diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e76b93b2..ca77ac72 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -4,6 +4,7 @@ on: push: branches: [ main, dev ] pull_request: + branches: [ main, dev ] jobs: # diff --git a/.gitignore b/.gitignore index 8671517b..a885fba5 100644 --- a/.gitignore +++ b/.gitignore @@ -15,3 +15,4 @@ build/ venv vgcore* core.* +log.txt diff --git a/include/crypto.h b/include/crypto.h index 4ff7d27d..6d9099e0 100644 --- a/include/crypto.h +++ b/include/crypto.h @@ -187,7 +187,7 @@ extern TM_FramePrimaryHeader_t tm_frame_pri_hdr; extern TM_FrameSecurityHeader_t tm_frame_sec_hdr; // Used to reduce bit math duplication // Global configuration structs -extern CryptoConfig_t* crypto_config; +extern CryptoConfig_t crypto_config; extern SadbMariaDBConfig_t* sa_mariadb_config; extern CryptographyKmcCryptoServiceConfig_t* cryptography_kmc_crypto_config; extern CamConfig_t* cam_config; diff --git a/include/crypto_config.h b/include/crypto_config.h index d551d1c6..632273fb 100644 --- a/include/crypto_config.h +++ b/include/crypto_config.h @@ -117,14 +117,15 @@ #define IV_SIZE 16 /* TM IV size bytes */ #define IV_SIZE_TC 4 /* TC IV size bytes */ #define OCF_SIZE 4 -#define MAC_SIZE 16 /* bytes */ /* Deprecated, todo - remove throughout & use SA mac field specification */ +#define MAC_SIZE 16 /* bytes */ #define FECF_SIZE 2 #define SEGMENT_HDR_SIZE 1 -#define ECS_SIZE 4 /* bytes */ -#define ABM_SIZE 1786 // 20 /* bytes */ -#define ARSN_SIZE 20 /* total messages */ -#define ARSNW_SIZE 1 /* bytes */ -#define SN_SIZE 16 +#define ECS_SIZE 4 /* bytes */ +#define ABM_SIZE 1786 /* bytes */ +#define ARSN_SIZE 20 /* total messages */ +#define ARSNW_SIZE 1 /* bytes */ +#define SN_SIZE 16 /* bytes */ +#define PAD_SIZE 32 /* bytes */ #define CHALLENGE_SIZE 16 /* bytes */ #define CHALLENGE_MAC_SIZE 16 /* bytes */ diff --git a/include/crypto_config_structs.h b/include/crypto_config_structs.h index 31fd6901..6fafbe7e 100644 --- a/include/crypto_config_structs.h +++ b/include/crypto_config_structs.h @@ -28,6 +28,11 @@ ivv-itc@lists.nasa.gov // main config enums typedef enum +{ + UNITIALIZED = 0, + INITIALIZED +} InitStatus; +typedef enum { KEY_TYPE_CUSTOM, KEY_TYPE_INTERNAL, @@ -163,6 +168,7 @@ typedef enum */ typedef struct { + InitStatus init_status; KeyType key_type; McType mc_type; SadbType sa_type; diff --git a/include/crypto_structs.h b/include/crypto_structs.h index 8cd9cd41..0fbc421c 100644 --- a/include/crypto_structs.h +++ b/include/crypto_structs.h @@ -255,18 +255,18 @@ typedef struct { uint8_t sh : TC_SH_SIZE; // Segment Header uint16_t spi; // Security Parameter Index - uint8_t* iv; // Initialization Vector for encryption + uint8_t iv[IV_SIZE]; // Initialization Vector for encryption uint8_t iv_field_len; - uint8_t* sn; // Sequence Number for anti-replay + uint8_t sn[SN_SIZE]; // Sequence Number for anti-replay uint8_t sn_field_len; - uint8_t* pad; // Count of the used fill Bytes + uint8_t pad[PAD_SIZE]; // Count of the used fill Bytes uint8_t pad_field_len; } TC_FrameSecurityHeader_t; #define TC_FRAME_SECHEADER_SIZE (sizeof(TC_FrameSecurityHeader_t)) typedef struct { - uint8_t* mac; // Message Authentication Code + uint8_t mac[MAC_SIZE]; // Message Authentication Code uint8_t mac_field_len; uint16_t fecf; // Frame Error Control Field } TC_FrameSecurityTrailer_t; diff --git a/src/core/crypto.c b/src/core/crypto.c index 7cec418d..bca74356 100644 --- a/src/core/crypto.c +++ b/src/core/crypto.c @@ -721,7 +721,7 @@ int32_t Crypto_Process_Extended_Procedure_Pdu(TC_t* tc_sdls_processed_frame, uin int32_t status = CRYPTO_LIB_SUCCESS; int x; - if (crypto_config->has_pus_hdr == TC_HAS_PUS_HDR) + if (crypto_config.has_pus_hdr == TC_HAS_PUS_HDR) { if ((tc_sdls_processed_frame->tc_pdu[0] == 0x18) && (tc_sdls_processed_frame->tc_pdu[1] == 0x80)) // Crypto Lib Application ID @@ -816,7 +816,7 @@ int32_t Crypto_Check_Anti_Replay(SecurityAssociation_t *sa_ptr, uint8_t *arsn, u { return CRYPTO_LIB_ERR_NULL_ARSN; } - if (iv == NULL && sa_ptr->shivf_len > 0 && crypto_config->cryptography_type != CRYPTOGRAPHY_TYPE_KMCCRYPTO) + if (iv == NULL && sa_ptr->shivf_len > 0 && crypto_config.cryptography_type != CRYPTOGRAPHY_TYPE_KMCCRYPTO) { return CRYPTO_LIB_ERR_NULL_IV; } @@ -858,7 +858,7 @@ int32_t Crypto_Check_Anti_Replay(SecurityAssociation_t *sa_ptr, uint8_t *arsn, u if ((sa_ptr->iv_len > 0) && (sa_ptr->ecs == CRYPTO_CIPHER_AES256_GCM)) { // Check IV is in ARSNW - if(crypto_config->crypto_increment_nontransmitted_iv == SA_INCREMENT_NONTRANSMITTED_IV_TRUE) + if(crypto_config.crypto_increment_nontransmitted_iv == SA_INCREMENT_NONTRANSMITTED_IV_TRUE) { status = Crypto_window(iv, sa_ptr->iv, sa_ptr->iv_len, sa_ptr->arsnw); } else // SA_INCREMENT_NONTRANSMITTED_IV_FALSE diff --git a/src/core/crypto_config.c b/src/core/crypto_config.c index 29962172..927c9589 100644 --- a/src/core/crypto_config.c +++ b/src/core/crypto_config.c @@ -25,14 +25,14 @@ /* ** Global Variables */ +CryptographyInterface cryptography_if = NULL; KeyInterface key_if = NULL; McInterface mc_if = NULL; SaInterface sa_if = NULL; SadbMariaDBConfig_t* sa_mariadb_config = NULL; -CryptographyInterface cryptography_if = NULL; -CryptoConfig_t* crypto_config = NULL; +CryptoConfig_t crypto_config; CryptographyKmcCryptoServiceConfig_t* cryptography_kmc_crypto_config = NULL; CamConfig_t* cam_config = NULL; @@ -106,7 +106,11 @@ int32_t Crypto_Init_With_Configs(CryptoConfig_t* crypto_config_p, GvcidManagedPa SadbMariaDBConfig_t* sa_mariadb_config_p, CryptographyKmcCryptoServiceConfig_t* cryptography_kmc_crypto_config_p) { int32_t status = CRYPTO_LIB_SUCCESS; - crypto_config = crypto_config_p; + if(crypto_config_p != NULL) + { + memcpy(&crypto_config, crypto_config_p, CRYPTO_CONFIG_SIZE); + crypto_config.init_status = INITIALIZED; + } gvcid_managed_parameters = gvcid_managed_parameters_p; sa_mariadb_config = sa_mariadb_config_p; cryptography_kmc_crypto_config = cryptography_kmc_crypto_config_p; @@ -122,7 +126,7 @@ int32_t Crypto_Init(void) { int32_t status = CRYPTO_LIB_SUCCESS; - if (crypto_config == NULL) + if (crypto_config.init_status == UNITIALIZED) { status = CRYPTO_CONFIGURATION_NOT_COMPLETE; printf(KRED "ERROR: CryptoLib must be configured before intializing!\n" RESET); @@ -140,11 +144,11 @@ int32_t Crypto_Init(void) // #endif /* Key Interface */ - if (crypto_config->key_type == KEY_TYPE_CUSTOM) + if (crypto_config.key_type == KEY_TYPE_CUSTOM) { key_if = get_key_interface_custom(); } - else if (crypto_config->key_type == KEY_TYPE_INTERNAL) + else if (crypto_config.key_type == KEY_TYPE_INTERNAL) { key_if = get_key_interface_internal(); } @@ -156,7 +160,7 @@ int32_t Crypto_Init(void) // TODO: Check and return status on error /* MC Interface */ - if (crypto_config->mc_type == MC_TYPE_CUSTOM) + if (crypto_config.mc_type == MC_TYPE_CUSTOM) { mc_if = get_mc_interface_custom(); } @@ -169,15 +173,15 @@ int32_t Crypto_Init(void) /* SA Interface */ // Prepare SA type from config - if (crypto_config->sa_type == SA_TYPE_CUSTOM) + if (crypto_config.sa_type == SA_TYPE_CUSTOM) { sa_if = get_sa_interface_custom(); } - else if (crypto_config->sa_type == SA_TYPE_INMEMORY) + else if (crypto_config.sa_type == SA_TYPE_INMEMORY) { sa_if = get_sa_interface_inmemory(); } - else if (crypto_config->sa_type == SA_TYPE_MARIADB) + else if (crypto_config.sa_type == SA_TYPE_MARIADB) { if (sa_mariadb_config == NULL) { @@ -195,11 +199,11 @@ int32_t Crypto_Init(void) /* Crypto Interface */ // Prepare Cryptographic Library from config - if(crypto_config->cryptography_type == CRYPTOGRAPHY_TYPE_LIBGCRYPT) + if(crypto_config.cryptography_type == CRYPTOGRAPHY_TYPE_LIBGCRYPT) { cryptography_if = get_cryptography_interface_libgcrypt(); } - else if (crypto_config->cryptography_type == CRYPTOGRAPHY_TYPE_KMCCRYPTO) + else if (crypto_config.cryptography_type == CRYPTOGRAPHY_TYPE_KMCCRYPTO) { if (cryptography_kmc_crypto_config == NULL) { @@ -324,21 +328,21 @@ int32_t Crypto_Config_CryptoLib(uint8_t key_type, uint8_t mc_type, uint8_t sa_ty uint8_t unique_sa_per_mapid, uint8_t crypto_check_fecf, uint8_t vcid_bitmask, uint8_t crypto_increment_nontransmitted_iv) { int32_t status = CRYPTO_LIB_SUCCESS; - crypto_config = (CryptoConfig_t* )calloc(1, CRYPTO_CONFIG_SIZE); - crypto_config->key_type = key_type; - crypto_config->mc_type = mc_type; - crypto_config->sa_type = sa_type; - crypto_config->cryptography_type = cryptography_type; - crypto_config->iv_type = iv_type; - crypto_config->crypto_create_fecf = crypto_create_fecf; - crypto_config->process_sdls_pdus = process_sdls_pdus; - crypto_config->has_pus_hdr = has_pus_hdr; - crypto_config->ignore_sa_state = ignore_sa_state; - crypto_config->ignore_anti_replay = ignore_anti_replay; - crypto_config->unique_sa_per_mapid = unique_sa_per_mapid; - crypto_config->crypto_check_fecf = crypto_check_fecf; - crypto_config->vcid_bitmask = vcid_bitmask; - crypto_config->crypto_increment_nontransmitted_iv = crypto_increment_nontransmitted_iv; + crypto_config.init_status = INITIALIZED; + crypto_config.key_type = key_type; + crypto_config.mc_type = mc_type; + crypto_config.sa_type = sa_type; + crypto_config.cryptography_type = cryptography_type; + crypto_config.iv_type = iv_type; + crypto_config.crypto_create_fecf = crypto_create_fecf; + crypto_config.process_sdls_pdus = process_sdls_pdus; + crypto_config.has_pus_hdr = has_pus_hdr; + crypto_config.ignore_sa_state = ignore_sa_state; + crypto_config.ignore_anti_replay = ignore_anti_replay; + crypto_config.unique_sa_per_mapid = unique_sa_per_mapid; + crypto_config.crypto_check_fecf = crypto_check_fecf; + crypto_config.vcid_bitmask = vcid_bitmask; + crypto_config.crypto_increment_nontransmitted_iv = crypto_increment_nontransmitted_iv; return status; } @@ -479,8 +483,8 @@ int32_t crypto_free_config_structs(void) { int32_t status = CRYPTO_LIB_SUCCESS; - free(crypto_config); //no strings in this struct, just free it. - crypto_config=NULL; + //free(crypto_config); //no strings in this struct, just free it. + crypto_config.init_status = UNITIALIZED; // Config structs with char* types that are malloc'd and must be freed individually. if(sa_mariadb_config != NULL) diff --git a/src/core/crypto_tc.c b/src/core/crypto_tc.c index b8d1ae96..a0cc2fd7 100644 --- a/src/core/crypto_tc.c +++ b/src/core/crypto_tc.c @@ -98,7 +98,7 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in tmp = tmp; #endif - if ((crypto_config == NULL) || (mc_if == NULL) || (sa_if == NULL)) + if ((crypto_config.init_status == UNITIALIZED) || (mc_if == NULL) || (sa_if == NULL)) { printf(KRED "ERROR: CryptoLib Configuration Not Set! -- CRYPTO_LIB_ERR_NO_CONFIG, Will Exit\n" RESET); status = CRYPTO_LIB_ERR_NO_CONFIG; @@ -120,7 +120,7 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in temp_tc_header.spare = ((uint8_t)p_in_frame[0] & 0x0C) >> 2; temp_tc_header.scid = ((uint8_t)p_in_frame[0] & 0x03) << 8; temp_tc_header.scid = temp_tc_header.scid | (uint8_t)p_in_frame[1]; - temp_tc_header.vcid = ((uint8_t)p_in_frame[2] & 0xFC) >> 2 & crypto_config->vcid_bitmask; + temp_tc_header.vcid = ((uint8_t)p_in_frame[2] & 0xFC) >> 2 & crypto_config.vcid_bitmask; temp_tc_header.fl = ((uint8_t)p_in_frame[2] & 0x03) << 8; temp_tc_header.fl = temp_tc_header.fl | (uint8_t)p_in_frame[3]; temp_tc_header.fsn = (uint8_t)p_in_frame[4]; @@ -448,7 +448,7 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in } } - if (crypto_config->iv_type == IV_INTERNAL) + if (crypto_config.iv_type == IV_INTERNAL) { // Start index from the transmitted portion for (i = sa_ptr->iv_len - sa_ptr->shivf_len; i < sa_ptr->iv_len; i++) @@ -461,7 +461,7 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in else { // Transmitted length > 0, AND using KMC_CRYPTO - if ((sa_ptr->shivf_len > 0) && (crypto_config->cryptography_type == CRYPTOGRAPHY_TYPE_KMCCRYPTO)) + if ((sa_ptr->shivf_len > 0) && (crypto_config.cryptography_type == CRYPTOGRAPHY_TYPE_KMCCRYPTO)) { index += sa_ptr->iv_len - (sa_ptr->iv_len - sa_ptr->shivf_len); } @@ -702,7 +702,7 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in if (sa_service_type != SA_PLAINTEXT) { #ifdef INCREMENT - if (crypto_config->crypto_increment_nontransmitted_iv == SA_INCREMENT_NONTRANSMITTED_IV_TRUE) + if (crypto_config.crypto_increment_nontransmitted_iv == SA_INCREMENT_NONTRANSMITTED_IV_TRUE) { if (sa_ptr->shivf_len > 0 && sa_ptr->iv_len != 0) { @@ -763,7 +763,7 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t* p_in_frame, const uint16_t in #ifdef FECF_DEBUG printf(KCYN "Calcing FECF over %d bytes\n" RESET, new_enc_frame_header_field_length - 1); #endif - if (crypto_config->crypto_create_fecf == CRYPTO_TC_CREATE_FECF_TRUE) + if (crypto_config.crypto_create_fecf == CRYPTO_TC_CREATE_FECF_TRUE) { new_fecf = Crypto_Calc_FECF(p_new_enc_frame, new_enc_frame_header_field_length - 1); *(p_new_enc_frame + new_enc_frame_header_field_length - 1) = (uint8_t)((new_fecf & 0xFF00) >> 8); @@ -834,7 +834,7 @@ int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t* ingest, int* len_ingest, TC_t* tc uint8_t ecs_is_aead_algorithm = -1; crypto_key_t* ekp = NULL; - if ((mc_if == NULL) || (crypto_config == NULL)) + if ((mc_if == NULL) || (crypto_config.init_status == UNITIALIZED)) { printf(KRED "ERROR: CryptoLib Configuration Not Set! -- CRYPTO_LIB_ERR_NO_CONFIG, Will Exit\n" RESET); status = CRYPTO_LIB_ERR_NO_CONFIG; @@ -863,7 +863,7 @@ int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t* ingest, int* len_ingest, TC_t* tc byte_idx++; tc_sdls_processed_frame->tc_header.scid = tc_sdls_processed_frame->tc_header.scid | (uint8_t)ingest[byte_idx]; byte_idx++; - tc_sdls_processed_frame->tc_header.vcid = (((uint8_t)ingest[byte_idx] & 0xFC) >> 2) & crypto_config->vcid_bitmask; + tc_sdls_processed_frame->tc_header.vcid = (((uint8_t)ingest[byte_idx] & 0xFC) >> 2) & crypto_config.vcid_bitmask; tc_sdls_processed_frame->tc_header.fl = ((uint8_t)ingest[byte_idx] & 0x03) << 8; byte_idx++; tc_sdls_processed_frame->tc_header.fl = tc_sdls_processed_frame->tc_header.fl | (uint8_t)ingest[byte_idx]; @@ -916,10 +916,10 @@ int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t* ingest, int* len_ingest, TC_t* tc return status; } // Allocate the necessary byte arrays within the security header + trailer given the SA - tc_sdls_processed_frame->tc_sec_header.iv = calloc(1, sa_ptr->iv_len); - tc_sdls_processed_frame->tc_sec_header.sn = calloc(1, sa_ptr->arsn_len); - tc_sdls_processed_frame->tc_sec_header.pad = calloc(1, sa_ptr->shplf_len); - tc_sdls_processed_frame->tc_sec_trailer.mac = calloc(1, sa_ptr->stmacf_len); + //tc_sdls_processed_frame->tc_sec_header.iv = calloc(1, sa_ptr->iv_len); + //tc_sdls_processed_frame->tc_sec_header.sn = calloc(1, sa_ptr->arsn_len); + //tc_sdls_processed_frame->tc_sec_header.pad = calloc(1, sa_ptr->shplf_len); + //tc_sdls_processed_frame->tc_sec_trailer.mac = calloc(1, sa_ptr->stmacf_len); // Set tc_sec_header + trailer fields for actual lengths from the SA (downstream apps won't know this length otherwise since they don't access the SADB!). tc_sdls_processed_frame->tc_sec_header.iv_field_len = sa_ptr->iv_len; tc_sdls_processed_frame->tc_sec_header.sn_field_len = sa_ptr->arsn_len; @@ -996,7 +996,7 @@ int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t* ingest, int* len_ingest, TC_t* tc tc_sdls_processed_frame->tc_sec_trailer.fecf = (((ingest[tc_sdls_processed_frame->tc_header.fl - 1] << 8) & 0xFF00) | (ingest[tc_sdls_processed_frame->tc_header.fl] & 0x00FF)); - if (crypto_config->crypto_check_fecf == TC_CHECK_FECF_TRUE) + if (crypto_config.crypto_check_fecf == TC_CHECK_FECF_TRUE) { uint16_t received_fecf = tc_sdls_processed_frame->tc_sec_trailer.fecf; // Calculate our own @@ -1022,8 +1022,8 @@ int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t* ingest, int* len_ingest, TC_t* tc // Handle non-transmitted IV increment case (transmitted-portion roll-over) if (sa_ptr->shivf_len < sa_ptr->iv_len && - crypto_config->ignore_anti_replay == TC_IGNORE_ANTI_REPLAY_FALSE && - crypto_config->crypto_increment_nontransmitted_iv == SA_INCREMENT_NONTRANSMITTED_IV_TRUE) + crypto_config.ignore_anti_replay == TC_IGNORE_ANTI_REPLAY_FALSE && + crypto_config.crypto_increment_nontransmitted_iv == SA_INCREMENT_NONTRANSMITTED_IV_TRUE) { status = crypto_handle_incrementing_nontransmitted_counter(tc_sdls_processed_frame->tc_sec_header.iv, sa_ptr->iv, sa_ptr->iv_len, sa_ptr->shivf_len, sa_ptr->arsnw); if (status != CRYPTO_LIB_SUCCESS) @@ -1049,7 +1049,7 @@ int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t* ingest, int* len_ingest, TC_t* tc // Handle non-transmitted SN increment case (transmitted-portion roll-over) if (sa_ptr->shsnf_len < sa_ptr->arsn_len && - crypto_config->ignore_anti_replay == TC_IGNORE_ANTI_REPLAY_FALSE) + crypto_config.ignore_anti_replay == TC_IGNORE_ANTI_REPLAY_FALSE) { status = crypto_handle_incrementing_nontransmitted_counter(tc_sdls_processed_frame->tc_sec_header.sn, sa_ptr->arsn, sa_ptr->arsn_len, sa_ptr->shsnf_len, sa_ptr->arsnw); if (status != CRYPTO_LIB_SUCCESS) @@ -1255,7 +1255,7 @@ int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t* ingest, int* len_ingest, TC_t* tc } // Now that MAC has been verified, check IV & ARSN if applicable - if (crypto_config->ignore_anti_replay == TC_IGNORE_ANTI_REPLAY_FALSE && status == CRYPTO_LIB_SUCCESS) + if (crypto_config.ignore_anti_replay == TC_IGNORE_ANTI_REPLAY_FALSE && status == CRYPTO_LIB_SUCCESS) { status = Crypto_Check_Anti_Replay(sa_ptr, tc_sdls_processed_frame->tc_sec_header.sn, tc_sdls_processed_frame->tc_sec_header.iv); @@ -1277,7 +1277,7 @@ int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t* ingest, int* len_ingest, TC_t* tc } else { - if (crypto_config->sa_type == SA_TYPE_MARIADB) + if (crypto_config.sa_type == SA_TYPE_MARIADB) { if (sa_ptr->ek_ref != NULL) free(sa_ptr->ek_ref); @@ -1286,7 +1286,7 @@ int32_t Crypto_TC_ProcessSecurity_Cam(uint8_t* ingest, int* len_ingest, TC_t* tc } // Extended PDU processing, if applicable - if (status == CRYPTO_LIB_SUCCESS && crypto_config->process_sdls_pdus == TC_PROCESS_SDLS_PDUS_TRUE) + if (status == CRYPTO_LIB_SUCCESS && crypto_config.process_sdls_pdus == TC_PROCESS_SDLS_PDUS_TRUE) { status = Crypto_Process_Extended_Procedure_Pdu(tc_sdls_processed_frame, ingest); } @@ -1376,7 +1376,7 @@ uint8_t* Crypto_Prepare_TC_AAD(uint8_t* buffer, uint16_t len_aad, uint8_t* abm_b **/ static int32_t crypto_tc_validate_sa(SecurityAssociation_t* sa) { - if (sa->shivf_len > 0 && crypto_config->iv_type == IV_CRYPTO_MODULE && crypto_config->cryptography_type != CRYPTOGRAPHY_TYPE_KMCCRYPTO) + if (sa->shivf_len > 0 && crypto_config.iv_type == IV_CRYPTO_MODULE && crypto_config.cryptography_type != CRYPTOGRAPHY_TYPE_KMCCRYPTO) { return CRYPTO_LIB_ERR_NULL_IV; } @@ -1384,11 +1384,11 @@ static int32_t crypto_tc_validate_sa(SecurityAssociation_t* sa) { return CRYPTO_LIB_ERR_IV_LEN_SHORTER_THAN_SEC_HEADER_LENGTH; } - if (sa->iv_len > 0 && crypto_config->iv_type == IV_CRYPTO_MODULE && crypto_config->cryptography_type != CRYPTOGRAPHY_TYPE_KMCCRYPTO) + if (sa->iv_len > 0 && crypto_config.iv_type == IV_CRYPTO_MODULE && crypto_config.cryptography_type != CRYPTOGRAPHY_TYPE_KMCCRYPTO) { return CRYPTO_LIB_ERR_NULL_IV; } - if (crypto_config->iv_type == IV_CRYPTO_MODULE && crypto_config->cryptography_type == CRYPTOGRAPHY_TYPE_LIBGCRYPT) + if (crypto_config.iv_type == IV_CRYPTO_MODULE && crypto_config.cryptography_type == CRYPTOGRAPHY_TYPE_LIBGCRYPT) { return CRYPTO_LIB_ERR_NULL_IV; } diff --git a/src/core/crypto_tm.c b/src/core/crypto_tm.c index 67e98f0b..0833faa4 100644 --- a/src/core/crypto_tm.c +++ b/src/core/crypto_tm.c @@ -73,7 +73,7 @@ int32_t Crypto_TM_ApplySecurity(SecurityAssociation_t* sa_ptr) ((uint8_t)tm_frame[1] & 0x0E) >> 1, gvcid_managed_parameters, ¤t_managed_parameters); - if ((crypto_config == NULL) || (mc_if == NULL) || (sa_if == NULL)) + if ((crypto_config.init_status == UNITIALIZED) || (mc_if == NULL) || (sa_if == NULL)) { printf(KRED "ERROR: CryptoLib Configuration Not Set! -- CRYPTO_LIB_ERR_NO_CONFIG, Will Exit\n" RESET); status = CRYPTO_LIB_ERR_NO_CONFIG; @@ -511,7 +511,7 @@ int32_t Crypto_TM_ApplySecurity(SecurityAssociation_t* sa_ptr) #ifdef FECF_DEBUG printf(KCYN "Calcing FECF over %d bytes\n" RESET, current_managed_parameters->max_frame_size - 2); #endif - if (crypto_config->crypto_create_fecf == CRYPTO_TM_CREATE_FECF_TRUE) + if (crypto_config.crypto_create_fecf == CRYPTO_TM_CREATE_FECF_TRUE) { new_fecf = Crypto_Calc_FECF((uint8_t*)&tm_frame, current_managed_parameters->max_frame_size - 2); tm_frame[current_managed_parameters->max_frame_size - 2] = (uint8_t)((new_fecf & 0xFF00) >> 8); @@ -832,7 +832,7 @@ int32_t Crypto_TM_ProcessSecurity(uint8_t* p_ingest, uint16_t len_ingest, uint8_ return status; } - if ((crypto_config == NULL) || (mc_if == NULL) || (sa_if == NULL)) + if ((crypto_config.init_status == UNITIALIZED) || (mc_if == NULL) || (sa_if == NULL)) { printf(KRED "ERROR: CryptoLib Configuration Not Set! -- CRYPTO_LIB_ERR_NO_CONFIG, Will Exit\n" RESET); status = CRYPTO_LIB_ERR_NO_CONFIG; @@ -979,7 +979,7 @@ int32_t Crypto_TM_ProcessSecurity(uint8_t* p_ingest, uint16_t len_ingest, uint8_ uint16_t received_fecf = (((p_ingest[current_managed_parameters->max_frame_size - 2] << 8) & 0xFF00) | (p_ingest[current_managed_parameters->max_frame_size - 1] & 0x00FF)); - if (crypto_config->crypto_check_fecf == TM_CHECK_FECF_TRUE) + if (crypto_config.crypto_check_fecf == TM_CHECK_FECF_TRUE) { // Calculate our own uint16_t calculated_fecf = Crypto_Calc_FECF(p_ingest, len_ingest - 2); diff --git a/src/sa/internal/sa_interface_inmemory.template.c b/src/sa/internal/sa_interface_inmemory.template.c index a47ccecb..fb6d2a52 100644 --- a/src/sa/internal/sa_interface_inmemory.template.c +++ b/src/sa/internal/sa_interface_inmemory.template.c @@ -356,7 +356,7 @@ static int32_t sa_get_from_spi(uint16_t spi, SecurityAssociation_t** security_as return CRYPTO_LIB_ERR_NO_INIT; } *security_association = &sa[spi]; - if (sa[spi].iv == NULL && (sa[spi].shivf_len > 0) && crypto_config->cryptography_type != CRYPTOGRAPHY_TYPE_KMCCRYPTO) + if (sa[spi].iv == NULL && (sa[spi].shivf_len > 0) && crypto_config.cryptography_type != CRYPTOGRAPHY_TYPE_KMCCRYPTO) { return CRYPTO_LIB_ERR_NULL_IV; } // Must have IV if doing encryption or authentication @@ -395,13 +395,13 @@ static int32_t sa_get_operational_sa_from_gvcid(uint8_t tfvn, uint16_t scid, uin { if ((sa[i].gvcid_blk.tfvn == tfvn) && (sa[i].gvcid_blk.scid == scid) && (sa[i].gvcid_blk.vcid == vcid) && (sa[i].sa_state == SA_OPERATIONAL) && - (crypto_config->unique_sa_per_mapid == TC_UNIQUE_SA_PER_MAP_ID_FALSE || + (crypto_config.unique_sa_per_mapid == TC_UNIQUE_SA_PER_MAP_ID_FALSE || sa[i].gvcid_blk.mapid == mapid)) // only require MapID match is unique SA per MapID set (only relevant // when using segmentation hdrs) { *security_association = &sa[i]; - if (sa[i].iv == NULL && (sa[i].ast == 1 || sa[i].est == 1) && crypto_config->cryptography_type != CRYPTOGRAPHY_TYPE_KMCCRYPTO) + if (sa[i].iv == NULL && (sa[i].ast == 1 || sa[i].est == 1) && crypto_config.cryptography_type != CRYPTOGRAPHY_TYPE_KMCCRYPTO) { return CRYPTO_LIB_ERR_NULL_IV; } diff --git a/src/sa/mariadb/sa_interface_mariadb.template.c b/src/sa/mariadb/sa_interface_mariadb.template.c index af57744b..add4a6f5 100644 --- a/src/sa/mariadb/sa_interface_mariadb.template.c +++ b/src/sa/mariadb/sa_interface_mariadb.template.c @@ -370,7 +370,7 @@ static int32_t parse_sa_from_mysql_query(char* query, SecurityAssociation_t** se } if (strcmp(field_names[i], "ekid") == 0) { - if(crypto_config->cryptography_type==CRYPTOGRAPHY_TYPE_LIBGCRYPT) + if(crypto_config.cryptography_type==CRYPTOGRAPHY_TYPE_LIBGCRYPT) { sa->ekid = atoi(row[i]); } else // Cryptography Type KMC Crypto Service with PKCS12 String Key References @@ -383,7 +383,7 @@ static int32_t parse_sa_from_mysql_query(char* query, SecurityAssociation_t** se } if (strcmp(field_names[i], "akid") == 0) { - if(crypto_config->cryptography_type==CRYPTOGRAPHY_TYPE_LIBGCRYPT) + if(crypto_config.cryptography_type==CRYPTOGRAPHY_TYPE_LIBGCRYPT) { sa->akid = atoi(row[i]); } else // Cryptography Type KMC Crypto Service with PKCS12 String Key References diff --git a/test/unit/ut_crypto.c b/test/unit/ut_crypto.c index 8249978b..4b06470b 100644 --- a/test/unit/ut_crypto.c +++ b/test/unit/ut_crypto.c @@ -257,7 +257,7 @@ UTEST(CRYPTO_C, EXT_PROC_PDU) TC_t* tc_frame = NULL; tc_frame = malloc(sizeof(uint8_t) * TC_SIZE); int32_t status = CRYPTO_LIB_ERROR; - crypto_config->has_pus_hdr = TC_NO_PUS_HDR; + crypto_config.has_pus_hdr = TC_NO_PUS_HDR; tc_frame->tc_header.vcid = TC_SDLS_EP_VCID; tc_frame->tc_header.fl = 1; diff --git a/test/unit/ut_crypto_config.c b/test/unit/ut_crypto_config.c index a77faf0f..cb78069b 100644 --- a/test/unit/ut_crypto_config.c +++ b/test/unit/ut_crypto_config.c @@ -47,7 +47,7 @@ UTEST(CRYPTO_CONFIG, CRYPTO_INIT_WITH_INCOMPLETE_CONFIG) UTEST(CRYPTO_CONFIG, CRYPTO_INIT_NO_MANAGED_PARAM_CONFIG) { int32_t status = CRYPTO_LIB_ERROR; - CryptoConfig_t* crypto_config_p = malloc(sizeof(CryptoConfig_t) * sizeof(uint8_t)); + CryptoConfig_t* crypto_config_p = malloc(CRYPTO_CONFIG_SIZE); GvcidManagedParameters_t* gvcid_managed_paramenters_p = NULL; SadbMariaDBConfig_t* sa_mariadb_config_p = NULL; CryptographyKmcCryptoServiceConfig_t* cryptography_kmc_crypto_config_p = NULL; @@ -62,7 +62,7 @@ UTEST(CRYPTO_CONFIG, CRYPTO_INIT_NO_MANAGED_PARAM_CONFIG) UTEST(CRYPTO_CONFIG, CRYPTO_INIT_MARIADB_NULL) { int32_t status = CRYPTO_LIB_ERROR; - CryptoConfig_t* crypto_config_p = malloc(sizeof(CryptoConfig_t) * sizeof(uint8_t)); + CryptoConfig_t* crypto_config_p = malloc(CRYPTO_CONFIG_SIZE); crypto_config_p->key_type=KEY_TYPE_INTERNAL; crypto_config_p->mc_type=MC_TYPE_INTERNAL; GvcidManagedParameters_t* gvcid_managed_paramenters_p = malloc(sizeof(GvcidManagedParameters_t)); @@ -70,7 +70,7 @@ UTEST(CRYPTO_CONFIG, CRYPTO_INIT_MARIADB_NULL) SadbMariaDBConfig_t* sa_mariadb_config_p = NULL; CryptographyKmcCryptoServiceConfig_t* cryptography_kmc_crypto_config_p = NULL; - crypto_config->sa_type = SA_TYPE_MARIADB; + crypto_config_p->sa_type = SA_TYPE_MARIADB; status = Crypto_Init_With_Configs(crypto_config_p, gvcid_managed_paramenters_p, sa_mariadb_config_p, cryptography_kmc_crypto_config_p); free(crypto_config_p); @@ -84,19 +84,19 @@ UTEST(CRYPTO_CONFIG, CRYPTO_INIT_MARIADB_NULL) UTEST(CRYPTO_CONFIG, CRYPTO_INIT_KMCCRYPTO_NULL) { int32_t status = CRYPTO_LIB_ERROR; - CryptoConfig_t* crypto_config = malloc(sizeof(CryptoConfig_t) * sizeof(uint8_t)); - crypto_config->key_type=KEY_TYPE_INTERNAL; - crypto_config->mc_type=MC_TYPE_INTERNAL; + CryptoConfig_t* crypto_config_p = malloc(CRYPTO_CONFIG_SIZE); + crypto_config_p->key_type=KEY_TYPE_INTERNAL; + crypto_config_p->mc_type=MC_TYPE_INTERNAL; GvcidManagedParameters_t* gvcid_managed_paramenters_p = malloc(sizeof(GvcidManagedParameters_t)); gvcid_managed_paramenters_p->next = NULL; SadbMariaDBConfig_t* sa_mariadb_config_p = malloc(sizeof(SadbMariaDBConfig_t) * sizeof(uint8_t)); CryptographyKmcCryptoServiceConfig_t* cryptography_kmc_crypto_config_p = NULL; - crypto_config->sa_type = SA_TYPE_MARIADB; - crypto_config->cryptography_type = CRYPTOGRAPHY_TYPE_KMCCRYPTO; + crypto_config_p->sa_type = SA_TYPE_MARIADB; + crypto_config_p->cryptography_type = CRYPTOGRAPHY_TYPE_KMCCRYPTO; - status = Crypto_Init_With_Configs(crypto_config, gvcid_managed_paramenters_p, sa_mariadb_config_p, cryptography_kmc_crypto_config_p); - free(crypto_config); + status = Crypto_Init_With_Configs(crypto_config_p, gvcid_managed_paramenters_p, sa_mariadb_config_p, cryptography_kmc_crypto_config_p); + free(crypto_config_p); free(gvcid_managed_paramenters_p); free(sa_mariadb_config_p); ASSERT_EQ(CRYPTOGRAPHY_KMC_CRYPTO_SERVICE_CONFIGURATION_NOT_COMPLETE, status); @@ -108,19 +108,19 @@ UTEST(CRYPTO_CONFIG, CRYPTO_INIT_KMCCRYPTO_NULL) UTEST(CRYPTO_CONFIG, CRYPTO_INIT_INVALID_INTERFACE) { int32_t status = CRYPTO_LIB_ERROR; - CryptoConfig_t* crypto_config = malloc(sizeof(CryptoConfig_t) * sizeof(uint8_t)); - crypto_config->key_type=KEY_TYPE_INTERNAL; - crypto_config->mc_type=MC_TYPE_INTERNAL; + CryptoConfig_t* crypto_config_p = malloc(CRYPTO_CONFIG_SIZE); + crypto_config_p->key_type=KEY_TYPE_INTERNAL; + crypto_config_p->mc_type=MC_TYPE_INTERNAL; GvcidManagedParameters_t* gvcid_managed_paramenters_p = malloc(sizeof(GvcidManagedParameters_t)); gvcid_managed_paramenters_p->next = NULL; SadbMariaDBConfig_t* sa_mariadb_config_p = malloc(sizeof(SadbMariaDBConfig_t) * sizeof(uint8_t)); CryptographyKmcCryptoServiceConfig_t* cryptography_kmc_crypto_config_p = NULL; - crypto_config->sa_type = SA_TYPE_MARIADB; - crypto_config->cryptography_type = 2; // Currently an invalid ENUM + crypto_config_p->sa_type = SA_TYPE_MARIADB; + crypto_config_p->cryptography_type = 2; // Currently an invalid ENUM - status = Crypto_Init_With_Configs(crypto_config, gvcid_managed_paramenters_p, sa_mariadb_config_p, cryptography_kmc_crypto_config_p); - free(crypto_config); + status = Crypto_Init_With_Configs(crypto_config_p, gvcid_managed_paramenters_p, sa_mariadb_config_p, cryptography_kmc_crypto_config_p); + free(crypto_config_p); free(gvcid_managed_paramenters_p); free(sa_mariadb_config_p); ASSERT_EQ(CRYPTOGRAPHY_INVALID_CRYPTO_INTERFACE_TYPE, status); @@ -132,7 +132,7 @@ UTEST(CRYPTO_CONFIG, CRYPTO_INIT_INVALID_INTERFACE) UTEST(CRYPTO_CONFIG, CRYPTO_INIT_INVALID_SADB) { int32_t status = CRYPTO_LIB_ERROR; - CryptoConfig_t* crypto_config_p = malloc(sizeof(CryptoConfig_t) * sizeof(uint8_t)); + CryptoConfig_t* crypto_config_p = malloc(CRYPTO_CONFIG_SIZE); crypto_config_p->key_type=KEY_TYPE_INTERNAL; crypto_config_p->mc_type=MC_TYPE_INTERNAL; GvcidManagedParameters_t* gvcid_managed_paramenters_p = malloc(sizeof(GvcidManagedParameters_t) * sizeof(uint8_t)); @@ -140,8 +140,8 @@ UTEST(CRYPTO_CONFIG, CRYPTO_INIT_INVALID_SADB) SadbMariaDBConfig_t* sa_mariadb_config_p = malloc(sizeof(SadbMariaDBConfig_t) * sizeof(uint8_t)); CryptographyKmcCryptoServiceConfig_t* cryptography_kmc_crypto_config_p = NULL; - crypto_config->sa_type = 99; // Currently an invalid ENUM - crypto_config->cryptography_type = 99; // Currently an invalid ENUM + crypto_config_p->sa_type = 99; // Currently an invalid ENUM + crypto_config_p->cryptography_type = 99; // Currently an invalid ENUM status = Crypto_Init_With_Configs(crypto_config_p, gvcid_managed_paramenters_p, sa_mariadb_config_p, cryptography_kmc_crypto_config_p); free(crypto_config_p); @@ -204,14 +204,14 @@ UTEST(CRYPTO_CONFIG, CRYPTO_CONFIG_KMC) UTEST(CRYPTO_CONFIG, CRYPTO_INIT_KMC_OK) { int32_t status = CRYPTO_LIB_ERROR; - CryptoConfig_t* crypto_config_p = malloc(sizeof(CryptoConfig_t) * sizeof(uint8_t)); + CryptoConfig_t* crypto_config_p = malloc(CRYPTO_CONFIG_SIZE); crypto_config_p->key_type=KEY_TYPE_INTERNAL; GvcidManagedParameters_t* gvcid_managed_paramenters_p = malloc(sizeof(GvcidManagedParameters_t) * sizeof(uint8_t)); SadbMariaDBConfig_t* sa_mariadb_config_p = malloc(sizeof(SadbMariaDBConfig_t) * sizeof(uint8_t)); CryptographyKmcCryptoServiceConfig_t* cryptography_kmc_crypto_config_p = malloc(sizeof(CryptographyKmcCryptoServiceConfig_t) * sizeof(uint8_t)); - crypto_config->sa_type = SA_TYPE_MARIADB; - crypto_config->cryptography_type = CRYPTOGRAPHY_TYPE_KMCCRYPTO; + crypto_config_p->sa_type = SA_TYPE_MARIADB; + crypto_config_p->cryptography_type = CRYPTOGRAPHY_TYPE_KMCCRYPTO; status = Crypto_Init_With_Configs(crypto_config_p, gvcid_managed_paramenters_p, sa_mariadb_config_p, cryptography_kmc_crypto_config_p); free(crypto_config_p); diff --git a/test/unit/ut_tc_process.c b/test/unit/ut_tc_process.c index 57e9fa14..c30ebd11 100644 --- a/test/unit/ut_tc_process.c +++ b/test/unit/ut_tc_process.c @@ -88,28 +88,16 @@ UTEST(TC_PROCESS, EXERCISE_IV) printf(KGRN "Checking replay - using previous received IV...\n" RESET); status = Crypto_TC_ProcessSecurity(buffer_replay_b, &buffer_replay_len, tc_nist_processed_frame); ASSERT_EQ(CRYPTO_LIB_ERR_IV_OUTSIDE_WINDOW, status); - free(tc_nist_processed_frame->tc_sec_header.iv); - free(tc_nist_processed_frame->tc_sec_header.sn); - free(tc_nist_processed_frame->tc_sec_header.pad); - free(tc_nist_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? // Expect to fail on counter being too high printf(KGRN "Checking replay - using IV outside the window...