nasa · dccutrig · Jun 22, 2023 · Jun 14, 2023 · Jun 15, 2023 · Jun 15, 2023
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -24,7 +24,7 @@ jobs:
     - name: Configure CMake
       # Configure CMake in a 'build' subdirectory. `CMAKE_BUILD_TYPE` is only required if you are using a single-configuration generator such as make.
       # See https://cmake.org/cmake/help/latest/variable/CMAKE_BUILD_TYPE.html?highlight=cmake_build_type
-      run: cmake -B ${{github.workspace}}/build -DDEBUG=1 -DSA_MARIADB=0 -DCRYPTO_LIBGCRYPT=1 -DCRYPTO_KMC=0
+      run: cmake -B ${{github.workspace}}/build -DDEBUG=1 -DSA_MARIADB=0 -DCRYPTO_LIBGCRYPT=1 -DCRYPTO_KMC=0 -DTEST=1
 
     - name: Build
       # Build your program with the given configuration
@@ -49,7 +49,7 @@ jobs:
     - name: Configure CMake
       # Configure CMake in a 'build' subdirectory. `CMAKE_BUILD_TYPE` is only required if you are using a single-configuration generator such as make.
       # See https://cmake.org/cmake/help/latest/variable/CMAKE_BUILD_TYPE.html?highlight=cmake_build_type
-      run: cmake -B ${{github.workspace}}/build -DDEBUG=0 -DSA_MARIADB=0 -DCRYPTO_LIBGCRYPT=1 -DCRYPTO_KMC=0
+      run: cmake -B ${{github.workspace}}/build -DDEBUG=0 -DSA_MARIADB=0 -DCRYPTO_LIBGCRYPT=1 -DCRYPTO_KMC=0 -DTEST=1
 
     - name: Build
       # Build your program with the given configuration
@@ -75,7 +75,7 @@ jobs:
     - name: Configure CMake
       # Configure CMake in a 'build' subdirectory. `CMAKE_BUILD_TYPE` is only required if you are using a single-configuration generator such as make.
       # See https://cmake.org/cmake/help/latest/variable/CMAKE_BUILD_TYPE.html?highlight=cmake_build_type
-      run: cmake -B ${{github.workspace}}/build -DDEBUG=1 -DSA_MARIADB=1 -DCRYPTO_LIBGCRYPT=1 -DCRYPTO_KMC=0
+      run: cmake -B ${{github.workspace}}/build -DDEBUG=1 -DSA_MARIADB=1 -DCRYPTO_LIBGCRYPT=1 -DCRYPTO_KMC=0 -DTEST=1
 
     - name: Build
       # Build your program with the given configuration
@@ -101,7 +101,7 @@ jobs:
     - name: Configure CMake
       # Configure CMake in a 'build' subdirectory. `CMAKE_BUILD_TYPE` is only required if you are using a single-configuration generator such as make.
       # See https://cmake.org/cmake/help/latest/variable/CMAKE_BUILD_TYPE.html?highlight=cmake_build_type
-      run: cmake -B ${{github.workspace}}/build -DDEBUG=0 -DSA_MARIADB=1 -DCRYPTO_LIBGCRYPT=1 -DCRYPTO_KMC=0
+      run: cmake -B ${{github.workspace}}/build -DDEBUG=0 -DSA_MARIADB=1 -DCRYPTO_LIBGCRYPT=1 -DCRYPTO_KMC=0 -DTEST=1
 
     - name: Build
       # Build your program with the given configuration
@@ -127,7 +127,7 @@ jobs:
     - name: Configure CMake
       # Configure CMake in a 'build' subdirectory. `CMAKE_BUILD_TYPE` is only required if you are using a single-configuration generator such as make.
       # See https://cmake.org/cmake/help/latest/variable/CMAKE_BUILD_TYPE.html?highlight=cmake_build_type
-      run: cmake -B ${{github.workspace}}/build -DDEBUG=1 -DSA_MARIADB=1 -DCRYPTO_LIBGCRYPT=1 -DCRYPTO_KMC=1
+      run: cmake -B ${{github.workspace}}/build -DDEBUG=1 -DSA_MARIADB=1 -DCRYPTO_LIBGCRYPT=1 -DCRYPTO_KMC=1 -DTEST=1
 
