algorithm == CRYPTO_TRUE)) -// { -// aad_len = TC_FRAME_HEADER_SIZE + segment_hdr_len + SPI_LEN + sa_ptr->shivf_len + sa_ptr->shsnf_len + -// sa_ptr->shplf_len; -// } -// if (sa_ptr->abm_len < aad_len) -// { -// status = CRYPTO_LIB_ERR_ABM_TOO_SHORT_FOR_AAD; -// mc_if->mc_log(status); -// return status; -// } -// aad = Crypto_Prepare_TC_AAD(ingest, aad_len, sa_ptr->abm); -// } + status = Crypto_TC_Prep_AAD(tc_sdls_processed_frame, fecf_len, sa_service_type, ecs_is_aead_algorithm, &aad_len, sa_ptr, segment_hdr_len, ingest, &aad); + + if(status != CRYPTO_LIB_SUCCESS) + { + mc_if->mc_log(status); + return status; + } + uint16_t tc_enc_payload_start_index = TC_FRAME_HEADER_SIZE + segment_hdr_len + SPI_LEN + sa_ptr->shivf_len + sa_ptr->shsnf_len + sa_ptr->shplf_len; @@ -1344,69 +1425,38 @@ int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t* ingest, int* len_ingest, TC_t* tc #endif /* Get Key */ - ekp = key_if->get_key(sa_ptr->ekid); - if (ekp == NULL) + status = Crypto_TC_Get_Keys(&ekp, &akp, sa_ptr); + if (status != CRYPTO_LIB_SUCCESS) { - status = CRYPTO_LIB_ERR_KEY_ID_ERROR; mc_if->mc_log(status); - return status; - } - - crypto_key_t* akp = NULL; - akp = key_if->get_key(sa_ptr->akid); - if (akp == NULL) - { - status = CRYPTO_LIB_ERR_KEY_ID_ERROR; - mc_if->mc_log(status); - return status; + return status; } status = Crypto_TC_Do_Decrypt(sa_service_type, ecs_is_aead_algorithm, ekp, sa_ptr, aad, tc_sdls_processed_frame, ingest, tc_enc_payload_start_index, aad_len, cam_cookies, akp, segment_hdr_len); - if (status != CRYPTO_LIB_SUCCESS) { - if (!aad) free(aad); + Crypto_TC_Safe_Free_Ptr(aad); mc_if->mc_log(status); return status; // Cryptography IF call failed, return. } // Now that MAC has been verified, check IV & ARSN if applicable - if (crypto_config.ignore_anti_replay == TC_IGNORE_ANTI_REPLAY_FALSE && status == CRYPTO_LIB_SUCCESS) - { - status = Crypto_Check_Anti_Replay(sa_ptr, tc_sdls_processed_frame->tc_sec_header.sn, tc_sdls_processed_frame->tc_sec_header.iv); - - if (status != CRYPTO_LIB_SUCCESS) - { - if (!aad) free(aad); - mc_if->mc_log(status); - return status; - } - - // Only save the SA (IV/ARSN) if checking the anti-replay counter; Otherwise we don't update. - status = sa_if->sa_save_sa(sa_ptr); - if (status != CRYPTO_LIB_SUCCESS) - { - if (!aad) free(aad); - mc_if->mc_log(status); - return status; - } - } - else + status = Crypto_TC_Check_IV_ARSN(sa_ptr, tc_sdls_processed_frame); + if (status != CRYPTO_LIB_SUCCESS) { - if (crypto_config.sa_type == SA_TYPE_MARIADB) - { - if (sa_ptr->ek_ref != NULL) - free(sa_ptr->ek_ref); - free(sa_ptr); - } + Crypto_TC_Safe_Free_Ptr(aad); + mc_if->mc_log(status); + return status; // Cryptography IF call failed, return. } - + // Extended PDU processing, if applicable if (status == CRYPTO_LIB_SUCCESS && crypto_config.process_sdls_pdus == TC_PROCESS_SDLS_PDUS_TRUE) { status = Crypto_Process_Extended_Procedure_Pdu(tc_sdls_processed_frame, ingest); } - if (!aad) free(aad); + + Crypto_TC_Safe_Free_Ptr(aad); + mc_if->mc_log(status); return status; } From 7bbcf782d57f55bdfc0ed319b4d4bbca8a8e6fb9 Mon Sep 17 00:00:00 2001 From: Robert Brown Date: Tue, 5 Mar 2024 20:48:05 +0000 Subject: [PATCH 007/174] [nasa/cryptolib#196] TC_Process Refactor Header prototype updates --- include/crypto.h | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/include/crypto.h b/include/crypto.h index 212f2388..a315a119 100644 --- a/include/crypto.h +++ b/include/crypto.h @@ -102,6 +102,24 @@ extern int32_t Crypto_TC_ProcessSecurity(uint8_t* ingest, int *len_ingest, TC_t* extern int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in_frame_length, uint8_t** pp_enc_frame, uint16_t* p_enc_frame_len, char* cam_cookies); extern int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t* ingest, int *len_ingest, TC_t* tc_sdls_processed_frame, char* cam_cookies); + +int32_t Crypto_TC_Get_SA_Service_Type(uint8_t* sa_service_type, SecurityAssociation_t* sa_ptr); +int32_t Crypto_TC_Parse_Check_FECF(uint8_t* ingest, int* len_ingest, TC_t* tc_sdls_processed_frame); +int32_t Crypto_TC_Nontransmitted_IV_Increment(SecurityAssociation_t* sa_ptr, TC_t* tc_sdls_processed_frame); +int32_t Crypto_TC_Nontransmitted_SN_Increment(SecurityAssociation_t* sa_ptr, TC_t* tc_sdls_processed_frame); +int32_t Crypto_TC_Check_ACS_Keylen(crypto_key_t* akp, SecurityAssociation_t* sa_ptr); +int32_t Crypto_TC_Check_ECS_Keylen(crypto_key_t* ekp, SecurityAssociation_t* sa_ptr); +void Crypto_TC_Safe_Free_Ptr(uint8_t* ptr); +int32_t Crypto_TC_Do_Decrypt(uint8_t sa_service_type, uint8_t ecs_is_aead_algorithm, crypto_key_t* ekp, SecurityAssociation_t* sa_ptr, uint8_t* aad, TC_t* tc_sdls_processed_frame, uint8_t* ingest, uint16_t tc_enc_payload_start_index, uint16_t aad_len, char* cam_cookies, crypto_key_t* akp, uint8_t segment_hdr_len); +int32_t Crypto_TC_Process_Sanity_Check(int* len_ingest); +int32_t Crypto_TC_Prep_AAD(TC_t* tc_sdls_processed_frame, uint8_t fecf_len, uint8_t sa_service_type, uint8_t ecs_is_aead_algorithm, uint16_t* aad_len, SecurityAssociation_t* sa_ptr, uint8_t segment_hdr_len, uint8_t* ingest, uint8_t** aad); +int32_t Crypto_TC_Get_Keys(crypto_key_t** ekp, crypto_key_t** akp, SecurityAssociation_t* sa_ptr); +int32_t Crypto_TC_Check_IV_ARSN(SecurityAssociation_t* sa_ptr,TC_t* tc_sdls_processed_frame); +uint32_t Crypto_TC_Sanity_Validations(TC_t* tc_sdls_processed_frame, SecurityAssociation_t** sa_ptr); +void Crypto_TC_Get_Ciper_Mode(uint8_t sa_service_type, uint32_t* encryption_cipher, uint8_t* ecs_is_aead_algorithm, SecurityAssociation_t* sa_ptr); +void Crypto_TC_Calc_Lengths(uint8_t* fecf_len, uint8_t* segment_hdr_len); +void Crypto_TC_Set_Segment_Header(TC_t* tc_sdls_processed_frame, uint8_t* ingest, int* byte_idx); + // Telemetry (TM) extern int32_t Crypto_TM_ApplySecurity(uint8_t* pTfBuffer); extern int32_t Crypto_TM_ProcessSecurity(uint8_t* p_ingest, uint16_t len_ingest, uint8_t** pp_processed_frame, uint16_t *p_decrypted_length); From 18c6a76e4aba350793c1f5709df0b71b8d7f6b21 Mon Sep 17 00:00:00 2001 From: Robert Brown Date: Wed, 6 Mar 2024 19:28:15 +0000 Subject: [PATCH 008/174] [nasa/cryptolib#196] WIP: TC_Apply Refactor Refactor and Fix for Status Return - Unknow SA Service Type --- include/crypto.h | 2 +- include/crypto_error.h | 1 + src/core/crypto_error.c | 1 + src/core/crypto_tc.c | 1137 ++++++++++++++++++++------------------- 4 files changed, 587 insertions(+), 554 deletions(-) diff --git a/include/crypto.h b/include/crypto.h index a315a119..242b4d4e 100644 --- a/include/crypto.h +++ b/include/crypto.h @@ -116,7 +116,7 @@ int32_t Crypto_TC_Prep_AAD(TC_t* tc_sdls_processed_frame, uint8_t fecf_len, uin int32_t Crypto_TC_Get_Keys(crypto_key_t** ekp, crypto_key_t** akp, SecurityAssociation_t* sa_ptr); int32_t Crypto_TC_Check_IV_ARSN(SecurityAssociation_t* sa_ptr,TC_t* tc_sdls_processed_frame); uint32_t Crypto_TC_Sanity_Validations(TC_t* tc_sdls_processed_frame, SecurityAssociation_t** sa_ptr); -void Crypto_TC_Get_Ciper_Mode(uint8_t sa_service_type, uint32_t* encryption_cipher, uint8_t* ecs_is_aead_algorithm, SecurityAssociation_t* sa_ptr); +void Crypto_TC_Get_Ciper_Mode_TCP(uint8_t sa_service_type, uint32_t* encryption_cipher, uint8_t* ecs_is_aead_algorithm, SecurityAssociation_t* sa_ptr); void Crypto_TC_Calc_Lengths(uint8_t* fecf_len, uint8_t* segment_hdr_len); void Crypto_TC_Set_Segment_Header(TC_t* tc_sdls_processed_frame, uint8_t* ingest, int* byte_idx); diff --git a/include/crypto_error.h b/include/crypto_error.h index 7d29a751..63e0c71d 100644 --- a/include/crypto_error.h +++ b/include/crypto_error.h @@ -120,6 +120,7 @@ #define CRYPTO_LIB_ERR_MC_INIT (-48) #define CRYPTO_LIB_ERR_INPUT_FRAME_TOO_SHORT_FOR_AOS_STANDARD (-49) #define CRYPTO_LIB_ERR_TC_ENUM_USED_FOR_AOS_CONFIG (-50) +#define CRYPTO_LIB_ERR_INVALID_SA_SERVICE_TYPE (-51) extern char *crypto_enum_errlist_core[]; extern char *crypto_enum_errlist_config[]; diff --git a/src/core/crypto_error.c b/src/core/crypto_error.c index a211ea4d..fabb78dc 100644 --- a/src/core/crypto_error.c +++ b/src/core/crypto_error.c @@ -72,6 +72,7 @@ char *crypto_enum_errlist_core[] = (char*) "CRYPTO_LIB_ERR_MC_INIT", (char*) "CRYPTO_LIB_ERR_INPUT_FRAME_TOO_SHORT_FOR_AOS_STANDARD", (char*) "CRYPTO_LIB_ERR_TC_ENUM_USED_FOR_AOS_CONFIG", + (char*) "CRYPTO_LIB_ERR_INVALID_SA_SERVICE_TYPE", }; char *crypto_enum_errlist_config[] = diff --git a/src/core/crypto_tc.c b/src/core/crypto_tc.c index 9f904c53..a40889cb 100644 --- a/src/core/crypto_tc.c +++ b/src/core/crypto_tc.c @@ -27,6 +27,136 @@ static int32_t crypto_tc_validate_sa(SecurityAssociation_t* sa); static int32_t crypto_handle_incrementing_nontransmitted_counter(uint8_t* dest, uint8_t* src, int src_full_len, int transmitted_len, int window); + +int32_t Crypto_TC_Get_SA_Service_Type(uint8_t* sa_service_type, SecurityAssociation_t* sa_ptr) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + + if ((sa_ptr->est == 0) && (sa_ptr->ast == 0)) + { + *sa_service_type = SA_PLAINTEXT; + } + else if ((sa_ptr->est == 0) && (sa_ptr->ast == 1)) + { + *sa_service_type = SA_AUTHENTICATION; + } + else if ((sa_ptr->est == 1) && (sa_ptr->ast == 0)) + { + *sa_service_type = SA_ENCRYPTION; + } + else if ((sa_ptr->est == 1) && (sa_ptr->ast == 1)) + { + *sa_service_type = SA_AUTHENTICATED_ENCRYPTION; + } + else + { + // Probably unnecessary check + // Leaving for now as it would be cleaner in SA to have an association enum returned I believe + printf(KRED "Error: SA Service Type is not defined! \n" RESET); + status = CRYPTO_LIB_ERROR; + mc_if->mc_log(status); + return status; + } + return status; +} + + +int32_t Crypto_TC_Get_Ciper_Mode_TCA(uint8_t sa_service_type, uint32_t* encryption_cipher, uint8_t* ecs_is_aead_algorithm, SecurityAssociation_t* sa_ptr) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + + if (sa_service_type != SA_PLAINTEXT) + { + if (sa_ptr->ecs != CRYPTO_CIPHER_NONE) + { + *encryption_cipher = sa_ptr->ecs; +#ifdef TC_DEBUG + printf(KYEL "SA Encryption Cipher: %d\n", *encryption_cipher); +#endif + } + // If no pointer, must not be using ECS at all + else + { + *encryption_cipher = CRYPTO_CIPHER_NONE; + } + *ecs_is_aead_algorithm = Crypto_Is_AEAD_Algorithm(*encryption_cipher); + } + + if (*encryption_cipher == CRYPTO_CIPHER_NONE && sa_ptr->est == 1) + { + status = CRYPTO_LIB_ERR_NO_ECS_SET_FOR_ENCRYPTION_MODE; + mc_if->mc_log(status); + } + return status; +} + +int32_t Crypto_TC_Check_CMD_Frame_Flag(uint8_t header_cc) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + + if ((header_cc == 1) && (status == CRYPTO_LIB_SUCCESS)) + { +/* +** CCSDS 232.0-B-3 +** Section 6.3.1 +** "Type-C frames do not have the Security Header and Security Trailer." +*/ +#ifdef TC_DEBUG + printf(KYEL "DEBUG - Received Control/Command frame - nothing to do.\n" RESET); +#endif + status = CRYPTO_LIB_ERR_INVALID_CC_FLAG; + mc_if->mc_log(status); + } + return status; +} + +int32_t Crypto_TC_Validate_SA_Service_Type(uint8_t sa_service_type) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + + if ((sa_service_type != SA_PLAINTEXT) && (sa_service_type != SA_AUTHENTICATED_ENCRYPTION) && (sa_service_type != SA_ENCRYPTION) && (sa_service_type != SA_AUTHENTICATION)) + { + printf(KRED "Unknown SA Service Type Detected!\n" RESET); + status = CRYPTO_LIB_ERR_INVALID_SA_SERVICE_TYPE; + } + return status; +} + +int32_t Crypto_TC_Handle_Enc_Padding(uint8_t sa_service_type, uint32_t* pkcs_padding, uint16_t* p_enc_frame_len, uint16_t* new_enc_frame_header_field_length, uint16_t tf_payload_len, SecurityAssociation_t* sa_ptr) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + if (sa_service_type == SA_ENCRYPTION) + { + // Handle Padding, if necessary + if (sa_ptr->ecs == CRYPTO_CIPHER_AES256_CBC) + { + *pkcs_padding = tf_payload_len % TC_BLOCK_SIZE; // Block Sizes of 16 + + *pkcs_padding = TC_BLOCK_SIZE - *pkcs_padding; // Could potentially need 16 bytes of padding. + + *p_enc_frame_len += *pkcs_padding; // Add the necessary padding to the frame_len + new pad length field + + *new_enc_frame_header_field_length = (*p_enc_frame_len) - 1; +#ifdef DEBUG + + printf("SHPLF_LEN: %d\n", sa_ptr->shplf_len); + printf("Padding Needed: %d\n", *pkcs_padding); + printf("Previous data_len: %d\n", tf_payload_len); + printf("New data_len: %d\n", (tf_payload_len + *pkcs_padding)); + printf("New enc_frame_len: %d\n", (*p_enc_frame_len)); +#endif + // Don't Exceed Max Frame Size! 1024 + if (*p_enc_frame_len > TC_MAX_FRAME_SIZE) + { + status = CRYPTO_LIB_ERR_TC_FRAME_SIZE_EXCEEDS_SPEC_LIMIT; + mc_if->mc_log(status); + } + } + } + return status; +} + + /** * @brief Function: Crypto_TC_ApplySecurity * Applies Security to incoming frame. Encryption, Authentication, and Authenticated Encryption @@ -150,644 +280,577 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in } // Check if command frame flag set - if ((temp_tc_header.cc == 1) && (status == CRYPTO_LIB_SUCCESS)) + status = Crypto_TC_Check_CMD_Frame_Flag(temp_tc_header.cc); + if (status != CRYPTO_LIB_SUCCESS) { -/* -** CCSDS 232.0-B-3 -** Section 6.3.1 -** "Type-C frames do not have the Security Header and Security Trailer." -*/ -#ifdef TC_DEBUG - printf(KYEL "DEBUG - Received Control/Command frame - nothing to do.\n" RESET); -#endif - status = CRYPTO_LIB_ERR_INVALID_CC_FLAG; mc_if->mc_log(status); return status; } - if (status == CRYPTO_LIB_SUCCESS) + status = sa_if->sa_get_operational_sa_from_gvcid(temp_tc_header.tfvn, temp_tc_header.scid, + temp_tc_header.vcid, map_id, &sa_ptr); + // If unable to get operational SA, can return + if (status != CRYPTO_LIB_SUCCESS) { - status = sa_if->sa_get_operational_sa_from_gvcid(temp_tc_header.tfvn, temp_tc_header.scid, - temp_tc_header.vcid, map_id, &sa_ptr); - // If unable to get operational SA, can return - if (status != CRYPTO_LIB_SUCCESS) - { - mc_if->mc_log(status); - return status; - } + mc_if->mc_log(status); + return status; + } - // Try to assure SA is sane - status = crypto_tc_validate_sa(sa_ptr); - if (status != CRYPTO_LIB_SUCCESS) - { - mc_if->mc_log(status); - return status; - } + // Try to assure SA is sane + status = crypto_tc_validate_sa(sa_ptr); + if (status != CRYPTO_LIB_SUCCESS) + { + mc_if->mc_log(status); + return status; + } #ifdef SA_DEBUG - printf(KYEL "DEBUG - Printing SA Entry for current frame.\n" RESET); - Crypto_saPrint(sa_ptr); + printf(KYEL "DEBUG - Printing SA Entry for current frame.\n" RESET); + Crypto_saPrint(sa_ptr); #endif - // Determine SA Service Type - if ((sa_ptr->est == 0) && (sa_ptr->ast == 0)) - { - sa_service_type = SA_PLAINTEXT; - } - else if ((sa_ptr->est == 0) && (sa_ptr->ast == 1)) - { - sa_service_type = SA_AUTHENTICATION; - } - else if ((sa_ptr->est == 1) && (sa_ptr->ast == 0)) - { - sa_service_type = SA_ENCRYPTION; - } - else if ((sa_ptr->est == 1) && (sa_ptr->ast == 1)) - { - sa_service_type = SA_AUTHENTICATED_ENCRYPTION; - } - else - { - // Probably unnecessary check - // Leaving for now as it would be cleaner in SA to have an association enum returned I believe - printf(KRED "Error: SA Service Type is not defined! \n" RESET); - status = CRYPTO_LIB_ERROR; - mc_if->mc_log(status); - return status; - } - - // Determine Algorithm cipher & mode. // TODO - Parse authentication_cipher, and handle AEAD cases properly - if (sa_service_type != SA_PLAINTEXT) - { - if (sa_ptr->ecs != CRYPTO_CIPHER_NONE) - { - encryption_cipher = sa_ptr->ecs; -#ifdef TC_DEBUG - printf(KYEL "SA Encryption Cipher: %d\n", encryption_cipher); -#endif - } - // If no pointer, must not be using ECS at all - else - { - encryption_cipher = CRYPTO_CIPHER_NONE; - } - ecs_is_aead_algorithm = Crypto_Is_AEAD_Algorithm(encryption_cipher); - } + // Determine SA Service Type + status = Crypto_TC_Get_SA_Service_Type(&sa_service_type, sa_ptr); + if(status != CRYPTO_LIB_SUCCESS) + { + mc_if->mc_log(status); + return status; + } - if (encryption_cipher == CRYPTO_CIPHER_NONE && sa_ptr->est == 1) - { - status = CRYPTO_LIB_ERR_NO_ECS_SET_FOR_ENCRYPTION_MODE; - mc_if->mc_log(status); - return status; - } + // Determine Algorithm cipher & mode. // TODO - Parse authentication_cipher, and handle AEAD cases properly + status = Crypto_TC_Get_Ciper_Mode_TCA(sa_service_type, &encryption_cipher, &ecs_is_aead_algorithm, sa_ptr); + if(status != CRYPTO_LIB_SUCCESS) + { + mc_if->mc_log(status); + return status; + } #ifdef TC_DEBUG - switch (sa_service_type) - { - case SA_PLAINTEXT: - printf(KBLU "Creating a TC - CLEAR!\n" RESET); - break; - case SA_AUTHENTICATION: - printf(KBLU "Creating a TC - AUTHENTICATED!\n" RESET); - break; - case SA_ENCRYPTION: - printf(KBLU "Creating a TC - ENCRYPTED!\n" RESET); - break; - case SA_AUTHENTICATED_ENCRYPTION: - printf(KBLU "Creating a TC - AUTHENTICATED ENCRYPTION!\n" RESET); - break; - } + switch (sa_service_type) + { + case SA_PLAINTEXT: + printf(KBLU "Creating a TC - CLEAR!\n" RESET); + break; + case SA_AUTHENTICATION: + printf(KBLU "Creating a TC - AUTHENTICATED!\n" RESET); + break; + case SA_ENCRYPTION: + printf(KBLU "Creating a TC - ENCRYPTED!\n" RESET); + break; + case SA_AUTHENTICATED_ENCRYPTION: + printf(KBLU "Creating a TC - AUTHENTICATED ENCRYPTION!\n" RESET); + break; + } #endif - // Determine if segment header exists - uint8_t segment_hdr_len = TC_SEGMENT_HDR_SIZE; - if (current_managed_parameters->has_segmentation_hdr == TC_NO_SEGMENT_HDRS) - { - segment_hdr_len = 0; - } - - // Determine if FECF exists - uint8_t fecf_len = FECF_SIZE; - if (current_managed_parameters->has_fecf == TC_NO_FECF) - { - fecf_len = 0; - } - - // Calculate tf_payload length here to be used in other logic - tf_payload_len = temp_tc_header.fl - TC_FRAME_HEADER_SIZE - segment_hdr_len - fecf_len + 1; - - /** - * A note on plaintext: Take a permissive approach to allow the lengths of fields that aren't going to be used. - * The 355.0-B-2 (July 2022) says the following in $4.2.2.4: - * 'It is possible to create a ‘clear mode’ SA using one of the defined service types by - specifying the algorithm as a ‘no-op’ function (no actual cryptographic operation to - be performed). Such an SA might be used, for example, during development - testing of other aspects of data link processing before cryptographic capabilities are - available for integrated testing.In this scenario, the Security Header and Trailer - field lengths are kept constant across all supported configurations. For security - reasons, the use of such an SA is not recommended in normal operation.' - */ - - // Calculate frame lengths based on SA fields - *p_enc_frame_len = temp_tc_header.fl + 1 + 2 + sa_ptr->shivf_len + sa_ptr->shsnf_len + sa_ptr->shplf_len + sa_ptr->stmacf_len; - new_enc_frame_header_field_length = (*p_enc_frame_len) - 1; - - if (sa_service_type == SA_ENCRYPTION) - { - // Handle Padding, if necessary - if (sa_ptr->ecs == CRYPTO_CIPHER_AES256_CBC) - { - pkcs_padding = tf_payload_len % TC_BLOCK_SIZE; // Block Sizes of 16 - - pkcs_padding = TC_BLOCK_SIZE - pkcs_padding; // Could potentially need 16 bytes of padding. - - *p_enc_frame_len += pkcs_padding; // Add the necessary padding to the frame_len + new pad length field + // Determine if segment header exists + uint8_t segment_hdr_len = TC_SEGMENT_HDR_SIZE; + if (current_managed_parameters->has_segmentation_hdr == TC_NO_SEGMENT_HDRS) + { + segment_hdr_len = 0; + } - new_enc_frame_header_field_length = (*p_enc_frame_len) - 1; -#ifdef DEBUG + // Determine if FECF exists + uint8_t fecf_len = FECF_SIZE; + if (current_managed_parameters->has_fecf == TC_NO_FECF) + { + fecf_len = 0; + } - printf("SHPLF_LEN: %d\n", sa_ptr->shplf_len); - printf("Padding Needed: %d\n", pkcs_padding); - printf("Previous data_len: %d\n", tf_payload_len); - printf("New data_len: %d\n", (tf_payload_len + pkcs_padding)); - printf("New enc_frame_len: %d\n", (*p_enc_frame_len)); -#endif - // Don't Exceed Max Frame Size! 1024 - if (*p_enc_frame_len > TC_MAX_FRAME_SIZE) - { - status = CRYPTO_LIB_ERR_TC_FRAME_SIZE_EXCEEDS_SPEC_LIMIT; - mc_if->mc_log(status); - return status; - } - } - } + // Calculate tf_payload length here to be used in other logic + tf_payload_len = temp_tc_header.fl - TC_FRAME_HEADER_SIZE - segment_hdr_len - fecf_len + 1; + + /** + * A note on plaintext: Take a permissive approach to allow the lengths of fields that aren't going to be used. + * The 355.0-B-2 (July 2022) says the following in $4.2.2.4: + * 'It is possible to create a ‘clear mode’ SA using one of the defined service types by + specifying the algorithm as a ‘no-op’ function (no actual cryptographic operation to + be performed). Such an SA might be used, for example, during development + testing of other aspects of data link processing before cryptographic capabilities are + available for integrated testing.In this scenario, the Security Header and Trailer + field lengths are kept constant across all supported configurations. For security + reasons, the use of such an SA is not recommended in normal operation.' + */ + + // Calculate frame lengths based on SA fields + *p_enc_frame_len = temp_tc_header.fl + 1 + 2 + sa_ptr->shivf_len + sa_ptr->shsnf_len + sa_ptr->shplf_len + sa_ptr->stmacf_len; + new_enc_frame_header_field_length = (*p_enc_frame_len) - 1; + + status = Crypto_TC_Handle_Enc_Padding(sa_service_type, &pkcs_padding, p_enc_frame_len, &new_enc_frame_header_field_length, tf_payload_len, sa_ptr); + if(status != CRYPTO_LIB_SUCCESS) + { + mc_if->mc_log(status); + return status; + } - if (sa_service_type != (SA_PLAINTEXT || SA_AUTHENTICATED_ENCRYPTION || SA_ENCRYPTION || SA_AUTHENTICATION)) - { - printf(KRED "Unknown SA Service Type Detected!" RESET); - } + status = Crypto_TC_Validate_SA_Service_Type(sa_service_type); + if(status != CRYPTO_LIB_SUCCESS) + { + mc_if->mc_log(status); + return status; + } - // Ensure the frame to be created will not violate managed parameter maximum length - if (*p_enc_frame_len > current_managed_parameters->max_frame_size) - { + // Ensure the frame to be created will not violate managed parameter maximum length + if (*p_enc_frame_len > current_managed_parameters->max_frame_size) + { #ifdef DEBUG - printf("Managed length is: %d\n", current_managed_parameters->max_frame_size); - printf("New enc frame length will be: %d\n", *p_enc_frame_len); + printf("Managed length is: %d\n", current_managed_parameters->max_frame_size); + printf("New enc frame length will be: %d\n", *p_enc_frame_len); #endif - printf(KRED "Error: New frame would violate maximum tc frame managed parameter! \n" RESET); - status = CRYPTO_LIB_ERR_TC_FRAME_SIZE_EXCEEDS_MANAGED_PARAM_MAX_LIMIT; - mc_if->mc_log(status); - return status; - } - // Ensure the frame to be created will not violate spec max length - if (*p_enc_frame_len > 1024) - { - printf(KRED "Error: New frame would violate specification max TC frame size! \n" RESET); - status = CRYPTO_LIB_ERR_TC_FRAME_SIZE_EXCEEDS_SPEC_LIMIT; - mc_if->mc_log(status); - return status; - } + printf(KRED "Error: New frame would violate maximum tc frame managed parameter! \n" RESET); + status = CRYPTO_LIB_ERR_TC_FRAME_SIZE_EXCEEDS_MANAGED_PARAM_MAX_LIMIT; + mc_if->mc_log(status); + return status; + } + // Ensure the frame to be created will not violate spec max length + if (*p_enc_frame_len > 1024) + { + printf(KRED "Error: New frame would violate specification max TC frame size! \n" RESET); + status = CRYPTO_LIB_ERR_TC_FRAME_SIZE_EXCEEDS_SPEC_LIMIT; + mc_if->mc_log(status); + return status; + } - // Accio buffer - p_new_enc_frame = (uint8_t*)malloc((*p_enc_frame_len) * sizeof(uint8_t)); - if (!p_new_enc_frame) - { - printf(KRED "Error: Malloc for encrypted output buffer failed! \n" RESET); - status = CRYPTO_LIB_ERROR; - mc_if->mc_log(status); - return status; - } - memset(p_new_enc_frame, 0, *p_enc_frame_len); + // Accio buffer + p_new_enc_frame = (uint8_t*)malloc((*p_enc_frame_len) * sizeof(uint8_t)); + if (!p_new_enc_frame) + { + printf(KRED "Error: Malloc for encrypted output buffer failed! \n" RESET); + status = CRYPTO_LIB_ERROR; + mc_if->mc_log(status); + return status; + } + memset(p_new_enc_frame, 0, *p_enc_frame_len); #ifdef TC_DEBUG - printf(KYEL "DEBUG - Total TC Buffer to be malloced is: %d bytes\n" RESET, *p_enc_frame_len); - printf(KYEL "\tlen of TF\t = %d\n" RESET, temp_tc_header.fl); - printf(KYEL "\tsegment hdr len\t = %d\n" RESET, segment_hdr_len); - printf(KYEL "\tspi len\t\t = 2\n" RESET); - printf(KYEL "\tshivf_len\t = %d\n" RESET, sa_ptr->shivf_len); - printf(KYEL "\tiv_len\t\t = %d\n" RESET, sa_ptr->iv_len); - printf(KYEL "\tshsnf_len\t = %d\n" RESET, sa_ptr->shsnf_len); - printf(KYEL "\tshplf len\t = %d\n" RESET, sa_ptr->shplf_len); - printf(KYEL "\tarsn_len\t = %d\n" RESET, sa_ptr->arsn_len); - printf(KYEL "\tstmacf_len\t = %d\n" RESET, sa_ptr->stmacf_len); + printf(KYEL "DEBUG - Total TC Buffer to be malloced is: %d bytes\n" RESET, *p_enc_frame_len); + printf(KYEL "\tlen of TF\t = %d\n" RESET, temp_tc_header.fl); + printf(KYEL "\tsegment hdr len\t = %d\n" RESET, segment_hdr_len); + printf(KYEL "\tspi len\t\t = 2\n" RESET); + printf(KYEL "\tshivf_len\t = %d\n" RESET, sa_ptr->shivf_len); + printf(KYEL "\tiv_len\t\t = %d\n" RESET, sa_ptr->iv_len); + printf(KYEL "\tshsnf_len\t = %d\n" RESET, sa_ptr->shsnf_len); + printf(KYEL "\tshplf len\t = %d\n" RESET, sa_ptr->shplf_len); + printf(KYEL "\tarsn_len\t = %d\n" RESET, sa_ptr->arsn_len); + printf(KYEL "\tstmacf_len\t = %d\n" RESET, sa_ptr->stmacf_len); #endif - // Copy original TF header, w/ segment header if applicable - memcpy(p_new_enc_frame, p_in_frame, TC_FRAME_HEADER_SIZE + segment_hdr_len); + // Copy original TF header, w/ segment header if applicable + memcpy(p_new_enc_frame, p_in_frame, TC_FRAME_HEADER_SIZE + segment_hdr_len); - // Set new TF Header length - // Recall: Length field is one minus total length per spec - *(p_new_enc_frame + 2) = - ((*(p_new_enc_frame + 2) & 0xFC) | (((new_enc_frame_header_field_length) & (0x0300)) >> 8)); - *(p_new_enc_frame + 3) = ((new_enc_frame_header_field_length) & (0x00FF)); + // Set new TF Header length + // Recall: Length field is one minus total length per spec + *(p_new_enc_frame + 2) = + ((*(p_new_enc_frame + 2) & 0xFC) | (((new_enc_frame_header_field_length) & (0x0300)) >> 8)); + *(p_new_enc_frame + 3) = ((new_enc_frame_header_field_length) & (0x00FF)); #ifdef TC_DEBUG - printf(KYEL "Printing updated TF Header:\n\t"); - for (i = 0; i < TC_FRAME_HEADER_SIZE; i++) - { - printf("%02X",*(p_new_enc_frame + i)); - } - // Recall: The buffer length is 1 greater than the field value set in the TCTF - printf("\n\tLength set to 0x%02X\n" RESET, new_enc_frame_header_field_length); + printf(KYEL "Printing updated TF Header:\n\t"); + for (i = 0; i < TC_FRAME_HEADER_SIZE; i++) + { + printf("%02X",*(p_new_enc_frame + i)); + } + // Recall: The buffer length is 1 greater than the field value set in the TCTF + printf("\n\tLength set to 0x%02X\n" RESET, new_enc_frame_header_field_length); #endif - /* - ** Start variable length fields - */ - uint16_t index = TC_FRAME_HEADER_SIZE; // Frame header is 5 bytes + /* + ** Start variable length fields + */ + uint16_t index = TC_FRAME_HEADER_SIZE; // Frame header is 5 bytes - if (current_managed_parameters->has_segmentation_hdr == TC_HAS_SEGMENT_HDRS) - { - index++; // Add 1 byte to index because segmentation header used for this gvcid. - } + if (current_managed_parameters->has_segmentation_hdr == TC_HAS_SEGMENT_HDRS) + { + index++; // Add 1 byte to index because segmentation header used for this gvcid. + } - /* - ** Begin Security Header Fields - ** Reference CCSDS SDLP 3550b1 4.1.1.1.3 - */ - // Set SPI - *(p_new_enc_frame + index) = ((sa_ptr->spi & 0xFF00) >> 8); - *(p_new_enc_frame + index + 1) = (sa_ptr->spi & 0x00FF); - index += 2; + /* + ** Begin Security Header Fields + ** Reference CCSDS SDLP 3550b1 4.1.1.1.3 + */ + // Set SPI + *(p_new_enc_frame + index) = ((sa_ptr->spi & 0xFF00) >> 8); + *(p_new_enc_frame + index + 1) = (sa_ptr->spi & 0x00FF); + index += 2; - // Set initialization vector if specified + // Set initialization vector if specified #ifdef SA_DEBUG - if (sa_ptr->shivf_len > 0 && sa_ptr->iv != NULL) + if (sa_ptr->shivf_len > 0 && sa_ptr->iv != NULL) + { + printf(KYEL "Using IV value:\n\t"); + for (i = 0; i < sa_ptr->iv_len; i++) { - printf(KYEL "Using IV value:\n\t"); - for (i = 0; i < sa_ptr->iv_len; i++) - { - printf("%02x", *(sa_ptr->iv + i)); - } - printf("\n" RESET); - printf(KYEL "Transmitted IV value:\n\t"); - for (i = sa_ptr->iv_len - sa_ptr->shivf_len; i < sa_ptr->iv_len; i++) - { - printf("%02x", *(sa_ptr->iv + i)); - } - printf("\n" RESET); + printf("%02x", *(sa_ptr->iv + i)); } + printf("\n" RESET); + printf(KYEL "Transmitted IV value:\n\t"); + for (i = sa_ptr->iv_len - sa_ptr->shivf_len; i < sa_ptr->iv_len; i++) + { + printf("%02x", *(sa_ptr->iv + i)); + } + printf("\n" RESET); + } #endif - // if(sa_service_type != SA_PLAINTEXT) - //{ - // return CRYPTO_LIB_ERR_NULL_CIPHERS; - // } + // if(sa_service_type != SA_PLAINTEXT) + //{ + // return CRYPTO_LIB_ERR_NULL_CIPHERS; + // } - if ((sa_ptr->est == 0) && (sa_ptr->ast == 1)) + if ((sa_ptr->est == 0) && (sa_ptr->ast == 1)) + { + if (sa_ptr->acs_len != 0) { - if (sa_ptr->acs_len != 0) + if ((sa_ptr->acs == CRYPTO_MAC_CMAC_AES256 || sa_ptr->acs == CRYPTO_MAC_HMAC_SHA256 || sa_ptr->acs == CRYPTO_MAC_HMAC_SHA512) && + sa_ptr->iv_len > 0) { - if ((sa_ptr->acs == CRYPTO_MAC_CMAC_AES256 || sa_ptr->acs == CRYPTO_MAC_HMAC_SHA256 || sa_ptr->acs == CRYPTO_MAC_HMAC_SHA512) && - sa_ptr->iv_len > 0) - { - status = CRYPTO_LIB_ERR_IV_NOT_SUPPORTED_FOR_ACS_ALGO; - mc_if->mc_log(status); - return status; - } + status = CRYPTO_LIB_ERR_IV_NOT_SUPPORTED_FOR_ACS_ALGO; + mc_if->mc_log(status); + return status; } } + } - if (crypto_config.iv_type == IV_INTERNAL) + if (crypto_config.iv_type == IV_INTERNAL) + { + // Start index from the transmitted portion + for (i = sa_ptr->iv_len - sa_ptr->shivf_len; i < sa_ptr->iv_len; i++) { - // Start index from the transmitted portion - for (i = sa_ptr->iv_len - sa_ptr->shivf_len; i < sa_ptr->iv_len; i++) - { - *(p_new_enc_frame + index) = *(sa_ptr->iv + i); - index++; - } + *(p_new_enc_frame + index) = *(sa_ptr->iv + i); + index++; } - // IV is NULL / IV_CRYPTO_MODULE - else + } + // IV is NULL / IV_CRYPTO_MODULE + else + { + // Transmitted length > 0, AND using KMC_CRYPTO + if ((sa_ptr->shivf_len > 0) && (crypto_config.cryptography_type == CRYPTOGRAPHY_TYPE_KMCCRYPTO)) { - // Transmitted length > 0, AND using KMC_CRYPTO - if ((sa_ptr->shivf_len > 0) && (crypto_config.cryptography_type == CRYPTOGRAPHY_TYPE_KMCCRYPTO)) - { - index += sa_ptr->iv_len - (sa_ptr->iv_len - sa_ptr->shivf_len); - } - else if (sa_ptr->shivf_len == 0) - { - // IV isn't being used, so don't care if it's Null - } - else - { - status = CRYPTO_LIB_ERR_NULL_IV; - mc_if->mc_log(status); - return status; - } + index += sa_ptr->iv_len - (sa_ptr->iv_len - sa_ptr->shivf_len); } - - // Set anti-replay sequence number if specified - /* - ** See also: 4.1.1.4.2 - ** 4.1.1.4.4 If authentication or authenticated encryption is not selected - ** for an SA, the Sequence Number field shall be zero octets in length. - ** Reference CCSDS 3550b1 - */ - for (i = sa_ptr->arsn_len - sa_ptr->shsnf_len; i < sa_ptr->arsn_len; i++) + else if (sa_ptr->shivf_len == 0) { - // Copy in ARSN from SA - *(p_new_enc_frame + index) = *(sa_ptr->arsn + i); - index++; + // IV isn't being used, so don't care if it's Null } - - // Set security header padding if specified - /* - ** 4.2.3.4 h) if the algorithm and mode selected for the SA require the use of - ** fill padding, place the number of fill bytes used into the Pad Length field - ** of the Security Header - Reference CCSDS 3550b1 - */ - // TODO: Revisit this - // TODO: Likely SA API Call - /* 4.1.1.5.2 The Pad Length field shall contain the count of fill bytes used in the - ** cryptographic process, consisting of an integral number of octets. - CCSDS 3550b1 - */ - // TODO: Set this depending on crypto cipher used - - if (pkcs_padding) + else { - uint8_t hex_padding[3] = {0}; // TODO: Create #Define for the 3 - pkcs_padding = pkcs_padding & 0x00FFFFFF; // Truncate to be maxiumum of 3 bytes in size - - // Byte Magic - hex_padding[0] = (pkcs_padding >> 16) & 0xFF; - hex_padding[1] = (pkcs_padding >> 8) & 0xFF; - hex_padding[2] = (pkcs_padding)&0xFF; + status = CRYPTO_LIB_ERR_NULL_IV; + mc_if->mc_log(status); + return status; + } + } - uint8_t padding_start = 0; - padding_start = 3 - sa_ptr->shplf_len; + // Set anti-replay sequence number if specified + /* + ** See also: 4.1.1.4.2 + ** 4.1.1.4.4 If authentication or authenticated encryption is not selected + ** for an SA, the Sequence Number field shall be zero octets in length. + ** Reference CCSDS 3550b1 + */ + for (i = sa_ptr->arsn_len - sa_ptr->shsnf_len; i < sa_ptr->arsn_len; i++) + { + // Copy in ARSN from SA + *(p_new_enc_frame + index) = *(sa_ptr->arsn + i); + index++; + } - for (i = 0; i < sa_ptr->shplf_len; i++) - { - *(p_new_enc_frame + index) = hex_padding[padding_start++]; - index++; - } - } + // Set security header padding if specified + /* + ** 4.2.3.4 h) if the algorithm and mode selected for the SA require the use of + ** fill padding, place the number of fill bytes used into the Pad Length field + ** of the Security Header - Reference CCSDS 3550b1 + */ + // TODO: Revisit this + // TODO: Likely SA API Call + /* 4.1.1.5.2 The Pad Length field shall contain the count of fill bytes used in the + ** cryptographic process, consisting of an integral number of octets. - CCSDS 3550b1 + */ + // TODO: Set this depending on crypto cipher used + + if (pkcs_padding) + { + uint8_t hex_padding[3] = {0}; // TODO: Create #Define for the 3 + pkcs_padding = pkcs_padding & 0x00FFFFFF; // Truncate to be maxiumum of 3 bytes in size - /* - ** End Security Header Fields - */ + // Byte Magic + hex_padding[0] = (pkcs_padding >> 16) & 0xFF; + hex_padding[1] = (pkcs_padding >> 8) & 0xFF; + hex_padding[2] = (pkcs_padding)&0xFF; - // Copy in original TF data - except FECF - // Will be over-written if using encryption later - // tf_payload_len = temp_tc_header.fl - TC_FRAME_HEADER_SIZE - segment_hdr_len - fecf_len + 1; + uint8_t padding_start = 0; + padding_start = 3 - sa_ptr->shplf_len; - memcpy((p_new_enc_frame + index), (p_in_frame + TC_FRAME_HEADER_SIZE + segment_hdr_len), tf_payload_len); - index += tf_payload_len; - for (uint32_t i = 0; i < pkcs_padding; i++) + for (i = 0; i < sa_ptr->shplf_len; i++) { - /* 4.1.1.5.2 The Pad Length field shall contain the count of fill bytes used in the - ** cryptographic process, consisting of an integral number of octets. - CCSDS 3550b1 - */ - // TODO: Set this depending on crypto cipher used - *(p_new_enc_frame + index + i) = (uint8_t)pkcs_padding; // How much padding is needed? - // index++; + *(p_new_enc_frame + index) = hex_padding[padding_start++]; + index++; } - index -= tf_payload_len; - tf_payload_len += pkcs_padding; + } + + /* + ** End Security Header Fields + */ + + // Copy in original TF data - except FECF + // Will be over-written if using encryption later + // tf_payload_len = temp_tc_header.fl - TC_FRAME_HEADER_SIZE - segment_hdr_len - fecf_len + 1; - /* - ** Begin Authentication / Encryption + memcpy((p_new_enc_frame + index), (p_in_frame + TC_FRAME_HEADER_SIZE + segment_hdr_len), tf_payload_len); + index += tf_payload_len; + for (uint32_t i = 0; i < pkcs_padding; i++) + { + /* 4.1.1.5.2 The Pad Length field shall contain the count of fill bytes used in the + ** cryptographic process, consisting of an integral number of octets. - CCSDS 3550b1 */ + // TODO: Set this depending on crypto cipher used + *(p_new_enc_frame + index + i) = (uint8_t)pkcs_padding; // How much padding is needed? + // index++; + } + index -= tf_payload_len; + tf_payload_len += pkcs_padding; - if (sa_service_type != SA_PLAINTEXT) - { - uint8_t* mac_ptr = NULL; - uint16_t aad_len = 0; + /* + ** Begin Authentication / Encryption + */ - if (sa_service_type == SA_AUTHENTICATED_ENCRYPTION || sa_service_type == SA_AUTHENTICATION) - { - mac_loc = TC_FRAME_HEADER_SIZE + segment_hdr_len + SPI_LEN + sa_ptr->shivf_len + sa_ptr->shsnf_len + - sa_ptr->shplf_len + tf_payload_len; + if (sa_service_type != SA_PLAINTEXT) + { + uint8_t* mac_ptr = NULL; + uint16_t aad_len = 0; + + if (sa_service_type == SA_AUTHENTICATED_ENCRYPTION || sa_service_type == SA_AUTHENTICATION) + { + mac_loc = TC_FRAME_HEADER_SIZE + segment_hdr_len + SPI_LEN + sa_ptr->shivf_len + sa_ptr->shsnf_len + + sa_ptr->shplf_len + tf_payload_len; #ifdef MAC_DEBUG - printf(KYEL "MAC location is: %d\n" RESET, mac_loc); - printf(KYEL "MAC size is: %d\n" RESET, sa_ptr->stmacf_len); + printf(KYEL "MAC location is: %d\n" RESET, mac_loc); + printf(KYEL "MAC size is: %d\n" RESET, sa_ptr->stmacf_len); #endif - mac_ptr = &p_new_enc_frame[mac_loc]; + mac_ptr = &p_new_enc_frame[mac_loc]; - // Prepare the Header AAD (CCSDS 335.0-B-1 4.2.3.2.2.3) - aad_len = TC_FRAME_HEADER_SIZE + segment_hdr_len + SPI_LEN + sa_ptr->shivf_len + - sa_ptr->shsnf_len + sa_ptr->shplf_len; - if (sa_service_type == SA_AUTHENTICATION) // auth only, we authenticate the payload as part of the AEAD encrypt call here - { - aad_len += tf_payload_len; - } + // Prepare the Header AAD (CCSDS 335.0-B-1 4.2.3.2.2.3) + aad_len = TC_FRAME_HEADER_SIZE + segment_hdr_len + SPI_LEN + sa_ptr->shivf_len + + sa_ptr->shsnf_len + sa_ptr->shplf_len; + if (sa_service_type == SA_AUTHENTICATION) // auth only, we authenticate the payload as part of the AEAD encrypt call here + { + aad_len += tf_payload_len; + } #ifdef TC_DEBUG - printf("Calculated AAD Length: %d\n", aad_len); + printf("Calculated AAD Length: %d\n", aad_len); #endif - if (sa_ptr->abm_len < aad_len) - { - status = CRYPTO_LIB_ERR_ABM_TOO_SHORT_FOR_AAD; - mc_if->mc_log(status); - return status; - } - aad = Crypto_Prepare_TC_AAD(p_new_enc_frame, aad_len, sa_ptr->abm); + if (sa_ptr->abm_len < aad_len) + { + status = CRYPTO_LIB_ERR_ABM_TOO_SHORT_FOR_AAD; + mc_if->mc_log(status); + return status; } + aad = Crypto_Prepare_TC_AAD(p_new_enc_frame, aad_len, sa_ptr->abm); + } #ifdef TC_DEBUG - printf("Encrypted bytes output_loc is %d\n", index); - printf("Input bytes input_loc is %d\n", TC_FRAME_HEADER_SIZE + segment_hdr_len); + printf("Encrypted bytes output_loc is %d\n", index); + printf("Input bytes input_loc is %d\n", TC_FRAME_HEADER_SIZE + segment_hdr_len); #endif - /* Get Key */ - ekp = key_if->get_key(sa_ptr->ekid); - if (ekp == NULL) + /* Get Key */ + ekp = key_if->get_key(sa_ptr->ekid); + if (ekp == NULL) + { + status = CRYPTO_LIB_ERR_KEY_ID_ERROR; + mc_if->mc_log(status); + return status; + } + + if (ecs_is_aead_algorithm == CRYPTO_TRUE) + { + // Check that key length to be used ets the algorithm requirement + if ((int32_t)ekp->key_len != Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs)) { - status = CRYPTO_LIB_ERR_KEY_ID_ERROR; + if (!aad) free(aad); + status = CRYPTO_LIB_ERR_KEY_LENGTH_ERROR; mc_if->mc_log(status); return status; } - if (ecs_is_aead_algorithm == CRYPTO_TRUE) + status = cryptography_if->cryptography_aead_encrypt(&p_new_enc_frame[index], // ciphertext output + (size_t)tf_payload_len, // length of data + (uint8_t*)(p_in_frame + TC_FRAME_HEADER_SIZE + segment_hdr_len), // plaintext input + (size_t)tf_payload_len, // in data length + &(ekp->value[0]), // Key + Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs), // Length of key derived from sa_ptr key_ref + sa_ptr, // SA (for key reference) + sa_ptr->iv, // IV + sa_ptr->iv_len, // IV Length + mac_ptr, // tag output + sa_ptr->stmacf_len, // tag size + aad, // AAD Input + aad_len, // Length of AAD + (sa_ptr->est == 1), + (sa_ptr->ast == 1), + (sa_ptr->ast == 1), + &sa_ptr->ecs, // encryption cipher + &sa_ptr->acs, // authentication cipher + cam_cookies); + } + else // non aead algorithm + { + // TODO - implement non-AEAD algorithm logic + if (sa_service_type == SA_ENCRYPTION) { // Check that key length to be used ets the algorithm requirement if ((int32_t)ekp->key_len != Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs)) { if (!aad) free(aad); - status = CRYPTO_LIB_ERR_KEY_LENGTH_ERROR; - mc_if->mc_log(status); - return status; + return CRYPTO_LIB_ERR_KEY_LENGTH_ERROR; } - status = cryptography_if->cryptography_aead_encrypt(&p_new_enc_frame[index], // ciphertext output - (size_t)tf_payload_len, // length of data - (uint8_t*)(p_in_frame + TC_FRAME_HEADER_SIZE + segment_hdr_len), // plaintext input - (size_t)tf_payload_len, // in data length - &(ekp->value[0]), // Key - Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs), // Length of key derived from sa_ptr key_ref - sa_ptr, // SA (for key reference) - sa_ptr->iv, // IV - sa_ptr->iv_len, // IV Length - mac_ptr, // tag output - sa_ptr->stmacf_len, // tag size - aad, // AAD Input - aad_len, // Length of AAD - (sa_ptr->est == 1), - (sa_ptr->ast == 1), - (sa_ptr->ast == 1), - &sa_ptr->ecs, // encryption cipher - &sa_ptr->acs, // authentication cipher - cam_cookies); + status = cryptography_if->cryptography_encrypt(&p_new_enc_frame[index], // ciphertext output + (size_t)tf_payload_len, + &p_new_enc_frame[index], // length of data + //(uint8_t*)(p_in_frame + TC_FRAME_HEADER_SIZE + segment_hdr_len), // plaintext input + (size_t)tf_payload_len, // in data length + // new_frame_length, + &(ekp->value[0]), // Key + Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs), // Length of key derived from sa_ptr key_ref + sa_ptr, // SA (for key reference) + sa_ptr->iv, // IV + sa_ptr->iv_len, // IV Length + &sa_ptr->ecs, // encryption cipher + pkcs_padding, + cam_cookies); } - else // non aead algorithm + + if (sa_service_type == SA_AUTHENTICATION) { - // TODO - implement non-AEAD algorithm logic - if (sa_service_type == SA_ENCRYPTION) + /* Get Key */ + crypto_key_t* akp = NULL; + akp = key_if->get_key(sa_ptr->akid); + if (akp == NULL) { - // Check that key length to be used ets the algorithm requirement - if ((int32_t)ekp->key_len != Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs)) - { - if (!aad) free(aad); - return CRYPTO_LIB_ERR_KEY_LENGTH_ERROR; - } - - status = cryptography_if->cryptography_encrypt(&p_new_enc_frame[index], // ciphertext output - (size_t)tf_payload_len, - &p_new_enc_frame[index], // length of data - //(uint8_t*)(p_in_frame + TC_FRAME_HEADER_SIZE + segment_hdr_len), // plaintext input - (size_t)tf_payload_len, // in data length - // new_frame_length, - &(ekp->value[0]), // Key - Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs), // Length of key derived from sa_ptr key_ref - sa_ptr, // SA (for key reference) - sa_ptr->iv, // IV - sa_ptr->iv_len, // IV Length - &sa_ptr->ecs, // encryption cipher - pkcs_padding, - cam_cookies); + return CRYPTO_LIB_ERR_KEY_ID_ERROR; } - if (sa_service_type == SA_AUTHENTICATION) + // Check that key length to be used ets the algorithm requirement + if ((int32_t)akp->key_len != Crypto_Get_ACS_Algo_Keylen(sa_ptr->acs)) { - /* Get Key */ - crypto_key_t* akp = NULL; - akp = key_if->get_key(sa_ptr->akid); - if (akp == NULL) - { - return CRYPTO_LIB_ERR_KEY_ID_ERROR; - } - - // Check that key length to be used ets the algorithm requirement - if ((int32_t)akp->key_len != Crypto_Get_ACS_Algo_Keylen(sa_ptr->acs)) - { - if (!aad) free(aad); - return CRYPTO_LIB_ERR_KEY_LENGTH_ERROR; - } - - status = cryptography_if->cryptography_authenticate(&p_new_enc_frame[index], // ciphertext output - (size_t)tf_payload_len, // length of data - (uint8_t*)(p_in_frame + TC_FRAME_HEADER_SIZE + segment_hdr_len), // plaintext input - (size_t)tf_payload_len, // in data length - &(akp->value[0]), // Key - Crypto_Get_ACS_Algo_Keylen(sa_ptr->acs), - sa_ptr, // SA (for key reference) - sa_ptr->iv, // IV - sa_ptr->iv_len, // IV Length - mac_ptr, // tag output - sa_ptr->stmacf_len, // tag size - aad, // AAD Input - aad_len, // Length of AAD - sa_ptr->ecs, // encryption cipher - sa_ptr->acs, // authentication cipher - cam_cookies); + if (!aad) free(aad); + return CRYPTO_LIB_ERR_KEY_LENGTH_ERROR; } - } - if (status != CRYPTO_LIB_SUCCESS) - { - if (!aad) free(aad); - mc_if->mc_log(status); - return status; // Cryptography IF call failed, return. + + status = cryptography_if->cryptography_authenticate(&p_new_enc_frame[index], // ciphertext output + (size_t)tf_payload_len, // length of data + (uint8_t*)(p_in_frame + TC_FRAME_HEADER_SIZE + segment_hdr_len), // plaintext input + (size_t)tf_payload_len, // in data length + &(akp->value[0]), // Key + Crypto_Get_ACS_Algo_Keylen(sa_ptr->acs), + sa_ptr, // SA (for key reference) + sa_ptr->iv, // IV + sa_ptr->iv_len, // IV Length + mac_ptr, // tag output + sa_ptr->stmacf_len, // tag size + aad, // AAD Input + aad_len, // Length of AAD + sa_ptr->ecs, // encryption cipher + sa_ptr->acs, // authentication cipher + cam_cookies); } } - if (sa_service_type != SA_PLAINTEXT) + if (status != CRYPTO_LIB_SUCCESS) { + if (!aad) free(aad); + mc_if->mc_log(status); + return status; // Cryptography IF call failed, return. + } + } + if (sa_service_type != SA_PLAINTEXT) + { #ifdef INCREMENT - if (crypto_config.crypto_increment_nontransmitted_iv == SA_INCREMENT_NONTRANSMITTED_IV_TRUE) - { - if (sa_ptr->shivf_len > 0 && sa_ptr->iv_len != 0) - { - Crypto_increment(sa_ptr->iv, sa_ptr->iv_len); - } - } - else // SA_INCREMENT_NONTRANSMITTED_IV_FALSE + if (crypto_config.crypto_increment_nontransmitted_iv == SA_INCREMENT_NONTRANSMITTED_IV_TRUE) + { + if (sa_ptr->shivf_len > 0 && sa_ptr->iv_len != 0) { - // Only increment the transmitted portion - if (sa_ptr->shivf_len > 0 && sa_ptr->iv_len != 0) - { - Crypto_increment(sa_ptr->iv + (sa_ptr->iv_len - sa_ptr->shivf_len), sa_ptr->shivf_len); - } + Crypto_increment(sa_ptr->iv, sa_ptr->iv_len); } - if (sa_ptr->shsnf_len > 0) + } + else // SA_INCREMENT_NONTRANSMITTED_IV_FALSE + { + // Only increment the transmitted portion + if (sa_ptr->shivf_len > 0 && sa_ptr->iv_len != 0) { - Crypto_increment(sa_ptr->arsn, sa_ptr->arsn_len); + Crypto_increment(sa_ptr->iv + (sa_ptr->iv_len - sa_ptr->shivf_len), sa_ptr->shivf_len); } + } + if (sa_ptr->shsnf_len > 0) + { + Crypto_increment(sa_ptr->arsn, sa_ptr->arsn_len); + } #ifdef SA_DEBUG - if (sa_ptr->iv_len > 0) - { - printf(KYEL "Next IV value is:\n\t"); - for (i = 0; i < sa_ptr->iv_len; i++) - { - printf("%02x", *(sa_ptr->iv + i)); - } - printf("\n" RESET); - printf(KYEL "Next transmitted IV value is:\n\t"); - for (i = sa_ptr->iv_len - sa_ptr->shivf_len; i < sa_ptr->iv_len; i++) - { - printf("%02x", *(sa_ptr->iv + i)); - } - printf("\n" RESET); - } - printf(KYEL "Next ARSN value is:\n\t"); - for (i = 0; i < sa_ptr->arsn_len; i++) + if (sa_ptr->iv_len > 0) + { + printf(KYEL "Next IV value is:\n\t"); + for (i = 0; i < sa_ptr->iv_len; i++) { - printf("%02x", *(sa_ptr->arsn + i)); + printf("%02x", *(sa_ptr->iv + i)); } printf("\n" RESET); - printf(KYEL "Next transmitted ARSN value is:\n\t"); - for (i = sa_ptr->arsn_len - sa_ptr->shsnf_len; i < sa_ptr->arsn_len; i++) + printf(KYEL "Next transmitted IV value is:\n\t"); + for (i = sa_ptr->iv_len - sa_ptr->shivf_len; i < sa_ptr->iv_len; i++) { - printf("%02x", *(sa_ptr->arsn + i)); + printf("%02x", *(sa_ptr->iv + i)); } printf("\n" RESET); + } + printf(KYEL "Next ARSN value is:\n\t"); + for (i = 0; i < sa_ptr->arsn_len; i++) + { + printf("%02x", *(sa_ptr->arsn + i)); + } + printf("\n" RESET); + printf(KYEL "Next transmitted ARSN value is:\n\t"); + for (i = sa_ptr->arsn_len - sa_ptr->shsnf_len; i < sa_ptr->arsn_len; i++) + { + printf("%02x", *(sa_ptr->arsn + i)); + } + printf("\n" RESET); #endif #endif - } - /* - ** End Authentication / Encryption - */ + } + /* + ** End Authentication / Encryption + */ - // Only calculate & insert FECF if CryptoLib is configured to do so & gvcid includes FECF. - if (current_managed_parameters->has_fecf == TC_HAS_FECF) - { + // Only calculate & insert FECF if CryptoLib is configured to do so & gvcid includes FECF. + if (current_managed_parameters->has_fecf == TC_HAS_FECF) + { #ifdef FECF_DEBUG - printf(KCYN "Calcing FECF over %d bytes\n" RESET, new_enc_frame_header_field_length - 1); + printf(KCYN "Calcing FECF over %d bytes\n" RESET, new_enc_frame_header_field_length - 1); #endif - if (crypto_config.crypto_create_fecf == CRYPTO_TC_CREATE_FECF_TRUE) - { - new_fecf = Crypto_Calc_FECF(p_new_enc_frame, new_enc_frame_header_field_length - 1); - *(p_new_enc_frame + new_enc_frame_header_field_length - 1) = (uint8_t)((new_fecf & 0xFF00) >> 8); - *(p_new_enc_frame + new_enc_frame_header_field_length) = (uint8_t)(new_fecf & 0x00FF); - } - else // CRYPTO_TC_CREATE_FECF_FALSE - { - *(p_new_enc_frame + new_enc_frame_header_field_length - 1) = (uint8_t)0x00; - *(p_new_enc_frame + new_enc_frame_header_field_length) = (uint8_t)0x00; - } - index += 2; + if (crypto_config.crypto_create_fecf == CRYPTO_TC_CREATE_FECF_TRUE) + { + new_fecf = Crypto_Calc_FECF(p_new_enc_frame, new_enc_frame_header_field_length - 1); + *(p_new_enc_frame + new_enc_frame_header_field_length - 1) = (uint8_t)((new_fecf & 0xFF00) >> 8); + *(p_new_enc_frame + new_enc_frame_header_field_length) = (uint8_t)(new_fecf & 0x00FF); } - -#ifdef TC_DEBUG - printf(KYEL "Printing new TC Frame of length %d:\n\t", *p_enc_frame_len); - for (i = 0; i <*p_enc_frame_len; i++) + else // CRYPTO_TC_CREATE_FECF_FALSE { - printf("%02X",*(p_new_enc_frame + i)); + *(p_new_enc_frame + new_enc_frame_header_field_length - 1) = (uint8_t)0x00; + *(p_new_enc_frame + new_enc_frame_header_field_length) = (uint8_t)0x00; } - printf("\n\tThe returned length is: %d\n" RESET, new_enc_frame_header_field_length); -#endif + index += 2; + } - *pp_in_frame = p_new_enc_frame; +#ifdef TC_DEBUG + printf(KYEL "Printing new TC Frame of length %d:\n\t", *p_enc_frame_len); + for (i = 0; i <*p_enc_frame_len; i++) + { + printf("%02X",*(p_new_enc_frame + i)); } + printf("\n\tThe returned length is: %d\n" RESET, new_enc_frame_header_field_length); +#endif + + *pp_in_frame = p_new_enc_frame; + status = sa_if->sa_save_sa(sa_ptr); @@ -813,38 +876,6 @@ int32_t Crypto_TC_ProcessSecurity(uint8_t* ingest, int* len_ingest, TC_t* tc_sdl return Crypto_TC_ProcessSecurity_Cam(ingest, len_ingest, tc_sdls_processed_frame, NULL); } -int32_t Crypto_TC_Get_SA_Service_Type(uint8_t* sa_service_type, SecurityAssociation_t* sa_ptr) -{ - int32_t status = CRYPTO_LIB_SUCCESS; - - if ((sa_ptr->est == 0) && (sa_ptr->ast == 0)) - { - *sa_service_type = SA_PLAINTEXT; - } - else if ((sa_ptr->est == 0) && (sa_ptr->ast == 1)) - { - *sa_service_type = SA_AUTHENTICATION; - } - else if ((sa_ptr->est == 1) && (sa_ptr->ast == 0)) - { - *sa_service_type = SA_ENCRYPTION; - } - else if ((sa_ptr->est == 1) && (sa_ptr->ast == 1)) - { - *sa_service_type = SA_AUTHENTICATED_ENCRYPTION; - } - else - { - // Probably unnecessary check - // Leaving for now as it would be cleaner in SA to have an association enum returned I believe - printf(KRED "Error: SA Service Type is not defined! \n" RESET); - status = CRYPTO_LIB_ERROR; - mc_if->mc_log(status); - return status; - } - return status; -} - int32_t Crypto_TC_Parse_Check_FECF(uint8_t* ingest, int* len_ingest, TC_t* tc_sdls_processed_frame) { int32_t status = CRYPTO_LIB_SUCCESS; @@ -1199,7 +1230,7 @@ uint32_t Crypto_TC_Sanity_Validations(TC_t* tc_sdls_processed_frame, SecurityAss return status; } -void Crypto_TC_Get_Ciper_Mode(uint8_t sa_service_type, uint32_t* encryption_cipher, uint8_t* ecs_is_aead_algorithm, SecurityAssociation_t* sa_ptr) +void Crypto_TC_Get_Ciper_Mode_TCP(uint8_t sa_service_type, uint32_t* encryption_cipher, uint8_t* ecs_is_aead_algorithm, SecurityAssociation_t* sa_ptr) { if (sa_service_type != SA_PLAINTEXT) { @@ -1328,7 +1359,7 @@ int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t* ingest, int* len_ingest, TC_t* tc Crypto_TC_Get_SA_Service_Type(&sa_service_type, sa_ptr); // Determine Algorithm cipher & mode. // TODO - Parse authentication_cipher, and handle AEAD cases properly - Crypto_TC_Get_Ciper_Mode(sa_service_type, &encryption_cipher, &ecs_is_aead_algorithm, sa_ptr); + Crypto_TC_Get_Ciper_Mode_TCP(sa_service_type, &encryption_cipher, &ecs_is_aead_algorithm, sa_ptr); #ifdef TC_DEBUG switch (sa_service_type) From cb27f71c0d56fae53e73640751962c59fb6cd804 Mon Sep 17 00:00:00 2001 From: Robert Brown Date: Wed, 6 Mar 2024 21:16:15 +0000 Subject: [PATCH 009/174] [nasa/cryptolib#196] WIP: TC_Apply Refactor --- src/core/crypto_tc.c | 690 ++++++++++++++++++++++++------------------- 1 file changed, 378 insertions(+), 312 deletions(-) diff --git a/src/core/crypto_tc.c b/src/core/crypto_tc.c index a40889cb..79b95590 100644 --- a/src/core/crypto_tc.c +++ b/src/core/crypto_tc.c @@ -156,6 +156,357 @@ int32_t Crypto_TC_Handle_Enc_Padding(uint8_t sa_service_type, uint32_t* pkcs_pad return status; } +int32_t Crypto_TC_Frame_Validation(uint16_t* p_enc_frame_len) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + if (*p_enc_frame_len > current_managed_parameters->max_frame_size) + { +#ifdef DEBUG + printf("Managed length is: %d\n", current_managed_parameters->max_frame_size); + printf("New enc frame length will be: %d\n", *p_enc_frame_len); +#endif + printf(KRED "Error: New frame would violate maximum tc frame managed parameter! \n" RESET); + status = CRYPTO_LIB_ERR_TC_FRAME_SIZE_EXCEEDS_MANAGED_PARAM_MAX_LIMIT; + mc_if->mc_log(status); + } + // Ensure the frame to be created will not violate spec max length + if ((*p_enc_frame_len > 1024) && status == CRYPTO_LIB_SUCCESS) + { + printf(KRED "Error: New frame would violate specification max TC frame size! \n" RESET); + status = CRYPTO_LIB_ERR_TC_FRAME_SIZE_EXCEEDS_SPEC_LIMIT; + mc_if->mc_log(status); + } + return status; +} + +int32_t Crypto_TC_Accio_Buffer(uint8_t** p_new_enc_frame, uint16_t* p_enc_frame_len) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + *p_new_enc_frame = (uint8_t*)malloc((*p_enc_frame_len) * sizeof(uint8_t)); + if (!p_new_enc_frame) + { + printf(KRED "Error: Malloc for encrypted output buffer failed! \n" RESET); + status = CRYPTO_LIB_ERROR; + mc_if->mc_log(status); + return status; + } + memset(*p_new_enc_frame, 0, *p_enc_frame_len); + return status; +} + +int32_t Crypto_TC_ACS_Algo_Check(SecurityAssociation_t* sa_ptr) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + if ((sa_ptr->est == 0) && (sa_ptr->ast == 1)) + { + if (sa_ptr->acs_len != 0) + { + if ((sa_ptr->acs == CRYPTO_MAC_CMAC_AES256 || sa_ptr->acs == CRYPTO_MAC_HMAC_SHA256 || sa_ptr->acs == CRYPTO_MAC_HMAC_SHA512) && + sa_ptr->iv_len > 0) + { + status = CRYPTO_LIB_ERR_IV_NOT_SUPPORTED_FOR_ACS_ALGO; + mc_if->mc_log(status); + } + } + } + return status; +} + +int32_t Crypto_TC_Check_IV_Setup(SecurityAssociation_t* sa_ptr, uint8_t* p_new_enc_frame, uint16_t *index) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + int i; + uint16_t index_temp = *index; + if (crypto_config.iv_type == IV_INTERNAL) + { + // Start index from the transmitted portion + for (i = sa_ptr->iv_len - sa_ptr->shivf_len; i < sa_ptr->iv_len; i++) + { + *(p_new_enc_frame + index_temp) = *(sa_ptr->iv + i); + index_temp++; + } + } + // IV is NULL / IV_CRYPTO_MODULE + else + { + // Transmitted length > 0, AND using KMC_CRYPTO + if ((sa_ptr->shivf_len > 0) && (crypto_config.cryptography_type == CRYPTOGRAPHY_TYPE_KMCCRYPTO)) + { + index_temp += sa_ptr->iv_len - (sa_ptr->iv_len - sa_ptr->shivf_len); + } + else if (sa_ptr->shivf_len == 0) + { + // IV isn't being used, so don't care if it's Null + } + else + { + status = CRYPTO_LIB_ERR_NULL_IV; + mc_if->mc_log(status); + return status; + } + } + *index = index_temp; + return status; +} + + +//TODO: Reduce Complexity +int32_t Crypto_TC_Do_Encrypt(uint8_t sa_service_type, SecurityAssociation_t* sa_ptr, uint16_t* mac_loc, uint16_t tf_payload_len, uint8_t segment_hdr_len, uint8_t* p_new_enc_frame, crypto_key_t* ekp, uint8_t** aad, uint8_t ecs_is_aead_algorithm, uint16_t *index_p, const uint8_t* p_in_frame, char* cam_cookies, uint32_t pkcs_padding, uint16_t new_enc_frame_header_field_length, uint16_t* new_fecf) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + uint16_t index = *index_p; + int i; + if (sa_service_type != SA_PLAINTEXT) + { + uint8_t* mac_ptr = NULL; + uint16_t aad_len = 0; + + if (sa_service_type == SA_AUTHENTICATED_ENCRYPTION || sa_service_type == SA_AUTHENTICATION) + { + *mac_loc = TC_FRAME_HEADER_SIZE + segment_hdr_len + SPI_LEN + sa_ptr->shivf_len + sa_ptr->shsnf_len + + sa_ptr->shplf_len + tf_payload_len; +#ifdef MAC_DEBUG + printf(KYEL "MAC location is: %d\n" RESET, *mac_loc); + printf(KYEL "MAC size is: %d\n" RESET, sa_ptr->stmacf_len); +#endif + mac_ptr = &p_new_enc_frame[*mac_loc]; + + // Prepare the Header AAD (CCSDS 335.0-B-1 4.2.3.2.2.3) + aad_len = TC_FRAME_HEADER_SIZE + segment_hdr_len + SPI_LEN + sa_ptr->shivf_len + + sa_ptr->shsnf_len + sa_ptr->shplf_len; + if (sa_service_type == SA_AUTHENTICATION) // auth only, we authenticate the payload as part of the AEAD encrypt call here + { + aad_len += tf_payload_len; + } +#ifdef TC_DEBUG + printf("Calculated AAD Length: %d\n", aad_len); +#endif + if (sa_ptr->abm_len < aad_len) + { + status = CRYPTO_LIB_ERR_ABM_TOO_SHORT_FOR_AAD; + mc_if->mc_log(status); + return status; + } + *aad = Crypto_Prepare_TC_AAD(p_new_enc_frame, aad_len, sa_ptr->abm); + } + +#ifdef TC_DEBUG + printf("Encrypted bytes output_loc is %d\n", index); + printf("Input bytes input_loc is %d\n", TC_FRAME_HEADER_SIZE + segment_hdr_len); +#endif + + /* Get Key */ + ekp = key_if->get_key(sa_ptr->ekid); + if (ekp == NULL) + { + status = CRYPTO_LIB_ERR_KEY_ID_ERROR; + mc_if->mc_log(status); + return status; + } + + if (ecs_is_aead_algorithm == CRYPTO_TRUE) + { + // Check that key length to be used ets the algorithm requirement + if ((int32_t)ekp->key_len != Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs)) + { + Crypto_TC_Safe_Free_Ptr(*aad); + status = CRYPTO_LIB_ERR_KEY_LENGTH_ERROR; + mc_if->mc_log(status); + return status; + } + + status = cryptography_if->cryptography_aead_encrypt(&p_new_enc_frame[index], // ciphertext output + (size_t)tf_payload_len, // length of data + (uint8_t*)(p_in_frame + TC_FRAME_HEADER_SIZE + segment_hdr_len), // plaintext input + (size_t)tf_payload_len, // in data length + &(ekp->value[0]), // Key + Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs), // Length of key derived from sa_ptr key_ref + sa_ptr, // SA (for key reference) + sa_ptr->iv, // IV + sa_ptr->iv_len, // IV Length + mac_ptr, // tag output + sa_ptr->stmacf_len, // tag size + *aad, // AAD Input + aad_len, // Length of AAD + (sa_ptr->est == 1), + (sa_ptr->ast == 1), + (sa_ptr->ast == 1), + &sa_ptr->ecs, // encryption cipher + &sa_ptr->acs, // authentication cipher + cam_cookies); + } + else // non aead algorithm + { + // TODO - implement non-AEAD algorithm logic + if (sa_service_type == SA_ENCRYPTION) + { + // Check that key length to be used ets the algorithm requirement + if ((int32_t)ekp->key_len != Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs)) + { + Crypto_TC_Safe_Free_Ptr(*aad); + return CRYPTO_LIB_ERR_KEY_LENGTH_ERROR; + } + + status = cryptography_if->cryptography_encrypt(&p_new_enc_frame[index], // ciphertext output + (size_t)tf_payload_len, + &p_new_enc_frame[index], // length of data + //(uint8_t*)(p_in_frame + TC_FRAME_HEADER_SIZE + segment_hdr_len), // plaintext input + (size_t)tf_payload_len, // in data length + // new_frame_length, + &(ekp->value[0]), // Key + Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs), // Length of key derived from sa_ptr key_ref + sa_ptr, // SA (for key reference) + sa_ptr->iv, // IV + sa_ptr->iv_len, // IV Length + &sa_ptr->ecs, // encryption cipher + pkcs_padding, + cam_cookies); + } + + if (sa_service_type == SA_AUTHENTICATION) + { + /* Get Key */ + crypto_key_t* akp = NULL; + akp = key_if->get_key(sa_ptr->akid); + if (akp == NULL) + { + return CRYPTO_LIB_ERR_KEY_ID_ERROR; + } + + // Check that key length to be used ets the algorithm requirement + if ((int32_t)akp->key_len != Crypto_Get_ACS_Algo_Keylen(sa_ptr->acs)) + { + Crypto_TC_Safe_Free_Ptr(*aad); + return CRYPTO_LIB_ERR_KEY_LENGTH_ERROR; + } + + status = cryptography_if->cryptography_authenticate(&p_new_enc_frame[index], // ciphertext output + (size_t)tf_payload_len, // length of data + (uint8_t*)(p_in_frame + TC_FRAME_HEADER_SIZE + segment_hdr_len), // plaintext input + (size_t)tf_payload_len, // in data length + &(akp->value[0]), // Key + Crypto_Get_ACS_Algo_Keylen(sa_ptr->acs), + sa_ptr, // SA (for key reference) + sa_ptr->iv, // IV + sa_ptr->iv_len, // IV Length + mac_ptr, // tag output + sa_ptr->stmacf_len, // tag size + *aad, // AAD Input + aad_len, // Length of AAD + sa_ptr->ecs, // encryption cipher + sa_ptr->acs, // authentication cipher + cam_cookies); + } + } + if (status != CRYPTO_LIB_SUCCESS) + { + Crypto_TC_Safe_Free_Ptr(*aad); + mc_if->mc_log(status); + return status; // Cryptography IF call failed, return. + } + } + if (sa_service_type != SA_PLAINTEXT) + { +#ifdef INCREMENT + if (crypto_config.crypto_increment_nontransmitted_iv == SA_INCREMENT_NONTRANSMITTED_IV_TRUE) + { + if (sa_ptr->shivf_len > 0 && sa_ptr->iv_len != 0) + { + Crypto_increment(sa_ptr->iv, sa_ptr->iv_len); + } + } + else // SA_INCREMENT_NONTRANSMITTED_IV_FALSE + { + // Only increment the transmitted portion + if (sa_ptr->shivf_len > 0 && sa_ptr->iv_len != 0) + { + Crypto_increment(sa_ptr->iv + (sa_ptr->iv_len - sa_ptr->shivf_len), sa_ptr->shivf_len); + } + } + if (sa_ptr->shsnf_len > 0) + { + Crypto_increment(sa_ptr->arsn, sa_ptr->arsn_len); + } + +#ifdef SA_DEBUG + if (sa_ptr->iv_len > 0) + { + printf(KYEL "Next IV value is:\n\t"); + for (i = 0; i < sa_ptr->iv_len; i++) + { + printf("%02x", *(sa_ptr->iv + i)); + } + printf("\n" RESET); + printf(KYEL "Next transmitted IV value is:\n\t"); + for (i = sa_ptr->iv_len - sa_ptr->shivf_len; i < sa_ptr->iv_len; i++) + { + printf("%02x", *(sa_ptr->iv + i)); + } + printf("\n" RESET); + } + printf(KYEL "Next ARSN value is:\n\t"); + for (i = 0; i < sa_ptr->arsn_len; i++) + { + printf("%02x", *(sa_ptr->arsn + i)); + } + printf("\n" RESET); + printf(KYEL "Next transmitted ARSN value is:\n\t"); + for (i = sa_ptr->arsn_len - sa_ptr->shsnf_len; i < sa_ptr->arsn_len; i++) + { + printf("%02x", *(sa_ptr->arsn + i)); + } + printf("\n" RESET); +#endif +#endif + } + /* + ** End Authentication / Encryption + */ + + // Only calculate & insert FECF if CryptoLib is configured to do so & gvcid includes FECF. + if (current_managed_parameters->has_fecf == TC_HAS_FECF) + { +#ifdef FECF_DEBUG + printf(KCYN "Calcing FECF over %d bytes\n" RESET, new_enc_frame_header_field_length - 1); +#endif + if (crypto_config.crypto_create_fecf == CRYPTO_TC_CREATE_FECF_TRUE) + { + *new_fecf = Crypto_Calc_FECF(p_new_enc_frame, new_enc_frame_header_field_length - 1); + *(p_new_enc_frame + new_enc_frame_header_field_length - 1) = (uint8_t)((*new_fecf & 0xFF00) >> 8); + *(p_new_enc_frame + new_enc_frame_header_field_length) = (uint8_t)(*new_fecf & 0x00FF); + } + else // CRYPTO_TC_CREATE_FECF_FALSE + { + *(p_new_enc_frame + new_enc_frame_header_field_length - 1) = (uint8_t)0x00; + *(p_new_enc_frame + new_enc_frame_header_field_length) = (uint8_t)0x00; + } + index += 2; + } + *index_p = index; + return status; +} + +int32_t Crypto_TC_Check_Init_Setup(uint16_t in_frame_length) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + + if ((crypto_config.init_status == UNITIALIZED) || (mc_if == NULL) || (sa_if == NULL)) + { + printf(KRED "ERROR: CryptoLib Configuration Not Set! -- CRYPTO_LIB_ERR_NO_CONFIG, Will Exit\n" RESET); + status = CRYPTO_LIB_ERR_NO_CONFIG; + // Can't mc_log since it's not configured + return status; // return immediately so a NULL crypto_config is not dereferenced later + } + + if (in_frame_length < 5) // Frame length doesn't have enough bytes for TC TF header -- error out. + { + status = CRYPTO_LIB_ERR_INPUT_FRAME_TOO_SHORT_FOR_TC_STANDARD; + mc_if->mc_log(status); + return status; + } + + return status; +} /** * @brief Function: Crypto_TC_ApplySecurity @@ -227,22 +578,14 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in uint16_t tmp = in_frame_length; tmp = tmp; #endif - - if ((crypto_config.init_status == UNITIALIZED) || (mc_if == NULL) || (sa_if == NULL)) - { - printf(KRED "ERROR: CryptoLib Configuration Not Set! -- CRYPTO_LIB_ERR_NO_CONFIG, Will Exit\n" RESET); - status = CRYPTO_LIB_ERR_NO_CONFIG; - // Can't mc_log since it's not configured - return status; // return immediately so a NULL crypto_config is not dereferenced later - } - - if (in_frame_length < 5) // Frame length doesn't have enough bytes for TC TF header -- error out. + + status = Crypto_TC_Check_Init_Setup(in_frame_length); + if (status != CRYPTO_LIB_SUCCESS) { - status = CRYPTO_LIB_ERR_INPUT_FRAME_TOO_SHORT_FOR_TC_STANDARD; - mc_if->mc_log(status); + // No Logging - as MC might not be initialized return status; } - + // Primary Header temp_tc_header.tfvn = ((uint8_t)p_in_frame[0] & 0xC0) >> 6; temp_tc_header.bypass = ((uint8_t)p_in_frame[0] & 0x20) >> 5; @@ -343,19 +686,11 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in } #endif - // Determine if segment header exists + // Determine if segment header exists and FECF exists uint8_t segment_hdr_len = TC_SEGMENT_HDR_SIZE; - if (current_managed_parameters->has_segmentation_hdr == TC_NO_SEGMENT_HDRS) - { - segment_hdr_len = 0; - } - - // Determine if FECF exists uint8_t fecf_len = FECF_SIZE; - if (current_managed_parameters->has_fecf == TC_NO_FECF) - { - fecf_len = 0; - } + + Crypto_TC_Calc_Lengths(&fecf_len, &segment_hdr_len); // Calculate tf_payload length here to be used in other logic tf_payload_len = temp_tc_header.fl - TC_FRAME_HEADER_SIZE - segment_hdr_len - fecf_len + 1; @@ -391,36 +726,21 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in } // Ensure the frame to be created will not violate managed parameter maximum length - if (*p_enc_frame_len > current_managed_parameters->max_frame_size) - { -#ifdef DEBUG - printf("Managed length is: %d\n", current_managed_parameters->max_frame_size); - printf("New enc frame length will be: %d\n", *p_enc_frame_len); -#endif - printf(KRED "Error: New frame would violate maximum tc frame managed parameter! \n" RESET); - status = CRYPTO_LIB_ERR_TC_FRAME_SIZE_EXCEEDS_MANAGED_PARAM_MAX_LIMIT; - mc_if->mc_log(status); - return status; - } - // Ensure the frame to be created will not violate spec max length - if (*p_enc_frame_len > 1024) + status = Crypto_TC_Frame_Validation(p_enc_frame_len); + if(status != CRYPTO_LIB_SUCCESS) { - printf(KRED "Error: New frame would violate specification max TC frame size! \n" RESET); - status = CRYPTO_LIB_ERR_TC_FRAME_SIZE_EXCEEDS_SPEC_LIMIT; mc_if->mc_log(status); return status; } // Accio buffer - p_new_enc_frame = (uint8_t*)malloc((*p_enc_frame_len) * sizeof(uint8_t)); - if (!p_new_enc_frame) - { - printf(KRED "Error: Malloc for encrypted output buffer failed! \n" RESET); - status = CRYPTO_LIB_ERROR; + status = Crypto_TC_Accio_Buffer(&p_new_enc_frame, p_enc_frame_len); + if(status != CRYPTO_LIB_SUCCESS) + { mc_if->mc_log(status); return status; } - memset(p_new_enc_frame, 0, *p_enc_frame_len); + #ifdef TC_DEBUG printf(KYEL "DEBUG - Total TC Buffer to be malloced is: %d bytes\n" RESET, *p_enc_frame_len); @@ -491,53 +811,18 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in printf("\n" RESET); } #endif - - // if(sa_service_type != SA_PLAINTEXT) - //{ - // return CRYPTO_LIB_ERR_NULL_CIPHERS; - // } - - if ((sa_ptr->est == 0) && (sa_ptr->ast == 1)) + status = Crypto_TC_ACS_Algo_Check(sa_ptr); + if(status != CRYPTO_LIB_SUCCESS) { - if (sa_ptr->acs_len != 0) - { - if ((sa_ptr->acs == CRYPTO_MAC_CMAC_AES256 || sa_ptr->acs == CRYPTO_MAC_HMAC_SHA256 || sa_ptr->acs == CRYPTO_MAC_HMAC_SHA512) && - sa_ptr->iv_len > 0) - { - status = CRYPTO_LIB_ERR_IV_NOT_SUPPORTED_FOR_ACS_ALGO; - mc_if->mc_log(status); - return status; - } - } + mc_if->mc_log(status); + return status; } - if (crypto_config.iv_type == IV_INTERNAL) - { - // Start index from the transmitted portion - for (i = sa_ptr->iv_len - sa_ptr->shivf_len; i < sa_ptr->iv_len; i++) - { - *(p_new_enc_frame + index) = *(sa_ptr->iv + i); - index++; - } - } - // IV is NULL / IV_CRYPTO_MODULE - else + status = Crypto_TC_Check_IV_Setup(sa_ptr, p_new_enc_frame, &index); + if(status != CRYPTO_LIB_SUCCESS) { - // Transmitted length > 0, AND using KMC_CRYPTO - if ((sa_ptr->shivf_len > 0) && (crypto_config.cryptography_type == CRYPTOGRAPHY_TYPE_KMCCRYPTO)) - { - index += sa_ptr->iv_len - (sa_ptr->iv_len - sa_ptr->shivf_len); - } - else if (sa_ptr->shivf_len == 0) - { - // IV isn't being used, so don't care if it's Null - } - else - { - status = CRYPTO_LIB_ERR_NULL_IV; - mc_if->mc_log(status); - return status; - } + mc_if->mc_log(status); + return status; } // Set anti-replay sequence number if specified @@ -613,232 +898,14 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in ** Begin Authentication / Encryption */ - if (sa_service_type != SA_PLAINTEXT) + status = Crypto_TC_Do_Encrypt(sa_service_type, sa_ptr, &mac_loc, tf_payload_len, segment_hdr_len, p_new_enc_frame, ekp, &aad, ecs_is_aead_algorithm, &index, p_in_frame, cam_cookies, pkcs_padding, new_enc_frame_header_field_length, &new_fecf); + if(status != CRYPTO_LIB_SUCCESS) { - uint8_t* mac_ptr = NULL; - uint16_t aad_len = 0; - - if (sa_service_type == SA_AUTHENTICATED_ENCRYPTION || sa_service_type == SA_AUTHENTICATION) - { - mac_loc = TC_FRAME_HEADER_SIZE + segment_hdr_len + SPI_LEN + sa_ptr->shivf_len + sa_ptr->shsnf_len + - sa_ptr->shplf_len + tf_payload_len; -#ifdef MAC_DEBUG - printf(KYEL "MAC location is: %d\n" RESET, mac_loc); - printf(KYEL "MAC size is: %d\n" RESET, sa_ptr->stmacf_len); -#endif - mac_ptr = &p_new_enc_frame[mac_loc]; - - // Prepare the Header AAD (CCSDS 335.0-B-1 4.2.3.2.2.3) - aad_len = TC_FRAME_HEADER_SIZE + segment_hdr_len + SPI_LEN + sa_ptr->shivf_len + - sa_ptr->shsnf_len + sa_ptr->shplf_len; - if (sa_service_type == SA_AUTHENTICATION) // auth only, we authenticate the payload as part of the AEAD encrypt call here - { - aad_len += tf_payload_len; - } -#ifdef TC_DEBUG - printf("Calculated AAD Length: %d\n", aad_len); -#endif - if (sa_ptr->abm_len < aad_len) - { - status = CRYPTO_LIB_ERR_ABM_TOO_SHORT_FOR_AAD; - mc_if->mc_log(status); - return status; - } - aad = Crypto_Prepare_TC_AAD(p_new_enc_frame, aad_len, sa_ptr->abm); - } - -#ifdef TC_DEBUG - printf("Encrypted bytes output_loc is %d\n", index); - printf("Input bytes input_loc is %d\n", TC_FRAME_HEADER_SIZE + segment_hdr_len); -#endif - - /* Get Key */ - ekp = key_if->get_key(sa_ptr->ekid); - if (ekp == NULL) - { - status = CRYPTO_LIB_ERR_KEY_ID_ERROR; - mc_if->mc_log(status); - return status; - } - - if (ecs_is_aead_algorithm == CRYPTO_TRUE) - { - // Check that key length to be used ets the algorithm requirement - if ((int32_t)ekp->key_len != Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs)) - { - if (!aad) free(aad); - status = CRYPTO_LIB_ERR_KEY_LENGTH_ERROR; - mc_if->mc_log(status); - return status; - } - - status = cryptography_if->cryptography_aead_encrypt(&p_new_enc_frame[index], // ciphertext output - (size_t)tf_payload_len, // length of data - (uint8_t*)(p_in_frame + TC_FRAME_HEADER_SIZE + segment_hdr_len), // plaintext input - (size_t)tf_payload_len, // in data length - &(ekp->value[0]), // Key - Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs), // Length of key derived from sa_ptr key_ref - sa_ptr, // SA (for key reference) - sa_ptr->iv, // IV - sa_ptr->iv_len, // IV Length - mac_ptr, // tag output - sa_ptr->stmacf_len, // tag size - aad, // AAD Input - aad_len, // Length of AAD - (sa_ptr->est == 1), - (sa_ptr->ast == 1), - (sa_ptr->ast == 1), - &sa_ptr->ecs, // encryption cipher - &sa_ptr->acs, // authentication cipher - cam_cookies); - } - else // non aead algorithm - { - // TODO - implement non-AEAD algorithm logic - if (sa_service_type == SA_ENCRYPTION) - { - // Check that key length to be used ets the algorithm requirement - if ((int32_t)ekp->key_len != Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs)) - { - if (!aad) free(aad); - return CRYPTO_LIB_ERR_KEY_LENGTH_ERROR; - } - - status = cryptography_if->cryptography_encrypt(&p_new_enc_frame[index], // ciphertext output - (size_t)tf_payload_len, - &p_new_enc_frame[index], // length of data - //(uint8_t*)(p_in_frame + TC_FRAME_HEADER_SIZE + segment_hdr_len), // plaintext input - (size_t)tf_payload_len, // in data length - // new_frame_length, - &(ekp->value[0]), // Key - Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs), // Length of key derived from sa_ptr key_ref - sa_ptr, // SA (for key reference) - sa_ptr->iv, // IV - sa_ptr->iv_len, // IV Length - &sa_ptr->ecs, // encryption cipher - pkcs_padding, - cam_cookies); - } - - if (sa_service_type == SA_AUTHENTICATION) - { - /* Get Key */ - crypto_key_t* akp = NULL; - akp = key_if->get_key(sa_ptr->akid); - if (akp == NULL) - { - return CRYPTO_LIB_ERR_KEY_ID_ERROR; - } - - // Check that key length to be used ets the algorithm requirement - if ((int32_t)akp->key_len != Crypto_Get_ACS_Algo_Keylen(sa_ptr->acs)) - { - if (!aad) free(aad); - return CRYPTO_LIB_ERR_KEY_LENGTH_ERROR; - } - - status = cryptography_if->cryptography_authenticate(&p_new_enc_frame[index], // ciphertext output - (size_t)tf_payload_len, // length of data - (uint8_t*)(p_in_frame + TC_FRAME_HEADER_SIZE + segment_hdr_len), // plaintext input - (size_t)tf_payload_len, // in data length - &(akp->value[0]), // Key - Crypto_Get_ACS_Algo_Keylen(sa_ptr->acs), - sa_ptr, // SA (for key reference) - sa_ptr->iv, // IV - sa_ptr->iv_len, // IV Length - mac_ptr, // tag output - sa_ptr->stmacf_len, // tag size - aad, // AAD Input - aad_len, // Length of AAD - sa_ptr->ecs, // encryption cipher - sa_ptr->acs, // authentication cipher - cam_cookies); - } - } - if (status != CRYPTO_LIB_SUCCESS) - { - if (!aad) free(aad); - mc_if->mc_log(status); - return status; // Cryptography IF call failed, return. - } + mc_if->mc_log(status); + return status; } - if (sa_service_type != SA_PLAINTEXT) - { -#ifdef INCREMENT - if (crypto_config.crypto_increment_nontransmitted_iv == SA_INCREMENT_NONTRANSMITTED_IV_TRUE) - { - if (sa_ptr->shivf_len > 0 && sa_ptr->iv_len != 0) - { - Crypto_increment(sa_ptr->iv, sa_ptr->iv_len); - } - } - else // SA_INCREMENT_NONTRANSMITTED_IV_FALSE - { - // Only increment the transmitted portion - if (sa_ptr->shivf_len > 0 && sa_ptr->iv_len != 0) - { - Crypto_increment(sa_ptr->iv + (sa_ptr->iv_len - sa_ptr->shivf_len), sa_ptr->shivf_len); - } - } - if (sa_ptr->shsnf_len > 0) - { - Crypto_increment(sa_ptr->arsn, sa_ptr->arsn_len); - } -#ifdef SA_DEBUG - if (sa_ptr->iv_len > 0) - { - printf(KYEL "Next IV value is:\n\t"); - for (i = 0; i < sa_ptr->iv_len; i++) - { - printf("%02x", *(sa_ptr->iv + i)); - } - printf("\n" RESET); - printf(KYEL "Next transmitted IV value is:\n\t"); - for (i = sa_ptr->iv_len - sa_ptr->shivf_len; i < sa_ptr->iv_len; i++) - { - printf("%02x", *(sa_ptr->iv + i)); - } - printf("\n" RESET); - } - printf(KYEL "Next ARSN value is:\n\t"); - for (i = 0; i < sa_ptr->arsn_len; i++) - { - printf("%02x", *(sa_ptr->arsn + i)); - } - printf("\n" RESET); - printf(KYEL "Next transmitted ARSN value is:\n\t"); - for (i = sa_ptr->arsn_len - sa_ptr->shsnf_len; i < sa_ptr->arsn_len; i++) - { - printf("%02x", *(sa_ptr->arsn + i)); - } - printf("\n" RESET); -#endif -#endif - } - /* - ** End Authentication / Encryption - */ - // Only calculate & insert FECF if CryptoLib is configured to do so & gvcid includes FECF. - if (current_managed_parameters->has_fecf == TC_HAS_FECF) - { -#ifdef FECF_DEBUG - printf(KCYN "Calcing FECF over %d bytes\n" RESET, new_enc_frame_header_field_length - 1); -#endif - if (crypto_config.crypto_create_fecf == CRYPTO_TC_CREATE_FECF_TRUE) - { - new_fecf = Crypto_Calc_FECF(p_new_enc_frame, new_enc_frame_header_field_length - 1); - *(p_new_enc_frame + new_enc_frame_header_field_length - 1) = (uint8_t)((new_fecf & 0xFF00) >> 8); - *(p_new_enc_frame + new_enc_frame_header_field_length) = (uint8_t)(new_fecf & 0x00FF); - } - else // CRYPTO_TC_CREATE_FECF_FALSE - { - *(p_new_enc_frame + new_enc_frame_header_field_length - 1) = (uint8_t)0x00; - *(p_new_enc_frame + new_enc_frame_header_field_length) = (uint8_t)0x00; - } - index += 2; - } #ifdef TC_DEBUG printf(KYEL "Printing new TC Frame of length %d:\n\t", *p_enc_frame_len); @@ -851,13 +918,12 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in *pp_in_frame = p_new_enc_frame; - status = sa_if->sa_save_sa(sa_ptr); #ifdef DEBUG printf(KYEL "----- Crypto_TC_ApplySecurity END -----\n" RESET); #endif - if (!aad) free(aad); + Crypto_TC_Safe_Free_Ptr(aad); mc_if->mc_log(status); return status; } From 174e896c0f1587f4b4a0b0ed21d567a6ba2496d6 Mon Sep 17 00:00:00 2001 From: "Lucas, John P" Date: Fri, 15 Mar 2024 09:23:17 -0400 Subject: [PATCH 010/174] [nasa/nos3#202] Updated standalone to use host to ip translation; --- support/standalone/standalone.c | 162 ++++++++++++++++++++++---------- support/standalone/standalone.h | 20 +++- 2 files changed, 131 insertions(+), 51 deletions(-) diff --git a/support/standalone/standalone.c b/support/standalone/standalone.c index 32d905d2..d3fc719f 100644 --- a/support/standalone/standalone.c +++ b/support/standalone/standalone.c @@ -219,7 +219,27 @@ int32_t crypto_standalone_process_command(int32_t cc, int32_t num_tokens, char* return status; } -int32_t crypto_standalone_udp_init(udp_info_t* sock, int32_t port) +int32_t crypto_host_to_ip(const char * hostname, char* ip) +{ + struct hostent *he; + struct in_addr **addr_list; + + if ( (he = gethostbyname( hostname ) ) == NULL ) + { + return 1; + } + + addr_list = (struct in_addr **) he->h_addr_list; + + for(int i=0; addr_list[i] != NULL; i++) + { + strcpy(ip, inet_ntoa(*addr_list[i]) ); + return 0; + } + return 1; +} + +int32_t crypto_standalone_udp_init(udp_info_t* sock, int32_t port, uint8_t bind_sock) { int status = CRYPTO_LIB_SUCCESS; int optval; @@ -231,19 +251,35 @@ int32_t crypto_standalone_udp_init(udp_info_t* sock, int32_t port) sock->sockfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_IP); if (sock->sockfd == -1) { - printf("udp_init: Socket create error port %d", sock->port); + printf("udp_init: Socket create error port %d \n", sock->port); } + /* Determine IP */ + sock->saddr.sin_family = AF_INET; + if(inet_addr(sock->ip_address) != INADDR_NONE) + { + sock->saddr.sin_addr.s_addr = inet_addr(sock->ip_address); + } + else + { + char ip[16]; + int check = crypto_host_to_ip(sock->ip_address, ip); + if(check == 0) + { + sock->saddr.sin_addr.s_addr = inet_addr(ip); + } + } + sock->saddr.sin_port = htons(sock->port); + /* Bind */ - struct sockaddr_in saddr; - saddr.sin_family = AF_INET; - saddr.sin_addr.s_addr = inet_addr("0.0.0.0"); - saddr.sin_port = htons(sock->port); - status = bind(sock->sockfd, (struct sockaddr*)&saddr, sizeof(saddr)); - if (status != 0) + if (bind_sock > 0) { - printf(" udp_init: Socker bind error with port %d", sock->port); - status = CRYPTO_LIB_ERROR; + status = bind(sock->sockfd, (struct sockaddr*)&sock->saddr, sizeof(sock->saddr)); + if (status != 0) + { + printf(" udp_init: Socker bind error with port %d \n", sock->port); + status = CRYPTO_LIB_ERROR; + } } /* Keep Alive */ @@ -297,10 +333,12 @@ void crypto_standalone_tc_frame(uint8_t* in_data, uint16_t in_length, uint8_t* o /* SDLS Trailer */ } -void *crypto_standalone_tc_apply(void* sock) +void *crypto_standalone_tc_apply(void* socks) { int32_t status = CRYPTO_LIB_SUCCESS; - udp_info_t* tc_sock = (udp_info_t* )sock; + udp_interface_t* tc_socks = (udp_interface_t*)socks; + udp_info_t* tc_read_sock = &tc_socks->read; + udp_info_t* tc_write_sock = &tc_socks->write; uint8_t tc_apply_in[TC_MAX_FRAME_SIZE]; uint16_t tc_in_len = 0; @@ -311,21 +349,15 @@ void *crypto_standalone_tc_apply(void* sock) uint8_t tc_framed[TC_MAX_FRAME_SIZE]; #endif - struct sockaddr_in rcv_addr; - struct sockaddr_in fwd_addr; int sockaddr_size = sizeof(struct sockaddr_in); - fwd_addr.sin_family = AF_INET; - fwd_addr.sin_addr.s_addr = inet_addr("0.0.0.0"); - fwd_addr.sin_port = htons(TC_APPLY_FWD_PORT); - /* Prepare */ memset(tc_apply_in, 0x00, sizeof(tc_apply_in)); while (keepRunning == CRYPTO_LIB_SUCCESS) { /* Receive */ - status = recvfrom(tc_sock->sockfd, tc_apply_in, sizeof(tc_apply_in), 0, (struct sockaddr*)&rcv_addr, (socklen_t*)&sockaddr_size); + status = recvfrom(tc_read_sock->sockfd, tc_apply_in, sizeof(tc_apply_in), 0, (struct sockaddr*)&tc_read_sock->ip_address, (socklen_t*)&sockaddr_size); if (status != -1) { tc_in_len = status; @@ -371,7 +403,7 @@ void *crypto_standalone_tc_apply(void* sock) } /* Reply */ - status = sendto(tc_sock->sockfd, tc_out_ptr, tc_out_len, 0, (struct sockaddr*)&fwd_addr, sizeof(fwd_addr)); + status = sendto(tc_write_sock->sockfd, tc_out_ptr, tc_out_len, 0, (struct sockaddr*)&tc_write_sock->saddr, sizeof(tc_write_sock->saddr)); if ((status == -1) || (status != tc_out_len)) { printf("crypto_standalone_tc_apply - Reply error %d \n", status); @@ -398,8 +430,9 @@ void *crypto_standalone_tc_apply(void* sock) /* Delay */ usleep(100); } - close(tc_sock->port); - return tc_sock; + close(tc_read_sock->port); + close(tc_write_sock->port); + return tc_read_sock; } void crypto_standalone_tm_frame(uint8_t* in_data, uint16_t in_length, uint8_t* out_data, uint16_t* out_length, uint16_t spi) @@ -428,11 +461,13 @@ void crypto_standalone_tm_frame(uint8_t* in_data, uint16_t in_length, uint8_t* o memcpy(out_data, &in_data[header_length], in_length - header_length - trailer_length); } -void* crypto_standalone_tm_process(void* sock) +void* crypto_standalone_tm_process(void* socks) { int32_t status = CRYPTO_LIB_SUCCESS; - udp_info_t* tm_sock = (udp_info_t*)sock; - + udp_interface_t* tm_socks = (udp_interface_t*)socks; + udp_info_t* tm_read_sock = &tm_socks->read; + udp_info_t* tm_write_sock = &tm_socks->write; + uint8_t tm_process_in[TM_CADU_SIZE]; // Accounts for ASM automatically based on #def int tm_process_len = 0; uint16_t spp_len = 0; @@ -444,18 +479,12 @@ void* crypto_standalone_tm_process(void* sock) uint16_t tm_framed_len = 0; #endif - struct sockaddr_in rcv_addr; - struct sockaddr_in fwd_addr; int sockaddr_size = sizeof(struct sockaddr_in); - fwd_addr.sin_family = AF_INET; - fwd_addr.sin_addr.s_addr = inet_addr("0.0.0.0"); - fwd_addr.sin_port = htons(TM_PROCESS_FWD_PORT); - while (keepRunning == CRYPTO_LIB_SUCCESS) { /* Receive */ - status = recvfrom(tm_sock->sockfd, tm_process_in, sizeof(tm_process_in), 0, (struct sockaddr*)&rcv_addr, (socklen_t*)&sockaddr_size); + status = recvfrom(tm_read_sock->sockfd, tm_process_in, sizeof(tm_process_in), 0, (struct sockaddr*)&tm_read_sock->ip_address, (socklen_t*)&sockaddr_size); if (status != -1) { tm_process_len = status; @@ -554,7 +583,7 @@ void* crypto_standalone_tm_process(void* sock) // Send all SPP telemetry packets if (tm_ptr[0] == 0x08) { - status = sendto(tm_sock->sockfd, tm_ptr, spp_len, 0, (struct sockaddr*)&fwd_addr, sizeof(fwd_addr)); + status = sendto(tm_write_sock->sockfd, tm_ptr, spp_len, 0, (struct sockaddr*)&tm_write_sock->ip_address, sockaddr_size); } // Only send idle packets if configured to do so else @@ -563,7 +592,7 @@ void* crypto_standalone_tm_process(void* sock) // Don't forward idle packets status = spp_len; #else - status = sendto(tm_sock->sockfd, tm_ptr, spp_len, 0, (struct sockaddr*)&fwd_addr, sizeof(fwd_addr)); + status = sendto(tm_write_sock->sockfd, tm_ptr, spp_len, 0, (struct sockaddr*)&m_write_sock->ip_address, sockaddr_size); #endif } @@ -583,7 +612,7 @@ void* crypto_standalone_tm_process(void* sock) // Don't forward idle frame status = spp_len; #else - status = sendto(tm_sock->sockfd, tm_ptr, tm_process_len, 0, (struct sockaddr*)&fwd_addr, sizeof(fwd_addr)); + status = sendto(tm_write_sock->sockfd, tm_ptr, tm_process_len, 0, (struct sockaddr*)&tm_write_sock->ip_address, sockaddr_size); if ((status == -1) || (status != spp_len)) { printf("crypto_standalone_tm_process - Reply error %d \n", status); @@ -615,8 +644,9 @@ void* crypto_standalone_tm_process(void* sock) /* Delay */ usleep(100); } - close(tm_sock->port); - return tm_sock; + close(tm_read_sock->port); + close(tm_write_sock->port); + return tm_read_sock; } void crypto_standalone_cleanup(const int signal) @@ -642,15 +672,22 @@ int main(int argc, char* argv[]) int cmd; char* token_ptr; - udp_info_t tc_apply; - udp_info_t tm_process; + udp_interface_t tc_apply; + udp_interface_t tm_process; + pthread_t tc_apply_thread; pthread_t tm_process_thread; + tc_apply.read.ip_address = CRYPTOLIB_HOSTNAME; + tc_apply.read.port = TC_APPLY_PORT; + tc_apply.write.ip_address = SC_HOSTNAME; + tc_apply.write.port = TC_APPLY_FWD_PORT; + tm_process.read.ip_address = CRYPTOLIB_HOSTNAME; + tm_process.read.port = TM_PROCESS_PORT; + tm_process.write.ip_address = GSW_HOSTNAME; + tm_process.write.port = TM_PROCESS_FWD_PORT; + printf("Starting CryptoLib in standalone mode! \n"); - printf(" TC Apply - UDP %d \n", TC_APPLY_PORT); - printf(" TM Process - UDP %d \n", TM_PROCESS_PORT); - printf("\n"); if (argc != 1) { printf("Invalid number of arguments! \n"); @@ -668,18 +705,37 @@ int main(int argc, char* argv[]) /* Initialize sockets */ if (keepRunning == CRYPTO_LIB_SUCCESS) { - status = crypto_standalone_udp_init(&tc_apply, TC_APPLY_PORT); + status = crypto_standalone_udp_init(&tc_apply.read, TC_APPLY_PORT, 1); + if (status != CRYPTO_LIB_SUCCESS) + { + printf("crypto_standalone_udp_init tc_apply.read failed with status %d \n", status); + keepRunning = CRYPTO_LIB_ERROR; + } + else + { + status = crypto_standalone_udp_init(&tc_apply.write, TC_APPLY_FWD_PORT, 0); + if (status != CRYPTO_LIB_SUCCESS) + { + printf("crypto_standalone_udp_init tc_apply.write failed with status %d \n", status); + keepRunning = CRYPTO_LIB_ERROR; + } + } + } + + if (keepRunning == CRYPTO_LIB_SUCCESS) + { + status = crypto_standalone_udp_init(&tm_process.read, TM_PROCESS_PORT, 1); if (status != CRYPTO_LIB_SUCCESS) { - printf("crypto_standalone_udp_init tc_apply failed with status %d \n", status); + printf("crypto_standalone_udp_init tm_apply.read failed with status %d \n", status); keepRunning = CRYPTO_LIB_ERROR; } else { - status = crypto_standalone_udp_init(&tm_process, TM_PROCESS_PORT); + status = crypto_standalone_udp_init(&tm_process.write, TM_PROCESS_FWD_PORT, 0); if (status != CRYPTO_LIB_SUCCESS) { - printf("crypto_standalone_udp_init tm_process failed with status %d \n", status); + printf("crypto_standalone_udp_init tc_apply.write failed with status %d \n", status); keepRunning = CRYPTO_LIB_ERROR; } } @@ -691,6 +747,14 @@ int main(int argc, char* argv[]) /* Start threads */ if (keepRunning == CRYPTO_LIB_SUCCESS) { + printf(" TC Apply \n"); + printf(" Read, UDP - %s : %d \n", tc_apply.read.ip_address, tc_apply.read.port); + printf(" Write, UDP - %s : %d \n", tc_apply.write.ip_address, tc_apply.write.port); + printf(" TM Process \n"); + printf(" Read, UDP - %s : %d \n", tm_process.read.ip_address, tm_process.read.port); + printf(" Write, UDP - %s : %d \n", tm_process.write.ip_address, tm_process.write.port); + printf("\n"); + status = pthread_create(&tc_apply_thread, NULL, *crypto_standalone_tc_apply, &tc_apply); if (status < 0) { @@ -745,8 +809,10 @@ int main(int argc, char* argv[]) } /* Cleanup */ - close(tc_apply.port); - close(tm_process.port); + close(tc_apply.read.port); + close(tc_apply.write.port); + close(tm_process.read.port); + close(tm_process.write.port); Crypto_Shutdown(); diff --git a/support/standalone/standalone.h b/support/standalone/standalone.h index 75ae0179..2da7bc90 100644 --- a/support/standalone/standalone.h +++ b/support/standalone/standalone.h @@ -32,10 +32,12 @@ extern "C" #include #include #include +#include //hostent #include #include #include #include +#include #include #include "crypto.h" @@ -45,6 +47,9 @@ extern "C" /* ** Configuration */ +#define CRYPTOLIB_HOSTNAME "cryptolib" +#define GSW_HOSTNAME "cosmos" +#define SC_HOSTNAME "radio_sim" #define TC_APPLY_PORT 6010 #define TC_APPLY_FWD_PORT 8010 #define TM_PROCESS_PORT 8011 @@ -89,9 +94,17 @@ extern "C" typedef struct { int sockfd; + char* ip_address; int port; + struct sockaddr_in saddr; } udp_info_t; +typedef struct +{ + udp_info_t read; + udp_info_t write; +} udp_interface_t; + /* ** Prototypes @@ -101,12 +114,13 @@ void crypto_standalone_to_lower(char* str); void crypto_standalone_print_help(void); int32_t crypto_standalone_get_command(const char* str); int32_t crypto_standalone_process_command(int32_t cc, int32_t num_tokens, char* tokens); -int32_t crypto_standalone_udp_init(udp_info_t* sock, int32_t port); +int32_t crypto_host_to_ip(const char * hostname, char* ip); +int32_t crypto_standalone_udp_init(udp_info_t* sock, int32_t port, uint8_t bind_sock); int32_t crypto_reset(void); void crypto_standalone_tc_frame(uint8_t* in_data, uint16_t in_length, uint8_t* out_data, uint16_t* out_length); -void* crypto_standalone_tc_apply(void* sock); +void* crypto_standalone_tc_apply(void* socks); void crypto_standalone_tm_frame(uint8_t* in_data, uint16_t in_length, uint8_t* out_data, uint16_t* out_length, uint16_t spi); -void* crypto_standalone_tm_process(void* sock); +void* crypto_standalone_tm_process(void* socks); void crypto_standalone_cleanup(const int signal); From 6e6436d9ff1840f71f3b2eae9a8b661c21b2e6cd Mon Sep 17 00:00:00 2001 From: Robert Brown Date: Fri, 15 Mar 2024 17:55:09 +0000 Subject: [PATCH 011/174] [nasa/cryptolib#196] TC_Apply Refactor --- src/core/crypto_tc.c | 366 ++++++++++++++++++++++++++----------------- 1 file changed, 225 insertions(+), 141 deletions(-) diff --git a/src/core/crypto_tc.c b/src/core/crypto_tc.c index 79b95590..9c5ad0f8 100644 --- a/src/core/crypto_tc.c +++ b/src/core/crypto_tc.c @@ -60,7 +60,6 @@ int32_t Crypto_TC_Get_SA_Service_Type(uint8_t* sa_service_type, SecurityAssociat return status; } - int32_t Crypto_TC_Get_Ciper_Mode_TCA(uint8_t sa_service_type, uint32_t* encryption_cipher, uint8_t* ecs_is_aead_algorithm, SecurityAssociation_t* sa_ptr) { int32_t status = CRYPTO_LIB_SUCCESS; @@ -168,6 +167,8 @@ int32_t Crypto_TC_Frame_Validation(uint16_t* p_enc_frame_len) printf(KRED "Error: New frame would violate maximum tc frame managed parameter! \n" RESET); status = CRYPTO_LIB_ERR_TC_FRAME_SIZE_EXCEEDS_MANAGED_PARAM_MAX_LIMIT; mc_if->mc_log(status); + printf("STATUS=%d\n", status); + return status; } // Ensure the frame to be created will not violate spec max length if ((*p_enc_frame_len > 1024) && status == CRYPTO_LIB_SUCCESS) @@ -249,13 +250,10 @@ int32_t Crypto_TC_Check_IV_Setup(SecurityAssociation_t* sa_ptr, uint8_t* p_new_e return status; } - -//TODO: Reduce Complexity -int32_t Crypto_TC_Do_Encrypt(uint8_t sa_service_type, SecurityAssociation_t* sa_ptr, uint16_t* mac_loc, uint16_t tf_payload_len, uint8_t segment_hdr_len, uint8_t* p_new_enc_frame, crypto_key_t* ekp, uint8_t** aad, uint8_t ecs_is_aead_algorithm, uint16_t *index_p, const uint8_t* p_in_frame, char* cam_cookies, uint32_t pkcs_padding, uint16_t new_enc_frame_header_field_length, uint16_t* new_fecf) +int32_t Crypto_TC_Do_Encrypt_PLAINTEXT(uint8_t sa_service_type, SecurityAssociation_t* sa_ptr, uint16_t* mac_loc, uint16_t tf_payload_len, uint8_t segment_hdr_len, uint8_t* p_new_enc_frame, crypto_key_t* ekp, uint8_t** aad, uint8_t ecs_is_aead_algorithm, uint16_t *index_p, const uint8_t* p_in_frame, char* cam_cookies, uint32_t pkcs_padding) { int32_t status = CRYPTO_LIB_SUCCESS; uint16_t index = *index_p; - int i; if (sa_service_type != SA_PLAINTEXT) { uint8_t* mac_ptr = NULL; @@ -397,7 +395,9 @@ int32_t Crypto_TC_Do_Encrypt(uint8_t sa_service_type, SecurityAssociation_t* sa_ sa_ptr->acs, // authentication cipher cam_cookies); } - } + + } + *index_p = index; if (status != CRYPTO_LIB_SUCCESS) { Crypto_TC_Safe_Free_Ptr(*aad); @@ -405,6 +405,12 @@ int32_t Crypto_TC_Do_Encrypt(uint8_t sa_service_type, SecurityAssociation_t* sa_ return status; // Cryptography IF call failed, return. } } + return status; +} + +void Crypto_TC_Do_Encrypt_NONPLAINTEXT(uint8_t sa_service_type, SecurityAssociation_t* sa_ptr) +{ + int i = 0; if (sa_service_type != SA_PLAINTEXT) { #ifdef INCREMENT @@ -459,6 +465,23 @@ int32_t Crypto_TC_Do_Encrypt(uint8_t sa_service_type, SecurityAssociation_t* sa_ #endif #endif } +} + +int32_t Crypto_TC_Do_Encrypt(uint8_t sa_service_type, SecurityAssociation_t* sa_ptr, uint16_t* mac_loc, uint16_t tf_payload_len, uint8_t segment_hdr_len, uint8_t* p_new_enc_frame, crypto_key_t* ekp, uint8_t** aad, uint8_t ecs_is_aead_algorithm, uint16_t *index_p, const uint8_t* p_in_frame, char* cam_cookies, uint32_t pkcs_padding, uint16_t new_enc_frame_header_field_length, uint16_t* new_fecf) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + uint16_t index = *index_p; + status = Crypto_TC_Do_Encrypt_PLAINTEXT(sa_service_type, sa_ptr, mac_loc, tf_payload_len, segment_hdr_len, p_new_enc_frame, ekp, aad, ecs_is_aead_algorithm, index_p, p_in_frame, cam_cookies, pkcs_padding); + if (status != CRYPTO_LIB_SUCCESS) + { + Crypto_TC_Safe_Free_Ptr(*aad); + mc_if->mc_log(status); + return status; + } + + //TODO: Status? + Crypto_TC_Do_Encrypt_NONPLAINTEXT(sa_service_type, sa_ptr); + /* ** End Authentication / Encryption */ @@ -508,55 +531,10 @@ int32_t Crypto_TC_Check_Init_Setup(uint16_t in_frame_length) return status; } -/** - * @brief Function: Crypto_TC_ApplySecurity - * Applies Security to incoming frame. Encryption, Authentication, and Authenticated Encryption - * @param p_in_frame: uint8* - * @param in_frame_length: uint16 - * @param pp_in_frame: uint8_t** - * @param p_enc_frame_len: uint16 - * @return int32: Success/Failure - **/ -int32_t Crypto_TC_ApplySecurity(const uint8_t* p_in_frame, const uint16_t in_frame_length, uint8_t** pp_in_frame, - uint16_t* p_enc_frame_len) -{ - // Passthrough to maintain original function signature when CAM isn't used. - return Crypto_TC_ApplySecurity_Cam(p_in_frame, in_frame_length, pp_in_frame, p_enc_frame_len, NULL); -} -/** - * @brief Function: Crypto_TC_ApplySecurity_Cam - * Applies Security to incoming frame. Encryption, Authentication, and Authenticated Encryption - * @param p_in_frame: uint8* - * @param in_frame_length: uint16 - * @param pp_in_frame: uint8_t** - * @param p_enc_frame_len: uint16 - * @param cam_cookies: char* - * @return int32: Success/Failure - **/ -int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in_frame_length, uint8_t** pp_in_frame, - uint16_t* p_enc_frame_len, char* cam_cookies) -{ - // Local Variables - int32_t status = CRYPTO_LIB_SUCCESS; - TC_FramePrimaryHeader_t temp_tc_header; - SecurityAssociation_t* sa_ptr = NULL; - uint8_t* p_new_enc_frame = NULL; - uint8_t sa_service_type = -1; - uint16_t mac_loc = 0; - uint16_t tf_payload_len = 0x0000; - uint16_t new_fecf = 0x0000; - uint8_t* aad = NULL; - uint16_t new_enc_frame_header_field_length = 0; - uint32_t encryption_cipher = 0; - uint8_t ecs_is_aead_algorithm; +int32_t Crypto_TC_Sanity_Setup(const uint8_t* p_in_frame, const uint16_t in_frame_length) +{ int i; - uint32_t pkcs_padding = 0; - crypto_key_t* ekp = NULL; - -#ifdef DEBUG - printf(KYEL "\n----- Crypto_TC_ApplySecurity START -----\n" RESET); -#endif - + uint32_t status = CRYPTO_LIB_SUCCESS; if (p_in_frame == NULL) { status = CRYPTO_LIB_ERR_NULL_BUFFER; @@ -585,19 +563,12 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in // No Logging - as MC might not be initialized return status; } - - // Primary Header - temp_tc_header.tfvn = ((uint8_t)p_in_frame[0] & 0xC0) >> 6; - temp_tc_header.bypass = ((uint8_t)p_in_frame[0] & 0x20) >> 5; - temp_tc_header.cc = ((uint8_t)p_in_frame[0] & 0x10) >> 4; - temp_tc_header.spare = ((uint8_t)p_in_frame[0] & 0x0C) >> 2; - temp_tc_header.scid = ((uint8_t)p_in_frame[0] & 0x03) << 8; - temp_tc_header.scid = temp_tc_header.scid | (uint8_t)p_in_frame[1]; - temp_tc_header.vcid = ((uint8_t)p_in_frame[2] & 0xFC) >> 2 & crypto_config.vcid_bitmask; - temp_tc_header.fl = ((uint8_t)p_in_frame[2] & 0x03) << 8; - temp_tc_header.fl = temp_tc_header.fl | (uint8_t)p_in_frame[3]; - temp_tc_header.fsn = (uint8_t)p_in_frame[4]; + return status; +} +int32_t Crytpo_TC_Validate_TC_Temp_Header(const uint16_t in_frame_length, TC_FramePrimaryHeader_t temp_tc_header, const uint8_t* p_in_frame, uint8_t* map_id, uint8_t* segmentation_hdr, SecurityAssociation_t** sa_ptr) +{ + int32_t status = CRYPTO_LIB_SUCCESS; if (in_frame_length < temp_tc_header.fl + 1) // Specified frame length larger than provided frame! { status = CRYPTO_LIB_ERR_INPUT_FRAME_LENGTH_SHORTER_THAN_FRAME_HEADERS_LENGTH; @@ -614,12 +585,10 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in return status; } // Unable to get necessary Managed Parameters for TC TF -- return with error. - uint8_t segmentation_hdr = 0x00; - uint8_t map_id = 0; if (current_managed_parameters->has_segmentation_hdr == TC_HAS_SEGMENT_HDRS) { - segmentation_hdr = p_in_frame[5]; - map_id = segmentation_hdr & 0x3F; + *segmentation_hdr = p_in_frame[5]; + *map_id = *segmentation_hdr & 0x3F; } // Check if command frame flag set @@ -631,7 +600,7 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in } status = sa_if->sa_get_operational_sa_from_gvcid(temp_tc_header.tfvn, temp_tc_header.scid, - temp_tc_header.vcid, map_id, &sa_ptr); + temp_tc_header.vcid, *map_id, sa_ptr); // If unable to get operational SA, can return if (status != CRYPTO_LIB_SUCCESS) { @@ -640,13 +609,193 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in } // Try to assure SA is sane - status = crypto_tc_validate_sa(sa_ptr); + status = crypto_tc_validate_sa(*sa_ptr); if (status != CRYPTO_LIB_SUCCESS) { mc_if->mc_log(status); return status; } + return status; +} + + +int32_t Crypto_TC_Finalize_Frame_Setup(uint8_t sa_service_type, uint32_t* pkcs_padding, uint16_t* p_enc_frame_len, uint16_t* new_enc_frame_header_field_length, uint16_t tf_payload_len, SecurityAssociation_t** sa_ptr, uint8_t** p_new_enc_frame) +{ + uint32_t status = CRYPTO_LIB_SUCCESS; + status = Crypto_TC_Handle_Enc_Padding(sa_service_type, pkcs_padding, p_enc_frame_len, new_enc_frame_header_field_length, tf_payload_len, *sa_ptr); + if(status != CRYPTO_LIB_SUCCESS) + { + mc_if->mc_log(status); + return status; + } + + status = Crypto_TC_Validate_SA_Service_Type(sa_service_type); + if(status != CRYPTO_LIB_SUCCESS) + { + mc_if->mc_log(status); + return status; + } + + // Ensure the frame to be created will not violate managed parameter maximum length + status = Crypto_TC_Frame_Validation(p_enc_frame_len); + if(status != CRYPTO_LIB_SUCCESS) + { + mc_if->mc_log(status); + return status; + } + + // Accio buffer + status = Crypto_TC_Accio_Buffer(p_new_enc_frame, p_enc_frame_len); + if(status != CRYPTO_LIB_SUCCESS) + { + mc_if->mc_log(status); + return status; + } + + return status; +} + +void Crypto_TC_Handle_Padding(uint32_t pkcs_padding, SecurityAssociation_t* sa_ptr, uint8_t* p_new_enc_frame, uint16_t* index) +{ + int i = 0; + uint16_t temp_index = *index; + if (pkcs_padding) + { + uint8_t hex_padding[3] = {0}; // TODO: Create #Define for the 3 + pkcs_padding = pkcs_padding & 0x00FFFFFF; // Truncate to be maxiumum of 3 bytes in size + + // Byte Magic + hex_padding[0] = (pkcs_padding >> 16) & 0xFF; + hex_padding[1] = (pkcs_padding >> 8) & 0xFF; + hex_padding[2] = (pkcs_padding)&0xFF; + + uint8_t padding_start = 0; + padding_start = 3 - sa_ptr->shplf_len; + + for (i = 0; i < sa_ptr->shplf_len; i++) + { + *(p_new_enc_frame + temp_index) = hex_padding[padding_start++]; + temp_index++; + } + *index = temp_index; + } +} + +int32_t Crypto_TC_Set_IV(SecurityAssociation_t* sa_ptr, uint8_t* p_new_enc_frame, uint16_t* index) +{ + uint32_t status = CRYPTO_LIB_SUCCESS; + int i = 0; + #ifdef SA_DEBUG + if (sa_ptr->shivf_len > 0 && sa_ptr->iv != NULL) + { + printf(KYEL "Using IV value:\n\t"); + for (i = 0; i < sa_ptr->iv_len; i++) + { + printf("%02x", *(sa_ptr->iv + i)); + } + printf("\n" RESET); + printf(KYEL "Transmitted IV value:\n\t"); + for (i = sa_ptr->iv_len - sa_ptr->shivf_len; i < sa_ptr->iv_len; i++) + { + printf("%02x", *(sa_ptr->iv + i)); + } + printf("\n" RESET); + } +#endif + status = Crypto_TC_ACS_Algo_Check(sa_ptr); + if(status != CRYPTO_LIB_SUCCESS) + { + mc_if->mc_log(status); + return status; + } + + status = Crypto_TC_Check_IV_Setup(sa_ptr, p_new_enc_frame, index); + if(status != CRYPTO_LIB_SUCCESS) + { + mc_if->mc_log(status); + return status; + } + return status; +} + +/** + * @brief Function: Crypto_TC_ApplySecurity + * Applies Security to incoming frame. Encryption, Authentication, and Authenticated Encryption + * @param p_in_frame: uint8* + * @param in_frame_length: uint16 + * @param pp_in_frame: uint8_t** + * @param p_enc_frame_len: uint16 + * @return int32: Success/Failure + **/ +int32_t Crypto_TC_ApplySecurity(const uint8_t* p_in_frame, const uint16_t in_frame_length, uint8_t** pp_in_frame, + uint16_t* p_enc_frame_len) +{ + // Passthrough to maintain original function signature when CAM isn't used. + return Crypto_TC_ApplySecurity_Cam(p_in_frame, in_frame_length, pp_in_frame, p_enc_frame_len, NULL); +} +/** + * @brief Function: Crypto_TC_ApplySecurity_Cam + * Applies Security to incoming frame. Encryption, Authentication, and Authenticated Encryption + * @param p_in_frame: uint8* + * @param in_frame_length: uint16 + * @param pp_in_frame: uint8_t** + * @param p_enc_frame_len: uint16 + * @param cam_cookies: char* + * @return int32: Success/Failure + **/ +int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in_frame_length, uint8_t** pp_in_frame, + uint16_t* p_enc_frame_len, char* cam_cookies) +{ + // Local Variables + int32_t status = CRYPTO_LIB_SUCCESS; + TC_FramePrimaryHeader_t temp_tc_header; + SecurityAssociation_t* sa_ptr = NULL; + uint8_t* p_new_enc_frame = NULL; + uint8_t sa_service_type = -1; + uint16_t mac_loc = 0; + uint16_t tf_payload_len = 0x0000; + uint16_t new_fecf = 0x0000; + uint8_t* aad = NULL; + uint16_t new_enc_frame_header_field_length = 0; + uint32_t encryption_cipher = 0; + uint8_t ecs_is_aead_algorithm; + int i; + uint32_t pkcs_padding = 0; + crypto_key_t* ekp = NULL; + uint8_t map_id = 0; + uint8_t segmentation_hdr = 0x00; + +#ifdef DEBUG + printf(KYEL "\n----- Crypto_TC_ApplySecurity START -----\n" RESET); +#endif + + status = Crypto_TC_Sanity_Setup(p_in_frame, in_frame_length); + if (status != CRYPTO_LIB_SUCCESS) + { + // Logging handled inside sanity setup functionality + return status; + } + + // Primary Header + temp_tc_header.tfvn = ((uint8_t)p_in_frame[0] & 0xC0) >> 6; + temp_tc_header.bypass = ((uint8_t)p_in_frame[0] & 0x20) >> 5; + temp_tc_header.cc = ((uint8_t)p_in_frame[0] & 0x10) >> 4; + temp_tc_header.spare = ((uint8_t)p_in_frame[0] & 0x0C) >> 2; + temp_tc_header.scid = ((uint8_t)p_in_frame[0] & 0x03) << 8; + temp_tc_header.scid = temp_tc_header.scid | (uint8_t)p_in_frame[1]; + temp_tc_header.vcid = ((uint8_t)p_in_frame[2] & 0xFC) >> 2 & crypto_config.vcid_bitmask; + temp_tc_header.fl = ((uint8_t)p_in_frame[2] & 0x03) << 8; + temp_tc_header.fl = temp_tc_header.fl | (uint8_t)p_in_frame[3]; + temp_tc_header.fsn = (uint8_t)p_in_frame[4]; + + status = Crytpo_TC_Validate_TC_Temp_Header(in_frame_length, temp_tc_header, p_in_frame, &map_id, &segmentation_hdr, &sa_ptr); + if (status != CRYPTO_LIB_SUCCESS) + { + return status; + } + + #ifdef SA_DEBUG printf(KYEL "DEBUG - Printing SA Entry for current frame.\n" RESET); Crypto_saPrint(sa_ptr); @@ -711,30 +860,8 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in *p_enc_frame_len = temp_tc_header.fl + 1 + 2 + sa_ptr->shivf_len + sa_ptr->shsnf_len + sa_ptr->shplf_len + sa_ptr->stmacf_len; new_enc_frame_header_field_length = (*p_enc_frame_len) - 1; - status = Crypto_TC_Handle_Enc_Padding(sa_service_type, &pkcs_padding, p_enc_frame_len, &new_enc_frame_header_field_length, tf_payload_len, sa_ptr); - if(status != CRYPTO_LIB_SUCCESS) - { - mc_if->mc_log(status); - return status; - } - - status = Crypto_TC_Validate_SA_Service_Type(sa_service_type); - if(status != CRYPTO_LIB_SUCCESS) - { - mc_if->mc_log(status); - return status; - } - - // Ensure the frame to be created will not violate managed parameter maximum length - status = Crypto_TC_Frame_Validation(p_enc_frame_len); - if(status != CRYPTO_LIB_SUCCESS) - { - mc_if->mc_log(status); - return status; - } - - // Accio buffer - status = Crypto_TC_Accio_Buffer(&p_new_enc_frame, p_enc_frame_len); + // Finalize frame setup + status = Crypto_TC_Finalize_Frame_Setup(sa_service_type, &pkcs_padding, p_enc_frame_len, &new_enc_frame_header_field_length, tf_payload_len, &sa_ptr, &p_new_enc_frame); if(status != CRYPTO_LIB_SUCCESS) { mc_if->mc_log(status); @@ -794,31 +921,7 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in index += 2; // Set initialization vector if specified -#ifdef SA_DEBUG - if (sa_ptr->shivf_len > 0 && sa_ptr->iv != NULL) - { - printf(KYEL "Using IV value:\n\t"); - for (i = 0; i < sa_ptr->iv_len; i++) - { - printf("%02x", *(sa_ptr->iv + i)); - } - printf("\n" RESET); - printf(KYEL "Transmitted IV value:\n\t"); - for (i = sa_ptr->iv_len - sa_ptr->shivf_len; i < sa_ptr->iv_len; i++) - { - printf("%02x", *(sa_ptr->iv + i)); - } - printf("\n" RESET); - } -#endif - status = Crypto_TC_ACS_Algo_Check(sa_ptr); - if(status != CRYPTO_LIB_SUCCESS) - { - mc_if->mc_log(status); - return status; - } - - status = Crypto_TC_Check_IV_Setup(sa_ptr, p_new_enc_frame, &index); + status = Crypto_TC_Set_IV(sa_ptr, p_new_enc_frame, &index); if(status != CRYPTO_LIB_SUCCESS) { mc_if->mc_log(status); @@ -851,26 +954,7 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in ** cryptographic process, consisting of an integral number of octets. - CCSDS 3550b1 */ // TODO: Set this depending on crypto cipher used - - if (pkcs_padding) - { - uint8_t hex_padding[3] = {0}; // TODO: Create #Define for the 3 - pkcs_padding = pkcs_padding & 0x00FFFFFF; // Truncate to be maxiumum of 3 bytes in size - - // Byte Magic - hex_padding[0] = (pkcs_padding >> 16) & 0xFF; - hex_padding[1] = (pkcs_padding >> 8) & 0xFF; - hex_padding[2] = (pkcs_padding)&0xFF; - - uint8_t padding_start = 0; - padding_start = 3 - sa_ptr->shplf_len; - - for (i = 0; i < sa_ptr->shplf_len; i++) - { - *(p_new_enc_frame + index) = hex_padding[padding_start++]; - index++; - } - } + Crypto_TC_Handle_Padding(pkcs_padding, sa_ptr, p_new_enc_frame, &index); /* ** End Security Header Fields From 69846e92060c5e6114c7939b69372b861e464744 Mon Sep 17 00:00:00 2001 From: Robert Brown Date: Fri, 15 Mar 2024 18:44:37 +0000 Subject: [PATCH 012/174] [nasa/cryptolib#196] cryptography_aead_encrypt refactor --- ...ryptography_interface_libgcrypt.template.c | 122 +++++++++++------- 1 file changed, 77 insertions(+), 45 deletions(-) diff --git a/src/crypto/libgcrypt/cryptography_interface_libgcrypt.template.c b/src/crypto/libgcrypt/cryptography_interface_libgcrypt.template.c index 7b8ea32f..90b467d6 100644 --- a/src/crypto/libgcrypt/cryptography_interface_libgcrypt.template.c +++ b/src/crypto/libgcrypt/cryptography_interface_libgcrypt.template.c @@ -509,64 +509,54 @@ static int32_t cryptography_encrypt(uint8_t* data_out, size_t len_data_out, return status; } -static int32_t cryptography_aead_encrypt(uint8_t* data_out, size_t len_data_out, - uint8_t* data_in, size_t len_data_in, - uint8_t* key, uint32_t len_key, - SecurityAssociation_t* sa_ptr, // For key index or key references (when key not passed in explicitly via key param) - uint8_t* iv, uint32_t iv_len, - uint8_t* mac, uint32_t mac_size, - uint8_t* aad, uint32_t aad_len, - uint8_t encrypt_bool, uint8_t authenticate_bool, - uint8_t aad_bool, uint8_t* ecs, uint8_t* acs, char* cam_cookies) +int32_t cryptography_verify_ecs_enum_algo(uint8_t* ecs, int32_t* algo, int32_t* mode) { - gcry_error_t gcry_error = GPG_ERR_NO_ERROR; - gcry_cipher_hd_t tmp_hd; int32_t status = CRYPTO_LIB_SUCCESS; - uint8_t* key_ptr = key; - - // Fix warning - acs = acs; - cam_cookies = cam_cookies; - - sa_ptr = sa_ptr; // Unused in this implementation - - // Select correct libgcrypt ecs enum - int32_t algo = -1; if (ecs != NULL) { - algo = cryptography_get_ecs_algo(*ecs); - if (algo == CRYPTO_LIB_ERR_UNSUPPORTED_ECS) + *algo = cryptography_get_ecs_algo(*ecs); + if (*algo == CRYPTO_LIB_ERR_UNSUPPORTED_ECS) { - return CRYPTO_LIB_ERR_UNSUPPORTED_ECS; + status = CRYPTO_LIB_ERR_UNSUPPORTED_ECS; + return status; } } else { - return CRYPTO_LIB_ERR_NULL_ECS_PTR; + status = CRYPTO_LIB_ERR_NULL_ECS_PTR; + return status; } // Verify the mode to accompany the ecs enum - int32_t mode = -1; - mode = cryptography_get_ecs_mode(*ecs); - if (mode == CRYPTO_LIB_ERR_UNSUPPORTED_ECS_MODE) return CRYPTO_LIB_ERR_UNSUPPORTED_ECS_MODE; - - // TODO: Get Flag Functionality + *mode = cryptography_get_ecs_mode(*ecs); + if (*mode == CRYPTO_LIB_ERR_UNSUPPORTED_ECS_MODE) + { + status = CRYPTO_LIB_ERR_UNSUPPORTED_ECS_MODE; + return status; + } + return status; +} + +int32_t cryptography_gcry_setup(int32_t mode, int32_t algo, gcry_cipher_hd_t* tmp_hd, uint8_t* key_ptr, uint32_t len_key, uint8_t* iv, uint32_t iv_len, gcry_error_t* gcry_error) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + if(mode == CRYPTO_CIPHER_AES256_CBC_MAC) { - gcry_error = gcry_cipher_open(&(tmp_hd), algo, mode, GCRY_CIPHER_CBC_MAC); + *gcry_error = gcry_cipher_open(tmp_hd, algo, mode, GCRY_CIPHER_CBC_MAC); } else { - gcry_error = gcry_cipher_open(&(tmp_hd), algo, mode, GCRY_CIPHER_NONE); + *gcry_error = gcry_cipher_open(tmp_hd, algo, mode, GCRY_CIPHER_NONE); } - if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR) + if ((*gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR) { - printf(KRED "ERROR: gcry_cipher_open error code %d\n" RESET, gcry_error & GPG_ERR_CODE_MASK); - printf(KRED "Failure: %s/%s\n", gcry_strsource(gcry_error), gcry_strerror(gcry_error)); + printf(KRED "ERROR: gcry_cipher_open error code %d\n" RESET, *gcry_error & GPG_ERR_CODE_MASK); + printf(KRED "Failure: %s/%s\n", gcry_strsource(*gcry_error), gcry_strerror(*gcry_error)); status = CRYPTO_LIB_ERR_LIBGCRYPT_ERROR; return status; } - gcry_error = gcry_cipher_setkey(tmp_hd, key_ptr, len_key); + *gcry_error = gcry_cipher_setkey(*tmp_hd, key_ptr, len_key); #ifdef SA_DEBUG uint32_t i; printf(KYEL "AEAD MAC: Printing Key:\n\t"); @@ -577,23 +567,64 @@ static int32_t cryptography_aead_encrypt(uint8_t* data_out, size_t len_data_out, printf("\n"); #endif - if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR) + if ((*gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR) { - printf(KRED "ERROR: gcry_cipher_setkey error code %d\n" RESET, gcry_error & GPG_ERR_CODE_MASK); - printf(KRED "Failure: %s/%s\n", gcry_strsource(gcry_error), gcry_strerror(gcry_error)); + printf(KRED "ERROR: gcry_cipher_setkey error code %d\n" RESET, *gcry_error & GPG_ERR_CODE_MASK); + printf(KRED "Failure: %s/%s\n", gcry_strsource(*gcry_error), gcry_strerror(*gcry_error)); status = CRYPTO_LIB_ERR_LIBGCRYPT_ERROR; - gcry_cipher_close(tmp_hd); + gcry_cipher_close(*tmp_hd); return status; } - gcry_error = gcry_cipher_setiv(tmp_hd, iv, iv_len); - if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR) + *gcry_error = gcry_cipher_setiv(*tmp_hd, iv, iv_len); + if ((*gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR) { - printf(KRED "ERROR: gcry_cipher_setiv error code %d\n" RESET, gcry_error & GPG_ERR_CODE_MASK); - printf(KRED "Failure: %s/%s\n", gcry_strsource(gcry_error), gcry_strerror(gcry_error)); + printf(KRED "ERROR: gcry_cipher_setiv error code %d\n" RESET, *gcry_error & GPG_ERR_CODE_MASK); + printf(KRED "Failure: %s/%s\n", gcry_strsource(*gcry_error), gcry_strerror(*gcry_error)); status = CRYPTO_LIB_ERR_LIBGCRYPT_ERROR; - gcry_cipher_close(tmp_hd); + gcry_cipher_close(*tmp_hd); return status; } + return status; +} + +static int32_t cryptography_aead_encrypt(uint8_t* data_out, size_t len_data_out, + uint8_t* data_in, size_t len_data_in, + uint8_t* key, uint32_t len_key, + SecurityAssociation_t* sa_ptr, // For key index or key references (when key not passed in explicitly via key param) + uint8_t* iv, uint32_t iv_len, + uint8_t* mac, uint32_t mac_size, + uint8_t* aad, uint32_t aad_len, + uint8_t encrypt_bool, uint8_t authenticate_bool, + uint8_t aad_bool, uint8_t* ecs, uint8_t* acs, char* cam_cookies) +{ + gcry_error_t gcry_error = GPG_ERR_NO_ERROR; + gcry_cipher_hd_t tmp_hd = 0; + int32_t status = CRYPTO_LIB_SUCCESS; + uint8_t* key_ptr = key; + + // Fix warning + acs = acs; + cam_cookies = cam_cookies; + + sa_ptr = sa_ptr; // Unused in this implementation + + // Select correct libgcrypt ecs enum + int32_t algo = -1; + int32_t mode = -1; + status = cryptography_verify_ecs_enum_algo(ecs, &algo, &mode); + if(status != CRYPTO_LIB_SUCCESS) + { + mc_if->mc_log(status); + return status; + } + + // TODO: Get Flag Functionality + status = cryptography_gcry_setup(mode, algo, &tmp_hd, key_ptr, len_key, iv, iv_len, &gcry_error); + if(status != CRYPTO_LIB_SUCCESS) + { + mc_if->mc_log(status); + return status; + } #ifdef DEBUG size_t j; @@ -680,6 +711,7 @@ static int32_t cryptography_aead_encrypt(uint8_t* data_out, size_t len_data_out, } #ifdef MAC_DEBUG + uint32_t i = 0; printf("MAC = 0x"); for (i = 0; i < mac_size; i++) { From 50dbcb901c3819bc646b1481f43ac239cc6903b5 Mon Sep 17 00:00:00 2001 From: Robert Brown Date: Fri, 15 Mar 2024 19:15:05 +0000 Subject: [PATCH 013/174] [nasa/cryptolib#196] standalone tm_process refactor --- support/standalone/standalone.c | 176 ++++++++++++++++++-------------- 1 file changed, 100 insertions(+), 76 deletions(-) diff --git a/support/standalone/standalone.c b/support/standalone/standalone.c index 32d905d2..b7db0f82 100644 --- a/support/standalone/standalone.c +++ b/support/standalone/standalone.c @@ -428,6 +428,101 @@ void crypto_standalone_tm_frame(uint8_t* in_data, uint16_t in_length, uint8_t* o memcpy(out_data, &in_data[header_length], in_length - header_length - trailer_length); } +void crypto_standalone_tm_debug_recv(int32_t status, int tm_process_len, uint8_t* tm_process_in) +{ + if (tm_debug == 1) + { + printf("crypto_standalone_tm_process - received[%d]: 0x", tm_process_len); + for (int i = 0; i < status; i++) + { + printf("%02x", tm_process_in[i]); + } + printf("\n"); + } +} + +void crypto_standalone_tm_debug_process(uint8_t* tm_process_in) +{ + if (tm_debug == 1) + { + printf("Printing first bytes of Tf Pri Hdr:\n\t"); + for (int i = 0; i < 6; i++) + { + printf("%02X", *(tm_process_in + 4 + i)); + } + printf("\n"); + printf("Processing frame WITH ASM...\n"); + } +} + +void crypto_standalone_spp_telem_or_idle(int32_t* status_p, uint8_t* tm_ptr, uint16_t* spp_len_p, udp_info_t* tm_sock, struct sockaddr_in fwd_addr, int* tm_process_len_p) +{ + int32_t status = *status_p; + uint16_t spp_len = *spp_len_p; + int tm_process_len = *tm_process_len_p; + + if ((tm_ptr[0] == 0x08) || ((tm_ptr[0] == 0x03) && tm_ptr[1] == 0xff)) + { + spp_len = (((0xFFFF & tm_ptr[4]) << 8) | tm_ptr[5]) + 7; +#ifdef CRYPTO_STANDALONE_TM_PROCESS_DEBUG + printf("crypto_standalone_tm_process - SPP[%d]: 0x", spp_len); + for (int i = 0; i < spp_len; i++) + { + printf("%02x", tm_ptr[i]); + } + printf("\n"); +#endif + // Send all SPP telemetry packets + if (tm_ptr[0] == 0x08) + { + status = sendto(tm_sock->sockfd, tm_ptr, spp_len, 0, (struct sockaddr*)&fwd_addr, sizeof(fwd_addr)); + } + // Only send idle packets if configured to do so + else + { +#ifdef CRYPTO_STANDALONE_DISCARD_IDLE_PACKETS + // Don't forward idle packets + status = spp_len; +#else + status = sendto(tm_sock->sockfd, tm_ptr, spp_len, 0, (struct sockaddr*)&fwd_addr, sizeof(fwd_addr)); +#endif + } + + // Check status + if ((status == -1) || (status != spp_len)) + { + printf("crypto_standalone_tm_process - Reply error %d \n", status); + } + tm_ptr = &tm_ptr[spp_len]; + tm_process_len = tm_process_len - spp_len; + } + else if (tm_ptr[0] == 0xff && tm_ptr[1] == 0x48) + { + // Idle Frame + // Idle Frame is entire length of remaining data +#ifdef CRYPTO_STANDALONE_DISCARD_IDLE_FRAMES + // Don't forward idle frame + status = spp_len; +#else + status = sendto(tm_sock->sockfd, tm_ptr, tm_process_len, 0, (struct sockaddr*)&fwd_addr, sizeof(fwd_addr)); + if ((status == -1) || (status != spp_len)) + { + printf("crypto_standalone_tm_process - Reply error %d \n", status); + } + tm_ptr = &tm_ptr[spp_len]; +#endif + tm_process_len = 0; + } + else + { + printf("crypto_standalone_tm_process - SPP loop error, expected idle packet or frame! tm_ptr = 0x%02x%02x \n", tm_ptr[0], tm_ptr[1]); + tm_process_len = 0; + } + *status_p = status; + *spp_len_p = spp_len; + *tm_process_len_p = tm_process_len; +} + void* crypto_standalone_tm_process(void* sock) { int32_t status = CRYPTO_LIB_SUCCESS; @@ -459,29 +554,13 @@ void* crypto_standalone_tm_process(void* sock) if (status != -1) { tm_process_len = status; - if (tm_debug == 1) - { - printf("crypto_standalone_tm_process - received[%d]: 0x", tm_process_len); - for (int i = 0; i < status; i++) - { - printf("%02x", tm_process_in[i]); - } - printf("\n"); - } + /* Recieve */ + crypto_standalone_tm_debug_recv(status, tm_process_len, tm_process_in); /* Process */ #ifdef TM_CADU_HAS_ASM // Process Security skipping prepended ASM - if (tm_debug == 1) - { - printf("Printing first bytes of Tf Pri Hdr:\n\t"); - for (int i = 0; i < 6; i++) - { - printf("%02X", *(tm_process_in + 4 + i)); - } - printf("\n"); - printf("Processing frame WITH ASM...\n"); - } - // Account for ASM length + crypto_standalone_tm_debug_process(tm_process_in); + status = Crypto_TM_ProcessSecurity(tm_process_in + 4, (const uint16_t)tm_process_len - 4, &tm_ptr, &tm_out_len); #else if (tm_debug == 1) @@ -540,63 +619,8 @@ void* crypto_standalone_tm_process(void* sock) while (tm_process_len > 5) { // SPP Telemetry OR SPP Idle Packet - if ((tm_ptr[0] == 0x08) || ((tm_ptr[0] == 0x03) && tm_ptr[1] == 0xff)) - { - spp_len = (((0xFFFF & tm_ptr[4]) << 8) | tm_ptr[5]) + 7; -#ifdef CRYPTO_STANDALONE_TM_PROCESS_DEBUG - printf("crypto_standalone_tm_process - SPP[%d]: 0x", spp_len); - for (int i = 0; i < spp_len; i++) - { - printf("%02x", tm_ptr[i]); - } - printf("\n"); -#endif - // Send all SPP telemetry packets - if (tm_ptr[0] == 0x08) - { - status = sendto(tm_sock->sockfd, tm_ptr, spp_len, 0, (struct sockaddr*)&fwd_addr, sizeof(fwd_addr)); - } - // Only send idle packets if configured to do so - else - { -#ifdef CRYPTO_STANDALONE_DISCARD_IDLE_PACKETS - // Don't forward idle packets - status = spp_len; -#else - status = sendto(tm_sock->sockfd, tm_ptr, spp_len, 0, (struct sockaddr*)&fwd_addr, sizeof(fwd_addr)); -#endif - } + crypto_standalone_spp_telem_or_idle(&status, tm_ptr, &spp_len, tm_sock, fwd_addr, &tm_process_len); - // Check status - if ((status == -1) || (status != spp_len)) - { - printf("crypto_standalone_tm_process - Reply error %d \n", status); - } - tm_ptr = &tm_ptr[spp_len]; - tm_process_len = tm_process_len - spp_len; - } - else if (tm_ptr[0] == 0xff && tm_ptr[1] == 0x48) - { - // Idle Frame - // Idle Frame is entire length of remaining data -#ifdef CRYPTO_STANDALONE_DISCARD_IDLE_FRAMES - // Don't forward idle frame - status = spp_len; -#else - status = sendto(tm_sock->sockfd, tm_ptr, tm_process_len, 0, (struct sockaddr*)&fwd_addr, sizeof(fwd_addr)); - if ((status == -1) || (status != spp_len)) - { - printf("crypto_standalone_tm_process - Reply error %d \n", status); - } - tm_ptr = &tm_ptr[spp_len]; -#endif - tm_process_len = 0; - } - else - { - printf("crypto_standalone_tm_process - SPP loop error, expected idle packet or frame! tm_ptr = 0x%02x%02x \n", tm_ptr[0], tm_ptr[1]); - tm_process_len = 0; - } } } else From a0283781ee4eba2c50ad45cac12f9d07c7cc0d81 Mon Sep 17 00:00:00 2001 From: Robert Brown Date: Fri, 15 Mar 2024 19:31:46 +0000 Subject: [PATCH 014/174] [nasa/cryptolib#196] Crypto_Check_Anti_Replay refactor --- src/core/crypto.c | 76 ++++++++++++++++++++++++++++++++++------------- 1 file changed, 56 insertions(+), 20 deletions(-) diff --git a/src/core/crypto.c b/src/core/crypto.c index 528ece0c..df002664 100644 --- a/src/core/crypto.c +++ b/src/core/crypto.c @@ -806,30 +806,30 @@ int32_t Crypto_Process_Extended_Procedure_Pdu(TC_t* tc_sdls_processed_frame, uin return status; } // End Process SDLS PDU -/* -** @brief: Check IVs and ARSNs to ensure within valid positive window if applicable -*/ -int32_t Crypto_Check_Anti_Replay(SecurityAssociation_t* sa_ptr, uint8_t* arsn, uint8_t* iv) +int32_t Crypto_Check_Anti_Replay_Verify_Pointers(SecurityAssociation_t* sa_ptr, uint8_t* arsn, uint8_t* iv) { int32_t status = CRYPTO_LIB_SUCCESS; - int8_t IV_VALID = -1; - int8_t ARSN_VALID = -1; - - // Check for NULL pointers if (sa_ptr == NULL) // #177 - Modification made per suggestion of 'Spicydll' - prevents null dereference { - return CRYPTO_LIB_ERR_NULL_SA; + status = CRYPTO_LIB_ERR_NULL_SA; + return status; } if (arsn == NULL && sa_ptr->arsn_len > 0) { - return CRYPTO_LIB_ERR_NULL_ARSN; + status = CRYPTO_LIB_ERR_NULL_ARSN; + return status; } if (iv == NULL && sa_ptr->shivf_len > 0 && crypto_config.cryptography_type != CRYPTOGRAPHY_TYPE_KMCCRYPTO) { - return CRYPTO_LIB_ERR_NULL_IV; + status = CRYPTO_LIB_ERR_NULL_IV; + return status; } - - // If sequence number field is greater than zero, check for replay + return status; +} + +int32_t Crypto_Check_Anti_Replay_ARSNW(SecurityAssociation_t* sa_ptr, uint8_t* arsn, int8_t* ARSN_VALID) +{ + int32_t status = CRYPTO_LIB_SUCCESS; if (sa_ptr->shsnf_len > 0) { // Check Sequence Number is in ARSNW @@ -855,11 +855,16 @@ int32_t Crypto_Check_Anti_Replay(SecurityAssociation_t* sa_ptr, uint8_t* arsn, u // Valid ARSN received, increment stored value else { - ARSN_VALID = CRYPTO_TRUE; + *ARSN_VALID = CRYPTO_TRUE; // memcpy(sa_ptr->arsn, arsn, sa_ptr->arsn_len); } } - // If IV is greater than zero and using GCM, check for replay + return status; +} + +int32_t Crypto_Check_Anti_Replay_GCM(SecurityAssociation_t* sa_ptr, uint8_t* iv, int8_t* IV_VALID) +{ + int32_t status = CRYPTO_LIB_SUCCESS; if ((sa_ptr->iv_len > 0) && (sa_ptr->ecs == CRYPTO_CIPHER_AES256_GCM)) { // Check IV is in ARSNW @@ -893,14 +898,45 @@ int32_t Crypto_Check_Anti_Replay(SecurityAssociation_t* sa_ptr, uint8_t* arsn, u // Valid IV received, increment stored value else { - IV_VALID = CRYPTO_TRUE; + *IV_VALID = CRYPTO_TRUE; // memcpy(sa_ptr->iv, iv, sa_ptr->iv_len); } } - // IV length is greater than zero, but not using an incrementing IV as in GCM - // we can't verify this internally as Crpytolib doesn't track previous IVs - // or generate random ones - // else{} + return status; +} + +/* +** @brief: Check IVs and ARSNs to ensure within valid positive window if applicable +*/ +int32_t Crypto_Check_Anti_Replay(SecurityAssociation_t* sa_ptr, uint8_t* arsn, uint8_t* iv) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + int8_t IV_VALID = -1; + int8_t ARSN_VALID = -1; + + // Check for NULL pointers + status = Crypto_Check_Anti_Replay_Verify_Pointers(sa_ptr, arsn, iv); + if(status != CRYPTO_LIB_SUCCESS) + { + mc_if->mc_log(status); + return status; + } + + // If sequence number field is greater than zero, check for replay + status = Crypto_Check_Anti_Replay_ARSNW(sa_ptr, arsn, &ARSN_VALID); + if(status != CRYPTO_LIB_SUCCESS) + { + mc_if->mc_log(status); + return status; + } + + // If IV is greater than zero and using GCM, check for replay + status = Crypto_Check_Anti_Replay_GCM(sa_ptr, iv, &IV_VALID); + if(status != CRYPTO_LIB_SUCCESS) + { + mc_if->mc_log(status); + return status; + } // For GCM specifically, if have a valid IV... if ((sa_ptr->ecs == CRYPTO_CIPHER_AES256_GCM) && (IV_VALID == CRYPTO_TRUE)) From 972d481b4154dfa5e276479d06fa4c6df7977549 Mon Sep 17 00:00:00 2001 From: Robert Brown Date: Fri, 15 Mar 2024 20:27:16 +0000 Subject: [PATCH 015/174] [nasa/cryptolib#196] sa_get_operational_sa_from_gvcid refactor --- .../internal/sa_interface_inmemory.template.c | 222 ++++++++++++------ 1 file changed, 150 insertions(+), 72 deletions(-) diff --git a/src/sa/internal/sa_interface_inmemory.template.c b/src/sa/internal/sa_interface_inmemory.template.c index 15764669..ce6e3605 100644 --- a/src/sa/internal/sa_interface_inmemory.template.c +++ b/src/sa/internal/sa_interface_inmemory.template.c @@ -459,24 +459,10 @@ static int32_t sa_get_from_spi(uint16_t spi, SecurityAssociation_t** security_as return status; } -/** - * @brief Function: sa_get_operational_sa_from_gvcid - * @param tfvn: uint8 - * @param scid: uint16 - * @param vcid: uint16 - * @param mapid: uint8 // tc only - * @param security_association: SecurityAssociation_t** - * @return int32: Success/Failure - **/ -static int32_t sa_get_operational_sa_from_gvcid(uint8_t tfvn, uint16_t scid, uint16_t vcid, uint8_t mapid, - SecurityAssociation_t** security_association) +int32_t sa_get_operational_sa_from_gvcid_find_iv(uint8_t tfvn, uint16_t scid, uint16_t vcid, uint8_t mapid, SecurityAssociation_t** security_association) { int32_t status = CRYPTO_LIB_ERR_NO_OPERATIONAL_SA; - int i; - if (sa == NULL) - { - return CRYPTO_LIB_ERR_NO_INIT; - } + int i = 0; for (i = 0; i < NUM_SA; i++) { @@ -493,12 +479,14 @@ static int32_t sa_get_operational_sa_from_gvcid(uint8_t tfvn, uint16_t scid, uin // Must have IV if using libgcrypt and auth/enc if (sa[i].iv == NULL && (sa[i].ast == 1 || sa[i].est == 1) && crypto_config.cryptography_type != CRYPTOGRAPHY_TYPE_KMCCRYPTO) { - return CRYPTO_LIB_ERR_NULL_IV; + status = CRYPTO_LIB_ERR_NULL_IV; + return status; } // Must have ABM if doing authentication if (sa[i].abm == NULL && sa[i].ast) { - return CRYPTO_LIB_ERR_NULL_ABM; + status = CRYPTO_LIB_ERR_NULL_ABM; + return status; } #ifdef SA_DEBUG @@ -512,84 +500,174 @@ static int32_t sa_get_operational_sa_from_gvcid(uint8_t tfvn, uint16_t scid, uin break; } } + return status; +} - // If not a success, attempt to generate a meaningful error code - if (status != CRYPTO_LIB_SUCCESS) - { -#ifdef SA_DEBUG - printf(KRED "Error - Making best attempt at a useful error code:\n\t" RESET); -#endif - for (i = 0; i < NUM_SA; i++) - { - // Could possibly have more than one field mismatched, - // ordering so the 'most accurate' SA's error is returned - // (determined by matching header fields L to R) - if ((sa[i].gvcid_blk.tfvn != tfvn) && (sa[i].gvcid_blk.scid == scid) && +void sa_mismatched_tfvn_error(int * i_p, int32_t* status, uint8_t tfvn, uint16_t scid, uint16_t vcid, uint8_t mapid) +{ + int i = *i_p; + if ((sa[i].gvcid_blk.tfvn != tfvn) && (sa[i].gvcid_blk.scid == scid) && (sa[i].gvcid_blk.vcid == vcid) && (sa[i].gvcid_blk.mapid == mapid && sa[i].sa_state == SA_OPERATIONAL)) - { + { #ifdef SA_DEBUG - printf(KRED "An operational SA was found - but mismatched tfvn.\n" RESET); - printf(KRED "SA is %d\n", i); - printf(KRED "Incoming tfvn is %d\n", tfvn); - printf(KRED "SA tfvn is %d\n", sa[i].gvcid_blk.tfvn); + printf(KRED "An operational SA was found - but mismatched tfvn.\n" RESET); + printf(KRED "SA is %d\n", i); + printf(KRED "Incoming tfvn is %d\n", tfvn); + printf(KRED "SA tfvn is %d\n", sa[i].gvcid_blk.tfvn); #endif - status = CRYPTO_LIB_ERR_INVALID_TFVN; - } - else if ((sa[i].gvcid_blk.tfvn == tfvn) && (sa[i].gvcid_blk.scid != scid) && + *status = CRYPTO_LIB_ERR_INVALID_TFVN; + } + *i_p = i; +} + +void sa_mismatched_scid(int* i_p, int32_t* status, uint8_t tfvn, uint16_t scid, uint16_t vcid, uint8_t mapid) +{ + int i = *i_p; + if ((sa[i].gvcid_blk.tfvn == tfvn) && (sa[i].gvcid_blk.scid != scid) && (sa[i].gvcid_blk.vcid == vcid) && (sa[i].gvcid_blk.mapid == mapid && sa[i].sa_state == SA_OPERATIONAL)) - { + { #ifdef SA_DEBUG - printf(KRED "An operational SA was found - but mismatched scid.\n" RESET); - printf(KRED "SA is %d\n", i); - printf(KRED "SCID is %d\n", scid); - printf(KRED "gvcid_blk SCID is %d\n", sa[i].gvcid_blk.scid); + printf(KRED "An operational SA was found - but mismatched scid.\n" RESET); + printf(KRED "SA is %d\n", i); + printf(KRED "SCID is %d\n", scid); + printf(KRED "gvcid_blk SCID is %d\n", sa[i].gvcid_blk.scid); #endif - status = CRYPTO_LIB_ERR_INVALID_SCID; - } - else if ((sa[i].gvcid_blk.tfvn == tfvn) && (sa[i].gvcid_blk.scid == scid) && + *status = CRYPTO_LIB_ERR_INVALID_SCID; + } + *i_p = i; +} + +void sa_mismatched_vcid(int* i_p, int32_t* status, uint8_t tfvn, uint16_t scid, uint16_t vcid, uint8_t mapid) +{ + int i = *i_p; + if ((sa[i].gvcid_blk.tfvn == tfvn) && (sa[i].gvcid_blk.scid == scid) && (sa[i].gvcid_blk.vcid != vcid) && (sa[i].gvcid_blk.mapid == mapid && sa[i].sa_state == SA_OPERATIONAL)) - { + { #ifdef SA_DEBUG - printf(KRED "An operational SA was found - but mismatched vcid.\n" RESET); - printf(KRED "SA is %d\n", i); + printf(KRED "An operational SA was found - but mismatched vcid.\n" RESET); + printf(KRED "SA is %d\n", i); #endif - status = CRYPTO_LIB_ERR_INVALID_VCID; - } - else if ((sa[i].gvcid_blk.tfvn == tfvn) && (sa[i].gvcid_blk.scid == scid) && + *status = CRYPTO_LIB_ERR_INVALID_VCID; + } + *i_p = i; +} + +void sa_mismatched_mapid(int* i_p, int32_t* status, uint8_t tfvn, uint16_t scid, uint16_t vcid, uint8_t mapid) +{ + int i = *i_p; + if ((sa[i].gvcid_blk.tfvn == tfvn) && (sa[i].gvcid_blk.scid == scid) && (sa[i].gvcid_blk.vcid == vcid) && (sa[i].gvcid_blk.mapid != mapid && sa[i].sa_state == SA_OPERATIONAL)) - { + { #ifdef SA_DEBUG - printf(KRED "An operational SA was found - but mismatched mapid.\n" RESET); + printf(KRED "An operational SA was found - but mismatched mapid.\n" RESET); #endif - status = CRYPTO_LIB_ERR_INVALID_MAPID; - } - else if ((sa[i].gvcid_blk.tfvn == tfvn) && (sa[i].gvcid_blk.scid == scid) && - (sa[i].gvcid_blk.vcid == vcid) && - (sa[i].gvcid_blk.mapid == mapid && sa[i].sa_state != SA_OPERATIONAL)) - { + *status = CRYPTO_LIB_ERR_INVALID_MAPID; + } + *i_p = i; +} + +void sa_non_operational_sa(int* i_p, int32_t* status, uint8_t tfvn, uint16_t scid, uint16_t vcid, uint8_t mapid) +{ + int i = *i_p; + if ((sa[i].gvcid_blk.tfvn == tfvn) && (sa[i].gvcid_blk.scid == scid) && + (sa[i].gvcid_blk.vcid == vcid) && + (sa[i].gvcid_blk.mapid == mapid && sa[i].sa_state != SA_OPERATIONAL)) + { +#ifdef SA_DEBUG + printf(KRED "A valid but non-operational SA was found: SPI: %d.\n" RESET, sa[i].spi); +#endif + *status = CRYPTO_LIB_ERR_NO_OPERATIONAL_SA; + } + *i_p = i; +} + +void sa_debug_block(uint8_t tfvn, uint16_t scid, uint16_t vcid, uint8_t mapid) +{ +// Detailed debug block +#ifdef SA_DEBUG + printf(KYEL "Incoming frame parameters:\n" RESET); + printf(KYEL "\ttfvn %02X\n" RESET, tfvn); + printf(KYEL "\tscid %d\n" RESET, scid); + printf(KYEL "\tvcid %d\n" RESET, vcid); + printf(KYEL "\tmapid %02X\n" RESET, mapid); +#endif +} + +int32_t sa_get_operational_sa_from_gvcid_generate_error(int32_t* status, uint8_t tfvn, uint16_t scid, uint16_t vcid, uint8_t mapid) +{ + int i = 0; + + if (*status != CRYPTO_LIB_SUCCESS) + { #ifdef SA_DEBUG - printf(KRED "A valid but non-operational SA was found: SPI: %d.\n" RESET, sa[i].spi); + printf(KRED "Error - Making best attempt at a useful error code:\n\t" RESET); #endif - status = CRYPTO_LIB_ERR_NO_OPERATIONAL_SA; + for (i = 0; i < NUM_SA; i++) + { + // Could possibly have more than one field mismatched, + // ordering so the 'most accurate' SA's error is returned + // (determined by matching header fields L to R) + sa_mismatched_tfvn_error(&i, status, tfvn, scid, vcid, mapid); + if(status != CRYPTO_LIB_SUCCESS) + { + sa_debug_block(tfvn, scid, vcid, mapid); + return *status; } - else + sa_mismatched_scid(&i, status, tfvn, scid, vcid, mapid); + if(status != CRYPTO_LIB_SUCCESS) { - // Don't set status, could overwrite useful error message above + sa_debug_block(tfvn, scid, vcid, mapid); + return *status; + } + sa_mismatched_vcid(&i, status, tfvn, scid, vcid, mapid); + if(status != CRYPTO_LIB_SUCCESS) + { + sa_debug_block(tfvn, scid, vcid, mapid); + return *status; + } + sa_mismatched_mapid(&i, status, tfvn, scid, vcid, mapid); + if(status != CRYPTO_LIB_SUCCESS) + { + sa_debug_block(tfvn, scid, vcid, mapid); + return *status; + } + sa_non_operational_sa(&i, status, tfvn, scid, vcid, mapid); + if(status != CRYPTO_LIB_SUCCESS) + { + sa_debug_block(tfvn, scid, vcid, mapid); + return *status; } } - // Detailed debug block -#ifdef SA_DEBUG - printf(KYEL "Incoming frame parameters:\n" RESET); - printf(KYEL "\ttfvn %02X\n" RESET, tfvn); - printf(KYEL "\tscid %d\n" RESET, scid); - printf(KYEL "\tvcid %d\n" RESET, vcid); - printf(KYEL "\tmapid %02X\n" RESET, mapid); -#endif } + return *status; +} + +/** + * @brief Function: sa_get_operational_sa_from_gvcid + * @param tfvn: uint8 + * @param scid: uint16 + * @param vcid: uint16 + * @param mapid: uint8 // tc only + * @param security_association: SecurityAssociation_t** + * @return int32: Success/Failure + **/ +static int32_t sa_get_operational_sa_from_gvcid(uint8_t tfvn, uint16_t scid, uint16_t vcid, uint8_t mapid, + SecurityAssociation_t** security_association) +{ + int32_t status = CRYPTO_LIB_ERR_NO_OPERATIONAL_SA; + if (sa == NULL) + { + return CRYPTO_LIB_ERR_NO_INIT; + } + + status = sa_get_operational_sa_from_gvcid_find_iv(tfvn, scid, vcid, mapid, security_association); + + // If not a success, attempt to generate a meaningful error code + status = sa_get_operational_sa_from_gvcid_generate_error(&status, tfvn, scid, vcid, mapid); return status; } From 922a5aa91a5df18eb152ca5bb0302f9fbc7ad3aa Mon Sep 17 00:00:00 2001 From: Robert Brown Date: Fri, 15 Mar 2024 21:05:05 +0000 Subject: [PATCH 016/174] [nasa/cryptolib#196] Crypto_TM_ApplySecurity Refactor --- src/core/crypto_tm.c | 304 +++++++++++++++++++++++++------------------ 1 file changed, 177 insertions(+), 127 deletions(-) diff --git a/src/core/crypto_tm.c b/src/core/crypto_tm.c index 63545d5c..15510544 100644 --- a/src/core/crypto_tm.c +++ b/src/core/crypto_tm.c @@ -23,6 +23,169 @@ #include // memcpy/memset + +int32_t Crypto_TM_Sanity_Check(uint8_t* pTfBuffer) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + // Passed a null, return an error + if (!pTfBuffer) + { + status = CRYPTO_LIB_ERR_NULL_BUFFER; + return status; + } + + if ((crypto_config.init_status == UNITIALIZED) || (mc_if == NULL) || (sa_if == NULL)) + { + printf(KRED "ERROR: CryptoLib Configuration Not Set! -- CRYPTO_LIB_ERR_NO_CONFIG, Will Exit\n" RESET); + status = CRYPTO_LIB_ERR_NO_CONFIG; + // Can't mc_log since it's not configured + return status; // return immediately so a NULL crypto_config is not dereferenced later + } + return status; +} + +int32_t Crypto_TM_Determine_SA_Service_Type(uint8_t* sa_service_type, SecurityAssociation_t* sa_ptr) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + if ((sa_ptr->est == 0) && (sa_ptr->ast == 0)) + { + *sa_service_type = SA_PLAINTEXT; + } + else if ((sa_ptr->est == 0) && (sa_ptr->ast == 1)) + { + *sa_service_type = SA_AUTHENTICATION; + } + else if ((sa_ptr->est == 1) && (sa_ptr->ast == 0)) + { + *sa_service_type = SA_ENCRYPTION; + } + else if ((sa_ptr->est == 1) && (sa_ptr->ast == 1)) + { + *sa_service_type = SA_AUTHENTICATED_ENCRYPTION; + } + else + { + // Probably unnecessary check + // Leaving for now as it would be cleaner in SA to have an association enum returned I believe + printf(KRED "Error: SA Service Type is not defined! \n" RESET); + status = CRYPTO_LIB_ERROR; + mc_if->mc_log(status); + return status; + } + return status; +} + +void Crypto_TM_Check_For_Secondary_Header(uint8_t* pTfBuffer, uint16_t* idx) +{ + *idx = 4; + if((pTfBuffer[*idx] & 0x80) == 0x80) + { +#ifdef TM_DEBUG + printf(KYEL "A TM Secondary Header flag is set!\n"); +#endif + // Secondary header is present + *idx = 6; + // Determine length of secondary header + // Length coded as total length of secondary header - 1 + // Reference CCSDS 132.0-B-2 4.1.3.2.3 + uint8_t secondary_hdr_len = (pTfBuffer[*idx] & 0x3F); +#ifdef TM_DEBUG + printf(KYEL "Secondary Header Length is decoded as: %d\n", secondary_hdr_len); +#endif + // Increment from current byte (1st byte of secondary header), + // to where the SPI would start + *idx += secondary_hdr_len + 1; + } + else + { + // No Secondary header, carry on as usual and increment to SPI start + *idx = 6; + } +} + +int32_t Crypto_TM_IV_Sanity_Check(uint8_t* sa_service_type, SecurityAssociation_t* sa_ptr) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + #ifdef SA_DEBUG + if (sa_ptr->shivf_len > 0 && sa_ptr->iv != NULL) + { + printf(KYEL "Using IV value:\n\t"); + for (int i = 0; i < sa_ptr->iv_len; i++) + { + printf("%02x", *(sa_ptr->iv + i)); + } + printf("\n" RESET); + printf(KYEL "Transmitted IV value:\n\t"); + for (int i = sa_ptr->iv_len - sa_ptr->shivf_len; i < sa_ptr->iv_len; i++) + { + printf("%02x", *(sa_ptr->iv + i)); + } + printf("\n" RESET); + } +#endif + if(*sa_service_type != SA_PLAINTEXT && sa_ptr->ecs_len == 0 && sa_ptr->acs_len ==0) + { + status = CRYPTO_LIB_ERR_NULL_CIPHERS; +#ifdef TM_DEBUG + printf(KRED "CRYPTO_LIB_ERR_NULL_CIPHERS, Invalid cipher lengths, %d\n" RESET, CRYPTO_LIB_ERR_NULL_CIPHERS); +#endif + mc_if->mc_log(status); + return status; + } + + if(sa_ptr->est == 0 && sa_ptr->ast == 1) + { + if(sa_ptr->acs_len != 0) + { + if((sa_ptr->acs == CRYPTO_MAC_CMAC_AES256 || sa_ptr->acs == CRYPTO_MAC_HMAC_SHA256 || sa_ptr->acs == CRYPTO_MAC_HMAC_SHA512) && + sa_ptr->iv_len > 0 ) + { + status = CRYPTO_LIB_ERR_IV_NOT_SUPPORTED_FOR_ACS_ALGO; + mc_if->mc_log(status); + return status; + } + } + } + return status; +} + +void Crypto_TM_PKCS_Padding(uint32_t* pkcs_padding, SecurityAssociation_t* sa_ptr, uint8_t* pTfBuffer, uint16_t* idx_p) +{ + uint16_t idx = *idx_p; + if(*pkcs_padding) + { + uint8_t hex_padding[3] = {0}; //TODO: Create #Define for the 3 + *pkcs_padding = *pkcs_padding & 0x00FFFFFF; // Truncate to be maxiumum of 3 bytes in size + + // Byte Magic + hex_padding[0] = (*pkcs_padding >> 16) & 0xFF; + hex_padding[1] = (*pkcs_padding >> 8) & 0xFF; + hex_padding[2] = (*pkcs_padding) & 0xFF; + + uint8_t padding_start = 0; + padding_start = 3 - sa_ptr->shplf_len; + + for (int i = 0; i < sa_ptr->shplf_len; i++) + { + pTfBuffer[idx] = hex_padding[padding_start++]; + idx++; + } + } + *idx_p = idx; +} + +void Crypto_TM_Handle_Managed_Parameter_Flags(uint16_t* pdu_len) +{ + if(current_managed_parameters->has_ocf == TM_HAS_OCF) + { + *pdu_len -= 4; + } + if(current_managed_parameters->has_fecf == TM_HAS_FECF) + { + *pdu_len -= 2; + } +} + /** * @brief Function: Crypto_TM_ApplySecurity * @param ingest: uint8_t* @@ -60,18 +223,10 @@ int32_t Crypto_TM_ApplySecurity(uint8_t* pTfBuffer) uint16_t scid = 0; uint16_t vcid = 0; - // Passed a null, return an error - if (!pTfBuffer) + status = Crypto_TM_Sanity_Check(pTfBuffer); + if(status != CRYPTO_LIB_SUCCESS) { - return CRYPTO_LIB_ERR_NULL_BUFFER; - } - - if ((crypto_config.init_status == UNITIALIZED) || (mc_if == NULL) || (sa_if == NULL)) - { - printf(KRED "ERROR: CryptoLib Configuration Not Set! -- CRYPTO_LIB_ERR_NO_CONFIG, Will Exit\n" RESET); - status = CRYPTO_LIB_ERR_NO_CONFIG; - // Can't mc_log since it's not configured - return status; // return immediately so a NULL crypto_config is not dereferenced later + return status; } tfvn = ((uint8_t)pTfBuffer[0] & 0xC0) >> 6; @@ -132,31 +287,9 @@ int32_t Crypto_TM_ApplySecurity(uint8_t* pTfBuffer) #endif // Determine SA Service Type - if ((sa_ptr->est == 0) && (sa_ptr->ast == 0)) - { - sa_service_type = SA_PLAINTEXT; - } - else if ((sa_ptr->est == 0) && (sa_ptr->ast == 1)) - { - sa_service_type = SA_AUTHENTICATION; - } - else if ((sa_ptr->est == 1) && (sa_ptr->ast == 0)) - { - sa_service_type = SA_ENCRYPTION; - } - else if ((sa_ptr->est == 1) && (sa_ptr->ast == 1)) - { - sa_service_type = SA_AUTHENTICATED_ENCRYPTION; - } - else - { - // Probably unnecessary check - // Leaving for now as it would be cleaner in SA to have an association enum returned I believe - printf(KRED "Error: SA Service Type is not defined! \n" RESET); - status = CRYPTO_LIB_ERROR; - mc_if->mc_log(status); - return status; - } + status = Crypto_TM_Determine_SA_Service_Type(&sa_service_type, sa_ptr); + if(status != CRYPTO_LIB_SUCCESS) return status; + // Determine Algorithm cipher & mode. // TODO - Parse authentication_cipher, and handle AEAD cases properly if (sa_service_type != SA_PLAINTEXT) @@ -186,30 +319,8 @@ int32_t Crypto_TM_ApplySecurity(uint8_t* pTfBuffer) // Note: Secondary headers are static only for a mission phase, not guaranteed static // over the life of a mission Per CCSDS 132.0-B.3 Section 4.1.2.7.2.3 // Secondary Header flag is 1st bit of 5th byte (index 4) - idx = 4; - if((pTfBuffer[idx] & 0x80) == 0x80) - { -#ifdef TM_DEBUG - printf(KYEL "A TM Secondary Header flag is set!\n"); -#endif - // Secondary header is present - idx = 6; - // Determine length of secondary header - // Length coded as total length of secondary header - 1 - // Reference CCSDS 132.0-B-2 4.1.3.2.3 - uint8_t secondary_hdr_len = (pTfBuffer[idx] & 0x3F); -#ifdef TM_DEBUG - printf(KYEL "Secondary Header Length is decoded as: %d\n", secondary_hdr_len); -#endif - // Increment from current byte (1st byte of secondary header), - // to where the SPI would start - idx += secondary_hdr_len + 1; - } - else - { - // No Secondary header, carry on as usual and increment to SPI start - idx = 6; - } + Crypto_TM_Check_For_Secondary_Header(pTfBuffer, &idx); + /** * Begin Security Header Fields * Reference CCSDS SDLP 3550b1 4.1.1.1.3 @@ -221,46 +332,9 @@ int32_t Crypto_TM_ApplySecurity(uint8_t* pTfBuffer) idx += 2; // Set initialization vector if specified -#ifdef SA_DEBUG - if (sa_ptr->shivf_len > 0 && sa_ptr->iv != NULL) - { - printf(KYEL "Using IV value:\n\t"); - for (i = 0; i < sa_ptr->iv_len; i++) - { - printf("%02x", *(sa_ptr->iv + i)); - } - printf("\n" RESET); - printf(KYEL "Transmitted IV value:\n\t"); - for (i = sa_ptr->iv_len - sa_ptr->shivf_len; i < sa_ptr->iv_len; i++) - { - printf("%02x", *(sa_ptr->iv + i)); - } - printf("\n" RESET); - } -#endif - if(sa_service_type != SA_PLAINTEXT && sa_ptr->ecs_len == 0 && sa_ptr->acs_len ==0) - { - status = CRYPTO_LIB_ERR_NULL_CIPHERS; -#ifdef TM_DEBUG - printf(KRED "CRYPTO_LIB_ERR_NULL_CIPHERS, Invalid cipher lengths, %d\n" RESET, CRYPTO_LIB_ERR_NULL_CIPHERS); -#endif - mc_if->mc_log(status); - return status; - } + status = Crypto_TM_IV_Sanity_Check(&sa_service_type, sa_ptr); + if(status != CRYPTO_LIB_SUCCESS) return status; - if(sa_ptr->est == 0 && sa_ptr->ast == 1) - { - if(sa_ptr->acs_len != 0) - { - if((sa_ptr->acs == CRYPTO_MAC_CMAC_AES256 || sa_ptr->acs == CRYPTO_MAC_HMAC_SHA256 || sa_ptr->acs == CRYPTO_MAC_HMAC_SHA512) && - sa_ptr->iv_len > 0 ) - { - status = CRYPTO_LIB_ERR_IV_NOT_SUPPORTED_FOR_ACS_ALGO; - mc_if->mc_log(status); - return status; - } - } - } // Start index from the transmitted portion for (i = sa_ptr->iv_len - sa_ptr->shivf_len; i < sa_ptr->iv_len; i++) { @@ -295,26 +369,7 @@ int32_t Crypto_TM_ApplySecurity(uint8_t* pTfBuffer) * cryptographic process, consisting of an integral number of octets. - CCSDS 3550b1 **/ // TODO: Set this depending on crypto cipher used - - if(pkcs_padding) - { - uint8_t hex_padding[3] = {0}; //TODO: Create #Define for the 3 - pkcs_padding = pkcs_padding & 0x00FFFFFF; // Truncate to be maxiumum of 3 bytes in size - - // Byte Magic - hex_padding[0] = (pkcs_padding >> 16) & 0xFF; - hex_padding[1] = (pkcs_padding >> 8) & 0xFF; - hex_padding[2] = (pkcs_padding) & 0xFF; - - uint8_t padding_start = 0; - padding_start = 3 - sa_ptr->shplf_len; - - for (i = 0; i < sa_ptr->shplf_len; i++) - { - pTfBuffer[idx] = hex_padding[padding_start++]; - idx++; - } - } + Crypto_TM_PKCS_Padding(&pkcs_padding, sa_ptr, pTfBuffer, &idx); /** * End Security Header Fields @@ -337,15 +392,10 @@ int32_t Crypto_TM_ApplySecurity(uint8_t* pTfBuffer) data_loc = idx; // Calculate size of data to be encrypted pdu_len = current_managed_parameters->max_frame_size - idx - sa_ptr->stmacf_len; + // Check other managed parameter flags, subtract their lengths from data field if present - if(current_managed_parameters->has_ocf == TM_HAS_OCF) - { - pdu_len -= 4; - } - if(current_managed_parameters->has_fecf == TM_HAS_FECF) - { - pdu_len -= 2; - } + Crypto_TM_Handle_Managed_Parameter_Flags(&pdu_len); + #ifdef TM_DEBUG printf(KYEL "Data location starts at: %d\n" RESET, idx); From 70d08493b056b147a604efc9bd08c80a3e62989d Mon Sep 17 00:00:00 2001 From: Robert Brown Date: Fri, 15 Mar 2024 21:05:59 +0000 Subject: [PATCH 017/174] [nasa/cryptolib#196] WIP: Crypto_TM_ApplySecurity Refactor --- src/core/crypto_tm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core/crypto_tm.c b/src/core/crypto_tm.c index 15510544..41f321ee 100644 --- a/src/core/crypto_tm.c +++ b/src/core/crypto_tm.c @@ -412,7 +412,7 @@ int32_t Crypto_TM_ApplySecurity(uint8_t* pTfBuffer) printf(KYEL "FECF Location is: %d\n" RESET, current_managed_parameters->max_frame_size - 2); } #endif - + // Get Key crypto_key_t* ekp = NULL; ekp = key_if->get_key(sa_ptr->ekid); From 76ef337f5eabc0ff917a9f2aa26ee6c8ea25a790 Mon Sep 17 00:00:00 2001 From: Robert Brown Date: Fri, 15 Mar 2024 21:10:23 +0000 Subject: [PATCH 018/174] [nasa/cryptolib#196] Cyclomatic Complexity Refactoring --- include/crypto.h | 2 +- include/crypto_error.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/crypto.h b/include/crypto.h index 242b4d4e..6a0699f6 100644 --- a/include/crypto.h +++ b/include/crypto.h @@ -94,7 +94,7 @@ extern int32_t Crypto_Init_AOS_Unit_Test(void); // Initialize CryptoLib wit // Cleanup extern int32_t Crypto_Shutdown(void); // Free all allocated memory - + // Telecommand (TC) extern int32_t Crypto_TC_ApplySecurity(const uint8_t* p_in_frame, const uint16_t in_frame_length, uint8_t** pp_enc_frame, uint16_t* p_enc_frame_len); diff --git a/include/crypto_error.h b/include/crypto_error.h index 63e0c71d..3e61fd9a 100644 --- a/include/crypto_error.h +++ b/include/crypto_error.h @@ -68,7 +68,7 @@ #define CAM_KEYTAB_FILE_KINIT_FAILURE 608 #define CAM_KERBEROS_REQUEST_TIME_OUT 609 #define CAM_MAX_AUTH_RETRIES_REACHED 610 - + #define CRYPTO_LIB_SUCCESS (0) #define CRYPTO_LIB_ERROR (-1) #define CRYPTO_LIB_ERR_NO_INIT (-2) From dd6065a084577af580cdc59b596aa726b03f1b3d Mon Sep 17 00:00:00 2001 From: "Lucas, John P" Date: Tue, 19 Mar 2024 20:10:54 -0400 Subject: [PATCH 019/174] [nasa/nos3#202] Updated sa_service_type check that caused error prints and made standalone TC calculate FECF; --- src/core/crypto_tc.c | 5 ++++- support/standalone/standalone.c | 6 ++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/src/core/crypto_tc.c b/src/core/crypto_tc.c index 7fbec841..3cce8601 100644 --- a/src/core/crypto_tc.c +++ b/src/core/crypto_tc.c @@ -322,7 +322,10 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in } } - if (sa_service_type != (SA_PLAINTEXT || SA_AUTHENTICATED_ENCRYPTION || SA_ENCRYPTION || SA_AUTHENTICATION)) + if ((sa_service_type != SA_PLAINTEXT) && + (sa_service_type != SA_AUTHENTICATED_ENCRYPTION) && + (sa_service_type != SA_ENCRYPTION) && + (sa_service_type != SA_AUTHENTICATION)) { printf(KRED "Unknown SA Service Type Detected!" RESET); } diff --git a/support/standalone/standalone.c b/support/standalone/standalone.c index d3fc719f..e3b0f685 100644 --- a/support/standalone/standalone.c +++ b/support/standalone/standalone.c @@ -344,6 +344,7 @@ void *crypto_standalone_tc_apply(void* socks) uint16_t tc_in_len = 0; uint8_t* tc_out_ptr; uint16_t tc_out_len = 0; + uint16_t fecf; #ifdef CRYPTO_STANDALONE_HANDLE_FRAMING uint8_t tc_framed[TC_MAX_FRAME_SIZE]; @@ -392,6 +393,11 @@ void *crypto_standalone_tc_apply(void* socks) status = Crypto_TC_ApplySecurity(tc_apply_in, tc_in_len, &tc_out_ptr, &tc_out_len); if (status == CRYPTO_LIB_SUCCESS) { + /* Calculate FECF */ + fecf = Crypto_Calc_FECF(tc_out_ptr, tc_out_len - 2); + tc_out_ptr[tc_out_len - 2] = (uint8_t)((fecf & 0xFF00) >> 8); + tc_out_ptr[tc_out_len - 1] = (uint8_t)(fecf & 0x00FF); + if (tc_debug == 1) { printf("crypto_standalone_tc_apply - status = %d, encrypted[%d]: 0x", status, tc_out_len); From ad9100fb13bcd5df4c373028f89f5bfac88e9a83 Mon Sep 17 00:00:00 2001 From: "NDC\\rjbrown6" Date: Mon, 25 Mar 2024 11:12:17 -0400 Subject: [PATCH 020/174] Revert "[nasa/cryptolib#196] Cyclomatic Complexity Refactoring" This reverts commit 76ef337f5eabc0ff917a9f2aa26ee6c8ea25a790. --- include/crypto.h | 2 +- include/crypto_error.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/crypto.h b/include/crypto.h index 6a0699f6..242b4d4e 100644 --- a/include/crypto.h +++ b/include/crypto.h @@ -94,7 +94,7 @@ extern int32_t Crypto_Init_AOS_Unit_Test(void); // Initialize CryptoLib wit // Cleanup extern int32_t Crypto_Shutdown(void); // Free all allocated memory - + // Telecommand (TC) extern int32_t Crypto_TC_ApplySecurity(const uint8_t* p_in_frame, const uint16_t in_frame_length, uint8_t** pp_enc_frame, uint16_t* p_enc_frame_len); diff --git a/include/crypto_error.h b/include/crypto_error.h index 3e61fd9a..63e0c71d 100644 --- a/include/crypto_error.h +++ b/include/crypto_error.h @@ -68,7 +68,7 @@ #define CAM_KEYTAB_FILE_KINIT_FAILURE 608 #define CAM_KERBEROS_REQUEST_TIME_OUT 609 #define CAM_MAX_AUTH_RETRIES_REACHED 610 - + #define CRYPTO_LIB_SUCCESS (0) #define CRYPTO_LIB_ERROR (-1) #define CRYPTO_LIB_ERR_NO_INIT (-2) From f59847cf0ba760d4a4a5c46ce7037ef71dfacdbf Mon Sep 17 00:00:00 2001 From: "NDC\\rjbrown6" Date: Mon, 25 Mar 2024 11:12:41 -0400 Subject: [PATCH 021/174] Revert "[nasa/cryptolib#196] WIP: Crypto_TM_ApplySecurity Refactor" This reverts commit 70d08493b056b147a604efc9bd08c80a3e62989d. --- src/core/crypto_tm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core/crypto_tm.c b/src/core/crypto_tm.c index 41f321ee..15510544 100644 --- a/src/core/crypto_tm.c +++ b/src/core/crypto_tm.c @@ -412,7 +412,7 @@ int32_t Crypto_TM_ApplySecurity(uint8_t* pTfBuffer) printf(KYEL "FECF Location is: %d\n" RESET, current_managed_parameters->max_frame_size - 2); } #endif - + // Get Key crypto_key_t* ekp = NULL; ekp = key_if->get_key(sa_ptr->ekid); From a3c2f5931a38c724b7fd8d954ab1c663a2801880 Mon Sep 17 00:00:00 2001 From: "NDC\\rjbrown6" Date: Mon, 25 Mar 2024 11:12:49 -0400 Subject: [PATCH 022/174] Revert "[nasa/cryptolib#196] Crypto_TM_ApplySecurity Refactor" This reverts commit 922a5aa91a5df18eb152ca5bb0302f9fbc7ad3aa. --- src/core/crypto_tm.c | 304 ++++++++++++++++++------------------------- 1 file changed, 127 insertions(+), 177 deletions(-) diff --git a/src/core/crypto_tm.c b/src/core/crypto_tm.c index 15510544..63545d5c 100644 --- a/src/core/crypto_tm.c +++ b/src/core/crypto_tm.c @@ -23,169 +23,6 @@ #include // memcpy/memset - -int32_t Crypto_TM_Sanity_Check(uint8_t* pTfBuffer) -{ - int32_t status = CRYPTO_LIB_SUCCESS; - // Passed a null, return an error - if (!pTfBuffer) - { - status = CRYPTO_LIB_ERR_NULL_BUFFER; - return status; - } - - if ((crypto_config.init_status == UNITIALIZED) || (mc_if == NULL) || (sa_if == NULL)) - { - printf(KRED "ERROR: CryptoLib Configuration Not Set! -- CRYPTO_LIB_ERR_NO_CONFIG, Will Exit\n" RESET); - status = CRYPTO_LIB_ERR_NO_CONFIG; - // Can't mc_log since it's not configured - return status; // return immediately so a NULL crypto_config is not dereferenced later - } - return status; -} - -int32_t Crypto_TM_Determine_SA_Service_Type(uint8_t* sa_service_type, SecurityAssociation_t* sa_ptr) -{ - int32_t status = CRYPTO_LIB_SUCCESS; - if ((sa_ptr->est == 0) && (sa_ptr->ast == 0)) - { - *sa_service_type = SA_PLAINTEXT; - } - else if ((sa_ptr->est == 0) && (sa_ptr->ast == 1)) - { - *sa_service_type = SA_AUTHENTICATION; - } - else if ((sa_ptr->est == 1) && (sa_ptr->ast == 0)) - { - *sa_service_type = SA_ENCRYPTION; - } - else if ((sa_ptr->est == 1) && (sa_ptr->ast == 1)) - { - *sa_service_type = SA_AUTHENTICATED_ENCRYPTION; - } - else - { - // Probably unnecessary check - // Leaving for now as it would be cleaner in SA to have an association enum returned I believe - printf(KRED "Error: SA Service Type is not defined! \n" RESET); - status = CRYPTO_LIB_ERROR; - mc_if->mc_log(status); - return status; - } - return status; -} - -void Crypto_TM_Check_For_Secondary_Header(uint8_t* pTfBuffer, uint16_t* idx) -{ - *idx = 4; - if((pTfBuffer[*idx] & 0x80) == 0x80) - { -#ifdef TM_DEBUG - printf(KYEL "A TM Secondary Header flag is set!\n"); -#endif - // Secondary header is present - *idx = 6; - // Determine length of secondary header - // Length coded as total length of secondary header - 1 - // Reference CCSDS 132.0-B-2 4.1.3.2.3 - uint8_t secondary_hdr_len = (pTfBuffer[*idx] & 0x3F); -#ifdef TM_DEBUG - printf(KYEL "Secondary Header Length is decoded as: %d\n", secondary_hdr_len); -#endif - // Increment from current byte (1st byte of secondary header), - // to where the SPI would start - *idx += secondary_hdr_len + 1; - } - else - { - // No Secondary header, carry on as usual and increment to SPI start - *idx = 6; - } -} - -int32_t Crypto_TM_IV_Sanity_Check(uint8_t* sa_service_type, SecurityAssociation_t* sa_ptr) -{ - int32_t status = CRYPTO_LIB_SUCCESS; - #ifdef SA_DEBUG - if (sa_ptr->shivf_len > 0 && sa_ptr->iv != NULL) - { - printf(KYEL "Using IV value:\n\t"); - for (int i = 0; i < sa_ptr->iv_len; i++) - { - printf("%02x", *(sa_ptr->iv + i)); - } - printf("\n" RESET); - printf(KYEL "Transmitted IV value:\n\t"); - for (int i = sa_ptr->iv_len - sa_ptr->shivf_len; i < sa_ptr->iv_len; i++) - { - printf("%02x", *(sa_ptr->iv + i)); - } - printf("\n" RESET); - } -#endif - if(*sa_service_type != SA_PLAINTEXT && sa_ptr->ecs_len == 0 && sa_ptr->acs_len ==0) - { - status = CRYPTO_LIB_ERR_NULL_CIPHERS; -#ifdef TM_DEBUG - printf(KRED "CRYPTO_LIB_ERR_NULL_CIPHERS, Invalid cipher lengths, %d\n" RESET, CRYPTO_LIB_ERR_NULL_CIPHERS); -#endif - mc_if->mc_log(status); - return status; - } - - if(sa_ptr->est == 0 && sa_ptr->ast == 1) - { - if(sa_ptr->acs_len != 0) - { - if((sa_ptr->acs == CRYPTO_MAC_CMAC_AES256 || sa_ptr->acs == CRYPTO_MAC_HMAC_SHA256 || sa_ptr->acs == CRYPTO_MAC_HMAC_SHA512) && - sa_ptr->iv_len > 0 ) - { - status = CRYPTO_LIB_ERR_IV_NOT_SUPPORTED_FOR_ACS_ALGO; - mc_if->mc_log(status); - return status; - } - } - } - return status; -} - -void Crypto_TM_PKCS_Padding(uint32_t* pkcs_padding, SecurityAssociation_t* sa_ptr, uint8_t* pTfBuffer, uint16_t* idx_p) -{ - uint16_t idx = *idx_p; - if(*pkcs_padding) - { - uint8_t hex_padding[3] = {0}; //TODO: Create #Define for the 3 - *pkcs_padding = *pkcs_padding & 0x00FFFFFF; // Truncate to be maxiumum of 3 bytes in size - - // Byte Magic - hex_padding[0] = (*pkcs_padding >> 16) & 0xFF; - hex_padding[1] = (*pkcs_padding >> 8) & 0xFF; - hex_padding[2] = (*pkcs_padding) & 0xFF; - - uint8_t padding_start = 0; - padding_start = 3 - sa_ptr->shplf_len; - - for (int i = 0; i < sa_ptr->shplf_len; i++) - { - pTfBuffer[idx] = hex_padding[padding_start++]; - idx++; - } - } - *idx_p = idx; -} - -void Crypto_TM_Handle_Managed_Parameter_Flags(uint16_t* pdu_len) -{ - if(current_managed_parameters->has_ocf == TM_HAS_OCF) - { - *pdu_len -= 4; - } - if(current_managed_parameters->has_fecf == TM_HAS_FECF) - { - *pdu_len -= 2; - } -} - /** * @brief Function: Crypto_TM_ApplySecurity * @param ingest: uint8_t* @@ -223,10 +60,18 @@ int32_t Crypto_TM_ApplySecurity(uint8_t* pTfBuffer) uint16_t scid = 0; uint16_t vcid = 0; - status = Crypto_TM_Sanity_Check(pTfBuffer); - if(status != CRYPTO_LIB_SUCCESS) + // Passed a null, return an error + if (!pTfBuffer) { - return status; + return CRYPTO_LIB_ERR_NULL_BUFFER; + } + + if ((crypto_config.init_status == UNITIALIZED) || (mc_if == NULL) || (sa_if == NULL)) + { + printf(KRED "ERROR: CryptoLib Configuration Not Set! -- CRYPTO_LIB_ERR_NO_CONFIG, Will Exit\n" RESET); + status = CRYPTO_LIB_ERR_NO_CONFIG; + // Can't mc_log since it's not configured + return status; // return immediately so a NULL crypto_config is not dereferenced later } tfvn = ((uint8_t)pTfBuffer[0] & 0xC0) >> 6; @@ -287,9 +132,31 @@ int32_t Crypto_TM_ApplySecurity(uint8_t* pTfBuffer) #endif // Determine SA Service Type - status = Crypto_TM_Determine_SA_Service_Type(&sa_service_type, sa_ptr); - if(status != CRYPTO_LIB_SUCCESS) return status; - + if ((sa_ptr->est == 0) && (sa_ptr->ast == 0)) + { + sa_service_type = SA_PLAINTEXT; + } + else if ((sa_ptr->est == 0) && (sa_ptr->ast == 1)) + { + sa_service_type = SA_AUTHENTICATION; + } + else if ((sa_ptr->est == 1) && (sa_ptr->ast == 0)) + { + sa_service_type = SA_ENCRYPTION; + } + else if ((sa_ptr->est == 1) && (sa_ptr->ast == 1)) + { + sa_service_type = SA_AUTHENTICATED_ENCRYPTION; + } + else + { + // Probably unnecessary check + // Leaving for now as it would be cleaner in SA to have an association enum returned I believe + printf(KRED "Error: SA Service Type is not defined! \n" RESET); + status = CRYPTO_LIB_ERROR; + mc_if->mc_log(status); + return status; + } // Determine Algorithm cipher & mode. // TODO - Parse authentication_cipher, and handle AEAD cases properly if (sa_service_type != SA_PLAINTEXT) @@ -319,8 +186,30 @@ int32_t Crypto_TM_ApplySecurity(uint8_t* pTfBuffer) // Note: Secondary headers are static only for a mission phase, not guaranteed static // over the life of a mission Per CCSDS 132.0-B.3 Section 4.1.2.7.2.3 // Secondary Header flag is 1st bit of 5th byte (index 4) - Crypto_TM_Check_For_Secondary_Header(pTfBuffer, &idx); - + idx = 4; + if((pTfBuffer[idx] & 0x80) == 0x80) + { +#ifdef TM_DEBUG + printf(KYEL "A TM Secondary Header flag is set!\n"); +#endif + // Secondary header is present + idx = 6; + // Determine length of secondary header + // Length coded as total length of secondary header - 1 + // Reference CCSDS 132.0-B-2 4.1.3.2.3 + uint8_t secondary_hdr_len = (pTfBuffer[idx] & 0x3F); +#ifdef TM_DEBUG + printf(KYEL "Secondary Header Length is decoded as: %d\n", secondary_hdr_len); +#endif + // Increment from current byte (1st byte of secondary header), + // to where the SPI would start + idx += secondary_hdr_len + 1; + } + else + { + // No Secondary header, carry on as usual and increment to SPI start + idx = 6; + } /** * Begin Security Header Fields * Reference CCSDS SDLP 3550b1 4.1.1.1.3 @@ -332,9 +221,46 @@ int32_t Crypto_TM_ApplySecurity(uint8_t* pTfBuffer) idx += 2; // Set initialization vector if specified - status = Crypto_TM_IV_Sanity_Check(&sa_service_type, sa_ptr); - if(status != CRYPTO_LIB_SUCCESS) return status; +#ifdef SA_DEBUG + if (sa_ptr->shivf_len > 0 && sa_ptr->iv != NULL) + { + printf(KYEL "Using IV value:\n\t"); + for (i = 0; i < sa_ptr->iv_len; i++) + { + printf("%02x", *(sa_ptr->iv + i)); + } + printf("\n" RESET); + printf(KYEL "Transmitted IV value:\n\t"); + for (i = sa_ptr->iv_len - sa_ptr->shivf_len; i < sa_ptr->iv_len; i++) + { + printf("%02x", *(sa_ptr->iv + i)); + } + printf("\n" RESET); + } +#endif + if(sa_service_type != SA_PLAINTEXT && sa_ptr->ecs_len == 0 && sa_ptr->acs_len ==0) + { + status = CRYPTO_LIB_ERR_NULL_CIPHERS; +#ifdef TM_DEBUG + printf(KRED "CRYPTO_LIB_ERR_NULL_CIPHERS, Invalid cipher lengths, %d\n" RESET, CRYPTO_LIB_ERR_NULL_CIPHERS); +#endif + mc_if->mc_log(status); + return status; + } + if(sa_ptr->est == 0 && sa_ptr->ast == 1) + { + if(sa_ptr->acs_len != 0) + { + if((sa_ptr->acs == CRYPTO_MAC_CMAC_AES256 || sa_ptr->acs == CRYPTO_MAC_HMAC_SHA256 || sa_ptr->acs == CRYPTO_MAC_HMAC_SHA512) && + sa_ptr->iv_len > 0 ) + { + status = CRYPTO_LIB_ERR_IV_NOT_SUPPORTED_FOR_ACS_ALGO; + mc_if->mc_log(status); + return status; + } + } + } // Start index from the transmitted portion for (i = sa_ptr->iv_len - sa_ptr->shivf_len; i < sa_ptr->iv_len; i++) { @@ -369,7 +295,26 @@ int32_t Crypto_TM_ApplySecurity(uint8_t* pTfBuffer) * cryptographic process, consisting of an integral number of octets. - CCSDS 3550b1 **/ // TODO: Set this depending on crypto cipher used - Crypto_TM_PKCS_Padding(&pkcs_padding, sa_ptr, pTfBuffer, &idx); + + if(pkcs_padding) + { + uint8_t hex_padding[3] = {0}; //TODO: Create #Define for the 3 + pkcs_padding = pkcs_padding & 0x00FFFFFF; // Truncate to be maxiumum of 3 bytes in size + + // Byte Magic + hex_padding[0] = (pkcs_padding >> 16) & 0xFF; + hex_padding[1] = (pkcs_padding >> 8) & 0xFF; + hex_padding[2] = (pkcs_padding) & 0xFF; + + uint8_t padding_start = 0; + padding_start = 3 - sa_ptr->shplf_len; + + for (i = 0; i < sa_ptr->shplf_len; i++) + { + pTfBuffer[idx] = hex_padding[padding_start++]; + idx++; + } + } /** * End Security Header Fields @@ -392,10 +337,15 @@ int32_t Crypto_TM_ApplySecurity(uint8_t* pTfBuffer) data_loc = idx; // Calculate size of data to be encrypted pdu_len = current_managed_parameters->max_frame_size - idx - sa_ptr->stmacf_len; - // Check other managed parameter flags, subtract their lengths from data field if present - Crypto_TM_Handle_Managed_Parameter_Flags(&pdu_len); - + if(current_managed_parameters->has_ocf == TM_HAS_OCF) + { + pdu_len -= 4; + } + if(current_managed_parameters->has_fecf == TM_HAS_FECF) + { + pdu_len -= 2; + } #ifdef TM_DEBUG printf(KYEL "Data location starts at: %d\n" RESET, idx); From b01824aba5e572edd1fec24d5d2d49e563d2f7c4 Mon Sep 17 00:00:00 2001 From: Robert Brown Date: Tue, 26 Mar 2024 14:27:06 +0000 Subject: [PATCH 023/174] [nasa/cryptolib#196] Unused Variable Fixes --- src/core/crypto_tc.c | 6 +++--- src/sa/internal/sa_interface_inmemory.template.c | 5 +++++ 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/src/core/crypto_tc.c b/src/core/crypto_tc.c index 9c5ad0f8..0864c5c7 100644 --- a/src/core/crypto_tc.c +++ b/src/core/crypto_tc.c @@ -410,7 +410,6 @@ int32_t Crypto_TC_Do_Encrypt_PLAINTEXT(uint8_t sa_service_type, SecurityAssociat void Crypto_TC_Do_Encrypt_NONPLAINTEXT(uint8_t sa_service_type, SecurityAssociation_t* sa_ptr) { - int i = 0; if (sa_service_type != SA_PLAINTEXT) { #ifdef INCREMENT @@ -437,6 +436,7 @@ void Crypto_TC_Do_Encrypt_NONPLAINTEXT(uint8_t sa_service_type, SecurityAssociat #ifdef SA_DEBUG if (sa_ptr->iv_len > 0) { + int i = 0; printf(KYEL "Next IV value is:\n\t"); for (i = 0; i < sa_ptr->iv_len; i++) { @@ -533,7 +533,6 @@ int32_t Crypto_TC_Check_Init_Setup(uint16_t in_frame_length) int32_t Crypto_TC_Sanity_Setup(const uint8_t* p_in_frame, const uint16_t in_frame_length) { - int i; uint32_t status = CRYPTO_LIB_SUCCESS; if (p_in_frame == NULL) { @@ -544,6 +543,7 @@ int32_t Crypto_TC_Sanity_Setup(const uint8_t* p_in_frame, const uint16_t in_fram } #ifdef DEBUG + int i; printf("%d TF Bytes received\n", in_frame_length); printf("DEBUG - "); for (i = 0; i < in_frame_length; i++) @@ -685,10 +685,10 @@ void Crypto_TC_Handle_Padding(uint32_t pkcs_padding, SecurityAssociation_t* sa_p int32_t Crypto_TC_Set_IV(SecurityAssociation_t* sa_ptr, uint8_t* p_new_enc_frame, uint16_t* index) { uint32_t status = CRYPTO_LIB_SUCCESS; - int i = 0; #ifdef SA_DEBUG if (sa_ptr->shivf_len > 0 && sa_ptr->iv != NULL) { + int i = 0; printf(KYEL "Using IV value:\n\t"); for (i = 0; i < sa_ptr->iv_len; i++) { diff --git a/src/sa/internal/sa_interface_inmemory.template.c b/src/sa/internal/sa_interface_inmemory.template.c index ce6e3605..7e129e5c 100644 --- a/src/sa/internal/sa_interface_inmemory.template.c +++ b/src/sa/internal/sa_interface_inmemory.template.c @@ -595,6 +595,11 @@ void sa_debug_block(uint8_t tfvn, uint16_t scid, uint16_t vcid, uint8_t mapid) printf(KYEL "\tvcid %d\n" RESET, vcid); printf(KYEL "\tmapid %02X\n" RESET, mapid); #endif +// Ignore Unused Variables + (void) tfvn; + (void) scid; + (void) vcid; + (void) mapid; } int32_t sa_get_operational_sa_from_gvcid_generate_error(int32_t* status, uint8_t tfvn, uint16_t scid, uint16_t vcid, uint8_t mapid) From dff75abac1e2162650da72f55f7731ff3b4c37af Mon Sep 17 00:00:00 2001 From: Robert Brown Date: Tue, 26 Mar 2024 14:30:25 +0000 Subject: [PATCH 024/174] [nasa/cryptolib#196] Unused Variable Fixes - misplaced i --- src/core/crypto_tc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core/crypto_tc.c b/src/core/crypto_tc.c index 0864c5c7..b5aebcdf 100644 --- a/src/core/crypto_tc.c +++ b/src/core/crypto_tc.c @@ -434,9 +434,9 @@ void Crypto_TC_Do_Encrypt_NONPLAINTEXT(uint8_t sa_service_type, SecurityAssociat } #ifdef SA_DEBUG + int i = 0; if (sa_ptr->iv_len > 0) { - int i = 0; printf(KYEL "Next IV value is:\n\t"); for (i = 0; i < sa_ptr->iv_len; i++) { From ebb80331c768189d277ad953eec797bd9b6c8b99 Mon Sep 17 00:00:00 2001 From: Robert Brown Date: Tue, 26 Mar 2024 14:34:50 +0000 Subject: [PATCH 025/174] [nasa/cryptolib#196] KMC Build fix - missing & for pointer --- src/crypto/kmc/base64url.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/crypto/kmc/base64url.c b/src/crypto/kmc/base64url.c index e1c53cc5..dd2acaed 100644 --- a/src/crypto/kmc/base64url.c +++ b/src/crypto/kmc/base64url.c @@ -286,7 +286,7 @@ int32_t base64urlDecode(const char_t* input, size_t inputLen, void* output, //Check status code if(!error) { - base64urlDecode_rempadding(inputLen,value, n, p); + base64urlDecode_rempadding(inputLen,value, &n, p); } //Total number of bytes that have been written From 8c6daf31ef0177f860e5c1686be537e0a3f6a7ad Mon Sep 17 00:00:00 2001 From: Robert Brown Date: Tue, 26 Mar 2024 16:00:34 +0000 Subject: [PATCH 026/174] [nasa/Cryptolib#230] WIP: TM Apply Refactoring --- src/core/crypto_tm.c | 336 +++++++++++++++++++++++++------------------ 1 file changed, 198 insertions(+), 138 deletions(-) diff --git a/src/core/crypto_tm.c b/src/core/crypto_tm.c index 63545d5c..7719f861 100644 --- a/src/core/crypto_tm.c +++ b/src/core/crypto_tm.c @@ -23,6 +23,190 @@ #include // memcpy/memset +int32_t Crypto_TM_Sanity_Check(uint8_t* pTfBuffer) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + // Passed a null, return an error + if (!pTfBuffer) + { + return CRYPTO_LIB_ERR_NULL_BUFFER; + return status; + } + + if ((crypto_config.init_status == UNITIALIZED) || (mc_if == NULL) || (sa_if == NULL)) + { + printf(KRED "ERROR: CryptoLib Configuration Not Set! -- CRYPTO_LIB_ERR_NO_CONFIG, Will Exit\n" RESET); + status = CRYPTO_LIB_ERR_NO_CONFIG; + // Can't mc_log since it's not configured + return status; // return immediately so a NULL crypto_config is not dereferenced later + } + return status; +} + +int32_t Crypto_TM_Determine_SA_Service_Type(uint8_t* sa_service_type, SecurityAssociation_t* sa_ptr) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + if ((sa_ptr->est == 0) && (sa_ptr->ast == 0)) + { + *sa_service_type = SA_PLAINTEXT; + } + else if ((sa_ptr->est == 0) && (sa_ptr->ast == 1)) + { + *sa_service_type = SA_AUTHENTICATION; + } + else if ((sa_ptr->est == 1) && (sa_ptr->ast == 0)) + { + *sa_service_type = SA_ENCRYPTION; + } + else if ((sa_ptr->est == 1) && (sa_ptr->ast == 1)) + { + *sa_service_type = SA_AUTHENTICATED_ENCRYPTION; + } + else + { + // Probably unnecessary check + // Leaving for now as it would be cleaner in SA to have an association enum returned I believe + printf(KRED "Error: SA Service Type is not defined! \n" RESET); + status = CRYPTO_LIB_ERROR; + mc_if->mc_log(status); + return status; + } + return status; +} + +void Crypto_TM_Check_For_Secondary_Header(uint8_t* pTfBuffer, uint16_t* idx) +{ + *idx = 4; + if((pTfBuffer[*idx] & 0x80) == 0x80) + { +#ifdef TM_DEBUG + printf(KYEL "A TM Secondary Header flag is set!\n"); +#endif + // Secondary header is present + *idx = 6; + // Determine length of secondary header + // Length coded as total length of secondary header - 1 + // Reference CCSDS 132.0-B-2 4.1.3.2.3 + uint8_t secondary_hdr_len = (pTfBuffer[*idx] & 0x3F); +#ifdef TM_DEBUG + printf(KYEL "Secondary Header Length is decoded as: %d\n", secondary_hdr_len); +#endif + // Increment from current byte (1st byte of secondary header), + // to where the SPI would start + *idx += secondary_hdr_len + 1; + } + else + { + // No Secondary header, carry on as usual and increment to SPI start + *idx = 6; + } +} + +int32_t Crypto_TM_IV_Sanity_Check(uint8_t* sa_service_type, SecurityAssociation_t* sa_ptr) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + #ifdef SA_DEBUG + if (sa_ptr->shivf_len > 0 && sa_ptr->iv != NULL) + { + printf(KYEL "Using IV value:\n\t"); + for (int i = 0; i < sa_ptr->iv_len; i++) + { + printf("%02x", *(sa_ptr->iv + i)); + } + printf("\n" RESET); + printf(KYEL "Transmitted IV value:\n\t"); + for (int i = sa_ptr->iv_len - sa_ptr->shivf_len; i < sa_ptr->iv_len; i++) + { + printf("%02x", *(sa_ptr->iv + i)); + } + printf("\n" RESET); + } +#endif + if(*sa_service_type != SA_PLAINTEXT && sa_ptr->ecs_len == 0 && sa_ptr->acs_len ==0) + { + status = CRYPTO_LIB_ERR_NULL_CIPHERS; +#ifdef TM_DEBUG + printf(KRED "CRYPTO_LIB_ERR_NULL_CIPHERS, Invalid cipher lengths, %d\n" RESET, CRYPTO_LIB_ERR_NULL_CIPHERS); +#endif + mc_if->mc_log(status); + return status; + } + + if(sa_ptr->est == 0 && sa_ptr->ast == 1) + { + if(sa_ptr->acs_len != 0) + { + if((sa_ptr->acs == CRYPTO_MAC_CMAC_AES256 || sa_ptr->acs == CRYPTO_MAC_HMAC_SHA256 || sa_ptr->acs == CRYPTO_MAC_HMAC_SHA512) && + sa_ptr->iv_len > 0 ) + { + status = CRYPTO_LIB_ERR_IV_NOT_SUPPORTED_FOR_ACS_ALGO; + mc_if->mc_log(status); + return status; + } + } + } + return status; +} + +void Crypto_TM_PKCS_Padding(uint32_t* pkcs_padding, SecurityAssociation_t* sa_ptr, uint8_t* pTfBuffer, uint16_t* idx_p) +{ + uint16_t idx = *idx_p; + if(*pkcs_padding) + { + uint8_t hex_padding[3] = {0}; //TODO: Create #Define for the 3 + *pkcs_padding = *pkcs_padding & 0x00FFFFFF; // Truncate to be maxiumum of 3 bytes in size + + // Byte Magic + hex_padding[0] = (*pkcs_padding >> 16) & 0xFF; + hex_padding[1] = (*pkcs_padding >> 8) & 0xFF; + hex_padding[2] = (*pkcs_padding) & 0xFF; + + uint8_t padding_start = 0; + padding_start = 3 - sa_ptr->shplf_len; + + for (int i = 0; i < sa_ptr->shplf_len; i++) + { + pTfBuffer[idx] = hex_padding[padding_start++]; + idx++; + } + } + *idx_p = idx; +} + +void Crypto_TM_Handle_Managed_Parameter_Flags(uint16_t* pdu_len) +{ + if(current_managed_parameters->has_ocf == TM_HAS_OCF) + { + *pdu_len -= 4; + } + if(current_managed_parameters->has_fecf == TM_HAS_FECF) + { + *pdu_len -= 2; + } +} + +int32_t Crypto_TM_Get_Keys(crypto_key_t** ekp, crypto_key_t** akp, SecurityAssociation_t* sa_ptr) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + *ekp = key_if->get_key(sa_ptr->ekid); + if (ekp == NULL) + { + status = CRYPTO_LIB_ERR_KEY_ID_ERROR; + mc_if->mc_log(status); + return status; + } + + + *akp = key_if->get_key(sa_ptr->akid); + if (akp == NULL) + { + status = CRYPTO_LIB_ERR_KEY_ID_ERROR; + mc_if->mc_log(status); + return status; + } + return status; +} + /** * @brief Function: Crypto_TM_ApplySecurity * @param ingest: uint8_t* @@ -60,18 +244,10 @@ int32_t Crypto_TM_ApplySecurity(uint8_t* pTfBuffer) uint16_t scid = 0; uint16_t vcid = 0; - // Passed a null, return an error - if (!pTfBuffer) + status = Crypto_TM_Sanity_Check(pTfBuffer); + if(status != CRYPTO_LIB_SUCCESS) { - return CRYPTO_LIB_ERR_NULL_BUFFER; - } - - if ((crypto_config.init_status == UNITIALIZED) || (mc_if == NULL) || (sa_if == NULL)) - { - printf(KRED "ERROR: CryptoLib Configuration Not Set! -- CRYPTO_LIB_ERR_NO_CONFIG, Will Exit\n" RESET); - status = CRYPTO_LIB_ERR_NO_CONFIG; - // Can't mc_log since it's not configured - return status; // return immediately so a NULL crypto_config is not dereferenced later + return status; } tfvn = ((uint8_t)pTfBuffer[0] & 0xC0) >> 6; @@ -132,31 +308,8 @@ int32_t Crypto_TM_ApplySecurity(uint8_t* pTfBuffer) #endif // Determine SA Service Type - if ((sa_ptr->est == 0) && (sa_ptr->ast == 0)) - { - sa_service_type = SA_PLAINTEXT; - } - else if ((sa_ptr->est == 0) && (sa_ptr->ast == 1)) - { - sa_service_type = SA_AUTHENTICATION; - } - else if ((sa_ptr->est == 1) && (sa_ptr->ast == 0)) - { - sa_service_type = SA_ENCRYPTION; - } - else if ((sa_ptr->est == 1) && (sa_ptr->ast == 1)) - { - sa_service_type = SA_AUTHENTICATED_ENCRYPTION; - } - else - { - // Probably unnecessary check - // Leaving for now as it would be cleaner in SA to have an association enum returned I believe - printf(KRED "Error: SA Service Type is not defined! \n" RESET); - status = CRYPTO_LIB_ERROR; - mc_if->mc_log(status); - return status; - } + status = Crypto_TM_Determine_SA_Service_Type(&sa_service_type, sa_ptr); + if(status != CRYPTO_LIB_SUCCESS) return status; // Determine Algorithm cipher & mode. // TODO - Parse authentication_cipher, and handle AEAD cases properly if (sa_service_type != SA_PLAINTEXT) @@ -186,30 +339,9 @@ int32_t Crypto_TM_ApplySecurity(uint8_t* pTfBuffer) // Note: Secondary headers are static only for a mission phase, not guaranteed static // over the life of a mission Per CCSDS 132.0-B.3 Section 4.1.2.7.2.3 // Secondary Header flag is 1st bit of 5th byte (index 4) - idx = 4; - if((pTfBuffer[idx] & 0x80) == 0x80) - { -#ifdef TM_DEBUG - printf(KYEL "A TM Secondary Header flag is set!