diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 1c31e228..364b19fa 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,166 +1,118 @@ -name: Build +name: CryptoLib on: push: branches: [ main, dev ] pull_request: + branches: [ main, dev ] jobs: - debug_libgcrypt_build: - # The CMake configure and build commands are platform agnostic and should work equally well on Windows or Mac. - # You can convert this to a matrix build if you need cross-platform coverage. - # See: https://docs.github.com/en/free-pro-team@latest/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - - name: Update - run: sudo apt-get update - - - name: Install Dependencies - run: sudo apt-get install -y libgpg-error-dev libgcrypt20-dev libmariadb-dev libmariadb-dev-compat - - - name: Configure CMake - # Configure CMake in a 'build' subdirectory. `CMAKE_BUILD_TYPE` is only required if you are using a single-configuration generator such as make. - # See https://cmake.org/cmake/help/latest/variable/CMAKE_BUILD_TYPE.html?highlight=cmake_build_type - run: cmake -B ${{github.workspace}}/build -DDEBUG=1 -DMYSQL=0 -DLIBGCRYPT=1 -DKMCCRYPTO=0 - - - name: Build - # Build your program with the given configuration - run: cmake --build ${{github.workspace}}/build - - - name: Test - working-directory: ${{github.workspace}}/build - # Execute tests defined by the CMake configuration. - # See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail - run: ctest -C ${{env.BUILD_TYPE}} - libgcrypt_build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - - name: Update - run: sudo apt-get update - - - name: Install Dependencies - run: sudo apt-get install -y libgpg-error-dev libgcrypt20-dev libmariadb-dev libmariadb-dev-compat libcurl4-openssl-dev - - - name: Configure CMake - # Configure CMake in a 'build' subdirectory. `CMAKE_BUILD_TYPE` is only required if you are using a single-configuration generator such as make. - # See https://cmake.org/cmake/help/latest/variable/CMAKE_BUILD_TYPE.html?highlight=cmake_build_type - run: cmake -B ${{github.workspace}}/build -DDEBUG=0 -DMYSQL=0 -DLIBGCRYPT=1 -DKMCCRYPTO=0 - - - name: Build - # Build your program with the given configuration - run: cmake --build ${{github.workspace}}/build - - - name: Test - working-directory: ${{github.workspace}}/build - # Execute tests defined by the CMake configuration. - # See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail - run: ctest -C ${{env.BUILD_TYPE}} - - sql_libgcrypt_debug_build: + # + # Minimal Build + # + minimal_build: + # Container Setup runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - - name: Update run: sudo apt-get update - - name: Install Dependencies - run: sudo apt-get install -y libgpg-error-dev libgcrypt20-dev libmariadb-dev libmariadb-dev-compat libcurl4-openssl-dev - - - name: Configure CMake - # Configure CMake in a 'build' subdirectory. `CMAKE_BUILD_TYPE` is only required if you are using a single-configuration generator such as make. - # See https://cmake.org/cmake/help/latest/variable/CMAKE_BUILD_TYPE.html?highlight=cmake_build_type - run: cmake -B ${{github.workspace}}/build -DDEBUG=1 -DMYSQL=1 -DLIBGCRYPT=1 -DKMCCRYPTO=0 - - - name: Build - # Build your program with the given configuration - run: cmake --build ${{github.workspace}}/build - - - name: Test - working-directory: ${{github.workspace}}/build - # Execute tests defined by the CMake configuration. - # See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail - run: ctest -C ${{env.BUILD_TYPE}} + run: sudo apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat libgcrypt20-dev python3 + - name: Install Python Libraries + run: sudo pip install pycryptodome + # End Container Setup - sql_libgcrypt_build: + - name: Minimal Build Script + working-directory: ${{github.workspace}} + run: bash ${GITHUB_WORKSPACE}/support/scripts/build_minimal.sh + + # + # Internal Build + # + internal_build: + # Container Setup runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - - name: Update run: sudo apt-get update - - name: Install Dependencies - run: sudo apt-get install -y libgpg-error-dev libgcrypt20-dev libmariadb-dev libmariadb-dev-compat libcurl4-openssl-dev - - - name: Configure CMake - # Configure CMake in a 'build' subdirectory. `CMAKE_BUILD_TYPE` is only required if you are using a single-configuration generator such as make. - # See https://cmake.org/cmake/help/latest/variable/CMAKE_BUILD_TYPE.html?highlight=cmake_build_type - run: cmake -B ${{github.workspace}}/build -DDEBUG=0 -DMYSQL=1 -DLIBGCRYPT=1 -DKMCCRYPTO=0 - - - name: Build - # Build your program with the given configuration - run: cmake --build ${{github.workspace}}/build - - - name: Test - working-directory: ${{github.workspace}}/build - # Execute tests defined by the CMake configuration. - # See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail - run: ctest -C ${{env.BUILD_TYPE}} - - sql_libgcrypt_kmc_debug_build: + run: sudo apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat libgcrypt20-dev python3 + - name: Install Python Libraries + run: sudo pip install pycryptodome + # End Container Setup + + - name: Internal Build Script + working-directory: ${{github.workspace}} + run: bash ${GITHUB_WORKSPACE}/support/scripts/build_internal.sh + + - name: Code-Coverage + working-directory: ${{github.workspace}} + run: make gcov + + - name: Upload + uses: codecov/codecov-action@v3 + env: + CODECOV_TOKEN: 71699f25-12a3-44a4-8a83-be777b9e577a + with: + files: 'coverage/*.c.gcov' + + # + # KMC Build + # + kmc_build: + # Container Setup runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - - name: Update run: sudo apt-get update - - name: Install Dependencies - run: sudo apt-get install -y libgpg-error-dev libgcrypt20-dev libmariadb-dev libmariadb-dev-compat libcurl4-openssl-dev - - - name: Configure CMake - # Configure CMake in a 'build' subdirectory. `CMAKE_BUILD_TYPE` is only required if you are using a single-configuration generator such as make. - # See https://cmake.org/cmake/help/latest/variable/CMAKE_BUILD_TYPE.html?highlight=cmake_build_type - run: cmake -B ${{github.workspace}}/build -DDEBUG=1 -DMYSQL=1 -DLIBGCRYPT=1 -DKMCCRYPTO=1 - - - name: Build - # Build your program with the given configuration - run: cmake --build ${{github.workspace}}/build - - - name: Test - working-directory: ${{github.workspace}}/build - # Execute tests defined by the CMake configuration. - # See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail - run: ctest -C ${{env.BUILD_TYPE}} - - sql_libgcrypt_kmc_build: + run: sudo apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat libgcrypt20-dev python3 + - name: Install Python Libraries + run: sudo pip install pycryptodome + # End Container Setup + + - name: KMC Build Script + working-directory: ${{github.workspace}} + run: bash ${GITHUB_WORKSPACE}/support/scripts/build_kmc.sh + + # + # Wolf Build + # + wolf_build: + # Container Setup runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - - name: Update run: sudo apt-get update - - name: Install Dependencies - run: sudo apt-get install -y libgpg-error-dev libgcrypt20-dev libmariadb-dev libmariadb-dev-compat libcurl4-openssl-dev - - - name: Configure CMake - # Configure CMake in a 'build' subdirectory. `CMAKE_BUILD_TYPE` is only required if you are using a single-configuration generator such as make. - # See https://cmake.org/cmake/help/latest/variable/CMAKE_BUILD_TYPE.html?highlight=cmake_build_type - run: cmake -B ${{github.workspace}}/build -DDEBUG=0 -DMYSQL=1 -DLIBGCRYPT=1 -DKMCCRYPTO=1 - - - name: Build - # Build your program with the given configuration - run: cmake --build ${{github.workspace}}/build + run: sudo apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat libgcrypt20-dev python3 autoconf libtool + - name: Install Python Libraries + run: sudo pip install pycryptodome + - name: Clone WolfSSL + run: git clone --depth 1 --branch v5.6.0-stable https://github.com/wolfSSL/wolfssl.git /tmp/wolfssl - - name: Test - working-directory: ${{github.workspace}}/build - # Execute tests defined by the CMake configuration. - # See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail - run: ctest -C ${{env.BUILD_TYPE}} + # cmake -DCMAKE_INSTALL_PREFIX=/home/runner/.local -DWOLFSSL_AESCCM=yes -DWOLFSSL_AESSIV=yes -DWOLFSSL_CMAC=yes ..; + - name: Build WolfSSL + # -DCMAKE_INSTALL_PREFIX=/home/runner/.local + #run: cd /tmp/wolfssl/; + # sudo chown -R runner /usr/local; + # ./autogen.sh; + # ./configure --enable-aesccm --enable-aessiv --enable-cmac; + # make; + # make install; + #sudo chown -R runner /usr/local; + run: mkdir /tmp/wolfssl/build; + cd /tmp/wolfssl/build; + cmake -DWOLFSSL_AESCCM=yes -DWOLFSSL_AESSIV=yes -DWOLFSSL_CMAC=yes ..; + cmake --build .; + sudo make install; + sudo ldconfig; + # End Container Setup + + - name: Wolf Build Script + working-directory: ${{github.workspace}} + run: bash ${GITHUB_WORKSPACE}/support/scripts/build_wolf.sh diff --git a/.github/workflows/mariadb.yml b/.github/workflows/mariadb.yml deleted file mode 100644 index c64259d3..00000000 --- a/.github/workflows/mariadb.yml +++ /dev/null @@ -1,42 +0,0 @@ -# Disabling this test for now, as there is no local containerization. -#name: MDB Build -# -#on: -# push: -# branches: [ main,dev ] -# pull_request: -# -#jobs: -# mariadb_build: -# # The CMake configure and build commands are platform agnostic and should work equally well on Windows or Mac. -# # You can convert this to a matrix build if you need cross-platform coverage. -# # See: https://docs.github.com/en/free-pro-team@latest/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix -# runs-on: ubuntu-latest -# container: rbrown00/cryptolib:latest -# steps: -# - uses: actions/checkout@v2 -# - name: Configure CMake -# # Configure CMake in a 'build' subdirectory. `CMAKE_BUILD_TYPE` is only required if you are using a single-configuration generator such as make. -# # See https://cmake.org/cmake/help/latest/variable/CMAKE_BUILD_TYPE.html?highlight=cmake_build_type -# run: cmake -B ${{github.workspace}}/build -DDEBUG=1 -DMYSQL=1 -DLIBGCRYPT=1 -DKMCCRYPTO=0 -# -# - name: Build -# # Build your program with the given configuration -# run: cmake --build ${{github.workspace}}/build -# -# - name: Initailize SADB -# working-directory: ${{github.workspace}}/build -# #Maybe create a variable for this SQL location -# run: | -# cd /__w/CryptoLib/CryptoLib/src/crypto_sadb/sadb_mariadb_sql -# echo "----------------" -# /etc/init.d/mysql start -# mysql --host=localhost -uroot -pitc123! < delete_sadb.sql -# mysql --host=localhost -uroot -pitc123! < create_sadb.sql -# cd /__w/CryptoLib/CryptoLib/src/crypto_sadb/test_sadb_mariadb_sql -# mysql --host=localhost -uroot -pitc123! < create_sadb_unit_test_user_grant_permissions.sql -# mysql --host=localhost -uroot -pitc123! < create_sadb_jpl_unit_test_security_associations.sql -# cd /__w/CryptoLib/CryptoLib/build/bin -# ./ut_mariadb -# -# # mysql --host=localhost -uroot -pitc123! < create_sadb_unit_test_security_associations.sql diff --git a/.github/workflows/utest.yml b/.github/workflows/utest.yml deleted file mode 100644 index d36e4da9..00000000 --- a/.github/workflows/utest.yml +++ /dev/null @@ -1,86 +0,0 @@ -name: Unit Tests - -on: - push: - branches: [ main, dev ] - pull_request: - -env: - # Customize the CMake build type here (Release, Debug, RelWithDebInfo, etc.) - BUILD_TYPE: DEBUG - -jobs: - build: - # The CMake configure and build commands are platform agnostic and should work equally well on Windows or Mac. - # You can convert this to a matrix build if you need cross-platform coverage. - # See: https://docs.github.com/en/free-pro-team@latest/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - - name: Update - run: sudo apt-get update - - - name: Install Dependencies - run: sudo apt-get install -y libgpg-error-dev libgcrypt20-dev - - - name: Configure CMake - # Configure CMake in a 'build' subdirectory. `CMAKE_BUILD_TYPE` is only required if you are using a single-configuration generator such as make. - # See https://cmake.org/cmake/help/latest/variable/CMAKE_BUILD_TYPE.html?highlight=cmake_build_type - run: cmake -B ${{github.workspace}}/build -DCMAKE_BUILD_TYPE=${{env.BUILD_TYPE}} - - - name: Build - # Build your program with the given configuration - run: cmake --build ${{github.workspace}}/build --config ${{env.BUILD_TYPE}} - - - name: Test-TC_APPLY - working-directory: ${{github.workspace}}/build - # Execute tests defined by the CMake configuration. - # See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail - run: ${{github.workspace}}/build/bin/ut_tc_apply - - - name: Test-TC_PROCESS - working-directory: ${{github.workspace}}/build - # Execute tests defined by the CMake configuration. - # See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail - run: ${{github.workspace}}/build/bin/ut_tc_process - - - name: Test-TM_APPLY - working-directory: ${{github.workspace}}/build - # Execute tests defined by the CMake configuration. - # See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail - run: ${{github.workspace}}/build/bin/ut_tm_apply - - - name: Test-TM_PROCESS - working-directory: ${{github.workspace}}/build - # Execute tests defined by the CMake configuration. - # See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail - run: ${{github.workspace}}/build/bin/ut_tm_process - - - name: Test-CRYPTO_CONFIG - working-directory: ${{github.workspace}}/build - # Execute tests defined by the CMake configuration. - # See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail - run: ${{github.workspace}}/build/bin/ut_crypto_config - - - name: Test-CRYPTO - working-directory: ${{github.workspace}}/build - # Execute tests defined by the CMake configuration. - # See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail - run: ${{github.workspace}}/build/bin/ut_crypto - - - name: Test-CRYPTO_AOS - working-directory: ${{github.workspace}}/build - # Execute tests defined by the CMake configuration. - # See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail - run: ${{github.workspace}}/build/bin/ut_crypto_aos - - - name: Test-CRYPTO_MC - working-directory: ${{github.workspace}}/build - # Execute tests defined by the CMake configuration. - # See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail - run: ${{github.workspace}}/build/bin/ut_crypto_mc - - - diff --git a/.github/workflows/validation.yml b/.github/workflows/validation.yml deleted file mode 100644 index a62e6330..00000000 --- a/.github/workflows/validation.yml +++ /dev/null @@ -1,58 +0,0 @@ -name: Validation Tests - -on: - push: - branches: [ main, dev] - pull_request: - -env: - # Customize the CMake build type here (Release, Debug, RelWithDebInfo, etc.) - BUILD_TYPE: DEBUG - -jobs: - build: - # The CMake configure and build commands are platform agnostic and should work equally well on Windows or Mac. - # You can convert this to a matrix build if you need cross-platform coverage. - # See: https://docs.github.com/en/free-pro-team@latest/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - - name: Update - run: sudo apt-get update - - - name: Install Dependencies - run: sudo apt-get install -y libgpg-error-dev libgcrypt20-dev python3 lcov - - - name: Install Python Libraries - run: sudo pip install pycryptodome - - - name: Configure CMake - # Configure CMake in a 'build' subdirectory. `CMAKE_BUILD_TYPE` is only required if you are using a single-configuration generator such as make. - # See https://cmake.org/cmake/help/latest/variable/CMAKE_BUILD_TYPE.html?highlight=cmake_build_type - run: cmake -B ${{github.workspace}}/build -DCMAKE_BUILD_TYPE=${{env.BUILD_TYPE}} -DENCTEST=1 -DDEBUG=1 -DCODECOV=1 - - - name: Build - # Build your program with the given configuration - run: cmake --build ${{github.workspace}}/build --config ${{env.BUILD_TYPE}} - - - name: Test - working-directory: ${{github.workspace}}/build - # Execute tests defined by the CMake configuration. - # See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail - run: | - ${{github.workspace}}/build/bin/et_dt_validation - ctest -C ${{env.BUILD_TYPE}} - - - name: Code-Coverage - working-directory: ${{github.workspace}}/build - # Execute tests defined by the CMake configuration. - # See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail - run: make gcov - - - name: Upload - uses: codecov/codecov-action@v1 - with: - #files: ${{github.workspace}}/build/coverage/crypto_aos.c.gcov,${{github.workspace}}/build/coverage/crypto_config.c.gcov,${{github.workspace}}/build/coverage/crypto_mc.c.gcov,${{github.workspace}}/build/coverage/crypto_tc.c.gcov,${{github.workspace}}/build/coverage/crypto_user.c.gcov,${{github.workspace}}/build/coverage/crypto.c.gcov,${{github.workspace}}/build/coverage/crypto_key_mgmt.c.gcov,${{github.workspace}}/build/coverage/crypto_print.c.gcov,${{github.workspace}}/build/coverage/crypto_tm.c.gcov,${{github.workspace}}/build/coverage/sadb_routine_inmemory.template.c.gcov - files: 'coverage/*.c.gcov' diff --git a/.gitignore b/.gitignore index bd2709d5..a885fba5 100644 --- a/.gitignore +++ b/.gitignore @@ -1,28 +1,18 @@ +# +# Metadata +# +.vagrant +.vscode .idea -vgcore* -**core + +# +# Packages and Build Files +# +__pycache__ +*.dat *.so -build +build/ venv -*.dat -.vscode -__pycache__ - -#CMake.gitignore -CMakeLists.txt.user -CMakeCache.txt -CMakeFiles -CMakeScripts -Testing -Makefile -cmake_install.cmake -install_manifest.txt -compile_commands.json -CTestTestfile.cmake -cmake-build-debug -**.cbp -_deps - -DartConfiguration.tcl - -install +vgcore* +core.* +log.txt diff --git a/CMakeLists.txt b/CMakeLists.txt index b89b5c49..4a9b79b3 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -15,84 +15,89 @@ # NASA IV&V # jstar-development-team@mail.nasa.gov - -#cmake_minimum_required(VERSION 2.6.4) cmake_minimum_required(VERSION 3.14.0) -project(CRYPTO C) - +project(crypto C) + +# +# Define Build Flags +# The default value is captured in line, change with flag `-DXYZ=1` +# For flags with the same prefix, one or more may be enabled +# +option(CODECOV "Code Coverage" OFF) +option(CRYPTO_LIBGCRYPT "Cryptography Module - Libgcrypt" ON) +option(CRYPTO_KMC "Cryptography Module - KMC" OFF) +option(CRYPTO_WOLFSSL "Cryptography Module - WolfSSL" OFF) +option(DEBUG "Debug" OFF) +option(KEY_CUSTOM "Key Module - Custom" OFF) +option(KEY_INTERNAL "Key Module - Internal" ON) +option(KEY_KMC "Key Module - KMC" OFF) +option(MC_CUSTOM "Monitoring and Control - Custom" OFF) +option(MC_DISABLED "Monitoring and Control - Disabled" OFF) +option(MC_INTERNAL "Monitoring and Control - Internal" ON) +option(SA_CUSTOM "Security Association - Custom" OFF) +option(SA_INTERNAL "Security Association - Internal" ON) +option(SA_MARIADB "Security Association - MariaDB" OFF) +option(SUPPORT "Support" OFF) +option(SYSTEM_INSTALL "SystemInstall" OFF) +option(TEST "Test" OFF) +option(TEST_ENC "Tests - Encryption" OFF) -OPTION(DEBUG "Debug" OFF) # Disabled by default, enable with: -DDEBUG=ON -OPTION(MYSQL "Mysql" OFF) # Disabled by default, enable with: -DMYSQL=ON -OPTION(LIBGCRYPT "Libgcrypt" ON) # Enabled by default, disable with: -DLIBGCRYPT=OFF -OPTION(KMCCRYPTO "KmcCrypto" OFF) # Disabled by default, enable with: -DKMCCRYPTO=ON -OPTION(ENCTEST "Encryption-Tests" OFF) # Disabled by default, enable with: -DENCTEST=ON -OPTION(CODECOV "Code-Coverage" OFF) # Disabled by default, enable with: -DCODECOV=ON -OPTION(SYSTEM_INSTALL "SystemInstall" OFF) #Disabled by default, enable with: -DSYSTEM_INSTALL=ON OPTION(KMC_MDB_RH "KMC-MDB-RedHat-Integration-Testing" OFF) #Disabled by default, enable with: -DKMC_MDB_RH=ON OPTION(KMC_MDB_DB "KMC-MDB-Debian-Integration-Testing" OFF) #Disabled by default, enable with: -DKMC_MDB_DB=ON +OPTION(KMC_CFFI_EXCLUDE "KMC-Exclude-Problematic-CFFI-Code" OFF) #Disabled by default, enable with: -DKMC_CFFI_EXCLUDE=ON +# +# Build Flag Logic +# +if(CODECOV) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fprofile-arcs -ftest-coverage") +endif() -set(CMAKE_INSTALL_RPATH "$ORIGIN/../lib") -set(CMAKE_INSTALL_PREFIX ${PROJECT_SOURCE_DIR}/install) - -IF(CRYPTO_SUBMODULE_INSTALL) #If building CryptoLib as a submodule of another build system (EG, JPL KMC, Nasa NOS3, etc...) - set(CMAKE_INSTALL_PREFIX ${CRYPTO_SUBMODULE_INSTALL}) -ENDIF() - -IF(SYSTEM_INSTALL) - set(CMAKE_INSTALL_PREFIX /usr/local) -ENDIF() - - -IF(DEBUG) - ADD_DEFINITIONS(-DDEBUG -DOCF_DEBUG -DFECF_DEBUG -DSA_DEBUG -DPDU_DEBUG -DCCSDS_DEBUG -DTC_DEBUG -DMAC_DEBUG -DTM_DEBUG) +if(DEBUG) + add_definitions(-DDEBUG -DOCF_DEBUG -DFECF_DEBUG -DSA_DEBUG -DPDU_DEBUG -DCCSDS_DEBUG -DTC_DEBUG -DMAC_DEBUG -DTM_DEBUG -DAOS_DEBUG) add_compile_options(-ggdb) -ENDIF(DEBUG) - -IF(ENCTEST) - ADD_DEFINITIONS(-DENCTEST) -ENDIF(ENCTEST) +endif() IF(KMC_MDB_RH) ADD_DEFINITIONS(-DKMC_MDB_RH) + ADD_DEFINITIONS(-DKMC_CFFI_EXCLUDE) ENDIF(KMC_MDB_RH) IF(KMC_MDB_DB) ADD_DEFINITIONS(-DKMC_MDB_DB) + ADD_DEFINITIONS(-DKMC_CFFI_EXCLUDE) ENDIF(KMC_MDB_DB) -if(CMAKE_PROJECT_NAME STREQUAL PROJECT_NAME) - include(CTest) - enable_testing() +if(SYSTEM_INSTALL) + set(CMAKE_INSTALL_PREFIX /usr/local) +elseif(NOT DEFINED CFE_SYSTEM_PSPNAME) + # Not cFE / cFS + set(CMAKE_INSTALL_RPATH "$ORIGIN/../lib") + set(CMAKE_INSTALL_PREFIX ${PROJECT_SOURCE_DIR}/install) endif() -set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -pthread -Wall -Wextra -Werror -g -O0") - -if(CODECOV) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fprofile-arcs -ftest-coverage") +if(TEST_ENC) + # Can't run an additional set of tests without `TEST` enabled + set(TEST ON) endif() -include_directories(include) - -# The shared OSAL and cFE include directories should always be used -# Note that this intentionally does NOT include PSP-specific includes, just the generic -# Only include cFS/NOS3 directories if env var is defined -if(DEFINED ENV{CFECORE_SOURCE_DIR}) #if ${CFECORE_SOURCE_DIR} is set, expect cFS build infrastructure to be in place. - include_directories(${CFECORE_SOURCE_DIR}/src/inc) - include_directories(${CFEPSP_SOURCE_DIR}/fsw/inc) - ADD_DEFINITIONS(-DNOS3) -else() - #pass +if(TEST) + include(CTest) + enable_testing() endif() -if(NOT DEFINED ${PROJECT_BINARY_DIR}) - set(PROJECT_BINARY_DIR ${CMAKE_CURRENT_SOURCE_DIR}/build) -endif() +# +# Project Specifics +# +set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Werror -g -O0") +include_directories(include) add_subdirectory(src) -if((CMAKE_PROJECT_NAME STREQUAL PROJECT_NAME OR MYPROJECT_BUILD_TESTING) AND BUILD_TESTING) - add_subdirectory(test) +if(SUPPORT) + add_subdirectory(support) endif() -add_subdirectory(util) +if(TEST) + add_subdirectory(test) +endif() diff --git a/README.md b/README.md index 52eeef79..6e7da057 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,5 @@ -![Build](https://github.com/nasa/CryptoLib/actions/workflows/build.yml/badge.svg) ![Unit Tests](https://github.com/nasa/CryptoLib/actions/workflows/utest.yml/badge.svg) ![Validation Tests](https://github.com/nasa/CryptoLib/actions/workflows/validation.yml/badge.svg) ![MariaDB Tests](https://github.com/nasa/CryptoLib/actions/workflows/mariadb.yml/badge.svg) [![CodeCov](https://codecov.io/gh/nasa/CryptoLib/branch/collab_main/graph/badge.svg?token=KCOMCQO0ZU)](https://codecov.io/gh/nasa/CryptoLib) +![Build](https://github.com/nasa/CryptoLib/actions/workflows/build.yml/badge.svg) +[![CodeCov](https://codecov.io/gh/nasa/CryptoLib/branch/main/graph/badge.svg?token=KCOMCQO0ZU)](https://codecov.io/gh/nasa/CryptoLib) # CryptoLib @@ -7,3 +8,8 @@ Provide a software-only solution using the CCSDS Space Data Link Security Protoc More information about building and usage of CryptoLib can be found within the repository Wiki: https://github.com/nasa/CryptoLib/wiki +# Contributions + +Please open an issue or discussion if you find any problems or have questions. We are a small team, but will try to respond in a timely fashion. + +If you would like to contribute to the repository, please complete the [CryptoLib_Indv_CLA](./doc/CryptoLib_Indv_CLA.pdf) form and submit it to gsfc-softwarerequest@mail.nasa.gov with John.P.Lucas@nasa.gov copied. Next please create an issue capturing work to be done noting you intend to work it, a related branch, and submit a pull request when ready and we'll work to get it integrated. diff --git a/codecov.yml b/codecov.yml index a6ae2133..9f00e1a0 100644 --- a/codecov.yml +++ b/codecov.yml @@ -1,13 +1,11 @@ ignore: - - "util/src_util/process_security.c" - - "util/src_util/ut_mysql_tls_connection.c" - - "util/src_util/ut_mysql_m_tls_connection.c" - - "util/src_util/ut_kmc_crypto.c" - - "util/src_util/ut_kmc_crypto_aes_cmac.c" - - "util/src_util/apply_security.c" - - "util/src_util/crypto_sequence.c" - - "util/include/utest.h" - - "util/core/shared_util.c" - - "src/src_main/crypto_print.c" - - "src/src_feature_stubs/cryptography_kmc_stub/cryptography_interface_kmc.stub.c" - - "src/src_feature_stubs/mysql_stub/sadb_routine_mariadb.stub.c" + - "src/crypto/kmc/*" + - "src/crypto/kmc_stub/*" + - "src/crypto/libgcrypt_stub/*" + - "src/sa/internal_stub/*" + - "src/sa/mariadb/*" + - "src/sa/mariadb_stub/*" + - "src/sa/sa_mariadb_sql/*" + - "src/sa/test_sa_mariadb_sql/*" + - "support/*" + - "test/*" \ No newline at end of file diff --git a/doc/CryptoLib_Indv_CLA.pdf b/doc/CryptoLib_Indv_CLA.pdf new file mode 100644 index 00000000..3f003e92 Binary files /dev/null and b/doc/CryptoLib_Indv_CLA.pdf differ diff --git a/include/crypto.h b/include/crypto.h index b5d7527b..a153b774 100644 --- a/include/crypto.h +++ b/include/crypto.h @@ -16,8 +16,8 @@ jstar-development-team@mail.nasa.gov */ -#ifndef _crypto_h_ -#define _crypto_h_ +#ifndef CRYPTO_H +#define CRYPTO_H /* ** Crypto Includes @@ -30,21 +30,25 @@ #include #endif +#include #include "crypto_config.h" #include "crypto_config_structs.h" #include "crypto_error.h" #include "crypto_events.h" #include "crypto_print.h" #include "crypto_structs.h" -#include "sadb_routine.h" +#include "sa_interface.h" #include "cryptography_interface.h" +#include "key_interface.h" +#include "mc_interface.h" +#include "sa_interface.h" /* ** Crypto Version */ #define CRYPTO_LIB_MAJOR_VERSION 1 #define CRYPTO_LIB_MINOR_VERSION 2 -#define CRYPTO_LIB_REVISION 1 +#define CRYPTO_LIB_REVISION 2 #define CRYPTO_LIB_MISSION_REV 0 /* @@ -57,9 +61,11 @@ */ // Crypto Library Configuration functions -extern int32_t Crypto_Config_CryptoLib(uint8_t sadb_type, uint8_t cryptography_type, uint8_t crypto_create_fecf, uint8_t process_sdls_pdus, +extern int32_t Crypto_Config_CryptoLib(uint8_t key_type, uint8_t mc_type, uint8_t sa_type, uint8_t cryptography_type, + uint8_t iv_type, uint8_t crypto_create_fecf, uint8_t process_sdls_pdus, uint8_t has_pus_hdr, uint8_t ignore_sa_state, uint8_t ignore_anti_replay, - uint8_t unique_sa_per_mapid, uint8_t crypto_check_fecf, uint8_t vcid_bitmask, uint8_t crypto_increment_nontransmitted_iv); + uint8_t unique_sa_per_mapid, uint8_t crypto_check_fecf, uint8_t vcid_bitmask, + uint8_t crypto_increment_nontransmitted_iv); extern int32_t Crypto_Config_MariaDB(char* mysql_hostname, char* mysql_database, uint16_t mysql_port, uint8_t mysql_require_secure_transport, uint8_t mysql_tls_verify_server, char* mysql_tls_ca, char* mysql_tls_capath, char* mysql_mtls_cert, @@ -72,16 +78,19 @@ extern int32_t Crypto_Config_Kmc_Crypto_Service(char* protocol, char* kmc_crypto char* mtls_client_key_pass, char* mtls_issuer_cert); extern int32_t Crypto_Config_Cam(uint8_t cam_enabled, char* cookie_file_path, char* keytab_file_path, uint8_t login_method, char* access_manager_uri, char* username, char* cam_home); extern int32_t Crypto_Config_Add_Gvcid_Managed_Parameter(uint8_t tfvn, uint16_t scid, uint8_t vcid, uint8_t has_fecf, - uint8_t has_segmentation_hdr, uint16_t max_frame_size); + uint8_t has_segmentation_hdr, uint16_t max_frame_size, uint8_t aos_has_fhec, + uint8_t aos_has_iz, uint16_t aos_iz_len); // Initialization extern int32_t Crypto_Init(void); // Initialize CryptoLib After Configuration Calls extern int32_t Crypto_Init_With_Configs( CryptoConfig_t* crypto_config_p, GvcidManagedParameters_t* gvcid_managed_parameters_p, - SadbMariaDBConfig_t* sadb_mariadb_config_p, + SadbMariaDBConfig_t* sa_mariadb_config_p, CryptographyKmcCryptoServiceConfig_t* cryptography_kmc_crypto_config_p); // Initialize CryptoLib With Application Defined Configuration +extern int32_t Crypto_TC_Init(void); extern int32_t Crypto_Init_TC_Unit_Test(void); // Initialize CryptoLib with unit test default Configurations extern int32_t Crypto_Init_TM_Unit_Test(void); // Initialize CryptoLib with unit test default Configurations +extern int32_t Crypto_Init_AOS_Unit_Test(void); // Initialize CryptoLib with unit test default Configurations // Cleanup extern int32_t Crypto_Shutdown(void); // Free all allocated memory @@ -94,11 +103,11 @@ extern int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint uint8_t** pp_enc_frame, uint16_t* p_enc_frame_len, char* cam_cookies); extern int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t* ingest, int *len_ingest, TC_t* tc_sdls_processed_frame, char* cam_cookies); // Telemetry (TM) -extern int32_t Crypto_TM_ApplySecurity(SecurityAssociation_t *sa_ptr); -extern int32_t Crypto_TM_ProcessSecurity(const uint8_t* p_ingest, const uint16_t len_ingest, uint8_t** pp_processed_frame, uint16_t *p_decrypted_length); +extern int32_t Crypto_TM_ApplySecurity(uint8_t* pTfBuffer); +extern int32_t Crypto_TM_ProcessSecurity(uint8_t* p_ingest, uint16_t len_ingest, uint8_t** pp_processed_frame, uint16_t *p_decrypted_length); // Advanced Orbiting Systems (AOS) -extern int32_t Crypto_AOS_ApplySecurity(uint8_t* ingest, int *len_ingest); -extern int32_t Crypto_AOS_ProcessSecurity(uint8_t* ingest, int *len_ingest); +extern int32_t Crypto_AOS_ApplySecurity(uint8_t* pTfBuffer); +extern int32_t Crypto_AOS_ProcessSecurity(uint8_t* p_ingest, uint16_t len_ingest, uint8_t** pp_processed_frame, uint16_t* p_decrypted_length); // Crypo Error Support Functions extern char* Crypto_Get_Error_Code_Enum_String(int32_t crypto_error_code); @@ -111,10 +120,11 @@ extern int32_t Crypto_increment(uint8_t* num, int length); // int32_t Crypto_Get_tcPayloadLength(TC_t* tc_frame, SecurityAssociation_t* sa_ptr); int32_t Crypto_Get_tmLength(int len); uint8_t Crypto_Is_AEAD_Algorithm(uint32_t cipher_suite_id); -uint8_t* Crypto_Prepare_TC_AAD(uint8_t* buffer, uint16_t len_aad, uint8_t* abm_buffer); void Crypto_TM_updatePDU(uint8_t* ingest, int len_ingest); void Crypto_TM_updateOCF(void); +uint8_t* Crypto_Prepare_TC_AAD(uint8_t* buffer, uint16_t len_aad, uint8_t* abm_buffer); uint32_t Crypto_Prepare_TM_AAD(const uint8_t* buffer, uint16_t len_aad, const uint8_t* abm_buffer, uint8_t* aad); +uint32_t Crypto_Prepare_AOS_AAD(const uint8_t* buffer, uint16_t len_aad, const uint8_t* abm_buffer, uint8_t* aad); void Crypto_Local_Config(void); void Crypto_Local_Init(void); // int32_t Crypto_gcm_err(int gcm_err); @@ -157,13 +167,18 @@ int32_t Crypto_User_ModifyVCID(void); int32_t Crypto_Process_Extended_Procedure_Pdu(TC_t* tc_sdls_processed_frame, uint8_t* ingest); int32_t Crypto_PDU(uint8_t* ingest, TC_t* tc_frame); +// Helper length functions +int32_t Crypto_Get_Security_Header_Length(SecurityAssociation_t* sa_ptr); +int32_t Crypto_Get_Security_Trailer_Length(SecurityAssociation_t* sa_ptr); + // Managed Parameter Functions int32_t Crypto_Get_Managed_Parameters_For_Gvcid(uint8_t tfvn, uint16_t scid, uint8_t vcid, GvcidManagedParameters_t* managed_parameters_in, GvcidManagedParameters_t** managed_parameters_out); int32_t crypto_config_add_gvcid_managed_parameter_recursion(uint8_t tfvn, uint16_t scid, uint8_t vcid, uint8_t has_fecf, uint8_t has_segmentation_hdr, - uint16_t max_frame_size, + uint16_t max_frame_size, uint8_t aos_has_fhec, + uint8_t aos_has_iz, uint16_t aos_iz_len, GvcidManagedParameters_t* managed_parameter); void Crypto_Free_Managed_Parameters(GvcidManagedParameters_t* managed_parameters); @@ -179,26 +194,31 @@ extern CCSDS_t sdls_frame; extern uint8_t tm_frame[1786]; extern TM_FramePrimaryHeader_t tm_frame_pri_hdr; extern TM_FrameSecurityHeader_t tm_frame_sec_hdr; // Used to reduce bit math duplication +// exterm AOS_t aos_frame +extern AOS_FramePrimaryHeader_t aos_frame_pri_hdr; +extern AOS_FrameSecurityHeader_t aos_frame_sec_hdr; // Used to reduce bit math duplication // Global configuration structs -extern CryptoConfig_t* crypto_config; -extern SadbMariaDBConfig_t* sadb_mariadb_config; +extern CryptoConfig_t crypto_config; +extern SadbMariaDBConfig_t* sa_mariadb_config; extern CryptographyKmcCryptoServiceConfig_t* cryptography_kmc_crypto_config; extern CamConfig_t* cam_config; extern GvcidManagedParameters_t* gvcid_managed_parameters; extern GvcidManagedParameters_t* current_managed_parameters; -extern SadbRoutine sadb_routine; +extern KeyInterface key_if; +extern McInterface mc_if; +extern SaInterface sa_if; extern CryptographyInterface cryptography_if; // extern crypto_key_t ak_ring[NUM_KEYS]; extern CCSDS_t sdls_frame; -extern SadbMariaDBConfig_t* sadb_mariadb_config; +extern SadbMariaDBConfig_t* sa_mariadb_config; extern GvcidManagedParameters_t* gvcid_managed_parameters; extern GvcidManagedParameters_t* current_managed_parameters; // OCF extern uint8_t ocf; extern SDLS_FSR_t report; -extern TM_FrameCLCW_t clcw; +extern Telemetry_Frame_Clcw_t clcw; // Flags extern SDLS_MC_LOG_RPLY_t log_summary; extern SDLS_MC_DUMP_BLK_RPLY_t mc_log; @@ -213,4 +233,4 @@ extern uint8_t badFECF; extern uint32_t crc32Table[256]; extern uint16_t crc16Table[256]; -#endif // _crypto_h_z \ No newline at end of file +#endif //CRYPTO_H \ No newline at end of file diff --git a/include/crypto_config.h b/include/crypto_config.h index b3307cc5..bb252475 100644 --- a/include/crypto_config.h +++ b/include/crypto_config.h @@ -15,8 +15,8 @@ NASA IV&V jstar-development-team@mail.nasa.gov */ -#ifndef _crypto_config_h_ -#define _crypto_config_h_ +#ifndef CRYPTO_CONFIG_H +#define CRYPTO_CONFIG_H // Build Defines //#define BUILD_STATIC @@ -61,7 +61,7 @@ #define TC_MAX_FRAME_SIZE 1024 // Spacecraft Defines -#define SCID 0x0003 //44 //0x0003 // 0xC3D2 +#define SCID 0x0003 // Functionality Defines #define INCREMENT @@ -117,14 +117,15 @@ #define IV_SIZE 16 /* TM IV size bytes */ #define IV_SIZE_TC 4 /* TC IV size bytes */ #define OCF_SIZE 4 -#define MAC_SIZE 16 /* bytes */ /* Deprecated, todo - remove throughout & use SA mac field specification */ +#define MAC_SIZE 16 /* bytes */ #define FECF_SIZE 2 -#define SEGMENT_HDR_SIZE 1 -#define ECS_SIZE 4 /* bytes */ -#define ABM_SIZE 1024 // 20 /* bytes */ -#define ARSN_SIZE 20 /* total messages */ -#define ARSNW_SIZE 1 /* bytes */ -#define SN_SIZE 0 +#define TC_SEGMENT_HDR_SIZE 1 +#define ECS_SIZE 4 /* bytes */ +#define ABM_SIZE 1786 /* bytes */ +#define ARSN_SIZE 20 /* total messages */ +#define ARSNW_SIZE 1 /* bytes */ +#define SN_SIZE 16 /* bytes */ +#define PAD_SIZE 32 /* bytes */ #define CHALLENGE_SIZE 16 /* bytes */ #define CHALLENGE_MAC_SIZE 16 /* bytes */ @@ -136,33 +137,33 @@ // Procedure Identification (PID) // Service Group - Key Management -#define SG_KEY_MGMT 0b00 -#define PID_OTAR 0b0001 -#define PID_KEY_ACTIVATION 0b0010 -#define PID_KEY_DEACTIVATION 0b0011 -#define PID_KEY_VERIFICATION 0b0100 -#define PID_KEY_DESTRUCTION 0b0110 -#define PID_KEY_INVENTORY 0b0111 +#define SG_KEY_MGMT 0x00 // 0b00 +#define PID_OTAR 0x01 // 0b0001 +#define PID_KEY_ACTIVATION 0x02 // 0b0010 +#define PID_KEY_DEACTIVATION 0x03 //0b0011 +#define PID_KEY_VERIFICATION 0x04 // 0b0100 +#define PID_KEY_DESTRUCTION 0x06 // 0b0110 +#define PID_KEY_INVENTORY 0x07 // 0b0111 // Service Group - Security Association Management -#define SG_SA_MGMT 0b01 -#define PID_CREATE_SA 0b0001 -#define PID_REKEY_SA 0b0110 -#define PID_START_SA 0b1011 -#define PID_STOP_SA 0b1110 -#define PID_EXPIRE_SA 0b1001 -#define PID_DELETE_SA 0b0100 -#define PID_SET_ARSN 0b1010 -#define PID_SET_ARSNW 0b0101 -#define PID_READ_ARSN 0b0000 -#define PID_SA_STATUS 0b1111 +#define SG_SA_MGMT 0x01 // 0b01 +#define PID_CREATE_SA 0x01 //0b0001 +#define PID_REKEY_SA 0x05 //0b0110 +#define PID_START_SA 0x0B //0b1011 +#define PID_STOP_SA 0x0E // 0b1110 +#define PID_EXPIRE_SA 0x09 // 0b1001 +#define PID_DELETE_SA 0x04 // 0b0100 +#define PID_SET_ARSN 0x0A //0b1010 +#define PID_SET_ARSNW 0x06 // 0b0101 +#define PID_READ_ARSN 0x00 // 0b0000 +#define PID_SA_STATUS 0x0F // 0b1111 // Service Group - Security Monitoring & Control -#define SG_SEC_MON_CTRL 0b11 -#define PID_PING 0b0001 -#define PID_LOG_STATUS 0b0010 -#define PID_DUMP_LOG 0b0011 -#define PID_ERASE_LOG 0b0100 -#define PID_SELF_TEST 0b0101 -#define PID_ALARM_FLAG 0b0111 +#define SG_SEC_MON_CTRL 0x03 // 0b11 +#define PID_PING 0x01 // 0b0001 +#define PID_LOG_STATUS 0x02 //0b0010 +#define PID_DUMP_LOG 0x03 // 0b0011 +#define PID_ERASE_LOG 0x04 // 0b0100 +#define PID_SELF_TEST 0x05 // 0b0101 +#define PID_ALARM_FLAG 0x07 // 0b0111 // TC Defines #define TC_SH_SIZE 8 /* bits */ @@ -174,16 +175,30 @@ #define TLV_DATA_SIZE 494 /* bytes */ // TM Defines -#define TM_FRAME_DATA_SIZE 1740 /* bytes */ +#define TM_FRAME_DATA_SIZE 1786 /* bytes */ #define TM_FILL_SIZE 1145 /* bytes */ #define TM_PAD_SIZE 2 /* bytes */ +// AOS Defines +#define AOS_FRAME_DATA_SIZE 1786 /* bytes */ +#define AOS_FILL_SIZE 1145 /* bytes */ + // TC Behavior Defines #define TC_SDLS_EP_VCID \ 4 // VCID which has SDLS PDUs (JPL uses VCIDs to determine TC type, there is no space packet layer with APIDs). Set // to -1 if uses SP APIDs. +// TM Behavior Defines +#define TM_CADU_HAS_ASM 1 // Skip 0x1acffc1d at beginning of each frame +// TM CADU based on ASM, currently only holds non-turbo ASM +#ifdef TM_CADU_HAS_ASM + #define TM_CADU_SIZE (TM_FRAME_DATA_SIZE + 6) +#else + #define TM_CADU_SIZE TM_FRAME_DATA_SIZE +#endif + // Logic Behavior Defines #define CRYPTO_FALSE 0 #define CRYPTO_TRUE 1 -#endif \ No newline at end of file + +#endif //CRYPTO_CONFIG_H \ No newline at end of file diff --git a/include/crypto_config_structs.h b/include/crypto_config_structs.h index 23b18d76..d175bfa5 100644 --- a/include/crypto_config_structs.h +++ b/include/crypto_config_structs.h @@ -15,8 +15,8 @@ ITC Team NASA IV&V ivv-itc@lists.nasa.gov */ -#ifndef _crypto_config_structs_h_ -#define _crypto_config_structs_h_ +#ifndef CRYPTO_CONFIG_STRUCTS_H +#define CRYPTO_CONFIG_STRUCTS_H #include "crypto_config.h" @@ -29,42 +29,101 @@ ivv-itc@lists.nasa.gov // main config enums typedef enum { - SADB_TYPE_INMEMORY, - SADB_TYPE_MARIADB + UNITIALIZED = 0, + INITIALIZED +} InitStatus; +typedef enum +{ + KEY_TYPE_UNITIALIZED = 0, + KEY_TYPE_CUSTOM, + KEY_TYPE_INTERNAL, + KEY_TYPE_KMC +} KeyType; +typedef enum +{ + MC_TYPE_UNITIALIZED = 0, + MC_TYPE_CUSTOM, + MC_TYPE_DISABLED, + MC_TYPE_INTERNAL +} McType; +typedef enum +{ + SA_TYPE_UNITIALIZED = 0, + SA_TYPE_CUSTOM, + SA_TYPE_INMEMORY, + SA_TYPE_MARIADB } SadbType; typedef enum { + CRYPTOGRAPHY_TYPE_UNITIALIZED = 0, CRYPTOGRAPHY_TYPE_LIBGCRYPT, - CRYPTOGRAPHY_TYPE_KMCCRYPTO + CRYPTOGRAPHY_TYPE_KMCCRYPTO, + CRYPTOGRAPHY_TYPE_WOLFSSL } CryptographyType; -// gvcid managed parameter enums +/*************************************** +** GVCID Managed Parameter enums +****************************************/ +typedef enum +{ + IV_INTERNAL, + IV_CRYPTO_MODULE +} IvType; typedef enum { TC_NO_FECF, TC_HAS_FECF, TM_NO_FECF, - TM_HAS_FECF + TM_HAS_FECF, + AOS_NO_FECF, + AOS_HAS_FECF } FecfPresent; typedef enum { CRYPTO_TC_CREATE_FECF_FALSE, CRYPTO_TC_CREATE_FECF_TRUE, CRYPTO_TM_CREATE_FECF_FALSE, - CRYPTO_TM_CREATE_FECF_TRUE + CRYPTO_TM_CREATE_FECF_TRUE, + CRYPTO_AOS_CREATE_FECF_FALSE, + CRYPTO_AOS_CREATE_FECF_TRUE } CreateFecfBool; typedef enum +{ + AOS_FHEC_NA, + AOS_NO_FHEC, + AOS_HAS_FHEC +} AosFhecPresent; +typedef enum +{ + AOS_IZ_NA, + AOS_NO_IZ, + AOS_HAS_IZ +} AosInsertZonePresent; +typedef enum { TC_CHECK_FECF_FALSE, TC_CHECK_FECF_TRUE, TM_CHECK_FECF_FALSE, - TM_CHECK_FECF_TRUE + TM_CHECK_FECF_TRUE, + AOS_CHECK_FECF_FALSE, + AOS_CHECK_FECF_TRUE } CheckFecfBool; -// TC specific enums +typedef enum +{ + AOS_NO_OCF, + AOS_HAS_OCF, + TC_OCF_NA, + TM_NO_OCF, + TM_HAS_OCF +} OcfPresent; +/*************************************** +** TC specific enums +****************************************/ typedef enum { TC_NO_SEGMENT_HDRS, TC_HAS_SEGMENT_HDRS, - TM_SEGMENT_HDRS_NA + TM_SEGMENT_HDRS_NA, // Invalid for TM + AOS_SEGMENT_HDRS_NA // Invalid for AOS } TcSegmentHdrsPresent; typedef enum { @@ -96,15 +155,9 @@ typedef enum SA_INCREMENT_NONTRANSMITTED_IV_FALSE, SA_INCREMENT_NONTRANSMITTED_IV_TRUE } SaIncrementNonTransmittedIvPortion; -// TM specific enums -typedef enum -{ - AOS_NO_OCF, - AOS_HAS_OCF, - TC_OCF_NA, - TM_NO_OCF, - TM_HAS_OCF -} OcfPresent; +/*************************************** +** Telemetry specific enums +****************************************/ typedef enum { TM_NO_SECONDARY_HDR, @@ -146,8 +199,12 @@ typedef enum */ typedef struct { - SadbType sadb_type; + InitStatus init_status; + KeyType key_type; + McType mc_type; + SadbType sa_type; CryptographyType cryptography_type; + IvType iv_type; // Whether or not CryptoLib should generate the IV CreateFecfBool crypto_create_fecf; // Whether or not CryptoLib is expected to calculate TC FECFs and return // payloads with the FECF TcProcessSdlsPdus process_sdls_pdus; // Config to process SDLS extended procedure PDUs in CryptoLib @@ -168,6 +225,9 @@ struct _GvcidManagedParameters_t uint16_t scid : 10; // SpacecraftID uint8_t vcid : 6; // Virtual Channel ID FecfPresent has_fecf; + AosFhecPresent aos_has_fhec; + AosInsertZonePresent aos_has_iz; + uint16_t aos_iz_len; TcSegmentHdrsPresent has_segmentation_hdr; uint16_t max_frame_size; // Maximum TC/TM Frame Length with headers OcfPresent has_ocf; @@ -233,5 +293,4 @@ typedef struct } CamConfig_t; #define CAM_CONFIG_SIZE (sizeof(CamConfig_t)) - -#endif \ No newline at end of file +#endif //CRYPTO_CONFIG_STRUCTS_H \ No newline at end of file diff --git a/include/crypto_error.h b/include/crypto_error.h index 083e3fab..7d29a751 100644 --- a/include/crypto_error.h +++ b/include/crypto_error.h @@ -15,8 +15,8 @@ NASA IV&V jstar-development-team@mail.nasa.gov */ -#ifndef _crypto_error_h_ -#define _crypto_error_h_ +#ifndef CRYPTO_ERROR_H +#define CRYPTO_ERROR_H /* * If error codes are added to this header file, their enum string must be added to the error lists (in crypto_error.c) @@ -116,16 +116,20 @@ #define CRYPTO_LIB_ERR_UNSUPPORTED_MODE (-44) #define CRYPTO_LIB_ERR_INPUT_FRAME_TOO_SHORT_FOR_TM_STANDARD (-45) #define CRYPTO_LIB_ERR_TC_ENUM_USED_FOR_TM_CONFIG (-46) +#define CRYPTO_LIB_ERR_KEY_ID_ERROR (-47) +#define CRYPTO_LIB_ERR_MC_INIT (-48) +#define CRYPTO_LIB_ERR_INPUT_FRAME_TOO_SHORT_FOR_AOS_STANDARD (-49) +#define CRYPTO_LIB_ERR_TC_ENUM_USED_FOR_AOS_CONFIG (-50) extern char *crypto_enum_errlist_core[]; extern char *crypto_enum_errlist_config[]; -extern char *crypto_enum_errlist_sadb_if[]; -extern char *crypto_enum_errlist_sadb_mariadb[]; +extern char *crypto_enum_errlist_sa_if[]; +extern char *crypto_enum_errlist_sa_mariadb[]; extern char *crypto_enum_errlist_crypto_if[]; extern char *crypto_enum_errlist_crypto_kmc[]; extern char *crypto_enum_errlist_crypto_cam[]; -#define CRYPTO_UNDEFINED_ERROR "CRYPTO_UNDEFINED_ERROR_CODE" +#define CRYPTO_UNDEFINED_ERROR (char*) "CRYPTO_UNDEFINED_ERROR_CODE" -#endif //_crypto_error_h_ \ No newline at end of file +#endif //CRYPTO_ERROR_H \ No newline at end of file diff --git a/include/crypto_events.h b/include/crypto_events.h index 6c68c2fe..1d65689f 100644 --- a/include/crypto_events.h +++ b/include/crypto_events.h @@ -15,8 +15,8 @@ NASA IV&V jstar-development-team@mail.nasa.gov */ -#ifndef _crypto_events_h_ -#define _crypto_events_h_ +#ifndef CRYPTO_EVENTS_H +#define CRYPTO_EVENTS_H #define FECF_ERR_EID 0 #define MKID_INVALID_EID 1 @@ -29,4 +29,4 @@ #define STARTUP 10 -#endif \ No newline at end of file +#endif //CRYPTO_EVENTS_H \ No newline at end of file diff --git a/include/crypto_print.h b/include/crypto_print.h index 2052c8bf..8e6e299a 100644 --- a/include/crypto_print.h +++ b/include/crypto_print.h @@ -16,8 +16,8 @@ jstar-development-team@mail.nasa.gov */ -#ifndef _crypto_print_h_ -#define _crypto_print_h_ +#ifndef CRYPTO_PRINT_H +#define CRYPTO_PRINT_H /* ** Includes @@ -30,11 +30,12 @@ */ void Crypto_tcPrint(TC_t* tc_frame); void Crypto_tmPrint(TM_t* tm_frame); -void Crypto_clcwPrint(TM_FrameCLCW_t* clcw); +void Crypto_clcwPrint(Telemetry_Frame_Clcw_t* clcw); void Crypto_fsrPrint(SDLS_FSR_t* report); void Crypto_ccsdsPrint(CCSDS_t* sdls_frame); void Crypto_saPrint(SecurityAssociation_t* sa); void Crypto_hexprint(const void* c, size_t n); void Crypto_binprint(void* c, size_t n); void Crypto_mpPrint(GvcidManagedParameters_t* managed_parameters, uint8_t print_children); -#endif + +#endif //CRYPTO_PRINT_H diff --git a/include/crypto_structs.h b/include/crypto_structs.h index a978988a..584ae7e0 100644 --- a/include/crypto_structs.h +++ b/include/crypto_structs.h @@ -16,8 +16,8 @@ jstar-development-team@mail.nasa.gov */ -#ifndef _crypto_structs_h_ -#define _crypto_structs_h_ +#ifndef CRYPTO_STRUCTS_H +#define CRYPTO_STRUCTS_H #include "crypto_config.h" @@ -25,19 +25,15 @@ #include "common_types.h" #else // Assume build outside of NOS3/cFS infrastructure #include +#ifndef KMC_CFFI_EXCLUDE // Exclude libraries that CFFI parser can’t process +#include +#include +#endif #endif /* -** Key Definitions +** Definitions */ -typedef struct -{ - uint8_t value[KEY_SIZE]; - uint32_t key_len; - uint8_t key_state : 4; -} crypto_key_t; -#define CRYPTO_KEY_SIZE (sizeof(crypto_key_t)) - typedef struct { // Global Virtual Channel ID / Global MAP ID uint8_t tfvn : 4; // Transfer Frame Version Number @@ -70,18 +66,18 @@ typedef struct uint8_t shsnf_len : 6; // Sec. Header SN Field Length uint8_t shplf_len : 2; // Sec. Header PL Field Length uint8_t stmacf_len : 8; // Sec. Trailer MAC Field Length - uint8_t* ecs; // Encryption Cipher Suite (algorithm / mode ID) + uint8_t ecs; // Encryption Cipher Suite (algorithm / mode ID) uint8_t ecs_len : 8; // Encryption Cipher Suite Length - uint8_t* iv; // Initialization Vector + uint8_t iv[IV_SIZE]; // Initialization Vector uint8_t iv_len; // Length of entire IV uint8_t acs_len : 8; // Authentication Cipher Suite Length - uint8_t* acs; // Authentication Cipher Suite (algorithm / mode ID) + uint8_t acs; // Authentication Cipher Suite (algorithm / mode ID) uint16_t abm_len : 16; // Authentication Bit Mask Length - uint8_t* abm; // Authentication Bit Mask (Primary Hdr. through Security Hdr.) - uint8_t arsn_len : 8; // Anti-Replay Seq Num Length - uint8_t* arsn; // Anti-Replay Seq Num - uint8_t arsnw_len : 8; // Anti-Replay Seq Num Window Length - uint16_t arsnw; // Anti-Replay Seq Num Window + uint8_t abm[ABM_SIZE]; // Authentication Bit Mask (Primary Hdr. through Security Hdr.) + uint8_t arsn_len : 8; // Anti-Replay Seq Num Length + uint8_t arsn[ARSN_SIZE];// Anti-Replay Seq Num + uint8_t arsnw_len : 8; // Anti-Replay Seq Num Window Length + uint16_t arsnw; // Anti-Replay Seq Num Window } SecurityAssociation_t; #define SA_SIZE (sizeof(SecurityAssociation_t)) @@ -261,18 +257,18 @@ typedef struct { uint8_t sh : TC_SH_SIZE; // Segment Header uint16_t spi; // Security Parameter Index - uint8_t* iv; // Initialization Vector for encryption + uint8_t iv[IV_SIZE]; // Initialization Vector for encryption uint8_t iv_field_len; - uint8_t* sn; // Sequence Number for anti-replay + uint8_t sn[SN_SIZE]; // Sequence Number for anti-replay uint8_t sn_field_len; - uint8_t* pad; // Count of the used fill Bytes + uint8_t pad[PAD_SIZE]; // Count of the used fill Bytes uint8_t pad_field_len; } TC_FrameSecurityHeader_t; #define TC_FRAME_SECHEADER_SIZE (sizeof(TC_FrameSecurityHeader_t)) typedef struct { - uint8_t* mac; // Message Authentication Code + uint8_t mac[MAC_SIZE]; // Message Authentication Code uint8_t mac_field_len; uint16_t fecf; // Frame Error Control Field } TC_FrameSecurityTrailer_t; @@ -332,6 +328,49 @@ typedef struct } CCSDS_t; #define CCSDS_SIZE (sizeof(CCSDS_t)) +/* +** Operational Control Field definition +** Telemetry frames can reply with either of these in their OCF field: +** 1) A Communications Control Link Word -or- +** 2) A Frame Security Report +*/ + +// INFO: This is the Communications Link Control Word register format +typedef struct +{ + uint8_t cwt : 1; // Control Word Type "0" + uint8_t cvn : 2; // CLCW Version Number "00" + uint8_t sf : 3; // Status Field + uint8_t cie : 2; // COP In Effect + uint8_t vci : 6; // Virtual Channel Identification + uint8_t spare0 : 2; // Reserved Spare + uint8_t nrfa : 1; // No RF Avaliable Flag + uint8_t nbl : 1; // No Bit Lock Flag + uint8_t lo : 1; // Lock-Out Flag + uint8_t wait : 1; // Wait Flag + uint8_t rt : 1; // Retransmit Flag + uint8_t fbc : 2; // FARM-B Counter + uint8_t spare1 : 1; // Reserved Spare + uint8_t rv : 8; // Report Value +} Telemetry_Frame_Clcw_t; + +#define TM_FRAME_CLCW_SIZE (sizeof(Telemetry_Frame_Clcw_t)) + +// INFO: This is the Frame Security Report register format +typedef struct +{ + uint8_t cwt : 1; // Control Word Type "1" + uint8_t fvn : 3; // FSR Version Number "100" + uint8_t af : 1; // Alarm Flag + uint8_t bsnf : 1; // Bad Sequence Number Flag + uint8_t bmf : 1; // Bad Mac Flag + uint8_t bsaf : 1; // Bad Security Association Flag + uint16_t lspi : 16; // Last SPI Used + uint8_t snv : 8; // Sequence Number Value (LSB) +} Telemetry_Frame_Fsr_t; + +#define TELEMETRY_FRAME_OCF_SIZE (sizeof(Telemetry_Frame_Fsr_t)) + /* ** Telemetry (TM) Definitions */ @@ -340,7 +379,7 @@ typedef struct uint8_t tfvn : 2; // Transfer Frame Version Number uint16_t scid : 10; // Spacecraft ID uint8_t vcid : 3; // Virtual Channel ID - uint8_t ocff : 1; // Describes wether OCF is present or not + uint8_t ocff : 1; // Describes whether OCF is present or not uint8_t mcfc : 8; // Master Channel Frame Count (modulo-256) uint8_t vcfc : 8; // Virtual Channel Frame Count (modulo-256) uint8_t tfsh : 1; // Transfer Frame Secondary Header @@ -378,25 +417,6 @@ typedef struct } TM_FrameSecurityTrailer_t; #define TM_FRAME_SECTRAILER_SIZE (sizeof(TM_FrameSecurityTrailer_t)) -typedef struct -{ - uint8_t cwt : 1; // Control Word Type "0" - uint8_t cvn : 2; // CLCW Version Number "00" - uint8_t sf : 3; // Status Field - uint8_t cie : 2; // COP In Effect - uint8_t vci : 6; // Virtual Channel Identification - uint8_t spare0 : 2; // Reserved Spare - uint8_t nrfa : 1; // No RF Avaliable Flag - uint8_t nbl : 1; // No Bit Lock Flag - uint8_t lo : 1; // Lock-Out Flag - uint8_t wait : 1; // Wait Flag - uint8_t rt : 1; // Retransmit Flag - uint8_t fbc : 2; // FARM-B Counter - uint8_t spare1 : 1; // Reserved Spare - uint8_t rv : 8; // Report Value -} TM_FrameCLCW_t; -#define TM_FRAME_CLCW_SIZE (sizeof(TM_FrameCLCW_t)) - typedef struct { TM_FramePrimaryHeader_t tm_header; @@ -409,4 +429,61 @@ typedef struct #define TM_MIN_SIZE \ (TM_FRAME_PRIMARYHEADER_SIZE + TM_FRAME_SECHEADER_SIZE + TM_FRAME_SECTRAILER_SIZE + TM_FRAME_CLCW_SIZE) -#endif \ No newline at end of file +/* +** Advanced Orbiting Systems (AOS) Definitions +*/ +typedef struct +{ + uint8_t tfvn : 2; // Transfer Frame Version Number + // Shall be set to '01' (732.0b4 Section 4.1.2.2.2) + uint16_t scid : 8; // Spacecraft ID + uint8_t vcid : 6; // Virtual Channel ID + // To be all zeros if only one VC used (732.0b4 Section 4.1.2.3) + long vcfc : 24; // Virtual Channel Frame Count (modulo-16,777,216) + /* Begin TF Signalling Field */ + uint8_t rf : 1; // Replay Flag + uint8_t sf : 1; // VC Frame Count Usgae Flag + // 0 = Payload is either idle data or octet synchronized forward-ordered packets + // 1 = Data is a virtual channel access data unit + uint8_t spare : 2; // Reserved Spare + // 0 = Shall be set to 0 + // Sync Flag 1 = Undefined + uint8_t vfcc : 2; // VC Frame Count cycle + // Sync Flag 0 = Shall be 11 + // Sync Flag 1 = Undefined + uint16_t fhp : 11; // First Header Pointer + // Sync Flag 0 = Contains position of the first byte of the first packet in the data field + // Sync Flag 1 = undefined +} AOS_FramePrimaryHeader_t; +#define AOS_FRAME_PRIMARYHEADER_SIZE (sizeof(AOS_FramePrimaryHeader_t)) + +typedef struct +{ + uint16_t spi; // Security Parameter Index + uint8_t iv[IV_SIZE]; // Initialization Vector for encryption + // uint8_t sn[TM_SN_SIZE]; // Sequence Number for anti-replay + // uint8_t pad[TM_PAD_SIZE]; // Count of the used fill Bytes +} AOS_FrameSecurityHeader_t; +#define AOS_FRAME_SECHEADER_SIZE (sizeof(AOS_FrameSecurityHeader_t)) + +typedef struct +{ + uint8_t mac[MAC_SIZE]; // Message Authentication Code + uint8_t ocf[OCF_SIZE]; // Operational Control Field + uint16_t fecf; // Frame Error Control Field +} AOS_FrameSecurityTrailer_t; +#define AOS_FRAME_SECTRAILER_SIZE (sizeof(AOS_FrameSecurityTrailer_t)) + +typedef struct +{ + AOS_FramePrimaryHeader_t tm_header; + AOS_FrameSecurityHeader_t tm_sec_header; + uint8_t aos_pdu[AOS_FRAME_DATA_SIZE]; + AOS_FrameSecurityTrailer_t aos_sec_trailer; +} AOS_t; +#define AOS_SIZE (sizeof(AOS_t)) + +#define AOS_MIN_SIZE \ + (AOS_FRAME_PRIMARYHEADER_SIZE + AOS_FRAME_SECHEADER_SIZE + AOS_FRAME_SECTRAILER_SIZE + AOS_FRAME_OCF_SIZE) + +#endif //CRYPTO_STRUCTS_H \ No newline at end of file diff --git a/include/cryptography_interface.h b/include/cryptography_interface.h index 1661ca2f..75457782 100644 --- a/include/cryptography_interface.h +++ b/include/cryptography_interface.h @@ -31,7 +31,6 @@ typedef struct // Cryptography Interface Initialization & Management Functions int32_t (*cryptography_config)(void); int32_t (*cryptography_init)(void); - crypto_key_t* (*get_ek_ring)(void); int32_t (*cryptography_shutdown)(void); // Cryptography Interface Functions int32_t (*cryptography_encrypt)(uint8_t* data_out, size_t len_data_out, @@ -87,5 +86,6 @@ typedef struct CryptographyInterface get_cryptography_interface_libgcrypt(void); CryptographyInterface get_cryptography_interface_kmc_crypto_service(void); +CryptographyInterface get_cryptography_interface_wolfssl(void); -#endif // CRYPTOLIB_CRYPTOGRAPHY_INTERFACE_H +#endif //CRYPTOLIB_CRYPTOGRAPHY_INTERFACE_H diff --git a/util/src_util/ut_crypto_aos.c b/include/key_interface.h similarity index 56% rename from util/src_util/ut_crypto_aos.c rename to include/key_interface.h index 8a804ce9..71760002 100644 --- a/util/src_util/ut_crypto_aos.c +++ b/include/key_interface.h @@ -15,43 +15,35 @@ NASA IV&V jstar-development-team@mail.nasa.gov */ +#ifndef KEY_INTERFACE_H +#define KEY_INTERFACE_H -/** - * Unit Tests that macke use of CRYPTO_AOS functionality on the data. - **/ -#include "ut_crypto_aos.h" -#include "crypto.h" #include "crypto_error.h" -#include "sadb_routine.h" -#include "utest.h" - -/** - * @brief Unit Test: Crypto Init with invalid SADB - * @note: TODO: This test will need to be reworked when this functionality exists. - **/ -UTEST(CRYPTO_AOS, APPLY_SECURITY) -{ - int32_t status = CRYPTO_LIB_ERROR; - uint8_t ingest[1024] = {0}; - int len_ingest = 0; - - status = Crypto_AOS_ApplySecurity(&ingest[0], &len_ingest); +#include "crypto_structs.h" - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); -} +/* Structures */ +typedef struct +{ + uint8_t value[KEY_SIZE]; + uint32_t key_len; + uint8_t key_state : 4; +} crypto_key_t; +#define CRYPTO_KEY_SIZE (sizeof(crypto_key_t)) -/** - * @brief Unit Test: Crypto AOS Process Security - **/ -UTEST(CRYPTO_AOS, PROCESS_SECURITY) +typedef struct { - int32_t status = CRYPTO_LIB_ERROR; - uint8_t ingest[1024] = {0}; - int len_ingest = 0; + /* Key Interface, SDLS */ + crypto_key_t* (*get_key)(uint32_t key_id); + int32_t (*key_init)(void); + int32_t (*key_shutdown)(void); + + /* Key Interface, SDLS-EP */ - status = Crypto_AOS_ProcessSecurity(&ingest[0], &len_ingest); +} KeyInterfaceStruct, *KeyInterface; - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); -} +/* Prototypes */ +KeyInterface get_key_interface_custom(void); +KeyInterface get_key_interface_internal(void); +KeyInterface get_key_interface_kmc(void); -UTEST_MAIN(); \ No newline at end of file +#endif // KEY_INTERFACE_H diff --git a/include/mc_interface.h b/include/mc_interface.h new file mode 100644 index 00000000..3318d34c --- /dev/null +++ b/include/mc_interface.h @@ -0,0 +1,49 @@ +/* Copyright (C) 2009 - 2022 National Aeronautics and Space Administration. + All Foreign Rights are Reserved to the U.S. Government. + + This software is provided "as is" without any warranty of any kind, either expressed, implied, or statutory, + including, but not limited to, any warranty that the software will conform to specifications, any implied warranties + of merchantability, fitness for a particular purpose, and freedom from infringement, and any warranty that the + documentation will conform to the program, or any warranty that the software will be error free. + + In no event shall NASA be liable for any damages, including, but not limited to direct, indirect, special or + consequential damages, arising out of, resulting from, or in any way connected with the software or its + documentation, whether or not based upon warranty, contract, tort or otherwise, and whether or not loss was sustained + from, or arose out of the results of, or use of, the software, documentation or services provided hereunder. + + ITC Team + NASA IV&V + jstar-development-team@mail.nasa.gov +*/ +#ifndef MONITORING_AND_CONTROL_INTERFACE_H +#define MONITORING_AND_CONTROL_INTERFACE_H + +#include "crypto_error.h" +#include "crypto_structs.h" + +/* Structures */ +typedef struct +{ + /* MC Interface, SDLS */ + int32_t (*mc_initialize)(void); + void (*mc_log)(int32_t error_code); + int32_t (*mc_shutdown)(void); + + /* MC Interface, SDLS-EP */ + /* + int32_t (*mc_ping)(); + int32_t (*mc_log_status)(void); + int32_t (*mc_dump_log)(void); + int32_t (*mc_erase_log)(void); + int32_t (*mc_self_test)(void); + int32_t (*mc_alarm_reset_flag)(void); + */ + +} McInterfaceStruct, *McInterface; + +/* Prototypes */ +McInterface get_mc_interface_custom(void); +McInterface get_mc_interface_disabled(void); +McInterface get_mc_interface_internal(void); + +#endif // MONITORING_AND_CONTROL_INTERFACE_H diff --git a/include/sadb_routine.h b/include/sa_interface.h similarity index 52% rename from include/sadb_routine.h rename to include/sa_interface.h index de9bd534..f403f1c2 100644 --- a/include/sadb_routine.h +++ b/include/sa_interface.h @@ -12,8 +12,8 @@ * foreign persons. */ -#ifndef CRYPTOLIB_SADB_ROUTINE_H -#define CRYPTOLIB_SADB_ROUTINE_H +#ifndef CRYPTOLIB_SA_INTERFACE_H +#define CRYPTOLIB_SA_INTERFACE_H #ifdef NOS3 // NOS3/cFS build is ready #include "common_types.h" @@ -29,28 +29,29 @@ typedef struct { // Security Association Initialization & Management Functions - int32_t (*sadb_config)(void); - int32_t (*sadb_init)(void); - int32_t (*sadb_close)(void); + int32_t (*sa_config)(void); + int32_t (*sa_init)(void); + int32_t (*sa_close)(void); // Security Association Interaction Functions - int32_t (*sadb_get_sa_from_spi)(uint16_t, SecurityAssociation_t** ); - int32_t (*sadb_get_operational_sa_from_gvcid)(uint8_t, uint16_t, uint16_t, uint8_t, SecurityAssociation_t**); - int32_t (*sadb_save_sa)(SecurityAssociation_t* ); + int32_t (*sa_get_from_spi)(uint16_t, SecurityAssociation_t** ); + int32_t (*sa_get_operational_sa_from_gvcid)(uint8_t, uint16_t, uint16_t, uint8_t, SecurityAssociation_t**); + int32_t (*sa_save_sa)(SecurityAssociation_t* ); // Security Association Utility Functions - int32_t (*sadb_sa_stop)(void); - int32_t (*sadb_sa_start)(TC_t* tc_frame); - int32_t (*sadb_sa_expire)(void); - int32_t (*sadb_sa_rekey)(void); - int32_t (*sadb_sa_status)(uint8_t* ); - int32_t (*sadb_sa_create)(void); - int32_t (*sadb_sa_setARSN)(void); - int32_t (*sadb_sa_setARSNW)(void); - int32_t (*sadb_sa_delete)(void); + int32_t (*sa_stop)(void); + int32_t (*sa_start)(TC_t* tc_frame); + int32_t (*sa_expire)(void); + int32_t (*sa_rekey)(void); + int32_t (*sa_status)(uint8_t* ); + int32_t (*sa_create)(void); + int32_t (*sa_setARSN)(void); + int32_t (*sa_setARSNW)(void); + int32_t (*sa_delete)(void); -} SadbRoutineStruct, *SadbRoutine; +} SaInterfaceStruct, *SaInterface; -SadbRoutine get_sadb_routine_mariadb(void); -SadbRoutine get_sadb_routine_inmemory(void); -// SadbRoutine init_parse_sadb_routine(uint8_t* ); +SaInterface get_sa_interface_custom(void); +SaInterface get_sa_interface_inmemory(void); +SaInterface get_sa_interface_mariadb(void); +// SaInterface init_parse_sa_routine(uint8_t* ); -#endif // CRYPTOLIB_SADB_ROUTINE_H +#endif //CRYPTOLIB_SA_INTERFACE_H diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index f1044340..48249225 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -17,85 +17,160 @@ include_directories(../include) -aux_source_directory(src_main LIB_SRC_FILES) -if(MYSQL) - aux_source_directory(src_mysql LIB_SRC_MYSQL_FILES) - list(APPEND LIB_SRC_FILES ${LIB_SRC_MYSQL_FILES}) +aux_source_directory(core LIB_SRC_FILES) + +if(CRYPTO_LIBGCRYPT) + aux_source_directory(crypto/libgcrypt LIBGCRYPT_FILES) + list(APPEND LIB_SRC_FILES ${LIBGCRYPT_FILES}) else() - aux_source_directory(src_feature_stubs/mysql_stub LIB_SRC_MYSQL_FILES) - list(APPEND LIB_SRC_FILES ${LIB_SRC_MYSQL_FILES}) + aux_source_directory(crypto/libgcrypt_stub LIBGCRYPT_FILES) + list(APPEND LIB_SRC_FILES ${LIBGCRYPT_FILES}) endif() -if(LIBGCRYPT) - aux_source_directory(src_cryptography/src_libgcrypt LIB_SRC_LIBGCRYPT_FILES) - list(APPEND LIB_SRC_FILES ${LIB_SRC_LIBGCRYPT_FILES}) +if(CRYPTO_KMC) + aux_source_directory(crypto/kmc KMC_FILES) + list(APPEND LIB_SRC_FILES ${KMC_FILES}) else() - aux_source_directory(src_feature_stubs/cryptography_libgcrypt_stub LIB_SRC_LIBGCRYPT_FILES) - list(APPEND LIB_SRC_FILES ${LIB_SRC_LIBGCRYPT_FILES}) + aux_source_directory(crypto/kmc_stub KMC_FILES) + list(APPEND LIB_SRC_FILES ${KMC_FILES}) endif() -if(KMCCRYPTO) - aux_source_directory(src_cryptography/src_kmc_crypto_service LIB_SRC_KMC_CRYPTO_FILES) - list(APPEND LIB_SRC_FILES ${LIB_SRC_KMC_CRYPTO_FILES}) +if(CRYPTO_WOLFSSL) + aux_source_directory(crypto/wolfssl WOLFSSL_FILES) + list(APPEND LIB_SRC_FILES ${WOLFSSL_FILES}) else() - aux_source_directory(src_feature_stubs/cryptography_kmc_stub LIB_SRC_KMC_CRYPTO_FILES) - list(APPEND LIB_SRC_FILES ${LIB_SRC_KMC_CRYPTO_FILES}) + aux_source_directory(crypto/wolfssl_stub WOLFSSL_FILES) + list(APPEND LIB_SRC_FILES ${WOLFSSL_FILES}) endif() -if(CMAKE_PROJECT_NAME STREQUAL PROJECT_NAME) - include(CTest) - enable_testing() +if(KEY_CUSTOM) + # Assumes CryptoLib is a Git submodule to project and custom directories and definitions exist at top level + aux_source_directory(../../key/custom KEY_CUSTOM_FILES) + list(APPEND LIB_SRC_FILES ${KEY_CUSTOM_FILES}) +else() + aux_source_directory(key/custom_stub KEY_CUSTOM_FILES) + list(APPEND LIB_SRC_FILES ${KEY_CUSTOM_FILES}) +endif() + +if(KEY_INTERNAL) + aux_source_directory(key/internal KEY_INTERNAL_FILES) + list(APPEND LIB_SRC_FILES ${KEY_INTERNAL_FILES}) +else() + aux_source_directory(key/internal_stub KEY_INTERNAL_FILES) + list(APPEND LIB_SRC_FILES ${KEY_INTERNAL_FILES}) +endif() + +if(KEY_KMC) + aux_source_directory(key/kmc KEY_KMC_FILES) + list(APPEND LIB_SRC_FILES ${KEY_KMC_FILES}) +else() + aux_source_directory(key/kmc_stub KEY_KMC_FILES) + list(APPEND LIB_SRC_FILES ${KEY_KMC_FILES}) +endif() + +if(MC_CUSTOM) + # Assumes CryptoLib is a Git submodule to project and custom directories and definitions exist at top level + aux_source_directory(../../mc/custom MC_CUSTOM_FILES) + list(APPEND LIB_SRC_FILES ${MC_CUSTOM_FILES}) +else() + aux_source_directory(mc/custom_stub MC_CUSTOM_FILES) + list(APPEND LIB_SRC_FILES ${MC_CUSTOM_FILES}) +endif() + +if(MC_DISABLED) + aux_source_directory(mc/disabled MC_DISABLED_FILES) + list(APPEND LIB_SRC_FILES ${MC_DISABLED_FILES}) +else() + aux_source_directory(mc/disabled_stub MC_DISABLED_FILES) + list(APPEND LIB_SRC_FILES ${MC_DISABLED_FILES}) +endif() + +if(MC_INTERNAL) + aux_source_directory(mc/internal MC_INTERNAL_FILES) + list(APPEND LIB_SRC_FILES ${MC_INTERNAL_FILES}) +else() + aux_source_directory(mc/internal_stub MC_INTERNAL_FILES) + list(APPEND LIB_SRC_FILES ${MC_INTERNAL_FILES}) +endif() + +if(SA_CUSTOM) + # Assumes CryptoLib is a Git submodule to project and custom directories and definitions exist at top level + aux_source_directory(../../sa/custom SA_CUSTOM_FILES) + list(APPEND LIB_SRC_FILES ${SA_CUSTOM_FILES}) +else() + aux_source_directory(sa/custom_stub SA_CUSTOM_FILES) + list(APPEND LIB_SRC_FILES ${SA_CUSTOM_FILES}) +endif() + +if(SA_INTERNAL) + aux_source_directory(sa/internal SA_INTERNAL_FILES) + list(APPEND LIB_SRC_FILES ${SA_INTERNAL_FILES}) +else() + aux_source_directory(sa/internal_stub SA_INTERNAL_FILES) + list(APPEND LIB_SRC_FILES ${SA_INTERNAL_FILES}) +endif() + +if(SA_MARIADB) + aux_source_directory(sa/mariadb MARIADB_FILES) + list(APPEND LIB_SRC_FILES ${MARIADB_FILES}) +else() + aux_source_directory(sa/mariadb_stub MARIADB_FILES) + list(APPEND LIB_SRC_FILES ${MARIADB_FILES}) endif() # Create the app module -IF(DEFINED CFE_SYSTEM_PSPNAME) +if(DEFINED CFE_SYSTEM_PSPNAME) set(CMAKE_INSTALL_RPATH "${CMAKE_INSTALL_PREFIX}/cpu${TGTSYS_${SYSVAR}}/${INSTALL_SUBDIR}") - add_cfe_app(Crypto ${LIB_SRC_FILES}) -ELSE() + add_cfe_app(crypto ${LIB_SRC_FILES}) +else() # Standalone build - add_library(Crypto SHARED ${LIB_SRC_FILES}) -ENDIF() + add_library(crypto SHARED ${LIB_SRC_FILES}) +endif() + +if(CRYPTO_LIBGCRYPT) + target_link_libraries(crypto gcrypt) +endif() -if(LIBGCRYPT) - target_link_libraries(Crypto gcrypt) +if(CRYPTO_KMC) + target_link_libraries(crypto curl) endif() -if(KMCCRYPTO) - target_link_libraries(Crypto curl) +if(CRYPTO_WOLFSSL) + target_link_libraries(crypto wolfssl) endif() -if(MYSQL) +if(SA_MARIADB) execute_process(COMMAND mysql_config --cflags OUTPUT_VARIABLE MYSQL_CFLAGS OUTPUT_STRIP_TRAILING_WHITESPACE) execute_process(COMMAND mysql_config --libs OUTPUT_VARIABLE MYSQL_LIBS OUTPUT_STRIP_TRAILING_WHITESPACE) - - target_compile_options(Crypto PUBLIC ${MYSQL_CFLAGS}) - target_link_libraries(Crypto ${MYSQL_LIBS}) + target_compile_options(crypto PUBLIC ${MYSQL_CFLAGS}) + target_link_libraries(crypto ${MYSQL_LIBS}) endif() -set_target_properties(Crypto PROPERTIES PUBLIC_HEADER "../include/crypto.h;../include/crypto_config_structs.h;../include/crypto_error.h;../include/crypto_print.h;../include/crypto_structs.h;../include/crypto_config.h;") +file(GLOB CRYPTO_INCLUDES ../include/*.h) +set_target_properties(crypto PROPERTIES PUBLIC_HEADER "${CRYPTO_INCLUDES}") -add_custom_command(TARGET Crypto POST_BUILD - COMMAND ${CMAKE_COMMAND} -E copy $ ${PROJECT_BINARY_DIR}/lib/libCrypto.so +add_custom_command(TARGET crypto POST_BUILD + COMMAND ${CMAKE_COMMAND} -E copy $ ${PROJECT_BINARY_DIR}/lib/libcrypto.so COMMENT "Created ${PROJECT_BINARY_DIR}/lib/libCrypto.so" ) - -IF(DEFINED CFE_SYSTEM_PSPNAME) - install(TARGETS Crypto - DESTINATION ${CMAKE_INSTALL_PREFIX}/cpu${TGTSYS_${SYSVAR}}/${INSTALL_SUBDIR}) -ELSE() - install(TARGETS Crypto +if(DEFINED CFE_SYSTEM_PSPNAME) + install(TARGETS crypto + DESTINATION ${CMAKE_INSTALL_PREFIX}/${TGTSYS_${SYSVAR}}/${INSTALL_SUBDIR} + PUBLIC_HEADER DESTINATION ${CMAKE_INSTALL_PREFIX}/host) +else() + install(TARGETS crypto DESTINATION ${CMAKE_INSTALL_PREFIX}/lib PUBLIC_HEADER DESTINATION ${CMAKE_INSTALL_PREFIX}/include) -ENDIF() +endif() -IF(MYSQL) - file(GLOB MYSQL_SCRIPTS crypto_sadb/sadb_mariadb_sql/*.sql) - file(GLOB MYSQL_TEST_SCRIPTS crypto_sadb/test_sadb_mariadb_sql/*.sql) +if(SA_MARIADB) + file(GLOB MYSQL_SCRIPTS sa/sa_mariadb_sql/*.sql) + file(GLOB MYSQL_TEST_SCRIPTS sa/test_sa_mariadb_sql/*.sql) install(FILES ${MYSQL_SCRIPTS} - DESTINATION ${CMAKE_INSTALL_PREFIX}/etc/sadb_mariadb_sql) + DESTINATION ${CMAKE_INSTALL_PREFIX}/etc/sa_mariadb_sql) install(FILES ${MYSQL_TEST_SCRIPTS} - DESTINATION ${CMAKE_INSTALL_PREFIX}/test/test_sadb_mariadb_sql) -endif() \ No newline at end of file + DESTINATION ${CMAKE_INSTALL_PREFIX}/test/test_sa_mariadb_sql) +endif() diff --git a/src/src_main/crypto.c b/src/core/crypto.c similarity index 87% rename from src/src_main/crypto.c rename to src/core/crypto.c index b9c1ac23..528ece0c 100644 --- a/src/src_main/crypto.c +++ b/src/core/crypto.c @@ -35,13 +35,17 @@ CFS_MODULE_DECLARE_LIB(crypto); // crypto_key_t ak_ring[NUM_KEYS]; CCSDS_t sdls_frame; // TM_t tm_frame; -uint8_t tm_frame[1786]; // Testing -TM_FramePrimaryHeader_t tm_frame_pri_hdr; // Used to reduce bit math duplication +uint8_t tm_frame[1786]; // Testing +TM_FramePrimaryHeader_t tm_frame_pri_hdr; // Used to reduce bit math duplication TM_FrameSecurityHeader_t tm_frame_sec_hdr; // Used to reduce bit math duplication +// AOS_t aos_frame +uint8_t aos_frame[1786]; // Testing +AOS_FramePrimaryHeader_t aos_frame_pri_hdr; // Used to reduce bit math duplication +AOS_FrameSecurityHeader_t aos_frame_sec_hdr; // Used to reduce bit math duplication // OCF uint8_t ocf = 0; SDLS_FSR_t report; -TM_FrameCLCW_t clcw; +Telemetry_Frame_Clcw_t clcw; // Flags SDLS_MC_LOG_RPLY_t log_summary; SDLS_MC_DUMP_BLK_RPLY_t mc_log; @@ -70,12 +74,18 @@ uint8_t Crypto_Is_AEAD_Algorithm(uint32_t cipher_suite_id) // CryptoLib only supports AES-GCM, which is an AEAD (Authenticated Encryption with Associated Data) algorithm, so // return true/1. // TODO - Add cipher suite mapping to which algorithms are AEAD and which are not. - if((cipher_suite_id == CRYPTO_CIPHER_AES256_GCM) || (cipher_suite_id == CRYPTO_CIPHER_AES256_CBC_MAC)) + if ((cipher_suite_id == CRYPTO_CIPHER_AES256_GCM) || (cipher_suite_id == CRYPTO_CIPHER_AES256_CBC_MAC)) { +#ifdef DEBUG + printf(KYEL "CRYPTO IS AEAD? : TRUE\n" RESET); +#endif return CRYPTO_TRUE; } else - { + { +#ifdef DEBUG + printf(KYEL "CRYPTO IS AEAD? : FALSE\n" RESET); +#endif return CRYPTO_FALSE; } } @@ -102,7 +112,7 @@ int32_t Crypto_increment(uint8_t* num, int length) if (i < 0) /* this means num[0] was incremented and overflowed */ { - for(i=0; i= 0; --j) @@ -228,8 +238,9 @@ int32_t Crypto_compare_less_equal(uint8_t* actual, uint8_t* expected, int length uint8_t Crypto_Prep_Reply(uint8_t* ingest, uint8_t appID) { uint8_t count = 0; - if(ingest == NULL) return count; - + if (ingest == NULL) + return count; + // Prepare CCSDS for reply sdls_frame.hdr.pvn = 0; sdls_frame.hdr.type = 0; @@ -452,49 +463,49 @@ int32_t Crypto_PDU(uint8_t* ingest, TC_t* tc_frame) #ifdef PDU_DEBUG printf(KGRN "SA Create\n" RESET); #endif - status = sadb_routine->sadb_sa_create(); + status = sa_if->sa_create(); break; case PID_DELETE_SA: #ifdef PDU_DEBUG printf(KGRN "SA Delete\n" RESET); #endif - status = sadb_routine->sadb_sa_delete(); + status = sa_if->sa_delete(); break; case PID_SET_ARSNW: #ifdef PDU_DEBUG printf(KGRN "SA setARSNW\n" RESET); #endif - status = sadb_routine->sadb_sa_setARSNW(); + status = sa_if->sa_setARSNW(); break; case PID_REKEY_SA: #ifdef PDU_DEBUG printf(KGRN "SA Rekey\n" RESET); #endif - status = sadb_routine->sadb_sa_rekey(); + status = sa_if->sa_rekey(); break; case PID_EXPIRE_SA: #ifdef PDU_DEBUG printf(KGRN "SA Expire\n" RESET); #endif - status = sadb_routine->sadb_sa_expire(); + status = sa_if->sa_expire(); break; case PID_SET_ARSN: #ifdef PDU_DEBUG printf(KGRN "SA SetARSN\n" RESET); #endif - status = sadb_routine->sadb_sa_setARSN(); + status = sa_if->sa_setARSN(); break; case PID_START_SA: #ifdef PDU_DEBUG printf(KGRN "SA Start\n" RESET); #endif - status = sadb_routine->sadb_sa_start(tc_frame); + status = sa_if->sa_start(tc_frame); break; case PID_STOP_SA: #ifdef PDU_DEBUG printf(KGRN "SA Stop\n" RESET); #endif - status = sadb_routine->sadb_sa_stop(); + status = sa_if->sa_stop(); break; case PID_READ_ARSN: #ifdef PDU_DEBUG @@ -506,7 +517,7 @@ int32_t Crypto_PDU(uint8_t* ingest, TC_t* tc_frame) #ifdef PDU_DEBUG printf(KGRN "SA Status\n" RESET); #endif - status = sadb_routine->sadb_sa_status(ingest); + status = sa_if->sa_status(ingest); break; default: printf(KRED "Error: Crypto_PDU failed interpreting SA Procedure Identification Field! \n" RESET); @@ -714,7 +725,7 @@ int32_t Crypto_Process_Extended_Procedure_Pdu(TC_t* tc_sdls_processed_frame, uin int32_t status = CRYPTO_LIB_SUCCESS; int x; - if (crypto_config->has_pus_hdr == TC_HAS_PUS_HDR) + if (crypto_config.has_pus_hdr == TC_HAS_PUS_HDR) { if ((tc_sdls_processed_frame->tc_pdu[0] == 0x18) && (tc_sdls_processed_frame->tc_pdu[1] == 0x80)) // Crypto Lib Application ID @@ -798,25 +809,26 @@ int32_t Crypto_Process_Extended_Procedure_Pdu(TC_t* tc_sdls_processed_frame, uin /* ** @brief: Check IVs and ARSNs to ensure within valid positive window if applicable */ -int32_t Crypto_Check_Anti_Replay(SecurityAssociation_t *sa_ptr, uint8_t *arsn, uint8_t *iv) +int32_t Crypto_Check_Anti_Replay(SecurityAssociation_t* sa_ptr, uint8_t* arsn, uint8_t* iv) { int32_t status = CRYPTO_LIB_SUCCESS; int8_t IV_VALID = -1; int8_t ARSN_VALID = -1; // Check for NULL pointers + if (sa_ptr == NULL) // #177 - Modification made per suggestion of 'Spicydll' - prevents null dereference + { + return CRYPTO_LIB_ERR_NULL_SA; + } if (arsn == NULL && sa_ptr->arsn_len > 0) { return CRYPTO_LIB_ERR_NULL_ARSN; } - if (iv == NULL && sa_ptr->shivf_len > 0 && crypto_config->cryptography_type != CRYPTOGRAPHY_TYPE_KMCCRYPTO) + if (iv == NULL && sa_ptr->shivf_len > 0 && crypto_config.cryptography_type != CRYPTOGRAPHY_TYPE_KMCCRYPTO) { return CRYPTO_LIB_ERR_NULL_IV; } - if (sa_ptr == NULL) - { - return CRYPTO_LIB_ERR_NULL_SA; - } + // If sequence number field is greater than zero, check for replay if (sa_ptr->shsnf_len > 0) { @@ -848,13 +860,14 @@ int32_t Crypto_Check_Anti_Replay(SecurityAssociation_t *sa_ptr, uint8_t *arsn, u } } // If IV is greater than zero and using GCM, check for replay - if ((sa_ptr->iv_len > 0) && *sa_ptr->ecs == CRYPTO_CIPHER_AES256_GCM) + if ((sa_ptr->iv_len > 0) && (sa_ptr->ecs == CRYPTO_CIPHER_AES256_GCM)) { // Check IV is in ARSNW - if(crypto_config->crypto_increment_nontransmitted_iv == SA_INCREMENT_NONTRANSMITTED_IV_TRUE) + if(crypto_config.crypto_increment_nontransmitted_iv == SA_INCREMENT_NONTRANSMITTED_IV_TRUE) { status = Crypto_window(iv, sa_ptr->iv, sa_ptr->iv_len, sa_ptr->arsnw); - } else // SA_INCREMENT_NONTRANSMITTED_IV_FALSE + } + else // SA_INCREMENT_NONTRANSMITTED_IV_FALSE { // Whole IV gets checked in MAC validation previously, this only verifies transmitted portion is what we expect. status = Crypto_window(iv, sa_ptr->iv + (sa_ptr->iv_len - sa_ptr->shivf_len), sa_ptr->shivf_len, sa_ptr->arsnw); @@ -881,16 +894,16 @@ int32_t Crypto_Check_Anti_Replay(SecurityAssociation_t *sa_ptr, uint8_t *arsn, u else { IV_VALID = CRYPTO_TRUE; - //memcpy(sa_ptr->iv, iv, sa_ptr->iv_len); + // memcpy(sa_ptr->iv, iv, sa_ptr->iv_len); } } // IV length is greater than zero, but not using an incrementing IV as in GCM - // we can't verify this internally as Crpytolib doesn't track previous IVs + // we can't verify this internally as Crpytolib doesn't track previous IVs // or generate random ones // else{} // For GCM specifically, if have a valid IV... - if (*sa_ptr->ecs == CRYPTO_CIPHER_AES256_GCM && IV_VALID == CRYPTO_TRUE) + if ((sa_ptr->ecs == CRYPTO_CIPHER_AES256_GCM) && (IV_VALID == CRYPTO_TRUE)) { // Using ARSN? Need to be valid to increment both if (sa_ptr->arsn_len > 0 && ARSN_VALID == CRYPTO_TRUE) @@ -906,12 +919,11 @@ int32_t Crypto_Check_Anti_Replay(SecurityAssociation_t *sa_ptr, uint8_t *arsn, u } // If not GCM, and ARSN is valid - can incrmeent it - if (*sa_ptr->ecs != CRYPTO_CIPHER_AES256_GCM && ARSN_VALID == CRYPTO_TRUE) + if (sa_ptr->ecs != CRYPTO_CIPHER_AES256_GCM && ARSN_VALID == CRYPTO_TRUE) { memcpy(sa_ptr->arsn, arsn, sa_ptr->arsn_len); } - return status; } @@ -921,47 +933,88 @@ int32_t Crypto_Check_Anti_Replay(SecurityAssociation_t *sa_ptr, uint8_t *arsn, u */ int32_t Crypto_Get_ECS_Algo_Keylen(uint8_t algo) { - int32_t retval= -1; + int32_t retval = -1; - switch(algo){ - case CRYPTO_CIPHER_AES256_GCM: - retval = 32; - break; - case CRYPTO_CIPHER_AES256_CBC: - retval = 32; - break; - case CRYPTO_CIPHER_AES256_CCM: - retval = 32; - break; - default: - break; + switch (algo) + { + case CRYPTO_CIPHER_AES256_GCM: + retval = 32; + break; + case CRYPTO_CIPHER_AES256_CBC: + retval = 32; + break; + case CRYPTO_CIPHER_AES256_CCM: + retval = 32; + break; + default: + break; } return retval; } - /* ** @brief: For a given algorithm, return the associated key length in bytes ** @param: algo */ int32_t Crypto_Get_ACS_Algo_Keylen(uint8_t algo) { - int32_t retval= -1; + int32_t retval = -1; - switch(algo){ - case CRYPTO_MAC_CMAC_AES256: - retval = 32; - break; - case CRYPTO_MAC_HMAC_SHA256: - retval = 32; - break; - case CRYPTO_MAC_HMAC_SHA512: - retval = 64; - break; - default: - break; + switch (algo) + { + case CRYPTO_MAC_CMAC_AES256: + retval = 32; + break; + case CRYPTO_MAC_HMAC_SHA256: + retval = 32; + break; + case CRYPTO_MAC_HMAC_SHA512: + retval = 64; + break; + default: + break; } return retval; +} + +int32_t Crypto_Get_Security_Header_Length(SecurityAssociation_t* sa_ptr) +{ + /* Narrator's Note: Leaving this here for future work + ** eventually we need a way to reconcile cryptolib managed parameters with TO managed parameters + GvcidManagedParameters_t* temp_current_managed_parameters = NULL; + Crypto_Get_Managed_Parameters_For_Gvcid(tfvn, scid, vcid, + gvcid_managed_parameters, temp_current_managed_parameters); + */ + + if (!sa_ptr) + { +#ifdef DEBUG + printf(KRED "Get_Security_Header_Length passed Null SA!\n" RESET); +#endif + return CRYPTO_LIB_ERR_NULL_SA; + } + uint16_t securityHeaderLength = 2; // Start with SPI + + securityHeaderLength += sa_ptr->shivf_len + sa_ptr->shsnf_len + sa_ptr->shplf_len; + + return securityHeaderLength; +} + +int32_t Crypto_Get_Security_Trailer_Length(SecurityAssociation_t* sa_ptr) +{ + if (!sa_ptr) + { +#ifdef DEBUG + printf(KRED "Get_Trailer_Header_Length passed Null SA!\n" RESET); +#endif + return CRYPTO_LIB_ERR_NULL_SA; + } + uint16_t securityTrailerLength = 0; + + securityTrailerLength = sa_ptr->stmacf_len; + + return securityTrailerLength; + } \ No newline at end of file diff --git a/src/core/crypto_aos.c b/src/core/crypto_aos.c new file mode 100644 index 00000000..04d7551d --- /dev/null +++ b/src/core/crypto_aos.c @@ -0,0 +1,1635 @@ +/** Copyright (C) 2009 - 2022 National Aeronautics and Space Administration. + All Foreign Rights are Reserved to the U.S. Government. + + This software is provided "as is" without any warranty of any kind, either expressed, implied, or statutory, + including, but not limited to, any warranty that the software will conform to specifications, any implied warranties + of merchantability, fitness for a particular purpose, and freedom from infringement, and any warranty that the + documentation will conform to the program, or any warranty that the software will be error free. + + In no event shall NASA be liable for any damages, including, but not limited to direct, indirect, special or + consequential damages, arising out of, resulting from, or in any way connected with the software or its + documentation, whether or not based upon warranty, contract, tort or otherwise, and whether or not loss was sustained + from, or arose out of the results of, or use of, the software, documentation or services provided hereunder. + + ITC Team + NASA IV&V + jstar-development-team@mail.nasa.gov + **/ + +/** + * Includes + **/ +#include "crypto.h" + +#include // memcpy/memset + +/** + * @brief Function: Crypto_AOS_ApplySecurity + * @param ingest: uint8_t* + * @param len_ingest: int* + * @return int32: Success/Failure + * + * The AOS ApplySecurity Payload shall consist of the portion of the AOS Transfer Frame (see + * reference [1]) from the first octet of the Transfer Frame Primary Header to the last octet of + * the Transfer Frame Data Field. + * NOTES + * 1 The AOS Transfer Frame is the fixed-length protocol data unit of the AOS Space Data + * Link Protocol. The length of any Transfer Frame transferred on a physical channel is + * constant, and is established by management. + * 2 The portion of the AOS Transfer Frame contained in the AOS ApplySecurity Payload + * parameter includes the Security Header field. When the ApplySecurity Function is + * called, the Security Header field is empty; i.e., the caller has not set any values in the + * Security Header + **/ +int32_t Crypto_AOS_ApplySecurity(uint8_t* pTfBuffer) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + int mac_loc = 0; + uint8_t aad[1786]; + uint16_t aad_len = 0; + int i = 0; + uint16_t data_loc; + uint16_t idx = 0; + uint8_t sa_service_type = -1; + uint16_t pdu_len = -1; + uint32_t pkcs_padding = 0; + uint16_t new_fecf = 0x0000; + uint8_t ecs_is_aead_algorithm; + SecurityAssociation_t* sa_ptr = NULL; + uint8_t tfvn = 0; + uint16_t scid = 0; + uint16_t vcid = 0; + + // Passed a null, return an error + if (!pTfBuffer) + { + return CRYPTO_LIB_ERR_NULL_BUFFER; + } + + if ((crypto_config.init_status == UNITIALIZED) || (mc_if == NULL) || (sa_if == NULL)) + { + printf(KRED "ERROR: CryptoLib Configuration Not Set! -- CRYPTO_LIB_ERR_NO_CONFIG, Will Exit\n" RESET); + status = CRYPTO_LIB_ERR_NO_CONFIG; + // Can't mc_log since it's not configured + return status; // return immediately so a NULL crypto_config is not dereferenced later + } + + tfvn = ((uint8_t)pTfBuffer[0] & 0xC0) >> 6; + scid = (((uint16_t)pTfBuffer[0] & 0x3F) << 2) | (((uint16_t)pTfBuffer[1] & 0xC0) >> 6); + vcid = ((uint8_t)pTfBuffer[1] & 0x3F); + +#ifdef AOS_DEBUG + printf(KYEL "\n----- Crypto_AOS_ApplySecurity START -----\n" RESET); + printf("The following GVCID parameters will be used:\n"); + printf("\tTVFN: 0x%04X\t", tfvn); + printf("\tSCID: 0x%04X", scid); + printf("\tVCID: 0x%04X",vcid); + printf("\tMAP: %d\n", 0); + printf("\tPriHdr as follows:\n\t\t"); + for (int i =0; i<6; i++) + { + printf("%02X", (uint8_t)pTfBuffer[i]); + } + printf("\n"); +#endif + + status = sa_if->sa_get_operational_sa_from_gvcid(tfvn, scid, vcid, 0, &sa_ptr); + + // No operational/valid SA found + if (status != CRYPTO_LIB_SUCCESS) + { +#ifdef AOS_DEBUG + printf(KRED "Error: Could not retrieve an SA!\n" RESET); +#endif + mc_if->mc_log(status); + return status; + } + + status = Crypto_Get_Managed_Parameters_For_Gvcid(tfvn, scid, vcid, gvcid_managed_parameters, ¤t_managed_parameters); + + // No managed parameters found + if (status != CRYPTO_LIB_SUCCESS) + { +#ifdef AOS_DEBUG + printf(KRED "Error: No managed parameters found!\n" RESET); +#endif + mc_if->mc_log(status); + return status; + } + +#ifdef AOS_DEBUG + printf(KYEL "AOS BEFORE Apply Sec:\n\t" RESET); + for (int16_t i =0; i < current_managed_parameters->max_frame_size; i++) + { + printf("%02X", pTfBuffer[i]); + } + printf("\n"); +#endif + +#ifdef SA_DEBUG + printf(KYEL "DEBUG - Printing SA Entry for current frame.\n" RESET); + Crypto_saPrint(sa_ptr); +#endif + + // Determine SA Service Type + if ((sa_ptr->est == 0) && (sa_ptr->ast == 0)) + { + sa_service_type = SA_PLAINTEXT; + } + else if ((sa_ptr->est == 0) && (sa_ptr->ast == 1)) + { + sa_service_type = SA_AUTHENTICATION; + } + else if ((sa_ptr->est == 1) && (sa_ptr->ast == 0)) + { + sa_service_type = SA_ENCRYPTION; + } + else if ((sa_ptr->est == 1) && (sa_ptr->ast == 1)) + { + sa_service_type = SA_AUTHENTICATED_ENCRYPTION; + } + else + { + // Probably unnecessary check + // Leaving for now as it would be cleaner in SA to have an association enum returned I believe + printf(KRED "Error: SA Service Type is not defined! \n" RESET); + status = CRYPTO_LIB_ERROR; + mc_if->mc_log(status); + return status; + } + + // Determine Algorithm cipher & mode. // TODO - Parse authentication_cipher, and handle AEAD cases properly + if (sa_service_type != SA_PLAINTEXT) + { + ecs_is_aead_algorithm = Crypto_Is_AEAD_Algorithm(sa_ptr->ecs); + } + +#ifdef AOS_DEBUG + switch (sa_service_type) + { + case SA_PLAINTEXT: + printf(KBLU "Creating a SDLS AOS - CLEAR!\n" RESET); + break; + case SA_AUTHENTICATION: + printf(KBLU "Creating a SDLS AOS - AUTHENTICATED!\n" RESET); + break; + case SA_ENCRYPTION: + printf(KBLU "Creating a SDLS AOS - ENCRYPTED!\n" RESET); + break; + case SA_AUTHENTICATED_ENCRYPTION: + printf(KBLU "Creating a SDLS AOS - AUTHENTICATED ENCRYPTION!\n" RESET); + break; + } +#endif + + // Increment to end of mandatory 6 byte AOS Pri Hdr + idx = 6; + + // Detect if optional 2 byte FHEC is present + if(current_managed_parameters->aos_has_fhec == AOS_HAS_FHEC) + { + idx += 2; + } + + // Detect if optional variable length Insert Zone is present + if(current_managed_parameters->aos_has_iz == AOS_HAS_IZ) + { + idx += current_managed_parameters->aos_iz_len; + } + + // Idx is now at SPI location + + /** + * Begin Security Header Fields + * Reference CCSDS SDLP 3550b1 4.1.1.1.3 + **/ + + // Set SPI + pTfBuffer[idx] = ((sa_ptr->spi & 0xFF00) >> 8); + pTfBuffer[idx + 1] = (sa_ptr->spi & 0x00FF); + idx += 2; + + // Set initialization vector if specified +#ifdef SA_DEBUG + if (sa_ptr->shivf_len > 0 && sa_ptr->iv != NULL) + { + printf(KYEL "Using IV value:\n\t"); + for (i = 0; i < sa_ptr->iv_len; i++) + { + printf("%02x", *(sa_ptr->iv + i)); + } + printf("\n" RESET); + printf(KYEL "Transmitted IV value:\n\t"); + for (i = sa_ptr->iv_len - sa_ptr->shivf_len; i < sa_ptr->iv_len; i++) + { + printf("%02x", *(sa_ptr->iv + i)); + } + printf("\n" RESET); + } +#endif + if(sa_service_type != SA_PLAINTEXT && sa_ptr->ecs_len == 0 && sa_ptr->acs_len == 0) + { + status = CRYPTO_LIB_ERR_NULL_CIPHERS; +#ifdef AOS_DEBUG + printf(KRED "CRYPTO_LIB_ERR_NULL_CIPHERS, Invalid cipher lengths, %d\n" RESET, CRYPTO_LIB_ERR_NULL_CIPHERS); + printf(KRED "\tservice type is: %d\n", sa_service_type); + printf(KRED "\tsa_ptr->ecs_len is: %d\n", sa_ptr->ecs_len); + printf(KRED "\tsa_ptr->acs_len is: %d\n", sa_ptr->acs_len); +#endif + mc_if->mc_log(status); + return status; + } + + if(sa_ptr->est == 0 && sa_ptr->ast == 1) + { + if(sa_ptr->acs_len != 0) + { + if((sa_ptr->acs == CRYPTO_MAC_CMAC_AES256 || sa_ptr->acs == CRYPTO_MAC_HMAC_SHA256 || sa_ptr->acs == CRYPTO_MAC_HMAC_SHA512) && + sa_ptr->iv_len > 0 ) + { + status = CRYPTO_LIB_ERR_IV_NOT_SUPPORTED_FOR_ACS_ALGO; + mc_if->mc_log(status); + return status; + } + } + } + // Start index from the transmitted portion + for (i = sa_ptr->iv_len - sa_ptr->shivf_len; i < sa_ptr->iv_len; i++) + { + // Copy in IV from SA + pTfBuffer[idx] = *(sa_ptr->iv + i); + idx++; + } + + // Set anti-replay sequence number if specified + /** + * See also: 4.1.1.4.2 + * 4.1.1.4.4 If authentication or authenticated encryption is not selected + * for an SA, the Sequence Number field shall be zero octets in length. + * Reference CCSDS 3550b1 + **/ + for (i = sa_ptr->arsn_len - sa_ptr->shsnf_len; i < sa_ptr->arsn_len; i++) + { + // Copy in ARSN from SA + pTfBuffer[idx] = *(sa_ptr->arsn + i); + idx++; + } + + // Set security header padding if specified + /** + * 4.2.3.4 h) if the algorithm and mode selected for the SA require the use of + * fill padding, place the number of fill bytes used into the Pad Length field + * of the Security Header - Reference CCSDS 3550b1 + **/ + // TODO: Revisit this + // TODO: Likely SA API Call + /** 4.1.1.5.2 The Pad Length field shall contain the count of fill bytes used in the + * cryptographic process, consisting of an integral number of octets. - CCSDS 3550b1 + **/ + // TODO: Set this depending on crypto cipher used + + if(pkcs_padding) + { + uint8_t hex_padding[3] = {0}; //TODO: Create #Define for the 3 + pkcs_padding = pkcs_padding & 0x00FFFFFF; // Truncate to be maxiumum of 3 bytes in size + + // Byte Magic + hex_padding[0] = (pkcs_padding >> 16) & 0xFF; + hex_padding[1] = (pkcs_padding >> 8) & 0xFF; + hex_padding[2] = (pkcs_padding) & 0xFF; + + uint8_t padding_start = 0; + padding_start = 3 - sa_ptr->shplf_len; + + for (i = 0; i < sa_ptr->shplf_len; i++) + { + pTfBuffer[idx] = hex_padding[padding_start++]; + idx++; + } + } + + /** + * End Security Header Fields + **/ + + //TODO: Padding handled here, or TO? + // for (uint32_t i = 0; i < pkcs_padding; i++) + // { + // /** 4.1.1.5.2 The Pad Length field shall contain the count of fill bytes used in the + // * cryptographic process, consisting of an integral number of octets. - CCSDS 3550b1 + // **/ + // // TODO: Set this depending on crypto cipher used + // * (p_new_enc_frame + index + i) = (uint8_t)pkcs_padding; // How much padding is needed? + // // index++; + // } + + /** + * ~~~Index currently at start of data field, AKA end of security header~~~ + **/ + data_loc = idx; + // Calculate size of data to be encrypted + pdu_len = current_managed_parameters->max_frame_size - idx - sa_ptr->stmacf_len; + // Check other managed parameter flags, subtract their lengths from data field if present + if(current_managed_parameters->has_ocf == AOS_HAS_OCF) + { + pdu_len -= 4; + } + if(current_managed_parameters->has_fecf == AOS_HAS_FECF) + { + pdu_len -= 2; + } + +#ifdef AOS_DEBUG + printf(KYEL "Data location starts at: %d\n" RESET, idx); + printf(KYEL "Data size is: %d\n" RESET, pdu_len); + printf(KYEL "Index at end of SPI is: %d\n", idx); + if(current_managed_parameters->has_ocf == AOS_HAS_OCF) + { + // If OCF exists, comes immediately after MAC + printf(KYEL "OCF Location is: %d" RESET, idx + pdu_len + sa_ptr->stmacf_len); + } + if(current_managed_parameters->has_fecf == AOS_HAS_FECF) + { + // If FECF exists, comes just before end of the frame + printf(KYEL "FECF Location is: %d\n" RESET, current_managed_parameters->max_frame_size - 2); + } +#endif + + // Get Key + crypto_key_t* ekp = NULL; + ekp = key_if->get_key(sa_ptr->ekid); + if (ekp == NULL) + { + status = CRYPTO_LIB_ERR_KEY_ID_ERROR; + mc_if->mc_log(status); + return status; + } + + crypto_key_t* akp = NULL; + akp = key_if->get_key(sa_ptr->akid); + if (akp == NULL) + { + status = CRYPTO_LIB_ERR_KEY_ID_ERROR; + mc_if->mc_log(status); + return status; + } + + /** + * Begin Authentication / Encryption + **/ + + if (sa_service_type != SA_PLAINTEXT) + { + aad_len = 0; + + if (sa_service_type == SA_AUTHENTICATED_ENCRYPTION || sa_service_type == SA_AUTHENTICATION) + { + mac_loc = idx+pdu_len; +#ifdef MAC_DEBUG + printf(KYEL "MAC location is: %d\n" RESET, mac_loc); + printf(KYEL "MAC size is: %d\n" RESET, sa_ptr->stmacf_len); +#endif + + // Prepare the Header AAD (CCSDS 335.0-B-2 4.2.3.4) + aad_len = idx; // At the very least AAD includes the header + if (sa_service_type == SA_AUTHENTICATION) // auth only, we authenticate the payload as part of the AEAD encrypt call here + { + aad_len += pdu_len; + } +#ifdef AOS_DEBUG + printf("Calculated AAD Length: %d\n",aad_len); +#endif + if (sa_ptr->abm_len < aad_len) + { + status = CRYPTO_LIB_ERR_ABM_TOO_SHORT_FOR_AAD; + printf(KRED "Error: abm_len of %d < aad_len of %d\n" RESET, sa_ptr->abm_len, aad_len); + mc_if->mc_log(status); + return status; + } + status = Crypto_Prepare_AOS_AAD(&pTfBuffer[0], aad_len, sa_ptr->abm, &aad[0]); + } + } + + // AEAD Algorithm Logic + if(sa_service_type != SA_PLAINTEXT && ecs_is_aead_algorithm == CRYPTO_TRUE) + { + if(sa_service_type == SA_ENCRYPTION) + { + status = cryptography_if->cryptography_encrypt(//Stub out data in/out as this is done in place and want to save cycles + (uint8_t*)(&pTfBuffer[data_loc]), // ciphertext output + (size_t) pdu_len, // length of data + (uint8_t*)(&pTfBuffer[data_loc]), // plaintext input + (size_t) pdu_len, // in data length - from start of frame to end of data + &(ekp->value[0]), // Key + Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs), + sa_ptr, // SA (for key reference) + sa_ptr->iv, // IV + sa_ptr->iv_len, // IV Length + &sa_ptr->ecs, // encryption cipher + pkcs_padding, // authentication cipher + NULL); + } + if(sa_service_type == SA_AUTHENTICATED_ENCRYPTION) + { + status = cryptography_if->cryptography_aead_encrypt((uint8_t*)(&pTfBuffer[data_loc]), // ciphertext output + (size_t) pdu_len, // length of data + (uint8_t*)(&pTfBuffer[data_loc]), // plaintext input + (size_t) pdu_len, // in data length + &(ekp->value[0]), // Key + Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs), // Length of key derived from sa_ptr key_ref + sa_ptr, // SA (for key reference) + sa_ptr->iv, // IV + sa_ptr->iv_len, // IV Length + &pTfBuffer[mac_loc], // tag output + sa_ptr->stmacf_len, // tag size + aad, // AAD Input + aad_len, // Length of AAD + (sa_ptr->est==1), + (sa_ptr->ast==1), + (sa_ptr->ast==1), + &sa_ptr->ecs, // encryption cipher + &sa_ptr->acs, // authentication cipher + NULL); + } + } + + else if (sa_service_type != SA_PLAINTEXT && ecs_is_aead_algorithm == CRYPTO_FALSE) // Non aead algorithm + { + // TODO - implement non-AEAD algorithm logic + if(sa_service_type == SA_AUTHENTICATION) + { + status = cryptography_if->cryptography_authenticate(//Stub out data in/out as this is done in place and want to save cycles + (uint8_t*)(&pTfBuffer[0]), // ciphertext output + (size_t) 0, // length of data + (uint8_t*)(&pTfBuffer[0]), // plaintext input + (size_t)0, // in data length - from start of frame to end of data + &(akp->value[0]), // Key + Crypto_Get_ACS_Algo_Keylen(sa_ptr->acs), + sa_ptr, // SA (for key reference) + sa_ptr->iv, // IV + sa_ptr->iv_len, // IV Length + &pTfBuffer[mac_loc], // tag output + sa_ptr->stmacf_len, // tag size + aad, // AAD Input + aad_len, // Length of AAD + sa_ptr->ecs, // encryption cipher + sa_ptr->acs, // authentication cipher + NULL); + } + else if(sa_service_type == SA_ENCRYPTION || sa_service_type == SA_AUTHENTICATED_ENCRYPTION) + { + if (sa_service_type == SA_ENCRYPTION) + { + status = cryptography_if->cryptography_encrypt(//Stub out data in/out as this is done in place and want to save cycles + (uint8_t*)(&pTfBuffer[data_loc]), // ciphertext output + (size_t) pdu_len, // length of data + (uint8_t*)(&pTfBuffer[data_loc]), // plaintext input + (size_t) pdu_len, // in data length - from start of frame to end of data + &(ekp->value[0]), // Key + Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs), + sa_ptr, // SA (for key reference) + sa_ptr->iv, // IV + sa_ptr->iv_len, // IV Length + &sa_ptr->ecs, // encryption cipher + pkcs_padding, // authentication cipher + NULL); + } + } + else if(sa_service_type == SA_PLAINTEXT) + { + // Do nothing, SDLS fields were already copied into static frame in memory + } + else{ +#ifdef AOS_DEBUG + printf(KRED "Service type reported as: %d\n" RESET, sa_service_type); + printf(KRED "ECS IS AEAD Value: %d\n" RESET, ecs_is_aead_algorithm); +#endif + status = CRYPTO_LIB_ERR_UNSUPPORTED_MODE; + } + } + + if (status != CRYPTO_LIB_SUCCESS) + { + return status; // Cryptography IF call failed, return. + } + + if (sa_service_type != SA_PLAINTEXT) + { +#ifdef INCREMENT + if (crypto_config.crypto_increment_nontransmitted_iv == SA_INCREMENT_NONTRANSMITTED_IV_TRUE) + { + if (sa_ptr->shivf_len > 0 && sa_ptr->iv_len != 0) + { + Crypto_increment(sa_ptr->iv, sa_ptr->iv_len); + } + } + else // SA_INCREMENT_NONTRANSMITTED_IV_FALSE + { + // Only increment the transmitted portion + if (sa_ptr->shivf_len > 0 && sa_ptr->iv_len != 0) + { + Crypto_increment(sa_ptr->iv + (sa_ptr->iv_len - sa_ptr->shivf_len), sa_ptr->shivf_len); + } + } + if (sa_ptr->shsnf_len > 0) + { + Crypto_increment(sa_ptr->arsn, sa_ptr->arsn_len); + } + +#ifdef SA_DEBUG + if (sa_ptr->iv_len > 0) + { + printf(KYEL "Next IV value is:\n\t"); + for (i = 0; i < sa_ptr->iv_len; i++) + { + printf("%02x", *(sa_ptr->iv + i)); + } + printf("\n" RESET); + printf(KYEL "Next transmitted IV value is:\n\t"); + for (i = sa_ptr->iv_len - sa_ptr->shivf_len; i < sa_ptr->iv_len; i++) + { + printf("%02x", *(sa_ptr->iv + i)); + } + printf("\n" RESET); + } + printf(KYEL "Next ARSN value is:\n\t"); + for (i = 0; i < sa_ptr->arsn_len; i++) + { + printf("%02x", *(sa_ptr->arsn + i)); + } + printf("\n" RESET); + printf(KYEL "Next transmitted ARSN value is:\n\t"); + for (i = sa_ptr->arsn_len - sa_ptr->shsnf_len; i < sa_ptr->arsn_len; i++) + { + printf("%02x", *(sa_ptr->arsn + i)); + } + printf("\n" RESET); +#endif +#endif + } + + // Move idx to mac location + idx += pdu_len; +#ifdef AOS_DEBUG + if (sa_ptr->stmacf_len > 0) + { + printf(KYEL "Data length is %d\n" RESET, pdu_len); + printf(KYEL "MAC location starts at: %d\n" RESET, idx); + printf(KYEL "MAC length of %d\n" RESET, sa_ptr->stmacf_len); + } + else + { + printf(KYEL "MAC NOT SET TO BE USED IN SA - LENGTH IS 0\n"); + } +#endif + +//TODO OCF - ? Here, elsewhere? + + /** + * End Authentication / Encryption + **/ + + // Only calculate & insert FECF if CryptoLib is configured to do so & gvcid includes FECF. + if (current_managed_parameters->has_fecf == AOS_HAS_FECF) + { +#ifdef FECF_DEBUG + printf(KCYN "Calcing FECF over %d bytes\n" RESET, current_managed_parameters->max_frame_size - 2); +#endif + if (crypto_config.crypto_create_fecf == CRYPTO_AOS_CREATE_FECF_TRUE) + { + new_fecf = Crypto_Calc_FECF((uint8_t*)pTfBuffer, current_managed_parameters->max_frame_size - 2); + pTfBuffer[current_managed_parameters->max_frame_size - 2] = (uint8_t)((new_fecf & 0xFF00) >> 8); + pTfBuffer[current_managed_parameters->max_frame_size - 1] = (uint8_t)(new_fecf & 0x00FF); + } + else // CRYPTO_TC_CREATE_FECF_FALSE + { + pTfBuffer[current_managed_parameters->max_frame_size - 2] = (uint8_t)0x00; + pTfBuffer[current_managed_parameters->max_frame_size - 1] = (uint8_t)0x00; + } + idx += 2; + } + +#ifdef AOS_DEBUG + printf(KYEL "Printing new AOS frame:\n\t"); + for(int i = 0; i < current_managed_parameters->max_frame_size; i++) + { + printf("%02X", pTfBuffer[i]); + } + printf("\n"); +#endif + + status = sa_if->sa_save_sa(sa_ptr); + +#ifdef DEBUG + printf(KYEL "----- Crypto_AOS_ApplySecurity END -----\n" RESET); +#endif + + mc_if->mc_log(status); + return status; +} + +/** Preserving for now + // Check for idle frame trigger + if (((uint8_t)ingest[0] == 0x08) && ((uint8_t)ingest[1] == 0x90)) + { // Zero ingest + for (x = 0; x <*len_ingest; x++) + { + ingest[x] = 0; + } + // Update AOS First Header Pointer + aos_frame.tm_header.fhp = 0xFE; + } + else + { // Update the length of the ingest from the CCSDS header + *len_ingest = (ingest[4] << 8) | ingest[5]; + ingest[5] = ingest[5] - 5; + // Remove outgoing secondary space packet header flag + ingest[0] = 0x00; + // Change sequence flags to 0xFFFF + ingest[2] = 0xFF; + ingest[3] = 0xFF; + // Add 2 bytes of CRC to space packet + spp_crc = Crypto_Calc_CRC16((uint8_t*)ingest,*len_ingest); + ingest[*len_ingest] = (spp_crc & 0xFF00) >> 8; + ingest[*len_ingest + 1] = (spp_crc & 0x00FF); + *len_ingest =*len_ingest + 2; + // Update AOS First Header Pointer + aos_frame.tm_header.fhp = aos_offset; +#ifdef AOS_DEBUG + printf("tm_offset = %d \n", aos_offset); +#endif + } + printf("LINE: %d\n",__LINE__); + // Update Current Telemetry Frame in Memory + // Counters + aos_frame.tm_header.mcfc++; + aos_frame.tm_header.vcfc++; + printf("LINE: %d\n",__LINE__); + // Operational Control Field + Crypto_AOS_updateOCF(); + printf("LINE: %d\n",__LINE__); + // Payload Data Unit + Crypto_AOS_updatePDU(ingest,*len_ingest); + printf("LINE: %d\n",__LINE__); + if (sa_if->sa_get_from_spi(spi, &sa_ptr) != CRYPTO_LIB_SUCCESS) + { + // TODO - Error handling + status = CRYPTO_LIB_ERROR; + mc_if->mc_log(status); + return status; // Error -- unable to get SA from SPI. + } + printf("LINE: %d\n",__LINE__); + // Check test flags + if (badSPI == 1) + { + aos_frame.tm_sec_header.spi++; + } + if (badIV == 1) + { + * (sa_ptr->iv + sa_ptr->shivf_len - 1) =* (sa_ptr->iv + sa_ptr->shivf_len - 1) + 1; + } + if (badMAC == 1) + { + aos_frame.tm_sec_trailer.mac[MAC_SIZE - 1]++; + } + printf("LINE: %d\n",__LINE__); + // Initialize the temporary AOS frame + // Header + tempAOS[count++] = (uint8_t)((tm_frame.tm_header.tfvn << 6) | ((tm_frame.tm_header.scid & 0x3F0) >> 4)); + printf("LINE: %d\n",__LINE__); + tempAOS[count++] = (uint8_t)(((tm_frame.tm_header.scid & 0x00F) << 4) | (tm_frame.tm_header.vcid << 1) | + (tm_frame.tm_header.ocff)); + tempAOS[count++] = (uint8_t)(tm_frame.tm_header.mcfc); + tempAOS[count++] = (uint8_t)(tm_frame.tm_header.vcfc); + tempAOS[count++] = + (uint8_t)((tm_frame.tm_header.tfsh << 7) | (tm_frame.tm_header.sf << 6) | (tm_frame.tm_header.pof << 5) | + (tm_frame.tm_header.slid << 3) | ((tm_frame.tm_header.fhp & 0x700) >> 8)); + tempAOS[count++] = (uint8_t)(tm_frame.tm_header.fhp & 0x0FF); + // tempAOS[count++] = (uint8_t) ((tm_frame.tm_header.tfshvn << 6) | aos_frame.tm_header.tfshlen); + // Security Header + printf("LINE: %d\n",__LINE__); + tempAOS[count++] = (uint8_t)((spi & 0xFF00) >> 8); + tempAOS[count++] = (uint8_t)((spi & 0x00FF)); + if(sa_ptr->shivf_len > 0) + { + memcpy(tm_frame.tm_sec_header.iv, sa_ptr->iv, sa_ptr->shivf_len); + } + printf("LINE: %d\n",__LINE__); + // TODO: Troubleshoot + // Padding Length + // pad_len = Crypto_Get_tmLength(*len_ingest) - AOS_MIN_SIZE + IV_SIZE + AOS_PAD_SIZE -*len_ingest; + printf("LINE: %d\n",__LINE__); + // Only add IV for authenticated encryption + if ((sa_ptr->est == 1) && (sa_ptr->ast == 1)) + { // Initialization Vector +#ifdef INCREMENT + printf("LINE: %d\n",__LINE__); + Crypto_increment(sa_ptr->iv, sa_ptr->shivf_len); +#endif + if ((sa_ptr->est == 1) || (sa_ptr->ast == 1)) + { + printf("LINE: %d\n",__LINE__); + for (x = 0; x < IV_SIZE; x++) + { + tempAOS[count++] =* (sa_ptr->iv + x); + } + } + pdu_loc = count; + pad_len = pad_len - IV_SIZE - AOS_PAD_SIZE + OCF_SIZE; + pdu_len =*len_ingest + pad_len; + } + else + { // Include padding length bytes - hard coded per ESA testing + printf("LINE: %d\n",__LINE__); + tempAOS[count++] = 0x00; // pad_len >> 8; + tempAOS[count++] = 0x1A; // pad_len + pdu_loc = count; + pdu_len =*len_ingest + pad_len; + } + printf("LINE: %d\n",__LINE__); + // Payload Data Unit + for (x = 0; x < (pdu_len); x++) + { + tempAOS[count++] = (uint8_t)tm_frame.tm_pdu[x]; + } + // Message Authentication Code + mac_loc = count; + for (x = 0; x < MAC_SIZE; x++) + { + tempAOS[count++] = 0x00; + } + printf("LINE: %d\n",__LINE__); + // Operational Control Field + for (x = 0; x < OCF_SIZE; x++) + { + tempAOS[count++] = (uint8_t)tm_frame.tm_sec_trailer.ocf[x]; + } + printf("LINE: %d\n",__LINE__); + // Frame Error Control Field + fecf_loc = count; + aos_frame.tm_sec_trailer.fecf = Crypto_Calc_FECF((uint8_t*)tempAOS, count); + tempAOS[count++] = (uint8_t)((tm_frame.tm_sec_trailer.fecf & 0xFF00) >> 8); + tempAOS[count++] = (uint8_t)(tm_frame.tm_sec_trailer.fecf & 0x00FF); + + // Determine Mode + // Clear + if ((sa_ptr->est == 0) && (sa_ptr->ast == 0)) + { +#ifdef DEBUG + printf(KBLU "Creating a AOS - CLEAR! \n" RESET); +#endif + // Copy temporary frame to ingest + memcpy(ingest, tempAOS, count); + } + // Authenticated Encryption + else if ((sa_ptr->est == 1) && (sa_ptr->ast == 1)) + { +#ifdef DEBUG + printf(KBLU "Creating a AOS - AUTHENTICATED ENCRYPTION! \n" RESET); +#endif + + // Copy AOS to ingest + memcpy(ingest, tempAOS, pdu_loc); + +#ifdef MAC_DEBUG + printf("AAD = 0x"); +#endif + // Prepare additional authenticated data + for (y = 0; y < sa_ptr->abm_len; y++) + { + aad[y] = ingest[y] &* (sa_ptr->abm + y); +#ifdef MAC_DEBUG + printf("%02x", aad[y]); +#endif + } +#ifdef MAC_DEBUG + printf("\n"); +#endif + + status = cryptography_if->cryptography_aead_encrypt(&(ingest[pdu_loc]), // ciphertext output + (size_t)pdu_len, // length of data + &(tempAOS[pdu_loc]), // plaintext input + (size_t)pdu_len, // in data length + &(ekp->value[0]), // Key + KEY_SIZE, + sa_ptr, + sa_ptr->iv, + sa_ptr->shivf_len, + &(ingest[mac_loc]), + MAC_SIZE, + &(aad[0]), // AAD Input location + sa_ptr->abm_len, // AAD is size of ABM in this case + CRYPTO_TRUE, // Encrypt + CRYPTO_FALSE, // Authenticate // TODO -- Set to SA value, manually setting to false here so existing tests pass. Existing data was generated with authenticate then encrypt, when it should have been encrypt then authenticate. + CRYPTO_TRUE, // Use AAD + sa_ptr->ecs, // encryption cipher + sa_ptr->acs, // authentication cipher + NULL // cam_cookies (not supported in AOS functions yet) + ); + + + // Update OCF + y = 0; + for (x = OCF_SIZE; x > 0; x--) + { + ingest[fecf_loc - x] = aos_frame.tm_sec_trailer.ocf[y++]; + } + + // Update FECF + aos_frame.tm_sec_trailer.fecf = Crypto_Calc_FECF((uint8_t*)ingest, fecf_loc - 1); + ingest[fecf_loc] = (uint8_t)((tm_frame.tm_sec_trailer.fecf & 0xFF00) >> 8); + ingest[fecf_loc + 1] = (uint8_t)(tm_frame.tm_sec_trailer.fecf & 0x00FF); + } + // Authentication + else if ((sa_ptr->est == 0) && (sa_ptr->ast == 1)) + { +#ifdef DEBUG + printf(KBLU "Creating a AOS - AUTHENTICATED! \n" RESET); +#endif + // TODO: Future work. Operationally same as clear. + memcpy(ingest, tempAOS, count); + } + // Encryption + else if ((sa_ptr->est == 1) && (sa_ptr->ast == 0)) + { +#ifdef DEBUG + printf(KBLU "Creating a AOS - ENCRYPTED! \n" RESET); +#endif + // TODO: Future work. Operationally same as clear. + memcpy(ingest, tempAOS, count); + } + +#ifdef AOS_DEBUG + Crypto_tmPrint(&tm_frame); +#endif + +#ifdef DEBUG + printf(KYEL "----- Crypto_AOS_ApplySecurity END -----\n" RESET); +#endif + + *len_ingest = count; + mc_if->mc_log(status); + return status; +} **/ + +/** + * @brief Function: Crypto_AOS_ProcessSecurity + * @param ingest: uint8_t* + * @param len_ingest: int* + * @return int32: Success/Failure + **/ +int32_t Crypto_AOS_ProcessSecurity(uint8_t* p_ingest, uint16_t len_ingest, uint8_t** pp_processed_frame, uint16_t* p_decrypted_length) +{ + // Local Variables + int32_t status = CRYPTO_LIB_SUCCESS; + uint8_t aad[1786]; + uint16_t aad_len = 0; + uint16_t byte_idx = 0; + uint8_t ecs_is_aead_algorithm; + uint32_t encryption_cipher = 0; + uint8_t iv_loc; + int mac_loc = 0; + uint16_t pdu_len = 1; + uint8_t* p_new_dec_frame = NULL; + SecurityAssociation_t* sa_ptr = NULL; + uint8_t sa_service_type = -1; + uint8_t spi = -1; + + // Bit math to give concise access to values in the ingest + aos_frame_pri_hdr.tfvn = ((uint8_t)p_ingest[0] & 0xC0) >> 6; + aos_frame_pri_hdr.scid = (((uint16_t)p_ingest[0] & 0x3F) << 4) | (((uint16_t)p_ingest[1] & 0xF0) >> 4); + aos_frame_pri_hdr.vcid = ((uint8_t)p_ingest[1] & 0x0E) >> 1; + +#ifdef DEBUG + printf(KYEL "\n----- Crypto_AOS_ProcessSecurity START -----\n" RESET); +#endif + + if (len_ingest < 6) // Frame length doesn't even have enough bytes for header -- error out. + { + status = CRYPTO_LIB_ERR_INPUT_FRAME_TOO_SHORT_FOR_AOS_STANDARD; + mc_if->mc_log(status); + return status; + } + + if ((crypto_config.init_status == UNITIALIZED) || (mc_if == NULL) || (sa_if == NULL)) + { +#ifdef AOS_DEBUG + printf(KRED "ERROR: CryptoLib Configuration Not Set! -- CRYPTO_LIB_ERR_NO_CONFIG, Will Exit\n" RESET); +#endif + status = CRYPTO_LIB_ERR_NO_CONFIG; + // Can't mc_log if it's not configured + if (mc_if != NULL) + { + mc_if->mc_log(status); + } + return status; + } + + // Query SA DB for active SA / SDLS parameters + if (sa_if == NULL) // This should not happen, but tested here for safety + { + printf(KRED "ERROR: SA DB Not initalized! -- CRYPTO_LIB_ERR_NO_INIT, Will Exit\n" RESET); + status = CRYPTO_LIB_ERR_NO_INIT; + return status; + } + +#ifdef AOS_DEBUG + printf(KGRN "AOS Process Using following parameters:\n\t" RESET); + printf(KGRN "tvfn: %d\t scid: %d\t vcid: %d\n" RESET, aos_frame_pri_hdr.tfvn, aos_frame_pri_hdr.scid, aos_frame_pri_hdr.vcid ); +#endif + + // Lookup-retrieve managed parameters for frame via gvcid: + status = Crypto_Get_Managed_Parameters_For_Gvcid( + aos_frame_pri_hdr.tfvn, aos_frame_pri_hdr.scid, aos_frame_pri_hdr.vcid, + gvcid_managed_parameters, ¤t_managed_parameters); + + if (status != CRYPTO_LIB_SUCCESS) + { +#ifdef AOS_DEBUG + printf(KRED "**NO LUCK WITH GVCID!\n" RESET); +#endif + mc_if->mc_log(status); + return status; + } // Unable to get necessary Managed Parameters for AOS TF -- return with error. + + // Increment to end of Primary Header start, depends on FHECF presence + byte_idx = 6; + if (current_managed_parameters->aos_has_fhec == AOS_HAS_FHEC) + { + byte_idx = 8; + } + + // Determine if Insert Zone exists, increment past it if so + if (current_managed_parameters->aos_has_iz) + { + byte_idx += current_managed_parameters->aos_iz_len; + } + + /** + * Begin Security Header Fields + * Reference CCSDS SDLP 3550b1 4.1.1.1.3 + **/ + // Get SPI + spi = (uint8_t)p_ingest[byte_idx] << 8 | (uint8_t)p_ingest[byte_idx + 1]; + // Move index to past the SPI + byte_idx += 2; + + status = sa_if->sa_get_from_spi(spi, &sa_ptr); + // If no valid SPI, return + if (status != CRYPTO_LIB_SUCCESS) + { + mc_if->mc_log(status); + return status; + } + +#ifdef SA_DEBUG + printf(KYEL "DEBUG - Printing SA Entry for current frame.\n" RESET); + Crypto_saPrint(sa_ptr); +#endif + // Determine SA Service Type + if ((sa_ptr->est == 0) && (sa_ptr->ast == 0)) + { + sa_service_type = SA_PLAINTEXT; + } + else if ((sa_ptr->est == 0) && (sa_ptr->ast == 1)) + { + sa_service_type = SA_AUTHENTICATION; + } + else if ((sa_ptr->est == 1) && (sa_ptr->ast == 0)) + { + sa_service_type = SA_ENCRYPTION; + } + else if ((sa_ptr->est == 1) && (sa_ptr->ast == 1)) + { + sa_service_type = SA_AUTHENTICATED_ENCRYPTION; + } + else + { + // Probably unnecessary check + // Leaving for now as it would be cleaner in SA to have an association enum returned I believe + printf(KRED "Error: SA Service Type is not defined! \n" RESET); + status = CRYPTO_LIB_ERROR; + mc_if->mc_log(status); + return status; + } + + // Determine Algorithm cipher & mode. // TODO - Parse authentication_cipher, and handle AEAD cases properly + if (sa_service_type != SA_PLAINTEXT) + { + if (sa_ptr->ecs != CRYPTO_CIPHER_NONE) + { + encryption_cipher = sa_ptr->ecs; +#ifdef TC_DEBUG + printf(KYEL "SA Encryption Cipher: %d\n", encryption_cipher); +#endif + } + // If no pointer, must not be using ECS at all + else + { + encryption_cipher = CRYPTO_CIPHER_NONE; + } + ecs_is_aead_algorithm = Crypto_Is_AEAD_Algorithm(encryption_cipher); + } + + if ( encryption_cipher == CRYPTO_CIPHER_NONE && sa_ptr->est == 1) + { + status = CRYPTO_LIB_ERR_NO_ECS_SET_FOR_ENCRYPTION_MODE; + mc_if->mc_log(status); + return status; + } + +#ifdef AOS_DEBUG + switch (sa_service_type) + { + case SA_PLAINTEXT: + printf(KBLU "Processing a AOS - CLEAR!\n" RESET); + break; + case SA_AUTHENTICATION: + printf(KBLU "Processing a AOS - AUTHENTICATED!\n" RESET); + break; + case SA_ENCRYPTION: + printf(KBLU "Processing a AOS - ENCRYPTED!\n" RESET); + break; + case SA_AUTHENTICATED_ENCRYPTION: + printf(KBLU "Processing a AOS - AUTHENTICATED ENCRYPTION!\n" RESET); + break; + } +#endif + + // Parse & Check FECF, if present, and update fecf length + if (current_managed_parameters->has_fecf == AOS_HAS_FECF) + { + uint16_t received_fecf = (((p_ingest[current_managed_parameters->max_frame_size - 2] << 8) & 0xFF00) | + (p_ingest[current_managed_parameters->max_frame_size - 1] & 0x00FF)); + + if (crypto_config.crypto_check_fecf == AOS_CHECK_FECF_TRUE) + { + // Calculate our own + uint16_t calculated_fecf = Crypto_Calc_FECF(p_ingest, len_ingest - 2); + // Compare FECFs + // Invalid FECF + if (received_fecf != calculated_fecf) + { +#ifdef FECF_DEBUG + printf("Received FECF is 0x%04X\n", received_fecf); + printf("Calculated FECF is 0x%04X\n", calculated_fecf); + printf("FECF was Calced over %d bytes\n", len_ingest-2); +#endif + status = CRYPTO_LIB_ERR_INVALID_FECF; + mc_if->mc_log(status); + return status; + } + // Valid FECF, zero out the field + else + { +#ifdef FECF_DEBUG + printf(KYEL "FECF CALC MATCHES! - GOOD\n" RESET); +#endif + ; + } + } + } + // Needs to be AOS_HAS_FECF (checked above, or AOS_NO_FECF) + else if (current_managed_parameters->has_fecf != AOS_NO_FECF) + { +#ifdef AOS_DEBUG + printf(KRED "AOS_Process Error...tfvn: %d scid: 0x%04X vcid: 0x%02X fecf_enum: %d\n" RESET, + current_managed_parameters->tfvn, current_managed_parameters->scid, + current_managed_parameters->vcid, current_managed_parameters->has_fecf); +#endif + status = CRYPTO_LIB_ERR_TC_ENUM_USED_FOR_AOS_CONFIG; + mc_if->mc_log(status); + return status; + } + + // Accio buffer + p_new_dec_frame = (uint8_t*)calloc(1, (len_ingest) * sizeof(uint8_t)); + if (!p_new_dec_frame) + { + printf(KRED "Error: Calloc for decrypted output buffer failed! \n" RESET); + status = CRYPTO_LIB_ERROR; + mc_if->mc_log(status); + return status; + } + + // Copy over AOS Primary Header (6 bytes) + memcpy(p_new_dec_frame, &p_ingest[0], 6); + + // Copy over insert zone data, if it exists + if (current_managed_parameters->aos_has_iz == AOS_HAS_IZ) + { + memcpy(p_new_dec_frame+6, &p_ingest[6], current_managed_parameters->aos_iz_len); +#ifdef AOS_DEBUG + printf("Copied over the following:\n\t"); + for (int i=0; i < current_managed_parameters->aos_iz_len;i++) + { + printf("%02X",p_ingest[6+i]); + } + printf("\n"); +#endif + } + + // Byte_idx is still set to just past the SPI + // If IV is present, note location + if (sa_ptr->iv_len > 0) + { + iv_loc = byte_idx; + } + // Increment byte_idx past Security Header Fields based on SA values + byte_idx += sa_ptr->shivf_len; + byte_idx += (sa_ptr->arsn_len - sa_ptr->shsnf_len); + byte_idx += sa_ptr->shplf_len; + +#ifdef SA_DEBUG + printf(KYEL "IV length of %d bytes\n" RESET, sa_ptr->shivf_len); + printf(KYEL "ARSN length of %d bytes\n" RESET, sa_ptr->arsn_len - sa_ptr->shsnf_len); + printf(KYEL "PAD length field of %d bytes\n" RESET, sa_ptr->shplf_len); + printf(KYEL "First byte past Security Header is at index %d\n" RESET, byte_idx); +#endif + + /** + * End Security Header Fields + * byte_idx is now at start of pdu / encrypted data + **/ + + // Calculate size of the protocol data unit + // NOTE: This size itself is not the length for authentication + pdu_len = current_managed_parameters->max_frame_size - (byte_idx) - sa_ptr->stmacf_len; + if(current_managed_parameters->has_ocf == AOS_HAS_OCF) + { + pdu_len -= 4; + } + if(current_managed_parameters->has_fecf == AOS_HAS_FECF) + { + pdu_len -= 2; + } + + // If MAC exists, comes immediately after pdu + if (sa_ptr->stmacf_len > 0) + { + mac_loc = byte_idx + pdu_len; + } + +#ifdef AOS_DEBUG + printf(KYEL "Index / data location starts at: %d\n" RESET, byte_idx); + printf(KYEL "Data size is: %d\n" RESET, pdu_len); + if(current_managed_parameters->has_ocf == AOS_HAS_OCF) + { + // If OCF exists, comes immediately after MAC + printf(KYEL "OCF Location is: %d" RESET, byte_idx + pdu_len + sa_ptr->stmacf_len); + } + if(current_managed_parameters->has_fecf == AOS_HAS_FECF) + { + // If FECF exists, comes just before end of the frame + printf(KYEL "FECF Location is: %d\n" RESET, current_managed_parameters->max_frame_size - 2); + } +#endif + + // Get Key + crypto_key_t* ekp = NULL; + ekp = key_if->get_key(sa_ptr->ekid); + if (ekp == NULL) + { + status = CRYPTO_LIB_ERR_KEY_ID_ERROR; + mc_if->mc_log(status); + return status; + } + + crypto_key_t* akp = NULL; + akp = key_if->get_key(sa_ptr->akid); + if (akp == NULL) + { + status = CRYPTO_LIB_ERR_KEY_ID_ERROR; + mc_if->mc_log(status); + return status; + } + + /** + * Begin Authentication / Encryption + **/ + + // if(sa_service_type != SA_PLAINTEXT) + // { + // status = CRYPTO_LIB_ERR_NULL_CIPHERS; + // mc_if->mc_log(status); + // return status; + // } + + // Parse MAC, prepare AAD + if ((sa_service_type == SA_AUTHENTICATION) || (sa_service_type == SA_AUTHENTICATED_ENCRYPTION)) + { +#ifdef MAC_DEBUG + printf("MAC Parsed from Frame:\n\t"); + Crypto_hexprint(p_ingest+mac_loc,sa_ptr->stmacf_len); +#endif + if (sa_service_type == SA_AUTHENTICATED_ENCRYPTION) + { + aad_len = byte_idx; + } + else + { + aad_len = mac_loc; + } + if (sa_ptr->abm_len < aad_len) + { + status = CRYPTO_LIB_ERR_ABM_TOO_SHORT_FOR_AAD; + mc_if->mc_log(status); + return status; + } + // Use ingest and abm to create aad + Crypto_Prepare_AOS_AAD(p_ingest, aad_len, sa_ptr->abm, &aad[0]); + +#ifdef MAC_DEBUG + printf("AAD Debug:\n\tAAD Length is %d\n\t AAD is: ", aad_len); + for (int i = 0; icryptography_decrypt(p_new_dec_frame+byte_idx, // plaintext output + pdu_len, // length of data + p_ingest+byte_idx, // ciphertext input + pdu_len, // in data length + &(ekp->value[0]), // Key + Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs), + sa_ptr, // SA for key reference + p_ingest+iv_loc, // IV + sa_ptr->iv_len, // IV Length + &sa_ptr->ecs, // encryption cipher + &sa_ptr->acs, // authentication cipher + NULL); + } + if(sa_service_type == SA_AUTHENTICATED_ENCRYPTION) + { + status = cryptography_if->cryptography_aead_decrypt(p_new_dec_frame+byte_idx, // plaintext output + pdu_len, // length of data + p_ingest+byte_idx, // ciphertext input + pdu_len, // in data length + &(ekp->value[0]), // Key + Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs), + sa_ptr, // SA for key reference + p_ingest+iv_loc, // IV. + sa_ptr->iv_len, // IV Length + p_ingest+mac_loc, // Frame Expected Tag + sa_ptr->stmacf_len, // tag size + aad, // additional authenticated data + aad_len, // length of AAD + (sa_ptr->est), // Decryption Bool + (sa_ptr->ast), // Authentication Bool + (sa_ptr->ast), // AAD Bool + &sa_ptr->ecs, // encryption cipher + &sa_ptr->acs, // authentication cipher + NULL); + } + + } + + else if (sa_service_type != SA_PLAINTEXT && ecs_is_aead_algorithm == CRYPTO_FALSE) + { + // TODO - implement non-AEAD algorithm logic + if(sa_service_type == SA_AUTHENTICATION || sa_service_type == SA_AUTHENTICATED_ENCRYPTION) + { + status = cryptography_if->cryptography_validate_authentication(p_new_dec_frame+byte_idx, // plaintext output + pdu_len, // length of data + p_ingest+byte_idx, // ciphertext input + pdu_len, // in data length + &(akp->value[0]), // Key + Crypto_Get_ACS_Algo_Keylen(sa_ptr->acs), + sa_ptr, // SA for key reference + p_ingest+iv_loc, // IV + sa_ptr->iv_len, // IV Length + p_ingest+mac_loc, // Frame Expected Tag + sa_ptr->stmacf_len, // tag size + aad, // additional authenticated data + aad_len, // length of AAD + CRYPTO_CIPHER_NONE, // encryption cipher + sa_ptr->acs, // authentication cipher + NULL); // cam cookies + + } + if(sa_service_type == SA_ENCRYPTION || sa_service_type == SA_AUTHENTICATED_ENCRYPTION) + { + // Check that key length to be used emets the algorithm requirement + if((int32_t) ekp->key_len != Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs)) + { + // free(aad); - non-heap object + status = CRYPTO_LIB_ERR_KEY_LENGTH_ERROR; + mc_if->mc_log(status); + return status; + } + + status = cryptography_if->cryptography_decrypt(p_new_dec_frame+byte_idx, // plaintext output + pdu_len, // length of data + p_ingest+byte_idx, // ciphertext input + pdu_len, // in data length + &(ekp->value[0]), // Key + Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs), + sa_ptr, // SA for key reference + p_ingest+iv_loc, // IV + sa_ptr->iv_len, // IV Length + &sa_ptr->ecs, // encryption cipher + &sa_ptr->acs, // authentication cipher + NULL); + + // //Handle Padding Removal + // if(sa_ptr->shplf_len != 0) + // { + // int padding_location = TC_FRAME_HEADER_SIZE + segment_hdr_len + SPI_LEN + sa_ptr->shivf_len + + // sa_ptr->shsnf_len; + // uint16_t padding_amount = 0; + // // Get Padding Amount from ingest frame + // padding_amount = (int)ingest[padding_location]; + // // Remove Padding from final decrypted portion + // tc_sdls_processed_frame->tc_pdu_len -= padding_amount; + // } + } + } + + // If plaintext, copy byte by byte + else if(sa_service_type == SA_PLAINTEXT) + { + memcpy(p_new_dec_frame+byte_idx, &(p_ingest[byte_idx]), pdu_len); + byte_idx += pdu_len; + } + +#ifdef AOS_DEBUG + printf(KYEL "\nPrinting received frame:\n\t" RESET); + for( int i=0; imax_frame_size; i++) + { + printf(KYEL "%02X", p_ingest[i]); + } + printf(KYEL "\nPrinting PROCESSED frame:\n\t" RESET); + for( int i=0; imax_frame_size; i++) + { + printf(KYEL "%02X", p_new_dec_frame[i]); + } + printf("\n"); +#endif + + *pp_processed_frame = p_new_dec_frame; + // TODO maybe not just return this without doing the math ourselves + *p_decrypted_length = current_managed_parameters->max_frame_size; + +#ifdef DEBUG + printf(KYEL "----- Crypto_AOS_ProcessSecurity END -----\n" RESET); +#endif + + mc_if->mc_log(status); + return status; + } + +/** + * @brief Function: Crypto_Get_aosLength + * Returns the total length of the current aos_frame in BYTES! + * @param len: int + * @return int32_t Length of AOS + **/ +int32_t Crypto_Get_aosLength(int len) +{ +#ifdef FILL + len = AOS_FILL_SIZE; +#else + len = AOS_FRAME_PRIMARYHEADER_SIZE + AOS_FRAME_SECHEADER_SIZE + len + AOS_FRAME_SECTRAILER_SIZE + AOS_FRAME_CLCW_SIZE; +#endif + + return len; +} + +/** + * @brief Function: Crypto_AOS_updatePDU + * Update the Telemetry Payload Data Unit + * @param ingest: uint8_t* + * @param len_ingest: int + **/ +/** +void Crypto_AOS_updatePDU(uint8_t* ingest, int len_ingest) +{ // Copy ingest to PDU + int x = 0; + // int y = 0; + // int fill_size = 0; + SecurityAssociation_t* sa_ptr; + + // Consider a helper function here, or elsewhere, to do all the 'math' in one spot as a global accessible list of variables + if (sa_if->sa_get_from_spi(tm_frame[0], &sa_ptr) != CRYPTO_LIB_SUCCESS) // modify + { + // TODO - Error handling + printf(KRED"Update PDU Error!\n"); + return; // Error -- unable to get SA from SPI. + } + if ((sa_ptr->est == 1) && (sa_ptr->ast == 1)) + { + // fill_size = 1129 - MAC_SIZE - IV_SIZE + 2; // +2 for padding bytes + } + else + { + // fill_size = 1129; + } +#ifdef AOS_ZERO_FILL + for (x = 0; x < AOS_FILL_SIZE; x++) + { + if (x < len_ingest) + { // Fill + aos_frame.tm_pdu[x] = (uint8_t)ingest[x]; + } + else + { // Zero + aos_frame.tm_pdu[x] = 0x00; + } + } +#else + // Pre-append remaining packet if exist + // if (tm_offset == 63) + // { + // aos_frame.tm_pdu[x++] = 0xff; + // aos_offset--; + // } + // if (tm_offset == 62) + // { + // aos_frame.tm_pdu[x++] = 0x00; + // aos_offset--; + // } + // if (tm_offset == 61) + // { + // aos_frame.tm_pdu[x++] = 0x00; + // aos_offset--; + // } + // if (tm_offset == 60) + // { + // aos_frame.tm_pdu[x++] = 0x00; + // aos_offset--; + // } + // if (tm_offset == 59) + // { + // aos_frame.tm_pdu[x++] = 0x39; + // aos_offset--; + // } + // while (x < aos_offset) + // { + // aos_frame.tm_pdu[x] = 0x00; + // x++; + // } + // Copy actual packet + while (x < len_ingest + aos_offset) + { + // printf("%s, Line: %d\n", __FILE__, __LINE__); + // printf("ingest[x - aos_offset] = 0x%02x \n", (uint8_t)ingest[x - aos_offset]); + printf("%02X", (uint8_t)ingest[x - aos_offset]); + // aos_frame.tm_pdu[x] = (uint8_t)ingest[x - aos_offset]; + x++; + } +#ifdef AOS_IDLE_FILL + // Check for idle frame trigger + if (((uint8_t)ingest[0] == 0x08) && ((uint8_t)ingest[1] == 0x90)) + { + // Don't fill idle frames + } + else + { + // while (x < (fill_size - 64)) + // { + // aos_frame.tm_pdu[x++] = 0x07; + // aos_frame.tm_pdu[x++] = 0xff; + // aos_frame.tm_pdu[x++] = 0x00; + // aos_frame.tm_pdu[x++] = 0x00; + // aos_frame.tm_pdu[x++] = 0x00; + // aos_frame.tm_pdu[x++] = 0x39; + // for (y = 0; y < 58; y++) + // { + // aos_frame.tm_pdu[x++] = 0x00; + // } + // } + // Add partial packet, if possible, and set offset + // if (x < fill_size) + // { + // aos_frame.tm_pdu[x++] = 0x07; + // aos_offset = 63; + // } + // if (x < fill_size) + // { + // aos_frame.tm_pdu[x++] = 0xff; + // aos_offset--; + // } + // if (x < fill_size) + // { + // aos_frame.tm_pdu[x++] = 0x00; + // aos_offset--; + // } + // if (x < fill_size) + // { + // aos_frame.tm_pdu[x++] = 0x00; + // aos_offset--; + // } + // if (x < fill_size) + // { + // aos_frame.tm_pdu[x++] = 0x00; + // aos_offset--; + // } + // if (x < fill_size) + // { + // aos_frame.tm_pdu[x++] = 0x39; + // aos_offset--; + // } + // for (y = 0; x < fill_size; y++) + // { + // aos_frame.tm_pdu[x++] = 00; + // aos_offset--; + // } + } + // while (x < AOS_FILL_SIZE) + // { + // aos_frame.tm_pdu[x++] = 0x00; + // } +#endif +#endif + + return; +} + **/ +/** + * @brief Function: Crypto_AOS_updateOCF + * Update the AOS OCF + **/ +/** +void Crypto_AOS_updateOCF(void) +{ + // TODO + if (ocf == 0) + { // CLCW + clcw.vci = aos_frame.tm_header.vcid; + + aos_frame.tm_sec_trailer.ocf[0] = (clcw.cwt << 7) | (clcw.cvn << 5) | (clcw.sf << 2) | (clcw.cie); + aos_frame.tm_sec_trailer.ocf[1] = (clcw.vci << 2) | (clcw.spare0); + aos_frame.tm_sec_trailer.ocf[2] = (clcw.nrfa << 7) | (clcw.nbl << 6) | (clcw.lo << 5) | (clcw.wait << 4) | + (clcw.rt << 3) | (clcw.fbc << 1) | (clcw.spare1); + aos_frame.tm_sec_trailer.ocf[3] = (clcw.rv); + // Alternate OCF + ocf = 1; +#ifdef OCF_DEBUG + Crypto_clcwPrint(&clcw); +#endif + } + else + { // FSR + aos_frame.tm_sec_trailer.ocf[0] = (report.cwt << 7) | (report.vnum << 4) | (report.af << 3) | + (report.bsnf << 2) | (report.bmacf << 1) | (report.ispif); + aos_frame.tm_sec_trailer.ocf[1] = (report.lspiu & 0xFF00) >> 8; + aos_frame.tm_sec_trailer.ocf[2] = (report.lspiu & 0x00FF); + aos_frame.tm_sec_trailer.ocf[3] = (report.snval); + // Alternate OCF + ocf = 0; +#ifdef OCF_DEBUG + Crypto_fsrPrint(&report); +#endif + } +} + **/ + +/** + * @brief Function: Crypto_Prepare_AOS_AAD + * Bitwise ANDs buffer with abm, placing results in aad buffer + * @param buffer: uint8_t* + * @param len_aad: uint16_t + * @param abm_buffer: uint8_t* + * @param aad: uint8_t* + * @return status: uint32_t + **/ +uint32_t Crypto_Prepare_AOS_AAD(const uint8_t* buffer, uint16_t len_aad, const uint8_t* abm_buffer, uint8_t* aad) +{ + uint32_t status = CRYPTO_LIB_SUCCESS; + int i; + + for (i = 0; i < len_aad; i++) + { + aad[i] = buffer[i] & abm_buffer[i]; + } + +#ifdef MAC_DEBUG + printf(KYEL "AAD before ABM Bitmask:\n\t"); + for (i = 0; i < len_aad; i++) + { + printf("%02x", buffer[i]); + } + printf("\n" RESET); +#endif + +#ifdef MAC_DEBUG + printf(KYEL "Preparing AAD:\n"); + printf("\tUsing AAD Length of %d\n\t", len_aad); + for (i = 0; i < len_aad; i++) + { + printf("%02x", aad[i]); + } + printf("\n" RESET); +#endif + + return status; +} \ No newline at end of file diff --git a/src/src_main/crypto_config.c b/src/core/crypto_config.c similarity index 68% rename from src/src_main/crypto_config.c rename to src/core/crypto_config.c index b2ca6c36..03b0b5ef 100644 --- a/src/src_main/crypto_config.c +++ b/src/core/crypto_config.c @@ -25,12 +25,18 @@ /* ** Global Variables */ -SadbRoutine sadb_routine = NULL; CryptographyInterface cryptography_if = NULL; -CryptoConfig_t* crypto_config = NULL; -SadbMariaDBConfig_t* sadb_mariadb_config = NULL; +KeyInterface key_if = NULL; +McInterface mc_if = NULL; +SaInterface sa_if = NULL; + +SadbMariaDBConfig_t* sa_mariadb_config = NULL; + +CryptoConfig_t crypto_config; + CryptographyKmcCryptoServiceConfig_t* cryptography_kmc_crypto_config = NULL; CamConfig_t* cam_config = NULL; + GvcidManagedParameters_t* gvcid_managed_parameters = NULL; GvcidManagedParameters_t* current_managed_parameters = NULL; @@ -41,6 +47,17 @@ int32_t crypto_free_config_structs(void); ** Initialization Functions */ +/** + * @brief Function: Crypto_Init_TC_Unit_Test + * @return int32: status + **/ +int32_t Crypto_TC_Init(void) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + status = Crypto_Init_TC_Unit_Test(); + return status; +} + /** * @brief Function: Crypto_Init_TC_Unit_Test * @return int32: status @@ -48,14 +65,17 @@ int32_t crypto_free_config_structs(void); int32_t Crypto_Init_TC_Unit_Test(void) { int32_t status = CRYPTO_LIB_SUCCESS; - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, - TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, - TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, + TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, + TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, + SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // TC Tests - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 4, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 4, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); + printf("Crypto_Init TC Called.