     - name: Build
       # Build your program with the given configuration
@@ -153,7 +153,7 @@ jobs:
     - name: Configure CMake
       # Configure CMake in a 'build' subdirectory. `CMAKE_BUILD_TYPE` is only required if you are using a single-configuration generator such as make.
       # See https://cmake.org/cmake/help/latest/variable/CMAKE_BUILD_TYPE.html?highlight=cmake_build_type
-      run: cmake -B ${{github.workspace}}/build -DDEBUG=0 -DSA_MARIADB=1 -DCRYPTO_LIBGCRYPT=1 -DCRYPTO_KMC=1
+      run: cmake -B ${{github.workspace}}/build -DDEBUG=0 -DSA_MARIADB=1 -DCRYPTO_LIBGCRYPT=1 -DCRYPTO_KMC=1 -DTEST=1
 
     - name: Build
       # Build your program with the given configuration

diff --git a/.gitignore b/.gitignore
@@ -14,3 +14,4 @@ __pycache__
 build*
 venv
 vgcore*
+core.*
diff --git a/include/crypto.h b/include/crypto.h
@@ -45,7 +45,7 @@
 */
 #define CRYPTO_LIB_MAJOR_VERSION 1
 #define CRYPTO_LIB_MINOR_VERSION 2
-#define CRYPTO_LIB_REVISION 1
+#define CRYPTO_LIB_REVISION 2
 #define CRYPTO_LIB_MISSION_REV 0
 
 /*
@@ -58,8 +58,9 @@
 */
 
 // Crypto Library Configuration functions
-extern int32_t Crypto_Config_CryptoLib(uint8_t key_type, uint8_t sadb_type, uint8_t cryptography_type, uint8_t crypto_create_fecf, 
-                                       uint8_t process_sdls_pdus, uint8_t has_pus_hdr, uint8_t ignore_sa_state, uint8_t ignore_anti_replay,
+extern int32_t Crypto_Config_CryptoLib(uint8_t key_type, uint8_t sadb_type, uint8_t cryptography_type, 
+                                       uint8_t iv_type, uint8_t crypto_create_fecf, uint8_t process_sdls_pdus, 
+                                       uint8_t has_pus_hdr, uint8_t ignore_sa_state, uint8_t ignore_anti_replay,
                                        uint8_t unique_sa_per_mapid, uint8_t crypto_check_fecf, uint8_t vcid_bitmask, 
                                        uint8_t crypto_increment_nontransmitted_iv);
 extern int32_t Crypto_Config_MariaDB(char* mysql_hostname, char* mysql_database, uint16_t mysql_port,

diff --git a/include/crypto_config.h b/include/crypto_config.h
@@ -121,7 +121,7 @@
 #define FECF_SIZE 2
 #define SEGMENT_HDR_SIZE 1
 #define ECS_SIZE 4    /* bytes */
-#define ABM_SIZE 1024 // 20      /* bytes */
+#define ABM_SIZE 1786 // 20      /* bytes */
 #define ARSN_SIZE 20   /* total messages */
 #define ARSNW_SIZE 1   /* bytes */
 #define SN_SIZE 0