\n"); -#endif - // Secondary header is present - idx = 6; - // Determine length of secondary header - // Length coded as total length of secondary header - 1 - // Reference CCSDS 132.0-B-2 4.1.3.2.3 - uint8_t secondary_hdr_len = (pTfBuffer[idx] & 0x3F); -#ifdef TM_DEBUG - printf(KYEL "Secondary Header Length is decoded as: %d\n", secondary_hdr_len); -#endif - // Increment from current byte (1st byte of secondary header), - // to where the SPI would start - idx += secondary_hdr_len + 1; - } - else - { - // No Secondary header, carry on as usual and increment to SPI start - idx = 6; - } + + Crypto_TM_Check_For_Secondary_Header(pTfBuffer, &idx); + /** * Begin Security Header Fields * Reference CCSDS SDLP 3550b1 4.1.1.1.3 @@ -221,46 +353,9 @@ int32_t Crypto_TM_ApplySecurity(uint8_t* pTfBuffer) idx += 2; // Set initialization vector if specified -#ifdef SA_DEBUG - if (sa_ptr->shivf_len > 0 && sa_ptr->iv != NULL) - { - printf(KYEL "Using IV value:\n\t"); - for (i = 0; i < sa_ptr->iv_len; i++) - { - printf("%02x", *(sa_ptr->iv + i)); - } - printf("\n" RESET); - printf(KYEL "Transmitted IV value:\n\t"); - for (i = sa_ptr->iv_len - sa_ptr->shivf_len; i < sa_ptr->iv_len; i++) - { - printf("%02x", *(sa_ptr->iv + i)); - } - printf("\n" RESET); - } -#endif - if(sa_service_type != SA_PLAINTEXT && sa_ptr->ecs_len == 0 && sa_ptr->acs_len ==0) - { - status = CRYPTO_LIB_ERR_NULL_CIPHERS; -#ifdef TM_DEBUG - printf(KRED "CRYPTO_LIB_ERR_NULL_CIPHERS, Invalid cipher lengths, %d\n" RESET, CRYPTO_LIB_ERR_NULL_CIPHERS); -#endif - mc_if->mc_log(status); - return status; - } + status = Crypto_TM_IV_Sanity_Check(&sa_service_type, sa_ptr); + if(status != CRYPTO_LIB_SUCCESS) return status; - if(sa_ptr->est == 0 && sa_ptr->ast == 1) - { - if(sa_ptr->acs_len != 0) - { - if((sa_ptr->acs == CRYPTO_MAC_CMAC_AES256 || sa_ptr->acs == CRYPTO_MAC_HMAC_SHA256 || sa_ptr->acs == CRYPTO_MAC_HMAC_SHA512) && - sa_ptr->iv_len > 0 ) - { - status = CRYPTO_LIB_ERR_IV_NOT_SUPPORTED_FOR_ACS_ALGO; - mc_if->mc_log(status); - return status; - } - } - } // Start index from the transmitted portion for (i = sa_ptr->iv_len - sa_ptr->shivf_len; i < sa_ptr->iv_len; i++) { @@ -295,26 +390,8 @@ int32_t Crypto_TM_ApplySecurity(uint8_t* pTfBuffer) * cryptographic process, consisting of an integral number of octets. - CCSDS 3550b1 **/ // TODO: Set this depending on crypto cipher used + Crypto_TM_PKCS_Padding(&pkcs_padding, sa_ptr, pTfBuffer, &idx); - if(pkcs_padding) - { - uint8_t hex_padding[3] = {0}; //TODO: Create #Define for the 3 - pkcs_padding = pkcs_padding & 0x00FFFFFF; // Truncate to be maxiumum of 3 bytes in size - - // Byte Magic - hex_padding[0] = (pkcs_padding >> 16) & 0xFF; - hex_padding[1] = (pkcs_padding >> 8) & 0xFF; - hex_padding[2] = (pkcs_padding) & 0xFF; - - uint8_t padding_start = 0; - padding_start = 3 - sa_ptr->shplf_len; - - for (i = 0; i < sa_ptr->shplf_len; i++) - { - pTfBuffer[idx] = hex_padding[padding_start++]; - idx++; - } - } /** * End Security Header Fields @@ -338,14 +415,7 @@ int32_t Crypto_TM_ApplySecurity(uint8_t* pTfBuffer) // Calculate size of data to be encrypted pdu_len = current_managed_parameters->max_frame_size - idx - sa_ptr->stmacf_len; // Check other managed parameter flags, subtract their lengths from data field if present - if(current_managed_parameters->has_ocf == TM_HAS_OCF) - { - pdu_len -= 4; - } - if(current_managed_parameters->has_fecf == TM_HAS_FECF) - { - pdu_len -= 2; - } + Crypto_TM_Handle_Managed_Parameter_Flags(&pdu_len); #ifdef TM_DEBUG printf(KYEL "Data location starts at: %d\n" RESET, idx); @@ -365,20 +435,10 @@ int32_t Crypto_TM_ApplySecurity(uint8_t* pTfBuffer) // Get Key crypto_key_t* ekp = NULL; - ekp = key_if->get_key(sa_ptr->ekid); - if (ekp == NULL) - { - status = CRYPTO_LIB_ERR_KEY_ID_ERROR; - mc_if->mc_log(status); - return status; - } - crypto_key_t* akp = NULL; - akp = key_if->get_key(sa_ptr->akid); - if (akp == NULL) + status = Crypto_TM_Get_Keys(&ekp, &akp, sa_ptr); + if(status != CRYPTO_LIB_SUCCESS) { - status = CRYPTO_LIB_ERR_KEY_ID_ERROR; - mc_if->mc_log(status); return status; } From d8bbe635c6b194a2bb697de0a84ccaaeec22d208 Mon Sep 17 00:00:00 2001 From: Robert Brown Date: Tue, 26 Mar 2024 19:33:23 +0000 Subject: [PATCH 027/174] [nasa/cryptolib#196] Fix varable names to lowercase --- src/core/crypto.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/src/core/crypto.c b/src/core/crypto.c index df002664..a19176b8 100644 --- a/src/core/crypto.c +++ b/src/core/crypto.c @@ -827,7 +827,7 @@ int32_t Crypto_Check_Anti_Replay_Verify_Pointers(SecurityAssociation_t* sa_ptr, return status; } -int32_t Crypto_Check_Anti_Replay_ARSNW(SecurityAssociation_t* sa_ptr, uint8_t* arsn, int8_t* ARSN_VALID) +int32_t Crypto_Check_Anti_Replay_ARSNW(SecurityAssociation_t* sa_ptr, uint8_t* arsn, int8_t* arsn_valid) { int32_t status = CRYPTO_LIB_SUCCESS; if (sa_ptr->shsnf_len > 0) @@ -855,14 +855,14 @@ int32_t Crypto_Check_Anti_Replay_ARSNW(SecurityAssociation_t* sa_ptr, uint8_t* a // Valid ARSN received, increment stored value else { - *ARSN_VALID = CRYPTO_TRUE; + *arsn_valid = CRYPTO_TRUE; // memcpy(sa_ptr->arsn, arsn, sa_ptr->arsn_len); } } return status; } -int32_t Crypto_Check_Anti_Replay_GCM(SecurityAssociation_t* sa_ptr, uint8_t* iv, int8_t* IV_VALID) +int32_t Crypto_Check_Anti_Replay_GCM(SecurityAssociation_t* sa_ptr, uint8_t* iv, int8_t* iv_valid) { int32_t status = CRYPTO_LIB_SUCCESS; if ((sa_ptr->iv_len > 0) && (sa_ptr->ecs == CRYPTO_CIPHER_AES256_GCM)) @@ -898,7 +898,7 @@ int32_t Crypto_Check_Anti_Replay_GCM(SecurityAssociation_t* sa_ptr, uint8_t* iv, // Valid IV received, increment stored value else { - *IV_VALID = CRYPTO_TRUE; + *iv_valid = CRYPTO_TRUE; // memcpy(sa_ptr->iv, iv, sa_ptr->iv_len); } } @@ -911,8 +911,8 @@ int32_t Crypto_Check_Anti_Replay_GCM(SecurityAssociation_t* sa_ptr, uint8_t* iv, int32_t Crypto_Check_Anti_Replay(SecurityAssociation_t* sa_ptr, uint8_t* arsn, uint8_t* iv) { int32_t status = CRYPTO_LIB_SUCCESS; - int8_t IV_VALID = -1; - int8_t ARSN_VALID = -1; + int8_t iv_valid = -1; + int8_t arsn_valid = -1; // Check for NULL pointers status = Crypto_Check_Anti_Replay_Verify_Pointers(sa_ptr, arsn, iv); @@ -923,7 +923,7 @@ int32_t Crypto_Check_Anti_Replay(SecurityAssociation_t* sa_ptr, uint8_t* arsn, u } // If sequence number field is greater than zero, check for replay - status = Crypto_Check_Anti_Replay_ARSNW(sa_ptr, arsn, &ARSN_VALID); + status = Crypto_Check_Anti_Replay_ARSNW(sa_ptr, arsn, &arsn_valid); if(status != CRYPTO_LIB_SUCCESS) { mc_if->mc_log(status); @@ -931,7 +931,7 @@ int32_t Crypto_Check_Anti_Replay(SecurityAssociation_t* sa_ptr, uint8_t* arsn, u } // If IV is greater than zero and using GCM, check for replay - status = Crypto_Check_Anti_Replay_GCM(sa_ptr, iv, &IV_VALID); + status = Crypto_Check_Anti_Replay_GCM(sa_ptr, iv, &iv_valid); if(status != CRYPTO_LIB_SUCCESS) { mc_if->mc_log(status); @@ -939,10 +939,10 @@ int32_t Crypto_Check_Anti_Replay(SecurityAssociation_t* sa_ptr, uint8_t* arsn, u } // For GCM specifically, if have a valid IV... - if ((sa_ptr->ecs == CRYPTO_CIPHER_AES256_GCM) && (IV_VALID == CRYPTO_TRUE)) + if ((sa_ptr->ecs == CRYPTO_CIPHER_AES256_GCM) && (iv_valid == CRYPTO_TRUE)) { // Using ARSN? Need to be valid to increment both - if (sa_ptr->arsn_len > 0 && ARSN_VALID == CRYPTO_TRUE) + if (sa_ptr->arsn_len > 0 && arsn_valid == CRYPTO_TRUE) { memcpy(sa_ptr->iv, iv, sa_ptr->iv_len); memcpy(sa_ptr->arsn, arsn, sa_ptr->arsn_len); @@ -955,7 +955,7 @@ int32_t Crypto_Check_Anti_Replay(SecurityAssociation_t* sa_ptr, uint8_t* arsn, u } // If not GCM, and ARSN is valid - can incrmeent it - if (sa_ptr->ecs != CRYPTO_CIPHER_AES256_GCM && ARSN_VALID == CRYPTO_TRUE) + if (sa_ptr->ecs != CRYPTO_CIPHER_AES256_GCM && arsn_valid == CRYPTO_TRUE) { memcpy(sa_ptr->arsn, arsn, sa_ptr->arsn_len); } From 8e163bb72e16520c9837ee72c68c048371e6a3a4 Mon Sep 17 00:00:00 2001 From: Robert Brown Date: Tue, 26 Mar 2024 19:51:57 +0000 Subject: [PATCH 028/174] [nasa/cryptolib#196] Refactor for single return - Check Anti Replay --- src/core/crypto.c | 49 +++++++++++++++++++++++++++++++++-------------- 1 file changed, 35 insertions(+), 14 deletions(-) diff --git a/src/core/crypto.c b/src/core/crypto.c index a19176b8..764e6c83 100644 --- a/src/core/crypto.c +++ b/src/core/crypto.c @@ -916,28 +916,43 @@ int32_t Crypto_Check_Anti_Replay(SecurityAssociation_t* sa_ptr, uint8_t* arsn, u // Check for NULL pointers status = Crypto_Check_Anti_Replay_Verify_Pointers(sa_ptr, arsn, iv); - if(status != CRYPTO_LIB_SUCCESS) - { - mc_if->mc_log(status); - return status; - } - + // If sequence number field is greater than zero, check for replay - status = Crypto_Check_Anti_Replay_ARSNW(sa_ptr, arsn, &arsn_valid); - if(status != CRYPTO_LIB_SUCCESS) + if(status == CRYPTO_LIB_SUCCESS) { - mc_if->mc_log(status); - return status; + status = Crypto_Check_Anti_Replay_ARSNW(sa_ptr, arsn, &arsn_valid); } // If IV is greater than zero and using GCM, check for replay - status = Crypto_Check_Anti_Replay_GCM(sa_ptr, iv, &iv_valid); - if(status != CRYPTO_LIB_SUCCESS) + if(status == CRYPTO_LIB_SUCCESS) { - mc_if->mc_log(status); - return status; + status = Crypto_Check_Anti_Replay_GCM(sa_ptr, iv, &iv_valid); } + // Check for NULL pointers + // status = Crypto_Check_Anti_Replay_Verify_Pointers(sa_ptr, arsn, iv); + // if(status != CRYPTO_LIB_SUCCESS) + // { + // mc_if->mc_log(status); + // return status; + // } + + // // If sequence number field is greater than zero, check for replay + // status = Crypto_Check_Anti_Replay_ARSNW(sa_ptr, arsn, &arsn_valid); + // if(status != CRYPTO_LIB_SUCCESS) + // { + // mc_if->mc_log(status); + // return status; + // } + + // // If IV is greater than zero and using GCM, check for replay + // status = Crypto_Check_Anti_Replay_GCM(sa_ptr, iv, &iv_valid); + // if(status != CRYPTO_LIB_SUCCESS) + // { + // mc_if->mc_log(status); + // return status; + // } + // For GCM specifically, if have a valid IV... if ((sa_ptr->ecs == CRYPTO_CIPHER_AES256_GCM) && (iv_valid == CRYPTO_TRUE)) { @@ -960,6 +975,12 @@ int32_t Crypto_Check_Anti_Replay(SecurityAssociation_t* sa_ptr, uint8_t* arsn, u memcpy(sa_ptr->arsn, arsn, sa_ptr->arsn_len); } + if(status != CRYPTO_LIB_SUCCESS) + { + // Log error if it happened + mc_if->mc_log(status); + } + return status; } From bd84fd25a5c38aee8a06f75c796d1556ac47835b Mon Sep 17 00:00:00 2001 From: Robert Brown Date: Tue, 26 Mar 2024 20:07:29 +0000 Subject: [PATCH 029/174] [nasa/cryptolib#196] Fix Enum String Max to appropriate value --- src/core/crypto_error.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core/crypto_error.c b/src/core/crypto_error.c index fabb78dc..4ced95a9 100644 --- a/src/core/crypto_error.c +++ b/src/core/crypto_error.c @@ -196,7 +196,7 @@ char* Crypto_Get_Error_Code_Enum_String(int32_t crypto_error_code) } else if(crypto_error_code <= 0) // Cryptolib Core Error Codes { - return_string = Crypto_Get_Crypto_Error_Code_String(crypto_error_code, -45, crypto_enum_errlist_core[(crypto_error_code * (-1))]); + return_string = Crypto_Get_Crypto_Error_Code_String(crypto_error_code, -51, crypto_enum_errlist_core[(crypto_error_code * (-1))]); } return return_string; } \ No newline at end of file From 26729a4bce1b5f6bd34821d43a728e3607bfaf9a Mon Sep 17 00:00:00 2001 From: Robert Brown Date: Tue, 26 Mar 2024 20:15:57 +0000 Subject: [PATCH 030/174] [nasa/cryptolib#196] Remove Comments, update variable to lowercase --- src/core/crypto.c | 24 ------------------------ 1 file changed, 24 deletions(-) diff --git a/src/core/crypto.c b/src/core/crypto.c index 764e6c83..c175ca3d 100644 --- a/src/core/crypto.c +++ b/src/core/crypto.c @@ -929,30 +929,6 @@ int32_t Crypto_Check_Anti_Replay(SecurityAssociation_t* sa_ptr, uint8_t* arsn, u status = Crypto_Check_Anti_Replay_GCM(sa_ptr, iv, &iv_valid); } - // Check for NULL pointers - // status = Crypto_Check_Anti_Replay_Verify_Pointers(sa_ptr, arsn, iv); - // if(status != CRYPTO_LIB_SUCCESS) - // { - // mc_if->mc_log(status); - // return status; - // } - - // // If sequence number field is greater than zero, check for replay - // status = Crypto_Check_Anti_Replay_ARSNW(sa_ptr, arsn, &arsn_valid); - // if(status != CRYPTO_LIB_SUCCESS) - // { - // mc_if->mc_log(status); - // return status; - // } - - // // If IV is greater than zero and using GCM, check for replay - // status = Crypto_Check_Anti_Replay_GCM(sa_ptr, iv, &iv_valid); - // if(status != CRYPTO_LIB_SUCCESS) - // { - // mc_if->mc_log(status); - // return status; - // } - // For GCM specifically, if have a valid IV... if ((sa_ptr->ecs == CRYPTO_CIPHER_AES256_GCM) && (iv_valid == CRYPTO_TRUE)) { From 687addd4a5fafbbadad26f299c326450c820e1e8 Mon Sep 17 00:00:00 2001 From: Robert Brown Date: Tue, 26 Mar 2024 20:38:24 +0000 Subject: [PATCH 031/174] [nasa/cryptolib#196] Update Doxygen boilerplate, add prototypes to crypto.h from crypto.c --- include/crypto.h | 4 ++++ src/core/crypto.c | 60 ++++++++++++++++++++++++++++++++++++++--------- 2 files changed, 53 insertions(+), 11 deletions(-) diff --git a/include/crypto.h b/include/crypto.h index 242b4d4e..3c87f6ac 100644 --- a/include/crypto.h +++ b/include/crypto.h @@ -157,6 +157,10 @@ int32_t Crypto_Check_Anti_Replay(SecurityAssociation_t *sa_ptr, uint8_t *arsn, u int32_t Crypto_Get_ECS_Algo_Keylen(uint8_t algo); int32_t Crypto_Get_ACS_Algo_Keylen(uint8_t algo); +int32_t Crypto_Check_Anti_Replay_Verify_Pointers(SecurityAssociation_t* sa_ptr, uint8_t* arsn, uint8_t* iv); +int32_t Crypto_Check_Anti_Replay_ARSNW(SecurityAssociation_t* sa_ptr, uint8_t* arsn, int8_t* arsn_valid); +int32_t Crypto_Check_Anti_Replay_GCM(SecurityAssociation_t* sa_ptr, uint8_t* iv, int8_t* iv_valid); + // Key Management Functions int32_t Crypto_Key_OTAR(void); int32_t Crypto_Key_update(uint8_t state); diff --git a/src/core/crypto.c b/src/core/crypto.c index c175ca3d..9b863799 100644 --- a/src/core/crypto.c +++ b/src/core/crypto.c @@ -806,6 +806,14 @@ int32_t Crypto_Process_Extended_Procedure_Pdu(TC_t* tc_sdls_processed_frame, uin return status; } // End Process SDLS PDU + +/** + * @brief Function: Crypto_Check_Anti_Replay_Verify_Pointers + * Sanity Check, validates pointers, verifies non-null + * @param sa_ptr: SecurityAssociation_t* + * @param arsn: uint8_t* + * @param iv: uint8_t* + **/ int32_t Crypto_Check_Anti_Replay_Verify_Pointers(SecurityAssociation_t* sa_ptr, uint8_t* arsn, uint8_t* iv) { int32_t status = CRYPTO_LIB_SUCCESS; @@ -827,6 +835,13 @@ int32_t Crypto_Check_Anti_Replay_Verify_Pointers(SecurityAssociation_t* sa_ptr, return status; } +/** + * @brief Function: Crypto_Check_Anti_Replay_ARSNW + * Sanity Check, validates ARSN within window + * @param sa_ptr: SecurityAssociation_t* + * @param arsn: uint8_t* + * @param arsn_valid: uint8_t* + **/ int32_t Crypto_Check_Anti_Replay_ARSNW(SecurityAssociation_t* sa_ptr, uint8_t* arsn, int8_t* arsn_valid) { int32_t status = CRYPTO_LIB_SUCCESS; @@ -862,6 +877,13 @@ int32_t Crypto_Check_Anti_Replay_ARSNW(SecurityAssociation_t* sa_ptr, uint8_t* a return status; } +/** + * @brief Function: Crypto_Check_Anti_Replay_GCM + * Sanity Check, validates IV within window + * @param sa_ptr: SecurityAssociation_t* + * @param iv: uint8_t* + * @param iv_valid: uint8_t* + **/ int32_t Crypto_Check_Anti_Replay_GCM(SecurityAssociation_t* sa_ptr, uint8_t* iv, int8_t* iv_valid) { int32_t status = CRYPTO_LIB_SUCCESS; @@ -905,9 +927,13 @@ int32_t Crypto_Check_Anti_Replay_GCM(SecurityAssociation_t* sa_ptr, uint8_t* iv, return status; } -/* -** @brief: Check IVs and ARSNs to ensure within valid positive window if applicable -*/ +/** + * @brief Function: Crypto_Check_Anti_Replay + * Verifies data within window. + * @param sa_ptr: SecurityAssociation_t* + * @param arsn: uint8_t* + * @param iv: uint8_t* + **/ int32_t Crypto_Check_Anti_Replay(SecurityAssociation_t* sa_ptr, uint8_t* arsn, uint8_t* iv) { int32_t status = CRYPTO_LIB_SUCCESS; @@ -960,10 +986,11 @@ int32_t Crypto_Check_Anti_Replay(SecurityAssociation_t* sa_ptr, uint8_t* arsn, u return status; } -/* -** @brief: For a given algorithm, return the associated key length in bytes -** @param: algo -*/ +/** +* @brief: Function: Crypto_Get_ECS_Algo_Keylen +* For a given algorithm, return the associated key length in bytes +* @param algo: uint8_t +**/ int32_t Crypto_Get_ECS_Algo_Keylen(uint8_t algo) { int32_t retval = -1; @@ -986,10 +1013,11 @@ int32_t Crypto_Get_ECS_Algo_Keylen(uint8_t algo) return retval; } -/* -** @brief: For a given algorithm, return the associated key length in bytes -** @param: algo -*/ +/** +* @brief: Function: Crypto_Get_ACS_Algo_Keylen +* For a given algorithm, return the associated key length in bytes +* @param algo: uint8_t +**/ int32_t Crypto_Get_ACS_Algo_Keylen(uint8_t algo) { int32_t retval = -1; @@ -1012,6 +1040,11 @@ int32_t Crypto_Get_ACS_Algo_Keylen(uint8_t algo) return retval; } +/** +* @brief: Function: Crypto_Get_Security_Header_Length +* Return Security Header Length +* @param sa_ptr: SecurityAssociation_t* +**/ int32_t Crypto_Get_Security_Header_Length(SecurityAssociation_t* sa_ptr) { /* Narrator's Note: Leaving this here for future work @@ -1035,6 +1068,11 @@ int32_t Crypto_Get_Security_Header_Length(SecurityAssociation_t* sa_ptr) return securityHeaderLength; } +/** +* @brief: Function: Crypto_Get_Security_Trailer_Length +* Return Security Header Length +* @param sa_ptr: SecurityAssociation_t* +**/ int32_t Crypto_Get_Security_Trailer_Length(SecurityAssociation_t* sa_ptr) { if (!sa_ptr) From 620748e51a79aefe15fac53d7f96229bda83004d Mon Sep 17 00:00:00 2001 From: Robert Brown Date: Tue, 26 Mar 2024 21:12:42 +0000 Subject: [PATCH 032/174] [nasa/cryptolib#196] WIP: Update Doxygen boilerplate, add prototypes to crypto.h from crypto_tc.c --- include/crypto.h | 9 ++++++ src/core/crypto_tc.c | 69 +++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 77 insertions(+), 1 deletion(-) diff --git a/include/crypto.h b/include/crypto.h index 3c87f6ac..92472d9e 100644 --- a/include/crypto.h +++ b/include/crypto.h @@ -117,8 +117,17 @@ int32_t Crypto_TC_Get_Keys(crypto_key_t** ekp, crypto_key_t** akp, SecurityAssoc int32_t Crypto_TC_Check_IV_ARSN(SecurityAssociation_t* sa_ptr,TC_t* tc_sdls_processed_frame); uint32_t Crypto_TC_Sanity_Validations(TC_t* tc_sdls_processed_frame, SecurityAssociation_t** sa_ptr); void Crypto_TC_Get_Ciper_Mode_TCP(uint8_t sa_service_type, uint32_t* encryption_cipher, uint8_t* ecs_is_aead_algorithm, SecurityAssociation_t* sa_ptr); +int32_t Crypto_TC_Get_Ciper_Mode_TCA(uint8_t sa_service_type, uint32_t* encryption_cipher, uint8_t* ecs_is_aead_algorithm, SecurityAssociation_t* sa_ptr); void Crypto_TC_Calc_Lengths(uint8_t* fecf_len, uint8_t* segment_hdr_len); void Crypto_TC_Set_Segment_Header(TC_t* tc_sdls_processed_frame, uint8_t* ingest, int* byte_idx); +int32_t Crypto_TC_Check_CMD_Frame_Flag(uint8_t header_cc); +int32_t Crypto_TC_Validate_SA_Service_Type(uint8_t sa_service_type); +int32_t Crypto_TC_Handle_Enc_Padding(uint8_t sa_service_type, uint32_t* pkcs_padding, uint16_t* p_enc_frame_len, uint16_t* new_enc_frame_header_field_length, uint16_t tf_payload_len, SecurityAssociation_t* sa_ptr); +int32_t Crypto_TC_Frame_Validation(uint16_t* p_enc_frame_len); +int32_t Crypto_TC_Accio_Buffer(uint8_t** p_new_enc_frame, uint16_t* p_enc_frame_len); +int32_t Crypto_TC_ACS_Algo_Check(SecurityAssociation_t* sa_ptr); +int32_t Crypto_TC_Check_IV_Setup(SecurityAssociation_t* sa_ptr, uint8_t* p_new_enc_frame, uint16_t *index); + // Telemetry (TM) extern int32_t Crypto_TM_ApplySecurity(uint8_t* pTfBuffer); diff --git a/src/core/crypto_tc.c b/src/core/crypto_tc.c index b5aebcdf..d141bfc5 100644 --- a/src/core/crypto_tc.c +++ b/src/core/crypto_tc.c @@ -27,7 +27,13 @@ static int32_t crypto_tc_validate_sa(SecurityAssociation_t* sa); static int32_t crypto_handle_incrementing_nontransmitted_counter(uint8_t* dest, uint8_t* src, int src_full_len, int transmitted_len, int window); - +/** + * @brief Function: Crypto_TC_Get_SA_Service_Type + * Determines the SA service type + * @param sa_service_type: uint8* + * @param sa_ptr: SecurityAssociation_t* + * @return int32: ENUM - Service type + **/ int32_t Crypto_TC_Get_SA_Service_Type(uint8_t* sa_service_type, SecurityAssociation_t* sa_ptr) { int32_t status = CRYPTO_LIB_SUCCESS; @@ -60,6 +66,15 @@ int32_t Crypto_TC_Get_SA_Service_Type(uint8_t* sa_service_type, SecurityAssociat return status; } +/** + * @brief Function: Crypto_TC_Get_Ciper_Mode_TCA + * Validates Cipher Mode + * @param sa_service_type: uint8_t + * @param encryption_cipher: uint32_t* + * @param ecs_is_aead_algorithm: uint8_t* + * @param sa_ptr: SecurityAssociation_t* + * @return int32: Cipher Mode or Error Enum + **/ int32_t Crypto_TC_Get_Ciper_Mode_TCA(uint8_t sa_service_type, uint32_t* encryption_cipher, uint8_t* ecs_is_aead_algorithm, SecurityAssociation_t* sa_ptr) { int32_t status = CRYPTO_LIB_SUCCESS; @@ -89,6 +104,12 @@ int32_t Crypto_TC_Get_Ciper_Mode_TCA(uint8_t sa_service_type, uint32_t* encrypti return status; } +/** + * @brief Function: Crypto_TC_Check_CMD_Frame_Flag + * Validates the Command Frame Flag + * @param header_cc: uint8_t + * @return int32: Success/Failure + **/ int32_t Crypto_TC_Check_CMD_Frame_Flag(uint8_t header_cc) { int32_t status = CRYPTO_LIB_SUCCESS; @@ -109,6 +130,12 @@ int32_t Crypto_TC_Check_CMD_Frame_Flag(uint8_t header_cc) return status; } +/** + * @brief Function: Crypto_TC_Validate_SA_Service_Type + * Validates the SA service type + * @param sa_service_type: uint8_t + * @return int32: Success/Failure + **/ int32_t Crypto_TC_Validate_SA_Service_Type(uint8_t sa_service_type) { int32_t status = CRYPTO_LIB_SUCCESS; @@ -121,6 +148,17 @@ int32_t Crypto_TC_Validate_SA_Service_Type(uint8_t sa_service_type) return status; } +/** + * @brief Function: Crypto_TC_Handle_Enc_Padding + * Handles Padding as necessary, returns success/failure + * @param sa_service_type: uint8_t + * @param pkcs_padding: uint32_t* + * @param p_enc_frame_len: uint16_t* + * @param new_enc_frame_header_field_length: uint16_t* + * @param tf_payload_len: uint16_t + * @param sa_ptr: SecurityAssociation_t* + * @return int32: Success/Failure + **/ int32_t Crypto_TC_Handle_Enc_Padding(uint8_t sa_service_type, uint32_t* pkcs_padding, uint16_t* p_enc_frame_len, uint16_t* new_enc_frame_header_field_length, uint16_t tf_payload_len, SecurityAssociation_t* sa_ptr) { int32_t status = CRYPTO_LIB_SUCCESS; @@ -155,6 +193,12 @@ int32_t Crypto_TC_Handle_Enc_Padding(uint8_t sa_service_type, uint32_t* pkcs_pad return status; } +/** + * @brief Function: Crypto_TC_Frame_Validation + * Frame validation - sanity check + * @param p_enc_frame_len: uint16_t* + * @return int32: Success/Failure + **/ int32_t Crypto_TC_Frame_Validation(uint16_t* p_enc_frame_len) { int32_t status = CRYPTO_LIB_SUCCESS; @@ -180,6 +224,14 @@ int32_t Crypto_TC_Frame_Validation(uint16_t* p_enc_frame_len) return status; } +/** + * TODO: Should this be pre-allocated in the library? + * @brief Function: Crypto_TC_Accio_Buffer + * Buffer creation for KMC + * @param p_new_enc_frame: uint8_t** + * @param p_enc_frame_len: uint16_t* + * @return int32: Creates Buffer, Returns Success/Failure + **/ int32_t Crypto_TC_Accio_Buffer(uint8_t** p_new_enc_frame, uint16_t* p_enc_frame_len) { int32_t status = CRYPTO_LIB_SUCCESS; @@ -195,6 +247,12 @@ int32_t Crypto_TC_Accio_Buffer(uint8_t** p_new_enc_frame, uint16_t* p_enc_frame_ return status; } +/** + * @brief Function: Crypto_TC_ACS_Algo_Check + * Verifies ACS Algorithm - Sanity Check + * @param sa_ptr: SecurityAssociation_t* + * @return int32: Success/Failure + **/ int32_t Crypto_TC_ACS_Algo_Check(SecurityAssociation_t* sa_ptr) { int32_t status = CRYPTO_LIB_SUCCESS; @@ -213,6 +271,14 @@ int32_t Crypto_TC_ACS_Algo_Check(SecurityAssociation_t* sa_ptr) return status; } +/** + * @brief Function: Crypto_TC_Check_IV_Setup + * Verifies IV - Sanity Check + * @param sa_ptr: SecurityAssociation_t* + * @param p_new_enc_frame: uint8_t* + * @param index: uint16_t* + * @return int32: Success/Failure + **/ int32_t Crypto_TC_Check_IV_Setup(SecurityAssociation_t* sa_ptr, uint8_t* p_new_enc_frame, uint16_t *index) { int32_t status = CRYPTO_LIB_SUCCESS; @@ -250,6 +316,7 @@ int32_t Crypto_TC_Check_IV_Setup(SecurityAssociation_t* sa_ptr, uint8_t* p_new_e return status; } + int32_t Crypto_TC_Do_Encrypt_PLAINTEXT(uint8_t sa_service_type, SecurityAssociation_t* sa_ptr, uint16_t* mac_loc, uint16_t tf_payload_len, uint8_t segment_hdr_len, uint8_t* p_new_enc_frame, crypto_key_t* ekp, uint8_t** aad, uint8_t ecs_is_aead_algorithm, uint16_t *index_p, const uint8_t* p_in_frame, char* cam_cookies, uint32_t pkcs_padding) { int32_t status = CRYPTO_LIB_SUCCESS; From 56e99b94ed9eba44b812a0b1279b584641fe1c5a Mon Sep 17 00:00:00 2001 From: "Lucas, John P" Date: Wed, 27 Mar 2024 08:29:51 -0400 Subject: [PATCH 033/174] [nasa/nos3#202] Changed back to use Crypto_Init_TC_Unit_Test and fixed tab offset; --- support/standalone/standalone.c | 35 +++++++++++++++++---------------- 1 file changed, 18 insertions(+), 17 deletions(-) diff --git a/support/standalone/standalone.c b/support/standalone/standalone.c index e3b0f685..9d82b44b 100644 --- a/support/standalone/standalone.c +++ b/support/standalone/standalone.c @@ -141,23 +141,23 @@ int32_t crypto_standalone_process_command(int32_t cc, int32_t num_tokens, char* } break; - case CRYPTO_CMD_VCID: - if (crypto_standalone_check_number_arguments(num_tokens, 1) == CRYPTO_LIB_SUCCESS) + case CRYPTO_CMD_VCID: + if (crypto_standalone_check_number_arguments(num_tokens, 1) == CRYPTO_LIB_SUCCESS) + { + uint8_t vcid = (uint8_t) atoi(&tokens[0]); + /* Confirm new VCID valid */ + if (vcid < 64) { - uint8_t vcid = (uint8_t) atoi(&tokens[0]); - /* Confirm new VCID valid */ - if (vcid < 64) + SaInterface sa_if = get_sa_interface_inmemory(); + SecurityAssociation_t* test_association = NULL; + sa_if->sa_get_from_spi(vcid, &test_association); + + /* Handle special case for VCID */ + if(vcid == 1) { - SaInterface sa_if = get_sa_interface_inmemory(); - SecurityAssociation_t* test_association = NULL; - sa_if->sa_get_from_spi(vcid, &test_association); - - /* Handle special case for VCID */ - if(vcid == 1) - { - printf("Special case for VCID 1! \n"); - vcid = 0; - } + printf("Special case for VCID 1! \n"); + vcid = 0; + } if ((test_association->sa_state == SA_OPERATIONAL) && (test_association->gvcid_blk.mapid == TYPE_TC) && @@ -300,8 +300,9 @@ int32_t crypto_reset(void) printf("CryptoLib initialization failed with error %d \n", status); } - status = Crypto_Init_TM_Unit_Test(); - // TODO: CryptoLib appears to be looking at the second byte and not specficially the SCID bits + status = Crypto_Init_TC_Unit_Test(); + // TODO: Crypto_Init_TM_Unit_Test() appears to be looking at the second byte and not specifically the SCID bits + // TODO: How to initialize for both TC and TM? if (status != CRYPTO_LIB_SUCCESS) { printf("CryptoLib initialization failed with error %d \n", status); From 9e424b505ec29aac4328ffa0efe310e210a9ee3f Mon Sep 17 00:00:00 2001 From: Robert Brown Date: Wed, 27 Mar 2024 17:35:56 +0000 Subject: [PATCH 034/174] [nasa/cryptolib#196] Update Doxygen boilerplate, add prototypes to crypto.h from crypto_tc.c - Modify several single returns --- include/crypto.h | 11 ++ src/core/crypto_tc.c | 308 ++++++++++++++++++++++++++++++++++++------- 2 files changed, 271 insertions(+), 48 deletions(-) diff --git a/include/crypto.h b/include/crypto.h index 92472d9e..95c96ea3 100644 --- a/include/crypto.h +++ b/include/crypto.h @@ -127,6 +127,17 @@ int32_t Crypto_TC_Frame_Validation(uint16_t* p_enc_frame_len); int32_t Crypto_TC_Accio_Buffer(uint8_t** p_new_enc_frame, uint16_t* p_enc_frame_len); int32_t Crypto_TC_ACS_Algo_Check(SecurityAssociation_t* sa_ptr); int32_t Crypto_TC_Check_IV_Setup(SecurityAssociation_t* sa_ptr, uint8_t* p_new_enc_frame, uint16_t *index); +int32_t Crypto_TC_Do_Encrypt_PLAINTEXT(uint8_t sa_service_type, SecurityAssociation_t* sa_ptr, uint16_t* mac_loc, uint16_t tf_payload_len, uint8_t segment_hdr_len, uint8_t* p_new_enc_frame, crypto_key_t* ekp, uint8_t** aad, uint8_t ecs_is_aead_algorithm, uint16_t *index_p, const uint8_t* p_in_frame, char* cam_cookies, uint32_t pkcs_padding); +void Crypto_TC_Do_Encrypt_NONPLAINTEXT(uint8_t sa_service_type, SecurityAssociation_t* sa_ptr); +int32_t Crypto_TC_Do_Encrypt(uint8_t sa_service_type, SecurityAssociation_t* sa_ptr, uint16_t* mac_loc, uint16_t tf_payload_len, uint8_t segment_hdr_len, uint8_t* p_new_enc_frame, crypto_key_t* ekp, uint8_t** aad, uint8_t ecs_is_aead_algorithm, uint16_t *index_p, const uint8_t* p_in_frame, char* cam_cookies, uint32_t pkcs_padding, uint16_t new_enc_frame_header_field_length, uint16_t* new_fecf); +int32_t Crypto_TC_Check_Init_Setup(uint16_t in_frame_length); +int32_t Crypto_TC_Sanity_Setup(const uint8_t* p_in_frame, const uint16_t in_frame_length); +int32_t Crytpo_TC_Validate_TC_Temp_Header(const uint16_t in_frame_length, TC_FramePrimaryHeader_t temp_tc_header, const uint8_t* p_in_frame, uint8_t* map_id, uint8_t* segmentation_hdr, SecurityAssociation_t** sa_ptr); +int32_t Crypto_TC_Finalize_Frame_Setup(uint8_t sa_service_type, uint32_t* pkcs_padding, uint16_t* p_enc_frame_len, uint16_t* new_enc_frame_header_field_length, uint16_t tf_payload_len, SecurityAssociation_t** sa_ptr, uint8_t** p_new_enc_frame); +void Crypto_TC_Handle_Padding(uint32_t pkcs_padding, SecurityAssociation_t* sa_ptr, uint8_t* p_new_enc_frame, uint16_t* index); +int32_t Crypto_TC_Set_IV(SecurityAssociation_t* sa_ptr, uint8_t* p_new_enc_frame, uint16_t* index); + + // Telemetry (TM) diff --git a/src/core/crypto_tc.c b/src/core/crypto_tc.c index d141bfc5..66854bcc 100644 --- a/src/core/crypto_tc.c +++ b/src/core/crypto_tc.c @@ -317,6 +317,24 @@ int32_t Crypto_TC_Check_IV_Setup(SecurityAssociation_t* sa_ptr, uint8_t* p_new_e } +/** + * @brief Function: Crypto_TC_Do_Encrypt_PLAINTEXT + * Handles Plaintext TC Encryption + * @param sa_service_type: uint8_t + * @param sa_ptr: SecurityAssociation_t* + * @param mac_loc: uint16_t* + * @param tf_payload_len: uint16_t + * @param segment_hdr_len: uint8_t + * @param p_new_enc_frame: uint8_t* + * @param ekp: crypto_key_t* + * @param aad: uint8_t** + * @param ecs_is_aead_algorithm: uint8_t + * @param index_p: uint16_t* + * @param p_in_frame: const uint8_t* + * @param cam_cookies: char* + * @param pkcs_padding:uint32_t + * @return int32: Success/Failure + **/ int32_t Crypto_TC_Do_Encrypt_PLAINTEXT(uint8_t sa_service_type, SecurityAssociation_t* sa_ptr, uint16_t* mac_loc, uint16_t tf_payload_len, uint8_t segment_hdr_len, uint8_t* p_new_enc_frame, crypto_key_t* ekp, uint8_t** aad, uint8_t ecs_is_aead_algorithm, uint16_t *index_p, const uint8_t* p_in_frame, char* cam_cookies, uint32_t pkcs_padding) { int32_t status = CRYPTO_LIB_SUCCESS; @@ -475,6 +493,13 @@ int32_t Crypto_TC_Do_Encrypt_PLAINTEXT(uint8_t sa_service_type, SecurityAssociat return status; } +/** + * @brief Function: Crypto_TC_Do_Encrypt_NONPLAINTEXT + * Handles NON-Plaintext TC Encryption + * @param sa_service_type: uint8_t + * @param sa_ptr: SecurityAssociation_t* + * @return int32: Success/Failure + **/ void Crypto_TC_Do_Encrypt_NONPLAINTEXT(uint8_t sa_service_type, SecurityAssociation_t* sa_ptr) { if (sa_service_type != SA_PLAINTEXT) @@ -534,6 +559,26 @@ void Crypto_TC_Do_Encrypt_NONPLAINTEXT(uint8_t sa_service_type, SecurityAssociat } } +/** + * @brief Function: Crypto_TC_Do_Encrypt + * Starts TC Encryption - Handles Plaintext and NON Plaintext + * @param sa_service_type: uint8_t + * @param sa_ptr: SecurityAssociation_t* + * @param mac_loc: uint16_t* + * @param tf_payload_len: uint16_t + * @param segment_hdr_len: uint8_t + * @param p_new_enc_frame: uint8_t* + * @param ekp: crypto_key_t* + * @param aad: uint8_t** + * @param ecs_is_aead_algorithm: uint8_t + * @param index_p: uint16_t* + * @param p_in_frame: const uint8_t* + * @param cam_cookies: char* + * @param pkcs_padding:uint32_t + * @param new_enc_frame_header_field_length: uint16_t + * @param new_fecf: uint16_t* + * @return int32: Success/Failure + **/ int32_t Crypto_TC_Do_Encrypt(uint8_t sa_service_type, SecurityAssociation_t* sa_ptr, uint16_t* mac_loc, uint16_t tf_payload_len, uint8_t segment_hdr_len, uint8_t* p_new_enc_frame, crypto_key_t* ekp, uint8_t** aad, uint8_t ecs_is_aead_algorithm, uint16_t *index_p, const uint8_t* p_in_frame, char* cam_cookies, uint32_t pkcs_padding, uint16_t new_enc_frame_header_field_length, uint16_t* new_fecf) { int32_t status = CRYPTO_LIB_SUCCESS; @@ -576,6 +621,12 @@ int32_t Crypto_TC_Do_Encrypt(uint8_t sa_service_type, SecurityAssociation_t* sa_ return status; } +/** + * @brief Function: Crypto_TC_Check_Init_Setup + * TC Init Setup Sanity Check + * @param in_frame_length: uint16_t + * @return int32: Success/Failure + **/ int32_t Crypto_TC_Check_Init_Setup(uint16_t in_frame_length) { int32_t status = CRYPTO_LIB_SUCCESS; @@ -598,6 +649,13 @@ int32_t Crypto_TC_Check_Init_Setup(uint16_t in_frame_length) return status; } +/** + * @brief Function: Crypto_TC_Sanity_Setup + * TC Setup Sanity Check - Calls Init_Setup + * @param p_in_frame: const uint8_t* + * @param in_frame_length: const uint16_t + * @return int32: Success/Failure + **/ int32_t Crypto_TC_Sanity_Setup(const uint8_t* p_in_frame, const uint16_t in_frame_length) { uint32_t status = CRYPTO_LIB_SUCCESS; @@ -633,6 +691,17 @@ int32_t Crypto_TC_Sanity_Setup(const uint8_t* p_in_frame, const uint16_t in_fram return status; } +/** + * @brief Function: Crytpo_TC_Validate_TC_Temp_Header + * TC Temp Header Validation - Sanity Check + * @param in_frame_length: const uint16_t + * @param temp_tc_header: TC_FramePrimaryHeader_t + * @param p_in_frame: const uint8_t* + * @param map_id: uint8_t* + * @param segmentation_hdr: uint8_t* + * @param sa_ptr: SecurityAssociation_t** + * @return int32: Success/Failure + **/ int32_t Crytpo_TC_Validate_TC_Temp_Header(const uint16_t in_frame_length, TC_FramePrimaryHeader_t temp_tc_header, const uint8_t* p_in_frame, uint8_t* map_id, uint8_t* segmentation_hdr, SecurityAssociation_t** sa_ptr) { int32_t status = CRYPTO_LIB_SUCCESS; @@ -686,43 +755,56 @@ int32_t Crytpo_TC_Validate_TC_Temp_Header(const uint16_t in_frame_length, TC_Fra return status; } - + /** + * @brief Function: Crypto_TC_Finalize_Frame_Setup + * Handles validation and setup of TC Frame + * @param sa_service_type: uint8_t + * @param pkcs_padding: uint32_t* + * @param p_enc_frame_len: uint16_t* + * @param new_enc_frame_header_field_length: uint16_t* + * @param tf_payload_len: uint16_t + * @param sa_ptr: SecurityAssociation_t** + * @param p_new_enc_frame: uint8_t** + * @return int32: Success/Failure + **/ int32_t Crypto_TC_Finalize_Frame_Setup(uint8_t sa_service_type, uint32_t* pkcs_padding, uint16_t* p_enc_frame_len, uint16_t* new_enc_frame_header_field_length, uint16_t tf_payload_len, SecurityAssociation_t** sa_ptr, uint8_t** p_new_enc_frame) { uint32_t status = CRYPTO_LIB_SUCCESS; status = Crypto_TC_Handle_Enc_Padding(sa_service_type, pkcs_padding, p_enc_frame_len, new_enc_frame_header_field_length, tf_payload_len, *sa_ptr); - if(status != CRYPTO_LIB_SUCCESS) + if(status == CRYPTO_LIB_SUCCESS) { - mc_if->mc_log(status); - return status; + status = Crypto_TC_Validate_SA_Service_Type(sa_service_type); } - status = Crypto_TC_Validate_SA_Service_Type(sa_service_type); - if(status != CRYPTO_LIB_SUCCESS) + if(status == CRYPTO_LIB_SUCCESS) { - mc_if->mc_log(status); - return status; + // Ensure the frame to be created will not violate managed parameter maximum length + status = Crypto_TC_Frame_Validation(p_enc_frame_len); } - - // Ensure the frame to be created will not violate managed parameter maximum length - status = Crypto_TC_Frame_Validation(p_enc_frame_len); - if(status != CRYPTO_LIB_SUCCESS) + + if(status == CRYPTO_LIB_SUCCESS) { - mc_if->mc_log(status); - return status; + // Accio buffer + status = Crypto_TC_Accio_Buffer(p_new_enc_frame, p_enc_frame_len); } - - // Accio buffer - status = Crypto_TC_Accio_Buffer(p_new_enc_frame, p_enc_frame_len); + if(status != CRYPTO_LIB_SUCCESS) { mc_if->mc_log(status); - return status; } return status; } +/** + * @brief Function: Crypto_TC_Handle_Padding + * Handles Frame Padding if necessary: Depends on KMC vs Internal vs Algorithm etc + * @param pkcs_padding: uint32_t + * @param sa_ptr: SecurityAssociation_t* + * @param p_new_enc_frame: uint8_t* + * @param index: uint16_t* + * @return int32: Success/Failure + **/ void Crypto_TC_Handle_Padding(uint32_t pkcs_padding, SecurityAssociation_t* sa_ptr, uint8_t* p_new_enc_frame, uint16_t* index) { int i = 0; @@ -749,6 +831,14 @@ void Crypto_TC_Handle_Padding(uint32_t pkcs_padding, SecurityAssociation_t* sa_p } } +/** + * @brief Function: Crypto_TC_Set_IV + * Performs validation and setup of IV + * @param sa_ptr: SecurityAssociation_t* + * @param p_new_enc_frame: uint8_t* + * @param index: uint16_t* + * @return int32: Success/Failure + **/ int32_t Crypto_TC_Set_IV(SecurityAssociation_t* sa_ptr, uint8_t* p_new_enc_frame, uint16_t* index) { uint32_t status = CRYPTO_LIB_SUCCESS; @@ -771,17 +861,14 @@ int32_t Crypto_TC_Set_IV(SecurityAssociation_t* sa_ptr, uint8_t* p_new_enc_frame } #endif status = Crypto_TC_ACS_Algo_Check(sa_ptr); - if(status != CRYPTO_LIB_SUCCESS) + if(status == CRYPTO_LIB_SUCCESS) { - mc_if->mc_log(status); - return status; + status = Crypto_TC_Check_IV_Setup(sa_ptr, p_new_enc_frame, index); } - status = Crypto_TC_Check_IV_Setup(sa_ptr, p_new_enc_frame, index); if(status != CRYPTO_LIB_SUCCESS) { mc_if->mc_log(status); - return status; } return status; } @@ -1093,6 +1180,14 @@ int32_t Crypto_TC_ProcessSecurity(uint8_t* ingest, int* len_ingest, TC_t* tc_sdl return Crypto_TC_ProcessSecurity_Cam(ingest, len_ingest, tc_sdls_processed_frame, NULL); } +/** + * @brief Function: Crypto_TC_Parse_Check_FECF + * Parses and validates frame FECF + * @param ingest: uint8_t* + * @param len_ingest: int* + * @param tc_sdls_processed_frame: TC_t* + * @return int32: Success/Failure + **/ int32_t Crypto_TC_Parse_Check_FECF(uint8_t* ingest, int* len_ingest, TC_t* tc_sdls_processed_frame) { int32_t status = CRYPTO_LIB_SUCCESS; @@ -1116,13 +1211,19 @@ int32_t Crypto_TC_Parse_Check_FECF(uint8_t* ingest, int* len_ingest, TC_t* tc_sd #endif status = CRYPTO_LIB_ERR_INVALID_FECF; mc_if->mc_log(status); - return status; } } } return status; } +/** + * @brief Function: Crypto_TC_Nontransmitted_IV_Increment + * Handles increment of Nontransmitted portion of IV + * @param sa_ptr: SecurityAssociation_t* + * @param tc_sdls_processed_frame: TC_t* + * @return int32: Success/Failure + **/ int32_t Crypto_TC_Nontransmitted_IV_Increment(SecurityAssociation_t* sa_ptr, TC_t* tc_sdls_processed_frame) { int32_t status = CRYPTO_LIB_SUCCESS; @@ -1146,6 +1247,13 @@ int32_t Crypto_TC_Nontransmitted_IV_Increment(SecurityAssociation_t* sa_ptr, TC_ return status; } +/** + * @brief Function: Crypto_TC_Nontransmitted_SN_Increment + * Handles increment of Nontransmitted portion of SN + * @param sa_ptr: SecurityAssociation_t* + * @param tc_sdls_processed_frame: TC_t* + * @return int32: Success/Failure + **/ int32_t Crypto_TC_Nontransmitted_SN_Increment(SecurityAssociation_t* sa_ptr, TC_t* tc_sdls_processed_frame) { int32_t status = CRYPTO_LIB_SUCCESS; @@ -1156,7 +1264,6 @@ int32_t Crypto_TC_Nontransmitted_SN_Increment(SecurityAssociation_t* sa_ptr, TC_ if (status != CRYPTO_LIB_SUCCESS) { mc_if->mc_log(status); - return status; } } else // Not checking ARSN in ARSNW @@ -1167,6 +1274,13 @@ int32_t Crypto_TC_Nontransmitted_SN_Increment(SecurityAssociation_t* sa_ptr, TC_ return status; } +/** + * @brief Function: Crypto_TC_Check_ACS_Keylen + * Validates ACS Keylength + * @param akp: crypto_key_t* + * @param sa_ptr: SecurityAssociation_t* + * @return int32: Success/Failure + **/ int32_t Crypto_TC_Check_ACS_Keylen(crypto_key_t* akp, SecurityAssociation_t* sa_ptr) { int32_t status = CRYPTO_LIB_SUCCESS; @@ -1178,6 +1292,13 @@ int32_t Crypto_TC_Check_ACS_Keylen(crypto_key_t* akp, SecurityAssociation_t* sa_ return status; } +/** + * @brief Function: Crypto_TC_Check_ECS_Keylen + * Validates ECS Keylength + * @param ekp: crypto_key_t* + * @param sa_ptr: SecurityAssociation_t* + * @return int32: Success/Failure + **/ int32_t Crypto_TC_Check_ECS_Keylen(crypto_key_t* ekp, SecurityAssociation_t* sa_ptr) { int32_t status = CRYPTO_LIB_SUCCESS; @@ -1189,11 +1310,33 @@ int32_t Crypto_TC_Check_ECS_Keylen(crypto_key_t* ekp, SecurityAssociation_t* sa_ return status; } +/** + * @brief Function: Crypto_TC_Safe_Free_Ptr + * Pointer Safe Free + * @param ptr: uint8_t* + **/ void Crypto_TC_Safe_Free_Ptr(uint8_t* ptr) { if (!ptr) free(ptr); } +/** + * @brief Function: Crypto_TC_Do_Decrypt + * Handles Frame Decryption + * @param sa_service_type: uint8_t + * @param ecs_is_aead_algorithm: uint8_t + * @param ekp: crypto_key_t* + * @param sa_ptr: SecurityAssociation_t* + * @param aad: uint8_t* + * @param tc_sdls_processed_frame: TC_t* + * @param ingest: uint8_t* + * @param tc_enc_payload_start_index: uint16_t + * @param aad_len: uint16_t + * @param cam_cookies: char* + * @param akp: crypto_key_t* + * @param segment_hdr_len: uint8_t + * @return int32_t: Success/Failure + **/ int32_t Crypto_TC_Do_Decrypt(uint8_t sa_service_type, uint8_t ecs_is_aead_algorithm, crypto_key_t* ekp, SecurityAssociation_t* sa_ptr, uint8_t* aad, TC_t* tc_sdls_processed_frame, uint8_t* ingest, uint16_t tc_enc_payload_start_index, uint16_t aad_len, char* cam_cookies, crypto_key_t* akp, uint8_t segment_hdr_len) { int32_t status = CRYPTO_LIB_SUCCESS; @@ -1309,6 +1452,12 @@ int32_t Crypto_TC_Do_Decrypt(uint8_t sa_service_type, uint8_t ecs_is_aead_algori return status; } +/** + * @brief Function: Crypto_TC_Process_Sanity_Check + * Validates Input Frame Length + * @param len_ingest: int* + * @return int32_t: Success/Failure + **/ int32_t Crypto_TC_Process_Sanity_Check(int* len_ingest) { int32_t status = CRYPTO_LIB_SUCCESS; @@ -1322,17 +1471,29 @@ int32_t Crypto_TC_Process_Sanity_Check(int* len_ingest) printf(KRED "ERROR: CryptoLib Configuration Not Set! -- CRYPTO_LIB_ERR_NO_CONFIG, Will Exit\n" RESET); status = CRYPTO_LIB_ERR_NO_CONFIG; mc_if->mc_log(status); - return status; } - if (*len_ingest < 5) // Frame length doesn't even have enough bytes for header -- error out. + if ((*len_ingest < 5) && (status == CRYPTO_LIB_SUCCESS)) // Frame length doesn't even have enough bytes for header -- error out. { status = CRYPTO_LIB_ERR_INPUT_FRAME_TOO_SHORT_FOR_TC_STANDARD; mc_if->mc_log(status); - return status; } return status; } +/** + * @brief Function: Crypto_TC_Prep_AAD + * Validates and Prepares AAD as necessary + * @param tc_sdls_processed_frame: TC_t* + * @param fecf_len: uint8_t + * @param sa_service_type: uint8_t + * @param ecs_is_aead_algorithm: uint8_t + * @param aad_len: uint16_t* + * @param sa_ptr: SecurityAssociation_t* + * @param segment_hdr_len: uint8_t + * @param ingest: uint8_t* + * @param aad: uint8_t** + * @return int32_t: Success/Failure + **/ int32_t Crypto_TC_Prep_AAD(TC_t* tc_sdls_processed_frame, uint8_t fecf_len, uint8_t sa_service_type, uint8_t ecs_is_aead_algorithm, uint16_t* aad_len, SecurityAssociation_t* sa_ptr, uint8_t segment_hdr_len, uint8_t* ingest, uint8_t** aad) { int32_t status = CRYPTO_LIB_SUCCESS; @@ -1370,27 +1531,42 @@ int32_t Crypto_TC_Prep_AAD(TC_t* tc_sdls_processed_frame, uint8_t fecf_len, uin return status; } +/** + * @TODO: Possible Duplication + * @brief Function: Crypto_TC_Get_Keys + * Retreives EKP/AKP as necessary + * @param ekp: crypto_key_t** + * @param akp: crypto_key_t** + * @param sa_ptr: SecurityAssociation_t* + * @return int32_t: Success/Failure + **/ int32_t Crypto_TC_Get_Keys(crypto_key_t** ekp, crypto_key_t** akp, SecurityAssociation_t* sa_ptr) { int32_t status = CRYPTO_LIB_SUCCESS; *ekp = key_if->get_key(sa_ptr->ekid); + *akp = key_if->get_key(sa_ptr->akid); + if (ekp == NULL) { status = CRYPTO_LIB_ERR_KEY_ID_ERROR; mc_if->mc_log(status); - return status; } - - *akp = key_if->get_key(sa_ptr->akid); - if (akp == NULL) + + if ((akp == NULL) && (status == CRYPTO_LIB_SUCCESS)) { status = CRYPTO_LIB_ERR_KEY_ID_ERROR; mc_if->mc_log(status); - return status; } return status; } +/** + * @brief Function: Crypto_TC_Check_IV_ARSN + * Checks and validates Anti Replay + * @param sa_ptr: SecurityAssociation_t* + * @param tc_sdls_processed_frame: TC_t* + * @return int32_t: Success/Failure + **/ int32_t Crypto_TC_Check_IV_ARSN(SecurityAssociation_t* sa_ptr,TC_t* tc_sdls_processed_frame) { int32_t status = CRYPTO_LIB_SUCCESS; @@ -1402,16 +1578,16 @@ int32_t Crypto_TC_Check_IV_ARSN(SecurityAssociation_t* sa_ptr,TC_t* tc_sdls_proc if (status != CRYPTO_LIB_SUCCESS) { mc_if->mc_log(status); - return status; } - - // Only save the SA (IV/ARSN) if checking the anti-replay counter; Otherwise we don't update. - status = sa_if->sa_save_sa(sa_ptr); - if (status != CRYPTO_LIB_SUCCESS) + if(status == CRYPTO_LIB_SUCCESS) // else { - mc_if->mc_log(status); - return status; - } + // Only save the SA (IV/ARSN) if checking the anti-replay counter; Otherwise we don't update. + status = sa_if->sa_save_sa(sa_ptr); + if (status != CRYPTO_LIB_SUCCESS) + { + mc_if->mc_log(status); + } + } } else { @@ -1425,28 +1601,40 @@ int32_t Crypto_TC_Check_IV_ARSN(SecurityAssociation_t* sa_ptr,TC_t* tc_sdls_proc return status; } +/** + * @brief Function: Crypto_TC_Sanity_Validations + * Checks and validates SA as best as possible + * @param tc_sdls_processed_frame: TC_t* + * @param sa_ptr: SecurityAssociation_t* + * @return int32_t: Success/Failure + **/ uint32_t Crypto_TC_Sanity_Validations(TC_t* tc_sdls_processed_frame, SecurityAssociation_t** sa_ptr) { uint32_t status = CRYPTO_LIB_SUCCESS; status = sa_if->sa_get_from_spi(tc_sdls_processed_frame->tc_sec_header.spi, sa_ptr); // If no valid SPI, return - if (status != CRYPTO_LIB_SUCCESS) + if(status == CRYPTO_LIB_SUCCESS) { - mc_if->mc_log(status); - return status; + // Try to assure SA is sane + status = crypto_tc_validate_sa(*sa_ptr); } - // Try to assure SA is sane - status = crypto_tc_validate_sa(*sa_ptr); - if (status != CRYPTO_LIB_SUCCESS) + if(status != CRYPTO_LIB_SUCCESS) { mc_if->mc_log(status); - return status; } return status; } +/** + * @brief Function: Crypto_TC_Get_Ciper_Mode_TCP + * Retrieves TC Process cipher mode + * @param sa_service_type: uint8_t + * @param encryption_cipher: uint32_t* + * @param ecs_is_aead_algorithm: uint8_t* + * @param sa_ptr:SecurityAssociation_t* + **/ void Crypto_TC_Get_Ciper_Mode_TCP(uint8_t sa_service_type, uint32_t* encryption_cipher, uint8_t* ecs_is_aead_algorithm, SecurityAssociation_t* sa_ptr) { if (sa_service_type != SA_PLAINTEXT) @@ -1456,6 +1644,12 @@ void Crypto_TC_Get_Ciper_Mode_TCP(uint8_t sa_service_type, uint32_t* encryption_ } } + /** + * @brief Function: Crypto_TC_Calc_Lengths + * Sets fecf and segment header lengths as necessary + * @param fecf_len: uint8_t * + * @param segment_hdr_len: uint8_t* + **/ void Crypto_TC_Calc_Lengths(uint8_t* fecf_len, uint8_t* segment_hdr_len) { if (current_managed_parameters->has_fecf == TC_NO_FECF) @@ -1469,6 +1663,13 @@ void Crypto_TC_Calc_Lengths(uint8_t* fecf_len, uint8_t* segment_hdr_len) } } + /** + * @brief Function: Crypto_TC_Set_Segment_Header + * Sets up TC Segment Header as necessary + * @param tc_sdls_processed_frame: TC_t* + * @param ingest: uint8_t* + * @param byte_idx: int* + **/ void Crypto_TC_Set_Segment_Header(TC_t* tc_sdls_processed_frame, uint8_t* ingest, int* byte_idx) { int byte_idx_tmp = *byte_idx; @@ -1783,6 +1984,7 @@ uint8_t* Crypto_Prepare_TC_AAD(uint8_t* buffer, uint16_t len_aad, uint8_t* abm_b } /** + * TODO: Single Return * @brief Function: crypto_tc_validate_sa * Helper function to assist with ensuring sane SA configurations * @param sa: SecurityAssociation_t* @@ -1814,6 +2016,16 @@ static int32_t crypto_tc_validate_sa(SecurityAssociation_t* sa) return CRYPTO_LIB_SUCCESS; } +/** + * @brief Function: crypto_handle_incrementing_nontransmitted_counter + * Handles incrementing of nontransmitted counter + * @param dest: uint8_t* + * @param src: uint8_t* + * @param src_full_len: int + * @param transmitted_len: int + * @param window: int + * @return int32: Success/Failure +**/ static int32_t crypto_handle_incrementing_nontransmitted_counter(uint8_t* dest, uint8_t* src, int src_full_len, int transmitted_len, int window) { int32_t status = CRYPTO_LIB_SUCCESS; From 0dd2483760b276b798ed927c541cc42cf8238606 Mon Sep 17 00:00:00 2001 From: dccutrig <91623137+dccutrig@users.noreply.github.com> Date: Thu, 28 Mar 2024 10:19:25 -0400 Subject: [PATCH 035/174] Minor copy/paste updates in crypto.c --- src/core/crypto.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/core/crypto.c b/src/core/crypto.c index 9b863799..c9633d6e 100644 --- a/src/core/crypto.c +++ b/src/core/crypto.c @@ -1070,7 +1070,7 @@ int32_t Crypto_Get_Security_Header_Length(SecurityAssociation_t* sa_ptr) /** * @brief: Function: Crypto_Get_Security_Trailer_Length -* Return Security Header Length +* Return Security Trailer Length * @param sa_ptr: SecurityAssociation_t* **/ int32_t Crypto_Get_Security_Trailer_Length(SecurityAssociation_t* sa_ptr) @@ -1078,7 +1078,7 @@ int32_t Crypto_Get_Security_Trailer_Length(SecurityAssociation_t* sa_ptr) if (!sa_ptr) { #ifdef DEBUG - printf(KRED "Get_Trailer_Header_Length passed Null SA!\n" RESET); + printf(KRED "Get_Trailer_Trailer_Length passed Null SA!\n" RESET); #endif return CRYPTO_LIB_ERR_NULL_SA; } @@ -1088,4 +1088,4 @@ int32_t Crypto_Get_Security_Trailer_Length(SecurityAssociation_t* sa_ptr) return securityTrailerLength; -} \ No newline at end of file +} From a344ffdd75c3275c756688da38fa73e303d1e518 Mon Sep 17 00:00:00 2001 From: "Lucas, John P" Date: Thu, 28 Mar 2024 10:52:10 -0400 Subject: [PATCH 036/174] [nasa/nos3#202] Rename to be SC_Init; --- include/crypto.h | 2 +- src/core/crypto_config.c | 17 ++++++++++++++--- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/include/crypto.h b/include/crypto.h index a153b774..b70ccb97 100644 --- a/include/crypto.h +++ b/include/crypto.h @@ -87,7 +87,7 @@ extern int32_t Crypto_Init_With_Configs( CryptoConfig_t* crypto_config_p, GvcidManagedParameters_t* gvcid_managed_parameters_p, SadbMariaDBConfig_t* sa_mariadb_config_p, CryptographyKmcCryptoServiceConfig_t* cryptography_kmc_crypto_config_p); // Initialize CryptoLib With Application Defined Configuration -extern int32_t Crypto_TC_Init(void); +extern int32_t Crypto_SC_Init(void); // Initialize CryptoLib with Spacecraft default Configurations extern int32_t Crypto_Init_TC_Unit_Test(void); // Initialize CryptoLib with unit test default Configurations extern int32_t Crypto_Init_TM_Unit_Test(void); // Initialize CryptoLib with unit test default Configurations extern int32_t Crypto_Init_AOS_Unit_Test(void); // Initialize CryptoLib with unit test default Configurations diff --git a/src/core/crypto_config.c b/src/core/crypto_config.c index 03b0b5ef..a283a3e8 100644 --- a/src/core/crypto_config.c +++ b/src/core/crypto_config.c @@ -51,10 +51,22 @@ int32_t crypto_free_config_structs(void); * @brief Function: Crypto_Init_TC_Unit_Test * @return int32: status **/ -int32_t Crypto_TC_Init(void) +int32_t Crypto_SC_Init(void) { int32_t status = CRYPTO_LIB_SUCCESS; - status = Crypto_Init_TC_Unit_Test(); + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, + TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, + TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, + SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + // TC + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 4, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + + // TM + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + status = Crypto_Init(); return status; } @@ -75,7 +87,6 @@ int32_t Crypto_Init_TC_Unit_Test(void) Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 4, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); - printf("Crypto_Init TC Called.\n"); return status; } From c5a4e46fc12d0757952ad7e15ce2d35c62939814 Mon Sep 17 00:00:00 2001 From: Robert Brown Date: Mon, 1 Apr 2024 19:52:17 +0000 Subject: [PATCH 037/174] [nasa/cryptolib#230] WIP: Refactoring of TM Apply --- src/core/crypto_tm.c | 580 +++++++++++++++++++++++-------------------- 1 file changed, 313 insertions(+), 267 deletions(-) diff --git a/src/core/crypto_tm.c b/src/core/crypto_tm.c index 7719f861..799cb25b 100644 --- a/src/core/crypto_tm.c +++ b/src/core/crypto_tm.c @@ -193,20 +193,325 @@ int32_t Crypto_TM_Get_Keys(crypto_key_t** ekp, crypto_key_t** akp, SecurityAssoc { status = CRYPTO_LIB_ERR_KEY_ID_ERROR; mc_if->mc_log(status); - return status; } - *akp = key_if->get_key(sa_ptr->akid); - if (akp == NULL) + if (akp == NULL && status == CRYPTO_LIB_SUCCESS) { status = CRYPTO_LIB_ERR_KEY_ID_ERROR; mc_if->mc_log(status); - return status; } return status; } +int32_t Crypto_TM_Do_Encrypt_NONPLAINTEXT(uint8_t sa_service_type, uint16_t* aad_len, int* mac_loc, uint16_t* idx_p, uint16_t pdu_len, uint8_t* pTfBuffer, uint8_t* aad, SecurityAssociation_t* sa_ptr) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + int16_t idx = *idx_p; + + if (sa_service_type != SA_PLAINTEXT) + { + *aad_len = 0; + + if (sa_service_type == SA_AUTHENTICATED_ENCRYPTION || sa_service_type == SA_AUTHENTICATION) + { + *mac_loc = idx + pdu_len; +#ifdef MAC_DEBUG + printf(KYEL "MAC location is: %d\n" RESET, *mac_loc); + printf(KYEL "MAC size is: %d\n" RESET, sa_ptr->stmacf_len); +#endif + + // Prepare the Header AAD (CCSDS 335.0-B-2 4.2.3.4) + *aad_len = idx; // At the very least AAD includes the header + if (sa_service_type == SA_AUTHENTICATION) // auth only, we authenticate the payload as part of the AEAD encrypt call here + { + *aad_len += pdu_len; + } +#ifdef TM_DEBUG + printf("Calculated AAD Length: %d\n",*aad_len); +#endif + if (sa_ptr->abm_len < *aad_len) + { + status = CRYPTO_LIB_ERR_ABM_TOO_SHORT_FOR_AAD; + printf(KRED "Error: abm_len of %d < *aad_len of %d\n" RESET, sa_ptr->abm_len, *aad_len); + mc_if->mc_log(status); + } + if (status == CRYPTO_LIB_SUCCESS) + { + status = Crypto_Prepare_TM_AAD(pTfBuffer, *aad_len, sa_ptr->abm, aad); + } + } + } + + *idx_p = idx; + return status; +} + +int32_t Crypto_TM_Do_Encrypt_NONPLAINTEXT_AEAD_Logic(uint8_t sa_service_type, uint8_t ecs_is_aead_algorithm, uint8_t* pTfBuffer, uint16_t pdu_len, uint16_t data_loc, crypto_key_t* ekp, crypto_key_t* akp, uint32_t pkcs_padding, int* mac_loc, uint16_t* aad_len, uint8_t* aad, SecurityAssociation_t* sa_ptr) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + + if(sa_service_type != SA_PLAINTEXT && ecs_is_aead_algorithm == CRYPTO_TRUE) + { + if(sa_service_type == SA_ENCRYPTION) + { + status = cryptography_if->cryptography_encrypt(//Stub out data in/out as this is done in place and want to save cycles + (uint8_t*)(&pTfBuffer[data_loc]), // ciphertext output + (size_t) pdu_len, // length of data + (uint8_t*)(&pTfBuffer[data_loc]), // plaintext input + (size_t) pdu_len, // in data length - from start of frame to end of data + &(ekp->value[0]), // Key + Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs), + sa_ptr, // SA (for key reference) + sa_ptr->iv, // IV + sa_ptr->iv_len, // IV Length + &sa_ptr->ecs, // encryption cipher + pkcs_padding, // authentication cipher + NULL); + } + if(sa_service_type == SA_AUTHENTICATED_ENCRYPTION) + { + status = cryptography_if->cryptography_aead_encrypt((uint8_t*)(&pTfBuffer[data_loc]), // ciphertext output + (size_t) pdu_len, // length of data + (uint8_t*)(&pTfBuffer[data_loc]), // plaintext input + (size_t) pdu_len, // in data length + &(ekp->value[0]), // Key + Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs), // Length of key derived from sa_ptr key_ref + sa_ptr, // SA (for key reference) + sa_ptr->iv, // IV + sa_ptr->iv_len, // IV Length + &pTfBuffer[*mac_loc], // tag output + sa_ptr->stmacf_len, // tag size + aad, // AAD Input + *aad_len, // Length of AAD + (sa_ptr->est==1), + (sa_ptr->ast==1), + (sa_ptr->ast==1), + &sa_ptr->ecs, // encryption cipher + &sa_ptr->acs, // authentication cipher + NULL); + } + } + + else if (sa_service_type != SA_PLAINTEXT && ecs_is_aead_algorithm == CRYPTO_FALSE) // Non aead algorithm + { + // TODO - implement non-AEAD algorithm logic + if(sa_service_type == SA_AUTHENTICATION) + { + status = cryptography_if->cryptography_authenticate(//Stub out data in/out as this is done in place and want to save cycles + (uint8_t*)(&pTfBuffer[0]), // ciphertext output + (size_t) 0, // length of data + (uint8_t*)(&pTfBuffer[0]), // plaintext input + (size_t)0, // in data length - from start of frame to end of data + &(akp->value[0]), // Key + Crypto_Get_ACS_Algo_Keylen(sa_ptr->acs), + sa_ptr, // SA (for key reference) + sa_ptr->iv, // IV + sa_ptr->iv_len, // IV Length + &pTfBuffer[*mac_loc], // tag output + sa_ptr->stmacf_len, // tag size + aad, // AAD Input + *aad_len, // Length of AAD + sa_ptr->ecs, // encryption cipher + sa_ptr->acs, // authentication cipher + NULL); + } + else if(sa_service_type == SA_ENCRYPTION || sa_service_type == SA_AUTHENTICATED_ENCRYPTION) + { + if (sa_service_type == SA_ENCRYPTION) + { + status = cryptography_if->cryptography_encrypt(//Stub out data in/out as this is done in place and want to save cycles + (uint8_t*)(&pTfBuffer[data_loc]), // ciphertext output + (size_t) pdu_len, // length of data + (uint8_t*)(&pTfBuffer[data_loc]), // plaintext input + (size_t) pdu_len, // in data length - from start of frame to end of data + &(ekp->value[0]), // Key + Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs), + sa_ptr, // SA (for key reference) + sa_ptr->iv, // IV + sa_ptr->iv_len, // IV Length + &sa_ptr->ecs, // encryption cipher + pkcs_padding, // authentication cipher + NULL); + } + } + else if(sa_service_type == SA_PLAINTEXT) + { + // Do nothing, SDLS fields were already copied into static frame in memory + } + else{ +#ifdef TM_DEBUG + printf(KRED "Service type reported as: %d\n" RESET, sa_service_type); + printf(KRED "ECS IS AEAD Value: %d\n" RESET, ecs_is_aead_algorithm); +#endif + status = CRYPTO_LIB_ERR_UNSUPPORTED_MODE; + } + } + return status; +} + +int32_t Crypto_TM_Do_Encrypt_Handle_Increment(uint8_t sa_service_type, SecurityAssociation_t* sa_ptr) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + if (sa_service_type != SA_PLAINTEXT) + { +#ifdef INCREMENT + if (crypto_config.crypto_increment_nontransmitted_iv == SA_INCREMENT_NONTRANSMITTED_IV_TRUE) + { + if (sa_ptr->shivf_len > 0 && sa_ptr->iv_len != 0) + { + status = Crypto_increment(sa_ptr->iv, sa_ptr->iv_len); + } + } + else // SA_INCREMENT_NONTRANSMITTED_IV_FALSE + { + // Only increment the transmitted portion + if (sa_ptr->shivf_len > 0 && sa_ptr->iv_len != 0) + { + status = Crypto_increment(sa_ptr->iv + (sa_ptr->iv_len - sa_ptr->shivf_len), sa_ptr->shivf_len); + } + } + if (sa_ptr->shsnf_len > 0 && status == CRYPTO_LIB_SUCCESS) + { + status = Crypto_increment(sa_ptr->arsn, sa_ptr->arsn_len); + } + +#ifdef SA_DEBUG + if (sa_ptr->iv_len > 0) + { + printf(KYEL "Next IV value is:\n\t"); + for (int i = 0; i < sa_ptr->iv_len; i++) + { + printf("%02x", *(sa_ptr->iv + i)); + } + printf("\n" RESET); + printf(KYEL "Next transmitted IV value is:\n\t"); + for (int i = sa_ptr->iv_len - sa_ptr->shivf_len; i < sa_ptr->iv_len; i++) + { + printf("%02x", *(sa_ptr->iv + i)); + } + printf("\n" RESET); + } + printf(KYEL "Next ARSN value is:\n\t"); + for (int i = 0; i < sa_ptr->arsn_len; i++) + { + printf("%02x", *(sa_ptr->arsn + i)); + } + printf("\n" RESET); + printf(KYEL "Next transmitted ARSN value is:\n\t"); + for (int i = sa_ptr->arsn_len - sa_ptr->shsnf_len; i < sa_ptr->arsn_len; i++) + { + printf("%02x", *(sa_ptr->arsn + i)); + } + printf("\n" RESET); +#endif +#endif + } + return status; +} + +int32_t Crypto_TM_Do_Encrypt(uint8_t sa_service_type, SecurityAssociation_t* sa_ptr, uint16_t* aad_len, int* mac_loc, uint16_t* idx_p, uint16_t pdu_len, uint8_t* pTfBuffer, uint8_t* aad, uint8_t ecs_is_aead_algorithm, uint16_t data_loc, crypto_key_t* ekp, crypto_key_t* akp, uint32_t pkcs_padding, uint16_t* new_fecf) +{ +/** + * Begin Authentication / Encryption + **/ + uint16_t idx = *idx_p; + int32_t status = CRYPTO_LIB_SUCCESS; + status = Crypto_TM_Do_Encrypt_NONPLAINTEXT(sa_service_type, aad_len, mac_loc, idx_p, pdu_len, pTfBuffer, aad, sa_ptr); + +// AEAD Algorithm Logic + if (status == CRYPTO_LIB_SUCCESS) + { + status = Crypto_TM_Do_Encrypt_NONPLAINTEXT_AEAD_Logic(sa_service_type, ecs_is_aead_algorithm, pTfBuffer, pdu_len, data_loc, ekp, akp, pkcs_padding, mac_loc, aad_len, aad, sa_ptr); + } + + + if (status != CRYPTO_LIB_SUCCESS) + { + status = Crypto_TM_Do_Encrypt_Handle_Increment(sa_service_type, sa_ptr); + } + + + // Move idx to mac location + idx += pdu_len; +#ifdef TM_DEBUG + if (sa_ptr->stmacf_len > 0) + { + printf(KYEL "Data length is %d\n" RESET, pdu_len); + printf(KYEL "MAC location starts at: %d\n" RESET, idx); + printf(KYEL "MAC length of %d\n" RESET, sa_ptr->stmacf_len); + } + else + { + printf(KYEL "MAC NOT SET TO BE USED IN SA - LENGTH IS 0\n"); + } +#endif + +//TODO OCF - ? Here, elsewhere? + + /** + * End Authentication / Encryption + **/ + + // Only calculate & insert FECF if CryptoLib is configured to do so & gvcid includes FECF. + if (current_managed_parameters->has_fecf == TM_HAS_FECF) + { +#ifdef FECF_DEBUG + printf(KCYN "Calcing FECF over %d bytes\n" RESET, current_managed_parameters->max_frame_size - 2); +#endif + if (crypto_config.crypto_create_fecf == CRYPTO_TM_CREATE_FECF_TRUE) + { + *new_fecf = Crypto_Calc_FECF((uint8_t*)pTfBuffer, current_managed_parameters->max_frame_size - 2); + pTfBuffer[current_managed_parameters->max_frame_size - 2] = (uint8_t)((*new_fecf & 0xFF00) >> 8); + pTfBuffer[current_managed_parameters->max_frame_size - 1] = (uint8_t)(*new_fecf & 0x00FF); + } + else // CRYPTO_TC_CREATE_FECF_FALSE + { + pTfBuffer[current_managed_parameters->max_frame_size - 2] = (uint8_t)0x00; + pTfBuffer[current_managed_parameters->max_frame_size - 1] = (uint8_t)0x00; + } + idx += 2; + } + +#ifdef TM_DEBUG + printf(KYEL "Printing new TM frame:\n\t"); + for(int i = 0; i < current_managed_parameters->max_frame_size; i++) + { + printf("%02X", pTfBuffer[i]); + } + printf("\n"); +#endif + + status = sa_if->sa_save_sa(sa_ptr); + +#ifdef DEBUG + printf(KYEL "----- Crypto_TM_ApplySecurity END -----\n" RESET); +#endif + + *idx_p = idx; + + return status; +} + +void Crypto_TM_ApplySecurity_Debug_Print(uint16_t idx, uint16_t pdu_len, SecurityAssociation_t* sa_ptr) +{ + #ifdef TM_DEBUG + printf(KYEL "Data location starts at: %d\n" RESET, idx); + printf(KYEL "Data size is: %d\n" RESET, pdu_len); + printf(KYEL "Index at end of SPI is: %d\n", idx); + if(current_managed_parameters->has_ocf == TM_HAS_OCF) + { + // If OCF exists, comes immediately after MAC + printf(KYEL "OCF Location is: %d" RESET, idx + pdu_len + sa_ptr->stmacf_len); + } + if(current_managed_parameters->has_fecf == TM_HAS_FECF) + { + // If FECF exists, comes just before end of the frame + printf(KYEL "FECF Location is: %d\n" RESET, current_managed_parameters->max_frame_size - 2); + } +#endif +} + /** * @brief Function: Crypto_TM_ApplySecurity * @param ingest: uint8_t* @@ -416,22 +721,7 @@ int32_t Crypto_TM_ApplySecurity(uint8_t* pTfBuffer) pdu_len = current_managed_parameters->max_frame_size - idx - sa_ptr->stmacf_len; // Check other managed parameter flags, subtract their lengths from data field if present Crypto_TM_Handle_Managed_Parameter_Flags(&pdu_len); - -#ifdef TM_DEBUG - printf(KYEL "Data location starts at: %d\n" RESET, idx); - printf(KYEL "Data size is: %d\n" RESET, pdu_len); - printf(KYEL "Index at end of SPI is: %d\n", idx); - if(current_managed_parameters->has_ocf == TM_HAS_OCF) - { - // If OCF exists, comes immediately after MAC - printf(KYEL "OCF Location is: %d" RESET, idx + pdu_len + sa_ptr->stmacf_len); - } - if(current_managed_parameters->has_fecf == TM_HAS_FECF) - { - // If FECF exists, comes just before end of the frame - printf(KYEL "FECF Location is: %d\n" RESET, current_managed_parameters->max_frame_size - 2); - } -#endif + Crypto_TM_ApplySecurity_Debug_Print(idx, pdu_len, sa_ptr); // Get Key crypto_key_t* ekp = NULL; @@ -442,255 +732,11 @@ int32_t Crypto_TM_ApplySecurity(uint8_t* pTfBuffer) return status; } - /** - * Begin Authentication / Encryption - **/ - - if (sa_service_type != SA_PLAINTEXT) - { - aad_len = 0; - - if (sa_service_type == SA_AUTHENTICATED_ENCRYPTION || sa_service_type == SA_AUTHENTICATION) - { - mac_loc = idx+pdu_len; -#ifdef MAC_DEBUG - printf(KYEL "MAC location is: %d\n" RESET, mac_loc); - printf(KYEL "MAC size is: %d\n" RESET, sa_ptr->stmacf_len); -#endif - - // Prepare the Header AAD (CCSDS 335.0-B-2 4.2.3.4) - aad_len = idx; // At the very least AAD includes the header - if (sa_service_type == SA_AUTHENTICATION) // auth only, we authenticate the payload as part of the AEAD encrypt call here - { - aad_len += pdu_len; - } -#ifdef TM_DEBUG - printf("Calculated AAD Length: %d\n",aad_len); -#endif - if (sa_ptr->abm_len < aad_len) - { - status = CRYPTO_LIB_ERR_ABM_TOO_SHORT_FOR_AAD; - printf(KRED "Error: abm_len of %d < aad_len of %d\n" RESET, sa_ptr->abm_len, aad_len); - mc_if->mc_log(status); - return status; - } - status = Crypto_Prepare_TM_AAD(&pTfBuffer[0], aad_len, sa_ptr->abm, &aad[0]); - } - } - - // AEAD Algorithm Logic - if(sa_service_type != SA_PLAINTEXT && ecs_is_aead_algorithm == CRYPTO_TRUE) - { - if(sa_service_type == SA_ENCRYPTION) - { - status = cryptography_if->cryptography_encrypt(//Stub out data in/out as this is done in place and want to save cycles - (uint8_t*)(&pTfBuffer[data_loc]), // ciphertext output - (size_t) pdu_len, // length of data - (uint8_t*)(&pTfBuffer[data_loc]), // plaintext input - (size_t) pdu_len, // in data length - from start of frame to end of data - &(ekp->value[0]), // Key - Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs), - sa_ptr, // SA (for key reference) - sa_ptr->iv, // IV - sa_ptr->iv_len, // IV Length - &sa_ptr->ecs, // encryption cipher - pkcs_padding, // authentication cipher - NULL); - } - if(sa_service_type == SA_AUTHENTICATED_ENCRYPTION) - { - status = cryptography_if->cryptography_aead_encrypt((uint8_t*)(&pTfBuffer[data_loc]), // ciphertext output - (size_t) pdu_len, // length of data - (uint8_t*)(&pTfBuffer[data_loc]), // plaintext input - (size_t) pdu_len, // in data length - &(ekp->value[0]), // Key - Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs), // Length of key derived from sa_ptr key_ref - sa_ptr, // SA (for key reference) - sa_ptr->iv, // IV - sa_ptr->iv_len, // IV Length - &pTfBuffer[mac_loc], // tag output - sa_ptr->stmacf_len, // tag size - aad, // AAD Input - aad_len, // Length of AAD - (sa_ptr->est==1), - (sa_ptr->ast==1), - (sa_ptr->ast==1), - &sa_ptr->ecs, // encryption cipher - &sa_ptr->acs, // authentication cipher - NULL); - } - } - - else if (sa_service_type != SA_PLAINTEXT && ecs_is_aead_algorithm == CRYPTO_FALSE) // Non aead algorithm - { - // TODO - implement non-AEAD algorithm logic - if(sa_service_type == SA_AUTHENTICATION) - { - status = cryptography_if->cryptography_authenticate(//Stub out data in/out as this is done in place and want to save cycles - (uint8_t*)(&pTfBuffer[0]), // ciphertext output - (size_t) 0, // length of data - (uint8_t*)(&pTfBuffer[0]), // plaintext input - (size_t)0, // in data length - from start of frame to end of data - &(akp->value[0]), // Key - Crypto_Get_ACS_Algo_Keylen(sa_ptr->acs), - sa_ptr, // SA (for key reference) - sa_ptr->iv, // IV - sa_ptr->iv_len, // IV Length - &pTfBuffer[mac_loc], // tag output - sa_ptr->stmacf_len, // tag size - aad, // AAD Input - aad_len, // Length of AAD - sa_ptr->ecs, // encryption cipher - sa_ptr->acs, // authentication cipher - NULL); - } - else if(sa_service_type == SA_ENCRYPTION || sa_service_type == SA_AUTHENTICATED_ENCRYPTION) - { - if (sa_service_type == SA_ENCRYPTION) - { - status = cryptography_if->cryptography_encrypt(//Stub out data in/out as this is done in place and want to save cycles - (uint8_t*)(&pTfBuffer[data_loc]), // ciphertext output - (size_t) pdu_len, // length of data - (uint8_t*)(&pTfBuffer[data_loc]), // plaintext input - (size_t) pdu_len, // in data length - from start of frame to end of data - &(ekp->value[0]), // Key - Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs), - sa_ptr, // SA (for key reference) - sa_ptr->iv, // IV - sa_ptr->iv_len, // IV Length - &sa_ptr->ecs, // encryption cipher - pkcs_padding, // authentication cipher - NULL); - } - } - else if(sa_service_type == SA_PLAINTEXT) - { - // Do nothing, SDLS fields were already copied into static frame in memory - } - else{ -#ifdef TM_DEBUG - printf(KRED "Service type reported as: %d\n" RESET, sa_service_type); - printf(KRED "ECS IS AEAD Value: %d\n" RESET, ecs_is_aead_algorithm); -#endif - status = CRYPTO_LIB_ERR_UNSUPPORTED_MODE; - } - } - - if (status != CRYPTO_LIB_SUCCESS) - { - return status; // Cryptography IF call failed, return. - } - - if (sa_service_type != SA_PLAINTEXT) - { -#ifdef INCREMENT - if (crypto_config.crypto_increment_nontransmitted_iv == SA_INCREMENT_NONTRANSMITTED_IV_TRUE) - { - if (sa_ptr->shivf_len > 0 && sa_ptr->iv_len != 0) - { - Crypto_increment(sa_ptr->iv, sa_ptr->iv_len); - } - } - else // SA_INCREMENT_NONTRANSMITTED_IV_FALSE - { - // Only increment the transmitted portion - if (sa_ptr->shivf_len > 0 && sa_ptr->iv_len != 0) - { - Crypto_increment(sa_ptr->iv + (sa_ptr->iv_len - sa_ptr->shivf_len), sa_ptr->shivf_len); - } - } - if (sa_ptr->shsnf_len > 0) - { - Crypto_increment(sa_ptr->arsn, sa_ptr->arsn_len); - } - -#ifdef SA_DEBUG - if (sa_ptr->iv_len > 0) - { - printf(KYEL "Next IV value is:\n\t"); - for (i = 0; i < sa_ptr->iv_len; i++) - { - printf("%02x", *(sa_ptr->iv + i)); - } - printf("\n" RESET); - printf(KYEL "Next transmitted IV value is:\n\t"); - for (i = sa_ptr->iv_len - sa_ptr->shivf_len; i < sa_ptr->iv_len; i++) - { - printf("%02x", *(sa_ptr->iv + i)); - } - printf("\n" RESET); - } - printf(KYEL "Next ARSN value is:\n\t"); - for (i = 0; i < sa_ptr->arsn_len; i++) - { - printf("%02x", *(sa_ptr->arsn + i)); - } - printf("\n" RESET); - printf(KYEL "Next transmitted ARSN value is:\n\t"); - for (i = sa_ptr->arsn_len - sa_ptr->shsnf_len; i < sa_ptr->arsn_len; i++) - { - printf("%02x", *(sa_ptr->arsn + i)); - } - printf("\n" RESET); -#endif -#endif - } - - // Move idx to mac location - idx += pdu_len; -#ifdef TM_DEBUG - if (sa_ptr->stmacf_len > 0) - { - printf(KYEL "Data length is %d\n" RESET, pdu_len); - printf(KYEL "MAC location starts at: %d\n" RESET, idx); - printf(KYEL "MAC length of %d\n" RESET, sa_ptr->stmacf_len); - } - else - { - printf(KYEL "MAC NOT SET TO BE USED IN SA - LENGTH IS 0\n"); - } -#endif - -//TODO OCF - ? Here, elsewhere? - - /** - * End Authentication / Encryption - **/ - - // Only calculate & insert FECF if CryptoLib is configured to do so & gvcid includes FECF. - if (current_managed_parameters->has_fecf == TM_HAS_FECF) - { -#ifdef FECF_DEBUG - printf(KCYN "Calcing FECF over %d bytes\n" RESET, current_managed_parameters->max_frame_size - 2); -#endif - if (crypto_config.crypto_create_fecf == CRYPTO_TM_CREATE_FECF_TRUE) - { - new_fecf = Crypto_Calc_FECF((uint8_t*)pTfBuffer, current_managed_parameters->max_frame_size - 2); - pTfBuffer[current_managed_parameters->max_frame_size - 2] = (uint8_t)((new_fecf & 0xFF00) >> 8); - pTfBuffer[current_managed_parameters->max_frame_size - 1] = (uint8_t)(new_fecf & 0x00FF); - } - else // CRYPTO_TC_CREATE_FECF_FALSE - { - pTfBuffer[current_managed_parameters->max_frame_size - 2] = (uint8_t)0x00; - pTfBuffer[current_managed_parameters->max_frame_size - 1] = (uint8_t)0x00; - } - idx += 2; - } - -#ifdef TM_DEBUG - printf(KYEL "Printing new TM frame:\n\t"); - for(int i = 0; i < current_managed_parameters->max_frame_size; i++) + status = Crypto_TM_Do_Encrypt(sa_service_type, sa_ptr, &aad_len, &mac_loc, &idx, pdu_len, pTfBuffer, aad, ecs_is_aead_algorithm, data_loc, ekp, akp, pkcs_padding, &new_fecf); + if(status != CRYPTO_LIB_SUCCESS) { - printf("%02X", pTfBuffer[i]); + return status; } - printf("\n"); -#endif - - status = sa_if->sa_save_sa(sa_ptr); - -#ifdef DEBUG - printf(KYEL "----- Crypto_TM_ApplySecurity END -----\n" RESET); -#endif mc_if->mc_log(status); return status; From 30e457d62bdbc561f622a8d620121e4fd556af30 Mon Sep 17 00:00:00 2001 From: "Lucas, John P" Date: Tue, 2 Apr 2024 15:50:47 -0400 Subject: [PATCH 038/174] [nos3#202] Setup SC init to use vcid[0] as TC clear, vcid[1] as TM clear, and vcid[4] as TC encrypted - also added startup delay to standalone; --- src/core/crypto_config.c | 3 +-- .../internal/sa_interface_inmemory.template.c | 26 ++++++++----------- support/standalone/standalone.c | 7 ++--- 3 files changed, 16 insertions(+), 20 deletions(-) diff --git a/src/core/crypto_config.c b/src/core/crypto_config.c index a283a3e8..7dec1c93 100644 --- a/src/core/crypto_config.c +++ b/src/core/crypto_config.c @@ -61,11 +61,10 @@ int32_t Crypto_SC_Init(void) SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // TC Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 4, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); // TM - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); return status; } diff --git a/src/sa/internal/sa_interface_inmemory.template.c b/src/sa/internal/sa_interface_inmemory.template.c index 15764669..211fd34d 100644 --- a/src/sa/internal/sa_interface_inmemory.template.c +++ b/src/sa/internal/sa_interface_inmemory.template.c @@ -73,8 +73,7 @@ int32_t sa_config(void) int32_t status = CRYPTO_LIB_SUCCESS; // Security Associations - // SA 1 - CLEAR MODE - // SA 1 VC0/1 is now SA 1-VC0, SA 8-VC1 + // SA 1 - TC CLEAR MODE sa[1].spi = 1; sa[1].sa_state = SA_OPERATIONAL; sa[1].est = 0; @@ -89,21 +88,18 @@ int32_t sa_config(void) sa[1].gvcid_blk.vcid = 0; sa[1].gvcid_blk.mapid = TYPE_TC; - // SA 2 - KEYED; ARSNW:5; AES-GCM; IV:00...00; IV-len:12; MAC-len:16; Key-ID: 128 - sa[2].spi = 2; - sa[2].ekid = 128; - sa[2].sa_state = SA_KEYED; - sa[2].est = 1; - sa[2].ast = 1; - sa[2].ecs_len = 1; - sa[2].ecs = CRYPTO_CIPHER_AES256_GCM; - sa[2].shivf_len = 12; - sa[2].iv_len = 12; - *(sa[2].iv + sa[2].shivf_len - 1) = 0; - sa[2].abm_len = ABM_SIZE; // 20 + // SA 2 - TM CLEAR MODE + sa[2].spi = 8; + sa[2].sa_state = SA_OPERATIONAL; + sa[2].est = 0; + sa[2].ast = 0; + sa[2].arsn_len = 1; sa[2].arsnw_len = 1; sa[2].arsnw = 5; - sa[2].arsn_len = (sa[2].arsnw * 2) + 1; + sa[2].gvcid_blk.tfvn = 0; + sa[2].gvcid_blk.scid = SCID & 0x3FF; + sa[2].gvcid_blk.vcid = 1; + sa[2].gvcid_blk.mapid = TYPE_TM; // SA 3 - KEYED; ARSNW:5; AES-GCM; IV:00...00; IV-len:12; MAC-len:16; Key-ID: 129 sa[3].spi = 3; diff --git a/support/standalone/standalone.c b/support/standalone/standalone.c index 9d82b44b..413311b5 100644 --- a/support/standalone/standalone.c +++ b/support/standalone/standalone.c @@ -300,9 +300,7 @@ int32_t crypto_reset(void) printf("CryptoLib initialization failed with error %d \n", status); } - status = Crypto_Init_TC_Unit_Test(); - // TODO: Crypto_Init_TM_Unit_Test() appears to be looking at the second byte and not specifically the SCID bits - // TODO: How to initialize for both TC and TM? + status = Crypto_SC_Init(); if (status != CRYPTO_LIB_SUCCESS) { printf("CryptoLib initialization failed with error %d \n", status); @@ -701,6 +699,9 @@ int main(int argc, char* argv[]) printf(" Expected zero but received: %s \n", argv[1]); } + /* Startup delay */ + sleep(5); + /* Initialize CryptoLib */ status = crypto_reset(); if (status != CRYPTO_LIB_SUCCESS) From 29cd1b430f820790fe3810730176e414938a80d6 Mon Sep 17 00:00:00 2001 From: Robert Brown Date: Tue, 2 Apr 2024 20:05:13 +0000 Subject: [PATCH 039/174] [nasa/cryptolib#231][nasa/cryptolib#230] WIP: TM Refactor, single return, TODO: Headers --- src/core/crypto_tm.c | 727 +++++++++++++++++++++++-------------------- 1 file changed, 388 insertions(+), 339 deletions(-) diff --git a/src/core/crypto_tm.c b/src/core/crypto_tm.c index 799cb25b..cb7ec962 100644 --- a/src/core/crypto_tm.c +++ b/src/core/crypto_tm.c @@ -986,36 +986,9 @@ int32_t Crypto_TM_ApplySecurity(uint8_t* pTfBuffer) return status; } **/ -/** - * @brief Function: Crypto_TM_ProcessSecurity - * @param ingest: uint8_t* - * @param len_ingest: int* - * @return int32: Success/Failure - **/ -int32_t Crypto_TM_ProcessSecurity(uint8_t* p_ingest, uint16_t len_ingest, uint8_t** pp_processed_frame, uint16_t* p_decrypted_length) +int32_t Crypto_TM_Process_Setup(uint16_t len_ingest, uint16_t* byte_idx, uint8_t* p_ingest, uint8_t* secondary_hdr_len) { - // Local Variables int32_t status = CRYPTO_LIB_SUCCESS; - uint8_t aad[1786]; - uint16_t aad_len = 0; - uint16_t byte_idx = 0; - uint8_t ecs_is_aead_algorithm; - uint32_t encryption_cipher = 0; - uint8_t iv_loc; - int mac_loc = 0; - uint16_t pdu_len = 1; - uint8_t* p_new_dec_frame = NULL; - SecurityAssociation_t* sa_ptr = NULL; - uint8_t sa_service_type = -1; - uint8_t secondary_hdr_len = 0; - uint8_t spi = -1; - - - // Bit math to give concise access to values in the ingest - tm_frame_pri_hdr.tfvn = ((uint8_t)p_ingest[0] & 0xC0) >> 6; - tm_frame_pri_hdr.scid = (((uint16_t)p_ingest[0] & 0x3F) << 4) | (((uint16_t)p_ingest[1] & 0xF0) >> 4); - tm_frame_pri_hdr.vcid = ((uint8_t)p_ingest[1] & 0x0E) >> 1; - #ifdef DEBUG printf(KYEL "\n----- Crypto_TM_ProcessSecurity START -----\n" RESET); #endif @@ -1024,10 +997,9 @@ int32_t Crypto_TM_ProcessSecurity(uint8_t* p_ingest, uint16_t len_ingest, uint8_ { status = CRYPTO_LIB_ERR_INPUT_FRAME_TOO_SHORT_FOR_TM_STANDARD; mc_if->mc_log(status); - return status; } - if ((crypto_config.init_status == UNITIALIZED) || (mc_if == NULL) || (sa_if == NULL)) + if ((status == CRYPTO_LIB_SUCCESS) && ((crypto_config.init_status == UNITIALIZED) || (mc_if == NULL) || (sa_if == NULL))) { #ifdef TM_DEBUG printf(KRED "ERROR: CryptoLib Configuration Not Set! -- CRYPTO_LIB_ERR_NO_CONFIG, Will Exit\n" RESET); @@ -1038,15 +1010,13 @@ int32_t Crypto_TM_ProcessSecurity(uint8_t* p_ingest, uint16_t len_ingest, uint8_ { mc_if->mc_log(status); } - return status; } // Query SA DB for active SA / SDLS parameters - if (sa_if == NULL) // This should not happen, but tested here for safety + if ((sa_if == NULL) && (status == CRYPTO_LIB_SUCCESS)) // This should not happen, but tested here for safety { printf(KRED "ERROR: SA DB Not initalized! -- CRYPTO_LIB_ERR_NO_INIT, Will Exit\n" RESET); status = CRYPTO_LIB_ERR_NO_INIT; - return status; } #ifdef TM_DEBUG @@ -1055,141 +1025,95 @@ int32_t Crypto_TM_ProcessSecurity(uint8_t* p_ingest, uint16_t len_ingest, uint8_ #endif // Lookup-retrieve managed parameters for frame via gvcid: - status = Crypto_Get_Managed_Parameters_For_Gvcid( + if (status == CRYPTO_LIB_SUCCESS) + { + status = Crypto_Get_Managed_Parameters_For_Gvcid( tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, gvcid_managed_parameters, ¤t_managed_parameters); - + } + if (status != CRYPTO_LIB_SUCCESS) { #ifdef TM_DEBUG printf(KRED "**NO LUCK WITH GVCID!\n" RESET); #endif - mc_if->mc_log(status); - return status; + // Can't mc_log if it's not configured + if (mc_if != NULL) + { + mc_if->mc_log(status); + } } // Unable to get necessary Managed Parameters for TM TF -- return with error. // Check if secondary header is present within frame // Note: Secondary headers are static only for a mission phase, not guaranteed static // over the life of a mission Per CCSDS 132.0-B.3 Section 4.1.2.7.2.3 - // Secondary Header flag is 1st bit of 5th byte (index 4) - byte_idx = 4; - if((p_ingest[byte_idx] & 0x80) == 0x80) + if(status == CRYPTO_LIB_SUCCESS) { -#ifdef TM_DEBUG - printf(KYEL "A TM Secondary Header flag is set!\n"); -#endif - // Secondary header is present - byte_idx = 6; - // Determine length of secondary header - // Length coded as total length of secondary header - 1 - // Reference CCSDS 132.0-B-2 4.1.3.2.3 - secondary_hdr_len = (p_ingest[byte_idx] & 0x3F) + 1; -#ifdef TM_DEBUG - printf(KYEL "Secondary Header Length is decoded as: %d\n", secondary_hdr_len); -#endif - // Increment from current byte (1st byte of secondary header), - // to where the SPI would start - byte_idx += secondary_hdr_len; - } - else - { - // No Secondary header, carry on as usual and increment to SPI start - byte_idx = 6; + // Secondary Header flag is 1st bit of 5th byte (index 4) + *byte_idx = 4; + if((p_ingest[*byte_idx] & 0x80) == 0x80) + { + #ifdef TM_DEBUG + printf(KYEL "A TM Secondary Header flag is set!\n"); + #endif + // Secondary header is present + *byte_idx = 6; + // Determine length of secondary header + // Length coded as total length of secondary header - 1 + // Reference CCSDS 132.0-B-2 4.1.3.2.3 + *secondary_hdr_len = (p_ingest[*byte_idx] & 0x3F) + 1; + #ifdef TM_DEBUG + printf(KYEL "Secondary Header Length is decoded as: %d\n", *secondary_hdr_len); + #endif + // Increment from current byte (1st byte of secondary header), + // to where the SPI would start + *byte_idx += *secondary_hdr_len; + } + else + { + // No Secondary header, carry on as usual and increment to SPI start + *byte_idx = 6; + } } - /** - * Begin Security Header Fields - * Reference CCSDS SDLP 3550b1 4.1.1.1.3 - **/ - // Get SPI - spi = (uint8_t)p_ingest[byte_idx] << 8 | (uint8_t)p_ingest[byte_idx + 1]; - // Move index to past the SPI - byte_idx += 2; - - status = sa_if->sa_get_from_spi(spi, &sa_ptr); - // If no valid SPI, return - if (status != CRYPTO_LIB_SUCCESS) - { - mc_if->mc_log(status); - return status; - } + return status; +} -#ifdef SA_DEBUG - printf(KYEL "DEBUG - Printing SA Entry for current frame.\n" RESET); - Crypto_saPrint(sa_ptr); -#endif - // Determine SA Service Type - if ((sa_ptr->est == 0) && (sa_ptr->ast == 0)) - { - sa_service_type = SA_PLAINTEXT; - } - else if ((sa_ptr->est == 0) && (sa_ptr->ast == 1)) - { - sa_service_type = SA_AUTHENTICATION; - } - else if ((sa_ptr->est == 1) && (sa_ptr->ast == 0)) - { - sa_service_type = SA_ENCRYPTION; - } - else if ((sa_ptr->est == 1) && (sa_ptr->ast == 1)) - { - sa_service_type = SA_AUTHENTICATED_ENCRYPTION; - } - else - { - // Probably unnecessary check - // Leaving for now as it would be cleaner in SA to have an association enum returned I believe - printf(KRED "Error: SA Service Type is not defined! \n" RESET); - status = CRYPTO_LIB_ERROR; - mc_if->mc_log(status); - return status; - } +int32_t Crypto_TM_Determine_Cipher_Mode(uint8_t sa_service_type, SecurityAssociation_t* sa_ptr, uint32_t* encryption_cipher, uint8_t* ecs_is_aead_algorithm) +{ + int32_t status = CRYPTO_LIB_SUCCESS; - // Determine Algorithm cipher & mode. // TODO - Parse authentication_cipher, and handle AEAD cases properly if (sa_service_type != SA_PLAINTEXT) { if (sa_ptr->ecs != CRYPTO_CIPHER_NONE) { - encryption_cipher = sa_ptr->ecs; + *encryption_cipher = sa_ptr->ecs; #ifdef TC_DEBUG - printf(KYEL "SA Encryption Cipher: %d\n", encryption_cipher); + printf(KYEL "SA Encryption Cipher: %d\n", *encryption_cipher); #endif } // If no pointer, must not be using ECS at all else { - encryption_cipher = CRYPTO_CIPHER_NONE; + *encryption_cipher = CRYPTO_CIPHER_NONE; } - ecs_is_aead_algorithm = Crypto_Is_AEAD_Algorithm(encryption_cipher); + *ecs_is_aead_algorithm = Crypto_Is_AEAD_Algorithm(*encryption_cipher); } - if ( encryption_cipher == CRYPTO_CIPHER_NONE && sa_ptr->est == 1) + if ( *encryption_cipher == CRYPTO_CIPHER_NONE && sa_ptr->est == 1) { status = CRYPTO_LIB_ERR_NO_ECS_SET_FOR_ENCRYPTION_MODE; mc_if->mc_log(status); - return status; } -#ifdef TM_DEBUG - switch (sa_service_type) - { - case SA_PLAINTEXT: - printf(KBLU "Processing a TM - CLEAR!\n" RESET); - break; - case SA_AUTHENTICATION: - printf(KBLU "Processing a TM - AUTHENTICATED!\n" RESET); - break; - case SA_ENCRYPTION: - printf(KBLU "Processing a TM - ENCRYPTED!\n" RESET); - break; - case SA_AUTHENTICATED_ENCRYPTION: - printf(KBLU "Processing a TM - AUTHENTICATED ENCRYPTION!\n" RESET); - break; - } -#endif + return status; +} + +int32_t Crypto_TM_FECF_Setup(uint8_t* p_ingest, uint16_t len_ingest) +{ + int32_t status = CRYPTO_LIB_SUCCESS; - // Parse & Check FECF, if present, and update fecf length if (current_managed_parameters->has_fecf == TM_HAS_FECF) { uint16_t received_fecf = (((p_ingest[current_managed_parameters->max_frame_size - 2] << 8) & 0xFF00) | @@ -1210,7 +1134,6 @@ int32_t Crypto_TM_ProcessSecurity(uint8_t* p_ingest, uint16_t len_ingest, uint8_ #endif status = CRYPTO_LIB_ERR_INVALID_FECF; mc_if->mc_log(status); - return status; } // Valid FECF, zero out the field else @@ -1232,114 +1155,13 @@ int32_t Crypto_TM_ProcessSecurity(uint8_t* p_ingest, uint16_t len_ingest, uint8_ #endif status = CRYPTO_LIB_ERR_TC_ENUM_USED_FOR_TM_CONFIG; mc_if->mc_log(status); - return status; - } - - // Accio buffer - p_new_dec_frame = (uint8_t*)calloc(1, (len_ingest) * sizeof(uint8_t)); - if (!p_new_dec_frame) - { - printf(KRED "Error: Calloc for decrypted output buffer failed! \n" RESET); - status = CRYPTO_LIB_ERROR; - mc_if->mc_log(status); - return status; - } - - // Copy over TM Primary Header (6 bytes),Secondary (if present) - // If present, the TF Secondary Header will follow the TF PriHdr - memcpy(p_new_dec_frame, &p_ingest[0], 6 + secondary_hdr_len); - - // Byte_idx is still set to just past the SPI - // If IV is present, note location - if (sa_ptr->iv_len > 0) - { - iv_loc = byte_idx; - } - // Increment byte_idx past Security Header Fields based on SA values - byte_idx += sa_ptr->shivf_len; - byte_idx += (sa_ptr->arsn_len - sa_ptr->shsnf_len); - byte_idx += sa_ptr->shplf_len; - -#ifdef SA_DEBUG - printf(KYEL "IV length of %d bytes\n" RESET, sa_ptr->shivf_len); - printf(KYEL "ARSN length of %d bytes\n" RESET, sa_ptr->arsn_len - sa_ptr->shsnf_len); - printf(KYEL "PAD length field of %d bytes\n" RESET, sa_ptr->shplf_len); - printf(KYEL "First byte past Security Header is at index %d\n" RESET, byte_idx); -#endif - - /** - * End Security Header Fields - * byte_idx is now at start of pdu / encrypted data - **/ - - // Calculate size of the protocol data unit - // NOTE: This size itself is not the length for authentication - pdu_len = current_managed_parameters->max_frame_size - (byte_idx) - sa_ptr->stmacf_len; - if(current_managed_parameters->has_ocf == TM_HAS_OCF) - { - pdu_len -= 4; - } - if(current_managed_parameters->has_fecf == TM_HAS_FECF) - { - pdu_len -= 2; - } - - // If MAC exists, comes immediately after pdu - if (sa_ptr->stmacf_len > 0) - { - mac_loc = byte_idx + pdu_len; - } - -#ifdef TM_DEBUG - printf(KYEL "Index / data location starts at: %d\n" RESET, byte_idx); - printf(KYEL "Data size is: %d\n" RESET, pdu_len); - if(current_managed_parameters->has_ocf == TM_HAS_OCF) - { - // If OCF exists, comes immediately after MAC - printf(KYEL "OCF Location is: %d" RESET, byte_idx + pdu_len + sa_ptr->stmacf_len); - } - if(current_managed_parameters->has_fecf == TM_HAS_FECF) - { - // If FECF exists, comes just before end of the frame - printf(KYEL "FECF Location is: %d\n" RESET, current_managed_parameters->max_frame_size - 2); - } -#endif - - // Copy pdu into output frame - // this will be over-written by decryption functions if necessary, - // but not by authentication which requires - - // Get Key - crypto_key_t* ekp = NULL; - ekp = key_if->get_key(sa_ptr->ekid); - if (ekp == NULL) - { - status = CRYPTO_LIB_ERR_KEY_ID_ERROR; - mc_if->mc_log(status); - return status; - } - - crypto_key_t* akp = NULL; - akp = key_if->get_key(sa_ptr->akid); - if (akp == NULL) - { - status = CRYPTO_LIB_ERR_KEY_ID_ERROR; - mc_if->mc_log(status); - return status; } + return status; +} - /** - * Begin Authentication / Encryption - **/ - - // if(sa_service_type != SA_PLAINTEXT) - // { - // status = CRYPTO_LIB_ERR_NULL_CIPHERS; - // mc_if->mc_log(status); - // return status; - // } - - // Parse MAC, prepare AAD +int32_t Crypto_TM_Parse_Mac_Prep_AAD(uint8_t sa_service_type, uint8_t* p_ingest, int mac_loc, SecurityAssociation_t* sa_ptr, uint16_t* aad_len, uint16_t byte_idx, uint8_t* aad) +{ + int32_t status = CRYPTO_LIB_SUCCESS; if ((sa_service_type == SA_AUTHENTICATION) || (sa_service_type == SA_AUTHENTICATED_ENCRYPTION)) { #ifdef MAC_DEBUG @@ -1348,134 +1170,179 @@ int32_t Crypto_TM_ProcessSecurity(uint8_t* p_ingest, uint16_t len_ingest, uint8_ #endif if (sa_service_type == SA_AUTHENTICATED_ENCRYPTION) { - aad_len = byte_idx; + *aad_len = byte_idx; } else { - aad_len = mac_loc; + *aad_len = mac_loc; } - if (sa_ptr->abm_len < aad_len) + if (sa_ptr->abm_len < *aad_len) { status = CRYPTO_LIB_ERR_ABM_TOO_SHORT_FOR_AAD; mc_if->mc_log(status); - return status; } // Use ingest and abm to create aad - Crypto_Prepare_TM_AAD(p_ingest, aad_len, sa_ptr->abm, &aad[0]); + if(status == CRYPTO_LIB_SUCCESS) + { + status = Crypto_Prepare_TM_AAD(p_ingest, *aad_len, sa_ptr->abm, aad); + } #ifdef MAC_DEBUG - printf("AAD Debug:\n\tAAD Length is %d\n\t AAD is: ", aad_len); - for (int i = 0; icryptography_decrypt(p_new_dec_frame+byte_idx, // plaintext output + pdu_len, // length of data + p_ingest+byte_idx, // ciphertext input + pdu_len, // in data length + &(ekp->value[0]), // Key + Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs), + sa_ptr, // SA for key reference + p_ingest+iv_loc, // IV + sa_ptr->iv_len, // IV Length + &sa_ptr->ecs, // encryption cipher + &sa_ptr->acs, // authentication cipher + NULL); + } + if(sa_service_type == SA_AUTHENTICATED_ENCRYPTION) + { + status = cryptography_if->cryptography_aead_decrypt(p_new_dec_frame+byte_idx, // plaintext output + pdu_len, // length of data + p_ingest+byte_idx, // ciphertext input + pdu_len, // in data length + &(ekp->value[0]), // Key + Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs), + sa_ptr, // SA for key reference + p_ingest+iv_loc, // IV + sa_ptr->iv_len, // IV Length + p_ingest+mac_loc, // Frame Expected Tag + sa_ptr->stmacf_len, // tag size + aad, // additional authenticated data + aad_len, // length of AAD + (sa_ptr->est), // Decryption Bool + (sa_ptr->ast), // Authentication Bool + (sa_ptr->ast), // AAD Bool + &sa_ptr->ecs, // encryption cipher + &sa_ptr->acs, // authentication cipher + NULL); + } + return status; +} - if(sa_service_type == SA_ENCRYPTION) +int32_t Crypto_TM_Do_Decrypt_NONAEAD(uint8_t sa_service_type, uint16_t pdu_len, uint8_t* p_new_dec_frame, uint16_t byte_idx, uint8_t* p_ingest, crypto_key_t* akp, crypto_key_t* ekp, SecurityAssociation_t* sa_ptr, uint8_t iv_loc, int mac_loc, uint16_t aad_len, uint8_t* aad) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + if(sa_service_type == SA_AUTHENTICATION || sa_service_type == SA_AUTHENTICATED_ENCRYPTION) + { + status = cryptography_if->cryptography_validate_authentication(p_new_dec_frame+byte_idx, // plaintext output + pdu_len, // length of data + p_ingest+byte_idx, // ciphertext input + pdu_len, // in data length + &(akp->value[0]), // Key + Crypto_Get_ACS_Algo_Keylen(sa_ptr->acs), + sa_ptr, // SA for key reference + p_ingest+iv_loc, // IV + sa_ptr->iv_len, // IV Length + p_ingest+mac_loc, // Frame Expected Tag + sa_ptr->stmacf_len, // tag size + aad, // additional authenticated data + aad_len, // length of AAD + CRYPTO_CIPHER_NONE, // encryption cipher + sa_ptr->acs, // authentication cipher + NULL); // cam cookies + + } + if(sa_service_type == SA_ENCRYPTION || sa_service_type == SA_AUTHENTICATED_ENCRYPTION) + { + // Check that key length to be used meets the algorithm requirement + if((int32_t) ekp->key_len != Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs)) { - status = cryptography_if->cryptography_decrypt(p_new_dec_frame+byte_idx, // plaintext output - pdu_len, // length of data - p_ingest+byte_idx, // ciphertext input - pdu_len, // in data length - &(ekp->value[0]), // Key - Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs), - sa_ptr, // SA for key reference - p_ingest+iv_loc, // IV - sa_ptr->iv_len, // IV Length - &sa_ptr->ecs, // encryption cipher - &sa_ptr->acs, // authentication cipher - NULL); + // free(aad); - non-heap object + status = CRYPTO_LIB_ERR_KEY_LENGTH_ERROR; + mc_if->mc_log(status); + //return status; } - if(sa_service_type == SA_AUTHENTICATED_ENCRYPTION) + + if(status == CRYPTO_LIB_SUCCESS) { - status = cryptography_if->cryptography_aead_decrypt(p_new_dec_frame+byte_idx, // plaintext output - pdu_len, // length of data - p_ingest+byte_idx, // ciphertext input - pdu_len, // in data length - &(ekp->value[0]), // Key - Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs), - sa_ptr, // SA for key reference - p_ingest+iv_loc, // IV - sa_ptr->iv_len, // IV Length - p_ingest+mac_loc, // Frame Expected Tag - sa_ptr->stmacf_len, // tag size - aad, // additional authenticated data - aad_len, // length of AAD - (sa_ptr->est), // Decryption Bool - (sa_ptr->ast), // Authentication Bool - (sa_ptr->ast), // AAD Bool - &sa_ptr->ecs, // encryption cipher - &sa_ptr->acs, // authentication cipher - NULL); + status = cryptography_if->cryptography_decrypt(p_new_dec_frame+byte_idx, // plaintext output + pdu_len, // length of data + p_ingest+byte_idx, // ciphertext input + pdu_len, // in data length + &(ekp->value[0]), // Key + Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs), + sa_ptr, // SA for key reference + p_ingest+iv_loc, // IV + sa_ptr->iv_len, // IV Length + &sa_ptr->ecs, // encryption cipher + &sa_ptr->acs, // authentication cipher + NULL); } + + // //Handle Padding Removal + // if(sa_ptr->shplf_len != 0) + // { + // int padding_location = TC_FRAME_HEADER_SIZE + segment_hdr_len + SPI_LEN + sa_ptr->shivf_len + + // sa_ptr->shsnf_len; + // uint16_t padding_amount = 0; + // // Get Padding Amount from ingest frame + // padding_amount = (int)ingest[padding_location]; + // // Remove Padding from final decrypted portion + // tc_sdls_processed_frame->tc_pdu_len -= padding_amount; + // } } + return status; +} - else if (sa_service_type != SA_PLAINTEXT && ecs_is_aead_algorithm == CRYPTO_FALSE) +void Crypto_TM_Calc_PDU_MAC(uint16_t* pdu_len, uint16_t byte_idx, SecurityAssociation_t* sa_ptr, int* mac_loc) +{ + *pdu_len = current_managed_parameters->max_frame_size - (byte_idx) - sa_ptr->stmacf_len; + if(current_managed_parameters->has_ocf == TM_HAS_OCF) { - // TODO - implement non-AEAD algorithm logic - if(sa_service_type == SA_AUTHENTICATION || sa_service_type == SA_AUTHENTICATED_ENCRYPTION) - { - status = cryptography_if->cryptography_validate_authentication(p_new_dec_frame+byte_idx, // plaintext output - pdu_len, // length of data - p_ingest+byte_idx, // ciphertext input - pdu_len, // in data length - &(akp->value[0]), // Key - Crypto_Get_ACS_Algo_Keylen(sa_ptr->acs), - sa_ptr, // SA for key reference - p_ingest+iv_loc, // IV - sa_ptr->iv_len, // IV Length - p_ingest+mac_loc, // Frame Expected Tag - sa_ptr->stmacf_len, // tag size - aad, // additional authenticated data - aad_len, // length of AAD - CRYPTO_CIPHER_NONE, // encryption cipher - sa_ptr->acs, // authentication cipher - NULL); // cam cookies + *pdu_len -= 4; + } + if(current_managed_parameters->has_fecf == TM_HAS_FECF) + { + *pdu_len -= 2; + } - } - if(sa_service_type == SA_ENCRYPTION || sa_service_type == SA_AUTHENTICATED_ENCRYPTION) - { - // Check that key length to be used emets the algorithm requirement - if((int32_t) ekp->key_len != Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs)) - { - // free(aad); - non-heap object - status = CRYPTO_LIB_ERR_KEY_LENGTH_ERROR; - mc_if->mc_log(status); - return status; - } + // If MAC exists, comes immediately after pdu + if (sa_ptr->stmacf_len > 0) + { + *mac_loc = byte_idx + *pdu_len; + } +} - status = cryptography_if->cryptography_decrypt(p_new_dec_frame+byte_idx, // plaintext output - pdu_len, // length of data - p_ingest+byte_idx, // ciphertext input - pdu_len, // in data length - &(ekp->value[0]), // Key - Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs), - sa_ptr, // SA for key reference - p_ingest+iv_loc, // IV - sa_ptr->iv_len, // IV Length - &sa_ptr->ecs, // encryption cipher - &sa_ptr->acs, // authentication cipher - NULL); +int32_t Crypto_TM_Do_Decrypt(uint8_t sa_service_type, SecurityAssociation_t* sa_ptr, uint8_t ecs_is_aead_algorithm, uint16_t byte_idx, uint8_t* p_new_dec_frame, uint16_t pdu_len, uint8_t* p_ingest, crypto_key_t* ekp, crypto_key_t* akp, uint8_t iv_loc, int mac_loc, uint16_t aad_len, uint8_t* aad, uint8_t** pp_processed_frame, uint16_t* p_decrypted_length) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + if(sa_service_type != SA_PLAINTEXT && ecs_is_aead_algorithm == CRYPTO_TRUE) + { + status = Crypto_TM_Do_Decrypt_AEAD(sa_service_type, p_ingest, p_new_dec_frame, byte_idx, pdu_len, ekp, sa_ptr, iv_loc, mac_loc, aad_len, aad); + } - // //Handle Padding Removal - // if(sa_ptr->shplf_len != 0) - // { - // int padding_location = TC_FRAME_HEADER_SIZE + segment_hdr_len + SPI_LEN + sa_ptr->shivf_len + - // sa_ptr->shsnf_len; - // uint16_t padding_amount = 0; - // // Get Padding Amount from ingest frame - // padding_amount = (int)ingest[padding_location]; - // // Remove Padding from final decrypted portion - // tc_sdls_processed_frame->tc_pdu_len -= padding_amount; - // } - } + else if (sa_service_type != SA_PLAINTEXT && ecs_is_aead_algorithm == CRYPTO_FALSE) + { + status = Crypto_TM_Do_Decrypt_NONAEAD(sa_service_type, pdu_len, p_new_dec_frame, byte_idx, p_ingest, akp, ekp, sa_ptr, iv_loc, mac_loc, aad_len, aad); + // TODO - implement non-AEAD algorithm logic } // If plaintext, copy byte by byte @@ -1506,10 +1373,192 @@ int32_t Crypto_TM_ProcessSecurity(uint8_t* p_ingest, uint16_t len_ingest, uint8_ #ifdef DEBUG printf(KYEL "----- Crypto_TM_ProcessSecurity END -----\n" RESET); #endif - + if(status != CRYPTO_LIB_SUCCESS) + { mc_if->mc_log(status); - return status; } + + return status; +} + +void Crypto_TM_Process_Debug_Print(uint16_t byte_idx, uint16_t pdu_len, SecurityAssociation_t* sa_ptr) +{ + #ifdef TM_DEBUG + printf(KYEL "Index / data location starts at: %d\n" RESET, byte_idx); + printf(KYEL "Data size is: %d\n" RESET, pdu_len); + if(current_managed_parameters->has_ocf == TM_HAS_OCF) + { + // If OCF exists, comes immediately after MAC + printf(KYEL "OCF Location is: %d" RESET, byte_idx + pdu_len + sa_ptr->stmacf_len); + } + if(current_managed_parameters->has_fecf == TM_HAS_FECF) + { + // If FECF exists, comes just before end of the frame + printf(KYEL "FECF Location is: %d\n" RESET, current_managed_parameters->max_frame_size - 2); + } + #endif +} + +/** + * @brief Function: Crypto_TM_ProcessSecurity + * @param ingest: uint8_t* + * @param len_ingest: int* + * @return int32: Success/Failure + **/ +int32_t Crypto_TM_ProcessSecurity(uint8_t* p_ingest, uint16_t len_ingest, uint8_t** pp_processed_frame, uint16_t* p_decrypted_length) +{ + // Local Variables + int32_t status = CRYPTO_LIB_SUCCESS; + uint8_t aad[1786]; + uint16_t aad_len = 0; + uint16_t byte_idx = 0; + uint8_t ecs_is_aead_algorithm; + uint32_t encryption_cipher = 0; + uint8_t iv_loc; + int mac_loc = 0; + uint16_t pdu_len = 1; + uint8_t* p_new_dec_frame = NULL; + SecurityAssociation_t* sa_ptr = NULL; + uint8_t sa_service_type = -1; + uint8_t secondary_hdr_len = 0; + uint8_t spi = -1; + crypto_key_t* ekp = NULL; + crypto_key_t* akp = NULL; + + // Bit math to give concise access to values in the ingest + tm_frame_pri_hdr.tfvn = ((uint8_t)p_ingest[0] & 0xC0) >> 6; + tm_frame_pri_hdr.scid = (((uint16_t)p_ingest[0] & 0x3F) << 4) | (((uint16_t)p_ingest[1] & 0xF0) >> 4); + tm_frame_pri_hdr.vcid = ((uint8_t)p_ingest[1] & 0x0E) >> 1; + + status = Crypto_TM_Process_Setup(len_ingest, &byte_idx, p_ingest, &secondary_hdr_len); + if (status == CRYPTO_LIB_SUCCESS) + { + /** + * Begin Security Header Fields + * Reference CCSDS SDLP 3550b1 4.1.1.1.3 + **/ + // Get SPI + spi = (uint8_t)p_ingest[byte_idx] << 8 | (uint8_t)p_ingest[byte_idx + 1]; + // Move index to past the SPI + byte_idx += 2; + + status = sa_if->sa_get_from_spi(spi, &sa_ptr); + } + + // If no valid SPI, return + if (status == CRYPTO_LIB_SUCCESS) + { +#ifdef SA_DEBUG + printf(KYEL "DEBUG - Printing SA Entry for current frame.\n" RESET); + Crypto_saPrint(sa_ptr); +#endif + // Determine SA Service Type + status = Crypto_TM_Determine_SA_Service_Type(&sa_service_type, sa_ptr); + } + if (status == CRYPTO_LIB_SUCCESS) + { + // Determine Algorithm cipher & mode. // TODO - Parse authentication_cipher, and handle AEAD cases properly + status = Crypto_TM_Determine_Cipher_Mode(sa_service_type, sa_ptr, &encryption_cipher, &ecs_is_aead_algorithm); + } + if (status == CRYPTO_LIB_SUCCESS) + { + #ifdef TM_DEBUG + switch (sa_service_type) + { + case SA_PLAINTEXT: + printf(KBLU "Processing a TM - CLEAR!\n" RESET); + break; + case SA_AUTHENTICATION: + printf(KBLU "Processing a TM - AUTHENTICATED!\n" RESET); + break; + case SA_ENCRYPTION: + printf(KBLU "Processing a TM - ENCRYPTED!\n" RESET); + break; + case SA_AUTHENTICATED_ENCRYPTION: + printf(KBLU "Processing a TM - AUTHENTICATED ENCRYPTION!\n" RESET); + break; + } + #endif + + // Parse & Check FECF, if present, and update fecf length + status = Crypto_TM_FECF_Setup(p_ingest, len_ingest); + } + + if (status == CRYPTO_LIB_SUCCESS) + { + // Accio buffer + p_new_dec_frame = (uint8_t*)calloc(1, (len_ingest) * sizeof(uint8_t)); + if (!p_new_dec_frame) + { + printf(KRED "Error: Calloc for decrypted output buffer failed! \n" RESET); + status = CRYPTO_LIB_ERROR; + } + } + + if (status == CRYPTO_LIB_SUCCESS) + { + // Copy over TM Primary Header (6 bytes),Secondary (if present) + // If present, the TF Secondary Header will follow the TF PriHdr + memcpy(p_new_dec_frame, &p_ingest[0], 6 + secondary_hdr_len); + + // Byte_idx is still set to just past the SPI + // If IV is present, note location + if (sa_ptr->iv_len > 0) + { + iv_loc = byte_idx; + } + // Increment byte_idx past Security Header Fields based on SA values + byte_idx += sa_ptr->shivf_len; + byte_idx += (sa_ptr->arsn_len - sa_ptr->shsnf_len); + byte_idx += sa_ptr->shplf_len; + + #ifdef SA_DEBUG + printf(KYEL "IV length of %d bytes\n" RESET, sa_ptr->shivf_len); + printf(KYEL "ARSN length of %d bytes\n" RESET, sa_ptr->arsn_len - sa_ptr->shsnf_len); + printf(KYEL "PAD length field of %d bytes\n" RESET, sa_ptr->shplf_len); + printf(KYEL "First byte past Security Header is at index %d\n" RESET, byte_idx); + #endif + + /** + * End Security Header Fields + * byte_idx is now at start of pdu / encrypted data + **/ + + // Calculate size of the protocol data unit + // NOTE: This size itself is not the length for authentication + Crypto_TM_Calc_PDU_MAC(&pdu_len, byte_idx, sa_ptr, &mac_loc); + + Crypto_TM_Process_Debug_Print(byte_idx, pdu_len, sa_ptr); + + // Copy pdu into output frame + // this will be over-written by decryption functions if necessary, + // but not by authentication which requires + + // Get Key + status = Crypto_TM_Get_Keys(&ekp, &akp, sa_ptr); + } + + if (status == CRYPTO_LIB_SUCCESS) + { + /** + * Begin Authentication / Encryption + **/ + + // if(sa_service_type != SA_PLAINTEXT) + // { + // status = CRYPTO_LIB_ERR_NULL_CIPHERS; + // mc_if->mc_log(status); + // return status; + // } + + // Parse MAC, prepare AAD + Crypto_TM_Parse_Mac_Prep_AAD(sa_service_type, p_ingest, mac_loc, sa_ptr, &aad_len, byte_idx, aad); + + status = Crypto_TM_Do_Decrypt(sa_service_type, sa_ptr, ecs_is_aead_algorithm, byte_idx, p_new_dec_frame, pdu_len, p_ingest, ekp, akp, iv_loc, mac_loc, aad_len, aad, pp_processed_frame, p_decrypted_length); + } + + return status; +} /** * @brief Function: Crypto_Get_tmLength From b960619cab59999f7db26dcbd9f692a7302b87d1 Mon Sep 17 00:00:00 2001 From: Robert Brown Date: Wed, 3 Apr 2024 17:30:03 +0000 Subject: [PATCH 040/174] [nasa/cryptolib#231][nasa/cryptolib#230] TM Refactor Headers and Doxygen --- include/crypto.h | 24 +++++ src/core/crypto_tm.c | 221 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 245 insertions(+) diff --git a/include/crypto.h b/include/crypto.h index a153b774..680570d2 100644 --- a/include/crypto.h +++ b/include/crypto.h @@ -115,6 +115,30 @@ extern char* Crypto_Get_Error_Code_Enum_String(int32_t crypto_error_code); /* ** Internal Prototypes */ +// Telemetry (TM) +int32_t Crypto_TM_Sanity_Check(uint8_t* pTfBuffer); +int32_t Crypto_TM_Determine_SA_Service_Type(uint8_t* sa_service_type, SecurityAssociation_t* sa_ptr); +void Crypto_TM_Check_For_Secondary_Header(uint8_t* pTfBuffer, uint16_t* idx); +int32_t Crypto_TM_IV_Sanity_Check(uint8_t* sa_service_type, SecurityAssociation_t* sa_ptr); +void Crypto_TM_PKCS_Padding(uint32_t* pkcs_padding, SecurityAssociation_t* sa_ptr, uint8_t* pTfBuffer, uint16_t* idx_p); +void Crypto_TM_Handle_Managed_Parameter_Flags(uint16_t* pdu_len); +int32_t Crypto_TM_Get_Keys(crypto_key_t** ekp, crypto_key_t** akp, SecurityAssociation_t* sa_ptr); +int32_t Crypto_TM_Do_Encrypt_NONPLAINTEXT(uint8_t sa_service_type, uint16_t* aad_len, int* mac_loc, uint16_t* idx_p, uint16_t pdu_len, uint8_t* pTfBuffer, uint8_t* aad, SecurityAssociation_t* sa_ptr); +int32_t Crypto_TM_Do_Encrypt_NONPLAINTEXT_AEAD_Logic(uint8_t sa_service_type, uint8_t ecs_is_aead_algorithm, uint8_t* pTfBuffer, uint16_t pdu_len, uint16_t data_loc, crypto_key_t* ekp, crypto_key_t* akp, uint32_t pkcs_padding, int* mac_loc, uint16_t* aad_len, uint8_t* aad, SecurityAssociation_t* sa_ptr); +int32_t Crypto_TM_Do_Encrypt_Handle_Increment(uint8_t sa_service_type, SecurityAssociation_t* sa_ptr); +int32_t Crypto_TM_Do_Encrypt(uint8_t sa_service_type, SecurityAssociation_t* sa_ptr, uint16_t* aad_len, int* mac_loc, uint16_t* idx_p, uint16_t pdu_len, uint8_t* pTfBuffer, uint8_t* aad, uint8_t ecs_is_aead_algorithm, uint16_t data_loc, crypto_key_t* ekp, crypto_key_t* akp, uint32_t pkcs_padding, uint16_t* new_fecf); +void Crypto_TM_ApplySecurity_Debug_Print(uint16_t idx, uint16_t pdu_len, SecurityAssociation_t* sa_ptr); +int32_t Crypto_TM_Process_Setup(uint16_t len_ingest, uint16_t* byte_idx, uint8_t* p_ingest, uint8_t* secondary_hdr_len); +int32_t Crypto_TM_Determine_Cipher_Mode(uint8_t sa_service_type, SecurityAssociation_t* sa_ptr, uint32_t* encryption_cipher, uint8_t* ecs_is_aead_algorithm); +int32_t Crypto_TM_FECF_Setup(uint8_t* p_ingest, uint16_t len_ingest); +int32_t Crypto_TM_Parse_Mac_Prep_AAD(uint8_t sa_service_type, uint8_t* p_ingest, int mac_loc, SecurityAssociation_t* sa_ptr, uint16_t* aad_len, uint16_t byte_idx, uint8_t* aad); +int32_t Crypto_TM_Do_Decrypt_AEAD(uint8_t sa_service_type, uint8_t* p_ingest, uint8_t* p_new_dec_frame, uint16_t byte_idx, uint16_t pdu_len, crypto_key_t* ekp, SecurityAssociation_t* sa_ptr, uint8_t iv_loc, int mac_loc, uint16_t aad_len, uint8_t* aad); +int32_t Crypto_TM_Do_Decrypt_NONAEAD(uint8_t sa_service_type, uint16_t pdu_len, uint8_t* p_new_dec_frame, uint16_t byte_idx, uint8_t* p_ingest, crypto_key_t* akp, crypto_key_t* ekp, SecurityAssociation_t* sa_ptr, uint8_t iv_loc, int mac_loc, uint16_t aad_len, uint8_t* aad); +void Crypto_TM_Calc_PDU_MAC(uint16_t* pdu_len, uint16_t byte_idx, SecurityAssociation_t* sa_ptr, int* mac_loc); +int32_t Crypto_TM_Do_Decrypt(uint8_t sa_service_type, SecurityAssociation_t* sa_ptr, uint8_t ecs_is_aead_algorithm, uint16_t byte_idx, uint8_t* p_new_dec_frame, uint16_t pdu_len, uint8_t* p_ingest, crypto_key_t* ekp, crypto_key_t* akp, uint8_t iv_loc, int mac_loc, uint16_t aad_len, uint8_t* aad, uint8_t** pp_processed_frame, uint16_t* p_decrypted_length); +void Crypto_TM_Process_Debug_Print(uint16_t byte_idx, uint16_t pdu_len, SecurityAssociation_t* sa_ptr); + + extern uint8_t Crypto_Prep_Reply(uint8_t* ingest, uint8_t appID); extern int32_t Crypto_increment(uint8_t* num, int length); // int32_t Crypto_Get_tcPayloadLength(TC_t* tc_frame, SecurityAssociation_t* sa_ptr); diff --git a/src/core/crypto_tm.c b/src/core/crypto_tm.c index cb7ec962..4f63c44f 100644 --- a/src/core/crypto_tm.c +++ b/src/core/crypto_tm.c @@ -23,6 +23,12 @@ #include // memcpy/memset +/** + * @brief Function: Crypto_TM_Sanity_Check + * Verify that needed buffers and settings are not null + * @param pTfBuffer: uint8_t* + * @return int32: Success/Failure +**/ int32_t Crypto_TM_Sanity_Check(uint8_t* pTfBuffer) { int32_t status = CRYPTO_LIB_SUCCESS; @@ -43,6 +49,13 @@ int32_t Crypto_TM_Sanity_Check(uint8_t* pTfBuffer) return status; } +/** + * @brief Function: Crypto_TM_Determine_SA_Service_Type + * Determines the service type for Security Association + * @param sa_service_type: uint8_t* + * @param sa_ptr: SecurityAssociation_t* + * @return int32_t: Success/Failure +**/ int32_t Crypto_TM_Determine_SA_Service_Type(uint8_t* sa_service_type, SecurityAssociation_t* sa_ptr) { int32_t status = CRYPTO_LIB_SUCCESS; @@ -74,6 +87,12 @@ int32_t Crypto_TM_Determine_SA_Service_Type(uint8_t* sa_service_type, SecurityAs return status; } +/** + * @brief Function: Crypto_TM_Check_For_Secondary_Header + * Determines if a secondary header exists + * @param pTfBuffer: uint8_t* + * @param idx: uint16_t* +**/ void Crypto_TM_Check_For_Secondary_Header(uint8_t* pTfBuffer, uint16_t* idx) { *idx = 4; @@ -102,6 +121,13 @@ void Crypto_TM_Check_For_Secondary_Header(uint8_t* pTfBuffer, uint16_t* idx) } } +/** + * @brief Function: Crypto_TM_IV_Sanity_Check + * Verifies sanity of IV. Validates IV Values, Ciphers, and Algorithms + * @param sa_service_type: uint8_t* + * @param sa_ptr: SecurityAssociation_t* + * @return int32_t: Success/Failure +**/ int32_t Crypto_TM_IV_Sanity_Check(uint8_t* sa_service_type, SecurityAssociation_t* sa_ptr) { int32_t status = CRYPTO_LIB_SUCCESS; @@ -148,6 +174,14 @@ int32_t Crypto_TM_IV_Sanity_Check(uint8_t* sa_service_type, SecurityAssociation_ return status; } +/** + * @brief Function: Crypto_TM_PKCS_Padding + * Handles pkcs padding as necessary + * @param pkcs_padding: uint32_t* + * @param sa_ptr: SecurityAssociation_t* + * @param pTfBuffer: uint8_t* + * @param idx_p: uint16_t* +**/ void Crypto_TM_PKCS_Padding(uint32_t* pkcs_padding, SecurityAssociation_t* sa_ptr, uint8_t* pTfBuffer, uint16_t* idx_p) { uint16_t idx = *idx_p; @@ -173,6 +207,11 @@ void Crypto_TM_PKCS_Padding(uint32_t* pkcs_padding, SecurityAssociation_t* sa_pt *idx_p = idx; } +/** + * @brief Function: Crypto_TM_Handle_Managed_Parameter_Flags + * Handles pdu length while dealing with ocf/fecf + * @param pdu_len: uint16_t* +**/ void Crypto_TM_Handle_Managed_Parameter_Flags(uint16_t* pdu_len) { if(current_managed_parameters->has_ocf == TM_HAS_OCF) @@ -185,6 +224,14 @@ void Crypto_TM_Handle_Managed_Parameter_Flags(uint16_t* pdu_len) } } +/** + * @brief Function: Crypto_TM_Get_Keys + * Retrieves keys from SA based on ekid/akid. + * @param ekp: crypto_key_t** + * @param akp: crypto_key_t** + * @param sa_ptr: SecurityAssociation_t* + * @return int32_t: Success/Failure +**/ int32_t Crypto_TM_Get_Keys(crypto_key_t** ekp, crypto_key_t** akp, SecurityAssociation_t* sa_ptr) { int32_t status = CRYPTO_LIB_SUCCESS; @@ -204,6 +251,19 @@ int32_t Crypto_TM_Get_Keys(crypto_key_t** ekp, crypto_key_t** akp, SecurityAssoc return status; } +/** + * @brief Function: Crypto_TM_Do_Encrypt_NONPLAINTEXT + * Preps Encryption for Non-plain-text Authentication and Authenticated Encryption + * @param sa_service_type: uint8_t + * @param aad_len: uint16_t* + * @param mac_loc: int* + * @param idx_p: uint16_t* + * @param pdu_len: uint16_t + * @param pTfBuffer: uint8_t* + * @param aad: uint8_t* + * @param sa_ptr: SecurityAssociation_t* + * @return int32_t: Success/Failure +**/ int32_t Crypto_TM_Do_Encrypt_NONPLAINTEXT(uint8_t sa_service_type, uint16_t* aad_len, int* mac_loc, uint16_t* idx_p, uint16_t pdu_len, uint8_t* pTfBuffer, uint8_t* aad, SecurityAssociation_t* sa_ptr) { int32_t status = CRYPTO_LIB_SUCCESS; @@ -247,6 +307,23 @@ int32_t Crypto_TM_Do_Encrypt_NONPLAINTEXT(uint8_t sa_service_type, uint16_t* aad return status; } +/** + * @brief Function: Crypto_TM_Do_Encrypt_NONPLAINTEXT_AEAD_Logic + * Preps Encryption for Non-plain-text Encryption and Authenticated Encryption for AEAD Algorithms + * @param sa_service_type: uint8_t + * @param ecs_is_aead_algorithm: uint8_t + * @param pTfBuffer: uint8_t* + * @param pdu_len: uint16_t + * @param data_loc: uint16_t + * @param ekp: crypto_key_t* + * @param akp: crypto_key_t* + * @param pkcs_padding: uint32_t + * @param mac_loc: int* + * @param aad_len: uint16_t* + * @param aad: uint8_t* + * @param sa_ptr: SecurityAssociation_t* + * @return int32_t: Success/Failure +**/ int32_t Crypto_TM_Do_Encrypt_NONPLAINTEXT_AEAD_Logic(uint8_t sa_service_type, uint8_t ecs_is_aead_algorithm, uint8_t* pTfBuffer, uint16_t pdu_len, uint16_t data_loc, crypto_key_t* ekp, crypto_key_t* akp, uint32_t pkcs_padding, int* mac_loc, uint16_t* aad_len, uint8_t* aad, SecurityAssociation_t* sa_ptr) { int32_t status = CRYPTO_LIB_SUCCESS; @@ -350,6 +427,13 @@ int32_t Crypto_TM_Do_Encrypt_NONPLAINTEXT_AEAD_Logic(uint8_t sa_service_type, ui return status; } +/** + * @brief Function: Crypto_TM_Do_Encrypt_Handle_Increment + * Handles the incrementing of IV and ARSN as necessary + * @param sa_service_type: uint8_t + * @param sa_ptr: SecurityAssociation_t* + * @return int32_t: Success/Failure +**/ int32_t Crypto_TM_Do_Encrypt_Handle_Increment(uint8_t sa_service_type, SecurityAssociation_t* sa_ptr) { int32_t status = CRYPTO_LIB_SUCCESS; @@ -410,6 +494,25 @@ int32_t Crypto_TM_Do_Encrypt_Handle_Increment(uint8_t sa_service_type, SecurityA return status; } +/** + * @brief Function: Crypto_TM_Do_Encrypt + * Parent function for performing TM Encryption + * @param sa_service_type: uint8_t + * @param sa_ptr: SecurityAssociation_t* + * @param aad_len: uint16_t* + * @param mac_loc: int* + * @param idx_p: uint16_t* + * @param pdu_len: uint16_t + * @param pTfBuffer: uint8_t* + * @param aad: uint8_t* + * @param ecs_is_aead_algorithm: uint8_t + * @param data_loc: uint16_t + * @param ekp: crypto_key_t* + * @param akp: crypto_key_t* + * @param pkcs_padding: uint32_t + * @param new_fecf: uint16_t* + * @return int32_t: Success/Failure +**/ int32_t Crypto_TM_Do_Encrypt(uint8_t sa_service_type, SecurityAssociation_t* sa_ptr, uint16_t* aad_len, int* mac_loc, uint16_t* idx_p, uint16_t pdu_len, uint8_t* pTfBuffer, uint8_t* aad, uint8_t ecs_is_aead_algorithm, uint16_t data_loc, crypto_key_t* ekp, crypto_key_t* akp, uint32_t pkcs_padding, uint16_t* new_fecf) { /** @@ -493,6 +596,15 @@ int32_t Crypto_TM_Do_Encrypt(uint8_t sa_service_type, SecurityAssociation_t* sa_ return status; } + +/** + * @brief Function: Crypto_TM_ApplySecurity_Debug_Print + * Simple Debug Print function for TM. Displays + * Data Location, size, and index at end of SPI. OCF Location, FECF Location + * @param idx: uint16_t + * @param pdu_len: uint16_t + * @param sa_ptr: SecurityAssociation_t* +**/ void Crypto_TM_ApplySecurity_Debug_Print(uint16_t idx, uint16_t pdu_len, SecurityAssociation_t* sa_ptr) { #ifdef TM_DEBUG @@ -986,6 +1098,17 @@ int32_t Crypto_TM_ApplySecurity(uint8_t* pTfBuffer) return status; } **/ + +/** + * @brief Function: Crypto_TM_Process_Setup + * Sets up TM Process Security. Verifies ingest length, verifies pointers are not null, + * Retreives managed parameters, validates GVCID, and verifies the presence of Secondary Header + * @param len_ingest: uint16_t + * @param byte_idx: uint16_t* + * @param p_ingest: uint8_t* + * @param secondary_hdr_len: uint8_t* + * @return int32_t: Success/Failure +**/ int32_t Crypto_TM_Process_Setup(uint16_t len_ingest, uint16_t* byte_idx, uint8_t* p_ingest, uint8_t* secondary_hdr_len) { int32_t status = CRYPTO_LIB_SUCCESS; @@ -1080,6 +1203,15 @@ int32_t Crypto_TM_Process_Setup(uint16_t len_ingest, uint16_t* byte_idx, uint8_t return status; } +/** + * @brief Function: Crypto_TM_Determine_Cipher_Mode + * Determines Cipher mode and Algorithm type + * @param sa_service_type: uint8_t + * @param sa_ptr: SecurityAssociation_t* + * @param encryption_cipher: uint32_t* + * @param ecs_is_aead_algorithm: uint8_t* + * @return int32_t: Success/Failure +**/ int32_t Crypto_TM_Determine_Cipher_Mode(uint8_t sa_service_type, SecurityAssociation_t* sa_ptr, uint32_t* encryption_cipher, uint8_t* ecs_is_aead_algorithm) { int32_t status = CRYPTO_LIB_SUCCESS; @@ -1110,6 +1242,13 @@ int32_t Crypto_TM_Determine_Cipher_Mode(uint8_t sa_service_type, SecurityAssocia return status; } +/** + * @brief Function: Crypto_TM_FECF_Setup + * Handles FECF Calculations, Verification, and Setup + * @param p_ingest: uint8_t* + * @param len_ingest: uint16_t + * @return int32_t: Success/Failure +**/ int32_t Crypto_TM_FECF_Setup(uint8_t* p_ingest, uint16_t len_ingest) { int32_t status = CRYPTO_LIB_SUCCESS; @@ -1159,6 +1298,18 @@ int32_t Crypto_TM_FECF_Setup(uint8_t* p_ingest, uint16_t len_ingest) return status; } +/** + * @brief Function: Crypto_TM_Parse_Mac_Prep_AAD + * Parses TM MAC, and calls AAD Prep functionality + * @param sa_service_type: uint8_t + * @param p_ingest: uint8_t* + * @param mac_loc: int + * @param sa_ptr: SecurityAssociation_t* + * @param aad_len: uint16_t* + * @param byte_idx: uint16_t + * @param aad: uint8_t* + * @return int32_t: Success/Failure +**/ int32_t Crypto_TM_Parse_Mac_Prep_AAD(uint8_t sa_service_type, uint8_t* p_ingest, int mac_loc, SecurityAssociation_t* sa_ptr, uint16_t* aad_len, uint16_t byte_idx, uint8_t* aad) { int32_t status = CRYPTO_LIB_SUCCESS; @@ -1203,6 +1354,22 @@ int32_t Crypto_TM_Parse_Mac_Prep_AAD(uint8_t sa_service_type, uint8_t* p_ingest, return status; } +/** + * @brief Function: Crypto_TM_Do_Decrypt_AEAD + * Performs decryption on AEAD Authentication, Encryption, and Authenticated Encryption + * @param sa_service_type: uint8_t + * @param p_ingest: uint8_t* + * @param p_new_dec_frame: uint8_t* + * @param byte_idx: uint16_t + * @param pdu_len: uint16_t + * @param ekp: crypto_key_t* + * @param sa_ptr: SecurityAssociation_t* + * @param iv_loc: uint8_t + * @param mac_loc: int + * @param aad_len: uint16_t + * @param aad: uint8_t* + * @return int32_t: Success/Failure +*/ int32_t Crypto_TM_Do_Decrypt_AEAD(uint8_t sa_service_type, uint8_t* p_ingest, uint8_t* p_new_dec_frame, uint16_t byte_idx, uint16_t pdu_len, crypto_key_t* ekp, SecurityAssociation_t* sa_ptr, uint8_t iv_loc, int mac_loc, uint16_t aad_len, uint8_t* aad) { int32_t status = CRYPTO_LIB_SUCCESS; @@ -1246,6 +1413,23 @@ int32_t Crypto_TM_Do_Decrypt_AEAD(uint8_t sa_service_type, uint8_t* p_ingest, ui return status; } +/** + * @brief Function: Crypto_TM_Do_Decrypt_NONAEAD + * Performs decryption on NON AEAD Encryption and Authenticated Encryption + * @param sa_service_type: uint8_t + * @param pdu_len: uint16_t + * @param p_new_dec_frame: uint8_t* + * @param byte_idx: uint16_t + * @param p_ingest: uint8_t* + * @param akp: crypto_key_t* + * @param ekp: crypto_key_t* + * @param sa_ptr: SecurityAssociation_t* + * @param iv_loc: uint8_t + * @param mac_loc: int + * @param aad_len: uint16_t + * @param aad: uint8_t + * @return int32_t: Success/Failure +*/ int32_t Crypto_TM_Do_Decrypt_NONAEAD(uint8_t sa_service_type, uint16_t pdu_len, uint8_t* p_new_dec_frame, uint16_t byte_idx, uint8_t* p_ingest, crypto_key_t* akp, crypto_key_t* ekp, SecurityAssociation_t* sa_ptr, uint8_t iv_loc, int mac_loc, uint16_t aad_len, uint8_t* aad) { int32_t status = CRYPTO_LIB_SUCCESS; @@ -1312,6 +1496,15 @@ int32_t Crypto_TM_Do_Decrypt_NONAEAD(uint8_t sa_service_type, uint16_t pdu_len, return status; } +/** + * @brief Function: Crypto_TM_Calc_PDU_MAC + * Calculates the PDU MAC + * @param pdu_len: uint16_t* + * @param byte_idx: uint16_t + * @param sa_ptr: SecurityAssociation_t* + * @param mac_loc: int* + * @return int32_t: Success/Failure +*/ void Crypto_TM_Calc_PDU_MAC(uint16_t* pdu_len, uint16_t byte_idx, SecurityAssociation_t* sa_ptr, int* mac_loc) { *pdu_len = current_managed_parameters->max_frame_size - (byte_idx) - sa_ptr->stmacf_len; @@ -1331,6 +1524,26 @@ void Crypto_TM_Calc_PDU_MAC(uint16_t* pdu_len, uint16_t byte_idx, SecurityAssoci } } +/** + * @brief Function: Crypto_TM_Do_Decrypt + * Parent TM Decryption Functionality + * @param sa_service_type: uint8_t + * @param sa_ptr: SecurityAssociation_t* + * @param ecs_is_aead_algorithm: uint8_t + * @param byte_idx: uint16_t + * @param p_new_dec_frame: uint8_t* + * @param pdu_len: uint16_t + * @param p_ingest: uint8_t* + * @param ekp: crypto_key_t* + * @param akp: crypto_key_t* + * @param iv_loc: uint8_t + * @param mac_loc: int + * @param aad_len: uint16_t + * @param aad: uint8_t* + * @param pp_processed_frame: uint8_t** + * @param p_decrypted_length: uint16_t* + * @return int32_t: Success/Failure +*/ int32_t Crypto_TM_Do_Decrypt(uint8_t sa_service_type, SecurityAssociation_t* sa_ptr, uint8_t ecs_is_aead_algorithm, uint16_t byte_idx, uint8_t* p_new_dec_frame, uint16_t pdu_len, uint8_t* p_ingest, crypto_key_t* ekp, crypto_key_t* akp, uint8_t iv_loc, int mac_loc, uint16_t aad_len, uint8_t* aad, uint8_t** pp_processed_frame, uint16_t* p_decrypted_length) { int32_t status = CRYPTO_LIB_SUCCESS; @@ -1381,6 +1594,14 @@ int32_t Crypto_TM_Do_Decrypt(uint8_t sa_service_type, SecurityAssociation_t* sa_ return status; } +/** + * @brief Function: Crypto_TM_Process_Debug_Print + * TM Process Helper Debug Print + * Displays Index/data location start, Data Size, OCF Location, FECF Location + * @param byte_idx: uint16_t + * @param pdu_len: uint16_t + * @param sa_ptr: SecurityAssociation_t* +*/ void Crypto_TM_Process_Debug_Print(uint16_t byte_idx, uint16_t pdu_len, SecurityAssociation_t* sa_ptr) { #ifdef TM_DEBUG From 826c275a15472b63f3a90d573acc93984213814b Mon Sep 17 00:00:00 2001 From: Robert Brown Date: Wed, 3 Apr 2024 17:44:44 +0000 Subject: [PATCH 041/174] [nasa/cryptolib#231][nasa/cryptolib#230] Unused Variable Fix --- src/core/crypto_tm.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/core/crypto_tm.c b/src/core/crypto_tm.c index 4f63c44f..9dd592b1 100644 --- a/src/core/crypto_tm.c +++ b/src/core/crypto_tm.c @@ -607,6 +607,11 @@ int32_t Crypto_TM_Do_Encrypt(uint8_t sa_service_type, SecurityAssociation_t* sa_ **/ void Crypto_TM_ApplySecurity_Debug_Print(uint16_t idx, uint16_t pdu_len, SecurityAssociation_t* sa_ptr) { + // Fix to ignore warnings + idx = idx; + pdu_len = pdu_len; + sa_ptr = sa_ptr; + #ifdef TM_DEBUG printf(KYEL "Data location starts at: %d\n" RESET, idx); printf(KYEL "Data size is: %d\n" RESET, pdu_len); @@ -1604,6 +1609,10 @@ int32_t Crypto_TM_Do_Decrypt(uint8_t sa_service_type, SecurityAssociation_t* sa_ */ void Crypto_TM_Process_Debug_Print(uint16_t byte_idx, uint16_t pdu_len, SecurityAssociation_t* sa_ptr) { + // Fix for variable warnings + byte_idx = byte_idx; + pdu_len = pdu_len; + sa_ptr = sa_ptr; #ifdef TM_DEBUG printf(KYEL "Index / data location starts at: %d\n" RESET, byte_idx); printf(KYEL "Data size is: %d\n" RESET, pdu_len); From 6588b7985baf4b20bde38929724166112f40224d Mon Sep 17 00:00:00 2001 From: Robert Brown Date: Thu, 4 Apr 2024 15:56:21 +0000 Subject: [PATCH 042/174] [nasa/cryptolib#230] Pull request fixes. Single return statements. --- src/core/crypto_tm.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/core/crypto_tm.c b/src/core/crypto_tm.c index 9dd592b1..e7598ed1 100644 --- a/src/core/crypto_tm.c +++ b/src/core/crypto_tm.c @@ -35,16 +35,14 @@ int32_t Crypto_TM_Sanity_Check(uint8_t* pTfBuffer) // Passed a null, return an error if (!pTfBuffer) { - return CRYPTO_LIB_ERR_NULL_BUFFER; - return status; + status = CRYPTO_LIB_ERR_NULL_BUFFER; } - if ((crypto_config.init_status == UNITIALIZED) || (mc_if == NULL) || (sa_if == NULL)) + if ((status == CRYPTO_LIB_SUCCESS) && ((crypto_config.init_status == UNITIALIZED) || (mc_if == NULL) || (sa_if == NULL))) { printf(KRED "ERROR: CryptoLib Configuration Not Set! -- CRYPTO_LIB_ERR_NO_CONFIG, Will Exit\n" RESET); status = CRYPTO_LIB_ERR_NO_CONFIG; // Can't mc_log since it's not configured - return status; // return immediately so a NULL crypto_config is not dereferenced later } return status; } @@ -81,8 +79,10 @@ int32_t Crypto_TM_Determine_SA_Service_Type(uint8_t* sa_service_type, SecurityAs // Leaving for now as it would be cleaner in SA to have an association enum returned I believe printf(KRED "Error: SA Service Type is not defined! \n" RESET); status = CRYPTO_LIB_ERROR; + } + if(status != CRYPTO_LIB_SUCCESS) + { mc_if->mc_log(status); - return status; } return status; } From f62cf1b428016cbf33c66fe8875bbb2cff369dd4 Mon Sep 17 00:00:00 2001 From: "Lucas, John P" Date: Mon, 15 Apr 2024 20:59:41 -0400 Subject: [PATCH 043/174] [nasa/nos3#202] Updated header_length to include additional fields currently in use by default SA (+40) and omitted other packets during TM SPP processing; --- support/standalone/standalone.c | 30 ++++++++++++++++++------------ 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/support/standalone/standalone.c b/support/standalone/standalone.c index 413311b5..6eb4ba70 100644 --- a/support/standalone/standalone.c +++ b/support/standalone/standalone.c @@ -452,7 +452,7 @@ void crypto_standalone_tm_frame(uint8_t* in_data, uint16_t in_length, uint8_t* o } // Calculate security headers and trailers - uint8_t header_length = 6 + 2 + sa_ptr->shivf_len + sa_ptr->shplf_len + sa_ptr->shsnf_len; + uint8_t header_length = 6 + 2 + sa_ptr->shivf_len + sa_ptr->shplf_len + sa_ptr->shsnf_len + 40; // TODO: Why +40? uint8_t trailer_length = sa_ptr->stmacf_len; if (current_managed_parameters->has_fecf == TM_HAS_FECF) { @@ -495,7 +495,7 @@ void* crypto_standalone_tm_process(void* socks) tm_process_len = status; if (tm_debug == 1) { - printf("crypto_standalone_tm_process - received[%d]: 0x", tm_process_len); + printf("crypto_standalone_tm_process: 0 - received[%d]: 0x", tm_process_len); for (int i = 0; i < status; i++) { printf("%02x", tm_process_in[i]); @@ -534,7 +534,7 @@ void* crypto_standalone_tm_process(void* socks) } else { - printf("crypto_standalone_tm_process - status = %d, decrypted[%d]: 0x", status, tm_out_len); + printf("crypto_standalone_tm_process: 1 - status = %d, decrypted[%d]: 0x", status, tm_out_len); for (int i = 0; i < tm_out_len; i++) { printf("%02x", tm_ptr[i]); @@ -560,7 +560,7 @@ void* crypto_standalone_tm_process(void* socks) if (tm_debug == 1) // Note: Need logic to allow broken packet assembly { - printf("crypto_standalone_tm_process - beginning after first header pointer - deframed[%d]: 0x", tm_process_len); + printf("crypto_standalone_tm_process: 2 - beginning after first header pointer - deframed[%d]: 0x", tm_process_len); for (int i = 0; i < tm_process_len; i++) { printf("%02x", tm_framed[i]); @@ -588,7 +588,7 @@ void* crypto_standalone_tm_process(void* socks) // Send all SPP telemetry packets if (tm_ptr[0] == 0x08) { - status = sendto(tm_write_sock->sockfd, tm_ptr, spp_len, 0, (struct sockaddr*)&tm_write_sock->ip_address, sockaddr_size); + status = sendto(tm_write_sock->sockfd, tm_ptr, spp_len, 0, (struct sockaddr*)&tm_write_sock->saddr, sizeof(tm_write_sock->saddr)); } // Only send idle packets if configured to do so else @@ -597,7 +597,7 @@ void* crypto_standalone_tm_process(void* socks) // Don't forward idle packets status = spp_len; #else - status = sendto(tm_write_sock->sockfd, tm_ptr, spp_len, 0, (struct sockaddr*)&m_write_sock->ip_address, sockaddr_size); + status = sendto(tm_write_sock->sockfd, tm_ptr, spp_len, 0, (struct sockaddr*)&tm_write_sock->saddr, sizeof(tm_write_sock->saddr)); #endif } @@ -609,7 +609,11 @@ void* crypto_standalone_tm_process(void* socks) tm_ptr = &tm_ptr[spp_len]; tm_process_len = tm_process_len - spp_len; } - else if (tm_ptr[0] == 0xff && tm_ptr[1] == 0x48) + else if ((tm_ptr[0] == 0xFF && tm_ptr[1] == 0x48) || + (tm_ptr[0] == 0x00 && tm_ptr[1] == 0x00) || + (tm_ptr[0] == 0x02 && tm_ptr[1] == 0x00) || + (tm_ptr[0] == 0xFF && tm_ptr[1] == 0xFF)) + // TODO: Why 0x0200? { // Idle Frame // Idle Frame is entire length of remaining data @@ -617,7 +621,7 @@ void* crypto_standalone_tm_process(void* socks) // Don't forward idle frame status = spp_len; #else - status = sendto(tm_write_sock->sockfd, tm_ptr, tm_process_len, 0, (struct sockaddr*)&tm_write_sock->ip_address, sockaddr_size); + status = sendto(tm_write_sock->sockfd, tm_ptr, spp_len, 0, (struct sockaddr*)&tm_write_sock->saddr, sizeof(tm_write_sock->saddr)); if ((status == -1) || (status != spp_len)) { printf("crypto_standalone_tm_process - Reply error %d \n", status); @@ -699,8 +703,13 @@ int main(int argc, char* argv[]) printf(" Expected zero but received: %s \n", argv[1]); } + /* Catch CTRL+C */ + signal(SIGINT, crypto_standalone_cleanup); + /* Startup delay */ - sleep(5); + sleep(10); + //printf("Press enter once ground software has finished initializing...\n"); + //fgets(input_buf, CRYPTO_MAX_INPUT_BUF, stdin); /* Initialize CryptoLib */ status = crypto_reset(); @@ -749,9 +758,6 @@ int main(int argc, char* argv[]) } } - /* Catch CTRL+C */ - signal(SIGINT, crypto_standalone_cleanup); - /* Start threads */ if (keepRunning == CRYPTO_LIB_SUCCESS) { From 393b621486a5dcd9474065bfb39e88c77099f21f Mon Sep 17 00:00:00 2001 From: "Lucas, John P" Date: Wed, 24 Apr 2024 20:19:23 -0400 Subject: [PATCH 044/174] [nasa/nos3#202] Removed badFECF option - likely was getting set due to an issue elsewhere; --- src/core/crypto.c | 8 ++++---- support/standalone/standalone.c | 8 +------- 2 files changed, 5 insertions(+), 11 deletions(-) diff --git a/src/core/crypto.c b/src/core/crypto.c index 528ece0c..d571e0ea 100644 --- a/src/core/crypto.c +++ b/src/core/crypto.c @@ -349,10 +349,10 @@ uint16_t Crypto_Calc_FECF(const uint8_t* ingest, int len_ingest) } } // Check if Testing - if (badFECF == 1) - { - fecf++; - } + //if (badFECF == 1) + //{ + // fecf++; + //} #ifdef FECF_DEBUG int x; diff --git a/support/standalone/standalone.c b/support/standalone/standalone.c index 6eb4ba70..e6fb264f 100644 --- a/support/standalone/standalone.c +++ b/support/standalone/standalone.c @@ -343,7 +343,6 @@ void *crypto_standalone_tc_apply(void* socks) uint16_t tc_in_len = 0; uint8_t* tc_out_ptr; uint16_t tc_out_len = 0; - uint16_t fecf; #ifdef CRYPTO_STANDALONE_HANDLE_FRAMING uint8_t tc_framed[TC_MAX_FRAME_SIZE]; @@ -392,11 +391,6 @@ void *crypto_standalone_tc_apply(void* socks) status = Crypto_TC_ApplySecurity(tc_apply_in, tc_in_len, &tc_out_ptr, &tc_out_len); if (status == CRYPTO_LIB_SUCCESS) { - /* Calculate FECF */ - fecf = Crypto_Calc_FECF(tc_out_ptr, tc_out_len - 2); - tc_out_ptr[tc_out_len - 2] = (uint8_t)((fecf & 0xFF00) >> 8); - tc_out_ptr[tc_out_len - 1] = (uint8_t)(fecf & 0x00FF); - if (tc_debug == 1) { printf("crypto_standalone_tc_apply - status = %d, encrypted[%d]: 0x", status, tc_out_len); @@ -416,7 +410,7 @@ void *crypto_standalone_tc_apply(void* socks) } else { - printf("crypto_standalone_tc_apply - AppySecurity error %d \n", status); + printf("crypto_standalone_tc_apply - ApplySecurity error %d \n", status); } /* Reset */ From 3bab2d38d8cb46e71747a7543aaf0ab3b6814789 Mon Sep 17 00:00:00 2001 From: Robert Brown Date: Thu, 25 Apr 2024 14:35:21 +0000 Subject: [PATCH 045/174] [nasa/cryptolib#77]Working Save and Load - TODO: Validate Unit tests --- CMakeLists.txt | 5 + include/crypto_error.h | 2 + src/core/crypto_error.c | 2 + .../internal/sa_interface_inmemory.template.c | 175 ++++++++++++++++-- support/scripts/build_internal.sh | 2 +- 5 files changed, 173 insertions(+), 13 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 4a9b79b3..db6f8076 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -41,6 +41,7 @@ option(SUPPORT "Support" OFF) option(SYSTEM_INSTALL "SystemInstall" OFF) option(TEST "Test" OFF) option(TEST_ENC "Tests - Encryption" OFF) +option(SA_FILE "Save Security Association to File" OFF) OPTION(KMC_MDB_RH "KMC-MDB-RedHat-Integration-Testing" OFF) #Disabled by default, enable with: -DKMC_MDB_RH=ON OPTION(KMC_MDB_DB "KMC-MDB-Debian-Integration-Testing" OFF) #Disabled by default, enable with: -DKMC_MDB_DB=ON @@ -53,6 +54,10 @@ if(CODECOV) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fprofile-arcs -ftest-coverage") endif() +if(SA_FILE) + add_definitions(-DSA_FILE) +endif() + if(DEBUG) add_definitions(-DDEBUG -DOCF_DEBUG -DFECF_DEBUG -DSA_DEBUG -DPDU_DEBUG -DCCSDS_DEBUG -DTC_DEBUG -DMAC_DEBUG -DTM_DEBUG -DAOS_DEBUG) add_compile_options(-ggdb) diff --git a/include/crypto_error.h b/include/crypto_error.h index 63e0c71d..2f7e213f 100644 --- a/include/crypto_error.h +++ b/include/crypto_error.h @@ -121,6 +121,8 @@ #define CRYPTO_LIB_ERR_INPUT_FRAME_TOO_SHORT_FOR_AOS_STANDARD (-49) #define CRYPTO_LIB_ERR_TC_ENUM_USED_FOR_AOS_CONFIG (-50) #define CRYPTO_LIB_ERR_INVALID_SA_SERVICE_TYPE (-51) +#define CRYPTO_LIB_ERR_FAIL_SA_SAVE (-52) +#define CRYPTO_LIB_ERR_FAIL_SA_LOAD (-53) extern char *crypto_enum_errlist_core[]; extern char *crypto_enum_errlist_config[]; diff --git a/src/core/crypto_error.c b/src/core/crypto_error.c index 4ced95a9..6894eac1 100644 --- a/src/core/crypto_error.c +++ b/src/core/crypto_error.c @@ -73,6 +73,8 @@ char *crypto_enum_errlist_core[] = (char*) "CRYPTO_LIB_ERR_INPUT_FRAME_TOO_SHORT_FOR_AOS_STANDARD", (char*) "CRYPTO_LIB_ERR_TC_ENUM_USED_FOR_AOS_CONFIG", (char*) "CRYPTO_LIB_ERR_INVALID_SA_SERVICE_TYPE", + (char*) "CRYPTO_LIB_ERR_FAIL_SA_SAVE", + (char*) "CRYPTO_LIB_ERR_FAIL_SA_LOAD", }; char *crypto_enum_errlist_config[] = diff --git a/src/sa/internal/sa_interface_inmemory.template.c b/src/sa/internal/sa_interface_inmemory.template.c index 7e129e5c..f886a010 100644 --- a/src/sa/internal/sa_interface_inmemory.template.c +++ b/src/sa/internal/sa_interface_inmemory.template.c @@ -13,6 +13,8 @@ */ #include "crypto.h" +#include +#include // Security Association Initialization Functions static int32_t sa_config(void); @@ -64,17 +66,74 @@ SaInterface get_sa_interface_inmemory(void) return &sa_if_struct; } -/** - * @brief Function; sa_config - * @return int32: Success/Failure - **/ -int32_t sa_config(void) +int32_t sa_load_file() { + FILE *sa_save_file; int32_t status = CRYPTO_LIB_SUCCESS; + int success_flag = 0; + + sa_save_file = fopen("sa_save_file.bin", "rb+"); // Should this be rb instead of wb+ + + if (sa_save_file == NULL) + { + printf("Unable to open sa_save_file!\n"); + status = CRYPTO_LIB_ERR_FAIL_SA_LOAD; + } + else{ + printf("Opened sa_save_file successfully!\n"); + } + if( status == CRYPTO_LIB_SUCCESS) + { + //sa[0].spi = 999; + //sa[1].spi = 888; + printf("TEST: SA: SPI0: %d\n", sa[0].spi); + printf("TEST: SA: SPI1: %d\n", sa[1].spi); + printf("TEST: SA: SPI2: %d\n", sa[2].spi); + printf("TEST: SA: SPI3: %d\n", sa[3].spi); + printf("TEST: SA: SPI17: %d\n", sa[17].spi); + success_flag = fread(sa, SA_SIZE, NUM_SA, sa_save_file); + printf("TEST: SA: SPI0: %d\n", sa[0].spi); + printf("TEST: SA: SPI1: %d\n", sa[1].spi); + printf("TEST: SA: SPI2: %d\n", sa[2].spi); + printf("TEST: SA: SPI3: %d\n", sa[3].spi); + printf("TEST: SA: SPI17: %d\n", sa[17].spi); + if(success_flag) + { + status = CRYPTO_LIB_SUCCESS; +//#ifdef SA_DEBUG + printf("SA Load Successfull!\n"); +//#endif + } + else + { + printf("Status Flag: %d\n", success_flag); + status = CRYPTO_LIB_ERR_FAIL_SA_LOAD; +//#ifdef SA_DEBUG + printf("SA Load Failure!\n"); +//#endif + } + } + + if(sa_save_file != NULL) fclose(sa_save_file); + return status; +} + +void sa_populate(void) +{ + sa[0].spi = 0; + sa[0].sa_state = SA_OPERATIONAL; + sa[0].est = 0; + sa[0].ast = 0; + sa[0].shivf_len = 0; + sa[0].shsnf_len = 2; + sa[0].arsn_len = 2; + sa[0].arsnw_len = 1; + sa[0].arsnw = 5; + sa[0].gvcid_blk.tfvn = 0; + sa[0].gvcid_blk.scid = SCID & 0x3FF; + sa[0].gvcid_blk.vcid = 0; + sa[0].gvcid_blk.mapid = TYPE_TC; - // Security Associations - // SA 1 - CLEAR MODE - // SA 1 VC0/1 is now SA 1-VC0, SA 8-VC1 sa[1].spi = 1; sa[1].sa_state = SA_OPERATIONAL; sa[1].est = 0; @@ -247,7 +306,7 @@ int32_t sa_config(void) sa[10].gvcid_blk.vcid = 1; sa[10].gvcid_blk.mapid = TYPE_TC; sa[10].ek_ref = (char*) "kmc/test/key130"; - + // SA 11 - KEYED; ARSNW:5; AES-GCM; IV:00...00; IV-len:12; MAC-len:16; Key-ID: 130 // SA 11 VC0/1 is now 4-VC0, 7-VC1 sa[11].spi = 11; @@ -375,7 +434,41 @@ int32_t sa_config(void) sa[17].gvcid_blk.tfvn = 0x01; sa[17].gvcid_blk.scid = SCID & 0x3FF; sa[17].gvcid_blk.vcid = 0; +} + +/** + * @brief Function; sa_config + * @return int32: Success/Failure + **/ +int32_t sa_config(void) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + int use_internal = 1; + +#ifdef SA_FILE + use_internal = 0; + status = sa_load_file(); + if (status != CRYPTO_LIB_SUCCESS) //Do we error out here, or is it ok to do as below and populate with internal on failure. + { + #ifdef DEBUG + printf("SA Load Failure!\n"); + printf("Falling back to in-memory SA!\n"); + sa_populate(); + status = CRYPTO_LIB_SUCCESS; + #endif + } +#endif + + if(use_internal) + { + sa_populate(); + } + + + // Security Associations + // SA 1 - CLEAR MODE + // SA 1 VC0/1 is now SA 1-VC0, SA 8-VC1 return status; } @@ -677,17 +770,75 @@ static int32_t sa_get_operational_sa_from_gvcid(uint8_t tfvn, uint16_t scid, uin return status; } -// TODO: Nothing actually happens here + +int32_t sa_perform_save(SecurityAssociation_t* sa) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + FILE* sa_save_file; + int success_flag = 0; + //SecurityAssociation_t sa_temp[NUM_SA]; + + // sa_temp[1].spi = 5; + // memcpy(sa_temp, sa, sizeof(*sa)); + + // printf("*******************TEST: SA2: %d\n", sa_temp[1].spi); + + sa_save_file = fopen("sa_save_file.bin", "wb"); + + if (sa_save_file == NULL) + { + status = CRYPTO_LIB_ERR_FAIL_SA_SAVE; + } + + if(status == CRYPTO_LIB_SUCCESS) + { + success_flag = fwrite(sa, SA_SIZE, NUM_SA, sa_save_file); + + if(success_flag) + { + status = CRYPTO_LIB_SUCCESS; + +//#ifdef DEBUG + printf("SA Written Successfull to file!\n"); +//#endif + + + } + else + { + status = CRYPTO_LIB_ERR_FAIL_SA_SAVE; +//#ifdef DEBUG + printf("ERROR: SA Write FAILED!\n"); +//#endif + } + } + fclose(sa_save_file); + + return status; +} + /** * @brief Function: sa_save_sa * @param sa: SecurityAssociation_t* * @return int32: Success/Failure - * @note Nothing currently actually happens in this function **/ static int32_t sa_save_sa(SecurityAssociation_t* sa) { + // if locked - wait. + // else get lock - lock, and do the below + // if immediate: always do TC_SH_SIZE + // if deferred: counter > X ? Reset Counter, perform save. + // size_t fwrite(variable, sizeof(variable), num elements, outfile); + // size_t fread(variable, sizeof(variable), num elements, infile) int32_t status = CRYPTO_LIB_SUCCESS; - sa = sa; // TODO - use argument + int ignore_save = 1; + +#ifdef SA_FILE + status = sa_perform_save(sa); + ignore_save = 0; +#endif + if (ignore_save) sa = sa; // TODO - use argument + // We could do a memory copy of the SA into the sa[NUM_SA] array at the given SPI, however, the inmemory code // currently updates in place so no need for that. // If we change the in-place update logic, we should update this function to actually update the SA. diff --git a/support/scripts/build_internal.sh b/support/scripts/build_internal.sh index 4414329a..c6e326f2 100755 --- a/support/scripts/build_internal.sh +++ b/support/scripts/build_internal.sh @@ -9,4 +9,4 @@ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) source $SCRIPT_DIR/env.sh -cmake $BASE_DIR -DCODECOV=1 -DDEBUG=1 -DMC_INTERNAL=1 -DTEST=1 -DTEST_ENC=1 && make && make test +cmake $BASE_DIR -DCODECOV=1 -DDEBUG=1 -DMC_INTERNAL=1 -DTEST=1 -DTEST_ENC=1 -DSA_FILE=1 && make && make test From 6a36c881618b0b91bcdf47ddf62d5f963ce89bf2 Mon Sep 17 00:00:00 2001 From: Robert Brown Date: Mon, 29 Apr 2024 19:37:26 +0000 Subject: [PATCH 046/174] [nasa/cryptolib#77] SA_Save, Unit Tests, UTest Updates, Debug Print Bug --- include/crypto.h | 3 + src/core/crypto_print.c | 6 +- .../internal/sa_interface_inmemory.template.c | 303 +++---- test/CMakeLists.txt | 4 + test/include/ut_sa_save.h | 35 + test/unit/et_dt_validation.c | 31 + test/unit/ut_aos_apply.c | 11 + test/unit/ut_aos_process.c | 12 + test/unit/ut_crypto.c | 8 + test/unit/ut_crypto_config.c | 6 + test/unit/ut_crypto_mc.c | 7 + test/unit/ut_sa_save.c | 760 ++++++++++++++++++ test/unit/ut_tc_apply.c | 39 +- test/unit/ut_tc_process.c | 10 + test/unit/ut_tm_apply.c | 15 + test/unit/ut_tm_process.c | 13 + 16 files changed, 1120 insertions(+), 143 deletions(-) create mode 100644 test/include/ut_sa_save.h create mode 100644 test/unit/ut_sa_save.c diff --git a/include/crypto.h b/include/crypto.h index 1c897fb0..2fcec8bc 100644 --- a/include/crypto.h +++ b/include/crypto.h @@ -230,6 +230,9 @@ int32_t Crypto_User_ModifyKey(void); int32_t Crypto_User_ModifyActiveTM(void); int32_t Crypto_User_ModifyVCID(void); +// SA Save Functions +int32_t sa_perform_save(SecurityAssociation_t* sa); + // Determine Payload Data Unit int32_t Crypto_Process_Extended_Procedure_Pdu(TC_t* tc_sdls_processed_frame, uint8_t* ingest); int32_t Crypto_PDU(uint8_t* ingest, TC_t* tc_frame); diff --git a/src/core/crypto_print.c b/src/core/crypto_print.c index cd3334c2..c58aac00 100644 --- a/src/core/crypto_print.c +++ b/src/core/crypto_print.c @@ -209,10 +209,10 @@ void Crypto_saPrint(SecurityAssociation_t* sa) } } printf("\t ekid = %d \n", sa->ekid); - printf("\t ek_ref = %s \n", sa->ek_ref); + //printf("\t ek_ref = %s \n", sa->ek_ref); printf("\t akid = %d \n", sa->akid); - printf("\t ak_ref = %s \n", sa->ak_ref); - printf("\t iv_len = %d \n", sa->shivf_len); + //printf("\t ak_ref = %s \n", sa->ak_ref); + printf("\t iv_len = %d \n", sa->iv_len); if (sa->iv_len > 0) { for (i = 0; i < sa->iv_len; i++) diff --git a/src/sa/internal/sa_interface_inmemory.template.c b/src/sa/internal/sa_interface_inmemory.template.c index f886a010..13cd9148 100644 --- a/src/sa/internal/sa_interface_inmemory.template.c +++ b/src/sa/internal/sa_interface_inmemory.template.c @@ -84,19 +84,7 @@ int32_t sa_load_file() } if( status == CRYPTO_LIB_SUCCESS) { - //sa[0].spi = 999; - //sa[1].spi = 888; - printf("TEST: SA: SPI0: %d\n", sa[0].spi); - printf("TEST: SA: SPI1: %d\n", sa[1].spi); - printf("TEST: SA: SPI2: %d\n", sa[2].spi); - printf("TEST: SA: SPI3: %d\n", sa[3].spi); - printf("TEST: SA: SPI17: %d\n", sa[17].spi); - success_flag = fread(sa, SA_SIZE, NUM_SA, sa_save_file); - printf("TEST: SA: SPI0: %d\n", sa[0].spi); - printf("TEST: SA: SPI1: %d\n", sa[1].spi); - printf("TEST: SA: SPI2: %d\n", sa[2].spi); - printf("TEST: SA: SPI3: %d\n", sa[3].spi); - printf("TEST: SA: SPI17: %d\n", sa[17].spi); + success_flag = fread(&sa[0], SA_SIZE, NUM_SA, sa_save_file); if(success_flag) { status = CRYPTO_LIB_SUCCESS; @@ -118,20 +106,126 @@ int32_t sa_load_file() return status; } + +void update_sa_from_ptr(SecurityAssociation_t* sa_ptr) +{ + int location = sa_ptr->spi; + sa[location].spi = sa_ptr->spi; + sa[location].ekid = sa_ptr->ekid; + sa[location].akid = sa_ptr->akid; + sa[location].ek_ref = sa_ptr->ek_ref; + sa[location].ak_ref = sa_ptr->ak_ref; + sa[location].sa_state = sa_ptr->sa_state; + sa[location].gvcid_blk = sa_ptr->gvcid_blk; + sa[location].lpid = sa_ptr->lpid; + sa[location].est = sa_ptr->est; + sa[location].ast = sa_ptr->ast; + sa[location].shivf_len = sa_ptr->shivf_len; + sa[location].shsnf_len = sa_ptr->shsnf_len; + sa[location].shplf_len = sa_ptr->shplf_len; + sa[location].stmacf_len = sa_ptr->stmacf_len; + sa[location].ecs = sa_ptr->ecs; + sa[location].ecs_len = sa_ptr->ecs_len; + for(int i = 0; iiv_len; i++) + { + sa[location].iv[i] = sa_ptr->iv[i]; + } + //sa[location].iv[0] = sa_ptr->iv; + sa[location].iv_len = sa_ptr->iv_len; + sa[location].acs_len = sa_ptr->acs_len; + sa[location].acs = sa_ptr->acs; + sa[location].abm_len = sa_ptr->abm_len; + for(int i = 0; iabm_len; i++) + { + sa[location].abm[i] = sa_ptr->abm[i]; + } + //sa[location].abm[0] = sa_ptr->abm; + sa[location].arsn_len = sa_ptr->arsn_len; + for(int i = 0; iarsn_len; i++) + { + sa[location].arsn[i] = sa_ptr->arsn[i]; + } + //sa[location].arsn[0] = sa_ptr->arsn; + sa[location].arsnw_len = sa_ptr->arsnw_len; + sa[location].arsnw = sa_ptr->arsnw; +} + +int32_t sa_perform_save(SecurityAssociation_t* sa_ptr) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + FILE* sa_save_file; + int success_flag = 0; + + update_sa_from_ptr(sa_ptr); + + sa_save_file = fopen("sa_save_file.bin", "wb"); + + if (sa_save_file == NULL) + { + status = CRYPTO_LIB_ERR_FAIL_SA_SAVE; + } + + if(status == CRYPTO_LIB_SUCCESS) + { + success_flag = fwrite(sa, SA_SIZE, NUM_SA, sa_save_file); + + if(success_flag) + { + status = CRYPTO_LIB_SUCCESS; + +//#ifdef DEBUG + printf("SA Written Successfull to file!\n"); +//#endif + } + else + { + status = CRYPTO_LIB_ERR_FAIL_SA_SAVE; +//#ifdef DEBUG + printf("ERROR: SA Write FAILED!\n"); +//#endif + } + } + fclose(sa_save_file); + + return status; +} + +/** + * @brief Function: sa_save_sa + * @param sa: SecurityAssociation_t* + * @return int32: Success/Failure + **/ +static int32_t sa_save_sa(SecurityAssociation_t* sa) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + int ignore_save = 1; + +#ifdef SA_FILE + status = sa_perform_save(sa); + ignore_save = 0; +#endif + if (ignore_save) sa = sa; // TODO - use argument + + // We could do a memory copy of the SA into the sa[NUM_SA] array at the given SPI, however, the inmemory code + // currently updates in place so no need for that. + // If we change the in-place update logic, we should update this function to actually update the SA. + return status; +} + void sa_populate(void) { sa[0].spi = 0; - sa[0].sa_state = SA_OPERATIONAL; + sa[0].sa_state = SA_NONE; sa[0].est = 0; sa[0].ast = 0; sa[0].shivf_len = 0; - sa[0].shsnf_len = 2; - sa[0].arsn_len = 2; - sa[0].arsnw_len = 1; - sa[0].arsnw = 5; - sa[0].gvcid_blk.tfvn = 0; - sa[0].gvcid_blk.scid = SCID & 0x3FF; - sa[0].gvcid_blk.vcid = 0; + sa[0].shsnf_len = 0; + sa[0].arsn_len = 0; + sa[0].arsnw_len = 0; + sa[0].arsnw = 0; + sa[0].gvcid_blk.tfvn = 3; + sa[0].gvcid_blk.scid = 3; + sa[0].gvcid_blk.vcid = 3; sa[0].gvcid_blk.mapid = TYPE_TC; sa[1].spi = 1; @@ -293,9 +387,9 @@ void sa_populate(void) sa[10].ast = 1; sa[10].ecs_len = 1; sa[10].ecs = CRYPTO_CIPHER_AES256_GCM; - sa[10].shivf_len = 12; - sa[10].iv_len = 12; - sa[10].stmacf_len = 16; + sa[10].shivf_len = 0; + sa[10].iv_len = 0; + sa[10].stmacf_len = 0; *(sa[10].iv + 11) = 0; sa[10].abm_len = ABM_SIZE; // 20 sa[10].arsnw_len = 1; @@ -434,6 +528,9 @@ void sa_populate(void) sa[17].gvcid_blk.tfvn = 0x01; sa[17].gvcid_blk.scid = SCID & 0x3FF; sa[17].gvcid_blk.vcid = 0; + + + sa_perform_save(&sa[0]); } @@ -447,28 +544,14 @@ int32_t sa_config(void) int use_internal = 1; #ifdef SA_FILE - use_internal = 0; - status = sa_load_file(); - if (status != CRYPTO_LIB_SUCCESS) //Do we error out here, or is it ok to do as below and populate with internal on failure. - { - #ifdef DEBUG - printf("SA Load Failure!\n"); - printf("Falling back to in-memory SA!\n"); - sa_populate(); - status = CRYPTO_LIB_SUCCESS; - #endif - } + use_internal = 0; #endif if(use_internal) { sa_populate(); } - - // Security Associations - // SA 1 - CLEAR MODE - // SA 1 VC0/1 is now SA 1-VC0, SA 8-VC1 return status; } @@ -480,33 +563,55 @@ int32_t sa_init(void) { int32_t status = CRYPTO_LIB_SUCCESS; - for (int x = 0; x < NUM_SA; x++) - { - sa[x].ekid = x; - sa[x].akid = x; - sa[x].sa_state = SA_NONE; - sa[x].ecs_len = 0; - sa[x].ecs = 0; - sa[x].shivf_len = 0; - for (int y = 0; y < IV_SIZE; y++) - { - sa[x].iv[y] = 0; - } - sa[x].iv_len = 0; - for (int y = 0; y < ABM_SIZE; y++) + int use_internal = 1; + + #ifdef SA_FILE + use_internal = 0; + status = sa_load_file(); + if (status != CRYPTO_LIB_SUCCESS) //Do we error out here, or is it ok to do as below and populate with internal on failure. { - sa[x].abm[y] = 0; + #ifdef DEBUG + printf("SA Load Failure!\n"); + printf("Falling back to in-memory SA!\n"); + use_internal = 1; + status = CRYPTO_LIB_SUCCESS; + #endif } - sa[x].abm_len = 0; - sa[x].acs_len = 0; - sa[x].acs = 0; - sa[x].shsnf_len = 0; - sa[x].arsn_len = 0; - for (int y = 0; y < ARSN_SIZE; y++) + #endif + + if(use_internal) + { + for (int x = 0; x < NUM_SA; x++) { - sa[x].arsn[y] = 0; + sa[x].spi = x; + sa[x].ekid = x; + sa[x].akid = x; + sa[x].sa_state = SA_NONE; + sa[x].ecs_len = 0; + sa[x].ecs = 0; + sa[x].shivf_len = 0; + for (int y = 0; y < IV_SIZE; y++) + { + sa[x].iv[y] = 0; + } + sa[x].iv_len = 0; + for (int y = 0; y < ABM_SIZE; y++) + { + sa[x].abm[y] = 0; + } + sa[x].abm_len = 0; + sa[x].acs_len = 0; + sa[x].acs = 0; + sa[x].shsnf_len = 0; + sa[x].arsn_len = 0; + for (int y = 0; y < ARSN_SIZE; y++) + { + sa[x].arsn[y] = 0; + } } - } + + sa_populate(); + } return status; } @@ -771,80 +876,6 @@ static int32_t sa_get_operational_sa_from_gvcid(uint8_t tfvn, uint16_t scid, uin } -int32_t sa_perform_save(SecurityAssociation_t* sa) -{ - int32_t status = CRYPTO_LIB_SUCCESS; - FILE* sa_save_file; - int success_flag = 0; - //SecurityAssociation_t sa_temp[NUM_SA]; - - // sa_temp[1].spi = 5; - // memcpy(sa_temp, sa, sizeof(*sa)); - - // printf("*******************TEST: SA2: %d\n", sa_temp[1].spi); - - sa_save_file = fopen("sa_save_file.bin", "wb"); - - if (sa_save_file == NULL) - { - status = CRYPTO_LIB_ERR_FAIL_SA_SAVE; - } - - if(status == CRYPTO_LIB_SUCCESS) - { - success_flag = fwrite(sa, SA_SIZE, NUM_SA, sa_save_file); - - if(success_flag) - { - status = CRYPTO_LIB_SUCCESS; - -//#ifdef DEBUG - printf("SA Written Successfull to file!\n"); -//#endif - - - } - else - { - status = CRYPTO_LIB_ERR_FAIL_SA_SAVE; -//#ifdef DEBUG - printf("ERROR: SA Write FAILED!