\n"); return status; } @@ -66,11 +86,33 @@ int32_t Crypto_Init_TC_Unit_Test(void) int32_t Crypto_Init_TM_Unit_Test(void) { int32_t status = CRYPTO_LIB_SUCCESS; - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TM_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // TM Tests - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_NO_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0042, 0, TM_NO_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + status = Crypto_Init(); + return status; +} + +/** + * @brief Function: Crypto_Init_AOS_Unit_Test + * @return int32: status + **/ +int32_t Crypto_Init_AOS_Unit_Test(void) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_AOS_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, + AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + // AOS Tests + Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_NO_FECF, AOS_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0042, 0, AOS_NO_FECF, AOS_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); return status; } @@ -79,16 +121,20 @@ int32_t Crypto_Init_TM_Unit_Test(void) * @brief Function: Crypto_Init_With_Configs * @param crypto_config_p: CryptoConfig_t* * @param gvcid_managed_parameters_p: GvcidManagedParameters_t* - * @param sadb_mariadb_config_p: SadbMariaDBConfig_t* + * @param sa_mariadb_config_p: SadbMariaDBConfig_t* * @return int32: Success/Failure **/ int32_t Crypto_Init_With_Configs(CryptoConfig_t* crypto_config_p, GvcidManagedParameters_t* gvcid_managed_parameters_p, - SadbMariaDBConfig_t* sadb_mariadb_config_p, CryptographyKmcCryptoServiceConfig_t* cryptography_kmc_crypto_config_p) + SadbMariaDBConfig_t* sa_mariadb_config_p, CryptographyKmcCryptoServiceConfig_t* cryptography_kmc_crypto_config_p) { int32_t status = CRYPTO_LIB_SUCCESS; - crypto_config = crypto_config_p; + if(crypto_config_p != NULL) + { + memcpy(&crypto_config, crypto_config_p, CRYPTO_CONFIG_SIZE); + crypto_config.init_status = INITIALIZED; + } gvcid_managed_parameters = gvcid_managed_parameters_p; - sadb_mariadb_config = sadb_mariadb_config_p; + sa_mariadb_config = sa_mariadb_config_p; cryptography_kmc_crypto_config = cryptography_kmc_crypto_config_p; status = Crypto_Init(); return status; @@ -102,7 +148,7 @@ int32_t Crypto_Init(void) { int32_t status = CRYPTO_LIB_SUCCESS; - if (crypto_config == NULL) + if (crypto_config.init_status == UNITIALIZED) { status = CRYPTO_CONFIGURATION_NOT_COMPLETE; printf(KRED "ERROR: CryptoLib must be configured before intializing!\n" RESET); @@ -119,20 +165,57 @@ int32_t Crypto_Init(void) // Crypto_mpPrint(gvcid_managed_parameters, 1); // #endif - // Prepare SADB type from config - if (crypto_config->sadb_type == SADB_TYPE_INMEMORY) + /* Key Interface */ + if (crypto_config.key_type == KEY_TYPE_CUSTOM) { - sadb_routine = get_sadb_routine_inmemory(); + key_if = get_key_interface_custom(); } - else if (crypto_config->sadb_type == SADB_TYPE_MARIADB) + else if (crypto_config.key_type == KEY_TYPE_INTERNAL) { - if (sadb_mariadb_config == NULL) + key_if = get_key_interface_internal(); + } + else // KEY_TYPE_KMC + { + key_if = get_key_interface_kmc(); + } + key_if->key_init(); + // TODO: Check and return status on error + + /* MC Interface */ + if (crypto_config.mc_type == MC_TYPE_CUSTOM) + { + mc_if = get_mc_interface_custom(); + } + else if (crypto_config.mc_type == MC_TYPE_DISABLED) + { + mc_if = get_mc_interface_disabled(); + } + else // MC_TYPE_INTERNAL + { + mc_if = get_mc_interface_internal(); + } + mc_if->mc_initialize(); + // TODO: Check and return status on error + + /* SA Interface */ + // Prepare SA type from config + if (crypto_config.sa_type == SA_TYPE_CUSTOM) + { + sa_if = get_sa_interface_custom(); + } + else if (crypto_config.sa_type == SA_TYPE_INMEMORY) + { + sa_if = get_sa_interface_inmemory(); + } + else if (crypto_config.sa_type == SA_TYPE_MARIADB) + { + if (sa_mariadb_config == NULL) { status = CRYPTO_MARIADB_CONFIGURATION_NOT_COMPLETE; printf(KRED "ERROR: CryptoLib MariaDB must be configured before intializing!\n" RESET); return status; // MariaDB connection specified but no configuration exists, return! } - sadb_routine = get_sadb_routine_mariadb(); + sa_if = get_sa_interface_mariadb(); } else { @@ -140,23 +223,23 @@ int32_t Crypto_Init(void) return status; } // TODO: Error stack - // Prepare Cryptographic Library from config - if(crypto_config->cryptography_type == CRYPTOGRAPHY_TYPE_LIBGCRYPT) + /* Crypto Interface */ + // Determine which cryptographic module is in use + cryptography_if = get_cryptography_interface_libgcrypt(); + if (cryptography_if == NULL) { - cryptography_if = get_cryptography_interface_libgcrypt(); + cryptography_if = get_cryptography_interface_wolfssl(); } - else if (crypto_config->cryptography_type == CRYPTOGRAPHY_TYPE_KMCCRYPTO) - { - if (cryptography_kmc_crypto_config == NULL) + if (cryptography_if == NULL) + { // Note this needs to be the last option in the chain due to addition configuration required + if (cryptography_kmc_crypto_config != NULL) { - status = CRYPTOGRAPHY_KMC_CRYPTO_SERVICE_CONFIGURATION_NOT_COMPLETE; - printf(KRED "ERROR: CryptoLib KMC Crypto Service Interface must be configured before intializing!\n" RESET); - return status; + cryptography_if = get_cryptography_interface_kmc_crypto_service(); } - cryptography_if = get_cryptography_interface_kmc_crypto_service(); } - else + if (cryptography_if == NULL) { + printf("Fatal Error: Unable to identify Cryptography Interface!\n"); status = CRYPTOGRAPHY_INVALID_CRYPTO_INTERFACE_TYPE; return status; } @@ -176,12 +259,11 @@ int32_t Crypto_Init(void) return status; } - // Init Security Associations - status = sadb_routine->sadb_init(); + status = sa_if->sa_init(); if (status==CRYPTO_LIB_SUCCESS) { - status = sadb_routine->sadb_config(); + status = sa_if->sa_config(); Crypto_Local_Init(); Crypto_Local_Config(); @@ -199,7 +281,7 @@ int32_t Crypto_Init(void) } else { - printf(KBLU "Error, Crypto Lib NOT Intialized, sadb_init() returned error:%d. Version .%d.%d.%d\n" RESET, CRYPTO_LIB_MAJOR_VERSION, + printf(KBLU "Error, Crypto Lib NOT Intialized, sa_init() returned error:%d. Version .%d.%d.%d\n" RESET, CRYPTO_LIB_MAJOR_VERSION, CRYPTO_LIB_MINOR_VERSION, CRYPTO_LIB_REVISION, CRYPTO_LIB_MISSION_REV); } @@ -224,10 +306,20 @@ int32_t Crypto_Shutdown(void) gvcid_managed_parameters = NULL; } - if (sadb_routine != NULL) + if(key_if != NULL) + { + key_if->key_shutdown(); + } + + if(mc_if != NULL) + { + mc_if->mc_shutdown(); + } + + if (sa_if != NULL) { - sadb_routine->sadb_close(); - sadb_routine = NULL; + sa_if->sa_close(); + sa_if = NULL; } if (cryptography_if != NULL) @@ -241,7 +333,9 @@ int32_t Crypto_Shutdown(void) /** * @brief Function: Crypto_Config_CryptoLib - * @param sadb_type: uint8 + * @param key_type: uint8 + * @param sa_type: uint8 + * @param iv_type: uint8 * @param crypto_create_fecf: uint8 * @param process_sdls_pdus: uint8 * @param has_pus_hdr: uint8 @@ -252,23 +346,27 @@ int32_t Crypto_Shutdown(void) * @param vcid_bitmask: uint8 * @return int32: Success/Failure **/ -int32_t Crypto_Config_CryptoLib(uint8_t sadb_type, uint8_t cryptography_type, uint8_t crypto_create_fecf, uint8_t process_sdls_pdus, +int32_t Crypto_Config_CryptoLib(uint8_t key_type, uint8_t mc_type, uint8_t sa_type, uint8_t cryptography_type, + uint8_t iv_type, uint8_t crypto_create_fecf, uint8_t process_sdls_pdus, uint8_t has_pus_hdr, uint8_t ignore_sa_state, uint8_t ignore_anti_replay, uint8_t unique_sa_per_mapid, uint8_t crypto_check_fecf, uint8_t vcid_bitmask, uint8_t crypto_increment_nontransmitted_iv) { int32_t status = CRYPTO_LIB_SUCCESS; - crypto_config = (CryptoConfig_t* )calloc(1, CRYPTO_CONFIG_SIZE); - crypto_config->sadb_type = sadb_type; - crypto_config->cryptography_type = cryptography_type; - crypto_config->crypto_create_fecf = crypto_create_fecf; - crypto_config->process_sdls_pdus = process_sdls_pdus; - crypto_config->has_pus_hdr = has_pus_hdr; - crypto_config->ignore_sa_state = ignore_sa_state; - crypto_config->ignore_anti_replay = ignore_anti_replay; - crypto_config->unique_sa_per_mapid = unique_sa_per_mapid; - crypto_config->crypto_check_fecf = crypto_check_fecf; - crypto_config->vcid_bitmask = vcid_bitmask; - crypto_config->crypto_increment_nontransmitted_iv = crypto_increment_nontransmitted_iv; + crypto_config.init_status = INITIALIZED; + crypto_config.key_type = key_type; + crypto_config.mc_type = mc_type; + crypto_config.sa_type = sa_type; + crypto_config.cryptography_type = cryptography_type; + crypto_config.iv_type = iv_type; + crypto_config.crypto_create_fecf = crypto_create_fecf; + crypto_config.process_sdls_pdus = process_sdls_pdus; + crypto_config.has_pus_hdr = has_pus_hdr; + crypto_config.ignore_sa_state = ignore_sa_state; + crypto_config.ignore_anti_replay = ignore_anti_replay; + crypto_config.unique_sa_per_mapid = unique_sa_per_mapid; + crypto_config.crypto_check_fecf = crypto_check_fecf; + crypto_config.vcid_bitmask = vcid_bitmask; + crypto_config.crypto_increment_nontransmitted_iv = crypto_increment_nontransmitted_iv; return status; } @@ -288,22 +386,22 @@ int32_t Crypto_Config_MariaDB(char* mysql_hostname, char* mysql_database, uint16 char* mysql_mtls_client_key_password, char* mysql_username, char* mysql_password) { int32_t status = CRYPTO_LIB_ERROR; - sadb_mariadb_config = (SadbMariaDBConfig_t*)calloc(1, SADB_MARIADB_CONFIG_SIZE); - if (sadb_mariadb_config != NULL) + sa_mariadb_config = (SadbMariaDBConfig_t*)calloc(1, SADB_MARIADB_CONFIG_SIZE); + if (sa_mariadb_config != NULL) { - sadb_mariadb_config->mysql_username=crypto_deep_copy_string(mysql_username); - sadb_mariadb_config->mysql_password=crypto_deep_copy_string(mysql_password); - sadb_mariadb_config->mysql_hostname=crypto_deep_copy_string(mysql_hostname); - sadb_mariadb_config->mysql_database=crypto_deep_copy_string(mysql_database); - sadb_mariadb_config->mysql_port=mysql_port; + sa_mariadb_config->mysql_username=crypto_deep_copy_string(mysql_username); + sa_mariadb_config->mysql_password=crypto_deep_copy_string(mysql_password); + sa_mariadb_config->mysql_hostname=crypto_deep_copy_string(mysql_hostname); + sa_mariadb_config->mysql_database=crypto_deep_copy_string(mysql_database); + sa_mariadb_config->mysql_port=mysql_port; /*start - encrypted connection related parameters*/ - sadb_mariadb_config->mysql_mtls_cert = crypto_deep_copy_string(mysql_mtls_cert); - sadb_mariadb_config->mysql_mtls_key = crypto_deep_copy_string(mysql_mtls_key); - sadb_mariadb_config->mysql_mtls_ca = crypto_deep_copy_string(mysql_tls_ca); - sadb_mariadb_config->mysql_mtls_capath = crypto_deep_copy_string(mysql_tls_capath); - sadb_mariadb_config->mysql_tls_verify_server = mysql_tls_verify_server; - sadb_mariadb_config->mysql_mtls_client_key_password = crypto_deep_copy_string(mysql_mtls_client_key_password); - sadb_mariadb_config->mysql_require_secure_transport = mysql_require_secure_transport; + sa_mariadb_config->mysql_mtls_cert = crypto_deep_copy_string(mysql_mtls_cert); + sa_mariadb_config->mysql_mtls_key = crypto_deep_copy_string(mysql_mtls_key); + sa_mariadb_config->mysql_mtls_ca = crypto_deep_copy_string(mysql_tls_ca); + sa_mariadb_config->mysql_mtls_capath = crypto_deep_copy_string(mysql_tls_capath); + sa_mariadb_config->mysql_tls_verify_server = mysql_tls_verify_server; + sa_mariadb_config->mysql_mtls_client_key_password = crypto_deep_copy_string(mysql_mtls_client_key_password); + sa_mariadb_config->mysql_require_secure_transport = mysql_require_secure_transport; /*end - encrypted connection related parameters*/ status = CRYPTO_LIB_SUCCESS; } @@ -324,7 +422,8 @@ int32_t Crypto_Config_Kmc_Crypto_Service(char* protocol, char* kmc_crypto_hostna if(kmc_crypto_app != NULL){ cryptography_kmc_crypto_config->kmc_crypto_app_uri = crypto_deep_copy_string(kmc_crypto_app); } else{ - cryptography_kmc_crypto_config->kmc_crypto_app_uri = crypto_deep_copy_string("crypto-service"); + char* crypto_service_tmp = (char*) "crypto-service"; + cryptography_kmc_crypto_config->kmc_crypto_app_uri = crypto_deep_copy_string(crypto_service_tmp); } cryptography_kmc_crypto_config->mtls_client_cert_path = crypto_deep_copy_string(mtls_client_cert_path); @@ -369,10 +468,12 @@ int32_t Crypto_Config_Cam(uint8_t cam_enabled, char* cookie_file_path, char* key * @param has_fecf: uint8 * @param has_segmentation_hdr: uint8 * @param max_frame_size: uint16 + * @param has_fhec: uint8 * @return int32: Success/Failure **/ int32_t Crypto_Config_Add_Gvcid_Managed_Parameter(uint8_t tfvn, uint16_t scid, uint8_t vcid, uint8_t has_fecf, - uint8_t has_segmentation_hdr, uint16_t max_frame_size) + uint8_t has_segmentation_hdr, uint16_t max_frame_size, uint8_t aos_has_fhec, + uint8_t aos_has_iz, uint16_t aos_iz_len) { int32_t status = CRYPTO_LIB_SUCCESS; @@ -387,6 +488,9 @@ int32_t Crypto_Config_Add_Gvcid_Managed_Parameter(uint8_t tfvn, uint16_t scid, u gvcid_managed_parameters->has_fecf = has_fecf; gvcid_managed_parameters->has_segmentation_hdr = has_segmentation_hdr; gvcid_managed_parameters->max_frame_size = max_frame_size; + gvcid_managed_parameters->aos_has_fhec = aos_has_fhec; + gvcid_managed_parameters->aos_has_iz = aos_has_iz; + gvcid_managed_parameters->aos_iz_len = aos_iz_len; gvcid_managed_parameters->next = NULL; return status; } @@ -400,7 +504,8 @@ int32_t Crypto_Config_Add_Gvcid_Managed_Parameter(uint8_t tfvn, uint16_t scid, u else { // Recurse through nodes and add at end return crypto_config_add_gvcid_managed_parameter_recursion(tfvn, scid, vcid, has_fecf, has_segmentation_hdr, - max_frame_size, gvcid_managed_parameters); + max_frame_size, aos_has_fhec, aos_has_iz, aos_iz_len, + gvcid_managed_parameters); } } @@ -408,23 +513,23 @@ int32_t crypto_free_config_structs(void) { int32_t status = CRYPTO_LIB_SUCCESS; - free(crypto_config); //no strings in this struct, just free it. - crypto_config=NULL; + //free(crypto_config); //no strings in this struct, just free it. + crypto_config.init_status = UNITIALIZED; // Config structs with char* types that are malloc'd and must be freed individually. - if(sadb_mariadb_config != NULL) + if(sa_mariadb_config != NULL) { - free(sadb_mariadb_config->mysql_username); - free(sadb_mariadb_config->mysql_password); - free(sadb_mariadb_config->mysql_hostname); - free(sadb_mariadb_config->mysql_database); - free(sadb_mariadb_config->mysql_mtls_cert); - free(sadb_mariadb_config->mysql_mtls_key); - free(sadb_mariadb_config->mysql_mtls_ca); - free(sadb_mariadb_config->mysql_mtls_capath); - free(sadb_mariadb_config->mysql_mtls_client_key_password); - free(sadb_mariadb_config); - sadb_mariadb_config=NULL; + free(sa_mariadb_config->mysql_username); + free(sa_mariadb_config->mysql_password); + free(sa_mariadb_config->mysql_hostname); + free(sa_mariadb_config->mysql_database); + free(sa_mariadb_config->mysql_mtls_cert); + free(sa_mariadb_config->mysql_mtls_key); + free(sa_mariadb_config->mysql_mtls_ca); + free(sa_mariadb_config->mysql_mtls_capath); + free(sa_mariadb_config->mysql_mtls_client_key_password); + free(sa_mariadb_config); + sa_mariadb_config=NULL; } if(cryptography_kmc_crypto_config != NULL) { @@ -485,13 +590,15 @@ char* crypto_deep_copy_string(char* src_string) * @return int32: Success/Failure **/ int32_t crypto_config_add_gvcid_managed_parameter_recursion(uint8_t tfvn, uint16_t scid, uint8_t vcid, uint8_t has_fecf, - uint8_t has_segmentation_hdr, uint16_t max_frame_size, + uint8_t has_segmentation_hdr, uint16_t max_frame_size, uint8_t aos_has_fhec, + uint8_t aos_has_iz, uint16_t aos_iz_len, GvcidManagedParameters_t* managed_parameter) { if (managed_parameter->next != NULL) { return crypto_config_add_gvcid_managed_parameter_recursion(tfvn, scid, vcid, has_fecf, has_segmentation_hdr, - max_frame_size, managed_parameter->next); + max_frame_size, aos_has_fhec, aos_has_iz, + aos_iz_len, managed_parameter->next); } else { diff --git a/src/core/crypto_error.c b/src/core/crypto_error.c new file mode 100644 index 00000000..f049de06 --- /dev/null +++ b/src/core/crypto_error.c @@ -0,0 +1,231 @@ +/* Copyright (C) 2009 - 2022 National Aeronautics and Space Administration. + All Foreign Rights are Reserved to the U.S. Government. + + This software is provided "as is" without any warranty of any kind, either expressed, implied, or statutory, + including, but not limited to, any warranty that the software will conform to specifications, any implied warranties + of merchantability, fitness for a particular purpose, and freedom from infringement, and any warranty that the + documentation will conform to the program, or any warranty that the software will be error free. + + In no event shall NASA be liable for any damages, including, but not limited to direct, indirect, special or + consequential damages, arising out of, resulting from, or in any way connected with the software or its + documentation, whether or not based upon warranty, contract, tort or otherwise, and whether or not loss was sustained + from, or arose out of the results of, or use of, the software, documentation or services provided hereunder. + + ITC Team + NASA IV&V + jstar-development-team@mail.nasa.gov +*/ + +#include "crypto_error.h" +#include "crypto.h" + +char *crypto_enum_errlist_core[] = +{ + (char*) "CRYPTO_LIB_SUCCESS", + (char*) "CRYPTO_LIB_ERROR", + (char*) "CRYPTO_LIB_ERR_NO_INIT", + (char*) "CRYPTO_LIB_ERR_INVALID_TFVN", + (char*) "CRYPTO_LIB_ERR_INVALID_SCID", + (char*) "CRYPTO_LIB_ERR_INVALID_VCID", + (char*) "CRYPTO_LIB_ERR_INVALID_MAPID", + (char*) "CRYPTO_LIB_ERR_INVALID_CC_FLAG", + (char*) "CRYPTO_LIB_ERR_NO_OPERATIONAL_SA", + (char*) "CRYPTO_LIB_ERR_NULL_BUFFER", + (char*) "CRYPTO_LIB_ERR_UT_BYTE_MISMATCH", + (char*) "CRYPTO_LIB_ERR_NO_CONFIG", + (char*) "CRYPTO_LIB_ERR_INVALID_FECF", + (char*) "CRYPTO_LIB_ERR_ARSN_OUTSIDE_WINDOW", + (char*) "CRYPTO_LIB_ERR_LIBGCRYPT_ERROR", + (char*) "CRYPTO_LIB_ERR_AUTHENTICATION_ERROR", + (char*) "CRYPTO_LIB_ERR_NULL_IV", + (char*) "CRYPTO_LIB_ERR_NULL_ABM", + (char*) "CRYPTO_LIB_ERR_DECRYPT_ERROR", + (char*) "CRYPTO_LIB_ERR_ABM_TOO_SHORT_FOR_AAD", + (char*) "CRYPTO_LIB_ERR_MAC_RETRIEVAL_ERROR", + (char*) "CRYPTO_LIB_ERR_MAC_VALIDATION_ERROR", + (char*) "CRYPTO_LIB_ERR_INVALID_HEADER", + (char*) "CRYPTO_LIB_ERR_IV_OUTSIDE_WINDOW", + (char*) "CRYPTO_LIB_ERR_NULL_ARSN", + (char*) "CRYPTO_LIB_ERR_NULL_SA", + (char*) "CRYPTO_LIB_ERR_UNSUPPORTED_ACS", + (char*) "CRYPTO_LIB_ERR_ENCRYPTION_ERROR", + (char*) "CRYPTO_LIB_ERR_INVALID_SA_CONFIGURATION", + (char*) "CRYPTO_LIB_ERR_TC_FRAME_SIZE_EXCEEDS_MANAGED_PARAM_MAX_LIMIT", + (char*) "CRYPTO_LIB_ERR_TC_FRAME_SIZE_EXCEEDS_SPEC_LIMIT", + (char*) "CRYPTO_LIB_ERR_UNSUPPORTED_ECS", + (char*) "CRYPTO_LIB_ERR_KEY_LENGTH_ERROR", + (char*) "CRYPTO_LIB_ERR_NULL_ECS_PTR", + (char*) "CRYPTO_LIB_ERR_IV_NOT_SUPPORTED_FOR_ACS_ALGO", + (char*) "CRYPTO_LIB_ERR_NULL_CIPHERS", + (char*) "CRYPTO_LIB_ERR_NO_ECS_SET_FOR_ENCRYPTION_MODE", + (char*) "CRYPTO_LIB_ERR_IV_LEN_SHORTER_THAN_SEC_HEADER_LENGTH", + (char*) "CRYPTO_LIB_ERR_ARSN_LEN_SHORTER_THAN_SEC_HEADER_LENGTH", + (char*) "CRYPTO_LIB_ERR_FRAME_COUNTER_DOESNT_MATCH_SA", + (char*) "CRYPTO_LIB_ERR_INPUT_FRAME_TOO_SHORT_FOR_TC_STANDARD", + (char*) "CRYPTO_LIB_ERR_INPUT_FRAME_LENGTH_SHORTER_THAN_FRAME_HEADERS_LENGTH", + (char*) "CRYPTO_LIB_ERR_UNSUPPORTED_ECS_MODE", + (char*) "CRYPTO_LIB_ERR_NULL_MODE_PTR", + (char*) "CRYPTO_LIB_ERR_UNSUPPORTED_MODE", + (char*) "CRYPTO_LIB_ERR_INPUT_FRAME_TOO_SHORT_FOR_TM_STANDARD", + (char*) "CRYPTO_LIB_ERR_TC_ENUM_USED_FOR_TM_CONFIG", + (char*) "CRYPTO_LIB_ERR_KEY_ID_ERROR", + (char*) "CRYPTO_LIB_ERR_MC_INIT", + (char*) "CRYPTO_LIB_ERR_INPUT_FRAME_TOO_SHORT_FOR_AOS_STANDARD", + (char*) "CRYPTO_LIB_ERR_TC_ENUM_USED_FOR_AOS_CONFIG", +}; + +char *crypto_enum_errlist_config[] = +{ + (char*) "CRYPTO_CONFIGURATION_NOT_COMPLETE", + (char*) "CRYPTO_MANAGED_PARAM_CONFIGURATION_NOT_COMPLETE", + (char*) "CRYPTO_MARIADB_CONFIGURATION_NOT_COMPLETE", + (char*) "MANAGED_PARAMETERS_FOR_GVCID_NOT_FOUND", +}; + +char *crypto_enum_errlist_sa_if[] = +{ + (char*) "SADB_INVALID_SADB_TYPE", + (char*) "SADB_NULL_SA_USED", +}; +char *crypto_enum_errlist_sa_mariadb[] = +{ + (char*) "SADB_MARIADB_CONNECTION_FAILED", + (char*) "SADB_QUERY_FAILED", + (char*) "SADB_QUERY_EMPTY_RESULTS", + (char*) "SADB_INSERT_FAILED", +}; +char *crypto_enum_errlist_crypto_if[] = +{ + (char*) "CRYPTOGRAPHY_INVALID_CRYPTO_INTERFACE_TYPE", + (char*) "CRYPTOGRAPHY_UNSUPPORTED_OPERATION_FOR_KEY_RING", + (char*) "CRYPTOGRAPHY_LIBRARY_INITIALIZIATION_ERROR", +}; +char *crypto_enum_errlist_crypto_kmc[] = +{ + (char*) "CRYPTOGRAPHY_KMC_CRYPTO_SERVICE_CONFIGURATION_NOT_COMPLETE", + (char*) "CRYPTOGRAPHY_KMC_CURL_INITIALIZATION_FAILURE", + (char*) "CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_CONNECTION_ERROR", + (char*) "CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_AEAD_ENCRYPT_ERROR", + (char*) "CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_AEAD_DECRYPT_ERROR", + (char*) "CRYPTOGRAHPY_KMC_CRYPTO_JSON_PARSE_ERROR", + (char*) "CRYPTOGRAHPY_KMC_CIPHER_TEXT_NOT_FOUND_IN_JSON_RESPONSE", + (char*) "CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_GENERIC_FAILURE", + (char*) "CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_AUTHENTICATION_ERROR", + (char*) "CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_MAC_VALIDATION_ERROR", + (char*) "CRYPTOGRAHPY_KMC_ICV_NOT_FOUND_IN_JSON_RESPONSE", + (char*) "CRYPTOGRAHPY_KMC_NULL_ENCRYPTION_KEY_REFERENCE_IN_SA", + (char*) "CRYPTOGRAHPY_KMC_NULL_AUTHENTICATION_KEY_REFERENCE_IN_SA", + (char*) "CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_EMPTY_RESPONSE", + (char*) "CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_DECRYPT_ERROR", + (char*) "CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_ENCRYPT_ERROR", +}; + +char *crypto_enum_errlist_crypto_cam[] = +{ + (char*) "CAM_CONFIG_NOT_SUPPORTED_ERROR", + (char*) "CAM_INVALID_COOKIE_FILE_CONFIGURATION_NULL", + (char*) "CAM_AUTHENTICATION_FAILURE_REDIRECT", + (char*) "CAM_AUTHENTICATION_REQUIRED", + (char*) "CAM_GET_SSO_TOKEN_FAILURE", + (char*) "CAM_INVALID_CONFIGURATION_ACCESS_MANAGER_URI_NULL", + (char*) "CAM_INVALID_CONFIGURATION_KEYTAB_FILE_PATH_NULL", + (char*) "CAM_INVALID_CONFIGURATION_KEYTAB_FILE_USERNAME_NULL", + (char*) "CAM_KEYTAB_FILE_KINIT_FAILURE", +}; + +/* +** @brief: For a given crypto error code, return the associated error code enum string +** @param: int32_t + * @return: char* +*/ +char* Crypto_Get_Error_Code_Enum_String(int32_t crypto_error_code) +{ + if(crypto_error_code >= 600) // CAM Error Codes + { + if(crypto_error_code > 610) + { + return CRYPTO_UNDEFINED_ERROR; + } + else + { + return crypto_enum_errlist_crypto_cam[crypto_error_code % 600]; + } + + } + else if(crypto_error_code >= 500) // KMC Error Codes + { + if(crypto_error_code > 515) + { + return CRYPTO_UNDEFINED_ERROR; + } + else + { + return crypto_enum_errlist_crypto_kmc[crypto_error_code % 500]; + } + } + else if(crypto_error_code >= 400) // Crypto Interface Error Codes + { + if(crypto_error_code > 402) + { + return CRYPTO_UNDEFINED_ERROR; + } + else + { + return crypto_enum_errlist_crypto_if[crypto_error_code % 400]; + } + + } + else if(crypto_error_code >= 300) // SADB MariadDB Error Codes + { + if(crypto_error_code > 303) + { + return CRYPTO_UNDEFINED_ERROR; + } + else + { + return crypto_enum_errlist_sa_mariadb[crypto_error_code % 300]; + } + + } + else if(crypto_error_code >= 200) // SADB Interface Error Codes + { + if(crypto_error_code > 201) + { + return CRYPTO_UNDEFINED_ERROR; + } + else + { + return crypto_enum_errlist_sa_if[crypto_error_code % 200]; + } + } + else if(crypto_error_code >= 100) // Configuration Error Codes + { + if(crypto_error_code > 103) + { + return CRYPTO_UNDEFINED_ERROR; + } + else + { + return crypto_enum_errlist_config[crypto_error_code % 100]; + } + } + else if(crypto_error_code > 0) // Unused Error Codes 1-100 + { + return CRYPTO_UNDEFINED_ERROR; + } + else if(crypto_error_code <= 0) // Cryptolib Core Error Codes + { + if(crypto_error_code < -45) + { + return CRYPTO_UNDEFINED_ERROR; + } + else + { + return crypto_enum_errlist_core[(crypto_error_code * (-1))]; + } + } + else + { + return CRYPTO_UNDEFINED_ERROR; + } +} \ No newline at end of file diff --git a/src/src_main/crypto_key_mgmt.c b/src/core/crypto_key_mgmt.c similarity index 89% rename from src/src_main/crypto_key_mgmt.c rename to src/core/crypto_key_mgmt.c index 556fd308..84d213a1 100644 --- a/src/src_main/crypto_key_mgmt.c +++ b/src/core/crypto_key_mgmt.c @@ -45,14 +45,8 @@ int32_t Crypto_Key_OTAR(void) int y; int32_t status = CRYPTO_LIB_SUCCESS; int pdu_keys = (sdls_frame.pdu.pdu_len - 30) / (2 + KEY_SIZE); - crypto_key_t* ek_ring = cryptography_if->get_ek_ring(); int w; - - if ( ek_ring == NULL ) - { - status = CRYPTOGRAPHY_UNSUPPORTED_OPERATION_FOR_KEY_RING; - return status; - } + crypto_key_t* ekp = NULL; // Master Key ID packet.mkid = (sdls_frame.pdu.data[0] << 8) | (sdls_frame.pdu.data[1]); @@ -89,12 +83,18 @@ int32_t Crypto_Key_OTAR(void) // printf("packet.mac[%d] = 0x%02x\n", w, packet.mac[w]); } + ekp = key_if->get_key(packet.mkid); + if (ekp == NULL) + { + return CRYPTO_LIB_ERR_KEY_ID_ERROR; + } + uint8_t ecs = CRYPTO_CIPHER_AES256_GCM; status = cryptography_if->cryptography_aead_decrypt(&(sdls_frame.pdu.data[14]), // plaintext output (size_t)(pdu_keys * (2 + KEY_SIZE)), // length of data NULL, // in place decryption 0, // in data length - &(ek_ring[packet.mkid].value[0]), //key + &(ekp->value[0]), //key KEY_SIZE, //key length NULL, //SA reference &(packet.iv[0]), //IV @@ -135,21 +135,27 @@ int32_t Crypto_Key_OTAR(void) } else { + ekp = key_if->get_key(packet.EKB[x].ekid); + if (ekp == NULL) + { + return CRYPTO_LIB_ERR_KEY_ID_ERROR; + } + count = count + 2; for (y = count; y < (KEY_SIZE + count); y++) - { // Encrypted Key + { + // Encrypted Key packet.EKB[x].ek[y - count] = sdls_frame.pdu.data[y]; #ifdef SA_DEBUG printf("\t packet.EKB[%d].ek[%d] = 0x%02x\n", x, y - count, packet.EKB[x].ek[y - count]); #endif - // Setup Key Ring - ek_ring[packet.EKB[x].ekid].value[y - count] = sdls_frame.pdu.data[y]; + ekp->value[y - count] = sdls_frame.pdu.data[y]; } count = count + KEY_SIZE; // Set state to PREACTIVE - ek_ring[packet.EKB[x].ekid].key_state = KEY_PREACTIVE; + ekp->key_state = KEY_PREACTIVE; } } @@ -179,13 +185,16 @@ int32_t Crypto_Key_update(uint8_t state) SDLS_KEY_BLK_t packet; int count = 0; int pdu_keys = sdls_frame.pdu.pdu_len / 2; - crypto_key_t* ek_ring = cryptography_if->get_ek_ring(); + int32_t status; + crypto_key_t* ekp = NULL; int x; - if ( ek_ring == NULL ) + if (key_if == NULL) { - return CRYPTOGRAPHY_UNSUPPORTED_OPERATION_FOR_KEY_RING; + status = CRYPTOGRAPHY_UNSUPPORTED_OPERATION_FOR_KEY_RING; + return status; } + #ifdef PDU_DEBUG printf("Keys "); #endif @@ -250,9 +259,15 @@ int32_t Crypto_Key_update(uint8_t state) // TODO: Exit } - if (ek_ring[packet.kblk[x].kid].key_state == (state - 1)) + ekp = key_if->get_key(packet.kblk[x].kid); + if (ekp == NULL) + { + return CRYPTO_LIB_ERR_KEY_ID_ERROR; + } + + if (ekp->key_state == (state - 1)) { - ek_ring[packet.kblk[x].kid].key_state = state; + ekp->key_state = state; #ifdef PDU_DEBUG // printf("Key ID %d state changed to ", packet.kblk[x].kid); #endif @@ -287,12 +302,14 @@ int32_t Crypto_Key_inventory(uint8_t* ingest) SDLS_KEY_INVENTORY_t packet; int count = 0; uint16_t range = 0; - crypto_key_t* ek_ring = cryptography_if->get_ek_ring(); + int32_t status; + crypto_key_t* ekp = NULL; uint16_t x; - if ( ek_ring == NULL || ingest == NULL) + if ((key_if == NULL) || (ingest == NULL)) { - return CRYPTOGRAPHY_UNSUPPORTED_OPERATION_FOR_KEY_RING; + status = CRYPTOGRAPHY_UNSUPPORTED_OPERATION_FOR_KEY_RING; + return status; } // Read in PDU @@ -309,11 +326,18 @@ int32_t Crypto_Key_inventory(uint8_t* ingest) ingest[count++] = (range & 0xFF00) >> 8; ingest[count++] = (range & 0x00FF); for (x = packet.kid_first; x < packet.kid_last; x++) - { // Key ID + { + // Key ID ingest[count++] = (x & 0xFF00) >> 8; ingest[count++] = (x & 0x00FF); + // Get Key + ekp = key_if->get_key(x); + if (ekp == NULL) + { + return CRYPTO_LIB_ERR_KEY_ID_ERROR; + } // Key State - ingest[count++] = ek_ring[x].key_state; + ingest[count++] = ekp->key_state; } return count; } @@ -335,6 +359,14 @@ int32_t Crypto_Key_verify(uint8_t* ingest, TC_t* tc_frame) // uint8_t tmp_mac[MAC_SIZE]; int x; int y; + int32_t status; + crypto_key_t* ekp = NULL; + + if (key_if == NULL) + { + status = CRYPTOGRAPHY_UNSUPPORTED_OPERATION_FOR_KEY_RING; + return status; + } #ifdef PDU_DEBUG printf("Crypto_Key_verify: Requested %d key(s) to verify \n", pdu_keys); @@ -363,17 +395,20 @@ int32_t Crypto_Key_verify(uint8_t* ingest, TC_t* tc_frame) sdls_frame.pdu.pdu_len = pdu_keys * (2 + IV_SIZE + CHALLENGE_SIZE + CHALLENGE_MAC_SIZE); sdls_frame.hdr.pkt_length = sdls_frame.pdu.pdu_len + 9; count = Crypto_Prep_Reply(ingest, 128); - crypto_key_t* ek_ring = cryptography_if->get_ek_ring(); - if ( ek_ring == NULL ) // Can't verify key without a key ring, action supported for this cryptography interface! - { - return CRYPTOGRAPHY_UNSUPPORTED_OPERATION_FOR_KEY_RING; - } for (x = 0; x < pdu_keys; x++) - { // Key ID + { + // Key ID ingest[count++] = (packet.blk[x].kid & 0xFF00) >> 8; ingest[count++] = (packet.blk[x].kid & 0x00FF); + // Get Key + ekp = key_if->get_key(x); + if (ekp == NULL) + { + return CRYPTO_LIB_ERR_KEY_ID_ERROR; + } + // Initialization Vector iv_loc = count; for (y = 0; y < IV_SIZE; y++) @@ -388,7 +423,7 @@ int32_t Crypto_Key_verify(uint8_t* ingest, TC_t* tc_frame) (size_t)CHALLENGE_SIZE, // length of data &(packet.blk[x].challenge[0]), // plaintext input (size_t)CHALLENGE_SIZE, // in data length - &(ek_ring[packet.blk[x].kid].value[0]), // Key Index + &(ekp->value[0]), // Key Index KEY_SIZE, // Key Length NULL, // SA Reference for key &(ingest[iv_loc]), // IV diff --git a/src/src_main/crypto_mc.c b/src/core/crypto_mc.c similarity index 98% rename from src/src_main/crypto_mc.c rename to src/core/crypto_mc.c index 1a427ec4..89061664 100644 --- a/src/src_main/crypto_mc.c +++ b/src/core/crypto_mc.c @@ -200,7 +200,7 @@ int32_t Crypto_SA_readARSN(uint8_t* ingest) ingest[count++] = (spi & 0xFF00) >> 8; ingest[count++] = (spi & 0x00FF); - if (sadb_routine->sadb_get_sa_from_spi(spi, &sa_ptr) != CRYPTO_LIB_SUCCESS) + if (sa_if->sa_get_from_spi(spi, &sa_ptr) != CRYPTO_LIB_SUCCESS) { // TODO - Error handling return CRYPTO_LIB_ERROR; // Error -- unable to get SA from SPI. diff --git a/src/src_main/crypto_print.c b/src/core/crypto_print.c similarity index 96% rename from src/src_main/crypto_print.c rename to src/core/crypto_print.c index 9a5d83fa..cd3334c2 100644 --- a/src/src_main/crypto_print.c +++ b/src/core/crypto_print.c @@ -101,9 +101,9 @@ void Crypto_tmPrint(TM_t* tm_frame) /** * @brief Function: Crypto_clcwPrint * Prints the current CLCW in memory. - * @param clcw: TM_FrameCLCW_t* + * @param clcw: Telemetry_Frame_Clcw_t* **/ -void Crypto_clcwPrint(TM_FrameCLCW_t* clcw) +void Crypto_clcwPrint(Telemetry_Frame_Clcw_t* clcw) { printf("Current CLCW in memory is: \n"); printf("\t cwt = 0x%01x \n", clcw->cwt); @@ -201,11 +201,11 @@ void Crypto_saPrint(SecurityAssociation_t* sa) printf("\t shplf_len = %d \n", sa->shplf_len); printf("\t stmacf_len = %d \n", sa->stmacf_len); printf("\t ecs_len = %d \n", sa->ecs_len); - if (sa->ecs != NULL) + if (sa->ecs_len > 0) { for (i = 0; i < sa->ecs_len; i++) { - printf("\t ecs[%d] = 0x%02x \n", i, *(sa->ecs + i)); + printf("\t ecs[%d] = 0x%02x \n", i, (sa->ecs + i)); } } printf("\t ekid = %d \n", sa->ekid); @@ -213,7 +213,7 @@ void Crypto_saPrint(SecurityAssociation_t* sa) printf("\t akid = %d \n", sa->akid); printf("\t ak_ref = %s \n", sa->ak_ref); printf("\t iv_len = %d \n", sa->shivf_len); - if (sa->iv != NULL) + if (sa->iv_len > 0) { for (i = 0; i < sa->iv_len; i++) { @@ -224,15 +224,9 @@ void Crypto_saPrint(SecurityAssociation_t* sa) printf("\t iv = %s \n", sa->iv); } printf("\t acs_len = %d \n", sa->acs_len); - if (sa->acs != NULL) - { - for (i = 0; i < sa->acs_len; i++) - { - printf("\t acs[%d] = 0x%02x \n", i, *(sa->acs + i)); - } - } + printf("\t acs = 0x%02x \n", sa->acs); printf("\t abm_len = %d \n", sa->abm_len); - if (sa->abm != NULL) + if (sa->abm_len > 0) { printf("\t abm = "); for (i = 0; i < sa->abm_len; i++) @@ -242,7 +236,7 @@ void Crypto_saPrint(SecurityAssociation_t* sa) printf("\n"); } printf("\t arsn_len = %d \n", sa->arsn_len); - if (sa->arsn != NULL) + if (sa->arsn_len > 0) { printf("\t arsn = "); for (i = 0; i < sa->arsn_len; i++) diff --git a/src/src_main/crypto_tc.c b/src/core/crypto_tc.c similarity index 64% rename from src/src_main/crypto_tc.c rename to src/core/crypto_tc.c index 3c3dc641..7fbec841 100644 --- a/src/src_main/crypto_tc.c +++ b/src/core/crypto_tc.c @@ -24,8 +24,8 @@ #include // memcpy /* Helper functions */ -static int32_t crypto_tc_validate_sa(SecurityAssociation_t *sa); -static int32_t crypto_handle_incrementing_nontransmitted_counter(uint8_t* dest, uint8_t* src, int src_full_len,int transmitted_len, int window); +static int32_t crypto_tc_validate_sa(SecurityAssociation_t* sa); +static int32_t crypto_handle_incrementing_nontransmitted_counter(uint8_t* dest, uint8_t* src, int src_full_len, int transmitted_len, int window); /** * @brief Function: Crypto_TC_ApplySecurity @@ -39,8 +39,8 @@ static int32_t crypto_handle_incrementing_nontransmitted_counter(uint8_t* dest, int32_t Crypto_TC_ApplySecurity(const uint8_t* p_in_frame, const uint16_t in_frame_length, uint8_t** pp_in_frame, uint16_t* p_enc_frame_len) { - //Passthrough to maintain original function signature when CAM isn't used. - return Crypto_TC_ApplySecurity_Cam(p_in_frame, in_frame_length, pp_in_frame, p_enc_frame_len,NULL); + // Passthrough to maintain original function signature when CAM isn't used. + return Crypto_TC_ApplySecurity_Cam(p_in_frame, in_frame_length, pp_in_frame, p_enc_frame_len, NULL); } /** * @brief Function: Crypto_TC_ApplySecurity_Cam @@ -53,7 +53,7 @@ int32_t Crypto_TC_ApplySecurity(const uint8_t* p_in_frame, const uint16_t in_fra * @return int32: Success/Failure **/ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in_frame_length, uint8_t** pp_in_frame, - uint16_t* p_enc_frame_len, char* cam_cookies) + uint16_t* p_enc_frame_len, char* cam_cookies) { // Local Variables int32_t status = CRYPTO_LIB_SUCCESS; @@ -70,6 +70,7 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in uint8_t ecs_is_aead_algorithm; int i; uint32_t pkcs_padding = 0; + crypto_key_t* ekp = NULL; #ifdef DEBUG printf(KYEL "\n----- Crypto_TC_ApplySecurity START -----\n" RESET); @@ -79,6 +80,7 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in { status = CRYPTO_LIB_ERR_NULL_BUFFER; printf(KRED "Error: Input Buffer NULL! \n" RESET); + mc_if->mc_log(status); return status; // Just return here, nothing can be done. } @@ -87,25 +89,27 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in printf("DEBUG - "); for (i = 0; i < in_frame_length; i++) { - printf("%02X", ((uint8_t* )&*p_in_frame)[i]); + printf("%02X", ((uint8_t*)&*p_in_frame)[i]); } printf("\nPrinted %d bytes\n", in_frame_length); #else // TODO - Find another way to know this and remove this argument - uint16_t tmp = in_frame_length; + uint16_t tmp = in_frame_length; tmp = tmp; #endif - if (crypto_config == NULL) + if ((crypto_config.init_status == UNITIALIZED) || (mc_if == NULL) || (sa_if == NULL)) { printf(KRED "ERROR: CryptoLib Configuration Not Set! -- CRYPTO_LIB_ERR_NO_CONFIG, Will Exit\n" RESET); status = CRYPTO_LIB_ERR_NO_CONFIG; - return status; // return immediately so a NULL crypto_config is not dereferenced later + // Can't mc_log since it's not configured + return status; // return immediately so a NULL crypto_config is not dereferenced later } if (in_frame_length < 5) // Frame length doesn't have enough bytes for TC TF header -- error out. { status = CRYPTO_LIB_ERR_INPUT_FRAME_TOO_SHORT_FOR_TC_STANDARD; + mc_if->mc_log(status); return status; } @@ -116,14 +120,15 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in temp_tc_header.spare = ((uint8_t)p_in_frame[0] & 0x0C) >> 2; temp_tc_header.scid = ((uint8_t)p_in_frame[0] & 0x03) << 8; temp_tc_header.scid = temp_tc_header.scid | (uint8_t)p_in_frame[1]; - temp_tc_header.vcid = ((uint8_t)p_in_frame[2] & 0xFC) >> 2 & crypto_config->vcid_bitmask; + temp_tc_header.vcid = ((uint8_t)p_in_frame[2] & 0xFC) >> 2 & crypto_config.vcid_bitmask; temp_tc_header.fl = ((uint8_t)p_in_frame[2] & 0x03) << 8; temp_tc_header.fl = temp_tc_header.fl | (uint8_t)p_in_frame[3]; temp_tc_header.fsn = (uint8_t)p_in_frame[4]; - if (in_frame_length < temp_tc_header.fl+1) // Specified frame length larger than provided frame! + if (in_frame_length < temp_tc_header.fl + 1) // Specified frame length larger than provided frame! { status = CRYPTO_LIB_ERR_INPUT_FRAME_LENGTH_SHORTER_THAN_FRAME_HEADERS_LENGTH; + mc_if->mc_log(status); return status; } @@ -132,6 +137,7 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in gvcid_managed_parameters, ¤t_managed_parameters); if (status != CRYPTO_LIB_SUCCESS) { + mc_if->mc_log(status); return status; } // Unable to get necessary Managed Parameters for TC TF -- return with error. @@ -155,33 +161,27 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in printf(KYEL "DEBUG - Received Control/Command frame - nothing to do.\n" RESET); #endif status = CRYPTO_LIB_ERR_INVALID_CC_FLAG; + mc_if->mc_log(status); return status; } if (status == CRYPTO_LIB_SUCCESS) { - // Query SA DB for active SA / SDLS parameters - if (sadb_routine == NULL) // This should not happen, but tested here for safety - { - printf(KRED "ERROR: SA DB Not initalized! -- CRYPTO_LIB_ERR_NO_INIT, Will Exit\n" RESET); - status = CRYPTO_LIB_ERR_NO_INIT; - } - else - { - status = sadb_routine->sadb_get_operational_sa_from_gvcid(temp_tc_header.tfvn, temp_tc_header.scid, - temp_tc_header.vcid, map_id, &sa_ptr); - } + status = sa_if->sa_get_operational_sa_from_gvcid(temp_tc_header.tfvn, temp_tc_header.scid, + temp_tc_header.vcid, map_id, &sa_ptr); // If unable to get operational SA, can return if (status != CRYPTO_LIB_SUCCESS) { + mc_if->mc_log(status); return status; } // Try to assure SA is sane status = crypto_tc_validate_sa(sa_ptr); if (status != CRYPTO_LIB_SUCCESS) - { - return status; + { + mc_if->mc_log(status); + return status; } #ifdef SA_DEBUG @@ -212,15 +212,16 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in // Leaving for now as it would be cleaner in SA to have an association enum returned I believe printf(KRED "Error: SA Service Type is not defined! \n" RESET); status = CRYPTO_LIB_ERROR; + mc_if->mc_log(status); return status; } // Determine Algorithm cipher & mode. // TODO - Parse authentication_cipher, and handle AEAD cases properly if (sa_service_type != SA_PLAINTEXT) { - if (sa_ptr->ecs != NULL) + if (sa_ptr->ecs != CRYPTO_CIPHER_NONE) { - encryption_cipher = *sa_ptr->ecs; + encryption_cipher = sa_ptr->ecs; #ifdef TC_DEBUG printf(KYEL "SA Encryption Cipher: %d\n", encryption_cipher); #endif @@ -233,13 +234,13 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in ecs_is_aead_algorithm = Crypto_Is_AEAD_Algorithm(encryption_cipher); } - if ( encryption_cipher == CRYPTO_CIPHER_NONE && sa_ptr->est == 1) + if (encryption_cipher == CRYPTO_CIPHER_NONE && sa_ptr->est == 1) { status = CRYPTO_LIB_ERR_NO_ECS_SET_FOR_ENCRYPTION_MODE; + mc_if->mc_log(status); return status; } - #ifdef TC_DEBUG switch (sa_service_type) { @@ -259,7 +260,7 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in #endif // Determine if segment header exists - uint8_t segment_hdr_len = SEGMENT_HDR_SIZE; + uint8_t segment_hdr_len = TC_SEGMENT_HDR_SIZE; if (current_managed_parameters->has_segmentation_hdr == TC_NO_SEGMENT_HDRS) { segment_hdr_len = 0; @@ -271,44 +272,40 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in { fecf_len = 0; } - + // Calculate tf_payload length here to be used in other logic tf_payload_len = temp_tc_header.fl - TC_FRAME_HEADER_SIZE - segment_hdr_len - fecf_len + 1; - switch (sa_service_type) - { - case SA_PLAINTEXT: - // Ingest length + spi_index (2) + some variable length fields - *p_enc_frame_len = temp_tc_header.fl + 1 + 2 + sa_ptr->shplf_len; - new_enc_frame_header_field_length = (*p_enc_frame_len) - 1; - break; - case SA_AUTHENTICATION: - // Ingest length + spi_index (2) + shivf_len (varies) + shsnf_len (varies) - // + shplf_len + arsn_len + pad_size + stmacf_len - // TODO: If ARSN is transmitted in the SHSNF field (as in CMAC... don't double count those bytes) - *p_enc_frame_len = temp_tc_header.fl + 1 + 2 + sa_ptr->shivf_len + sa_ptr->shsnf_len + sa_ptr->shplf_len + sa_ptr->stmacf_len; - new_enc_frame_header_field_length = (*p_enc_frame_len) - 1; - break; - case SA_ENCRYPTION: - // Ingest length + 1 (accounts for -1 to length) + spi_index (2) + shivf_len (varies) + shsnf_len (varies) - // + shplf_len + arsn_len + pad_size - *p_enc_frame_len = temp_tc_header.fl + 1 + 2 + sa_ptr->shivf_len + sa_ptr->shsnf_len + sa_ptr->shplf_len; - //+ sa_ptr->arsn_len; //should point to shplf_len - - new_enc_frame_header_field_length = (*p_enc_frame_len) - 1; + /** + * A note on plaintext: Take a permissive approach to allow the lengths of fields that aren't going to be used. + * The 355.0-B-2 (July 2022) says the following in $4.2.2.4: + * 'It is possible to create a ‘clear mode’ SA using one of the defined service types by + specifying the algorithm as a ‘no-op’ function (no actual cryptographic operation to + be performed). Such an SA might be used, for example, during development + testing of other aspects of data link processing before cryptographic capabilities are + available for integrated testing.In this scenario, the Security Header and Trailer + field lengths are kept constant across all supported configurations. For security + reasons, the use of such an SA is not recommended in normal operation.' + */ + // Calculate frame lengths based on SA fields + *p_enc_frame_len = temp_tc_header.fl + 1 + 2 + sa_ptr->shivf_len + sa_ptr->shsnf_len + sa_ptr->shplf_len + sa_ptr->stmacf_len; + new_enc_frame_header_field_length = (*p_enc_frame_len) - 1; + + if (sa_service_type == SA_ENCRYPTION) + { // Handle Padding, if necessary - if(*(sa_ptr->ecs) == CRYPTO_CIPHER_AES256_CBC) + if (sa_ptr->ecs == CRYPTO_CIPHER_AES256_CBC) { pkcs_padding = tf_payload_len % TC_BLOCK_SIZE; // Block Sizes of 16 - - pkcs_padding = TC_BLOCK_SIZE - pkcs_padding; //Could potentially need 16 bytes of padding. - - *p_enc_frame_len += pkcs_padding; // Add the necessary padding to the frame_len + new pad length field - + + pkcs_padding = TC_BLOCK_SIZE - pkcs_padding; // Could potentially need 16 bytes of padding. + + *p_enc_frame_len += pkcs_padding; // Add the necessary padding to the frame_len + new pad length field + new_enc_frame_header_field_length = (*p_enc_frame_len) - 1; #ifdef DEBUG - + printf("SHPLF_LEN: %d\n", sa_ptr->shplf_len); printf("Padding Needed: %d\n", pkcs_padding); printf("Previous data_len: %d\n", tf_payload_len); @@ -316,23 +313,18 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in printf("New enc_frame_len: %d\n", (*p_enc_frame_len)); #endif // Don't Exceed Max Frame Size! 1024 - if(*p_enc_frame_len > TC_MAX_FRAME_SIZE) + if (*p_enc_frame_len > TC_MAX_FRAME_SIZE) { - return CRYPTO_LIB_ERR_TC_FRAME_SIZE_EXCEEDS_SPEC_LIMIT; + status = CRYPTO_LIB_ERR_TC_FRAME_SIZE_EXCEEDS_SPEC_LIMIT; + mc_if->mc_log(status); + return status; } - } - break; - case SA_AUTHENTICATED_ENCRYPTION: - // Ingest length + spi_index (2) + shivf_len (varies) + shsnf_len (varies) - // + shplf_len + arsn_len + pad_size + stmacf_len - *p_enc_frame_len = temp_tc_header.fl + 1 + 2 + sa_ptr->shivf_len + sa_ptr->shsnf_len + sa_ptr->shplf_len + - sa_ptr->arsn_len + sa_ptr->stmacf_len; - new_enc_frame_header_field_length = (*p_enc_frame_len) - 1; - break; - default: + } + + if (sa_service_type != (SA_PLAINTEXT || SA_AUTHENTICATED_ENCRYPTION || SA_ENCRYPTION || SA_AUTHENTICATION)) + { printf(KRED "Unknown SA Service Type Detected!" RESET); - break; } // Ensure the frame to be created will not violate managed parameter maximum length @@ -344,6 +336,7 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in #endif printf(KRED "Error: New frame would violate maximum tc frame managed parameter! \n" RESET); status = CRYPTO_LIB_ERR_TC_FRAME_SIZE_EXCEEDS_MANAGED_PARAM_MAX_LIMIT; + mc_if->mc_log(status); return status; } // Ensure the frame to be created will not violate spec max length @@ -351,25 +344,25 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in { printf(KRED "Error: New frame would violate specification max TC frame size! \n" RESET); status = CRYPTO_LIB_ERR_TC_FRAME_SIZE_EXCEEDS_SPEC_LIMIT; + mc_if->mc_log(status); return status; } // Accio buffer - p_new_enc_frame = (uint8_t* )malloc((*p_enc_frame_len) * sizeof(uint8_t)); + p_new_enc_frame = (uint8_t*)malloc((*p_enc_frame_len) * sizeof(uint8_t)); if (!p_new_enc_frame) { printf(KRED "Error: Malloc for encrypted output buffer failed! \n" RESET); status = CRYPTO_LIB_ERROR; + mc_if->mc_log(status); return status; } memset(p_new_enc_frame, 0, *p_enc_frame_len); - - #ifdef TC_DEBUG printf(KYEL "DEBUG - Total TC Buffer to be malloced is: %d bytes\n" RESET, *p_enc_frame_len); printf(KYEL "\tlen of TF\t = %d\n" RESET, temp_tc_header.fl); - printf(KYEL "\tsegment hdr len\t = %d\n" RESET, segment_hdr_len); + printf(KYEL "\tsegment hdr len\t = %d\n" RESET, segment_hdr_len); printf(KYEL "\tspi len\t\t = 2\n" RESET); printf(KYEL "\tshivf_len\t = %d\n" RESET, sa_ptr->shivf_len); printf(KYEL "\tiv_len\t\t = %d\n" RESET, sa_ptr->iv_len); @@ -392,7 +385,7 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in printf(KYEL "Printing updated TF Header:\n\t"); for (i = 0; i < TC_FRAME_HEADER_SIZE; i++) { - printf("%02X", *(p_new_enc_frame + i)); + printf("%02X",*(p_new_enc_frame + i)); } // Recall: The buffer length is 1 greater than the field value set in the TCTF printf("\n\tLength set to 0x%02X\n" RESET, new_enc_frame_header_field_length); @@ -419,42 +412,43 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in // Set initialization vector if specified #ifdef SA_DEBUG - if (sa_ptr->shivf_len > 0 && sa_ptr->iv != NULL) + if (sa_ptr->shivf_len > 0 && sa_ptr->iv != NULL) + { + printf(KYEL "Using IV value:\n\t"); + for (i = 0; i < sa_ptr->iv_len; i++) { - printf(KYEL "Using IV value:\n\t"); - for (i = 0; i < sa_ptr->iv_len; i++) - { - printf("%02x", *(sa_ptr->iv + i)); - } - printf("\n" RESET); - printf(KYEL "Transmitted IV value:\n\t"); - for (i = sa_ptr->iv_len - sa_ptr->shivf_len; i < sa_ptr->iv_len; i++) - { - printf("%02x", *(sa_ptr->iv + i)); - } - printf("\n" RESET); + printf("%02x", *(sa_ptr->iv + i)); } + printf("\n" RESET); + printf(KYEL "Transmitted IV value:\n\t"); + for (i = sa_ptr->iv_len - sa_ptr->shivf_len; i < sa_ptr->iv_len; i++) + { + printf("%02x", *(sa_ptr->iv + i)); + } + printf("\n" RESET); + } #endif - if(sa_service_type != SA_PLAINTEXT && sa_ptr->ecs == NULL && sa_ptr->acs == NULL) - { - return CRYPTO_LIB_ERR_NULL_CIPHERS; - } + // if(sa_service_type != SA_PLAINTEXT) + //{ + // return CRYPTO_LIB_ERR_NULL_CIPHERS; + // } - if(sa_ptr->est == 0 && sa_ptr->ast == 1) + if ((sa_ptr->est == 0) && (sa_ptr->ast == 1)) { - if(sa_ptr->acs !=NULL && sa_ptr->acs_len != 0) + if (sa_ptr->acs_len != 0) { - if((*(sa_ptr->acs) == CRYPTO_MAC_CMAC_AES256 || *(sa_ptr->acs) == CRYPTO_MAC_HMAC_SHA256 || *(sa_ptr->acs) == CRYPTO_MAC_HMAC_SHA512) && - sa_ptr->iv_len > 0 ) - { - return CRYPTO_LIB_ERR_IV_NOT_SUPPORTED_FOR_ACS_ALGO; - } + if ((sa_ptr->acs == CRYPTO_MAC_CMAC_AES256 || sa_ptr->acs == CRYPTO_MAC_HMAC_SHA256 || sa_ptr->acs == CRYPTO_MAC_HMAC_SHA512) && + sa_ptr->iv_len > 0) + { + status = CRYPTO_LIB_ERR_IV_NOT_SUPPORTED_FOR_ACS_ALGO; + mc_if->mc_log(status); + return status; + } } - } + } - // Copy in IV from SA if not NULL and transmitted length > 0 - if (sa_ptr->iv != NULL) + if (crypto_config.iv_type == IV_INTERNAL) { // Start index from the transmitted portion for (i = sa_ptr->iv_len - sa_ptr->shivf_len; i < sa_ptr->iv_len; i++) @@ -463,11 +457,11 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in index++; } } - // IV is NULL - else + // IV is NULL / IV_CRYPTO_MODULE + else { // Transmitted length > 0, AND using KMC_CRYPTO - if ((sa_ptr->shivf_len > 0) && crypto_config->cryptography_type == CRYPTOGRAPHY_TYPE_KMCCRYPTO) + if ((sa_ptr->shivf_len > 0) && (crypto_config.cryptography_type == CRYPTOGRAPHY_TYPE_KMCCRYPTO)) { index += sa_ptr->iv_len - (sa_ptr->iv_len - sa_ptr->shivf_len); } @@ -477,7 +471,9 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in } else { - return CRYPTO_LIB_ERR_NULL_IV; + status = CRYPTO_LIB_ERR_NULL_IV; + mc_if->mc_log(status); + return status; } } @@ -508,35 +504,34 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in */ // TODO: Set this depending on crypto cipher used - if(pkcs_padding) + if (pkcs_padding) { - uint8_t hex_padding[3] = {0}; //TODO: Create #Define for the 3 + uint8_t hex_padding[3] = {0}; // TODO: Create #Define for the 3 pkcs_padding = pkcs_padding & 0x00FFFFFF; // Truncate to be maxiumum of 3 bytes in size - + // Byte Magic hex_padding[0] = (pkcs_padding >> 16) & 0xFF; - hex_padding[1] = (pkcs_padding >> 8) & 0xFF; - hex_padding[2] = (pkcs_padding) & 0xFF; - + hex_padding[1] = (pkcs_padding >> 8) & 0xFF; + hex_padding[2] = (pkcs_padding)&0xFF; + uint8_t padding_start = 0; padding_start = 3 - sa_ptr->shplf_len; for (i = 0; i < sa_ptr->shplf_len; i++) { - *(p_new_enc_frame + index) = hex_padding[padding_start++]; + *(p_new_enc_frame + index) = hex_padding[padding_start++]; index++; } } - /* ** End Security Header Fields */ // Copy in original TF data - except FECF // Will be over-written if using encryption later - //tf_payload_len = temp_tc_header.fl - TC_FRAME_HEADER_SIZE - segment_hdr_len - fecf_len + 1; - + // tf_payload_len = temp_tc_header.fl - TC_FRAME_HEADER_SIZE - segment_hdr_len - fecf_len + 1; + memcpy((p_new_enc_frame + index), (p_in_frame + TC_FRAME_HEADER_SIZE + segment_hdr_len), tf_payload_len); index += tf_payload_len; for (uint32_t i = 0; i < pkcs_padding; i++) @@ -572,20 +567,21 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in // Prepare the Header AAD (CCSDS 335.0-B-1 4.2.3.2.2.3) aad_len = TC_FRAME_HEADER_SIZE + segment_hdr_len + SPI_LEN + sa_ptr->shivf_len + - sa_ptr->shsnf_len + sa_ptr->shplf_len; + sa_ptr->shsnf_len + sa_ptr->shplf_len; if (sa_service_type == SA_AUTHENTICATION) // auth only, we authenticate the payload as part of the AEAD encrypt call here { aad_len += tf_payload_len; } #ifdef TC_DEBUG - printf("Calculated AAD Length: %d\n",aad_len); + printf("Calculated AAD Length: %d\n", aad_len); #endif if (sa_ptr->abm_len < aad_len) { - return CRYPTO_LIB_ERR_ABM_TOO_SHORT_FOR_AAD; + status = CRYPTO_LIB_ERR_ABM_TOO_SHORT_FOR_AAD; + mc_if->mc_log(status); + return status; } aad = Crypto_Prepare_TC_AAD(p_new_enc_frame, aad_len, sa_ptr->abm); - } #ifdef TC_DEBUG @@ -593,95 +589,141 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in printf("Input bytes input_loc is %d\n", TC_FRAME_HEADER_SIZE + segment_hdr_len); #endif - if(ecs_is_aead_algorithm == CRYPTO_TRUE) + /* Get Key */ + ekp = key_if->get_key(sa_ptr->ekid); + if (ekp == NULL) + { + status = CRYPTO_LIB_ERR_KEY_ID_ERROR; + mc_if->mc_log(status); + return status; + } + + if (ecs_is_aead_algorithm == CRYPTO_TRUE) { - status = cryptography_if->cryptography_aead_encrypt(&p_new_enc_frame[index], // ciphertext output - (size_t)tf_payload_len, - //&p_new_enc_frame[index], // length of data + // Check that key length to be used ets the algorithm requirement + if ((int32_t)ekp->key_len != Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs)) + { + if (!aad) free(aad); + status = CRYPTO_LIB_ERR_KEY_LENGTH_ERROR; + mc_if->mc_log(status); + return status; + } + + status = cryptography_if->cryptography_aead_encrypt(&p_new_enc_frame[index], // ciphertext output + (size_t)tf_payload_len, // length of data (uint8_t*)(p_in_frame + TC_FRAME_HEADER_SIZE + segment_hdr_len), // plaintext input - (size_t)tf_payload_len, // in data length - NULL, // Using SA key reference, key is null - Crypto_Get_ECS_Algo_Keylen(*sa_ptr->ecs), // Length of key derived from sa_ptr key_ref - sa_ptr, // SA (for key reference) - sa_ptr->iv, // IV - sa_ptr->iv_len, // IV Length - mac_ptr, // tag output - sa_ptr->stmacf_len, // tag size - aad, // AAD Input - aad_len, // Length of AAD - (sa_ptr->est==1), - (sa_ptr->ast==1), - (sa_ptr->ast==1), - sa_ptr->ecs, // encryption cipher - sa_ptr->acs, // authentication cipher - cam_cookies - ); - - } else // non aead algorithm + (size_t)tf_payload_len, // in data length + &(ekp->value[0]), // Key + Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs), // Length of key derived from sa_ptr key_ref + sa_ptr, // SA (for key reference) + sa_ptr->iv, // IV + sa_ptr->iv_len, // IV Length + mac_ptr, // tag output + sa_ptr->stmacf_len, // tag size + aad, // AAD Input + aad_len, // Length of AAD + (sa_ptr->est == 1), + (sa_ptr->ast == 1), + (sa_ptr->ast == 1), + &sa_ptr->ecs, // encryption cipher + &sa_ptr->acs, // authentication cipher + cam_cookies); + } + else // non aead algorithm { // TODO - implement non-AEAD algorithm logic if (sa_service_type == SA_ENCRYPTION) { - status = cryptography_if->cryptography_encrypt(&p_new_enc_frame[index], // ciphertext output - (size_t)tf_payload_len, - &p_new_enc_frame[index], // length of data - //(uint8_t*)(p_in_frame + TC_FRAME_HEADER_SIZE + segment_hdr_len), // plaintext input - (size_t)tf_payload_len, // in data length - //new_frame_length, - NULL, // Using SA key reference, key is null - Crypto_Get_ECS_Algo_Keylen(*sa_ptr->ecs), // Length of key derived from sa_ptr key_ref - sa_ptr, // SA (for key reference) - sa_ptr->iv, // IV - sa_ptr->iv_len, // IV Length - sa_ptr->ecs, // encryption cipher - pkcs_padding, - cam_cookies - ); + // Check that key length to be used ets the algorithm requirement + if ((int32_t)ekp->key_len != Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs)) + { + if (!aad) free(aad); + return CRYPTO_LIB_ERR_KEY_LENGTH_ERROR; + } + + status = cryptography_if->cryptography_encrypt(&p_new_enc_frame[index], // ciphertext output + (size_t)tf_payload_len, + &p_new_enc_frame[index], // length of data + //(uint8_t*)(p_in_frame + TC_FRAME_HEADER_SIZE + segment_hdr_len), // plaintext input + (size_t)tf_payload_len, // in data length + // new_frame_length, + &(ekp->value[0]), // Key + Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs), // Length of key derived from sa_ptr key_ref + sa_ptr, // SA (for key reference) + sa_ptr->iv, // IV + sa_ptr->iv_len, // IV Length + &sa_ptr->ecs, // encryption cipher + pkcs_padding, + cam_cookies); } if (sa_service_type == SA_AUTHENTICATION) { - status = cryptography_if->cryptography_authenticate(&p_new_enc_frame[index], // ciphertext output - (size_t)tf_payload_len, // length of data - (uint8_t*)(p_in_frame + TC_FRAME_HEADER_SIZE + segment_hdr_len), // plaintext input - (size_t)tf_payload_len, // in data length - NULL, // Using SA key reference, key is null - Crypto_Get_ACS_Algo_Keylen(*sa_ptr->acs), - sa_ptr, // SA (for key reference) - sa_ptr->iv, // IV - sa_ptr->iv_len, // IV Length - mac_ptr, // tag output - sa_ptr->stmacf_len, // tag size - aad, // AAD Input - aad_len, // Length of AAD - *sa_ptr->ecs, // encryption cipher - *sa_ptr->acs, // authentication cipher - cam_cookies - ); + /* Get Key */ + crypto_key_t* akp = NULL; + akp = key_if->get_key(sa_ptr->akid); + if (akp == NULL) + { + return CRYPTO_LIB_ERR_KEY_ID_ERROR; + } + + // Check that key length to be used ets the algorithm requirement + if ((int32_t)akp->key_len != Crypto_Get_ACS_Algo_Keylen(sa_ptr->acs)) + { + if (!aad) free(aad); + return CRYPTO_LIB_ERR_KEY_LENGTH_ERROR; + } + + status = cryptography_if->cryptography_authenticate(&p_new_enc_frame[index], // ciphertext output + (size_t)tf_payload_len, // length of data + (uint8_t*)(p_in_frame + TC_FRAME_HEADER_SIZE + segment_hdr_len), // plaintext input + (size_t)tf_payload_len, // in data length + &(akp->value[0]), // Key + Crypto_Get_ACS_Algo_Keylen(sa_ptr->acs), + sa_ptr, // SA (for key reference) + sa_ptr->iv, // IV + sa_ptr->iv_len, // IV Length + mac_ptr, // tag output + sa_ptr->stmacf_len, // tag size + aad, // AAD Input + aad_len, // Length of AAD + sa_ptr->ecs, // encryption cipher + sa_ptr->acs, // authentication cipher + cam_cookies); } } if (status != CRYPTO_LIB_SUCCESS) { - if (!aad) free (aad); + if (!aad) free(aad); + mc_if->mc_log(status); return status; // Cryptography IF call failed, return. } } if (sa_service_type != SA_PLAINTEXT) { #ifdef INCREMENT - if (crypto_config->crypto_increment_nontransmitted_iv == SA_INCREMENT_NONTRANSMITTED_IV_TRUE) + if (crypto_config.crypto_increment_nontransmitted_iv == SA_INCREMENT_NONTRANSMITTED_IV_TRUE) { - if(sa_ptr->shivf_len > 0 && sa_ptr->iv != NULL){ Crypto_increment(sa_ptr->iv, sa_ptr->iv_len); } + if (sa_ptr->shivf_len > 0 && sa_ptr->iv_len != 0) + { + Crypto_increment(sa_ptr->iv, sa_ptr->iv_len); + } } else // SA_INCREMENT_NONTRANSMITTED_IV_FALSE { // Only increment the transmitted portion - if(sa_ptr->shivf_len > 0 && sa_ptr->iv != NULL){ Crypto_increment(sa_ptr->iv+(sa_ptr->iv_len-sa_ptr->shivf_len), sa_ptr->shivf_len); } + if (sa_ptr->shivf_len > 0 && sa_ptr->iv_len != 0) + { + Crypto_increment(sa_ptr->iv + (sa_ptr->iv_len - sa_ptr->shivf_len), sa_ptr->shivf_len); + } } - if(sa_ptr->shsnf_len > 0){ Crypto_increment(sa_ptr->arsn, sa_ptr->arsn_len); } - + if (sa_ptr->shsnf_len > 0) + { + Crypto_increment(sa_ptr->arsn, sa_ptr->arsn_len); + } + #ifdef SA_DEBUG - if(sa_ptr->iv != NULL) + if (sa_ptr->iv_len > 0) { printf(KYEL "Next IV value is:\n\t"); for (i = 0; i < sa_ptr->iv_len; i++) @@ -690,7 +732,7 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in } printf("\n" RESET); printf(KYEL "Next transmitted IV value is:\n\t"); - for (i = sa_ptr->iv_len-sa_ptr->shivf_len; i < sa_ptr->iv_len; i++) + for (i = sa_ptr->iv_len - sa_ptr->shivf_len; i < sa_ptr->iv_len; i++) { printf("%02x", *(sa_ptr->iv + i)); } @@ -703,7 +745,7 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in } printf("\n" RESET); printf(KYEL "Next transmitted ARSN value is:\n\t"); - for (i = sa_ptr->arsn_len-sa_ptr->shsnf_len; i < sa_ptr->arsn_len; i++) + for (i = sa_ptr->arsn_len - sa_ptr->shsnf_len; i < sa_ptr->arsn_len; i++) { printf("%02x", *(sa_ptr->arsn + i)); } @@ -721,7 +763,7 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in #ifdef FECF_DEBUG printf(KCYN "Calcing FECF over %d bytes\n" RESET, new_enc_frame_header_field_length - 1); #endif - if (crypto_config->crypto_create_fecf == CRYPTO_TC_CREATE_FECF_TRUE) + if (crypto_config.crypto_create_fecf == CRYPTO_TC_CREATE_FECF_TRUE) { new_fecf = Crypto_Calc_FECF(p_new_enc_frame, new_enc_frame_header_field_length - 1); *(p_new_enc_frame + new_enc_frame_header_field_length - 1) = (uint8_t)((new_fecf & 0xFF00) >> 8); @@ -737,22 +779,23 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in #ifdef TC_DEBUG printf(KYEL "Printing new TC Frame of length %d:\n\t", *p_enc_frame_len); - for (i = 0; i < *p_enc_frame_len; i++) + for (i = 0; i <*p_enc_frame_len; i++) { - printf("%02X", *(p_new_enc_frame + i)); + printf("%02X",*(p_new_enc_frame + i)); } printf("\n\tThe returned length is: %d\n" RESET, new_enc_frame_header_field_length); #endif - *pp_in_frame = p_new_enc_frame; + *pp_in_frame = p_new_enc_frame; } - status = sadb_routine->sadb_save_sa(sa_ptr); + status = sa_if->sa_save_sa(sa_ptr); #ifdef DEBUG printf(KYEL "----- Crypto_TC_ApplySecurity END -----\n" RESET); #endif - if (!aad) free (aad); + if (!aad) free(aad); + mc_if->mc_log(status); return status; } @@ -763,8 +806,8 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in * @param len_ingest: int* * @param tc_sdls_processed_frame: TC_t* * @return int32: Success/Failure - **/ -int32_t Crypto_TC_ProcessSecurity(uint8_t* ingest, int *len_ingest, TC_t* tc_sdls_processed_frame) +**/ +int32_t Crypto_TC_ProcessSecurity(uint8_t* ingest, int* len_ingest, TC_t* tc_sdls_processed_frame) { // Pass-through to maintain original function signature when CAM isn't used. return Crypto_TC_ProcessSecurity_Cam(ingest, len_ingest, tc_sdls_processed_frame, NULL); @@ -777,8 +820,8 @@ int32_t Crypto_TC_ProcessSecurity(uint8_t* ingest, int *len_ingest, TC_t* tc_sdl * @param len_ingest: int* * @param tc_sdls_processed_frame: TC_t* * @return int32: Success/Failure - **/ -int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t* ingest, int *len_ingest, TC_t* tc_sdls_processed_frame, char* cam_cookies) +**/ +int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t* ingest, int* len_ingest, TC_t* tc_sdls_processed_frame, char* cam_cookies) // Loads the ingest frame into the global tc_frame while performing decryption { // Local Variables @@ -789,11 +832,13 @@ int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t* ingest, int *len_ingest, TC_t* tc uint16_t aad_len; uint32_t encryption_cipher; uint8_t ecs_is_aead_algorithm = -1; + crypto_key_t* ekp = NULL; - if (crypto_config == NULL) + if ((mc_if == NULL) || (crypto_config.init_status == UNITIALIZED)) { printf(KRED "ERROR: CryptoLib Configuration Not Set! -- CRYPTO_LIB_ERR_NO_CONFIG, Will Exit\n" RESET); status = CRYPTO_LIB_ERR_NO_CONFIG; + mc_if->mc_log(status); return status; } @@ -804,6 +849,7 @@ int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t* ingest, int *len_ingest, TC_t* tc if (*len_ingest < 5) // Frame length doesn't even have enough bytes for header -- error out. { status = CRYPTO_LIB_ERR_INPUT_FRAME_TOO_SHORT_FOR_TC_STANDARD; + mc_if->mc_log(status); return status; } @@ -817,7 +863,7 @@ int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t* ingest, int *len_ingest, TC_t* tc byte_idx++; tc_sdls_processed_frame->tc_header.scid = tc_sdls_processed_frame->tc_header.scid | (uint8_t)ingest[byte_idx]; byte_idx++; - tc_sdls_processed_frame->tc_header.vcid = (((uint8_t)ingest[byte_idx] & 0xFC) >> 2) & crypto_config->vcid_bitmask; + tc_sdls_processed_frame->tc_header.vcid = (((uint8_t)ingest[byte_idx] & 0xFC) >> 2) & crypto_config.vcid_bitmask; tc_sdls_processed_frame->tc_header.fl = ((uint8_t)ingest[byte_idx] & 0x03) << 8; byte_idx++; tc_sdls_processed_frame->tc_header.fl = tc_sdls_processed_frame->tc_header.fl | (uint8_t)ingest[byte_idx]; @@ -828,6 +874,7 @@ int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t* ingest, int *len_ingest, TC_t* tc if (*len_ingest < tc_sdls_processed_frame->tc_header.fl + 1) // Specified frame length larger than provided frame! { status = CRYPTO_LIB_ERR_INPUT_FRAME_LENGTH_SHORTER_THAN_FRAME_HEADERS_LENGTH; + mc_if->mc_log(status); return status; } @@ -838,6 +885,7 @@ int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t* ingest, int *len_ingest, TC_t* tc if (status != CRYPTO_LIB_SUCCESS) { + mc_if->mc_log(status); return status; } // Unable to get necessary Managed Parameters for TC TF -- return with error. // Segment Header @@ -853,28 +901,30 @@ int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t* ingest, int *len_ingest, TC_t* tc printf("vcid = %d \n", tc_sdls_processed_frame->tc_header.vcid); printf("spi = %d \n", tc_sdls_processed_frame->tc_sec_header.spi); #endif - status = sadb_routine->sadb_get_sa_from_spi(tc_sdls_processed_frame->tc_sec_header.spi, &sa_ptr); + status = sa_if->sa_get_from_spi(tc_sdls_processed_frame->tc_sec_header.spi, &sa_ptr); // If no valid SPI, return if (status != CRYPTO_LIB_SUCCESS) { + mc_if->mc_log(status); return status; } // Try to assure SA is sane status = crypto_tc_validate_sa(sa_ptr); if (status != CRYPTO_LIB_SUCCESS) - { - return status; + { + mc_if->mc_log(status); + return status; } // Allocate the necessary byte arrays within the security header + trailer given the SA - tc_sdls_processed_frame->tc_sec_header.iv = calloc(1,sa_ptr->iv_len); - tc_sdls_processed_frame->tc_sec_header.sn = calloc(1,sa_ptr->arsn_len); - tc_sdls_processed_frame->tc_sec_header.pad = calloc(1,sa_ptr->shplf_len); - tc_sdls_processed_frame->tc_sec_trailer.mac = calloc(1,sa_ptr->stmacf_len); + //tc_sdls_processed_frame->tc_sec_header.iv = calloc(1, sa_ptr->iv_len); + //tc_sdls_processed_frame->tc_sec_header.sn = calloc(1, sa_ptr->arsn_len); + //tc_sdls_processed_frame->tc_sec_header.pad = calloc(1, sa_ptr->shplf_len); + //tc_sdls_processed_frame->tc_sec_trailer.mac = calloc(1, sa_ptr->stmacf_len); // Set tc_sec_header + trailer fields for actual lengths from the SA (downstream apps won't know this length otherwise since they don't access the SADB!). tc_sdls_processed_frame->tc_sec_header.iv_field_len = sa_ptr->iv_len; tc_sdls_processed_frame->tc_sec_header.sn_field_len = sa_ptr->arsn_len; tc_sdls_processed_frame->tc_sec_header.pad_field_len = sa_ptr->shplf_len; - //sprintf(tc_sdls_processed_frame->tc_sec_header.pad, "%x", pkcs_padding); + // sprintf(tc_sdls_processed_frame->tc_sec_header.pad, "%x", pkcs_padding); tc_sdls_processed_frame->tc_sec_trailer.mac_field_len = sa_ptr->stmacf_len; // Determine SA Service Type @@ -900,12 +950,13 @@ int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t* ingest, int *len_ingest, TC_t* tc // Leaving for now as it would be cleaner in SA to have an association enum returned I believe printf(KRED "Error: SA Service Type is not defined! \n" RESET); status = CRYPTO_LIB_ERROR; + mc_if->mc_log(status); return status; } // Determine Algorithm cipher & mode. // TODO - Parse authentication_cipher, and handle AEAD cases properly if (sa_service_type != SA_PLAINTEXT) { - encryption_cipher = *sa_ptr->ecs; + encryption_cipher = sa_ptr->ecs; ecs_is_aead_algorithm = Crypto_Is_AEAD_Algorithm(encryption_cipher); } #ifdef TC_DEBUG @@ -933,7 +984,7 @@ int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t* ingest, int *len_ingest, TC_t* tc fecf_len = 0; } - uint8_t segment_hdr_len = SEGMENT_HDR_SIZE; + uint8_t segment_hdr_len = TC_SEGMENT_HDR_SIZE; if (current_managed_parameters->has_segmentation_hdr == TC_NO_SEGMENT_HDRS) { segment_hdr_len = 0; @@ -945,7 +996,7 @@ int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t* ingest, int *len_ingest, TC_t* tc tc_sdls_processed_frame->tc_sec_trailer.fecf = (((ingest[tc_sdls_processed_frame->tc_header.fl - 1] << 8) & 0xFF00) | (ingest[tc_sdls_processed_frame->tc_header.fl] & 0x00FF)); - if (crypto_config->crypto_check_fecf == TC_CHECK_FECF_TRUE) + if (crypto_config.crypto_check_fecf == TC_CHECK_FECF_TRUE) { uint16_t received_fecf = tc_sdls_processed_frame->tc_sec_trailer.fecf; // Calculate our own @@ -956,71 +1007,73 @@ int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t* ingest, int *len_ingest, TC_t* tc #ifdef DEBUG printf("Received FECF is 0x%04X\n", received_fecf); printf("Calculated FECF is 0x%04X\n", calculated_fecf); - printf("FECF was Calced over %d bytes\n", *len_ingest-2); + printf("FECF was Calced over %d bytes\n", *len_ingest - 2); #endif status = CRYPTO_LIB_ERR_INVALID_FECF; + mc_if->mc_log(status); return status; } } } // Parse transmitted portion of IV from received frame (Will be Whole IV if iv_len==shivf_len) - memcpy((tc_sdls_processed_frame->tc_sec_header.iv+(sa_ptr->iv_len-sa_ptr->shivf_len)), &(ingest[TC_FRAME_HEADER_SIZE + segment_hdr_len + SPI_LEN]), + memcpy((tc_sdls_processed_frame->tc_sec_header.iv + (sa_ptr->iv_len - sa_ptr->shivf_len)), &(ingest[TC_FRAME_HEADER_SIZE + segment_hdr_len + SPI_LEN]), sa_ptr->shivf_len); // Handle non-transmitted IV increment case (transmitted-portion roll-over) - if(sa_ptr->shivf_len < sa_ptr->iv_len && - crypto_config->ignore_anti_replay==TC_IGNORE_ANTI_REPLAY_FALSE && - crypto_config->crypto_increment_nontransmitted_iv==SA_INCREMENT_NONTRANSMITTED_IV_TRUE) + if (sa_ptr->shivf_len < sa_ptr->iv_len && + crypto_config.ignore_anti_replay == TC_IGNORE_ANTI_REPLAY_FALSE && + crypto_config.crypto_increment_nontransmitted_iv == SA_INCREMENT_NONTRANSMITTED_IV_TRUE) { - status = crypto_handle_incrementing_nontransmitted_counter(tc_sdls_processed_frame->tc_sec_header.iv,sa_ptr->iv,sa_ptr->iv_len,sa_ptr->shivf_len,sa_ptr->arsnw); + status = crypto_handle_incrementing_nontransmitted_counter(tc_sdls_processed_frame->tc_sec_header.iv, sa_ptr->iv, sa_ptr->iv_len, sa_ptr->shivf_len, sa_ptr->arsnw); if (status != CRYPTO_LIB_SUCCESS) { + mc_if->mc_log(status); return status; } } else // Not checking IV ARSNW or only non-transmitted portion is static; Note, non-transmitted IV in SA must match frame or will fail MAC check. { // Retrieve non-transmitted portion of IV from SA (if applicable) - memcpy(tc_sdls_processed_frame->tc_sec_header.iv, sa_ptr->iv, sa_ptr->iv_len-sa_ptr->shivf_len); + memcpy(tc_sdls_processed_frame->tc_sec_header.iv, sa_ptr->iv, sa_ptr->iv_len - sa_ptr->shivf_len); } #ifdef DEBUG printf("Full IV Value from Frame and SADB (if applicable):\n"); - Crypto_hexprint(tc_sdls_processed_frame->tc_sec_header.iv,sa_ptr->iv_len); + Crypto_hexprint(tc_sdls_processed_frame->tc_sec_header.iv, sa_ptr->iv_len); #endif // Parse transmitted portion of ARSN - memcpy((tc_sdls_processed_frame->tc_sec_header.sn + (sa_ptr->arsn_len-sa_ptr->shsnf_len)), + memcpy((tc_sdls_processed_frame->tc_sec_header.sn + (sa_ptr->arsn_len - sa_ptr->shsnf_len)), &(ingest[TC_FRAME_HEADER_SIZE + segment_hdr_len + SPI_LEN + sa_ptr->shivf_len]), sa_ptr->shsnf_len); // Handle non-transmitted SN increment case (transmitted-portion roll-over) - if(sa_ptr->shsnf_len < sa_ptr->arsn_len && - crypto_config->ignore_anti_replay==TC_IGNORE_ANTI_REPLAY_FALSE) + if (sa_ptr->shsnf_len < sa_ptr->arsn_len && + crypto_config.ignore_anti_replay == TC_IGNORE_ANTI_REPLAY_FALSE) { - status = crypto_handle_incrementing_nontransmitted_counter(tc_sdls_processed_frame->tc_sec_header.sn,sa_ptr->arsn,sa_ptr->arsn_len,sa_ptr->shsnf_len,sa_ptr->arsnw); + status = crypto_handle_incrementing_nontransmitted_counter(tc_sdls_processed_frame->tc_sec_header.sn, sa_ptr->arsn, sa_ptr->arsn_len, sa_ptr->shsnf_len, sa_ptr->arsnw); if (status != CRYPTO_LIB_SUCCESS) { + mc_if->mc_log(status); return status; } } else // Not checking ARSN in ARSNW { // Parse non-transmitted portion of ARSN from SA - memcpy(tc_sdls_processed_frame->tc_sec_header.sn, sa_ptr->arsn, sa_ptr->arsn_len-sa_ptr->shsnf_len); - + memcpy(tc_sdls_processed_frame->tc_sec_header.sn, sa_ptr->arsn, sa_ptr->arsn_len - sa_ptr->shsnf_len); } #ifdef DEBUG printf("Full ARSN Value from Frame and SADB (if applicable):\n"); - Crypto_hexprint(tc_sdls_processed_frame->tc_sec_header.sn,sa_ptr->arsn_len); + Crypto_hexprint(tc_sdls_processed_frame->tc_sec_header.sn, sa_ptr->arsn_len); #endif - + // Parse pad length - //tc_sdls_processed_frame->tc_sec_header.pad = malloc((sa_ptr->shplf_len * sizeof(uint8_t))); + // tc_sdls_processed_frame->tc_sec_header.pad = malloc((sa_ptr->shplf_len * sizeof(uint8_t))); memcpy((tc_sdls_processed_frame->tc_sec_header.pad), - &(ingest[TC_FRAME_HEADER_SIZE + segment_hdr_len + SPI_LEN + sa_ptr->shivf_len + sa_ptr->shsnf_len]), - sa_ptr->shplf_len); + &(ingest[TC_FRAME_HEADER_SIZE + segment_hdr_len + SPI_LEN + sa_ptr->shivf_len + sa_ptr->shsnf_len]), + sa_ptr->shplf_len); // Parse MAC, prepare AAD if ((sa_service_type == SA_AUTHENTICATION) || (sa_service_type == SA_AUTHENTICATED_ENCRYPTION)) @@ -1032,7 +1085,7 @@ int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t* ingest, int *len_ingest, TC_t* tc &(ingest[tc_mac_start_index]), sa_ptr->stmacf_len); #ifdef DEBUG printf("MAC Parsed from Frame:\n"); - Crypto_hexprint(tc_sdls_processed_frame->tc_sec_trailer.mac,sa_ptr->stmacf_len); + Crypto_hexprint(tc_sdls_processed_frame->tc_sec_trailer.mac, sa_ptr->stmacf_len); #endif aad_len = tc_mac_start_index; if ((sa_service_type == SA_AUTHENTICATED_ENCRYPTION) && (ecs_is_aead_algorithm == CRYPTO_TRUE)) @@ -1042,96 +1095,146 @@ int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t* ingest, int *len_ingest, TC_t* tc } if (sa_ptr->abm_len < aad_len) { - return CRYPTO_LIB_ERR_ABM_TOO_SHORT_FOR_AAD; + status = CRYPTO_LIB_ERR_ABM_TOO_SHORT_FOR_AAD; + mc_if->mc_log(status); + return status; } aad = Crypto_Prepare_TC_AAD(ingest, aad_len, sa_ptr->abm); } - + uint16_t tc_enc_payload_start_index = TC_FRAME_HEADER_SIZE + segment_hdr_len + SPI_LEN + sa_ptr->shivf_len + sa_ptr->shsnf_len + sa_ptr->shplf_len; - // Todo -- if encrypt only, ignore stmacf_len entirely to avoid erroring on SA misconfiguration... Or just throw a warning/error indicating SA misconfiguration? tc_sdls_processed_frame->tc_pdu_len = - tc_sdls_processed_frame->tc_header.fl + 1 - tc_enc_payload_start_index - sa_ptr->stmacf_len - fecf_len; + tc_sdls_processed_frame->tc_header.fl + 1 - tc_enc_payload_start_index - sa_ptr->stmacf_len - fecf_len; - if(tc_sdls_processed_frame->tc_pdu_len > tc_sdls_processed_frame->tc_header.fl) // invalid header parsed, sizes overflowed & make no sense! + if (tc_sdls_processed_frame->tc_pdu_len > tc_sdls_processed_frame->tc_header.fl) // invalid header parsed, sizes overflowed & make no sense! { - return CRYPTO_LIB_ERR_INVALID_HEADER; + status = CRYPTO_LIB_ERR_INVALID_HEADER; + mc_if->mc_log(status); + return status; } #ifdef DEBUG printf(KYEL "TC PDU Calculated Length: %d \n" RESET, tc_sdls_processed_frame->tc_pdu_len); #endif - if(sa_service_type != SA_PLAINTEXT && ecs_is_aead_algorithm == CRYPTO_TRUE) + /* Get Key */ + ekp = key_if->get_key(sa_ptr->ekid); + if (ekp == NULL) + { + status = CRYPTO_LIB_ERR_KEY_ID_ERROR; + mc_if->mc_log(status); + return status; + } + + crypto_key_t* akp = NULL; + akp = key_if->get_key(sa_ptr->akid); + if (akp == NULL) { - status = cryptography_if->cryptography_aead_decrypt(tc_sdls_processed_frame->tc_pdu, // plaintext output - (size_t)(tc_sdls_processed_frame->tc_pdu_len), // length of data - &(ingest[tc_enc_payload_start_index]), // ciphertext input - (size_t)(tc_sdls_processed_frame->tc_pdu_len), // in data length - NULL, // Key - Crypto_Get_ECS_Algo_Keylen(*sa_ptr->ecs), - sa_ptr, // SA for key reference - tc_sdls_processed_frame->tc_sec_header.iv, // IV - sa_ptr->iv_len, // IV Length - tc_sdls_processed_frame->tc_sec_trailer.mac, // Frame Expected Tag - sa_ptr->stmacf_len, // tag size - aad, // additional authenticated data - aad_len, // length of AAD - (sa_ptr->est), // Decryption Bool - (sa_ptr->ast), // Authentication Bool - (sa_ptr->ast), // AAD Bool - sa_ptr->ecs, // encryption cipher - sa_ptr->acs, // authentication cipher - cam_cookies - + status = CRYPTO_LIB_ERR_KEY_ID_ERROR; + mc_if->mc_log(status); + return status; + } + + if (sa_service_type != SA_PLAINTEXT && ecs_is_aead_algorithm == CRYPTO_TRUE) + { + // Check that key length to be used ets the algorithm requirement + if ((int32_t)ekp->key_len != Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs)) + { + if (!aad) free(aad); + status = CRYPTO_LIB_ERR_KEY_LENGTH_ERROR; + mc_if->mc_log(status); + return status; + } + + status = cryptography_if->cryptography_aead_decrypt( + tc_sdls_processed_frame->tc_pdu, // plaintext output + (size_t)(tc_sdls_processed_frame->tc_pdu_len), // length of data + &(ingest[tc_enc_payload_start_index]), // ciphertext input + (size_t)(tc_sdls_processed_frame->tc_pdu_len), // in data length + &(ekp->value[0]), // Key + Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs), // + sa_ptr, // SA for key reference + tc_sdls_processed_frame->tc_sec_header.iv, // IV + sa_ptr->iv_len, // IV Length + tc_sdls_processed_frame->tc_sec_trailer.mac, // Frame Expected Tag + sa_ptr->stmacf_len, // tag size + aad, // additional authenticated data + aad_len, // length of AAD + (sa_ptr->est), // Decryption Bool + (sa_ptr->ast), // Authentication Bool + (sa_ptr->ast), // AAD Bool + &sa_ptr->ecs, // encryption cipher + &sa_ptr->acs, // authentication cipher + cam_cookies // ); - }else if (sa_service_type != SA_PLAINTEXT && ecs_is_aead_algorithm == CRYPTO_FALSE) // Non aead algorithm + } + else if (sa_service_type != SA_PLAINTEXT && ecs_is_aead_algorithm == CRYPTO_FALSE) // Non aead algorithm { // TODO - implement non-AEAD algorithm logic - if(sa_service_type == SA_AUTHENTICATION || sa_service_type == SA_AUTHENTICATED_ENCRYPTION) + if (sa_service_type == SA_AUTHENTICATION || sa_service_type == SA_AUTHENTICATED_ENCRYPTION) { - status = cryptography_if->cryptography_validate_authentication(tc_sdls_processed_frame->tc_pdu, // plaintext output - (size_t)(tc_sdls_processed_frame->tc_pdu_len), // length of data - &(ingest[tc_enc_payload_start_index]), // ciphertext input - (size_t)(tc_sdls_processed_frame->tc_pdu_len), // in data length - NULL, // Key - Crypto_Get_ACS_Algo_Keylen(*sa_ptr->acs), - sa_ptr, // SA for key reference - tc_sdls_processed_frame->tc_sec_header.iv, // IV - sa_ptr->iv_len, // IV Length - tc_sdls_processed_frame->tc_sec_trailer.mac, // Frame Expected Tag - sa_ptr->stmacf_len, // tag size - aad, // additional authenticated data - aad_len, // length of AAD - CRYPTO_CIPHER_NONE, //encryption cipher - *sa_ptr->acs, //authentication cipher - cam_cookies + // Check that key length to be used ets the algorithm requirement + if ((int32_t)akp->key_len != Crypto_Get_ACS_Algo_Keylen(sa_ptr->acs)) + { + if (!aad) free(aad); + status = CRYPTO_LIB_ERR_KEY_LENGTH_ERROR; + mc_if->mc_log(status); + return status; + } + + status = cryptography_if->cryptography_validate_authentication( + tc_sdls_processed_frame->tc_pdu, // plaintext output + (size_t)(tc_sdls_processed_frame->tc_pdu_len), // length of data + &(ingest[tc_enc_payload_start_index]), // ciphertext input + (size_t)(tc_sdls_processed_frame->tc_pdu_len), // in data length + &(akp->value[0]), // Key + Crypto_Get_ACS_Algo_Keylen(sa_ptr->acs), // + sa_ptr, // SA for key reference + tc_sdls_processed_frame->tc_sec_header.iv, // IV + sa_ptr->iv_len, // IV Length + tc_sdls_processed_frame->tc_sec_trailer.mac, // Frame Expected Tag + sa_ptr->stmacf_len, // tag size + aad, // additional authenticated data + aad_len, // length of AAD + CRYPTO_CIPHER_NONE, // encryption cipher + sa_ptr->acs, // authentication cipher + cam_cookies // ); } - if(sa_service_type == SA_ENCRYPTION || sa_service_type == SA_AUTHENTICATED_ENCRYPTION) + if (sa_service_type == SA_ENCRYPTION || sa_service_type == SA_AUTHENTICATED_ENCRYPTION) { - status = cryptography_if->cryptography_decrypt(tc_sdls_processed_frame->tc_pdu, // plaintext output - (size_t)(tc_sdls_processed_frame->tc_pdu_len), // length of data - &(ingest[tc_enc_payload_start_index]), // ciphertext input - (size_t)(tc_sdls_processed_frame->tc_pdu_len), // in data length - NULL, // Key - Crypto_Get_ECS_Algo_Keylen(*sa_ptr->ecs), - sa_ptr, // SA for key reference - tc_sdls_processed_frame->tc_sec_header.iv, // IV - sa_ptr->iv_len, // IV Length - sa_ptr->ecs, // encryption cipher - sa_ptr->acs, // authentication cipher - cam_cookies - + // Check that key length to be used emets the algorithm requirement + if ((int32_t)ekp->key_len != Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs)) + { + if (!aad) free(aad); + status = CRYPTO_LIB_ERR_KEY_LENGTH_ERROR; + mc_if->mc_log(status); + return status; + } + + status = cryptography_if->cryptography_decrypt( + tc_sdls_processed_frame->tc_pdu, // plaintext output + (size_t)(tc_sdls_processed_frame->tc_pdu_len), // length of data + &(ingest[tc_enc_payload_start_index]), // ciphertext input + (size_t)(tc_sdls_processed_frame->tc_pdu_len), // in data length + &(ekp->value[0]), // Key + Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs), // + sa_ptr, // SA for key reference + tc_sdls_processed_frame->tc_sec_header.iv, // IV + sa_ptr->iv_len, // IV Length + &sa_ptr->ecs, // encryption cipher + &sa_ptr->acs, // authentication cipher + cam_cookies // ); - //Handle Padding Removal - if(sa_ptr->shplf_len != 0) + // Handle Padding Removal + if (sa_ptr->shplf_len != 0) { int padding_location = TC_FRAME_HEADER_SIZE + segment_hdr_len + SPI_LEN + sa_ptr->shivf_len + - sa_ptr->shsnf_len; + sa_ptr->shsnf_len; uint16_t padding_amount = 0; // Get Padding Amount from ingest frame padding_amount = (int)ingest[padding_location]; @@ -1139,58 +1242,58 @@ int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t* ingest, int *len_ingest, TC_t* tc tc_sdls_processed_frame->tc_pdu_len -= padding_amount; } } - - } else if(sa_service_type == SA_PLAINTEXT) + } + else if (sa_service_type == SA_PLAINTEXT) { - memcpy(tc_sdls_processed_frame->tc_pdu, &(ingest[tc_enc_payload_start_index]), - tc_sdls_processed_frame->tc_pdu_len); + memcpy(tc_sdls_processed_frame->tc_pdu, &(ingest[tc_enc_payload_start_index]), + tc_sdls_processed_frame->tc_pdu_len); } if (status != CRYPTO_LIB_SUCCESS) { - if (!aad) free (aad); + if (!aad) free(aad); + mc_if->mc_log(status); return status; // Cryptography IF call failed, return. } // Now that MAC has been verified, check IV & ARSN if applicable - if (crypto_config->ignore_anti_replay == TC_IGNORE_ANTI_REPLAY_FALSE && status == CRYPTO_LIB_SUCCESS) + if (crypto_config.ignore_anti_replay == TC_IGNORE_ANTI_REPLAY_FALSE && status == CRYPTO_LIB_SUCCESS) { status = Crypto_Check_Anti_Replay(sa_ptr, tc_sdls_processed_frame->tc_sec_header.sn, tc_sdls_processed_frame->tc_sec_header.iv); - if(status != CRYPTO_LIB_SUCCESS) + if (status != CRYPTO_LIB_SUCCESS) { - if (!aad) free (aad); + if (!aad) free(aad); + mc_if->mc_log(status); return status; } // Only save the SA (IV/ARSN) if checking the anti-replay counter; Otherwise we don't update. - status = sadb_routine->sadb_save_sa(sa_ptr); - if(status != CRYPTO_LIB_SUCCESS) + status = sa_if->sa_save_sa(sa_ptr); + if (status != CRYPTO_LIB_SUCCESS) { - if (!aad) free (aad); + if (!aad) free(aad); + mc_if->mc_log(status); return status; } } else - { - if (crypto_config->sadb_type == SADB_TYPE_MARIADB) - { - if(sa_ptr->ecs != NULL) free(sa_ptr->ecs); - if(sa_ptr->ek_ref != NULL) free(sa_ptr->ek_ref); - if(sa_ptr->iv != NULL) free(sa_ptr->iv); - if(sa_ptr->abm != NULL) free(sa_ptr->abm); - if(sa_ptr->arsn != NULL) free(sa_ptr->arsn); - if(sa_ptr->acs != NULL) free(sa_ptr->acs); + { + if (crypto_config.sa_type == SA_TYPE_MARIADB) + { + if (sa_ptr->ek_ref != NULL) + free(sa_ptr->ek_ref); free(sa_ptr); } } // Extended PDU processing, if applicable - if (status == CRYPTO_LIB_SUCCESS && crypto_config->process_sdls_pdus == TC_PROCESS_SDLS_PDUS_TRUE) + if (status == CRYPTO_LIB_SUCCESS && crypto_config.process_sdls_pdus == TC_PROCESS_SDLS_PDUS_TRUE) { status = Crypto_Process_Extended_Procedure_Pdu(tc_sdls_processed_frame, ingest); } - if (!aad) free (aad); + if (!aad) free(aad); + mc_if->mc_log(status); return status; } @@ -1200,7 +1303,7 @@ int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t* ingest, int *len_ingest, TC_t* tc * @param tc_frame: TC_t* * @param sa_ptr: SecurityAssociation_t * @return int32, Length of TCPayload - **/ +**/ /* int32_t Crypto_Get_tcPayloadLength(TC_t* tc_frame, SecurityAssociation_t* sa_ptr) { @@ -1234,10 +1337,10 @@ fecf))); #endif * @param buffer: uint8_t* * @param len_aad: uint16_t * @param abm_buffer: uint8_t* - **/ +**/ uint8_t* Crypto_Prepare_TC_AAD(uint8_t* buffer, uint16_t len_aad, uint8_t* abm_buffer) { - uint8_t* aad = (uint8_t* )calloc(1, len_aad * sizeof(uint8_t)); + uint8_t* aad = (uint8_t*)calloc(1, len_aad * sizeof(uint8_t)); int i; for (i = 0; i < len_aad; i++) @@ -1272,60 +1375,55 @@ uint8_t* Crypto_Prepare_TC_AAD(uint8_t* buffer, uint16_t len_aad, uint8_t* abm_b * Helper function to assist with ensuring sane SA configurations * @param sa: SecurityAssociation_t* * @return int32: Success/Failure - **/ -static int32_t crypto_tc_validate_sa(SecurityAssociation_t *sa) +**/ +static int32_t crypto_tc_validate_sa(SecurityAssociation_t* sa) { - if (sa->shivf_len > 0 && sa->iv == NULL && crypto_config->cryptography_type != CRYPTOGRAPHY_TYPE_KMCCRYPTO) + if (sa->shivf_len > 0 && crypto_config.iv_type == IV_CRYPTO_MODULE && crypto_config.cryptography_type != CRYPTOGRAPHY_TYPE_KMCCRYPTO) { return CRYPTO_LIB_ERR_NULL_IV; } - if (sa->iv_len - sa->shivf_len < 0) + if (sa->iv_len - sa->shivf_len < 0) { return CRYPTO_LIB_ERR_IV_LEN_SHORTER_THAN_SEC_HEADER_LENGTH; } - if (sa->iv_len > 0 && sa->iv == NULL && crypto_config->cryptography_type != CRYPTOGRAPHY_TYPE_KMCCRYPTO) + if (sa->iv_len > 0 && crypto_config.iv_type == IV_CRYPTO_MODULE && crypto_config.cryptography_type != CRYPTOGRAPHY_TYPE_KMCCRYPTO) { return CRYPTO_LIB_ERR_NULL_IV; } - - if (sa->shsnf_len > 0 && sa->arsn == NULL) + if (crypto_config.iv_type == IV_CRYPTO_MODULE && crypto_config.cryptography_type == CRYPTOGRAPHY_TYPE_LIBGCRYPT) { - return CRYPTO_LIB_ERR_NULL_ARSN; + return CRYPTO_LIB_ERR_NULL_IV; } if (sa->arsn_len - sa->shsnf_len < 0) { return CRYPTO_LIB_ERR_ARSN_LEN_SHORTER_THAN_SEC_HEADER_LENGTH; } - if (sa->arsn_len > 0 && sa->arsn == NULL) - { - return CRYPTO_LIB_ERR_NULL_ARSN; - } return CRYPTO_LIB_SUCCESS; } -static int32_t crypto_handle_incrementing_nontransmitted_counter(uint8_t* dest, uint8_t* src, int src_full_len,int transmitted_len, int window) +static int32_t crypto_handle_incrementing_nontransmitted_counter(uint8_t* dest, uint8_t* src, int src_full_len, int transmitted_len, int window) { int32_t status = CRYPTO_LIB_SUCCESS; // Copy IV to temp uint8_t* temp_counter = malloc(src_full_len); - memcpy(temp_counter,src,src_full_len); + memcpy(temp_counter, src, src_full_len); // Increment temp_counter Until Transmitted Portion Matches Frame. uint8_t counter_matches = CRYPTO_TRUE; - for(int i = 0; i < window; i++) + for (int i = 0; i < window; i++) { - Crypto_increment(temp_counter,src_full_len); - for(int x = (src_full_len - transmitted_len); x < src_full_len; x++) + Crypto_increment(temp_counter, src_full_len); + for (int x = (src_full_len - transmitted_len); x < src_full_len; x++) { - //This increment doesn't match the frame! - if(temp_counter[x] != dest[x]) + // This increment doesn't match the frame! + if (temp_counter[x] != dest[x]) { counter_matches = CRYPTO_FALSE; break; } } - if(counter_matches == CRYPTO_TRUE) + if (counter_matches == CRYPTO_TRUE) { break; } @@ -1334,22 +1432,21 @@ static int32_t crypto_handle_incrementing_nontransmitted_counter(uint8_t* dest, counter_matches = CRYPTO_TRUE; // reset the flag, and continue the for loop for the next continue; } - } - if(counter_matches == CRYPTO_TRUE) + if (counter_matches == CRYPTO_TRUE) { // Retrieve non-transmitted portion of incremented counter that matches (and may have rolled over/incremented) memcpy(dest, temp_counter, src_full_len - transmitted_len); #ifdef DEBUG printf("Incremented IV is:\n"); - Crypto_hexprint(temp_counter,src_full_len); + Crypto_hexprint(temp_counter, src_full_len); #endif } else { status = CRYPTO_LIB_ERR_FRAME_COUNTER_DOESNT_MATCH_SA; } - free(temp_counter); + if (!temp_counter) free(temp_counter); return status; -} \ No newline at end of file +} diff --git a/src/core/crypto_tm.c b/src/core/crypto_tm.c new file mode 100644 index 00000000..63545d5c --- /dev/null +++ b/src/core/crypto_tm.c @@ -0,0 +1,1653 @@ +/** Copyright (C) 2009 - 2022 National Aeronautics and Space Administration. + All Foreign Rights are Reserved to the U.S. Government. + + This software is provided "as is" without any warranty of any kind, either expressed, implied, or statutory, + including, but not limited to, any warranty that the software will conform to specifications, any implied warranties + of merchantability, fitness for a particular purpose, and freedom from infringement, and any warranty that the + documentation will conform to the program, or any warranty that the software will be error free. + + In no event shall NASA be liable for any damages, including, but not limited to direct, indirect, special or + consequential damages, arising out of, resulting from, or in any way connected with the software or its + documentation, whether or not based upon warranty, contract, tort or otherwise, and whether or not loss was sustained + from, or arose out of the results of, or use of, the software, documentation or services provided hereunder. + + ITC Team + NASA IV&V + jstar-development-team@mail.nasa.gov + **/ + +/** + * Includes + **/ +#include "crypto.h" + +#include // memcpy/memset + +/** + * @brief Function: Crypto_TM_ApplySecurity + * @param ingest: uint8_t* + * @param len_ingest: int* + * @return int32: Success/Failure + * + * The TM ApplySecurity Payload shall consist of the portion of the TM Transfer Frame (see + * reference [1]) from the first octet of the Transfer Frame Primary Header to the last octet of + * the Transfer Frame Data Field. + * NOTES + * 1 The TM Transfer Frame is the fixed-length protocol data unit of the TM Space Data + * Link Protocol. The length of any Transfer Frame transferred on a physical channel is + * constant, and is established by management. + * 2 The portion of the TM Transfer Frame contained in the TM ApplySecurity Payload + * parameter includes the Security Header field. When the ApplySecurity Function is + * called, the Security Header field is empty; i.e., the caller has not set any values in the + * Security Header + **/ +int32_t Crypto_TM_ApplySecurity(uint8_t* pTfBuffer) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + int mac_loc = 0; + uint8_t aad[1786]; + uint16_t aad_len = 0; + int i = 0; + uint16_t data_loc; + uint16_t idx = 0; + uint8_t sa_service_type = -1; + uint16_t pdu_len = -1; + uint32_t pkcs_padding = 0; + uint16_t new_fecf = 0x0000; + uint8_t ecs_is_aead_algorithm; + SecurityAssociation_t* sa_ptr = NULL; + uint8_t tfvn = 0; + uint16_t scid = 0; + uint16_t vcid = 0; + + // Passed a null, return an error + if (!pTfBuffer) + { + return CRYPTO_LIB_ERR_NULL_BUFFER; + } + + if ((crypto_config.init_status == UNITIALIZED) || (mc_if == NULL) || (sa_if == NULL)) + { + printf(KRED "ERROR: CryptoLib Configuration Not Set! -- CRYPTO_LIB_ERR_NO_CONFIG, Will Exit\n" RESET); + status = CRYPTO_LIB_ERR_NO_CONFIG; + // Can't mc_log since it's not configured + return status; // return immediately so a NULL crypto_config is not dereferenced later + } + + tfvn = ((uint8_t)pTfBuffer[0] & 0xC0) >> 6; + scid = (((uint16_t)pTfBuffer[0] & 0x3F) << 4) | (((uint16_t)pTfBuffer[1] & 0xF0) >> 4); + vcid = ((uint8_t) pTfBuffer[1] & 0x0E) >> 1; + +#ifdef TM_DEBUG + printf(KYEL "\n----- Crypto_TM_ApplySecurity START -----\n" RESET); + printf("The following GVCID parameters will be used:\n"); + printf("\tTVFN: 0x%04X\t", tfvn); + printf("\tSCID: 0x%04X", scid); + printf("\tVCID: 0x%04X",vcid); + printf("\tMAP: %d\n", 0); + printf("\tPriHdr as follows:\n\t\t"); + for (int i =0; i<6; i++) + { + printf("%02X", (uint8_t)pTfBuffer[i]); + } + printf("\n"); +#endif + + status = sa_if->sa_get_operational_sa_from_gvcid(tfvn, scid, vcid, 0, &sa_ptr); + + // No operational/valid SA found + if (status != CRYPTO_LIB_SUCCESS) + { +#ifdef TM_DEBUG + printf(KRED "Error: Could not retrieve an SA!\n" RESET); +#endif + mc_if->mc_log(status); + return status; + } + + status = Crypto_Get_Managed_Parameters_For_Gvcid(tfvn, scid, vcid, gvcid_managed_parameters, ¤t_managed_parameters); + + // No managed parameters found + if (status != CRYPTO_LIB_SUCCESS) + { +#ifdef TM_DEBUG + printf(KRED "Error: No managed parameters found!\n" RESET); +#endif + mc_if->mc_log(status); + return status; + } + + #ifdef TM_DEBUG + printf(KYEL "TM BEFORE Apply Sec:\n\t" RESET); + for (int16_t i =0; i < current_managed_parameters->max_frame_size; i++) + { + printf("%02X", pTfBuffer[i]); + } + printf("\n"); +#endif + +#ifdef SA_DEBUG + printf(KYEL "DEBUG - Printing SA Entry for current frame.\n" RESET); + Crypto_saPrint(sa_ptr); +#endif + + // Determine SA Service Type + if ((sa_ptr->est == 0) && (sa_ptr->ast == 0)) + { + sa_service_type = SA_PLAINTEXT; + } + else if ((sa_ptr->est == 0) && (sa_ptr->ast == 1)) + { + sa_service_type = SA_AUTHENTICATION; + } + else if ((sa_ptr->est == 1) && (sa_ptr->ast == 0)) + { + sa_service_type = SA_ENCRYPTION; + } + else if ((sa_ptr->est == 1) && (sa_ptr->ast == 1)) + { + sa_service_type = SA_AUTHENTICATED_ENCRYPTION; + } + else + { + // Probably unnecessary check + // Leaving for now as it would be cleaner in SA to have an association enum returned I believe + printf(KRED "Error: SA Service Type is not defined! \n" RESET); + status = CRYPTO_LIB_ERROR; + mc_if->mc_log(status); + return status; + } + + // Determine Algorithm cipher & mode. // TODO - Parse authentication_cipher, and handle AEAD cases properly + if (sa_service_type != SA_PLAINTEXT) + { + ecs_is_aead_algorithm = Crypto_Is_AEAD_Algorithm(sa_ptr->ecs); + } + +#ifdef TM_DEBUG + switch (sa_service_type) + { + case SA_PLAINTEXT: + printf(KBLU "Creating a SDLS TM - CLEAR!\n" RESET); + break; + case SA_AUTHENTICATION: + printf(KBLU "Creating a SDLS TM - AUTHENTICATED!\n" RESET); + break; + case SA_ENCRYPTION: + printf(KBLU "Creating a SDLS TM - ENCRYPTED!\n" RESET); + break; + case SA_AUTHENTICATED_ENCRYPTION: + printf(KBLU "Creating a SDLS TM - AUTHENTICATED ENCRYPTION!\n" RESET); + break; + } +#endif + + // Check if secondary header is present within frame + // Note: Secondary headers are static only for a mission phase, not guaranteed static + // over the life of a mission Per CCSDS 132.0-B.3 Section 4.1.2.7.2.3 + // Secondary Header flag is 1st bit of 5th byte (index 4) + idx = 4; + if((pTfBuffer[idx] & 0x80) == 0x80) + { +#ifdef TM_DEBUG + printf(KYEL "A TM Secondary Header flag is set!\n"); +#endif + // Secondary header is present + idx = 6; + // Determine length of secondary header + // Length coded as total length of secondary header - 1 + // Reference CCSDS 132.0-B-2 4.1.3.2.3 + uint8_t secondary_hdr_len = (pTfBuffer[idx] & 0x3F); +#ifdef TM_DEBUG + printf(KYEL "Secondary Header Length is decoded as: %d\n", secondary_hdr_len); +#endif + // Increment from current byte (1st byte of secondary header), + // to where the SPI would start + idx += secondary_hdr_len + 1; + } + else + { + // No Secondary header, carry on as usual and increment to SPI start + idx = 6; + } + /** + * Begin Security Header Fields + * Reference CCSDS SDLP 3550b1 4.1.1.1.3 + **/ + + // Set SPI + pTfBuffer[idx] = ((sa_ptr->spi & 0xFF00) >> 8); + pTfBuffer[idx + 1] = (sa_ptr->spi & 0x00FF); + idx += 2; + + // Set initialization vector if specified +#ifdef SA_DEBUG + if (sa_ptr->shivf_len > 0 && sa_ptr->iv != NULL) + { + printf(KYEL "Using IV value:\n\t"); + for (i = 0; i < sa_ptr->iv_len; i++) + { + printf("%02x", *(sa_ptr->iv + i)); + } + printf("\n" RESET); + printf(KYEL "Transmitted IV value:\n\t"); + for (i = sa_ptr->iv_len - sa_ptr->shivf_len; i < sa_ptr->iv_len; i++) + { + printf("%02x", *(sa_ptr->iv + i)); + } + printf("\n" RESET); + } +#endif + if(sa_service_type != SA_PLAINTEXT && sa_ptr->ecs_len == 0 && sa_ptr->acs_len ==0) + { + status = CRYPTO_LIB_ERR_NULL_CIPHERS; +#ifdef TM_DEBUG + printf(KRED "CRYPTO_LIB_ERR_NULL_CIPHERS, Invalid cipher lengths, %d\n" RESET, CRYPTO_LIB_ERR_NULL_CIPHERS); +#endif + mc_if->mc_log(status); + return status; + } + + if(sa_ptr->est == 0 && sa_ptr->ast == 1) + { + if(sa_ptr->acs_len != 0) + { + if((sa_ptr->acs == CRYPTO_MAC_CMAC_AES256 || sa_ptr->acs == CRYPTO_MAC_HMAC_SHA256 || sa_ptr->acs == CRYPTO_MAC_HMAC_SHA512) && + sa_ptr->iv_len > 0 ) + { + status = CRYPTO_LIB_ERR_IV_NOT_SUPPORTED_FOR_ACS_ALGO; + mc_if->mc_log(status); + return status; + } + } + } + // Start index from the transmitted portion + for (i = sa_ptr->iv_len - sa_ptr->shivf_len; i < sa_ptr->iv_len; i++) + { + // Copy in IV from SA + pTfBuffer[idx] = *(sa_ptr->iv + i); + idx++; + } + + // Set anti-replay sequence number if specified + /** + * See also: 4.1.1.4.2 + * 4.1.1.4.4 If authentication or authenticated encryption is not selected + * for an SA, the Sequence Number field shall be zero octets in length. + * Reference CCSDS 3550b1 + **/ + for (i = sa_ptr->arsn_len - sa_ptr->shsnf_len; i < sa_ptr->arsn_len; i++) + { + // Copy in ARSN from SA + pTfBuffer[idx] = *(sa_ptr->arsn + i); + idx++; + } + + // Set security header padding if specified + /** + * 4.2.3.4 h) if the algorithm and mode selected for the SA require the use of + * fill padding, place the number of fill bytes used into the Pad Length field + * of the Security Header - Reference CCSDS 3550b1 + **/ + // TODO: Revisit this + // TODO: Likely SA API Call + /** 4.1.1.5.2 The Pad Length field shall contain the count of fill bytes used in the + * cryptographic process, consisting of an integral number of octets. - CCSDS 3550b1 + **/ + // TODO: Set this depending on crypto cipher used + + if(pkcs_padding) + { + uint8_t hex_padding[3] = {0}; //TODO: Create #Define for the 3 + pkcs_padding = pkcs_padding & 0x00FFFFFF; // Truncate to be maxiumum of 3 bytes in size + + // Byte Magic + hex_padding[0] = (pkcs_padding >> 16) & 0xFF; + hex_padding[1] = (pkcs_padding >> 8) & 0xFF; + hex_padding[2] = (pkcs_padding) & 0xFF; + + uint8_t padding_start = 0; + padding_start = 3 - sa_ptr->shplf_len; + + for (i = 0; i < sa_ptr->shplf_len; i++) + { + pTfBuffer[idx] = hex_padding[padding_start++]; + idx++; + } + } + + /** + * End Security Header Fields + **/ + + //TODO: Padding handled here, or TO? + // for (uint32_t i = 0; i < pkcs_padding; i++) + // { + // /** 4.1.1.5.2 The Pad Length field shall contain the count of fill bytes used in the + // * cryptographic process, consisting of an integral number of octets. - CCSDS 3550b1 + // **/ + // // TODO: Set this depending on crypto cipher used + // * (p_new_enc_frame + index + i) = (uint8_t)pkcs_padding; // How much padding is needed? + // // index++; + // } + + /** + * ~~~Index currently at start of data field, AKA end of security header~~~ + **/ + data_loc = idx; + // Calculate size of data to be encrypted + pdu_len = current_managed_parameters->max_frame_size - idx - sa_ptr->stmacf_len; + // Check other managed parameter flags, subtract their lengths from data field if present + if(current_managed_parameters->has_ocf == TM_HAS_OCF) + { + pdu_len -= 4; + } + if(current_managed_parameters->has_fecf == TM_HAS_FECF) + { + pdu_len -= 2; + } + +#ifdef TM_DEBUG + printf(KYEL "Data location starts at: %d\n" RESET, idx); + printf(KYEL "Data size is: %d\n" RESET, pdu_len); + printf(KYEL "Index at end of SPI is: %d\n", idx); + if(current_managed_parameters->has_ocf == TM_HAS_OCF) + { + // If OCF exists, comes immediately after MAC + printf(KYEL "OCF Location is: %d" RESET, idx + pdu_len + sa_ptr->stmacf_len); + } + if(current_managed_parameters->has_fecf == TM_HAS_FECF) + { + // If FECF exists, comes just before end of the frame + printf(KYEL "FECF Location is: %d\n" RESET, current_managed_parameters->max_frame_size - 2); + } +#endif + + // Get Key + crypto_key_t* ekp = NULL; + ekp = key_if->get_key(sa_ptr->ekid); + if (ekp == NULL) + { + status = CRYPTO_LIB_ERR_KEY_ID_ERROR; + mc_if->mc_log(status); + return status; + } + + crypto_key_t* akp = NULL; + akp = key_if->get_key(sa_ptr->akid); + if (akp == NULL) + { + status = CRYPTO_LIB_ERR_KEY_ID_ERROR; + mc_if->mc_log(status); + return status; + } + + /** + * Begin Authentication / Encryption + **/ + + if (sa_service_type != SA_PLAINTEXT) + { + aad_len = 0; + + if (sa_service_type == SA_AUTHENTICATED_ENCRYPTION || sa_service_type == SA_AUTHENTICATION) + { + mac_loc = idx+pdu_len; +#ifdef MAC_DEBUG + printf(KYEL "MAC location is: %d\n" RESET, mac_loc); + printf(KYEL "MAC size is: %d\n" RESET, sa_ptr->stmacf_len); +#endif + + // Prepare the Header AAD (CCSDS 335.0-B-2 4.2.3.4) + aad_len = idx; // At the very least AAD includes the header + if (sa_service_type == SA_AUTHENTICATION) // auth only, we authenticate the payload as part of the AEAD encrypt call here + { + aad_len += pdu_len; + } +#ifdef TM_DEBUG + printf("Calculated AAD Length: %d\n",aad_len); +#endif + if (sa_ptr->abm_len < aad_len) + { + status = CRYPTO_LIB_ERR_ABM_TOO_SHORT_FOR_AAD; + printf(KRED "Error: abm_len of %d < aad_len of %d\n" RESET, sa_ptr->abm_len, aad_len); + mc_if->mc_log(status); + return status; + } + status = Crypto_Prepare_TM_AAD(&pTfBuffer[0], aad_len, sa_ptr->abm, &aad[0]); + } + } + + // AEAD Algorithm Logic + if(sa_service_type != SA_PLAINTEXT && ecs_is_aead_algorithm == CRYPTO_TRUE) + { + if(sa_service_type == SA_ENCRYPTION) + { + status = cryptography_if->cryptography_encrypt(//Stub out data in/out as this is done in place and want to save cycles + (uint8_t*)(&pTfBuffer[data_loc]), // ciphertext output + (size_t) pdu_len, // length of data + (uint8_t*)(&pTfBuffer[data_loc]), // plaintext input + (size_t) pdu_len, // in data length - from start of frame to end of data + &(ekp->value[0]), // Key + Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs), + sa_ptr, // SA (for key reference) + sa_ptr->iv, // IV + sa_ptr->iv_len, // IV Length + &sa_ptr->ecs, // encryption cipher + pkcs_padding, // authentication cipher + NULL); + } + if(sa_service_type == SA_AUTHENTICATED_ENCRYPTION) + { + status = cryptography_if->cryptography_aead_encrypt((uint8_t*)(&pTfBuffer[data_loc]), // ciphertext output + (size_t) pdu_len, // length of data + (uint8_t*)(&pTfBuffer[data_loc]), // plaintext input + (size_t) pdu_len, // in data length + &(ekp->value[0]), // Key + Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs), // Length of key derived from sa_ptr key_ref + sa_ptr, // SA (for key reference) + sa_ptr->iv, // IV + sa_ptr->iv_len, // IV Length + &pTfBuffer[mac_loc], // tag output + sa_ptr->stmacf_len, // tag size + aad, // AAD Input + aad_len, // Length of AAD + (sa_ptr->est==1), + (sa_ptr->ast==1), + (sa_ptr->ast==1), + &sa_ptr->ecs, // encryption cipher + &sa_ptr->acs, // authentication cipher + NULL); + } + } + + else if (sa_service_type != SA_PLAINTEXT && ecs_is_aead_algorithm == CRYPTO_FALSE) // Non aead algorithm + { + // TODO - implement non-AEAD algorithm logic + if(sa_service_type == SA_AUTHENTICATION) + { + status = cryptography_if->cryptography_authenticate(//Stub out data in/out as this is done in place and want to save cycles + (uint8_t*)(&pTfBuffer[0]), // ciphertext output + (size_t) 0, // length of data + (uint8_t*)(&pTfBuffer[0]), // plaintext input + (size_t)0, // in data length - from start of frame to end of data + &(akp->value[0]), // Key + Crypto_Get_ACS_Algo_Keylen(sa_ptr->acs), + sa_ptr, // SA (for key reference) + sa_ptr->iv, // IV + sa_ptr->iv_len, // IV Length + &pTfBuffer[mac_loc], // tag output + sa_ptr->stmacf_len, // tag size + aad, // AAD Input + aad_len, // Length of AAD + sa_ptr->ecs, // encryption cipher + sa_ptr->acs, // authentication cipher + NULL); + } + else if(sa_service_type == SA_ENCRYPTION || sa_service_type == SA_AUTHENTICATED_ENCRYPTION) + { + if (sa_service_type == SA_ENCRYPTION) + { + status = cryptography_if->cryptography_encrypt(//Stub out data in/out as this is done in place and want to save cycles + (uint8_t*)(&pTfBuffer[data_loc]), // ciphertext output + (size_t) pdu_len, // length of data + (uint8_t*)(&pTfBuffer[data_loc]), // plaintext input + (size_t) pdu_len, // in data length - from start of frame to end of data + &(ekp->value[0]), // Key + Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs), + sa_ptr, // SA (for key reference) + sa_ptr->iv, // IV + sa_ptr->iv_len, // IV Length + &sa_ptr->ecs, // encryption cipher + pkcs_padding, // authentication cipher + NULL); + } + } + else if(sa_service_type == SA_PLAINTEXT) + { + // Do nothing, SDLS fields were already copied into static frame in memory + } + else{ +#ifdef TM_DEBUG + printf(KRED "Service type reported as: %d\n" RESET, sa_service_type); + printf(KRED "ECS IS AEAD Value: %d\n" RESET, ecs_is_aead_algorithm); +#endif + status = CRYPTO_LIB_ERR_UNSUPPORTED_MODE; + } + } + + if (status != CRYPTO_LIB_SUCCESS) + { + return status; // Cryptography IF call failed, return. + } + + if (sa_service_type != SA_PLAINTEXT) + { +#ifdef INCREMENT + if (crypto_config.crypto_increment_nontransmitted_iv == SA_INCREMENT_NONTRANSMITTED_IV_TRUE) + { + if (sa_ptr->shivf_len > 0 && sa_ptr->iv_len != 0) + { + Crypto_increment(sa_ptr->iv, sa_ptr->iv_len); + } + } + else // SA_INCREMENT_NONTRANSMITTED_IV_FALSE + { + // Only increment the transmitted portion + if (sa_ptr->shivf_len > 0 && sa_ptr->iv_len != 0) + { + Crypto_increment(sa_ptr->iv + (sa_ptr->iv_len - sa_ptr->shivf_len), sa_ptr->shivf_len); + } + } + if (sa_ptr->shsnf_len > 0) + { + Crypto_increment(sa_ptr->arsn, sa_ptr->arsn_len); + } + +#ifdef SA_DEBUG + if (sa_ptr->iv_len > 0) + { + printf(KYEL "Next IV value is:\n\t"); + for (i = 0; i < sa_ptr->iv_len; i++) + { + printf("%02x", *(sa_ptr->iv + i)); + } + printf("\n" RESET); + printf(KYEL "Next transmitted IV value is:\n\t"); + for (i = sa_ptr->iv_len - sa_ptr->shivf_len; i < sa_ptr->iv_len; i++) + { + printf("%02x", *(sa_ptr->iv + i)); + } + printf("\n" RESET); + } + printf(KYEL "Next ARSN value is:\n\t"); + for (i = 0; i < sa_ptr->arsn_len; i++) + { + printf("%02x", *(sa_ptr->arsn + i)); + } + printf("\n" RESET); + printf(KYEL "Next transmitted ARSN value is:\n\t"); + for (i = sa_ptr->arsn_len - sa_ptr->shsnf_len; i < sa_ptr->arsn_len; i++) + { + printf("%02x", *(sa_ptr->arsn + i)); + } + printf("\n" RESET); +#endif +#endif + } + + // Move idx to mac location + idx += pdu_len; +#ifdef TM_DEBUG + if (sa_ptr->stmacf_len > 0) + { + printf(KYEL "Data length is %d\n" RESET, pdu_len); + printf(KYEL "MAC location starts at: %d\n" RESET, idx); + printf(KYEL "MAC length of %d\n" RESET, sa_ptr->stmacf_len); + } + else + { + printf(KYEL "MAC NOT SET TO BE USED IN SA - LENGTH IS 0\n"); + } +#endif + +//TODO OCF - ? Here, elsewhere? + + /** + * End Authentication / Encryption + **/ + + // Only calculate & insert FECF if CryptoLib is configured to do so & gvcid includes FECF. + if (current_managed_parameters->has_fecf == TM_HAS_FECF) + { +#ifdef FECF_DEBUG + printf(KCYN "Calcing FECF over %d bytes\n" RESET, current_managed_parameters->max_frame_size - 2); +#endif + if (crypto_config.crypto_create_fecf == CRYPTO_TM_CREATE_FECF_TRUE) + { + new_fecf = Crypto_Calc_FECF((uint8_t*)pTfBuffer, current_managed_parameters->max_frame_size - 2); + pTfBuffer[current_managed_parameters->max_frame_size - 2] = (uint8_t)((new_fecf & 0xFF00) >> 8); + pTfBuffer[current_managed_parameters->max_frame_size - 1] = (uint8_t)(new_fecf & 0x00FF); + } + else // CRYPTO_TC_CREATE_FECF_FALSE + { + pTfBuffer[current_managed_parameters->max_frame_size - 2] = (uint8_t)0x00; + pTfBuffer[current_managed_parameters->max_frame_size - 1] = (uint8_t)0x00; + } + idx += 2; + } + +#ifdef TM_DEBUG + printf(KYEL "Printing new TM frame:\n\t"); + for(int i = 0; i < current_managed_parameters->max_frame_size; i++) + { + printf("%02X", pTfBuffer[i]); + } + printf("\n"); +#endif + + status = sa_if->sa_save_sa(sa_ptr); + +#ifdef DEBUG + printf(KYEL "----- Crypto_TM_ApplySecurity END -----\n" RESET); +#endif + + mc_if->mc_log(status); + return status; +} + +/** Preserving for now + // Check for idle frame trigger + if (((uint8_t)ingest[0] == 0x08) && ((uint8_t)ingest[1] == 0x90)) + { // Zero ingest + for (x = 0; x <*len_ingest; x++) + { + ingest[x] = 0; + } + // Update TM First Header Pointer + tm_frame.tm_header.fhp = 0xFE; + } + else + { // Update the length of the ingest from the CCSDS header + *len_ingest = (ingest[4] << 8) | ingest[5]; + ingest[5] = ingest[5] - 5; + // Remove outgoing secondary space packet header flag + ingest[0] = 0x00; + // Change sequence flags to 0xFFFF + ingest[2] = 0xFF; + ingest[3] = 0xFF; + // Add 2 bytes of CRC to space packet + spp_crc = Crypto_Calc_CRC16((uint8_t*)ingest,*len_ingest); + ingest[*len_ingest] = (spp_crc & 0xFF00) >> 8; + ingest[*len_ingest + 1] = (spp_crc & 0x00FF); + *len_ingest =*len_ingest + 2; + // Update TM First Header Pointer + tm_frame.tm_header.fhp = tm_offset; +#ifdef TM_DEBUG + printf("tm_offset = %d \n", tm_offset); +#endif + } + printf("LINE: %d\n",__LINE__); + // Update Current Telemetry Frame in Memory + // Counters + tm_frame.tm_header.mcfc++; + tm_frame.tm_header.vcfc++; + printf("LINE: %d\n",__LINE__); + // Operational Control Field + Crypto_TM_updateOCF(); + printf("LINE: %d\n",__LINE__); + // Payload Data Unit + Crypto_TM_updatePDU(ingest,*len_ingest); + printf("LINE: %d\n",__LINE__); + if (sa_if->sa_get_from_spi(spi, &sa_ptr) != CRYPTO_LIB_SUCCESS) + { + // TODO - Error handling + status = CRYPTO_LIB_ERROR; + mc_if->mc_log(status); + return status; // Error -- unable to get SA from SPI. + } + printf("LINE: %d\n",__LINE__); + // Check test flags + if (badSPI == 1) + { + tm_frame.tm_sec_header.spi++; + } + if (badIV == 1) + { + * (sa_ptr->iv + sa_ptr->shivf_len - 1) =* (sa_ptr->iv + sa_ptr->shivf_len - 1) + 1; + } + if (badMAC == 1) + { + tm_frame.tm_sec_trailer.mac[MAC_SIZE - 1]++; + } + printf("LINE: %d\n",__LINE__); + // Initialize the temporary TM frame + // Header + tempTM[count++] = (uint8_t)((tm_frame.tm_header.tfvn << 6) | ((tm_frame.tm_header.scid & 0x3F0) >> 4)); + printf("LINE: %d\n",__LINE__); + tempTM[count++] = (uint8_t)(((tm_frame.tm_header.scid & 0x00F) << 4) | (tm_frame.tm_header.vcid << 1) | + (tm_frame.tm_header.ocff)); + tempTM[count++] = (uint8_t)(tm_frame.tm_header.mcfc); + tempTM[count++] = (uint8_t)(tm_frame.tm_header.vcfc); + tempTM[count++] = + (uint8_t)((tm_frame.tm_header.tfsh << 7) | (tm_frame.tm_header.sf << 6) | (tm_frame.tm_header.pof << 5) | + (tm_frame.tm_header.slid << 3) | ((tm_frame.tm_header.fhp & 0x700) >> 8)); + tempTM[count++] = (uint8_t)(tm_frame.tm_header.fhp & 0x0FF); + // tempTM[count++] = (uint8_t) ((tm_frame.tm_header.tfshvn << 6) | tm_frame.tm_header.tfshlen); + // Security Header + printf("LINE: %d\n",__LINE__); + tempTM[count++] = (uint8_t)((spi & 0xFF00) >> 8); + tempTM[count++] = (uint8_t)((spi & 0x00FF)); + if(sa_ptr->shivf_len > 0) + { + memcpy(tm_frame.tm_sec_header.iv, sa_ptr->iv, sa_ptr->shivf_len); + } + printf("LINE: %d\n",__LINE__); + // TODO: Troubleshoot + // Padding Length + // pad_len = Crypto_Get_tmLength(*len_ingest) - TM_MIN_SIZE + IV_SIZE + TM_PAD_SIZE -*len_ingest; + printf("LINE: %d\n",__LINE__); + // Only add IV for authenticated encryption + if ((sa_ptr->est == 1) && (sa_ptr->ast == 1)) + { // Initialization Vector +#ifdef INCREMENT + printf("LINE: %d\n",__LINE__); + Crypto_increment(sa_ptr->iv, sa_ptr->shivf_len); +#endif + if ((sa_ptr->est == 1) || (sa_ptr->ast == 1)) + { + printf("LINE: %d\n",__LINE__); + for (x = 0; x < IV_SIZE; x++) + { + tempTM[count++] =* (sa_ptr->iv + x); + } + } + pdu_loc = count; + pad_len = pad_len - IV_SIZE - TM_PAD_SIZE + OCF_SIZE; + pdu_len =*len_ingest + pad_len; + } + else + { // Include padding length bytes - hard coded per ESA testing + printf("LINE: %d\n",__LINE__); + tempTM[count++] = 0x00; // pad_len >> 8; + tempTM[count++] = 0x1A; // pad_len + pdu_loc = count; + pdu_len =*len_ingest + pad_len; + } + printf("LINE: %d\n",__LINE__); + // Payload Data Unit + for (x = 0; x < (pdu_len); x++) + { + tempTM[count++] = (uint8_t)tm_frame.tm_pdu[x]; + } + // Message Authentication Code + mac_loc = count; + for (x = 0; x < MAC_SIZE; x++) + { + tempTM[count++] = 0x00; + } + printf("LINE: %d\n",__LINE__); + // Operational Control Field + for (x = 0; x < OCF_SIZE; x++) + { + tempTM[count++] = (uint8_t)tm_frame.tm_sec_trailer.ocf[x]; + } + printf("LINE: %d\n",__LINE__); + // Frame Error Control Field + fecf_loc = count; + tm_frame.tm_sec_trailer.fecf = Crypto_Calc_FECF((uint8_t*)tempTM, count); + tempTM[count++] = (uint8_t)((tm_frame.tm_sec_trailer.fecf & 0xFF00) >> 8); + tempTM[count++] = (uint8_t)(tm_frame.tm_sec_trailer.fecf & 0x00FF); + + // Determine Mode + // Clear + if ((sa_ptr->est == 0) && (sa_ptr->ast == 0)) + { +#ifdef DEBUG + printf(KBLU "Creating a TM - CLEAR! \n" RESET); +#endif + // Copy temporary frame to ingest + memcpy(ingest, tempTM, count); + } + // Authenticated Encryption + else if ((sa_ptr->est == 1) && (sa_ptr->ast == 1)) + { +#ifdef DEBUG + printf(KBLU "Creating a TM - AUTHENTICATED ENCRYPTION! \n" RESET); +#endif + + // Copy TM to ingest + memcpy(ingest, tempTM, pdu_loc); + +#ifdef MAC_DEBUG + printf("AAD = 0x"); +#endif + // Prepare additional authenticated data + for (y = 0; y < sa_ptr->abm_len; y++) + { + aad[y] = ingest[y] &* (sa_ptr->abm + y); +#ifdef MAC_DEBUG + printf("%02x", aad[y]); +#endif + } +#ifdef MAC_DEBUG + printf("\n"); +#endif + + status = cryptography_if->cryptography_aead_encrypt(&(ingest[pdu_loc]), // ciphertext output + (size_t)pdu_len, // length of data + &(tempTM[pdu_loc]), // plaintext input + (size_t)pdu_len, // in data length + &(ekp->value[0]), // Key + KEY_SIZE, + sa_ptr, + sa_ptr->iv, + sa_ptr->shivf_len, + &(ingest[mac_loc]), + MAC_SIZE, + &(aad[0]), // AAD Input location + sa_ptr->abm_len, // AAD is size of ABM in this case + CRYPTO_TRUE, // Encrypt + CRYPTO_FALSE, // Authenticate // TODO -- Set to SA value, manually setting to false here so existing tests pass. Existing data was generated with authenticate then encrypt, when it should have been encrypt then authenticate. + CRYPTO_TRUE, // Use AAD + sa_ptr->ecs, // encryption cipher + sa_ptr->acs, // authentication cipher + NULL // cam_cookies (not supported in TM functions yet) + ); + + + // Update OCF + y = 0; + for (x = OCF_SIZE; x > 0; x--) + { + ingest[fecf_loc - x] = tm_frame.tm_sec_trailer.ocf[y++]; + } + + // Update FECF + tm_frame.tm_sec_trailer.fecf = Crypto_Calc_FECF((uint8_t*)ingest, fecf_loc - 1); + ingest[fecf_loc] = (uint8_t)((tm_frame.tm_sec_trailer.fecf & 0xFF00) >> 8); + ingest[fecf_loc + 1] = (uint8_t)(tm_frame.tm_sec_trailer.fecf & 0x00FF); + } + // Authentication + else if ((sa_ptr->est == 0) && (sa_ptr->ast == 1)) + { +#ifdef DEBUG + printf(KBLU "Creating a TM - AUTHENTICATED! \n" RESET); +#endif + // TODO: Future work. Operationally same as clear. + memcpy(ingest, tempTM, count); + } + // Encryption + else if ((sa_ptr->est == 1) && (sa_ptr->ast == 0)) + { +#ifdef DEBUG + printf(KBLU "Creating a TM - ENCRYPTED! \n" RESET); +#endif + // TODO: Future work. Operationally same as clear. + memcpy(ingest, tempTM, count); + } + +#ifdef TM_DEBUG + Crypto_tmPrint(&tm_frame); +#endif + +#ifdef DEBUG + printf(KYEL "----- Crypto_TM_ApplySecurity END -----\n" RESET); +#endif + + *len_ingest = count; + mc_if->mc_log(status); + return status; +} **/ + +/** + * @brief Function: Crypto_TM_ProcessSecurity + * @param ingest: uint8_t* + * @param len_ingest: int* + * @return int32: Success/Failure + **/ +int32_t Crypto_TM_ProcessSecurity(uint8_t* p_ingest, uint16_t len_ingest, uint8_t** pp_processed_frame, uint16_t* p_decrypted_length) +{ + // Local Variables + int32_t status = CRYPTO_LIB_SUCCESS; + uint8_t aad[1786]; + uint16_t aad_len = 0; + uint16_t byte_idx = 0; + uint8_t ecs_is_aead_algorithm; + uint32_t encryption_cipher = 0; + uint8_t iv_loc; + int mac_loc = 0; + uint16_t pdu_len = 1; + uint8_t* p_new_dec_frame = NULL; + SecurityAssociation_t* sa_ptr = NULL; + uint8_t sa_service_type = -1; + uint8_t secondary_hdr_len = 0; + uint8_t spi = -1; + + + // Bit math to give concise access to values in the ingest + tm_frame_pri_hdr.tfvn = ((uint8_t)p_ingest[0] & 0xC0) >> 6; + tm_frame_pri_hdr.scid = (((uint16_t)p_ingest[0] & 0x3F) << 4) | (((uint16_t)p_ingest[1] & 0xF0) >> 4); + tm_frame_pri_hdr.vcid = ((uint8_t)p_ingest[1] & 0x0E) >> 1; + +#ifdef DEBUG + printf(KYEL "\n----- Crypto_TM_ProcessSecurity START -----\n" RESET); +#endif + + if (len_ingest < 6) // Frame length doesn't even have enough bytes for header -- error out. + { + status = CRYPTO_LIB_ERR_INPUT_FRAME_TOO_SHORT_FOR_TM_STANDARD; + mc_if->mc_log(status); + return status; + } + + if ((crypto_config.init_status == UNITIALIZED) || (mc_if == NULL) || (sa_if == NULL)) + { +#ifdef TM_DEBUG + printf(KRED "ERROR: CryptoLib Configuration Not Set! -- CRYPTO_LIB_ERR_NO_CONFIG, Will Exit\n" RESET); +#endif + status = CRYPTO_LIB_ERR_NO_CONFIG; + // Can't mc_log if it's not configured + if (mc_if != NULL) + { + mc_if->mc_log(status); + } + return status; + } + + // Query SA DB for active SA / SDLS parameters + if (sa_if == NULL) // This should not happen, but tested here for safety + { + printf(KRED "ERROR: SA DB Not initalized! -- CRYPTO_LIB_ERR_NO_INIT, Will Exit\n" RESET); + status = CRYPTO_LIB_ERR_NO_INIT; + return status; + } + +#ifdef TM_DEBUG + printf(KGRN "TM Process Using following parameters:\n\t" RESET); + printf(KGRN "tvfn: %d\t scid: %d\t vcid: %d\n" RESET, tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid ); +#endif + + // Lookup-retrieve managed parameters for frame via gvcid: + status = Crypto_Get_Managed_Parameters_For_Gvcid( + tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, + gvcid_managed_parameters, ¤t_managed_parameters); + + if (status != CRYPTO_LIB_SUCCESS) + { +#ifdef TM_DEBUG + printf(KRED "**NO LUCK WITH GVCID!\n" RESET); +#endif + mc_if->mc_log(status); + return status; + } // Unable to get necessary Managed Parameters for TM TF -- return with error. + + // Check if secondary header is present within frame + // Note: Secondary headers are static only for a mission phase, not guaranteed static + // over the life of a mission Per CCSDS 132.0-B.3 Section 4.1.2.7.2.3 + + // Secondary Header flag is 1st bit of 5th byte (index 4) + byte_idx = 4; + if((p_ingest[byte_idx] & 0x80) == 0x80) + { +#ifdef TM_DEBUG + printf(KYEL "A TM Secondary Header flag is set!\n"); +#endif + // Secondary header is present + byte_idx = 6; + // Determine length of secondary header + // Length coded as total length of secondary header - 1 + // Reference CCSDS 132.0-B-2 4.1.3.2.3 + secondary_hdr_len = (p_ingest[byte_idx] & 0x3F) + 1; +#ifdef TM_DEBUG + printf(KYEL "Secondary Header Length is decoded as: %d\n", secondary_hdr_len); +#endif + // Increment from current byte (1st byte of secondary header), + // to where the SPI would start + byte_idx += secondary_hdr_len; + } + else + { + // No Secondary header, carry on as usual and increment to SPI start + byte_idx = 6; + } + + /** + * Begin Security Header Fields + * Reference CCSDS SDLP 3550b1 4.1.1.1.3 + **/ + // Get SPI + spi = (uint8_t)p_ingest[byte_idx] << 8 | (uint8_t)p_ingest[byte_idx + 1]; + // Move index to past the SPI + byte_idx += 2; + + status = sa_if->sa_get_from_spi(spi, &sa_ptr); + // If no valid SPI, return + if (status != CRYPTO_LIB_SUCCESS) + { + mc_if->mc_log(status); + return status; + } + +#ifdef SA_DEBUG + printf(KYEL "DEBUG - Printing SA Entry for current frame.\n" RESET); + Crypto_saPrint(sa_ptr); +#endif + // Determine SA Service Type + if ((sa_ptr->est == 0) && (sa_ptr->ast == 0)) + { + sa_service_type = SA_PLAINTEXT; + } + else if ((sa_ptr->est == 0) && (sa_ptr->ast == 1)) + { + sa_service_type = SA_AUTHENTICATION; + } + else if ((sa_ptr->est == 1) && (sa_ptr->ast == 0)) + { + sa_service_type = SA_ENCRYPTION; + } + else if ((sa_ptr->est == 1) && (sa_ptr->ast == 1)) + { + sa_service_type = SA_AUTHENTICATED_ENCRYPTION; + } + else + { + // Probably unnecessary check + // Leaving for now as it would be cleaner in SA to have an association enum returned I believe + printf(KRED "Error: SA Service Type is not defined! \n" RESET); + status = CRYPTO_LIB_ERROR; + mc_if->mc_log(status); + return status; + } + + // Determine Algorithm cipher & mode. // TODO - Parse authentication_cipher, and handle AEAD cases properly + if (sa_service_type != SA_PLAINTEXT) + { + if (sa_ptr->ecs != CRYPTO_CIPHER_NONE) + { + encryption_cipher = sa_ptr->ecs; +#ifdef TC_DEBUG + printf(KYEL "SA Encryption Cipher: %d\n", encryption_cipher); +#endif + } + // If no pointer, must not be using ECS at all + else + { + encryption_cipher = CRYPTO_CIPHER_NONE; + } + ecs_is_aead_algorithm = Crypto_Is_AEAD_Algorithm(encryption_cipher); + } + + if ( encryption_cipher == CRYPTO_CIPHER_NONE && sa_ptr->est == 1) + { + status = CRYPTO_LIB_ERR_NO_ECS_SET_FOR_ENCRYPTION_MODE; + mc_if->mc_log(status); + return status; + } + +#ifdef TM_DEBUG + switch (sa_service_type) + { + case SA_PLAINTEXT: + printf(KBLU "Processing a TM - CLEAR!\n" RESET); + break; + case SA_AUTHENTICATION: + printf(KBLU "Processing a TM - AUTHENTICATED!\n" RESET); + break; + case SA_ENCRYPTION: + printf(KBLU "Processing a TM - ENCRYPTED!\n" RESET); + break; + case SA_AUTHENTICATED_ENCRYPTION: + printf(KBLU "Processing a TM - AUTHENTICATED ENCRYPTION!\n" RESET); + break; + } +#endif + + // Parse & Check FECF, if present, and update fecf length + if (current_managed_parameters->has_fecf == TM_HAS_FECF) + { + uint16_t received_fecf = (((p_ingest[current_managed_parameters->max_frame_size - 2] << 8) & 0xFF00) | + (p_ingest[current_managed_parameters->max_frame_size - 1] & 0x00FF)); + + if (crypto_config.crypto_check_fecf == TM_CHECK_FECF_TRUE) + { + // Calculate our own + uint16_t calculated_fecf = Crypto_Calc_FECF(p_ingest, len_ingest - 2); + // Compare FECFs + // Invalid FECF + if (received_fecf != calculated_fecf) + { +#ifdef FECF_DEBUG + printf("Received FECF is 0x%04X\n", received_fecf); + printf("Calculated FECF is 0x%04X\n", calculated_fecf); + printf("FECF was Calced over %d bytes\n", len_ingest-2); +#endif + status = CRYPTO_LIB_ERR_INVALID_FECF; + mc_if->mc_log(status); + return status; + } + // Valid FECF, zero out the field + else + { +#ifdef FECF_DEBUG + printf(KYEL "FECF CALC MATCHES! - GOOD\n" RESET); +#endif + ; + } + } + } + // Needs to be TM_HAS_FECF (checked above_ or TM_NO_FECF) + else if (current_managed_parameters->has_fecf != TM_NO_FECF) + { +#ifdef TM_DEBUG + printf(KRED "TM_Process Error...tfvn: %d scid: 0x%04X vcid: 0x%02X fecf_enum: %d\n" RESET, + current_managed_parameters->tfvn, current_managed_parameters->scid, + current_managed_parameters->vcid, current_managed_parameters->has_fecf); +#endif + status = CRYPTO_LIB_ERR_TC_ENUM_USED_FOR_TM_CONFIG; + mc_if->mc_log(status); + return status; + } + + // Accio buffer + p_new_dec_frame = (uint8_t*)calloc(1, (len_ingest) * sizeof(uint8_t)); + if (!p_new_dec_frame) + { + printf(KRED "Error: Calloc for decrypted output buffer failed! \n" RESET); + status = CRYPTO_LIB_ERROR; + mc_if->mc_log(status); + return status; + } + + // Copy over TM Primary Header (6 bytes),Secondary (if present) + // If present, the TF Secondary Header will follow the TF PriHdr + memcpy(p_new_dec_frame, &p_ingest[0], 6 + secondary_hdr_len); + + // Byte_idx is still set to just past the SPI + // If IV is present, note location + if (sa_ptr->iv_len > 0) + { + iv_loc = byte_idx; + } + // Increment byte_idx past Security Header Fields based on SA values + byte_idx += sa_ptr->shivf_len; + byte_idx += (sa_ptr->arsn_len - sa_ptr->shsnf_len); + byte_idx += sa_ptr->shplf_len; + +#ifdef SA_DEBUG + printf(KYEL "IV length of %d bytes\n" RESET, sa_ptr->shivf_len); + printf(KYEL "ARSN length of %d bytes\n" RESET, sa_ptr->arsn_len - sa_ptr->shsnf_len); + printf(KYEL "PAD length field of %d bytes\n" RESET, sa_ptr->shplf_len); + printf(KYEL "First byte past Security Header is at index %d\n" RESET, byte_idx); +#endif + + /** + * End Security Header Fields + * byte_idx is now at start of pdu / encrypted data + **/ + + // Calculate size of the protocol data unit + // NOTE: This size itself is not the length for authentication + pdu_len = current_managed_parameters->max_frame_size - (byte_idx) - sa_ptr->stmacf_len; + if(current_managed_parameters->has_ocf == TM_HAS_OCF) + { + pdu_len -= 4; + } + if(current_managed_parameters->has_fecf == TM_HAS_FECF) + { + pdu_len -= 2; + } + + // If MAC exists, comes immediately after pdu + if (sa_ptr->stmacf_len > 0) + { + mac_loc = byte_idx + pdu_len; + } + +#ifdef TM_DEBUG + printf(KYEL "Index / data location starts at: %d\n" RESET, byte_idx); + printf(KYEL "Data size is: %d\n" RESET, pdu_len); + if(current_managed_parameters->has_ocf == TM_HAS_OCF) + { + // If OCF exists, comes immediately after MAC + printf(KYEL "OCF Location is: %d" RESET, byte_idx + pdu_len + sa_ptr->stmacf_len); + } + if(current_managed_parameters->has_fecf == TM_HAS_FECF) + { + // If FECF exists, comes just before end of the frame + printf(KYEL "FECF Location is: %d\n" RESET, current_managed_parameters->max_frame_size - 2); + } +#endif + + // Copy pdu into output frame + // this will be over-written by decryption functions if necessary, + // but not by authentication which requires + + // Get Key + crypto_key_t* ekp = NULL; + ekp = key_if->get_key(sa_ptr->ekid); + if (ekp == NULL) + { + status = CRYPTO_LIB_ERR_KEY_ID_ERROR; + mc_if->mc_log(status); + return status; + } + + crypto_key_t* akp = NULL; + akp = key_if->get_key(sa_ptr->akid); + if (akp == NULL) + { + status = CRYPTO_LIB_ERR_KEY_ID_ERROR; + mc_if->mc_log(status); + return status; + } + + /** + * Begin Authentication / Encryption + **/ + + // if(sa_service_type != SA_PLAINTEXT) + // { + // status = CRYPTO_LIB_ERR_NULL_CIPHERS; + // mc_if->mc_log(status); + // return status; + // } + + // Parse MAC, prepare AAD + if ((sa_service_type == SA_AUTHENTICATION) || (sa_service_type == SA_AUTHENTICATED_ENCRYPTION)) + { +#ifdef MAC_DEBUG + printf("MAC Parsed from Frame:\n"); + Crypto_hexprint(p_ingest+mac_loc,sa_ptr->stmacf_len); +#endif + if (sa_service_type == SA_AUTHENTICATED_ENCRYPTION) + { + aad_len = byte_idx; + } + else + { + aad_len = mac_loc; + } + if (sa_ptr->abm_len < aad_len) + { + status = CRYPTO_LIB_ERR_ABM_TOO_SHORT_FOR_AAD; + mc_if->mc_log(status); + return status; + } + // Use ingest and abm to create aad + Crypto_Prepare_TM_AAD(p_ingest, aad_len, sa_ptr->abm, &aad[0]); + +#ifdef MAC_DEBUG + printf("AAD Debug:\n\tAAD Length is %d\n\t AAD is: ", aad_len); + for (int i = 0; icryptography_decrypt(p_new_dec_frame+byte_idx, // plaintext output + pdu_len, // length of data + p_ingest+byte_idx, // ciphertext input + pdu_len, // in data length + &(ekp->value[0]), // Key + Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs), + sa_ptr, // SA for key reference + p_ingest+iv_loc, // IV + sa_ptr->iv_len, // IV Length + &sa_ptr->ecs, // encryption cipher + &sa_ptr->acs, // authentication cipher + NULL); + } + if(sa_service_type == SA_AUTHENTICATED_ENCRYPTION) + { + status = cryptography_if->cryptography_aead_decrypt(p_new_dec_frame+byte_idx, // plaintext output + pdu_len, // length of data + p_ingest+byte_idx, // ciphertext input + pdu_len, // in data length + &(ekp->value[0]), // Key + Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs), + sa_ptr, // SA for key reference + p_ingest+iv_loc, // IV + sa_ptr->iv_len, // IV Length + p_ingest+mac_loc, // Frame Expected Tag + sa_ptr->stmacf_len, // tag size + aad, // additional authenticated data + aad_len, // length of AAD + (sa_ptr->est), // Decryption Bool + (sa_ptr->ast), // Authentication Bool + (sa_ptr->ast), // AAD Bool + &sa_ptr->ecs, // encryption cipher + &sa_ptr->acs, // authentication cipher + NULL); + } + + } + + else if (sa_service_type != SA_PLAINTEXT && ecs_is_aead_algorithm == CRYPTO_FALSE) + { + // TODO - implement non-AEAD algorithm logic + if(sa_service_type == SA_AUTHENTICATION || sa_service_type == SA_AUTHENTICATED_ENCRYPTION) + { + status = cryptography_if->cryptography_validate_authentication(p_new_dec_frame+byte_idx, // plaintext output + pdu_len, // length of data + p_ingest+byte_idx, // ciphertext input + pdu_len, // in data length + &(akp->value[0]), // Key + Crypto_Get_ACS_Algo_Keylen(sa_ptr->acs), + sa_ptr, // SA for key reference + p_ingest+iv_loc, // IV + sa_ptr->iv_len, // IV Length + p_ingest+mac_loc, // Frame Expected Tag + sa_ptr->stmacf_len, // tag size + aad, // additional authenticated data + aad_len, // length of AAD + CRYPTO_CIPHER_NONE, // encryption cipher + sa_ptr->acs, // authentication cipher + NULL); // cam cookies + + } + if(sa_service_type == SA_ENCRYPTION || sa_service_type == SA_AUTHENTICATED_ENCRYPTION) + { + // Check that key length to be used emets the algorithm requirement + if((int32_t) ekp->key_len != Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs)) + { + // free(aad); - non-heap object + status = CRYPTO_LIB_ERR_KEY_LENGTH_ERROR; + mc_if->mc_log(status); + return status; + } + + status = cryptography_if->cryptography_decrypt(p_new_dec_frame+byte_idx, // plaintext output + pdu_len, // length of data + p_ingest+byte_idx, // ciphertext input + pdu_len, // in data length + &(ekp->value[0]), // Key + Crypto_Get_ECS_Algo_Keylen(sa_ptr->ecs), + sa_ptr, // SA for key reference + p_ingest+iv_loc, // IV + sa_ptr->iv_len, // IV Length + &sa_ptr->ecs, // encryption cipher + &sa_ptr->acs, // authentication cipher + NULL); + + // //Handle Padding Removal + // if(sa_ptr->shplf_len != 0) + // { + // int padding_location = TC_FRAME_HEADER_SIZE + segment_hdr_len + SPI_LEN + sa_ptr->shivf_len + + // sa_ptr->shsnf_len; + // uint16_t padding_amount = 0; + // // Get Padding Amount from ingest frame + // padding_amount = (int)ingest[padding_location]; + // // Remove Padding from final decrypted portion + // tc_sdls_processed_frame->tc_pdu_len -= padding_amount; + // } + } + } + + // If plaintext, copy byte by byte + else if(sa_service_type == SA_PLAINTEXT) + { + memcpy(p_new_dec_frame+byte_idx, &(p_ingest[byte_idx]), pdu_len); + byte_idx += pdu_len; + } + +#ifdef TM_DEBUG + printf(KYEL "Printing received frame:\n\t" RESET); + for( int i=0; imax_frame_size; i++) + { + printf(KYEL "%02X", p_ingest[i]); + } + printf(KYEL "\nPrinting PROCESSED frame:\n\t" RESET); + for( int i=0; imax_frame_size; i++) + { + printf(KYEL "%02X", p_new_dec_frame[i]); + } + printf("\n"); +#endif + + *pp_processed_frame = p_new_dec_frame; + // TODO maybe not just return this without doing the math ourselves + *p_decrypted_length = current_managed_parameters->max_frame_size; + +#ifdef DEBUG + printf(KYEL "----- Crypto_TM_ProcessSecurity END -----\n" RESET); +#endif + + mc_if->mc_log(status); + return status; + } + +/** + * @brief Function: Crypto_Get_tmLength + * Returns the total length of the current tm_frame in BYTES! + * @param len: int + * @return int32_t Length of TM + **/ +int32_t Crypto_Get_tmLength(int len) +{ +#ifdef FILL + len = TM_FILL_SIZE; +#else + len = TM_FRAME_PRIMARYHEADER_SIZE + TM_FRAME_SECHEADER_SIZE + len + TM_FRAME_SECTRAILER_SIZE + TM_FRAME_CLCW_SIZE; +#endif + + return len; +} + +/** + * @brief Function: Crypto_TM_updatePDU + * Update the Telemetry Payload Data Unit + * @param ingest: uint8_t* + * @param len_ingest: int + **/ +/** +void Crypto_TM_updatePDU(uint8_t* ingest, int len_ingest) +{ // Copy ingest to PDU + int x = 0; + // int y = 0; + // int fill_size = 0; + SecurityAssociation_t* sa_ptr; + + // Consider a helper function here, or elsewhere, to do all the 'math' in one spot as a global accessible list of variables + if (sa_if->sa_get_from_spi(tm_frame[0], &sa_ptr) != CRYPTO_LIB_SUCCESS) // modify + { + // TODO - Error handling + printf(KRED"Update PDU Error!\n"); + return; // Error -- unable to get SA from SPI. + } + if ((sa_ptr->est == 1) && (sa_ptr->ast == 1)) + { + // fill_size = 1129 - MAC_SIZE - IV_SIZE + 2; // +2 for padding bytes + } + else + { + // fill_size = 1129; + } +#ifdef TM_ZERO_FILL + for (x = 0; x < TM_FILL_SIZE; x++) + { + if (x < len_ingest) + { // Fill + tm_frame.tm_pdu[x] = (uint8_t)ingest[x]; + } + else + { // Zero + tm_frame.tm_pdu[x] = 0x00; + } + } +#else + // Pre-append remaining packet if exist + // if (tm_offset == 63) + // { + // tm_frame.tm_pdu[x++] = 0xff; + // tm_offset--; + // } + // if (tm_offset == 62) + // { + // tm_frame.tm_pdu[x++] = 0x00; + // tm_offset--; + // } + // if (tm_offset == 61) + // { + // tm_frame.tm_pdu[x++] = 0x00; + // tm_offset--; + // } + // if (tm_offset == 60) + // { + // tm_frame.tm_pdu[x++] = 0x00; + // tm_offset--; + // } + // if (tm_offset == 59) + // { + // tm_frame.tm_pdu[x++] = 0x39; + // tm_offset--; + // } + // while (x < tm_offset) + // { + // tm_frame.tm_pdu[x] = 0x00; + // x++; + // } + // Copy actual packet + while (x < len_ingest + tm_offset) + { + // printf("%s, Line: %d\n", __FILE__, __LINE__); + // printf("ingest[x - tm_offset] = 0x%02x \n", (uint8_t)ingest[x - tm_offset]); + printf("%02X", (uint8_t)ingest[x - tm_offset]); + // tm_frame.tm_pdu[x] = (uint8_t)ingest[x - tm_offset]; + x++; + } +#ifdef TM_IDLE_FILL + // Check for idle frame trigger + if (((uint8_t)ingest[0] == 0x08) && ((uint8_t)ingest[1] == 0x90)) + { + // Don't fill idle frames + } + else + { + // while (x < (fill_size - 64)) + // { + // tm_frame.tm_pdu[x++] = 0x07; + // tm_frame.tm_pdu[x++] = 0xff; + // tm_frame.tm_pdu[x++] = 0x00; + // tm_frame.tm_pdu[x++] = 0x00; + // tm_frame.tm_pdu[x++] = 0x00; + // tm_frame.tm_pdu[x++] = 0x39; + // for (y = 0; y < 58; y++) + // { + // tm_frame.tm_pdu[x++] = 0x00; + // } + // } + // Add partial packet, if possible, and set offset + // if (x < fill_size) + // { + // tm_frame.tm_pdu[x++] = 0x07; + // tm_offset = 63; + // } + // if (x < fill_size) + // { + // tm_frame.tm_pdu[x++] = 0xff; + // tm_offset--; + // } + // if (x < fill_size) + // { + // tm_frame.tm_pdu[x++] = 0x00; + // tm_offset--; + // } + // if (x < fill_size) + // { + // tm_frame.tm_pdu[x++] = 0x00; + // tm_offset--; + // } + // if (x < fill_size) + // { + // tm_frame.tm_pdu[x++] = 0x00; + // tm_offset--; + // } + // if (x < fill_size) + // { + // tm_frame.tm_pdu[x++] = 0x39; + // tm_offset--; + // } + // for (y = 0; x < fill_size; y++) + // { + // tm_frame.tm_pdu[x++] = 00; + // tm_offset--; + // } + } + // while (x < TM_FILL_SIZE) + // { + // tm_frame.tm_pdu[x++] = 0x00; + // } +#endif +#endif + + return; +} + **/ +/** + * @brief Function: Crypto_TM_updateOCF + * Update the TM OCF + **/ +/** +void Crypto_TM_updateOCF(void) +{ + // TODO + if (ocf == 0) + { // CLCW + clcw.vci = tm_frame.tm_header.vcid; + + tm_frame.tm_sec_trailer.ocf[0] = (clcw.cwt << 7) | (clcw.cvn << 5) | (clcw.sf << 2) | (clcw.cie); + tm_frame.tm_sec_trailer.ocf[1] = (clcw.vci << 2) | (clcw.spare0); + tm_frame.tm_sec_trailer.ocf[2] = (clcw.nrfa << 7) | (clcw.nbl << 6) | (clcw.lo << 5) | (clcw.wait << 4) | + (clcw.rt << 3) | (clcw.fbc << 1) | (clcw.spare1); + tm_frame.tm_sec_trailer.ocf[3] = (clcw.rv); + // Alternate OCF + ocf = 1; +#ifdef OCF_DEBUG + Crypto_clcwPrint(&clcw); +#endif + } + else + { // FSR + tm_frame.tm_sec_trailer.ocf[0] = (report.cwt << 7) | (report.vnum << 4) | (report.af << 3) | + (report.bsnf << 2) | (report.bmacf << 1) | (report.ispif); + tm_frame.tm_sec_trailer.ocf[1] = (report.lspiu & 0xFF00) >> 8; + tm_frame.tm_sec_trailer.ocf[2] = (report.lspiu & 0x00FF); + tm_frame.tm_sec_trailer.ocf[3] = (report.snval); + // Alternate OCF + ocf = 0; +#ifdef OCF_DEBUG + Crypto_fsrPrint(&report); +#endif + } +} + **/ + +/** + * @brief Function: Crypto_Prepare_TM_AAD + * Bitwise ANDs buffer with abm, placing results in aad buffer + * @param buffer: uint8_t* + * @param len_aad: uint16_t + * @param abm_buffer: uint8_t* + * @param aad: uint8_t* + * @return status: uint32_t + **/ +uint32_t Crypto_Prepare_TM_AAD(const uint8_t* buffer, uint16_t len_aad, const uint8_t* abm_buffer, uint8_t* aad) +{ + uint32_t status = CRYPTO_LIB_SUCCESS; + int i; + + for (i = 0; i < len_aad; i++) + { + aad[i] = buffer[i] & abm_buffer[i]; + } + +#ifdef MAC_DEBUG + printf(KYEL "AAD before ABM Bitmask:\n\t"); + for (i = 0; i < len_aad; i++) + { + printf("%02x", buffer[i]); + } + printf("\n" RESET); +#endif + +#ifdef MAC_DEBUG + printf(KYEL "Preparing AAD:\n"); + printf("\tUsing AAD Length of %d\n\t", len_aad); + for (i = 0; i < len_aad; i++) + { + printf("%02x", aad[i]); + } + printf("\n" RESET); +#endif + + return status; +} \ No newline at end of file diff --git a/src/src_main/crypto_user.c b/src/core/crypto_user.c similarity index 92% rename from src/src_main/crypto_user.c rename to src/core/crypto_user.c index a9e510ef..b35617b9 100644 --- a/src/src_main/crypto_user.c +++ b/src/core/crypto_user.c @@ -123,21 +123,23 @@ int32_t Crypto_User_ModifyKey(void) // Local variables uint16_t kid = ((uint8_t)sdls_frame.pdu.data[0] << 8) | ((uint8_t)sdls_frame.pdu.data[1]); uint8_t mod = (uint8_t)sdls_frame.pdu.data[2]; - crypto_key_t* ek_ring = cryptography_if->get_ek_ring(); - if ( ek_ring == NULL ) + crypto_key_t* ekp = NULL; + + ekp = key_if->get_key(kid); + if (ekp == NULL) { - return CRYPTOGRAPHY_UNSUPPORTED_OPERATION_FOR_KEY_RING; + return CRYPTO_LIB_ERR_KEY_ID_ERROR; } switch (mod) { case 1: // Invalidate Key - ek_ring[kid].value[KEY_SIZE - 1]++; + ekp->value[KEY_SIZE - 1]++; printf("Key %d value invalidated! \n", kid); break; case 2: // Modify key state - ek_ring[kid].key_state = (uint8_t)sdls_frame.pdu.data[3] & 0x0F; + ekp->key_state = (uint8_t)sdls_frame.pdu.data[3] & 0x0F; printf("Key %d state changed to %d! \n", kid, mod); break; default: @@ -175,7 +177,7 @@ int32_t Crypto_User_ModifyVCID(void) for (i = 0; i < NUM_GVCID; i++) { - if (sadb_routine->sadb_get_sa_from_spi(i, &sa_ptr) != CRYPTO_LIB_SUCCESS) + if (sa_if->sa_get_from_spi(i, &sa_ptr) != CRYPTO_LIB_SUCCESS) { // TODO - Error handling return CRYPTO_LIB_ERROR; // Error -- unable to get SA from SPI. diff --git a/src/src_cryptography/src_kmc_crypto_service/base64.c b/src/crypto/kmc/base64.c similarity index 100% rename from src/src_cryptography/src_kmc_crypto_service/base64.c rename to src/crypto/kmc/base64.c diff --git a/src/src_cryptography/src_kmc_crypto_service/base64.h b/src/crypto/kmc/base64.h similarity index 96% rename from src/src_cryptography/src_kmc_crypto_service/base64.h rename to src/crypto/kmc/base64.h index 1a84f7c9..5d21290c 100644 --- a/src/src_cryptography/src_kmc_crypto_service/base64.h +++ b/src/crypto/kmc/base64.h @@ -28,8 +28,8 @@ * @version 2.1.2 **/ -#ifndef _BASE64_H -#define _BASE64_H +#ifndef BASE64_H +#define BASE64_H #include #include @@ -60,4 +60,4 @@ int32_t base64Decode(const char_t* input, size_t inputLen, void* output, } #endif -#endif \ No newline at end of file +#endif //BASE64_H \ No newline at end of file diff --git a/src/src_cryptography/src_kmc_crypto_service/base64url.c b/src/crypto/kmc/base64url.c similarity index 100% rename from src/src_cryptography/src_kmc_crypto_service/base64url.c rename to src/crypto/kmc/base64url.c diff --git a/src/src_cryptography/src_kmc_crypto_service/base64url.h b/src/crypto/kmc/base64url.h similarity index 97% rename from src/src_cryptography/src_kmc_crypto_service/base64url.h rename to src/crypto/kmc/base64url.h index 61facebb..cf06f744 100644 --- a/src/src_cryptography/src_kmc_crypto_service/base64url.h +++ b/src/crypto/kmc/base64url.h @@ -30,8 +30,8 @@ // https://www.oryx-embedded.com/doc/base64_8h_source.html -#ifndef _BASE64URL_H -#define _BASE64URL_H +#ifndef BASE64URL_H +#define BASE64URL_H #include #include @@ -69,4 +69,4 @@ int32_t base64urlDecode(const char_t* input, size_t inputLen, void* output, } #endif -#endif \ No newline at end of file +#endif //BASE64URL_H \ No newline at end of file diff --git a/src/src_cryptography/src_kmc_crypto_service/cryptography_interface_kmc_crypto_service.template.c b/src/crypto/kmc/cryptography_interface_kmc_crypto_service.template.c similarity index 99% rename from src/src_cryptography/src_kmc_crypto_service/cryptography_interface_kmc_crypto_service.template.c rename to src/crypto/kmc/cryptography_interface_kmc_crypto_service.template.c index f4730430..94bb8b0a 100644 --- a/src/src_cryptography/src_kmc_crypto_service/cryptography_interface_kmc_crypto_service.template.c +++ b/src/crypto/kmc/cryptography_interface_kmc_crypto_service.template.c @@ -44,7 +44,6 @@ typedef struct { // Cryptography Interface Initialization & Management Functions static int32_t cryptography_config(void); static int32_t cryptography_init(void); -static crypto_key_t* get_ek_ring(void); static int32_t cryptography_shutdown(void); // Cryptography Interface Functions static int32_t cryptography_encrypt(uint8_t* data_out, size_t len_data_out, @@ -148,7 +147,6 @@ CryptographyInterface get_cryptography_interface_kmc_crypto_service(void) { cryptography_if_struct.cryptography_config = cryptography_config; cryptography_if_struct.cryptography_init = cryptography_init; - cryptography_if_struct.get_ek_ring = get_ek_ring; cryptography_if_struct.cryptography_shutdown = cryptography_shutdown; cryptography_if_struct.cryptography_encrypt = cryptography_encrypt; cryptography_if_struct.cryptography_decrypt = cryptography_decrypt; @@ -267,11 +265,6 @@ static int32_t cryptography_init(void) kmc_root_uri = NULL; return status; } -static crypto_key_t* get_ek_ring(void) -{ - fprintf(stderr, "Attempting to access key ring with KMC Crypto Service. This shouldn't happen!\n "); - return NULL; -} static int32_t cryptography_shutdown(void) { if(curl){ diff --git a/src/src_cryptography/src_kmc_crypto_service/jsmn.h b/src/crypto/kmc/jsmn.h similarity index 100% rename from src/src_cryptography/src_kmc_crypto_service/jsmn.h rename to src/crypto/kmc/jsmn.h diff --git a/src/src_feature_stubs/cryptography_kmc_stub/cryptography_interface_kmc.stub.c b/src/crypto/kmc_stub/cryptography_interface_kmc.stub.c similarity index 74% rename from src/src_feature_stubs/cryptography_kmc_stub/cryptography_interface_kmc.stub.c rename to src/crypto/kmc_stub/cryptography_interface_kmc.stub.c index 42386080..eb33eeb9 100644 --- a/src/src_feature_stubs/cryptography_kmc_stub/cryptography_interface_kmc.stub.c +++ b/src/crypto/kmc_stub/cryptography_interface_kmc.stub.c @@ -14,10 +14,7 @@ #include "cryptography_interface.h" -static CryptographyInterfaceStruct cryptography_if; - CryptographyInterface get_cryptography_interface_kmc_crypto_service(void) { - fprintf(stderr,"ERROR: Loading KMC Crypto Service cryptography interface stub source code. Rebuild CryptoLib with -DKMCCRYPTO=ON to use proper KMC Crytpo Service implementation.\n"); - return &cryptography_if; + return NULL; } \ No newline at end of file diff --git a/src/src_cryptography/src_libgcrypt/cryptography_interface_libgcrypt.template.c b/src/crypto/libgcrypt/cryptography_interface_libgcrypt.template.c similarity index 68% rename from src/src_cryptography/src_libgcrypt/cryptography_interface_libgcrypt.template.c rename to src/crypto/libgcrypt/cryptography_interface_libgcrypt.template.c index 60849e80..7b8ea32f 100644 --- a/src/src_cryptography/src_libgcrypt/cryptography_interface_libgcrypt.template.c +++ b/src/crypto/libgcrypt/cryptography_interface_libgcrypt.template.c @@ -23,7 +23,6 @@ // Cryptography Interface Initialization & Management Functions static int32_t cryptography_config(void); static int32_t cryptography_init(void); -static crypto_key_t* get_ek_ring(void); static int32_t cryptography_shutdown(void); // Cryptography Interface Functions static int32_t cryptography_encrypt(uint8_t* data_out, size_t len_data_out, @@ -78,8 +77,6 @@ static int32_t cryptography_get_ecs_mode(int8_t algo_enum); /* ** Module Variables */ -// Security -static crypto_key_t ek_ring[NUM_KEYS] = {0}; // Cryptography Interface static CryptographyInterfaceStruct cryptography_if_struct; @@ -87,7 +84,6 @@ CryptographyInterface get_cryptography_interface_libgcrypt(void) { cryptography_if_struct.cryptography_config = cryptography_config; cryptography_if_struct.cryptography_init = cryptography_init; - cryptography_if_struct.get_ek_ring = get_ek_ring; cryptography_if_struct.cryptography_shutdown = cryptography_shutdown; cryptography_if_struct.cryptography_encrypt = cryptography_encrypt; cryptography_if_struct.cryptography_decrypt = cryptography_decrypt; @@ -102,444 +98,9 @@ CryptographyInterface get_cryptography_interface_libgcrypt(void) static int32_t cryptography_config(void) { - int32_t status = CRYPTO_LIB_SUCCESS; - - // Master Keys - // 0 - 000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F -> ACTIVE - ek_ring[0].value[0] = 0x00; - ek_ring[0].value[1] = 0x01; - ek_ring[0].value[2] = 0x02; - ek_ring[0].value[3] = 0x03; - ek_ring[0].value[4] = 0x04; - ek_ring[0].value[5] = 0x05; - ek_ring[0].value[6] = 0x06; - ek_ring[0].value[7] = 0x07; - ek_ring[0].value[8] = 0x08; - ek_ring[0].value[9] = 0x09; - ek_ring[0].value[10] = 0x0A; - ek_ring[0].value[11] = 0x0B; - ek_ring[0].value[12] = 0x0C; - ek_ring[0].value[13] = 0x0D; - ek_ring[0].value[14] = 0x0E; - ek_ring[0].value[15] = 0x0F; - ek_ring[0].value[16] = 0x00; - ek_ring[0].value[17] = 0x01; - ek_ring[0].value[18] = 0x02; - ek_ring[0].value[19] = 0x03; - ek_ring[0].value[20] = 0x04; - ek_ring[0].value[21] = 0x05; - ek_ring[0].value[22] = 0x06; - ek_ring[0].value[23] = 0x07; - ek_ring[0].value[24] = 0x08; - ek_ring[0].value[25] = 0x09; - ek_ring[0].value[26] = 0x0A; - ek_ring[0].value[27] = 0x0B; - ek_ring[0].value[28] = 0x0C; - ek_ring[0].value[29] = 0x0D; - ek_ring[0].value[30] = 0x0E; - ek_ring[0].value[31] = 0x0F; - ek_ring[0].key_len = 32; - ek_ring[0].key_state = KEY_ACTIVE; - // 1 - 101112131415161718191A1B1C1D1E1F101112131415161718191A1B1C1D1E1F -> ACTIVE - ek_ring[1].value[0] = 0x10; - ek_ring[1].value[1] = 0x11; - ek_ring[1].value[2] = 0x12; - ek_ring[1].value[3] = 0x13; - ek_ring[1].value[4] = 0x14; - ek_ring[1].value[5] = 0x15; - ek_ring[1].value[6] = 0x16; - ek_ring[1].value[7] = 0x17; - ek_ring[1].value[8] = 0x18; - ek_ring[1].value[9] = 0x19; - ek_ring[1].value[10] = 0x1A; - ek_ring[1].value[11] = 0x1B; - ek_ring[1].value[12] = 0x1C; - ek_ring[1].value[13] = 0x1D; - ek_ring[1].value[14] = 0x1E; - ek_ring[1].value[15] = 0x1F; - ek_ring[1].value[16] = 0x10; - ek_ring[1].value[17] = 0x11; - ek_ring[1].value[18] = 0x12; - ek_ring[1].value[19] = 0x13; - ek_ring[1].value[20] = 0x14; - ek_ring[1].value[21] = 0x15; - ek_ring[1].value[22] = 0x16; - ek_ring[1].value[23] = 0x17; - ek_ring[1].value[24] = 0x18; - ek_ring[1].value[25] = 0x19; - ek_ring[1].value[26] = 0x1A; - ek_ring[1].value[27] = 0x1B; - ek_ring[1].value[28] = 0x1C; - ek_ring[1].value[29] = 0x1D; - ek_ring[1].value[30] = 0x1E; - ek_ring[1].value[31] = 0x1F; - ek_ring[1].key_len = 32; - ek_ring[1].key_state = KEY_ACTIVE; - // 2 - 202122232425262728292A2B2C2D2E2F202122232425262728292A2B2C2D2E2F -> ACTIVE - ek_ring[2].value[0] = 0x20; - ek_ring[2].value[1] = 0x21; - ek_ring[2].value[2] = 0x22; - ek_ring[2].value[3] = 0x23; - ek_ring[2].value[4] = 0x24; - ek_ring[2].value[5] = 0x25; - ek_ring[2].value[6] = 0x26; - ek_ring[2].value[7] = 0x27; - ek_ring[2].value[8] = 0x28; - ek_ring[2].value[9] = 0x29; - ek_ring[2].value[10] = 0x2A; - ek_ring[2].value[11] = 0x2B; - ek_ring[2].value[12] = 0x2C; - ek_ring[2].value[13] = 0x2D; - ek_ring[2].value[14] = 0x2E; - ek_ring[2].value[15] = 0x2F; - ek_ring[2].value[16] = 0x20; - ek_ring[2].value[17] = 0x21; - ek_ring[2].value[18] = 0x22; - ek_ring[2].value[19] = 0x23; - ek_ring[2].value[20] = 0x24; - ek_ring[2].value[21] = 0x25; - ek_ring[2].value[22] = 0x26; - ek_ring[2].value[23] = 0x27; - ek_ring[2].value[24] = 0x28; - ek_ring[2].value[25] = 0x29; - ek_ring[2].value[26] = 0x2A; - ek_ring[2].value[27] = 0x2B; - ek_ring[2].value[28] = 0x2C; - ek_ring[2].value[29] = 0x2D; - ek_ring[2].value[30] = 0x2E; - ek_ring[2].value[31] = 0x2F; - ek_ring[2].key_len = 32; - ek_ring[2].key_state = KEY_ACTIVE; - - // Session Keys - // 128 - 0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF -> ACTIVE - ek_ring[128].value[0] = 0x01; - ek_ring[128].value[1] = 0x23; - ek_ring[128].value[2] = 0x45; - ek_ring[128].value[3] = 0x67; - ek_ring[128].value[4] = 0x89; - ek_ring[128].value[5] = 0xAB; - ek_ring[128].value[6] = 0xCD; - ek_ring[128].value[7] = 0xEF; - ek_ring[128].value[8] = 0x01; - ek_ring[128].value[9] = 0x23; - ek_ring[128].value[10] = 0x45; - ek_ring[128].value[11] = 0x67; - ek_ring[128].value[12] = 0x89; - ek_ring[128].value[13] = 0xAB; - ek_ring[128].value[14] = 0xCD; - ek_ring[128].value[15] = 0xEF; - ek_ring[128].value[16] = 0x01; - ek_ring[128].value[17] = 0x23; - ek_ring[128].value[18] = 0x45; - ek_ring[128].value[19] = 0x67; - ek_ring[128].value[20] = 0x89; - ek_ring[128].value[21] = 0xAB; - ek_ring[128].value[22] = 0xCD; - ek_ring[128].value[23] = 0xEF; - ek_ring[128].value[24] = 0x01; - ek_ring[128].value[25] = 0x23; - ek_ring[128].value[26] = 0x45; - ek_ring[128].value[27] = 0x67; - ek_ring[128].value[28] = 0x89; - ek_ring[128].value[29] = 0xAB; - ek_ring[128].value[30] = 0xCD; - ek_ring[128].value[31] = 0xEF; - ek_ring[128].key_len = 32; - ek_ring[128].key_state = KEY_ACTIVE; - // 129 - ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789 -> ACTIVE - ek_ring[129].value[0] = 0xAB; - ek_ring[129].value[1] = 0xCD; - ek_ring[129].value[2] = 0xEF; - ek_ring[129].value[3] = 0x01; - ek_ring[129].value[4] = 0x23; - ek_ring[129].value[5] = 0x45; - ek_ring[129].value[6] = 0x67; - ek_ring[129].value[7] = 0x89; - ek_ring[129].value[8] = 0xAB; - ek_ring[129].value[9] = 0xCD; - ek_ring[129].value[10] = 0xEF; - ek_ring[129].value[11] = 0x01; - ek_ring[129].value[12] = 0x23; - ek_ring[129].value[13] = 0x45; - ek_ring[129].value[14] = 0x67; - ek_ring[129].value[15] = 0x89; - ek_ring[129].value[16] = 0xAB; - ek_ring[129].value[17] = 0xCD; - ek_ring[129].value[18] = 0xEF; - ek_ring[129].value[19] = 0x01; - ek_ring[129].value[20] = 0x23; - ek_ring[129].value[21] = 0x45; - ek_ring[129].value[22] = 0x67; - ek_ring[129].value[23] = 0x89; - ek_ring[129].value[24] = 0xAB; - ek_ring[129].value[25] = 0xCD; - ek_ring[129].value[26] = 0xEF; - ek_ring[129].value[27] = 0x01; - ek_ring[129].value[28] = 0x23; - ek_ring[129].value[29] = 0x45; - ek_ring[129].value[30] = 0x67; - ek_ring[129].value[31] = 0x89; - ek_ring[129].key_len = 32; - ek_ring[129].key_state = KEY_ACTIVE; - // 130 - FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210 -> ACTIVE - ek_ring[130].value[0] = 0xFE; - ek_ring[130].value[1] = 0xDC; - ek_ring[130].value[2] = 0xBA; - ek_ring[130].value[3] = 0x98; - ek_ring[130].value[4] = 0x76; - ek_ring[130].value[5] = 0x54; - ek_ring[130].value[6] = 0x32; - ek_ring[130].value[7] = 0x10; - ek_ring[130].value[8] = 0xFE; - ek_ring[130].value[9] = 0xDC; - ek_ring[130].value[10] = 0xBA; - ek_ring[130].value[11] = 0x98; - ek_ring[130].value[12] = 0x76; - ek_ring[130].value[13] = 0x54; - ek_ring[130].value[14] = 0x32; - ek_ring[130].value[15] = 0x10; - ek_ring[130].value[16] = 0xFE; - ek_ring[130].value[17] = 0xDC; - ek_ring[130].value[18] = 0xBA; - ek_ring[130].value[19] = 0x98; - ek_ring[130].value[20] = 0x76; - ek_ring[130].value[21] = 0x54; - ek_ring[130].value[22] = 0x32; - ek_ring[130].value[23] = 0x10; - ek_ring[130].value[24] = 0xFE; - ek_ring[130].value[25] = 0xDC; - ek_ring[130].value[26] = 0xBA; - ek_ring[130].value[27] = 0x98; - ek_ring[130].value[28] = 0x76; - ek_ring[130].value[29] = 0x54; - ek_ring[130].value[30] = 0x32; - ek_ring[130].value[31] = 0x10; - ek_ring[130].key_len = 32; - ek_ring[130].key_state = KEY_ACTIVE; - // 131 - 9876543210FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210FEDCBA -> ACTIVE - ek_ring[131].value[0] = 0x98; - ek_ring[131].value[1] = 0x76; - ek_ring[131].value[2] = 0x54; - ek_ring[131].value[3] = 0x32; - ek_ring[131].value[4] = 0x10; - ek_ring[131].value[5] = 0xFE; - ek_ring[131].value[6] = 0xDC; - ek_ring[131].value[7] = 0xBA; - ek_ring[131].value[8] = 0x98; - ek_ring[131].value[9] = 0x76; - ek_ring[131].value[10] = 0x54; - ek_ring[131].value[11] = 0x32; - ek_ring[131].value[12] = 0x10; - ek_ring[131].value[13] = 0xFE; - ek_ring[131].value[14] = 0xDC; - ek_ring[131].value[15] = 0xBA; - ek_ring[131].value[16] = 0x98; - ek_ring[131].value[17] = 0x76; - ek_ring[131].value[18] = 0x54; - ek_ring[131].value[19] = 0x32; - ek_ring[131].value[20] = 0x10; - ek_ring[131].value[21] = 0xFE; - ek_ring[131].value[22] = 0xDC; - ek_ring[131].value[23] = 0xBA; - ek_ring[131].value[24] = 0x98; - ek_ring[131].value[25] = 0x76; - ek_ring[131].value[26] = 0x54; - ek_ring[131].value[27] = 0x32; - ek_ring[131].value[28] = 0x10; - ek_ring[131].value[29] = 0xFE; - ek_ring[131].value[30] = 0xDC; - ek_ring[131].value[31] = 0xBA; - ek_ring[131].key_len = 32; - ek_ring[131].key_state = KEY_ACTIVE; - // 132 - 0123456789ABCDEFABCDEF01234567890123456789ABCDEFABCDEF0123456789 -> PRE_ACTIVATION - ek_ring[132].value[0] = 0x01; - ek_ring[132].value[1] = 0x23; - ek_ring[132].value[2] = 0x45; - ek_ring[132].value[3] = 0x67; - ek_ring[132].value[4] = 0x89; - ek_ring[132].value[5] = 0xAB; - ek_ring[132].value[6] = 0xCD; - ek_ring[132].value[7] = 0xEF; - ek_ring[132].value[8] = 0xAB; - ek_ring[132].value[9] = 0xCD; - ek_ring[132].value[10] = 0xEF; - ek_ring[132].value[11] = 0x01; - ek_ring[132].value[12] = 0x23; - ek_ring[132].value[13] = 0x45; - ek_ring[132].value[14] = 0x67; - ek_ring[132].value[15] = 0x89; - ek_ring[132].value[16] = 0x01; - ek_ring[132].value[17] = 0x23; - ek_ring[132].value[18] = 0x45; - ek_ring[132].value[19] = 0x67; - ek_ring[132].value[20] = 0x89; - ek_ring[132].value[21] = 0xAB; - ek_ring[132].value[22] = 0xCD; - ek_ring[132].value[23] = 0xEF; - ek_ring[132].value[24] = 0xAB; - ek_ring[132].value[25] = 0xCD; - ek_ring[132].value[26] = 0xEF; - ek_ring[132].value[27] = 0x01; - ek_ring[132].value[28] = 0x23; - ek_ring[132].value[29] = 0x45; - ek_ring[132].value[30] = 0x67; - ek_ring[132].value[31] = 0x89; - ek_ring[132].key_len = 32; - ek_ring[132].key_state = KEY_PREACTIVE; - // 133 - ABCDEF01234567890123456789ABCDEFABCDEF01234567890123456789ABCDEF -> ACTIVE - ek_ring[133].value[0] = 0xAB; - ek_ring[133].value[1] = 0xCD; - ek_ring[133].value[2] = 0xEF; - ek_ring[133].value[3] = 0x01; - ek_ring[133].value[4] = 0x23; - ek_ring[133].value[5] = 0x45; - ek_ring[133].value[6] = 0x67; - ek_ring[133].value[7] = 0x89; - ek_ring[133].value[8] = 0x01; - ek_ring[133].value[9] = 0x23; - ek_ring[133].value[10] = 0x45; - ek_ring[133].value[11] = 0x67; - ek_ring[133].value[12] = 0x89; - ek_ring[133].value[13] = 0xAB; - ek_ring[133].value[14] = 0xCD; - ek_ring[133].value[15] = 0xEF; - ek_ring[133].value[16] = 0xAB; - ek_ring[133].value[17] = 0xCD; - ek_ring[133].value[18] = 0xEF; - ek_ring[133].value[19] = 0x01; - ek_ring[133].value[20] = 0x23; - ek_ring[133].value[21] = 0x45; - ek_ring[133].value[22] = 0x67; - ek_ring[133].value[23] = 0x89; - ek_ring[133].value[24] = 0x01; - ek_ring[133].value[25] = 0x23; - ek_ring[133].value[26] = 0x45; - ek_ring[133].value[27] = 0x67; - ek_ring[133].value[28] = 0x89; - ek_ring[133].value[29] = 0xAB; - ek_ring[133].value[30] = 0xCD; - ek_ring[133].value[31] = 0xEF; - ek_ring[133].key_len = 32; - ek_ring[133].key_state = KEY_ACTIVE; - // 134 - ABCDEF0123456789FEDCBA9876543210ABCDEF0123456789FEDCBA9876543210 -> DEACTIVE - ek_ring[134].value[0] = 0xAB; - ek_ring[134].value[1] = 0xCD; - ek_ring[134].value[2] = 0xEF; - ek_ring[134].value[3] = 0x01; - ek_ring[134].value[4] = 0x23; - ek_ring[134].value[5] = 0x45; - ek_ring[134].value[6] = 0x67; - ek_ring[134].value[7] = 0x89; - ek_ring[134].value[8] = 0xFE; - ek_ring[134].value[9] = 0xDC; - ek_ring[134].value[10] = 0xBA; - ek_ring[134].value[11] = 0x98; - ek_ring[134].value[12] = 0x76; - ek_ring[134].value[13] = 0x54; - ek_ring[134].value[14] = 0x32; - ek_ring[134].value[15] = 0x10; - ek_ring[134].value[16] = 0xAB; - ek_ring[134].value[17] = 0xCD; - ek_ring[134].value[18] = 0xEF; - ek_ring[134].value[19] = 0x01; - ek_ring[134].value[20] = 0x23; - ek_ring[134].value[21] = 0x45; - ek_ring[134].value[22] = 0x67; - ek_ring[134].value[23] = 0x89; - ek_ring[134].value[24] = 0xFE; - ek_ring[134].value[25] = 0xDC; - ek_ring[134].value[26] = 0xBA; - ek_ring[134].value[27] = 0x98; - ek_ring[134].value[28] = 0x76; - ek_ring[134].value[29] = 0x54; - ek_ring[134].value[30] = 0x32; - ek_ring[134].value[31] = 0x10; - ek_ring[134].key_len = 32; - ek_ring[134].key_state = KEY_DEACTIVATED; - - // 135 - ABCDEF0123456789FEDCBA9876543210ABCDEF0123456789FEDCBA9876543210 -> DEACTIVE - ek_ring[135].value[0] = 0x00; - ek_ring[135].value[1] = 0x00; - ek_ring[135].value[2] = 0x00; - ek_ring[135].value[3] = 0x00; - ek_ring[135].value[4] = 0x00; - ek_ring[135].value[5] = 0x00; - ek_ring[135].value[6] = 0x00; - ek_ring[135].value[7] = 0x00; - ek_ring[135].value[8] = 0x00; - ek_ring[135].value[9] = 0x00; - ek_ring[135].value[10] = 0x00; - ek_ring[135].value[11] = 0x00; - ek_ring[135].value[12] = 0x00; - ek_ring[135].value[13] = 0x00; - ek_ring[135].value[14] = 0x00; - ek_ring[135].value[15] = 0x00; - ek_ring[135].value[16] = 0x00; - ek_ring[135].value[17] = 0x00; - ek_ring[135].value[18] = 0x00; - ek_ring[135].value[19] = 0x00; - ek_ring[135].value[20] = 0x00; - ek_ring[135].value[21] = 0x00; - ek_ring[135].value[22] = 0x00; - ek_ring[135].value[23] = 0x00; - ek_ring[135].value[24] = 0x00; - ek_ring[135].value[25] = 0x00; - ek_ring[135].value[26] = 0x00; - ek_ring[135].value[27] = 0x00; - ek_ring[135].value[28] = 0x00; - ek_ring[135].value[29] = 0x00; - ek_ring[135].value[30] = 0x00; - ek_ring[135].value[31] = 0x00; - ek_ring[135].key_len = 32; - ek_ring[135].key_state = KEY_DEACTIVATED; - - // 136 - ff9f9284cf599eac3b119905a7d18851e7e374cf63aea04358586b0f757670f9 - // Reference: - // https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/mac/gcmtestvectors.zip - ek_ring[136].value[0] = 0xff; - ek_ring[136].value[1] = 0x9f; - ek_ring[136].value[2] = 0x92; - ek_ring[136].value[3] = 0x84; - ek_ring[136].value[4] = 0xcf; - ek_ring[136].value[5] = 0x59; - ek_ring[136].value[6] = 0x9e; - ek_ring[136].value[7] = 0xac; - ek_ring[136].value[8] = 0x3b; - ek_ring[136].value[9] = 0x11; - ek_ring[136].value[10] = 0x99; - ek_ring[136].value[11] = 0x05; - ek_ring[136].value[12] = 0xa7; - ek_ring[136].value[13] = 0xd1; - ek_ring[136].value[14] = 0x88; - ek_ring[136].value[15] = 0x51; - ek_ring[136].value[16] = 0xe7; - ek_ring[136].value[17] = 0xe3; - ek_ring[136].value[18] = 0x74; - ek_ring[136].value[19] = 0xcf; - ek_ring[136].value[20] = 0x63; - ek_ring[136].value[21] = 0xae; - ek_ring[136].value[22] = 0xa0; - ek_ring[136].value[23] = 0x43; - ek_ring[136].value[24] = 0x58; - ek_ring[136].value[25] = 0x58; - ek_ring[136].value[26] = 0x6b; - ek_ring[136].value[27] = 0x0f; - ek_ring[136].value[28] = 0x75; - ek_ring[136].value[29] = 0x76; - ek_ring[136].value[30] = 0x70; - ek_ring[136].value[31] = 0xf9; - ek_ring[136].key_len = 32; - ek_ring[136].key_state = KEY_DEACTIVATED; - - return status; -} -static crypto_key_t* get_ek_ring(void) -{ - return &ek_ring[0]; + return CRYPTO_LIB_SUCCESS; } - static int32_t cryptography_init(void) { int32_t status = CRYPTO_LIB_SUCCESS; @@ -574,10 +135,8 @@ static int32_t cryptography_authenticate(uint8_t* data_out, size_t len_data_out, int32_t status = CRYPTO_LIB_SUCCESS; uint8_t* key_ptr = key; - if(sa_ptr != NULL) //Using SA key pointer - { - key_ptr = &(ek_ring[sa_ptr->akid].value[0]); - } + sa_ptr = sa_ptr; // Unused in this implementation + // Need to copy the data over, since authentication won't change/move the data directly if(data_out != NULL) { @@ -599,12 +158,6 @@ static int32_t cryptography_authenticate(uint8_t* data_out, size_t len_data_out, return CRYPTO_LIB_ERR_UNSUPPORTED_ACS; } - // Check that key length to be used is atleast as long as the algo requirement - if (sa_ptr != NULL && len_key > ek_ring[sa_ptr->akid].key_len) - { - return CRYPTO_LIB_ERR_KEY_LENGTH_ERROR; - } - gcry_error = gcry_mac_open(&(tmp_mac_hd), algo, GCRY_MAC_FLAG_SECURE, NULL); if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR) { @@ -694,13 +247,12 @@ static int32_t cryptography_validate_authentication(uint8_t* data_out, size_t le uint8_t* key_ptr = key; size_t len_in = len_data_in; // Unused len_in = len_in; - if(sa_ptr != NULL) //Using SA key pointer - { - key_ptr = &(ek_ring[sa_ptr->akid].value[0]); - } + + sa_ptr = sa_ptr; // Unused in this implementation // Need to copy the data over, since authentication won't change/move the data directly // If you don't want data out, don't set a data out length + if(data_out != NULL) { memcpy(data_out, data_in, len_data_out); @@ -720,12 +272,6 @@ static int32_t cryptography_validate_authentication(uint8_t* data_out, size_t le return CRYPTO_LIB_ERR_UNSUPPORTED_ACS; } - // Check that key length to be used is atleast as long as the algo requirement - if (sa_ptr != NULL && len_key > ek_ring[sa_ptr->akid].key_len) - { - return CRYPTO_LIB_ERR_KEY_LENGTH_ERROR; - } - gcry_error = gcry_mac_open(&(tmp_mac_hd), algo, GCRY_MAC_FLAG_SECURE, NULL); if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR) { @@ -854,10 +400,7 @@ static int32_t cryptography_encrypt(uint8_t* data_out, size_t len_data_out, padding = padding; cam_cookies = cam_cookies; - if(sa_ptr != NULL) //Using SA key pointer - { - key_ptr = &(ek_ring[sa_ptr->ekid].value[0]); - } + sa_ptr = sa_ptr; // Unused in this implementation // Select correct libgcrypt algorith enum int32_t algo = -1; @@ -877,12 +420,9 @@ static int32_t cryptography_encrypt(uint8_t* data_out, size_t len_data_out, // Verify the mode to accompany the algorithm enum int32_t mode = -1; mode = cryptography_get_ecs_mode(*ecs); - if (mode == CRYPTO_LIB_ERR_UNSUPPORTED_MODE) return CRYPTO_LIB_ERR_UNSUPPORTED_MODE; - - // Check that key length to be used is atleast as long as the algo requirement - if (sa_ptr != NULL && len_key > ek_ring[sa_ptr->ekid].key_len) + if (mode == CRYPTO_LIB_ERR_UNSUPPORTED_MODE) { - return CRYPTO_LIB_ERR_KEY_LENGTH_ERROR; + return CRYPTO_LIB_ERR_UNSUPPORTED_MODE; } gcry_error = gcry_cipher_open(&(tmp_hd), algo, mode, GCRY_CIPHER_NONE); @@ -957,7 +497,7 @@ static int32_t cryptography_encrypt(uint8_t* data_out, size_t len_data_out, #ifdef TC_DEBUG printf("Output payload length is %ld\n", (long int) len_data_out); - printf(KYEL "Printing TC Frame Data after encryption:\n\t"); + printf(KYEL "Printing Frame Data after encryption:\n\t"); for (j = 0; j < len_data_out; j++) { printf("%02X", *(data_out + j)); @@ -988,10 +528,7 @@ static int32_t cryptography_aead_encrypt(uint8_t* data_out, size_t len_data_out, acs = acs; cam_cookies = cam_cookies; - if(sa_ptr != NULL) //Using SA key pointer - { - key_ptr = &(ek_ring[sa_ptr->ekid].value[0]); - } + sa_ptr = sa_ptr; // Unused in this implementation // Select correct libgcrypt ecs enum int32_t algo = -1; @@ -1012,12 +549,6 @@ static int32_t cryptography_aead_encrypt(uint8_t* data_out, size_t len_data_out, int32_t mode = -1; mode = cryptography_get_ecs_mode(*ecs); if (mode == CRYPTO_LIB_ERR_UNSUPPORTED_ECS_MODE) return CRYPTO_LIB_ERR_UNSUPPORTED_ECS_MODE; - - // Check that key length to be used is atleast as long as the algo requirement - if (sa_ptr != NULL && len_key > ek_ring[sa_ptr->ekid].key_len) - { - return CRYPTO_LIB_ERR_KEY_LENGTH_ERROR; - } // TODO: Get Flag Functionality if(mode == CRYPTO_CIPHER_AES256_CBC_MAC) @@ -1064,7 +595,7 @@ static int32_t cryptography_aead_encrypt(uint8_t* data_out, size_t len_data_out, return status; } -#ifdef TC_DEBUG +#ifdef DEBUG size_t j; printf("Input payload length is %ld\n", (long int) len_data_in); printf(KYEL "Printing Frame Data prior to encryption:\n\t"); @@ -1124,7 +655,7 @@ static int32_t cryptography_aead_encrypt(uint8_t* data_out, size_t len_data_out, #ifdef TC_DEBUG printf("Output payload length is %ld\n", (long int) len_data_out); - printf(KYEL "Printing TC Frame Data after encryption:\n\t"); + printf(KYEL "Printing Frame Data after encryption:\n\t"); for (j = 0; j < len_data_out; j++) { printf("%02X", *(data_out + j)); @@ -1178,10 +709,7 @@ static int32_t cryptography_decrypt(uint8_t* data_out, size_t len_data_out, acs = acs; cam_cookies = cam_cookies; - if(sa_ptr != NULL) //Using SA key pointer - { - key_ptr = &(ek_ring[sa_ptr->ekid].value[0]); - } + sa_ptr = sa_ptr; // Unused in this implementation // Select correct libgcrypt ecs enum int32_t algo = -1; @@ -1201,13 +729,10 @@ static int32_t cryptography_decrypt(uint8_t* data_out, size_t len_data_out, // Verify the mode to accompany the algorithm enum int32_t mode = -1; mode = cryptography_get_ecs_mode(*ecs); - if (mode == CRYPTO_LIB_ERR_UNSUPPORTED_MODE) return CRYPTO_LIB_ERR_UNSUPPORTED_MODE; - - // Check that key length to be used is atleast as long as the algo requirement - if (sa_ptr != NULL && len_key > ek_ring[sa_ptr->ekid].key_len) + if (mode == CRYPTO_LIB_ERR_UNSUPPORTED_MODE) { - return CRYPTO_LIB_ERR_KEY_LENGTH_ERROR; - } + return CRYPTO_LIB_ERR_UNSUPPORTED_MODE; + } gcry_error = gcry_cipher_open(&(tmp_hd), algo, mode, GCRY_CIPHER_NONE); if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR) @@ -1276,10 +801,7 @@ static int32_t cryptography_aead_decrypt(uint8_t* data_out, size_t len_data_out, acs = acs; cam_cookies = cam_cookies; - if(sa_ptr != NULL) //Using SA key pointer - { - key_ptr = &(ek_ring[sa_ptr->ekid].value[0]); - } + sa_ptr = sa_ptr; // Unused in this implementation // Select correct libgcrypt ecs enum int32_t algo = -1; @@ -1296,10 +818,12 @@ static int32_t cryptography_aead_decrypt(uint8_t* data_out, size_t len_data_out, return CRYPTO_LIB_ERR_NULL_ECS_PTR; } - // Check that key length to be used is atleast as long as the algo requirement - if (sa_ptr != NULL && len_key > ek_ring[sa_ptr->ekid].key_len) + // Sanity check for future developers + if (algo != GCRY_CIPHER_AES256) { - return CRYPTO_LIB_ERR_KEY_LENGTH_ERROR; + printf(KRED "Warning - only AES256 supported for AEAD decrypt - exiting!\n" RESET); + status = CRYPTO_LIB_ERR_UNSUPPORTED_ECS; + return status; } gcry_error = gcry_cipher_open(&(tmp_hd), GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_GCM, GCRY_CIPHER_NONE); @@ -1376,12 +900,40 @@ static int32_t cryptography_aead_decrypt(uint8_t* data_out, size_t len_data_out, return status; } } + if (authenticate_bool == CRYPTO_TRUE) { +/* +** *** !!!WARNING!!! +** *** This Debug block cannot be enabled during normal use, gettag fundamentally changes the +** *** gettag output +*/ +// #ifdef MAC_DEBUG +// printf("Received MAC is: \n\t0x:"); +// for (uint32_t i =0; i +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "crypto.h" +#include "crypto_error.h" +#include "cryptography_interface.h" + + +// Cryptography Interface Initialization & Management Functions +static int32_t cryptography_config(void); +static int32_t cryptography_init(void); +static int32_t cryptography_shutdown(void); +// Cryptography Interface Functions +static int32_t cryptography_encrypt(uint8_t* data_out, size_t len_data_out, + uint8_t* data_in, size_t len_data_in, + uint8_t* key, uint32_t len_key, + SecurityAssociation_t* sa_ptr, + uint8_t* iv, uint32_t iv_len,uint8_t* ecs, uint8_t padding, char* cam_cookies); +static int32_t cryptography_decrypt(uint8_t* data_out, size_t len_data_out, + uint8_t* data_in, size_t len_data_in, + uint8_t* key, uint32_t len_key, + SecurityAssociation_t* sa_ptr, + uint8_t* iv, uint32_t iv_len, + uint8_t* ecs, uint8_t* acs, char* cam_cookies); +static int32_t cryptography_authenticate(uint8_t* data_out, size_t len_data_out, + uint8_t* data_in, size_t len_data_in, + uint8_t* key, uint32_t len_key, + SecurityAssociation_t* sa_ptr, + uint8_t* iv, uint32_t iv_len, + uint8_t* mac, uint32_t mac_size, + uint8_t* aad, uint32_t aad_len, + uint8_t ecs, uint8_t acs, char* cam_cookies); +static int32_t cryptography_validate_authentication(uint8_t* data_out, size_t len_data_out, + const uint8_t* data_in, const size_t len_data_in, + uint8_t* key, uint32_t len_key, + SecurityAssociation_t* sa_ptr, + const uint8_t* iv, uint32_t iv_len, + const uint8_t* mac, uint32_t mac_size, + const uint8_t* aad, uint32_t aad_len, + uint8_t ecs, uint8_t acs, char* cam_cookies); +static int32_t cryptography_aead_encrypt(uint8_t* data_out, size_t len_data_out, + uint8_t* data_in, size_t len_data_in, + uint8_t* key, uint32_t len_key, + SecurityAssociation_t* sa_ptr, + uint8_t* iv, uint32_t iv_len, + uint8_t* mac, uint32_t mac_size, + uint8_t* aad, uint32_t aad_len, + uint8_t encrypt_bool, uint8_t authenticate_bool, + uint8_t aad_bool, uint8_t* ecs, uint8_t* acs, char* cam_cookies); +static int32_t cryptography_aead_decrypt(uint8_t* data_out, size_t len_data_out, + uint8_t* data_in, size_t len_data_in, + uint8_t* key, uint32_t len_key, + SecurityAssociation_t* sa_ptr, + uint8_t* iv, uint32_t iv_len, + uint8_t* mac, uint32_t mac_size, + uint8_t* aad, uint32_t aad_len, + uint8_t decrypt_bool, uint8_t authenticate_bool, + uint8_t aad_bool, uint8_t* ecs, uint8_t* acs, char* cam_cookies); +static int32_t cryptography_get_acs_algo(int8_t algo_enum); +static int32_t cryptography_get_ecs_algo(int8_t algo_enum); + +/* +** Module Variables +*/ +// Cryptography Interface +static CryptographyInterfaceStruct cryptography_if_struct; + +CryptographyInterface get_cryptography_interface_wolfssl(void) +{ + cryptography_if_struct.cryptography_config = cryptography_config; + cryptography_if_struct.cryptography_init = cryptography_init; + cryptography_if_struct.cryptography_shutdown = cryptography_shutdown; + cryptography_if_struct.cryptography_encrypt = cryptography_encrypt; + cryptography_if_struct.cryptography_decrypt = cryptography_decrypt; + cryptography_if_struct.cryptography_authenticate = cryptography_authenticate; + cryptography_if_struct.cryptography_validate_authentication = cryptography_validate_authentication; + cryptography_if_struct.cryptography_aead_encrypt = cryptography_aead_encrypt; + cryptography_if_struct.cryptography_aead_decrypt = cryptography_aead_decrypt; + cryptography_if_struct.cryptography_get_acs_algo = cryptography_get_acs_algo; + cryptography_if_struct.cryptography_get_ecs_algo = cryptography_get_ecs_algo; + return &cryptography_if_struct; +} + +static int32_t cryptography_config(void) +{ + return CRYPTO_LIB_SUCCESS; +} + +static int32_t cryptography_init(void) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + + // Initialize WolfSSL + if (LIBWOLFSSL_VERSION_HEX != wolfSSL_lib_version_hex()) + { + status = CRYPTOGRAPHY_LIBRARY_INITIALIZIATION_ERROR; + printf(KRED "ERROR: wolfssl version mismatch!\n" RESET); + } + + return status; +} + +static int32_t cryptography_shutdown(void) +{ + return CRYPTO_LIB_SUCCESS; +} + +static int32_t cryptography_authenticate(uint8_t* data_out, size_t len_data_out, + uint8_t* data_in, size_t len_data_in, + uint8_t* key, uint32_t len_key, + SecurityAssociation_t* sa_ptr, // For key index or key references (when key not passed in explicitly via key param) + uint8_t* iv, uint32_t iv_len, + uint8_t* mac, uint32_t mac_size, + uint8_t* aad, uint32_t aad_len, + uint8_t ecs, uint8_t acs, char* cam_cookies) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + Cmac cmac; + Hmac hmac; + uint8_t calc_mac[64]; + + // Unused in this implementation + cam_cookies = cam_cookies; + ecs = ecs; + iv = iv; + iv_len = iv_len; + len_data_out = len_data_out; + mac_size = mac_size; + sa_ptr = sa_ptr; + + #ifdef DEBUG + printf("cryptography_authenticate \n"); + #endif + + // Need to copy the data over, since authentication won't change/move the data directly + if(data_out != NULL) + { + memcpy(data_out, data_in, len_data_in); + } + else + { + return CRYPTO_LIB_ERR_NULL_BUFFER; + } + + switch (acs) + { + // Reference: https://www.wolfssl.com/documentation/manuals/wolfssl/group__CMAC.html + case CRYPTO_MAC_CMAC_AES256: + status = wc_InitCmac(&cmac, key, len_key, WC_CMAC_AES, NULL); + if (status == 0) + { + status = wc_CmacUpdate(&cmac, aad, aad_len); + } + // Commented out for now while assessing unit tests + //if (status == 0) + //{ + // status = wc_CmacUpdate(&cmac, data_in, len_data_in); + //} + if (status == 0) + { + status = wc_CmacFinal(&cmac, mac, &mac_size); + } + break; + + // Reference: https://www.wolfssl.com/documentation/manuals/wolfssl/group__HMAC.html + case CRYPTO_MAC_HMAC_SHA256: + status = wc_HmacSetKey(&hmac, WC_SHA256, key, len_key); + if (status == 0) + { + status = wc_HmacUpdate(&hmac, aad, aad_len); + } + // Commented out for now while assessing unit tests + //if (status == 0) + //{ + // status = wc_HmacUpdate(&hmac, data_in, len_data_in); + //} + if (status == 0) + { + status = wc_HmacFinal(&hmac, calc_mac); + } + if (status == 0) + { + memcpy(mac, calc_mac, mac_size); + } + break; + + case CRYPTO_MAC_HMAC_SHA512: + status = wc_HmacSetKey(&hmac, WC_SHA512, key, len_key); + if (status == 0) + { + status = wc_HmacUpdate(&hmac, aad, aad_len); + } + // Commented out for now while assessing unit tests + //if (status == 0) + //{ + // status = wc_HmacUpdate(&hmac, data_in, len_data_in); + //} + if (status == 0) + { + status = wc_HmacFinal(&hmac, calc_mac); + } + if (status == 0) + { + memcpy(mac, calc_mac, mac_size); + } + break; + + default: + status = CRYPTO_LIB_ERR_UNSUPPORTED_ACS; + } + + return status; +} + +static int32_t cryptography_validate_authentication(uint8_t* data_out, size_t len_data_out, + const uint8_t* data_in, const size_t len_data_in, + uint8_t* key, uint32_t len_key, + SecurityAssociation_t* sa_ptr, + const uint8_t* iv, uint32_t iv_len, + const uint8_t* mac, uint32_t mac_size, + const uint8_t* aad, uint32_t aad_len, + uint8_t ecs, uint8_t acs, char* cam_cookies) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + Cmac cmac; + Hmac hmac; + uint8_t calc_mac[64]; + + // Unused in this implementation + size_t len_in = len_data_in; + len_in = len_in; + cam_cookies = cam_cookies; + ecs = ecs; + iv = iv; + iv_len = iv_len; + sa_ptr = sa_ptr; + + #ifdef DEBUG + printf("cryptography_validate_authentication \n"); + #endif + + // Need to copy the data over, since authentication won't change/move the data directly + // If you don't want data out, don't set a data out length + if(data_out != NULL) + { + memcpy(data_out, data_in, len_data_out); + } + else + { + return CRYPTO_LIB_ERR_NULL_BUFFER; + } + + switch (acs) + { + // Reference: https://www.wolfssl.com/documentation/manuals/wolfssl/group__CMAC.html + case CRYPTO_MAC_CMAC_AES256: + status = wc_InitCmac(&cmac, key, len_key, WC_CMAC_AES, NULL); + if (status == 0) + { + if (aad_len > 0) + { + status = wc_CmacUpdate(&cmac, aad, aad_len); + } + } + // Commented out for now while assessing unit tests + //if (status == 0) + //{ + // status = wc_CmacUpdate(&cmac, data_in, len_data_in); + // printf(" wc_CmacUpdate(data_in) returned %d \n", status); + //} + if (status == 0) + { + status = wc_CmacFinal(&cmac, calc_mac, &mac_size); + } + break; + + // Reference: https://www.wolfssl.com/documentation/manuals/wolfssl/group__HMAC.html + case CRYPTO_MAC_HMAC_SHA256: + status = wc_HmacSetKey(&hmac, WC_SHA256, key, len_key); + if (status == 0) + { + if (aad_len > 0) + { + status = wc_HmacUpdate(&hmac, aad, aad_len); + } + } + // Commented out for now while assessing unit tests + //if (status == 0) + //{ + // status = wc_HmacUpdate(&hmac, data_in, len_data_in); + //} + if (status == 0) + { + status = wc_HmacFinal(&hmac, calc_mac); + } + break; + + case CRYPTO_MAC_HMAC_SHA512: + status = wc_HmacSetKey(&hmac, WC_SHA512, key, len_key); + if (status == 0) + { + if (aad_len > 0) + { + status = wc_HmacUpdate(&hmac, aad, aad_len); + } + } + // Commented out for now while assessing unit tests + //if (status == 0) + //{ + // status = wc_HmacUpdate(&hmac, data_in, len_data_in); + //} + if (status == 0) + { + status = wc_HmacFinal(&hmac, calc_mac); + } + break; + + default: + status = CRYPTO_LIB_ERR_UNSUPPORTED_ACS; + } + + #ifdef MAC_DEBUG + printf("Calculated Mac Size: %d\n", mac_size); + printf("Calculated MAC:\n\t"); + for (uint32_t i = 0; i < mac_size; i ++) + { + printf("%02X", calc_mac[i]); + } + printf("\n"); + printf("Received MAC:\n\t"); + for (uint32_t i = 0; i < mac_size; i ++) + { + printf("%02X", mac[i]); + } + printf("\n"); + #endif + + // Compare calculated MAC to provided + if (status == 0) + { + for(uint32_t i = 0; i < mac_size; i++) + { + if(calc_mac[i] != mac[i]) + { + status = CRYPTO_LIB_ERR_MAC_VALIDATION_ERROR; + break; + } + } + } + + return status; +} + +static int32_t cryptography_encrypt(uint8_t* data_out, size_t len_data_out, + uint8_t* data_in, size_t len_data_in, + uint8_t* key, uint32_t len_key, + SecurityAssociation_t* sa_ptr, + uint8_t* iv, uint32_t iv_len,uint8_t* ecs, uint8_t padding, char* cam_cookies) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + Aes enc; + + // Unused in this implementation + cam_cookies = cam_cookies; + data_out = data_out; + len_data_out = len_data_out; + iv = iv; + iv_len = iv_len; + padding = padding; + sa_ptr = sa_ptr; + + #ifdef DEBUG + printf("cryptography_encrypt \n"); + size_t j; + printf("Input payload length is %ld\n", (long int) len_data_in); + printf(KYEL "Printing Frame Data prior to encryption:\n\t"); + for (j = 0; j < len_data_in; j++) + { + printf("%02X", *(data_in + j)); + } + printf("\n"); + #endif + + // Reference: https://www.wolfssl.com/documentation/manuals/wolfssl/group__AES.html + switch (*ecs) + { + case CRYPTO_CIPHER_AES256_GCM: + status = wc_AesGcmSetKey(&enc, key, len_key); + if (status == 0) + { + status = wc_AesGcmEncrypt(&enc, data_out, data_in, len_data_in, iv, iv_len, NULL, 16, NULL, 0); + if (status == -180) + { // Special error case as Wolf will not accept a zero value for MAC size + status = CRYPTO_LIB_SUCCESS; + } + } + break; + + case CRYPTO_CIPHER_AES256_CBC: + status = wc_AesSetKey(&enc, key, len_key, iv, AES_ENCRYPTION); + if (status == 0) + { + status = wc_AesSetIV(&enc, iv); + } + if (status == 0) + { + status = wc_AesCbcEncrypt(&enc, data_out, data_in, len_data_in); + } + break; + + default: + status = CRYPTO_LIB_ERR_UNSUPPORTED_ECS; + break; + } + + #ifdef DEBUG + printf("Output payload length is %ld\n", (long int) len_data_out); + printf(KYEL "Printing Frame Data after encryption:\n\t"); + for (j = 0; j < len_data_out; j++) + { + printf("%02X", *(data_out + j)); + } + printf("\n"); + #endif + + return status; +} + +static int32_t cryptography_aead_encrypt(uint8_t* data_out, size_t len_data_out, + uint8_t* data_in, size_t len_data_in, + uint8_t* key, uint32_t len_key, + SecurityAssociation_t* sa_ptr, // For key index or key references (when key not passed in explicitly via key param) + uint8_t* iv, uint32_t iv_len, + uint8_t* mac, uint32_t mac_size, + uint8_t* aad, uint32_t aad_len, + uint8_t encrypt_bool, uint8_t authenticate_bool, + uint8_t aad_bool, uint8_t* ecs, uint8_t* acs, char* cam_cookies) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + Aes enc; + + // Unused in this implementation + acs = acs; + cam_cookies = cam_cookies; + len_data_out = len_data_out; + aad = aad; + aad_len = aad_len; + encrypt_bool = encrypt_bool; + authenticate_bool = authenticate_bool; + aad_bool = aad_bool; + sa_ptr = sa_ptr; + + #ifdef DEBUG + size_t j; + printf("cryptography_aead_encrypt \n"); + printf("Input payload length is %ld\n", (long int) len_data_in); + printf(KYEL "Printing Frame Data prior to encryption:\n\t"); + for (j = 0; j < len_data_in; j++) + { + printf("%02X", *(data_in + j)); + } + printf("\n"); + #endif + + // Reference: https://www.wolfssl.com/documentation/manuals/wolfssl/group__AES.html + switch (*ecs) + { + case CRYPTO_CIPHER_AES256_GCM: + status = wc_AesGcmSetKey(&enc, key, len_key); + if (status == 0) + { + if ((encrypt_bool == CRYPTO_TRUE) && (authenticate_bool == CRYPTO_TRUE)) + { + status = wc_AesGcmEncrypt(&enc, data_out, data_in, len_data_in, iv, iv_len, mac, mac_size, aad, aad_len); + } + else if (encrypt_bool == CRYPTO_TRUE) + { + status = wc_AesGcmEncrypt(&enc, data_out, data_in, len_data_in, iv, iv_len, mac, 16, aad, aad_len); + if (status == -180) + { // Special error case as Wolf will not accept a zero value for MAC size + status = CRYPTO_LIB_SUCCESS; + } + } + else if (authenticate_bool == CRYPTO_TRUE) + { + status = wc_AesGcmEncrypt(&enc, data_out, data_in, 0, iv, iv_len, mac, mac_size, aad, aad_len); + } + } + break; + + case CRYPTO_CIPHER_AES256_CCM: + status = CRYPTO_LIB_ERR_UNSUPPORTED_ACS; + break; + + default: + status = CRYPTO_LIB_ERR_UNSUPPORTED_ECS; + break; + } + + #ifdef DEBUG + printf("Output payload length is %ld\n", (long int) len_data_out); + printf(KYEL "Printing Frame Data after encryption:\n\t"); + for (j = 0; j < len_data_out; j++) + { + printf("%02X", *(data_out + j)); + } + printf("\n"); + #endif + + return status; +} + +static int32_t cryptography_decrypt(uint8_t* data_out, size_t len_data_out, + uint8_t* data_in, size_t len_data_in, + uint8_t* key, uint32_t len_key, + SecurityAssociation_t* sa_ptr, + uint8_t* iv, uint32_t iv_len, + uint8_t* ecs, uint8_t* acs, char* cam_cookies) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + Aes dec; + uint8_t calc_mac[16]; + + // Unused in this implementation + acs = acs; + cam_cookies = cam_cookies; + len_data_out = len_data_out; + iv_len = iv_len; + sa_ptr = sa_ptr; + + #ifdef DEBUG + printf("cryptography_decrypt \n"); + #endif + + // Reference: https://www.wolfssl.com/documentation/manuals/wolfssl/group__AES.html + switch (*ecs) + { + case CRYPTO_CIPHER_AES256_GCM: + status = wc_AesGcmSetKey(&dec, key, len_key); + if (status == 0) + { + status = wc_AesGcmDecrypt(&dec, data_out, data_in, len_data_in, iv, iv_len, calc_mac, 16, NULL, 0); + if (status == -180) + { // Special error case as Wolf will not accept a zero value for MAC size + status = CRYPTO_LIB_SUCCESS; + } + } + break; + + case CRYPTO_CIPHER_AES256_CBC: + status = wc_AesSetKey(&dec, key, len_key, iv, AES_DECRYPTION); + if (status == 0) + { + status = wc_AesSetIV(&dec, iv); + } + if (status == 0) + { + status = wc_AesCbcDecrypt(&dec, data_out, data_in, len_data_in); + } + break; + + default: + status = CRYPTO_LIB_ERR_UNSUPPORTED_ECS; + break; + } + + return status; +} + +static int32_t cryptography_aead_decrypt(uint8_t* data_out, size_t len_data_out, + uint8_t* data_in, size_t len_data_in, + uint8_t* key, uint32_t len_key, + SecurityAssociation_t* sa_ptr, + uint8_t* iv, uint32_t iv_len, + uint8_t* mac, uint32_t mac_size, + uint8_t* aad, uint32_t aad_len, + uint8_t decrypt_bool, uint8_t authenticate_bool, + uint8_t aad_bool, uint8_t* ecs, uint8_t* acs, char* cam_cookies) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + Aes dec; + + // Fix warnings + acs = acs; + cam_cookies = cam_cookies; + len_data_out = len_data_out; + decrypt_bool = decrypt_bool; + authenticate_bool = authenticate_bool; + aad_bool = aad_bool; + sa_ptr = sa_ptr; + + #ifdef DEBUG + printf("cryptography_aead_decrypt \n"); + #endif + + // Reference: https://www.wolfssl.com/documentation/manuals/wolfssl/group__AES.html + switch (*ecs) + { + case CRYPTO_CIPHER_AES256_GCM: + status = wc_AesGcmSetKey(&dec, key, len_key); + if (status == 0) + { + if ((decrypt_bool == CRYPTO_TRUE) && (authenticate_bool == CRYPTO_TRUE)) + { + // Added for now while assessing unit tests and requirements + if (mac_size > 0) + { + status = wc_AesGcmDecrypt(&dec, data_out, data_in, len_data_in, iv, iv_len, mac, mac_size, aad, aad_len); + } + else + { + status = wc_AesGcmDecrypt(&dec, data_out, data_in, len_data_in, iv, iv_len, mac, 16, aad, aad_len); + if (status == -180) + { // Special error case as Wolf will not accept a zero value for MAC size + status = CRYPTO_LIB_SUCCESS; + } + } + } + else if (decrypt_bool == CRYPTO_TRUE) + { + status = wc_AesGcmDecrypt(&dec, data_out, data_in, len_data_in, iv, iv_len, mac, 16, aad, aad_len); + if (status == -180) + { // Special error case as Wolf will not accept a zero value for MAC size + status = CRYPTO_LIB_SUCCESS; + } + } + else if (authenticate_bool == CRYPTO_TRUE) + { + status = wc_AesGcmDecrypt(&dec, data_out, data_in, len_data_in, iv, iv_len, mac, mac_size, aad, aad_len); + // If authentication only, don't decrypt the data. Just pass the data PDU through. + memcpy(data_out, data_in, len_data_in); + } + } + break; + + case CRYPTO_CIPHER_AES256_CCM: + status = CRYPTO_LIB_ERR_UNSUPPORTED_ECS; + break; + + default: + status = CRYPTO_LIB_ERR_UNSUPPORTED_ECS; + break; + } + + // Translate WolfSSL errors to CryptoLib + if (status == -180) + { + status = CRYPTO_LIB_ERR_MAC_VALIDATION_ERROR; + } + + return status; +} + +/** + * @brief Function: cryptography_get_acs_algo + * @param algo_enum + **/ +int32_t cryptography_get_acs_algo(int8_t algo_enum) +{ + int32_t algo = CRYPTO_LIB_ERR_UNSUPPORTED_ACS; + + // Unused by WolfSSL, simply leverage same CryptoLib enums + switch (algo_enum) + { + case CRYPTO_MAC_CMAC_AES256: + algo = CRYPTO_MAC_CMAC_AES256; + break; + case CRYPTO_MAC_HMAC_SHA256: + algo = CRYPTO_MAC_HMAC_SHA256; + break; + case CRYPTO_MAC_HMAC_SHA512: + algo = CRYPTO_MAC_HMAC_SHA512; + break; + + default: +#ifdef DEBUG + printf("ACS Algo Enum not supported\n"); +#endif + break; + } + + return (int)algo; +} + +/** + * @brief Function: cryptography_get_ecs_algo + * @param algo_enum + **/ +int32_t cryptography_get_ecs_algo(int8_t algo_enum) +{ + int32_t algo = CRYPTO_LIB_ERR_UNSUPPORTED_ECS; + + // Unused by WolfSSL, simply leverage same CryptoLib enums + switch (algo_enum) + { + case CRYPTO_CIPHER_AES256_GCM: + algo = CRYPTO_CIPHER_AES256_GCM; + break; + case CRYPTO_CIPHER_AES256_CBC: + algo = CRYPTO_CIPHER_AES256_CBC; + break; + case CRYPTO_CIPHER_AES256_CCM: + algo = CRYPTO_CIPHER_AES256_CCM; + break; + + default: +#ifdef DEBUG + printf("Algo Enum not supported\n"); +#endif + break; + } + + return (int)algo; +} diff --git a/src/src_main/sadb_routine.c b/src/crypto/wolfssl_stub/cryptography_interface_wolfssl.stub.c similarity index 72% rename from src/src_main/sadb_routine.c rename to src/crypto/wolfssl_stub/cryptography_interface_wolfssl.stub.c index 9679c000..0393a840 100644 --- a/src/src_main/sadb_routine.c +++ b/src/crypto/wolfssl_stub/cryptography_interface_wolfssl.stub.c @@ -12,16 +12,9 @@ * foreign persons. */ -#include "sadb_routine.h" -/** - * @brief Function: init_parse_sadb_routine - * @param config: uint8_t* - * @return SadbRoutine - **/ -/* -SadbRoutine init_parse_sadb_routine(uint8_t* config) +#include "cryptography_interface.h" + +CryptographyInterface get_cryptography_interface_wolfssl(void) { - SadbRoutine sadb_routine; - return sadb_routine; -} -*/ \ No newline at end of file + return NULL; +} \ No newline at end of file diff --git a/src/crypto_sadb/test_sadb_mariadb_sql/create_sadb_unit_test_user_grant_permissions.sql b/src/crypto_sadb/test_sadb_mariadb_sql/create_sadb_unit_test_user_grant_permissions.sql deleted file mode 100644 index 5e05cd6f..00000000 --- a/src/crypto_sadb/test_sadb_mariadb_sql/create_sadb_unit_test_user_grant_permissions.sql +++ /dev/null @@ -1,11 +0,0 @@ -DROP USER IF EXISTS 'sadb_admin'; -DROP USER IF EXISTS 'sadb_user'; - -CREATE USER IF NOT EXISTS sadb_admin IDENTIFIED BY 'sadb_admin_password'; -CREATE USER IF NOT EXISTS sadb_user IDENTIFIED BY 'sadb_password'; - -GRANT ALL PRIVILEGES ON sadb.* TO 'sadb_admin'@'%'; - -GRANT UPDATE (arsn) ON sadb.security_associations TO 'sadb_user'@'%'; -GRANT UPDATE (iv) ON sadb.security_associations TO 'sadb_user'@'%'; -GRANT SELECT ON sadb.security_associations TO 'sadb_user'@'%'; \ No newline at end of file diff --git a/src/key/custom_stub/key_interface_custom_stub.template.c b/src/key/custom_stub/key_interface_custom_stub.template.c new file mode 100644 index 00000000..b14257a0 --- /dev/null +++ b/src/key/custom_stub/key_interface_custom_stub.template.c @@ -0,0 +1,29 @@ +/* Copyright (C) 2009 - 2022 National Aeronautics and Space Administration. + All Foreign Rights are Reserved to the U.S. Government. + + This software is provided "as is" without any warranty of any kind, either expressed, implied, or statutory, + including, but not limited to, any warranty that the software will conform to specifications, any implied warranties + of merchantability, fitness for a particular purpose, and freedom from infringement, and any warranty that the + documentation will conform to the program, or any warranty that the software will be error free. + + In no event shall NASA be liable for any damages, including, but not limited to direct, indirect, special or + consequential damages, arising out of, resulting from, or in any way connected with the software or its + documentation, whether or not based upon warranty, contract, tort or otherwise, and whether or not loss was sustained + from, or arose out of the results of, or use of, the software, documentation or services provided hereunder. + + ITC Team + NASA IV&V + jstar-development-team@mail.nasa.gov +*/ + +#include "key_interface.h" + +/* Variables */ +static KeyInterfaceStruct key_if_struct; + +/* Functions */ +KeyInterface get_key_interface_custom(void) +{ + fprintf(stderr,"ERROR: Loading custom key interface stub source code. Rebuild CryptoLib with -DKEY_CUSTOM=ON to use implementation.\n"); + return &key_if_struct; +} diff --git a/src/key/internal/key_interface_internal.template.c b/src/key/internal/key_interface_internal.template.c new file mode 100644 index 00000000..86c7659a --- /dev/null +++ b/src/key/internal/key_interface_internal.template.c @@ -0,0 +1,507 @@ +/* Copyright (C) 2009 - 2022 National Aeronautics and Space Administration. + All Foreign Rights are Reserved to the U.S. Government. + + This software is provided "as is" without any warranty of any kind, either expressed, implied, or statutory, + including, but not limited to, any warranty that the software will conform to specifications, any implied warranties + of merchantability, fitness for a particular purpose, and freedom from infringement, and any warranty that the + documentation will conform to the program, or any warranty that the software will be error free. + + In no event shall NASA be liable for any damages, including, but not limited to direct, indirect, special or + consequential damages, arising out of, resulting from, or in any way connected with the software or its + documentation, whether or not based upon warranty, contract, tort or otherwise, and whether or not loss was sustained + from, or arose out of the results of, or use of, the software, documentation or services provided hereunder. + + ITC Team + NASA IV&V + jstar-development-team@mail.nasa.gov +*/ +#include "key_interface.h" + +/* Variables */ +static crypto_key_t key_ring[NUM_KEYS] = {0}; +static KeyInterfaceStruct key_if_struct; + +/* Prototypes */ +static crypto_key_t* get_key(uint32_t key_id); +static int32_t key_init(void); +static int32_t key_shutdown(void); + +/* Functions */ +KeyInterface get_key_interface_internal(void) +{ + /* Key Interface, SDLS */ + key_if_struct.get_key = get_key; + key_if_struct.key_init = key_init; + key_if_struct.key_shutdown = key_shutdown; + + /* Key Interface, SDLS-EP */ + + return &key_if_struct; +} + +static crypto_key_t* get_key(uint32_t key_id) +{ + crypto_key_t* key_ptr = NULL; + + if(key_id < NUM_KEYS) + { + key_ptr = &key_ring[key_id]; + } + + return key_ptr; +} + +static int32_t key_init(void) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + + // Initialize all to zero + for(uint32_t i = 0; i < NUM_KEYS; i++) + { + for(uint32_t j = 0; j < KEY_SIZE; j++) + { + key_ring[i].value[j] = 0; + } + key_ring[i].key_len = 0; + key_ring[i].key_state = 0; + } + + // Master Keys + // 0 - 000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F -> ACTIVE + key_ring[0].value[0] = 0x00; + key_ring[0].value[1] = 0x01; + key_ring[0].value[2] = 0x02; + key_ring[0].value[3] = 0x03; + key_ring[0].value[4] = 0x04; + key_ring[0].value[5] = 0x05; + key_ring[0].value[6] = 0x06; + key_ring[0].value[7] = 0x07; + key_ring[0].value[8] = 0x08; + key_ring[0].value[9] = 0x09; + key_ring[0].value[10] = 0x0A; + key_ring[0].value[11] = 0x0B; + key_ring[0].value[12] = 0x0C; + key_ring[0].value[13] = 0x0D; + key_ring[0].value[14] = 0x0E; + key_ring[0].value[15] = 0x0F; + key_ring[0].value[16] = 0x00; + key_ring[0].value[17] = 0x01; + key_ring[0].value[18] = 0x02; + key_ring[0].value[19] = 0x03; + key_ring[0].value[20] = 0x04; + key_ring[0].value[21] = 0x05; + key_ring[0].value[22] = 0x06; + key_ring[0].value[23] = 0x07; + key_ring[0].value[24] = 0x08; + key_ring[0].value[25] = 0x09; + key_ring[0].value[26] = 0x0A; + key_ring[0].value[27] = 0x0B; + key_ring[0].value[28] = 0x0C; + key_ring[0].value[29] = 0x0D; + key_ring[0].value[30] = 0x0E; + key_ring[0].value[31] = 0x0F; + key_ring[0].key_len = 32; + key_ring[0].key_state = KEY_ACTIVE; + // 1 - 101112131415161718191A1B1C1D1E1F101112131415161718191A1B1C1D1E1F -> ACTIVE + key_ring[1].value[0] = 0x10; + key_ring[1].value[1] = 0x11; + key_ring[1].value[2] = 0x12; + key_ring[1].value[3] = 0x13; + key_ring[1].value[4] = 0x14; + key_ring[1].value[5] = 0x15; + key_ring[1].value[6] = 0x16; + key_ring[1].value[7] = 0x17; + key_ring[1].value[8] = 0x18; + key_ring[1].value[9] = 0x19; + key_ring[1].value[10] = 0x1A; + key_ring[1].value[11] = 0x1B; + key_ring[1].value[12] = 0x1C; + key_ring[1].value[13] = 0x1D; + key_ring[1].value[14] = 0x1E; + key_ring[1].value[15] = 0x1F; + key_ring[1].value[16] = 0x10; + key_ring[1].value[17] = 0x11; + key_ring[1].value[18] = 0x12; + key_ring[1].value[19] = 0x13; + key_ring[1].value[20] = 0x14; + key_ring[1].value[21] = 0x15; + key_ring[1].value[22] = 0x16; + key_ring[1].value[23] = 0x17; + key_ring[1].value[24] = 0x18; + key_ring[1].value[25] = 0x19; + key_ring[1].value[26] = 0x1A; + key_ring[1].value[27] = 0x1B; + key_ring[1].value[28] = 0x1C; + key_ring[1].value[29] = 0x1D; + key_ring[1].value[30] = 0x1E; + key_ring[1].value[31] = 0x1F; + key_ring[1].key_len = 32; + key_ring[1].key_state = KEY_ACTIVE; + // 2 - 202122232425262728292A2B2C2D2E2F202122232425262728292A2B2C2D2E2F -> ACTIVE + key_ring[2].value[0] = 0x20; + key_ring[2].value[1] = 0x21; + key_ring[2].value[2] = 0x22; + key_ring[2].value[3] = 0x23; + key_ring[2].value[4] = 0x24; + key_ring[2].value[5] = 0x25; + key_ring[2].value[6] = 0x26; + key_ring[2].value[7] = 0x27; + key_ring[2].value[8] = 0x28; + key_ring[2].value[9] = 0x29; + key_ring[2].value[10] = 0x2A; + key_ring[2].value[11] = 0x2B; + key_ring[2].value[12] = 0x2C; + key_ring[2].value[13] = 0x2D; + key_ring[2].value[14] = 0x2E; + key_ring[2].value[15] = 0x2F; + key_ring[2].value[16] = 0x20; + key_ring[2].value[17] = 0x21; + key_ring[2].value[18] = 0x22; + key_ring[2].value[19] = 0x23; + key_ring[2].value[20] = 0x24; + key_ring[2].value[21] = 0x25; + key_ring[2].value[22] = 0x26; + key_ring[2].value[23] = 0x27; + key_ring[2].value[24] = 0x28; + key_ring[2].value[25] = 0x29; + key_ring[2].value[26] = 0x2A; + key_ring[2].value[27] = 0x2B; + key_ring[2].value[28] = 0x2C; + key_ring[2].value[29] = 0x2D; + key_ring[2].value[30] = 0x2E; + key_ring[2].value[31] = 0x2F; + key_ring[2].key_len = 32; + key_ring[2].key_state = KEY_ACTIVE; + + // Session Keys + // 128 - 0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF -> ACTIVE + key_ring[128].value[0] = 0x01; + key_ring[128].value[1] = 0x23; + key_ring[128].value[2] = 0x45; + key_ring[128].value[3] = 0x67; + key_ring[128].value[4] = 0x89; + key_ring[128].value[5] = 0xAB; + key_ring[128].value[6] = 0xCD; + key_ring[128].value[7] = 0xEF; + key_ring[128].value[8] = 0x01; + key_ring[128].value[9] = 0x23; + key_ring[128].value[10] = 0x45; + key_ring[128].value[11] = 0x67; + key_ring[128].value[12] = 0x89; + key_ring[128].value[13] = 0xAB; + key_ring[128].value[14] = 0xCD; + key_ring[128].value[15] = 0xEF; + key_ring[128].value[16] = 0x01; + key_ring[128].value[17] = 0x23; + key_ring[128].value[18] = 0x45; + key_ring[128].value[19] = 0x67; + key_ring[128].value[20] = 0x89; + key_ring[128].value[21] = 0xAB; + key_ring[128].value[22] = 0xCD; + key_ring[128].value[23] = 0xEF; + key_ring[128].value[24] = 0x01; + key_ring[128].value[25] = 0x23; + key_ring[128].value[26] = 0x45; + key_ring[128].value[27] = 0x67; + key_ring[128].value[28] = 0x89; + key_ring[128].value[29] = 0xAB; + key_ring[128].value[30] = 0xCD; + key_ring[128].value[31] = 0xEF; + key_ring[128].key_len = 32; + key_ring[128].key_state = KEY_ACTIVE; + // 129 - ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789 -> ACTIVE + key_ring[129].value[0] = 0xAB; + key_ring[129].value[1] = 0xCD; + key_ring[129].value[2] = 0xEF; + key_ring[129].value[3] = 0x01; + key_ring[129].value[4] = 0x23; + key_ring[129].value[5] = 0x45; + key_ring[129].value[6] = 0x67; + key_ring[129].value[7] = 0x89; + key_ring[129].value[8] = 0xAB; + key_ring[129].value[9] = 0xCD; + key_ring[129].value[10] = 0xEF; + key_ring[129].value[11] = 0x01; + key_ring[129].value[12] = 0x23; + key_ring[129].value[13] = 0x45; + key_ring[129].value[14] = 0x67; + key_ring[129].value[15] = 0x89; + key_ring[129].value[16] = 0xAB; + key_ring[129].value[17] = 0xCD; + key_ring[129].value[18] = 0xEF; + key_ring[129].value[19] = 0x01; + key_ring[129].value[20] = 0x23; + key_ring[129].value[21] = 0x45; + key_ring[129].value[22] = 0x67; + key_ring[129].value[23] = 0x89; + key_ring[129].value[24] = 0xAB; + key_ring[129].value[25] = 0xCD; + key_ring[129].value[26] = 0xEF; + key_ring[129].value[27] = 0x01; + key_ring[129].value[28] = 0x23; + key_ring[129].value[29] = 0x45; + key_ring[129].value[30] = 0x67; + key_ring[129].value[31] = 0x89; + key_ring[129].key_len = 32; + key_ring[129].key_state = KEY_ACTIVE; + // 130 - FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210 -> ACTIVE + key_ring[130].value[0] = 0xFE; + key_ring[130].value[1] = 0xDC; + key_ring[130].value[2] = 0xBA; + key_ring[130].value[3] = 0x98; + key_ring[130].value[4] = 0x76; + key_ring[130].value[5] = 0x54; + key_ring[130].value[6] = 0x32; + key_ring[130].value[7] = 0x10; + key_ring[130].value[8] = 0xFE; + key_ring[130].value[9] = 0xDC; + key_ring[130].value[10] = 0xBA; + key_ring[130].value[11] = 0x98; + key_ring[130].value[12] = 0x76; + key_ring[130].value[13] = 0x54; + key_ring[130].value[14] = 0x32; + key_ring[130].value[15] = 0x10; + key_ring[130].value[16] = 0xFE; + key_ring[130].value[17] = 0xDC; + key_ring[130].value[18] = 0xBA; + key_ring[130].value[19] = 0x98; + key_ring[130].value[20] = 0x76; + key_ring[130].value[21] = 0x54; + key_ring[130].value[22] = 0x32; + key_ring[130].value[23] = 0x10; + key_ring[130].value[24] = 0xFE; + key_ring[130].value[25] = 0xDC; + key_ring[130].value[26] = 0xBA; + key_ring[130].value[27] = 0x98; + key_ring[130].value[28] = 0x76; + key_ring[130].value[29] = 0x54; + key_ring[130].value[30] = 0x32; + key_ring[130].value[31] = 0x10; + key_ring[130].key_len = 32; + key_ring[130].key_state = KEY_ACTIVE; + // 131 - 9876543210FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210FEDCBA -> ACTIVE + key_ring[131].value[0] = 0x98; + key_ring[131].value[1] = 0x76; + key_ring[131].value[2] = 0x54; + key_ring[131].value[3] = 0x32; + key_ring[131].value[4] = 0x10; + key_ring[131].value[5] = 0xFE; + key_ring[131].value[6] = 0xDC; + key_ring[131].value[7] = 0xBA; + key_ring[131].value[8] = 0x98; + key_ring[131].value[9] = 0x76; + key_ring[131].value[10] = 0x54; + key_ring[131].value[11] = 0x32; + key_ring[131].value[12] = 0x10; + key_ring[131].value[13] = 0xFE; + key_ring[131].value[14] = 0xDC; + key_ring[131].value[15] = 0xBA; + key_ring[131].value[16] = 0x98; + key_ring[131].value[17] = 0x76; + key_ring[131].value[18] = 0x54; + key_ring[131].value[19] = 0x32; + key_ring[131].value[20] = 0x10; + key_ring[131].value[21] = 0xFE; + key_ring[131].value[22] = 0xDC; + key_ring[131].value[23] = 0xBA; + key_ring[131].value[24] = 0x98; + key_ring[131].value[25] = 0x76; + key_ring[131].value[26] = 0x54; + key_ring[131].value[27] = 0x32; + key_ring[131].value[28] = 0x10; + key_ring[131].value[29] = 0xFE; + key_ring[131].value[30] = 0xDC; + key_ring[131].value[31] = 0xBA; + key_ring[131].key_len = 32; + key_ring[131].key_state = KEY_ACTIVE; + // 132 - 0123456789ABCDEFABCDEF01234567890123456789ABCDEFABCDEF0123456789 -> PRE_ACTIVATION + key_ring[132].value[0] = 0x01; + key_ring[132].value[1] = 0x23; + key_ring[132].value[2] = 0x45; + key_ring[132].value[3] = 0x67; + key_ring[132].value[4] = 0x89; + key_ring[132].value[5] = 0xAB; + key_ring[132].value[6] = 0xCD; + key_ring[132].value[7] = 0xEF; + key_ring[132].value[8] = 0xAB; + key_ring[132].value[9] = 0xCD; + key_ring[132].value[10] = 0xEF; + key_ring[132].value[11] = 0x01; + key_ring[132].value[12] = 0x23; + key_ring[132].value[13] = 0x45; + key_ring[132].value[14] = 0x67; + key_ring[132].value[15] = 0x89; + key_ring[132].value[16] = 0x01; + key_ring[132].value[17] = 0x23; + key_ring[132].value[18] = 0x45; + key_ring[132].value[19] = 0x67; + key_ring[132].value[20] = 0x89; + key_ring[132].value[21] = 0xAB; + key_ring[132].value[22] = 0xCD; + key_ring[132].value[23] = 0xEF; + key_ring[132].value[24] = 0xAB; + key_ring[132].value[25] = 0xCD; + key_ring[132].value[26] = 0xEF; + key_ring[132].value[27] = 0x01; + key_ring[132].value[28] = 0x23; + key_ring[132].value[29] = 0x45; + key_ring[132].value[30] = 0x67; + key_ring[132].value[31] = 0x89; + key_ring[132].key_len = 32; + key_ring[132].key_state = KEY_PREACTIVE; + // 133 - ABCDEF01234567890123456789ABCDEFABCDEF01234567890123456789ABCDEF -> ACTIVE + key_ring[133].value[0] = 0xAB; + key_ring[133].value[1] = 0xCD; + key_ring[133].value[2] = 0xEF; + key_ring[133].value[3] = 0x01; + key_ring[133].value[4] = 0x23; + key_ring[133].value[5] = 0x45; + key_ring[133].value[6] = 0x67; + key_ring[133].value[7] = 0x89; + key_ring[133].value[8] = 0x01; + key_ring[133].value[9] = 0x23; + key_ring[133].value[10] = 0x45; + key_ring[133].value[11] = 0x67; + key_ring[133].value[12] = 0x89; + key_ring[133].value[13] = 0xAB; + key_ring[133].value[14] = 0xCD; + key_ring[133].value[15] = 0xEF; + key_ring[133].value[16] = 0xAB; + key_ring[133].value[17] = 0xCD; + key_ring[133].value[18] = 0xEF; + key_ring[133].value[19] = 0x01; + key_ring[133].value[20] = 0x23; + key_ring[133].value[21] = 0x45; + key_ring[133].value[22] = 0x67; + key_ring[133].value[23] = 0x89; + key_ring[133].value[24] = 0x01; + key_ring[133].value[25] = 0x23; + key_ring[133].value[26] = 0x45; + key_ring[133].value[27] = 0x67; + key_ring[133].value[28] = 0x89; + key_ring[133].value[29] = 0xAB; + key_ring[133].value[30] = 0xCD; + key_ring[133].value[31] = 0xEF; + key_ring[133].key_len = 32; + key_ring[133].key_state = KEY_ACTIVE; + // 134 - ABCDEF0123456789FEDCBA9876543210ABCDEF0123456789FEDCBA9876543210 -> DEACTIVE + key_ring[134].value[0] = 0xAB; + key_ring[134].value[1] = 0xCD; + key_ring[134].value[2] = 0xEF; + key_ring[134].value[3] = 0x01; + key_ring[134].value[4] = 0x23; + key_ring[134].value[5] = 0x45; + key_ring[134].value[6] = 0x67; + key_ring[134].value[7] = 0x89; + key_ring[134].value[8] = 0xFE; + key_ring[134].value[9] = 0xDC; + key_ring[134].value[10] = 0xBA; + key_ring[134].value[11] = 0x98; + key_ring[134].value[12] = 0x76; + key_ring[134].value[13] = 0x54; + key_ring[134].value[14] = 0x32; + key_ring[134].value[15] = 0x10; + key_ring[134].value[16] = 0xAB; + key_ring[134].value[17] = 0xCD; + key_ring[134].value[18] = 0xEF; + key_ring[134].value[19] = 0x01; + key_ring[134].value[20] = 0x23; + key_ring[134].value[21] = 0x45; + key_ring[134].value[22] = 0x67; + key_ring[134].value[23] = 0x89; + key_ring[134].value[24] = 0xFE; + key_ring[134].value[25] = 0xDC; + key_ring[134].value[26] = 0xBA; + key_ring[134].value[27] = 0x98; + key_ring[134].value[28] = 0x76; + key_ring[134].value[29] = 0x54; + key_ring[134].value[30] = 0x32; + key_ring[134].value[31] = 0x10; + key_ring[134].key_len = 32; + key_ring[134].key_state = KEY_DEACTIVATED; + + // 135 - ABCDEF0123456789FEDCBA9876543210ABCDEF0123456789FEDCBA9876543210 -> DEACTIVE + key_ring[135].value[0] = 0x00; + key_ring[135].value[1] = 0x00; + key_ring[135].value[2] = 0x00; + key_ring[135].value[3] = 0x00; + key_ring[135].value[4] = 0x00; + key_ring[135].value[5] = 0x00; + key_ring[135].value[6] = 0x00; + key_ring[135].value[7] = 0x00; + key_ring[135].value[8] = 0x00; + key_ring[135].value[9] = 0x00; + key_ring[135].value[10] = 0x00; + key_ring[135].value[11] = 0x00; + key_ring[135].value[12] = 0x00; + key_ring[135].value[13] = 0x00; + key_ring[135].value[14] = 0x00; + key_ring[135].value[15] = 0x00; + key_ring[135].value[16] = 0x00; + key_ring[135].value[17] = 0x00; + key_ring[135].value[18] = 0x00; + key_ring[135].value[19] = 0x00; + key_ring[135].value[20] = 0x00; + key_ring[135].value[21] = 0x00; + key_ring[135].value[22] = 0x00; + key_ring[135].value[23] = 0x00; + key_ring[135].value[24] = 0x00; + key_ring[135].value[25] = 0x00; + key_ring[135].value[26] = 0x00; + key_ring[135].value[27] = 0x00; + key_ring[135].value[28] = 0x00; + key_ring[135].value[29] = 0x00; + key_ring[135].value[30] = 0x00; + key_ring[135].value[31] = 0x00; + key_ring[135].key_len = 32; + key_ring[135].key_state = KEY_DEACTIVATED; + + // 136 - ff9f9284cf599eac3b119905a7d18851e7e374cf63aea04358586b0f757670f9 + // Reference: + // https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/mac/gcmtestvectors.zip + key_ring[136].value[0] = 0xff; + key_ring[136].value[1] = 0x9f; + key_ring[136].value[2] = 0x92; + key_ring[136].value[3] = 0x84; + key_ring[136].value[4] = 0xcf; + key_ring[136].value[5] = 0x59; + key_ring[136].value[6] = 0x9e; + key_ring[136].value[7] = 0xac; + key_ring[136].value[8] = 0x3b; + key_ring[136].value[9] = 0x11; + key_ring[136].value[10] = 0x99; + key_ring[136].value[11] = 0x05; + key_ring[136].value[12] = 0xa7; + key_ring[136].value[13] = 0xd1; + key_ring[136].value[14] = 0x88; + key_ring[136].value[15] = 0x51; + key_ring[136].value[16] = 0xe7; + key_ring[136].value[17] = 0xe3; + key_ring[136].value[18] = 0x74; + key_ring[136].value[19] = 0xcf; + key_ring[136].value[20] = 0x63; + key_ring[136].value[21] = 0xae; + key_ring[136].value[22] = 0xa0; + key_ring[136].value[23] = 0x43; + key_ring[136].value[24] = 0x58; + key_ring[136].value[25] = 0x58; + key_ring[136].value[26] = 0x6b; + key_ring[136].value[27] = 0x0f; + key_ring[136].value[28] = 0x75; + key_ring[136].value[29] = 0x76; + key_ring[136].value[30] = 0x70; + key_ring[136].value[31] = 0xf9; + key_ring[136].key_len = 32; + key_ring[136].key_state = KEY_DEACTIVATED; + + #ifdef DEBUG + printf(KGRN "Key internal interface intialized \n" RESET); + #endif + + return status; +} + +static int32_t key_shutdown(void) +{ + return CRYPTO_LIB_SUCCESS; +} diff --git a/src/key/internal_stub/key_interface_internal_stub.template.c b/src/key/internal_stub/key_interface_internal_stub.template.c new file mode 100644 index 00000000..fdb4b81e --- /dev/null +++ b/src/key/internal_stub/key_interface_internal_stub.template.c @@ -0,0 +1,29 @@ +/* Copyright (C) 2009 - 2022 National Aeronautics and Space Administration. + All Foreign Rights are Reserved to the U.S. Government. + + This software is provided "as is" without any warranty of any kind, either expressed, implied, or statutory, + including, but not limited to, any warranty that the software will conform to specifications, any implied warranties + of merchantability, fitness for a particular purpose, and freedom from infringement, and any warranty that the + documentation will conform to the program, or any warranty that the software will be error free. + + In no event shall NASA be liable for any damages, including, but not limited to direct, indirect, special or + consequential damages, arising out of, resulting from, or in any way connected with the software or its + documentation, whether or not based upon warranty, contract, tort or otherwise, and whether or not loss was sustained + from, or arose out of the results of, or use of, the software, documentation or services provided hereunder. + + ITC Team + NASA IV&V + jstar-development-team@mail.nasa.gov +*/ + +#include "key_interface.h" + +/* Variables */ +static KeyInterfaceStruct key_if_struct; + +/* Functions */ +KeyInterface get_key_interface_internal(void) +{ + fprintf(stderr,"ERROR: Loading internal key interface stub source code. Rebuild CryptoLib with -DKEY_INTERNAL=ON to use implementation.\n"); + return &key_if_struct; +} diff --git a/src/key/kmc/key_interface_kmc.template.c b/src/key/kmc/key_interface_kmc.template.c new file mode 100644 index 00000000..6a3fd525 --- /dev/null +++ b/src/key/kmc/key_interface_kmc.template.c @@ -0,0 +1,56 @@ +/* Copyright (C) 2009 - 2022 National Aeronautics and Space Administration. + All Foreign Rights are Reserved to the U.S. Government. + + This software is provided "as is" without any warranty of any kind, either expressed, implied, or statutory, + including, but not limited to, any warranty that the software will conform to specifications, any implied warranties + of merchantability, fitness for a particular purpose, and freedom from infringement, and any warranty that the + documentation will conform to the program, or any warranty that the software will be error free. + + In no event shall NASA be liable for any damages, including, but not limited to direct, indirect, special or + consequential damages, arising out of, resulting from, or in any way connected with the software or its + documentation, whether or not based upon warranty, contract, tort or otherwise, and whether or not loss was sustained + from, or arose out of the results of, or use of, the software, documentation or services provided hereunder. + + ITC Team + NASA IV&V + jstar-development-team@mail.nasa.gov +*/ + +#include "key_interface.h" + +/* Variables */ +static KeyInterfaceStruct key_if_struct; + +/* Prototypes */ +static crypto_key_t* get_key(uint32_t key_id); +static int32_t key_init(void); +static int32_t key_shutdown(void); + +/* Functions */ +KeyInterface get_key_interface_kmc(void) +{ + key_if_struct.get_key = get_key; + key_if_struct.key_init = key_init; + key_if_struct.key_shutdown = key_shutdown; + return &key_if_struct; +} + +static crypto_key_t* get_key(uint32_t key_id) +{ + /* Avoid set but not used warning */ + key_id = key_id; + + fprintf(stderr, "Attempting to access key ring with KMC Crypto Service. This shouldn't happen!\n "); + + return NULL; +} + +static int32_t key_init(void) +{ + return CRYPTO_LIB_SUCCESS; +} + +static int32_t key_shutdown(void) +{ + return CRYPTO_LIB_SUCCESS; +} diff --git a/src/key/kmc_stub/key_interface_kmc_stub.template.c b/src/key/kmc_stub/key_interface_kmc_stub.template.c new file mode 100644 index 00000000..fd318910 --- /dev/null +++ b/src/key/kmc_stub/key_interface_kmc_stub.template.c @@ -0,0 +1,29 @@ +/* Copyright (C) 2009 - 2022 National Aeronautics and Space Administration. + All Foreign Rights are Reserved to the U.S. Government. + + This software is provided "as is" without any warranty of any kind, either expressed, implied, or statutory, + including, but not limited to, any warranty that the software will conform to specifications, any implied warranties + of merchantability, fitness for a particular purpose, and freedom from infringement, and any warranty that the + documentation will conform to the program, or any warranty that the software will be error free. + + In no event shall NASA be liable for any damages, including, but not limited to direct, indirect, special or + consequential damages, arising out of, resulting from, or in any way connected with the software or its + documentation, whether or not based upon warranty, contract, tort or otherwise, and whether or not loss was sustained + from, or arose out of the results of, or use of, the software, documentation or services provided hereunder. + + ITC Team + NASA IV&V + jstar-development-team@mail.nasa.gov +*/ + +#include "key_interface.h" + +/* Variables */ +static KeyInterfaceStruct key_if_struct; + +/* Functions */ +KeyInterface get_key_interface_kmc(void) +{ + fprintf(stderr,"ERROR: Loading KMC key interface stub source code. Rebuild CryptoLib with -DKEY_KMC=ON to use implementation.\n"); + return &key_if_struct; +} diff --git a/src/mc/custom_stub/mc_interface_custom_stub.template.c b/src/mc/custom_stub/mc_interface_custom_stub.template.c new file mode 100644 index 00000000..3eb5595e --- /dev/null +++ b/src/mc/custom_stub/mc_interface_custom_stub.template.c @@ -0,0 +1,29 @@ +/* Copyright (C) 2009 - 2022 National Aeronautics and Space Administration. + All Foreign Rights are Reserved to the U.S. Government. + + This software is provided "as is" without any warranty of any kind, either expressed, implied, or statutory, + including, but not limited to, any warranty that the software will conform to specifications, any implied warranties + of merchantability, fitness for a particular purpose, and freedom from infringement, and any warranty that the + documentation will conform to the program, or any warranty that the software will be error free. + + In no event shall NASA be liable for any damages, including, but not limited to direct, indirect, special or + consequential damages, arising out of, resulting from, or in any way connected with the software or its + documentation, whether or not based upon warranty, contract, tort or otherwise, and whether or not loss was sustained + from, or arose out of the results of, or use of, the software, documentation or services provided hereunder. + + ITC Team + NASA IV&V + jstar-development-team@mail.nasa.gov +*/ + +#include "mc_interface.h" + +/* Variables */ +static McInterfaceStruct mc_if_struct; + +/* Functions */ +McInterface get_mc_interface_custom(void) +{ + fprintf(stderr,"ERROR: Loading custom monitoring and control interface stub source code. Rebuild CryptoLib with -DMC_CUSTOM=ON to use implementation.\n"); + return &mc_if_struct; +} diff --git a/src/mc/disabled/mc_interface_disabled.template.c b/src/mc/disabled/mc_interface_disabled.template.c new file mode 100644 index 00000000..01c0e1bc --- /dev/null +++ b/src/mc/disabled/mc_interface_disabled.template.c @@ -0,0 +1,63 @@ +/* Copyright (C) 2009 - 2022 National Aeronautics and Space Administration. + All Foreign Rights are Reserved to the U.S. Government. + + This software is provided "as is" without any warranty of any kind, either expressed, implied, or statutory, + including, but not limited to, any warranty that the software will conform to specifications, any implied warranties + of merchantability, fitness for a particular purpose, and freedom from infringement, and any warranty that the + documentation will conform to the program, or any warranty that the software will be error free. + + In no event shall NASA be liable for any damages, including, but not limited to direct, indirect, special or + consequential damages, arising out of, resulting from, or in any way connected with the software or its + documentation, whether or not based upon warranty, contract, tort or otherwise, and whether or not loss was sustained + from, or arose out of the results of, or use of, the software, documentation or services provided hereunder. + + ITC Team + NASA IV&V + jstar-development-team@mail.nasa.gov +*/ +#include "mc_interface.h" + +/* Variables */ +static McInterfaceStruct mc_if_struct; + +/* Prototypes */ +static int32_t mc_initialize(void); +static void mc_log(int32_t error_code); +static int32_t mc_shutdown(void); + +/* Functions */ +McInterface get_mc_interface_disabled(void) +{ + /* MC Interface, SDLS */ + mc_if_struct.mc_initialize = mc_initialize; + mc_if_struct.mc_log = mc_log; + mc_if_struct.mc_shutdown = mc_shutdown; + + /* MC Interface, SDLS-EP */ + /* + mc_if_struct.mc_ping = mc_ping; + mc_if_struct.mc_log_status = mc_log_status; + mc_if_struct.mc_dump_log = mc_dump_log; + mc_if_struct.mc_erase_log = mc_erase_log; + mc_if_struct.mc_self_test = mc_self_test; + mc_if_struct.mc_alarm_reset_flag = mc_alarm_reset_flag; + */ + + return &mc_if_struct; +} + +static int32_t mc_initialize(void) +{ + return CRYPTO_LIB_SUCCESS; +} + +static void mc_log(int32_t error_code) +{ + error_code = error_code; + return; +} + +static int32_t mc_shutdown(void) +{ + return CRYPTO_LIB_SUCCESS; +} diff --git a/src/mc/disabled_stub/mc_interface_disabled_stub.template.c b/src/mc/disabled_stub/mc_interface_disabled_stub.template.c new file mode 100644 index 00000000..76026dc0 --- /dev/null +++ b/src/mc/disabled_stub/mc_interface_disabled_stub.template.c @@ -0,0 +1,29 @@ +/* Copyright (C) 2009 - 2022 National Aeronautics and Space Administration. + All Foreign Rights are Reserved to the U.S. Government. + + This software is provided "as is" without any warranty of any kind, either expressed, implied, or statutory, + including, but not limited to, any warranty that the software will conform to specifications, any implied warranties + of merchantability, fitness for a particular purpose, and freedom from infringement, and any warranty that the + documentation will conform to the program, or any warranty that the software will be error free. + + In no event shall NASA be liable for any damages, including, but not limited to direct, indirect, special or + consequential damages, arising out of, resulting from, or in any way connected with the software or its + documentation, whether or not based upon warranty, contract, tort or otherwise, and whether or not loss was sustained + from, or arose out of the results of, or use of, the software, documentation or services provided hereunder. + + ITC Team + NASA IV&V + jstar-development-team@mail.nasa.gov +*/ + +#include "mc_interface.h" + +/* Variables */ +static McInterfaceStruct mc_if_struct; + +/* Functions */ +McInterface get_mc_interface_disabled(void) +{ + fprintf(stderr,"ERROR: Loading disabled monitoring and control interface stub source code. Rebuild CryptoLib with -DMC_DISABLED=ON to use implementation.\n"); + return &mc_if_struct; +} diff --git a/src/mc/internal/mc_interface_internal.template.c b/src/mc/internal/mc_interface_internal.template.c new file mode 100644 index 00000000..170c9e6f --- /dev/null +++ b/src/mc/internal/mc_interface_internal.template.c @@ -0,0 +1,97 @@ +/* Copyright (C) 2009 - 2022 National Aeronautics and Space Administration. + All Foreign Rights are Reserved to the U.S. Government. + + This software is provided "as is" without any warranty of any kind, either expressed, implied, or statutory, + including, but not limited to, any warranty that the software will conform to specifications, any implied warranties + of merchantability, fitness for a particular purpose, and freedom from infringement, and any warranty that the + documentation will conform to the program, or any warranty that the software will be error free. + + In no event shall NASA be liable for any damages, including, but not limited to direct, indirect, special or + consequential damages, arising out of, resulting from, or in any way connected with the software or its + documentation, whether or not based upon warranty, contract, tort or otherwise, and whether or not loss was sustained + from, or arose out of the results of, or use of, the software, documentation or services provided hereunder. + + ITC Team + NASA IV&V + jstar-development-team@mail.nasa.gov +*/ +#include "mc_interface.h" +#include + +/* Variables */ +static FILE* mc_file_ptr; +static McInterfaceStruct mc_if_struct; + +/* Prototypes */ +static int32_t mc_initialize(void); +static void mc_log(int32_t error_code); +static int32_t mc_shutdown(void); + +/* Functions */ +McInterface get_mc_interface_internal(void) +{ + /* MC Interface, SDLS */ + mc_if_struct.mc_initialize = mc_initialize; + mc_if_struct.mc_log = mc_log; + mc_if_struct.mc_shutdown = mc_shutdown; + + /* MC Interface, SDLS-EP */ + /* + mc_if_struct.mc_ping = mc_ping; + mc_if_struct.mc_log_status = mc_log_status; + mc_if_struct.mc_dump_log = mc_dump_log; + mc_if_struct.mc_erase_log = mc_erase_log; + mc_if_struct.mc_self_test = mc_self_test; + mc_if_struct.mc_alarm_reset_flag = mc_alarm_reset_flag; + */ + + return &mc_if_struct; +} + +static int32_t mc_initialize(void) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + + /* Open log */ + mc_file_ptr = fopen("log.txt", "a"); + if (mc_file_ptr == NULL) + { + status = CRYPTO_LIB_ERR_MC_INIT; + printf(KRED "ERROR: Monitoring andcontrol initialization - internal failed\n" RESET); + } + + return status; +} + +static void mc_log(int32_t error_code) +{ + time_t rawtime; + struct tm* timeinfo; + time(&rawtime); + timeinfo = localtime(&rawtime); + + /* Write to log if error code is valid */ + if (error_code != CRYPTO_LIB_SUCCESS) + { + fprintf(mc_file_ptr, "[%d%d%d,%d:%d:%d], %d\n", + timeinfo->tm_year + 1900, timeinfo->tm_mon + 1, timeinfo->tm_mday, + timeinfo->tm_hour, timeinfo->tm_min, timeinfo->tm_sec, error_code); + + /* Also print error if debug enabled */ + #ifdef DEBUG + printf("MC_Log: Error, [%d%d%d,%d:%d:%d], %d\n", + timeinfo->tm_year + 1900, timeinfo->tm_mon + 1, timeinfo->tm_mday, + timeinfo->tm_hour, timeinfo->tm_min, timeinfo->tm_sec, error_code); + #endif + } + + return; +} + +static int32_t mc_shutdown(void) +{ + /* Close log */ + fclose(mc_file_ptr); + + return CRYPTO_LIB_SUCCESS; +} diff --git a/src/mc/internal_stub/mc_interface_internal_stub.template.c b/src/mc/internal_stub/mc_interface_internal_stub.template.c new file mode 100644 index 00000000..03badea1 --- /dev/null +++ b/src/mc/internal_stub/mc_interface_internal_stub.template.c @@ -0,0 +1,29 @@ +/* Copyright (C) 2009 - 2022 National Aeronautics and Space Administration. + All Foreign Rights are Reserved to the U.S. Government. + + This software is provided "as is" without any warranty of any kind, either expressed, implied, or statutory, + including, but not limited to, any warranty that the software will conform to specifications, any implied warranties + of merchantability, fitness for a particular purpose, and freedom from infringement, and any warranty that the + documentation will conform to the program, or any warranty that the software will be error free. + + In no event shall NASA be liable for any damages, including, but not limited to direct, indirect, special or + consequential damages, arising out of, resulting from, or in any way connected with the software or its + documentation, whether or not based upon warranty, contract, tort or otherwise, and whether or not loss was sustained + from, or arose out of the results of, or use of, the software, documentation or services provided hereunder. + + ITC Team + NASA IV&V + jstar-development-team@mail.nasa.gov +*/ + +#include "mc_interface.h" + +/* Variables */ +static McInterfaceStruct mc_if_struct; + +/* Functions */ +McInterface get_mc_interface_internal(void) +{ + fprintf(stderr,"ERROR: Loading internal monitoring and control interface stub source code. Rebuild CryptoLib with -DMC_INTERNAL=ON to use implementation.\n"); + return &mc_if_struct; +} diff --git a/src/sa/custom_stub/sa_interface_custom.stub.c b/src/sa/custom_stub/sa_interface_custom.stub.c new file mode 100644 index 00000000..abe38c10 --- /dev/null +++ b/src/sa/custom_stub/sa_interface_custom.stub.c @@ -0,0 +1,25 @@ +/* + * Copyright 2021, by the California Institute of Technology. + * ALL RIGHTS RESERVED. United States Government Sponsorship acknowledged. + * Any commercial use must be negotiated with the Office of Technology + * Transfer at the California Institute of Technology. + * + * This software may be subject to U.S. export control laws. By accepting + * this software, the user agrees to comply with all applicable U.S. + * export laws and regulations. User has the responsibility to obtain + * export licenses, or other export authority as may be required before + * exporting such information to foreign countries or providing access to + * foreign persons. + */ + +#include "sa_interface.h" + +/* Variables */ +static SaInterfaceStruct sa_if_struct; + +/* Functions */ +SaInterface get_sa_interface_custom(void) +{ + fprintf(stderr,"ERROR: Loading custom SA interface stub source code. Rebuild CryptoLib with -DSA_CUSTOM=ON to use proper internal implementation.\n"); + return &sa_if_struct; +} diff --git a/src/src_main/sadb_routine_inmemory.template.c b/src/sa/internal/sa_interface_inmemory.template.c similarity index 78% rename from src/src_main/sadb_routine_inmemory.template.c rename to src/sa/internal/sa_interface_inmemory.template.c index f4b78f4a..15764669 100644 --- a/src/src_main/sadb_routine_inmemory.template.c +++ b/src/sa/internal/sa_interface_inmemory.template.c @@ -15,60 +15,60 @@ #include "crypto.h" // Security Association Initialization Functions -static int32_t sadb_config(void); -static int32_t sadb_init(void); -static int32_t sadb_close(void); +static int32_t sa_config(void); +static int32_t sa_init(void); +static int32_t sa_close(void); // Security Association Interaction Functions -static int32_t sadb_get_sa_from_spi(uint16_t, SecurityAssociation_t**); -static int32_t sadb_get_operational_sa_from_gvcid(uint8_t, uint16_t, uint16_t, uint8_t, SecurityAssociation_t**); -static int32_t sadb_save_sa(SecurityAssociation_t* sa); +static int32_t sa_get_from_spi(uint16_t, SecurityAssociation_t**); +static int32_t sa_get_operational_sa_from_gvcid(uint8_t, uint16_t, uint16_t, uint8_t, SecurityAssociation_t**); +static int32_t sa_save_sa(SecurityAssociation_t* sa); // Security Association Utility Functions -static int32_t sadb_sa_stop(void); -static int32_t sadb_sa_start(TC_t* tc_frame); -static int32_t sadb_sa_expire(void); -static int32_t sadb_sa_rekey(void); -static int32_t sadb_sa_status(uint8_t* ); -static int32_t sadb_sa_create(void); -static int32_t sadb_sa_setARSN(void); -static int32_t sadb_sa_setARSNW(void); -static int32_t sadb_sa_delete(void); +static int32_t sa_stop(void); +static int32_t sa_start(TC_t* tc_frame); +static int32_t sa_expire(void); +static int32_t sa_rekey(void); +static int32_t sa_status(uint8_t* ); +static int32_t sa_create(void); +static int32_t sa_setARSN(void); +static int32_t sa_setARSNW(void); +static int32_t sa_delete(void); /* ** Global Variables */ // Security -static SadbRoutineStruct sadb_routine_struct; +static SaInterfaceStruct sa_if_struct; static SecurityAssociation_t sa[NUM_SA]; /** - * @brief Function: get_sadb_routine_inmemory - * @return SadbRoutine + * @brief Function: get_sa_interface_inmemory + * @return SaInterface **/ -SadbRoutine get_sadb_routine_inmemory(void) +SaInterface get_sa_interface_inmemory(void) { - sadb_routine_struct.sadb_config = sadb_config; - sadb_routine_struct.sadb_init = sadb_init; - sadb_routine_struct.sadb_close = sadb_close; - sadb_routine_struct.sadb_get_sa_from_spi = sadb_get_sa_from_spi; - sadb_routine_struct.sadb_get_operational_sa_from_gvcid = sadb_get_operational_sa_from_gvcid; - sadb_routine_struct.sadb_sa_stop = sadb_sa_stop; - sadb_routine_struct.sadb_save_sa = sadb_save_sa; - sadb_routine_struct.sadb_sa_start = sadb_sa_start; - sadb_routine_struct.sadb_sa_expire = sadb_sa_expire; - sadb_routine_struct.sadb_sa_rekey = sadb_sa_rekey; - sadb_routine_struct.sadb_sa_status = sadb_sa_status; - sadb_routine_struct.sadb_sa_create = sadb_sa_create; - sadb_routine_struct.sadb_sa_setARSN = sadb_sa_setARSN; - sadb_routine_struct.sadb_sa_setARSNW = sadb_sa_setARSNW; - sadb_routine_struct.sadb_sa_delete = sadb_sa_delete; - return &sadb_routine_struct; + sa_if_struct.sa_config = sa_config; + sa_if_struct.sa_init = sa_init; + sa_if_struct.sa_close = sa_close; + sa_if_struct.sa_get_from_spi = sa_get_from_spi; + sa_if_struct.sa_get_operational_sa_from_gvcid = sa_get_operational_sa_from_gvcid; + sa_if_struct.sa_stop = sa_stop; + sa_if_struct.sa_save_sa = sa_save_sa; + sa_if_struct.sa_start = sa_start; + sa_if_struct.sa_expire = sa_expire; + sa_if_struct.sa_rekey = sa_rekey; + sa_if_struct.sa_status = sa_status; + sa_if_struct.sa_create = sa_create; + sa_if_struct.sa_setARSN = sa_setARSN; + sa_if_struct.sa_setARSNW = sa_setARSNW; + sa_if_struct.sa_delete = sa_delete; + return &sa_if_struct; } /** - * @brief Function; sadb_config + * @brief Function; sa_config * @return int32: Success/Failure **/ -int32_t sadb_config(void) +int32_t sa_config(void) { int32_t status = CRYPTO_LIB_SUCCESS; @@ -82,7 +82,6 @@ int32_t sadb_config(void) sa[1].shivf_len = 0; sa[1].shsnf_len = 2; sa[1].arsn_len = 2; - sa[1].arsn = (uint8_t*) calloc(1, sa[1].arsn_len * sizeof(uint8_t)); sa[1].arsnw_len = 1; sa[1].arsnw = 5; sa[1].gvcid_blk.tfvn = 0; @@ -97,14 +96,11 @@ int32_t sadb_config(void) sa[2].est = 1; sa[2].ast = 1; sa[2].ecs_len = 1; - sa[2].ecs = calloc(1, sa[2].ecs_len * sizeof(uint8_t)); - *sa[2].ecs = CRYPTO_CIPHER_AES256_GCM; + sa[2].ecs = CRYPTO_CIPHER_AES256_GCM; sa[2].shivf_len = 12; sa[2].iv_len = 12; - sa[2].iv = (uint8_t* )calloc(1, sa[2].shivf_len * sizeof(uint8_t)); *(sa[2].iv + sa[2].shivf_len - 1) = 0; sa[2].abm_len = ABM_SIZE; // 20 - sa[2].abm = (uint8_t* )calloc(1, sa[2].abm_len * sizeof(uint8_t)); sa[2].arsnw_len = 1; sa[2].arsnw = 5; sa[2].arsn_len = (sa[2].arsnw * 2) + 1; @@ -116,14 +112,11 @@ int32_t sadb_config(void) sa[3].est = 1; sa[3].ast = 1; sa[3].ecs_len = 1; - sa[3].ecs = calloc(1, sa[3].ecs_len * sizeof(uint8_t)); - *sa[3].ecs = CRYPTO_CIPHER_AES256_GCM; + sa[3].ecs = CRYPTO_CIPHER_AES256_GCM; sa[3].shivf_len = 12; sa[3].iv_len = 12; - sa[3].iv = (uint8_t* )calloc(1, sa[3].shivf_len * sizeof(uint8_t)); *(sa[3].iv + sa[3].shivf_len - 1) = 0; sa[3].abm_len = ABM_SIZE; // 20 - sa[3].abm = (uint8_t* )calloc(1, sa[3].abm_len * sizeof(uint8_t)); sa[3].arsnw_len = 1; sa[3].arsnw = 5; sa[3].arsn_len = (sa[3].arsnw * 2) + 1; @@ -136,15 +129,12 @@ int32_t sadb_config(void) sa[4].est = 1; sa[4].ast = 1; sa[4].ecs_len = 1; - sa[4].ecs = calloc(1, sa[4].ecs_len * sizeof(uint8_t)); - *sa[4].ecs = CRYPTO_CIPHER_AES256_GCM; + sa[4].ecs = CRYPTO_CIPHER_AES256_GCM; sa[4].shivf_len = 12; sa[4].iv_len = 12; sa[4].stmacf_len = 16; - sa[4].iv = (uint8_t* )calloc(1, sa[4].shivf_len * sizeof(uint8_t)); *(sa[4].iv + 11) = 0; sa[4].abm_len = ABM_SIZE; // 20 - sa[4].abm = (uint8_t* )calloc(1, sa[4].abm_len * sizeof(uint8_t)); sa[4].arsnw_len = 1; sa[4].arsnw = 5; sa[4].arsn_len = 0; @@ -160,14 +150,11 @@ int32_t sadb_config(void) sa[5].est = 1; sa[5].ast = 1; sa[5].ecs_len = 1; - sa[5].ecs = calloc(1, sa[5].ecs_len * sizeof(uint8_t)); - *sa[5].ecs = CRYPTO_CIPHER_AES256_GCM; + sa[5].ecs = CRYPTO_CIPHER_AES256_GCM; sa[5].shivf_len = 12; sa[5].iv_len = 12; - sa[5].iv = (uint8_t* )calloc(1, sa[5].shivf_len * sizeof(uint8_t)); *(sa[5].iv + sa[5].shivf_len - 1) = 0; sa[5].abm_len = ABM_SIZE; // 20 - sa[5].abm = (uint8_t* )calloc(1, sa[5].abm_len * sizeof(uint8_t)); sa[5].arsnw_len = 1; sa[5].arsnw = 5; sa[5].arsn_len = (sa[5].arsnw * 2) + 1; @@ -178,14 +165,11 @@ int32_t sadb_config(void) sa[6].est = 1; sa[6].ast = 1; sa[6].ecs_len = 1; - sa[6].ecs = calloc(1, sa[6].ecs_len * sizeof(uint8_t)); - *sa[6].ecs = CRYPTO_CIPHER_AES256_GCM; + sa[6].ecs = CRYPTO_CIPHER_AES256_GCM; sa[6].shivf_len = 12; sa[6].iv_len = 12; - sa[6].iv = (uint8_t* )calloc(1, sa[6].shivf_len * sizeof(uint8_t)); *(sa[6].iv + sa[6].shivf_len - 1) = 0; sa[6].abm_len = ABM_SIZE; // 20 - sa[6].abm = (uint8_t* )calloc(1, sa[6].abm_len * sizeof(uint8_t)); sa[6].arsnw_len = 1; sa[6].arsnw = 5; sa[6].arsn_len = (sa[6].arsnw * 2) + 1; @@ -197,14 +181,11 @@ int32_t sadb_config(void) sa[7].est = 1; sa[7].ast = 1; sa[7].ecs_len = 1; - sa[7].ecs = calloc(1, sa[7].ecs_len * sizeof(uint8_t)); - *sa[7].ecs = CRYPTO_CIPHER_AES256_GCM; + sa[7].ecs = CRYPTO_CIPHER_AES256_GCM; sa[7].shivf_len = 12; sa[7].iv_len = 12; - sa[7].iv = (uint8_t* )calloc(1, sa[7].shivf_len * sizeof(uint8_t)); *(sa[7].iv + sa[7].shivf_len - 1) = 0; sa[7].abm_len = ABM_SIZE; // 20 - sa[7].abm = (uint8_t* )calloc(1, sa[7].abm_len * sizeof(uint8_t)); sa[7].arsnw_len = 1; sa[7].arsnw = 5; sa[7].arsn_len = (sa[7].arsnw * 2) + 1; @@ -234,10 +215,8 @@ int32_t sadb_config(void) sa[9].ast = 0; sa[9].shivf_len = 12; sa[9].iv_len = 12; - sa[9].iv = (uint8_t* )calloc(1, sa[9].shivf_len * sizeof(uint8_t)); *(sa[9].iv + 11) = 0; sa[9].abm_len = ABM_SIZE; // 20 - sa[9].abm = (uint8_t* )calloc(1, sa[9].abm_len * sizeof(uint8_t)); sa[9].arsnw_len = 1; sa[9].arsnw = 5; sa[9].arsn_len = 0; @@ -250,19 +229,16 @@ int32_t sadb_config(void) // SA 10 VC0/1 is now 4-VC0, 7-VC1 sa[10].spi = 10; sa[10].ekid = 130; - sa[10].sa_state = SA_OPERATIONAL; + sa[10].sa_state = SA_KEYED; sa[10].est = 1; sa[10].ast = 1; sa[10].ecs_len = 1; - sa[10].ecs = calloc(1, sa[10].ecs_len * sizeof(uint8_t)); - *sa[10].ecs = CRYPTO_CIPHER_AES256_GCM; + sa[10].ecs = CRYPTO_CIPHER_AES256_GCM; sa[10].shivf_len = 12; sa[10].iv_len = 12; sa[10].stmacf_len = 16; - sa[10].iv = (uint8_t* )calloc(1, sa[10].shivf_len * sizeof(uint8_t)); *(sa[10].iv + 11) = 0; sa[10].abm_len = ABM_SIZE; // 20 - sa[10].abm = (uint8_t* )calloc(1, sa[10].abm_len * sizeof(uint8_t)); sa[10].arsnw_len = 1; sa[10].arsnw = 5; sa[10].arsn_len = 0; @@ -270,7 +246,7 @@ int32_t sadb_config(void) sa[10].gvcid_blk.scid = 0x002C; sa[10].gvcid_blk.vcid = 1; sa[10].gvcid_blk.mapid = TYPE_TC; - sa[10].ek_ref="kmc/test/key130"; + sa[10].ek_ref = (char*) "kmc/test/key130"; // SA 11 - KEYED; ARSNW:5; AES-GCM; IV:00...00; IV-len:12; MAC-len:16; Key-ID: 130 // SA 11 VC0/1 is now 4-VC0, 7-VC1 @@ -280,16 +256,13 @@ int32_t sadb_config(void) sa[11].est = 1; sa[11].ast = 0; sa[11].ecs_len = 1; - sa[11].ecs = calloc(1, sa[11].ecs_len * sizeof(uint8_t)); - *sa[11].ecs = CRYPTO_CIPHER_AES256_CBC; + sa[11].ecs = CRYPTO_CIPHER_AES256_CBC; sa[11].shivf_len = 16; sa[11].iv_len = 16; sa[11].shplf_len = 1; sa[11].stmacf_len = 0; - sa[11].iv = (uint8_t* )calloc(1, sa[11].shivf_len * sizeof(uint8_t)); //TODO; Should this be iv_len instead of shiv_len? *(sa[11].iv + (sa[11].iv_len - 1)) = 0; sa[11].abm_len = ABM_SIZE; // 20 - sa[11].abm = (uint8_t* )calloc(1, sa[11].abm_len * sizeof(uint8_t)); sa[11].arsnw_len = 0; sa[11].arsnw = 5; sa[11].arsn_len = 0; @@ -297,7 +270,7 @@ int32_t sadb_config(void) sa[11].gvcid_blk.scid = SCID & 0x3FF; sa[11].gvcid_blk.vcid = 0; sa[11].gvcid_blk.mapid = TYPE_TC; - sa[11].ek_ref="kmc/test/key130"; + sa[11].ek_ref = (char*) "kmc/test/key130"; // SA 12 - TM CLEAR MODE // SA 12 @@ -308,64 +281,149 @@ int32_t sadb_config(void) sa[12].shivf_len = 0; sa[12].shsnf_len = 0; sa[12].arsn_len = 0; - sa[12].arsn = (uint8_t*) calloc(1, sa[1].arsn_len * sizeof(uint8_t)); sa[12].arsnw_len = 0; sa[12].arsnw = 5; sa[12].gvcid_blk.tfvn = 0; - sa[12].gvcid_blk.scid = 44 & 0x3FF; + sa[12].gvcid_blk.scid = SCID & 0x3FF; sa[12].gvcid_blk.vcid = 0; sa[12].gvcid_blk.mapid = TYPE_TM; + // SA 13 - TM Authentication Only + // SA 13 + sa[13].spi = 13; + sa[13].akid = 130; + sa[13].ekid = 130; + sa[13].sa_state = SA_OPERATIONAL; + sa[13].est = 1; + sa[13].ast = 1; + sa[13].acs_len = 0; + sa[13].acs = CRYPTO_MAC_NONE; + sa[13].ecs_len = 1; + sa[13].ecs = CRYPTO_CIPHER_AES256_GCM; + sa[13].shivf_len = 16; + sa[13].iv_len = 16; + *(sa[13].iv + sa[13].shivf_len - 1) = 0; + sa[13].stmacf_len = 16; + sa[13].shsnf_len = 0; + sa[13].abm_len = ABM_SIZE; + memset(sa[13].abm, 0xFF, (sa[13].abm_len * sizeof(uint8_t))); // Bitmask + sa[13].arsn_len = 0; + sa[13].arsnw_len = 0; + sa[13].arsnw = 5; + sa[13].gvcid_blk.tfvn = 0; + sa[13].gvcid_blk.scid = SCID & 0x3FF; + sa[13].gvcid_blk.vcid = 0; + sa[13].gvcid_blk.mapid = TYPE_TM; + + // SA 14 - AOS Clear Mode + sa[14].spi = 14; + sa[14].sa_state = SA_OPERATIONAL; + sa[14].est = 0; + sa[14].ast = 0; + sa[14].shivf_len = 0; + sa[14].gvcid_blk.tfvn = 0x01; + sa[14].gvcid_blk.scid = SCID & 0x3FF; + sa[14].gvcid_blk.vcid = 0; + + // SA 15 - AOS Authentication Only + sa[15].spi = 15; + sa[15].akid = 130; + sa[15].sa_state = SA_KEYED; + sa[15].est = 0; + sa[15].ast = 1; + sa[15].acs_len = 1; + sa[15].acs = CRYPTO_MAC_CMAC_AES256; + sa[15].stmacf_len = 16; + sa[15].abm_len = ABM_SIZE; + memset(sa[15].abm, 0xFF, (sa[15].abm_len * sizeof(uint8_t))); // Bitmask + sa[15].gvcid_blk.tfvn = 0x01; + sa[15].gvcid_blk.scid = SCID & 0x3FF; + sa[15].gvcid_blk.vcid = 0; + + // SA 16 - AOS Encryption Only + sa[16].spi = 16; + sa[16].ekid = 130; + sa[16].sa_state = SA_KEYED; + sa[16].est = 1; + sa[16].ast = 0; + sa[16].ecs_len = 1; + sa[16].ecs = CRYPTO_CIPHER_AES256_GCM; + sa[16].iv_len = 16; + sa[16].shivf_len = 16; + *(sa[16].iv + sa[16].shivf_len - 1) = 0; + sa[16].stmacf_len = 0; + sa[16].abm_len = ABM_SIZE; + memset(sa[16].abm, 0xFF, (sa[16].abm_len * sizeof(uint8_t))); // Bitmask + sa[16].gvcid_blk.tfvn = 0x01; + sa[16].gvcid_blk.scid = SCID & 0x3FF; + sa[16].gvcid_blk.vcid = 0; + + // SA 17 - AOS AEAD + sa[17].spi = 17; + sa[17].ekid = 130; + sa[17].sa_state = SA_KEYED; + sa[17].est = 1; + sa[17].ast = 1; + sa[17].ecs_len = 1; + sa[17].ecs = CRYPTO_CIPHER_AES256_GCM; + sa[17].iv_len = 16; + sa[17].shivf_len = 16; + *(sa[17].iv + sa[17].shivf_len - 1) = 0; + sa[17].stmacf_len = 16; + sa[17].abm_len = ABM_SIZE; + memset(sa[17].abm, 0xFF, (sa[17].abm_len * sizeof(uint8_t))); // Bitmask + sa[17].gvcid_blk.tfvn = 0x01; + sa[17].gvcid_blk.scid = SCID & 0x3FF; + sa[17].gvcid_blk.vcid = 0; + return status; } /** - * @brief Function: sadb_init + * @brief Function: sa_init * @return int32: Success/Failure **/ -int32_t sadb_init(void) +int32_t sa_init(void) { int32_t status = CRYPTO_LIB_SUCCESS; - int x; - for (x = 0; x < NUM_SA; x++) + for (int x = 0; x < NUM_SA; x++) { sa[x].ekid = x; sa[x].akid = x; sa[x].sa_state = SA_NONE; sa[x].ecs_len = 0; - sa[x].ecs = NULL; + sa[x].ecs = 0; sa[x].shivf_len = 0; - sa[x].iv = NULL; + for (int y = 0; y < IV_SIZE; y++) + { + sa[x].iv[y] = 0; + } sa[x].iv_len = 0; - sa[x].abm = NULL; + for (int y = 0; y < ABM_SIZE; y++) + { + sa[x].abm[y] = 0; + } sa[x].abm_len = 0; sa[x].acs_len = 0; - sa[x].acs = NULL; + sa[x].acs = 0; sa[x].shsnf_len = 0; sa[x].arsn_len = 0; - sa[x].arsn = NULL; + for (int y = 0; y < ARSN_SIZE; y++) + { + sa[x].arsn[y] = 0; + } } return status; } /** - * @brief Function: sadb_close + * @brief Function: sa_close * @return int32: Success/Failure **/ -static int32_t sadb_close(void) +static int32_t sa_close(void) { int32_t status = CRYPTO_LIB_SUCCESS; - int x; - - for (x = 0; x < NUM_SA; x++) - { - if(sa[x].ecs != NULL) free(sa[x].ecs); - if(sa[x].iv != NULL) free(sa[x].iv); - if(sa[x].abm != NULL) free(sa[x].abm); - if(sa[x].arsn != NULL) free(sa[x].arsn); - if(sa[x].acs != NULL) free(sa[x].acs); - } return status; } @@ -373,12 +431,12 @@ static int32_t sadb_close(void) ** Security Association Interaction Functions */ /** - * @brief Function: sadb_get_sa_from_spi + * @brief Function: sa_get_from_spi * @param spi: uint16 * @param security_association: SecurityAssociation_t** * @return int32: Success/Failure **/ -static int32_t sadb_get_sa_from_spi(uint16_t spi, SecurityAssociation_t** security_association) +static int32_t sa_get_from_spi(uint16_t spi, SecurityAssociation_t** security_association) { int32_t status = CRYPTO_LIB_SUCCESS; if (sa == NULL) @@ -386,7 +444,7 @@ static int32_t sadb_get_sa_from_spi(uint16_t spi, SecurityAssociation_t** securi return CRYPTO_LIB_ERR_NO_INIT; } *security_association = &sa[spi]; - if (sa[spi].iv == NULL && (sa[spi].shivf_len > 0) && crypto_config->cryptography_type != CRYPTOGRAPHY_TYPE_KMCCRYPTO) + if (sa[spi].iv == NULL && (sa[spi].shivf_len > 0) && crypto_config.cryptography_type != CRYPTOGRAPHY_TYPE_KMCCRYPTO) { return CRYPTO_LIB_ERR_NULL_IV; } // Must have IV if doing encryption or authentication @@ -402,20 +460,19 @@ static int32_t sadb_get_sa_from_spi(uint16_t spi, SecurityAssociation_t** securi } /** - * @brief Function: sadb_get_operational_sa_from_gvcid + * @brief Function: sa_get_operational_sa_from_gvcid * @param tfvn: uint8 * @param scid: uint16 * @param vcid: uint16 - * @param mapid: uint8 + * @param mapid: uint8 // tc only * @param security_association: SecurityAssociation_t** * @return int32: Success/Failure **/ -static int32_t sadb_get_operational_sa_from_gvcid(uint8_t tfvn, uint16_t scid, uint16_t vcid, uint8_t mapid, +static int32_t sa_get_operational_sa_from_gvcid(uint8_t tfvn, uint16_t scid, uint16_t vcid, uint8_t mapid, SecurityAssociation_t** security_association) { int32_t status = CRYPTO_LIB_ERR_NO_OPERATIONAL_SA; int i; - if (sa == NULL) { return CRYPTO_LIB_ERR_NO_INIT; @@ -423,25 +480,32 @@ static int32_t sadb_get_operational_sa_from_gvcid(uint8_t tfvn, uint16_t scid, u for (i = 0; i < NUM_SA; i++) { + // If valid match found if ((sa[i].gvcid_blk.tfvn == tfvn) && (sa[i].gvcid_blk.scid == scid) && (sa[i].gvcid_blk.vcid == vcid) && (sa[i].sa_state == SA_OPERATIONAL) && - (crypto_config->unique_sa_per_mapid == TC_UNIQUE_SA_PER_MAP_ID_FALSE || + (crypto_config.unique_sa_per_mapid == TC_UNIQUE_SA_PER_MAP_ID_FALSE || sa[i].gvcid_blk.mapid == mapid)) // only require MapID match is unique SA per MapID set (only relevant // when using segmentation hdrs) { *security_association = &sa[i]; - if (sa[i].iv == NULL && (sa[i].ast == 1 || sa[i].est == 1) && crypto_config->cryptography_type != CRYPTOGRAPHY_TYPE_KMCCRYPTO) + + // Must have IV if using libgcrypt and auth/enc + if (sa[i].iv == NULL && (sa[i].ast == 1 || sa[i].est == 1) && crypto_config.cryptography_type != CRYPTOGRAPHY_TYPE_KMCCRYPTO) { return CRYPTO_LIB_ERR_NULL_IV; } + // Must have ABM if doing authentication if (sa[i].abm == NULL && sa[i].ast) { return CRYPTO_LIB_ERR_NULL_ABM; - } // Must have ABM if doing authentication + } #ifdef SA_DEBUG printf("Valid operational SA found at index %d.\n", i); + printf("\t Tfvn: %d\n", tfvn); + printf("\t Scid: %d\n", scid); + printf("\t Vcid: %d\n", vcid); #endif status = CRYPTO_LIB_SUCCESS; @@ -455,7 +519,6 @@ static int32_t sadb_get_operational_sa_from_gvcid(uint8_t tfvn, uint16_t scid, u #ifdef SA_DEBUG printf(KRED "Error - Making best attempt at a useful error code:\n\t" RESET); #endif - for (i = 0; i < NUM_SA; i++) { // Could possibly have more than one field mismatched, @@ -467,10 +530,13 @@ static int32_t sadb_get_operational_sa_from_gvcid(uint8_t tfvn, uint16_t scid, u { #ifdef SA_DEBUG printf(KRED "An operational SA was found - but mismatched tfvn.\n" RESET); + printf(KRED "SA is %d\n", i); + printf(KRED "Incoming tfvn is %d\n", tfvn); + printf(KRED "SA tfvn is %d\n", sa[i].gvcid_blk.tfvn); #endif status = CRYPTO_LIB_ERR_INVALID_TFVN; } - if ((sa[i].gvcid_blk.tfvn == tfvn) && (sa[i].gvcid_blk.scid != scid) && + else if ((sa[i].gvcid_blk.tfvn == tfvn) && (sa[i].gvcid_blk.scid != scid) && (sa[i].gvcid_blk.vcid == vcid) && (sa[i].gvcid_blk.mapid == mapid && sa[i].sa_state == SA_OPERATIONAL)) { @@ -482,7 +548,7 @@ static int32_t sadb_get_operational_sa_from_gvcid(uint8_t tfvn, uint16_t scid, u #endif status = CRYPTO_LIB_ERR_INVALID_SCID; } - if ((sa[i].gvcid_blk.tfvn == tfvn) && (sa[i].gvcid_blk.scid == scid) && + else if ((sa[i].gvcid_blk.tfvn == tfvn) && (sa[i].gvcid_blk.scid == scid) && (sa[i].gvcid_blk.vcid != vcid) && (sa[i].gvcid_blk.mapid == mapid && sa[i].sa_state == SA_OPERATIONAL)) { @@ -492,7 +558,7 @@ static int32_t sadb_get_operational_sa_from_gvcid(uint8_t tfvn, uint16_t scid, u #endif status = CRYPTO_LIB_ERR_INVALID_VCID; } - if ((sa[i].gvcid_blk.tfvn == tfvn) && (sa[i].gvcid_blk.scid == scid) && + else if ((sa[i].gvcid_blk.tfvn == tfvn) && (sa[i].gvcid_blk.scid == scid) && (sa[i].gvcid_blk.vcid == vcid) && (sa[i].gvcid_blk.mapid != mapid && sa[i].sa_state == SA_OPERATIONAL)) { @@ -501,7 +567,7 @@ static int32_t sadb_get_operational_sa_from_gvcid(uint8_t tfvn, uint16_t scid, u #endif status = CRYPTO_LIB_ERR_INVALID_MAPID; } - if ((sa[i].gvcid_blk.tfvn == tfvn) && (sa[i].gvcid_blk.scid == scid) && + else if ((sa[i].gvcid_blk.tfvn == tfvn) && (sa[i].gvcid_blk.scid == scid) && (sa[i].gvcid_blk.vcid == vcid) && (sa[i].gvcid_blk.mapid == mapid && sa[i].sa_state != SA_OPERATIONAL)) { @@ -510,6 +576,10 @@ static int32_t sadb_get_operational_sa_from_gvcid(uint8_t tfvn, uint16_t scid, u #endif status = CRYPTO_LIB_ERR_NO_OPERATIONAL_SA; } + else + { + // Don't set status, could overwrite useful error message above + } } // Detailed debug block #ifdef SA_DEBUG @@ -518,7 +588,6 @@ static int32_t sadb_get_operational_sa_from_gvcid(uint8_t tfvn, uint16_t scid, u printf(KYEL "\tscid %d\n" RESET, scid); printf(KYEL "\tvcid %d\n" RESET, vcid); printf(KYEL "\tmapid %02X\n" RESET, mapid); - printf(KYEL "***FYI TM_SIZE set to %ld\n" RESET, TM_SIZE); #endif } @@ -527,12 +596,12 @@ static int32_t sadb_get_operational_sa_from_gvcid(uint8_t tfvn, uint16_t scid, u // TODO: Nothing actually happens here /** - * @brief Function: sadb_save_sa + * @brief Function: sa_save_sa * @param sa: SecurityAssociation_t* * @return int32: Success/Failure * @note Nothing currently actually happens in this function **/ -static int32_t sadb_save_sa(SecurityAssociation_t* sa) +static int32_t sa_save_sa(SecurityAssociation_t* sa) { int32_t status = CRYPTO_LIB_SUCCESS; sa = sa; // TODO - use argument @@ -546,11 +615,11 @@ static int32_t sadb_save_sa(SecurityAssociation_t* sa) ** Security Association Management Services */ /** - * @brief sadb_sa_start + * @brief sa_start * @param tc_frame: TC_t * @return int32: Success/Failure **/ -static int32_t sadb_sa_start(TC_t* tc_frame) +static int32_t sa_start(TC_t* tc_frame) { // Local variables uint8_t count = 0; @@ -678,10 +747,10 @@ static int32_t sadb_sa_start(TC_t* tc_frame) } /** - * @brief Function: sadb_sa_stop + * @brief Function: sa_stop * @return int32: Success/Failure **/ -static int32_t sadb_sa_stop(void) +static int32_t sa_stop(void) { // Local variables uint16_t spi = 0x0000; @@ -738,10 +807,10 @@ static int32_t sadb_sa_stop(void) } /** - * @brief Function: sadb_sa_rekey + * @brief Function: sa_rekey * @return int32: Success/Failure **/ -static int32_t sadb_sa_rekey(void) +static int32_t sa_rekey(void) { // Local variables uint16_t spi = 0x0000; @@ -818,10 +887,10 @@ static int32_t sadb_sa_rekey(void) } /** - * @brief Function: sadb_sa_expire + * @brief Function: sa_expire * @return int32: Success/Failure **/ -static int32_t sadb_sa_expire(void) +static int32_t sa_expire(void) { // Local variables uint16_t spi = 0x0000; @@ -858,10 +927,10 @@ static int32_t sadb_sa_expire(void) } /** - * @brief Function: sadb_sa_create + * @brief Function: sa_create * @return int32: Success/Failure **/ -static int32_t sadb_sa_create(void) +static int32_t sa_create(void) { // Local variables uint8_t count = 6; @@ -880,28 +949,23 @@ static int32_t sadb_sa_create(void) sa[spi].est = ((uint8_t)sdls_frame.pdu.data[2] & 0x80) >> 7; sa[spi].ast = ((uint8_t)sdls_frame.pdu.data[2] & 0x40) >> 6; sa[spi].shivf_len = ((uint8_t)sdls_frame.pdu.data[2] & 0x3F); - if (sa[spi].iv != NULL) - { - free(sa[spi].iv); - } - sa[spi].iv = (uint8_t* )calloc(1, sa[spi].shivf_len * sizeof(uint8_t)); sa[spi].shsnf_len = ((uint8_t)sdls_frame.pdu.data[3] & 0xFC) >> 2; sa[spi].shplf_len = ((uint8_t)sdls_frame.pdu.data[3] & 0x03); sa[spi].stmacf_len = ((uint8_t)sdls_frame.pdu.data[4]); sa[spi].ecs_len = ((uint8_t)sdls_frame.pdu.data[5]); for (x = 0; x < sa[spi].ecs_len; x++) { - *(sa[spi].ecs + x) = ((uint8_t)sdls_frame.pdu.data[count++]); + sa[spi].ecs = ((uint8_t)sdls_frame.pdu.data[count++]); } sa[spi].shivf_len = ((uint8_t)sdls_frame.pdu.data[count++]); for (x = 0; x < sa[spi].shivf_len; x++) { - *(sa[spi].iv + x) = ((uint8_t)sdls_frame.pdu.data[count++]); + sa[spi].iv[x] = ((uint8_t)sdls_frame.pdu.data[count++]); } sa[spi].acs_len = ((uint8_t)sdls_frame.pdu.data[count++]); for (x = 0; x < sa[spi].acs_len; x++) { - *sa[spi].acs = ((uint8_t)sdls_frame.pdu.data[count++]); + sa[spi].acs = ((uint8_t)sdls_frame.pdu.data[count++]); } sa[spi].abm_len = (uint8_t)((sdls_frame.pdu.data[count] << 8) | (sdls_frame.pdu.data[count + 1])); count = count + 2; @@ -910,11 +974,6 @@ static int32_t sadb_sa_create(void) sa[spi].abm[x] = ((uint8_t)sdls_frame.pdu.data[count++]); } sa[spi].arsn_len = ((uint8_t)sdls_frame.pdu.data[count++]); - if (sa[spi].arsn != NULL) - { - free(sa[spi].arsn); - } - sa[spi].arsn = (uint8_t* )calloc(1, sa[spi].arsn_len * sizeof(uint8_t)); for (x = 0; x < sa[spi].arsn_len; x++) { *(sa[spi].arsn + x) = ((uint8_t)sdls_frame.pdu.data[count++]); @@ -938,10 +997,10 @@ static int32_t sadb_sa_create(void) } /** - * @brief Function: sadb_sa_delete + * @brief Function: sa_delete * @return int32: Success/Failure **/ -static int32_t sadb_sa_delete(void) +static int32_t sa_delete(void) { // Local variables uint16_t spi = 0x0000; @@ -980,10 +1039,10 @@ static int32_t sadb_sa_delete(void) } /** - * @brief Function: sadb_sa_setASRN + * @brief Function: sa_setASRN * @return int32: Success/Failure **/ -static int32_t sadb_sa_setARSN(void) +static int32_t sa_setARSN(void) { // Local variables uint16_t spi = 0x0000; @@ -1023,17 +1082,17 @@ static int32_t sadb_sa_setARSN(void) } else { - printf("sadb_sa_setARSN ERROR: SPI %d does not exist.\n", spi); + printf("sa_setARSN ERROR: SPI %d does not exist.\n", spi); } return CRYPTO_LIB_SUCCESS; } /** - * @brief Function: sadb_sa_setARSNW + * @brief Function: sa_setARSNW * @return int32: Success/Failure **/ -static int32_t sadb_sa_setARSNW(void) +static int32_t sa_setARSNW(void) { // Local variables uint16_t spi = 0x0000; @@ -1061,18 +1120,18 @@ static int32_t sadb_sa_setARSNW(void) } else { - printf("sadb_sa_setARSNW ERROR: SPI %d does not exist.\n", spi); + printf("sa_setARSNW ERROR: SPI %d does not exist.\n", spi); } return CRYPTO_LIB_SUCCESS; } /** - * @brief Function: sadb_sa_status + * @brief Function: sa_status * @param ingest: uint8_t* * @return int32: count **/ -static int32_t sadb_sa_status(uint8_t* ingest) +static int32_t sa_status(uint8_t* ingest) { if(ingest == NULL) return CRYPTO_LIB_ERROR; @@ -1098,7 +1157,7 @@ static int32_t sadb_sa_status(uint8_t* ingest) } else { - printf("sadb_sa_status ERROR: SPI %d does not exist.\n", spi); + printf("sa_status ERROR: SPI %d does not exist.\n", spi); } #ifdef SA_DEBUG diff --git a/src/sa/internal_stub/sa_interface_inmemory.stub.c b/src/sa/internal_stub/sa_interface_inmemory.stub.c new file mode 100644 index 00000000..f13cf67d --- /dev/null +++ b/src/sa/internal_stub/sa_interface_inmemory.stub.c @@ -0,0 +1,23 @@ +/* + * Copyright 2021, by the California Institute of Technology. + * ALL RIGHTS RESERVED. United States Government Sponsorship acknowledged. + * Any commercial use must be negotiated with the Office of Technology + * Transfer at the California Institute of Technology. + * + * This software may be subject to U.S. export control laws. By accepting + * this software, the user agrees to comply with all applicable U.S. + * export laws and regulations. User has the responsibility to obtain + * export licenses, or other export authority as may be required before + * exporting such information to foreign countries or providing access to + * foreign persons. + */ + +#include "sa_interface.h" + +static SaInterfaceStruct sa_routine; + +SaInterface get_sa_interface_inmemory(void) +{ + fprintf(stderr,"ERROR: Loading internal stub source code. Rebuild CryptoLib with -DSA_MARIADB=OFF to use proper internal implementation.