diff --git a/include/crypto_config_structs.h b/include/crypto_config_structs.h
@@ -45,6 +45,11 @@ typedef enum
 } CryptographyType;
 // gvcid managed parameter enums
 typedef enum
+{
+    IV_INTERNAL,
+    IV_CRYPTO_MODULE
+} IvType;
+typedef enum
 {
     TC_NO_FECF,
     TC_HAS_FECF,
@@ -155,6 +160,7 @@ typedef struct
     KeyType key_type;
     SadbType sadb_type;
     CryptographyType cryptography_type;
+    IvType iv_type; // Whether or not CryptoLib should generate the IV
     CreateFecfBool crypto_create_fecf; // Whether or not CryptoLib is expected to calculate TC FECFs and return
                                          // payloads with the FECF
     TcProcessSdlsPdus process_sdls_pdus; // Config to process SDLS extended procedure PDUs in CryptoLib

diff --git a/include/crypto_structs.h b/include/crypto_structs.h
@@ -64,18 +64,18 @@ typedef struct
     uint8_t shsnf_len : 6;  // Sec. Header SN Field Length
     uint8_t shplf_len : 2;  // Sec. Header PL Field Length
     uint8_t stmacf_len : 8; // Sec. Trailer MAC Field Length
-    uint8_t* ecs;           // Encryption Cipher Suite (algorithm / mode ID)
+    uint8_t ecs;            // Encryption Cipher Suite (algorithm / mode ID)
     uint8_t ecs_len : 8;    // Encryption Cipher Suite Length
-    uint8_t* iv;            // Initialization Vector
+    uint8_t iv[IV_SIZE];    // Initialization Vector
     uint8_t iv_len;         // Length of entire IV
     uint8_t acs_len : 8;    // Authentication Cipher Suite Length
-    uint8_t* acs;        // Authentication Cipher Suite (algorithm / mode ID)
+    uint8_t acs;            // Authentication Cipher Suite (algorithm / mode ID)
     uint16_t abm_len : 16;  // Authentication Bit Mask Length
-    uint8_t* abm;           // Authentication Bit Mask (Primary Hdr. through Security Hdr.)
-    uint8_t arsn_len : 8;    // Anti-Replay Seq Num Length
-    uint8_t* arsn;           // Anti-Replay Seq Num
-    uint8_t arsnw_len : 8;   // Anti-Replay Seq Num Window Length
-    uint16_t arsnw;          // Anti-Replay Seq Num Window
+    uint8_t abm[ABM_SIZE];  // Authentication Bit Mask (Primary Hdr. through Security Hdr.)
+    uint8_t arsn_len : 8;   // Anti-Replay Seq Num Length
+    uint8_t arsn[ARSN_SIZE];// Anti-Replay Seq Num
+    uint8_t arsnw_len : 8;  // Anti-Replay Seq Num Window Length
+    uint16_t arsnw;         // Anti-Replay Seq Num Window
 
 } SecurityAssociation_t;
 #define SA_SIZE (sizeof(SecurityAssociation_t))

diff --git a/src/core/crypto.c b/src/core/crypto.c
@@ -72,15 +72,15 @@ uint8_t Crypto_Is_AEAD_Algorithm(uint32_t cipher_suite_id)
     // TODO - Add cipher suite mapping to which algorithms are AEAD and which are not.
     if((cipher_suite_id == CRYPTO_CIPHER_AES256_GCM) || (cipher_suite_id == CRYPTO_CIPHER_AES256_CBC_MAC))
     {
-        #ifdef CRYPTO_DEBUG
+        #ifdef DEBUG
             printf(KYEL "CRYPTO IS AEAD? : TRUE\n" RESET);
         #endif
         return CRYPTO_TRUE;
 
     }
     else
     {   
-        #ifdef CRYPTO_DEBUG
+        #ifdef DEBUG
             printf(KYEL "CRYPTO IS AEAD? : FALSE\n" RESET);
         #endif
         return CRYPTO_FALSE;
@@ -855,7 +855,7 @@ int32_t Crypto_Check_Anti_Replay(SecurityAssociation_t *sa_ptr, uint8_t *arsn, u
         }
     }
     // If IV is greater than zero and using GCM, check for replay
-    if ((sa_ptr->iv_len > 0) && *sa_ptr->ecs == CRYPTO_CIPHER_AES256_GCM)
+    if ((sa_ptr->iv_len > 0) && (sa_ptr->ecs == CRYPTO_CIPHER_AES256_GCM))
     {
         // Check IV is in ARSNW
         if(crypto_config->crypto_increment_nontransmitted_iv == SA_INCREMENT_NONTRANSMITTED_IV_TRUE)
@@ -897,7 +897,7 @@ int32_t Crypto_Check_Anti_Replay(SecurityAssociation_t *sa_ptr, uint8_t *arsn, u
     // else{}
 