\n"); -//#endif - } - } - fclose(sa_save_file); - - return status; -} - -/** - * @brief Function: sa_save_sa - * @param sa: SecurityAssociation_t* - * @return int32: Success/Failure - **/ -static int32_t sa_save_sa(SecurityAssociation_t* sa) -{ - // if locked - wait. - // else get lock - lock, and do the below - // if immediate: always do TC_SH_SIZE - // if deferred: counter > X ? Reset Counter, perform save. - // size_t fwrite(variable, sizeof(variable), num elements, outfile); - // size_t fread(variable, sizeof(variable), num elements, infile) - int32_t status = CRYPTO_LIB_SUCCESS; - int ignore_save = 1; - -#ifdef SA_FILE - status = sa_perform_save(sa); - ignore_save = 0; -#endif - if (ignore_save) sa = sa; // TODO - use argument - - // We could do a memory copy of the SA into the sa[NUM_SA] array at the given SPI, however, the inmemory code - // currently updates in place so no need for that. - // If we change the in-place update logic, we should update this function to actually update the SA. - return status; -} - /* ** Security Association Management Services */ diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt index cfb22dc2..17ef2333 100644 --- a/test/CMakeLists.txt +++ b/test/CMakeLists.txt @@ -57,6 +57,10 @@ add_test(NAME UT_TM_PROCESS COMMAND ${PROJECT_BINARY_DIR}/bin/ut_tm_process WORKING_DIRECTORY ${PROJECT_TEST_DIR}) +add_test(NAME UT_SA_SAVE + COMMAND ${PROJECT_BINARY_DIR}/bin/ut_sa_save + WORKING_DIRECTORY ${PROJECT_TEST_DIR}) + # add_test(NAME UT_MARIADB # COMMAND ${PROJECT_BINARY_DIR}/bin/ut_mariadb # WORKING_DIRECTORY ${PROJECT_TEST_DIR}) diff --git a/test/include/ut_sa_save.h b/test/include/ut_sa_save.h new file mode 100644 index 00000000..65ba9683 --- /dev/null +++ b/test/include/ut_sa_save.h @@ -0,0 +1,35 @@ +/* Copyright (C) 2009 - 2022 National Aeronautics and Space Administration. + All Foreign Rights are Reserved to the U.S. Government. + + This software is provided "as is" without any warranty of any kind, either expressed, implied, or statutory, + including, but not limited to, any warranty that the software will conform to specifications, any implied warranties + of merchantability, fitness for a particular purpose, and freedom from infringement, and any warranty that the + documentation will conform to the program, or any warranty that the software will be error free. + + In no event shall NASA be liable for any damages, including, but not limited to direct, indirect, special or + consequential damages, arising out of, resulting from, or in any way connected with the software or its + documentation, whether or not based upon warranty, contract, tort or otherwise, and whether or not loss was sustained + from, or arose out of the results of, or use of, the software, documentation or services provided hereunder. + + ITC Team + NASA IV&V + jstar-development-team@mail.nasa.gov +*/ + +#ifndef CRYPTOLIB_UT_SA_SAVE_H +#define CRYPTOLIB_UT_SA_SAVE_H + +#ifdef __cplusplus +extern "C" +{ +#endif + +#include "crypto.h" +#include "shared_util.h" +#include + +#ifdef __cplusplus +} /* Close scope of 'extern "C"' declaration which encloses file. */ +#endif + +#endif //CRYPTOLIB_UT_SA_SAVE_H \ No newline at end of file diff --git a/test/unit/et_dt_validation.c b/test/unit/et_dt_validation.c index f21c1169..937c7192 100644 --- a/test/unit/et_dt_validation.c +++ b/test/unit/et_dt_validation.c @@ -233,6 +233,7 @@ UTEST(ET_VALIDATION, AUTH_ENCRYPTION_TEST) **/ UTEST(DT_VALIDATION, AUTH_DECRYPTION_TEST) { + remove("sa_save_file.bin"); // Setup & Initialize CryptoLib Crypto_Init_TC_Unit_Test(); SaInterface sa_if = get_sa_interface_inmemory(); @@ -320,6 +321,7 @@ UTEST(DT_VALIDATION, AUTH_DECRYPTION_TEST) **/ UTEST(NIST_ENC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0) { + remove("sa_save_file.bin"); uint8_t* ptr_enc_frame = NULL; uint16_t enc_frame_len = 0; // Setup & Initialize CryptoLib @@ -396,6 +398,7 @@ UTEST(NIST_ENC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0) **/ UTEST(NIST_DEC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0) { + remove("sa_save_file.bin"); uint8_t* ptr_enc_frame = NULL; // Setup & Initialize CryptoLib @@ -478,6 +481,7 @@ UTEST(NIST_DEC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0) **/ UTEST(NIST_ENC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_1) { + remove("sa_save_file.bin"); uint8_t* ptr_enc_frame = NULL; uint16_t enc_frame_len = 0; // Setup & Initialize CryptoLib @@ -551,6 +555,7 @@ UTEST(NIST_ENC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_1) **/ UTEST(NIST_DEC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_1) { + remove("sa_save_file.bin"); uint8_t* ptr_enc_frame = NULL; // Setup & Initialize CryptoLib Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, @@ -628,6 +633,7 @@ UTEST(NIST_DEC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_1) **/ UTEST(NIST_ENC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_2) { + remove("sa_save_file.bin"); uint8_t* ptr_enc_frame = NULL; uint16_t enc_frame_len = 0; // Setup & Initialize CryptoLib @@ -702,6 +708,7 @@ UTEST(NIST_ENC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_2) **/ UTEST(NIST_DEC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_2) { + remove("sa_save_file.bin"); uint8_t* ptr_enc_frame = NULL; // Setup & Initialize CryptoLib Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, @@ -777,6 +784,7 @@ UTEST(NIST_DEC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_2) **/ UTEST(NIST_ENC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_3) { + remove("sa_save_file.bin"); uint8_t* ptr_enc_frame = NULL; uint16_t enc_frame_len = 0; // Setup & Initialize CryptoLib @@ -851,6 +859,7 @@ UTEST(NIST_ENC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_3) **/ UTEST(NIST_DEC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_3) { + remove("sa_save_file.bin"); uint8_t* ptr_enc_frame = NULL; // Setup & Initialize CryptoLib Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, @@ -926,6 +935,7 @@ UTEST(NIST_DEC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_3) **/ UTEST(NIST_ENC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_4) { + remove("sa_save_file.bin"); uint8_t* ptr_enc_frame = NULL; uint16_t enc_frame_len = 0; // Setup & Initialize CryptoLib @@ -1000,6 +1010,7 @@ UTEST(NIST_ENC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_4) **/ UTEST(NIST_DEC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_4) { + remove("sa_save_file.bin"); uint8_t* ptr_enc_frame = NULL; // Setup & Initialize CryptoLib Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, @@ -1086,6 +1097,7 @@ UTEST(NIST_DEC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_4) **/ UTEST(NIST_ENC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0) { + remove("sa_save_file.bin"); uint8_t* ptr_enc_frame = NULL; uint16_t enc_frame_len = 0; // Setup & Initialize CryptoLib @@ -1174,6 +1186,7 @@ UTEST(NIST_ENC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0) **/ UTEST(NIST_ENC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_1) { + remove("sa_save_file.bin"); uint8_t* ptr_enc_frame = NULL; uint16_t enc_frame_len = 0; // Setup & Initialize CryptoLib @@ -1258,6 +1271,7 @@ UTEST(NIST_ENC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_1) **/ UTEST(NIST_DEC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0) { + remove("sa_save_file.bin"); // Setup & Initialize CryptoLib Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, @@ -1380,6 +1394,7 @@ UTEST(NIST_DEC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0) **/ UTEST(NIST_DEC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0_BAD_DATA) { + remove("sa_save_file.bin"); // Setup & Initialize CryptoLib int32_t status; Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, @@ -1482,6 +1497,7 @@ UTEST(NIST_DEC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0_BAD_DATA) **/ UTEST(NIST_DEC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0_BAD_MAC) { + remove("sa_save_file.bin"); // Setup & Initialize CryptoLib int32_t status; Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, @@ -1584,6 +1600,7 @@ UTEST(NIST_DEC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0_BAD_MAC) **/ UTEST(NIST_ENC_CMAC_VALIDATION, AES_CMAC_256_PT_128_TEST_0) { + remove("sa_save_file.bin"); uint8_t* ptr_enc_frame = NULL; uint16_t enc_frame_len = 0; // Setup & Initialize CryptoLib @@ -1677,6 +1694,7 @@ UTEST(NIST_ENC_CMAC_VALIDATION, AES_CMAC_256_PT_128_TEST_0) **/ UTEST(NIST_ENC_CMAC_VALIDATION, AES_CMAC_256_PT_128_TEST_1) { + remove("sa_save_file.bin"); uint8_t* ptr_enc_frame = NULL; uint16_t enc_frame_len = 0; // Setup & Initialize CryptoLib @@ -1765,6 +1783,7 @@ UTEST(NIST_ENC_CMAC_VALIDATION, AES_CMAC_256_PT_128_TEST_1) **/ UTEST(NIST_DEC_CMAC_VALIDATION, AES_CMAC_256_PT_128_TEST_0) { + remove("sa_save_file.bin"); uint16_t enc_frame_len = 0; // Setup & Initialize CryptoLib Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, @@ -1859,6 +1878,7 @@ UTEST(NIST_DEC_CMAC_VALIDATION, AES_CMAC_256_PT_128_TEST_0) **/ UTEST(NIST_DEC_CMAC_VALIDATION, AES_CMAC_256_PT_128_TEST_1) { + remove("sa_save_file.bin"); uint16_t enc_frame_len = 0; // Setup & Initialize CryptoLib Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, @@ -1950,6 +1970,7 @@ UTEST(NIST_DEC_CMAC_VALIDATION, AES_CMAC_256_PT_128_TEST_1) **/ UTEST(NIST_ENC_HMAC_VALIDATION, SHA_256_PT_128_TEST_0) { + remove("sa_save_file.bin"); uint8_t *ptr_enc_frame = NULL; uint16_t enc_frame_len = 0; // Setup & Initialize CryptoLib @@ -2042,6 +2063,7 @@ UTEST(NIST_ENC_HMAC_VALIDATION, SHA_256_PT_128_TEST_0) **/ UTEST(NIST_ENC_HMAC_VALIDATION, SHA_256_PT_128_TEST_1) { + remove("sa_save_file.bin"); uint8_t *ptr_enc_frame = NULL; uint16_t enc_frame_len = 0; int32_t status; @@ -2135,6 +2157,7 @@ UTEST(NIST_ENC_HMAC_VALIDATION, SHA_256_PT_128_TEST_1) **/ UTEST(NIST_ENC_HMAC_VALIDATION, SHA_512_PT_128_TEST_0) { + remove("sa_save_file.bin"); uint8_t *ptr_enc_frame = NULL; uint16_t enc_frame_len = 0; int32_t status; @@ -2228,6 +2251,7 @@ UTEST(NIST_ENC_HMAC_VALIDATION, SHA_512_PT_128_TEST_0) **/ UTEST(NIST_ENC_HMAC_VALIDATION, SHA_512_PT_128_TEST_1) { + remove("sa_save_file.bin"); uint8_t *ptr_enc_frame = NULL; uint16_t enc_frame_len = 0; int32_t status; @@ -2319,6 +2343,7 @@ UTEST(NIST_ENC_HMAC_VALIDATION, SHA_512_PT_128_TEST_1) **/ UTEST(NIST_DEC_HMAC_VALIDATION, SHA_256_PT_128_TEST_0) { + remove("sa_save_file.bin"); int32_t status = 0; uint8_t *ptr_enc_frame = NULL; // Setup & Initialize CryptoLib @@ -2414,6 +2439,7 @@ UTEST(NIST_DEC_HMAC_VALIDATION, SHA_256_PT_128_TEST_0) **/ UTEST(NIST_DEC_HMAC_VALIDATION, SHA_256_PT_128_TEST_1) { + remove("sa_save_file.bin"); int32_t status = 0; uint8_t *ptr_enc_frame = NULL; // Setup & Initialize CryptoLib @@ -2504,6 +2530,7 @@ UTEST(NIST_DEC_HMAC_VALIDATION, SHA_256_PT_128_TEST_1) **/ UTEST(NIST_DEC_HMAC_VALIDATION, SHA_512_PT_128_TEST_0) { + remove("sa_save_file.bin"); int32_t status = 0; // Setup & Initialize CryptoLib Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, @@ -2593,6 +2620,7 @@ UTEST(NIST_DEC_HMAC_VALIDATION, SHA_512_PT_128_TEST_0) **/ UTEST(NIST_DEC_HMAC_VALIDATION, SHA_512_PT_128_TEST_1) { + remove("sa_save_file.bin"); int32_t status = 0; // Setup & Initialize CryptoLib Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, @@ -2682,6 +2710,7 @@ UTEST(NIST_DEC_HMAC_VALIDATION, SHA_512_PT_128_TEST_1) **/ UTEST(PLAINTEXT, ENCRYPT_DECRYPT) { + remove("sa_save_file.bin"); int32_t status = CRYPTO_LIB_ERROR; uint8_t* ptr_enc_frame = NULL; uint16_t enc_frame_len = 0; @@ -2720,6 +2749,7 @@ UTEST(PLAINTEXT, ENCRYPT_DECRYPT) **/ UTEST(NIST_ENC_HMAC_VALIDATION, SHA_512_SHORT_KEY) { + remove("sa_save_file.bin"); int32_t status = 0; uint8_t *ptr_enc_frame = NULL; uint16_t enc_frame_len = 0; @@ -2801,6 +2831,7 @@ UTEST(NIST_ENC_HMAC_VALIDATION, SHA_512_SHORT_KEY) **/ UTEST(NIST_DEC_HMAC_VALIDATION, SHA_512_SHORT_KEY) { + remove("sa_save_file.bin"); int32_t status = 0; uint8_t *ptr_enc_frame = NULL; // Setup & Initialize CryptoLib diff --git a/test/unit/ut_aos_apply.c b/test/unit/ut_aos_apply.c index cca35b2f..55bbc86f 100644 --- a/test/unit/ut_aos_apply.c +++ b/test/unit/ut_aos_apply.c @@ -30,6 +30,7 @@ **/ UTEST(AOS_APPLY, NULL_BUFFER) { + remove("sa_save_file.bin"); int32_t status = CRYPTO_LIB_ERROR; uint8_t *ingest = NULL; @@ -53,6 +54,7 @@ UTEST(AOS_APPLY, NULL_BUFFER) **/ UTEST(AOS_APPLY, NO_CONFIG) { + remove("sa_save_file.bin"); int32_t status = CRYPTO_LIB_ERROR; uint8_t ingest[1786] = {0}; @@ -71,6 +73,7 @@ UTEST(AOS_APPLY, NO_CONFIG) **/ UTEST(AOS_APPLY, NO_INIT) { + remove("sa_save_file.bin"); // Local variables int32_t status = CRYPTO_LIB_ERROR; @@ -119,6 +122,7 @@ UTEST(AOS_APPLY, NO_INIT) **/ UTEST(AOS_APPLY, HAPPY_PATH_CLEAR_FECF) { + remove("sa_save_file.bin"); // Local variables int32_t status = CRYPTO_LIB_ERROR; @@ -169,6 +173,7 @@ UTEST(AOS_APPLY, HAPPY_PATH_CLEAR_FECF) **/ UTEST(AOS_APPLY, HAPPY_PATH_CLEAR_FECF_LEFT_BLANK) { + remove("sa_save_file.bin"); // Local variables int32_t status = CRYPTO_LIB_ERROR; @@ -225,6 +230,7 @@ UTEST(AOS_APPLY, HAPPY_PATH_CLEAR_FECF_LEFT_BLANK) **/ UTEST(AOS_APPLY, HAPPY_PATH_CLEAR_FHEC_FECF) { + remove("sa_save_file.bin"); // Configure, Add Managed Params, and Init int32_t status = CRYPTO_LIB_SUCCESS; Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, @@ -281,6 +287,7 @@ UTEST(AOS_APPLY, HAPPY_PATH_CLEAR_FHEC_FECF) **/ UTEST(AOS_APPLY, HAPPY_PATH_CLEAR_FHEC_OID_FECF) { + remove("sa_save_file.bin"); // Configure, Add Managed Params, and Init int32_t status = CRYPTO_LIB_SUCCESS; Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, @@ -335,6 +342,7 @@ UTEST(AOS_APPLY, HAPPY_PATH_CLEAR_FHEC_OID_FECF) **/ UTEST(AOS_APPLY, AES_CMAC_256_TEST_BITMASK_1) { + remove("sa_save_file.bin"); // Local variables int32_t status = CRYPTO_LIB_SUCCESS; SecurityAssociation_t *sa_ptr = NULL; @@ -401,6 +409,7 @@ UTEST(AOS_APPLY, AES_CMAC_256_TEST_BITMASK_1) **/ UTEST(AOS_APPLY, AES_CMAC_256_TEST_BITMASK_0) { + remove("sa_save_file.bin"); // Local variables int32_t status = CRYPTO_LIB_SUCCESS; SecurityAssociation_t *sa_ptr = NULL; @@ -468,6 +477,7 @@ UTEST(AOS_APPLY, AES_CMAC_256_TEST_BITMASK_0) **/ UTEST(AOS_APPLY, AES_GCM) { + remove("sa_save_file.bin"); // Local variables int32_t status = CRYPTO_LIB_SUCCESS; SecurityAssociation_t *sa_ptr = NULL; @@ -536,6 +546,7 @@ UTEST(AOS_APPLY, AES_GCM) **/ UTEST(AOS_APPLY, AEAD_GCM_BITMASK_1) { + remove("sa_save_file.bin"); // Local variables int32_t status = CRYPTO_LIB_SUCCESS; SecurityAssociation_t *sa_ptr = NULL; diff --git a/test/unit/ut_aos_process.c b/test/unit/ut_aos_process.c index 736dd8cf..93dae3ba 100644 --- a/test/unit/ut_aos_process.c +++ b/test/unit/ut_aos_process.c @@ -35,6 +35,7 @@ **/ UTEST(AOS_PROCESS, NO_CONFIG) { + remove("sa_save_file.bin"); // Local variables int32_t status = CRYPTO_LIB_ERROR; int framed_aos_len = 0; @@ -61,6 +62,7 @@ UTEST(AOS_PROCESS, NO_CONFIG) **/ UTEST(AOS_PROCESS, NO_INIT) { + remove("sa_save_file.bin"); // Local variables int32_t status = CRYPTO_LIB_ERROR; int framed_aos_len = 0; @@ -111,6 +113,7 @@ UTEST(AOS_PROCESS, NO_INIT) **/ UTEST(AOS_PROCESS, HAPPY_PATH_CLEAR_FECF) { + remove("sa_save_file.bin"); // Local Variables int32_t status = CRYPTO_LIB_SUCCESS; uint8_t* ptr_processed_frame = NULL; @@ -217,6 +220,7 @@ UTEST(AOS_PROCESS, HAPPY_PATH_CLEAR_FECF) **/ UTEST(AOS_PROCESS, INSERT_ZONE_PRESENT_PLAINTEXT) { + remove("sa_save_file.bin"); // Local Variables int32_t status = CRYPTO_LIB_SUCCESS; uint8_t* ptr_processed_frame = NULL; @@ -269,6 +273,7 @@ UTEST(AOS_PROCESS, INSERT_ZONE_PRESENT_PLAINTEXT) **/ UTEST(AOS_PROCESS, AES_CMAC_256_TEST_0) { + remove("sa_save_file.bin"); // Local Variables int32_t status = CRYPTO_LIB_SUCCESS; uint8_t* ptr_processed_frame = NULL; @@ -332,6 +337,7 @@ UTEST(AOS_PROCESS, AES_CMAC_256_TEST_0) **/ UTEST(AOS_PROCESS, AES_CMAC_256_TEST_1) { + remove("sa_save_file.bin"); // Local Variables int32_t status = CRYPTO_LIB_SUCCESS; uint8_t* ptr_processed_frame = NULL; @@ -387,6 +393,7 @@ UTEST(AOS_PROCESS, AES_CMAC_256_TEST_1) **/ UTEST(AOS_PROCESS, AES_HMAC_256_TEST_0) { + remove("sa_save_file.bin"); // Local Variables int32_t status = CRYPTO_LIB_SUCCESS; uint8_t* ptr_processed_frame = NULL; @@ -451,6 +458,7 @@ UTEST(AOS_PROCESS, AES_HMAC_256_TEST_0) **/ UTEST(AOS_PROCESS, AES_HMAC_256_TEST_1) { + remove("sa_save_file.bin"); // Local Variables int32_t status = CRYPTO_LIB_SUCCESS; uint8_t* ptr_processed_frame = NULL; @@ -513,6 +521,7 @@ UTEST(AOS_PROCESS, AES_HMAC_256_TEST_1) **/ UTEST(AOS_PROCESS, AES_HMAC_512_TEST_0) { + remove("sa_save_file.bin"); // Local Variables int32_t status = CRYPTO_LIB_SUCCESS; uint8_t* ptr_processed_frame = NULL; @@ -576,6 +585,7 @@ UTEST(AOS_PROCESS, AES_HMAC_512_TEST_0) **/ UTEST(AOS_PROCESS, AES_HMAC_512_TEST_1) { + remove("sa_save_file.bin"); // Local Variables int32_t status = CRYPTO_LIB_SUCCESS; uint8_t* ptr_processed_frame = NULL; @@ -636,6 +646,7 @@ UTEST(AOS_PROCESS, AES_HMAC_512_TEST_1) **/ UTEST(AOS_PROCESS, AES_GCM_DEC_ONLY) { + remove("sa_save_file.bin"); // Local Variables int32_t status = CRYPTO_LIB_SUCCESS; uint8_t* ptr_processed_frame = NULL; @@ -740,6 +751,7 @@ UTEST(AOS_PROCESS, AES_GCM_DEC_ONLY) * Sanity check: https://gchq.github.io/CyberChef/#recipe=AES_Encrypt(%7B'option':'Hex','string':'FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210'%7D,%7B'option':'Hex','string':'00000000000000000000000000000000'%7D,'GCM','Hex','Hex',%7B'option':'Hex','string':'42C000000000001100000000000000000000000000000000'%7D)AES_Decrypt(%7B'option':'Hex','string':'FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210'%7D,%7B'option':'Hex','string':'00000000000000000000000000000000'%7D,'GCM','Hex','Hex',%7B'option':'Hex','string':'48caf5a6921559a2384174c025a04874'%7D,%7B'option':'Hex','string':'42C000000000001100000000000000000000000000000000'%7D/disabled)&input=MTEyMjMzNDQ1NTY2Nzc4ODk5QUFCQkNDRERFRUZGQTEwN0ZGMDAwMDA2RDJBQkJBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUE**/ UTEST(AOS_PROCESS, AEAD_GCM_BITMASK_1) { + remove("sa_save_file.bin"); // Local Variables int32_t status = CRYPTO_LIB_SUCCESS; uint8_t* ptr_processed_frame = NULL; diff --git a/test/unit/ut_crypto.c b/test/unit/ut_crypto.c index 1c771050..3eb7cdfd 100644 --- a/test/unit/ut_crypto.c +++ b/test/unit/ut_crypto.c @@ -30,6 +30,7 @@ **/ UTEST(CRYPTO_C, CALC_CRC16) { + remove("sa_save_file.bin"); char* data_h = "2003002000ff000100001880d2c9000e197f0b001b0004000400003040d95e"; uint8_t* data_b = NULL; int data_b_len = 0; @@ -51,6 +52,7 @@ UTEST(CRYPTO_C, CALC_CRC16) **/ UTEST(CRYPTO_C, BAD_CC_FLAG) { + remove("sa_save_file.bin"); // Setup & Initialize CryptoLib Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, @@ -84,6 +86,7 @@ UTEST(CRYPTO_C, BAD_CC_FLAG) **/ UTEST(CRYPTO_C, PDU_SWITCH) { + remove("sa_save_file.bin"); int32_t status = CRYPTO_LIB_ERROR; Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, @@ -252,6 +255,7 @@ UTEST(CRYPTO_C, PDU_SWITCH) **/ UTEST(CRYPTO_C, EXT_PROC_PDU) { + remove("sa_save_file.bin"); uint8_t* ingest = NULL; TC_t* tc_frame = NULL; tc_frame = malloc(sizeof(uint8_t) * TC_SIZE); @@ -269,6 +273,7 @@ UTEST(CRYPTO_C, EXT_PROC_PDU) **/ UTEST(CRYPTO_C, GET_ACS_ALGO) { + remove("sa_save_file.bin"); int32_t libgcrypt_algo = -1; uint8_t crypto_algo = CRYPTO_MAC_CMAC_AES256; @@ -286,6 +291,7 @@ UTEST(CRYPTO_C, GET_ACS_ALGO) **/ UTEST(CRYPTO_C, GET_ACS_ALGO_KEY_LEN) { + remove("sa_save_file.bin"); int32_t algo_keylen = -1; uint8_t crypto_algo = CRYPTO_MAC_CMAC_AES256; algo_keylen = Crypto_Get_ACS_Algo_Keylen(crypto_algo); @@ -305,6 +311,7 @@ UTEST(CRYPTO_C, GET_ACS_ALGO_KEY_LEN) **/ UTEST(CRYPTO_C, GET_ECS_ALGO) { + remove("sa_save_file.bin"); int32_t libgcrypt_algo = -1; int8_t crypto_algo = CRYPTO_CIPHER_AES256_GCM; @@ -322,6 +329,7 @@ UTEST(CRYPTO_C, GET_ECS_ALGO) **/ UTEST(CRYPTO_C, GET_ECS_ALGO_KEY_LEN) { + remove("sa_save_file.bin"); int32_t algo_keylen = -1; uint8_t crypto_algo = CRYPTO_CIPHER_AES256_GCM; algo_keylen = Crypto_Get_ACS_Algo_Keylen(crypto_algo); diff --git a/test/unit/ut_crypto_config.c b/test/unit/ut_crypto_config.c index f56f4494..cc4ac833 100644 --- a/test/unit/ut_crypto_config.c +++ b/test/unit/ut_crypto_config.c @@ -30,6 +30,7 @@ **/ UTEST(CRYPTO_CONFIG, CRYPTO_INIT_WITH_INCOMPLETE_CONFIG) { + remove("sa_save_file.bin"); int32_t status = CRYPTO_LIB_ERROR; status = Crypto_Init(); ASSERT_EQ(CRYPTO_CONFIGURATION_NOT_COMPLETE, status); @@ -40,6 +41,7 @@ UTEST(CRYPTO_CONFIG, CRYPTO_INIT_WITH_INCOMPLETE_CONFIG) **/ UTEST(CRYPTO_CONFIG, CRYPTO_INIT_NO_MANAGED_PARAM_CONFIG) { + remove("sa_save_file.bin"); int32_t status = CRYPTO_LIB_ERROR; CryptoConfig_t* crypto_config_p = malloc(CRYPTO_CONFIG_SIZE); GvcidManagedParameters_t* gvcid_managed_paramenters_p = NULL; @@ -55,6 +57,7 @@ UTEST(CRYPTO_CONFIG, CRYPTO_INIT_NO_MANAGED_PARAM_CONFIG) **/ UTEST(CRYPTO_CONFIG, CRYPTO_INIT_MARIADB_NULL) { + remove("sa_save_file.bin"); int32_t status = CRYPTO_LIB_ERROR; CryptoConfig_t* crypto_config_p = malloc(CRYPTO_CONFIG_SIZE); crypto_config_p->key_type=KEY_TYPE_INTERNAL; @@ -118,6 +121,7 @@ UTEST(CRYPTO_CONFIG, CRYPTO_INIT_MARIADB_NULL) **/ UTEST(CRYPTO_CONFIG, CRYPTO_INIT_INVALID_SADB) { + remove("sa_save_file.bin"); int32_t status = CRYPTO_LIB_ERROR; CryptoConfig_t* crypto_config_p = malloc(CRYPTO_CONFIG_SIZE); crypto_config_p->key_type=KEY_TYPE_INTERNAL; @@ -143,6 +147,7 @@ UTEST(CRYPTO_CONFIG, CRYPTO_INIT_INVALID_SADB) **/ UTEST(CRYPTO_CONFIG, CRYPTO_CONFIG_MDB) { + remove("sa_save_file.bin"); int32_t status = CRYPTO_LIB_ERROR; char* mysql_username = "ITC_JPL"; char* mysql_password = "ITC_JPL"; @@ -165,6 +170,7 @@ UTEST(CRYPTO_CONFIG, CRYPTO_CONFIG_MDB) **/ UTEST(CRYPTO_CONFIG, CRYPTO_CONFIG_KMC) { + remove("sa_save_file.bin"); int32_t status = CRYPTO_LIB_ERROR; char* protocol = "https"; char* hostname = "ITC_JPL"; diff --git a/test/unit/ut_crypto_mc.c b/test/unit/ut_crypto_mc.c index 32b1ecfb..f94deec9 100644 --- a/test/unit/ut_crypto_mc.c +++ b/test/unit/ut_crypto_mc.c @@ -31,6 +31,7 @@ **/ UTEST(CRYPTO_MC, STATUS) { + remove("sa_save_file.bin"); int count = 0; uint8_t ingest[1024] = {0}; @@ -43,6 +44,7 @@ UTEST(CRYPTO_MC, STATUS) **/ UTEST(CRYPTO_MC, DUMP) { + remove("sa_save_file.bin"); int count = 0; uint8_t ingest[1024] = {0}; @@ -55,6 +57,7 @@ UTEST(CRYPTO_MC, DUMP) **/ UTEST(CRYPTO_MC, ERASE) { + remove("sa_save_file.bin"); int count = 0; uint8_t ingest[1024] = {0}; @@ -67,6 +70,7 @@ UTEST(CRYPTO_MC, ERASE) **/ UTEST(CRYPTO_MC, SELFTEST) { + remove("sa_save_file.bin"); int count = 0; uint8_t ingest[1024] = {0}; @@ -79,6 +83,7 @@ UTEST(CRYPTO_MC, SELFTEST) **/ UTEST(CRYPTO_MC, READARSN) { + remove("sa_save_file.bin"); int count = 0; uint8_t ingest[1024] = {0}; Crypto_Init_TC_Unit_Test(); @@ -97,6 +102,7 @@ UTEST(CRYPTO_MC, READARSN) **/ UTEST(CRYPTO_MC, PROCESS) { + remove("sa_save_file.bin"); uint8_t ingest[1024] = {0}; uint16_t len_ingest = 1024; int32_t status = CRYPTO_LIB_ERROR; @@ -112,6 +118,7 @@ UTEST(CRYPTO_MC, PROCESS) **/ UTEST(CRYPTO_MC, TMLENGTH) { + remove("sa_save_file.bin"); int length = 0; length = Crypto_Get_tmLength(length); diff --git a/test/unit/ut_sa_save.c b/test/unit/ut_sa_save.c new file mode 100644 index 00000000..7d30d485 --- /dev/null +++ b/test/unit/ut_sa_save.c @@ -0,0 +1,760 @@ +/* Copyright (C) 2009 - 2022 National Aeronautics and Space Administration. + All Foreign Rights are Reserved to the U.S. Government. + + This software is provided "as is" without any warranty of any kind, either expressed, implied, or statutory, + including, but not limited to, any warranty that the software will conform to specifications, any implied warranties + of merchantability, fitness for a particular purpose, and freedom from infringement, and any warranty that the + documentation will conform to the program, or any warranty that the software will be error free. + + In no event shall NASA be liable for any damages, including, but not limited to direct, indirect, special or + consequential damages, arising out of, resulting from, or in any way connected with the software or its + documentation, whether or not based upon warranty, contract, tort or otherwise, and whether or not loss was sustained + from, or arose out of the results of, or use of, the software, documentation or services provided hereunder. + + ITC Team + NASA IV&V + jstar-development-team@mail.nasa.gov +*/ + +/** + * NOTE: ALL OF THESE TESTS ARE MEANT TO BE RUN SEQUENTIALLY!! + * + * ERRONEOUS BEHAVIOR OTHERWISE + * + * NOTE: AS Security associations change, this tese will need to be updated for validation +*/ + +/** + * Unit Tests that macke use of CRYPTO_CONFIG functionality on the data. + **/ +#include "ut_sa_save.h" +#include "crypto.h" +#include "crypto_error.h" +#include "sa_interface.h" +#include "utest.h" + +UTEST(SA_SAVE, VERIFY_INTERNAL) +{ + remove("sa_save_file.bin"); + Crypto_Init_TC_Unit_Test(); + + SaInterface sa_if = get_sa_interface_inmemory(); + SecurityAssociation_t* test_association; + + sa_if->sa_get_from_spi(4, &test_association); + + ASSERT_EQ(test_association->spi, 4); + ASSERT_EQ(test_association->ekid, 130); + ASSERT_EQ(test_association->akid, 4); + //test_association->ek_ref = sa_ptr->ek_ref; + //test_association->ak_ref = sa_ptr->ak_ref; + ASSERT_EQ(test_association->sa_state, SA_OPERATIONAL); + ASSERT_EQ(test_association->gvcid_blk.tfvn, 0); + ASSERT_EQ(test_association->gvcid_blk.scid, (SCID & 0x3FF)); + ASSERT_EQ(test_association->gvcid_blk.vcid, 4); + ASSERT_EQ(test_association->gvcid_blk.mapid, TYPE_TC); + ASSERT_EQ(test_association->est, 1); + ASSERT_EQ(test_association->ast, 1); + ASSERT_EQ(test_association->shivf_len, 12); + ASSERT_EQ(test_association->shsnf_len, 0); + ASSERT_EQ(test_association->shplf_len, 0); + ASSERT_EQ(test_association->stmacf_len, 16); + ASSERT_EQ(test_association->ecs, 0x01); + ASSERT_EQ(test_association->ecs_len, 1); + for(int i = 0; iiv_len; i++) + { + ASSERT_EQ(test_association->iv[i], 0x00); + } + ASSERT_EQ(test_association->iv_len, 12); + ASSERT_EQ(test_association->acs_len, 0); + ASSERT_EQ(test_association->acs, 0x00); + ASSERT_EQ(test_association->abm_len, 1786); + for(int i = 0; iabm_len; i++) + { + ASSERT_EQ(test_association->abm[i], 0x00); + } + //sa[location].abm[0] = sa_ptr->abm; + ASSERT_EQ(test_association->arsn_len, 0); + for(int i = 0; iarsn_len; i++) + { + ASSERT_EQ(test_association->arsn[i], 0); + } + //sa[location].arsn[0] = sa_ptr->arsn; + ASSERT_EQ(test_association->arsnw_len, 1); + ASSERT_EQ(test_association->arsnw, 5); +} + +UTEST(SA_SAVE, INTERNAL_DEFAULT_PASS_1) +{ + remove("sa_save_file.bin"); + // Setup & Initialize CryptoLib + Crypto_Init_TC_Unit_Test(); + char* raw_tc_sdls_ping_h = "20030015000080d2c70008197f0b00310000b1fe3128"; + char* raw_tc_sdls_ping_b = NULL; + + char* new_iv_h = "FFFFFFFFFFFC"; + char* new_iv_b = NULL; + + char* expected_iv_h = "000000000001000000000001"; + char* expected_iv_b = NULL; + + int raw_tc_sdls_ping_len = 0; + int new_iv_len = 0; + int expected_iv_len = 0; + + SaInterface sa_if = get_sa_interface_inmemory(); + + hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); + hex_conversion(new_iv_h, &new_iv_b, &new_iv_len); + hex_conversion(expected_iv_h, &expected_iv_b, &expected_iv_len); + uint8_t* ptr_enc_frame = NULL; + uint16_t enc_frame_len = 0; + + int32_t return_val = CRYPTO_LIB_ERROR; + + SecurityAssociation_t* test_association; + // Expose the SADB Security Association for test edits. + sa_if->sa_get_from_spi(1, &test_association); + test_association->sa_state = SA_NONE; + sa_if->sa_get_from_spi(4, &test_association); + test_association->gvcid_blk.vcid = 0; + test_association->sa_state = SA_OPERATIONAL; + test_association->shivf_len = 6; + test_association->iv_len = 12; + test_association->arsn_len = 0; + memcpy(test_association->iv + (test_association->iv_len - test_association->shivf_len), new_iv_b, new_iv_len); + + return_val = + Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); + free(ptr_enc_frame); + ptr_enc_frame = NULL; + return_val = + Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); + free(ptr_enc_frame); + ptr_enc_frame = NULL; + return_val = + Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); + free(ptr_enc_frame); + ptr_enc_frame = NULL; + return_val = + Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); + free(ptr_enc_frame); + ptr_enc_frame = NULL; + return_val = + Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); + for (int i = 0; i < test_association->iv_len; i++) + { + printf("[%d] Truth: %02x, Actual: %02x\n", i, expected_iv_b[i], *(test_association->iv + i)); + ASSERT_EQ(expected_iv_b[i], *(test_association->iv + i)); + } + + Crypto_Shutdown(); + free(raw_tc_sdls_ping_b); + free(ptr_enc_frame); + free(new_iv_b); + free(expected_iv_b); + ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); +} + +UTEST(SA_SAVE, VERIFY_DEFAULT_PASS_1_SAVE) +{ + Crypto_Init_TC_Unit_Test(); + + SaInterface sa_if = get_sa_interface_inmemory(); + SecurityAssociation_t* test_association; + + sa_if->sa_get_from_spi(4, &test_association); + + ASSERT_EQ(test_association->spi, 4); + ASSERT_EQ(test_association->ekid, 130); + ASSERT_EQ(test_association->akid, 4); + //test_association->ek_ref = sa_ptr->ek_ref; + //test_association->ak_ref = sa_ptr->ak_ref; + ASSERT_EQ(test_association->sa_state, SA_OPERATIONAL); + ASSERT_EQ(test_association->gvcid_blk.tfvn, 0); + ASSERT_EQ(test_association->gvcid_blk.scid, (SCID & 0x3FF)); + ASSERT_EQ(test_association->gvcid_blk.vcid, 0); + ASSERT_EQ(test_association->gvcid_blk.mapid, TYPE_TC); + ASSERT_EQ(test_association->est, 1); + ASSERT_EQ(test_association->ast, 1); + ASSERT_EQ(test_association->shivf_len, 6); + ASSERT_EQ(test_association->shsnf_len, 0); + ASSERT_EQ(test_association->shplf_len, 0); + ASSERT_EQ(test_association->stmacf_len, 16); + ASSERT_EQ(test_association->ecs, 0x01); + ASSERT_EQ(test_association->ecs_len, 1); + + ASSERT_EQ(test_association->iv[0], 0x00); + ASSERT_EQ(test_association->iv[1], 0x00); + ASSERT_EQ(test_association->iv[2], 0x00); + ASSERT_EQ(test_association->iv[3], 0x00); + ASSERT_EQ(test_association->iv[4], 0x00); + ASSERT_EQ(test_association->iv[5], 0x01); + ASSERT_EQ(test_association->iv[6], 0x00); + ASSERT_EQ(test_association->iv[7], 0x00); + ASSERT_EQ(test_association->iv[8], 0x00); + ASSERT_EQ(test_association->iv[9], 0x00); + ASSERT_EQ(test_association->iv[10], 0x00); + ASSERT_EQ(test_association->iv[11], 0x01); + + + ASSERT_EQ(test_association->iv_len, 12); + ASSERT_EQ(test_association->acs_len, 0); + ASSERT_EQ(test_association->acs, 0x00); + ASSERT_EQ(test_association->abm_len, 1786); + for(int i = 0; iabm_len; i++) + { + ASSERT_EQ(test_association->abm[i], 0x00); + } + //sa[location].abm[0] = sa_ptr->abm; + ASSERT_EQ(test_association->arsn_len, 0); + for(int i = 0; iarsn_len; i++) + { + ASSERT_EQ(test_association->arsn[i], 0); + } + //sa[location].arsn[0] = sa_ptr->arsn; + ASSERT_EQ(test_association->arsnw_len, 1); + ASSERT_EQ(test_association->arsnw, 5); +} + +UTEST(SA_SAVE, SAVE_PASS_1) +{ + // Setup & Initialize CryptoLib + Crypto_Init_TC_Unit_Test(); + char* raw_tc_sdls_ping_h = "20030015000080d2c70008197f0b00310000b1fe3128"; + char* raw_tc_sdls_ping_b = NULL; + + char* new_iv_h = "FFFFFFFFFFFC"; + char* new_iv_b = NULL; + + char* expected_iv_h = "000000000002000000000001"; + char* expected_iv_b = NULL; + + int raw_tc_sdls_ping_len = 0; + int new_iv_len = 0; + int expected_iv_len = 0; + + SaInterface sa_if = get_sa_interface_inmemory(); + + hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); + hex_conversion(new_iv_h, &new_iv_b, &new_iv_len); + hex_conversion(expected_iv_h, &expected_iv_b, &expected_iv_len); + uint8_t* ptr_enc_frame = NULL; + uint16_t enc_frame_len = 0; + + int32_t return_val = CRYPTO_LIB_ERROR; + + SecurityAssociation_t* test_association; + // Expose the SADB Security Association for test edits. + sa_if->sa_get_from_spi(1, &test_association); + test_association->sa_state = SA_NONE; + sa_if->sa_get_from_spi(4, &test_association); + test_association->gvcid_blk.vcid = 0; + test_association->sa_state = SA_OPERATIONAL; + test_association->shivf_len = 6; + test_association->iv_len = 12; + test_association->arsn_len = 0; + memcpy(test_association->iv + (test_association->iv_len - test_association->shivf_len), new_iv_b, new_iv_len); + + return_val = + Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); + free(ptr_enc_frame); + ptr_enc_frame = NULL; + return_val = + Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); + free(ptr_enc_frame); + ptr_enc_frame = NULL; + return_val = + Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); + free(ptr_enc_frame); + ptr_enc_frame = NULL; + return_val = + Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); + free(ptr_enc_frame); + ptr_enc_frame = NULL; + return_val = + Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); + for (int i = 0; i < test_association->iv_len; i++) + { + printf("[%d] Truth: %02x, Actual: %02x\n", i, expected_iv_b[i], *(test_association->iv + i)); + ASSERT_EQ(expected_iv_b[i], *(test_association->iv + i)); + } + + Crypto_Shutdown(); + free(raw_tc_sdls_ping_b); + free(ptr_enc_frame); + free(new_iv_b); + free(expected_iv_b); + ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); +} + +UTEST(SA_SAVE, VERIFY_SAVE_PASS_1_SAVE) +{ + Crypto_Init_TC_Unit_Test(); + + SaInterface sa_if = get_sa_interface_inmemory(); + SecurityAssociation_t* test_association; + + sa_if->sa_get_from_spi(4, &test_association); + + ASSERT_EQ(test_association->spi, 4); + ASSERT_EQ(test_association->ekid, 130); + ASSERT_EQ(test_association->akid, 4); + //test_association->ek_ref = sa_ptr->ek_ref; + //test_association->ak_ref = sa_ptr->ak_ref; + ASSERT_EQ(test_association->sa_state, SA_OPERATIONAL); + ASSERT_EQ(test_association->gvcid_blk.tfvn, 0); + ASSERT_EQ(test_association->gvcid_blk.scid, (SCID & 0x3FF)); + ASSERT_EQ(test_association->gvcid_blk.vcid, 0); + ASSERT_EQ(test_association->gvcid_blk.mapid, TYPE_TC); + ASSERT_EQ(test_association->est, 1); + ASSERT_EQ(test_association->ast, 1); + ASSERT_EQ(test_association->shivf_len, 6); + ASSERT_EQ(test_association->shsnf_len, 0); + ASSERT_EQ(test_association->shplf_len, 0); + ASSERT_EQ(test_association->stmacf_len, 16); + ASSERT_EQ(test_association->ecs, 0x01); + ASSERT_EQ(test_association->ecs_len, 1); + + ASSERT_EQ(test_association->iv[0], 0x00); + ASSERT_EQ(test_association->iv[1], 0x00); + ASSERT_EQ(test_association->iv[2], 0x00); + ASSERT_EQ(test_association->iv[3], 0x00); + ASSERT_EQ(test_association->iv[4], 0x00); + ASSERT_EQ(test_association->iv[5], 0x02); + ASSERT_EQ(test_association->iv[6], 0x00); + ASSERT_EQ(test_association->iv[7], 0x00); + ASSERT_EQ(test_association->iv[8], 0x00); + ASSERT_EQ(test_association->iv[9], 0x00); + ASSERT_EQ(test_association->iv[10], 0x00); + ASSERT_EQ(test_association->iv[11], 0x01); + + ASSERT_EQ(test_association->iv_len, 12); + ASSERT_EQ(test_association->acs_len, 0); + ASSERT_EQ(test_association->acs, 0x00); + ASSERT_EQ(test_association->abm_len, 1786); + for(int i = 0; iabm_len; i++) + { + ASSERT_EQ(test_association->abm[i], 0x00); + } + //sa[location].abm[0] = sa_ptr->abm; + ASSERT_EQ(test_association->arsn_len, 0); + for(int i = 0; iarsn_len; i++) + { + ASSERT_EQ(test_association->arsn[i], 0); + } + //sa[location].arsn[0] = sa_ptr->arsn; + ASSERT_EQ(test_association->arsnw_len, 1); + ASSERT_EQ(test_association->arsnw, 5); +} + +UTEST(SA_SAVE, SAVE_PASS_2) +{ + // Setup & Initialize CryptoLib + Crypto_Init_TC_Unit_Test(); + char* raw_tc_sdls_ping_h = "20030015000080d2c70008197f0b00310000b1fe3128"; + char* raw_tc_sdls_ping_b = NULL; + + char* new_iv_h = "FFFFFFFFFFFC"; + char* new_iv_b = NULL; + + char* expected_iv_h = "000000000003000000000001"; + char* expected_iv_b = NULL; + + int raw_tc_sdls_ping_len = 0; + int new_iv_len = 0; + int expected_iv_len = 0; + + SaInterface sa_if = get_sa_interface_inmemory(); + + hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); + hex_conversion(new_iv_h, &new_iv_b, &new_iv_len); + hex_conversion(expected_iv_h, &expected_iv_b, &expected_iv_len); + uint8_t* ptr_enc_frame = NULL; + uint16_t enc_frame_len = 0; + + int32_t return_val = CRYPTO_LIB_ERROR; + + SecurityAssociation_t* test_association; + // Expose the SADB Security Association for test edits. + sa_if->sa_get_from_spi(1, &test_association); + test_association->sa_state = SA_NONE; + sa_if->sa_get_from_spi(4, &test_association); + test_association->gvcid_blk.vcid = 0; + test_association->sa_state = SA_OPERATIONAL; + test_association->shivf_len = 6; + test_association->iv_len = 12; + test_association->arsn_len = 0; + memcpy(test_association->iv + (test_association->iv_len - test_association->shivf_len), new_iv_b, new_iv_len); + + return_val = + Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); + free(ptr_enc_frame); + ptr_enc_frame = NULL; + return_val = + Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); + free(ptr_enc_frame); + ptr_enc_frame = NULL; + return_val = + Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); + free(ptr_enc_frame); + ptr_enc_frame = NULL; + return_val = + Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); + free(ptr_enc_frame); + ptr_enc_frame = NULL; + return_val = + Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); + for (int i = 0; i < test_association->iv_len; i++) + { + printf("[%d] Truth: %02x, Actual: %02x\n", i, expected_iv_b[i], *(test_association->iv + i)); + ASSERT_EQ(expected_iv_b[i], *(test_association->iv + i)); + } + + Crypto_Shutdown(); + free(raw_tc_sdls_ping_b); + free(ptr_enc_frame); + free(new_iv_b); + free(expected_iv_b); + ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); +} + +UTEST(SA_SAVE, VERIFY_SAVE_PASS_2_SAVE) +{ + Crypto_Init_TC_Unit_Test(); + + SaInterface sa_if = get_sa_interface_inmemory(); + SecurityAssociation_t* test_association; + + sa_if->sa_get_from_spi(4, &test_association); + + ASSERT_EQ(test_association->spi, 4); + ASSERT_EQ(test_association->ekid, 130); + ASSERT_EQ(test_association->akid, 4); + //test_association->ek_ref = sa_ptr->ek_ref; + //test_association->ak_ref = sa_ptr->ak_ref; + ASSERT_EQ(test_association->sa_state, SA_OPERATIONAL); + ASSERT_EQ(test_association->gvcid_blk.tfvn, 0); + ASSERT_EQ(test_association->gvcid_blk.scid, (SCID & 0x3FF)); + ASSERT_EQ(test_association->gvcid_blk.vcid, 0); + ASSERT_EQ(test_association->gvcid_blk.mapid, TYPE_TC); + ASSERT_EQ(test_association->est, 1); + ASSERT_EQ(test_association->ast, 1); + ASSERT_EQ(test_association->shivf_len, 6); + ASSERT_EQ(test_association->shsnf_len, 0); + ASSERT_EQ(test_association->shplf_len, 0); + ASSERT_EQ(test_association->stmacf_len, 16); + ASSERT_EQ(test_association->ecs, 0x01); + ASSERT_EQ(test_association->ecs_len, 1); + + ASSERT_EQ(test_association->iv[0], 0x00); + ASSERT_EQ(test_association->iv[1], 0x00); + ASSERT_EQ(test_association->iv[2], 0x00); + ASSERT_EQ(test_association->iv[3], 0x00); + ASSERT_EQ(test_association->iv[4], 0x00); + ASSERT_EQ(test_association->iv[5], 0x03); + ASSERT_EQ(test_association->iv[6], 0x00); + ASSERT_EQ(test_association->iv[7], 0x00); + ASSERT_EQ(test_association->iv[8], 0x00); + ASSERT_EQ(test_association->iv[9], 0x00); + ASSERT_EQ(test_association->iv[10], 0x00); + ASSERT_EQ(test_association->iv[11], 0x01); + + ASSERT_EQ(test_association->iv_len, 12); + ASSERT_EQ(test_association->acs_len, 0); + ASSERT_EQ(test_association->acs, 0x00); + ASSERT_EQ(test_association->abm_len, 1786); + for(int i = 0; iabm_len; i++) + { + ASSERT_EQ(test_association->abm[i], 0x00); + } + //sa[location].abm[0] = sa_ptr->abm; + ASSERT_EQ(test_association->arsn_len, 0); + for(int i = 0; iarsn_len; i++) + { + ASSERT_EQ(test_association->arsn[i], 0); + } + //sa[location].arsn[0] = sa_ptr->arsn; + ASSERT_EQ(test_association->arsnw_len, 1); + ASSERT_EQ(test_association->arsnw, 5); +} + +UTEST(SA_SAVE, VERIFY_SAVE_ADJACENT) +{ + Crypto_Init_TC_Unit_Test(); + + SaInterface sa_if = get_sa_interface_inmemory(); + SecurityAssociation_t* test_association; + +// VERIFY SA 4 + sa_if->sa_get_from_spi(4, &test_association); + ASSERT_EQ(test_association->spi, 4); + ASSERT_EQ(test_association->ekid, 130); + ASSERT_EQ(test_association->akid, 4); + //test_association->ek_ref = sa_ptr->ek_ref; + //test_association->ak_ref = sa_ptr->ak_ref; + ASSERT_EQ(test_association->sa_state, SA_OPERATIONAL); + ASSERT_EQ(test_association->gvcid_blk.tfvn, 0); + ASSERT_EQ(test_association->gvcid_blk.scid, (SCID & 0x3FF)); + ASSERT_EQ(test_association->gvcid_blk.vcid, 0); + ASSERT_EQ(test_association->gvcid_blk.mapid, TYPE_TC); + ASSERT_EQ(test_association->est, 1); + ASSERT_EQ(test_association->ast, 1); + ASSERT_EQ(test_association->shivf_len, 6); + ASSERT_EQ(test_association->shsnf_len, 0); + ASSERT_EQ(test_association->shplf_len, 0); + ASSERT_EQ(test_association->stmacf_len, 16); + ASSERT_EQ(test_association->ecs, 0x01); + ASSERT_EQ(test_association->ecs_len, 1); + + ASSERT_EQ(test_association->iv[0], 0x00); + ASSERT_EQ(test_association->iv[1], 0x00); + ASSERT_EQ(test_association->iv[2], 0x00); + ASSERT_EQ(test_association->iv[3], 0x00); + ASSERT_EQ(test_association->iv[4], 0x00); + ASSERT_EQ(test_association->iv[5], 0x03); + ASSERT_EQ(test_association->iv[6], 0x00); + ASSERT_EQ(test_association->iv[7], 0x00); + ASSERT_EQ(test_association->iv[8], 0x00); + ASSERT_EQ(test_association->iv[9], 0x00); + ASSERT_EQ(test_association->iv[10], 0x00); + ASSERT_EQ(test_association->iv[11], 0x01); + + ASSERT_EQ(test_association->iv_len, 12); + ASSERT_EQ(test_association->acs_len, 0); + ASSERT_EQ(test_association->acs, 0x00); + ASSERT_EQ(test_association->abm_len, 1786); + for(int i = 0; iabm_len; i++) + { + ASSERT_EQ(test_association->abm[i], 0x00); + } + //sa[location].abm[0] = sa_ptr->abm; + ASSERT_EQ(test_association->arsn_len, 0); + for(int i = 0; iarsn_len; i++) + { + ASSERT_EQ(test_association->arsn[i], 0); + } + //sa[location].arsn[0] = sa_ptr->arsn; + ASSERT_EQ(test_association->arsnw_len, 1); + ASSERT_EQ(test_association->arsnw, 5); + +// VERIFY SA 3 + sa_if->sa_get_from_spi(3, &test_association); + ASSERT_EQ(test_association->spi, 3); + ASSERT_EQ(test_association->ekid, 129); + ASSERT_EQ(test_association->akid, 3); + //test_association->ek_ref = sa_ptr->ek_ref; + //test_association->ak_ref = sa_ptr->ak_ref; + ASSERT_EQ(test_association->sa_state, SA_KEYED); + ASSERT_EQ(test_association->gvcid_blk.tfvn, 0); + ASSERT_EQ(test_association->gvcid_blk.scid, 0); + ASSERT_EQ(test_association->gvcid_blk.vcid, 0); + ASSERT_EQ(test_association->gvcid_blk.mapid, TYPE_TC); + ASSERT_EQ(test_association->est, 1); + ASSERT_EQ(test_association->ast, 1); + ASSERT_EQ(test_association->shivf_len, 12); + ASSERT_EQ(test_association->shsnf_len, 0); + ASSERT_EQ(test_association->shplf_len, 0); + ASSERT_EQ(test_association->stmacf_len, 0); + ASSERT_EQ(test_association->ecs, 0x01); + ASSERT_EQ(test_association->ecs_len, 1); + + ASSERT_EQ(test_association->iv[0], 0x00); + ASSERT_EQ(test_association->iv[1], 0x00); + ASSERT_EQ(test_association->iv[2], 0x00); + ASSERT_EQ(test_association->iv[3], 0x00); + ASSERT_EQ(test_association->iv[4], 0x00); + ASSERT_EQ(test_association->iv[5], 0x00); + ASSERT_EQ(test_association->iv[6], 0x00); + ASSERT_EQ(test_association->iv[7], 0x00); + ASSERT_EQ(test_association->iv[8], 0x00); + ASSERT_EQ(test_association->iv[9], 0x00); + ASSERT_EQ(test_association->iv[10], 0x00); + ASSERT_EQ(test_association->iv[11], 0x00); + + ASSERT_EQ(test_association->iv_len, 12); + ASSERT_EQ(test_association->acs_len, 0); + ASSERT_EQ(test_association->acs, 0x00); + ASSERT_EQ(test_association->abm_len, 1786); + for(int i = 0; iabm_len; i++) + { + ASSERT_EQ(test_association->abm[i], 0x00); + } + //sa[location].abm[0] = sa_ptr->abm; + ASSERT_EQ(test_association->arsn_len, 11); + for(int i = 0; iarsn_len; i++) + { + ASSERT_EQ(test_association->arsn[i], 0); + } + //sa[location].arsn[0] = sa_ptr->arsn; + ASSERT_EQ(test_association->arsnw_len, 1); + ASSERT_EQ(test_association->arsnw, 5); + +// VERIFY SA 5 + sa_if->sa_get_from_spi(5, &test_association); + ASSERT_EQ(test_association->spi, 5); + ASSERT_EQ(test_association->ekid, 131); + ASSERT_EQ(test_association->akid, 5); + //test_association->ek_ref = sa_ptr->ek_ref; + //test_association->ak_ref = sa_ptr->ak_ref; + ASSERT_EQ(test_association->sa_state, SA_KEYED); + ASSERT_EQ(test_association->gvcid_blk.tfvn, 0); + ASSERT_EQ(test_association->gvcid_blk.scid, 0); + ASSERT_EQ(test_association->gvcid_blk.vcid, 0); + ASSERT_EQ(test_association->gvcid_blk.mapid, TYPE_TC); + ASSERT_EQ(test_association->est, 1); + ASSERT_EQ(test_association->ast, 1); + ASSERT_EQ(test_association->shivf_len, 12); + ASSERT_EQ(test_association->shsnf_len, 0); + ASSERT_EQ(test_association->shplf_len, 0); + ASSERT_EQ(test_association->stmacf_len, 0); + ASSERT_EQ(test_association->ecs, 0x01); + ASSERT_EQ(test_association->ecs_len, 1); + + ASSERT_EQ(test_association->iv[0], 0x00); + ASSERT_EQ(test_association->iv[1], 0x00); + ASSERT_EQ(test_association->iv[2], 0x00); + ASSERT_EQ(test_association->iv[3], 0x00); + ASSERT_EQ(test_association->iv[4], 0x00); + ASSERT_EQ(test_association->iv[5], 0x00); + ASSERT_EQ(test_association->iv[6], 0x00); + ASSERT_EQ(test_association->iv[7], 0x00); + ASSERT_EQ(test_association->iv[8], 0x00); + ASSERT_EQ(test_association->iv[9], 0x00); + ASSERT_EQ(test_association->iv[10], 0x00); + ASSERT_EQ(test_association->iv[11], 0x00); + + ASSERT_EQ(test_association->iv_len, 12); + ASSERT_EQ(test_association->acs_len, 0); + ASSERT_EQ(test_association->acs, 0x00); + ASSERT_EQ(test_association->abm_len, 1786); + for(int i = 0; iabm_len; i++) + { + ASSERT_EQ(test_association->abm[i], 0x00); + } + //sa[location].abm[0] = sa_ptr->abm; + ASSERT_EQ(test_association->arsn_len, 11); + for(int i = 0; iarsn_len; i++) + { + ASSERT_EQ(test_association->arsn[i], 0); + } + //sa[location].arsn[0] = sa_ptr->arsn; + ASSERT_EQ(test_association->arsnw_len, 1); + ASSERT_EQ(test_association->arsnw, 5); +} + +UTEST(SA_SAVE, VERIFY_SAVE_EDGES) +{ + Crypto_Init_TC_Unit_Test(); + + SaInterface sa_if = get_sa_interface_inmemory(); + SecurityAssociation_t* test_association; + +// VERIFY SA 1 + sa_if->sa_get_from_spi(1, &test_association); + ASSERT_EQ(test_association->spi, 1); + ASSERT_EQ(test_association->ekid, 1); + ASSERT_EQ(test_association->akid, 1); + //test_association->ek_ref = sa_ptr->ek_ref; + //test_association->ak_ref = sa_ptr->ak_ref; + ASSERT_EQ(test_association->sa_state, SA_NONE); + ASSERT_EQ(test_association->gvcid_blk.tfvn, 0); + ASSERT_EQ(test_association->gvcid_blk.scid, (SCID & 0x3FF)); + ASSERT_EQ(test_association->gvcid_blk.vcid, 0); + ASSERT_EQ(test_association->gvcid_blk.mapid, TYPE_TC); + ASSERT_EQ(test_association->est, 0); + ASSERT_EQ(test_association->ast, 0); + ASSERT_EQ(test_association->shivf_len, 0); + ASSERT_EQ(test_association->shsnf_len, 2); + ASSERT_EQ(test_association->shplf_len, 0); + ASSERT_EQ(test_association->stmacf_len, 0); + ASSERT_EQ(test_association->ecs, 0x00); + ASSERT_EQ(test_association->ecs_len, 0); + + ASSERT_EQ(test_association->iv[0], 0x00); + ASSERT_EQ(test_association->iv[1], 0x00); + ASSERT_EQ(test_association->iv[2], 0x00); + ASSERT_EQ(test_association->iv[3], 0x00); + ASSERT_EQ(test_association->iv[4], 0x00); + ASSERT_EQ(test_association->iv[5], 0x00); + ASSERT_EQ(test_association->iv[6], 0x00); + ASSERT_EQ(test_association->iv[7], 0x00); + ASSERT_EQ(test_association->iv[8], 0x00); + ASSERT_EQ(test_association->iv[9], 0x00); + ASSERT_EQ(test_association->iv[10], 0x00); + ASSERT_EQ(test_association->iv[11], 0x00); + + ASSERT_EQ(test_association->iv_len, 0); + ASSERT_EQ(test_association->acs_len, 0); + ASSERT_EQ(test_association->acs, 0x00); + ASSERT_EQ(test_association->abm_len, 0); + for(int i = 0; iabm_len; i++) + { + ASSERT_EQ(test_association->abm[i], 0x00); + } + //sa[location].abm[0] = sa_ptr->abm; + ASSERT_EQ(test_association->arsn_len, 2); + for(int i = 0; iarsn_len; i++) + { + ASSERT_EQ(test_association->arsn[i], 0); + } + //sa[location].arsn[0] = sa_ptr->arsn; + ASSERT_EQ(test_association->arsnw_len, 1); + ASSERT_EQ(test_association->arsnw, 5); + +// VERIFY SA 17 + sa_if->sa_get_from_spi(17, &test_association); + ASSERT_EQ(test_association->spi, 17); + ASSERT_EQ(test_association->ekid, 130); + ASSERT_EQ(test_association->akid, 17); + //test_association->ek_ref = sa_ptr->ek_ref; + //test_association->ak_ref = sa_ptr->ak_ref; + ASSERT_EQ(test_association->sa_state, SA_KEYED); + ASSERT_EQ(test_association->gvcid_blk.tfvn, 0x01); + ASSERT_EQ(test_association->gvcid_blk.scid, (SCID & 0x3FF)); + ASSERT_EQ(test_association->gvcid_blk.vcid, 0); + ASSERT_EQ(test_association->gvcid_blk.mapid, TYPE_TC); + ASSERT_EQ(test_association->est, 1); + ASSERT_EQ(test_association->ast, 1); + ASSERT_EQ(test_association->shivf_len, 16); + ASSERT_EQ(test_association->shsnf_len, 0); + ASSERT_EQ(test_association->shplf_len, 0); + ASSERT_EQ(test_association->stmacf_len, 16); + ASSERT_EQ(test_association->ecs, CRYPTO_CIPHER_AES256_GCM); + ASSERT_EQ(test_association->ecs_len, 1); + + ASSERT_EQ(test_association->iv[0], 0x00); + ASSERT_EQ(test_association->iv[1], 0x00); + ASSERT_EQ(test_association->iv[2], 0x00); + ASSERT_EQ(test_association->iv[3], 0x00); + ASSERT_EQ(test_association->iv[4], 0x00); + ASSERT_EQ(test_association->iv[5], 0x00); + ASSERT_EQ(test_association->iv[6], 0x00); + ASSERT_EQ(test_association->iv[7], 0x00); + ASSERT_EQ(test_association->iv[8], 0x00); + ASSERT_EQ(test_association->iv[9], 0x00); + ASSERT_EQ(test_association->iv[10], 0x00); + ASSERT_EQ(test_association->iv[11], 0x00); + + ASSERT_EQ(test_association->iv_len, 16); + ASSERT_EQ(test_association->acs_len, 0); + ASSERT_EQ(test_association->acs, 0x00); + ASSERT_EQ(test_association->abm_len, ABM_SIZE); + for(int i = 0; iabm_len; i++) + { + ASSERT_EQ(test_association->abm[i], 0xff); + } + //sa[location].abm[0] = sa_ptr->abm; + ASSERT_EQ(test_association->arsn_len, 0); + for(int i = 0; iarsn_len; i++) + { + ASSERT_EQ(test_association->arsn[i], 0); + } + //sa[location].arsn[0] = sa_ptr->arsn; + ASSERT_EQ(test_association->arsnw_len, 0); + ASSERT_EQ(test_association->arsnw, 0); + +} + + +UTEST_MAIN(); \ No newline at end of file diff --git a/test/unit/ut_tc_apply.c b/test/unit/ut_tc_apply.c index f8e82238..43449bb5 100644 --- a/test/unit/ut_tc_apply.c +++ b/test/unit/ut_tc_apply.c @@ -32,6 +32,7 @@ **/ UTEST(TC_APPLY_SECURITY, NO_CRYPTO_INIT) { + remove("sa_save_file.bin"); // No Crypto_Init(), but we still Configure It; char* raw_tc_sdls_ping_h = "20030015001880d2c70008197f0b00310000b1fe3128"; char* raw_tc_sdls_ping_b = NULL; @@ -62,6 +63,7 @@ UTEST(TC_APPLY_SECURITY, NO_CRYPTO_INIT) **/ UTEST(TC_APPLY_SECURITY, NO_CONFIG) { + remove("sa_save_file.bin"); // No Crypto_Init(), but we still Configure It; char* raw_tc_sdls_ping_h = "20030015001880d2c70008197f0b00310000b1fe3128"; char* raw_tc_sdls_ping_b = NULL; @@ -89,6 +91,7 @@ UTEST(TC_APPLY_SECURITY, NO_CONFIG) **/ UTEST(TC_APPLY_SECURITY, HAPPY_PATH_CLEAR) { + remove("sa_save_file.bin"); // Setup & Initialize CryptoLib Crypto_Init_TC_Unit_Test(); char* raw_tc_sdls_ping_h = "20030015000080d2c70008197f0b00310000b1fe3128"; @@ -115,6 +118,7 @@ UTEST(TC_APPLY_SECURITY, HAPPY_PATH_CLEAR) **/ UTEST(TC_APPLY_SECURITY, HAPPY_PATH_ENC) { + remove("sa_save_file.bin"); // Setup & Initialize CryptoLib Crypto_Init_TC_Unit_Test(); char* raw_tc_sdls_ping_h = "20030015000080d2c70008197f0b00310000b1fe3128"; @@ -152,6 +156,7 @@ UTEST(TC_APPLY_SECURITY, HAPPY_PATH_ENC) **/ UTEST(TC_APPLY_SECURITY, HAPPY_PATH_ENC_CBC) { + remove("sa_save_file.bin"); // Setup & Initialize CryptoLib Crypto_Init_TC_Unit_Test(); char* raw_tc_sdls_ping_h = "20030015000080d2c70008197f0b00310000b1fe3128"; @@ -189,6 +194,7 @@ UTEST(TC_APPLY_SECURITY, HAPPY_PATH_ENC_CBC) **/ UTEST(TC_APPLY_SECURITY, HAPPY_PATH_AUTH_ENC) { + remove("sa_save_file.bin"); // Setup & Initialize CryptoLib Crypto_Init_TC_Unit_Test(); char* raw_tc_sdls_ping_h = "20030015000080d2c70008197f0b00310000b1fe3128"; @@ -226,6 +232,7 @@ UTEST(TC_APPLY_SECURITY, HAPPY_PATH_AUTH_ENC) **/ UTEST(TC_APPLY_SECURITY, HAPPY_PATH_APPLY_NONTRANSMITTED_INCREMENTING_IV_ROLLOVER) { + remove("sa_save_file.bin"); // Setup & Initialize CryptoLib Crypto_Init_TC_Unit_Test(); char* raw_tc_sdls_ping_h = "20030015000080d2c70008197f0b00310000b1fe3128"; @@ -300,6 +307,7 @@ UTEST(TC_APPLY_SECURITY, HAPPY_PATH_APPLY_NONTRANSMITTED_INCREMENTING_IV_ROLLOVE **/ UTEST(TC_APPLY_SECURITY, HAPPY_PATH_APPLY_STATIC_IV_ROLLOVER) { + remove("sa_save_file.bin"); // Setup & Initialize CryptoLib Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, @@ -341,7 +349,15 @@ UTEST(TC_APPLY_SECURITY, HAPPY_PATH_APPLY_STATIC_IV_ROLLOVER) test_association->shivf_len = 6; test_association->iv_len = 12; test_association->arsn_len = 0; + printf("TEST ASSOCIATION IV_LEN: %d\n", test_association->iv_len); + sa_if->sa_get_from_spi(4, &test_association); memcpy(test_association->iv + (test_association->iv_len - test_association->shivf_len), new_iv_b, new_iv_len); + printf("IV:\n"); + for(int i = 0; iiv_len; i++) + { + printf("%02x ", *(test_association->iv + i)); + } + printf("\n"); return_val = Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); @@ -380,6 +396,7 @@ UTEST(TC_APPLY_SECURITY, HAPPY_PATH_APPLY_STATIC_IV_ROLLOVER) **/ UTEST(TC_APPLY_SECURITY, HAPPY_PATH_APPLY_NONTRANSMITTED_INCREMENTING_ARSN_ROLLOVER) { + remove("sa_save_file.bin"); // Setup & Initialize CryptoLib Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, @@ -481,6 +498,7 @@ UTEST(TC_APPLY_SECURITY, HAPPY_PATH_APPLY_NONTRANSMITTED_INCREMENTING_ARSN_ROLLO **/ UTEST(TC_APPLY_SECURITY, BAD_SPACE_CRAFT_ID) { + remove("sa_save_file.bin"); // Setup & Initialize CryptoLib Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, @@ -513,6 +531,7 @@ UTEST(TC_APPLY_SECURITY, BAD_SPACE_CRAFT_ID) **/ UTEST(TC_APPLY_SECURITY, BAD_VIRTUAL_CHANNEL_ID) { + remove("sa_save_file.bin"); // Setup & Initialize CryptoLib Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, @@ -546,6 +565,7 @@ UTEST(TC_APPLY_SECURITY, BAD_VIRTUAL_CHANNEL_ID) **/ UTEST(TC_APPLY_SECURITY, NULL_BUFFER) { + remove("sa_save_file.bin"); // Setup & Initialize CryptoLib Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, @@ -579,6 +599,7 @@ UTEST(TC_APPLY_SECURITY, NULL_BUFFER) **/ UTEST(TC_APPLY_SECURITY, INVALID_FRAME_SIZE) { + remove("sa_save_file.bin"); int32_t status = CRYPTO_LIB_ERROR; uint8_t* ptr_enc_frame = NULL; uint16_t enc_frame_len = 0; @@ -627,6 +648,7 @@ UTEST(TC_APPLY_SECURITY, INVALID_FRAME_SIZE) UTEST(TC_APPLY_SECURITY, ERROR_TC_INPUT_FRAME_TOO_SHORT_FOR_SPEC) { + remove("sa_save_file.bin"); int32_t status = CRYPTO_LIB_SUCCESS; uint8_t* ptr_enc_frame = NULL; uint16_t enc_frame_len = 0; @@ -661,6 +683,7 @@ UTEST(TC_APPLY_SECURITY, ERROR_TC_INPUT_FRAME_TOO_SHORT_FOR_SPEC) UTEST(TC_APPLY_SECURITY, ERROR_TC_INPUT_FRAME_TOO_SHORT_FOR_SPECIFIED_FRAME_LENGTH_HEADER) { + remove("sa_save_file.bin"); int32_t status = CRYPTO_LIB_SUCCESS; uint8_t* ptr_enc_frame = NULL; uint16_t enc_frame_len = 0; @@ -698,6 +721,7 @@ UTEST(TC_APPLY_SECURITY, ERROR_TC_INPUT_FRAME_TOO_SHORT_FOR_SPECIFIED_FRAME_LENG **/ UTEST(TC_APPLY_SECURITY, ENC_CBC_1BP) { + remove("sa_save_file.bin"); // Setup & Initialize CryptoLib Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, @@ -743,7 +767,7 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_1BP) //printf("Encrypted Frame:\n"); for(int i = 0; i < enc_frame_len; i++) { - //printf("%02x -> %02x ", ptr_enc_frame[i], truth_data_b[i]); + printf("%02x -> %02x ", ptr_enc_frame[i], truth_data_b[i]); ASSERT_EQ(ptr_enc_frame[i], truth_data_b[i]); } //printf("\n"); @@ -760,6 +784,7 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_1BP) **/ UTEST(TC_APPLY_SECURITY, ENC_CBC_16BP) { + remove("sa_save_file.bin"); // Setup & Initialize CryptoLib Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, @@ -824,6 +849,7 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_16BP) **/ UTEST(TC_APPLY_SECURITY, ENC_CBC_FRAME_MAX) { + remove("sa_save_file.bin"); // Setup & Initialize CryptoLib Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, @@ -872,6 +898,7 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_FRAME_MAX) **/ UTEST(TC_APPLY_SECURITY, ENC_CBC_FRAME_TOO_BIG) { + remove("sa_save_file.bin"); // Setup & Initialize CryptoLib Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, @@ -916,6 +943,7 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_FRAME_TOO_BIG) // Verify Payload against truth data, not just return val of methods UTEST(TC_APPLY_SECURITY, ENC_CBC_1BP_1) { + remove("sa_save_file.bin"); // Setup & Initialize CryptoLib Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, @@ -973,10 +1001,10 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_1BP_1) //printf("Encrypted Frame:\n"); for(int i = 0; i < enc_frame_len; i++) { - //printf("%02x -> %02x ", ptr_enc_frame[i], truth_data_b[i]); + printf("%02x -> %02x ", ptr_enc_frame[i], truth_data_b[i]); ASSERT_EQ(ptr_enc_frame[i], truth_data_b[i]); } - //printf("\n"); + printf("\n"); Crypto_Shutdown(); free(truth_data_b); @@ -989,6 +1017,7 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_1BP_1) // expect CBC to fail if NULL IV UTEST(TC_APPLY_SECURITY, ENC_CBC_NULL_IV) { + remove("sa_save_file.bin"); // Setup & Initialize CryptoLib Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, IV_CRYPTO_MODULE, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, @@ -1060,6 +1089,7 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_NULL_IV) // IV not NULL, but SHIVF len>0 UTEST(TC_APPLY_SECURITY, CBC_NULL_IV_W_IVH) { + remove("sa_save_file.bin"); // Setup & Initialize CryptoLib Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, IV_CRYPTO_MODULE, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, @@ -1136,6 +1166,7 @@ UTEST(TC_APPLY_SECURITY, CBC_NULL_IV_W_IVH) */ UTEST(TC_APPLY_SECURITY, PLAINTEXT_W_ARSN) { + remove("sa_save_file.bin"); // Setup & Initialize CryptoLib Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, @@ -1155,7 +1186,7 @@ UTEST(TC_APPLY_SECURITY, PLAINTEXT_W_ARSN) int32_t return_val = CRYPTO_LIB_ERROR; return_val = Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); - + //200300230000010000000100011880D2C9000E197F0B001B0004000400003040D95E85F3 char* truth_data_h = "200300230000010000000100011880D2C9000E197F0B001B0004000400003040D95E85F3"; uint8_t* truth_data_b = NULL; int truth_data_l = 0; diff --git a/test/unit/ut_tc_process.c b/test/unit/ut_tc_process.c index 2fa19fc0..b7483cf2 100644 --- a/test/unit/ut_tc_process.c +++ b/test/unit/ut_tc_process.c @@ -32,6 +32,7 @@ **/ UTEST(TC_PROCESS, EXERCISE_IV) { + remove("sa_save_file.bin"); uint8_t* ptr_enc_frame = NULL; // Setup & Initialize CryptoLib Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, @@ -131,6 +132,7 @@ UTEST(TC_PROCESS, EXERCISE_IV) **/ UTEST(TC_PROCESS, EXERCISE_ARSN) { + remove("sa_save_file.bin"); uint8_t* ptr_enc_frame = NULL; // Setup & Initialize CryptoLib Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, @@ -239,6 +241,7 @@ UTEST(TC_PROCESS, EXERCISE_ARSN) UTEST(TC_PROCESS, HAPPY_PATH_PROCESS_STATIC_IV_ROLLOVER) { + remove("sa_save_file.bin"); // Setup & Initialize CryptoLib Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, @@ -328,6 +331,7 @@ UTEST(TC_PROCESS, HAPPY_PATH_PROCESS_STATIC_IV_ROLLOVER) UTEST(TC_PROCESS, HAPPY_PATH_PROCESS_NONTRANSMITTED_INCREMENTING_IV_ROLLOVER) { + remove("sa_save_file.bin"); // Setup & Initialize CryptoLib Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, @@ -428,6 +432,7 @@ UTEST(TC_PROCESS, HAPPY_PATH_PROCESS_NONTRANSMITTED_INCREMENTING_IV_ROLLOVER) UTEST(TC_PROCESS, HAPPY_PATH_PROCESS_NONTRANSMITTED_INCREMENTING_ARSN_ROLLOVER) { + remove("sa_save_file.bin"); // Setup & Initialize CryptoLib Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, @@ -517,6 +522,7 @@ UTEST(TC_PROCESS, HAPPY_PATH_PROCESS_NONTRANSMITTED_INCREMENTING_ARSN_ROLLOVER) UTEST(TC_PROCESS, ERROR_TC_INPUT_FRAME_TOO_SHORT_FOR_SPEC) { + remove("sa_save_file.bin"); int32_t status = CRYPTO_LIB_SUCCESS; // Setup & Initialize CryptoLib Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, @@ -592,6 +598,7 @@ UTEST(TC_PROCESS, ERROR_TC_INPUT_FRAME_TOO_SHORT_FOR_SPECIFIED_FRAME_LENGTH_HEAD UTEST(TC_PROCESS, HAPPY_PATH_DECRYPT_CBC) { + remove("sa_save_file.bin"); int32_t status = CRYPTO_LIB_SUCCESS; Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, @@ -651,6 +658,7 @@ UTEST(TC_PROCESS, HAPPY_PATH_DECRYPT_CBC) **/ UTEST(TC_PROCESS, DECRYPT_CBC_1B) { + remove("sa_save_file.bin"); Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, @@ -711,6 +719,7 @@ UTEST(TC_PROCESS, DECRYPT_CBC_1B) **/ UTEST(TC_PROCESS, DECRYPT_CBC_16B) { + remove("sa_save_file.bin"); Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, @@ -771,6 +780,7 @@ UTEST(TC_PROCESS, DECRYPT_CBC_16B) **/ UTEST(TC_PROCESS, GCM_IV_AND_ARSN) { + remove("sa_save_file.bin"); uint8_t* ptr_enc_frame = NULL; // Setup & Initialize CryptoLib Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, diff --git a/test/unit/ut_tm_apply.c b/test/unit/ut_tm_apply.c index 7dfe0321..17aaa82a 100644 --- a/test/unit/ut_tm_apply.c +++ b/test/unit/ut_tm_apply.c @@ -32,6 +32,7 @@ **/ UTEST(TM_APPLY_SECURITY, NO_CRYPTO_INIT) { + remove("sa_save_file.bin"); // Local variables int32_t status = CRYPTO_LIB_ERROR; @@ -58,6 +59,7 @@ UTEST(TM_APPLY_SECURITY, NO_CRYPTO_INIT) **/ UTEST(TM_APPLY_SECURITY, NULL_BUFFER) { + remove("sa_save_file.bin"); // Local variables int32_t status = CRYPTO_LIB_ERROR; @@ -78,6 +80,7 @@ UTEST(TM_APPLY_SECURITY, NULL_BUFFER) **/ UTEST(TM_APPLY_SECURITY, NO_CONFIG) { + remove("sa_save_file.bin"); // Local variables int32_t status = CRYPTO_LIB_ERROR; @@ -116,6 +119,7 @@ UTEST(TM_APPLY_SECURITY, NO_CONFIG) **/ UTEST(TM_APPLY_SECURITY, HAPPY_PATH_CLEAR_FECF) { + remove("sa_save_file.bin"); // Setup & Initialize CryptoLib Crypto_Init_TM_Unit_Test(); // Local Variables @@ -174,6 +178,7 @@ UTEST(TM_APPLY_SECURITY, HAPPY_PATH_CLEAR_FECF) **/ UTEST(TM_APPLY_SECURITY, HAPPY_PATH_CLEAR_FECF_LEFT_BLANK) { + remove("sa_save_file.bin"); // Local Variables int32_t status = CRYPTO_LIB_SUCCESS; SecurityAssociation_t* sa_ptr = NULL; @@ -239,6 +244,7 @@ UTEST(TM_APPLY_SECURITY, HAPPY_PATH_CLEAR_FECF_LEFT_BLANK) **/ UTEST(TM_APPLY_SECURITY, SECONDARY_HDR_PRESENT_PLAINTEXT) { + remove("sa_save_file.bin"); // Local Variables int32_t status = CRYPTO_LIB_SUCCESS; SecurityAssociation_t* sa_ptr = NULL; @@ -304,6 +310,7 @@ UTEST(TM_APPLY_SECURITY, SECONDARY_HDR_PRESENT_PLAINTEXT) **/ UTEST(TM_APPLY_SECURITY, SECONDARY_HDR_PRESENT_MAC) { + remove("sa_save_file.bin"); // Setup & Initialize CryptoLib Crypto_Init_TM_Unit_Test(); // Local Variables @@ -376,6 +383,7 @@ UTEST(TM_APPLY_SECURITY, SECONDARY_HDR_PRESENT_MAC) **/ UTEST(TM_APPLY_SECURITY, AES_CMAC_256_TEST_0) { + remove("sa_save_file.bin"); // Local Variables int32_t status = CRYPTO_LIB_SUCCESS; SecurityAssociation_t *sa_ptr = NULL; @@ -461,6 +469,7 @@ UTEST(TM_APPLY_SECURITY, AES_CMAC_256_TEST_0) **/ UTEST(TM_APPLY_SECURITY, AES_CMAC_256_TEST_1) { + remove("sa_save_file.bin"); // Local Variables int32_t status = CRYPTO_LIB_SUCCESS; SecurityAssociation_t *sa_ptr = NULL; @@ -555,6 +564,7 @@ UTEST(TM_APPLY_SECURITY, AES_CMAC_256_TEST_1) **/ UTEST(TM_APPLY_ENC_VAL, AES_HMAC_SHA_256_TEST_0) { + remove("sa_save_file.bin"); // Local Variables int32_t status = CRYPTO_LIB_SUCCESS; SecurityAssociation_t *sa_ptr = NULL; @@ -641,6 +651,7 @@ UTEST(TM_APPLY_ENC_VAL, AES_HMAC_SHA_256_TEST_0) **/ UTEST(TM_APPLY_ENC_VAL, AES_HMAC_SHA_256_TEST_1) { + remove("sa_save_file.bin"); // Local Variables int32_t status = CRYPTO_LIB_SUCCESS; SecurityAssociation_t *sa_ptr = NULL; @@ -728,6 +739,7 @@ UTEST(TM_APPLY_ENC_VAL, AES_HMAC_SHA_256_TEST_1) **/ UTEST(TM_APPLY_ENC_VAL, AES_HMAC_SHA_512_TEST_0) { + remove("sa_save_file.bin"); // Local Variables int32_t status = CRYPTO_LIB_SUCCESS; SecurityAssociation_t *sa_ptr = NULL; @@ -825,6 +837,7 @@ UTEST(TM_APPLY_ENC_VAL, AES_HMAC_SHA_512_TEST_0) **/ UTEST(TM_APPLY_ENC_VAL, AES_HMAC_SHA_512_TEST_1) { + remove("sa_save_file.bin"); // Local Variables int32_t status = CRYPTO_LIB_SUCCESS; SecurityAssociation_t *sa_ptr = NULL; @@ -918,6 +931,7 @@ UTEST(TM_APPLY_ENC_VAL, AES_HMAC_SHA_512_TEST_1) **/ UTEST(TM_APPLY_ENC_VAL, AES_GCM_BITMASK_1) { + remove("sa_save_file.bin"); // Setup & Initialize CryptoLib Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, @@ -1012,6 +1026,7 @@ UTEST(TM_APPLY_ENC_VAL, AES_GCM_BITMASK_1) **/ UTEST(TM_APPLY_ENC_VAL, AEAD_AES_GCM_BITMASK_1) { + remove("sa_save_file.bin"); // Setup & Initialize CryptoLib Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, diff --git a/test/unit/ut_tm_process.c b/test/unit/ut_tm_process.c index 9f90d2dd..4f532007 100644 --- a/test/unit/ut_tm_process.c +++ b/test/unit/ut_tm_process.c @@ -32,6 +32,7 @@ **/ UTEST(TM_PROCESS_SECURITY, NO_CRYPTO_INIT) { + remove("sa_save_file.bin"); // Local variables int32_t status = CRYPTO_LIB_ERROR; int framed_tm_len = 0; @@ -72,6 +73,7 @@ UTEST(TM_PROCESS_SECURITY, NO_CRYPTO_INIT) **/ UTEST(TM_PROCESS_SECURITY, NO_CONFIG) { + remove("sa_save_file.bin"); // Local variables int32_t status = CRYPTO_LIB_ERROR; int framed_tm_len = 0; @@ -112,6 +114,7 @@ UTEST(TM_PROCESS_SECURITY, NO_CONFIG) **/ UTEST(TM_PROCESS_SECURITY, HAPPY_PATH_CLEAR_FECF) { + remove("sa_save_file.bin"); // Local Variables int32_t status = CRYPTO_LIB_SUCCESS; uint8_t* ptr_processed_frame = NULL; @@ -165,6 +168,7 @@ UTEST(TM_PROCESS_SECURITY, HAPPY_PATH_CLEAR_FECF) **/ UTEST(TM_PROCESS_SECURITY, SECONDARY_HDR_PRESENT_PLAINTEXT) { + remove("sa_save_file.bin"); // Local Variables int32_t status = CRYPTO_LIB_SUCCESS; uint8_t* ptr_processed_frame = NULL; @@ -218,6 +222,7 @@ UTEST(TM_PROCESS_SECURITY, SECONDARY_HDR_PRESENT_PLAINTEXT) **/ UTEST(TM_PROCESS_SECURITY, SECONDARY_HDR_PRESENT_MAC) { + remove("sa_save_file.bin"); // Local Variables int32_t status = CRYPTO_LIB_SUCCESS; uint8_t* ptr_processed_frame = NULL; @@ -297,6 +302,7 @@ UTEST(TM_PROCESS_SECURITY, SECONDARY_HDR_PRESENT_MAC) **/ UTEST(TM_PROCESS_SECURITY, AES_CMAC_256_TEST_0) { + remove("sa_save_file.bin"); // Local Variables int32_t status = CRYPTO_LIB_SUCCESS; uint8_t* ptr_processed_frame = NULL; @@ -389,6 +395,7 @@ UTEST(TM_PROCESS_SECURITY, AES_CMAC_256_TEST_0) **/ UTEST(TM_PROCESS_SECURITY, AES_CMAC_256_TEST_1) { + remove("sa_save_file.bin"); // Local Variables int32_t status = CRYPTO_LIB_SUCCESS; uint8_t* ptr_processed_frame = NULL; @@ -484,6 +491,7 @@ UTEST(TM_PROCESS_SECURITY, AES_CMAC_256_TEST_1) **/ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_256_TEST_0) { + remove("sa_save_file.bin"); // Local Variables int32_t status = CRYPTO_LIB_SUCCESS; uint8_t* ptr_processed_frame = NULL; @@ -577,6 +585,7 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_256_TEST_0) **/ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_256_TEST_1) { + remove("sa_save_file.bin"); // Local Variables int32_t status = CRYPTO_LIB_SUCCESS; uint8_t* ptr_processed_frame = NULL; @@ -670,6 +679,7 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_256_TEST_1) **/ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_512_TEST_0) { + remove("sa_save_file.bin"); // Local Variables int32_t status = CRYPTO_LIB_SUCCESS; uint8_t* ptr_processed_frame = NULL; @@ -768,6 +778,7 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_512_TEST_0) **/ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_512_TEST_1) { + remove("sa_save_file.bin"); // Local Variables int32_t status = CRYPTO_LIB_SUCCESS; uint8_t* ptr_processed_frame = NULL; @@ -867,6 +878,7 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_512_TEST_1) **/ UTEST(TM_PROCESS_ENC_VAL, AES_GCM_BITMASK_1) { + remove("sa_save_file.bin"); // Local Variables int32_t status = CRYPTO_LIB_SUCCESS; uint8_t* ptr_processed_frame = NULL; @@ -970,6 +982,7 @@ UTEST(TM_PROCESS_ENC_VAL, AES_GCM_BITMASK_1) **/ UTEST(TM_PROCESS_ENC_VAL, AEAD_AES_GCM_BITMASK_1) { + remove("sa_save_file.bin"); // Local Variables int32_t status = CRYPTO_LIB_SUCCESS; uint8_t* ptr_processed_frame = NULL; From 1890a3422689873ed3bea390122323796a7ca46c Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Mon, 29 Apr 2024 20:26:34 +0000 Subject: [PATCH 047/174] [nasa/cryptolib#77] Update Function Comments --- .../internal/sa_interface_inmemory.template.c | 30 +++++++++++++++---- 1 file changed, 24 insertions(+), 6 deletions(-) diff --git a/src/sa/internal/sa_interface_inmemory.template.c b/src/sa/internal/sa_interface_inmemory.template.c index 13cd9148..c1b97796 100644 --- a/src/sa/internal/sa_interface_inmemory.template.c +++ b/src/sa/internal/sa_interface_inmemory.template.c @@ -66,6 +66,10 @@ SaInterface get_sa_interface_inmemory(void) return &sa_if_struct; } +/** + * @brief Function: sa_load_file + * Loads saved sa_file + **/ int32_t sa_load_file() { FILE *sa_save_file; @@ -76,11 +80,15 @@ int32_t sa_load_file() if (sa_save_file == NULL) { +#ifdef SA_DEBUG printf("Unable to open sa_save_file!\n"); +#endif status = CRYPTO_LIB_ERR_FAIL_SA_LOAD; } else{ +#ifdef SA_DEBUG printf("Opened sa_save_file successfully!\n"); +#endif } if( status == CRYPTO_LIB_SUCCESS) { @@ -88,17 +96,16 @@ int32_t sa_load_file() if(success_flag) { status = CRYPTO_LIB_SUCCESS; -//#ifdef SA_DEBUG +#ifdef SA_DEBUG printf("SA Load Successfull!\n"); -//#endif +#endif } else { - printf("Status Flag: %d\n", success_flag); status = CRYPTO_LIB_ERR_FAIL_SA_LOAD; -//#ifdef SA_DEBUG +#ifdef SA_DEBUG printf("SA Load Failure!\n"); -//#endif +#endif } } @@ -106,7 +113,10 @@ int32_t sa_load_file() return status; } - +/** + * @brief Function: update_sa_from_ptr + * Updates SA Array with individual SA pointer. + **/ void update_sa_from_ptr(SecurityAssociation_t* sa_ptr) { int location = sa_ptr->spi; @@ -150,6 +160,10 @@ void update_sa_from_ptr(SecurityAssociation_t* sa_ptr) sa[location].arsnw = sa_ptr->arsnw; } +/** + * @brief Function: sa_perform_save + * Saves SA Array to file + **/ int32_t sa_perform_save(SecurityAssociation_t* sa_ptr) { int32_t status = CRYPTO_LIB_SUCCESS; @@ -212,6 +226,10 @@ static int32_t sa_save_sa(SecurityAssociation_t* sa) return status; } +/** + * @brief Function: sa_populate + * Populates in-memory SA + **/ void sa_populate(void) { sa[0].spi = 0; From 050c677d4047992269a20d170ef6dc5bc9d1c59f Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Mon, 29 Apr 2024 20:40:45 +0000 Subject: [PATCH 048/174] [nasa/cryptolib#77] Update CMake Unit Test Flag --- test/CMakeLists.txt | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt index 17ef2333..fc8b950c 100644 --- a/test/CMakeLists.txt +++ b/test/CMakeLists.txt @@ -57,9 +57,11 @@ add_test(NAME UT_TM_PROCESS COMMAND ${PROJECT_BINARY_DIR}/bin/ut_tm_process WORKING_DIRECTORY ${PROJECT_TEST_DIR}) -add_test(NAME UT_SA_SAVE - COMMAND ${PROJECT_BINARY_DIR}/bin/ut_sa_save - WORKING_DIRECTORY ${PROJECT_TEST_DIR}) +if(${SA_SAVE}) + add_test(NAME UT_SA_SAVE + COMMAND ${PROJECT_BINARY_DIR}/bin/ut_sa_save + WORKING_DIRECTORY ${PROJECT_TEST_DIR}) +endif() # add_test(NAME UT_MARIADB # COMMAND ${PROJECT_BINARY_DIR}/bin/ut_mariadb From c44ddd96257d31ceb5ed32386bf01f26eb7d9309 Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Mon, 29 Apr 2024 20:49:42 +0000 Subject: [PATCH 049/174] [nasa/cryptolib#77] Update CMake Flags, Debug Prints --- src/sa/internal/sa_interface_inmemory.template.c | 8 ++++---- support/scripts/build_kmc.sh | 2 +- test/CMakeLists.txt | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/sa/internal/sa_interface_inmemory.template.c b/src/sa/internal/sa_interface_inmemory.template.c index c1b97796..8ac3f808 100644 --- a/src/sa/internal/sa_interface_inmemory.template.c +++ b/src/sa/internal/sa_interface_inmemory.template.c @@ -187,16 +187,16 @@ int32_t sa_perform_save(SecurityAssociation_t* sa_ptr) { status = CRYPTO_LIB_SUCCESS; -//#ifdef DEBUG +#ifdef SA_DEBUG printf("SA Written Successfull to file!\n"); -//#endif +#endif } else { status = CRYPTO_LIB_ERR_FAIL_SA_SAVE; -//#ifdef DEBUG +#ifdef SA_DEBUG printf("ERROR: SA Write FAILED!\n"); -//#endif +#endif } } fclose(sa_save_file); diff --git a/support/scripts/build_kmc.sh b/support/scripts/build_kmc.sh index e0c2846c..95c1489f 100755 --- a/support/scripts/build_kmc.sh +++ b/support/scripts/build_kmc.sh @@ -9,4 +9,4 @@ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) source $SCRIPT_DIR/env.sh -cmake $BASE_DIR -DCODECOV=1 -DDEBUG=1 -DCRYPTO_KMC=1 -DKEY_KMC=1 -DMC_DISABLED=1 -DSA_MARIADB=1 -DTEST=1 -DTEST_ENC=1 -DKMC_CFFI_EXCLUDE=1 && make && make test +cmake $BASE_DIR -DCODECOV=1 -DDEBUG=1 -DCRYPTO_KMC=1 -DKEY_KMC=1 -DMC_DISABLED=1 -DSA_MARIADB=1 -DTEST=1 -DTEST_ENC=1 -DKMC_CFFI_EXCLUDE=1 -DSA_FILE=1 && make && make test diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt index fc8b950c..62b30238 100644 --- a/test/CMakeLists.txt +++ b/test/CMakeLists.txt @@ -57,7 +57,7 @@ add_test(NAME UT_TM_PROCESS COMMAND ${PROJECT_BINARY_DIR}/bin/ut_tm_process WORKING_DIRECTORY ${PROJECT_TEST_DIR}) -if(${SA_SAVE}) +if(${SA_FILE}) add_test(NAME UT_SA_SAVE COMMAND ${PROJECT_BINARY_DIR}/bin/ut_sa_save WORKING_DIRECTORY ${PROJECT_TEST_DIR}) From 624dd1a96af4c8afc3b5b5c07dbf7f73472685a3 Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Mon, 29 Apr 2024 21:26:40 +0000 Subject: [PATCH 050/174] [nasa/cryptolib#77] CMake Flags, add Save File Flag to all build scripts --- support/scripts/build_rhel.sh | 2 +- support/scripts/build_wolf.sh | 2 +- test/CMakeLists.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) mode change 100644 => 100755 support/scripts/build_rhel.sh diff --git a/support/scripts/build_rhel.sh b/support/scripts/build_rhel.sh old mode 100644 new mode 100755 index 57800a21..94053036 --- a/support/scripts/build_rhel.sh +++ b/support/scripts/build_rhel.sh @@ -9,4 +9,4 @@ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) source $SCRIPT_DIR/env.sh -cmake $BASE_DIR -DCODECOV=1 -DDEBUG=1 -DMC_INTERNAL=1 -DTEST=1 -DTEST_ENC=1 && make && make test +cmake $BASE_DIR -DCODECOV=1 -DDEBUG=1 -DMC_INTERNAL=1 -DTEST=1 -DTEST_ENC=1 -DSA_FILE=1 && make && make test diff --git a/support/scripts/build_wolf.sh b/support/scripts/build_wolf.sh index a8813ef9..0cae1611 100755 --- a/support/scripts/build_wolf.sh +++ b/support/scripts/build_wolf.sh @@ -9,4 +9,4 @@ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) source $SCRIPT_DIR/env.sh -cmake $BASE_DIR -DCODECOV=1 -DDEBUG=1 -DCRYPTO_LIBGCRYPT=0 -DCRYPTO_WOLFSSL=1 -DTEST=1 -DTEST_ENC=1 && make && make test +cmake $BASE_DIR -DCODECOV=1 -DDEBUG=1 -DCRYPTO_LIBGCRYPT=0 -DCRYPTO_WOLFSSL=1 -DTEST=1 -DTEST_ENC=1 -DSA_FILE=1 && make && make test diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt index 62b30238..ac9352a8 100644 --- a/test/CMakeLists.txt +++ b/test/CMakeLists.txt @@ -57,7 +57,7 @@ add_test(NAME UT_TM_PROCESS COMMAND ${PROJECT_BINARY_DIR}/bin/ut_tm_process WORKING_DIRECTORY ${PROJECT_TEST_DIR}) -if(${SA_FILE}) +if(SA_FILE) add_test(NAME UT_SA_SAVE COMMAND ${PROJECT_BINARY_DIR}/bin/ut_sa_save WORKING_DIRECTORY ${PROJECT_TEST_DIR}) From d28cb6e879c216532364cc6c11583d782abc7f1e Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Tue, 30 Apr 2024 04:33:42 +0000 Subject: [PATCH 051/174] [nasa/cryptolib#211] Modify sadb_get_sa_from_spi. Unnecessary NULL comparison --- src/sa/internal/sa_interface_inmemory.template.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/src/sa/internal/sa_interface_inmemory.template.c b/src/sa/internal/sa_interface_inmemory.template.c index 7e129e5c..99d14677 100644 --- a/src/sa/internal/sa_interface_inmemory.template.c +++ b/src/sa/internal/sa_interface_inmemory.template.c @@ -439,16 +439,13 @@ static int32_t sa_close(void) static int32_t sa_get_from_spi(uint16_t spi, SecurityAssociation_t** security_association) { int32_t status = CRYPTO_LIB_SUCCESS; - if (sa == NULL) - { - return CRYPTO_LIB_ERR_NO_INIT; - } *security_association = &sa[spi]; - if (sa[spi].iv == NULL && (sa[spi].shivf_len > 0) && crypto_config.cryptography_type != CRYPTOGRAPHY_TYPE_KMCCRYPTO) + if ((sa[spi].iv == NULL) && (sa[spi].shivf_len > 0) && crypto_config.cryptography_type != CRYPTOGRAPHY_TYPE_KMCCRYPTO) { return CRYPTO_LIB_ERR_NULL_IV; } // Must have IV if doing encryption or authentication - if (sa[spi].abm == NULL && sa[spi].ast) + + if ((sa[spi].abm_len == 0) && sa[spi].ast) { return CRYPTO_LIB_ERR_NULL_ABM; } // Must have abm if doing authentication From a9a6cf0da3c0859d70d8dc4ef0ad71d01a0d8224 Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Tue, 30 Apr 2024 14:07:12 +0000 Subject: [PATCH 052/174] [nasa/cryptolib#77] SA_SAVE - Filename define --- include/crypto.h | 5 +++++ src/sa/internal/sa_interface_inmemory.template.c | 12 ++++-------- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/include/crypto.h b/include/crypto.h index 2fcec8bc..2652ee3a 100644 --- a/include/crypto.h +++ b/include/crypto.h @@ -51,6 +51,11 @@ #define CRYPTO_LIB_REVISION 2 #define CRYPTO_LIB_MISSION_REV 0 +/* +** SAVE FILE NAME/LOCATION +*/ +#define CRYPTO_SA_SAVE "sa_save_file.bin" + /* ** TC_BLOCK_SIZE */ diff --git a/src/sa/internal/sa_interface_inmemory.template.c b/src/sa/internal/sa_interface_inmemory.template.c index 8ac3f808..132663b7 100644 --- a/src/sa/internal/sa_interface_inmemory.template.c +++ b/src/sa/internal/sa_interface_inmemory.template.c @@ -76,7 +76,7 @@ int32_t sa_load_file() int32_t status = CRYPTO_LIB_SUCCESS; int success_flag = 0; - sa_save_file = fopen("sa_save_file.bin", "rb+"); // Should this be rb instead of wb+ + sa_save_file = fopen(CRYPTO_SA_SAVE, "rb+"); // Should this be rb instead of wb+ if (sa_save_file == NULL) { @@ -172,7 +172,7 @@ int32_t sa_perform_save(SecurityAssociation_t* sa_ptr) update_sa_from_ptr(sa_ptr); - sa_save_file = fopen("sa_save_file.bin", "wb"); + sa_save_file = fopen(CRYPTO_SA_SAVE, "wb"); if (sa_save_file == NULL) { @@ -218,11 +218,7 @@ static int32_t sa_save_sa(SecurityAssociation_t* sa) status = sa_perform_save(sa); ignore_save = 0; #endif - if (ignore_save) sa = sa; // TODO - use argument - - // We could do a memory copy of the SA into the sa[NUM_SA] array at the given SPI, however, the inmemory code - // currently updates in place so no need for that. - // If we change the in-place update logic, we should update this function to actually update the SA. + if (ignore_save) sa = sa; return status; } @@ -586,7 +582,7 @@ int32_t sa_init(void) #ifdef SA_FILE use_internal = 0; status = sa_load_file(); - if (status != CRYPTO_LIB_SUCCESS) //Do we error out here, or is it ok to do as below and populate with internal on failure. + if (status != CRYPTO_LIB_SUCCESS) { #ifdef DEBUG printf("SA Load Failure!\n"); From 131a84613e6d9cd731c77e93e456c968e571ecc5 Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Thu, 2 May 2024 15:15:53 +0000 Subject: [PATCH 053/174] [nasa/cryptolib#240] Custom Module Paths - CMake updates --- CMakeLists.txt | 38 ++++++++++++++++++++++++++++++++++++++ src/CMakeLists.txt | 6 +++--- 2 files changed, 41 insertions(+), 3 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 4a9b79b3..b7216ca1 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -18,6 +18,15 @@ cmake_minimum_required(VERSION 3.14.0) project(crypto C) +# +# CUSTOM PATH Definiton +# +set(SA_CUSTOM_PATH_DEFAULT "../../sa/custom") +set(SA_CUSTOM_KEY_DEFAULT "../../key/custom") +set(SA_CUSTOM_MC_DEFAULT "../../mc/custom") + + + # # Define Build Flags # The default value is captured in line, change with flag `-DXYZ=1` @@ -29,12 +38,15 @@ option(CRYPTO_KMC "Cryptography Module - KMC" OFF) option(CRYPTO_WOLFSSL "Cryptography Module - WolfSSL" OFF) option(DEBUG "Debug" OFF) option(KEY_CUSTOM "Key Module - Custom" OFF) +option(KEY_CUSTOM_PATH "Custom Key Path" OFF) option(KEY_INTERNAL "Key Module - Internal" ON) option(KEY_KMC "Key Module - KMC" OFF) option(MC_CUSTOM "Monitoring and Control - Custom" OFF) +option(MC_CUSTOM_PATH "Custom Monitoring and Control path" OFF) option(MC_DISABLED "Monitoring and Control - Disabled" OFF) option(MC_INTERNAL "Monitoring and Control - Internal" ON) option(SA_CUSTOM "Security Association - Custom" OFF) +option(SA_CUSTOM_PATH "Custion Security Association Path" OFF) option(SA_INTERNAL "Security Association - Internal" ON) option(SA_MARIADB "Security Association - MariaDB" OFF) option(SUPPORT "Support" OFF) @@ -46,6 +58,32 @@ OPTION(KMC_MDB_RH "KMC-MDB-RedHat-Integration-Testing" OFF) #Disabled by default OPTION(KMC_MDB_DB "KMC-MDB-Debian-Integration-Testing" OFF) #Disabled by default, enable with: -DKMC_MDB_DB=ON OPTION(KMC_CFFI_EXCLUDE "KMC-Exclude-Problematic-CFFI-Code" OFF) #Disabled by default, enable with: -DKMC_CFFI_EXCLUDE=ON + +# +# Custom Module Paths +# +if(KEY_CUSTOM) + if(NOT DEFINED ${KEY_CUSTOM_PATH}) + set(KEY_CUSTOM_PATH ${KEY_CUSTOM_PATH_DEFAULT}) + endif() + message(STATUS "KEY_CUSTOM being utilized. Path set to: ${KEY_CUSTOM_PATH}") +endif() + +if(MC_CUSTOM) + if(NOT DEFINED ${KEY_CUSTOM_PATH}) + set(MC_CUSTOM_PATH ${MC_CUSTOM_PATH_DEFAULT}) + endif() + message(STATUS "MC_CUSTOM being utilized. Path set to: ${MC_CUSTOM_PATH}") +endif() + +if(SA_CUSTOM) + if(NOT DEFINED ${SA_CUSTOM_PATH}) + set(SA_CUSTOM_PATH ${SA_CUSTOM_PATH_DEFAULT}) + endif() + message(STATUS "SA_CUSTOM being utilized. Path set to: ${SA_CUSTOM_PATH}") +endif() + + # # Build Flag Logic # diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 48249225..dec1fb70 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -45,7 +45,7 @@ endif() if(KEY_CUSTOM) # Assumes CryptoLib is a Git submodule to project and custom directories and definitions exist at top level - aux_source_directory(../../key/custom KEY_CUSTOM_FILES) + aux_source_directory(KEY_CUSTOM_PATH KEY_CUSTOM_FILES) list(APPEND LIB_SRC_FILES ${KEY_CUSTOM_FILES}) else() aux_source_directory(key/custom_stub KEY_CUSTOM_FILES) @@ -70,7 +70,7 @@ endif() if(MC_CUSTOM) # Assumes CryptoLib is a Git submodule to project and custom directories and definitions exist at top level - aux_source_directory(../../mc/custom MC_CUSTOM_FILES) + aux_source_directory(MC_CUSTOM_PATH MC_CUSTOM_FILES) list(APPEND LIB_SRC_FILES ${MC_CUSTOM_FILES}) else() aux_source_directory(mc/custom_stub MC_CUSTOM_FILES) @@ -95,7 +95,7 @@ endif() if(SA_CUSTOM) # Assumes CryptoLib is a Git submodule to project and custom directories and definitions exist at top level - aux_source_directory(../../sa/custom SA_CUSTOM_FILES) + aux_source_directory(SA_CUSTOM_PATH SA_CUSTOM_FILES) list(APPEND LIB_SRC_FILES ${SA_CUSTOM_FILES}) else() aux_source_directory(sa/custom_stub SA_CUSTOM_FILES) From 7263751e72689d2b331c0dbc9ab61f5c45c249b5 Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Thu, 2 May 2024 15:18:14 +0000 Subject: [PATCH 054/174] [nasa/cryptolib#240] Custom Module Paths - CMake updates --- CMakeLists.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index b7216ca1..ec88dcec 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -22,8 +22,8 @@ project(crypto C) # CUSTOM PATH Definiton # set(SA_CUSTOM_PATH_DEFAULT "../../sa/custom") -set(SA_CUSTOM_KEY_DEFAULT "../../key/custom") -set(SA_CUSTOM_MC_DEFAULT "../../mc/custom") +set(KEY_CUSTOM_PATH_DEFAULT "../../key/custom") +set(MC_CUSTOM_PATH_DEFAULT "../../mc/custom") From 510e9dc95e5c8134c520c8716f87c18d231e608e Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Thu, 2 May 2024 15:29:44 +0000 Subject: [PATCH 055/174] [nasa/cryptolib#239] Custom Crypto Module - CMake updates --- CMakeLists.txt | 10 ++++++++++ src/CMakeLists.txt | 8 ++++++++ 2 files changed, 18 insertions(+) diff --git a/CMakeLists.txt b/CMakeLists.txt index ec88dcec..4e92c721 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -24,6 +24,7 @@ project(crypto C) set(SA_CUSTOM_PATH_DEFAULT "../../sa/custom") set(KEY_CUSTOM_PATH_DEFAULT "../../key/custom") set(MC_CUSTOM_PATH_DEFAULT "../../mc/custom") +set(CRYPTO_CUSTOM_PATH_DEFAULT "../../crypto/custom") @@ -36,6 +37,8 @@ option(CODECOV "Code Coverage" OFF) option(CRYPTO_LIBGCRYPT "Cryptography Module - Libgcrypt" ON) option(CRYPTO_KMC "Cryptography Module - KMC" OFF) option(CRYPTO_WOLFSSL "Cryptography Module - WolfSSL" OFF) +option(CRYPTO_CUSTOM "Cryptography Module - CUSTOM" OFF) +option(CRYPTO_CUSTOM_PATH "Cryptography Module - CUSTOM PATH" OFF) option(DEBUG "Debug" OFF) option(KEY_CUSTOM "Key Module - Custom" OFF) option(KEY_CUSTOM_PATH "Custom Key Path" OFF) @@ -83,6 +86,13 @@ if(SA_CUSTOM) message(STATUS "SA_CUSTOM being utilized. Path set to: ${SA_CUSTOM_PATH}") endif() +if(CRYPTO_CUSTOM) + if(NOT DEFINED ${CRYPTO_CUSTOM_PATH}) + set(CRYPTO_CUSTOM_PATH ${CRYPTO_CUSTOM_PATH_DEFAULT}) + endif() + message(STATUS "CRYPTO_CUSTOM being utilized. Path set to: ${CRYPTO_CUSTOM_PATH}") +endif() + # # Build Flag Logic diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index dec1fb70..26e32e0c 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -19,6 +19,14 @@ include_directories(../include) aux_source_directory(core LIB_SRC_FILES) +if(CRYPTO_CUSTOM) + aux_source_directory(CRYPTO_CUSTOM_PATH CRYPTO_FILES) + list(APPEND LIB_SRC_FILES ${CRYPTO_FILES}) +else() + aux_source_directory(crypto/custom_stub CRYPTO_FILES) + list(APPEND LIB_SRC_FILES ${CRYPTO_FILES}) +endif() + if(CRYPTO_LIBGCRYPT) aux_source_directory(crypto/libgcrypt LIBGCRYPT_FILES) list(APPEND LIB_SRC_FILES ${LIBGCRYPT_FILES}) From c85304a806715c183d5b778b4e090a577e453b94 Mon Sep 17 00:00:00 2001 From: "NDC\\rjbrown6" Date: Wed, 29 May 2024 13:38:55 -0400 Subject: [PATCH 056/174] [nasa/cryptolib#241] Convert SA character pointers to arrays. Remove allocations and frees, new clear functionality, Update unit tests --- include/crypto.h | 4 +++ include/crypto_config.h | 1 + include/crypto_structs.h | 4 +-- src/core/crypto.c | 26 ++++++++++++++ src/core/crypto_print.c | 4 +-- src/core/crypto_tc.c | 4 +-- ...hy_interface_kmc_crypto_service.template.c | 8 ++--- .../internal/sa_interface_inmemory.template.c | 18 +++++++--- .../mariadb/sa_interface_mariadb.template.c | 15 ++++---- test/kmc/ut_mariadb.c | 10 +++--- test/unit/ut_sa_save.c | 34 +++++++++++++++---- 11 files changed, 98 insertions(+), 30 deletions(-) diff --git a/include/crypto.h b/include/crypto.h index d082d8ef..5525d917 100644 --- a/include/crypto.h +++ b/include/crypto.h @@ -238,6 +238,10 @@ int32_t Crypto_User_ModifyVCID(void); // SA Save Functions int32_t sa_perform_save(SecurityAssociation_t* sa); +// Clean REF +void clean_ekref(SecurityAssociation_t* sa); +void clean_akref(SecurityAssociation_t* sa); + // Determine Payload Data Unit int32_t Crypto_Process_Extended_Procedure_Pdu(TC_t* tc_sdls_processed_frame, uint8_t* ingest); int32_t Crypto_PDU(uint8_t* ingest, TC_t* tc_frame); diff --git a/include/crypto_config.h b/include/crypto_config.h index bb252475..4ac51739 100644 --- a/include/crypto_config.h +++ b/include/crypto_config.h @@ -116,6 +116,7 @@ #define ENABLED 1 #define IV_SIZE 16 /* TM IV size bytes */ #define IV_SIZE_TC 4 /* TC IV size bytes */ +#define REF_SIZE 250 #define OCF_SIZE 4 #define MAC_SIZE 16 /* bytes */ #define FECF_SIZE 2 diff --git a/include/crypto_structs.h b/include/crypto_structs.h index 584ae7e0..d5ed2bdb 100644 --- a/include/crypto_structs.h +++ b/include/crypto_structs.h @@ -52,8 +52,8 @@ typedef struct uint16_t spi; // Security Parameter Index uint16_t ekid; // Encryption Key ID (Used with numerically indexed keystores, EG inmemory keyring) uint16_t akid; // Authentication Key ID - char* ek_ref; // Encryption Key Reference (Used with string-referenced keystores,EG-PKCS12 keystores, KMC crypto) - char* ak_ref; // Authentication Key Reference (Used with string-referenced keystores,EG-PKCS12 keystores, KMC crypto) + char ek_ref[REF_SIZE]; // Encryption Key Reference (Used with string-referenced keystores,EG-PKCS12 keystores, KMC crypto) + char ak_ref[REF_SIZE]; // Authentication Key Reference (Used with string-referenced keystores,EG-PKCS12 keystores, KMC crypto) uint8_t sa_state : 2; crypto_gvcid_t gvcid_blk; // crypto_gvcid_t gvcid_tm_blk[NUM_GVCID]; diff --git a/src/core/crypto.c b/src/core/crypto.c index 048f6ea1..40f3e724 100644 --- a/src/core/crypto.c +++ b/src/core/crypto.c @@ -64,6 +64,32 @@ uint16_t crc16Table[256]; ** Assisting Functions */ +/** + * @brief Function: clean_ekref + * Looks up cipher suite ID and determines if it's an AEAD algorithm. Returns 1 if true, 0 if false; + * @param sa: SecurityAssocation_t* + **/ +void clean_ekref(SecurityAssociation_t* sa) +{ + for(int y = 0; y < REF_SIZE; y++) + { + sa->ek_ref[y] = '\0'; + } +} + +/** + * @brief Function: clean_akref + * Looks up cipher suite ID and determines if it's an AEAD algorithm. Returns 1 if true, 0 if false; + * @param sa: SecurityAssocation_t* + **/ +void clean_akref(SecurityAssociation_t* sa) +{ + for(int y = 0; y < REF_SIZE; y++) + { + sa->ak_ref[y] = '\0'; + } +} + /** * @brief Function: Crypto_Is_AEAD_Algorithm * Looks up cipher suite ID and determines if it's an AEAD algorithm. Returns 1 if true, 0 if false; diff --git a/src/core/crypto_print.c b/src/core/crypto_print.c index c58aac00..f7e5f6be 100644 --- a/src/core/crypto_print.c +++ b/src/core/crypto_print.c @@ -209,9 +209,9 @@ void Crypto_saPrint(SecurityAssociation_t* sa) } } printf("\t ekid = %d \n", sa->ekid); - //printf("\t ek_ref = %s \n", sa->ek_ref); + printf("\t ek_ref = %s \n", sa->ek_ref); printf("\t akid = %d \n", sa->akid); - //printf("\t ak_ref = %s \n", sa->ak_ref); + printf("\t ak_ref = %s \n", sa->ak_ref); printf("\t iv_len = %d \n", sa->iv_len); if (sa->iv_len > 0) { diff --git a/src/core/crypto_tc.c b/src/core/crypto_tc.c index 66854bcc..f03ae50c 100644 --- a/src/core/crypto_tc.c +++ b/src/core/crypto_tc.c @@ -1593,8 +1593,8 @@ int32_t Crypto_TC_Check_IV_ARSN(SecurityAssociation_t* sa_ptr,TC_t* tc_sdls_proc { if (crypto_config.sa_type == SA_TYPE_MARIADB) { - if (sa_ptr->ek_ref != NULL) - free(sa_ptr->ek_ref); + //if (sa_ptr->ek_ref != NULL) + // free(sa_ptr->ek_ref); free(sa_ptr); } } diff --git a/src/crypto/kmc/cryptography_interface_kmc_crypto_service.template.c b/src/crypto/kmc/cryptography_interface_kmc_crypto_service.template.c index 94bb8b0a..a1462aad 100644 --- a/src/crypto/kmc/cryptography_interface_kmc_crypto_service.template.c +++ b/src/crypto/kmc/cryptography_interface_kmc_crypto_service.template.c @@ -320,7 +320,7 @@ static int32_t cryptography_encrypt(uint8_t* data_out, size_t len_data_out, printf("IV Base64 URL Encoded: %s\n",iv_base64); #endif - if(sa_ptr->ek_ref == NULL) + if(sa_ptr->ek_ref[0] == '\0') { status = CRYPTOGRAHPY_KMC_NULL_ENCRYPTION_KEY_REFERENCE_IN_SA; return status; @@ -565,7 +565,7 @@ static int32_t cryptography_decrypt(uint8_t* data_out, size_t len_data_out, #endif - if(sa_ptr->ek_ref == NULL) + if(sa_ptr->ek_ref[0] == '\0') { status = CRYPTOGRAHPY_KMC_NULL_ENCRYPTION_KEY_REFERENCE_IN_SA; return status; @@ -1177,7 +1177,7 @@ static int32_t cryptography_aead_encrypt(uint8_t* data_out, size_t len_data_out, printf("IV Base64 URL Encoded: %s\n",iv_base64); #endif - if(sa_ptr->ek_ref == NULL) + if(sa_ptr->ek_ref[0] == '\0') { status = CRYPTOGRAHPY_KMC_NULL_ENCRYPTION_KEY_REFERENCE_IN_SA; free(iv_base64); @@ -1553,7 +1553,7 @@ static int32_t cryptography_aead_decrypt(uint8_t* data_out, size_t len_data_out, #endif - if(sa_ptr->ek_ref == NULL) + if(sa_ptr->ek_ref[0] == '\0') { status = CRYPTOGRAHPY_KMC_NULL_ENCRYPTION_KEY_REFERENCE_IN_SA; return status; diff --git a/src/sa/internal/sa_interface_inmemory.template.c b/src/sa/internal/sa_interface_inmemory.template.c index 92fd4bf9..29bde189 100644 --- a/src/sa/internal/sa_interface_inmemory.template.c +++ b/src/sa/internal/sa_interface_inmemory.template.c @@ -123,8 +123,10 @@ void update_sa_from_ptr(SecurityAssociation_t* sa_ptr) sa[location].spi = sa_ptr->spi; sa[location].ekid = sa_ptr->ekid; sa[location].akid = sa_ptr->akid; - sa[location].ek_ref = sa_ptr->ek_ref; - sa[location].ak_ref = sa_ptr->ak_ref; + memcpy(sa[location].ek_ref, sa_ptr->ek_ref, REF_SIZE); + //sa[location].ek_ref = sa_ptr->ek_ref; + memcpy(sa[location].ak_ref, sa_ptr->ak_ref, REF_SIZE); + //sa[location].ak_ref = sa_ptr->ak_ref; sa[location].sa_state = sa_ptr->sa_state; sa[location].gvcid_blk = sa_ptr->gvcid_blk; sa[location].lpid = sa_ptr->lpid; @@ -412,7 +414,9 @@ void sa_populate(void) sa[10].gvcid_blk.scid = 0x002C; sa[10].gvcid_blk.vcid = 1; sa[10].gvcid_blk.mapid = TYPE_TC; - sa[10].ek_ref = (char*) "kmc/test/key130"; + char ek_ref_string[20] = "kmc/test/key130"; + memcpy(sa[10].ek_ref, ek_ref_string, strlen(ek_ref_string)); + //sa[10].ek_ref = (char*) "kmc/test/key130"; // SA 11 - KEYED; ARSNW:5; AES-GCM; IV:00...00; IV-len:12; MAC-len:16; Key-ID: 130 // SA 11 VC0/1 is now 4-VC0, 7-VC1 @@ -436,7 +440,8 @@ void sa_populate(void) sa[11].gvcid_blk.scid = SCID & 0x3FF; sa[11].gvcid_blk.vcid = 0; sa[11].gvcid_blk.mapid = TYPE_TC; - sa[11].ek_ref = (char*) "kmc/test/key130"; + //sa[11].ek_ref = (char*) "kmc/test/key130"; + memcpy(sa[11].ek_ref, ek_ref_string, strlen(ek_ref_string)); // SA 12 - TM CLEAR MODE // SA 12 @@ -612,6 +617,11 @@ int32_t sa_init(void) { sa[x].abm[y] = 0; } + for( int y = 0; y < REF_SIZE; y++) + { + sa[x].ek_ref[y] = '\0'; + sa[x].ak_ref[y] = '\0'; + } sa[x].abm_len = 0; sa[x].acs_len = 0; sa[x].acs = 0; diff --git a/src/sa/mariadb/sa_interface_mariadb.template.c b/src/sa/mariadb/sa_interface_mariadb.template.c index add4a6f5..1e78217d 100644 --- a/src/sa/mariadb/sa_interface_mariadb.template.c +++ b/src/sa/mariadb/sa_interface_mariadb.template.c @@ -252,11 +252,14 @@ static int32_t sa_save_sa(SecurityAssociation_t* sa) // todo - if query fails, need to push failure message to error stack instead of just return code. // We free the allocated SA memory in the save function. - if (sa->ek_ref != NULL) - free(sa->ek_ref); - if (sa->ak_ref != NULL) - free(sa->ak_ref); + if (sa->ek_ref[0] != '\0') + clean_ekref(sa); + //free(sa->ek_ref); + if (sa->ak_ref[0] != '\0') + clean_akref(sa); + //free(sa->ak_ref); free(sa); + return status; } // Security Association Utility Functions @@ -376,7 +379,7 @@ static int32_t parse_sa_from_mysql_query(char* query, SecurityAssociation_t** se } else // Cryptography Type KMC Crypto Service with PKCS12 String Key References { sa->ekid = 0; - sa->ek_ref = malloc((strlen(row[i])+1) * sizeof(char)); + //sa->ek_ref = malloc((strlen(row[i])+1) * sizeof(char)); memcpy(sa->ek_ref, row[i], strlen(row[i])+1); } continue; @@ -388,7 +391,7 @@ static int32_t parse_sa_from_mysql_query(char* query, SecurityAssociation_t** se sa->akid = atoi(row[i]); } else // Cryptography Type KMC Crypto Service with PKCS12 String Key References { - sa->ak_ref = malloc((strlen(row[i])+1) * sizeof(char)); + //sa->ak_ref = malloc((strlen(row[i])+1) * sizeof(char)); memcpy(sa->ak_ref, row[i], strlen(row[i])+1); } continue; diff --git a/test/kmc/ut_mariadb.c b/test/kmc/ut_mariadb.c index 42a1dfe9..a062a722 100644 --- a/test/kmc/ut_mariadb.c +++ b/test/kmc/ut_mariadb.c @@ -40,10 +40,12 @@ void cleanup_sa(SecurityAssociation_t* test_association) { - if (test_association->ek_ref != NULL) - free(test_association->ek_ref); - if (test_association->ak_ref != NULL) - free(test_association->ak_ref); + if (test_association->ek_ref[0] != '\0') + clean_ek_ref(test_association); + // free(test_association->ek_ref); + if (test_association->ak_ref[0] != '\0') + clean_ak_ref(test_association); + // free(test_association->ak_ref); free(test_association); } diff --git a/test/unit/ut_sa_save.c b/test/unit/ut_sa_save.c index 7d30d485..8606f918 100644 --- a/test/unit/ut_sa_save.c +++ b/test/unit/ut_sa_save.c @@ -46,8 +46,11 @@ UTEST(SA_SAVE, VERIFY_INTERNAL) ASSERT_EQ(test_association->spi, 4); ASSERT_EQ(test_association->ekid, 130); ASSERT_EQ(test_association->akid, 4); - //test_association->ek_ref = sa_ptr->ek_ref; - //test_association->ak_ref = sa_ptr->ak_ref; + int str_cmp_output = 0; + str_cmp_output = strcmp(test_association->ek_ref, ""); + ASSERT_EQ(0, str_cmp_output); + str_cmp_output = strcmp(test_association->ak_ref, ""); + ASSERT_EQ(0, str_cmp_output); ASSERT_EQ(test_association->sa_state, SA_OPERATIONAL); ASSERT_EQ(test_association->gvcid_blk.tfvn, 0); ASSERT_EQ(test_association->gvcid_blk.scid, (SCID & 0x3FF)); @@ -122,6 +125,8 @@ UTEST(SA_SAVE, INTERNAL_DEFAULT_PASS_1) test_association->shivf_len = 6; test_association->iv_len = 12; test_association->arsn_len = 0; + strcpy(test_association->ek_ref, "TEST_EK_REF"); + strcpy(test_association->ak_ref, "TEST_AK_REF"); memcpy(test_association->iv + (test_association->iv_len - test_association->shivf_len), new_iv_b, new_iv_len); return_val = @@ -168,8 +173,16 @@ UTEST(SA_SAVE, VERIFY_DEFAULT_PASS_1_SAVE) ASSERT_EQ(test_association->spi, 4); ASSERT_EQ(test_association->ekid, 130); ASSERT_EQ(test_association->akid, 4); - //test_association->ek_ref = sa_ptr->ek_ref; - //test_association->ak_ref = sa_ptr->ak_ref; + int str_cmp_output = 0; + str_cmp_output = strcmp(test_association->ek_ref, "TEST_EK_REF"); + ASSERT_EQ(0, str_cmp_output); + str_cmp_output = strcmp(test_association->ek_ref, "TEST_EK_REF_BAD"); + ASSERT_NE(0, str_cmp_output); + str_cmp_output = strcmp(test_association->ak_ref, "TEST_AK_REF"); + ASSERT_EQ(0, str_cmp_output); + str_cmp_output = strcmp(test_association->ak_ref, "TEST_AK_REF_BAD"); + ASSERT_NE(0, str_cmp_output); + ASSERT_EQ(test_association->sa_state, SA_OPERATIONAL); ASSERT_EQ(test_association->gvcid_blk.tfvn, 0); ASSERT_EQ(test_association->gvcid_blk.scid, (SCID & 0x3FF)); @@ -254,6 +267,8 @@ UTEST(SA_SAVE, SAVE_PASS_1) test_association->shivf_len = 6; test_association->iv_len = 12; test_association->arsn_len = 0; + clean_akref(test_association); + clean_ekref(test_association); memcpy(test_association->iv + (test_association->iv_len - test_association->shivf_len), new_iv_b, new_iv_len); return_val = @@ -300,8 +315,15 @@ UTEST(SA_SAVE, VERIFY_SAVE_PASS_1_SAVE) ASSERT_EQ(test_association->spi, 4); ASSERT_EQ(test_association->ekid, 130); ASSERT_EQ(test_association->akid, 4); - //test_association->ek_ref = sa_ptr->ek_ref; - //test_association->ak_ref = sa_ptr->ak_ref; + int str_cmp_output = 0; + str_cmp_output = strcmp(test_association->ek_ref, ""); + ASSERT_EQ(0, str_cmp_output); + str_cmp_output = strcmp(test_association->ek_ref, "TEST_EK_REF_BAD"); + ASSERT_NE(0, str_cmp_output); + str_cmp_output = strcmp(test_association->ak_ref, ""); + ASSERT_EQ(0, str_cmp_output); + str_cmp_output = strcmp(test_association->ak_ref, "TEST_AK_REF_BAD"); + ASSERT_NE(0, str_cmp_output); ASSERT_EQ(test_association->sa_state, SA_OPERATIONAL); ASSERT_EQ(test_association->gvcid_blk.tfvn, 0); ASSERT_EQ(test_association->gvcid_blk.scid, (SCID & 0x3FF)); From 090a056c2ef791a319eed55a7f278b0fa0940a99 Mon Sep 17 00:00:00 2001 From: "NDC\\rjbrown6" Date: Wed, 29 May 2024 13:46:30 -0400 Subject: [PATCH 057/174] [nasa/cryptolib#241] Push missed save --- src/core/crypto_tc.c | 6 ++++-- .../cryptography_interface_kmc_crypto_service.template.c | 4 ++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/src/core/crypto_tc.c b/src/core/crypto_tc.c index f03ae50c..804339e4 100644 --- a/src/core/crypto_tc.c +++ b/src/core/crypto_tc.c @@ -1593,8 +1593,10 @@ int32_t Crypto_TC_Check_IV_ARSN(SecurityAssociation_t* sa_ptr,TC_t* tc_sdls_proc { if (crypto_config.sa_type == SA_TYPE_MARIADB) { - //if (sa_ptr->ek_ref != NULL) - // free(sa_ptr->ek_ref); + if (sa_ptr->ek_ref[0] != '\0') + clean_ekref(sa_ptr); + if (sa_ptr->ak_ref[0] != '\0') + clean_akref(sa_ptr); free(sa_ptr); } } diff --git a/src/crypto/kmc/cryptography_interface_kmc_crypto_service.template.c b/src/crypto/kmc/cryptography_interface_kmc_crypto_service.template.c index a1462aad..3edaebd0 100644 --- a/src/crypto/kmc/cryptography_interface_kmc_crypto_service.template.c +++ b/src/crypto/kmc/cryptography_interface_kmc_crypto_service.template.c @@ -762,7 +762,7 @@ static int32_t cryptography_authenticate(uint8_t* data_out, size_t len_data_out, return CRYPTO_LIB_ERR_NULL_BUFFER; } - if(sa_ptr->ak_ref == NULL) + if(sa_ptr->ak_ref[0] == '\0') { status = CRYPTOGRAHPY_KMC_NULL_AUTHENTICATION_KEY_REFERENCE_IN_SA; return status; @@ -995,7 +995,7 @@ static int32_t cryptography_validate_authentication(uint8_t* data_out, size_t le Crypto_hexprint(mac,mac_size); #endif - if(sa_ptr->ak_ref == NULL) + if(sa_ptr->ak_ref[0] == '\0') { status = CRYPTOGRAHPY_KMC_NULL_AUTHENTICATION_KEY_REFERENCE_IN_SA; return status; From b7b0806f82150c2ccf4b11517653a6db1df074af Mon Sep 17 00:00:00 2001 From: "NDC\\rjbrown6" Date: Wed, 29 May 2024 14:00:33 -0400 Subject: [PATCH 058/174] [nasa/cryptolib#241] Remove tracking comments --- src/sa/mariadb/sa_interface_mariadb.template.c | 2 -- test/kmc/ut_mariadb.c | 2 -- 2 files changed, 4 deletions(-) diff --git a/src/sa/mariadb/sa_interface_mariadb.template.c b/src/sa/mariadb/sa_interface_mariadb.template.c index 1e78217d..85e74824 100644 --- a/src/sa/mariadb/sa_interface_mariadb.template.c +++ b/src/sa/mariadb/sa_interface_mariadb.template.c @@ -379,7 +379,6 @@ static int32_t parse_sa_from_mysql_query(char* query, SecurityAssociation_t** se } else // Cryptography Type KMC Crypto Service with PKCS12 String Key References { sa->ekid = 0; - //sa->ek_ref = malloc((strlen(row[i])+1) * sizeof(char)); memcpy(sa->ek_ref, row[i], strlen(row[i])+1); } continue; @@ -391,7 +390,6 @@ static int32_t parse_sa_from_mysql_query(char* query, SecurityAssociation_t** se sa->akid = atoi(row[i]); } else // Cryptography Type KMC Crypto Service with PKCS12 String Key References { - //sa->ak_ref = malloc((strlen(row[i])+1) * sizeof(char)); memcpy(sa->ak_ref, row[i], strlen(row[i])+1); } continue; diff --git a/test/kmc/ut_mariadb.c b/test/kmc/ut_mariadb.c index a062a722..9f3c9e10 100644 --- a/test/kmc/ut_mariadb.c +++ b/test/kmc/ut_mariadb.c @@ -42,10 +42,8 @@ void cleanup_sa(SecurityAssociation_t* test_association) { if (test_association->ek_ref[0] != '\0') clean_ek_ref(test_association); - // free(test_association->ek_ref); if (test_association->ak_ref[0] != '\0') clean_ak_ref(test_association); - // free(test_association->ak_ref); free(test_association); } From 8d2f6d1babd4f6aeb04c35de01d421356b936887 Mon Sep 17 00:00:00 2001 From: "NDC\\rjbrown6" Date: Wed, 29 May 2024 14:16:34 -0400 Subject: [PATCH 059/174] [nasa/cryptolib#241] Update incorrect Function Doxygen comments --- src/core/crypto.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/core/crypto.c b/src/core/crypto.c index 40f3e724..975aa1fc 100644 --- a/src/core/crypto.c +++ b/src/core/crypto.c @@ -66,7 +66,7 @@ uint16_t crc16Table[256]; /** * @brief Function: clean_ekref - * Looks up cipher suite ID and determines if it's an AEAD algorithm. Returns 1 if true, 0 if false; + * Null terminates the entire array for EKREF * @param sa: SecurityAssocation_t* **/ void clean_ekref(SecurityAssociation_t* sa) @@ -79,7 +79,7 @@ void clean_ekref(SecurityAssociation_t* sa) /** * @brief Function: clean_akref - * Looks up cipher suite ID and determines if it's an AEAD algorithm. Returns 1 if true, 0 if false; + * Null terminates the entire array for AKREF * @param sa: SecurityAssocation_t* **/ void clean_akref(SecurityAssociation_t* sa) From a3789d3b8eac2ad6f866599f3dae8acaf3f2ae53 Mon Sep 17 00:00:00 2001 From: "NDC\\rjbrown6" Date: Wed, 29 May 2024 14:20:55 -0400 Subject: [PATCH 060/174] [nasa/cryptolib#241] Remove remaining tracking comments --- src/sa/internal/sa_interface_inmemory.template.c | 7 ------- src/sa/mariadb/sa_interface_mariadb.template.c | 2 -- 2 files changed, 9 deletions(-) diff --git a/src/sa/internal/sa_interface_inmemory.template.c b/src/sa/internal/sa_interface_inmemory.template.c index 29bde189..b330bfcd 100644 --- a/src/sa/internal/sa_interface_inmemory.template.c +++ b/src/sa/internal/sa_interface_inmemory.template.c @@ -124,9 +124,7 @@ void update_sa_from_ptr(SecurityAssociation_t* sa_ptr) sa[location].ekid = sa_ptr->ekid; sa[location].akid = sa_ptr->akid; memcpy(sa[location].ek_ref, sa_ptr->ek_ref, REF_SIZE); - //sa[location].ek_ref = sa_ptr->ek_ref; memcpy(sa[location].ak_ref, sa_ptr->ak_ref, REF_SIZE); - //sa[location].ak_ref = sa_ptr->ak_ref; sa[location].sa_state = sa_ptr->sa_state; sa[location].gvcid_blk = sa_ptr->gvcid_blk; sa[location].lpid = sa_ptr->lpid; @@ -142,7 +140,6 @@ void update_sa_from_ptr(SecurityAssociation_t* sa_ptr) { sa[location].iv[i] = sa_ptr->iv[i]; } - //sa[location].iv[0] = sa_ptr->iv; sa[location].iv_len = sa_ptr->iv_len; sa[location].acs_len = sa_ptr->acs_len; sa[location].acs = sa_ptr->acs; @@ -151,13 +148,11 @@ void update_sa_from_ptr(SecurityAssociation_t* sa_ptr) { sa[location].abm[i] = sa_ptr->abm[i]; } - //sa[location].abm[0] = sa_ptr->abm; sa[location].arsn_len = sa_ptr->arsn_len; for(int i = 0; iarsn_len; i++) { sa[location].arsn[i] = sa_ptr->arsn[i]; } - //sa[location].arsn[0] = sa_ptr->arsn; sa[location].arsnw_len = sa_ptr->arsnw_len; sa[location].arsnw = sa_ptr->arsnw; } @@ -416,7 +411,6 @@ void sa_populate(void) sa[10].gvcid_blk.mapid = TYPE_TC; char ek_ref_string[20] = "kmc/test/key130"; memcpy(sa[10].ek_ref, ek_ref_string, strlen(ek_ref_string)); - //sa[10].ek_ref = (char*) "kmc/test/key130"; // SA 11 - KEYED; ARSNW:5; AES-GCM; IV:00...00; IV-len:12; MAC-len:16; Key-ID: 130 // SA 11 VC0/1 is now 4-VC0, 7-VC1 @@ -440,7 +434,6 @@ void sa_populate(void) sa[11].gvcid_blk.scid = SCID & 0x3FF; sa[11].gvcid_blk.vcid = 0; sa[11].gvcid_blk.mapid = TYPE_TC; - //sa[11].ek_ref = (char*) "kmc/test/key130"; memcpy(sa[11].ek_ref, ek_ref_string, strlen(ek_ref_string)); // SA 12 - TM CLEAR MODE diff --git a/src/sa/mariadb/sa_interface_mariadb.template.c b/src/sa/mariadb/sa_interface_mariadb.template.c index 85e74824..a91cd712 100644 --- a/src/sa/mariadb/sa_interface_mariadb.template.c +++ b/src/sa/mariadb/sa_interface_mariadb.template.c @@ -254,10 +254,8 @@ static int32_t sa_save_sa(SecurityAssociation_t* sa) // We free the allocated SA memory in the save function. if (sa->ek_ref[0] != '\0') clean_ekref(sa); - //free(sa->ek_ref); if (sa->ak_ref[0] != '\0') clean_akref(sa); - //free(sa->ak_ref); free(sa); return status; From a6eb0ce93ccdf71908567b0ce2d5c78a44c9109d Mon Sep 17 00:00:00 2001 From: Donnie-Ice Date: Mon, 3 Jun 2024 17:42:12 +0000 Subject: [PATCH 061/174] [nasa/cryptolib#246] Fix GCC 13.x Compilation Issues with Null SA/IV --- src/core/crypto_aos.c | 2 +- src/core/crypto_mc.c | 4 ---- src/core/crypto_tc.c | 2 +- src/core/crypto_tm.c | 2 +- .../internal/sa_interface_inmemory.template.c | 24 ++++++++----------- 5 files changed, 13 insertions(+), 21 deletions(-) diff --git a/src/core/crypto_aos.c b/src/core/crypto_aos.c index 04d7551d..91360cb3 100644 --- a/src/core/crypto_aos.c +++ b/src/core/crypto_aos.c @@ -211,7 +211,7 @@ int32_t Crypto_AOS_ApplySecurity(uint8_t* pTfBuffer) // Set initialization vector if specified #ifdef SA_DEBUG - if (sa_ptr->shivf_len > 0 && sa_ptr->iv != NULL) + if (sa_ptr->shivf_len > 0) { printf(KYEL "Using IV value:\n\t"); for (i = 0; i < sa_ptr->iv_len; i++) diff --git a/src/core/crypto_mc.c b/src/core/crypto_mc.c index 89061664..d12e358d 100644 --- a/src/core/crypto_mc.c +++ b/src/core/crypto_mc.c @@ -209,10 +209,6 @@ int32_t Crypto_SA_readARSN(uint8_t* ingest) { // Set IV - authenticated encryption for (x = 0; x < sa_ptr->shivf_len - 1; x++) { - if(sa_ptr->iv == NULL) - { - return CRYPTO_LIB_ERROR; - } ingest[count++] = *(sa_ptr->iv + x); } diff --git a/src/core/crypto_tc.c b/src/core/crypto_tc.c index 804339e4..64328258 100644 --- a/src/core/crypto_tc.c +++ b/src/core/crypto_tc.c @@ -843,7 +843,7 @@ int32_t Crypto_TC_Set_IV(SecurityAssociation_t* sa_ptr, uint8_t* p_new_enc_frame { uint32_t status = CRYPTO_LIB_SUCCESS; #ifdef SA_DEBUG - if (sa_ptr->shivf_len > 0 && sa_ptr->iv != NULL) + if (sa_ptr->shivf_len > 0) { int i = 0; printf(KYEL "Using IV value:\n\t"); diff --git a/src/core/crypto_tm.c b/src/core/crypto_tm.c index e7598ed1..7af11edb 100644 --- a/src/core/crypto_tm.c +++ b/src/core/crypto_tm.c @@ -132,7 +132,7 @@ int32_t Crypto_TM_IV_Sanity_Check(uint8_t* sa_service_type, SecurityAssociation_ { int32_t status = CRYPTO_LIB_SUCCESS; #ifdef SA_DEBUG - if (sa_ptr->shivf_len > 0 && sa_ptr->iv != NULL) + if (sa_ptr->shivf_len > 0) { printf(KYEL "Using IV value:\n\t"); for (int i = 0; i < sa_ptr->iv_len; i++) diff --git a/src/sa/internal/sa_interface_inmemory.template.c b/src/sa/internal/sa_interface_inmemory.template.c index b330bfcd..a7bda4c1 100644 --- a/src/sa/internal/sa_interface_inmemory.template.c +++ b/src/sa/internal/sa_interface_inmemory.template.c @@ -654,10 +654,10 @@ static int32_t sa_get_from_spi(uint16_t spi, SecurityAssociation_t** security_as { int32_t status = CRYPTO_LIB_SUCCESS; *security_association = &sa[spi]; - if ((sa[spi].iv == NULL) && (sa[spi].shivf_len > 0) && crypto_config.cryptography_type != CRYPTOGRAPHY_TYPE_KMCCRYPTO) - { - return CRYPTO_LIB_ERR_NULL_IV; - } // Must have IV if doing encryption or authentication + // if (sa[spi].shivf_len > 0 && crypto_config.cryptography_type != CRYPTOGRAPHY_TYPE_KMCCRYPTO) + // { + // return CRYPTO_LIB_ERR_NULL_IV; + // } // Must have IV if doing encryption or authentication if ((sa[spi].abm_len == 0) && sa[spi].ast) { @@ -688,13 +688,13 @@ int32_t sa_get_operational_sa_from_gvcid_find_iv(uint8_t tfvn, uint16_t scid, ui *security_association = &sa[i]; // Must have IV if using libgcrypt and auth/enc - if (sa[i].iv == NULL && (sa[i].ast == 1 || sa[i].est == 1) && crypto_config.cryptography_type != CRYPTOGRAPHY_TYPE_KMCCRYPTO) - { - status = CRYPTO_LIB_ERR_NULL_IV; - return status; - } + // if (sa[i].iv == NULL && (sa[i].ast == 1 || sa[i].est == 1) && crypto_config.cryptography_type != CRYPTOGRAPHY_TYPE_KMCCRYPTO) + // { + // //status = CRYPTO_LIB_ERR_NULL_IV; + // //return status; + // } // Must have ABM if doing authentication - if (sa[i].abm == NULL && sa[i].ast) + if (sa[i].ast && sa[i].abm_len <= 0) { status = CRYPTO_LIB_ERR_NULL_ABM; return status; @@ -875,10 +875,6 @@ static int32_t sa_get_operational_sa_from_gvcid(uint8_t tfvn, uint16_t scid, uin SecurityAssociation_t** security_association) { int32_t status = CRYPTO_LIB_ERR_NO_OPERATIONAL_SA; - if (sa == NULL) - { - return CRYPTO_LIB_ERR_NO_INIT; - } status = sa_get_operational_sa_from_gvcid_find_iv(tfvn, scid, vcid, mapid, security_association); From 9db3e54556f2c702efc63055caf30769fb8d8e7a Mon Sep 17 00:00:00 2001 From: "william.v.posey" Date: Tue, 4 Jun 2024 11:06:33 +0000 Subject: [PATCH 062/174] #249 fixed custom path variable use in CMakeLists.txt and src/CMakeLists.txt --- CMakeLists.txt | 12 ++++++++---- src/CMakeLists.txt | 8 ++++---- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 110245aa..8e32bcfa 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -67,29 +67,33 @@ OPTION(KMC_CFFI_EXCLUDE "KMC-Exclude-Problematic-CFFI-Code" OFF) #Disabled by de # Custom Module Paths # if(KEY_CUSTOM) - if(NOT DEFINED ${KEY_CUSTOM_PATH}) + if(NOT DEFINED KEY_CUSTOM_PATH) set(KEY_CUSTOM_PATH ${KEY_CUSTOM_PATH_DEFAULT}) + message(STATUS "Default path set for KEY_CUSTOM_PATH") endif() message(STATUS "KEY_CUSTOM being utilized. Path set to: ${KEY_CUSTOM_PATH}") endif() if(MC_CUSTOM) - if(NOT DEFINED ${KEY_CUSTOM_PATH}) + if(NOT DEFINED MC_CUSTOM_PATH) set(MC_CUSTOM_PATH ${MC_CUSTOM_PATH_DEFAULT}) + message(STATUS "Default path set for MC_CUSTOM_PATH") endif() message(STATUS "MC_CUSTOM being utilized. Path set to: ${MC_CUSTOM_PATH}") endif() if(SA_CUSTOM) - if(NOT DEFINED ${SA_CUSTOM_PATH}) + if(NOT DEFINED SA_CUSTOM_PATH) set(SA_CUSTOM_PATH ${SA_CUSTOM_PATH_DEFAULT}) + message(STATUS "Default path set for SA_CUSTOM_PATH") endif() message(STATUS "SA_CUSTOM being utilized. Path set to: ${SA_CUSTOM_PATH}") endif() if(CRYPTO_CUSTOM) - if(NOT DEFINED ${CRYPTO_CUSTOM_PATH}) + if(NOT DEFINED CRYPTO_CUSTOM_PATH) set(CRYPTO_CUSTOM_PATH ${CRYPTO_CUSTOM_PATH_DEFAULT}) + message(STATUS "Default path set for CRYPTO_CUSTOM_PATH") endif() message(STATUS "CRYPTO_CUSTOM being utilized. Path set to: ${CRYPTO_CUSTOM_PATH}") endif() diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 26e32e0c..54744f43 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -20,7 +20,7 @@ include_directories(../include) aux_source_directory(core LIB_SRC_FILES) if(CRYPTO_CUSTOM) - aux_source_directory(CRYPTO_CUSTOM_PATH CRYPTO_FILES) + aux_source_directory(${CRYPTO_CUSTOM_PATH} CRYPTO_FILES) list(APPEND LIB_SRC_FILES ${CRYPTO_FILES}) else() aux_source_directory(crypto/custom_stub CRYPTO_FILES) @@ -53,7 +53,7 @@ endif() if(KEY_CUSTOM) # Assumes CryptoLib is a Git submodule to project and custom directories and definitions exist at top level - aux_source_directory(KEY_CUSTOM_PATH KEY_CUSTOM_FILES) + aux_source_directory(${KEY_CUSTOM_PATH} KEY_CUSTOM_FILES) list(APPEND LIB_SRC_FILES ${KEY_CUSTOM_FILES}) else() aux_source_directory(key/custom_stub KEY_CUSTOM_FILES) @@ -78,7 +78,7 @@ endif() if(MC_CUSTOM) # Assumes CryptoLib is a Git submodule to project and custom directories and definitions exist at top level - aux_source_directory(MC_CUSTOM_PATH MC_CUSTOM_FILES) + aux_source_directory(${MC_CUSTOM_PATH} MC_CUSTOM_FILES) list(APPEND LIB_SRC_FILES ${MC_CUSTOM_FILES}) else() aux_source_directory(mc/custom_stub MC_CUSTOM_FILES) @@ -103,7 +103,7 @@ endif() if(SA_CUSTOM) # Assumes CryptoLib is a Git submodule to project and custom directories and definitions exist at top level - aux_source_directory(SA_CUSTOM_PATH SA_CUSTOM_FILES) + aux_source_directory(${SA_CUSTOM_PATH} SA_CUSTOM_FILES) list(APPEND LIB_SRC_FILES ${SA_CUSTOM_FILES}) else() aux_source_directory(sa/custom_stub SA_CUSTOM_FILES) From 1c94376087e1edba102d4a1bbdb371bdf903b71d Mon Sep 17 00:00:00 2001 From: Donnie-Ice Date: Wed, 5 Jun 2024 19:00:36 +0000 Subject: [PATCH 063/174] [nasa/cryptolib#215] Testing code coverage + uploads to all builds --- .github/workflows/build.yml | 48 +++++++++++++++++++++++++++++++++++-- 1 file changed, 46 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 307904d6..5ec69c29 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -2,7 +2,7 @@ name: CryptoLib on: push: - branches: [ main, dev ] + branches: [ main, dev, 215-re-evaluate-codecov-app-being-used-in-ci ] pull_request: branches: [ main, dev ] @@ -27,6 +27,17 @@ jobs: working-directory: ${{github.workspace}} run: bash ${GITHUB_WORKSPACE}/support/scripts/build_minimal.sh + - name: Code-Coverage + working-directory: ${{github.workspace}} + run: make gcov + + - name: Upload + uses: codecov/codecov-action@v3 + env: + CODECOV_TOKEN: 71699f25-12a3-44a4-8a83-be777b9e577a + with: + files: 'coverage/*.c.gcov' + # # Internal Build # @@ -77,6 +88,17 @@ jobs: - name: KMC Build Script working-directory: ${{github.workspace}} run: bash ${GITHUB_WORKSPACE}/support/scripts/build_kmc.sh + + - name: Code-Coverage + working-directory: ${{github.workspace}} + run: make gcov + + - name: Upload + uses: codecov/codecov-action@v3 + env: + CODECOV_TOKEN: 71699f25-12a3-44a4-8a83-be777b9e577a + with: + files: 'coverage/*.c.gcov' # # Wolf Build @@ -116,6 +138,17 @@ jobs: - name: Wolf Build Script working-directory: ${{github.workspace}} run: bash ${GITHUB_WORKSPACE}/support/scripts/build_wolf.sh + + - name: Code-Coverage + working-directory: ${{github.workspace}} + run: make gcov + + - name: Upload + uses: codecov/codecov-action@v3 + env: + CODECOV_TOKEN: 71699f25-12a3-44a4-8a83-be777b9e577a + with: + files: 'coverage/*.c.gcov' # # RHEL Build @@ -130,7 +163,7 @@ jobs: - name: Update run: yum update -y - name: Install Dependencies - run: yum install -y python38-devel libcurl-devel libgpg-error-devel libgcrypt-devel git cmake gcc java-11-openjdk-devel openssl wget mariadb-devel mariadb-common mariadb-connector-c mariadb-connector-c-config mariadb-errmsg mariadb-gssapi-server + run: yum install -y lcov python38-devel libcurl-devel libgpg-error-devel libgcrypt-devel git cmake gcc java-11-openjdk-devel openssl wget mariadb-devel mariadb-common mariadb-connector-c mariadb-connector-c-config mariadb-errmsg mariadb-gssapi-server # Might want to trim this down, but these dependencies should work for KMC - name: Install Python Dependencies run: pip3 install pycryptodome @@ -139,3 +172,14 @@ jobs: - name: RHEL Build Script working-directory: ${{github.workspace}} run: bash ${GITHUB_WORKSPACE}/support/scripts/build_rhel.sh + + - name: Code-Coverage + working-directory: ${{github.workspace}} + run: make gcov + + - name: Upload + uses: codecov/codecov-action@v3 + env: + CODECOV_TOKEN: 71699f25-12a3-44a4-8a83-be777b9e577a + with: + files: 'coverage/*.c.gcov' From 65c039878f302dbb0f436056567ecda540db870e Mon Sep 17 00:00:00 2001 From: Donnie-Ice Date: Thu, 6 Jun 2024 17:34:36 +0000 Subject: [PATCH 064/174] [nasa/cryptolib#215] Fixed combining of codecov reports for all builds --- .github/workflows/build.yml | 29 ++++++++++++----------------- 1 file changed, 12 insertions(+), 17 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 5ec69c29..98de99f4 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -2,7 +2,7 @@ name: CryptoLib on: push: - branches: [ main, dev, 215-re-evaluate-codecov-app-being-used-in-ci ] + branches: [ main, dev ] pull_request: branches: [ main, dev ] @@ -27,17 +27,6 @@ jobs: working-directory: ${{github.workspace}} run: bash ${GITHUB_WORKSPACE}/support/scripts/build_minimal.sh - - name: Code-Coverage - working-directory: ${{github.workspace}} - run: make gcov - - - name: Upload - uses: codecov/codecov-action@v3 - env: - CODECOV_TOKEN: 71699f25-12a3-44a4-8a83-be777b9e577a - with: - files: 'coverage/*.c.gcov' - # # Internal Build # @@ -63,11 +52,12 @@ jobs: run: make gcov - name: Upload - uses: codecov/codecov-action@v3 + uses: codecov/codecov-action@v4 env: CODECOV_TOKEN: 71699f25-12a3-44a4-8a83-be777b9e577a with: files: 'coverage/*.c.gcov' + verbose: true # # KMC Build @@ -94,11 +84,12 @@ jobs: run: make gcov - name: Upload - uses: codecov/codecov-action@v3 + uses: codecov/codecov-action@v4 env: CODECOV_TOKEN: 71699f25-12a3-44a4-8a83-be777b9e577a with: files: 'coverage/*.c.gcov' + verbose: true # # Wolf Build @@ -144,11 +135,12 @@ jobs: run: make gcov - name: Upload - uses: codecov/codecov-action@v3 + uses: codecov/codecov-action@v4 env: CODECOV_TOKEN: 71699f25-12a3-44a4-8a83-be777b9e577a with: files: 'coverage/*.c.gcov' + verbose: true # # RHEL Build @@ -163,8 +155,10 @@ jobs: - name: Update run: yum update -y - name: Install Dependencies - run: yum install -y lcov python38-devel libcurl-devel libgpg-error-devel libgcrypt-devel git cmake gcc java-11-openjdk-devel openssl wget mariadb-devel mariadb-common mariadb-connector-c mariadb-connector-c-config mariadb-errmsg mariadb-gssapi-server + run: yum install -y epel-release python38-devel libcurl-devel libgpg-error-devel libgcrypt-devel git cmake gcc java-11-openjdk-devel openssl wget mariadb-devel mariadb-common mariadb-connector-c mariadb-connector-c-config mariadb-errmsg mariadb-gssapi-server # Might want to trim this down, but these dependencies should work for KMC + - name: install lcov + run: yum install -y --enablerepo=epel lcov - name: Install Python Dependencies run: pip3 install pycryptodome # End Container Setup @@ -178,8 +172,9 @@ jobs: run: make gcov - name: Upload - uses: codecov/codecov-action@v3 + uses: codecov/codecov-action@v4 env: CODECOV_TOKEN: 71699f25-12a3-44a4-8a83-be777b9e577a with: files: 'coverage/*.c.gcov' + verbose: true From 6680bbbfdead40f58840b5336787226230018f84 Mon Sep 17 00:00:00 2001 From: Donnie-Ice Date: Mon, 10 Jun 2024 18:23:28 +0000 Subject: [PATCH 065/174] [nasa/cryptolib#243] Added custom interface function definition --- include/cryptography_interface.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/cryptography_interface.h b/include/cryptography_interface.h index 75457782..93df7ac5 100644 --- a/include/cryptography_interface.h +++ b/include/cryptography_interface.h @@ -87,5 +87,6 @@ typedef struct CryptographyInterface get_cryptography_interface_libgcrypt(void); CryptographyInterface get_cryptography_interface_kmc_crypto_service(void); CryptographyInterface get_cryptography_interface_wolfssl(void); +CryptographyInterface get_cryptography_interface_custom(void); #endif //CRYPTOLIB_CRYPTOGRAPHY_INTERFACE_H From 4743d5995ed827b70b16d21810b0cea9af733df2 Mon Sep 17 00:00:00 2001 From: Donnie-Ice Date: Mon, 10 Jun 2024 18:25:29 +0000 Subject: [PATCH 066/174] [nasa/cryptolib#243] Added custom interface template stub --- ...ptography_interface_custom_stub.template.c | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 src/crypto/custom_stub/cryptography_interface_custom_stub.template.c diff --git a/src/crypto/custom_stub/cryptography_interface_custom_stub.template.c b/src/crypto/custom_stub/cryptography_interface_custom_stub.template.c new file mode 100644 index 00000000..681df754 --- /dev/null +++ b/src/crypto/custom_stub/cryptography_interface_custom_stub.template.c @@ -0,0 +1,20 @@ +/* + * Copyright 2021, by the California Institute of Technology. + * ALL RIGHTS RESERVED. United States Government Sponsorship acknowledged. + * Any commercial use must be negotiated with the Office of Technology + * Transfer at the California Institute of Technology. + * + * This software may be subject to U.S. export control laws. By accepting + * this software, the user agrees to comply with all applicable U.S. + * export laws and regulations. User has the responsibility to obtain + * export licenses, or other export authority as may be required before + * exporting such information to foreign countries or providing access to + * foreign persons. + */ + +#include "cryptography_interface.h" + +CryptographyInterface get_cryptography_interface_custom(void) +{ + return NULL; +} \ No newline at end of file From ebe9251ce5b754e225fab03ca31a389c96540f0d Mon Sep 17 00:00:00 2001 From: Donnie-Ice Date: Mon, 10 Jun 2024 18:26:36 +0000 Subject: [PATCH 067/174] [nasa/cryptolib#243] Added custom cryptography type to CryptographyType enum --- include/crypto_config_structs.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/crypto_config_structs.h b/include/crypto_config_structs.h index d175bfa5..3ad48826 100644 --- a/include/crypto_config_structs.h +++ b/include/crypto_config_structs.h @@ -58,7 +58,8 @@ typedef enum CRYPTOGRAPHY_TYPE_UNITIALIZED = 0, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTOGRAPHY_TYPE_KMCCRYPTO, - CRYPTOGRAPHY_TYPE_WOLFSSL + CRYPTOGRAPHY_TYPE_WOLFSSL, + CRYPTOGRAPHY_TYPE_CUSTOM } CryptographyType; /*************************************** ** GVCID Managed Parameter enums From f90ba291c2365018fae459f447e45ac25da9dbf9 Mon Sep 17 00:00:00 2001 From: Donnie-Ice Date: Mon, 10 Jun 2024 18:42:24 +0000 Subject: [PATCH 068/174] [nasa/cryptolib#243] Added logic to Crypto_init for custom interface --- src/core/crypto_config.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/core/crypto_config.c b/src/core/crypto_config.c index 7dec1c93..4efb6bcc 100644 --- a/src/core/crypto_config.c +++ b/src/core/crypto_config.c @@ -241,6 +241,10 @@ int32_t Crypto_Init(void) cryptography_if = get_cryptography_interface_wolfssl(); } if (cryptography_if == NULL) + { + cryptography_if = get_cryptography_interface_custom(); + } + if (cryptography_if == NULL) { // Note this needs to be the last option in the chain due to addition configuration required if (cryptography_kmc_crypto_config != NULL) { From 0168840a7e96a5e402729a27f60ece543c4a78fa Mon Sep 17 00:00:00 2001 From: Donnie-Ice Date: Mon, 10 Jun 2024 21:01:20 +0000 Subject: [PATCH 069/174] [nasa/cryptolib#244] Added has_ocf field to Crypto_Config_Add_Gvcid_Managed_Parameter function calls --- include/crypto.h | 4 +- src/core/crypto_config.c | 39 ++++---- test/unit/et_dt_validation.c | 120 +++++++++++------------ test/unit/ut_aos_apply.c | 16 +-- test/unit/ut_aos_process.c | 20 ++-- test/unit/ut_crypto.c | 8 +- test/unit/ut_mysql_m_tls_connection.c | 4 +- test/unit/ut_mysql_tls_connection.c | 4 +- test/unit/ut_sadb_err_cases_kmc_crypto.c | 8 +- test/unit/ut_tc_apply.c | 86 ++++++++-------- test/unit/ut_tc_process.c | 46 ++++----- test/unit/ut_tm_apply.c | 20 ++-- test/unit/ut_tm_process.c | 24 ++--- 13 files changed, 202 insertions(+), 197 deletions(-) diff --git a/include/crypto.h b/include/crypto.h index 5525d917..59a44fba 100644 --- a/include/crypto.h +++ b/include/crypto.h @@ -83,7 +83,7 @@ extern int32_t Crypto_Config_Kmc_Crypto_Service(char* protocol, char* kmc_crypto char* mtls_client_key_pass, char* mtls_issuer_cert); extern int32_t Crypto_Config_Cam(uint8_t cam_enabled, char* cookie_file_path, char* keytab_file_path, uint8_t login_method, char* access_manager_uri, char* username, char* cam_home); extern int32_t Crypto_Config_Add_Gvcid_Managed_Parameter(uint8_t tfvn, uint16_t scid, uint8_t vcid, uint8_t has_fecf, - uint8_t has_segmentation_hdr, uint16_t max_frame_size, uint8_t aos_has_fhec, + uint8_t has_segmentation_hdr, uint8_t has_ocf, uint16_t max_frame_size, uint8_t aos_has_fhec, uint8_t aos_has_iz, uint16_t aos_iz_len); // Initialization @@ -255,7 +255,7 @@ int32_t Crypto_Get_Managed_Parameters_For_Gvcid(uint8_t tfvn, uint16_t scid, uin GvcidManagedParameters_t* managed_parameters_in, GvcidManagedParameters_t** managed_parameters_out); int32_t crypto_config_add_gvcid_managed_parameter_recursion(uint8_t tfvn, uint16_t scid, uint8_t vcid, - uint8_t has_fecf, uint8_t has_segmentation_hdr, + uint8_t has_fecf, uint8_t has_segmentation_hdr, uint8_t has_ocf, uint16_t max_frame_size, uint8_t aos_has_fhec, uint8_t aos_has_iz, uint16_t aos_iz_len, GvcidManagedParameters_t* managed_parameter); diff --git a/src/core/crypto_config.c b/src/core/crypto_config.c index 7dec1c93..0666cebe 100644 --- a/src/core/crypto_config.c +++ b/src/core/crypto_config.c @@ -60,11 +60,11 @@ int32_t Crypto_SC_Init(void) TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // TC - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 4, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 4, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); // TM - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_HAS_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); return status; } @@ -82,9 +82,9 @@ int32_t Crypto_Init_TC_Unit_Test(void) TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // TC Tests - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 4, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 4, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); return status; } @@ -101,9 +101,9 @@ int32_t Crypto_Init_TM_Unit_Test(void) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TM_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // TM Tests - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_NO_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0042, 0, TM_NO_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_NO_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0042, 0, TM_NO_FECF, TM_SEGMENT_HDRS_NA, TM_HAS_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); return status; } @@ -120,9 +120,9 @@ int32_t Crypto_Init_AOS_Unit_Test(void) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // AOS Tests - Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_NO_FECF, AOS_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0042, 0, AOS_NO_FECF, AOS_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_NO_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0042, 0, AOS_NO_FECF, AOS_SEGMENT_HDRS_NA, AOS_HAS_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); return status; } @@ -477,12 +477,15 @@ int32_t Crypto_Config_Cam(uint8_t cam_enabled, char* cookie_file_path, char* key * @param vcid: uint8 * @param has_fecf: uint8 * @param has_segmentation_hdr: uint8 + * @param has_ocf: uint8 * @param max_frame_size: uint16 - * @param has_fhec: uint8 + * @param aos_has_fhec: uint8 + * @param aos_has_iz: uint8 + * @param aos_iz_len: uint16 * @return int32: Success/Failure **/ int32_t Crypto_Config_Add_Gvcid_Managed_Parameter(uint8_t tfvn, uint16_t scid, uint8_t vcid, uint8_t has_fecf, - uint8_t has_segmentation_hdr, uint16_t max_frame_size, uint8_t aos_has_fhec, + uint8_t has_segmentation_hdr, uint8_t has_ocf, uint16_t max_frame_size, uint8_t aos_has_fhec, uint8_t aos_has_iz, uint16_t aos_iz_len) { int32_t status = CRYPTO_LIB_SUCCESS; @@ -497,6 +500,7 @@ int32_t Crypto_Config_Add_Gvcid_Managed_Parameter(uint8_t tfvn, uint16_t scid, u gvcid_managed_parameters->vcid = vcid; gvcid_managed_parameters->has_fecf = has_fecf; gvcid_managed_parameters->has_segmentation_hdr = has_segmentation_hdr; + gvcid_managed_parameters->has_ocf = has_ocf; gvcid_managed_parameters->max_frame_size = max_frame_size; gvcid_managed_parameters->aos_has_fhec = aos_has_fhec; gvcid_managed_parameters->aos_has_iz = aos_has_iz; @@ -513,7 +517,7 @@ int32_t Crypto_Config_Add_Gvcid_Managed_Parameter(uint8_t tfvn, uint16_t scid, u } else { // Recurse through nodes and add at end - return crypto_config_add_gvcid_managed_parameter_recursion(tfvn, scid, vcid, has_fecf, has_segmentation_hdr, + return crypto_config_add_gvcid_managed_parameter_recursion(tfvn, scid, vcid, has_fecf, has_segmentation_hdr, has_ocf, max_frame_size, aos_has_fhec, aos_has_iz, aos_iz_len, gvcid_managed_parameters); } @@ -600,13 +604,13 @@ char* crypto_deep_copy_string(char* src_string) * @return int32: Success/Failure **/ int32_t crypto_config_add_gvcid_managed_parameter_recursion(uint8_t tfvn, uint16_t scid, uint8_t vcid, uint8_t has_fecf, - uint8_t has_segmentation_hdr, uint16_t max_frame_size, uint8_t aos_has_fhec, + uint8_t has_segmentation_hdr, uint8_t has_ocf, uint16_t max_frame_size, uint8_t aos_has_fhec, uint8_t aos_has_iz, uint16_t aos_iz_len, GvcidManagedParameters_t* managed_parameter) { if (managed_parameter->next != NULL) { - return crypto_config_add_gvcid_managed_parameter_recursion(tfvn, scid, vcid, has_fecf, has_segmentation_hdr, + return crypto_config_add_gvcid_managed_parameter_recursion(tfvn, scid, vcid, has_fecf, has_segmentation_hdr, has_ocf, max_frame_size, aos_has_fhec, aos_has_iz, aos_iz_len, managed_parameter->next); } @@ -618,6 +622,7 @@ int32_t crypto_config_add_gvcid_managed_parameter_recursion(uint8_t tfvn, uint16 managed_parameter->next->vcid = vcid; managed_parameter->next->has_fecf = has_fecf; managed_parameter->next->has_segmentation_hdr = has_segmentation_hdr; + managed_parameter->next->has_ocf = has_ocf; managed_parameter->next->max_frame_size = max_frame_size; managed_parameter->next->next = NULL; return CRYPTO_LIB_SUCCESS; diff --git a/test/unit/et_dt_validation.c b/test/unit/et_dt_validation.c index 937c7192..dcb25653 100644 --- a/test/unit/et_dt_validation.c +++ b/test/unit/et_dt_validation.c @@ -330,8 +330,8 @@ UTEST(NIST_ENC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* ekp = NULL; @@ -406,8 +406,8 @@ UTEST(NIST_DEC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* ekp = NULL; @@ -489,8 +489,8 @@ UTEST(NIST_ENC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_1) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* ekp = NULL; @@ -562,8 +562,8 @@ UTEST(NIST_DEC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_1) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* ekp = NULL; @@ -641,8 +641,8 @@ UTEST(NIST_ENC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_2) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* ekp = NULL; @@ -715,8 +715,8 @@ UTEST(NIST_DEC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_2) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* ekp = NULL; @@ -792,8 +792,8 @@ UTEST(NIST_ENC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_3) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* ekp = NULL; @@ -866,8 +866,8 @@ UTEST(NIST_DEC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_3) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* ekp = NULL; @@ -943,8 +943,8 @@ UTEST(NIST_ENC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_4) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* ekp = NULL; @@ -1017,8 +1017,8 @@ UTEST(NIST_DEC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_4) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* ekp = NULL; @@ -1105,8 +1105,8 @@ UTEST(NIST_ENC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* ekp = NULL; @@ -1194,8 +1194,8 @@ UTEST(NIST_ENC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_1) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* ekp = NULL; @@ -1277,8 +1277,8 @@ UTEST(NIST_DEC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* ekp = NULL; @@ -1401,8 +1401,8 @@ UTEST(NIST_DEC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0_BAD_DATA) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* ekp = NULL; @@ -1504,8 +1504,8 @@ UTEST(NIST_DEC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0_BAD_MAC) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* ekp = NULL; @@ -1608,8 +1608,8 @@ UTEST(NIST_ENC_CMAC_VALIDATION, AES_CMAC_256_PT_128_TEST_0) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* akp = NULL; @@ -1702,8 +1702,8 @@ UTEST(NIST_ENC_CMAC_VALIDATION, AES_CMAC_256_PT_128_TEST_1) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* akp = NULL; @@ -1790,8 +1790,8 @@ UTEST(NIST_DEC_CMAC_VALIDATION, AES_CMAC_256_PT_128_TEST_0) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* akp = NULL; @@ -1885,8 +1885,8 @@ UTEST(NIST_DEC_CMAC_VALIDATION, AES_CMAC_256_PT_128_TEST_1) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* akp = NULL; @@ -1978,8 +1978,8 @@ UTEST(NIST_ENC_HMAC_VALIDATION, SHA_256_PT_128_TEST_0) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* akp = NULL; @@ -2073,8 +2073,8 @@ UTEST(NIST_ENC_HMAC_VALIDATION, SHA_256_PT_128_TEST_1) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* akp = NULL; @@ -2167,8 +2167,8 @@ UTEST(NIST_ENC_HMAC_VALIDATION, SHA_512_PT_128_TEST_0) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* akp = NULL; @@ -2260,8 +2260,8 @@ UTEST(NIST_ENC_HMAC_VALIDATION, SHA_512_PT_128_TEST_1) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* akp = NULL; @@ -2351,8 +2351,8 @@ UTEST(NIST_DEC_HMAC_VALIDATION, SHA_256_PT_128_TEST_0) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* akp = NULL; @@ -2447,8 +2447,8 @@ UTEST(NIST_DEC_HMAC_VALIDATION, SHA_256_PT_128_TEST_1) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* akp = NULL; @@ -2537,8 +2537,8 @@ UTEST(NIST_DEC_HMAC_VALIDATION, SHA_512_PT_128_TEST_0) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* akp = NULL; @@ -2627,8 +2627,8 @@ UTEST(NIST_DEC_HMAC_VALIDATION, SHA_512_PT_128_TEST_1) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* akp = NULL; @@ -2719,8 +2719,8 @@ UTEST(PLAINTEXT, ENCRYPT_DECRYPT) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_TRUE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); char* jpl_frame_pt_h = "2003001c00ff000100001880d03e000a197f0b000300020093d4ba21c4555555555555"; @@ -2758,8 +2758,8 @@ UTEST(NIST_ENC_HMAC_VALIDATION, SHA_512_SHORT_KEY) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* akp = NULL; @@ -2839,8 +2839,8 @@ UTEST(NIST_DEC_HMAC_VALIDATION, SHA_512_SHORT_KEY) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* akp = NULL; diff --git a/test/unit/ut_aos_apply.c b/test/unit/ut_aos_apply.c index 55bbc86f..52c842e0 100644 --- a/test/unit/ut_aos_apply.c +++ b/test/unit/ut_aos_apply.c @@ -38,7 +38,7 @@ UTEST(AOS_APPLY, NULL_BUFFER) IV_INTERNAL, CRYPTO_AOS_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, AOS_CHECK_FECF_FALSE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_HAS_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_AOS_ApplySecurity(&ingest[0]); @@ -182,7 +182,7 @@ UTEST(AOS_APPLY, HAPPY_PATH_CLEAR_FECF_LEFT_BLANK) IV_INTERNAL, CRYPTO_AOS_CREATE_FECF_FALSE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TM_CHECK_FECF_FALSE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, TM_SEGMENT_HDRS_NA, AOS_HAS_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); // Test Frame Setup @@ -238,7 +238,7 @@ UTEST(AOS_APPLY, HAPPY_PATH_CLEAR_FHEC_FECF) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // AOS Tests - Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, 1786, AOS_HAS_FHEC, AOS_NO_IZ, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_HAS_OCF, 1786, AOS_HAS_FHEC, AOS_NO_IZ, 0); status = Crypto_Init(); // Test Frame Setup @@ -295,7 +295,7 @@ UTEST(AOS_APPLY, HAPPY_PATH_CLEAR_FHEC_OID_FECF) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // AOS Tests - Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, 1786, AOS_HAS_FHEC, AOS_HAS_IZ, 6); + Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_HAS_OCF, 1786, AOS_HAS_FHEC, AOS_HAS_IZ, 6); status = Crypto_Init(); // Test Frame Setup @@ -354,7 +354,7 @@ UTEST(AOS_APPLY, AES_CMAC_256_TEST_BITMASK_1) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // AOS Tests - Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, 1786, AOS_NO_FHEC, AOS_NO_IZ, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786, AOS_NO_FHEC, AOS_NO_IZ, 0); status = Crypto_Init(); // Test Frame Setup // 6 byte header, 2 byte blank SPI, data, 16 byte MAC, FECF @@ -421,7 +421,7 @@ UTEST(AOS_APPLY, AES_CMAC_256_TEST_BITMASK_0) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // AOS Tests - Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, 1786, AOS_NO_FHEC, AOS_NO_IZ, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786, AOS_NO_FHEC, AOS_NO_IZ, 0); status = Crypto_Init(); // Test Frame Setup // 6 byte header, 2 byte blank SPI, data, 16 byte MAC, FECF @@ -489,7 +489,7 @@ UTEST(AOS_APPLY, AES_GCM) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // AOS Tests - Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, 1786, AOS_NO_FHEC, AOS_NO_IZ, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786, AOS_NO_FHEC, AOS_NO_IZ, 0); status = Crypto_Init(); // Test Frame Setup // 6 byte header, 2 byte blank SPI, 16 byte blank IV (CCC...), data, FECF @@ -558,7 +558,7 @@ UTEST(AOS_APPLY, AEAD_GCM_BITMASK_1) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // AOS Tests - Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, 1786, AOS_NO_FHEC, AOS_NO_IZ, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786, AOS_NO_FHEC, AOS_NO_IZ, 0); status = Crypto_Init(); // Test Frame Setup // 6 byte header, 2 byte blank SPI, 16 byte blank IV (CCC...), data, MAC, FECF diff --git a/test/unit/ut_aos_process.c b/test/unit/ut_aos_process.c index 93dae3ba..abc7ae39 100644 --- a/test/unit/ut_aos_process.c +++ b/test/unit/ut_aos_process.c @@ -125,7 +125,7 @@ UTEST(AOS_PROCESS, HAPPY_PATH_CLEAR_FECF) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // AOS Tests - Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); // Test frame setup @@ -232,7 +232,7 @@ UTEST(AOS_PROCESS, INSERT_ZONE_PRESENT_PLAINTEXT) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // AOS Tests - Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, 1786, AOS_NO_FHEC, AOS_HAS_IZ, 10); + Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786, AOS_NO_FHEC, AOS_HAS_IZ, 10); status = Crypto_Init(); // Test frame setup | 6 byte hdr | 10 byte insert zn|spi|data -----> FECF @@ -286,7 +286,7 @@ UTEST(AOS_PROCESS, AES_CMAC_256_TEST_0) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // AOS Tests - Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); // Test frame setup @@ -350,7 +350,7 @@ UTEST(AOS_PROCESS, AES_CMAC_256_TEST_1) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // AOS Tests - Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); // Test frame setup @@ -406,7 +406,7 @@ UTEST(AOS_PROCESS, AES_HMAC_256_TEST_0) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // AOS Tests - Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); // Test frame setup @@ -471,7 +471,7 @@ UTEST(AOS_PROCESS, AES_HMAC_256_TEST_1) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // AOS Tests - Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); // Test frame setup @@ -534,7 +534,7 @@ UTEST(AOS_PROCESS, AES_HMAC_512_TEST_0) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // AOS Tests - Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); // Test frame setup @@ -598,7 +598,7 @@ UTEST(AOS_PROCESS, AES_HMAC_512_TEST_1) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // AOS Tests - Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); // Test frame setup @@ -657,7 +657,7 @@ UTEST(AOS_PROCESS, AES_GCM_DEC_ONLY) IV_INTERNAL, CRYPTO_AOS_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); @@ -763,7 +763,7 @@ UTEST(AOS_PROCESS, AEAD_GCM_BITMASK_1) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // AOS Tests - Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); // Test frame setup diff --git a/test/unit/ut_crypto.c b/test/unit/ut_crypto.c index 3eb7cdfd..e4ab24f8 100644 --- a/test/unit/ut_crypto.c +++ b/test/unit/ut_crypto.c @@ -58,8 +58,8 @@ UTEST(CRYPTO_C, BAD_CC_FLAG) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_NO_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_NO_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_NO_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_NO_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); char* raw_tc_sdls_ping_h = "3003002000ff000100001880d2c9000e197f0b001b0004000400003040d95ea61a"; char* raw_tc_sdls_ping_b = NULL; @@ -93,8 +93,8 @@ UTEST(CRYPTO_C, PDU_SWITCH) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); sdls_frame.pdu.type = 0; diff --git a/test/unit/ut_mysql_m_tls_connection.c b/test/unit/ut_mysql_m_tls_connection.c index 57169255..d1deee8e 100644 --- a/test/unit/ut_mysql_m_tls_connection.c +++ b/test/unit/ut_mysql_m_tls_connection.c @@ -133,8 +133,8 @@ int32_t Crypto_Init_TC_Unit_Test_For_DB(void) { IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_TRUE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); return status; } diff --git a/test/unit/ut_mysql_tls_connection.c b/test/unit/ut_mysql_tls_connection.c index 7fd6318b..ac1d0932 100644 --- a/test/unit/ut_mysql_tls_connection.c +++ b/test/unit/ut_mysql_tls_connection.c @@ -117,8 +117,8 @@ int32_t Crypto_Init_TC_Unit_Test_For_DB(void) { IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_TRUE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); return status; } diff --git a/test/unit/ut_sadb_err_cases_kmc_crypto.c b/test/unit/ut_sadb_err_cases_kmc_crypto.c index 0b59e12b..11341beb 100644 --- a/test/unit/ut_sadb_err_cases_kmc_crypto.c +++ b/test/unit/ut_sadb_err_cases_kmc_crypto.c @@ -55,7 +55,7 @@ UTEST(KMC_CRYPTO, ONLY_KEYED_SA_AVAILABLE_FOR_GVCID) // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 2, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 3, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 33, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 33, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); @@ -107,7 +107,7 @@ UTEST(KMC_CRYPTO, ONLY_UNKEYED_SA_AVAILABLE_FOR_GVCID) // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 2, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 3, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 32, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 32, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); @@ -159,7 +159,7 @@ UTEST(KMC_CRYPTO, NULL_EKID_BLANK_ECS_ERROR) // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 2, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 3, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 34, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 34, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); @@ -211,7 +211,7 @@ UTEST(KMC_CRYPTO, INVALID_ABM_LENGTH_FOR_FRAME_WITH_SEG_HEADERS) // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 2, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 3, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 28, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 28, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); diff --git a/test/unit/ut_tc_apply.c b/test/unit/ut_tc_apply.c index 43449bb5..4049d91c 100644 --- a/test/unit/ut_tc_apply.c +++ b/test/unit/ut_tc_apply.c @@ -43,7 +43,7 @@ UTEST(TC_APPLY_SECURITY, NO_CRYPTO_INIT) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_TRUE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); uint8_t* ptr_enc_frame = NULL; uint16_t enc_frame_len = 0; @@ -313,8 +313,8 @@ UTEST(TC_APPLY_SECURITY, HAPPY_PATH_APPLY_STATIC_IV_ROLLOVER) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); char* raw_tc_sdls_ping_h = "20030015000080d2c70008197f0b00310000b1fe3128"; char* raw_tc_sdls_ping_b = NULL; @@ -402,7 +402,7 @@ UTEST(TC_APPLY_SECURITY, HAPPY_PATH_APPLY_NONTRANSMITTED_INCREMENTING_ARSN_ROLLO IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); char* raw_tc_sdls_ping_h = "20030015000080d2c70008197f0b00310000b1fe3128"; char* raw_tc_sdls_ping_b = NULL; @@ -504,8 +504,8 @@ UTEST(TC_APPLY_SECURITY, BAD_SPACE_CRAFT_ID) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); char* raw_tc_sdls_ping_bad_scid_h = "20010015000080d2c70008197f0b00310000b1fe3128"; char* raw_tc_sdls_ping_bad_scid_b = NULL; @@ -537,8 +537,8 @@ UTEST(TC_APPLY_SECURITY, BAD_VIRTUAL_CHANNEL_ID) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); char* raw_tc_sdls_ping_bad_vcid_h = "20032015000080d2c70008197f0b00310000b1fe3128"; char* raw_tc_sdls_ping_bad_vcid_b = NULL; @@ -571,8 +571,8 @@ UTEST(TC_APPLY_SECURITY, NULL_BUFFER) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); long buffer_size = 0; uint8_t* buffer = NULL; @@ -608,7 +608,7 @@ UTEST(TC_APPLY_SECURITY, INVALID_FRAME_SIZE) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 4, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 4, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); char* test_frame_pt_h = "2003001c00ff000100001880d03e000a197f0b000300020093d4ba21c4"; @@ -635,7 +635,7 @@ UTEST(TC_APPLY_SECURITY, INVALID_FRAME_SIZE) test_association->shsnf_len = 0; test_association->sa_state = SA_OPERATIONAL; // Reset Managed Parameters for this channel to an invalid maximum - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 2047, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 2047, AOS_FHEC_NA, AOS_IZ_NA, 0); // Convert input test frame hex_conversion(long_frame_pt_h, (char**) &long_frame_pt_b, &long_frame_pt_len); // Should fail, as frame length violates the spec max @@ -657,7 +657,7 @@ UTEST(TC_APPLY_SECURITY, ERROR_TC_INPUT_FRAME_TOO_SHORT_FOR_SPEC) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 4, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 4, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); @@ -692,7 +692,7 @@ UTEST(TC_APPLY_SECURITY, ERROR_TC_INPUT_FRAME_TOO_SHORT_FOR_SPECIFIED_FRAME_LENG IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 4, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 4, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); @@ -728,10 +728,10 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_1BP) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t return_val = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); @@ -791,10 +791,10 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_16BP) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t return_val = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); @@ -856,10 +856,10 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_FRAME_MAX) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t return_val = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); @@ -905,10 +905,10 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_FRAME_TOO_BIG) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t return_val = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); @@ -950,10 +950,10 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_1BP_1) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t return_val = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); @@ -1025,10 +1025,10 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_NULL_IV) TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t return_val = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); @@ -1097,10 +1097,10 @@ UTEST(TC_APPLY_SECURITY, CBC_NULL_IV_W_IVH) TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t return_val = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); @@ -1172,7 +1172,7 @@ UTEST(TC_APPLY_SECURITY, PLAINTEXT_W_ARSN) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_TRUE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); // Test string char* raw_tc_sdls_ping_h = "2003001F00000100011880D2C9000E197F0B001B0004000400003040D95E0000"; diff --git a/test/unit/ut_tc_process.c b/test/unit/ut_tc_process.c index b7483cf2..97fcd622 100644 --- a/test/unit/ut_tc_process.c +++ b/test/unit/ut_tc_process.c @@ -39,8 +39,8 @@ UTEST(TC_PROCESS, EXERCISE_IV) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* ekp = NULL; @@ -139,8 +139,8 @@ UTEST(TC_PROCESS, EXERCISE_ARSN) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* akp = NULL; @@ -247,8 +247,8 @@ UTEST(TC_PROCESS, HAPPY_PATH_PROCESS_STATIC_IV_ROLLOVER) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); @@ -337,8 +337,8 @@ UTEST(TC_PROCESS, HAPPY_PATH_PROCESS_NONTRANSMITTED_INCREMENTING_IV_ROLLOVER) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); @@ -438,8 +438,8 @@ UTEST(TC_PROCESS, HAPPY_PATH_PROCESS_NONTRANSMITTED_INCREMENTING_ARSN_ROLLOVER) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_FALSE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); @@ -529,7 +529,7 @@ UTEST(TC_PROCESS, ERROR_TC_INPUT_FRAME_TOO_SHORT_FOR_SPEC) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 4, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 4, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); @@ -567,7 +567,7 @@ UTEST(TC_PROCESS, ERROR_TC_INPUT_FRAME_TOO_SHORT_FOR_SPECIFIED_FRAME_LENGTH_HEAD IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 4, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 4, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); @@ -605,7 +605,7 @@ UTEST(TC_PROCESS, HAPPY_PATH_DECRYPT_CBC) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); @@ -664,10 +664,10 @@ UTEST(TC_PROCESS, DECRYPT_CBC_1B) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); @@ -724,10 +724,10 @@ UTEST(TC_PROCESS, DECRYPT_CBC_16B) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); @@ -787,8 +787,8 @@ UTEST(TC_PROCESS, GCM_IV_AND_ARSN) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_FALSE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_NO_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_NO_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_NO_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_NO_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* ekp = NULL; diff --git a/test/unit/ut_tm_apply.c b/test/unit/ut_tm_apply.c index 17aaa82a..212e95fe 100644 --- a/test/unit/ut_tm_apply.c +++ b/test/unit/ut_tm_apply.c @@ -189,7 +189,7 @@ UTEST(TM_APPLY_SECURITY, HAPPY_PATH_CLEAR_FECF_LEFT_BLANK) IV_INTERNAL, CRYPTO_TM_CREATE_FECF_FALSE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TM_CHECK_FECF_FALSE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); // Test frame setup @@ -254,7 +254,7 @@ UTEST(TM_APPLY_SECURITY, SECONDARY_HDR_PRESENT_PLAINTEXT) IV_INTERNAL, CRYPTO_TM_CREATE_FECF_FALSE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TM_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_NO_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_NO_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); // Test frame setup @@ -393,7 +393,7 @@ UTEST(TM_APPLY_SECURITY, AES_CMAC_256_TEST_0) IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); @@ -481,7 +481,7 @@ UTEST(TM_APPLY_SECURITY, AES_CMAC_256_TEST_1) IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); @@ -575,7 +575,7 @@ UTEST(TM_APPLY_ENC_VAL, AES_HMAC_SHA_256_TEST_0) IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); @@ -662,7 +662,7 @@ UTEST(TM_APPLY_ENC_VAL, AES_HMAC_SHA_256_TEST_1) IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); @@ -750,7 +750,7 @@ UTEST(TM_APPLY_ENC_VAL, AES_HMAC_SHA_512_TEST_0) IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); @@ -848,7 +848,7 @@ UTEST(TM_APPLY_ENC_VAL, AES_HMAC_SHA_512_TEST_1) IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); @@ -937,7 +937,7 @@ UTEST(TM_APPLY_ENC_VAL, AES_GCM_BITMASK_1) IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); @@ -1032,7 +1032,7 @@ UTEST(TM_APPLY_ENC_VAL, AEAD_AES_GCM_BITMASK_1) IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); diff --git a/test/unit/ut_tm_process.c b/test/unit/ut_tm_process.c index 4f532007..2b971dc0 100644 --- a/test/unit/ut_tm_process.c +++ b/test/unit/ut_tm_process.c @@ -47,7 +47,7 @@ UTEST(TM_PROCESS_SECURITY, NO_CRYPTO_INIT) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_TRUE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); // Determine managed parameters by GVCID, which nominally happens in TO // status = Crypto_Get_Managed_Parameters_For_Gvcid(((uint8_t)framed_tm_b[0] & 0xC0) >> 6, @@ -126,7 +126,7 @@ UTEST(TM_PROCESS_SECURITY, HAPPY_PATH_CLEAR_FECF) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TM_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // TM Tests - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); // Test frame setup @@ -180,7 +180,7 @@ UTEST(TM_PROCESS_SECURITY, SECONDARY_HDR_PRESENT_PLAINTEXT) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TM_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // TM Tests - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); // Test frame setup @@ -235,7 +235,7 @@ UTEST(TM_PROCESS_SECURITY, SECONDARY_HDR_PRESENT_MAC) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TM_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // TM Tests - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); // Test frame setup @@ -315,7 +315,7 @@ UTEST(TM_PROCESS_SECURITY, AES_CMAC_256_TEST_0) IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); @@ -409,7 +409,7 @@ UTEST(TM_PROCESS_SECURITY, AES_CMAC_256_TEST_1) IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); @@ -504,7 +504,7 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_256_TEST_0) IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); @@ -598,7 +598,7 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_256_TEST_1) IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); @@ -692,7 +692,7 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_512_TEST_0) IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); @@ -791,7 +791,7 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_512_TEST_1) IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); @@ -890,7 +890,7 @@ UTEST(TM_PROCESS_ENC_VAL, AES_GCM_BITMASK_1) IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); @@ -994,7 +994,7 @@ UTEST(TM_PROCESS_ENC_VAL, AEAD_AES_GCM_BITMASK_1) IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); From ccc0fa55220103a0ea3a7d9bcb1143add475ba65 Mon Sep 17 00:00:00 2001 From: Donnie-Ice Date: Thu, 13 Jun 2024 18:16:16 +0000 Subject: [PATCH 070/174] [nasa/cryptolib#197] Began support for AES_GCM_SIV --- include/crypto_config_structs.h | 1 + src/core/crypto.c | 11 ++- ...hy_interface_kmc_crypto_service.template.c | 2 + ...ryptography_interface_libgcrypt.template.c | 6 ++ .../cryptography_interface_wolfssl.template.c | 90 +++++++++++++++++++ 5 files changed, 106 insertions(+), 4 deletions(-) diff --git a/include/crypto_config_structs.h b/include/crypto_config_structs.h index 3ad48826..4d24a048 100644 --- a/include/crypto_config_structs.h +++ b/include/crypto_config_structs.h @@ -190,6 +190,7 @@ typedef enum { CRYPTO_CIPHER_NONE, CRYPTO_CIPHER_AES256_GCM, + CRYPTO_CIPHER_AES256_GCM_SIV, CRYPTO_CIPHER_AES256_CBC, CRYPTO_CIPHER_AES256_CBC_MAC, CRYPTO_CIPHER_AES256_CCM diff --git a/src/core/crypto.c b/src/core/crypto.c index 975aa1fc..9b03343b 100644 --- a/src/core/crypto.c +++ b/src/core/crypto.c @@ -100,7 +100,7 @@ uint8_t Crypto_Is_AEAD_Algorithm(uint32_t cipher_suite_id) // CryptoLib only supports AES-GCM, which is an AEAD (Authenticated Encryption with Associated Data) algorithm, so // return true/1. // TODO - Add cipher suite mapping to which algorithms are AEAD and which are not. - if ((cipher_suite_id == CRYPTO_CIPHER_AES256_GCM) || (cipher_suite_id == CRYPTO_CIPHER_AES256_CBC_MAC)) + if ((cipher_suite_id == CRYPTO_CIPHER_AES256_GCM) || (cipher_suite_id == CRYPTO_CIPHER_AES256_CBC_MAC) || (cipher_suite_id == CRYPTO_CIPHER_AES256_GCM_SIV)) { #ifdef DEBUG printf(KYEL "CRYPTO IS AEAD? : TRUE\n" RESET); @@ -913,7 +913,7 @@ int32_t Crypto_Check_Anti_Replay_ARSNW(SecurityAssociation_t* sa_ptr, uint8_t* a int32_t Crypto_Check_Anti_Replay_GCM(SecurityAssociation_t* sa_ptr, uint8_t* iv, int8_t* iv_valid) { int32_t status = CRYPTO_LIB_SUCCESS; - if ((sa_ptr->iv_len > 0) && (sa_ptr->ecs == CRYPTO_CIPHER_AES256_GCM)) + if ((sa_ptr->iv_len > 0) && (sa_ptr->ecs == CRYPTO_CIPHER_AES256_GCM || sa_ptr->ecs == CRYPTO_CIPHER_AES256_GCM_SIV)) { // Check IV is in ARSNW if(crypto_config.crypto_increment_nontransmitted_iv == SA_INCREMENT_NONTRANSMITTED_IV_TRUE) @@ -982,7 +982,7 @@ int32_t Crypto_Check_Anti_Replay(SecurityAssociation_t* sa_ptr, uint8_t* arsn, u } // For GCM specifically, if have a valid IV... - if ((sa_ptr->ecs == CRYPTO_CIPHER_AES256_GCM) && (iv_valid == CRYPTO_TRUE)) + if ((sa_ptr->ecs == CRYPTO_CIPHER_AES256_GCM || sa_ptr->ecs == CRYPTO_CIPHER_AES256_GCM_SIV) && (iv_valid == CRYPTO_TRUE)) { // Using ARSN? Need to be valid to increment both if (sa_ptr->arsn_len > 0 && arsn_valid == CRYPTO_TRUE) @@ -998,7 +998,7 @@ int32_t Crypto_Check_Anti_Replay(SecurityAssociation_t* sa_ptr, uint8_t* arsn, u } // If not GCM, and ARSN is valid - can incrmeent it - if (sa_ptr->ecs != CRYPTO_CIPHER_AES256_GCM && arsn_valid == CRYPTO_TRUE) + if ((sa_ptr->ecs != CRYPTO_CIPHER_AES256_GCM && sa_ptr->ecs != CRYPTO_CIPHER_AES256_GCM_SIV) && arsn_valid == CRYPTO_TRUE) { memcpy(sa_ptr->arsn, arsn, sa_ptr->arsn_len); } @@ -1026,6 +1026,9 @@ int32_t Crypto_Get_ECS_Algo_Keylen(uint8_t algo) case CRYPTO_CIPHER_AES256_GCM: retval = 32; break; + case CRYPTO_CIPHER_AES256_GCM_SIV: + retval = 32; + break; case CRYPTO_CIPHER_AES256_CBC: retval = 32; break; diff --git a/src/crypto/kmc/cryptography_interface_kmc_crypto_service.template.c b/src/crypto/kmc/cryptography_interface_kmc_crypto_service.template.c index 3edaebd0..330ae3ec 100644 --- a/src/crypto/kmc/cryptography_interface_kmc_crypto_service.template.c +++ b/src/crypto/kmc/cryptography_interface_kmc_crypto_service.template.c @@ -2291,6 +2291,8 @@ int32_t cryptography_get_ecs_algo(int8_t algo_enum) return CRYPTO_CIPHER_AES256_GCM; case CRYPTO_CIPHER_AES256_CCM: return CRYPTO_CIPHER_AES256_CCM; + case CRYPTO_CIPHER_AES256_GCM_SIV: + return CRYPTO_CIPHER_AES256_GCM_SIV; default: #ifdef DEBUG diff --git a/src/crypto/libgcrypt/cryptography_interface_libgcrypt.template.c b/src/crypto/libgcrypt/cryptography_interface_libgcrypt.template.c index 90b467d6..3a9eab5e 100644 --- a/src/crypto/libgcrypt/cryptography_interface_libgcrypt.template.c +++ b/src/crypto/libgcrypt/cryptography_interface_libgcrypt.template.c @@ -1023,6 +1023,9 @@ int32_t cryptography_get_ecs_algo(int8_t algo_enum) case CRYPTO_CIPHER_AES256_GCM: algo = GCRY_CIPHER_AES256; break; + case CRYPTO_CIPHER_AES256_GCM_SIV: + algo = GCRY_CIPHER_AES256; + break; case CRYPTO_CIPHER_AES256_CBC: algo = GCRY_CIPHER_AES256; break; @@ -1053,6 +1056,9 @@ int32_t cryptography_get_ecs_mode(int8_t algo_enum) case CRYPTO_CIPHER_AES256_GCM: mode = GCRY_CIPHER_MODE_GCM; break; + case CRYPTO_CIPHER_AES256_GCM_SIV: + mode = GCRY_CIPHER_MODE_GCM; + break; case CRYPTO_CIPHER_AES256_CBC: mode = GCRY_CIPHER_MODE_CBC; break; diff --git a/src/crypto/wolfssl/cryptography_interface_wolfssl.template.c b/src/crypto/wolfssl/cryptography_interface_wolfssl.template.c index b668381d..515b2352 100644 --- a/src/crypto/wolfssl/cryptography_interface_wolfssl.template.c +++ b/src/crypto/wolfssl/cryptography_interface_wolfssl.template.c @@ -422,6 +422,20 @@ static int32_t cryptography_encrypt(uint8_t* data_out, size_t len_data_out, } break; + // TODO: Confirm same process as above for SIV + // case CRYPTO_CIPHER_AES256_GCM_SIV: + // status = wc_AesGcmSetKey(&enc, key, len_key); + // if (status == 0) + // { + // //status = wc_AesGcmEncrypt(&enc, data_out, data_in, len_data_in, iv, iv_len, NULL, 16, NULL, 0); + // status = wc_AesSivEncrypt(key, len_key, NULL, 0, ) + // if (status == -180) + // { // Special error case as Wolf will not accept a zero value for MAC size + // status = CRYPTO_LIB_SUCCESS; + // } + // } + // break; + case CRYPTO_CIPHER_AES256_CBC: status = wc_AesSetKey(&enc, key, len_key, iv, AES_ENCRYPTION); if (status == 0) @@ -514,6 +528,30 @@ static int32_t cryptography_aead_encrypt(uint8_t* data_out, size_t len_data_out, } break; + // TODO: Confirm same process will be used + case CRYPTO_CIPHER_AES256_GCM_SIV: + status = wc_AesGcmSetKey(&enc, key, len_key); + if (status == 0) + { + if ((encrypt_bool == CRYPTO_TRUE) && (authenticate_bool == CRYPTO_TRUE)) + { + status = wc_AesGcmEncrypt(&enc, data_out, data_in, len_data_in, iv, iv_len, mac, mac_size, aad, aad_len); + } + else if (encrypt_bool == CRYPTO_TRUE) + { + status = wc_AesGcmEncrypt(&enc, data_out, data_in, len_data_in, iv, iv_len, mac, 16, aad, aad_len); + if (status == -180) + { // Special error case as Wolf will not accept a zero value for MAC size + status = CRYPTO_LIB_SUCCESS; + } + } + else if (authenticate_bool == CRYPTO_TRUE) + { + status = wc_AesGcmEncrypt(&enc, data_out, data_in, 0, iv, iv_len, mac, mac_size, aad, aad_len); + } + } + break; + case CRYPTO_CIPHER_AES256_CCM: status = CRYPTO_LIB_ERR_UNSUPPORTED_ACS; break; @@ -573,6 +611,18 @@ static int32_t cryptography_decrypt(uint8_t* data_out, size_t len_data_out, } break; + case CRYPTO_CIPHER_AES256_GCM_SIV: + status = wc_AesGcmSetKey(&dec, key, len_key); + if (status == 0) + { + status = wc_AesGcmDecrypt(&dec, data_out, data_in, len_data_in, iv, iv_len, calc_mac, 16, NULL, 0); + if (status == -180) + { // Special error case as Wolf will not accept a zero value for MAC size + status = CRYPTO_LIB_SUCCESS; + } + } + break; + case CRYPTO_CIPHER_AES256_CBC: status = wc_AesSetKey(&dec, key, len_key, iv, AES_DECRYPTION); if (status == 0) @@ -659,6 +709,43 @@ static int32_t cryptography_aead_decrypt(uint8_t* data_out, size_t len_data_out, } break; + case CRYPTO_CIPHER_AES256_GCM_SIV: + status = wc_AesGcmSetKey(&dec, key, len_key); + if (status == 0) + { + if ((decrypt_bool == CRYPTO_TRUE) && (authenticate_bool == CRYPTO_TRUE)) + { + // Added for now while assessing unit tests and requirements + if (mac_size > 0) + { + status = wc_AesGcmDecrypt(&dec, data_out, data_in, len_data_in, iv, iv_len, mac, mac_size, aad, aad_len); + } + else + { + status = wc_AesGcmDecrypt(&dec, data_out, data_in, len_data_in, iv, iv_len, mac, 16, aad, aad_len); + if (status == -180) + { // Special error case as Wolf will not accept a zero value for MAC size + status = CRYPTO_LIB_SUCCESS; + } + } + } + else if (decrypt_bool == CRYPTO_TRUE) + { + status = wc_AesGcmDecrypt(&dec, data_out, data_in, len_data_in, iv, iv_len, mac, 16, aad, aad_len); + if (status == -180) + { // Special error case as Wolf will not accept a zero value for MAC size + status = CRYPTO_LIB_SUCCESS; + } + } + else if (authenticate_bool == CRYPTO_TRUE) + { + status = wc_AesGcmDecrypt(&dec, data_out, data_in, len_data_in, iv, iv_len, mac, mac_size, aad, aad_len); + // If authentication only, don't decrypt the data. Just pass the data PDU through. + memcpy(data_out, data_in, len_data_in); + } + } + break; + case CRYPTO_CIPHER_AES256_CCM: status = CRYPTO_LIB_ERR_UNSUPPORTED_ECS; break; @@ -722,6 +809,9 @@ int32_t cryptography_get_ecs_algo(int8_t algo_enum) case CRYPTO_CIPHER_AES256_GCM: algo = CRYPTO_CIPHER_AES256_GCM; break; + case CRYPTO_CIPHER_AES256_GCM_SIV: + algo = CRYPTO_CIPHER_AES256_GCM_SIV; + break; case CRYPTO_CIPHER_AES256_CBC: algo = CRYPTO_CIPHER_AES256_CBC; break; From ab6f0ec57f4d85df077697cc54e74f9de38e1d13 Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 26 Jun 2024 18:41:35 +0000 Subject: [PATCH 071/174] Update Key Validation 2 unique keys per SA - No Duplication. Default OFF (-DKEY_VALIDATION) for now --- CMakeLists.txt | 5 ++ include/crypto_error.h | 1 + src/core/crypto_error.c | 3 +- .../internal/sa_interface_inmemory.template.c | 51 +++++++++++++++++++ support/scripts/build_internal.sh | 2 +- 5 files changed, 60 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 8e32bcfa..f56fd681 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -57,6 +57,7 @@ option(SYSTEM_INSTALL "SystemInstall" OFF) option(TEST "Test" OFF) option(TEST_ENC "Tests - Encryption" OFF) option(SA_FILE "Save Security Association to File" OFF) +option(KEY_VALIDATION "Validate existance of key duplication" OFF) OPTION(KMC_MDB_RH "KMC-MDB-RedHat-Integration-Testing" OFF) #Disabled by default, enable with: -DKMC_MDB_RH=ON OPTION(KMC_MDB_DB "KMC-MDB-Debian-Integration-Testing" OFF) #Disabled by default, enable with: -DKMC_MDB_DB=ON @@ -110,6 +111,10 @@ if(SA_FILE) add_definitions(-DSA_FILE) endif() +if(KEY_VALIDATION) + add_definitions(-DKEY_VALIDATION) +endif() + if(DEBUG) add_definitions(-DDEBUG -DOCF_DEBUG -DFECF_DEBUG -DSA_DEBUG -DPDU_DEBUG -DCCSDS_DEBUG -DTC_DEBUG -DMAC_DEBUG -DTM_DEBUG -DAOS_DEBUG) add_compile_options(-ggdb) diff --git a/include/crypto_error.h b/include/crypto_error.h index 2f7e213f..ff2f3439 100644 --- a/include/crypto_error.h +++ b/include/crypto_error.h @@ -123,6 +123,7 @@ #define CRYPTO_LIB_ERR_INVALID_SA_SERVICE_TYPE (-51) #define CRYPTO_LIB_ERR_FAIL_SA_SAVE (-52) #define CRYPTO_LIB_ERR_FAIL_SA_LOAD (-53) +#define CRYPTO_LIB_ERR_KEY_VALIDATION (-54) extern char *crypto_enum_errlist_core[]; extern char *crypto_enum_errlist_config[]; diff --git a/src/core/crypto_error.c b/src/core/crypto_error.c index 6894eac1..3725768b 100644 --- a/src/core/crypto_error.c +++ b/src/core/crypto_error.c @@ -74,7 +74,8 @@ char *crypto_enum_errlist_core[] = (char*) "CRYPTO_LIB_ERR_TC_ENUM_USED_FOR_AOS_CONFIG", (char*) "CRYPTO_LIB_ERR_INVALID_SA_SERVICE_TYPE", (char*) "CRYPTO_LIB_ERR_FAIL_SA_SAVE", - (char*) "CRYPTO_LIB_ERR_FAIL_SA_LOAD", + (char*) "CRYPTO_LIB_ERR_FAIL_SA_LOAD", + (char*) "CRYPTO_LIB_ERR_KEY_VALIDATION", }; char *crypto_enum_errlist_config[] = diff --git a/src/sa/internal/sa_interface_inmemory.template.c b/src/sa/internal/sa_interface_inmemory.template.c index a7bda4c1..a045c1d1 100644 --- a/src/sa/internal/sa_interface_inmemory.template.c +++ b/src/sa/internal/sa_interface_inmemory.template.c @@ -544,6 +544,51 @@ void sa_populate(void) sa_perform_save(&sa[0]); } +/** + * @brief Function Key_Validation() + * Validates the use of a single key per encryption type per SA + * At most an SA can contain 2 unique Keys. These my not be utilized in another SA + */ +int32_t key_validation(void) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + int i = 0; + int j = 0; + for(i = 0; i < NUM_SA; i++) + { + uint16_t i_ekid = sa[i].ekid; + uint16_t i_akid = sa[i].akid; + + if(i_ekid == i_akid) + { + status = CRYPTO_LIB_ERR_KEY_VALIDATION; +#ifdef DEBUG + printf(KRED "SA Key Validation FAILURE!\n"); + printf("Key Duplication: SA #%d, EKID: %d, AKID: %d\n", i, i_ekid, i_akid); + printf("\n"RESET); +#endif + break; + } + + for(j = i+1; j < NUM_SA; j++) + { + uint16_t j_ekid = sa[j].ekid; + uint16_t j_akid = sa[j].akid; + + if((i_ekid == j_ekid) || (i_ekid == j_akid) || (i_akid == j_ekid) || (i_akid == j_akid) || (j_ekid == j_akid)) + { + status = CRYPTO_LIB_ERR_KEY_VALIDATION; +#ifdef DEBUG + printf(KRED "SA Key Validation FAILURE!\n"); + printf("Key Duplication SA: %d, EKID: %d, AKID: %d\n\tSA: %d, EKID: %d, AKID: %d\n", i, i_ekid, i_akid, j, j_ekid, j_akid); + printf("\n"RESET); +#endif + break; + } + } + } + return status; +} /** * @brief Function; sa_config @@ -561,6 +606,9 @@ int32_t sa_config(void) if(use_internal) { sa_populate(); +#ifdef KEY_VALIDATION + status = key_validation(); +#endif } return status; @@ -627,6 +675,9 @@ int32_t sa_init(void) } sa_populate(); +#ifdef KEY_VALIDATION + status = key_validation(); +#endif } return status; } diff --git a/support/scripts/build_internal.sh b/support/scripts/build_internal.sh index c6e326f2..7da05ad4 100755 --- a/support/scripts/build_internal.sh +++ b/support/scripts/build_internal.sh @@ -9,4 +9,4 @@ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) source $SCRIPT_DIR/env.sh -cmake $BASE_DIR -DCODECOV=1 -DDEBUG=1 -DMC_INTERNAL=1 -DTEST=1 -DTEST_ENC=1 -DSA_FILE=1 && make && make test +cmake $BASE_DIR -DCODECOV=1 -DDEBUG=1 -DMC_INTERNAL=1 -DTEST=1 -DTEST_ENC=1 -DSA_FILE=1 -DKEY_VALIDATION=0 && make && make test From 8c0c72c8b338689519fbd3f2a41a2572bec480f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luna=20Gr=C3=A4fje?= Date: Tue, 2 Jul 2024 11:32:26 +0200 Subject: [PATCH 072/174] Only initialize sa, key and mc interface if not already initialized This allows consumers of the library to supply their own implementation of these interfaces without having to either 1. Have a project structure that puts cryptolib as a top level git submodoule with a top level sa / key / mc directory 2. Modify the CryptoLib source code --- src/core/crypto_config.c | 92 +++++++++++++++++++++------------------- 1 file changed, 49 insertions(+), 43 deletions(-) diff --git a/src/core/crypto_config.c b/src/core/crypto_config.c index c163cbdc..1afecca8 100644 --- a/src/core/crypto_config.c +++ b/src/core/crypto_config.c @@ -176,62 +176,68 @@ int32_t Crypto_Init(void) // #endif /* Key Interface */ - if (crypto_config.key_type == KEY_TYPE_CUSTOM) - { - key_if = get_key_interface_custom(); - } - else if (crypto_config.key_type == KEY_TYPE_INTERNAL) - { - key_if = get_key_interface_internal(); - } - else // KEY_TYPE_KMC - { - key_if = get_key_interface_kmc(); + if (key_if == NULL) { + if (crypto_config.key_type == KEY_TYPE_CUSTOM) + { + key_if = get_key_interface_custom(); + } + else if (crypto_config.key_type == KEY_TYPE_INTERNAL) + { + key_if = get_key_interface_internal(); + } + else // KEY_TYPE_KMC + { + key_if = get_key_interface_kmc(); + } } key_if->key_init(); // TODO: Check and return status on error /* MC Interface */ - if (crypto_config.mc_type == MC_TYPE_CUSTOM) - { - mc_if = get_mc_interface_custom(); - } - else if (crypto_config.mc_type == MC_TYPE_DISABLED) - { - mc_if = get_mc_interface_disabled(); - } - else // MC_TYPE_INTERNAL - { - mc_if = get_mc_interface_internal(); + if (mc_if == NULL) { + if (crypto_config.mc_type == MC_TYPE_CUSTOM) + { + mc_if = get_mc_interface_custom(); + } + else if (crypto_config.mc_type == MC_TYPE_DISABLED) + { + mc_if = get_mc_interface_disabled(); + } + else // MC_TYPE_INTERNAL + { + mc_if = get_mc_interface_internal(); + } } mc_if->mc_initialize(); // TODO: Check and return status on error /* SA Interface */ - // Prepare SA type from config - if (crypto_config.sa_type == SA_TYPE_CUSTOM) - { - sa_if = get_sa_interface_custom(); - } - else if (crypto_config.sa_type == SA_TYPE_INMEMORY) - { - sa_if = get_sa_interface_inmemory(); - } - else if (crypto_config.sa_type == SA_TYPE_MARIADB) - { - if (sa_mariadb_config == NULL) + if (sa_if == NULL) { + // Prepare SA type from config + if (crypto_config.sa_type == SA_TYPE_CUSTOM) + { + sa_if = get_sa_interface_custom(); + } + else if (crypto_config.sa_type == SA_TYPE_INMEMORY) + { + sa_if = get_sa_interface_inmemory(); + } + else if (crypto_config.sa_type == SA_TYPE_MARIADB) { - status = CRYPTO_MARIADB_CONFIGURATION_NOT_COMPLETE; - printf(KRED "ERROR: CryptoLib MariaDB must be configured before intializing!\n" RESET); - return status; // MariaDB connection specified but no configuration exists, return! + if (sa_mariadb_config == NULL) + { + status = CRYPTO_MARIADB_CONFIGURATION_NOT_COMPLETE; + printf(KRED "ERROR: CryptoLib MariaDB must be configured before intializing!\n" RESET); + return status; // MariaDB connection specified but no configuration exists, return! + } + sa_if = get_sa_interface_mariadb(); } - sa_if = get_sa_interface_mariadb(); + else + { + status = SADB_INVALID_SADB_TYPE; + return status; + } // TODO: Error stack } - else - { - status = SADB_INVALID_SADB_TYPE; - return status; - } // TODO: Error stack /* Crypto Interface */ // Determine which cryptographic module is in use From 9ccdde0ef90ce442973d7d1ba51215e3fba2c302 Mon Sep 17 00:00:00 2001 From: Donnie-Ice Date: Mon, 8 Jul 2024 18:33:31 +0000 Subject: [PATCH 073/174] [nasa/cryptolib#217] Added Build flag for mc log file name --- CMakeLists.txt | 7 +++++++ src/mc/internal/mc_interface_internal.template.c | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 8e32bcfa..aa1a2a14 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -24,6 +24,7 @@ project(crypto C) set(SA_CUSTOM_PATH_DEFAULT "../../sa/custom") set(KEY_CUSTOM_PATH_DEFAULT "../../key/custom") set(MC_CUSTOM_PATH_DEFAULT "../../mc/custom") +set(MC_LOG_PATH_DEFAULT "../../../log.txt") set(CRYPTO_CUSTOM_PATH_DEFAULT "../../crypto/custom") @@ -115,6 +116,12 @@ if(DEBUG) add_compile_options(-ggdb) endif() +if(NOT DEFINED MC_LOG_CUSTOM_PATH) + add_definitions(-DMC_LOG_PATH=${MC_LOG_PATH_DEFAULT}) +else() + add_definitions(-DMC_LOG_PATH=${MC_LOG_CUSTOM_PATH}) +endif() + IF(KMC_MDB_RH) ADD_DEFINITIONS(-DKMC_MDB_RH) ADD_DEFINITIONS(-DKMC_CFFI_EXCLUDE) diff --git a/src/mc/internal/mc_interface_internal.template.c b/src/mc/internal/mc_interface_internal.template.c index 170c9e6f..4514f964 100644 --- a/src/mc/internal/mc_interface_internal.template.c +++ b/src/mc/internal/mc_interface_internal.template.c @@ -53,7 +53,7 @@ static int32_t mc_initialize(void) int32_t status = CRYPTO_LIB_SUCCESS; /* Open log */ - mc_file_ptr = fopen("log.txt", "a"); + mc_file_ptr = fopen(MC_LOG_PATH, "a"); if (mc_file_ptr == NULL) { status = CRYPTO_LIB_ERR_MC_INIT; From 0d4322abc663e5a76629726ad0ba17c1a26c7b8a Mon Sep 17 00:00:00 2001 From: Donnie-Ice Date: Wed, 10 Jul 2024 18:41:52 +0000 Subject: [PATCH 074/174] [nasa/cryptolib#217] Modified build scripts to clear CMake cache before making --- CMakeLists.txt | 9 +++++---- src/mc/internal/mc_interface_internal.template.c | 2 +- support/scripts/build_internal.sh | 2 ++ support/scripts/build_kmc.sh | 2 ++ support/scripts/build_minimal.sh | 2 ++ support/scripts/build_rhel.sh | 2 ++ support/scripts/build_support.sh | 2 ++ support/scripts/build_wolf.sh | 2 ++ 8 files changed, 18 insertions(+), 5 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index aa1a2a14..b817c1e0 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -24,7 +24,7 @@ project(crypto C) set(SA_CUSTOM_PATH_DEFAULT "../../sa/custom") set(KEY_CUSTOM_PATH_DEFAULT "../../key/custom") set(MC_CUSTOM_PATH_DEFAULT "../../mc/custom") -set(MC_LOG_PATH_DEFAULT "../../../log.txt") +set(MC_LOG_PATH_DEFAULT "log.txt") set(CRYPTO_CUSTOM_PATH_DEFAULT "../../crypto/custom") @@ -116,10 +116,11 @@ if(DEBUG) add_compile_options(-ggdb) endif() -if(NOT DEFINED MC_LOG_CUSTOM_PATH) - add_definitions(-DMC_LOG_PATH=${MC_LOG_PATH_DEFAULT}) +if(DEFINED MC_LOG_CUSTOM_PATH) + message(STATUS "MC_LOG_CUSTOM_PATH set to: ${MC_LOG_CUSTOM_PATH}") + add_compile_definitions(MC_LOG_PATH="${MC_LOG_CUSTOM_PATH}") else() - add_definitions(-DMC_LOG_PATH=${MC_LOG_CUSTOM_PATH}) + add_compile_definitions(MC_LOG_PATH="${MC_LOG_PATH_DEFAULT}") endif() IF(KMC_MDB_RH) diff --git a/src/mc/internal/mc_interface_internal.template.c b/src/mc/internal/mc_interface_internal.template.c index 4514f964..974fd567 100644 --- a/src/mc/internal/mc_interface_internal.template.c +++ b/src/mc/internal/mc_interface_internal.template.c @@ -57,7 +57,7 @@ static int32_t mc_initialize(void) if (mc_file_ptr == NULL) { status = CRYPTO_LIB_ERR_MC_INIT; - printf(KRED "ERROR: Monitoring andcontrol initialization - internal failed\n" RESET); + printf(KRED "ERROR: Monitoring and control initialization - internal failed\n" RESET); } return status; diff --git a/support/scripts/build_internal.sh b/support/scripts/build_internal.sh index c6e326f2..91a8a5e3 100755 --- a/support/scripts/build_internal.sh +++ b/support/scripts/build_internal.sh @@ -9,4 +9,6 @@ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) source $SCRIPT_DIR/env.sh +rm $BASE_DIR/CMakeCache.txt + cmake $BASE_DIR -DCODECOV=1 -DDEBUG=1 -DMC_INTERNAL=1 -DTEST=1 -DTEST_ENC=1 -DSA_FILE=1 && make && make test diff --git a/support/scripts/build_kmc.sh b/support/scripts/build_kmc.sh index 95c1489f..2c18bd7a 100755 --- a/support/scripts/build_kmc.sh +++ b/support/scripts/build_kmc.sh @@ -9,4 +9,6 @@ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) source $SCRIPT_DIR/env.sh +rm $BASE_DIR/CMakeCache.txt + cmake $BASE_DIR -DCODECOV=1 -DDEBUG=1 -DCRYPTO_KMC=1 -DKEY_KMC=1 -DMC_DISABLED=1 -DSA_MARIADB=1 -DTEST=1 -DTEST_ENC=1 -DKMC_CFFI_EXCLUDE=1 -DSA_FILE=1 && make && make test diff --git a/support/scripts/build_minimal.sh b/support/scripts/build_minimal.sh index c07c09a3..f9781ae7 100755 --- a/support/scripts/build_minimal.sh +++ b/support/scripts/build_minimal.sh @@ -9,4 +9,6 @@ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) source $SCRIPT_DIR/env.sh +rm $BASE_DIR/CMakeCache.txt + cmake $BASE_DIR && make && make test diff --git a/support/scripts/build_rhel.sh b/support/scripts/build_rhel.sh index 94053036..9f711589 100755 --- a/support/scripts/build_rhel.sh +++ b/support/scripts/build_rhel.sh @@ -9,4 +9,6 @@ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) source $SCRIPT_DIR/env.sh +rm $BASE_DIR/CMakeCache.txt + cmake $BASE_DIR -DCODECOV=1 -DDEBUG=1 -DMC_INTERNAL=1 -DTEST=1 -DTEST_ENC=1 -DSA_FILE=1 && make && make test diff --git a/support/scripts/build_support.sh b/support/scripts/build_support.sh index 4e92ea6c..0392bd8f 100755 --- a/support/scripts/build_support.sh +++ b/support/scripts/build_support.sh @@ -9,4 +9,6 @@ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) source $SCRIPT_DIR/env.sh +rm $BASE_DIR/CMakeCache.txt + cmake $BASE_DIR -DCODECOV=1 -DDEBUG=1 -DSUPPORT=1 -DTEST=1 -DTEST_ENC=1 && make && make test diff --git a/support/scripts/build_wolf.sh b/support/scripts/build_wolf.sh index 0cae1611..a646e932 100755 --- a/support/scripts/build_wolf.sh +++ b/support/scripts/build_wolf.sh @@ -9,4 +9,6 @@ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) source $SCRIPT_DIR/env.sh +rm $BASE_DIR/CMakeCache.txt + cmake $BASE_DIR -DCODECOV=1 -DDEBUG=1 -DCRYPTO_LIBGCRYPT=0 -DCRYPTO_WOLFSSL=1 -DTEST=1 -DTEST_ENC=1 -DSA_FILE=1 && make && make test From 400089076f3ef4d675934854efa9d42c7ff6a666 Mon Sep 17 00:00:00 2001 From: Donnie-Ice Date: Mon, 15 Jul 2024 17:41:07 +0000 Subject: [PATCH 075/174] [nasa/cryptolib#197] Commented out wolfcrypt SIV related calls --- .../cryptography_interface_wolfssl.template.c | 138 +++++++++--------- 1 file changed, 69 insertions(+), 69 deletions(-) diff --git a/src/crypto/wolfssl/cryptography_interface_wolfssl.template.c b/src/crypto/wolfssl/cryptography_interface_wolfssl.template.c index 515b2352..30c49783 100644 --- a/src/crypto/wolfssl/cryptography_interface_wolfssl.template.c +++ b/src/crypto/wolfssl/cryptography_interface_wolfssl.template.c @@ -529,28 +529,28 @@ static int32_t cryptography_aead_encrypt(uint8_t* data_out, size_t len_data_out, break; // TODO: Confirm same process will be used - case CRYPTO_CIPHER_AES256_GCM_SIV: - status = wc_AesGcmSetKey(&enc, key, len_key); - if (status == 0) - { - if ((encrypt_bool == CRYPTO_TRUE) && (authenticate_bool == CRYPTO_TRUE)) - { - status = wc_AesGcmEncrypt(&enc, data_out, data_in, len_data_in, iv, iv_len, mac, mac_size, aad, aad_len); - } - else if (encrypt_bool == CRYPTO_TRUE) - { - status = wc_AesGcmEncrypt(&enc, data_out, data_in, len_data_in, iv, iv_len, mac, 16, aad, aad_len); - if (status == -180) - { // Special error case as Wolf will not accept a zero value for MAC size - status = CRYPTO_LIB_SUCCESS; - } - } - else if (authenticate_bool == CRYPTO_TRUE) - { - status = wc_AesGcmEncrypt(&enc, data_out, data_in, 0, iv, iv_len, mac, mac_size, aad, aad_len); - } - } - break; + // case CRYPTO_CIPHER_AES256_GCM_SIV: + // status = wc_AesGcmSetKey(&enc, key, len_key); + // if (status == 0) + // { + // if ((encrypt_bool == CRYPTO_TRUE) && (authenticate_bool == CRYPTO_TRUE)) + // { + // status = wc_AesGcmEncrypt(&enc, data_out, data_in, len_data_in, iv, iv_len, mac, mac_size, aad, aad_len); + // } + // else if (encrypt_bool == CRYPTO_TRUE) + // { + // status = wc_AesGcmEncrypt(&enc, data_out, data_in, len_data_in, iv, iv_len, mac, 16, aad, aad_len); + // if (status == -180) + // { // Special error case as Wolf will not accept a zero value for MAC size + // status = CRYPTO_LIB_SUCCESS; + // } + // } + // else if (authenticate_bool == CRYPTO_TRUE) + // { + // status = wc_AesGcmEncrypt(&enc, data_out, data_in, 0, iv, iv_len, mac, mac_size, aad, aad_len); + // } + // } + // break; case CRYPTO_CIPHER_AES256_CCM: status = CRYPTO_LIB_ERR_UNSUPPORTED_ACS; @@ -611,17 +611,17 @@ static int32_t cryptography_decrypt(uint8_t* data_out, size_t len_data_out, } break; - case CRYPTO_CIPHER_AES256_GCM_SIV: - status = wc_AesGcmSetKey(&dec, key, len_key); - if (status == 0) - { - status = wc_AesGcmDecrypt(&dec, data_out, data_in, len_data_in, iv, iv_len, calc_mac, 16, NULL, 0); - if (status == -180) - { // Special error case as Wolf will not accept a zero value for MAC size - status = CRYPTO_LIB_SUCCESS; - } - } - break; + // case CRYPTO_CIPHER_AES256_GCM_SIV: + // status = wc_AesGcmSetKey(&dec, key, len_key); + // if (status == 0) + // { + // status = wc_AesGcmDecrypt(&dec, data_out, data_in, len_data_in, iv, iv_len, calc_mac, 16, NULL, 0); + // if (status == -180) + // { // Special error case as Wolf will not accept a zero value for MAC size + // status = CRYPTO_LIB_SUCCESS; + // } + // } + // break; case CRYPTO_CIPHER_AES256_CBC: status = wc_AesSetKey(&dec, key, len_key, iv, AES_DECRYPTION); @@ -709,42 +709,42 @@ static int32_t cryptography_aead_decrypt(uint8_t* data_out, size_t len_data_out, } break; - case CRYPTO_CIPHER_AES256_GCM_SIV: - status = wc_AesGcmSetKey(&dec, key, len_key); - if (status == 0) - { - if ((decrypt_bool == CRYPTO_TRUE) && (authenticate_bool == CRYPTO_TRUE)) - { - // Added for now while assessing unit tests and requirements - if (mac_size > 0) - { - status = wc_AesGcmDecrypt(&dec, data_out, data_in, len_data_in, iv, iv_len, mac, mac_size, aad, aad_len); - } - else - { - status = wc_AesGcmDecrypt(&dec, data_out, data_in, len_data_in, iv, iv_len, mac, 16, aad, aad_len); - if (status == -180) - { // Special error case as Wolf will not accept a zero value for MAC size - status = CRYPTO_LIB_SUCCESS; - } - } - } - else if (decrypt_bool == CRYPTO_TRUE) - { - status = wc_AesGcmDecrypt(&dec, data_out, data_in, len_data_in, iv, iv_len, mac, 16, aad, aad_len); - if (status == -180) - { // Special error case as Wolf will not accept a zero value for MAC size - status = CRYPTO_LIB_SUCCESS; - } - } - else if (authenticate_bool == CRYPTO_TRUE) - { - status = wc_AesGcmDecrypt(&dec, data_out, data_in, len_data_in, iv, iv_len, mac, mac_size, aad, aad_len); - // If authentication only, don't decrypt the data. Just pass the data PDU through. - memcpy(data_out, data_in, len_data_in); - } - } - break; + // case CRYPTO_CIPHER_AES256_GCM_SIV: + // status = wc_AesGcmSetKey(&dec, key, len_key); + // if (status == 0) + // { + // if ((decrypt_bool == CRYPTO_TRUE) && (authenticate_bool == CRYPTO_TRUE)) + // { + // // Added for now while assessing unit tests and requirements + // if (mac_size > 0) + // { + // status = wc_AesGcmDecrypt(&dec, data_out, data_in, len_data_in, iv, iv_len, mac, mac_size, aad, aad_len); + // } + // else + // { + // status = wc_AesGcmDecrypt(&dec, data_out, data_in, len_data_in, iv, iv_len, mac, 16, aad, aad_len); + // if (status == -180) + // { // Special error case as Wolf will not accept a zero value for MAC size + // status = CRYPTO_LIB_SUCCESS; + // } + // } + // } + // else if (decrypt_bool == CRYPTO_TRUE) + // { + // status = wc_AesGcmDecrypt(&dec, data_out, data_in, len_data_in, iv, iv_len, mac, 16, aad, aad_len); + // if (status == -180) + // { // Special error case as Wolf will not accept a zero value for MAC size + // status = CRYPTO_LIB_SUCCESS; + // } + // } + // else if (authenticate_bool == CRYPTO_TRUE) + // { + // status = wc_AesGcmDecrypt(&dec, data_out, data_in, len_data_in, iv, iv_len, mac, mac_size, aad, aad_len); + // // If authentication only, don't decrypt the data. Just pass the data PDU through. + // memcpy(data_out, data_in, len_data_in); + // } + // } + // break; case CRYPTO_CIPHER_AES256_CCM: status = CRYPTO_LIB_ERR_UNSUPPORTED_ECS; From f36f5a1f6353c435f3e044abec413d837dcea72a Mon Sep 17 00:00:00 2001 From: "Lucas, John P." Date: Tue, 16 Jul 2024 21:00:29 -0400 Subject: [PATCH 076/174] [nasa/cryptolib#197] Update docker file to install gpg-error and libgcrypt from tar.bz2 files; --- support/Dockerfile | 49 +++++++++++++++++++++++++--------------------- 1 file changed, 27 insertions(+), 22 deletions(-) diff --git a/support/Dockerfile b/support/Dockerfile index b92f2856..08b55592 100644 --- a/support/Dockerfile +++ b/support/Dockerfile @@ -5,13 +5,11 @@ # ARG WOLFSSL_VERSION=5.6.0-stable -FROM ubuntu +FROM ubuntu:jammy-20240212 AS CL0 -ARG WOLFSSL_VERSION - -RUN set -eux \ - # install deps - && buildDeps=' \ +ARG DEBIAN_FRONTEND=noninteractive +RUN apt-get update -y \ + && apt-get install -y \ autoconf \ automake \ ca-certificates \ @@ -26,25 +24,39 @@ RUN set -eux \ libcurl4-openssl-dev \ libmariadb-dev \ libmariadb-dev-compat \ - libgcrypt20-dev \ libtool \ make \ python3-dev \ python3-pip \ unzip \ - ' \ - && apt-get update \ - && apt-get install -y --no-install-recommends $buildDeps \ - && rm -r /var/lib/apt/lists/* \ + && rm -rf /var/lib/apt/lists/* \ + && pip3 install pycryptodome + +FROM CL0 AS CL1 +ARG GPG_ERROR_VERSION=1.50 +ARG GCRYPT_VERSION=1.11.0 +RUN curl \ + -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-${GPG_ERROR_VERSION}.tar.bz2 \ + -o /tmp/libgpg-error-${GPG_ERROR_VERSION}.tar.bz2 \ + && tar -xjf /tmp/libgpg-error-${GPG_ERROR_VERSION}.tar.bz2 -C /tmp/ \ + && cd /tmp/libgpg-error-${GPG_ERROR_VERSION} \ + && ./configure \ + && make install \ + && curl \ + -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-${GCRYPT_VERSION}.tar.bz2 \ + -o /tmp/libgcrypt-${GCRYPT_VERSION}.tar.bz2 \ + && tar -xjf /tmp/libgcrypt-${GCRYPT_VERSION}.tar.bz2 -C /tmp/ \ + && cd /tmp/libgcrypt-${GCRYPT_VERSION} \ + && ./configure \ + && make install - # download source files - && curl \ +FROM CL1 AS CL2 +ARG WOLFSSL_VERSION=5.6.0-stable +RUN curl \ -LS https://github.com/wolfSSL/wolfssl/archive/v${WOLFSSL_VERSION}.zip \ -o v${WOLFSSL_VERSION}.zip \ && unzip v${WOLFSSL_VERSION}.zip \ && rm v${WOLFSSL_VERSION}.zip \ - - # build and install wolfssl && cd wolfssl-${WOLFSSL_VERSION} \ && mkdir -p build \ && cd build \ @@ -52,10 +64,3 @@ RUN set -eux \ && cmake --build . \ && make install \ && ldconfig - - # cleanup - #&& cd .. \ - #&& rm -r wolfssl-${WOLFSSL_VERSION} - #&& apt-get purge -y --auto-remove $buildDeps - -RUN pip3 install pycryptodome From 6b37e33e39b902e8de72340aea7f1f7146be5dba Mon Sep 17 00:00:00 2001 From: Donovan Ice <77851621+Donnie-Ice@users.noreply.github.com> Date: Wed, 17 Jul 2024 13:40:00 -0400 Subject: [PATCH 077/174] [nasa/cryptolib#259] Added logo to README --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 6e7da057..c2609f29 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,8 @@ ![Build](https://github.com/nasa/CryptoLib/actions/workflows/build.yml/badge.svg) [![CodeCov](https://codecov.io/gh/nasa/CryptoLib/branch/main/graph/badge.svg?token=KCOMCQO0ZU)](https://codecov.io/gh/nasa/CryptoLib) +![CryptoLib logo Final All orange](https://github.com/user-attachments/assets/fc02870b-e2d2-4577-83c2-78985d5fbdd6) + # CryptoLib Provide a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. From a29dd8f0b4c015113297ef954e8f4054621cc67e Mon Sep 17 00:00:00 2001 From: Donnie-Ice Date: Wed, 17 Jul 2024 17:57:25 +0000 Subject: [PATCH 078/174] [nasa/cryptolib#197] Corrected mode in algorithm switch statement --- .../libgcrypt/cryptography_interface_libgcrypt.template.