Merge Dev into Main for KMC 1.1 release

.github/workflows/build.yml

@@ -2,7 +2,7 @@ name: Build
 
 on: 
   push:
-    branches: [ collab_main ]
+    branches: [ main, dev ]
   pull_request:
 
 jobs:
@@ -15,6 +15,9 @@ jobs:
     steps:
     - uses: actions/checkout@v2
 
+    - name: Update
+      run: sudo apt-get update
+
     - name: Install Dependencies
       run: sudo apt-get install -y libgpg-error-dev libgcrypt20-dev libmariadb-dev libmariadb-dev-compat
 
@@ -37,6 +40,9 @@ jobs:
     steps:
     - uses: actions/checkout@v2
 
+    - name: Update
+      run: sudo apt-get update
+
     - name: Install Dependencies
       run: sudo apt-get install -y libgpg-error-dev libgcrypt20-dev libmariadb-dev libmariadb-dev-compat libcurl4-openssl-dev
 
@@ -60,6 +66,9 @@ jobs:
     steps:
     - uses: actions/checkout@v2
 
+    - name: Update
+      run: sudo apt-get update
+
     - name: Install Dependencies
       run: sudo apt-get install -y libgpg-error-dev libgcrypt20-dev libmariadb-dev libmariadb-dev-compat libcurl4-openssl-dev
 
@@ -83,6 +92,9 @@ jobs:
     steps:
     - uses: actions/checkout@v2
 
+    - name: Update
+      run: sudo apt-get update
+
     - name: Install Dependencies
       run: sudo apt-get install -y libgpg-error-dev libgcrypt20-dev libmariadb-dev libmariadb-dev-compat libcurl4-openssl-dev
 
@@ -106,6 +118,9 @@ jobs:
     steps:
     - uses: actions/checkout@v2
 
+    - name: Update
+      run: sudo apt-get update
+
     - name: Install Dependencies
       run: sudo apt-get install -y libgpg-error-dev libgcrypt20-dev libmariadb-dev libmariadb-dev-compat libcurl4-openssl-dev
 
@@ -129,6 +144,9 @@ jobs:
     steps:
     - uses: actions/checkout@v2
 
+    - name: Update
+      run: sudo apt-get update
+
     - name: Install Dependencies
       run: sudo apt-get install -y libgpg-error-dev libgcrypt20-dev libmariadb-dev libmariadb-dev-compat libcurl4-openssl-dev
 

.github/workflows/mariadb.yml

@@ -0,0 +1,41 @@
+name: MDB Build
+
+on: 
+  push:
+    branches: [ main,dev ]
+  pull_request:
+
+jobs:
+  mariadb_build:
+    # The CMake configure and build commands are platform agnostic and should work equally well on Windows or Mac.
+    # You can convert this to a matrix build if you need cross-platform coverage.
+    # See: https://docs.github.com/en/free-pro-team@latest/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix
+    runs-on: ubuntu-latest
+    container: rbrown00/cryptolib:latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Configure CMake
+        # Configure CMake in a 'build' subdirectory. `CMAKE_BUILD_TYPE` is only required if you are using a single-configuration generator such as make.
+        # See https://cmake.org/cmake/help/latest/variable/CMAKE_BUILD_TYPE.html?highlight=cmake_build_type
+        run: cmake -B ${{github.workspace}}/build -DDEBUG=1 -DMYSQL=1 -DLIBGCRYPT=1 -DKMCCRYPTO=0
+
+      - name: Build
+        # Build your program with the given configuration
+        run: cmake --build ${{github.workspace}}/build 
+
+      - name: Initailize SADB
+        working-directory: ${{github.workspace}}/build
+        #Maybe create a variable for this SQL location
+        run: |
+          cd /__w/CryptoLib/CryptoLib/src/crypto_sadb/sadb_mariadb_sql
+          echo "----------------"
+          /etc/init.d/mysql start
+          mysql --host=localhost -uroot -pitc123! < delete_sadb.sql
+          mysql --host=localhost -uroot -pitc123! < create_sadb.sql
+          cd /__w/CryptoLib/CryptoLib/src/crypto_sadb/test_sadb_mariadb_sql
+          mysql --host=localhost -uroot -pitc123! < create_sadb_unit_test_user_grant_permissions.sql
+          mysql --host=localhost -uroot -pitc123! < create_sadb_jpl_unit_test_security_associations.sql
+          cd /__w/CryptoLib/CryptoLib/build/bin
+          ./ut_mariadb
+
+    # mysql --host=localhost -uroot -pitc123! < create_sadb_unit_test_security_associations.sql