     // For GCM specifically, if have a valid IV...
-    if (*sa_ptr->ecs == CRYPTO_CIPHER_AES256_GCM && IV_VALID == CRYPTO_TRUE)
+    if ((sa_ptr->ecs == CRYPTO_CIPHER_AES256_GCM) && (IV_VALID == CRYPTO_TRUE))
     {
         // Using ARSN? Need to be valid to increment both
         if (sa_ptr->arsn_len > 0 && ARSN_VALID == CRYPTO_TRUE)
@@ -913,12 +913,11 @@ int32_t Crypto_Check_Anti_Replay(SecurityAssociation_t *sa_ptr, uint8_t *arsn, u
     }
 
     // If not GCM, and ARSN is valid - can incrmeent it
-    if (*sa_ptr->ecs != CRYPTO_CIPHER_AES256_GCM && ARSN_VALID == CRYPTO_TRUE)
+    if (sa_ptr->ecs != CRYPTO_CIPHER_AES256_GCM && ARSN_VALID == CRYPTO_TRUE)
     {
         memcpy(sa_ptr->arsn, arsn, sa_ptr->arsn_len);
     }
 
-
     return status;
 }
 

diff --git a/src/core/crypto_config.c b/src/core/crypto_config.c
@@ -53,9 +53,11 @@ int32_t crypto_free_config_structs(void);
 int32_t Crypto_Init_TC_Unit_Test(void)
 {
     int32_t status = CRYPTO_LIB_SUCCESS;
-    Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR,
-                            TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE,
-                            TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE);
+    Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, 
+                            IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, 
+                            TC_HAS_PUS_HDR, TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, 
+                            TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_CHECK_FECF_TRUE, 0x3F, 
+                            SA_INCREMENT_NONTRANSMITTED_IV_TRUE);
     // TC Tests
     Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024);
     Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024);
@@ -71,7 +73,8 @@ int32_t Crypto_Init_TC_Unit_Test(void)
 int32_t Crypto_Init_TM_Unit_Test(void)
 {
     int32_t status = CRYPTO_LIB_SUCCESS;
-    Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR,
+    Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, SADB_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT, 
+                            IV_INTERNAL, CRYPTO_TM_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR,
                             TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE,
                             TM_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE);
     // TM Tests
@@ -271,6 +274,7 @@ int32_t Crypto_Shutdown(void)
  * @brief Function: Crypto_Config_CryptoLib
  * @param key_type: uint8
  * @param sadb_type: uint8
+ * @param iv_type: uint8
  * @param crypto_create_fecf: uint8
  * @param process_sdls_pdus: uint8
  * @param has_pus_hdr: uint8
@@ -281,7 +285,8 @@ int32_t Crypto_Shutdown(void)
  * @param vcid_bitmask: uint8
  * @return int32: Success/Failure
  **/
-int32_t Crypto_Config_CryptoLib(uint8_t key_type, uint8_t sadb_type, uint8_t cryptography_type, uint8_t crypto_create_fecf, uint8_t process_sdls_pdus,
+int32_t Crypto_Config_CryptoLib(uint8_t key_type, uint8_t sadb_type, uint8_t cryptography_type, 
+                                uint8_t iv_type, uint8_t crypto_create_fecf, uint8_t process_sdls_pdus,
                                 uint8_t has_pus_hdr, uint8_t ignore_sa_state, uint8_t ignore_anti_replay,
                                 uint8_t unique_sa_per_mapid, uint8_t crypto_check_fecf, uint8_t vcid_bitmask, uint8_t crypto_increment_nontransmitted_iv)
 {
@@ -290,6 +295,7 @@ int32_t Crypto_Config_CryptoLib(uint8_t key_type, uint8_t sadb_type, uint8_t cry
     crypto_config->key_type = key_type;
     crypto_config->sadb_type = sadb_type;
     crypto_config->cryptography_type = cryptography_type;
+    crypto_config->iv_type = iv_type;
     crypto_config->crypto_create_fecf = crypto_create_fecf;
     crypto_config->process_sdls_pdus = process_sdls_pdus;
     crypto_config->has_pus_hdr = has_pus_hdr;