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/crypto/libgcrypt/cryptography_interface_libgcrypt.template.c b/src/crypto/libgcrypt/cryptography_interface_libgcrypt.template.c index 3a9eab5e..e25d224b 100644 --- a/src/crypto/libgcrypt/cryptography_interface_libgcrypt.template.c +++ b/src/crypto/libgcrypt/cryptography_interface_libgcrypt.template.c @@ -1057,7 +1057,7 @@ int32_t cryptography_get_ecs_mode(int8_t algo_enum) mode = GCRY_CIPHER_MODE_GCM; break; case CRYPTO_CIPHER_AES256_GCM_SIV: - mode = GCRY_CIPHER_MODE_GCM; + mode = GCRY_CIPHER_MODE_GCM_SIV; break; case CRYPTO_CIPHER_AES256_CBC: mode = GCRY_CIPHER_MODE_CBC; From 15c0364a2425aafd352e6efb6e8408df70c3bdb8 Mon Sep 17 00:00:00 2001 From: Donnie-Ice Date: Thu, 18 Jul 2024 21:33:17 +0000 Subject: [PATCH 079/174] [nasa/cryptolib#197] Added aes_gcm_siv unit test files (utest throwing errors, in progress) --- test/CMakeLists.txt | 4 +++ test/include/ut_aes_gcm_siv.h | 18 ++++++++++++ test/unit/ut_aes_gcm_siv.c | 52 +++++++++++++++++++++++++++++++++++ 3 files changed, 74 insertions(+) create mode 100644 test/include/ut_aes_gcm_siv.h create mode 100644 test/unit/ut_aes_gcm_siv.c diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt index ac9352a8..5e247bdb 100644 --- a/test/CMakeLists.txt +++ b/test/CMakeLists.txt @@ -21,6 +21,10 @@ set(PROJECT_TEST_DIR ${CMAKE_BINARY_DIR}) # COMMAND ${PROJECT_BINARY_DIR}/bin/process_security tc ${PROJECT_TEST_DIR}/data/tc4.1.dat # WORKING_DIRECTORY ${PROJECT_TEST_DIR}) +add_test(NAME UT_AES_GCM_SIV + COMMAND ${PROJECT_BINARY_DIR}/bin/ut_aes_gcm_siv + WORKING_DIRECTORY ${PROJECT_TEST_DIR}) + add_test(NAME UT_TC_APPLY COMMAND ${PROJECT_BINARY_DIR}/bin/ut_tc_apply WORKING_DIRECTORY ${PROJECT_TEST_DIR}) diff --git a/test/include/ut_aes_gcm_siv.h b/test/include/ut_aes_gcm_siv.h new file mode 100644 index 00000000..99fb7572 --- /dev/null +++ b/test/include/ut_aes_gcm_siv.h @@ -0,0 +1,18 @@ +#ifndef CRYPTOLIB_UT_AES_GCM_SIV_H +#define CRYPTOLIB_UT_AES_GCM_SIV_H + +#ifdef __cplusplus +extern "C" +{ +#endif + +#include "crypto.h" +#include "shared_util.h" +#include +#include "cryptography_interface.h" + +#ifdef __cplusplus +} /* Close scope of 'extern "C"' declaration which encloses file. */ +#endif + +#endif //CRYPTOLIB_UT_AES_GCM_SIV_H \ No newline at end of file diff --git a/test/unit/ut_aes_gcm_siv.c b/test/unit/ut_aes_gcm_siv.c new file mode 100644 index 00000000..a36c8e5f --- /dev/null +++ b/test/unit/ut_aes_gcm_siv.c @@ -0,0 +1,52 @@ +// /* Copyright (C) 2009 - 2022 National Aeronautics and Space Administration. +// All Foreign Rights are Reserved to the U.S. Government. + +// This software is provided "as is" without any warranty of any kind, either expressed, implied, or statutory, +// including, but not limited to, any warranty that the software will conform to specifications, any implied warranties +// of merchantability, fitness for a particular purpose, and freedom from infringement, and any warranty that the +// documentation will conform to the program, or any warranty that the software will be error free. + +// In no event shall NASA be liable for any damages, including, but not limited to direct, indirect, special or +// consequential damages, arising out of, resulting from, or in any way connected with the software or its +// documentation, whether or not based upon warranty, contract, tort or otherwise, and whether or not loss was sustained +// from, or arose out of the results of, or use of, the software, documentation or services provided hereunder. + +// ITC Team +// NASA IV&V +// jstar-development-team@mail.nasa.gov +// */ + +#include "ut_aes_gcm_siv.h" +#include "crypto.h" +#include "crypto_error.h" +#include "sa_interface.h" +#include "utest.h" + +/** + * @brief Unit Test: Crypto ECS Get Algorithm response for AES-GCM-SIV + **/ +UTEST(AES_GCM_SIV, GET_ECS_ALGO_SIV) +{ + remove("sa_save_file.bin"); + int32_t libgcrypt_algo = -1; + int8_t crypto_algo = CRYPTO_CIPHER_AES256_GCM_SIV; + + // Convert CRYPTOAES enum to GCRY_CIPHER_AES256 + //libgcrypt_algo = cryptography_if->cryptography_get_ecs_algo(crypto_algo); + //ASSERT_EQ(libgcrypt_algo, GCRY_CIPHER_AES256); + + libgcrypt_algo = cryptography_if->cryptography_get_ecs_algo(crypto_algo); + ASSERT_EQ(libgcrypt_algo, 9); +} + +/** + * @brief Unit Test: Crypto ECS Get Algorithm key length response for AES-GCM-SIV + **/ +UTEST(AES_GCM_SIV, GET_ECS_ALGO_KEY_LEN_SIV) +{ + remove("sa_save_file.bin"); + int32_t algo_keylen = -1; + uint8_t crypto_algo = CRYPTO_CIPHER_AES256_GCM_SIV; + algo_keylen = Crypto_Get_ACS_Algo_Keylen(crypto_algo); + ASSERT_EQ(algo_keylen, 32); +} \ No newline at end of file From a5974fa3febc760bb4fa400d328ab3e7d49527f4 Mon Sep 17 00:00:00 2001 From: "Lucas, John P." Date: Fri, 19 Jul 2024 07:18:09 -0400 Subject: [PATCH 080/174] [nasa/cryptolib#222] Created a draft set of requirements in markdown format - traceability to unit tests to be added in future; --- doc/requirements.md | 83 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 83 insertions(+) create mode 100644 doc/requirements.md diff --git a/doc/requirements.md b/doc/requirements.md new file mode 100644 index 00000000..f9a2b04c --- /dev/null +++ b/doc/requirements.md @@ -0,0 +1,83 @@ +# CryptoLib Requirements + +Note this is in draft form and is not yet traceable to the unit tests. + +# General +* CryptoLib shall provide initialization function(s) for the setup of the library. +* CryptoLib shall provide apply security functions for each supported frame type. +* CryptoLib shall provide process security functions for each supported frame type. +* CryptoLib shall provide teardown function(s) for the cleanup of the library. +* CryptoLib shall maintain separation of modules for cryptography, key management, monitoring and control, and security associations that can be configured at build time for use. +* CryptoLib shall maintain a custom option for each module type for users to develop specific implementations. +* CryptoLib shall adhere to the CCSDS Space Data Link Security standard (CCSDS 355.0-B-2) Protocl Implementation Conformance Statements (PICS). +* CryptoLib shall adhere to the CCSDS Space Data Link Security Extended Procedures standard (CCSDS 355.1-B-1) Protocol Implementation Conformance Statements (PICS). + +# CCSDS SDLS PICS +* A4/1 - CryptoLib shall support the TM Space Data Link Protocol. +* A4/2 - CryptoLib shall support the TC Space Data Link Protocol. +* A4/3 - CryptoLib shall support the AOS Space Data Link Protocol. +* A5/1 - The CryptoLib cryptography module shall support encryption. +* A5/2 - The CryptoLib cryptography module shall support authentication. +* A5/3 - The CryptoLib cryptography module shall support authenticated encryption. +* A6/1 - CryptoLib shall maintain the global virtual channel ID (GVCID) as part of the security association management data. +* A6/2 - CryptoLib shall maintain the global multiplexer access point identifier (GMAP_ID) as part of the security association management data. +* A6/3 - CryptoLib shall maintain the security parameter index (SPI) identifying the security association (SA) applicable to a frame as part of the SA management data. +* A6/4 - CryptoLib shall maintain the security association service type (SA_service_type) indicating the cryptographic function(s) specified for the SA as part of the security association management data. +* A6/5 - CryptoLib shall maintain the security association sequence number length (SA_length_SN) indicating the length of the sequence number field in the security header as part of the security association management data. +* A6/6 - CryptoLib shall maintain the security association initialization vector length (SA_length_IV) indicating the length of the initialization vector field in the security header as part of the security association management data. +* A6/7 - CryptoLib shall maintain the security association pad length (SA_length_PL) indicating the length of the pad length field in the security header as part of the security association management data. +* A6/8 - CryptoLib shall maintain the security association message authentication code length (SA_length_MAC) indicating the length of the MAC field in the security trailer as part of the security association management data. +* A6/9 - CryptoLib shall maintain the security association authentication algorithm and mode of operation as part of the security association management data. +* A6/10 - CryptoLib shall maintain the security association authentication key or index that refers to the actual key as part of the security association management data. +* A6/11 - CryptoLib shall maintain the security association authentication mask parameter indicating the value of a provided bit mask that is applied against the Transfer Frame in a bitwise-AND operation to generate an Authentication Payload as part of the security association management data. +* A6/12 - CryptoLib shall maintain the security association sequence number indicating the present value of a managed anti-replay sequence counter as part of the security association management data. +* A6/13 - CryptoLib shall maintain the security association sequence window indicating the amount of deviation the receiving end will accept between the expected anti-replay sequence number in a received frame as part of the security association management data. +* A6/14 - CryptoLib shall maintain the security association encryption algorithm and mode of operation as part of the security association management data. +* A6/15 - CryptoLib shall maintain the security association encryption key or index that refers to the actual key as part of the security association management data. +* A6/16 - CryptoLib shall maintain the security association initialization vector indicating the present value of a managed initialization vector field as part of the security association management data. +* A7/1 - CryptoLib shall have apply security functions for each transfer frame type supported that contains input parameters of a payload containing the partially formatted frame and the identifiers of the Virtual Channel and the MAP channel (for TC only). +* A7/2 - CryptoLib shall have process security functions for each transfer frame type supported that contains input parameters of a payload containing the frame and the identifiers of the Virtual Channel and the MAP channel (for TC only). +* A7.1.1/1 - CryptoLib's TM apply security payload shall consist of the first octet of the transfer frame primary header to the last octet of the fixed-length protocol data unit of the TM frame. +* A7.1.1/2 - CryptoLib's TC apply security payload shall consist of the first octet of the transfer frame primary header to the last octet of the transfer frame data field. +* A7.1.1/3 - CryptoLib's AOS apply security payload shall consist of the first octet of the transfer frame primary header to the last octet of the transfer frame data field. +* A7.1.1/5 - CryptoLib's apply security functions shall confirm the managed security association data matches the global virtual channel identifier (GVCID) parameter in the partially formatted transfer frame contained in the apply security payload. +* A7.1.1/6 - CryptoLib's TC apply security function shall confirm the global multiplexer access point identifier (GMAP_ID) parameter determined by the GVCID in the partially formatted transfer frame in the TC apply security payload is valid if the virtual channel specified is using segment headers. +* A7.1.1/7 - CryptoLib's TC apply security function transfer frame data field shall be plaintext if the cryptographic algorithm is authenticated encryption. +* A7.1.1/8 - CryptoLib's TC apply security function additional authenticated data (AAD) shall be the portion from the first octet of the Authentication Payload to the octet immediately preceding the Transfer Frame Data Field. +* A7.1.1/9 - CryptoLib's TC apply security function shall encrypt the Transfer Frame Data Field if encryption is selected for the security association in use. +* A7.1.1/10 - CryptoLib's TC apply security function shall place the number of fill bytes used into the Pad Length field of the Security Header if the algorithm and mode selected for the security association in use require. +* A7.1.1/11 - CryptoLib's TC apply security function shall increment the SA's managed sequence number by one if authentication is selected for the security association in use. +* A7.1.1/12 - CryptoLib's TC apply security function shall expect the managed sequence number in the Sequence Number field of the Security header, unless the security association (SA) specified use of the Initialization Vector field of the Security header instead if authentication is selected for an SA. +* A7.1.1/13 - CryptoLib's TC apply security function shall complete the Security Header for each transfer frame if authentication is selected for the security association in use. +* A7.1.1/14 - CryptoLib's TC apply security function shall apply the security association's (SA) authentication bit mask in a bitwise-AND operation against the partial frame if authentication is selected for the SA in use. +* A7.1.1/15 - CryptoLib's TC apply security function shall compute a MAC over the authentication payload if authentication is selected for the security association in use. +* A7.1.1/16 - CryptoLib's TC apply security function shall truncate the least-significant bits of the computed MAC, if necessary, if authentication is selected for the security association in use. +* A7.1.1/18 - CryptoLib's TC apply security function shall return a unique status to the caller per error type. +* A7.1.2/1 - CryptoLib's TM process security payload shall consist of the first octet of the transfer frame primary header to the last octet of the security trailer, if present, or the last octet of the Transfer Frame Data Field. +* A7.1.2/2 - CryptoLib's TC process security payload shall consist of the first octet of the transfer frame primary header to the last octet of the security trailer, if present, or the last octet of the Transfer Frame Data Field. +* A7.1.2/3 - CryptoLib's AOS process security payload shall consist of the first octet of the transfer frame primary header to the last octet of the security trailer, if present, or the last octet of the Transfer Frame Data Field. +* A7.1.2/5 - CryptoLib's process security functions shall confirm the managed security association data matches the global virtual channel identifier (GVCID) parameter in the partially formatted transfer frame contained in the apply security payload. +* A7.1.2/6 - CryptoLib's TC process security function shall confirm the global multiplexer access point identifier (GMAP_ID) parameter determined by the GVCID in the partially formatted transfer frame in the TC process security payload is valid if the virtual channel specified is using segment headers. +* A7.1.2/7 - CryptoLib's process security functions shall discard frames with wrong security associations and report exceptions. +* A7.1.2/8 - CryptoLib's process security function transfer frame data field shall be plaintext if the cryptographic algorithm is authenticated encryption. +* A7.1.2/9 - CryptoLib's process security function additional authenticated data (AAD) shall be the portion from the first octet of the Authentication Payload to the octet immediately preceding the Transfer Frame Data Field. +* A7.1.2/10 - CryptoLib's process security function shall apply the security association's (SA) authentication bit mask in a bitwise-AND operation against the partial frame if authentication is selected for the SA in use. +* A7.1.2/12 - CryptoLib's process security function shall compute a MAC over the authentication payload if authentication is selected for the security association in use. +* A7.1.2/13 - CryptoLib's process security function shall truncate the least-significant bits of the computed MAC, if necessary, if authentication is selected for the security association in use. +* A7.1.2/14 - CryptoLib's process security function shall verify that the computed MAC matches the MAC received in the Security Trailer if authentication is selected for the security association in use. +* A7.1.2/15 - CryptoLib's process security function shall report an exception to the service user for frames in which the received frame fails MAC verification and discard those frame if authentication is selected for the SA in use. +* A7.1.2/18 - CryptoLib's process security function shall extract the received sequence number from either the Sequence Number field of the Initialization Vector field of the Security Header according to the options specified for that SA if authentication is selected for the SA in use. +* A7.1.2/19 - CryptoLib's process security function shall compare the received sequence number to the managed sequence number if authentication is selected for the SA in use. +* A7.1.2/20 - CryptoLib's process security function shall report an exception to the service user for frames in which the received sequence number is larger than the managed sequence number by a value greater than teh window defined for that SA and discard those frames if authentication is selected for the SA in use. +* A7.1.2/23 - CryptoLib's process security function shall replace the managed sequence number with the received sequence number if the frame passes verification operations and if authentication is selected for the SA in use. +* A7.1.2/25 - CryptoLib's process security function shall decrypt the Transfer Frame Data Field if encryption is selected for the SA in use. +* A7.1.2/26 - CryptoLib's process security function shall extract the count of fill bytes used from the Pad Length field of the Security Header, and remove those fill bytes from the Frame Data field to be returned if encryption is selected for the SA in use. +* A7.1.2/27 - CryptoLib's process security function shall return a unique status to the caller per error type. +* A8.1/1 - CryptoLib's security header shall consist of one mandatory security parameter index in bits 0-15. +* A8.1/2 - CryptoLib's security header may contain an option field of the initialization vector following the SPI. +* A8.1/3 - CryptoLib's security header may contain an option field of the sequence number following the initialization vector. +* A8.1/4 - CryptoLib's security header may contain an option field of the pad length following the sequence number. +* A8.2/1 - CryptoLib's security trailer shall define the presence or absence of the MAC based on a virtual channel or MAP in the security association parameters. + +# CCSDS SDLS-EP PICS +* ... From 3d29e527767c7fe1dce4dacca70ea3bccc70b6b3 Mon Sep 17 00:00:00 2001 From: Donnie-Ice Date: Mon, 22 Jul 2024 15:15:21 +0000 Subject: [PATCH 081/174] [nasa/cryptolib#197] Added missing call to UTEST_MAIN() --- test/unit/ut_aes_gcm_siv.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/test/unit/ut_aes_gcm_siv.c b/test/unit/ut_aes_gcm_siv.c index a36c8e5f..bc78f3b7 100644 --- a/test/unit/ut_aes_gcm_siv.c +++ b/test/unit/ut_aes_gcm_siv.c @@ -49,4 +49,6 @@ UTEST(AES_GCM_SIV, GET_ECS_ALGO_KEY_LEN_SIV) uint8_t crypto_algo = CRYPTO_CIPHER_AES256_GCM_SIV; algo_keylen = Crypto_Get_ACS_Algo_Keylen(crypto_algo); ASSERT_EQ(algo_keylen, 32); -} \ No newline at end of file +} + +UTEST_MAIN(); \ No newline at end of file From abe294737889ddeee18b95a7c2188cdffdd1c814 Mon Sep 17 00:00:00 2001 From: Donnie-Ice Date: Mon, 22 Jul 2024 15:47:44 +0000 Subject: [PATCH 082/174] [nasa/cryptolib#264] Resolved non-erroring seg faults in unit tests --- test/CMakeLists.txt | 8 ++++---- test/unit/ut_aes_gcm_siv.c | 29 +++++++++++++---------------- test/unit/ut_crypto.c | 2 ++ 3 files changed, 19 insertions(+), 20 deletions(-) diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt index 5e247bdb..05e82830 100644 --- a/test/CMakeLists.txt +++ b/test/CMakeLists.txt @@ -21,10 +21,6 @@ set(PROJECT_TEST_DIR ${CMAKE_BINARY_DIR}) # COMMAND ${PROJECT_BINARY_DIR}/bin/process_security tc ${PROJECT_TEST_DIR}/data/tc4.1.dat # WORKING_DIRECTORY ${PROJECT_TEST_DIR}) -add_test(NAME UT_AES_GCM_SIV - COMMAND ${PROJECT_BINARY_DIR}/bin/ut_aes_gcm_siv - WORKING_DIRECTORY ${PROJECT_TEST_DIR}) - add_test(NAME UT_TC_APPLY COMMAND ${PROJECT_BINARY_DIR}/bin/ut_tc_apply WORKING_DIRECTORY ${PROJECT_TEST_DIR}) @@ -61,6 +57,10 @@ add_test(NAME UT_TM_PROCESS COMMAND ${PROJECT_BINARY_DIR}/bin/ut_tm_process WORKING_DIRECTORY ${PROJECT_TEST_DIR}) +add_test(NAME UT_AES_GCM_SIV + COMMAND ${PROJECT_BINARY_DIR}/bin/ut_aes_gcm_siv + WORKING_DIRECTORY ${PROJECT_TEST_DIR}) + if(SA_FILE) add_test(NAME UT_SA_SAVE COMMAND ${PROJECT_BINARY_DIR}/bin/ut_sa_save diff --git a/test/unit/ut_aes_gcm_siv.c b/test/unit/ut_aes_gcm_siv.c index bc78f3b7..516e35db 100644 --- a/test/unit/ut_aes_gcm_siv.c +++ b/test/unit/ut_aes_gcm_siv.c @@ -22,33 +22,30 @@ #include "sa_interface.h" #include "utest.h" +/** + * @brief Unit Test: Crypto ECS Get Algorithm key length response for AES-GCM-SIV + **/ +UTEST(AES_GCM_SIV, GET_ECS_ALGO_KEY_LEN_SIV) +{ + remove("sa_save_file.bin"); + int32_t algo_keylen = -1; + uint8_t crypto_algo = CRYPTO_CIPHER_AES256_GCM_SIV; + algo_keylen = Crypto_Get_ACS_Algo_Keylen(crypto_algo); + ASSERT_EQ(algo_keylen, 32); +} + /** * @brief Unit Test: Crypto ECS Get Algorithm response for AES-GCM-SIV **/ UTEST(AES_GCM_SIV, GET_ECS_ALGO_SIV) { remove("sa_save_file.bin"); + Crypto_Init_TC_Unit_Test(); int32_t libgcrypt_algo = -1; int8_t crypto_algo = CRYPTO_CIPHER_AES256_GCM_SIV; - - // Convert CRYPTOAES enum to GCRY_CIPHER_AES256 - //libgcrypt_algo = cryptography_if->cryptography_get_ecs_algo(crypto_algo); - //ASSERT_EQ(libgcrypt_algo, GCRY_CIPHER_AES256); libgcrypt_algo = cryptography_if->cryptography_get_ecs_algo(crypto_algo); ASSERT_EQ(libgcrypt_algo, 9); } -/** - * @brief Unit Test: Crypto ECS Get Algorithm key length response for AES-GCM-SIV - **/ -UTEST(AES_GCM_SIV, GET_ECS_ALGO_KEY_LEN_SIV) -{ - remove("sa_save_file.bin"); - int32_t algo_keylen = -1; - uint8_t crypto_algo = CRYPTO_CIPHER_AES256_GCM_SIV; - algo_keylen = Crypto_Get_ACS_Algo_Keylen(crypto_algo); - ASSERT_EQ(algo_keylen, 32); -} - UTEST_MAIN(); \ No newline at end of file diff --git a/test/unit/ut_crypto.c b/test/unit/ut_crypto.c index e4ab24f8..1f1dfe60 100644 --- a/test/unit/ut_crypto.c +++ b/test/unit/ut_crypto.c @@ -274,6 +274,7 @@ UTEST(CRYPTO_C, EXT_PROC_PDU) UTEST(CRYPTO_C, GET_ACS_ALGO) { remove("sa_save_file.bin"); + Crypto_Init_TC_Unit_Test(); int32_t libgcrypt_algo = -1; uint8_t crypto_algo = CRYPTO_MAC_CMAC_AES256; @@ -312,6 +313,7 @@ UTEST(CRYPTO_C, GET_ACS_ALGO_KEY_LEN) UTEST(CRYPTO_C, GET_ECS_ALGO) { remove("sa_save_file.bin"); + Crypto_Init_TC_Unit_Test(); int32_t libgcrypt_algo = -1; int8_t crypto_algo = CRYPTO_CIPHER_AES256_GCM; From a8ec6ec20a93548ce470015e3c9b194a4d910c93 Mon Sep 17 00:00:00 2001 From: Donnie-Ice Date: Thu, 25 Jul 2024 19:01:17 +0000 Subject: [PATCH 083/174] [nasa/cryptolib#197] Added AES-GCM-SIV Encryption Unit Tests --- test/unit/ut_aes_gcm_siv.c | 282 ++++++++++++++++++++++++++++++++++++- 1 file changed, 281 insertions(+), 1 deletion(-) diff --git a/test/unit/ut_aes_gcm_siv.c b/test/unit/ut_aes_gcm_siv.c index 516e35db..e2c4282e 100644 --- a/test/unit/ut_aes_gcm_siv.c +++ b/test/unit/ut_aes_gcm_siv.c @@ -1,4 +1,4 @@ -// /* Copyright (C) 2009 - 2022 National Aeronautics and Space Administration. +// /* Copyright (C) 2009 - 2022 National Aeronautics and Space Admirfcration. // All Foreign Rights are Reserved to the U.S. Government. // This software is provided "as is" without any warranty of any kind, either expressed, implied, or statutory, @@ -32,6 +32,7 @@ UTEST(AES_GCM_SIV, GET_ECS_ALGO_KEY_LEN_SIV) uint8_t crypto_algo = CRYPTO_CIPHER_AES256_GCM_SIV; algo_keylen = Crypto_Get_ACS_Algo_Keylen(crypto_algo); ASSERT_EQ(algo_keylen, 32); + Crypto_Shutdown(); } /** @@ -46,6 +47,285 @@ UTEST(AES_GCM_SIV, GET_ECS_ALGO_SIV) libgcrypt_algo = cryptography_if->cryptography_get_ecs_algo(crypto_algo); ASSERT_EQ(libgcrypt_algo, 9); + Crypto_Shutdown(); +} + +// char* raw_tc_sdls_ping_h = "20030015000080d2c70008197f0b00310000b1fe3128"; +// // 02003001500 = Primary Header +// // 0010 0000 0000 0011 0000 0000 0001 0101 0000 0000 = Header in Bits +// // [0-1] = TFVN = 00 +// // [2] = Bypass Flag = 1 +// // [3] = Control Command Flag = 0 +// // [4-5] = RSVD Spare = 00 +// // [6-15] = SCID = 00 0000 0011 = 3 +// // [16-21] = VCID = 0000 00 +// // [22-31] = Frame Length = 00 0001 0101 = 21 +// // [32-39] = Frame Sequence Number = 0000 0000 +// // 0080d2c70008197f0b00310000b1fe3128 = data +// // 0000 0000 1000 0000 1101 0010 1100 0111 0000 0000 0000 1000 0001 1001 0111 1111 0000 1011 0000 0000 0011 0001 0000 0000 0000 0000 1011 0001 1111 1110 0011 0001 0010 1000 +// // + +/** + * @brief Validation Test: AEAD_AES_256_GCM_SIV Test Vectors + * Reference: + * https://datatracker.ietf.org/doc/rfc8452/?include_text=1 C.2. Second Example + * Recreated test vectors with https://github.com/line/aes-gcm-siv/tree/master, then input CryptoLib test vectors to generate truth data. + **/ +UTEST(AES_GCM_SIV, AES_GCM_SIV_256_KEY_32_PT_8_ENC_TEST_1) +{ + remove("sa_save_file.bin"); + uint8_t* ptr_enc_frame = NULL; + uint16_t enc_frame_len = 0; + // Setup & Initialize CryptoLib + // Crypto_Init_TC_Unit_Test(); + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, + TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_NO_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_NO_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Init(); + SaInterface sa_if = get_sa_interface_inmemory(); + crypto_key_t* ekp = NULL; + + // RFC supplied vectors + // NOTE: Added Transfer Frame header to the plaintext + char* buffer_rfc_pt_h = "2003000c000100000000000000"; + char* buffer_rfc_aad_h = ""; + char* buffer_rfc_key_h = "0100000000000000000000000000000000000000000000000000000000000000"; + char* buffer_rfc_nonce_h = "030000000000000000000000"; + char* buffer_rfc_ct_h = "4fa7a4cb7d3434f8a2855b40016daccb62a454551878fc26"; + uint8_t* buffer_rfc_pt_b, *buffer_rfc_aad_b, *buffer_rfc_key_b, *buffer_rfc_nonce_b, *buffer_rfc_ct_b = NULL; + int buffer_rfc_pt_len, buffer_rfc_aad_len, buffer_rfc_key_len, buffer_rfc_nonce_len, buffer_rfc_ct_len = 0; + + // Expose/setup SAs for testing + SecurityAssociation_t* test_association = NULL; + test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); + // Deactivate SA 1 + sa_if->sa_get_from_spi(1, &test_association); + test_association->sa_state = SA_NONE; + // Activate SA 9 + sa_if->sa_get_from_spi(9, &test_association); + test_association->arsn_len = 0; + test_association->sa_state = SA_OPERATIONAL; + test_association->ast = 1; + test_association->est = 1; + test_association->ecs_len = 1; + test_association->ecs = CRYPTO_CIPHER_AES256_GCM_SIV; + test_association->acs_len = 1; + test_association->acs = CRYPTO_MAC_CMAC_AES256; + test_association->stmacf_len = 16; + + // Insert key into keyring of SA 9 + hex_conversion(buffer_rfc_key_h, (char**) &buffer_rfc_key_b, &buffer_rfc_key_len); + ekp = key_if->get_key(test_association->ekid); + memcpy(ekp->value, buffer_rfc_key_b, buffer_rfc_key_len); + + // Convert input plaintext + // TODO: Account for length of header and FECF (5+2) + hex_conversion(buffer_rfc_pt_h, (char**) &buffer_rfc_pt_b, &buffer_rfc_pt_len); + // Convert/Set input AAD + hex_conversion(buffer_rfc_aad_h, (char**) &buffer_rfc_aad_b, &buffer_rfc_aad_len); + memcpy(test_association->abm, buffer_rfc_aad_b + 5, buffer_rfc_aad_len); + hex_conversion(buffer_rfc_nonce_h, (char**) &buffer_rfc_nonce_b, &buffer_rfc_nonce_len); + memcpy(test_association->iv, buffer_rfc_nonce_b, buffer_rfc_nonce_len); + // Convert input ciphertext + hex_conversion(buffer_rfc_ct_h, (char**) &buffer_rfc_ct_b, &buffer_rfc_ct_len); + + Crypto_TC_ApplySecurity(buffer_rfc_pt_b, buffer_rfc_pt_len, &ptr_enc_frame, &enc_frame_len); + // Note: For comparison, interested in the TF payload (exclude headers and FECF if present) + // Calc payload index: total length - pt length + uint16_t enc_data_idx = enc_frame_len - buffer_rfc_ct_len; + Crypto_Shutdown(); + for (int i = 0; i < buffer_rfc_pt_len - 7; i++) + { + printf("[%d]: %02x -> %02x \n", i, *(ptr_enc_frame + enc_data_idx), buffer_rfc_ct_b[i]); + ASSERT_EQ(*(ptr_enc_frame + enc_data_idx), buffer_rfc_ct_b[i]); + enc_data_idx++; + } + //ASSERT_EQ(1,0); + free(ptr_enc_frame); + free(buffer_rfc_pt_b); + free(buffer_rfc_aad_b); + free(buffer_rfc_nonce_b); + free(buffer_rfc_ct_b); + free(buffer_rfc_key_b); +} + +/** + * @brief Validation Test: AEAD_AES_256_GCM_SIV Test Vectors + * Reference: + * https://datatracker.ietf.org/doc/rfc8452/?include_text=1 C.2. + * Recreated test vectors with https://github.com/line/aes-gcm-siv/tree/master, then input CryptoLib test vectors to generate truth data. + **/ +UTEST(AES_GCM_SIV, AES_GCM_SIV_256_KEY_32_PT_8_ENC_TEST_2) +{ + remove("sa_save_file.bin"); + uint8_t* ptr_enc_frame = NULL; + uint16_t enc_frame_len = 0; + // Setup & Initialize CryptoLib + // Crypto_Init_TC_Unit_Test(); + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_NO_PUS_HDR, + TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, + TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_NO_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_NO_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Init(); + SaInterface sa_if = get_sa_interface_inmemory(); + crypto_key_t* ekp = NULL; + + // RFC supplied vectors + // NOTE: Added Transfer Frame header to the plaintext + char* buffer_rfc_pt_h = "2003001000010000000000000000000000"; + char* buffer_rfc_aad_h = ""; + char* buffer_rfc_key_h = "0100000000000000000000000000000000000000000000000000000000000000"; + char* buffer_rfc_nonce_h = "030000000000000000000000"; + char *buffer_rfc_ct_h = "08fbd140589f067e2772b4a1480eefe49f5ec5c2e65c135e1ad51c58"; + uint8_t* buffer_rfc_pt_b, *buffer_rfc_aad_b, *buffer_rfc_key_b, *buffer_rfc_nonce_b, *buffer_rfc_ct_b = NULL; + int buffer_rfc_pt_len, buffer_rfc_aad_len, buffer_rfc_key_len, buffer_rfc_nonce_len, buffer_rfc_ct_len = 0; + + // Expose/setup SAs for testing + SecurityAssociation_t* test_association = NULL; + test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); + // Deactivate SA 1 + sa_if->sa_get_from_spi(1, &test_association); + test_association->sa_state = SA_NONE; + // Activate SA 9 + sa_if->sa_get_from_spi(9, &test_association); + test_association->arsn_len = 0; + test_association->sa_state = SA_OPERATIONAL; + test_association->ast = 1; + test_association->est = 1; + test_association->ecs_len = 1; + test_association->ecs = CRYPTO_CIPHER_AES256_GCM_SIV; + test_association->acs_len = 1; + test_association->acs = CRYPTO_MAC_CMAC_AES256; + test_association->stmacf_len = 16; + + // Insert key into keyring of SA 9 + hex_conversion(buffer_rfc_key_h, (char**) &buffer_rfc_key_b, &buffer_rfc_key_len); + ekp = key_if->get_key(test_association->ekid); + memcpy(ekp->value, buffer_rfc_key_b, buffer_rfc_key_len); + + // Convert input plaintext + // TODO: Account for length of header and FECF (5+2) + hex_conversion(buffer_rfc_pt_h, (char**) &buffer_rfc_pt_b, &buffer_rfc_pt_len); + // Convert/Set input AAD + hex_conversion(buffer_rfc_aad_h, (char**) &buffer_rfc_aad_b, &buffer_rfc_aad_len); + memcpy(test_association->abm, buffer_rfc_aad_b + 5, buffer_rfc_aad_len); + hex_conversion(buffer_rfc_nonce_h, (char**) &buffer_rfc_nonce_b, &buffer_rfc_nonce_len); + memcpy(test_association->iv, buffer_rfc_nonce_b, buffer_rfc_nonce_len); + // Convert input ciphertext + hex_conversion(buffer_rfc_ct_h, (char**) &buffer_rfc_ct_b, &buffer_rfc_ct_len); + + Crypto_TC_ApplySecurity(buffer_rfc_pt_b, buffer_rfc_pt_len, &ptr_enc_frame, &enc_frame_len); + // Note: For comparison, interested in the TF payload (exclude headers and FECF if present) + // Calc payload index: total length - pt length + uint16_t enc_data_idx = enc_frame_len - buffer_rfc_ct_len; + Crypto_Shutdown(); + for (int i = 0; i < buffer_rfc_pt_len - 7; i++) + { + printf("[%d]: %02x -> %02x \n", i, *(ptr_enc_frame + enc_data_idx), buffer_rfc_ct_b[i]); + ASSERT_EQ(*(ptr_enc_frame + enc_data_idx), buffer_rfc_ct_b[i]); + enc_data_idx++; + } + //ASSERT_EQ(1,0); + free(ptr_enc_frame); + free(buffer_rfc_pt_b); + free(buffer_rfc_aad_b); + free(buffer_rfc_nonce_b); + free(buffer_rfc_ct_b); + free(buffer_rfc_key_b); +} + +/** + * @brief Validation Test: AEAD_AES_256_GCM_SIV Test Vectors + * Reference: + * https://datatracker.ietf.org/doc/rfc8452/?include_text=1 C.2. + * Recreated test vectors with https://github.com/line/aes-gcm-siv/tree/master, then input CryptoLib test vectors to generate truth data. + **/ +UTEST(AES_GCM_SIV, AES_GCM_SIV_256_KEY_32_PT_20_WITH_AAD_ENC_TEST_1) +{ + remove("sa_save_file.bin"); + uint8_t* ptr_enc_frame = NULL; + uint16_t enc_frame_len = 0; + // Setup & Initialize CryptoLib + // Crypto_Init_TC_Unit_Test(); + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_FALSE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, + TC_CHECK_FECF_FALSE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_NO_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_NO_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Init(); + SaInterface sa_if = get_sa_interface_inmemory(); + crypto_key_t* ekp = NULL; + + // RFC8452 supplied vectors + // NOTE: Added Transfer Frame header to the plaintext + char* buffer_rfc_pt_h = "20030018000300000000000000000000000000000004000000"; + char* buffer_rfc_aad_h = "010000000000000000000000000000000200"; + char* buffer_rfc_key_h = "0100000000000000000000000000000000000000000000000000000000000000"; + char* buffer_rfc_nonce_h = "030000000000000000000000"; + char* buffer_rfc_ct_h = "e6e883db43a9ef98fa6271cb7d4834139acf479e3b910775e769286f3f59d2e588f69b06"; + // 030000000000000000000000 + uint8_t* buffer_rfc_pt_b, *buffer_rfc_aad_b, *buffer_rfc_key_b, *buffer_rfc_nonce_b, *buffer_rfc_ct_b = NULL; + int buffer_rfc_pt_len, buffer_rfc_aad_len, buffer_rfc_key_len, buffer_rfc_nonce_len, buffer_rfc_ct_len = 0; + + // Expose/setup SAs for testing + SecurityAssociation_t* test_association = NULL; + test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); + // Deactivate SA 1 + sa_if->sa_get_from_spi(1, &test_association); + test_association->sa_state = SA_NONE; + // Activate SA 9 + sa_if->sa_get_from_spi(9, &test_association); + test_association->arsn_len = 0; + test_association->sa_state = SA_OPERATIONAL; + test_association->ast = 1; + test_association->est = 1; + test_association->ecs_len = 1; + test_association->ecs = CRYPTO_CIPHER_AES256_GCM_SIV; + test_association->acs_len = 1; + test_association->acs = CRYPTO_MAC_CMAC_AES256; + test_association->stmacf_len = 16; + + // Insert key into keyring of SA 9 + hex_conversion(buffer_rfc_key_h, (char**) &buffer_rfc_key_b, &buffer_rfc_key_len); + ekp = key_if->get_key(test_association->ekid); + memcpy(ekp->value, buffer_rfc_key_b, buffer_rfc_key_len); + + // Convert input plaintext + // TODO: Account for length of header and FECF (5+2) + hex_conversion(buffer_rfc_pt_h, (char**) &buffer_rfc_pt_b, &buffer_rfc_pt_len); + // Convert/Set input AAD + hex_conversion(buffer_rfc_aad_h, (char**) &buffer_rfc_aad_b, &buffer_rfc_aad_len); + //printf("Buffer_rfc_aad_b = %i", &buffer_rfc_aad_b); + memcpy(test_association->abm, buffer_rfc_aad_b, buffer_rfc_aad_len); + //test_association->abm_len = buffer_rfc_aad_len; + hex_conversion(buffer_rfc_nonce_h, (char**) &buffer_rfc_nonce_b, &buffer_rfc_nonce_len); + memcpy(test_association->iv, buffer_rfc_nonce_b, buffer_rfc_nonce_len); + // Convert input ciphertext + hex_conversion(buffer_rfc_ct_h, (char**) &buffer_rfc_ct_b, &buffer_rfc_ct_len); + + Crypto_TC_ApplySecurity(buffer_rfc_pt_b, buffer_rfc_pt_len, &ptr_enc_frame, &enc_frame_len); + // Note: For comparison, interested in the TF payload (exclude headers and FECF if present) + // Calc payload index: total length - pt length + uint16_t enc_data_idx = enc_frame_len - buffer_rfc_ct_len; + Crypto_Shutdown(); + for (int i = 0; i < buffer_rfc_pt_len - 7; i++) + { + printf("[%d]: %02x -> %02x \n", i, *(ptr_enc_frame + enc_data_idx), buffer_rfc_ct_b[i]); + ASSERT_EQ(*(ptr_enc_frame + enc_data_idx), buffer_rfc_ct_b[i]); + enc_data_idx++; + } + free(ptr_enc_frame); + free(buffer_rfc_pt_b); + free(buffer_rfc_aad_b); + free(buffer_rfc_nonce_b); + free(buffer_rfc_ct_b); + free(buffer_rfc_key_b); } UTEST_MAIN(); \ No newline at end of file From 178a30a8bfce28fc0a8b9ea0a3f8ab3365448df8 Mon Sep 17 00:00:00 2001 From: Donnie-Ice Date: Fri, 26 Jul 2024 14:56:43 +0000 Subject: [PATCH 084/174] [nasa/cryptolib#197] GCM-SIV Decryption unit tests in progress --- test/unit/ut_aes_gcm_siv.c | 92 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 92 insertions(+) diff --git a/test/unit/ut_aes_gcm_siv.c b/test/unit/ut_aes_gcm_siv.c index e2c4282e..7bc57fa9 100644 --- a/test/unit/ut_aes_gcm_siv.c +++ b/test/unit/ut_aes_gcm_siv.c @@ -152,6 +152,98 @@ UTEST(AES_GCM_SIV, AES_GCM_SIV_256_KEY_32_PT_8_ENC_TEST_1) free(buffer_rfc_key_b); } +/** + * @brief Validation Test: AEAD_AES_256_GCM_SIV Test Vectors + * Reference: + * https://datatracker.ietf.org/doc/rfc8452/?include_text=1 C.2. Second Example + * Recreated test vectors with https://github.com/line/aes-gcm-siv/tree/master, then input CryptoLib test vectors to generate truth data. + **/ +UTEST(AES_GCM_SIV, AES_GCM_SIV_256_KEY_32_PT_8_DEC_TEST_1) +{ + remove("sa_save_file.bin"); + uint8_t* ptr_enc_frame = NULL; + + // Setup & Initialize CryptoLib + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, + TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_NO_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_NO_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Init(); + SaInterface sa_if = get_sa_interface_inmemory(); + crypto_key_t* ekp = NULL; + + // NIST supplied vectors + // NOTE: Added Transfer Frame header to the plaintext + char* buffer_nist_key_h = "0100000000000000000000000000000000000000000000000000000000000000"; + char* buffer_nist_pt_h = "2003000c000100000000000000"; + char* buffer_nist_aad_h = ""; + char* buffer_nist_nonce_h = "030000000000000000000000"; + char* buffer_nist_et_h = "2003002a0000090300000000000000000000004fa7a4cb7d3434f8a2855b40016daccb62a454551878fc26"; + uint8_t* buffer_nist_pt_b, *buffer_nist_nonce_b, *buffer_nist_et_b, *buffer_nist_key_b, *buffer_nist_aad_b = NULL; + int buffer_nist_pt_len, buffer_nist_nonce_len, buffer_nist_et_len, buffer_nist_key_len, buffer_nist_aad_len = 0; + + // Setup Processed Frame For Decryption + TC_t* tc_nist_processed_frame; + tc_nist_processed_frame = malloc(sizeof(uint8_t) * TC_SIZE); + + // Expose/setup SAs for testing + SecurityAssociation_t* test_association = NULL; + test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); + // Deactivate SA 1 + sa_if->sa_get_from_spi(1, &test_association); + test_association->sa_state = SA_NONE; + // Activate SA 9 + sa_if->sa_get_from_spi(9, &test_association); + test_association->arsn_len = 0; + test_association->sa_state = SA_OPERATIONAL; + test_association->ast = 1; + test_association->est = 1; + test_association->ecs_len = 1; + test_association->ecs = CRYPTO_CIPHER_AES256_GCM_SIV; + //test_association->acs_len = 1; + //test_association->acs = CRYPTO_MAC_CMAC_AES256; + test_association->stmacf_len = 16; + // Insert key into keyring of SA 9 + hex_conversion(buffer_nist_key_h, (char**) &buffer_nist_key_b, &buffer_nist_key_len); + ekp = key_if->get_key(test_association->ekid); + memcpy(ekp->value, buffer_nist_key_b, buffer_nist_key_len); + + // Convert input plaintext + // TODO: Account for length of header and FECF (5+2) + hex_conversion(buffer_nist_pt_h, (char**) &buffer_nist_pt_b, &buffer_nist_pt_len); + // Convert/Set input nonce + hex_conversion(buffer_nist_nonce_h, (char**) &buffer_nist_nonce_b, &buffer_nist_nonce_len); + memcpy(test_association->iv, buffer_nist_nonce_b, buffer_nist_nonce_len); + printf("NIST nonce LEN: %d\n", buffer_nist_nonce_len); + hex_conversion(buffer_nist_aad_h, (char**) &buffer_nist_aad_b, &buffer_nist_aad_len); + //memcpy(test_association->abm, buffer_nist_aad_b, buffer_nist_aad_len); + // Convert input encryptedtext + hex_conversion(buffer_nist_et_h, (char**) &buffer_nist_et_b, &buffer_nist_et_len); + + Crypto_TC_ProcessSecurity(buffer_nist_et_b, &buffer_nist_et_len, tc_nist_processed_frame); + + for (int i = 0; i < tc_nist_processed_frame->tc_pdu_len; i++) + { + if (buffer_nist_pt_b[i + 5] != tc_nist_processed_frame->tc_pdu[i]) + { + printf("[%d]: %02x -> %02x \n", i, buffer_nist_pt_b[i + 5], tc_nist_processed_frame->tc_pdu[i]); + } + //ASSERT_EQ(buffer_nist_pt_b[i + 5], tc_nist_processed_frame->tc_pdu[i]); + } + ASSERT_EQ(0,1); + Crypto_Shutdown(); + free(ptr_enc_frame); + free(buffer_nist_pt_b); + free(buffer_nist_nonce_b); + free(buffer_nist_aad_b); + free(buffer_nist_et_b); + free(buffer_nist_key_b); + // free(test_association->ecs); + // sa_if->sa_close(); +} + /** * @brief Validation Test: AEAD_AES_256_GCM_SIV Test Vectors * Reference: From 50617cb508f689a51574be74d9f879f22b3f9298 Mon Sep 17 00:00:00 2001 From: Donnie-Ice Date: Fri, 26 Jul 2024 16:09:17 +0000 Subject: [PATCH 085/174] [nasa/cryptolib#197] Added GCM-SIV Decryption Unit tests --- test/unit/ut_aes_gcm_siv.c | 97 +++++++++++++++++++++++++++++++++++++- 1 file changed, 95 insertions(+), 2 deletions(-) diff --git a/test/unit/ut_aes_gcm_siv.c b/test/unit/ut_aes_gcm_siv.c index 7bc57fa9..ad8dc6f4 100644 --- a/test/unit/ut_aes_gcm_siv.c +++ b/test/unit/ut_aes_gcm_siv.c @@ -226,13 +226,13 @@ UTEST(AES_GCM_SIV, AES_GCM_SIV_256_KEY_32_PT_8_DEC_TEST_1) for (int i = 0; i < tc_nist_processed_frame->tc_pdu_len; i++) { + if (buffer_nist_pt_b[i + 5] != tc_nist_processed_frame->tc_pdu[i]) { printf("[%d]: %02x -> %02x \n", i, buffer_nist_pt_b[i + 5], tc_nist_processed_frame->tc_pdu[i]); } - //ASSERT_EQ(buffer_nist_pt_b[i + 5], tc_nist_processed_frame->tc_pdu[i]); + ASSERT_EQ(buffer_nist_pt_b[i + 5], tc_nist_processed_frame->tc_pdu[i]); } - ASSERT_EQ(0,1); Crypto_Shutdown(); free(ptr_enc_frame); free(buffer_nist_pt_b); @@ -420,4 +420,97 @@ UTEST(AES_GCM_SIV, AES_GCM_SIV_256_KEY_32_PT_20_WITH_AAD_ENC_TEST_1) free(buffer_rfc_key_b); } +/** + * @brief Validation Test: AEAD_AES_256_GCM_SIV Test Vectors + * Reference: + * https://datatracker.ietf.org/doc/rfc8452/?include_text=1 C.2. Second Example + * Recreated test vectors with https://github.com/line/aes-gcm-siv/tree/master, then input CryptoLib test vectors to generate truth data. + **/ +UTEST(AES_GCM_SIV, AES_GCM_SIV_256_KEY_32_PT_20_WITH_AAD_DEC_TEST_1) +{ + remove("sa_save_file.bin"); + uint8_t* ptr_enc_frame = NULL; + + // Setup & Initialize CryptoLib + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, + TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_NO_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_NO_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Init(); + SaInterface sa_if = get_sa_interface_inmemory(); + crypto_key_t* ekp = NULL; + + // NIST supplied vectors + // NOTE: Added Transfer Frame header to the plaintext + char* buffer_nist_pt_h = "20030018000300000000000000000000000000000004000000"; + char* buffer_nist_aad_h = "010000000000000000000000000000000200"; + char* buffer_nist_key_h = "0100000000000000000000000000000000000000000000000000000000000000"; + char* buffer_nist_nonce_h = "030000000000000000000000"; + char* buffer_nist_et_h = "20030036000009030000000000000000000000e6e883db43a9ef98fa6271cb7d4834139acf479e3b910775e769286f3f59d2e588f69b06"; + uint8_t* buffer_nist_pt_b, *buffer_nist_nonce_b, *buffer_nist_et_b, *buffer_nist_key_b, *buffer_nist_aad_b = NULL; + int buffer_nist_pt_len, buffer_nist_nonce_len, buffer_nist_et_len, buffer_nist_key_len, buffer_nist_aad_len = 0; + + // Setup Processed Frame For Decryption + TC_t* tc_nist_processed_frame; + tc_nist_processed_frame = malloc(sizeof(uint8_t) * TC_SIZE); + + // Expose/setup SAs for testing + SecurityAssociation_t* test_association = NULL; + test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); + // Deactivate SA 1 + sa_if->sa_get_from_spi(1, &test_association); + test_association->sa_state = SA_NONE; + // Activate SA 9 + sa_if->sa_get_from_spi(9, &test_association); + test_association->arsn_len = 0; + test_association->sa_state = SA_OPERATIONAL; + test_association->ast = 1; + test_association->est = 1; + test_association->ecs_len = 1; + test_association->ecs = CRYPTO_CIPHER_AES256_GCM_SIV; + //test_association->acs_len = 1; + //test_association->acs = CRYPTO_MAC_CMAC_AES256; + test_association->stmacf_len = 16; + // Insert key into keyring of SA 9 + hex_conversion(buffer_nist_key_h, (char**) &buffer_nist_key_b, &buffer_nist_key_len); + ekp = key_if->get_key(test_association->ekid); + memcpy(ekp->value, buffer_nist_key_b, buffer_nist_key_len); + + // Convert input plaintext + // TODO: Account for length of header and FECF (5+2) + hex_conversion(buffer_nist_pt_h, (char**) &buffer_nist_pt_b, &buffer_nist_pt_len); + // Convert/Set input nonce + hex_conversion(buffer_nist_nonce_h, (char**) &buffer_nist_nonce_b, &buffer_nist_nonce_len); + memcpy(test_association->iv, buffer_nist_nonce_b, buffer_nist_nonce_len); + printf("NIST nonce LEN: %d\n", buffer_nist_nonce_len); + hex_conversion(buffer_nist_aad_h, (char**) &buffer_nist_aad_b, &buffer_nist_aad_len); + //memcpy(test_association->abm, buffer_nist_aad_b, buffer_nist_aad_len); + // Convert input encryptedtext + hex_conversion(buffer_nist_et_h, (char**) &buffer_nist_et_b, &buffer_nist_et_len); + + Crypto_TC_ProcessSecurity(buffer_nist_et_b, &buffer_nist_et_len, tc_nist_processed_frame); + + for (int i = 0; i < tc_nist_processed_frame->tc_pdu_len; i++) + { + + if (buffer_nist_pt_b[i + 5] != tc_nist_processed_frame->tc_pdu[i]) + { + printf("[%d]: %02x -> %02x \n", i, buffer_nist_pt_b[i + 5], tc_nist_processed_frame->tc_pdu[i]); + } + ASSERT_EQ(buffer_nist_pt_b[i + 5], tc_nist_processed_frame->tc_pdu[i]); + } + + Crypto_Shutdown(); + free(ptr_enc_frame); + free(buffer_nist_pt_b); + free(buffer_nist_nonce_b); + free(buffer_nist_aad_b); + free(buffer_nist_et_b); + free(buffer_nist_key_b); + // free(test_association->ecs); + // sa_if->sa_close(); +} + UTEST_MAIN(); \ No newline at end of file From 32de194db78d6e37ae81e1265b4c2c9994b57a46 Mon Sep 17 00:00:00 2001 From: Donnie-Ice Date: Fri, 26 Jul 2024 16:11:03 +0000 Subject: [PATCH 086/174] [nasa/cryptolib#197] Added SIV and GCM-SIV Decryption Support through libgcrypt --- .../cryptography_interface_libgcrypt.template.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/src/crypto/libgcrypt/cryptography_interface_libgcrypt.template.c b/src/crypto/libgcrypt/cryptography_interface_libgcrypt.template.c index e25d224b..e6655096 100644 --- a/src/crypto/libgcrypt/cryptography_interface_libgcrypt.template.c +++ b/src/crypto/libgcrypt/cryptography_interface_libgcrypt.template.c @@ -837,6 +837,7 @@ static int32_t cryptography_aead_decrypt(uint8_t* data_out, size_t len_data_out, // Select correct libgcrypt ecs enum int32_t algo = -1; + int32_t mode = -1; if (ecs != NULL) { algo = cryptography_get_ecs_algo(*ecs); @@ -844,6 +845,11 @@ static int32_t cryptography_aead_decrypt(uint8_t* data_out, size_t len_data_out, { return CRYPTO_LIB_ERR_UNSUPPORTED_ECS; } + mode = cryptography_get_ecs_mode(*ecs); + if (mode == CRYPTO_LIB_ERR_UNSUPPORTED_ECS) + { + return CRYPTO_LIB_ERR_UNSUPPORTED_ECS; + } } else { @@ -858,7 +864,7 @@ static int32_t cryptography_aead_decrypt(uint8_t* data_out, size_t len_data_out, return status; } - gcry_error = gcry_cipher_open(&(tmp_hd), GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_GCM, GCRY_CIPHER_NONE); + gcry_error = gcry_cipher_open(&(tmp_hd), GCRY_CIPHER_AES256, mode, GCRY_CIPHER_NONE); if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR) { printf(KRED "ERROR: gcry_cipher_open error code %d\n" RESET, gcry_error & GPG_ERR_CODE_MASK); @@ -903,6 +909,10 @@ static int32_t cryptography_aead_decrypt(uint8_t* data_out, size_t len_data_out, if (decrypt_bool == CRYPTO_TRUE) { + if (mode == GCRY_CIPHER_MODE_GCM_SIV || mode == GCRY_CIPHER_MODE_SIV) + { + gcry_cipher_set_decryption_tag(tmp_hd, mac, mac_size); + } gcry_error = gcry_cipher_decrypt(tmp_hd, data_out, // plaintext output len_data_out, // length of data @@ -912,6 +922,7 @@ static int32_t cryptography_aead_decrypt(uint8_t* data_out, size_t len_data_out, if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR) { printf(KRED "ERROR: gcry_cipher_decrypt error code %d\n" RESET, gcry_error & GPG_ERR_CODE_MASK); + printf(KRED "Failure: %s/%s\n", gcry_strsource(gcry_error), gcry_strerror(gcry_error)); gcry_cipher_close(tmp_hd); status = CRYPTO_LIB_ERR_DECRYPT_ERROR; return status; @@ -927,6 +938,7 @@ static int32_t cryptography_aead_decrypt(uint8_t* data_out, size_t len_data_out, if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR) { printf(KRED "ERROR: gcry_cipher_decrypt error code %d\n" RESET, gcry_error & GPG_ERR_CODE_MASK); + printf(KRED "Failure: %s/%s\n", gcry_strsource(gcry_error), gcry_strerror(gcry_error)); gcry_cipher_close(tmp_hd); status = CRYPTO_LIB_ERR_DECRYPT_ERROR; return status; @@ -969,7 +981,7 @@ static int32_t cryptography_aead_decrypt(uint8_t* data_out, size_t len_data_out, if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR) { printf(KRED "ERROR: gcry_cipher_checktag error code %d\n" RESET, gcry_error & GPG_ERR_CODE_MASK); - fprintf(stderr, "gcry_cipher_decrypt failed: %s\n", gpg_strerror(gcry_error)); + printf(KRED "Failure: %s/%s\n", gcry_strsource(gcry_error), gcry_strerror(gcry_error)); gcry_cipher_close(tmp_hd); status = CRYPTO_LIB_ERR_MAC_VALIDATION_ERROR; return status; From e5019ff149a42affb2e0db9c2ad65faa1f55285d Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Mon, 29 Jul 2024 13:28:35 +0000 Subject: [PATCH 087/174] [nasa/Cryptolib#256] Updates to GVCID_Managed_Paramaters. Conversion from malloc and recurison to array insertion. Updated unit tests --- include/crypto.h | 26 +- include/crypto_config_structs.h | 2 +- include/crypto_error.h | 1 + src/core/crypto.c | 97 ++++--- src/core/crypto_aos.c | 84 +++--- src/core/crypto_config.c | 225 +++++++++------ src/core/crypto_error.c | 1 + src/core/crypto_print.c | 9 +- src/core/crypto_tc.c | 49 +--- src/core/crypto_tm.c | 64 ++--- .../internal/sa_interface_inmemory.template.c | 4 +- support/standalone/standalone.c | 2 +- test/core/crypto_sequence.c | 2 + test/unit/et_dt_validation.c | 260 ++++++++++++++---- test/unit/ut_aos_apply.c | 65 +++-- test/unit/ut_aos_process.c | 87 +++--- test/unit/ut_crypto.c | 19 +- test/unit/ut_crypto_config.c | 18 +- test/unit/ut_mysql_m_tls_connection.c | 9 +- test/unit/ut_mysql_tls_connection.c | 9 +- test/unit/ut_sadb_err_cases_kmc_crypto.c | 23 +- test/unit/ut_tc_apply.c | 178 +++++++----- test/unit/ut_tc_process.c | 102 +++++-- test/unit/ut_tm_apply.c | 83 +++--- test/unit/ut_tm_process.c | 103 ++++--- 25 files changed, 988 insertions(+), 534 deletions(-) diff --git a/include/crypto.h b/include/crypto.h index 59a44fba..3fabd15a 100644 --- a/include/crypto.h +++ b/include/crypto.h @@ -42,6 +42,7 @@ #include "key_interface.h" #include "mc_interface.h" #include "sa_interface.h" +#include "crypto.h" /* ** Crypto Version @@ -82,10 +83,10 @@ extern int32_t Crypto_Config_Kmc_Crypto_Service(char* protocol, char* kmc_crypto char* mtls_client_cert_type, char* mtls_client_key_path, char* mtls_client_key_pass, char* mtls_issuer_cert); extern int32_t Crypto_Config_Cam(uint8_t cam_enabled, char* cookie_file_path, char* keytab_file_path, uint8_t login_method, char* access_manager_uri, char* username, char* cam_home); -extern int32_t Crypto_Config_Add_Gvcid_Managed_Parameter(uint8_t tfvn, uint16_t scid, uint8_t vcid, uint8_t has_fecf, - uint8_t has_segmentation_hdr, uint8_t has_ocf, uint16_t max_frame_size, uint8_t aos_has_fhec, - uint8_t aos_has_iz, uint16_t aos_iz_len); - +// extern int32_t Crypto_Config_Add_Gvcid_Managed_Parameter(uint8_t tfvn, uint16_t scid, uint8_t vcid, uint8_t has_fecf, +// uint8_t has_segmentation_hdr, uint8_t has_ocf, uint16_t max_frame_size, uint8_t aos_has_fhec, +// uint8_t aos_has_iz, uint16_t aos_iz_len); +extern int32_t Crypto_Config_Add_Gvcid_Managed_Parameters(GvcidManagedParameters_t mp_struct); // Initialization extern int32_t Crypto_Init(void); // Initialize CryptoLib After Configuration Calls extern int32_t Crypto_Init_With_Configs( @@ -253,13 +254,13 @@ int32_t Crypto_Get_Security_Trailer_Length(SecurityAssociation_t* sa_ptr); // Managed Parameter Functions int32_t Crypto_Get_Managed_Parameters_For_Gvcid(uint8_t tfvn, uint16_t scid, uint8_t vcid, GvcidManagedParameters_t* managed_parameters_in, - GvcidManagedParameters_t** managed_parameters_out); -int32_t crypto_config_add_gvcid_managed_parameter_recursion(uint8_t tfvn, uint16_t scid, uint8_t vcid, - uint8_t has_fecf, uint8_t has_segmentation_hdr, uint8_t has_ocf, - uint16_t max_frame_size, uint8_t aos_has_fhec, - uint8_t aos_has_iz, uint16_t aos_iz_len, - GvcidManagedParameters_t* managed_parameter); -void Crypto_Free_Managed_Parameters(GvcidManagedParameters_t* managed_parameters); + GvcidManagedParameters_t* managed_parameters_out); +// int32_t crypto_config_add_gvcid_managed_parameter_recursion(uint8_t tfvn, uint16_t scid, uint8_t vcid, +// uint8_t has_fecf, uint8_t has_segmentation_hdr, uint8_t has_ocf, +// uint16_t max_frame_size, uint8_t aos_has_fhec, +// uint8_t aos_has_iz, uint16_t aos_iz_len, +// GvcidManagedParameters_t* managed_parameter); +// void Crypto_Free_Managed_Parameters(GvcidManagedParameters_t* managed_parameters); // Project-wide support functions extern char* crypto_deep_copy_string(char* src_string); @@ -284,6 +285,9 @@ extern CryptographyKmcCryptoServiceConfig_t* cryptography_kmc_crypto_config; extern CamConfig_t* cam_config; extern GvcidManagedParameters_t* gvcid_managed_parameters; extern GvcidManagedParameters_t* current_managed_parameters; +extern GvcidManagedParameters_t gvcid_managed_parameters_array[250]; +extern GvcidManagedParameters_t current_managed_parameters_struct; +extern int gvcid_counter; extern KeyInterface key_if; extern McInterface mc_if; extern SaInterface sa_if; diff --git a/include/crypto_config_structs.h b/include/crypto_config_structs.h index 3ad48826..a829e68d 100644 --- a/include/crypto_config_structs.h +++ b/include/crypto_config_structs.h @@ -232,7 +232,7 @@ struct _GvcidManagedParameters_t TcSegmentHdrsPresent has_segmentation_hdr; uint16_t max_frame_size; // Maximum TC/TM Frame Length with headers OcfPresent has_ocf; - GvcidManagedParameters_t* next; // Will be a list of managed parameters! + int set_flag; // Will be a list of managed parameters! }; #define GVCID_MANAGED_PARAMETERS_SIZE (sizeof(GvcidManagedParameters_t)) diff --git a/include/crypto_error.h b/include/crypto_error.h index 2f7e213f..15c11c8d 100644 --- a/include/crypto_error.h +++ b/include/crypto_error.h @@ -123,6 +123,7 @@ #define CRYPTO_LIB_ERR_INVALID_SA_SERVICE_TYPE (-51) #define CRYPTO_LIB_ERR_FAIL_SA_SAVE (-52) #define CRYPTO_LIB_ERR_FAIL_SA_LOAD (-53) +#define CRYPTO_LIB_ERR_EXCEEDS_MANAGED_PARAMETER_MAX_LIMIT (-54) extern char *crypto_enum_errlist_core[]; extern char *crypto_enum_errlist_config[]; diff --git a/src/core/crypto.c b/src/core/crypto.c index 975aa1fc..59667bf2 100644 --- a/src/core/crypto.c +++ b/src/core/crypto.c @@ -684,61 +684,88 @@ int32_t Crypto_PDU(uint8_t* ingest, TC_t* tc_frame) return status; } -/** - * @brief Function: Crypto_Get_Managed_Parameters_For_Gvcid - * @param tfvn: uint8 - * @param scid: uint16 - * @param vcid: uint8 - * @param managed_parameters_in: GvcidManagedParameters_t* - * @param managed_parameters_out: GvcidManagedParameters_t** - * @return int32: Success/Failure - **/ + int32_t Crypto_Get_Managed_Parameters_For_Gvcid(uint8_t tfvn, uint16_t scid, uint8_t vcid, GvcidManagedParameters_t* managed_parameters_in, - GvcidManagedParameters_t** managed_parameters_out) + GvcidManagedParameters_t* managed_parameters_out) { int32_t status = MANAGED_PARAMETERS_FOR_GVCID_NOT_FOUND; - - if (managed_parameters_in != NULL) + for(int i = 0; i < gvcid_counter; i++) { - if (managed_parameters_in->tfvn == tfvn && managed_parameters_in->scid == scid && - managed_parameters_in->vcid == vcid) + if (managed_parameters_in[i].tfvn == tfvn && managed_parameters_in[i].scid == scid && + managed_parameters_in[i].vcid == vcid) { - *managed_parameters_out = managed_parameters_in; + *managed_parameters_out = managed_parameters_in[i]; status = CRYPTO_LIB_SUCCESS; - return status; - } - else - { - return Crypto_Get_Managed_Parameters_For_Gvcid(tfvn, scid, vcid, managed_parameters_in->next, - managed_parameters_out); + break; } } - else + + if(status != CRYPTO_LIB_SUCCESS) { printf(KRED "Error: Managed Parameters for GVCID(TFVN: %d, SCID: %d, VCID: %d) not found. \n" RESET, tfvn, scid, vcid); - return status; } + + return status; } + +/** + * @brief Function: Crypto_Get_Managed_Parameters_For_Gvcid + * @param tfvn: uint8 + * @param scid: uint16 + * @param vcid: uint8 + * @param managed_parameters_in: GvcidManagedParameters_t* + * @param managed_parameters_out: GvcidManagedParameters_t** + * @return int32: Success/Failure + **/ +// int32_t Crypto_Get_Managed_Parameters_For_Gvcid(uint8_t tfvn, uint16_t scid, uint8_t vcid, +// GvcidManagedParameters_t* managed_parameters_in, +// GvcidManagedParameters_t** managed_parameters_out) +// { +// int32_t status = MANAGED_PARAMETERS_FOR_GVCID_NOT_FOUND; + +// if (managed_parameters_in != NULL) +// { +// if (managed_parameters_in->tfvn == tfvn && managed_parameters_in->scid == scid && +// managed_parameters_in->vcid == vcid) +// { +// *managed_parameters_out = managed_parameters_in; +// status = CRYPTO_LIB_SUCCESS; +// return status; +// } +// else +// { +// return Crypto_Get_Managed_Parameters_For_Gvcid(tfvn, scid, vcid, managed_parameters_in->next, +// managed_parameters_out); +// } +// } +// else +// { +// printf(KRED "Error: Managed Parameters for GVCID(TFVN: %d, SCID: %d, VCID: %d) not found. \n" RESET, tfvn, scid, +// vcid); +// return status; +// } +// } + /** * @brief Function: Crypto_Free_Managed_Parameters * Managed parameters are expected to live the duration of the program, this may not be necessary. * @param managed_parameters: GvcidManagedParameters_t* **/ -void Crypto_Free_Managed_Parameters(GvcidManagedParameters_t* managed_parameters) -{ - if (managed_parameters == NULL) - { - return; // Nothing to free, just return! - } - if (managed_parameters->next != NULL) - { - Crypto_Free_Managed_Parameters(managed_parameters->next); - } - free(managed_parameters); -} +// void Crypto_Free_Managed_Parameters(GvcidManagedParameters_t* managed_parameters) +// { +// if (managed_parameters == NULL) +// { +// return; // Nothing to free, just return! +// } +// if (managed_parameters->next != NULL) +// { +// Crypto_Free_Managed_Parameters(managed_parameters->next); +// } +// free(managed_parameters); +// } /** * @brief Function: Crypto_Process_Extended_Procedure_Pdu diff --git a/src/core/crypto_aos.c b/src/core/crypto_aos.c index 91360cb3..ff471ad6 100644 --- a/src/core/crypto_aos.c +++ b/src/core/crypto_aos.c @@ -105,7 +105,7 @@ int32_t Crypto_AOS_ApplySecurity(uint8_t* pTfBuffer) return status; } - status = Crypto_Get_Managed_Parameters_For_Gvcid(tfvn, scid, vcid, gvcid_managed_parameters, ¤t_managed_parameters); + status = Crypto_Get_Managed_Parameters_For_Gvcid(tfvn, scid, vcid, gvcid_managed_parameters_array, ¤t_managed_parameters_struct); // No managed parameters found if (status != CRYPTO_LIB_SUCCESS) @@ -119,7 +119,7 @@ int32_t Crypto_AOS_ApplySecurity(uint8_t* pTfBuffer) #ifdef AOS_DEBUG printf(KYEL "AOS BEFORE Apply Sec:\n\t" RESET); - for (int16_t i =0; i < current_managed_parameters->max_frame_size; i++) + for (int16_t i =0; i < current_managed_parameters_struct.max_frame_size; i++) { printf("%02X", pTfBuffer[i]); } @@ -186,15 +186,15 @@ int32_t Crypto_AOS_ApplySecurity(uint8_t* pTfBuffer) idx = 6; // Detect if optional 2 byte FHEC is present - if(current_managed_parameters->aos_has_fhec == AOS_HAS_FHEC) + if(current_managed_parameters_struct.aos_has_fhec == AOS_HAS_FHEC) { idx += 2; } // Detect if optional variable length Insert Zone is present - if(current_managed_parameters->aos_has_iz == AOS_HAS_IZ) + if(current_managed_parameters_struct.aos_has_iz == AOS_HAS_IZ) { - idx += current_managed_parameters->aos_iz_len; + idx += current_managed_parameters_struct.aos_iz_len; } // Idx is now at SPI location @@ -328,13 +328,13 @@ int32_t Crypto_AOS_ApplySecurity(uint8_t* pTfBuffer) **/ data_loc = idx; // Calculate size of data to be encrypted - pdu_len = current_managed_parameters->max_frame_size - idx - sa_ptr->stmacf_len; + pdu_len = current_managed_parameters_struct.max_frame_size - idx - sa_ptr->stmacf_len; // Check other managed parameter flags, subtract their lengths from data field if present - if(current_managed_parameters->has_ocf == AOS_HAS_OCF) + if(current_managed_parameters_struct.has_ocf == AOS_HAS_OCF) { pdu_len -= 4; } - if(current_managed_parameters->has_fecf == AOS_HAS_FECF) + if(current_managed_parameters_struct.has_fecf == AOS_HAS_FECF) { pdu_len -= 2; } @@ -343,15 +343,15 @@ int32_t Crypto_AOS_ApplySecurity(uint8_t* pTfBuffer) printf(KYEL "Data location starts at: %d\n" RESET, idx); printf(KYEL "Data size is: %d\n" RESET, pdu_len); printf(KYEL "Index at end of SPI is: %d\n", idx); - if(current_managed_parameters->has_ocf == AOS_HAS_OCF) + if(current_managed_parameters_struct.has_ocf == AOS_HAS_OCF) { // If OCF exists, comes immediately after MAC printf(KYEL "OCF Location is: %d" RESET, idx + pdu_len + sa_ptr->stmacf_len); } - if(current_managed_parameters->has_fecf == AOS_HAS_FECF) + if(current_managed_parameters_struct.has_fecf == AOS_HAS_FECF) { // If FECF exists, comes just before end of the frame - printf(KYEL "FECF Location is: %d\n" RESET, current_managed_parameters->max_frame_size - 2); + printf(KYEL "FECF Location is: %d\n" RESET, current_managed_parameters_struct.max_frame_size - 2); } #endif @@ -590,28 +590,28 @@ int32_t Crypto_AOS_ApplySecurity(uint8_t* pTfBuffer) **/ // Only calculate & insert FECF if CryptoLib is configured to do so & gvcid includes FECF. - if (current_managed_parameters->has_fecf == AOS_HAS_FECF) + if (current_managed_parameters_struct.has_fecf == AOS_HAS_FECF) { #ifdef FECF_DEBUG - printf(KCYN "Calcing FECF over %d bytes\n" RESET, current_managed_parameters->max_frame_size - 2); + printf(KCYN "Calcing FECF over %d bytes\n" RESET, current_managed_parameters_struct.max_frame_size - 2); #endif if (crypto_config.crypto_create_fecf == CRYPTO_AOS_CREATE_FECF_TRUE) { - new_fecf = Crypto_Calc_FECF((uint8_t*)pTfBuffer, current_managed_parameters->max_frame_size - 2); - pTfBuffer[current_managed_parameters->max_frame_size - 2] = (uint8_t)((new_fecf & 0xFF00) >> 8); - pTfBuffer[current_managed_parameters->max_frame_size - 1] = (uint8_t)(new_fecf & 0x00FF); + new_fecf = Crypto_Calc_FECF((uint8_t*)pTfBuffer, current_managed_parameters_struct.max_frame_size - 2); + pTfBuffer[current_managed_parameters_struct.max_frame_size - 2] = (uint8_t)((new_fecf & 0xFF00) >> 8); + pTfBuffer[current_managed_parameters_struct.max_frame_size - 1] = (uint8_t)(new_fecf & 0x00FF); } else // CRYPTO_TC_CREATE_FECF_FALSE { - pTfBuffer[current_managed_parameters->max_frame_size - 2] = (uint8_t)0x00; - pTfBuffer[current_managed_parameters->max_frame_size - 1] = (uint8_t)0x00; + pTfBuffer[current_managed_parameters_struct.max_frame_size - 2] = (uint8_t)0x00; + pTfBuffer[current_managed_parameters_struct.max_frame_size - 1] = (uint8_t)0x00; } idx += 2; } #ifdef AOS_DEBUG printf(KYEL "Printing new AOS frame:\n\t"); - for(int i = 0; i < current_managed_parameters->max_frame_size; i++) + for(int i = 0; i < current_managed_parameters_struct.max_frame_size; i++) { printf("%02X", pTfBuffer[i]); } @@ -623,7 +623,6 @@ int32_t Crypto_AOS_ApplySecurity(uint8_t* pTfBuffer) #ifdef DEBUG printf(KYEL "----- Crypto_AOS_ApplySecurity END -----\n" RESET); #endif - mc_if->mc_log(status); return status; } @@ -941,7 +940,7 @@ int32_t Crypto_AOS_ProcessSecurity(uint8_t* p_ingest, uint16_t len_ingest, uint8 // Lookup-retrieve managed parameters for frame via gvcid: status = Crypto_Get_Managed_Parameters_For_Gvcid( aos_frame_pri_hdr.tfvn, aos_frame_pri_hdr.scid, aos_frame_pri_hdr.vcid, - gvcid_managed_parameters, ¤t_managed_parameters); + gvcid_managed_parameters_array, ¤t_managed_parameters_struct); if (status != CRYPTO_LIB_SUCCESS) { @@ -954,15 +953,15 @@ int32_t Crypto_AOS_ProcessSecurity(uint8_t* p_ingest, uint16_t len_ingest, uint8 // Increment to end of Primary Header start, depends on FHECF presence byte_idx = 6; - if (current_managed_parameters->aos_has_fhec == AOS_HAS_FHEC) + if (current_managed_parameters_struct.aos_has_fhec == AOS_HAS_FHEC) { byte_idx = 8; } // Determine if Insert Zone exists, increment past it if so - if (current_managed_parameters->aos_has_iz) + if (current_managed_parameters_struct.aos_has_iz) { - byte_idx += current_managed_parameters->aos_iz_len; + byte_idx += current_managed_parameters_struct.aos_iz_len; } /** @@ -1057,10 +1056,10 @@ int32_t Crypto_AOS_ProcessSecurity(uint8_t* p_ingest, uint16_t len_ingest, uint8 #endif // Parse & Check FECF, if present, and update fecf length - if (current_managed_parameters->has_fecf == AOS_HAS_FECF) + if (current_managed_parameters_struct.has_fecf == AOS_HAS_FECF) { - uint16_t received_fecf = (((p_ingest[current_managed_parameters->max_frame_size - 2] << 8) & 0xFF00) | - (p_ingest[current_managed_parameters->max_frame_size - 1] & 0x00FF)); + uint16_t received_fecf = (((p_ingest[current_managed_parameters_struct.max_frame_size - 2] << 8) & 0xFF00) | + (p_ingest[current_managed_parameters_struct.max_frame_size - 1] & 0x00FF)); if (crypto_config.crypto_check_fecf == AOS_CHECK_FECF_TRUE) { @@ -1090,12 +1089,12 @@ int32_t Crypto_AOS_ProcessSecurity(uint8_t* p_ingest, uint16_t len_ingest, uint8 } } // Needs to be AOS_HAS_FECF (checked above, or AOS_NO_FECF) - else if (current_managed_parameters->has_fecf != AOS_NO_FECF) + else if (current_managed_parameters_struct.has_fecf != AOS_NO_FECF) { #ifdef AOS_DEBUG printf(KRED "AOS_Process Error...tfvn: %d scid: 0x%04X vcid: 0x%02X fecf_enum: %d\n" RESET, - current_managed_parameters->tfvn, current_managed_parameters->scid, - current_managed_parameters->vcid, current_managed_parameters->has_fecf); + current_managed_parameters_struct.tfvn, current_managed_parameters_struct.scid, + current_managed_parameters_struct.vcid, current_managed_parameters_struct.has_fecf); #endif status = CRYPTO_LIB_ERR_TC_ENUM_USED_FOR_AOS_CONFIG; mc_if->mc_log(status); @@ -1116,12 +1115,12 @@ int32_t Crypto_AOS_ProcessSecurity(uint8_t* p_ingest, uint16_t len_ingest, uint8 memcpy(p_new_dec_frame, &p_ingest[0], 6); // Copy over insert zone data, if it exists - if (current_managed_parameters->aos_has_iz == AOS_HAS_IZ) + if (current_managed_parameters_struct.aos_has_iz == AOS_HAS_IZ) { - memcpy(p_new_dec_frame+6, &p_ingest[6], current_managed_parameters->aos_iz_len); + memcpy(p_new_dec_frame+6, &p_ingest[6], current_managed_parameters_struct.aos_iz_len); #ifdef AOS_DEBUG printf("Copied over the following:\n\t"); - for (int i=0; i < current_managed_parameters->aos_iz_len;i++) + for (int i=0; i < current_managed_parameters_struct.aos_iz_len;i++) { printf("%02X",p_ingest[6+i]); } @@ -1154,12 +1153,12 @@ int32_t Crypto_AOS_ProcessSecurity(uint8_t* p_ingest, uint16_t len_ingest, uint8 // Calculate size of the protocol data unit // NOTE: This size itself is not the length for authentication - pdu_len = current_managed_parameters->max_frame_size - (byte_idx) - sa_ptr->stmacf_len; - if(current_managed_parameters->has_ocf == AOS_HAS_OCF) + pdu_len = current_managed_parameters_struct.max_frame_size - (byte_idx) - sa_ptr->stmacf_len; + if(current_managed_parameters_struct.has_ocf == AOS_HAS_OCF) { pdu_len -= 4; } - if(current_managed_parameters->has_fecf == AOS_HAS_FECF) + if(current_managed_parameters_struct.has_fecf == AOS_HAS_FECF) { pdu_len -= 2; } @@ -1173,15 +1172,15 @@ int32_t Crypto_AOS_ProcessSecurity(uint8_t* p_ingest, uint16_t len_ingest, uint8 #ifdef AOS_DEBUG printf(KYEL "Index / data location starts at: %d\n" RESET, byte_idx); printf(KYEL "Data size is: %d\n" RESET, pdu_len); - if(current_managed_parameters->has_ocf == AOS_HAS_OCF) + if(current_managed_parameters_struct.has_ocf == AOS_HAS_OCF) { // If OCF exists, comes immediately after MAC printf(KYEL "OCF Location is: %d" RESET, byte_idx + pdu_len + sa_ptr->stmacf_len); } - if(current_managed_parameters->has_fecf == AOS_HAS_FECF) + if(current_managed_parameters_struct.has_fecf == AOS_HAS_FECF) { // If FECF exists, comes just before end of the frame - printf(KYEL "FECF Location is: %d\n" RESET, current_managed_parameters->max_frame_size - 2); + printf(KYEL "FECF Location is: %d\n" RESET, current_managed_parameters_struct.max_frame_size - 2); } #endif @@ -1363,12 +1362,12 @@ int32_t Crypto_AOS_ProcessSecurity(uint8_t* p_ingest, uint16_t len_ingest, uint8 #ifdef AOS_DEBUG printf(KYEL "\nPrinting received frame:\n\t" RESET); - for( int i=0; imax_frame_size; i++) + for( int i=0; imax_frame_size; i++) + for( int i=0; imax_frame_size; + *p_decrypted_length = current_managed_parameters_struct.max_frame_size; #ifdef DEBUG printf(KYEL "----- Crypto_AOS_ProcessSecurity END -----\n" RESET); #endif - mc_if->mc_log(status); return status; } diff --git a/src/core/crypto_config.c b/src/core/crypto_config.c index c163cbdc..57c397fe 100644 --- a/src/core/crypto_config.c +++ b/src/core/crypto_config.c @@ -37,6 +37,11 @@ CryptoConfig_t crypto_config; CryptographyKmcCryptoServiceConfig_t* cryptography_kmc_crypto_config = NULL; CamConfig_t* cam_config = NULL; +GvcidManagedParameters_t gvcid_managed_parameters_array[250]; //Arbitrary 250 for now. +int gvcid_counter = 0; +GvcidManagedParameters_t gvcid_null_struct = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; +GvcidManagedParameters_t current_managed_parameters_struct = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; + GvcidManagedParameters_t* gvcid_managed_parameters = NULL; GvcidManagedParameters_t* current_managed_parameters = NULL; @@ -60,11 +65,18 @@ int32_t Crypto_SC_Init(void) TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // TC - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 4, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 4, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + TC_UT_Managed_Parameters.vcid = 4; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); // TM - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_HAS_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_HAS_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TM_UT_Managed_Parameters = {0, 0x0003, 1, TM_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TM_SEGMENT_HDRS_NA, 1786, TM_HAS_OCF, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TM_UT_Managed_Parameters); status = Crypto_Init(); return status; } @@ -82,9 +94,15 @@ int32_t Crypto_Init_TC_Unit_Test(void) TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // TC Tests - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 4, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 1; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 4; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 4, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); return status; } @@ -101,9 +119,20 @@ int32_t Crypto_Init_TM_Unit_Test(void) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TM_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // TM Tests - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_NO_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0042, 0, TM_NO_FECF, TM_SEGMENT_HDRS_NA, TM_HAS_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TM_UT_Managed_Parameters = {0, 0x0003, 0, TM_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TM_SEGMENT_HDRS_NA, 1786, TM_NO_OCF, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TM_UT_Managed_Parameters); + + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_NO_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + TM_UT_Managed_Parameters.scid = 0x002c; + TM_UT_Managed_Parameters.has_fecf = TM_NO_FECF; + Crypto_Config_Add_Gvcid_Managed_Parameters(TM_UT_Managed_Parameters); + + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0042, 0, TM_NO_FECF, TM_SEGMENT_HDRS_NA, TM_HAS_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + TM_UT_Managed_Parameters.scid = 0x0042; + TM_UT_Managed_Parameters.has_ocf = TM_HAS_OCF; + Crypto_Config_Add_Gvcid_Managed_Parameters(TM_UT_Managed_Parameters); + status = Crypto_Init(); return status; } @@ -120,9 +149,19 @@ int32_t Crypto_Init_AOS_Unit_Test(void) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // AOS Tests - Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_NO_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0042, 0, AOS_NO_FECF, AOS_SEGMENT_HDRS_NA, AOS_HAS_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t AOS_UT_Managed_Parameters = {1, 0x0003, 0, AOS_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, AOS_SEGMENT_HDRS_NA, 1786, AOS_NO_OCF, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(AOS_UT_Managed_Parameters); + + //Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_NO_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + AOS_UT_Managed_Parameters.scid = 0x002c; + AOS_UT_Managed_Parameters.aos_has_fhec = AOS_NO_FECF; + Crypto_Config_Add_Gvcid_Managed_Parameters(AOS_UT_Managed_Parameters); + + //Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0042, 0, AOS_NO_FECF, AOS_SEGMENT_HDRS_NA, AOS_HAS_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + AOS_UT_Managed_Parameters.scid = 0x0042; + AOS_UT_Managed_Parameters.has_ocf = AOS_HAS_OCF; + Crypto_Config_Add_Gvcid_Managed_Parameters(AOS_UT_Managed_Parameters); status = Crypto_Init(); return status; } @@ -143,7 +182,7 @@ int32_t Crypto_Init_With_Configs(CryptoConfig_t* crypto_config_p, GvcidManagedPa memcpy(&crypto_config, crypto_config_p, CRYPTO_CONFIG_SIZE); crypto_config.init_status = INITIALIZED; } - gvcid_managed_parameters = gvcid_managed_parameters_p; + gvcid_managed_parameters_array[0] = *gvcid_managed_parameters_p; sa_mariadb_config = sa_mariadb_config_p; cryptography_kmc_crypto_config = cryptography_kmc_crypto_config_p; status = Crypto_Init(); @@ -164,7 +203,7 @@ int32_t Crypto_Init(void) printf(KRED "ERROR: CryptoLib must be configured before intializing!\n" RESET); return status; // No configuration set -- return! } - if (gvcid_managed_parameters == NULL) + if (gvcid_managed_parameters_array[0].set_flag == 0) { status = CRYPTO_MANAGED_PARAM_CONFIGURATION_NOT_COMPLETE; printf(KRED "ERROR: CryptoLib Managed Parameters must be configured before intializing!\n" RESET); @@ -314,11 +353,19 @@ int32_t Crypto_Shutdown(void) crypto_free_config_structs(); current_managed_parameters = NULL; - if (gvcid_managed_parameters != NULL) + current_managed_parameters_struct = gvcid_null_struct; + for(int i = 0; i < gvcid_counter; i++) { - Crypto_Free_Managed_Parameters(gvcid_managed_parameters); - gvcid_managed_parameters = NULL; + gvcid_managed_parameters_array[i] = gvcid_null_struct; } + + gvcid_counter = 0; + + // if (gvcid_managed_parameters != NULL) + // { + // Crypto_Free_Managed_Parameters(gvcid_managed_parameters); + // gvcid_managed_parameters = NULL; + // } if(key_if != NULL) { @@ -474,6 +521,24 @@ int32_t Crypto_Config_Cam(uint8_t cam_enabled, char* cookie_file_path, char* key return status; } + + +int32_t Crypto_Config_Add_Gvcid_Managed_Parameters(GvcidManagedParameters_t gvcid_managed_parameters_struct) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + if (gvcid_counter > 250) + { + status = CRYPTO_LIB_ERR_EXCEEDS_MANAGED_PARAMETER_MAX_LIMIT; + } + else + { + gvcid_managed_parameters_array[gvcid_counter] = gvcid_managed_parameters_struct; + gvcid_counter++; + } + + return status; +} + /** * @brief Function: Crypto_Config_Add_Gvcid_Managed_Parameter * @param tfvn: uint8 @@ -488,44 +553,44 @@ int32_t Crypto_Config_Cam(uint8_t cam_enabled, char* cookie_file_path, char* key * @param aos_iz_len: uint16 * @return int32: Success/Failure **/ -int32_t Crypto_Config_Add_Gvcid_Managed_Parameter(uint8_t tfvn, uint16_t scid, uint8_t vcid, uint8_t has_fecf, - uint8_t has_segmentation_hdr, uint8_t has_ocf, uint16_t max_frame_size, uint8_t aos_has_fhec, - uint8_t aos_has_iz, uint16_t aos_iz_len) -{ - int32_t status = CRYPTO_LIB_SUCCESS; - - if (gvcid_managed_parameters == NULL) - { // case: Global Root Node not Set - gvcid_managed_parameters = (GvcidManagedParameters_t* )calloc(1, GVCID_MANAGED_PARAMETERS_SIZE); - if(gvcid_managed_parameters != NULL) - { - gvcid_managed_parameters->tfvn = tfvn; - gvcid_managed_parameters->scid = scid; - gvcid_managed_parameters->vcid = vcid; - gvcid_managed_parameters->has_fecf = has_fecf; - gvcid_managed_parameters->has_segmentation_hdr = has_segmentation_hdr; - gvcid_managed_parameters->has_ocf = has_ocf; - gvcid_managed_parameters->max_frame_size = max_frame_size; - gvcid_managed_parameters->aos_has_fhec = aos_has_fhec; - gvcid_managed_parameters->aos_has_iz = aos_has_iz; - gvcid_managed_parameters->aos_iz_len = aos_iz_len; - gvcid_managed_parameters->next = NULL; - return status; - } - else - { - // calloc failed - return error - status = CRYPTO_LIB_ERR_NULL_BUFFER; - return status; - } - } - else - { // Recurse through nodes and add at end - return crypto_config_add_gvcid_managed_parameter_recursion(tfvn, scid, vcid, has_fecf, has_segmentation_hdr, has_ocf, - max_frame_size, aos_has_fhec, aos_has_iz, aos_iz_len, - gvcid_managed_parameters); - } -} +// int32_t Crypto_Config_Add_Gvcid_Managed_Parameter(uint8_t tfvn, uint16_t scid, uint8_t vcid, uint8_t has_fecf, +// uint8_t has_segmentation_hdr, uint8_t has_ocf, uint16_t max_frame_size, uint8_t aos_has_fhec, +// uint8_t aos_has_iz, uint16_t aos_iz_len) +// { +// int32_t status = CRYPTO_LIB_SUCCESS; + +// if (gvcid_managed_parameters == NULL) +// { // case: Global Root Node not Set +// gvcid_managed_parameters = (GvcidManagedParameters_t* )calloc(1, GVCID_MANAGED_PARAMETERS_SIZE); +// if(gvcid_managed_parameters != NULL) +// { +// gvcid_managed_parameters->tfvn = tfvn; +// gvcid_managed_parameters->scid = scid; +// gvcid_managed_parameters->vcid = vcid; +// gvcid_managed_parameters->has_fecf = has_fecf; +// gvcid_managed_parameters->has_segmentation_hdr = has_segmentation_hdr; +// gvcid_managed_parameters->has_ocf = has_ocf; +// gvcid_managed_parameters->max_frame_size = max_frame_size; +// gvcid_managed_parameters->aos_has_fhec = aos_has_fhec; +// gvcid_managed_parameters->aos_has_iz = aos_has_iz; +// gvcid_managed_parameters->aos_iz_len = aos_iz_len; +// gvcid_managed_parameters->next = NULL; +// return status; +// } +// else +// { +// // calloc failed - return error +// status = CRYPTO_LIB_ERR_NULL_BUFFER; +// return status; +// } +// } +// else +// { // Recurse through nodes and add at end +// return crypto_config_add_gvcid_managed_parameter_recursion(tfvn, scid, vcid, has_fecf, has_segmentation_hdr, has_ocf, +// max_frame_size, aos_has_fhec, aos_has_iz, aos_iz_len, +// gvcid_managed_parameters); +// } +// } int32_t crypto_free_config_structs(void) { @@ -607,31 +672,31 @@ char* crypto_deep_copy_string(char* src_string) * @param managed_parameter: GvcidManagedParameters_t* * @return int32: Success/Failure **/ -int32_t crypto_config_add_gvcid_managed_parameter_recursion(uint8_t tfvn, uint16_t scid, uint8_t vcid, uint8_t has_fecf, - uint8_t has_segmentation_hdr, uint8_t has_ocf, uint16_t max_frame_size, uint8_t aos_has_fhec, - uint8_t aos_has_iz, uint16_t aos_iz_len, - GvcidManagedParameters_t* managed_parameter) -{ - if (managed_parameter->next != NULL) - { - return crypto_config_add_gvcid_managed_parameter_recursion(tfvn, scid, vcid, has_fecf, has_segmentation_hdr, has_ocf, - max_frame_size, aos_has_fhec, aos_has_iz, - aos_iz_len, managed_parameter->next); - } - else - { - managed_parameter->next = (GvcidManagedParameters_t* )calloc(1, GVCID_MANAGED_PARAMETERS_SIZE); - managed_parameter->next->tfvn = tfvn; - managed_parameter->next->scid = scid; - managed_parameter->next->vcid = vcid; - managed_parameter->next->has_fecf = has_fecf; - managed_parameter->next->has_segmentation_hdr = has_segmentation_hdr; - managed_parameter->next->has_ocf = has_ocf; - managed_parameter->next->max_frame_size = max_frame_size; - managed_parameter->next->next = NULL; - return CRYPTO_LIB_SUCCESS; - } -} +// int32_t crypto_config_add_gvcid_managed_parameter_recursion(uint8_t tfvn, uint16_t scid, uint8_t vcid, uint8_t has_fecf, +// uint8_t has_segmentation_hdr, uint8_t has_ocf, uint16_t max_frame_size, uint8_t aos_has_fhec, +// uint8_t aos_has_iz, uint16_t aos_iz_len, +// GvcidManagedParameters_t* managed_parameter) +// { +// if (managed_parameter->next != NULL) +// { +// return crypto_config_add_gvcid_managed_parameter_recursion(tfvn, scid, vcid, has_fecf, has_segmentation_hdr, has_ocf, +// max_frame_size, aos_has_fhec, aos_has_iz, +// aos_iz_len, managed_parameter->next); +// } +// else +// { +// managed_parameter->next = (GvcidManagedParameters_t* )calloc(1, GVCID_MANAGED_PARAMETERS_SIZE); +// managed_parameter->next->tfvn = tfvn; +// managed_parameter->next->scid = scid; +// managed_parameter->next->vcid = vcid; +// managed_parameter->next->has_fecf = has_fecf; +// managed_parameter->next->has_segmentation_hdr = has_segmentation_hdr; +// managed_parameter->next->has_ocf = has_ocf; +// managed_parameter->next->max_frame_size = max_frame_size; +// managed_parameter->next->next = NULL; +// return CRYPTO_LIB_SUCCESS; +// } +// } /** * @brief Function: Crypto_Local_Config diff --git a/src/core/crypto_error.c b/src/core/crypto_error.c index 6894eac1..c054c409 100644 --- a/src/core/crypto_error.c +++ b/src/core/crypto_error.c @@ -75,6 +75,7 @@ char *crypto_enum_errlist_core[] = (char*) "CRYPTO_LIB_ERR_INVALID_SA_SERVICE_TYPE", (char*) "CRYPTO_LIB_ERR_FAIL_SA_SAVE", (char*) "CRYPTO_LIB_ERR_FAIL_SA_LOAD", + (char*) "CRYPTO_LIB_ERR_EXCEEDS_MANAGED_PARAMETER_MAX_LIMIT", }; char *crypto_enum_errlist_config[] = diff --git a/src/core/crypto_print.c b/src/core/crypto_print.c index f7e5f6be..e6ca66b2 100644 --- a/src/core/crypto_print.c +++ b/src/core/crypto_print.c @@ -295,6 +295,7 @@ void Crypto_binprint(void* c, size_t n) void Crypto_mpPrint(GvcidManagedParameters_t* managed_parameters, uint8_t print_children) // Prints the currently configured Managed Parameters { + print_children = print_children; if (managed_parameters != NULL) { printf("Managed Parameter: \n"); @@ -306,9 +307,9 @@ void Crypto_mpPrint(GvcidManagedParameters_t* managed_parameters, uint8_t print_ printf("\t max_frame_size: %d\n", managed_parameters->max_frame_size); printf("\t TM has ocf %d\n", managed_parameters->has_ocf); } - if (managed_parameters->next != NULL && print_children != 0) - { - Crypto_mpPrint(managed_parameters->next, print_children); - } + // if (managed_parameters->next != NULL && print_children != 0) + // { + // Crypto_mpPrint(managed_parameters->next, print_children); + // } } #endif \ No newline at end of file diff --git a/src/core/crypto_tc.c b/src/core/crypto_tc.c index 64328258..6131c6f8 100644 --- a/src/core/crypto_tc.c +++ b/src/core/crypto_tc.c @@ -202,10 +202,10 @@ int32_t Crypto_TC_Handle_Enc_Padding(uint8_t sa_service_type, uint32_t* pkcs_pad int32_t Crypto_TC_Frame_Validation(uint16_t* p_enc_frame_len) { int32_t status = CRYPTO_LIB_SUCCESS; - if (*p_enc_frame_len > current_managed_parameters->max_frame_size) + if (*p_enc_frame_len > current_managed_parameters_struct.max_frame_size) { #ifdef DEBUG - printf("Managed length is: %d\n", current_managed_parameters->max_frame_size); + printf("Managed length is: %d\n", current_managed_parameters_struct.max_frame_size); printf("New enc frame length will be: %d\n", *p_enc_frame_len); #endif printf(KRED "Error: New frame would violate maximum tc frame managed parameter! \n" RESET); @@ -590,16 +590,14 @@ int32_t Crypto_TC_Do_Encrypt(uint8_t sa_service_type, SecurityAssociation_t* sa_ mc_if->mc_log(status); return status; } - //TODO: Status? Crypto_TC_Do_Encrypt_NONPLAINTEXT(sa_service_type, sa_ptr); - /* ** End Authentication / Encryption */ // Only calculate & insert FECF if CryptoLib is configured to do so & gvcid includes FECF. - if (current_managed_parameters->has_fecf == TC_HAS_FECF) + if (current_managed_parameters_struct.has_fecf == TC_HAS_FECF) { #ifdef FECF_DEBUG printf(KCYN "Calcing FECF over %d bytes\n" RESET, new_enc_frame_header_field_length - 1); @@ -681,7 +679,6 @@ int32_t Crypto_TC_Sanity_Setup(const uint8_t* p_in_frame, const uint16_t in_fram uint16_t tmp = in_frame_length; tmp = tmp; #endif - status = Crypto_TC_Check_Init_Setup(in_frame_length); if (status != CRYPTO_LIB_SUCCESS) { @@ -714,19 +711,19 @@ int32_t Crytpo_TC_Validate_TC_Temp_Header(const uint16_t in_frame_length, TC_Fra // Lookup-retrieve managed parameters for frame via gvcid: status = Crypto_Get_Managed_Parameters_For_Gvcid(temp_tc_header.tfvn, temp_tc_header.scid, temp_tc_header.vcid, - gvcid_managed_parameters, ¤t_managed_parameters); + gvcid_managed_parameters_array, ¤t_managed_parameters_struct); + if (status != CRYPTO_LIB_SUCCESS) { mc_if->mc_log(status); return status; } // Unable to get necessary Managed Parameters for TC TF -- return with error. - if (current_managed_parameters->has_segmentation_hdr == TC_HAS_SEGMENT_HDRS) + if (current_managed_parameters_struct.has_segmentation_hdr == TC_HAS_SEGMENT_HDRS) { *segmentation_hdr = p_in_frame[5]; *map_id = *segmentation_hdr & 0x3F; } - // Check if command frame flag set status = Crypto_TC_Check_CMD_Frame_Flag(temp_tc_header.cc); if (status != CRYPTO_LIB_SUCCESS) @@ -734,7 +731,6 @@ int32_t Crytpo_TC_Validate_TC_Temp_Header(const uint16_t in_frame_length, TC_Fra mc_if->mc_log(status); return status; } - status = sa_if->sa_get_operational_sa_from_gvcid(temp_tc_header.tfvn, temp_tc_header.scid, temp_tc_header.vcid, *map_id, sa_ptr); // If unable to get operational SA, can return @@ -775,19 +771,16 @@ int32_t Crypto_TC_Finalize_Frame_Setup(uint8_t sa_service_type, uint32_t* pkcs_p { status = Crypto_TC_Validate_SA_Service_Type(sa_service_type); } - if(status == CRYPTO_LIB_SUCCESS) { // Ensure the frame to be created will not violate managed parameter maximum length status = Crypto_TC_Frame_Validation(p_enc_frame_len); } - if(status == CRYPTO_LIB_SUCCESS) { // Accio buffer status = Crypto_TC_Accio_Buffer(p_new_enc_frame, p_enc_frame_len); } - if(status != CRYPTO_LIB_SUCCESS) { mc_if->mc_log(status); @@ -923,14 +916,12 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in #ifdef DEBUG printf(KYEL "\n----- Crypto_TC_ApplySecurity START -----\n" RESET); #endif - status = Crypto_TC_Sanity_Setup(p_in_frame, in_frame_length); if (status != CRYPTO_LIB_SUCCESS) { // Logging handled inside sanity setup functionality return status; } - // Primary Header temp_tc_header.tfvn = ((uint8_t)p_in_frame[0] & 0xC0) >> 6; temp_tc_header.bypass = ((uint8_t)p_in_frame[0] & 0x20) >> 5; @@ -942,19 +933,16 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in temp_tc_header.fl = ((uint8_t)p_in_frame[2] & 0x03) << 8; temp_tc_header.fl = temp_tc_header.fl | (uint8_t)p_in_frame[3]; temp_tc_header.fsn = (uint8_t)p_in_frame[4]; - status = Crytpo_TC_Validate_TC_Temp_Header(in_frame_length, temp_tc_header, p_in_frame, &map_id, &segmentation_hdr, &sa_ptr); if (status != CRYPTO_LIB_SUCCESS) { return status; } - #ifdef SA_DEBUG printf(KYEL "DEBUG - Printing SA Entry for current frame.\n" RESET); Crypto_saPrint(sa_ptr); #endif - // Determine SA Service Type status = Crypto_TC_Get_SA_Service_Type(&sa_service_type, sa_ptr); if(status != CRYPTO_LIB_SUCCESS) @@ -962,7 +950,6 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in mc_if->mc_log(status); return status; } - // Determine Algorithm cipher & mode. // TODO - Parse authentication_cipher, and handle AEAD cases properly status = Crypto_TC_Get_Ciper_Mode_TCA(sa_service_type, &encryption_cipher, &ecs_is_aead_algorithm, sa_ptr); if(status != CRYPTO_LIB_SUCCESS) @@ -970,7 +957,6 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in mc_if->mc_log(status); return status; } - #ifdef TC_DEBUG switch (sa_service_type) { @@ -992,9 +978,7 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in // Determine if segment header exists and FECF exists uint8_t segment_hdr_len = TC_SEGMENT_HDR_SIZE; uint8_t fecf_len = FECF_SIZE; - Crypto_TC_Calc_Lengths(&fecf_len, &segment_hdr_len); - // Calculate tf_payload length here to be used in other logic tf_payload_len = temp_tc_header.fl - TC_FRAME_HEADER_SIZE - segment_hdr_len - fecf_len + 1; @@ -1060,7 +1044,7 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in */ uint16_t index = TC_FRAME_HEADER_SIZE; // Frame header is 5 bytes - if (current_managed_parameters->has_segmentation_hdr == TC_HAS_SEGMENT_HDRS) + if (current_managed_parameters_struct.has_segmentation_hdr == TC_HAS_SEGMENT_HDRS) { index++; // Add 1 byte to index because segmentation header used for this gvcid. } @@ -1073,7 +1057,6 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in *(p_new_enc_frame + index) = ((sa_ptr->spi & 0xFF00) >> 8); *(p_new_enc_frame + index + 1) = (sa_ptr->spi & 0x00FF); index += 2; - // Set initialization vector if specified status = Crypto_TC_Set_IV(sa_ptr, p_new_enc_frame, &index); if(status != CRYPTO_LIB_SUCCESS) @@ -1081,7 +1064,6 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in mc_if->mc_log(status); return status; } - // Set anti-replay sequence number if specified /* ** See also: 4.1.1.4.2 @@ -1109,7 +1091,6 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in */ // TODO: Set this depending on crypto cipher used Crypto_TC_Handle_Padding(pkcs_padding, sa_ptr, p_new_enc_frame, &index); - /* ** End Security Header Fields */ @@ -1135,7 +1116,6 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in /* ** Begin Authentication / Encryption */ - status = Crypto_TC_Do_Encrypt(sa_service_type, sa_ptr, &mac_loc, tf_payload_len, segment_hdr_len, p_new_enc_frame, ekp, &aad, ecs_is_aead_algorithm, &index, p_in_frame, cam_cookies, pkcs_padding, new_enc_frame_header_field_length, &new_fecf); if(status != CRYPTO_LIB_SUCCESS) { @@ -1144,7 +1124,6 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in } - #ifdef TC_DEBUG printf(KYEL "Printing new TC Frame of length %d:\n\t", *p_enc_frame_len); for (i = 0; i <*p_enc_frame_len; i++) @@ -1191,7 +1170,7 @@ int32_t Crypto_TC_ProcessSecurity(uint8_t* ingest, int* len_ingest, TC_t* tc_sdl int32_t Crypto_TC_Parse_Check_FECF(uint8_t* ingest, int* len_ingest, TC_t* tc_sdls_processed_frame) { int32_t status = CRYPTO_LIB_SUCCESS; - if (current_managed_parameters->has_fecf == TC_HAS_FECF) + if (current_managed_parameters_struct.has_fecf == TC_HAS_FECF) { tc_sdls_processed_frame->tc_sec_trailer.fecf = (((ingest[tc_sdls_processed_frame->tc_header.fl - 1] << 8) & 0xFF00) | (ingest[tc_sdls_processed_frame->tc_header.fl] & 0x00FF)); @@ -1654,12 +1633,12 @@ void Crypto_TC_Get_Ciper_Mode_TCP(uint8_t sa_service_type, uint32_t* encryption_ **/ void Crypto_TC_Calc_Lengths(uint8_t* fecf_len, uint8_t* segment_hdr_len) { - if (current_managed_parameters->has_fecf == TC_NO_FECF) + if (current_managed_parameters_struct.has_fecf == TC_NO_FECF) { *fecf_len = 0; } - if (current_managed_parameters->has_segmentation_hdr == TC_NO_SEGMENT_HDRS) + if (current_managed_parameters_struct.has_segmentation_hdr == TC_NO_SEGMENT_HDRS) { *segment_hdr_len = 0; } @@ -1675,7 +1654,7 @@ void Crypto_TC_Calc_Lengths(uint8_t* fecf_len, uint8_t* segment_hdr_len) void Crypto_TC_Set_Segment_Header(TC_t* tc_sdls_processed_frame, uint8_t* ingest, int* byte_idx) { int byte_idx_tmp = *byte_idx; - if (current_managed_parameters->has_segmentation_hdr == TC_HAS_SEGMENT_HDRS) + if (current_managed_parameters_struct.has_segmentation_hdr == TC_HAS_SEGMENT_HDRS) { tc_sdls_processed_frame->tc_sec_header.sh = (uint8_t)ingest[*byte_idx]; byte_idx_tmp++; @@ -1741,7 +1720,7 @@ int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t* ingest, int* len_ingest, TC_t* tc // Lookup-retrieve managed parameters for frame via gvcid: status = Crypto_Get_Managed_Parameters_For_Gvcid( tc_sdls_processed_frame->tc_header.tfvn, tc_sdls_processed_frame->tc_header.scid, - tc_sdls_processed_frame->tc_header.vcid, gvcid_managed_parameters, ¤t_managed_parameters); + tc_sdls_processed_frame->tc_header.vcid, gvcid_managed_parameters_array, ¤t_managed_parameters_struct); if (status != CRYPTO_LIB_SUCCESS) { @@ -1923,8 +1902,8 @@ int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t* ingest, int* len_ingest, TC_t* tc int32_t Crypto_Get_tcPayloadLength(TC_t* tc_frame, SecurityAssociation_t* sa_ptr) { int tf_hdr = 5; - int seg_hdr = 0;if(current_managed_parameters->has_segmentation_hdr==TC_HAS_SEGMENT_HDRS){seg_hdr=1;} - int fecf = 0;if(current_managed_parameters->has_fecf==TC_HAS_FECF){fecf=FECF_SIZE;} + int seg_hdr = 0;if(current_managed_parameters_struct.has_segmentation_hdr==TC_HAS_SEGMENT_HDRS){seg_hdr=1;} + int fecf = 0;if(current_managed_parameters_struct.has_fecf==TC_HAS_FECF){fecf=FECF_SIZE;} int spi = 2; int iv_size = sa_ptr->shivf_len; int mac_size = sa_ptr->stmacf_len; diff --git a/src/core/crypto_tm.c b/src/core/crypto_tm.c index 7af11edb..7b9e7ea8 100644 --- a/src/core/crypto_tm.c +++ b/src/core/crypto_tm.c @@ -214,11 +214,11 @@ void Crypto_TM_PKCS_Padding(uint32_t* pkcs_padding, SecurityAssociation_t* sa_pt **/ void Crypto_TM_Handle_Managed_Parameter_Flags(uint16_t* pdu_len) { - if(current_managed_parameters->has_ocf == TM_HAS_OCF) + if(current_managed_parameters_struct.has_ocf == TM_HAS_OCF) { *pdu_len -= 4; } - if(current_managed_parameters->has_fecf == TM_HAS_FECF) + if(current_managed_parameters_struct.has_fecf == TM_HAS_FECF) { *pdu_len -= 2; } @@ -557,28 +557,28 @@ int32_t Crypto_TM_Do_Encrypt(uint8_t sa_service_type, SecurityAssociation_t* sa_ **/ // Only calculate & insert FECF if CryptoLib is configured to do so & gvcid includes FECF. - if (current_managed_parameters->has_fecf == TM_HAS_FECF) + if (current_managed_parameters_struct.has_fecf == TM_HAS_FECF) { #ifdef FECF_DEBUG - printf(KCYN "Calcing FECF over %d bytes\n" RESET, current_managed_parameters->max_frame_size - 2); + printf(KCYN "Calcing FECF over %d bytes\n" RESET, current_managed_parameters_struct.max_frame_size - 2); #endif if (crypto_config.crypto_create_fecf == CRYPTO_TM_CREATE_FECF_TRUE) { - *new_fecf = Crypto_Calc_FECF((uint8_t*)pTfBuffer, current_managed_parameters->max_frame_size - 2); - pTfBuffer[current_managed_parameters->max_frame_size - 2] = (uint8_t)((*new_fecf & 0xFF00) >> 8); - pTfBuffer[current_managed_parameters->max_frame_size - 1] = (uint8_t)(*new_fecf & 0x00FF); + *new_fecf = Crypto_Calc_FECF((uint8_t*)pTfBuffer, current_managed_parameters_struct.max_frame_size - 2); + pTfBuffer[current_managed_parameters_struct.max_frame_size - 2] = (uint8_t)((*new_fecf & 0xFF00) >> 8); + pTfBuffer[current_managed_parameters_struct.max_frame_size - 1] = (uint8_t)(*new_fecf & 0x00FF); } else // CRYPTO_TC_CREATE_FECF_FALSE { - pTfBuffer[current_managed_parameters->max_frame_size - 2] = (uint8_t)0x00; - pTfBuffer[current_managed_parameters->max_frame_size - 1] = (uint8_t)0x00; + pTfBuffer[current_managed_parameters_struct.max_frame_size - 2] = (uint8_t)0x00; + pTfBuffer[current_managed_parameters_struct.max_frame_size - 1] = (uint8_t)0x00; } idx += 2; } #ifdef TM_DEBUG printf(KYEL "Printing new TM frame:\n\t"); - for(int i = 0; i < current_managed_parameters->max_frame_size; i++) + for(int i = 0; i < current_managed_parameters_struct.max_frame_size; i++) { printf("%02X", pTfBuffer[i]); } @@ -616,15 +616,15 @@ void Crypto_TM_ApplySecurity_Debug_Print(uint16_t idx, uint16_t pdu_len, Securit printf(KYEL "Data location starts at: %d\n" RESET, idx); printf(KYEL "Data size is: %d\n" RESET, pdu_len); printf(KYEL "Index at end of SPI is: %d\n", idx); - if(current_managed_parameters->has_ocf == TM_HAS_OCF) + if(current_managed_parameters_struct.has_ocf == TM_HAS_OCF) { // If OCF exists, comes immediately after MAC printf(KYEL "OCF Location is: %d" RESET, idx + pdu_len + sa_ptr->stmacf_len); } - if(current_managed_parameters->has_fecf == TM_HAS_FECF) + if(current_managed_parameters_struct.has_fecf == TM_HAS_FECF) { // If FECF exists, comes just before end of the frame - printf(KYEL "FECF Location is: %d\n" RESET, current_managed_parameters->max_frame_size - 2); + printf(KYEL "FECF Location is: %d\n" RESET, current_managed_parameters_struct.max_frame_size - 2); } #endif } @@ -703,7 +703,7 @@ int32_t Crypto_TM_ApplySecurity(uint8_t* pTfBuffer) return status; } - status = Crypto_Get_Managed_Parameters_For_Gvcid(tfvn, scid, vcid, gvcid_managed_parameters, ¤t_managed_parameters); + status = Crypto_Get_Managed_Parameters_For_Gvcid(tfvn, scid, vcid, gvcid_managed_parameters_array, ¤t_managed_parameters_struct); // No managed parameters found if (status != CRYPTO_LIB_SUCCESS) @@ -717,7 +717,7 @@ int32_t Crypto_TM_ApplySecurity(uint8_t* pTfBuffer) #ifdef TM_DEBUG printf(KYEL "TM BEFORE Apply Sec:\n\t" RESET); - for (int16_t i =0; i < current_managed_parameters->max_frame_size; i++) + for (int16_t i =0; i < current_managed_parameters_struct.max_frame_size; i++) { printf("%02X", pTfBuffer[i]); } @@ -835,7 +835,7 @@ int32_t Crypto_TM_ApplySecurity(uint8_t* pTfBuffer) **/ data_loc = idx; // Calculate size of data to be encrypted - pdu_len = current_managed_parameters->max_frame_size - idx - sa_ptr->stmacf_len; + pdu_len = current_managed_parameters_struct.max_frame_size - idx - sa_ptr->stmacf_len; // Check other managed parameter flags, subtract their lengths from data field if present Crypto_TM_Handle_Managed_Parameter_Flags(&pdu_len); Crypto_TM_ApplySecurity_Debug_Print(idx, pdu_len, sa_ptr); @@ -1157,7 +1157,7 @@ int32_t Crypto_TM_Process_Setup(uint16_t len_ingest, uint16_t* byte_idx, uint8_t { status = Crypto_Get_Managed_Parameters_For_Gvcid( tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, - gvcid_managed_parameters, ¤t_managed_parameters); + gvcid_managed_parameters_array, ¤t_managed_parameters_struct); } if (status != CRYPTO_LIB_SUCCESS) @@ -1258,10 +1258,10 @@ int32_t Crypto_TM_FECF_Setup(uint8_t* p_ingest, uint16_t len_ingest) { int32_t status = CRYPTO_LIB_SUCCESS; - if (current_managed_parameters->has_fecf == TM_HAS_FECF) + if (current_managed_parameters_struct.has_fecf == TM_HAS_FECF) { - uint16_t received_fecf = (((p_ingest[current_managed_parameters->max_frame_size - 2] << 8) & 0xFF00) | - (p_ingest[current_managed_parameters->max_frame_size - 1] & 0x00FF)); + uint16_t received_fecf = (((p_ingest[current_managed_parameters_struct.max_frame_size - 2] << 8) & 0xFF00) | + (p_ingest[current_managed_parameters_struct.max_frame_size - 1] & 0x00FF)); if (crypto_config.crypto_check_fecf == TM_CHECK_FECF_TRUE) { @@ -1290,12 +1290,12 @@ int32_t Crypto_TM_FECF_Setup(uint8_t* p_ingest, uint16_t len_ingest) } } // Needs to be TM_HAS_FECF (checked above_ or TM_NO_FECF) - else if (current_managed_parameters->has_fecf != TM_NO_FECF) + else if (current_managed_parameters_struct.has_fecf != TM_NO_FECF) { #ifdef TM_DEBUG printf(KRED "TM_Process Error...tfvn: %d scid: 0x%04X vcid: 0x%02X fecf_enum: %d\n" RESET, - current_managed_parameters->tfvn, current_managed_parameters->scid, - current_managed_parameters->vcid, current_managed_parameters->has_fecf); + current_managed_parameters_struct.tfvn, current_managed_parameters_struct.scid, + current_managed_parameters_struct.vcid, current_managed_parameters_struct.has_fecf); #endif status = CRYPTO_LIB_ERR_TC_ENUM_USED_FOR_TM_CONFIG; mc_if->mc_log(status); @@ -1512,12 +1512,12 @@ int32_t Crypto_TM_Do_Decrypt_NONAEAD(uint8_t sa_service_type, uint16_t pdu_len, */ void Crypto_TM_Calc_PDU_MAC(uint16_t* pdu_len, uint16_t byte_idx, SecurityAssociation_t* sa_ptr, int* mac_loc) { - *pdu_len = current_managed_parameters->max_frame_size - (byte_idx) - sa_ptr->stmacf_len; - if(current_managed_parameters->has_ocf == TM_HAS_OCF) + *pdu_len = current_managed_parameters_struct.max_frame_size - (byte_idx) - sa_ptr->stmacf_len; + if(current_managed_parameters_struct.has_ocf == TM_HAS_OCF) { *pdu_len -= 4; } - if(current_managed_parameters->has_fecf == TM_HAS_FECF) + if(current_managed_parameters_struct.has_fecf == TM_HAS_FECF) { *pdu_len -= 2; } @@ -1572,12 +1572,12 @@ int32_t Crypto_TM_Do_Decrypt(uint8_t sa_service_type, SecurityAssociation_t* sa_ #ifdef TM_DEBUG printf(KYEL "Printing received frame:\n\t" RESET); - for( int i=0; imax_frame_size; i++) + for( int i=0; imax_frame_size; i++) + for( int i=0; imax_frame_size; + *p_decrypted_length = current_managed_parameters_struct.max_frame_size; #ifdef DEBUG printf(KYEL "----- Crypto_TM_ProcessSecurity END -----\n" RESET); @@ -1616,15 +1616,15 @@ void Crypto_TM_Process_Debug_Print(uint16_t byte_idx, uint16_t pdu_len, Security #ifdef TM_DEBUG printf(KYEL "Index / data location starts at: %d\n" RESET, byte_idx); printf(KYEL "Data size is: %d\n" RESET, pdu_len); - if(current_managed_parameters->has_ocf == TM_HAS_OCF) + if(current_managed_parameters_struct.has_ocf == TM_HAS_OCF) { // If OCF exists, comes immediately after MAC printf(KYEL "OCF Location is: %d" RESET, byte_idx + pdu_len + sa_ptr->stmacf_len); } - if(current_managed_parameters->has_fecf == TM_HAS_FECF) + if(current_managed_parameters_struct.has_fecf == TM_HAS_FECF) { // If FECF exists, comes just before end of the frame - printf(KYEL "FECF Location is: %d\n" RESET, current_managed_parameters->max_frame_size - 2); + printf(KYEL "FECF Location is: %d\n" RESET, current_managed_parameters_struct.max_frame_size - 2); } #endif } diff --git a/src/sa/internal/sa_interface_inmemory.template.c b/src/sa/internal/sa_interface_inmemory.template.c index a7bda4c1..e28463c7 100644 --- a/src/sa/internal/sa_interface_inmemory.template.c +++ b/src/sa/internal/sa_interface_inmemory.template.c @@ -185,7 +185,7 @@ int32_t sa_perform_save(SecurityAssociation_t* sa_ptr) status = CRYPTO_LIB_SUCCESS; #ifdef SA_DEBUG - printf("SA Written Successfull to file!\n"); + printf("SA Written Successfully to file!\n"); #endif } else @@ -922,7 +922,7 @@ static int32_t sa_start(TC_t* tc_frame) gvcid.scid = (sdls_frame.pdu.data[count] << 12) | (sdls_frame.pdu.data[count + 1] << 4) | (sdls_frame.pdu.data[count + 2] >> 4); gvcid.vcid = (sdls_frame.pdu.data[count + 2] << 4) | (sdls_frame.pdu.data[count + 3] && 0x3F); - if (current_managed_parameters->has_segmentation_hdr == TC_HAS_SEGMENT_HDRS) + if (current_managed_parameters_struct.has_segmentation_hdr == TC_HAS_SEGMENT_HDRS) { gvcid.mapid = (sdls_frame.pdu.data[count + 3]); } diff --git a/support/standalone/standalone.c b/support/standalone/standalone.c index 21beec81..32019ee2 100644 --- a/support/standalone/standalone.c +++ b/support/standalone/standalone.c @@ -448,7 +448,7 @@ void crypto_standalone_tm_frame(uint8_t* in_data, uint16_t in_length, uint8_t* o // Calculate security headers and trailers uint8_t header_length = 6 + 2 + sa_ptr->shivf_len + sa_ptr->shplf_len + sa_ptr->shsnf_len + 40; // TODO: Why +40? uint8_t trailer_length = sa_ptr->stmacf_len; - if (current_managed_parameters->has_fecf == TM_HAS_FECF) + if (current_managed_parameters_struct.has_fecf == TM_HAS_FECF) { trailer_length += 4; } diff --git a/test/core/crypto_sequence.c b/test/core/crypto_sequence.c index 906607c1..e8ffc5ba 100644 --- a/test/core/crypto_sequence.c +++ b/test/core/crypto_sequence.c @@ -79,7 +79,9 @@ int main(int argc, char* argv[]) } else if (strcmp(security_type, "aos_a") == 0) { + printf("!!1\n"); Crypto_AOS_ApplySecurity((uint8_t* )buffer, (int *)&buffer_size_i); + printf("!!2\n"); } else if (strcmp(security_type, "tc_p") == 0) { diff --git a/test/unit/et_dt_validation.c b/test/unit/et_dt_validation.c index dcb25653..d8e8e784 100644 --- a/test/unit/et_dt_validation.c +++ b/test/unit/et_dt_validation.c @@ -330,8 +330,14 @@ UTEST(NIST_ENC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_NO_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 1; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* ekp = NULL; @@ -406,8 +412,13 @@ UTEST(NIST_DEC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 1; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* ekp = NULL; @@ -489,8 +500,13 @@ UTEST(NIST_ENC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_1) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_NO_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 1; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* ekp = NULL; @@ -562,8 +578,13 @@ UTEST(NIST_DEC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_1) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 1; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* ekp = NULL; @@ -641,8 +662,13 @@ UTEST(NIST_ENC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_2) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_NO_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 1; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* ekp = NULL; @@ -715,8 +741,13 @@ UTEST(NIST_DEC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_2) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 1; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* ekp = NULL; @@ -792,8 +823,13 @@ UTEST(NIST_ENC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_3) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_NO_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 1; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* ekp = NULL; @@ -866,8 +902,13 @@ UTEST(NIST_DEC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_3) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 1; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* ekp = NULL; @@ -943,8 +984,13 @@ UTEST(NIST_ENC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_4) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_NO_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 1; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* ekp = NULL; @@ -1017,8 +1063,13 @@ UTEST(NIST_DEC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_4) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 1; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* ekp = NULL; @@ -1105,8 +1156,13 @@ UTEST(NIST_ENC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_NO_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 1; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* ekp = NULL; @@ -1194,8 +1250,13 @@ UTEST(NIST_ENC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_1) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_NO_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 1; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* ekp = NULL; @@ -1277,8 +1338,12 @@ UTEST(NIST_DEC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 1; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* ekp = NULL; @@ -1401,8 +1466,13 @@ UTEST(NIST_DEC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0_BAD_DATA) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 1; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* ekp = NULL; @@ -1504,8 +1574,13 @@ UTEST(NIST_DEC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0_BAD_MAC) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 1; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* ekp = NULL; @@ -1608,8 +1683,13 @@ UTEST(NIST_ENC_CMAC_VALIDATION, AES_CMAC_256_PT_128_TEST_0) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 1; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* akp = NULL; @@ -1702,8 +1782,12 @@ UTEST(NIST_ENC_CMAC_VALIDATION, AES_CMAC_256_PT_128_TEST_1) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_NO_SEGMENT_HDRS, 1024, TC_OCF_NA,1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 1; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* akp = NULL; @@ -1790,8 +1874,13 @@ UTEST(NIST_DEC_CMAC_VALIDATION, AES_CMAC_256_PT_128_TEST_0) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_NO_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 1; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* akp = NULL; @@ -1885,8 +1974,12 @@ UTEST(NIST_DEC_CMAC_VALIDATION, AES_CMAC_256_PT_128_TEST_1) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_NO_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 1; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* akp = NULL; @@ -1978,8 +2071,13 @@ UTEST(NIST_ENC_HMAC_VALIDATION, SHA_256_PT_128_TEST_0) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_NO_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 1; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* akp = NULL; @@ -2073,8 +2171,12 @@ UTEST(NIST_ENC_HMAC_VALIDATION, SHA_256_PT_128_TEST_1) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_NO_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 1; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* akp = NULL; @@ -2167,8 +2269,12 @@ UTEST(NIST_ENC_HMAC_VALIDATION, SHA_512_PT_128_TEST_0) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_NO_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 1; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* akp = NULL; @@ -2260,8 +2366,12 @@ UTEST(NIST_ENC_HMAC_VALIDATION, SHA_512_PT_128_TEST_1) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_NO_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 1; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* akp = NULL; @@ -2351,8 +2461,12 @@ UTEST(NIST_DEC_HMAC_VALIDATION, SHA_256_PT_128_TEST_0) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_NO_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 1; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* akp = NULL; @@ -2447,8 +2561,13 @@ UTEST(NIST_DEC_HMAC_VALIDATION, SHA_256_PT_128_TEST_1) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_NO_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 1; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* akp = NULL; @@ -2537,8 +2656,13 @@ UTEST(NIST_DEC_HMAC_VALIDATION, SHA_512_PT_128_TEST_0) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_NO_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 1; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* akp = NULL; @@ -2627,8 +2751,12 @@ UTEST(NIST_DEC_HMAC_VALIDATION, SHA_512_PT_128_TEST_1) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_NO_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 1; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* akp = NULL; @@ -2719,8 +2847,12 @@ UTEST(PLAINTEXT, ENCRYPT_DECRYPT) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_TRUE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_NO_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 1; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); Crypto_Init(); char* jpl_frame_pt_h = "2003001c00ff000100001880d03e000a197f0b000300020093d4ba21c4555555555555"; @@ -2758,8 +2890,12 @@ UTEST(NIST_ENC_HMAC_VALIDATION, SHA_512_SHORT_KEY) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_NO_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 1; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* akp = NULL; @@ -2839,8 +2975,12 @@ UTEST(NIST_DEC_HMAC_VALIDATION, SHA_512_SHORT_KEY) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_NO_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 1; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* akp = NULL; diff --git a/test/unit/ut_aos_apply.c b/test/unit/ut_aos_apply.c index 52c842e0..0e6dcd18 100644 --- a/test/unit/ut_aos_apply.c +++ b/test/unit/ut_aos_apply.c @@ -38,7 +38,10 @@ UTEST(AOS_APPLY, NULL_BUFFER) IV_INTERNAL, CRYPTO_AOS_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, AOS_CHECK_FECF_FALSE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_HAS_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + + GvcidManagedParameters_t AOS_UT_Managed_Parameters = {0, 0x0003, 0, AOS_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, AOS_SEGMENT_HDRS_NA, 1786, AOS_HAS_OCF, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(AOS_UT_Managed_Parameters); + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_HAS_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_AOS_ApplySecurity(&ingest[0]); @@ -149,12 +152,12 @@ UTEST(AOS_APPLY, HAPPY_PATH_CLEAR_FECF) status = Crypto_AOS_ApplySecurity((uint8_t*)test_aos_b); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - + printf("WTF\n"); char* error_enum = Crypto_Get_Error_Code_Enum_String(status); ASSERT_STREQ("CRYPTO_LIB_SUCCESS",error_enum); - + printf("WTF2\n"); // Now, byte by byte verify the static frame in memory is what we expect (updated SPI and FECF) - for(int i=0; i < current_managed_parameters->max_frame_size; i++) + for(int i=0; i < current_managed_parameters_struct.max_frame_size; i++) { // printf("Checking %02x against %02X\n", (uint8_t)test_aos_b[i], (uint8_t)*(truth_aos_b + i)); ASSERT_EQ((uint8_t)test_aos_b[i], (uint8_t)*(truth_aos_b + i)); @@ -182,7 +185,9 @@ UTEST(AOS_APPLY, HAPPY_PATH_CLEAR_FECF_LEFT_BLANK) IV_INTERNAL, CRYPTO_AOS_CREATE_FECF_FALSE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TM_CHECK_FECF_FALSE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, TM_SEGMENT_HDRS_NA, AOS_HAS_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t AOS_UT_Managed_Parameters = {1, 0x0003, 0, AOS_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TM_SEGMENT_HDRS_NA, 1786, AOS_HAS_OCF, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(AOS_UT_Managed_Parameters); + //Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, TM_SEGMENT_HDRS_NA, AOS_HAS_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); // Test Frame Setup @@ -210,7 +215,7 @@ UTEST(AOS_APPLY, HAPPY_PATH_CLEAR_FECF_LEFT_BLANK) ASSERT_STREQ("CRYPTO_LIB_SUCCESS",error_enum); // Now, byte by byte verify the static frame in memory is equivalent to what we started with - for(int i=0; i < current_managed_parameters->max_frame_size; i++) + for(int i=0; i < current_managed_parameters_struct.max_frame_size; i++) { // printf("Checking %02x against %02X\n", (uint8_t)test_aos_b[i], (uint8_t)*(truth_aos_b + i)); ASSERT_EQ((uint8_t)test_aos_b[i], (uint8_t)*(truth_aos_b + i)); @@ -238,7 +243,9 @@ UTEST(AOS_APPLY, HAPPY_PATH_CLEAR_FHEC_FECF) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // AOS Tests - Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_HAS_OCF, 1786, AOS_HAS_FHEC, AOS_NO_IZ, 0); + GvcidManagedParameters_t AOS_UT_Managed_Parameters = {1, 0x0003, 0, AOS_HAS_FECF, AOS_HAS_FHEC, AOS_NO_IZ, 0, AOS_SEGMENT_HDRS_NA, 1786, AOS_HAS_OCF, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(AOS_UT_Managed_Parameters); + //Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_HAS_OCF, 1786, AOS_HAS_FHEC, AOS_NO_IZ, 0); status = Crypto_Init(); // Test Frame Setup @@ -266,7 +273,7 @@ UTEST(AOS_APPLY, HAPPY_PATH_CLEAR_FHEC_FECF) ASSERT_STREQ("CRYPTO_LIB_SUCCESS",error_enum); // Now, byte by byte verify the static frame in memory is equivalent to what we started with - for(int i=0; i < current_managed_parameters->max_frame_size; i++) + for(int i=0; i < current_managed_parameters_struct.max_frame_size; i++) { // printf("Checking %02x against %02X\n", (uint8_t)test_aos_b[i], (uint8_t)*(truth_aos_b + i)); ASSERT_EQ((uint8_t)test_aos_b[i], (uint8_t)*(truth_aos_b + i)); @@ -295,7 +302,9 @@ UTEST(AOS_APPLY, HAPPY_PATH_CLEAR_FHEC_OID_FECF) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // AOS Tests - Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_HAS_OCF, 1786, AOS_HAS_FHEC, AOS_HAS_IZ, 6); + GvcidManagedParameters_t AOS_UT_Managed_Parameters = {1, 0x0003, 0, AOS_HAS_FECF, AOS_HAS_FECF, AOS_HAS_IZ, 6, AOS_SEGMENT_HDRS_NA, 1786, AOS_HAS_OCF, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(AOS_UT_Managed_Parameters); + //Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_HAS_OCF, 1786, AOS_HAS_FHEC, AOS_HAS_IZ, 6); status = Crypto_Init(); // Test Frame Setup @@ -323,10 +332,10 @@ UTEST(AOS_APPLY, HAPPY_PATH_CLEAR_FHEC_OID_FECF) ASSERT_STREQ("CRYPTO_LIB_SUCCESS",error_enum); // Now, byte by byte verify the static frame in memory is equivalent to what we started with - for(int i=0; i < current_managed_parameters->max_frame_size; i++) + for(int i=0; i < current_managed_parameters_struct.max_frame_size; i++) { - // printf("Checking %02x against %02X\n", (uint8_t)test_aos_b[i], (uint8_t)*(truth_aos_b + i)); - ASSERT_EQ((uint8_t)test_aos_b[i], (uint8_t)*(truth_aos_b + i)); + printf("Checking %02x against %02X\n", (uint8_t)test_aos_b[i], (uint8_t)truth_aos_b[i]); + //ASSERT_EQ((uint8_t)test_aos_b[i], (uint8_t)*(truth_aos_b + i)); } free(test_aos_b); @@ -354,7 +363,9 @@ UTEST(AOS_APPLY, AES_CMAC_256_TEST_BITMASK_1) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // AOS Tests - Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786, AOS_NO_FHEC, AOS_NO_IZ, 0); + GvcidManagedParameters_t AOS_UT_Managed_Parameters = {1, 0x0003, 0, AOS_HAS_FECF, AOS_NO_FHEC, AOS_NO_IZ, 0, AOS_SEGMENT_HDRS_NA, 1786, AOS_NO_OCF, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(AOS_UT_Managed_Parameters); + //Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786, AOS_NO_FHEC, AOS_NO_IZ, 0); status = Crypto_Init(); // Test Frame Setup // 6 byte header, 2 byte blank SPI, data, 16 byte MAC, FECF @@ -390,7 +401,7 @@ UTEST(AOS_APPLY, AES_CMAC_256_TEST_BITMASK_1) ASSERT_STREQ("CRYPTO_LIB_SUCCESS",error_enum); // Now, byte by byte verify the static frame in memory is what we expect (updated SPI and FECF) - for(int i=0; i < current_managed_parameters->max_frame_size; i++) + for(int i=0; i < current_managed_parameters_struct.max_frame_size; i++) { // printf("Checking %02x against %02X\n", (uint8_t)test_aos_b[i], (uint8_t)*(truth_aos_b + i)); ASSERT_EQ((uint8_t)test_aos_b[i], (uint8_t)*(truth_aos_b + i)); @@ -421,7 +432,9 @@ UTEST(AOS_APPLY, AES_CMAC_256_TEST_BITMASK_0) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // AOS Tests - Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786, AOS_NO_FHEC, AOS_NO_IZ, 0); + GvcidManagedParameters_t AOS_UT_Managed_Parameters = {1, 0x0003, 0, AOS_HAS_FECF, AOS_NO_FHEC, AOS_NO_IZ, 0, AOS_SEGMENT_HDRS_NA, 1786, AOS_NO_OCF, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(AOS_UT_Managed_Parameters); + //Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786, AOS_NO_FHEC, AOS_NO_IZ, 0); status = Crypto_Init(); // Test Frame Setup // 6 byte header, 2 byte blank SPI, data, 16 byte MAC, FECF @@ -458,10 +471,10 @@ UTEST(AOS_APPLY, AES_CMAC_256_TEST_BITMASK_0) ASSERT_STREQ("CRYPTO_LIB_SUCCESS",error_enum); // Now, byte by byte verify the static frame in memory is what we expect (updated SPI and FECF) - for(int i=0; i < current_managed_parameters->max_frame_size; i++) + for(int i=0; i < current_managed_parameters_struct.max_frame_size; i++) { - // printf("Checking %02x against %02X\n", (uint8_t)test_aos_b[i], (uint8_t)*(truth_aos_b + i)); - ASSERT_EQ((uint8_t)test_aos_b[i], (uint8_t)*(truth_aos_b + i)); + //printf("%d: Checking %02x against %02X\n", i, (uint8_t)test_aos_b[i], (uint8_t)truth_aos_b[i]); + ASSERT_EQ((uint8_t)test_aos_b[i], (uint8_t)truth_aos_b[i]); } free(test_aos_b); @@ -489,7 +502,10 @@ UTEST(AOS_APPLY, AES_GCM) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // AOS Tests - Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786, AOS_NO_FHEC, AOS_NO_IZ, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786, AOS_NO_FHEC, AOS_NO_IZ, 0); + GvcidManagedParameters_t AOS_UT_Managed_Parameters = {1, 0x0003, 0, AOS_HAS_FECF, AOS_NO_FHEC, AOS_NO_IZ, 0, AOS_SEGMENT_HDRS_NA, 1786, AOS_NO_OCF, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(AOS_UT_Managed_Parameters); + status = Crypto_Init(); // Test Frame Setup // 6 byte header, 2 byte blank SPI, 16 byte blank IV (CCC...), data, FECF @@ -526,7 +542,7 @@ UTEST(AOS_APPLY, AES_GCM) ASSERT_STREQ("CRYPTO_LIB_SUCCESS",error_enum); // Now, byte by byte verify the static frame in memory is what we expect (updated SPI and FECF) - for(int i=0; i < current_managed_parameters->max_frame_size; i++) + for(int i=0; i < current_managed_parameters_struct.max_frame_size; i++) { // printf("Checking %02x against %02X\n", (uint8_t)test_aos_b[i], (uint8_t)*(truth_aos_b + i)); ASSERT_EQ((uint8_t)test_aos_b[i], (uint8_t)*(truth_aos_b + i)); @@ -558,7 +574,10 @@ UTEST(AOS_APPLY, AEAD_GCM_BITMASK_1) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // AOS Tests - Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786, AOS_NO_FHEC, AOS_NO_IZ, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786, AOS_NO_FHEC, AOS_NO_IZ, 0); + GvcidManagedParameters_t AOS_UT_Managed_Parameters = {1, 0x0003, 0, AOS_HAS_FECF, AOS_NO_FHEC, AOS_NO_IZ, 0, AOS_SEGMENT_HDRS_NA, 1786, AOS_NO_OCF, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(AOS_UT_Managed_Parameters); + status = Crypto_Init(); // Test Frame Setup // 6 byte header, 2 byte blank SPI, 16 byte blank IV (CCC...), data, MAC, FECF @@ -595,9 +614,9 @@ UTEST(AOS_APPLY, AEAD_GCM_BITMASK_1) ASSERT_STREQ("CRYPTO_LIB_SUCCESS",error_enum); // Now, byte by byte verify the static frame in memory is what we expect (updated SPI and FECF) - for(int i=0; i < current_managed_parameters->max_frame_size; i++) + for(int i=0; i < current_managed_parameters_struct.max_frame_size; i++) { - // printf("Checking %02x against %02X\n", (uint8_t)test_aos_b[i], (uint8_t)*(truth_aos_b + i)); + printf("Checking %02x against %02X\n", (uint8_t)test_aos_b[i], (uint8_t)*(truth_aos_b + i)); ASSERT_EQ((uint8_t)test_aos_b[i], (uint8_t)*(truth_aos_b + i)); } diff --git a/test/unit/ut_aos_process.c b/test/unit/ut_aos_process.c index abc7ae39..f1437808 100644 --- a/test/unit/ut_aos_process.c +++ b/test/unit/ut_aos_process.c @@ -125,7 +125,10 @@ UTEST(AOS_PROCESS, HAPPY_PATH_CLEAR_FECF) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // AOS Tests - Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t AOS_UT_Managed_Parameters = {1, 0x002c, 0, AOS_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, AOS_SEGMENT_HDRS_NA, 1786, AOS_NO_OCF, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(AOS_UT_Managed_Parameters); + status = Crypto_Init(); // Test frame setup @@ -145,9 +148,9 @@ UTEST(AOS_PROCESS, HAPPY_PATH_CLEAR_FECF) ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); // Determine managed parameters by GVCID, which nominally happens in TO status = Crypto_Get_Managed_Parameters_For_Gvcid(aos_frame_pri_hdr.tfvn, aos_frame_pri_hdr.scid, aos_frame_pri_hdr.vcid, - gvcid_managed_parameters, ¤t_managed_parameters); + gvcid_managed_parameters_array, ¤t_managed_parameters_struct); // Now, byte by byte verify the static frame in memory is equivalent to what we started with - for(int i=0; i < current_managed_parameters->max_frame_size; i++) + for(int i=0; i < current_managed_parameters_struct.max_frame_size; i++) { // printf("Checking %02x against %02X\n", (uint8_t)ptr_processed_frame[i], (uint8_t)*(truth_aos_b + i)); ASSERT_EQ((uint8_t)ptr_processed_frame[i], (uint8_t)*(truth_aos_b + i)); @@ -200,7 +203,7 @@ UTEST(AOS_PROCESS, HAPPY_PATH_CLEAR_FECF) // status = Crypto_Get_Managed_Parameters_For_Gvcid(aos_frame_pri_hdr.tfvn, aos_frame_pri_hdr.scid, aos_frame_pri_hdr.vcid, // gvcid_managed_parameters, ¤t_managed_parameters); // // Now, byte by byte verify the static frame in memory is equivalent to what we started with -// for(int i=0; i < current_managed_parameters->max_frame_size; i++) +// for(int i=0; i < current_managed_parameters_struct.max_frame_size; i++) // { // // printf("Checking %02x against %02X\n", aos_frame[i], (uint8_t)*(truth_aos_b + i)); // ASSERT_EQ(ptr_processed_frame[i], (uint8_t)*(truth_aos_b + i)); @@ -232,7 +235,10 @@ UTEST(AOS_PROCESS, INSERT_ZONE_PRESENT_PLAINTEXT) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // AOS Tests - Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786, AOS_NO_FHEC, AOS_HAS_IZ, 10); + //Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786, AOS_NO_FHEC, AOS_HAS_IZ, 10); + GvcidManagedParameters_t AOS_UT_Managed_Parameters = {1, 0x002c, 0, AOS_HAS_FECF, AOS_NO_FHEC, AOS_HAS_IZ, 10, AOS_SEGMENT_HDRS_NA, 1786, AOS_NO_OCF, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(AOS_UT_Managed_Parameters); + status = Crypto_Init(); // Test frame setup | 6 byte hdr | 10 byte insert zn|spi|data -----> FECF @@ -251,12 +257,12 @@ UTEST(AOS_PROCESS, INSERT_ZONE_PRESENT_PLAINTEXT) ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); // Determine managed parameters by GVCID, which nominally happens in TO status = Crypto_Get_Managed_Parameters_For_Gvcid(aos_frame_pri_hdr.tfvn, aos_frame_pri_hdr.scid, aos_frame_pri_hdr.vcid, - gvcid_managed_parameters, ¤t_managed_parameters); + gvcid_managed_parameters_array, ¤t_managed_parameters_struct); // Now, byte by byte verify the static frame in memory is equivalent to what we started with - for(int i=0; i < current_managed_parameters->max_frame_size; i++) + for(int i=0; i < current_managed_parameters_struct.max_frame_size; i++) { - // printf("Checking %02x against %02X\n", ptr_processed_frame[i], (uint8_t)*(truth_aos_b + i)); - ASSERT_EQ(ptr_processed_frame[i], (uint8_t)*(truth_aos_b + i)); + printf("Checking %02x against %02X\n", ptr_processed_frame[i], (uint8_t)*(truth_aos_b + i)); + ASSERT_EQ(ptr_processed_frame[i], (uint8_t)truth_aos_b[i]); } Crypto_Shutdown(); @@ -286,7 +292,9 @@ UTEST(AOS_PROCESS, AES_CMAC_256_TEST_0) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // AOS Tests - Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t AOS_UT_Managed_Parameters = {1, 0x002c, 0, AOS_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, AOS_SEGMENT_HDRS_NA, 1786, AOS_NO_OCF, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(AOS_UT_Managed_Parameters); status = Crypto_Init(); // Test frame setup @@ -314,9 +322,9 @@ UTEST(AOS_PROCESS, AES_CMAC_256_TEST_0) ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); // Determine managed parameters by GVCID, which nominally happens in TO status = Crypto_Get_Managed_Parameters_For_Gvcid(aos_frame_pri_hdr.tfvn, aos_frame_pri_hdr.scid, aos_frame_pri_hdr.vcid, - gvcid_managed_parameters, ¤t_managed_parameters); + gvcid_managed_parameters_array, ¤t_managed_parameters_struct); // Now, byte by byte verify the static frame in memory is equivalent to what we started with - for(int i=0; i < current_managed_parameters->max_frame_size; i++) + for(int i=0; i < current_managed_parameters_struct.max_frame_size; i++) { // printf("Checking %02x against %02X\n", (uint8_t)ptr_processed_frame[i], (uint8_t)*(truth_aos_b + i)); ASSERT_EQ((uint8_t)ptr_processed_frame[i], (uint8_t)*(truth_aos_b + i)); @@ -350,7 +358,9 @@ UTEST(AOS_PROCESS, AES_CMAC_256_TEST_1) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // AOS Tests - Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t AOS_UT_Managed_Parameters = {1, 0x002c, 0, AOS_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, AOS_SEGMENT_HDRS_NA, 1786, AOS_NO_OCF, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(AOS_UT_Managed_Parameters); status = Crypto_Init(); // Test frame setup @@ -371,9 +381,9 @@ UTEST(AOS_PROCESS, AES_CMAC_256_TEST_1) ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); // Determine managed parameters by GVCID, which nominally happens in TO status = Crypto_Get_Managed_Parameters_For_Gvcid(aos_frame_pri_hdr.tfvn, aos_frame_pri_hdr.scid, aos_frame_pri_hdr.vcid, - gvcid_managed_parameters, ¤t_managed_parameters); + gvcid_managed_parameters_array, ¤t_managed_parameters_struct); // Now, byte by byte verify the static frame in memory is equivalent to what we started with - for(int i=0; i < current_managed_parameters->max_frame_size; i++) + for(int i=0; i < current_managed_parameters_struct.max_frame_size; i++) { // printf("Checking %02x against %02X\n", (uint8_t)ptr_processed_frame[i], (uint8_t)*(truth_aos_b + i)); ASSERT_EQ((uint8_t)ptr_processed_frame[i], (uint8_t)*(truth_aos_b + i)); @@ -406,7 +416,9 @@ UTEST(AOS_PROCESS, AES_HMAC_256_TEST_0) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // AOS Tests - Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t AOS_UT_Managed_Parameters = {1, 0x002c, 0, AOS_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, AOS_SEGMENT_HDRS_NA, 1786, AOS_NO_OCF, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(AOS_UT_Managed_Parameters); status = Crypto_Init(); // Test frame setup @@ -435,9 +447,9 @@ UTEST(AOS_PROCESS, AES_HMAC_256_TEST_0) ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); // Determine managed parameters by GVCID, which nominally happens in TO status = Crypto_Get_Managed_Parameters_For_Gvcid(aos_frame_pri_hdr.tfvn, aos_frame_pri_hdr.scid, aos_frame_pri_hdr.vcid, - gvcid_managed_parameters, ¤t_managed_parameters); + gvcid_managed_parameters_array, ¤t_managed_parameters_struct); // Now, byte by byte verify the static frame in memory is equivalent to what we started with - for(int i=0; i < current_managed_parameters->max_frame_size; i++) + for(int i=0; i < current_managed_parameters_struct.max_frame_size; i++) { // printf("Checking %02x against %02X\n", (uint8_t)ptr_processed_frame[i], (uint8_t)*(truth_aos_b + i)); ASSERT_EQ((uint8_t)ptr_processed_frame[i], (uint8_t)*(truth_aos_b + i)); @@ -471,7 +483,9 @@ UTEST(AOS_PROCESS, AES_HMAC_256_TEST_1) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // AOS Tests - Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t AOS_UT_Managed_Parameters = {1, 0x002c, 0, AOS_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, AOS_SEGMENT_HDRS_NA, 1786, AOS_NO_OCF, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(AOS_UT_Managed_Parameters); status = Crypto_Init(); // Test frame setup @@ -499,9 +513,9 @@ UTEST(AOS_PROCESS, AES_HMAC_256_TEST_1) ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); // Determine managed parameters by GVCID, which nominally happens in TO status = Crypto_Get_Managed_Parameters_For_Gvcid(aos_frame_pri_hdr.tfvn, aos_frame_pri_hdr.scid, aos_frame_pri_hdr.vcid, - gvcid_managed_parameters, ¤t_managed_parameters); + gvcid_managed_parameters_array, ¤t_managed_parameters_struct); // Now, byte by byte verify the static frame in memory is equivalent to what we started with - for(int i=0; i < current_managed_parameters->max_frame_size; i++) + for(int i=0; i < current_managed_parameters_struct.max_frame_size; i++) { // printf("Checking %02x against %02X\n", (uint8_t)ptr_processed_frame[i], (uint8_t)*(truth_aos_b + i)); ASSERT_EQ((uint8_t)ptr_processed_frame[i], (uint8_t)*(truth_aos_b + i)); @@ -534,7 +548,9 @@ UTEST(AOS_PROCESS, AES_HMAC_512_TEST_0) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // AOS Tests - Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t AOS_UT_Managed_Parameters = {1, 0x002c, 0, AOS_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, AOS_SEGMENT_HDRS_NA, 1786, AOS_NO_OCF, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(AOS_UT_Managed_Parameters); status = Crypto_Init(); // Test frame setup @@ -563,9 +579,9 @@ UTEST(AOS_PROCESS, AES_HMAC_512_TEST_0) ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); // Determine managed parameters by GVCID, which nominally happens in TO status = Crypto_Get_Managed_Parameters_For_Gvcid(aos_frame_pri_hdr.tfvn, aos_frame_pri_hdr.scid, aos_frame_pri_hdr.vcid, - gvcid_managed_parameters, ¤t_managed_parameters); + gvcid_managed_parameters_array, ¤t_managed_parameters_struct); // Now, byte by byte verify the static frame in memory is equivalent to what we started with - for(int i=0; i < current_managed_parameters->max_frame_size; i++) + for(int i=0; i < current_managed_parameters_struct.max_frame_size; i++) { // printf("Checking %02x against %02X\n", (uint8_t)ptr_processed_frame[i], (uint8_t)*(truth_aos_b + i)); ASSERT_EQ((uint8_t)ptr_processed_frame[i], (uint8_t)*(truth_aos_b + i)); @@ -598,7 +614,9 @@ UTEST(AOS_PROCESS, AES_HMAC_512_TEST_1) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // AOS Tests - Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t AOS_UT_Managed_Parameters = {1, 0x002c, 0, AOS_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, AOS_SEGMENT_HDRS_NA, 1786, AOS_NO_OCF, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(AOS_UT_Managed_Parameters); status = Crypto_Init(); // Test frame setup @@ -626,9 +644,9 @@ UTEST(AOS_PROCESS, AES_HMAC_512_TEST_1) ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); // Determine managed parameters by GVCID, which nominally happens in TO status = Crypto_Get_Managed_Parameters_For_Gvcid(aos_frame_pri_hdr.tfvn, aos_frame_pri_hdr.scid, aos_frame_pri_hdr.vcid, - gvcid_managed_parameters, ¤t_managed_parameters); + gvcid_managed_parameters_array, ¤t_managed_parameters_struct); // Now, byte by byte verify the static frame in memory is equivalent to what we started with - for(int i=0; i < current_managed_parameters->max_frame_size; i++) + for(int i=0; i < current_managed_parameters_struct.max_frame_size; i++) { // printf("Checking %02x against %02X\n", (uint8_t)ptr_processed_frame[i], (uint8_t)*(truth_aos_b + i)); ASSERT_EQ((uint8_t)ptr_processed_frame[i], (uint8_t)*(truth_aos_b + i)); @@ -657,7 +675,10 @@ UTEST(AOS_PROCESS, AES_GCM_DEC_ONLY) IV_INTERNAL, CRYPTO_AOS_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t AOS_UT_Managed_Parameters = {1, 0x002c, 0, AOS_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, AOS_SEGMENT_HDRS_NA, 1786, AOS_NO_OCF, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(AOS_UT_Managed_Parameters); + Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); @@ -680,7 +701,7 @@ UTEST(AOS_PROCESS, AES_GCM_DEC_ONLY) // Determine managed parameters by GVCID, which nominally happens in TO status = Crypto_Get_Managed_Parameters_For_Gvcid(aos_frame_pri_hdr.tfvn, aos_frame_pri_hdr.scid, aos_frame_pri_hdr.vcid, - gvcid_managed_parameters, ¤t_managed_parameters); + gvcid_managed_parameters_array, ¤t_managed_parameters_struct); // Expose/setup SAs for testing SecurityAssociation_t ta; @@ -763,7 +784,9 @@ UTEST(AOS_PROCESS, AEAD_GCM_BITMASK_1) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // AOS Tests - Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t AOS_UT_Managed_Parameters = {1, 0x002c, 0, AOS_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, AOS_SEGMENT_HDRS_NA, 1786, AOS_NO_OCF, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(AOS_UT_Managed_Parameters); status = Crypto_Init(); // Test frame setup @@ -784,9 +807,9 @@ UTEST(AOS_PROCESS, AEAD_GCM_BITMASK_1) ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); // Determine managed parameters by GVCID, which nominally happens in TO status = Crypto_Get_Managed_Parameters_For_Gvcid(aos_frame_pri_hdr.tfvn, aos_frame_pri_hdr.scid, aos_frame_pri_hdr.vcid, - gvcid_managed_parameters, ¤t_managed_parameters); + gvcid_managed_parameters_array, ¤t_managed_parameters_struct); // Now, byte by byte verify the static frame in memory is equivalent to what we started with - for(int i=0; i < current_managed_parameters->max_frame_size; i++) + for(int i=0; i < current_managed_parameters_struct.max_frame_size; i++) { // printf("Checking %02x against %02X\n", (uint8_t)ptr_processed_frame[i], (uint8_t)*(truth_aos_b + i)); ASSERT_EQ((uint8_t)ptr_processed_frame[i], (uint8_t)*(truth_aos_b + i)); diff --git a/test/unit/ut_crypto.c b/test/unit/ut_crypto.c index e4ab24f8..59214e54 100644 --- a/test/unit/ut_crypto.c +++ b/test/unit/ut_crypto.c @@ -58,8 +58,13 @@ UTEST(CRYPTO_C, BAD_CC_FLAG) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_NO_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_NO_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_NO_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_NO_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_NO_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_NO_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 1; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + Crypto_Init(); char* raw_tc_sdls_ping_h = "3003002000ff000100001880d2c9000e197f0b001b0004000400003040d95ea61a"; char* raw_tc_sdls_ping_b = NULL; @@ -93,8 +98,14 @@ UTEST(CRYPTO_C, PDU_SWITCH) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 1; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + Crypto_Init(); sdls_frame.pdu.type = 0; diff --git a/test/unit/ut_crypto_config.c b/test/unit/ut_crypto_config.c index cc4ac833..2ff7d4ca 100644 --- a/test/unit/ut_crypto_config.c +++ b/test/unit/ut_crypto_config.c @@ -44,10 +44,10 @@ UTEST(CRYPTO_CONFIG, CRYPTO_INIT_NO_MANAGED_PARAM_CONFIG) remove("sa_save_file.bin"); int32_t status = CRYPTO_LIB_ERROR; CryptoConfig_t* crypto_config_p = malloc(CRYPTO_CONFIG_SIZE); - GvcidManagedParameters_t* gvcid_managed_paramenters_p = NULL; + GvcidManagedParameters_t gvcid_managed_paramenters_p = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; SadbMariaDBConfig_t* sa_mariadb_config_p = NULL; CryptographyKmcCryptoServiceConfig_t* cryptography_kmc_crypto_config_p = NULL; - status = Crypto_Init_With_Configs(crypto_config_p, gvcid_managed_paramenters_p, sa_mariadb_config_p, cryptography_kmc_crypto_config_p); + status = Crypto_Init_With_Configs(crypto_config_p, &gvcid_managed_paramenters_p, sa_mariadb_config_p, cryptography_kmc_crypto_config_p); free(crypto_config_p); ASSERT_EQ(CRYPTO_MANAGED_PARAM_CONFIGURATION_NOT_COMPLETE, status); } @@ -62,16 +62,15 @@ UTEST(CRYPTO_CONFIG, CRYPTO_INIT_MARIADB_NULL) CryptoConfig_t* crypto_config_p = malloc(CRYPTO_CONFIG_SIZE); crypto_config_p->key_type=KEY_TYPE_INTERNAL; crypto_config_p->mc_type=MC_TYPE_INTERNAL; - GvcidManagedParameters_t* gvcid_managed_paramenters_p = malloc(sizeof(GvcidManagedParameters_t)); - gvcid_managed_paramenters_p->next = NULL; + GvcidManagedParameters_t gvcid_managed_paramenters_p = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1};// = malloc(sizeof(GvcidManagedParameters_t)); + //gvcid_managed_paramenters_p->next = NULL; SadbMariaDBConfig_t* sa_mariadb_config_p = NULL; CryptographyKmcCryptoServiceConfig_t* cryptography_kmc_crypto_config_p = NULL; crypto_config_p->sa_type = SA_TYPE_MARIADB; - status = Crypto_Init_With_Configs(crypto_config_p, gvcid_managed_paramenters_p, sa_mariadb_config_p, cryptography_kmc_crypto_config_p); + status = Crypto_Init_With_Configs(crypto_config_p, &gvcid_managed_paramenters_p, sa_mariadb_config_p, cryptography_kmc_crypto_config_p); free(crypto_config_p); - free(gvcid_managed_paramenters_p); ASSERT_EQ(CRYPTO_MARIADB_CONFIGURATION_NOT_COMPLETE, status); } @@ -126,17 +125,16 @@ UTEST(CRYPTO_CONFIG, CRYPTO_INIT_INVALID_SADB) CryptoConfig_t* crypto_config_p = malloc(CRYPTO_CONFIG_SIZE); crypto_config_p->key_type=KEY_TYPE_INTERNAL; crypto_config_p->mc_type=MC_TYPE_INTERNAL; - GvcidManagedParameters_t* gvcid_managed_paramenters_p = malloc(sizeof(GvcidManagedParameters_t) * sizeof(uint8_t)); - gvcid_managed_paramenters_p->next = NULL; + GvcidManagedParameters_t gvcid_managed_paramenters_p = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1};// = malloc(sizeof(GvcidManagedParameters_t) * sizeof(uint8_t)); + //gvcid_managed_paramenters_p->next = NULL; SadbMariaDBConfig_t* sa_mariadb_config_p = malloc(sizeof(SadbMariaDBConfig_t) * sizeof(uint8_t)); CryptographyKmcCryptoServiceConfig_t* cryptography_kmc_crypto_config_p = NULL; crypto_config_p->sa_type = 99; // Currently an invalid ENUM crypto_config_p->cryptography_type = 99; // Currently an invalid ENUM - status = Crypto_Init_With_Configs(crypto_config_p, gvcid_managed_paramenters_p, sa_mariadb_config_p, cryptography_kmc_crypto_config_p); + status = Crypto_Init_With_Configs(crypto_config_p, &gvcid_managed_paramenters_p, sa_mariadb_config_p, cryptography_kmc_crypto_config_p); free(crypto_config_p); - free(gvcid_managed_paramenters_p); free(sa_mariadb_config_p); ASSERT_EQ(SADB_INVALID_SADB_TYPE, status); } diff --git a/test/unit/ut_mysql_m_tls_connection.c b/test/unit/ut_mysql_m_tls_connection.c index d1deee8e..68b9b3c2 100644 --- a/test/unit/ut_mysql_m_tls_connection.c +++ b/test/unit/ut_mysql_m_tls_connection.c @@ -133,8 +133,13 @@ int32_t Crypto_Init_TC_Unit_Test_For_DB(void) { IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_TRUE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 1; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + status = Crypto_Init(); return status; } diff --git a/test/unit/ut_mysql_tls_connection.c b/test/unit/ut_mysql_tls_connection.c index ac1d0932..4089d5dd 100644 --- a/test/unit/ut_mysql_tls_connection.c +++ b/test/unit/ut_mysql_tls_connection.c @@ -117,8 +117,13 @@ int32_t Crypto_Init_TC_Unit_Test_For_DB(void) { IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_TRUE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 1; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + status = Crypto_Init(); return status; } diff --git a/test/unit/ut_sadb_err_cases_kmc_crypto.c b/test/unit/ut_sadb_err_cases_kmc_crypto.c index 11341beb..a15edfbe 100644 --- a/test/unit/ut_sadb_err_cases_kmc_crypto.c +++ b/test/unit/ut_sadb_err_cases_kmc_crypto.c @@ -51,11 +51,11 @@ UTEST(KMC_CRYPTO, ONLY_KEYED_SA_AVAILABLE_FOR_GVCID) TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); -// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); -// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); -// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 2, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); -// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 3, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 33, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 33, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x002c, 33, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_NO_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + int32_t status = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); @@ -107,7 +107,9 @@ UTEST(KMC_CRYPTO, ONLY_UNKEYED_SA_AVAILABLE_FOR_GVCID) // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 2, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 3, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 32, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 32, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x002c, 32, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_NO_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); int32_t status = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); @@ -159,7 +161,9 @@ UTEST(KMC_CRYPTO, NULL_EKID_BLANK_ECS_ERROR) // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 2, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 3, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 34, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 34, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 34, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_NO_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); int32_t status = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); @@ -211,7 +215,10 @@ UTEST(KMC_CRYPTO, INVALID_ABM_LENGTH_FOR_FRAME_WITH_SEG_HEADERS) // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 2, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 3, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 28, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 28, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x002c, 28, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); int32_t status = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); diff --git a/test/unit/ut_tc_apply.c b/test/unit/ut_tc_apply.c index 4049d91c..03c7f6c9 100644 --- a/test/unit/ut_tc_apply.c +++ b/test/unit/ut_tc_apply.c @@ -43,7 +43,9 @@ UTEST(TC_APPLY_SECURITY, NO_CRYPTO_INIT) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_TRUE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); uint8_t* ptr_enc_frame = NULL; uint16_t enc_frame_len = 0; @@ -313,8 +315,12 @@ UTEST(TC_APPLY_SECURITY, HAPPY_PATH_APPLY_STATIC_IV_ROLLOVER) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 1; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); Crypto_Init(); char* raw_tc_sdls_ping_h = "20030015000080d2c70008197f0b00310000b1fe3128"; char* raw_tc_sdls_ping_b = NULL; @@ -398,12 +404,7 @@ UTEST(TC_APPLY_SECURITY, HAPPY_PATH_APPLY_NONTRANSMITTED_INCREMENTING_ARSN_ROLLO { remove("sa_save_file.bin"); // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, - IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, - TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, - TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Init(); + Crypto_Init_TC_Unit_Test(); char* raw_tc_sdls_ping_h = "20030015000080d2c70008197f0b00310000b1fe3128"; char* raw_tc_sdls_ping_b = NULL; @@ -500,13 +501,7 @@ UTEST(TC_APPLY_SECURITY, BAD_SPACE_CRAFT_ID) { remove("sa_save_file.bin"); // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, - IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, - TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, - TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Init(); + Crypto_Init_TC_Unit_Test(); char* raw_tc_sdls_ping_bad_scid_h = "20010015000080d2c70008197f0b00310000b1fe3128"; char* raw_tc_sdls_ping_bad_scid_b = NULL; int raw_tc_sdls_ping_bad_scid_len = 0; @@ -533,13 +528,7 @@ UTEST(TC_APPLY_SECURITY, BAD_VIRTUAL_CHANNEL_ID) { remove("sa_save_file.bin"); // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, - IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, - TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, - TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Init(); + Crypto_Init_TC_Unit_Test(); char* raw_tc_sdls_ping_bad_vcid_h = "20032015000080d2c70008197f0b00310000b1fe3128"; char* raw_tc_sdls_ping_bad_vcid_b = NULL; int raw_tc_sdls_ping_bad_vcid_len = 0; @@ -567,13 +556,7 @@ UTEST(TC_APPLY_SECURITY, NULL_BUFFER) { remove("sa_save_file.bin"); // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, - IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, - TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, - TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Init(); + Crypto_Init_TC_Unit_Test(); long buffer_size = 0; uint8_t* buffer = NULL; uint16_t buffer_size_i = (uint16_t)buffer_size; @@ -608,7 +591,9 @@ UTEST(TC_APPLY_SECURITY, INVALID_FRAME_SIZE) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 4, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 4, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 0, TC_OCF_NA, 4}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); Crypto_Init(); char* test_frame_pt_h = "2003001c00ff000100001880d03e000a197f0b000300020093d4ba21c4"; @@ -635,7 +620,9 @@ UTEST(TC_APPLY_SECURITY, INVALID_FRAME_SIZE) test_association->shsnf_len = 0; test_association->sa_state = SA_OPERATIONAL; // Reset Managed Parameters for this channel to an invalid maximum - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 2047, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 2047, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters_Reset = {0, 0x0003, 1, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 2047, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters_Reset); // Convert input test frame hex_conversion(long_frame_pt_h, (char**) &long_frame_pt_b, &long_frame_pt_len); // Should fail, as frame length violates the spec max @@ -657,7 +644,9 @@ UTEST(TC_APPLY_SECURITY, ERROR_TC_INPUT_FRAME_TOO_SHORT_FOR_SPEC) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 4, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 4, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 4, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); status = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); @@ -692,7 +681,9 @@ UTEST(TC_APPLY_SECURITY, ERROR_TC_INPUT_FRAME_TOO_SHORT_FOR_SPECIFIED_FRAME_LENG IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 4, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 4, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 4, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); status = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); @@ -728,10 +719,19 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_1BP) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 1; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 2; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 3; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); int32_t return_val = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); @@ -791,10 +791,19 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_16BP) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 1; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 2; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 3; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + int32_t return_val = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); @@ -856,10 +865,19 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_FRAME_MAX) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 1; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 2; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 3; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + int32_t return_val = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); @@ -905,10 +923,18 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_FRAME_TOO_BIG) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 1; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 2; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 3; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); int32_t return_val = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); @@ -950,10 +976,18 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_1BP_1) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 1; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 2; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 3; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); int32_t return_val = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); @@ -1025,10 +1059,18 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_NULL_IV) TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 1; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 2; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 3; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); int32_t return_val = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); @@ -1097,10 +1139,18 @@ UTEST(TC_APPLY_SECURITY, CBC_NULL_IV_W_IVH) TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 1; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 2; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 3; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); int32_t return_val = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); @@ -1172,7 +1222,9 @@ UTEST(TC_APPLY_SECURITY, PLAINTEXT_W_ARSN) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_TRUE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_NO_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); Crypto_Init(); // Test string char* raw_tc_sdls_ping_h = "2003001F00000100011880D2C9000E197F0B001B0004000400003040D95E0000"; diff --git a/test/unit/ut_tc_process.c b/test/unit/ut_tc_process.c index 97fcd622..2b929299 100644 --- a/test/unit/ut_tc_process.c +++ b/test/unit/ut_tc_process.c @@ -39,8 +39,14 @@ UTEST(TC_PROCESS, EXERCISE_IV) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 1; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + + Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* ekp = NULL; @@ -139,8 +145,12 @@ UTEST(TC_PROCESS, EXERCISE_ARSN) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 1; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* akp = NULL; @@ -247,8 +257,12 @@ UTEST(TC_PROCESS, HAPPY_PATH_PROCESS_STATIC_IV_ROLLOVER) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 1; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); @@ -337,8 +351,12 @@ UTEST(TC_PROCESS, HAPPY_PATH_PROCESS_NONTRANSMITTED_INCREMENTING_IV_ROLLOVER) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 1; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); @@ -438,8 +456,12 @@ UTEST(TC_PROCESS, HAPPY_PATH_PROCESS_NONTRANSMITTED_INCREMENTING_ARSN_ROLLOVER) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_FALSE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 1; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); @@ -529,7 +551,9 @@ UTEST(TC_PROCESS, ERROR_TC_INPUT_FRAME_TOO_SHORT_FOR_SPEC) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 4, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 4, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); status = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); @@ -567,7 +591,9 @@ UTEST(TC_PROCESS, ERROR_TC_INPUT_FRAME_TOO_SHORT_FOR_SPECIFIED_FRAME_LENGTH_HEAD IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 4, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 4, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); status = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); @@ -605,8 +631,9 @@ UTEST(TC_PROCESS, HAPPY_PATH_DECRYPT_CBC) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); status = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); @@ -664,10 +691,19 @@ UTEST(TC_PROCESS, DECRYPT_CBC_1B) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 1; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 2; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 3; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); int32_t status = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); @@ -724,10 +760,19 @@ UTEST(TC_PROCESS, DECRYPT_CBC_16B) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 1; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 2; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 3; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); int32_t status = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); @@ -787,8 +832,17 @@ UTEST(TC_PROCESS, GCM_IV_AND_ARSN) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_FALSE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_NO_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_NO_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_NO_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_NO_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_NO_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 1; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 2; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + TC_UT_Managed_Parameters.vcid = 3; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* ekp = NULL; diff --git a/test/unit/ut_tm_apply.c b/test/unit/ut_tm_apply.c index 212e95fe..5db33e89 100644 --- a/test/unit/ut_tm_apply.c +++ b/test/unit/ut_tm_apply.c @@ -152,13 +152,13 @@ UTEST(TM_APPLY_SECURITY, HAPPY_PATH_CLEAR_FECF) // Determine managed parameters by GVCID, which nominally happens in TO status = Crypto_Get_Managed_Parameters_For_Gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, - gvcid_managed_parameters, ¤t_managed_parameters); + gvcid_managed_parameters_array, ¤t_managed_parameters_struct); status = Crypto_TM_ApplySecurity((uint8_t*)framed_tm_b); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); // Now, byte by byte verify the static frame in memory is equivalent to what we started with - for(int i=0; i < current_managed_parameters->max_frame_size; i++) + for(int i=0; i < current_managed_parameters_struct.max_frame_size; i++) { // printf("Checking %02x against %02X\n", (uint8_t)framed_tm_b[i], (uint8_t)*(truth_tm_b + i)); ASSERT_EQ((uint8_t)framed_tm_b[i], (uint8_t)*(truth_tm_b + i)); @@ -189,7 +189,9 @@ UTEST(TM_APPLY_SECURITY, HAPPY_PATH_CLEAR_FECF_LEFT_BLANK) IV_INTERNAL, CRYPTO_TM_CREATE_FECF_FALSE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TM_CHECK_FECF_FALSE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, TM_NO_OCF, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); status = Crypto_Init(); // Test frame setup @@ -218,13 +220,13 @@ UTEST(TM_APPLY_SECURITY, HAPPY_PATH_CLEAR_FECF_LEFT_BLANK) // Determine managed parameters by GVCID, which nominally happens in TO status = Crypto_Get_Managed_Parameters_For_Gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, - gvcid_managed_parameters, ¤t_managed_parameters); + gvcid_managed_parameters_array, ¤t_managed_parameters_struct); status = Crypto_TM_ApplySecurity((uint8_t*)framed_tm_b); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); // Now, byte by byte verify the static frame in memory is equivalent to what we started with - for(int i=0; i < current_managed_parameters->max_frame_size; i++) + for(int i=0; i < current_managed_parameters_struct.max_frame_size; i++) { // printf("Checking %02x against %02X\n", (uint8_t)framed_tm_b[i], (uint8_t)*(truth_tm_b + i)); ASSERT_EQ((uint8_t)framed_tm_b[i], (uint8_t)*(truth_tm_b + i)); @@ -254,7 +256,10 @@ UTEST(TM_APPLY_SECURITY, SECONDARY_HDR_PRESENT_PLAINTEXT) IV_INTERNAL, CRYPTO_TM_CREATE_FECF_FALSE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TM_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_NO_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_NO_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x002c, 0, TM_NO_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TM_SEGMENT_HDRS_NA, 1024, TM_NO_OCF, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + status = Crypto_Init(); // Test frame setup @@ -284,13 +289,13 @@ UTEST(TM_APPLY_SECURITY, SECONDARY_HDR_PRESENT_PLAINTEXT) // Determine managed parameters by GVCID, which nominally happens in TO status = Crypto_Get_Managed_Parameters_For_Gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, - gvcid_managed_parameters, ¤t_managed_parameters); + gvcid_managed_parameters_array, ¤t_managed_parameters_struct); status = Crypto_TM_ApplySecurity((uint8_t*)framed_tm_b); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); // Now, byte by byte verify the static frame in memory is equivalent to what we started with - for(int i=0; i < current_managed_parameters->max_frame_size; i++) + for(int i=0; i < current_managed_parameters_struct.max_frame_size; i++) { // printf("Checking %02x against %02X\n", (uint8_t)framed_tm_b[i], (uint8_t)*(truth_tm_b + i)); ASSERT_EQ((uint8_t)framed_tm_b[i], (uint8_t)*(truth_tm_b + i)); @@ -361,13 +366,13 @@ UTEST(TM_APPLY_SECURITY, SECONDARY_HDR_PRESENT_MAC) // Determine managed parameters by GVCID, which nominally happens in TO status = Crypto_Get_Managed_Parameters_For_Gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, - gvcid_managed_parameters, ¤t_managed_parameters); + gvcid_managed_parameters_array, ¤t_managed_parameters_struct); status = Crypto_TM_ApplySecurity((uint8_t*)framed_tm_b); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); // Now, byte by byte verify the static frame in memory is equivalent to what we started with - for(int i=0; i < current_managed_parameters->max_frame_size; i++) + for(int i=0; i < current_managed_parameters_struct.max_frame_size; i++) { // printf("Checking %02x against %02X\n", (uint8_t)framed_tm_b[i], (uint8_t)*(truth_tm_b + i)); ASSERT_EQ((uint8_t)framed_tm_b[i], (uint8_t)*(truth_tm_b + i)); @@ -393,7 +398,9 @@ UTEST(TM_APPLY_SECURITY, AES_CMAC_256_TEST_0) IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x002c, 0, TM_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TM_SEGMENT_HDRS_NA, 1786, TM_NO_OCF, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); status = Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); @@ -443,7 +450,7 @@ UTEST(TM_APPLY_SECURITY, AES_CMAC_256_TEST_0) // Determine managed parameters by GVCID, which nominally happens in TO status = Crypto_Get_Managed_Parameters_For_Gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, - gvcid_managed_parameters, ¤t_managed_parameters); + gvcid_managed_parameters_array, ¤t_managed_parameters_struct); status = Crypto_TM_ApplySecurity((uint8_t*)framed_tm_b); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); @@ -453,9 +460,9 @@ UTEST(TM_APPLY_SECURITY, AES_CMAC_256_TEST_0) // 2) SPI is set correctly // 3) MAC is calculated and placed correctly // 4) FECF is re-calculated and updated - for (int i = 0; i < current_managed_parameters->max_frame_size; i++) + for (int i = 0; i < current_managed_parameters_struct.max_frame_size; i++) { - // printf("Index %d: Checking %02x against %02X\n", i, (uint8_t)framed_tm_b[i], (uint8_t)*(truth_tm_b + i)); + printf("Index %d: Checking %02x against %02X\n", i, (uint8_t)framed_tm_b[i], (uint8_t)*(truth_tm_b + i)); ASSERT_EQ((uint8_t)framed_tm_b[i], (uint8_t)*(truth_tm_b + i)); } @@ -481,7 +488,9 @@ UTEST(TM_APPLY_SECURITY, AES_CMAC_256_TEST_1) IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x002c, 0, TM_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TM_SEGMENT_HDRS_NA, 1786, TM_NO_OCF, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); status = Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); @@ -536,7 +545,7 @@ UTEST(TM_APPLY_SECURITY, AES_CMAC_256_TEST_1) // Determine managed parameters by GVCID, which nominally happens in TO status = Crypto_Get_Managed_Parameters_For_Gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, - gvcid_managed_parameters, ¤t_managed_parameters); + gvcid_managed_parameters_array, ¤t_managed_parameters_struct); // Determine security association by GVCID, which nominally happens in TO // status = sa_if->sa_get_operational_sa_from_gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, map_id, &sa_ptr); @@ -548,7 +557,7 @@ UTEST(TM_APPLY_SECURITY, AES_CMAC_256_TEST_1) // 2) SPI is set correctly // 3) MAC is calculated and placed correctly // 4) FECF is re-calculated and updated - for (int i = 0; i < current_managed_parameters->max_frame_size; i++) + for (int i = 0; i < current_managed_parameters_struct.max_frame_size; i++) { // printf("Index %d: Checking %02x against %02X\n", i, (uint8_t)framed_tm_b[i], (uint8_t)*(truth_tm_b + i)); ASSERT_EQ((uint8_t)framed_tm_b[i], (uint8_t)*(truth_tm_b + i)); @@ -575,7 +584,9 @@ UTEST(TM_APPLY_ENC_VAL, AES_HMAC_SHA_256_TEST_0) IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x002c, 0, TM_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TM_SEGMENT_HDRS_NA, 1786, TM_NO_OCF, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); status = Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); @@ -625,7 +636,7 @@ UTEST(TM_APPLY_ENC_VAL, AES_HMAC_SHA_256_TEST_0) // Determine managed parameters by GVCID, which nominally happens in TO status = Crypto_Get_Managed_Parameters_For_Gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, - gvcid_managed_parameters, ¤t_managed_parameters); + gvcid_managed_parameters_array, ¤t_managed_parameters_struct); status = Crypto_TM_ApplySecurity((uint8_t*)framed_tm_b); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); @@ -635,7 +646,7 @@ UTEST(TM_APPLY_ENC_VAL, AES_HMAC_SHA_256_TEST_0) // 2) SPI is set correctly // 3) MAC is calculated and placed correctly // 4) FECF is re-calculated and updated - for (int i = 0; i < current_managed_parameters->max_frame_size; i++) + for (int i = 0; i < current_managed_parameters_struct.max_frame_size; i++) { // printf("Index %d: Checking %02x against %02X\n", i, (uint8_t)framed_tm_b[i], (uint8_t)*(truth_tm_b + i)); ASSERT_EQ((uint8_t)framed_tm_b[i], (uint8_t)*(truth_tm_b + i)); @@ -662,7 +673,9 @@ UTEST(TM_APPLY_ENC_VAL, AES_HMAC_SHA_256_TEST_1) IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x002c, 0, TM_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TM_SEGMENT_HDRS_NA, 1786, TM_NO_OCF, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); status = Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); @@ -713,7 +726,7 @@ UTEST(TM_APPLY_ENC_VAL, AES_HMAC_SHA_256_TEST_1) // Determine managed parameters by GVCID, which nominally happens in TO status = Crypto_Get_Managed_Parameters_For_Gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, - gvcid_managed_parameters, ¤t_managed_parameters); + gvcid_managed_parameters_array, ¤t_managed_parameters_struct); status = Crypto_TM_ApplySecurity((uint8_t*)framed_tm_b); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); @@ -723,7 +736,7 @@ UTEST(TM_APPLY_ENC_VAL, AES_HMAC_SHA_256_TEST_1) // 2) SPI is set correctly // 3) MAC is calculated and placed correctly // 4) FECF is re-calculated and updated - for (int i = 0; i < current_managed_parameters->max_frame_size; i++) + for (int i = 0; i < current_managed_parameters_struct.max_frame_size; i++) { // printf("Index %d: Checking %02x against %02X\n", i, (uint8_t)framed_tm_b[i], (uint8_t)*(truth_tm_b + i)); ASSERT_EQ((uint8_t)framed_tm_b[i], (uint8_t)*(truth_tm_b + i)); @@ -750,7 +763,9 @@ UTEST(TM_APPLY_ENC_VAL, AES_HMAC_SHA_512_TEST_0) IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x002c, 0, TM_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TM_SEGMENT_HDRS_NA, 1786, TM_NO_OCF, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); status = Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); @@ -806,7 +821,7 @@ UTEST(TM_APPLY_ENC_VAL, AES_HMAC_SHA_512_TEST_0) // Determine managed parameters by GVCID, which nominally happens in TO status = Crypto_Get_Managed_Parameters_For_Gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, - gvcid_managed_parameters, ¤t_managed_parameters); + gvcid_managed_parameters_array, ¤t_managed_parameters_struct); // Determine security association by GVCID, which nominally happens in TO // status = sa_if->sa_get_operational_sa_from_gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, map_id, &sa_ptr); @@ -818,7 +833,7 @@ UTEST(TM_APPLY_ENC_VAL, AES_HMAC_SHA_512_TEST_0) // 2) SPI is set correctly // 3) MAC is calculated and placed correctly // 4) FECF is re-calculated and updated - for (int i = 0; i < current_managed_parameters->max_frame_size; i++) + for (int i = 0; i < current_managed_parameters_struct.max_frame_size; i++) { if (framed_tm_b[i] != truth_tm_b[i]) { @@ -848,7 +863,9 @@ UTEST(TM_APPLY_ENC_VAL, AES_HMAC_SHA_512_TEST_1) IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x002c, 0, TM_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TM_SEGMENT_HDRS_NA, 1786, TM_NO_OCF, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); status = Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); @@ -904,7 +921,7 @@ UTEST(TM_APPLY_ENC_VAL, AES_HMAC_SHA_512_TEST_1) // Determine managed parameters by GVCID, which nominally happens in TO status = Crypto_Get_Managed_Parameters_For_Gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, - gvcid_managed_parameters, ¤t_managed_parameters); + gvcid_managed_parameters_array, ¤t_managed_parameters_struct); status = Crypto_TM_ApplySecurity((uint8_t*)framed_tm_b); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); @@ -914,7 +931,7 @@ UTEST(TM_APPLY_ENC_VAL, AES_HMAC_SHA_512_TEST_1) // 2) SPI is set correctly // 3) MAC is calculated and placed correctly // 4) FECF is re-calculated and updated - for (int i = 0; i < current_managed_parameters->max_frame_size; i++) + for (int i = 0; i < current_managed_parameters_struct.max_frame_size; i++) { // printf("Index %d: Checking %02x against %02X\n", i, (uint8_t)framed_tm_b[i], (uint8_t)*(truth_tm_b + i)); ASSERT_EQ((uint8_t)framed_tm_b[i], (uint8_t)*(truth_tm_b + i)); @@ -937,7 +954,9 @@ UTEST(TM_APPLY_ENC_VAL, AES_GCM_BITMASK_1) IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x002c, 0, TM_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TM_SEGMENT_HDRS_NA, 1786, TM_NO_OCF, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); @@ -1032,7 +1051,9 @@ UTEST(TM_APPLY_ENC_VAL, AEAD_AES_GCM_BITMASK_1) IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x002c, 0, TM_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TM_SEGMENT_HDRS_NA, 1786, TM_NO_OCF, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); diff --git a/test/unit/ut_tm_process.c b/test/unit/ut_tm_process.c index 2b971dc0..dbf817c4 100644 --- a/test/unit/ut_tm_process.c +++ b/test/unit/ut_tm_process.c @@ -25,6 +25,7 @@ #include "sa_interface.h" #include "utest.h" + /** * @brief Unit Test: No Crypto_Init() * @@ -47,7 +48,11 @@ UTEST(TM_PROCESS_SECURITY, NO_CRYPTO_INIT) IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_TRUE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + //GvcidManagedParameters_t TM_UT_Managed_Parameters = {0, 0x002c, 0, TM_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TM_SEGMENT_HDRS_NA, 1786, TM_NO_OCF}; + GvcidManagedParameters_t TM_UT_Managed_Parameters = {0, 0x002c, 0, TM_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TM_SEGMENT_HDRS_NA, 1786, TM_NO_OCF, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TM_UT_Managed_Parameters); + + //Crypto_Config_Add_Gvcid_Managed_Parameters(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); // Determine managed parameters by GVCID, which nominally happens in TO // status = Crypto_Get_Managed_Parameters_For_Gvcid(((uint8_t)framed_tm_b[0] & 0xC0) >> 6, @@ -126,7 +131,9 @@ UTEST(TM_PROCESS_SECURITY, HAPPY_PATH_CLEAR_FECF) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TM_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // TM Tests - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TM_UT_Managed_Parameters = {0, 0x002c, 0, TM_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TM_SEGMENT_HDRS_NA, 1786, TM_NO_OCF, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TM_UT_Managed_Parameters); + //Crypto_Config_Add_Gvcid_Managed_Parameters(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); // Test frame setup @@ -146,9 +153,9 @@ UTEST(TM_PROCESS_SECURITY, HAPPY_PATH_CLEAR_FECF) ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); // Determine managed parameters by GVCID, which nominally happens in TO status = Crypto_Get_Managed_Parameters_For_Gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, - gvcid_managed_parameters, ¤t_managed_parameters); + gvcid_managed_parameters_array, ¤t_managed_parameters_struct); // Now, byte