\n"); + return &sa_routine; +} diff --git a/src/src_mysql/sadb_routine_mariadb.template.c b/src/sa/mariadb/sa_interface_mariadb.template.c similarity index 73% rename from src/src_mysql/sadb_routine_mariadb.template.c rename to src/sa/mariadb/sa_interface_mariadb.template.c index 76274d7a..add4a6f5 100644 --- a/src/src_mysql/sadb_routine_mariadb.template.c +++ b/src/sa/mariadb/sa_interface_mariadb.template.c @@ -1,600 +1,580 @@ -/* - * Copyright 2021, by the California Institute of Technology. - * ALL RIGHTS RESERVED. United States Government Sponsorship acknowledged. - * Any commercial use must be negotiated with the Office of Technology - * Transfer at the California Institute of Technology. - * - * This software may be subject to U.S. export control laws. By accepting - * this software, the user agrees to comply with all applicable U.S. - * export laws and regulations. User has the responsibility to obtain - * export licenses, or other export authority as may be required before - * exporting such information to foreign countries or providing access to - * foreign persons. - */ - -#include "crypto_config.h" -#include "crypto_error.h" -#include "crypto_print.h" -#include "crypto_structs.h" -#include "sadb_routine.h" - -#include -#include -#include -#include - -// Security Association Initialization Functions -static int32_t sadb_config(void); -static int32_t sadb_init(void); -static int32_t sadb_close(void); -// Security Association Interaction Functions -static int32_t sadb_get_sa_from_spi(uint16_t, SecurityAssociation_t**); -static int32_t sadb_get_operational_sa_from_gvcid(uint8_t, uint16_t, uint16_t, uint8_t, SecurityAssociation_t**); -static int32_t sadb_save_sa(SecurityAssociation_t* sa); -// Security Association Utility Functions -static int32_t sadb_sa_stop(void); -static int32_t sadb_sa_start(TC_t* tc_frame); -static int32_t sadb_sa_expire(void); -static int32_t sadb_sa_rekey(void); -static int32_t sadb_sa_status(uint8_t* ); -static int32_t sadb_sa_create(void); -static int32_t sadb_sa_setARSN(void); -static int32_t sadb_sa_setARSNW(void); -static int32_t sadb_sa_delete(void); -// MySQL local functions -static int32_t finish_with_error(MYSQL **con_loc, int err); -// MySQL Queries -static const char* SQL_SADB_GET_SA_BY_SPI = - "SELECT " - "spi,ekid,akid,sa_state,tfvn,scid,vcid,mapid,lpid,est,ast,shivf_len,shsnf_len,shplf_len,stmacf_len,ecs_len,HEX(ecs)" - ",HEX(iv),iv_len,acs_len,HEX(acs),abm_len,HEX(abm),arsn_len,HEX(arsn),arsnw" - " FROM security_associations WHERE spi='%d'"; -static const char* SQL_SADB_GET_SA_BY_GVCID = - "SELECT " - "spi,ekid,akid,sa_state,tfvn,scid,vcid,mapid,lpid,est,ast,shivf_len,shsnf_len,shplf_len,stmacf_len,ecs_len,HEX(ecs)" - ",HEX(iv),iv_len,acs_len,HEX(acs),abm_len,HEX(abm),arsn_len,HEX(arsn),arsnw" - " FROM security_associations WHERE tfvn='%d' AND scid='%d' AND vcid='%d' AND mapid='%d' AND sa_state='%d'"; -static const char* SQL_SADB_UPDATE_IV_ARC_BY_SPI = - "UPDATE security_associations" - " SET iv=X'%s', arsn=X'%s'" - " WHERE spi='%d' AND tfvn='%d' AND scid='%d' AND vcid='%d' AND mapid='%d'"; -static const char* SQL_SADB_UPDATE_IV_ARC_BY_SPI_NULL_IV = - "UPDATE security_associations" - " SET arsn=X'%s'" - " WHERE spi='%d' AND tfvn='%d' AND scid='%d' AND vcid='%d' AND mapid='%d'"; - -// sadb_routine mariaDB private helper functions -static int32_t parse_sa_from_mysql_query(char* query, SecurityAssociation_t** security_association); -static int32_t convert_hexstring_to_byte_array(char* hexstr, uint8_t* byte_array); -static void convert_byte_array_to_hexstring(void* src_buffer, size_t buffer_length, char* dest_str); - -/* -** Global Variables -*/ -// Security -static SadbRoutineStruct sadb_routine_struct; -static MYSQL *con; - -SadbRoutine get_sadb_routine_mariadb(void) -{ - sadb_routine_struct.sadb_config = sadb_config; - sadb_routine_struct.sadb_init = sadb_init; - sadb_routine_struct.sadb_close = sadb_close; - sadb_routine_struct.sadb_get_sa_from_spi = sadb_get_sa_from_spi; - sadb_routine_struct.sadb_get_operational_sa_from_gvcid = sadb_get_operational_sa_from_gvcid; - sadb_routine_struct.sadb_sa_stop = sadb_sa_stop; - sadb_routine_struct.sadb_save_sa = sadb_save_sa; - sadb_routine_struct.sadb_sa_start = sadb_sa_start; - sadb_routine_struct.sadb_sa_expire = sadb_sa_expire; - sadb_routine_struct.sadb_sa_rekey = sadb_sa_rekey; - sadb_routine_struct.sadb_sa_status = sadb_sa_status; - sadb_routine_struct.sadb_sa_create = sadb_sa_create; - sadb_routine_struct.sadb_sa_setARSN = sadb_sa_setARSN; - sadb_routine_struct.sadb_sa_setARSNW = sadb_sa_setARSNW; - sadb_routine_struct.sadb_sa_delete = sadb_sa_delete; - return &sadb_routine_struct; -} - -static int32_t sadb_config(void) -{ - return CRYPTO_LIB_SUCCESS; -} - -static int32_t sadb_init(void) -{ - int32_t status = CRYPTO_LIB_ERROR; - if (sadb_mariadb_config != NULL) - { - con = mysql_init(con); - if (con != NULL) - { - //mysql_options is removed in MariaDB C connector v3, using mysql_optionsv - // Lots of small configuration differences between MySQL connector & MariaDB Connector - // Only MariaDB Connector is implemented here: - // https://wikidev.in/wiki/C/mysql_mysql_h/mysql_options | https://mariadb.com/kb/en/mysql_optionsv/ - if(sadb_mariadb_config->mysql_mtls_key != NULL) - { - mysql_optionsv(con, MYSQL_OPT_SSL_KEY, sadb_mariadb_config->mysql_mtls_key); - } - if(sadb_mariadb_config->mysql_mtls_cert != NULL) - { - mysql_optionsv(con, MYSQL_OPT_SSL_CERT, sadb_mariadb_config->mysql_mtls_cert); - } - if(sadb_mariadb_config->mysql_mtls_ca != NULL) - { - mysql_optionsv(con, MYSQL_OPT_SSL_CA, sadb_mariadb_config->mysql_mtls_ca); - } - if(sadb_mariadb_config->mysql_mtls_capath != NULL) - { - mysql_optionsv(con, MYSQL_OPT_SSL_CAPATH, sadb_mariadb_config->mysql_mtls_capath); - } - if (sadb_mariadb_config->mysql_tls_verify_server != CRYPTO_FALSE) - { - mysql_optionsv(con, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, &(sadb_mariadb_config->mysql_tls_verify_server)); - } - if (sadb_mariadb_config->mysql_mtls_client_key_password != NULL) - { - mysql_optionsv(con, MARIADB_OPT_TLS_PASSPHRASE, sadb_mariadb_config->mysql_mtls_client_key_password); - } - if (sadb_mariadb_config->mysql_require_secure_transport == CRYPTO_TRUE) - { - mysql_optionsv(con, MYSQL_OPT_SSL_ENFORCE,&(sadb_mariadb_config->mysql_require_secure_transport)); - } - //if encrypted connection (TLS) connection. No need for SSL Key - if (mysql_real_connect(con, sadb_mariadb_config->mysql_hostname, - sadb_mariadb_config->mysql_username, - sadb_mariadb_config->mysql_password, - sadb_mariadb_config->mysql_database, - sadb_mariadb_config->mysql_port, NULL, 0) == NULL) - { - //0,NULL,0 are port number, unix socket, client flag - finish_with_error(&con, SADB_MARIADB_CONNECTION_FAILED); - status = CRYPTO_LIB_ERROR; - } else { - status = CRYPTO_LIB_SUCCESS; - if (status == CRYPTO_LIB_SUCCESS) { -#ifdef DEBUG - printf("sadb_init created mysql connection successfully. \n"); -#endif - } - } - } - else - { - //error - fprintf(stderr, "Error: sadb_init() MySQL API function mysql_init() returned a connection object that is NULL\n"); - } - - } - return status; -}//end int32_t sadb_init() - -static int32_t sadb_close(void) -{ - if(con) - { - mysql_close(con); - con = NULL; - } - - return CRYPTO_LIB_SUCCESS; -} - -// Security Association Interaction Functions -static int32_t sadb_get_sa_from_spi(uint16_t spi, SecurityAssociation_t** security_association) -{ - int32_t status = CRYPTO_LIB_SUCCESS; - - char spi_query[2048]; - snprintf(spi_query, sizeof(spi_query), SQL_SADB_GET_SA_BY_SPI, spi); - - status = parse_sa_from_mysql_query(&spi_query[0], security_association); - - return status; -} -static int32_t sadb_get_operational_sa_from_gvcid(uint8_t tfvn, uint16_t scid, uint16_t vcid, uint8_t mapid, - SecurityAssociation_t** security_association) -{ - int32_t status = CRYPTO_LIB_SUCCESS; - - char gvcid_query[2048]; - snprintf(gvcid_query, sizeof(gvcid_query), SQL_SADB_GET_SA_BY_GVCID, tfvn, scid, vcid, mapid, SA_OPERATIONAL); - - status = parse_sa_from_mysql_query(&gvcid_query[0], security_association); - - return status; -} -static int32_t sadb_save_sa(SecurityAssociation_t* sa) -{ - int32_t status = CRYPTO_LIB_SUCCESS; - if (sa == NULL) - { - return SADB_NULL_SA_USED; - } - - char update_sa_query[2048]; - char* iv_h = malloc(sa->iv_len * 2 + 1); - - if(sa->iv != NULL){ - convert_byte_array_to_hexstring(sa->iv, sa->iv_len, iv_h); - } - - char* arsn_h = malloc(sa->arsn_len * 2 + 1); - convert_byte_array_to_hexstring(sa->arsn, sa->arsn_len, arsn_h); - - if(sa->iv != NULL){ - snprintf(update_sa_query, sizeof(update_sa_query), SQL_SADB_UPDATE_IV_ARC_BY_SPI, - iv_h, - arsn_h, sa->spi, sa->gvcid_blk.tfvn, - sa->gvcid_blk.scid, sa->gvcid_blk.vcid, sa->gvcid_blk.mapid); - - free(iv_h); - } - else - { - snprintf(update_sa_query, sizeof(update_sa_query), SQL_SADB_UPDATE_IV_ARC_BY_SPI_NULL_IV, - arsn_h, - sa->spi, sa->gvcid_blk.tfvn, - sa->gvcid_blk.scid, sa->gvcid_blk.vcid, sa->gvcid_blk.mapid); - free(iv_h); - } - - free(arsn_h); -#ifdef SA_DEBUG - fprintf(stderr, "MySQL Insert SA Query: %s \n", update_sa_query); -#endif - - // Crypto_saPrint(sa); - if (mysql_query(con, update_sa_query)) - { - status = finish_with_error(&con, SADB_QUERY_FAILED); - } - // todo - if query fails, need to push failure message to error stack instead of just return code. - - // We free the allocated SA memory in the save function. - if (sa->iv != NULL) - free(sa->iv); - if (sa->abm != NULL) - free(sa->abm); - if (sa->arsn != NULL) - free(sa->arsn); - if (sa->ek_ref != NULL) - free(sa->ek_ref); - if (sa->ecs != NULL) - free(sa->ecs); - if (sa->acs != NULL) - free(sa->acs); - if (sa->ak_ref != NULL) - free(sa->ak_ref); - free(sa); - return status; -} -// Security Association Utility Functions -static int32_t sadb_sa_stop(void) -{ - return CRYPTO_LIB_SUCCESS; -} -static int32_t sadb_sa_start(TC_t* tc_frame) -{ - tc_frame = tc_frame; - return CRYPTO_LIB_SUCCESS; -} -static int32_t sadb_sa_expire(void) -{ - return CRYPTO_LIB_SUCCESS; -} -static int32_t sadb_sa_rekey(void) -{ - return CRYPTO_LIB_SUCCESS; -} -static int32_t sadb_sa_status(uint8_t* ingest) -{ - ingest = ingest; - return CRYPTO_LIB_SUCCESS; -} -static int32_t sadb_sa_create(void) -{ - return CRYPTO_LIB_SUCCESS; -} -static int32_t sadb_sa_setARSN(void) -{ - return CRYPTO_LIB_SUCCESS; -} -static int32_t sadb_sa_setARSNW(void) -{ - return CRYPTO_LIB_SUCCESS; -} -static int32_t sadb_sa_delete(void) -{ - return CRYPTO_LIB_SUCCESS; -} - -// sadb_routine private helper functions -static int32_t parse_sa_from_mysql_query(char* query, SecurityAssociation_t** security_association) -{ - int32_t status = CRYPTO_LIB_SUCCESS; - SecurityAssociation_t* sa = calloc(1,sizeof(SecurityAssociation_t)); - -#ifdef SA_DEBUG - fprintf(stderr, "MySQL Query: %s \n", query); -#endif - - if (mysql_real_query(con, query, strlen(query))) - { // query should be NUL terminated! - status = finish_with_error(&con, SADB_QUERY_FAILED); - return status; - } - // todo - if query fails, need to push failure message to error stack instead of just return code. - - MYSQL_RES *result = mysql_store_result(con); - if (result == NULL) - { - status = finish_with_error(&con, SADB_QUERY_EMPTY_RESULTS); - return status; - } - - int num_rows = mysql_num_rows(result); - if(num_rows == 0) // No rows returned in query!! - { - status = finish_with_error(&con, SADB_QUERY_EMPTY_RESULTS); - return status; - } - - int num_fields = mysql_num_fields(result); - - MYSQL_ROW row; - MYSQL_FIELD *field; - - char* field_names[num_fields]; //[64]; 64 == max length of column name in MySQL - - // TODO -- Need to store mysql query hex string and then malloc sa->iv according to size. - // TODO -- IV && arsn && abm as uint8_t* instead of uint8[]!!! - char* iv_byte_str = NULL; - char* arc_byte_str = NULL; - char* abm_byte_str = NULL; - char* ecs_byte_str = NULL; - char* acs_byte_str = NULL; - while ((row = mysql_fetch_row(result))) - { - for (int i = 0; i < num_fields; i++) - { - // Parse out all the field names. - if (i == 0) - { - int field_idx = 0; - while ((field = mysql_fetch_field(result))) - { - field_names[field_idx] = field->name; - field_idx++; - } - } - // Handle query results - if (row[i] == NULL) - { - continue; - } // Don't do anything with NULL fields from MySQL query. - if (strcmp(field_names[i], "spi") == 0) - { - sa->spi = atoi(row[i]); - continue; - } - if (strcmp(field_names[i], "ekid") == 0) - { - if(crypto_config->cryptography_type==CRYPTOGRAPHY_TYPE_LIBGCRYPT) - { - sa->ekid = atoi(row[i]); - } else // Cryptography Type KMC Crypto Service with PKCS12 String Key References - { - sa->ekid = 0; - sa->ek_ref = malloc((strlen(row[i])+1) * sizeof(char)); - memcpy(sa->ek_ref, row[i], strlen(row[i])+1); - } - continue; - } - if (strcmp(field_names[i], "akid") == 0) - { - if(crypto_config->cryptography_type==CRYPTOGRAPHY_TYPE_LIBGCRYPT) - { - sa->akid = atoi(row[i]); - } else // Cryptography Type KMC Crypto Service with PKCS12 String Key References - { - sa->ak_ref = malloc((strlen(row[i])+1) * sizeof(char)); - memcpy(sa->ak_ref, row[i], strlen(row[i])+1); - } - continue; - } - if (strcmp(field_names[i], "sa_state") == 0) - { - sa->sa_state = atoi(row[i]); - continue; - } - if (strcmp(field_names[i], "tfvn") == 0) - { - sa->gvcid_blk.tfvn = atoi(row[i]); - continue; - } - if (strcmp(field_names[i], "scid") == 0) - { - sa->gvcid_blk.scid = atoi(row[i]); - continue; - } - if (strcmp(field_names[i], "vcid") == 0) - { - sa->gvcid_blk.vcid = atoi(row[i]); - continue; - } - if (strcmp(field_names[i], "mapid") == 0) - { - sa->gvcid_blk.mapid = atoi(row[i]); - continue; - } - if (strcmp(field_names[i], "lpid") == 0) - { - sa->lpid = atoi(row[i]); - continue; - } - if (strcmp(field_names[i], "est") == 0) - { - sa->est = atoi(row[i]); - continue; - } - if (strcmp(field_names[i], "ast") == 0) - { - sa->ast = atoi(row[i]); - continue; - } - if (strcmp(field_names[i], "shivf_len") == 0) - { - sa->shivf_len = atoi(row[i]); - continue; - } - if (strcmp(field_names[i], "iv_len") == 0) - { - sa->iv_len = atoi(row[i]); - continue; - } - if (strcmp(field_names[i], "shsnf_len") == 0) - { - sa->shsnf_len = atoi(row[i]); - continue; - } - if (strcmp(field_names[i], "shplf_len") == 0) - { - sa->shplf_len = atoi(row[i]); - continue; - } - if (strcmp(field_names[i], "stmacf_len") == 0) - { - sa->stmacf_len = atoi(row[i]); - continue; - } - if (strcmp(field_names[i], "ecs_len") == 0) - { - sa->ecs_len = atoi(row[i]); - continue; - } - if (strcmp(field_names[i], "HEX(ecs)") == 0) - { - ecs_byte_str = row[i]; - continue; - } - // if(strcmp(field_names[i],"HEX(iv)")==0){memcpy(&(sa->iv),&row[i],IV_SIZE);continue;} - if (strcmp(field_names[i], "HEX(iv)") == 0) - { - iv_byte_str = row[i]; - continue; - } - if (strcmp(field_names[i], "acs_len") == 0) - { - sa->acs_len = atoi(row[i]); - continue; - } - if (strcmp(field_names[i], "HEX(acs)") == 0) - { - acs_byte_str = row[i]; - continue; - } - if (strcmp(field_names[i], "abm_len") == 0) - { - sa->abm_len = atoi(row[i]); - continue; - } - if (strcmp(field_names[i], "HEX(abm)") == 0) - { - abm_byte_str = row[i]; - continue; - } - // if(strcmp(field_names[i],"HEX(abm)")==0){convert_hexstring_to_byte_array(row[i],sa->abm);continue;} - if (strcmp(field_names[i], "arsn_len") == 0) - { - sa->arsn_len = atoi(row[i]); - continue; - } - if (strcmp(field_names[i], "HEX(arsn)") == 0) - { - arc_byte_str = row[i]; - continue; - } - // if(strcmp(field_names[i],"HEX(arsn)")==0){convert_hexstring_to_byte_array(row[i],sa->arsn);continue;} - if (strcmp(field_names[i], "arsnw") == 0) - { - sa->arsnw = atoi(row[i]); - continue; - } - // printf("%s:%s ",field_names[i], row[i] ? row[i] : "NULL"); - } - // printf("\n"); - } - if (iv_byte_str == NULL){ - sa->iv = NULL; - } - else{ - sa->iv = (uint8_t* )calloc(1, sa->iv_len * sizeof(uint8_t)); - } - - sa->arsn = (uint8_t* )calloc(1, sa->arsn_len * sizeof(uint8_t)); - sa->abm = (uint8_t* )calloc(1, sa->abm_len * sizeof(uint8_t)); - sa->ecs = (uint8_t* )calloc(1, sa->ecs_len * sizeof(uint8_t)); - sa->acs = (uint8_t* )calloc(1, sa->acs_len * sizeof(uint8_t)); - if(iv_byte_str != NULL){ - if(sa->iv_len > 0) convert_hexstring_to_byte_array(iv_byte_str, sa->iv); - } - - if(sa->arsn_len > 0) convert_hexstring_to_byte_array(arc_byte_str, sa->arsn); - if(sa->abm_len > 0) convert_hexstring_to_byte_array(abm_byte_str, sa->abm); - if(sa->ecs_len > 0) convert_hexstring_to_byte_array(ecs_byte_str, sa->ecs); - if(sa->acs_len > 0) convert_hexstring_to_byte_array(acs_byte_str, sa->acs); - - //arsnw_len is not necessary for mariadb interface, putty dummy/default value for prints. - sa->arsnw_len = 1; - -#ifdef DEBUG - printf("Parsed SA from SQL Query:\n"); - Crypto_saPrint(sa); -#endif - - *security_association = sa; - mysql_free_result(result); - - return status; -} -static int32_t convert_hexstring_to_byte_array(char* source_str, uint8_t* dest_buffer) -{ // https://stackoverflow.com/questions/3408706/hexadecimal-string-to-byte-array-in-c/56247335#56247335 - char* line = source_str; - char* data = line; - int offset; - unsigned int read_byte; - uint32_t data_len = 0; - - while (sscanf(data, " %02x%n", &read_byte, &offset) == 1) - { - dest_buffer[data_len++] = read_byte; - data += offset; - } - return data_len; -} - -static void convert_byte_array_to_hexstring(void* src_buffer, size_t buffer_length, char* dest_str) -{ - unsigned char* bytes = src_buffer; - - if (src_buffer != NULL) - { - for (size_t i = 0; i < buffer_length; i++) - { - uint8_t nib1 = (bytes[i] >> 4) & 0x0F; - uint8_t nib2 = (bytes[i]) & 0x0F; - dest_str[i * 2 + 0] = nib1 < 0xA ? '0' + nib1 : 'A' + nib1 - 0xA; - dest_str[i * 2 + 1] = nib2 < 0xA ? '0' + nib2 : 'A' + nib2 - 0xA; - } - dest_str[buffer_length * 2] = '\0'; - } -} - -static int32_t finish_with_error(MYSQL **con_loc, int err) -{ - fprintf(stderr, "%s\n", mysql_error(*con_loc)); // todo - if query fails, need to push failure message to error stack - mysql_close(*con_loc); - *con_loc = NULL; - return err; +/* + * Copyright 2021, by the California Institute of Technology. + * ALL RIGHTS RESERVED. United States Government Sponsorship acknowledged. + * Any commercial use must be negotiated with the Office of Technology + * Transfer at the California Institute of Technology. + * + * This software may be subject to U.S. export control laws. By accepting + * this software, the user agrees to comply with all applicable U.S. + * export laws and regulations. User has the responsibility to obtain + * export licenses, or other export authority as may be required before + * exporting such information to foreign countries or providing access to + * foreign persons. + */ + +#include "crypto_config.h" +#include "crypto_error.h" +#include "crypto_print.h" +#include "crypto_structs.h" +#include "sa_interface.h" + +#include +#include +#include +#include + +// Security Association Initialization Functions +static int32_t sa_config(void); +static int32_t sa_init(void); +static int32_t sa_close(void); +// Security Association Interaction Functions +static int32_t sa_get_from_spi(uint16_t, SecurityAssociation_t**); +static int32_t sa_get_operational_sa_from_gvcid(uint8_t, uint16_t, uint16_t, uint8_t, SecurityAssociation_t**); +static int32_t sa_save_sa(SecurityAssociation_t* sa); +// Security Association Utility Functions +static int32_t sa_stop(void); +static int32_t sa_start(TC_t* tc_frame); +static int32_t sa_expire(void); +static int32_t sa_rekey(void); +static int32_t sa_status(uint8_t* ); +static int32_t sa_create(void); +static int32_t sa_setARSN(void); +static int32_t sa_setARSNW(void); +static int32_t sa_delete(void); +// MySQL local functions +static int32_t finish_with_error(MYSQL **con_loc, int err); +// MySQL Queries +static const char* SQL_SADB_GET_SA_BY_SPI = + "SELECT " + "spi,ekid,akid,sa_state,tfvn,scid,vcid,mapid,lpid,est,ast,shivf_len,shsnf_len,shplf_len,stmacf_len,ecs_len,HEX(ecs)" + ",HEX(iv),iv_len,acs_len,HEX(acs),abm_len,HEX(abm),arsn_len,HEX(arsn),arsnw" + " FROM security_associations WHERE spi='%d'"; +static const char* SQL_SADB_GET_SA_BY_GVCID = + "SELECT " + "spi,ekid,akid,sa_state,tfvn,scid,vcid,mapid,lpid,est,ast,shivf_len,shsnf_len,shplf_len,stmacf_len,ecs_len,HEX(ecs)" + ",HEX(iv),iv_len,acs_len,HEX(acs),abm_len,HEX(abm),arsn_len,HEX(arsn),arsnw" + " FROM security_associations WHERE tfvn='%d' AND scid='%d' AND vcid='%d' AND mapid='%d' AND sa_state='%d'"; +static const char* SQL_SADB_UPDATE_IV_ARC_BY_SPI = + "UPDATE security_associations" + " SET iv=X'%s', arsn=X'%s'" + " WHERE spi='%d' AND tfvn='%d' AND scid='%d' AND vcid='%d' AND mapid='%d'"; +static const char* SQL_SADB_UPDATE_IV_ARC_BY_SPI_NULL_IV = + "UPDATE security_associations" + " SET arsn=X'%s'" + " WHERE spi='%d' AND tfvn='%d' AND scid='%d' AND vcid='%d' AND mapid='%d'"; + +// sa_if mariaDB private helper functions +static int32_t parse_sa_from_mysql_query(char* query, SecurityAssociation_t** security_association); +static int32_t convert_hexstring_to_byte_array(char* hexstr, uint8_t* byte_array); +static void convert_byte_array_to_hexstring(void* src_buffer, size_t buffer_length, char* dest_str); + +/* +** Global Variables +*/ +// Security +static SaInterfaceStruct sa_if_struct; +static MYSQL *con; + +SaInterface get_sa_interface_mariadb(void) +{ + sa_if_struct.sa_config = sa_config; + sa_if_struct.sa_init = sa_init; + sa_if_struct.sa_close = sa_close; + sa_if_struct.sa_get_from_spi = sa_get_from_spi; + sa_if_struct.sa_get_operational_sa_from_gvcid = sa_get_operational_sa_from_gvcid; + sa_if_struct.sa_stop = sa_stop; + sa_if_struct.sa_save_sa = sa_save_sa; + sa_if_struct.sa_start = sa_start; + sa_if_struct.sa_expire = sa_expire; + sa_if_struct.sa_rekey = sa_rekey; + sa_if_struct.sa_status = sa_status; + sa_if_struct.sa_create = sa_create; + sa_if_struct.sa_setARSN = sa_setARSN; + sa_if_struct.sa_setARSNW = sa_setARSNW; + sa_if_struct.sa_delete = sa_delete; + return &sa_if_struct; +} + +static int32_t sa_config(void) +{ + return CRYPTO_LIB_SUCCESS; +} + +static int32_t sa_init(void) +{ + int32_t status = CRYPTO_LIB_ERROR; + if (sa_mariadb_config != NULL) + { + con = mysql_init(con); + if (con != NULL) + { + //mysql_options is removed in MariaDB C connector v3, using mysql_optionsv + // Lots of small configuration differences between MySQL connector & MariaDB Connector + // Only MariaDB Connector is implemented here: + // https://wikidev.in/wiki/C/mysql_mysql_h/mysql_options | https://mariadb.com/kb/en/mysql_optionsv/ + if(sa_mariadb_config->mysql_mtls_key != NULL) + { + mysql_optionsv(con, MYSQL_OPT_SSL_KEY, sa_mariadb_config->mysql_mtls_key); + } + if(sa_mariadb_config->mysql_mtls_cert != NULL) + { + mysql_optionsv(con, MYSQL_OPT_SSL_CERT, sa_mariadb_config->mysql_mtls_cert); + } + if(sa_mariadb_config->mysql_mtls_ca != NULL) + { + mysql_optionsv(con, MYSQL_OPT_SSL_CA, sa_mariadb_config->mysql_mtls_ca); + } + if(sa_mariadb_config->mysql_mtls_capath != NULL) + { + mysql_optionsv(con, MYSQL_OPT_SSL_CAPATH, sa_mariadb_config->mysql_mtls_capath); + } + if (sa_mariadb_config->mysql_tls_verify_server != CRYPTO_FALSE) + { + mysql_optionsv(con, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, &(sa_mariadb_config->mysql_tls_verify_server)); + } + if (sa_mariadb_config->mysql_mtls_client_key_password != NULL) + { + mysql_optionsv(con, MARIADB_OPT_TLS_PASSPHRASE, sa_mariadb_config->mysql_mtls_client_key_password); + } + if (sa_mariadb_config->mysql_require_secure_transport == CRYPTO_TRUE) + { + mysql_optionsv(con, MYSQL_OPT_SSL_ENFORCE,&(sa_mariadb_config->mysql_require_secure_transport)); + } + //if encrypted connection (TLS) connection. No need for SSL Key + if (mysql_real_connect(con, sa_mariadb_config->mysql_hostname, + sa_mariadb_config->mysql_username, + sa_mariadb_config->mysql_password, + sa_mariadb_config->mysql_database, + sa_mariadb_config->mysql_port, NULL, 0) == NULL) + { + //0,NULL,0 are port number, unix socket, client flag + finish_with_error(&con, SADB_MARIADB_CONNECTION_FAILED); + status = CRYPTO_LIB_ERROR; + } else { + status = CRYPTO_LIB_SUCCESS; + if (status == CRYPTO_LIB_SUCCESS) { +#ifdef DEBUG + printf("sa_init created mysql connection successfully. \n"); +#endif + } + } + } + else + { + //error + fprintf(stderr, "Error: sa_init() MySQL API function mysql_init() returned a connection object that is NULL\n"); + } + + } + return status; +}//end int32_t sa_init() + +static int32_t sa_close(void) +{ + if(con) + { + mysql_close(con); + con = NULL; + } + + return CRYPTO_LIB_SUCCESS; +} + +// Security Association Interaction Functions +static int32_t sa_get_from_spi(uint16_t spi, SecurityAssociation_t** security_association) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + + char spi_query[2048]; + snprintf(spi_query, sizeof(spi_query), SQL_SADB_GET_SA_BY_SPI, spi); + + status = parse_sa_from_mysql_query(&spi_query[0], security_association); + + return status; +} +static int32_t sa_get_operational_sa_from_gvcid(uint8_t tfvn, uint16_t scid, uint16_t vcid, uint8_t mapid, + SecurityAssociation_t** security_association) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + + char gvcid_query[2048]; + snprintf(gvcid_query, sizeof(gvcid_query), SQL_SADB_GET_SA_BY_GVCID, tfvn, scid, vcid, mapid, SA_OPERATIONAL); + + status = parse_sa_from_mysql_query(&gvcid_query[0], security_association); + + return status; +} +static int32_t sa_save_sa(SecurityAssociation_t* sa) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + if (sa == NULL) + { + return SADB_NULL_SA_USED; + } + + char update_sa_query[2048]; + char* iv_h = malloc(sa->iv_len * 2 + 1); + + if(sa->iv != NULL){ + convert_byte_array_to_hexstring(sa->iv, sa->iv_len, iv_h); + } + + char* arsn_h = malloc(sa->arsn_len * 2 + 1); + convert_byte_array_to_hexstring(sa->arsn, sa->arsn_len, arsn_h); + + if(sa->iv != NULL){ + snprintf(update_sa_query, sizeof(update_sa_query), SQL_SADB_UPDATE_IV_ARC_BY_SPI, + iv_h, + arsn_h, sa->spi, sa->gvcid_blk.tfvn, + sa->gvcid_blk.scid, sa->gvcid_blk.vcid, sa->gvcid_blk.mapid); + + free(iv_h); + } + else + { + snprintf(update_sa_query, sizeof(update_sa_query), SQL_SADB_UPDATE_IV_ARC_BY_SPI_NULL_IV, + arsn_h, + sa->spi, sa->gvcid_blk.tfvn, + sa->gvcid_blk.scid, sa->gvcid_blk.vcid, sa->gvcid_blk.mapid); + free(iv_h); + } + + free(arsn_h); +#ifdef SA_DEBUG + fprintf(stderr, "MySQL Insert SA Query: %s \n", update_sa_query); +#endif + + // Crypto_saPrint(sa); + if (mysql_query(con, update_sa_query)) + { + status = finish_with_error(&con, SADB_QUERY_FAILED); + } + // todo - if query fails, need to push failure message to error stack instead of just return code. + + // We free the allocated SA memory in the save function. + if (sa->ek_ref != NULL) + free(sa->ek_ref); + if (sa->ak_ref != NULL) + free(sa->ak_ref); + free(sa); + return status; +} +// Security Association Utility Functions +static int32_t sa_stop(void) +{ + return CRYPTO_LIB_SUCCESS; +} +static int32_t sa_start(TC_t* tc_frame) +{ + tc_frame = tc_frame; + return CRYPTO_LIB_SUCCESS; +} +static int32_t sa_expire(void) +{ + return CRYPTO_LIB_SUCCESS; +} +static int32_t sa_rekey(void) +{ + return CRYPTO_LIB_SUCCESS; +} +static int32_t sa_status(uint8_t* ingest) +{ + ingest = ingest; + return CRYPTO_LIB_SUCCESS; +} +static int32_t sa_create(void) +{ + return CRYPTO_LIB_SUCCESS; +} +static int32_t sa_setARSN(void) +{ + return CRYPTO_LIB_SUCCESS; +} +static int32_t sa_setARSNW(void) +{ + return CRYPTO_LIB_SUCCESS; +} +static int32_t sa_delete(void) +{ + return CRYPTO_LIB_SUCCESS; +} + +// sa_if private helper functions +static int32_t parse_sa_from_mysql_query(char* query, SecurityAssociation_t** security_association) +{ + int32_t status = CRYPTO_LIB_SUCCESS; + SecurityAssociation_t* sa = calloc(1,sizeof(SecurityAssociation_t)); + +#ifdef SA_DEBUG + fprintf(stderr, "MySQL Query: %s \n", query); +#endif + + if (mysql_real_query(con, query, strlen(query))) + { // query should be NUL terminated! + status = finish_with_error(&con, SADB_QUERY_FAILED); + return status; + } + // todo - if query fails, need to push failure message to error stack instead of just return code. + + MYSQL_RES *result = mysql_store_result(con); + if (result == NULL) + { + status = finish_with_error(&con, SADB_QUERY_EMPTY_RESULTS); + return status; + } + + int num_rows = mysql_num_rows(result); + if(num_rows == 0) // No rows returned in query!! + { + status = finish_with_error(&con, SADB_QUERY_EMPTY_RESULTS); + return status; + } + + int num_fields = mysql_num_fields(result); + + MYSQL_ROW row; + MYSQL_FIELD *field; + + char* field_names[num_fields]; //[64]; 64 == max length of column name in MySQL + + // TODO -- Need to store mysql query hex string and then malloc sa->iv according to size. + // TODO -- IV && arsn && abm as uint8_t* instead of uint8[]!!! + char* iv_byte_str = NULL; + char* arc_byte_str = NULL; + char* abm_byte_str = NULL; + char* ecs_byte_str = NULL; + char* acs_byte_str = NULL; + while ((row = mysql_fetch_row(result))) + { + for (int i = 0; i < num_fields; i++) + { + // Parse out all the field names. + if (i == 0) + { + int field_idx = 0; + while ((field = mysql_fetch_field(result))) + { + field_names[field_idx] = field->name; + field_idx++; + } + } + // Handle query results + if (row[i] == NULL) + { + continue; + } // Don't do anything with NULL fields from MySQL query. + if (strcmp(field_names[i], "spi") == 0) + { + sa->spi = atoi(row[i]); + continue; + } + if (strcmp(field_names[i], "ekid") == 0) + { + if(crypto_config.cryptography_type==CRYPTOGRAPHY_TYPE_LIBGCRYPT) + { + sa->ekid = atoi(row[i]); + } else // Cryptography Type KMC Crypto Service with PKCS12 String Key References + { + sa->ekid = 0; + sa->ek_ref = malloc((strlen(row[i])+1) * sizeof(char)); + memcpy(sa->ek_ref, row[i], strlen(row[i])+1); + } + continue; + } + if (strcmp(field_names[i], "akid") == 0) + { + if(crypto_config.cryptography_type==CRYPTOGRAPHY_TYPE_LIBGCRYPT) + { + sa->akid = atoi(row[i]); + } else // Cryptography Type KMC Crypto Service with PKCS12 String Key References + { + sa->ak_ref = malloc((strlen(row[i])+1) * sizeof(char)); + memcpy(sa->ak_ref, row[i], strlen(row[i])+1); + } + continue; + } + if (strcmp(field_names[i], "sa_state") == 0) + { + sa->sa_state = atoi(row[i]); + continue; + } + if (strcmp(field_names[i], "tfvn") == 0) + { + sa->gvcid_blk.tfvn = atoi(row[i]); + continue; + } + if (strcmp(field_names[i], "scid") == 0) + { + sa->gvcid_blk.scid = atoi(row[i]); + continue; + } + if (strcmp(field_names[i], "vcid") == 0) + { + sa->gvcid_blk.vcid = atoi(row[i]); + continue; + } + if (strcmp(field_names[i], "mapid") == 0) + { + sa->gvcid_blk.mapid = atoi(row[i]); + continue; + } + if (strcmp(field_names[i], "lpid") == 0) + { + sa->lpid = atoi(row[i]); + continue; + } + if (strcmp(field_names[i], "est") == 0) + { + sa->est = atoi(row[i]); + continue; + } + if (strcmp(field_names[i], "ast") == 0) + { + sa->ast = atoi(row[i]); + continue; + } + if (strcmp(field_names[i], "shivf_len") == 0) + { + sa->shivf_len = atoi(row[i]); + continue; + } + if (strcmp(field_names[i], "iv_len") == 0) + { + sa->iv_len = atoi(row[i]); + continue; + } + if (strcmp(field_names[i], "shsnf_len") == 0) + { + sa->shsnf_len = atoi(row[i]); + continue; + } + if (strcmp(field_names[i], "shplf_len") == 0) + { + sa->shplf_len = atoi(row[i]); + continue; + } + if (strcmp(field_names[i], "stmacf_len") == 0) + { + sa->stmacf_len = atoi(row[i]); + continue; + } + if (strcmp(field_names[i], "ecs_len") == 0) + { + sa->ecs_len = atoi(row[i]); + continue; + } + if (strcmp(field_names[i], "HEX(ecs)") == 0) + { + ecs_byte_str = row[i]; + continue; + } + // if(strcmp(field_names[i],"HEX(iv)")==0){memcpy(&(sa->iv),&row[i],IV_SIZE);continue;} + if (strcmp(field_names[i], "HEX(iv)") == 0) + { + iv_byte_str = row[i]; + continue; + } + if (strcmp(field_names[i], "acs_len") == 0) + { + sa->acs_len = atoi(row[i]); + continue; + } + if (strcmp(field_names[i], "HEX(acs)") == 0) + { + acs_byte_str = row[i]; + continue; + } + if (strcmp(field_names[i], "abm_len") == 0) + { + sa->abm_len = atoi(row[i]); + continue; + } + if (strcmp(field_names[i], "HEX(abm)") == 0) + { + abm_byte_str = row[i]; + continue; + } + // if(strcmp(field_names[i],"HEX(abm)")==0){convert_hexstring_to_byte_array(row[i],sa->abm);continue;} + if (strcmp(field_names[i], "arsn_len") == 0) + { + sa->arsn_len = atoi(row[i]); + continue; + } + if (strcmp(field_names[i], "HEX(arsn)") == 0) + { + arc_byte_str = row[i]; + continue; + } + // if(strcmp(field_names[i],"HEX(arsn)")==0){convert_hexstring_to_byte_array(row[i],sa->arsn);continue;} + if (strcmp(field_names[i], "arsnw") == 0) + { + sa->arsnw = atoi(row[i]); + continue; + } + // printf("%s:%s ",field_names[i], row[i] ? row[i] : "NULL"); + } + // printf("\n"); + } + + if(iv_byte_str != NULL){ + if(sa->iv_len > 0) convert_hexstring_to_byte_array(iv_byte_str, sa->iv); + } + + if(sa->arsn_len > 0) convert_hexstring_to_byte_array(arc_byte_str, sa->arsn); + if(sa->abm_len > 0) convert_hexstring_to_byte_array(abm_byte_str, sa->abm); + if(sa->ecs_len > 0) convert_hexstring_to_byte_array(ecs_byte_str, &sa->ecs); + if(sa->acs_len > 0) convert_hexstring_to_byte_array(acs_byte_str, &sa->acs); + + //arsnw_len is not necessary for mariadb interface, putty dummy/default value for prints. + sa->arsnw_len = 1; + +#ifdef DEBUG + printf("Parsed SA from SQL Query:\n"); + Crypto_saPrint(sa); +#endif + + *security_association = sa; + mysql_free_result(result); + + return status; +} +static int32_t convert_hexstring_to_byte_array(char* source_str, uint8_t* dest_buffer) +{ // https://stackoverflow.com/questions/3408706/hexadecimal-string-to-byte-array-in-c/56247335#56247335 + char* line = source_str; + char* data = line; + int offset; + unsigned int read_byte; + uint32_t data_len = 0; + + while (sscanf(data, " %02x%n", &read_byte, &offset) == 1) + { + dest_buffer[data_len++] = read_byte; + data += offset; + } + return data_len; +} + +static void convert_byte_array_to_hexstring(void* src_buffer, size_t buffer_length, char* dest_str) +{ + unsigned char* bytes = src_buffer; + + if (src_buffer != NULL) + { + for (size_t i = 0; i < buffer_length; i++) + { + uint8_t nib1 = (bytes[i] >> 4) & 0x0F; + uint8_t nib2 = (bytes[i]) & 0x0F; + dest_str[i * 2 + 0] = nib1 < 0xA ? '0' + nib1 : 'A' + nib1 - 0xA; + dest_str[i * 2 + 1] = nib2 < 0xA ? '0' + nib2 : 'A' + nib2 - 0xA; + } + dest_str[buffer_length * 2] = '\0'; + } +} + +static int32_t finish_with_error(MYSQL **con_loc, int err) +{ + fprintf(stderr, "%s\n", mysql_error(*con_loc)); // todo - if query fails, need to push failure message to error stack + mysql_close(*con_loc); + *con_loc = NULL; + return err; } \ No newline at end of file diff --git a/src/src_feature_stubs/mysql_stub/sadb_routine_mariadb.stub.c b/src/sa/mariadb_stub/sa_interface_mariadb.stub.c similarity index 77% rename from src/src_feature_stubs/mysql_stub/sadb_routine_mariadb.stub.c rename to src/sa/mariadb_stub/sa_interface_mariadb.stub.c index fb81ff64..38d998d7 100644 --- a/src/src_feature_stubs/mysql_stub/sadb_routine_mariadb.stub.c +++ b/src/sa/mariadb_stub/sa_interface_mariadb.stub.c @@ -12,12 +12,12 @@ * foreign persons. */ -#include "sadb_routine.h" +#include "sa_interface.h" -static SadbRoutineStruct sadb_routine; +static SaInterfaceStruct sa_routine; -SadbRoutine get_sadb_routine_mariadb(void) +SaInterface get_sa_interface_mariadb(void) { - fprintf(stderr,"ERROR: Loading mariadb stub source code. Rebuild CryptoLib with -DMYSQL=ON to use proper MariaDB implementation.\n"); - return &sadb_routine; + fprintf(stderr,"ERROR: Loading mariadb stub source code. Rebuild CryptoLib with -DSA_MARIADB=ON to use proper MariaDB implementation.\n"); + return &sa_routine; } \ No newline at end of file diff --git a/src/crypto_sadb/sadb_mariadb_sql/create_sadb.sql b/src/sa/sadb_mariadb_sql/create_sadb.sql similarity index 100% rename from src/crypto_sadb/sadb_mariadb_sql/create_sadb.sql rename to src/sa/sadb_mariadb_sql/create_sadb.sql diff --git a/src/crypto_sadb/sadb_mariadb_sql/delete_sadb.sql b/src/sa/sadb_mariadb_sql/delete_sadb.sql similarity index 100% rename from src/crypto_sadb/sadb_mariadb_sql/delete_sadb.sql rename to src/sa/sadb_mariadb_sql/delete_sadb.sql diff --git a/src/crypto_sadb/sadb_mariadb_sql/empty_sadb.sql b/src/sa/sadb_mariadb_sql/empty_sadb.sql similarity index 100% rename from src/crypto_sadb/sadb_mariadb_sql/empty_sadb.sql rename to src/sa/sadb_mariadb_sql/empty_sadb.sql diff --git a/src/crypto_sadb/sadb_mariadb_sql/list_sadb.sql b/src/sa/sadb_mariadb_sql/list_sadb.sql similarity index 100% rename from src/crypto_sadb/sadb_mariadb_sql/list_sadb.sql rename to src/sa/sadb_mariadb_sql/list_sadb.sql diff --git a/src/crypto_sadb/test_sadb_mariadb_sql/create_sadb_error_path_unit_test_security_associations.sql b/src/sa/test_sadb_mariadb_sql/create_sadb_error_path_unit_test_security_associations.sql similarity index 100% rename from src/crypto_sadb/test_sadb_mariadb_sql/create_sadb_error_path_unit_test_security_associations.sql rename to src/sa/test_sadb_mariadb_sql/create_sadb_error_path_unit_test_security_associations.sql diff --git a/src/crypto_sadb/test_sadb_mariadb_sql/create_sadb_ivv_unit_tests.sql b/src/sa/test_sadb_mariadb_sql/create_sadb_ivv_unit_tests.sql similarity index 100% rename from src/crypto_sadb/test_sadb_mariadb_sql/create_sadb_ivv_unit_tests.sql rename to src/sa/test_sadb_mariadb_sql/create_sadb_ivv_unit_tests.sql diff --git a/src/crypto_sadb/test_sadb_mariadb_sql/create_sadb_jpl_unit_test_security_associations.sql b/src/sa/test_sadb_mariadb_sql/create_sadb_jpl_unit_test_security_associations.sql similarity index 100% rename from src/crypto_sadb/test_sadb_mariadb_sql/create_sadb_jpl_unit_test_security_associations.sql rename to src/sa/test_sadb_mariadb_sql/create_sadb_jpl_unit_test_security_associations.sql diff --git a/src/crypto_sadb/test_sadb_mariadb_sql/create_sadb_unit_test_security_associations.sql b/src/sa/test_sadb_mariadb_sql/create_sadb_unit_test_security_associations.sql similarity index 100% rename from src/crypto_sadb/test_sadb_mariadb_sql/create_sadb_unit_test_security_associations.sql rename to src/sa/test_sadb_mariadb_sql/create_sadb_unit_test_security_associations.sql diff --git a/src/sa/test_sadb_mariadb_sql/create_sadb_unit_test_user_grant_permissions.sql b/src/sa/test_sadb_mariadb_sql/create_sadb_unit_test_user_grant_permissions.sql new file mode 100644 index 00000000..1c3a6c3f --- /dev/null +++ b/src/sa/test_sadb_mariadb_sql/create_sadb_unit_test_user_grant_permissions.sql @@ -0,0 +1,11 @@ +DROP USER IF EXISTS 'sa_admin'; +DROP USER IF EXISTS 'sa_user'; + +CREATE USER IF NOT EXISTS sa_admin IDENTIFIED BY 'sa_admin_password'; +CREATE USER IF NOT EXISTS sa_user IDENTIFIED BY 'sa_password'; + +GRANT ALL PRIVILEGES ON sadb.* TO 'sa_admin'@'%'; + +GRANT UPDATE (arsn) ON sadb.security_associations TO 'sa_user'@'%'; +GRANT UPDATE (iv) ON sadb.security_associations TO 'sa_user'@'%'; +GRANT SELECT ON sadb.security_associations TO 'sa_user'@'%'; \ No newline at end of file diff --git a/src/src_main/crypto_aos.c b/src/src_main/crypto_aos.c deleted file mode 100644 index b678ba6f..00000000 --- a/src/src_main/crypto_aos.c +++ /dev/null @@ -1,74 +0,0 @@ -/* Copyright (C) 2009 - 2022 National Aeronautics and Space Administration. - All Foreign Rights are Reserved to the U.S. Government. - - This software is provided "as is" without any warranty of any kind, either expressed, implied, or statutory, - including, but not limited to, any warranty that the software will conform to specifications, any implied warranties - of merchantability, fitness for a particular purpose, and freedom from infringement, and any warranty that the - documentation will conform to the program, or any warranty that the software will be error free. - - In no event shall NASA be liable for any damages, including, but not limited to direct, indirect, special or - consequential damages, arising out of, resulting from, or in any way connected with the software or its - documentation, whether or not based upon warranty, contract, tort or otherwise, and whether or not loss was sustained - from, or arose out of the results of, or use of, the software, documentation or services provided hereunder. - - ITC Team - NASA IV&V - jstar-development-team@mail.nasa.gov -*/ - -/* -** Includes -*/ -#include "crypto.h" - -/** - * @brief Function: Crypto_AOS_ApplySecurity - * @param ingest: uint8_t* - * @param len_ingest: int* - * @return int32: Success/Failure - **/ -int32_t Crypto_AOS_ApplySecurity(uint8_t* ingest, int *len_ingest) -{ - // Local Variables - int32_t status = CRYPTO_LIB_SUCCESS; - -#ifdef DEBUG - printf(KYEL "\n----- Crypto_AOS_ApplySecurity START -----\n" RESET); -#endif - - // TODO: This whole function! - len_ingest = len_ingest; - ingest[0] = ingest[0]; - -#ifdef DEBUG - printf(KYEL "----- Crypto_AOS_ApplySecurity END -----\n" RESET); -#endif - - return status; -} - -/** - * @brief Function: Crypto_AOS_ProcessSecurity - * @param ingest: uint8_t* - * @param len_ingest: int* - * @return int32: Success/Failure - **/ -int32_t Crypto_AOS_ProcessSecurity(uint8_t* ingest, int *len_ingest) -{ - // Local Variables - int32_t status = CRYPTO_LIB_SUCCESS; - -#ifdef DEBUG - printf(KYEL "\n----- Crypto_AOS_ProcessSecurity START -----\n" RESET); -#endif - - // TODO: This whole function! - len_ingest = len_ingest; - ingest[0] = ingest[0]; - -#ifdef DEBUG - printf(KYEL "----- Crypto_AOS_ProcessSecurity END -----\n" RESET); -#endif - - return status; -} \ No newline at end of file diff --git a/src/src_main/crypto_error.c b/src/src_main/crypto_error.c deleted file mode 100644 index 22b02a92..00000000 --- a/src/src_main/crypto_error.c +++ /dev/null @@ -1,226 +0,0 @@ -/* Copyright (C) 2009 - 2022 National Aeronautics and Space Administration. - All Foreign Rights are Reserved to the U.S. Government. - - This software is provided "as is" without any warranty of any kind, either expressed, implied, or statutory, - including, but not limited to, any warranty that the software will conform to specifications, any implied warranties - of merchantability, fitness for a particular purpose, and freedom from infringement, and any warranty that the - documentation will conform to the program, or any warranty that the software will be error free. - - In no event shall NASA be liable for any damages, including, but not limited to direct, indirect, special or - consequential damages, arising out of, resulting from, or in any way connected with the software or its - documentation, whether or not based upon warranty, contract, tort or otherwise, and whether or not loss was sustained - from, or arose out of the results of, or use of, the software, documentation or services provided hereunder. - - ITC Team - NASA IV&V - jstar-development-team@mail.nasa.gov -*/ - -#include "crypto_error.h" -#include "crypto.h" - -char *crypto_enum_errlist_core[] = -{ - "CRYPTO_LIB_SUCCESS" - ,"CRYPTO_LIB_ERROR" - ,"CRYPTO_LIB_ERR_NO_INIT" - ,"CRYPTO_LIB_ERR_INVALID_TFVN" - ,"CRYPTO_LIB_ERR_INVALID_SCID" - ,"CRYPTO_LIB_ERR_INVALID_VCID" - ,"CRYPTO_LIB_ERR_INVALID_MAPID" - ,"CRYPTO_LIB_ERR_INVALID_CC_FLAG" - ,"CRYPTO_LIB_ERR_NO_OPERATIONAL_SA" - ,"CRYPTO_LIB_ERR_NULL_BUFFER" - ,"CRYPTO_LIB_ERR_UT_BYTE_MISMATCH" - ,"CRYPTO_LIB_ERR_NO_CONFIG" - ,"CRYPTO_LIB_ERR_INVALID_FECF" - ,"CRYPTO_LIB_ERR_ARSN_OUTSIDE_WINDOW" - ,"CRYPTO_LIB_ERR_LIBGCRYPT_ERROR" - ,"CRYPTO_LIB_ERR_AUTHENTICATION_ERROR" - ,"CRYPTO_LIB_ERR_NULL_IV" - ,"CRYPTO_LIB_ERR_NULL_ABM" - ,"CRYPTO_LIB_ERR_DECRYPT_ERROR" - ,"CRYPTO_LIB_ERR_ABM_TOO_SHORT_FOR_AAD" - ,"CRYPTO_LIB_ERR_MAC_RETRIEVAL_ERROR" - ,"CRYPTO_LIB_ERR_MAC_VALIDATION_ERROR" - ,"CRYPTO_LIB_ERR_INVALID_HEADER" - ,"CRYPTO_LIB_ERR_IV_OUTSIDE_WINDOW" - ,"CRYPTO_LIB_ERR_NULL_ARSN" - ,"CRYPTO_LIB_ERR_NULL_SA" - ,"CRYPTO_LIB_ERR_UNSUPPORTED_ACS" - ,"CRYPTO_LIB_ERR_ENCRYPTION_ERROR" - ,"CRYPTO_LIB_ERR_INVALID_SA_CONFIGURATION" - ,"CRYPTO_LIB_ERR_TC_FRAME_SIZE_EXCEEDS_MANAGED_PARAM_MAX_LIMIT" - ,"CRYPTO_LIB_ERR_TC_FRAME_SIZE_EXCEEDS_SPEC_LIMIT" - ,"CRYPTO_LIB_ERR_UNSUPPORTED_ECS" - ,"CRYPTO_LIB_ERR_KEY_LENGTH_ERROR" - ,"CRYPTO_LIB_ERR_NULL_ECS_PTR" - ,"CRYPTO_LIB_ERR_IV_NOT_SUPPORTED_FOR_ACS_ALGO" - ,"CRYPTO_LIB_ERR_NULL_CIPHERS" - ,"CRYPTO_LIB_ERR_NO_ECS_SET_FOR_ENCRYPTION_MODE" - ,"CRYPTO_LIB_ERR_IV_LEN_SHORTER_THAN_SEC_HEADER_LENGTH" - ,"CRYPTO_LIB_ERR_ARSN_LEN_SHORTER_THAN_SEC_HEADER_LENGTH" - ,"CRYPTO_LIB_ERR_FRAME_COUNTER_DOESNT_MATCH_SA" - ,"CRYPTO_LIB_ERR_INPUT_FRAME_TOO_SHORT_FOR_TC_STANDARD" - ,"CRYPTO_LIB_ERR_INPUT_FRAME_LENGTH_SHORTER_THAN_FRAME_HEADERS_LENGTH" - ,"CRYPTO_LIB_ERR_UNSUPPORTED_ECS_MODE" - ,"CRYPTO_LIB_ERR_NULL_MODE_PTR" - ,"CRYPTO_LIB_ERR_UNSUPPORTED_MODE" - ,"CRYPTO_LIB_ERR_INPUT_FRAME_TOO_SHORT_FOR_TM_STANDARD" -}; - -char *crypto_enum_errlist_config[] = -{ - "CRYPTO_CONFIGURATION_NOT_COMPLETE" - ,"CRYPTO_MANAGED_PARAM_CONFIGURATION_NOT_COMPLETE" - ,"CRYPTO_MARIADB_CONFIGURATION_NOT_COMPLETE" - ,"MANAGED_PARAMETERS_FOR_GVCID_NOT_FOUND" -}; - -char *crypto_enum_errlist_sadb_if[] = -{ - "SADB_INVALID_SADB_TYPE" - ,"SADB_NULL_SA_USED" -}; -char *crypto_enum_errlist_sadb_mariadb[] = -{ - "SADB_MARIADB_CONNECTION_FAILED" - ,"SADB_QUERY_FAILED" - ,"SADB_QUERY_EMPTY_RESULTS" - ,"SADB_INSERT_FAILED" -}; -char *crypto_enum_errlist_crypto_if[] = -{ - "CRYPTOGRAPHY_INVALID_CRYPTO_INTERFACE_TYPE" - ,"CRYPTOGRAPHY_UNSUPPORTED_OPERATION_FOR_KEY_RING" - ,"CRYPTOGRAPHY_LIBRARY_INITIALIZIATION_ERROR" -}; -char *crypto_enum_errlist_crypto_kmc[] = -{ - "CRYPTOGRAPHY_KMC_CRYPTO_SERVICE_CONFIGURATION_NOT_COMPLETE" - ,"CRYPTOGRAPHY_KMC_CURL_INITIALIZATION_FAILURE" - ,"CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_CONNECTION_ERROR" - ,"CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_AEAD_ENCRYPT_ERROR" - ,"CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_AEAD_DECRYPT_ERROR" - ,"CRYPTOGRAHPY_KMC_CRYPTO_JSON_PARSE_ERROR" - ,"CRYPTOGRAHPY_KMC_CIPHER_TEXT_NOT_FOUND_IN_JSON_RESPONSE" - ,"CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_GENERIC_FAILURE" - ,"CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_AUTHENTICATION_ERROR" - ,"CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_MAC_VALIDATION_ERROR" - ,"CRYPTOGRAHPY_KMC_ICV_NOT_FOUND_IN_JSON_RESPONSE" - ,"CRYPTOGRAHPY_KMC_NULL_ENCRYPTION_KEY_REFERENCE_IN_SA" - ,"CRYPTOGRAHPY_KMC_NULL_AUTHENTICATION_KEY_REFERENCE_IN_SA" - ,"CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_EMPTY_RESPONSE" - ,"CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_DECRYPT_ERROR" - ,"CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_ENCRYPT_ERROR" -}; - -char *crypto_enum_errlist_crypto_cam[] = -{ - "CAM_CONFIG_NOT_SUPPORTED_ERROR" - ,"CAM_INVALID_COOKIE_FILE_CONFIGURATION_NULL" - ,"CAM_AUTHENTICATION_FAILURE_REDIRECT" - ,"CAM_AUTHENTICATION_REQUIRED" - ,"CAM_GET_SSO_TOKEN_FAILURE" - ,"CAM_INVALID_CONFIGURATION_ACCESS_MANAGER_URI_NULL" - ,"CAM_INVALID_CONFIGURATION_KEYTAB_FILE_PATH_NULL" - ,"CAM_INVALID_CONFIGURATION_KEYTAB_FILE_USERNAME_NULL" - ,"CAM_KEYTAB_FILE_KINIT_FAILURE" -}; - -/* -** @brief: For a given crypto error code, return the associated error code enum string -** @param: int32_t - * @return: char* -*/ -char* Crypto_Get_Error_Code_Enum_String(int32_t crypto_error_code) -{ - if(crypto_error_code >= 600) // CAM Error Codes - { - if(crypto_error_code > 610) - { - return CRYPTO_UNDEFINED_ERROR; - } - else - { - return crypto_enum_errlist_crypto_cam[crypto_error_code % 600]; - } - - } - else if(crypto_error_code >= 500) // KMC Error Codes - { - if(crypto_error_code > 515) - { - return CRYPTO_UNDEFINED_ERROR; - } - else - { - return crypto_enum_errlist_crypto_kmc[crypto_error_code % 500]; - } - } - else if(crypto_error_code >= 400) // Crypto Interface Error Codes - { - if(crypto_error_code > 402) - { - return CRYPTO_UNDEFINED_ERROR; - } - else - { - return crypto_enum_errlist_crypto_if[crypto_error_code % 400]; - } - - } - else if(crypto_error_code >= 300) // SADB MariadDB Error Codes - { - if(crypto_error_code > 303) - { - return CRYPTO_UNDEFINED_ERROR; - } - else - { - return crypto_enum_errlist_sadb_mariadb[crypto_error_code % 300]; - } - - } - else if(crypto_error_code >= 200) // SADB Interface Error Codes - { - if(crypto_error_code > 201) - { - return CRYPTO_UNDEFINED_ERROR; - } - else - { - return crypto_enum_errlist_sadb_if[crypto_error_code % 200]; - } - } - else if(crypto_error_code >= 100) // Configuration Error Codes - { - if(crypto_error_code > 103) - { - return CRYPTO_UNDEFINED_ERROR; - } - else - { - return crypto_enum_errlist_config[crypto_error_code % 100]; - } - } - else if(crypto_error_code > 0) // Unused Error Codes 1-100 - { - return CRYPTO_UNDEFINED_ERROR; - } - else if(crypto_error_code <= 0) // Cryptolib Core Error Codes - { - if(crypto_error_code < -45) - { - return CRYPTO_UNDEFINED_ERROR; - } - else - { - return crypto_enum_errlist_core[(crypto_error_code * (-1))]; - } - } - else - { - return CRYPTO_UNDEFINED_ERROR; - } -} \ No newline at end of file diff --git a/src/src_main/crypto_tm.c b/src/src_main/crypto_tm.c deleted file mode 100644 index b98d07fd..00000000 --- a/src/src_main/crypto_tm.c +++ /dev/null @@ -1,1367 +0,0 @@ -/* Copyright (C) 2009 - 2022 National Aeronautics and Space Administration. - All Foreign Rights are Reserved to the U.S. Government. - - This software is provided "as is" without any warranty of any kind, either expressed, implied, or statutory, - including, but not limited to, any warranty that the software will conform to specifications, any implied warranties - of merchantability, fitness for a particular purpose, and freedom from infringement, and any warranty that the - documentation will conform to the program, or any warranty that the software will be error free. - - In no event shall NASA be liable for any damages, including, but not limited to direct, indirect, special or - consequential damages, arising out of, resulting from, or in any way connected with the software or its - documentation, whether or not based upon warranty, contract, tort or otherwise, and whether or not loss was sustained - from, or arose out of the results of, or use of, the software, documentation or services provided hereunder. - - ITC Team - NASA IV&V - jstar-development-team@mail.nasa.gov -*/ - -/* -** Includes -*/ -#include "crypto.h" - -#include // memcpy/memset - -/** - * @brief Function: Crypto_TM_ApplySecurity - * @param ingest: uint8_t* - * @param len_ingest: int* - * @return int32: Success/Failure - * - * The TM ApplySecurity Payload shall consist of the portion of the TM Transfer Frame (see - * reference [1]) from the first octet of the Transfer Frame Primary Header to the last octet of - * the Transfer Frame Data Field. - * NOTES - * 1 The TM Transfer Frame is the fixed-length protocol data unit of the TM Space Data - * Link Protocol. The length of any Transfer Frame transferred on a physical channel is - * constant, and is established by management. - * 2 The portion of the TM Transfer Frame contained in the TM ApplySecurity Payload - * parameter includes the Security Header field. When the ApplySecurity Function is - * called, the Security Header field is empty; i.e., the caller has not set any values in the - * Security Header - **/ -int32_t Crypto_TM_ApplySecurity(SecurityAssociation_t *sa_ptr) -// Accepts CCSDS message in ingest, and packs into TM before encryption -{ - int32_t status = CRYPTO_LIB_SUCCESS; - int mac_loc = 0; - uint8_t aad[1786]; - uint16_t aad_len = 0; - int i = 0; - uint16_t idx = 0; - uint8_t sa_service_type = -1; - uint16_t pdu_len = -1; - uint32_t pkcs_padding = 0; - uint16_t new_fecf = 0x0000; - uint32_t encryption_cipher; - uint8_t ecs_is_aead_algorithm; - -#ifdef DEBUG - printf(KYEL "\n----- Crypto_TM_ApplySecurity START -----\n" RESET); -#endif - - if (sa_ptr == NULL) - { - status = CRYPTO_LIB_ERR_NULL_SA; - printf(KRED "Error: Input SA NULL! \n" RESET); - return status; // Just return here, nothing can be done. - } - status = Crypto_Get_Managed_Parameters_For_Gvcid(tm_frame_pri_hdr.tfvn, - tm_frame_pri_hdr.scid, - tm_frame_pri_hdr.vcid, - gvcid_managed_parameters, ¤t_managed_parameters); - - if (crypto_config == NULL) - { - printf(KRED "ERROR: CryptoLib Configuration Not Set! -- CRYPTO_LIB_ERR_NO_CONFIG, Will Exit\n" RESET); - status = CRYPTO_LIB_ERR_NO_CONFIG; - return status; // return immediately so a NULL crypto_config is not dereferenced later - } - // **** TODO - THIS BLOCK MOVED INTO TO **** - /** - // Lookup-retrieve managed parameters for frame via gvcid: - // status = Crypto_Get_Managed_Parameters_For_Gvcid(tm_frame.tm_header.tfvn, tm_frame.tm_header.scid, tm_frame.tm_header.vcid, - // gvcid_managed_parameters, ¤t_managed_parameters); - // if (status != CRYPTO_LIB_SUCCESS) - // { - // return status; - // } // Unable to get necessary Managed Parameters for TM TF -- return with error. -**/ - // Query SA DB for active SA / SDLS parameters - if (sadb_routine == NULL) // This should not happen, but tested here for safety - { - printf(KRED "ERROR: SA DB Not initalized! -- CRYPTO_LIB_ERR_NO_INIT, Will Exit\n" RESET); - status = CRYPTO_LIB_ERR_NO_INIT; - } - - // If unable to get operational SA, can return - if (status != CRYPTO_LIB_SUCCESS) - { - return status; - } - -#ifdef SA_DEBUG - printf(KYEL "DEBUG - Printing SA Entry for current frame.\n" RESET); - Crypto_saPrint(sa_ptr); -#endif - - // Determine SA Service Type - if ((sa_ptr->est == 0) && (sa_ptr->ast == 0)) - { - sa_service_type = SA_PLAINTEXT; - } - else if ((sa_ptr->est == 0) && (sa_ptr->ast == 1)) - { - sa_service_type = SA_AUTHENTICATION; - } - else if ((sa_ptr->est == 1) && (sa_ptr->ast == 0)) - { - sa_service_type = SA_ENCRYPTION; - } - else if ((sa_ptr->est == 1) && (sa_ptr->ast == 1)) - { - sa_service_type = SA_AUTHENTICATED_ENCRYPTION; - } - else - { - // Probably unnecessary check - // Leaving for now as it would be cleaner in SA to have an association enum returned I believe - printf(KRED "Error: SA Service Type is not defined! \n" RESET); - status = CRYPTO_LIB_ERROR; - return status; - } - -// Determine Algorithm cipher & mode. // TODO - Parse authentication_cipher, and handle AEAD cases properly - if (sa_service_type != SA_PLAINTEXT) - { - encryption_cipher = - (sa_ptr->ecs[0] << 24) | (sa_ptr->ecs[1] << 16) | (sa_ptr->ecs[2] << 8) | sa_ptr->ecs[3]; - ecs_is_aead_algorithm = Crypto_Is_AEAD_Algorithm(encryption_cipher); - } - -#ifdef TM_DEBUG - switch (sa_service_type) - { - case SA_PLAINTEXT: - printf(KBLU "Creating a SDLS TM - CLEAR!\n" RESET); - break; - case SA_AUTHENTICATION: - printf(KBLU "Creating a SDLS TM - AUTHENTICATED!\n" RESET); - break; - case SA_ENCRYPTION: - printf(KBLU "Creating a SDLS TM - ENCRYPTED!\n" RESET); - break; - case SA_AUTHENTICATED_ENCRYPTION: - printf(KBLU "Creating a SDLS TM - AUTHENTICATED ENCRYPTION!\n" RESET); - break; - } -#endif - - // Check if secondary header is present within frame - // Note: Secondary headers are static only for a mission phase, not guaranteed static - // over the life of a mission Per CCSDS 132.0-B.3 Section 4.1.2.7.2.3 - - // Secondary Header flag is 1st bit of 5th byte (index 4) - idx = 4; - if((tm_frame[idx] & 0x80) == 0x80) - { -#ifdef TM_DEBUG - printf(KYEL "A TM Secondary Header flag is set!\n"); -#endif - // Secondary header is present - idx = 6; - // Determine length of secondary header - // Length coded as total length of secondary header - 1 - // Reference CCSDS 132.0-B-2 4.1.3.2.3 - uint8_t secondary_hdr_len = (tm_frame[idx] & 0x3F); -#ifdef TM_DEBUG - printf(KYEL "Secondary Header Length is decoded as: %d\n", secondary_hdr_len); -#endif - // Increment from current byte (1st byte of secondary header), - // to where the SPI would start - idx += secondary_hdr_len + 1; - } - else - { - // No Secondary header, carry on as usual and increment to SPI start - idx = 6; - } - - /* - ** Begin Security Header Fields - ** Reference CCSDS SDLP 3550b1 4.1.1.1.3 - */ - // Set SPI - tm_frame[idx] = ((sa_ptr->spi & 0xFF00) >> 8); - tm_frame[idx + 1] = (sa_ptr->spi & 0x00FF); - idx += 2; - - // Set initialization vector if specified -#ifdef SA_DEBUG - if (sa_ptr->shivf_len > 0 && sa_ptr->iv != NULL) - { - printf(KYEL "Using IV value:\n\t"); - for (i = 0; i < sa_ptr->iv_len; i++) - { - printf("%02x", *(sa_ptr->iv + i)); - } - printf("\n" RESET); - printf(KYEL "Transmitted IV value:\n\t"); - for (i = sa_ptr->iv_len - sa_ptr->shivf_len; i < sa_ptr->iv_len; i++) - { - printf("%02x", *(sa_ptr->iv + i)); - } - printf("\n" RESET); - } -#endif - - if(sa_service_type != SA_PLAINTEXT && sa_ptr->ecs == NULL && sa_ptr->acs == NULL) - { - return CRYPTO_LIB_ERR_NULL_CIPHERS; - } - - if(sa_ptr->est == 0 && sa_ptr->ast == 1) - { - if(sa_ptr->acs !=NULL && sa_ptr->acs_len != 0) - { - if((*(sa_ptr->acs) == CRYPTO_MAC_CMAC_AES256 || *(sa_ptr->acs) == CRYPTO_MAC_HMAC_SHA256 || *(sa_ptr->acs) == CRYPTO_MAC_HMAC_SHA512) && - sa_ptr->iv_len > 0 ) - { - return CRYPTO_LIB_ERR_IV_NOT_SUPPORTED_FOR_ACS_ALGO; - } - } - } - - // Start index from the transmitted portion - for (i = sa_ptr->iv_len - sa_ptr->shivf_len; i < sa_ptr->iv_len; i++) - { - // Copy in IV from SA - tm_frame[idx] = *(sa_ptr->iv + i); - idx++; - } - - // Set anti-replay sequence number if specified - /* - ** See also: 4.1.1.4.2 - ** 4.1.1.4.4 If authentication or authenticated encryption is not selected - ** for an SA, the Sequence Number field shall be zero octets in length. - ** Reference CCSDS 3550b1 - */ - for (i = sa_ptr->arsn_len - sa_ptr->shsnf_len; i < sa_ptr->arsn_len; i++) - { - // Copy in ARSN from SA - tm_frame[idx] = *(sa_ptr->arsn + i); - idx++; - } - - // Set security header padding if specified - /* - ** 4.2.3.4 h) if the algorithm and mode selected for the SA require the use of - ** fill padding, place the number of fill bytes used into the Pad Length field - ** of the Security Header - Reference CCSDS 3550b1 - */ - // TODO: Revisit this - // TODO: Likely SA API Call - /* 4.1.1.5.2 The Pad Length field shall contain the count of fill bytes used in the - ** cryptographic process, consisting of an integral number of octets. - CCSDS 3550b1 - */ - // TODO: Set this depending on crypto cipher used - - if(pkcs_padding) - { - uint8_t hex_padding[3] = {0}; //TODO: Create #Define for the 3 - pkcs_padding = pkcs_padding & 0x00FFFFFF; // Truncate to be maxiumum of 3 bytes in size - - // Byte Magic - hex_padding[0] = (pkcs_padding >> 16) & 0xFF; - hex_padding[1] = (pkcs_padding >> 8) & 0xFF; - hex_padding[2] = (pkcs_padding) & 0xFF; - - uint8_t padding_start = 0; - padding_start = 3 - sa_ptr->shplf_len; - - for (i = 0; i < sa_ptr->shplf_len; i++) - { - tm_frame[idx] = hex_padding[padding_start++]; - idx++; - } - } - - /* - ** End Security Header Fields - */ - - //TODO: Padding handled here, or TO? - // for (uint32_t i = 0; i < pkcs_padding; i++) - // { - // /* 4.1.1.5.2 The Pad Length field shall contain the count of fill bytes used in the - // ** cryptographic process, consisting of an integral number of octets. - CCSDS 3550b1 - // */ - // // TODO: Set this depending on crypto cipher used - // *(p_new_enc_frame + index + i) = (uint8_t)pkcs_padding; // How much padding is needed? - // // index++; - // } - - /* - ** ~~~Index currently at start of data field, AKA end of security header~~~ - */ - - // Calculate size of data to be encrypted - pdu_len = current_managed_parameters->max_frame_size - idx - sa_ptr->stmacf_len; - // Check other managed parameter flags, subtract their lengths from data field if present - if(current_managed_parameters->has_ocf == TM_HAS_OCF) - { - pdu_len -= 4; - } - if(current_managed_parameters->has_fecf == TM_HAS_FECF) - { - pdu_len -= 2; - } - -#ifdef TM_DEBUG - printf(KYEL "Data location starts at: %d\n" RESET, idx); - printf(KYEL "Data size is: %d\n" RESET, pdu_len); - printf(KYEL "Index at end of SPI is: %d\n", idx); - if(current_managed_parameters->has_ocf == TM_HAS_OCF) - { - // If OCF exists, comes immediately after MAC - printf(KYEL "OCF Location is: %d" RESET, idx + pdu_len + sa_ptr->stmacf_len); - } - if(current_managed_parameters->has_fecf == TM_HAS_FECF) - { - // If FECF exists, comes just before end of the frame - printf(KYEL "FECF Location is: %d\n" RESET, current_managed_parameters->max_frame_size - 2); - } -#endif - - /* - ** Begin Authentication / Encryption - */ - - if (sa_service_type != SA_PLAINTEXT) - { - aad_len = 0; - - if (sa_service_type == SA_AUTHENTICATED_ENCRYPTION || sa_service_type == SA_AUTHENTICATION) - { - mac_loc = idx+pdu_len; -#ifdef MAC_DEBUG - printf(KYEL "MAC location is: %d\n" RESET, mac_loc); - printf(KYEL "MAC size is: %d\n" RESET, sa_ptr->stmacf_len); -#endif - - // Prepare the Header AAD (CCSDS 335.0-B-2 4.2.3.4) - aad_len = idx; // At the very least AAD includes the header - if (sa_service_type == SA_AUTHENTICATION) // auth only, we authenticate the payload as part of the AEAD encrypt call here - { - aad_len += pdu_len; - } -#ifdef TM_DEBUG - printf("Calculated AAD Length: %d\n",aad_len); -#endif - if (sa_ptr->abm_len < aad_len) - { - return CRYPTO_LIB_ERR_ABM_TOO_SHORT_FOR_AAD; - } - status = Crypto_Prepare_TM_AAD(&tm_frame[0], aad_len, sa_ptr->abm, &aad[0]); - } - } - - // Do the encryption - if(sa_service_type != SA_PLAINTEXT && ecs_is_aead_algorithm == CRYPTO_TRUE) - { - printf(KRED "NOT SUPPORTED!!!\n"); - status = CRYPTO_LIB_ERR_UNSUPPORTED_MODE; - } - else if (sa_service_type != SA_PLAINTEXT && ecs_is_aead_algorithm == CRYPTO_FALSE) // Non aead algorithm - { - // TODO - implement non-AEAD algorithm logic - if(sa_service_type == SA_AUTHENTICATION) - { - status = cryptography_if->cryptography_authenticate(//Stub out data in/out as this is done in place and want to save cycles - (uint8_t*)(&tm_frame[0]), // ciphertext output - (size_t) 0, // length of data - (uint8_t*)(&tm_frame[0]), // plaintext input - (size_t)0, // in data length - from start of frame to end of data - NULL, // Using SA key reference, key is null - Crypto_Get_ACS_Algo_Keylen(*sa_ptr->acs), - sa_ptr, // SA (for key reference) - sa_ptr->iv, // IV - sa_ptr->iv_len, // IV Length - &tm_frame[mac_loc], // tag output - sa_ptr->stmacf_len, // tag size - aad, // AAD Input - aad_len, // Length of AAD - *sa_ptr->ecs, // encryption cipher - *sa_ptr->acs, // authentication cipher - NULL); - } - if(sa_service_type == SA_ENCRYPTION || sa_service_type == SA_AUTHENTICATED_ENCRYPTION) - { - printf(KRED "NOT SUPPORTED!!!\n"); - status = CRYPTO_LIB_ERR_UNSUPPORTED_MODE; - } - else if(sa_service_type == SA_PLAINTEXT) - { - // Do nothing, SDLS fields were already copied into static frame in memory - } - else{ - status = CRYPTO_LIB_ERR_UNSUPPORTED_MODE; - } - } - - // Move idx to mac location - idx += pdu_len; -#ifdef TM_DEBUG - if (sa_ptr->stmacf_len > 0) - { - printf(KYEL "Data length is %d\n" RESET, pdu_len); - printf(KYEL "MAC location starts at: %d\n" RESET, idx); - printf(KYEL "MAC length of %d\n" RESET, sa_ptr->stmacf_len); - } - else - { - printf(KYEL "MAC NOT SET TO BE USED IN SA - LENGTH IS 0\n"); - } -#endif - -//TODO OCF - ? Here, elsewhere? - - /* - ** End Authentication / Encryption - */ - - // Only calculate & insert FECF if CryptoLib is configured to do so & gvcid includes FECF. - if (current_managed_parameters->has_fecf == TM_HAS_FECF) - { -#ifdef FECF_DEBUG - printf(KCYN "Calcing FECF over %d bytes\n" RESET, current_managed_parameters->max_frame_size - 2); -#endif - if (crypto_config->crypto_create_fecf == CRYPTO_TM_CREATE_FECF_TRUE) - { - new_fecf = Crypto_Calc_FECF((uint8_t *)&tm_frame, current_managed_parameters->max_frame_size - 2); - tm_frame[current_managed_parameters->max_frame_size - 2] = (uint8_t)((new_fecf & 0xFF00) >> 8); - tm_frame[current_managed_parameters->max_frame_size - 1] = (uint8_t)(new_fecf & 0x00FF); - } - else // CRYPTO_TC_CREATE_FECF_FALSE - { - tm_frame[current_managed_parameters->max_frame_size - 2] = (uint8_t)0x00; - tm_frame[current_managed_parameters->max_frame_size - 1] = (uint8_t)0x00; - } - idx += 2; - } - -#ifdef TM_DEBUG - printf(KYEL "Printing new TM frame:\n\t"); - for(int i = 0; i < current_managed_parameters->max_frame_size; i++) - { - printf("%02X", tm_frame[i]); - } - printf("\n"); - // Crypto_tmPrint(tm_frame); -#endif - - status = sadb_routine->sadb_save_sa(sa_ptr); - -#ifdef DEBUG - printf(KYEL "----- Crypto_TM_ApplySecurity END -----\n" RESET); -#endif - - return status; -} - -/*** Preserving for now - // Check for idle frame trigger - if (((uint8_t)ingest[0] == 0x08) && ((uint8_t)ingest[1] == 0x90)) - { // Zero ingest - for (x = 0; x < *len_ingest; x++) - { - ingest[x] = 0; - } - // Update TM First Header Pointer - tm_frame.tm_header.fhp = 0xFE; - } - else - { // Update the length of the ingest from the CCSDS header - *len_ingest = (ingest[4] << 8) | ingest[5]; - ingest[5] = ingest[5] - 5; - // Remove outgoing secondary space packet header flag - ingest[0] = 0x00; - // Change sequence flags to 0xFFFF - ingest[2] = 0xFF; - ingest[3] = 0xFF; - // Add 2 bytes of CRC to space packet - spp_crc = Crypto_Calc_CRC16((uint8_t* )ingest, *len_ingest); - ingest[*len_ingest] = (spp_crc & 0xFF00) >> 8; - ingest[*len_ingest + 1] = (spp_crc & 0x00FF); - *len_ingest = *len_ingest + 2; - // Update TM First Header Pointer - tm_frame.tm_header.fhp = tm_offset; -#ifdef TM_DEBUG - printf("tm_offset = %d \n", tm_offset); -#endif - } - printf("LINE: %d\n",__LINE__); - // Update Current Telemetry Frame in Memory - // Counters - tm_frame.tm_header.mcfc++; - tm_frame.tm_header.vcfc++; - printf("LINE: %d\n",__LINE__); - // Operational Control Field - Crypto_TM_updateOCF(); - printf("LINE: %d\n",__LINE__); - // Payload Data Unit - Crypto_TM_updatePDU(ingest, *len_ingest); - printf("LINE: %d\n",__LINE__); - if (sadb_routine->sadb_get_sa_from_spi(spi, &sa_ptr) != CRYPTO_LIB_SUCCESS) - { - // TODO - Error handling - return CRYPTO_LIB_ERROR; // Error -- unable to get SA from SPI. - } - printf("LINE: %d\n",__LINE__); - // Check test flags - if (badSPI == 1) - { - tm_frame.tm_sec_header.spi++; - } - if (badIV == 1) - { - *(sa_ptr->iv + sa_ptr->shivf_len - 1) = *(sa_ptr->iv + sa_ptr->shivf_len - 1) + 1; - } - if (badMAC == 1) - { - tm_frame.tm_sec_trailer.mac[MAC_SIZE - 1]++; - } - printf("LINE: %d\n",__LINE__); - // Initialize the temporary TM frame - // Header - tempTM[count++] = (uint8_t)((tm_frame.tm_header.tfvn << 6) | ((tm_frame.tm_header.scid & 0x3F0) >> 4)); - printf("LINE: %d\n",__LINE__); - tempTM[count++] = (uint8_t)(((tm_frame.tm_header.scid & 0x00F) << 4) | (tm_frame.tm_header.vcid << 1) | - (tm_frame.tm_header.ocff)); - tempTM[count++] = (uint8_t)(tm_frame.tm_header.mcfc); - tempTM[count++] = (uint8_t)(tm_frame.tm_header.vcfc); - tempTM[count++] = - (uint8_t)((tm_frame.tm_header.tfsh << 7) | (tm_frame.tm_header.sf << 6) | (tm_frame.tm_header.pof << 5) | - (tm_frame.tm_header.slid << 3) | ((tm_frame.tm_header.fhp & 0x700) >> 8)); - tempTM[count++] = (uint8_t)(tm_frame.tm_header.fhp & 0x0FF); - // tempTM[count++] = (uint8_t) ((tm_frame.tm_header.tfshvn << 6) | tm_frame.tm_header.tfshlen); - // Security Header - printf("LINE: %d\n",__LINE__); - tempTM[count++] = (uint8_t)((spi & 0xFF00) >> 8); - tempTM[count++] = (uint8_t)((spi & 0x00FF)); - if(sa_ptr->shivf_len > 0) - { - memcpy(tm_frame.tm_sec_header.iv, sa_ptr->iv, sa_ptr->shivf_len); - } - printf("LINE: %d\n",__LINE__); - // TODO: Troubleshoot - // Padding Length - // pad_len = Crypto_Get_tmLength(*len_ingest) - TM_MIN_SIZE + IV_SIZE + TM_PAD_SIZE - *len_ingest; - printf("LINE: %d\n",__LINE__); - // Only add IV for authenticated encryption - if ((sa_ptr->est == 1) && (sa_ptr->ast == 1)) - { // Initialization Vector -#ifdef INCREMENT - printf("LINE: %d\n",__LINE__); - Crypto_increment(sa_ptr->iv, sa_ptr->shivf_len); -#endif - if ((sa_ptr->est == 1) || (sa_ptr->ast == 1)) - { - printf("LINE: %d\n",__LINE__); - for (x = 0; x < IV_SIZE; x++) - { - tempTM[count++] = *(sa_ptr->iv + x); - } - } - pdu_loc = count; - pad_len = pad_len - IV_SIZE - TM_PAD_SIZE + OCF_SIZE; - pdu_len = *len_ingest + pad_len; - } - else - { // Include padding length bytes - hard coded per ESA testing - printf("LINE: %d\n",__LINE__); - tempTM[count++] = 0x00; // pad_len >> 8; - tempTM[count++] = 0x1A; // pad_len - pdu_loc = count; - pdu_len = *len_ingest + pad_len; - } - printf("LINE: %d\n",__LINE__); - // Payload Data Unit - for (x = 0; x < (pdu_len); x++) - { - tempTM[count++] = (uint8_t)tm_frame.tm_pdu[x]; - } - // Message Authentication Code - mac_loc = count; - for (x = 0; x < MAC_SIZE; x++) - { - tempTM[count++] = 0x00; - } - printf("LINE: %d\n",__LINE__); - // Operational Control Field - for (x = 0; x < OCF_SIZE; x++) - { - tempTM[count++] = (uint8_t)tm_frame.tm_sec_trailer.ocf[x]; - } - printf("LINE: %d\n",__LINE__); - // Frame Error Control Field - fecf_loc = count; - tm_frame.tm_sec_trailer.fecf = Crypto_Calc_FECF((uint8_t* )tempTM, count); - tempTM[count++] = (uint8_t)((tm_frame.tm_sec_trailer.fecf & 0xFF00) >> 8); - tempTM[count++] = (uint8_t)(tm_frame.tm_sec_trailer.fecf & 0x00FF); - - // Determine Mode - // Clear - if ((sa_ptr->est == 0) && (sa_ptr->ast == 0)) - { -#ifdef DEBUG - printf(KBLU "Creating a TM - CLEAR! \n" RESET); -#endif - // Copy temporary frame to ingest - memcpy(ingest, tempTM, count); - } - // Authenticated Encryption - else if ((sa_ptr->est == 1) && (sa_ptr->ast == 1)) - { -#ifdef DEBUG - printf(KBLU "Creating a TM - AUTHENTICATED ENCRYPTION! \n" RESET); -#endif - - // Copy TM to ingest - memcpy(ingest, tempTM, pdu_loc); - -#ifdef MAC_DEBUG - printf("AAD = 0x"); -#endif - // Prepare additional authenticated data - for (y = 0; y < sa_ptr->abm_len; y++) - { - aad[y] = ingest[y] & *(sa_ptr->abm + y); -#ifdef MAC_DEBUG - printf("%02x", aad[y]); -#endif - } -#ifdef MAC_DEBUG - printf("\n"); -#endif - - status = cryptography_if->cryptography_aead_encrypt(&(ingest[pdu_loc]), // ciphertext output - (size_t)pdu_len, // length of data - &(tempTM[pdu_loc]), // plaintext input - (size_t)pdu_len, // in data length - NULL, // Key is mapped via SA - KEY_SIZE, - sa_ptr, - sa_ptr->iv, - sa_ptr->shivf_len, - &(ingest[mac_loc]), - MAC_SIZE, - &(aad[0]), // AAD Input location - sa_ptr->abm_len, // AAD is size of ABM in this case - CRYPTO_TRUE, // Encrypt - CRYPTO_FALSE, // Authenticate // TODO -- Set to SA value, manually setting to false here so existing tests pass. Existing data was generated with authenticate then encrypt, when it should have been encrypt then authenticate. - CRYPTO_TRUE, // Use AAD - sa_ptr->ecs, // encryption cipher - sa_ptr->acs, // authentication cipher - NULL // cam_cookies (not supported in TM functions yet) - ); - - - // Update OCF - y = 0; - for (x = OCF_SIZE; x > 0; x--) - { - ingest[fecf_loc - x] = tm_frame.tm_sec_trailer.ocf[y++]; - } - - // Update FECF - tm_frame.tm_sec_trailer.fecf = Crypto_Calc_FECF((uint8_t* )ingest, fecf_loc - 1); - ingest[fecf_loc] = (uint8_t)((tm_frame.tm_sec_trailer.fecf & 0xFF00) >> 8); - ingest[fecf_loc + 1] = (uint8_t)(tm_frame.tm_sec_trailer.fecf & 0x00FF); - } - // Authentication - else if ((sa_ptr->est == 0) && (sa_ptr->ast == 1)) - { -#ifdef DEBUG - printf(KBLU "Creating a TM - AUTHENTICATED! \n" RESET); -#endif - // TODO: Future work. Operationally same as clear. - memcpy(ingest, tempTM, count); - } - // Encryption - else if ((sa_ptr->est == 1) && (sa_ptr->ast == 0)) - { -#ifdef DEBUG - printf(KBLU "Creating a TM - ENCRYPTED! \n" RESET); -#endif - // TODO: Future work. Operationally same as clear. - memcpy(ingest, tempTM, count); - } - -#ifdef TM_DEBUG - Crypto_tmPrint(&tm_frame); -#endif - -#ifdef DEBUG - printf(KYEL "----- Crypto_TM_ApplySecurity END -----\n" RESET); -#endif - - *len_ingest = count; - return status; -}**/ - -/** - * @brief Function: Crypto_TM_ProcessSecurity - * @param ingest: uint8_t* - * @param len_ingest: int* - * @return int32: Success/Failure - **/ -int32_t Crypto_TM_ProcessSecurity(const uint8_t* p_ingest, const uint16_t len_ingest, uint8_t** pp_processed_frame, uint16_t *p_decrypted_length) -{ - // Local Variables - int32_t status = CRYPTO_LIB_SUCCESS; - uint8_t aad[1786]; - uint16_t aad_len = 0; - uint16_t byte_idx = 0; - // uint8_t fecf_len = 0; - // uint8_t ocf_len = 0; - uint8_t ecs_is_aead_algorithm; - uint32_t encryption_cipher = 0; - uint8_t iv_loc; - int mac_loc = 0; - uint16_t pdu_len = 1; - uint8_t* p_new_dec_frame = NULL; - SecurityAssociation_t* sa_ptr = NULL; - uint8_t sa_service_type = -1; - uint8_t secondary_hdr_len = 0; - uint8_t spi = -1; - - - // Bit math to give concise access to values in the ingest - tm_frame_pri_hdr.tfvn = ((uint8_t)p_ingest[0] & 0xC0) >> 6; - tm_frame_pri_hdr.scid = (((uint16_t)p_ingest[0] & 0x3F) << 4) | (((uint16_t)p_ingest[1] & 0xF0) >> 4); - tm_frame_pri_hdr.vcid = ((uint8_t)p_ingest[1] & 0x0E) >> 1; - -#ifdef DEBUG - printf(KYEL "\n----- Crypto_TM_ProcessSecurity START -----\n" RESET); -#endif - - if (len_ingest < 6) // Frame length doesn't even have enough bytes for header -- error out. - { - status = CRYPTO_LIB_ERR_INPUT_FRAME_TOO_SHORT_FOR_TM_STANDARD; - return status; - } - - if (crypto_config == NULL) - { - printf(KRED "ERROR: CryptoLib Configuration Not Set! -- CRYPTO_LIB_ERR_NO_CONFIG, Will Exit\n" RESET); - status = CRYPTO_LIB_ERR_NO_CONFIG; - return status; - } - - // Query SA DB for active SA / SDLS parameters - if (sadb_routine == NULL) // This should not happen, but tested here for safety - { - printf(KRED "ERROR: SA DB Not initalized! -- CRYPTO_LIB_ERR_NO_INIT, Will Exit\n" RESET); - status = CRYPTO_LIB_ERR_NO_INIT; - return status; - } - - // Lookup-retrieve managed parameters for frame via gvcid: - status = Crypto_Get_Managed_Parameters_For_Gvcid( - tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, - gvcid_managed_parameters, ¤t_managed_parameters); - - if (status != CRYPTO_LIB_SUCCESS) - { - return status; - } // Unable to get necessary Managed Parameters for TM TF -- return with error. - - // Check if secondary header is present within frame - // Note: Secondary headers are static only for a mission phase, not guaranteed static - // over the life of a mission Per CCSDS 132.0-B.3 Section 4.1.2.7.2.3 - - // Secondary Header flag is 1st bit of 5th byte (index 4) - byte_idx = 4; - if((p_ingest[byte_idx] & 0x80) == 0x80) - { -#ifdef TM_DEBUG - printf(KYEL "A TM Secondary Header flag is set!\n"); -#endif - // Secondary header is present - byte_idx = 6; - // Determine length of secondary header - // Length coded as total length of secondary header - 1 - // Reference CCSDS 132.0-B-2 4.1.3.2.3 - secondary_hdr_len = (p_ingest[byte_idx] & 0x3F) + 1; -#ifdef TM_DEBUG - printf(KYEL "Secondary Header Length is decoded as: %d\n", secondary_hdr_len); -#endif - // Increment from current byte (1st byte of secondary header), - // to where the SPI would start - byte_idx += secondary_hdr_len; - } - else - { - // No Secondary header, carry on as usual and increment to SPI start - byte_idx = 6; - } - - /* - ** Begin Security Header Fields - ** Reference CCSDS SDLP 3550b1 4.1.1.1.3 - */ - // Get SPI - spi = (uint8_t)p_ingest[byte_idx] << 8 | (uint8_t)p_ingest[byte_idx + 1]; - // Move index to past the SPI - byte_idx += 2; - - status = sadb_routine->sadb_get_sa_from_spi(spi, &sa_ptr); - // If no valid SPI, return - if (status != CRYPTO_LIB_SUCCESS) - { - return status; - } - -#ifdef SA_DEBUG - printf(KYEL "DEBUG - Printing SA Entry for current frame.\n" RESET); - Crypto_saPrint(sa_ptr); -#endif - // Determine SA Service Type - if ((sa_ptr->est == 0) && (sa_ptr->ast == 0)) - { - sa_service_type = SA_PLAINTEXT; - } - else if ((sa_ptr->est == 0) && (sa_ptr->ast == 1)) - { - sa_service_type = SA_AUTHENTICATION; - } - else if ((sa_ptr->est == 1) && (sa_ptr->ast == 0)) - { - sa_service_type = SA_ENCRYPTION; - } - else if ((sa_ptr->est == 1) && (sa_ptr->ast == 1)) - { - sa_service_type = SA_AUTHENTICATED_ENCRYPTION; - } - else - { - // Probably unnecessary check - // Leaving for now as it would be cleaner in SA to have an association enum returned I believe - printf(KRED "Error: SA Service Type is not defined! \n" RESET); - status = CRYPTO_LIB_ERROR; - return status; - } - - // Determine Algorithm cipher & mode. // TODO - Parse authentication_cipher, and handle AEAD cases properly - if (sa_service_type != SA_PLAINTEXT) - { - if (sa_ptr->ecs != NULL) - { - encryption_cipher = *sa_ptr->ecs; -#ifdef TC_DEBUG - printf(KYEL "SA Encryption Cipher: %d\n", encryption_cipher); -#endif - } - // If no pointer, must not be using ECS at all - else - { - encryption_cipher = CRYPTO_CIPHER_NONE; - } - ecs_is_aead_algorithm = Crypto_Is_AEAD_Algorithm(encryption_cipher); - } - - if ( encryption_cipher == CRYPTO_CIPHER_NONE && sa_ptr->est == 1) - { - status = CRYPTO_LIB_ERR_NO_ECS_SET_FOR_ENCRYPTION_MODE; - return status; - } - -#ifdef TM_DEBUG - switch (sa_service_type) - { - case SA_PLAINTEXT: - printf(KBLU "Processing a TM - CLEAR!\n" RESET); - break; - case SA_AUTHENTICATION: - printf(KBLU "Processing a TM - AUTHENTICATED!\n" RESET); - printf(KRED "*****NOT IMPLEMENTED!!!!!\n"); - break; - case SA_ENCRYPTION: - printf(KBLU "Processing a TM - ENCRYPTED!\n" RESET); - printf(KRED "*****NOT IMPLEMENTED!!!!!\n"); - break; - case SA_AUTHENTICATED_ENCRYPTION: - printf(KBLU "Processing a TM - AUTHENTICATED ENCRYPTION!\n" RESET); - printf(KRED "*****NOT IMPLEMENTED!!!!!\n"); - break; - } -#endif - - // Parse & Check FECF, if present, and update fecf length - if (current_managed_parameters->has_fecf == TM_HAS_FECF) - { - // fecf_len = 2; - uint16_t received_fecf = (((p_ingest[current_managed_parameters->max_frame_size - 2] << 8) & 0xFF00) | - (p_ingest[current_managed_parameters->max_frame_size - 1] & 0x00FF)); - - if (crypto_config->crypto_check_fecf == TM_CHECK_FECF_TRUE) - { - // Calculate our own - uint16_t calculated_fecf = Crypto_Calc_FECF(p_ingest, len_ingest - 2); - // Compare - if (received_fecf != calculated_fecf) - { -#ifdef FECF_DEBUG - printf("Received FECF is 0x%04X\n", received_fecf); - printf("Calculated FECF is 0x%04X\n", calculated_fecf); - printf("FECF was Calced over %d bytes\n", len_ingest-2); -#endif - status = CRYPTO_LIB_ERR_INVALID_FECF; - return status; - } -#ifdef FECF_DEBUG - else - { - printf(KYEL "FECF CALC MATCHES! - GOOD\n" RESET); - } -#endif - } - } - else if (current_managed_parameters->has_fecf != TM_NO_FECF) - { - status = CRYPTO_LIB_ERR_TC_ENUM_USED_FOR_TM_CONFIG; - return status; - } - - // Accio buffer - p_new_dec_frame = (uint8_t* )calloc(1, (len_ingest) * sizeof(uint8_t)); - if (!p_new_dec_frame) - { - printf(KRED "Error: Calloc for decrypted output buffer failed! \n" RESET); - status = CRYPTO_LIB_ERROR; - return status; - } - - // Copy over TM Primary Header (6 bytes),Secondary (if present) - // If present, the TF Secondary Header will follow the TF PriHdr - memcpy(p_new_dec_frame, &p_ingest[0], 6 + secondary_hdr_len); - - // Byte_idx is still set to just past the SPI - // If IV is present, note location - if (sa_ptr->iv_len > 0) - { - iv_loc = byte_idx; - } - // Increment byte_idx past Security Header Fields based on SA values - byte_idx += sa_ptr->shivf_len; - byte_idx += (sa_ptr->arsn_len - sa_ptr->shsnf_len); - byte_idx += sa_ptr->shplf_len; - -#ifdef SA_DEBUG - printf(KYEL "IV length of %d bytes\n" RESET, sa_ptr->shivf_len); - printf(KYEL "ARSN length of %d bytes\n" RESET, sa_ptr->arsn_len - sa_ptr->shsnf_len); - printf(KYEL "PAD length field of %d bytes\n" RESET, sa_ptr->shplf_len); - printf(KYEL "First byte past Security Header is at index %d\n" RESET, byte_idx); -#endif - - /* - ** End Security Header Fields - ** byte_idx is now at start of pdu / encrypted data - */ - - // Calculate size of the protocol data unit - // NOTE: This size itself it not the length for authentication - pdu_len = current_managed_parameters->max_frame_size - (byte_idx) - sa_ptr->stmacf_len; // - fecf_len - ocf_len; - if(current_managed_parameters->has_ocf == TM_HAS_OCF) - { - pdu_len -= 4; - } - if(current_managed_parameters->has_fecf == TM_HAS_FECF) - { - pdu_len -= 2; - } - - // If MAC exists, comes immediately after pdu - if (sa_ptr->stmacf_len > 0) - { - mac_loc = byte_idx + pdu_len; - } - -#ifdef TM_DEBUG - printf(KYEL "Index / data location starts at: %d\n" RESET, byte_idx); - printf(KYEL "Data size is: %d\n" RESET, pdu_len); - if(current_managed_parameters->has_ocf == TM_HAS_OCF) - { - // If OCF exists, comes immediately after MAC - printf(KYEL "OCF Location is: %d" RESET, byte_idx + pdu_len + sa_ptr->stmacf_len); - } - if(current_managed_parameters->has_fecf == TM_HAS_FECF) - { - // If FECF exists, comes just before end of the frame - printf(KYEL "FECF Location is: %d\n" RESET, current_managed_parameters->max_frame_size - 2); - } -#endif - - // Copy pdu into output frame - // this will be over-written by decryption functions if necessary, - // but not by authentication which requires - - /* - ** Begin Authentication / Encryption - */ - - if(sa_service_type != SA_PLAINTEXT && sa_ptr->ecs == NULL && sa_ptr->acs == NULL) - { - return CRYPTO_LIB_ERR_NULL_CIPHERS; - } - - if (sa_service_type != SA_PLAINTEXT && ecs_is_aead_algorithm == CRYPTO_FALSE) // Non aead algorithm - { - // Parse MAC, prepare AAD - if ((sa_service_type == SA_AUTHENTICATION) || (sa_service_type == SA_AUTHENTICATED_ENCRYPTION)) - { - #ifdef MAC_DEBUG - printf("MAC Parsed from Frame:\n"); - Crypto_hexprint(p_ingest+mac_loc,sa_ptr->stmacf_len); - #endif - aad_len = mac_loc; - if ((sa_service_type == SA_AUTHENTICATED_ENCRYPTION) && (ecs_is_aead_algorithm == CRYPTO_TRUE)) - { - //aad_len = TC_FRAME_HEADER_SIZE + segment_hdr_len + SPI_LEN + sa_ptr->shivf_len + sa_ptr->shsnf_len + - // sa_ptr->shplf_len; - } - if (sa_ptr->abm_len < aad_len) - { - return CRYPTO_LIB_ERR_ABM_TOO_SHORT_FOR_AAD; - } - // Use ingest and abm to create aad - Crypto_Prepare_TM_AAD(p_ingest, aad_len, sa_ptr->abm, &aad[0]); - - status = cryptography_if->cryptography_validate_authentication(p_new_dec_frame+byte_idx, // plaintext output - pdu_len, // length of data - p_ingest+byte_idx, // ciphertext input - pdu_len, // in data length - NULL, // Key - Crypto_Get_ACS_Algo_Keylen(*sa_ptr->acs), - sa_ptr, // SA for key reference - p_ingest+iv_loc, // IV - sa_ptr->iv_len, // IV Length - p_ingest+mac_loc, // Frame Expected Tag - sa_ptr->stmacf_len, // tag size - aad, // additional authenticated data - aad_len, // length of AAD - CRYPTO_CIPHER_NONE, // encryption cipher - *sa_ptr->acs, // authentication cipher - NULL); // cam cookies - } - if(sa_service_type == SA_ENCRYPTION || sa_service_type == SA_AUTHENTICATED_ENCRYPTION) - { - // status = cryptography_if->cryptography_decrypt(tc_sdls_processed_frame->tc_pdu, // plaintext output - // (size_t)(tc_sdls_processed_frame->tc_pdu_len), // length of data - // &(ingest[tc_enc_payload_start_index]), // ciphertext input - // (size_t)(tc_sdls_processed_frame->tc_pdu_len), // in data length - // NULL, // Key - // Crypto_Get_ECS_Algo_Keylen(*sa_ptr->ecs), - // sa_ptr, // SA for key reference - // tc_sdls_processed_frame->tc_sec_header.iv, // IV - // sa_ptr->iv_len, // IV Length - // sa_ptr->ecs, // encryption cipher - // sa_ptr->acs, // authentication cipher - // cam_cookies - - // ); - - // //Handle Padding Removal - // if(sa_ptr->shplf_len != 0) - // { - // int padding_location = TC_FRAME_HEADER_SIZE + segment_hdr_len + SPI_LEN + sa_ptr->shivf_len + - // sa_ptr->shsnf_len; - // uint16_t padding_amount = 0; - // // Get Padding Amount from ingest frame - // padding_amount = (int)ingest[padding_location]; - // // Remove Padding from final decrypted portion - // tc_sdls_processed_frame->tc_pdu_len -= padding_amount; - // } - } - } - - // If plaintext, copy byte by byte - else if(sa_service_type == SA_PLAINTEXT) - { - memcpy(p_new_dec_frame+byte_idx, &(p_ingest[byte_idx]), pdu_len); - byte_idx += pdu_len; - } - -#ifdef TM_DEBUG - printf(KYEL "Printing received frame:\n\t" RESET); - for( int i=0; imax_frame_size; i++) - { - printf(KYEL "%02X", p_ingest[i]); - } - printf(KYEL "\nPrinting PROCESSED frame:\n\t" RESET); - for( int i=0; imax_frame_size; i++) - { - printf(KYEL "%02X", p_new_dec_frame[i]); - } - printf("\n"); -#endif - - *pp_processed_frame = p_new_dec_frame; - // TODO maybe not just return this without doing the math ourselves - *p_decrypted_length = current_managed_parameters->max_frame_size; - -#ifdef DEBUG - printf(KYEL "----- Crypto_TM_ProcessSecurity END -----\n" RESET); -#endif - - return status; - } - -/** - * @brief Function: Crypto_Get_tmLength - * Returns the total length of the current tm_frame in BYTES! - * @param len: int - * @return int32_t Length of TM - **/ -int32_t Crypto_Get_tmLength(int len) -{ -#ifdef FILL - len = TM_FILL_SIZE; -#else - len = TM_FRAME_PRIMARYHEADER_SIZE + TM_FRAME_SECHEADER_SIZE + len + TM_FRAME_SECTRAILER_SIZE + TM_FRAME_CLCW_SIZE; -#endif - - return len; -} - -/** - * @brief Function: Crypto_TM_updatePDU - * Update the Telemetry Payload Data Unit - * @param ingest: uint8_t* - * @param len_ingest: int - **/ -void Crypto_TM_updatePDU(uint8_t* ingest, int len_ingest) -{ // Copy ingest to PDU - int x = 0; - // int y = 0; - // int fill_size = 0; - SecurityAssociation_t* sa_ptr; - - // Consider a helper function here, or elsewhere, to do all the 'math' in one spot as a global accessible list of variables - if (sadb_routine->sadb_get_sa_from_spi(tm_frame[0], &sa_ptr) != CRYPTO_LIB_SUCCESS) // modify - { - // TODO - Error handling - printf(KRED"Update PDU Error!\n"); - return; // Error -- unable to get SA from SPI. - } - if ((sa_ptr->est == 1) && (sa_ptr->ast == 1)) - { - // fill_size = 1129 - MAC_SIZE - IV_SIZE + 2; // +2 for padding bytes - } - else - { - // fill_size = 1129; - } -#ifdef TM_ZERO_FILL - for (x = 0; x < TM_FILL_SIZE; x++) - { - if (x < len_ingest) - { // Fill - tm_frame.tm_pdu[x] = (uint8_t)ingest[x]; - } - else - { // Zero - tm_frame.tm_pdu[x] = 0x00; - } - } -#else - // Pre-append remaining packet if exist - // if (tm_offset == 63) - // { - // tm_frame.tm_pdu[x++] = 0xff; - // tm_offset--; - // } - // if (tm_offset == 62) - // { - // tm_frame.tm_pdu[x++] = 0x00; - // tm_offset--; - // } - // if (tm_offset == 61) - // { - // tm_frame.tm_pdu[x++] = 0x00; - // tm_offset--; - // } - // if (tm_offset == 60) - // { - // tm_frame.tm_pdu[x++] = 0x00; - // tm_offset--; - // } - // if (tm_offset == 59) - // { - // tm_frame.tm_pdu[x++] = 0x39; - // tm_offset--; - // } - // while (x < tm_offset) - // { - // tm_frame.tm_pdu[x] = 0x00; - // x++; - // } - // Copy actual packet - while (x < len_ingest + tm_offset) - { - // printf("%s, Line: %d\n", __FILE__, __LINE__); - // printf("ingest[x - tm_offset] = 0x%02x \n", (uint8_t)ingest[x - tm_offset]); - printf("%02X", (uint8_t)ingest[x - tm_offset]); - // tm_frame.tm_pdu[x] = (uint8_t)ingest[x - tm_offset]; - x++; - } -#ifdef TM_IDLE_FILL - // Check for idle frame trigger - if (((uint8_t)ingest[0] == 0x08) && ((uint8_t)ingest[1] == 0x90)) - { - // Don't fill idle frames - } - else - { - // while (x < (fill_size - 64)) - // { - // tm_frame.tm_pdu[x++] = 0x07; - // tm_frame.tm_pdu[x++] = 0xff; - // tm_frame.tm_pdu[x++] = 0x00; - // tm_frame.tm_pdu[x++] = 0x00; - // tm_frame.tm_pdu[x++] = 0x00; - // tm_frame.tm_pdu[x++] = 0x39; - // for (y = 0; y < 58; y++) - // { - // tm_frame.tm_pdu[x++] = 0x00; - // } - // } - // Add partial packet, if possible, and set offset - // if (x < fill_size) - // { - // tm_frame.tm_pdu[x++] = 0x07; - // tm_offset = 63; - // } - // if (x < fill_size) - // { - // tm_frame.tm_pdu[x++] = 0xff; - // tm_offset--; - // } - // if (x < fill_size) - // { - // tm_frame.tm_pdu[x++] = 0x00; - // tm_offset--; - // } - // if (x < fill_size) - // { - // tm_frame.tm_pdu[x++] = 0x00; - // tm_offset--; - // } - // if (x < fill_size) - // { - // tm_frame.tm_pdu[x++] = 0x00; - // tm_offset--; - // } - // if (x < fill_size) - // { - // tm_frame.tm_pdu[x++] = 0x39; - // tm_offset--; - // } - // for (y = 0; x < fill_size; y++) - // { - // tm_frame.tm_pdu[x++] = 00; - // tm_offset--; - // } - } - // while (x < TM_FILL_SIZE) - // { - // tm_frame.tm_pdu[x++] = 0x00; - // } -#endif -#endif - - return; -} - -/** - * @brief Function: Crypto_TM_updateOCF - * Update the TM OCF - **/ -void Crypto_TM_updateOCF(void) -{ - // TODO - /* - if (ocf == 0) - { // CLCW - clcw.vci = tm_frame.tm_header.vcid; - - tm_frame.tm_sec_trailer.ocf[0] = (clcw.cwt << 7) | (clcw.cvn << 5) | (clcw.sf << 2) | (clcw.cie); - tm_frame.tm_sec_trailer.ocf[1] = (clcw.vci << 2) | (clcw.spare0); - tm_frame.tm_sec_trailer.ocf[2] = (clcw.nrfa << 7) | (clcw.nbl << 6) | (clcw.lo << 5) | (clcw.wait << 4) | - (clcw.rt << 3) | (clcw.fbc << 1) | (clcw.spare1); - tm_frame.tm_sec_trailer.ocf[3] = (clcw.rv); - // Alternate OCF - ocf = 1; -#ifdef OCF_DEBUG - Crypto_clcwPrint(&clcw); -#endif - } - else - { // FSR - tm_frame.tm_sec_trailer.ocf[0] = (report.cwt << 7) | (report.vnum << 4) | (report.af << 3) | - (report.bsnf << 2) | (report.bmacf << 1) | (report.ispif); - tm_frame.tm_sec_trailer.ocf[1] = (report.lspiu & 0xFF00) >> 8; - tm_frame.tm_sec_trailer.ocf[2] = (report.lspiu & 0x00FF); - tm_frame.tm_sec_trailer.ocf[3] = (report.snval); - // Alternate OCF - ocf = 0; -#ifdef OCF_DEBUG - Crypto_fsrPrint(&report); -#endif - } - **/ -} - -/** - * @brief Function: Crypto_Prepare_TM_AAD - * Bitwise ANDs buffer with abm, placing results in aad buffer - * @param buffer: uint8_t* - * @param len_aad: uint16_t - * @param abm_buffer: uint8_t* - * @param aad: uint8_t* - * @return status: uint32_t - **/ -uint32_t Crypto_Prepare_TM_AAD(const uint8_t* buffer, uint16_t len_aad, const uint8_t* abm_buffer, uint8_t* aad) -{ - uint32_t status = CRYPTO_LIB_SUCCESS; - int i; - - for (i = 0; i < len_aad; i++) - { - aad[i] = buffer[i] & abm_buffer[i]; - } - -#ifdef MAC_DEBUG - printf(KYEL "AAD before ABM Bitmask:\n\t"); - for (i = 0; i < len_aad; i++) - { - printf("%02x", buffer[i]); - } - printf("\n" RESET); -#endif - -#ifdef MAC_DEBUG - printf(KYEL "Preparing AAD:\n"); - printf("\tUsing AAD Length of %d\n\t", len_aad); - for (i = 0; i < len_aad; i++) - { - printf("%02x", aad[i]); - } - printf("\n" RESET); -#endif - - return status; -} \ No newline at end of file diff --git a/support/CMakeLists.txt b/support/CMakeLists.txt new file mode 100644 index 00000000..5addb1ca --- /dev/null +++ b/support/CMakeLists.txt @@ -0,0 +1,24 @@ +# Copyright (C) 2009 - 2022 National Aeronautics and Space Administration. +# All Foreign Rights are Reserved to the U.S. Government. +# +# This software is provided "as is" without any warranty of any kind, either expressed, implied, or statutory, +# including, but not limited to, any warranty that the software will conform to specifications, any implied warranties +# of merchantability, fitness for a particular purpose, and freedom from infringement, and any warranty that the +# documentation will conform to the program, or any warranty that the software will be error free. +# +# In no event shall NASA be liable for any damages, including, but not limited to direct, indirect, special or +# consequential damages, arising out of, resulting from, or in any way connected with the software or its +# documentation, whether or not based upon warranty, contract, tort or otherwise, and whether or not loss was sustained +# from, or arose out of the results of, or use of, the software, documentation or services provided hereunder. +# +# ITC Team +# NASA IV&V +# jstar-development-team@mail.nasa.gov + +find_package(Threads REQUIRED) + +# Standalone +include_directories("./standalone") +add_executable(standalone + ./standalone/standalone.c) +target_link_libraries(standalone crypto pthread) diff --git a/support/Dockerfile b/support/Dockerfile new file mode 100644 index 00000000..b92f2856 --- /dev/null +++ b/support/Dockerfile @@ -0,0 +1,61 @@ +# CryptoLib Dockerfile +# +# docker build -t ivvitc/cryptolib:latest . +# docker push ivvitc/cryptolib:latest +# + +ARG WOLFSSL_VERSION=5.6.0-stable +FROM ubuntu + +ARG WOLFSSL_VERSION + +RUN set -eux \ + # install deps + && buildDeps=' \ + autoconf \ + automake \ + ca-certificates \ + cmake \ + curl \ + g++-multilib \ + gcc-multilib \ + gettext \ + git \ + gdb\ + lcov \ + libcurl4-openssl-dev \ + libmariadb-dev \ + libmariadb-dev-compat \ + libgcrypt20-dev \ + libtool \ + make \ + python3-dev \ + python3-pip \ + unzip \ + ' \ + && apt-get update \ + && apt-get install -y --no-install-recommends $buildDeps \ + && rm -r /var/lib/apt/lists/* \ + + # download source files + && curl \ + -LS https://github.com/wolfSSL/wolfssl/archive/v${WOLFSSL_VERSION}.zip \ + -o v${WOLFSSL_VERSION}.zip \ + && unzip v${WOLFSSL_VERSION}.zip \ + && rm v${WOLFSSL_VERSION}.zip \ + + # build and install wolfssl + && cd wolfssl-${WOLFSSL_VERSION} \ + && mkdir -p build \ + && cd build \ + && cmake -DWOLFSSL_AESCCM=yes -DWOLFSSL_AESSIV=yes -DWOLFSSL_CMAC=yes .. \ + && cmake --build . \ + && make install \ + && ldconfig + + # cleanup + #&& cd .. \ + #&& rm -r wolfssl-${WOLFSSL_VERSION} + #&& apt-get purge -y --auto-remove $buildDeps + +RUN pip3 install pycryptodome diff --git a/support/ansible/cryptolib-centos.yml b/support/ansible/cryptolib-centos.yml deleted file mode 100644 index 0a5b53fc..00000000 --- a/support/ansible/cryptolib-centos.yml +++ /dev/null @@ -1,90 +0,0 @@ -# Copyright (C) 2009 - 2022 National Aeronautics and Space Administration. All Foreign Rights are Reserved to the U.S. Government. -# This software is provided "as is" without any warranty of any kind, either expressed, implied, or statutory, including, but not -# limited to, any warranty that the software will conform to specifications, any implied warranties of merchantability, fitness -# for a particular purpose, and freedom from infringement, and any warranty that the documentation will conform to the program, or -# any warranty that the software will be error free. -# In no event shall NASA be liable for any damages, including, but not limited to direct, indirect, special or consequential damages, -# arising out of, resulting from, or in any way connected with the software or its documentation, whether or not based upon warranty, -# contract, tort or otherwise, and whether or not loss was sustained from, or arose out of the results of, or use of, the software, -# documentation or services provided hereunder. -# ITC Team -# NASA IV&V -# jstar-development-team@mail.nasa.gov -# -# -# -# sudo ansible-playbook cryptolib-centos.yml -i ./hosts ---- -- name: CryptoLib CentOS 8 Setup - hosts: all - vars: - # Set this to 1 to install visual studio code - # todo: make a command line variable - install_vscode: 0 - - tasks: - - name: install updates - yum: update_cache=yes - - name: install EPEL - dnf: - name: epel-release - state: latest - - name: Install Dependencies - yum: - name: "{{ packages }}" - vars: - packages: - - git - - "@development tools" - - cmake - - libgcrypt-devel - - python3 - - python3-devel - - python3-pip - - kernel-devel - - mysql-devel - # add additional packages here - - - name: Install pycryptodome - pip: - name: pycryptodome - - name: Install vscode Key - rpm_key: - key: https://packages.microsoft.com/keys/microsoft.asc - state: present - when: install_vscode == 1 - - - name: Insert/Update vscode.repository in/etc/yum.repos.d/vscode.repo - blockinfile: - path: /etc/yum.repos.d/vscode.repo - create: yes - block: | - [code] - name=Visual Studio Code - baseurl=https://packages.microsoft.com/yumrepos/vscode - enabled=1 - gpgcheck=1 - gpgkey=https://packages.microsoft.com/keys/microsoft.asc - when: install_vscode == 1 - - - name: install vscode - yum: - name: code - state: latest - when: install_vscode == 1 - - pre_tasks: - - name: check requirements - block: - - name: check supported os - assert: - that: (ansible_facts['distribution'] == "CentOS" and ansible_facts['distribution_major_version'] is version('8', '>=')) - fail_msg: "unsupported os: {{ ansible_facts['distribution'] }} {{ ansible_facts['distribution_version'] }}" - - - name: check architecture - assert: - that: ansible_architecture == "x86_64" - fail_msg: "unsupported architecture: {{ ansible_architecture }}" - tags: - - always - diff --git a/support/ansible/hosts b/support/ansible/hosts deleted file mode 100644 index 2302edae..00000000 --- a/support/ansible/hosts +++ /dev/null @@ -1 +0,0 @@ -localhost ansible_connection=local diff --git a/support/scripts/build_internal.sh b/support/scripts/build_internal.sh new file mode 100755 index 00000000..4414329a --- /dev/null +++ b/support/scripts/build_internal.sh @@ -0,0 +1,12 @@ +#!/bin/bash -i +# +# Convenience script for CryptoLib development +# Will build in current directory +# +# ./build_internal.sh +# + +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +source $SCRIPT_DIR/env.sh + +cmake $BASE_DIR -DCODECOV=1 -DDEBUG=1 -DMC_INTERNAL=1 -DTEST=1 -DTEST_ENC=1 && make && make test diff --git a/support/scripts/build_kmc.sh b/support/scripts/build_kmc.sh new file mode 100755 index 00000000..e0c2846c --- /dev/null +++ b/support/scripts/build_kmc.sh @@ -0,0 +1,12 @@ +#!/bin/bash -i +# +# Convenience script for CryptoLib development +# Will build in current directory +# +# ./build_kmc.sh +# + +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +source $SCRIPT_DIR/env.sh + +cmake $BASE_DIR -DCODECOV=1 -DDEBUG=1 -DCRYPTO_KMC=1 -DKEY_KMC=1 -DMC_DISABLED=1 -DSA_MARIADB=1 -DTEST=1 -DTEST_ENC=1 -DKMC_CFFI_EXCLUDE=1 && make && make test diff --git a/support/scripts/build_minimal.sh b/support/scripts/build_minimal.sh new file mode 100755 index 00000000..c07c09a3 --- /dev/null +++ b/support/scripts/build_minimal.sh @@ -0,0 +1,12 @@ +#!/bin/bash -i +# +# Convenience script for CryptoLib development +# Will build in current directory +# +# ./build_minimal.sh +# + +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +source $SCRIPT_DIR/env.sh + +cmake $BASE_DIR && make && make test diff --git a/support/scripts/build_support.sh b/support/scripts/build_support.sh new file mode 100755 index 00000000..4e92ea6c --- /dev/null +++ b/support/scripts/build_support.sh @@ -0,0 +1,12 @@ +#!/bin/bash -i +# +# Convenience script for CryptoLib development +# Will build in current directory +# +# ./build_support.sh +# + +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +source $SCRIPT_DIR/env.sh + +cmake $BASE_DIR -DCODECOV=1 -DDEBUG=1 -DSUPPORT=1 -DTEST=1 -DTEST_ENC=1 && make && make test diff --git a/support/scripts/build_wolf.sh b/support/scripts/build_wolf.sh new file mode 100755 index 00000000..a8813ef9 --- /dev/null +++ b/support/scripts/build_wolf.sh @@ -0,0 +1,12 @@ +#!/bin/bash -i +# +# Convenience script for CryptoLib development +# Will build in current directory +# +# ./build_wolf.sh +# + +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +source $SCRIPT_DIR/env.sh + +cmake $BASE_DIR -DCODECOV=1 -DDEBUG=1 -DCRYPTO_LIBGCRYPT=0 -DCRYPTO_WOLFSSL=1 -DTEST=1 -DTEST_ENC=1 && make && make test diff --git a/support/scripts/docker_build.sh b/support/scripts/docker_build.sh new file mode 100755 index 00000000..cc60e506 --- /dev/null +++ b/support/scripts/docker_build.sh @@ -0,0 +1,13 @@ +#!/bin/bash -i +# +# Convenience script for CryptoLib development +# +# ./docker_build.sh +# + +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +source $SCRIPT_DIR/env.sh + +$SCRIPT_DIR/internal_docker_build.sh +$SCRIPT_DIR/kmc_docker_build.sh +$SCRIPT_DIR/wolf_docker_build.sh diff --git a/support/scripts/docker_debug.sh b/support/scripts/docker_debug.sh new file mode 100755 index 00000000..5cbeb307 --- /dev/null +++ b/support/scripts/docker_debug.sh @@ -0,0 +1,13 @@ +#!/bin/bash -i +# +# Convenience script for CryptoLib development +# +# ./internal_docker_build.sh +# + +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +source $SCRIPT_DIR/env.sh + +echo "Start docker container to debug in..." +$DFLAGS -v $BASE_DIR:$BASE_DIR -w $BASE_DIR ivvitc/cryptolib bash +echo "" diff --git a/support/scripts/env.sh b/support/scripts/env.sh new file mode 100755 index 00000000..3f157be1 --- /dev/null +++ b/support/scripts/env.sh @@ -0,0 +1,10 @@ +#!/bin/bash -i +# +# Convenience script for CryptoLib development +# +# source ./env.sh +# + +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +export BASE_DIR=$(cd `dirname $SCRIPT_DIR`/.. && pwd) +export DFLAGS="docker run --rm -it" diff --git a/support/scripts/internal_docker_build.sh b/support/scripts/internal_docker_build.sh new file mode 100755 index 00000000..b2ae8ba7 --- /dev/null +++ b/support/scripts/internal_docker_build.sh @@ -0,0 +1,21 @@ +#!/bin/bash -i +# +# Convenience script for CryptoLib development +# +# ./internal_docker_build.sh +# + +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +source $SCRIPT_DIR/env.sh + +# Prepare build directory +mkdir $BASE_DIR/build > /dev/null 2>&1 +rm -r $BASE_DIR/build/internal/* > /dev/null 2>&1 +mkdir $BASE_DIR/build/internal > /dev/null 2>&1 + +#$DFLAGS -v $BASE_DIR:$BASE_DIR -w $BASE_DIR/build/internal ivvitc/cryptolib /bin/bash + +echo "Internal build and test..." +$DFLAGS -v $BASE_DIR:$BASE_DIR -w $BASE_DIR/build/internal ivvitc/cryptolib bash -c \ + "../../support/scripts/build_support.sh" +echo "" diff --git a/support/scripts/kmc_docker_build.sh b/support/scripts/kmc_docker_build.sh new file mode 100755 index 00000000..31718968 --- /dev/null +++ b/support/scripts/kmc_docker_build.sh @@ -0,0 +1,22 @@ +#!/bin/bash -i +# +# Convenience script for CryptoLib development +# +# ./kmc_docker_build.sh +# + +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +source $SCRIPT_DIR/env.sh + +# Prepare build directory +mkdir $BASE_DIR/build > /dev/null 2>&1 +rm -r $BASE_DIR/build/kmc/* > /dev/null 2>&1 +mkdir $BASE_DIR/build/kmc > /dev/null 2>&1 + +#$DFLAGS -v $BASE_DIR:$BASE_DIR -w $BASE_DIR/build/kmc ivvitc/cryptolib /bin/bash + +echo "KMC build and test..." +# Note that the `KMC_MDB_DB` flag is not in use as docker compose will need configured to enable these tests +$DFLAGS -v $BASE_DIR:$BASE_DIR -w $BASE_DIR/build/kmc ivvitc/cryptolib bash -c \ + "../../support/scripts/build_kmc.sh" +echo "" diff --git a/support/scripts/wolf_docker_build.sh b/support/scripts/wolf_docker_build.sh new file mode 100755 index 00000000..45bc5efb --- /dev/null +++ b/support/scripts/wolf_docker_build.sh @@ -0,0 +1,21 @@ +#!/bin/bash -i +# +# Convenience script for CryptoLib development +# +# ./wolf_docker_build.sh +# + +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +source $SCRIPT_DIR/env.sh + +# Prepare build directory +mkdir $BASE_DIR/build > /dev/null 2>&1 +rm -r $BASE_DIR/build/wolf/* > /dev/null 2>&1 +mkdir $BASE_DIR/build/wolf > /dev/null 2>&1 + +#$DFLAGS -v $BASE_DIR:$BASE_DIR -w $BASE_DIR/build/wolf ivvitc/cryptolib /bin/bash + +echo "Wolf build and test..." +$DFLAGS -v $BASE_DIR:$BASE_DIR -w $BASE_DIR/build/wolf ivvitc/cryptolib bash -c \ + "../../support/scripts/build_wolf.sh" +echo "" diff --git a/util/src_util/standalone.c b/support/standalone/standalone.c similarity index 53% rename from util/src_util/standalone.c rename to support/standalone/standalone.c index 51e4b3e1..32d905d2 100644 --- a/util/src_util/standalone.c +++ b/support/standalone/standalone.c @@ -16,7 +16,6 @@ jstar-development-team@mail.nasa.gov */ - /******************************************************************************* ** Standalone CryptoLib Implementation ** UDP interfaces to apply / process each frame type and return the result. @@ -30,9 +29,11 @@ static volatile uint8_t keepRunning = CRYPTO_LIB_SUCCESS; static volatile uint8_t tc_seq_num = 0; static volatile uint8_t tc_vcid = CRYPTO_STANDALONE_FRAMING_VCID; +static volatile uint8_t tc_debug = 0; +static volatile uint8_t tm_debug = 0; -/* +/* ** Functions */ int32_t crypto_standalone_check_number_arguments(int actual, int expected) @@ -49,9 +50,9 @@ int32_t crypto_standalone_check_number_arguments(int actual, int expected) void crypto_standalone_to_lower(char* str) { char* ptr = str; - while(*ptr) + while (*ptr) { - *ptr = tolower((unsigned char) *ptr); + *ptr = tolower((unsigned char)*ptr); ptr++; } return; @@ -60,44 +61,53 @@ void crypto_standalone_to_lower(char* str) void crypto_standalone_print_help(void) { printf(CRYPTO_PROMPT "command [args]\n" - "----------------------------------------------------------------------\n" - "help - Display help \n" - "exit - Exit app \n" - "noop - No operation command to device \n" - "reset - Reset CryptoLib \n" - "vcid # - Change active TC virtual channel \n" - "\n" - ); + "----------------------------------------------------------------------\n" + "exit - Exit app \n" + "help - Display help \n" + "noop - No operation command to device \n" + "reset - Reset CryptoLib \n" + "tc - Toggle TC debug prints \n" + "tm - Toggle TM debug prints \n" + "vcid # - Change active TC virtual channel \n" + "\n"); } int32_t crypto_standalone_get_command(const char* str) { int32_t status = CRYPTO_CMD_UNKNOWN; char lcmd[CRYPTO_MAX_INPUT_TOKEN_SIZE]; - + strncpy(lcmd, str, CRYPTO_MAX_INPUT_TOKEN_SIZE); crypto_standalone_to_lower(lcmd); - if(strcmp(lcmd, "help") == 0) + if (strcmp(lcmd, "help") == 0) { status = CRYPTO_CMD_HELP; } - else if(strcmp(lcmd, "exit") == 0) + else if (strcmp(lcmd, "exit") == 0) { status = CRYPTO_CMD_EXIT; } - else if(strcmp(lcmd, "noop") == 0) + else if (strcmp(lcmd, "noop") == 0) { status = CRYPTO_CMD_NOOP; } - else if(strcmp(lcmd, "reset") == 0) + else if (strcmp(lcmd, "reset") == 0) { status = CRYPTO_CMD_RESET; } - else if(strcmp(lcmd, "vcid") == 0) + else if (strcmp(lcmd, "vcid") == 0) { status = CRYPTO_CMD_VCID; } + else if (strcmp(lcmd, "tc") == 0) + { + status = CRYPTO_CMD_TC_DEBUG; + } + else if (strcmp(lcmd, "tm") == 0) + { + status = CRYPTO_CMD_TM_DEBUG; + } return status; } @@ -106,30 +116,30 @@ int32_t crypto_standalone_process_command(int32_t cc, int32_t num_tokens, char* int32_t status = CRYPTO_LIB_SUCCESS; /* Process command */ - switch(cc) - { - case CRYPTO_CMD_HELP: - crypto_standalone_print_help(); - break; - - case CRYPTO_CMD_EXIT: - keepRunning = CRYPTO_LIB_ERROR; - break; + switch (cc) + { + case CRYPTO_CMD_HELP: + crypto_standalone_print_help(); + break; - case CRYPTO_CMD_NOOP: - if (crypto_standalone_check_number_arguments(num_tokens, 0) == CRYPTO_LIB_SUCCESS) - { - printf("NOOP command success\n"); - } - break; - - case CRYPTO_CMD_RESET: - if (crypto_standalone_check_number_arguments(num_tokens, 0) == CRYPTO_LIB_SUCCESS) - { - status = crypto_reset(); - printf("Reset command received\n"); - } - break; + case CRYPTO_CMD_EXIT: + keepRunning = CRYPTO_LIB_ERROR; + break; + + case CRYPTO_CMD_NOOP: + if (crypto_standalone_check_number_arguments(num_tokens, 0) == CRYPTO_LIB_SUCCESS) + { + printf("NOOP command success\n"); + } + break; + + case CRYPTO_CMD_RESET: + if (crypto_standalone_check_number_arguments(num_tokens, 0) == CRYPTO_LIB_SUCCESS) + { + status = crypto_reset(); + printf("Reset command received\n"); + } + break; case CRYPTO_CMD_VCID: if (crypto_standalone_check_number_arguments(num_tokens, 1) == CRYPTO_LIB_SUCCESS) @@ -138,9 +148,9 @@ int32_t crypto_standalone_process_command(int32_t cc, int32_t num_tokens, char* /* Confirm new VCID valid */ if (vcid < 64) { - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); SecurityAssociation_t* test_association = NULL; - sadb_routine->sadb_get_sa_from_spi(vcid, &test_association); + sa_if->sa_get_from_spi(vcid, &test_association); /* Handle special case for VCID */ if(vcid == 1) @@ -149,29 +159,61 @@ int32_t crypto_standalone_process_command(int32_t cc, int32_t num_tokens, char* vcid = 0; } - if ((test_association->sa_state == SA_OPERATIONAL) && - (test_association->gvcid_blk.mapid == TYPE_TC) && - (test_association->gvcid_blk.scid == SCID)) - { - tc_vcid = vcid; - printf("Changed active virtual channel (VCID) to %d \n", tc_vcid); - } - else - { - printf("Error - virtual channel (VCID) %d is invalid! Sticking with prior vcid %d \n", vcid, tc_vcid); - } + if ((test_association->sa_state == SA_OPERATIONAL) && + (test_association->gvcid_blk.mapid == TYPE_TC) && + (test_association->gvcid_blk.scid == SCID)) + { + tc_vcid = vcid; + printf("Changed active virtual channel (VCID) to %d \n", tc_vcid); } else { - printf("Error - virtual channl (VCID) %d must be less than 64! Sticking with prior vcid %d \n", vcid, tc_vcid); + printf("Error - virtual channel (VCID) %d is invalid! Sticking with prior vcid %d \n", vcid, tc_vcid); } } - break; - - default: - printf("Invalid command format, type 'help' for more info\n"); - status = CRYPTO_LIB_ERROR; - break; + else + { + printf("Error - virtual channl (VCID) %d must be less than 64! Sticking with prior vcid %d \n", vcid, tc_vcid); + } + } + break; + + case CRYPTO_CMD_TC_DEBUG: + if (crypto_standalone_check_number_arguments(num_tokens, 0) == CRYPTO_LIB_SUCCESS) + { + if (tc_debug == 0) + { + tc_debug = 1; + printf("Enabled TC debug prints! \n"); + } + else + { + tc_debug = 0; + printf("Disabled TC debug prints! \n"); + } + } + break; + + case CRYPTO_CMD_TM_DEBUG: + if (crypto_standalone_check_number_arguments(num_tokens, 0) == CRYPTO_LIB_SUCCESS) + { + if (tm_debug == 0) + { + tm_debug = 1; + printf("Enabled TM debug prints! \n"); + } + else + { + tm_debug = 0; + printf("Disabled TM debug prints! \n"); + } + } + break; + + default: + printf("Invalid command format, type 'help' for more info\n"); + status = CRYPTO_LIB_ERROR; + break; } return status; @@ -187,7 +229,7 @@ int32_t crypto_standalone_udp_init(udp_info_t* sock, int32_t port) /* Create */ sock->sockfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_IP); - if(sock->sockfd == -1) + if (sock->sockfd == -1) { printf("udp_init: Socket create error port %d", sock->port); } @@ -196,8 +238,8 @@ int32_t crypto_standalone_udp_init(udp_info_t* sock, int32_t port) struct sockaddr_in saddr; saddr.sin_family = AF_INET; saddr.sin_addr.s_addr = inet_addr("0.0.0.0"); - saddr.sin_port = htons(sock->port); - status = bind(sock->sockfd, (struct sockaddr *) &saddr, sizeof(saddr)); + saddr.sin_port = htons(sock->port); + status = bind(sock->sockfd, (struct sockaddr*)&saddr, sizeof(saddr)); if (status != 0) { printf(" udp_init: Socker bind error with port %d", sock->port); @@ -207,7 +249,7 @@ int32_t crypto_standalone_udp_init(udp_info_t* sock, int32_t port) /* Keep Alive */ optval = 1; optlen = sizeof(optval); - setsockopt(sock->sockfd, SOL_SOCKET, SO_KEEPALIVE, &optval, optlen); + setsockopt(sock->sockfd, SOL_SOCKET, SO_KEEPALIVE, &optval, optlen); return status; } @@ -217,14 +259,14 @@ int32_t crypto_reset(void) int32_t status; status = Crypto_Shutdown(); - if(status != CRYPTO_LIB_SUCCESS) + if (status != CRYPTO_LIB_SUCCESS) { printf("CryptoLib initialization failed with error %d \n", status); } - status = Crypto_Init_TC_Unit_Test(); + status = Crypto_Init_TM_Unit_Test(); // TODO: CryptoLib appears to be looking at the second byte and not specficially the SCID bits - if(status != CRYPTO_LIB_SUCCESS) + if (status != CRYPTO_LIB_SUCCESS) { printf("CryptoLib initialization failed with error %d \n", status); } @@ -235,13 +277,13 @@ int32_t crypto_reset(void) void crypto_standalone_tc_frame(uint8_t* in_data, uint16_t in_length, uint8_t* out_data, uint16_t* out_length) { /* TC Length */ - *out_length = (uint16_t) CRYPTO_STANDALONE_FRAMING_TC_DATA_LEN + 6; + *out_length = (uint16_t)CRYPTO_STANDALONE_FRAMING_TC_DATA_LEN + 6; /* TC Header */ out_data[0] = 0x20; out_data[1] = CRYPTO_STANDALONE_FRAMING_SCID; - out_data[2] = ((tc_vcid << 2) & 0xFC) | (((uint16_t) CRYPTO_STANDALONE_FRAMING_TC_DATA_LEN >> 8) & 0x03); - out_data[3] = (uint16_t) CRYPTO_STANDALONE_FRAMING_TC_DATA_LEN & 0x00FF; + out_data[2] = ((tc_vcid << 2) & 0xFC) | (((uint16_t)CRYPTO_STANDALONE_FRAMING_TC_DATA_LEN >> 8) & 0x03); + out_data[3] = (uint16_t)CRYPTO_STANDALONE_FRAMING_TC_DATA_LEN & 0x00FF; out_data[4] = tc_seq_num++; /* Segement Header */ @@ -255,19 +297,19 @@ void crypto_standalone_tc_frame(uint8_t* in_data, uint16_t in_length, uint8_t* o /* SDLS Trailer */ } -void* crypto_standalone_tc_apply(void* sock) +void *crypto_standalone_tc_apply(void* sock) { int32_t status = CRYPTO_LIB_SUCCESS; - udp_info_t* tc_sock = (udp_info_t*) sock; - + udp_info_t* tc_sock = (udp_info_t* )sock; + uint8_t tc_apply_in[TC_MAX_FRAME_SIZE]; uint16_t tc_in_len = 0; uint8_t* tc_out_ptr; uint16_t tc_out_len = 0; - - #ifdef CRYPTO_STANDALONE_HANDLE_FRAMING - uint8_t tc_framed[TC_MAX_FRAME_SIZE]; - #endif + +#ifdef CRYPTO_STANDALONE_HANDLE_FRAMING + uint8_t tc_framed[TC_MAX_FRAME_SIZE]; +#endif struct sockaddr_in rcv_addr; struct sockaddr_in fwd_addr; @@ -280,53 +322,56 @@ void* crypto_standalone_tc_apply(void* sock) /* Prepare */ memset(tc_apply_in, 0x00, sizeof(tc_apply_in)); - while(keepRunning == CRYPTO_LIB_SUCCESS) + while (keepRunning == CRYPTO_LIB_SUCCESS) { /* Receive */ - status = recvfrom(tc_sock->sockfd, tc_apply_in, sizeof(tc_apply_in), 0, (struct sockaddr*) &rcv_addr, (socklen_t*) &sockaddr_size); + status = recvfrom(tc_sock->sockfd, tc_apply_in, sizeof(tc_apply_in), 0, (struct sockaddr*)&rcv_addr, (socklen_t*)&sockaddr_size); if (status != -1) { tc_in_len = status; - #ifdef CRYPTO_STANDALONE_TC_APPLY_DEBUG + if (tc_debug == 1) + { printf("crypto_standalone_tc_apply - received[%d]: 0x", tc_in_len); - for(int i = 0; i < status; i++) + for (int i = 0; i < status; i++) { printf("%02x", tc_apply_in[i]); } printf("\n"); - #endif + } - /* Frame */ - #ifdef CRYPTO_STANDALONE_HANDLE_FRAMING - crypto_standalone_tc_frame(tc_apply_in, tc_in_len, tc_framed, &tc_out_len); - memcpy(tc_apply_in, tc_framed, tc_out_len); - tc_in_len = tc_out_len; - tc_out_len = 0; - #ifdef CRYPTO_STANDALONE_TC_APPLY_DEBUG - printf("crypto_standalone_tc_apply - framed[%d]: 0x", tc_in_len); - for(int i = 0; i < tc_in_len; i++) - { - printf("%02x", tc_apply_in[i]); - } - printf("\n"); - #endif - #endif +/* Frame */ +#ifdef CRYPTO_STANDALONE_HANDLE_FRAMING + crypto_standalone_tc_frame(tc_apply_in, tc_in_len, tc_framed, &tc_out_len); + memcpy(tc_apply_in, tc_framed, tc_out_len); + tc_in_len = tc_out_len; + tc_out_len = 0; + if (tc_debug == 1) + { + printf("crypto_standalone_tc_apply - framed[%d]: 0x", tc_in_len); + for (int i = 0; i < tc_in_len; i++) + { + printf("%02x", tc_apply_in[i]); + } + printf("\n"); + } +#endif /* Process */ status = Crypto_TC_ApplySecurity(tc_apply_in, tc_in_len, &tc_out_ptr, &tc_out_len); if (status == CRYPTO_LIB_SUCCESS) { - #ifdef CRYPTO_STANDALONE_TC_APPLY_DEBUG + if (tc_debug == 1) + { printf("crypto_standalone_tc_apply - status = %d, encrypted[%d]: 0x", status, tc_out_len); - for(int i = 0; i < tc_out_len; i++) + for (int i = 0; i < tc_out_len; i++) { printf("%02x", tc_out_ptr[i]); } printf("\n"); - #endif + } /* Reply */ - status = sendto(tc_sock->sockfd, tc_out_ptr, tc_out_len, 0, (struct sockaddr*) &fwd_addr, sizeof(fwd_addr)); + status = sendto(tc_sock->sockfd, tc_out_ptr, tc_out_len, 0, (struct sockaddr*)&fwd_addr, sizeof(fwd_addr)); if ((status == -1) || (status != tc_out_len)) { printf("crypto_standalone_tc_apply - Reply error %d \n", status); @@ -342,9 +387,12 @@ void* crypto_standalone_tc_apply(void* sock) tc_in_len = 0; tc_out_len = 0; if (!tc_out_ptr) free(tc_out_ptr); + if (tc_debug == 1) + { #ifdef CRYPTO_STANDALONE_TC_APPLY_DEBUG printf("\n"); #endif + } } /* Delay */ @@ -354,30 +402,47 @@ void* crypto_standalone_tc_apply(void* sock) return tc_sock; } -void crypto_standalone_tm_frame(uint8_t* in_data, uint16_t in_length, uint8_t* out_data, uint16_t* out_length) +void crypto_standalone_tm_frame(uint8_t* in_data, uint16_t in_length, uint8_t* out_data, uint16_t* out_length, uint16_t spi) { + SaInterface sa_if = get_sa_interface_inmemory(); + SecurityAssociation_t* sa_ptr = NULL; + + sa_if->sa_get_from_spi(spi, &sa_ptr); + if (!sa_ptr) + { + printf("WARNING - SA IS NULL!\n"); + } + + // Calculate security headers and trailers + uint8_t header_length = 6 + 2 + sa_ptr->shivf_len + sa_ptr->shplf_len + sa_ptr->shsnf_len; + uint8_t trailer_length = sa_ptr->stmacf_len; + if (current_managed_parameters->has_fecf == TM_HAS_FECF) + { + trailer_length += 4; + } + /* TM Length */ - *out_length = (uint16_t) in_length - 10; + *out_length = (uint16_t)in_length - header_length - trailer_length; /* TM Header */ - memcpy(out_data, &in_data[10], in_length - 10); + memcpy(out_data, &in_data[header_length], in_length - header_length - trailer_length); } void* crypto_standalone_tm_process(void* sock) { int32_t status = CRYPTO_LIB_SUCCESS; - udp_info_t* tm_sock = (udp_info_t*) sock; + udp_info_t* tm_sock = (udp_info_t*)sock; - uint8_t tm_process_in[TM_FRAME_DATA_SIZE]; + uint8_t tm_process_in[TM_CADU_SIZE]; // Accounts for ASM automatically based on #def int tm_process_len = 0; uint16_t spp_len = 0; uint8_t* tm_ptr; - //uint16_t tm_out_len = 0; + uint16_t tm_out_len = 0; - #ifdef CRYPTO_STANDALONE_HANDLE_FRAMING - uint8_t tm_framed[TM_FRAME_DATA_SIZE]; - uint16_t tm_framed_len = 0; - #endif +#ifdef CRYPTO_STANDALONE_HANDLE_FRAMING + uint8_t tm_framed[TM_CADU_SIZE]; + uint16_t tm_framed_len = 0; +#endif struct sockaddr_in rcv_addr; struct sockaddr_in fwd_addr; @@ -387,68 +452,122 @@ void* crypto_standalone_tm_process(void* sock) fwd_addr.sin_addr.s_addr = inet_addr("0.0.0.0"); fwd_addr.sin_port = htons(TM_PROCESS_FWD_PORT); - while(keepRunning == CRYPTO_LIB_SUCCESS) + while (keepRunning == CRYPTO_LIB_SUCCESS) { /* Receive */ - status = recvfrom(tm_sock->sockfd, tm_process_in, sizeof(tm_process_in), 0, (struct sockaddr*) &rcv_addr, (socklen_t*) &sockaddr_size); + status = recvfrom(tm_sock->sockfd, tm_process_in, sizeof(tm_process_in), 0, (struct sockaddr*)&rcv_addr, (socklen_t*)&sockaddr_size); if (status != -1) { tm_process_len = status; - #ifdef CRYPTO_STANDALONE_TM_PROCESS_DEBUG + if (tm_debug == 1) + { printf("crypto_standalone_tm_process - received[%d]: 0x", tm_process_len); - for(int i = 0; i < status; i++) + for (int i = 0; i < status; i++) { printf("%02x", tm_process_in[i]); } printf("\n"); - #endif - + } /* Process */ - //status = Crypto_TM_ProcessSecurity(tm_process_in, (const uint16_t) tm_process_len, &tm_ptr, &tm_out_len); - if (1) //(status == CRYPTO_LIB_SUCCESS) +#ifdef TM_CADU_HAS_ASM + // Process Security skipping prepended ASM + if (tm_debug == 1) + { + printf("Printing first bytes of Tf Pri Hdr:\n\t"); + for (int i = 0; i < 6; i++) + { + printf("%02X", *(tm_process_in + 4 + i)); + } + printf("\n"); + printf("Processing frame WITH ASM...\n"); + } + // Account for ASM length + status = Crypto_TM_ProcessSecurity(tm_process_in + 4, (const uint16_t)tm_process_len - 4, &tm_ptr, &tm_out_len); +#else + if (tm_debug == 1) + { + printf("Processing frame without ASM...\n"); + } + status = Crypto_TM_ProcessSecurity(tm_process_in, (const uint16_t)tm_process_len, &tm_ptr, &tm_out_len); +#endif + if (status == CRYPTO_LIB_SUCCESS) { - #ifdef CRYPTO_STANDALONE_TM_PROCESS_DEBUG - printf("crypto_standalone_tm_process - status = %d, decrypted[%d]: 0x", status, tm_process_len); - for(int i = 0; i < tm_process_len; i++) + if (tm_debug == 1) + { + if (((tm_ptr[4] & 0x0F) == 0x0F) && (tm_ptr[5] == 0xFE)) { - printf("%02x", tm_process_in[i]); + // OID Frame } - printf("\n"); - #endif - - /* Frame */ - #ifdef CRYPTO_STANDALONE_HANDLE_FRAMING - crypto_standalone_tm_frame(tm_process_in, tm_process_len, tm_framed, &tm_framed_len); - memcpy(tm_process_in, tm_framed, tm_framed_len); - tm_process_len = tm_framed_len; - tm_framed_len = 0; - #ifdef CRYPTO_STANDALONE_TM_PROCESS_DEBUG - printf("crypto_standalone_tm_process - deframed[%d]: 0x", tm_process_len); - for(int i = 0; i < tm_process_len; i++) + else + { + printf("crypto_standalone_tm_process - status = %d, decrypted[%d]: 0x", status, tm_out_len); + for (int i = 0; i < tm_out_len; i++) { - printf("%02x", tm_process_in[i]); + printf("%02x", tm_ptr[i]); } printf("\n"); - #endif - #endif + } + } + +/* Frame */ +#ifdef CRYPTO_STANDALONE_HANDLE_FRAMING +#ifdef TM_CADU_HAS_ASM + uint16_t spi = (0xFFFF & tm_process_in[11]) | tm_process_in[12]; + // crypto_standalone_tm_frame(tm_process_in+4, tm_process_len-4, tm_framed, &tm_framed_len, spi); + crypto_standalone_tm_frame(tm_ptr, tm_out_len, tm_framed, &tm_framed_len, spi); +#else + uint16_t spi = (0xFFFF & tm_process_in[7]) | tm_process_in[8]; + crypto_standalone_tm_frame(tm_process_in, tm_process_len, tm_framed, &tm_framed_len, spi); +#endif + memcpy(tm_process_in, tm_framed, tm_framed_len); + tm_process_len = tm_framed_len; + tm_framed_len = 0; + + if (tm_debug == 1) + // Note: Need logic to allow broken packet assembly + { + printf("crypto_standalone_tm_process - beginning after first header pointer - deframed[%d]: 0x", tm_process_len); + for (int i = 0; i < tm_process_len; i++) + { + printf("%02x", tm_framed[i]); + } + printf("\n"); + } +#endif /* Space Packet Protocol Loop */ tm_ptr = &tm_process_in[0]; - while (tm_process_len > 5) { - if ((tm_ptr[0] >= 0x08) && (tm_ptr[0] < 0x10)) + // SPP Telemetry OR SPP Idle Packet + if ((tm_ptr[0] == 0x08) || ((tm_ptr[0] == 0x03) && tm_ptr[1] == 0xff)) { - spp_len = ((tm_ptr[4] << 8) | tm_ptr[5]) + 7; - #ifdef CRYPTO_STANDALONE_TM_PROCESS_DEBUG - printf("crypto_standalone_tm_process - SPP[%d]: 0x", spp_len); - for(int i = 0; i < spp_len; i++) - { - printf("%02x", tm_ptr[i]); - } - printf("\n"); - #endif - status = sendto(tm_sock->sockfd, tm_ptr, spp_len, 0, (struct sockaddr*) &fwd_addr, sizeof(fwd_addr)); + spp_len = (((0xFFFF & tm_ptr[4]) << 8) | tm_ptr[5]) + 7; +#ifdef CRYPTO_STANDALONE_TM_PROCESS_DEBUG + printf("crypto_standalone_tm_process - SPP[%d]: 0x", spp_len); + for (int i = 0; i < spp_len; i++) + { + printf("%02x", tm_ptr[i]); + } + printf("\n"); +#endif + // Send all SPP telemetry packets + if (tm_ptr[0] == 0x08) + { + status = sendto(tm_sock->sockfd, tm_ptr, spp_len, 0, (struct sockaddr*)&fwd_addr, sizeof(fwd_addr)); + } + // Only send idle packets if configured to do so + else + { +#ifdef CRYPTO_STANDALONE_DISCARD_IDLE_PACKETS + // Don't forward idle packets + status = spp_len; +#else + status = sendto(tm_sock->sockfd, tm_ptr, spp_len, 0, (struct sockaddr*)&fwd_addr, sizeof(fwd_addr)); +#endif + } + + // Check status if ((status == -1) || (status != spp_len)) { printf("crypto_standalone_tm_process - Reply error %d \n", status); @@ -456,12 +575,26 @@ void* crypto_standalone_tm_process(void* sock) tm_ptr = &tm_ptr[spp_len]; tm_process_len = tm_process_len - spp_len; } - else + else if (tm_ptr[0] == 0xff && tm_ptr[1] == 0x48) { - if ( ((tm_ptr[0] != 0x03) && (tm_ptr[1] != 0xFF)) && ((tm_ptr[0] != 0xFF) && (tm_ptr[1] != 0x48)) ) + // Idle Frame + // Idle Frame is entire length of remaining data +#ifdef CRYPTO_STANDALONE_DISCARD_IDLE_FRAMES + // Don't forward idle frame + status = spp_len; +#else + status = sendto(tm_sock->sockfd, tm_ptr, tm_process_len, 0, (struct sockaddr*)&fwd_addr, sizeof(fwd_addr)); + if ((status == -1) || (status != spp_len)) { - printf("crypto_standalone_tm_process - SPP loop error, expected idle packet or frame! tm_ptr = 0x%02x%02x \n", tm_ptr[0], tm_ptr[1]); + printf("crypto_standalone_tm_process - Reply error %d \n", status); } + tm_ptr = &tm_ptr[spp_len]; +#endif + tm_process_len = 0; + } + else + { + printf("crypto_standalone_tm_process - SPP loop error, expected idle packet or frame! tm_ptr = 0x%02x%02x \n", tm_ptr[0], tm_ptr[1]); tm_process_len = 0; } } @@ -474,9 +607,9 @@ void* crypto_standalone_tm_process(void* sock) /* Reset */ memset(tm_process_in, 0x00, sizeof(tm_process_in)); tm_process_len = 0; - #ifdef CRYPTO_STANDALONE_TM_PROCESS_DEBUG - printf("\n"); - #endif +#ifdef CRYPTO_STANDALONE_TM_PROCESS_DEBUG + printf("\n"); +#endif } /* Delay */ @@ -502,11 +635,11 @@ void crypto_standalone_cleanup(const int signal) int main(int argc, char* argv[]) { int32_t status = CRYPTO_LIB_SUCCESS; - + char input_buf[CRYPTO_MAX_INPUT_BUF]; char input_tokens[CRYPTO_MAX_INPUT_TOKENS][CRYPTO_MAX_INPUT_TOKEN_SIZE]; int num_input_tokens; - int cmd; + int cmd; char* token_ptr; udp_info_t tc_apply; @@ -523,15 +656,15 @@ int main(int argc, char* argv[]) printf("Invalid number of arguments! \n"); printf(" Expected zero but received: %s \n", argv[1]); } - + /* Initialize CryptoLib */ status = crypto_reset(); - if(status != CRYPTO_LIB_SUCCESS) + if (status != CRYPTO_LIB_SUCCESS) { printf("CryptoLib initialization failed with error %d \n", status); keepRunning = CRYPTO_LIB_ERROR; } - + /* Initialize sockets */ if (keepRunning == CRYPTO_LIB_SUCCESS) { @@ -587,25 +720,25 @@ int main(int argc, char* argv[]) /* Tokenize line buffer */ token_ptr = strtok(input_buf, " \t\n"); - while ((num_input_tokens < CRYPTO_MAX_INPUT_TOKENS) && (token_ptr != NULL)) + while ((num_input_tokens < CRYPTO_MAX_INPUT_TOKENS) && (token_ptr != NULL)) { - if (num_input_tokens == -1) + if (num_input_tokens == -1) { /* First token is command */ cmd = crypto_standalone_get_command(token_ptr); - //printf("CMD = %s %d\n",token_ptr,cmd); + // printf("CMD = %s %d\n",token_ptr,cmd); } - else + else { strncpy(input_tokens[num_input_tokens], token_ptr, CRYPTO_MAX_INPUT_TOKEN_SIZE); - //printf("Token[%d] = %s\n",num_input_tokens,token_ptr); + // printf("Token[%d] = %s\n",num_input_tokens,token_ptr); } token_ptr = strtok(NULL, " \t\n"); num_input_tokens++; } /* Process command if valid */ - if(num_input_tokens >= 0) + if (num_input_tokens >= 0) { crypto_standalone_process_command(cmd, num_input_tokens, &input_tokens[0][0]); } @@ -616,7 +749,7 @@ int main(int argc, char* argv[]) close(tm_process.port); Crypto_Shutdown(); - + printf("\n"); exit(status); -} \ No newline at end of file +} diff --git a/util/include/standalone.h b/support/standalone/standalone.h similarity index 90% rename from util/include/standalone.h rename to support/standalone/standalone.h index 24297275..75ae0179 100644 --- a/util/include/standalone.h +++ b/support/standalone/standalone.h @@ -39,7 +39,7 @@ extern "C" #include #include "crypto.h" -#include "shared_util.h" +#include "crypto_config.h" /* @@ -58,6 +58,12 @@ extern "C" #define CRYPTO_STANDALONE_FRAMING_VCID 0x00 #define CRYPTO_STANDALONE_FRAMING_TC_DATA_LEN 512 +/* +** Can be used to reduce ground system error messages +*/ +#define CRYPTO_STANDALONE_DISCARD_IDLE_PACKETS +#define CRYPTO_STANDALONE_DISCARD_IDLE_FRAMES + /* ** Defines @@ -73,6 +79,8 @@ extern "C" #define CRYPTO_CMD_NOOP 2 #define CRYPTO_CMD_RESET 3 #define CRYPTO_CMD_VCID 4 +#define CRYPTO_CMD_TC_DEBUG 5 +#define CRYPTO_CMD_TM_DEBUG 6 /* @@ -97,7 +105,7 @@ int32_t crypto_standalone_udp_init(udp_info_t* sock, int32_t port); int32_t crypto_reset(void); void crypto_standalone_tc_frame(uint8_t* in_data, uint16_t in_length, uint8_t* out_data, uint16_t* out_length); void* crypto_standalone_tc_apply(void* sock); -void crypto_standalone_tm_frame(uint8_t* in_data, uint16_t in_length, uint8_t* out_data, uint16_t* out_length); +void crypto_standalone_tm_frame(uint8_t* in_data, uint16_t in_length, uint8_t* out_data, uint16_t* out_length, uint16_t spi); void* crypto_standalone_tm_process(void* sock); void crypto_standalone_cleanup(const int signal); @@ -106,4 +114,4 @@ void crypto_standalone_cleanup(const int signal); } /* Close scope of 'extern "C"' declaration which encloses file. */ #endif -#endif /* CRYPTOLIB_STANDALONE_H */ +#endif //CRYPTOLIB_STANDALONE_H diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt index ab1b84a7..cfb22dc2 100644 --- a/test/CMakeLists.txt +++ b/test/CMakeLists.txt @@ -15,7 +15,7 @@ # NASA IV&V # jstar-development-team@mail.nasa.gov -set(PROJECT_TEST_DIR ${CMAKE_CURRENT_SOURCE_DIR}) +set(PROJECT_TEST_DIR ${CMAKE_BINARY_DIR}) # add_test(NAME Process_Security # COMMAND ${PROJECT_BINARY_DIR}/bin/process_security tc ${PROJECT_TEST_DIR}/data/tc4.1.dat @@ -37,8 +37,12 @@ add_test(NAME UT_CRYPTO COMMAND ${PROJECT_BINARY_DIR}/bin/ut_crypto WORKING_DIRECTORY ${PROJECT_TEST_DIR}) -add_test(NAME UT_CRYPTO_AOS - COMMAND ${PROJECT_BINARY_DIR}/bin/ut_crypto_aos +add_test(NAME UT_AOS_APPLY + COMMAND ${PROJECT_BINARY_DIR}/bin/ut_aos_apply + WORKING_DIRECTORY ${PROJECT_TEST_DIR}) + +add_test(NAME UT_AOS_PROCESS + COMMAND ${PROJECT_BINARY_DIR}/bin/ut_aos_process WORKING_DIRECTORY ${PROJECT_TEST_DIR}) add_test(NAME UT_CRYPTO_MC @@ -57,19 +61,13 @@ add_test(NAME UT_TM_PROCESS # COMMAND ${PROJECT_BINARY_DIR}/bin/ut_mariadb # WORKING_DIRECTORY ${PROJECT_TEST_DIR}) -if(${ENCTEST}) - add_test(NAME ET_DT_VALIDATION - COMMAND ${PROJECT_BINARY_DIR}/bin/et_dt_validation - WORKING_DIRECTORY ${PROJECT_TEST_DIR}) -endif() - if(${KMC_MDB_RH} OR ${KMC_MDB_DB}) add_test(NAME UT_TC_KMC COMMAND ${PROJECT_BINARY_DIR}/bin/ut_tc_kmc WORKING_DIRECTORY ${PROJECT_TEST_DIR}) add_test(NAME UT_SADB_ERR_CASES_KMC_CRYPTO - COMMAND ${PROJECT_BINARY_DIR}/bin/ut_sadb_err_cases_kmc_crypto + COMMAND ${PROJECT_BINARY_DIR}/bin/ut_sa_err_cases_kmc_crypto WORKING_DIRECTORY ${PROJECT_TEST_DIR}) # add_test(NAME UT_MYSQL_TLS_CONNECTION @@ -100,4 +98,99 @@ if(${KMC_MDB_RH} OR ${KMC_MDB_DB}) add_test(NAME UT_KMC_CRYPTO_AUTH_ONLY COMMAND ${PROJECT_BINARY_DIR}/bin/ut_kmc_crypto_auth_only WORKING_DIRECTORY ${PROJECT_TEST_DIR}) -endif() \ No newline at end of file +endif() + +if(TEST_ENC) + add_test(NAME ET_DT_VALIDATION + COMMAND ${PROJECT_BINARY_DIR}/bin/et_dt_validation + WORKING_DIRECTORY ${PROJECT_TEST_DIR}) +endif() + +include_directories(include) +include_directories(../include) + +if(TEST_ENC) + find_package (Python3 REQUIRED COMPONENTS Interpreter Development) + execute_process(COMMAND pip3 show pycryptodome RESULT_VARIABLE EXIT_CODE OUTPUT_QUIET) + if(NOT ${EXIT_CODE} EQUAL 0) + message(FATAL_ERROR "The \"pycryptodome\" Python3 package is not installed, and is required for TEST_ENC.") + endif() +endif() + +file( GLOB UNIT_FILES unit/*.c) +foreach(SOURCE_PATH ${UNIT_FILES}) + get_filename_component(EXECUTABLE_NAME ${SOURCE_PATH} NAME_WE) + + if((NOT TEST_ENC) AND ${EXECUTABLE_NAME} STREQUAL et_dt_validation) + continue() + else() + add_executable(${EXECUTABLE_NAME} ${SOURCE_PATH}) + target_sources(${EXECUTABLE_NAME} PRIVATE core/shared_util.c) + target_link_libraries(${EXECUTABLE_NAME} LINK_PUBLIC crypto pthread) + endif() + + if(TEST_ENC AND ${EXECUTABLE_NAME} STREQUAL et_dt_validation) + target_link_libraries(${EXECUTABLE_NAME} PUBLIC ${Python3_LIBRARIES}) + target_include_directories(${EXECUTABLE_NAME} PUBLIC ${Python3_INCLUDE_DIRS}) + find_library(${Python3_LIBRARIES} pycryptodome) + endif() + + add_custom_command(TARGET ${EXECUTABLE_NAME} POST_BUILD + COMMAND ${CMAKE_COMMAND} -E copy $ ${PROJECT_BINARY_DIR}/bin/${EXECUTABLE_NAME} + COMMAND ${CMAKE_COMMAND} -E remove $ + COMMENT "Created ${PROJECT_BINARY_DIR}/bin/${EXECUTABLE_NAME}" + ) +endforeach(SOURCE_PATH ${UNIT_FILES}) + +if(${KMC_MDB_RH} OR ${KMC_MDB_DB}) + file( GLOB KMC_FILES kmc/*.c) + foreach(SOURCE_PATH ${KMC_FILES}) + get_filename_component(EXECUTABLE_NAME ${SOURCE_PATH} NAME_WE) + + add_executable(${EXECUTABLE_NAME} ${SOURCE_PATH}) + target_sources(${EXECUTABLE_NAME} PRIVATE core/shared_util.c) + target_link_libraries(${EXECUTABLE_NAME} LINK_PUBLIC crypto pthread) + + add_custom_command(TARGET ${EXECUTABLE_NAME} POST_BUILD + COMMAND ${CMAKE_COMMAND} -E copy $ ${PROJECT_BINARY_DIR}/bin/${EXECUTABLE_NAME} + COMMAND ${CMAKE_COMMAND} -E remove $ + COMMENT "Created ${PROJECT_BINARY_DIR}/bin/${EXECUTABLE_NAME}" + ) + endforeach(SOURCE_PATH ${KMC_FILES}) +endif() + +target_include_directories (crypto PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}) + +set(OBJECT_DIR ${PROJECT_BINARY_DIR}/src/CMakeFiles/crypto.dir/core) + +if(${CODECOV}) + # Create the gcov target. Run coverage tests with 'make gcov' + add_custom_target(gcov + COMMAND mkdir -p coverage + COMMAND ${CMAKE_MAKE_PROGRAM} test + WORKING_DIRECTORY ${PROJECT_BINARY_DIR} + ) + add_custom_command(TARGET gcov + COMMAND echo "=================== GCOV ====================" + #COMMAND gcov -b -o ${OBJECT_DIR} crypto_aos.c.gnco crypto_config.c.gnco crypto_key_mgmt.c.gnco crypto_mc.c.gnco crypto_print.c.gnco crypto_tc.c.gnco crypto_tm.c.gnco crypto_user.c.gnco crypto.c.gnco sa_routine_inmemory.template.c.gnco sa_routine.c.gnco + COMMAND gcov -b -o ${OBJECT_DIR} crypto_aos.c.gnco crypto_config.c.gnco crypto_key_mgmt.c.gnco crypto_mc.c.gnco crypto_tc.c.gnco crypto_tm.c.gnco crypto_user.c.gnco crypto.c.gnco sa_routine_inmemory.template.c.gnco + # | grep -A 5 "Adder.cpp" > CoverageSummary.tmp + #COMMAND cat CoverageSummary.tmp + #COMMAND echo "-- Coverage files have been output to ${PROJECT_BINARY_DIR}/coverage" + COMMAND lcov -c --directory ${OBJECT_DIR} --output-file ${PROJECT_BINARY_DIR}/coverage/results.info + COMMAND genhtml ${PROJECT_BINARY_DIR}/coverage/results.info --output-directory ${PROJECT_BINARY_DIR}/coverage/results + WORKING_DIRECTORY ${PROJECT_BINARY_DIR}/coverage + ) + add_dependencies(gcov ut_tc_apply) + # Make sure to clean up the coverage folder + set_property(DIRECTORY APPEND PROPERTY ADDITIONAL_MAKE_CLEAN_FILES coverage) + + # Create the gcov-clean target. This cleans the build as well as generated + # .gcda and .gcno files. + add_custom_target(scrub + COMMAND ${CMAKE_MAKE_PROGRAM} clean + COMMAND rm -f ${OBJECT_DIR}/*.gcno + COMMAND rm -f ${OBJECT_DIR}/*.gcda + WORKING_DIRECTORY ${PROJECT_BINARY_DIR} + ) +endif(${CODECOV}) diff --git a/util/src_util/apply_security.c b/test/core/apply_security.c old mode 100755 new mode 100644 similarity index 100% rename from util/src_util/apply_security.c rename to test/core/apply_security.c diff --git a/util/src_util/crypto_sequence.c b/test/core/crypto_sequence.c similarity index 100% rename from util/src_util/crypto_sequence.c rename to test/core/crypto_sequence.c diff --git a/util/src_util/process_security.c b/test/core/process_security.c similarity index 100% rename from util/src_util/process_security.c rename to test/core/process_security.c diff --git a/util/core/shared_util.c b/test/core/shared_util.c similarity index 100% rename from util/core/shared_util.c rename to test/core/shared_util.c diff --git a/test/crypto_test.py b/test/crypto_test.py deleted file mode 100644 index 1d67ac47..00000000 --- a/test/crypto_test.py +++ /dev/null @@ -1,119 +0,0 @@ -# Copyright (C) 2009 - 2022 National Aeronautics and Space Administration. -# All Foreign Rights are Reserved to the U.S. Government. -# -# This software is provided "as is" without any warranty of any kind, either expressed, implied, or statutory, -# including, but not limited to, any warranty that the software will conform to specifications, any implied warranties -# of merchantability, fitness for a particular purpose, and freedom from infringement, and any warranty that the -# documentation will conform to the program, or any warranty that the software will be error free. -# -# In no event shall NASA be liable for any damages, including, but not limited to direct, indirect, special or -# consequential damages, arising out of, resulting from, or in any way connected with the software or its -# documentation, whether or not based upon warranty, contract, tort or otherwise, and whether or not loss was sustained -# from, or arose out of the results of, or use of, the software, documentation or services provided hereunder. -# -# ITC Team -# NASA IV&V -# jstar-development-team@mail.nasa.gov - -# -# Connect to cFS via UDP to CI_Lab and TO_Lab to send and receive messages -# used to verify the SDLS-EP protocol via Interoperability Testing -# - -import binascii -import os -import signal -import socket -import struct -import sys - -def signal_term_handler(signale,frame): - print '\nExiting gracefully...