.github/workflows/utest.yml

@@ -2,7 +2,7 @@ name: Unit Tests
 
 on: 
   push:
-    branches: [ collab_main ]
+    branches: [ main, dev ]
   pull_request:
 
 env:
@@ -19,6 +19,9 @@ jobs:
     steps:
     - uses: actions/checkout@v2
 
+    - name: Update
+      run: sudo apt-get update
+
     - name: Install Dependencies
       run: sudo apt-get install -y libgpg-error-dev libgcrypt20-dev
 

.github/workflows/validation.yml

@@ -2,7 +2,7 @@ name: Validation Tests
 
 on: 
   push:
-    branches: [ collab_main ]
+    branches: [ main, dev]
   pull_request:
 
 env:
@@ -19,6 +19,9 @@ jobs:
     steps:
     - uses: actions/checkout@v2
 
+    - name: Update
+      run: sudo apt-get update
+
     - name: Install Dependencies
       run: sudo apt-get install -y libgpg-error-dev libgcrypt20-dev python3 lcov
 

.gitignore

@@ -24,3 +24,5 @@ cmake-build-debug
 _deps
 
 DartConfiguration.tcl
+
+install

CMakeLists.txt

@@ -20,14 +20,26 @@
 cmake_minimum_required(VERSION 3.14.0)
 project(CRYPTO C)
 
-set(CMAKE_INSTALL_RPATH "$ORIGIN/../lib")
 
 OPTION(DEBUG "Debug" OFF) # Disabled by default, enable with: -DDEBUG=ON
 OPTION(MYSQL "Mysql" OFF) # Disabled by default, enable with: -DMYSQL=ON
 OPTION(LIBGCRYPT "Libgcrypt" ON) # Enabled by default, disable with: -DLIBGCRYPT=OFF
 OPTION(KMCCRYPTO "KmcCrypto" OFF) # Disabled by default, enable with: -DKMCCRYPTO=ON
 OPTION(ENCTEST "Encryption-Tests" OFF) # Disabled by default, enable with: -DENCTEST=ON
 OPTION(CODECOV "Code-Coverage" OFF) # Disabled by default, enable with: -DCODECOV=ON
+OPTION(SYSTEM_INSTALL "SystemInstall" OFF) #Disabled by default, enable with: -DSYSTEM_INSTALL=ON
+
+set(CMAKE_INSTALL_RPATH "$ORIGIN/../lib")
+set(CMAKE_INSTALL_PREFIX ${PROJECT_SOURCE_DIR}/install)
+
+IF(CRYPTO_SUBMODULE_INSTALL) #If building CryptoLib as a submodule of another build system (EG, JPL KMC, Nasa NOS3, etc...)
+    set(CMAKE_INSTALL_PREFIX ${CRYPTO_SUBMODULE_INSTALL})
+ENDIF()
+
+IF(SYSTEM_INSTALL)
+    set(CMAKE_INSTALL_PREFIX /usr/local)
+ENDIF()
+
 
 IF(DEBUG)
     ADD_DEFINITIONS(-DDEBUG -DOCF_DEBUG -DFECF_DEBUG -DSA_DEBUG -DPDU_DEBUG -DCCSDS_DEBUG -DTC_DEBUG -DMAC_DEBUG -DTM_DEBUG)