by byte verify the static frame in memory is equivalent to what we started with - for(int i=0; i < current_managed_parameters->max_frame_size; i++) + for(int i=0; i < current_managed_parameters_struct.max_frame_size; i++) { // printf("Checking %02x against %02X\n", (uint8_t)ptr_processed_frame[i], (uint8_t)*(truth_tm_b + i)); ASSERT_EQ((uint8_t)ptr_processed_frame[i], (uint8_t)*(truth_tm_b + i)); @@ -180,7 +187,11 @@ UTEST(TM_PROCESS_SECURITY, SECONDARY_HDR_PRESENT_PLAINTEXT) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TM_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // TM Tests - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TM_UT_Managed_Parameters = {0, 0x002c, 0, TM_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TM_SEGMENT_HDRS_NA, 1786, TM_NO_OCF, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TM_UT_Managed_Parameters); + + //Crypto_Config_Add_Gvcid_Managed_Parameters(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + status = Crypto_Init(); // Test frame setup @@ -199,9 +210,9 @@ UTEST(TM_PROCESS_SECURITY, SECONDARY_HDR_PRESENT_PLAINTEXT) ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); // Determine managed parameters by GVCID, which nominally happens in TO status = Crypto_Get_Managed_Parameters_For_Gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, - gvcid_managed_parameters, ¤t_managed_parameters); + gvcid_managed_parameters_array, ¤t_managed_parameters_struct); // Now, byte by byte verify the static frame in memory is equivalent to what we started with - for(int i=0; i < current_managed_parameters->max_frame_size; i++) + for(int i=0; i < current_managed_parameters_struct.max_frame_size; i++) { // printf("Checking %02x against %02X\n", tm_frame[i], (uint8_t)*(truth_tm_b + i)); ASSERT_EQ(ptr_processed_frame[i], (uint8_t)*(truth_tm_b + i)); @@ -235,7 +246,11 @@ UTEST(TM_PROCESS_SECURITY, SECONDARY_HDR_PRESENT_MAC) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TM_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // TM Tests - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TM_UT_Managed_Parameters = {0, 0x002c, 0, TM_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TM_SEGMENT_HDRS_NA, 1786, TM_NO_OCF, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TM_UT_Managed_Parameters); + + //Crypto_Config_Add_Gvcid_Managed_Parameters(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + status = Crypto_Init(); // Test frame setup @@ -285,7 +300,7 @@ UTEST(TM_PROCESS_SECURITY, SECONDARY_HDR_PRESENT_MAC) status = Crypto_TM_ProcessSecurity((uint8_t* )framed_tm_b, framed_tm_len, &ptr_processed_frame, &processed_tm_len); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); // Now, byte by byte verify the static frame in memory is equivalent to what we started with - for(int i=0; i < current_managed_parameters->max_frame_size; i++) + for(int i=0; i < current_managed_parameters_struct.max_frame_size; i++) { // printf("Checking %02x against %02X\n", ptr_processed_frame[i], (uint8_t)*(truth_tm_b + i)); ASSERT_EQ(ptr_processed_frame[i], (uint8_t)*(truth_tm_b + i)); @@ -315,7 +330,10 @@ UTEST(TM_PROCESS_SECURITY, AES_CMAC_256_TEST_0) IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TM_UT_Managed_Parameters = {0, 0x002c, 0, TM_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TM_SEGMENT_HDRS_NA, 1786, TM_NO_OCF, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TM_UT_Managed_Parameters); + + //Crypto_Config_Add_Gvcid_Managed_Parameters(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); @@ -363,7 +381,7 @@ UTEST(TM_PROCESS_SECURITY, AES_CMAC_256_TEST_0) // Determine managed parameters by GVCID, which nominally happens in TO status = Crypto_Get_Managed_Parameters_For_Gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, - gvcid_managed_parameters, ¤t_managed_parameters); + gvcid_managed_parameters_array, ¤t_managed_parameters_struct); // Determine security association by GVCID, which nominally happens in TO // status = sa_if->sa_get_operational_sa_from_gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, map_id, &sa_ptr); @@ -378,7 +396,7 @@ UTEST(TM_PROCESS_SECURITY, AES_CMAC_256_TEST_0) // 2) SPI is set correctly // 3) MAC is calculated and placed correctly // 4) FECF is re-calculated and updated - for (int i = 0; i < current_managed_parameters->max_frame_size; i++) + for (int i = 0; i < current_managed_parameters_struct.max_frame_size; i++) { // printf("Checking %02x against %02X\n", ptr_processed_frame[i], (uint8_t)*(truth_tm_b + i)); ASSERT_EQ(ptr_processed_frame[i], (uint8_t)*(truth_tm_b + i)); @@ -409,7 +427,10 @@ UTEST(TM_PROCESS_SECURITY, AES_CMAC_256_TEST_1) IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TM_UT_Managed_Parameters = {0, 0x002c, 0, TM_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TM_SEGMENT_HDRS_NA, 1786, TM_NO_OCF, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TM_UT_Managed_Parameters); + + //Crypto_Config_Add_Gvcid_Managed_Parameters(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); @@ -459,7 +480,7 @@ UTEST(TM_PROCESS_SECURITY, AES_CMAC_256_TEST_1) // Determine managed parameters by GVCID, which nominally happens in TO status = Crypto_Get_Managed_Parameters_For_Gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, - gvcid_managed_parameters, ¤t_managed_parameters); + gvcid_managed_parameters_array, ¤t_managed_parameters_struct); // Determine security association by GVCID, which nominally happens in TO // status = sa_if->sa_get_operational_sa_from_gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, map_id, &sa_ptr); @@ -474,7 +495,7 @@ UTEST(TM_PROCESS_SECURITY, AES_CMAC_256_TEST_1) // 2) SPI is zeroed // 3) MAC is zeroed // 4) FECF is zeroed - for (int i = 0; i < current_managed_parameters->max_frame_size; i++) + for (int i = 0; i < current_managed_parameters_struct.max_frame_size; i++) { // printf("Checking %02x against %02X\n", ptr_processed_frame[i], (uint8_t)*(truth_tm_b + i)); ASSERT_EQ(ptr_processed_frame[i], (uint8_t)*(truth_tm_b + i)); @@ -504,7 +525,10 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_256_TEST_0) IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TM_UT_Managed_Parameters = {0, 0x002c, 0, TM_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TM_SEGMENT_HDRS_NA, 1786, TM_NO_OCF, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TM_UT_Managed_Parameters); + + //Crypto_Config_Add_Gvcid_Managed_Parameters(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); @@ -553,7 +577,7 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_256_TEST_0) // Determine managed parameters by GVCID, which nominally happens in TO status = Crypto_Get_Managed_Parameters_For_Gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, - gvcid_managed_parameters, ¤t_managed_parameters); + gvcid_managed_parameters_array, ¤t_managed_parameters_struct); // Determine security association by GVCID, which nominally happens in TO // status = sa_if->sa_get_operational_sa_from_gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, map_id, &sa_ptr); @@ -568,7 +592,7 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_256_TEST_0) // 2) SPI is set correctly // 3) MAC is calculated and placed correctly // 4) FECF is re-calculated and updated - for (int i = 0; i < current_managed_parameters->max_frame_size; i++) + for (int i = 0; i < current_managed_parameters_struct.max_frame_size; i++) { // printf("Checking %02x against %02X\n", ptr_processed_frame[i], (uint8_t)*(truth_tm_b + i)); ASSERT_EQ(ptr_processed_frame[i], (uint8_t)*(truth_tm_b + i)); @@ -598,7 +622,10 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_256_TEST_1) IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TM_UT_Managed_Parameters = {0, 0x002c, 0, TM_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TM_SEGMENT_HDRS_NA, 1786, TM_NO_OCF, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TM_UT_Managed_Parameters); + + //Crypto_Config_Add_Gvcid_Managed_Parameters(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); @@ -647,7 +674,7 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_256_TEST_1) // Determine managed parameters by GVCID, which nominally happens in TO status = Crypto_Get_Managed_Parameters_For_Gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, - gvcid_managed_parameters, ¤t_managed_parameters); + gvcid_managed_parameters_array, ¤t_managed_parameters_struct); // Determine security association by GVCID, which nominally happens in TO // status = sa_if->sa_get_operational_sa_from_gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, map_id, &sa_ptr); @@ -662,7 +689,7 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_256_TEST_1) // 2) SPI is set correctly // 3) MAC is calculated and placed correctly // 4) FECF is re-calculated and updated - for (int i = 0; i < current_managed_parameters->max_frame_size; i++) + for (int i = 0; i < current_managed_parameters_struct.max_frame_size; i++) { // printf("Checking %02x against %02X\n", ptr_processed_frame[i], (uint8_t)*(truth_tm_b + i)); ASSERT_EQ(ptr_processed_frame[i], (uint8_t)*(truth_tm_b + i)); @@ -692,7 +719,11 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_512_TEST_0) IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TM_UT_Managed_Parameters = {0, 0x002c, 0, TM_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TM_SEGMENT_HDRS_NA, 1786, TM_NO_OCF, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TM_UT_Managed_Parameters); + + + //Crypto_Config_Add_Gvcid_Managed_Parameters(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); @@ -746,7 +777,7 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_512_TEST_0) // Determine managed parameters by GVCID, which nominally happens in TO status = Crypto_Get_Managed_Parameters_For_Gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, - gvcid_managed_parameters, ¤t_managed_parameters); + gvcid_managed_parameters_array, ¤t_managed_parameters_struct); // Determine security association by GVCID, which nominally happens in TO // status = sa_if->sa_get_operational_sa_from_gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, map_id, &sa_ptr); @@ -761,7 +792,7 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_512_TEST_0) // 2) SPI is set correctly // 3) MAC is calculated and placed correctly // 4) FECF is re-calculated and updated - for (int i = 0; i < current_managed_parameters->max_frame_size; i++) + for (int i = 0; i < current_managed_parameters_struct.max_frame_size; i++) { // printf("Checking %02x against %02X\n", ptr_processed_frame[i], (uint8_t)*(truth_tm_b + i)); ASSERT_EQ(ptr_processed_frame[i], (uint8_t)*(truth_tm_b + i)); @@ -791,7 +822,11 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_512_TEST_1) IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TM_UT_Managed_Parameters = {0, 0x002c, 0, TM_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TM_SEGMENT_HDRS_NA, 1786, TM_NO_OCF,1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TM_UT_Managed_Parameters); + + + //Crypto_Config_Add_Gvcid_Managed_Parameters(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); @@ -845,7 +880,7 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_512_TEST_1) // Determine managed parameters by GVCID, which nominally happens in TO status = Crypto_Get_Managed_Parameters_For_Gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, - gvcid_managed_parameters, ¤t_managed_parameters); + gvcid_managed_parameters_array, ¤t_managed_parameters_struct); // Determine security association by GVCID, which nominally happens in TO // status = sa_if->sa_get_operational_sa_from_gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, map_id, &sa_ptr); @@ -860,7 +895,7 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_512_TEST_1) // 2) SPI is set correctly // 3) MAC is calculated and placed correctly // 4) FECF is re-calculated and updated - for (int i = 0; i < current_managed_parameters->max_frame_size; i++) + for (int i = 0; i < current_managed_parameters_struct.max_frame_size; i++) { // printf("Checking %02x against %02X\n", ptr_processed_frame[i], (uint8_t)*(truth_tm_b + i)); ASSERT_EQ(ptr_processed_frame[i], (uint8_t)*(truth_tm_b + i)); @@ -890,7 +925,10 @@ UTEST(TM_PROCESS_ENC_VAL, AES_GCM_BITMASK_1) IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TM_UT_Managed_Parameters = {0, 0x002c, 0, TM_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TM_SEGMENT_HDRS_NA, 1786, TM_NO_OCF, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TM_UT_Managed_Parameters); + + //Crypto_Config_Add_Gvcid_Managed_Parameters(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); @@ -914,7 +952,7 @@ UTEST(TM_PROCESS_ENC_VAL, AES_GCM_BITMASK_1) // Determine managed parameters by GVCID, which nominally happens in TO status = Crypto_Get_Managed_Parameters_For_Gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, - gvcid_managed_parameters, ¤t_managed_parameters); + gvcid_managed_parameters_array, ¤t_managed_parameters_struct); // Expose/setup SAs for testing SecurityAssociation_t ta; @@ -994,7 +1032,10 @@ UTEST(TM_PROCESS_ENC_VAL, AEAD_AES_GCM_BITMASK_1) IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TM_UT_Managed_Parameters = {0, 0x002c, 0, TM_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TM_SEGMENT_HDRS_NA, 1786, TM_NO_OCF, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TM_UT_Managed_Parameters); + + //Crypto_Config_Add_Gvcid_Managed_Parameters(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); SaInterface sa_if = get_sa_interface_inmemory(); @@ -1018,7 +1059,7 @@ UTEST(TM_PROCESS_ENC_VAL, AEAD_AES_GCM_BITMASK_1) // Determine managed parameters by GVCID, which nominally happens in TO status = Crypto_Get_Managed_Parameters_For_Gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, - gvcid_managed_parameters, ¤t_managed_parameters); + gvcid_managed_parameters_array, ¤t_managed_parameters_struct); // Expose/setup SAs for testing SecurityAssociation_t ta; From e6086bf79979c509482e069cf68b814688a22e40 Mon Sep 17 00:00:00 2001 From: Donnie-Ice Date: Mon, 29 Jul 2024 15:11:37 +0000 Subject: [PATCH 088/174] [nasa/cryptolib#197] AES_GCM_SIV Code Cleanup --- src/core/crypto.c | 2 +- test/unit/ut_aes_gcm_siv.c | 140 +++++++++++++------------------------ 2 files changed, 50 insertions(+), 92 deletions(-) diff --git a/src/core/crypto.c b/src/core/crypto.c index 9b03343b..43991951 100644 --- a/src/core/crypto.c +++ b/src/core/crypto.c @@ -913,7 +913,7 @@ int32_t Crypto_Check_Anti_Replay_ARSNW(SecurityAssociation_t* sa_ptr, uint8_t* a int32_t Crypto_Check_Anti_Replay_GCM(SecurityAssociation_t* sa_ptr, uint8_t* iv, int8_t* iv_valid) { int32_t status = CRYPTO_LIB_SUCCESS; - if ((sa_ptr->iv_len > 0) && (sa_ptr->ecs == CRYPTO_CIPHER_AES256_GCM || sa_ptr->ecs == CRYPTO_CIPHER_AES256_GCM_SIV)) + if ((sa_ptr->iv_len > 0) && (sa_ptr->ecs == CRYPTO_CIPHER_AES256_GCM)) { // Check IV is in ARSNW if(crypto_config.crypto_increment_nontransmitted_iv == SA_INCREMENT_NONTRANSMITTED_IV_TRUE) diff --git a/test/unit/ut_aes_gcm_siv.c b/test/unit/ut_aes_gcm_siv.c index ad8dc6f4..8610ffdd 100644 --- a/test/unit/ut_aes_gcm_siv.c +++ b/test/unit/ut_aes_gcm_siv.c @@ -48,22 +48,7 @@ UTEST(AES_GCM_SIV, GET_ECS_ALGO_SIV) libgcrypt_algo = cryptography_if->cryptography_get_ecs_algo(crypto_algo); ASSERT_EQ(libgcrypt_algo, 9); Crypto_Shutdown(); -} - -// char* raw_tc_sdls_ping_h = "20030015000080d2c70008197f0b00310000b1fe3128"; -// // 02003001500 = Primary Header -// // 0010 0000 0000 0011 0000 0000 0001 0101 0000 0000 = Header in Bits -// // [0-1] = TFVN = 00 -// // [2] = Bypass Flag = 1 -// // [3] = Control Command Flag = 0 -// // [4-5] = RSVD Spare = 00 -// // [6-15] = SCID = 00 0000 0011 = 3 -// // [16-21] = VCID = 0000 00 -// // [22-31] = Frame Length = 00 0001 0101 = 21 -// // [32-39] = Frame Sequence Number = 0000 0000 -// // 0080d2c70008197f0b00310000b1fe3128 = data -// // 0000 0000 1000 0000 1101 0010 1100 0111 0000 0000 0000 1000 0001 1001 0111 1111 0000 1011 0000 0000 0011 0001 0000 0000 0000 0000 1011 0001 1111 1110 0011 0001 0010 1000 -// // +} /** * @brief Validation Test: AEAD_AES_256_GCM_SIV Test Vectors @@ -77,7 +62,6 @@ UTEST(AES_GCM_SIV, AES_GCM_SIV_256_KEY_32_PT_8_ENC_TEST_1) uint8_t* ptr_enc_frame = NULL; uint16_t enc_frame_len = 0; // Setup & Initialize CryptoLib - // Crypto_Init_TC_Unit_Test(); Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, @@ -174,19 +158,19 @@ UTEST(AES_GCM_SIV, AES_GCM_SIV_256_KEY_32_PT_8_DEC_TEST_1) SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* ekp = NULL; - // NIST supplied vectors + // rfc supplied vectors // NOTE: Added Transfer Frame header to the plaintext - char* buffer_nist_key_h = "0100000000000000000000000000000000000000000000000000000000000000"; - char* buffer_nist_pt_h = "2003000c000100000000000000"; - char* buffer_nist_aad_h = ""; - char* buffer_nist_nonce_h = "030000000000000000000000"; - char* buffer_nist_et_h = "2003002a0000090300000000000000000000004fa7a4cb7d3434f8a2855b40016daccb62a454551878fc26"; - uint8_t* buffer_nist_pt_b, *buffer_nist_nonce_b, *buffer_nist_et_b, *buffer_nist_key_b, *buffer_nist_aad_b = NULL; - int buffer_nist_pt_len, buffer_nist_nonce_len, buffer_nist_et_len, buffer_nist_key_len, buffer_nist_aad_len = 0; + char* buffer_rfc_key_h = "0100000000000000000000000000000000000000000000000000000000000000"; + char* buffer_rfc_pt_h = "2003000c000100000000000000"; + char* buffer_rfc_aad_h = ""; + char* buffer_rfc_nonce_h = "030000000000000000000000"; + char* buffer_rfc_et_h = "2003002a0000090300000000000000000000004fa7a4cb7d3434f8a2855b40016daccb62a454551878fc26"; + uint8_t* buffer_rfc_pt_b, *buffer_rfc_nonce_b, *buffer_rfc_et_b, *buffer_rfc_key_b, *buffer_rfc_aad_b = NULL; + int buffer_rfc_pt_len, buffer_rfc_nonce_len, buffer_rfc_et_len, buffer_rfc_key_len, buffer_rfc_aad_len = 0; // Setup Processed Frame For Decryption - TC_t* tc_nist_processed_frame; - tc_nist_processed_frame = malloc(sizeof(uint8_t) * TC_SIZE); + TC_t* tc_rfc_processed_frame; + tc_rfc_processed_frame = malloc(sizeof(uint8_t) * TC_SIZE); // Expose/setup SAs for testing SecurityAssociation_t* test_association = NULL; @@ -202,46 +186,41 @@ UTEST(AES_GCM_SIV, AES_GCM_SIV_256_KEY_32_PT_8_DEC_TEST_1) test_association->est = 1; test_association->ecs_len = 1; test_association->ecs = CRYPTO_CIPHER_AES256_GCM_SIV; - //test_association->acs_len = 1; - //test_association->acs = CRYPTO_MAC_CMAC_AES256; test_association->stmacf_len = 16; + // Insert key into keyring of SA 9 - hex_conversion(buffer_nist_key_h, (char**) &buffer_nist_key_b, &buffer_nist_key_len); + hex_conversion(buffer_rfc_key_h, (char**) &buffer_rfc_key_b, &buffer_rfc_key_len); ekp = key_if->get_key(test_association->ekid); - memcpy(ekp->value, buffer_nist_key_b, buffer_nist_key_len); + memcpy(ekp->value, buffer_rfc_key_b, buffer_rfc_key_len); // Convert input plaintext // TODO: Account for length of header and FECF (5+2) - hex_conversion(buffer_nist_pt_h, (char**) &buffer_nist_pt_b, &buffer_nist_pt_len); + hex_conversion(buffer_rfc_pt_h, (char**) &buffer_rfc_pt_b, &buffer_rfc_pt_len); // Convert/Set input nonce - hex_conversion(buffer_nist_nonce_h, (char**) &buffer_nist_nonce_b, &buffer_nist_nonce_len); - memcpy(test_association->iv, buffer_nist_nonce_b, buffer_nist_nonce_len); - printf("NIST nonce LEN: %d\n", buffer_nist_nonce_len); - hex_conversion(buffer_nist_aad_h, (char**) &buffer_nist_aad_b, &buffer_nist_aad_len); - //memcpy(test_association->abm, buffer_nist_aad_b, buffer_nist_aad_len); + hex_conversion(buffer_rfc_nonce_h, (char**) &buffer_rfc_nonce_b, &buffer_rfc_nonce_len); + memcpy(test_association->iv, buffer_rfc_nonce_b, buffer_rfc_nonce_len); + hex_conversion(buffer_rfc_aad_h, (char**) &buffer_rfc_aad_b, &buffer_rfc_aad_len); // Convert input encryptedtext - hex_conversion(buffer_nist_et_h, (char**) &buffer_nist_et_b, &buffer_nist_et_len); + hex_conversion(buffer_rfc_et_h, (char**) &buffer_rfc_et_b, &buffer_rfc_et_len); - Crypto_TC_ProcessSecurity(buffer_nist_et_b, &buffer_nist_et_len, tc_nist_processed_frame); + Crypto_TC_ProcessSecurity(buffer_rfc_et_b, &buffer_rfc_et_len, tc_rfc_processed_frame); - for (int i = 0; i < tc_nist_processed_frame->tc_pdu_len; i++) + for (int i = 0; i < tc_rfc_processed_frame->tc_pdu_len; i++) { - if (buffer_nist_pt_b[i + 5] != tc_nist_processed_frame->tc_pdu[i]) + if (buffer_rfc_pt_b[i + 5] != tc_rfc_processed_frame->tc_pdu[i]) { - printf("[%d]: %02x -> %02x \n", i, buffer_nist_pt_b[i + 5], tc_nist_processed_frame->tc_pdu[i]); + printf("[%d]: %02x -> %02x \n", i, buffer_rfc_pt_b[i + 5], tc_rfc_processed_frame->tc_pdu[i]); } - ASSERT_EQ(buffer_nist_pt_b[i + 5], tc_nist_processed_frame->tc_pdu[i]); + ASSERT_EQ(buffer_rfc_pt_b[i + 5], tc_rfc_processed_frame->tc_pdu[i]); } Crypto_Shutdown(); free(ptr_enc_frame); - free(buffer_nist_pt_b); - free(buffer_nist_nonce_b); - free(buffer_nist_aad_b); - free(buffer_nist_et_b); - free(buffer_nist_key_b); - // free(test_association->ecs); - // sa_if->sa_close(); + free(buffer_rfc_pt_b); + free(buffer_rfc_nonce_b); + free(buffer_rfc_aad_b); + free(buffer_rfc_et_b); + free(buffer_rfc_key_b); } /** @@ -256,7 +235,6 @@ UTEST(AES_GCM_SIV, AES_GCM_SIV_256_KEY_32_PT_8_ENC_TEST_2) uint8_t* ptr_enc_frame = NULL; uint16_t enc_frame_len = 0; // Setup & Initialize CryptoLib - // Crypto_Init_TC_Unit_Test(); Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, @@ -322,7 +300,6 @@ UTEST(AES_GCM_SIV, AES_GCM_SIV_256_KEY_32_PT_8_ENC_TEST_2) ASSERT_EQ(*(ptr_enc_frame + enc_data_idx), buffer_rfc_ct_b[i]); enc_data_idx++; } - //ASSERT_EQ(1,0); free(ptr_enc_frame); free(buffer_rfc_pt_b); free(buffer_rfc_aad_b); @@ -361,7 +338,6 @@ UTEST(AES_GCM_SIV, AES_GCM_SIV_256_KEY_32_PT_20_WITH_AAD_ENC_TEST_1) char* buffer_rfc_key_h = "0100000000000000000000000000000000000000000000000000000000000000"; char* buffer_rfc_nonce_h = "030000000000000000000000"; char* buffer_rfc_ct_h = "e6e883db43a9ef98fa6271cb7d4834139acf479e3b910775e769286f3f59d2e588f69b06"; - // 030000000000000000000000 uint8_t* buffer_rfc_pt_b, *buffer_rfc_aad_b, *buffer_rfc_key_b, *buffer_rfc_nonce_b, *buffer_rfc_ct_b = NULL; int buffer_rfc_pt_len, buffer_rfc_aad_len, buffer_rfc_key_len, buffer_rfc_nonce_len, buffer_rfc_ct_len = 0; @@ -393,9 +369,7 @@ UTEST(AES_GCM_SIV, AES_GCM_SIV_256_KEY_32_PT_20_WITH_AAD_ENC_TEST_1) hex_conversion(buffer_rfc_pt_h, (char**) &buffer_rfc_pt_b, &buffer_rfc_pt_len); // Convert/Set input AAD hex_conversion(buffer_rfc_aad_h, (char**) &buffer_rfc_aad_b, &buffer_rfc_aad_len); - //printf("Buffer_rfc_aad_b = %i", &buffer_rfc_aad_b); memcpy(test_association->abm, buffer_rfc_aad_b, buffer_rfc_aad_len); - //test_association->abm_len = buffer_rfc_aad_len; hex_conversion(buffer_rfc_nonce_h, (char**) &buffer_rfc_nonce_b, &buffer_rfc_nonce_len); memcpy(test_association->iv, buffer_rfc_nonce_b, buffer_rfc_nonce_len); // Convert input ciphertext @@ -442,19 +416,17 @@ UTEST(AES_GCM_SIV, AES_GCM_SIV_256_KEY_32_PT_20_WITH_AAD_DEC_TEST_1) SaInterface sa_if = get_sa_interface_inmemory(); crypto_key_t* ekp = NULL; - // NIST supplied vectors + // rfc supplied vectors // NOTE: Added Transfer Frame header to the plaintext - char* buffer_nist_pt_h = "20030018000300000000000000000000000000000004000000"; - char* buffer_nist_aad_h = "010000000000000000000000000000000200"; - char* buffer_nist_key_h = "0100000000000000000000000000000000000000000000000000000000000000"; - char* buffer_nist_nonce_h = "030000000000000000000000"; - char* buffer_nist_et_h = "20030036000009030000000000000000000000e6e883db43a9ef98fa6271cb7d4834139acf479e3b910775e769286f3f59d2e588f69b06"; - uint8_t* buffer_nist_pt_b, *buffer_nist_nonce_b, *buffer_nist_et_b, *buffer_nist_key_b, *buffer_nist_aad_b = NULL; - int buffer_nist_pt_len, buffer_nist_nonce_len, buffer_nist_et_len, buffer_nist_key_len, buffer_nist_aad_len = 0; + char* buffer_rfc_pt_h = "20030018000300000000000000000000000000000004000000"; + char* buffer_rfc_key_h = "0100000000000000000000000000000000000000000000000000000000000000"; + char* buffer_rfc_et_h = "20030036000009030000000000000000000000e6e883db43a9ef98fa6271cb7d4834139acf479e3b910775e769286f3f59d2e588f69b06"; + uint8_t* buffer_rfc_pt_b, *buffer_rfc_et_b, *buffer_rfc_key_b = NULL; + int buffer_rfc_pt_len, buffer_rfc_et_len, buffer_rfc_key_len = 0; // Setup Processed Frame For Decryption - TC_t* tc_nist_processed_frame; - tc_nist_processed_frame = malloc(sizeof(uint8_t) * TC_SIZE); + TC_t* tc_rfc_processed_frame; + tc_rfc_processed_frame = malloc(sizeof(uint8_t) * TC_SIZE); // Expose/setup SAs for testing SecurityAssociation_t* test_association = NULL; @@ -470,47 +442,33 @@ UTEST(AES_GCM_SIV, AES_GCM_SIV_256_KEY_32_PT_20_WITH_AAD_DEC_TEST_1) test_association->est = 1; test_association->ecs_len = 1; test_association->ecs = CRYPTO_CIPHER_AES256_GCM_SIV; - //test_association->acs_len = 1; - //test_association->acs = CRYPTO_MAC_CMAC_AES256; test_association->stmacf_len = 16; // Insert key into keyring of SA 9 - hex_conversion(buffer_nist_key_h, (char**) &buffer_nist_key_b, &buffer_nist_key_len); + hex_conversion(buffer_rfc_key_h, (char**) &buffer_rfc_key_b, &buffer_rfc_key_len); ekp = key_if->get_key(test_association->ekid); - memcpy(ekp->value, buffer_nist_key_b, buffer_nist_key_len); + memcpy(ekp->value, buffer_rfc_key_b, buffer_rfc_key_len); // Convert input plaintext - // TODO: Account for length of header and FECF (5+2) - hex_conversion(buffer_nist_pt_h, (char**) &buffer_nist_pt_b, &buffer_nist_pt_len); - // Convert/Set input nonce - hex_conversion(buffer_nist_nonce_h, (char**) &buffer_nist_nonce_b, &buffer_nist_nonce_len); - memcpy(test_association->iv, buffer_nist_nonce_b, buffer_nist_nonce_len); - printf("NIST nonce LEN: %d\n", buffer_nist_nonce_len); - hex_conversion(buffer_nist_aad_h, (char**) &buffer_nist_aad_b, &buffer_nist_aad_len); - //memcpy(test_association->abm, buffer_nist_aad_b, buffer_nist_aad_len); + hex_conversion(buffer_rfc_pt_h, (char**) &buffer_rfc_pt_b, &buffer_rfc_pt_len); // Convert input encryptedtext - hex_conversion(buffer_nist_et_h, (char**) &buffer_nist_et_b, &buffer_nist_et_len); + hex_conversion(buffer_rfc_et_h, (char**) &buffer_rfc_et_b, &buffer_rfc_et_len); - Crypto_TC_ProcessSecurity(buffer_nist_et_b, &buffer_nist_et_len, tc_nist_processed_frame); + Crypto_TC_ProcessSecurity(buffer_rfc_et_b, &buffer_rfc_et_len, tc_rfc_processed_frame); - for (int i = 0; i < tc_nist_processed_frame->tc_pdu_len; i++) + for (int i = 0; i < tc_rfc_processed_frame->tc_pdu_len; i++) { - - if (buffer_nist_pt_b[i + 5] != tc_nist_processed_frame->tc_pdu[i]) + if (buffer_rfc_pt_b[i + 5] != tc_rfc_processed_frame->tc_pdu[i]) { - printf("[%d]: %02x -> %02x \n", i, buffer_nist_pt_b[i + 5], tc_nist_processed_frame->tc_pdu[i]); + printf("[%d]: %02x -> %02x \n", i, buffer_rfc_pt_b[i + 5], tc_rfc_processed_frame->tc_pdu[i]); } - ASSERT_EQ(buffer_nist_pt_b[i + 5], tc_nist_processed_frame->tc_pdu[i]); + ASSERT_EQ(buffer_rfc_pt_b[i + 5], tc_rfc_processed_frame->tc_pdu[i]); } Crypto_Shutdown(); free(ptr_enc_frame); - free(buffer_nist_pt_b); - free(buffer_nist_nonce_b); - free(buffer_nist_aad_b); - free(buffer_nist_et_b); - free(buffer_nist_key_b); - // free(test_association->ecs); - // sa_if->sa_close(); + free(buffer_rfc_pt_b); + free(buffer_rfc_et_b); + free(buffer_rfc_key_b); } UTEST_MAIN(); \ No newline at end of file From f8306f215e5fb06b82165f8d83b4c08ccb7af016 Mon Sep 17 00:00:00 2001 From: Donnie-Ice Date: Mon, 29 Jul 2024 16:37:23 +0000 Subject: [PATCH 089/174] [nasa/cryptolib#197] Updated builds to install Libgcrypt 1.11.0 and libgpg-error 1.50 --- .github/workflows/build.yml | 90 ++++++++++++++++++++++++++++++++++--- 1 file changed, 85 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 98de99f4..4ff91efb 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -18,9 +18,25 @@ jobs: - name: Update run: sudo apt-get update - name: Install Dependencies - run: sudo apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat libgcrypt20-dev python3 + run: sudo apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat python3 - name: Install Python Libraries run: sudo pip install pycryptodome + - name: Install Libgcrypt + run: | + curl \ + -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 \ + -o /tmp/libgpg-error-1.50.tar.bz2 \ + && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ \ + && cd /tmp/libgpg-error-1.50 \ + && ./configure \ + && make install \ + && curl \ + -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 \ + -o /tmp/libgcrypt-1.11.0.tar.bz2 \ + && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ \ + && cd /tmp/libgcrypt-1.11.0 \ + && ./configure \ + && make install # End Container Setup - name: Minimal Build Script @@ -38,9 +54,25 @@ jobs: - name: Update run: sudo apt-get update - name: Install Dependencies - run: sudo apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat libgcrypt20-dev python3 + run: sudo apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat python3 - name: Install Python Libraries run: sudo pip install pycryptodome + - name: Install Libgcrypt + run: | + curl \ + -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 \ + -o /tmp/libgpg-error-1.50.tar.bz2 \ + && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ \ + && cd /tmp/libgpg-error-1.50 \ + && ./configure \ + && make install \ + && curl \ + -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 \ + -o /tmp/libgcrypt-1.11.0.tar.bz2 \ + && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ \ + && cd /tmp/libgcrypt-1.11.0 \ + && ./configure \ + && make install # End Container Setup - name: Internal Build Script @@ -70,9 +102,25 @@ jobs: - name: Update run: sudo apt-get update - name: Install Dependencies - run: sudo apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat libgcrypt20-dev python3 + run: sudo apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat python3 - name: Install Python Libraries run: sudo pip install pycryptodome + - name: Install Libgcrypt + run: | + curl \ + -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 \ + -o /tmp/libgpg-error-1.50.tar.bz2 \ + && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ \ + && cd /tmp/libgpg-error-1.50 \ + && ./configure \ + && make install \ + && curl \ + -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 \ + -o /tmp/libgcrypt-1.11.0.tar.bz2 \ + && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ \ + && cd /tmp/libgcrypt-1.11.0 \ + && ./configure \ + && make install # End Container Setup - name: KMC Build Script @@ -102,9 +150,25 @@ jobs: - name: Update run: sudo apt-get update - name: Install Dependencies - run: sudo apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat libgcrypt20-dev python3 autoconf libtool + run: sudo apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat python3 autoconf libtool - name: Install Python Libraries run: sudo pip install pycryptodome + - name: Install Libgcrypt + run: | + curl \ + -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 \ + -o /tmp/libgpg-error-1.50.tar.bz2 \ + && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ \ + && cd /tmp/libgpg-error-1.50 \ + && ./configure \ + && make install \ + && curl \ + -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 \ + -o /tmp/libgcrypt-1.11.0.tar.bz2 \ + && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ \ + && cd /tmp/libgcrypt-1.11.0 \ + && ./configure \ + && make install - name: Clone WolfSSL run: git clone --depth 1 --branch v5.6.0-stable https://github.com/wolfSSL/wolfssl.git /tmp/wolfssl @@ -155,12 +219,28 @@ jobs: - name: Update run: yum update -y - name: Install Dependencies - run: yum install -y epel-release python38-devel libcurl-devel libgpg-error-devel libgcrypt-devel git cmake gcc java-11-openjdk-devel openssl wget mariadb-devel mariadb-common mariadb-connector-c mariadb-connector-c-config mariadb-errmsg mariadb-gssapi-server + run: yum install -y epel-release python38-devel libcurl-devel libgpg-error-devel git cmake gcc java-11-openjdk-devel openssl wget mariadb-devel mariadb-common mariadb-connector-c mariadb-connector-c-config mariadb-errmsg mariadb-gssapi-server # Might want to trim this down, but these dependencies should work for KMC - name: install lcov run: yum install -y --enablerepo=epel lcov - name: Install Python Dependencies run: pip3 install pycryptodome + - name: Install Libgcrypt + run: | + curl \ + -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 \ + -o /tmp/libgpg-error-1.50.tar.bz2 \ + && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ \ + && cd /tmp/libgpg-error-1.50 \ + && ./configure \ + && make install \ + && curl \ + -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 \ + -o /tmp/libgcrypt-1.11.0.tar.bz2 \ + && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ \ + && cd /tmp/libgcrypt-1.11.0 \ + && ./configure \ + && make install # End Container Setup - name: RHEL Build Script From 48a19cd769c5089fe7ea17dfe3d9ee673d357d8d Mon Sep 17 00:00:00 2001 From: Donnie-Ice Date: Thu, 1 Aug 2024 17:15:29 +0000 Subject: [PATCH 090/174] [nasa/cryptolib#197] Resolve build issues on RHEL --- .github/workflows/build.yml | 163 +++++++++--------- CMakeLists.txt | 13 ++ README.md | 2 + doc/requirements.md | 83 +++++++++ include/crypto_error.h | 1 + src/core/crypto_config.c | 92 +++++----- src/core/crypto_error.c | 3 +- .../internal/mc_interface_internal.template.c | 4 +- .../internal/sa_interface_inmemory.template.c | 51 ++++++ support/scripts/build_internal.sh | 4 +- support/scripts/build_kmc.sh | 2 + support/scripts/build_minimal.sh | 2 + support/scripts/build_rhel.sh | 3 + support/scripts/build_support.sh | 2 + support/scripts/build_wolf.sh | 2 + test/CMakeLists.txt | 8 +- 16 files changed, 307 insertions(+), 128 deletions(-) create mode 100644 doc/requirements.md diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 4ff91efb..93c4f393 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -22,21 +22,22 @@ jobs: - name: Install Python Libraries run: sudo pip install pycryptodome - name: Install Libgcrypt - run: | - curl \ - -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 \ - -o /tmp/libgpg-error-1.50.tar.bz2 \ - && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ \ - && cd /tmp/libgpg-error-1.50 \ - && ./configure \ - && make install \ - && curl \ - -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 \ - -o /tmp/libgcrypt-1.11.0.tar.bz2 \ - && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ \ - && cd /tmp/libgcrypt-1.11.0 \ - && ./configure \ - && make install + run: > + curl + -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 + -o /tmp/libgpg-error-1.50.tar.bz2 + && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ + && cd /tmp/libgpg-error-1.50 + && sudo ./configure + && sudo make install + && curl + -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 + -o /tmp/libgcrypt-1.11.0.tar.bz2 + && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ + && cd /tmp/libgcrypt-1.11.0 + && sudo ./configure + && sudo make install + && sudo ldconfig # End Container Setup - name: Minimal Build Script @@ -58,21 +59,22 @@ jobs: - name: Install Python Libraries run: sudo pip install pycryptodome - name: Install Libgcrypt - run: | - curl \ - -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 \ - -o /tmp/libgpg-error-1.50.tar.bz2 \ - && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ \ - && cd /tmp/libgpg-error-1.50 \ - && ./configure \ - && make install \ - && curl \ - -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 \ - -o /tmp/libgcrypt-1.11.0.tar.bz2 \ - && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ \ - && cd /tmp/libgcrypt-1.11.0 \ - && ./configure \ - && make install + run: > + curl + -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 + -o /tmp/libgpg-error-1.50.tar.bz2 + && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ + && cd /tmp/libgpg-error-1.50 + && sudo ./configure + && sudo make install + && curl + -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 + -o /tmp/libgcrypt-1.11.0.tar.bz2 + && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ + && cd /tmp/libgcrypt-1.11.0 + && sudo ./configure + && sudo make install + && sudo ldconfig # End Container Setup - name: Internal Build Script @@ -106,21 +108,22 @@ jobs: - name: Install Python Libraries run: sudo pip install pycryptodome - name: Install Libgcrypt - run: | - curl \ - -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 \ - -o /tmp/libgpg-error-1.50.tar.bz2 \ - && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ \ - && cd /tmp/libgpg-error-1.50 \ - && ./configure \ - && make install \ - && curl \ - -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 \ - -o /tmp/libgcrypt-1.11.0.tar.bz2 \ - && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ \ - && cd /tmp/libgcrypt-1.11.0 \ - && ./configure \ - && make install + run: > + curl + -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 + -o /tmp/libgpg-error-1.50.tar.bz2 + && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ + && cd /tmp/libgpg-error-1.50 + && sudo ./configure + && sudo make install + && curl + -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 + -o /tmp/libgcrypt-1.11.0.tar.bz2 + && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ + && cd /tmp/libgcrypt-1.11.0 + && sudo ./configure + && sudo make install + && sudo ldconfig # End Container Setup - name: KMC Build Script @@ -154,21 +157,22 @@ jobs: - name: Install Python Libraries run: sudo pip install pycryptodome - name: Install Libgcrypt - run: | - curl \ - -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 \ - -o /tmp/libgpg-error-1.50.tar.bz2 \ - && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ \ - && cd /tmp/libgpg-error-1.50 \ - && ./configure \ - && make install \ - && curl \ - -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 \ - -o /tmp/libgcrypt-1.11.0.tar.bz2 \ - && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ \ - && cd /tmp/libgcrypt-1.11.0 \ - && ./configure \ - && make install + run: > + curl + -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 + -o /tmp/libgpg-error-1.50.tar.bz2 + && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ + && cd /tmp/libgpg-error-1.50 + && sudo ./configure + && sudo make install + && curl + -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 + -o /tmp/libgcrypt-1.11.0.tar.bz2 + && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ + && cd /tmp/libgcrypt-1.11.0 + && sudo ./configure + && sudo make install + && sudo ldconfig - name: Clone WolfSSL run: git clone --depth 1 --branch v5.6.0-stable https://github.com/wolfSSL/wolfssl.git /tmp/wolfssl @@ -178,7 +182,7 @@ jobs: #run: cd /tmp/wolfssl/; # sudo chown -R runner /usr/local; # ./autogen.sh; - # ./configure --enable-aesccm --enable-aessiv --enable-cmac; + # sudo ./configure --enable-aesccm --enable-aessiv --enable-cmac; # make; # make install; #sudo chown -R runner /usr/local; @@ -219,33 +223,36 @@ jobs: - name: Update run: yum update -y - name: Install Dependencies - run: yum install -y epel-release python38-devel libcurl-devel libgpg-error-devel git cmake gcc java-11-openjdk-devel openssl wget mariadb-devel mariadb-common mariadb-connector-c mariadb-connector-c-config mariadb-errmsg mariadb-gssapi-server + run: yum install -y epel-release python38-devel libcurl-devel git cmake gcc java-11-openjdk-devel openssl wget bzip2 ldconfig mariadb-devel mariadb-common mariadb-connector-c mariadb-connector-c-config mariadb-errmsg mariadb-gssapi-server # Might want to trim this down, but these dependencies should work for KMC - name: install lcov run: yum install -y --enablerepo=epel lcov - name: Install Python Dependencies run: pip3 install pycryptodome - name: Install Libgcrypt - run: | - curl \ - -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 \ - -o /tmp/libgpg-error-1.50.tar.bz2 \ - && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ \ - && cd /tmp/libgpg-error-1.50 \ - && ./configure \ - && make install \ - && curl \ - -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 \ - -o /tmp/libgcrypt-1.11.0.tar.bz2 \ - && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ \ - && cd /tmp/libgcrypt-1.11.0 \ - && ./configure \ - && make install + run: > + curl + -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 + -o /tmp/libgpg-error-1.50.tar.bz2 + && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ + && cd /tmp/libgpg-error-1.50 + && ./configure + && make install + && curl + -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 + -o /tmp/libgcrypt-1.11.0.tar.bz2 + && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ + && cd /tmp/libgcrypt-1.11.0 + && ./configure + && make install + && echo "export LD_LIBRARY_PATH=/usr/local/lib/:/usr/local/include:$LD_LIBRARY_PATH" >> ~/.bashrc + && source ~/.bashrc + && ldconfig # End Container Setup - name: RHEL Build Script working-directory: ${{github.workspace}} - run: bash ${GITHUB_WORKSPACE}/support/scripts/build_rhel.sh + run: source ~/.bashrc && ${GITHUB_WORKSPACE}/support/scripts/build_rhel.sh - name: Code-Coverage working-directory: ${{github.workspace}} diff --git a/CMakeLists.txt b/CMakeLists.txt index 8e32bcfa..0936d717 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -24,6 +24,7 @@ project(crypto C) set(SA_CUSTOM_PATH_DEFAULT "../../sa/custom") set(KEY_CUSTOM_PATH_DEFAULT "../../key/custom") set(MC_CUSTOM_PATH_DEFAULT "../../mc/custom") +set(MC_LOG_PATH_DEFAULT "log.txt") set(CRYPTO_CUSTOM_PATH_DEFAULT "../../crypto/custom") @@ -57,6 +58,7 @@ option(SYSTEM_INSTALL "SystemInstall" OFF) option(TEST "Test" OFF) option(TEST_ENC "Tests - Encryption" OFF) option(SA_FILE "Save Security Association to File" OFF) +option(KEY_VALIDATION "Validate existance of key duplication" OFF) OPTION(KMC_MDB_RH "KMC-MDB-RedHat-Integration-Testing" OFF) #Disabled by default, enable with: -DKMC_MDB_RH=ON OPTION(KMC_MDB_DB "KMC-MDB-Debian-Integration-Testing" OFF) #Disabled by default, enable with: -DKMC_MDB_DB=ON @@ -110,11 +112,22 @@ if(SA_FILE) add_definitions(-DSA_FILE) endif() +if(KEY_VALIDATION) + add_definitions(-DKEY_VALIDATION) +endif() + if(DEBUG) add_definitions(-DDEBUG -DOCF_DEBUG -DFECF_DEBUG -DSA_DEBUG -DPDU_DEBUG -DCCSDS_DEBUG -DTC_DEBUG -DMAC_DEBUG -DTM_DEBUG -DAOS_DEBUG) add_compile_options(-ggdb) endif() +if(DEFINED MC_LOG_CUSTOM_PATH) + message(STATUS "MC_LOG_CUSTOM_PATH set to: ${MC_LOG_CUSTOM_PATH}") + add_compile_definitions(MC_LOG_PATH="${MC_LOG_CUSTOM_PATH}") +else() + add_compile_definitions(MC_LOG_PATH="${MC_LOG_PATH_DEFAULT}") +endif() + IF(KMC_MDB_RH) ADD_DEFINITIONS(-DKMC_MDB_RH) ADD_DEFINITIONS(-DKMC_CFFI_EXCLUDE) diff --git a/README.md b/README.md index 6e7da057..c2609f29 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,8 @@ ![Build](https://github.com/nasa/CryptoLib/actions/workflows/build.yml/badge.svg) [![CodeCov](https://codecov.io/gh/nasa/CryptoLib/branch/main/graph/badge.svg?token=KCOMCQO0ZU)](https://codecov.io/gh/nasa/CryptoLib) +![CryptoLib logo Final All orange](https://github.com/user-attachments/assets/fc02870b-e2d2-4577-83c2-78985d5fbdd6) + # CryptoLib Provide a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. diff --git a/doc/requirements.md b/doc/requirements.md new file mode 100644 index 00000000..f9a2b04c --- /dev/null +++ b/doc/requirements.md @@ -0,0 +1,83 @@ +# CryptoLib Requirements + +Note this is in draft form and is not yet traceable to the unit tests. + +# General +* CryptoLib shall provide initialization function(s) for the setup of the library. +* CryptoLib shall provide apply security functions for each supported frame type. +* CryptoLib shall provide process security functions for each supported frame type. +* CryptoLib shall provide teardown function(s) for the cleanup of the library. +* CryptoLib shall maintain separation of modules for cryptography, key management, monitoring and control, and security associations that can be configured at build time for use. +* CryptoLib shall maintain a custom option for each module type for users to develop specific implementations. +* CryptoLib shall adhere to the CCSDS Space Data Link Security standard (CCSDS 355.0-B-2) Protocl Implementation Conformance Statements (PICS). +* CryptoLib shall adhere to the CCSDS Space Data Link Security Extended Procedures standard (CCSDS 355.1-B-1) Protocol Implementation Conformance Statements (PICS). + +# CCSDS SDLS PICS +* A4/1 - CryptoLib shall support the TM Space Data Link Protocol. +* A4/2 - CryptoLib shall support the TC Space Data Link Protocol. +* A4/3 - CryptoLib shall support the AOS Space Data Link Protocol. +* A5/1 - The CryptoLib cryptography module shall support encryption. +* A5/2 - The CryptoLib cryptography module shall support authentication. +* A5/3 - The CryptoLib cryptography module shall support authenticated encryption. +* A6/1 - CryptoLib shall maintain the global virtual channel ID (GVCID) as part of the security association management data. +* A6/2 - CryptoLib shall maintain the global multiplexer access point identifier (GMAP_ID) as part of the security association management data. +* A6/3 - CryptoLib shall maintain the security parameter index (SPI) identifying the security association (SA) applicable to a frame as part of the SA management data. +* A6/4 - CryptoLib shall maintain the security association service type (SA_service_type) indicating the cryptographic function(s) specified for the SA as part of the security association management data. +* A6/5 - CryptoLib shall maintain the security association sequence number length (SA_length_SN) indicating the length of the sequence number field in the security header as part of the security association management data. +* A6/6 - CryptoLib shall maintain the security association initialization vector length (SA_length_IV) indicating the length of the initialization vector field in the security header as part of the security association management data. +* A6/7 - CryptoLib shall maintain the security association pad length (SA_length_PL) indicating the length of the pad length field in the security header as part of the security association management data. +* A6/8 - CryptoLib shall maintain the security association message authentication code length (SA_length_MAC) indicating the length of the MAC field in the security trailer as part of the security association management data. +* A6/9 - CryptoLib shall maintain the security association authentication algorithm and mode of operation as part of the security association management data. +* A6/10 - CryptoLib shall maintain the security association authentication key or index that refers to the actual key as part of the security association management data. +* A6/11 - CryptoLib shall maintain the security association authentication mask parameter indicating the value of a provided bit mask that is applied against the Transfer Frame in a bitwise-AND operation to generate an Authentication Payload as part of the security association management data. +* A6/12 - CryptoLib shall maintain the security association sequence number indicating the present value of a managed anti-replay sequence counter as part of the security association management data. +* A6/13 - CryptoLib shall maintain the security association sequence window indicating the amount of deviation the receiving end will accept between the expected anti-replay sequence number in a received frame as part of the security association management data. +* A6/14 - CryptoLib shall maintain the security association encryption algorithm and mode of operation as part of the security association management data. +* A6/15 - CryptoLib shall maintain the security association encryption key or index that refers to the actual key as part of the security association management data. +* A6/16 - CryptoLib shall maintain the security association initialization vector indicating the present value of a managed initialization vector field as part of the security association management data. +* A7/1 - CryptoLib shall have apply security functions for each transfer frame type supported that contains input parameters of a payload containing the partially formatted frame and the identifiers of the Virtual Channel and the MAP channel (for TC only). +* A7/2 - CryptoLib shall have process security functions for each transfer frame type supported that contains input parameters of a payload containing the frame and the identifiers of the Virtual Channel and the MAP channel (for TC only). +* A7.1.1/1 - CryptoLib's TM apply security payload shall consist of the first octet of the transfer frame primary header to the last octet of the fixed-length protocol data unit of the TM frame. +* A7.1.1/2 - CryptoLib's TC apply security payload shall consist of the first octet of the transfer frame primary header to the last octet of the transfer frame data field. +* A7.1.1/3 - CryptoLib's AOS apply security payload shall consist of the first octet of the transfer frame primary header to the last octet of the transfer frame data field. +* A7.1.1/5 - CryptoLib's apply security functions shall confirm the managed security association data matches the global virtual channel identifier (GVCID) parameter in the partially formatted transfer frame contained in the apply security payload. +* A7.1.1/6 - CryptoLib's TC apply security function shall confirm the global multiplexer access point identifier (GMAP_ID) parameter determined by the GVCID in the partially formatted transfer frame in the TC apply security payload is valid if the virtual channel specified is using segment headers. +* A7.1.1/7 - CryptoLib's TC apply security function transfer frame data field shall be plaintext if the cryptographic algorithm is authenticated encryption. +* A7.1.1/8 - CryptoLib's TC apply security function additional authenticated data (AAD) shall be the portion from the first octet of the Authentication Payload to the octet immediately preceding the Transfer Frame Data Field. +* A7.1.1/9 - CryptoLib's TC apply security function shall encrypt the Transfer Frame Data Field if encryption is selected for the security association in use. +* A7.1.1/10 - CryptoLib's TC apply security function shall place the number of fill bytes used into the Pad Length field of the Security Header if the algorithm and mode selected for the security association in use require. +* A7.1.1/11 - CryptoLib's TC apply security function shall increment the SA's managed sequence number by one if authentication is selected for the security association in use. +* A7.1.1/12 - CryptoLib's TC apply security function shall expect the managed sequence number in the Sequence Number field of the Security header, unless the security association (SA) specified use of the Initialization Vector field of the Security header instead if authentication is selected for an SA. +* A7.1.1/13 - CryptoLib's TC apply security function shall complete the Security Header for each transfer frame if authentication is selected for the security association in use. +* A7.1.1/14 - CryptoLib's TC apply security function shall apply the security association's (SA) authentication bit mask in a bitwise-AND operation against the partial frame if authentication is selected for the SA in use. +* A7.1.1/15 - CryptoLib's TC apply security function shall compute a MAC over the authentication payload if authentication is selected for the security association in use. +* A7.1.1/16 - CryptoLib's TC apply security function shall truncate the least-significant bits of the computed MAC, if necessary, if authentication is selected for the security association in use. +* A7.1.1/18 - CryptoLib's TC apply security function shall return a unique status to the caller per error type. +* A7.1.2/1 - CryptoLib's TM process security payload shall consist of the first octet of the transfer frame primary header to the last octet of the security trailer, if present, or the last octet of the Transfer Frame Data Field. +* A7.1.2/2 - CryptoLib's TC process security payload shall consist of the first octet of the transfer frame primary header to the last octet of the security trailer, if present, or the last octet of the Transfer Frame Data Field. +* A7.1.2/3 - CryptoLib's AOS process security payload shall consist of the first octet of the transfer frame primary header to the last octet of the security trailer, if present, or the last octet of the Transfer Frame Data Field. +* A7.1.2/5 - CryptoLib's process security functions shall confirm the managed security association data matches the global virtual channel identifier (GVCID) parameter in the partially formatted transfer frame contained in the apply security payload. +* A7.1.2/6 - CryptoLib's TC process security function shall confirm the global multiplexer access point identifier (GMAP_ID) parameter determined by the GVCID in the partially formatted transfer frame in the TC process security payload is valid if the virtual channel specified is using segment headers. +* A7.1.2/7 - CryptoLib's process security functions shall discard frames with wrong security associations and report exceptions. +* A7.1.2/8 - CryptoLib's process security function transfer frame data field shall be plaintext if the cryptographic algorithm is authenticated encryption. +* A7.1.2/9 - CryptoLib's process security function additional authenticated data (AAD) shall be the portion from the first octet of the Authentication Payload to the octet immediately preceding the Transfer Frame Data Field. +* A7.1.2/10 - CryptoLib's process security function shall apply the security association's (SA) authentication bit mask in a bitwise-AND operation against the partial frame if authentication is selected for the SA in use. +* A7.1.2/12 - CryptoLib's process security function shall compute a MAC over the authentication payload if authentication is selected for the security association in use. +* A7.1.2/13 - CryptoLib's process security function shall truncate the least-significant bits of the computed MAC, if necessary, if authentication is selected for the security association in use. +* A7.1.2/14 - CryptoLib's process security function shall verify that the computed MAC matches the MAC received in the Security Trailer if authentication is selected for the security association in use. +* A7.1.2/15 - CryptoLib's process security function shall report an exception to the service user for frames in which the received frame fails MAC verification and discard those frame if authentication is selected for the SA in use. +* A7.1.2/18 - CryptoLib's process security function shall extract the received sequence number from either the Sequence Number field of the Initialization Vector field of the Security Header according to the options specified for that SA if authentication is selected for the SA in use. +* A7.1.2/19 - CryptoLib's process security function shall compare the received sequence number to the managed sequence number if authentication is selected for the SA in use. +* A7.1.2/20 - CryptoLib's process security function shall report an exception to the service user for frames in which the received sequence number is larger than the managed sequence number by a value greater than teh window defined for that SA and discard those frames if authentication is selected for the SA in use. +* A7.1.2/23 - CryptoLib's process security function shall replace the managed sequence number with the received sequence number if the frame passes verification operations and if authentication is selected for the SA in use. +* A7.1.2/25 - CryptoLib's process security function shall decrypt the Transfer Frame Data Field if encryption is selected for the SA in use. +* A7.1.2/26 - CryptoLib's process security function shall extract the count of fill bytes used from the Pad Length field of the Security Header, and remove those fill bytes from the Frame Data field to be returned if encryption is selected for the SA in use. +* A7.1.2/27 - CryptoLib's process security function shall return a unique status to the caller per error type. +* A8.1/1 - CryptoLib's security header shall consist of one mandatory security parameter index in bits 0-15. +* A8.1/2 - CryptoLib's security header may contain an option field of the initialization vector following the SPI. +* A8.1/3 - CryptoLib's security header may contain an option field of the sequence number following the initialization vector. +* A8.1/4 - CryptoLib's security header may contain an option field of the pad length following the sequence number. +* A8.2/1 - CryptoLib's security trailer shall define the presence or absence of the MAC based on a virtual channel or MAP in the security association parameters. + +# CCSDS SDLS-EP PICS +* ... diff --git a/include/crypto_error.h b/include/crypto_error.h index 2f7e213f..ff2f3439 100644 --- a/include/crypto_error.h +++ b/include/crypto_error.h @@ -123,6 +123,7 @@ #define CRYPTO_LIB_ERR_INVALID_SA_SERVICE_TYPE (-51) #define CRYPTO_LIB_ERR_FAIL_SA_SAVE (-52) #define CRYPTO_LIB_ERR_FAIL_SA_LOAD (-53) +#define CRYPTO_LIB_ERR_KEY_VALIDATION (-54) extern char *crypto_enum_errlist_core[]; extern char *crypto_enum_errlist_config[]; diff --git a/src/core/crypto_config.c b/src/core/crypto_config.c index c163cbdc..1afecca8 100644 --- a/src/core/crypto_config.c +++ b/src/core/crypto_config.c @@ -176,62 +176,68 @@ int32_t Crypto_Init(void) // #endif /* Key Interface */ - if (crypto_config.key_type == KEY_TYPE_CUSTOM) - { - key_if = get_key_interface_custom(); - } - else if (crypto_config.key_type == KEY_TYPE_INTERNAL) - { - key_if = get_key_interface_internal(); - } - else // KEY_TYPE_KMC - { - key_if = get_key_interface_kmc(); + if (key_if == NULL) { + if (crypto_config.key_type == KEY_TYPE_CUSTOM) + { + key_if = get_key_interface_custom(); + } + else if (crypto_config.key_type == KEY_TYPE_INTERNAL) + { + key_if = get_key_interface_internal(); + } + else // KEY_TYPE_KMC + { + key_if = get_key_interface_kmc(); + } } key_if->key_init(); // TODO: Check and return status on error /* MC Interface */ - if (crypto_config.mc_type == MC_TYPE_CUSTOM) - { - mc_if = get_mc_interface_custom(); - } - else if (crypto_config.mc_type == MC_TYPE_DISABLED) - { - mc_if = get_mc_interface_disabled(); - } - else // MC_TYPE_INTERNAL - { - mc_if = get_mc_interface_internal(); + if (mc_if == NULL) { + if (crypto_config.mc_type == MC_TYPE_CUSTOM) + { + mc_if = get_mc_interface_custom(); + } + else if (crypto_config.mc_type == MC_TYPE_DISABLED) + { + mc_if = get_mc_interface_disabled(); + } + else // MC_TYPE_INTERNAL + { + mc_if = get_mc_interface_internal(); + } } mc_if->mc_initialize(); // TODO: Check and return status on error /* SA Interface */ - // Prepare SA type from config - if (crypto_config.sa_type == SA_TYPE_CUSTOM) - { - sa_if = get_sa_interface_custom(); - } - else if (crypto_config.sa_type == SA_TYPE_INMEMORY) - { - sa_if = get_sa_interface_inmemory(); - } - else if (crypto_config.sa_type == SA_TYPE_MARIADB) - { - if (sa_mariadb_config == NULL) + if (sa_if == NULL) { + // Prepare SA type from config + if (crypto_config.sa_type == SA_TYPE_CUSTOM) + { + sa_if = get_sa_interface_custom(); + } + else if (crypto_config.sa_type == SA_TYPE_INMEMORY) + { + sa_if = get_sa_interface_inmemory(); + } + else if (crypto_config.sa_type == SA_TYPE_MARIADB) { - status = CRYPTO_MARIADB_CONFIGURATION_NOT_COMPLETE; - printf(KRED "ERROR: CryptoLib MariaDB must be configured before intializing!\n" RESET); - return status; // MariaDB connection specified but no configuration exists, return! + if (sa_mariadb_config == NULL) + { + status = CRYPTO_MARIADB_CONFIGURATION_NOT_COMPLETE; + printf(KRED "ERROR: CryptoLib MariaDB must be configured before intializing!\n" RESET); + return status; // MariaDB connection specified but no configuration exists, return! + } + sa_if = get_sa_interface_mariadb(); } - sa_if = get_sa_interface_mariadb(); + else + { + status = SADB_INVALID_SADB_TYPE; + return status; + } // TODO: Error stack } - else - { - status = SADB_INVALID_SADB_TYPE; - return status; - } // TODO: Error stack /* Crypto Interface */ // Determine which cryptographic module is in use diff --git a/src/core/crypto_error.c b/src/core/crypto_error.c index 6894eac1..3725768b 100644 --- a/src/core/crypto_error.c +++ b/src/core/crypto_error.c @@ -74,7 +74,8 @@ char *crypto_enum_errlist_core[] = (char*) "CRYPTO_LIB_ERR_TC_ENUM_USED_FOR_AOS_CONFIG", (char*) "CRYPTO_LIB_ERR_INVALID_SA_SERVICE_TYPE", (char*) "CRYPTO_LIB_ERR_FAIL_SA_SAVE", - (char*) "CRYPTO_LIB_ERR_FAIL_SA_LOAD", + (char*) "CRYPTO_LIB_ERR_FAIL_SA_LOAD", + (char*) "CRYPTO_LIB_ERR_KEY_VALIDATION", }; char *crypto_enum_errlist_config[] = diff --git a/src/mc/internal/mc_interface_internal.template.c b/src/mc/internal/mc_interface_internal.template.c index 170c9e6f..974fd567 100644 --- a/src/mc/internal/mc_interface_internal.template.c +++ b/src/mc/internal/mc_interface_internal.template.c @@ -53,11 +53,11 @@ static int32_t mc_initialize(void) int32_t status = CRYPTO_LIB_SUCCESS; /* Open log */ - mc_file_ptr = fopen("log.txt", "a"); + mc_file_ptr = fopen(MC_LOG_PATH, "a"); if (mc_file_ptr == NULL) { status = CRYPTO_LIB_ERR_MC_INIT; - printf(KRED "ERROR: Monitoring andcontrol initialization - internal failed\n" RESET); + printf(KRED "ERROR: Monitoring and control initialization - internal failed\n" RESET); } return status; diff --git a/src/sa/internal/sa_interface_inmemory.template.c b/src/sa/internal/sa_interface_inmemory.template.c index a7bda4c1..a045c1d1 100644 --- a/src/sa/internal/sa_interface_inmemory.template.c +++ b/src/sa/internal/sa_interface_inmemory.template.c @@ -544,6 +544,51 @@ void sa_populate(void) sa_perform_save(&sa[0]); } +/** + * @brief Function Key_Validation() + * Validates the use of a single key per encryption type per SA + * At most an SA can contain 2 unique Keys. These my not be utilized in another SA + */ +int32_t key_validation(void) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + int i = 0; + int j = 0; + for(i = 0; i < NUM_SA; i++) + { + uint16_t i_ekid = sa[i].ekid; + uint16_t i_akid = sa[i].akid; + + if(i_ekid == i_akid) + { + status = CRYPTO_LIB_ERR_KEY_VALIDATION; +#ifdef DEBUG + printf(KRED "SA Key Validation FAILURE!\n"); + printf("Key Duplication: SA #%d, EKID: %d, AKID: %d\n", i, i_ekid, i_akid); + printf("\n"RESET); +#endif + break; + } + + for(j = i+1; j < NUM_SA; j++) + { + uint16_t j_ekid = sa[j].ekid; + uint16_t j_akid = sa[j].akid; + + if((i_ekid == j_ekid) || (i_ekid == j_akid) || (i_akid == j_ekid) || (i_akid == j_akid) || (j_ekid == j_akid)) + { + status = CRYPTO_LIB_ERR_KEY_VALIDATION; +#ifdef DEBUG + printf(KRED "SA Key Validation FAILURE!\n"); + printf("Key Duplication SA: %d, EKID: %d, AKID: %d\n\tSA: %d, EKID: %d, AKID: %d\n", i, i_ekid, i_akid, j, j_ekid, j_akid); + printf("\n"RESET); +#endif + break; + } + } + } + return status; +} /** * @brief Function; sa_config @@ -561,6 +606,9 @@ int32_t sa_config(void) if(use_internal) { sa_populate(); +#ifdef KEY_VALIDATION + status = key_validation(); +#endif } return status; @@ -627,6 +675,9 @@ int32_t sa_init(void) } sa_populate(); +#ifdef KEY_VALIDATION + status = key_validation(); +#endif } return status; } diff --git a/support/scripts/build_internal.sh b/support/scripts/build_internal.sh index c6e326f2..c41dd2c3 100755 --- a/support/scripts/build_internal.sh +++ b/support/scripts/build_internal.sh @@ -9,4 +9,6 @@ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) source $SCRIPT_DIR/env.sh -cmake $BASE_DIR -DCODECOV=1 -DDEBUG=1 -DMC_INTERNAL=1 -DTEST=1 -DTEST_ENC=1 -DSA_FILE=1 && make && make test +rm $BASE_DIR/CMakeCache.txt + +cmake $BASE_DIR -DCODECOV=1 -DDEBUG=1 -DMC_INTERNAL=1 -DTEST=1 -DTEST_ENC=1 -DSA_FILE=1 -DKEY_VALIDATION=0 && make && make test diff --git a/support/scripts/build_kmc.sh b/support/scripts/build_kmc.sh index 95c1489f..2c18bd7a 100755 --- a/support/scripts/build_kmc.sh +++ b/support/scripts/build_kmc.sh @@ -9,4 +9,6 @@ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) source $SCRIPT_DIR/env.sh +rm $BASE_DIR/CMakeCache.txt + cmake $BASE_DIR -DCODECOV=1 -DDEBUG=1 -DCRYPTO_KMC=1 -DKEY_KMC=1 -DMC_DISABLED=1 -DSA_MARIADB=1 -DTEST=1 -DTEST_ENC=1 -DKMC_CFFI_EXCLUDE=1 -DSA_FILE=1 && make && make test diff --git a/support/scripts/build_minimal.sh b/support/scripts/build_minimal.sh index c07c09a3..f9781ae7 100755 --- a/support/scripts/build_minimal.sh +++ b/support/scripts/build_minimal.sh @@ -9,4 +9,6 @@ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) source $SCRIPT_DIR/env.sh +rm $BASE_DIR/CMakeCache.txt + cmake $BASE_DIR && make && make test diff --git a/support/scripts/build_rhel.sh b/support/scripts/build_rhel.sh index 94053036..644fa9b3 100755 --- a/support/scripts/build_rhel.sh +++ b/support/scripts/build_rhel.sh @@ -9,4 +9,7 @@ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) source $SCRIPT_DIR/env.sh +rm $BASE_DIR/CMakeCache.txt + cmake $BASE_DIR -DCODECOV=1 -DDEBUG=1 -DMC_INTERNAL=1 -DTEST=1 -DTEST_ENC=1 -DSA_FILE=1 && make && make test + diff --git a/support/scripts/build_support.sh b/support/scripts/build_support.sh index 4e92ea6c..0392bd8f 100755 --- a/support/scripts/build_support.sh +++ b/support/scripts/build_support.sh @@ -9,4 +9,6 @@ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) source $SCRIPT_DIR/env.sh +rm $BASE_DIR/CMakeCache.txt + cmake $BASE_DIR -DCODECOV=1 -DDEBUG=1 -DSUPPORT=1 -DTEST=1 -DTEST_ENC=1 && make && make test diff --git a/support/scripts/build_wolf.sh b/support/scripts/build_wolf.sh index 0cae1611..a646e932 100755 --- a/support/scripts/build_wolf.sh +++ b/support/scripts/build_wolf.sh @@ -9,4 +9,6 @@ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) source $SCRIPT_DIR/env.sh +rm $BASE_DIR/CMakeCache.txt + cmake $BASE_DIR -DCODECOV=1 -DDEBUG=1 -DCRYPTO_LIBGCRYPT=0 -DCRYPTO_WOLFSSL=1 -DTEST=1 -DTEST_ENC=1 -DSA_FILE=1 && make && make test diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt index 05e82830..4973346f 100644 --- a/test/CMakeLists.txt +++ b/test/CMakeLists.txt @@ -57,9 +57,11 @@ add_test(NAME UT_TM_PROCESS COMMAND ${PROJECT_BINARY_DIR}/bin/ut_tm_process WORKING_DIRECTORY ${PROJECT_TEST_DIR}) -add_test(NAME UT_AES_GCM_SIV - COMMAND ${PROJECT_BINARY_DIR}/bin/ut_aes_gcm_siv - WORKING_DIRECTORY ${PROJECT_TEST_DIR}) +if(NOT ${CRYPTO_WOLFSSL}) + add_test(NAME UT_AES_GCM_SIV + COMMAND ${PROJECT_BINARY_DIR}/bin/ut_aes_gcm_siv + WORKING_DIRECTORY ${PROJECT_TEST_DIR}) +endif() if(SA_FILE) add_test(NAME UT_SA_SAVE From 483eca86cf8930752a3eb215500ed3daa7701ce5 Mon Sep 17 00:00:00 2001 From: Donnie-Ice Date: Thu, 1 Aug 2024 17:20:33 +0000 Subject: [PATCH 091/174] [nasa/cryptolib#197] Source bashrc before running gcov --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 93c4f393..c955d266 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -256,7 +256,7 @@ jobs: - name: Code-Coverage working-directory: ${{github.workspace}} - run: make gcov + run: source ~/.bashrc && make gcov - name: Upload uses: codecov/codecov-action@v4 From efcf3562b356bfa411bdae4a0411452d4425f753 Mon Sep 17 00:00:00 2001 From: Donnie-Ice Date: Fri, 2 Aug 2024 17:59:29 +0000 Subject: [PATCH 092/174] [nasa/cryptolib#197] Removed commented code and references to GCM-SIV in wolfssl --- .../cryptography_interface_wolfssl.template.c | 89 ------------------- 1 file changed, 89 deletions(-) diff --git a/src/crypto/wolfssl/cryptography_interface_wolfssl.template.c b/src/crypto/wolfssl/cryptography_interface_wolfssl.template.c index 30c49783..238f1e4b 100644 --- a/src/crypto/wolfssl/cryptography_interface_wolfssl.template.c +++ b/src/crypto/wolfssl/cryptography_interface_wolfssl.template.c @@ -422,19 +422,6 @@ static int32_t cryptography_encrypt(uint8_t* data_out, size_t len_data_out, } break; - // TODO: Confirm same process as above for SIV - // case CRYPTO_CIPHER_AES256_GCM_SIV: - // status = wc_AesGcmSetKey(&enc, key, len_key); - // if (status == 0) - // { - // //status = wc_AesGcmEncrypt(&enc, data_out, data_in, len_data_in, iv, iv_len, NULL, 16, NULL, 0); - // status = wc_AesSivEncrypt(key, len_key, NULL, 0, ) - // if (status == -180) - // { // Special error case as Wolf will not accept a zero value for MAC size - // status = CRYPTO_LIB_SUCCESS; - // } - // } - // break; case CRYPTO_CIPHER_AES256_CBC: status = wc_AesSetKey(&enc, key, len_key, iv, AES_ENCRYPTION); @@ -528,30 +515,6 @@ static int32_t cryptography_aead_encrypt(uint8_t* data_out, size_t len_data_out, } break; - // TODO: Confirm same process will be used - // case CRYPTO_CIPHER_AES256_GCM_SIV: - // status = wc_AesGcmSetKey(&enc, key, len_key); - // if (status == 0) - // { - // if ((encrypt_bool == CRYPTO_TRUE) && (authenticate_bool == CRYPTO_TRUE)) - // { - // status = wc_AesGcmEncrypt(&enc, data_out, data_in, len_data_in, iv, iv_len, mac, mac_size, aad, aad_len); - // } - // else if (encrypt_bool == CRYPTO_TRUE) - // { - // status = wc_AesGcmEncrypt(&enc, data_out, data_in, len_data_in, iv, iv_len, mac, 16, aad, aad_len); - // if (status == -180) - // { // Special error case as Wolf will not accept a zero value for MAC size - // status = CRYPTO_LIB_SUCCESS; - // } - // } - // else if (authenticate_bool == CRYPTO_TRUE) - // { - // status = wc_AesGcmEncrypt(&enc, data_out, data_in, 0, iv, iv_len, mac, mac_size, aad, aad_len); - // } - // } - // break; - case CRYPTO_CIPHER_AES256_CCM: status = CRYPTO_LIB_ERR_UNSUPPORTED_ACS; break; @@ -611,18 +574,6 @@ static int32_t cryptography_decrypt(uint8_t* data_out, size_t len_data_out, } break; - // case CRYPTO_CIPHER_AES256_GCM_SIV: - // status = wc_AesGcmSetKey(&dec, key, len_key); - // if (status == 0) - // { - // status = wc_AesGcmDecrypt(&dec, data_out, data_in, len_data_in, iv, iv_len, calc_mac, 16, NULL, 0); - // if (status == -180) - // { // Special error case as Wolf will not accept a zero value for MAC size - // status = CRYPTO_LIB_SUCCESS; - // } - // } - // break; - case CRYPTO_CIPHER_AES256_CBC: status = wc_AesSetKey(&dec, key, len_key, iv, AES_DECRYPTION); if (status == 0) @@ -709,43 +660,6 @@ static int32_t cryptography_aead_decrypt(uint8_t* data_out, size_t len_data_out, } break; - // case CRYPTO_CIPHER_AES256_GCM_SIV: - // status = wc_AesGcmSetKey(&dec, key, len_key); - // if (status == 0) - // { - // if ((decrypt_bool == CRYPTO_TRUE) && (authenticate_bool == CRYPTO_TRUE)) - // { - // // Added for now while assessing unit tests and requirements - // if (mac_size > 0) - // { - // status = wc_AesGcmDecrypt(&dec, data_out, data_in, len_data_in, iv, iv_len, mac, mac_size, aad, aad_len); - // } - // else - // { - // status = wc_AesGcmDecrypt(&dec, data_out, data_in, len_data_in, iv, iv_len, mac, 16, aad, aad_len); - // if (status == -180) - // { // Special error case as Wolf will not accept a zero value for MAC size - // status = CRYPTO_LIB_SUCCESS; - // } - // } - // } - // else if (decrypt_bool == CRYPTO_TRUE) - // { - // status = wc_AesGcmDecrypt(&dec, data_out, data_in, len_data_in, iv, iv_len, mac, 16, aad, aad_len); - // if (status == -180) - // { // Special error case as Wolf will not accept a zero value for MAC size - // status = CRYPTO_LIB_SUCCESS; - // } - // } - // else if (authenticate_bool == CRYPTO_TRUE) - // { - // status = wc_AesGcmDecrypt(&dec, data_out, data_in, len_data_in, iv, iv_len, mac, mac_size, aad, aad_len); - // // If authentication only, don't decrypt the data. Just pass the data PDU through. - // memcpy(data_out, data_in, len_data_in); - // } - // } - // break; - case CRYPTO_CIPHER_AES256_CCM: status = CRYPTO_LIB_ERR_UNSUPPORTED_ECS; break; @@ -809,9 +723,6 @@ int32_t cryptography_get_ecs_algo(int8_t algo_enum) case CRYPTO_CIPHER_AES256_GCM: algo = CRYPTO_CIPHER_AES256_GCM; break; - case CRYPTO_CIPHER_AES256_GCM_SIV: - algo = CRYPTO_CIPHER_AES256_GCM_SIV; - break; case CRYPTO_CIPHER_AES256_CBC: algo = CRYPTO_CIPHER_AES256_CBC; break; From 435bec2cea30b5e5a339b07f6766eb7ade611cb5 Mon Sep 17 00:00:00 2001 From: Robert Brown Date: Fri, 2 Aug 2024 15:01:52 -0400 Subject: [PATCH 093/174] [nasa/Cryptolib#256] SA Rework Update - WIP Unit tests (Currently Broken) --- include/crypto_config.h | 1 + include/crypto_config_structs.h | 2 +- include/crypto_structs.h | 3 +- src/core/crypto_config.c | 2 +- src/core/crypto_tc.c | 1 - .../key_interface_custom_stub.template.c | 3 +- .../internal/sa_interface_inmemory.template.c | 424 ++-- support/scripts/build_kmc.sh | 2 +- test/CMakeLists.txt | 24 +- test/kmc/ut_kmc_crypto.c | 830 +++---- test/kmc/ut_kmc_crypto_auth_only.c | 974 ++++---- test/kmc/ut_kmc_crypto_cam.c | 1250 +++++----- test/kmc/ut_kmc_crypto_with_mtls_sadb.c | 298 +-- test/kmc/ut_mariadb.c | 1040 ++++---- test/kmc/ut_tc_kmc.c | 2152 +++++++++-------- test/unit/ut_aos_apply.c | 2 +- 16 files changed, 3518 insertions(+), 3490 deletions(-) diff --git a/include/crypto_config.h b/include/crypto_config.h index 4ac51739..7ae23b8a 100644 --- a/include/crypto_config.h +++ b/include/crypto_config.h @@ -75,6 +75,7 @@ #define TYPE_TC 0 #define TYPE_MAP 1 #define TYPE_TM 2 +#define TYPE_AOS 3 // Specific to Authentication #define SA_NONE 0 diff --git a/include/crypto_config_structs.h b/include/crypto_config_structs.h index a829e68d..4667bad6 100644 --- a/include/crypto_config_structs.h +++ b/include/crypto_config_structs.h @@ -89,7 +89,7 @@ typedef enum } CreateFecfBool; typedef enum { - AOS_FHEC_NA, + AOS_FHEC_NA=0, AOS_NO_FHEC, AOS_HAS_FHEC } AosFhecPresent; diff --git a/include/crypto_structs.h b/include/crypto_structs.h index d5ed2bdb..00654bb0 100644 --- a/include/crypto_structs.h +++ b/include/crypto_structs.h @@ -20,13 +20,14 @@ #define CRYPTO_STRUCTS_H #include "crypto_config.h" +#include #ifdef NOS3 // NOS3/cFS build is ready #include "common_types.h" #else // Assume build outside of NOS3/cFS infrastructure #include -#ifndef KMC_CFFI_EXCLUDE // Exclude libraries that CFFI parser can’t process #include +#ifndef KMC_CFFI_EXCLUDE // Exclude libraries that CFFI parser can’t process #include #endif #endif diff --git a/src/core/crypto_config.c b/src/core/crypto_config.c index 57c397fe..10ac0761 100644 --- a/src/core/crypto_config.c +++ b/src/core/crypto_config.c @@ -155,7 +155,7 @@ int32_t Crypto_Init_AOS_Unit_Test(void) //Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_NO_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); AOS_UT_Managed_Parameters.scid = 0x002c; - AOS_UT_Managed_Parameters.aos_has_fhec = AOS_NO_FECF; + AOS_UT_Managed_Parameters.has_fecf = AOS_NO_FECF; Crypto_Config_Add_Gvcid_Managed_Parameters(AOS_UT_Managed_Parameters); //Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0042, 0, AOS_NO_FECF, AOS_SEGMENT_HDRS_NA, AOS_HAS_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); diff --git a/src/core/crypto_tc.c b/src/core/crypto_tc.c index 6131c6f8..cc1ed379 100644 --- a/src/core/crypto_tc.c +++ b/src/core/crypto_tc.c @@ -386,7 +386,6 @@ int32_t Crypto_TC_Do_Encrypt_PLAINTEXT(uint8_t sa_service_type, SecurityAssociat mc_if->mc_log(status); return status; } - if (ecs_is_aead_algorithm == CRYPTO_TRUE) { // Check that key length to be used ets the algorithm requirement diff --git a/src/key/custom_stub/key_interface_custom_stub.template.c b/src/key/custom_stub/key_interface_custom_stub.template.c index b14257a0..0f77762d 100644 --- a/src/key/custom_stub/key_interface_custom_stub.template.c +++ b/src/key/custom_stub/key_interface_custom_stub.template.c @@ -17,13 +17,12 @@ */ #include "key_interface.h" - /* Variables */ static KeyInterfaceStruct key_if_struct; /* Functions */ KeyInterface get_key_interface_custom(void) { - fprintf(stderr,"ERROR: Loading custom key interface stub source code. Rebuild CryptoLib with -DKEY_CUSTOM=ON to use implementation.\n"); + fprintf(stderr, "ERROR: Loading custom key interface stub source code. Rebuild CryptoLib with -DKEY_CUSTOM=ON to use implementation.\n"); return &key_if_struct; } diff --git a/src/sa/internal/sa_interface_inmemory.template.c b/src/sa/internal/sa_interface_inmemory.template.c index e28463c7..e0047d48 100644 --- a/src/sa/internal/sa_interface_inmemory.template.c +++ b/src/sa/internal/sa_interface_inmemory.template.c @@ -225,6 +225,8 @@ static int32_t sa_save_sa(SecurityAssociation_t* sa) **/ void sa_populate(void) { +// Security Associations + // EMPTY SA - Not Used (SA_NONE) sa[0].spi = 0; sa[0].sa_state = SA_NONE; sa[0].est = 0; @@ -234,312 +236,328 @@ void sa_populate(void) sa[0].arsn_len = 0; sa[0].arsnw_len = 0; sa[0].arsnw = 0; - sa[0].gvcid_blk.tfvn = 3; - sa[0].gvcid_blk.scid = 3; - sa[0].gvcid_blk.vcid = 3; + sa[0].gvcid_blk.tfvn = 0; + sa[0].gvcid_blk.scid = 0; + sa[0].gvcid_blk.vcid = 0; sa[0].gvcid_blk.mapid = TYPE_TC; - // Security Associations - // SA 1 - TC CLEAR MODE + // TC - CLEAR MODE (Operational) + // IV = 0 ... 0, IV-Len = 12, TFVN = 0, VCID = 0, MAC-Len = 0, ARSNW = 5 + // EKID = 1 sa[1].spi = 1; sa[1].sa_state = SA_OPERATIONAL; sa[1].est = 0; sa[1].ast = 0; - sa[1].shivf_len = 0; + sa[1].shivf_len = 12; + sa[1].iv_len = 12; sa[1].shsnf_len = 2; - sa[1].arsn_len = 2; - sa[1].arsnw_len = 1; sa[1].arsnw = 5; + sa[1].arsnw_len = 1; + sa[1].arsn_len = 2; sa[1].gvcid_blk.tfvn = 0; sa[1].gvcid_blk.scid = SCID & 0x3FF; sa[1].gvcid_blk.vcid = 0; sa[1].gvcid_blk.mapid = TYPE_TC; - - // SA 2 - TM CLEAR MODE - sa[2].spi = 8; - sa[2].sa_state = SA_OPERATIONAL; - sa[2].est = 0; + + // TC - Encryption Only - AES-GCM-256 (Keyed) + // IV = 0...0, IV-Len = 12, TFVN = 0, VCID = 0; MAC-Len = 0, ARSNW = 5 + // EKID = 2 + sa[2].spi = 2; + sa[2].ekid = 2; + sa[2].sa_state = SA_KEYED; + sa[2].ecs_len = 1; + sa[2].ecs = CRYPTO_CIPHER_AES256_GCM; + sa[2].est = 1; sa[2].ast = 0; - sa[2].arsn_len = 1; + sa[2].shivf_len = 12; + sa[2].iv_len = 12; + sa[2].shsnf_len = 2; + sa[2].arsn_len = 2; sa[2].arsnw_len = 1; sa[2].arsnw = 5; sa[2].gvcid_blk.tfvn = 0; sa[2].gvcid_blk.scid = SCID & 0x3FF; - sa[2].gvcid_blk.vcid = 1; - sa[2].gvcid_blk.mapid = TYPE_TM; + sa[2].gvcid_blk.vcid = 0; + sa[2].gvcid_blk.mapid = TYPE_TC; - // SA 3 - KEYED; ARSNW:5; AES-GCM; IV:00...00; IV-len:12; MAC-len:16; Key-ID: 129 + // TC - Authentication Only - HMAC_SHA512 (Keyed) + // IV = 0...0, IV-Len = 12, MAC-Len = 16, TFVN = 0, VCID = 0, ARSNW = 5 + // AKID = 3 sa[3].spi = 3; - sa[3].ekid = 129; + sa[3].akid = 3; sa[3].sa_state = SA_KEYED; - sa[3].est = 1; + sa[3].acs_len = 1; + sa[3].acs = CRYPTO_MAC_HMAC_SHA512; + sa[3].est = 0; sa[3].ast = 1; - sa[3].ecs_len = 1; - sa[3].ecs = CRYPTO_CIPHER_AES256_GCM; sa[3].shivf_len = 12; sa[3].iv_len = 12; - *(sa[3].iv + sa[3].shivf_len - 1) = 0; - sa[3].abm_len = ABM_SIZE; // 20 + sa[3].shsnf_len = 2; + sa[3].arsn_len = 2; sa[3].arsnw_len = 1; sa[3].arsnw = 5; - sa[3].arsn_len = (sa[3].arsnw * 2) + 1; - - // SA 4 - KEYED; ARSNW:5; AES-GCM; IV:00...00; IV-len:12; MAC-len:16; Key-ID: 130 - // SA 4 VC0/1 is now 4-VC0, 7-VC1 + sa[3].stmacf_len = 16; + sa[3].gvcid_blk.tfvn = 0; + sa[3].gvcid_blk.scid = SCID & 0x3FF; + sa[3].gvcid_blk.vcid = 0; + sa[3].gvcid_blk.mapid = TYPE_TC; + + // TC - Authenticated Encryption - AES-GCM-256 (Keyed) + // IV = 0 ... 0, IV-Len = 12, MAC-Len = 16, TFVN = 0, VCID = 0, ARSNW = 5 + // EKID = 4 sa[4].spi = 4; - sa[4].ekid = 130; - sa[4].sa_state = SA_OPERATIONAL; - sa[4].est = 1; - sa[4].ast = 1; + sa[4].ekid = 4; + sa[4].sa_state = SA_KEYED; sa[4].ecs_len = 1; sa[4].ecs = CRYPTO_CIPHER_AES256_GCM; + sa[4].est = 1; + sa[4].ast = 1; sa[4].shivf_len = 12; sa[4].iv_len = 12; - sa[4].stmacf_len = 16; - *(sa[4].iv + 11) = 0; - sa[4].abm_len = ABM_SIZE; // 20 + sa[4].shsnf_len = 2; sa[4].arsnw_len = 1; sa[4].arsnw = 5; - sa[4].arsn_len = 0; + sa[4].arsn_len = 2; + sa[4].stmacf_len = 16; sa[4].gvcid_blk.tfvn = 0; sa[4].gvcid_blk.scid = SCID & 0x3FF; - sa[4].gvcid_blk.vcid = 4; + sa[4].gvcid_blk.vcid = 0; sa[4].gvcid_blk.mapid = TYPE_TC; - // SA 5 - KEYED; ARSNW:5; AES-GCM; IV:00...00; IV-len:12; MAC-len:16; Key-ID: 131 + // TM - CLEAR MODE (Keyed) + // IV = 0...0, IV-Len = 12, MAC-Len = 0, TFVN = 0, VCID = 0, ARSNW = 5 + // EKID = 5 sa[5].spi = 5; - sa[5].ekid = 131; sa[5].sa_state = SA_KEYED; - sa[5].est = 1; - sa[5].ast = 1; - sa[5].ecs_len = 1; - sa[5].ecs = CRYPTO_CIPHER_AES256_GCM; + sa[5].est = 0; + sa[5].ast = 0; sa[5].shivf_len = 12; sa[5].iv_len = 12; - *(sa[5].iv + sa[5].shivf_len - 1) = 0; - sa[5].abm_len = ABM_SIZE; // 20 - sa[5].arsnw_len = 1; + sa[5].shsnf_len = 2; sa[5].arsnw = 5; - sa[5].arsn_len = (sa[5].arsnw * 2) + 1; - - // SA 6 - UNKEYED; ARSNW:5; AES-GCM; IV:00...00; IV-len:12; MAC-len:16; Key-ID: - + sa[5].arsnw_len = 1; + sa[5].arsn_len = 2; + sa[5].gvcid_blk.tfvn = 0; + sa[5].gvcid_blk.scid = SCID & 0x3FF; + sa[5].gvcid_blk.vcid = 1; + sa[5].gvcid_blk.mapid = TYPE_TM; + + // TM - Encryption Only - AES-CBC-256 (Keyed) + // IV = 0...0, IV-Len = 16, TFVN = 0, VCID = 0; MAC-Len = 0, ARSNW = 5 + // EKID = 6 sa[6].spi = 6; - sa[6].sa_state = SA_UNKEYED; - sa[6].est = 1; - sa[6].ast = 1; + sa[6].ekid = 6; + sa[6].sa_state = SA_KEYED; sa[6].ecs_len = 1; - sa[6].ecs = CRYPTO_CIPHER_AES256_GCM; - sa[6].shivf_len = 12; - sa[6].iv_len = 12; - *(sa[6].iv + sa[6].shivf_len - 1) = 0; - sa[6].abm_len = ABM_SIZE; // 20 + sa[6].ecs = CRYPTO_CIPHER_AES256_CBC; + sa[6].est = 1; + sa[6].ast = 0; + sa[6].shivf_len = 16; + sa[6].iv_len = 16; + sa[6].shplf_len = 1; + sa[6].stmacf_len = 0; + sa[6].arsn_len = 2; sa[6].arsnw_len = 1; sa[6].arsnw = 5; - sa[6].arsn_len = (sa[6].arsnw * 2) + 1; - - // SA 7 - KEYED; ARSNW:5; AES-GCM; IV:00...00; IV-len:12; MAC-len:16; Key-ID: 130 + sa[6].gvcid_blk.tfvn = 0; + sa[6].gvcid_blk.scid = SCID & 0x3FF; + sa[6].gvcid_blk.vcid = 0; + sa[6].gvcid_blk.mapid = TYPE_TM; + + // TM - Authentication Only HMAC_SHA512 (Keyed) + // IV = 0...0, IV-Len = 12, MAC-Len = 16, TFVN = 0, VCID = 0, ARSNW = 5 + // AKID = 7 sa[7].spi = 7; - sa[7].ekid = 130; + sa[7].akid = 7; sa[7].sa_state = SA_KEYED; - sa[7].est = 1; + sa[7].acs_len = 1; + sa[7].acs = CRYPTO_MAC_HMAC_SHA512; + sa[7].est = 0; sa[7].ast = 1; - sa[7].ecs_len = 1; - sa[7].ecs = CRYPTO_CIPHER_AES256_GCM; sa[7].shivf_len = 12; sa[7].iv_len = 12; - *(sa[7].iv + sa[7].shivf_len - 1) = 0; - sa[7].abm_len = ABM_SIZE; // 20 + sa[7].shsnf_len = 2; + sa[7].arsn_len = 2; sa[7].arsnw_len = 1; sa[7].arsnw = 5; - sa[7].arsn_len = (sa[7].arsnw * 2) + 1; + sa[7].stmacf_len = 16; sa[7].gvcid_blk.tfvn = 0; sa[7].gvcid_blk.scid = SCID & 0x3FF; - sa[7].gvcid_blk.vcid = 1; - sa[7].gvcid_blk.mapid = TYPE_TC; + sa[7].gvcid_blk.vcid = 0; + sa[7].gvcid_blk.mapid = TYPE_TM; - // SA 8 - CLEAR MODE + // TM - Authenticated Encryption AES-CBC-256 (Keyed) + // IV = 0...0, IV-Len = 16, MAC-Len = 16, TFVN = 0, VCID = 0, ARSNW = 5 + // EKID = 8 sa[8].spi = 8; - sa[8].sa_state = SA_NONE; - sa[8].est = 0; - sa[8].ast = 0; - sa[8].arsn_len = 1; + sa[8].ekid = 8; + sa[8].sa_state = SA_KEYED; + sa[8].ecs_len = 1; + sa[8].ecs = CRYPTO_CIPHER_AES256_CBC; + sa[8].est = 1; + sa[8].ast = 1; + sa[8].shplf_len = 1; + sa[8].shivf_len = 16; + sa[8].iv_len = 16; + sa[8].shsnf_len = 2; + sa[8].arsn_len = 2; sa[8].arsnw_len = 1; sa[8].arsnw = 5; + sa[8].stmacf_len = 16; sa[8].gvcid_blk.tfvn = 0; sa[8].gvcid_blk.scid = SCID & 0x3FF; - sa[8].gvcid_blk.vcid = 1; - sa[8].gvcid_blk.mapid = TYPE_TC; - - // SA 9 - Validation Tests + sa[8].gvcid_blk.vcid = 0; + sa[8].gvcid_blk.mapid = TYPE_TM; + + // AOS - Clear Mode + // IV = 0...0, IV-Len = 12, MAC-Len = 0, TFVN = 1, VCID = 0, ARSNW = 5 + // EKID = 9 sa[9].spi = 9; - sa[9].ekid = 136; sa[9].sa_state = SA_KEYED; - sa[9].est = 1; + sa[9].est = 0; sa[9].ast = 0; sa[9].shivf_len = 12; sa[9].iv_len = 12; - *(sa[9].iv + 11) = 0; - sa[9].abm_len = ABM_SIZE; // 20 - sa[9].arsnw_len = 1; + sa[9].shsnf_len = 2; sa[9].arsnw = 5; - sa[9].arsn_len = 0; - sa[9].gvcid_blk.tfvn = 0; + sa[9].arsnw_len = 1; + sa[9].arsn_len = 2; + sa[9].gvcid_blk.tfvn = 0x01; sa[9].gvcid_blk.scid = SCID & 0x3FF; sa[9].gvcid_blk.vcid = 0; - sa[9].gvcid_blk.mapid = TYPE_TC; + sa[9].gvcid_blk.mapid = TYPE_AOS; - // SA 10 - KEYED; ARSNW:5; AES-GCM; IV:00...00; IV-len:12; MAC-len:16; Key-ID: 130 - // SA 10 VC0/1 is now 4-VC0, 7-VC1 + // AOS - Authentication Only, HMAC_SHA512 (Keyed) + // IV = 0...0, IV-Len = 16, MAC-Len = 16, TFVN = 1, VCID = 0, ARSNW = 5 + // AKID = 10 sa[10].spi = 10; - sa[10].ekid = 130; + sa[10].akid = 10; sa[10].sa_state = SA_KEYED; - sa[10].est = 1; + sa[10].est = 0; sa[10].ast = 1; - sa[10].ecs_len = 1; - sa[10].ecs = CRYPTO_CIPHER_AES256_GCM; - sa[10].shivf_len = 0; - sa[10].iv_len = 0; - sa[10].stmacf_len = 0; - *(sa[10].iv + 11) = 0; - sa[10].abm_len = ABM_SIZE; // 20 - sa[10].arsnw_len = 1; + sa[10].acs_len = 1; + sa[10].acs = CRYPTO_MAC_HMAC_SHA512; + sa[10].stmacf_len = 16; sa[10].arsnw = 5; - sa[10].arsn_len = 0; - sa[10].gvcid_blk.tfvn = 0x00; - sa[10].gvcid_blk.scid = 0x002C; - sa[10].gvcid_blk.vcid = 1; - sa[10].gvcid_blk.mapid = TYPE_TC; - char ek_ref_string[20] = "kmc/test/key130"; - memcpy(sa[10].ek_ref, ek_ref_string, strlen(ek_ref_string)); - - // SA 11 - KEYED; ARSNW:5; AES-GCM; IV:00...00; IV-len:12; MAC-len:16; Key-ID: 130 - // SA 11 VC0/1 is now 4-VC0, 7-VC1 + sa[10].arsnw_len = 1; + sa[10].arsn_len = 2; + sa[10].gvcid_blk.tfvn = 0x01; + sa[10].gvcid_blk.scid = SCID & 0x3FF; + sa[10].gvcid_blk.vcid = 0; + sa[10].gvcid_blk.mapid = TYPE_AOS; + + // AOS - Encryption Only, AES-GCM-256 (Keyed) + // IV = 0...0, IV-Len = 16, MAC-Len = 0, TFVN = 1, VCID = 0, ARSNW = 5 + // EKID = 11 sa[11].spi = 11; - sa[11].ekid = 130; + sa[11].ekid = 11; sa[11].sa_state = SA_KEYED; sa[11].est = 1; sa[11].ast = 0; sa[11].ecs_len = 1; + sa[11].shplf_len = 1; sa[11].ecs = CRYPTO_CIPHER_AES256_CBC; - sa[11].shivf_len = 16; sa[11].iv_len = 16; - sa[11].shplf_len = 1; + sa[11].shivf_len = 16; sa[11].stmacf_len = 0; - *(sa[11].iv + (sa[11].iv_len - 1)) = 0; - sa[11].abm_len = ABM_SIZE; // 20 - sa[11].arsnw_len = 0; + sa[11].shsnf_len = 2; + sa[11].arsn_len = 2; + sa[11].arsnw_len = 1; sa[11].arsnw = 5; - sa[11].arsn_len = 0; - sa[11].gvcid_blk.tfvn = 0; + sa[11].gvcid_blk.tfvn = 0x01; sa[11].gvcid_blk.scid = SCID & 0x3FF; sa[11].gvcid_blk.vcid = 0; - sa[11].gvcid_blk.mapid = TYPE_TC; - memcpy(sa[11].ek_ref, ek_ref_string, strlen(ek_ref_string)); + sa[11].gvcid_blk.mapid = TYPE_AOS; - // SA 12 - TM CLEAR MODE - // SA 12 + // AOS - Authenticated Encryption, AES-CBC-256 (Keyed) + // IV = 0...0, IV-Len = 16, MAC-Len = 16, TFVN = 1, VCID = 0, ARSNW = 5 sa[12].spi = 12; - sa[12].sa_state = SA_OPERATIONAL; - sa[12].est = 0; - sa[12].ast = 0; - sa[12].shivf_len = 0; - sa[12].shsnf_len = 0; - sa[12].arsn_len = 0; - sa[12].arsnw_len = 0; + sa[12].ekid = 12; + sa[12].sa_state = SA_KEYED; + sa[12].est = 1; + sa[12].ast = 1; + sa[12].ecs_len = 1; + sa[12].ecs = CRYPTO_CIPHER_AES256_GCM; + sa[12].iv_len = 16; + sa[12].shivf_len = 16; + sa[12].stmacf_len = 16; + sa[12].shsnf_len = 2; + sa[12].arsn_len = 2; + sa[12].arsnw_len = 1; sa[12].arsnw = 5; - sa[12].gvcid_blk.tfvn = 0; + sa[12].gvcid_blk.tfvn = 0x01; sa[12].gvcid_blk.scid = SCID & 0x3FF; sa[12].gvcid_blk.vcid = 0; - sa[12].gvcid_blk.mapid = TYPE_TM; - // SA 13 - TM Authentication Only - // SA 13 + +// EP - Testing SAs + + // TC - NULL (SA_None) sa[13].spi = 13; - sa[13].akid = 130; - sa[13].ekid = 130; - sa[13].sa_state = SA_OPERATIONAL; - sa[13].est = 1; - sa[13].ast = 1; - sa[13].acs_len = 0; - sa[13].acs = CRYPTO_MAC_NONE; - sa[13].ecs_len = 1; - sa[13].ecs = CRYPTO_CIPHER_AES256_GCM; - sa[13].shivf_len = 16; - sa[13].iv_len = 16; - *(sa[13].iv + sa[13].shivf_len - 1) = 0; - sa[13].stmacf_len = 16; - sa[13].shsnf_len = 0; - sa[13].abm_len = ABM_SIZE; - memset(sa[13].abm, 0xFF, (sa[13].abm_len * sizeof(uint8_t))); // Bitmask - sa[13].arsn_len = 0; - sa[13].arsnw_len = 0; + sa[13].sa_state = SA_NONE; + sa[13].est = 0; + sa[13].ast = 0; + sa[13].shivf_len = 12; + sa[13].iv_len = 12; + sa[13].shsnf_len = 2; sa[13].arsnw = 5; - sa[13].gvcid_blk.tfvn = 0; + sa[13].arsnw_len = 1; + sa[13].arsn_len = 2; + sa[13].gvcid_blk.tfvn = 2; sa[13].gvcid_blk.scid = SCID & 0x3FF; sa[13].gvcid_blk.vcid = 0; - sa[13].gvcid_blk.mapid = TYPE_TM; + sa[13].gvcid_blk.mapid = TYPE_TC; - // SA 14 - AOS Clear Mode + // TC - Keyed sa[14].spi = 14; - sa[14].sa_state = SA_OPERATIONAL; + sa[14].ekid = 14; + sa[14].sa_state = SA_KEYED; sa[14].est = 0; sa[14].ast = 0; - sa[14].shivf_len = 0; - sa[14].gvcid_blk.tfvn = 0x01; + sa[14].shivf_len = 12; + sa[14].iv_len = 12; + sa[14].shsnf_len = 2; + sa[14].arsnw = 5; + sa[14].arsnw_len = 1; + sa[14].arsn_len = 2; + sa[14].gvcid_blk.tfvn = 2; sa[14].gvcid_blk.scid = SCID & 0x3FF; - sa[14].gvcid_blk.vcid = 0; + sa[14].gvcid_blk.vcid = 1; + sa[14].gvcid_blk.mapid = TYPE_TC; - // SA 15 - AOS Authentication Only + // TC - Unkeyed + sa[14].spi = 14; + sa[14].ekid = 14; + sa[14].sa_state = SA_UNKEYED; + sa[14].est = 0; + sa[14].ast = 0; + sa[14].shivf_len = 12; + sa[14].iv_len = 12; + sa[14].shsnf_len = 2; + sa[14].arsnw = 5; + sa[14].arsnw_len = 1; + sa[14].arsn_len = 2; + sa[14].gvcid_blk.tfvn = 2; + sa[14].gvcid_blk.scid = SCID & 0x3FF; + sa[14].gvcid_blk.vcid = 2; + sa[14].gvcid_blk.mapid = TYPE_TC; + + // TC - Operational sa[15].spi = 15; - sa[15].akid = 130; - sa[15].sa_state = SA_KEYED; + sa[15].ekid = 15; + sa[15].sa_state = SA_OPERATIONAL; sa[15].est = 0; - sa[15].ast = 1; - sa[15].acs_len = 1; - sa[15].acs = CRYPTO_MAC_CMAC_AES256; - sa[15].stmacf_len = 16; - sa[15].abm_len = ABM_SIZE; - memset(sa[15].abm, 0xFF, (sa[15].abm_len * sizeof(uint8_t))); // Bitmask - sa[15].gvcid_blk.tfvn = 0x01; + sa[15].ast = 0; + sa[15].shivf_len = 12; + sa[15].iv_len = 12; + sa[15].shsnf_len = 2; + sa[15].arsnw = 5; + sa[15].arsnw_len = 1; + sa[15].arsn_len = 2; + sa[15].gvcid_blk.tfvn = 2; sa[15].gvcid_blk.scid = SCID & 0x3FF; - sa[15].gvcid_blk.vcid = 0; - - // SA 16 - AOS Encryption Only - sa[16].spi = 16; - sa[16].ekid = 130; - sa[16].sa_state = SA_KEYED; - sa[16].est = 1; - sa[16].ast = 0; - sa[16].ecs_len = 1; - sa[16].ecs = CRYPTO_CIPHER_AES256_GCM; - sa[16].iv_len = 16; - sa[16].shivf_len = 16; - *(sa[16].iv + sa[16].shivf_len - 1) = 0; - sa[16].stmacf_len = 0; - sa[16].abm_len = ABM_SIZE; - memset(sa[16].abm, 0xFF, (sa[16].abm_len * sizeof(uint8_t))); // Bitmask - sa[16].gvcid_blk.tfvn = 0x01; - sa[16].gvcid_blk.scid = SCID & 0x3FF; - sa[16].gvcid_blk.vcid = 0; - - // SA 17 - AOS AEAD - sa[17].spi = 17; - sa[17].ekid = 130; - sa[17].sa_state = SA_KEYED; - sa[17].est = 1; - sa[17].ast = 1; - sa[17].ecs_len = 1; - sa[17].ecs = CRYPTO_CIPHER_AES256_GCM; - sa[17].iv_len = 16; - sa[17].shivf_len = 16; - *(sa[17].iv + sa[17].shivf_len - 1) = 0; - sa[17].stmacf_len = 16; - sa[17].abm_len = ABM_SIZE; - memset(sa[17].abm, 0xFF, (sa[17].abm_len * sizeof(uint8_t))); // Bitmask - sa[17].gvcid_blk.tfvn = 0x01; - sa[17].gvcid_blk.scid = SCID & 0x3FF; - sa[17].gvcid_blk.vcid = 0; - + sa[15].gvcid_blk.vcid = 3; + sa[15].gvcid_blk.mapid = TYPE_TC; sa_perform_save(&sa[0]); } diff --git a/support/scripts/build_kmc.sh b/support/scripts/build_kmc.sh index 95c1489f..197d4211 100755 --- a/support/scripts/build_kmc.sh +++ b/support/scripts/build_kmc.sh @@ -9,4 +9,4 @@ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) source $SCRIPT_DIR/env.sh -cmake $BASE_DIR -DCODECOV=1 -DDEBUG=1 -DCRYPTO_KMC=1 -DKEY_KMC=1 -DMC_DISABLED=1 -DSA_MARIADB=1 -DTEST=1 -DTEST_ENC=1 -DKMC_CFFI_EXCLUDE=1 -DSA_FILE=1 && make && make test +cmake $BASE_DIR -DCODECOV=1 -DDEBUG=1 -DCRYPTO_KMC=1 -DKEY_KMC=1 -DMC_DISABLED=1 -DSA_MARIADB=1 -DTEST=1 -DTEST_ENC=1 -DKMC_CFFI_EXCLUDE=1 -DSA_FILE=1 -DKMC_MDB_DB=1 && make && make test diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt index ac9352a8..63f9918c 100644 --- a/test/CMakeLists.txt +++ b/test/CMakeLists.txt @@ -72,9 +72,9 @@ if(${KMC_MDB_RH} OR ${KMC_MDB_DB}) COMMAND ${PROJECT_BINARY_DIR}/bin/ut_tc_kmc WORKING_DIRECTORY ${PROJECT_TEST_DIR}) - add_test(NAME UT_SADB_ERR_CASES_KMC_CRYPTO - COMMAND ${PROJECT_BINARY_DIR}/bin/ut_sa_err_cases_kmc_crypto - WORKING_DIRECTORY ${PROJECT_TEST_DIR}) + # add_test(NAME UT_SADB_ERR_CASES_KMC_CRYPTO + # COMMAND ${PROJECT_BINARY_DIR}/bin/ut_sa_err_cases_kmc_crypto + # WORKING_DIRECTORY ${PROJECT_TEST_DIR}) # add_test(NAME UT_MYSQL_TLS_CONNECTION # COMMAND ${PROJECT_BINARY_DIR}/bin/ut_mysql_tls_connection @@ -88,22 +88,22 @@ if(${KMC_MDB_RH} OR ${KMC_MDB_DB}) # COMMAND ${PROJECT_BINARY_DIR}/bin/ut_mariadb # WORKING_DIRECTORY ${PROJECT_TEST_DIR}) - add_test(NAME UT_KMC_CRYPTO - COMMAND ${PROJECT_BINARY_DIR}/bin/ut_kmc_crypto - WORKING_DIRECTORY ${PROJECT_TEST_DIR}) + # add_test(NAME UT_KMC_CRYPTO + # COMMAND ${PROJECT_BINARY_DIR}/bin/ut_kmc_crypto + # WORKING_DIRECTORY ${PROJECT_TEST_DIR}) - add_test(NAME UT_KMC_CRYPTO_WITH_MTLS_SADB - COMMAND ${PROJECT_BINARY_DIR}/bin/ut_kmc_crypto_with_mtls_sadb - WORKING_DIRECTORY ${PROJECT_TEST_DIR}) + # add_test(NAME UT_KMC_CRYPTO_WITH_MTLS_SADB + # COMMAND ${PROJECT_BINARY_DIR}/bin/ut_kmc_crypto_with_mtls_sadb + # WORKING_DIRECTORY ${PROJECT_TEST_DIR}) # This Test cannot yet be accomplished. Need CAM #add_test(NAME UT_KMC_CRYPTO_CAM # COMMAND ${PROJECT_BINARY_DIR}/bin/ut_kmc_crypto_cam # WORKING_DIRECTORY ${PROJECT_TEST_DIR}) - add_test(NAME UT_KMC_CRYPTO_AUTH_ONLY - COMMAND ${PROJECT_BINARY_DIR}/bin/ut_kmc_crypto_auth_only - WORKING_DIRECTORY ${PROJECT_TEST_DIR}) + # add_test(NAME UT_KMC_CRYPTO_AUTH_ONLY + # COMMAND ${PROJECT_BINARY_DIR}/bin/ut_kmc_crypto_auth_only + # WORKING_DIRECTORY ${PROJECT_TEST_DIR}) endif() if(TEST_ENC) diff --git a/test/kmc/ut_kmc_crypto.c b/test/kmc/ut_kmc_crypto.c index 6c0ecf39..1921d7c0 100644 --- a/test/kmc/ut_kmc_crypto.c +++ b/test/kmc/ut_kmc_crypto.c @@ -29,407 +29,121 @@ #include #include -#ifdef KMC_MDB_RH - #define CLIENT_CERTIFICATE "/certs/redhat-cert.pem" - #define CLIENT_CERTIFICATE_KEY "/certs/redhat-key.pem" -#else - /* KMC_MDB_DB */ - #define CLIENT_CERTIFICATE "/certs/debian-cert.pem" - #define CLIENT_CERTIFICATE_KEY "/certs/debian-key.pem" -#endif +// #ifdef KMC_MDB_RH +// #define CLIENT_CERTIFICATE "/certs/redhat-cert.pem" +// #define CLIENT_CERTIFICATE_KEY "/certs/redhat-key.pem" +// #else +// /* KMC_MDB_DB */ +// #define CLIENT_CERTIFICATE "/certs/debian-cert.pem" +// #define CLIENT_CERTIFICATE_KEY "/certs/debian-key.pem" +// #endif + + +// /** +// * @brief Unit Test: Nominal Encryption with KMC Crypto Service && JPL Unit Test MariaDB +// **/ +// UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_ENC_AND_AUTH) +// { +// // Setup & Initialize CryptoLib +// Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, +// IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, +// TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, +// TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); +// Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); +// Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 55, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// int32_t status = Crypto_Init(); +// char* raw_tc_jpl_mmt_scid44_vcid1= "2003dc070001bd37"; +// char* raw_tc_jpl_mmt_scid44_vcid1_expect = NULL; +// int raw_tc_jpl_mmt_scid44_vcid1_expect_len = 0; -/** - * @brief Unit Test: Nominal Encryption with KMC Crypto Service && JPL Unit Test MariaDB - **/ -UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_ENC_AND_AUTH) -{ - // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, - IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, - TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, - TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); - Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 55, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - int32_t status = Crypto_Init(); - - char* raw_tc_jpl_mmt_scid44_vcid1= "2003dc070001bd37"; - char* raw_tc_jpl_mmt_scid44_vcid1_expect = NULL; - int raw_tc_jpl_mmt_scid44_vcid1_expect_len = 0; - - hex_conversion(raw_tc_jpl_mmt_scid44_vcid1, &raw_tc_jpl_mmt_scid44_vcid1_expect, &raw_tc_jpl_mmt_scid44_vcid1_expect_len); - - uint8_t* ptr_enc_frame = NULL; - uint16_t enc_frame_len = 0; - - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - - printf("Frame before encryption:\n"); - for (int i=0; itc_pdu_len; i++) - { - printf("%02x ", tc_processed_frame->tc_pdu[i]); - } - printf("\n"); - ASSERT_EQ(0x01,tc_processed_frame->tc_pdu[0]); - - Crypto_Shutdown(); - free(enc_tc_jpl_mmt_scid44_vcid1_expect); - free(ptr_enc_frame); - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); -} -//// Commenting out test - AEAD algorithms must have a tag -- Enc only config is invalid -///** -// * @brief Unit Test: Nominal Encryption with KMC Crypto Service && JPL Unit Test MariaDB -// **/ -//UTEST(KMC_CRYPTO, HAPPY_PATH_PROCESS_SEC_ENC_ONLY) -//{ -// // Setup & Initialize CryptoLib -// Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, -// IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, -// TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, -// TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); -// Crypto_Config_MariaDB("sa_user", "sa_password", "localhost","sadb", 3306, CRYPTO_FALSE, NULL, NULL, NULL, NULL, 0, NULL); -// Crypto_Config_Kmc_Crypto_Service("https", "asec-cmdenc-srv1.jpl.nasa.gov", 8443, "crypto-service", "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-cert.pem", "PEM","/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-key.pem",NULL,"/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/ammos-ca-bundle.crt", NULL, NULL, CRYPTO_FALSE); -// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); -// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); -// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 2, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); -// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 3, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); -// int32_t status = Crypto_Init(); -// -// char* enc_tc_jpl_mmt_scid44_vcid1= "202C0816000003000000000000000000000001669CD238"; -// char* enc_tc_jpl_mmt_scid44_vcid1_expect = NULL; -// int enc_tc_jpl_mmt_scid44_vcid1_expect_len = 0; -// -// // IV = 000000000000000000000001 -// -// TC_t* tc_processed_frame; -// tc_processed_frame = malloc(sizeof(uint8_t) * TC_SIZE); -// -// hex_conversion(enc_tc_jpl_mmt_scid44_vcid1, &enc_tc_jpl_mmt_scid44_vcid1_expect, &enc_tc_jpl_mmt_scid44_vcid1_expect_len); -// -// uint8_t* ptr_enc_frame = NULL; -// -// ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); -// -// printf("Encrypted Frame Before Processing:\n"); -// for (int i=0; itc_pdu_len; i++) -// for (int i=0; i<2; i++) -// { -// printf("%02x ", tc_processed_frame->tc_pdu[i]); -// } -// printf("\n"); -// -// // ASSERT_EQ(0x00,tc_processed_frame->tc_pdu[0]); -// // ASSERT_EQ( 0x01,tc_processed_frame->tc_pdu[1]); -// -// Crypto_Shutdown(); -// free(enc_tc_jpl_mmt_scid44_vcid1_expect); -// free(ptr_enc_frame); -// // ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); -//} -/** - * @brief Unit Test: Nominal Encryption with KMC Crypto Service && JPL Unit Test MariaDB - * This doesn't work -- Apply Security Auth Only doesn't return the proper tag. - **/ -UTEST(KMC_CRYPTO, HAPPY_PATH_PROCESS_SEC_AUTH_ONLY) -{ - // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, - IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, - TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, - TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); - Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 56, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - int32_t status = Crypto_Init(); - - char* enc_tc_jpl_mmt_scid44_vcid1= "2003E02600001400000000000000000000000200018DC038398EAA968C0D8972A614E1EFE005AE"; - char* enc_tc_jpl_mmt_scid44_vcid1_expect = NULL; - int enc_tc_jpl_mmt_scid44_vcid1_expect_len = 0; - - // Data=0001 - // IV=000000000000000000000001 - // AAD=00000000000000000000000000000000000000 - - - TC_t* tc_processed_frame; - tc_processed_frame = malloc(sizeof(uint8_t) * TC_SIZE); - - hex_conversion(enc_tc_jpl_mmt_scid44_vcid1, &enc_tc_jpl_mmt_scid44_vcid1_expect, &enc_tc_jpl_mmt_scid44_vcid1_expect_len); - - uint8_t* ptr_enc_frame = NULL; - - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - - printf("Encrypted Frame Before Processing:\n"); - for (int i=0; itc_pdu_len; i++) - { - printf("%02x ", tc_processed_frame->tc_pdu[i]); - } - printf("\n"); - - // ASSERT_EQ(0x00,tc_processed_frame->tc_pdu[0]); - // ASSERT_EQ( 0x01,tc_processed_frame->tc_pdu[1]); - - Crypto_Shutdown(); - free(enc_tc_jpl_mmt_scid44_vcid1_expect); - free(ptr_enc_frame); - // ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); -} - -UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_ENC_AND_AUTH_AESGCM_8BYTE_MAC) -{ - // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, - IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, - TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, - TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); - Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 57, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - int32_t status = Crypto_Init(); - - char* raw_tc_jpl_mmt_scid44_vcid1= "2003e408000001bd37"; - char* raw_tc_jpl_mmt_scid44_vcid1_expect = NULL; - int raw_tc_jpl_mmt_scid44_vcid1_expect_len = 0; - - hex_conversion(raw_tc_jpl_mmt_scid44_vcid1, &raw_tc_jpl_mmt_scid44_vcid1_expect, &raw_tc_jpl_mmt_scid44_vcid1_expect_len); - - uint8_t* ptr_enc_frame = NULL; - uint16_t enc_frame_len = 0; - - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - - printf("Frame before encryption:\n"); - for (int i=0; itc_pdu[i]); // } // printf("\n"); - -// ASSERT_EQ(0x00,tc_processed_frame->tc_pdu[0]); -// ASSERT_EQ( 0x00,tc_processed_frame->tc_pdu[1]); +// ASSERT_EQ(0x01,tc_processed_frame->tc_pdu[0]); // Crypto_Shutdown(); // free(enc_tc_jpl_mmt_scid44_vcid1_expect); // free(ptr_enc_frame); // ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); // } - -// UTEST(KMC_CRYPTO, UNHAPPY_PATH_INVALID_MAC_PROCESS_SEC_ENC_AND_AUTH_AESGCM_8BYTE_MAC) +// //// Commenting out test - AEAD algorithms must have a tag -- Enc only config is invalid +// ///** +// // * @brief Unit Test: Nominal Encryption with KMC Crypto Service && JPL Unit Test MariaDB +// // **/ +// //UTEST(KMC_CRYPTO, HAPPY_PATH_PROCESS_SEC_ENC_ONLY) +// //{ +// // // Setup & Initialize CryptoLib +// // Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, +// // IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, +// // TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, +// // TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); +// // Crypto_Config_MariaDB("sa_user", "sa_password", "localhost","sadb", 3306, CRYPTO_FALSE, NULL, NULL, NULL, NULL, 0, NULL); +// // Crypto_Config_Kmc_Crypto_Service("https", "asec-cmdenc-srv1.jpl.nasa.gov", 8443, "crypto-service", "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-cert.pem", "PEM","/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-key.pem",NULL,"/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/ammos-ca-bundle.crt", NULL, NULL, CRYPTO_FALSE); +// // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 2, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 3, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// // int32_t status = Crypto_Init(); +// // +// // char* enc_tc_jpl_mmt_scid44_vcid1= "202C0816000003000000000000000000000001669CD238"; +// // char* enc_tc_jpl_mmt_scid44_vcid1_expect = NULL; +// // int enc_tc_jpl_mmt_scid44_vcid1_expect_len = 0; +// // +// // // IV = 000000000000000000000001 +// // +// // TC_t* tc_processed_frame; +// // tc_processed_frame = malloc(sizeof(uint8_t) * TC_SIZE); +// // +// // hex_conversion(enc_tc_jpl_mmt_scid44_vcid1, &enc_tc_jpl_mmt_scid44_vcid1_expect, &enc_tc_jpl_mmt_scid44_vcid1_expect_len); +// // +// // uint8_t* ptr_enc_frame = NULL; +// // +// // ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); +// // +// // printf("Encrypted Frame Before Processing:\n"); +// // for (int i=0; itc_pdu_len; i++) +// // for (int i=0; i<2; i++) +// // { +// // printf("%02x ", tc_processed_frame->tc_pdu[i]); +// // } +// // printf("\n"); +// // +// // // ASSERT_EQ(0x00,tc_processed_frame->tc_pdu[0]); +// // // ASSERT_EQ( 0x01,tc_processed_frame->tc_pdu[1]); +// // +// // Crypto_Shutdown(); +// // free(enc_tc_jpl_mmt_scid44_vcid1_expect); +// // free(ptr_enc_frame); +// // // ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); +// //} +// /** +// * @brief Unit Test: Nominal Encryption with KMC Crypto Service && JPL Unit Test MariaDB +// * This doesn't work -- Apply Security Auth Only doesn't return the proper tag. +// **/ +// UTEST(KMC_CRYPTO, HAPPY_PATH_PROCESS_SEC_AUTH_ONLY) // { // // Setup & Initialize CryptoLib // Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, @@ -497,10 +326,10 @@ UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_ENC_AND_AUTH_AESGCM_8BYTE_MAC) // TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); // Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); -// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 11, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 56, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); // int32_t status = Crypto_Init(); -// char* enc_tc_jpl_mmt_scid44_vcid1= "20032C1E000009000000000000000000000001669C5639DCCDEA8C6CE3EEF2"; +// char* enc_tc_jpl_mmt_scid44_vcid1= "2003E02600001400000000000000000000000200018DC038398EAA968C0D8972A614E1EFE005AE"; // char* enc_tc_jpl_mmt_scid44_vcid1_expect = NULL; // int enc_tc_jpl_mmt_scid44_vcid1_expect_len = 0; @@ -526,20 +355,31 @@ UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_ENC_AND_AUTH_AESGCM_8BYTE_MAC) // printf("\n"); // status = Crypto_TC_ProcessSecurity((uint8_t* )enc_tc_jpl_mmt_scid44_vcid1_expect, &enc_tc_jpl_mmt_scid44_vcid1_expect_len, tc_processed_frame); + // if(status != CRYPTO_LIB_SUCCESS) // { // Crypto_Shutdown(); // } -// ASSERT_EQ(CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_GENERIC_FAILURE, status); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); +// // Expected to fail -- KMC doesn't support 0 cipher text input for decrypt function. +// // ASSERT_EQ(CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_GENERIC_FAILURE, status); +// printf("Processed PDU:\n"); +// for (int i=0; itc_pdu_len; i++) +// { +// printf("%02x ", tc_processed_frame->tc_pdu[i]); +// } +// printf("\n"); + +// // ASSERT_EQ(0x00,tc_processed_frame->tc_pdu[0]); +// // ASSERT_EQ( 0x01,tc_processed_frame->tc_pdu[1]); // Crypto_Shutdown(); // free(enc_tc_jpl_mmt_scid44_vcid1_expect); // free(ptr_enc_frame); +// // ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); // } - -//16 bytes is max for AES GCM so this is an error test -// UTEST(KMC_CRYPTO, UNHAPPY_PATH_APPLY_SEC_ENC_AND_AUTH_AESGCM_32BYTE_MAC) +// UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_ENC_AND_AUTH_AESGCM_8BYTE_MAC) // { // // Setup & Initialize CryptoLib // Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, @@ -548,10 +388,10 @@ UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_ENC_AND_AUTH_AESGCM_8BYTE_MAC) // TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); // Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); -// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 12, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 57, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); // int32_t status = Crypto_Init(); -// char* raw_tc_jpl_mmt_scid44_vcid1= "20033008000001bd37"; +// char* raw_tc_jpl_mmt_scid44_vcid1= "2003e408000001bd37"; // char* raw_tc_jpl_mmt_scid44_vcid1_expect = NULL; // int raw_tc_jpl_mmt_scid44_vcid1_expect_len = 0; @@ -574,13 +414,173 @@ UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_ENC_AND_AUTH_AESGCM_8BYTE_MAC) // { // Crypto_Shutdown(); // } -// // we expect an InvalidAlgorithmParameterException for macLength of that size. -// ASSERT_EQ(CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_GENERIC_FAILURE, status); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); +// printf("Frame after encryption:\n"); +// for (int i=0; itc_pdu_len; i++) +// // { +// // printf("%02x ", tc_processed_frame->tc_pdu[i]); +// // } +// // printf("\n"); + +// // ASSERT_EQ(0x00,tc_processed_frame->tc_pdu[0]); +// // ASSERT_EQ( 0x00,tc_processed_frame->tc_pdu[1]); + +// // Crypto_Shutdown(); +// // free(enc_tc_jpl_mmt_scid44_vcid1_expect); +// // free(ptr_enc_frame); +// // ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); +// // } + +// // UTEST(KMC_CRYPTO, UNHAPPY_PATH_INVALID_MAC_PROCESS_SEC_ENC_AND_AUTH_AESGCM_8BYTE_MAC) +// // { +// // // Setup & Initialize CryptoLib +// // Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, +// // IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, +// // TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, +// // TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); +// // Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); +// // Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); +// // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 11, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// // int32_t status = Crypto_Init(); + +// // char* enc_tc_jpl_mmt_scid44_vcid1= "20032C1E000009000000000000000000000001669C5639DCCDEA8C6CE3EEF2"; +// // char* enc_tc_jpl_mmt_scid44_vcid1_expect = NULL; +// // int enc_tc_jpl_mmt_scid44_vcid1_expect_len = 0; + +// // // Data=0001 +// // // IV=000000000000000000000001 +// // // AAD=00000000000000000000000000000000000000 + + +// // TC_t* tc_processed_frame; +// // tc_processed_frame = malloc(sizeof(uint8_t) * TC_SIZE); + +// // hex_conversion(enc_tc_jpl_mmt_scid44_vcid1, &enc_tc_jpl_mmt_scid44_vcid1_expect, &enc_tc_jpl_mmt_scid44_vcid1_expect_len); + +// // uint8_t* ptr_enc_frame = NULL; + +// // ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); + +// // printf("Encrypted Frame Before Processing:\n"); +// // for (int i=0; i #include -#ifdef KMC_MDB_RH - #define CLIENT_CERTIFICATE "/certs/redhat-cert.pem" - #define CLIENT_CERTIFICATE_KEY "/certs/redhat-key.pem" -#else - /* KMC_MDB_DB */ - #define CLIENT_CERTIFICATE "/certs/debian-cert.pem" - #define CLIENT_CERTIFICATE_KEY "/certs/debian-key.pem" -#endif - - -/** - * @brief Unit Test: Nominal Encryption with KMC Crypto Service && JPL Unit Test MariaDB - **/ -UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_CMAC_AUTH_ONLY) -{ - // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, - IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, - TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, - TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); - Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 7, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - int32_t status = Crypto_Init(); - - char* raw_tc_jpl_mmt_scid44_vcid1= "202c1c08000001bb40"; - - char* raw_tc_jpl_mmt_scid44_vcid1_expect = NULL; - int raw_tc_jpl_mmt_scid44_vcid1_expect_len = 0; - - hex_conversion(raw_tc_jpl_mmt_scid44_vcid1, &raw_tc_jpl_mmt_scid44_vcid1_expect, &raw_tc_jpl_mmt_scid44_vcid1_expect_len); - - uint8_t* ptr_enc_frame = NULL; - uint16_t enc_frame_len = 0; - - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - - printf("Frame before encryption:\n"); - for (int i=0; itc_pdu_len; i++) - { - printf("%02x ", tc_processed_frame->tc_pdu[i]); - } - printf("\n"); - - ASSERT_EQ(0x00,tc_processed_frame->tc_pdu[0]); - ASSERT_EQ( 0x01,tc_processed_frame->tc_pdu[1]); - - Crypto_Shutdown(); - free(enc_tc_jpl_mmt_scid44_vcid1_expect); - free(ptr_enc_frame); - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); -} - -/** - * @brief Unit Test: Nominal Encryption with KMC Crypto Service && JPL Unit Test MariaDB - **/ -UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_CMAC_LARGE_FRM_AUTH_ONLY) -{ - // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, - IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, - TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, - TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); - Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 7, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - int32_t status = Crypto_Init(); - - char* raw_tc_jpl_mmt_scid44_vcid1= "202c1f0700a6ec42999902579daaac3a5af6aabe93288e18d5d4046e24cc5df1f8fa06bac515206d5b0dfcc9861db694f3207175b725bfa6e987fadc1e1e417bff0c30a90b143ca737f2fcf02525c6080c38fde4d4da229387339f363ccdabf42a1defa29f711926c8e0a7479e082ec00b495ae53c8e33b5dc001833aa1d909b4b3aecd60bc6b0af62e8febb58fa15979a5d1e37b9ba48d6d1bf4b9d669306375d7f93942908e410492d6535c91245abbb98a0584aa764815bfdcab44d8c0aeff3a2e2c712649497f95e9440bb1b562cb6fa70a5ff5e5fdbcad40a97fa3bf48f0560bc9c7125b758f25a27678996e5ee3a82a5b864672b80888c2d469fe690aca0501d0de3bec247825f3fbd7f51184f8099dd2ffeb140c9aad86ae8ade912eadbcbef0bb821e684366a084f8d65bd9d0acccfae5fb130d8bf27ff855cea8de4a4e249e5bc8ef9732c06d6d578574b9f936ae1837a61369a7871612337df2dc091dadc8386e53aba816f3a162b71c268e07583a0378805a1f435bf437c0e27193cee4b653273d965fc0b42cfd3c094e2ff89f276153d452814ff016bfcc1b5ec313667de1aaddeb2d31dcaa75f88e4ac758556c7a632374089c53852601385c89aa668b70fd735e9053473538614408241ac47f6ef12aff10c2bce36df6afe7610a5a06997680b579953888684543b7cdefc7cc5987459a9255d187c8790284ad1f2ca38a3a3d56d909a03af87f3788e00d1b9887296ea5ff4087306569c2a3581189a70892e01279812151fdb9f8ec71786edd9cddd8652558503aac1904cf542aeebf269b08c5f648145b498be842080ccbdfe14c8cad1f371e706c0c4ed27d963e2e645224510e7d43ddf50daf8225f484ec841c9e642e489bd70fdbc925c532ab988d0f3999e3e1bdc88d5b0dd61e2b8d72a4a994f3efdc19382cdffdb96ea55ee5a389b003fc91ebc493c0949f56dc7b4b6d69d10dbc937f3757fb36b9000bf67d049c9c768a586b14b5166bffb41fc29c1d5613f2aaa2868fd974a95a3461b0c1c0f1ca87eccf7624fd1ffbe2f45463505b649a0b32410182731dfbe23813e88c3b6bdec7e"; - - char* raw_tc_jpl_mmt_scid44_vcid1_expect = NULL; - int raw_tc_jpl_mmt_scid44_vcid1_expect_len = 0; - - hex_conversion(raw_tc_jpl_mmt_scid44_vcid1, &raw_tc_jpl_mmt_scid44_vcid1_expect, &raw_tc_jpl_mmt_scid44_vcid1_expect_len); - - uint8_t* ptr_enc_frame = NULL; - uint16_t enc_frame_len = 0; - - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - - printf("Frame before encryption:\n"); - for (int i=0; itc_pdu_len; i++) - { - printf("%02x ", tc_processed_frame->tc_pdu[i]); - } - printf("\n"); - - ASSERT_EQ(0x00,tc_processed_frame->tc_pdu[0]); - ASSERT_EQ( 0x01,tc_processed_frame->tc_pdu[1]); - - Crypto_Shutdown(); - free(enc_tc_jpl_mmt_scid44_vcid1_expect); - free(ptr_enc_frame); - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); -} - -/** - * @brief Unit Test: See test name for description of whats being exercised! - **/ -UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_HMAC512_AUTH_ONLY) -{ - // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, - IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, - TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, - TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); - Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 9, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - int32_t status = Crypto_Init(); - - char* raw_tc_jpl_mmt_scid44_vcid1= "202c2408000001bb40"; - - char* raw_tc_jpl_mmt_scid44_vcid1_expect = NULL; - int raw_tc_jpl_mmt_scid44_vcid1_expect_len = 0; - - hex_conversion(raw_tc_jpl_mmt_scid44_vcid1, &raw_tc_jpl_mmt_scid44_vcid1_expect, &raw_tc_jpl_mmt_scid44_vcid1_expect_len); - - uint8_t* ptr_enc_frame = NULL; - uint16_t enc_frame_len = 0; - - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - - printf("Frame before encryption:\n"); - for (int i=0; itc_pdu_len; i++) - { - printf("%02x ", tc_processed_frame->tc_pdu[i]); - } - printf("\n"); - - ASSERT_EQ(0x00,tc_processed_frame->tc_pdu[0]); - ASSERT_EQ( 0x01,tc_processed_frame->tc_pdu[1]); - - Crypto_Shutdown(); - free(enc_tc_jpl_mmt_scid44_vcid1_expect); - free(ptr_enc_frame); - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); -} -/** - * @brief Unit Test: HAPPY_PATH_APPLY_SEC_HMAC512_TRUNCATED_16BYTE_MAC_AUTH_ONLY - **/ -UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_HMAC512_TRUNCATED_16BYTE_MAC_AUTH_ONLY) -{ - // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, - IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, - TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, - TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); - Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 10, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - int32_t status = Crypto_Init(); - - char* raw_tc_jpl_mmt_scid44_vcid1= "202c2808000001bb40"; - - char* raw_tc_jpl_mmt_scid44_vcid1_expect = NULL; - int raw_tc_jpl_mmt_scid44_vcid1_expect_len = 0; - - hex_conversion(raw_tc_jpl_mmt_scid44_vcid1, &raw_tc_jpl_mmt_scid44_vcid1_expect, &raw_tc_jpl_mmt_scid44_vcid1_expect_len); - - uint8_t* ptr_enc_frame = NULL; - uint16_t enc_frame_len = 0; - - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - - printf("Frame before encryption:\n"); - for (int i=0; itc_pdu_len; i++) - { - printf("%02x ", tc_processed_frame->tc_pdu[i]); - } - printf("\n"); - - ASSERT_EQ(0x00,tc_processed_frame->tc_pdu[0]); - ASSERT_EQ( 0x01,tc_processed_frame->tc_pdu[1]); - - Crypto_Shutdown(); - free(enc_tc_jpl_mmt_scid44_vcid1_expect); - free(ptr_enc_frame); - // ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); -} +// #ifdef KMC_MDB_RH +// #define CLIENT_CERTIFICATE "/certs/redhat-cert.pem" +// #define CLIENT_CERTIFICATE_KEY "/certs/redhat-key.pem" +// #else +// /* KMC_MDB_DB */ +// #define CLIENT_CERTIFICATE "/certs/debian-cert.pem" +// #define CLIENT_CERTIFICATE_KEY "/certs/debian-key.pem" +// #endif + + +// /** +// * @brief Unit Test: Nominal Encryption with KMC Crypto Service && JPL Unit Test MariaDB +// **/ +// UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_CMAC_AUTH_ONLY) +// { +// // Setup & Initialize CryptoLib +// Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, +// IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, +// TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, +// TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); +// Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); +// Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 7, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// int32_t status = Crypto_Init(); + +// char* raw_tc_jpl_mmt_scid44_vcid1= "202c1c08000001bb40"; + +// char* raw_tc_jpl_mmt_scid44_vcid1_expect = NULL; +// int raw_tc_jpl_mmt_scid44_vcid1_expect_len = 0; + +// hex_conversion(raw_tc_jpl_mmt_scid44_vcid1, &raw_tc_jpl_mmt_scid44_vcid1_expect, &raw_tc_jpl_mmt_scid44_vcid1_expect_len); + +// uint8_t* ptr_enc_frame = NULL; +// uint16_t enc_frame_len = 0; + +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); + +// printf("Frame before encryption:\n"); +// for (int i=0; itc_pdu_len; i++) +// { +// printf("%02x ", tc_processed_frame->tc_pdu[i]); +// } +// printf("\n"); + +// ASSERT_EQ(0x00,tc_processed_frame->tc_pdu[0]); +// ASSERT_EQ( 0x01,tc_processed_frame->tc_pdu[1]); + +// Crypto_Shutdown(); +// free(enc_tc_jpl_mmt_scid44_vcid1_expect); +// free(ptr_enc_frame); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); +// } + +// /** +// * @brief Unit Test: Nominal Encryption with KMC Crypto Service && JPL Unit Test MariaDB +// **/ +// UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_CMAC_LARGE_FRM_AUTH_ONLY) +// { +// // Setup & Initialize CryptoLib +// Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, +// IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, +// TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, +// TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); +// Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); +// Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 7, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// int32_t status = Crypto_Init(); + +// char* raw_tc_jpl_mmt_scid44_vcid1= "202c1f0700a6ec42999902579daaac3a5af6aabe93288e18d5d4046e24cc5df1f8fa06bac515206d5b0dfcc9861db694f3207175b725bfa6e987fadc1e1e417bff0c30a90b143ca737f2fcf02525c6080c38fde4d4da229387339f363ccdabf42a1defa29f711926c8e0a7479e082ec00b495ae53c8e33b5dc001833aa1d909b4b3aecd60bc6b0af62e8febb58fa15979a5d1e37b9ba48d6d1bf4b9d669306375d7f93942908e410492d6535c91245abbb98a0584aa764815bfdcab44d8c0aeff3a2e2c712649497f95e9440bb1b562cb6fa70a5ff5e5fdbcad40a97fa3bf48f0560bc9c7125b758f25a27678996e5ee3a82a5b864672b80888c2d469fe690aca0501d0de3bec247825f3fbd7f51184f8099dd2ffeb140c9aad86ae8ade912eadbcbef0bb821e684366a084f8d65bd9d0acccfae5fb130d8bf27ff855cea8de4a4e249e5bc8ef9732c06d6d578574b9f936ae1837a61369a7871612337df2dc091dadc8386e53aba816f3a162b71c268e07583a0378805a1f435bf437c0e27193cee4b653273d965fc0b42cfd3c094e2ff89f276153d452814ff016bfcc1b5ec313667de1aaddeb2d31dcaa75f88e4ac758556c7a632374089c53852601385c89aa668b70fd735e9053473538614408241ac47f6ef12aff10c2bce36df6afe7610a5a06997680b579953888684543b7cdefc7cc5987459a9255d187c8790284ad1f2ca38a3a3d56d909a03af87f3788e00d1b9887296ea5ff4087306569c2a3581189a70892e01279812151fdb9f8ec71786edd9cddd8652558503aac1904cf542aeebf269b08c5f648145b498be842080ccbdfe14c8cad1f371e706c0c4ed27d963e2e645224510e7d43ddf50daf8225f484ec841c9e642e489bd70fdbc925c532ab988d0f3999e3e1bdc88d5b0dd61e2b8d72a4a994f3efdc19382cdffdb96ea55ee5a389b003fc91ebc493c0949f56dc7b4b6d69d10dbc937f3757fb36b9000bf67d049c9c768a586b14b5166bffb41fc29c1d5613f2aaa2868fd974a95a3461b0c1c0f1ca87eccf7624fd1ffbe2f45463505b649a0b32410182731dfbe23813e88c3b6bdec7e"; + +// char* raw_tc_jpl_mmt_scid44_vcid1_expect = NULL; +// int raw_tc_jpl_mmt_scid44_vcid1_expect_len = 0; + +// hex_conversion(raw_tc_jpl_mmt_scid44_vcid1, &raw_tc_jpl_mmt_scid44_vcid1_expect, &raw_tc_jpl_mmt_scid44_vcid1_expect_len); + +// uint8_t* ptr_enc_frame = NULL; +// uint16_t enc_frame_len = 0; + +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); + +// printf("Frame before encryption:\n"); +// for (int i=0; itc_pdu_len; i++) +// { +// printf("%02x ", tc_processed_frame->tc_pdu[i]); +// } +// printf("\n"); + +// ASSERT_EQ(0x00,tc_processed_frame->tc_pdu[0]); +// ASSERT_EQ( 0x01,tc_processed_frame->tc_pdu[1]); + +// Crypto_Shutdown(); +// free(enc_tc_jpl_mmt_scid44_vcid1_expect); +// free(ptr_enc_frame); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); +// } + +// /** +// * @brief Unit Test: See test name for description of whats being exercised! +// **/ +// UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_HMAC512_AUTH_ONLY) +// { +// // Setup & Initialize CryptoLib +// Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, +// IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, +// TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, +// TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); +// Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); +// Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 9, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// int32_t status = Crypto_Init(); + +// char* raw_tc_jpl_mmt_scid44_vcid1= "202c2408000001bb40"; + +// char* raw_tc_jpl_mmt_scid44_vcid1_expect = NULL; +// int raw_tc_jpl_mmt_scid44_vcid1_expect_len = 0; + +// hex_conversion(raw_tc_jpl_mmt_scid44_vcid1, &raw_tc_jpl_mmt_scid44_vcid1_expect, &raw_tc_jpl_mmt_scid44_vcid1_expect_len); + +// uint8_t* ptr_enc_frame = NULL; +// uint16_t enc_frame_len = 0; + +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); + +// printf("Frame before encryption:\n"); +// for (int i=0; itc_pdu_len; i++) +// { +// printf("%02x ", tc_processed_frame->tc_pdu[i]); +// } +// printf("\n"); + +// ASSERT_EQ(0x00,tc_processed_frame->tc_pdu[0]); +// ASSERT_EQ( 0x01,tc_processed_frame->tc_pdu[1]); + +// Crypto_Shutdown(); +// free(enc_tc_jpl_mmt_scid44_vcid1_expect); +// free(ptr_enc_frame); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); +// } +// /** +// * @brief Unit Test: HAPPY_PATH_APPLY_SEC_HMAC512_TRUNCATED_16BYTE_MAC_AUTH_ONLY +// **/ +// UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_HMAC512_TRUNCATED_16BYTE_MAC_AUTH_ONLY) +// { +// // Setup & Initialize CryptoLib +// Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, +// IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, +// TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, +// TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); +// Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); +// Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 10, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// int32_t status = Crypto_Init(); + +// char* raw_tc_jpl_mmt_scid44_vcid1= "202c2808000001bb40"; + +// char* raw_tc_jpl_mmt_scid44_vcid1_expect = NULL; +// int raw_tc_jpl_mmt_scid44_vcid1_expect_len = 0; + +// hex_conversion(raw_tc_jpl_mmt_scid44_vcid1, &raw_tc_jpl_mmt_scid44_vcid1_expect, &raw_tc_jpl_mmt_scid44_vcid1_expect_len); + +// uint8_t* ptr_enc_frame = NULL; +// uint16_t enc_frame_len = 0; + +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); + +// printf("Frame before encryption:\n"); +// for (int i=0; itc_pdu_len; i++) +// { +// printf("%02x ", tc_processed_frame->tc_pdu[i]); +// } +// printf("\n"); + +// ASSERT_EQ(0x00,tc_processed_frame->tc_pdu[0]); +// ASSERT_EQ( 0x01,tc_processed_frame->tc_pdu[1]); + +// Crypto_Shutdown(); +// free(enc_tc_jpl_mmt_scid44_vcid1_expect); +// free(ptr_enc_frame); +// // ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); +// } UTEST_MAIN(); diff --git a/test/kmc/ut_kmc_crypto_cam.c b/test/kmc/ut_kmc_crypto_cam.c index cce6cc36..32693ce1 100644 --- a/test/kmc/ut_kmc_crypto_cam.c +++ b/test/kmc/ut_kmc_crypto_cam.c @@ -27,631 +27,631 @@ #include "shared_util.h" #include -/** - * @brief Unit Test: Nominal Encryption with KMC Crypto Service && JPL Unit Test MariaDB - **/ -UTEST(KMC_CRYPTO_CAM, HAPPY_PATH_APPLY_SEC_ENC_AND_AUTH_KERBEROS_KEYTAB_FILE) -{ - // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, - IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, - TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, - TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_MariaDB("localhost", "sadb", 3306, CRYPTO_FALSE, 0, NULL, NULL, NULL, NULL, NULL, "sa_user", - "sa_password"); - Crypto_Config_Kmc_Crypto_Service("https", "asec-dev-vm18.jpl.nasa.gov", 8443, "crypto-service", - "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/ammos-ca-bundle.crt", NULL, - CRYPTO_FALSE, - "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-cert.pem", - "PEM", "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-key.pem", - NULL, NULL); -// Crypto_Config_Cam(CAM_ENABLED_TRUE,"/home/isaleh/.cam_cookie_file",NULL,CAM_LOGIN_NONE,"https://asec-dev-vm10.jpl.nasa.gov:443", NULL, NULL); - Crypto_Config_Cam(CAM_ENABLED_TRUE,"/home/isaleh/.cam_cookie_file","/home/isaleh/secret/testuser3300.kt",CAM_LOGIN_KEYTAB_FILE,"https://asec-dev-vm10.jpl.nasa.gov:443", "testuser3300", NULL); -// Crypto_Config_Cam(CAM_ENABLED_TRUE,"/home/isaleh/.cam_cookie_file",NULL,CAM_LOGIN_KERBEROS,"https://asec-dev-vm10.jpl.nasa.gov:443", NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 2, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 3, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - int32_t status = Crypto_Init(); - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - - char* raw_tc_jpl_mmt_scid44_vcid1= "202c0408000001bd37"; - char* raw_tc_jpl_mmt_scid44_vcid1_expect = NULL; - int raw_tc_jpl_mmt_scid44_vcid1_expect_len = 0; - - hex_conversion(raw_tc_jpl_mmt_scid44_vcid1, &raw_tc_jpl_mmt_scid44_vcid1_expect, &raw_tc_jpl_mmt_scid44_vcid1_expect_len); - - uint8_t* ptr_enc_frame = NULL; - uint16_t enc_frame_len = 0; - - printf("Frame before encryption:\n"); - for (int i=0; itc_pdu_len; i++) - { - printf("%02x ", tc_processed_frame->tc_pdu[i]); - } - printf("\n"); - - ASSERT_EQ(0x00,tc_processed_frame->tc_pdu[0]); - ASSERT_EQ( 0x01,tc_processed_frame->tc_pdu[1]); - - Crypto_Shutdown(); - free(enc_tc_jpl_mmt_scid44_vcid1_expect); - free(ptr_enc_frame); - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); -} -/** - * @brief Unit Test: Nominal Encryption with KMC Crypto Service && JPL Unit Test MariaDB - * This doesn't work -- Apply Security Auth Only doesn't return the proper tag. - **/ -UTEST(KMC_CRYPTO_CAM, HAPPY_PATH_PROCESS_SEC_AUTH_ONLY) -{ - // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, - IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, - TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, - TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_MariaDB("localhost", "sadb", 3306, CRYPTO_FALSE, 0, NULL, NULL, NULL, NULL, NULL, "sa_user", - "sa_password"); - Crypto_Config_Kmc_Crypto_Service("https", "asec-dev-vm18.jpl.nasa.gov", 8443, "crypto-service", - "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/ammos-ca-bundle.crt", NULL, - CRYPTO_FALSE, - "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-cert.pem", - "PEM", "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-key.pem", - NULL, NULL); - Crypto_Config_Cam(CAM_ENABLED_TRUE,"/home/isaleh/.cam_cookie_file",NULL,CAM_LOGIN_NONE,NULL, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 2, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 3, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - int32_t status = Crypto_Init(); - - char* enc_tc_jpl_mmt_scid44_vcid1= "202C0C2600000400000000000000000000000100016E2051F96CAB186BCE364A65AF599AE52F38"; - char* enc_tc_jpl_mmt_scid44_vcid1_expect = NULL; - int enc_tc_jpl_mmt_scid44_vcid1_expect_len = 0; - - // Data=0001 - // IV=000000000000000000000001 - // AAD=00000000000000000000000000000000000000 - - - TC_t* tc_processed_frame; - tc_processed_frame = malloc(sizeof(uint8_t) * TC_SIZE); - - hex_conversion(enc_tc_jpl_mmt_scid44_vcid1, &enc_tc_jpl_mmt_scid44_vcid1_expect, &enc_tc_jpl_mmt_scid44_vcid1_expect_len); - - uint8_t* ptr_enc_frame = NULL; - - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - - printf("Encrypted Frame Before Processing:\n"); - for (int i=0; itc_pdu_len; i++) - { - printf("%02x ", tc_processed_frame->tc_pdu[i]); - } - printf("\n"); - - // ASSERT_EQ(0x00,tc_processed_frame->tc_pdu[0]); - // ASSERT_EQ( 0x01,tc_processed_frame->tc_pdu[1]); - - Crypto_Shutdown(); - free(enc_tc_jpl_mmt_scid44_vcid1_expect); - free(ptr_enc_frame); - // ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); -} - -UTEST(KMC_CRYPTO_CAM, HAPPY_PATH_APPLY_SEC_ENC_AND_AUTH_AESGCM_8BYTE_MAC) -{ - // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, - IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, - TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, - TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_MariaDB("localhost", "sadb", 3306, CRYPTO_FALSE, 0, NULL, NULL, NULL, NULL, NULL, "sa_user", - "sa_password"); - Crypto_Config_Kmc_Crypto_Service("https", "asec-dev-vm18.jpl.nasa.gov", 8443, "crypto-service", - "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/ammos-ca-bundle.crt", NULL, - CRYPTO_FALSE, - "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-cert.pem", - "PEM", "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-key.pem", - NULL, NULL); - Crypto_Config_Cam(CAM_ENABLED_TRUE,"/home/isaleh/.cam_cookie_file",NULL,CAM_LOGIN_NONE,NULL, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 11, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - int32_t status = Crypto_Init(); - - char* raw_tc_jpl_mmt_scid44_vcid1= "202c2c08000001bd37"; - char* raw_tc_jpl_mmt_scid44_vcid1_expect = NULL; - int raw_tc_jpl_mmt_scid44_vcid1_expect_len = 0; - - hex_conversion(raw_tc_jpl_mmt_scid44_vcid1, &raw_tc_jpl_mmt_scid44_vcid1_expect, &raw_tc_jpl_mmt_scid44_vcid1_expect_len); - - uint8_t* ptr_enc_frame = NULL; - uint16_t enc_frame_len = 0; - - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - - printf("Frame before encryption:\n"); - for (int i=0; itc_pdu_len; i++) - { - printf("%02x ", tc_processed_frame->tc_pdu[i]); - } - printf("\n"); - - ASSERT_EQ(0x00,tc_processed_frame->tc_pdu[0]); - ASSERT_EQ( 0x01,tc_processed_frame->tc_pdu[1]); - - Crypto_Shutdown(); - free(enc_tc_jpl_mmt_scid44_vcid1_expect); - free(ptr_enc_frame); - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); -} - -UTEST(KMC_CRYPTO_CAM, UNHAPPY_PATH_INVALID_MAC_PROCESS_SEC_ENC_AND_AUTH_AESGCM_8BYTE_MAC) -{ - // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, - IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, - TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, - TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_MariaDB("localhost", "sadb", 3306, CRYPTO_FALSE, 0, NULL, NULL, NULL, NULL, NULL, "sa_user", - "sa_password"); - Crypto_Config_Kmc_Crypto_Service("https", "asec-dev-vm18.jpl.nasa.gov", 8443, "crypto-service", - "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/ammos-ca-bundle.crt", NULL, - CRYPTO_FALSE, - "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-cert.pem", - "PEM", "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-key.pem", - NULL, NULL); - Crypto_Config_Cam(CAM_ENABLED_TRUE,"/home/isaleh/.cam_cookie_file",NULL,CAM_LOGIN_NONE,NULL, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 11, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - int32_t status = Crypto_Init(); - - char* enc_tc_jpl_mmt_scid44_vcid1= "202C2C1E000009000000000000000000000001669C5639DCCDEA8C6CE3EEF2"; - char* enc_tc_jpl_mmt_scid44_vcid1_expect = NULL; - int enc_tc_jpl_mmt_scid44_vcid1_expect_len = 0; - - // Data=0001 - // IV=000000000000000000000001 - // AAD=00000000000000000000000000000000000000 - - - TC_t* tc_processed_frame; - tc_processed_frame = malloc(sizeof(uint8_t) * TC_SIZE); - - hex_conversion(enc_tc_jpl_mmt_scid44_vcid1, &enc_tc_jpl_mmt_scid44_vcid1_expect, &enc_tc_jpl_mmt_scid44_vcid1_expect_len); - - uint8_t* ptr_enc_frame = NULL; - - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - - printf("Encrypted Frame Before Processing:\n"); - for (int i=0; itc_pdu_len; i++) +// { +// printf("%02x ", tc_processed_frame->tc_pdu[i]); +// } +// printf("\n"); + +// ASSERT_EQ(0x00,tc_processed_frame->tc_pdu[0]); +// ASSERT_EQ( 0x01,tc_processed_frame->tc_pdu[1]); + +// Crypto_Shutdown(); +// free(enc_tc_jpl_mmt_scid44_vcid1_expect); +// free(ptr_enc_frame); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); +// } +// /** +// * @brief Unit Test: Nominal Encryption with KMC Crypto Service && JPL Unit Test MariaDB +// * This doesn't work -- Apply Security Auth Only doesn't return the proper tag. +// **/ +// UTEST(KMC_CRYPTO_CAM, HAPPY_PATH_PROCESS_SEC_AUTH_ONLY) +// { +// // Setup & Initialize CryptoLib +// Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, +// IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, +// TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, +// TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); +// Crypto_Config_MariaDB("localhost", "sadb", 3306, CRYPTO_FALSE, 0, NULL, NULL, NULL, NULL, NULL, "sa_user", +// "sa_password"); +// Crypto_Config_Kmc_Crypto_Service("https", "asec-dev-vm18.jpl.nasa.gov", 8443, "crypto-service", +// "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/ammos-ca-bundle.crt", NULL, +// CRYPTO_FALSE, +// "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-cert.pem", +// "PEM", "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-key.pem", +// NULL, NULL); +// Crypto_Config_Cam(CAM_ENABLED_TRUE,"/home/isaleh/.cam_cookie_file",NULL,CAM_LOGIN_NONE,NULL, NULL, NULL); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 2, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 3, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// int32_t status = Crypto_Init(); + +// char* enc_tc_jpl_mmt_scid44_vcid1= "202C0C2600000400000000000000000000000100016E2051F96CAB186BCE364A65AF599AE52F38"; +// char* enc_tc_jpl_mmt_scid44_vcid1_expect = NULL; +// int enc_tc_jpl_mmt_scid44_vcid1_expect_len = 0; + +// // Data=0001 +// // IV=000000000000000000000001 +// // AAD=00000000000000000000000000000000000000 + + +// TC_t* tc_processed_frame; +// tc_processed_frame = malloc(sizeof(uint8_t) * TC_SIZE); + +// hex_conversion(enc_tc_jpl_mmt_scid44_vcid1, &enc_tc_jpl_mmt_scid44_vcid1_expect, &enc_tc_jpl_mmt_scid44_vcid1_expect_len); + +// uint8_t* ptr_enc_frame = NULL; + +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); + +// printf("Encrypted Frame Before Processing:\n"); +// for (int i=0; itc_pdu_len; i++) +// { +// printf("%02x ", tc_processed_frame->tc_pdu[i]); +// } +// printf("\n"); + +// // ASSERT_EQ(0x00,tc_processed_frame->tc_pdu[0]); +// // ASSERT_EQ( 0x01,tc_processed_frame->tc_pdu[1]); + +// Crypto_Shutdown(); +// free(enc_tc_jpl_mmt_scid44_vcid1_expect); +// free(ptr_enc_frame); +// // ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); +// } + +// UTEST(KMC_CRYPTO_CAM, HAPPY_PATH_APPLY_SEC_ENC_AND_AUTH_AESGCM_8BYTE_MAC) +// { +// // Setup & Initialize CryptoLib +// Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, +// IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, +// TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, +// TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); +// Crypto_Config_MariaDB("localhost", "sadb", 3306, CRYPTO_FALSE, 0, NULL, NULL, NULL, NULL, NULL, "sa_user", +// "sa_password"); +// Crypto_Config_Kmc_Crypto_Service("https", "asec-dev-vm18.jpl.nasa.gov", 8443, "crypto-service", +// "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/ammos-ca-bundle.crt", NULL, +// CRYPTO_FALSE, +// "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-cert.pem", +// "PEM", "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-key.pem", +// NULL, NULL); +// Crypto_Config_Cam(CAM_ENABLED_TRUE,"/home/isaleh/.cam_cookie_file",NULL,CAM_LOGIN_NONE,NULL, NULL, NULL); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 11, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// int32_t status = Crypto_Init(); + +// char* raw_tc_jpl_mmt_scid44_vcid1= "202c2c08000001bd37"; +// char* raw_tc_jpl_mmt_scid44_vcid1_expect = NULL; +// int raw_tc_jpl_mmt_scid44_vcid1_expect_len = 0; + +// hex_conversion(raw_tc_jpl_mmt_scid44_vcid1, &raw_tc_jpl_mmt_scid44_vcid1_expect, &raw_tc_jpl_mmt_scid44_vcid1_expect_len); + +// uint8_t* ptr_enc_frame = NULL; +// uint16_t enc_frame_len = 0; + +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); + +// printf("Frame before encryption:\n"); +// for (int i=0; itc_pdu_len; i++) +// { +// printf("%02x ", tc_processed_frame->tc_pdu[i]); +// } +// printf("\n"); + +// ASSERT_EQ(0x00,tc_processed_frame->tc_pdu[0]); +// ASSERT_EQ( 0x01,tc_processed_frame->tc_pdu[1]); + +// Crypto_Shutdown(); +// free(enc_tc_jpl_mmt_scid44_vcid1_expect); +// free(ptr_enc_frame); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); +// } + +// UTEST(KMC_CRYPTO_CAM, UNHAPPY_PATH_INVALID_MAC_PROCESS_SEC_ENC_AND_AUTH_AESGCM_8BYTE_MAC) +// { +// // Setup & Initialize CryptoLib +// Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, +// IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, +// TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, +// TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); +// Crypto_Config_MariaDB("localhost", "sadb", 3306, CRYPTO_FALSE, 0, NULL, NULL, NULL, NULL, NULL, "sa_user", +// "sa_password"); +// Crypto_Config_Kmc_Crypto_Service("https", "asec-dev-vm18.jpl.nasa.gov", 8443, "crypto-service", +// "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/ammos-ca-bundle.crt", NULL, +// CRYPTO_FALSE, +// "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-cert.pem", +// "PEM", "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-key.pem", +// NULL, NULL); +// Crypto_Config_Cam(CAM_ENABLED_TRUE,"/home/isaleh/.cam_cookie_file",NULL,CAM_LOGIN_NONE,NULL, NULL, NULL); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 11, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// int32_t status = Crypto_Init(); + +// char* enc_tc_jpl_mmt_scid44_vcid1= "202C2C1E000009000000000000000000000001669C5639DCCDEA8C6CE3EEF2"; +// char* enc_tc_jpl_mmt_scid44_vcid1_expect = NULL; +// int enc_tc_jpl_mmt_scid44_vcid1_expect_len = 0; + +// // Data=0001 +// // IV=000000000000000000000001 +// // AAD=00000000000000000000000000000000000000 + + +// TC_t* tc_processed_frame; +// tc_processed_frame = malloc(sizeof(uint8_t) * TC_SIZE); + +// hex_conversion(enc_tc_jpl_mmt_scid44_vcid1, &enc_tc_jpl_mmt_scid44_vcid1_expect, &enc_tc_jpl_mmt_scid44_vcid1_expect_len); + +// uint8_t* ptr_enc_frame = NULL; + +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); + +// printf("Encrypted Frame Before Processing:\n"); +// for (int i=0; i #include -#ifdef KMC_MDB_RH - #define CLIENT_CERTIFICATE "/certs/redhat-cert.pem" - #define CLIENT_CERTIFICATE_KEY "/certs/redhat-key.pem" -#else - /* KMC_MDB_DB */ - #define CLIENT_CERTIFICATE "/certs/debian-cert.pem" - #define CLIENT_CERTIFICATE_KEY "/certs/debian-key.pem" -#endif - -/** - * @brief Unit Test: Nominal Encryption with KMC Crypto Service && JPL Unit Test MariaDB - **/ -UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_ENC_AND_AUTH_MTLS) -{ - // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, - IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, - TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, - TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); - Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); +// #ifdef KMC_MDB_RH +// #define CLIENT_CERTIFICATE "/certs/redhat-cert.pem" +// #define CLIENT_CERTIFICATE_KEY "/certs/redhat-key.pem" +// #else +// /* KMC_MDB_DB */ +// #define CLIENT_CERTIFICATE "/certs/debian-cert.pem" +// #define CLIENT_CERTIFICATE_KEY "/certs/debian-key.pem" +// #endif + +// /** +// * @brief Unit Test: Nominal Encryption with KMC Crypto Service && JPL Unit Test MariaDB +// **/ +// UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_ENC_AND_AUTH_MTLS) +// { +// // Setup & Initialize CryptoLib +// Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, +// IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, +// TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, +// TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); +// Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); +// Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - int32_t status = Crypto_Init(); - - char* raw_tc_jpl_mmt_scid44_vcid1= "20030408000001bd37"; - char* raw_tc_jpl_mmt_scid44_vcid1_expect = NULL; - int raw_tc_jpl_mmt_scid44_vcid1_expect_len = 0; - - hex_conversion(raw_tc_jpl_mmt_scid44_vcid1, &raw_tc_jpl_mmt_scid44_vcid1_expect, &raw_tc_jpl_mmt_scid44_vcid1_expect_len); - - uint8_t* ptr_enc_frame = NULL; - uint16_t enc_frame_len = 0; - - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - - printf("Frame before encryption:\n"); - for (int i=0; i -#ifdef KMC_MDB_RH - #define CLIENT_CERTIFICATE "/certs/redhat-cert.pem" - #define CLIENT_CERTIFICATE_KEY "/certs/redhat-key.pem" -#else - /* KMC_MDB_DB */ - #define CLIENT_CERTIFICATE "/certs/debian-cert.pem" - #define CLIENT_CERTIFICATE_KEY "/certs/debian-key.pem" -#endif - - -void cleanup_sa(SecurityAssociation_t* test_association) -{ - if (test_association->ek_ref[0] != '\0') - clean_ek_ref(test_association); - if (test_association->ak_ref[0] != '\0') - clean_ak_ref(test_association); +// #ifdef KMC_MDB_RH +// #define CLIENT_CERTIFICATE "/certs/redhat-cert.pem" +// #define CLIENT_CERTIFICATE_KEY "/certs/redhat-key.pem" +// #else +// /* KMC_MDB_DB */ +// #define CLIENT_CERTIFICATE "/certs/debian-cert.pem" +// #define CLIENT_CERTIFICATE_KEY "/certs/debian-key.pem" +// #endif + + +// void cleanup_sa(SecurityAssociation_t* test_association) +// { +// if (test_association->ek_ref[0] != '\0') +// clean_ek_ref(test_association); +// if (test_association->ak_ref[0] != '\0') +// clean_ak_ref(test_association); - free(test_association); -} - -void reload_db(void) -{ - printf("Resetting Database\n"); - system("mysql --host=localhost -uroot -pitc123! < ../../src/sa/sa_mariadb_sql/empty_sadb.sql"); - system("mysql --host=localhost -uroot -pitc123! < ../../src/sa/test_sa_mariadb_sql/create_sa_ivv_unit_tests.sql"); -} - - -// Global SQL Connection Parameters -// Generic passwords saved in a file = bad ... but this is just for testing - -char* mysql_username = "root"; -char* mysql_password = "itc123!"; -char* mysql_hostname = "localhost"; -char* mysql_database = "sadb"; -uint16_t mysql_port = 3306; //default port -char* ssl_cert = "NONE"; -char* ssl_key = "NONE"; -char* ssl_ca = "NONE"; -char* ssl_capath = "NONE"; -uint8_t verify_server = 0; -char* client_key_password = NULL; - -/** - * @brief Unit Test: Nominal SQL Connection - **/ -UTEST(MARIA_DB, DB_CONNECT) -{ - int32_t status = CRYPTO_LIB_ERROR; - reload_db(); +// free(test_association); +// } + +// void reload_db(void) +// { +// printf("Resetting Database\n"); +// system("mysql --host=localhost -uroot -pitc123! < ../../src/sa/sa_mariadb_sql/empty_sadb.sql"); +// system("mysql --host=localhost -uroot -pitc123! < ../../src/sa/test_sa_mariadb_sql/create_sa_ivv_unit_tests.sql"); +// } + + +// // Global SQL Connection Parameters +// // Generic passwords saved in a file = bad ... but this is just for testing + +// char* mysql_username = "root"; +// char* mysql_password = "itc123!"; +// char* mysql_hostname = "localhost"; +// char* mysql_database = "sadb"; +// uint16_t mysql_port = 3306; //default port +// char* ssl_cert = "NONE"; +// char* ssl_key = "NONE"; +// char* ssl_ca = "NONE"; +// char* ssl_capath = "NONE"; +// uint8_t verify_server = 0; +// char* client_key_password = NULL; + +// /** +// * @brief Unit Test: Nominal SQL Connection +// **/ +// UTEST(MARIA_DB, DB_CONNECT) +// { +// int32_t status = CRYPTO_LIB_ERROR; +// reload_db(); - status = Crypto_Config_MariaDB(mysql_hostname, mysql_database, mysql_port, CRYPTO_FALSE, verify_server, ssl_ca, - ssl_capath, ssl_cert, ssl_key, client_key_password, mysql_username, mysql_password); - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - - Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, - IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, - TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_TRUE, - TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_SIZE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_SIZE); - - status = Crypto_Init(); - - SaInterface sa_if = get_sa_interface_mariadb(); - //need the sa call - SecurityAssociation_t* test_sa; - - status = sa_if->sa_get_from_spi(1, &test_sa); - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - ASSERT_EQ(test_sa->iv[11] , 0x01); - - test_sa->iv[11] = 0xAB; - status = sa_if->sa_save_sa(test_sa); - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - status = sa_if->sa_get_from_spi(1, &test_sa); - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - ASSERT_EQ(test_sa->iv[11] , 0xAB); - Crypto_Shutdown(); - cleanup_sa(test_sa); -} - -/** - * @brief Unit Test: Nominal Encryption - **/ -UTEST(MARIA_DB, HAPPY_PATH_ENC) -{ - int32_t status = CRYPTO_LIB_ERROR; - reload_db(); +// status = Crypto_Config_MariaDB(mysql_hostname, mysql_database, mysql_port, CRYPTO_FALSE, verify_server, ssl_ca, +// ssl_capath, ssl_cert, ssl_key, client_key_password, mysql_username, mysql_password); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); + +// Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, +// IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, +// TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_TRUE, +// TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_SIZE); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_SIZE); + +// status = Crypto_Init(); + +// SaInterface sa_if = get_sa_interface_mariadb(); +// //need the sa call +// SecurityAssociation_t* test_sa; + +// status = sa_if->sa_get_from_spi(1, &test_sa); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); +// ASSERT_EQ(test_sa->iv[11] , 0x01); + +// test_sa->iv[11] = 0xAB; +// status = sa_if->sa_save_sa(test_sa); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); +// status = sa_if->sa_get_from_spi(1, &test_sa); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); +// ASSERT_EQ(test_sa->iv[11] , 0xAB); +// Crypto_Shutdown(); +// cleanup_sa(test_sa); +// } + +// /** +// * @brief Unit Test: Nominal Encryption +// **/ +// UTEST(MARIA_DB, HAPPY_PATH_ENC) +// { +// int32_t status = CRYPTO_LIB_ERROR; +// reload_db(); - status = Crypto_Config_MariaDB(mysql_hostname, mysql_database, mysql_port, CRYPTO_FALSE, verify_server, ssl_ca, - ssl_capath, ssl_cert, ssl_key, client_key_password, mysql_username, mysql_password); - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - - Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, - IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, - TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_TRUE, - TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_SIZE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_SIZE); - - status = Crypto_Init(); - - char* raw_tc_sdls_ping_h = "20030015000080d2c70008197f0b00310000b1fe3128"; - char* raw_tc_sdls_ping_b = NULL; - int raw_tc_sdls_ping_len = 0; - SaInterface sa_if = get_sa_interface_mariadb(); - - hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); - - uint8_t* ptr_enc_frame = NULL; - uint16_t enc_frame_len = 0; - - int32_t return_val = CRYPTO_LIB_ERROR; - - SecurityAssociation_t* test_association; - - status = sa_if->sa_get_from_spi(2, &test_association); - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - return_val = - Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); - ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); - cleanup_sa(test_association); - status = sa_if->sa_get_from_spi(2, &test_association); - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - ASSERT_EQ(test_association->iv[test_association->iv_len - 1], 2); // Verify that IV incremented. - - free(raw_tc_sdls_ping_b); - free(ptr_enc_frame); - cleanup_sa(test_association); - Crypto_Shutdown(); -} - -/** - * @brief Unit Test: Nominal Authorized Encryption - **/ -UTEST(MARIA_DB, HAPPY_PATH_AUTH_ENC) -{ - int32_t status = CRYPTO_LIB_ERROR; - reload_db(); +// status = Crypto_Config_MariaDB(mysql_hostname, mysql_database, mysql_port, CRYPTO_FALSE, verify_server, ssl_ca, +// ssl_capath, ssl_cert, ssl_key, client_key_password, mysql_username, mysql_password); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); + +// Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, +// IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, +// TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_TRUE, +// TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_SIZE); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_SIZE); + +// status = Crypto_Init(); + +// char* raw_tc_sdls_ping_h = "20030015000080d2c70008197f0b00310000b1fe3128"; +// char* raw_tc_sdls_ping_b = NULL; +// int raw_tc_sdls_ping_len = 0; +// SaInterface sa_if = get_sa_interface_mariadb(); + +// hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); + +// uint8_t* ptr_enc_frame = NULL; +// uint16_t enc_frame_len = 0; + +// int32_t return_val = CRYPTO_LIB_ERROR; + +// SecurityAssociation_t* test_association; + +// status = sa_if->sa_get_from_spi(2, &test_association); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); +// return_val = +// Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); +// cleanup_sa(test_association); +// status = sa_if->sa_get_from_spi(2, &test_association); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); +// ASSERT_EQ(test_association->iv[test_association->iv_len - 1], 2); // Verify that IV incremented. + +// free(raw_tc_sdls_ping_b); +// free(ptr_enc_frame); +// cleanup_sa(test_association); +// Crypto_Shutdown(); +// } + +// /** +// * @brief Unit Test: Nominal Authorized Encryption +// **/ +// UTEST(MARIA_DB, HAPPY_PATH_AUTH_ENC) +// { +// int32_t status = CRYPTO_LIB_ERROR; +// reload_db(); - status = Crypto_Config_MariaDB(mysql_hostname, mysql_database, mysql_port, CRYPTO_FALSE, verify_server, ssl_ca, - ssl_capath, ssl_cert, ssl_key, client_key_password, mysql_username, mysql_password); - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); +// status = Crypto_Config_MariaDB(mysql_hostname, mysql_database, mysql_port, CRYPTO_FALSE, verify_server, ssl_ca, +// ssl_capath, ssl_cert, ssl_key, client_key_password, mysql_username, mysql_password); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, - IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, - TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_TRUE, - TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_SIZE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_SIZE); +// Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, +// IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, +// TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_TRUE, +// TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_SIZE); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_SIZE); - status = Crypto_Init(); +// status = Crypto_Init(); - char* raw_tc_sdls_ping_h = "20030415000080d2c70008197f0b00310000b1fe3128"; - char* raw_tc_sdls_ping_b = NULL; - int raw_tc_sdls_ping_len = 0; - SaInterface sa_if = get_sa_interface_mariadb(); - hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); +// char* raw_tc_sdls_ping_h = "20030415000080d2c70008197f0b00310000b1fe3128"; +// char* raw_tc_sdls_ping_b = NULL; +// int raw_tc_sdls_ping_len = 0; +// SaInterface sa_if = get_sa_interface_mariadb(); +// hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); - uint8_t* ptr_enc_frame = NULL; - uint16_t enc_frame_len = 0; +// uint8_t* ptr_enc_frame = NULL; +// uint16_t enc_frame_len = 0; - int32_t return_val = CRYPTO_LIB_ERROR; +// int32_t return_val = CRYPTO_LIB_ERROR; - SecurityAssociation_t* test_association; - // Expose the SADB Security Association for test edits. - sa_if->sa_get_from_spi(3, &test_association); +// SecurityAssociation_t* test_association; +// // Expose the SADB Security Association for test edits. +// sa_if->sa_get_from_spi(3, &test_association); - return_val = - Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); +// return_val = +// Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); - ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); - cleanup_sa(test_association); - status = sa_if->sa_get_from_spi(3, &test_association); - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - ASSERT_EQ(test_association->iv[test_association->iv_len - 1], 2); // Verify that IV incremented. - - Crypto_Shutdown(); - cleanup_sa(test_association); - free(raw_tc_sdls_ping_b); - free(ptr_enc_frame); -} - -/** - * @brief Validation Test: Authorized Decryption - * Makes use of truth data created from the previous AUTH_ENCRYPTION_TEST, to validate that Crypto_TC_ProcessSecurity( - *uint8_t* ingest, int* len_ingest,TC_t* tc_sdls_processed_frame) properly decrypts data and returns it to the intial - *truth data created by the python_auth_encryption(uint8_t* data, uint8_t* key, uint8_t* iv, uint8_t* header, uint8_t* - *bitmask, uint8_t** expected, long* expected_length) function. - **/ -UTEST(MARIA_DB, AUTH_DECRYPTION_TEST) -{ - char* dec_test_h = "20030433000000030000000000000000000000014ED87188D42B3F36130F355E83F3DE9C5E8F716321145159B41144E5514EBBEA"; - char* enc_test_h = "80d2c70008197f0b00310000b1fe"; - uint8_t* dec_test_b, *enc_test_b = NULL; - int dec_test_len, enc_test_len = 0; - int32_t status = CRYPTO_LIB_ERROR; - reload_db(); +// cleanup_sa(test_association); +// status = sa_if->sa_get_from_spi(3, &test_association); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); +// ASSERT_EQ(test_association->iv[test_association->iv_len - 1], 2); // Verify that IV incremented. + +// Crypto_Shutdown(); +// cleanup_sa(test_association); +// free(raw_tc_sdls_ping_b); +// free(ptr_enc_frame); +// } + +// /** +// * @brief Validation Test: Authorized Decryption +// * Makes use of truth data created from the previous AUTH_ENCRYPTION_TEST, to validate that Crypto_TC_ProcessSecurity( +// *uint8_t* ingest, int* len_ingest,TC_t* tc_sdls_processed_frame) properly decrypts data and returns it to the intial +// *truth data created by the python_auth_encryption(uint8_t* data, uint8_t* key, uint8_t* iv, uint8_t* header, uint8_t* +// *bitmask, uint8_t** expected, long* expected_length) function. +// **/ +// UTEST(MARIA_DB, AUTH_DECRYPTION_TEST) +// { +// char* dec_test_h = "20030433000000030000000000000000000000014ED87188D42B3F36130F355E83F3DE9C5E8F716321145159B41144E5514EBBEA"; +// char* enc_test_h = "80d2c70008197f0b00310000b1fe"; +// uint8_t* dec_test_b, *enc_test_b = NULL; +// int dec_test_len, enc_test_len = 0; +// int32_t status = CRYPTO_LIB_ERROR; +// reload_db(); - status = Crypto_Config_MariaDB(mysql_hostname, mysql_database, mysql_port, CRYPTO_FALSE, verify_server, ssl_ca, - ssl_capath, ssl_cert, ssl_key, client_key_password, mysql_username, mysql_password); - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); +// status = Crypto_Config_MariaDB(mysql_hostname, mysql_database, mysql_port, CRYPTO_FALSE, verify_server, ssl_ca, +// ssl_capath, ssl_cert, ssl_key, client_key_password, mysql_username, mysql_password); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, - IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, - TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_TRUE, - TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_SIZE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_SIZE); +// Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, +// IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, +// TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_TRUE, +// TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_SIZE); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_SIZE); - status = Crypto_Init(); +// status = Crypto_Init(); - SaInterface sa_if = get_sa_interface_mariadb(); +// SaInterface sa_if = get_sa_interface_mariadb(); - hex_conversion(dec_test_h, (char**) &dec_test_b, &dec_test_len); - hex_conversion(enc_test_h, (char**) &enc_test_b, &enc_test_len); +// hex_conversion(dec_test_h, (char**) &dec_test_b, &dec_test_len); +// hex_conversion(enc_test_h, (char**) &enc_test_b, &enc_test_len); - TC_t* tc_sdls_processed_frame; - tc_sdls_processed_frame = malloc(sizeof(uint8_t) * TC_SIZE); - memset(tc_sdls_processed_frame, 0, (sizeof(uint8_t) * TC_SIZE)); +// TC_t* tc_sdls_processed_frame; +// tc_sdls_processed_frame = malloc(sizeof(uint8_t) * TC_SIZE); +// memset(tc_sdls_processed_frame, 0, (sizeof(uint8_t) * TC_SIZE)); - SecurityAssociation_t* test_association; - sa_if->sa_get_from_spi(3, &test_association); - test_association->iv[test_association->iv_len - 1] = 0; - sa_if->sa_save_sa(test_association); - - Crypto_TC_ProcessSecurity(dec_test_b, &dec_test_len, tc_sdls_processed_frame); - for (int i = 0; i < tc_sdls_processed_frame->tc_pdu_len; i++) - { - ASSERT_EQ(enc_test_b[i], tc_sdls_processed_frame->tc_pdu[i]); - } - - Crypto_Shutdown(); - free(dec_test_b); - free(enc_test_b); - free(tc_sdls_processed_frame->tc_sec_header.iv); - free(tc_sdls_processed_frame->tc_sec_header.sn); - free(tc_sdls_processed_frame->tc_sec_header.pad); - free(tc_sdls_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? - free(tc_sdls_processed_frame); -} - -/** - * @brief Unit Test: Nominal Authorized Encryption With Partial IV Rollover, increment static IV - **/ -UTEST(MARIA_DB, HAPPY_PATH_APPLY_NONTRANSMITTED_INCREMENTING_IV_ROLLOVER) -{ - int32_t status = CRYPTO_LIB_ERROR; - reload_db(); +// SecurityAssociation_t* test_association; +// sa_if->sa_get_from_spi(3, &test_association); +// test_association->iv[test_association->iv_len - 1] = 0; +// sa_if->sa_save_sa(test_association); + +// Crypto_TC_ProcessSecurity(dec_test_b, &dec_test_len, tc_sdls_processed_frame); +// for (int i = 0; i < tc_sdls_processed_frame->tc_pdu_len; i++) +// { +// ASSERT_EQ(enc_test_b[i], tc_sdls_processed_frame->tc_pdu[i]); +// } + +// Crypto_Shutdown(); +// free(dec_test_b); +// free(enc_test_b); +// free(tc_sdls_processed_frame->tc_sec_header.iv); +// free(tc_sdls_processed_frame->tc_sec_header.sn); +// free(tc_sdls_processed_frame->tc_sec_header.pad); +// free(tc_sdls_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? +// free(tc_sdls_processed_frame); +// } + +// /** +// * @brief Unit Test: Nominal Authorized Encryption With Partial IV Rollover, increment static IV +// **/ +// UTEST(MARIA_DB, HAPPY_PATH_APPLY_NONTRANSMITTED_INCREMENTING_IV_ROLLOVER) +// { +// int32_t status = CRYPTO_LIB_ERROR; +// reload_db(); - status = Crypto_Config_MariaDB(mysql_hostname, mysql_database, mysql_port, CRYPTO_FALSE, verify_server, ssl_ca, - ssl_capath, ssl_cert, ssl_key, client_key_password, mysql_username, mysql_password); - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - - - Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, - IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, - TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_TRUE, - TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_SIZE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_SIZE); - - status = Crypto_Init(); - - char* raw_tc_sdls_ping_h = "20030815000080d2c70008197f0b00310000b1fe3128"; - char* raw_tc_sdls_ping_b = NULL; - - char* new_iv_h = "FFFFFFFFFFFC"; - char* new_iv_b = NULL; - - char* expected_iv_h = "000000000001000000000001"; - char* expected_iv_b = NULL; - - int raw_tc_sdls_ping_len = 0; - int new_iv_len = 0; - int expected_iv_len = 0; - - SaInterface sa_if = get_sa_interface_mariadb(); - hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); - hex_conversion(new_iv_h, &new_iv_b, &new_iv_len); - hex_conversion(expected_iv_h, &expected_iv_b, &expected_iv_len); - uint8_t* ptr_enc_frame = NULL; - uint16_t enc_frame_len = 0; - - int32_t return_val = CRYPTO_LIB_ERROR; - - SecurityAssociation_t* test_association; - - sa_if->sa_get_from_spi(4, &test_association); - return_val = - Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); - free(ptr_enc_frame); - ptr_enc_frame = NULL; - return_val = - Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); - free(ptr_enc_frame); - ptr_enc_frame = NULL; - return_val = - Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); - free(ptr_enc_frame); - ptr_enc_frame = NULL; - return_val = - Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); - free(ptr_enc_frame); - ptr_enc_frame = NULL; - return_val = - Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); +// status = Crypto_Config_MariaDB(mysql_hostname, mysql_database, mysql_port, CRYPTO_FALSE, verify_server, ssl_ca, +// ssl_capath, ssl_cert, ssl_key, client_key_password, mysql_username, mysql_password); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); + + +// Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, +// IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, +// TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_TRUE, +// TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_SIZE); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_SIZE); + +// status = Crypto_Init(); + +// char* raw_tc_sdls_ping_h = "20030815000080d2c70008197f0b00310000b1fe3128"; +// char* raw_tc_sdls_ping_b = NULL; + +// char* new_iv_h = "FFFFFFFFFFFC"; +// char* new_iv_b = NULL; + +// char* expected_iv_h = "000000000001000000000001"; +// char* expected_iv_b = NULL; + +// int raw_tc_sdls_ping_len = 0; +// int new_iv_len = 0; +// int expected_iv_len = 0; + +// SaInterface sa_if = get_sa_interface_mariadb(); +// hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); +// hex_conversion(new_iv_h, &new_iv_b, &new_iv_len); +// hex_conversion(expected_iv_h, &expected_iv_b, &expected_iv_len); +// uint8_t* ptr_enc_frame = NULL; +// uint16_t enc_frame_len = 0; + +// int32_t return_val = CRYPTO_LIB_ERROR; + +// SecurityAssociation_t* test_association; + +// sa_if->sa_get_from_spi(4, &test_association); +// return_val = +// Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); +// free(ptr_enc_frame); +// ptr_enc_frame = NULL; +// return_val = +// Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); +// free(ptr_enc_frame); +// ptr_enc_frame = NULL; +// return_val = +// Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); +// free(ptr_enc_frame); +// ptr_enc_frame = NULL; +// return_val = +// Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); +// free(ptr_enc_frame); +// ptr_enc_frame = NULL; +// return_val = +// Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); - cleanup_sa(test_association); - sa_if->sa_get_from_spi(4, &test_association); - for (int i = 0; i < test_association->iv_len; i++) - { - printf("[%d] Truth: %02x, Actual: %02x\n", i, expected_iv_b[i], *(test_association->iv + i)); - ASSERT_EQ(expected_iv_b[i], *(test_association->iv + i)); - } - - Crypto_Shutdown(); - cleanup_sa(test_association); - free(expected_iv_b); - free(new_iv_b); - free(raw_tc_sdls_ping_b); - free(ptr_enc_frame); - ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); -} - -/** - * @brief Unit Test: Nominal Authorized Encryption With Partial IV Rollover, Static IV - **/ -UTEST(MARIA_DB, HAPPY_PATH_APPLY_STATIC_IV_ROLLOVER) -{ - int32_t status = CRYPTO_LIB_ERROR; - reload_db(); +// cleanup_sa(test_association); +// sa_if->sa_get_from_spi(4, &test_association); +// for (int i = 0; i < test_association->iv_len; i++) +// { +// printf("[%d] Truth: %02x, Actual: %02x\n", i, expected_iv_b[i], *(test_association->iv + i)); +// ASSERT_EQ(expected_iv_b[i], *(test_association->iv + i)); +// } + +// Crypto_Shutdown(); +// cleanup_sa(test_association); +// free(expected_iv_b); +// free(new_iv_b); +// free(raw_tc_sdls_ping_b); +// free(ptr_enc_frame); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); +// } + +// /** +// * @brief Unit Test: Nominal Authorized Encryption With Partial IV Rollover, Static IV +// **/ +// UTEST(MARIA_DB, HAPPY_PATH_APPLY_STATIC_IV_ROLLOVER) +// { +// int32_t status = CRYPTO_LIB_ERROR; +// reload_db(); - status = Crypto_Config_MariaDB(mysql_hostname, mysql_database, mysql_port, CRYPTO_FALSE, verify_server, ssl_ca, - ssl_capath, ssl_cert, ssl_key, client_key_password, mysql_username, mysql_password); - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - - - Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, - IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, - TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_TRUE, - TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_SIZE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_SIZE); - - status = Crypto_Init(); - - char* raw_tc_sdls_ping_h = "20030815000080d2c70008197f0b00310000b1fe3128"; - char* raw_tc_sdls_ping_b = NULL; - - char* new_iv_h = "FFFFFFFFFFFC"; - char* new_iv_b = NULL; - - char* expected_iv_h = "000000000000000000000001"; - char* expected_iv_b = NULL; - - int raw_tc_sdls_ping_len = 0; - int new_iv_len = 0; - int expected_iv_len = 0; - - SaInterface sa_if = get_sa_interface_mariadb(); - hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); - hex_conversion(new_iv_h, &new_iv_b, &new_iv_len); - hex_conversion(expected_iv_h, &expected_iv_b, &expected_iv_len); - uint8_t* ptr_enc_frame = NULL; - uint16_t enc_frame_len = 0; - - int32_t return_val = CRYPTO_LIB_ERROR; - - SecurityAssociation_t* test_association; - - sa_if->sa_get_from_spi(4, &test_association); - memcpy(test_association->iv, new_iv_b, new_iv_len); - return_val = - Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); - free(ptr_enc_frame); - ptr_enc_frame = NULL; - return_val = - Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); - free(ptr_enc_frame); - ptr_enc_frame = NULL; - return_val = - Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); - free(ptr_enc_frame); - ptr_enc_frame = NULL; - return_val = - Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); - free(ptr_enc_frame); - ptr_enc_frame = NULL; - return_val = - Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); - - cleanup_sa(test_association); - sa_if->sa_get_from_spi(4, &test_association); - for (int i = 0; i < test_association->iv_len; i++) - { - printf("[%d] Truth: %02x, Actual: %02x\n", i, expected_iv_b[i], *(test_association->iv + i)); - ASSERT_EQ(expected_iv_b[i], *(test_association->iv + i)); - } - - Crypto_Shutdown(); - cleanup_sa(test_association); - free(expected_iv_b); - free(new_iv_b); - free(raw_tc_sdls_ping_b); - free(ptr_enc_frame); - ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); -} - - -/** - * @brief Unit Test: Nominal Authorized Encryption With Partial ARSN Rollover, increment static ARSN - **/ -UTEST(MARIA_DB, HAPPY_PATH_APPLY_NONTRANSMITTED_INCREMENTING_ARSN_ROLLOVER) -{ - int32_t status = CRYPTO_LIB_ERROR; - reload_db(); +// status = Crypto_Config_MariaDB(mysql_hostname, mysql_database, mysql_port, CRYPTO_FALSE, verify_server, ssl_ca, +// ssl_capath, ssl_cert, ssl_key, client_key_password, mysql_username, mysql_password); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); + + +// Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, +// IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, +// TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_TRUE, +// TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_SIZE); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_SIZE); + +// status = Crypto_Init(); + +// char* raw_tc_sdls_ping_h = "20030815000080d2c70008197f0b00310000b1fe3128"; +// char* raw_tc_sdls_ping_b = NULL; + +// char* new_iv_h = "FFFFFFFFFFFC"; +// char* new_iv_b = NULL; + +// char* expected_iv_h = "000000000000000000000001"; +// char* expected_iv_b = NULL; + +// int raw_tc_sdls_ping_len = 0; +// int new_iv_len = 0; +// int expected_iv_len = 0; + +// SaInterface sa_if = get_sa_interface_mariadb(); +// hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); +// hex_conversion(new_iv_h, &new_iv_b, &new_iv_len); +// hex_conversion(expected_iv_h, &expected_iv_b, &expected_iv_len); +// uint8_t* ptr_enc_frame = NULL; +// uint16_t enc_frame_len = 0; + +// int32_t return_val = CRYPTO_LIB_ERROR; + +// SecurityAssociation_t* test_association; + +// sa_if->sa_get_from_spi(4, &test_association); +// memcpy(test_association->iv, new_iv_b, new_iv_len); +// return_val = +// Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); +// free(ptr_enc_frame); +// ptr_enc_frame = NULL; +// return_val = +// Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); +// free(ptr_enc_frame); +// ptr_enc_frame = NULL; +// return_val = +// Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); +// free(ptr_enc_frame); +// ptr_enc_frame = NULL; +// return_val = +// Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); +// free(ptr_enc_frame); +// ptr_enc_frame = NULL; +// return_val = +// Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); + +// cleanup_sa(test_association); +// sa_if->sa_get_from_spi(4, &test_association); +// for (int i = 0; i < test_association->iv_len; i++) +// { +// printf("[%d] Truth: %02x, Actual: %02x\n", i, expected_iv_b[i], *(test_association->iv + i)); +// ASSERT_EQ(expected_iv_b[i], *(test_association->iv + i)); +// } + +// Crypto_Shutdown(); +// cleanup_sa(test_association); +// free(expected_iv_b); +// free(new_iv_b); +// free(raw_tc_sdls_ping_b); +// free(ptr_enc_frame); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); +// } + + +// /** +// * @brief Unit Test: Nominal Authorized Encryption With Partial ARSN Rollover, increment static ARSN +// **/ +// UTEST(MARIA_DB, HAPPY_PATH_APPLY_NONTRANSMITTED_INCREMENTING_ARSN_ROLLOVER) +// { +// int32_t status = CRYPTO_LIB_ERROR; +// reload_db(); - status = Crypto_Config_MariaDB(mysql_hostname, mysql_database, mysql_port, CRYPTO_FALSE, verify_server, ssl_ca, - ssl_capath, ssl_cert, ssl_key, client_key_password, mysql_username, mysql_password); - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - - - Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, - IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, - TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_TRUE, - TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_SIZE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_SIZE); - - status = Crypto_Init(); - - char* raw_tc_sdls_ping_h = "20030C15000080d2c70008197f0b00310000b1fe3128"; - char* raw_tc_sdls_ping_b = NULL; - - char* new_arsn_h = "05FFFC"; - char* new_arsn_b = NULL; - - char* expected_arsn_h = "060001"; - char* expected_arsn_b = NULL; - - int raw_tc_sdls_ping_len = 0; - int new_arsn_len = 0; - int expected_arsn_len = 0; - - SaInterface sa_if = get_sa_interface_mariadb(); - - hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); - hex_conversion(new_arsn_h, &new_arsn_b, &new_arsn_len); - hex_conversion(expected_arsn_h, &expected_arsn_b, &expected_arsn_len); - uint8_t* ptr_enc_frame = NULL; - uint16_t enc_frame_len = 0; - - int32_t return_val = CRYPTO_LIB_ERROR; - - SecurityAssociation_t* test_association; - // Expose the SADB Security Association for test edits. - sa_if->sa_get_from_spi(5, &test_association); - - return_val = - Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); - ASSERT_EQ(CRYPTO_LIB_SUCCESS,return_val); - free(ptr_enc_frame); - ptr_enc_frame = NULL; - cleanup_sa(test_association); - sa_if->sa_get_from_spi(5, &test_association); - return_val = - Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); - ASSERT_EQ(CRYPTO_LIB_SUCCESS,return_val); - free(ptr_enc_frame); - ptr_enc_frame = NULL; - cleanup_sa(test_association); - sa_if->sa_get_from_spi(5, &test_association); - return_val = - Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); - ASSERT_EQ(CRYPTO_LIB_SUCCESS,return_val); - free(ptr_enc_frame); - ptr_enc_frame = NULL; - cleanup_sa(test_association); - sa_if->sa_get_from_spi(5, &test_association); - return_val = - Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); - ASSERT_EQ(CRYPTO_LIB_SUCCESS,return_val); - free(ptr_enc_frame); - ptr_enc_frame = NULL; - cleanup_sa(test_association); - sa_if->sa_get_from_spi(5, &test_association); - return_val = - Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); - ASSERT_EQ(CRYPTO_LIB_SUCCESS,return_val); +// status = Crypto_Config_MariaDB(mysql_hostname, mysql_database, mysql_port, CRYPTO_FALSE, verify_server, ssl_ca, +// ssl_capath, ssl_cert, ssl_key, client_key_password, mysql_username, mysql_password); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); + + +// Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, +// IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, +// TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_TRUE, +// TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_SIZE); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_SIZE); + +// status = Crypto_Init(); + +// char* raw_tc_sdls_ping_h = "20030C15000080d2c70008197f0b00310000b1fe3128"; +// char* raw_tc_sdls_ping_b = NULL; + +// char* new_arsn_h = "05FFFC"; +// char* new_arsn_b = NULL; + +// char* expected_arsn_h = "060001"; +// char* expected_arsn_b = NULL; + +// int raw_tc_sdls_ping_len = 0; +// int new_arsn_len = 0; +// int expected_arsn_len = 0; + +// SaInterface sa_if = get_sa_interface_mariadb(); + +// hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); +// hex_conversion(new_arsn_h, &new_arsn_b, &new_arsn_len); +// hex_conversion(expected_arsn_h, &expected_arsn_b, &expected_arsn_len); +// uint8_t* ptr_enc_frame = NULL; +// uint16_t enc_frame_len = 0; + +// int32_t return_val = CRYPTO_LIB_ERROR; + +// SecurityAssociation_t* test_association; +// // Expose the SADB Security Association for test edits. +// sa_if->sa_get_from_spi(5, &test_association); + +// return_val = +// Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS,return_val); +// free(ptr_enc_frame); +// ptr_enc_frame = NULL; +// cleanup_sa(test_association); +// sa_if->sa_get_from_spi(5, &test_association); +// return_val = +// Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS,return_val); +// free(ptr_enc_frame); +// ptr_enc_frame = NULL; +// cleanup_sa(test_association); +// sa_if->sa_get_from_spi(5, &test_association); +// return_val = +// Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS,return_val); +// free(ptr_enc_frame); +// ptr_enc_frame = NULL; +// cleanup_sa(test_association); +// sa_if->sa_get_from_spi(5, &test_association); +// return_val = +// Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS,return_val); +// free(ptr_enc_frame); +// ptr_enc_frame = NULL; +// cleanup_sa(test_association); +// sa_if->sa_get_from_spi(5, &test_association); +// return_val = +// Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS,return_val); - cleanup_sa(test_association); +// cleanup_sa(test_association); - printf("Expected ARSN:\n"); - Crypto_hexprint(expected_arsn_b,expected_arsn_len); - printf("Actual SA ARSN:\n"); - sa_if->sa_get_from_spi(5, &test_association); - Crypto_hexprint(test_association->arsn,test_association->arsn_len); +// printf("Expected ARSN:\n"); +// Crypto_hexprint(expected_arsn_b,expected_arsn_len); +// printf("Actual SA ARSN:\n"); +// sa_if->sa_get_from_spi(5, &test_association); +// Crypto_hexprint(test_association->arsn,test_association->arsn_len); - for (int i = 0; i < test_association->arsn_len; i++) - { - printf("[%d] Truth: %02x, Actual: %02x\n", i, expected_arsn_b[i], *(test_association->arsn + i)); - ASSERT_EQ(expected_arsn_b[i], *(test_association->arsn + i)); - } +// for (int i = 0; i < test_association->arsn_len; i++) +// { +// printf("[%d] Truth: %02x, Actual: %02x\n", i, expected_arsn_b[i], *(test_association->arsn + i)); +// ASSERT_EQ(expected_arsn_b[i], *(test_association->arsn + i)); +// } - //Must shutdown after checking test_association ARSN since that will get freed! +// //Must shutdown after checking test_association ARSN since that will get freed! - cleanup_sa(test_association); - free(expected_arsn_b); - free(new_arsn_b); - Crypto_Shutdown(); - free(raw_tc_sdls_ping_b); - free(ptr_enc_frame); -} - -/** - * @brief Unit Test: Bad Spacecraft ID - * This should pass the flawed hex string, and return CRYPTO_LIB_ERR_INVALID_SCID - * Bad Space Craft ID. This should pass the flawed .dat file, and return MANAGED_PARAMETERS_FOR_GVCID_NOT_FOUND - **/ -UTEST(MARIA_DB, BAD_SPACE_CRAFT_ID) -{ - int32_t status = CRYPTO_LIB_ERROR; - reload_db(); +// cleanup_sa(test_association); +// free(expected_arsn_b); +// free(new_arsn_b); +// Crypto_Shutdown(); +// free(raw_tc_sdls_ping_b); +// free(ptr_enc_frame); +// } + +// /** +// * @brief Unit Test: Bad Spacecraft ID +// * This should pass the flawed hex string, and return CRYPTO_LIB_ERR_INVALID_SCID +// * Bad Space Craft ID. This should pass the flawed .dat file, and return MANAGED_PARAMETERS_FOR_GVCID_NOT_FOUND +// **/ +// UTEST(MARIA_DB, BAD_SPACE_CRAFT_ID) +// { +// int32_t status = CRYPTO_LIB_ERROR; +// reload_db(); - status = Crypto_Config_MariaDB(mysql_hostname, mysql_database, mysql_port, CRYPTO_FALSE, verify_server, ssl_ca, - ssl_capath, ssl_cert, ssl_key, client_key_password, mysql_username, mysql_password); - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); +// status = Crypto_Config_MariaDB(mysql_hostname, mysql_database, mysql_port, CRYPTO_FALSE, verify_server, ssl_ca, +// ssl_capath, ssl_cert, ssl_key, client_key_password, mysql_username, mysql_password); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, - IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, - TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_TRUE, - TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_SIZE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_SIZE); +// Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, +// IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, +// TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_TRUE, +// TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_SIZE); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_SIZE); - status = Crypto_Init(); +// status = Crypto_Init(); - char* raw_tc_sdls_ping_bad_scid_h = "20010015000080d2c70008197f0b00310000b1fe3128"; - char* raw_tc_sdls_ping_bad_scid_b = NULL; - int raw_tc_sdls_ping_bad_scid_len = 0; +// char* raw_tc_sdls_ping_bad_scid_h = "20010015000080d2c70008197f0b00310000b1fe3128"; +// char* raw_tc_sdls_ping_bad_scid_b = NULL; +// int raw_tc_sdls_ping_bad_scid_len = 0; - hex_conversion(raw_tc_sdls_ping_bad_scid_h, &raw_tc_sdls_ping_bad_scid_b, &raw_tc_sdls_ping_bad_scid_len); +// hex_conversion(raw_tc_sdls_ping_bad_scid_h, &raw_tc_sdls_ping_bad_scid_b, &raw_tc_sdls_ping_bad_scid_len); - uint8_t* ptr_enc_frame = NULL; - uint16_t enc_frame_len = 0; +// uint8_t* ptr_enc_frame = NULL; +// uint16_t enc_frame_len = 0; - int32_t return_val = Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_bad_scid_b, raw_tc_sdls_ping_bad_scid_len, - &ptr_enc_frame, &enc_frame_len); - free(raw_tc_sdls_ping_bad_scid_b); - free(ptr_enc_frame); - Crypto_Shutdown(); - ASSERT_EQ(MANAGED_PARAMETERS_FOR_GVCID_NOT_FOUND, return_val); -} +// int32_t return_val = Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_bad_scid_b, raw_tc_sdls_ping_bad_scid_len, +// &ptr_enc_frame, &enc_frame_len); +// free(raw_tc_sdls_ping_bad_scid_b); +// free(ptr_enc_frame); +// Crypto_Shutdown(); +// ASSERT_EQ(MANAGED_PARAMETERS_FOR_GVCID_NOT_FOUND, return_val); +// } UTEST_MAIN(); \ No newline at end of file diff --git a/test/kmc/ut_tc_kmc.c b/test/kmc/ut_tc_kmc.c index f1747e88..466e9a64 100644 --- a/test/kmc/ut_tc_kmc.c +++ b/test/kmc/ut_tc_kmc.c @@ -30,14 +30,10 @@ #include #include -#ifdef KMC_MDB_RH - #define CLIENT_CERTIFICATE "/certs/redhat-cert.pem" - #define CLIENT_CERTIFICATE_KEY "/certs/redhat-key.pem" -#else - /* KMC_MDB_DB */ - #define CLIENT_CERTIFICATE "/certs/debian-cert.pem" - #define CLIENT_CERTIFICATE_KEY "/certs/debian-key.pem" -#endif +#define KMC_HOSTNAME "itc.kmc.nasa.gov" +#define CA_PATH "/home/itc/Desktop/kmc_oci-3.5.0/files/tls/ammos-ca-bundle.crt" +#define CLIENT_CERTIFICATE "/home/itc/Desktop/kmc_oci-3.5.0/files/tls/ammos-server-cert.pem" +#define CLIENT_CERTIFICATE_KEY "/home/itc/Desktop/kmc_oci-3.5.0/files/tls/ammos-server-key.pem" /** * @brief Error Function for MDB_DB_RESET @@ -51,6 +47,14 @@ void finish_with_error(MYSQL *con) exit(1); } +void reload_db(void) +{ + printf("Resetting Database\n"); + system("mysql --host=itc.kmc.nasa.gov -u cryptosvc --ssl-ca=/home/itc/Desktop/kmc_oci-3.5.0/files/tls/ammos-ca-bundle.crt --ssl-verify-server-cert --ssl-cert=/home/itc/Desktop/kmc_oci-3.5.0/files/tls/ammos-server-cert.pem --ssl-key=/home/itc/Desktop/kmc_oci-3.5.0/files/tls/ammos-server-key.pem < src/sa/sadb_mariadb_sql/empty_sadb.sql"); + printf("first call done\n"); + system("mysql --host=itc.kmc.nasa.gov -u cryptosvc --ssl-ca=/home/itc/Desktop/kmc_oci-3.5.0/files/tls/ammos-ca-bundle.crt --ssl-verify-server-cert --ssl-cert=/home/itc/Desktop/kmc_oci-3.5.0/files/tls/ammos-server-cert.pem --ssl-key=/home/itc/Desktop/kmc_oci-3.5.0/files/tls/ammos-server-key.pem < src/sa/test_sadb_mariadb_sql/create_sadb_ivv_unit_tests.sql"); +} + /** * @brief MariaDB: Table Cleanup for Unit Tests * Be sure to use only after initialization @@ -119,44 +123,50 @@ void MDB_DB_RESET() **/ UTEST(TC_APPLY_SECURITY, HAPPY_PATH_ENC_CBC_KMC) { + reload_db(); // Setup & Initialize CryptoLib -<<<<<<< HEAD - Crypto_Config_CryptoLib(KEY_TYPE_KMC, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, -======= - Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, ->>>>>>> origin/dev - IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_CRYPTO_MODULE, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + Crypto_Config_MariaDB(KMC_HOSTNAME,"sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, CA_PATH, NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", "changeit"); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t TC_UT_Managed_Parameters0 = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, AOS_NO_OCF, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters0); + GvcidManagedParameters_t TC_UT_Managed_Parameters1 = {0, 0x0003, 1, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, AOS_NO_OCF, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters1); + GvcidManagedParameters_t TC_UT_Managed_Parameters2 = {0, 0x0003, 2, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, AOS_NO_OCF, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters2); + GvcidManagedParameters_t TC_UT_Managed_Parameters3 = {0, 0x0003, 3, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, AOS_NO_OCF, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters3); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t return_val = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); char* raw_tc_sdls_ping_h = "20030015000080d2c70008197f0b00310000b1fe3128"; char* raw_tc_sdls_ping_b = NULL; int raw_tc_sdls_ping_len = 0; - SaInterface sa_if = get_sa_interface_inmemory(); + // SaInterface sa_if = get_sa_interface_inmemory(); hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); uint8_t* ptr_enc_frame = NULL; uint16_t enc_frame_len = 0; - SecurityAssociation_t* test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); + // SecurityAssociation_t* test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Expose the SADB Security Association for test edits. - sa_if->sa_get_from_spi(1, &test_association); - test_association->sa_state = SA_NONE; - sa_if->sa_get_from_spi(11, &test_association); - test_association->arsn_len = 0; - test_association->shsnf_len = 0; - test_association->ast = 0; - test_association->stmacf_len = 0; - test_association->sa_state = SA_OPERATIONAL; - sa_if->sa_get_from_spi(11, &test_association); + // sa_if->sa_get_from_spi(1, &test_association); + // test_association->sa_state = SA_NONE; + // sa_if->sa_get_from_spi(11, &test_association); + // test_association->arsn_len = 0; + // test_association->shsnf_len = 0; + // test_association->ast = 0; + // test_association->stmacf_len = 0; + // test_association->sa_state = SA_OPERATIONAL; + // sa_if->sa_get_from_spi(11, &test_association); return_val = Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); @@ -179,1060 +189,1060 @@ UTEST(TC_APPLY_SECURITY, HAPPY_PATH_ENC_CBC_KMC) ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); } -/** - * @brief Unit Test: Encryption CBC KMC 1 Byte of padding - **/ -UTEST(TC_APPLY_SECURITY, ENC_CBC_KMC_1BP) -{ - // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, - IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, - TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, - TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - int32_t return_val = Crypto_Init(); - ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); - - char* raw_tc_sdls_ping_h = "20030016000080d2c70008197f0b0031000000b1fe3128"; - char* raw_tc_sdls_ping_b = NULL; - int raw_tc_sdls_ping_len = 0; - SaInterface sa_if = get_sa_interface_inmemory(); - - hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); - - uint8_t* ptr_enc_frame = NULL; - uint16_t enc_frame_len = 0; - - SecurityAssociation_t* test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); - // Expose the SADB Security Association for test edits. - sa_if->sa_get_from_spi(1, &test_association); - test_association->sa_state = SA_NONE; - sa_if->sa_get_from_spi(11, &test_association); - printf("SPI: %d\n", test_association->spi); - test_association->sa_state = SA_OPERATIONAL; - test_association->ast = 0; - test_association->arsn_len = 0; - sa_if->sa_get_from_spi(11, &test_association); - return_val = - Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); - - char* truth_data_h = "2003002A0000000B00000000000000000000000000000000011C1741A95DE7EF6FCF2B20B6F09E9FD29988"; - uint8_t* truth_data_b = NULL; - int truth_data_l = 0; - - hex_conversion(truth_data_h, (char **)&truth_data_b, &truth_data_l); - //printf("Encrypted Frame:\n"); - for(int i = 0; i < enc_frame_len; i++) - { - //printf("%02x -> %02x ", ptr_enc_frame[i], truth_data_b[i]); - ASSERT_EQ(ptr_enc_frame[i], truth_data_b[i]); - } - //printf("\n"); - - Crypto_Shutdown(); - free(raw_tc_sdls_ping_b); - free(ptr_enc_frame); - ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); -} - -/** - * @brief Unit Test: Encryption CBC KMC 16 Bytes of padding - **/ -UTEST(TC_APPLY_SECURITY, ENC_CBC_KMC_16BP) -{ - // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, - IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, - TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, - TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - int32_t return_val = Crypto_Init(); - ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); - - char* raw_tc_sdls_ping_h = "20030017000080d2c70008197f0b003100000000b1fe3128"; - char* raw_tc_sdls_ping_b = NULL; - int raw_tc_sdls_ping_len = 0; - SaInterface sa_if = get_sa_interface_inmemory(); - - hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); - - uint8_t* ptr_enc_frame = NULL; - uint16_t enc_frame_len = 0; - - SecurityAssociation_t* test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); - // Expose the SADB Security Association for test edits. - sa_if->sa_get_from_spi(1, &test_association); - test_association->sa_state = SA_NONE; - sa_if->sa_get_from_spi(11, &test_association); - printf("SPI: %d\n", test_association->spi); - test_association->sa_state = SA_OPERATIONAL; - test_association->ast = 0; - test_association->arsn_len = 0; - sa_if->sa_get_from_spi(11, &test_association); - return_val = - Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); - - char* truth_data_h = "2003003A0000000B00000000000000000000000000000000103970EAE4C05ACD1B0C348FDA174DF73EF0E2D603996C4B78B992CD60918729D3A47A"; - uint8_t* truth_data_b = NULL; - int truth_data_l = 0; - - hex_conversion(truth_data_h, (char **)&truth_data_b, &truth_data_l); - //printf("Encrypted Frame:\n"); - for(int i = 0; i < enc_frame_len; i++) - { - //printf("%02x -> %02x ", ptr_enc_frame[i], truth_data_b[i]); - ASSERT_EQ(ptr_enc_frame[i], truth_data_b[i]); - } - printf("\n"); - - Crypto_Shutdown(); - free(raw_tc_sdls_ping_b); - free(ptr_enc_frame); - ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); -} - -/** - * @brief Unit Test: Nominal Encryption CBC KMC - * Frame is max size for this test. Any encrypted data of length greater than 1007 bytes, - * will cause frame length exception. - **/ -UTEST(TC_APPLY_SECURITY, ENC_CBC_KMC_FRAME_MAX) -{ - // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, - IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, - TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, - TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - int32_t return_val = Crypto_Init(); - ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); - - char* raw_tc_sdls_ping_h = "200303E6000080d2c70008197f0b00310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b1fed255"; - char* raw_tc_sdls_ping_b = NULL; - int raw_tc_sdls_ping_len = 0; - SaInterface sa_if = get_sa_interface_inmemory(); - - hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); - - uint8_t* ptr_enc_frame = NULL; - uint16_t enc_frame_len = 0; - - SecurityAssociation_t* test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); - // Expose the SADB Security Association for test edits. - sa_if->sa_get_from_spi(1, &test_association); - test_association->sa_state = SA_NONE; - sa_if->sa_get_from_spi(11, &test_association); - test_association->sa_state = SA_OPERATIONAL; - test_association->ast = 0; - test_association->arsn_len = 0; - sa_if->sa_get_from_spi(11, &test_association); - return_val = - Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); - - Crypto_Shutdown(); - free(raw_tc_sdls_ping_b); - free(ptr_enc_frame); - ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); -} - -/** - * @brief Unit Test: Encryption CBC KMC - * Frame is 1 byte too large for this test. Any encrypted data of length greater than 1007 bytes, - * will cause frame length exception. - **/ -UTEST(TC_APPLY_SECURITY, ENC_CBC_KMC_FRAME_TOO_BIG) -{ - // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, - IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, - TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, - TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - int32_t return_val = Crypto_Init(); - ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); - - char* raw_tc_sdls_ping_h = "200303F7000080d2c70008197f0b0031000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b1fed255"; - char* raw_tc_sdls_ping_b = NULL; - int raw_tc_sdls_ping_len = 0; - SaInterface sa_if = get_sa_interface_inmemory(); - - hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); - - uint8_t* ptr_enc_frame = NULL; - uint16_t enc_frame_len = 0; - - SecurityAssociation_t* test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); - // Expose the SADB Security Association for test edits. - sa_if->sa_get_from_spi(1, &test_association); - test_association->sa_state = SA_NONE; - sa_if->sa_get_from_spi(11, &test_association); - test_association->sa_state = SA_OPERATIONAL; - test_association->ast = 0; - test_association->arsn_len = 0; - sa_if->sa_get_from_spi(11, &test_association); - return_val = - Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); - - Crypto_Shutdown(); - free(raw_tc_sdls_ping_b); - free(ptr_enc_frame); - ASSERT_EQ(CRYPTO_LIB_ERR_TC_FRAME_SIZE_EXCEEDS_SPEC_LIMIT, return_val); -} - -/** - * @brief Unit Test: Nominal Encryption CBC KMC, with no supplied IV - **/ -UTEST(TC_APPLY_SECURITY, ENC_CBC_KMC_NULL_IV) -{ - // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, - IV_CRYPTO_MODULE, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, - TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, - TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - int32_t return_val = Crypto_Init(); - ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); +// /** +// * @brief Unit Test: Encryption CBC KMC 1 Byte of padding +// **/ +// UTEST(TC_APPLY_SECURITY, ENC_CBC_KMC_1BP) +// { +// // Setup & Initialize CryptoLib +// Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, +// IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, +// TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, +// TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); +// Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// int32_t return_val = Crypto_Init(); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); + +// char* raw_tc_sdls_ping_h = "20030016000080d2c70008197f0b0031000000b1fe3128"; +// char* raw_tc_sdls_ping_b = NULL; +// int raw_tc_sdls_ping_len = 0; +// SaInterface sa_if = get_sa_interface_inmemory(); + +// hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); + +// uint8_t* ptr_enc_frame = NULL; +// uint16_t enc_frame_len = 0; + +// SecurityAssociation_t* test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); +// // Expose the SADB Security Association for test edits. +// sa_if->sa_get_from_spi(1, &test_association); +// test_association->sa_state = SA_NONE; +// sa_if->sa_get_from_spi(11, &test_association); +// printf("SPI: %d\n", test_association->spi); +// test_association->sa_state = SA_OPERATIONAL; +// test_association->ast = 0; +// test_association->arsn_len = 0; +// sa_if->sa_get_from_spi(11, &test_association); +// return_val = +// Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); + +// char* truth_data_h = "2003002A0000000B00000000000000000000000000000000011C1741A95DE7EF6FCF2B20B6F09E9FD29988"; +// uint8_t* truth_data_b = NULL; +// int truth_data_l = 0; + +// hex_conversion(truth_data_h, (char **)&truth_data_b, &truth_data_l); +// //printf("Encrypted Frame:\n"); +// for(int i = 0; i < enc_frame_len; i++) +// { +// //printf("%02x -> %02x ", ptr_enc_frame[i], truth_data_b[i]); +// ASSERT_EQ(ptr_enc_frame[i], truth_data_b[i]); +// } +// //printf("\n"); + +// Crypto_Shutdown(); +// free(raw_tc_sdls_ping_b); +// free(ptr_enc_frame); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); +// } + +// /** +// * @brief Unit Test: Encryption CBC KMC 16 Bytes of padding +// **/ +// UTEST(TC_APPLY_SECURITY, ENC_CBC_KMC_16BP) +// { +// // Setup & Initialize CryptoLib +// Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, +// IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, +// TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, +// TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); +// Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// int32_t return_val = Crypto_Init(); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); + +// char* raw_tc_sdls_ping_h = "20030017000080d2c70008197f0b003100000000b1fe3128"; +// char* raw_tc_sdls_ping_b = NULL; +// int raw_tc_sdls_ping_len = 0; +// SaInterface sa_if = get_sa_interface_inmemory(); + +// hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); + +// uint8_t* ptr_enc_frame = NULL; +// uint16_t enc_frame_len = 0; + +// SecurityAssociation_t* test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); +// // Expose the SADB Security Association for test edits. +// sa_if->sa_get_from_spi(1, &test_association); +// test_association->sa_state = SA_NONE; +// sa_if->sa_get_from_spi(11, &test_association); +// printf("SPI: %d\n", test_association->spi); +// test_association->sa_state = SA_OPERATIONAL; +// test_association->ast = 0; +// test_association->arsn_len = 0; +// sa_if->sa_get_from_spi(11, &test_association); +// return_val = +// Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); + +// char* truth_data_h = "2003003A0000000B00000000000000000000000000000000103970EAE4C05ACD1B0C348FDA174DF73EF0E2D603996C4B78B992CD60918729D3A47A"; +// uint8_t* truth_data_b = NULL; +// int truth_data_l = 0; + +// hex_conversion(truth_data_h, (char **)&truth_data_b, &truth_data_l); +// //printf("Encrypted Frame:\n"); +// for(int i = 0; i < enc_frame_len; i++) +// { +// //printf("%02x -> %02x ", ptr_enc_frame[i], truth_data_b[i]); +// ASSERT_EQ(ptr_enc_frame[i], truth_data_b[i]); +// } +// printf("\n"); + +// Crypto_Shutdown(); +// free(raw_tc_sdls_ping_b); +// free(ptr_enc_frame); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); +// } + +// /** +// * @brief Unit Test: Nominal Encryption CBC KMC +// * Frame is max size for this test. Any encrypted data of length greater than 1007 bytes, +// * will cause frame length exception. +// **/ +// UTEST(TC_APPLY_SECURITY, ENC_CBC_KMC_FRAME_MAX) +// { +// // Setup & Initialize CryptoLib +// Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, +// IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, +// TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, +// TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); +// Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// int32_t return_val = Crypto_Init(); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); + +// char* raw_tc_sdls_ping_h = "200303E6000080d2c70008197f0b00310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b1fed255"; +// char* raw_tc_sdls_ping_b = NULL; +// int raw_tc_sdls_ping_len = 0; +// SaInterface sa_if = get_sa_interface_inmemory(); + +// hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); + +// uint8_t* ptr_enc_frame = NULL; +// uint16_t enc_frame_len = 0; + +// SecurityAssociation_t* test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); +// // Expose the SADB Security Association for test edits. +// sa_if->sa_get_from_spi(1, &test_association); +// test_association->sa_state = SA_NONE; +// sa_if->sa_get_from_spi(11, &test_association); +// test_association->sa_state = SA_OPERATIONAL; +// test_association->ast = 0; +// test_association->arsn_len = 0; +// sa_if->sa_get_from_spi(11, &test_association); +// return_val = +// Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); + +// Crypto_Shutdown(); +// free(raw_tc_sdls_ping_b); +// free(ptr_enc_frame); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); +// } + +// /** +// * @brief Unit Test: Encryption CBC KMC +// * Frame is 1 byte too large for this test. Any encrypted data of length greater than 1007 bytes, +// * will cause frame length exception. +// **/ +// UTEST(TC_APPLY_SECURITY, ENC_CBC_KMC_FRAME_TOO_BIG) +// { +// // Setup & Initialize CryptoLib +// Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, +// IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, +// TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, +// TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); +// Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// int32_t return_val = Crypto_Init(); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); + +// char* raw_tc_sdls_ping_h = "200303F7000080d2c70008197f0b0031000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b1fed255"; +// char* raw_tc_sdls_ping_b = NULL; +// int raw_tc_sdls_ping_len = 0; +// SaInterface sa_if = get_sa_interface_inmemory(); + +// hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); + +// uint8_t* ptr_enc_frame = NULL; +// uint16_t enc_frame_len = 0; + +// SecurityAssociation_t* test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); +// // Expose the SADB Security Association for test edits. +// sa_if->sa_get_from_spi(1, &test_association); +// test_association->sa_state = SA_NONE; +// sa_if->sa_get_from_spi(11, &test_association); +// test_association->sa_state = SA_OPERATIONAL; +// test_association->ast = 0; +// test_association->arsn_len = 0; +// sa_if->sa_get_from_spi(11, &test_association); +// return_val = +// Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); + +// Crypto_Shutdown(); +// free(raw_tc_sdls_ping_b); +// free(ptr_enc_frame); +// ASSERT_EQ(CRYPTO_LIB_ERR_TC_FRAME_SIZE_EXCEEDS_SPEC_LIMIT, return_val); +// } + +// /** +// * @brief Unit Test: Nominal Encryption CBC KMC, with no supplied IV +// **/ +// UTEST(TC_APPLY_SECURITY, ENC_CBC_KMC_NULL_IV) +// { +// // Setup & Initialize CryptoLib +// Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, +// IV_CRYPTO_MODULE, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, +// TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, +// TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); +// Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// int32_t return_val = Crypto_Init(); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); + +// char* raw_tc_sdls_ping_h = "20030015000080d2c70008197f0b00310000b1fe3128"; +// char* raw_tc_sdls_ping_b = NULL; +// int raw_tc_sdls_ping_len = 0; +// SaInterface sa_if = get_sa_interface_inmemory(); + +// hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); + +// uint8_t* ptr_enc_frame = NULL; +// uint16_t enc_frame_len = 0; + +// SecurityAssociation_t* test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); +// // Expose the SADB Security Association for test edits. +// sa_if->sa_get_from_spi(1, &test_association); +// test_association->sa_state = SA_NONE; +// sa_if->sa_get_from_spi(11, &test_association); +// printf("SPI: %d\n", test_association->spi); +// test_association->sa_state = SA_OPERATIONAL; +// test_association->ast = 0; +// test_association->est = 1; +// test_association->stmacf_len = 0; +// test_association->ecs = CRYPTO_CIPHER_AES256_CBC; +// test_association->acs_len = 1; +// test_association->acs = 0; +// test_association->arsn_len = 0; +// sa_if->sa_get_from_spi(11, &test_association); +// return_val = +// Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); + +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); + +// Crypto_Shutdown(); +// free(raw_tc_sdls_ping_b); +// free(ptr_enc_frame); +// } + +// /** +// * @brief Unit Test: Nominal Encryption CBC KMC, with no supplied IV +// **/ +// UTEST(TC_APPLY_SECURITY, ENC_GCM_KMC_NULL_IV) +// { +// // Setup & Initialize CryptoLib +// Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, +// IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, +// TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, +// TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); +// Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// int32_t return_val = Crypto_Init(); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); +// // // 200300230000000B000000000000000000000000852DDEFF8FCD93567F271E192C07F126 +// char* raw_tc_sdls_ping_h = "20030015000080d2c70008197f0b00310000b1fe3128"; +// char* raw_tc_sdls_ping_b = NULL; +// int raw_tc_sdls_ping_len = 0; +// SaInterface sa_if = get_sa_interface_inmemory(); + +// hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); + +// uint8_t* ptr_enc_frame = NULL; +// uint16_t enc_frame_len = 0; + +// SecurityAssociation_t* test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); +// // Expose the SADB Security Association for test edits. +// sa_if->sa_get_from_spi(1, &test_association); +// test_association->sa_state = SA_NONE; +// sa_if->sa_get_from_spi(11, &test_association); +// printf("SPI: %d\n", test_association->spi); +// test_association->sa_state = SA_OPERATIONAL; +// test_association->ast = 1; +// test_association->est = 1; +// test_association->stmacf_len = 16; +// test_association->shplf_len = 0; +// test_association->ecs = CRYPTO_CIPHER_AES256_GCM; +// test_association->acs_len = 1; +// test_association->acs = 0; +// test_association->arsn_len = 0; +// test_association->iv_len = 12; +// test_association->shivf_len = 12; +// test_association->ecs = 0x01; +// return_val = +// Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); + +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); + +// Crypto_Shutdown(); +// free(raw_tc_sdls_ping_b); +// free(ptr_enc_frame); +// } + +// //********************************* Encryption Tests MDB + KMC *******************************************************************// +// /** +// * @brief Unit Test: Nominal Encryption CBC MDB KMC +// **/ +// UTEST(TC_APPLY_SECURITY, HAPPY_PATH_ENC_CBC_MDB_KMC) +// { +// // Setup & Initialize CryptoLib +// Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, +// IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, +// TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, +// TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); +// Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); +// Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); + +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 6, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// int32_t return_val = Crypto_Init(); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); + +// char* raw_tc_sdls_ping_h = "20031815000080d2c70008197f0b00310000b1fe3128"; +// char* raw_tc_sdls_ping_b = NULL; +// int raw_tc_sdls_ping_len = 0; +// //SaInterface sa_if = get_sa_interface_inmemory(); + +// hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); + +// uint8_t* ptr_enc_frame = NULL; +// uint16_t enc_frame_len = 0; + +// return_val = +// Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); + +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); + +// Crypto_Shutdown(); +// free(raw_tc_sdls_ping_b); +// free(ptr_enc_frame); +// } + +// /** +// * @brief Unit Test: Encryption CBC MDB KMC 1 Byte of padding +// **/ +// UTEST(TC_APPLY_SECURITY, ENC_CBC_MDB_KMC_1BP) +// { +// // Setup & Initialize CryptoLib +// Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, +// IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, +// TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, +// TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); +// Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); +// Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 6, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// int32_t return_val = Crypto_Init(); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); + +// char* raw_tc_sdls_ping_h = "20031816000080d2c70008197f0b0031000000b1fe3128"; +// char* raw_tc_sdls_ping_b = NULL; +// int raw_tc_sdls_ping_len = 0; + +// hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); + +// uint8_t* ptr_enc_frame = NULL; +// uint16_t enc_frame_len = 0; + +// return_val = +// Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); + +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); + +// char* truth_data_h = "2003182A0000001200000000000000000000000000000002011D90CE80C259660B229B6C1783C80E898D52"; +// uint8_t* truth_data_b = NULL; +// int truth_data_l = 0; + +// hex_conversion(truth_data_h, (char **)&truth_data_b, &truth_data_l); +// printf("Encrypted Frame:\n"); +// for(int i = 0; i < enc_frame_len; i++) +// { +// printf("%02x -> %02x ", ptr_enc_frame[i], truth_data_b[i]); +// ASSERT_EQ(ptr_enc_frame[i], truth_data_b[i]); +// } +// printf("\n"); + +// Crypto_Shutdown(); +// //free(raw_tc_sdls_ping_b); +// //free(ptr_enc_frame); +// } + +// /** +// * @brief Unit Test: Encryption CBC MDB KMC 16 Bytes of padding +// **/ +// UTEST(TC_APPLY_SECURITY, ENC_CBC_MDB_KMC_16BP) +// { +// // Setup & Initialize CryptoLib +// Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, +// IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, +// TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, +// TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); +// Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); +// Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 6, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// int32_t return_val = Crypto_Init(); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); + +// char* raw_tc_sdls_ping_h = "20031817000080d2c70008197f0b003100000000b1fe3128"; +// char* raw_tc_sdls_ping_b = NULL; +// int raw_tc_sdls_ping_len = 0; + +// hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); + +// uint8_t* ptr_enc_frame = NULL; +// uint16_t enc_frame_len = 0; + +// return_val = +// Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); + +// char* truth_data_h = "2003183A000000120000000000000000000000000000000310CA8B21BCB5AFB1A306CDC96C80C9208D00EB961E3F61D355E30F01CFDCCC7D026D56"; +// uint8_t* truth_data_b = NULL; +// int truth_data_l = 0; + +// hex_conversion(truth_data_h, (char **)&truth_data_b, &truth_data_l); +// //printf("Encrypted Frame:\n"); +// for(int i = 0; i < enc_frame_len; i++) +// { +// //printf("%02x -> %02x ", ptr_enc_frame[i], truth_data_b[i]); +// ASSERT_EQ(ptr_enc_frame[i], truth_data_b[i]); +// } +// printf("\n"); + +// Crypto_Shutdown(); +// free(raw_tc_sdls_ping_b); +// free(ptr_enc_frame); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); +// } + +// /** +// * @brief Unit Test: Nominal Encryption CBC MDB KMC +// * Frame is max size for this test. Any encrypted data of length greater than 1007 bytes, +// * will cause frame length exception. +// **/ +// UTEST(TC_APPLY_SECURITY, ENC_CBC_MDB_KMC_FRAME_MAX) +// { +// // Setup & Initialize CryptoLib +// Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, +// IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, +// TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, +// TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); +// Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); +// Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 6, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// int32_t return_val = Crypto_Init(); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); + +// char* raw_tc_sdls_ping_h = "20031BE0000080d2c70008197f0b003100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b1fed255"; +// char* raw_tc_sdls_ping_b = NULL; +// int raw_tc_sdls_ping_len = 0; +// SaInterface sa_if = get_sa_interface_inmemory(); + +// hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); + +// uint8_t* ptr_enc_frame = NULL; +// uint16_t enc_frame_len = 0; + +// SecurityAssociation_t* test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); +// // Expose the SADB Security Association for test edits. +// sa_if->sa_get_from_spi(1, &test_association); +// test_association->sa_state = SA_NONE; +// sa_if->sa_get_from_spi(11, &test_association); +// test_association->sa_state = SA_OPERATIONAL; +// test_association->ast = 0; +// test_association->arsn_len = 0; +// sa_if->sa_get_from_spi(11, &test_association); +// return_val = +// Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); + +// Crypto_Shutdown(); +// free(raw_tc_sdls_ping_b); +// free(ptr_enc_frame); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); +// } + +// /** +// * @brief Unit Test: Encryption CBC MDB KMC +// * Frame is 1 byte too large for this test. Any encrypted data of length greater than 1007 bytes, +// * will cause frame length exception. +// **/ +// UTEST(TC_APPLY_SECURITY, ENC_CBC_MDB_KMC_FRAME_TOO_BIG) +// { +// // Setup & Initialize CryptoLib +// Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, +// IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, +// TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, +// TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); +// Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); +// Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// int32_t return_val = Crypto_Init(); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); + +// char* raw_tc_sdls_ping_h = "200303F2000080d2c70008197f0b003100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b1fed255"; +// char* raw_tc_sdls_ping_b = NULL; +// int raw_tc_sdls_ping_len = 0; +// SaInterface sa_if = get_sa_interface_inmemory(); + +// hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); + +// uint8_t* ptr_enc_frame = NULL; +// uint16_t enc_frame_len = 0; + +// SecurityAssociation_t* test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); +// // Expose the SADB Security Association for test edits. +// sa_if->sa_get_from_spi(1, &test_association); +// test_association->sa_state = SA_NONE; +// sa_if->sa_get_from_spi(11, &test_association); +// test_association->sa_state = SA_OPERATIONAL; +// test_association->ast = 0; +// test_association->arsn_len = 0; +// sa_if->sa_get_from_spi(11, &test_association); +// return_val = +// Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); + +// Crypto_Shutdown(); +// free(raw_tc_sdls_ping_b); +// free(ptr_enc_frame); +// ASSERT_EQ(CRYPTO_LIB_ERR_TC_FRAME_SIZE_EXCEEDS_MANAGED_PARAM_MAX_LIMIT, return_val); +// } + +// /** +// * @brief Unit Test: Nominal Encryption CBC MDB KMC, Null IV +// **/ +// UTEST(TC_APPLY_SECURITY, ENC_CBC_MDB_KMC_NULL_IV) +// { +// // Setup & Initialize CryptoLib +// Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, +// IV_CRYPTO_MODULE, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, +// TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, +// TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); +// Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); +// Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); + +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 4, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// int32_t return_val = Crypto_Init(); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); + +// char* raw_tc_sdls_ping_h = "20031015000080d2c70008197f0b00310000b1fe3128"; +// char* raw_tc_sdls_ping_b = NULL; +// int raw_tc_sdls_ping_len = 0; + +// hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); + +// uint8_t* ptr_enc_frame = NULL; +// uint16_t enc_frame_len = 0; + +// return_val = +// Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); + + +// Crypto_Shutdown(); +// free(raw_tc_sdls_ping_b); +// free(ptr_enc_frame); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); +// } + + +// //******************************************************* Decryption Tests *******************************************************// + +// /** +// * @brief Unit Test: Nominal Decryption CBC KMC +// **/ +// UTEST(TC_PROCESS, HAPPY_PATH_DECRYPT_CBC_KMC) +// { +// Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, +// IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, +// TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, +// TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); +// Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// int32_t status = Crypto_Init(); + +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); + +// TC_t* tc_sdls_processed_frame; +// tc_sdls_processed_frame = malloc(sizeof(uint8_t) * TC_SIZE); +// memset(tc_sdls_processed_frame, 0, (sizeof(uint8_t) * TC_SIZE)); +// char* test_frame_pt_h = "2003002A0000000B00000000000000000000000000000000025364F9BC3344AF359DA06CA886746F59A0AB"; +// //char* test_frame_pt_h = "2003001A0000000B025364F9BC3344AF359DA06CA886746F591C8E"; +// uint8_t *test_frame_pt_b = NULL; +// int test_frame_pt_len = 0; + +// // Expose/setup SAs for testing +// SecurityAssociation_t* test_association = NULL; +// test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); +// sa_if->sa_get_from_spi(11, &test_association); +// test_association->arsn_len = 0; +// test_association->shsnf_len = 0; +// test_association->ast = 0; +// test_association->stmacf_len = 0; +// test_association->sa_state = SA_OPERATIONAL; + +// // Convert input test frame +// hex_conversion(test_frame_pt_h, (char**) &test_frame_pt_b, &test_frame_pt_len); + +// status = Crypto_TC_ProcessSecurity(test_frame_pt_b, &test_frame_pt_len, tc_sdls_processed_frame); + +// char* truth_data_h = "80d2c70008197f0b00310000b1fe"; +// uint8_t* truth_data_b = NULL; +// int truth_data_l = 0; + +// hex_conversion(truth_data_h, (char**) &truth_data_b, &truth_data_l); +// //printf("Decrypted Frame:\n"); +// for(int i = 0; i < tc_sdls_processed_frame->tc_pdu_len; i++) +// { +// //printf("%02x -> %02x ", tc_sdls_processed_frame->tc_pdu[i], truth_data_b[i]); +// ASSERT_EQ(tc_sdls_processed_frame->tc_pdu[i], truth_data_b[i]); +// } +// //printf("\n"); + +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); +// free(test_frame_pt_b); +// Crypto_Shutdown(); +// } + +// /** +// * @brief Unit Test: Decryption CBC KMC with 1 Byte of padding +// **/ +// UTEST(TC_PROCESS, DECRYPT_CBC_KMC_1B) +// { +// Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, +// IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, +// TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, +// TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); +// Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// int32_t status = Crypto_Init(); + +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); + +// TC_t* tc_sdls_processed_frame; +// tc_sdls_processed_frame = malloc(sizeof(uint8_t) * TC_SIZE); +// memset(tc_sdls_processed_frame, 0, (sizeof(uint8_t) * TC_SIZE)); + +// char* test_frame_pt_h = "2003002A0000000B00000000000000000000000000000000011C1741A95DE7EF6FCF2B20B6F09E9FD29988"; +// uint8_t *test_frame_pt_b = NULL; +// int test_frame_pt_len = 0; + +// // Expose/setup SAs for testing +// SecurityAssociation_t* test_association = NULL; +// test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); +// sa_if->sa_get_from_spi(11, &test_association); +// test_association->arsn_len = 0; +// test_association->shsnf_len = 0; +// test_association->ast = 0; +// test_association->stmacf_len = 0; +// test_association->sa_state = SA_OPERATIONAL; + +// // Convert input test frame +// hex_conversion(test_frame_pt_h, (char**) &test_frame_pt_b, &test_frame_pt_len); + +// status = Crypto_TC_ProcessSecurity(test_frame_pt_b, &test_frame_pt_len, tc_sdls_processed_frame); + +// char* truth_data_h = "80d2c70008197f0b0031000000b1fe"; +// uint8_t* truth_data_b = NULL; +// int truth_data_l = 0; + +// hex_conversion(truth_data_h, (char**) &truth_data_b, &truth_data_l); +// //printf("Decrypted Frame:\n"); +// for(int i = 0; i < tc_sdls_processed_frame->tc_pdu_len; i++) +// { +// //printf("%02x -> %02x ", tc_sdls_processed_frame->tc_pdu[i], truth_data_b[i]); +// ASSERT_EQ(tc_sdls_processed_frame->tc_pdu[i], truth_data_b[i]); +// } +// //printf("\n"); + +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); +// free(test_frame_pt_b); +// Crypto_Shutdown(); +// } + +// /** +// * @brief Unit Test: Decryption CBC KMC with 16 Bytes of padding +// **/ +// UTEST(TC_PROCESS, DECRYPT_CBC_KMC_16B) +// { +// Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, +// IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, +// TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, +// TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); +// Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// int32_t status = Crypto_Init(); + +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); + +// TC_t* tc_sdls_processed_frame; +// tc_sdls_processed_frame = malloc(sizeof(uint8_t) * TC_SIZE); +// memset(tc_sdls_processed_frame, 0, (sizeof(uint8_t) * TC_SIZE)); + +// char* test_frame_pt_h = "2003003A0000000B00000000000000000000000000000000103970EAE4C05ACD1B0C348FDA174DF73EF0E2D603996C4B78B992CD60918729D3A47A"; +// uint8_t *test_frame_pt_b = NULL; +// int test_frame_pt_len = 0; + +// // Expose/setup SAs for testing +// SecurityAssociation_t* test_association = NULL; +// test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); +// sa_if->sa_get_from_spi(11, &test_association); +// test_association->arsn_len = 0; +// test_association->shsnf_len = 0; +// test_association->ast = 0; +// test_association->stmacf_len = 0; +// test_association->sa_state = SA_OPERATIONAL; + +// // Convert input test frame +// hex_conversion(test_frame_pt_h, (char**) &test_frame_pt_b, &test_frame_pt_len); + +// status = Crypto_TC_ProcessSecurity(test_frame_pt_b, &test_frame_pt_len, tc_sdls_processed_frame); + +// char* truth_data_h = "80d2c70008197f0b003100000000b1fe"; +// uint8_t* truth_data_b = NULL; +// int truth_data_l = 0; + +// hex_conversion(truth_data_h, (char**) &truth_data_b, &truth_data_l); +// //printf("Decrypted Frame:\n"); +// for(int i = 0; i < tc_sdls_processed_frame->tc_pdu_len; i++) +// { +// //printf("%02x -> %02x ", tc_sdls_processed_frame->tc_pdu[i], truth_data_b[i]); +// ASSERT_EQ(tc_sdls_processed_frame->tc_pdu[i], truth_data_b[i]); +// } +// //printf("\n"); + +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); +// free(test_frame_pt_b); +// Crypto_Shutdown(); +// } + +// /** +// * @brief Unit Test: Nominal Decryption CBC KMC, Null IV +// **/ +// UTEST(TC_PROCESS, DECRYPT_CBC_KMC_NULL_IV) +// { +// Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, +// IV_CRYPTO_MODULE, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, +// TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, +// TC_CHECK_FECF_FALSE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); +// Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// int32_t status = Crypto_Init(); + +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); + +// TC_t* tc_sdls_processed_frame; +// tc_sdls_processed_frame = malloc(sizeof(uint8_t) * TC_SIZE); +// memset(tc_sdls_processed_frame, 0, (sizeof(uint8_t) * TC_SIZE)); + +// char* test_frame_pt_h = "2003002A0000000B22BA7A6B53C17DD9405B599FB04222A7026AC591A28602BF97D3E7D9CE6BC52D4382EB"; +// uint8_t *test_frame_pt_b = NULL; +// int test_frame_pt_len = 0; + +// // Expose/setup SAs for testing +// SecurityAssociation_t* test_association = NULL; +// test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); +// sa_if->sa_get_from_spi(11, &test_association); +// test_association->sa_state = SA_OPERATIONAL; +// test_association->ast = 0; + +// // Convert input test frame +// hex_conversion(test_frame_pt_h, (char**) &test_frame_pt_b, &test_frame_pt_len); +// status = Crypto_TC_ProcessSecurity(test_frame_pt_b, &test_frame_pt_len, tc_sdls_processed_frame); - char* raw_tc_sdls_ping_h = "20030015000080d2c70008197f0b00310000b1fe3128"; - char* raw_tc_sdls_ping_b = NULL; - int raw_tc_sdls_ping_len = 0; - SaInterface sa_if = get_sa_interface_inmemory(); - - hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); - - uint8_t* ptr_enc_frame = NULL; - uint16_t enc_frame_len = 0; - - SecurityAssociation_t* test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); - // Expose the SADB Security Association for test edits. - sa_if->sa_get_from_spi(1, &test_association); - test_association->sa_state = SA_NONE; - sa_if->sa_get_from_spi(11, &test_association); - printf("SPI: %d\n", test_association->spi); - test_association->sa_state = SA_OPERATIONAL; - test_association->ast = 0; - test_association->est = 1; - test_association->stmacf_len = 0; - test_association->ecs = CRYPTO_CIPHER_AES256_CBC; - test_association->acs_len = 1; - test_association->acs = 0; - test_association->arsn_len = 0; - sa_if->sa_get_from_spi(11, &test_association); - return_val = - Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); - - ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); - - Crypto_Shutdown(); - free(raw_tc_sdls_ping_b); - free(ptr_enc_frame); -} - -/** - * @brief Unit Test: Nominal Encryption CBC KMC, with no supplied IV - **/ -UTEST(TC_APPLY_SECURITY, ENC_GCM_KMC_NULL_IV) -{ - // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, - IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, - TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, - TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - int32_t return_val = Crypto_Init(); - ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); - // // 200300230000000B000000000000000000000000852DDEFF8FCD93567F271E192C07F126 - char* raw_tc_sdls_ping_h = "20030015000080d2c70008197f0b00310000b1fe3128"; - char* raw_tc_sdls_ping_b = NULL; - int raw_tc_sdls_ping_len = 0; - SaInterface sa_if = get_sa_interface_inmemory(); - - hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); - - uint8_t* ptr_enc_frame = NULL; - uint16_t enc_frame_len = 0; - - SecurityAssociation_t* test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); - // Expose the SADB Security Association for test edits. - sa_if->sa_get_from_spi(1, &test_association); - test_association->sa_state = SA_NONE; - sa_if->sa_get_from_spi(11, &test_association); - printf("SPI: %d\n", test_association->spi); - test_association->sa_state = SA_OPERATIONAL; - test_association->ast = 1; - test_association->est = 1; - test_association->stmacf_len = 16; - test_association->shplf_len = 0; - test_association->ecs = CRYPTO_CIPHER_AES256_GCM; - test_association->acs_len = 1; - test_association->acs = 0; - test_association->arsn_len = 0; - test_association->iv_len = 12; - test_association->shivf_len = 12; - test_association->ecs = 0x01; - return_val = - Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); - - ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); - - Crypto_Shutdown(); - free(raw_tc_sdls_ping_b); - free(ptr_enc_frame); -} - -//********************************* Encryption Tests MDB + KMC *******************************************************************// -/** - * @brief Unit Test: Nominal Encryption CBC MDB KMC - **/ -UTEST(TC_APPLY_SECURITY, HAPPY_PATH_ENC_CBC_MDB_KMC) -{ - // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, - IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, - TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, - TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); - Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 6, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - int32_t return_val = Crypto_Init(); - ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); - char* raw_tc_sdls_ping_h = "20031815000080d2c70008197f0b00310000b1fe3128"; - char* raw_tc_sdls_ping_b = NULL; - int raw_tc_sdls_ping_len = 0; - //SaInterface sa_if = get_sa_interface_inmemory(); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); +// free(test_frame_pt_b); +// Crypto_Shutdown(); +// } + +// /** +// * @brief Unit Test: Nominal Encryption CBC KMC, with no supplied IV +// **/ +// UTEST(TC_PROCESS, DECRYPT_GCM_KMC_NULL_IV) +// { +// // Setup & Initialize CryptoLib +// Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, +// IV_CRYPTO_MODULE, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, +// TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, +// TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); +// Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// int32_t return_val = Crypto_Init(); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); + +// TC_t* tc_sdls_processed_frame; +// tc_sdls_processed_frame = malloc(sizeof(uint8_t) * TC_SIZE); +// memset(tc_sdls_processed_frame, 0, (sizeof(uint8_t) * TC_SIZE)); + +// char* raw_tc_sdls_ping_h = "200300330000000B5C7D0E687B4ACC8978CEB8F9F1713AC7E65FAA6845BF9607A6D2B89B7AF55C4463B9068F344242AAFAEBE298"; +// uint8_t* raw_tc_sdls_ping_b = NULL; +// int raw_tc_sdls_ping_len = 0; +// SaInterface sa_if = get_sa_interface_inmemory(); + +// hex_conversion(raw_tc_sdls_ping_h, (char **) &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); + +// SecurityAssociation_t* test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); +// // Expose the SADB Security Association for test edits. +// sa_if->sa_get_from_spi(1, &test_association); +// test_association->sa_state = SA_NONE; +// sa_if->sa_get_from_spi(11, &test_association); +// printf("SPI: %d\n", test_association->spi); +// test_association->sa_state = SA_OPERATIONAL; +// test_association->ast = 1; +// test_association->est = 1; +// test_association->stmacf_len = 16; +// test_association->shplf_len = 0; +// test_association->ecs = CRYPTO_CIPHER_AES256_GCM; +// test_association->acs_len = 1; +// test_association->acs = 0; +// test_association->arsn_len = 0; +// test_association->iv_len = 12; +// test_association->shivf_len = 12; +// return_val = Crypto_TC_ProcessSecurity(raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len, tc_sdls_processed_frame); + +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); + +// Crypto_Shutdown(); +// free(raw_tc_sdls_ping_b); +// } + +// // *************************************** Decryption + MDB ***********************************************// +// /** +// * @brief Unit Test: Nominal Decryption CBC MDB KMC +// **/ +// UTEST(TC_PROCESS, HAPPY_PATH_DECRYPT_CBC_MDB_KMC) +// { +// Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, +// IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, +// TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, +// TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); +// Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); +// Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 6, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + +// int32_t status = Crypto_Init(); - hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - uint8_t* ptr_enc_frame = NULL; - uint16_t enc_frame_len = 0; +// TC_t* tc_sdls_processed_frame; +// tc_sdls_processed_frame = malloc(sizeof(uint8_t) * TC_SIZE); +// memset(tc_sdls_processed_frame, 0, (sizeof(uint8_t) * TC_SIZE)); - return_val = - Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); +// char* test_frame_pt_h = "2003182A000000120000000000000000000000000000000102FCFCF53E77DDCFD92993273B6C449B76CA1E"; +// uint8_t *test_frame_pt_b = NULL; +// int test_frame_pt_len = 0; - ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); +// // Convert input test frame +// hex_conversion(test_frame_pt_h, (char**) &test_frame_pt_b, &test_frame_pt_len); - Crypto_Shutdown(); - free(raw_tc_sdls_ping_b); - free(ptr_enc_frame); -} - -/** - * @brief Unit Test: Encryption CBC MDB KMC 1 Byte of padding - **/ -UTEST(TC_APPLY_SECURITY, ENC_CBC_MDB_KMC_1BP) -{ - // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, - IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, - TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, - TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); - Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 6, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - int32_t return_val = Crypto_Init(); - ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); - - char* raw_tc_sdls_ping_h = "20031816000080d2c70008197f0b0031000000b1fe3128"; - char* raw_tc_sdls_ping_b = NULL; - int raw_tc_sdls_ping_len = 0; - - hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); +// status = Crypto_TC_ProcessSecurity(test_frame_pt_b, &test_frame_pt_len, tc_sdls_processed_frame); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); + +// char* truth_data_h = "80d2c70008197f0b00310000b1fe"; +// uint8_t* truth_data_b = NULL; +// int truth_data_l = 0; + +// hex_conversion(truth_data_h, (char**) &truth_data_b, &truth_data_l); +// //printf("Decrypted Frame:\n"); +// for(int i = 0; i < tc_sdls_processed_frame->tc_pdu_len; i++) +// { +// //printf("%02x -> %02x ", tc_sdls_processed_frame->tc_pdu[i], truth_data_b[i]); +// ASSERT_EQ(tc_sdls_processed_frame->tc_pdu[i], truth_data_b[i]); +// } +// //printf("\n"); - uint8_t* ptr_enc_frame = NULL; - uint16_t enc_frame_len = 0; + +// free(test_frame_pt_b); +// Crypto_Shutdown(); +// } + +// /** +// * @brief Unit Test: Decryption CBC MDB KMC with 1 Byte of padding +// **/ +// UTEST(TC_PROCESS, DECRYPT_CBC_MDB_KMC_1B) +// { +// Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, +// IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, +// TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, +// TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); +// Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); +// Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 6, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// int32_t status = Crypto_Init(); + +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); + +// TC_t* tc_sdls_processed_frame; +// tc_sdls_processed_frame = malloc(sizeof(uint8_t) * TC_SIZE); +// memset(tc_sdls_processed_frame, 0, (sizeof(uint8_t) * TC_SIZE)); + +// char* test_frame_pt_h = "2003182A0000001200000000000000000000000000000002011D90CE80C259660B229B6C1783C80E898D52"; +// uint8_t *test_frame_pt_b = NULL; +// int test_frame_pt_len = 0; + +// // Convert input test frame +// hex_conversion(test_frame_pt_h, (char**) &test_frame_pt_b, &test_frame_pt_len); + +// status = Crypto_TC_ProcessSecurity(test_frame_pt_b, &test_frame_pt_len, tc_sdls_processed_frame); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); +// char* truth_data_h = "80d2c70008197f0b0031000000b1fe"; +// uint8_t* truth_data_b = NULL; +// int truth_data_l = 0; + +// hex_conversion(truth_data_h, (char**) &truth_data_b, &truth_data_l); +// //printf("Decrypted Frame:\n"); +// for(int i = 0; i < tc_sdls_processed_frame->tc_pdu_len; i++) +// { +// printf("%02x -> %02x ", tc_sdls_processed_frame->tc_pdu[i], truth_data_b[i]); +// ASSERT_EQ(tc_sdls_processed_frame->tc_pdu[i], truth_data_b[i]); +// } +// //printf("\n"); - return_val = - Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); + +// free(test_frame_pt_b); +// Crypto_Shutdown(); +// } + +// /** +// * @brief Unit Test: Decryption CBC MDB KMC with 16 Bytes of padding +// **/ +// UTEST(TC_PROCESS, DECRYPT_CBC_MDB_KMC_16B) +// { +// Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, +// IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, +// TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, +// TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); +// Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); +// Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 6, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// int32_t status = Crypto_Init(); + +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); + +// TC_t* tc_sdls_processed_frame; +// tc_sdls_processed_frame = malloc(sizeof(uint8_t) * TC_SIZE); +// memset(tc_sdls_processed_frame, 0, (sizeof(uint8_t) * TC_SIZE)); + +// char* test_frame_pt_h = "2003183A000000120000000000000000000000000000000310CA8B21BCB5AFB1A306CDC96C80C9208D00EB961E3F61D355E30F01CFDCCC7D026D56"; +// uint8_t *test_frame_pt_b = NULL; +// int test_frame_pt_len = 0; + +// // Convert input test frame +// hex_conversion(test_frame_pt_h, (char**) &test_frame_pt_b, &test_frame_pt_len); + +// status = Crypto_TC_ProcessSecurity(test_frame_pt_b, &test_frame_pt_len, tc_sdls_processed_frame); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); + +// char* truth_data_h = "80d2c70008197f0b003100000000b1fe"; +// uint8_t* truth_data_b = NULL; +// int truth_data_l = 0; + +// hex_conversion(truth_data_h, (char**) &truth_data_b, &truth_data_l); +// //printf("Decrypted Frame:\n"); +// for(int i = 0; i < tc_sdls_processed_frame->tc_pdu_len; i++) +// { +// printf("%02x -> %02x ", tc_sdls_processed_frame->tc_pdu[i], truth_data_b[i]); +// //ASSERT_EQ(tc_sdls_processed_frame->tc_pdu[i], truth_data_b[i]); +// } +// printf("\n"); - ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); - - char* truth_data_h = "2003182A0000001200000000000000000000000000000002011D90CE80C259660B229B6C1783C80E898D52"; - uint8_t* truth_data_b = NULL; - int truth_data_l = 0; - - hex_conversion(truth_data_h, (char **)&truth_data_b, &truth_data_l); - printf("Encrypted Frame:\n"); - for(int i = 0; i < enc_frame_len; i++) - { - printf("%02x -> %02x ", ptr_enc_frame[i], truth_data_b[i]); - ASSERT_EQ(ptr_enc_frame[i], truth_data_b[i]); - } - printf("\n"); - - Crypto_Shutdown(); - //free(raw_tc_sdls_ping_b); - //free(ptr_enc_frame); -} - -/** - * @brief Unit Test: Encryption CBC MDB KMC 16 Bytes of padding - **/ -UTEST(TC_APPLY_SECURITY, ENC_CBC_MDB_KMC_16BP) -{ - // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, - IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, - TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, - TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); - Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 6, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - int32_t return_val = Crypto_Init(); - ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); - - char* raw_tc_sdls_ping_h = "20031817000080d2c70008197f0b003100000000b1fe3128"; - char* raw_tc_sdls_ping_b = NULL; - int raw_tc_sdls_ping_len = 0; - - hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); - - uint8_t* ptr_enc_frame = NULL; - uint16_t enc_frame_len = 0; - - return_val = - Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); - - char* truth_data_h = "2003183A000000120000000000000000000000000000000310CA8B21BCB5AFB1A306CDC96C80C9208D00EB961E3F61D355E30F01CFDCCC7D026D56"; - uint8_t* truth_data_b = NULL; - int truth_data_l = 0; - - hex_conversion(truth_data_h, (char **)&truth_data_b, &truth_data_l); - //printf("Encrypted Frame:\n"); - for(int i = 0; i < enc_frame_len; i++) - { - //printf("%02x -> %02x ", ptr_enc_frame[i], truth_data_b[i]); - ASSERT_EQ(ptr_enc_frame[i], truth_data_b[i]); - } - printf("\n"); - - Crypto_Shutdown(); - free(raw_tc_sdls_ping_b); - free(ptr_enc_frame); - ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); -} - -/** - * @brief Unit Test: Nominal Encryption CBC MDB KMC - * Frame is max size for this test. Any encrypted data of length greater than 1007 bytes, - * will cause frame length exception. - **/ -UTEST(TC_APPLY_SECURITY, ENC_CBC_MDB_KMC_FRAME_MAX) -{ - // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, - IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, - TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, - TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); - Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 6, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - int32_t return_val = Crypto_Init(); - ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); - - char* raw_tc_sdls_ping_h = "20031BE0000080d2c70008197f0b003100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b1fed255"; - char* raw_tc_sdls_ping_b = NULL; - int raw_tc_sdls_ping_len = 0; - SaInterface sa_if = get_sa_interface_inmemory(); - - hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); - - uint8_t* ptr_enc_frame = NULL; - uint16_t enc_frame_len = 0; - - SecurityAssociation_t* test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); - // Expose the SADB Security Association for test edits. - sa_if->sa_get_from_spi(1, &test_association); - test_association->sa_state = SA_NONE; - sa_if->sa_get_from_spi(11, &test_association); - test_association->sa_state = SA_OPERATIONAL; - test_association->ast = 0; - test_association->arsn_len = 0; - sa_if->sa_get_from_spi(11, &test_association); - return_val = - Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); - - Crypto_Shutdown(); - free(raw_tc_sdls_ping_b); - free(ptr_enc_frame); - ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); -} - -/** - * @brief Unit Test: Encryption CBC MDB KMC - * Frame is 1 byte too large for this test. Any encrypted data of length greater than 1007 bytes, - * will cause frame length exception. - **/ -UTEST(TC_APPLY_SECURITY, ENC_CBC_MDB_KMC_FRAME_TOO_BIG) -{ - // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, - IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, - TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, - TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); - Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - int32_t return_val = Crypto_Init(); - ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); - - char* raw_tc_sdls_ping_h = "200303F2000080d2c70008197f0b003100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b1fed255"; - char* raw_tc_sdls_ping_b = NULL; - int raw_tc_sdls_ping_len = 0; - SaInterface sa_if = get_sa_interface_inmemory(); - - hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); - - uint8_t* ptr_enc_frame = NULL; - uint16_t enc_frame_len = 0; - - SecurityAssociation_t* test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); - // Expose the SADB Security Association for test edits. - sa_if->sa_get_from_spi(1, &test_association); - test_association->sa_state = SA_NONE; - sa_if->sa_get_from_spi(11, &test_association); - test_association->sa_state = SA_OPERATIONAL; - test_association->ast = 0; - test_association->arsn_len = 0; - sa_if->sa_get_from_spi(11, &test_association); - return_val = - Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); - - Crypto_Shutdown(); - free(raw_tc_sdls_ping_b); - free(ptr_enc_frame); - ASSERT_EQ(CRYPTO_LIB_ERR_TC_FRAME_SIZE_EXCEEDS_MANAGED_PARAM_MAX_LIMIT, return_val); -} - -/** - * @brief Unit Test: Nominal Encryption CBC MDB KMC, Null IV - **/ -UTEST(TC_APPLY_SECURITY, ENC_CBC_MDB_KMC_NULL_IV) -{ - // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, - IV_CRYPTO_MODULE, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, - TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, - TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); - Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 4, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - int32_t return_val = Crypto_Init(); - ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); - - char* raw_tc_sdls_ping_h = "20031015000080d2c70008197f0b00310000b1fe3128"; - char* raw_tc_sdls_ping_b = NULL; - int raw_tc_sdls_ping_len = 0; - - hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); - - uint8_t* ptr_enc_frame = NULL; - uint16_t enc_frame_len = 0; - - return_val = - Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); - - - Crypto_Shutdown(); - free(raw_tc_sdls_ping_b); - free(ptr_enc_frame); - ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); -} - - -//******************************************************* Decryption Tests *******************************************************// - -/** - * @brief Unit Test: Nominal Decryption CBC KMC - **/ -UTEST(TC_PROCESS, HAPPY_PATH_DECRYPT_CBC_KMC) -{ - Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, - IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, - TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, - TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - int32_t status = Crypto_Init(); - - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - - TC_t* tc_sdls_processed_frame; - tc_sdls_processed_frame = malloc(sizeof(uint8_t) * TC_SIZE); - memset(tc_sdls_processed_frame, 0, (sizeof(uint8_t) * TC_SIZE)); - char* test_frame_pt_h = "2003002A0000000B00000000000000000000000000000000025364F9BC3344AF359DA06CA886746F59A0AB"; - //char* test_frame_pt_h = "2003001A0000000B025364F9BC3344AF359DA06CA886746F591C8E"; - uint8_t *test_frame_pt_b = NULL; - int test_frame_pt_len = 0; - - // Expose/setup SAs for testing - SecurityAssociation_t* test_association = NULL; - test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); - sa_if->sa_get_from_spi(11, &test_association); - test_association->arsn_len = 0; - test_association->shsnf_len = 0; - test_association->ast = 0; - test_association->stmacf_len = 0; - test_association->sa_state = SA_OPERATIONAL; - - // Convert input test frame - hex_conversion(test_frame_pt_h, (char**) &test_frame_pt_b, &test_frame_pt_len); - - status = Crypto_TC_ProcessSecurity(test_frame_pt_b, &test_frame_pt_len, tc_sdls_processed_frame); - - char* truth_data_h = "80d2c70008197f0b00310000b1fe"; - uint8_t* truth_data_b = NULL; - int truth_data_l = 0; - - hex_conversion(truth_data_h, (char**) &truth_data_b, &truth_data_l); - //printf("Decrypted Frame:\n"); - for(int i = 0; i < tc_sdls_processed_frame->tc_pdu_len; i++) - { - //printf("%02x -> %02x ", tc_sdls_processed_frame->tc_pdu[i], truth_data_b[i]); - ASSERT_EQ(tc_sdls_processed_frame->tc_pdu[i], truth_data_b[i]); - } - //printf("\n"); - - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - free(test_frame_pt_b); - Crypto_Shutdown(); -} - -/** - * @brief Unit Test: Decryption CBC KMC with 1 Byte of padding - **/ -UTEST(TC_PROCESS, DECRYPT_CBC_KMC_1B) -{ - Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, - IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, - TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, - TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - int32_t status = Crypto_Init(); - - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - - TC_t* tc_sdls_processed_frame; - tc_sdls_processed_frame = malloc(sizeof(uint8_t) * TC_SIZE); - memset(tc_sdls_processed_frame, 0, (sizeof(uint8_t) * TC_SIZE)); - - char* test_frame_pt_h = "2003002A0000000B00000000000000000000000000000000011C1741A95DE7EF6FCF2B20B6F09E9FD29988"; - uint8_t *test_frame_pt_b = NULL; - int test_frame_pt_len = 0; - - // Expose/setup SAs for testing - SecurityAssociation_t* test_association = NULL; - test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); - sa_if->sa_get_from_spi(11, &test_association); - test_association->arsn_len = 0; - test_association->shsnf_len = 0; - test_association->ast = 0; - test_association->stmacf_len = 0; - test_association->sa_state = SA_OPERATIONAL; - - // Convert input test frame - hex_conversion(test_frame_pt_h, (char**) &test_frame_pt_b, &test_frame_pt_len); - - status = Crypto_TC_ProcessSecurity(test_frame_pt_b, &test_frame_pt_len, tc_sdls_processed_frame); - - char* truth_data_h = "80d2c70008197f0b0031000000b1fe"; - uint8_t* truth_data_b = NULL; - int truth_data_l = 0; - - hex_conversion(truth_data_h, (char**) &truth_data_b, &truth_data_l); - //printf("Decrypted Frame:\n"); - for(int i = 0; i < tc_sdls_processed_frame->tc_pdu_len; i++) - { - //printf("%02x -> %02x ", tc_sdls_processed_frame->tc_pdu[i], truth_data_b[i]); - ASSERT_EQ(tc_sdls_processed_frame->tc_pdu[i], truth_data_b[i]); - } - //printf("\n"); - - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - free(test_frame_pt_b); - Crypto_Shutdown(); -} - -/** - * @brief Unit Test: Decryption CBC KMC with 16 Bytes of padding - **/ -UTEST(TC_PROCESS, DECRYPT_CBC_KMC_16B) -{ - Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, - IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, - TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, - TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - int32_t status = Crypto_Init(); - - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - - TC_t* tc_sdls_processed_frame; - tc_sdls_processed_frame = malloc(sizeof(uint8_t) * TC_SIZE); - memset(tc_sdls_processed_frame, 0, (sizeof(uint8_t) * TC_SIZE)); - - char* test_frame_pt_h = "2003003A0000000B00000000000000000000000000000000103970EAE4C05ACD1B0C348FDA174DF73EF0E2D603996C4B78B992CD60918729D3A47A"; - uint8_t *test_frame_pt_b = NULL; - int test_frame_pt_len = 0; - - // Expose/setup SAs for testing - SecurityAssociation_t* test_association = NULL; - test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); - sa_if->sa_get_from_spi(11, &test_association); - test_association->arsn_len = 0; - test_association->shsnf_len = 0; - test_association->ast = 0; - test_association->stmacf_len = 0; - test_association->sa_state = SA_OPERATIONAL; - - // Convert input test frame - hex_conversion(test_frame_pt_h, (char**) &test_frame_pt_b, &test_frame_pt_len); - - status = Crypto_TC_ProcessSecurity(test_frame_pt_b, &test_frame_pt_len, tc_sdls_processed_frame); - - char* truth_data_h = "80d2c70008197f0b003100000000b1fe"; - uint8_t* truth_data_b = NULL; - int truth_data_l = 0; - - hex_conversion(truth_data_h, (char**) &truth_data_b, &truth_data_l); - //printf("Decrypted Frame:\n"); - for(int i = 0; i < tc_sdls_processed_frame->tc_pdu_len; i++) - { - //printf("%02x -> %02x ", tc_sdls_processed_frame->tc_pdu[i], truth_data_b[i]); - ASSERT_EQ(tc_sdls_processed_frame->tc_pdu[i], truth_data_b[i]); - } - //printf("\n"); - - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - free(test_frame_pt_b); - Crypto_Shutdown(); -} - -/** - * @brief Unit Test: Nominal Decryption CBC KMC, Null IV - **/ -UTEST(TC_PROCESS, DECRYPT_CBC_KMC_NULL_IV) -{ - Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, - IV_CRYPTO_MODULE, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, - TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, - TC_CHECK_FECF_FALSE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - int32_t status = Crypto_Init(); - - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - - TC_t* tc_sdls_processed_frame; - tc_sdls_processed_frame = malloc(sizeof(uint8_t) * TC_SIZE); - memset(tc_sdls_processed_frame, 0, (sizeof(uint8_t) * TC_SIZE)); - - char* test_frame_pt_h = "2003002A0000000B22BA7A6B53C17DD9405B599FB04222A7026AC591A28602BF97D3E7D9CE6BC52D4382EB"; - uint8_t *test_frame_pt_b = NULL; - int test_frame_pt_len = 0; - - // Expose/setup SAs for testing - SecurityAssociation_t* test_association = NULL; - test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); - sa_if->sa_get_from_spi(11, &test_association); - test_association->sa_state = SA_OPERATIONAL; - test_association->ast = 0; - - // Convert input test frame - hex_conversion(test_frame_pt_h, (char**) &test_frame_pt_b, &test_frame_pt_len); - status = Crypto_TC_ProcessSecurity(test_frame_pt_b, &test_frame_pt_len, tc_sdls_processed_frame); - - - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - free(test_frame_pt_b); - Crypto_Shutdown(); -} - -/** - * @brief Unit Test: Nominal Encryption CBC KMC, with no supplied IV - **/ -UTEST(TC_PROCESS, DECRYPT_GCM_KMC_NULL_IV) -{ - // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, - IV_CRYPTO_MODULE, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, - TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, - TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - int32_t return_val = Crypto_Init(); - ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); - - TC_t* tc_sdls_processed_frame; - tc_sdls_processed_frame = malloc(sizeof(uint8_t) * TC_SIZE); - memset(tc_sdls_processed_frame, 0, (sizeof(uint8_t) * TC_SIZE)); - - char* raw_tc_sdls_ping_h = "200300330000000B5C7D0E687B4ACC8978CEB8F9F1713AC7E65FAA6845BF9607A6D2B89B7AF55C4463B9068F344242AAFAEBE298"; - uint8_t* raw_tc_sdls_ping_b = NULL; - int raw_tc_sdls_ping_len = 0; - SaInterface sa_if = get_sa_interface_inmemory(); - - hex_conversion(raw_tc_sdls_ping_h, (char **) &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); - - SecurityAssociation_t* test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); - // Expose the SADB Security Association for test edits. - sa_if->sa_get_from_spi(1, &test_association); - test_association->sa_state = SA_NONE; - sa_if->sa_get_from_spi(11, &test_association); - printf("SPI: %d\n", test_association->spi); - test_association->sa_state = SA_OPERATIONAL; - test_association->ast = 1; - test_association->est = 1; - test_association->stmacf_len = 16; - test_association->shplf_len = 0; - test_association->ecs = CRYPTO_CIPHER_AES256_GCM; - test_association->acs_len = 1; - test_association->acs = 0; - test_association->arsn_len = 0; - test_association->iv_len = 12; - test_association->shivf_len = 12; - return_val = Crypto_TC_ProcessSecurity(raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len, tc_sdls_processed_frame); - - ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); - - Crypto_Shutdown(); - free(raw_tc_sdls_ping_b); -} - -// *************************************** Decryption + MDB ***********************************************// -/** - * @brief Unit Test: Nominal Decryption CBC MDB KMC - **/ -UTEST(TC_PROCESS, HAPPY_PATH_DECRYPT_CBC_MDB_KMC) -{ - Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, - IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, - TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, - TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); - Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 6, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - - int32_t status = Crypto_Init(); - - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - - TC_t* tc_sdls_processed_frame; - tc_sdls_processed_frame = malloc(sizeof(uint8_t) * TC_SIZE); - memset(tc_sdls_processed_frame, 0, (sizeof(uint8_t) * TC_SIZE)); - - char* test_frame_pt_h = "2003182A000000120000000000000000000000000000000102FCFCF53E77DDCFD92993273B6C449B76CA1E"; - uint8_t *test_frame_pt_b = NULL; - int test_frame_pt_len = 0; - - // Convert input test frame - hex_conversion(test_frame_pt_h, (char**) &test_frame_pt_b, &test_frame_pt_len); - - status = Crypto_TC_ProcessSecurity(test_frame_pt_b, &test_frame_pt_len, tc_sdls_processed_frame); - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - - char* truth_data_h = "80d2c70008197f0b00310000b1fe"; - uint8_t* truth_data_b = NULL; - int truth_data_l = 0; - - hex_conversion(truth_data_h, (char**) &truth_data_b, &truth_data_l); - //printf("Decrypted Frame:\n"); - for(int i = 0; i < tc_sdls_processed_frame->tc_pdu_len; i++) - { - //printf("%02x -> %02x ", tc_sdls_processed_frame->tc_pdu[i], truth_data_b[i]); - ASSERT_EQ(tc_sdls_processed_frame->tc_pdu[i], truth_data_b[i]); - } - //printf("\n"); - - - free(test_frame_pt_b); - Crypto_Shutdown(); -} - -/** - * @brief Unit Test: Decryption CBC MDB KMC with 1 Byte of padding - **/ -UTEST(TC_PROCESS, DECRYPT_CBC_MDB_KMC_1B) -{ - Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, - IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, - TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, - TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); - Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 6, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - int32_t status = Crypto_Init(); - - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - - TC_t* tc_sdls_processed_frame; - tc_sdls_processed_frame = malloc(sizeof(uint8_t) * TC_SIZE); - memset(tc_sdls_processed_frame, 0, (sizeof(uint8_t) * TC_SIZE)); - - char* test_frame_pt_h = "2003182A0000001200000000000000000000000000000002011D90CE80C259660B229B6C1783C80E898D52"; - uint8_t *test_frame_pt_b = NULL; - int test_frame_pt_len = 0; - - // Convert input test frame - hex_conversion(test_frame_pt_h, (char**) &test_frame_pt_b, &test_frame_pt_len); - - status = Crypto_TC_ProcessSecurity(test_frame_pt_b, &test_frame_pt_len, tc_sdls_processed_frame); - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - char* truth_data_h = "80d2c70008197f0b0031000000b1fe"; - uint8_t* truth_data_b = NULL; - int truth_data_l = 0; - - hex_conversion(truth_data_h, (char**) &truth_data_b, &truth_data_l); - //printf("Decrypted Frame:\n"); - for(int i = 0; i < tc_sdls_processed_frame->tc_pdu_len; i++) - { - printf("%02x -> %02x ", tc_sdls_processed_frame->tc_pdu[i], truth_data_b[i]); - ASSERT_EQ(tc_sdls_processed_frame->tc_pdu[i], truth_data_b[i]); - } - //printf("\n"); - - - free(test_frame_pt_b); - Crypto_Shutdown(); -} - -/** - * @brief Unit Test: Decryption CBC MDB KMC with 16 Bytes of padding - **/ -UTEST(TC_PROCESS, DECRYPT_CBC_MDB_KMC_16B) -{ - Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, - IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, - TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, - TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); - Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 6, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - int32_t status = Crypto_Init(); - - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - - TC_t* tc_sdls_processed_frame; - tc_sdls_processed_frame = malloc(sizeof(uint8_t) * TC_SIZE); - memset(tc_sdls_processed_frame, 0, (sizeof(uint8_t) * TC_SIZE)); - - char* test_frame_pt_h = "2003183A000000120000000000000000000000000000000310CA8B21BCB5AFB1A306CDC96C80C9208D00EB961E3F61D355E30F01CFDCCC7D026D56"; - uint8_t *test_frame_pt_b = NULL; - int test_frame_pt_len = 0; - - // Convert input test frame - hex_conversion(test_frame_pt_h, (char**) &test_frame_pt_b, &test_frame_pt_len); - status = Crypto_TC_ProcessSecurity(test_frame_pt_b, &test_frame_pt_len, tc_sdls_processed_frame); - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - - char* truth_data_h = "80d2c70008197f0b003100000000b1fe"; - uint8_t* truth_data_b = NULL; - int truth_data_l = 0; - - hex_conversion(truth_data_h, (char**) &truth_data_b, &truth_data_l); - //printf("Decrypted Frame:\n"); - for(int i = 0; i < tc_sdls_processed_frame->tc_pdu_len; i++) - { - printf("%02x -> %02x ", tc_sdls_processed_frame->tc_pdu[i], truth_data_b[i]); - //ASSERT_EQ(tc_sdls_processed_frame->tc_pdu[i], truth_data_b[i]); - } - printf("\n"); - +// free(test_frame_pt_b); +// Crypto_Shutdown(); +// } + +// /** +// * @brief Unit Test: Nominal Decryption CBC MDB KMC, NULL IV +// **/ +// UTEST(TC_PROCESS, DECRYPT_CBC_MDB_KMC_NULL_IV) +// { +// Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, +// IV_CRYPTO_MODULE, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, +// TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, +// TC_CHECK_FECF_FALSE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); +// Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); +// Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 4, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// int32_t status = Crypto_Init(); + +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); + +// TC_t* tc_sdls_processed_frame; +// tc_sdls_processed_frame = malloc(sizeof(uint8_t) * TC_SIZE); +// memset(tc_sdls_processed_frame, 0, (sizeof(uint8_t) * TC_SIZE)); +// //2003102E00000006DDB12ADB9F880659AD5703EF6D45BD4A0001EF2BD095982BC3AC58B8AB92484662E000000026F3 +// char* test_frame_pt_h = "2003102C00000006703809AED191A8041A6DCEB4C030894400120218AB4508A560430D644DE39E35011E454755"; +// uint8_t *test_frame_pt_b = NULL; +// int test_frame_pt_len = 0; + +// // Expose/setup SAs for testing +// SecurityAssociation_t* test_association = NULL; +// test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); +// sa_if->sa_get_from_spi(1, &test_association); +// test_association->arsn_len = 0; +// test_association->shsnf_len = 0; + +// // Convert input test frame +// hex_conversion(test_frame_pt_h, (char**) &test_frame_pt_b, &test_frame_pt_len); - free(test_frame_pt_b); - Crypto_Shutdown(); -} - -/** - * @brief Unit Test: Nominal Decryption CBC MDB KMC, NULL IV - **/ -UTEST(TC_PROCESS, DECRYPT_CBC_MDB_KMC_NULL_IV) -{ - Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, - IV_CRYPTO_MODULE, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, - TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, - TC_CHECK_FECF_FALSE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); - Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 4, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); - int32_t status = Crypto_Init(); - - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - - TC_t* tc_sdls_processed_frame; - tc_sdls_processed_frame = malloc(sizeof(uint8_t) * TC_SIZE); - memset(tc_sdls_processed_frame, 0, (sizeof(uint8_t) * TC_SIZE)); - //2003102E00000006DDB12ADB9F880659AD5703EF6D45BD4A0001EF2BD095982BC3AC58B8AB92484662E000000026F3 - char* test_frame_pt_h = "2003102C00000006703809AED191A8041A6DCEB4C030894400120218AB4508A560430D644DE39E35011E454755"; - uint8_t *test_frame_pt_b = NULL; - int test_frame_pt_len = 0; - - // Expose/setup SAs for testing - SecurityAssociation_t* test_association = NULL; - test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); - sa_if->sa_get_from_spi(1, &test_association); - test_association->arsn_len = 0; - test_association->shsnf_len = 0; - - // Convert input test frame - hex_conversion(test_frame_pt_h, (char**) &test_frame_pt_b, &test_frame_pt_len); +// status = Crypto_TC_ProcessSecurity(test_frame_pt_b, &test_frame_pt_len, tc_sdls_processed_frame); - status = Crypto_TC_ProcessSecurity(test_frame_pt_b, &test_frame_pt_len, tc_sdls_processed_frame); - - // char* truth_data_h = "80d2c70008197f0b00310000b1fe"; - // uint8_t* truth_data_b = NULL; - // int truth_data_l = 0; - - // hex_conversion(truth_data_h, (char**) &truth_data_b, &truth_data_l); - // //printf("Decrypted Frame:\n"); - // for(int i = 0; i < tc_sdls_processed_frame->tc_pdu_len; i++) - // { - // //printf("%02x -> %02x ", tc_sdls_processed_frame->tc_pdu[i], truth_data_b[i]); - // ASSERT_EQ(tc_sdls_processed_frame->tc_pdu[i], truth_data_b[i]); - // } - // //printf("\n"); - - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - free(test_frame_pt_b); - Crypto_Shutdown(); -} +// // char* truth_data_h = "80d2c70008197f0b00310000b1fe"; +// // uint8_t* truth_data_b = NULL; +// // int truth_data_l = 0; + +// // hex_conversion(truth_data_h, (char**) &truth_data_b, &truth_data_l); +// // //printf("Decrypted Frame:\n"); +// // for(int i = 0; i < tc_sdls_processed_frame->tc_pdu_len; i++) +// // { +// // //printf("%02x -> %02x ", tc_sdls_processed_frame->tc_pdu[i], truth_data_b[i]); +// // ASSERT_EQ(tc_sdls_processed_frame->tc_pdu[i], truth_data_b[i]); +// // } +// // //printf("\n"); + +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); +// free(test_frame_pt_b); +// Crypto_Shutdown(); +// } UTEST_MAIN(); \ No newline at end of file diff --git a/test/unit/ut_aos_apply.c b/test/unit/ut_aos_apply.c index 0e6dcd18..68e89c08 100644 --- a/test/unit/ut_aos_apply.c +++ b/test/unit/ut_aos_apply.c @@ -302,7 +302,7 @@ UTEST(AOS_APPLY, HAPPY_PATH_CLEAR_FHEC_OID_FECF) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // AOS Tests - GvcidManagedParameters_t AOS_UT_Managed_Parameters = {1, 0x0003, 0, AOS_HAS_FECF, AOS_HAS_FECF, AOS_HAS_IZ, 6, AOS_SEGMENT_HDRS_NA, 1786, AOS_HAS_OCF, 1}; + GvcidManagedParameters_t AOS_UT_Managed_Parameters = {1, 0x0003, 0, AOS_HAS_FECF, AOS_HAS_FHEC, AOS_HAS_IZ, 6, AOS_SEGMENT_HDRS_NA, 1786, AOS_HAS_OCF, 1}; Crypto_Config_Add_Gvcid_Managed_Parameters(AOS_UT_Managed_Parameters); //Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_HAS_OCF, 1786, AOS_HAS_FHEC, AOS_HAS_IZ, 6); status = Crypto_Init(); From 043e2421300f76bf675b7c0e68640b03b03d2242 Mon Sep 17 00:00:00 2001 From: Robert Brown Date: Fri, 2 Aug 2024 15:04:10 -0400 Subject: [PATCH 094/174] [nasa/Cryptolib#256] SA Rework Update - WIP Unit tests (Currently Broken) --- src/sa/internal/sa_interface_inmemory.template.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/sa/internal/sa_interface_inmemory.template.c b/src/sa/internal/sa_interface_inmemory.template.c index e0047d48..1ec1f9cf 100644 --- a/src/sa/internal/sa_interface_inmemory.template.c +++ b/src/sa/internal/sa_interface_inmemory.template.c @@ -471,6 +471,7 @@ void sa_populate(void) // AOS - Authenticated Encryption, AES-CBC-256 (Keyed) // IV = 0...0, IV-Len = 16, MAC-Len = 16, TFVN = 1, VCID = 0, ARSNW = 5 + // EKID = 12 sa[12].spi = 12; sa[12].ekid = 12; sa[12].sa_state = SA_KEYED; From e9541dc928f3e525f514df4ca39cfe5d0c27e9ba Mon Sep 17 00:00:00 2001 From: Donnie-Ice Date: Mon, 5 Aug 2024 14:26:30 +0000 Subject: [PATCH 095/174] [nasa/cryptolib#268] switched source branch to dev --- include/crypto_error.h | 1 + .../internal/sa_interface_inmemory.template.c | 5 +++ test/unit/ut_aos_process.c | 30 ++++++++++++++++ test/unit/ut_tc_process.c | 34 +++++++++++++++++++ test/unit/ut_tm_process.c | 30 ++++++++++++++++ 5 files changed, 100 insertions(+) diff --git a/include/crypto_error.h b/include/crypto_error.h index ff2f3439..3505c95c 100644 --- a/include/crypto_error.h +++ b/include/crypto_error.h @@ -124,6 +124,7 @@ #define CRYPTO_LIB_ERR_FAIL_SA_SAVE (-52) #define CRYPTO_LIB_ERR_FAIL_SA_LOAD (-53) #define CRYPTO_LIB_ERR_KEY_VALIDATION (-54) +#define CRYPTO_LIB_ERR_SPI_INDEX_OOB (-55) extern char *crypto_enum_errlist_core[]; extern char *crypto_enum_errlist_config[]; diff --git a/src/sa/internal/sa_interface_inmemory.template.c b/src/sa/internal/sa_interface_inmemory.template.c index a045c1d1..a537a38f 100644 --- a/src/sa/internal/sa_interface_inmemory.template.c +++ b/src/sa/internal/sa_interface_inmemory.template.c @@ -704,6 +704,11 @@ static int32_t sa_close(void) static int32_t sa_get_from_spi(uint16_t spi, SecurityAssociation_t** security_association) { int32_t status = CRYPTO_LIB_SUCCESS; + // Check if spi index in sa array + if (spi > NUM_SA) + { + return CRYPTO_LIB_ERR_SPI_INDEX_OOB; + } *security_association = &sa[spi]; // if (sa[spi].shivf_len > 0 && crypto_config.cryptography_type != CRYPTOGRAPHY_TYPE_KMCCRYPTO) // { diff --git a/test/unit/ut_aos_process.c b/test/unit/ut_aos_process.c index abc7ae39..11357d4a 100644 --- a/test/unit/ut_aos_process.c +++ b/test/unit/ut_aos_process.c @@ -798,4 +798,34 @@ UTEST(AOS_PROCESS, AEAD_GCM_BITMASK_1) free(ptr_processed_frame); } +UTEST(AOS_PROCESS, AOS_SA_SEGFAULT_TEST) +{ + // Local Variables + int32_t status = CRYPTO_LIB_SUCCESS; + uint8_t* ptr_processed_frame = NULL; + uint16_t processed_aos_len; + + // Configure Parameters + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_AOS_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, + AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + // AOS Tests + Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786, AOS_NO_FHEC, AOS_HAS_IZ, 10); + status = Crypto_Init(); + + // Test frame setup + char* framed_aos_h = "42C00000000000000000000000000000FFFF"; + char* framed_aos_b = NULL; + int framed_aos_len = 0; + hex_conversion(framed_aos_h, &framed_aos_b, &framed_aos_len); + + status = Crypto_AOS_ProcessSecurity((uint8_t* )framed_aos_b, framed_aos_len, &ptr_processed_frame, &processed_aos_len); + ASSERT_EQ(CRYPTO_LIB_ERR_SPI_INDEX_OOB, status); + + Crypto_Shutdown(); + free(framed_aos_b); + free(ptr_processed_frame); +} + UTEST_MAIN(); \ No newline at end of file diff --git a/test/unit/ut_tc_process.c b/test/unit/ut_tc_process.c index 97fcd622..3a71a279 100644 --- a/test/unit/ut_tc_process.c +++ b/test/unit/ut_tc_process.c @@ -939,4 +939,38 @@ UTEST(TC_PROCESS, GCM_IV_AND_ARSN) free(tc_nist_processed_frame); } +UTEST(TC_PROCESS, TC_SA_SEGFAULT_TEST) +{ + // Local Variables + int32_t status = CRYPTO_LIB_SUCCESS; + + // Configure Parameters + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, + TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + // AOS Tests + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + status = Crypto_Init(); + + TC_t* tc_sdls_processed_frame; + tc_sdls_processed_frame = malloc(sizeof(uint8_t) * TC_SIZE); + memset(tc_sdls_processed_frame, 0, (sizeof(uint8_t) * TC_SIZE)); + + // Test frame setup + char* test_frame_pt_h = "2003002A000000FF00000000000000000000000000000000025364F9BC3344AF359DA06CA886748F59A0AB"; + uint8_t *test_frame_pt_b = NULL; + int test_frame_pt_len = 0; + + // Convert input test frame + hex_conversion(test_frame_pt_h, (char**) &test_frame_pt_b, &test_frame_pt_len); + + status = Crypto_TC_ProcessSecurity(test_frame_pt_b, &test_frame_pt_len, tc_sdls_processed_frame); + + ASSERT_EQ(CRYPTO_LIB_ERR_SPI_INDEX_OOB, status); + free(test_frame_pt_b); + free(tc_sdls_processed_frame); + Crypto_Shutdown(); +} + UTEST_MAIN(); diff --git a/test/unit/ut_tm_process.c b/test/unit/ut_tm_process.c index 2b971dc0..a3be06cc 100644 --- a/test/unit/ut_tm_process.c +++ b/test/unit/ut_tm_process.c @@ -1072,4 +1072,34 @@ UTEST(TM_PROCESS_ENC_VAL, AEAD_AES_GCM_BITMASK_1) free(iv_b); } +UTEST(TM_PROCESS, TM_SA_SEGFAULT_TEST) +{ + // Local Variables + int32_t status = CRYPTO_LIB_SUCCESS; + uint8_t* ptr_processed_frame = NULL; + uint16_t processed_tm_len; + + // Configure Parameters + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, + TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + // AOS Tests + Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786, AOS_NO_FHEC, AOS_HAS_IZ, 10); + status = Crypto_Init(); + + // Test frame setup + char* framed_tm_h = "02c000001800FFFF"; + char* framed_tm_b = NULL; + int framed_tm_len = 0; + hex_conversion(framed_tm_h, &framed_tm_b, &framed_tm_len); + + status = Crypto_TM_ProcessSecurity((uint8_t* )framed_tm_b, framed_tm_len, &ptr_processed_frame, &processed_tm_len); + ASSERT_EQ(CRYPTO_LIB_ERR_SPI_INDEX_OOB, status); + + Crypto_Shutdown(); + free(framed_tm_b); + free(ptr_processed_frame); +} + UTEST_MAIN(); \ No newline at end of file From 391e7648d40479dde82b55f347b6b1eef5602e90 Mon Sep 17 00:00:00 2001 From: Donnie-Ice Date: Mon, 5 Aug 2024 14:56:42 +0000 Subject: [PATCH 096/174] [nasa/cryptolib#268] Added another status check after Crypto_TC_Sanity_Validations --- src/core/crypto_tc.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/core/crypto_tc.c b/src/core/crypto_tc.c index 64328258..44184aab 100644 --- a/src/core/crypto_tc.c +++ b/src/core/crypto_tc.c @@ -1762,6 +1762,11 @@ int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t* ingest, int* len_ingest, TC_t* tc #endif status = Crypto_TC_Sanity_Validations(tc_sdls_processed_frame, &sa_ptr); + if (status != CRYPTO_LIB_SUCCESS) + { + mc_if->mc_log(status); + return status; + } // Allocate the necessary byte arrays within the security header + trailer given the SA //tc_sdls_processed_frame->tc_sec_header.iv = calloc(1, sa_ptr->iv_len); From 83e2b453d3422dc49ad0a6ff508f41483fa67eea Mon Sep 17 00:00:00 2001 From: Donnie-Ice Date: Mon, 5 Aug 2024 15:42:17 +0000 Subject: [PATCH 097/174] [nasa/cryptolib#268] Fix one-off index check --- src/sa/internal/sa_interface_inmemory.template.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/sa/internal/sa_interface_inmemory.template.c b/src/sa/internal/sa_interface_inmemory.template.c index a537a38f..0d01a11f 100644 --- a/src/sa/internal/sa_interface_inmemory.template.c +++ b/src/sa/internal/sa_interface_inmemory.template.c @@ -705,7 +705,7 @@ static int32_t sa_get_from_spi(uint16_t spi, SecurityAssociation_t** security_as { int32_t status = CRYPTO_LIB_SUCCESS; // Check if spi index in sa array - if (spi > NUM_SA) + if (spi >= NUM_SA) { return CRYPTO_LIB_ERR_SPI_INDEX_OOB; } From 67d6347a7f6c5eb694001301cc2fbd971e31eed0 Mon Sep 17 00:00:00 2001 From: "Lucas, John P." Date: Wed, 14 Aug 2024 06:58:37 -0400 Subject: [PATCH 098/174] [nasa/cryptolib#262] Created top level helper Makefile; --- Makefile | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 Makefile diff --git a/Makefile b/Makefile new file mode 100644 index 00000000..013a1d27 --- /dev/null +++ b/Makefile @@ -0,0 +1,35 @@ +# +# CryptoLib Makefile +# + +# The "LOCALTGTS" defines the top-level targets that are implemented in this makefile +# Any other target may also be given, in that case it will simply be passed through. +LOCALTGTS := all clean debug internal kmc wolf +OTHERTGTS := $(filter-out $(LOCALTGTS),$(MAKECMDGOALS)) + +# As this makefile does not build any real files, treat everything as a PHONY target +# This ensures that the rule gets executed even if a file by that name does exist +.PHONY: $(LOCALTGTS) $(OTHERTGTS) + +# +# Commands +# +all: + $(MAKE) internal + $(MAKE) kmc + $(MAKE) wolf + +clean: + rm -rf ./build + +debug: + ./support/scripts/docker_debug.sh + +internal: + ./support/scripts/internal_docker_build.sh + +kmc: + ./support/scripts/kmc_docker_build.sh + +wolf: + ./support/scripts/wolf_docker_build.sh From 63a91838d2d38c0b33ff8b80a9a289d207254a13 Mon Sep 17 00:00:00 2001 From: "Lucas, John P." Date: Wed, 14 Aug 2024 07:58:51 -0400 Subject: [PATCH 099/174] [nasa/cryptolib#262] Dockerfile updates to use buildx, pushed specific 20240814 version to hub, and specified it for use; --- support/Dockerfile | 24 +++++++++++++++++------- support/scripts/docker_debug.sh | 2 +- support/scripts/env.sh | 2 ++ support/scripts/internal_docker_build.sh | 4 ++-- support/scripts/kmc_docker_build.sh | 4 ++-- support/scripts/wolf_docker_build.sh | 4 ++-- 6 files changed, 26 insertions(+), 14 deletions(-) diff --git a/support/Dockerfile b/support/Dockerfile index 08b55592..617d54a5 100644 --- a/support/Dockerfile +++ b/support/Dockerfile @@ -1,11 +1,23 @@ # CryptoLib Dockerfile # -# docker build -t ivvitc/cryptolib:latest . -# docker push ivvitc/cryptolib:latest +# Install latest docker from PPA: https://docs.docker.com/engine/install/ubuntu/ +# +# Debugging +# docker build -t ivvitc/cryptolib:dev . +# docker run -it ivvitc/cryptolib:dev /bin/bash # +# Follow multi-arch instructions: https://www.docker.com/blog/multi-arch-images/ +# docker login +# docker buildx create --name clbuilder +# docker buildx use clbuilder +# docker buildx build --platform linux/amd64 -t ivvitc/cryptolib:dev --push . +# +# TODO: +# docker buildx build --platform linux/amd64,linux/arm64 -t ivvitc/cryptolib:dev --push . +# ARG WOLFSSL_VERSION=5.6.0-stable -FROM ubuntu:jammy-20240212 AS CL0 +FROM ubuntu:jammy-20240530 AS cl0 ARG DEBIAN_FRONTEND=noninteractive RUN apt-get update -y \ @@ -15,8 +27,6 @@ RUN apt-get update -y \ ca-certificates \ cmake \ curl \ - g++-multilib \ - gcc-multilib \ gettext \ git \ gdb\ @@ -32,7 +42,7 @@ RUN apt-get update -y \ && rm -rf /var/lib/apt/lists/* \ && pip3 install pycryptodome -FROM CL0 AS CL1 +FROM cl0 AS cl1 ARG GPG_ERROR_VERSION=1.50 ARG GCRYPT_VERSION=1.11.0 RUN curl \ @@ -50,7 +60,7 @@ RUN curl \ && ./configure \ && make install -FROM CL1 AS CL2 +FROM cl1 AS cl2 ARG WOLFSSL_VERSION=5.6.0-stable RUN curl \ -LS https://github.com/wolfSSL/wolfssl/archive/v${WOLFSSL_VERSION}.zip \ diff --git a/support/scripts/docker_debug.sh b/support/scripts/docker_debug.sh index 5cbeb307..a7bf2a7b 100755 --- a/support/scripts/docker_debug.sh +++ b/support/scripts/docker_debug.sh @@ -9,5 +9,5 @@ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) source $SCRIPT_DIR/env.sh echo "Start docker container to debug in..." -$DFLAGS -v $BASE_DIR:$BASE_DIR -w $BASE_DIR ivvitc/cryptolib bash +$DFLAGS -v $BASE_DIR:$BASE_DIR -w $BASE_DIR $DBOX bash echo "" diff --git a/support/scripts/env.sh b/support/scripts/env.sh index 3f157be1..4275d2db 100755 --- a/support/scripts/env.sh +++ b/support/scripts/env.sh @@ -8,3 +8,5 @@ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) export BASE_DIR=$(cd `dirname $SCRIPT_DIR`/.. && pwd) export DFLAGS="docker run --rm -it" + +DBOX="ivvitc/cryptolib:20240814" diff --git a/support/scripts/internal_docker_build.sh b/support/scripts/internal_docker_build.sh index b2ae8ba7..3c86a21d 100755 --- a/support/scripts/internal_docker_build.sh +++ b/support/scripts/internal_docker_build.sh @@ -13,9 +13,9 @@ mkdir $BASE_DIR/build > /dev/null 2>&1 rm -r $BASE_DIR/build/internal/* > /dev/null 2>&1 mkdir $BASE_DIR/build/internal > /dev/null 2>&1 -#$DFLAGS -v $BASE_DIR:$BASE_DIR -w $BASE_DIR/build/internal ivvitc/cryptolib /bin/bash +#$DFLAGS -v $BASE_DIR:$BASE_DIR -w $BASE_DIR/build/internal $DBOX /bin/bash echo "Internal build and test..." -$DFLAGS -v $BASE_DIR:$BASE_DIR -w $BASE_DIR/build/internal ivvitc/cryptolib bash -c \ +$DFLAGS -v $BASE_DIR:$BASE_DIR -w $BASE_DIR/build/internal $DBOX bash -c \ "../../support/scripts/build_support.sh" echo "" diff --git a/support/scripts/kmc_docker_build.sh b/support/scripts/kmc_docker_build.sh index 31718968..e9e9e803 100755 --- a/support/scripts/kmc_docker_build.sh +++ b/support/scripts/kmc_docker_build.sh @@ -13,10 +13,10 @@ mkdir $BASE_DIR/build > /dev/null 2>&1 rm -r $BASE_DIR/build/kmc/* > /dev/null 2>&1 mkdir $BASE_DIR/build/kmc > /dev/null 2>&1 -#$DFLAGS -v $BASE_DIR:$BASE_DIR -w $BASE_DIR/build/kmc ivvitc/cryptolib /bin/bash +#$DFLAGS -v $BASE_DIR:$BASE_DIR -w $BASE_DIR/build/kmc $DBOX /bin/bash echo "KMC build and test..." # Note that the `KMC_MDB_DB` flag is not in use as docker compose will need configured to enable these tests -$DFLAGS -v $BASE_DIR:$BASE_DIR -w $BASE_DIR/build/kmc ivvitc/cryptolib bash -c \ +$DFLAGS -v $BASE_DIR:$BASE_DIR -w $BASE_DIR/build/kmc $DBOX bash -c \ "../../support/scripts/build_kmc.sh" echo "" diff --git a/support/scripts/wolf_docker_build.sh b/support/scripts/wolf_docker_build.sh index 45bc5efb..f8dbfdac 100755 --- a/support/scripts/wolf_docker_build.sh +++ b/support/scripts/wolf_docker_build.sh @@ -13,9 +13,9 @@ mkdir $BASE_DIR/build > /dev/null 2>&1 rm -r $BASE_DIR/build/wolf/* > /dev/null 2>&1 mkdir $BASE_DIR/build/wolf > /dev/null 2>&1 -#$DFLAGS -v $BASE_DIR:$BASE_DIR -w $BASE_DIR/build/wolf ivvitc/cryptolib /bin/bash +#$DFLAGS -v $BASE_DIR:$BASE_DIR -w $BASE_DIR/build/wolf $DBOX /bin/bash echo "Wolf build and test..." -$DFLAGS -v $BASE_DIR:$BASE_DIR -w $BASE_DIR/build/wolf ivvitc/cryptolib bash -c \ +$DFLAGS -v $BASE_DIR:$BASE_DIR -w $BASE_DIR/build/wolf $DBOX bash -c \ "../../support/scripts/build_wolf.sh" echo "" From 55b06ee3d7a442bbae9cd9aa5640d1ebaeff2214 Mon Sep 17 00:00:00 2001 From: "Lucas, John P." Date: Wed, 14 Aug 2024 10:06:18 -0400 Subject: [PATCH 100/174] [nasa/cryptolib#262] Added additional flags to docker run command; --- support/scripts/env.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/support/scripts/env.sh b/support/scripts/env.sh index 4275d2db..b469f37b 100755 --- a/support/scripts/env.sh +++ b/support/scripts/env.sh @@ -7,6 +7,7 @@ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) export BASE_DIR=$(cd `dirname $SCRIPT_DIR`/.. && pwd) -export DFLAGS="docker run --rm -it" + +DFLAGS="docker run --rm -it -v /etc/passwd:/etc/passwd:ro -v /etc/group:/etc/group:ro -u $(id -u $(stat -c '%U' $SCRIPT_DIR/env.sh)):$(getent group $(stat -c '%G' $SCRIPT_DIR/env.sh) | cut -d: -f3)" DBOX="ivvitc/cryptolib:20240814" From b1e3d3015bf5c41eb54d166ccfd884c9e45bb3cd Mon Sep 17 00:00:00 2001 From: Robert Brown Date: Thu, 15 Aug 2024 22:33:44 -0400 Subject: [PATCH 101/174] [nasa/Cryptolib#256] SA reworked, Keys updated, internal tests updated --- .../key_interface_internal.template.c | 105 ++++++++ .../internal/sa_interface_inmemory.template.c | 18 +- test/CMakeLists.txt | 7 +- test/unit/et_dt_validation.c | 246 +++++++++++++++--- test/unit/ut_aos_apply.c | 74 ++++-- test/unit/ut_aos_process.c | 239 +++++++++++++---- test/unit/ut_crypto.c | 8 +- test/unit/ut_sa_save.c | 88 +++---- test/unit/ut_tc_apply.c | 86 ++++-- test/unit/ut_tc_process.c | 31 ++- test/unit/ut_tm_apply.c | 115 ++++---- test/unit/ut_tm_process.c | 51 +++- 12 files changed, 805 insertions(+), 263 deletions(-) diff --git a/src/key/internal/key_interface_internal.template.c b/src/key/internal/key_interface_internal.template.c index 86c7659a..b59335cf 100644 --- a/src/key/internal/key_interface_internal.template.c +++ b/src/key/internal/key_interface_internal.template.c @@ -173,6 +173,111 @@ static int32_t key_init(void) key_ring[2].key_len = 32; key_ring[2].key_state = KEY_ACTIVE; + key_ring[3].value[0] = 0x30; + key_ring[3].value[1] = 0x31; + key_ring[3].value[2] = 0x32; + key_ring[3].value[3] = 0x33; + key_ring[3].value[4] = 0x34; + key_ring[3].value[5] = 0x35; + key_ring[3].value[6] = 0x36; + key_ring[3].value[7] = 0x37; + key_ring[3].value[8] = 0x38; + key_ring[3].value[9] = 0x39; + key_ring[3].value[10] = 0x3A; + key_ring[3].value[11] = 0x3B; + key_ring[3].value[12] = 0x3C; + key_ring[3].value[13] = 0x3D; + key_ring[3].value[14] = 0x3E; + key_ring[3].value[15] = 0x3F; + key_ring[3].value[16] = 0x30; + key_ring[3].value[17] = 0x31; + key_ring[3].value[18] = 0x32; + key_ring[3].value[19] = 0x33; + key_ring[3].value[20] = 0x34; + key_ring[3].value[21] = 0x35; + key_ring[3].value[22] = 0x36; + key_ring[3].value[23] = 0x37; + key_ring[3].value[24] = 0x38; + key_ring[3].value[25] = 0x39; + key_ring[3].value[26] = 0x3A; + key_ring[3].value[27] = 0x3B; + key_ring[3].value[28] = 0x3C; + key_ring[3].value[29] = 0x3D; + key_ring[3].value[30] = 0x3E; + key_ring[3].value[31] = 0x3F; + key_ring[3].key_len = 32; + key_ring[3].key_state = KEY_ACTIVE; + + key_ring[4].value[0] = 0x40; + key_ring[4].value[1] = 0x41; + key_ring[4].value[2] = 0x42; + key_ring[4].value[3] = 0x43; + key_ring[4].value[4] = 0x44; + key_ring[4].value[5] = 0x45; + key_ring[4].value[6] = 0x46; + key_ring[4].value[7] = 0x47; + key_ring[4].value[8] = 0x48; + key_ring[4].value[9] = 0x49; + key_ring[4].value[10] = 0x4A; + key_ring[4].value[11] = 0x4B; + key_ring[4].value[12] = 0x4C; + key_ring[4].value[13] = 0x4D; + key_ring[4].value[14] = 0x4E; + key_ring[4].value[15] = 0x4F; + key_ring[4].value[16] = 0x40; + key_ring[4].value[17] = 0x41; + key_ring[4].value[18] = 0x42; + key_ring[4].value[19] = 0x43; + key_ring[4].value[20] = 0x44; + key_ring[4].value[21] = 0x45; + key_ring[4].value[22] = 0x46; + key_ring[4].value[23] = 0x47; + key_ring[4].value[24] = 0x48; + key_ring[4].value[25] = 0x49; + key_ring[4].value[26] = 0x4A; + key_ring[4].value[27] = 0x4B; + key_ring[4].value[28] = 0x4C; + key_ring[4].value[29] = 0x4D; + key_ring[4].value[30] = 0x4E; + key_ring[4].value[31] = 0x4F; + key_ring[4].key_len = 32; + key_ring[4].key_state = KEY_ACTIVE; + + key_ring[9].value[0] = 0x90; + key_ring[9].value[1] = 0x91; + key_ring[9].value[2] = 0x92; + key_ring[9].value[3] = 0x93; + key_ring[9].value[4] = 0x94; + key_ring[9].value[5] = 0x95; + key_ring[9].value[6] = 0x96; + key_ring[9].value[7] = 0x97; + key_ring[9].value[8] = 0x98; + key_ring[9].value[9] = 0x99; + key_ring[9].value[10] = 0x9A; + key_ring[9].value[11] = 0x9B; + key_ring[9].value[12] = 0x9C; + key_ring[9].value[13] = 0x9D; + key_ring[9].value[14] = 0x9E; + key_ring[9].value[15] = 0x9F; + key_ring[9].value[16] = 0x90; + key_ring[9].value[17] = 0x91; + key_ring[9].value[18] = 0x92; + key_ring[9].value[19] = 0x93; + key_ring[9].value[20] = 0x94; + key_ring[9].value[21] = 0x95; + key_ring[9].value[22] = 0x96; + key_ring[9].value[23] = 0x97; + key_ring[9].value[24] = 0x98; + key_ring[9].value[25] = 0x99; + key_ring[9].value[26] = 0x9A; + key_ring[9].value[27] = 0x9B; + key_ring[9].value[28] = 0x9C; + key_ring[9].value[29] = 0x9D; + key_ring[9].value[30] = 0x9E; + key_ring[9].value[31] = 0x9F; + key_ring[9].key_len = 32; + key_ring[9].key_state = KEY_ACTIVE; + // Session Keys // 128 - 0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF -> ACTIVE key_ring[128].value[0] = 0x01; diff --git a/src/sa/internal/sa_interface_inmemory.template.c b/src/sa/internal/sa_interface_inmemory.template.c index 1ec1f9cf..4376ebc2 100644 --- a/src/sa/internal/sa_interface_inmemory.template.c +++ b/src/sa/internal/sa_interface_inmemory.template.c @@ -228,7 +228,7 @@ void sa_populate(void) // Security Associations // EMPTY SA - Not Used (SA_NONE) sa[0].spi = 0; - sa[0].sa_state = SA_NONE; + sa[0].sa_state = SA_UNKEYED; sa[0].est = 0; sa[0].ast = 0; sa[0].shivf_len = 0; @@ -271,10 +271,9 @@ void sa_populate(void) sa[2].ast = 0; sa[2].shivf_len = 12; sa[2].iv_len = 12; - sa[2].shsnf_len = 2; - sa[2].arsn_len = 2; sa[2].arsnw_len = 1; sa[2].arsnw = 5; + sa[2].arsn_len = ((sa[2].arsnw * 2) + 1); sa[2].gvcid_blk.tfvn = 0; sa[2].gvcid_blk.scid = SCID & 0x3FF; sa[2].gvcid_blk.vcid = 0; @@ -314,10 +313,10 @@ void sa_populate(void) sa[4].ast = 1; sa[4].shivf_len = 12; sa[4].iv_len = 12; - sa[4].shsnf_len = 2; + sa[4].abm_len = ABM_SIZE; sa[4].arsnw_len = 1; sa[4].arsnw = 5; - sa[4].arsn_len = 2; + sa[4].arsn_len = ((sa[4].arsnw * 2) + 1); sa[4].stmacf_len = 16; sa[4].gvcid_blk.tfvn = 0; sa[4].gvcid_blk.scid = SCID & 0x3FF; @@ -425,14 +424,14 @@ void sa_populate(void) sa[9].gvcid_blk.tfvn = 0x01; sa[9].gvcid_blk.scid = SCID & 0x3FF; sa[9].gvcid_blk.vcid = 0; - sa[9].gvcid_blk.mapid = TYPE_AOS; + sa[9].gvcid_blk.mapid = 0; // AOS - Authentication Only, HMAC_SHA512 (Keyed) // IV = 0...0, IV-Len = 16, MAC-Len = 16, TFVN = 1, VCID = 0, ARSNW = 5 // AKID = 10 sa[10].spi = 10; sa[10].akid = 10; - sa[10].sa_state = SA_KEYED; + sa[10].sa_state = SA_OPERATIONAL; sa[10].est = 0; sa[10].ast = 1; sa[10].acs_len = 1; @@ -441,10 +440,11 @@ void sa_populate(void) sa[10].arsnw = 5; sa[10].arsnw_len = 1; sa[10].arsn_len = 2; + sa[10].abm_len = ABM_SIZE; sa[10].gvcid_blk.tfvn = 0x01; sa[10].gvcid_blk.scid = SCID & 0x3FF; sa[10].gvcid_blk.vcid = 0; - sa[10].gvcid_blk.mapid = TYPE_AOS; + sa[10].gvcid_blk.mapid = 0; // AOS - Encryption Only, AES-GCM-256 (Keyed) // IV = 0...0, IV-Len = 16, MAC-Len = 0, TFVN = 1, VCID = 0, ARSNW = 5 @@ -467,7 +467,7 @@ void sa_populate(void) sa[11].gvcid_blk.tfvn = 0x01; sa[11].gvcid_blk.scid = SCID & 0x3FF; sa[11].gvcid_blk.vcid = 0; - sa[11].gvcid_blk.mapid = TYPE_AOS; + sa[11].gvcid_blk.mapid = 0; // AOS - Authenticated Encryption, AES-CBC-256 (Keyed) // IV = 0...0, IV-Len = 16, MAC-Len = 16, TFVN = 1, VCID = 0, ARSNW = 5 diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt index 63f9918c..083e99e5 100644 --- a/test/CMakeLists.txt +++ b/test/CMakeLists.txt @@ -67,11 +67,12 @@ endif() # COMMAND ${PROJECT_BINARY_DIR}/bin/ut_mariadb # WORKING_DIRECTORY ${PROJECT_TEST_DIR}) -if(${KMC_MDB_RH} OR ${KMC_MDB_DB}) +if((KMC_MDB_DB OR KMC_MDB_RH)) add_test(NAME UT_TC_KMC COMMAND ${PROJECT_BINARY_DIR}/bin/ut_tc_kmc WORKING_DIRECTORY ${PROJECT_TEST_DIR}) - + +endif() # add_test(NAME UT_SADB_ERR_CASES_KMC_CRYPTO # COMMAND ${PROJECT_BINARY_DIR}/bin/ut_sa_err_cases_kmc_crypto # WORKING_DIRECTORY ${PROJECT_TEST_DIR}) @@ -104,7 +105,7 @@ if(${KMC_MDB_RH} OR ${KMC_MDB_DB}) # add_test(NAME UT_KMC_CRYPTO_AUTH_ONLY # COMMAND ${PROJECT_BINARY_DIR}/bin/ut_kmc_crypto_auth_only # WORKING_DIRECTORY ${PROJECT_TEST_DIR}) -endif() +#endif() if(TEST_ENC) add_test(NAME ET_DT_VALIDATION diff --git a/test/unit/et_dt_validation.c b/test/unit/et_dt_validation.c index d8e8e784..353b3df4 100644 --- a/test/unit/et_dt_validation.c +++ b/test/unit/et_dt_validation.c @@ -263,10 +263,15 @@ UTEST(DT_VALIDATION, AUTH_DECRYPTION_TEST) // Expose SA 1 for testing sa_if->sa_get_from_spi(1, &test_association); test_association->ecs = CRYPTO_CIPHER_NONE; + test_association->shivf_len = 0; + test_association->iv_len = 0; + test_association->shsnf_len = 0; + test_association->arsn_len = 0; - // Expose SA 4 for testing + // Expose SA 7 for testing sa_if->sa_get_from_spi(4, &test_association); test_association->sa_state = SA_KEYED; + test_association->abm_len = ABM_SIZE; // Ensure that Process Security can activate SA 4 return_val = Crypto_TC_ProcessSecurity(activate_sa4_b, &activate_sa4_len, tc_sdls_processed_frame); @@ -282,8 +287,18 @@ UTEST(DT_VALIDATION, AUTH_DECRYPTION_TEST) test_association->iv[11] = 0; test_association->ast = 1; test_association->est = 1; + test_association->ekid = 130; + test_association->ecs_len = 1; + test_association->shivf_len = 12; + test_association->iv_len = 12; + test_association->stmacf_len = 16; + test_association->arsnw_len = 1; + test_association->abm_len = ABM_SIZE; + test_association->arsnw = 5; + test_association->arsn_len = 0; test_association->sa_state = SA_OPERATIONAL; test_association->ecs = CRYPTO_CIPHER_AES256_GCM; + test_association->arsn_len = ((test_association->arsnw * 2) + 1); return_val = Crypto_TC_ProcessSecurity(dec_test_ping_b, &dec_test_ping_len, tc_sdls_processed_frame); ASSERT_EQ(9, return_val); // 9 is the number of pings in that EP PDU. @@ -359,8 +374,18 @@ UTEST(NIST_ENC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0) test_association->sa_state = SA_NONE; // Activate SA 9 sa_if->sa_get_from_spi(9, &test_association); - test_association->arsn_len = 0; test_association->sa_state = SA_OPERATIONAL; + test_association->est = 1; + test_association->ast = 0; + test_association->ecs_len = 1; + test_association->acs_len = 1; + test_association->shivf_len = 12; + test_association->abm_len = 1024; + test_association->arsnw_len = 1; + test_association->arsnw = 5; + test_association->arsn_len = 11; + test_association->gvcid_blk.tfvn = 0; + test_association->gvcid_blk.mapid = TYPE_TC; test_association->ecs = CRYPTO_CIPHER_AES256_GCM; // Insert key into keyring of SA 9 @@ -428,7 +453,7 @@ UTEST(NIST_DEC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0) char* buffer_nist_key_h = "ef9f9284cf599eac3b119905a7d18851e7e374cf63aea04358586b0f757670f8"; char* buffer_nist_pt_h = "2003001600722ee47da4b77424733546c2d400c4e567a8"; char* buffer_nist_iv_h = "b6ac8e4963f49207ffd6374b"; - char* buffer_nist_et_h = "2003002500FF0009B6AC8E4963F49207FFD6374C1224DFEFB72A20D49E09256908874979AD6F"; + char* buffer_nist_et_h = "2003002500FF0009B6AC8E4963F49207FFD6374C00001224DFEFB72A20D49E09256908874979AD6F"; uint8_t* buffer_nist_pt_b, *buffer_nist_iv_b, *buffer_nist_et_b, *buffer_nist_key_b = NULL; int buffer_nist_pt_len, buffer_nist_iv_len, buffer_nist_et_len, buffer_nist_key_len = 0; @@ -444,11 +469,21 @@ UTEST(NIST_DEC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0) test_association->sa_state = SA_NONE; // Activate SA 9 sa_if->sa_get_from_spi(9, &test_association); - test_association->arsn_len = 0; test_association->sa_state = SA_OPERATIONAL; - sa_if->sa_get_from_spi(9, &test_association); + test_association->est = 1; + test_association->ast = 0; + test_association->ecs_len = 1; + test_association->acs_len = 1; + test_association->shivf_len = 12; + test_association->iv_len = 12; + test_association->abm_len = 1024; + test_association->arsnw_len = 1; + test_association->arsnw = 5; + test_association->arsn_len = 2; + test_association->gvcid_blk.tfvn = 0; + test_association->gvcid_blk.mapid = TYPE_TC; test_association->ecs = CRYPTO_CIPHER_AES256_GCM; - test_association->ast =1; + // Insert key into keyring of SA 9 hex_conversion(buffer_nist_key_h, (char**) &buffer_nist_key_b, &buffer_nist_key_len); ekp = key_if->get_key(test_association->ekid); @@ -460,7 +495,14 @@ UTEST(NIST_DEC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0) // Convert/Set input IV hex_conversion(buffer_nist_iv_h, (char**) &buffer_nist_iv_b, &buffer_nist_iv_len); memcpy(test_association->iv, buffer_nist_iv_b, buffer_nist_iv_len); - printf("NIST IV LEN: %d\n", buffer_nist_iv_len); + // for (int i = 0; i < buffer_nist_iv_len; i++) + // { + // printf("%02x\n", buffer_nist_iv_b[i]); + // ASSERT_EQ(*(ptr_enc_frame + enc_data_idx), buffer_nist_ct_b[i]); + // enc_data_idx++; + // } + + // Convert input encryptedtext hex_conversion(buffer_nist_et_h, (char**) &buffer_nist_et_b, &buffer_nist_et_len); @@ -527,10 +569,21 @@ UTEST(NIST_ENC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_1) test_association->sa_state = SA_NONE; // Activate SA 9 sa_if->sa_get_from_spi(9, &test_association); - test_association->arsn_len = 0; test_association->sa_state = SA_OPERATIONAL; + test_association->est = 1; + test_association->ast = 0; + test_association->ecs_len = 1; + test_association->acs_len = 0; + test_association->shivf_len = 12; + test_association->abm_len = 1024; + test_association->arsnw_len = 1; + test_association->arsnw = 5; + test_association->arsn_len = 11; + test_association->gvcid_blk.tfvn = 0; + test_association->gvcid_blk.mapid = TYPE_TC; test_association->ecs = CRYPTO_CIPHER_AES256_GCM; + // Insert key into keyring of SA 9 hex_conversion(buffer_nist_key_h, (char**) &buffer_nist_key_b, &buffer_nist_key_len); ekp = key_if->get_key(test_association->ekid); @@ -545,6 +598,9 @@ UTEST(NIST_ENC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_1) // Convert input ciphertext hex_conversion(buffer_nist_ct_h, (char**) &buffer_nist_ct_b, &buffer_nist_ct_len); + sa_if->sa_get_from_spi(9, &test_association); + + Crypto_TC_ApplySecurity(buffer_nist_pt_b, buffer_nist_pt_len, &ptr_enc_frame, &enc_frame_len); // Note: For comparison, interested in the TF payload (exclude headers and FECF if present) // Calc payload index: total length - pt length @@ -593,7 +649,8 @@ UTEST(NIST_DEC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_1) char* buffer_nist_key_h = "e9ccd6eef27f740d1d5c70b187734e11e76a8ac0ad1702ff02180c5c1c9e5399"; char* buffer_nist_pt_h = "2003001600419635e6e12b257a8ecae411f94480ff56be"; char* buffer_nist_iv_h = "1af2613c4184dbd101fcedcd"; - char* buffer_nist_et_h = "2003002500FF00091AF2613C4184DBD101FCEDCE9CD21F414F1F54D5F6F58B1F2F77E5B66987"; + //2003002500FF0009B6AC8E4963F49207FFD6374C00001224DFEFB72A20D49E09256908874979AD6F + char* buffer_nist_et_h = "2003002500FF00091AF2613C4184DBD101FCEDCE00009CD21F414F1F54D5F6F58B1F2F77E5B66987"; uint8_t* buffer_nist_pt_b, *buffer_nist_iv_b, *buffer_nist_et_b, *buffer_nist_key_b = NULL; int buffer_nist_pt_len, buffer_nist_iv_len, buffer_nist_et_len, buffer_nist_key_len = 0; @@ -609,8 +666,19 @@ UTEST(NIST_DEC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_1) test_association->sa_state = SA_NONE; // Activate SA 9 sa_if->sa_get_from_spi(9, &test_association); - test_association->arsn_len = 0; test_association->sa_state = SA_OPERATIONAL; + test_association->est = 1; + test_association->ast = 0; + test_association->ecs_len = 1; + test_association->acs_len = 0; + test_association->shivf_len = 12; + test_association->iv_len = 12; + test_association->abm_len = 1024; + test_association->arsnw_len = 1; + test_association->arsnw = 5; + test_association->arsn_len = 2; + test_association->gvcid_blk.tfvn = 0; + test_association->gvcid_blk.mapid = TYPE_TC; test_association->ecs = CRYPTO_CIPHER_AES256_GCM; // Insert key into keyring of SA 9 @@ -690,8 +758,18 @@ UTEST(NIST_ENC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_2) test_association->sa_state = SA_NONE; // Activate SA 9 sa_if->sa_get_from_spi(9, &test_association); - test_association->arsn_len = 0; test_association->sa_state = SA_OPERATIONAL; + test_association->est = 1; + test_association->ast = 0; + test_association->ecs_len = 1; + test_association->acs_len = 0; + test_association->shivf_len = 12; + test_association->abm_len = 1024; + test_association->arsnw_len = 1; + test_association->arsnw = 5; + test_association->arsn_len = 2; + test_association->gvcid_blk.tfvn = 0; + test_association->gvcid_blk.mapid = TYPE_TC; test_association->ecs = CRYPTO_CIPHER_AES256_GCM; // Insert key into keyring of SA 9 @@ -757,7 +835,7 @@ UTEST(NIST_DEC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_2) char* buffer_nist_key_h = "7ecc9dcb3d5b413cadc3af7b7812758bd869295f8aaf611ba9935de76bd87013"; char* buffer_nist_pt_h = "200300160073d4d7984ce422ac983797c0526ac6f9446b"; char* buffer_nist_iv_h = "6805be41e983717bf6781051"; - char* buffer_nist_et_h = "2003002500FF00096805BE41E983717BF6781052487211DD440F4D09D00BC5C3158A822C46E3"; + char* buffer_nist_et_h = "2003002500FF00096805BE41E983717BF67810520000487211DD440F4D09D00BC5C3158A822C46E3"; uint8_t* buffer_nist_pt_b, *buffer_nist_iv_b, *buffer_nist_et_b, *buffer_nist_key_b = NULL; int buffer_nist_pt_len, buffer_nist_iv_len, buffer_nist_et_len, buffer_nist_key_len = 0; @@ -773,8 +851,19 @@ UTEST(NIST_DEC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_2) test_association->sa_state = SA_NONE; // Activate SA 9 sa_if->sa_get_from_spi(9, &test_association); - test_association->arsn_len = 0; test_association->sa_state = SA_OPERATIONAL; + test_association->est = 1; + test_association->ast = 0; + test_association->ecs_len = 1; + test_association->acs_len = 0; + test_association->shivf_len = 12; + test_association->iv_len = 12; + test_association->abm_len = 1024; + test_association->arsnw_len = 1; + test_association->arsnw = 5; + test_association->arsn_len = 2; + test_association->gvcid_blk.tfvn = 0; + test_association->gvcid_blk.mapid = TYPE_TC; test_association->ecs = CRYPTO_CIPHER_AES256_GCM; // Insert key into keyring of SA 9 @@ -851,8 +940,19 @@ UTEST(NIST_ENC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_3) test_association->sa_state = SA_NONE; // Activate SA 9 sa_if->sa_get_from_spi(9, &test_association); - test_association->arsn_len = 0; test_association->sa_state = SA_OPERATIONAL; + test_association->est = 1; + test_association->ast = 0; + test_association->ecs_len = 1; + test_association->acs_len = 0; + test_association->shivf_len = 12; + test_association->iv_len = 12; + test_association->abm_len = 1024; + test_association->arsnw_len = 1; + test_association->arsnw = 5; + test_association->arsn_len = 2; + test_association->gvcid_blk.tfvn = 0; + test_association->gvcid_blk.mapid = TYPE_TC; test_association->ecs = CRYPTO_CIPHER_AES256_GCM; // Insert key into keyring of SA 9 @@ -918,7 +1018,7 @@ UTEST(NIST_DEC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_3) char* buffer_nist_key_h = "a881373e248615e3d6576f5a5fb68883515ae72d6a2938e3a6f0b8dcb639c9c0"; char* buffer_nist_pt_h = "200300160007d1dc9930e710b1ebe533c81f671101e43c"; char* buffer_nist_iv_h = "f0b744f157087df4e41818a8"; - char* buffer_nist_et_h = "2003002500FF0009F0B744F157087DF4E41818A9B65A2878B9DDDBD4A0204DAE6A6A6FC0C327"; + char* buffer_nist_et_h = "2003002500FF0009F0B744F157087DF4E41818A90000B65A2878B9DDDBD4A0204DAE6A6A6FC0C327"; uint8_t* buffer_nist_pt_b, *buffer_nist_iv_b, *buffer_nist_et_b, *buffer_nist_key_b = NULL; int buffer_nist_pt_len, buffer_nist_iv_len, buffer_nist_et_len, buffer_nist_key_len = 0; @@ -934,8 +1034,19 @@ UTEST(NIST_DEC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_3) test_association->sa_state = SA_NONE; // Activate SA 9 sa_if->sa_get_from_spi(9, &test_association); - test_association->arsn_len = 0; test_association->sa_state = SA_OPERATIONAL; + test_association->est = 1; + test_association->ast = 0; + test_association->ecs_len = 1; + test_association->acs_len = 0; + test_association->shivf_len = 12; + test_association->iv_len = 12; + test_association->abm_len = 1024; + test_association->arsnw_len = 1; + test_association->arsnw = 5; + test_association->arsn_len = 2; + test_association->gvcid_blk.tfvn = 0; + test_association->gvcid_blk.mapid = TYPE_TC; test_association->ecs = CRYPTO_CIPHER_AES256_GCM; // Insert key into keyring of SA 9 @@ -1012,8 +1123,19 @@ UTEST(NIST_ENC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_4) test_association->sa_state = SA_NONE; // Activate SA 9 sa_if->sa_get_from_spi(9, &test_association); - test_association->arsn_len = 0; test_association->sa_state = SA_OPERATIONAL; + test_association->est = 1; + test_association->ast = 0; + test_association->ecs_len = 1; + test_association->acs_len = 0; + test_association->shivf_len = 12; + test_association->iv_len = 12; + test_association->abm_len = 1024; + test_association->arsnw_len = 1; + test_association->arsnw = 5; + test_association->arsn_len = 2; + test_association->gvcid_blk.tfvn = 0; + test_association->gvcid_blk.mapid = TYPE_TC; test_association->ecs = CRYPTO_CIPHER_AES256_GCM; // Insert key into keyring of SA 9 @@ -1079,7 +1201,7 @@ UTEST(NIST_DEC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_4) char* buffer_nist_key_h = "84c90349539c2a7989cb24dfae5e4182382ae94ba717d385977017f74f0d87d6"; char* buffer_nist_pt_h = "200300160031c4e1d0ccece6b7a999bfc31f38559af5dd"; char* buffer_nist_iv_h = "eeddeaf4355c826dfd153392"; - char* buffer_nist_et_h = "2003002500FF0009EEDDEAF4355C826DFD1533935C6CFBDD06C19445ECF500C21AECA1738A7D"; + char* buffer_nist_et_h = "2003002500FF0009EEDDEAF4355C826DFD15339300005C6CFBDD06C19445ECF500C21AECA1738A7D"; uint8_t* buffer_nist_pt_b, *buffer_nist_iv_b, *buffer_nist_et_b, *buffer_nist_key_b = NULL; int buffer_nist_pt_len, buffer_nist_iv_len, buffer_nist_et_len, buffer_nist_key_len = 0; @@ -1095,8 +1217,19 @@ UTEST(NIST_DEC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_4) test_association->sa_state = SA_NONE; // Activate SA 9 sa_if->sa_get_from_spi(9, &test_association); - test_association->arsn_len = 0; test_association->sa_state = SA_OPERATIONAL; + test_association->est = 1; + test_association->ast = 0; + test_association->ecs_len = 1; + test_association->acs_len = 0; + test_association->shivf_len = 12; + test_association->iv_len = 12; + test_association->abm_len = 1024; + test_association->arsnw_len = 1; + test_association->arsnw = 5; + test_association->arsn_len = 2; + test_association->gvcid_blk.tfvn = 0; + test_association->gvcid_blk.mapid = TYPE_TC; test_association->ecs = CRYPTO_CIPHER_AES256_GCM; // Insert key into keyring of SA 9 @@ -1173,7 +1306,7 @@ UTEST(NIST_ENC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0) char* buffer_nist_pt_h = "200300060028C2"; // Empty Transfer frame char* buffer_nist_iv_h = "d79cf22d504cc793c3fb6c8a"; char* buffer_nist_aad_h = "b96baa8c1c75a671bfb2d08d06be5f36"; // Zeroed out by abm - char* buffer_cyber_chef_mac_h = "77e98911a1704df3d9745bc7b97cc66d"; + char* buffer_cyber_chef_mac_h = "b04cb89841f1591793f6e1bca1479d92"; uint8_t* buffer_nist_pt_b, *buffer_nist_iv_b, *buffer_nist_key_b, *buffer_nist_aad_b, *buffer_cyber_chef_mac_b = NULL; int buffer_nist_pt_len, buffer_nist_iv_len, buffer_nist_key_len, buffer_nist_aad_len, buffer_cyber_chef_mac_len = 0; @@ -1186,20 +1319,27 @@ UTEST(NIST_ENC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0) test_association->sa_state = SA_NONE; // Activate SA 9 sa_if->sa_get_from_spi(9, &test_association); - test_association->ast = 1; + test_association->sa_state = SA_OPERATIONAL; test_association->est = 0; - test_association->arsn_len = 0; + test_association->ast = 1; + test_association->ecs_len = 1; + test_association->acs_len = 0; test_association->shivf_len = 12; + test_association->iv_len = 12; test_association->abm_len = 1024; + memset(test_association->abm, 0xFF, (test_association->abm_len * sizeof(uint8_t))); // Bitmask test_association->stmacf_len = 16; - test_association->sa_state = SA_OPERATIONAL; + test_association->arsnw_len = 1; + test_association->arsnw = 5; + test_association->arsn_len = 2; + test_association->gvcid_blk.tfvn = 0; + test_association->gvcid_blk.mapid = TYPE_TC; test_association->ecs = CRYPTO_CIPHER_AES256_GCM; // Insert key into keyring of SA 9 hex_conversion(buffer_nist_key_h, (char**) &buffer_nist_key_b, &buffer_nist_key_len); ekp = key_if->get_key(test_association->ekid); memcpy(ekp->value, buffer_nist_key_b, buffer_nist_key_len); - // Convert input plaintext // TODO: Account for length of header and FECF (5+2) hex_conversion(buffer_nist_pt_h, (char**) &buffer_nist_pt_b, &buffer_nist_pt_len); @@ -1219,7 +1359,7 @@ UTEST(NIST_ENC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0) for (int i = 0; i < buffer_cyber_chef_mac_len; i++) { // printf("[%d] Truth: %02x, Actual: %02x\n", enc_data_idx, buffer_cyber_chef_mac_b[i], - // *(ptr_enc_frame+enc_data_idx)); + // *(ptr_enc_frame+enc_data_idx)); ASSERT_EQ(*(ptr_enc_frame + enc_data_idx), buffer_cyber_chef_mac_b[i]); enc_data_idx++; } @@ -1266,7 +1406,7 @@ UTEST(NIST_ENC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_1) char* buffer_nist_key_h = "78dc4e0aaf52d935c3c01eea57428f00ca1fd475f5da86a49c8dd73d68c8e223"; char* buffer_nist_pt_h = "200300060028C2"; // Empty Transfer frame char* buffer_nist_iv_h = "d79cf22d504cc793c3fb6c8a"; - char* buffer_cyber_chef_mac_h = "629c2143c30e2f8450b059cd559a7102"; + char* buffer_cyber_chef_mac_h = "b04cb89841f1591793f6e1bca1479d92"; uint8_t* buffer_nist_pt_b, *buffer_nist_iv_b, *buffer_nist_key_b, *buffer_cyber_chef_mac_b = NULL; int buffer_nist_pt_len, buffer_nist_iv_len, buffer_nist_key_len, buffer_cyber_chef_mac_len = 0; @@ -1278,14 +1418,21 @@ UTEST(NIST_ENC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_1) test_association->sa_state = SA_NONE; // Activate SA 9 sa_if->sa_get_from_spi(9, &test_association); - test_association->ast = 1; + test_association->sa_state = SA_OPERATIONAL; test_association->est = 0; - test_association->arsn_len = 0; + test_association->ast = 1; + test_association->ecs_len = 1; + test_association->acs_len = 0; test_association->shivf_len = 12; + test_association->iv_len = 12; test_association->abm_len = 1024; memset(test_association->abm, 0xFF, (test_association->abm_len * sizeof(uint8_t))); // Bitmask test_association->stmacf_len = 16; - test_association->sa_state = SA_OPERATIONAL; + test_association->arsnw_len = 1; + test_association->arsnw = 5; + test_association->arsn_len = 2; + test_association->gvcid_blk.tfvn = 0; + test_association->gvcid_blk.mapid = TYPE_TC; test_association->ecs = CRYPTO_CIPHER_AES256_GCM; // Insert key into keyring of SA 9 @@ -1311,7 +1458,7 @@ UTEST(NIST_ENC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_1) for (int i = 0; i < buffer_cyber_chef_mac_len; i++) { - //printf("[%d] Truth: %02x, Actual: %02x\n", enc_data_idx, buffer_cyber_chef_mac_b[i], + // printf("[%d] Truth: %02x, Actual: %02x\n", enc_data_idx, buffer_cyber_chef_mac_b[i], // *(ptr_enc_frame + enc_data_idx)); ASSERT_EQ(*(ptr_enc_frame + enc_data_idx), buffer_cyber_chef_mac_b[i]); enc_data_idx++; @@ -1351,13 +1498,13 @@ UTEST(NIST_DEC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0) // NIST supplied vectors char* buffer_nist_key_h = "78dc4e0aaf52d935c3c01eea57428f00ca1fd475f5da86a49c8dd73d68c8e223"; char* buffer_nist_iv_h = "d79cf22d504cc793c3fb6c89"; - char* buffer_cyber_chef_mac_h = "34d0e323f5e4b80426401d4aa37930da"; + char* buffer_cyber_chef_mac_h = "E7BB31D506998FCBDA078E66D5680194"; char* buffer_nist_pt_h = "722ee47da4b77424733546c2d400c4e5"; // Create a MAC'd frame by adding our headers and a fecf - // | Header | SPI | iv | plaintext | mac |fecf| + // | Header | SPI | iv | plaintext | mac |fecf| char* buffer_nist_mac_frame_h = - "2003003500FF0009D79CF22D504CC793C3FB6C8A722ee47da4b77424733546c2d400c4e534d0e323f5e4b80426401d4aa37930daf55f"; + "2003003700FF0009D79CF22D504CC793C3FB6C8A0000722ee47da4b77424733546c2d400c4e5E7BB31D506998FCBDA078E66D5680194B401"; uint8_t* buffer_nist_iv_b, *buffer_nist_pt_b, *buffer_nist_key_b, *buffer_cyber_chef_mac_b, *buffer_nist_mac_frame_b, *buffer_nist_cp_b = NULL; @@ -1378,13 +1525,17 @@ UTEST(NIST_DEC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0) sa_if->sa_get_from_spi(9, &test_association); test_association->ast = 1; test_association->est = 0; - test_association->arsn_len = 0; + test_association->arsn_len = 2; + test_association->arsnw_len = 1; test_association->abm_len = 1024; memset(test_association->abm, 0xFF, (test_association->abm_len * sizeof(uint8_t))); test_association->shivf_len = 12; + test_association->iv_len = 12; test_association->stmacf_len = 16; test_association->sa_state = SA_OPERATIONAL; test_association->ecs = CRYPTO_CIPHER_AES256_GCM; + test_association->gvcid_blk.tfvn = 0; + // Insert key into keyring of SA 9 hex_conversion(buffer_nist_key_h, (char**) &buffer_nist_key_b, &buffer_nist_key_len); @@ -1487,7 +1638,7 @@ UTEST(NIST_DEC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0_BAD_DATA) // Create a MAC'd frame by adding our headers and a fecf // | Header | SPI | iv | plaintext | mac |fecf| char* buffer_nist_mac_frame_h = - "2003003500FF0009D79CF22D504CC793C3FB6C8A722ee47da4b77424733546c2d400c40034d0e323f5e4b80426401d4aa37930da123b"; + "2003003700FF0009D79CF22D504CC793C3FB6C8A0000722ee47da4b77424733546c2d400c40034d0e323f5e4b80426401d4aa37930da123b"; uint8_t* buffer_nist_iv_b, *buffer_nist_pt_b, *buffer_nist_key_b, *buffer_cyber_chef_mac_b, *buffer_nist_mac_frame_b, *buffer_nist_cp_b = NULL; @@ -1508,13 +1659,16 @@ UTEST(NIST_DEC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0_BAD_DATA) sa_if->sa_get_from_spi(9, &test_association); test_association->ast = 1; test_association->est = 0; - test_association->arsn_len = 0; + test_association->arsn_len = 2; + test_association->arsnw_len = 1; test_association->abm_len = 1024; memset(test_association->abm, 0xFF, (test_association->abm_len * sizeof(uint8_t))); test_association->shivf_len = 12; + test_association->iv_len = 12; test_association->stmacf_len = 16; test_association->sa_state = SA_OPERATIONAL; test_association->ecs = CRYPTO_CIPHER_AES256_GCM; + test_association->gvcid_blk.tfvn = 0; // Insert key into keyring of SA 9 hex_conversion(buffer_nist_key_h, (char**) &buffer_nist_key_b, &buffer_nist_key_len); @@ -1616,13 +1770,16 @@ UTEST(NIST_DEC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0_BAD_MAC) sa_if->sa_get_from_spi(9, &test_association); test_association->ast = 1; test_association->est = 0; - test_association->arsn_len = 0; + test_association->arsn_len = 2; + test_association->arsnw_len = 1; test_association->abm_len = 1024; memset(test_association->abm, 0xFF, (test_association->abm_len * sizeof(uint8_t))); test_association->shivf_len = 12; + test_association->iv_len = 12; test_association->stmacf_len = 16; test_association->sa_state = SA_OPERATIONAL; test_association->ecs = CRYPTO_CIPHER_AES256_GCM; + test_association->gvcid_blk.tfvn = 0; // Insert key into keyring of SA 9 hex_conversion(buffer_nist_key_h, (char**) &buffer_nist_key_b, &buffer_nist_key_len); @@ -1719,7 +1876,6 @@ UTEST(NIST_ENC_CMAC_VALIDATION, AES_CMAC_256_PT_128_TEST_0) sa_if->sa_get_from_spi(9, &test_association); test_association->ast = 1; test_association->est = 0; - test_association->arsn_len = 0; test_association->shivf_len = 0; test_association->iv_len = 0; test_association->shsnf_len = 4; @@ -1729,9 +1885,12 @@ UTEST(NIST_ENC_CMAC_VALIDATION, AES_CMAC_256_PT_128_TEST_0) test_association->stmacf_len = 16; test_association->sa_state = SA_OPERATIONAL; test_association->ecs = CRYPTO_CIPHER_NONE; + test_association->acs_len = 1; test_association->acs = CRYPTO_MAC_CMAC_AES256; test_association->ekid = 0; test_association->akid = 136; + test_association->gvcid_blk.tfvn = 0; + //sa_if->sa_get_from_spi(9, &test_association); // Insert key into keyring of SA 9 hex_conversion(buffer_nist_key_h, (char**) &buffer_nist_key_b, &buffer_nist_key_len); @@ -1830,6 +1989,7 @@ UTEST(NIST_ENC_CMAC_VALIDATION, AES_CMAC_256_PT_128_TEST_1) test_association->acs = CRYPTO_MAC_CMAC_AES256; test_association->ekid = 0; test_association->akid = 136; + test_association->gvcid_blk.tfvn = 0; // Insert key into keyring of SA 9 hex_conversion(buffer_nist_key_h, (char**) &buffer_nist_key_b, &buffer_nist_key_len); @@ -2122,6 +2282,7 @@ UTEST(NIST_ENC_HMAC_VALIDATION, SHA_256_PT_128_TEST_0) test_association->acs = CRYPTO_MAC_HMAC_SHA256; test_association->ekid = 0; test_association->akid = 136; + test_association->gvcid_blk.tfvn = 0; // Insert key into keyring of SA 9 hex_conversion(buffer_nist_key_h, (char **)&buffer_nist_key_b, &buffer_nist_key_len); @@ -2220,6 +2381,7 @@ UTEST(NIST_ENC_HMAC_VALIDATION, SHA_256_PT_128_TEST_1) test_association->acs = CRYPTO_MAC_HMAC_SHA256; test_association->ekid = 0; test_association->akid = 136; + test_association->gvcid_blk.tfvn = 0; // Insert key into keyring of SA 9 hex_conversion(buffer_nist_key_h, (char **)&buffer_nist_key_b, &buffer_nist_key_len); @@ -2319,6 +2481,7 @@ UTEST(NIST_ENC_HMAC_VALIDATION, SHA_512_PT_128_TEST_0) test_association->acs = CRYPTO_MAC_HMAC_SHA512; test_association->ekid = 0; test_association->akid = 136; + test_association->gvcid_blk.tfvn = 0; // Insert key into keyring of SA 9 hex_conversion(buffer_nist_key_h, (char **)&buffer_nist_key_b, &buffer_nist_key_len); @@ -2415,6 +2578,7 @@ UTEST(NIST_ENC_HMAC_VALIDATION, SHA_512_PT_128_TEST_1) test_association->acs = CRYPTO_MAC_HMAC_SHA512; test_association->ekid = 0; test_association->akid = 136; + test_association->gvcid_blk.tfvn = 0; // Insert key into keyring of SA 9 hex_conversion(buffer_nist_key_h, (char **)&buffer_nist_key_b, &buffer_nist_key_len); @@ -2511,6 +2675,7 @@ UTEST(NIST_DEC_HMAC_VALIDATION, SHA_256_PT_128_TEST_0) test_association->acs = CRYPTO_MAC_HMAC_SHA256; test_association->ekid = 0; test_association->akid = 136; + test_association->gvcid_blk.tfvn = 0; TC_t *tc_sdls_processed_frame; tc_sdls_processed_frame = calloc(1, sizeof(uint8_t) * TC_SIZE); @@ -2611,6 +2776,7 @@ UTEST(NIST_DEC_HMAC_VALIDATION, SHA_256_PT_128_TEST_1) test_association->acs = CRYPTO_MAC_HMAC_SHA256; test_association->ekid = 0; test_association->akid = 136; + test_association->gvcid_blk.tfvn = 0; TC_t *tc_sdls_processed_frame; tc_sdls_processed_frame = calloc(1, sizeof(uint8_t) * TC_SIZE); @@ -2707,6 +2873,7 @@ UTEST(NIST_DEC_HMAC_VALIDATION, SHA_512_PT_128_TEST_0) test_association->acs = CRYPTO_MAC_HMAC_SHA512; test_association->ekid = 0; test_association->akid = 136; + test_association->gvcid_blk.tfvn = 0; TC_t *tc_sdls_processed_frame; tc_sdls_processed_frame = calloc(1, sizeof(uint8_t) * TC_SIZE); @@ -2801,6 +2968,7 @@ UTEST(NIST_DEC_HMAC_VALIDATION, SHA_512_PT_128_TEST_1) test_association->acs = CRYPTO_MAC_HMAC_SHA512; test_association->ekid = 0; test_association->akid = 136; + test_association->gvcid_blk.tfvn = 0; TC_t *tc_sdls_processed_frame; tc_sdls_processed_frame = calloc(1, sizeof(uint8_t) * TC_SIZE); @@ -2939,6 +3107,7 @@ UTEST(NIST_ENC_HMAC_VALIDATION, SHA_512_SHORT_KEY) test_association->acs = CRYPTO_MAC_HMAC_SHA512; test_association->ekid = 0; test_association->akid = 136; + test_association->gvcid_blk.tfvn = 0; // Insert key into keyring of SA 9 hex_conversion(buffer_nist_key_h, (char **)&buffer_nist_key_b, &buffer_nist_key_len); @@ -3024,6 +3193,7 @@ UTEST(NIST_DEC_HMAC_VALIDATION, SHA_512_SHORT_KEY) test_association->acs = CRYPTO_MAC_HMAC_SHA512; test_association->ekid = 0; test_association->akid = 136; + test_association->gvcid_blk.tfvn = 0; TC_t *tc_sdls_processed_frame; tc_sdls_processed_frame = calloc(1, sizeof(uint8_t) * TC_SIZE); diff --git a/test/unit/ut_aos_apply.c b/test/unit/ut_aos_apply.c index 68e89c08..e54349ce 100644 --- a/test/unit/ut_aos_apply.c +++ b/test/unit/ut_aos_apply.c @@ -140,7 +140,7 @@ UTEST(AOS_APPLY, HAPPY_PATH_CLEAR_FECF) hex_conversion(test_aos_h, &test_aos_b, &test_aos_len); // Truth frame setup - char* truth_aos_h = "40C000000000000E112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA4e7b"; + char* truth_aos_h = "40C000000000000A112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA778A1E133306963F1D9DCA32D6D60C23966A"; char* truth_aos_b = NULL; int truth_aos_len = 0; hex_conversion(truth_aos_h, &truth_aos_b, &truth_aos_len); @@ -152,14 +152,12 @@ UTEST(AOS_APPLY, HAPPY_PATH_CLEAR_FECF) status = Crypto_AOS_ApplySecurity((uint8_t*)test_aos_b); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - printf("WTF\n"); char* error_enum = Crypto_Get_Error_Code_Enum_String(status); ASSERT_STREQ("CRYPTO_LIB_SUCCESS",error_enum); - printf("WTF2\n"); // Now, byte by byte verify the static frame in memory is what we expect (updated SPI and FECF) for(int i=0; i < current_managed_parameters_struct.max_frame_size; i++) { - // printf("Checking %02x against %02X\n", (uint8_t)test_aos_b[i], (uint8_t)*(truth_aos_b + i)); + printf("Checking %02x against %02X\n", (uint8_t)test_aos_b[i], (uint8_t)*(truth_aos_b + i)); ASSERT_EQ((uint8_t)test_aos_b[i], (uint8_t)*(truth_aos_b + i)); } @@ -198,7 +196,7 @@ UTEST(AOS_APPLY, HAPPY_PATH_CLEAR_FECF_LEFT_BLANK) hex_conversion(test_aos_h, &test_aos_b, &test_aos_len); // Truth frame setup - char* truth_aos_h = "40C000000000000E112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA0000"; + char* truth_aos_h = "40C000000000000A112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA3756F72DE2633CF59B14F1D89A5A7C67BBAABBAA0000"; char* truth_aos_b = NULL; int truth_aos_len = 0; hex_conversion(truth_aos_h, &truth_aos_b, &truth_aos_len); @@ -217,7 +215,7 @@ UTEST(AOS_APPLY, HAPPY_PATH_CLEAR_FECF_LEFT_BLANK) // Now, byte by byte verify the static frame in memory is equivalent to what we started with for(int i=0; i < current_managed_parameters_struct.max_frame_size; i++) { - // printf("Checking %02x against %02X\n", (uint8_t)test_aos_b[i], (uint8_t)*(truth_aos_b + i)); + printf("Checking %02x against %02X\n", (uint8_t)test_aos_b[i], (uint8_t)*(truth_aos_b + i)); ASSERT_EQ((uint8_t)test_aos_b[i], (uint8_t)*(truth_aos_b + i)); } @@ -256,7 +254,7 @@ UTEST(AOS_APPLY, HAPPY_PATH_CLEAR_FHEC_FECF) hex_conversion(test_aos_h, &test_aos_b, &test_aos_len); // Truth frame setup - char* truth_aos_h = "40C0000000008888000E112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA5d86"; + char* truth_aos_h = "40C0000000008888000A112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA3756F72DE2633CF59B14F1D89A5A7C67BBAABBAAD055"; char* truth_aos_b = NULL; int truth_aos_len = 0; hex_conversion(truth_aos_h, &truth_aos_b, &truth_aos_len); @@ -375,7 +373,7 @@ UTEST(AOS_APPLY, AES_CMAC_256_TEST_BITMASK_1) hex_conversion(test_aos_h, &test_aos_b, &test_aos_len); // Truth frame setup - char* truth_aos_h = "40C000000000000F112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA73f3bef638ea5fe682c5b0b8a6b429749938"; + char* truth_aos_h = "40C000000000000A112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA778A1E133306963F1D9DCA32D6D60C23966A"; char* truth_aos_b = NULL; int truth_aos_len = 0; hex_conversion(truth_aos_h, &truth_aos_b, &truth_aos_len); @@ -444,7 +442,7 @@ UTEST(AOS_APPLY, AES_CMAC_256_TEST_BITMASK_0) hex_conversion(test_aos_h, &test_aos_b, &test_aos_len); // Truth frame setup - char* truth_aos_h = "40C000000000000F112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA5db19eb46f096b17bbe72c50448218d98799"; + char* truth_aos_h = "40C000000000000B112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA5DB19EB46F096B17BBE72C50448218D93872"; char* truth_aos_b = NULL; int truth_aos_len = 0; hex_conversion(truth_aos_h, &truth_aos_b, &truth_aos_len); @@ -455,13 +453,40 @@ UTEST(AOS_APPLY, AES_CMAC_256_TEST_BITMASK_0) aos_frame_pri_hdr.vcid = ((uint8_t)test_aos_b[1] & 0x3F); // Expose/setup SA for testing - // Configure SA 14 off - sa_if->sa_get_from_spi(14, &sa_ptr); + sa_if->sa_get_from_spi(10, &sa_ptr); //Disable SPI 10 sa_ptr->sa_state = SA_KEYED; - // Configure SA 15 on - sa_if->sa_get_from_spi(15, &sa_ptr); + sa_if->sa_get_from_spi(11, &sa_ptr); // Enable and setup 11 sa_ptr->sa_state = SA_OPERATIONAL; + sa_ptr->akid = 130; + sa_ptr->ekid = 0; + sa_ptr->est = 0; + sa_ptr->ast = 1; + sa_ptr->acs_len = 1; + sa_ptr->ecs_len = 0; + sa_ptr->acs = CRYPTO_MAC_CMAC_AES256; + sa_ptr->stmacf_len = 16; + sa_ptr->abm_len = ABM_SIZE; + sa_ptr->gvcid_blk.scid = SCID & 0x3FF; + sa_ptr->iv_len = 0; + sa_ptr->shivf_len = 0; + sa_ptr->shsnf_len = 0; + memset(sa_ptr->abm, 0x00, (sa_ptr->abm_len * sizeof(uint8_t))); // Bitmask of ones + + // sa_if->sa_get_from_spi(10, &sa_ptr); + // sa_ptr->sa_state = SA_KEYED; + + // sa_if->sa_get_from_spi(11, &sa_ptr); + // sa_ptr->sa_state = SA_OPERATIONAL; + // sa_ptr->akid=130; + // sa_ptr->est = 0; + // sa_ptr->ast = 1; + // sa_ptr->acs_len = 1; + // sa_ptr->acs = CRYPTO_MAC_CMAC_AES256; + // sa_ptr->stmacf_len = 16; + // sa_ptr->abm_len = ABM_SIZE; + + memset(sa_ptr->abm, 0x00, (sa_ptr->abm_len * sizeof(uint8_t))); // Bitmask status = Crypto_AOS_ApplySecurity((uint8_t*)test_aos_b); @@ -516,7 +541,7 @@ UTEST(AOS_APPLY, AES_GCM) hex_conversion(test_aos_h, &test_aos_b, &test_aos_len); // Truth frame setup - char* truth_aos_h = "40C00000000000100000000000000000000000000000000010df143c92a39b3568cc9916c9d06c715bf8017168f88ef107a8016a03207f7d12fe4ccd79ab24043982fe6a8b9675c3b819e2d7dfad32bd85381fb54544d76668a6ab58b988158702e91afe55cd71f1ba50d72bbd1ccc41529101ee1a39c46ecd8a7feb503444606611239d31102dc6371b0e2152dd301e3268d0a45e1bcb58779642e883b6a26546094ba39fb0ce11b39c49092c9b366059e773e4789052311a465f39ba677458510c09826f1ea580fa5c9d5b9677ede38e46fc33fe8d303f9529c15c2bed4c879c5bfdacd86210a431e0f3852b3798369ae1230b4ed5ae66e153757508ead77e85ddac804e8a409cca8b9d3cef0dd1d0298bcdbda1dda336d66ee6b59f2f10ffa6d4bf99885b9082b83cd20c9a44a002c460530a9741e26e78b6e8f9349df8e618b904ed01306ee9ed3a389374efe43e5ed2bcd528943057762f9dc1d392fe2dd2fc6d9cab9e347a25839c07ba47113bad0633b6b5f09228be87631cc1538c2f6e79e9df0f18d658bd8b3ac45b396cfeadd1700ca2ec95cdbe38e5ec013c74cd68d0035bb975c392f5116b661a928bf113c3cacc801a84cbd3f8d3dc2273e0c5270d656648a48db16f860e4a36ee7e8979da4135e40e6952041a0d16b6f51cf67519b80a472b4cf5614d5a0b18dd755b7c8d63936e43de25a3cdf0d03179aebd5cc85fa1cc0c03fbdd240dd878d647619cbf367a7e486e572c5636c7a7d9b517c565a547597d311b69110985b5f7c5d47904a6f6699e93c02ea7559d4ba94d139824e9ef0840ad3e31afdaaa71f7baba8835d568443b0dab10a4f40043160fde9961038bcb823ab570bac0e609e17311a6b0edab4fce98f8df059194393f5109e766f6bf7e21c9a4441acff0cfd28658d48304331cb0c982da833c94cf6a7aadc8e2a696b69df49efcd7efadfd2e95bd3a9ab605c221e08b5f61f3aff2496b7c89f98a76aa305116220c50142cfa4490916f7a6b8732839280d39a402d87ff7e7b1f71b6a243c316307e82b16071ad18e99a548bacc4ed648df49c6eafca0db764b98c75a9e953161cb6d384421b473f95d6801d5413dbde4373abab3269c0fade85ab66a9beea1d32462796dac0024f44ade919286b5e92488e52b51ada1deb0730c9b2e66b9b3c75dab5194cf452cb626ea4d9425b28e6d97a9d93d5c61d1fd02eea18d2b42058de6453abac1165740be3c352d7291f8df7abd0c24e90bc8fbdadc32c31942e82f09f74f3ff75e20e597d87d136998b94d99370a8d6c3eedf44503ccc2d7d560a3c068f8914fb67a976cb15d3be212bc549b26613113a509079ad19e5abd26467e26571c98f17e248e31ad5b0f489a05b71e38725574e9a076bf55d546f970cbc1892801b6a4b4bc7e3b82723cf251dcf3bfee0cb3b8c54a51a99d5272e8165a6cf8b2b05a549d091090c8b7a623541f2b29542eecc1234bc172038f8fcb0fe14413601f2d255708e4a30a789ec92a3f7bb286c80899886d2f59edfe5e120039b2e0e6fce7fa81dd15b14c61afc0c334015cf975b42cb53bc33dc511c6aac87f1e38f48287c4ede88b8a22ab013200d4d894709bc0668ac5ff06add5c28ef3764e3a6f51ba519256574734b0ad395d80ee886018ce0a1b935b1af4747b47011eb030c2ca2ab77cf33019cfca4bbbde219d32666ce9a2db7a9e1f0f3fdff22a0b2cf6d245f0c5de470a40025a9f2e743c1fd626a01eb34293544c3dee8b72892c8a2d4fbe0cb2dec2bda572ba4a1246b811331d80e5078b310eb9090a89216b390df62671425f89e73ca736e49848368be1eca4cc5c3036df2dcee5ca648d199f64b9bb792a2b7eb7ddc5ae43f35bcd9b9a7f4b9b8d493f958666af4dff6a2dec6a4ca908cd67f98d8845a631b3ecff4c5e527a0654ae737885885425f6780da2e53f4e612ee8caf42e4d25cec899e7788e1652f0aa1536c488df58f750b7b63a1573d4df0e3eda5c8359daae006269cc4f79aab4360ce37b2227bc17a7feb2bd62108404b9d4ec6ca9d4a2c903a34d03db5d68004d5235789e61a22ec75f98680b0829cbf905668c9631a5157d39d73d1ab7e558ae6ced855939ea79b80f7256dc29fbf01bacbd718e96916218e41c3fb221f5b9ac58eb3bb694edfc60a9a518f392ba97d542034d17cba204ea92572677c3b6af86383f013fb537ba8441d1b8f645289d8c1347377f3698a830aa82ebe9123808eb105ef216502cee4cd7ef05a14f1e87b5a66eb937a5f7dfd704fb6ad693c90c941a3e4853a148ada9269de95852b412d4d9fc8920120835156c0c6ed168027115535edbf4ff5b72a3f556234c68245c604188572d3a372a898bd6a439bd4a8d6402b28260e81ece7bbf0cdf5a2a2983403289cb060f81d3aedf8b4a82dcdadfed35a86a8b6df4d57801f7718a15660f9b03e0c0450a717e14e92e278d65cc11b7e07277b6992050f69a101af3c11340d640ef7a98d89c32f485221351edc"; + char* truth_aos_h = "40C000000000000ACCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA778A1E133306963F1D9DCA32D6D60C23C5D4"; char* truth_aos_b = NULL; int truth_aos_len = 0; hex_conversion(truth_aos_h, &truth_aos_b, &truth_aos_len); @@ -532,8 +557,10 @@ UTEST(AOS_APPLY, AES_GCM) sa_ptr->sa_state = SA_KEYED; // Configure SA 16 on - sa_if->sa_get_from_spi(16, &sa_ptr); + sa_if->sa_get_from_spi(11, &sa_ptr); sa_ptr->sa_state = SA_OPERATIONAL; + sa_ptr->ecs = CRYPTO_CIPHER_AES256_GCM; + sa_ptr->shplf_len = 0; status = Crypto_AOS_ApplySecurity((uint8_t*)test_aos_b); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); @@ -588,7 +615,7 @@ UTEST(AOS_APPLY, AEAD_GCM_BITMASK_1) hex_conversion(test_aos_h, &test_aos_b, &test_aos_len); // Truth frame setup - char* truth_aos_h = "40C00000000000110000000000000000000000000000000010df143c92a39b3568cc9916c9d06c715bf8017168f88ff016b9107b12316e6c03ef5ddc68ba35152893ef7b9a8764d2a908f3c6cebc23ac94290ea45455c67779b7ba49a899049613f80bef44dc60e0ab41c63aac0ddd50438010ff0b28d57fdc9b6efa412555717700328c20013cd7260a1f3043cc210f2379c1b54f0ada49668753f992a7b37457185ab28ea1df00a28d58183d8a277148f662f5698143200b574e28ab766549401d18937e0fb491eb4d8c4a8766fcf29f57ed22ef9c212e8438d04d3afc5d968d4aecbdc97301b520f1e2943a2689278bf0321a5fc4bf77f042646419fbc66f94ccbd915f9b518ddb9a8c2dfe1cc0c1389adcacb0ccb227c77ff7a48e3e01eeb7c5ae88994a8193a92dc31d8b55b113d571421b8650f37f69a7f9e8258ce9f709a815fc10217ff8fc2b298265fef52f4fc3adc439852146673e8cd0c283ef3cc3ed7c8dba8f256b34928d16ab56002abc1722a7a4e18339af96720dd0429d3e7f68f8ce1e09c749ac9a2bd54a287defbcc0611db3fd84dcaf29f4fd102d65dc79c1124aa864d283e4007a770b839ae002d2dbdd910b95dac2e9c2cd3362f1d4361c747759b59ca07e971f5b27ff6f9868cb5024f51f7843150b1c07a7e40de76408a91b563a5de4705c4b1a09cc644a6d9c72827f52cf34b2dce1c12068bfac4dd94eb0dd1d12eacc351cc969c756708dae276b6f597f463d4727d6b6c8a406d474b456486c200a78001894a4e6d4c56815b7e7788f82d13fb6448c5ab85c028935f8fe1951bc2f20becbbb60e6abab9924c479552a1cba01b5e51152071ecf8870129ada932ba461abd1f718f06200b7a1fcba5edf89e9ce148085282e4018f677e7ae6f30d8b5550bdee1dec39749c59215220da1d893cb922d85de7b6bbcd9f3b787a78ce58fedc6febcec3f84ac2b8ba714d330f19a4e70e2bee3587a6d98e89b67bb214007331d41053deb5581807e6b7a9623928391c28b513c96ee6f6a0e60a7b352d207216f93a07160bc09f88b459abdd5fc759ce58d7fbedb1ca675a89d64b8f842070da7c295530a562e84c7910c4502cacf5262baba2378d1ebcf94ba77b8affb0c23573687cbd1135e55bcf808397a4f83599f43a40bcb0cfa1621d8a3f77a8a2d64cba4085de543da737fb5c8534a39f7c86b8c82c4d70c0ec13ffb09c3a53149cf7542babd0074651af2d243c6380e9ce6bac1d35f81ad9eacbcd23d20853f93e18e65e2ee64f31f486c96c027889a85c88261b9c7d2ffce55412ddd3c6c471b2d179e9805ea76b867da04c2af303ad458a37702002b418168bc08f4bac37576f37460d89e06f359f20bc4a1e598b14a60f29634465f8b167ae44c457e861dad0983910a7b5a5ad6f2a93632de340cde2aeff1da2a9d45b40b88c4363f9074b7de9a3a14b458c180181d9a6b732450e3a38453ffdd0325ad063129e9eda1ef05502710e3c344619f5b21b698fd83b2e6aa397d91988997c3e48fcef4f031128a3f1f7edf6eb90cc04a05d70bed1d225104de864a53da42ad22cd400d7bbd96e0f29e59396d5fcf99a9b33ba102311c5c985618ad1779bd4ee17bcc4d39fe2675f2b7e40ab408347465625a1bc284c91ff997109df1b0a824a0be5656a56100fa121d3db3ba66de22108dedb5aaacf308c23777df8b3ca6b8f0e1e2ecee33b1a3de7c354e1d4cf561b51134b8e3f652d0ec737b10fa25382455d2cff9a63983d9b3c5eaf1da3cfd3acb463ab5b0357a900220c91f4169a201fa8181b98307a281ce73760534e98f62db627f58959279af0fdb5dd4d2127ce3cdff4db759c088e75a8aa683b3a6fa6ccd4bf52e24adc8a8b6e5a8a9c582e849777be5cee7b3cfd7b5db819dc76e89c9954b720a2fdee5d4f436b1745bf626994994534e7691cb3f42e5f703ff9dbe53f5c34dfd988f6699f0743e1bb0427d599ce49e641a6a72b0462c5ce1f2fcb4d9248cbbf117378dd5e68bba5271df26a3336ad06b6efa3ac73019515a8c5fd7db8c5b3d812b25c12ca4c79115c4324698f70b33fd64e89791a1938dae814779d8720b4046c28c62c0ba6f449bf7dfc944828fb68a91e6347cd38eae10abdac609f87807309f50d2ea330e4a8bd49fa2aa785fced71b8b409e283ab86c453125c06dab315fb83463766d2a7be97292e102ea426ab9550c0a9e754398c9d0256266e2789b921bb93faf8032919fa014fe307413dff5dc6fe14b05e0f96a4b77fa826b4e6cec615ea7bc782d81d850b2f5942b059bcb8378cf84943a503c5c8ed9831031924047d1d7fc079136004424fcae5ee4a63b2e447325d79354d715099463c2b263b989ac7b528ac5b9c7513a39371f90fdf6aae1dce4b3b3892512398da171e90c2bfce9a5b93cdcbcefc24b97b9a7ce5c46910e6609b04771e8a12f1d1541b606f05f83f369c74dd00a6f16366a7883141e78b010be1c54addd80f60e99e731825aa0dbc964d996"; + char* truth_aos_h = "40C000000000000B00000000000000000000000000000000000032B9721EB04D75174AAAFF34EB9F942F5C0707A3C4918FF016B9107B12316E6C03EF5DDC68BA35152893EF7B9A8764D2A908F3C6CEBC23AC94290EA45455C67779B7BA49A899049613F80BEF44DC60E0AB41C63AAC0DDD50438010FF0B28D57FDC9B6EFA412555717700328C20013CD7260A1F3043CC210F2379C1B54F0ADA49668753F992A7B37457185AB28EA1DF00A28D58183D8A277148F662F5698143200B574E28AB766549401D18937E0FB491EB4D8C4A8766FCF29F57ED22EF9C212E8438D04D3AFC5D968D4AECBDC97301B520F1E2943A2689278BF0321A5FC4BF77F042646419FBC66F94CCBD915F9B518DDB9A8C2DFE1CC0C1389ADCACB0CCB227C77FF7A48E3E01EEB7C5AE88994A8193A92DC31D8B55B113D571421B8650F37F69A7F9E8258CE9F709A815FC10217FF8FC2B298265FEF52F4FC3ADC439852146673E8CD0C283EF3CC3ED7C8DBA8F256B34928D16AB56002ABC1722A7A4E18339AF96720DD0429D3E7F68F8CE1E09C749AC9A2BD54A287DEFBCC0611DB3FD84DCAF29F4FD102D65DC79C1124AA864D283E4007A770B839AE002D2DBDD910B95DAC2E9C2CD3362F1D4361C747759B59CA07E971F5B27FF6F9868CB5024F51F7843150B1C07A7E40DE76408A91B563A5DE4705C4B1A09CC644A6D9C72827F52CF34B2DCE1C12068BFAC4DD94EB0DD1D12EACC351CC969C756708DAE276B6F597F463D4727D6B6C8A406D474B456486C200A78001894A4E6D4C56815B7E7788F82D13FB6448C5AB85C028935F8FE1951BC2F20BECBBB60E6ABAB9924C479552A1CBA01B5E51152071ECF8870129ADA932BA461ABD1F718F06200B7A1FCBA5EDF89E9CE148085282E4018F677E7AE6F30D8B5550BDEE1DEC39749C59215220DA1D893CB922D85DE7B6BBCD9F3B787A78CE58FEDC6FEBCEC3F84AC2B8BA714D330F19A4E70E2BEE3587A6D98E89B67BB214007331D41053DEB5581807E6B7A9623928391C28B513C96EE6F6A0E60A7B352D207216F93A07160BC09F88B459ABDD5FC759CE58D7FBEDB1CA675A89D64B8F842070DA7C295530A562E84C7910C4502CACF5262BABA2378D1EBCF94BA77B8AFFB0C23573687CBD1135E55BCF808397A4F83599F43A40BCB0CFA1621D8A3F77A8A2D64CBA4085DE543DA737FB5C8534A39F7C86B8C82C4D70C0EC13FFB09C3A53149CF7542BABD0074651AF2D243C6380E9CE6BAC1D35F81AD9EACBCD23D20853F93E18E65E2EE64F31F486C96C027889A85C88261B9C7D2FFCE55412DDD3C6C471B2D179E9805EA76B867DA04C2AF303AD458A37702002B418168BC08F4BAC37576F37460D89E06F359F20BC4A1E598B14A60F29634465F8B167AE44C457E861DAD0983910A7B5A5AD6F2A93632DE340CDE2AEFF1DA2A9D45B40B88C4363F9074B7DE9A3A14B458C180181D9A6B732450E3A38453FFDD0325AD063129E9EDA1EF05502710E3C344619F5B21B698FD83B2E6AA397D91988997C3E48FCEF4F031128A3F1F7EDF6EB90CC04A05D70BED1D225104DE864A53DA42AD22CD400D7BBD96E0F29E59396D5FCF99A9B33BA102311C5C985618AD1779BD4EE17BCC4D39FE2675F2B7E40AB408347465625A1BC284C91FF997109DF1B0A824A0BE5656A56100FA121D3DB3BA66DE22108DEDB5AAACF308C23777DF8B3CA6B8F0E1E2ECEE33B1A3DE7C354E1D4CF561B51134B8E3F652D0EC737B10FA25382455D2CFF9A63983D9B3C5EAF1DA3CFD3ACB463AB5B0357A900220C91F4169A201FA8181B98307A281CE73760534E98F62DB627F58959279AF0FDB5DD4D2127CE3CDFF4DB759C088E75A8AA683B3A6FA6CCD4BF52E24ADC8A8B6E5A8A9C582E849777BE5CEE7B3CFD7B5DB819DC76E89C9954B720A2FDEE5D4F436B1745BF626994994534E7691CB3F42E5F703FF9DBE53F5C34DFD988F6699F0743E1BB0427D599CE49E641A6A72B0462C5CE1F2FCB4D9248CBBF117378DD5E68BBA5271DF26A3336AD06B6EFA3AC73019515A8C5FD7DB8C5B3D812B25C12CA4C79115C4324698F70B33FD64E89791A1938DAE814779D8720B4046C28C62C0BA6F449BF7DFC944828FB68A91E6347CD38EAE10ABDAC609F87807309F50D2EA330E4A8BD49FA2AA785FCED71B8B409E283AB86C453125C06DAB315FB83463766D2A7BE97292E102EA426AB9550C0A9E754398C9D0256266E2789B921BB93FAF8032919FA014FE307413DFF5DC6FE14B05E0F96A4B77FA826B4E6CEC615EA7BC782D81D850B2F5942B059BCB8378CF84943A503C5C8ED9831031924047D1D7FC079136004424FCAE5EE4A63B2E447325D79354D715099463C2B263B989AC7B528AC5B9C7513A39371F90FDF6AAE1DCE4B3B3892512398DA171E90C2BFCE9A5B93CDCBCEFC24B97B9A7CE5C46910E6609B04771E8A12F1D1541B606F05F83F369C74DD00A6F16366A7883141E78B05B531C8C2F145949C47BEC9E968C909967D2"; char* truth_aos_b = NULL; int truth_aos_len = 0; hex_conversion(truth_aos_h, &truth_aos_b, &truth_aos_len); @@ -600,12 +627,21 @@ UTEST(AOS_APPLY, AEAD_GCM_BITMASK_1) // Expose/setup SA for testing // Configure SA 14 off - sa_if->sa_get_from_spi(14, &sa_ptr); + sa_if->sa_get_from_spi(10, &sa_ptr); sa_ptr->sa_state = SA_KEYED; // Configure SA 17 on - sa_if->sa_get_from_spi(17, &sa_ptr); + sa_if->sa_get_from_spi(11, &sa_ptr); sa_ptr->sa_state = SA_OPERATIONAL; + sa_ptr->ekid = 130; + sa_ptr->ecs = CRYPTO_CIPHER_AES256_GCM; + sa_ptr->est = 1; + sa_ptr->ast = 1; + sa_ptr->abm_len = ABM_SIZE; + memset(sa_ptr->abm, 0xFF, (sa_ptr->abm_len * sizeof(uint8_t))); + sa_ptr->iv_len = 16; + sa_ptr->shivf_len = 16; + sa_ptr->stmacf_len = 16; status = Crypto_AOS_ApplySecurity((uint8_t*)test_aos_b); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); @@ -616,7 +652,7 @@ UTEST(AOS_APPLY, AEAD_GCM_BITMASK_1) // Now, byte by byte verify the static frame in memory is what we expect (updated SPI and FECF) for(int i=0; i < current_managed_parameters_struct.max_frame_size; i++) { - printf("Checking %02x against %02X\n", (uint8_t)test_aos_b[i], (uint8_t)*(truth_aos_b + i)); + //printf("Checking %02x against %02X\n", (uint8_t)test_aos_b[i], (uint8_t)*(truth_aos_b + i)); ASSERT_EQ((uint8_t)test_aos_b[i], (uint8_t)*(truth_aos_b + i)); } diff --git a/test/unit/ut_aos_process.c b/test/unit/ut_aos_process.c index f1437808..368e215a 100644 --- a/test/unit/ut_aos_process.c +++ b/test/unit/ut_aos_process.c @@ -133,13 +133,13 @@ UTEST(AOS_PROCESS, HAPPY_PATH_CLEAR_FECF) // Test frame setup // Note: SPI 14 (0x0E) - char* framed_aos_h = "42C000001800000E08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBA6AD"; + char* framed_aos_h = "42C000001800000908010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB2d41"; char* framed_aos_b = NULL; int framed_aos_len = 0; hex_conversion(framed_aos_h, &framed_aos_b, &framed_aos_len); // Truth frame setup - char* truth_aos_h = "42C000001800000008010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB0000"; + char* truth_aos_h = "42C000001800000000000000000000000000000066778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB0000"; char* truth_aos_b = NULL; int truth_aos_len = 0; hex_conversion(truth_aos_h, &truth_aos_b, &truth_aos_len); @@ -242,13 +242,13 @@ UTEST(AOS_PROCESS, INSERT_ZONE_PRESENT_PLAINTEXT) status = Crypto_Init(); // Test frame setup | 6 byte hdr | 10 byte insert zn|spi|data -----> FECF - char* framed_aos_h = "42C000000000112233445566778899AA000E112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA2AEE"; + char* framed_aos_h = "42C000000000112233445566778899AA0009112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA86E9"; char* framed_aos_b = NULL; int framed_aos_len = 0; hex_conversion(framed_aos_h, &framed_aos_b, &framed_aos_len); // Truth frame setup - char* truth_aos_h = "42C000000000112233445566778899AA0000112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA0000"; + char* truth_aos_h = "42C000000000112233445566778899AA0000000000000000000000000000DDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA0000"; char* truth_aos_b = NULL; int truth_aos_len = 0; hex_conversion(truth_aos_h, &truth_aos_b, &truth_aos_len); @@ -298,25 +298,42 @@ UTEST(AOS_PROCESS, AES_CMAC_256_TEST_0) status = Crypto_Init(); // Test frame setup - // Note: SPI 15 (0x0F) + // Note: SPI 11 (0x0B) // Setup: | hdr 6 |SPI| data | MAC | FECF - char* framed_aos_h = "42C000001800000F08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB5db19eb46f096b17bbe72c50448218d93F49"; + char* framed_aos_h = "42C000001800000B08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB5db19eb46f096b17bbe72c50448218d980A2"; char* framed_aos_b = NULL; int framed_aos_len = 0; hex_conversion(framed_aos_h, &framed_aos_b, &framed_aos_len); + sa_if->sa_get_from_spi(10, &sa_ptr); //Disable SPI 10 + sa_ptr->sa_state = SA_KEYED; + + sa_if->sa_get_from_spi(11, &sa_ptr); // Enable and setup 11 + sa_ptr->sa_state = SA_OPERATIONAL; + sa_ptr->akid = 130; + sa_ptr->ekid = 0; + sa_ptr->est = 0; + sa_ptr->ast = 1; + sa_ptr->acs_len = 1; + sa_ptr->ecs_len = 0; + sa_ptr->acs = CRYPTO_MAC_CMAC_AES256; + sa_ptr->stmacf_len = 16; + sa_ptr->abm_len = ABM_SIZE; + sa_ptr->gvcid_blk.scid = 0x44; + sa_ptr->iv_len = 0; + sa_ptr->shivf_len = 0; + memset(sa_ptr->abm, 0x00, (sa_ptr->abm_len * sizeof(uint8_t))); // Bitmask of zeros + // Truth frame setup - char* truth_aos_h = "42C000001800000008010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB000000000000000000000000000000000000"; + char* truth_aos_h = "42C000001800000000010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB000000000000000000000000000000000000"; char* truth_aos_b = NULL; int truth_aos_len = 0; hex_conversion(truth_aos_h, &truth_aos_b, &truth_aos_len); // Test Specific Setup - SaInterface sa_if = get_sa_interface_inmemory(); + //SaInterface sa_if = get_sa_interface_inmemory(); // Expose/setup SA for testing // Configure SA 15 - sa_if->sa_get_from_spi(15, &sa_ptr); - memset(sa_ptr->abm, 0x00, (sa_ptr->abm_len * sizeof(uint8_t))); // Bitmask of zeros status = Crypto_AOS_ProcessSecurity((uint8_t* )framed_aos_b, framed_aos_len, &ptr_processed_frame, &processed_aos_len); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); @@ -350,6 +367,7 @@ UTEST(AOS_PROCESS, AES_CMAC_256_TEST_1) int32_t status = CRYPTO_LIB_SUCCESS; uint8_t* ptr_processed_frame = NULL; uint16_t processed_aos_len; + SecurityAssociation_t *sa_ptr = NULL; // Configure Parameters @@ -364,15 +382,35 @@ UTEST(AOS_PROCESS, AES_CMAC_256_TEST_1) status = Crypto_Init(); // Test frame setup - // Note: SPI 15 (0x0F) + // Note: SPI 11 (0x0B) // Setup: | hdr 6 |SPI| data | MAC | FECF - char* framed_aos_h = "42C000001800000F08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBe474820f83450d81af4fe46e562b20706557"; + char* framed_aos_h = "42C000001800000B08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB53C4ADF7070DA59218F49AAE917F4DA95D4E"; char* framed_aos_b = NULL; int framed_aos_len = 0; hex_conversion(framed_aos_h, &framed_aos_b, &framed_aos_len); + sa_if->sa_get_from_spi(10, &sa_ptr); //Disable SPI 10 + sa_ptr->sa_state = SA_KEYED; + + sa_if->sa_get_from_spi(11, &sa_ptr); // Enable and setup 11 + sa_ptr->sa_state = SA_OPERATIONAL; + sa_ptr->akid = 130; + sa_ptr->ekid = 0; + sa_ptr->est = 0; + sa_ptr->ast = 1; + sa_ptr->acs_len = 1; + sa_ptr->ecs_len = 0; + sa_ptr->acs = CRYPTO_MAC_CMAC_AES256; + sa_ptr->stmacf_len = 16; + sa_ptr->abm_len = ABM_SIZE; + sa_ptr->gvcid_blk.scid = 0x44; + sa_ptr->iv_len = 0; + sa_ptr->shivf_len = 0; + sa_ptr->shsnf_len = 0; + memset(sa_ptr->abm, 0xFF, (sa_ptr->abm_len * sizeof(uint8_t))); // Bitmask of ones + // Truth frame setup - char* truth_aos_h = "42C000001800000008010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB000000000000000000000000000000000000"; + char* truth_aos_h = "42C000001800000000000000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB000000000000000000000000000000000000"; char* truth_aos_b = NULL; int truth_aos_len = 0; hex_conversion(truth_aos_h, &truth_aos_b, &truth_aos_len); @@ -422,26 +460,39 @@ UTEST(AOS_PROCESS, AES_HMAC_256_TEST_0) status = Crypto_Init(); // Test frame setup - // Note: SPI 15 (0x0F) + // Note: SPI 11 (0x0B) // Setup: | hdr 6 |SPI| data | MAC | FECF - char* framed_aos_h = "42C000001800000F08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBdcd9dacf7dfe95a6ed4c16c379cdec2854d1"; + char* framed_aos_h = "42C000001800000B08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBDCD9DACF7DFE95A6ED4C16C379CDEC28EB3A"; char* framed_aos_b = NULL; int framed_aos_len = 0; hex_conversion(framed_aos_h, &framed_aos_b, &framed_aos_len); // Truth frame setup - char* truth_aos_h = "42C000001800000008010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB000000000000000000000000000000000000"; + char* truth_aos_h = "42C000001800000000000000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB000000000000000000000000000000000000"; char* truth_aos_b = NULL; int truth_aos_len = 0; hex_conversion(truth_aos_h, &truth_aos_b, &truth_aos_len); - // Test Specific Setup SaInterface sa_if = get_sa_interface_inmemory(); - // Expose/setup SA for testing - // Configure SA 15 - sa_if->sa_get_from_spi(15, &sa_ptr); - memset(sa_ptr->abm, 0x00, (sa_ptr->abm_len * sizeof(uint8_t))); // Bitmask of zeros + sa_if->sa_get_from_spi(10, &sa_ptr); //Disable SPI 10 + sa_ptr->sa_state = SA_KEYED; + + sa_if->sa_get_from_spi(11, &sa_ptr); // Enable and setup 11 + sa_ptr->sa_state = SA_OPERATIONAL; + sa_ptr->akid = 130; + sa_ptr->ekid = 0; + sa_ptr->est = 0; + sa_ptr->ast = 1; + sa_ptr->acs_len = 1; + sa_ptr->ecs_len = 0; sa_ptr->acs = CRYPTO_MAC_HMAC_SHA256; + sa_ptr->stmacf_len = 16; + sa_ptr->abm_len = ABM_SIZE; + sa_ptr->gvcid_blk.scid = 0x44; + sa_ptr->iv_len = 0; + sa_ptr->shivf_len = 0; + sa_ptr->shsnf_len = 0; + memset(sa_ptr->abm, 0x00, (sa_ptr->abm_len * sizeof(uint8_t))); // Bitmask of zeros status = Crypto_AOS_ProcessSecurity((uint8_t* )framed_aos_b, framed_aos_len, &ptr_processed_frame, &processed_aos_len); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); @@ -489,25 +540,39 @@ UTEST(AOS_PROCESS, AES_HMAC_256_TEST_1) status = Crypto_Init(); // Test frame setup - // Note: SPI 15 (0x0F) + // Note: SPI 11 (0x0B) // Setup: | hdr 6 |SPI| data | MAC | FECF - char* framed_aos_h = "42C000001800000F08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBf4e70529315f75f5476ec32fd76fadcbd54f"; + char* framed_aos_h = "42C000001800000B08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB0D2C91E544BEBAA356488CBD210314260099"; char* framed_aos_b = NULL; int framed_aos_len = 