\n' - ci.close() - to.close() - sys.exit(0) - -class color: - PURPLE = '\033[95m' - CYAN = '\033[96m' - DARKCYAN = '\033[36m' - BLUE = '\033[94m' - GREEN = '\033[92m' - YELLOW = '\033[93m' - RED = '\033[91m' - BOLD = '\033[1m' - UNDERLINE = '\033[4m' - END = '\033[0m' - -signal.signal(signal.SIGINT, signal_term_handler) - -# Get PWD -pwd = os.getcwd() + "/" - -# Setup CI UDP -UDP_IP_CI = "127.0.0.1" -UDP_PORT_CI = 1234 -ci = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) - -# Setup TO UDP -UDP_IP_TO = "127.0.0.1" -UDP_PORT_TO = 1235 -to = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) -to.bind((UDP_IP_TO, UDP_PORT_TO)) -to.settimeout(5.0) - -python_files = [ - pwd+"sdls_ep_interop/tc4.txt", - pwd+"sdls_ep_interop/tc5.txt", - pwd+"sdls_ep_interop/tc6.txt", - ] - -print color.BOLD + '\nBegin Testing the Cryptography Library...' + color.END - -for file_name in python_files: - with open(file_name) as f: - print file_name + " has been loaded!" - print color.YELLOW + "Typically flight software must be rebooted now!\n" + color.END - for line in f: - # Determine line - if line.startswith("Number = "): - number = line[9:] - #sys.stdout.write(line[9:len(line)] + ") ") - #print line[9:] + " " - if line.startswith("Description = "): - description = line[14:] - #sys.stdout.write(line[14:len(line)]) - #print line[14:] + " " - if line.startswith("TC = "): - tc = line[5:] - if line.startswith("TM = "): - tm = line[5:] - print number.replace("\n","\t") + description - raw_input("Press ENTER to proceed...\n") - if len(tc) > 2: - # Send TC to CI_Lab - print tc - ci.sendto(binascii.unhexlify(tc[0:len(tc)-1]), (UDP_IP_CI,UDP_PORT_CI)) - if len(tm) > 2: - # Receive TM from TO_Lab - #print tm - try: - data, addr = to.recvfrom(10000); - except socket.timeout: - print color.RED + 'ERROR: TO_Lab timeout exceeded!' + color.END - os.kill(os.getpid(), signal.SIGINT) - if len(data) == 0: - print color.RED + 'ERROR: received no data from TO_Lab when response expected!' + color.END - os.kill(os.getpid(), signal.SIGINT) - else: - if tm[0:len(tm)-1] != binascii.hexlify(data[0:len(tm)-1]): - print color.RED + 'ERROR: received TM data did not match expected!' + color.END - print len(binascii.hexlify(data)) - print '\t received TM: ' + binascii.hexlify(data) - print len(tm) - print '\t expected TM: ' + tm - os.kill(os.getpid(), signal.SIGINT) - -print >> sys.stderr, "Out of data, exiting gracefully..." -ci.close() -to.close() \ No newline at end of file diff --git a/test/encryption_test.py b/test/encryption_test.py index 46786ffd..87b326ee 100644 --- a/test/encryption_test.py +++ b/test/encryption_test.py @@ -141,6 +141,6 @@ def get_results(self): if __name__ == '__main__': something=Authentication() - something.encrypt_cmac("02C00000980006AABBCCDDEEFF000C08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA", "ff9f9284cf599eac3b119905a7d18851e7e374cf63aea04358586b0f757670f9") + something.encrypt_cmac("02C000001800000C08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB", "ff9f9284cf599eac3b119905a7d18851e7e374cf63aea04358586b0f757670f9") something.get_len() something.get_results() \ No newline at end of file diff --git a/util/include/apply_security.h b/test/include/apply_security.h similarity index 97% rename from util/include/apply_security.h rename to test/include/apply_security.h index e2740d4a..141f9b63 100644 --- a/util/include/apply_security.h +++ b/test/include/apply_security.h @@ -32,4 +32,4 @@ extern "C" } /* Close scope of 'extern "C"' declaration which encloses file. */ #endif -#endif // CRYPTOLIB_APPLY_SECURITY_H +#endif //CRYPTOLIB_APPLY_SECURITY_H diff --git a/util/include/crypto_sequence.h b/test/include/crypto_sequence.h similarity index 97% rename from util/include/crypto_sequence.h rename to test/include/crypto_sequence.h index fadd2e66..2a3a52bd 100644 --- a/util/include/crypto_sequence.h +++ b/test/include/crypto_sequence.h @@ -32,4 +32,4 @@ extern "C" } /* Close scope of 'extern "C"' declaration which encloses file. */ #endif -#endif // CRYPTOLIB_CRYPTO_SEQUENCE_H +#endif //CRYPTOLIB_CRYPTO_SEQUENCE_H diff --git a/util/include/et_dt_validation.h b/test/include/et_dt_validation.h similarity index 97% rename from util/include/et_dt_validation.h rename to test/include/et_dt_validation.h index 9a8a44b0..ebc3b2cf 100644 --- a/util/include/et_dt_validation.h +++ b/test/include/et_dt_validation.h @@ -32,4 +32,4 @@ extern "C" } /* Close scope of 'extern "C"' declaration which encloses file. */ #endif -#endif // CRYPTOLIB_ET_DT_VALIDATION_H \ No newline at end of file +#endif //CRYPTOLIB_ET_DT_VALIDATION_H \ No newline at end of file diff --git a/util/include/process_security.h b/test/include/process_security.h similarity index 97% rename from util/include/process_security.h rename to test/include/process_security.h index 6b0956e5..6172a8b6 100644 --- a/util/include/process_security.h +++ b/test/include/process_security.h @@ -32,4 +32,4 @@ extern "C" } /* Close scope of 'extern "C"' declaration which encloses file. */ #endif -#endif // CRYPTOLIB_PROCESS_SECURITY_H +#endif //CRYPTOLIB_PROCESS_SECURITY_H diff --git a/util/include/shared_util.h b/test/include/shared_util.h similarity index 98% rename from util/include/shared_util.h rename to test/include/shared_util.h index 9c0f2ca5..91cc93f1 100644 --- a/util/include/shared_util.h +++ b/test/include/shared_util.h @@ -45,4 +45,4 @@ extern "C" } /* Close scope of 'extern "C"' declaration which encloses file. */ #endif -#endif // CRYPTOLIB_SHARED_UTIL_H +#endif //CRYPTOLIB_SHARED_UTIL_H diff --git a/util/include/ut_crypto_aos.h b/test/include/ut_aos_apply.h similarity index 92% rename from util/include/ut_crypto_aos.h rename to test/include/ut_aos_apply.h index 2c2ebd78..bf2e1e16 100644 --- a/util/include/ut_crypto_aos.h +++ b/test/include/ut_aos_apply.h @@ -16,8 +16,8 @@ jstar-development-team@mail.nasa.gov */ -#ifndef CRYPTOLIB_UT_CRYPTO_AOS_H -#define CRYPTOLIB_UT_CRYPTO_AOS_H +#ifndef CRYPTOLIB_UT_AOS_APPLY_H +#define CRYPTOLIB_UT_AOS_APPLY_H #ifdef __cplusplus extern "C" @@ -32,4 +32,4 @@ extern "C" } /* Close scope of 'extern "C"' declaration which encloses file. */ #endif -#endif // CRYPTOLIB_UT_CRYPTO_AOS_H \ No newline at end of file +#endif //CRYPTOLIB_UT_AOS_APPLY_H \ No newline at end of file diff --git a/test/include/ut_aos_process.h b/test/include/ut_aos_process.h new file mode 100644 index 00000000..134ea9df --- /dev/null +++ b/test/include/ut_aos_process.h @@ -0,0 +1,35 @@ +/* Copyright (C) 2009 - 2022 National Aeronautics and Space Administration. + All Foreign Rights are Reserved to the U.S. Government. + + This software is provided "as is" without any warranty of any kind, either expressed, implied, or statutory, + including, but not limited to, any warranty that the software will conform to specifications, any implied warranties + of merchantability, fitness for a particular purpose, and freedom from infringement, and any warranty that the + documentation will conform to the program, or any warranty that the software will be error free. + + In no event shall NASA be liable for any damages, including, but not limited to direct, indirect, special or + consequential damages, arising out of, resulting from, or in any way connected with the software or its + documentation, whether or not based upon warranty, contract, tort or otherwise, and whether or not loss was sustained + from, or arose out of the results of, or use of, the software, documentation or services provided hereunder. + + ITC Team + NASA IV&V + jstar-development-team@mail.nasa.gov +*/ + +#ifndef CRYPTOLIB_UT_AOS_PROCESS_H +#define CRYPTOLIB_UT_AOS_PROCESS_H + +#ifdef __cplusplus +extern "C" +{ +#endif + +#include "crypto.h" +#include "shared_util.h" +#include + +#ifdef __cplusplus +} /* Close scope of 'extern "C"' declaration which encloses file. */ +#endif + +#endif //CRYPTOLIB_UT_AOS_PROCESS_H \ No newline at end of file diff --git a/util/include/ut_crypto.h b/test/include/ut_crypto.h similarity index 97% rename from util/include/ut_crypto.h rename to test/include/ut_crypto.h index fb5cfe74..65808902 100644 --- a/util/include/ut_crypto.h +++ b/test/include/ut_crypto.h @@ -33,4 +33,4 @@ extern "C" } /* Close scope of 'extern "C"' declaration which encloses file. */ #endif -#endif // CRYPTOLIB_UT_CRYPTO_H \ No newline at end of file +#endif //CRYPTOLIB_UT_CRYPTO_H \ No newline at end of file diff --git a/util/include/ut_crypto_config.h b/test/include/ut_crypto_config.h similarity index 97% rename from util/include/ut_crypto_config.h rename to test/include/ut_crypto_config.h index a94e6106..3a8ab36d 100644 --- a/util/include/ut_crypto_config.h +++ b/test/include/ut_crypto_config.h @@ -32,4 +32,4 @@ extern "C" } /* Close scope of 'extern "C"' declaration which encloses file. */ #endif -#endif // CRYPTOLIB_UT_CRYPTO_CONFIG_H \ No newline at end of file +#endif //CRYPTOLIB_UT_CRYPTO_CONFIG_H \ No newline at end of file diff --git a/util/include/ut_crypto_mc.h b/test/include/ut_crypto_mc.h similarity index 97% rename from util/include/ut_crypto_mc.h rename to test/include/ut_crypto_mc.h index 8714465e..b20c699b 100644 --- a/util/include/ut_crypto_mc.h +++ b/test/include/ut_crypto_mc.h @@ -32,4 +32,4 @@ extern "C" } /* Close scope of 'extern "C"' declaration which encloses file. */ #endif -#endif // CRYPTOLIB_UT_CRYPTO_MC_H \ No newline at end of file +#endif //CRYPTOLIB_UT_CRYPTO_MC_H \ No newline at end of file diff --git a/util/include/ut_mariadb.h b/test/include/ut_mariadb.h similarity index 97% rename from util/include/ut_mariadb.h rename to test/include/ut_mariadb.h index aaeb37a6..69f573de 100644 --- a/util/include/ut_mariadb.h +++ b/test/include/ut_mariadb.h @@ -32,4 +32,4 @@ extern "C" } /* Close scope of 'extern "C"' declaration which encloses file. */ #endif -#endif // CRYPTOLIB_UT_MARIA_DB_H \ No newline at end of file +#endif //CRYPTOLIB_UT_MARIA_DB_H \ No newline at end of file diff --git a/util/include/ut_tc_apply.h b/test/include/ut_tc_apply.h similarity index 97% rename from util/include/ut_tc_apply.h rename to test/include/ut_tc_apply.h index 1c913960..6ff4ab77 100644 --- a/util/include/ut_tc_apply.h +++ b/test/include/ut_tc_apply.h @@ -32,4 +32,4 @@ extern "C" } /* Close scope of 'extern "C"' declaration which encloses file. */ #endif -#endif // CRYPTOLIB_UT_TC_APPLY_H \ No newline at end of file +#endif //CRYPTOLIB_UT_TC_APPLY_H \ No newline at end of file diff --git a/util/include/ut_tc_process.h b/test/include/ut_tc_process.h similarity index 97% rename from util/include/ut_tc_process.h rename to test/include/ut_tc_process.h index 44749519..717b4b80 100644 --- a/util/include/ut_tc_process.h +++ b/test/include/ut_tc_process.h @@ -33,4 +33,4 @@ extern "C" #endif -#endif // CRYPTOLIB_UT_TC_PROCESS_H \ No newline at end of file +#endif //CRYPTOLIB_UT_TC_PROCESS_H \ No newline at end of file diff --git a/util/include/ut_tm_apply.h b/test/include/ut_tm_apply.h similarity index 97% rename from util/include/ut_tm_apply.h rename to test/include/ut_tm_apply.h index c8e1f076..650553f3 100644 --- a/util/include/ut_tm_apply.h +++ b/test/include/ut_tm_apply.h @@ -32,4 +32,4 @@ extern "C" } /* Close scope of 'extern "C"' declaration which encloses file. */ #endif -#endif // CRYPTOLIB_UT_TM_APPLY_H \ No newline at end of file +#endif //CRYPTOLIB_UT_TM_APPLY_H \ No newline at end of file diff --git a/util/include/ut_tm_process.h b/test/include/ut_tm_process.h similarity index 97% rename from util/include/ut_tm_process.h rename to test/include/ut_tm_process.h index b6db75a0..4c9db198 100644 --- a/util/include/ut_tm_process.h +++ b/test/include/ut_tm_process.h @@ -32,4 +32,4 @@ extern "C" } /* Close scope of 'extern "C"' declaration which encloses file. */ #endif -#endif // CRYPTOLIB_UT_TM_PROCESS_H \ No newline at end of file +#endif //CRYPTOLIB_UT_TM_PROCESS_H \ No newline at end of file diff --git a/util/include/utest.h b/test/include/utest.h similarity index 99% rename from util/include/utest.h rename to test/include/utest.h index d600371a..e666dd2d 100644 --- a/util/include/utest.h +++ b/test/include/utest.h @@ -1153,4 +1153,4 @@ int utest_main(int argc, const char* const argv[]) { return utest_main(argc, argv); \ } -#endif /* SHEREDOM_UTEST_H_INCLUDED */ +#endif //SHEREDOM_UTEST_H_INCLUDED diff --git a/util/src_util/ut_kmc_crypto.c b/test/kmc/ut_kmc_crypto.c similarity index 87% rename from util/src_util/ut_kmc_crypto.c rename to test/kmc/ut_kmc_crypto.c index b3f7eccd..6c0ecf39 100644 --- a/util/src_util/ut_kmc_crypto.c +++ b/test/kmc/ut_kmc_crypto.c @@ -21,7 +21,7 @@ **/ #include "crypto.h" #include "crypto_error.h" -#include "sadb_routine.h" +#include "sa_interface.h" #include "utest.h" #include "crypto.h" @@ -45,12 +45,13 @@ UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_ENC_AND_AUTH) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 55, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 55, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); char* raw_tc_jpl_mmt_scid44_vcid1= "2003dc070001bd37"; @@ -94,15 +95,16 @@ UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_ENC_AND_AUTH) //UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_ENC_ONLY) //{ // // Setup & Initialize CryptoLib -// Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, +// Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, +// IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, // TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, // TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); -// Crypto_Config_MariaDB("sadb_user", "sadb_password", "localhost","sadb", 3306, CRYPTO_FALSE, NULL, NULL, NULL, NULL, 0, NULL); +// Crypto_Config_MariaDB("sa_user", "sa_password", "localhost","sadb", 3306, CRYPTO_FALSE, NULL, NULL, NULL, NULL, 0, NULL); // Crypto_Config_Kmc_Crypto_Service("https", "asec-cmdenc-srv1.jpl.nasa.gov", 8443, "crypto-service", "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-cert.pem", "PEM","/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-key.pem",NULL,"/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/ammos-ca-bundle.crt", NULL, NULL, CRYPTO_FALSE); -// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); -// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); -// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 2, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); -// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 3, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 2, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 3, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); // int32_t status = Crypto_Init(); // // char* raw_tc_jpl_mmt_scid44_vcid1= "202c0808000001361c"; @@ -144,12 +146,13 @@ UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_ENC_AND_AUTH) UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_AUTH_ONLY) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 56, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 56, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); char* raw_tc_jpl_mmt_scid44_vcid1= "2003E008000001bf1a"; @@ -196,12 +199,13 @@ UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_AUTH_ONLY) UTEST(KMC_CRYPTO, HAPPY_PATH_PROCESS_SEC_ENC_AND_AUTH) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 55, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 55, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); char* enc_tc_jpl_mmt_scid44_vcid1= "2003DC250000130000000000000000000000016746C816E9C1D758FB457D8AAE7A5B83842A5A"; @@ -255,15 +259,16 @@ UTEST(KMC_CRYPTO, HAPPY_PATH_PROCESS_SEC_ENC_AND_AUTH) //UTEST(KMC_CRYPTO, HAPPY_PATH_PROCESS_SEC_ENC_ONLY) //{ // // Setup & Initialize CryptoLib -// Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, +// Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, +// IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, // TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, // TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); -// Crypto_Config_MariaDB("sadb_user", "sadb_password", "localhost","sadb", 3306, CRYPTO_FALSE, NULL, NULL, NULL, NULL, 0, NULL); +// Crypto_Config_MariaDB("sa_user", "sa_password", "localhost","sadb", 3306, CRYPTO_FALSE, NULL, NULL, NULL, NULL, 0, NULL); // Crypto_Config_Kmc_Crypto_Service("https", "asec-cmdenc-srv1.jpl.nasa.gov", 8443, "crypto-service", "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-cert.pem", "PEM","/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-key.pem",NULL,"/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/ammos-ca-bundle.crt", NULL, NULL, CRYPTO_FALSE); -// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); -// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); -// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 2, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); -// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 3, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 2, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 3, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); // int32_t status = Crypto_Init(); // // char* enc_tc_jpl_mmt_scid44_vcid1= "202C0816000003000000000000000000000001669CD238"; @@ -315,12 +320,13 @@ UTEST(KMC_CRYPTO, HAPPY_PATH_PROCESS_SEC_ENC_AND_AUTH) UTEST(KMC_CRYPTO, HAPPY_PATH_PROCESS_SEC_AUTH_ONLY) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 56, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 56, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); char* enc_tc_jpl_mmt_scid44_vcid1= "2003E02600001400000000000000000000000200018DC038398EAA968C0D8972A614E1EFE005AE"; @@ -376,12 +382,13 @@ UTEST(KMC_CRYPTO, HAPPY_PATH_PROCESS_SEC_AUTH_ONLY) UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_ENC_AND_AUTH_AESGCM_8BYTE_MAC) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 57, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 57, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); char* raw_tc_jpl_mmt_scid44_vcid1= "2003e408000001bd37"; @@ -425,12 +432,13 @@ UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_ENC_AND_AUTH_AESGCM_8BYTE_MAC) // UTEST(KMC_CRYPTO, HAPPY_PATH_PROCESS_SEC_ENC_AND_AUTH_AESGCM_8BYTE_MAC) // { // // Setup & Initialize CryptoLib -// Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, +// Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, +// IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, // TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, // TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); // Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); -// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 57, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 57, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); // int32_t status = Crypto_Init(); // char* enc_tc_jpl_mmt_scid44_vcid1= "2003E41E0000150000000000000000000000040001EF029857C5ED7E5B1807"; @@ -483,12 +491,13 @@ UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_ENC_AND_AUTH_AESGCM_8BYTE_MAC) // UTEST(KMC_CRYPTO, UNHAPPY_PATH_INVALID_MAC_PROCESS_SEC_ENC_AND_AUTH_AESGCM_8BYTE_MAC) // { // // Setup & Initialize CryptoLib -// Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, +// Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, +// IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, // TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, // TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); // Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); -// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 11, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 11, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); // int32_t status = Crypto_Init(); // char* enc_tc_jpl_mmt_scid44_vcid1= "20032C1E000009000000000000000000000001669C5639DCCDEA8C6CE3EEF2"; @@ -533,12 +542,13 @@ UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_ENC_AND_AUTH_AESGCM_8BYTE_MAC) // UTEST(KMC_CRYPTO, UNHAPPY_PATH_APPLY_SEC_ENC_AND_AUTH_AESGCM_32BYTE_MAC) // { // // Setup & Initialize CryptoLib -// Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, +// Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, +// IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, // TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, // TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); // Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); // Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); -// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 12, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 12, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); // int32_t status = Crypto_Init(); // char* raw_tc_jpl_mmt_scid44_vcid1= "20033008000001bd37"; diff --git a/util/src_util/ut_kmc_crypto_auth_only.c b/test/kmc/ut_kmc_crypto_auth_only.c similarity index 90% rename from util/src_util/ut_kmc_crypto_auth_only.c rename to test/kmc/ut_kmc_crypto_auth_only.c index 8faf8d98..6b1cd9af 100644 --- a/util/src_util/ut_kmc_crypto_auth_only.c +++ b/test/kmc/ut_kmc_crypto_auth_only.c @@ -21,7 +21,7 @@ **/ #include "crypto.h" #include "crypto_error.h" -#include "sadb_routine.h" +#include "sa_interface.h" #include "utest.h" #include "crypto.h" @@ -45,12 +45,13 @@ UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_CMAC_AUTH_ONLY) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 7, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 7, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); char* raw_tc_jpl_mmt_scid44_vcid1= "202c1c08000001bb40"; @@ -94,12 +95,13 @@ UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_CMAC_AUTH_ONLY) UTEST(KMC_CRYPTO, HAPPY_PATH_PROCESS_SEC_CMAC_AUTH_ONLY) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 7, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 7, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); // char* enc_tc_jpl_mmt_scid44_vcid1= "202C1C1A0000050001C50827915AEB423F054402D5DC3C67566986"; // Returns CRYPTO_LIB_ERR_INVALID_HEADER since SN/ARC missing from header @@ -151,12 +153,13 @@ UTEST(KMC_CRYPTO, HAPPY_PATH_PROCESS_SEC_CMAC_AUTH_ONLY) UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_CMAC_LARGE_FRM_AUTH_ONLY) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 7, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 7, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); char* raw_tc_jpl_mmt_scid44_vcid1= "202c1f0700a6ec42999902579daaac3a5af6aabe93288e18d5d4046e24cc5df1f8fa06bac515206d5b0dfcc9861db694f3207175b725bfa6e987fadc1e1e417bff0c30a90b143ca737f2fcf02525c6080c38fde4d4da229387339f363ccdabf42a1defa29f711926c8e0a7479e082ec00b495ae53c8e33b5dc001833aa1d909b4b3aecd60bc6b0af62e8febb58fa15979a5d1e37b9ba48d6d1bf4b9d669306375d7f93942908e410492d6535c91245abbb98a0584aa764815bfdcab44d8c0aeff3a2e2c712649497f95e9440bb1b562cb6fa70a5ff5e5fdbcad40a97fa3bf48f0560bc9c7125b758f25a27678996e5ee3a82a5b864672b80888c2d469fe690aca0501d0de3bec247825f3fbd7f51184f8099dd2ffeb140c9aad86ae8ade912eadbcbef0bb821e684366a084f8d65bd9d0acccfae5fb130d8bf27ff855cea8de4a4e249e5bc8ef9732c06d6d578574b9f936ae1837a61369a7871612337df2dc091dadc8386e53aba816f3a162b71c268e07583a0378805a1f435bf437c0e27193cee4b653273d965fc0b42cfd3c094e2ff89f276153d452814ff016bfcc1b5ec313667de1aaddeb2d31dcaa75f88e4ac758556c7a632374089c53852601385c89aa668b70fd735e9053473538614408241ac47f6ef12aff10c2bce36df6afe7610a5a06997680b579953888684543b7cdefc7cc5987459a9255d187c8790284ad1f2ca38a3a3d56d909a03af87f3788e00d1b9887296ea5ff4087306569c2a3581189a70892e01279812151fdb9f8ec71786edd9cddd8652558503aac1904cf542aeebf269b08c5f648145b498be842080ccbdfe14c8cad1f371e706c0c4ed27d963e2e645224510e7d43ddf50daf8225f484ec841c9e642e489bd70fdbc925c532ab988d0f3999e3e1bdc88d5b0dd61e2b8d72a4a994f3efdc19382cdffdb96ea55ee5a389b003fc91ebc493c0949f56dc7b4b6d69d10dbc937f3757fb36b9000bf67d049c9c768a586b14b5166bffb41fc29c1d5613f2aaa2868fd974a95a3461b0c1c0f1ca87eccf7624fd1ffbe2f45463505b649a0b32410182731dfbe23813e88c3b6bdec7e"; @@ -197,12 +200,13 @@ UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_CMAC_LARGE_FRM_AUTH_ONLY) UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_HMAC256_AUTH_ONLY) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 8, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 8, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); char* raw_tc_jpl_mmt_scid44_vcid1= "202c2008000001bb40"; @@ -247,12 +251,13 @@ UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_HMAC256_AUTH_ONLY) UTEST(KMC_CRYPTO, HAPPY_PATH_PROCESS_SEC_HMAC256_AUTH_ONLY) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 8, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 8, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); char* enc_tc_jpl_mmt_scid44_vcid1= "202C202E00000D000000020001482F52BA9B9411B46C8ABD6F5DF9FC63A2CE8EB3FC7D83EE488DA7A88D49FDFC4264"; @@ -302,12 +307,13 @@ UTEST(KMC_CRYPTO, HAPPY_PATH_PROCESS_SEC_HMAC256_AUTH_ONLY) UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_HMAC512_AUTH_ONLY) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 9, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 9, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); char* raw_tc_jpl_mmt_scid44_vcid1= "202c2408000001bb40"; @@ -351,12 +357,13 @@ UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_HMAC512_AUTH_ONLY) UTEST(KMC_CRYPTO, HAPPY_PATH_PROCESS_SEC_HMAC512_AUTH_ONLY) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 9, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 9, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); // char* enc_tc_jpl_mmt_scid44_vcid1= "202C1C1A0000050001C50827915AEB423F054402D5DC3C67566986"; // Returns CRYPTO_LIB_ERR_INVALID_HEADER since SN/ARC missing from header @@ -407,12 +414,13 @@ UTEST(KMC_CRYPTO, HAPPY_PATH_PROCESS_SEC_HMAC512_AUTH_ONLY) UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_HMAC512_TRUNCATED_16BYTE_MAC_AUTH_ONLY) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 10, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 10, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); char* raw_tc_jpl_mmt_scid44_vcid1= "202c2808000001bb40"; @@ -457,12 +465,13 @@ UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_HMAC512_TRUNCATED_16BYTE_MAC_AUTH_ONLY) UTEST(KMC_CRYPTO, HAPPY_PATH_PROCESS_SEC_HMAC512_TRUNCATED_16BYTE_MAC_AUTH_ONLY) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 10, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 10, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); // char* enc_tc_jpl_mmt_scid44_vcid1= "202C1C1A0000050001C50827915AEB423F054402D5DC3C67566986"; // Returns CRYPTO_LIB_ERR_INVALID_HEADER since SN/ARC missing from header diff --git a/util/src_util/ut_kmc_crypto_cam.c b/test/kmc/ut_kmc_crypto_cam.c similarity index 85% rename from util/src_util/ut_kmc_crypto_cam.c rename to test/kmc/ut_kmc_crypto_cam.c index 81097991..cce6cc36 100644 --- a/util/src_util/ut_kmc_crypto_cam.c +++ b/test/kmc/ut_kmc_crypto_cam.c @@ -21,7 +21,7 @@ **/ #include "crypto.h" #include "crypto_error.h" -#include "sadb_routine.h" +#include "sa_interface.h" #include "utest.h" #include "shared_util.h" @@ -33,11 +33,12 @@ UTEST(KMC_CRYPTO_CAM, HAPPY_PATH_APPLY_SEC_ENC_AND_AUTH_KERBEROS_KEYTAB_FILE) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_MariaDB("localhost", "sadb", 3306, CRYPTO_FALSE, 0, NULL, NULL, NULL, NULL, NULL, "sadb_user", - "sadb_password"); + Crypto_Config_MariaDB("localhost", "sadb", 3306, CRYPTO_FALSE, 0, NULL, NULL, NULL, NULL, NULL, "sa_user", + "sa_password"); Crypto_Config_Kmc_Crypto_Service("https", "asec-dev-vm18.jpl.nasa.gov", 8443, "crypto-service", "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/ammos-ca-bundle.crt", NULL, CRYPTO_FALSE, @@ -47,10 +48,10 @@ UTEST(KMC_CRYPTO_CAM, HAPPY_PATH_APPLY_SEC_ENC_AND_AUTH_KERBEROS_KEYTAB_FILE) // Crypto_Config_Cam(CAM_ENABLED_TRUE,"/home/isaleh/.cam_cookie_file",NULL,CAM_LOGIN_NONE,"https://asec-dev-vm10.jpl.nasa.gov:443", NULL, NULL); Crypto_Config_Cam(CAM_ENABLED_TRUE,"/home/isaleh/.cam_cookie_file","/home/isaleh/secret/testuser3300.kt",CAM_LOGIN_KEYTAB_FILE,"https://asec-dev-vm10.jpl.nasa.gov:443", "testuser3300", NULL); // Crypto_Config_Cam(CAM_ENABLED_TRUE,"/home/isaleh/.cam_cookie_file",NULL,CAM_LOGIN_KERBEROS,"https://asec-dev-vm10.jpl.nasa.gov:443", NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 2, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 3, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 2, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 3, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); @@ -92,11 +93,12 @@ UTEST(KMC_CRYPTO_CAM, HAPPY_PATH_APPLY_SEC_ENC_AND_AUTH_KERBEROS_KEYTAB_FILE) UTEST(KMC_CRYPTO_CAM, HAPPY_PATH_APPLY_SEC_ENC_AND_AUTH_KERBEROS) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_MariaDB("localhost", "sadb", 3306, CRYPTO_FALSE, 0, NULL, NULL, NULL, NULL, NULL, "sadb_user", - "sadb_password"); + Crypto_Config_MariaDB("localhost", "sadb", 3306, CRYPTO_FALSE, 0, NULL, NULL, NULL, NULL, NULL, "sa_user", + "sa_password"); Crypto_Config_Kmc_Crypto_Service("https", "asec-dev-vm18.jpl.nasa.gov", 8443, "crypto-service", "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/ammos-ca-bundle.crt", NULL, CRYPTO_FALSE, @@ -106,10 +108,10 @@ UTEST(KMC_CRYPTO_CAM, HAPPY_PATH_APPLY_SEC_ENC_AND_AUTH_KERBEROS) // Crypto_Config_Cam(CAM_ENABLED_TRUE,"/home/isaleh/.cam_cookie_file",NULL,CAM_LOGIN_NONE,"https://asec-dev-vm10.jpl.nasa.gov:443", NULL, NULL); // Crypto_Config_Cam(CAM_ENABLED_TRUE,"/home/isaleh/.cam_cookie_file","/home/isaleh/secret/testuser3300.kt",CAM_LOGIN_KEYTAB_FILE,"https://asec-dev-vm10.jpl.nasa.gov:443", "testuser3300", NULL); Crypto_Config_Cam(CAM_ENABLED_TRUE,"/home/isaleh/.cam_cookie_file",NULL,CAM_LOGIN_KERBEROS,"https://asec-dev-vm10.jpl.nasa.gov:443", NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 2, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 3, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 2, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 3, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); @@ -154,11 +156,12 @@ UTEST(KMC_CRYPTO_CAM, HAPPY_PATH_APPLY_SEC_ENC_AND_AUTH_KERBEROS) UTEST(KMC_CRYPTO_CAM, HAPPY_PATH_APPLY_SEC_ENC_AND_AUTH) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_MariaDB("localhost", "sadb", 3306, CRYPTO_FALSE, 0, NULL, NULL, NULL, NULL, NULL, "sadb_user", - "sadb_password"); + Crypto_Config_MariaDB("localhost", "sadb", 3306, CRYPTO_FALSE, 0, NULL, NULL, NULL, NULL, NULL, "sa_user", + "sa_password"); Crypto_Config_Kmc_Crypto_Service("https", "asec-dev-vm18.jpl.nasa.gov", 8443, "crypto-service", "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/ammos-ca-bundle.crt", NULL, CRYPTO_FALSE, @@ -166,10 +169,10 @@ UTEST(KMC_CRYPTO_CAM, HAPPY_PATH_APPLY_SEC_ENC_AND_AUTH) "PEM", "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-key.pem", NULL, NULL); Crypto_Config_Cam(CAM_ENABLED_TRUE,"/home/isaleh/.cam_cookie_file",NULL,CAM_LOGIN_NONE,NULL, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 2, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 3, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 2, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 3, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); char* raw_tc_jpl_mmt_scid44_vcid1= "202c0408000001bd37"; @@ -215,11 +218,12 @@ UTEST(KMC_CRYPTO_CAM, HAPPY_PATH_APPLY_SEC_ENC_AND_AUTH) UTEST(KMC_CRYPTO_CAM, HAPPY_PATH_APPLY_SEC_AUTH_ONLY) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_MariaDB("localhost", "sadb", 3306, CRYPTO_FALSE, 0, NULL, NULL, NULL, NULL, NULL, "sadb_user", - "sadb_password"); + Crypto_Config_MariaDB("localhost", "sadb", 3306, CRYPTO_FALSE, 0, NULL, NULL, NULL, NULL, NULL, "sa_user", + "sa_password"); Crypto_Config_Kmc_Crypto_Service("https", "asec-dev-vm18.jpl.nasa.gov", 8443, "crypto-service", "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/ammos-ca-bundle.crt", NULL, CRYPTO_FALSE, @@ -227,10 +231,10 @@ UTEST(KMC_CRYPTO_CAM, HAPPY_PATH_APPLY_SEC_AUTH_ONLY) "PEM", "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-key.pem", NULL, NULL); Crypto_Config_Cam(CAM_ENABLED_TRUE,"/home/isaleh/.cam_cookie_file",NULL,CAM_LOGIN_NONE,NULL, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 2, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 3, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 2, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 3, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); char* raw_tc_jpl_mmt_scid44_vcid1= "202c0C08000001bf1a"; @@ -277,11 +281,12 @@ UTEST(KMC_CRYPTO_CAM, HAPPY_PATH_APPLY_SEC_AUTH_ONLY) UTEST(KMC_CRYPTO, HAPPY_PATH_PROCESS_SEC_ENC_AND_AUTH) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_MariaDB("localhost", "sadb", 3306, CRYPTO_FALSE, 0, NULL, NULL, NULL, NULL, NULL, "sadb_user", - "sadb_password"); + Crypto_Config_MariaDB("localhost", "sadb", 3306, CRYPTO_FALSE, 0, NULL, NULL, NULL, NULL, NULL, "sa_user", + "sa_password"); Crypto_Config_Kmc_Crypto_Service("https", "asec-dev-vm18.jpl.nasa.gov", 8443, "crypto-service", "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/ammos-ca-bundle.crt", NULL, CRYPTO_FALSE, @@ -289,10 +294,10 @@ UTEST(KMC_CRYPTO, HAPPY_PATH_PROCESS_SEC_ENC_AND_AUTH) "PEM", "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-key.pem", NULL, NULL); Crypto_Config_Cam(CAM_ENABLED_TRUE,"/home/isaleh/.cam_cookie_file",NULL,CAM_LOGIN_NONE,NULL, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 2, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 3, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 2, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 3, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); char* enc_tc_jpl_mmt_scid44_vcid1= "202C0426000002000000000000000000000001669C5639DCCFEA8C6CE33230EE2E7065496367CC"; @@ -348,11 +353,12 @@ UTEST(KMC_CRYPTO, HAPPY_PATH_PROCESS_SEC_ENC_AND_AUTH) UTEST(KMC_CRYPTO_CAM, HAPPY_PATH_PROCESS_SEC_AUTH_ONLY) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_MariaDB("localhost", "sadb", 3306, CRYPTO_FALSE, 0, NULL, NULL, NULL, NULL, NULL, "sadb_user", - "sadb_password"); + Crypto_Config_MariaDB("localhost", "sadb", 3306, CRYPTO_FALSE, 0, NULL, NULL, NULL, NULL, NULL, "sa_user", + "sa_password"); Crypto_Config_Kmc_Crypto_Service("https", "asec-dev-vm18.jpl.nasa.gov", 8443, "crypto-service", "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/ammos-ca-bundle.crt", NULL, CRYPTO_FALSE, @@ -360,10 +366,10 @@ UTEST(KMC_CRYPTO_CAM, HAPPY_PATH_PROCESS_SEC_AUTH_ONLY) "PEM", "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-key.pem", NULL, NULL); Crypto_Config_Cam(CAM_ENABLED_TRUE,"/home/isaleh/.cam_cookie_file",NULL,CAM_LOGIN_NONE,NULL, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 2, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 3, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 2, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 3, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); char* enc_tc_jpl_mmt_scid44_vcid1= "202C0C2600000400000000000000000000000100016E2051F96CAB186BCE364A65AF599AE52F38"; @@ -419,11 +425,12 @@ UTEST(KMC_CRYPTO_CAM, HAPPY_PATH_PROCESS_SEC_AUTH_ONLY) UTEST(KMC_CRYPTO_CAM, HAPPY_PATH_APPLY_SEC_ENC_AND_AUTH_AESGCM_8BYTE_MAC) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_MariaDB("localhost", "sadb", 3306, CRYPTO_FALSE, 0, NULL, NULL, NULL, NULL, NULL, "sadb_user", - "sadb_password"); + Crypto_Config_MariaDB("localhost", "sadb", 3306, CRYPTO_FALSE, 0, NULL, NULL, NULL, NULL, NULL, "sa_user", + "sa_password"); Crypto_Config_Kmc_Crypto_Service("https", "asec-dev-vm18.jpl.nasa.gov", 8443, "crypto-service", "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/ammos-ca-bundle.crt", NULL, CRYPTO_FALSE, @@ -431,7 +438,7 @@ UTEST(KMC_CRYPTO_CAM, HAPPY_PATH_APPLY_SEC_ENC_AND_AUTH_AESGCM_8BYTE_MAC) "PEM", "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-key.pem", NULL, NULL); Crypto_Config_Cam(CAM_ENABLED_TRUE,"/home/isaleh/.cam_cookie_file",NULL,CAM_LOGIN_NONE,NULL, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 11, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 11, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); char* raw_tc_jpl_mmt_scid44_vcid1= "202c2c08000001bd37"; @@ -475,11 +482,12 @@ UTEST(KMC_CRYPTO_CAM, HAPPY_PATH_APPLY_SEC_ENC_AND_AUTH_AESGCM_8BYTE_MAC) UTEST(KMC_CRYPTO_CAM, HAPPY_PATH_PROCESS_SEC_ENC_AND_AUTH_AESGCM_8BYTE_MAC) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_MariaDB("localhost", "sadb", 3306, CRYPTO_FALSE, 0, NULL, NULL, NULL, NULL, NULL, "sadb_user", - "sadb_password"); + Crypto_Config_MariaDB("localhost", "sadb", 3306, CRYPTO_FALSE, 0, NULL, NULL, NULL, NULL, NULL, "sa_user", + "sa_password"); Crypto_Config_Kmc_Crypto_Service("https", "asec-dev-vm18.jpl.nasa.gov", 8443, "crypto-service", "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/ammos-ca-bundle.crt", NULL, CRYPTO_FALSE, @@ -487,7 +495,7 @@ UTEST(KMC_CRYPTO_CAM, HAPPY_PATH_PROCESS_SEC_ENC_AND_AUTH_AESGCM_8BYTE_MAC) "PEM", "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-key.pem", NULL, NULL); Crypto_Config_Cam(CAM_ENABLED_TRUE,"/home/isaleh/.cam_cookie_file",NULL,CAM_LOGIN_NONE,NULL, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 11, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 11, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); char* enc_tc_jpl_mmt_scid44_vcid1= "202C2C1E000009000000000000000000000001669C5639DCCFEA8C6CE3AA71"; @@ -540,11 +548,12 @@ UTEST(KMC_CRYPTO_CAM, HAPPY_PATH_PROCESS_SEC_ENC_AND_AUTH_AESGCM_8BYTE_MAC) UTEST(KMC_CRYPTO_CAM, UNHAPPY_PATH_INVALID_MAC_PROCESS_SEC_ENC_AND_AUTH_AESGCM_8BYTE_MAC) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_MariaDB("localhost", "sadb", 3306, CRYPTO_FALSE, 0, NULL, NULL, NULL, NULL, NULL, "sadb_user", - "sadb_password"); + Crypto_Config_MariaDB("localhost", "sadb", 3306, CRYPTO_FALSE, 0, NULL, NULL, NULL, NULL, NULL, "sa_user", + "sa_password"); Crypto_Config_Kmc_Crypto_Service("https", "asec-dev-vm18.jpl.nasa.gov", 8443, "crypto-service", "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/ammos-ca-bundle.crt", NULL, CRYPTO_FALSE, @@ -552,7 +561,7 @@ UTEST(KMC_CRYPTO_CAM, UNHAPPY_PATH_INVALID_MAC_PROCESS_SEC_ENC_AND_AUTH_AESGCM_8 "PEM", "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-key.pem", NULL, NULL); Crypto_Config_Cam(CAM_ENABLED_TRUE,"/home/isaleh/.cam_cookie_file",NULL,CAM_LOGIN_NONE,NULL, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 11, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 11, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); char* enc_tc_jpl_mmt_scid44_vcid1= "202C2C1E000009000000000000000000000001669C5639DCCDEA8C6CE3EEF2"; @@ -597,11 +606,12 @@ UTEST(KMC_CRYPTO_CAM, UNHAPPY_PATH_INVALID_MAC_PROCESS_SEC_ENC_AND_AUTH_AESGCM_8 UTEST(KMC_CRYPTO_CAM, UNHAPPY_PATH_APPLY_SEC_ENC_AND_AUTH_AESGCM_32BYTE_MAC) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_MariaDB("localhost", "sadb", 3306, CRYPTO_FALSE, 0, NULL, NULL, NULL, NULL, NULL, "sadb_user", - "sadb_password"); + Crypto_Config_MariaDB("localhost", "sadb", 3306, CRYPTO_FALSE, 0, NULL, NULL, NULL, NULL, NULL, "sa_user", + "sa_password"); Crypto_Config_Kmc_Crypto_Service("https", "asec-dev-vm18.jpl.nasa.gov", 8443, "crypto-service", "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/ammos-ca-bundle.crt", NULL, CRYPTO_FALSE, @@ -609,7 +619,7 @@ UTEST(KMC_CRYPTO_CAM, UNHAPPY_PATH_APPLY_SEC_ENC_AND_AUTH_AESGCM_32BYTE_MAC) "PEM", "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-key.pem", NULL, NULL); Crypto_Config_Cam(CAM_ENABLED_TRUE,"/home/isaleh/.cam_cookie_file",NULL,CAM_LOGIN_NONE,NULL, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 12, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 12, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); char* raw_tc_jpl_mmt_scid44_vcid1= "202c3008000001bd37"; diff --git a/util/src_util/ut_kmc_crypto_with_mtls_sadb.c b/test/kmc/ut_kmc_crypto_with_mtls_sadb.c similarity index 80% rename from util/src_util/ut_kmc_crypto_with_mtls_sadb.c rename to test/kmc/ut_kmc_crypto_with_mtls_sadb.c index edfa6f86..1fc81f88 100644 --- a/util/src_util/ut_kmc_crypto_with_mtls_sadb.c +++ b/test/kmc/ut_kmc_crypto_with_mtls_sadb.c @@ -1,180 +1,184 @@ -/* Copyright (C) 2009 - 2022 National Aeronautics and Space Administration. - All Foreign Rights are Reserved to the U.S. Government. - - This software is provided "as is" without any warranty of any kind, either expressed, implied, or statutory, - including, but not limited to, any warranty that the software will conform to specifications, any implied warranties - of merchantability, fitness for a particular purpose, and freedom from infringement, and any warranty that the - documentation will conform to the program, or any warranty that the software will be error free. - - In no event shall NASA be liable for any damages, including, but not limited to direct, indirect, special or - consequential damages, arising out of, resulting from, or in any way connected with the software or its - documentation, whether or not based upon warranty, contract, tort or otherwise, and whether or not loss was sustained - from, or arose out of the results of, or use of, the software, documentation or services provided hereunder. - - ITC Team - NASA IV&V - jstar-development-team@mail.nasa.gov -*/ - -/** - * Unit Tests that make use of TC_ApplySecurity/TC_ProcessSecurity function on the data with KMC Crypto Service/MariaDB Functionality Enabled. - **/ -#include "crypto.h" -#include "crypto_error.h" -#include "sadb_routine.h" -#include "utest.h" - -#include "crypto.h" -#include "shared_util.h" -#include -#include - -#ifdef KMC_MDB_RH - #define CLIENT_CERTIFICATE "/certs/redhat-cert.pem" - #define CLIENT_CERTIFICATE_KEY "/certs/redhat-key.pem" -#else - /* KMC_MDB_DB */ - #define CLIENT_CERTIFICATE "/certs/debian-cert.pem" - #define CLIENT_CERTIFICATE_KEY "/certs/debian-key.pem" -#endif - -/** - * @brief Unit Test: Nominal Encryption with KMC Crypto Service && JPL Unit Test MariaDB - **/ -UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_ENC_AND_AUTH_MTLS) -{ - // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, - TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, - TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); - Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); - int32_t status = Crypto_Init(); - - char* raw_tc_jpl_mmt_scid44_vcid1= "20030408000001bd37"; - char* raw_tc_jpl_mmt_scid44_vcid1_expect = NULL; - int raw_tc_jpl_mmt_scid44_vcid1_expect_len = 0; - - hex_conversion(raw_tc_jpl_mmt_scid44_vcid1, &raw_tc_jpl_mmt_scid44_vcid1_expect, &raw_tc_jpl_mmt_scid44_vcid1_expect_len); - - uint8_t* ptr_enc_frame = NULL; - uint16_t enc_frame_len = 0; - - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - - printf("Frame before encryption:\n"); - for (int i=0; i +#include + +#ifdef KMC_MDB_RH + #define CLIENT_CERTIFICATE "/certs/redhat-cert.pem" + #define CLIENT_CERTIFICATE_KEY "/certs/redhat-key.pem" +#else + /* KMC_MDB_DB */ + #define CLIENT_CERTIFICATE "/certs/debian-cert.pem" + #define CLIENT_CERTIFICATE_KEY "/certs/debian-key.pem" +#endif + +/** + * @brief Unit Test: Nominal Encryption with KMC Crypto Service && JPL Unit Test MariaDB + **/ +UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_ENC_AND_AUTH_MTLS) +{ + // Setup & Initialize CryptoLib + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, + TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); + Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); + + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + int32_t status = Crypto_Init(); + + char* raw_tc_jpl_mmt_scid44_vcid1= "20030408000001bd37"; + char* raw_tc_jpl_mmt_scid44_vcid1_expect = NULL; + int raw_tc_jpl_mmt_scid44_vcid1_expect_len = 0; + + hex_conversion(raw_tc_jpl_mmt_scid44_vcid1, &raw_tc_jpl_mmt_scid44_vcid1_expect, &raw_tc_jpl_mmt_scid44_vcid1_expect_len); + + uint8_t* ptr_enc_frame = NULL; + uint16_t enc_frame_len = 0; + + ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); + + printf("Frame before encryption:\n"); + for (int i=0; iiv != NULL) - free(test_association->iv); - if (test_association->abm != NULL) - free(test_association->abm); - if (test_association->arsn != NULL) - free(test_association->arsn); if (test_association->ek_ref != NULL) free(test_association->ek_ref); - if (test_association->ecs != NULL) - free(test_association->ecs); - if (test_association->acs != NULL) - free(test_association->acs); if (test_association->ak_ref != NULL) free(test_association->ak_ref); @@ -61,8 +51,8 @@ void cleanup_sa(SecurityAssociation_t* test_association) void reload_db(void) { printf("Resetting Database\n"); - system("mysql --host=localhost -uroot -pitc123! < ../../src/crypto_sadb/sadb_mariadb_sql/empty_sadb.sql"); - system("mysql --host=localhost -uroot -pitc123! < ../../src/crypto_sadb/test_sadb_mariadb_sql/create_sadb_ivv_unit_tests.sql"); + system("mysql --host=localhost -uroot -pitc123! < ../../src/sa/sa_mariadb_sql/empty_sadb.sql"); + system("mysql --host=localhost -uroot -pitc123! < ../../src/sa/test_sa_mariadb_sql/create_sa_ivv_unit_tests.sql"); } @@ -93,7 +83,8 @@ UTEST(MARIA_DB, DB_CONNECT) ssl_capath, ssl_cert, ssl_key, client_key_password, mysql_username, mysql_password); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_TRUE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_SIZE); @@ -101,18 +92,18 @@ UTEST(MARIA_DB, DB_CONNECT) status = Crypto_Init(); - SadbRoutine sadb_routine = get_sadb_routine_mariadb(); + SaInterface sa_if = get_sa_interface_mariadb(); //need the sa call SecurityAssociation_t* test_sa; - status = sadb_routine->sadb_get_sa_from_spi(1, &test_sa); + status = sa_if->sa_get_from_spi(1, &test_sa); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); ASSERT_EQ(test_sa->iv[11] , 0x01); test_sa->iv[11] = 0xAB; - status = sadb_routine->sadb_save_sa(test_sa); + status = sa_if->sa_save_sa(test_sa); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - status = sadb_routine->sadb_get_sa_from_spi(1, &test_sa); + status = sa_if->sa_get_from_spi(1, &test_sa); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); ASSERT_EQ(test_sa->iv[11] , 0xAB); Crypto_Shutdown(); @@ -131,7 +122,8 @@ UTEST(MARIA_DB, HAPPY_PATH_ENC) ssl_capath, ssl_cert, ssl_key, client_key_password, mysql_username, mysql_password); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_TRUE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_SIZE); @@ -142,7 +134,7 @@ UTEST(MARIA_DB, HAPPY_PATH_ENC) char* raw_tc_sdls_ping_h = "20030015000080d2c70008197f0b00310000b1fe3128"; char* raw_tc_sdls_ping_b = NULL; int raw_tc_sdls_ping_len = 0; - SadbRoutine sadb_routine = get_sadb_routine_mariadb(); + SaInterface sa_if = get_sa_interface_mariadb(); hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); @@ -153,13 +145,13 @@ UTEST(MARIA_DB, HAPPY_PATH_ENC) SecurityAssociation_t* test_association; - status = sadb_routine->sadb_get_sa_from_spi(2, &test_association); + status = sa_if->sa_get_from_spi(2, &test_association); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); return_val = Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); cleanup_sa(test_association); - status = sadb_routine->sadb_get_sa_from_spi(2, &test_association); + status = sa_if->sa_get_from_spi(2, &test_association); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); ASSERT_EQ(test_association->iv[test_association->iv_len - 1], 2); // Verify that IV incremented. @@ -182,7 +174,8 @@ UTEST(MARIA_DB, HAPPY_PATH_AUTH_ENC) ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_TRUE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_SIZE); @@ -193,7 +186,7 @@ UTEST(MARIA_DB, HAPPY_PATH_AUTH_ENC) char* raw_tc_sdls_ping_h = "20030415000080d2c70008197f0b00310000b1fe3128"; char* raw_tc_sdls_ping_b = NULL; int raw_tc_sdls_ping_len = 0; - SadbRoutine sadb_routine = get_sadb_routine_mariadb(); + SaInterface sa_if = get_sa_interface_mariadb(); hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); uint8_t* ptr_enc_frame = NULL; @@ -203,7 +196,7 @@ UTEST(MARIA_DB, HAPPY_PATH_AUTH_ENC) SecurityAssociation_t* test_association; // Expose the SADB Security Association for test edits. - sadb_routine->sadb_get_sa_from_spi(3, &test_association); + sa_if->sa_get_from_spi(3, &test_association); return_val = Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); @@ -211,7 +204,7 @@ UTEST(MARIA_DB, HAPPY_PATH_AUTH_ENC) ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); cleanup_sa(test_association); - status = sadb_routine->sadb_get_sa_from_spi(3, &test_association); + status = sa_if->sa_get_from_spi(3, &test_association); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); ASSERT_EQ(test_association->iv[test_association->iv_len - 1], 2); // Verify that IV incremented. @@ -242,7 +235,8 @@ UTEST(MARIA_DB, AUTH_DECRYPTION_TEST) ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_TRUE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_SIZE); @@ -250,7 +244,7 @@ UTEST(MARIA_DB, AUTH_DECRYPTION_TEST) status = Crypto_Init(); - SadbRoutine sadb_routine = get_sadb_routine_mariadb(); + SaInterface sa_if = get_sa_interface_mariadb(); hex_conversion(dec_test_h, (char**) &dec_test_b, &dec_test_len); hex_conversion(enc_test_h, (char**) &enc_test_b, &enc_test_len); @@ -261,9 +255,9 @@ UTEST(MARIA_DB, AUTH_DECRYPTION_TEST) memset(tc_sdls_processed_frame, 0, (sizeof(uint8_t) * TC_SIZE)); SecurityAssociation_t* test_association; - sadb_routine->sadb_get_sa_from_spi(3, &test_association); + sa_if->sa_get_from_spi(3, &test_association); test_association->iv[test_association->iv_len - 1] = 0; - sadb_routine->sadb_save_sa(test_association); + sa_if->sa_save_sa(test_association); Crypto_TC_ProcessSecurity(dec_test_b, &dec_test_len, tc_sdls_processed_frame); for (int i = 0; i < tc_sdls_processed_frame->tc_pdu_len; i++) @@ -294,7 +288,8 @@ UTEST(MARIA_DB, HAPPY_PATH_APPLY_NONTRANSMITTED_INCREMENTING_IV_ROLLOVER) ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_TRUE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_SIZE); @@ -315,7 +310,7 @@ UTEST(MARIA_DB, HAPPY_PATH_APPLY_NONTRANSMITTED_INCREMENTING_IV_ROLLOVER) int new_iv_len = 0; int expected_iv_len = 0; - SadbRoutine sadb_routine = get_sadb_routine_mariadb(); + SaInterface sa_if = get_sa_interface_mariadb(); hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); hex_conversion(new_iv_h, &new_iv_b, &new_iv_len); hex_conversion(expected_iv_h, &expected_iv_b, &expected_iv_len); @@ -326,7 +321,7 @@ UTEST(MARIA_DB, HAPPY_PATH_APPLY_NONTRANSMITTED_INCREMENTING_IV_ROLLOVER) SecurityAssociation_t* test_association; - sadb_routine->sadb_get_sa_from_spi(4, &test_association); + sa_if->sa_get_from_spi(4, &test_association); return_val = Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); free(ptr_enc_frame); @@ -348,7 +343,7 @@ UTEST(MARIA_DB, HAPPY_PATH_APPLY_NONTRANSMITTED_INCREMENTING_IV_ROLLOVER) cleanup_sa(test_association); - sadb_routine->sadb_get_sa_from_spi(4, &test_association); + sa_if->sa_get_from_spi(4, &test_association); for (int i = 0; i < test_association->iv_len; i++) { printf("[%d] Truth: %02x, Actual: %02x\n", i, expected_iv_b[i], *(test_association->iv + i)); @@ -377,7 +372,8 @@ UTEST(MARIA_DB, HAPPY_PATH_APPLY_STATIC_IV_ROLLOVER) ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_TRUE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_SIZE); @@ -398,7 +394,7 @@ UTEST(MARIA_DB, HAPPY_PATH_APPLY_STATIC_IV_ROLLOVER) int new_iv_len = 0; int expected_iv_len = 0; - SadbRoutine sadb_routine = get_sadb_routine_mariadb(); + SaInterface sa_if = get_sa_interface_mariadb(); hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); hex_conversion(new_iv_h, &new_iv_b, &new_iv_len); hex_conversion(expected_iv_h, &expected_iv_b, &expected_iv_len); @@ -409,7 +405,7 @@ UTEST(MARIA_DB, HAPPY_PATH_APPLY_STATIC_IV_ROLLOVER) SecurityAssociation_t* test_association; - sadb_routine->sadb_get_sa_from_spi(4, &test_association); + sa_if->sa_get_from_spi(4, &test_association); memcpy(test_association->iv, new_iv_b, new_iv_len); return_val = Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); @@ -431,7 +427,7 @@ UTEST(MARIA_DB, HAPPY_PATH_APPLY_STATIC_IV_ROLLOVER) Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); cleanup_sa(test_association); - sadb_routine->sadb_get_sa_from_spi(4, &test_association); + sa_if->sa_get_from_spi(4, &test_association); for (int i = 0; i < test_association->iv_len; i++) { printf("[%d] Truth: %02x, Actual: %02x\n", i, expected_iv_b[i], *(test_association->iv + i)); @@ -461,7 +457,8 @@ UTEST(MARIA_DB, HAPPY_PATH_APPLY_NONTRANSMITTED_INCREMENTING_ARSN_ROLLOVER) ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_TRUE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_SIZE); @@ -482,7 +479,7 @@ UTEST(MARIA_DB, HAPPY_PATH_APPLY_NONTRANSMITTED_INCREMENTING_ARSN_ROLLOVER) int new_arsn_len = 0; int expected_arsn_len = 0; - SadbRoutine sadb_routine = get_sadb_routine_mariadb(); + SaInterface sa_if = get_sa_interface_mariadb(); hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); hex_conversion(new_arsn_h, &new_arsn_b, &new_arsn_len); @@ -494,7 +491,7 @@ UTEST(MARIA_DB, HAPPY_PATH_APPLY_NONTRANSMITTED_INCREMENTING_ARSN_ROLLOVER) SecurityAssociation_t* test_association; // Expose the SADB Security Association for test edits. - sadb_routine->sadb_get_sa_from_spi(5, &test_association); + sa_if->sa_get_from_spi(5, &test_association); return_val = Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); @@ -502,28 +499,28 @@ UTEST(MARIA_DB, HAPPY_PATH_APPLY_NONTRANSMITTED_INCREMENTING_ARSN_ROLLOVER) free(ptr_enc_frame); ptr_enc_frame = NULL; cleanup_sa(test_association); - sadb_routine->sadb_get_sa_from_spi(5, &test_association); + sa_if->sa_get_from_spi(5, &test_association); return_val = Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); ASSERT_EQ(CRYPTO_LIB_SUCCESS,return_val); free(ptr_enc_frame); ptr_enc_frame = NULL; cleanup_sa(test_association); - sadb_routine->sadb_get_sa_from_spi(5, &test_association); + sa_if->sa_get_from_spi(5, &test_association); return_val = Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); ASSERT_EQ(CRYPTO_LIB_SUCCESS,return_val); free(ptr_enc_frame); ptr_enc_frame = NULL; cleanup_sa(test_association); - sadb_routine->sadb_get_sa_from_spi(5, &test_association); + sa_if->sa_get_from_spi(5, &test_association); return_val = Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); ASSERT_EQ(CRYPTO_LIB_SUCCESS,return_val); free(ptr_enc_frame); ptr_enc_frame = NULL; cleanup_sa(test_association); - sadb_routine->sadb_get_sa_from_spi(5, &test_association); + sa_if->sa_get_from_spi(5, &test_association); return_val = Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); ASSERT_EQ(CRYPTO_LIB_SUCCESS,return_val); @@ -533,7 +530,7 @@ UTEST(MARIA_DB, HAPPY_PATH_APPLY_NONTRANSMITTED_INCREMENTING_ARSN_ROLLOVER) printf("Expected ARSN:\n"); Crypto_hexprint(expected_arsn_b,expected_arsn_len); printf("Actual SA ARSN:\n"); - sadb_routine->sadb_get_sa_from_spi(5, &test_association); + sa_if->sa_get_from_spi(5, &test_association); Crypto_hexprint(test_association->arsn,test_association->arsn_len); for (int i = 0; i < test_association->arsn_len; i++) @@ -567,7 +564,8 @@ UTEST(MARIA_DB, BAD_SPACE_CRAFT_ID) ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_TRUE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, TC_SIZE); diff --git a/util/src_util/ut_tc_kmc.c b/test/kmc/ut_tc_kmc.c similarity index 82% rename from util/src_util/ut_tc_kmc.c rename to test/kmc/ut_tc_kmc.c index 31f4cfa1..f1747e88 100644 --- a/util/src_util/ut_tc_kmc.c +++ b/test/kmc/ut_tc_kmc.c @@ -24,7 +24,7 @@ #include "ut_tc_process.h" #include "crypto.h" #include "crypto_error.h" -#include "sadb_routine.h" +#include "sa_interface.h" #include "utest.h" #include @@ -59,40 +59,40 @@ void finish_with_error(MYSQL *con) void MDB_DB_RESET() { MYSQL *con = mysql_init(NULL); - if(sadb_mariadb_config->mysql_mtls_key != NULL) + if(sa_mariadb_config->mysql_mtls_key != NULL) { - mysql_optionsv(con, MYSQL_OPT_SSL_KEY, sadb_mariadb_config->mysql_mtls_key); + mysql_optionsv(con, MYSQL_OPT_SSL_KEY, sa_mariadb_config->mysql_mtls_key); } - if(sadb_mariadb_config->mysql_mtls_cert != NULL) + if(sa_mariadb_config->mysql_mtls_cert != NULL) { - mysql_optionsv(con, MYSQL_OPT_SSL_CERT, sadb_mariadb_config->mysql_mtls_cert); + mysql_optionsv(con, MYSQL_OPT_SSL_CERT, sa_mariadb_config->mysql_mtls_cert); } - if(sadb_mariadb_config->mysql_mtls_ca != NULL) + if(sa_mariadb_config->mysql_mtls_ca != NULL) { - mysql_optionsv(con, MYSQL_OPT_SSL_CA, sadb_mariadb_config->mysql_mtls_ca); + mysql_optionsv(con, MYSQL_OPT_SSL_CA, sa_mariadb_config->mysql_mtls_ca); } - if(sadb_mariadb_config->mysql_mtls_capath != NULL) + if(sa_mariadb_config->mysql_mtls_capath != NULL) { - mysql_optionsv(con, MYSQL_OPT_SSL_CAPATH, sadb_mariadb_config->mysql_mtls_capath); + mysql_optionsv(con, MYSQL_OPT_SSL_CAPATH, sa_mariadb_config->mysql_mtls_capath); } - if (sadb_mariadb_config->mysql_tls_verify_server != CRYPTO_FALSE) + if (sa_mariadb_config->mysql_tls_verify_server != CRYPTO_FALSE) { - mysql_optionsv(con, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, &(sadb_mariadb_config->mysql_tls_verify_server)); + mysql_optionsv(con, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, &(sa_mariadb_config->mysql_tls_verify_server)); } - if (sadb_mariadb_config->mysql_mtls_client_key_password != NULL) + if (sa_mariadb_config->mysql_mtls_client_key_password != NULL) { - mysql_optionsv(con, MARIADB_OPT_TLS_PASSPHRASE, sadb_mariadb_config->mysql_mtls_client_key_password); + mysql_optionsv(con, MARIADB_OPT_TLS_PASSPHRASE, sa_mariadb_config->mysql_mtls_client_key_password); } - if (sadb_mariadb_config->mysql_require_secure_transport == CRYPTO_TRUE) + if (sa_mariadb_config->mysql_require_secure_transport == CRYPTO_TRUE) { - mysql_optionsv(con, MYSQL_OPT_SSL_ENFORCE,&(sadb_mariadb_config->mysql_require_secure_transport)); + mysql_optionsv(con, MYSQL_OPT_SSL_ENFORCE,&(sa_mariadb_config->mysql_require_secure_transport)); } //if encrypted connection (TLS) connection. No need for SSL Key - if (mysql_real_connect(con, sadb_mariadb_config->mysql_hostname, - sadb_mariadb_config->mysql_username, - sadb_mariadb_config->mysql_password, - sadb_mariadb_config->mysql_database, - sadb_mariadb_config->mysql_port, NULL, 0) == NULL) + if (mysql_real_connect(con, sa_mariadb_config->mysql_hostname, + sa_mariadb_config->mysql_username, + sa_mariadb_config->mysql_password, + sa_mariadb_config->mysql_database, + sa_mariadb_config->mysql_port, NULL, 0) == NULL) { //0,NULL,0 are port number, unix socket, client flag finish_with_error(con); @@ -120,21 +120,26 @@ void MDB_DB_RESET() UTEST(TC_APPLY_SECURITY, HAPPY_PATH_ENC_CBC_KMC) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, +<<<<<<< HEAD + Crypto_Config_CryptoLib(KEY_TYPE_KMC, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, +======= + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, +>>>>>>> origin/dev + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t return_val = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); char* raw_tc_sdls_ping_h = "20030015000080d2c70008197f0b00310000b1fe3128"; char* raw_tc_sdls_ping_b = NULL; int raw_tc_sdls_ping_len = 0; - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); @@ -143,15 +148,15 @@ UTEST(TC_APPLY_SECURITY, HAPPY_PATH_ENC_CBC_KMC) SecurityAssociation_t* test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Expose the SADB Security Association for test edits. - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sadb_routine->sadb_get_sa_from_spi(11, &test_association); + sa_if->sa_get_from_spi(11, &test_association); test_association->arsn_len = 0; test_association->shsnf_len = 0; test_association->ast = 0; test_association->stmacf_len = 0; test_association->sa_state = SA_OPERATIONAL; - sadb_routine->sadb_get_sa_from_spi(11, &test_association); + sa_if->sa_get_from_spi(11, &test_association); return_val = Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); @@ -180,21 +185,22 @@ UTEST(TC_APPLY_SECURITY, HAPPY_PATH_ENC_CBC_KMC) UTEST(TC_APPLY_SECURITY, ENC_CBC_KMC_1BP) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t return_val = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); char* raw_tc_sdls_ping_h = "20030016000080d2c70008197f0b0031000000b1fe3128"; char* raw_tc_sdls_ping_b = NULL; int raw_tc_sdls_ping_len = 0; - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); @@ -203,14 +209,14 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_KMC_1BP) SecurityAssociation_t* test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Expose the SADB Security Association for test edits. - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sadb_routine->sadb_get_sa_from_spi(11, &test_association); + sa_if->sa_get_from_spi(11, &test_association); printf("SPI: %d\n", test_association->spi); test_association->sa_state = SA_OPERATIONAL; test_association->ast = 0; test_association->arsn_len = 0; - sadb_routine->sadb_get_sa_from_spi(11, &test_association); + sa_if->sa_get_from_spi(11, &test_association); return_val = Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); @@ -239,21 +245,22 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_KMC_1BP) UTEST(TC_APPLY_SECURITY, ENC_CBC_KMC_16BP) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t return_val = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); char* raw_tc_sdls_ping_h = "20030017000080d2c70008197f0b003100000000b1fe3128"; char* raw_tc_sdls_ping_b = NULL; int raw_tc_sdls_ping_len = 0; - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); @@ -262,14 +269,14 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_KMC_16BP) SecurityAssociation_t* test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Expose the SADB Security Association for test edits. - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sadb_routine->sadb_get_sa_from_spi(11, &test_association); + sa_if->sa_get_from_spi(11, &test_association); printf("SPI: %d\n", test_association->spi); test_association->sa_state = SA_OPERATIONAL; test_association->ast = 0; test_association->arsn_len = 0; - sadb_routine->sadb_get_sa_from_spi(11, &test_association); + sa_if->sa_get_from_spi(11, &test_association); return_val = Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); @@ -300,21 +307,22 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_KMC_16BP) UTEST(TC_APPLY_SECURITY, ENC_CBC_KMC_FRAME_MAX) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t return_val = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); char* raw_tc_sdls_ping_h = "200303E6000080d2c70008197f0b00310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b1fed255"; char* raw_tc_sdls_ping_b = NULL; int raw_tc_sdls_ping_len = 0; - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); @@ -323,13 +331,13 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_KMC_FRAME_MAX) SecurityAssociation_t* test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Expose the SADB Security Association for test edits. - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sadb_routine->sadb_get_sa_from_spi(11, &test_association); + sa_if->sa_get_from_spi(11, &test_association); test_association->sa_state = SA_OPERATIONAL; test_association->ast = 0; test_association->arsn_len = 0; - sadb_routine->sadb_get_sa_from_spi(11, &test_association); + sa_if->sa_get_from_spi(11, &test_association); return_val = Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); @@ -347,21 +355,22 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_KMC_FRAME_MAX) UTEST(TC_APPLY_SECURITY, ENC_CBC_KMC_FRAME_TOO_BIG) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t return_val = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); char* raw_tc_sdls_ping_h = "200303F7000080d2c70008197f0b0031000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b1fed255"; char* raw_tc_sdls_ping_b = NULL; int raw_tc_sdls_ping_len = 0; - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); @@ -370,13 +379,13 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_KMC_FRAME_TOO_BIG) SecurityAssociation_t* test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Expose the SADB Security Association for test edits. - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sadb_routine->sadb_get_sa_from_spi(11, &test_association); + sa_if->sa_get_from_spi(11, &test_association); test_association->sa_state = SA_OPERATIONAL; test_association->ast = 0; test_association->arsn_len = 0; - sadb_routine->sadb_get_sa_from_spi(11, &test_association); + sa_if->sa_get_from_spi(11, &test_association); return_val = Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); @@ -392,21 +401,22 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_KMC_FRAME_TOO_BIG) UTEST(TC_APPLY_SECURITY, ENC_CBC_KMC_NULL_IV) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_CRYPTO_MODULE, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t return_val = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); char* raw_tc_sdls_ping_h = "20030015000080d2c70008197f0b00310000b1fe3128"; char* raw_tc_sdls_ping_b = NULL; int raw_tc_sdls_ping_len = 0; - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); @@ -415,21 +425,19 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_KMC_NULL_IV) SecurityAssociation_t* test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Expose the SADB Security Association for test edits. - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sadb_routine->sadb_get_sa_from_spi(11, &test_association); + sa_if->sa_get_from_spi(11, &test_association); printf("SPI: %d\n", test_association->spi); test_association->sa_state = SA_OPERATIONAL; test_association->ast = 0; test_association->est = 1; test_association->stmacf_len = 0; - *test_association->ecs = CRYPTO_CIPHER_AES256_CBC; + test_association->ecs = CRYPTO_CIPHER_AES256_CBC; test_association->acs_len = 1; - test_association->acs = calloc(1, test_association->acs_len * sizeof(uint8_t)); - *test_association->acs = 0; + test_association->acs = 0; test_association->arsn_len = 0; - test_association->iv = NULL; - sadb_routine->sadb_get_sa_from_spi(11, &test_association); + sa_if->sa_get_from_spi(11, &test_association); return_val = Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); @@ -446,18 +454,19 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_KMC_NULL_IV) UTEST(TC_APPLY_SECURITY, ENC_GCM_KMC_NULL_IV) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t return_val = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); // // 200300230000000B000000000000000000000000852DDEFF8FCD93567F271E192C07F126 char* raw_tc_sdls_ping_h = "20030015000080d2c70008197f0b00310000b1fe3128"; char* raw_tc_sdls_ping_b = NULL; int raw_tc_sdls_ping_len = 0; - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); @@ -466,24 +475,22 @@ UTEST(TC_APPLY_SECURITY, ENC_GCM_KMC_NULL_IV) SecurityAssociation_t* test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Expose the SADB Security Association for test edits. - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sadb_routine->sadb_get_sa_from_spi(11, &test_association); + sa_if->sa_get_from_spi(11, &test_association); printf("SPI: %d\n", test_association->spi); test_association->sa_state = SA_OPERATIONAL; test_association->ast = 1; test_association->est = 1; test_association->stmacf_len = 16; test_association->shplf_len = 0; - *test_association->ecs = CRYPTO_CIPHER_AES256_GCM; + test_association->ecs = CRYPTO_CIPHER_AES256_GCM; test_association->acs_len = 1; - test_association->acs = calloc(1, test_association->acs_len * sizeof(uint8_t)); - *test_association->acs = 0; + test_association->acs = 0; test_association->arsn_len = 0; test_association->iv_len = 12; test_association->shivf_len = 12; - test_association->ecs[0] = 0x01; - test_association->iv = NULL; + test_association->ecs = 0x01; return_val = Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); @@ -501,20 +508,21 @@ UTEST(TC_APPLY_SECURITY, ENC_GCM_KMC_NULL_IV) UTEST(TC_APPLY_SECURITY, HAPPY_PATH_ENC_CBC_MDB_KMC) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 6, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 6, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t return_val = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); char* raw_tc_sdls_ping_h = "20031815000080d2c70008197f0b00310000b1fe3128"; char* raw_tc_sdls_ping_b = NULL; int raw_tc_sdls_ping_len = 0; - //SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + //SaInterface sa_if = get_sa_interface_inmemory(); hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); @@ -537,12 +545,13 @@ UTEST(TC_APPLY_SECURITY, HAPPY_PATH_ENC_CBC_MDB_KMC) UTEST(TC_APPLY_SECURITY, ENC_CBC_MDB_KMC_1BP) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 6, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 6, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t return_val = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); @@ -584,12 +593,13 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_MDB_KMC_1BP) UTEST(TC_APPLY_SECURITY, ENC_CBC_MDB_KMC_16BP) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 6, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 6, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t return_val = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); @@ -632,19 +642,20 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_MDB_KMC_16BP) UTEST(TC_APPLY_SECURITY, ENC_CBC_MDB_KMC_FRAME_MAX) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 6, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 6, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t return_val = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); char* raw_tc_sdls_ping_h = "20031BE0000080d2c70008197f0b003100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b1fed255"; char* raw_tc_sdls_ping_b = NULL; int raw_tc_sdls_ping_len = 0; - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); @@ -653,13 +664,13 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_MDB_KMC_FRAME_MAX) SecurityAssociation_t* test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Expose the SADB Security Association for test edits. - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sadb_routine->sadb_get_sa_from_spi(11, &test_association); + sa_if->sa_get_from_spi(11, &test_association); test_association->sa_state = SA_OPERATIONAL; test_association->ast = 0; test_association->arsn_len = 0; - sadb_routine->sadb_get_sa_from_spi(11, &test_association); + sa_if->sa_get_from_spi(11, &test_association); return_val = Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); @@ -677,22 +688,23 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_MDB_KMC_FRAME_MAX) UTEST(TC_APPLY_SECURITY, ENC_CBC_MDB_KMC_FRAME_TOO_BIG) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t return_val = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); char* raw_tc_sdls_ping_h = "200303F2000080d2c70008197f0b003100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b1fed255"; char* raw_tc_sdls_ping_b = NULL; int raw_tc_sdls_ping_len = 0; - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); @@ -701,13 +713,13 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_MDB_KMC_FRAME_TOO_BIG) SecurityAssociation_t* test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Expose the SADB Security Association for test edits. - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sadb_routine->sadb_get_sa_from_spi(11, &test_association); + sa_if->sa_get_from_spi(11, &test_association); test_association->sa_state = SA_OPERATIONAL; test_association->ast = 0; test_association->arsn_len = 0; - sadb_routine->sadb_get_sa_from_spi(11, &test_association); + sa_if->sa_get_from_spi(11, &test_association); return_val = Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); @@ -723,13 +735,14 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_MDB_KMC_FRAME_TOO_BIG) UTEST(TC_APPLY_SECURITY, ENC_CBC_MDB_KMC_NULL_IV) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_CRYPTO_MODULE, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 4, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 4, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t return_val = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); @@ -760,14 +773,15 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_MDB_KMC_NULL_IV) **/ UTEST(TC_PROCESS, HAPPY_PATH_DECRYPT_CBC_KMC) { - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); @@ -783,7 +797,7 @@ UTEST(TC_PROCESS, HAPPY_PATH_DECRYPT_CBC_KMC) // Expose/setup SAs for testing SecurityAssociation_t* test_association = NULL; test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); - sadb_routine->sadb_get_sa_from_spi(11, &test_association); + sa_if->sa_get_from_spi(11, &test_association); test_association->arsn_len = 0; test_association->shsnf_len = 0; test_association->ast = 0; @@ -818,14 +832,15 @@ UTEST(TC_PROCESS, HAPPY_PATH_DECRYPT_CBC_KMC) **/ UTEST(TC_PROCESS, DECRYPT_CBC_KMC_1B) { - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); @@ -841,7 +856,7 @@ UTEST(TC_PROCESS, DECRYPT_CBC_KMC_1B) // Expose/setup SAs for testing SecurityAssociation_t* test_association = NULL; test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); - sadb_routine->sadb_get_sa_from_spi(11, &test_association); + sa_if->sa_get_from_spi(11, &test_association); test_association->arsn_len = 0; test_association->shsnf_len = 0; test_association->ast = 0; @@ -876,14 +891,15 @@ UTEST(TC_PROCESS, DECRYPT_CBC_KMC_1B) **/ UTEST(TC_PROCESS, DECRYPT_CBC_KMC_16B) { - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); @@ -899,7 +915,7 @@ UTEST(TC_PROCESS, DECRYPT_CBC_KMC_16B) // Expose/setup SAs for testing SecurityAssociation_t* test_association = NULL; test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); - sadb_routine->sadb_get_sa_from_spi(11, &test_association); + sa_if->sa_get_from_spi(11, &test_association); test_association->arsn_len = 0; test_association->shsnf_len = 0; test_association->ast = 0; @@ -934,11 +950,12 @@ UTEST(TC_PROCESS, DECRYPT_CBC_KMC_16B) **/ UTEST(TC_PROCESS, DECRYPT_CBC_KMC_NULL_IV) { - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_CRYPTO_MODULE, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_FALSE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); @@ -954,9 +971,8 @@ UTEST(TC_PROCESS, DECRYPT_CBC_KMC_NULL_IV) // Expose/setup SAs for testing SecurityAssociation_t* test_association = NULL; test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); - sadb_routine->sadb_get_sa_from_spi(11, &test_association); + sa_if->sa_get_from_spi(11, &test_association); test_association->sa_state = SA_OPERATIONAL; - test_association->iv = NULL; test_association->ast = 0; // Convert input test frame @@ -975,11 +991,12 @@ UTEST(TC_PROCESS, DECRYPT_CBC_KMC_NULL_IV) UTEST(TC_PROCESS, DECRYPT_GCM_KMC_NULL_IV) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_CRYPTO_MODULE, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t return_val = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); @@ -990,29 +1007,27 @@ UTEST(TC_PROCESS, DECRYPT_GCM_KMC_NULL_IV) char* raw_tc_sdls_ping_h = "200300330000000B5C7D0E687B4ACC8978CEB8F9F1713AC7E65FAA6845BF9607A6D2B89B7AF55C4463B9068F344242AAFAEBE298"; uint8_t* raw_tc_sdls_ping_b = NULL; int raw_tc_sdls_ping_len = 0; - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); hex_conversion(raw_tc_sdls_ping_h, (char **) &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); SecurityAssociation_t* test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Expose the SADB Security Association for test edits. - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sadb_routine->sadb_get_sa_from_spi(11, &test_association); + sa_if->sa_get_from_spi(11, &test_association); printf("SPI: %d\n", test_association->spi); test_association->sa_state = SA_OPERATIONAL; test_association->ast = 1; test_association->est = 1; test_association->stmacf_len = 16; test_association->shplf_len = 0; - *test_association->ecs = CRYPTO_CIPHER_AES256_GCM; + test_association->ecs = CRYPTO_CIPHER_AES256_GCM; test_association->acs_len = 1; - test_association->acs = calloc(1, test_association->acs_len * sizeof(uint8_t)); - *test_association->acs = 0; + test_association->acs = 0; test_association->arsn_len = 0; test_association->iv_len = 12; test_association->shivf_len = 12; - test_association->iv = NULL; return_val = Crypto_TC_ProcessSecurity(raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len, tc_sdls_processed_frame); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); @@ -1027,12 +1042,13 @@ UTEST(TC_PROCESS, DECRYPT_GCM_KMC_NULL_IV) **/ UTEST(TC_PROCESS, HAPPY_PATH_DECRYPT_CBC_MDB_KMC) { - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 6, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 6, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); @@ -1075,12 +1091,13 @@ UTEST(TC_PROCESS, HAPPY_PATH_DECRYPT_CBC_MDB_KMC) **/ UTEST(TC_PROCESS, DECRYPT_CBC_MDB_KMC_1B) { - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 6, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 6, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); @@ -1121,12 +1138,13 @@ UTEST(TC_PROCESS, DECRYPT_CBC_MDB_KMC_1B) **/ UTEST(TC_PROCESS, DECRYPT_CBC_MDB_KMC_16B) { - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 6, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 6, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); @@ -1168,12 +1186,13 @@ UTEST(TC_PROCESS, DECRYPT_CBC_MDB_KMC_16B) **/ UTEST(TC_PROCESS, DECRYPT_CBC_MDB_KMC_NULL_IV) { - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_CRYPTO_MODULE, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_FALSE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 4, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 4, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); @@ -1189,10 +1208,9 @@ UTEST(TC_PROCESS, DECRYPT_CBC_MDB_KMC_NULL_IV) // Expose/setup SAs for testing SecurityAssociation_t* test_association = NULL; test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->arsn_len = 0; test_association->shsnf_len = 0; - test_association->iv = NULL; // Convert input test frame hex_conversion(test_frame_pt_h, (char**) &test_frame_pt_b, &test_frame_pt_len); diff --git a/util/src_util/pt_auth_as.c b/test/performance/pt_auth_as.c similarity index 88% rename from util/src_util/pt_auth_as.c rename to test/performance/pt_auth_as.c index 1d929648..e6961e23 100644 --- a/util/src_util/pt_auth_as.c +++ b/test/performance/pt_auth_as.c @@ -22,7 +22,7 @@ **/ #include "crypto.h" #include "crypto_error.h" -#include "sadb_routine.h" +#include "sa_interface.h" #include "utest.h" #include "crypto.h" @@ -105,11 +105,12 @@ double Apply_Security_Loop(uint8_t *frame, int frame_length, uint8_t *enc_frame, UTEST(PERFORMANCE, LSA_LIBG_AUTH_SHORT_100) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); Crypto_Init(); char* data_h = "202C046100ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEFF01C"; @@ -118,15 +119,15 @@ UTEST(PERFORMANCE, LSA_LIBG_AUTH_SHORT_100) uint8_t* ptr_enc_frame = NULL; uint16_t enc_frame_len = 0; - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); hex_conversion(data_h, &data_b, &data_l); SecurityAssociation_t* test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Expose the SADB Security Association for test edits. - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sadb_routine->sadb_get_sa_from_spi(10, &test_association); + sa_if->sa_get_from_spi(10, &test_association); test_association->sa_state = SA_OPERATIONAL; test_association->est = 0; test_association->arsn_len = 0; @@ -153,11 +154,12 @@ UTEST(PERFORMANCE, LSA_LIBG_AUTH_SHORT_100) UTEST(PERFORMANCE, MDB_LIBG_AUTH_SHORT_100) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("client-demo-kmc.example.com","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/home/itc/Desktop/CERTS/ammos-ca-bundle.crt", NULL, "/home/itc/Desktop/CERTS/ammos-client-cert.pem", "/home/itc/Desktop/CERTS/ammos-client-key.pem",NULL,"robert", NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); Crypto_Init(); char* data_h = "202C046100ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEFF01C"; @@ -166,15 +168,15 @@ UTEST(PERFORMANCE, MDB_LIBG_AUTH_SHORT_100) uint8_t* ptr_enc_frame = NULL; uint16_t enc_frame_len = 0; - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); hex_conversion(data_h, &data_b, &data_l); SecurityAssociation_t* test_association; // Expose the SADB Security Association for test edits. - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sadb_routine->sadb_get_sa_from_spi(10, &test_association); + sa_if->sa_get_from_spi(10, &test_association); test_association->sa_state = SA_OPERATIONAL; test_association->est = 0; test_association->arsn_len = 0; @@ -201,11 +203,12 @@ UTEST(PERFORMANCE, MDB_LIBG_AUTH_SHORT_100) UTEST(PERFORMANCE, LSA_KMC_AUTH_SHORT_100) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); Crypto_Init(); char* data_h = "202C046100ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEFF01C"; @@ -219,9 +222,9 @@ UTEST(PERFORMANCE, LSA_KMC_AUTH_SHORT_100) SecurityAssociation_t* test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Expose the SADB Security Association for test edits. - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sadb_routine->sadb_get_sa_from_spi(10, &test_association); + sa_if->sa_get_from_spi(10, &test_association); test_association->sa_state = SA_OPERATIONAL; test_association->est = 0; test_association->arsn_len = 0; @@ -248,12 +251,13 @@ UTEST(PERFORMANCE, LSA_KMC_AUTH_SHORT_100) UTEST(PERFORMANCE, MDB_KMC_AUTH_SHORT_100) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("client-demo-kmc.example.com","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/home/itc/Desktop/CERTS/ammos-ca-bundle.crt", NULL, "/home/itc/Desktop/CERTS/ammos-client-cert.pem", "/home/itc/Desktop/CERTS/ammos-client-key.pem",NULL,"robert", NULL); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); Crypto_Init(); char* data_h = "202C046100ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEFF01C"; @@ -290,11 +294,12 @@ UTEST(PERFORMANCE, MDB_KMC_AUTH_SHORT_100) UTEST(PERFORMANCE, LSA_LIBG_AUTH_MED_100) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); Crypto_Init(); char* data_h = "202C05E1000080d2c70008197fABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF01234567890b00313011"; @@ -303,15 +308,15 @@ UTEST(PERFORMANCE, LSA_LIBG_AUTH_MED_100) uint8_t* ptr_enc_frame = NULL; uint16_t enc_frame_len = 0; - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); hex_conversion(data_h, &data_b, &data_l); SecurityAssociation_t* test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Expose the SADB Security Association for test edits. - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sadb_routine->sadb_get_sa_from_spi(10, &test_association); + sa_if->sa_get_from_spi(10, &test_association); test_association->sa_state = SA_OPERATIONAL; test_association->est = 0; test_association->arsn_len = 0; @@ -338,11 +343,12 @@ UTEST(PERFORMANCE, LSA_LIBG_AUTH_MED_100) UTEST(PERFORMANCE, MDB_LIBG_AUTH_MED_100) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("client-demo-kmc.example.com","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/home/itc/Desktop/CERTS/ammos-ca-bundle.crt", NULL, "/home/itc/Desktop/CERTS/ammos-client-cert.pem", "/home/itc/Desktop/CERTS/ammos-client-key.pem",NULL,"robert", NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); Crypto_Init(); char* data_h = "202C05E1000080d2c70008197fABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF01234567890b00313011"; @@ -351,15 +357,15 @@ UTEST(PERFORMANCE, MDB_LIBG_AUTH_MED_100) uint8_t* ptr_enc_frame = NULL; uint16_t enc_frame_len = 0; - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); hex_conversion(data_h, &data_b, &data_l); SecurityAssociation_t* test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Expose the SADB Security Association for test edits. - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sadb_routine->sadb_get_sa_from_spi(10, &test_association); + sa_if->sa_get_from_spi(10, &test_association); test_association->sa_state = SA_OPERATIONAL; test_association->est = 0; test_association->arsn_len = 0; @@ -386,11 +392,12 @@ UTEST(PERFORMANCE, MDB_LIBG_AUTH_MED_100) UTEST(PERFORMANCE, LSA_KMC_AUTH_MED_100) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); Crypto_Init(); char* data_h = "202C05E1000080d2c70008197fABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF01234567890b00313011"; @@ -404,9 +411,9 @@ UTEST(PERFORMANCE, LSA_KMC_AUTH_MED_100) SecurityAssociation_t* test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Expose the SADB Security Association for test edits. - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sadb_routine->sadb_get_sa_from_spi(10, &test_association); + sa_if->sa_get_from_spi(10, &test_association); test_association->sa_state = SA_OPERATIONAL; test_association->est = 0; test_association->arsn_len = 0; @@ -433,12 +440,13 @@ UTEST(PERFORMANCE, LSA_KMC_AUTH_MED_100) UTEST(PERFORMANCE, MDB_KMC_AUTH_MED_100) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("client-demo-kmc.example.com","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/home/itc/Desktop/CERTS/ammos-ca-bundle.crt", NULL, "/home/itc/Desktop/CERTS/ammos-client-cert.pem", "/home/itc/Desktop/CERTS/ammos-client-key.pem",NULL,"robert", NULL); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); Crypto_Init(); char* data_h = "202C05E1000080d2c70008197fABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF01234567890b00313011"; @@ -475,11 +483,12 @@ UTEST(PERFORMANCE, MDB_KMC_AUTH_MED_100) UTEST(PERFORMANCE, LSA_LIBG_AUTH_LONG_100) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); Crypto_Init(); char* data_h = "202C07E1000080d2c70008197fABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF01234567890b0031626E"; @@ -488,15 +497,15 @@ UTEST(PERFORMANCE, LSA_LIBG_AUTH_LONG_100) uint8_t* ptr_enc_frame = NULL; uint16_t enc_frame_len = 0; - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); hex_conversion(data_h, &data_b, &data_l); SecurityAssociation_t* test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Expose the SADB Security Association for test edits. - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sadb_routine->sadb_get_sa_from_spi(10, &test_association); + sa_if->sa_get_from_spi(10, &test_association); test_association->sa_state = SA_OPERATIONAL; test_association->est = 0; test_association->arsn_len = 0; @@ -523,11 +532,12 @@ UTEST(PERFORMANCE, LSA_LIBG_AUTH_LONG_100) UTEST(PERFORMANCE, MDB_LIBG_AUTH_LONG_100) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("client-demo-kmc.example.com","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/home/itc/Desktop/CERTS/ammos-ca-bundle.crt", NULL, "/home/itc/Desktop/CERTS/ammos-client-cert.pem", "/home/itc/Desktop/CERTS/ammos-client-key.pem",NULL,"robert", NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); Crypto_Init(); char* data_h = "202C07E1000080d2c70008197fABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF01234567890b0031626E"; @@ -536,15 +546,15 @@ UTEST(PERFORMANCE, MDB_LIBG_AUTH_LONG_100) uint8_t* ptr_enc_frame = NULL; uint16_t enc_frame_len = 0; - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); hex_conversion(data_h, &data_b, &data_l); SecurityAssociation_t* test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Expose the SADB Security Association for test edits. - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sadb_routine->sadb_get_sa_from_spi(10, &test_association); + sa_if->sa_get_from_spi(10, &test_association); test_association->sa_state = SA_OPERATIONAL; test_association->est = 0; test_association->arsn_len = 0; @@ -571,11 +581,12 @@ UTEST(PERFORMANCE, MDB_LIBG_AUTH_LONG_100) UTEST(PERFORMANCE, LSA_KMC_AUTH_LONG_100) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); Crypto_Init(); char* data_h = "202C07E1000080d2c70008197fABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF01234567890b0031626E"; @@ -589,9 +600,9 @@ UTEST(PERFORMANCE, LSA_KMC_AUTH_LONG_100) SecurityAssociation_t* test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Expose the SADB Security Association for test edits. - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sadb_routine->sadb_get_sa_from_spi(10, &test_association); + sa_if->sa_get_from_spi(10, &test_association); test_association->sa_state = SA_OPERATIONAL; test_association->est = 0; test_association->arsn_len = 0; @@ -618,12 +629,13 @@ UTEST(PERFORMANCE, LSA_KMC_AUTH_LONG_100) UTEST(PERFORMANCE, MDB_KMC_AUTH_LONG_100) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("client-demo-kmc.example.com","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/home/itc/Desktop/CERTS/ammos-ca-bundle.crt", NULL, "/home/itc/Desktop/CERTS/ammos-client-cert.pem", "/home/itc/Desktop/CERTS/ammos-client-key.pem",NULL,"robert", NULL); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); Crypto_Init(); char* data_h = "202C07E1000080d2c70008197fABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF01234567890b0031626E"; @@ -660,11 +672,12 @@ UTEST(PERFORMANCE, MDB_KMC_AUTH_LONG_100) UTEST(PERFORMANCE, LSA_LIBG_AUTH_SHORT_1K) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); Crypto_Init(); char* data_h = "202C046100ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEFF01C"; @@ -673,15 +686,15 @@ UTEST(PERFORMANCE, LSA_LIBG_AUTH_SHORT_1K) uint8_t* ptr_enc_frame = NULL; uint16_t enc_frame_len = 0; - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); hex_conversion(data_h, &data_b, &data_l); SecurityAssociation_t* test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Expose the SADB Security Association for test edits. - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sadb_routine->sadb_get_sa_from_spi(10, &test_association); + sa_if->sa_get_from_spi(10, &test_association); test_association->sa_state = SA_OPERATIONAL; test_association->est = 0; test_association->arsn_len = 0; @@ -708,11 +721,12 @@ UTEST(PERFORMANCE, LSA_LIBG_AUTH_SHORT_1K) UTEST(PERFORMANCE, MDB_LIBG_AUTH_SHORT_1K) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("client-demo-kmc.example.com","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/home/itc/Desktop/CERTS/ammos-ca-bundle.crt", NULL, "/home/itc/Desktop/CERTS/ammos-client-cert.pem", "/home/itc/Desktop/CERTS/ammos-client-key.pem",NULL,"robert", NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); Crypto_Init(); char* data_h = "202C046100ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEFF01C"; @@ -721,15 +735,15 @@ UTEST(PERFORMANCE, MDB_LIBG_AUTH_SHORT_1K) uint8_t* ptr_enc_frame = NULL; uint16_t enc_frame_len = 0; - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); hex_conversion(data_h, &data_b, &data_l); SecurityAssociation_t* test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Expose the SADB Security Association for test edits. - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sadb_routine->sadb_get_sa_from_spi(10, &test_association); + sa_if->sa_get_from_spi(10, &test_association); test_association->sa_state = SA_OPERATIONAL; test_association->est = 0; test_association->arsn_len = 0; @@ -756,11 +770,12 @@ UTEST(PERFORMANCE, MDB_LIBG_AUTH_SHORT_1K) UTEST(PERFORMANCE, LSA_KMC_AUTH_SHORT_1K) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); Crypto_Init(); char* data_h = "202C046100ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEFF01C"; @@ -774,9 +789,9 @@ UTEST(PERFORMANCE, LSA_KMC_AUTH_SHORT_1K) SecurityAssociation_t* test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Expose the SADB Security Association for test edits. - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sadb_routine->sadb_get_sa_from_spi(10, &test_association); + sa_if->sa_get_from_spi(10, &test_association); test_association->sa_state = SA_OPERATIONAL; test_association->est = 0; test_association->arsn_len = 0; @@ -803,12 +818,13 @@ UTEST(PERFORMANCE, LSA_KMC_AUTH_SHORT_1K) UTEST(PERFORMANCE, MDB_KMC_AUTH_SHORT_1K) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("client-demo-kmc.example.com","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/home/itc/Desktop/CERTS/ammos-ca-bundle.crt", NULL, "/home/itc/Desktop/CERTS/ammos-client-cert.pem", "/home/itc/Desktop/CERTS/ammos-client-key.pem",NULL,"robert", NULL); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); Crypto_Init(); char* data_h = "202C046100ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEFF01C"; @@ -845,11 +861,12 @@ UTEST(PERFORMANCE, MDB_KMC_AUTH_SHORT_1K) UTEST(PERFORMANCE, LSA_LIBG_AUTH_MED_1K) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); Crypto_Init(); char* data_h = "202C05E1000080d2c70008197fABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF01234567890b00313011"; @@ -858,15 +875,15 @@ UTEST(PERFORMANCE, LSA_LIBG_AUTH_MED_1K) uint8_t* ptr_enc_frame = NULL; uint16_t enc_frame_len = 0; - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); hex_conversion(data_h, &data_b, &data_l); SecurityAssociation_t* test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Expose the SADB Security Association for test edits. - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sadb_routine->sadb_get_sa_from_spi(10, &test_association); + sa_if->sa_get_from_spi(10, &test_association); test_association->sa_state = SA_OPERATIONAL; test_association->est = 0; test_association->arsn_len = 0; @@ -893,11 +910,12 @@ UTEST(PERFORMANCE, LSA_LIBG_AUTH_MED_1K) UTEST(PERFORMANCE, MDB_LIBG_AUTH_MED_1K) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("client-demo-kmc.example.com","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/home/itc/Desktop/CERTS/ammos-ca-bundle.crt", NULL, "/home/itc/Desktop/CERTS/ammos-client-cert.pem", "/home/itc/Desktop/CERTS/ammos-client-key.pem",NULL,"robert", NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); Crypto_Init(); char* data_h = "202C05E1000080d2c70008197fABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF01234567890b00313011"; @@ -906,15 +924,15 @@ UTEST(PERFORMANCE, MDB_LIBG_AUTH_MED_1K) uint8_t* ptr_enc_frame = NULL; uint16_t enc_frame_len = 0; - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); hex_conversion(data_h, &data_b, &data_l); SecurityAssociation_t* test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Expose the SADB Security Association for test edits. - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sadb_routine->sadb_get_sa_from_spi(10, &test_association); + sa_if->sa_get_from_spi(10, &test_association); test_association->sa_state = SA_OPERATIONAL; test_association->est = 0; test_association->arsn_len = 0; @@ -941,11 +959,12 @@ UTEST(PERFORMANCE, MDB_LIBG_AUTH_MED_1K) UTEST(PERFORMANCE, LSA_KMC_AUTH_MED_1K) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); Crypto_Init(); char* data_h = "202C05E1000080d2c70008197fABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF01234567890b00313011"; @@ -959,9 +978,9 @@ UTEST(PERFORMANCE, LSA_KMC_AUTH_MED_1K) SecurityAssociation_t* test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Expose the SADB Security Association for test edits. - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sadb_routine->sadb_get_sa_from_spi(10, &test_association); + sa_if->sa_get_from_spi(10, &test_association); test_association->sa_state = SA_OPERATIONAL; test_association->est = 0; test_association->arsn_len = 0; @@ -988,12 +1007,13 @@ UTEST(PERFORMANCE, LSA_KMC_AUTH_MED_1K) UTEST(PERFORMANCE, MDB_KMC_AUTH_MED_1K) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("client-demo-kmc.example.com","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/home/itc/Desktop/CERTS/ammos-ca-bundle.crt", NULL, "/home/itc/Desktop/CERTS/ammos-client-cert.pem", "/home/itc/Desktop/CERTS/ammos-client-key.pem",NULL,"robert", NULL); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); Crypto_Init(); char* data_h = "202C05E1000080d2c70008197fABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF01234567890b00313011"; @@ -1030,11 +1050,12 @@ UTEST(PERFORMANCE, MDB_KMC_AUTH_MED_1K) UTEST(PERFORMANCE, LSA_LIBG_AUTH_LONG_1K) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); Crypto_Init(); char* data_h = "202C07E1000080d2c70008197fABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF01234567890b0031626E"; @@ -1043,15 +1064,15 @@ UTEST(PERFORMANCE, LSA_LIBG_AUTH_LONG_1K) uint8_t* ptr_enc_frame = NULL; uint16_t enc_frame_len = 0; - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); hex_conversion(data_h, &data_b, &data_l); SecurityAssociation_t* test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Expose the SADB Security Association for test edits. - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sadb_routine->sadb_get_sa_from_spi(10, &test_association); + sa_if->sa_get_from_spi(10, &test_association); test_association->sa_state = SA_OPERATIONAL; test_association->est = 0; test_association->arsn_len = 0; @@ -1078,11 +1099,12 @@ UTEST(PERFORMANCE, LSA_LIBG_AUTH_LONG_1K) UTEST(PERFORMANCE, MDB_LIBG_AUTH_LONG_1K) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("client-demo-kmc.example.com","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/home/itc/Desktop/CERTS/ammos-ca-bundle.crt", NULL, "/home/itc/Desktop/CERTS/ammos-client-cert.pem", "/home/itc/Desktop/CERTS/ammos-client-key.pem",NULL,"robert", NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); Crypto_Init(); char* data_h = "202C07E1000080d2c70008197fABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF01234567890b0031626E"; @@ -1091,15 +1113,15 @@ UTEST(PERFORMANCE, MDB_LIBG_AUTH_LONG_1K) uint8_t* ptr_enc_frame = NULL; uint16_t enc_frame_len = 0; - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); hex_conversion(data_h, &data_b, &data_l); SecurityAssociation_t* test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Expose the SADB Security Association for test edits. - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sadb_routine->sadb_get_sa_from_spi(10, &test_association); + sa_if->sa_get_from_spi(10, &test_association); test_association->sa_state = SA_OPERATIONAL; test_association->est = 0; test_association->arsn_len = 0; @@ -1126,11 +1148,12 @@ UTEST(PERFORMANCE, MDB_LIBG_AUTH_LONG_1K) UTEST(PERFORMANCE, LSA_KMC_AUTH_LONG_1K) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); Crypto_Init(); char* data_h = "202C07E1000080d2c70008197fABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF01234567890b0031626E"; @@ -1144,9 +1167,9 @@ UTEST(PERFORMANCE, LSA_KMC_AUTH_LONG_1K) SecurityAssociation_t* test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Expose the SADB Security Association for test edits. - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sadb_routine->sadb_get_sa_from_spi(10, &test_association); + sa_if->sa_get_from_spi(10, &test_association); test_association->sa_state = SA_OPERATIONAL; test_association->est = 0; test_association->arsn_len = 0; @@ -1173,12 +1196,13 @@ UTEST(PERFORMANCE, LSA_KMC_AUTH_LONG_1K) UTEST(PERFORMANCE, MDB_KMC_AUTH_LONG_1K) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("client-demo-kmc.example.com","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/home/itc/Desktop/CERTS/ammos-ca-bundle.crt", NULL, "/home/itc/Desktop/CERTS/ammos-client-cert.pem", "/home/itc/Desktop/CERTS/ammos-client-key.pem",NULL,"robert", NULL); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); Crypto_Init(); char* data_h = "202C07E1000080d2c70008197fABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF01234567890b0031626E"; diff --git a/util/src_util/pt_auth_enc_as.c b/test/performance/pt_auth_enc_as.c similarity index 91% rename from util/src_util/pt_auth_enc_as.c rename to test/performance/pt_auth_enc_as.c index 3fb568e7..6f5ecfc6 100644 --- a/util/src_util/pt_auth_enc_as.c +++ b/test/performance/pt_auth_enc_as.c @@ -22,7 +22,7 @@ **/ #include "crypto.h" #include "crypto_error.h" -#include "sadb_routine.h" +#include "sa_interface.h" #include "utest.h" #include "crypto.h" @@ -105,13 +105,13 @@ double Apply_Security_Loop(uint8_t *frame, int frame_length, uint8_t *enc_frame, UTEST(PERFORMANCE, LSA_LIBG_SHORT_100) { // Setup & Initialize CryptoLib - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init_TC_Unit_Test(); char* raw_tc_sdls_ping_h = "202C046100ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEFF01C"; char* raw_tc_sdls_ping_b = NULL; int raw_tc_sdls_ping_len = 0; - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); float ttl_time_lsa_clib_100 = 0.0; @@ -122,9 +122,9 @@ UTEST(PERFORMANCE, LSA_LIBG_SHORT_100) SecurityAssociation_t* test_association; // Expose the SADB Security Association for test edits. - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sadb_routine->sadb_get_sa_from_spi(10, &test_association); + sa_if->sa_get_from_spi(10, &test_association); test_association->sa_state = SA_OPERATIONAL; test_association->arsn_len = 0; @@ -148,11 +148,12 @@ UTEST(PERFORMANCE, LSA_LIBG_SHORT_100) UTEST(PERFORMANCE, MDB_LIBG_SHORT_100) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("client-demo-kmc.example.com","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/home/itc/Desktop/CERTS/ammos-ca-bundle.crt", NULL, "/home/itc/Desktop/CERTS/ammos-client-cert.pem", "/home/itc/Desktop/CERTS/ammos-client-key.pem",NULL,"robert", NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); char* raw_tc_jpl_mmt_scid44_vcid1_short = "202C046100ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEFF01C"; @@ -186,11 +187,12 @@ UTEST(PERFORMANCE, MDB_LIBG_SHORT_100) UTEST(PERFORMANCE, LSA_KMC_SHORT_100) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); char* raw_tc_jpl_mmt_scid44_vcid1_short = "202C046100ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEFF01C"; char* raw_tc_jpl_mmt_scid44_vcid1_expect = NULL; @@ -223,12 +225,13 @@ UTEST(PERFORMANCE, LSA_KMC_SHORT_100) UTEST(PERFORMANCE, MDB_KMC_SHORT_100) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("client-demo-kmc.example.com","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/home/itc/Desktop/CERTS/ammos-ca-bundle.crt", NULL, "/home/itc/Desktop/CERTS/ammos-client-cert.pem", "/home/itc/Desktop/CERTS/ammos-client-key.pem",NULL,"robert", NULL); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); char* raw_tc_jpl_mmt_scid44_vcid1_short = "202C046100ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEFF01C"; @@ -262,13 +265,13 @@ UTEST(PERFORMANCE, MDB_KMC_SHORT_100) UTEST(PERFORMANCE, LSA_LIBG_MED_100) { // Setup & Initialize CryptoLib - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init_TC_Unit_Test(); char* raw_tc_sdls_ping_h = "202C05E1000080d2c70008197fABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF01234567890b00313011"; char* raw_tc_sdls_ping_b = NULL; int raw_tc_sdls_ping_len = 0; - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); float ttl_time_lsa_clib_100 = 0.0; @@ -279,9 +282,9 @@ UTEST(PERFORMANCE, LSA_LIBG_MED_100) SecurityAssociation_t* test_association; // Expose the SADB Security Association for test edits. - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sadb_routine->sadb_get_sa_from_spi(10, &test_association); + sa_if->sa_get_from_spi(10, &test_association); test_association->sa_state = SA_OPERATIONAL; test_association->arsn_len = 0; @@ -305,11 +308,12 @@ UTEST(PERFORMANCE, LSA_LIBG_MED_100) UTEST(PERFORMANCE, MDB_LIBG_MED_100) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("client-demo-kmc.example.com","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/home/itc/Desktop/CERTS/ammos-ca-bundle.crt", NULL, "/home/itc/Desktop/CERTS/ammos-client-cert.pem", "/home/itc/Desktop/CERTS/ammos-client-key.pem",NULL,"robert", NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); char* raw_tc_jpl_mmt_scid44_vcid1_short = "202C05E1000080d2c70008197fABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF01234567890b00313011"; @@ -343,11 +347,12 @@ UTEST(PERFORMANCE, MDB_LIBG_MED_100) UTEST(PERFORMANCE, LSA_KMC_MED_100) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); char* raw_tc_jpl_mmt_scid44_vcid1_short = "202C05E1000080d2c70008197fABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF01234567890b00313011"; char* raw_tc_jpl_mmt_scid44_vcid1_expect = NULL; @@ -379,12 +384,13 @@ UTEST(PERFORMANCE, LSA_KMC_MED_100) UTEST(PERFORMANCE, MDB_KMC_MED_100) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("client-demo-kmc.example.com","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/home/itc/Desktop/CERTS/ammos-ca-bundle.crt", NULL, "/home/itc/Desktop/CERTS/ammos-client-cert.pem", "/home/itc/Desktop/CERTS/ammos-client-key.pem",NULL,"robert", NULL); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); char* raw_tc_jpl_mmt_scid44_vcid1_long = "202C05E1000080d2c70008197fABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF01234567890b00313011"; @@ -421,12 +427,12 @@ UTEST(PERFORMANCE, MDB_KMC_MED_100) UTEST(PERFORMANCE, LSA_LIBG_LONG_100) { // Setup & Initialize CryptoLib - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init_TC_Unit_Test(); char* raw_tc_sdls_ping_h = "202C07E1000080d2c70008197fABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF01234567890b0031626E"; char* raw_tc_sdls_ping_b = NULL; int raw_tc_sdls_ping_len = 0; - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); float ttl_time_lsa_clib_100 = 0.0; @@ -437,9 +443,9 @@ UTEST(PERFORMANCE, LSA_LIBG_LONG_100) SecurityAssociation_t* test_association; // Expose the SADB Security Association for test edits. - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sadb_routine->sadb_get_sa_from_spi(4, &test_association); + sa_if->sa_get_from_spi(4, &test_association); test_association->sa_state = SA_OPERATIONAL; test_association->arsn_len = 0; @@ -463,11 +469,12 @@ UTEST(PERFORMANCE, LSA_LIBG_LONG_100) UTEST(PERFORMANCE, MDB_LIBG_LONG_100) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("client-demo-kmc.example.com","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/home/itc/Desktop/CERTS/ammos-ca-bundle.crt", NULL, "/home/itc/Desktop/CERTS/ammos-client-cert.pem", "/home/itc/Desktop/CERTS/ammos-client-key.pem",NULL,"robert", NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); char* raw_tc_jpl_mmt_scid44_vcid1_long = "202C07E1000080d2c70008197fABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF01234567890b0031626E"; @@ -500,12 +507,13 @@ UTEST(PERFORMANCE, MDB_LIBG_LONG_100) UTEST(PERFORMANCE, LSA_KMC_LONG_100) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("client-demo-kmc.example.com","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/home/itc/Desktop/CERTS/ammos-ca-bundle.crt", NULL, "/home/itc/Desktop/CERTS/ammos-client-cert.pem", "/home/itc/Desktop/CERTS/ammos-client-key.pem",NULL,"robert", NULL); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); char* raw_tc_jpl_mmt_scid44_vcid1_long = "202C07E1000080d2c70008197fABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF01234567890b0031626E"; @@ -539,12 +547,13 @@ UTEST(PERFORMANCE, LSA_KMC_LONG_100) UTEST(PERFORMANCE, MDB_KMC_LONG_100) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("client-demo-kmc.example.com","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/home/itc/Desktop/CERTS/ammos-ca-bundle.crt", NULL, "/home/itc/Desktop/CERTS/ammos-client-cert.pem", "/home/itc/Desktop/CERTS/ammos-client-key.pem",NULL,"robert", NULL); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); char* raw_tc_jpl_mmt_scid44_vcid1_long = "202C07E1000080d2c70008197fABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF01234567890b0031626E"; @@ -581,13 +590,13 @@ UTEST(PERFORMANCE, MDB_KMC_LONG_100) UTEST(PERFORMANCE, LSA_LIBG_SHORT_1000) { // Setup & Initialize CryptoLib - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init_TC_Unit_Test(); char* raw_tc_sdls_ping_h = "202C046100ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEFF01C"; char* raw_tc_sdls_ping_b = NULL; int raw_tc_sdls_ping_len = 0; - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); float ttl_time_lsa_clib_100 = 0.0; @@ -598,9 +607,9 @@ UTEST(PERFORMANCE, LSA_LIBG_SHORT_1000) SecurityAssociation_t* test_association; // Expose the SADB Security Association for test edits. - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sadb_routine->sadb_get_sa_from_spi(10, &test_association); + sa_if->sa_get_from_spi(10, &test_association); test_association->sa_state = SA_OPERATIONAL; test_association->arsn_len = 0; @@ -624,11 +633,12 @@ UTEST(PERFORMANCE, LSA_LIBG_SHORT_1000) UTEST(PERFORMANCE, MDB_LIBG_SHORT_1000) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("client-demo-kmc.example.com","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/home/itc/Desktop/CERTS/ammos-ca-bundle.crt", NULL, "/home/itc/Desktop/CERTS/ammos-client-cert.pem", "/home/itc/Desktop/CERTS/ammos-client-key.pem",NULL,"robert", NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); char* raw_tc_jpl_mmt_scid44_vcid1_short = "202C046100ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEFF01C"; @@ -662,11 +672,12 @@ UTEST(PERFORMANCE, MDB_LIBG_SHORT_1000) UTEST(PERFORMANCE, LSA_KMC_SHORT_1000) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); char* raw_tc_jpl_mmt_scid44_vcid1_short = "202C046100ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEFF01C"; char* raw_tc_jpl_mmt_scid44_vcid1_expect = NULL; @@ -699,12 +710,13 @@ UTEST(PERFORMANCE, LSA_KMC_SHORT_1000) UTEST(PERFORMANCE, MDB_KMC_SHORT_1000) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("client-demo-kmc.example.com","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/home/itc/Desktop/CERTS/ammos-ca-bundle.crt", NULL, "/home/itc/Desktop/CERTS/ammos-client-cert.pem", "/home/itc/Desktop/CERTS/ammos-client-key.pem",NULL,"robert", NULL); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); char* raw_tc_jpl_mmt_scid44_vcid1_short = "202C046100ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEFF01C"; @@ -738,13 +750,13 @@ UTEST(PERFORMANCE, MDB_KMC_SHORT_1000) UTEST(PERFORMANCE, LSA_LIBG_MED_1000) { // Setup & Initialize CryptoLib - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init_TC_Unit_Test(); char* raw_tc_sdls_ping_h = "202C05E1000080d2c70008197fABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF01234567890b00313011"; char* raw_tc_sdls_ping_b = NULL; int raw_tc_sdls_ping_len = 0; - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); float ttl_time_lsa_clib_100 = 0.0; @@ -755,9 +767,9 @@ UTEST(PERFORMANCE, LSA_LIBG_MED_1000) SecurityAssociation_t* test_association; // Expose the SADB Security Association for test edits. - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sadb_routine->sadb_get_sa_from_spi(10, &test_association); + sa_if->sa_get_from_spi(10, &test_association); test_association->sa_state = SA_OPERATIONAL; test_association->arsn_len = 0; @@ -781,11 +793,12 @@ UTEST(PERFORMANCE, LSA_LIBG_MED_1000) UTEST(PERFORMANCE, MDB_LIBG_MED_1000) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("client-demo-kmc.example.com","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/home/itc/Desktop/CERTS/ammos-ca-bundle.crt", NULL, "/home/itc/Desktop/CERTS/ammos-client-cert.pem", "/home/itc/Desktop/CERTS/ammos-client-key.pem",NULL,"robert", NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); char* raw_tc_jpl_mmt_scid44_vcid1_short = "202C05E1000080d2c70008197fABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF01234567890b00313011"; @@ -819,11 +832,12 @@ UTEST(PERFORMANCE, MDB_LIBG_MED_1000) UTEST(PERFORMANCE, LSA_KMC_MED_1000) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); char* raw_tc_jpl_mmt_scid44_vcid1_short = "202C05E1000080d2c70008197fABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF01234567890b00313011"; char* raw_tc_jpl_mmt_scid44_vcid1_expect = NULL; @@ -855,12 +869,13 @@ UTEST(PERFORMANCE, LSA_KMC_MED_1000) UTEST(PERFORMANCE, MDB_KMC_MED_1000) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("client-demo-kmc.example.com","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/home/itc/Desktop/CERTS/ammos-ca-bundle.crt", NULL, "/home/itc/Desktop/CERTS/ammos-client-cert.pem", "/home/itc/Desktop/CERTS/ammos-client-key.pem",NULL,"robert", NULL); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); char* raw_tc_jpl_mmt_scid44_vcid1_long = "202C05E1000080d2c70008197fABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF01234567890b00313011"; @@ -897,12 +912,12 @@ UTEST(PERFORMANCE, MDB_KMC_MED_1000) UTEST(PERFORMANCE, LSA_LIBG_LONG_1000) { // Setup & Initialize CryptoLib - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init_TC_Unit_Test(); char* raw_tc_sdls_ping_h = "202C07E1000080d2c70008197fABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF01234567890b0031626E"; char* raw_tc_sdls_ping_b = NULL; int raw_tc_sdls_ping_len = 0; - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); float ttl_time_lsa_clib_100 = 0.0; @@ -913,9 +928,9 @@ UTEST(PERFORMANCE, LSA_LIBG_LONG_1000) SecurityAssociation_t* test_association; // Expose the SADB Security Association for test edits. - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sadb_routine->sadb_get_sa_from_spi(4, &test_association); + sa_if->sa_get_from_spi(4, &test_association); test_association->sa_state = SA_OPERATIONAL; test_association->arsn_len = 0; @@ -939,11 +954,12 @@ UTEST(PERFORMANCE, LSA_LIBG_LONG_1000) UTEST(PERFORMANCE, MDB_LIBG_LONG_1000) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("client-demo-kmc.example.com","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/home/itc/Desktop/CERTS/ammos-ca-bundle.crt", NULL, "/home/itc/Desktop/CERTS/ammos-client-cert.pem", "/home/itc/Desktop/CERTS/ammos-client-key.pem",NULL,"robert", NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); char* raw_tc_jpl_mmt_scid44_vcid1_long = "202C07E1000080d2c70008197fABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF01234567890b0031626E"; @@ -976,12 +992,13 @@ UTEST(PERFORMANCE, MDB_LIBG_LONG_1000) UTEST(PERFORMANCE, LSA_KMC_LONG_1000) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("client-demo-kmc.example.com","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/home/itc/Desktop/CERTS/ammos-ca-bundle.crt", NULL, "/home/itc/Desktop/CERTS/ammos-client-cert.pem", "/home/itc/Desktop/CERTS/ammos-client-key.pem",NULL,"robert", NULL); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); char* raw_tc_jpl_mmt_scid44_vcid1_long = "202C07E1000080d2c70008197fABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF01234567890b0031626E"; @@ -1016,12 +1033,13 @@ UTEST(PERFORMANCE, LSA_KMC_LONG_1000) UTEST(PERFORMANCE, MDB_KMC_LONG_1000) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("client-demo-kmc.example.com","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/home/itc/Desktop/CERTS/ammos-ca-bundle.crt", NULL, "/home/itc/Desktop/CERTS/ammos-client-cert.pem", "/home/itc/Desktop/CERTS/ammos-client-key.pem",NULL,"robert", NULL); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); char* raw_tc_jpl_mmt_scid44_vcid1_long = "202C07E1000080d2c70008197fABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF01234567890b0031626E"; diff --git a/util/src_util/pt_auth_enc_ps.c b/test/performance/pt_auth_enc_ps.c similarity index 89% rename from util/src_util/pt_auth_enc_ps.c rename to test/performance/pt_auth_enc_ps.c index ded652bf..cf99b61c 100644 --- a/util/src_util/pt_auth_enc_ps.c +++ b/test/performance/pt_auth_enc_ps.c @@ -22,7 +22,7 @@ **/ #include "crypto.h" #include "crypto_error.h" -#include "sadb_routine.h" +#include "sa_interface.h" #include "utest.h" #include "crypto.h" @@ -105,11 +105,16 @@ double Process_Security_Loop(char *data_b, int* data_l, TC_t* processed_frame, i UTEST(PERFORMANCE, LSA_LIBG_SHORT_100) { - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, +<<<<<<< HEAD + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, +======= + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, +>>>>>>> origin/dev + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); char* data_h = "202C047F00000A00000000000000000000006367CCB04793EECE4ECFAE6926856AB15F27C747E4F00F0314AC3174263FCC8ABEEE245A705DF168E7AF81057111A8776502606B698CA119FFDAEE33FD3027358EC40BC2C166D6E5312BF6A813D97864A037D8E3696EFBF2052228DFB63A4245482C24985171000B61A0C7F0386C"; int32_t status = Crypto_Init(); @@ -121,12 +126,12 @@ UTEST(PERFORMANCE, LSA_LIBG_SHORT_100) // Expose/setup SAs for testing SecurityAssociation_t* test_association; // Deactivate SA 1 - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; // Activate SA 10 - sadb_routine->sadb_get_sa_from_spi(10, &test_association); + sa_if->sa_get_from_spi(10, &test_association); test_association->sa_state = SA_OPERATIONAL; - sadb_routine->sadb_get_sa_from_spi(10, &test_association); + sa_if->sa_get_from_spi(10, &test_association); *test_association->ecs = CRYPTO_CIPHER_AES256_GCM; // Convert hex to binary hex_conversion(data_h, &data_b, &data_l); @@ -149,11 +154,12 @@ UTEST(PERFORMANCE, LSA_LIBG_SHORT_100) UTEST(PERFORMANCE, MDB_LIBG_SHORT_100) { - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); Crypto_Config_MariaDB("client-demo-kmc.example.com","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/home/itc/Desktop/CERTS/ammos-ca-bundle.crt", NULL, "/home/itc/Desktop/CERTS/ammos-client-cert.pem", "/home/itc/Desktop/CERTS/ammos-client-key.pem",NULL,"robert", NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); char* data_h = "202C047F0000020000000000000000000070E304CDF655C3FE953D03F0C9322A30FC1E9E93A753017B3B7890A0FF7DECFFE57CBBE804F7CB184436CD7F21D92E01586D243D128E195834F3070365D9CE59D7F71F7F71C4E60FA424ADE3C3976200268804BB9CD6027F9BCFA3BF13F126C5565AF370736625F4A32B1B390B11D3"; int32_t status = Crypto_Init(); @@ -181,11 +187,12 @@ UTEST(PERFORMANCE, MDB_LIBG_SHORT_100) UTEST(PERFORMANCE, LSA_KMC_SHORT_100) { - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); char* data_h = "202C047F00000A00000000000000000000006367CCB04793EECE4ECFAE6926856AB15F27C747E4F00F0314AC3174263FCC8ABEEE245A705DF168E7AF81057111A8776502606B698CA119FFDAEE33FD3027358EC40BC2C166D6E5312BF6A813D97864A037D8E3696EFBF2052228DFB63A4245482C24985171000B61A0C7F0386C"; int32_t