README.md

@@ -1,4 +1,4 @@
-![Build](https://github.com/nasa/CryptoLib/actions/workflows/build.yml/badge.svg) ![Unit Tests](https://github.com/nasa/CryptoLib/actions/workflows/utest.yml/badge.svg) ![Validation Tests](https://github.com/nasa/CryptoLib/actions/workflows/validation.yml/badge.svg) [![CodeCov](https://codecov.io/gh/nasa/CryptoLib/branch/collab_main/graph/badge.svg?token=KCOMCQO0ZU)](https://codecov.io/gh/nasa/CryptoLib)
+![Build](https://github.com/nasa/CryptoLib/actions/workflows/build.yml/badge.svg) ![Unit Tests](https://github.com/nasa/CryptoLib/actions/workflows/utest.yml/badge.svg) ![Validation Tests](https://github.com/nasa/CryptoLib/actions/workflows/validation.yml/badge.svg) ![MariaDB Tests](https://github.com/nasa/CryptoLib/actions/workflows/mariadb.yml/badge.svg) [![CodeCov](https://codecov.io/gh/nasa/CryptoLib/branch/collab_main/graph/badge.svg?token=KCOMCQO0ZU)](https://codecov.io/gh/nasa/CryptoLib)
 
 # CryptoLib
 

include/crypto.h

@@ -54,7 +54,7 @@
 // Crypto Library Configuration functions
 extern int32_t Crypto_Config_CryptoLib(uint8_t sadb_type, uint8_t cryptography_type, uint8_t crypto_create_fecf, uint8_t process_sdls_pdus,
                                        uint8_t has_pus_hdr, uint8_t ignore_sa_state, uint8_t ignore_anti_replay,
-                                       uint8_t unique_sa_per_mapid, uint8_t crypto_check_fecf, uint8_t vcid_bitmask);
+                                       uint8_t unique_sa_per_mapid, uint8_t crypto_check_fecf, uint8_t vcid_bitmask, uint8_t crypto_increment_nontransmitted_iv);
 extern int32_t Crypto_Config_MariaDB(char* mysql_hostname, char* mysql_database, uint16_t mysql_port,
                                      uint8_t mysql_require_secure_transport, uint8_t mysql_tls_verify_server,
                                      char* mysql_tls_ca, char* mysql_tls_capath, char* mysql_mtls_cert,
@@ -66,7 +66,7 @@ extern int32_t Crypto_Config_Kmc_Crypto_Service(char* protocol, char* kmc_crypto
                                                 char* mtls_client_cert_type, char* mtls_client_key_path,
                                                 char* mtls_client_key_pass, char* mtls_issuer_cert);
 extern int32_t Crypto_Config_Add_Gvcid_Managed_Parameter(uint8_t tfvn, uint16_t scid, uint8_t vcid, uint8_t has_fecf,
-                                                         uint8_t has_segmentation_hdr);
+                                                         uint8_t has_segmentation_hdr, uint16_t max_tc_frame_size);
 
 // Initialization
 extern int32_t Crypto_Init(void); // Initialize CryptoLib After Configuration Calls
@@ -110,6 +110,9 @@ int32_t Crypto_window(uint8_t* actual, uint8_t* expected, int length, int window
 uint16_t Crypto_Calc_FECF(uint8_t* ingest, int len_ingest);
 void Crypto_Calc_CRC_Init_Table(void);
 uint16_t Crypto_Calc_CRC16(uint8_t* data, int size);
+int32_t Crypto_Check_Anti_Replay(SecurityAssociation_t *sa_ptr, uint8_t *arsn, uint8_t *iv);
+int32_t Crypto_Get_ECS_Algo_Keylen(uint8_t algo);
+int32_t Crypto_Get_ACS_Algo_Keylen(uint8_t algo);
 
 // Key Management Functions
 int32_t Crypto_Key_OTAR(void);
@@ -146,6 +149,7 @@ int32_t Crypto_Get_Managed_Parameters_For_Gvcid(uint8_t tfvn, uint16_t scid, uin
                                                        GvcidManagedParameters_t** managed_parameters_out);
 int32_t crypto_config_add_gvcid_managed_parameter_recursion(uint8_t tfvn, uint16_t scid, uint8_t vcid,
                                                                    uint8_t has_fecf, uint8_t has_segmentation_hdr,
+                                                                   uint16_t max_tc_frame_size,
                                                                    GvcidManagedParameters_t* managed_parameter);
 void Crypto_Free_Managed_Parameters(GvcidManagedParameters_t* managed_parameters);
 

include/crypto_config.h

@@ -84,8 +84,8 @@
 #define SA_DELETE 0
 // SA Additional Directives
 #define SA_STATUS 8
-#define SA_SETARC 9
-#define SA_SETARCW 10
+#define SA_SETARSN 9
+#define SA_SETARSNW 10
 