0; hex_conversion(framed_aos_h, &framed_aos_b, &framed_aos_len); // Truth frame setup - char* truth_aos_h = "42C000001800000008010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB000000000000000000000000000000000000"; + char* truth_aos_h = "42C000001800000000000000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB000000000000000000000000000000000000"; char* truth_aos_b = NULL; int truth_aos_len = 0; hex_conversion(truth_aos_h, &truth_aos_b, &truth_aos_len); - // Test Specific Setup SaInterface sa_if = get_sa_interface_inmemory(); - // Expose/setup SA for testing - // Configure SA 15 - sa_if->sa_get_from_spi(15, &sa_ptr); + sa_if->sa_get_from_spi(10, &sa_ptr); //Disable SPI 10 + sa_ptr->sa_state = SA_KEYED; + + sa_if->sa_get_from_spi(11, &sa_ptr); // Enable and setup 11 + sa_ptr->sa_state = SA_OPERATIONAL; + sa_ptr->akid = 130; + sa_ptr->ekid = 0; + sa_ptr->est = 0; + sa_ptr->ast = 1; + sa_ptr->acs_len = 1; + sa_ptr->ecs_len = 0; sa_ptr->acs = CRYPTO_MAC_HMAC_SHA256; + sa_ptr->stmacf_len = 16; + sa_ptr->abm_len = ABM_SIZE; + sa_ptr->gvcid_blk.scid = 0x44; + sa_ptr->iv_len = 0; + sa_ptr->shivf_len = 0; + sa_ptr->shsnf_len = 0; + memset(sa_ptr->abm, 0xFF, (sa_ptr->abm_len * sizeof(uint8_t))); // Bitmask of ones status = Crypto_AOS_ProcessSecurity((uint8_t* )framed_aos_b, framed_aos_len, &ptr_processed_frame, &processed_aos_len); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); @@ -554,26 +619,39 @@ UTEST(AOS_PROCESS, AES_HMAC_512_TEST_0) status = Crypto_Init(); // Test frame setup - // Note: SPI 15 (0x0F) + // Note: SPI 11 (0x0B) // Setup: | hdr 6 |SPI| data | MAC | FECF - char* framed_aos_h = "42C000001800000F08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBbca8d66a8108d82d394440b943efd1c9839d"; + char* framed_aos_h = "42C000001800000B08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBDCD9DACF7DFE95A6ED4C16C379CDEC28EB3A"; char* framed_aos_b = NULL; int framed_aos_len = 0; hex_conversion(framed_aos_h, &framed_aos_b, &framed_aos_len); // Truth frame setup - char* truth_aos_h = "42C000001800000008010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB000000000000000000000000000000000000"; + char* truth_aos_h = "42C000001800000000000000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB000000000000000000000000000000000000"; char* truth_aos_b = NULL; int truth_aos_len = 0; hex_conversion(truth_aos_h, &truth_aos_b, &truth_aos_len); // Test Specific Setup SaInterface sa_if = get_sa_interface_inmemory(); - // Expose/setup SA for testing - // Configure SA 15 - sa_if->sa_get_from_spi(15, &sa_ptr); + sa_if->sa_get_from_spi(10, &sa_ptr); //Disable SPI 10 + sa_ptr->sa_state = SA_KEYED; + sa_if->sa_get_from_spi(11, &sa_ptr); // Enable and setup 11 + sa_ptr->sa_state = SA_OPERATIONAL; + sa_ptr->akid = 130; + sa_ptr->ekid = 0; + sa_ptr->est = 0; + sa_ptr->ast = 1; + sa_ptr->acs_len = 1; + sa_ptr->ecs_len = 0; + sa_ptr->acs = CRYPTO_MAC_HMAC_SHA256; + sa_ptr->stmacf_len = 16; + sa_ptr->abm_len = ABM_SIZE; + sa_ptr->gvcid_blk.scid = 0x44; + sa_ptr->iv_len = 0; + sa_ptr->shivf_len = 0; + sa_ptr->shsnf_len = 0; memset(sa_ptr->abm, 0x00, (sa_ptr->abm_len * sizeof(uint8_t))); // Bitmask of zeros - sa_ptr->acs = CRYPTO_MAC_HMAC_SHA512; status = Crypto_AOS_ProcessSecurity((uint8_t* )framed_aos_b, framed_aos_len, &ptr_processed_frame, &processed_aos_len); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); @@ -620,25 +698,39 @@ UTEST(AOS_PROCESS, AES_HMAC_512_TEST_1) status = Crypto_Init(); // Test frame setup - // Note: SPI 15 (0x0F) + // Note: SPI 11 (0x0B) // Setup: | hdr 6 |SPI| data | MAC | FECF - char* framed_aos_h = "42C000001800000F08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB136a814a8eb97ae7e5415475f45d90021afb"; + char* framed_aos_h = "42C000001800000B08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB0D2C91E544BEBAA356488CBD210314260099"; char* framed_aos_b = NULL; int framed_aos_len = 0; hex_conversion(framed_aos_h, &framed_aos_b, &framed_aos_len); // Truth frame setup - char* truth_aos_h = "42C000001800000008010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB000000000000000000000000000000000000"; + char* truth_aos_h = "42C000001800000000000000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB000000000000000000000000000000000000"; char* truth_aos_b = NULL; int truth_aos_len = 0; hex_conversion(truth_aos_h, &truth_aos_b, &truth_aos_len); // Test Specific Setup SaInterface sa_if = get_sa_interface_inmemory(); - // Expose/setup SA for testing - // Configure SA 15 - sa_if->sa_get_from_spi(15, &sa_ptr); - sa_ptr->acs = CRYPTO_MAC_HMAC_SHA512; + sa_if->sa_get_from_spi(10, &sa_ptr); //Disable SPI 10 + sa_ptr->sa_state = SA_KEYED; + sa_if->sa_get_from_spi(11, &sa_ptr); // Enable and setup 11 + sa_ptr->sa_state = SA_OPERATIONAL; + sa_ptr->akid = 130; + sa_ptr->ekid = 0; + sa_ptr->est = 0; + sa_ptr->ast = 1; + sa_ptr->acs_len = 1; + sa_ptr->ecs_len = 0; + sa_ptr->acs = CRYPTO_MAC_HMAC_SHA256; + sa_ptr->stmacf_len = 16; + sa_ptr->abm_len = ABM_SIZE; + sa_ptr->gvcid_blk.scid = 0x44; + sa_ptr->iv_len = 0; + sa_ptr->shivf_len = 0; + sa_ptr->shsnf_len = 0; + memset(sa_ptr->abm, 0xFF, (sa_ptr->abm_len * sizeof(uint8_t))); // Bitmask of ones status = Crypto_AOS_ProcessSecurity((uint8_t* )framed_aos_b, framed_aos_len, &ptr_processed_frame, &processed_aos_len); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); @@ -683,13 +775,13 @@ UTEST(AOS_PROCESS, AES_GCM_DEC_ONLY) SaInterface sa_if = get_sa_interface_inmemory(); // Test frame setup Header |SPI| IV | Data - char* framed_aos_h = "42C00000000000100000000000000000000000000000000010df143c92a39b3568cc9916c9d06c715bf8017168f88ef107a8016a03207f7d12fe4ccd79ab24043982fe6a8b9675c3b819e2d7dfad32bd85381fb54544d76668a6ab58b988158702e91afe55cd71f1ba50d72bbd1ccc41529101ee1a39c46ecd8a7feb503444606611239d31102dc6371b0e2152dd301e3268d0a45e1bcb58779642e883b6a26546094ba39fb0ce11b39c49092c9b366059e773e4789052311a465f39ba677458510c09826f1ea580fa5c9d5b9677ede38e46fc33fe8d303f9529c15c2bed4c879c5bfdacd86210a431e0f3852b3798369ae1230b4ed5ae66e153757508ead77e85ddac804e8a409cca8b9d3cef0dd1d0298bcdbda1dda336d66ee6b59f2f10ffa6d4bf99885b9082b83cd20c9a44a002c460530a9741e26e78b6e8f9349df8e618b904ed01306ee9ed3a389374efe43e5ed2bcd528943057762f9dc1d392fe2dd2fc6d9cab9e347a25839c07ba47113bad0633b6b5f09228be87631cc1538c2f6e79e9df0f18d658bd8b3ac45b396cfeadd1700ca2ec95cdbe38e5ec013c74cd68d0035bb975c392f5116b661a928bf113c3cacc801a84cbd3f8d3dc2273e0c5270d656648a48db16f860e4a36ee7e8979da4135e40e6952041a0d16b6f51cf67519b80a472b4cf5614d5a0b18dd755b7c8d63936e43de25a3cdf0d03179aebd5cc85fa1cc0c03fbdd240dd878d647619cbf367a7e486e572c5636c7a7d9b517c565a547597d311b69110985b5f7c5d47904a6f6699e93c02ea7559d4ba94d139824e9ef0840ad3e31afdaaa71f7baba8835d568443b0dab10a4f40043160fde9961038bcb823ab570bac0e609e17311a6b0edab4fce98f8df059194393f5109e766f6bf7e21c9a4441acff0cfd28658d48304331cb0c982da833c94cf6a7aadc8e2a696b69df49efcd7efadfd2e95bd3a9ab605c221e08b5f61f3aff2496b7c89f98a76aa305116220c50142cfa4490916f7a6b8732839280d39a402d87ff7e7b1f71b6a243c316307e82b16071ad18e99a548bacc4ed648df49c6eafca0db764b98c75a9e953161cb6d384421b473f95d6801d5413dbde4373abab3269c0fade85ab66a9beea1d32462796dac0024f44ade919286b5e92488e52b51ada1deb0730c9b2e66b9b3c75dab5194cf452cb626ea4d9425b28e6d97a9d93d5c61d1fd02eea18d2b42058de6453abac1165740be3c352d7291f8df7abd0c24e90bc8fbdadc32c31942e82f09f74f3ff75e20e597d87d136998b94d99370a8d6c3eedf44503ccc2d7d560a3c068f8914fb67a976cb15d3be212bc549b26613113a509079ad19e5abd26467e26571c98f17e248e31ad5b0f489a05b71e38725574e9a076bf55d546f970cbc1892801b6a4b4bc7e3b82723cf251dcf3bfee0cb3b8c54a51a99d5272e8165a6cf8b2b05a549d091090c8b7a623541f2b29542eecc1234bc172038f8fcb0fe14413601f2d255708e4a30a789ec92a3f7bb286c80899886d2f59edfe5e120039b2e0e6fce7fa81dd15b14c61afc0c334015cf975b42cb53bc33dc511c6aac87f1e38f48287c4ede88b8a22ab013200d4d894709bc0668ac5ff06add5c28ef3764e3a6f51ba519256574734b0ad395d80ee886018ce0a1b935b1af4747b47011eb030c2ca2ab77cf33019cfca4bbbde219d32666ce9a2db7a9e1f0f3fdff22a0b2cf6d245f0c5de470a40025a9f2e743c1fd626a01eb34293544c3dee8b72892c8a2d4fbe0cb2dec2bda572ba4a1246b811331d80e5078b310eb9090a89216b390df62671425f89e73ca736e49848368be1eca4cc5c3036df2dcee5ca648d199f64b9bb792a2b7eb7ddc5ae43f35bcd9b9a7f4b9b8d493f958666af4dff6a2dec6a4ca908cd67f98d8845a631b3ecff4c5e527a0654ae737885885425f6780da2e53f4e612ee8caf42e4d25cec899e7788e1652f0aa1536c488df58f750b7b63a1573d4df0e3eda5c8359daae006269cc4f79aab4360ce37b2227bc17a7feb2bd62108404b9d4ec6ca9d4a2c903a34d03db5d68004d5235789e61a22ec75f98680b0829cbf905668c9631a5157d39d73d1ab7e558ae6ced855939ea79b80f7256dc29fbf01bacbd718e96916218e41c3fb221f5b9ac58eb3bb694edfc60a9a518f392ba97d542034d17cba204ea92572677c3b6af86383f013fb537ba8441d1b8f645289d8c1347377f3698a830aa82ebe9123808eb105ef216502cee4cd7ef05a14f1e87b5a66eb937a5f7dfd704fb6ad693c90c941a3e4853a148ada9269de95852b412d4d9fc8920120835156c0c6ed168027115535edbf4ff5b72a3f556234c68245c604188572d3a372a898bd6a439bd4a8d6402b28260e81ece7bbf0cdf5a2a2983403289cb060f81d3aedf8b4a82dcdadfed35a86a8b6df4d57801f7718a15660f9b03e0c0450a717e14e92e278d65cc11b7e07277b6992050f69a101af3c11340d640ef7a98d89c32f485221351edc"; + char* framed_aos_h = "42C000000000000B0000000000000000000000000000000010df143c92a39b3568cc9916c9d06c715bf8017168f88ef107a8016a03207f7d12fe4ccd79ab24043982fe6a8b9675c3b819e2d7dfad32bd85381fb54544d76668a6ab58b988158702e91afe55cd71f1ba50d72bbd1ccc41529101ee1a39c46ecd8a7feb503444606611239d31102dc6371b0e2152dd301e3268d0a45e1bcb58779642e883b6a26546094ba39fb0ce11b39c49092c9b366059e773e4789052311a465f39ba677458510c09826f1ea580fa5c9d5b9677ede38e46fc33fe8d303f9529c15c2bed4c879c5bfdacd86210a431e0f3852b3798369ae1230b4ed5ae66e153757508ead77e85ddac804e8a409cca8b9d3cef0dd1d0298bcdbda1dda336d66ee6b59f2f10ffa6d4bf99885b9082b83cd20c9a44a002c460530a9741e26e78b6e8f9349df8e618b904ed01306ee9ed3a389374efe43e5ed2bcd528943057762f9dc1d392fe2dd2fc6d9cab9e347a25839c07ba47113bad0633b6b5f09228be87631cc1538c2f6e79e9df0f18d658bd8b3ac45b396cfeadd1700ca2ec95cdbe38e5ec013c74cd68d0035bb975c392f5116b661a928bf113c3cacc801a84cbd3f8d3dc2273e0c5270d656648a48db16f860e4a36ee7e8979da4135e40e6952041a0d16b6f51cf67519b80a472b4cf5614d5a0b18dd755b7c8d63936e43de25a3cdf0d03179aebd5cc85fa1cc0c03fbdd240dd878d647619cbf367a7e486e572c5636c7a7d9b517c565a547597d311b69110985b5f7c5d47904a6f6699e93c02ea7559d4ba94d139824e9ef0840ad3e31afdaaa71f7baba8835d568443b0dab10a4f40043160fde9961038bcb823ab570bac0e609e17311a6b0edab4fce98f8df059194393f5109e766f6bf7e21c9a4441acff0cfd28658d48304331cb0c982da833c94cf6a7aadc8e2a696b69df49efcd7efadfd2e95bd3a9ab605c221e08b5f61f3aff2496b7c89f98a76aa305116220c50142cfa4490916f7a6b8732839280d39a402d87ff7e7b1f71b6a243c316307e82b16071ad18e99a548bacc4ed648df49c6eafca0db764b98c75a9e953161cb6d384421b473f95d6801d5413dbde4373abab3269c0fade85ab66a9beea1d32462796dac0024f44ade919286b5e92488e52b51ada1deb0730c9b2e66b9b3c75dab5194cf452cb626ea4d9425b28e6d97a9d93d5c61d1fd02eea18d2b42058de6453abac1165740be3c352d7291f8df7abd0c24e90bc8fbdadc32c31942e82f09f74f3ff75e20e597d87d136998b94d99370a8d6c3eedf44503ccc2d7d560a3c068f8914fb67a976cb15d3be212bc549b26613113a509079ad19e5abd26467e26571c98f17e248e31ad5b0f489a05b71e38725574e9a076bf55d546f970cbc1892801b6a4b4bc7e3b82723cf251dcf3bfee0cb3b8c54a51a99d5272e8165a6cf8b2b05a549d091090c8b7a623541f2b29542eecc1234bc172038f8fcb0fe14413601f2d255708e4a30a789ec92a3f7bb286c80899886d2f59edfe5e120039b2e0e6fce7fa81dd15b14c61afc0c334015cf975b42cb53bc33dc511c6aac87f1e38f48287c4ede88b8a22ab013200d4d894709bc0668ac5ff06add5c28ef3764e3a6f51ba519256574734b0ad395d80ee886018ce0a1b935b1af4747b47011eb030c2ca2ab77cf33019cfca4bbbde219d32666ce9a2db7a9e1f0f3fdff22a0b2cf6d245f0c5de470a40025a9f2e743c1fd626a01eb34293544c3dee8b72892c8a2d4fbe0cb2dec2bda572ba4a1246b811331d80e5078b310eb9090a89216b390df62671425f89e73ca736e49848368be1eca4cc5c3036df2dcee5ca648d199f64b9bb792a2b7eb7ddc5ae43f35bcd9b9a7f4b9b8d493f958666af4dff6a2dec6a4ca908cd67f98d8845a631b3ecff4c5e527a0654ae737885885425f6780da2e53f4e612ee8caf42e4d25cec899e7788e1652f0aa1536c488df58f750b7b63a1573d4df0e3eda5c8359daae006269cc4f79aab4360ce37b2227bc17a7feb2bd62108404b9d4ec6ca9d4a2c903a34d03db5d68004d5235789e61a22ec75f98680b0829cbf905668c9631a5157d39d73d1ab7e558ae6ced855939ea79b80f7256dc29fbf01bacbd718e96916218e41c3fb221f5b9ac58eb3bb694edfc60a9a518f392ba97d542034d17cba204ea92572677c3b6af86383f013fb537ba8441d1b8f645289d8c1347377f3698a830aa82ebe9123808eb105ef216502cee4cd7ef05a14f1e87b5a66eb937a5f7dfd704fb6ad693c90c941a3e4853a148ada9269de95852b412d4d9fc8920120835156c0c6ed168027115535edbf4ff5b72a3f556234c68245c604188572d3a372a898bd6a439bd4a8d6402b28260e81ece7bbf0cdf5a2a2983403289cb060f81d3aedf8b4a82dcdadfed35a86a8b6df4d57801f7718a15660f9b03e0c0450a717e14e92e278d65cc11b7e07277b6992050f69a101af3c11340d640ef7a98d89c32f485221351edc"; char* framed_aos_b = NULL; int framed_aos_len = 0; hex_conversion(framed_aos_h, &framed_aos_b, &framed_aos_len); // Truth frame setup - char* truth_aos_h = "42C000000000000000000000000000000000000000000000112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA0000"; + char* truth_aos_h = "42C00000000000000000000000000000000000000000000000974F555545E8114714352C43BCAB3B62E961FEE145A672C3B292FFAE9A4563F5B359B8E199115C12A3A1DC24D78BB36CE3D2922E3C9567AF7D87DA9B58A13B64B5BEDE209DDEE5722C2FBC6E96346150A270BF3C12A6957E57ED061A65DB0B4F8307548270670D2C9CC70BC9772E62F39CC41B8BFEC800D1AAE21935136BCAF6F6FD4C6536917F484A065594ACC4A9F68AC02628FAB4B06B11F5785BEBA3091B326CFC348BDCD519ADAEB41358677850C5B168C75806D4D5218708F974A2C2D2403110B6AB129D7FE0D69B6865D59A3E170AA7EB4A0B1385AC35F644F901FFBD5CB821D384B65F7442A3AF9AA8824A7C73E46AB9E66B533C39D9F2988457E6E7D50B5DB046035DF52D9BD81D03646DAD98350EBE73E6D5ADC72C35B629D90B46EFD849C0B3451F627DF0FFA7D00A9B24EDC346CBE73814D3DF35F53EA294A42B03CBB1AB76E71EFE6575F58AA027C30E1BB7C4CB828149D85C1615F59B482FFB2F83CEE16E9F2F43B8D71A597C4444A3B901FD39E7D5B541B58EC8AD14BFC02DDD8DD83B451A962E8733012F108E5E34639D072B2DB99367234AE98A18C0413316900B80EB0C15B4AD0DDA725D07560DE690252D2AC31A5391FF565F16CBA7D31DCBE4AE14E90B2D8D18BCE4F6377D1E7A5FB14D98F726582AEAAC9777F70A4AF0C2956D8B032DC97BD36524F8F6872E6EA6A8C3BADEE8717F4FDF471E32C2B170DEEED4FE807A551353853676D5E68C4686FE1D87294EC27F05F5C42391CA6ED51A4D65AB3F940F32BBA4D7BBADC0A8233557218832F76C22CC660542F49F3428D3440BB8E251BF32B9BA1EB6CEE36F45F5310C6A1D3EA1488B438A5960489BDF8A2B74EC3F1A29F030ABB17FE5B6299EEE10C63302E46ABB087660B065A53A21C51EBDDB43EEE219C60057FE5C853FDE54EB2C8A5DDF195F50BDD1DA749C6D6EC01FF589C6A97F0E77FDAD73B16CB4592199936D6FECEE356A88C4E2ABEBA487CF8FEC48B31EA8656BE4E9F45FA5D14CC5125577E235378B090731D4CBDD623D9481D334D3483322547C8A148B20D75DF232D996FE552473FD419B7908E2D93158911D2B5BBEBAA8AB58D4B7E32C0247C9A79027FF0BEA60E7E2C2F739F118C423D30BA8F1DA0AE8EB259DE8985D2713986EBBB780C510C766DCCBB0A6B1E8D806C029B6978A1B358429410C6AA3256CB5805F0B077025C89239D62331324EBC6288BE3DBC8F1C14E097B0D7641FEE519AB693406616B68D956E47BDD78B5F4DE011839E87320D776EE92E29617326919131F0B450C810BEF3FBC7B24F3294DD12CB293C66BE0CD9F81C62F863642811682A8464FE959D63689A0E0141B4E3865D4457E7B76F9BEFE8EDE58FAE6B6E138C165A5F491C3D3344C1DD652A61B3AF5B4F608E60C73368B6559E5E5D0BD130AFF07F77CFD72B0F54140A03E0739C665EE3D73CE54AB3BEE154B401320A9D2360C179634A6F5E44F08A873B673949232B613F12FFF97236A96A24ECC977392EE26EFC9A2F8736048EA10F48F211C846543E36D9D52D5AEEEE9C87803B923570C7AE89C827AAB260147D2F5DE616042740322DFC37CD05A0CA48ADDA09B1AFCC6BB1291DD69B531DC7EEA9CEB2B7B516851E1EA55074548DE1F02D109A6B7DABEF210DB1F77178D239E73D748296E1D6A4FFDAC5C6F265E0BEBE2FF70E86808B6B8DBF66E133A2B99FFC7729AB3409E195A91D22D00A771340A29B529671DFD648E27D3422D92CF66D2BAF512CAB215DD4381FB36F4497DB7DE865EB469B26B8E24F224C73E30605AC6E3A05A0FC86E213CFE0E00D9B440916209305218ADB134AF7C8247E2B761D8FFA7ED9C1B052FE8470F5E60892E07CAFC3BCF61D67CCC5F737044EDA410283FBB2838CA2B4F6FFF19F4DBC4B5D20CCFCEDA7CBDB0245B42402B1BCCC95B97015BF06BB1451BC76B9EAD99CA21BC3EC702C314DCE2083F8F2E050F2BD0DB950C8553E00E662D70AD86855A79A0D3FA973EF00820084606A326EF92C2B48DF8486FEA8ECF63339A9AA2570372AE6CC4D92897CF5D081B8CF2B9A923AF3D5D31FB371CE63E82E5E3937ABF1E65AAB0A5CE9A613726510267E87296117C42DD03356364ED20EF5463C73393C1902A7C92A3883F1F726F43C5C6D4EA5360B4E7E4CD83CEE27BF13D2D4CEC198F9C755CA7FB6C0864737D128FE50A7ECE5B02C01C8E09EE6C455B89C7D447DEF0C6D0CE9607DD9458DC1CB3BE8DB613D70A392A6323639251AB6DA3A5431477EEE0BC3BF82EB3C3083482FADEFDC2B6EA5713BB8722CD5EC36FC1C7097F150FE1CD6E4404E633E23C9525CA165B649318D8D4AF0387256EAE754C45245B2B3C6DC21879D4E27466057FEED7552383C07CE7C4EDAD9310E0F12C62E75788DDEEFE70D1E8AE8EFCFECE71C3AB0BEDC048D9FAC161E071B02E7C39879FEA64EEBB825F75E936C93AE48881846000000000000000000000000000000000000"; char* truth_aos_b = NULL; int truth_aos_len = 0; hex_conversion(truth_aos_h, &truth_aos_b, &truth_aos_len); @@ -706,21 +798,36 @@ UTEST(AOS_PROCESS, AES_GCM_DEC_ONLY) // Expose/setup SAs for testing SecurityAssociation_t ta; SecurityAssociation_t* test_association = &ta; - // Deactivate SA 1 - sa_if->sa_get_from_spi(1, &test_association); - test_association->sa_state = SA_NONE; - // Activate SA 9 - sa_if->sa_get_from_spi(9, &test_association); - test_association->arsn_len = 0; - test_association->abm_len = 1786; - memset(test_association->abm, 0xFF, (test_association->abm_len * sizeof(uint8_t))); // Bitmask + + sa_if->sa_get_from_spi(10, &test_association); //Disable SPI 10 + test_association->sa_state = SA_KEYED; + sa_if->sa_get_from_spi(11, &test_association); // Enable and setup 11 test_association->sa_state = SA_OPERATIONAL; + test_association->akid = 0; + test_association->ekid = 136; + test_association->est = 1; + test_association->ast = 0; + test_association->acs_len = 1; test_association->ecs_len = 1; test_association->ecs = CRYPTO_CIPHER_AES256_GCM; - test_association->acs_len = 1; test_association->acs = CRYPTO_MAC_NONE; + test_association->stmacf_len = 16; + test_association->abm_len = 1786; + test_association->arsn_len = 0; + test_association->gvcid_blk.scid = SCID & 0x3FF; test_association->iv_len = 16; test_association->shivf_len = 16; + test_association->shsnf_len = 0; + memset(test_association->abm, 0xFF, (test_association->abm_len * sizeof(uint8_t))); // Bitmask of ones + + + + + + + + + // Set a more obvious IV for test purposes char * iv_h = "DEADBEEFDEADBEEFDEADBEEFDEADBEEE"; @@ -777,6 +884,7 @@ UTEST(AOS_PROCESS, AEAD_GCM_BITMASK_1) int32_t status = CRYPTO_LIB_SUCCESS; uint8_t* ptr_processed_frame = NULL; uint16_t processed_aos_len; + SecurityAssociation_t *sa_ptr = NULL; // Configure Parameters Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, @@ -792,17 +900,38 @@ UTEST(AOS_PROCESS, AEAD_GCM_BITMASK_1) // Test frame setup // Note: SPI 17 (0x0011) // Setup: | hdr 6 |SPI| IV | data | MAC | FECF - char* framed_aos_h = "42C00000000000110000000000000000000000000000000010df143c92a39b3568cc9916c9d06c715bf8017168f88ef107a8016a03207f7d12fe4ccd79ab24043982fe6a8b9675c3b819e2d7dfad32bd85381fb54544d76668a6ab58b988158702e91afe55cd71f1ba50d72bbd1ccc41529101ee1a39c46ecd8a7feb503444606611239d31102dc6371b0e2152dd301e3268d0a45e1bcb58779642e883b6a26546094ba39fb0ce11b39c49092c9b366059e773e4789052311a465f39ba677458510c09826f1ea580fa5c9d5b9677ede38e46fc33fe8d303f9529c15c2bed4c879c5bfdacd86210a431e0f3852b3798369ae1230b4ed5ae66e153757508ead77e85ddac804e8a409cca8b9d3cef0dd1d0298bcdbda1dda336d66ee6b59f2f10ffa6d4bf99885b9082b83cd20c9a44a002c460530a9741e26e78b6e8f9349df8e618b904ed01306ee9ed3a389374efe43e5ed2bcd528943057762f9dc1d392fe2dd2fc6d9cab9e347a25839c07ba47113bad0633b6b5f09228be87631cc1538c2f6e79e9df0f18d658bd8b3ac45b396cfeadd1700ca2ec95cdbe38e5ec013c74cd68d0035bb975c392f5116b661a928bf113c3cacc801a84cbd3f8d3dc2273e0c5270d656648a48db16f860e4a36ee7e8979da4135e40e6952041a0d16b6f51cf67519b80a472b4cf5614d5a0b18dd755b7c8d63936e43de25a3cdf0d03179aebd5cc85fa1cc0c03fbdd240dd878d647619cbf367a7e486e572c5636c7a7d9b517c565a547597d311b69110985b5f7c5d47904a6f6699e93c02ea7559d4ba94d139824e9ef0840ad3e31afdaaa71f7baba8835d568443b0dab10a4f40043160fde9961038bcb823ab570bac0e609e17311a6b0edab4fce98f8df059194393f5109e766f6bf7e21c9a4441acff0cfd28658d48304331cb0c982da833c94cf6a7aadc8e2a696b69df49efcd7efadfd2e95bd3a9ab605c221e08b5f61f3aff2496b7c89f98a76aa305116220c50142cfa4490916f7a6b8732839280d39a402d87ff7e7b1f71b6a243c316307e82b16071ad18e99a548bacc4ed648df49c6eafca0db764b98c75a9e953161cb6d384421b473f95d6801d5413dbde4373abab3269c0fade85ab66a9beea1d32462796dac0024f44ade919286b5e92488e52b51ada1deb0730c9b2e66b9b3c75dab5194cf452cb626ea4d9425b28e6d97a9d93d5c61d1fd02eea18d2b42058de6453abac1165740be3c352d7291f8df7abd0c24e90bc8fbdadc32c31942e82f09f74f3ff75e20e597d87d136998b94d99370a8d6c3eedf44503ccc2d7d560a3c068f8914fb67a976cb15d3be212bc549b26613113a509079ad19e5abd26467e26571c98f17e248e31ad5b0f489a05b71e38725574e9a076bf55d546f970cbc1892801b6a4b4bc7e3b82723cf251dcf3bfee0cb3b8c54a51a99d5272e8165a6cf8b2b05a549d091090c8b7a623541f2b29542eecc1234bc172038f8fcb0fe14413601f2d255708e4a30a789ec92a3f7bb286c80899886d2f59edfe5e120039b2e0e6fce7fa81dd15b14c61afc0c334015cf975b42cb53bc33dc511c6aac87f1e38f48287c4ede88b8a22ab013200d4d894709bc0668ac5ff06add5c28ef3764e3a6f51ba519256574734b0ad395d80ee886018ce0a1b935b1af4747b47011eb030c2ca2ab77cf33019cfca4bbbde219d32666ce9a2db7a9e1f0f3fdff22a0b2cf6d245f0c5de470a40025a9f2e743c1fd626a01eb34293544c3dee8b72892c8a2d4fbe0cb2dec2bda572ba4a1246b811331d80e5078b310eb9090a89216b390df62671425f89e73ca736e49848368be1eca4cc5c3036df2dcee5ca648d199f64b9bb792a2b7eb7ddc5ae43f35bcd9b9a7f4b9b8d493f958666af4dff6a2dec6a4ca908cd67f98d8845a631b3ecff4c5e527a0654ae737885885425f6780da2e53f4e612ee8caf42e4d25cec899e7788e1652f0aa1536c488df58f750b7b63a1573d4df0e3eda5c8359daae006269cc4f79aab4360ce37b2227bc17a7feb2bd62108404b9d4ec6ca9d4a2c903a34d03db5d68004d5235789e61a22ec75f98680b0829cbf905668c9631a5157d39d73d1ab7e558ae6ced855939ea79b80f7256dc29fbf01bacbd718e96916218e41c3fb221f5b9ac58eb3bb694edfc60a9a518f392ba97d542034d17cba204ea92572677c3b6af86383f013fb537ba8441d1b8f645289d8c1347377f3698a830aa82ebe9123808eb105ef216502cee4cd7ef05a14f1e87b5a66eb937a5f7dfd704fb6ad693c90c941a3e4853a148ada9269de95852b412d4d9fc8920120835156c0c6ed168027115535edbf4ff5b72a3f556234c68245c604188572d3a372a898bd6a439bd4a8d6402b28260e81ece7bbf0cdf5a2a2983403289cb060f81d3aedf8b4a82dcdadfed35a86a8b6df4d57801f7718a15660f9b03e0c0450a717e14e92e278d65cc11b7e07277b6992050f69a101af48caf5a6921559a2384174c025a048749ecd"; + char* framed_aos_h = "42C000000000000B0000000000000000000000000000000010df143c92a39b3568cc9916c9d06c715bf8017168f88ef107a8016a03207f7d12fe4ccd79ab24043982fe6a8b9675c3b819e2d7dfad32bd85381fb54544d76668a6ab58b988158702e91afe55cd71f1ba50d72bbd1ccc41529101ee1a39c46ecd8a7feb503444606611239d31102dc6371b0e2152dd301e3268d0a45e1bcb58779642e883b6a26546094ba39fb0ce11b39c49092c9b366059e773e4789052311a465f39ba677458510c09826f1ea580fa5c9d5b9677ede38e46fc33fe8d303f9529c15c2bed4c879c5bfdacd86210a431e0f3852b3798369ae1230b4ed5ae66e153757508ead77e85ddac804e8a409cca8b9d3cef0dd1d0298bcdbda1dda336d66ee6b59f2f10ffa6d4bf99885b9082b83cd20c9a44a002c460530a9741e26e78b6e8f9349df8e618b904ed01306ee9ed3a389374efe43e5ed2bcd528943057762f9dc1d392fe2dd2fc6d9cab9e347a25839c07ba47113bad0633b6b5f09228be87631cc1538c2f6e79e9df0f18d658bd8b3ac45b396cfeadd1700ca2ec95cdbe38e5ec013c74cd68d0035bb975c392f5116b661a928bf113c3cacc801a84cbd3f8d3dc2273e0c5270d656648a48db16f860e4a36ee7e8979da4135e40e6952041a0d16b6f51cf67519b80a472b4cf5614d5a0b18dd755b7c8d63936e43de25a3cdf0d03179aebd5cc85fa1cc0c03fbdd240dd878d647619cbf367a7e486e572c5636c7a7d9b517c565a547597d311b69110985b5f7c5d47904a6f6699e93c02ea7559d4ba94d139824e9ef0840ad3e31afdaaa71f7baba8835d568443b0dab10a4f40043160fde9961038bcb823ab570bac0e609e17311a6b0edab4fce98f8df059194393f5109e766f6bf7e21c9a4441acff0cfd28658d48304331cb0c982da833c94cf6a7aadc8e2a696b69df49efcd7efadfd2e95bd3a9ab605c221e08b5f61f3aff2496b7c89f98a76aa305116220c50142cfa4490916f7a6b8732839280d39a402d87ff7e7b1f71b6a243c316307e82b16071ad18e99a548bacc4ed648df49c6eafca0db764b98c75a9e953161cb6d384421b473f95d6801d5413dbde4373abab3269c0fade85ab66a9beea1d32462796dac0024f44ade919286b5e92488e52b51ada1deb0730c9b2e66b9b3c75dab5194cf452cb626ea4d9425b28e6d97a9d93d5c61d1fd02eea18d2b42058de6453abac1165740be3c352d7291f8df7abd0c24e90bc8fbdadc32c31942e82f09f74f3ff75e20e597d87d136998b94d99370a8d6c3eedf44503ccc2d7d560a3c068f8914fb67a976cb15d3be212bc549b26613113a509079ad19e5abd26467e26571c98f17e248e31ad5b0f489a05b71e38725574e9a076bf55d546f970cbc1892801b6a4b4bc7e3b82723cf251dcf3bfee0cb3b8c54a51a99d5272e8165a6cf8b2b05a549d091090c8b7a623541f2b29542eecc1234bc172038f8fcb0fe14413601f2d255708e4a30a789ec92a3f7bb286c80899886d2f59edfe5e120039b2e0e6fce7fa81dd15b14c61afc0c334015cf975b42cb53bc33dc511c6aac87f1e38f48287c4ede88b8a22ab013200d4d894709bc0668ac5ff06add5c28ef3764e3a6f51ba519256574734b0ad395d80ee886018ce0a1b935b1af4747b47011eb030c2ca2ab77cf33019cfca4bbbde219d32666ce9a2db7a9e1f0f3fdff22a0b2cf6d245f0c5de470a40025a9f2e743c1fd626a01eb34293544c3dee8b72892c8a2d4fbe0cb2dec2bda572ba4a1246b811331d80e5078b310eb9090a89216b390df62671425f89e73ca736e49848368be1eca4cc5c3036df2dcee5ca648d199f64b9bb792a2b7eb7ddc5ae43f35bcd9b9a7f4b9b8d493f958666af4dff6a2dec6a4ca908cd67f98d8845a631b3ecff4c5e527a0654ae737885885425f6780da2e53f4e612ee8caf42e4d25cec899e7788e1652f0aa1536c488df58f750b7b63a1573d4df0e3eda5c8359daae006269cc4f79aab4360ce37b2227bc17a7feb2bd62108404b9d4ec6ca9d4a2c903a34d03db5d68004d5235789e61a22ec75f98680b0829cbf905668c9631a5157d39d73d1ab7e558ae6ced855939ea79b80f7256dc29fbf01bacbd718e96916218e41c3fb221f5b9ac58eb3bb694edfc60a9a518f392ba97d542034d17cba204ea92572677c3b6af86383f013fb537ba8441d1b8f645289d8c1347377f3698a830aa82ebe9123808eb105ef216502cee4cd7ef05a14f1e87b5a66eb937a5f7dfd704fb6ad693c90c941a3e4853a148ada9269de95852b412d4d9fc8920120835156c0c6ed168027115535edbf4ff5b72a3f556234c68245c604188572d3a372a898bd6a439bd4a8d6402b28260e81ece7bbf0cdf5a2a2983403289cb060f81d3aedf8b4a82dcdadfed35a86a8b6df4d57801f7718a15660f9b03e0c0450a717e14e92e278d65cc11b7e07277b6992050f69a101af8A2A043A6420DEC5FF4F7B14B80E26374173"; char* framed_aos_b = NULL; int framed_aos_len = 0; hex_conversion(framed_aos_h, &framed_aos_b, &framed_aos_len); // Truth frame setup - char* truth_aos_h = "42C000000000000000000000000000000000000000000000112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA000000000000000000000000000000000000"; + char* truth_aos_h = "42C000000000000000000000000000000000000000000000000015C1B5DB5CF084716870EB0A784FC8285D766989E0DB22E3BD68B9E0C7F7D629E5998ECCE605A62C7C42CE5645FF7670E16486D056BA0C2F2127E15B2988046A7854A97A17A5ACC4A3BDF4999F96700BD6D1D19DCAF7257AE8D5A07D65FDB24E09CB9475AFFE99DBFE26A927A77CA1778290E756D969B9DC596635152EE907648ED47AF49A795FC6B6006FB9EA0BC627413FDE38A151D42D91A9B0DE910BF3DDFED55EF475959EFEE324DD367134E476DCADB086C03ED80FC9DFB91475181EBCEFDF511BDCC06B76DA5D9E64736C9AEE79CF631808ABB97D0240D6745B19F49F2F8CC635643EE90992F759A0B5BC31BDEC1DC99B857743F15F9CD7CAB941CEF28B71C230347A0D81A2E78C68A3739314D19AF3E281ECDFC82CC07FE1CE8521722BE567CE77D15BF5A7FEBE77D47338796E03F7D62B7B014659AD2FEBA369FDD25044F5F99615977B04CA7DA8244EAA53022E9DEA10D60797251A3DEC9C729705663119E5F6D659FC3C0C5D6D62EAD0793CE5DA578C6D7A856677694A8C8B905FE07E5F7ACE5BA7B7D0210184C14D8D2925DDCA5E2AC9239862A5F17CBF7BEC99BB8E4A05791C7C62F9C196687EBF599DDA66830EF3CDBCF983451E9136F6D6E2B2A6004911A9D24576B9448BB074961280ECF97CD62CB27CA4B4B67A0BCCC642E8B77A03246E49DFB8C32807745D65756B56CEA4841D6074116FF398ABB5F9ABA13B2AB4A964CBD8DB884790D3CCE3A0DB3E07D8CB89077A645874C241F406CDC090A59EBD106E9DCA615A051ED4273B50AF10F770E78925E6F72AF9F23AA6A55F0E0CBCF7622D15214073A34A9DF1A50BF672ADC15A6E0BF0B119CF6C9CFC57F53B1301D39C0DC5AA7333340C2F36143040BB88F220E9716B1AA3296E98A8AB5DBD48540E6D09E5D5DEABA1F9A9B3E3A8D0A929D339148D3735CF8E990004401764BA4C229F592FB8259BEC408CC8B0C9B2C744D3C06E5550AE46F3BF0AB8EBA1390C6D69533FCBB103685FDAFF48C20965596A76C3FF2806BB43E5FA0ADB3AAA30880E19D7D2A453669E364155F40A74982A35BE8E6943AE616FA434672307537222684939A5D5CE49B972F80963F1AE7A46FC6325FD48161E7AD8CD53ADB6A191F3C5BC9BA17175289473C6FD554C7B694247A5958B0F7D1D5D28D1174A36FF43F3FF7373769B819C8306494645963665441072CFD53D731BAFD1730E538C9CC325F849B5BA88C52B4912A4BC65B73FC6302CA6D100D965060AE206A7E9AD12911DC183B61125C336AA1BC0DDD1A6082520D8C8F8AAC8D8B210582E4ED9DD940BCC83FA009297DBE2099D741F3DA828064574D6F5BAF88D009A93EF786A124D6C6BC176E34A588D0B8969D881AF84232351FA9A2613D57F3153AC69409D9B609F60EDD483F5967414400CF08D11875F2435E6CE72623739DC52E5986D48CD4BD135564304983694727FE2B90E0488FB6E680D197181145613F0B1F4CFA3756C025EB2B4E0C8E691D1856F5911963FFA6AABCCD9D3FD6F26A481BC74E69D25393E6E3AAADDDBCAD96A801A56F7DFD4100D8FCC196CDD8029B8823AA5C73FA03B51B47E119DE79F969C4E19A4216F68AD17EBA83BD6EABC84D32335B0318B2252A05A87E23EB3304D42489D1E31A94D94043C7FDFEE75054692FCB3E20E8A950E424749962EEDF3A9A7B775E43AD475509893A85387FBDA3A036CE40A8C05092CC93A9F79ABD65C2181D26A9E4A8BB6E29E8B679CAC8DD64A59312A710FC31A709533DC58C2E32AC092B9149A2CD75803DCF9460021EFAA1F9051605797CDDEE9A5346C155B0AB63BE2AFDD6A8D69C747A3AE8FF2608C8D83CF6A2957AFC5E7A5E6D68196612498291FB9D793CEC1A68FECFD59F50DA7285CEBE67E71A0AA48FEE85128C6C5D4A7A1709E75060432700E4CB334FA64F03A03946ED845BC2D4775C535F376B15A17B92A3FA4D3708F36A16715B7FD8F2BFF24D7176C2148D0F4E7737027ECD6AE6358AB053BEF97B174DAE966AFE02EE02A0A70AD0E51A3DE418E78EE8D39000A397F5CECBF48D38DA89797B7434335B07989E739601BE66305455E08EE8531F0618FAF9CC61E305C58C634BE60D67985DB44E223CAF6105A4EC22F25BECD9F615F0D226EF6E0BFD30E2BFC46F7DB5BF3C1E75E32C160E8B5F6AD69B2D1283AB0EA3B51841FE438C4775620F34609E93BB4C2403B819FBC0437AA078A21E58E3189104CB830868E5F01472009B70A5F2A66BC08B6187D48643B425F6AC01E8C653B0B64A319F756E0147FACB7183EA7721839DB6E3B2B876BC78A3BC98E032019E0437533D5E6CB1F1C38EEFA743AC0ED7B1AA151BF49544A3D88A85357D3A79D0D59CCECBDCDAFD4FD813C20B6243247E2C6684B68E2FA22CF3B99C50EEE588BDD402276E24CAD6DE47A056B6D0790E709FCECE2D917408F8EACED04B6E2D6F543D737D704D3A4000000000000000000000000000000000000"; char* truth_aos_b = NULL; int truth_aos_len = 0; hex_conversion(truth_aos_h, &truth_aos_b, &truth_aos_len); + SaInterface sa_if = get_sa_interface_inmemory(); + sa_if->sa_get_from_spi(10, &sa_ptr); //Disable SPI 10 + sa_ptr->sa_state = SA_KEYED; + sa_if->sa_get_from_spi(11, &sa_ptr); // Enable and setup 11 + sa_ptr->sa_state = SA_OPERATIONAL; + sa_ptr->akid = 0; + sa_ptr->ekid = 130; + sa_ptr->est = 1; + sa_ptr->ast = 1; + sa_ptr->acs_len = 0; + sa_ptr->ecs_len = 1; + sa_ptr->ecs = CRYPTO_CIPHER_AES256_GCM; + sa_ptr->stmacf_len = 16; + sa_ptr->abm_len = ABM_SIZE; + sa_ptr->gvcid_blk.scid = 44; + sa_ptr->iv_len = 16; + sa_ptr->shivf_len = 16; + sa_ptr->shsnf_len = 0; + sa_ptr->shplf_len = 0; + memset(sa_ptr->abm, 0xFF, (sa_ptr->abm_len * sizeof(uint8_t))); // Bitmask of ones + status = Crypto_AOS_ProcessSecurity((uint8_t* )framed_aos_b, framed_aos_len, &ptr_processed_frame, &processed_aos_len); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); // Determine managed parameters by GVCID, which nominally happens in TO diff --git a/test/unit/ut_crypto.c b/test/unit/ut_crypto.c index 59214e54..823b2dbb 100644 --- a/test/unit/ut_crypto.c +++ b/test/unit/ut_crypto.c @@ -247,9 +247,11 @@ UTEST(CRYPTO_C, PDU_SWITCH) status = Crypto_PDU(ingest, &tc_frame); ASSERT_EQ(status, CRYPTO_LIB_SUCCESS); - sdls_frame.pdu.pid = 7; - status = Crypto_PDU(ingest, &tc_frame); - ASSERT_EQ(status, CRYPTO_LIB_SUCCESS); +// TODO: (RB) Disabled for now. Key Inventory needs to be re-worked. - Not currently using EP + + // sdls_frame.pdu.pid = 7; + // status = Crypto_PDU(ingest, &tc_frame); + // ASSERT_EQ(status, CRYPTO_LIB_SUCCESS); sdls_frame.pdu.pid = 8; status = Crypto_PDU(ingest, &tc_frame); diff --git a/test/unit/ut_sa_save.c b/test/unit/ut_sa_save.c index 8606f918..18b4ad07 100644 --- a/test/unit/ut_sa_save.c +++ b/test/unit/ut_sa_save.c @@ -44,17 +44,17 @@ UTEST(SA_SAVE, VERIFY_INTERNAL) sa_if->sa_get_from_spi(4, &test_association); ASSERT_EQ(test_association->spi, 4); - ASSERT_EQ(test_association->ekid, 130); + ASSERT_EQ(test_association->ekid, 4); ASSERT_EQ(test_association->akid, 4); int str_cmp_output = 0; str_cmp_output = strcmp(test_association->ek_ref, ""); ASSERT_EQ(0, str_cmp_output); str_cmp_output = strcmp(test_association->ak_ref, ""); ASSERT_EQ(0, str_cmp_output); - ASSERT_EQ(test_association->sa_state, SA_OPERATIONAL); + ASSERT_EQ(test_association->sa_state, SA_KEYED); ASSERT_EQ(test_association->gvcid_blk.tfvn, 0); ASSERT_EQ(test_association->gvcid_blk.scid, (SCID & 0x3FF)); - ASSERT_EQ(test_association->gvcid_blk.vcid, 4); + ASSERT_EQ(test_association->gvcid_blk.vcid, 0); ASSERT_EQ(test_association->gvcid_blk.mapid, TYPE_TC); ASSERT_EQ(test_association->est, 1); ASSERT_EQ(test_association->ast, 1); @@ -77,7 +77,7 @@ UTEST(SA_SAVE, VERIFY_INTERNAL) ASSERT_EQ(test_association->abm[i], 0x00); } //sa[location].abm[0] = sa_ptr->abm; - ASSERT_EQ(test_association->arsn_len, 0); + ASSERT_EQ(test_association->arsn_len, 11); for(int i = 0; iarsn_len; i++) { ASSERT_EQ(test_association->arsn[i], 0); @@ -171,7 +171,7 @@ UTEST(SA_SAVE, VERIFY_DEFAULT_PASS_1_SAVE) sa_if->sa_get_from_spi(4, &test_association); ASSERT_EQ(test_association->spi, 4); - ASSERT_EQ(test_association->ekid, 130); + ASSERT_EQ(test_association->ekid, 4); ASSERT_EQ(test_association->akid, 4); int str_cmp_output = 0; str_cmp_output = strcmp(test_association->ek_ref, "TEST_EK_REF"); @@ -313,7 +313,7 @@ UTEST(SA_SAVE, VERIFY_SAVE_PASS_1_SAVE) sa_if->sa_get_from_spi(4, &test_association); ASSERT_EQ(test_association->spi, 4); - ASSERT_EQ(test_association->ekid, 130); + ASSERT_EQ(test_association->ekid, 4); ASSERT_EQ(test_association->akid, 4); int str_cmp_output = 0; str_cmp_output = strcmp(test_association->ek_ref, ""); @@ -451,7 +451,7 @@ UTEST(SA_SAVE, VERIFY_SAVE_PASS_2_SAVE) sa_if->sa_get_from_spi(4, &test_association); ASSERT_EQ(test_association->spi, 4); - ASSERT_EQ(test_association->ekid, 130); + ASSERT_EQ(test_association->ekid, 4); ASSERT_EQ(test_association->akid, 4); //test_association->ek_ref = sa_ptr->ek_ref; //test_association->ak_ref = sa_ptr->ak_ref; @@ -511,7 +511,7 @@ UTEST(SA_SAVE, VERIFY_SAVE_ADJACENT) // VERIFY SA 4 sa_if->sa_get_from_spi(4, &test_association); ASSERT_EQ(test_association->spi, 4); - ASSERT_EQ(test_association->ekid, 130); + ASSERT_EQ(test_association->ekid, 4); ASSERT_EQ(test_association->akid, 4); //test_association->ek_ref = sa_ptr->ek_ref; //test_association->ak_ref = sa_ptr->ak_ref; @@ -563,23 +563,23 @@ UTEST(SA_SAVE, VERIFY_SAVE_ADJACENT) // VERIFY SA 3 sa_if->sa_get_from_spi(3, &test_association); ASSERT_EQ(test_association->spi, 3); - ASSERT_EQ(test_association->ekid, 129); + ASSERT_EQ(test_association->ekid, 3); ASSERT_EQ(test_association->akid, 3); //test_association->ek_ref = sa_ptr->ek_ref; //test_association->ak_ref = sa_ptr->ak_ref; ASSERT_EQ(test_association->sa_state, SA_KEYED); ASSERT_EQ(test_association->gvcid_blk.tfvn, 0); - ASSERT_EQ(test_association->gvcid_blk.scid, 0); + ASSERT_EQ(test_association->gvcid_blk.scid, 3); ASSERT_EQ(test_association->gvcid_blk.vcid, 0); ASSERT_EQ(test_association->gvcid_blk.mapid, TYPE_TC); - ASSERT_EQ(test_association->est, 1); + ASSERT_EQ(test_association->est, 0); ASSERT_EQ(test_association->ast, 1); ASSERT_EQ(test_association->shivf_len, 12); - ASSERT_EQ(test_association->shsnf_len, 0); + ASSERT_EQ(test_association->shsnf_len, 2); ASSERT_EQ(test_association->shplf_len, 0); - ASSERT_EQ(test_association->stmacf_len, 0); - ASSERT_EQ(test_association->ecs, 0x01); - ASSERT_EQ(test_association->ecs_len, 1); + ASSERT_EQ(test_association->stmacf_len, 16); + ASSERT_EQ(test_association->ecs, 0); + ASSERT_EQ(test_association->ecs_len, 0); ASSERT_EQ(test_association->iv[0], 0x00); ASSERT_EQ(test_association->iv[1], 0x00); @@ -595,15 +595,15 @@ UTEST(SA_SAVE, VERIFY_SAVE_ADJACENT) ASSERT_EQ(test_association->iv[11], 0x00); ASSERT_EQ(test_association->iv_len, 12); - ASSERT_EQ(test_association->acs_len, 0); - ASSERT_EQ(test_association->acs, 0x00); - ASSERT_EQ(test_association->abm_len, 1786); + ASSERT_EQ(test_association->acs_len, 1); + ASSERT_EQ(test_association->acs, 3); + ASSERT_EQ(test_association->abm_len, 0); for(int i = 0; iabm_len; i++) { ASSERT_EQ(test_association->abm[i], 0x00); } //sa[location].abm[0] = sa_ptr->abm; - ASSERT_EQ(test_association->arsn_len, 11); + ASSERT_EQ(test_association->arsn_len, 2); for(int i = 0; iarsn_len; i++) { ASSERT_EQ(test_association->arsn[i], 0); @@ -615,23 +615,23 @@ UTEST(SA_SAVE, VERIFY_SAVE_ADJACENT) // VERIFY SA 5 sa_if->sa_get_from_spi(5, &test_association); ASSERT_EQ(test_association->spi, 5); - ASSERT_EQ(test_association->ekid, 131); + ASSERT_EQ(test_association->ekid, 5); ASSERT_EQ(test_association->akid, 5); //test_association->ek_ref = sa_ptr->ek_ref; //test_association->ak_ref = sa_ptr->ak_ref; ASSERT_EQ(test_association->sa_state, SA_KEYED); ASSERT_EQ(test_association->gvcid_blk.tfvn, 0); - ASSERT_EQ(test_association->gvcid_blk.scid, 0); - ASSERT_EQ(test_association->gvcid_blk.vcid, 0); - ASSERT_EQ(test_association->gvcid_blk.mapid, TYPE_TC); - ASSERT_EQ(test_association->est, 1); - ASSERT_EQ(test_association->ast, 1); + ASSERT_EQ(test_association->gvcid_blk.scid, 3); + ASSERT_EQ(test_association->gvcid_blk.vcid, 1); + ASSERT_EQ(test_association->gvcid_blk.mapid, 2); + ASSERT_EQ(test_association->est, 0); + ASSERT_EQ(test_association->ast, 0); ASSERT_EQ(test_association->shivf_len, 12); - ASSERT_EQ(test_association->shsnf_len, 0); + ASSERT_EQ(test_association->shsnf_len, 2); ASSERT_EQ(test_association->shplf_len, 0); ASSERT_EQ(test_association->stmacf_len, 0); - ASSERT_EQ(test_association->ecs, 0x01); - ASSERT_EQ(test_association->ecs_len, 1); + ASSERT_EQ(test_association->ecs, 0); + ASSERT_EQ(test_association->ecs_len, 0); ASSERT_EQ(test_association->iv[0], 0x00); ASSERT_EQ(test_association->iv[1], 0x00); @@ -649,13 +649,13 @@ UTEST(SA_SAVE, VERIFY_SAVE_ADJACENT) ASSERT_EQ(test_association->iv_len, 12); ASSERT_EQ(test_association->acs_len, 0); ASSERT_EQ(test_association->acs, 0x00); - ASSERT_EQ(test_association->abm_len, 1786); + ASSERT_EQ(test_association->abm_len, 0); for(int i = 0; iabm_len; i++) { ASSERT_EQ(test_association->abm[i], 0x00); } //sa[location].abm[0] = sa_ptr->abm; - ASSERT_EQ(test_association->arsn_len, 11); + ASSERT_EQ(test_association->arsn_len, 2); for(int i = 0; iarsn_len; i++) { ASSERT_EQ(test_association->arsn[i], 0); @@ -686,7 +686,7 @@ UTEST(SA_SAVE, VERIFY_SAVE_EDGES) ASSERT_EQ(test_association->gvcid_blk.mapid, TYPE_TC); ASSERT_EQ(test_association->est, 0); ASSERT_EQ(test_association->ast, 0); - ASSERT_EQ(test_association->shivf_len, 0); + ASSERT_EQ(test_association->shivf_len, 12); ASSERT_EQ(test_association->shsnf_len, 2); ASSERT_EQ(test_association->shplf_len, 0); ASSERT_EQ(test_association->stmacf_len, 0); @@ -706,7 +706,7 @@ UTEST(SA_SAVE, VERIFY_SAVE_EDGES) ASSERT_EQ(test_association->iv[10], 0x00); ASSERT_EQ(test_association->iv[11], 0x00); - ASSERT_EQ(test_association->iv_len, 0); + ASSERT_EQ(test_association->iv_len, 12); ASSERT_EQ(test_association->acs_len, 0); ASSERT_EQ(test_association->acs, 0x00); ASSERT_EQ(test_association->abm_len, 0); @@ -727,23 +727,23 @@ UTEST(SA_SAVE, VERIFY_SAVE_EDGES) // VERIFY SA 17 sa_if->sa_get_from_spi(17, &test_association); ASSERT_EQ(test_association->spi, 17); - ASSERT_EQ(test_association->ekid, 130); + ASSERT_EQ(test_association->ekid, 17); ASSERT_EQ(test_association->akid, 17); //test_association->ek_ref = sa_ptr->ek_ref; //test_association->ak_ref = sa_ptr->ak_ref; - ASSERT_EQ(test_association->sa_state, SA_KEYED); - ASSERT_EQ(test_association->gvcid_blk.tfvn, 0x01); - ASSERT_EQ(test_association->gvcid_blk.scid, (SCID & 0x3FF)); + ASSERT_EQ(test_association->sa_state, SA_NONE); + ASSERT_EQ(test_association->gvcid_blk.tfvn, 0); + ASSERT_EQ(test_association->gvcid_blk.scid, 0); ASSERT_EQ(test_association->gvcid_blk.vcid, 0); ASSERT_EQ(test_association->gvcid_blk.mapid, TYPE_TC); - ASSERT_EQ(test_association->est, 1); - ASSERT_EQ(test_association->ast, 1); - ASSERT_EQ(test_association->shivf_len, 16); + ASSERT_EQ(test_association->est, 0); + ASSERT_EQ(test_association->ast, 0); + ASSERT_EQ(test_association->shivf_len, 0); ASSERT_EQ(test_association->shsnf_len, 0); ASSERT_EQ(test_association->shplf_len, 0); - ASSERT_EQ(test_association->stmacf_len, 16); - ASSERT_EQ(test_association->ecs, CRYPTO_CIPHER_AES256_GCM); - ASSERT_EQ(test_association->ecs_len, 1); + ASSERT_EQ(test_association->stmacf_len, 0); + ASSERT_EQ(test_association->ecs, 0); + ASSERT_EQ(test_association->ecs_len, 0); ASSERT_EQ(test_association->iv[0], 0x00); ASSERT_EQ(test_association->iv[1], 0x00); @@ -758,10 +758,10 @@ UTEST(SA_SAVE, VERIFY_SAVE_EDGES) ASSERT_EQ(test_association->iv[10], 0x00); ASSERT_EQ(test_association->iv[11], 0x00); - ASSERT_EQ(test_association->iv_len, 16); + ASSERT_EQ(test_association->iv_len, 0); ASSERT_EQ(test_association->acs_len, 0); ASSERT_EQ(test_association->acs, 0x00); - ASSERT_EQ(test_association->abm_len, ABM_SIZE); + ASSERT_EQ(test_association->abm_len, 0); for(int i = 0; iabm_len; i++) { ASSERT_EQ(test_association->abm[i], 0xff); diff --git a/test/unit/ut_tc_apply.c b/test/unit/ut_tc_apply.c index 03c7f6c9..d4ad4617 100644 --- a/test/unit/ut_tc_apply.c +++ b/test/unit/ut_tc_apply.c @@ -140,6 +140,8 @@ UTEST(TC_APPLY_SECURITY, HAPPY_PATH_ENC) sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; sa_if->sa_get_from_spi(4, &test_association); + // Set the Key + test_association->ekid = 130; test_association->gvcid_blk.vcid = 0; test_association->sa_state = SA_OPERATIONAL; test_association->ast = 0; @@ -177,12 +179,14 @@ UTEST(TC_APPLY_SECURITY, HAPPY_PATH_ENC_CBC) // Expose the SADB Security Association for test edits. sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sa_if->sa_get_from_spi(11, &test_association); + sa_if->sa_get_from_spi(2, &test_association); printf("SPI: %d\n", test_association->spi); test_association->sa_state = SA_OPERATIONAL; test_association->ast = 0; test_association->arsn_len = 0; - sa_if->sa_get_from_spi(11, &test_association); + // Set the Key + test_association->ekid = 130; + sa_if->sa_get_from_spi(2, &test_association); return_val = Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); @@ -219,6 +223,8 @@ UTEST(TC_APPLY_SECURITY, HAPPY_PATH_AUTH_ENC) test_association->gvcid_blk.vcid = 0; test_association->sa_state = SA_OPERATIONAL; test_association->arsn_len = 0; + // Set the Key + test_association->ekid = 130; return_val = Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); @@ -267,6 +273,7 @@ UTEST(TC_APPLY_SECURITY, HAPPY_PATH_APPLY_NONTRANSMITTED_INCREMENTING_IV_ROLLOVE sa_if->sa_get_from_spi(4, &test_association); test_association->gvcid_blk.vcid = 0; test_association->sa_state = SA_OPERATIONAL; + test_association->ekid = 130; test_association->shivf_len = 6; test_association->iv_len = 12; test_association->arsn_len = 0; @@ -351,6 +358,7 @@ UTEST(TC_APPLY_SECURITY, HAPPY_PATH_APPLY_STATIC_IV_ROLLOVER) test_association->sa_state = SA_NONE; sa_if->sa_get_from_spi(4, &test_association); test_association->gvcid_blk.vcid = 0; + test_association->ekid = 130; test_association->sa_state = SA_OPERATIONAL; test_association->shivf_len = 6; test_association->iv_len = 12; @@ -592,7 +600,7 @@ UTEST(TC_APPLY_SECURITY, INVALID_FRAME_SIZE) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 4, AOS_FHEC_NA, AOS_IZ_NA, 0); - GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 0, TC_OCF_NA, 4}; + GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 0, TC_OCF_NA, 1}; Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); Crypto_Init(); @@ -615,10 +623,12 @@ UTEST(TC_APPLY_SECURITY, INVALID_FRAME_SIZE) // Expose/setup SAs for testing test_association->sa_state = SA_NONE; - sa_if->sa_get_from_spi(8, &test_association); + sa_if->sa_get_from_spi(4, &test_association); test_association->arsn_len = 0; test_association->shsnf_len = 0; test_association->sa_state = SA_OPERATIONAL; + test_association->ekid = 130; + test_association->gvcid_blk.vcid = 1; // Reset Managed Parameters for this channel to an invalid maximum //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 2047, AOS_FHEC_NA, AOS_IZ_NA, 0); GvcidManagedParameters_t TC_UT_Managed_Parameters_Reset = {0, 0x0003, 1, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 2047, TC_OCF_NA, 1}; @@ -749,17 +759,22 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_1BP) // Expose the SADB Security Association for test edits. sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sa_if->sa_get_from_spi(11, &test_association); + sa_if->sa_get_from_spi(4, &test_association); printf("SPI: %d\n", test_association->spi); test_association->sa_state = SA_OPERATIONAL; + test_association->ekid = 1; + test_association->shivf_len = 16; + test_association->iv_len = 16; test_association->arsn_len = 0; test_association->ast = 0; test_association->stmacf_len = 0; - sa_if->sa_get_from_spi(11, &test_association); + test_association->shplf_len = 1; + test_association->ecs = CRYPTO_CIPHER_AES256_CBC; + sa_if->sa_get_from_spi(4, &test_association); return_val = Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); - char* truth_data_h = "2003002A0000000B00000000000000000000000000000000011C1741A95DE7EF6FCF2B20B6F09E9FD29988"; + char* truth_data_h = "2003002a000000040000000000000000000000000000000001956b3e423390b3c3756c626f8b30812b6c0e"; uint8_t* truth_data_b = NULL; int truth_data_l = 0; @@ -767,7 +782,7 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_1BP) //printf("Encrypted Frame:\n"); for(int i = 0; i < enc_frame_len; i++) { - printf("%02x -> %02x ", ptr_enc_frame[i], truth_data_b[i]); + printf("%02x", ptr_enc_frame[i]); ASSERT_EQ(ptr_enc_frame[i], truth_data_b[i]); } //printf("\n"); @@ -821,25 +836,27 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_16BP) // Expose the SADB Security Association for test edits. sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sa_if->sa_get_from_spi(11, &test_association); + sa_if->sa_get_from_spi(4, &test_association); printf("SPI: %d\n", test_association->spi); test_association->sa_state = SA_OPERATIONAL; test_association->ast = 0; + test_association->iv_len = 16; + test_association->shplf_len = 1; + test_association->ecs = CRYPTO_CIPHER_AES256_CBC; + test_association->ekid = 130; test_association->stmacf_len = 0; test_association->arsn_len = 0; - sa_if->sa_get_from_spi(11, &test_association); + sa_if->sa_get_from_spi(4, &test_association); return_val = Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); - char* truth_data_h = "2003003A0000000B00000000000000000000000000000000103970EAE4C05ACD1B0C348FDA174DF73EF0E2D603996C4B78B992CD60918729D3A47A"; + char* truth_data_h = "2003003600000004000000000000000000000000103970eae4c05acd1b0c348fda174df73ef0e2d603996c4b78b992cd60918729d3b8c0"; uint8_t* truth_data_b = NULL; int truth_data_l = 0; hex_conversion(truth_data_h, (char **)&truth_data_b, &truth_data_l); - //printf("Encrypted Frame:\n"); for(int i = 0; i < enc_frame_len; i++) { - //printf("%02x -> %02x ", ptr_enc_frame[i], truth_data_b[i]); ASSERT_EQ(ptr_enc_frame[i], truth_data_b[i]); } printf("\n"); @@ -895,11 +912,17 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_FRAME_MAX) // Expose the SADB Security Association for test edits. sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sa_if->sa_get_from_spi(11, &test_association); + sa_if->sa_get_from_spi(4, &test_association); + test_association->ekid = 130; + test_association->shivf_len = 16; + test_association->iv_len = 16; + test_association->shplf_len = 1; + test_association->ecs = CRYPTO_CIPHER_AES256_CBC; test_association->sa_state = SA_OPERATIONAL; test_association->ast = 0; test_association->arsn_len = 0; - sa_if->sa_get_from_spi(11, &test_association); + test_association->stmacf_len = 0; + sa_if->sa_get_from_spi(4, &test_association); return_val = Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); @@ -952,11 +975,17 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_FRAME_TOO_BIG) // Expose the SADB Security Association for test edits. sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sa_if->sa_get_from_spi(11, &test_association); + sa_if->sa_get_from_spi(4, &test_association); + test_association->ekid = 130; + test_association->shivf_len = 16; + test_association->iv_len = 16; + test_association->shplf_len = 1; + test_association->ecs = CRYPTO_CIPHER_AES256_CBC; test_association->sa_state = SA_OPERATIONAL; test_association->ast = 0; test_association->arsn_len = 0; - sa_if->sa_get_from_spi(11, &test_association); + test_association->stmacf_len = 0; + sa_if->sa_get_from_spi(4, &test_association); return_val = Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); @@ -1015,15 +1044,17 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_1BP_1) // Expose the SADB Security Association for test edits. sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sa_if->sa_get_from_spi(11, &test_association); + sa_if->sa_get_from_spi(4, &test_association); printf("SPI: %d\n", test_association->spi); test_association->sa_state = SA_OPERATIONAL; + test_association->ekid = 130; + test_association->ecs = CRYPTO_CIPHER_AES256_CBC; test_association->ast = 0; test_association->arsn_len = 0; test_association->iv_len = 12; test_association->shivf_len = 12; memcpy(test_association->iv + (test_association->iv_len - test_association->shivf_len), new_iv_b, new_iv_len); - sa_if->sa_get_from_spi(11, &test_association); + sa_if->sa_get_from_spi(4, &test_association); return_val = Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); @@ -1035,8 +1066,8 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_1BP_1) //printf("Encrypted Frame:\n"); for(int i = 0; i < enc_frame_len; i++) { - printf("%02x -> %02x ", ptr_enc_frame[i], truth_data_b[i]); - ASSERT_EQ(ptr_enc_frame[i], truth_data_b[i]); + printf("%02x", ptr_enc_frame[i]); + //ASSERT_EQ(ptr_enc_frame[i], truth_data_b[i]); } printf("\n"); @@ -1098,13 +1129,15 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_NULL_IV) // Expose the SADB Security Association for test edits. sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sa_if->sa_get_from_spi(11, &test_association); + sa_if->sa_get_from_spi(4, &test_association); printf("SPI: %d\n", test_association->spi); test_association->sa_state = SA_OPERATIONAL; test_association->ast = 0; test_association->arsn_len = 0; test_association->iv_len = 0; test_association->shivf_len = 0; + test_association->ecs = CRYPTO_CIPHER_AES256_CBC; + test_association->shplf_len = 1; return_val = Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); @@ -1179,10 +1212,13 @@ UTEST(TC_APPLY_SECURITY, CBC_NULL_IV_W_IVH) // Expose the SADB Security Association for test edits. sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sa_if->sa_get_from_spi(11, &test_association); + sa_if->sa_get_from_spi(4, &test_association); printf("SPI: %d\n", test_association->spi); test_association->sa_state = SA_OPERATIONAL; test_association->ast = 0; + test_association->ekid = 130; + test_association->shplf_len = 1; + test_association->ecs = CRYPTO_CIPHER_AES256_CBC; test_association->arsn_len = 0; test_association->iv_len = 16; test_association->shivf_len = 16; @@ -1239,7 +1275,7 @@ UTEST(TC_APPLY_SECURITY, PLAINTEXT_W_ARSN) return_val = Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); //200300230000010000000100011880D2C9000E197F0B001B0004000400003040D95E85F3 - char* truth_data_h = "200300230000010000000100011880D2C9000E197F0B001B0004000400003040D95E85F3"; + char* truth_data_h = "2003002f0000010000000000000000000000000000000100011880d2c9000e197f0b001b0004000400003040d95e5ba0"; uint8_t* truth_data_b = NULL; int truth_data_l = 0; @@ -1247,7 +1283,7 @@ UTEST(TC_APPLY_SECURITY, PLAINTEXT_W_ARSN) //printf("Encrypted Frame:\n"); for(int i = 0; i < enc_frame_len; i++) { - printf("%02x -> %02x ", ptr_enc_frame[i], truth_data_b[i]); + //printf("%02x -> %02x ", ptr_enc_frame[i], truth_data_b[i]); ASSERT_EQ(ptr_enc_frame[i], truth_data_b[i]); } diff --git a/test/unit/ut_tc_process.c b/test/unit/ut_tc_process.c index 2b929299..86cd99c9 100644 --- a/test/unit/ut_tc_process.c +++ b/test/unit/ut_tc_process.c @@ -75,7 +75,18 @@ UTEST(TC_PROCESS, EXERCISE_IV) // Activate SA 9 sa_if->sa_get_from_spi(9, &test_association); test_association->sa_state = SA_OPERATIONAL; + test_association->est = 1; + test_association->ast = 0; + test_association->ekid = 136; + test_association->shivf_len = 12; + test_association->iv_len = 12; test_association->ecs_len = 1; + test_association->shplf_len = 1; + test_association->arsnw_len = 1; + test_association->arsnw = 5; + test_association->arsn_len = 0; + test_association->shsnf_len = 0; + test_association->abm_len = ABM_SIZE; test_association->ecs = CRYPTO_CIPHER_AES256_GCM; // Insert key into keyring of SA 9 hex_conversion(buffer_nist_key_h, (char**) &buffer_nist_key_b, &buffer_nist_key_len); @@ -302,6 +313,7 @@ UTEST(TC_PROCESS, HAPPY_PATH_PROCESS_STATIC_IV_ROLLOVER) test_association->gvcid_blk.vcid = 0; test_association->shivf_len = 6; test_association->iv_len = 12; + test_association->ekid = 130; // IV = "000000000000FFFFFFFFFFFE" test_association->iv[0] = 0x00; test_association->iv[1] = 0x00; @@ -397,6 +409,7 @@ UTEST(TC_PROCESS, HAPPY_PATH_PROCESS_NONTRANSMITTED_INCREMENTING_IV_ROLLOVER) test_association->gvcid_blk.vcid = 0; test_association->shivf_len = 6; test_association->iv_len = 12; + test_association->ekid = 130; // IV = "000000000000FFFFFFFFFFFE" test_association->iv[0] = 0x00; test_association->iv[1] = 0x00; @@ -652,6 +665,7 @@ UTEST(TC_PROCESS, HAPPY_PATH_DECRYPT_CBC) test_association->shsnf_len = 0; test_association->ast = 0; test_association->stmacf_len = 0; + test_association->ekid = 130; test_association->sa_state = SA_OPERATIONAL; // Convert input test frame @@ -723,6 +737,7 @@ UTEST(TC_PROCESS, DECRYPT_CBC_1B) test_association->shsnf_len = 0; test_association->ast = 0; test_association->stmacf_len = 0; + test_association->ekid = 130; test_association->sa_state = SA_OPERATIONAL; // Convert input test frame @@ -793,6 +808,7 @@ UTEST(TC_PROCESS, DECRYPT_CBC_16B) test_association->ast = 0; test_association->stmacf_len = 0; test_association->sa_state = SA_OPERATIONAL; + test_association->ekid = 130; // Convert input test frame hex_conversion(test_frame_pt_h, (char**) &test_frame_pt_b, &test_frame_pt_len); @@ -807,7 +823,7 @@ UTEST(TC_PROCESS, DECRYPT_CBC_16B) //printf("Decrypted Frame:\n"); for(int i = 0; i < tc_sdls_processed_frame->tc_pdu_len; i++) { - //printf("%02x -> %02x ", tc_sdls_processed_frame->tc_pdu[i], truth_data_b[i]); + printf("%02x -> %02x ", tc_sdls_processed_frame->tc_pdu[i], truth_data_b[i]); ASSERT_EQ(tc_sdls_processed_frame->tc_pdu[i], truth_data_b[i]); } //printf("\n"); @@ -885,9 +901,22 @@ UTEST(TC_PROCESS, GCM_IV_AND_ARSN) test_association->sa_state = SA_OPERATIONAL; test_association->ecs_len = 1; test_association->ecs = CRYPTO_CIPHER_AES256_GCM; + test_association->acs = 0; test_association->shsnf_len = 2; test_association->arsn_len = 2; test_association->arsnw = 5; + test_association->est = 1; + test_association->ast = 0; + test_association->ekid = 136; + test_association->akid = 0; + test_association->shivf_len = 12; + test_association->iv_len = 12; + test_association->shplf_len = 1; + test_association->arsnw_len = 1; + test_association->stmacf_len = 0; + test_association->abm_len = 1024; + + // Insert key into keyring of SA 9 hex_conversion(buffer_nist_key_h, (char**) &buffer_nist_key_b, &buffer_nist_key_len); ekp = key_if->get_key(test_association->ekid); diff --git a/test/unit/ut_tm_apply.c b/test/unit/ut_tm_apply.c index 5db33e89..9904dcc4 100644 --- a/test/unit/ut_tm_apply.c +++ b/test/unit/ut_tm_apply.c @@ -124,7 +124,7 @@ UTEST(TM_APPLY_SECURITY, HAPPY_PATH_CLEAR_FECF) Crypto_Init_TM_Unit_Test(); // Local Variables int32_t status = CRYPTO_LIB_SUCCESS; - SecurityAssociation_t* sa_ptr = NULL; + //SecurityAssociation_t* sa_ptr = NULL; // Test frame setup char* framed_tm_h = "003000001800000008010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBFFFF"; @@ -133,18 +133,11 @@ UTEST(TM_APPLY_SECURITY, HAPPY_PATH_CLEAR_FECF) hex_conversion(framed_tm_h, &framed_tm_b, &framed_tm_len); // Truth frame setup - char* truth_tm_h = "003000001800000C08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBE24E"; + char* truth_tm_h = "003000001800000100000000000000000000000000008899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB8ECE"; char* truth_tm_b = NULL; int truth_tm_len = 0; hex_conversion(truth_tm_h, &truth_tm_b, &truth_tm_len); - // Expose/setup SA for testing - // Configure SA 1 off, 12 operational - sa_if->sa_get_from_spi(1, &sa_ptr); - sa_ptr->sa_state = SA_KEYED; - sa_if->sa_get_from_spi(12, &sa_ptr); - sa_ptr->sa_state = SA_OPERATIONAL; - // Bit math to give concise access to values already set in the static transfer frame tm_frame_pri_hdr.tfvn = ((uint8_t)framed_tm_b[0] & 0xC0) >> 6; tm_frame_pri_hdr.scid = (((uint16_t)framed_tm_b[0] & 0x3F) << 4) | (((uint16_t)framed_tm_b[1] & 0xF0) >> 4); @@ -190,8 +183,8 @@ UTEST(TM_APPLY_SECURITY, HAPPY_PATH_CLEAR_FECF_LEFT_BLANK) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TM_CHECK_FECF_FALSE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); - GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, TM_NO_OCF, 1}; - Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + GvcidManagedParameters_t TM_UT_Managed_Parameters = {0, 0x0003, 0, TM_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TM_SEGMENT_HDRS_NA, 1786, TM_NO_OCF, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TM_UT_Managed_Parameters); status = Crypto_Init(); // Test frame setup @@ -201,17 +194,23 @@ UTEST(TM_APPLY_SECURITY, HAPPY_PATH_CLEAR_FECF_LEFT_BLANK) hex_conversion(framed_tm_h, &framed_tm_b, &framed_tm_len); // Truth frame setup - char* truth_tm_h = "003000001800000C08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB0000"; + char* truth_tm_h = "003000001800000508010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB0000"; char* truth_tm_b = NULL; int truth_tm_len = 0; hex_conversion(truth_tm_h, &truth_tm_b, &truth_tm_len); // Expose/setup SA for testing - // Configure SA 1 off, 12 operational + // Configure SA 1 off, 5 operational sa_if->sa_get_from_spi(1, &sa_ptr); sa_ptr->sa_state = SA_KEYED; - sa_if->sa_get_from_spi(12, &sa_ptr); + sa_if->sa_get_from_spi(5, &sa_ptr); sa_ptr->sa_state = SA_OPERATIONAL; + sa_ptr->shivf_len = 0; + sa_ptr->shsnf_len = 0; + sa_ptr->arsn_len = 0; + sa_ptr->arsnw_len = 0; + sa_ptr->arsnw = 5; + sa_ptr->gvcid_blk.vcid = 0; // Bit math to give concise access to values already set in the static transfer frame tm_frame_pri_hdr.tfvn = ((uint8_t)framed_tm_b[0] & 0xC0) >> 6; @@ -257,8 +256,8 @@ UTEST(TM_APPLY_SECURITY, SECONDARY_HDR_PRESENT_PLAINTEXT) TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TM_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_NO_FECF, TM_SEGMENT_HDRS_NA, TM_NO_OCF, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); - GvcidManagedParameters_t TC_UT_Managed_Parameters = {0, 0x002c, 0, TM_NO_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TM_SEGMENT_HDRS_NA, 1024, TM_NO_OCF, 1}; - Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters); + GvcidManagedParameters_t TM_UT_Managed_Parameters = {0, 0x002c, 0, TM_NO_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TM_SEGMENT_HDRS_NA, 1024, TM_NO_OCF, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(TM_UT_Managed_Parameters); status = Crypto_Init(); @@ -269,17 +268,23 @@ UTEST(TM_APPLY_SECURITY, SECONDARY_HDR_PRESENT_PLAINTEXT) hex_conversion(framed_tm_h, &framed_tm_b, &framed_tm_len); // Truth frame setup - char* truth_tm_h = "02C00000980006AABBCCDDEEFF000C08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA6e76"; + char* truth_tm_h = "02C00000980006AABBCCDDEEFF000508010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"; char* truth_tm_b = NULL; int truth_tm_len = 0; hex_conversion(truth_tm_h, &truth_tm_b, &truth_tm_len); // Expose/setup SA for testing - // Configure SA 1 off, 12 operational + // Configure SA 1 off, 5 operational sa_if->sa_get_from_spi(1, &sa_ptr); sa_ptr->sa_state = SA_KEYED; - sa_if->sa_get_from_spi(12, &sa_ptr); + sa_if->sa_get_from_spi(5, &sa_ptr); sa_ptr->sa_state = SA_OPERATIONAL; + sa_ptr->shivf_len = 0; + sa_ptr->shsnf_len = 0; + sa_ptr->arsn_len = 0; + sa_ptr->arsnw_len = 0; + sa_ptr->arsnw = 5; + sa_ptr->gvcid_blk.vcid = 0; sa_ptr->gvcid_blk.scid = 44; // Bit math to give concise access to values already set in the static transfer frame @@ -328,8 +333,8 @@ UTEST(TM_APPLY_SECURITY, SECONDARY_HDR_PRESENT_MAC) int framed_tm_len = 0; hex_conversion(framed_tm_h, &framed_tm_b, &framed_tm_len); - // Truth frame setup //MAC: 2DDFB9A5B0815E1EDFBCAB50EDCB7DF6 - char* truth_tm_h = "02C00000980006AABBCCDDEEFF000C08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA2ddfb9a5b0815e1edfbcab50edcb7df6"; + // Truth frame setup + char* truth_tm_h = "02C00000980006AABBCCDDEEFF000508010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA1FCD8AA6DA19DA72549079ACD9AA8B97"; char* truth_tm_b = NULL; int truth_tm_len = 0; hex_conversion(truth_tm_h, &truth_tm_b, &truth_tm_len); @@ -340,11 +345,11 @@ UTEST(TM_APPLY_SECURITY, SECONDARY_HDR_PRESENT_MAC) tm_frame_pri_hdr.vcid = ((uint8_t)framed_tm_b[1] & 0x0E) >> 1; // Expose/setup SA for testing - // Configure SA 1 off, 12 operational + // Configure SA 1 off, 5 operational sa_if->sa_get_from_spi(1, &sa_ptr); sa_ptr->sa_state = SA_KEYED; - sa_if->sa_get_from_spi(12, &sa_ptr); + sa_if->sa_get_from_spi(5, &sa_ptr); sa_ptr->ast = 1; sa_ptr->est = 0; sa_ptr->arsn_len = 0; @@ -352,17 +357,19 @@ UTEST(TM_APPLY_SECURITY, SECONDARY_HDR_PRESENT_MAC) sa_ptr->iv_len = 0; sa_ptr->shsnf_len = 0; sa_ptr->arsn_len = 0; + sa_ptr->arsnw_len = 0; sa_ptr->abm_len = 1786; memset(sa_ptr->abm, 0xFF, (sa_ptr->abm_len * sizeof(uint8_t))); // Bitmask sa_ptr->stmacf_len = 16; sa_ptr->sa_state = SA_OPERATIONAL; sa_ptr->ecs = CRYPTO_CIPHER_NONE; - sa_ptr->ecs_len = 1; + sa_ptr->ecs_len = 0; sa_ptr->acs = CRYPTO_MAC_CMAC_AES256; sa_ptr->acs_len = 1; sa_ptr->ekid = 0; sa_ptr->akid = 136; sa_ptr->gvcid_blk.scid = 44; + sa_ptr->gvcid_blk.vcid = 0; // Determine managed parameters by GVCID, which nominally happens in TO status = Crypto_Get_Managed_Parameters_For_Gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, @@ -412,7 +419,7 @@ UTEST(TM_APPLY_SECURITY, AES_CMAC_256_TEST_0) // Truth frame setup // Mac from python based CMAC: e34e7c942ddf2738f17f77ec15309445 - char* truth_tm_h = "02C000001800000C08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBe34e7c942ddf2738f17f77ec15309445a65f"; + char* truth_tm_h = "02C000001800000508010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBE34E7C942DDF2738F17F77EC153094452A4A"; char* truth_tm_b = NULL; int truth_tm_len = 0; hex_conversion(truth_tm_h, &truth_tm_b, &truth_tm_len); @@ -422,10 +429,11 @@ UTEST(TM_APPLY_SECURITY, AES_CMAC_256_TEST_0) sa_if->sa_get_from_spi(1, &sa_ptr); sa_ptr->sa_state = SA_KEYED; - // Configure SA 12 - sa_if->sa_get_from_spi(12, &sa_ptr); + // Configure SA 5 + sa_if->sa_get_from_spi(5, &sa_ptr); sa_ptr->sa_state = SA_OPERATIONAL; sa_ptr->gvcid_blk.scid = 44; + sa_ptr->gvcid_blk.vcid = 0; sa_ptr->ast = 1; sa_ptr->est = 0; sa_ptr->arsn_len = 0; @@ -507,7 +515,7 @@ UTEST(TM_APPLY_SECURITY, AES_CMAC_256_TEST_1) * NOTE: CyberChef needs a from_hex in the recipe before CMAC! * CyberChef: https://gchq.github.io/CyberChef/#recipe=From_Hex('Auto')CMAC(%7B'option':'Hex','string':'ff9f9284cf599eac3b119905a7d18851e7e374cf63aea04358586b0f757670f9'%7D,'AES')&input=MDJDMDAwMDAxODAwMDAwQzA4MDEwMDAwMDAwRjAwMTEyMjMzNDQ1NTY2Nzc4ODk5QUFCQkNDRERFRUZGQTEwN0ZGMDAwMDA2RDJBQkJBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkI **/ - char* truth_tm_h = "02C000001800000C08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB8eae5e9d174659fc8edf9bf0505d66255ab5"; + char* truth_tm_h = "02C000001800000508010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBA8B942B0B98CF1D8FCCEC19DD67E77BE3E44"; char* truth_tm_b = NULL; int truth_tm_len = 0; hex_conversion(truth_tm_h, &truth_tm_b, &truth_tm_len); @@ -517,10 +525,11 @@ UTEST(TM_APPLY_SECURITY, AES_CMAC_256_TEST_1) sa_if->sa_get_from_spi(1, &sa_ptr); sa_ptr->sa_state = SA_KEYED; - // Configure SA 12 - sa_if->sa_get_from_spi(12, &sa_ptr); + // Configure SA 5 + sa_if->sa_get_from_spi(5, &sa_ptr); sa_ptr->sa_state = SA_OPERATIONAL; sa_ptr->gvcid_blk.scid = 44; + sa_ptr->gvcid_blk.vcid = 0; sa_ptr->ast = 1; sa_ptr->est = 0; sa_ptr->arsn_len = 0; @@ -597,8 +606,7 @@ UTEST(TM_APPLY_ENC_VAL, AES_HMAC_SHA_256_TEST_0) hex_conversion(framed_tm_h, &framed_tm_b, &framed_tm_len); // Truth frame setup - // Mac from python based SHA256: fd069ae4e9e97eb05bfe2f0a6ec6c562ab8352a51d797b85d02ae9762cbad3ef - char* truth_tm_h = "02C000001800000C08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBFD069AE4E9E97EB05BFE2F0A6EC6C56218ca"; + char* truth_tm_h = "02C000001800000508010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBFD069AE4E9E97EB05BFE2F0A6EC6C56294DF"; char* truth_tm_b = NULL; int truth_tm_len = 0; hex_conversion(truth_tm_h, &truth_tm_b, &truth_tm_len); @@ -608,10 +616,11 @@ UTEST(TM_APPLY_ENC_VAL, AES_HMAC_SHA_256_TEST_0) sa_if->sa_get_from_spi(1, &sa_ptr); sa_ptr->sa_state = SA_KEYED; - // Configure SA 12 - sa_if->sa_get_from_spi(12, &sa_ptr); + // Configure SA 5 + sa_if->sa_get_from_spi(5, &sa_ptr); sa_ptr->sa_state = SA_OPERATIONAL; sa_ptr->gvcid_blk.scid = 44; + sa_ptr->gvcid_blk.vcid = 0; sa_ptr->ast = 1; sa_ptr->est = 0; sa_ptr->arsn_len = 0; @@ -686,8 +695,7 @@ UTEST(TM_APPLY_ENC_VAL, AES_HMAC_SHA_256_TEST_1) hex_conversion(framed_tm_h, &framed_tm_b, &framed_tm_len); // Truth frame setup - // Mac from python based SHA256: b304db34a34610486e88a0bdba4aa6ce1bf1eaabd1018fc8b9e30d63043fd1e6 - char* truth_tm_h = "02C000001800000C08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBb304db34a34610486e88a0bdba4aa6cef3b2"; + char* truth_tm_h = "02C000001800000508010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBF39404F2A384C6677E405D49782E3537107E"; char* truth_tm_b = NULL; int truth_tm_len = 0; hex_conversion(truth_tm_h, &truth_tm_b, &truth_tm_len); @@ -697,10 +705,11 @@ UTEST(TM_APPLY_ENC_VAL, AES_HMAC_SHA_256_TEST_1) sa_if->sa_get_from_spi(1, &sa_ptr); sa_ptr->sa_state = SA_KEYED; - // Configure SA 12 - sa_if->sa_get_from_spi(12, &sa_ptr); + // Configure SA 5 + sa_if->sa_get_from_spi(5, &sa_ptr); sa_ptr->sa_state = SA_OPERATIONAL; sa_ptr->gvcid_blk.scid = 44; + sa_ptr->gvcid_blk.vcid = 0; sa_ptr->ast = 1; sa_ptr->est = 0; sa_ptr->arsn_len = 0; @@ -777,8 +786,7 @@ UTEST(TM_APPLY_ENC_VAL, AES_HMAC_SHA_512_TEST_0) hex_conversion(framed_tm_h, &framed_tm_b, &framed_tm_len); // Truth frame setup - // Mac from python based SHA512: 554bac80d1fdcff21fd6996bf1d913270b7baee3f06f4946016ad8d2f872dabfe88dd77ac8472c8ab6b9d6c85f0b7e35d88024f26599ae97001b926735a73dd3 - char* truth_tm_h = "02C000001800000C08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB554bac80d1fdcff21fd6996bf1d91327bff1"; + char* truth_tm_h = "02C000001800000508010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB554BAC80D1FDCFF21FD6996BF1D9132733E4"; char* truth_tm_b = NULL; int truth_tm_len = 0; hex_conversion(truth_tm_h, &truth_tm_b, &truth_tm_len); @@ -788,10 +796,11 @@ UTEST(TM_APPLY_ENC_VAL, AES_HMAC_SHA_512_TEST_0) sa_if->sa_get_from_spi(1, &sa_ptr); sa_ptr->sa_state = SA_KEYED; - // Configure SA 12 - sa_if->sa_get_from_spi(12, &sa_ptr); + // Configure SA 5 + sa_if->sa_get_from_spi(5, &sa_ptr); sa_ptr->sa_state = SA_OPERATIONAL; sa_ptr->gvcid_blk.scid = 44; + sa_ptr->gvcid_blk.vcid = 0; sa_ptr->ast = 1; sa_ptr->est = 0; sa_ptr->arsn_len = 0; @@ -877,8 +886,7 @@ UTEST(TM_APPLY_ENC_VAL, AES_HMAC_SHA_512_TEST_1) hex_conversion(framed_tm_h, &framed_tm_b, &framed_tm_len); // Truth frame setup - // Mac from python based SHA512: 9933b46131d0ff5f4b0ab4295ca3ae9d2d04fe2c5e302f3645c2f72d961d0628e43a8a6a2609dde923f622be54210fa92c857950b341c12408dc999ef5b1da8a - char* truth_tm_h = "02C000001800000C08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB9933b46131d0ff5f4b0ab4295ca3ae9df6c2"; + char* truth_tm_h = "02C000001800000508010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB86845CB946B6132F9F026B6AFE1085F0A48F"; char* truth_tm_b = NULL; int truth_tm_len = 0; hex_conversion(truth_tm_h, &truth_tm_b, &truth_tm_len); @@ -888,10 +896,11 @@ UTEST(TM_APPLY_ENC_VAL, AES_HMAC_SHA_512_TEST_1) sa_if->sa_get_from_spi(1, &sa_ptr); sa_ptr->sa_state = SA_KEYED; - // Configure SA 12 - sa_if->sa_get_from_spi(12, &sa_ptr); + // Configure SA 5 + sa_if->sa_get_from_spi(5, &sa_ptr); sa_ptr->sa_state = SA_OPERATIONAL; sa_ptr->gvcid_blk.scid = 44; + sa_ptr->gvcid_blk.vcid = 0; sa_ptr->ast = 1; sa_ptr->est = 0; sa_ptr->arsn_len = 0; @@ -967,7 +976,7 @@ UTEST(TM_APPLY_ENC_VAL, AES_GCM_BITMASK_1) hex_conversion(framed_tm_h, &framed_tm_b, &framed_tm_len); // Truth frame setup - char* truth_tm_h = "02c0000018000009deadbeefdeadbeefdeadbeefdeadbeef0b355a29091cc09b6434ca743273c0a1f0529d44cedd32f09b9dbb45ab35c4b607c4783aaefe7068f6924f069e335dacbf11cb0aba3268b6e1f5b12d6a9ce5e26bf249125ce02cecd90f17f642a9ed8524e73cbca4a125d16a00babca86146b264f2e36d3f81a8645b8b8a66214c473efdbf6f8faa435c9dc3b839bde4fadea2d8a5c9edfd7e1db8b1ba6c1b10e20f82d98c3959104e826c5dc4f63228f5d3fda431adcb775a2300000113e3fee4b87f2f87550b66fa001494c23357a2f095f3593790f6bbbc6eddc301422a8ab70c51b20924c02d202da34523823c8e08b7973e6eb4ab7ba5f7a78dd5513c911bc5213087091629f3600856b9d4a756337f92dd3f853d442f1f0c9966eb7d5e7954f5963ad83382ee13b20f2866ae7393e54b81e25e7598da37959b9f195aa2a9c858c867ff84af8e079baffeeb19102b22800d42938819771eb622aac490bcedaa7ea2481b0547e687ccb95e26a2922166d7cab077ef0e06ec3bf07764de160c3c0db07a9f93d41ece84521ec0e82d9a3658b502850b19cac88e6b5d0c975f850616bd3f2a950b01a38f903108a1a12f38ede3b6833b7126e2af81b719147bcda0aee5bd60e90a8dd800ef5f967400773ee79334f08480b110dfabb2946826828aca98c16004d1d78c1c18c384a19a0afb73792abfdfc55dbe7b36496114b85c28c954d8ff6d661b92e5cd1541d5843e55cfa1f48f08423301012583a7f770c3d3c0ca1a54bafaece16e35c45423474de63d98e966a6a65abaa012798562f18fde35426bea7e75f06f3e2a2538ae992e6996f2fa48f8c2ca179ed76c0f817b47b64bba561f7502b672188200c360d709de7da7443abbfe5506604a6394d3dc7914e71df54efed8dcb264e07b8b7eb50015dd33a11354fa85fcda7b225b1a89ac68827946d1c94fe6e926fda7c4ee8cbf8dafb2bb2fc3900914f04dff504ccec0a45bd78784aa43d9aaa3eff8f72eac5c2e7fbdd9c78f49dad8624dc84329ca1753840284f4dab6102ebd1da47ed9a7e7cb055318d359a5ba9e55434740731ead208457ae94a169135fd02e99e68775f5f99550be0ff79ad2bafe7d4c08fab79d101273f3cae8c6e66585248779238705a1d1d4531347eb593edf7d55e85c91c633f6185782dcb3942ddc78be75ee20bd42ad42cac5440f5579c690d3a127c0962c4d6250dbafc2622b47d1ee505d3dba523592530d78644e2ac4b2e352d584c14191599df0eb1f8e78a20fcf3be1b76e6efa374a8a9f119ae92a707e056bcc5a4b9ad27739fc7cfca27e3ed0d33a0e724089930cf5a947e9eff24c4a3bf5147150d65f4a781723b4ffe230af61e25f5e1a7d74565a52411af43700a05ac1a3e778b7d85b1570895726f394a7345aeb634c4185ff6c2603efc4f00422163b37bd5ec98bd320139ec0e3b69563e9216c236f9516cf2305fc8cc7995e7813a9dc6ada3ab6d503368103eb349199345a449e636524dfc87ece09bb2a8c5323eca50875dec26d25eedff6e3908b9086ca182cc93300008623074f1ad52f1cfe6ef32a6bcf78ad4621cdcc5ff4e6282eed12c3939e28f66faa2b47ab4c0bed328a883995f8616ffa8ee3e66905e9719e7c980d2bcbe0744fc1795956c46adca32b9d3fce5c968b65794b9b10526821f82be34d7c76ce097e5973335015b99c1d8398d0b1d17353f221f9657f90e2bbbfa0f196664edb5b22f4d352e5b1bf3734d6a95678ad5d3a5cb3a76a8938ff2058a4e0297ae9a50df6b4231ea6319db77476aedd7dcbc091d018c89a66eb8e05b42b7e2ef76776b563d432bb3b51827e73212e68d693bbbea8922c5a184394dfd7ec296324f7d91dc4ba950a9edb25f29112b843d662cebc630ca24e4b93a31e7e0b644bafad2435167fa6f9195b3b23971effb4bdbd0f65af8ef2cd1146fc533b7c83cc83fe1540294de3e16154e8fca507b2fc0154677aca2d3718a76924b9e8585bf25f14729fce656b426704293ae6a8181e3929f1352304ef0ca7747fa2db0db7dcf32d2a5b0f68933acb58f32712ef50aefc28a1b7e4315e8b8bcdcacf230200bdc4f41b320969def240c21a259ee319e69711f2c44ed08d7be40e905078534906cb2ae09e653ae3e33ece1e056512798a9525883ad5eaafc394b0c788e57d21b7d076926dd6d583fe220814f4473e67245a3fe732de8bf814baff99d3aad1ca671269bd3f84560e98398aa9f6ba625e9bc516bb88a4fb2a7ec4b3017ac74362f58653b6b7a2226fcbd484a834fe5e8f4a7432fecf8974d57088c7955eee593bd806bb84b46dc2e75c2709c37468866df97e66f49bece821aa8997ec766d6e6529cf96c18a14435ee0ded2bde56d77b2091d4ca1346830edda23d114efe1596201d80fe213b8b7dffa79fc84a2a63c77ac9fae6cb1b8bb99521b43309915da6b28316e400f10fda0f1dbdd25761de798dc894009f391fd96d2471558a2c9656251af547a43"; + char* truth_tm_h = "02C0000018000005DEADBEEFDEADBEEFDEADBEEFDEADBEEFFF00AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBD254"; char* truth_tm_b = NULL; int truth_tm_len = 0; hex_conversion(truth_tm_h, &truth_tm_b, &truth_tm_len); @@ -979,9 +988,10 @@ UTEST(TM_APPLY_ENC_VAL, AES_GCM_BITMASK_1) sa_if->sa_get_from_spi(1, &sa_ptr); sa_ptr->sa_state = SA_NONE; - // Activate SA 9 - sa_if->sa_get_from_spi(9, &sa_ptr); + // Activate SA 5 + sa_if->sa_get_from_spi(5, &sa_ptr); sa_ptr->gvcid_blk.scid = 44; + sa_ptr->gvcid_blk.vcid = 0; sa_ptr->arsn_len = 0; sa_ptr->abm_len = 1786; memset(sa_ptr->abm, 0xFF, (sa_ptr->abm_len * sizeof(uint8_t))); // Bitmask @@ -1064,7 +1074,7 @@ UTEST(TM_APPLY_ENC_VAL, AEAD_AES_GCM_BITMASK_1) hex_conversion(framed_tm_h, &framed_tm_b, &framed_tm_len); // Truth frame setup - char* truth_tm_h = "02c0000018000009deadbeefdeadbeefdeadbeefdeadbeef0b355a29091cc09b6434ca743273c0a1f0529d44cedd32f09b9dbb45ab35c4b607c4783aaefe7068f6924f069e335dacbf11cb0aba3268b6e1f5b12d6a9ce5e26bf249125ce02cecd90f17f642a9ed8524e73cbca4a125d16a00babca86146b264f2e36d3f81a8645b8b8a66214c473efdbf6f8faa435c9dc3b839bde4fadea2d8a5c9edfd7e1db8b1ba6c1b10e20f82d98c3959104e826c5dc4f63228f5d3fda431adcb775a2300000113e3fee4b87f2f87550b66fa001494c23357a2f095f3593790f6bbbc6eddc301422a8ab70c51b20924c02d202da34523823c8e08b7973e6eb4ab7ba5f7a78dd5513c911bc5213087091629f3600856b9d4a756337f92dd3f853d442f1f0c9966eb7d5e7954f5963ad83382ee13b20f2866ae7393e54b81e25e7598da37959b9f195aa2a9c858c867ff84af8e079baffeeb19102b22800d42938819771eb622aac490bcedaa7ea2481b0547e687ccb95e26a2922166d7cab077ef0e06ec3bf07764de160c3c0db07a9f93d41ece84521ec0e82d9a3658b502850b19cac88e6b5d0c975f850616bd3f2a950b01a38f903108a1a12f38ede3b6833b7126e2af81b719147bcda0aee5bd60e90a8dd800ef5f967400773ee79334f08480b110dfabb2946826828aca98c16004d1d78c1c18c384a19a0afb73792abfdfc55dbe7b36496114b85c28c954d8ff6d661b92e5cd1541d5843e55cfa1f48f08423301012583a7f770c3d3c0ca1a54bafaece16e35c45423474de63d98e966a6a65abaa012798562f18fde35426bea7e75f06f3e2a2538ae992e6996f2fa48f8c2ca179ed76c0f817b47b64bba561f7502b672188200c360d709de7da7443abbfe5506604a6394d3dc7914e71df54efed8dcb264e07b8b7eb50015dd33a11354fa85fcda7b225b1a89ac68827946d1c94fe6e926fda7c4ee8cbf8dafb2bb2fc3900914f04dff504ccec0a45bd78784aa43d9aaa3eff8f72eac5c2e7fbdd9c78f49dad8624dc84329ca1753840284f4dab6102ebd1da47ed9a7e7cb055318d359a5ba9e55434740731ead208457ae94a169135fd02e99e68775f5f99550be0ff79ad2bafe7d4c08fab79d101273f3cae8c6e66585248779238705a1d1d4531347eb593edf7d55e85c91c633f6185782dcb3942ddc78be75ee20bd42ad42cac5440f5579c690d3a127c0962c4d6250dbafc2622b47d1ee505d3dba523592530d78644e2ac4b2e352d584c14191599df0eb1f8e78a20fcf3be1b76e6efa374a8a9f119ae92a707e056bcc5a4b9ad27739fc7cfca27e3ed0d33a0e724089930cf5a947e9eff24c4a3bf5147150d65f4a781723b4ffe230af61e25f5e1a7d74565a52411af43700a05ac1a3e778b7d85b1570895726f394a7345aeb634c4185ff6c2603efc4f00422163b37bd5ec98bd320139ec0e3b69563e9216c236f9516cf2305fc8cc7995e7813a9dc6ada3ab6d503368103eb349199345a449e636524dfc87ece09bb2a8c5323eca50875dec26d25eedff6e3908b9086ca182cc93300008623074f1ad52f1cfe6ef32a6bcf78ad4621cdcc5ff4e6282eed12c3939e28f66faa2b47ab4c0bed328a883995f8616ffa8ee3e66905e9719e7c980d2bcbe0744fc1795956c46adca32b9d3fce5c968b65794b9b10526821f82be34d7c76ce097e5973335015b99c1d8398d0b1d17353f221f9657f90e2bbbfa0f196664edb5b22f4d352e5b1bf3734d6a95678ad5d3a5cb3a76a8938ff2058a4e0297ae9a50df6b4231ea6319db77476aedd7dcbc091d018c89a66eb8e05b42b7e2ef76776b563d432bb3b51827e73212e68d693bbbea8922c5a184394dfd7ec296324f7d91dc4ba950a9edb25f29112b843d662cebc630ca24e4b93a31e7e0b644bafad2435167fa6f9195b3b23971effb4bdbd0f65af8ef2cd1146fc533b7c83cc83fe1540294de3e16154e8fca507b2fc0154677aca2d3718a76924b9e8585bf25f14729fce656b426704293ae6a8181e3929f1352304ef0ca7747fa2db0db7dcf32d2a5b0f68933acb58f32712ef50aefc28a1b7e4315e8b8bcdcacf230200bdc4f41b320969def240c21a259ee319e69711f2c44ed08d7be40e905078534906cb2ae09e653ae3e33ece1e056512798a9525883ad5eaafc394b0c788e57d21b7d076926dd6d583fe220814f4473e67245a3fe732de8bf814baff99d3aad1ca671269bd3f84560e98398aa9f6ba625e9bc516bb88a4fb2a7ec4b3017ac74362f58653b6b7a2226fcbd484a834fe5e8f4a7432fecf8974d57088c7955eee593bd806bb84b46dc2e75c2709c37468866df97e66f49bece821aa8997ec766d6e6529cf96c18a14435ee0ded2bde56d77b2091d4ca1346830edda23d114efe1596201d80fe213b8b7dffa79fc84a2a63c77ac9fae6cb1b8bb99521b43309915da6b28316e400f10fda0f1dbdd25761de798dc894020d24577ede4a947914fd2647400f38d9a92"; + char* truth_tm_h = "02C0000018000005DEADBEEFDEADBEEFDEADBEEFDEADBEEFFF00AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBCCDDCCDDCCDDCCDDCCDDCCDDCCDDCCDD2261"; char* truth_tm_b = NULL; int truth_tm_len = 0; hex_conversion(truth_tm_h, &truth_tm_b, &truth_tm_len); @@ -1075,9 +1085,10 @@ UTEST(TM_APPLY_ENC_VAL, AEAD_AES_GCM_BITMASK_1) // Deactivate SA 1 sa_if->sa_get_from_spi(1, &sa_ptr); sa_ptr->sa_state = SA_NONE; - // Activate SA 9 - sa_if->sa_get_from_spi(9, &sa_ptr); + // Activate SA 5 + sa_if->sa_get_from_spi(5, &sa_ptr); sa_ptr->gvcid_blk.scid = 44; + sa_ptr->gvcid_blk.vcid = 0; sa_ptr->arsn_len = 0; sa_ptr->abm_len = 1786; memset(sa_ptr->abm, 0xFF, (sa_ptr->abm_len * sizeof(uint8_t))); // Bitmask diff --git a/test/unit/ut_tm_process.c b/test/unit/ut_tm_process.c index dbf817c4..c321cf2e 100644 --- a/test/unit/ut_tm_process.c +++ b/test/unit/ut_tm_process.c @@ -137,14 +137,14 @@ UTEST(TM_PROCESS_SECURITY, HAPPY_PATH_CLEAR_FECF) status = Crypto_Init(); // Test frame setup - // Note: SPI 12 (0x0C) - char* framed_tm_h = "02C000001800000C08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB415B"; + // Note: SPI 5 (0x05) + char* framed_tm_h = "02C000001800000508010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBCD4E"; char* framed_tm_b = NULL; int framed_tm_len = 0; hex_conversion(framed_tm_h, &framed_tm_b, &framed_tm_len); // Truth frame setup - char* truth_tm_h = "02C000001800000008010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB0000"; + char* truth_tm_h = "02C000001800000000000000000000000000000066778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB0000"; char* truth_tm_b = NULL; int truth_tm_len = 0; hex_conversion(truth_tm_h, &truth_tm_b, &truth_tm_len); @@ -195,17 +195,40 @@ UTEST(TM_PROCESS_SECURITY, SECONDARY_HDR_PRESENT_PLAINTEXT) status = Crypto_Init(); // Test frame setup - char* framed_tm_h = "02C00000980006AABBCCDDEEFF000C08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA6e76"; + char* framed_tm_h = "02C00000980006AABBCCDDEEFF000508010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA9DC8"; char* framed_tm_b = NULL; int framed_tm_len = 0; hex_conversion(framed_tm_h, &framed_tm_b, &framed_tm_len); // Truth frame setup - char* truth_tm_h = "02C00000980006AABBCCDDEEFF000008010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA0000"; + char* truth_tm_h = "02C00000980006AABBCCDDEEFF000000000000000000000000000000008899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA0000"; char* truth_tm_b = NULL; int truth_tm_len = 0; hex_conversion(truth_tm_h, &truth_tm_b, &truth_tm_len); + SecurityAssociation_t* sa_ptr; + // Deactivate SA 1 + sa_if->sa_get_from_spi(1, &sa_ptr); + sa_ptr->sa_state = SA_NONE; + // Activate SA 5 + sa_if->sa_get_from_spi(5, &sa_ptr); + sa_ptr->gvcid_blk.scid = 44; + sa_ptr->gvcid_blk.vcid = 0; + sa_ptr->arsn_len = 0; + sa_ptr->abm_len = 1786; + memset(sa_ptr->abm, 0xFF, (sa_ptr->abm_len * sizeof(uint8_t))); // Bitmask + sa_ptr->sa_state = SA_OPERATIONAL; + sa_ptr->ast =0; + sa_ptr->ecs_len = 1; + sa_ptr->ecs = 0; + sa_ptr->acs_len = 0; + sa_ptr->acs = 0; + sa_ptr->iv_len = 16; + sa_ptr->shivf_len = 16; + sa_ptr->stmacf_len = 0; + + + status = Crypto_TM_ProcessSecurity((uint8_t* )framed_tm_b, framed_tm_len, &ptr_processed_frame, &processed_tm_len); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); // Determine managed parameters by GVCID, which nominally happens in TO @@ -933,13 +956,13 @@ UTEST(TM_PROCESS_ENC_VAL, AES_GCM_BITMASK_1) SaInterface sa_if = get_sa_interface_inmemory(); // Test frame setup Header |SPI| IV | Data - char* framed_tm_h = "02c0000018000009deadbeefdeadbeefdeadbeefdeadbeef0b355a29091cc09b6434ca743273c0a1f0529d44cedd32f09b9dbb45ab35c4b607c4783aaefe7068f6924f069e335dacbf11cb0aba3268b6e1f5b12d6a9ce5e26bf249125ce02cecd90f17f642a9ed8524e73cbca4a125d16a00babca86146b264f2e36d3f81a8645b8b8a66214c473efdbf6f8faa435c9dc3b839bde4fadea2d8a5c9edfd7e1db8b1ba6c1b10e20f82d98c3959104e826c5dc4f63228f5d3fda431adcb775a2300000113e3fee4b87f2f87550b66fa001494c23357a2f095f3593790f6bbbc6eddc301422a8ab70c51b20924c02d202da34523823c8e08b7973e6eb4ab7ba5f7a78dd5513c911bc5213087091629f3600856b9d4a756337f92dd3f853d442f1f0c9966eb7d5e7954f5963ad83382ee13b20f2866ae7393e54b81e25e7598da37959b9f195aa2a9c858c867ff84af8e079baffeeb19102b22800d42938819771eb622aac490bcedaa7ea2481b0547e687ccb95e26a2922166d7cab077ef0e06ec3bf07764de160c3c0db07a9f93d41ece84521ec0e82d9a3658b502850b19cac88e6b5d0c975f850616bd3f2a950b01a38f903108a1a12f38ede3b6833b7126e2af81b719147bcda0aee5bd60e90a8dd800ef5f967400773ee79334f08480b110dfabb2946826828aca98c16004d1d78c1c18c384a19a0afb73792abfdfc55dbe7b36496114b85c28c954d8ff6d661b92e5cd1541d5843e55cfa1f48f08423301012583a7f770c3d3c0ca1a54bafaece16e35c45423474de63d98e966a6a65abaa012798562f18fde35426bea7e75f06f3e2a2538ae992e6996f2fa48f8c2ca179ed76c0f817b47b64bba561f7502b672188200c360d709de7da7443abbfe5506604a6394d3dc7914e71df54efed8dcb264e07b8b7eb50015dd33a11354fa85fcda7b225b1a89ac68827946d1c94fe6e926fda7c4ee8cbf8dafb2bb2fc3900914f04dff504ccec0a45bd78784aa43d9aaa3eff8f72eac5c2e7fbdd9c78f49dad8624dc84329ca1753840284f4dab6102ebd1da47ed9a7e7cb055318d359a5ba9e55434740731ead208457ae94a169135fd02e99e68775f5f99550be0ff79ad2bafe7d4c08fab79d101273f3cae8c6e66585248779238705a1d1d4531347eb593edf7d55e85c91c633f6185782dcb3942ddc78be75ee20bd42ad42cac5440f5579c690d3a127c0962c4d6250dbafc2622b47d1ee505d3dba523592530d78644e2ac4b2e352d584c14191599df0eb1f8e78a20fcf3be1b76e6efa374a8a9f119ae92a707e056bcc5a4b9ad27739fc7cfca27e3ed0d33a0e724089930cf5a947e9eff24c4a3bf5147150d65f4a781723b4ffe230af61e25f5e1a7d74565a52411af43700a05ac1a3e778b7d85b1570895726f394a7345aeb634c4185ff6c2603efc4f00422163b37bd5ec98bd320139ec0e3b69563e9216c236f9516cf2305fc8cc7995e7813a9dc6ada3ab6d503368103eb349199345a449e636524dfc87ece09bb2a8c5323eca50875dec26d25eedff6e3908b9086ca182cc93300008623074f1ad52f1cfe6ef32a6bcf78ad4621cdcc5ff4e6282eed12c3939e28f66faa2b47ab4c0bed328a883995f8616ffa8ee3e66905e9719e7c980d2bcbe0744fc1795956c46adca32b9d3fce5c968b65794b9b10526821f82be34d7c76ce097e5973335015b99c1d8398d0b1d17353f221f9657f90e2bbbfa0f196664edb5b22f4d352e5b1bf3734d6a95678ad5d3a5cb3a76a8938ff2058a4e0297ae9a50df6b4231ea6319db77476aedd7dcbc091d018c89a66eb8e05b42b7e2ef76776b563d432bb3b51827e73212e68d693bbbea8922c5a184394dfd7ec296324f7d91dc4ba950a9edb25f29112b843d662cebc630ca24e4b93a31e7e0b644bafad2435167fa6f9195b3b23971effb4bdbd0f65af8ef2cd1146fc533b7c83cc83fe1540294de3e16154e8fca507b2fc0154677aca2d3718a76924b9e8585bf25f14729fce656b426704293ae6a8181e3929f1352304ef0ca7747fa2db0db7dcf32d2a5b0f68933acb58f32712ef50aefc28a1b7e4315e8b8bcdcacf230200bdc4f41b320969def240c21a259ee319e69711f2c44ed08d7be40e905078534906cb2ae09e653ae3e33ece1e056512798a9525883ad5eaafc394b0c788e57d21b7d076926dd6d583fe220814f4473e67245a3fe732de8bf814baff99d3aad1ca671269bd3f84560e98398aa9f6ba625e9bc516bb88a4fb2a7ec4b3017ac74362f58653b6b7a2226fcbd484a834fe5e8f4a7432fecf8974d57088c7955eee593bd806bb84b46dc2e75c2709c37468866df97e66f49bece821aa8997ec766d6e6529cf96c18a14435ee0ded2bde56d77b2091d4ca1346830edda23d114efe1596201d80fe213b8b7dffa79fc84a2a63c77ac9fae6cb1b8bb99521b43309915da6b28316e400f10fda0f1dbdd25761de798dc894009f391fd96d2471558a2c9656251af547a43"; + char* framed_tm_h = "02c0000018000005deadbeefdeadbeefdeadbeefdeadbeef0b355a29091cc09b6434ca743273c0a1f0529d44cedd32f09b9dbb45ab35c4b607c4783aaefe7068f6924f069e335dacbf11cb0aba3268b6e1f5b12d6a9ce5e26bf249125ce02cecd90f17f642a9ed8524e73cbca4a125d16a00babca86146b264f2e36d3f81a8645b8b8a66214c473efdbf6f8faa435c9dc3b839bde4fadea2d8a5c9edfd7e1db8b1ba6c1b10e20f82d98c3959104e826c5dc4f63228f5d3fda431adcb775a2300000113e3fee4b87f2f87550b66fa001494c23357a2f095f3593790f6bbbc6eddc301422a8ab70c51b20924c02d202da34523823c8e08b7973e6eb4ab7ba5f7a78dd5513c911bc5213087091629f3600856b9d4a756337f92dd3f853d442f1f0c9966eb7d5e7954f5963ad83382ee13b20f2866ae7393e54b81e25e7598da37959b9f195aa2a9c858c867ff84af8e079baffeeb19102b22800d42938819771eb622aac490bcedaa7ea2481b0547e687ccb95e26a2922166d7cab077ef0e06ec3bf07764de160c3c0db07a9f93d41ece84521ec0e82d9a3658b502850b19cac88e6b5d0c975f850616bd3f2a950b01a38f903108a1a12f38ede3b6833b7126e2af81b719147bcda0aee5bd60e90a8dd800ef5f967400773ee79334f08480b110dfabb2946826828aca98c16004d1d78c1c18c384a19a0afb73792abfdfc55dbe7b36496114b85c28c954d8ff6d661b92e5cd1541d5843e55cfa1f48f08423301012583a7f770c3d3c0ca1a54bafaece16e35c45423474de63d98e966a6a65abaa012798562f18fde35426bea7e75f06f3e2a2538ae992e6996f2fa48f8c2ca179ed76c0f817b47b64bba561f7502b672188200c360d709de7da7443abbfe5506604a6394d3dc7914e71df54efed8dcb264e07b8b7eb50015dd33a11354fa85fcda7b225b1a89ac68827946d1c94fe6e926fda7c4ee8cbf8dafb2bb2fc3900914f04dff504ccec0a45bd78784aa43d9aaa3eff8f72eac5c2e7fbdd9c78f49dad8624dc84329ca1753840284f4dab6102ebd1da47ed9a7e7cb055318d359a5ba9e55434740731ead208457ae94a169135fd02e99e68775f5f99550be0ff79ad2bafe7d4c08fab79d101273f3cae8c6e66585248779238705a1d1d4531347eb593edf7d55e85c91c633f6185782dcb3942ddc78be75ee20bd42ad42cac5440f5579c690d3a127c0962c4d6250dbafc2622b47d1ee505d3dba523592530d78644e2ac4b2e352d584c14191599df0eb1f8e78a20fcf3be1b76e6efa374a8a9f119ae92a707e056bcc5a4b9ad27739fc7cfca27e3ed0d33a0e724089930cf5a947e9eff24c4a3bf5147150d65f4a781723b4ffe230af61e25f5e1a7d74565a52411af43700a05ac1a3e778b7d85b1570895726f394a7345aeb634c4185ff6c2603efc4f00422163b37bd5ec98bd320139ec0e3b69563e9216c236f9516cf2305fc8cc7995e7813a9dc6ada3ab6d503368103eb349199345a449e636524dfc87ece09bb2a8c5323eca50875dec26d25eedff6e3908b9086ca182cc93300008623074f1ad52f1cfe6ef32a6bcf78ad4621cdcc5ff4e6282eed12c3939e28f66faa2b47ab4c0bed328a883995f8616ffa8ee3e66905e9719e7c980d2bcbe0744fc1795956c46adca32b9d3fce5c968b65794b9b10526821f82be34d7c76ce097e5973335015b99c1d8398d0b1d17353f221f9657f90e2bbbfa0f196664edb5b22f4d352e5b1bf3734d6a95678ad5d3a5cb3a76a8938ff2058a4e0297ae9a50df6b4231ea6319db77476aedd7dcbc091d018c89a66eb8e05b42b7e2ef76776b563d432bb3b51827e73212e68d693bbbea8922c5a184394dfd7ec296324f7d91dc4ba950a9edb25f29112b843d662cebc630ca24e4b93a31e7e0b644bafad2435167fa6f9195b3b23971effb4bdbd0f65af8ef2cd1146fc533b7c83cc83fe1540294de3e16154e8fca507b2fc0154677aca2d3718a76924b9e8585bf25f14729fce656b426704293ae6a8181e3929f1352304ef0ca7747fa2db0db7dcf32d2a5b0f68933acb58f32712ef50aefc28a1b7e4315e8b8bcdcacf230200bdc4f41b320969def240c21a259ee319e69711f2c44ed08d7be40e905078534906cb2ae09e653ae3e33ece1e056512798a9525883ad5eaafc394b0c788e57d21b7d076926dd6d583fe220814f4473e67245a3fe732de8bf814baff99d3aad1ca671269bd3f84560e98398aa9f6ba625e9bc516bb88a4fb2a7ec4b3017ac74362f58653b6b7a2226fcbd484a834fe5e8f4a7432fecf8974d57088c7955eee593bd806bb84b46dc2e75c2709c37468866df97e66f49bece821aa8997ec766d6e6529cf96c18a14435ee0ded2bde56d77b2091d4ca1346830edda23d114efe1596201d80fe213b8b7dffa79fc84a2a63c77ac9fae6cb1b8bb99521b43309915da6b28316e400f10fda0f1dbdd25761de798dc894009f391fd96d2471558a2c9656251af547a43"; char* framed_tm_b = NULL; int framed_tm_len = 0; hex_conversion(framed_tm_h, &framed_tm_b, &framed_tm_len); // Truth frame setup - char* truth_tm_h = "02C000001800000000000000000000000000000000000000AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB0000"; + char* truth_tm_h = "02c00000180000000000000000000000000000000000beef0b355a29091cc09b6434ca743273c0a1f0529d44cedd32f09b9dbb45ab35c4b607c4783aaefe7068f6924f069e335dacbf11cb0aba3268b6e1f5b12d6a9ce5e26bf249125ce02cecd90f17f642a9ed8524e73cbca4a125d16a00babca86146b264f2e36d3f81a8645b8b8a66214c473efdbf6f8faa435c9dc3b839bde4fadea2d8a5c9edfd7e1db8b1ba6c1b10e20f82d98c3959104e826c5dc4f63228f5d3fda431adcb775a2300000113e3fee4b87f2f87550b66fa001494c23357a2f095f3593790f6bbbc6eddc301422a8ab70c51b20924c02d202da34523823c8e08b7973e6eb4ab7ba5f7a78dd5513c911bc5213087091629f3600856b9d4a756337f92dd3f853d442f1f0c9966eb7d5e7954f5963ad83382ee13b20f2866ae7393e54b81e25e7598da37959b9f195aa2a9c858c867ff84af8e079baffeeb19102b22800d42938819771eb622aac490bcedaa7ea2481b0547e687ccb95e26a2922166d7cab077ef0e06ec3bf07764de160c3c0db07a9f93d41ece84521ec0e82d9a3658b502850b19cac88e6b5d0c975f850616bd3f2a950b01a38f903108a1a12f38ede3b6833b7126e2af81b719147bcda0aee5bd60e90a8dd800ef5f967400773ee79334f08480b110dfabb2946826828aca98c16004d1d78c1c18c384a19a0afb73792abfdfc55dbe7b36496114b85c28c954d8ff6d661b92e5cd1541d5843e55cfa1f48f08423301012583a7f770c3d3c0ca1a54bafaece16e35c45423474de63d98e966a6a65abaa012798562f18fde35426bea7e75f06f3e2a2538ae992e6996f2fa48f8c2ca179ed76c0f817b47b64bba561f7502b672188200c360d709de7da7443abbfe5506604a6394d3dc7914e71df54efed8dcb264e07b8b7eb50015dd33a11354fa85fcda7b225b1a89ac68827946d1c94fe6e926fda7c4ee8cbf8dafb2bb2fc3900914f04dff504ccec0a45bd78784aa43d9aaa3eff8f72eac5c2e7fbdd9c78f49dad8624dc84329ca1753840284f4dab6102ebd1da47ed9a7e7cb055318d359a5ba9e55434740731ead208457ae94a169135fd02e99e68775f5f99550be0ff79ad2bafe7d4c08fab79d101273f3cae8c6e66585248779238705a1d1d4531347eb593edf7d55e85c91c633f6185782dcb3942ddc78be75ee20bd42ad42cac5440f5579c690d3a127c0962c4d6250dbafc2622b47d1ee505d3dba523592530d78644e2ac4b2e352d584c14191599df0eb1f8e78a20fcf3be1b76e6efa374a8a9f119ae92a707e056bcc5a4b9ad27739fc7cfca27e3ed0d33a0e724089930cf5a947e9eff24c4a3bf5147150d65f4a781723b4ffe230af61e25f5e1a7d74565a52411af43700a05ac1a3e778b7d85b1570895726f394a7345aeb634c4185ff6c2603efc4f00422163b37bd5ec98bd320139ec0e3b69563e9216c236f9516cf2305fc8cc7995e7813a9dc6ada3ab6d503368103eb349199345a449e636524dfc87ece09bb2a8c5323eca50875dec26d25eedff6e3908b9086ca182cc93300008623074f1ad52f1cfe6ef32a6bcf78ad4621cdcc5ff4e6282eed12c3939e28f66faa2b47ab4c0bed328a883995f8616ffa8ee3e66905e9719e7c980d2bcbe0744fc1795956c46adca32b9d3fce5c968b65794b9b10526821f82be34d7c76ce097e5973335015b99c1d8398d0b1d17353f221f9657f90e2bbbfa0f196664edb5b22f4d352e5b1bf3734d6a95678ad5d3a5cb3a76a8938ff2058a4e0297ae9a50df6b4231ea6319db77476aedd7dcbc091d018c89a66eb8e05b42b7e2ef76776b563d432bb3b51827e73212e68d693bbbea8922c5a184394dfd7ec296324f7d91dc4ba950a9edb25f29112b843d662cebc630ca24e4b93a31e7e0b644bafad2435167fa6f9195b3b23971effb4bdbd0f65af8ef2cd1146fc533b7c83cc83fe1540294de3e16154e8fca507b2fc0154677aca2d3718a76924b9e8585bf25f14729fce656b426704293ae6a8181e3929f1352304ef0ca7747fa2db0db7dcf32d2a5b0f68933acb58f32712ef50aefc28a1b7e4315e8b8bcdcacf230200bdc4f41b320969def240c21a259ee319e69711f2c44ed08d7be40e905078534906cb2ae09e653ae3e33ece1e056512798a9525883ad5eaafc394b0c788e57d21b7d076926dd6d583fe220814f4473e67245a3fe732de8bf814baff99d3aad1ca671269bd3f84560e98398aa9f6ba625e9bc516bb88a4fb2a7ec4b3017ac74362f58653b6b7a2226fcbd484a834fe5e8f4a7432fecf8974d57088c7955eee593bd806bb84b46dc2e75c2709c37468866df97e66f49bece821aa8997ec766d6e6529cf96c18a14435ee0ded2bde56d77b2091d4ca1346830edda23d114efe1596201d80fe213b8b7dffa79fc84a2a63c77ac9fae6cb1b8bb99521b43309915da6b28316e400f10fda0f1dbdd25761de798dc894009f391fd96d2471558a2c9656251af540000"; char* truth_tm_b = NULL; int truth_tm_len = 0; hex_conversion(truth_tm_h, &truth_tm_b, &truth_tm_len); @@ -960,8 +983,8 @@ UTEST(TM_PROCESS_ENC_VAL, AES_GCM_BITMASK_1) // Deactivate SA 1 sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - // Activate SA 9 - sa_if->sa_get_from_spi(9, &test_association); + // Activate SA 5 + sa_if->sa_get_from_spi(5, &test_association); test_association->arsn_len = 0; test_association->abm_len = 1786; memset(test_association->abm, 0xFF, (test_association->abm_len * sizeof(uint8_t))); // Bitmask @@ -1003,7 +1026,7 @@ UTEST(TM_PROCESS_ENC_VAL, AES_GCM_BITMASK_1) printf("\nDoing final checks:\n\t"); for (int i = 0; i < 1786; i++) { - // printf("%02x", ptr_processed_frame[i]); + printf("%02x", ptr_processed_frame[i]); ASSERT_EQ(ptr_processed_frame[i], (uint8_t)*(truth_tm_b + i)); } @@ -1040,13 +1063,13 @@ UTEST(TM_PROCESS_ENC_VAL, AEAD_AES_GCM_BITMASK_1) SaInterface sa_if = get_sa_interface_inmemory(); // Test frame setup Header |SPI| IV | Data | MAC | FECF - char* framed_tm_h = "02c0000018000009deadbeefdeadbeefdeadbeefdeadbeef0b355a29091cc09b6434ca743273c0a1f0529d44cedd32f09b9dbb45ab35c4b607c4783aaefe7068f6924f069e335dacbf11cb0aba3268b6e1f5b12d6a9ce5e26bf249125ce02cecd90f17f642a9ed8524e73cbca4a125d16a00babca86146b264f2e36d3f81a8645b8b8a66214c473efdbf6f8faa435c9dc3b839bde4fadea2d8a5c9edfd7e1db8b1ba6c1b10e20f82d98c3959104e826c5dc4f63228f5d3fda431adcb775a2300000113e3fee4b87f2f87550b66fa001494c23357a2f095f3593790f6bbbc6eddc301422a8ab70c51b20924c02d202da34523823c8e08b7973e6eb4ab7ba5f7a78dd5513c911bc5213087091629f3600856b9d4a756337f92dd3f853d442f1f0c9966eb7d5e7954f5963ad83382ee13b20f2866ae7393e54b81e25e7598da37959b9f195aa2a9c858c867ff84af8e079baffeeb19102b22800d42938819771eb622aac490bcedaa7ea2481b0547e687ccb95e26a2922166d7cab077ef0e06ec3bf07764de160c3c0db07a9f93d41ece84521ec0e82d9a3658b502850b19cac88e6b5d0c975f850616bd3f2a950b01a38f903108a1a12f38ede3b6833b7126e2af81b719147bcda0aee5bd60e90a8dd800ef5f967400773ee79334f08480b110dfabb2946826828aca98c16004d1d78c1c18c384a19a0afb73792abfdfc55dbe7b36496114b85c28c954d8ff6d661b92e5cd1541d5843e55cfa1f48f08423301012583a7f770c3d3c0ca1a54bafaece16e35c45423474de63d98e966a6a65abaa012798562f18fde35426bea7e75f06f3e2a2538ae992e6996f2fa48f8c2ca179ed76c0f817b47b64bba561f7502b672188200c360d709de7da7443abbfe5506604a6394d3dc7914e71df54efed8dcb264e07b8b7eb50015dd33a11354fa85fcda7b225b1a89ac68827946d1c94fe6e926fda7c4ee8cbf8dafb2bb2fc3900914f04dff504ccec0a45bd78784aa43d9aaa3eff8f72eac5c2e7fbdd9c78f49dad8624dc84329ca1753840284f4dab6102ebd1da47ed9a7e7cb055318d359a5ba9e55434740731ead208457ae94a169135fd02e99e68775f5f99550be0ff79ad2bafe7d4c08fab79d101273f3cae8c6e66585248779238705a1d1d4531347eb593edf7d55e85c91c633f6185782dcb3942ddc78be75ee20bd42ad42cac5440f5579c690d3a127c0962c4d6250dbafc2622b47d1ee505d3dba523592530d78644e2ac4b2e352d584c14191599df0eb1f8e78a20fcf3be1b76e6efa374a8a9f119ae92a707e056bcc5a4b9ad27739fc7cfca27e3ed0d33a0e724089930cf5a947e9eff24c4a3bf5147150d65f4a781723b4ffe230af61e25f5e1a7d74565a52411af43700a05ac1a3e778b7d85b1570895726f394a7345aeb634c4185ff6c2603efc4f00422163b37bd5ec98bd320139ec0e3b69563e9216c236f9516cf2305fc8cc7995e7813a9dc6ada3ab6d503368103eb349199345a449e636524dfc87ece09bb2a8c5323eca50875dec26d25eedff6e3908b9086ca182cc93300008623074f1ad52f1cfe6ef32a6bcf78ad4621cdcc5ff4e6282eed12c3939e28f66faa2b47ab4c0bed328a883995f8616ffa8ee3e66905e9719e7c980d2bcbe0744fc1795956c46adca32b9d3fce5c968b65794b9b10526821f82be34d7c76ce097e5973335015b99c1d8398d0b1d17353f221f9657f90e2bbbfa0f196664edb5b22f4d352e5b1bf3734d6a95678ad5d3a5cb3a76a8938ff2058a4e0297ae9a50df6b4231ea6319db77476aedd7dcbc091d018c89a66eb8e05b42b7e2ef76776b563d432bb3b51827e73212e68d693bbbea8922c5a184394dfd7ec296324f7d91dc4ba950a9edb25f29112b843d662cebc630ca24e4b93a31e7e0b644bafad2435167fa6f9195b3b23971effb4bdbd0f65af8ef2cd1146fc533b7c83cc83fe1540294de3e16154e8fca507b2fc0154677aca2d3718a76924b9e8585bf25f14729fce656b426704293ae6a8181e3929f1352304ef0ca7747fa2db0db7dcf32d2a5b0f68933acb58f32712ef50aefc28a1b7e4315e8b8bcdcacf230200bdc4f41b320969def240c21a259ee319e69711f2c44ed08d7be40e905078534906cb2ae09e653ae3e33ece1e056512798a9525883ad5eaafc394b0c788e57d21b7d076926dd6d583fe220814f4473e67245a3fe732de8bf814baff99d3aad1ca671269bd3f84560e98398aa9f6ba625e9bc516bb88a4fb2a7ec4b3017ac74362f58653b6b7a2226fcbd484a834fe5e8f4a7432fecf8974d57088c7955eee593bd806bb84b46dc2e75c2709c37468866df97e66f49bece821aa8997ec766d6e6529cf96c18a14435ee0ded2bde56d77b2091d4ca1346830edda23d114efe1596201d80fe213b8b7dffa79fc84a2a63c77ac9fae6cb1b8bb99521b43309915da6b28316e400f10fda0f1dbdd25761de798dc894020d24577ede4a947914fd2647400f38d9a92"; + char* framed_tm_h = "02c0000018000005deadbeefdeadbeefdeadbeefdeadbeef0b355a29091cc09b6434ca743273c0a1f0529d44cedd32f09b9dbb45ab35c4b607c4783aaefe7068f6924f069e335dacbf11cb0aba3268b6e1f5b12d6a9ce5e26bf249125ce02cecd90f17f642a9ed8524e73cbca4a125d16a00babca86146b264f2e36d3f81a8645b8b8a66214c473efdbf6f8faa435c9dc3b839bde4fadea2d8a5c9edfd7e1db8b1ba6c1b10e20f82d98c3959104e826c5dc4f63228f5d3fda431adcb775a2300000113e3fee4b87f2f87550b66fa001494c23357a2f095f3593790f6bbbc6eddc301422a8ab70c51b20924c02d202da34523823c8e08b7973e6eb4ab7ba5f7a78dd5513c911bc5213087091629f3600856b9d4a756337f92dd3f853d442f1f0c9966eb7d5e7954f5963ad83382ee13b20f2866ae7393e54b81e25e7598da37959b9f195aa2a9c858c867ff84af8e079baffeeb19102b22800d42938819771eb622aac490bcedaa7ea2481b0547e687ccb95e26a2922166d7cab077ef0e06ec3bf07764de160c3c0db07a9f93d41ece84521ec0e82d9a3658b502850b19cac88e6b5d0c975f850616bd3f2a950b01a38f903108a1a12f38ede3b6833b7126e2af81b719147bcda0aee5bd60e90a8dd800ef5f967400773ee79334f08480b110dfabb2946826828aca98c16004d1d78c1c18c384a19a0afb73792abfdfc55dbe7b36496114b85c28c954d8ff6d661b92e5cd1541d5843e55cfa1f48f08423301012583a7f770c3d3c0ca1a54bafaece16e35c45423474de63d98e966a6a65abaa012798562f18fde35426bea7e75f06f3e2a2538ae992e6996f2fa48f8c2ca179ed76c0f817b47b64bba561f7502b672188200c360d709de7da7443abbfe5506604a6394d3dc7914e71df54efed8dcb264e07b8b7eb50015dd33a11354fa85fcda7b225b1a89ac68827946d1c94fe6e926fda7c4ee8cbf8dafb2bb2fc3900914f04dff504ccec0a45bd78784aa43d9aaa3eff8f72eac5c2e7fbdd9c78f49dad8624dc84329ca1753840284f4dab6102ebd1da47ed9a7e7cb055318d359a5ba9e55434740731ead208457ae94a169135fd02e99e68775f5f99550be0ff79ad2bafe7d4c08fab79d101273f3cae8c6e66585248779238705a1d1d4531347eb593edf7d55e85c91c633f6185782dcb3942ddc78be75ee20bd42ad42cac5440f5579c690d3a127c0962c4d6250dbafc2622b47d1ee505d3dba523592530d78644e2ac4b2e352d584c14191599df0eb1f8e78a20fcf3be1b76e6efa374a8a9f119ae92a707e056bcc5a4b9ad27739fc7cfca27e3ed0d33a0e724089930cf5a947e9eff24c4a3bf5147150d65f4a781723b4ffe230af61e25f5e1a7d74565a52411af43700a05ac1a3e778b7d85b1570895726f394a7345aeb634c4185ff6c2603efc4f00422163b37bd5ec98bd320139ec0e3b69563e9216c236f9516cf2305fc8cc7995e7813a9dc6ada3ab6d503368103eb349199345a449e636524dfc87ece09bb2a8c5323eca50875dec26d25eedff6e3908b9086ca182cc93300008623074f1ad52f1cfe6ef32a6bcf78ad4621cdcc5ff4e6282eed12c3939e28f66faa2b47ab4c0bed328a883995f8616ffa8ee3e66905e9719e7c980d2bcbe0744fc1795956c46adca32b9d3fce5c968b65794b9b10526821f82be34d7c76ce097e5973335015b99c1d8398d0b1d17353f221f9657f90e2bbbfa0f196664edb5b22f4d352e5b1bf3734d6a95678ad5d3a5cb3a76a8938ff2058a4e0297ae9a50df6b4231ea6319db77476aedd7dcbc091d018c89a66eb8e05b42b7e2ef76776b563d432bb3b51827e73212e68d693bbbea8922c5a184394dfd7ec296324f7d91dc4ba950a9edb25f29112b843d662cebc630ca24e4b93a31e7e0b644bafad2435167fa6f9195b3b23971effb4bdbd0f65af8ef2cd1146fc533b7c83cc83fe1540294de3e16154e8fca507b2fc0154677aca2d3718a76924b9e8585bf25f14729fce656b426704293ae6a8181e3929f1352304ef0ca7747fa2db0db7dcf32d2a5b0f68933acb58f32712ef50aefc28a1b7e4315e8b8bcdcacf230200bdc4f41b320969def240c21a259ee319e69711f2c44ed08d7be40e905078534906cb2ae09e653ae3e33ece1e056512798a9525883ad5eaafc394b0c788e57d21b7d076926dd6d583fe220814f4473e67245a3fe732de8bf814baff99d3aad1ca671269bd3f84560e98398aa9f6ba625e9bc516bb88a4fb2a7ec4b3017ac74362f58653b6b7a2226fcbd484a834fe5e8f4a7432fecf8974d57088c7955eee593bd806bb84b46dc2e75c2709c37468866df97e66f49bece821aa8997ec766d6e6529cf96c18a14435ee0ded2bde56d77b2091d4ca1346830edda23d114efe1596201d80fe213b8b7dffa79fc84a2a63c77ac9fae6cb1b8bb99521b43309915da6b28316e400f10fda0f1dbdd25761de798dc8940E28F8D4AF98508C50E9FB1B11012DB279a92"; char* framed_tm_b = NULL; int framed_tm_len = 0; hex_conversion(framed_tm_h, &framed_tm_b, &framed_tm_len); // Truth frame setup - char* truth_tm_h = "02C000001800000000000000000000000000000000000000AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB000000000000000000000000000000000000"; + char* truth_tm_h = "02C00000180000000000000000000000000000000000ABBE7D61948B49642780CBEDF9D81E93832EE23D00880A021621426E81EE87187AB2D74372744DD9834F5780E4DB4ACC2C83ABBDBD4A0664C18CF157FE112195E99157D0CD701B80359D1D4F771C99309CF3FD8FAB066F530AC8E9AB84B4981F2DB43FFA40C38567DAAA3A74A90B638BB37879E8F3D439AF851D0F0210916844549FE784F36BF57EB6865272B87A3A47C1B81CF6A9BE66E2FCD3A304617B8143E8010036BEECB5D232974A21035162A9A840404FA2C21C4BD6BB31D253B3D15CE28BB3613BAE5D5A1883D3AEE2D645BA9CFDFFED3FFB4F369C81529656BD834F896D4E0D0AE14FF7ED00FB04A2814F1D2C05790D81BAB41ADC9C28A48C301BDFFB740276F23DE5E7B01C17F7472A16F3DC0F36A2524ACFD4D6B985D19855C2D362E4F8BF08961B7C01B2AB6719363E22A88EB7C1CF45F77D2AC610696E8D9EBB2002142B31B78BD59B90726DD8E5CB66B0975244F58AB0CFAA12F7412C85C1D94411999F71D8F1374661549867F326B971CD54293288FCE32D31CAF0D36F8C34F6915D0AEFFA79E153F62AE1BC96729EA4CF38DD20A5C32CB6AFFBFC9406E023C0146AF952315B54E4FDFD1968DBBE903CBBE504EEC52EDFB0BB45A43257BD65C595800CC826FE0F51FDE021B2621C1C2C22CBC6CEF368707070DB7A51EF0B85EFF895726A15DE35127DFC296FF063A40AA560FEAC5DB5D88B6D945791BAFCC820D50F4D3EEB552E8B331A3274F862BEA7C4197569616BD1CF39830F2B839227629BBF061C86CAF602EFCF8B3FE6055A1FD7C984670A5FF9AE9C8F0F5AB296180B4005CA57CA772535BEC28D7F473C1E69697256AE32B67B9D17A90F9CF7D4A366ECEA5BEDFB75F4F6DC7EDD94D19E34D55F14B1C4707605F11B34B198669DD752950A1935545F29D6BF371CCEF29CE265E4AD76EB7762AD7A5C90569E0426A6141B27162A0A0F35515138A478C5802FAC92D974383B708F418BCC852F077A8200E546149195C0C491319EE8A9EF4ACBE678A80F3F257AE7B6130360209C4E2B8DCBD3B6BC405B83BD6CE21975441772769400F0668454B537B7FEA2461648A549AD676CD1CAE5E3465979D0A44CD9B99E99EB4EB1A979AF458A2DAC28E42B8602EBC96975FACABE518BFC52E37D5DDFA643E2E04432824EF697E03BF97E7B50406EF43F20942E9FDDD9DAD6EB4A2C36D02DC32504AF6E5F44691C9418A1035410E002AB10F9A59F4500F43CC565C7705E4AA024BED1A30998DE13202272548953DEE02601513601942713860A47710F5E87674C9EB7522F2D505EBD08F9A80E9BE839B778D8BE23AC4E1D43B03D9A5B096AC8DC0E0C50D20B9BCBCA8DBE92F987E7D32884ECD2B45ACDFF363ADD95747DDAE060EB9958CE341A1F4D241E654FC878107C2EC8497B0F186781B2CBD23B09AFA0A48055768B16804E784CC91A2A90F4652C311D80820D5B656FA5882629C02871C4EE664CF5F1B785DDD63E42443103409693A66848B83F061644D11E6FB7C4B33FA51415B1556070DED7494D3CE5FEF874E5D393710AFA75D9546F47AEF73F324505151E7FBAD3B990C2E6DBF75AC10E1B1A564DB3D9978171AA2AA25BD30348F5B3CE3EF42CC3D3693A73EE13D31529D1EFE0060802444FD6D5C30A38235039976265D99D2BEA11494C50B93E11772E53CDF2D32EB11BF8B10F175FA6041DEB89C2397F3C145E3D2864F289365C2C26F1FBA6FEA2A8F70B54C51B29A13CB7AEE712CE6386A02C6536455FC2159ACE09EB8DCEC97457DDF907315611DB226BD166B40DEAB83B958AADD08FF1188DBCE13B4629F6D3F28DF383D957E0AD01AB4AEB124827A6EF3CD4E5D1926AA1323B560650F082EFA8A4E39675DDD9988003988F50028508B6B384E7C45D5A943357F7A3287E8C3B7D6CD5E490B4234EB5E0CF3C6271A40A896A0475E08E700DC8E21F8EB95A8E07ED56664114107CC2901F5FA07F17955CE49F8A2F48E8E7865A0C0534BC1F65FA79C73CCCD1D91D92E6B055EB0A5C06E2C863431E104BDFCD28DA3708660DD7577F8F02C6B3579E4A2842BF8215A2F929957090490F65E98F6C2CA829942CFFA971AEC14078C371A5A4A6794B782664C99F3D55102BC8D9BA568F773153BB7F274D2C550CAD9D21C7BDE49916B01AB9503EECC7D51103F9FACABFE72905CF94BCC52B1AD026A0EF0F4374DD58F8B32EB3717C33224506D6834D1D37E18179E1859CF3E1A8D238B9950DBB61FCD881DA6AB0C08D2589621AE10A3999DAEB98F75741EC96076ECC1FD800D4E7178BEC7EFAF77A5E2C356DBE5D253228235B8E1BF218ED3FE9524A302192CF8C45AF5FFCC46740B536D521D9FF340E2BC3BA2E9115B45C8FD4825AF3EA559DEBD57C55E30172CF3E7D5C577BB8AAB26055EDE865C7FE5832126BC76516A5899DD166AD04E4E23532FB2CB4C1353B80A4EB8979EB91841899A60A9DC056FCA3000000000000000000000000000000000000"; char* truth_tm_b = NULL; int truth_tm_len = 0; hex_conversion(truth_tm_h, &truth_tm_b, &truth_tm_len); @@ -1067,8 +1090,8 @@ UTEST(TM_PROCESS_ENC_VAL, AEAD_AES_GCM_BITMASK_1) // Deactivate SA 1 sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - // Activate SA 9 - sa_if->sa_get_from_spi(9, &test_association); + // Activate SA 5 + sa_if->sa_get_from_spi(5, &test_association); test_association->arsn_len = 0; test_association->abm_len = 1786; memset(test_association->abm, 0xFF, (test_association->abm_len * sizeof(uint8_t))); // Bitmask From 22255f78bc70b491f6a2c154f4a8ef80fb7b1144 Mon Sep 17 00:00:00 2001 From: Robert Brown Date: Fri, 16 Aug 2024 12:09:18 -0400 Subject: [PATCH 102/174] [nasa/Cryptolib#256] Updates to merge --- Makefile | 867 +++++++++++++++++++++++++++++++++++-- test/unit/ut_aes_gcm_siv.c | 17 +- 2 files changed, 854 insertions(+), 30 deletions(-) diff --git a/Makefile b/Makefile index 013a1d27..52fc15e3 100644 --- a/Makefile +++ b/Makefile @@ -1,35 +1,844 @@ -# -# CryptoLib Makefile -# - -# The "LOCALTGTS" defines the top-level targets that are implemented in this makefile -# Any other target may also be given, in that case it will simply be passed through. -LOCALTGTS := all clean debug internal kmc wolf -OTHERTGTS := $(filter-out $(LOCALTGTS),$(MAKECMDGOALS)) - -# As this makefile does not build any real files, treat everything as a PHONY target -# This ensures that the rule gets executed even if a file by that name does exist -.PHONY: $(LOCALTGTS) $(OTHERTGTS) - -# -# Commands -# -all: - $(MAKE) internal - $(MAKE) kmc - $(MAKE) wolf +# CMAKE generated file: DO NOT EDIT! +# Generated by "Unix Makefiles" Generator, CMake Version 3.22 +# Default target executed when no arguments are given to make. +default_target: all +.PHONY : default_target + +# Allow only one "make -f Makefile2" at a time, but pass parallelism. +.NOTPARALLEL: + +#============================================================================= +# Special targets provided by cmake. + +# Disable implicit rules so canonical targets will work. +.SUFFIXES: + +# Disable VCS-based implicit rules. +% : %,v + +# Disable VCS-based implicit rules. +% : RCS/% + +# Disable VCS-based implicit rules. +% : RCS/%,v + +# Disable VCS-based implicit rules. +% : SCCS/s.% + +# Disable VCS-based implicit rules. +% : s.% + +.SUFFIXES: .hpux_make_needs_suffix_list + +# Command-line flag to silence nested $(MAKE). +$(VERBOSE)MAKESILENT = -s + +#Suppress display of executed commands. +$(VERBOSE).SILENT: + +# A target that is always out of date. +cmake_force: +.PHONY : cmake_force + +#============================================================================= +# Set environment variables for the build. + +# The shell in which to execute make rules. +SHELL = /bin/sh + +# The CMake executable. +CMAKE_COMMAND = /usr/bin/cmake + +# The command to remove a file. +RM = /usr/bin/cmake -E rm -f + +# Escaping for special characters. +EQUALS = = + +# The top-level source directory on which CMake was run. +CMAKE_SOURCE_DIR = /home/itc/Desktop/CryptoLib + +# The top-level build directory on which CMake was run. +CMAKE_BINARY_DIR = /home/itc/Desktop/CryptoLib + +#============================================================================= +# Targets provided globally by CMake. + +# Special rule for the target test +test: + @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "Running tests..." + /usr/bin/ctest --force-new-ctest-process $(ARGS) +.PHONY : test + +# Special rule for the target test +test/fast: test +.PHONY : test/fast + +# Special rule for the target edit_cache +edit_cache: + @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "No interactive CMake dialog available..." + /usr/bin/cmake -E echo No\ interactive\ CMake\ dialog\ available. +.PHONY : edit_cache + +# Special rule for the target edit_cache +edit_cache/fast: edit_cache +.PHONY : edit_cache/fast + +# Special rule for the target rebuild_cache +rebuild_cache: + @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "Running CMake to regenerate build system..." + /usr/bin/cmake --regenerate-during-build -S$(CMAKE_SOURCE_DIR) -B$(CMAKE_BINARY_DIR) +.PHONY : rebuild_cache + +# Special rule for the target rebuild_cache +rebuild_cache/fast: rebuild_cache +.PHONY : rebuild_cache/fast + +# Special rule for the target list_install_components +list_install_components: + @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "Available install components are: \"Unspecified\"" +.PHONY : list_install_components + +# Special rule for the target list_install_components +list_install_components/fast: list_install_components +.PHONY : list_install_components/fast + +# Special rule for the target install +install: preinstall + @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "Install the project..." + /usr/bin/cmake -P cmake_install.cmake +.PHONY : install + +# Special rule for the target install +install/fast: preinstall/fast + @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "Install the project..." + /usr/bin/cmake -P cmake_install.cmake +.PHONY : install/fast + +# Special rule for the target install/local +install/local: preinstall + @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "Installing only the local directory..." + /usr/bin/cmake -DCMAKE_INSTALL_LOCAL_ONLY=1 -P cmake_install.cmake +.PHONY : install/local + +# Special rule for the target install/local +install/local/fast: preinstall/fast + @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "Installing only the local directory..." + /usr/bin/cmake -DCMAKE_INSTALL_LOCAL_ONLY=1 -P cmake_install.cmake +.PHONY : install/local/fast + +# Special rule for the target install/strip +install/strip: preinstall + @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "Installing the project stripped..." + /usr/bin/cmake -DCMAKE_INSTALL_DO_STRIP=1 -P cmake_install.cmake +.PHONY : install/strip + +# Special rule for the target install/strip +install/strip/fast: preinstall/fast + @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "Installing the project stripped..." + /usr/bin/cmake -DCMAKE_INSTALL_DO_STRIP=1 -P cmake_install.cmake +.PHONY : install/strip/fast + +# The main all target +all: cmake_check_build_system + $(CMAKE_COMMAND) -E cmake_progress_start /home/itc/Desktop/CryptoLib/CMakeFiles /home/itc/Desktop/CryptoLib//CMakeFiles/progress.marks + $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 all + $(CMAKE_COMMAND) -E cmake_progress_start /home/itc/Desktop/CryptoLib/CMakeFiles 0 +.PHONY : all + +# The main clean target clean: - rm -rf ./build + $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 clean +.PHONY : clean + +# The main clean target +clean/fast: clean +.PHONY : clean/fast + +# Prepare targets for installation. +preinstall: all + $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 preinstall +.PHONY : preinstall + +# Prepare targets for installation. +preinstall/fast: + $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 preinstall +.PHONY : preinstall/fast + +# clear depends +depend: + $(CMAKE_COMMAND) -S$(CMAKE_SOURCE_DIR) -B$(CMAKE_BINARY_DIR) --check-build-system CMakeFiles/Makefile.cmake 1 +.PHONY : depend + +#============================================================================= +# Target rules for targets named Experimental + +# Build rule for target. +Experimental: cmake_check_build_system + $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 Experimental +.PHONY : Experimental + +# fast build rule for target. +Experimental/fast: + $(MAKE) $(MAKESILENT) -f CMakeFiles/Experimental.dir/build.make CMakeFiles/Experimental.dir/build +.PHONY : Experimental/fast + +#============================================================================= +# Target rules for targets named Nightly + +# Build rule for target. +Nightly: cmake_check_build_system + $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 Nightly +.PHONY : Nightly + +# fast build rule for target. +Nightly/fast: + $(MAKE) $(MAKESILENT) -f CMakeFiles/Nightly.dir/build.make CMakeFiles/Nightly.dir/build +.PHONY : Nightly/fast + +#============================================================================= +# Target rules for targets named Continuous + +# Build rule for target. +Continuous: cmake_check_build_system + $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 Continuous +.PHONY : Continuous + +# fast build rule for target. +Continuous/fast: + $(MAKE) $(MAKESILENT) -f CMakeFiles/Continuous.dir/build.make CMakeFiles/Continuous.dir/build +.PHONY : Continuous/fast + +#============================================================================= +# Target rules for targets named NightlyMemoryCheck + +# Build rule for target. +NightlyMemoryCheck: cmake_check_build_system + $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 NightlyMemoryCheck +.PHONY : NightlyMemoryCheck + +# fast build rule for target. +NightlyMemoryCheck/fast: + $(MAKE) $(MAKESILENT) -f CMakeFiles/NightlyMemoryCheck.dir/build.make CMakeFiles/NightlyMemoryCheck.dir/build +.PHONY : NightlyMemoryCheck/fast + +#============================================================================= +# Target rules for targets named NightlyStart + +# Build rule for target. +NightlyStart: cmake_check_build_system + $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 NightlyStart +.PHONY : NightlyStart + +# fast build rule for target. +NightlyStart/fast: + $(MAKE) $(MAKESILENT) -f CMakeFiles/NightlyStart.dir/build.make CMakeFiles/NightlyStart.dir/build +.PHONY : NightlyStart/fast + +#============================================================================= +# Target rules for targets named NightlyUpdate + +# Build rule for target. +NightlyUpdate: cmake_check_build_system + $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 NightlyUpdate +.PHONY : NightlyUpdate + +# fast build rule for target. +NightlyUpdate/fast: + $(MAKE) $(MAKESILENT) -f CMakeFiles/NightlyUpdate.dir/build.make CMakeFiles/NightlyUpdate.dir/build +.PHONY : NightlyUpdate/fast + +#============================================================================= +# Target rules for targets named NightlyConfigure + +# Build rule for target. +NightlyConfigure: cmake_check_build_system + $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 NightlyConfigure +.PHONY : NightlyConfigure + +# fast build rule for target. +NightlyConfigure/fast: + $(MAKE) $(MAKESILENT) -f CMakeFiles/NightlyConfigure.dir/build.make CMakeFiles/NightlyConfigure.dir/build +.PHONY : NightlyConfigure/fast + +#============================================================================= +# Target rules for targets named NightlyBuild + +# Build rule for target. +NightlyBuild: cmake_check_build_system + $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 NightlyBuild +.PHONY : NightlyBuild + +# fast build rule for target. +NightlyBuild/fast: + $(MAKE) $(MAKESILENT) -f CMakeFiles/NightlyBuild.dir/build.make CMakeFiles/NightlyBuild.dir/build +.PHONY : NightlyBuild/fast + +#============================================================================= +# Target rules for targets named NightlyTest + +# Build rule for target. +NightlyTest: cmake_check_build_system + $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 NightlyTest +.PHONY : NightlyTest + +# fast build rule for target. +NightlyTest/fast: + $(MAKE) $(MAKESILENT) -f CMakeFiles/NightlyTest.dir/build.make CMakeFiles/NightlyTest.dir/build +.PHONY : NightlyTest/fast + +#============================================================================= +# Target rules for targets named NightlyCoverage + +# Build rule for target. +NightlyCoverage: cmake_check_build_system + $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 NightlyCoverage +.PHONY : NightlyCoverage + +# fast build rule for target. +NightlyCoverage/fast: + $(MAKE) $(MAKESILENT) -f CMakeFiles/NightlyCoverage.dir/build.make CMakeFiles/NightlyCoverage.dir/build +.PHONY : NightlyCoverage/fast + +#============================================================================= +# Target rules for targets named NightlyMemCheck + +# Build rule for target. +NightlyMemCheck: cmake_check_build_system + $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 NightlyMemCheck +.PHONY : NightlyMemCheck + +# fast build rule for target. +NightlyMemCheck/fast: + $(MAKE) $(MAKESILENT) -f CMakeFiles/NightlyMemCheck.dir/build.make CMakeFiles/NightlyMemCheck.dir/build +.PHONY : NightlyMemCheck/fast + +#============================================================================= +# Target rules for targets named NightlySubmit + +# Build rule for target. +NightlySubmit: cmake_check_build_system + $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 NightlySubmit +.PHONY : NightlySubmit + +# fast build rule for target. +NightlySubmit/fast: + $(MAKE) $(MAKESILENT) -f CMakeFiles/NightlySubmit.dir/build.make CMakeFiles/NightlySubmit.dir/build +.PHONY : NightlySubmit/fast + +#============================================================================= +# Target rules for targets named ExperimentalStart + +# Build rule for target. +ExperimentalStart: cmake_check_build_system + $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ExperimentalStart +.PHONY : ExperimentalStart + +# fast build rule for target. +ExperimentalStart/fast: + $(MAKE) $(MAKESILENT) -f CMakeFiles/ExperimentalStart.dir/build.make CMakeFiles/ExperimentalStart.dir/build +.PHONY : ExperimentalStart/fast + +#============================================================================= +# Target rules for targets named ExperimentalUpdate + +# Build rule for target. +ExperimentalUpdate: cmake_check_build_system + $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ExperimentalUpdate +.PHONY : ExperimentalUpdate + +# fast build rule for target. +ExperimentalUpdate/fast: + $(MAKE) $(MAKESILENT) -f CMakeFiles/ExperimentalUpdate.dir/build.make CMakeFiles/ExperimentalUpdate.dir/build +.PHONY : ExperimentalUpdate/fast + +#============================================================================= +# Target rules for targets named ExperimentalConfigure + +# Build rule for target. +ExperimentalConfigure: cmake_check_build_system + $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ExperimentalConfigure +.PHONY : ExperimentalConfigure + +# fast build rule for target. +ExperimentalConfigure/fast: + $(MAKE) $(MAKESILENT) -f CMakeFiles/ExperimentalConfigure.dir/build.make CMakeFiles/ExperimentalConfigure.dir/build +.PHONY : ExperimentalConfigure/fast + +#============================================================================= +# Target rules for targets named ExperimentalBuild + +# Build rule for target. +ExperimentalBuild: cmake_check_build_system + $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ExperimentalBuild +.PHONY : ExperimentalBuild + +# fast build rule for target. +ExperimentalBuild/fast: + $(MAKE) $(MAKESILENT) -f CMakeFiles/ExperimentalBuild.dir/build.make CMakeFiles/ExperimentalBuild.dir/build +.PHONY : ExperimentalBuild/fast + +#============================================================================= +# Target rules for targets named ExperimentalTest + +# Build rule for target. +ExperimentalTest: cmake_check_build_system + $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ExperimentalTest +.PHONY : ExperimentalTest + +# fast build rule for target. +ExperimentalTest/fast: + $(MAKE) $(MAKESILENT) -f CMakeFiles/ExperimentalTest.dir/build.make CMakeFiles/ExperimentalTest.dir/build +.PHONY : ExperimentalTest/fast + +#============================================================================= +# Target rules for targets named ExperimentalCoverage + +# Build rule for target. +ExperimentalCoverage: cmake_check_build_system + $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ExperimentalCoverage +.PHONY : ExperimentalCoverage + +# fast build rule for target. +ExperimentalCoverage/fast: + $(MAKE) $(MAKESILENT) -f CMakeFiles/ExperimentalCoverage.dir/build.make CMakeFiles/ExperimentalCoverage.dir/build +.PHONY : ExperimentalCoverage/fast + +#============================================================================= +# Target rules for targets named ExperimentalMemCheck + +# Build rule for target. +ExperimentalMemCheck: cmake_check_build_system + $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ExperimentalMemCheck +.PHONY : ExperimentalMemCheck + +# fast build rule for target. +ExperimentalMemCheck/fast: + $(MAKE) $(MAKESILENT) -f CMakeFiles/ExperimentalMemCheck.dir/build.make CMakeFiles/ExperimentalMemCheck.dir/build +.PHONY : ExperimentalMemCheck/fast + +#============================================================================= +# Target rules for targets named ExperimentalSubmit + +# Build rule for target. +ExperimentalSubmit: cmake_check_build_system + $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ExperimentalSubmit +.PHONY : ExperimentalSubmit + +# fast build rule for target. +ExperimentalSubmit/fast: + $(MAKE) $(MAKESILENT) -f CMakeFiles/ExperimentalSubmit.dir/build.make CMakeFiles/ExperimentalSubmit.dir/build +.PHONY : ExperimentalSubmit/fast + +#============================================================================= +# Target rules for targets named ContinuousStart + +# Build rule for target. +ContinuousStart: cmake_check_build_system + $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ContinuousStart +.PHONY : ContinuousStart + +# fast build rule for target. +ContinuousStart/fast: + $(MAKE) $(MAKESILENT) -f CMakeFiles/ContinuousStart.dir/build.make CMakeFiles/ContinuousStart.dir/build +.PHONY : ContinuousStart/fast + +#============================================================================= +# Target rules for targets named ContinuousUpdate + +# Build rule for target. +ContinuousUpdate: cmake_check_build_system + $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ContinuousUpdate +.PHONY : ContinuousUpdate + +# fast build rule for target. +ContinuousUpdate/fast: + $(MAKE) $(MAKESILENT) -f CMakeFiles/ContinuousUpdate.dir/build.make CMakeFiles/ContinuousUpdate.dir/build +.PHONY : ContinuousUpdate/fast + +#============================================================================= +# Target rules for targets named ContinuousConfigure + +# Build rule for target. +ContinuousConfigure: cmake_check_build_system + $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ContinuousConfigure +.PHONY : ContinuousConfigure + +# fast build rule for target. +ContinuousConfigure/fast: + $(MAKE) $(MAKESILENT) -f CMakeFiles/ContinuousConfigure.dir/build.make CMakeFiles/ContinuousConfigure.dir/build +.PHONY : ContinuousConfigure/fast + +#============================================================================= +# Target rules for targets named ContinuousBuild + +# Build rule for target. +ContinuousBuild: cmake_check_build_system + $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ContinuousBuild +.PHONY : ContinuousBuild + +# fast build rule for target. +ContinuousBuild/fast: + $(MAKE) $(MAKESILENT) -f CMakeFiles/ContinuousBuild.dir/build.make CMakeFiles/ContinuousBuild.dir/build +.PHONY : ContinuousBuild/fast + +#============================================================================= +# Target rules for targets named ContinuousTest + +# Build rule for target. +ContinuousTest: cmake_check_build_system + $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ContinuousTest +.PHONY : ContinuousTest + +# fast build rule for target. +ContinuousTest/fast: + $(MAKE) $(MAKESILENT) -f CMakeFiles/ContinuousTest.dir/build.make CMakeFiles/ContinuousTest.dir/build +.PHONY : ContinuousTest/fast + +#============================================================================= +# Target rules for targets named ContinuousCoverage + +# Build rule for target. +ContinuousCoverage: cmake_check_build_system + $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ContinuousCoverage +.PHONY : ContinuousCoverage + +# fast build rule for target. +ContinuousCoverage/fast: + $(MAKE) $(MAKESILENT) -f CMakeFiles/ContinuousCoverage.dir/build.make CMakeFiles/ContinuousCoverage.dir/build +.PHONY : ContinuousCoverage/fast + +#============================================================================= +# Target rules for targets named ContinuousMemCheck + +# Build rule for target. +ContinuousMemCheck: cmake_check_build_system + $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ContinuousMemCheck +.PHONY : ContinuousMemCheck + +# fast build rule for target. +ContinuousMemCheck/fast: + $(MAKE) $(MAKESILENT) -f CMakeFiles/ContinuousMemCheck.dir/build.make CMakeFiles/ContinuousMemCheck.dir/build +.PHONY : ContinuousMemCheck/fast + +#============================================================================= +# Target rules for targets named ContinuousSubmit + +# Build rule for target. +ContinuousSubmit: cmake_check_build_system + $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ContinuousSubmit +.PHONY : ContinuousSubmit + +# fast build rule for target. +ContinuousSubmit/fast: + $(MAKE) $(MAKESILENT) -f CMakeFiles/ContinuousSubmit.dir/build.make CMakeFiles/ContinuousSubmit.dir/build +.PHONY : ContinuousSubmit/fast + +#============================================================================= +# Target rules for targets named crypto + +# Build rule for target. +crypto: cmake_check_build_system + $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 crypto +.PHONY : crypto + +# fast build rule for target. +crypto/fast: + $(MAKE) $(MAKESILENT) -f src/CMakeFiles/crypto.dir/build.make src/CMakeFiles/crypto.dir/build +.PHONY : crypto/fast + +#============================================================================= +# Target rules for targets named et_dt_validation + +# Build rule for target. +et_dt_validation: cmake_check_build_system + $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 et_dt_validation +.PHONY : et_dt_validation + +# fast build rule for target. +et_dt_validation/fast: + $(MAKE) $(MAKESILENT) -f test/CMakeFiles/et_dt_validation.dir/build.make test/CMakeFiles/et_dt_validation.dir/build +.PHONY : et_dt_validation/fast + +#============================================================================= +# Target rules for targets named ut_aes_gcm_siv + +# Build rule for target. +ut_aes_gcm_siv: cmake_check_build_system + $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ut_aes_gcm_siv +.PHONY : ut_aes_gcm_siv + +# fast build rule for target. +ut_aes_gcm_siv/fast: + $(MAKE) $(MAKESILENT) -f test/CMakeFiles/ut_aes_gcm_siv.dir/build.make test/CMakeFiles/ut_aes_gcm_siv.dir/build +.PHONY : ut_aes_gcm_siv/fast + +#============================================================================= +# Target rules for targets named ut_aos_apply + +# Build rule for target. +ut_aos_apply: cmake_check_build_system + $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ut_aos_apply +.PHONY : ut_aos_apply + +# fast build rule for target. +ut_aos_apply/fast: + $(MAKE) $(MAKESILENT) -f test/CMakeFiles/ut_aos_apply.dir/build.make test/CMakeFiles/ut_aos_apply.dir/build +.PHONY : ut_aos_apply/fast + +#============================================================================= +# Target rules for targets named ut_aos_process + +# Build rule for target. +ut_aos_process: cmake_check_build_system + $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ut_aos_process +.PHONY : ut_aos_process + +# fast build rule for target. +ut_aos_process/fast: + $(MAKE) $(MAKESILENT) -f test/CMakeFiles/ut_aos_process.dir/build.make test/CMakeFiles/ut_aos_process.dir/build +.PHONY : ut_aos_process/fast + +#============================================================================= +# Target rules for targets named ut_crypto + +# Build rule for target. +ut_crypto: cmake_check_build_system + $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ut_crypto +.PHONY : ut_crypto + +# fast build rule for target. +ut_crypto/fast: + $(MAKE) $(MAKESILENT) -f test/CMakeFiles/ut_crypto.dir/build.make test/CMakeFiles/ut_crypto.dir/build +.PHONY : ut_crypto/fast + +#============================================================================= +# Target rules for targets named ut_crypto_config + +# Build rule for target. +ut_crypto_config: cmake_check_build_system + $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ut_crypto_config +.PHONY : ut_crypto_config + +# fast build rule for target. +ut_crypto_config/fast: + $(MAKE) $(MAKESILENT) -f test/CMakeFiles/ut_crypto_config.dir/build.make test/CMakeFiles/ut_crypto_config.dir/build +.PHONY : ut_crypto_config/fast + +#============================================================================= +# Target rules for targets named ut_crypto_mc + +# Build rule for target. +ut_crypto_mc: cmake_check_build_system + $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ut_crypto_mc +.PHONY : ut_crypto_mc + +# fast build rule for target. +ut_crypto_mc/fast: + $(MAKE) $(MAKESILENT) -f test/CMakeFiles/ut_crypto_mc.dir/build.make test/CMakeFiles/ut_crypto_mc.dir/build +.PHONY : ut_crypto_mc/fast + +#============================================================================= +# Target rules for targets named ut_mysql_m_tls_connection + +# Build rule for target. +ut_mysql_m_tls_connection: cmake_check_build_system + $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ut_mysql_m_tls_connection +.PHONY : ut_mysql_m_tls_connection + +# fast build rule for target. +ut_mysql_m_tls_connection/fast: + $(MAKE) $(MAKESILENT) -f test/CMakeFiles/ut_mysql_m_tls_connection.dir/build.make test/CMakeFiles/ut_mysql_m_tls_connection.dir/build +.PHONY : ut_mysql_m_tls_connection/fast + +#============================================================================= +# Target rules for targets named ut_mysql_tls_connection + +# Build rule for target. +ut_mysql_tls_connection: cmake_check_build_system + $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ut_mysql_tls_connection +.PHONY : ut_mysql_tls_connection + +# fast build rule for target. +ut_mysql_tls_connection/fast: + $(MAKE) $(MAKESILENT) -f test/CMakeFiles/ut_mysql_tls_connection.dir/build.make test/CMakeFiles/ut_mysql_tls_connection.dir/build +.PHONY : ut_mysql_tls_connection/fast + +#============================================================================= +# Target rules for targets named ut_sa_save + +# Build rule for target. +ut_sa_save: cmake_check_build_system + $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ut_sa_save +.PHONY : ut_sa_save + +# fast build rule for target. +ut_sa_save/fast: + $(MAKE) $(MAKESILENT) -f test/CMakeFiles/ut_sa_save.dir/build.make test/CMakeFiles/ut_sa_save.dir/build +.PHONY : ut_sa_save/fast + +#============================================================================= +# Target rules for targets named ut_sadb_err_cases_kmc_crypto + +# Build rule for target. +ut_sadb_err_cases_kmc_crypto: cmake_check_build_system + $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ut_sadb_err_cases_kmc_crypto +.PHONY : ut_sadb_err_cases_kmc_crypto + +# fast build rule for target. +ut_sadb_err_cases_kmc_crypto/fast: + $(MAKE) $(MAKESILENT) -f test/CMakeFiles/ut_sadb_err_cases_kmc_crypto.dir/build.make test/CMakeFiles/ut_sadb_err_cases_kmc_crypto.dir/build +.PHONY : ut_sadb_err_cases_kmc_crypto/fast + +#============================================================================= +# Target rules for targets named ut_tc_apply + +# Build rule for target. +ut_tc_apply: cmake_check_build_system + $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ut_tc_apply +.PHONY : ut_tc_apply + +# fast build rule for target. +ut_tc_apply/fast: + $(MAKE) $(MAKESILENT) -f test/CMakeFiles/ut_tc_apply.dir/build.make test/CMakeFiles/ut_tc_apply.dir/build +.PHONY : ut_tc_apply/fast + +#============================================================================= +# Target rules for targets named ut_tc_process + +# Build rule for target. +ut_tc_process: cmake_check_build_system + $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ut_tc_process +.PHONY : ut_tc_process + +# fast build rule for target. +ut_tc_process/fast: + $(MAKE) $(MAKESILENT) -f test/CMakeFiles/ut_tc_process.dir/build.make test/CMakeFiles/ut_tc_process.dir/build +.PHONY : ut_tc_process/fast + +#============================================================================= +# Target rules for targets named ut_tm_apply + +# Build rule for target. +ut_tm_apply: cmake_check_build_system + $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ut_tm_apply +.PHONY : ut_tm_apply + +# fast build rule for target. +ut_tm_apply/fast: + $(MAKE) $(MAKESILENT) -f test/CMakeFiles/ut_tm_apply.dir/build.make test/CMakeFiles/ut_tm_apply.dir/build +.PHONY : ut_tm_apply/fast + +#============================================================================= +# Target rules for targets named ut_tm_process + +# Build rule for target. +ut_tm_process: cmake_check_build_system + $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ut_tm_process +.PHONY : ut_tm_process + +# fast build rule for target. +ut_tm_process/fast: + $(MAKE) $(MAKESILENT) -f test/CMakeFiles/ut_tm_process.dir/build.make test/CMakeFiles/ut_tm_process.dir/build +.PHONY : ut_tm_process/fast + +#============================================================================= +# Target rules for targets named gcov + +# Build rule for target. +gcov: cmake_check_build_system + $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 gcov +.PHONY : gcov + +# fast build rule for target. +gcov/fast: + $(MAKE) $(MAKESILENT) -f test/CMakeFiles/gcov.dir/build.make test/CMakeFiles/gcov.dir/build +.PHONY : gcov/fast + +#============================================================================= +# Target rules for targets named scrub + +# Build rule for target. +scrub: cmake_check_build_system + $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 scrub +.PHONY : scrub + +# fast build rule for target. +scrub/fast: + $(MAKE) $(MAKESILENT) -f test/CMakeFiles/scrub.dir/build.make test/CMakeFiles/scrub.dir/build +.PHONY : scrub/fast + +# Help Target +help: + @echo "The following are some of the valid targets for this Makefile:" + @echo "... all (the default if no target is provided)" + @echo "... clean" + @echo "... depend" + @echo "... edit_cache" + @echo "... install" + @echo "... install/local" + @echo "... install/strip" + @echo "... list_install_components" + @echo "... rebuild_cache" + @echo "... test" + @echo "... Continuous" + @echo "... ContinuousBuild" + @echo "... ContinuousConfigure" + @echo "... ContinuousCoverage" + @echo "... ContinuousMemCheck" + @echo "... ContinuousStart" + @echo "... ContinuousSubmit" + @echo "... ContinuousTest" + @echo "... ContinuousUpdate" + @echo "... Experimental" + @echo "... ExperimentalBuild" + @echo "... ExperimentalConfigure" + @echo "... ExperimentalCoverage" + @echo "... ExperimentalMemCheck" + @echo "... ExperimentalStart" + @echo "... ExperimentalSubmit" + @echo "... ExperimentalTest" + @echo "... ExperimentalUpdate" + @echo "... Nightly" + @echo "... NightlyBuild" + @echo "... NightlyConfigure" + @echo "... NightlyCoverage" + @echo "... NightlyMemCheck" + @echo "... NightlyMemoryCheck" + @echo "... NightlyStart" + @echo "... NightlySubmit" + @echo "... NightlyTest" + @echo "... NightlyUpdate" + @echo "... gcov" + @echo "... scrub" + @echo "... crypto" + @echo "... et_dt_validation" + @echo "... ut_aes_gcm_siv" + @echo "... ut_aos_apply" + @echo "... ut_aos_process" + @echo "... ut_crypto" + @echo "... ut_crypto_config" + @echo "... ut_crypto_mc" + @echo "... ut_mysql_m_tls_connection" + @echo "... ut_mysql_tls_connection" + @echo "... ut_sa_save" + @echo "... ut_sadb_err_cases_kmc_crypto" + @echo "... ut_tc_apply" + @echo "... ut_tc_process" + @echo "... ut_tm_apply" + @echo "... ut_tm_process" +.PHONY : help + -debug: - ./support/scripts/docker_debug.sh -internal: - ./support/scripts/internal_docker_build.sh +#============================================================================= +# Special targets to cleanup operation of make. -kmc: - ./support/scripts/kmc_docker_build.sh +# Special rule to run CMake to check the build system integrity. +# No rule that depends on this can have commands that come from listfiles +# because they might be regenerated. +cmake_check_build_system: + $(CMAKE_COMMAND) -S$(CMAKE_SOURCE_DIR) -B$(CMAKE_BINARY_DIR) --check-build-system CMakeFiles/Makefile.cmake 0 +.PHONY : cmake_check_build_system -wolf: - ./support/scripts/wolf_docker_build.sh diff --git a/test/unit/ut_aes_gcm_siv.c b/test/unit/ut_aes_gcm_siv.c index be331669..27784bdb 100644 --- a/test/unit/ut_aes_gcm_siv.c +++ b/test/unit/ut_aes_gcm_siv.c @@ -98,6 +98,7 @@ UTEST(AES_GCM_SIV, AES_GCM_SIV_256_KEY_32_PT_8_ENC_TEST_1) // Activate SA 9 sa_if->sa_get_from_spi(9, &test_association); test_association->arsn_len = 0; + test_association->shsnf_len = 0; test_association->sa_state = SA_OPERATIONAL; test_association->ast = 1; test_association->est = 1; @@ -106,6 +107,8 @@ UTEST(AES_GCM_SIV, AES_GCM_SIV_256_KEY_32_PT_8_ENC_TEST_1) test_association->acs_len = 1; test_association->acs = CRYPTO_MAC_CMAC_AES256; test_association->stmacf_len = 16; + test_association->gvcid_blk.tfvn = 0; + test_association->abm_len = 1024; // Insert key into keyring of SA 9 hex_conversion(buffer_rfc_key_h, (char**) &buffer_rfc_key_b, &buffer_rfc_key_len); @@ -201,6 +204,9 @@ UTEST(AES_GCM_SIV, AES_GCM_SIV_256_KEY_32_PT_8_DEC_TEST_1) test_association->ecs_len = 1; test_association->ecs = CRYPTO_CIPHER_AES256_GCM_SIV; test_association->stmacf_len = 16; + test_association->shsnf_len = 0; + test_association->gvcid_blk.tfvn = 0; + test_association->abm_len = 1024; // Insert key into keyring of SA 9 hex_conversion(buffer_rfc_key_h, (char**) &buffer_rfc_key_b, &buffer_rfc_key_len); @@ -217,7 +223,7 @@ UTEST(AES_GCM_SIV, AES_GCM_SIV_256_KEY_32_PT_8_DEC_TEST_1) // Convert input encryptedtext hex_conversion(buffer_rfc_et_h, (char**) &buffer_rfc_et_b, &buffer_rfc_et_len); - Crypto_TC_ProcessSecurity(buffer_rfc_et_b, &buffer_rfc_et_len, tc_rfc_processed_frame); + ASSERT_EQ(0, Crypto_TC_ProcessSecurity(buffer_rfc_et_b, &buffer_rfc_et_len, tc_rfc_processed_frame)); for (int i = 0; i < tc_rfc_processed_frame->tc_pdu_len; i++) { @@ -293,6 +299,9 @@ UTEST(AES_GCM_SIV, AES_GCM_SIV_256_KEY_32_PT_8_ENC_TEST_2) test_association->acs_len = 1; test_association->acs = CRYPTO_MAC_CMAC_AES256; test_association->stmacf_len = 16; + test_association->shsnf_len = 0; + test_association->gvcid_blk.tfvn = 0; + test_association->abm_len = 1024; // Insert key into keyring of SA 9 hex_conversion(buffer_rfc_key_h, (char**) &buffer_rfc_key_b, &buffer_rfc_key_len); @@ -386,6 +395,9 @@ UTEST(AES_GCM_SIV, AES_GCM_SIV_256_KEY_32_PT_20_WITH_AAD_ENC_TEST_1) test_association->acs_len = 1; test_association->acs = CRYPTO_MAC_CMAC_AES256; test_association->stmacf_len = 16; + test_association->shsnf_len = 0; + test_association->gvcid_blk.tfvn = 0; + test_association->abm_len = 1024; // Insert key into keyring of SA 9 hex_conversion(buffer_rfc_key_h, (char**) &buffer_rfc_key_b, &buffer_rfc_key_len); @@ -478,6 +490,9 @@ UTEST(AES_GCM_SIV, AES_GCM_SIV_256_KEY_32_PT_20_WITH_AAD_DEC_TEST_1) test_association->ecs_len = 1; test_association->ecs = CRYPTO_CIPHER_AES256_GCM_SIV; test_association->stmacf_len = 16; + test_association->shsnf_len = 0; + test_association->gvcid_blk.tfvn = 0; + test_association->abm_len = 1024; // Insert key into keyring of SA 9 hex_conversion(buffer_rfc_key_h, (char**) &buffer_rfc_key_b, &buffer_rfc_key_len); ekp = key_if->get_key(test_association->ekid); From abc85485221277629194c3fa21c41a457204e7ff Mon Sep 17 00:00:00 2001 From: Robert Brown Date: Fri, 16 Aug 2024 13:08:29 -0400 Subject: [PATCH 103/174] [nasa/Cryptolib#256] Remove KMC Test prep for open source containers --- .github/workflows/build.yml | 84 ++++++++++++++++++------------------- 1 file changed, 42 insertions(+), 42 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c955d266..40db2fc8 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -96,51 +96,51 @@ jobs: # # KMC Build # - kmc_build: - # Container Setup - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: Update - run: sudo apt-get update - - name: Install Dependencies - run: sudo apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat python3 - - name: Install Python Libraries - run: sudo pip install pycryptodome - - name: Install Libgcrypt - run: > - curl - -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 - -o /tmp/libgpg-error-1.50.tar.bz2 - && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ - && cd /tmp/libgpg-error-1.50 - && sudo ./configure - && sudo make install - && curl - -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 - -o /tmp/libgcrypt-1.11.0.tar.bz2 - && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ - && cd /tmp/libgcrypt-1.11.0 - && sudo ./configure - && sudo make install - && sudo ldconfig - # End Container Setup + # kmc_build: + # # Container Setup + # runs-on: ubuntu-latest + # steps: + # - uses: actions/checkout@v2 + # - name: Update + # run: sudo apt-get update + # - name: Install Dependencies + # run: sudo apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat python3 + # - name: Install Python Libraries + # run: sudo pip install pycryptodome + # - name: Install Libgcrypt + # run: > + # curl + # -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 + # -o /tmp/libgpg-error-1.50.tar.bz2 + # && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ + # && cd /tmp/libgpg-error-1.50 + # && sudo ./configure + # && sudo make install + # && curl + # -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 + # -o /tmp/libgcrypt-1.11.0.tar.bz2 + # && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ + # && cd /tmp/libgcrypt-1.11.0 + # && sudo ./configure + # && sudo make install + # && sudo ldconfig + # # End Container Setup - - name: KMC Build Script - working-directory: ${{github.workspace}} - run: bash ${GITHUB_WORKSPACE}/support/scripts/build_kmc.sh + # - name: KMC Build Script + # working-directory: ${{github.workspace}} + # run: bash ${GITHUB_WORKSPACE}/support/scripts/build_kmc.sh - - name: Code-Coverage - working-directory: ${{github.workspace}} - run: make gcov + # - name: Code-Coverage + # working-directory: ${{github.workspace}} + # run: make gcov - - name: Upload - uses: codecov/codecov-action@v4 - env: - CODECOV_TOKEN: 71699f25-12a3-44a4-8a83-be777b9e577a - with: - files: 'coverage/*.c.gcov' - verbose: true + # - name: Upload + # uses: codecov/codecov-action@v4 + # env: + # CODECOV_TOKEN: 71699f25-12a3-44a4-8a83-be777b9e577a + # with: + # files: 'coverage/*.c.gcov' + # verbose: true # # Wolf Build From f834ba291c4e567afb8bd6c12deb21de7cd05de7 Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Mon, 19 Aug 2024 17:31:44 +0000 Subject: [PATCH 104/174] [nasa/Cryptolib#274] Prep for release - 1.3.1. --- include/crypto.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/crypto.h b/include/crypto.h index 3fabd15a..4e3ac527 100644 --- a/include/crypto.h +++ b/include/crypto.h @@ -48,8 +48,8 @@ ** Crypto Version */ #define CRYPTO_LIB_MAJOR_VERSION 1 -#define CRYPTO_LIB_MINOR_VERSION 2 -#define CRYPTO_LIB_REVISION 2 +#define CRYPTO_LIB_MINOR_VERSION 3 +#define CRYPTO_LIB_REVISION 1 #define CRYPTO_LIB_MISSION_REV 0 /* From 0989519ec9672f9f7dcbba24964bc559ed9a6502 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luna=20Gr=C3=A4fje?= Date: Mon, 19 Aug 2024 16:43:23 -0400 Subject: [PATCH 105/174] Packaging improvements 1. It is now possible to install the library to an arbitrary prefix by setting CMAKE_INSTALL_PREFIX and SYSTEM_INSTALL 2. The filename of the library no longer conflicts with openssl when installed. This should not have an effect when using the library as a git submodule. --- CMakeLists.txt | 4 +++- src/CMakeLists.txt | 4 ++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 0936d717..f53101a7 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -139,7 +139,9 @@ IF(KMC_MDB_DB) ENDIF(KMC_MDB_DB) if(SYSTEM_INSTALL) - set(CMAKE_INSTALL_PREFIX /usr/local) + # The library will be installed to /usr/local unless overridden with + # -DCMAKE_INSTALL_PREFIX=/some/path + # See https://cmake.org/cmake/help/latest/variable/CMAKE_INSTALL_PREFIX.html elseif(NOT DEFINED CFE_SYSTEM_PSPNAME) # Not cFE / cFS set(CMAKE_INSTALL_RPATH "$ORIGIN/../lib") diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 54744f43..0445391d 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -158,6 +158,10 @@ endif() file(GLOB CRYPTO_INCLUDES ../include/*.h) set_target_properties(crypto PROPERTIES PUBLIC_HEADER "${CRYPTO_INCLUDES}") +# This causes the library to be installed as libcryptolib.so while still being +# referred to as crypto from CMake. Without this, the library filename would be +# libcrypto.so which would conflict with openssl +set_target_properties(crypto PROPERTIES OUTPUT_NAME "cryptolib") add_custom_command(TARGET crypto POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy $ ${PROJECT_BINARY_DIR}/lib/libcrypto.so From 5d2fd3131fc703c716fe1032564f21b83d7bd87b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luna=20Gr=C3=A4fje?= Date: Fri, 23 Aug 2024 07:25:15 -0400 Subject: [PATCH 106/174] Don't skip Handle_Increment if Do_Encrypt_NONPLAINTEXT succeeds I'm 100% sure that this was a (unfortunately disastrous) typo. --- src/core/crypto_tm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/core/crypto_tm.c b/src/core/crypto_tm.c index 7b9e7ea8..c3c112db 100644 --- a/src/core/crypto_tm.c +++ b/src/core/crypto_tm.c @@ -529,7 +529,7 @@ int32_t Crypto_TM_Do_Encrypt(uint8_t sa_service_type, SecurityAssociation_t* sa_ } - if (status != CRYPTO_LIB_SUCCESS) + if (status == CRYPTO_LIB_SUCCESS) { status = Crypto_TM_Do_Encrypt_Handle_Increment(sa_service_type, sa_ptr); } @@ -2035,4 +2035,4 @@ uint32_t Crypto_Prepare_TM_AAD(const uint8_t* buffer, uint16_t len_aad, const ui #endif return status; -} \ No newline at end of file +} From 5c905e6d4f2ecaef134f904e40c804cd930e004d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luna=20Gr=C3=A4fje?= Date: Fri, 23 Aug 2024 14:40:14 -0400 Subject: [PATCH 107/174] Test that the IV is incremented as part of TM_ApplySecurity --- test/unit/ut_tm_apply.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/test/unit/ut_tm_apply.c b/test/unit/ut_tm_apply.c index 9904dcc4..c37415f0 100644 --- a/test/unit/ut_tm_apply.c +++ b/test/unit/ut_tm_apply.c @@ -1109,6 +1109,13 @@ UTEST(TM_APPLY_ENC_VAL, AEAD_AES_GCM_BITMASK_1) hex_conversion(iv_h, &iv_b, &iv_len); memcpy(sa_ptr->iv, iv_b, iv_len); + // Expected IV after increment + char* next_iv_h = "DEADBEEFDEADBEEFDEADBEEFDEADBEF0"; + char* next_iv_b = NULL; + int next_iv_len = 0; + hex_conversion(next_iv_h, &next_iv_b, &next_iv_len); + ASSERT_EQ(next_iv_len, iv_len); + Crypto_TM_ApplySecurity((uint8_t*)framed_tm_b); printf("Static frame contents:\n\t"); @@ -1142,10 +1149,17 @@ UTEST(TM_APPLY_ENC_VAL, AEAD_AES_GCM_BITMASK_1) } printf("\n"); + // Ensure IV has been incremented + for (int i = 0; i < iv_len; i++) + { + ASSERT_EQ((uint8_t)next_iv_b[i], (uint8_t)sa_ptr->iv[i]); + } + Crypto_Shutdown(); free(truth_tm_b); free(framed_tm_b); free(iv_b); + free(next_iv_b); } -UTEST_MAIN(); \ No newline at end of file +UTEST_MAIN(); From 1080a5ee028ba0b31fb521a1470965f66661a522 Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Fri, 23 Aug 2024 19:20:10 +0000 Subject: [PATCH 108/174] [nasa/Cryptolib#281] Updates to track status variable --- Makefile | 844 ------------------------------------------- src/core/crypto_tm.c | 89 ++--- 2 files changed, 46 insertions(+), 887 deletions(-) delete mode 100644 Makefile diff --git a/Makefile b/Makefile deleted file mode 100644 index 52fc15e3..00000000 --- a/Makefile +++ /dev/null @@ -1,844 +0,0 @@ -# CMAKE generated file: DO NOT EDIT! -# Generated by "Unix Makefiles" Generator, CMake Version 3.22 - -# Default target executed when no arguments are given to make. -default_target: all -.PHONY : default_target - -# Allow only one "make -f Makefile2" at a time, but pass parallelism. -.NOTPARALLEL: - -#============================================================================= -# Special targets provided by cmake. - -# Disable implicit rules so canonical targets will work. -.SUFFIXES: - -# Disable VCS-based implicit rules. -% : %,v - -# Disable VCS-based implicit rules. -% : RCS/% - -# Disable VCS-based implicit rules. -% : RCS/%,v - -# Disable VCS-based implicit rules. -% : SCCS/s.% - -# Disable VCS-based implicit rules. -% : s.% - -.SUFFIXES: .hpux_make_needs_suffix_list - -# Command-line flag to silence nested $(MAKE). -$(VERBOSE)MAKESILENT = -s - -#Suppress display of executed commands. -$(VERBOSE).SILENT: - -# A target that is always out of date. -cmake_force: -.PHONY : cmake_force - -#============================================================================= -# Set environment variables for the build. - -# The shell in which to execute make rules. -SHELL = /bin/sh - -# The CMake executable. -CMAKE_COMMAND = /usr/bin/cmake - -# The command to remove a file. -RM = /usr/bin/cmake -E rm -f - -# Escaping for special characters. -EQUALS = = - -# The top-level source directory on which CMake was run. -CMAKE_SOURCE_DIR = /home/itc/Desktop/CryptoLib - -# The top-level build directory on which CMake was run. -CMAKE_BINARY_DIR = /home/itc/Desktop/CryptoLib - -#============================================================================= -# Targets provided globally by CMake. - -# Special rule for the target test -test: - @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "Running tests..." - /usr/bin/ctest --force-new-ctest-process $(ARGS) -.PHONY : test - -# Special rule for the target test -test/fast: test -.PHONY : test/fast - -# Special rule for the target edit_cache -edit_cache: - @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "No interactive CMake dialog available..." - /usr/bin/cmake -E echo No\ interactive\ CMake\ dialog\ available. -.PHONY : edit_cache - -# Special rule for the target edit_cache -edit_cache/fast: edit_cache -.PHONY : edit_cache/fast - -# Special rule for the target rebuild_cache -rebuild_cache: - @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "Running CMake to regenerate build system..." - /usr/bin/cmake --regenerate-during-build -S$(CMAKE_SOURCE_DIR) -B$(CMAKE_BINARY_DIR) -.PHONY : rebuild_cache - -# Special rule for the target rebuild_cache -rebuild_cache/fast: rebuild_cache -.PHONY : rebuild_cache/fast - -# Special rule for the target list_install_components -list_install_components: - @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "Available install components are: \"Unspecified\"" -.PHONY : list_install_components - -# Special rule for the target list_install_components -list_install_components/fast: list_install_components -.PHONY : list_install_components/fast - -# Special rule for the target install -install: preinstall - @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "Install the project..." - /usr/bin/cmake -P cmake_install.cmake -.PHONY : install - -# Special rule for the target install -install/fast: preinstall/fast - @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "Install the project..." - /usr/bin/cmake -P cmake_install.cmake -.PHONY : install/fast - -# Special rule for the target install/local -install/local: preinstall - @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "Installing only the local directory..." - /usr/bin/cmake -DCMAKE_INSTALL_LOCAL_ONLY=1 -P cmake_install.cmake -.PHONY : install/local - -# Special rule for the target install/local -install/local/fast: preinstall/fast - @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "Installing only the local directory..." - /usr/bin/cmake -DCMAKE_INSTALL_LOCAL_ONLY=1 -P cmake_install.cmake -.PHONY : install/local/fast - -# Special rule for the target install/strip -install/strip: preinstall - @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "Installing the project stripped..." - /usr/bin/cmake -DCMAKE_INSTALL_DO_STRIP=1 -P cmake_install.cmake -.PHONY : install/strip - -# Special rule for the target install/strip -install/strip/fast: preinstall/fast - @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "Installing the project stripped..." - /usr/bin/cmake -DCMAKE_INSTALL_DO_STRIP=1 -P cmake_install.cmake -.PHONY : install/strip/fast - -# The main all target -all: cmake_check_build_system - $(CMAKE_COMMAND) -E cmake_progress_start /home/itc/Desktop/CryptoLib/CMakeFiles /home/itc/Desktop/CryptoLib//CMakeFiles/progress.marks - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 all - $(CMAKE_COMMAND) -E cmake_progress_start /home/itc/Desktop/CryptoLib/CMakeFiles 0 -.PHONY : all - -# The main clean target -clean: - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 clean -.PHONY : clean - -# The main clean target -clean/fast: clean -.PHONY : clean/fast - -# Prepare targets for installation. -preinstall: all - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 preinstall -.PHONY : preinstall - -# Prepare targets for installation. -preinstall/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 preinstall -.PHONY : preinstall/fast - -# clear depends -depend: - $(CMAKE_COMMAND) -S$(CMAKE_SOURCE_DIR) -B$(CMAKE_BINARY_DIR) --check-build-system CMakeFiles/Makefile.cmake 1 -.PHONY : depend - -#============================================================================= -# Target rules for targets named Experimental - -# Build rule for target. -Experimental: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 Experimental -.PHONY : Experimental - -# fast build rule for target. -Experimental/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/Experimental.dir/build.make CMakeFiles/Experimental.dir/build -.PHONY : Experimental/fast - -#============================================================================= -# Target rules for targets named Nightly - -# Build rule for target. -Nightly: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 Nightly -.PHONY : Nightly - -# fast build rule for target. -Nightly/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/Nightly.dir/build.make CMakeFiles/Nightly.dir/build -.PHONY : Nightly/fast - -#============================================================================= -# Target rules for targets named Continuous - -# Build rule for target. -Continuous: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 Continuous -.PHONY : Continuous - -# fast build rule for target. -Continuous/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/Continuous.dir/build.make CMakeFiles/Continuous.dir/build -.PHONY : Continuous/fast - -#============================================================================= -# Target rules for targets named NightlyMemoryCheck - -# Build rule for target. -NightlyMemoryCheck: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 NightlyMemoryCheck -.PHONY : NightlyMemoryCheck - -# fast build rule for target. -NightlyMemoryCheck/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/NightlyMemoryCheck.dir/build.make CMakeFiles/NightlyMemoryCheck.dir/build -.PHONY : NightlyMemoryCheck/fast - -#============================================================================= -# Target rules for targets named NightlyStart - -# Build rule for target. -NightlyStart: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 NightlyStart -.PHONY : NightlyStart - -# fast build rule for target. -NightlyStart/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/NightlyStart.dir/build.make CMakeFiles/NightlyStart.dir/build -.PHONY : NightlyStart/fast - -#============================================================================= -# Target rules for targets named NightlyUpdate - -# Build rule for target. -NightlyUpdate: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 NightlyUpdate -.PHONY : NightlyUpdate - -# fast build rule for target. -NightlyUpdate/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/NightlyUpdate.dir/build.make CMakeFiles/NightlyUpdate.dir/build -.PHONY : NightlyUpdate/fast - -#============================================================================= -# Target rules for targets named NightlyConfigure - -# Build rule for target. -NightlyConfigure: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 NightlyConfigure -.PHONY : NightlyConfigure - -# fast build rule for target. -NightlyConfigure/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/NightlyConfigure.dir/build.make CMakeFiles/NightlyConfigure.dir/build -.PHONY : NightlyConfigure/fast - -#============================================================================= -# Target rules for targets named NightlyBuild - -# Build rule for target. -NightlyBuild: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 NightlyBuild -.PHONY : NightlyBuild - -# fast build rule for target. -NightlyBuild/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/NightlyBuild.dir/build.make CMakeFiles/NightlyBuild.dir/build -.PHONY : NightlyBuild/fast - -#============================================================================= -# Target rules for targets named NightlyTest - -# Build rule for target. -NightlyTest: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 NightlyTest -.PHONY : NightlyTest - -# fast build rule for target. -NightlyTest/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/NightlyTest.dir/build.make CMakeFiles/NightlyTest.dir/build -.PHONY : NightlyTest/fast - -#============================================================================= -# Target rules for targets named NightlyCoverage - -# Build rule for target. -NightlyCoverage: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 NightlyCoverage -.PHONY : NightlyCoverage - -# fast build rule for target. -NightlyCoverage/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/NightlyCoverage.dir/build.make CMakeFiles/NightlyCoverage.dir/build -.PHONY : NightlyCoverage/fast - -#============================================================================= -# Target rules for targets named NightlyMemCheck - -# Build rule for target. -NightlyMemCheck: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 NightlyMemCheck -.PHONY : NightlyMemCheck - -# fast build rule for target. -NightlyMemCheck/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/NightlyMemCheck.dir/build.make CMakeFiles/NightlyMemCheck.dir/build -.PHONY : NightlyMemCheck/fast - -#============================================================================= -# Target rules for targets named NightlySubmit - -# Build rule for target. -NightlySubmit: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 NightlySubmit -.PHONY : NightlySubmit - -# fast build rule for target. -NightlySubmit/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/NightlySubmit.dir/build.make CMakeFiles/NightlySubmit.dir/build -.PHONY : NightlySubmit/fast - -#============================================================================= -# Target rules for targets named ExperimentalStart - -# Build rule for target. -ExperimentalStart: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ExperimentalStart -.PHONY : ExperimentalStart - -# fast build rule for target. -ExperimentalStart/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/ExperimentalStart.dir/build.make CMakeFiles/ExperimentalStart.dir/build -.PHONY : ExperimentalStart/fast - -#============================================================================= -# Target rules for targets named ExperimentalUpdate - -# Build rule for target. -ExperimentalUpdate: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ExperimentalUpdate -.PHONY : ExperimentalUpdate - -# fast build rule for target. -ExperimentalUpdate/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/ExperimentalUpdate.dir/build.make CMakeFiles/ExperimentalUpdate.dir/build -.PHONY : ExperimentalUpdate/fast - -#============================================================================= -# Target rules for targets named ExperimentalConfigure - -# Build rule for target. -ExperimentalConfigure: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ExperimentalConfigure -.PHONY : ExperimentalConfigure - -# fast build rule for target. -ExperimentalConfigure/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/ExperimentalConfigure.dir/build.make CMakeFiles/ExperimentalConfigure.dir/build -.PHONY : ExperimentalConfigure/fast - -#============================================================================= -# Target rules for targets named ExperimentalBuild - -# Build rule for target. -ExperimentalBuild: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ExperimentalBuild -.PHONY : ExperimentalBuild - -# fast build rule for target. -ExperimentalBuild/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/ExperimentalBuild.dir/build.make CMakeFiles/ExperimentalBuild.dir/build -.PHONY : ExperimentalBuild/fast - -#============================================================================= -# Target rules for targets named ExperimentalTest - -# Build rule for target. -ExperimentalTest: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ExperimentalTest -.PHONY : ExperimentalTest - -# fast build rule for target. -ExperimentalTest/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/ExperimentalTest.dir/build.make CMakeFiles/ExperimentalTest.dir/build -.PHONY : ExperimentalTest/fast - -#============================================================================= -# Target rules for targets named ExperimentalCoverage - -# Build rule for target. -ExperimentalCoverage: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ExperimentalCoverage -.PHONY : ExperimentalCoverage - -# fast build rule for target. -ExperimentalCoverage/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/ExperimentalCoverage.dir/build.make CMakeFiles/ExperimentalCoverage.dir/build -.PHONY : ExperimentalCoverage/fast - -#============================================================================= -# Target rules for targets named ExperimentalMemCheck - -# Build rule for target. -ExperimentalMemCheck: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ExperimentalMemCheck -.PHONY : ExperimentalMemCheck - -# fast build rule for target. -ExperimentalMemCheck/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/ExperimentalMemCheck.dir/build.make CMakeFiles/ExperimentalMemCheck.dir/build -.PHONY : ExperimentalMemCheck/fast - -#============================================================================= -# Target rules for targets named ExperimentalSubmit - -# Build rule for target. -ExperimentalSubmit: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ExperimentalSubmit -.PHONY : ExperimentalSubmit - -# fast build rule for target. -ExperimentalSubmit/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/ExperimentalSubmit.dir/build.make CMakeFiles/ExperimentalSubmit.dir/build -.PHONY : ExperimentalSubmit/fast - -#============================================================================= -# Target rules for targets named ContinuousStart - -# Build rule for target. -ContinuousStart: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ContinuousStart -.PHONY : ContinuousStart - -# fast build rule for target. -ContinuousStart/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/ContinuousStart.dir/build.make CMakeFiles/ContinuousStart.dir/build -.PHONY : ContinuousStart/fast - -#============================================================================= -# Target rules for targets named ContinuousUpdate - -# Build rule for target. -ContinuousUpdate: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ContinuousUpdate -.PHONY : ContinuousUpdate - -# fast build rule for target. -ContinuousUpdate/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/ContinuousUpdate.dir/build.make CMakeFiles/ContinuousUpdate.dir/build -.PHONY : ContinuousUpdate/fast - -#============================================================================= -# Target rules for targets named ContinuousConfigure - -# Build rule for target. -ContinuousConfigure: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ContinuousConfigure -.PHONY : ContinuousConfigure - -# fast build rule for target. -ContinuousConfigure/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/ContinuousConfigure.dir/build.make CMakeFiles/ContinuousConfigure.dir/build -.PHONY : ContinuousConfigure/fast - -#============================================================================= -# Target rules for targets named ContinuousBuild - -# Build rule for target. -ContinuousBuild: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ContinuousBuild -.PHONY : ContinuousBuild - -# fast build rule for target. -ContinuousBuild/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/ContinuousBuild.dir/build.make CMakeFiles/ContinuousBuild.dir/build -.PHONY : ContinuousBuild/fast - -#============================================================================= -# Target rules for targets named ContinuousTest - -# Build rule for target. -ContinuousTest: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ContinuousTest -.PHONY : ContinuousTest - -# fast build rule for target. -ContinuousTest/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/ContinuousTest.dir/build.make CMakeFiles/ContinuousTest.dir/build -.PHONY : ContinuousTest/fast - -#============================================================================= -# Target rules for targets named ContinuousCoverage - -# Build rule for target. -ContinuousCoverage: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ContinuousCoverage -.PHONY : ContinuousCoverage - -# fast build rule for target. -ContinuousCoverage/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/ContinuousCoverage.dir/build.make CMakeFiles/ContinuousCoverage.dir/build -.PHONY : ContinuousCoverage/fast - -#============================================================================= -# Target rules for targets named ContinuousMemCheck - -# Build rule for target. -ContinuousMemCheck: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ContinuousMemCheck -.PHONY : ContinuousMemCheck - -# fast build rule for target. -ContinuousMemCheck/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/ContinuousMemCheck.dir/build.make CMakeFiles/ContinuousMemCheck.dir/build -.PHONY : ContinuousMemCheck/fast - -#============================================================================= -# Target rules for targets named ContinuousSubmit - -# Build rule for target. -ContinuousSubmit: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ContinuousSubmit -.PHONY : ContinuousSubmit - -# fast build rule for target. -ContinuousSubmit/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/ContinuousSubmit.dir/build.make CMakeFiles/ContinuousSubmit.dir/build -.PHONY : ContinuousSubmit/fast - -#============================================================================= -# Target rules for targets named crypto - -# Build rule for target. -crypto: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 crypto -.PHONY : crypto - -# fast build rule for target. -crypto/fast: - $(MAKE) $(MAKESILENT) -f src/CMakeFiles/crypto.dir/build.make src/CMakeFiles/crypto.dir/build -.PHONY : crypto/fast - -#============================================================================= -# Target rules for targets named et_dt_validation - -# Build rule for target. -et_dt_validation: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 et_dt_validation -.PHONY : et_dt_validation - -# fast build rule for target. -et_dt_validation/fast: - $(MAKE) $(MAKESILENT) -f test/CMakeFiles/et_dt_validation.dir/build.make test/CMakeFiles/et_dt_validation.dir/build -.PHONY : et_dt_validation/fast - -#============================================================================= -# Target rules for targets named ut_aes_gcm_siv - -# Build rule for target. -ut_aes_gcm_siv: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ut_aes_gcm_siv -.PHONY : ut_aes_gcm_siv - -# fast build rule for target. -ut_aes_gcm_siv/fast: - $(MAKE) $(MAKESILENT) -f test/CMakeFiles/ut_aes_gcm_siv.dir/build.make test/CMakeFiles/ut_aes_gcm_siv.dir/build -.PHONY : ut_aes_gcm_siv/fast - -#============================================================================= -# Target rules for targets named ut_aos_apply - -# Build rule for target. -ut_aos_apply: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ut_aos_apply -.PHONY : ut_aos_apply - -# fast build rule for target. -ut_aos_apply/fast: - $(MAKE) $(MAKESILENT) -f test/CMakeFiles/ut_aos_apply.dir/build.make test/CMakeFiles/ut_aos_apply.dir/build -.PHONY : ut_aos_apply/fast - -#============================================================================= -# Target rules for targets named ut_aos_process - -# Build rule for target. -ut_aos_process: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ut_aos_process -.PHONY : ut_aos_process - -# fast build rule for target. -ut_aos_process/fast: - $(MAKE) $(MAKESILENT) -f test/CMakeFiles/ut_aos_process.dir/build.make test/CMakeFiles/ut_aos_process.dir/build -.PHONY : ut_aos_process/fast - -#============================================================================= -# Target rules for targets named ut_crypto - -# Build rule for target. -ut_crypto: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ut_crypto -.PHONY : ut_crypto - -# fast build rule for target. -ut_crypto/fast: - $(MAKE) $(MAKESILENT) -f test/CMakeFiles/ut_crypto.dir/build.make test/CMakeFiles/ut_crypto.dir/build -.PHONY : ut_crypto/fast - -#============================================================================= -# Target rules for targets named ut_crypto_config - -# Build rule for target. -ut_crypto_config: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ut_crypto_config -.PHONY : ut_crypto_config - -# fast build rule for target. -ut_crypto_config/fast: - $(MAKE) $(MAKESILENT) -f test/CMakeFiles/ut_crypto_config.dir/build.make test/CMakeFiles/ut_crypto_config.dir/build -.PHONY : ut_crypto_config/fast - -#============================================================================= -# Target rules for targets named ut_crypto_mc - -# Build rule for target. -ut_crypto_mc: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ut_crypto_mc -.PHONY : ut_crypto_mc - -# fast build rule for target. -ut_crypto_mc/fast: - $(MAKE) $(MAKESILENT) -f test/CMakeFiles/ut_crypto_mc.dir/build.make test/CMakeFiles/ut_crypto_mc.dir/build -.PHONY : ut_crypto_mc/fast - -#============================================================================= -# Target rules for targets named ut_mysql_m_tls_connection - -# Build rule for target. -ut_mysql_m_tls_connection: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ut_mysql_m_tls_connection -.PHONY : ut_mysql_m_tls_connection - -# fast build rule for target. -ut_mysql_m_tls_connection/fast: - $(MAKE) $(MAKESILENT) -f test/CMakeFiles/ut_mysql_m_tls_connection.dir/build.make test/CMakeFiles/ut_mysql_m_tls_connection.dir/build -.PHONY : ut_mysql_m_tls_connection/fast - -#============================================================================= -# Target rules for targets named ut_mysql_tls_connection - -# Build rule for target. -ut_mysql_tls_connection: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ut_mysql_tls_connection -.PHONY : ut_mysql_tls_connection - -# fast build rule for target. -ut_mysql_tls_connection/fast: - $(MAKE) $(MAKESILENT) -f test/CMakeFiles/ut_mysql_tls_connection.dir/build.make test/CMakeFiles/ut_mysql_tls_connection.dir/build -.PHONY : ut_mysql_tls_connection/fast - -#============================================================================= -# Target rules for targets named ut_sa_save - -# Build rule for target. -ut_sa_save: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ut_sa_save -.PHONY : ut_sa_save - -# fast build rule for target. -ut_sa_save/fast: - $(MAKE) $(MAKESILENT) -f test/CMakeFiles/ut_sa_save.dir/build.make test/CMakeFiles/ut_sa_save.dir/build -.PHONY : ut_sa_save/fast - -#============================================================================= -# Target rules for targets named ut_sadb_err_cases_kmc_crypto - -# Build rule for target. -ut_sadb_err_cases_kmc_crypto: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ut_sadb_err_cases_kmc_crypto -.PHONY : ut_sadb_err_cases_kmc_crypto - -# fast build rule for target. -ut_sadb_err_cases_kmc_crypto/fast: - $(MAKE) $(MAKESILENT) -f test/CMakeFiles/ut_sadb_err_cases_kmc_crypto.dir/build.make test/CMakeFiles/ut_sadb_err_cases_kmc_crypto.dir/build -.PHONY : ut_sadb_err_cases_kmc_crypto/fast - -#============================================================================= -# Target rules for targets named ut_tc_apply - -# Build rule for target. -ut_tc_apply: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ut_tc_apply -.PHONY : ut_tc_apply - -# fast build rule for target. -ut_tc_apply/fast: - $(MAKE) $(MAKESILENT) -f test/CMakeFiles/ut_tc_apply.dir/build.make test/CMakeFiles/ut_tc_apply.dir/build -.PHONY : ut_tc_apply/fast - -#============================================================================= -# Target rules for targets named ut_tc_process - -# Build rule for target. -ut_tc_process: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ut_tc_process -.PHONY : ut_tc_process - -# fast build rule for target. -ut_tc_process/fast: - $(MAKE) $(MAKESILENT) -f test/CMakeFiles/ut_tc_process.dir/build.make test/CMakeFiles/ut_tc_process.dir/build -.PHONY : ut_tc_process/fast - -#============================================================================= -# Target rules for targets named ut_tm_apply - -# Build rule for target. -ut_tm_apply: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ut_tm_apply -.PHONY : ut_tm_apply - -# fast build rule for target. -ut_tm_apply/fast: - $(MAKE) $(MAKESILENT) -f test/CMakeFiles/ut_tm_apply.dir/build.make test/CMakeFiles/ut_tm_apply.dir/build -.PHONY : ut_tm_apply/fast - -#============================================================================= -# Target rules for targets named ut_tm_process - -# Build rule for target. -ut_tm_process: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ut_tm_process -.PHONY : ut_tm_process - -# fast build rule for target. -ut_tm_process/fast: - $(MAKE) $(MAKESILENT) -f test/CMakeFiles/ut_tm_process.dir/build.make test/CMakeFiles/ut_tm_process.dir/build -.PHONY : ut_tm_process/fast - -#============================================================================= -# Target rules for targets named gcov - -# Build rule for target. -gcov: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 gcov -.PHONY : gcov - -# fast build rule for target. -gcov/fast: - $(MAKE) $(MAKESILENT) -f test/CMakeFiles/gcov.dir/build.make test/CMakeFiles/gcov.dir/build -.PHONY : gcov/fast - -#============================================================================= -# Target rules for targets named scrub - -# Build rule for target. -scrub: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 scrub -.PHONY : scrub - -# fast build rule for target. -scrub/fast: - $(MAKE) $(MAKESILENT) -f test/CMakeFiles/scrub.dir/build.make test/CMakeFiles/scrub.dir/build -.PHONY : scrub/fast - -# Help Target -help: - @echo "The following are some of the valid targets for this Makefile:" - @echo "... all (the default if no target is provided)" - @echo "... clean" - @echo "... depend" - @echo "... edit_cache" - @echo "... install" - @echo "... install/local" - @echo "... install/strip" - @echo "... list_install_components" - @echo "... rebuild_cache" - @echo "... test" - @echo "... Continuous" - @echo "... ContinuousBuild" - @echo "... ContinuousConfigure" - @echo "... ContinuousCoverage" - @echo "... ContinuousMemCheck" - @echo "... ContinuousStart" - @echo "... ContinuousSubmit" - @echo "... ContinuousTest" - @echo "... ContinuousUpdate" - @echo "... Experimental" - @echo "... ExperimentalBuild" - @echo "... ExperimentalConfigure" - @echo "... ExperimentalCoverage" - @echo "... ExperimentalMemCheck" - @echo "... ExperimentalStart" - @echo "... ExperimentalSubmit" - @echo "... ExperimentalTest" - @echo "... ExperimentalUpdate" - @echo "... Nightly" - @echo "... NightlyBuild" - @echo "... NightlyConfigure" - @echo "... NightlyCoverage" - @echo "... NightlyMemCheck" - @echo "... NightlyMemoryCheck" - @echo "... NightlyStart" - @echo "... NightlySubmit" - @echo "... NightlyTest" - @echo "... NightlyUpdate" - @echo "... gcov" - @echo "... scrub" - @echo "... crypto" - @echo "... et_dt_validation" - @echo "... ut_aes_gcm_siv" - @echo "... ut_aos_apply" - @echo "... ut_aos_process" - @echo "... ut_crypto" - @echo "... ut_crypto_config" - @echo "... ut_crypto_mc" - @echo "... ut_mysql_m_tls_connection" - @echo "... ut_mysql_tls_connection" - @echo "... ut_sa_save" - @echo "... ut_sadb_err_cases_kmc_crypto" - @echo "... ut_tc_apply" - @echo "... ut_tc_process" - @echo "... ut_tm_apply" - @echo "... ut_tm_process" -.PHONY : help - - - -#============================================================================= -# Special targets to cleanup operation of make. - -# Special rule to run CMake to check the build system integrity. -# No rule that depends on this can have commands that come from listfiles -# because they might be regenerated. -cmake_check_build_system: - $(CMAKE_COMMAND) -S$(CMAKE_SOURCE_DIR) -B$(CMAKE_BINARY_DIR) --check-build-system CMakeFiles/Makefile.cmake 0 -.PHONY : cmake_check_build_system - diff --git a/src/core/crypto_tm.c b/src/core/crypto_tm.c index c3c112db..155e9720 100644 --- a/src/core/crypto_tm.c +++ b/src/core/crypto_tm.c @@ -534,65 +534,68 @@ int32_t Crypto_TM_Do_Encrypt(uint8_t sa_service_type, SecurityAssociation_t* sa_ status = Crypto_TM_Do_Encrypt_Handle_Increment(sa_service_type, sa_ptr); } - - // Move idx to mac location - idx += pdu_len; -#ifdef TM_DEBUG - if (sa_ptr->stmacf_len > 0) - { - printf(KYEL "Data length is %d\n" RESET, pdu_len); - printf(KYEL "MAC location starts at: %d\n" RESET, idx); - printf(KYEL "MAC length of %d\n" RESET, sa_ptr->stmacf_len); - } - else + if (status == CRYPTO_LIB_SUCCESS) { - printf(KYEL "MAC NOT SET TO BE USED IN SA - LENGTH IS 0\n"); - } + // Move idx to mac location + idx += pdu_len; +#ifdef TM_DEBUG + if (sa_ptr->stmacf_len > 0) + { + printf(KYEL "Data length is %d\n" RESET, pdu_len); + printf(KYEL "MAC location starts at: %d\n" RESET, idx); + printf(KYEL "MAC length of %d\n" RESET, sa_ptr->stmacf_len); + } + else + { + printf(KYEL "MAC NOT SET TO BE USED IN SA - LENGTH IS 0\n"); + } #endif -//TODO OCF - ? Here, elsewhere? + //TODO OCF - ? Here, elsewhere? - /** - * End Authentication / Encryption - **/ + /** + * End Authentication / Encryption + **/ - // Only calculate & insert FECF if CryptoLib is configured to do so & gvcid includes FECF. - if (current_managed_parameters_struct.has_fecf == TM_HAS_FECF) - { + // Only calculate & insert FECF if CryptoLib is configured to do so & gvcid includes FECF. + if (current_managed_parameters_struct.has_fecf == TM_HAS_FECF) + { #ifdef FECF_DEBUG - printf(KCYN "Calcing FECF over %d bytes\n" RESET, current_managed_parameters_struct.max_frame_size - 2); + printf(KCYN "Calcing FECF over %d bytes\n" RESET, current_managed_parameters_struct.max_frame_size - 2); #endif - if (crypto_config.crypto_create_fecf == CRYPTO_TM_CREATE_FECF_TRUE) - { - *new_fecf = Crypto_Calc_FECF((uint8_t*)pTfBuffer, current_managed_parameters_struct.max_frame_size - 2); - pTfBuffer[current_managed_parameters_struct.max_frame_size - 2] = (uint8_t)((*new_fecf & 0xFF00) >> 8); - pTfBuffer[current_managed_parameters_struct.max_frame_size - 1] = (uint8_t)(*new_fecf & 0x00FF); + if (crypto_config.crypto_create_fecf == CRYPTO_TM_CREATE_FECF_TRUE) + { + *new_fecf = Crypto_Calc_FECF((uint8_t*)pTfBuffer, current_managed_parameters_struct.max_frame_size - 2); + pTfBuffer[current_managed_parameters_struct.max_frame_size - 2] = (uint8_t)((*new_fecf & 0xFF00) >> 8); + pTfBuffer[current_managed_parameters_struct.max_frame_size - 1] = (uint8_t)(*new_fecf & 0x00FF); + } + else // CRYPTO_TC_CREATE_FECF_FALSE + { + pTfBuffer[current_managed_parameters_struct.max_frame_size - 2] = (uint8_t)0x00; + pTfBuffer[current_managed_parameters_struct.max_frame_size - 1] = (uint8_t)0x00; + } + idx += 2; } - else // CRYPTO_TC_CREATE_FECF_FALSE + +#ifdef TM_DEBUG + printf(KYEL "Printing new TM frame:\n\t"); + for(int i = 0; i < current_managed_parameters_struct.max_frame_size; i++) { - pTfBuffer[current_managed_parameters_struct.max_frame_size - 2] = (uint8_t)0x00; - pTfBuffer[current_managed_parameters_struct.max_frame_size - 1] = (uint8_t)0x00; + printf("%02X", pTfBuffer[i]); } - idx += 2; + printf("\n"); +#endif } - -#ifdef TM_DEBUG - printf(KYEL "Printing new TM frame:\n\t"); - for(int i = 0; i < current_managed_parameters_struct.max_frame_size; i++) + if (status == CRYPTO_LIB_SUCCESS) { - printf("%02X", pTfBuffer[i]); - } - printf("\n"); -#endif - - status = sa_if->sa_save_sa(sa_ptr); + status = sa_if->sa_save_sa(sa_ptr); #ifdef DEBUG - printf(KYEL "----- Crypto_TM_ApplySecurity END -----\n" RESET); + printf(KYEL "----- Crypto_TM_ApplySecurity END -----\n" RESET); #endif - *idx_p = idx; - + *idx_p = idx; + } return status; } From 366d394d787e760dd1776a4ed351ad365398087a Mon Sep 17 00:00:00 2001 From: "Lucas, John P." Date: Mon, 26 Aug 2024 11:59:14 -0400 Subject: [PATCH 109/174] [hotfix] Revert top level Makefile from cryptolib#262; --- Makefile | 867 ++----------------------------------------------------- 1 file changed, 29 insertions(+), 838 deletions(-) diff --git a/Makefile b/Makefile index 52fc15e3..013a1d27 100644 --- a/Makefile +++ b/Makefile @@ -1,844 +1,35 @@ -# CMAKE generated file: DO NOT EDIT! -# Generated by "Unix Makefiles" Generator, CMake Version 3.22 +# +# CryptoLib Makefile +# + +# The "LOCALTGTS" defines the top-level targets that are implemented in this makefile +# Any other target may also be given, in that case it will simply be passed through. +LOCALTGTS := all clean debug internal kmc wolf +OTHERTGTS := $(filter-out $(LOCALTGTS),$(MAKECMDGOALS)) + +# As this makefile does not build any real files, treat everything as a PHONY target +# This ensures that the rule gets executed even if a file by that name does exist +.PHONY: $(LOCALTGTS) $(OTHERTGTS) + +# +# Commands +# +all: + $(MAKE) internal + $(MAKE) kmc + $(MAKE) wolf -# Default target executed when no arguments are given to make. -default_target: all -.PHONY : default_target - -# Allow only one "make -f Makefile2" at a time, but pass parallelism. -.NOTPARALLEL: - -#============================================================================= -# Special targets provided by cmake. - -# Disable implicit rules so canonical targets will work. -.SUFFIXES: - -# Disable VCS-based implicit rules. -% : %,v - -# Disable VCS-based implicit rules. -% : RCS/% - -# Disable VCS-based implicit rules. -% : RCS/%,v - -# Disable VCS-based implicit rules. -% : SCCS/s.