status = Crypto_Init(); @@ -197,12 +204,12 @@ UTEST(PERFORMANCE, LSA_KMC_SHORT_100) // Expose/setup SAs for testing SecurityAssociation_t* test_association; // Deactivate SA 1 - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; // Activate SA 10 - sadb_routine->sadb_get_sa_from_spi(10, &test_association); + sa_if->sa_get_from_spi(10, &test_association); test_association->sa_state = SA_OPERATIONAL; - sadb_routine->sadb_get_sa_from_spi(10, &test_association); + sa_if->sa_get_from_spi(10, &test_association); *test_association->ecs = CRYPTO_CIPHER_AES256_GCM; // Convert hex to binary @@ -225,12 +232,13 @@ UTEST(PERFORMANCE, LSA_KMC_SHORT_100) UTEST(PERFORMANCE, MDB_KMC_SHORT_100) { - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); Crypto_Config_MariaDB("client-demo-kmc.example.com","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/home/itc/Desktop/CERTS/ammos-ca-bundle.crt", NULL, "/home/itc/Desktop/CERTS/ammos-client-cert.pem", "/home/itc/Desktop/CERTS/ammos-client-key.pem",NULL,"robert", NULL); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); char* data_h = "202C047F0000020000000000000000000071B20E13F2B09519E820E696F04588AACE79E1827D42E5EA66F450E2C4893674185EC19C970BE7CABD06AB8768B04F5A29A1AA58FC539A3010EB674B2FC821441BA36AF225474E8E0998513417C525336E858704588E4F3083EC3EA4245D3C6F1CA5312A20DC3AADC47A0310C7FB09"; int32_t status = Crypto_Init(); @@ -262,11 +270,12 @@ UTEST(PERFORMANCE, MDB_KMC_SHORT_100) UTEST(PERFORMANCE, LSA_LIBG_MED_100) { - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); char* data_h = "202C05FF00000A000000000000000000000063CC818D81B0A3B0B8CFAE6926856AB15F27C747E4F00F0314AC3174263FCC8ABEEE245A705DF168E7AF81057111A8776502606B698CA119FFDAEE33FD3027358EC40BC2C166D6E5312BF6A813D97864A037D8E3696EFBF2052228DF90F3545628E3182AADD4E7084E423A4CCA88F7C0BAE07A50169E687A1D6232EA056F02AD1F8362D9168A239CDF20EA0615E2FF9B3FC9E02852DD335F0ABCEBBC45A037E073A09B3300B3A2275A646209F4F5BF9C95A9D2A20881273A269B5DB614572D1E117CB73587832D3D63ACD4AD8C9C73AE9A0E521A8C85E19D20F9D670E709924849C46D578D91C0790EF998663E03DE0B830360B2C8E14DF8FA33BC0AC0120CCCA5823543E999C48064B140D8034EBB299E238E526B0443C239EE1CBA826BDAA8705DF421B073A08706D38E11DBD988E08EF9A38C4E4E726326FF54DC43AA76B0EAF004973BCDD51265B306D68EF393E6389AE35858D1B619A3B7D6A3656C3F8EA9512FA6685A3F2710A5A6274FCA0B69275339BC09F3349700E4214A275B9362EE08D2E1E6BBFE0D038007470DD17D8133451B027D1C73AA491256489F6FA2B1964BBA4A6746544ABF98C20C9511E5EFF08678A4B04BFBDFDF401D092FEF153DAB01DB3EBBF0C1879758A6485342DF30D84F46059846F2B910AC279437195F7B80DB14495CA46D9BC075A94CEE7F"; int32_t status = Crypto_Init(); @@ -278,12 +287,12 @@ UTEST(PERFORMANCE, LSA_LIBG_MED_100) // Expose/setup SAs for testing SecurityAssociation_t* test_association; // Deactivate SA 1 - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; // Activate SA 10 - sadb_routine->sadb_get_sa_from_spi(10, &test_association); + sa_if->sa_get_from_spi(10, &test_association); test_association->sa_state = SA_OPERATIONAL; - sadb_routine->sadb_get_sa_from_spi(10, &test_association); + sa_if->sa_get_from_spi(10, &test_association); *test_association->ecs = CRYPTO_CIPHER_AES256_GCM; // Convert hex to binary hex_conversion(data_h, &data_b, &data_l); @@ -306,11 +315,12 @@ UTEST(PERFORMANCE, LSA_LIBG_MED_100) UTEST(PERFORMANCE, MDB_LIBG_MED_100) { - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); Crypto_Config_MariaDB("client-demo-kmc.example.com","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/home/itc/Desktop/CERTS/ammos-ca-bundle.crt", NULL, "/home/itc/Desktop/CERTS/ammos-client-cert.pem", "/home/itc/Desktop/CERTS/ammos-client-key.pem",NULL,"robert", NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); char* data_h = "202C05FF000002000000000000000000007147C4888DE20936C8FFF8772894382BC0EADCFDA9B684BC64250309930E745CB9B300EA84D6C694C8688DCFA9007C276FDC33CDFE2CA12415C359FEDED084549487AA3FD876D04BC947B2EDA171983D7FEE5E627D93ADEF5EA9D9790203E1683B6454AD33614D47903A9D2BD46620FCB1A20DA9138B7A42DDA9F4E5207E3A1A15ECE4C917903B0CACEEED9EC8391AC0010F5BBD309EE3FDD5337BFE51F70DC07EB006B646967269CE93073402CCFB547577AA45CAC5823C35F6F76496F1621252491306EE70089F7DFAE6C1A9E515409E1603F61ADDD12C3BDFF98B2E8595B2CCC0F8339D081380EBBDC295DF274F8C4A02BBE1FC7E405CD54CF11FFA4FF6983A2AD6EAF2EB98EE3418191AE5CFCEBB8653091E4605D017C382990B18E2569A64DE56152CBF5B76D23614E60B449CE24924D549325A0447B88D931C8A0580DD167F5FD1B670A36D965FD3411005C4809F1CF1245C1DA008F1003B7334F933C89DDBF21BC556F8E5F244464A77FFB4320C64DBCD9DF82B3D720A8C9796C3BB8677355A7FF0BDC43D48D8990DC8EA34DA3B796AB0515341522D67FF629C283EA8B71CF261BD2F758443E880A3BEB61C5A839BD702D6D35F7B783B3752D59A1D4A4909A677F88572B84665184AE5149E9492728DA5BBDEA36B6B27E2E6F8194136604C98497056815197F871B8C36B51"; int32_t status = Crypto_Init(); @@ -340,11 +350,12 @@ UTEST(PERFORMANCE, MDB_LIBG_MED_100) UTEST(PERFORMANCE, LSA_KMC_MED_100) { - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); char* data_h = "202C05FF00000A000000000000000000000010B7D5264AA13C588EBCE851BB4CF923A94BDCB9E04ABB6688055EE94074AEFF78139C195EFB6D26F9D5DF2A002D4D26F6C1420F623D9EC8AC1B47EF469314F30D2466B5A1F8E4DC1ED2FFDA3B82C6BF6A8CC93B220C9B15A7FDCC1C3D86AEAA7EC2158D603F5FA4E102AE14917E5CF9B4A5EDC23E4EC5E42368C0D8FB1CF9FBCEE6ADC4790ACDE3B91BA41907416B949B7852DBFF244752242405E58A2C9B48D26E428DC89168A7AD434D3800B60192016F7925A27E12EE8F6C58BFC4D5297C39139B4871A2A37A1B5E4669F753A95003569BDD6CA8DB454CB25677D9227D9744EC09391F56A22970580AF34E5743918CF87387918596155B153CC913B588D07E96D765B11703B2D6C5910BFF92042C5ABD4FC474A0E050DACA184FCE4CAF82903F5C2BE659BD8551D1CA66BBA61B3611D4E9DA7E3060400A80F7F9504867F0943BCAC62EA2D07DD1BEE2FBD52439FA45A5F1AB8041D724E6B73A3803AA0B701BA7821B797C30C71C3B3BAF0CFA3C76DBC8323FFB22FF8507C995B5C552883141054E8B0B01594BCA4E6741E6D5DCC5CCA0D5D8A0F07E4771607513AEC948157966E0D0A8B0C8F8AC3D114F1095781B6F29B37655484F8C7C700D41F7B231D2A4637B10EAFDEFA26D133ECE3FDECF73E379BE93E3488F91F82C01031839E851EB324969EA367D98965AC0FA351B"; int32_t status = Crypto_Init(); @@ -356,12 +367,12 @@ UTEST(PERFORMANCE, LSA_KMC_MED_100) // Expose/setup SAs for testing SecurityAssociation_t* test_association; // Deactivate SA 1 - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; // Activate SA 10 - sadb_routine->sadb_get_sa_from_spi(10, &test_association); + sa_if->sa_get_from_spi(10, &test_association); test_association->sa_state = SA_OPERATIONAL; - sadb_routine->sadb_get_sa_from_spi(10, &test_association); + sa_if->sa_get_from_spi(10, &test_association); *test_association->ecs = CRYPTO_CIPHER_AES256_GCM; // Convert hex to binary @@ -384,12 +395,13 @@ UTEST(PERFORMANCE, LSA_KMC_MED_100) UTEST(PERFORMANCE, MDB_KMC_MED_100) { - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); Crypto_Config_MariaDB("client-demo-kmc.example.com","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/home/itc/Desktop/CERTS/ammos-ca-bundle.crt", NULL, "/home/itc/Desktop/CERTS/ammos-client-cert.pem", "/home/itc/Desktop/CERTS/ammos-client-key.pem",NULL,"robert", NULL); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); char* data_h = "202C05FF0000020000000000000000000071B8A9140EDCF90BEB2E84643FB928463D5E7CA5A2CA190B13DFCCBD7C150FC57FCAE7812FD90A672132370F05C11740089A0A263DE28CCF66901393AD69E63E71BF7795929B3F1ECB93D8C73168C84150835C3942C6DE5C015FEEC35DF5227FC068098CFB6307D7D1D9888B81688DFED4D6A16915A636DD6D93C46DE65C869A9E08985D238D5898B07760EAC9DEF46E9F3A38BDF6A28B9185350DB8C0AD33CDA11E6DF84EB849E7288138CEA52F8E9BACB6C461D6E30E365E89697D1FEE1D484452207403A988B643779A07D56A91CFC0C7C197DDC0C68AD837D0FF248AFE3D0F5A46FEB4380EEF796C46D1A279A4D1E12103107FDF84BB1A4FCCF7E56460CEC85F99580597966B5214BBFE22E84E078EFB664D79A98A850F1FC2DDCCD43A92E25D5732C4700F86D2D342A67EBD2363032F7B2E1C1F2D7C003D0590FD4ABD064AE5C8FCFCD656A2AF510223345CC9F2F8837F3060A66F6DAF811E93600D9CB9BC3B3B66EFC395B86DF065C66C9C8A86192092AED70AC44A1D33D219ABE453E47764B78B5ED8689E06FA40A1276874E99560BA983B01B4268C1FD6B7CAA90B5148D2B39E2026C2E6AD56A9071894A7F6FD0BBE91F75519A0ACC72196F3CD72ACACD0820DA674215E80D63D3C9AFE59FFE547AB2F5F7EE16FFF9328EF6473BD7D3121116AD14868BDA4EA305636D744"; int32_t status = Crypto_Init(); @@ -421,11 +433,12 @@ UTEST(PERFORMANCE, MDB_KMC_MED_100) UTEST(PERFORMANCE, LSA_LIBG_LONG_100) { - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); char* data_h = "202C07FF00000A000000000000000000000063CC818D81B0A3B0B8CFAE6926856AB15F27C747E4F00F0314AC3174263FCC8ABEEE245A705DF168E7AF81057111A8776502606B698CA119FFDAEE33FD3027358EC40BC2C166D6E5312BF6A813D97864A037D8E3696EFBF2052228DF90F3545628E3182AADD4E7084E423A4CCA88F7C0BAE07A50169E687A1D6232EA056F02AD1F8362D9168A239CDF20EA0615E2FF9B3FC9E02852DD335F0ABCEBBC45A037E073A09B3300B3A2275A646209F4F5BF9C95A9D2A20881273A269B5DB614572D1E117CB73587832D3D63ACD4AD8C9C73AE9A0E521A8C85E19D20F9D670E709924849C46D578D91C0790EF998663E03DE0B830360B2C8E14DF8FA33BC0AC0120CCCA5823543E999C48064B140D8034EBB299E238E526B0443C239EE1CBA826BDAA8705DF421B073A08706D38E11DBD988E08EF9A38C4E4E726326FF54DC43AA76B0EAF004973BCDD51265B306D68EF393E6389AE35858D1B619A3B7D6A3656C3F8EA9512FA6685A3F2710A5A6274FCA0B69275339BC09F3349700E4214A275B9362EE08D2E1E6BBFE0D038007470DD17D8133451B027D1C73AA491256489F6FA2B1964BBA4A6746544ABF98C20C9511E5EFF08678A4B04BFBDFDF401D092FEF153DAB01DB3EBBF0C1879758A6485342DF30D84F46059846F2B9100CEA4A31F68604E41C4448D56A4174B38CF4BA1B365904A442ABCAE1773DBD4007470E674DD5422C5F6DE74EBB068C1C0EEBB68378BB1CFFBC8893DB94136AA501D30C7AEA14135C95C7FA017A893681DF3696448D7F4523102B0A93D183097560B75145754158C7A77B8CE69A7BC7625E28B59FCAD104FDB619B2BB9D5BA7C621697EBC87F80A7FD43480A46828E433314522B9146FCA62CB2105D1EB22D19F55FAE320ED16D54F150FD20081F1336572D128F6D2803A09E8E35456ECB1D6AE0A3A8ECCE231C4602893171538BF40E5AD79003B2CEFA33FDD83D5A79E0BCF26A25754D1E91B279222393F8BDB7A07A0B5BD15458FAB9FB6138192D43A294A9FDE48F660A497305C49726BB3AF29521F8EB686441C34E2DF0BB5EE4E7B0FA14E0A56879A44D252BDA7939B777B6D283C85522F77202A574C0BA9049A3B9BBD059B2CE6CEAEE88B7C979FCB4333BB39AF5F14CFF8B8E8F477C15F11FC6A89365DD8CD258339AB6B748EAB34F93D007805E904A532E7BB5C90AE88209E6170A6656AFCBA6C9F6F5902A8117694C28BF9CF396648E993F5C59D5C60C5C175EEE70E2EA72EA67E2E6535E56E4F95B03B3B077572C6A021D1F1E54EA83DA804E84CD4EE2368917D367552B102B80A5DA8203F65FA9C1BDB5992C0A75F9FF4B9052CD1A59D1AFFC4F31397702C795E36FD31DB437F2376F0E5C9D451777AF0BF88CFE466EE9F4BF2B7929689EDFB2A529ECF8DAFF177E382"; int32_t status = Crypto_Init(); @@ -437,12 +450,12 @@ UTEST(PERFORMANCE, LSA_LIBG_LONG_100) // Expose/setup SAs for testing SecurityAssociation_t* test_association; // Deactivate SA 1 - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; // Activate SA 10 - sadb_routine->sadb_get_sa_from_spi(10, &test_association); + sa_if->sa_get_from_spi(10, &test_association); test_association->sa_state = SA_OPERATIONAL; - sadb_routine->sadb_get_sa_from_spi(10, &test_association); + sa_if->sa_get_from_spi(10, &test_association); *test_association->ecs = CRYPTO_CIPHER_AES256_GCM; // Convert hex to binary hex_conversion(data_h, &data_b, &data_l); @@ -465,11 +478,12 @@ UTEST(PERFORMANCE, LSA_LIBG_LONG_100) UTEST(PERFORMANCE, MDB_LIBG_LONG_100) { - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); Crypto_Config_MariaDB("client-demo-kmc.example.com","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/home/itc/Desktop/CERTS/ammos-ca-bundle.crt", NULL, "/home/itc/Desktop/CERTS/ammos-client-cert.pem", "/home/itc/Desktop/CERTS/ammos-client-key.pem",NULL,"robert", NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); char* data_h = "202C07FF000002000000000000000000007217E059763EF5ADFC613DFAC3D96B906BE1361B1652B72637738C5731EDEF6C0C8EF2A5915169F1C6BBF7755B2D96BEE2F6DBC490A432A1515A89F4164B00020159A9B8646EDA561DB153F0FF6B4FCDE2E1E7FF4A1F3C155742E9298CA19A3F360FCC6CEC154802771F81F7214709DAEFB8D7732D311C2D11BE133D9F4882A82EE5B16A204B102FC8B21E9F3F841589EB85A97ED72781A2A2482A7E81ADB16628D3C7E8B15BDE350A18D9C459A43DE5B048F8C97A92B56E39C05B41AC0119427AE80E5A85FF7D52D25AFFF8B361FE938051399238864B4ED9983BEB4BE0F467530ABA03BF9EAAAAC9899A934E8FDB7DBDF5FE7F6B10B461D88045DEFBE3B872D11DBE975F2EE94A4BE9225653EFE1D6B06CBD6B0987E74B15E348135C41A583A0B5F249B08615FBD9DADFF8C29C9ED9886501B39857A7E2971DE338BC25379CC1E525A1201DE30922C9E3975D7F7E7538FE3D08B9DDF34E7C9DAB5FC961747A4F6F2FAF5E1BEE8F1EBEC4403FE3F6AC90369A04CB64AEBFF8C2457EFB0FE7714F72712C5256CBF18F25BF1AF13F6B639CCBED04CDC6FBA65F09B3ADF0F912995C5AF40157706D7F572C3481AA215F6B1AF5B7DCD519EDCD02EF66358588A756F3AB8C4C7D7B446D425F0DC7D309BADA9078DE415175DDCEDBDEDD6028D67DD4B83DB1D15EAC3F1A8926D11903F1C48484EF953E846203E5EDF6FA62F93D1FCD5E70C3E17017CFB7FC7C9B8A71B4F2B290893E18C7CC2E0BD8CA9FA940D1DC5129B062CBD2FACEDE3D26F5CDB2CC38F013B032835F1E0C6F2898A77DC8859F485FD64CCA79BA79A0911F87F5EA2C1AE5F72D530E8AE17F094A964ABD43C55E7BB7EBD63479C0E1F4014E5BA6B11FBA230A038B9C1470E289555D4313A2C166B34316BDFA84C428F11E61C11B300039B6FAA1D44ABD313ACCAB31DEE5E7D461BE78428EFEBC7DFBC49CBCB5F98DE92F4F07B477A57CB3426D7A66E5A07CC49A1061F8912C68F7C691BEFBD6DF536A9F26AEAEB6968F3F35017760B1840D4CF1E277FE8D9A99326A9FAD68814DE6F929253F2D4F3AF046C578A434DBFEA4B2CC9834633CF5919085126D95F74A444328113408AE6D798FF6961C38822D4523F9AA99C766AE3E5104BE7EE0E027C2F9B73BA07ADA882762FD93F590BF29FD0429BBC83DB4F531C1187B8DECEC0E5171027433358CE6E0AAAF50B59AC32EDE3D5B198B7C6AD462F00F9E7E52A21DE992037FDED63EF5646C236701729096AC704DA4A649C244B24242795DA49B25C34AB8F2E824DE4F42E1D4F06CC79F594DB4F62F31CD928C4CD678451CA7511FBB30F771F45522410586A22321C683F98774C89864E9ADF030216BC083E991CA96E4E751324B7E0AC2775996CDF33A46E09BCC24856D3112D844D337C57B9519F966A4"; int32_t status = Crypto_Init(); @@ -499,11 +513,12 @@ UTEST(PERFORMANCE, MDB_LIBG_LONG_100) UTEST(PERFORMANCE, LSA_KMC_LONG_100) { - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); char* data_h = "202C07FF00000A0000000000000000000000042DD72659FA856512F4C35CA125B94FA62D41A46ECE953F746436776EDBB107E4CB804D02C0A794341D4D7D5A83C8735001B649FABAC5D32D62E64D3A7768CA60B79861A05434DAF398873705D0226717B99079451D42F01FCA9CC895277B705096CA10A9873760CE387FCAB553B93D907F0C299B8427A514C09B36D9008DEFD8C38F7D9E2E7880430D08BFD76C98AE0A1E4A78A5D6E3651C81C418A20C1AA6871BD2C9170A411AB9C00376BC7019E867F7BA0D6A7C28A49E8462216D35C97DA05779F1DEE2A2C1C83E12362A2748E9D7555E8F8CAAAA85611DD3BE5E68C55949329FC64A94804449DA2442406FDFAD6878945EFC27479F4F4DCB82399978F9BAB3D583AC548CEB7EFFEC13D6EE49ECD258781B8F395B9B129F41A72CEDA58D5AE2373EDE39C037042BBFB926DC5C01C92A8D32AF6908754612C2CF6311CAEDF8E78DC3E632C4485D972CF70250A376E687551BB5CE544779AC915CB39ED489B0FA5F7B2948333F5D4DC9CD07D712C764A1085C696473FE62AB77DF0E7E67D91EAF1B1A96F9FE3014B33450B63E6783D2DB965EED2BD26392B221814AA01EEB646B54B2AA45A29F9808283E5FBF04B49C6A3BEE6480E67169825A4E2DA8EB0C7AC690C380107CC888722844DE1C600B2ACFB74ECEB4425B63E8B7AF906540D30333D27BB3DEDAC1A7F04A0584D06EBF0867BC6ADDFBF52B17A7FBE3AD2E814DA4307607DA9C3FC2818A527CDF4E41F4CBF853F25086E90BF8836A9C839830AA9D72283E92A5C5CAACC786CF7FBED1528666FEE7B02CA1ED6F5A05630366AA0DFA37D3B0AB13ADBB2EE053465F7C39A01FF125EADA21619420A89B7FC1706B7E2C6F21ECC923AE9E602FAAD137DBEA66B7CA8C536B00218DC58C398CA465F20DB15438E0D8A2D421AA56FFC7765B7B1903C20312103B86B96B2F8A2F8A72CEBC7D66F86FC2B1EC1662B602C72EEC1C2D6A0B6AF0DF1BC2AFE635C2AB2C083F06D303FE3E45766C80499073177429C7A81EF3883A86FC4271D8F0C91EAB043DCF130CFC2AA1A48C3C20F1ABC1CE1E17B3E64DF5FE4996E285DEC0011A22DAAED5C58529B77E273A2389548748B780271D33A8BB8C380CE1C3CE8F3B2A487DD10D828F3146A2CE61F94CAFF3A5A099A59BF8B59196F271FFF718D097779D56BA71ECFEC97FDDF7BCAC120C264581B3EE45D6C2B01DD0382178134B940D4048847CFB5555A95E33DE7D59C35D41BC37625A64E87AC5F425F7CF88C3D78FF3449464AD4BE53818E8238C9EDB9A1389CAA421A656CDDE86057D08F636AD4462EEBB09B942CE6C86ABA6935DE352AF100257C7B416842C1B4DE70F5DBF55087B297C32A26DC47920B1CD70D1D893EB12703CF04DBD58C4EAE5B5CB674582C69FFD4A06F8491F56DAC15DADFB508EDF1FAA"; int32_t status = Crypto_Init(); @@ -515,12 +530,12 @@ UTEST(PERFORMANCE, LSA_KMC_LONG_100) // Expose/setup SAs for testing SecurityAssociation_t* test_association; // Deactivate SA 1 - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; // Activate SA 10 - sadb_routine->sadb_get_sa_from_spi(10, &test_association); + sa_if->sa_get_from_spi(10, &test_association); test_association->sa_state = SA_OPERATIONAL; - sadb_routine->sadb_get_sa_from_spi(10, &test_association); + sa_if->sa_get_from_spi(10, &test_association); *test_association->ecs = CRYPTO_CIPHER_AES256_GCM; // Convert hex to binary @@ -543,12 +558,13 @@ UTEST(PERFORMANCE, LSA_KMC_LONG_100) UTEST(PERFORMANCE, MDB_KMC_LONG_100) { - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); Crypto_Config_MariaDB("client-demo-kmc.example.com","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/home/itc/Desktop/CERTS/ammos-ca-bundle.crt", NULL, "/home/itc/Desktop/CERTS/ammos-client-cert.pem", "/home/itc/Desktop/CERTS/ammos-client-key.pem",NULL,"robert", NULL); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); char* data_h = "202C07FF00000200000000000000000000721BAC6AEED1D245278896BFCE8F455FC3DA3DFFFC84F3A42360697AC41AA8387B67F79EE9E336B4F2900A074274C3D380C3076550FF491C2CD0131DE6EB2F2D2E5F1F8222A1421E911AD331872BF8A6A48165A8D4B0126B8F156EA11117F975D7F1289375EEC9972796EAE4554AD30C9EDB323518644DC504F4484BBB8447DDE7464F74BF271002141DCD5D961D2FA774703F4D708D21922D5D322D95F87762F93BC53AB12E7539784A7622502BD8BDDAD8CFF1415AD0CC27834CF6009A32E50AAC9B20612D4848B93689F1283C844739D03F96A81970A473167F37CAA1E7FF66C539285EB79AC17AF709D3FC7395479CAA2724189ED064AFEEE81D28ECD0CDEEA105A7F3D8AC2AC42C5FD4BC25569EDD6A5B9674A1F90034E031DB30EFDE4789BC381BAF2D367165CA77114B2B72155DD90A48BE229AC984A6153C3E78B3A6C453CC7D791A1FDF6982F8530EAE61649B5FB83776CE0F607B438A7FF0C13F79A778B295F020FA993ADA08CCE57CB7B6098CC3ABF96EEBC6313C361F7DD0230B9FDDF04ED5E0D206178B8F63F072D4DE6DE8A60D1D5279E86F1E518FB875EC7F86406C4719BB6C4F8682F7F2693341599587EC884B882252437BDE838C318F13C2474D909331A737F0BB651656DF1CF46DB16B911851B1C2CCE0A03E3D9DF7494B3AFB5C24FC793A9D52144482B8A4FEA666B472CBD6E4B8355F39E02BEF428C5B950571D3D195561E0BD004A9BA089CA0776FC42C60E95CD5B190A12143F71473A352DC64BD8E5796C7ECC88506F0A6BEE0600E922053ADC2CB43EDC6852E52C82C388CE39C1C30F6DC30DD5B67B3A326F099C0FC5B8A3BDDDD3D3E0E136889AE5578FF746C2D81162023DA4F7C7EE2312284BB88CCA91AC5090BA5C2E101234E6D50F642F77960205CB9DDAB3E09FE77997B7CC4BF0BBC5AFC11CFB8E53936AD637101390BEC5B534AA48236DEEAEA2901EC42EA699B3DF1E0F91A533E0D1D76432DEDC1A5A2E6763662BD1E8D29D29FDA13C072C549B2F42B0E3B796981853DD7B776CA27142E60C65FCECD23CE7624CA0D81E966248C4C5D10953A6F742AD27C87A4950B4F172B706F65CCA2EFDA0FA6715BD95DD2841DB5C3262B210BF126A548D09C1EF0F7F83FA379D389C1890804AEE56B1CC7F45BF4422CCA3FC165F36BC5DD3546DB386A3551F0F467377D952C82D2890E70840F738FDC49838B1F30A16D1AF8DFE9E594D88EEBAEAE3B6DBA33F8DC69D95246E43A394E1463D0EFCAD040FE57CE9E95C57098E7EE76C6507889EB94232DA84B11572D462F932C04CCD60E3372024B7978B8960EA9145A297E7DF1114E48E6048CFDD31C1859B1A468991E1E67FAEAD138652A0BAA7A4D99669882357ECC0893E4D96A1E6E3D754CA24D5D997EDB91C647436A18A47377"; int32_t status = Crypto_Init(); @@ -580,11 +596,12 @@ UTEST(PERFORMANCE, MDB_KMC_LONG_100) UTEST(PERFORMANCE, LSA_LIBG_SHORT_1K) { - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); char* data_h = "202C047F00000A00000000000000000000006367CCB04793EECE4ECFAE6926856AB15F27C747E4F00F0314AC3174263FCC8ABEEE245A705DF168E7AF81057111A8776502606B698CA119FFDAEE33FD3027358EC40BC2C166D6E5312BF6A813D97864A037D8E3696EFBF2052228DFB63A4245482C24985171000B61A0C7F0386C"; int32_t status = Crypto_Init(); @@ -596,12 +613,12 @@ UTEST(PERFORMANCE, LSA_LIBG_SHORT_1K) // Expose/setup SAs for testing SecurityAssociation_t* test_association; // Deactivate SA 1 - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; // Activate SA 10 - sadb_routine->sadb_get_sa_from_spi(10, &test_association); + sa_if->sa_get_from_spi(10, &test_association); test_association->sa_state = SA_OPERATIONAL; - sadb_routine->sadb_get_sa_from_spi(10, &test_association); + sa_if->sa_get_from_spi(10, &test_association); *test_association->ecs = CRYPTO_CIPHER_AES256_GCM; // Convert hex to binary hex_conversion(data_h, &data_b, &data_l); @@ -624,11 +641,12 @@ UTEST(PERFORMANCE, LSA_LIBG_SHORT_1K) UTEST(PERFORMANCE, MDB_LIBG_SHORT_1K) { - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); Crypto_Config_MariaDB("client-demo-kmc.example.com","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/home/itc/Desktop/CERTS/ammos-ca-bundle.crt", NULL, "/home/itc/Desktop/CERTS/ammos-client-cert.pem", "/home/itc/Desktop/CERTS/ammos-client-key.pem",NULL,"robert", NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); char* data_h = "202C047F0000020000000000000000000070E304CDF655C3FE953D03F0C9322A30FC1E9E93A753017B3B7890A0FF7DECFFE57CBBE804F7CB184436CD7F21D92E01586D243D128E195834F3070365D9CE59D7F71F7F71C4E60FA424ADE3C3976200268804BB9CD6027F9BCFA3BF13F126C5565AF370736625F4A32B1B390B11D3"; int32_t status = Crypto_Init(); @@ -656,11 +674,12 @@ UTEST(PERFORMANCE, MDB_LIBG_SHORT_1K) UTEST(PERFORMANCE, LSA_KMC_SHORT_1K) { - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); char* data_h = "202C047F00000A00000000000000000000006367CCB04793EECE4ECFAE6926856AB15F27C747E4F00F0314AC3174263FCC8ABEEE245A705DF168E7AF81057111A8776502606B698CA119FFDAEE33FD3027358EC40BC2C166D6E5312BF6A813D97864A037D8E3696EFBF2052228DFB63A4245482C24985171000B61A0C7F0386C"; int32_t status = Crypto_Init(); @@ -672,12 +691,12 @@ UTEST(PERFORMANCE, LSA_KMC_SHORT_1K) // Expose/setup SAs for testing SecurityAssociation_t* test_association; // Deactivate SA 1 - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; // Activate SA 10 - sadb_routine->sadb_get_sa_from_spi(10, &test_association); + sa_if->sa_get_from_spi(10, &test_association); test_association->sa_state = SA_OPERATIONAL; - sadb_routine->sadb_get_sa_from_spi(10, &test_association); + sa_if->sa_get_from_spi(10, &test_association); *test_association->ecs = CRYPTO_CIPHER_AES256_GCM; // Convert hex to binary @@ -700,12 +719,13 @@ UTEST(PERFORMANCE, LSA_KMC_SHORT_1K) UTEST(PERFORMANCE, MDB_KMC_SHORT_1K) { - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); Crypto_Config_MariaDB("client-demo-kmc.example.com","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/home/itc/Desktop/CERTS/ammos-ca-bundle.crt", NULL, "/home/itc/Desktop/CERTS/ammos-client-cert.pem", "/home/itc/Desktop/CERTS/ammos-client-key.pem",NULL,"robert", NULL); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); char* data_h = "202C047F0000020000000000000000000071B20E13F2B09519E820E696F04588AACE79E1827D42E5EA66F450E2C4893674185EC19C970BE7CABD06AB8768B04F5A29A1AA58FC539A3010EB674B2FC821441BA36AF225474E8E0998513417C525336E858704588E4F3083EC3EA4245D3C6F1CA5312A20DC3AADC47A0310C7FB09"; int32_t status = Crypto_Init(); @@ -737,11 +757,12 @@ UTEST(PERFORMANCE, MDB_KMC_SHORT_1K) UTEST(PERFORMANCE, LSA_LIBG_MED_1K) { - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); char* data_h = "202C05FF00000A000000000000000000000063CC818D81B0A3B0B8CFAE6926856AB15F27C747E4F00F0314AC3174263FCC8ABEEE245A705DF168E7AF81057111A8776502606B698CA119FFDAEE33FD3027358EC40BC2C166D6E5312BF6A813D97864A037D8E3696EFBF2052228DF90F3545628E3182AADD4E7084E423A4CCA88F7C0BAE07A50169E687A1D6232EA056F02AD1F8362D9168A239CDF20EA0615E2FF9B3FC9E02852DD335F0ABCEBBC45A037E073A09B3300B3A2275A646209F4F5BF9C95A9D2A20881273A269B5DB614572D1E117CB73587832D3D63ACD4AD8C9C73AE9A0E521A8C85E19D20F9D670E709924849C46D578D91C0790EF998663E03DE0B830360B2C8E14DF8FA33BC0AC0120CCCA5823543E999C48064B140D8034EBB299E238E526B0443C239EE1CBA826BDAA8705DF421B073A08706D38E11DBD988E08EF9A38C4E4E726326FF54DC43AA76B0EAF004973BCDD51265B306D68EF393E6389AE35858D1B619A3B7D6A3656C3F8EA9512FA6685A3F2710A5A6274FCA0B69275339BC09F3349700E4214A275B9362EE08D2E1E6BBFE0D038007470DD17D8133451B027D1C73AA491256489F6FA2B1964BBA4A6746544ABF98C20C9511E5EFF08678A4B04BFBDFDF401D092FEF153DAB01DB3EBBF0C1879758A6485342DF30D84F46059846F2B910AC279437195F7B80DB14495CA46D9BC075A94CEE7F"; int32_t status = Crypto_Init(); @@ -753,12 +774,12 @@ UTEST(PERFORMANCE, LSA_LIBG_MED_1K) // Expose/setup SAs for testing SecurityAssociation_t* test_association; // Deactivate SA 1 - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; // Activate SA 10 - sadb_routine->sadb_get_sa_from_spi(10, &test_association); + sa_if->sa_get_from_spi(10, &test_association); test_association->sa_state = SA_OPERATIONAL; - sadb_routine->sadb_get_sa_from_spi(10, &test_association); + sa_if->sa_get_from_spi(10, &test_association); *test_association->ecs = CRYPTO_CIPHER_AES256_GCM; // Convert hex to binary hex_conversion(data_h, &data_b, &data_l); @@ -781,11 +802,12 @@ UTEST(PERFORMANCE, LSA_LIBG_MED_1K) UTEST(PERFORMANCE, MDB_LIBG_MED_1K) { - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); Crypto_Config_MariaDB("client-demo-kmc.example.com","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/home/itc/Desktop/CERTS/ammos-ca-bundle.crt", NULL, "/home/itc/Desktop/CERTS/ammos-client-cert.pem", "/home/itc/Desktop/CERTS/ammos-client-key.pem",NULL,"robert", NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); char* data_h = "202C05FF000002000000000000000000007147C4888DE20936C8FFF8772894382BC0EADCFDA9B684BC64250309930E745CB9B300EA84D6C694C8688DCFA9007C276FDC33CDFE2CA12415C359FEDED084549487AA3FD876D04BC947B2EDA171983D7FEE5E627D93ADEF5EA9D9790203E1683B6454AD33614D47903A9D2BD46620FCB1A20DA9138B7A42DDA9F4E5207E3A1A15ECE4C917903B0CACEEED9EC8391AC0010F5BBD309EE3FDD5337BFE51F70DC07EB006B646967269CE93073402CCFB547577AA45CAC5823C35F6F76496F1621252491306EE70089F7DFAE6C1A9E515409E1603F61ADDD12C3BDFF98B2E8595B2CCC0F8339D081380EBBDC295DF274F8C4A02BBE1FC7E405CD54CF11FFA4FF6983A2AD6EAF2EB98EE3418191AE5CFCEBB8653091E4605D017C382990B18E2569A64DE56152CBF5B76D23614E60B449CE24924D549325A0447B88D931C8A0580DD167F5FD1B670A36D965FD3411005C4809F1CF1245C1DA008F1003B7334F933C89DDBF21BC556F8E5F244464A77FFB4320C64DBCD9DF82B3D720A8C9796C3BB8677355A7FF0BDC43D48D8990DC8EA34DA3B796AB0515341522D67FF629C283EA8B71CF261BD2F758443E880A3BEB61C5A839BD702D6D35F7B783B3752D59A1D4A4909A677F88572B84665184AE5149E9492728DA5BBDEA36B6B27E2E6F8194136604C98497056815197F871B8C36B51"; int32_t status = Crypto_Init(); @@ -815,11 +837,12 @@ UTEST(PERFORMANCE, MDB_LIBG_MED_1K) UTEST(PERFORMANCE, LSA_KMC_MED_1K) { - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); char* data_h = "202C05FF00000A000000000000000000000010B7D5264AA13C588EBCE851BB4CF923A94BDCB9E04ABB6688055EE94074AEFF78139C195EFB6D26F9D5DF2A002D4D26F6C1420F623D9EC8AC1B47EF469314F30D2466B5A1F8E4DC1ED2FFDA3B82C6BF6A8CC93B220C9B15A7FDCC1C3D86AEAA7EC2158D603F5FA4E102AE14917E5CF9B4A5EDC23E4EC5E42368C0D8FB1CF9FBCEE6ADC4790ACDE3B91BA41907416B949B7852DBFF244752242405E58A2C9B48D26E428DC89168A7AD434D3800B60192016F7925A27E12EE8F6C58BFC4D5297C39139B4871A2A37A1B5E4669F753A95003569BDD6CA8DB454CB25677D9227D9744EC09391F56A22970580AF34E5743918CF87387918596155B153CC913B588D07E96D765B11703B2D6C5910BFF92042C5ABD4FC474A0E050DACA184FCE4CAF82903F5C2BE659BD8551D1CA66BBA61B3611D4E9DA7E3060400A80F7F9504867F0943BCAC62EA2D07DD1BEE2FBD52439FA45A5F1AB8041D724E6B73A3803AA0B701BA7821B797C30C71C3B3BAF0CFA3C76DBC8323FFB22FF8507C995B5C552883141054E8B0B01594BCA4E6741E6D5DCC5CCA0D5D8A0F07E4771607513AEC948157966E0D0A8B0C8F8AC3D114F1095781B6F29B37655484F8C7C700D41F7B231D2A4637B10EAFDEFA26D133ECE3FDECF73E379BE93E3488F91F82C01031839E851EB324969EA367D98965AC0FA351B"; int32_t status = Crypto_Init(); @@ -831,12 +854,12 @@ UTEST(PERFORMANCE, LSA_KMC_MED_1K) // Expose/setup SAs for testing SecurityAssociation_t* test_association; // Deactivate SA 1 - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; // Activate SA 10 - sadb_routine->sadb_get_sa_from_spi(10, &test_association); + sa_if->sa_get_from_spi(10, &test_association); test_association->sa_state = SA_OPERATIONAL; - sadb_routine->sadb_get_sa_from_spi(10, &test_association); + sa_if->sa_get_from_spi(10, &test_association); *test_association->ecs = CRYPTO_CIPHER_AES256_GCM; // Convert hex to binary @@ -859,12 +882,13 @@ UTEST(PERFORMANCE, LSA_KMC_MED_1K) UTEST(PERFORMANCE, MDB_KMC_MED_1K) { - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); Crypto_Config_MariaDB("client-demo-kmc.example.com","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/home/itc/Desktop/CERTS/ammos-ca-bundle.crt", NULL, "/home/itc/Desktop/CERTS/ammos-client-cert.pem", "/home/itc/Desktop/CERTS/ammos-client-key.pem",NULL,"robert", NULL); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); char* data_h = "202C05FF0000020000000000000000000071B8A9140EDCF90BEB2E84643FB928463D5E7CA5A2CA190B13DFCCBD7C150FC57FCAE7812FD90A672132370F05C11740089A0A263DE28CCF66901393AD69E63E71BF7795929B3F1ECB93D8C73168C84150835C3942C6DE5C015FEEC35DF5227FC068098CFB6307D7D1D9888B81688DFED4D6A16915A636DD6D93C46DE65C869A9E08985D238D5898B07760EAC9DEF46E9F3A38BDF6A28B9185350DB8C0AD33CDA11E6DF84EB849E7288138CEA52F8E9BACB6C461D6E30E365E89697D1FEE1D484452207403A988B643779A07D56A91CFC0C7C197DDC0C68AD837D0FF248AFE3D0F5A46FEB4380EEF796C46D1A279A4D1E12103107FDF84BB1A4FCCF7E56460CEC85F99580597966B5214BBFE22E84E078EFB664D79A98A850F1FC2DDCCD43A92E25D5732C4700F86D2D342A67EBD2363032F7B2E1C1F2D7C003D0590FD4ABD064AE5C8FCFCD656A2AF510223345CC9F2F8837F3060A66F6DAF811E93600D9CB9BC3B3B66EFC395B86DF065C66C9C8A86192092AED70AC44A1D33D219ABE453E47764B78B5ED8689E06FA40A1276874E99560BA983B01B4268C1FD6B7CAA90B5148D2B39E2026C2E6AD56A9071894A7F6FD0BBE91F75519A0ACC72196F3CD72ACACD0820DA674215E80D63D3C9AFE59FFE547AB2F5F7EE16FFF9328EF6473BD7D3121116AD14868BDA4EA305636D744"; int32_t status = Crypto_Init(); @@ -896,11 +920,12 @@ UTEST(PERFORMANCE, MDB_KMC_MED_1K) UTEST(PERFORMANCE, LSA_LIBG_LONG_1K) { - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); char* data_h = "202C07FF00000A000000000000000000000063CC818D81B0A3B0B8CFAE6926856AB15F27C747E4F00F0314AC3174263FCC8ABEEE245A705DF168E7AF81057111A8776502606B698CA119FFDAEE33FD3027358EC40BC2C166D6E5312BF6A813D97864A037D8E3696EFBF2052228DF90F3545628E3182AADD4E7084E423A4CCA88F7C0BAE07A50169E687A1D6232EA056F02AD1F8362D9168A239CDF20EA0615E2FF9B3FC9E02852DD335F0ABCEBBC45A037E073A09B3300B3A2275A646209F4F5BF9C95A9D2A20881273A269B5DB614572D1E117CB73587832D3D63ACD4AD8C9C73AE9A0E521A8C85E19D20F9D670E709924849C46D578D91C0790EF998663E03DE0B830360B2C8E14DF8FA33BC0AC0120CCCA5823543E999C48064B140D8034EBB299E238E526B0443C239EE1CBA826BDAA8705DF421B073A08706D38E11DBD988E08EF9A38C4E4E726326FF54DC43AA76B0EAF004973BCDD51265B306D68EF393E6389AE35858D1B619A3B7D6A3656C3F8EA9512FA6685A3F2710A5A6274FCA0B69275339BC09F3349700E4214A275B9362EE08D2E1E6BBFE0D038007470DD17D8133451B027D1C73AA491256489F6FA2B1964BBA4A6746544ABF98C20C9511E5EFF08678A4B04BFBDFDF401D092FEF153DAB01DB3EBBF0C1879758A6485342DF30D84F46059846F2B9100CEA4A31F68604E41C4448D56A4174B38CF4BA1B365904A442ABCAE1773DBD4007470E674DD5422C5F6DE74EBB068C1C0EEBB68378BB1CFFBC8893DB94136AA501D30C7AEA14135C95C7FA017A893681DF3696448D7F4523102B0A93D183097560B75145754158C7A77B8CE69A7BC7625E28B59FCAD104FDB619B2BB9D5BA7C621697EBC87F80A7FD43480A46828E433314522B9146FCA62CB2105D1EB22D19F55FAE320ED16D54F150FD20081F1336572D128F6D2803A09E8E35456ECB1D6AE0A3A8ECCE231C4602893171538BF40E5AD79003B2CEFA33FDD83D5A79E0BCF26A25754D1E91B279222393F8BDB7A07A0B5BD15458FAB9FB6138192D43A294A9FDE48F660A497305C49726BB3AF29521F8EB686441C34E2DF0BB5EE4E7B0FA14E0A56879A44D252BDA7939B777B6D283C85522F77202A574C0BA9049A3B9BBD059B2CE6CEAEE88B7C979FCB4333BB39AF5F14CFF8B8E8F477C15F11FC6A89365DD8CD258339AB6B748EAB34F93D007805E904A532E7BB5C90AE88209E6170A6656AFCBA6C9F6F5902A8117694C28BF9CF396648E993F5C59D5C60C5C175EEE70E2EA72EA67E2E6535E56E4F95B03B3B077572C6A021D1F1E54EA83DA804E84CD4EE2368917D367552B102B80A5DA8203F65FA9C1BDB5992C0A75F9FF4B9052CD1A59D1AFFC4F31397702C795E36FD31DB437F2376F0E5C9D451777AF0BF88CFE466EE9F4BF2B7929689EDFB2A529ECF8DAFF177E382"; int32_t status = Crypto_Init(); @@ -912,12 +937,12 @@ UTEST(PERFORMANCE, LSA_LIBG_LONG_1K) // Expose/setup SAs for testing SecurityAssociation_t* test_association; // Deactivate SA 1 - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; // Activate SA 10 - sadb_routine->sadb_get_sa_from_spi(10, &test_association); + sa_if->sa_get_from_spi(10, &test_association); test_association->sa_state = SA_OPERATIONAL; - sadb_routine->sadb_get_sa_from_spi(10, &test_association); + sa_if->sa_get_from_spi(10, &test_association); *test_association->ecs = CRYPTO_CIPHER_AES256_GCM; // Convert hex to binary hex_conversion(data_h, &data_b, &data_l); @@ -940,11 +965,12 @@ UTEST(PERFORMANCE, LSA_LIBG_LONG_1K) UTEST(PERFORMANCE, MDB_LIBG_LONG_1K) { - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); Crypto_Config_MariaDB("client-demo-kmc.example.com","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/home/itc/Desktop/CERTS/ammos-ca-bundle.crt", NULL, "/home/itc/Desktop/CERTS/ammos-client-cert.pem", "/home/itc/Desktop/CERTS/ammos-client-key.pem",NULL,"robert", NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); char* data_h = "202C07FF000002000000000000000000007217E059763EF5ADFC613DFAC3D96B906BE1361B1652B72637738C5731EDEF6C0C8EF2A5915169F1C6BBF7755B2D96BEE2F6DBC490A432A1515A89F4164B00020159A9B8646EDA561DB153F0FF6B4FCDE2E1E7FF4A1F3C155742E9298CA19A3F360FCC6CEC154802771F81F7214709DAEFB8D7732D311C2D11BE133D9F4882A82EE5B16A204B102FC8B21E9F3F841589EB85A97ED72781A2A2482A7E81ADB16628D3C7E8B15BDE350A18D9C459A43DE5B048F8C97A92B56E39C05B41AC0119427AE80E5A85FF7D52D25AFFF8B361FE938051399238864B4ED9983BEB4BE0F467530ABA03BF9EAAAAC9899A934E8FDB7DBDF5FE7F6B10B461D88045DEFBE3B872D11DBE975F2EE94A4BE9225653EFE1D6B06CBD6B0987E74B15E348135C41A583A0B5F249B08615FBD9DADFF8C29C9ED9886501B39857A7E2971DE338BC25379CC1E525A1201DE30922C9E3975D7F7E7538FE3D08B9DDF34E7C9DAB5FC961747A4F6F2FAF5E1BEE8F1EBEC4403FE3F6AC90369A04CB64AEBFF8C2457EFB0FE7714F72712C5256CBF18F25BF1AF13F6B639CCBED04CDC6FBA65F09B3ADF0F912995C5AF40157706D7F572C3481AA215F6B1AF5B7DCD519EDCD02EF66358588A756F3AB8C4C7D7B446D425F0DC7D309BADA9078DE415175DDCEDBDEDD6028D67DD4B83DB1D15EAC3F1A8926D11903F1C48484EF953E846203E5EDF6FA62F93D1FCD5E70C3E17017CFB7FC7C9B8A71B4F2B290893E18C7CC2E0BD8CA9FA940D1DC5129B062CBD2FACEDE3D26F5CDB2CC38F013B032835F1E0C6F2898A77DC8859F485FD64CCA79BA79A0911F87F5EA2C1AE5F72D530E8AE17F094A964ABD43C55E7BB7EBD63479C0E1F4014E5BA6B11FBA230A038B9C1470E289555D4313A2C166B34316BDFA84C428F11E61C11B300039B6FAA1D44ABD313ACCAB31DEE5E7D461BE78428EFEBC7DFBC49CBCB5F98DE92F4F07B477A57CB3426D7A66E5A07CC49A1061F8912C68F7C691BEFBD6DF536A9F26AEAEB6968F3F35017760B1840D4CF1E277FE8D9A99326A9FAD68814DE6F929253F2D4F3AF046C578A434DBFEA4B2CC9834633CF5919085126D95F74A444328113408AE6D798FF6961C38822D4523F9AA99C766AE3E5104BE7EE0E027C2F9B73BA07ADA882762FD93F590BF29FD0429BBC83DB4F531C1187B8DECEC0E5171027433358CE6E0AAAF50B59AC32EDE3D5B198B7C6AD462F00F9E7E52A21DE992037FDED63EF5646C236701729096AC704DA4A649C244B24242795DA49B25C34AB8F2E824DE4F42E1D4F06CC79F594DB4F62F31CD928C4CD678451CA7511FBB30F771F45522410586A22321C683F98774C89864E9ADF030216BC083E991CA96E4E751324B7E0AC2775996CDF33A46E09BCC24856D3112D844D337C57B9519F966A4"; int32_t status = Crypto_Init(); @@ -974,11 +1000,12 @@ UTEST(PERFORMANCE, MDB_LIBG_LONG_1K) UTEST(PERFORMANCE, LSA_KMC_LONG_1K) { - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); char* data_h = "202C07FF00000A0000000000000000000000042DD72659FA856512F4C35CA125B94FA62D41A46ECE953F746436776EDBB107E4CB804D02C0A794341D4D7D5A83C8735001B649FABAC5D32D62E64D3A7768CA60B79861A05434DAF398873705D0226717B99079451D42F01FCA9CC895277B705096CA10A9873760CE387FCAB553B93D907F0C299B8427A514C09B36D9008DEFD8C38F7D9E2E7880430D08BFD76C98AE0A1E4A78A5D6E3651C81C418A20C1AA6871BD2C9170A411AB9C00376BC7019E867F7BA0D6A7C28A49E8462216D35C97DA05779F1DEE2A2C1C83E12362A2748E9D7555E8F8CAAAA85611DD3BE5E68C55949329FC64A94804449DA2442406FDFAD6878945EFC27479F4F4DCB82399978F9BAB3D583AC548CEB7EFFEC13D6EE49ECD258781B8F395B9B129F41A72CEDA58D5AE2373EDE39C037042BBFB926DC5C01C92A8D32AF6908754612C2CF6311CAEDF8E78DC3E632C4485D972CF70250A376E687551BB5CE544779AC915CB39ED489B0FA5F7B2948333F5D4DC9CD07D712C764A1085C696473FE62AB77DF0E7E67D91EAF1B1A96F9FE3014B33450B63E6783D2DB965EED2BD26392B221814AA01EEB646B54B2AA45A29F9808283E5FBF04B49C6A3BEE6480E67169825A4E2DA8EB0C7AC690C380107CC888722844DE1C600B2ACFB74ECEB4425B63E8B7AF906540D30333D27BB3DEDAC1A7F04A0584D06EBF0867BC6ADDFBF52B17A7FBE3AD2E814DA4307607DA9C3FC2818A527CDF4E41F4CBF853F25086E90BF8836A9C839830AA9D72283E92A5C5CAACC786CF7FBED1528666FEE7B02CA1ED6F5A05630366AA0DFA37D3B0AB13ADBB2EE053465F7C39A01FF125EADA21619420A89B7FC1706B7E2C6F21ECC923AE9E602FAAD137DBEA66B7CA8C536B00218DC58C398CA465F20DB15438E0D8A2D421AA56FFC7765B7B1903C20312103B86B96B2F8A2F8A72CEBC7D66F86FC2B1EC1662B602C72EEC1C2D6A0B6AF0DF1BC2AFE635C2AB2C083F06D303FE3E45766C80499073177429C7A81EF3883A86FC4271D8F0C91EAB043DCF130CFC2AA1A48C3C20F1ABC1CE1E17B3E64DF5FE4996E285DEC0011A22DAAED5C58529B77E273A2389548748B780271D33A8BB8C380CE1C3CE8F3B2A487DD10D828F3146A2CE61F94CAFF3A5A099A59BF8B59196F271FFF718D097779D56BA71ECFEC97FDDF7BCAC120C264581B3EE45D6C2B01DD0382178134B940D4048847CFB5555A95E33DE7D59C35D41BC37625A64E87AC5F425F7CF88C3D78FF3449464AD4BE53818E8238C9EDB9A1389CAA421A656CDDE86057D08F636AD4462EEBB09B942CE6C86ABA6935DE352AF100257C7B416842C1B4DE70F5DBF55087B297C32A26DC47920B1CD70D1D893EB12703CF04DBD58C4EAE5B5CB674582C69FFD4A06F8491F56DAC15DADFB508EDF1FAA"; int32_t status = Crypto_Init(); @@ -990,10 +1017,10 @@ UTEST(PERFORMANCE, LSA_KMC_LONG_1K) // Expose/setup SAs for testing SecurityAssociation_t* test_association;; // Deactivate SA 1 - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; // Activate SA 10 - sadb_routine->sadb_get_sa_from_spi(10, &test_association); + sa_if->sa_get_from_spi(10, &test_association); test_association->sa_state = SA_OPERATIONAL; *test_association->ecs = CRYPTO_CIPHER_AES256_GCM; @@ -1017,12 +1044,13 @@ UTEST(PERFORMANCE, LSA_KMC_LONG_1K) UTEST(PERFORMANCE, MDB_KMC_LONG_1K) { - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); Crypto_Config_MariaDB("client-demo-kmc.example.com","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/home/itc/Desktop/CERTS/ammos-ca-bundle.crt", NULL, "/home/itc/Desktop/CERTS/ammos-client-cert.pem", "/home/itc/Desktop/CERTS/ammos-client-key.pem",NULL,"robert", NULL); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); char* data_h = "202C07FF00000200000000000000000000721BAC6AEED1D245278896BFCE8F455FC3DA3DFFFC84F3A42360697AC41AA8387B67F79EE9E336B4F2900A074274C3D380C3076550FF491C2CD0131DE6EB2F2D2E5F1F8222A1421E911AD331872BF8A6A48165A8D4B0126B8F156EA11117F975D7F1289375EEC9972796EAE4554AD30C9EDB323518644DC504F4484BBB8447DDE7464F74BF271002141DCD5D961D2FA774703F4D708D21922D5D322D95F87762F93BC53AB12E7539784A7622502BD8BDDAD8CFF1415AD0CC27834CF6009A32E50AAC9B20612D4848B93689F1283C844739D03F96A81970A473167F37CAA1E7FF66C539285EB79AC17AF709D3FC7395479CAA2724189ED064AFEEE81D28ECD0CDEEA105A7F3D8AC2AC42C5FD4BC25569EDD6A5B9674A1F90034E031DB30EFDE4789BC381BAF2D367165CA77114B2B72155DD90A48BE229AC984A6153C3E78B3A6C453CC7D791A1FDF6982F8530EAE61649B5FB83776CE0F607B438A7FF0C13F79A778B295F020FA993ADA08CCE57CB7B6098CC3ABF96EEBC6313C361F7DD0230B9FDDF04ED5E0D206178B8F63F072D4DE6DE8A60D1D5279E86F1E518FB875EC7F86406C4719BB6C4F8682F7F2693341599587EC884B882252437BDE838C318F13C2474D909331A737F0BB651656DF1CF46DB16B911851B1C2CCE0A03E3D9DF7494B3AFB5C24FC793A9D52144482B8A4FEA666B472CBD6E4B8355F39E02BEF428C5B950571D3D195561E0BD004A9BA089CA0776FC42C60E95CD5B190A12143F71473A352DC64BD8E5796C7ECC88506F0A6BEE0600E922053ADC2CB43EDC6852E52C82C388CE39C1C30F6DC30DD5B67B3A326F099C0FC5B8A3BDDDD3D3E0E136889AE5578FF746C2D81162023DA4F7C7EE2312284BB88CCA91AC5090BA5C2E101234E6D50F642F77960205CB9DDAB3E09FE77997B7CC4BF0BBC5AFC11CFB8E53936AD637101390BEC5B534AA48236DEEAEA2901EC42EA699B3DF1E0F91A533E0D1D76432DEDC1A5A2E6763662BD1E8D29D29FDA13C072C549B2F42B0E3B796981853DD7B776CA27142E60C65FCECD23CE7624CA0D81E966248C4C5D10953A6F742AD27C87A4950B4F172B706F65CCA2EFDA0FA6715BD95DD2841DB5C3262B210BF126A548D09C1EF0F7F83FA379D389C1890804AEE56B1CC7F45BF4422CCA3FC165F36BC5DD3546DB386A3551F0F467377D952C82D2890E70840F738FDC49838B1F30A16D1AF8DFE9E594D88EEBAEAE3B6DBA33F8DC69D95246E43A394E1463D0EFCAD040FE57CE9E95C57098E7EE76C6507889EB94232DA84B11572D462F932C04CCD60E3372024B7978B8960EA9145A297E7DF1114E48E6048CFDD31C1859B1A468991E1E67FAEAD138652A0BAA7A4D99669882357ECC0893E4D96A1E6E3D754CA24D5D997EDB91C647436A18A47377"; int32_t status = Crypto_Init(); diff --git a/util/src_util/pt_gcry_base.c b/test/performance/pt_gcry_base.c similarity index 100% rename from util/src_util/pt_gcry_base.c rename to test/performance/pt_gcry_base.c diff --git a/test/sdls_ep_interop/tc4.txt b/test/sdls_ep_interop/tc4.txt deleted file mode 100644 index 0cffad10..00000000 --- a/test/sdls_ep_interop/tc4.txt +++ /dev/null @@ -1,163 +0,0 @@ -Number = 0 -Description = Exercise the key lifecycle using the SDLS-EP key management procedures and to test the Over The Air Rekeying (OTAR) procedures with the key management service parameters and PDU formats specified for the SDLS-EP. Must reboot FSW to run test! -TC = -TM = - - -Number = 1 -Description = OTAR(0) 140-142 -TC = 2003009e00ff000100001880d037008c197f0b000100840000344892bbc54f5395297d4c37172f2a3c46f6a81c1349e9e26ac80985d8bbd55a5814c662e49fba52f99ba09558cd21cf268b8e50b2184137e80f76122034c580464e2f06d2659a50508bdfe9e9a55990ba4148af896d8a6eebe8b5d2258685d4ce217a20174fdd4f0efac62758c51b04e55710a47209c923b641d19a39001f9e986166f5ffd95555 -TM = - - -Number = 2 -Description = Activate 141, 142 -TC = 2003001e00ff000100001880d038000c197f0b00020004008d008e82ebe4fc55555555 -TM = - - -Number = 3 -Description = Deactivate 142 -TC = 2003001c00ff000100001880d039000a197f0b00030002008e1f6d21c4555555555555 -TM = - - -Number = 4 -Description = Verify 132, 134 -TC = 2003003e00ff000100001880d03a002c197f0b00040024008471fc3ad5b1c36ad56bd5a5432315cdab008675c06302465bc6d5091a29957eebed35c00a6ed8 -TM = - -Number = 4.resp -Description = Verify 132, 134 -TC = -TM = 0031020218000001001a0080ffff006084005c0084000000000000000000000001d8eaa795affaa0e951bb6cf0116192e16b1977d6723e92e01123ccef548e2885008600000000000000000000000275c47f30ca26e64af30c19ebffe0b314849133e138ac65bc2806e520a90c96a8216607ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff0000003900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000f844 - - -Number = 5 -Description = Verify 140, 141 -TC = 2003003e00ff000100001880d03b002c197f0b00040024008c1014b4d1f1d832e90f250289a64e641f008dc43813b784f3da70b9d9b6397464b1e9ccbe6ed8 -TM = - -Number = 5.resp -Description = Verify 140, 141 -TC = -TM = 00310303183e0001001a000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080ffff006084005c008c0000000000000000000000012fcf9ec2a0c44401c749344f6519f9b914162833e7893f32c3ca06572d4c91ac008d0000000000000000000000020fd3ae4cd8aa798d5872d152fe1dd0e6a70cc17ef4e3b3a21ca7053352fda2c18d6507ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff00000039000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c00001008b27 - - -Number = 6 -Description = OTAR(1) 145-148 -TC = 200300c000ff000100001880d03c00ae197f0b000100a60001d920aeb912ed2c79690583e398e26d111d6d6de6cf13b2dedd268848d387494c834b85288a9e608a4b089d772a35ce8f7bfd4110fdcc22cd7cccf4ba45e63746f56d281d68850d6817d93d0066d6484e9a3c9e3f5e4f2aee86a035cd215ae6fe89f2f4d7855c6966952425e5e27fa3aaec98e272c1c871cdadaf5f52f9cc33d7097d564a39d75c61edf7b6ecd7dfa7b3f78e6086a49ff8321836e614667f94a4d1b5b5cdfeed05de555555 -TM = - - -Number = 7 -Description = Activate 146, 147 -TC = 2003001e00ff000100001880d03d000c197f0b0002000400920093a8e1e4fc55555555 -TM = - - -Number = 8 -Description = Deactivate 147 -TC = 2003001c00ff000100001880d03e000a197f0b000300020093d4ba21c4555555555555 -TM = - - -Number = 9 -Description = Verify 145, 146 -TC = 2003003e00ff000100001880d03f002c197f0b000400240091b863da1a6ad7f71291570adc1675dfa80092419319c71e0fd243374a4a5643c119308c156ed8 -TM = - -Number = 9.resp -Description = Verify 145, 146 -TC = -TM = 0031040418380001001a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080ffff006084005c0091000000000000000000000001095dd36a5c4a3e92bda5b0cfa668efe8f73b4dc959f4c1b723f00099afdb6d030092000000000000000000000002ee333ad04d4063cdf5f7139440f001c21ba097201aeeaa580a50b96e88ba727244f607ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000007300 - - -Number = 10 -Description = Verify 147, 148 -TC = 2003003e00ff000100001880d040002c197f0b000400240093ada7b7137f61300912abb49b45d931470094253cb5cdaa4b3d044db12737bc0f221106bb6ed8 -TM = - -Number = 10.resp -Description = Verify 147, 148 -TC = -TM = 0031050518360001001a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080ffff006084005c0093000000000000000000000001acae8feba6b45eece52a7f1de280f56ed3a0ae6de63d317a387e726c0094460a009400000000000000000000000252927b593ab5cadcc38662ace78dfaeb6a3df4c3472b4f2ac9a982aecf2a0e25753907ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff0000003900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000010012fd - - -Number = 11 -Description = OTAR(2) 150-153 -TC = 200300c000ff000100001880d04100ae197f0b000100a60002f1e37102f68dcbbba2dce280c9ac4ad7d47803d1c50573054523cdb033e4f9b3149178e8bc34bbd318ee1b82c865b40b195b833389d50a6a64485a3e3f1abf4ec824432b765ce3d82c84a62d98a699a47a3efb37fa04cd982ce0eea11bd6bfc4e5b2300d478da25246961ed4087635d9695155e3a71089d87d2f2df052202700b949d2635823a78bd50bf19145afeb875ea1f995f3d1d3a171d5a61bc92a2060a6f94f05787f05de555555 -TM = - - -Number = 12 -Description = Activate 151-153 -TC = 2003002000ff000100001880d042000e197f0b00020006009700980099bee3a61a5555 -TM = - - -Number = 13 -Description = Deactivate 152, 153 -TC = 2003001e00ff000100001880d043000c197f0b0003000400980099e680e4fc55555555 -TM = - - -Number = 14 -Description = Verify 150, 151 -TC = 2003003e00ff000100001880d044002c197f0b000400240096a785a1801728d57ea5d7da6d4db309730097db2e5b1fb393a402d9c8b3a6edcc562d33b66ed8 -TM = - -Number = 14.resp -Description = Verify 150, 151 -TC = -TM = 0031060618340001001a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080ffff006084005c009600000000000000000000000176316dbb8260d96a20b37b57620e28915f56906a68ef8a8cb0b1a9d9adec816800970000000000000000000000028eb7575fb226ad4699ab2cc3f82a3ee62ab5e45825ee9913df10b46abd680834296a07ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff00000039000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000005fdb - - -Number = 15 -Description = Verify 152, 153 -TC = 2003003e00ff000100001880d045002c197f0b00040024009894a2b915a3154520df52edad8ac1acc00099dc09bd6bf7e43f1dc0d44c08bc8b63084f526ed8 -TM = - -Number = 15.resp -Description = Verify 150, 151 -TC = -TM = 0031070718320001001a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080ffff006084005c0098000000000000000000000001f637d1ea1932e98c1e02ecb2f17310b75552aabf78cc8507785ff28aadc6678d0099000000000000000000000002367f0df5816231ae79b7b7f4281edec346410c7bc9dfed3291b96e5ba55c123d97ff07ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0000100ec09 - - -Number = 16 -Description = USER MODIFY KEY 152 - INVALID -TC = 2003001d00ff000100001880c000000a197f0b004500030098018dc782a5fecf -TM = - - -Number = 17 -Description = Verify 152, 153 -TC = 2003003e00ff000100001880d046002c197f0b000400240098765de8e4d2f1833e80907f7012d2e8300099d4a84e8e561752baa24f86f17b59b477f91e6ed8 -TM = - -Number = 17.resp -Description = Verify 152, 153 -TC = -TM = 0031080818300001001a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080ffff006084005c009800000000000000000000000118af57f93ea5a9afa49c6024255acd0a270fb74852f43f135711885a0194130900990000000000000000000000023edefe1020915c091b2c7d0defcc09bcee47bf3ee527cb3138afb25985b8362de77907ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff0000000000000000000000000000000001000000f1a0 - - -Number = 18 -Description = USER MODIFY KEY 150 - INVALID -TC = 2003001d00ff000100001880c000000a197f0b004500030096018dc782a5fecf -TM = - -Number = 18 -Description = USER MODIFY KEY 151 - INVALID -TC = 2003001d00ff000100001880c000000a197f0b004500030097018dc782a5fecf -TM = - -Number = 20 -Description = Verify 150, 151 -TC = 2003003e00ff000100001880d047002c197f0b0004002400969964112b3621b6b136b51b1dc01da23b0097cdf1bb3b4d10fffcae9fac40caefae52fee56ed8 -TM = - - -Number = 20.resp -Description = Verify 150, 151 -TC = -TM = 00310909182e0001001a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080ffff006084005c009600000000000000000000000119d2aff46ff28b194ddcc67d6c0126f794ddf80120517fad23c2040aace7754d00970000000000000000000000028b90f89f963b6bc79123cc54fca7772d0cbf1c670bfadd54adbe34b268e40fd1d89c07ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000000000000000000000000000000000c00001007e98 diff --git a/test/sdls_ep_interop/tc5.txt b/test/sdls_ep_interop/tc5.txt deleted file mode 100644 index 444872f2..00000000 --- a/test/sdls_ep_interop/tc5.txt +++ /dev/null @@ -1,117 +0,0 @@ -Number = 0 -Description = Exercises the complete SA lifecycle using all the SDLS-EP SA management procedures. Must reboot FSW to run test! -TC = -TM = - - -Number = 1 -Description = SA(6) Rekey 133 -TC = 2003002a00ff000100001880d0ac0018197f0b0016000c00060085000000000000000000000000da959fc8555555555555 -TM = - - -Number = 2 -Description = Start SA(6) -TC = 2003002000ff000100001880d0ad000e197f0b001b0004000600003040f6f7a61a5555 -TM = - - -Number = 3 -Description = Encrypted Ping -TC = 2003043400ff000600000000000000000000000121e8cb55734ac14b895b5145793ab5dd25ab112b4c5f7b99d905051102a9e132c3555555 -TM = - - -Number = 3.resp -Description = Encrypted Ping -TC = -TM = 0031020218000001001a0080ffff0004b10000404307ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff00000039000000000000000000000000000000000000000000000000010000009d6d - - -Number = 4 -Description = Encrypted Ping -TC = 2003043400ff0006000000000000000000000002b3105fd60b1fdb72496c8ce203ce9b2eabb8bfc4527c479319b7cad9899d15b5ed555555 -TM = - - -Number = 4.resp -Description = Encrypted Ping -TC = -TM = 0031030318220001001a000000000000000000000000000000000000000000000000000000000000000000000080ffff0004b10000404307ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff00000039000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c00006023aa7 - - -Number = 5 -Description = Read ARSN(6) -TC = 2003001c00ff000100001880d0b0000a197f0b001000020006571921c4555555555555 -TM = - - -Number = 5.resp -Description = Read ARSN(6) -TC = -TM = 0031040418040001001a000000000080ffff001290000e00060000000000000000000000021ae507ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff00000039000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000082da - - -Number = 6 -Description = Set ARSN(6) to 0x64 -TC = 2003002800ff000100001880d0b10016197f0b001a000a000600000000000000000000006413b5983e55 -TM = - - -Number = 7 -Description = Read ARSN(6) -TC = 2003001c00ff000100001880d0b2000a197f0b00100002000651f321c4555555555555 -TM = - - -Number = 7.resp -Description = Read ARSN(6) -TC = -TM = 0031050518340001001a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080ffff001290000e0006000000000000000000000064168507ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff0000003900000000000000000000000000000000000000000000c0000102d685 - - -Number = 8 -Description = Encrypted Ping -TC = 2003043400ff00060000000000000000000000656cbe97c866d9015ab1f747510b19ccef0376ca22becfeb3968179af7dc364f6ded555555 -TM = - -Number = 8.resp -Description = Encrypted Ping -TC = -TM = 0031060618240001001a0000000000000000000000000000000000000000000000000000000000000000000000000080ffff0004b10000404307ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000f46a - - -Number = 9 -Description = Encrypted Ping -TC = 2003043400ff0006000000000000000000000066fa191521e27cb4d95b5c2b5f43ebe7a0ee0c400f1af632186bfb26a6900bedae4a555555 -TM = - -Number = 9.resp -Description = Encrypted Ping -TC = -TM = 0031070718060001001a0000000000000080ffff0004b10000404307ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff00000039000000000000000000000000000000000000c00006669b93 - - -Number = 10 -Description = Read ARSN(6) -TC = 2003001c00ff000100001880d0b5000a197f0b00100002000659b821c4555555555555 -TM = - - -Number = 10.resp -Description = Read ARSN(6) -TC = -TM = 0031080818280001001a000000000000000000000000000000000000000000000000000000000000000000000000000000000080ffff001290000e000600000000000000000000006636c707ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff0000003900000000000000000000000000000000000000000000000000000000000000000000010000000542 - - -Number = 11 -Description = Stop SA(6) -TC = 2003001c00ff000100001880d0b6000a197f0b001e00020006938f21c4555555555555 -TM = - - -Number = 12 -Description = Expire SA(6) -TC = 2003001c00ff000100001880d0b7000a197f0b001900020006f72e21c4555555555555 -TM = - diff --git a/test/sdls_ep_interop/tc6.txt b/test/sdls_ep_interop/tc6.txt deleted file mode 100644 index f2d8529e..00000000 --- a/test/sdls_ep_interop/tc6.txt +++ /dev/null @@ -1,93 +0,0 @@ -Number = 0 -Description = Execute all the Monitoring & Control procedures and their specified PDU formats as well as testing the FSR functionality. Must reboot FSW to run test! -TC = -TM = - - -Number = 1 -Description = Ping -TC = 2003001a00ff000100001880d2c70008197f0b00310000b1fe312855 -TM = - -Number = 1.resp -Description = Ping -TC = -TM = 0031020218000001001a0080ffff0004b10000404307ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff00000039000000000000000000000000000000000000000000000000010000009d6d - - -Number = 2 -Description = Ping -TC = 2003001a00ff000100001880d2c80008197f0b00310000e74f312855 -TM = - -Number = 2.resp -Description = Ping -TC = -TM = 0031030318220001001a000000000000000000000000000000000000000000000000000000000000000000000080ffff0004b10000404307ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff00000039000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0000100d955 - - -Number = 3 -Description = Start SA(4) -TC = 2003002000ff000100001880d2c9000e197f0b001b0004000400003040d95ea61a5555 -TM = - - -Number = 4 -Description = Ping -TC = 2003043400ff00040000000000000000000000017e1d8eea8d45ceba17888e0cdcd74797f2db4e6521fbbe3e8738b72bcdea797c7a555555 -TM = - - -Number = 4.resp -Description = Ping -TC = -TM = 0031040418040001001a000000000080ffff0004b10000404307ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff00000039000000000000000000000000000000000000000001000000c435 - - -Number = 5 -Description = Ping -TC = 2003043400ff000400000000000000000000000219c6efd6cd012f28eb9f38c49e7669bb6af19abfb95b6627f7bafb4596a3e178a2555555 -TM = - - -Number = 5.resp -Description = Ping -TC = -TM = 0031050518260001001a00000000000000000000000000000000000000000000000000000000000000000000000000000080ffff0004b10000404307ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ff000000390000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c00004023951 - - -Number = 6 -Description = Replay Error Ping -TC = 2003043400ff000400000000000000000000000219c6efd1cd012f28eb9f38c49e6a93c47958d3525b0aec899dd33fe1d0a7b97435555555 -TM = - - -Number = 7 -Description = Reset Alarm -TC = 2003043400ff00040000000000000000000000035f07569e58aa0ca2ee993146a467b8e242d504a647ce56d0a3e4c0c613bdc7c588555555 -TM = - - -Number = 8 -Description = Bad MAC Encrypted Ping -TC = 2003043400ff000400000000000000000000000435d72650fa856512540e82a00668d8c68c90f418166c6693c95f3e370a1bd875ff555555 -TM = - - -Number = 9 -Description = Reset Alarm -TC = 2003043400ff0004000000000000000000000006ba5b389a7bb28e0fca8aea45e6a74b5f2dd79d8e9bd585e53ebed302f14e6d154c555555 -TM = - - -Number = 10 -Description = Out of window Encrypted Ping -TC = 2003043400ff000400000000000000000000000c79ebc6ca752b40c56ecef6cda30c7ca0b1968c3bfd28b786f754b0420be7d5ef6b555555 -TM = - - -Number = 11 -Description = Invalid SPI Encrypted Ping -TC = 2003043400ff00040000000600000000000000079776af36c8eb72afa1c53b7d19d1a486d0cf5df09b6bbad0c2f5e208e45090b13e555555 -TM = - diff --git a/util/src_util/et_dt_validation.c b/test/unit/et_dt_validation.c similarity index 81% rename from util/src_util/et_dt_validation.c rename to test/unit/et_dt_validation.c index 613a5b8d..f21c1169 100644 --- a/util/src_util/et_dt_validation.c +++ b/test/unit/et_dt_validation.c @@ -26,7 +26,7 @@ #include #include "crypto_error.h" -#include "sadb_routine.h" +#include "sa_interface.h" // Setup for some Unit Tests using a Python Script to Verify validiy of frames PyObject *pName, *pModule, *pDict, *pFunc, *pValue, *pArgs, *pClass, *pInstance; @@ -145,7 +145,7 @@ UTEST(ET_VALIDATION, AUTH_ENCRYPTION_TEST) { // Setup & Initialize CryptoLib Crypto_Init_TC_Unit_Test(); - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); uint8_t* expected = NULL; long expected_length = 0; @@ -175,12 +175,11 @@ UTEST(ET_VALIDATION, AUTH_ENCRYPTION_TEST) // Default SA // Expose SA 1 for testing - sadb_routine->sadb_get_sa_from_spi(1, &test_association_1); - test_association_1->ecs = calloc(1, test_association_1->ecs_len * sizeof(uint8_t)); - *test_association_1->ecs = CRYPTO_CIPHER_NONE; + sa_if->sa_get_from_spi(1, &test_association_1); + test_association_1->ecs = CRYPTO_CIPHER_NONE; // Expose SA 4 for testing - sadb_routine->sadb_get_sa_from_spi(4, &test_association_4); + sa_if->sa_get_from_spi(4, &test_association_4); test_association_4->sa_state = SA_KEYED; // Ensure that Process Security can activate SA 4 @@ -193,13 +192,11 @@ UTEST(ET_VALIDATION, AUTH_ENCRYPTION_TEST) // Expose SA 4 for testing test_association_4->arsn_len = 0; test_association_4->gvcid_blk.vcid = 1; - test_association_4->iv = calloc(1, test_association_4->shivf_len * sizeof(uint8_t)); test_association_4->iv[11] = 1; test_association_4->ast = 1; test_association_4->est = 1; test_association_4->sa_state = SA_OPERATIONAL; - test_association_4->ecs = calloc(1, test_association_4->ecs_len * sizeof(uint8_t)); - *test_association_4->ecs = CRYPTO_CIPHER_AES256_GCM; + test_association_4->ecs = CRYPTO_CIPHER_AES256_GCM; return_val = Crypto_TC_ApplySecurity(enc_test_ping_b, enc_test_ping_len, &ptr_enc_frame, &enc_frame_len); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); @@ -216,7 +213,7 @@ UTEST(ET_VALIDATION, AUTH_ENCRYPTION_TEST) ASSERT_EQ(expected[i], ptr_enc_frame[i]); } - // sadb_routine->sadb_close(); + // sa_if->sa_close(); free(activate_sa4_b); free(enc_test_ping_b); free(ptr_enc_frame); @@ -238,7 +235,7 @@ UTEST(DT_VALIDATION, AUTH_DECRYPTION_TEST) { // Setup & Initialize CryptoLib Crypto_Init_TC_Unit_Test(); - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); char* activate_sa4_h = "2003002000ff000100011880d2c9000e197f0b001b0004000400003040d95ecbc2"; char* dec_test_ping_h = @@ -263,12 +260,11 @@ UTEST(DT_VALIDATION, AUTH_DECRYPTION_TEST) // Default SA // Expose SA 1 for testing - sadb_routine->sadb_get_sa_from_spi(1, &test_association); - test_association->ecs = calloc(1, test_association->ecs_len * sizeof(uint8_t)); - *test_association->ecs = CRYPTO_CIPHER_NONE; + sa_if->sa_get_from_spi(1, &test_association); + test_association->ecs = CRYPTO_CIPHER_NONE; // Expose SA 4 for testing - sadb_routine->sadb_get_sa_from_spi(4, &test_association); + sa_if->sa_get_from_spi(4, &test_association); test_association->sa_state = SA_KEYED; // Ensure that Process Security can activate SA 4 @@ -279,16 +275,14 @@ UTEST(DT_VALIDATION, AUTH_DECRYPTION_TEST) test_association->sa_state = SA_NONE; // Expose SA 4 for testing - sadb_routine->sadb_get_sa_from_spi(4, &test_association); + sa_if->sa_get_from_spi(4, &test_association); test_association->arsn_len = 0; test_association->gvcid_blk.vcid = 1; - test_association->iv = calloc(1, test_association->shivf_len * sizeof(uint8_t)); test_association->iv[11] = 0; test_association->ast = 1; test_association->est = 1; test_association->sa_state = SA_OPERATIONAL; - test_association->ecs = calloc(1, test_association->ecs_len * sizeof(uint8_t)); - *test_association->ecs = CRYPTO_CIPHER_AES256_GCM; + test_association->ecs = CRYPTO_CIPHER_AES256_GCM; return_val = Crypto_TC_ProcessSecurity(dec_test_ping_b, &dec_test_ping_len, tc_sdls_processed_frame); ASSERT_EQ(9, return_val); // 9 is the number of pings in that EP PDU. @@ -315,7 +309,7 @@ UTEST(DT_VALIDATION, AUTH_DECRYPTION_TEST) free(dec_test_ping_b); // free(test_association->ecs); free(tc_sdls_processed_frame); - // sadb_routine->sadb_close(); + // sa_if->sa_close(); EndPython(); } @@ -330,14 +324,15 @@ UTEST(NIST_ENC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0) uint16_t enc_frame_len = 0; // Setup & Initialize CryptoLib // Crypto_Init_TC_Unit_Test(); - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); - crypto_key_t* ek_ring = cryptography_if->get_ek_ring(); + SaInterface sa_if = get_sa_interface_inmemory(); + crypto_key_t* ekp = NULL; // NIST supplied vectors // NOTE: Added Transfer Frame header to the plaintext @@ -352,25 +347,24 @@ UTEST(NIST_ENC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0) SecurityAssociation_t* test_association = NULL; test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Deactivate SA 1 - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; // Activate SA 9 - sadb_routine->sadb_get_sa_from_spi(9, &test_association); + sa_if->sa_get_from_spi(9, &test_association); test_association->arsn_len = 0; test_association->sa_state = SA_OPERATIONAL; - test_association->ecs = calloc(1, test_association->ecs_len * sizeof(uint8_t)); - *test_association->ecs = CRYPTO_CIPHER_AES256_GCM; + test_association->ecs = CRYPTO_CIPHER_AES256_GCM; // Insert key into keyring of SA 9 hex_conversion(buffer_nist_key_h, (char**) &buffer_nist_key_b, &buffer_nist_key_len); - memcpy(ek_ring[test_association->ekid].value, buffer_nist_key_b, buffer_nist_key_len); + ekp = key_if->get_key(test_association->ekid); + memcpy(ekp->value, buffer_nist_key_b, buffer_nist_key_len); // Convert input plaintext // TODO: Account for length of header and FECF (5+2) hex_conversion(buffer_nist_pt_h, (char**) &buffer_nist_pt_b, &buffer_nist_pt_len); // Convert/Set input IV hex_conversion(buffer_nist_iv_h, (char**) &buffer_nist_iv_b, &buffer_nist_iv_len); - test_association->iv = malloc(*buffer_nist_iv_b * sizeof(uint8_t)); memcpy(test_association->iv, buffer_nist_iv_b, buffer_nist_iv_len); // Convert input ciphertext hex_conversion(buffer_nist_ct_h, (char**) &buffer_nist_ct_b, &buffer_nist_ct_len); @@ -392,7 +386,7 @@ UTEST(NIST_ENC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0) free(buffer_nist_ct_b); free(buffer_nist_key_b); // free(test_association->ecs); - // sadb_routine->sadb_close(); + // sa_if->sa_close(); } /** @@ -403,15 +397,17 @@ UTEST(NIST_ENC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0) UTEST(NIST_DEC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0) { uint8_t* ptr_enc_frame = NULL; + // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); - crypto_key_t* ek_ring = cryptography_if->get_ek_ring(); + SaInterface sa_if = get_sa_interface_inmemory(); + crypto_key_t* ekp = NULL; // NIST supplied vectors // NOTE: Added Transfer Frame header to the plaintext @@ -430,19 +426,19 @@ UTEST(NIST_DEC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0) SecurityAssociation_t* test_association = NULL; test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Deactivate SA 1 - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; // Activate SA 9 - sadb_routine->sadb_get_sa_from_spi(9, &test_association); + sa_if->sa_get_from_spi(9, &test_association); test_association->arsn_len = 0; test_association->sa_state = SA_OPERATIONAL; - sadb_routine->sadb_get_sa_from_spi(9, &test_association); - test_association->ecs = calloc(1, test_association->ecs_len * sizeof(uint8_t)); - *test_association->ecs = CRYPTO_CIPHER_AES256_GCM; + sa_if->sa_get_from_spi(9, &test_association); + test_association->ecs = CRYPTO_CIPHER_AES256_GCM; test_association->ast =1; // Insert key into keyring of SA 9 hex_conversion(buffer_nist_key_h, (char**) &buffer_nist_key_b, &buffer_nist_key_len); - memcpy(ek_ring[test_association->ekid].value, buffer_nist_key_b, buffer_nist_key_len); + ekp = key_if->get_key(test_association->ekid); + memcpy(ekp->value, buffer_nist_key_b, buffer_nist_key_len); // Convert input plaintext // TODO: Account for length of header and FECF (5+2) @@ -456,21 +452,23 @@ UTEST(NIST_DEC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0) Crypto_TC_ProcessSecurity(buffer_nist_et_b, &buffer_nist_et_len, tc_nist_processed_frame); - Crypto_Shutdown(); - for (int i = 0; i < tc_nist_processed_frame->tc_pdu_len; i++) { - //printf("[%d]: %02x -> %02x \n", i, buffer_nist_pt_b[i + 5], tc_nist_processed_frame->tc_pdu[i]); + if (buffer_nist_pt_b[i + 5] != tc_nist_processed_frame->tc_pdu[i]) + { + printf("[%d]: %02x -> %02x \n", i, buffer_nist_pt_b[i + 5], tc_nist_processed_frame->tc_pdu[i]); + } ASSERT_EQ(buffer_nist_pt_b[i + 5], tc_nist_processed_frame->tc_pdu[i]); } + Crypto_Shutdown(); free(ptr_enc_frame); free(buffer_nist_pt_b); free(buffer_nist_iv_b); free(buffer_nist_et_b); free(buffer_nist_key_b); // free(test_association->ecs); - // sadb_routine->sadb_close(); + // sa_if->sa_close(); } /** @@ -483,14 +481,15 @@ UTEST(NIST_ENC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_1) uint8_t* ptr_enc_frame = NULL; uint16_t enc_frame_len = 0; // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); - crypto_key_t* ek_ring = cryptography_if->get_ek_ring(); + SaInterface sa_if = get_sa_interface_inmemory(); + crypto_key_t* ekp = NULL; // NIST supplied vectors // NOTE: Added Transfer Frame header to the plaintext char* buffer_nist_key_h = "e9ccd6eef27f740d1d5c70b187734e11e76a8ac0ad1702ff02180c5c1c9e5399"; @@ -504,18 +503,18 @@ UTEST(NIST_ENC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_1) SecurityAssociation_t* test_association = NULL; test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Deactivate SA 1 - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; // Activate SA 9 - sadb_routine->sadb_get_sa_from_spi(9, &test_association); + sa_if->sa_get_from_spi(9, &test_association); test_association->arsn_len = 0; test_association->sa_state = SA_OPERATIONAL; - test_association->ecs = calloc(1, test_association->ecs_len * sizeof(uint8_t)); - *test_association->ecs = CRYPTO_CIPHER_AES256_GCM; + test_association->ecs = CRYPTO_CIPHER_AES256_GCM; // Insert key into keyring of SA 9 hex_conversion(buffer_nist_key_h, (char**) &buffer_nist_key_b, &buffer_nist_key_len); - memcpy(ek_ring[test_association->ekid].value, buffer_nist_key_b, buffer_nist_key_len); + ekp = key_if->get_key(test_association->ekid); + memcpy(ekp->value, buffer_nist_key_b, buffer_nist_key_len); // Convert input plaintext // TODO: Account for length of header and FECF (5+2) @@ -542,7 +541,7 @@ UTEST(NIST_ENC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_1) free(buffer_nist_ct_b); free(buffer_nist_key_b); // free(test_association->ecs); - // sadb_routine->sadb_close(); + // sa_if->sa_close(); } /** @@ -554,14 +553,15 @@ UTEST(NIST_DEC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_1) { uint8_t* ptr_enc_frame = NULL; // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); - crypto_key_t* ek_ring = cryptography_if->get_ek_ring(); + SaInterface sa_if = get_sa_interface_inmemory(); + crypto_key_t* ekp = NULL; // NIST supplied vectors // NOTE: Added Transfer Frame header to the plaintext char* buffer_nist_key_h = "e9ccd6eef27f740d1d5c70b187734e11e76a8ac0ad1702ff02180c5c1c9e5399"; @@ -579,18 +579,18 @@ UTEST(NIST_DEC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_1) SecurityAssociation_t* test_association = NULL; test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Deactivate SA 1 - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; // Activate SA 9 - sadb_routine->sadb_get_sa_from_spi(9, &test_association); + sa_if->sa_get_from_spi(9, &test_association); test_association->arsn_len = 0; test_association->sa_state = SA_OPERATIONAL; - test_association->ecs = calloc(1, test_association->ecs_len * sizeof(uint8_t)); - *test_association->ecs = CRYPTO_CIPHER_AES256_GCM; + test_association->ecs = CRYPTO_CIPHER_AES256_GCM; // Insert key into keyring of SA 9 hex_conversion(buffer_nist_key_h, (char**) &buffer_nist_key_b, &buffer_nist_key_len); - memcpy(ek_ring[test_association->ekid].value, buffer_nist_key_b, buffer_nist_key_len); + ekp = key_if->get_key(test_association->ekid); + memcpy(ekp->value, buffer_nist_key_b, buffer_nist_key_len); // Convert input plaintext // TODO: Account for length of header and FECF (5+2) @@ -618,7 +618,7 @@ UTEST(NIST_DEC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_1) free(buffer_nist_et_b); free(buffer_nist_key_b); // free(test_association->ecs); - // sadb_routine->sadb_close(); + // sa_if->sa_close(); } /** @@ -631,14 +631,15 @@ UTEST(NIST_ENC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_2) uint8_t* ptr_enc_frame = NULL; uint16_t enc_frame_len = 0; // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); - crypto_key_t* ek_ring = cryptography_if->get_ek_ring(); + SaInterface sa_if = get_sa_interface_inmemory(); + crypto_key_t* ekp = NULL; // NIST supplied vectors // NOTE: Added Transfer Frame header to the plaintext @@ -653,18 +654,18 @@ UTEST(NIST_ENC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_2) SecurityAssociation_t* test_association = NULL; test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Deactivate SA 1 - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; // Activate SA 9 - sadb_routine->sadb_get_sa_from_spi(9, &test_association); + sa_if->sa_get_from_spi(9, &test_association); test_association->arsn_len = 0; test_association->sa_state = SA_OPERATIONAL; - test_association->ecs = calloc(1, test_association->ecs_len * sizeof(uint8_t)); - *test_association->ecs = CRYPTO_CIPHER_AES256_GCM; + test_association->ecs = CRYPTO_CIPHER_AES256_GCM; // Insert key into keyring of SA 9 hex_conversion(buffer_nist_key_h, (char**) &buffer_nist_key_b, &buffer_nist_key_len); - memcpy(ek_ring[test_association->ekid].value, buffer_nist_key_b, buffer_nist_key_len); + ekp = key_if->get_key(test_association->ekid); + memcpy(ekp->value, buffer_nist_key_b, buffer_nist_key_len); // Convert input plaintext // TODO: Account for length of header and FECF (5+2) @@ -691,7 +692,7 @@ UTEST(NIST_ENC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_2) free(buffer_nist_ct_b); free(buffer_nist_key_b); // free(test_association->ecs); - // sadb_routine->sadb_close(); + // sa_if->sa_close(); } /** @@ -703,14 +704,15 @@ UTEST(NIST_DEC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_2) { uint8_t* ptr_enc_frame = NULL; // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); - crypto_key_t* ek_ring = cryptography_if->get_ek_ring(); + SaInterface sa_if = get_sa_interface_inmemory(); + crypto_key_t* ekp = NULL; // NIST supplied vectors // NOTE: Added Transfer Frame header to the plaintext @@ -729,18 +731,18 @@ UTEST(NIST_DEC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_2) SecurityAssociation_t* test_association = NULL; test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Deactivate SA 1 - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; // Activate SA 9 - sadb_routine->sadb_get_sa_from_spi(9, &test_association); + sa_if->sa_get_from_spi(9, &test_association); test_association->arsn_len = 0; test_association->sa_state = SA_OPERATIONAL; - test_association->ecs = calloc(1, test_association->ecs_len * sizeof(uint8_t)); - *test_association->ecs = CRYPTO_CIPHER_AES256_GCM; + test_association->ecs = CRYPTO_CIPHER_AES256_GCM; // Insert key into keyring of SA 9 hex_conversion(buffer_nist_key_h, (char**) &buffer_nist_key_b, &buffer_nist_key_len); - memcpy(ek_ring[test_association->ekid].value, buffer_nist_key_b, buffer_nist_key_len); + ekp = key_if->get_key(test_association->ekid); + memcpy(ekp->value, buffer_nist_key_b, buffer_nist_key_len); // Convert input plaintext // TODO: Account for length of header and FECF (5+2) @@ -765,7 +767,7 @@ UTEST(NIST_DEC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_2) free(buffer_nist_et_b); free(buffer_nist_key_b); // free(test_association->ecs); - // sadb_routine->sadb_close(); + // sa_if->sa_close(); } /** @@ -778,14 +780,15 @@ UTEST(NIST_ENC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_3) uint8_t* ptr_enc_frame = NULL; uint16_t enc_frame_len = 0; // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); - crypto_key_t* ek_ring = cryptography_if->get_ek_ring(); + SaInterface sa_if = get_sa_interface_inmemory(); + crypto_key_t* ekp = NULL; // NIST supplied vectors // NOTE: Added Transfer Frame header to the plaintext @@ -800,18 +803,18 @@ UTEST(NIST_ENC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_3) SecurityAssociation_t* test_association = NULL; test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Deactivate SA 1 - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; // Activate SA 9 - sadb_routine->sadb_get_sa_from_spi(9, &test_association); + sa_if->sa_get_from_spi(9, &test_association); test_association->arsn_len = 0; test_association->sa_state = SA_OPERATIONAL; - test_association->ecs = calloc(1, test_association->ecs_len * sizeof(uint8_t)); - *test_association->ecs = CRYPTO_CIPHER_AES256_GCM; + test_association->ecs = CRYPTO_CIPHER_AES256_GCM; // Insert key into keyring of SA 9 hex_conversion(buffer_nist_key_h, (char**) &buffer_nist_key_b, &buffer_nist_key_len); - memcpy(ek_ring[test_association->ekid].value, buffer_nist_key_b, buffer_nist_key_len); + ekp = key_if->get_key(test_association->ekid); + memcpy(ekp->value, buffer_nist_key_b, buffer_nist_key_len); // Convert input plaintext // TODO: Account for length of header and FECF (5+2) @@ -838,7 +841,7 @@ UTEST(NIST_ENC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_3) free(buffer_nist_ct_b); free(buffer_nist_key_b); // free(test_association->ecs); - // sadb_routine->sadb_close(); + // sa_if->sa_close(); } /** @@ -850,14 +853,15 @@ UTEST(NIST_DEC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_3) { uint8_t* ptr_enc_frame = NULL; // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); - crypto_key_t* ek_ring = cryptography_if->get_ek_ring(); + SaInterface sa_if = get_sa_interface_inmemory(); + crypto_key_t* ekp = NULL; // NIST supplied vectors // NOTE: Added Transfer Frame header to the plaintext @@ -876,18 +880,18 @@ UTEST(NIST_DEC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_3) SecurityAssociation_t* test_association = NULL; test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Deactivate SA 1 - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; // Activate SA 9 - sadb_routine->sadb_get_sa_from_spi(9, &test_association); + sa_if->sa_get_from_spi(9, &test_association); test_association->arsn_len = 0; test_association->sa_state = SA_OPERATIONAL; - test_association->ecs = calloc(1, test_association->ecs_len * sizeof(uint8_t)); - *test_association->ecs = CRYPTO_CIPHER_AES256_GCM; + test_association->ecs = CRYPTO_CIPHER_AES256_GCM; // Insert key into keyring of SA 9 hex_conversion(buffer_nist_key_h, (char**) &buffer_nist_key_b, &buffer_nist_key_len); - memcpy(ek_ring[test_association->ekid].value, buffer_nist_key_b, buffer_nist_key_len); + ekp = key_if->get_key(test_association->ekid); + memcpy(ekp->value, buffer_nist_key_b, buffer_nist_key_len); // Convert input plaintext // TODO: Account for length of header and FECF (5+2) @@ -912,7 +916,7 @@ UTEST(NIST_DEC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_3) free(buffer_nist_et_b); free(buffer_nist_key_b); // free(test_association->ecs); - // sadb_routine->sadb_close(); + // sa_if->sa_close(); } /** @@ -925,14 +929,15 @@ UTEST(NIST_ENC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_4) uint8_t* ptr_enc_frame = NULL; uint16_t enc_frame_len = 0; // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); - crypto_key_t* ek_ring = cryptography_if->get_ek_ring(); + SaInterface sa_if = get_sa_interface_inmemory(); + crypto_key_t* ekp = NULL; // NIST supplied vectors // NOTE: Added Transfer Frame header to the plaintext @@ -947,18 +952,18 @@ UTEST(NIST_ENC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_4) SecurityAssociation_t* test_association = NULL; test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Deactivate SA 1 - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; // Activate SA 9 - sadb_routine->sadb_get_sa_from_spi(9, &test_association); + sa_if->sa_get_from_spi(9, &test_association); test_association->arsn_len = 0; test_association->sa_state = SA_OPERATIONAL; - test_association->ecs = calloc(1, test_association->ecs_len * sizeof(uint8_t)); - *test_association->ecs = CRYPTO_CIPHER_AES256_GCM; + test_association->ecs = CRYPTO_CIPHER_AES256_GCM; // Insert key into keyring of SA 9 hex_conversion(buffer_nist_key_h, (char**) &buffer_nist_key_b, &buffer_nist_key_len); - memcpy(ek_ring[test_association->ekid].value, buffer_nist_key_b, buffer_nist_key_len); + ekp = key_if->get_key(test_association->ekid); + memcpy(ekp->value, buffer_nist_key_b, buffer_nist_key_len); // Convert input plaintext // TODO: Account for length of header and FECF (5+2) @@ -985,7 +990,7 @@ UTEST(NIST_ENC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_4) free(buffer_nist_ct_b); free(buffer_nist_key_b); // free(test_association->ecs); - // sadb_routine->sadb_close(); + // sa_if->sa_close(); } /** @@ -997,14 +1002,15 @@ UTEST(NIST_DEC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_4) { uint8_t* ptr_enc_frame = NULL; // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); - crypto_key_t* ek_ring = cryptography_if->get_ek_ring(); + SaInterface sa_if = get_sa_interface_inmemory(); + crypto_key_t* ekp = NULL; // NIST supplied vectors // NOTE: Added Transfer Frame header to the plaintext @@ -1023,18 +1029,18 @@ UTEST(NIST_DEC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_4) SecurityAssociation_t* test_association = NULL; test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Deactivate SA 1 - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; // Activate SA 9 - sadb_routine->sadb_get_sa_from_spi(9, &test_association); + sa_if->sa_get_from_spi(9, &test_association); test_association->arsn_len = 0; test_association->sa_state = SA_OPERATIONAL; - test_association->ecs = calloc(1, test_association->ecs_len * sizeof(uint8_t)); - *test_association->ecs = CRYPTO_CIPHER_AES256_GCM; + test_association->ecs = CRYPTO_CIPHER_AES256_GCM; // Insert key into keyring of SA 9 hex_conversion(buffer_nist_key_h, (char**) &buffer_nist_key_b, &buffer_nist_key_len); - memcpy(ek_ring[test_association->ekid].value, buffer_nist_key_b, buffer_nist_key_len); + ekp = key_if->get_key(test_association->ekid); + memcpy(ekp->value, buffer_nist_key_b, buffer_nist_key_len); // Convert input plaintext // TODO: Account for length of header and FECF (5+2) @@ -1059,7 +1065,7 @@ UTEST(NIST_DEC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_4) free(buffer_nist_et_b); free(buffer_nist_key_b); // free(test_association->ecs); - // sadb_routine->sadb_close(); + // sa_if->sa_close(); } /** @@ -1083,14 +1089,15 @@ UTEST(NIST_ENC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0) uint8_t* ptr_enc_frame = NULL; uint16_t enc_frame_len = 0; // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); - crypto_key_t* ek_ring = cryptography_if->get_ek_ring(); + SaInterface sa_if = get_sa_interface_inmemory(); + crypto_key_t* ekp = NULL; // NIST supplied vectors // NOTE: Added Transfer Frame header to the plaintext @@ -1107,10 +1114,10 @@ UTEST(NIST_ENC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0) SecurityAssociation_t* test_association = NULL; test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Deactivate SA 1 - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; // Activate SA 9 - sadb_routine->sadb_get_sa_from_spi(9, &test_association); + sa_if->sa_get_from_spi(9, &test_association); test_association->ast = 1; test_association->est = 0; test_association->arsn_len = 0; @@ -1118,12 +1125,12 @@ UTEST(NIST_ENC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0) test_association->abm_len = 1024; test_association->stmacf_len = 16; test_association->sa_state = SA_OPERATIONAL; - test_association->ecs = calloc(1, test_association->ecs_len * sizeof(uint8_t)); - *test_association->ecs = CRYPTO_CIPHER_AES256_GCM; + test_association->ecs = CRYPTO_CIPHER_AES256_GCM; // Insert key into keyring of SA 9 hex_conversion(buffer_nist_key_h, (char**) &buffer_nist_key_b, &buffer_nist_key_len); - memcpy(ek_ring[test_association->ekid].value, buffer_nist_key_b, buffer_nist_key_len); + ekp = key_if->get_key(test_association->ekid); + memcpy(ekp->value, buffer_nist_key_b, buffer_nist_key_len); // Convert input plaintext // TODO: Account for length of header and FECF (5+2) @@ -1155,7 +1162,7 @@ UTEST(NIST_ENC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0) free(buffer_cyber_chef_mac_b); free(buffer_nist_aad_b); // free(test_association->ecs); - // sadb_routine->sadb_close(); + // sa_if->sa_close(); } /** @@ -1170,14 +1177,15 @@ UTEST(NIST_ENC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_1) uint8_t* ptr_enc_frame = NULL; uint16_t enc_frame_len = 0; // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); - crypto_key_t* ek_ring = cryptography_if->get_ek_ring(); + SaInterface sa_if = get_sa_interface_inmemory(); + crypto_key_t* ekp = NULL; // NIST supplied vectors // NOTE: Added Transfer Frame header to the plaintext @@ -1192,10 +1200,10 @@ UTEST(NIST_ENC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_1) SecurityAssociation_t* test_association = NULL; test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Deactivate SA 1 - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; // Activate SA 9 - sadb_routine->sadb_get_sa_from_spi(9, &test_association); + sa_if->sa_get_from_spi(9, &test_association); test_association->ast = 1; test_association->est = 0; test_association->arsn_len = 0; @@ -1204,12 +1212,12 @@ UTEST(NIST_ENC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_1) memset(test_association->abm, 0xFF, (test_association->abm_len * sizeof(uint8_t))); // Bitmask test_association->stmacf_len = 16; test_association->sa_state = SA_OPERATIONAL; - test_association->ecs = calloc(1, test_association->ecs_len * sizeof(uint8_t)); - *test_association->ecs = CRYPTO_CIPHER_AES256_GCM; + test_association->ecs = CRYPTO_CIPHER_AES256_GCM; // Insert key into keyring of SA 9 hex_conversion(buffer_nist_key_h, (char**) &buffer_nist_key_b, &buffer_nist_key_len); - memcpy(ek_ring[test_association->ekid].value, buffer_nist_key_b, buffer_nist_key_len); + ekp = key_if->get_key(test_association->ekid); + memcpy(ekp->value, buffer_nist_key_b, buffer_nist_key_len); // Convert input plaintext // TODO: Account for length of header and FECF (5+2) @@ -1241,7 +1249,7 @@ UTEST(NIST_ENC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_1) free(buffer_nist_key_b); free(buffer_cyber_chef_mac_b); // free(test_association->ecs); - // sadb_routine->sadb_close(); + // sa_if->sa_close(); } /** @@ -1251,15 +1259,15 @@ UTEST(NIST_ENC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_1) UTEST(NIST_DEC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0) { // Setup & Initialize CryptoLib - int32_t status; - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); - crypto_key_t* ek_ring = cryptography_if->get_ek_ring(); + SaInterface sa_if = get_sa_interface_inmemory(); + crypto_key_t* ekp = NULL; // NIST supplied vectors char* buffer_nist_key_h = "78dc4e0aaf52d935c3c01eea57428f00ca1fd475f5da86a49c8dd73d68c8e223"; @@ -1285,10 +1293,10 @@ UTEST(NIST_DEC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0) SecurityAssociation_t* test_association = NULL; test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Deactivate SA 1 - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; // Activate SA 9 - sadb_routine->sadb_get_sa_from_spi(9, &test_association); + sa_if->sa_get_from_spi(9, &test_association); test_association->ast = 1; test_association->est = 0; test_association->arsn_len = 0; @@ -1297,12 +1305,12 @@ UTEST(NIST_DEC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0) test_association->shivf_len = 12; test_association->stmacf_len = 16; test_association->sa_state = SA_OPERATIONAL; - test_association->ecs = calloc(1, test_association->ecs_len * sizeof(uint8_t)); - *test_association->ecs = CRYPTO_CIPHER_AES256_GCM; + test_association->ecs = CRYPTO_CIPHER_AES256_GCM; // Insert key into keyring of SA 9 hex_conversion(buffer_nist_key_h, (char**) &buffer_nist_key_b, &buffer_nist_key_len); - memcpy(ek_ring[test_association->ekid].value, buffer_nist_key_b, buffer_nist_key_len); + ekp = key_if->get_key(test_association->ekid); + memcpy(ekp->value, buffer_nist_key_b, buffer_nist_key_len); // Convert input plaintext // TODO: Account for length of header and FECF (5+2) hex_conversion(buffer_nist_pt_h, (char**) &buffer_nist_pt_b, &buffer_nist_pt_len); @@ -1314,8 +1322,7 @@ UTEST(NIST_DEC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0) // Convert mac frame hex_conversion(buffer_nist_mac_frame_h, (char**) &buffer_nist_mac_frame_b, &buffer_nist_mac_frame_len); - status = Crypto_TC_ProcessSecurity(buffer_nist_mac_frame_b, &buffer_nist_mac_frame_len, tc_nist_processed_frame); - //printf("TC_Process returned status %d\n", status); + Crypto_TC_ProcessSecurity(buffer_nist_mac_frame_b, &buffer_nist_mac_frame_len, tc_nist_processed_frame); // Note: For comparison, interested in the TF payload (exclude headers and FECF if present) // Calc payload index: total length - pt length @@ -1348,25 +1355,24 @@ UTEST(NIST_DEC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0) printf("\n"); #endif - Crypto_Shutdown(); // Verify the MAC for (int i = 0; i < test_association->stmacf_len; i++) { ASSERT_EQ(tc_nist_processed_frame->tc_sec_trailer.mac[i], buffer_cyber_chef_mac_b[i]); } for (int i = 0; i < tc_nist_processed_frame->tc_pdu_len; i++) - // Verify the PDU Data is present and not stomped - { + { // Verify the PDU Data is present and not stomped ASSERT_EQ(tc_nist_processed_frame->tc_pdu[i], buffer_nist_pt_b[i]); } - ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); + + Crypto_Shutdown(); free(buffer_nist_iv_b); free(buffer_nist_key_b); free(buffer_cyber_chef_mac_b); free(buffer_nist_mac_frame_b); free(buffer_nist_cp_b); // free(test_association->ecs); - // sadb_routine->sadb_close(); + // sa_if->sa_close(); } /** @@ -1376,14 +1382,15 @@ UTEST(NIST_DEC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0_BAD_DATA) { // Setup & Initialize CryptoLib int32_t status; - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); - crypto_key_t* ek_ring = cryptography_if->get_ek_ring(); + SaInterface sa_if = get_sa_interface_inmemory(); + crypto_key_t* ekp = NULL; // NIST supplied vectors char* buffer_nist_key_h = "78dc4e0aaf52d935c3c01eea57428f00ca1fd475f5da86a49c8dd73d68c8e223"; @@ -1410,10 +1417,10 @@ UTEST(NIST_DEC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0_BAD_DATA) SecurityAssociation_t* test_association = NULL; test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Deactivate SA 1 - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; // Activate SA 9 - sadb_routine->sadb_get_sa_from_spi(9, &test_association); + sa_if->sa_get_from_spi(9, &test_association); test_association->ast = 1; test_association->est = 0; test_association->arsn_len = 0; @@ -1422,12 +1429,12 @@ UTEST(NIST_DEC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0_BAD_DATA) test_association->shivf_len = 12; test_association->stmacf_len = 16; test_association->sa_state = SA_OPERATIONAL; - test_association->ecs = calloc(1, test_association->ecs_len * sizeof(uint8_t)); - *test_association->ecs = CRYPTO_CIPHER_AES256_GCM; + test_association->ecs = CRYPTO_CIPHER_AES256_GCM; // Insert key into keyring of SA 9 hex_conversion(buffer_nist_key_h, (char**) &buffer_nist_key_b, &buffer_nist_key_len); - memcpy(ek_ring[test_association->ekid].value, buffer_nist_key_b, buffer_nist_key_len); + ekp = key_if->get_key(test_association->ekid); + memcpy(ekp->value, buffer_nist_key_b, buffer_nist_key_len); // Convert input plaintext // TODO: Account for length of header and FECF (5+2) @@ -1467,7 +1474,7 @@ UTEST(NIST_DEC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0_BAD_DATA) free(buffer_nist_mac_frame_b); free(buffer_nist_cp_b); // free(test_association->ecs); - // sadb_routine->sadb_close(); + // sa_if->sa_close(); } /** @@ -1477,14 +1484,15 @@ UTEST(NIST_DEC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0_BAD_MAC) { // Setup & Initialize CryptoLib int32_t status; - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); - crypto_key_t* ek_ring = cryptography_if->get_ek_ring(); + SaInterface sa_if = get_sa_interface_inmemory(); + crypto_key_t* ekp = NULL; // NIST supplied vectors char* buffer_nist_key_h = "78dc4e0aaf52d935c3c01eea57428f00ca1fd475f5da86a49c8dd73d68c8e223"; @@ -1511,10 +1519,10 @@ UTEST(NIST_DEC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0_BAD_MAC) SecurityAssociation_t* test_association = NULL; test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Deactivate SA 1 - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; // Activate SA 9 - sadb_routine->sadb_get_sa_from_spi(9, &test_association); + sa_if->sa_get_from_spi(9, &test_association); test_association->ast = 1; test_association->est = 0; test_association->arsn_len = 0; @@ -1523,12 +1531,12 @@ UTEST(NIST_DEC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0_BAD_MAC) test_association->shivf_len = 12; test_association->stmacf_len = 16; test_association->sa_state = SA_OPERATIONAL; - test_association->ecs = calloc(1, test_association->ecs_len * sizeof(uint8_t)); - *test_association->ecs = CRYPTO_CIPHER_AES256_GCM; + test_association->ecs = CRYPTO_CIPHER_AES256_GCM; // Insert key into keyring of SA 9 hex_conversion(buffer_nist_key_h, (char**) &buffer_nist_key_b, &buffer_nist_key_len); - memcpy(ek_ring[test_association->ekid].value, buffer_nist_key_b, buffer_nist_key_len); + ekp = key_if->get_key(test_association->ekid); + memcpy(ekp->value, buffer_nist_key_b, buffer_nist_key_len); // Convert input plaintext // TODO: Account for length of header and FECF (5+2) @@ -1568,7 +1576,7 @@ UTEST(NIST_DEC_MAC_VALIDATION, AES_GCM_256_IV_96_PT_128_TEST_0_BAD_MAC) free(buffer_nist_mac_frame_b); free(buffer_nist_cp_b); // free(test_association->ecs); - // sadb_routine->sadb_close(); + // sa_if->sa_close(); } /** @@ -1579,14 +1587,15 @@ UTEST(NIST_ENC_CMAC_VALIDATION, AES_CMAC_256_PT_128_TEST_0) uint8_t* ptr_enc_frame = NULL; uint16_t enc_frame_len = 0; // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); - crypto_key_t* ek_ring = cryptography_if->get_ek_ring(); + SaInterface sa_if = get_sa_interface_inmemory(); + crypto_key_t* akp = NULL; // NIST supplied vectors // NOTE: Added Transfer Frame header to the plaintext @@ -1607,33 +1616,30 @@ UTEST(NIST_ENC_CMAC_VALIDATION, AES_CMAC_256_PT_128_TEST_0) SecurityAssociation_t* test_association = NULL; test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Deactivate SA 1 - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; // Activate SA 9 - sadb_routine->sadb_get_sa_from_spi(9, &test_association); + sa_if->sa_get_from_spi(9, &test_association); test_association->ast = 1; test_association->est = 0; test_association->arsn_len = 0; test_association->shivf_len = 0; test_association->iv_len = 0; test_association->shsnf_len = 4; - test_association->arsn = 0; test_association->arsn_len = 4; - test_association->arsn = calloc(1, test_association->arsn_len * sizeof(uint8_t)); test_association->abm_len = 1024; memset(test_association->abm, 0x00, (test_association->abm_len * sizeof(uint8_t))); // Bitmask test_association->stmacf_len = 16; test_association->sa_state = SA_OPERATIONAL; - test_association->ecs = calloc(1, test_association->ecs_len * sizeof(uint8_t)); - *test_association->ecs = CRYPTO_CIPHER_NONE; - test_association->acs = calloc(1, test_association->acs_len * sizeof(uint8_t)); - *test_association->acs = CRYPTO_MAC_CMAC_AES256; + test_association->ecs = CRYPTO_CIPHER_NONE; + test_association->acs = CRYPTO_MAC_CMAC_AES256; test_association->ekid = 0; test_association->akid = 136; // Insert key into keyring of SA 9 hex_conversion(buffer_nist_key_h, (char**) &buffer_nist_key_b, &buffer_nist_key_len); - memcpy(ek_ring[test_association->akid].value, buffer_nist_key_b, buffer_nist_key_len); + akp = key_if->get_key(test_association->akid); + memcpy(akp->value, buffer_nist_key_b, buffer_nist_key_len); // Convert input plaintext hex_conversion(buffer_frame_pt_h, (char**) &buffer_frame_pt_b, &buffer_frame_pt_len); @@ -1649,8 +1655,11 @@ UTEST(NIST_ENC_CMAC_VALIDATION, AES_CMAC_256_PT_128_TEST_0) for (int i = 0; i < buffer_python_mac_len; i++) { - printf("[%d] Truth: %02x, Actual: %02x\n", enc_data_idx, buffer_python_mac_b[i], *(ptr_enc_frame + enc_data_idx)); - ASSERT_EQ(*(ptr_enc_frame + enc_data_idx), buffer_python_mac_b[i]); + if (ptr_enc_frame[enc_data_idx] != buffer_python_mac_b[i]) + { + printf("[%d] Truth: %02x, Actual: %02x\n", enc_data_idx, buffer_python_mac_b[i], ptr_enc_frame[enc_data_idx]); + } + ASSERT_EQ(ptr_enc_frame[enc_data_idx], buffer_python_mac_b[i]); enc_data_idx++; } @@ -1659,7 +1668,7 @@ UTEST(NIST_ENC_CMAC_VALIDATION, AES_CMAC_256_PT_128_TEST_0) free(buffer_nist_key_b); free(buffer_python_mac_b); // free(test_association->arsn); - // sadb_routine->sadb_close(); + // sa_if->sa_close(); // free(test_association); } @@ -1671,14 +1680,15 @@ UTEST(NIST_ENC_CMAC_VALIDATION, AES_CMAC_256_PT_128_TEST_1) uint8_t* ptr_enc_frame = NULL; uint16_t enc_frame_len = 0; // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); - crypto_key_t* ek_ring = cryptography_if->get_ek_ring(); + SaInterface sa_if = get_sa_interface_inmemory(); + crypto_key_t* akp = NULL; // NIST supplied vectors // NOTE: Added Transfer Frame header to the plaintext @@ -1699,33 +1709,30 @@ UTEST(NIST_ENC_CMAC_VALIDATION, AES_CMAC_256_PT_128_TEST_1) SecurityAssociation_t* test_association = NULL; test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Deactivate SA 1 - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; // Activate SA 9 - sadb_routine->sadb_get_sa_from_spi(9, &test_association); + sa_if->sa_get_from_spi(9, &test_association); test_association->ast = 1; test_association->est = 0; test_association->arsn_len = 0; test_association->shivf_len = 0; test_association->iv_len = 0; test_association->shsnf_len = 4; - test_association->arsn = 0; test_association->arsn_len = 4; - test_association->arsn = calloc(1, test_association->arsn_len * sizeof(uint8_t)); test_association->abm_len = 1024; memset(test_association->abm, 0xFF, (test_association->abm_len * sizeof(uint8_t))); // Bitmask test_association->stmacf_len = 16; test_association->sa_state = SA_OPERATIONAL; - test_association->ecs = calloc(1, test_association->ecs_len * sizeof(uint8_t)); - *test_association->ecs = CRYPTO_CIPHER_NONE; - test_association->acs = calloc(1, test_association->acs_len * sizeof(uint8_t)); - *test_association->acs = CRYPTO_MAC_CMAC_AES256; + test_association->ecs = CRYPTO_CIPHER_NONE; + test_association->acs = CRYPTO_MAC_CMAC_AES256; test_association->ekid = 0; test_association->akid = 136; // Insert key into keyring of SA 9 hex_conversion(buffer_nist_key_h, (char**) &buffer_nist_key_b, &buffer_nist_key_len); - memcpy(ek_ring[test_association->akid].value, buffer_nist_key_b, buffer_nist_key_len); + akp = key_if->get_key(test_association->akid); + memcpy(akp->value, buffer_nist_key_b, buffer_nist_key_len); // Convert input plaintext hex_conversion(buffer_frame_pt_h, (char**) &buffer_frame_pt_b, &buffer_frame_pt_len); @@ -1750,7 +1757,7 @@ UTEST(NIST_ENC_CMAC_VALIDATION, AES_CMAC_256_PT_128_TEST_1) free(buffer_nist_key_b); free(buffer_python_mac_b); // free(test_association); - // sadb_routine->sadb_close(); + // sa_if->sa_close(); } /** @@ -1760,14 +1767,15 @@ UTEST(NIST_DEC_CMAC_VALIDATION, AES_CMAC_256_PT_128_TEST_0) { uint16_t enc_frame_len = 0; // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); - crypto_key_t* ek_ring = cryptography_if->get_ek_ring(); + SaInterface sa_if = get_sa_interface_inmemory(); + crypto_key_t* akp = NULL; // NIST supplied vectors // NOTE: Added Transfer Frame header to the plaintext @@ -1789,27 +1797,23 @@ UTEST(NIST_DEC_CMAC_VALIDATION, AES_CMAC_256_PT_128_TEST_0) SecurityAssociation_t* test_association = NULL; test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Deactivate SA 1 - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; // Activate SA 9 - sadb_routine->sadb_get_sa_from_spi(9, &test_association); + sa_if->sa_get_from_spi(9, &test_association); test_association->ast = 1; test_association->est = 0; test_association->arsn_len = 0; test_association->shivf_len = 0; test_association->iv_len = 0; test_association->shsnf_len = 4; - test_association->arsn = 0; test_association->arsn_len = 4; - test_association->arsn = calloc(1, test_association->arsn_len * sizeof(uint8_t)); test_association->abm_len = 1024; memset(test_association->abm, 0x00, (test_association->abm_len * sizeof(uint8_t))); // Bitmask test_association->stmacf_len = 16; test_association->sa_state = SA_OPERATIONAL; - test_association->ecs = calloc(1, test_association->ecs_len * sizeof(uint8_t)); - *test_association->ecs = CRYPTO_CIPHER_NONE; - test_association->acs = calloc(1, test_association->acs_len * sizeof(uint8_t)); - *test_association->acs = CRYPTO_MAC_CMAC_AES256; + test_association->ecs = CRYPTO_CIPHER_NONE; + test_association->acs = CRYPTO_MAC_CMAC_AES256; test_association->ekid = 0; test_association->akid = 136; @@ -1818,7 +1822,8 @@ UTEST(NIST_DEC_CMAC_VALIDATION, AES_CMAC_256_PT_128_TEST_0) // Insert key into keyring of SA 9 hex_conversion(buffer_nist_key_h, (char**) &buffer_nist_key_b, &buffer_nist_key_len); - memcpy(ek_ring[test_association->akid].value, buffer_nist_key_b, buffer_nist_key_len); + akp = key_if->get_key(test_association->akid); + memcpy(akp->value, buffer_nist_key_b, buffer_nist_key_len); // Convert input plaintext hex_conversion(buffer_frame_pt_h, (char**) &buffer_frame_pt_b, &buffer_frame_pt_len); @@ -1846,7 +1851,7 @@ UTEST(NIST_DEC_CMAC_VALIDATION, AES_CMAC_256_PT_128_TEST_0) free(buffer_python_mac_b); // free(test_association->arsn); // free(test_association); - // sadb_routine->sadb_close(); + // sa_if->sa_close(); } /** @@ -1856,14 +1861,15 @@ UTEST(NIST_DEC_CMAC_VALIDATION, AES_CMAC_256_PT_128_TEST_1) { uint16_t enc_frame_len = 0; // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); - crypto_key_t* ek_ring = cryptography_if->get_ek_ring(); + SaInterface sa_if = get_sa_interface_inmemory(); + crypto_key_t* akp = NULL; // NIST supplied vectors // NOTE: Added Transfer Frame header to the plaintext @@ -1884,10 +1890,10 @@ UTEST(NIST_DEC_CMAC_VALIDATION, AES_CMAC_256_PT_128_TEST_1) SecurityAssociation_t* test_association = NULL; test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Deactivate SA 1 - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; // Activate SA 9 - sadb_routine->sadb_get_sa_from_spi(9, &test_association); + sa_if->sa_get_from_spi(9, &test_association); test_association->ast = 1; test_association->est = 0; test_association->arsn_len = 0; @@ -1895,15 +1901,12 @@ UTEST(NIST_DEC_CMAC_VALIDATION, AES_CMAC_256_PT_128_TEST_1) test_association->iv_len = 0; test_association->shsnf_len = 4; test_association->arsn_len = 4; - test_association->arsn = calloc(1, test_association->arsn_len * sizeof(uint8_t)); test_association->abm_len = 1024; memset(test_association->abm, 0xFF, (test_association->abm_len * sizeof(uint8_t))); // Bitmask test_association->stmacf_len = 16; test_association->sa_state = SA_OPERATIONAL; - test_association->ecs = calloc(1, test_association->ecs_len * sizeof(uint8_t)); - *test_association->ecs = CRYPTO_CIPHER_NONE; - test_association->acs = calloc(1, test_association->acs_len * sizeof(uint8_t)); - *test_association->acs = CRYPTO_MAC_CMAC_AES256; + test_association->ecs = CRYPTO_CIPHER_NONE; + test_association->acs = CRYPTO_MAC_CMAC_AES256; test_association->ekid = 0; test_association->akid = 136; @@ -1912,7 +1915,8 @@ UTEST(NIST_DEC_CMAC_VALIDATION, AES_CMAC_256_PT_128_TEST_1) // Insert key into keyring of SA 9 hex_conversion(buffer_nist_key_h, (char**) &buffer_nist_key_b, &buffer_nist_key_len); - memcpy(ek_ring[test_association->akid].value, buffer_nist_key_b, buffer_nist_key_len); + akp = key_if->get_key(test_association->akid); + memcpy(akp->value, buffer_nist_key_b, buffer_nist_key_len); // Convert input plaintext hex_conversion(buffer_frame_pt_h, (char**) &buffer_frame_pt_b, &buffer_frame_pt_len); @@ -1949,14 +1953,15 @@ UTEST(NIST_ENC_HMAC_VALIDATION, SHA_256_PT_128_TEST_0) uint8_t *ptr_enc_frame = NULL; uint16_t enc_frame_len = 0; // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); - crypto_key_t* ek_ring = cryptography_if->get_ek_ring(); + SaInterface sa_if = get_sa_interface_inmemory(); + crypto_key_t* akp = NULL; // NIST supplied vectors // NOTE: Added Transfer Frame header to the plaintext @@ -1980,31 +1985,29 @@ UTEST(NIST_ENC_HMAC_VALIDATION, SHA_256_PT_128_TEST_0) SecurityAssociation_t *test_association = NULL; test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Deactivate SA 1 - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; // Activate SA 9 - sadb_routine->sadb_get_sa_from_spi(9, &test_association); + sa_if->sa_get_from_spi(9, &test_association); test_association->ast = 1; test_association->est = 0; test_association->shivf_len = 0; test_association->iv_len = 0; test_association->shsnf_len = 4; test_association->arsn_len = 4; - test_association->arsn = calloc(1, test_association->arsn_len * sizeof(uint8_t)); test_association->abm_len = 1024; memset(test_association->abm, 0x00, (test_association->abm_len * sizeof(uint8_t))); // Bitmask test_association->stmacf_len = 16; test_association->sa_state = SA_OPERATIONAL; - test_association->ecs = calloc(1, test_association->ecs_len * sizeof(uint8_t)); - *test_association->ecs = CRYPTO_CIPHER_NONE; - test_association->acs = calloc(1, test_association->acs_len * sizeof(uint8_t)); - *test_association->acs = CRYPTO_MAC_HMAC_SHA256; + test_association->ecs = CRYPTO_CIPHER_NONE; + test_association->acs = CRYPTO_MAC_HMAC_SHA256; test_association->ekid = 0; test_association->akid = 136; // Insert key into keyring of SA 9 hex_conversion(buffer_nist_key_h, (char **)&buffer_nist_key_b, &buffer_nist_key_len); - memcpy(ek_ring[test_association->akid].value, buffer_nist_key_b, buffer_nist_key_len); + akp = key_if->get_key(test_association->akid); + memcpy(akp->value, buffer_nist_key_b, buffer_nist_key_len); // Convert input plaintext hex_conversion(buffer_frame_pt_h, (char **)&buffer_frame_pt_b, &buffer_frame_pt_len); @@ -2016,15 +2019,18 @@ UTEST(NIST_ENC_HMAC_VALIDATION, SHA_256_PT_128_TEST_0) // Note: For comparison, primarily interested in the MAC // Calc payload index: total length - pt length uint16_t enc_data_idx = enc_frame_len - buffer_python_mac_len - 2; - Crypto_Shutdown(); for (int i = 0; i < buffer_python_mac_len; i++) { - printf("[%d] Truth: %02x, Actual: %02x \n", enc_data_idx, buffer_python_mac_b[i], *(ptr_enc_frame + enc_data_idx)); - ASSERT_EQ(*(ptr_enc_frame + enc_data_idx), buffer_python_mac_b[i]); + if (ptr_enc_frame[enc_data_idx] != buffer_python_mac_b[i]) + { + printf("[%d] Truth: %02x, Actual: %02x \n", enc_data_idx, buffer_python_mac_b[i], ptr_enc_frame[enc_data_idx]); + } + ASSERT_EQ(ptr_enc_frame[enc_data_idx], buffer_python_mac_b[i]); enc_data_idx++; } + Crypto_Shutdown(); free(ptr_enc_frame); free(buffer_frame_pt_b); free(buffer_nist_key_b); @@ -2038,15 +2044,18 @@ UTEST(NIST_ENC_HMAC_VALIDATION, SHA_256_PT_128_TEST_1) { uint8_t *ptr_enc_frame = NULL; uint16_t enc_frame_len = 0; + int32_t status; + // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); - crypto_key_t* ek_ring = cryptography_if->get_ek_ring(); + SaInterface sa_if = get_sa_interface_inmemory(); + crypto_key_t* akp = NULL; // NIST supplied vectors // NOTE: Added Transfer Frame header to the plaintext @@ -2069,37 +2078,36 @@ UTEST(NIST_ENC_HMAC_VALIDATION, SHA_256_PT_128_TEST_1) SecurityAssociation_t *test_association = NULL; test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Deactivate SA 1 - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; // Activate SA 9 - sadb_routine->sadb_get_sa_from_spi(9, &test_association); + sa_if->sa_get_from_spi(9, &test_association); test_association->ast = 1; test_association->est = 0; test_association->shivf_len = 0; test_association->iv_len = 0; test_association->shsnf_len = 4; test_association->arsn_len = 4; - test_association->arsn = calloc(1, test_association->arsn_len * sizeof(uint8_t)); test_association->abm_len = 1024; memset(test_association->abm, 0xFF, (test_association->abm_len * sizeof(uint8_t))); // Bitmask test_association->stmacf_len = 16; test_association->sa_state = SA_OPERATIONAL; - test_association->ecs = calloc(1, test_association->ecs_len * sizeof(uint8_t)); - *test_association->ecs = CRYPTO_CIPHER_NONE; - test_association->acs = calloc(1, test_association->acs_len * sizeof(uint8_t)); - *test_association->acs = CRYPTO_MAC_HMAC_SHA256; + test_association->ecs = CRYPTO_CIPHER_NONE; + test_association->acs = CRYPTO_MAC_HMAC_SHA256; test_association->ekid = 0; test_association->akid = 136; // Insert key into keyring of SA 9 hex_conversion(buffer_nist_key_h, (char **)&buffer_nist_key_b, &buffer_nist_key_len); - memcpy(ek_ring[test_association->akid].value, buffer_nist_key_b, buffer_nist_key_len); + akp = key_if->get_key(test_association->akid); + memcpy(akp->value, buffer_nist_key_b, buffer_nist_key_len); // Convert input plaintext hex_conversion(buffer_frame_pt_h, (char **)&buffer_frame_pt_b, &buffer_frame_pt_len); // Convert input mac hex_conversion(buffer_python_mac_h, (char **)&buffer_python_mac_b, &buffer_python_mac_len); - Crypto_TC_ApplySecurity(buffer_frame_pt_b, buffer_frame_pt_len, &ptr_enc_frame, &enc_frame_len); + status = Crypto_TC_ApplySecurity(buffer_frame_pt_b, buffer_frame_pt_len, &ptr_enc_frame, &enc_frame_len); + ASSERT_EQ(status, CRYPTO_LIB_SUCCESS); // Note: For comparison, primarily interested in the MAC // Calc payload index: total length - pt length @@ -2108,8 +2116,11 @@ UTEST(NIST_ENC_HMAC_VALIDATION, SHA_256_PT_128_TEST_1) for (int i = 0; i < buffer_python_mac_len; i++) { - printf("[%d] Truth: %02x, Actual: %02x\n", enc_data_idx, buffer_python_mac_b[i], *(ptr_enc_frame + enc_data_idx)); - ASSERT_EQ(*(ptr_enc_frame + enc_data_idx), buffer_python_mac_b[i]); + if (ptr_enc_frame[enc_data_idx] != buffer_python_mac_b[i]) + { + printf("[%d] Truth: %02x, Actual: %02x\n", enc_data_idx, buffer_python_mac_b[i], *(ptr_enc_frame + enc_data_idx)); + } + ASSERT_EQ(ptr_enc_frame[enc_data_idx], buffer_python_mac_b[i]); enc_data_idx++; } @@ -2124,18 +2135,20 @@ UTEST(NIST_ENC_HMAC_VALIDATION, SHA_256_PT_128_TEST_1) **/ UTEST(NIST_ENC_HMAC_VALIDATION, SHA_512_PT_128_TEST_0) { - uint8_t *ptr_enc_frame = NULL; - uint16_t enc_frame_len = 0; - int32_t status; - // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + uint8_t *ptr_enc_frame = NULL; + uint16_t enc_frame_len = 0; + int32_t status; + // Setup & Initialize CryptoLib + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); - crypto_key_t* ek_ring = cryptography_if->get_ek_ring(); + SaInterface sa_if = get_sa_interface_inmemory(); + crypto_key_t* akp = NULL; // NIST supplied vectors // NOTE: Added Transfer Frame header to the plaintext @@ -2159,32 +2172,30 @@ UTEST(NIST_ENC_HMAC_VALIDATION, SHA_512_PT_128_TEST_0) SecurityAssociation_t *test_association = NULL; test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Deactivate SA 1 - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; // Activate SA 9 - sadb_routine->sadb_get_sa_from_spi(9, &test_association); + sa_if->sa_get_from_spi(9, &test_association); test_association->ast = 1; test_association->est = 0; test_association->shivf_len = 0; test_association->iv_len = 0; test_association->shsnf_len = 4; test_association->arsn_len = 4; - test_association->arsn = calloc(1, test_association->arsn_len * sizeof(uint8_t)); test_association->abm_len = 1024; memset(test_association->abm, 0x00, (test_association->abm_len * sizeof(uint8_t))); // Bitmask test_association->stmacf_len = 16; test_association->sa_state = SA_OPERATIONAL; - test_association->ecs = calloc(1, test_association->ecs_len * sizeof(uint8_t)); - *test_association->ecs = CRYPTO_CIPHER_NONE; - test_association->acs = calloc(1, test_association->acs_len * sizeof(uint8_t)); - *test_association->acs = CRYPTO_MAC_HMAC_SHA512; + test_association->ecs = CRYPTO_CIPHER_NONE; + test_association->acs = CRYPTO_MAC_HMAC_SHA512; test_association->ekid = 0; test_association->akid = 136; // Insert key into keyring of SA 9 hex_conversion(buffer_nist_key_h, (char **)&buffer_nist_key_b, &buffer_nist_key_len); - memcpy(ek_ring[test_association->akid].value, buffer_nist_key_b, buffer_nist_key_len); - ek_ring[test_association->akid].key_len = 64; + akp = key_if->get_key(test_association->akid); + memcpy(akp->value, buffer_nist_key_b, buffer_nist_key_len); + akp->key_len = 64; // Convert input plaintext hex_conversion(buffer_frame_pt_h, (char **)&buffer_frame_pt_b, &buffer_frame_pt_len); @@ -2221,14 +2232,15 @@ UTEST(NIST_ENC_HMAC_VALIDATION, SHA_512_PT_128_TEST_1) uint16_t enc_frame_len = 0; int32_t status; // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); - crypto_key_t* ek_ring = cryptography_if->get_ek_ring(); + SaInterface sa_if = get_sa_interface_inmemory(); + crypto_key_t* akp = NULL; // NIST supplied vectors // NOTE: Added Transfer Frame header to the plaintext @@ -2251,33 +2263,30 @@ UTEST(NIST_ENC_HMAC_VALIDATION, SHA_512_PT_128_TEST_1) SecurityAssociation_t *test_association = NULL; test_association = calloc(1, sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Deactivate SA 1 - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; // Activate SA 9 - sadb_routine->sadb_get_sa_from_spi(9, &test_association); + sa_if->sa_get_from_spi(9, &test_association); test_association->ast = 1; test_association->est = 0; test_association->shivf_len = 0; test_association->iv_len = 0; test_association->shsnf_len = 4; test_association->arsn_len = 4; - test_association->arsn = calloc(1, test_association->arsn_len * sizeof(uint8_t)); test_association->abm_len = 1024; - test_association->abm = calloc(1, test_association->abm_len * sizeof(uint8_t)); memset(test_association->abm, 0xFF, (test_association->abm_len * sizeof(uint8_t))); // Bitmask test_association->stmacf_len = 16; test_association->sa_state = SA_OPERATIONAL; - test_association->ecs = calloc(1, test_association->ecs_len * sizeof(uint8_t)); - *test_association->ecs = CRYPTO_CIPHER_NONE; - test_association->acs = calloc(1, test_association->acs_len * sizeof(uint8_t)); - *test_association->acs = CRYPTO_MAC_HMAC_SHA512; + test_association->ecs = CRYPTO_CIPHER_NONE; + test_association->acs = CRYPTO_MAC_HMAC_SHA512; test_association->ekid = 0; test_association->akid = 136; // Insert key into keyring of SA 9 hex_conversion(buffer_nist_key_h, (char **)&buffer_nist_key_b, &buffer_nist_key_len); - memcpy(ek_ring[test_association->akid].value, buffer_nist_key_b, buffer_nist_key_len); - ek_ring[test_association->akid].key_len = 64; + akp = key_if->get_key(test_association->akid); + memcpy(akp->value, buffer_nist_key_b, buffer_nist_key_len); + akp->key_len = 64; // Convert input plaintext hex_conversion(buffer_frame_pt_h, (char **)&buffer_frame_pt_b, &buffer_frame_pt_len); @@ -2313,14 +2322,15 @@ UTEST(NIST_DEC_HMAC_VALIDATION, SHA_256_PT_128_TEST_0) int32_t status = 0; uint8_t *ptr_enc_frame = NULL; // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); - crypto_key_t* ek_ring = cryptography_if->get_ek_ring(); + SaInterface sa_if = get_sa_interface_inmemory(); + crypto_key_t* akp = NULL; // NIST supplied vectors // NOTE: Added Transfer Frame header to the plaintext @@ -2344,25 +2354,22 @@ UTEST(NIST_DEC_HMAC_VALIDATION, SHA_256_PT_128_TEST_0) SecurityAssociation_t *test_association = NULL; test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Deactivate SA 1 - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; // Activate SA 9 - sadb_routine->sadb_get_sa_from_spi(9, &test_association); + sa_if->sa_get_from_spi(9, &test_association); test_association->ast = 1; test_association->est = 0; test_association->shivf_len = 0; test_association->iv_len = 0; test_association->shsnf_len = 4; test_association->arsn_len = 4; - test_association->arsn = calloc(1, test_association->arsn_len * sizeof(uint8_t)); test_association->abm_len = 1024; memset(test_association->abm, 0x00, (test_association->abm_len * sizeof(uint8_t))); // Bitmask test_association->stmacf_len = 16; test_association->sa_state = SA_OPERATIONAL; - test_association->ecs = calloc(1, test_association->ecs_len * sizeof(uint8_t)); - *test_association->ecs = CRYPTO_CIPHER_NONE; - test_association->acs = calloc(1, test_association->acs_len * sizeof(uint8_t)); - *test_association->acs = CRYPTO_MAC_HMAC_SHA256; + test_association->ecs = CRYPTO_CIPHER_NONE; + test_association->acs = CRYPTO_MAC_HMAC_SHA256; test_association->ekid = 0; test_association->akid = 136; @@ -2371,7 +2378,8 @@ UTEST(NIST_DEC_HMAC_VALIDATION, SHA_256_PT_128_TEST_0) // Insert key into keyring of SA 9 hex_conversion(buffer_nist_key_h, (char **)&buffer_nist_key_b, &buffer_nist_key_len); - memcpy(ek_ring[test_association->akid].value, buffer_nist_key_b, buffer_nist_key_len); + akp = key_if->get_key(test_association->akid); + memcpy(akp->value, buffer_nist_key_b, buffer_nist_key_len); // Convert input plaintext hex_conversion(buffer_frame_pt_h, (char **)&buffer_frame_pt_b, &buffer_frame_pt_len); @@ -2385,7 +2393,10 @@ UTEST(NIST_DEC_HMAC_VALIDATION, SHA_256_PT_128_TEST_0) for (int i = 0; i < buffer_python_mac_len; i++) { - printf("[%d] Truth: %02x, Actual: %02x\n", i, buffer_python_mac_b[i], *(tc_sdls_processed_frame->tc_sec_trailer.mac + i)); + if (*(tc_sdls_processed_frame->tc_sec_trailer.mac + i) != buffer_python_mac_b[i]) + { + printf("[%d] Truth: %02x, Actual: %02x\n", i, buffer_python_mac_b[i], *(tc_sdls_processed_frame->tc_sec_trailer.mac + i)); + } ASSERT_EQ(*(tc_sdls_processed_frame->tc_sec_trailer.mac + i), buffer_python_mac_b[i]); } @@ -2406,14 +2417,15 @@ UTEST(NIST_DEC_HMAC_VALIDATION, SHA_256_PT_128_TEST_1) int32_t status = 0; uint8_t *ptr_enc_frame = NULL; // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); - crypto_key_t* ek_ring = cryptography_if->get_ek_ring(); + SaInterface sa_if = get_sa_interface_inmemory(); + crypto_key_t* akp = NULL; // NIST supplied vectors // NOTE: Added Transfer Frame header to the plaintext @@ -2436,25 +2448,22 @@ UTEST(NIST_DEC_HMAC_VALIDATION, SHA_256_PT_128_TEST_1) SecurityAssociation_t *test_association = NULL; test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Deactivate SA 1 - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; // Activate SA 9 - sadb_routine->sadb_get_sa_from_spi(9, &test_association); + sa_if->sa_get_from_spi(9, &test_association); test_association->ast = 1; test_association->est = 0; test_association->shivf_len = 0; test_association->iv_len = 0; test_association->shsnf_len = 4; test_association->arsn_len = 4; - test_association->arsn = calloc(1, test_association->arsn_len * sizeof(uint8_t)); test_association->abm_len = 1024; memset(test_association->abm, 0xFF, (test_association->abm_len * sizeof(uint8_t))); // Bitmask test_association->stmacf_len = 16; test_association->sa_state = SA_OPERATIONAL; - test_association->ecs = calloc(1, test_association->ecs_len * sizeof(uint8_t)); - *test_association->ecs = CRYPTO_CIPHER_NONE; - test_association->acs = calloc(1, test_association->acs_len * sizeof(uint8_t)); - *test_association->acs = CRYPTO_MAC_HMAC_SHA256; + test_association->ecs = CRYPTO_CIPHER_NONE; + test_association->acs = CRYPTO_MAC_HMAC_SHA256; test_association->ekid = 0; test_association->akid = 136; @@ -2463,7 +2472,8 @@ UTEST(NIST_DEC_HMAC_VALIDATION, SHA_256_PT_128_TEST_1) // Insert key into keyring of SA 9 hex_conversion(buffer_nist_key_h, (char **)&buffer_nist_key_b, &buffer_nist_key_len); - memcpy(ek_ring[test_association->akid].value, buffer_nist_key_b, buffer_nist_key_len); + akp = key_if->get_key(test_association->akid); + memcpy(akp->value, buffer_nist_key_b, buffer_nist_key_len); // Convert input plaintext hex_conversion(buffer_frame_pt_h, (char **)&buffer_frame_pt_b, &buffer_frame_pt_len); @@ -2496,14 +2506,15 @@ UTEST(NIST_DEC_HMAC_VALIDATION, SHA_512_PT_128_TEST_0) { int32_t status = 0; // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); - crypto_key_t* ek_ring = cryptography_if->get_ek_ring(); + SaInterface sa_if = get_sa_interface_inmemory(); + crypto_key_t* akp = NULL; // NIST supplied vectors // NOTE: Added Transfer Frame header to the plaintext @@ -2527,25 +2538,22 @@ UTEST(NIST_DEC_HMAC_VALIDATION, SHA_512_PT_128_TEST_0) SecurityAssociation_t *test_association = NULL; test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Deactivate SA 1 - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; // Activate SA 9 - sadb_routine->sadb_get_sa_from_spi(9, &test_association); + sa_if->sa_get_from_spi(9, &test_association); test_association->ast = 1; test_association->est = 0; test_association->shivf_len = 0; test_association->iv_len = 0; test_association->shsnf_len = 4; test_association->arsn_len = 4; - test_association->arsn = calloc(1, test_association->arsn_len * sizeof(uint8_t)); test_association->abm_len = 1024; memset(test_association->abm, 0x00, (test_association->abm_len * sizeof(uint8_t))); // Bitmask test_association->stmacf_len = 16; test_association->sa_state = SA_OPERATIONAL; - test_association->ecs = calloc(1, test_association->ecs_len * sizeof(uint8_t)); - *test_association->ecs = CRYPTO_CIPHER_NONE; - test_association->acs = calloc(1, test_association->acs_len * sizeof(uint8_t)); - *test_association->acs = CRYPTO_MAC_HMAC_SHA512; + test_association->ecs = CRYPTO_CIPHER_NONE; + test_association->acs = CRYPTO_MAC_HMAC_SHA512; test_association->ekid = 0; test_association->akid = 136; @@ -2554,8 +2562,9 @@ UTEST(NIST_DEC_HMAC_VALIDATION, SHA_512_PT_128_TEST_0) // Insert key into keyring of SA 9 hex_conversion(buffer_nist_key_h, (char **)&buffer_nist_key_b, &buffer_nist_key_len); - memcpy(ek_ring[test_association->akid].value, buffer_nist_key_b, buffer_nist_key_len); - ek_ring[test_association->akid].key_len = 64; + akp = key_if->get_key(test_association->akid); + memcpy(akp->value, buffer_nist_key_b, buffer_nist_key_len); + akp->key_len = 64; // Convert input plaintext hex_conversion(buffer_frame_pt_h, (char **)&buffer_frame_pt_b, &buffer_frame_pt_len); @@ -2586,14 +2595,15 @@ UTEST(NIST_DEC_HMAC_VALIDATION, SHA_512_PT_128_TEST_1) { int32_t status = 0; // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); - crypto_key_t* ek_ring = cryptography_if->get_ek_ring(); + SaInterface sa_if = get_sa_interface_inmemory(); + crypto_key_t* akp = NULL; // NIST supplied vectors // NOTE: Added Transfer Frame header to the plaintext @@ -2617,25 +2627,22 @@ UTEST(NIST_DEC_HMAC_VALIDATION, SHA_512_PT_128_TEST_1) SecurityAssociation_t *test_association = NULL; test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Deactivate SA 1 - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; // Activate SA 9 - sadb_routine->sadb_get_sa_from_spi(9, &test_association); + sa_if->sa_get_from_spi(9, &test_association); test_association->ast = 1; test_association->est = 0; test_association->shivf_len = 0; test_association->iv_len = 0; test_association->shsnf_len = 4; test_association->arsn_len = 4; - test_association->arsn = calloc(1, test_association->arsn_len * sizeof(uint8_t)); test_association->abm_len = 1024; memset(test_association->abm, 0xFF, (test_association->abm_len * sizeof(uint8_t))); // Bitmask test_association->stmacf_len = 16; test_association->sa_state = SA_OPERATIONAL; - test_association->ecs = calloc(1, test_association->ecs_len * sizeof(uint8_t)); - *test_association->ecs = CRYPTO_CIPHER_NONE; - test_association->acs = calloc(1, test_association->acs_len * sizeof(uint8_t)); - *test_association->acs = CRYPTO_MAC_HMAC_SHA512; + test_association->ecs = CRYPTO_CIPHER_NONE; + test_association->acs = CRYPTO_MAC_HMAC_SHA512; test_association->ekid = 0; test_association->akid = 136; @@ -2644,8 +2651,9 @@ UTEST(NIST_DEC_HMAC_VALIDATION, SHA_512_PT_128_TEST_1) // Insert key into keyring of SA 9 hex_conversion(buffer_nist_key_h, (char **)&buffer_nist_key_b, &buffer_nist_key_len); - memcpy(ek_ring[test_association->akid].value, buffer_nist_key_b, buffer_nist_key_len); - ek_ring[test_association->akid].key_len = 64; + akp = key_if->get_key(test_association->akid); + memcpy(akp->value, buffer_nist_key_b, buffer_nist_key_len); + akp->key_len = 64; // Convert input plaintext hex_conversion(buffer_frame_pt_h, (char **)&buffer_frame_pt_b, &buffer_frame_pt_len); @@ -2678,11 +2686,12 @@ UTEST(PLAINTEXT, ENCRYPT_DECRYPT) uint8_t* ptr_enc_frame = NULL; uint16_t enc_frame_len = 0; // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_TRUE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); char* jpl_frame_pt_h = "2003001c00ff000100001880d03e000a197f0b000300020093d4ba21c4555555555555"; @@ -2715,14 +2724,15 @@ UTEST(NIST_ENC_HMAC_VALIDATION, SHA_512_SHORT_KEY) uint8_t *ptr_enc_frame = NULL; uint16_t enc_frame_len = 0; // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); - crypto_key_t* ek_ring = cryptography_if->get_ek_ring(); + SaInterface sa_if = get_sa_interface_inmemory(); + crypto_key_t* akp = NULL; // NIST supplied vectors // NOTE: Added Transfer Frame header to the plaintext @@ -2745,32 +2755,30 @@ UTEST(NIST_ENC_HMAC_VALIDATION, SHA_512_SHORT_KEY) SecurityAssociation_t *test_association = NULL; test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Deactivate SA 1 - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; // Activate SA 9 - sadb_routine->sadb_get_sa_from_spi(9, &test_association); + sa_if->sa_get_from_spi(9, &test_association); test_association->ast = 1; test_association->est = 0; test_association->shivf_len = 0; test_association->iv_len = 0; test_association->shsnf_len = 4; test_association->arsn_len = 4; - test_association->arsn = calloc(1, test_association->arsn_len * sizeof(uint8_t)); test_association->abm_len = 1024; memset(test_association->abm, 0xFF, (test_association->abm_len * sizeof(uint8_t))); // Bitmask test_association->stmacf_len = 16; test_association->sa_state = SA_OPERATIONAL; - test_association->ecs = calloc(1, test_association->ecs_len * sizeof(uint8_t)); - *test_association->ecs = CRYPTO_CIPHER_NONE; - test_association->acs = calloc(1, test_association->acs_len * sizeof(uint8_t)); - *test_association->acs = CRYPTO_MAC_HMAC_SHA512; + test_association->ecs = CRYPTO_CIPHER_NONE; + test_association->acs = CRYPTO_MAC_HMAC_SHA512; test_association->ekid = 0; test_association->akid = 136; // Insert key into keyring of SA 9 hex_conversion(buffer_nist_key_h, (char **)&buffer_nist_key_b, &buffer_nist_key_len); - memcpy(ek_ring[test_association->akid].value, buffer_nist_key_b, buffer_nist_key_len); - ek_ring[test_association->akid].key_len = 32; + akp = key_if->get_key(test_association->akid); + memcpy(akp->value, buffer_nist_key_b, buffer_nist_key_len); + akp->key_len = 32; // Convert input plaintext hex_conversion(buffer_frame_pt_h, (char **)&buffer_frame_pt_b, &buffer_frame_pt_len); @@ -2796,14 +2804,15 @@ UTEST(NIST_DEC_HMAC_VALIDATION, SHA_512_SHORT_KEY) int32_t status = 0; uint8_t *ptr_enc_frame = NULL; // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); - crypto_key_t* ek_ring = cryptography_if->get_ek_ring(); + SaInterface sa_if = get_sa_interface_inmemory(); + crypto_key_t* akp = NULL; // NIST supplied vectors // NOTE: Added Transfer Frame header to the plaintext @@ -2826,25 +2835,22 @@ UTEST(NIST_DEC_HMAC_VALIDATION, SHA_512_SHORT_KEY) SecurityAssociation_t *test_association = NULL; test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); // Deactivate SA 1 - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; // Activate SA 9 - sadb_routine->sadb_get_sa_from_spi(9, &test_association); + sa_if->sa_get_from_spi(9, &test_association); test_association->ast = 1; test_association->est = 0; test_association->shivf_len = 0; test_association->iv_len = 0; test_association->shsnf_len = 4; test_association->arsn_len = 4; - test_association->arsn = calloc(1, test_association->arsn_len * sizeof(uint8_t)); test_association->abm_len = 1024; memset(test_association->abm, 0xFF, (test_association->abm_len * sizeof(uint8_t))); // Bitmask test_association->stmacf_len = 16; test_association->sa_state = SA_OPERATIONAL; - test_association->ecs = calloc(1, test_association->ecs_len * sizeof(uint8_t)); - *test_association->ecs = CRYPTO_CIPHER_NONE; - test_association->acs = calloc(1, test_association->acs_len * sizeof(uint8_t)); - *test_association->acs = CRYPTO_MAC_HMAC_SHA512; + test_association->ecs = CRYPTO_CIPHER_NONE; + test_association->acs = CRYPTO_MAC_HMAC_SHA512; test_association->ekid = 0; test_association->akid = 136; @@ -2853,8 +2859,9 @@ UTEST(NIST_DEC_HMAC_VALIDATION, SHA_512_SHORT_KEY) // Insert key into keyring of SA 9 hex_conversion(buffer_nist_key_h, (char **)&buffer_nist_key_b, &buffer_nist_key_len); - memcpy(ek_ring[test_association->akid].value, buffer_nist_key_b, buffer_nist_key_len); - ek_ring[test_association->akid].key_len = 32; + akp = key_if->get_key(test_association->akid); + memcpy(akp->value, buffer_nist_key_b, buffer_nist_key_len); + akp->key_len = 32; // Convert input plaintext hex_conversion(buffer_frame_pt_h, (char **)&buffer_frame_pt_b, &buffer_frame_pt_len); diff --git a/test/unit/ut_aos_apply.c b/test/unit/ut_aos_apply.c new file mode 100644 index 00000000..cca35b2f --- /dev/null +++ b/test/unit/ut_aos_apply.c @@ -0,0 +1,597 @@ +// /* Copyright (C) 2009 - 2022 National Aeronautics and Space Administration. +// All Foreign Rights are Reserved to the U.S. Government. + +// This software is provided "as is" without any warranty of any kind, either expressed, implied, or