 // Key State Defines
 #define KEY_PREACTIVE 0
@@ -103,21 +103,21 @@
 // Generic Defines
 #define NUM_SA 64
 #define SPI_LEN 2 /* bytes */
-#define KEY_SIZE 32
+#define KEY_SIZE 512 /* bytes */
 #define KEY_ID_SIZE 8
 #define NUM_KEYS 256
 #define DISABLED 0
 #define ENABLED 1
 #define IV_SIZE 16   /* TM IV size bytes */
 #define IV_SIZE_TC 4 /* TC IV size bytes */
 #define OCF_SIZE 4
-#define MAC_SIZE 16 /* bytes */
+#define MAC_SIZE 16 /* bytes */ /* Deprecated, todo - remove throughout & use SA mac field specification */
 #define FECF_SIZE 2
 #define SEGMENT_HDR_SIZE 1
 #define ECS_SIZE 4    /* bytes */
 #define ABM_SIZE 1024 // 20      /* bytes */
-#define ARC_SIZE 20   /* total messages */
-#define ARCW_SIZE 1   /* bytes */
+#define ARSN_SIZE 20   /* total messages */
+#define ARSNW_SIZE 1   /* bytes */
 #define SN_SIZE 0
 #define CHALLENGE_SIZE 16     /* bytes */
 #define CHALLENGE_MAC_SIZE 16 /* bytes */
@@ -160,7 +160,7 @@
 
 // TC Defines
 #define TC_SH_SIZE 8 /* bits */
-#define TC_SN_SIZE 0
+#define TC_SN_SIZE 2
 #define TC_SN_WINDOW 10 /* +/- value */
 #define TC_PAD_SIZE 0
 #define TC_FRAME_DATA_SIZE 1740 /* bytes */

include/crypto_config_structs.h

@@ -83,20 +83,26 @@ typedef enum
     TC_CHECK_FECF_FALSE,
     TC_CHECK_FECF_TRUE
 } TcCheckFecfBool;
+typedef enum
+{
+    SA_INCREMENT_NONTRANSMITTED_IV_FALSE,
+    SA_INCREMENT_NONTRANSMITTED_IV_TRUE
+} SaIncrementNonTransmittedIvPortion;
 
 /*
 **  Used for selecting supported algorithms
 */
 typedef enum
 {
-    CRYPTO_ACS_NONE,
-    CRYPTO_AES256_CMAC,
-    CRYPTO_AES256_GMAC
+    CRYPTO_MAC_NONE,
+    CRYPTO_MAC_CMAC_AES256,
+    CRYPTO_MAC_HMAC_SHA256,
+    CRYPTO_MAC_HMAC_SHA512
 } AuthCipherSuite;
 typedef enum
 {
-    CRYPTO_ECS_NONE,
-    CRYPTO_AES256_GCM
+    CRYPTO_CIPHER_NONE,
+    CRYPTO_CIPHER_AES256_GCM
 } EncCipherSuite;
 
 /*
@@ -115,6 +121,7 @@ typedef struct
     TcUniqueSaPerMapId unique_sa_per_mapid;
     TcCheckFecfBool crypto_check_fecf;
     uint8_t vcid_bitmask;
+    uint8_t crypto_increment_nontransmitted_iv; // Whether or not CryptoLib increments the non-transmitted portion of the IV field
 } CryptoConfig_t;
 #define CRYPTO_CONFIG_SIZE (sizeof(CryptoConfig_t))
 