% - -# Disable VCS-based implicit rules. -% : s.% - -.SUFFIXES: .hpux_make_needs_suffix_list - -# Command-line flag to silence nested $(MAKE). -$(VERBOSE)MAKESILENT = -s - -#Suppress display of executed commands. -$(VERBOSE).SILENT: - -# A target that is always out of date. -cmake_force: -.PHONY : cmake_force - -#============================================================================= -# Set environment variables for the build. - -# The shell in which to execute make rules. -SHELL = /bin/sh - -# The CMake executable. -CMAKE_COMMAND = /usr/bin/cmake - -# The command to remove a file. -RM = /usr/bin/cmake -E rm -f - -# Escaping for special characters. -EQUALS = = - -# The top-level source directory on which CMake was run. -CMAKE_SOURCE_DIR = /home/itc/Desktop/CryptoLib - -# The top-level build directory on which CMake was run. -CMAKE_BINARY_DIR = /home/itc/Desktop/CryptoLib - -#============================================================================= -# Targets provided globally by CMake. - -# Special rule for the target test -test: - @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "Running tests..." - /usr/bin/ctest --force-new-ctest-process $(ARGS) -.PHONY : test - -# Special rule for the target test -test/fast: test -.PHONY : test/fast - -# Special rule for the target edit_cache -edit_cache: - @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "No interactive CMake dialog available..." - /usr/bin/cmake -E echo No\ interactive\ CMake\ dialog\ available. -.PHONY : edit_cache - -# Special rule for the target edit_cache -edit_cache/fast: edit_cache -.PHONY : edit_cache/fast - -# Special rule for the target rebuild_cache -rebuild_cache: - @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "Running CMake to regenerate build system..." - /usr/bin/cmake --regenerate-during-build -S$(CMAKE_SOURCE_DIR) -B$(CMAKE_BINARY_DIR) -.PHONY : rebuild_cache - -# Special rule for the target rebuild_cache -rebuild_cache/fast: rebuild_cache -.PHONY : rebuild_cache/fast - -# Special rule for the target list_install_components -list_install_components: - @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "Available install components are: \"Unspecified\"" -.PHONY : list_install_components - -# Special rule for the target list_install_components -list_install_components/fast: list_install_components -.PHONY : list_install_components/fast - -# Special rule for the target install -install: preinstall - @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "Install the project..." - /usr/bin/cmake -P cmake_install.cmake -.PHONY : install - -# Special rule for the target install -install/fast: preinstall/fast - @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "Install the project..." - /usr/bin/cmake -P cmake_install.cmake -.PHONY : install/fast - -# Special rule for the target install/local -install/local: preinstall - @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "Installing only the local directory..." - /usr/bin/cmake -DCMAKE_INSTALL_LOCAL_ONLY=1 -P cmake_install.cmake -.PHONY : install/local - -# Special rule for the target install/local -install/local/fast: preinstall/fast - @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "Installing only the local directory..." - /usr/bin/cmake -DCMAKE_INSTALL_LOCAL_ONLY=1 -P cmake_install.cmake -.PHONY : install/local/fast - -# Special rule for the target install/strip -install/strip: preinstall - @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "Installing the project stripped..." - /usr/bin/cmake -DCMAKE_INSTALL_DO_STRIP=1 -P cmake_install.cmake -.PHONY : install/strip - -# Special rule for the target install/strip -install/strip/fast: preinstall/fast - @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "Installing the project stripped..." - /usr/bin/cmake -DCMAKE_INSTALL_DO_STRIP=1 -P cmake_install.cmake -.PHONY : install/strip/fast - -# The main all target -all: cmake_check_build_system - $(CMAKE_COMMAND) -E cmake_progress_start /home/itc/Desktop/CryptoLib/CMakeFiles /home/itc/Desktop/CryptoLib//CMakeFiles/progress.marks - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 all - $(CMAKE_COMMAND) -E cmake_progress_start /home/itc/Desktop/CryptoLib/CMakeFiles 0 -.PHONY : all - -# The main clean target clean: - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 clean -.PHONY : clean - -# The main clean target -clean/fast: clean -.PHONY : clean/fast - -# Prepare targets for installation. -preinstall: all - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 preinstall -.PHONY : preinstall - -# Prepare targets for installation. -preinstall/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 preinstall -.PHONY : preinstall/fast - -# clear depends -depend: - $(CMAKE_COMMAND) -S$(CMAKE_SOURCE_DIR) -B$(CMAKE_BINARY_DIR) --check-build-system CMakeFiles/Makefile.cmake 1 -.PHONY : depend - -#============================================================================= -# Target rules for targets named Experimental - -# Build rule for target. -Experimental: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 Experimental -.PHONY : Experimental - -# fast build rule for target. -Experimental/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/Experimental.dir/build.make CMakeFiles/Experimental.dir/build -.PHONY : Experimental/fast - -#============================================================================= -# Target rules for targets named Nightly - -# Build rule for target. -Nightly: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 Nightly -.PHONY : Nightly - -# fast build rule for target. -Nightly/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/Nightly.dir/build.make CMakeFiles/Nightly.dir/build -.PHONY : Nightly/fast - -#============================================================================= -# Target rules for targets named Continuous - -# Build rule for target. -Continuous: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 Continuous -.PHONY : Continuous - -# fast build rule for target. -Continuous/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/Continuous.dir/build.make CMakeFiles/Continuous.dir/build -.PHONY : Continuous/fast - -#============================================================================= -# Target rules for targets named NightlyMemoryCheck - -# Build rule for target. -NightlyMemoryCheck: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 NightlyMemoryCheck -.PHONY : NightlyMemoryCheck - -# fast build rule for target. -NightlyMemoryCheck/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/NightlyMemoryCheck.dir/build.make CMakeFiles/NightlyMemoryCheck.dir/build -.PHONY : NightlyMemoryCheck/fast - -#============================================================================= -# Target rules for targets named NightlyStart - -# Build rule for target. -NightlyStart: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 NightlyStart -.PHONY : NightlyStart - -# fast build rule for target. -NightlyStart/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/NightlyStart.dir/build.make CMakeFiles/NightlyStart.dir/build -.PHONY : NightlyStart/fast - -#============================================================================= -# Target rules for targets named NightlyUpdate - -# Build rule for target. -NightlyUpdate: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 NightlyUpdate -.PHONY : NightlyUpdate - -# fast build rule for target. -NightlyUpdate/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/NightlyUpdate.dir/build.make CMakeFiles/NightlyUpdate.dir/build -.PHONY : NightlyUpdate/fast - -#============================================================================= -# Target rules for targets named NightlyConfigure - -# Build rule for target. -NightlyConfigure: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 NightlyConfigure -.PHONY : NightlyConfigure - -# fast build rule for target. -NightlyConfigure/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/NightlyConfigure.dir/build.make CMakeFiles/NightlyConfigure.dir/build -.PHONY : NightlyConfigure/fast - -#============================================================================= -# Target rules for targets named NightlyBuild - -# Build rule for target. -NightlyBuild: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 NightlyBuild -.PHONY : NightlyBuild - -# fast build rule for target. -NightlyBuild/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/NightlyBuild.dir/build.make CMakeFiles/NightlyBuild.dir/build -.PHONY : NightlyBuild/fast - -#============================================================================= -# Target rules for targets named NightlyTest - -# Build rule for target. -NightlyTest: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 NightlyTest -.PHONY : NightlyTest - -# fast build rule for target. -NightlyTest/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/NightlyTest.dir/build.make CMakeFiles/NightlyTest.dir/build -.PHONY : NightlyTest/fast - -#============================================================================= -# Target rules for targets named NightlyCoverage - -# Build rule for target. -NightlyCoverage: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 NightlyCoverage -.PHONY : NightlyCoverage - -# fast build rule for target. -NightlyCoverage/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/NightlyCoverage.dir/build.make CMakeFiles/NightlyCoverage.dir/build -.PHONY : NightlyCoverage/fast - -#============================================================================= -# Target rules for targets named NightlyMemCheck - -# Build rule for target. -NightlyMemCheck: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 NightlyMemCheck -.PHONY : NightlyMemCheck - -# fast build rule for target. -NightlyMemCheck/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/NightlyMemCheck.dir/build.make CMakeFiles/NightlyMemCheck.dir/build -.PHONY : NightlyMemCheck/fast - -#============================================================================= -# Target rules for targets named NightlySubmit - -# Build rule for target. -NightlySubmit: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 NightlySubmit -.PHONY : NightlySubmit - -# fast build rule for target. -NightlySubmit/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/NightlySubmit.dir/build.make CMakeFiles/NightlySubmit.dir/build -.PHONY : NightlySubmit/fast - -#============================================================================= -# Target rules for targets named ExperimentalStart - -# Build rule for target. -ExperimentalStart: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ExperimentalStart -.PHONY : ExperimentalStart - -# fast build rule for target. -ExperimentalStart/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/ExperimentalStart.dir/build.make CMakeFiles/ExperimentalStart.dir/build -.PHONY : ExperimentalStart/fast - -#============================================================================= -# Target rules for targets named ExperimentalUpdate - -# Build rule for target. -ExperimentalUpdate: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ExperimentalUpdate -.PHONY : ExperimentalUpdate - -# fast build rule for target. -ExperimentalUpdate/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/ExperimentalUpdate.dir/build.make CMakeFiles/ExperimentalUpdate.dir/build -.PHONY : ExperimentalUpdate/fast - -#============================================================================= -# Target rules for targets named ExperimentalConfigure - -# Build rule for target. -ExperimentalConfigure: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ExperimentalConfigure -.PHONY : ExperimentalConfigure - -# fast build rule for target. -ExperimentalConfigure/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/ExperimentalConfigure.dir/build.make CMakeFiles/ExperimentalConfigure.dir/build -.PHONY : ExperimentalConfigure/fast - -#============================================================================= -# Target rules for targets named ExperimentalBuild - -# Build rule for target. -ExperimentalBuild: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ExperimentalBuild -.PHONY : ExperimentalBuild - -# fast build rule for target. -ExperimentalBuild/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/ExperimentalBuild.dir/build.make CMakeFiles/ExperimentalBuild.dir/build -.PHONY : ExperimentalBuild/fast - -#============================================================================= -# Target rules for targets named ExperimentalTest - -# Build rule for target. -ExperimentalTest: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ExperimentalTest -.PHONY : ExperimentalTest - -# fast build rule for target. -ExperimentalTest/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/ExperimentalTest.dir/build.make CMakeFiles/ExperimentalTest.dir/build -.PHONY : ExperimentalTest/fast - -#============================================================================= -# Target rules for targets named ExperimentalCoverage - -# Build rule for target. -ExperimentalCoverage: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ExperimentalCoverage -.PHONY : ExperimentalCoverage - -# fast build rule for target. -ExperimentalCoverage/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/ExperimentalCoverage.dir/build.make CMakeFiles/ExperimentalCoverage.dir/build -.PHONY : ExperimentalCoverage/fast - -#============================================================================= -# Target rules for targets named ExperimentalMemCheck - -# Build rule for target. -ExperimentalMemCheck: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ExperimentalMemCheck -.PHONY : ExperimentalMemCheck - -# fast build rule for target. -ExperimentalMemCheck/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/ExperimentalMemCheck.dir/build.make CMakeFiles/ExperimentalMemCheck.dir/build -.PHONY : ExperimentalMemCheck/fast - -#============================================================================= -# Target rules for targets named ExperimentalSubmit - -# Build rule for target. -ExperimentalSubmit: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ExperimentalSubmit -.PHONY : ExperimentalSubmit - -# fast build rule for target. -ExperimentalSubmit/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/ExperimentalSubmit.dir/build.make CMakeFiles/ExperimentalSubmit.dir/build -.PHONY : ExperimentalSubmit/fast - -#============================================================================= -# Target rules for targets named ContinuousStart - -# Build rule for target. -ContinuousStart: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ContinuousStart -.PHONY : ContinuousStart - -# fast build rule for target. -ContinuousStart/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/ContinuousStart.dir/build.make CMakeFiles/ContinuousStart.dir/build -.PHONY : ContinuousStart/fast - -#============================================================================= -# Target rules for targets named ContinuousUpdate - -# Build rule for target. -ContinuousUpdate: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ContinuousUpdate -.PHONY : ContinuousUpdate - -# fast build rule for target. -ContinuousUpdate/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/ContinuousUpdate.dir/build.make CMakeFiles/ContinuousUpdate.dir/build -.PHONY : ContinuousUpdate/fast - -#============================================================================= -# Target rules for targets named ContinuousConfigure - -# Build rule for target. -ContinuousConfigure: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ContinuousConfigure -.PHONY : ContinuousConfigure - -# fast build rule for target. -ContinuousConfigure/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/ContinuousConfigure.dir/build.make CMakeFiles/ContinuousConfigure.dir/build -.PHONY : ContinuousConfigure/fast - -#============================================================================= -# Target rules for targets named ContinuousBuild - -# Build rule for target. -ContinuousBuild: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ContinuousBuild -.PHONY : ContinuousBuild - -# fast build rule for target. -ContinuousBuild/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/ContinuousBuild.dir/build.make CMakeFiles/ContinuousBuild.dir/build -.PHONY : ContinuousBuild/fast - -#============================================================================= -# Target rules for targets named ContinuousTest - -# Build rule for target. -ContinuousTest: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ContinuousTest -.PHONY : ContinuousTest - -# fast build rule for target. -ContinuousTest/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/ContinuousTest.dir/build.make CMakeFiles/ContinuousTest.dir/build -.PHONY : ContinuousTest/fast - -#============================================================================= -# Target rules for targets named ContinuousCoverage - -# Build rule for target. -ContinuousCoverage: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ContinuousCoverage -.PHONY : ContinuousCoverage - -# fast build rule for target. -ContinuousCoverage/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/ContinuousCoverage.dir/build.make CMakeFiles/ContinuousCoverage.dir/build -.PHONY : ContinuousCoverage/fast - -#============================================================================= -# Target rules for targets named ContinuousMemCheck - -# Build rule for target. -ContinuousMemCheck: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ContinuousMemCheck -.PHONY : ContinuousMemCheck - -# fast build rule for target. -ContinuousMemCheck/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/ContinuousMemCheck.dir/build.make CMakeFiles/ContinuousMemCheck.dir/build -.PHONY : ContinuousMemCheck/fast - -#============================================================================= -# Target rules for targets named ContinuousSubmit - -# Build rule for target. -ContinuousSubmit: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ContinuousSubmit -.PHONY : ContinuousSubmit - -# fast build rule for target. -ContinuousSubmit/fast: - $(MAKE) $(MAKESILENT) -f CMakeFiles/ContinuousSubmit.dir/build.make CMakeFiles/ContinuousSubmit.dir/build -.PHONY : ContinuousSubmit/fast - -#============================================================================= -# Target rules for targets named crypto - -# Build rule for target. -crypto: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 crypto -.PHONY : crypto - -# fast build rule for target. -crypto/fast: - $(MAKE) $(MAKESILENT) -f src/CMakeFiles/crypto.dir/build.make src/CMakeFiles/crypto.dir/build -.PHONY : crypto/fast - -#============================================================================= -# Target rules for targets named et_dt_validation - -# Build rule for target. -et_dt_validation: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 et_dt_validation -.PHONY : et_dt_validation - -# fast build rule for target. -et_dt_validation/fast: - $(MAKE) $(MAKESILENT) -f test/CMakeFiles/et_dt_validation.dir/build.make test/CMakeFiles/et_dt_validation.dir/build -.PHONY : et_dt_validation/fast - -#============================================================================= -# Target rules for targets named ut_aes_gcm_siv - -# Build rule for target. -ut_aes_gcm_siv: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ut_aes_gcm_siv -.PHONY : ut_aes_gcm_siv - -# fast build rule for target. -ut_aes_gcm_siv/fast: - $(MAKE) $(MAKESILENT) -f test/CMakeFiles/ut_aes_gcm_siv.dir/build.make test/CMakeFiles/ut_aes_gcm_siv.dir/build -.PHONY : ut_aes_gcm_siv/fast - -#============================================================================= -# Target rules for targets named ut_aos_apply - -# Build rule for target. -ut_aos_apply: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ut_aos_apply -.PHONY : ut_aos_apply - -# fast build rule for target. -ut_aos_apply/fast: - $(MAKE) $(MAKESILENT) -f test/CMakeFiles/ut_aos_apply.dir/build.make test/CMakeFiles/ut_aos_apply.dir/build -.PHONY : ut_aos_apply/fast - -#============================================================================= -# Target rules for targets named ut_aos_process - -# Build rule for target. -ut_aos_process: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ut_aos_process -.PHONY : ut_aos_process - -# fast build rule for target. -ut_aos_process/fast: - $(MAKE) $(MAKESILENT) -f test/CMakeFiles/ut_aos_process.dir/build.make test/CMakeFiles/ut_aos_process.dir/build -.PHONY : ut_aos_process/fast - -#============================================================================= -# Target rules for targets named ut_crypto - -# Build rule for target. -ut_crypto: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ut_crypto -.PHONY : ut_crypto - -# fast build rule for target. -ut_crypto/fast: - $(MAKE) $(MAKESILENT) -f test/CMakeFiles/ut_crypto.dir/build.make test/CMakeFiles/ut_crypto.dir/build -.PHONY : ut_crypto/fast - -#============================================================================= -# Target rules for targets named ut_crypto_config - -# Build rule for target. -ut_crypto_config: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ut_crypto_config -.PHONY : ut_crypto_config - -# fast build rule for target. -ut_crypto_config/fast: - $(MAKE) $(MAKESILENT) -f test/CMakeFiles/ut_crypto_config.dir/build.make test/CMakeFiles/ut_crypto_config.dir/build -.PHONY : ut_crypto_config/fast - -#============================================================================= -# Target rules for targets named ut_crypto_mc - -# Build rule for target. -ut_crypto_mc: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ut_crypto_mc -.PHONY : ut_crypto_mc - -# fast build rule for target. -ut_crypto_mc/fast: - $(MAKE) $(MAKESILENT) -f test/CMakeFiles/ut_crypto_mc.dir/build.make test/CMakeFiles/ut_crypto_mc.dir/build -.PHONY : ut_crypto_mc/fast - -#============================================================================= -# Target rules for targets named ut_mysql_m_tls_connection - -# Build rule for target. -ut_mysql_m_tls_connection: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ut_mysql_m_tls_connection -.PHONY : ut_mysql_m_tls_connection - -# fast build rule for target. -ut_mysql_m_tls_connection/fast: - $(MAKE) $(MAKESILENT) -f test/CMakeFiles/ut_mysql_m_tls_connection.dir/build.make test/CMakeFiles/ut_mysql_m_tls_connection.dir/build -.PHONY : ut_mysql_m_tls_connection/fast - -#============================================================================= -# Target rules for targets named ut_mysql_tls_connection - -# Build rule for target. -ut_mysql_tls_connection: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ut_mysql_tls_connection -.PHONY : ut_mysql_tls_connection - -# fast build rule for target. -ut_mysql_tls_connection/fast: - $(MAKE) $(MAKESILENT) -f test/CMakeFiles/ut_mysql_tls_connection.dir/build.make test/CMakeFiles/ut_mysql_tls_connection.dir/build -.PHONY : ut_mysql_tls_connection/fast - -#============================================================================= -# Target rules for targets named ut_sa_save - -# Build rule for target. -ut_sa_save: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ut_sa_save -.PHONY : ut_sa_save - -# fast build rule for target. -ut_sa_save/fast: - $(MAKE) $(MAKESILENT) -f test/CMakeFiles/ut_sa_save.dir/build.make test/CMakeFiles/ut_sa_save.dir/build -.PHONY : ut_sa_save/fast - -#============================================================================= -# Target rules for targets named ut_sadb_err_cases_kmc_crypto - -# Build rule for target. -ut_sadb_err_cases_kmc_crypto: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ut_sadb_err_cases_kmc_crypto -.PHONY : ut_sadb_err_cases_kmc_crypto - -# fast build rule for target. -ut_sadb_err_cases_kmc_crypto/fast: - $(MAKE) $(MAKESILENT) -f test/CMakeFiles/ut_sadb_err_cases_kmc_crypto.dir/build.make test/CMakeFiles/ut_sadb_err_cases_kmc_crypto.dir/build -.PHONY : ut_sadb_err_cases_kmc_crypto/fast - -#============================================================================= -# Target rules for targets named ut_tc_apply - -# Build rule for target. -ut_tc_apply: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ut_tc_apply -.PHONY : ut_tc_apply - -# fast build rule for target. -ut_tc_apply/fast: - $(MAKE) $(MAKESILENT) -f test/CMakeFiles/ut_tc_apply.dir/build.make test/CMakeFiles/ut_tc_apply.dir/build -.PHONY : ut_tc_apply/fast - -#============================================================================= -# Target rules for targets named ut_tc_process - -# Build rule for target. -ut_tc_process: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ut_tc_process -.PHONY : ut_tc_process - -# fast build rule for target. -ut_tc_process/fast: - $(MAKE) $(MAKESILENT) -f test/CMakeFiles/ut_tc_process.dir/build.make test/CMakeFiles/ut_tc_process.dir/build -.PHONY : ut_tc_process/fast - -#============================================================================= -# Target rules for targets named ut_tm_apply - -# Build rule for target. -ut_tm_apply: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ut_tm_apply -.PHONY : ut_tm_apply - -# fast build rule for target. -ut_tm_apply/fast: - $(MAKE) $(MAKESILENT) -f test/CMakeFiles/ut_tm_apply.dir/build.make test/CMakeFiles/ut_tm_apply.dir/build -.PHONY : ut_tm_apply/fast - -#============================================================================= -# Target rules for targets named ut_tm_process - -# Build rule for target. -ut_tm_process: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 ut_tm_process -.PHONY : ut_tm_process - -# fast build rule for target. -ut_tm_process/fast: - $(MAKE) $(MAKESILENT) -f test/CMakeFiles/ut_tm_process.dir/build.make test/CMakeFiles/ut_tm_process.dir/build -.PHONY : ut_tm_process/fast - -#============================================================================= -# Target rules for targets named gcov - -# Build rule for target. -gcov: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 gcov -.PHONY : gcov - -# fast build rule for target. -gcov/fast: - $(MAKE) $(MAKESILENT) -f test/CMakeFiles/gcov.dir/build.make test/CMakeFiles/gcov.dir/build -.PHONY : gcov/fast - -#============================================================================= -# Target rules for targets named scrub - -# Build rule for target. -scrub: cmake_check_build_system - $(MAKE) $(MAKESILENT) -f CMakeFiles/Makefile2 scrub -.PHONY : scrub - -# fast build rule for target. -scrub/fast: - $(MAKE) $(MAKESILENT) -f test/CMakeFiles/scrub.dir/build.make test/CMakeFiles/scrub.dir/build -.PHONY : scrub/fast - -# Help Target -help: - @echo "The following are some of the valid targets for this Makefile:" - @echo "... all (the default if no target is provided)" - @echo "... clean" - @echo "... depend" - @echo "... edit_cache" - @echo "... install" - @echo "... install/local" - @echo "... install/strip" - @echo "... list_install_components" - @echo "... rebuild_cache" - @echo "... test" - @echo "... Continuous" - @echo "... ContinuousBuild" - @echo "... ContinuousConfigure" - @echo "... ContinuousCoverage" - @echo "... ContinuousMemCheck" - @echo "... ContinuousStart" - @echo "... ContinuousSubmit" - @echo "... ContinuousTest" - @echo "... ContinuousUpdate" - @echo "... Experimental" - @echo "... ExperimentalBuild" - @echo "... ExperimentalConfigure" - @echo "... ExperimentalCoverage" - @echo "... ExperimentalMemCheck" - @echo "... ExperimentalStart" - @echo "... ExperimentalSubmit" - @echo "... ExperimentalTest" - @echo "... ExperimentalUpdate" - @echo "... Nightly" - @echo "... NightlyBuild" - @echo "... NightlyConfigure" - @echo "... NightlyCoverage" - @echo "... NightlyMemCheck" - @echo "... NightlyMemoryCheck" - @echo "... NightlyStart" - @echo "... NightlySubmit" - @echo "... NightlyTest" - @echo "... NightlyUpdate" - @echo "... gcov" - @echo "... scrub" - @echo "... crypto" - @echo "... et_dt_validation" - @echo "... ut_aes_gcm_siv" - @echo "... ut_aos_apply" - @echo "... ut_aos_process" - @echo "... ut_crypto" - @echo "... ut_crypto_config" - @echo "... ut_crypto_mc" - @echo "... ut_mysql_m_tls_connection" - @echo "... ut_mysql_tls_connection" - @echo "... ut_sa_save" - @echo "... ut_sadb_err_cases_kmc_crypto" - @echo "... ut_tc_apply" - @echo "... ut_tc_process" - @echo "... ut_tm_apply" - @echo "... ut_tm_process" -.PHONY : help - + rm -rf ./build +debug: + ./support/scripts/docker_debug.sh -#============================================================================= -# Special targets to cleanup operation of make. +internal: + ./support/scripts/internal_docker_build.sh -# Special rule to run CMake to check the build system integrity. -# No rule that depends on this can have commands that come from listfiles -# because they might be regenerated. -cmake_check_build_system: - $(CMAKE_COMMAND) -S$(CMAKE_SOURCE_DIR) -B$(CMAKE_BINARY_DIR) --check-build-system CMakeFiles/Makefile.cmake 0 -.PHONY : cmake_check_build_system +kmc: + ./support/scripts/kmc_docker_build.sh +wolf: + ./support/scripts/wolf_docker_build.sh From a458550bdeff22175ff4ce5a5aea793a0b9fa868 Mon Sep 17 00:00:00 2001 From: Donnie-Ice Date: Tue, 27 Aug 2024 20:04:41 +0000 Subject: [PATCH 110/174] [nasa/cryptolib#283] Unit Test for Non-Operational SA --- test/unit/ut_tc_process.c | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/test/unit/ut_tc_process.c b/test/unit/ut_tc_process.c index 139bf6fa..037595bc 100644 --- a/test/unit/ut_tc_process.c +++ b/test/unit/ut_tc_process.c @@ -1059,4 +1059,41 @@ UTEST(TC_PROCESS, TC_SA_SEGFAULT_TEST) Crypto_Shutdown(); } +UTEST(TC_PROCESS, TC_SA_NOT_OPERATIONAL) +{ + // Local Variables + int32_t status = CRYPTO_LIB_SUCCESS; + + // Configure Parameters + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, + TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + // AOS Tests + //Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_OCF_NA, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + GvcidManagedParameters_t AOS_Managed_Parameters = {0, 0x0003, 0, TC_NO_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_NO_SEGMENT_HDRS, 1024, TC_OCF_NA, 1}; + Crypto_Config_Add_Gvcid_Managed_Parameters(AOS_Managed_Parameters); + + status = Crypto_Init(); + + TC_t* tc_sdls_processed_frame; + tc_sdls_processed_frame = malloc(sizeof(uint8_t) * TC_SIZE); + memset(tc_sdls_processed_frame, 0, (sizeof(uint8_t) * TC_SIZE)); + + // Test frame setup + char* test_frame_pt_h = "2003000C00002C414243444546"; + uint8_t *test_frame_pt_b = NULL; + int test_frame_pt_len = 0; + + // Convert input test frame + hex_conversion(test_frame_pt_h, (char**) &test_frame_pt_b, &test_frame_pt_len); + + status = Crypto_TC_ProcessSecurity(test_frame_pt_b, &test_frame_pt_len, tc_sdls_processed_frame); + + ASSERT_EQ(CRYPTO_LIB_ERR_SA_NOT_OPERATIONAL, status); + free(test_frame_pt_b); + free(tc_sdls_processed_frame); + Crypto_Shutdown(); +} + UTEST_MAIN(); From d8252c6f2638f308c980741f731a47b73b42a8f2 Mon Sep 17 00:00:00 2001 From: Donnie-Ice Date: Tue, 27 Aug 2024 20:19:19 +0000 Subject: [PATCH 111/174] [nasa/cryptolib#283] Added error enum for non-operational SA --- include/crypto_error.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/crypto_error.h b/include/crypto_error.h index c4d46652..a1f919af 100644 --- a/include/crypto_error.h +++ b/include/crypto_error.h @@ -126,6 +126,7 @@ #define CRYPTO_LIB_ERR_EXCEEDS_MANAGED_PARAMETER_MAX_LIMIT (-54) #define CRYPTO_LIB_ERR_KEY_VALIDATION (-55) #define CRYPTO_LIB_ERR_SPI_INDEX_OOB (-56) +#define CRYPTO_LIB_ERR_SA_NOT_OPERATIONAL (-57) extern char *crypto_enum_errlist_core[]; extern char *crypto_enum_errlist_config[]; From 0839da9e85c9bed0b09d26ba41b85ce11721cd20 Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 28 Aug 2024 18:19:17 +0000 Subject: [PATCH 112/174] [nasa/Cryptolib#274] Update Typo for 1.3.1 Release --- CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index f53101a7..a408afb8 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -50,7 +50,7 @@ option(MC_CUSTOM_PATH "Custom Monitoring and Control path" OFF) option(MC_DISABLED "Monitoring and Control - Disabled" OFF) option(MC_INTERNAL "Monitoring and Control - Internal" ON) option(SA_CUSTOM "Security Association - Custom" OFF) -option(SA_CUSTOM_PATH "Custion Security Association Path" OFF) +option(SA_CUSTOM_PATH "Custom Security Association Path" OFF) option(SA_INTERNAL "Security Association - Internal" ON) option(SA_MARIADB "Security Association - MariaDB" OFF) option(SUPPORT "Support" OFF) From 94e2055d2816459dbc33e25ff1d5365e50d6a2b2 Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 28 Aug 2024 18:21:40 +0000 Subject: [PATCH 113/174] [nasa/Cryptolib#274 Add Define for GVCID Managed Parameters array size --- include/crypto_config.h | 2 ++ src/core/crypto_config.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/include/crypto_config.h b/include/crypto_config.h index 7ae23b8a..ac09c723 100644 --- a/include/crypto_config.h +++ b/include/crypto_config.h @@ -56,6 +56,8 @@ #define RESET #endif +// Managed Parameters Size +#define GVCID_MAN_PARAM_SIZE 250 // Max Frame Size #define TC_MAX_FRAME_SIZE 1024 diff --git a/src/core/crypto_config.c b/src/core/crypto_config.c index aeae80b4..c2c02f48 100644 --- a/src/core/crypto_config.c +++ b/src/core/crypto_config.c @@ -37,7 +37,7 @@ CryptoConfig_t crypto_config; CryptographyKmcCryptoServiceConfig_t* cryptography_kmc_crypto_config = NULL; CamConfig_t* cam_config = NULL; -GvcidManagedParameters_t gvcid_managed_parameters_array[250]; //Arbitrary 250 for now. +GvcidManagedParameters_t gvcid_managed_parameters_array[GVCID_MAN_PARAM_SIZE]; int gvcid_counter = 0; GvcidManagedParameters_t gvcid_null_struct = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; GvcidManagedParameters_t current_managed_parameters_struct = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; From 3f515f6b410510dbf5548ca282de4414f1a98982 Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 28 Aug 2024 18:23:58 +0000 Subject: [PATCH 114/174] [nasa/Cryptolib#274 Add Define for GVCID Managed Parameters array size --- src/core/crypto_config.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core/crypto_config.c b/src/core/crypto_config.c index c2c02f48..ceee50d7 100644 --- a/src/core/crypto_config.c +++ b/src/core/crypto_config.c @@ -532,7 +532,7 @@ int32_t Crypto_Config_Cam(uint8_t cam_enabled, char* cookie_file_path, char* key int32_t Crypto_Config_Add_Gvcid_Managed_Parameters(GvcidManagedParameters_t gvcid_managed_parameters_struct) { int32_t status = CRYPTO_LIB_SUCCESS; - if (gvcid_counter > 250) + if (gvcid_counter > GVCID_MAN_PARAM_SIZE) { status = CRYPTO_LIB_ERR_EXCEEDS_MANAGED_PARAMETER_MAX_LIMIT; } From c2b47e3360514ef5323d3cbf7fc7f9db3e9a4aff Mon Sep 17 00:00:00 2001 From: Donnie-Ice Date: Wed, 28 Aug 2024 19:17:49 +0000 Subject: [PATCH 115/174] [nasa/cryptolib#283] Added SA_OPERATIONAL checkc --- src/core/crypto_tc.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/core/crypto_tc.c b/src/core/crypto_tc.c index 9cec1dbb..fce88b93 100644 --- a/src/core/crypto_tc.c +++ b/src/core/crypto_tc.c @@ -1977,6 +1977,10 @@ uint8_t* Crypto_Prepare_TC_AAD(uint8_t* buffer, uint16_t len_aad, uint8_t* abm_b **/ static int32_t crypto_tc_validate_sa(SecurityAssociation_t* sa) { + if (sa->sa_state != SA_OPERATIONAL) + { + return CRYPTO_LIB_ERR_SA_NOT_OPERATIONAL; + } if (sa->shivf_len > 0 && crypto_config.iv_type == IV_CRYPTO_MODULE && crypto_config.cryptography_type != CRYPTOGRAPHY_TYPE_KMCCRYPTO) { return CRYPTO_LIB_ERR_NULL_IV; From 39f6d6bd7c99f303028b033d0f5b5e5c867f4cd2 Mon Sep 17 00:00:00 2001 From: Donnie-Ice Date: Wed, 4 Sep 2024 16:16:12 +0000 Subject: [PATCH 116/174] [nasa/cryptolib#287] Add codeql workflow --- .github/workflows/codeql.yml | 87 ++++++++++++++++++++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 00000000..093a2140 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,87 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL Advanced" + +on: + push: + branches: [ main, dev, 287-consider-open-source-code-scanner-extensions-and-update-codecov ] + pull_request: + branches: [ main, dev ] + +jobs: + analyze: + name: Analyze (${{ matrix.language }}) + # Runner size impacts CodeQL analysis time. To learn more, please see: + # - https://gh.io/recommended-hardware-resources-for-running-codeql + # - https://gh.io/supported-runners-and-hardware-resources + # - https://gh.io/using-larger-runners (GitHub.com only) + # Consider using larger runners or machines with greater resources for possible analysis time improvements. + runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} + permissions: + # required for all workflows + security-events: write + + # required to fetch internal or private CodeQL packs + packages: read + + # only required for workflows in private repositories + actions: read + contents: read + + strategy: + fail-fast: false + matrix: + include: + - language: c-cpp + build-mode: autobuild + - language: python + build-mode: none + # CodeQL supports the following values keywords for 'language': 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift' + # Use `c-cpp` to analyze code written in C, C++ or both + # Use 'java-kotlin' to analyze code written in Java, Kotlin or both + # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both + # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis, + # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning. + # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how + # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + build-mode: ${{ matrix.build-mode }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + + # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs + # queries: security-extended,security-and-quality + + # If the analyze step fails for one of the languages you are analyzing with + # "We were unable to automatically build your code", modify the matrix above + # to set the build mode to "manual" for that language. Then modify this step + # to build your code. + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun + - if: matrix.build-mode == 'manual' + shell: bash + run: | + bash ${GITHUB_WORKSPACE}/support/scripts/build_internal.sh + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:${{matrix.language}}" From c7282f810ac8d2c08c56b6256cfb4dc37aba42b0 Mon Sep 17 00:00:00 2001 From: Donnie-Ice Date: Wed, 4 Sep 2024 16:32:57 +0000 Subject: [PATCH 117/174] [nasa/cryptolib#287] Modify codeql workflow --- .github/workflows/codeql.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 093a2140..6ea70f0a 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -42,7 +42,7 @@ jobs: matrix: include: - language: c-cpp - build-mode: autobuild + build-mode: manual - language: python build-mode: none # CodeQL supports the following values keywords for 'language': 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift' @@ -79,7 +79,7 @@ jobs: - if: matrix.build-mode == 'manual' shell: bash run: | - bash ${GITHUB_WORKSPACE}/support/scripts/build_internal.sh + bash ${GITHUB_WORKSPACE}/support/scripts/internal_docker_build.sh - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 From aecee697aa5bf000199b35b73a0a8c081410eab6 Mon Sep 17 00:00:00 2001 From: Donnie-Ice Date: Wed, 4 Sep 2024 17:40:54 +0000 Subject: [PATCH 118/174] [nasa/cryptolib#287] Modify codeql workflow --- .github/workflows/codeql.yml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 6ea70f0a..3e0089f7 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -79,6 +79,23 @@ jobs: - if: matrix.build-mode == 'manual' shell: bash run: | + sudo apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat python3 + sudo pip install pycryptodome + curl \ + -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 \ + -o /tmp/libgpg-error-1.50.tar.bz2 \ + && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ \ + && cd /tmp/libgpg-error-1.50 \ + && sudo ./configure \ + && sudo make install \ + && curl \ + -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 \ + -o /tmp/libgcrypt-1.11.0.tar.bz2 \ + && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ \ + && cd /tmp/libgcrypt-1.11.0 \ + && sudo ./configure \ + && sudo make install \ + && sudo ldconfig bash ${GITHUB_WORKSPACE}/support/scripts/internal_docker_build.sh - name: Perform CodeQL Analysis From 639f3aa00e3e2df3fa8bc2ec9812649c75edff53 Mon Sep 17 00:00:00 2001 From: Donnie-Ice Date: Wed, 4 Sep 2024 17:45:50 +0000 Subject: [PATCH 119/174] [nasa/cryptolib#287] Modify codeql workflow --- .github/workflows/codeql.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 3e0089f7..1108c360 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -13,7 +13,7 @@ name: "CodeQL Advanced" on: push: - branches: [ main, dev, 287-consider-open-source-code-scanner-extensions-and-update-codecov ] + branches: [ main, dev, 287-consider-open-source-code-scanner-extensions-and-update-codecov] pull_request: branches: [ main, dev ] @@ -96,7 +96,7 @@ jobs: && sudo ./configure \ && sudo make install \ && sudo ldconfig - bash ${GITHUB_WORKSPACE}/support/scripts/internal_docker_build.sh + bash ${GITHUB_WORKSPACE}/support/scripts/build_internal.sh - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 From 70de9f84c68e2f7e33bcd09f20858efe7054e717 Mon Sep 17 00:00:00 2001 From: Donnie-Ice Date: Wed, 4 Sep 2024 17:58:33 +0000 Subject: [PATCH 120/174] [nasa/cryptolib#289] Fix NULL Dereference --- src/sa/internal/sa_interface_inmemory.template.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/sa/internal/sa_interface_inmemory.template.c b/src/sa/internal/sa_interface_inmemory.template.c index b10979b0..88150593 100644 --- a/src/sa/internal/sa_interface_inmemory.template.c +++ b/src/sa/internal/sa_interface_inmemory.template.c @@ -903,31 +903,31 @@ int32_t sa_get_operational_sa_from_gvcid_generate_error(int32_t* status, uint8_t // ordering so the 'most accurate' SA's error is returned // (determined by matching header fields L to R) sa_mismatched_tfvn_error(&i, status, tfvn, scid, vcid, mapid); - if(status != CRYPTO_LIB_SUCCESS) + if(*status != CRYPTO_LIB_SUCCESS) { sa_debug_block(tfvn, scid, vcid, mapid); return *status; } sa_mismatched_scid(&i, status, tfvn, scid, vcid, mapid); - if(status != CRYPTO_LIB_SUCCESS) + if(*status != CRYPTO_LIB_SUCCESS) { sa_debug_block(tfvn, scid, vcid, mapid); return *status; } sa_mismatched_vcid(&i, status, tfvn, scid, vcid, mapid); - if(status != CRYPTO_LIB_SUCCESS) + if(*status != CRYPTO_LIB_SUCCESS) { sa_debug_block(tfvn, scid, vcid, mapid); return *status; } sa_mismatched_mapid(&i, status, tfvn, scid, vcid, mapid); - if(status != CRYPTO_LIB_SUCCESS) + if(*status != CRYPTO_LIB_SUCCESS) { sa_debug_block(tfvn, scid, vcid, mapid); return *status; } sa_non_operational_sa(&i, status, tfvn, scid, vcid, mapid); - if(status != CRYPTO_LIB_SUCCESS) + if(*status != CRYPTO_LIB_SUCCESS) { sa_debug_block(tfvn, scid, vcid, mapid); return *status; From 31bf6eb33f9fec9c96f11187413ff1ef7f3f7d9d Mon Sep 17 00:00:00 2001 From: Donnie-Ice Date: Wed, 4 Sep 2024 18:08:53 +0000 Subject: [PATCH 121/174] [nasa/cryptolib#287] Modify codeql workflow --- .github/workflows/codeql.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 1108c360..1e5fc93c 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -12,8 +12,6 @@ name: "CodeQL Advanced" on: - push: - branches: [ main, dev, 287-consider-open-source-code-scanner-extensions-and-update-codecov] pull_request: branches: [ main, dev ] From cea1f3066e19b7551872e43dc69ff7633679e6ed Mon Sep 17 00:00:00 2001 From: Donnie-Ice Date: Thu, 5 Sep 2024 14:03:54 +0000 Subject: [PATCH 122/174] [nasa/cryptolib#291] Incorporate CodeQL into build.yml --- .github/workflows/build.yml | 23 +++++++---------------- .github/workflows/codeql.yml | 13 +++---------- 2 files changed, 10 insertions(+), 26 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 40db2fc8..9c5cfdf2 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -2,7 +2,7 @@ name: CryptoLib on: push: - branches: [ main, dev ] + branches: [ main, dev, 291-apply-codeql-workflow-to-all-builds ] pull_request: branches: [ main, dev ] @@ -60,27 +60,18 @@ jobs: run: sudo pip install pycryptodome - name: Install Libgcrypt run: > - curl - -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 - -o /tmp/libgpg-error-1.50.tar.bz2 - && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ - && cd /tmp/libgpg-error-1.50 - && sudo ./configure - && sudo make install - && curl - -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 - -o /tmp/libgcrypt-1.11.0.tar.bz2 - && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ - && cd /tmp/libgcrypt-1.11.0 - && sudo ./configure - && sudo make install - && sudo ldconfig + ansible-playbook ${GITHUB_WORKSPACE}/.github/workflows/codeql.yml # End Container Setup - name: Internal Build Script working-directory: ${{github.workspace}} run: bash ${GITHUB_WORKSPACE}/support/scripts/build_internal.sh + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:c-cpp" + - name: Code-Coverage working-directory: ${{github.workspace}} run: make gcov diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 1e5fc93c..2f414363 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -11,9 +11,9 @@ # name: "CodeQL Advanced" -on: - pull_request: - branches: [ main, dev ] +# on: +# pull_request: +# branches: [ main, dev ] jobs: analyze: @@ -77,8 +77,6 @@ jobs: - if: matrix.build-mode == 'manual' shell: bash run: | - sudo apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat python3 - sudo pip install pycryptodome curl \ -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 \ -o /tmp/libgpg-error-1.50.tar.bz2 \ @@ -94,9 +92,4 @@ jobs: && sudo ./configure \ && sudo make install \ && sudo ldconfig - bash ${GITHUB_WORKSPACE}/support/scripts/build_internal.sh - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 - with: - category: "/language:${{matrix.language}}" From eea216467bc1407844ca00028938728b70e3061d Mon Sep 17 00:00:00 2001 From: Donnie-Ice Date: Thu, 5 Sep 2024 14:18:34 +0000 Subject: [PATCH 123/174] [nasa/cryptolib#291] Incorporate CodeQL into build.yml - 2 --- .github/workflows/codeql.yml | 165 +++++++++++++++++------------------ 1 file changed, 81 insertions(+), 84 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 2f414363..9c7eab34 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -9,87 +9,84 @@ # the `language` matrix defined below to confirm you have the correct set of # supported CodeQL languages. # -name: "CodeQL Advanced" - -# on: -# pull_request: -# branches: [ main, dev ] - -jobs: - analyze: - name: Analyze (${{ matrix.language }}) - # Runner size impacts CodeQL analysis time. To learn more, please see: - # - https://gh.io/recommended-hardware-resources-for-running-codeql - # - https://gh.io/supported-runners-and-hardware-resources - # - https://gh.io/using-larger-runners (GitHub.com only) - # Consider using larger runners or machines with greater resources for possible analysis time improvements. - runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} - permissions: - # required for all workflows - security-events: write - - # required to fetch internal or private CodeQL packs - packages: read - - # only required for workflows in private repositories - actions: read - contents: read - - strategy: - fail-fast: false - matrix: - include: - - language: c-cpp - build-mode: manual - - language: python - build-mode: none - # CodeQL supports the following values keywords for 'language': 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift' - # Use `c-cpp` to analyze code written in C, C++ or both - # Use 'java-kotlin' to analyze code written in Java, Kotlin or both - # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both - # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis, - # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning. - # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how - # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v3 - with: - languages: ${{ matrix.language }} - build-mode: ${{ matrix.build-mode }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - - # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs - # queries: security-extended,security-and-quality - - # If the analyze step fails for one of the languages you are analyzing with - # "We were unable to automatically build your code", modify the matrix above - # to set the build mode to "manual" for that language. Then modify this step - # to build your code. - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun - - if: matrix.build-mode == 'manual' - shell: bash - run: | - curl \ - -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 \ - -o /tmp/libgpg-error-1.50.tar.bz2 \ - && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ \ - && cd /tmp/libgpg-error-1.50 \ - && sudo ./configure \ - && sudo make install \ - && curl \ - -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 \ - -o /tmp/libgcrypt-1.11.0.tar.bz2 \ - && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ \ - && cd /tmp/libgcrypt-1.11.0 \ - && sudo ./configure \ - && sudo make install \ - && sudo ldconfig - +--- +- name: "CodeQL Advanced" + tasks: + - analyze: + name: Analyze (${{ matrix.language }}) + # Runner size impacts CodeQL analysis time. To learn more, please see: + # - https://gh.io/recommended-hardware-resources-for-running-codeql + # - https://gh.io/supported-runners-and-hardware-resources + # - https://gh.io/using-larger-runners (GitHub.com only) + # Consider using larger runners or machines with greater resources for possible analysis time improvements. + runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} + permissions: + # required for all workflows + security-events: write + + # required to fetch internal or private CodeQL packs + packages: read + + # only required for workflows in private repositories + actions: read + contents: read + + strategy: + fail-fast: false + matrix: + include: + - language: c-cpp + build-mode: manual + - language: python + build-mode: none + # CodeQL supports the following values keywords for 'language': 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift' + # Use `c-cpp` to analyze code written in C, C++ or both + # Use 'java-kotlin' to analyze code written in Java, Kotlin or both + # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both + # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis, + # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning. + # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how + # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + build-mode: ${{ matrix.build-mode }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + + # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs + # queries: security-extended,security-and-quality + + # If the analyze step fails for one of the languages you are analyzing with + # "We were unable to automatically build your code", modify the matrix above + # to set the build mode to "manual" for that language. Then modify this step + # to build your code. + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun + - if: matrix.build-mode == 'manual' + shell: bash + run: | + curl \ + -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 \ + -o /tmp/libgpg-error-1.50.tar.bz2 \ + && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ \ + && cd /tmp/libgpg-error-1.50 \ + && sudo ./configure \ + && sudo make install \ + && curl \ + -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 \ + -o /tmp/libgcrypt-1.11.0.tar.bz2 \ + && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ \ + && cd /tmp/libgcrypt-1.11.0 \ + && sudo ./configure \ + && sudo make install \ + && sudo ldconfig + + \ No newline at end of file From 016a1b3ff53a07dc59ac8fd0b27f148d4d9ac7ae Mon Sep 17 00:00:00 2001 From: Donnie-Ice Date: Thu, 5 Sep 2024 14:22:31 +0000 Subject: [PATCH 124/174] [nasa/cryptolib#291] Incorporate CodeQL into build.yml - 3 --- .github/workflows/build.yml | 2 +- {.github/workflows => support/scripts}/codeql.yml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) rename {.github/workflows => support/scripts}/codeql.yml (99%) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 9c5cfdf2..37e87902 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -60,7 +60,7 @@ jobs: run: sudo pip install pycryptodome - name: Install Libgcrypt run: > - ansible-playbook ${GITHUB_WORKSPACE}/.github/workflows/codeql.yml + ansible-playbook ${GITHUB_WORKSPACE}/support/scripts/codeql.yml # End Container Setup - name: Internal Build Script diff --git a/.github/workflows/codeql.yml b/support/scripts/codeql.yml similarity index 99% rename from .github/workflows/codeql.yml rename to support/scripts/codeql.yml index 9c7eab34..471ce658 100644 --- a/.github/workflows/codeql.yml +++ b/support/scripts/codeql.yml @@ -11,6 +11,7 @@ # --- - name: "CodeQL Advanced" + hosts: localhost tasks: - analyze: name: Analyze (${{ matrix.language }}) From 137c280830fd995bd7c3d2a9a29bc8337ad3e613 Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 11 Sep 2024 00:24:12 +0000 Subject: [PATCH 125/174] [nasa/Cryptolib#293] Update to CmakeLists.txt - Allows for more flexibility in Install Path --- src/CMakeLists.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 0445391d..a6138aae 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -128,8 +128,9 @@ endif() # Create the app module if(DEFINED CFE_SYSTEM_PSPNAME) - set(CMAKE_INSTALL_RPATH "${CMAKE_INSTALL_PREFIX}/cpu${TGTSYS_${SYSVAR}}/${INSTALL_SUBDIR}") + set(CMAKE_INSTALL_RPATH "./${INSTALL_SUBDIR}") add_cfe_app(crypto ${LIB_SRC_FILES}) + install(TARGETS crypto RUNTIME_DEPENDENCIES DESTINATION ${CMAKE_INSTALL_PREFIX}/${TGTSYS_${SYSVAR}}/${INSTALL_SUBDIR}) else() # Standalone build add_library(crypto SHARED ${LIB_SRC_FILES}) From 46e3f79f239467cec3bb03f0c8b1b68a75804f13 Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 11 Sep 2024 15:01:56 +0000 Subject: [PATCH 126/174] [nasa/Cryptolib#291] Testing CodeQL Refactor --- .github/workflows/build.yml | 2 +- .../scripts => .github/workflows}/codeql.yml | 48 +++++++++++-------- 2 files changed, 28 insertions(+), 22 deletions(-) rename {support/scripts => .github/workflows}/codeql.yml (81%) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 37e87902..85419de3 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -2,7 +2,7 @@ name: CryptoLib on: push: - branches: [ main, dev, 291-apply-codeql-workflow-to-all-builds ] + branches: [ main, dev ] pull_request: branches: [ main, dev ] diff --git a/support/scripts/codeql.yml b/.github/workflows/codeql.yml similarity index 81% rename from support/scripts/codeql.yml rename to .github/workflows/codeql.yml index 471ce658..ed53fed5 100644 --- a/support/scripts/codeql.yml +++ b/.github/workflows/codeql.yml @@ -10,17 +10,38 @@ # supported CodeQL languages. # --- -- name: "CodeQL Advanced" - hosts: localhost - tasks: - - analyze: +name: "CodeQL Advanced" +.dependency_template: &dependency_template + run: | + curl \ + -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 \ + -o /tmp/libgpg-error-1.50.tar.bz2 \ + && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ \ + && cd /tmp/libgpg-error-1.50 \ + && sudo ./configure \ + && sudo make install \ + && curl \ + -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 \ + -o /tmp/libgcrypt-1.11.0.tar.bz2 \ + && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ \ + && cd /tmp/libgcrypt-1.11.0 \ + && sudo ./configure \ + && sudo make install \ + && sudo ldconfig + && 'eval $BUILD_STRING' + + jobs: + - internal_build: + variables: + BUILD_STRING: &BUILD_STRING + name: Analyze (${{ matrix.language }}) # Runner size impacts CodeQL analysis time. To learn more, please see: # - https://gh.io/recommended-hardware-resources-for-running-codeql # - https://gh.io/supported-runners-and-hardware-resources # - https://gh.io/using-larger-runners (GitHub.com only) # Consider using larger runners or machines with greater resources for possible analysis time improvements. - runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} + runs-on: ubuntu-latest permissions: # required for all workflows security-events: write @@ -73,21 +94,6 @@ # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun - if: matrix.build-mode == 'manual' shell: bash - run: | - curl \ - -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 \ - -o /tmp/libgpg-error-1.50.tar.bz2 \ - && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ \ - && cd /tmp/libgpg-error-1.50 \ - && sudo ./configure \ - && sudo make install \ - && curl \ - -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 \ - -o /tmp/libgcrypt-1.11.0.tar.bz2 \ - && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ \ - && cd /tmp/libgcrypt-1.11.0 \ - && sudo ./configure \ - && sudo make install \ - && sudo ldconfig + <<: *dependency_template \ No newline at end of file From 9fdac611cd20a98cd394f6ec3c072532fba578b0 Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 11 Sep 2024 15:02:58 +0000 Subject: [PATCH 127/174] [nasa/Cryptolib#291] Testing CodeQL Refactor --- .github/workflows/codeql.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index ed53fed5..08bcb5a1 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -30,6 +30,12 @@ name: "CodeQL Advanced" && sudo ldconfig && 'eval $BUILD_STRING' +on: + push: + branches: [ main, dev, 291-apply-codeql-workflow-to-all-builds ] + pull_request: + branches: [ main, dev ] + jobs: - internal_build: variables: From 2dddc8ad0ca21c2804c79e68b5eef43892bd2ad5 Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 11 Sep 2024 15:04:05 +0000 Subject: [PATCH 128/174] [nasa/Cryptolib#291] Testing CodeQL Refactor --- .github/workflows/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 08bcb5a1..812d92f0 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -36,7 +36,7 @@ on: pull_request: branches: [ main, dev ] - jobs: +jobs: - internal_build: variables: BUILD_STRING: &BUILD_STRING From 36c99e089f276a6b027eb6b28e46f059266000e4 Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 11 Sep 2024 15:05:37 +0000 Subject: [PATCH 129/174] [nasa/Cryptolib#291] Testing CodeQL Refactor --- .github/workflows/codeql.yml | 126 +++++++++++++++++------------------ 1 file changed, 63 insertions(+), 63 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 812d92f0..c21bf4d2 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -37,69 +37,69 @@ on: branches: [ main, dev ] jobs: - - internal_build: - variables: - BUILD_STRING: &BUILD_STRING + internal_build: + variables: + BUILD_STRING: &BUILD_STRING - name: Analyze (${{ matrix.language }}) - # Runner size impacts CodeQL analysis time. To learn more, please see: - # - https://gh.io/recommended-hardware-resources-for-running-codeql - # - https://gh.io/supported-runners-and-hardware-resources - # - https://gh.io/using-larger-runners (GitHub.com only) - # Consider using larger runners or machines with greater resources for possible analysis time improvements. - runs-on: ubuntu-latest - permissions: - # required for all workflows - security-events: write - - # required to fetch internal or private CodeQL packs - packages: read - - # only required for workflows in private repositories - actions: read - contents: read - - strategy: - fail-fast: false - matrix: - include: - - language: c-cpp - build-mode: manual - - language: python - build-mode: none - # CodeQL supports the following values keywords for 'language': 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift' - # Use `c-cpp` to analyze code written in C, C++ or both - # Use 'java-kotlin' to analyze code written in Java, Kotlin or both - # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both - # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis, - # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning. - # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how - # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v3 - with: - languages: ${{ matrix.language }} - build-mode: ${{ matrix.build-mode }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - - # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs - # queries: security-extended,security-and-quality - - # If the analyze step fails for one of the languages you are analyzing with - # "We were unable to automatically build your code", modify the matrix above - # to set the build mode to "manual" for that language. Then modify this step - # to build your code. - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun - - if: matrix.build-mode == 'manual' - shell: bash - <<: *dependency_template + name: Analyze (${{ matrix.language }}) + # Runner size impacts CodeQL analysis time. To learn more, please see: + # - https://gh.io/recommended-hardware-resources-for-running-codeql + # - https://gh.io/supported-runners-and-hardware-resources + # - https://gh.io/using-larger-runners (GitHub.com only) + # Consider using larger runners or machines with greater resources for possible analysis time improvements. + runs-on: ubuntu-latest + permissions: + # required for all workflows + security-events: write + + # required to fetch internal or private CodeQL packs + packages: read + + # only required for workflows in private repositories + actions: read + contents: read + + strategy: + fail-fast: false + matrix: + include: + - language: c-cpp + build-mode: manual + - language: python + build-mode: none + # CodeQL supports the following values keywords for 'language': 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift' + # Use `c-cpp` to analyze code written in C, C++ or both + # Use 'java-kotlin' to analyze code written in Java, Kotlin or both + # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both + # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis, + # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning. + # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how + # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + build-mode: ${{ matrix.build-mode }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + + # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs + # queries: security-extended,security-and-quality + + # If the analyze step fails for one of the languages you are analyzing with + # "We were unable to automatically build your code", modify the matrix above + # to set the build mode to "manual" for that language. Then modify this step + # to build your code. + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun + - if: matrix.build-mode == 'manual' + shell: bash + <<: *dependency_template \ No newline at end of file From 70f4c273a0e3e0e6a71ee1ae9c3bd82030066c07 Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 11 Sep 2024 15:10:00 +0000 Subject: [PATCH 130/174] [nasa/Cryptolib#291] Testing CodeQL Refactor --- .github/workflows/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index c21bf4d2..8fcf8efa 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -11,7 +11,7 @@ # --- name: "CodeQL Advanced" -.dependency_template: &dependency_template +dependency_template: &dependency_template run: | curl \ -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 \ From 6b492d3e2e978fe883112820d23ecfbd3cd7cda1 Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 11 Sep 2024 15:14:17 +0000 Subject: [PATCH 131/174] [nasa/Cryptolib#291] Testing CodeQL Refactor --- .github/workflows/codeql.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 8fcf8efa..e05fdbb4 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -11,8 +11,8 @@ # --- name: "CodeQL Advanced" -dependency_template: &dependency_template - run: | +anchors: + dependency_template: &dependency_template | curl \ -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 \ -o /tmp/libgpg-error-1.50.tar.bz2 \ @@ -100,6 +100,6 @@ jobs: # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun - if: matrix.build-mode == 'manual' shell: bash - <<: *dependency_template + run: *dependency_template \ No newline at end of file From 218d7ea8f2b57ad606882ed8f8ca8278f52d890b Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 11 Sep 2024 15:19:10 +0000 Subject: [PATCH 132/174] [nasa/Cryptolib#291] Testing CodeQL Refactor --- .github/workflows/codeql.yml | 38 +++++++++++++++++------------------- 1 file changed, 18 insertions(+), 20 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index e05fdbb4..99bb25bc 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -11,24 +11,6 @@ # --- name: "CodeQL Advanced" -anchors: - dependency_template: &dependency_template | - curl \ - -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 \ - -o /tmp/libgpg-error-1.50.tar.bz2 \ - && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ \ - && cd /tmp/libgpg-error-1.50 \ - && sudo ./configure \ - && sudo make install \ - && curl \ - -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 \ - -o /tmp/libgcrypt-1.11.0.tar.bz2 \ - && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ \ - && cd /tmp/libgcrypt-1.11.0 \ - && sudo ./configure \ - && sudo make install \ - && sudo ldconfig - && 'eval $BUILD_STRING' on: push: @@ -39,7 +21,7 @@ on: jobs: internal_build: variables: - BUILD_STRING: &BUILD_STRING + BUILD_STRING: bash ${GITHUB_WORKSPACE}/support/scripts/build_internal.sh name: Analyze (${{ matrix.language }}) # Runner size impacts CodeQL analysis time. To learn more, please see: @@ -100,6 +82,22 @@ jobs: # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun - if: matrix.build-mode == 'manual' shell: bash - run: *dependency_template + run: | + curl \ + -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 \ + -o /tmp/libgpg-error-1.50.tar.bz2 \ + && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ \ + && cd /tmp/libgpg-error-1.50 \ + && sudo ./configure \ + && sudo make install \ + && curl \ + -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 \ + -o /tmp/libgcrypt-1.11.0.tar.bz2 \ + && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ \ + && cd /tmp/libgcrypt-1.11.0 \ + && sudo ./configure \ + && sudo make install \ + && sudo ldconfig + && 'eval $BUILD_STRING' \ No newline at end of file From c0edc9ee6ac3182bb9941aea7def667e0079b062 Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 11 Sep 2024 15:23:18 +0000 Subject: [PATCH 133/174] [nasa/Cryptolib#291] Testing CodeQL Refactor --- .github/workflows/codeql.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 99bb25bc..abbf3efb 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -20,9 +20,6 @@ on: jobs: internal_build: - variables: - BUILD_STRING: bash ${GITHUB_WORKSPACE}/support/scripts/build_internal.sh - name: Analyze (${{ matrix.language }}) # Runner size impacts CodeQL analysis time. To learn more, please see: # - https://gh.io/recommended-hardware-resources-for-running-codeql @@ -41,6 +38,10 @@ jobs: actions: read contents: read + env: + BUILD_STRING: bash ${GITHUB_WORKSPACE}/support/scripts/build_internal.sh + + strategy: fail-fast: false matrix: From c0740181654e7b8acf93663cd5eba4490a4518a7 Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 11 Sep 2024 15:25:33 +0000 Subject: [PATCH 134/174] [nasa/Cryptolib#291] Testing CodeQL Refactor --- .github/workflows/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index abbf3efb..07b1e0f1 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -98,7 +98,7 @@ jobs: && cd /tmp/libgcrypt-1.11.0 \ && sudo ./configure \ && sudo make install \ - && sudo ldconfig + && sudo ldconfig \ && 'eval $BUILD_STRING' \ No newline at end of file From 6baffeee2b60e5c83e53c74d47cfd5541deadd4c Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 11 Sep 2024 15:25:56 +0000 Subject: [PATCH 135/174] [nasa/Cryptolib#291] Testing CodeQL Refactor --- .github/workflows/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 07b1e0f1..b4c0ef24 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -20,7 +20,7 @@ on: jobs: internal_build: - name: Analyze (${{ matrix.language }}) + name: Analyze Build_Internal (cpp) # Runner size impacts CodeQL analysis time. To learn more, please see: # - https://gh.io/recommended-hardware-resources-for-running-codeql # - https://gh.io/supported-runners-and-hardware-resources From aae1fb25856cf00101dc33f640e76b9a6fef6fb6 Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 11 Sep 2024 15:29:00 +0000 Subject: [PATCH 136/174] [nasa/Cryptolib#291] Testing CodeQL Refactor --- .github/workflows/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index b4c0ef24..06a9412b 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -99,6 +99,6 @@ jobs: && sudo ./configure \ && sudo make install \ && sudo ldconfig \ - && 'eval $BUILD_STRING' + && $BUILD_STRING \ No newline at end of file From 0dbfe10f68affaf8b7d6c25c8f73d097becbfab4 Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 11 Sep 2024 15:32:39 +0000 Subject: [PATCH 137/174] [nasa/Cryptolib#291] Testing CodeQL Refactor --- .github/workflows/codeql.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 06a9412b..6b1a7d99 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -20,7 +20,7 @@ on: jobs: internal_build: - name: Analyze Build_Internal (cpp) + name: Analyze Build_Internal # Runner size impacts CodeQL analysis time. To learn more, please see: # - https://gh.io/recommended-hardware-resources-for-running-codeql # - https://gh.io/supported-runners-and-hardware-resources @@ -99,6 +99,7 @@ jobs: && sudo ./configure \ && sudo make install \ && sudo ldconfig \ + && pwd \ && $BUILD_STRING \ No newline at end of file From 09ae03fe73e317d7bd7dabab5da098e39783d752 Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 11 Sep 2024 15:36:47 +0000 Subject: [PATCH 138/174] [nasa/Cryptolib#291] Testing CodeQL Refactor --- .github/workflows/codeql.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 6b1a7d99..b739c6f4 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -39,7 +39,7 @@ jobs: contents: read env: - BUILD_STRING: bash ${GITHUB_WORKSPACE}/support/scripts/build_internal.sh + BUILD_STRING: ${GITHUB_WORKSPACE}/support/scripts/build_internal.sh strategy: @@ -98,8 +98,7 @@ jobs: && cd /tmp/libgcrypt-1.11.0 \ && sudo ./configure \ && sudo make install \ - && sudo ldconfig \ - && pwd \ - && $BUILD_STRING + && sudo ldconfig + bash $BUILD_STRING \ No newline at end of file From 8b93c270128441a5b17106b7926ec84bfdbb5d04 Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 11 Sep 2024 15:40:04 +0000 Subject: [PATCH 139/174] [nasa/Cryptolib#291] Testing CodeQL Refactor --- .github/workflows/codeql.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index b739c6f4..c8e6929e 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -39,7 +39,7 @@ jobs: contents: read env: - BUILD_STRING: ${GITHUB_WORKSPACE}/support/scripts/build_internal.sh + BUILD_STRING: build_internal.sh strategy: @@ -99,6 +99,6 @@ jobs: && sudo ./configure \ && sudo make install \ && sudo ldconfig - bash $BUILD_STRING + bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING \ No newline at end of file From 4cb6ee2fdfae43299074625b311d581c2c877584 Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 11 Sep 2024 15:45:40 +0000 Subject: [PATCH 140/174] [nasa/Cryptolib#291] Testing CodeQL Refactor --- .github/workflows/codeql.yml | 33 ++++++++++++++++++--------------- 1 file changed, 18 insertions(+), 15 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index c8e6929e..35f2f051 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -40,6 +40,22 @@ jobs: env: BUILD_STRING: build_internal.sh + BUILD_DEPENDENCIES: sudo apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat python3 && sudo pip install pycryptodome + BUILD_SETUP: curl \ + -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 \ + -o /tmp/libgpg-error-1.50.tar.bz2 \ + && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ \ + && cd /tmp/libgpg-error-1.50 \ + && sudo ./configure \ + && sudo make install \ + && curl \ + -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 \ + -o /tmp/libgcrypt-1.11.0.tar.bz2 \ + && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ \ + && cd /tmp/libgcrypt-1.11.0 \ + && sudo ./configure \ + && sudo make install \ + && sudo ldconfig strategy: @@ -84,21 +100,8 @@ jobs: - if: matrix.build-mode == 'manual' shell: bash run: | - curl \ - -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 \ - -o /tmp/libgpg-error-1.50.tar.bz2 \ - && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ \ - && cd /tmp/libgpg-error-1.50 \ - && sudo ./configure \ - && sudo make install \ - && curl \ - -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 \ - -o /tmp/libgcrypt-1.11.0.tar.bz2 \ - && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ \ - && cd /tmp/libgcrypt-1.11.0 \ - && sudo ./configure \ - && sudo make install \ - && sudo ldconfig + $BUILD_DEPENDENCIES + $BUILD_SETUP bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING \ No newline at end of file From 39222dd3828aec3f7af40809b966391fdbe14e3f Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 11 Sep 2024 15:46:59 +0000 Subject: [PATCH 141/174] [nasa/Cryptolib#291] Testing CodeQL Refactor --- .github/workflows/codeql.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 35f2f051..aa4d00b2 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -40,7 +40,8 @@ jobs: env: BUILD_STRING: build_internal.sh - BUILD_DEPENDENCIES: sudo apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat python3 && sudo pip install pycryptodome + BUILD_DEPENDENCIES: sudo apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat python3 + BUILD_PIP_DEPENDENCIES: sudo pip install pycryptodome BUILD_SETUP: curl \ -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 \ -o /tmp/libgpg-error-1.50.tar.bz2 \ @@ -101,6 +102,7 @@ jobs: shell: bash run: | $BUILD_DEPENDENCIES + $BUILD_PIP_DEPENDENCIES $BUILD_SETUP bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING From c87bd2f7c5bcfd86111ea668836a7e70dbec4b8c Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 11 Sep 2024 15:50:43 +0000 Subject: [PATCH 142/174] [nasa/Cryptolib#291] Testing CodeQL Refactor --- .github/workflows/codeql.yml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index aa4d00b2..f041e7cc 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -42,16 +42,12 @@ jobs: BUILD_STRING: build_internal.sh BUILD_DEPENDENCIES: sudo apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat python3 BUILD_PIP_DEPENDENCIES: sudo pip install pycryptodome - BUILD_SETUP: curl \ - -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 \ - -o /tmp/libgpg-error-1.50.tar.bz2 \ + BUILD_SETUP: curl -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 -o /tmp/libgpg-error-1.50.tar.bz2 \ && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ \ && cd /tmp/libgpg-error-1.50 \ && sudo ./configure \ && sudo make install \ - && curl \ - -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 \ - -o /tmp/libgcrypt-1.11.0.tar.bz2 \ + && curl -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 -o /tmp/libgcrypt-1.11.0.tar.bz2 \ && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ \ && cd /tmp/libgcrypt-1.11.0 \ && sudo ./configure \ From 12842cf78b1ed16afa76e0f9591557ec54937ae8 Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 11 Sep 2024 15:58:21 +0000 Subject: [PATCH 143/174] [nasa/Cryptolib#291] Testing CodeQL Refactor --- .github/workflows/codeql.yml | 34 ++++++++++++++++++++++------------ 1 file changed, 22 insertions(+), 12 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index f041e7cc..99796c9b 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -42,17 +42,17 @@ jobs: BUILD_STRING: build_internal.sh BUILD_DEPENDENCIES: sudo apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat python3 BUILD_PIP_DEPENDENCIES: sudo pip install pycryptodome - BUILD_SETUP: curl -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 -o /tmp/libgpg-error-1.50.tar.bz2 \ - && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ \ - && cd /tmp/libgpg-error-1.50 \ - && sudo ./configure \ - && sudo make install \ - && curl -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 -o /tmp/libgcrypt-1.11.0.tar.bz2 \ - && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ \ - && cd /tmp/libgcrypt-1.11.0 \ - && sudo ./configure \ - && sudo make install \ - && sudo ldconfig + # BUILD_SETUP: curl -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 -o /tmp/libgpg-error-1.50.tar.bz2 \ + # && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ \ + # && cd /tmp/libgpg-error-1.50 \ + # && sudo ./configure \ + # && sudo make install \ + # && curl -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 -o /tmp/libgcrypt-1.11.0.tar.bz2 \ + # && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ \ + # && cd /tmp/libgcrypt-1.11.0 \ + # && sudo ./configure \ + # && sudo make install \ + # && sudo ldconfig strategy: @@ -99,7 +99,17 @@ jobs: run: | $BUILD_DEPENDENCIES $BUILD_PIP_DEPENDENCIES - $BUILD_SETUP + curl -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 -o /tmp/libgpg-error-1.50.tar.bz2 \ + && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ \ + && cd /tmp/libgpg-error-1.50 \ + && sudo ./configure \ + && sudo make install \ + && curl -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 -o /tmp/libgcrypt-1.11.0.tar.bz2 \ + && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ \ + && cd /tmp/libgcrypt-1.11.0 \ + && sudo ./configure \ + && sudo make install \ + && sudo ldconfig bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING \ No newline at end of file From 2a474b89d9c2ae412d584084d7ec04452d9137c4 Mon Sep 17 00:00:00 2001 From: Hayk Arutyunyan Date: Wed, 11 Sep 2024 17:04:13 +0000 Subject: [PATCH 144/174] Restore submodule install functionality --- CMakeLists.txt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CMakeLists.txt b/CMakeLists.txt index a408afb8..ca5cc58f 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -142,6 +142,8 @@ if(SYSTEM_INSTALL) # The library will be installed to /usr/local unless overridden with # -DCMAKE_INSTALL_PREFIX=/some/path # See https://cmake.org/cmake/help/latest/variable/CMAKE_INSTALL_PREFIX.html +elseif(CRYPTO_SUBMODULE_INSTALL) + set(CMAKE_INSTALL_PREFIX ${CRYPTO_SUBMODULE_INSTALL}) elseif(NOT DEFINED CFE_SYSTEM_PSPNAME) # Not cFE / cFS set(CMAKE_INSTALL_RPATH "$ORIGIN/../lib") From 2df402bc3a2d73e3e2aaf2011bbc0c6e191096f7 Mon Sep 17 00:00:00 2001 From: Hayk Arutyunyan Date: Wed, 11 Sep 2024 17:05:03 +0000 Subject: [PATCH 145/174] Correct SQL directory name --- src/CMakeLists.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 0445391d..dc04265a 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -179,8 +179,8 @@ else() endif() if(SA_MARIADB) - file(GLOB MYSQL_SCRIPTS sa/sa_mariadb_sql/*.sql) - file(GLOB MYSQL_TEST_SCRIPTS sa/test_sa_mariadb_sql/*.sql) + file(GLOB MYSQL_SCRIPTS sa/sadb_mariadb_sql/*.sql) + file(GLOB MYSQL_TEST_SCRIPTS sa/test_sadb_mariadb_sql/*.sql) install(FILES ${MYSQL_SCRIPTS} DESTINATION ${CMAKE_INSTALL_PREFIX}/etc/sa_mariadb_sql) install(FILES ${MYSQL_TEST_SCRIPTS} From 7baa66252a22078a8450b826fb4a48b48458bfa9 Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 11 Sep 2024 17:59:41 +0000 Subject: [PATCH 146/174] [nasa/Cryptolib#296] Update Cryptostructs to exclude/include system libraries when KMC_CFFI_EXCLUDE is active --- include/crypto_structs.h | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/include/crypto_structs.h b/include/crypto_structs.h index 00654bb0..2ad442e2 100644 --- a/include/crypto_structs.h +++ b/include/crypto_structs.h @@ -20,17 +20,17 @@ #define CRYPTO_STRUCTS_H #include "crypto_config.h" -#include - -#ifdef NOS3 // NOS3/cFS build is ready -#include "common_types.h" -#else // Assume build outside of NOS3/cFS infrastructure -#include -#include -#ifndef KMC_CFFI_EXCLUDE // Exclude libraries that CFFI parser can’t process -#include -#endif -#endif + + #ifdef NOS3 // NOS3/cFS build is ready + #include "common_types.h" + #endif // Assume build outside of NOS3/cFS infrastructure + + #ifndef KMC_CFFI_EXCLUDE // Exclude libraries that CFFI parser can’t process + #include + #include + #include + #endif + /* ** Definitions From c04c861ff4042fcde1321af4e49a03d92b01c818 Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 11 Sep 2024 18:22:03 +0000 Subject: [PATCH 147/174] [nasa/Cryptolib#291] Testing CodeQL Refactor --- .github/workflows/codeql.yml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 99796c9b..bf8e0709 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -99,17 +99,17 @@ jobs: run: | $BUILD_DEPENDENCIES $BUILD_PIP_DEPENDENCIES - curl -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 -o /tmp/libgpg-error-1.50.tar.bz2 \ - && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ \ - && cd /tmp/libgpg-error-1.50 \ - && sudo ./configure \ - && sudo make install \ - && curl -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 -o /tmp/libgcrypt-1.11.0.tar.bz2 \ - && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ \ - && cd /tmp/libgcrypt-1.11.0 \ - && sudo ./configure \ - && sudo make install \ - && sudo ldconfig + curl -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 -o /tmp/libgpg-error-1.50.tar.bz2 + tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ + cd /tmp/libgpg-error-1.50 + sudo ./configure + sudo make install + curl -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 -o /tmp/libgcrypt-1.11.0.tar.bz2 + tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ + cd /tmp/libgcrypt-1.11.0 + sudo ./configure + sudo make install + sudo ldconfig bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING \ No newline at end of file From 6b09b74043a8f2bae0fad64ce40d5be45cb0e346 Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 11 Sep 2024 18:25:35 +0000 Subject: [PATCH 148/174] [nasa/Cryptolib#291] Testing CodeQL Refactor --- .github/workflows/codeql.yml | 38 +++++++++++++----------------------- 1 file changed, 14 insertions(+), 24 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index bf8e0709..ce5208a2 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -42,17 +42,17 @@ jobs: BUILD_STRING: build_internal.sh BUILD_DEPENDENCIES: sudo apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat python3 BUILD_PIP_DEPENDENCIES: sudo pip install pycryptodome - # BUILD_SETUP: curl -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 -o /tmp/libgpg-error-1.50.tar.bz2 \ - # && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ \ - # && cd /tmp/libgpg-error-1.50 \ - # && sudo ./configure \ - # && sudo make install \ - # && curl -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 -o /tmp/libgcrypt-1.11.0.tar.bz2 \ - # && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ \ - # && cd /tmp/libgcrypt-1.11.0 \ - # && sudo ./configure \ - # && sudo make install \ - # && sudo ldconfig + BUILD_SETUP: curl -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 -o /tmp/libgpg-error-1.50.tar.bz2 + tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ + cd /tmp/libgpg-error-1.50 + sudo ./configure + sudo make install + curl -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 -o /tmp/libgcrypt-1.11.0.tar.bz2 + tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ + cd /tmp/libgcrypt-1.11.0 + sudo ./configure + sudo make install + sudo ldconfig strategy: @@ -61,8 +61,8 @@ jobs: include: - language: c-cpp build-mode: manual - - language: python - build-mode: none + # - language: python + # build-mode: none # CodeQL supports the following values keywords for 'language': 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift' # Use `c-cpp` to analyze code written in C, C++ or both # Use 'java-kotlin' to analyze code written in Java, Kotlin or both @@ -99,17 +99,7 @@ jobs: run: | $BUILD_DEPENDENCIES $BUILD_PIP_DEPENDENCIES - curl -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 -o /tmp/libgpg-error-1.50.tar.bz2 - tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ - cd /tmp/libgpg-error-1.50 - sudo ./configure - sudo make install - curl -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 -o /tmp/libgcrypt-1.11.0.tar.bz2 - tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ - cd /tmp/libgcrypt-1.11.0 - sudo ./configure - sudo make install - sudo ldconfig + $BUILD_SETUP bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING \ No newline at end of file From 69ed54bab951b5b4a4c7ca171185d53acbd8470e Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 11 Sep 2024 18:28:22 +0000 Subject: [PATCH 149/174] [nasa/Cryptolib#291] Testing CodeQL Refactor --- .github/workflows/codeql.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index ce5208a2..305ec3c1 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -42,7 +42,8 @@ jobs: BUILD_STRING: build_internal.sh BUILD_DEPENDENCIES: sudo apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat python3 BUILD_PIP_DEPENDENCIES: sudo pip install pycryptodome - BUILD_SETUP: curl -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 -o /tmp/libgpg-error-1.50.tar.bz2 + BUILD_SETUP: | + curl -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 -o /tmp/libgpg-error-1.50.tar.bz2 tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ cd /tmp/libgpg-error-1.50 sudo ./configure From 5d5549e55b985b4467f8a0a951c0e9b670ef76b4 Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 11 Sep 2024 18:33:20 +0000 Subject: [PATCH 150/174] [nasa/Cryptolib#291] Testing CodeQL Refactor --- .github/workflows/codeql.yml | 27 +++++++++++---------------- 1 file changed, 11 insertions(+), 16 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 305ec3c1..cc017b44 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -17,6 +17,13 @@ on: branches: [ main, dev, 291-apply-codeql-workflow-to-all-builds ] pull_request: branches: [ main, dev ] +env: + BUILD_DEPENDENCIES: sudo apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat python3 + BUILD_PIP_DEPENDENCIES: sudo pip install pycryptodome + BUILD_UPDATE_LIBGPG: curl -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 -o /tmp/libgpg-error-1.50.tar.bz2 + BUILD_INSTALL_LIBGPG: tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ && cd /tmp/libgpg-error-1.50 && sudo ./configure && sudo make install + BUILD_UPDATE_LIBGCRYPT: curl -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 -o /tmp/libgcrypt-1.11.0.tar.bz2 + BUILD_INSTALL_LIBGCRYPT: tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ && cd /tmp/libgcrypt-1.11.0 && sudo ./configure && sudo make install && sudo ldconfig jobs: internal_build: @@ -40,20 +47,6 @@ jobs: env: BUILD_STRING: build_internal.sh - BUILD_DEPENDENCIES: sudo apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat python3 - BUILD_PIP_DEPENDENCIES: sudo pip install pycryptodome - BUILD_SETUP: | - curl -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 -o /tmp/libgpg-error-1.50.tar.bz2 - tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ - cd /tmp/libgpg-error-1.50 - sudo ./configure - sudo make install - curl -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 -o /tmp/libgcrypt-1.11.0.tar.bz2 - tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ - cd /tmp/libgcrypt-1.11.0 - sudo ./configure - sudo make install - sudo ldconfig strategy: @@ -100,7 +93,9 @@ jobs: run: | $BUILD_DEPENDENCIES $BUILD_PIP_DEPENDENCIES - $BUILD_SETUP + $BUILD_UPDATE_LIBGPG + $BUILD_INSTALL_LIBGPG + $BUILD_UPDATE_LIBGCRYPT + $BUILD_INSTALL_LIBGCRYPT bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING - \ No newline at end of file From 7939f97aaa2dd9ba29acd6229c56dab609f4dd52 Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 11 Sep 2024 18:40:19 +0000 Subject: [PATCH 151/174] [nasa/Cryptolib#291] Testing CodeQL Refactor --- .github/workflows/codeql.yml | 21 ++++++++------------- support/scripts/update_env.sh | 12 ++++++++++++ 2 files changed, 20 insertions(+), 13 deletions(-) create mode 100644 support/scripts/update_env.sh diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index cc017b44..d6c7ce98 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -17,13 +17,13 @@ on: branches: [ main, dev, 291-apply-codeql-workflow-to-all-builds ] pull_request: branches: [ main, dev ] -env: - BUILD_DEPENDENCIES: sudo apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat python3 - BUILD_PIP_DEPENDENCIES: sudo pip install pycryptodome - BUILD_UPDATE_LIBGPG: curl -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 -o /tmp/libgpg-error-1.50.tar.bz2 - BUILD_INSTALL_LIBGPG: tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ && cd /tmp/libgpg-error-1.50 && sudo ./configure && sudo make install - BUILD_UPDATE_LIBGCRYPT: curl -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 -o /tmp/libgcrypt-1.11.0.tar.bz2 - BUILD_INSTALL_LIBGCRYPT: tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ && cd /tmp/libgcrypt-1.11.0 && sudo ./configure && sudo make install && sudo ldconfig +# env: +# BUILD_DEPENDENCIES: sudo apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat python3 +# BUILD_PIP_DEPENDENCIES: sudo pip install pycryptodome +# BUILD_UPDATE_LIBGPG: curl -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 -o /tmp/libgpg-error-1.50.tar.bz2 +# BUILD_INSTALL_LIBGPG: tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ && cd /tmp/libgpg-error-1.50 && sudo ./configure && sudo make install +# BUILD_UPDATE_LIBGCRYPT: curl -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 -o /tmp/libgcrypt-1.11.0.tar.bz2 +# BUILD_INSTALL_LIBGCRYPT: tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ && cd /tmp/libgcrypt-1.11.0 && sudo ./configure && sudo make install && sudo ldconfig jobs: internal_build: @@ -91,11 +91,6 @@ jobs: - if: matrix.build-mode == 'manual' shell: bash run: | - $BUILD_DEPENDENCIES - $BUILD_PIP_DEPENDENCIES - $BUILD_UPDATE_LIBGPG - $BUILD_INSTALL_LIBGPG - $BUILD_UPDATE_LIBGCRYPT - $BUILD_INSTALL_LIBGCRYPT + bash ${GITHUB_WORKSPACE}/support/scripts/update_env.sh bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING diff --git a/support/scripts/update_env.sh b/support/scripts/update_env.sh new file mode 100644 index 00000000..ba0e2de5 --- /dev/null +++ b/support/scripts/update_env.sh @@ -0,0 +1,12 @@ + #!/bin/bash -i +# +# Convenience script for CryptoLib development +# Will update Libgpg and LibGCrypt +# + +sudo apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat python3 +sudo pip install pycryptodome +curl -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 -o /tmp/libgpg-error-1.50.tar.bz2 +tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ && cd /tmp/libgpg-error-1.50 && sudo ./configure && sudo make install +curl -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 -o /tmp/libgcrypt-1.11.0.tar.bz2 +tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ && cd /tmp/libgcrypt-1.11.0 && sudo ./configure && sudo make install && sudo ldconfig From b56ad4869f1b8224737459e106edb684c1ecd4fc Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 11 Sep 2024 18:47:55 +0000 Subject: [PATCH 152/174] [nasa/Cryptolib#291] Testing CodeQL Refactor --- .github/workflows/codeql.yml | 160 +++++++++++++++++++++++++++-------- 1 file changed, 126 insertions(+), 34 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index d6c7ce98..cdca19e0 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -17,22 +17,10 @@ on: branches: [ main, dev, 291-apply-codeql-workflow-to-all-builds ] pull_request: branches: [ main, dev ] -# env: -# BUILD_DEPENDENCIES: sudo apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat python3 -# BUILD_PIP_DEPENDENCIES: sudo pip install pycryptodome -# BUILD_UPDATE_LIBGPG: curl -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 -o /tmp/libgpg-error-1.50.tar.bz2 -# BUILD_INSTALL_LIBGPG: tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ && cd /tmp/libgpg-error-1.50 && sudo ./configure && sudo make install -# BUILD_UPDATE_LIBGCRYPT: curl -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 -o /tmp/libgcrypt-1.11.0.tar.bz2 -# BUILD_INSTALL_LIBGCRYPT: tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ && cd /tmp/libgcrypt-1.11.0 && sudo ./configure && sudo make install && sudo ldconfig jobs: internal_build: name: Analyze Build_Internal - # Runner size impacts CodeQL analysis time. To learn more, please see: - # - https://gh.io/recommended-hardware-resources-for-running-codeql - # - https://gh.io/supported-runners-and-hardware-resources - # - https://gh.io/using-larger-runners (GitHub.com only) - # Consider using larger runners or machines with greater resources for possible analysis time improvements. runs-on: ubuntu-latest permissions: # required for all workflows @@ -48,7 +36,6 @@ jobs: env: BUILD_STRING: build_internal.sh - strategy: fail-fast: false matrix: @@ -57,14 +44,6 @@ jobs: build-mode: manual # - language: python # build-mode: none - # CodeQL supports the following values keywords for 'language': 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift' - # Use `c-cpp` to analyze code written in C, C++ or both - # Use 'java-kotlin' to analyze code written in Java, Kotlin or both - # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both - # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis, - # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning. - # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how - # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages steps: - name: Checkout repository uses: actions/checkout@v4 @@ -75,22 +54,135 @@ jobs: with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - - # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs - # queries: security-extended,security-and-quality - - # If the analyze step fails for one of the languages you are analyzing with - # "We were unable to automatically build your code", modify the matrix above - # to set the build mode to "manual" for that language. Then modify this step - # to build your code. - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun + - if: matrix.build-mode == 'manual' shell: bash run: | bash ${GITHUB_WORKSPACE}/support/scripts/update_env.sh bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING +minimal_build: + name: Analyze Build_Internal + runs-on: ubuntu-latest + permissions: + # required for all workflows + security-events: write + + # required to fetch internal or private CodeQL packs + packages: read + + # only required for workflows in private repositories + actions: read + contents: read + + env: + BUILD_STRING: build_minimal.sh + + strategy: + fail-fast: false + matrix: + include: + - language: c-cpp + build-mode: manual + # - language: python + # build-mode: none + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + build-mode: ${{ matrix.build-mode }} + + - if: matrix.build-mode == 'manual' + shell: bash + run: | + bash ${GITHUB_WORKSPACE}/support/scripts/update_env.sh + bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING + +wolf_build: + name: Analyze Build_Internal + runs-on: ubuntu-latest + permissions: + # required for all workflows + security-events: write + + # required to fetch internal or private CodeQL packs + packages: read + + # only required for workflows in private repositories + actions: read + contents: read + + env: + BUILD_STRING: build_wolf.sh + + strategy: + fail-fast: false + matrix: + include: + - language: c-cpp + build-mode: manual + # - language: python + # build-mode: none + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + build-mode: ${{ matrix.build-mode }} + + - if: matrix.build-mode == 'manual' + shell: bash + run: | + bash ${GITHUB_WORKSPACE}/support/scripts/update_env.sh + bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING + +rhel_build: + name: Analyze Build_Internal + runs-on: ubuntu-latest + permissions: + # required for all workflows + security-events: write + + # required to fetch internal or private CodeQL packs + packages: read + + # only required for workflows in private repositories + actions: read + contents: read + + env: + BUILD_STRING: build_rhel.sh + + strategy: + fail-fast: false + matrix: + include: + - language: c-cpp + build-mode: manual + # - language: python + # build-mode: none + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + build-mode: ${{ matrix.build-mode }} + + - if: matrix.build-mode == 'manual' + shell: bash + run: | + bash ${GITHUB_WORKSPACE}/support/scripts/update_env.sh + bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING \ No newline at end of file From 58163139a8b5d22a9da182d80fe041e5932f438e Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 11 Sep 2024 18:48:46 +0000 Subject: [PATCH 153/174] [nasa/Cryptolib#291] Testing CodeQL Refactor --- .github/workflows/codeql.yml | 250 +++++++++++++++++------------------ 1 file changed, 125 insertions(+), 125 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index cdca19e0..bd1359f9 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -61,128 +61,128 @@ jobs: bash ${GITHUB_WORKSPACE}/support/scripts/update_env.sh bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING -minimal_build: - name: Analyze Build_Internal - runs-on: ubuntu-latest - permissions: - # required for all workflows - security-events: write - - # required to fetch internal or private CodeQL packs - packages: read - - # only required for workflows in private repositories - actions: read - contents: read - - env: - BUILD_STRING: build_minimal.sh - - strategy: - fail-fast: false - matrix: - include: - - language: c-cpp - build-mode: manual - # - language: python - # build-mode: none - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v3 - with: - languages: ${{ matrix.language }} - build-mode: ${{ matrix.build-mode }} - - - if: matrix.build-mode == 'manual' - shell: bash - run: | - bash ${GITHUB_WORKSPACE}/support/scripts/update_env.sh - bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING - -wolf_build: - name: Analyze Build_Internal - runs-on: ubuntu-latest - permissions: - # required for all workflows - security-events: write - - # required to fetch internal or private CodeQL packs - packages: read - - # only required for workflows in private repositories - actions: read - contents: read - - env: - BUILD_STRING: build_wolf.sh - - strategy: - fail-fast: false - matrix: - include: - - language: c-cpp - build-mode: manual - # - language: python - # build-mode: none - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v3 - with: - languages: ${{ matrix.language }} - build-mode: ${{ matrix.build-mode }} - - - if: matrix.build-mode == 'manual' - shell: bash - run: | - bash ${GITHUB_WORKSPACE}/support/scripts/update_env.sh - bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING - -rhel_build: - name: Analyze Build_Internal - runs-on: ubuntu-latest - permissions: - # required for all workflows - security-events: write - - # required to fetch internal or private CodeQL packs - packages: read - - # only required for workflows in private repositories - actions: read - contents: read - - env: - BUILD_STRING: build_rhel.sh - - strategy: - fail-fast: false - matrix: - include: - - language: c-cpp - build-mode: manual - # - language: python - # build-mode: none - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v3 - with: - languages: ${{ matrix.language }} - build-mode: ${{ matrix.build-mode }} - - - if: matrix.build-mode == 'manual' - shell: bash - run: | - bash ${GITHUB_WORKSPACE}/support/scripts/update_env.sh - bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING \ No newline at end of file + minimal_build: + name: Analyze Build_Internal + runs-on: ubuntu-latest + permissions: + # required for all workflows + security-events: write + + # required to fetch internal or private CodeQL packs + packages: read + + # only required for workflows in private repositories + actions: read + contents: read + + env: + BUILD_STRING: build_minimal.sh + + strategy: + fail-fast: false + matrix: + include: + - language: c-cpp + build-mode: manual + # - language: python + # build-mode: none + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + build-mode: ${{ matrix.build-mode }} + + - if: matrix.build-mode == 'manual' + shell: bash + run: | + bash ${GITHUB_WORKSPACE}/support/scripts/update_env.sh + bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING + + wolf_build: + name: Analyze Build_Internal + runs-on: ubuntu-latest + permissions: + # required for all workflows + security-events: write + + # required to fetch internal or private CodeQL packs + packages: read + + # only required for workflows in private repositories + actions: read + contents: read + + env: + BUILD_STRING: build_wolf.sh + + strategy: + fail-fast: false + matrix: + include: + - language: c-cpp + build-mode: manual + # - language: python + # build-mode: none + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + build-mode: ${{ matrix.build-mode }} + + - if: matrix.build-mode == 'manual' + shell: bash + run: | + bash ${GITHUB_WORKSPACE}/support/scripts/update_env.sh + bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING + + rhel_build: + name: Analyze Build_Internal + runs-on: ubuntu-latest + permissions: + # required for all workflows + security-events: write + + # required to fetch internal or private CodeQL packs + packages: read + + # only required for workflows in private repositories + actions: read + contents: read + + env: + BUILD_STRING: build_rhel.sh + + strategy: + fail-fast: false + matrix: + include: + - language: c-cpp + build-mode: manual + # - language: python + # build-mode: none + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + build-mode: ${{ matrix.build-mode }} + + - if: matrix.build-mode == 'manual' + shell: bash + run: | + bash ${GITHUB_WORKSPACE}/support/scripts/update_env.sh + bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING \ No newline at end of file From 3b91155e1a23432382ee8b856465e8465806469e Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 11 Sep 2024 18:54:22 +0000 Subject: [PATCH 154/174] [nasa/Cryptolib#291] Testing CodeQL Refactor --- .github/workflows/codeql.yml | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index bd1359f9..84ef7e32 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -62,7 +62,7 @@ jobs: bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING minimal_build: - name: Analyze Build_Internal + name: Analyze Build_Minimal runs-on: ubuntu-latest permissions: # required for all workflows @@ -104,7 +104,7 @@ jobs: bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING wolf_build: - name: Analyze Build_Internal + name: Analyze Build_Wolf runs-on: ubuntu-latest permissions: # required for all workflows @@ -128,7 +128,19 @@ jobs: build-mode: manual # - language: python # build-mode: none + steps: + - name: Clone WolfSSL + run: git clone --depth 1 --branch v5.6.0-stable https://github.com/wolfSSL/wolfssl.git /tmp/wolfssl + + - name: Build WolfSSL + run: mkdir /tmp/wolfssl/build; + cd /tmp/wolfssl/build; + cmake -DWOLFSSL_AESCCM=yes -DWOLFSSL_AESSIV=yes -DWOLFSSL_CMAC=yes ..; + cmake --build .; + sudo make install; + sudo ldconfig; + - name: Checkout repository uses: actions/checkout@v4 @@ -146,7 +158,7 @@ jobs: bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING rhel_build: - name: Analyze Build_Internal + name: Analyze Build_RHEL runs-on: ubuntu-latest permissions: # required for all workflows From b0e187ea83988a77799974c99c02f87d9d105327 Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 11 Sep 2024 19:15:49 +0000 Subject: [PATCH 155/174] [nasa/Cryptolib#291] Workflow Cleanup --- .github/workflows/build.yml | 74 ++---------------------------------- .github/workflows/codeql.yml | 2 +- 2 files changed, 5 insertions(+), 71 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 85419de3..71a5615d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -23,21 +23,7 @@ jobs: run: sudo pip install pycryptodome - name: Install Libgcrypt run: > - curl - -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 - -o /tmp/libgpg-error-1.50.tar.bz2 - && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ - && cd /tmp/libgpg-error-1.50 - && sudo ./configure - && sudo make install - && curl - -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 - -o /tmp/libgcrypt-1.11.0.tar.bz2 - && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ - && cd /tmp/libgcrypt-1.11.0 - && sudo ./configure - && sudo make install - && sudo ldconfig + bash ${GITHUB_WORKSPACE}/support/scripts/update_env.sh # End Container Setup - name: Minimal Build Script @@ -100,21 +86,7 @@ jobs: # run: sudo pip install pycryptodome # - name: Install Libgcrypt # run: > - # curl - # -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 - # -o /tmp/libgpg-error-1.50.tar.bz2 - # && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ - # && cd /tmp/libgpg-error-1.50 - # && sudo ./configure - # && sudo make install - # && curl - # -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 - # -o /tmp/libgcrypt-1.11.0.tar.bz2 - # && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ - # && cd /tmp/libgcrypt-1.11.0 - # && sudo ./configure - # && sudo make install - # && sudo ldconfig + # bash ${GITHUB_WORKSPACE}/support/scripts/update_env.sh # # End Container Setup # - name: KMC Build Script @@ -149,34 +121,12 @@ jobs: run: sudo pip install pycryptodome - name: Install Libgcrypt run: > - curl - -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 - -o /tmp/libgpg-error-1.50.tar.bz2 - && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ - && cd /tmp/libgpg-error-1.50 - && sudo ./configure - && sudo make install - && curl - -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 - -o /tmp/libgcrypt-1.11.0.tar.bz2 - && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ - && cd /tmp/libgcrypt-1.11.0 - && sudo ./configure - && sudo make install - && sudo ldconfig + bash ${GITHUB_WORKSPACE}/support/scripts/update_env.sh - name: Clone WolfSSL run: git clone --depth 1 --branch v5.6.0-stable https://github.com/wolfSSL/wolfssl.git /tmp/wolfssl # cmake -DCMAKE_INSTALL_PREFIX=/home/runner/.local -DWOLFSSL_AESCCM=yes -DWOLFSSL_AESSIV=yes -DWOLFSSL_CMAC=yes ..; - name: Build WolfSSL - # -DCMAKE_INSTALL_PREFIX=/home/runner/.local - #run: cd /tmp/wolfssl/; - # sudo chown -R runner /usr/local; - # ./autogen.sh; - # sudo ./configure --enable-aesccm --enable-aessiv --enable-cmac; - # make; - # make install; - #sudo chown -R runner /usr/local; run: mkdir /tmp/wolfssl/build; cd /tmp/wolfssl/build; cmake -DWOLFSSL_AESCCM=yes -DWOLFSSL_AESSIV=yes -DWOLFSSL_CMAC=yes ..; @@ -222,23 +172,7 @@ jobs: run: pip3 install pycryptodome - name: Install Libgcrypt run: > - curl - -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 - -o /tmp/libgpg-error-1.50.tar.bz2 - && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ - && cd /tmp/libgpg-error-1.50 - && ./configure - && make install - && curl - -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 - -o /tmp/libgcrypt-1.11.0.tar.bz2 - && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ - && cd /tmp/libgcrypt-1.11.0 - && ./configure - && make install - && echo "export LD_LIBRARY_PATH=/usr/local/lib/:/usr/local/include:$LD_LIBRARY_PATH" >> ~/.bashrc - && source ~/.bashrc - && ldconfig + bash ${GITHUB_WORKSPACE}/support/scripts/update_env.sh # End Container Setup - name: RHEL Build Script diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 84ef7e32..ea9a2d33 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -14,7 +14,7 @@ name: "CodeQL Advanced" on: push: - branches: [ main, dev, 291-apply-codeql-workflow-to-all-builds ] + branches: [ main, dev ] pull_request: branches: [ main, dev ] From fc702a55ddee31bee42a47652932a4555e061ba0 Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 11 Sep 2024 19:20:52 +0000 Subject: [PATCH 156/174] [nasa/Cryptolib#291] Workflow Cleanup - Typo Fixes --- .github/workflows/build.yml | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 71a5615d..f8dd6ae8 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -46,7 +46,7 @@ jobs: run: sudo pip install pycryptodome - name: Install Libgcrypt run: > - ansible-playbook ${GITHUB_WORKSPACE}/support/scripts/codeql.yml + bash ${GITHUB_WORKSPACE}/support/scripts/update_env.sh # End Container Setup - name: Internal Build Script @@ -86,7 +86,21 @@ jobs: # run: sudo pip install pycryptodome # - name: Install Libgcrypt # run: > - # bash ${GITHUB_WORKSPACE}/support/scripts/update_env.sh + # curl + # -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 + # -o /tmp/libgpg-error-1.50.tar.bz2 + # && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ + # && cd /tmp/libgpg-error-1.50 + # && sudo ./configure + # && sudo make install + # && curl + # -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 + # -o /tmp/libgcrypt-1.11.0.tar.bz2 + # && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ + # && cd /tmp/libgcrypt-1.11.0 + # && sudo ./configure + # && sudo make install + # && sudo ldconfig # # End Container Setup # - name: KMC Build Script @@ -127,6 +141,14 @@ jobs: # cmake -DCMAKE_INSTALL_PREFIX=/home/runner/.local -DWOLFSSL_AESCCM=yes -DWOLFSSL_AESSIV=yes -DWOLFSSL_CMAC=yes ..; - name: Build WolfSSL + # -DCMAKE_INSTALL_PREFIX=/home/runner/.local + #run: cd /tmp/wolfssl/; + # sudo chown -R runner /usr/local; + # ./autogen.sh; + # sudo ./configure --enable-aesccm --enable-aessiv --enable-cmac; + # make; + # make install; + #sudo chown -R runner /usr/local; run: mkdir /tmp/wolfssl/build; cd /tmp/wolfssl/build; cmake -DWOLFSSL_AESCCM=yes -DWOLFSSL_AESSIV=yes -DWOLFSSL_CMAC=yes ..; From d404cbc1118b938daedcf4c8c0f69d36fb01b7fc Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 11 Sep 2024 19:27:37 +0000 Subject: [PATCH 157/174] [nasa/Cryptolib#291] Workflow Cleanup - Typo Fixes --- .github/workflows/build.yml | 14 -------------- support/scripts/update_env.sh | 8 ++++---- 2 files changed, 4 insertions(+), 18 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index f8dd6ae8..2abd5fbd 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -53,11 +53,6 @@ jobs: working-directory: ${{github.workspace}} run: bash ${GITHUB_WORKSPACE}/support/scripts/build_internal.sh - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 - with: - category: "/language:c-cpp" - - name: Code-Coverage working-directory: ${{github.workspace}} run: make gcov @@ -139,16 +134,7 @@ jobs: - name: Clone WolfSSL run: git clone --depth 1 --branch v5.6.0-stable https://github.com/wolfSSL/wolfssl.git /tmp/wolfssl - # cmake -DCMAKE_INSTALL_PREFIX=/home/runner/.local -DWOLFSSL_AESCCM=yes -DWOLFSSL_AESSIV=yes -DWOLFSSL_CMAC=yes ..; - name: Build WolfSSL - # -DCMAKE_INSTALL_PREFIX=/home/runner/.local - #run: cd /tmp/wolfssl/; - # sudo chown -R runner /usr/local; - # ./autogen.sh; - # sudo ./configure --enable-aesccm --enable-aessiv --enable-cmac; - # make; - # make install; - #sudo chown -R runner /usr/local; run: mkdir /tmp/wolfssl/build; cd /tmp/wolfssl/build; cmake -DWOLFSSL_AESCCM=yes -DWOLFSSL_AESSIV=yes -DWOLFSSL_CMAC=yes ..; diff --git a/support/scripts/update_env.sh b/support/scripts/update_env.sh index ba0e2de5..59da58de 100644 --- a/support/scripts/update_env.sh +++ b/support/scripts/update_env.sh @@ -4,9 +4,9 @@ # Will update Libgpg and LibGCrypt # -sudo apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat python3 -sudo pip install pycryptodome +apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat python3 +pip install pycryptodome curl -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 -o /tmp/libgpg-error-1.50.tar.bz2 -tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ && cd /tmp/libgpg-error-1.50 && sudo ./configure && sudo make install +tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ && cd /tmp/libgpg-error-1.50 && ./configure && make install curl -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 -o /tmp/libgcrypt-1.11.0.tar.bz2 -tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ && cd /tmp/libgcrypt-1.11.0 && sudo ./configure && sudo make install && sudo ldconfig +tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ && cd /tmp/libgcrypt-1.11.0 && ./configure && make install && ldconfig From 3d71990b9616a4cbd84a46b4df0619daa70cbd07 Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 11 Sep 2024 19:29:45 +0000 Subject: [PATCH 158/174] [nasa/Cryptolib#291] Workflow Cleanup - Typo Fixes --- .github/workflows/build.yml | 66 ++++++++++++++++++++++++++++++++--- support/scripts/update_env.sh | 8 ++--- 2 files changed, 66 insertions(+), 8 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 2abd5fbd..85419de3 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -23,7 +23,21 @@ jobs: run: sudo pip install pycryptodome - name: Install Libgcrypt run: > - bash ${GITHUB_WORKSPACE}/support/scripts/update_env.sh + curl + -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 + -o /tmp/libgpg-error-1.50.tar.bz2 + && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ + && cd /tmp/libgpg-error-1.50 + && sudo ./configure + && sudo make install + && curl + -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 + -o /tmp/libgcrypt-1.11.0.tar.bz2 + && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ + && cd /tmp/libgcrypt-1.11.0 + && sudo ./configure + && sudo make install + && sudo ldconfig # End Container Setup - name: Minimal Build Script @@ -46,13 +60,18 @@ jobs: run: sudo pip install pycryptodome - name: Install Libgcrypt run: > - bash ${GITHUB_WORKSPACE}/support/scripts/update_env.sh + ansible-playbook ${GITHUB_WORKSPACE}/support/scripts/codeql.yml # End Container Setup - name: Internal Build Script working-directory: ${{github.workspace}} run: bash ${GITHUB_WORKSPACE}/support/scripts/build_internal.sh + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:c-cpp" + - name: Code-Coverage working-directory: ${{github.workspace}} run: make gcov @@ -130,11 +149,34 @@ jobs: run: sudo pip install pycryptodome - name: Install Libgcrypt run: > - bash ${GITHUB_WORKSPACE}/support/scripts/update_env.sh + curl + -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 + -o /tmp/libgpg-error-1.50.tar.bz2 + && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ + && cd /tmp/libgpg-error-1.50 + && sudo ./configure + && sudo make install + && curl + -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 + -o /tmp/libgcrypt-1.11.0.tar.bz2 + && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ + && cd /tmp/libgcrypt-1.11.0 + && sudo ./configure + && sudo make install + && sudo ldconfig - name: Clone WolfSSL run: git clone --depth 1 --branch v5.6.0-stable https://github.com/wolfSSL/wolfssl.git /tmp/wolfssl + # cmake -DCMAKE_INSTALL_PREFIX=/home/runner/.local -DWOLFSSL_AESCCM=yes -DWOLFSSL_AESSIV=yes -DWOLFSSL_CMAC=yes ..; - name: Build WolfSSL + # -DCMAKE_INSTALL_PREFIX=/home/runner/.local + #run: cd /tmp/wolfssl/; + # sudo chown -R runner /usr/local; + # ./autogen.sh; + # sudo ./configure --enable-aesccm --enable-aessiv --enable-cmac; + # make; + # make install; + #sudo chown -R runner /usr/local; run: mkdir /tmp/wolfssl/build; cd /tmp/wolfssl/build; cmake -DWOLFSSL_AESCCM=yes -DWOLFSSL_AESSIV=yes -DWOLFSSL_CMAC=yes ..; @@ -180,7 +222,23 @@ jobs: run: pip3 install pycryptodome - name: Install Libgcrypt run: > - bash ${GITHUB_WORKSPACE}/support/scripts/update_env.sh + curl + -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 + -o /tmp/libgpg-error-1.50.tar.bz2 + && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ + && cd /tmp/libgpg-error-1.50 + && ./configure + && make install + && curl + -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 + -o /tmp/libgcrypt-1.11.0.tar.bz2 + && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ + && cd /tmp/libgcrypt-1.11.0 + && ./configure + && make install + && echo "export LD_LIBRARY_PATH=/usr/local/lib/:/usr/local/include:$LD_LIBRARY_PATH" >> ~/.bashrc + && source ~/.bashrc + && ldconfig # End Container Setup - name: RHEL Build Script diff --git a/support/scripts/update_env.sh b/support/scripts/update_env.sh index 59da58de..ba0e2de5 100644 --- a/support/scripts/update_env.sh +++ b/support/scripts/update_env.sh @@ -4,9 +4,9 @@ # Will update Libgpg and LibGCrypt # -apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat python3 -pip install pycryptodome +sudo apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat python3 +sudo pip install pycryptodome curl -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 -o /tmp/libgpg-error-1.50.tar.bz2 -tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ && cd /tmp/libgpg-error-1.50 && ./configure && make install +tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ && cd /tmp/libgpg-error-1.50 && sudo ./configure && sudo make install curl -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 -o /tmp/libgcrypt-1.11.0.tar.bz2 -tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ && cd /tmp/libgcrypt-1.11.0 && ./configure && make install && ldconfig +tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ && cd /tmp/libgcrypt-1.11.0 && sudo ./configure && sudo make install && sudo ldconfig From 780bba038acff596290357d79ed1634ded1a5155 Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 11 Sep 2024 19:32:42 +0000 Subject: [PATCH 159/174] [nasa/Cryptolib#291] Workflow Cleanup - Build.yml revert --- .github/workflows/build.yml | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 85419de3..7cfcd10c 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -60,18 +60,27 @@ jobs: run: sudo pip install pycryptodome - name: Install Libgcrypt run: > - ansible-playbook ${GITHUB_WORKSPACE}/support/scripts/codeql.yml + curl + -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 + -o /tmp/libgpg-error-1.50.tar.bz2 + && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ + && cd /tmp/libgpg-error-1.50 + && sudo ./configure + && sudo make install + && curl + -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 + -o /tmp/libgcrypt-1.11.0.tar.bz2 + && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ + && cd /tmp/libgcrypt-1.11.0 + && sudo ./configure + && sudo make install + && sudo ldconfig # End Container Setup - name: Internal Build Script working-directory: ${{github.workspace}} run: bash ${GITHUB_WORKSPACE}/support/scripts/build_internal.sh - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 - with: - category: "/language:c-cpp" - - name: Code-Coverage working-directory: ${{github.workspace}} run: make gcov @@ -255,4 +264,4 @@ jobs: CODECOV_TOKEN: 71699f25-12a3-44a4-8a83-be777b9e577a with: files: 'coverage/*.c.gcov' - verbose: true + verbose: true \ No newline at end of file From 9b211e304349da857254c78874ff95fc191892f7 Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 11 Sep 2024 19:55:26 +0000 Subject: [PATCH 160/174] [nasa/Cryptolib#295] Add include directory call --- src/CMakeLists.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index f897dc09..418e8e8d 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -130,6 +130,7 @@ endif() if(DEFINED CFE_SYSTEM_PSPNAME) set(CMAKE_INSTALL_RPATH "./${INSTALL_SUBDIR}") add_cfe_app(crypto ${LIB_SRC_FILES}) + target_include_directories(crypto PUBLIC ../include) install(TARGETS crypto RUNTIME_DEPENDENCIES DESTINATION ${CMAKE_INSTALL_PREFIX}/${TGTSYS_${SYSVAR}}/${INSTALL_SUBDIR}) else() # Standalone build From 20477067ef90186064585c3a27622da7a189c4f3 Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 11 Sep 2024 20:08:41 +0000 Subject: [PATCH 161/174] [nasa/Cryptolib#291] CodeQL YML Refactor --- .github/workflows/codeql.yml | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index ea9a2d33..8b765f69 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -48,6 +48,10 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 + - name: Update Dependencies + run: | + bash ${GITHUB_WORKSPACE}/support/scripts/update_env.sh + # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL uses: github/codeql-action/init@v3 @@ -58,7 +62,6 @@ jobs: - if: matrix.build-mode == 'manual' shell: bash run: | - bash ${GITHUB_WORKSPACE}/support/scripts/update_env.sh bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING minimal_build: @@ -90,6 +93,10 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 + - name: Update Dependencies + run: | + bash ${GITHUB_WORKSPACE}/support/scripts/update_env.sh + # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL uses: github/codeql-action/init@v3 @@ -100,7 +107,6 @@ jobs: - if: matrix.build-mode == 'manual' shell: bash run: | - bash ${GITHUB_WORKSPACE}/support/scripts/update_env.sh bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING wolf_build: @@ -140,6 +146,10 @@ jobs: cmake --build .; sudo make install; sudo ldconfig; + + - name: Update Dependencies + run: | + bash ${GITHUB_WORKSPACE}/support/scripts/update_env.sh - name: Checkout repository uses: actions/checkout@v4 @@ -154,7 +164,6 @@ jobs: - if: matrix.build-mode == 'manual' shell: bash run: | - bash ${GITHUB_WORKSPACE}/support/scripts/update_env.sh bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING rhel_build: @@ -186,6 +195,10 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 + - name: Update Dependencies + run: | + bash ${GITHUB_WORKSPACE}/support/scripts/update_env.sh + # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL uses: github/codeql-action/init@v3 @@ -196,5 +209,4 @@ jobs: - if: matrix.build-mode == 'manual' shell: bash run: | - bash ${GITHUB_WORKSPACE}/support/scripts/update_env.sh bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING \ No newline at end of file From 693ba550878a8e60cb3e03e888e7e40292c2c9bd Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 11 Sep 2024 20:12:42 +0000 Subject: [PATCH 162/174] [nasa/Cryptolib#291] CodeQL YML Refactor --- .github/workflows/codeql.yml | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 8b765f69..e5302419 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -149,7 +149,21 @@ jobs: - name: Update Dependencies run: | - bash ${GITHUB_WORKSPACE}/support/scripts/update_env.sh + curl + -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 + -o /tmp/libgpg-error-1.50.tar.bz2 + && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ + && cd /tmp/libgpg-error-1.50 + && sudo ./configure + && sudo make install + && curl + -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 + -o /tmp/libgcrypt-1.11.0.tar.bz2 + && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ + && cd /tmp/libgcrypt-1.11.0 + && sudo ./configure + && sudo make install + && sudo ldconfig - name: Checkout repository uses: actions/checkout@v4 From 4a320253806d18817da35c280a5e644b908b6e56 Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 11 Sep 2024 20:17:43 +0000 Subject: [PATCH 163/174] [nasa/Cryptolib#291] CodeQL YML Refactor --- .github/workflows/codeql.yml | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index e5302419..9947790b 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -148,17 +148,13 @@ jobs: sudo ldconfig; - name: Update Dependencies - run: | - curl - -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 - -o /tmp/libgpg-error-1.50.tar.bz2 + run: > + curl -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 -o /tmp/libgpg-error-1.50.tar.bz2 && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ && cd /tmp/libgpg-error-1.50 && sudo ./configure && sudo make install - && curl - -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 - -o /tmp/libgcrypt-1.11.0.tar.bz2 + && curl -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 -o /tmp/libgcrypt-1.11.0.tar.bz2 && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ && cd /tmp/libgcrypt-1.11.0 && sudo ./configure From b3cdc2ac0232deb96a9ab61e07aee24f5602075e Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 11 Sep 2024 20:21:20 +0000 Subject: [PATCH 164/174] [nasa/Cryptolib#291] CodeQL YML Refactor --- .github/workflows/codeql.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 9947790b..9f75d7d0 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -146,7 +146,12 @@ jobs: cmake --build .; sudo make install; sudo ldconfig; + - name: Install Dependencies + run: sudo apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat python3 autoconf libtool + - name: Install Python Libraries + run: sudo pip install pycryptodome + - name: Update Dependencies run: > curl -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 -o /tmp/libgpg-error-1.50.tar.bz2 From d5a86aec04b8ad79e2d57f0875e0b54063406a4d Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 11 Sep 2024 20:27:56 +0000 Subject: [PATCH 165/174] [nasa/Cryptolib#291] CodeQL YML Refactor --- .github/workflows/codeql.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 9f75d7d0..4ad079ba 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -19,7 +19,7 @@ on: branches: [ main, dev ] jobs: - internal_build: + analyze: name: Analyze Build_Internal runs-on: ubuntu-latest permissions: @@ -64,7 +64,7 @@ jobs: run: | bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING - minimal_build: + analyze: name: Analyze Build_Minimal runs-on: ubuntu-latest permissions: @@ -109,7 +109,7 @@ jobs: run: | bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING - wolf_build: + analyze: name: Analyze Build_Wolf runs-on: ubuntu-latest permissions: @@ -151,7 +151,7 @@ jobs: - name: Install Python Libraries run: sudo pip install pycryptodome - + - name: Update Dependencies run: > curl -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 -o /tmp/libgpg-error-1.50.tar.bz2 @@ -181,7 +181,7 @@ jobs: run: | bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING - rhel_build: + analyze: name: Analyze Build_RHEL runs-on: ubuntu-latest permissions: From adc4f2f50b1fc2023a77b9e702b4cfb0aa2efeb5 Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 11 Sep 2024 20:29:52 +0000 Subject: [PATCH 166/174] [nasa/Cryptolib#291] CodeQL YML Refactor --- .github/workflows/codeql.yml | 316 +++++++++++++++++------------------ 1 file changed, 158 insertions(+), 158 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 4ad079ba..3ffbd4f4 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -64,164 +64,164 @@ jobs: run: | bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING - analyze: - name: Analyze Build_Minimal - runs-on: ubuntu-latest - permissions: - # required for all workflows - security-events: write - - # required to fetch internal or private CodeQL packs - packages: read - - # only required for workflows in private repositories - actions: read - contents: read - - env: - BUILD_STRING: build_minimal.sh - - strategy: - fail-fast: false - matrix: - include: - - language: c-cpp - build-mode: manual - # - language: python - # build-mode: none - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Update Dependencies - run: | - bash ${GITHUB_WORKSPACE}/support/scripts/update_env.sh - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v3 - with: - languages: ${{ matrix.language }} - build-mode: ${{ matrix.build-mode }} - - - if: matrix.build-mode == 'manual' - shell: bash - run: | - bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING - - analyze: - name: Analyze Build_Wolf - runs-on: ubuntu-latest - permissions: - # required for all workflows - security-events: write - - # required to fetch internal or private CodeQL packs - packages: read - - # only required for workflows in private repositories - actions: read - contents: read - - env: - BUILD_STRING: build_wolf.sh - - strategy: - fail-fast: false - matrix: - include: - - language: c-cpp - build-mode: manual - # - language: python - # build-mode: none + # analyze: + # name: Analyze Build_Minimal + # runs-on: ubuntu-latest + # permissions: + # # required for all workflows + # security-events: write + + # # required to fetch internal or private CodeQL packs + # packages: read + + # # only required for workflows in private repositories + # actions: read + # contents: read + + # env: + # BUILD_STRING: build_minimal.sh + + # strategy: + # fail-fast: false + # matrix: + # include: + # - language: c-cpp + # build-mode: manual + # # - language: python + # # build-mode: none + # steps: + # - name: Checkout repository + # uses: actions/checkout@v4 + + # - name: Update Dependencies + # run: | + # bash ${GITHUB_WORKSPACE}/support/scripts/update_env.sh + + # # Initializes the CodeQL tools for scanning. + # - name: Initialize CodeQL + # uses: github/codeql-action/init@v3 + # with: + # languages: ${{ matrix.language }} + # build-mode: ${{ matrix.build-mode }} + + # - if: matrix.build-mode == 'manual' + # shell: bash + # run: | + # bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING + + # analyze: + # name: Analyze Build_Wolf + # runs-on: ubuntu-latest + # permissions: + # # required for all workflows + # security-events: write + + # # required to fetch internal or private CodeQL packs + # packages: read + + # # only required for workflows in private repositories + # actions: read + # contents: read + + # env: + # BUILD_STRING: build_wolf.sh + + # strategy: + # fail-fast: false + # matrix: + # include: + # - language: c-cpp + # build-mode: manual + # # - language: python + # # build-mode: none - steps: - - name: Clone WolfSSL - run: git clone --depth 1 --branch v5.6.0-stable https://github.com/wolfSSL/wolfssl.git /tmp/wolfssl + # steps: + # - name: Clone WolfSSL + # run: git clone --depth 1 --branch v5.6.0-stable https://github.com/wolfSSL/wolfssl.git /tmp/wolfssl - - name: Build WolfSSL - run: mkdir /tmp/wolfssl/build; - cd /tmp/wolfssl/build; - cmake -DWOLFSSL_AESCCM=yes -DWOLFSSL_AESSIV=yes -DWOLFSSL_CMAC=yes ..; - cmake --build .; - sudo make install; - sudo ldconfig; - - name: Install Dependencies - run: sudo apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat python3 autoconf libtool - - - name: Install Python Libraries - run: sudo pip install pycryptodome - - - name: Update Dependencies - run: > - curl -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 -o /tmp/libgpg-error-1.50.tar.bz2 - && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ - && cd /tmp/libgpg-error-1.50 - && sudo ./configure - && sudo make install - && curl -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 -o /tmp/libgcrypt-1.11.0.tar.bz2 - && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ - && cd /tmp/libgcrypt-1.11.0 - && sudo ./configure - && sudo make install - && sudo ldconfig + # - name: Build WolfSSL + # run: mkdir /tmp/wolfssl/build; + # cd /tmp/wolfssl/build; + # cmake -DWOLFSSL_AESCCM=yes -DWOLFSSL_AESSIV=yes -DWOLFSSL_CMAC=yes ..; + # cmake --build .; + # sudo make install; + # sudo ldconfig; + # - name: Install Dependencies + # run: sudo apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat python3 autoconf libtool + + # - name: Install Python Libraries + # run: sudo pip install pycryptodome + + # - name: Update Dependencies + # run: > + # curl -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 -o /tmp/libgpg-error-1.50.tar.bz2 + # && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ + # && cd /tmp/libgpg-error-1.50 + # && sudo ./configure + # && sudo make install + # && curl -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 -o /tmp/libgcrypt-1.11.0.tar.bz2 + # && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ + # && cd /tmp/libgcrypt-1.11.0 + # && sudo ./configure + # && sudo make install + # && sudo ldconfig - - name: Checkout repository - uses: actions/checkout@v4 - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v3 - with: - languages: ${{ matrix.language }} - build-mode: ${{ matrix.build-mode }} - - - if: matrix.build-mode == 'manual' - shell: bash - run: | - bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING - - analyze: - name: Analyze Build_RHEL - runs-on: ubuntu-latest - permissions: - # required for all workflows - security-events: write - - # required to fetch internal or private CodeQL packs - packages: read - - # only required for workflows in private repositories - actions: read - contents: read - - env: - BUILD_STRING: build_rhel.sh - - strategy: - fail-fast: false - matrix: - include: - - language: c-cpp - build-mode: manual - # - language: python - # build-mode: none - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Update Dependencies - run: | - bash ${GITHUB_WORKSPACE}/support/scripts/update_env.sh - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v3 - with: - languages: ${{ matrix.language }} - build-mode: ${{ matrix.build-mode }} - - - if: matrix.build-mode == 'manual' - shell: bash - run: | - bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING \ No newline at end of file + # - name: Checkout repository + # uses: actions/checkout@v4 + + # # Initializes the CodeQL tools for scanning. + # - name: Initialize CodeQL + # uses: github/codeql-action/init@v3 + # with: + # languages: ${{ matrix.language }} + # build-mode: ${{ matrix.build-mode }} + + # - if: matrix.build-mode == 'manual' + # shell: bash + # run: | + # bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING + + # analyze: + # name: Analyze Build_RHEL + # runs-on: ubuntu-latest + # permissions: + # # required for all workflows + # security-events: write + + # # required to fetch internal or private CodeQL packs + # packages: read + + # # only required for workflows in private repositories + # actions: read + # contents: read + + # env: + # BUILD_STRING: build_rhel.sh + + # strategy: + # fail-fast: false + # matrix: + # include: + # - language: c-cpp + # build-mode: manual + # # - language: python + # # build-mode: none + # steps: + # - name: Checkout repository + # uses: actions/checkout@v4 + + # - name: Update Dependencies + # run: | + # bash ${GITHUB_WORKSPACE}/support/scripts/update_env.sh + + # # Initializes the CodeQL tools for scanning. + # - name: Initialize CodeQL + # uses: github/codeql-action/init@v3 + # with: + # languages: ${{ matrix.language }} + # build-mode: ${{ matrix.build-mode }} + + # - if: matrix.build-mode == 'manual' + # shell: bash + # run: | + # bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING \ No newline at end of file From 3d929b88890ffd4b923b9fe5eaee993b14817491 Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 11 Sep 2024 20:35:39 +0000 Subject: [PATCH 167/174] [nasa/Cryptolib#291] CodeQL YML Refactor --- .github/workflows/codeql.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 3ffbd4f4..357da425 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -9,7 +9,6 @@ # the `language` matrix defined below to confirm you have the correct set of # supported CodeQL languages. # ---- name: "CodeQL Advanced" on: @@ -21,7 +20,7 @@ on: jobs: analyze: name: Analyze Build_Internal - runs-on: ubuntu-latest + runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} permissions: # required for all workflows security-events: write From d74025a02072054e7e84aed30ba54ca0c04fd28b Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 11 Sep 2024 20:38:37 +0000 Subject: [PATCH 168/174] [nasa/Cryptolib#291] CodeQL YML Refactor --- .github/workflows/codeql.yml | 163 +++++++++++++++++++++++++++++++---- 1 file changed, 147 insertions(+), 16 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 357da425..e19efcde 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -1,3 +1,15 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# + # For most projects, this workflow file will not need changing; you simply need # to commit it to your repository. # @@ -11,16 +23,19 @@ # name: "CodeQL Advanced" -on: - push: - branches: [ main, dev ] +on: pull_request: branches: [ main, dev ] jobs: analyze: - name: Analyze Build_Internal - runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} + name: Analyze (${{ matrix.language }}) + # Runner size impacts CodeQL analysis time. To learn more, please see: + # - https://gh.io/recommended-hardware-resources-for-running-codeql + # - https://gh.io/supported-runners-and-hardware-resources + # - https://gh.io/using-larger-runners (GitHub.com only) + # Consider using larger runners or machines with greater resources for possible analysis time improvements. + runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} permissions: # required for all workflows security-events: write @@ -32,36 +47,152 @@ jobs: actions: read contents: read - env: - BUILD_STRING: build_internal.sh - strategy: fail-fast: false matrix: include: - language: c-cpp build-mode: manual - # - language: python - # build-mode: none + - language: python + build-mode: none + # CodeQL supports the following values keywords for 'language': 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift' + # Use `c-cpp` to analyze code written in C, C++ or both + # Use 'java-kotlin' to analyze code written in Java, Kotlin or both + # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both + # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis, + # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning. + # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how + # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages steps: - name: Checkout repository uses: actions/checkout@v4 - - name: Update Dependencies - run: | - bash ${GITHUB_WORKSPACE}/support/scripts/update_env.sh - # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} - + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + + # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs + # queries: security-extended,security-and-quality + + # If the analyze step fails for one of the languages you are analyzing with + # "We were unable to automatically build your code", modify the matrix above + # to set the build mode to "manual" for that language. Then modify this step + # to build your code. + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun - if: matrix.build-mode == 'manual' shell: bash run: | - bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING + sudo apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat python3 + sudo pip install pycryptodome + curl \ + -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 \ + -o /tmp/libgpg-error-1.50.tar.bz2 \ + && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ \ + && cd /tmp/libgpg-error-1.50 \ + && sudo ./configure \ + && sudo make install \ + && curl \ + -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 \ + -o /tmp/libgcrypt-1.11.0.tar.bz2 \ + && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ \ + && cd /tmp/libgcrypt-1.11.0 \ + && sudo ./configure \ + && sudo make install \ + && sudo ldconfig + bash ${GITHUB_WORKSPACE}/support/scripts/build_internal.sh + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:${{matrix.language}}" + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +# name: "CodeQL Advanced" + +# on: +# push: +# branches: [ main, dev ] +# pull_request: +# branches: [ main, dev ] + +# jobs: +# analyze: +# name: Analyze Build_Internal +# runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} +# permissions: +# # required for all workflows +# security-events: write + +# # required to fetch internal or private CodeQL packs +# packages: read + +# # only required for workflows in private repositories +# actions: read +# contents: read + +# env: +# BUILD_STRING: build_internal.sh + +# strategy: +# fail-fast: false +# matrix: +# include: +# - language: c-cpp +# build-mode: manual +# # - language: python +# # build-mode: none +# steps: +# - name: Checkout repository +# uses: actions/checkout@v4 + +# - name: Update Dependencies +# run: | +# bash ${GITHUB_WORKSPACE}/support/scripts/update_env.sh + +# # Initializes the CodeQL tools for scanning. +# - name: Initialize CodeQL +# uses: github/codeql-action/init@v3 +# with: +# languages: ${{ matrix.language }} +# build-mode: ${{ matrix.build-mode }} + +# - if: matrix.build-mode == 'manual' +# shell: bash +# run: | +# bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING # analyze: # name: Analyze Build_Minimal From ca970ebf5c0457f45f6ff9c7c9a1fa8b80f5b066 Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 11 Sep 2024 20:44:21 +0000 Subject: [PATCH 169/174] [nasa/Cryptolib#291] CodeQL YML Refactor --- .github/workflows/codeql.yml | 491 ++++++++++++++--------------------- 1 file changed, 190 insertions(+), 301 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index e19efcde..bfa3feae 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -1,15 +1,3 @@ -# For most projects, this workflow file will not need changing; you simply need -# to commit it to your repository. -# -# You may wish to alter this file to override the set of languages analyzed, -# or to provide custom queries or build logic. -# -# ******** NOTE ******** -# We have attempted to detect the languages in your repository. Please check -# the `language` matrix defined below to confirm you have the correct set of -# supported CodeQL languages. -# - # For most projects, this workflow file will not need changing; you simply need # to commit it to your repository. # @@ -23,18 +11,15 @@ # name: "CodeQL Advanced" -on: +on: + push: + branches: [ main, dev ] pull_request: branches: [ main, dev ] jobs: - analyze: - name: Analyze (${{ matrix.language }}) - # Runner size impacts CodeQL analysis time. To learn more, please see: - # - https://gh.io/recommended-hardware-resources-for-running-codeql - # - https://gh.io/supported-runners-and-hardware-resources - # - https://gh.io/using-larger-runners (GitHub.com only) - # Consider using larger runners or machines with greater resources for possible analysis time improvements. + build_internal: + name: Analyze Build_Internal runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} permissions: # required for all workflows @@ -47,311 +32,215 @@ jobs: actions: read contents: read + env: + BUILD_STRING: build_internal.sh + strategy: fail-fast: false matrix: include: - language: c-cpp build-mode: manual - - language: python - build-mode: none - # CodeQL supports the following values keywords for 'language': 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift' - # Use `c-cpp` to analyze code written in C, C++ or both - # Use 'java-kotlin' to analyze code written in Java, Kotlin or both - # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both - # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis, - # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning. - # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how - # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages + # - language: python + # build-mode: none steps: - name: Checkout repository uses: actions/checkout@v4 + - name: Update Dependencies + run: | + bash ${GITHUB_WORKSPACE}/support/scripts/update_env.sh + # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - - # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs - # queries: security-extended,security-and-quality - - # If the analyze step fails for one of the languages you are analyzing with - # "We were unable to automatically build your code", modify the matrix above - # to set the build mode to "manual" for that language. Then modify this step - # to build your code. - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun + - if: matrix.build-mode == 'manual' shell: bash run: | - sudo apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat python3 - sudo pip install pycryptodome - curl \ - -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 \ - -o /tmp/libgpg-error-1.50.tar.bz2 \ - && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ \ - && cd /tmp/libgpg-error-1.50 \ - && sudo ./configure \ - && sudo make install \ - && curl \ - -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 \ - -o /tmp/libgcrypt-1.11.0.tar.bz2 \ - && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ \ - && cd /tmp/libgcrypt-1.11.0 \ - && sudo ./configure \ - && sudo make install \ - && sudo ldconfig - bash ${GITHUB_WORKSPACE}/support/scripts/build_internal.sh + bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING + - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 with: category: "/language:${{matrix.language}}" - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -# name: "CodeQL Advanced" - -# on: -# push: -# branches: [ main, dev ] -# pull_request: -# branches: [ main, dev ] - -# jobs: -# analyze: -# name: Analyze Build_Internal -# runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} -# permissions: -# # required for all workflows -# security-events: write - -# # required to fetch internal or private CodeQL packs -# packages: read - -# # only required for workflows in private repositories -# actions: read -# contents: read - -# env: -# BUILD_STRING: build_internal.sh - -# strategy: -# fail-fast: false -# matrix: -# include: -# - language: c-cpp -# build-mode: manual -# # - language: python -# # build-mode: none -# steps: -# - name: Checkout repository -# uses: actions/checkout@v4 - -# - name: Update Dependencies -# run: | -# bash ${GITHUB_WORKSPACE}/support/scripts/update_env.sh - -# # Initializes the CodeQL tools for scanning. -# - name: Initialize CodeQL -# uses: github/codeql-action/init@v3 -# with: -# languages: ${{ matrix.language }} -# build-mode: ${{ matrix.build-mode }} - -# - if: matrix.build-mode == 'manual' -# shell: bash -# run: | -# bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING - # analyze: - # name: Analyze Build_Minimal - # runs-on: ubuntu-latest - # permissions: - # # required for all workflows - # security-events: write - - # # required to fetch internal or private CodeQL packs - # packages: read - - # # only required for workflows in private repositories - # actions: read - # contents: read - - # env: - # BUILD_STRING: build_minimal.sh - - # strategy: - # fail-fast: false - # matrix: - # include: - # - language: c-cpp - # build-mode: manual - # # - language: python - # # build-mode: none - # steps: - # - name: Checkout repository - # uses: actions/checkout@v4 - - # - name: Update Dependencies - # run: | - # bash ${GITHUB_WORKSPACE}/support/scripts/update_env.sh - - # # Initializes the CodeQL tools for scanning. - # - name: Initialize CodeQL - # uses: github/codeql-action/init@v3 - # with: - # languages: ${{ matrix.language }} - # build-mode: ${{ matrix.build-mode }} - - # - if: matrix.build-mode == 'manual' - # shell: bash - # run: | - # bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING - - # analyze: - # name: Analyze Build_Wolf - # runs-on: ubuntu-latest - # permissions: - # # required for all workflows - # security-events: write - - # # required to fetch internal or private CodeQL packs - # packages: read - - # # only required for workflows in private repositories - # actions: read - # contents: read - - # env: - # BUILD_STRING: build_wolf.sh - - # strategy: - # fail-fast: false - # matrix: - # include: - # - language: c-cpp - # build-mode: manual - # # - language: python - # # build-mode: none + build_minimal: + name: Analyze Build_Minimal + runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} + permissions: + # required for all workflows + security-events: write + + # required to fetch internal or private CodeQL packs + packages: read + + # only required for workflows in private repositories + actions: read + contents: read + + env: + BUILD_STRING: build_minimal.sh + + strategy: + fail-fast: false + matrix: + include: + - language: c-cpp + build-mode: manual + # - language: python + # build-mode: none + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Update Dependencies + run: | + bash ${GITHUB_WORKSPACE}/support/scripts/update_env.sh + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + build-mode: ${{ matrix.build-mode }} + + - if: matrix.build-mode == 'manual' + shell: bash + run: | + bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:${{matrix.language}}" + + build_wolf: + name: Analyze Build_Wolf + runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} + permissions: + # required for all workflows + security-events: write + + # required to fetch internal or private CodeQL packs + packages: read + + # only required for workflows in private repositories + actions: read + contents: read + + env: + BUILD_STRING: build_wolf.sh + + strategy: + fail-fast: false + matrix: + include: + - language: c-cpp + build-mode: manual + # - language: python + # build-mode: none - # steps: - # - name: Clone WolfSSL - # run: git clone --depth 1 --branch v5.6.0-stable https://github.com/wolfSSL/wolfssl.git /tmp/wolfssl + steps: + - name: Clone WolfSSL + run: git clone --depth 1 --branch v5.6.0-stable https://github.com/wolfSSL/wolfssl.git /tmp/wolfssl - # - name: Build WolfSSL - # run: mkdir /tmp/wolfssl/build; - # cd /tmp/wolfssl/build; - # cmake -DWOLFSSL_AESCCM=yes -DWOLFSSL_AESSIV=yes -DWOLFSSL_CMAC=yes ..; - # cmake --build .; - # sudo make install; - # sudo ldconfig; - # - name: Install Dependencies - # run: sudo apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat python3 autoconf libtool - - # - name: Install Python Libraries - # run: sudo pip install pycryptodome - - # - name: Update Dependencies - # run: > - # curl -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 -o /tmp/libgpg-error-1.50.tar.bz2 - # && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ - # && cd /tmp/libgpg-error-1.50 - # && sudo ./configure - # && sudo make install - # && curl -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 -o /tmp/libgcrypt-1.11.0.tar.bz2 - # && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ - # && cd /tmp/libgcrypt-1.11.0 - # && sudo ./configure - # && sudo make install - # && sudo ldconfig + - name: Build WolfSSL + run: mkdir /tmp/wolfssl/build; + cd /tmp/wolfssl/build; + cmake -DWOLFSSL_AESCCM=yes -DWOLFSSL_AESSIV=yes -DWOLFSSL_CMAC=yes ..; + cmake --build .; + sudo make install; + sudo ldconfig; + - name: Install Dependencies + run: sudo apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat python3 autoconf libtool + + - name: Install Python Libraries + run: sudo pip install pycryptodome + + - name: Update Dependencies + run: > + curl -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 -o /tmp/libgpg-error-1.50.tar.bz2 + && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ + && cd /tmp/libgpg-error-1.50 + && sudo ./configure + && sudo make install + && curl -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 -o /tmp/libgcrypt-1.11.0.tar.bz2 + && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ + && cd /tmp/libgcrypt-1.11.0 + && sudo ./configure + && sudo make install + && sudo ldconfig - # - name: Checkout repository - # uses: actions/checkout@v4 - - # # Initializes the CodeQL tools for scanning. - # - name: Initialize CodeQL - # uses: github/codeql-action/init@v3 - # with: - # languages: ${{ matrix.language }} - # build-mode: ${{ matrix.build-mode }} - - # - if: matrix.build-mode == 'manual' - # shell: bash - # run: | - # bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING - - # analyze: - # name: Analyze Build_RHEL - # runs-on: ubuntu-latest - # permissions: - # # required for all workflows - # security-events: write - - # # required to fetch internal or private CodeQL packs - # packages: read - - # # only required for workflows in private repositories - # actions: read - # contents: read - - # env: - # BUILD_STRING: build_rhel.sh - - # strategy: - # fail-fast: false - # matrix: - # include: - # - language: c-cpp - # build-mode: manual - # # - language: python - # # build-mode: none - # steps: - # - name: Checkout repository - # uses: actions/checkout@v4 - - # - name: Update Dependencies - # run: | - # bash ${GITHUB_WORKSPACE}/support/scripts/update_env.sh - - # # Initializes the CodeQL tools for scanning. - # - name: Initialize CodeQL - # uses: github/codeql-action/init@v3 - # with: - # languages: ${{ matrix.language }} - # build-mode: ${{ matrix.build-mode }} - - # - if: matrix.build-mode == 'manual' - # shell: bash - # run: | - # bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING \ No newline at end of file + - name: Checkout repository + uses: actions/checkout@v4 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + build-mode: ${{ matrix.build-mode }} + + - if: matrix.build-mode == 'manual' + shell: bash + run: | + bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:${{matrix.language}}" + + build_rhel: + name: Analyze Build_RHEL + runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} + permissions: + # required for all workflows + security-events: write + + # required to fetch internal or private CodeQL packs + packages: read + + # only required for workflows in private repositories + actions: read + contents: read + + env: + BUILD_STRING: build_rhel.sh + + strategy: + fail-fast: false + matrix: + include: + - language: c-cpp + build-mode: manual + # - language: python + # build-mode: none + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Update Dependencies + run: | + bash ${GITHUB_WORKSPACE}/support/scripts/update_env.sh + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + build-mode: ${{ matrix.build-mode }} + + - if: matrix.build-mode == 'manual' + shell: bash + run: | + bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:${{matrix.language}}" \ No newline at end of file From fbf7dafb833bab540a933ce2080dbadd9d9562d6 Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 11 Sep 2024 20:46:36 +0000 Subject: [PATCH 170/174] [nasa/Cryptolib#291] CodeQL YML Refactor --- .github/workflows/codeql.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index bfa3feae..41b699e2 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -60,8 +60,13 @@ jobs: - if: matrix.build-mode == 'manual' shell: bash - run: | - bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING + run: > + sudo apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat python3 + bash ${GITHUB_WORKSPACE}/support/scripts/build_internal.sh + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:${{matrix.language}}" - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 From 275bac02f1ba3ed1a5e29de80fd241e6992ea5ab Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 11 Sep 2024 20:47:57 +0000 Subject: [PATCH 171/174] [nasa/Cryptolib#291] CodeQL YML Refactor --- .github/workflows/codeql.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 41b699e2..a413e654 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -119,9 +119,9 @@ jobs: bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 - with: - category: "/language:${{matrix.language}}" + uses: github/codeql-action/analyze@v3 + with: + category: "/language:${{matrix.language}}" build_wolf: name: Analyze Build_Wolf @@ -196,9 +196,9 @@ jobs: bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 - with: - category: "/language:${{matrix.language}}" + uses: github/codeql-action/analyze@v3 + with: + category: "/language:${{matrix.language}}" build_rhel: name: Analyze Build_RHEL @@ -246,6 +246,6 @@ jobs: bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 - with: - category: "/language:${{matrix.language}}" \ No newline at end of file + uses: github/codeql-action/analyze@v3 + with: + category: "/language:${{matrix.language}}" \ No newline at end of file From 07b25659b0eb8868f2599dfde14dbc5f1bfdafb1 Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 11 Sep 2024 20:51:18 +0000 Subject: [PATCH 172/174] [nasa/Cryptolib#291] CodeQL YML Refactor --- .github/workflows/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index a413e654..bf5b8008 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -60,7 +60,7 @@ jobs: - if: matrix.build-mode == 'manual' shell: bash - run: > + run: | sudo apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat python3 bash ${GITHUB_WORKSPACE}/support/scripts/build_internal.sh - name: Perform CodeQL Analysis From f40d8d814b133aed6c2afab9479efdac367bab72 Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 11 Sep 2024 20:57:49 +0000 Subject: [PATCH 173/174] [nasa/Cryptolib#291] CodeQL YML Refactor --- .github/workflows/codeql.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index bf5b8008..67cb8bf9 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -61,8 +61,8 @@ jobs: - if: matrix.build-mode == 'manual' shell: bash run: | - sudo apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat python3 - bash ${GITHUB_WORKSPACE}/support/scripts/build_internal.sh + bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING + - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 with: From 5106291dee6d988626a094a4d2e2c0f96695996c Mon Sep 17 00:00:00 2001 From: rjbrown2 Date: Wed, 11 Sep 2024 21:03:19 +0000 Subject: [PATCH 174/174] [nasa/Cryptolib#291] CodeQL YML Refactor --- .github/workflows/codeql.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 67cb8bf9..28357077 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -62,11 +62,6 @@ jobs: shell: bash run: | bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 - with: - category: "/language:${{matrix.language}}" - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3