statutory, +// including, but not limited to, any warranty that the software will conform to specifications, any implied warranties +// of merchantability, fitness for a particular purpose, and freedom from infringement, and any warranty that the +// documentation will conform to the program, or any warranty that the software will be error free. + +// In no event shall NASA be liable for any damages, including, but not limited to direct, indirect, special or +// consequential damages, arising out of, resulting from, or in any way connected with the software or its +// documentation, whether or not based upon warranty, contract, tort or otherwise, and whether or not loss was sustained +// from, or arose out of the results of, or use of, the software, documentation or services provided hereunder. + +// ITC Team +// NASA IV&V +// jstar-development-team@mail.nasa.gov +// */ + +// /** +// * Unit Tests that macke use of CRYPTO_AOS functionality on the data. +// **/ +#include "ut_aos_apply.h" +#include "crypto.h" +#include "crypto_error.h" +#include "sa_interface.h" +#include "utest.h" + +/** + * @brief Unit Test: AOS Apply: Null Buffer. CryptoLib should immediately recognize the null buffer and return + **/ +UTEST(AOS_APPLY, NULL_BUFFER) +{ + int32_t status = CRYPTO_LIB_ERROR; + uint8_t *ingest = NULL; + + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_AOS_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, + AOS_CHECK_FECF_FALSE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + + status = Crypto_AOS_ApplySecurity(&ingest[0]); + + ASSERT_EQ(CRYPTO_LIB_ERR_NULL_BUFFER, status); + + char* error_enum = Crypto_Get_Error_Code_Enum_String(status); + ASSERT_STREQ("CRYPTO_LIB_ERR_NULL_BUFFER",error_enum); + Crypto_Shutdown(); +} + +/** + * @brief Unit Test: AOS Apply: No Crypto Config or Init, detect no config + **/ +UTEST(AOS_APPLY, NO_CONFIG) +{ + int32_t status = CRYPTO_LIB_ERROR; + uint8_t ingest[1786] = {0}; + + status = Crypto_AOS_ApplySecurity(&ingest[0]); + + ASSERT_EQ(CRYPTO_LIB_ERR_NO_CONFIG, status); + + char* error_enum = Crypto_Get_Error_Code_Enum_String(status); + ASSERT_STREQ("CRYPTO_LIB_ERR_NO_CONFIG",error_enum); + Crypto_Shutdown(); +} + +/** + * @brief Unit Test: CryptoLib is configured, but not initialized - return no config + * Note: Consider more specific errors + **/ +UTEST(AOS_APPLY, NO_INIT) +{ + // Local variables + int32_t status = CRYPTO_LIB_ERROR; + + // No Crypto_Init(), but we still Configure It: + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_AOS_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, + AOS_CHECK_FECF_FALSE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + + // Test frame setup + // 6 byte header, 2 byte blank SPI, data, FECF + char* test_aos_h = "40C0000000000000112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA0000"; + char* test_aos_b = NULL; + int test_aos_len = 0; + hex_conversion(test_aos_h, &test_aos_b, &test_aos_len); + + // Bit math to give concise access to values already set in the static transfer frame + //TFVN Mask (2 bits) = 1100 0000 = 0xCO + aos_frame_pri_hdr.tfvn = ((uint8_t)test_aos_b[0] & 0xC0) >> 6; + //SCID Mask (8 bits) = 0011 1111 1100 0000 = 0x3F 0xC0 + aos_frame_pri_hdr.scid = (((uint16_t)test_aos_b[0] & 0x3F) << 2) | (((uint16_t)test_aos_b[1] & 0xC0) >> 6); + //VCID Mask (6 bits) = 0011 1111 = 0x3F + aos_frame_pri_hdr.vcid = ((uint8_t)test_aos_b[1] & 0x3F); + + // Sanity checks on the above bit math + // Note: This is only checked in this UT, as the bit math is duplicated in other tests + ASSERT_EQ(aos_frame_pri_hdr.tfvn, 0x01); //TFVN - AOS Version 2 is seto to '0b01' per protocol + ASSERT_EQ(aos_frame_pri_hdr.scid, 0x03); //SCID 3 + ASSERT_EQ(aos_frame_pri_hdr.vcid, 0x00); //VCID 0 + + status = Crypto_AOS_ApplySecurity((uint8_t*)test_aos_b); + ASSERT_EQ(CRYPTO_LIB_ERR_NO_CONFIG, status); + + char* error_enum = Crypto_Get_Error_Code_Enum_String(status); + ASSERT_STREQ("CRYPTO_LIB_ERR_NO_CONFIG",error_enum); + + free(test_aos_b); + Crypto_Shutdown(); +} + +/** + * @brief Unit Test: Nominal Case + * This should call apply_security on the referenced AOS frame, in clear mode, + * and continue down the "happy path", finally returning CRYPTOLIB_SUCCESS + * The Provided buffer should remain unchanged, except for filling in the SPI and FECF + **/ +UTEST(AOS_APPLY, HAPPY_PATH_CLEAR_FECF) +{ + // Local variables + int32_t status = CRYPTO_LIB_ERROR; + + // Configure, Add Managed Params, and Init + Crypto_Init_AOS_Unit_Test(); + + // Test Frame Setup + // 6 byte header, 2 byte blank SPI, data, FECF + char* test_aos_h = "40C0000000000000112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA0000"; + char* test_aos_b = NULL; + int test_aos_len = 0; + hex_conversion(test_aos_h, &test_aos_b, &test_aos_len); + + // Truth frame setup + char* truth_aos_h = "40C000000000000E112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA4e7b"; + char* truth_aos_b = NULL; + int truth_aos_len = 0; + hex_conversion(truth_aos_h, &truth_aos_b, &truth_aos_len); + + // Bit math to give concise access to values already set in the static transfer frame + aos_frame_pri_hdr.tfvn = ((uint8_t)test_aos_b[0] & 0xC0) >> 6; + aos_frame_pri_hdr.scid = (((uint16_t)test_aos_b[0] & 0x3F) << 2) | (((uint16_t)test_aos_b[1] & 0xC0) >> 6); + aos_frame_pri_hdr.vcid = ((uint8_t)test_aos_b[1] & 0x3F); + + status = Crypto_AOS_ApplySecurity((uint8_t*)test_aos_b); + ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); + + char* error_enum = Crypto_Get_Error_Code_Enum_String(status); + ASSERT_STREQ("CRYPTO_LIB_SUCCESS",error_enum); + + // Now, byte by byte verify the static frame in memory is what we expect (updated SPI and FECF) + for(int i=0; i < current_managed_parameters->max_frame_size; i++) + { + // printf("Checking %02x against %02X\n", (uint8_t)test_aos_b[i], (uint8_t)*(truth_aos_b + i)); + ASSERT_EQ((uint8_t)test_aos_b[i], (uint8_t)*(truth_aos_b + i)); + } + + free(test_aos_b); + Crypto_Shutdown(); +} + +/** + * @brief Unit Test: Nominal Case + * This should call apply_security on the referenced AOS frame + * and continue down the "happy path", finally returning CRYPTOLIB_SUCCESS + * The Provided buffer should remain unchanged, except for filling in the SPI , + * and the FECF should be left zero'ed out + **/ +UTEST(AOS_APPLY, HAPPY_PATH_CLEAR_FECF_LEFT_BLANK) +{ + // Local variables + int32_t status = CRYPTO_LIB_ERROR; + + // Oddball setup that ensures FECF is left blank + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_AOS_CREATE_FECF_FALSE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, + TM_CHECK_FECF_FALSE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + status = Crypto_Init(); + + // Test Frame Setup + // 6 byte header, 2 byte blank SPI, data, FECF + char* test_aos_h = "40C0000000000000112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAAFFFF"; + char* test_aos_b = NULL; + int test_aos_len = 0; + hex_conversion(test_aos_h, &test_aos_b, &test_aos_len); + + // Truth frame setup + char* truth_aos_h = "40C000000000000E112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA0000"; + char* truth_aos_b = NULL; + int truth_aos_len = 0; + hex_conversion(truth_aos_h, &truth_aos_b, &truth_aos_len); + + // Bit math to give concise access to values already set in the static transfer frame + aos_frame_pri_hdr.tfvn = ((uint8_t)test_aos_b[0] & 0xC0) >> 6; + aos_frame_pri_hdr.scid = (((uint16_t)test_aos_b[0] & 0x3F) << 2) | (((uint16_t)test_aos_b[1] & 0xC0) >> 6); + aos_frame_pri_hdr.vcid = ((uint8_t)test_aos_b[1] & 0x3F); + + status = Crypto_AOS_ApplySecurity((uint8_t*)test_aos_b); + ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); + + char* error_enum = Crypto_Get_Error_Code_Enum_String(status); + ASSERT_STREQ("CRYPTO_LIB_SUCCESS",error_enum); + + // Now, byte by byte verify the static frame in memory is equivalent to what we started with + for(int i=0; i < current_managed_parameters->max_frame_size; i++) + { + // printf("Checking %02x against %02X\n", (uint8_t)test_aos_b[i], (uint8_t)*(truth_aos_b + i)); + ASSERT_EQ((uint8_t)test_aos_b[i], (uint8_t)*(truth_aos_b + i)); + } + + + free(test_aos_b); + Crypto_Shutdown(); +} + +/** + * @brief Unit Test: Nominal Setup, AOS Pri Hdr w/ Frame Hdr Error Control field present + * This should call apply_security on the referenced AOS frame + * and continue down the "happy path", finally returning CRYPTOLIB_SUCCESS + * The Provided buffer should remain unchanged, except for filling in the SPI, + * and the FECF should be left zero'ed out + **/ +UTEST(AOS_APPLY, HAPPY_PATH_CLEAR_FHEC_FECF) +{ + // Configure, Add Managed Params, and Init + int32_t status = CRYPTO_LIB_SUCCESS; + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_AOS_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, + AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + // AOS Tests + Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, 1786, AOS_HAS_FHEC, AOS_NO_IZ, 0); + status = Crypto_Init(); + + // Test Frame Setup + // 8 byte header (Including FHEC stubbed as 0x8888), 2 byte blank SPI, data, FECF + char* test_aos_h = "40C00000000088880000112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAAFFFF"; + char* test_aos_b = NULL; + int test_aos_len = 0; + hex_conversion(test_aos_h, &test_aos_b, &test_aos_len); + + // Truth frame setup + char* truth_aos_h = "40C0000000008888000E112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA5d86"; + char* truth_aos_b = NULL; + int truth_aos_len = 0; + hex_conversion(truth_aos_h, &truth_aos_b, &truth_aos_len); + + // Bit math to give concise access to values already set in the static transfer frame + aos_frame_pri_hdr.tfvn = ((uint8_t)test_aos_b[0] & 0xC0) >> 6; + aos_frame_pri_hdr.scid = (((uint16_t)test_aos_b[0] & 0x3F) << 2) | (((uint16_t)test_aos_b[1] & 0xC0) >> 6); + aos_frame_pri_hdr.vcid = ((uint8_t)test_aos_b[1] & 0x3F); + + status = Crypto_AOS_ApplySecurity((uint8_t*)test_aos_b); + ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); + + char* error_enum = Crypto_Get_Error_Code_Enum_String(status); + ASSERT_STREQ("CRYPTO_LIB_SUCCESS",error_enum); + + // Now, byte by byte verify the static frame in memory is equivalent to what we started with + for(int i=0; i < current_managed_parameters->max_frame_size; i++) + { + // printf("Checking %02x against %02X\n", (uint8_t)test_aos_b[i], (uint8_t)*(truth_aos_b + i)); + ASSERT_EQ((uint8_t)test_aos_b[i], (uint8_t)*(truth_aos_b + i)); + } + + free(test_aos_b); + Crypto_Shutdown(); +} + +/** + * *** TODO: Revisit this when fleshing out Insert Zone functionality further + * This might be OK as is, leaves incoming Insert Zone unmodified + * @brief Unit Test: Nominal Setup, AOS Pri Hdr w/ Frame Hdr Error Control field present, and insert zone present (6 bytes) + * This should call apply_security on the referenced AOS frame + * and continue down the "happy path", finally returning CRYPTOLIB_SUCCESS + * The Provided buffer should remain unchanged, except for filling in the SPI, + * and the FECF should be left zero'ed out + **/ +UTEST(AOS_APPLY, HAPPY_PATH_CLEAR_FHEC_OID_FECF) +{ + // Configure, Add Managed Params, and Init + int32_t status = CRYPTO_LIB_SUCCESS; + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_AOS_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, + AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + // AOS Tests + Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, 1786, AOS_HAS_FHEC, AOS_HAS_IZ, 6); + status = Crypto_Init(); + + // Test Frame Setup + // 8 byte header (Including FHEC stubbed as 0x8888), 2 byte blank SPI, data, FECF + char* test_aos_h = "40C00000000088886666666666660000112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAAFFFF"; + char* test_aos_b = NULL; + int test_aos_len = 0; + hex_conversion(test_aos_h, &test_aos_b, &test_aos_len); + + // Truth frame setup + char* truth_aos_h = "40C0000000008888666666666666000E112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA748e"; + char* truth_aos_b = NULL; + int truth_aos_len = 0; + hex_conversion(truth_aos_h, &truth_aos_b, &truth_aos_len); + + // Bit math to give concise access to values already set in the static transfer frame + aos_frame_pri_hdr.tfvn = ((uint8_t)test_aos_b[0] & 0xC0) >> 6; + aos_frame_pri_hdr.scid = (((uint16_t)test_aos_b[0] & 0x3F) << 2) | (((uint16_t)test_aos_b[1] & 0xC0) >> 6); + aos_frame_pri_hdr.vcid = ((uint8_t)test_aos_b[1] & 0x3F); + + status = Crypto_AOS_ApplySecurity((uint8_t*)test_aos_b); + ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); + + char* error_enum = Crypto_Get_Error_Code_Enum_String(status); + ASSERT_STREQ("CRYPTO_LIB_SUCCESS",error_enum); + + // Now, byte by byte verify the static frame in memory is equivalent to what we started with + for(int i=0; i < current_managed_parameters->max_frame_size; i++) + { + // printf("Checking %02x against %02X\n", (uint8_t)test_aos_b[i], (uint8_t)*(truth_aos_b + i)); + ASSERT_EQ((uint8_t)test_aos_b[i], (uint8_t)*(truth_aos_b + i)); + } + + free(test_aos_b); + Crypto_Shutdown(); +} + +/** + * @brief Unit Test: Authentication - AES CMAC + * This should call apply_security on the referenced AOS frame, in authenticated mode, + * finally returning CRYPTOLIB_SUCCESS + * The Provided buffer should remain unchanged, except for filling in the SPI, MAC, and FECF + * Utilizes a bitmask of ones + **/ +UTEST(AOS_APPLY, AES_CMAC_256_TEST_BITMASK_1) +{ + // Local variables + int32_t status = CRYPTO_LIB_SUCCESS; + SecurityAssociation_t *sa_ptr = NULL; + SaInterface sa_if = get_sa_interface_inmemory(); + + // Configure, Add Managed Params, and Init + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_AOS_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, + AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + // AOS Tests + Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, 1786, AOS_NO_FHEC, AOS_NO_IZ, 0); + status = Crypto_Init(); + // Test Frame Setup + // 6 byte header, 2 byte blank SPI, data, 16 byte MAC, FECF + char* test_aos_h = "40C0000000000000112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAADDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD0000"; + char* test_aos_b = NULL; + int test_aos_len = 0; + hex_conversion(test_aos_h, &test_aos_b, &test_aos_len); + + // Truth frame setup + char* truth_aos_h = "40C000000000000F112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA73f3bef638ea5fe682c5b0b8a6b429749938"; + char* truth_aos_b = NULL; + int truth_aos_len = 0; + hex_conversion(truth_aos_h, &truth_aos_b, &truth_aos_len); + + // Bit math to give concise access to values already set in the static transfer frame + aos_frame_pri_hdr.tfvn = ((uint8_t)test_aos_b[0] & 0xC0) >> 6; + aos_frame_pri_hdr.scid = (((uint16_t)test_aos_b[0] & 0x3F) << 2) | (((uint16_t)test_aos_b[1] & 0xC0) >> 6); + aos_frame_pri_hdr.vcid = ((uint8_t)test_aos_b[1] & 0x3F); + + // Expose/setup SA for testing + // Configure SA 14 off + sa_if->sa_get_from_spi(14, &sa_ptr); + sa_ptr->sa_state = SA_KEYED; + + // Configure SA 15 on + sa_if->sa_get_from_spi(15, &sa_ptr); + sa_ptr->sa_state = SA_OPERATIONAL; + + status = Crypto_AOS_ApplySecurity((uint8_t*)test_aos_b); + ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); + + char* error_enum = Crypto_Get_Error_Code_Enum_String(status); + ASSERT_STREQ("CRYPTO_LIB_SUCCESS",error_enum); + + // Now, byte by byte verify the static frame in memory is what we expect (updated SPI and FECF) + for(int i=0; i < current_managed_parameters->max_frame_size; i++) + { + // printf("Checking %02x against %02X\n", (uint8_t)test_aos_b[i], (uint8_t)*(truth_aos_b + i)); + ASSERT_EQ((uint8_t)test_aos_b[i], (uint8_t)*(truth_aos_b + i)); + } + + free(test_aos_b); + Crypto_Shutdown(); +} + +/** + * @brief Unit Test: Authentication - AES CMAC + * This should call apply_security on the referenced AOS frame, in authenticated mode, + * finally returning CRYPTOLIB_SUCCESS + * The Provided buffer should remain unchanged, except for filling in the SPI, MAC, and FECF + * Utilizes a bitmask of zeroes + **/ +UTEST(AOS_APPLY, AES_CMAC_256_TEST_BITMASK_0) +{ + // Local variables + int32_t status = CRYPTO_LIB_SUCCESS; + SecurityAssociation_t *sa_ptr = NULL; + SaInterface sa_if = get_sa_interface_inmemory(); + + // Configure, Add Managed Params, and Init + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_AOS_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, + AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + // AOS Tests + Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, 1786, AOS_NO_FHEC, AOS_NO_IZ, 0); + status = Crypto_Init(); + // Test Frame Setup + // 6 byte header, 2 byte blank SPI, data, 16 byte MAC, FECF + char* test_aos_h = "40C0000000000000112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAADDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD0000"; + char* test_aos_b = NULL; + int test_aos_len = 0; + hex_conversion(test_aos_h, &test_aos_b, &test_aos_len); + + // Truth frame setup + char* truth_aos_h = "40C000000000000F112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA5db19eb46f096b17bbe72c50448218d98799"; + char* truth_aos_b = NULL; + int truth_aos_len = 0; + hex_conversion(truth_aos_h, &truth_aos_b, &truth_aos_len); + + // Bit math to give concise access to values already set in the static transfer frame + aos_frame_pri_hdr.tfvn = ((uint8_t)test_aos_b[0] & 0xC0) >> 6; + aos_frame_pri_hdr.scid = (((uint16_t)test_aos_b[0] & 0x3F) << 2) | (((uint16_t)test_aos_b[1] & 0xC0) >> 6); + aos_frame_pri_hdr.vcid = ((uint8_t)test_aos_b[1] & 0x3F); + + // Expose/setup SA for testing + // Configure SA 14 off + sa_if->sa_get_from_spi(14, &sa_ptr); + sa_ptr->sa_state = SA_KEYED; + + // Configure SA 15 on + sa_if->sa_get_from_spi(15, &sa_ptr); + sa_ptr->sa_state = SA_OPERATIONAL; + memset(sa_ptr->abm, 0x00, (sa_ptr->abm_len * sizeof(uint8_t))); // Bitmask + + status = Crypto_AOS_ApplySecurity((uint8_t*)test_aos_b); + ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); + + char* error_enum = Crypto_Get_Error_Code_Enum_String(status); + ASSERT_STREQ("CRYPTO_LIB_SUCCESS",error_enum); + + // Now, byte by byte verify the static frame in memory is what we expect (updated SPI and FECF) + for(int i=0; i < current_managed_parameters->max_frame_size; i++) + { + // printf("Checking %02x against %02X\n", (uint8_t)test_aos_b[i], (uint8_t)*(truth_aos_b + i)); + ASSERT_EQ((uint8_t)test_aos_b[i], (uint8_t)*(truth_aos_b + i)); + } + + free(test_aos_b); + Crypto_Shutdown(); +} + +/** + * @brief Unit Test: Encryption - AES GCM + * This should call apply_security on the referenced AOS frame, in encryption only mode, + * finally returning CRYPTOLIB_SUCCESS + * The Provided buffer should be returned encrypted, also filling in the SPI and FECF + * Bitmask not used/needed if not doing authentication + **/ +UTEST(AOS_APPLY, AES_GCM) +{ + // Local variables + int32_t status = CRYPTO_LIB_SUCCESS; + SecurityAssociation_t *sa_ptr = NULL; + SaInterface sa_if = get_sa_interface_inmemory(); + + // Configure, Add Managed Params, and Init + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_AOS_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, + AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + // AOS Tests + Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, 1786, AOS_NO_FHEC, AOS_NO_IZ, 0); + status = Crypto_Init(); + // Test Frame Setup + // 6 byte header, 2 byte blank SPI, 16 byte blank IV (CCC...), data, FECF + // | Header |SPI| + char* test_aos_h = "40C0000000000000CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA0000"; + char* test_aos_b = NULL; + int test_aos_len = 0; + hex_conversion(test_aos_h, &test_aos_b, &test_aos_len); + + // Truth frame setup + char* truth_aos_h = "40C00000000000100000000000000000000000000000000010df143c92a39b3568cc9916c9d06c715bf8017168f88ef107a8016a03207f7d12fe4ccd79ab24043982fe6a8b9675c3b819e2d7dfad32bd85381fb54544d76668a6ab58b988158702e91afe55cd71f1ba50d72bbd1ccc41529101ee1a39c46ecd8a7feb503444606611239d31102dc6371b0e2152dd301e3268d0a45e1bcb58779642e883b6a26546094ba39fb0ce11b39c49092c9b366059e773e4789052311a465f39ba677458510c09826f1ea580fa5c9d5b9677ede38e46fc33fe8d303f9529c15c2bed4c879c5bfdacd86210a431e0f3852b3798369ae1230b4ed5ae66e153757508ead77e85ddac804e8a409cca8b9d3cef0dd1d0298bcdbda1dda336d66ee6b59f2f10ffa6d4bf99885b9082b83cd20c9a44a002c460530a9741e26e78b6e8f9349df8e618b904ed01306ee9ed3a389374efe43e5ed2bcd528943057762f9dc1d392fe2dd2fc6d9cab9e347a25839c07ba47113bad0633b6b5f09228be87631cc1538c2f6e79e9df0f18d658bd8b3ac45b396cfeadd1700ca2ec95cdbe38e5ec013c74cd68d0035bb975c392f5116b661a928bf113c3cacc801a84cbd3f8d3dc2273e0c5270d656648a48db16f860e4a36ee7e8979da4135e40e6952041a0d16b6f51cf67519b80a472b4cf5614d5a0b18dd755b7c8d63936e43de25a3cdf0d03179aebd5cc85fa1cc0c03fbdd240dd878d647619cbf367a7e486e572c5636c7a7d9b517c565a547597d311b69110985b5f7c5d47904a6f6699e93c02ea7559d4ba94d139824e9ef0840ad3e31afdaaa71f7baba8835d568443b0dab10a4f40043160fde9961038bcb823ab570bac0e609e17311a6b0edab4fce98f8df059194393f5109e766f6bf7e21c9a4441acff0cfd28658d48304331cb0c982da833c94cf6a7aadc8e2a696b69df49efcd7efadfd2e95bd3a9ab605c221e08b5f61f3aff2496b7c89f98a76aa305116220c50142cfa4490916f7a6b8732839280d39a402d87ff7e7b1f71b6a243c316307e82b16071ad18e99a548bacc4ed648df49c6eafca0db764b98c75a9e953161cb6d384421b473f95d6801d5413dbde4373abab3269c0fade85ab66a9beea1d32462796dac0024f44ade919286b5e92488e52b51ada1deb0730c9b2e66b9b3c75dab5194cf452cb626ea4d9425b28e6d97a9d93d5c61d1fd02eea18d2b42058de6453abac1165740be3c352d7291f8df7abd0c24e90bc8fbdadc32c31942e82f09f74f3ff75e20e597d87d136998b94d99370a8d6c3eedf44503ccc2d7d560a3c068f8914fb67a976cb15d3be212bc549b26613113a509079ad19e5abd26467e26571c98f17e248e31ad5b0f489a05b71e38725574e9a076bf55d546f970cbc1892801b6a4b4bc7e3b82723cf251dcf3bfee0cb3b8c54a51a99d5272e8165a6cf8b2b05a549d091090c8b7a623541f2b29542eecc1234bc172038f8fcb0fe14413601f2d255708e4a30a789ec92a3f7bb286c80899886d2f59edfe5e120039b2e0e6fce7fa81dd15b14c61afc0c334015cf975b42cb53bc33dc511c6aac87f1e38f48287c4ede88b8a22ab013200d4d894709bc0668ac5ff06add5c28ef3764e3a6f51ba519256574734b0ad395d80ee886018ce0a1b935b1af4747b47011eb030c2ca2ab77cf33019cfca4bbbde219d32666ce9a2db7a9e1f0f3fdff22a0b2cf6d245f0c5de470a40025a9f2e743c1fd626a01eb34293544c3dee8b72892c8a2d4fbe0cb2dec2bda572ba4a1246b811331d80e5078b310eb9090a89216b390df62671425f89e73ca736e49848368be1eca4cc5c3036df2dcee5ca648d199f64b9bb792a2b7eb7ddc5ae43f35bcd9b9a7f4b9b8d493f958666af4dff6a2dec6a4ca908cd67f98d8845a631b3ecff4c5e527a0654ae737885885425f6780da2e53f4e612ee8caf42e4d25cec899e7788e1652f0aa1536c488df58f750b7b63a1573d4df0e3eda5c8359daae006269cc4f79aab4360ce37b2227bc17a7feb2bd62108404b9d4ec6ca9d4a2c903a34d03db5d68004d5235789e61a22ec75f98680b0829cbf905668c9631a5157d39d73d1ab7e558ae6ced855939ea79b80f7256dc29fbf01bacbd718e96916218e41c3fb221f5b9ac58eb3bb694edfc60a9a518f392ba97d542034d17cba204ea92572677c3b6af86383f013fb537ba8441d1b8f645289d8c1347377f3698a830aa82ebe9123808eb105ef216502cee4cd7ef05a14f1e87b5a66eb937a5f7dfd704fb6ad693c90c941a3e4853a148ada9269de95852b412d4d9fc8920120835156c0c6ed168027115535edbf4ff5b72a3f556234c68245c604188572d3a372a898bd6a439bd4a8d6402b28260e81ece7bbf0cdf5a2a2983403289cb060f81d3aedf8b4a82dcdadfed35a86a8b6df4d57801f7718a15660f9b03e0c0450a717e14e92e278d65cc11b7e07277b6992050f69a101af3c11340d640ef7a98d89c32f485221351edc"; + char* truth_aos_b = NULL; + int truth_aos_len = 0; + hex_conversion(truth_aos_h, &truth_aos_b, &truth_aos_len); + + // Bit math to give concise access to values already set in the static transfer frame + aos_frame_pri_hdr.tfvn = ((uint8_t)test_aos_b[0] & 0xC0) >> 6; + aos_frame_pri_hdr.scid = (((uint16_t)test_aos_b[0] & 0x3F) << 2) | (((uint16_t)test_aos_b[1] & 0xC0) >> 6); + aos_frame_pri_hdr.vcid = ((uint8_t)test_aos_b[1] & 0x3F); + + // Expose/setup SA for testing + // Configure SA 14 off + sa_if->sa_get_from_spi(14, &sa_ptr); + sa_ptr->sa_state = SA_KEYED; + + // Configure SA 16 on + sa_if->sa_get_from_spi(16, &sa_ptr); + sa_ptr->sa_state = SA_OPERATIONAL; + + status = Crypto_AOS_ApplySecurity((uint8_t*)test_aos_b); + ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); + + char* error_enum = Crypto_Get_Error_Code_Enum_String(status); + ASSERT_STREQ("CRYPTO_LIB_SUCCESS",error_enum); + + // Now, byte by byte verify the static frame in memory is what we expect (updated SPI and FECF) + for(int i=0; i < current_managed_parameters->max_frame_size; i++) + { + // printf("Checking %02x against %02X\n", (uint8_t)test_aos_b[i], (uint8_t)*(truth_aos_b + i)); + ASSERT_EQ((uint8_t)test_aos_b[i], (uint8_t)*(truth_aos_b + i)); + } + + free(test_aos_b); + Crypto_Shutdown(); +} + +/** + * @brief Unit Test: AEAD - AES GCM, 16-byte IV as GCM requires + * This should call apply_security on the referenced AOS frame, in authenticated encryption mode, + * finally returning CRYPTOLIB_SUCCESS + * The Provided buffer should be returned encrypted, also filling in the SPI and FECF + * Utilizes an authentication bitmask of ones + * Sanity check: https://gchq.github.io/CyberChef/#recipe=AES_Encrypt(%7B'option':'Hex','string':'FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210'%7D,%7B'option':'Hex','string':'00000000000000000000000000000000'%7D,'GCM','Hex','Hex',%7B'option':'Hex','string':'40C000000000001100000000000000000000000000000000'%7D)AES_Decrypt(%7B'option':'Hex','string':'FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210'%7D,%7B'option':'Hex','string':'00000000000000000000000000000000'%7D,'GCM','Hex','Hex',%7B'option':'Hex','string':'48caf5a6921559a2384174c025a04874'%7D,%7B'option':'Hex','string':'42C000000000001100000000000000000000000000000000'%7D/disabled)&input=MTEyMjMzNDQ1NTY2Nzc4ODk5QUFCQkNDRERFRUZGQTEwN0ZGMDAwMDA2RDJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkI + **/ +UTEST(AOS_APPLY, AEAD_GCM_BITMASK_1) +{ + // Local variables + int32_t status = CRYPTO_LIB_SUCCESS; + SecurityAssociation_t *sa_ptr = NULL; + SaInterface sa_if = get_sa_interface_inmemory(); + + // Configure, Add Managed Params, and Init + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_AOS_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, + AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + // AOS Tests + Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, 1786, AOS_NO_FHEC, AOS_NO_IZ, 0); + status = Crypto_Init(); + // Test Frame Setup + // 6 byte header, 2 byte blank SPI, 16 byte blank IV (CCC...), data, MAC, FECF + // | Header |SPI| + char* test_aos_h = "40C0000000000000CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC112233445566778899AABBCCDDEEFFA107FF000006D2AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0000"; + char* test_aos_b = NULL; + int test_aos_len = 0; + hex_conversion(test_aos_h, &test_aos_b, &test_aos_len); + + // Truth frame setup + char* truth_aos_h = "40C00000000000110000000000000000000000000000000010df143c92a39b3568cc9916c9d06c715bf8017168f88ff016b9107b12316e6c03ef5ddc68ba35152893ef7b9a8764d2a908f3c6cebc23ac94290ea45455c67779b7ba49a899049613f80bef44dc60e0ab41c63aac0ddd50438010ff0b28d57fdc9b6efa412555717700328c20013cd7260a1f3043cc210f2379c1b54f0ada49668753f992a7b37457185ab28ea1df00a28d58183d8a277148f662f5698143200b574e28ab766549401d18937e0fb491eb4d8c4a8766fcf29f57ed22ef9c212e8438d04d3afc5d968d4aecbdc97301b520f1e2943a2689278bf0321a5fc4bf77f042646419fbc66f94ccbd915f9b518ddb9a8c2dfe1cc0c1389adcacb0ccb227c77ff7a48e3e01eeb7c5ae88994a8193a92dc31d8b55b113d571421b8650f37f69a7f9e8258ce9f709a815fc10217ff8fc2b298265fef52f4fc3adc439852146673e8cd0c283ef3cc3ed7c8dba8f256b34928d16ab56002abc1722a7a4e18339af96720dd0429d3e7f68f8ce1e09c749ac9a2bd54a287defbcc0611db3fd84dcaf29f4fd102d65dc79c1124aa864d283e4007a770b839ae002d2dbdd910b95dac2e9c2cd3362f1d4361c747759b59ca07e971f5b27ff6f9868cb5024f51f7843150b1c07a7e40de76408a91b563a5de4705c4b1a09cc644a6d9c72827f52cf34b2dce1c12068bfac4dd94eb0dd1d12eacc351cc969c756708dae276b6f597f463d4727d6b6c8a406d474b456486c200a78001894a4e6d4c56815b7e7788f82d13fb6448c5ab85c028935f8fe1951bc2f20becbbb60e6abab9924c479552a1cba01b5e51152071ecf8870129ada932ba461abd1f718f06200b7a1fcba5edf89e9ce148085282e4018f677e7ae6f30d8b5550bdee1dec39749c59215220da1d893cb922d85de7b6bbcd9f3b787a78ce58fedc6febcec3f84ac2b8ba714d330f19a4e70e2bee3587a6d98e89b67bb214007331d41053deb5581807e6b7a9623928391c28b513c96ee6f6a0e60a7b352d207216f93a07160bc09f88b459abdd5fc759ce58d7fbedb1ca675a89d64b8f842070da7c295530a562e84c7910c4502cacf5262baba2378d1ebcf94ba77b8affb0c23573687cbd1135e55bcf808397a4f83599f43a40bcb0cfa1621d8a3f77a8a2d64cba4085de543da737fb5c8534a39f7c86b8c82c4d70c0ec13ffb09c3a53149cf7542babd0074651af2d243c6380e9ce6bac1d35f81ad9eacbcd23d20853f93e18e65e2ee64f31f486c96c027889a85c88261b9c7d2ffce55412ddd3c6c471b2d179e9805ea76b867da04c2af303ad458a37702002b418168bc08f4bac37576f37460d89e06f359f20bc4a1e598b14a60f29634465f8b167ae44c457e861dad0983910a7b5a5ad6f2a93632de340cde2aeff1da2a9d45b40b88c4363f9074b7de9a3a14b458c180181d9a6b732450e3a38453ffdd0325ad063129e9eda1ef05502710e3c344619f5b21b698fd83b2e6aa397d91988997c3e48fcef4f031128a3f1f7edf6eb90cc04a05d70bed1d225104de864a53da42ad22cd400d7bbd96e0f29e59396d5fcf99a9b33ba102311c5c985618ad1779bd4ee17bcc4d39fe2675f2b7e40ab408347465625a1bc284c91ff997109df1b0a824a0be5656a56100fa121d3db3ba66de22108dedb5aaacf308c23777df8b3ca6b8f0e1e2ecee33b1a3de7c354e1d4cf561b51134b8e3f652d0ec737b10fa25382455d2cff9a63983d9b3c5eaf1da3cfd3acb463ab5b0357a900220c91f4169a201fa8181b98307a281ce73760534e98f62db627f58959279af0fdb5dd4d2127ce3cdff4db759c088e75a8aa683b3a6fa6ccd4bf52e24adc8a8b6e5a8a9c582e849777be5cee7b3cfd7b5db819dc76e89c9954b720a2fdee5d4f436b1745bf626994994534e7691cb3f42e5f703ff9dbe53f5c34dfd988f6699f0743e1bb0427d599ce49e641a6a72b0462c5ce1f2fcb4d9248cbbf117378dd5e68bba5271df26a3336ad06b6efa3ac73019515a8c5fd7db8c5b3d812b25c12ca4c79115c4324698f70b33fd64e89791a1938dae814779d8720b4046c28c62c0ba6f449bf7dfc944828fb68a91e6347cd38eae10abdac609f87807309f50d2ea330e4a8bd49fa2aa785fced71b8b409e283ab86c453125c06dab315fb83463766d2a7be97292e102ea426ab9550c0a9e754398c9d0256266e2789b921bb93faf8032919fa014fe307413dff5dc6fe14b05e0f96a4b77fa826b4e6cec615ea7bc782d81d850b2f5942b059bcb8378cf84943a503c5c8ed9831031924047d1d7fc079136004424fcae5ee4a63b2e447325d79354d715099463c2b263b989ac7b528ac5b9c7513a39371f90fdf6aae1dce4b3b3892512398da171e90c2bfce9a5b93cdcbcefc24b97b9a7ce5c46910e6609b04771e8a12f1d1541b606f05f83f369c74dd00a6f16366a7883141e78b010be1c54addd80f60e99e731825aa0dbc964d996"; + char* truth_aos_b = NULL; + int truth_aos_len = 0; + hex_conversion(truth_aos_h, &truth_aos_b, &truth_aos_len); + + // Bit math to give concise access to values already set in the static transfer frame + aos_frame_pri_hdr.tfvn = ((uint8_t)test_aos_b[0] & 0xC0) >> 6; + aos_frame_pri_hdr.scid = (((uint16_t)test_aos_b[0] & 0x3F) << 2) | (((uint16_t)test_aos_b[1] & 0xC0) >> 6); + aos_frame_pri_hdr.vcid = ((uint8_t)test_aos_b[1] & 0x3F); + + // Expose/setup SA for testing + // Configure SA 14 off + sa_if->sa_get_from_spi(14, &sa_ptr); + sa_ptr->sa_state = SA_KEYED; + + // Configure SA 17 on + sa_if->sa_get_from_spi(17, &sa_ptr); + sa_ptr->sa_state = SA_OPERATIONAL; + + status = Crypto_AOS_ApplySecurity((uint8_t*)test_aos_b); + ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); + + char* error_enum = Crypto_Get_Error_Code_Enum_String(status); + ASSERT_STREQ("CRYPTO_LIB_SUCCESS",error_enum); + + // Now, byte by byte verify the static frame in memory is what we expect (updated SPI and FECF) + for(int i=0; i < current_managed_parameters->max_frame_size; i++) + { + // printf("Checking %02x against %02X\n", (uint8_t)test_aos_b[i], (uint8_t)*(truth_aos_b + i)); + ASSERT_EQ((uint8_t)test_aos_b[i], (uint8_t)*(truth_aos_b + i)); + } + + free(test_aos_b); + Crypto_Shutdown(); +} + +UTEST_MAIN(); \ No newline at end of file diff --git a/test/unit/ut_aos_process.c b/test/unit/ut_aos_process.c new file mode 100644 index 00000000..736dd8cf --- /dev/null +++ b/test/unit/ut_aos_process.c @@ -0,0 +1,789 @@ +/* Copyright (C) 2009 - 2022 National Aeronautics and Space Administration. + All Foreign Rights are Reserved to the U.S. Government. + + This software is provided "as is" without any warranty of any kind, either expressed, implied, or statutory, + including, but not limited to, any warranty that the software will conform to specifications, any implied warranties + of merchantability, fitness for a particular purpose, and freedom from infringement, and any warranty that the + documentation will conform to the program, or any warranty that the software will be error free. + + In no event shall NASA be liable for any damages, including, but not limited to direct, indirect, special or + consequential damages, arising out of, resulting from, or in any way connected with the software or its + documentation, whether or not based upon warranty, contract, tort or otherwise, and whether or not loss was sustained + from, or arose out of the results of, or use of, the software, documentation or services provided hereunder. + + ITC Team + NASA IV&V + jstar-development-team@mail.nasa.gov +*/ + +/** + * Unit Tests that make use of AOS_ProcessSecurity function on the data. + **/ +#include "ut_aos_process.h" +#include "crypto.h" +#include "crypto_error.h" +#include "sa_interface.h" +#include "utest.h" + +/** + * @brief Unit Test: AOS Process: Null Buffer + * For clarity, this is not a possibility as FSW statically maintains the frame + **/ + +/** + * @brief Unit Test: No Set Configuration + **/ +UTEST(AOS_PROCESS, NO_CONFIG) +{ + // Local variables + int32_t status = CRYPTO_LIB_ERROR; + int framed_aos_len = 0; + uint8_t* ptr_processed_frame = NULL; + uint16_t processed_aos_len; + + char* framed_aos_h = "42C000001800000C08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB415B"; + char* framed_aos_b = NULL; + hex_conversion(framed_aos_h, &framed_aos_b, &framed_aos_len); + + status = Crypto_AOS_ProcessSecurity((uint8_t* )framed_aos_h, framed_aos_len, &ptr_processed_frame, &processed_aos_len); + ASSERT_EQ(CRYPTO_LIB_ERR_NO_CONFIG, status); + + char* error_enum = Crypto_Get_Error_Code_Enum_String(status); + ASSERT_STREQ("CRYPTO_LIB_ERR_NO_CONFIG",error_enum); + + free(framed_aos_b); + Crypto_Shutdown(); +} + +/** + * @brief Unit Test: CryptoLib is configured, but not initialized - return no config + * Note: Consider more specific errors + **/ +UTEST(AOS_PROCESS, NO_INIT) +{ + // Local variables + int32_t status = CRYPTO_LIB_ERROR; + int framed_aos_len = 0; + uint8_t* ptr_processed_frame = NULL; + uint16_t processed_aos_len; + + // No Crypto_Init(), but we still Configure It: + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_AOS_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, + AOS_CHECK_FECF_FALSE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + + // Test Frame Setup + // 6 byte header, 2 byte blank SPI, data, FECF + char* framed_aos_h = "40C0000000000000112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA0000"; + char* framed_aos_b = NULL; + hex_conversion(framed_aos_h, &framed_aos_b, &framed_aos_len); + + // Bit math to give concise access to values already set in the static transfer frame + //TFVN Mask (2 bits) = 1100 0000 = 0xCO + aos_frame_pri_hdr.tfvn = ((uint8_t)framed_aos_b[0] & 0xC0) >> 6; + //SCID Mask (8 bits) = 0011 1111 1100 0000 = 0x3F 0xC0 + aos_frame_pri_hdr.scid = (((uint16_t)framed_aos_b[0] & 0x3F) << 2) | (((uint16_t)framed_aos_b[1] & 0xC0) >> 6); + //VCID Mask (6 bits) = 0011 1111 = 0x3F + aos_frame_pri_hdr.vcid = ((uint8_t)framed_aos_b[1] & 0x3F); + + // Sanity checks on the above bit math + // Note: This is only checked in this UT, as the bit math is duplicated in other tests + ASSERT_EQ(aos_frame_pri_hdr.tfvn, 0x01); //TFVN - AOS Version 2 is set to '0b01' per protocol + ASSERT_EQ(aos_frame_pri_hdr.scid, 0x03); //SCID 3 + ASSERT_EQ(aos_frame_pri_hdr.vcid, 0x00); //VCID 0 + + status = Crypto_AOS_ProcessSecurity((uint8_t* )framed_aos_h, framed_aos_len, &ptr_processed_frame, &processed_aos_len); + ASSERT_EQ(CRYPTO_LIB_ERR_NO_CONFIG, status); + + char* error_enum = Crypto_Get_Error_Code_Enum_String(status); + ASSERT_STREQ("CRYPTO_LIB_ERR_NO_CONFIG",error_enum); + + free(framed_aos_b); + Crypto_Shutdown(); +} + +/** + * @brief Unit Test: Nominal Case + * This should call process_security on a plaintext SDLS frame + * and continue down the "happy Path", finally returning CRYPTO_LIB_SUCCESS + * The SPI and FECF should be zero'ed out on completion + **/ +UTEST(AOS_PROCESS, HAPPY_PATH_CLEAR_FECF) +{ + // Local Variables + int32_t status = CRYPTO_LIB_SUCCESS; + uint8_t* ptr_processed_frame = NULL; + uint16_t processed_aos_len; + + // Configure Parameters + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_AOS_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, + AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + // AOS Tests + Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + status = Crypto_Init(); + + // Test frame setup + // Note: SPI 14 (0x0E) + char* framed_aos_h = "42C000001800000E08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBA6AD"; + char* framed_aos_b = NULL; + int framed_aos_len = 0; + hex_conversion(framed_aos_h, &framed_aos_b, &framed_aos_len); + + // Truth frame setup + char* truth_aos_h = "42C000001800000008010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB0000"; + char* truth_aos_b = NULL; + int truth_aos_len = 0; + hex_conversion(truth_aos_h, &truth_aos_b, &truth_aos_len); + + status = Crypto_AOS_ProcessSecurity((uint8_t* )framed_aos_b, framed_aos_len, &ptr_processed_frame, &processed_aos_len); + ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); + // Determine managed parameters by GVCID, which nominally happens in TO + status = Crypto_Get_Managed_Parameters_For_Gvcid(aos_frame_pri_hdr.tfvn, aos_frame_pri_hdr.scid, aos_frame_pri_hdr.vcid, + gvcid_managed_parameters, ¤t_managed_parameters); + // Now, byte by byte verify the static frame in memory is equivalent to what we started with + for(int i=0; i < current_managed_parameters->max_frame_size; i++) + { + // printf("Checking %02x against %02X\n", (uint8_t)ptr_processed_frame[i], (uint8_t)*(truth_aos_b + i)); + ASSERT_EQ((uint8_t)ptr_processed_frame[i], (uint8_t)*(truth_aos_b + i)); + } + + Crypto_Shutdown(); + free(framed_aos_b); + free(truth_aos_b); + free(ptr_processed_frame); +} + +// /** +//********************** TODO FHECF FUNCTIONALITY +// * @brief Unit Test: Presence of Frame Header Error Correction Field +// * This should call process_security on the given AOS, +// * account for the secondary header, finally returning CRYPTO_LIB_SUCCESS +// * The SPI and FECF should be zero'ed out on completion +// **/ +// UTEST(AOS_PROCESS, SECONDARY_HDR_PRESENT_PLAINTEXT) +// { +// // Local Variables +// int32_t status = CRYPTO_LIB_SUCCESS; +// uint8_t* ptr_processed_frame = NULL; +// uint16_t processed_aos_len; + +// // Configure Parameters +// Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, +// IV_INTERNAL, CRYPTO_AOS_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, +// TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, +// AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); +// // AOS Tests +// Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); +// status = Crypto_Init(); + +// // Test frame setup +// char* framed_aos_h = "42C00000980006AABBCCDDEEFF000C08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA6e76"; +// char* framed_aos_b = NULL; +// int framed_aos_len = 0; +// hex_conversion(framed_aos_h, &framed_aos_b, &framed_aos_len); + +// // Truth frame setup +// char* truth_aos_h = "42C00000980006AABBCCDDEEFF000008010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA0000"; +// char* truth_aos_b = NULL; +// int truth_aos_len = 0; +// hex_conversion(truth_aos_h, &truth_aos_b, &truth_aos_len); + +// status = Crypto_AOS_ProcessSecurity((uint8_t* )framed_aos_b, framed_aos_len, &ptr_processed_frame, &processed_aos_len); +// ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); +// // Determine managed parameters by GVCID, which nominally happens in TO +// status = Crypto_Get_Managed_Parameters_For_Gvcid(aos_frame_pri_hdr.tfvn, aos_frame_pri_hdr.scid, aos_frame_pri_hdr.vcid, +// gvcid_managed_parameters, ¤t_managed_parameters); +// // Now, byte by byte verify the static frame in memory is equivalent to what we started with +// for(int i=0; i < current_managed_parameters->max_frame_size; i++) +// { +// // printf("Checking %02x against %02X\n", aos_frame[i], (uint8_t)*(truth_aos_b + i)); +// ASSERT_EQ(ptr_processed_frame[i], (uint8_t)*(truth_aos_b + i)); +// } + +// Crypto_Shutdown(); +// free(framed_aos_b); +// free(truth_aos_b); +// free(ptr_processed_frame); +// } + +/** + * @brief Unit Test: Presence of AOS Insert Zone + * This should call process_security on the given AOS frame, + * account for the Insert Zone, finally returning CRYPTO_LIB_SUCCESS + * The SPI and FECF should be zero'ed out on completion + **/ +UTEST(AOS_PROCESS, INSERT_ZONE_PRESENT_PLAINTEXT) +{ + // Local Variables + int32_t status = CRYPTO_LIB_SUCCESS; + uint8_t* ptr_processed_frame = NULL; + uint16_t processed_aos_len; + + // Configure Parameters + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_AOS_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, + AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + // AOS Tests + Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, 1786, AOS_NO_FHEC, AOS_HAS_IZ, 10); + status = Crypto_Init(); + + // Test frame setup | 6 byte hdr | 10 byte insert zn|spi|data -----> FECF + char* framed_aos_h = "42C000000000112233445566778899AA000E112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA2AEE"; + char* framed_aos_b = NULL; + int framed_aos_len = 0; + hex_conversion(framed_aos_h, &framed_aos_b, &framed_aos_len); + + // Truth frame setup + char* truth_aos_h = "42C000000000112233445566778899AA0000112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA0000"; + char* truth_aos_b = NULL; + int truth_aos_len = 0; + hex_conversion(truth_aos_h, &truth_aos_b, &truth_aos_len); + + status = Crypto_AOS_ProcessSecurity((uint8_t* )framed_aos_b, framed_aos_len, &ptr_processed_frame, &processed_aos_len); + ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); + // Determine managed parameters by GVCID, which nominally happens in TO + status = Crypto_Get_Managed_Parameters_For_Gvcid(aos_frame_pri_hdr.tfvn, aos_frame_pri_hdr.scid, aos_frame_pri_hdr.vcid, + gvcid_managed_parameters, ¤t_managed_parameters); + // Now, byte by byte verify the static frame in memory is equivalent to what we started with + for(int i=0; i < current_managed_parameters->max_frame_size; i++) + { + // printf("Checking %02x against %02X\n", ptr_processed_frame[i], (uint8_t)*(truth_aos_b + i)); + ASSERT_EQ(ptr_processed_frame[i], (uint8_t)*(truth_aos_b + i)); + } + + Crypto_Shutdown(); + free(framed_aos_b); + free(truth_aos_b); + free(ptr_processed_frame); +} + +/** + * @brief Unit Test: AOS_Process AES_CMAC, bitmask of 0s + * This should call process_security on an authenticated SDLS frame, + * finally returning CRYPTO_LIB_SUCCESS + * The SPI, FECF, and MAC should be zero'ed out on completion + **/ +UTEST(AOS_PROCESS, AES_CMAC_256_TEST_0) +{ + // Local Variables + int32_t status = CRYPTO_LIB_SUCCESS; + uint8_t* ptr_processed_frame = NULL; + uint16_t processed_aos_len; + SecurityAssociation_t *sa_ptr = NULL; + + // Configure Parameters + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_AOS_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, + AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + // AOS Tests + Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + status = Crypto_Init(); + + // Test frame setup + // Note: SPI 15 (0x0F) + // Setup: | hdr 6 |SPI| data | MAC | FECF + char* framed_aos_h = "42C000001800000F08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB5db19eb46f096b17bbe72c50448218d93F49"; + char* framed_aos_b = NULL; + int framed_aos_len = 0; + hex_conversion(framed_aos_h, &framed_aos_b, &framed_aos_len); + + // Truth frame setup + char* truth_aos_h = "42C000001800000008010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB000000000000000000000000000000000000"; + char* truth_aos_b = NULL; + int truth_aos_len = 0; + hex_conversion(truth_aos_h, &truth_aos_b, &truth_aos_len); + + // Test Specific Setup + SaInterface sa_if = get_sa_interface_inmemory(); + // Expose/setup SA for testing + // Configure SA 15 + sa_if->sa_get_from_spi(15, &sa_ptr); + memset(sa_ptr->abm, 0x00, (sa_ptr->abm_len * sizeof(uint8_t))); // Bitmask of zeros + + status = Crypto_AOS_ProcessSecurity((uint8_t* )framed_aos_b, framed_aos_len, &ptr_processed_frame, &processed_aos_len); + ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); + // Determine managed parameters by GVCID, which nominally happens in TO + status = Crypto_Get_Managed_Parameters_For_Gvcid(aos_frame_pri_hdr.tfvn, aos_frame_pri_hdr.scid, aos_frame_pri_hdr.vcid, + gvcid_managed_parameters, ¤t_managed_parameters); + // Now, byte by byte verify the static frame in memory is equivalent to what we started with + for(int i=0; i < current_managed_parameters->max_frame_size; i++) + { + // printf("Checking %02x against %02X\n", (uint8_t)ptr_processed_frame[i], (uint8_t)*(truth_aos_b + i)); + ASSERT_EQ((uint8_t)ptr_processed_frame[i], (uint8_t)*(truth_aos_b + i)); + } + + Crypto_Shutdown(); + free(framed_aos_b); + free(truth_aos_b); + free(ptr_processed_frame); +} + +/** + * @brief Unit Test: AOS_Process AES_CMAC, bitmask of 1s + * This should call process_security on an authenticated SDLS frame, + * finally returning CRYPTO_LIB_SUCCESS + * The SPI, FECF, and MAC should be zero'ed out on completion + * Sanity Check: https://gchq.github.io/CyberChef/#recipe=From_Hex('Auto')CMAC(%7B'option':'Hex','string':'FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210'%7D,'AES')&input=NDJDMDAwMDAxODAwMDAwRjA4MDEwMDAwMDAwRjAwMTEyMjMzNDQ1NTY2Nzc4ODk5QUFCQkNDRERFRUZGQTEwN0ZGMDAwMDA2RDJBQkJBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkI + **/ +UTEST(AOS_PROCESS, AES_CMAC_256_TEST_1) +{ + // Local Variables + int32_t status = CRYPTO_LIB_SUCCESS; + uint8_t* ptr_processed_frame = NULL; + uint16_t processed_aos_len; + + + // Configure Parameters + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_AOS_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, + AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + // AOS Tests + Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + status = Crypto_Init(); + + // Test frame setup + // Note: SPI 15 (0x0F) + // Setup: | hdr 6 |SPI| data | MAC | FECF + char* framed_aos_h = "42C000001800000F08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBe474820f83450d81af4fe46e562b20706557"; + char* framed_aos_b = NULL; + int framed_aos_len = 0; + hex_conversion(framed_aos_h, &framed_aos_b, &framed_aos_len); + + // Truth frame setup + char* truth_aos_h = "42C000001800000008010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB000000000000000000000000000000000000"; + char* truth_aos_b = NULL; + int truth_aos_len = 0; + hex_conversion(truth_aos_h, &truth_aos_b, &truth_aos_len); + + status = Crypto_AOS_ProcessSecurity((uint8_t* )framed_aos_b, framed_aos_len, &ptr_processed_frame, &processed_aos_len); + ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); + // Determine managed parameters by GVCID, which nominally happens in TO + status = Crypto_Get_Managed_Parameters_For_Gvcid(aos_frame_pri_hdr.tfvn, aos_frame_pri_hdr.scid, aos_frame_pri_hdr.vcid, + gvcid_managed_parameters, ¤t_managed_parameters); + // Now, byte by byte verify the static frame in memory is equivalent to what we started with + for(int i=0; i < current_managed_parameters->max_frame_size; i++) + { + // printf("Checking %02x against %02X\n", (uint8_t)ptr_processed_frame[i], (uint8_t)*(truth_aos_b + i)); + ASSERT_EQ((uint8_t)ptr_processed_frame[i], (uint8_t)*(truth_aos_b + i)); + } + + Crypto_Shutdown(); + free(framed_aos_b); + free(truth_aos_b); + free(ptr_processed_frame); +} + +/** + * @brief Unit Test: AOS_Process HMAC 256, bitmask of 0s + * This should call process_security on an authenticated SDLS frame, + * finally returning CRYPTO_LIB_SUCCESS + * The SPI, FECF, and MAC should be zero'ed out on completion + **/ +UTEST(AOS_PROCESS, AES_HMAC_256_TEST_0) +{ + // Local Variables + int32_t status = CRYPTO_LIB_SUCCESS; + uint8_t* ptr_processed_frame = NULL; + uint16_t processed_aos_len; + SecurityAssociation_t *sa_ptr = NULL; + + // Configure Parameters + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_AOS_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, + AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + // AOS Tests + Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + status = Crypto_Init(); + + // Test frame setup + // Note: SPI 15 (0x0F) + // Setup: | hdr 6 |SPI| data | MAC | FECF + char* framed_aos_h = "42C000001800000F08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBdcd9dacf7dfe95a6ed4c16c379cdec2854d1"; + char* framed_aos_b = NULL; + int framed_aos_len = 0; + hex_conversion(framed_aos_h, &framed_aos_b, &framed_aos_len); + + // Truth frame setup + char* truth_aos_h = "42C000001800000008010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB000000000000000000000000000000000000"; + char* truth_aos_b = NULL; + int truth_aos_len = 0; + hex_conversion(truth_aos_h, &truth_aos_b, &truth_aos_len); + + // Test Specific Setup + SaInterface sa_if = get_sa_interface_inmemory(); + // Expose/setup SA for testing + // Configure SA 15 + sa_if->sa_get_from_spi(15, &sa_ptr); + memset(sa_ptr->abm, 0x00, (sa_ptr->abm_len * sizeof(uint8_t))); // Bitmask of zeros + sa_ptr->acs = CRYPTO_MAC_HMAC_SHA256; + + status = Crypto_AOS_ProcessSecurity((uint8_t* )framed_aos_b, framed_aos_len, &ptr_processed_frame, &processed_aos_len); + ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); + // Determine managed parameters by GVCID, which nominally happens in TO + status = Crypto_Get_Managed_Parameters_For_Gvcid(aos_frame_pri_hdr.tfvn, aos_frame_pri_hdr.scid, aos_frame_pri_hdr.vcid, + gvcid_managed_parameters, ¤t_managed_parameters); + // Now, byte by byte verify the static frame in memory is equivalent to what we started with + for(int i=0; i < current_managed_parameters->max_frame_size; i++) + { + // printf("Checking %02x against %02X\n", (uint8_t)ptr_processed_frame[i], (uint8_t)*(truth_aos_b + i)); + ASSERT_EQ((uint8_t)ptr_processed_frame[i], (uint8_t)*(truth_aos_b + i)); + } + + Crypto_Shutdown(); + free(framed_aos_b); + free(truth_aos_b); + free(ptr_processed_frame); +} + +/** + * @brief Unit Test: AOS_Process HMAC 256, bitmask of 1s + * This should call process_security on an authenticated SDLS frame, + * finally returning CRYPTO_LIB_SUCCESS + * The SPI, FECF, and MAC should be zero'ed out on completion + * # Sanity check: https://gchq.github.io/CyberChef/#recipe=From_Hex('Auto')HMAC(%7B'option':'Hex','string':'FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210'%7D,'SHA256')&input=NDJDMDAwMDAxODAwMDAwRjA4MDEwMDAwMDAwRjAwMTEyMjMzNDQ1NTY2Nzc4ODk5QUFCQkNDRERFRUZGQTEwN0ZGMDAwMDA2RDJBQkJBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkI + **/ +UTEST(AOS_PROCESS, AES_HMAC_256_TEST_1) +{ + // Local Variables + int32_t status = CRYPTO_LIB_SUCCESS; + uint8_t* ptr_processed_frame = NULL; + uint16_t processed_aos_len; + SecurityAssociation_t *sa_ptr = NULL; + + // Configure Parameters + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_AOS_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, + AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + // AOS Tests + Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + status = Crypto_Init(); + + // Test frame setup + // Note: SPI 15 (0x0F) + // Setup: | hdr 6 |SPI| data | MAC | FECF + char* framed_aos_h = "42C000001800000F08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBf4e70529315f75f5476ec32fd76fadcbd54f"; + char* framed_aos_b = NULL; + int framed_aos_len = 0; + hex_conversion(framed_aos_h, &framed_aos_b, &framed_aos_len); + + // Truth frame setup + char* truth_aos_h = "42C000001800000008010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB000000000000000000000000000000000000"; + char* truth_aos_b = NULL; + int truth_aos_len = 0; + hex_conversion(truth_aos_h, &truth_aos_b, &truth_aos_len); + + // Test Specific Setup + SaInterface sa_if = get_sa_interface_inmemory(); + // Expose/setup SA for testing + // Configure SA 15 + sa_if->sa_get_from_spi(15, &sa_ptr); + sa_ptr->acs = CRYPTO_MAC_HMAC_SHA256; + + status = Crypto_AOS_ProcessSecurity((uint8_t* )framed_aos_b, framed_aos_len, &ptr_processed_frame, &processed_aos_len); + ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); + // Determine managed parameters by GVCID, which nominally happens in TO + status = Crypto_Get_Managed_Parameters_For_Gvcid(aos_frame_pri_hdr.tfvn, aos_frame_pri_hdr.scid, aos_frame_pri_hdr.vcid, + gvcid_managed_parameters, ¤t_managed_parameters); + // Now, byte by byte verify the static frame in memory is equivalent to what we started with + for(int i=0; i < current_managed_parameters->max_frame_size; i++) + { + // printf("Checking %02x against %02X\n", (uint8_t)ptr_processed_frame[i], (uint8_t)*(truth_aos_b + i)); + ASSERT_EQ((uint8_t)ptr_processed_frame[i], (uint8_t)*(truth_aos_b + i)); + } + + Crypto_Shutdown(); + free(framed_aos_b); + free(truth_aos_b); + free(ptr_processed_frame); +} + +/** + * @brief Unit Test: AOS_Process HMAC 512, bitmask of 0s + * This should call process_security on an authenticated SDLS frame, + * finally returning CRYPTO_LIB_SUCCESS + * The SPI, FECF, and MAC should be zero'ed out on completion + **/ +UTEST(AOS_PROCESS, AES_HMAC_512_TEST_0) +{ + // Local Variables + int32_t status = CRYPTO_LIB_SUCCESS; + uint8_t* ptr_processed_frame = NULL; + uint16_t processed_aos_len; + SecurityAssociation_t *sa_ptr = NULL; + + // Configure Parameters + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_AOS_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, + AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + // AOS Tests + Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + status = Crypto_Init(); + + // Test frame setup + // Note: SPI 15 (0x0F) + // Setup: | hdr 6 |SPI| data | MAC | FECF + char* framed_aos_h = "42C000001800000F08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBbca8d66a8108d82d394440b943efd1c9839d"; + char* framed_aos_b = NULL; + int framed_aos_len = 0; + hex_conversion(framed_aos_h, &framed_aos_b, &framed_aos_len); + + // Truth frame setup + char* truth_aos_h = "42C000001800000008010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB000000000000000000000000000000000000"; + char* truth_aos_b = NULL; + int truth_aos_len = 0; + hex_conversion(truth_aos_h, &truth_aos_b, &truth_aos_len); + + // Test Specific Setup + SaInterface sa_if = get_sa_interface_inmemory(); + // Expose/setup SA for testing + // Configure SA 15 + sa_if->sa_get_from_spi(15, &sa_ptr); + memset(sa_ptr->abm, 0x00, (sa_ptr->abm_len * sizeof(uint8_t))); // Bitmask of zeros + sa_ptr->acs = CRYPTO_MAC_HMAC_SHA512; + + status = Crypto_AOS_ProcessSecurity((uint8_t* )framed_aos_b, framed_aos_len, &ptr_processed_frame, &processed_aos_len); + ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); + // Determine managed parameters by GVCID, which nominally happens in TO + status = Crypto_Get_Managed_Parameters_For_Gvcid(aos_frame_pri_hdr.tfvn, aos_frame_pri_hdr.scid, aos_frame_pri_hdr.vcid, + gvcid_managed_parameters, ¤t_managed_parameters); + // Now, byte by byte verify the static frame in memory is equivalent to what we started with + for(int i=0; i < current_managed_parameters->max_frame_size; i++) + { + // printf("Checking %02x against %02X\n", (uint8_t)ptr_processed_frame[i], (uint8_t)*(truth_aos_b + i)); + ASSERT_EQ((uint8_t)ptr_processed_frame[i], (uint8_t)*(truth_aos_b + i)); + } + + Crypto_Shutdown(); + free(framed_aos_b); + free(truth_aos_b); + free(ptr_processed_frame); +} + +/** + * @brief Unit Test: AOS_Process HMAC 512, bitmask of 1s + * This should call process_security on an authenticated SDLS frame, + * finally returning CRYPTO_LIB_SUCCESS + * The SPI, FECF, and MAC should be zero'ed out on completion + **/ +UTEST(AOS_PROCESS, AES_HMAC_512_TEST_1) +{ + // Local Variables + int32_t status = CRYPTO_LIB_SUCCESS; + uint8_t* ptr_processed_frame = NULL; + uint16_t processed_aos_len; + SecurityAssociation_t *sa_ptr = NULL; + + // Configure Parameters + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_AOS_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, + AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + // AOS Tests + Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + status = Crypto_Init(); + + // Test frame setup + // Note: SPI 15 (0x0F) + // Setup: | hdr 6 |SPI| data | MAC | FECF + char* framed_aos_h = "42C000001800000F08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB136a814a8eb97ae7e5415475f45d90021afb"; + char* framed_aos_b = NULL; + int framed_aos_len = 0; + hex_conversion(framed_aos_h, &framed_aos_b, &framed_aos_len); + + // Truth frame setup + char* truth_aos_h = "42C000001800000008010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB000000000000000000000000000000000000"; + char* truth_aos_b = NULL; + int truth_aos_len = 0; + hex_conversion(truth_aos_h, &truth_aos_b, &truth_aos_len); + + // Test Specific Setup + SaInterface sa_if = get_sa_interface_inmemory(); + // Expose/setup SA for testing + // Configure SA 15 + sa_if->sa_get_from_spi(15, &sa_ptr); + sa_ptr->acs = CRYPTO_MAC_HMAC_SHA512; + + status = Crypto_AOS_ProcessSecurity((uint8_t* )framed_aos_b, framed_aos_len, &ptr_processed_frame, &processed_aos_len); + ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); + // Determine managed parameters by GVCID, which nominally happens in TO + status = Crypto_Get_Managed_Parameters_For_Gvcid(aos_frame_pri_hdr.tfvn, aos_frame_pri_hdr.scid, aos_frame_pri_hdr.vcid, + gvcid_managed_parameters, ¤t_managed_parameters); + // Now, byte by byte verify the static frame in memory is equivalent to what we started with + for(int i=0; i < current_managed_parameters->max_frame_size; i++) + { + // printf("Checking %02x against %02X\n", (uint8_t)ptr_processed_frame[i], (uint8_t)*(truth_aos_b + i)); + ASSERT_EQ((uint8_t)ptr_processed_frame[i], (uint8_t)*(truth_aos_b + i)); + } + + Crypto_Shutdown(); + free(framed_aos_b); + free(truth_aos_b); + free(ptr_processed_frame); +} + +/** + * @brief DECRYPTION ONLY: AES-GCM. 16-byte IV, as GCM requires. Verified with CyberChef + * Uses AES-GCM but doesn't make use of Auth Tags, just throws them away + **/ +UTEST(AOS_PROCESS, AES_GCM_DEC_ONLY) +{ + // Local Variables + int32_t status = CRYPTO_LIB_SUCCESS; + uint8_t* ptr_processed_frame = NULL; + uint16_t processed_aos_len; + + // Setup & Initialize CryptoLib + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_AOS_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, + TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Init(); + SaInterface sa_if = get_sa_interface_inmemory(); + + // Test frame setup Header |SPI| IV | Data + char* framed_aos_h = "42C00000000000100000000000000000000000000000000010df143c92a39b3568cc9916c9d06c715bf8017168f88ef107a8016a03207f7d12fe4ccd79ab24043982fe6a8b9675c3b819e2d7dfad32bd85381fb54544d76668a6ab58b988158702e91afe55cd71f1ba50d72bbd1ccc41529101ee1a39c46ecd8a7feb503444606611239d31102dc6371b0e2152dd301e3268d0a45e1bcb58779642e883b6a26546094ba39fb0ce11b39c49092c9b366059e773e4789052311a465f39ba677458510c09826f1ea580fa5c9d5b9677ede38e46fc33fe8d303f9529c15c2bed4c879c5bfdacd86210a431e0f3852b3798369ae1230b4ed5ae66e153757508ead77e85ddac804e8a409cca8b9d3cef0dd1d0298bcdbda1dda336d66ee6b59f2f10ffa6d4bf99885b9082b83cd20c9a44a002c460530a9741e26e78b6e8f9349df8e618b904ed01306ee9ed3a389374efe43e5ed2bcd528943057762f9dc1d392fe2dd2fc6d9cab9e347a25839c07ba47113bad0633b6b5f09228be87631cc1538c2f6e79e9df0f18d658bd8b3ac45b396cfeadd1700ca2ec95cdbe38e5ec013c74cd68d0035bb975c392f5116b661a928bf113c3cacc801a84cbd3f8d3dc2273e0c5270d656648a48db16f860e4a36ee7e8979da4135e40e6952041a0d16b6f51cf67519b80a472b4cf5614d5a0b18dd755b7c8d63936e43de25a3cdf0d03179aebd5cc85fa1cc0c03fbdd240dd878d647619cbf367a7e486e572c5636c7a7d9b517c565a547597d311b69110985b5f7c5d47904a6f6699e93c02ea7559d4ba94d139824e9ef0840ad3e31afdaaa71f7baba8835d568443b0dab10a4f40043160fde9961038bcb823ab570bac0e609e17311a6b0edab4fce98f8df059194393f5109e766f6bf7e21c9a4441acff0cfd28658d48304331cb0c982da833c94cf6a7aadc8e2a696b69df49efcd7efadfd2e95bd3a9ab605c221e08b5f61f3aff2496b7c89f98a76aa305116220c50142cfa4490916f7a6b8732839280d39a402d87ff7e7b1f71b6a243c316307e82b16071ad18e99a548bacc4ed648df49c6eafca0db764b98c75a9e953161cb6d384421b473f95d6801d5413dbde4373abab3269c0fade85ab66a9beea1d32462796dac0024f44ade919286b5e92488e52b51ada1deb0730c9b2e66b9b3c75dab5194cf452cb626ea4d9425b28e6d97a9d93d5c61d1fd02eea18d2b42058de6453abac1165740be3c352d7291f8df7abd0c24e90bc8fbdadc32c31942e82f09f74f3ff75e20e597d87d136998b94d99370a8d6c3eedf44503ccc2d7d560a3c068f8914fb67a976cb15d3be212bc549b26613113a509079ad19e5abd26467e26571c98f17e248e31ad5b0f489a05b71e38725574e9a076bf55d546f970cbc1892801b6a4b4bc7e3b82723cf251dcf3bfee0cb3b8c54a51a99d5272e8165a6cf8b2b05a549d091090c8b7a623541f2b29542eecc1234bc172038f8fcb0fe14413601f2d255708e4a30a789ec92a3f7bb286c80899886d2f59edfe5e120039b2e0e6fce7fa81dd15b14c61afc0c334015cf975b42cb53bc33dc511c6aac87f1e38f48287c4ede88b8a22ab013200d4d894709bc0668ac5ff06add5c28ef3764e3a6f51ba519256574734b0ad395d80ee886018ce0a1b935b1af4747b47011eb030c2ca2ab77cf33019cfca4bbbde219d32666ce9a2db7a9e1f0f3fdff22a0b2cf6d245f0c5de470a40025a9f2e743c1fd626a01eb34293544c3dee8b72892c8a2d4fbe0cb2dec2bda572ba4a1246b811331d80e5078b310eb9090a89216b390df62671425f89e73ca736e49848368be1eca4cc5c3036df2dcee5ca648d199f64b9bb792a2b7eb7ddc5ae43f35bcd9b9a7f4b9b8d493f958666af4dff6a2dec6a4ca908cd67f98d8845a631b3ecff4c5e527a0654ae737885885425f6780da2e53f4e612ee8caf42e4d25cec899e7788e1652f0aa1536c488df58f750b7b63a1573d4df0e3eda5c8359daae006269cc4f79aab4360ce37b2227bc17a7feb2bd62108404b9d4ec6ca9d4a2c903a34d03db5d68004d5235789e61a22ec75f98680b0829cbf905668c9631a5157d39d73d1ab7e558ae6ced855939ea79b80f7256dc29fbf01bacbd718e96916218e41c3fb221f5b9ac58eb3bb694edfc60a9a518f392ba97d542034d17cba204ea92572677c3b6af86383f013fb537ba8441d1b8f645289d8c1347377f3698a830aa82ebe9123808eb105ef216502cee4cd7ef05a14f1e87b5a66eb937a5f7dfd704fb6ad693c90c941a3e4853a148ada9269de95852b412d4d9fc8920120835156c0c6ed168027115535edbf4ff5b72a3f556234c68245c604188572d3a372a898bd6a439bd4a8d6402b28260e81ece7bbf0cdf5a2a2983403289cb060f81d3aedf8b4a82dcdadfed35a86a8b6df4d57801f7718a15660f9b03e0c0450a717e14e92e278d65cc11b7e07277b6992050f69a101af3c11340d640ef7a98d89c32f485221351edc"; + char* framed_aos_b = NULL; + int framed_aos_len = 0; + hex_conversion(framed_aos_h, &framed_aos_b, &framed_aos_len); + + // Truth frame setup + char* truth_aos_h = "42C000000000000000000000000000000000000000000000112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA0000"; + char* truth_aos_b = NULL; + int truth_aos_len = 0; + hex_conversion(truth_aos_h, &truth_aos_b, &truth_aos_len); + + // Bit math to give concise access to values already set in the static transfer frame + aos_frame_pri_hdr.tfvn = ((uint8_t)framed_aos_b[0] & 0xC0) >> 6; + aos_frame_pri_hdr.scid = (((uint16_t)framed_aos_b[0] & 0x3F) << 4) | (((uint16_t)framed_aos_b[1] & 0xF0) >> 4); + aos_frame_pri_hdr.vcid = ((uint8_t)framed_aos_b[1] & 0x0E) >> 1; + + // Determine managed parameters by GVCID, which nominally happens in TO + status = Crypto_Get_Managed_Parameters_For_Gvcid(aos_frame_pri_hdr.tfvn, aos_frame_pri_hdr.scid, aos_frame_pri_hdr.vcid, + gvcid_managed_parameters, ¤t_managed_parameters); + + // Expose/setup SAs for testing + SecurityAssociation_t ta; + SecurityAssociation_t* test_association = &ta; + // Deactivate SA 1 + sa_if->sa_get_from_spi(1, &test_association); + test_association->sa_state = SA_NONE; + // Activate SA 9 + sa_if->sa_get_from_spi(9, &test_association); + test_association->arsn_len = 0; + test_association->abm_len = 1786; + memset(test_association->abm, 0xFF, (test_association->abm_len * sizeof(uint8_t))); // Bitmask + test_association->sa_state = SA_OPERATIONAL; + test_association->ecs_len = 1; + test_association->ecs = CRYPTO_CIPHER_AES256_GCM; + test_association->acs_len = 1; + test_association->acs = CRYPTO_MAC_NONE; + test_association->iv_len = 16; + test_association->shivf_len = 16; + + // Set a more obvious IV for test purposes + char * iv_h = "DEADBEEFDEADBEEFDEADBEEFDEADBEEE"; + char* iv_b = NULL; + int iv_len = 0; + hex_conversion(iv_h, &iv_b, &iv_len); + memcpy(test_association->iv, iv_b, iv_len); + + status = Crypto_AOS_ProcessSecurity((uint8_t* )framed_aos_b, framed_aos_len, &ptr_processed_frame, &processed_aos_len); + ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); + + // printf("Decrypted frame contents:\n\t"); + // for (int i = 0; i < 1786; i++) + // { + // printf("%02x", ptr_processed_frame[i]); + // // ASSERT_EQ(ptr_processed_frame[i], (uint8_t)*(truth_aos_b + i)); + // } + // printf("\n Truth Contents\n\t"); + + // for (int i = 0; i < 1786; i++) + // { + // // printf("[%d]: %02x -> %02x \n", i, aos_frame[i], truth_aos_b[i]); + // printf("%02x", (uint8_t)*(truth_aos_b+i)); + // // ASSERT_EQ(*(ptr_enc_frame + enc_data_idx), buffer_nist_ct_b[i]); + // // enc_data_idx++; + // } + // printf("\n"); + + // printf("\nDoing final checks:\n\t"); + for (int i = 0; i < 1786; i++) + { + // printf("%02x", ptr_processed_frame[i]); + ASSERT_EQ(ptr_processed_frame[i], (uint8_t)*(truth_aos_b + i)); + } + + // printf("\n\n"); + + free(truth_aos_b); + free(framed_aos_b); + free(iv_b); +} + +/** + * @brief Unit Test: AEAD - AES GCM, 16-byte IV as GCM requires + * This should call process_security on the referenced AOS frame, in authenticated encryption mode, + * finally returning CRYPTOLIB_SUCCESS + * The Provided buffer should be returned decrypted, blanking the SPI, MAC, and FECF + * Utilizes an authentication bitmask of ones + * Sanity check: https://gchq.github.io/CyberChef/#recipe=AES_Encrypt(%7B'option':'Hex','string':'FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210'%7D,%7B'option':'Hex','string':'00000000000000000000000000000000'%7D,'GCM','Hex','Hex',%7B'option':'Hex','string':'42C000000000001100000000000000000000000000000000'%7D)AES_Decrypt(%7B'option':'Hex','string':'FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210'%7D,%7B'option':'Hex','string':'00000000000000000000000000000000'%7D,'GCM','Hex','Hex',%7B'option':'Hex','string':'48caf5a6921559a2384174c025a04874'%7D,%7B'option':'Hex','string':'42C000000000001100000000000000000000000000000000'%7D/disabled)&input=MTEyMjMzNDQ1NTY2Nzc4ODk5QUFCQkNDRERFRUZGQTEwN0ZGMDAwMDA2RDJBQkJBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUE**/ +UTEST(AOS_PROCESS, AEAD_GCM_BITMASK_1) +{ + // Local Variables + int32_t status = CRYPTO_LIB_SUCCESS; + uint8_t* ptr_processed_frame = NULL; + uint16_t processed_aos_len; + + // Configure Parameters + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_AOS_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, + AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + // AOS Tests + Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x002c, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + status = Crypto_Init(); + + // Test frame setup + // Note: SPI 17 (0x0011) + // Setup: | hdr 6 |SPI| IV | data | MAC | FECF + char* framed_aos_h = "42C00000000000110000000000000000000000000000000010df143c92a39b3568cc9916c9d06c715bf8017168f88ef107a8016a03207f7d12fe4ccd79ab24043982fe6a8b9675c3b819e2d7dfad32bd85381fb54544d76668a6ab58b988158702e91afe55cd71f1ba50d72bbd1ccc41529101ee1a39c46ecd8a7feb503444606611239d31102dc6371b0e2152dd301e3268d0a45e1bcb58779642e883b6a26546094ba39fb0ce11b39c49092c9b366059e773e4789052311a465f39ba677458510c09826f1ea580fa5c9d5b9677ede38e46fc33fe8d303f9529c15c2bed4c879c5bfdacd86210a431e0f3852b3798369ae1230b4ed5ae66e153757508ead77e85ddac804e8a409cca8b9d3cef0dd1d0298bcdbda1dda336d66ee6b59f2f10ffa6d4bf99885b9082b83cd20c9a44a002c460530a9741e26e78b6e8f9349df8e618b904ed01306ee9ed3a389374efe43e5ed2bcd528943057762f9dc1d392fe2dd2fc6d9cab9e347a25839c07ba47113bad0633b6b5f09228be87631cc1538c2f6e79e9df0f18d658bd8b3ac45b396cfeadd1700ca2ec95cdbe38e5ec013c74cd68d0035bb975c392f5116b661a928bf113c3cacc801a84cbd3f8d3dc2273e0c5270d656648a48db16f860e4a36ee7e8979da4135e40e6952041a0d16b6f51cf67519b80a472b4cf5614d5a0b18dd755b7c8d63936e43de25a3cdf0d03179aebd5cc85fa1cc0c03fbdd240dd878d647619cbf367a7e486e572c5636c7a7d9b517c565a547597d311b69110985b5f7c5d47904a6f6699e93c02ea7559d4ba94d139824e9ef0840ad3e31afdaaa71f7baba8835d568443b0dab10a4f40043160fde9961038bcb823ab570bac0e609e17311a6b0edab4fce98f8df059194393f5109e766f6bf7e21c9a4441acff0cfd28658d48304331cb0c982da833c94cf6a7aadc8e2a696b69df49efcd7efadfd2e95bd3a9ab605c221e08b5f61f3aff2496b7c89f98a76aa305116220c50142cfa4490916f7a6b8732839280d39a402d87ff7e7b1f71b6a243c316307e82b16071ad18e99a548bacc4ed648df49c6eafca0db764b98c75a9e953161cb6d384421b473f95d6801d5413dbde4373abab3269c0fade85ab66a9beea1d32462796dac0024f44ade919286b5e92488e52b51ada1deb0730c9b2e66b9b3c75dab5194cf452cb626ea4d9425b28e6d97a9d93d5c61d1fd02eea18d2b42058de6453abac1165740be3c352d7291f8df7abd0c24e90bc8fbdadc32c31942e82f09f74f3ff75e20e597d87d136998b94d99370a8d6c3eedf44503ccc2d7d560a3c068f8914fb67a976cb15d3be212bc549b26613113a509079ad19e5abd26467e26571c98f17e248e31ad5b0f489a05b71e38725574e9a076bf55d546f970cbc1892801b6a4b4bc7e3b82723cf251dcf3bfee0cb3b8c54a51a99d5272e8165a6cf8b2b05a549d091090c8b7a623541f2b29542eecc1234bc172038f8fcb0fe14413601f2d255708e4a30a789ec92a3f7bb286c80899886d2f59edfe5e120039b2e0e6fce7fa81dd15b14c61afc0c334015cf975b42cb53bc33dc511c6aac87f1e38f48287c4ede88b8a22ab013200d4d894709bc0668ac5ff06add5c28ef3764e3a6f51ba519256574734b0ad395d80ee886018ce0a1b935b1af4747b47011eb030c2ca2ab77cf33019cfca4bbbde219d32666ce9a2db7a9e1f0f3fdff22a0b2cf6d245f0c5de470a40025a9f2e743c1fd626a01eb34293544c3dee8b72892c8a2d4fbe0cb2dec2bda572ba4a1246b811331d80e5078b310eb9090a89216b390df62671425f89e73ca736e49848368be1eca4cc5c3036df2dcee5ca648d199f64b9bb792a2b7eb7ddc5ae43f35bcd9b9a7f4b9b8d493f958666af4dff6a2dec6a4ca908cd67f98d8845a631b3ecff4c5e527a0654ae737885885425f6780da2e53f4e612ee8caf42e4d25cec899e7788e1652f0aa1536c488df58f750b7b63a1573d4df0e3eda5c8359daae006269cc4f79aab4360ce37b2227bc17a7feb2bd62108404b9d4ec6ca9d4a2c903a34d03db5d68004d5235789e61a22ec75f98680b0829cbf905668c9631a5157d39d73d1ab7e558ae6ced855939ea79b80f7256dc29fbf01bacbd718e96916218e41c3fb221f5b9ac58eb3bb694edfc60a9a518f392ba97d542034d17cba204ea92572677c3b6af86383f013fb537ba8441d1b8f645289d8c1347377f3698a830aa82ebe9123808eb105ef216502cee4cd7ef05a14f1e87b5a66eb937a5f7dfd704fb6ad693c90c941a3e4853a148ada9269de95852b412d4d9fc8920120835156c0c6ed168027115535edbf4ff5b72a3f556234c68245c604188572d3a372a898bd6a439bd4a8d6402b28260e81ece7bbf0cdf5a2a2983403289cb060f81d3aedf8b4a82dcdadfed35a86a8b6df4d57801f7718a15660f9b03e0c0450a717e14e92e278d65cc11b7e07277b6992050f69a101af48caf5a6921559a2384174c025a048749ecd"; + char* framed_aos_b = NULL; + int framed_aos_len = 0; + hex_conversion(framed_aos_h, &framed_aos_b, &framed_aos_len); + + // Truth frame setup + char* truth_aos_h = "42C000000000000000000000000000000000000000000000112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA000000000000000000000000000000000000"; + char* truth_aos_b = NULL; + int truth_aos_len = 0; + hex_conversion(truth_aos_h, &truth_aos_b, &truth_aos_len); + + status = Crypto_AOS_ProcessSecurity((uint8_t* )framed_aos_b, framed_aos_len, &ptr_processed_frame, &processed_aos_len); + ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); + // Determine managed parameters by GVCID, which nominally happens in TO + status = Crypto_Get_Managed_Parameters_For_Gvcid(aos_frame_pri_hdr.tfvn, aos_frame_pri_hdr.scid, aos_frame_pri_hdr.vcid, + gvcid_managed_parameters, ¤t_managed_parameters); + // Now, byte by byte verify the static frame in memory is equivalent to what we started with + for(int i=0; i < current_managed_parameters->max_frame_size; i++) + { + // printf("Checking %02x against %02X\n", (uint8_t)ptr_processed_frame[i], (uint8_t)*(truth_aos_b + i)); + ASSERT_EQ((uint8_t)ptr_processed_frame[i], (uint8_t)*(truth_aos_b + i)); + } + + Crypto_Shutdown(); + free(framed_aos_b); + free(truth_aos_b); + free(ptr_processed_frame); +} + +UTEST_MAIN(); \ No newline at end of file diff --git a/util/src_util/ut_crypto.c b/test/unit/ut_crypto.c similarity index 66% rename from util/src_util/ut_crypto.c rename to test/unit/ut_crypto.c index 90bb51b5..1c771050 100644 --- a/util/src_util/ut_crypto.c +++ b/test/unit/ut_crypto.c @@ -22,9 +22,8 @@ #include "ut_crypto.h" #include "crypto.h" #include "crypto_error.h" -#include "sadb_routine.h" +#include "sa_interface.h" #include "utest.h" -#include "gcrypt.h" /** * @brief Unit Test: Crypto Calc/Verify CRC16 @@ -53,11 +52,12 @@ UTEST(CRYPTO_C, CALC_CRC16) UTEST(CRYPTO_C, BAD_CC_FLAG) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_NO_FECF, TC_NO_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_NO_FECF, TC_NO_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_NO_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_NO_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); char* raw_tc_sdls_ping_h = "3003002000ff000100001880d2c9000e197f0b001b0004000400003040d95ea61a"; char* raw_tc_sdls_ping_b = NULL; @@ -86,11 +86,12 @@ UTEST(CRYPTO_C, PDU_SWITCH) { int32_t status = CRYPTO_LIB_ERROR; - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); sdls_frame.pdu.type = 0; @@ -99,151 +100,150 @@ UTEST(CRYPTO_C, PDU_SWITCH) sdls_frame.pdu.pid = PID_OTAR; uint8_t* ingest = NULL; - TC_t* tc_frame; - tc_frame = malloc(sizeof(uint8_t) * TC_SIZE); - status = Crypto_PDU(ingest, tc_frame); + TC_t tc_frame; + status = Crypto_PDU(ingest, &tc_frame); ASSERT_EQ(status, CRYPTO_LIB_SUCCESS); sdls_frame.pdu.pid = PID_KEY_ACTIVATION; - status = Crypto_PDU(ingest, tc_frame); + status = Crypto_PDU(ingest, &tc_frame); ASSERT_EQ(status, CRYPTO_LIB_SUCCESS); sdls_frame.pdu.pid = PID_KEY_DEACTIVATION; - status = Crypto_PDU(ingest, tc_frame); + status = Crypto_PDU(ingest, &tc_frame); ASSERT_EQ(status, CRYPTO_LIB_SUCCESS); sdls_frame.pdu.pdu_len = 0; sdls_frame.pdu.pid = PID_KEY_VERIFICATION; - status = Crypto_PDU(ingest, tc_frame); + status = Crypto_PDU(ingest, &tc_frame); ASSERT_EQ(status, CRYPTO_LIB_SUCCESS); sdls_frame.pdu.pid = PID_KEY_DESTRUCTION; - status = Crypto_PDU(ingest, tc_frame); + status = Crypto_PDU(ingest, &tc_frame); ASSERT_EQ(status, CRYPTO_LIB_SUCCESS); sdls_frame.pdu.pid = PID_KEY_INVENTORY; - status = Crypto_PDU(ingest, tc_frame); + status = Crypto_PDU(ingest, &tc_frame); ASSERT_EQ(status, CRYPTOGRAPHY_UNSUPPORTED_OPERATION_FOR_KEY_RING); sdls_frame.pdu.pid = SG_KEY_MGMT; - status = Crypto_PDU(ingest, tc_frame); + status = Crypto_PDU(ingest, &tc_frame); ASSERT_EQ(status, CRYPTO_LIB_SUCCESS); sdls_frame.pdu.sg = SG_SA_MGMT; sdls_frame.pdu.pid = PID_CREATE_SA; - status = Crypto_PDU(ingest, tc_frame); + status = Crypto_PDU(ingest, &tc_frame); ASSERT_EQ(status, CRYPTO_LIB_SUCCESS); sdls_frame.pdu.pid = PID_DELETE_SA; - status = Crypto_PDU(ingest, tc_frame); + status = Crypto_PDU(ingest, &tc_frame); ASSERT_EQ(status, CRYPTO_LIB_SUCCESS); sdls_frame.pdu.pid = PID_SET_ARSNW; - status = Crypto_PDU(ingest, tc_frame); + status = Crypto_PDU(ingest, &tc_frame); ASSERT_EQ(status, CRYPTO_LIB_SUCCESS); sdls_frame.pdu.pid = PID_REKEY_SA; - status = Crypto_PDU(ingest, tc_frame); + status = Crypto_PDU(ingest, &tc_frame); ASSERT_EQ(status, CRYPTO_LIB_SUCCESS); sdls_frame.pdu.pid = PID_EXPIRE_SA; - status = Crypto_PDU(ingest, tc_frame); + status = Crypto_PDU(ingest, &tc_frame); ASSERT_EQ(status, CRYPTO_LIB_SUCCESS); sdls_frame.pdu.pid = PID_SET_ARSN; - status = Crypto_PDU(ingest, tc_frame); + status = Crypto_PDU(ingest, &tc_frame); ASSERT_EQ(status, CRYPTO_LIB_SUCCESS); sdls_frame.pdu.pid = PID_START_SA; - status = Crypto_PDU(ingest, tc_frame); + status = Crypto_PDU(ingest, &tc_frame); ASSERT_EQ(status, CRYPTO_LIB_SUCCESS); sdls_frame.pdu.pid = PID_STOP_SA; - status = Crypto_PDU(ingest, tc_frame); + status = Crypto_PDU(ingest, &tc_frame); ASSERT_EQ(status, CRYPTO_LIB_SUCCESS); sdls_frame.pdu.pid = PID_READ_ARSN; - status = Crypto_PDU(ingest, tc_frame); + status = Crypto_PDU(ingest, &tc_frame); ASSERT_EQ(status, CRYPTO_LIB_ERROR); sdls_frame.pdu.pid = PID_SA_STATUS; - status = Crypto_PDU(ingest, tc_frame); + status = Crypto_PDU(ingest, &tc_frame); ASSERT_EQ(status, CRYPTO_LIB_ERROR); sdls_frame.pdu.pid = 0b111; - status = Crypto_PDU(ingest, tc_frame); + status = Crypto_PDU(ingest, &tc_frame); ASSERT_EQ(status, CRYPTO_LIB_SUCCESS); sdls_frame.pdu.sg = SG_SEC_MON_CTRL; sdls_frame.pdu.pid = PID_LOG_STATUS; - status = Crypto_PDU(ingest, tc_frame); + status = Crypto_PDU(ingest, &tc_frame); ASSERT_EQ(status, CRYPTO_LIB_ERROR); sdls_frame.pdu.pid = PID_DUMP_LOG; - status = Crypto_PDU(ingest, tc_frame); + status = Crypto_PDU(ingest, &tc_frame); ASSERT_EQ(status, CRYPTO_LIB_ERROR); sdls_frame.pdu.pid = PID_ERASE_LOG; - status = Crypto_PDU(ingest, tc_frame); + status = Crypto_PDU(ingest, &tc_frame); ASSERT_EQ(status, CRYPTO_LIB_ERROR); sdls_frame.pdu.pid = PID_SELF_TEST; - status = Crypto_PDU(ingest, tc_frame); + status = Crypto_PDU(ingest, &tc_frame); ASSERT_EQ(status, CRYPTO_LIB_ERROR); sdls_frame.pdu.pid = PID_ALARM_FLAG; - status = Crypto_PDU(ingest, tc_frame); + status = Crypto_PDU(ingest, &tc_frame); ASSERT_EQ(status, CRYPTO_LIB_SUCCESS); sdls_frame.pdu.pid = 0b1111; - status = Crypto_PDU(ingest, tc_frame); + status = Crypto_PDU(ingest, &tc_frame); ASSERT_EQ(status, CRYPTO_LIB_SUCCESS); sdls_frame.pdu.sg = PID_LOG_STATUS; sdls_frame.pdu.pid = PID_LOG_STATUS; - status = Crypto_PDU(ingest, tc_frame); + status = Crypto_PDU(ingest, &tc_frame); ASSERT_EQ(status, CRYPTO_LIB_SUCCESS); sdls_frame.pdu.uf = 1; sdls_frame.pdu.pid = 0; - status = Crypto_PDU(ingest, tc_frame); + status = Crypto_PDU(ingest, &tc_frame); ASSERT_EQ(status, CRYPTO_LIB_SUCCESS); sdls_frame.pdu.pid = 1; - status = Crypto_PDU(ingest, tc_frame); + status = Crypto_PDU(ingest, &tc_frame); ASSERT_EQ(status, CRYPTO_LIB_SUCCESS); sdls_frame.pdu.pid = 2; - status = Crypto_PDU(ingest, tc_frame); + status = Crypto_PDU(ingest, &tc_frame); ASSERT_EQ(status, CRYPTO_LIB_SUCCESS); sdls_frame.pdu.pid = 3; - status = Crypto_PDU(ingest, tc_frame); + status = Crypto_PDU(ingest, &tc_frame); ASSERT_EQ(status, CRYPTO_LIB_SUCCESS); sdls_frame.pdu.pid = 4; - status = Crypto_PDU(ingest, tc_frame); + status = Crypto_PDU(ingest, &tc_frame); ASSERT_EQ(status, CRYPTO_LIB_SUCCESS); sdls_frame.pdu.pid = 5; - status = Crypto_PDU(ingest, tc_frame); + status = Crypto_PDU(ingest, &tc_frame); ASSERT_EQ(status, CRYPTO_LIB_SUCCESS); sdls_frame.pdu.pid = 6; - status = Crypto_PDU(ingest, tc_frame); + status = Crypto_PDU(ingest, &tc_frame); ASSERT_EQ(status, CRYPTO_LIB_SUCCESS); sdls_frame.pdu.pid = 7; - status = Crypto_PDU(ingest, tc_frame); + status = Crypto_PDU(ingest, &tc_frame); ASSERT_EQ(status, CRYPTO_LIB_SUCCESS); sdls_frame.pdu.pid = 8; - status = Crypto_PDU(ingest, tc_frame); + status = Crypto_PDU(ingest, &tc_frame); ASSERT_EQ(status, CRYPTO_LIB_SUCCESS); sdls_frame.pdu.type = 1; sdls_frame.pdu.pid = 8; - status = Crypto_PDU(ingest, tc_frame); + status = Crypto_PDU(ingest, &tc_frame); ASSERT_EQ(status, CRYPTO_LIB_SUCCESS); } @@ -256,7 +256,7 @@ UTEST(CRYPTO_C, EXT_PROC_PDU) TC_t* tc_frame = NULL; tc_frame = malloc(sizeof(uint8_t) * TC_SIZE); int32_t status = CRYPTO_LIB_ERROR; - crypto_config->has_pus_hdr = TC_NO_PUS_HDR; + crypto_config.has_pus_hdr = TC_NO_PUS_HDR; tc_frame->tc_header.vcid = TC_SDLS_EP_VCID; tc_frame->tc_header.fl = 1; @@ -264,58 +264,17 @@ UTEST(CRYPTO_C, EXT_PROC_PDU) ASSERT_EQ(status, CRYPTO_LIB_SUCCESS); } -/* - * @brief Unit Test: Test that an SA set to use IV/ARSN without mallocing doesn't segfault and returns an error - **/ -UTEST(INVALID_SA_CONFIGS, INVALID_IV_ARSN) -{ - int32_t status = CRYPTO_LIB_ERROR; - uint8_t* ptr_enc_frame = NULL; - uint16_t enc_frame_len = 0; - // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, - TC_IGNORE_SA_STATE_TRUE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, - TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); - Crypto_Init(); - - char* jpl_frame_pt_h = "2003001c00ff000100001880d03e000a197f0b000300020093d4ba21c4555555555555"; - uint8_t* jpl_frame_pt_b = NULL; - int jpl_frame_pt_len = 0; - - // Expose/setup SAs for testing - SecurityAssociation_t* test_association = NULL; - test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); - sadb_routine->sadb_get_sa_from_spi(1, &test_association); - - // Convert input jpl frame - hex_conversion(jpl_frame_pt_h, (char**) &jpl_frame_pt_b, &jpl_frame_pt_len); - - // Should fail, as SA will be set to use ARSN, but ARSN pointer is NULL - free(test_association->arsn); - test_association->arsn = NULL; - status = Crypto_TC_ApplySecurity(jpl_frame_pt_b, jpl_frame_pt_len, &ptr_enc_frame, &enc_frame_len); - ASSERT_EQ(CRYPTO_LIB_ERR_NULL_ARSN, status); - - // Should fail, as SA will be set to use IV, but IV pointer is NULL - free(test_association->iv); - test_association->iv = NULL; - test_association->shivf_len = 12; - status = Crypto_TC_ApplySecurity(jpl_frame_pt_b, jpl_frame_pt_len, &ptr_enc_frame, &enc_frame_len); - ASSERT_EQ(CRYPTO_LIB_ERR_NULL_IV, status); -} - /** * @brief Unit Test: Crypto ACS Get Algorithm response **/ UTEST(CRYPTO_C, GET_ACS_ALGO) { - // Convert CRYPTOAES enum to GCRY_MAC_CMAC_AES int32_t libgcrypt_algo = -1; uint8_t crypto_algo = CRYPTO_MAC_CMAC_AES256; - libgcrypt_algo = cryptography_if->cryptography_get_acs_algo(crypto_algo); - ASSERT_EQ(libgcrypt_algo, GCRY_MAC_CMAC_AES); + + //// Convert CRYPTOAES enum to GCRY_MAC_CMAC_AES + //libgcrypt_algo = cryptography_if->cryptography_get_acs_algo(crypto_algo); + //ASSERT_EQ(libgcrypt_algo, GCRY_MAC_CMAC_AES); crypto_algo = 99; // Invalid / unsupported libgcrypt_algo = cryptography_if->cryptography_get_acs_algo(crypto_algo); @@ -346,11 +305,12 @@ UTEST(CRYPTO_C, GET_ACS_ALGO_KEY_LEN) **/ UTEST(CRYPTO_C, GET_ECS_ALGO) { - // Convert CRYPTOAES enum to GCRY_CIPHER_AES256 int32_t libgcrypt_algo = -1; int8_t crypto_algo = CRYPTO_CIPHER_AES256_GCM; - libgcrypt_algo = cryptography_if->cryptography_get_ecs_algo(crypto_algo); - ASSERT_EQ(libgcrypt_algo, GCRY_CIPHER_AES256); + + // Convert CRYPTOAES enum to GCRY_CIPHER_AES256 + //libgcrypt_algo = cryptography_if->cryptography_get_ecs_algo(crypto_algo); + //ASSERT_EQ(libgcrypt_algo, GCRY_CIPHER_AES256); crypto_algo = 99; // Invalid / unsupported libgcrypt_algo = cryptography_if->cryptography_get_ecs_algo(crypto_algo); diff --git a/util/src_util/ut_crypto_config.c b/test/unit/ut_crypto_config.c similarity index 60% rename from util/src_util/ut_crypto_config.c rename to test/unit/ut_crypto_config.c index 969ef9d6..f56f4494 100644 --- a/util/src_util/ut_crypto_config.c +++ b/test/unit/ut_crypto_config.c @@ -22,7 +22,7 @@ #include "ut_crypto_config.h" #include "crypto.h" #include "crypto_error.h" -#include "sadb_routine.h" +#include "sa_interface.h" #include "utest.h" /** @@ -30,14 +30,8 @@ **/ UTEST(CRYPTO_CONFIG, CRYPTO_INIT_WITH_INCOMPLETE_CONFIG) { - // Make use of Crypto_Init_With_Configs int32_t status = CRYPTO_LIB_ERROR; - CryptoConfig_t* crypto_config_p = NULL; - GvcidManagedParameters_t* gvcid_managed_paramenters_p = NULL; - SadbMariaDBConfig_t* sadb_mariadb_config_p = NULL; - CryptographyKmcCryptoServiceConfig_t* cryptography_kmc_crypto_config_p = NULL; - - status = Crypto_Init_With_Configs(crypto_config_p, gvcid_managed_paramenters_p, sadb_mariadb_config_p, cryptography_kmc_crypto_config_p); + status = Crypto_Init(); ASSERT_EQ(CRYPTO_CONFIGURATION_NOT_COMPLETE, status); } @@ -47,11 +41,11 @@ UTEST(CRYPTO_CONFIG, CRYPTO_INIT_WITH_INCOMPLETE_CONFIG) UTEST(CRYPTO_CONFIG, CRYPTO_INIT_NO_MANAGED_PARAM_CONFIG) { int32_t status = CRYPTO_LIB_ERROR; - CryptoConfig_t* crypto_config_p = malloc(sizeof(CryptoConfig_t) * sizeof(uint8_t)); + CryptoConfig_t* crypto_config_p = malloc(CRYPTO_CONFIG_SIZE); GvcidManagedParameters_t* gvcid_managed_paramenters_p = NULL; - SadbMariaDBConfig_t* sadb_mariadb_config_p = NULL; + SadbMariaDBConfig_t* sa_mariadb_config_p = NULL; CryptographyKmcCryptoServiceConfig_t* cryptography_kmc_crypto_config_p = NULL; - status = Crypto_Init_With_Configs(crypto_config_p, gvcid_managed_paramenters_p, sadb_mariadb_config_p, cryptography_kmc_crypto_config_p); + status = Crypto_Init_With_Configs(crypto_config_p, gvcid_managed_paramenters_p, sa_mariadb_config_p, cryptography_kmc_crypto_config_p); free(crypto_config_p); ASSERT_EQ(CRYPTO_MANAGED_PARAM_CONFIGURATION_NOT_COMPLETE, status); } @@ -62,63 +56,62 @@ UTEST(CRYPTO_CONFIG, CRYPTO_INIT_NO_MANAGED_PARAM_CONFIG) UTEST(CRYPTO_CONFIG, CRYPTO_INIT_MARIADB_NULL) { int32_t status = CRYPTO_LIB_ERROR; - CryptoConfig_t* crypto_config_p = malloc(sizeof(CryptoConfig_t) * sizeof(uint8_t)); + CryptoConfig_t* crypto_config_p = malloc(CRYPTO_CONFIG_SIZE); + crypto_config_p->key_type=KEY_TYPE_INTERNAL; + crypto_config_p->mc_type=MC_TYPE_INTERNAL; GvcidManagedParameters_t* gvcid_managed_paramenters_p = malloc(sizeof(GvcidManagedParameters_t)); gvcid_managed_paramenters_p->next = NULL; - SadbMariaDBConfig_t* sadb_mariadb_config_p = NULL; + SadbMariaDBConfig_t* sa_mariadb_config_p = NULL; CryptographyKmcCryptoServiceConfig_t* cryptography_kmc_crypto_config_p = NULL; - crypto_config->sadb_type = SADB_TYPE_MARIADB; - status = Crypto_Init_With_Configs(crypto_config_p, gvcid_managed_paramenters_p, sadb_mariadb_config_p, cryptography_kmc_crypto_config_p); + crypto_config_p->sa_type = SA_TYPE_MARIADB; + status = Crypto_Init_With_Configs(crypto_config_p, gvcid_managed_paramenters_p, sa_mariadb_config_p, cryptography_kmc_crypto_config_p); free(crypto_config_p); free(gvcid_managed_paramenters_p); ASSERT_EQ(CRYPTO_MARIADB_CONFIGURATION_NOT_COMPLETE, status); } -/** - * @brief Unit Test: Crypto Init with NULL KMC Crypto configuration - **/ -UTEST(CRYPTO_CONFIG, CRYPTO_INIT_KMCCRYPTO_NULL) -{ - int32_t status = CRYPTO_LIB_ERROR; - CryptoConfig_t* crypto_config = malloc(sizeof(CryptoConfig_t) * sizeof(uint8_t)); - GvcidManagedParameters_t* gvcid_managed_paramenters_p = malloc(sizeof(GvcidManagedParameters_t)); - gvcid_managed_paramenters_p->next = NULL; - SadbMariaDBConfig_t* sadb_mariadb_config_p = malloc(sizeof(SadbMariaDBConfig_t) * sizeof(uint8_t)); - CryptographyKmcCryptoServiceConfig_t* cryptography_kmc_crypto_config_p = NULL; - - crypto_config->sadb_type = SADB_TYPE_MARIADB; - crypto_config->cryptography_type = CRYPTOGRAPHY_TYPE_KMCCRYPTO; - - status = Crypto_Init_With_Configs(crypto_config, gvcid_managed_paramenters_p, sadb_mariadb_config_p, cryptography_kmc_crypto_config_p); - free(crypto_config); - free(gvcid_managed_paramenters_p); - free(sadb_mariadb_config_p); - ASSERT_EQ(CRYPTOGRAPHY_KMC_CRYPTO_SERVICE_CONFIGURATION_NOT_COMPLETE, status); -} - -/** - * @brief Unit Test: Crypto Init with Invalid Interface - **/ -UTEST(CRYPTO_CONFIG, CRYPTO_INIT_INVALID_INTERFACE) -{ - int32_t status = CRYPTO_LIB_ERROR; - CryptoConfig_t* crypto_config = malloc(sizeof(CryptoConfig_t) * sizeof(uint8_t)); - GvcidManagedParameters_t* gvcid_managed_paramenters_p = malloc(sizeof(GvcidManagedParameters_t)); - gvcid_managed_paramenters_p->next = NULL; - SadbMariaDBConfig_t* sadb_mariadb_config_p = malloc(sizeof(SadbMariaDBConfig_t) * sizeof(uint8_t)); - CryptographyKmcCryptoServiceConfig_t* cryptography_kmc_crypto_config_p = NULL; - - crypto_config->sadb_type = SADB_TYPE_MARIADB; - crypto_config->cryptography_type = 2; // Currently an invalid ENUM - - status = Crypto_Init_With_Configs(crypto_config, gvcid_managed_paramenters_p, sadb_mariadb_config_p, cryptography_kmc_crypto_config_p); - free(crypto_config); - free(gvcid_managed_paramenters_p); - free(sadb_mariadb_config_p); - ASSERT_EQ(CRYPTOGRAPHY_INVALID_CRYPTO_INTERFACE_TYPE, status); -} +///** +// * @brief Unit Test: Crypto Init with NULL KMC Crypto configuration +// **/ +//UTEST(CRYPTO_CONFIG, CRYPTO_INIT_KMCCRYPTO_NULL) +//{ +// int32_t status = CRYPTO_LIB_ERROR; +// CryptoConfig_t* crypto_config_p = malloc(CRYPTO_CONFIG_SIZE); +// crypto_config_p->key_type=KEY_TYPE_INTERNAL; +// crypto_config_p->mc_type=MC_TYPE_INTERNAL; +// GvcidManagedParameters_t* gvcid_managed_paramenters_p = malloc(sizeof(GvcidManagedParameters_t)); +// gvcid_managed_paramenters_p->next = NULL; +// SadbMariaDBConfig_t* sa_mariadb_config_p = malloc(sizeof(SadbMariaDBConfig_t) * sizeof(uint8_t)); +// CryptographyKmcCryptoServiceConfig_t* cryptography_kmc_crypto_config_p = NULL; +// +// crypto_config_p->sa_type = SA_TYPE_MARIADB; +// crypto_config_p->cryptography_type = CRYPTOGRAPHY_TYPE_KMCCRYPTO; +// +// status = Crypto_Init_With_Configs(crypto_config_p, gvcid_managed_paramenters_p, sa_mariadb_config_p, cryptography_kmc_crypto_config_p); +// free(crypto_config_p); +// free(gvcid_managed_paramenters_p); +// free(sa_mariadb_config_p); +// ASSERT_EQ(CRYPTOGRAPHY_KMC_CRYPTO_SERVICE_CONFIGURATION_NOT_COMPLETE, status); +//} + +///** +// * @brief Unit Test: Crypto Init with Invalid Interface +// **/ +//UTEST(CRYPTO_CONFIG, CRYPTO_INIT_INVALID_INTERFACE) +//{ +// int32_t status = CRYPTO_LIB_ERROR; +// +// status = Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_UNITIALIZED, +// IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, +// TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, +// TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, +// SA_INCREMENT_NONTRANSMITTED_IV_TRUE); +// status = Crypto_Init(); +// +// ASSERT_EQ(CRYPTOGRAPHY_INVALID_CRYPTO_INTERFACE_TYPE, status); +//} /** * @brief Unit Test: Crypto Init with invalid SADB @@ -126,19 +119,21 @@ UTEST(CRYPTO_CONFIG, CRYPTO_INIT_INVALID_INTERFACE) UTEST(CRYPTO_CONFIG, CRYPTO_INIT_INVALID_SADB) { int32_t status = CRYPTO_LIB_ERROR; - CryptoConfig_t* crypto_config_p = malloc(sizeof(CryptoConfig_t) * sizeof(uint8_t)); + CryptoConfig_t* crypto_config_p = malloc(CRYPTO_CONFIG_SIZE); + crypto_config_p->key_type=KEY_TYPE_INTERNAL; + crypto_config_p->mc_type=MC_TYPE_INTERNAL; GvcidManagedParameters_t* gvcid_managed_paramenters_p = malloc(sizeof(GvcidManagedParameters_t) * sizeof(uint8_t)); gvcid_managed_paramenters_p->next = NULL; - SadbMariaDBConfig_t* sadb_mariadb_config_p = malloc(sizeof(SadbMariaDBConfig_t) * sizeof(uint8_t)); + SadbMariaDBConfig_t* sa_mariadb_config_p = malloc(sizeof(SadbMariaDBConfig_t) * sizeof(uint8_t)); CryptographyKmcCryptoServiceConfig_t* cryptography_kmc_crypto_config_p = NULL; - crypto_config->sadb_type = 2; // Currently an invalid ENUM - crypto_config->cryptography_type = 2; // Currently an invalid ENUM + crypto_config_p->sa_type = 99; // Currently an invalid ENUM + crypto_config_p->cryptography_type = 99; // Currently an invalid ENUM - status = Crypto_Init_With_Configs(crypto_config_p, gvcid_managed_paramenters_p, sadb_mariadb_config_p, cryptography_kmc_crypto_config_p); + status = Crypto_Init_With_Configs(crypto_config_p, gvcid_managed_paramenters_p, sa_mariadb_config_p, cryptography_kmc_crypto_config_p); free(crypto_config_p); free(gvcid_managed_paramenters_p); - free(sadb_mariadb_config_p); + free(sa_mariadb_config_p); ASSERT_EQ(SADB_INVALID_SADB_TYPE, status); } @@ -196,18 +191,19 @@ UTEST(CRYPTO_CONFIG, CRYPTO_CONFIG_KMC) UTEST(CRYPTO_CONFIG, CRYPTO_INIT_KMC_OK) { int32_t status = CRYPTO_LIB_ERROR; - CryptoConfig_t* crypto_config_p = malloc(sizeof(CryptoConfig_t) * sizeof(uint8_t)); + CryptoConfig_t* crypto_config_p = malloc(CRYPTO_CONFIG_SIZE); + crypto_config_p->key_type=KEY_TYPE_INTERNAL; GvcidManagedParameters_t* gvcid_managed_paramenters_p = malloc(sizeof(GvcidManagedParameters_t) * sizeof(uint8_t)); - SadbMariaDBConfig_t* sadb_mariadb_config_p = malloc(sizeof(SadbMariaDBConfig_t) * sizeof(uint8_t)); + SadbMariaDBConfig_t* sa_mariadb_config_p = malloc(sizeof(SadbMariaDBConfig_t) * sizeof(uint8_t)); CryptographyKmcCryptoServiceConfig_t* cryptography_kmc_crypto_config_p = malloc(sizeof(CryptographyKmcCryptoServiceConfig_t) * sizeof(uint8_t)); - crypto_config->sadb_type = SADB_TYPE_MARIADB; - crypto_config->cryptography_type = CRYPTOGRAPHY_TYPE_KMCCRYPTO; + crypto_config_p->sa_type = SA_TYPE_MARIADB; + crypto_config_p->cryptography_type = CRYPTOGRAPHY_TYPE_KMCCRYPTO; - status = Crypto_Init_With_Configs(crypto_config_p, gvcid_managed_paramenters_p, sadb_mariadb_config_p, cryptography_kmc_crypto_config_p); + status = Crypto_Init_With_Configs(crypto_config_p, gvcid_managed_paramenters_p, sa_mariadb_config_p, cryptography_kmc_crypto_config_p); free(crypto_config_p); free(gvcid_managed_paramenters_p); - free(sadb_mariadb_config_p); + free(sa_mariadb_config_p); free(cryptography_kmc_crypto_config_p); ASSERT_EQ(CRYPTOGRAPHY_KMC_CRYPTO_SERVICE_CONFIGURATION_NOT_COMPLETE, status); } diff --git a/util/src_util/ut_crypto_mc.c b/test/unit/ut_crypto_mc.c similarity index 94% rename from util/src_util/ut_crypto_mc.c rename to test/unit/ut_crypto_mc.c index a78d62e1..32b1ecfb 100644 --- a/util/src_util/ut_crypto_mc.c +++ b/test/unit/ut_crypto_mc.c @@ -22,7 +22,7 @@ #include "ut_crypto_mc.h" #include "crypto.h" #include "crypto_error.h" -#include "sadb_routine.h" +#include "sa_interface.h" #include "utest.h" @@ -82,13 +82,13 @@ UTEST(CRYPTO_MC, READARSN) int count = 0; uint8_t ingest[1024] = {0}; Crypto_Init_TC_Unit_Test(); - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); SecurityAssociation_t* test_association = NULL; test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t)); - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); count = Crypto_SA_readARSN(ingest); - sadb_routine = sadb_routine; + sa_if = sa_if; ASSERT_EQ(11, count); // Future me's problem... why? } diff --git a/util/src_util/ut_mysql_m_tls_connection.c b/test/unit/ut_mysql_m_tls_connection.c similarity index 91% rename from util/src_util/ut_mysql_m_tls_connection.c rename to test/unit/ut_mysql_m_tls_connection.c index bef9b75a..57169255 100644 --- a/util/src_util/ut_mysql_m_tls_connection.c +++ b/test/unit/ut_mysql_m_tls_connection.c @@ -25,7 +25,7 @@ i) ssl_cert=/etc/pki/tls/certs/local-test-cert.pem ii) ssl_key=/etc/pki/tls/private/local-test-key.pem iii) ssl_ca=/etc/pki/tls/certs/ammos-ca-bundle.crt - 3)IMPORTANT:Build with "cmake -DMYSQL=ON ." + 3)IMPORTANT:Build with "cmake -DSA_MARIADB=ON ." * IMPORTANT:The database must have similar configuration for this test to succeed: MariaDB server to use the standard host-based . @@ -56,7 +56,7 @@ Password: mTLS does not require a password. #include "crypto_error.h" #include "crypto.h" #include "crypto_error.h" -#include "sadb_routine.h" +#include "sa_interface.h" #include "crypto_config_structs.h" #include @@ -90,13 +90,13 @@ UTEST(MARIA_DB_CONNECTION_TESTS, TLS_TEST) { ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); /*Prepare SADB type from config*/ status = Crypto_Init_TC_Unit_Test_For_DB(); - SadbRoutine sadb_routine = get_sadb_routine_mariadb(); + SaInterface sa_if = get_sa_interface_mariadb(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); printf("END mariadb connection, TLS test() status:%d \n", status); printf("START mariadb connection, mTLS test() \n"); status = 0; //close the connection to avoid a duplicate connection error when running the test multiple times. - sadb_routine->sadb_close(); + sa_if->sa_close(); /*connection input parameters. Note: username, pass, and paths may differ on your system*/ mysql_username = "testuser2"; @@ -117,23 +117,24 @@ UTEST(MARIA_DB_CONNECTION_TESTS, TLS_TEST) { ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); printf("END mariadb connection, mTLS test() status:%d \n", status); //close the connection to avoid a duplicate connection error when running the test multiple times. - sadb_routine->sadb_close(); + sa_if->sa_close(); } /*Helper Functions:*/ /* - * Note: SADB_TYPE_INMEMORY was change to SADB_TYPE_MARIADB for this test only. + * Note: SA_TYPE_INMEMORY was change to SA_TYPE_MARIADB for this test only. */ int32_t Crypto_Init_TC_Unit_Test_For_DB(void) { int32_t status = CRYPTO_LIB_SUCCESS; - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_TRUE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); return status; } diff --git a/util/src_util/ut_mysql_tls_connection.c b/test/unit/ut_mysql_tls_connection.c similarity index 91% rename from util/src_util/ut_mysql_tls_connection.c rename to test/unit/ut_mysql_tls_connection.c index 9eec5ab3..7fd6318b 100644 --- a/util/src_util/ut_mysql_tls_connection.c +++ b/test/unit/ut_mysql_tls_connection.c @@ -25,7 +25,7 @@ i) ssl_cert=/etc/pki/tls/certs/ammos-server-cert.pem ii) ssl_key=/etc/pki/tls/private/ammos-server-key.pem iii) ssl_ca=/etc/pki/tls/certs/ammos-ca-bundle.crt - 3)IMPORTANT:Build with "cmake -DMYSQL=ON ." + 3)IMPORTANT:Build with "cmake -DSA_MARIADB=ON ." * IMPORTANT:The database must have similar configuration for this test to succeed: MariaDB server to use the standard host-based . @@ -56,7 +56,7 @@ Password: #include "crypto_error.h" #include "crypto.h" #include "crypto_error.h" -#include "sadb_routine.h" +#include "sa_interface.h" #include "crypto_config_structs.h" #include @@ -108,16 +108,17 @@ UTEST(MARIA_DB_CONNECTION_TESTS, TLS_TEST) { /*Helper Functions:*/ /* - * Note: SADB_TYPE_INMEMORY was change to SADB_TYPE_MARIADB for this test only. + * Note: SA_TYPE_INMEMORY was change to SA_TYPE_MARIADB for this test only. */ int32_t Crypto_Init_TC_Unit_Test_For_DB(void) { int32_t status = CRYPTO_LIB_SUCCESS; - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_TRUE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); return status; } diff --git a/util/src_util/ut_sadb_err_cases_kmc_crypto.c b/test/unit/ut_sadb_err_cases_kmc_crypto.c similarity index 82% rename from util/src_util/ut_sadb_err_cases_kmc_crypto.c rename to test/unit/ut_sadb_err_cases_kmc_crypto.c index 169bcc33..0b59e12b 100644 --- a/util/src_util/ut_sadb_err_cases_kmc_crypto.c +++ b/test/unit/ut_sadb_err_cases_kmc_crypto.c @@ -21,7 +21,7 @@ **/ #include "crypto.h" #include "crypto_error.h" -#include "sadb_routine.h" +#include "sa_interface.h" #include "utest.h" #include "crypto.h" @@ -45,16 +45,17 @@ UTEST(KMC_CRYPTO, ONLY_KEYED_SA_AVAILABLE_FOR_GVCID) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); -// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); -// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); -// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 2, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); -// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 3, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 33, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 2, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 3, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 33, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); @@ -96,16 +97,17 @@ UTEST(KMC_CRYPTO, ONLY_KEYED_SA_AVAILABLE_FOR_GVCID) UTEST(KMC_CRYPTO, ONLY_UNKEYED_SA_AVAILABLE_FOR_GVCID) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); -// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); -// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); -// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 2, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); -// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 3, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 32, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 2, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 3, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 32, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); @@ -147,16 +149,17 @@ UTEST(KMC_CRYPTO, ONLY_UNKEYED_SA_AVAILABLE_FOR_GVCID) UTEST(KMC_CRYPTO, NULL_EKID_BLANK_ECS_ERROR) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); -// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); -// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); -// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 2, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); -// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 3, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 34, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 2, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 3, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 34, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); @@ -198,16 +201,17 @@ UTEST(KMC_CRYPTO, NULL_EKID_BLANK_ECS_ERROR) UTEST(KMC_CRYPTO, INVALID_ABM_LENGTH_FOR_FRAME_WITH_SEG_HEADERS) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); -// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); -// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); -// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 2, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); -// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 3, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 28, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 2, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); +// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 3, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 28, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); diff --git a/util/src_util/ut_tc_apply.c b/test/unit/ut_tc_apply.c similarity index 80% rename from util/src_util/ut_tc_apply.c rename to test/unit/ut_tc_apply.c index 0130f123..f8e82238 100644 --- a/util/src_util/ut_tc_apply.c +++ b/test/unit/ut_tc_apply.c @@ -22,7 +22,7 @@ #include "ut_tc_apply.h" #include "crypto.h" #include "crypto_error.h" -#include "sadb_routine.h" +#include "sa_interface.h" #include "utest.h" /** @@ -38,20 +38,21 @@ UTEST(TC_APPLY_SECURITY, NO_CRYPTO_INIT) int raw_tc_sdls_ping_len = 0; hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_TRUE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); uint8_t* ptr_enc_frame = NULL; uint16_t enc_frame_len = 0; int32_t return_val = CRYPTO_LIB_ERROR; return_val = Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); - ASSERT_EQ(CRYPTO_LIB_ERR_NO_INIT, return_val); + ASSERT_EQ(CRYPTO_LIB_ERR_NO_CONFIG, return_val); char* error_enum = Crypto_Get_Error_Code_Enum_String(return_val); - ASSERT_STREQ("CRYPTO_LIB_ERR_NO_INIT",error_enum); + ASSERT_STREQ("CRYPTO_LIB_ERR_NO_CONFIG",error_enum); free(raw_tc_sdls_ping_b); Crypto_Shutdown(); } @@ -119,7 +120,7 @@ UTEST(TC_APPLY_SECURITY, HAPPY_PATH_ENC) char* raw_tc_sdls_ping_h = "20030015000080d2c70008197f0b00310000b1fe3128"; char* raw_tc_sdls_ping_b = NULL; int raw_tc_sdls_ping_len = 0; - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); @@ -130,9 +131,9 @@ UTEST(TC_APPLY_SECURITY, HAPPY_PATH_ENC) SecurityAssociation_t* test_association; // Expose the SADB Security Association for test edits. - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sadb_routine->sadb_get_sa_from_spi(4, &test_association); + sa_if->sa_get_from_spi(4, &test_association); test_association->gvcid_blk.vcid = 0; test_association->sa_state = SA_OPERATIONAL; test_association->ast = 0; @@ -156,7 +157,7 @@ UTEST(TC_APPLY_SECURITY, HAPPY_PATH_ENC_CBC) char* raw_tc_sdls_ping_h = "20030015000080d2c70008197f0b00310000b1fe3128"; char* raw_tc_sdls_ping_b = NULL; int raw_tc_sdls_ping_len = 0; - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); @@ -167,14 +168,14 @@ UTEST(TC_APPLY_SECURITY, HAPPY_PATH_ENC_CBC) SecurityAssociation_t* test_association; // Expose the SADB Security Association for test edits. - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sadb_routine->sadb_get_sa_from_spi(11, &test_association); + sa_if->sa_get_from_spi(11, &test_association); printf("SPI: %d\n", test_association->spi); test_association->sa_state = SA_OPERATIONAL; test_association->ast = 0; test_association->arsn_len = 0; - sadb_routine->sadb_get_sa_from_spi(11, &test_association); + sa_if->sa_get_from_spi(11, &test_association); return_val = Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); @@ -193,7 +194,7 @@ UTEST(TC_APPLY_SECURITY, HAPPY_PATH_AUTH_ENC) char* raw_tc_sdls_ping_h = "20030015000080d2c70008197f0b00310000b1fe3128"; char* raw_tc_sdls_ping_b = NULL; int raw_tc_sdls_ping_len = 0; - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); @@ -204,9 +205,9 @@ UTEST(TC_APPLY_SECURITY, HAPPY_PATH_AUTH_ENC) SecurityAssociation_t* test_association; // Expose the SADB Security Association for test edits. - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sadb_routine->sadb_get_sa_from_spi(4, &test_association); + sa_if->sa_get_from_spi(4, &test_association); test_association->gvcid_blk.vcid = 0; test_association->sa_state = SA_OPERATIONAL; test_association->arsn_len = 0; @@ -240,7 +241,7 @@ UTEST(TC_APPLY_SECURITY, HAPPY_PATH_APPLY_NONTRANSMITTED_INCREMENTING_IV_ROLLOVE int new_iv_len = 0; int expected_iv_len = 0; - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); hex_conversion(new_iv_h, &new_iv_b, &new_iv_len); @@ -252,9 +253,9 @@ UTEST(TC_APPLY_SECURITY, HAPPY_PATH_APPLY_NONTRANSMITTED_INCREMENTING_IV_ROLLOVE SecurityAssociation_t* test_association; // Expose the SADB Security Association for test edits. - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sadb_routine->sadb_get_sa_from_spi(4, &test_association); + sa_if->sa_get_from_spi(4, &test_association); test_association->gvcid_blk.vcid = 0; test_association->sa_state = SA_OPERATIONAL; test_association->shivf_len = 6; @@ -300,11 +301,12 @@ UTEST(TC_APPLY_SECURITY, HAPPY_PATH_APPLY_NONTRANSMITTED_INCREMENTING_IV_ROLLOVE UTEST(TC_APPLY_SECURITY, HAPPY_PATH_APPLY_STATIC_IV_ROLLOVER) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); char* raw_tc_sdls_ping_h = "20030015000080d2c70008197f0b00310000b1fe3128"; char* raw_tc_sdls_ping_b = NULL; @@ -319,7 +321,7 @@ UTEST(TC_APPLY_SECURITY, HAPPY_PATH_APPLY_STATIC_IV_ROLLOVER) int new_iv_len = 0; int expected_iv_len = 0; - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); hex_conversion(new_iv_h, &new_iv_b, &new_iv_len); @@ -331,9 +333,9 @@ UTEST(TC_APPLY_SECURITY, HAPPY_PATH_APPLY_STATIC_IV_ROLLOVER) SecurityAssociation_t* test_association; // Expose the SADB Security Association for test edits. - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sadb_routine->sadb_get_sa_from_spi(4, &test_association); + sa_if->sa_get_from_spi(4, &test_association); test_association->gvcid_blk.vcid = 0; test_association->sa_state = SA_OPERATIONAL; test_association->shivf_len = 6; @@ -379,10 +381,11 @@ UTEST(TC_APPLY_SECURITY, HAPPY_PATH_APPLY_STATIC_IV_ROLLOVER) UTEST(TC_APPLY_SECURITY, HAPPY_PATH_APPLY_NONTRANSMITTED_INCREMENTING_ARSN_ROLLOVER) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); char* raw_tc_sdls_ping_h = "20030015000080d2c70008197f0b00310000b1fe3128"; char* raw_tc_sdls_ping_b = NULL; @@ -397,7 +400,7 @@ UTEST(TC_APPLY_SECURITY, HAPPY_PATH_APPLY_NONTRANSMITTED_INCREMENTING_ARSN_ROLLO int new_arsn_len = 0; int expected_arsn_len = 0; - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); hex_conversion(new_arsn_h, &new_arsn_b, &new_arsn_len); @@ -409,9 +412,9 @@ UTEST(TC_APPLY_SECURITY, HAPPY_PATH_APPLY_NONTRANSMITTED_INCREMENTING_ARSN_ROLLO SecurityAssociation_t* test_association; // Expose the SADB Security Association for test edits. - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sadb_routine->sadb_get_sa_from_spi(4, &test_association); + sa_if->sa_get_from_spi(4, &test_association); test_association->gvcid_blk.vcid = 0; test_association->sa_state = SA_OPERATIONAL; test_association->shivf_len = 0; @@ -419,16 +422,11 @@ UTEST(TC_APPLY_SECURITY, HAPPY_PATH_APPLY_NONTRANSMITTED_INCREMENTING_ARSN_ROLLO test_association->est=0; test_association->ast=1; test_association->ecs_len=1; - free(test_association->ecs); - test_association->ecs = calloc(1, test_association->ecs_len * sizeof(uint8_t)); - *test_association->ecs = CRYPTO_CIPHER_NONE; + test_association->ecs = CRYPTO_CIPHER_NONE; test_association->acs_len=1; - free(test_association->acs); - test_association->acs = calloc(1, test_association->acs_len * sizeof(uint8_t)); - *test_association->acs = CRYPTO_MAC_CMAC_AES256; + test_association->acs = CRYPTO_MAC_CMAC_AES256; test_association->arsn_len = 3; test_association->shsnf_len = 2; - test_association->arsn = calloc(1,test_association->arsn_len); memcpy(test_association->arsn, (uint8_t *)new_arsn_b, new_arsn_len); // This TA was originally setup for AESGCM, need to specify an akid so we can use it for a MAC test_association->akid = 130; @@ -484,11 +482,12 @@ UTEST(TC_APPLY_SECURITY, HAPPY_PATH_APPLY_NONTRANSMITTED_INCREMENTING_ARSN_ROLLO UTEST(TC_APPLY_SECURITY, BAD_SPACE_CRAFT_ID) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); char* raw_tc_sdls_ping_bad_scid_h = "20010015000080d2c70008197f0b00310000b1fe3128"; char* raw_tc_sdls_ping_bad_scid_b = NULL; @@ -515,11 +514,12 @@ UTEST(TC_APPLY_SECURITY, BAD_SPACE_CRAFT_ID) UTEST(TC_APPLY_SECURITY, BAD_VIRTUAL_CHANNEL_ID) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); char* raw_tc_sdls_ping_bad_vcid_h = "20032015000080d2c70008197f0b00310000b1fe3128"; char* raw_tc_sdls_ping_bad_vcid_b = NULL; @@ -547,11 +547,12 @@ UTEST(TC_APPLY_SECURITY, BAD_VIRTUAL_CHANNEL_ID) UTEST(TC_APPLY_SECURITY, NULL_BUFFER) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); long buffer_size = 0; uint8_t* buffer = NULL; @@ -582,10 +583,11 @@ UTEST(TC_APPLY_SECURITY, INVALID_FRAME_SIZE) uint8_t* ptr_enc_frame = NULL; uint16_t enc_frame_len = 0; // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 4); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 4, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); char* test_frame_pt_h = "2003001c00ff000100001880d03e000a197f0b000300020093d4ba21c4"; @@ -595,7 +597,7 @@ UTEST(TC_APPLY_SECURITY, INVALID_FRAME_SIZE) // Expose/setup SAs for testing SecurityAssociation_t* test_association; - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->arsn_len = 0; test_association->shsnf_len = 0; @@ -607,12 +609,12 @@ UTEST(TC_APPLY_SECURITY, INVALID_FRAME_SIZE) // Expose/setup SAs for testing test_association->sa_state = SA_NONE; - sadb_routine->sadb_get_sa_from_spi(8, &test_association); + sa_if->sa_get_from_spi(8, &test_association); test_association->arsn_len = 0; test_association->shsnf_len = 0; test_association->sa_state = SA_OPERATIONAL; // Reset Managed Parameters for this channel to an invalid maximum - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 2047); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 2047, AOS_FHEC_NA, AOS_IZ_NA, 0); // Convert input test frame hex_conversion(long_frame_pt_h, (char**) &long_frame_pt_b, &long_frame_pt_len); // Should fail, as frame length violates the spec max @@ -629,10 +631,11 @@ UTEST(TC_APPLY_SECURITY, ERROR_TC_INPUT_FRAME_TOO_SHORT_FOR_SPEC) uint8_t* ptr_enc_frame = NULL; uint16_t enc_frame_len = 0; // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 4); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 4, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); @@ -643,7 +646,7 @@ UTEST(TC_APPLY_SECURITY, ERROR_TC_INPUT_FRAME_TOO_SHORT_FOR_SPEC) // Expose/setup SAs for testing SecurityAssociation_t* test_association; - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->arsn_len = 0; test_association->shsnf_len = 0; @@ -662,10 +665,11 @@ UTEST(TC_APPLY_SECURITY, ERROR_TC_INPUT_FRAME_TOO_SHORT_FOR_SPECIFIED_FRAME_LENG uint8_t* ptr_enc_frame = NULL; uint16_t enc_frame_len = 0; // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 4); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 4, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); @@ -676,7 +680,7 @@ UTEST(TC_APPLY_SECURITY, ERROR_TC_INPUT_FRAME_TOO_SHORT_FOR_SPECIFIED_FRAME_LENG // Expose/setup SAs for testing SecurityAssociation_t* test_association; - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->arsn_len = 0; test_association->shsnf_len = 0; @@ -695,21 +699,22 @@ UTEST(TC_APPLY_SECURITY, ERROR_TC_INPUT_FRAME_TOO_SHORT_FOR_SPECIFIED_FRAME_LENG UTEST(TC_APPLY_SECURITY, ENC_CBC_1BP) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t return_val = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); char* raw_tc_sdls_ping_h = "20030016000080d2c70008197f0b0031000000b1fe3128"; char* raw_tc_sdls_ping_b = NULL; int raw_tc_sdls_ping_len = 0; - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); @@ -718,15 +723,15 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_1BP) SecurityAssociation_t* test_association; // Expose the SADB Security Association for test edits. - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sadb_routine->sadb_get_sa_from_spi(11, &test_association); + sa_if->sa_get_from_spi(11, &test_association); printf("SPI: %d\n", test_association->spi); test_association->sa_state = SA_OPERATIONAL; test_association->arsn_len = 0; test_association->ast = 0; test_association->stmacf_len = 0; - sadb_routine->sadb_get_sa_from_spi(11, &test_association); + sa_if->sa_get_from_spi(11, &test_association); return_val = Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); @@ -756,21 +761,22 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_1BP) UTEST(TC_APPLY_SECURITY, ENC_CBC_16BP) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t return_val = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); char* raw_tc_sdls_ping_h = "20030017000080d2c70008197f0b003100000000b1fe3128"; char* raw_tc_sdls_ping_b = NULL; int raw_tc_sdls_ping_len = 0; - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); @@ -779,15 +785,15 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_16BP) SecurityAssociation_t* test_association; // Expose the SADB Security Association for test edits. - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sadb_routine->sadb_get_sa_from_spi(11, &test_association); + sa_if->sa_get_from_spi(11, &test_association); printf("SPI: %d\n", test_association->spi); test_association->sa_state = SA_OPERATIONAL; test_association->ast = 0; test_association->stmacf_len = 0; test_association->arsn_len = 0; - sadb_routine->sadb_get_sa_from_spi(11, &test_association); + sa_if->sa_get_from_spi(11, &test_association); return_val = Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); @@ -819,21 +825,22 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_16BP) UTEST(TC_APPLY_SECURITY, ENC_CBC_FRAME_MAX) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t return_val = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); char* raw_tc_sdls_ping_h = "200303E3000080d2c70008197f0b003100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b1fed255"; char* raw_tc_sdls_ping_b = NULL; int raw_tc_sdls_ping_len = 0; - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); @@ -842,13 +849,13 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_FRAME_MAX) SecurityAssociation_t* test_association; // Expose the SADB Security Association for test edits. - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sadb_routine->sadb_get_sa_from_spi(11, &test_association); + sa_if->sa_get_from_spi(11, &test_association); test_association->sa_state = SA_OPERATIONAL; test_association->ast = 0; test_association->arsn_len = 0; - sadb_routine->sadb_get_sa_from_spi(11, &test_association); + sa_if->sa_get_from_spi(11, &test_association); return_val = Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); @@ -866,21 +873,22 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_FRAME_MAX) UTEST(TC_APPLY_SECURITY, ENC_CBC_FRAME_TOO_BIG) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t return_val = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); char* raw_tc_sdls_ping_h = "200303F7000080d2c70008197f0b0031000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b1fed255"; char* raw_tc_sdls_ping_b = NULL; int raw_tc_sdls_ping_len = 0; - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); @@ -889,13 +897,13 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_FRAME_TOO_BIG) SecurityAssociation_t* test_association; // Expose the SADB Security Association for test edits. - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sadb_routine->sadb_get_sa_from_spi(11, &test_association); + sa_if->sa_get_from_spi(11, &test_association); test_association->sa_state = SA_OPERATIONAL; test_association->ast = 0; test_association->arsn_len = 0; - sadb_routine->sadb_get_sa_from_spi(11, &test_association); + sa_if->sa_get_from_spi(11, &test_association); return_val = Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); @@ -909,14 +917,15 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_FRAME_TOO_BIG) UTEST(TC_APPLY_SECURITY, ENC_CBC_1BP_1) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t return_val = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); @@ -932,7 +941,7 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_1BP_1) int new_iv_len = 12; // int expected_iv_len = 0; - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); hex_conversion(new_iv_h, &new_iv_b, &new_iv_len); @@ -942,9 +951,9 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_1BP_1) SecurityAssociation_t* test_association; // Expose the SADB Security Association for test edits. - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sadb_routine->sadb_get_sa_from_spi(11, &test_association); + sa_if->sa_get_from_spi(11, &test_association); printf("SPI: %d\n", test_association->spi); test_association->sa_state = SA_OPERATIONAL; test_association->ast = 0; @@ -952,7 +961,7 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_1BP_1) test_association->iv_len = 12; test_association->shivf_len = 12; memcpy(test_association->iv + (test_association->iv_len - test_association->shivf_len), new_iv_b, new_iv_len); - sadb_routine->sadb_get_sa_from_spi(11, &test_association); + sa_if->sa_get_from_spi(11, &test_association); return_val = Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); @@ -981,14 +990,16 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_1BP_1) UTEST(TC_APPLY_SECURITY, ENC_CBC_NULL_IV) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, - TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, - TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_CRYPTO_MODULE, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, + TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, + TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, + SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t return_val = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); @@ -1004,7 +1015,7 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_NULL_IV) int new_iv_len = 12; // int expected_iv_len = 0; - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); hex_conversion(new_iv_h, &new_iv_b, &new_iv_len); @@ -1014,16 +1025,15 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_NULL_IV) SecurityAssociation_t* test_association; // Expose the SADB Security Association for test edits. - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sadb_routine->sadb_get_sa_from_spi(11, &test_association); + sa_if->sa_get_from_spi(11, &test_association); printf("SPI: %d\n", test_association->spi); test_association->sa_state = SA_OPERATIONAL; test_association->ast = 0; test_association->arsn_len = 0; test_association->iv_len = 0; test_association->shivf_len = 0; - test_association->iv = NULL; return_val = Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); @@ -1035,7 +1045,7 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_NULL_IV) //printf("Encrypted Frame:\n"); for(int i = 0; i < enc_frame_len; i++) { - //printf("%02x -> %02x ", ptr_enc_frame[i], truth_data_b[i]); + printf("%02x -> %02x \n", ptr_enc_frame[i], truth_data_b[i]); ASSERT_EQ(ptr_enc_frame[i], truth_data_b[i]); } //printf("\n"); @@ -1051,14 +1061,16 @@ UTEST(TC_APPLY_SECURITY, ENC_CBC_NULL_IV) UTEST(TC_APPLY_SECURITY, CBC_NULL_IV_W_IVH) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, - TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, - TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_CRYPTO_MODULE, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, + TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, + TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, + SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t return_val = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); @@ -1074,28 +1086,29 @@ UTEST(TC_APPLY_SECURITY, CBC_NULL_IV_W_IVH) int new_iv_len = 12; // int expected_iv_len = 0; - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); hex_conversion(new_iv_h, &new_iv_b, &new_iv_len); - uint8_t* ptr_enc_frame = NULL; + uint8_t enc_frame[2048]; + uint8_t* ptr_enc_frame = &enc_frame[0]; uint16_t enc_frame_len = 0; SecurityAssociation_t* test_association; // Expose the SADB Security Association for test edits. - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; - sadb_routine->sadb_get_sa_from_spi(11, &test_association); + sa_if->sa_get_from_spi(11, &test_association); printf("SPI: %d\n", test_association->spi); test_association->sa_state = SA_OPERATIONAL; test_association->ast = 0; test_association->arsn_len = 0; test_association->iv_len = 16; test_association->shivf_len = 16; - test_association->iv = NULL; - return_val = - Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); + return_val = Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, + &ptr_enc_frame, &enc_frame_len); + ASSERT_EQ(CRYPTO_LIB_ERR_NULL_IV, return_val); char* truth_data_h = "200300260000000BFFEEDDCCBBAA00000000000001BD8722C9D22E0CB109AC402748F672067D37"; @@ -1103,6 +1116,7 @@ UTEST(TC_APPLY_SECURITY, CBC_NULL_IV_W_IVH) int truth_data_l = 0; hex_conversion(truth_data_h, (char **)&truth_data_b, &truth_data_l); + printf("Received Encrypted Frame of length %d bytes:\n\t", enc_frame_len); for(int i = 0; i < enc_frame_len; i++) { @@ -1114,8 +1128,49 @@ UTEST(TC_APPLY_SECURITY, CBC_NULL_IV_W_IVH) Crypto_Shutdown(); free(truth_data_b); free(raw_tc_sdls_ping_b); - free(ptr_enc_frame); } +/* +* @brief: Unit Test: Verify plaintext with an ARSN places bytes appropriately. +* Use a full length verification of all bytes. Exists due to found bug. +*/ +UTEST(TC_APPLY_SECURITY, PLAINTEXT_W_ARSN) +{ + // Setup & Initialize CryptoLib + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_TRUE, + TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Init(); + // Test string + char* raw_tc_sdls_ping_h = "2003001F00000100011880D2C9000E197F0B001B0004000400003040D95E0000"; + char* raw_tc_sdls_ping_b = NULL; + int raw_tc_sdls_ping_len = 0; + + hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len); + + uint8_t* ptr_enc_frame = NULL; + uint16_t enc_frame_len = 0; + int32_t return_val = CRYPTO_LIB_ERROR; + + return_val = Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len); + + char* truth_data_h = "200300230000010000000100011880D2C9000E197F0B001B0004000400003040D95E85F3"; + uint8_t* truth_data_b = NULL; + int truth_data_l = 0; + + hex_conversion(truth_data_h, (char **)&truth_data_b, &truth_data_l); + //printf("Encrypted Frame:\n"); + for(int i = 0; i < enc_frame_len; i++) + { + printf("%02x -> %02x ", ptr_enc_frame[i], truth_data_b[i]); + ASSERT_EQ(ptr_enc_frame[i], truth_data_b[i]); + } + + Crypto_Shutdown(); + free(raw_tc_sdls_ping_b); + ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); +} UTEST_MAIN(); diff --git a/util/src_util/ut_tc_process.c b/test/unit/ut_tc_process.c similarity index 72% rename from util/src_util/ut_tc_process.c rename to test/unit/ut_tc_process.c index f548d306..2fa19fc0 100644 --- a/util/src_util/ut_tc_process.c +++ b/test/unit/ut_tc_process.c @@ -23,7 +23,7 @@ #include "crypto.h" #include "crypto_error.h" #include "crypto_print.h" -#include "sadb_routine.h" +#include "sa_interface.h" #include "utest.h" /** @@ -34,14 +34,15 @@ UTEST(TC_PROCESS, EXERCISE_IV) { uint8_t* ptr_enc_frame = NULL; // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); - crypto_key_t* ek_ring = cryptography_if->get_ek_ring(); + SaInterface sa_if = get_sa_interface_inmemory(); + crypto_key_t* ekp = NULL; int status = 0; // NIST supplied vectors @@ -62,18 +63,17 @@ UTEST(TC_PROCESS, EXERCISE_IV) // Expose/setup SAs for testing SecurityAssociation_t* test_association; // Deactivate SA 1 - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; // Activate SA 9 - sadb_routine->sadb_get_sa_from_spi(9, &test_association); + sa_if->sa_get_from_spi(9, &test_association); test_association->sa_state = SA_OPERATIONAL; test_association->ecs_len = 1; - free(test_association->ecs); - test_association->ecs = calloc(1, test_association->ecs_len * sizeof(uint8_t)); - *test_association->ecs = CRYPTO_CIPHER_AES256_GCM; + test_association->ecs = CRYPTO_CIPHER_AES256_GCM; // Insert key into keyring of SA 9 hex_conversion(buffer_nist_key_h, (char**) &buffer_nist_key_b, &buffer_nist_key_len); - memcpy(ek_ring[test_association->ekid].value, buffer_nist_key_b, buffer_nist_key_len); + ekp = key_if->get_key(test_association->ekid); + memcpy(ekp->value, buffer_nist_key_b, buffer_nist_key_len); // Convert frames that will be processed hex_conversion(buffer_replay_h, (char**) &buffer_replay_b, &buffer_replay_len); @@ -88,28 +88,16 @@ UTEST(TC_PROCESS, EXERCISE_IV) printf(KGRN "Checking replay - using previous received IV...\n" RESET); status = Crypto_TC_ProcessSecurity(buffer_replay_b, &buffer_replay_len, tc_nist_processed_frame); ASSERT_EQ(CRYPTO_LIB_ERR_IV_OUTSIDE_WINDOW, status); - free(tc_nist_processed_frame->tc_sec_header.iv); - free(tc_nist_processed_frame->tc_sec_header.sn); - free(tc_nist_processed_frame->tc_sec_header.pad); - free(tc_nist_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? // Expect to fail on counter being too high printf(KGRN "Checking replay - using IV outside the window...