diff --git a/src/core/crypto_error.c b/src/core/crypto_error.c
@@ -67,6 +67,8 @@ char *crypto_enum_errlist_core[] =
         ,"CRYPTO_LIB_ERR_NULL_MODE_PTR"
         ,"CRYPTO_LIB_ERR_UNSUPPORTED_MODE"
         ,"CRYPTO_LIB_ERR_INPUT_FRAME_TOO_SHORT_FOR_TM_STANDARD"
+        ,"CRYPTO_LIB_ERR_TC_ENUM_USED_FOR_TM_CONFIG"
+        ,"CRYPTO_LIB_ERR_KEY_ID_ERROR"
 };
 
 char *crypto_enum_errlist_config[] =

diff --git a/src/core/crypto_print.c b/src/core/crypto_print.c
@@ -201,19 +201,19 @@ void Crypto_saPrint(SecurityAssociation_t* sa)
     printf("\t shplf_len  = %d \n", sa->shplf_len);
     printf("\t stmacf_len = %d \n", sa->stmacf_len);
     printf("\t ecs_len    = %d \n", sa->ecs_len);
-    if (sa->ecs != NULL)
+    if (sa->ecs_len > 0)
     {
         for (i = 0; i < sa->ecs_len; i++)
         {
-            printf("\t ecs[%d]     = 0x%02x \n", i, *(sa->ecs + i));
+            printf("\t ecs[%d]     = 0x%02x \n", i, (sa->ecs + i));
         }
     }
     printf("\t ekid       = %d \n", sa->ekid);
     printf("\t ek_ref     = %s \n", sa->ek_ref);
     printf("\t akid       = %d \n", sa->akid);
     printf("\t ak_ref     = %s \n", sa->ak_ref);
     printf("\t iv_len     = %d \n", sa->shivf_len);
-    if (sa->iv != NULL)
+    if (sa->iv_len > 0)
     {
         for (i = 0; i < sa->iv_len; i++)
         {
@@ -224,15 +224,9 @@ void Crypto_saPrint(SecurityAssociation_t* sa)
         printf("\t iv        = %s \n", sa->iv);
     }
     printf("\t acs_len    = %d \n", sa->acs_len);
-    if (sa->acs != NULL)
-    {
-        for (i = 0; i < sa->acs_len; i++)
-        {
-            printf("\t acs[%d]     = 0x%02x \n", i, *(sa->acs + i));
-        }
-    }
+    printf("\t acs        = 0x%02x \n", sa->acs);
     printf("\t abm_len    = %d \n", sa->abm_len);
-    if (sa->abm != NULL)
+    if (sa->abm_len > 0)
     {
         printf("\t abm        = ");
         for (i = 0; i < sa->abm_len; i++)
@@ -242,7 +236,7 @@ void Crypto_saPrint(SecurityAssociation_t* sa)
         printf("\n");
     }
     printf("\t arsn_len    = %d \n", sa->arsn_len);
-    if (sa->arsn != NULL)
+    if (sa->arsn_len > 0)
     {
         printf("\t arsn        = ");
         for (i = 0; i < sa->arsn_len; i++)