@@ -126,6 +133,7 @@ struct _GvcidManagedParameters_t
     uint8_t vcid : 6;   // Virtual Channel ID
     TcFecfPresent has_fecf;
     TcSegmentHdrsPresent has_segmentation_hdr;
+    uint16_t max_tc_frame_size; // Maximum TC Frame Length with headers
     GvcidManagedParameters_t* next; // Will be a list of managed parameters!
 };
 #define GVCID_MANAGED_PARAMETERS_SIZE (sizeof(GvcidManagedParameters_t))

include/crypto_error.h

@@ -45,7 +45,9 @@
 #define CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_AUTHENTICATION_ERROR 509
 #define CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_MAC_VALIDATION_ERROR 510
 #define CRYPTOGRAHPY_KMC_ICV_NOT_FOUND_IN_JSON_RESPONSE 511
-
+#define CRYPTOGRAHPY_KMC_NULL_ENCRYPTION_KEY_REFERENCE_IN_SA 512
+#define CRYPTOGRAHPY_KMC_NULL_AUTHENTICATION_KEY_REFERENCE_IN_SA 513
+#define CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_EMPTY_RESPONSE 514
 
 
 #define CRYPTO_LIB_SUCCESS (0)
@@ -61,7 +63,7 @@
 #define CRYPTO_LIB_ERR_UT_BYTE_MISMATCH (-10)
 #define CRYPTO_LIB_ERR_NO_CONFIG (-11)
 #define CRYPTO_LIB_ERR_INVALID_FECF (-12)
-#define CRYPTO_LIB_ERR_BAD_ANTIREPLAY_WINDOW (-13)
+#define CRYPTO_LIB_ERR_ARSN_OUTSIDE_WINDOW (-13)
 #define CRYPTO_LIB_ERR_LIBGCRYPT_ERROR (-14)
 #define CRYPTO_LIB_ERR_AUTHENTICATION_ERROR (-15)
 #define CRYPTO_LIB_ERR_NULL_IV (-16)
@@ -71,5 +73,24 @@
 #define CRYPTO_LIB_ERR_MAC_RETRIEVAL_ERROR (-20)
 #define CRYPTO_LIB_ERR_MAC_VALIDATION_ERROR (-21)
 #define CRYPTO_LIB_ERR_INVALID_HEADER (-22)
+#define CRYPTO_LIB_ERR_IV_OUTSIDE_WINDOW (-23)
+#define CRYPTO_LIB_ERR_NULL_ARSN (-24)
+#define CRYPTO_LIB_ERR_NULL_SA (-25)
+#define CRYPTO_LIB_ERR_UNSUPPORTED_ACS (-26)
+#define CRYPTO_LIB_ERR_ENCRYPTION_ERROR (-27)
+#define CRYPTO_LIB_ERR_INVALID_SA_CONFIGURATION (-28)
+#define CRYPTO_LIB_ERR_TC_FRAME_SIZE_EXCEEDS_MANAGED_PARAM_MAX_LIMIT (-29)
+#define CRYPTO_LIB_ERR_TC_FRAME_SIZE_EXCEEDS_SPEC_LIMIT (-30)
+#define CRYPTO_LIB_ERR_UNSUPPORTED_ECS (-31)
+#define CRYPTO_LIB_ERR_KEY_LENGTH_ERROR (-32)
+#define CRYPTO_LIB_ERR_NULL_ECS_PTR (-33)
+#define CRYPTO_LIB_ERR_IV_NOT_SUPPORTED_FOR_ACS_ALGO (-34)
+#define CRYPTO_LIB_ERR_NULL_CIPHERS (-35)
+#define CRYPTO_LIB_ERR_NO_ECS_SET_FOR_ENCRYPTION_MODE (-36)
+#define CRYPTO_LIB_ERR_IV_LEN_SHORTER_THAN_SEC_HEADER_LENGTH (-37)
+#define CRYPTO_LIB_ERR_ARSN_LEN_SHORTER_THAN_SEC_HEADER_LENGTH (-38)
+#define CRYPTO_LIB_ERR_FRAME_COUNTER_DOESNT_MATCH_SA (-39)
+#define CRYPTO_LIB_ERR_INPUT_FRAME_TOO_SHORT_FOR_TC_STANDARD (-40)
+#define CRYPTO_LIB_ERR_INPUT_FRAME_LENGTH_SHORTER_THAN_FRAME_HEADERS_LENGTH (-41)
 
 #endif //_crypto_error_h_