\n" RESET); status = Crypto_TC_ProcessSecurity(buffer_outside_window_b, &buffer_outside_window_len, tc_nist_processed_frame); ASSERT_EQ(CRYPTO_LIB_ERR_IV_OUTSIDE_WINDOW, status); - free(tc_nist_processed_frame->tc_sec_header.iv); - free(tc_nist_processed_frame->tc_sec_header.sn); - free(tc_nist_processed_frame->tc_sec_header.pad); - free(tc_nist_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? // Expect success on valid IV printf(KGRN "Checking valid IV... should be able to receive it... \n" RESET); status = Crypto_TC_ProcessSecurity(buffer_good_iv_b, &buffer_good_iv_len, tc_nist_processed_frame); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - free(tc_nist_processed_frame->tc_sec_header.iv); - free(tc_nist_processed_frame->tc_sec_header.sn); - free(tc_nist_processed_frame->tc_sec_header.pad); - free(tc_nist_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? // Expect success on valid IV within window, but has a gap printf(KGRN "Checking valid IV within window... should be able to receive it... \n" RESET); @@ -134,10 +122,6 @@ UTEST(TC_PROCESS, EXERCISE_IV) free(ptr_enc_frame); free(buffer_nist_iv_b); free(buffer_nist_key_b); - free(tc_nist_processed_frame->tc_sec_header.iv); - free(tc_nist_processed_frame->tc_sec_header.sn); - free(tc_nist_processed_frame->tc_sec_header.pad); - free(tc_nist_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? free(tc_nist_processed_frame); } @@ -149,14 +133,15 @@ UTEST(TC_PROCESS, EXERCISE_ARSN) { uint8_t* ptr_enc_frame = NULL; // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); - crypto_key_t* ek_ring = cryptography_if->get_ek_ring(); + SaInterface sa_if = get_sa_interface_inmemory(); + crypto_key_t* akp = NULL; int status = 0; // NIST supplied vectors @@ -178,21 +163,16 @@ UTEST(TC_PROCESS, EXERCISE_ARSN) // Expose/setup SAs for testing SecurityAssociation_t* test_association; // Deactivate SA 1 - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; // Activate SA 9 - sadb_routine->sadb_get_sa_from_spi(9, &test_association); + sa_if->sa_get_from_spi(9, &test_association); test_association->sa_state = SA_OPERATIONAL; - sadb_routine->sadb_get_sa_from_spi(9, &test_association); - free(test_association->ecs); + sa_if->sa_get_from_spi(9, &test_association); test_association->ecs_len = 1; - free(test_association->ecs); - test_association->ecs = calloc(1, test_association->ecs_len * sizeof(uint8_t)); - *test_association->ecs = CRYPTO_CIPHER_NONE; - free(test_association->acs); + test_association->ecs = CRYPTO_CIPHER_NONE; test_association->acs_len = 1; - test_association->acs = calloc(1, test_association->acs_len * sizeof(uint8_t)); - *test_association->acs = CRYPTO_MAC_CMAC_AES256; + test_association->acs = CRYPTO_MAC_CMAC_AES256; test_association->est = 0; test_association->ast = 1; test_association->shivf_len = 0; @@ -204,12 +184,11 @@ UTEST(TC_PROCESS, EXERCISE_ARSN) test_association->akid = 136; test_association->ekid = 0; // memset(test_association->abm, 0x00, (test_association->abm_len * sizeof(uint8_t))); - free(test_association->abm); - test_association->abm = calloc(1, test_association->abm_len * sizeof(uint8_t)); test_association->stmacf_len = 16; // Insert key into keyring of SA 9 hex_conversion(buffer_nist_key_h, (char**) &buffer_nist_key_b, &buffer_nist_key_len); - memcpy(ek_ring[test_association->akid].value, buffer_nist_key_b, buffer_nist_key_len); + akp = key_if->get_key(test_association->akid); + memcpy(akp->value, buffer_nist_key_b, buffer_nist_key_len); // Convert frames that will be processed hex_conversion(buffer_replay_h, (char**) &buffer_replay_b, &buffer_replay_len); hex_conversion(buffer_outside_window_h, (char**) &buffer_outside_window_b, &buffer_outside_window_len); @@ -217,34 +196,20 @@ UTEST(TC_PROCESS, EXERCISE_ARSN) hex_conversion(buffer_good_arsn_with_gap_h, (char**) &buffer_good_arsn_with_gap_b, &buffer_good_arsn_with_gap_len); // Convert/Set input ARSN hex_conversion(buffer_arsn_h, (char**) &buffer_arsn_b, &buffer_arsn_len); - free(test_association->arsn); - test_association->arsn = calloc(1, test_association->arsn_len); memcpy(test_association->arsn, buffer_arsn_b, buffer_arsn_len); // Expect to fail on replay printf(KGRN "Checking replay - using previous received ARSN...\n" RESET); status = Crypto_TC_ProcessSecurity(buffer_replay_b, &buffer_replay_len, tc_nist_processed_frame); ASSERT_EQ(CRYPTO_LIB_ERR_ARSN_OUTSIDE_WINDOW, status); - free(tc_nist_processed_frame->tc_sec_header.iv); - free(tc_nist_processed_frame->tc_sec_header.sn); - free(tc_nist_processed_frame->tc_sec_header.pad); - free(tc_nist_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? // Expect to fail on counter being too high printf(KGRN "Checking replay - using ARSN outside the window...\n" RESET); status = Crypto_TC_ProcessSecurity(buffer_outside_window_b, &buffer_outside_window_len, tc_nist_processed_frame); ASSERT_EQ(CRYPTO_LIB_ERR_ARSN_OUTSIDE_WINDOW, status); - free(tc_nist_processed_frame->tc_sec_header.iv); - free(tc_nist_processed_frame->tc_sec_header.sn); - free(tc_nist_processed_frame->tc_sec_header.pad); - free(tc_nist_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? // Expect success on valid ARSN printf(KGRN "Checking next valid ARSN... should be able to receive it... \n" RESET); status = Crypto_TC_ProcessSecurity(buffer_good_arsn_b, &buffer_good_arsn_len, tc_nist_processed_frame); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - free(tc_nist_processed_frame->tc_sec_header.iv); - free(tc_nist_processed_frame->tc_sec_header.sn); - free(tc_nist_processed_frame->tc_sec_header.pad); - free(tc_nist_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? // Expect success on valid ARSN within window, but has a gap printf(KGRN "Checking valid ARSN within window... should be able to receive it... \n" RESET); @@ -262,10 +227,6 @@ UTEST(TC_PROCESS, EXERCISE_ARSN) } printf("\n"); Crypto_Shutdown(); - free(tc_nist_processed_frame->tc_sec_header.iv); - free(tc_nist_processed_frame->tc_sec_header.sn); - free(tc_nist_processed_frame->tc_sec_header.pad); - free(tc_nist_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? free(tc_nist_processed_frame); free(ptr_enc_frame); free(buffer_nist_key_b); @@ -279,13 +240,14 @@ UTEST(TC_PROCESS, EXERCISE_ARSN) UTEST(TC_PROCESS, HAPPY_PATH_PROCESS_STATIC_IV_ROLLOVER) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_FALSE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); char* dec_test_fe_h = "2003002D00000004FFFFFFFFFFFE610B082EA91C8AA93F08EAA642EA3189128D87159B2354AA753248F050022FD9"; @@ -305,29 +267,24 @@ UTEST(TC_PROCESS, HAPPY_PATH_PROCESS_STATIC_IV_ROLLOVER) int32_t return_val = -1; - TC_t* tc_sdls_processed_frame; - tc_sdls_processed_frame = malloc(sizeof(uint8_t) * TC_SIZE); - memset(tc_sdls_processed_frame, 0, (sizeof(uint8_t) * TC_SIZE)); + TC_t tc_sdls_processed_frame; + memset(&tc_sdls_processed_frame, 0, (sizeof(uint8_t) * TC_SIZE)); // Default SA // Expose SA 1 for testing - sadb_routine->sadb_get_sa_from_spi(1, &test_association); - //free(test_association->ecs); + sa_if->sa_get_from_spi(1, &test_association); test_association->ecs_len = 1; - test_association->ecs = calloc(1, test_association->ecs_len * sizeof(uint8_t)); - *test_association->ecs = CRYPTO_CIPHER_NONE; + test_association->ecs = CRYPTO_CIPHER_NONE; // Deactive SA 1 test_association->sa_state = SA_NONE; // Expose SA 4 for testing - sadb_routine->sadb_get_sa_from_spi(4, &test_association); + sa_if->sa_get_from_spi(4, &test_association); test_association->arsn_len = 0; test_association->gvcid_blk.vcid = 0; test_association->shivf_len = 6; test_association->iv_len = 12; - free(test_association->iv); - test_association->iv = calloc(1, test_association->iv_len * sizeof(uint8_t)); // IV = "000000000000FFFFFFFFFFFE" test_association->iv[0] = 0x00; test_association->iv[1] = 0x00; @@ -344,58 +301,42 @@ UTEST(TC_PROCESS, HAPPY_PATH_PROCESS_STATIC_IV_ROLLOVER) test_association->ast = 1; test_association->est = 1; test_association->sa_state = SA_OPERATIONAL; - free(test_association->ecs); - test_association->ecs = calloc(1, test_association->ecs_len * sizeof(uint8_t)); - *test_association->ecs = CRYPTO_CIPHER_AES256_GCM; + test_association->ecs = CRYPTO_CIPHER_AES256_GCM; Crypto_saPrint(test_association); - return_val = Crypto_TC_ProcessSecurity(dec_test_fe_b, &dec_test_fe_len, tc_sdls_processed_frame); + return_val = Crypto_TC_ProcessSecurity(dec_test_fe_b, &dec_test_fe_len, &tc_sdls_processed_frame); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); ASSERT_EQ(test_association->iv[11],0xFE); - free(tc_sdls_processed_frame->tc_sec_header.iv); - free(tc_sdls_processed_frame->tc_sec_header.sn); - free(tc_sdls_processed_frame->tc_sec_header.pad); - free(tc_sdls_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? - return_val = Crypto_TC_ProcessSecurity(dec_test_ff_b, &dec_test_ff_len, tc_sdls_processed_frame); + + return_val = Crypto_TC_ProcessSecurity(dec_test_ff_b, &dec_test_ff_len, &tc_sdls_processed_frame); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); ASSERT_EQ(test_association->iv[11],0xFF); - free(tc_sdls_processed_frame->tc_sec_header.iv); - free(tc_sdls_processed_frame->tc_sec_header.sn); - free(tc_sdls_processed_frame->tc_sec_header.pad); - free(tc_sdls_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? - return_val = Crypto_TC_ProcessSecurity(dec_test_00_b, &dec_test_00_len, tc_sdls_processed_frame); + + return_val = Crypto_TC_ProcessSecurity(dec_test_00_b, &dec_test_00_len, &tc_sdls_processed_frame); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); for(int i=0; i < test_association->iv_len; i++) { ASSERT_EQ(test_association->iv[i],0x00); } - Crypto_saPrint(test_association); Crypto_Shutdown(); - free(dec_test_fe_b); free(dec_test_ff_b); - free(dec_test_00_b); - - free(tc_sdls_processed_frame->tc_sec_header.iv); - free(tc_sdls_processed_frame->tc_sec_header.sn); - free(tc_sdls_processed_frame->tc_sec_header.pad); - free(tc_sdls_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? - free(tc_sdls_processed_frame); - + free(dec_test_00_b); } UTEST(TC_PROCESS, HAPPY_PATH_PROCESS_NONTRANSMITTED_INCREMENTING_IV_ROLLOVER) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); char* dec_test_fe_h = "2003002D00000004FFFFFFFFFFFE610B082EA91C8AA93F08EAA642EA3189128D87159B2354AA753248F050022FD9"; @@ -421,23 +362,19 @@ UTEST(TC_PROCESS, HAPPY_PATH_PROCESS_NONTRANSMITTED_INCREMENTING_IV_ROLLOVER) // Default SA // Expose SA 1 for testing - sadb_routine->sadb_get_sa_from_spi(1, &test_association); - free(test_association->ecs); + sa_if->sa_get_from_spi(1, &test_association); test_association->ecs_len = 1; - test_association->ecs = calloc(1, test_association->ecs_len * sizeof(uint8_t)); - *test_association->ecs = CRYPTO_CIPHER_NONE; + test_association->ecs = CRYPTO_CIPHER_NONE; // Deactive SA 1 test_association->sa_state = SA_NONE; // Expose SA 4 for testing - sadb_routine->sadb_get_sa_from_spi(4, &test_association); + sa_if->sa_get_from_spi(4, &test_association); test_association->arsn_len = 0; test_association->gvcid_blk.vcid = 0; test_association->shivf_len = 6; test_association->iv_len = 12; - free(test_association->iv); - test_association->iv = calloc(1, test_association->iv_len * sizeof(uint8_t)); // IV = "000000000000FFFFFFFFFFFE" test_association->iv[0] = 0x00; test_association->iv[1] = 0x00; @@ -454,25 +391,15 @@ UTEST(TC_PROCESS, HAPPY_PATH_PROCESS_NONTRANSMITTED_INCREMENTING_IV_ROLLOVER) test_association->ast = 1; test_association->est = 1; test_association->sa_state = SA_OPERATIONAL; - free(test_association->ecs); - test_association->ecs = calloc(1, test_association->ecs_len * sizeof(uint8_t)); - *test_association->ecs = CRYPTO_CIPHER_AES256_GCM; + test_association->ecs = CRYPTO_CIPHER_AES256_GCM; Crypto_saPrint(test_association); return_val = Crypto_TC_ProcessSecurity(dec_test_fe_b, &dec_test_fe_len, tc_sdls_processed_frame); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); ASSERT_EQ(test_association->iv[11],0xFE); - free(tc_sdls_processed_frame->tc_sec_header.iv); - free(tc_sdls_processed_frame->tc_sec_header.sn); - free(tc_sdls_processed_frame->tc_sec_header.pad); - free(tc_sdls_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? return_val = Crypto_TC_ProcessSecurity(dec_test_ff_b, &dec_test_ff_len, tc_sdls_processed_frame); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); ASSERT_EQ(test_association->iv[11],0xFF); - free(tc_sdls_processed_frame->tc_sec_header.iv); - free(tc_sdls_processed_frame->tc_sec_header.sn); - free(tc_sdls_processed_frame->tc_sec_header.pad); - free(tc_sdls_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? // test_association->iv[5] = 0x01; return_val = Crypto_TC_ProcessSecurity(dec_test_00_b, &dec_test_00_len, tc_sdls_processed_frame); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); @@ -496,24 +423,21 @@ UTEST(TC_PROCESS, HAPPY_PATH_PROCESS_NONTRANSMITTED_INCREMENTING_IV_ROLLOVER) free(dec_test_fe_b); free(dec_test_ff_b); free(dec_test_00_b); - free(tc_sdls_processed_frame->tc_sec_header.iv); - free(tc_sdls_processed_frame->tc_sec_header.sn); - free(tc_sdls_processed_frame->tc_sec_header.pad); - free(tc_sdls_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? free(tc_sdls_processed_frame); } UTEST(TC_PROCESS, HAPPY_PATH_PROCESS_NONTRANSMITTED_INCREMENTING_ARSN_ROLLOVER) { // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_FALSE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); char* dec_test_fe_h = "2003002900000004FFFE80D2C70008197F0B00310000B1FE7F97816F523951BAF0445DB078B502760741"; @@ -533,39 +457,31 @@ UTEST(TC_PROCESS, HAPPY_PATH_PROCESS_NONTRANSMITTED_INCREMENTING_ARSN_ROLLOVER) int32_t return_val = -1; - TC_t* tc_sdls_processed_frame; - tc_sdls_processed_frame = malloc(sizeof(uint8_t) * TC_SIZE); - memset(tc_sdls_processed_frame, 0, (sizeof(uint8_t) * TC_SIZE)); + TC_t tc_sdls_processed_frame; + memset(&tc_sdls_processed_frame, 0, (sizeof(uint8_t) * TC_SIZE)); // Default SA // Expose SA 1 for testing - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->ecs_len = 1; - test_association->ecs = calloc(1, test_association->ecs_len * sizeof(uint8_t)); - *test_association->ecs = CRYPTO_CIPHER_NONE; + test_association->ecs = CRYPTO_CIPHER_NONE; // Deactive SA 1 test_association->sa_state = SA_NONE; // Expose SA 4 for testing - sadb_routine->sadb_get_sa_from_spi(4, &test_association); + sa_if->sa_get_from_spi(4, &test_association); test_association->sa_state = SA_OPERATIONAL; test_association->shivf_len = 0; test_association->iv_len = 0; test_association->est=0; test_association->ast=1; test_association->ecs_len=1; - free(test_association->ecs); - test_association->ecs = calloc(1, test_association->ecs_len * sizeof(uint8_t)); - *test_association->ecs = CRYPTO_CIPHER_NONE; + test_association->ecs = CRYPTO_CIPHER_NONE; test_association->acs_len=1; - free(test_association->acs); - test_association->acs = calloc(1, test_association->acs_len * sizeof(uint8_t)); - *test_association->acs = CRYPTO_MAC_CMAC_AES256; + test_association->acs = CRYPTO_MAC_CMAC_AES256; test_association->arsn_len = 3; test_association->shsnf_len = 2; - free(test_association->arsn); - test_association->arsn = calloc(1,test_association->arsn_len); // ARSN = "05FFFD" test_association->arsn[0] = 0x05; test_association->arsn[1] = 0xFF; @@ -575,22 +491,16 @@ UTEST(TC_PROCESS, HAPPY_PATH_PROCESS_NONTRANSMITTED_INCREMENTING_ARSN_ROLLOVER) test_association->akid = 130; Crypto_saPrint(test_association); - return_val = Crypto_TC_ProcessSecurity(dec_test_fe_b, &dec_test_fe_len, tc_sdls_processed_frame); + return_val = Crypto_TC_ProcessSecurity(dec_test_fe_b, &dec_test_fe_len, &tc_sdls_processed_frame); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); ASSERT_EQ(test_association->arsn[2],0xFE); - free(tc_sdls_processed_frame->tc_sec_header.iv); - free(tc_sdls_processed_frame->tc_sec_header.sn); - free(tc_sdls_processed_frame->tc_sec_header.pad); - free(tc_sdls_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? - return_val = Crypto_TC_ProcessSecurity(dec_test_ff_b, &dec_test_ff_len, tc_sdls_processed_frame); + + return_val = Crypto_TC_ProcessSecurity(dec_test_ff_b, &dec_test_ff_len, &tc_sdls_processed_frame); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); ASSERT_EQ(test_association->arsn[2],0xFF); - free(tc_sdls_processed_frame->tc_sec_header.iv); - free(tc_sdls_processed_frame->tc_sec_header.sn); - free(tc_sdls_processed_frame->tc_sec_header.pad); - free(tc_sdls_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? + // test_association->iv[5] = 0x01; - return_val = Crypto_TC_ProcessSecurity(dec_test_00_b, &dec_test_00_len, tc_sdls_processed_frame); + return_val = Crypto_TC_ProcessSecurity(dec_test_00_b, &dec_test_00_len, &tc_sdls_processed_frame); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); ASSERT_EQ(test_association->arsn[0] ,0x06); ASSERT_EQ(test_association->arsn[1] ,0x00); @@ -603,21 +513,17 @@ UTEST(TC_PROCESS, HAPPY_PATH_PROCESS_NONTRANSMITTED_INCREMENTING_ARSN_ROLLOVER) free(dec_test_fe_b); free(dec_test_ff_b); free(dec_test_00_b); - free(tc_sdls_processed_frame->tc_sec_header.iv); - free(tc_sdls_processed_frame->tc_sec_header.sn); - free(tc_sdls_processed_frame->tc_sec_header.pad); - free(tc_sdls_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? - free(tc_sdls_processed_frame); } UTEST(TC_PROCESS, ERROR_TC_INPUT_FRAME_TOO_SHORT_FOR_SPEC) { int32_t status = CRYPTO_LIB_SUCCESS; // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 4); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 4, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); @@ -632,7 +538,7 @@ UTEST(TC_PROCESS, ERROR_TC_INPUT_FRAME_TOO_SHORT_FOR_SPEC) // Expose/setup SAs for testing SecurityAssociation_t* test_association; - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->arsn_len = 0; test_association->shsnf_len = 0; @@ -643,10 +549,6 @@ UTEST(TC_PROCESS, ERROR_TC_INPUT_FRAME_TOO_SHORT_FOR_SPEC) ASSERT_EQ(CRYPTO_LIB_ERR_INPUT_FRAME_TOO_SHORT_FOR_TC_STANDARD, status); Crypto_Shutdown(); - free(tc_sdls_processed_frame->tc_sec_header.iv); - free(tc_sdls_processed_frame->tc_sec_header.sn); - free(tc_sdls_processed_frame->tc_sec_header.pad); - free(tc_sdls_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? free(tc_sdls_processed_frame); free(test_frame_pt_b); } @@ -655,10 +557,11 @@ UTEST(TC_PROCESS, ERROR_TC_INPUT_FRAME_TOO_SHORT_FOR_SPECIFIED_FRAME_LENGTH_HEAD { int32_t status = CRYPTO_LIB_SUCCESS; // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 4); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 4, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); @@ -672,7 +575,7 @@ UTEST(TC_PROCESS, ERROR_TC_INPUT_FRAME_TOO_SHORT_FOR_SPECIFIED_FRAME_LENGTH_HEAD // Expose/setup SAs for testing SecurityAssociation_t* test_association; - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->arsn_len = 0; test_association->shsnf_len = 0; @@ -684,21 +587,18 @@ UTEST(TC_PROCESS, ERROR_TC_INPUT_FRAME_TOO_SHORT_FOR_SPECIFIED_FRAME_LENGTH_HEAD Crypto_Shutdown(); free(test_frame_pt_b); - free(tc_sdls_processed_frame->tc_sec_header.iv); - free(tc_sdls_processed_frame->tc_sec_header.sn); - free(tc_sdls_processed_frame->tc_sec_header.pad); - free(tc_sdls_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? free(tc_sdls_processed_frame); } UTEST(TC_PROCESS, HAPPY_PATH_DECRYPT_CBC) { int32_t status = CRYPTO_LIB_SUCCESS; - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); @@ -713,7 +613,7 @@ UTEST(TC_PROCESS, HAPPY_PATH_DECRYPT_CBC) // Expose/setup SAs for testing SecurityAssociation_t* test_association; - sadb_routine->sadb_get_sa_from_spi(11, &test_association); + sa_if->sa_get_from_spi(11, &test_association); test_association->arsn_len = 0; test_association->shsnf_len = 0; test_association->ast = 0; @@ -739,10 +639,6 @@ UTEST(TC_PROCESS, HAPPY_PATH_DECRYPT_CBC) //printf("\n"); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - free(tc_sdls_processed_frame->tc_sec_header.iv); - free(tc_sdls_processed_frame->tc_sec_header.sn); - free(tc_sdls_processed_frame->tc_sec_header.pad); - free(tc_sdls_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? free(tc_sdls_processed_frame); free(test_frame_pt_b); free(truth_data_b); @@ -755,14 +651,15 @@ UTEST(TC_PROCESS, HAPPY_PATH_DECRYPT_CBC) **/ UTEST(TC_PROCESS, DECRYPT_CBC_1B) { - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); @@ -777,7 +674,7 @@ UTEST(TC_PROCESS, DECRYPT_CBC_1B) // Expose/setup SAs for testing SecurityAssociation_t* test_association; - sadb_routine->sadb_get_sa_from_spi(11, &test_association); + sa_if->sa_get_from_spi(11, &test_association); test_association->arsn_len = 0; test_association->shsnf_len = 0; test_association->ast = 0; @@ -804,10 +701,6 @@ UTEST(TC_PROCESS, DECRYPT_CBC_1B) ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); free(test_frame_pt_b); - free(tc_sdls_processed_frame->tc_sec_header.iv); - free(tc_sdls_processed_frame->tc_sec_header.sn); - free(tc_sdls_processed_frame->tc_sec_header.pad); - free(tc_sdls_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? free(tc_sdls_processed_frame); free(truth_data_b); Crypto_Shutdown(); @@ -818,13 +711,14 @@ UTEST(TC_PROCESS, DECRYPT_CBC_1B) **/ UTEST(TC_PROCESS, DECRYPT_CBC_16B) { - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); @@ -839,7 +733,7 @@ UTEST(TC_PROCESS, DECRYPT_CBC_16B) // Expose/setup SAs for testing SecurityAssociation_t* test_association; - sadb_routine->sadb_get_sa_from_spi(11, &test_association); + sa_if->sa_get_from_spi(11, &test_association); test_association->arsn_len = 0; test_association->shsnf_len = 0; test_association->ast = 0; @@ -866,10 +760,6 @@ UTEST(TC_PROCESS, DECRYPT_CBC_16B) ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); free(test_frame_pt_b); - free(tc_sdls_processed_frame->tc_sec_header.iv); - free(tc_sdls_processed_frame->tc_sec_header.sn); - free(tc_sdls_processed_frame->tc_sec_header.pad); - free(tc_sdls_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? free(tc_sdls_processed_frame); free(truth_data_b); Crypto_Shutdown(); @@ -883,14 +773,15 @@ UTEST(TC_PROCESS, GCM_IV_AND_ARSN) { uint8_t* ptr_enc_frame = NULL; // Setup & Initialize CryptoLib - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_FALSE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_NO_FECF, TC_HAS_SEGMENT_HDRS, 1024); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_NO_FECF, TC_HAS_SEGMENT_HDRS, 1024); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_NO_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_NO_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Init(); - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); - crypto_key_t* ek_ring = cryptography_if->get_ek_ring(); + SaInterface sa_if = get_sa_interface_inmemory(); + crypto_key_t* ekp = NULL; int status = 0; // NIST supplied vectors @@ -923,21 +814,20 @@ UTEST(TC_PROCESS, GCM_IV_AND_ARSN) // Expose/setup SAs for testing SecurityAssociation_t* test_association; // Deactivate SA 1 - sadb_routine->sadb_get_sa_from_spi(1, &test_association); + sa_if->sa_get_from_spi(1, &test_association); test_association->sa_state = SA_NONE; // Activate SA 9 - sadb_routine->sadb_get_sa_from_spi(9, &test_association); + sa_if->sa_get_from_spi(9, &test_association); test_association->sa_state = SA_OPERATIONAL; test_association->ecs_len = 1; - free(test_association->ecs); - test_association->ecs = calloc(1, test_association->ecs_len * sizeof(uint8_t)); - *test_association->ecs = CRYPTO_CIPHER_AES256_GCM; + test_association->ecs = CRYPTO_CIPHER_AES256_GCM; test_association->shsnf_len = 2; test_association->arsn_len = 2; test_association->arsnw = 5; // Insert key into keyring of SA 9 hex_conversion(buffer_nist_key_h, (char**) &buffer_nist_key_b, &buffer_nist_key_len); - memcpy(ek_ring[test_association->ekid].value, buffer_nist_key_b, buffer_nist_key_len); + ekp = key_if->get_key(test_association->ekid); + memcpy(ekp->value, buffer_nist_key_b, buffer_nist_key_len); // Convert frames that will be processed hex_conversion(buffer_replay_h, (char**) &buffer_replay_b, &buffer_replay_len); @@ -955,18 +845,12 @@ UTEST(TC_PROCESS, GCM_IV_AND_ARSN) memcpy(test_association->iv, buffer_nist_iv_b, buffer_nist_iv_len); // Convert/Set input ARSN hex_conversion(buffer_arsn_h, (char**) &buffer_arsn_b, &buffer_arsn_len); - free(test_association->arsn); - test_association->arsn = calloc(1, test_association->arsn_len); memcpy(test_association->arsn, buffer_arsn_b, buffer_arsn_len); // Expect to fail on ARSN (Bad IV, bad ARSN) printf(KGRN "Checking replay - using previous received ARSN and previous IV...\n" RESET); status = Crypto_TC_ProcessSecurity(buffer_bad_iv_bad_arsn_b, &buffer_bad_iv_bad_arsn_len, tc_nist_processed_frame); ASSERT_EQ(CRYPTO_LIB_ERR_ARSN_OUTSIDE_WINDOW, status); - free(tc_nist_processed_frame->tc_sec_header.iv); - free(tc_nist_processed_frame->tc_sec_header.sn); - free(tc_nist_processed_frame->tc_sec_header.pad); - free(tc_nist_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? // Expect to fail on ARSN (Good IV, bad ARSN) printf(KGRN "Checking replay - using previous received ARSN...\n" RESET); @@ -977,10 +861,6 @@ UTEST(TC_PROCESS, GCM_IV_AND_ARSN) { ASSERT_EQ(test_association->iv[i], buffer_nist_iv_b[i]); } - free(tc_nist_processed_frame->tc_sec_header.iv); - free(tc_nist_processed_frame->tc_sec_header.sn); - free(tc_nist_processed_frame->tc_sec_header.pad); - free(tc_nist_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? // Expect to fail on IV (Bad IV, Good ARSN) printf(KGRN "Checking replay - using previous received IV...\n" RESET); @@ -991,30 +871,18 @@ UTEST(TC_PROCESS, GCM_IV_AND_ARSN) { ASSERT_EQ(test_association->arsn[i], buffer_arsn_b[i]); } - free(tc_nist_processed_frame->tc_sec_header.iv); - free(tc_nist_processed_frame->tc_sec_header.sn); - free(tc_nist_processed_frame->tc_sec_header.pad); - free(tc_nist_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? // Expect to fail on IV counter being too high // Check w/ Mike printf(KGRN "Checking replay - using IV outside (above) the window...\n" RESET); status = Crypto_TC_ProcessSecurity(buffer_high_iv_good_arsn_b, &buffer_high_iv_good_arsn_len, tc_nist_processed_frame); ASSERT_EQ(CRYPTO_LIB_ERR_IV_OUTSIDE_WINDOW, status); - free(tc_nist_processed_frame->tc_sec_header.iv); - free(tc_nist_processed_frame->tc_sec_header.sn); - free(tc_nist_processed_frame->tc_sec_header.pad); - free(tc_nist_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? // Expect to fail on ARSN counter being too high // Check w/ Mike printf(KGRN "Checking replay - using ARSN outside (above) the window...\n" RESET); status = Crypto_TC_ProcessSecurity(buffer_good_iv_high_arsn_b, &buffer_good_iv_high_arsn_len, tc_nist_processed_frame); ASSERT_EQ(CRYPTO_LIB_ERR_ARSN_OUTSIDE_WINDOW, status); - free(tc_nist_processed_frame->tc_sec_header.iv); - free(tc_nist_processed_frame->tc_sec_header.sn); - free(tc_nist_processed_frame->tc_sec_header.pad); - free(tc_nist_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? // Expect success on next valid IV && ARSN printf(KGRN "Checking next valid IV && valid ARSN... should be able to receive it... \n" RESET); @@ -1025,19 +893,10 @@ UTEST(TC_PROCESS, GCM_IV_AND_ARSN) // Verify ARSN LSB incremented ASSERT_EQ(test_association->arsn[test_association->arsn_len-1], 0x24); - free(tc_nist_processed_frame->tc_sec_header.iv); - free(tc_nist_processed_frame->tc_sec_header.sn); - free(tc_nist_processed_frame->tc_sec_header.pad); - free(tc_nist_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? - // Expect success on valid IV and ARSNs within window, but have a gap printf(KGRN "Checking valid IV and ARSN within window... should be able to receive it... \n" RESET); status = Crypto_TC_ProcessSecurity(buffer_good_iv_gap_good_arsn_gap_b, &buffer_good_iv_gap_good_arsn_gap_len, tc_nist_processed_frame); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - free(tc_nist_processed_frame->tc_sec_header.iv); - free(tc_nist_processed_frame->tc_sec_header.sn); - free(tc_nist_processed_frame->tc_sec_header.pad); - free(tc_nist_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? // Validate that the SA IV is updated to the most recently received IV // IV length in this testing is 12 bytes diff --git a/util/src_util/ut_tm_apply.c b/test/unit/ut_tm_apply.c similarity index 69% rename from util/src_util/ut_tm_apply.c rename to test/unit/ut_tm_apply.c index cc5b3254..7dfe0321 100644 --- a/util/src_util/ut_tm_apply.c +++ b/test/unit/ut_tm_apply.c @@ -22,7 +22,7 @@ #include "ut_tm_apply.h" #include "crypto.h" #include "crypto_error.h" -#include "sadb_routine.h" +#include "sa_interface.h" #include "utest.h" /** @@ -34,7 +34,6 @@ UTEST(TM_APPLY_SECURITY, NO_CRYPTO_INIT) { // Local variables int32_t status = CRYPTO_LIB_ERROR; - SecurityAssociation_t sa; // No Crypto_Init(), but we still Configure It; char* framed_tm_h = "02C000001800000C08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB415B"; @@ -43,32 +42,33 @@ UTEST(TM_APPLY_SECURITY, NO_CRYPTO_INIT) hex_conversion(framed_tm_h, &framed_tm_b, &framed_tm_len); - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, - TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_TRUE, - TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_HAS_SECONDARY_HDR , 1786); + status = Crypto_TM_ApplySecurity((uint8_t*)framed_tm_b); + ASSERT_EQ(CRYPTO_LIB_ERR_NO_CONFIG, status); - // Memcpy test frame into static TM - memcpy(&tm_frame, framed_tm_b, framed_tm_len); + char* error_enum = Crypto_Get_Error_Code_Enum_String(status); + ASSERT_STREQ("CRYPTO_LIB_ERR_NO_CONFIG",error_enum); + free(framed_tm_b); + Crypto_Shutdown(); +} - // Determine managed parameters by GVCID, which nominally happens in TO - // status = Crypto_Get_Managed_Parameters_For_Gvcid(((uint8_t)framed_tm_b[0] & 0xC0) >> 6, - // (((uint8_t)framed_tm_b[0] & 0x03) << 8) | (uint8_t)framed_tm_b[1], - // (((uint8_t)framed_tm_b[2] & 0xFC) >> 2), - // gvcid_managed_parameters, ¤t_managed_parameters); - // Determine security association by GVCID, which nominally happens in TO - // status = sadb_routine->sadb_get_operational_sa_from_gvcid(((uint8_t)framed_tm_b[0] & 0xC0) >> 6, - // (((uint8_t)framed_tm_b[0] & 0x03) << 8) | (uint8_t)framed_tm_b[1], - // (((uint8_t)framed_tm_b[2] & 0xFC) >> 2), map_id, &sa); +/** + * @brief Unit Test: Null buffer + * + * TM_ApplySecurity should reject functionality if passed a null buffer. + **/ +UTEST(TM_APPLY_SECURITY, NULL_BUFFER) +{ + // Local variables + int32_t status = CRYPTO_LIB_ERROR; - // Pass these references to ApplySecurity to avoid duplications of call in real setup onboard - // e.g. so TO doesn't make the call, and then it's doubled within ApplySecurity - //manager_parameters are a global, don't need passed - status = Crypto_TM_ApplySecurity(&sa); - ASSERT_EQ(CRYPTO_LIB_ERR_NO_INIT, status); + // No Crypto_Init(), but we still Configure It; + char* framed_tm_b = NULL; + + status = Crypto_TM_ApplySecurity((uint8_t*)framed_tm_b); + ASSERT_EQ(CRYPTO_LIB_ERR_NULL_BUFFER, status); char* error_enum = Crypto_Get_Error_Code_Enum_String(status); - ASSERT_STREQ("CRYPTO_LIB_ERR_NO_INIT",error_enum); + ASSERT_STREQ("CRYPTO_LIB_ERR_NULL_BUFFER",error_enum); free(framed_tm_b); Crypto_Shutdown(); } @@ -80,33 +80,25 @@ UTEST(TM_APPLY_SECURITY, NO_CONFIG) { // Local variables int32_t status = CRYPTO_LIB_ERROR; - SecurityAssociation_t sa; - // No Crypto_Init(), but we still Configure It; + // No Crypto_Init(), but we still Configure It: + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, + TM_CHECK_FECF_FALSE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + + char* framed_tm_h = "02C000001800000C08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB415B"; char* framed_tm_b = NULL; int framed_tm_len = 0; hex_conversion(framed_tm_h, &framed_tm_b, &framed_tm_len); - // Memcpy test frame into static TM - memcpy(&tm_frame, framed_tm_b, framed_tm_len); - // Bit math to give concise access to values already set in the static transfer frame tm_frame_pri_hdr.tfvn = ((uint8_t)framed_tm_b[0] & 0xC0) >> 6; tm_frame_pri_hdr.scid = (((uint16_t)framed_tm_b[0] & 0x3F) << 4) | (((uint16_t)framed_tm_b[1] & 0xF0) >> 4); tm_frame_pri_hdr.vcid = ((uint8_t)framed_tm_b[1] & 0x0E) >> 1; - // Determine managed parameters by GVCID, which nominally happens in TO - // status = Crypto_Get_Managed_Parameters_For_Gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, - // gvcid_managed_parameters, ¤t_managed_parameters); - // printf("STATUS is %d\n", status); - // Determine security association by GVCID, which nominally happens in TO - // status = sadb_routine->sadb_get_operational_sa_from_gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, map_id, &sa_ptr); - // printf("STATUS is %d\n", status); - // Pass these references to ApplySecurity to avoid duplications of call in real setup onboard - // e.g. so TO doesn't make the call, and then it's doubled within ApplySecurity - //manager_parameters are a global, don't need passed - status = Crypto_TM_ApplySecurity(&sa); + status = Crypto_TM_ApplySecurity((uint8_t*)framed_tm_b); ASSERT_EQ(CRYPTO_LIB_ERR_NO_CONFIG, status); char* error_enum = Crypto_Get_Error_Code_Enum_String(status); @@ -118,9 +110,9 @@ UTEST(TM_APPLY_SECURITY, NO_CONFIG) /** * @brief Unit Test: Nominal Case - * This should call apply_security on the static TM in memory + * This should call apply_security on the referenced TM, uses clear mode * and continue down the "happy Path", finally returning CRYPTO_LIB_SUCCESS - * The static TM in memory should be unchanged, except for filling in the SPI + * The static TM in memory should be unchanged, except for filling in the SPI and FECF **/ UTEST(TM_APPLY_SECURITY, HAPPY_PATH_CLEAR_FECF) { @@ -128,23 +120,26 @@ UTEST(TM_APPLY_SECURITY, HAPPY_PATH_CLEAR_FECF) Crypto_Init_TM_Unit_Test(); // Local Variables int32_t status = CRYPTO_LIB_SUCCESS; - SecurityAssociation_t *sa_ptr; - uint8_t map_id = TYPE_TM; // Not used in TM, but simplifies getting SA + SecurityAssociation_t* sa_ptr = NULL; // Test frame setup - char* framed_tm_h = "02C000001800000008010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB415B"; + char* framed_tm_h = "003000001800000008010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBFFFF"; char* framed_tm_b = NULL; int framed_tm_len = 0; hex_conversion(framed_tm_h, &framed_tm_b, &framed_tm_len); // Truth frame setup - char* truth_tm_h = "02C000001800000C08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB415B"; + char* truth_tm_h = "003000001800000C08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBE24E"; char* truth_tm_b = NULL; int truth_tm_len = 0; hex_conversion(truth_tm_h, &truth_tm_b, &truth_tm_len); - // Memcpy test frame into static TM - Make STATIC BLOCK size of standard max - memcpy(&tm_frame, framed_tm_b, framed_tm_len); + // Expose/setup SA for testing + // Configure SA 1 off, 12 operational + sa_if->sa_get_from_spi(1, &sa_ptr); + sa_ptr->sa_state = SA_KEYED; + sa_if->sa_get_from_spi(12, &sa_ptr); + sa_ptr->sa_state = SA_OPERATIONAL; // Bit math to give concise access to values already set in the static transfer frame tm_frame_pri_hdr.tfvn = ((uint8_t)framed_tm_b[0] & 0xC0) >> 6; @@ -154,20 +149,15 @@ UTEST(TM_APPLY_SECURITY, HAPPY_PATH_CLEAR_FECF) // Determine managed parameters by GVCID, which nominally happens in TO status = Crypto_Get_Managed_Parameters_For_Gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, gvcid_managed_parameters, ¤t_managed_parameters); - // Determine security association by GVCID, which nominally happens in TO - status = sadb_routine->sadb_get_operational_sa_from_gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, map_id, &sa_ptr); - // Pass these references to ApplySecurity to avoid duplications of call in real setup onboard - // e.g. so TO doesn't make the call, and then it's doubled within ApplySecurity - // managed_parameters are a global, don't need passed - status = Crypto_TM_ApplySecurity(sa_ptr); + status = Crypto_TM_ApplySecurity((uint8_t*)framed_tm_b); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); // Now, byte by byte verify the static frame in memory is equivalent to what we started with for(int i=0; i < current_managed_parameters->max_frame_size; i++) { - // printf("Checking %02x against %02X\n", tm_frame[i], (uint8_t)*(truth_tm_b + i)); - ASSERT_EQ(tm_frame[i], (uint8_t)*(truth_tm_b + i)); + // printf("Checking %02x against %02X\n", (uint8_t)framed_tm_b[i], (uint8_t)*(truth_tm_b + i)); + ASSERT_EQ((uint8_t)framed_tm_b[i], (uint8_t)*(truth_tm_b + i)); } Crypto_Shutdown(); @@ -177,7 +167,7 @@ UTEST(TM_APPLY_SECURITY, HAPPY_PATH_CLEAR_FECF) /** * @brief Unit Test: Nominal Case - * This should call apply_security on the static TM in memory + * This should call apply_security on the referenced TM * and continue down the "happy Path", finally returning CRYPTO_LIB_SUCCESS * The static TM in memory should be unchanged, except for filling in the SPI, * and the FECF should be left zero'ed out @@ -186,31 +176,35 @@ UTEST(TM_APPLY_SECURITY, HAPPY_PATH_CLEAR_FECF_LEFT_BLANK) { // Local Variables int32_t status = CRYPTO_LIB_SUCCESS; - SecurityAssociation_t *sa_ptr; - uint8_t map_id = TYPE_TM; // Not used in TM, but simplifies getting SA + SecurityAssociation_t* sa_ptr = NULL; // Setup & Initialize CryptoLib // Oddball setup that doesn't use TM_INIT to check FECF - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TM_CREATE_FECF_FALSE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, - TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_NO_FECF, TM_SEGMENT_HDRS_NA, 1786); + TM_CHECK_FECF_FALSE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); // Test frame setup - char* framed_tm_h = "02C000001800000008010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB415B"; + char* framed_tm_h = "003000001800000008010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBFFFF"; char* framed_tm_b = NULL; int framed_tm_len = 0; hex_conversion(framed_tm_h, &framed_tm_b, &framed_tm_len); // Truth frame setup - char* truth_tm_h = "02C000001800000C08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB415B"; + char* truth_tm_h = "003000001800000C08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB0000"; char* truth_tm_b = NULL; int truth_tm_len = 0; hex_conversion(truth_tm_h, &truth_tm_b, &truth_tm_len); - // Memcpy test frame into static TM - Make STATIC BLOCK size of standard max - memcpy(&tm_frame, framed_tm_b, framed_tm_len); + // Expose/setup SA for testing + // Configure SA 1 off, 12 operational + sa_if->sa_get_from_spi(1, &sa_ptr); + sa_ptr->sa_state = SA_KEYED; + sa_if->sa_get_from_spi(12, &sa_ptr); + sa_ptr->sa_state = SA_OPERATIONAL; // Bit math to give concise access to values already set in the static transfer frame tm_frame_pri_hdr.tfvn = ((uint8_t)framed_tm_b[0] & 0xC0) >> 6; @@ -220,20 +214,15 @@ UTEST(TM_APPLY_SECURITY, HAPPY_PATH_CLEAR_FECF_LEFT_BLANK) // Determine managed parameters by GVCID, which nominally happens in TO status = Crypto_Get_Managed_Parameters_For_Gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, gvcid_managed_parameters, ¤t_managed_parameters); - // Determine security association by GVCID, which nominally happens in TO - status = sadb_routine->sadb_get_operational_sa_from_gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, map_id, &sa_ptr); - // Pass these references to ApplySecurity to avoid duplications of call in real setup onboard - // e.g. so TO doesn't make the call, and then it's doubled within ApplySecurity - // managed_parameters are a global, don't need passed - status = Crypto_TM_ApplySecurity(sa_ptr); + status = Crypto_TM_ApplySecurity((uint8_t*)framed_tm_b); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); // Now, byte by byte verify the static frame in memory is equivalent to what we started with for(int i=0; i < current_managed_parameters->max_frame_size; i++) { - // printf("Checking %02x against %02X\n", tm_frame[i], (uint8_t)*(truth_tm_b + i)); - ASSERT_EQ(tm_frame[i], (uint8_t)*(truth_tm_b + i)); + // printf("Checking %02x against %02X\n", (uint8_t)framed_tm_b[i], (uint8_t)*(truth_tm_b + i)); + ASSERT_EQ((uint8_t)framed_tm_b[i], (uint8_t)*(truth_tm_b + i)); } Crypto_Shutdown(); @@ -243,21 +232,27 @@ UTEST(TM_APPLY_SECURITY, HAPPY_PATH_CLEAR_FECF_LEFT_BLANK) /** * @brief Unit Test: Presence of Secondary Header - * This should call apply_security on the static TM in memory, - * account for the secondary header, finally returning CRYPTO_LIB_SUCCESS - * The static TM in memory should be unchanged except for filling in the SPI + * This should call apply_security, account for the secondary header, + * finally returning CRYPTO_LIB_SUCCESS + * The TM inputshould be unchanged except for filling in the SPI + * This is configured to also keep the original FECF **/ UTEST(TM_APPLY_SECURITY, SECONDARY_HDR_PRESENT_PLAINTEXT) { - // Setup & Initialize CryptoLib - Crypto_Init_TM_Unit_Test(); // Local Variables int32_t status = CRYPTO_LIB_SUCCESS; - SecurityAssociation_t *sa_ptr; - uint8_t map_id = TYPE_TM; // Not used in TM, but simplifies getting SA + SecurityAssociation_t* sa_ptr = NULL; + + // Setup & Initialize CryptoLib + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TM_CREATE_FECF_FALSE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, + TM_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_NO_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + status = Crypto_Init(); // Test frame setup - char* framed_tm_h = "02C00000980006AABBCCDDEEFF000008010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAAD873"; + char* framed_tm_h = "02C00000980006AABBCCDDEEFF000008010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA6e76"; char* framed_tm_b = NULL; int framed_tm_len = 0; hex_conversion(framed_tm_h, &framed_tm_b, &framed_tm_len); @@ -268,8 +263,13 @@ UTEST(TM_APPLY_SECURITY, SECONDARY_HDR_PRESENT_PLAINTEXT) int truth_tm_len = 0; hex_conversion(truth_tm_h, &truth_tm_b, &truth_tm_len); - // Memcpy test frame into static TM - Make STATIC BLOCK size of standard max - memcpy(&tm_frame, framed_tm_b, framed_tm_len); + // Expose/setup SA for testing + // Configure SA 1 off, 12 operational + sa_if->sa_get_from_spi(1, &sa_ptr); + sa_ptr->sa_state = SA_KEYED; + sa_if->sa_get_from_spi(12, &sa_ptr); + sa_ptr->sa_state = SA_OPERATIONAL; + sa_ptr->gvcid_blk.scid = 44; // Bit math to give concise access to values already set in the static transfer frame tm_frame_pri_hdr.tfvn = ((uint8_t)framed_tm_b[0] & 0xC0) >> 6; @@ -279,20 +279,15 @@ UTEST(TM_APPLY_SECURITY, SECONDARY_HDR_PRESENT_PLAINTEXT) // Determine managed parameters by GVCID, which nominally happens in TO status = Crypto_Get_Managed_Parameters_For_Gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, gvcid_managed_parameters, ¤t_managed_parameters); - // Determine security association by GVCID, which nominally happens in TO - status = sadb_routine->sadb_get_operational_sa_from_gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, map_id, &sa_ptr); - // Pass these references to ApplySecurity to avoid duplications of call in real setup onboard - // e.g. so TO doesn't make the call, and then it's doubled within ApplySecurity - // managed_parameters are a global, don't need passed - status = Crypto_TM_ApplySecurity(sa_ptr); + status = Crypto_TM_ApplySecurity((uint8_t*)framed_tm_b); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); // Now, byte by byte verify the static frame in memory is equivalent to what we started with for(int i=0; i < current_managed_parameters->max_frame_size; i++) { - // printf("Checking %02x against %02X\n", tm_frame[i], (uint8_t)*(truth_tm_b + i)); - ASSERT_EQ(tm_frame[i], (uint8_t)*(truth_tm_b + i)); + // printf("Checking %02x against %02X\n", (uint8_t)framed_tm_b[i], (uint8_t)*(truth_tm_b + i)); + ASSERT_EQ((uint8_t)framed_tm_b[i], (uint8_t)*(truth_tm_b + i)); } Crypto_Shutdown(); @@ -302,9 +297,9 @@ UTEST(TM_APPLY_SECURITY, SECONDARY_HDR_PRESENT_PLAINTEXT) /** * @brief Unit Test: Presence of Secondary Header - * This should call apply_security on the static TM in memory, + * This should call apply_security on the referenced TM, * account for the secondary header, finally returning CRYPTO_LIB_SUCCESS - * The static TM in memory should be unchanged except for filling in the SPI and MAC + * The input TM should be unchanged EXCEPT: for filling in the SPI & MAC. * Bitmask of 1s **/ UTEST(TM_APPLY_SECURITY, SECONDARY_HDR_PRESENT_MAC) @@ -313,71 +308,62 @@ UTEST(TM_APPLY_SECURITY, SECONDARY_HDR_PRESENT_MAC) Crypto_Init_TM_Unit_Test(); // Local Variables int32_t status = CRYPTO_LIB_SUCCESS; - SecurityAssociation_t *sa_ptr; - uint8_t map_id = TYPE_TM; // Not used in TM, but simplifies getting SA + SecurityAssociation_t *sa_ptr = NULL; // Test frame setup - char* framed_tm_h = "02C00000980006AABBCCDDEEFF000008010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA00000000000000000000000000000000D761C"; + char* framed_tm_h = "02C00000980006AABBCCDDEEFF000008010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA00000000000000000000000000000000"; char* framed_tm_b = NULL; int framed_tm_len = 0; hex_conversion(framed_tm_h, &framed_tm_b, &framed_tm_len); - // Truth frame setup - char* truth_tm_h = "02C00000980006AABBCCDDEEFF000C08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA4d602e708cd244d1c3f6c4a333d1d22f808f"; + // Truth frame setup //MAC: 2DDFB9A5B0815E1EDFBCAB50EDCB7DF6 + char* truth_tm_h = "02C00000980006AABBCCDDEEFF000C08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA2ddfb9a5b0815e1edfbcab50edcb7df6"; char* truth_tm_b = NULL; int truth_tm_len = 0; hex_conversion(truth_tm_h, &truth_tm_b, &truth_tm_len); - // Memcpy test frame into static TM - Make STATIC BLOCK size of standard max - memcpy(&tm_frame, framed_tm_b, framed_tm_len); - // Bit math to give concise access to values already set in the static transfer frame tm_frame_pri_hdr.tfvn = ((uint8_t)framed_tm_b[0] & 0xC0) >> 6; tm_frame_pri_hdr.scid = (((uint16_t)framed_tm_b[0] & 0x3F) << 4) | (((uint16_t)framed_tm_b[1] & 0xF0) >> 4); tm_frame_pri_hdr.vcid = ((uint8_t)framed_tm_b[1] & 0x0E) >> 1; // Expose/setup SA for testing - // Configure SA 12 - sadb_routine->sadb_get_sa_from_spi(12, &sa_ptr); + // Configure SA 1 off, 12 operational + sa_if->sa_get_from_spi(1, &sa_ptr); + sa_ptr->sa_state = SA_KEYED; + sa_if->sa_get_from_spi(12, &sa_ptr); sa_ptr->ast = 1; sa_ptr->est = 0; sa_ptr->arsn_len = 0; sa_ptr->shivf_len = 0; sa_ptr->iv_len = 0; sa_ptr->shsnf_len = 0; - sa_ptr->arsn = 0; sa_ptr->arsn_len = 0; - sa_ptr->arsn = NULL; sa_ptr->abm_len = 1786; - sa_ptr->abm = (uint8_t* )calloc(1, sa_ptr->abm_len * sizeof(uint8_t)); memset(sa_ptr->abm, 0xFF, (sa_ptr->abm_len * sizeof(uint8_t))); // Bitmask sa_ptr->stmacf_len = 16; sa_ptr->sa_state = SA_OPERATIONAL; - sa_ptr->ecs = calloc(1, sa_ptr->ecs_len * sizeof(uint8_t)); - *sa_ptr->ecs = CRYPTO_CIPHER_NONE; - sa_ptr->acs = calloc(1, sa_ptr->acs_len * sizeof(uint8_t)); - *sa_ptr->acs = CRYPTO_MAC_CMAC_AES256; + sa_ptr->ecs = CRYPTO_CIPHER_NONE; + sa_ptr->ecs_len = 1; + sa_ptr->acs = CRYPTO_MAC_CMAC_AES256; + sa_ptr->acs_len = 1; sa_ptr->ekid = 0; sa_ptr->akid = 136; + sa_ptr->gvcid_blk.scid = 44; // Determine managed parameters by GVCID, which nominally happens in TO status = Crypto_Get_Managed_Parameters_For_Gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, gvcid_managed_parameters, ¤t_managed_parameters); - // Determine security association by GVCID, which nominally happens in TO - status = sadb_routine->sadb_get_operational_sa_from_gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, map_id, &sa_ptr); - // Pass these references to ApplySecurity to avoid duplications of call in real setup onboard - // e.g. so TO doesn't make the call, and then it's doubled within ApplySecurity - // managed_parameters are a global, don't need passed - status = Crypto_TM_ApplySecurity(sa_ptr); + status = Crypto_TM_ApplySecurity((uint8_t*)framed_tm_b); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); // Now, byte by byte verify the static frame in memory is equivalent to what we started with for(int i=0; i < current_managed_parameters->max_frame_size; i++) { - // printf("Checking %02x against %02X\n", tm_frame[i], (uint8_t)*(truth_tm_b + i)); - ASSERT_EQ(tm_frame[i], (uint8_t)*(truth_tm_b + i)); + // printf("Checking %02x against %02X\n", (uint8_t)framed_tm_b[i], (uint8_t)*(truth_tm_b + i)); + ASSERT_EQ((uint8_t)framed_tm_b[i], (uint8_t)*(truth_tm_b + i)); } Crypto_Shutdown(); @@ -393,17 +379,16 @@ UTEST(TM_APPLY_SECURITY, AES_CMAC_256_TEST_0) // Local Variables int32_t status = CRYPTO_LIB_SUCCESS; SecurityAssociation_t *sa_ptr = NULL; - // uint8_t map_id = TYPE_TM; // Not used in TM, but simplifies getting SA // Setup & Initialize CryptoLib - // Oddball setup that doesn't use TM_INIT to check FECF - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); // Test frame setup char* framed_tm_h = "02C000001800000008010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB00000000000000000000000000000000415B"; char* framed_tm_b = NULL; @@ -417,31 +402,29 @@ UTEST(TM_APPLY_SECURITY, AES_CMAC_256_TEST_0) int truth_tm_len = 0; hex_conversion(truth_tm_h, &truth_tm_b, &truth_tm_len); - // Memcpy test frame into static TM - Make STATIC BLOCK size of standard max - memcpy(&tm_frame, framed_tm_b, framed_tm_len); - // Expose/setup SA for testing - // Configure SA 12 - sadb_routine->sadb_get_sa_from_spi(12, &sa_ptr); + // Configure SA 1 off + sa_if->sa_get_from_spi(1, &sa_ptr); + sa_ptr->sa_state = SA_KEYED; + // Configure SA 12 + sa_if->sa_get_from_spi(12, &sa_ptr); + sa_ptr->sa_state = SA_OPERATIONAL; + sa_ptr->gvcid_blk.scid = 44; sa_ptr->ast = 1; sa_ptr->est = 0; sa_ptr->arsn_len = 0; sa_ptr->shivf_len = 0; sa_ptr->iv_len = 0; sa_ptr->shsnf_len = 0; - sa_ptr->arsn = 0; sa_ptr->arsn_len = 0; - sa_ptr->arsn = NULL; sa_ptr->abm_len = 1786; - sa_ptr->abm = (uint8_t* )calloc(1, sa_ptr->abm_len * sizeof(uint8_t)); memset(sa_ptr->abm, 0x00, (sa_ptr->abm_len * sizeof(uint8_t))); // Bitmask sa_ptr->stmacf_len = 16; - sa_ptr->sa_state = SA_OPERATIONAL; - sa_ptr->ecs = calloc(1, sa_ptr->ecs_len * sizeof(uint8_t)); - *sa_ptr->ecs = CRYPTO_CIPHER_NONE; - sa_ptr->acs = calloc(1, sa_ptr->acs_len * sizeof(uint8_t)); - *sa_ptr->acs = CRYPTO_MAC_CMAC_AES256; + sa_ptr->ecs = CRYPTO_CIPHER_NONE; + sa_ptr->acs = CRYPTO_MAC_CMAC_AES256; + sa_ptr->ecs_len = 1; + sa_ptr->acs_len = 1; sa_ptr->ekid = 0; sa_ptr->akid = 136; @@ -453,13 +436,8 @@ UTEST(TM_APPLY_SECURITY, AES_CMAC_256_TEST_0) // Determine managed parameters by GVCID, which nominally happens in TO status = Crypto_Get_Managed_Parameters_For_Gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, gvcid_managed_parameters, ¤t_managed_parameters); - // Determine security association by GVCID, which nominally happens in TO - // status = sadb_routine->sadb_get_operational_sa_from_gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, map_id, &sa_ptr); - // Pass these references to ApplySecurity to avoid duplications of call in real setup onboard - // e.g. so TO doesn't make the call, and then it's doubled within ApplySecurity - // managed_parameters are a global, don't need passed - status = Crypto_TM_ApplySecurity(sa_ptr); + status = Crypto_TM_ApplySecurity((uint8_t*)framed_tm_b); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); // Byte by byte verify: @@ -469,8 +447,8 @@ UTEST(TM_APPLY_SECURITY, AES_CMAC_256_TEST_0) // 4) FECF is re-calculated and updated for (int i = 0; i < current_managed_parameters->max_frame_size; i++) { - // printf("Index %d: Checking %02x against %02X\n", i, tm_frame[i], (uint8_t)*(truth_tm_b + i)); - ASSERT_EQ(tm_frame[i], (uint8_t)*(truth_tm_b + i)); + // printf("Index %d: Checking %02x against %02X\n", i, (uint8_t)framed_tm_b[i], (uint8_t)*(truth_tm_b + i)); + ASSERT_EQ((uint8_t)framed_tm_b[i], (uint8_t)*(truth_tm_b + i)); } Crypto_Shutdown(); @@ -490,13 +468,14 @@ UTEST(TM_APPLY_SECURITY, AES_CMAC_256_TEST_1) // Setup & Initialize CryptoLib // Oddball setup that doesn't use TM_INIT to check FECF - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); // Test frame setup char* framed_tm_h = "02C000001800000008010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB00000000000000000000000000000000415B"; @@ -505,37 +484,39 @@ UTEST(TM_APPLY_SECURITY, AES_CMAC_256_TEST_1) hex_conversion(framed_tm_h, &framed_tm_b, &framed_tm_len); // Truth frame setup - // Mac from python based CMAC: 68d3ae99a68603a261304815b95ffe74 + // Mac from python based CMAC: 8eae5e9d174659fc8edf9bf0505d6625 + /** + * NOTE: CyberChef needs a from_hex in the recipe before CMAC! + * CyberChef: https://gchq.github.io/CyberChef/#recipe=From_Hex('Auto')CMAC(%7B'option':'Hex','string':'ff9f9284cf599eac3b119905a7d18851e7e374cf63aea04358586b0f757670f9'%7D,'AES')&input=MDJDMDAwMDAxODAwMDAwQzA4MDEwMDAwMDAwRjAwMTEyMjMzNDQ1NTY2Nzc4ODk5QUFCQkNDRERFRUZGQTEwN0ZGMDAwMDA2RDJBQkJBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkI + **/ char* truth_tm_h = "02C000001800000C08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB8eae5e9d174659fc8edf9bf0505d66255ab5"; char* truth_tm_b = NULL; int truth_tm_len = 0; hex_conversion(truth_tm_h, &truth_tm_b, &truth_tm_len); - // Memcpy test frame into static TM - Make STATIC BLOCK size of standard max - memcpy(&tm_frame, framed_tm_b, framed_tm_len); - // Expose/setup SA for testing - // Configure SA 12 - sadb_routine->sadb_get_sa_from_spi(12, &sa_ptr); + // Configure SA 1 off + sa_if->sa_get_from_spi(1, &sa_ptr); + sa_ptr->sa_state = SA_KEYED; + // Configure SA 12 + sa_if->sa_get_from_spi(12, &sa_ptr); + sa_ptr->sa_state = SA_OPERATIONAL; + sa_ptr->gvcid_blk.scid = 44; sa_ptr->ast = 1; sa_ptr->est = 0; sa_ptr->arsn_len = 0; sa_ptr->shivf_len = 0; sa_ptr->iv_len = 0; sa_ptr->shsnf_len = 0; - sa_ptr->arsn = 0; sa_ptr->arsn_len = 0; - sa_ptr->arsn = NULL; sa_ptr->abm_len = 1786; - sa_ptr->abm = (uint8_t* )calloc(1, sa_ptr->abm_len * sizeof(uint8_t)); memset(sa_ptr->abm, 0xFF, (sa_ptr->abm_len * sizeof(uint8_t))); // Bitmask sa_ptr->stmacf_len = 16; - sa_ptr->sa_state = SA_OPERATIONAL; - sa_ptr->ecs = calloc(1, sa_ptr->ecs_len * sizeof(uint8_t)); - *sa_ptr->ecs = CRYPTO_CIPHER_NONE; - sa_ptr->acs = calloc(1, sa_ptr->acs_len * sizeof(uint8_t)); - *sa_ptr->acs = CRYPTO_MAC_CMAC_AES256; + sa_ptr->ecs = CRYPTO_CIPHER_NONE; + sa_ptr->acs = CRYPTO_MAC_CMAC_AES256; + sa_ptr->ecs_len = 1; + sa_ptr->acs_len = 1; sa_ptr->ekid = 0; sa_ptr->akid = 136; @@ -548,12 +529,9 @@ UTEST(TM_APPLY_SECURITY, AES_CMAC_256_TEST_1) status = Crypto_Get_Managed_Parameters_For_Gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, gvcid_managed_parameters, ¤t_managed_parameters); // Determine security association by GVCID, which nominally happens in TO - // status = sadb_routine->sadb_get_operational_sa_from_gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, map_id, &sa_ptr); + // status = sa_if->sa_get_operational_sa_from_gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, map_id, &sa_ptr); - // Pass these references to ApplySecurity to avoid duplications of call in real setup onboard - // e.g. so TO doesn't make the call, and then it's doubled within ApplySecurity - // managed_parameters are a global, don't need passed - status = Crypto_TM_ApplySecurity(sa_ptr); + status = Crypto_TM_ApplySecurity((uint8_t*)framed_tm_b); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); // Byte by byte verify: @@ -563,8 +541,8 @@ UTEST(TM_APPLY_SECURITY, AES_CMAC_256_TEST_1) // 4) FECF is re-calculated and updated for (int i = 0; i < current_managed_parameters->max_frame_size; i++) { - // printf("Index %d: Checking %02x against %02X\n", i, tm_frame[i], (uint8_t)*(truth_tm_b + i)); - ASSERT_EQ(tm_frame[i], (uint8_t)*(truth_tm_b + i)); + // printf("Index %d: Checking %02x against %02X\n", i, (uint8_t)framed_tm_b[i], (uint8_t)*(truth_tm_b + i)); + ASSERT_EQ((uint8_t)framed_tm_b[i], (uint8_t)*(truth_tm_b + i)); } Crypto_Shutdown(); @@ -583,13 +561,14 @@ UTEST(TM_APPLY_ENC_VAL, AES_HMAC_SHA_256_TEST_0) // Setup & Initialize CryptoLib // Oddball setup that doesn't use TM_INIT to check FECF - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); // Test frame setup char* framed_tm_h = "02C000001800000008010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB00000000000000000000000000000000415B"; char* framed_tm_b = NULL; @@ -603,31 +582,29 @@ UTEST(TM_APPLY_ENC_VAL, AES_HMAC_SHA_256_TEST_0) int truth_tm_len = 0; hex_conversion(truth_tm_h, &truth_tm_b, &truth_tm_len); - // Memcpy test frame into static TM - Make STATIC BLOCK size of standard max - memcpy(&tm_frame, framed_tm_b, framed_tm_len); - // Expose/setup SA for testing - // Configure SA 12 - sadb_routine->sadb_get_sa_from_spi(12, &sa_ptr); + // Configure SA 1 off + sa_if->sa_get_from_spi(1, &sa_ptr); + sa_ptr->sa_state = SA_KEYED; + // Configure SA 12 + sa_if->sa_get_from_spi(12, &sa_ptr); + sa_ptr->sa_state = SA_OPERATIONAL; + sa_ptr->gvcid_blk.scid = 44; sa_ptr->ast = 1; sa_ptr->est = 0; sa_ptr->arsn_len = 0; sa_ptr->shivf_len = 0; sa_ptr->iv_len = 0; sa_ptr->shsnf_len = 0; - sa_ptr->arsn = 0; sa_ptr->arsn_len = 0; - sa_ptr->arsn = NULL; sa_ptr->abm_len = 1786; - sa_ptr->abm = (uint8_t* )calloc(1, sa_ptr->abm_len * sizeof(uint8_t)); memset(sa_ptr->abm, 0x00, (sa_ptr->abm_len * sizeof(uint8_t))); // Bitmask sa_ptr->stmacf_len = 16; - sa_ptr->sa_state = SA_OPERATIONAL; - sa_ptr->ecs = calloc(1, sa_ptr->ecs_len * sizeof(uint8_t)); - *sa_ptr->ecs = CRYPTO_CIPHER_NONE; - sa_ptr->acs = calloc(1, sa_ptr->acs_len * sizeof(uint8_t)); - *sa_ptr->acs = CRYPTO_MAC_HMAC_SHA256; + sa_ptr->ecs = CRYPTO_CIPHER_NONE; + sa_ptr->acs = CRYPTO_MAC_HMAC_SHA256; + sa_ptr->ecs_len = 1; + sa_ptr->acs_len = 1; sa_ptr->ekid = 0; sa_ptr->akid = 136; @@ -639,13 +616,8 @@ UTEST(TM_APPLY_ENC_VAL, AES_HMAC_SHA_256_TEST_0) // Determine managed parameters by GVCID, which nominally happens in TO status = Crypto_Get_Managed_Parameters_For_Gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, gvcid_managed_parameters, ¤t_managed_parameters); - // Determine security association by GVCID, which nominally happens in TO - // status = sadb_routine->sadb_get_operational_sa_from_gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, map_id, &sa_ptr); - // Pass these references to ApplySecurity to avoid duplications of call in real setup onboard - // e.g. so TO doesn't make the call, and then it's doubled within ApplySecurity - // managed_parameters are a global, don't need passed - status = Crypto_TM_ApplySecurity(sa_ptr); + status = Crypto_TM_ApplySecurity((uint8_t*)framed_tm_b); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); // Byte by byte verify: @@ -655,8 +627,8 @@ UTEST(TM_APPLY_ENC_VAL, AES_HMAC_SHA_256_TEST_0) // 4) FECF is re-calculated and updated for (int i = 0; i < current_managed_parameters->max_frame_size; i++) { - // printf("Index %d: Checking %02x against %02X\n", i, tm_frame[i], (uint8_t)*(truth_tm_b + i)); - ASSERT_EQ(tm_frame[i], (uint8_t)*(truth_tm_b + i)); + // printf("Index %d: Checking %02x against %02X\n", i, (uint8_t)framed_tm_b[i], (uint8_t)*(truth_tm_b + i)); + ASSERT_EQ((uint8_t)framed_tm_b[i], (uint8_t)*(truth_tm_b + i)); } Crypto_Shutdown(); @@ -675,13 +647,14 @@ UTEST(TM_APPLY_ENC_VAL, AES_HMAC_SHA_256_TEST_1) // Setup & Initialize CryptoLib // Oddball setup that doesn't use TM_INIT to check FECF - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); // Test frame setup char* framed_tm_h = "02C000001800000008010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB00000000000000000000000000000000415B"; char* framed_tm_b = NULL; @@ -695,31 +668,30 @@ UTEST(TM_APPLY_ENC_VAL, AES_HMAC_SHA_256_TEST_1) int truth_tm_len = 0; hex_conversion(truth_tm_h, &truth_tm_b, &truth_tm_len); - // Memcpy test frame into static TM - Make STATIC BLOCK size of standard max - memcpy(&tm_frame, framed_tm_b, framed_tm_len); - // Expose/setup SA for testing - // Configure SA 12 - sadb_routine->sadb_get_sa_from_spi(12, &sa_ptr); + // Configure SA 1 off + sa_if->sa_get_from_spi(1, &sa_ptr); + sa_ptr->sa_state = SA_KEYED; + // Configure SA 12 + sa_if->sa_get_from_spi(12, &sa_ptr); + sa_ptr->sa_state = SA_OPERATIONAL; + sa_ptr->gvcid_blk.scid = 44; sa_ptr->ast = 1; sa_ptr->est = 0; sa_ptr->arsn_len = 0; sa_ptr->shivf_len = 0; sa_ptr->iv_len = 0; sa_ptr->shsnf_len = 0; - sa_ptr->arsn = 0; sa_ptr->arsn_len = 0; - sa_ptr->arsn = NULL; sa_ptr->abm_len = 1786; - sa_ptr->abm = (uint8_t* )calloc(1, sa_ptr->abm_len * sizeof(uint8_t)); memset(sa_ptr->abm, 0xFF, (sa_ptr->abm_len * sizeof(uint8_t))); // Bitmask sa_ptr->stmacf_len = 16; sa_ptr->sa_state = SA_OPERATIONAL; - sa_ptr->ecs = calloc(1, sa_ptr->ecs_len * sizeof(uint8_t)); - *sa_ptr->ecs = CRYPTO_CIPHER_NONE; - sa_ptr->acs = calloc(1, sa_ptr->acs_len * sizeof(uint8_t)); - *sa_ptr->acs = CRYPTO_MAC_HMAC_SHA256; + sa_ptr->ecs = CRYPTO_CIPHER_NONE; + sa_ptr->acs = CRYPTO_MAC_HMAC_SHA256; + sa_ptr->ecs_len = 1; + sa_ptr->acs_len = 1; sa_ptr->ekid = 0; sa_ptr->akid = 136; @@ -731,13 +703,8 @@ UTEST(TM_APPLY_ENC_VAL, AES_HMAC_SHA_256_TEST_1) // Determine managed parameters by GVCID, which nominally happens in TO status = Crypto_Get_Managed_Parameters_For_Gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, gvcid_managed_parameters, ¤t_managed_parameters); - // Determine security association by GVCID, which nominally happens in TO - // status = sadb_routine->sadb_get_operational_sa_from_gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, map_id, &sa_ptr); - // Pass these references to ApplySecurity to avoid duplications of call in real setup onboard - // e.g. so TO doesn't make the call, and then it's doubled within ApplySecurity - // managed_parameters are a global, don't need passed - status = Crypto_TM_ApplySecurity(sa_ptr); + status = Crypto_TM_ApplySecurity((uint8_t*)framed_tm_b); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); // Byte by byte verify: @@ -747,8 +714,8 @@ UTEST(TM_APPLY_ENC_VAL, AES_HMAC_SHA_256_TEST_1) // 4) FECF is re-calculated and updated for (int i = 0; i < current_managed_parameters->max_frame_size; i++) { - // printf("Index %d: Checking %02x against %02X\n", i, tm_frame[i], (uint8_t)*(truth_tm_b + i)); - ASSERT_EQ(tm_frame[i], (uint8_t)*(truth_tm_b + i)); + // printf("Index %d: Checking %02x against %02X\n", i, (uint8_t)framed_tm_b[i], (uint8_t)*(truth_tm_b + i)); + ASSERT_EQ((uint8_t)framed_tm_b[i], (uint8_t)*(truth_tm_b + i)); } Crypto_Shutdown(); @@ -767,14 +734,15 @@ UTEST(TM_APPLY_ENC_VAL, AES_HMAC_SHA_512_TEST_0) // Setup & Initialize CryptoLib // Oddball setup that doesn't use TM_INIT to check FECF - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); - crypto_key_t* ek_ring = cryptography_if->get_ek_ring(); + SaInterface sa_if = get_sa_interface_inmemory(); + crypto_key_t* akp = NULL; // Test frame setup char* framed_tm_h = "02C000001800000008010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB00000000000000000000000000000000415B"; char* framed_tm_b = NULL; @@ -788,36 +756,36 @@ UTEST(TM_APPLY_ENC_VAL, AES_HMAC_SHA_512_TEST_0) int truth_tm_len = 0; hex_conversion(truth_tm_h, &truth_tm_b, &truth_tm_len); - // Memcpy test frame into static TM - Make STATIC BLOCK size of standard max - memcpy(&tm_frame, framed_tm_b, framed_tm_len); - // Expose/setup SA for testing - // Configure SA 12 - sadb_routine->sadb_get_sa_from_spi(12, &sa_ptr); + // Configure SA 1 off + sa_if->sa_get_from_spi(1, &sa_ptr); + sa_ptr->sa_state = SA_KEYED; + // Configure SA 12 + sa_if->sa_get_from_spi(12, &sa_ptr); + sa_ptr->sa_state = SA_OPERATIONAL; + sa_ptr->gvcid_blk.scid = 44; sa_ptr->ast = 1; sa_ptr->est = 0; sa_ptr->arsn_len = 0; sa_ptr->shivf_len = 0; sa_ptr->iv_len = 0; sa_ptr->shsnf_len = 0; - sa_ptr->arsn = 0; sa_ptr->arsn_len = 0; - sa_ptr->arsn = NULL; sa_ptr->abm_len = 1786; - sa_ptr->abm = (uint8_t* )calloc(1, sa_ptr->abm_len * sizeof(uint8_t)); memset(sa_ptr->abm, 0x00, (sa_ptr->abm_len * sizeof(uint8_t))); // Bitmask sa_ptr->stmacf_len = 16; sa_ptr->sa_state = SA_OPERATIONAL; - sa_ptr->ecs = calloc(1, sa_ptr->ecs_len * sizeof(uint8_t)); - *sa_ptr->ecs = CRYPTO_CIPHER_NONE; - sa_ptr->acs = calloc(1, sa_ptr->acs_len * sizeof(uint8_t)); - *sa_ptr->acs = CRYPTO_MAC_HMAC_SHA512; + sa_ptr->ecs = CRYPTO_CIPHER_NONE; + sa_ptr->acs = CRYPTO_MAC_HMAC_SHA512; + sa_ptr->ecs_len = 1; + sa_ptr->acs_len = 1; sa_ptr->ekid = 0; sa_ptr->akid = 136; // Update key length for SHA512 - ek_ring[sa_ptr->akid].key_len = 64; + akp = key_if->get_key(sa_ptr->akid); + akp->key_len = 64; // Bit math to give concise access to values already set in the static transfer frame tm_frame_pri_hdr.tfvn = ((uint8_t)framed_tm_b[0] & 0xC0) >> 6; @@ -828,12 +796,9 @@ UTEST(TM_APPLY_ENC_VAL, AES_HMAC_SHA_512_TEST_0) status = Crypto_Get_Managed_Parameters_For_Gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, gvcid_managed_parameters, ¤t_managed_parameters); // Determine security association by GVCID, which nominally happens in TO - // status = sadb_routine->sadb_get_operational_sa_from_gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, map_id, &sa_ptr); + // status = sa_if->sa_get_operational_sa_from_gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, map_id, &sa_ptr); - // Pass these references to ApplySecurity to avoid duplications of call in real setup onboard - // e.g. so TO doesn't make the call, and then it's doubled within ApplySecurity - // managed_parameters are a global, don't need passed - status = Crypto_TM_ApplySecurity(sa_ptr); + status = Crypto_TM_ApplySecurity((uint8_t*)framed_tm_b); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); // Byte by byte verify: @@ -843,8 +808,11 @@ UTEST(TM_APPLY_ENC_VAL, AES_HMAC_SHA_512_TEST_0) // 4) FECF is re-calculated and updated for (int i = 0; i < current_managed_parameters->max_frame_size; i++) { - // printf("Index %d: Checking %02x against %02X\n", i, tm_frame[i], (uint8_t)*(truth_tm_b + i)); - ASSERT_EQ(tm_frame[i], (uint8_t)*(truth_tm_b + i)); + if (framed_tm_b[i] != truth_tm_b[i]) + { + printf("Error at index %d: checking frame %02x against truth %02X\n", i, (uint8_t) framed_tm_b[i], (uint8_t) truth_tm_b[i]); + } + ASSERT_EQ((uint8_t) framed_tm_b[i], (uint8_t) truth_tm_b[i]); } Crypto_Shutdown(); @@ -863,14 +831,15 @@ UTEST(TM_APPLY_ENC_VAL, AES_HMAC_SHA_512_TEST_1) // Setup & Initialize CryptoLib // Oddball setup that doesn't use TM_INIT to check FECF - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); - crypto_key_t* ek_ring = cryptography_if->get_ek_ring(); + SaInterface sa_if = get_sa_interface_inmemory(); + crypto_key_t* akp = NULL; // Test frame setup char* framed_tm_h = "02C000001800000008010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB00000000000000000000000000000000415B"; char* framed_tm_b = NULL; @@ -884,36 +853,36 @@ UTEST(TM_APPLY_ENC_VAL, AES_HMAC_SHA_512_TEST_1) int truth_tm_len = 0; hex_conversion(truth_tm_h, &truth_tm_b, &truth_tm_len); - // Memcpy test frame into static TM - Make STATIC BLOCK size of standard max - memcpy(&tm_frame, framed_tm_b, framed_tm_len); - // Expose/setup SA for testing - // Configure SA 12 - sadb_routine->sadb_get_sa_from_spi(12, &sa_ptr); + // Configure SA 1 off + sa_if->sa_get_from_spi(1, &sa_ptr); + sa_ptr->sa_state = SA_KEYED; + // Configure SA 12 + sa_if->sa_get_from_spi(12, &sa_ptr); + sa_ptr->sa_state = SA_OPERATIONAL; + sa_ptr->gvcid_blk.scid = 44; sa_ptr->ast = 1; sa_ptr->est = 0; sa_ptr->arsn_len = 0; sa_ptr->shivf_len = 0; sa_ptr->iv_len = 0; sa_ptr->shsnf_len = 0; - sa_ptr->arsn = 0; sa_ptr->arsn_len = 0; - sa_ptr->arsn = NULL; sa_ptr->abm_len = 1786; - sa_ptr->abm = (uint8_t* )calloc(1, sa_ptr->abm_len * sizeof(uint8_t)); memset(sa_ptr->abm, 0xFF, (sa_ptr->abm_len * sizeof(uint8_t))); // Bitmask sa_ptr->stmacf_len = 16; sa_ptr->sa_state = SA_OPERATIONAL; - sa_ptr->ecs = calloc(1, sa_ptr->ecs_len * sizeof(uint8_t)); - *sa_ptr->ecs = CRYPTO_CIPHER_NONE; - sa_ptr->acs = calloc(1, sa_ptr->acs_len * sizeof(uint8_t)); - *sa_ptr->acs = CRYPTO_MAC_HMAC_SHA512; + sa_ptr->ecs = CRYPTO_CIPHER_NONE; + sa_ptr->acs = CRYPTO_MAC_HMAC_SHA512; + sa_ptr->ecs_len = 1; + sa_ptr->acs_len = 1; sa_ptr->ekid = 0; sa_ptr->akid = 136; // Update key length for SHA512 - ek_ring[sa_ptr->akid].key_len = 64; + akp = key_if->get_key(sa_ptr->akid); + akp->key_len = 64; // Bit math to give concise access to values already set in the static transfer frame tm_frame_pri_hdr.tfvn = ((uint8_t)framed_tm_b[0] & 0xC0) >> 6; @@ -923,13 +892,8 @@ UTEST(TM_APPLY_ENC_VAL, AES_HMAC_SHA_512_TEST_1) // Determine managed parameters by GVCID, which nominally happens in TO status = Crypto_Get_Managed_Parameters_For_Gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, gvcid_managed_parameters, ¤t_managed_parameters); - // Determine security association by GVCID, which nominally happens in TO - // status = sadb_routine->sadb_get_operational_sa_from_gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, map_id, &sa_ptr); - // Pass these references to ApplySecurity to avoid duplications of call in real setup onboard - // e.g. so TO doesn't make the call, and then it's doubled within ApplySecurity - // managed_parameters are a global, don't need passed - status = Crypto_TM_ApplySecurity(sa_ptr); + status = Crypto_TM_ApplySecurity((uint8_t*)framed_tm_b); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); // Byte by byte verify: @@ -939,8 +903,8 @@ UTEST(TM_APPLY_ENC_VAL, AES_HMAC_SHA_512_TEST_1) // 4) FECF is re-calculated and updated for (int i = 0; i < current_managed_parameters->max_frame_size; i++) { - // printf("Index %d: Checking %02x against %02X\n", i, tm_frame[i], (uint8_t)*(truth_tm_b + i)); - ASSERT_EQ(tm_frame[i], (uint8_t)*(truth_tm_b + i)); + // printf("Index %d: Checking %02x against %02X\n", i, (uint8_t)framed_tm_b[i], (uint8_t)*(truth_tm_b + i)); + ASSERT_EQ((uint8_t)framed_tm_b[i], (uint8_t)*(truth_tm_b + i)); } Crypto_Shutdown(); @@ -948,4 +912,193 @@ UTEST(TM_APPLY_ENC_VAL, AES_HMAC_SHA_512_TEST_1) free(truth_tm_b); } +/** + * @brief Encryption Only: AES-GCM. 16-byte IV, as GCM requires. Verified with CyberChef + * https://gchq.github.io/CyberChef/#recipe=AES_Encrypt(%7B'option':'Hex','string':'FF9F9284CF599EAC3B119905A7D18851E7E374CF63AEA04358586B0F757670F9'%7D,%7B'option':'Hex','string':'deadbeefdeadbeefdeadbeefdeadbeef'%7D,'GCM','Hex','Hex',%7B'option':'Hex','string':''%7D)&input=QUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQg + **/ +UTEST(TM_APPLY_ENC_VAL, AES_GCM_BITMASK_1) +{ + // Setup & Initialize CryptoLib + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, + TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Init(); + SaInterface sa_if = get_sa_interface_inmemory(); + + // Test frame setup Header |SPI| IV | Data + char* framed_tm_h = "02C000001800000000000000000000000000000000000000AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBFFFF"; + char* framed_tm_b = NULL; + int framed_tm_len = 0; + hex_conversion(framed_tm_h, &framed_tm_b, &framed_tm_len); + + // Truth frame setup + char* truth_tm_h = "02c0000018000009deadbeefdeadbeefdeadbeefdeadbeef0b355a29091cc09b6434ca743273c0a1f0529d44cedd32f09b9dbb45ab35c4b607c4783aaefe7068f6924f069e335dacbf11cb0aba3268b6e1f5b12d6a9ce5e26bf249125ce02cecd90f17f642a9ed8524e73cbca4a125d16a00babca86146b264f2e36d3f81a8645b8b8a66214c473efdbf6f8faa435c9dc3b839bde4fadea2d8a5c9edfd7e1db8b1ba6c1b10e20f82d98c3959104e826c5dc4f63228f5d3fda431adcb775a2300000113e3fee4b87f2f87550b66fa001494c23357a2f095f3593790f6bbbc6eddc301422a8ab70c51b20924c02d202da34523823c8e08b7973e6eb4ab7ba5f7a78dd5513c911bc5213087091629f3600856b9d4a756337f92dd3f853d442f1f0c9966eb7d5e7954f5963ad83382ee13b20f2866ae7393e54b81e25e7598da37959b9f195aa2a9c858c867ff84af8e079baffeeb19102b22800d42938819771eb622aac490bcedaa7ea2481b0547e687ccb95e26a2922166d7cab077ef0e06ec3bf07764de160c3c0db07a9f93d41ece84521ec0e82d9a3658b502850b19cac88e6b5d0c975f850616bd3f2a950b01a38f903108a1a12f38ede3b6833b7126e2af81b719147bcda0aee5bd60e90a8dd800ef5f967400773ee79334f08480b110dfabb2946826828aca98c16004d1d78c1c18c384a19a0afb73792abfdfc55dbe7b36496114b85c28c954d8ff6d661b92e5cd1541d5843e55cfa1f48f08423301012583a7f770c3d3c0ca1a54bafaece16e35c45423474de63d98e966a6a65abaa012798562f18fde35426bea7e75f06f3e2a2538ae992e6996f2fa48f8c2ca179ed76c0f817b47b64bba561f7502b672188200c360d709de7da7443abbfe5506604a6394d3dc7914e71df54efed8dcb264e07b8b7eb50015dd33a11354fa85fcda7b225b1a89ac68827946d1c94fe6e926fda7c4ee8cbf8dafb2bb2fc3900914f04dff504ccec0a45bd78784aa43d9aaa3eff8f72eac5c2e7fbdd9c78f49dad8624dc84329ca1753840284f4dab6102ebd1da47ed9a7e7cb055318d359a5ba9e55434740731ead208457ae94a169135fd02e99e68775f5f99550be0ff79ad2bafe7d4c08fab79d101273f3cae8c6e66585248779238705a1d1d4531347eb593edf7d55e85c91c633f6185782dcb3942ddc78be75ee20bd42ad42cac5440f5579c690d3a127c0962c4d6250dbafc2622b47d1ee505d3dba523592530d78644e2ac4b2e352d584c14191599df0eb1f8e78a20fcf3be1b76e6efa374a8a9f119ae92a707e056bcc5a4b9ad27739fc7cfca27e3ed0d33a0e724089930cf5a947e9eff24c4a3bf5147150d65f4a781723b4ffe230af61e25f5e1a7d74565a52411af43700a05ac1a3e778b7d85b1570895726f394a7345aeb634c4185ff6c2603efc4f00422163b37bd5ec98bd320139ec0e3b69563e9216c236f9516cf2305fc8cc7995e7813a9dc6ada3ab6d503368103eb349199345a449e636524dfc87ece09bb2a8c5323eca50875dec26d25eedff6e3908b9086ca182cc93300008623074f1ad52f1cfe6ef32a6bcf78ad4621cdcc5ff4e6282eed12c3939e28f66faa2b47ab4c0bed328a883995f8616ffa8ee3e66905e9719e7c980d2bcbe0744fc1795956c46adca32b9d3fce5c968b65794b9b10526821f82be34d7c76ce097e5973335015b99c1d8398d0b1d17353f221f9657f90e2bbbfa0f196664edb5b22f4d352e5b1bf3734d6a95678ad5d3a5cb3a76a8938ff2058a4e0297ae9a50df6b4231ea6319db77476aedd7dcbc091d018c89a66eb8e05b42b7e2ef76776b563d432bb3b51827e73212e68d693bbbea8922c5a184394dfd7ec296324f7d91dc4ba950a9edb25f29112b843d662cebc630ca24e4b93a31e7e0b644bafad2435167fa6f9195b3b23971effb4bdbd0f65af8ef2cd1146fc533b7c83cc83fe1540294de3e16154e8fca507b2fc0154677aca2d3718a76924b9e8585bf25f14729fce656b426704293ae6a8181e3929f1352304ef0ca7747fa2db0db7dcf32d2a5b0f68933acb58f32712ef50aefc28a1b7e4315e8b8bcdcacf230200bdc4f41b320969def240c21a259ee319e69711f2c44ed08d7be40e905078534906cb2ae09e653ae3e33ece1e056512798a9525883ad5eaafc394b0c788e57d21b7d076926dd6d583fe220814f4473e67245a3fe732de8bf814baff99d3aad1ca671269bd3f84560e98398aa9f6ba625e9bc516bb88a4fb2a7ec4b3017ac74362f58653b6b7a2226fcbd484a834fe5e8f4a7432fecf8974d57088c7955eee593bd806bb84b46dc2e75c2709c37468866df97e66f49bece821aa8997ec766d6e6529cf96c18a14435ee0ded2bde56d77b2091d4ca1346830edda23d114efe1596201d80fe213b8b7dffa79fc84a2a63c77ac9fae6cb1b8bb99521b43309915da6b28316e400f10fda0f1dbdd25761de798dc894009f391fd96d2471558a2c9656251af547a43"; + char* truth_tm_b = NULL; + int truth_tm_len = 0; + hex_conversion(truth_tm_h, &truth_tm_b, &truth_tm_len); + + // Expose/setup SAs for testing + SecurityAssociation_t ta; + SecurityAssociation_t* sa_ptr = &ta; + // Deactivate SA 1 + sa_if->sa_get_from_spi(1, &sa_ptr); + sa_ptr->sa_state = SA_NONE; + + // Activate SA 9 + sa_if->sa_get_from_spi(9, &sa_ptr); + sa_ptr->gvcid_blk.scid = 44; + sa_ptr->arsn_len = 0; + sa_ptr->abm_len = 1786; + memset(sa_ptr->abm, 0xFF, (sa_ptr->abm_len * sizeof(uint8_t))); // Bitmask + sa_ptr->sa_state = SA_OPERATIONAL; + sa_ptr->ecs_len = 1; + sa_ptr->ecs = CRYPTO_CIPHER_AES256_GCM; + sa_ptr->acs_len = 1; + sa_ptr->acs = CRYPTO_MAC_NONE; + sa_ptr->iv_len = 16; + sa_ptr->shivf_len = 16; + + // Set a more obvious IV for test purposes + char * iv_h = "DEADBEEFDEADBEEFDEADBEEFDEADBEEF"; + char* iv_b = NULL; + int iv_len = 0; + hex_conversion(iv_h, &iv_b, &iv_len); + memcpy(sa_ptr->iv, iv_b, iv_len); + + Crypto_TM_ApplySecurity((uint8_t*)framed_tm_b); + + printf("Static frame contents:\n\t"); + for (int i = 0; i < 1786; i++) + { + // printf("[%d]: %02x -> %02x \n", i, (uint8_t)framed_tm_b[i], truth_tm_b[i]); + printf("%02x", (uint8_t)framed_tm_b[i]); + // ASSERT_EQ(*(ptr_enc_frame + enc_data_idx), buffer_nist_ct_b[i]); + // enc_data_idx++; + } + printf("\n"); + printf("Truth Contents\n\t"); + for (int i = 0; i < 1786; i++) + { + // printf("[%d]: %02x -> %02x \n", i, (uint8_t)framed_tm_b[i], truth_tm_b[i]); + printf("%02x", (uint8_t)*(truth_tm_b+i)); + // ASSERT_EQ(*(ptr_enc_frame + enc_data_idx), buffer_nist_ct_b[i]); + // enc_data_idx++; + } + printf("\n"); + + for (int i = 0; i < 1786; i++) + { + // printf("[%d]: %02x -> %02x \n", i, *((uint8_t)framed_tm_b+ i), (uint8_t)truth_tm_b[i]); + // printf("%02x", (uint8_t)*(truth_tm_b+i)); + if (framed_tm_b[i] != truth_tm_b[i]) + { + printf("Error at index %d: checking frame %02x against truth %02X\n", i, (uint8_t) framed_tm_b[i], (uint8_t) truth_tm_b[i]); + } + ASSERT_EQ((uint8_t)framed_tm_b[i], (uint8_t)truth_tm_b[i]); + } + printf("\n"); + + Crypto_Shutdown(); + free(truth_tm_b); + free(framed_tm_b); + free(iv_b); +} + +/** + * @brief AEAD Encryption: AES-GCM. 16-byte IV, as GCM requires. Verified with CyberChef + * https://gchq.github.io/CyberChef/#recipe=AES_Encrypt(%7B'option':'Hex','string':'FF9F9284CF599EAC3B119905A7D18851E7E374CF63AEA04358586B0F757670F9'%7D,%7B'option':'Hex','string':'deadbeefdeadbeefdeadbeefdeadbeef'%7D,'GCM','Hex','Hex',%7B'option':'Hex','string':''%7D)&input=QUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQg + **/ +UTEST(TM_APPLY_ENC_VAL, AEAD_AES_GCM_BITMASK_1) +{ + // Setup & Initialize CryptoLib + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, + TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Init(); + SaInterface sa_if = get_sa_interface_inmemory(); + + // Test frame setup Header |SPI| IV | Data + char* framed_tm_h = "02C000001800000000000000000000000000000000000000AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBCCDDCCDDCCDDCCDDCCDDCCDDCCDDCCDDFFFF"; + char* framed_tm_b = NULL; + int framed_tm_len = 0; + hex_conversion(framed_tm_h, &framed_tm_b, &framed_tm_len); + + // Truth frame setup + char* truth_tm_h = "02c0000018000009deadbeefdeadbeefdeadbeefdeadbeef0b355a29091cc09b6434ca743273c0a1f0529d44cedd32f09b9dbb45ab35c4b607c4783aaefe7068f6924f069e335dacbf11cb0aba3268b6e1f5b12d6a9ce5e26bf249125ce02cecd90f17f642a9ed8524e73cbca4a125d16a00babca86146b264f2e36d3f81a8645b8b8a66214c473efdbf6f8faa435c9dc3b839bde4fadea2d8a5c9edfd7e1db8b1ba6c1b10e20f82d98c3959104e826c5dc4f63228f5d3fda431adcb775a2300000113e3fee4b87f2f87550b66fa001494c23357a2f095f3593790f6bbbc6eddc301422a8ab70c51b20924c02d202da34523823c8e08b7973e6eb4ab7ba5f7a78dd5513c911bc5213087091629f3600856b9d4a756337f92dd3f853d442f1f0c9966eb7d5e7954f5963ad83382ee13b20f2866ae7393e54b81e25e7598da37959b9f195aa2a9c858c867ff84af8e079baffeeb19102b22800d42938819771eb622aac490bcedaa7ea2481b0547e687ccb95e26a2922166d7cab077ef0e06ec3bf07764de160c3c0db07a9f93d41ece84521ec0e82d9a3658b502850b19cac88e6b5d0c975f850616bd3f2a950b01a38f903108a1a12f38ede3b6833b7126e2af81b719147bcda0aee5bd60e90a8dd800ef5f967400773ee79334f08480b110dfabb2946826828aca98c16004d1d78c1c18c384a19a0afb73792abfdfc55dbe7b36496114b85c28c954d8ff6d661b92e5cd1541d5843e55cfa1f48f08423301012583a7f770c3d3c0ca1a54bafaece16e35c45423474de63d98e966a6a65abaa012798562f18fde35426bea7e75f06f3e2a2538ae992e6996f2fa48f8c2ca179ed76c0f817b47b64bba561f7502b672188200c360d709de7da7443abbfe5506604a6394d3dc7914e71df54efed8dcb264e07b8b7eb50015dd33a11354fa85fcda7b225b1a89ac68827946d1c94fe6e926fda7c4ee8cbf8dafb2bb2fc3900914f04dff504ccec0a45bd78784aa43d9aaa3eff8f72eac5c2e7fbdd9c78f49dad8624dc84329ca1753840284f4dab6102ebd1da47ed9a7e7cb055318d359a5ba9e55434740731ead208457ae94a169135fd02e99e68775f5f99550be0ff79ad2bafe7d4c08fab79d101273f3cae8c6e66585248779238705a1d1d4531347eb593edf7d55e85c91c633f6185782dcb3942ddc78be75ee20bd42ad42cac5440f5579c690d3a127c0962c4d6250dbafc2622b47d1ee505d3dba523592530d78644e2ac4b2e352d584c14191599df0eb1f8e78a20fcf3be1b76e6efa374a8a9f119ae92a707e056bcc5a4b9ad27739fc7cfca27e3ed0d33a0e724089930cf5a947e9eff24c4a3bf5147150d65f4a781723b4ffe230af61e25f5e1a7d74565a52411af43700a05ac1a3e778b7d85b1570895726f394a7345aeb634c4185ff6c2603efc4f00422163b37bd5ec98bd320139ec0e3b69563e9216c236f9516cf2305fc8cc7995e7813a9dc6ada3ab6d503368103eb349199345a449e636524dfc87ece09bb2a8c5323eca50875dec26d25eedff6e3908b9086ca182cc93300008623074f1ad52f1cfe6ef32a6bcf78ad4621cdcc5ff4e6282eed12c3939e28f66faa2b47ab4c0bed328a883995f8616ffa8ee3e66905e9719e7c980d2bcbe0744fc1795956c46adca32b9d3fce5c968b65794b9b10526821f82be34d7c76ce097e5973335015b99c1d8398d0b1d17353f221f9657f90e2bbbfa0f196664edb5b22f4d352e5b1bf3734d6a95678ad5d3a5cb3a76a8938ff2058a4e0297ae9a50df6b4231ea6319db77476aedd7dcbc091d018c89a66eb8e05b42b7e2ef76776b563d432bb3b51827e73212e68d693bbbea8922c5a184394dfd7ec296324f7d91dc4ba950a9edb25f29112b843d662cebc630ca24e4b93a31e7e0b644bafad2435167fa6f9195b3b23971effb4bdbd0f65af8ef2cd1146fc533b7c83cc83fe1540294de3e16154e8fca507b2fc0154677aca2d3718a76924b9e8585bf25f14729fce656b426704293ae6a8181e3929f1352304ef0ca7747fa2db0db7dcf32d2a5b0f68933acb58f32712ef50aefc28a1b7e4315e8b8bcdcacf230200bdc4f41b320969def240c21a259ee319e69711f2c44ed08d7be40e905078534906cb2ae09e653ae3e33ece1e056512798a9525883ad5eaafc394b0c788e57d21b7d076926dd6d583fe220814f4473e67245a3fe732de8bf814baff99d3aad1ca671269bd3f84560e98398aa9f6ba625e9bc516bb88a4fb2a7ec4b3017ac74362f58653b6b7a2226fcbd484a834fe5e8f4a7432fecf8974d57088c7955eee593bd806bb84b46dc2e75c2709c37468866df97e66f49bece821aa8997ec766d6e6529cf96c18a14435ee0ded2bde56d77b2091d4ca1346830edda23d114efe1596201d80fe213b8b7dffa79fc84a2a63c77ac9fae6cb1b8bb99521b43309915da6b28316e400f10fda0f1dbdd25761de798dc894020d24577ede4a947914fd2647400f38d9a92"; + char* truth_tm_b = NULL; + int truth_tm_len = 0; + hex_conversion(truth_tm_h, &truth_tm_b, &truth_tm_len); + + // Expose/setup SAs for testing + SecurityAssociation_t ta; + SecurityAssociation_t* sa_ptr = &ta; + // Deactivate SA 1 + sa_if->sa_get_from_spi(1, &sa_ptr); + sa_ptr->sa_state = SA_NONE; + // Activate SA 9 + sa_if->sa_get_from_spi(9, &sa_ptr); + sa_ptr->gvcid_blk.scid = 44; + sa_ptr->arsn_len = 0; + sa_ptr->abm_len = 1786; + memset(sa_ptr->abm, 0xFF, (sa_ptr->abm_len * sizeof(uint8_t))); // Bitmask + sa_ptr->sa_state = SA_OPERATIONAL; + sa_ptr->ast =1; + sa_ptr->ecs_len = 1; + sa_ptr->ecs = CRYPTO_CIPHER_AES256_GCM; + sa_ptr->acs_len = 1; + sa_ptr->acs = CRYPTO_MAC_NONE; + sa_ptr->iv_len = 16; + sa_ptr->shivf_len = 16; + sa_ptr->stmacf_len = 16; + + // Set a more obvious IV for test purposes + char * iv_h = "DEADBEEFDEADBEEFDEADBEEFDEADBEEF"; + char* iv_b = NULL; + int iv_len = 0; + hex_conversion(iv_h, &iv_b, &iv_len); + memcpy(sa_ptr->iv, iv_b, iv_len); + + Crypto_TM_ApplySecurity((uint8_t*)framed_tm_b); + + printf("Static frame contents:\n\t"); + for (int i = 0; i < 1786; i++) + { + // printf("[%d]: %02x -> %02x \n", i, (uint8_t)framed_tm_b[i], truth_tm_b[i]); + printf("%02x", (uint8_t)framed_tm_b[i]); + // ASSERT_EQ(*(ptr_enc_frame + enc_data_idx), buffer_nist_ct_b[i]); + // enc_data_idx++; + } + printf("\n"); + printf("Truth Contents\n\t"); + for (int i = 0; i < 1786; i++) + { + // printf("[%d]: %02x -> %02x \n", i, (uint8_t)framed_tm_b[i], truth_tm_b[i]); + printf("%02x", (uint8_t)truth_tm_b[i]); + // ASSERT_EQ(*(ptr_enc_frame + enc_data_idx), buffer_nist_ct_b[i]); + // enc_data_idx++; + } + printf("\n"); + + for (int i = 0; i < 1786; i++) + { + // printf("[%d]: %02x -> %02x \n", i, *((uint8_t)framed_tm_b+ i), (uint8_t)truth_tm_b[i]); + // printf("%02x", (uint8_t)*(truth_tm_b+i)); + if (framed_tm_b[i] != truth_tm_b[i]) + { + printf("Error at index %d: checking frame %02x against truth %02X\n", i, (uint8_t) framed_tm_b[i], (uint8_t) truth_tm_b[i]); + } + ASSERT_EQ((uint8_t)framed_tm_b[i], (uint8_t)truth_tm_b[i]); + } + printf("\n"); + + Crypto_Shutdown(); + free(truth_tm_b); + free(framed_tm_b); + free(iv_b); +} + UTEST_MAIN(); \ No newline at end of file diff --git a/util/src_util/ut_tm_process.c b/test/unit/ut_tm_process.c similarity index 70% rename from util/src_util/ut_tm_process.c rename to test/unit/ut_tm_process.c index 10e0a346..9f90d2dd 100644 --- a/util/src_util/ut_tm_process.c +++ b/test/unit/ut_tm_process.c @@ -22,7 +22,7 @@ #include "ut_tm_process.h" #include "crypto.h" #include "crypto_error.h" -#include "sadb_routine.h" +#include "sa_interface.h" #include "utest.h" /** @@ -42,10 +42,11 @@ UTEST(TM_PROCESS_SECURITY, NO_CRYPTO_INIT) char* framed_tm_b = NULL; hex_conversion(framed_tm_h, &framed_tm_b, (int *)&framed_tm_len); - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_TRUE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_HAS_SECONDARY_HDR , 1786); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); // Determine managed parameters by GVCID, which nominally happens in TO // status = Crypto_Get_Managed_Parameters_For_Gvcid(((uint8_t)framed_tm_b[0] & 0xC0) >> 6, @@ -53,15 +54,15 @@ UTEST(TM_PROCESS_SECURITY, NO_CRYPTO_INIT) // (((uint8_t)framed_tm_b[2] & 0xFC) >> 2), // gvcid_managed_parameters, ¤t_managed_parameters); // Determine security association by GVCID, which nominally happens in TO - // status = sadb_routine->sadb_get_operational_sa_from_gvcid(((uint8_t)framed_tm_b[0] & 0xC0) >> 6, + // status = sa_if->sa_get_operational_sa_from_gvcid(((uint8_t)framed_tm_b[0] & 0xC0) >> 6, // (((uint8_t)framed_tm_b[0] & 0x03) << 8) | (uint8_t)framed_tm_b[1], // (((uint8_t)framed_tm_b[2] & 0xFC) >> 2), map_id, &sa); status = Crypto_TM_ProcessSecurity((uint8_t* )framed_tm_h, framed_tm_len, &ptr_processed_frame, &processed_tm_len); - ASSERT_EQ(CRYPTO_LIB_ERR_NO_INIT, status); + ASSERT_EQ(CRYPTO_LIB_ERR_NO_CONFIG, status); char* error_enum = Crypto_Get_Error_Code_Enum_String(status); - ASSERT_STREQ("CRYPTO_LIB_ERR_NO_INIT",error_enum); + ASSERT_STREQ("CRYPTO_LIB_ERR_NO_CONFIG",error_enum); free(framed_tm_b); Crypto_Shutdown(); } @@ -91,7 +92,7 @@ UTEST(TM_PROCESS_SECURITY, NO_CONFIG) // gvcid_managed_parameters, ¤t_managed_parameters); // printf("STATUS is %d\n", status); // Determine security association by GVCID, which nominally happens in TO - // status = sadb_routine->sadb_get_operational_sa_from_gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, map_id, &sa_ptr); + // status = sa_if->sa_get_operational_sa_from_gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, map_id, &sa_ptr); // printf("STATUS is %d\n", status); status = Crypto_TM_ProcessSecurity((uint8_t* )framed_tm_h, framed_tm_len, &ptr_processed_frame, &processed_tm_len); ASSERT_EQ(CRYPTO_LIB_ERR_NO_CONFIG, status); @@ -111,13 +112,20 @@ UTEST(TM_PROCESS_SECURITY, NO_CONFIG) **/ UTEST(TM_PROCESS_SECURITY, HAPPY_PATH_CLEAR_FECF) { - // Setup & Initialize CryptoLib - Crypto_Init_TM_Unit_Test(); // Local Variables int32_t status = CRYPTO_LIB_SUCCESS; uint8_t* ptr_processed_frame = NULL; uint16_t processed_tm_len; + // Configure Parameters + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, + TM_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + // TM Tests + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + status = Crypto_Init(); + // Test frame setup // Note: SPI 12 (0x0C) char* framed_tm_h = "02C000001800000C08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB415B"; @@ -139,8 +147,8 @@ UTEST(TM_PROCESS_SECURITY, HAPPY_PATH_CLEAR_FECF) // Now, byte by byte verify the static frame in memory is equivalent to what we started with for(int i=0; i < current_managed_parameters->max_frame_size; i++) { - // printf("Checking %02x against %02X\n", tm_frame[i], (uint8_t)*(truth_tm_b + i)); - ASSERT_EQ(ptr_processed_frame[i], (uint8_t)*(truth_tm_b + i)); + // printf("Checking %02x against %02X\n", (uint8_t)ptr_processed_frame[i], (uint8_t)*(truth_tm_b + i)); + ASSERT_EQ((uint8_t)ptr_processed_frame[i], (uint8_t)*(truth_tm_b + i)); } Crypto_Shutdown(); @@ -157,13 +165,20 @@ UTEST(TM_PROCESS_SECURITY, HAPPY_PATH_CLEAR_FECF) **/ UTEST(TM_PROCESS_SECURITY, SECONDARY_HDR_PRESENT_PLAINTEXT) { - // Setup & Initialize CryptoLib - Crypto_Init_TM_Unit_Test(); - // Local Variables + // Local Variables int32_t status = CRYPTO_LIB_SUCCESS; uint8_t* ptr_processed_frame = NULL; uint16_t processed_tm_len; + // Configure Parameters + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, + TM_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + // TM Tests + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + status = Crypto_Init(); + // Test frame setup char* framed_tm_h = "02C00000980006AABBCCDDEEFF000C08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA6e76"; char* framed_tm_b = NULL; @@ -203,14 +218,21 @@ UTEST(TM_PROCESS_SECURITY, SECONDARY_HDR_PRESENT_PLAINTEXT) **/ UTEST(TM_PROCESS_SECURITY, SECONDARY_HDR_PRESENT_MAC) { - // Setup & Initialize CryptoLib - Crypto_Init_TM_Unit_Test(); // Local Variables int32_t status = CRYPTO_LIB_SUCCESS; uint8_t* ptr_processed_frame = NULL; uint16_t processed_tm_len; SecurityAssociation_t *sa_ptr = NULL; + // Configure Parameters + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, + TM_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + // TM Tests + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + status = Crypto_Init(); + // Test frame setup char* framed_tm_h = "02C00000980006AABBCCDDEEFF000C08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA4d602e708cd244d1c3f6c4a333d1d22f808f"; char* framed_tm_b = NULL; @@ -233,7 +255,7 @@ UTEST(TM_PROCESS_SECURITY, SECONDARY_HDR_PRESENT_MAC) // Expose/setup SA for testing // Configure SA 12 - sadb_routine->sadb_get_sa_from_spi(12, &sa_ptr); + sa_if->sa_get_from_spi(12, &sa_ptr); sa_ptr->ast = 1; sa_ptr->est = 0; @@ -241,24 +263,20 @@ UTEST(TM_PROCESS_SECURITY, SECONDARY_HDR_PRESENT_MAC) sa_ptr->shivf_len = 0; sa_ptr->iv_len = 0; sa_ptr->shsnf_len = 0; - sa_ptr->arsn = 0; - sa_ptr->arsn_len = 0; - sa_ptr->arsn = NULL; sa_ptr->abm_len = 1786; - sa_ptr->abm = (uint8_t* )calloc(1, sa_ptr->abm_len * sizeof(uint8_t)); memset(sa_ptr->abm, 0xFF, (sa_ptr->abm_len * sizeof(uint8_t))); // Bitmask sa_ptr->stmacf_len = 16; sa_ptr->sa_state = SA_OPERATIONAL; - sa_ptr->ecs = calloc(1, sa_ptr->ecs_len * sizeof(uint8_t)); - *sa_ptr->ecs = CRYPTO_CIPHER_NONE; - sa_ptr->acs = calloc(1, sa_ptr->acs_len * sizeof(uint8_t)); - *sa_ptr->acs = CRYPTO_MAC_CMAC_AES256; + sa_ptr->ecs = CRYPTO_CIPHER_NONE; + sa_ptr->acs = CRYPTO_MAC_CMAC_AES256; + sa_ptr->ecs_len = 1; + sa_ptr->acs_len = 1; sa_ptr->ekid = 0; sa_ptr->akid = 136; // Determine managed parameters by GVCID, which nominally happens in TO - status = Crypto_Get_Managed_Parameters_For_Gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, - gvcid_managed_parameters, ¤t_managed_parameters); + //status = Crypto_Get_Managed_Parameters_For_Gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, + // gvcid_managed_parameters, ¤t_managed_parameters); status = Crypto_TM_ProcessSecurity((uint8_t* )framed_tm_b, framed_tm_len, &ptr_processed_frame, &processed_tm_len); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); // Now, byte by byte verify the static frame in memory is equivalent to what we started with @@ -287,13 +305,14 @@ UTEST(TM_PROCESS_SECURITY, AES_CMAC_256_TEST_0) // Setup & Initialize CryptoLib // Oddball setup that doesn't use TM_INIT to check FECF - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); // Test frame setup char* framed_tm_h = "02C000001800000C08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBe34e7c942ddf2738f17f77ec15309445a65f"; char* framed_tm_b = NULL; @@ -312,7 +331,7 @@ UTEST(TM_PROCESS_SECURITY, AES_CMAC_256_TEST_0) // Expose/setup SA for testing // Configure SA 12 - sadb_routine->sadb_get_sa_from_spi(12, &sa_ptr); + sa_if->sa_get_from_spi(12, &sa_ptr); sa_ptr->ast = 1; sa_ptr->est = 0; @@ -320,18 +339,14 @@ UTEST(TM_PROCESS_SECURITY, AES_CMAC_256_TEST_0) sa_ptr->shivf_len = 0; sa_ptr->iv_len = 0; sa_ptr->shsnf_len = 0; - sa_ptr->arsn = 0; - sa_ptr->arsn_len = 0; - sa_ptr->arsn = NULL; sa_ptr->abm_len = 1786; - sa_ptr->abm = (uint8_t* )calloc(1, sa_ptr->abm_len * sizeof(uint8_t)); memset(sa_ptr->abm, 0x00, (sa_ptr->abm_len * sizeof(uint8_t))); // Bitmask sa_ptr->stmacf_len = 16; sa_ptr->sa_state = SA_OPERATIONAL; - sa_ptr->ecs = calloc(1, sa_ptr->ecs_len * sizeof(uint8_t)); - *sa_ptr->ecs = CRYPTO_CIPHER_NONE; - sa_ptr->acs = calloc(1, sa_ptr->acs_len * sizeof(uint8_t)); - *sa_ptr->acs = CRYPTO_MAC_CMAC_AES256; + sa_ptr->ecs = CRYPTO_CIPHER_NONE; + sa_ptr->acs = CRYPTO_MAC_CMAC_AES256; + sa_ptr->ecs_len = 1; + sa_ptr->acs_len = 1; sa_ptr->ekid = 0; sa_ptr->akid = 136; @@ -344,7 +359,7 @@ UTEST(TM_PROCESS_SECURITY, AES_CMAC_256_TEST_0) status = Crypto_Get_Managed_Parameters_For_Gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, gvcid_managed_parameters, ¤t_managed_parameters); // Determine security association by GVCID, which nominally happens in TO - // status = sadb_routine->sadb_get_operational_sa_from_gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, map_id, &sa_ptr); + // status = sa_if->sa_get_operational_sa_from_gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, map_id, &sa_ptr); // Pass these references to ProcessSecurity to avoid duplications of call in real setup onboard // e.g. so TO doesn't make the call, and then it's doubled within ProcessSecurity @@ -383,13 +398,14 @@ UTEST(TM_PROCESS_SECURITY, AES_CMAC_256_TEST_1) // Setup & Initialize CryptoLib // Oddball setup that doesn't use TM_INIT to check FECF - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); // Test frame setup char* framed_tm_h = "02C000001800000C08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB8eae5e9d174659fc8edf9bf0505d66255ab5"; @@ -409,7 +425,7 @@ UTEST(TM_PROCESS_SECURITY, AES_CMAC_256_TEST_1) // Expose/setup SA for testing // Configure SA 12 - sadb_routine->sadb_get_sa_from_spi(12, &sa_ptr); + sa_if->sa_get_from_spi(12, &sa_ptr); sa_ptr->ast = 1; sa_ptr->est = 0; @@ -417,18 +433,15 @@ UTEST(TM_PROCESS_SECURITY, AES_CMAC_256_TEST_1) sa_ptr->shivf_len = 0; sa_ptr->iv_len = 0; sa_ptr->shsnf_len = 0; - sa_ptr->arsn = 0; sa_ptr->arsn_len = 0; - sa_ptr->arsn = NULL; sa_ptr->abm_len = 1786; - sa_ptr->abm = (uint8_t* )calloc(1, sa_ptr->abm_len * sizeof(uint8_t)); memset(sa_ptr->abm, 0xFF, (sa_ptr->abm_len * sizeof(uint8_t))); // Bitmask sa_ptr->stmacf_len = 16; sa_ptr->sa_state = SA_OPERATIONAL; - sa_ptr->ecs = calloc(1, sa_ptr->ecs_len * sizeof(uint8_t)); - *sa_ptr->ecs = CRYPTO_CIPHER_NONE; - sa_ptr->acs = calloc(1, sa_ptr->acs_len * sizeof(uint8_t)); - *sa_ptr->acs = CRYPTO_MAC_CMAC_AES256; + sa_ptr->ecs = CRYPTO_CIPHER_NONE; + sa_ptr->acs = CRYPTO_MAC_CMAC_AES256; + sa_ptr->ecs_len = 1; + sa_ptr->acs_len = 1; sa_ptr->ekid = 0; sa_ptr->akid = 136; @@ -441,7 +454,7 @@ UTEST(TM_PROCESS_SECURITY, AES_CMAC_256_TEST_1) status = Crypto_Get_Managed_Parameters_For_Gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, gvcid_managed_parameters, ¤t_managed_parameters); // Determine security association by GVCID, which nominally happens in TO - // status = sadb_routine->sadb_get_operational_sa_from_gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, map_id, &sa_ptr); + // status = sa_if->sa_get_operational_sa_from_gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, map_id, &sa_ptr); // Pass these references to ProcessSecurity to avoid duplications of call in real setup onboard // e.g. so TO doesn't make the call, and then it's doubled within ProcessSecurity @@ -479,13 +492,14 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_256_TEST_0) // Setup & Initialize CryptoLib // Oddball setup that doesn't use TM_INIT to check FECF - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); // Test frame setup char* framed_tm_h = "02C000001800000C08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBFD069AE4E9E97EB05BFE2F0A6EC6C56218ca"; char* framed_tm_b = NULL; @@ -504,7 +518,7 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_256_TEST_0) // Expose/setup SA for testing // Configure SA 12 - sadb_routine->sadb_get_sa_from_spi(12, &sa_ptr); + sa_if->sa_get_from_spi(12, &sa_ptr); sa_ptr->ast = 1; sa_ptr->est = 0; @@ -512,18 +526,15 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_256_TEST_0) sa_ptr->shivf_len = 0; sa_ptr->iv_len = 0; sa_ptr->shsnf_len = 0; - sa_ptr->arsn = 0; sa_ptr->arsn_len = 0; - sa_ptr->arsn = NULL; sa_ptr->abm_len = 1786; - sa_ptr->abm = (uint8_t* )calloc(1, sa_ptr->abm_len * sizeof(uint8_t)); memset(sa_ptr->abm, 0x00, (sa_ptr->abm_len * sizeof(uint8_t))); // Bitmask sa_ptr->stmacf_len = 16; sa_ptr->sa_state = SA_OPERATIONAL; - sa_ptr->ecs = calloc(1, sa_ptr->ecs_len * sizeof(uint8_t)); - *sa_ptr->ecs = CRYPTO_CIPHER_NONE; - sa_ptr->acs = calloc(1, sa_ptr->acs_len * sizeof(uint8_t)); - *sa_ptr->acs = CRYPTO_MAC_HMAC_SHA256; + sa_ptr->ecs = CRYPTO_CIPHER_NONE; + sa_ptr->acs = CRYPTO_MAC_HMAC_SHA256; + sa_ptr->ecs_len = 1; + sa_ptr->acs_len = 1; sa_ptr->ekid = 0; sa_ptr->akid = 136; @@ -536,7 +547,7 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_256_TEST_0) status = Crypto_Get_Managed_Parameters_For_Gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, gvcid_managed_parameters, ¤t_managed_parameters); // Determine security association by GVCID, which nominally happens in TO - // status = sadb_routine->sadb_get_operational_sa_from_gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, map_id, &sa_ptr); + // status = sa_if->sa_get_operational_sa_from_gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, map_id, &sa_ptr); // Pass these references to ProcessSecurity to avoid duplications of call in real setup onboard // e.g. so TO doesn't make the call, and then it's doubled within ProcessSecurity @@ -574,13 +585,14 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_256_TEST_1) // Setup & Initialize CryptoLib // Oddball setup that doesn't use TM_INIT to check FECF - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); + SaInterface sa_if = get_sa_interface_inmemory(); // Test frame setup char* framed_tm_h = "02C000001800000C08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBb304db34a34610486e88a0bdba4aa6cef3b2"; char* framed_tm_b = NULL; @@ -599,7 +611,7 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_256_TEST_1) // Expose/setup SA for testing // Configure SA 12 - sadb_routine->sadb_get_sa_from_spi(12, &sa_ptr); + sa_if->sa_get_from_spi(12, &sa_ptr); sa_ptr->ast = 1; sa_ptr->est = 0; @@ -607,18 +619,15 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_256_TEST_1) sa_ptr->shivf_len = 0; sa_ptr->iv_len = 0; sa_ptr->shsnf_len = 0; - sa_ptr->arsn = 0; sa_ptr->arsn_len = 0; - sa_ptr->arsn = NULL; sa_ptr->abm_len = 1786; - sa_ptr->abm = (uint8_t* )calloc(1, sa_ptr->abm_len * sizeof(uint8_t)); memset(sa_ptr->abm, 0xFF, (sa_ptr->abm_len * sizeof(uint8_t))); // Bitmask sa_ptr->stmacf_len = 16; sa_ptr->sa_state = SA_OPERATIONAL; - sa_ptr->ecs = calloc(1, sa_ptr->ecs_len * sizeof(uint8_t)); - *sa_ptr->ecs = CRYPTO_CIPHER_NONE; - sa_ptr->acs = calloc(1, sa_ptr->acs_len * sizeof(uint8_t)); - *sa_ptr->acs = CRYPTO_MAC_HMAC_SHA256; + sa_ptr->ecs = CRYPTO_CIPHER_NONE; + sa_ptr->acs = CRYPTO_MAC_HMAC_SHA256; + sa_ptr->ecs_len = 1; + sa_ptr->acs_len = 1; sa_ptr->ekid = 0; sa_ptr->akid = 136; @@ -631,7 +640,7 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_256_TEST_1) status = Crypto_Get_Managed_Parameters_For_Gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, gvcid_managed_parameters, ¤t_managed_parameters); // Determine security association by GVCID, which nominally happens in TO - // status = sadb_routine->sadb_get_operational_sa_from_gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, map_id, &sa_ptr); + // status = sa_if->sa_get_operational_sa_from_gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, map_id, &sa_ptr); // Pass these references to ProcessSecurity to avoid duplications of call in real setup onboard // e.g. so TO doesn't make the call, and then it's doubled within ProcessSecurity @@ -669,14 +678,15 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_512_TEST_0) // Setup & Initialize CryptoLib // Oddball setup that doesn't use TM_INIT to check FECF - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); - crypto_key_t* ek_ring = cryptography_if->get_ek_ring(); + SaInterface sa_if = get_sa_interface_inmemory(); + crypto_key_t* akp = NULL; // Test frame setup char* framed_tm_h = "02C000001800000C08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB554bac80d1fdcff21fd6996bf1d91327bff1"; char* framed_tm_b = NULL; @@ -695,7 +705,7 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_512_TEST_0) // Expose/setup SA for testing // Configure SA 12 - sadb_routine->sadb_get_sa_from_spi(12, &sa_ptr); + sa_if->sa_get_from_spi(12, &sa_ptr); sa_ptr->ast = 1; sa_ptr->est = 0; @@ -703,23 +713,21 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_512_TEST_0) sa_ptr->shivf_len = 0; sa_ptr->iv_len = 0; sa_ptr->shsnf_len = 0; - sa_ptr->arsn = 0; sa_ptr->arsn_len = 0; - sa_ptr->arsn = NULL; sa_ptr->abm_len = 1786; - sa_ptr->abm = (uint8_t* )calloc(1, sa_ptr->abm_len * sizeof(uint8_t)); memset(sa_ptr->abm, 0x00, (sa_ptr->abm_len * sizeof(uint8_t))); // Bitmask sa_ptr->stmacf_len = 16; sa_ptr->sa_state = SA_OPERATIONAL; - sa_ptr->ecs = calloc(1, sa_ptr->ecs_len * sizeof(uint8_t)); - *sa_ptr->ecs = CRYPTO_CIPHER_NONE; - sa_ptr->acs = calloc(1, sa_ptr->acs_len * sizeof(uint8_t)); - *sa_ptr->acs = CRYPTO_MAC_HMAC_SHA512; + sa_ptr->ecs = CRYPTO_CIPHER_NONE; + sa_ptr->acs = CRYPTO_MAC_HMAC_SHA512; + sa_ptr->ecs_len = 1; + sa_ptr->acs_len = 1; sa_ptr->ekid = 0; sa_ptr->akid = 136; // Update key length for SHA512 - ek_ring[sa_ptr->akid].key_len = 64; + akp = key_if->get_key(sa_ptr->akid); + akp->key_len = 64; // Bit math to give concise access to values already set in the static transfer frame tm_frame_pri_hdr.tfvn = ((uint8_t)framed_tm_b[0] & 0xC0) >> 6; @@ -730,7 +738,7 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_512_TEST_0) status = Crypto_Get_Managed_Parameters_For_Gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, gvcid_managed_parameters, ¤t_managed_parameters); // Determine security association by GVCID, which nominally happens in TO - // status = sadb_routine->sadb_get_operational_sa_from_gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, map_id, &sa_ptr); + // status = sa_if->sa_get_operational_sa_from_gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, map_id, &sa_ptr); // Pass these references to ProcessSecurity to avoid duplications of call in real setup onboard // e.g. so TO doesn't make the call, and then it's doubled within ProcessSecurity @@ -768,14 +776,15 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_512_TEST_1) // Setup & Initialize CryptoLib // Oddball setup that doesn't use TM_INIT to check FECF - Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); - Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); status = Crypto_Init(); - SadbRoutine sadb_routine = get_sadb_routine_inmemory(); - crypto_key_t* ek_ring = cryptography_if->get_ek_ring(); + SaInterface sa_if = get_sa_interface_inmemory(); + crypto_key_t* akp = NULL; // Test frame setup char* framed_tm_h = "02C000001800000C08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB9933b46131d0ff5f4b0ab4295ca3ae9df6c2"; char* framed_tm_b = NULL; @@ -794,7 +803,7 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_512_TEST_1) // Expose/setup SA for testing // Configure SA 12 - sadb_routine->sadb_get_sa_from_spi(12, &sa_ptr); + sa_if->sa_get_from_spi(12, &sa_ptr); sa_ptr->ast = 1; sa_ptr->est = 0; @@ -802,23 +811,21 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_512_TEST_1) sa_ptr->shivf_len = 0; sa_ptr->iv_len = 0; sa_ptr->shsnf_len = 0; - sa_ptr->arsn = 0; sa_ptr->arsn_len = 0; - sa_ptr->arsn = NULL; sa_ptr->abm_len = 1786; - sa_ptr->abm = (uint8_t* )calloc(1, sa_ptr->abm_len * sizeof(uint8_t)); memset(sa_ptr->abm, 0xFF, (sa_ptr->abm_len * sizeof(uint8_t))); // Bitmask sa_ptr->stmacf_len = 16; sa_ptr->sa_state = SA_OPERATIONAL; - sa_ptr->ecs = calloc(1, sa_ptr->ecs_len * sizeof(uint8_t)); - *sa_ptr->ecs = CRYPTO_CIPHER_NONE; - sa_ptr->acs = calloc(1, sa_ptr->acs_len * sizeof(uint8_t)); - *sa_ptr->acs = CRYPTO_MAC_HMAC_SHA512; + sa_ptr->ecs = CRYPTO_CIPHER_NONE; + sa_ptr->acs = CRYPTO_MAC_HMAC_SHA512; + sa_ptr->ecs_len = 1; + sa_ptr->acs_len = 1; sa_ptr->ekid = 0; sa_ptr->akid = 136; // Update key length for SHA512 - ek_ring[sa_ptr->akid].key_len = 64; + akp = key_if->get_key(sa_ptr->akid); + akp->key_len = 64; // Bit math to give concise access to values already set in the static transfer frame tm_frame_pri_hdr.tfvn = ((uint8_t)framed_tm_b[0] & 0xC0) >> 6; @@ -829,7 +836,7 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_512_TEST_1) status = Crypto_Get_Managed_Parameters_For_Gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, gvcid_managed_parameters, ¤t_managed_parameters); // Determine security association by GVCID, which nominally happens in TO - // status = sadb_routine->sadb_get_operational_sa_from_gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, map_id, &sa_ptr); + // status = sa_if->sa_get_operational_sa_from_gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, map_id, &sa_ptr); // Pass these references to ProcessSecurity to avoid duplications of call in real setup onboard // e.g. so TO doesn't make the call, and then it's doubled within ProcessSecurity @@ -854,4 +861,202 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_512_TEST_1) free(ptr_processed_frame); } +/** + * @brief Decryption Only: AES-GCM. 16-byte IV, as GCM requires. Verified with CyberChef + * https://gchq.github.io/CyberChef/#recipe=AES_Encrypt(%7B'option':'Hex','string':'FF9F9284CF599EAC3B119905A7D18851E7E374CF63AEA04358586B0F757670F9'%7D,%7B'option':'Hex','string':'deadbeefdeadbeefdeadbeefdeadbeef'%7D,'GCM','Hex','Hex',%7B'option':'Hex','string':''%7D)&input=QUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQg + **/ +UTEST(TM_PROCESS_ENC_VAL, AES_GCM_BITMASK_1) +{ + // Local Variables + int32_t status = CRYPTO_LIB_SUCCESS; + uint8_t* ptr_processed_frame = NULL; + uint16_t processed_tm_len; + // SecurityAssociation_t *sa_ptr = NULL; + + // Setup & Initialize CryptoLib + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, + TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Init(); + SaInterface sa_if = get_sa_interface_inmemory(); + + // Test frame setup Header |SPI| IV | Data + char* framed_tm_h = "02c0000018000009deadbeefdeadbeefdeadbeefdeadbeef0b355a29091cc09b6434ca743273c0a1f0529d44cedd32f09b9dbb45ab35c4b607c4783aaefe7068f6924f069e335dacbf11cb0aba3268b6e1f5b12d6a9ce5e26bf249125ce02cecd90f17f642a9ed8524e73cbca4a125d16a00babca86146b264f2e36d3f81a8645b8b8a66214c473efdbf6f8faa435c9dc3b839bde4fadea2d8a5c9edfd7e1db8b1ba6c1b10e20f82d98c3959104e826c5dc4f63228f5d3fda431adcb775a2300000113e3fee4b87f2f87550b66fa001494c23357a2f095f3593790f6bbbc6eddc301422a8ab70c51b20924c02d202da34523823c8e08b7973e6eb4ab7ba5f7a78dd5513c911bc5213087091629f3600856b9d4a756337f92dd3f853d442f1f0c9966eb7d5e7954f5963ad83382ee13b20f2866ae7393e54b81e25e7598da37959b9f195aa2a9c858c867ff84af8e079baffeeb19102b22800d42938819771eb622aac490bcedaa7ea2481b0547e687ccb95e26a2922166d7cab077ef0e06ec3bf07764de160c3c0db07a9f93d41ece84521ec0e82d9a3658b502850b19cac88e6b5d0c975f850616bd3f2a950b01a38f903108a1a12f38ede3b6833b7126e2af81b719147bcda0aee5bd60e90a8dd800ef5f967400773ee79334f08480b110dfabb2946826828aca98c16004d1d78c1c18c384a19a0afb73792abfdfc55dbe7b36496114b85c28c954d8ff6d661b92e5cd1541d5843e55cfa1f48f08423301012583a7f770c3d3c0ca1a54bafaece16e35c45423474de63d98e966a6a65abaa012798562f18fde35426bea7e75f06f3e2a2538ae992e6996f2fa48f8c2ca179ed76c0f817b47b64bba561f7502b672188200c360d709de7da7443abbfe5506604a6394d3dc7914e71df54efed8dcb264e07b8b7eb50015dd33a11354fa85fcda7b225b1a89ac68827946d1c94fe6e926fda7c4ee8cbf8dafb2bb2fc3900914f04dff504ccec0a45bd78784aa43d9aaa3eff8f72eac5c2e7fbdd9c78f49dad8624dc84329ca1753840284f4dab6102ebd1da47ed9a7e7cb055318d359a5ba9e55434740731ead208457ae94a169135fd02e99e68775f5f99550be0ff79ad2bafe7d4c08fab79d101273f3cae8c6e66585248779238705a1d1d4531347eb593edf7d55e85c91c633f6185782dcb3942ddc78be75ee20bd42ad42cac5440f5579c690d3a127c0962c4d6250dbafc2622b47d1ee505d3dba523592530d78644e2ac4b2e352d584c14191599df0eb1f8e78a20fcf3be1b76e6efa374a8a9f119ae92a707e056bcc5a4b9ad27739fc7cfca27e3ed0d33a0e724089930cf5a947e9eff24c4a3bf5147150d65f4a781723b4ffe230af61e25f5e1a7d74565a52411af43700a05ac1a3e778b7d85b1570895726f394a7345aeb634c4185ff6c2603efc4f00422163b37bd5ec98bd320139ec0e3b69563e9216c236f9516cf2305fc8cc7995e7813a9dc6ada3ab6d503368103eb349199345a449e636524dfc87ece09bb2a8c5323eca50875dec26d25eedff6e3908b9086ca182cc93300008623074f1ad52f1cfe6ef32a6bcf78ad4621cdcc5ff4e6282eed12c3939e28f66faa2b47ab4c0bed328a883995f8616ffa8ee3e66905e9719e7c980d2bcbe0744fc1795956c46adca32b9d3fce5c968b65794b9b10526821f82be34d7c76ce097e5973335015b99c1d8398d0b1d17353f221f9657f90e2bbbfa0f196664edb5b22f4d352e5b1bf3734d6a95678ad5d3a5cb3a76a8938ff2058a4e0297ae9a50df6b4231ea6319db77476aedd7dcbc091d018c89a66eb8e05b42b7e2ef76776b563d432bb3b51827e73212e68d693bbbea8922c5a184394dfd7ec296324f7d91dc4ba950a9edb25f29112b843d662cebc630ca24e4b93a31e7e0b644bafad2435167fa6f9195b3b23971effb4bdbd0f65af8ef2cd1146fc533b7c83cc83fe1540294de3e16154e8fca507b2fc0154677aca2d3718a76924b9e8585bf25f14729fce656b426704293ae6a8181e3929f1352304ef0ca7747fa2db0db7dcf32d2a5b0f68933acb58f32712ef50aefc28a1b7e4315e8b8bcdcacf230200bdc4f41b320969def240c21a259ee319e69711f2c44ed08d7be40e905078534906cb2ae09e653ae3e33ece1e056512798a9525883ad5eaafc394b0c788e57d21b7d076926dd6d583fe220814f4473e67245a3fe732de8bf814baff99d3aad1ca671269bd3f84560e98398aa9f6ba625e9bc516bb88a4fb2a7ec4b3017ac74362f58653b6b7a2226fcbd484a834fe5e8f4a7432fecf8974d57088c7955eee593bd806bb84b46dc2e75c2709c37468866df97e66f49bece821aa8997ec766d6e6529cf96c18a14435ee0ded2bde56d77b2091d4ca1346830edda23d114efe1596201d80fe213b8b7dffa79fc84a2a63c77ac9fae6cb1b8bb99521b43309915da6b28316e400f10fda0f1dbdd25761de798dc894009f391fd96d2471558a2c9656251af547a43"; + char* framed_tm_b = NULL; + int framed_tm_len = 0; + hex_conversion(framed_tm_h, &framed_tm_b, &framed_tm_len); + + // Truth frame setup + char* truth_tm_h = "02C000001800000000000000000000000000000000000000AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB0000"; + char* truth_tm_b = NULL; + int truth_tm_len = 0; + hex_conversion(truth_tm_h, &truth_tm_b, &truth_tm_len); + + + // Bit math to give concise access to values already set in the static transfer frame + tm_frame_pri_hdr.tfvn = ((uint8_t)framed_tm_b[0] & 0xC0) >> 6; + tm_frame_pri_hdr.scid = (((uint16_t)framed_tm_b[0] & 0x3F) << 4) | (((uint16_t)framed_tm_b[1] & 0xF0) >> 4); + tm_frame_pri_hdr.vcid = ((uint8_t)framed_tm_b[1] & 0x0E) >> 1; + + // Determine managed parameters by GVCID, which nominally happens in TO + status = Crypto_Get_Managed_Parameters_For_Gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, + gvcid_managed_parameters, ¤t_managed_parameters); + + // Expose/setup SAs for testing + SecurityAssociation_t ta; + SecurityAssociation_t* test_association = &ta; + // Deactivate SA 1 + sa_if->sa_get_from_spi(1, &test_association); + test_association->sa_state = SA_NONE; + // Activate SA 9 + sa_if->sa_get_from_spi(9, &test_association); + test_association->arsn_len = 0; + test_association->abm_len = 1786; + memset(test_association->abm, 0xFF, (test_association->abm_len * sizeof(uint8_t))); // Bitmask + test_association->sa_state = SA_OPERATIONAL; + test_association->ecs_len = 1; + test_association->ecs = CRYPTO_CIPHER_AES256_GCM; + test_association->acs_len = 1; + test_association->acs = CRYPTO_MAC_NONE; + test_association->iv_len = 16; + test_association->shivf_len = 16; + + // Set a more obvious IV for test purposes + char * iv_h = "DEADBEEFDEADBEEFDEADBEEFDEADBEEE"; + char* iv_b = NULL; + int iv_len = 0; + hex_conversion(iv_h, &iv_b, &iv_len); + memcpy(test_association->iv, iv_b, iv_len); + + status = Crypto_TM_ProcessSecurity((uint8_t* )framed_tm_b, framed_tm_len, &ptr_processed_frame, &processed_tm_len); + ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); + + printf("Decrypted frame contents:\n\t"); + for (int i = 0; i < 1786; i++) + { + printf("%02x", ptr_processed_frame[i]); + // ASSERT_EQ(ptr_processed_frame[i], (uint8_t)*(truth_tm_b + i)); + } + // printf("\n Truth Contents\n\t"); + + // for (int i = 0; i < 1786; i++) + // { + // // printf("[%d]: %02x -> %02x \n", i, tm_frame[i], truth_tm_b[i]); + // printf("%02x", (uint8_t)*(truth_tm_b+i)); + // // ASSERT_EQ(*(ptr_enc_frame + enc_data_idx), buffer_nist_ct_b[i]); + // // enc_data_idx++; + // } + // printf("\n"); + + printf("\nDoing final checks:\n\t"); + for (int i = 0; i < 1786; i++) + { + // printf("%02x", ptr_processed_frame[i]); + ASSERT_EQ(ptr_processed_frame[i], (uint8_t)*(truth_tm_b + i)); + } + + printf("\n\n"); + + free(truth_tm_b); + free(framed_tm_b); + free(iv_b); +} + +/** + * @brief AEAD Decryption! : AES-GCM. 16-byte IV, as GCM requires. Verified with CyberChef + * https://gchq.github.io/CyberChef/#recipe=AES_Encrypt(%7B'option':'Hex','string':'FF9F9284CF599EAC3B119905A7D18851E7E374CF63AEA04358586B0F757670F9'%7D,%7B'option':'Hex','string':'deadbeefdeadbeefdeadbeefdeadbeef'%7D,'GCM','Hex','Hex',%7B'option':'Hex','string':''%7D)&input=QUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQkFBQkJBQUJCQUFCQg + **/ +UTEST(TM_PROCESS_ENC_VAL, AEAD_AES_GCM_BITMASK_1) +{ + // Local Variables + int32_t status = CRYPTO_LIB_SUCCESS; + uint8_t* ptr_processed_frame = NULL; + uint16_t processed_tm_len; + // SecurityAssociation_t *sa_ptr = NULL; + + // Setup & Initialize CryptoLib + Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, + IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR, + TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE, + TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE); + Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002c, 0, TM_HAS_FECF, TM_SEGMENT_HDRS_NA, 1786, AOS_FHEC_NA, AOS_IZ_NA, 0); + Crypto_Init(); + SaInterface sa_if = get_sa_interface_inmemory(); + + // Test frame setup Header |SPI| IV | Data | MAC | FECF + char* framed_tm_h = "02c0000018000009deadbeefdeadbeefdeadbeefdeadbeef0b355a29091cc09b6434ca743273c0a1f0529d44cedd32f09b9dbb45ab35c4b607c4783aaefe7068f6924f069e335dacbf11cb0aba3268b6e1f5b12d6a9ce5e26bf249125ce02cecd90f17f642a9ed8524e73cbca4a125d16a00babca86146b264f2e36d3f81a8645b8b8a66214c473efdbf6f8faa435c9dc3b839bde4fadea2d8a5c9edfd7e1db8b1ba6c1b10e20f82d98c3959104e826c5dc4f63228f5d3fda431adcb775a2300000113e3fee4b87f2f87550b66fa001494c23357a2f095f3593790f6bbbc6eddc301422a8ab70c51b20924c02d202da34523823c8e08b7973e6eb4ab7ba5f7a78dd5513c911bc5213087091629f3600856b9d4a756337f92dd3f853d442f1f0c9966eb7d5e7954f5963ad83382ee13b20f2866ae7393e54b81e25e7598da37959b9f195aa2a9c858c867ff84af8e079baffeeb19102b22800d42938819771eb622aac490bcedaa7ea2481b0547e687ccb95e26a2922166d7cab077ef0e06ec3bf07764de160c3c0db07a9f93d41ece84521ec0e82d9a3658b502850b19cac88e6b5d0c975f850616bd3f2a950b01a38f903108a1a12f38ede3b6833b7126e2af81b719147bcda0aee5bd60e90a8dd800ef5f967400773ee79334f08480b110dfabb2946826828aca98c16004d1d78c1c18c384a19a0afb73792abfdfc55dbe7b36496114b85c28c954d8ff6d661b92e5cd1541d5843e55cfa1f48f08423301012583a7f770c3d3c0ca1a54bafaece16e35c45423474de63d98e966a6a65abaa012798562f18fde35426bea7e75f06f3e2a2538ae992e6996f2fa48f8c2ca179ed76c0f817b47b64bba561f7502b672188200c360d709de7da7443abbfe5506604a6394d3dc7914e71df54efed8dcb264e07b8b7eb50015dd33a11354fa85fcda7b225b1a89ac68827946d1c94fe6e926fda7c4ee8cbf8dafb2bb2fc3900914f04dff504ccec0a45bd78784aa43d9aaa3eff8f72eac5c2e7fbdd9c78f49dad8624dc84329ca1753840284f4dab6102ebd1da47ed9a7e7cb055318d359a5ba9e55434740731ead208457ae94a169135fd02e99e68775f5f99550be0ff79ad2bafe7d4c08fab79d101273f3cae8c6e66585248779238705a1d1d4531347eb593edf7d55e85c91c633f6185782dcb3942ddc78be75ee20bd42ad42cac5440f5579c690d3a127c0962c4d6250dbafc2622b47d1ee505d3dba523592530d78644e2ac4b2e352d584c14191599df0eb1f8e78a20fcf3be1b76e6efa374a8a9f119ae92a707e056bcc5a4b9ad27739fc7cfca27e3ed0d33a0e724089930cf5a947e9eff24c4a3bf5147150d65f4a781723b4ffe230af61e25f5e1a7d74565a52411af43700a05ac1a3e778b7d85b1570895726f394a7345aeb634c4185ff6c2603efc4f00422163b37bd5ec98bd320139ec0e3b69563e9216c236f9516cf2305fc8cc7995e7813a9dc6ada3ab6d503368103eb349199345a449e636524dfc87ece09bb2a8c5323eca50875dec26d25eedff6e3908b9086ca182cc93300008623074f1ad52f1cfe6ef32a6bcf78ad4621cdcc5ff4e6282eed12c3939e28f66faa2b47ab4c0bed328a883995f8616ffa8ee3e66905e9719e7c980d2bcbe0744fc1795956c46adca32b9d3fce5c968b65794b9b10526821f82be34d7c76ce097e5973335015b99c1d8398d0b1d17353f221f9657f90e2bbbfa0f196664edb5b22f4d352e5b1bf3734d6a95678ad5d3a5cb3a76a8938ff2058a4e0297ae9a50df6b4231ea6319db77476aedd7dcbc091d018c89a66eb8e05b42b7e2ef76776b563d432bb3b51827e73212e68d693bbbea8922c5a184394dfd7ec296324f7d91dc4ba950a9edb25f29112b843d662cebc630ca24e4b93a31e7e0b644bafad2435167fa6f9195b3b23971effb4bdbd0f65af8ef2cd1146fc533b7c83cc83fe1540294de3e16154e8fca507b2fc0154677aca2d3718a76924b9e8585bf25f14729fce656b426704293ae6a8181e3929f1352304ef0ca7747fa2db0db7dcf32d2a5b0f68933acb58f32712ef50aefc28a1b7e4315e8b8bcdcacf230200bdc4f41b320969def240c21a259ee319e69711f2c44ed08d7be40e905078534906cb2ae09e653ae3e33ece1e056512798a9525883ad5eaafc394b0c788e57d21b7d076926dd6d583fe220814f4473e67245a3fe732de8bf814baff99d3aad1ca671269bd3f84560e98398aa9f6ba625e9bc516bb88a4fb2a7ec4b3017ac74362f58653b6b7a2226fcbd484a834fe5e8f4a7432fecf8974d57088c7955eee593bd806bb84b46dc2e75c2709c37468866df97e66f49bece821aa8997ec766d6e6529cf96c18a14435ee0ded2bde56d77b2091d4ca1346830edda23d114efe1596201d80fe213b8b7dffa79fc84a2a63c77ac9fae6cb1b8bb99521b43309915da6b28316e400f10fda0f1dbdd25761de798dc894020d24577ede4a947914fd2647400f38d9a92"; + char* framed_tm_b = NULL; + int framed_tm_len = 0; + hex_conversion(framed_tm_h, &framed_tm_b, &framed_tm_len); + + // Truth frame setup + char* truth_tm_h = "02C000001800000000000000000000000000000000000000AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB000000000000000000000000000000000000"; + char* truth_tm_b = NULL; + int truth_tm_len = 0; + hex_conversion(truth_tm_h, &truth_tm_b, &truth_tm_len); + + + // Bit math to give concise access to values already set in the static transfer frame + tm_frame_pri_hdr.tfvn = ((uint8_t)framed_tm_b[0] & 0xC0) >> 6; + tm_frame_pri_hdr.scid = (((uint16_t)framed_tm_b[0] & 0x3F) << 4) | (((uint16_t)framed_tm_b[1] & 0xF0) >> 4); + tm_frame_pri_hdr.vcid = ((uint8_t)framed_tm_b[1] & 0x0E) >> 1; + + // Determine managed parameters by GVCID, which nominally happens in TO + status = Crypto_Get_Managed_Parameters_For_Gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid, + gvcid_managed_parameters, ¤t_managed_parameters); + + // Expose/setup SAs for testing + SecurityAssociation_t ta; + SecurityAssociation_t* test_association = &ta; + // Deactivate SA 1 + sa_if->sa_get_from_spi(1, &test_association); + test_association->sa_state = SA_NONE; + // Activate SA 9 + sa_if->sa_get_from_spi(9, &test_association); + test_association->arsn_len = 0; + test_association->abm_len = 1786; + memset(test_association->abm, 0xFF, (test_association->abm_len * sizeof(uint8_t))); // Bitmask + test_association->sa_state = SA_OPERATIONAL; + test_association->ast = 1; + test_association->est = 1; + test_association->ecs_len = 1; + test_association->ecs = CRYPTO_CIPHER_AES256_GCM; + test_association->acs_len = 1; + test_association->acs = CRYPTO_MAC_NONE; + test_association->iv_len = 16; + test_association->shivf_len = 16; + test_association->stmacf_len = 16; + + // Set a more obvious IV for test purposes + char * iv_h = "DEADBEEFDEADBEEFDEADBEEFDEADBEEE"; + char* iv_b = NULL; + int iv_len = 0; + hex_conversion(iv_h, &iv_b, &iv_len); + memcpy(test_association->iv, iv_b, iv_len); + + status = Crypto_TM_ProcessSecurity((uint8_t* )framed_tm_b, framed_tm_len, &ptr_processed_frame, &processed_tm_len); + ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); + + printf("Decrypted frame contents:\n\t"); + for (int i = 0; i < 1786; i++) + { + printf("%02x", ptr_processed_frame[i]); + } + + printf("\nDoing final checks:\n\t"); + for (int i = 0; i < 1786; i++) + { + // printf("%02x", ptr_processed_frame[i]); + ASSERT_EQ(ptr_processed_frame[i], (uint8_t)*(truth_tm_b + i)); + } + + printf("\n\n"); + + free(truth_tm_b); + free(framed_tm_b); + free(iv_b); +} + UTEST_MAIN(); \ No newline at end of file diff --git a/util/CMakeLists.txt b/util/CMakeLists.txt deleted file mode 100644 index 80df1ef9..00000000 --- a/util/CMakeLists.txt +++ /dev/null @@ -1,136 +0,0 @@ -# Copyright (C) 2009 - 2022 National Aeronautics and Space Administration. -# All Foreign Rights are Reserved to the U.S. Government. -# -# This software is provided "as is" without any warranty of any kind, either expressed, implied, or statutory, -# including, but not limited to, any warranty that the software will conform to specifications, any implied warranties -# of merchantability, fitness for a particular purpose, and freedom from infringement, and any warranty that the -# documentation will conform to the program, or any warranty that the software will be error free. -# -# In no event shall NASA be liable for any damages, including, but not limited to direct, indirect, special or -# consequential damages, arising out of, resulting from, or in any way connected with the software or its -# documentation, whether or not based upon warranty, contract, tort or otherwise, and whether or not loss was sustained -# from, or arose out of the results of, or use of, the software, documentation or services provided hereunder. -# -# ITC Team -# NASA IV&V -# jstar-development-team@mail.nasa.gov - -include_directories(include) -include_directories(../include) - -if(${ENCTEST}) - find_package (Python3 REQUIRED COMPONENTS Interpreter Development) - execute_process(COMMAND pip3 show pycryptodome RESULT_VARIABLE EXIT_CODE OUTPUT_QUIET) - if(NOT ${EXIT_CODE} EQUAL 0) - message(FATAL_ERROR "The \"pycryptodome\" Python3 package is not installed, and is required for ENCTEST.") - endif() -endif(${ENCTEST}) - -aux_source_directory(core UTIL_SRC_FILES) -aux_source_directory(src_util APP_SRC_FILES) - -find_package(Threads REQUIRED) - -file( GLOB SOURCE_FILES src_util/*.c ) -foreach(SOURCE_PATH ${SOURCE_FILES}) - get_filename_component(EXECUTABLE_NAME ${SOURCE_PATH} NAME_WE) - - if((NOT ${ENCTEST}) AND ${EXECUTABLE_NAME} STREQUAL et_dt_validation) - continue() - elseif(((NOT ${KMC_MDB_DB}) AND ${EXECUTABLE_NAME} STREQUAL ut_tc_kmc) - AND ((NOT ${KMC_MDB_RH}) AND ${EXECUTABLE_NAME} STREQUAL ut_tc_kmc)) - continue() - - elseif(((NOT ${KMC_MDB_DB}) AND ${EXECUTABLE_NAME} STREQUAL ut_sadb_err_cases_kmc_crypto) - AND ((NOT ${KMC_MDB_RH}) AND ${EXECUTABLE_NAME} STREQUAL ut_sadb_err_cases_kmc_crypto)) - continue() - - elseif(((NOT ${KMC_MDB_DB}) AND ${EXECUTABLE_NAME} STREQUAL ut_mysql_tls_connection) - AND ((NOT ${KMC_MDB_RH}) AND ${EXECUTABLE_NAME} STREQUAL ut_mysql_tls_connection)) - continue() - # Disabling for now, all connections on Github are MTLS (tested with the above) - elseif(((${KMC_MDB_DB}) AND ${EXECUTABLE_NAME} STREQUAL ut_mysql_m_tls_connection) - OR ((${KMC_MDB_RH}) AND ${EXECUTABLE_NAME} STREQUAL ut_mysql_m_tls_connection)) - continue() - - elseif(((NOT ${KMC_MDB_DB}) AND ${EXECUTABLE_NAME} STREQUAL ut_mariadb) - AND ((NOT ${KMC_MDB_RH}) AND ${EXECUTABLE_NAME} STREQUAL ut_mariadb)) - continue() - - elseif(((NOT ${KMC_MDB_DB}) AND ${EXECUTABLE_NAME} STREQUAL ut_kmc_crypto) - AND ((NOT ${KMC_MDB_RH}) AND ${EXECUTABLE_NAME} STREQUAL ut_kmc_crypto)) - continue() - - elseif(((NOT ${KMC_MDB_DB}) AND ${EXECUTABLE_NAME} STREQUAL ut_kmc_crypto_with_mtls_sadb) - AND ((NOT ${KMC_MDB_RH}) AND ${EXECUTABLE_NAME} STREQUAL ut_kmc_crypto_with_mtls_sadb)) - continue() - - #elseif(((NOT ${KMC_MDB_DB}) AND ${EXECUTABLE_NAME} STREQUAL ut_kmc_crypto_cam) - # AND ((NOT ${KMC_MDB_RH}) AND ${EXECUTABLE_NAME} STREQUAL ut_kmc_crypto_cam)) - # continue() - # Disabling this test for now. Delete later to re-enable. - elseif(((${KMC_MDB_DB}) AND ${EXECUTABLE_NAME} STREQUAL ut_kmc_crypto_cam) - OR ((${KMC_MDB_RH}) AND ${EXECUTABLE_NAME} STREQUAL ut_kmc_crypto_cam)) - continue() - - elseif(((NOT ${KMC_MDB_DB}) AND ${EXECUTABLE_NAME} STREQUAL ut_kmc_crypto_auth_only) - AND ((NOT ${KMC_MDB_RH}) AND ${EXECUTABLE_NAME} STREQUAL ut_kmc_crypto_auth_only)) - continue() - - else() - add_executable(${EXECUTABLE_NAME} ${SOURCE_PATH}) - target_sources(${EXECUTABLE_NAME} PRIVATE core/shared_util.c) - target_link_libraries(${EXECUTABLE_NAME} LINK_PUBLIC Crypto) - endif() - - if(${ENCTEST} AND ${EXECUTABLE_NAME} STREQUAL et_dt_validation) - target_link_libraries(${EXECUTABLE_NAME} PUBLIC ${Python3_LIBRARIES}) - target_include_directories(${EXECUTABLE_NAME} PUBLIC ${Python3_INCLUDE_DIRS}) - find_library(${Python3_LIBRARIES} pycryptodome) - - endif() - - add_custom_command(TARGET ${EXECUTABLE_NAME} POST_BUILD - COMMAND ${CMAKE_COMMAND} -E copy $ ${PROJECT_BINARY_DIR}/bin/${EXECUTABLE_NAME} - COMMAND ${CMAKE_COMMAND} -E remove $ - COMMENT "Created ${PROJECT_BINARY_DIR}/bin/${EXECUTABLE_NAME}" - ) -endforeach(SOURCE_PATH ${SOURCE_FILES}) - -target_include_directories (Crypto PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}) - -set(OBJECT_DIR ${PROJECT_BINARY_DIR}/src/CMakeFiles/Crypto.dir/src_main) - -if(${CODECOV}) - # Create the gcov target. Run coverage tests with 'make gcov' - add_custom_target(gcov - COMMAND mkdir -p coverage - COMMAND ${CMAKE_MAKE_PROGRAM} test - WORKING_DIRECTORY ${PROJECT_BINARY_DIR} - ) - add_custom_command(TARGET gcov - COMMAND echo "=================== GCOV ====================" - #COMMAND gcov -b -o ${OBJECT_DIR} crypto_aos.c.gnco crypto_config.c.gnco crypto_key_mgmt.c.gnco crypto_mc.c.gnco crypto_print.c.gnco crypto_tc.c.gnco crypto_tm.c.gnco crypto_user.c.gnco crypto.c.gnco sadb_routine_inmemory.template.c.gnco sadb_routine.c.gnco - COMMAND gcov -b -o ${OBJECT_DIR} crypto_aos.c.gnco crypto_config.c.gnco crypto_key_mgmt.c.gnco crypto_mc.c.gnco crypto_tc.c.gnco crypto_tm.c.gnco crypto_user.c.gnco crypto.c.gnco sadb_routine_inmemory.template.c.gnco - # | grep -A 5 "Adder.cpp" > CoverageSummary.tmp - #COMMAND cat CoverageSummary.tmp - #COMMAND echo "-- Coverage files have been output to ${PROJECT_BINARY_DIR}/coverage" - COMMAND lcov -c --directory ${OBJECT_DIR} --output-file ${PROJECT_BINARY_DIR}/coverage/results.info - COMMAND genhtml ${PROJECT_BINARY_DIR}/coverage/results.info --output-directory ${PROJECT_BINARY_DIR}/coverage/results - WORKING_DIRECTORY ${PROJECT_BINARY_DIR}/coverage - ) - add_dependencies(gcov ut_tc_apply) - # Make sure to clean up the coverage folder - set_property(DIRECTORY APPEND PROPERTY ADDITIONAL_MAKE_CLEAN_FILES coverage) - - - - # Create the gcov-clean target. This cleans the build as well as generated - # .gcda and .gcno files. - add_custom_target(scrub - COMMAND ${CMAKE_MAKE_PROGRAM} clean - COMMAND rm -f ${OBJECT_DIR}/*.gcno - COMMAND rm -f ${OBJECT_DIR}/*.gcda - WORKING_DIRECTORY ${PROJECT_BINARY_DIR} - ) -endif(${CODECOV})