\n" RESET); status = Crypto_TC_ProcessSecurity(buffer_outside_window_b, &buffer_outside_window_len, tc_nist_processed_frame); ASSERT_EQ(CRYPTO_LIB_ERR_IV_OUTSIDE_WINDOW, status); - free(tc_nist_processed_frame->tc_sec_header.iv); - free(tc_nist_processed_frame->tc_sec_header.sn); - free(tc_nist_processed_frame->tc_sec_header.pad); - free(tc_nist_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? // Expect success on valid IV printf(KGRN "Checking valid IV... should be able to receive it... \n" RESET); status = Crypto_TC_ProcessSecurity(buffer_good_iv_b, &buffer_good_iv_len, tc_nist_processed_frame); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - free(tc_nist_processed_frame->tc_sec_header.iv); - free(tc_nist_processed_frame->tc_sec_header.sn); - free(tc_nist_processed_frame->tc_sec_header.pad); - free(tc_nist_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? // Expect success on valid IV within window, but has a gap printf(KGRN "Checking valid IV within window... should be able to receive it... \n" RESET); @@ -134,10 +122,6 @@ UTEST(TC_PROCESS, EXERCISE_IV) free(ptr_enc_frame); free(buffer_nist_iv_b); free(buffer_nist_key_b); - free(tc_nist_processed_frame->tc_sec_header.iv); - free(tc_nist_processed_frame->tc_sec_header.sn); - free(tc_nist_processed_frame->tc_sec_header.pad); - free(tc_nist_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? free(tc_nist_processed_frame); } @@ -217,27 +201,15 @@ UTEST(TC_PROCESS, EXERCISE_ARSN) printf(KGRN "Checking replay - using previous received ARSN...\n" RESET); status = Crypto_TC_ProcessSecurity(buffer_replay_b, &buffer_replay_len, tc_nist_processed_frame); ASSERT_EQ(CRYPTO_LIB_ERR_ARSN_OUTSIDE_WINDOW, status); - free(tc_nist_processed_frame->tc_sec_header.iv); - free(tc_nist_processed_frame->tc_sec_header.sn); - free(tc_nist_processed_frame->tc_sec_header.pad); - free(tc_nist_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? // Expect to fail on counter being too high printf(KGRN "Checking replay - using ARSN outside the window...\n" RESET); status = Crypto_TC_ProcessSecurity(buffer_outside_window_b, &buffer_outside_window_len, tc_nist_processed_frame); ASSERT_EQ(CRYPTO_LIB_ERR_ARSN_OUTSIDE_WINDOW, status); - free(tc_nist_processed_frame->tc_sec_header.iv); - free(tc_nist_processed_frame->tc_sec_header.sn); - free(tc_nist_processed_frame->tc_sec_header.pad); - free(tc_nist_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? // Expect success on valid ARSN printf(KGRN "Checking next valid ARSN... should be able to receive it... \n" RESET); status = Crypto_TC_ProcessSecurity(buffer_good_arsn_b, &buffer_good_arsn_len, tc_nist_processed_frame); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - free(tc_nist_processed_frame->tc_sec_header.iv); - free(tc_nist_processed_frame->tc_sec_header.sn); - free(tc_nist_processed_frame->tc_sec_header.pad); - free(tc_nist_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? // Expect success on valid ARSN within window, but has a gap printf(KGRN "Checking valid ARSN within window... should be able to receive it... \n" RESET); @@ -255,10 +227,6 @@ UTEST(TC_PROCESS, EXERCISE_ARSN) } printf("\n"); Crypto_Shutdown(); - free(tc_nist_processed_frame->tc_sec_header.iv); - free(tc_nist_processed_frame->tc_sec_header.sn); - free(tc_nist_processed_frame->tc_sec_header.pad); - free(tc_nist_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? free(tc_nist_processed_frame); free(ptr_enc_frame); free(buffer_nist_key_b); @@ -429,17 +397,9 @@ UTEST(TC_PROCESS, HAPPY_PATH_PROCESS_NONTRANSMITTED_INCREMENTING_IV_ROLLOVER) return_val = Crypto_TC_ProcessSecurity(dec_test_fe_b, &dec_test_fe_len, tc_sdls_processed_frame); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); ASSERT_EQ(test_association->iv[11],0xFE); - free(tc_sdls_processed_frame->tc_sec_header.iv); - free(tc_sdls_processed_frame->tc_sec_header.sn); - free(tc_sdls_processed_frame->tc_sec_header.pad); - free(tc_sdls_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? return_val = Crypto_TC_ProcessSecurity(dec_test_ff_b, &dec_test_ff_len, tc_sdls_processed_frame); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); ASSERT_EQ(test_association->iv[11],0xFF); - free(tc_sdls_processed_frame->tc_sec_header.iv); - free(tc_sdls_processed_frame->tc_sec_header.sn); - free(tc_sdls_processed_frame->tc_sec_header.pad); - free(tc_sdls_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? // test_association->iv[5] = 0x01; return_val = Crypto_TC_ProcessSecurity(dec_test_00_b, &dec_test_00_len, tc_sdls_processed_frame); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val); @@ -463,10 +423,6 @@ UTEST(TC_PROCESS, HAPPY_PATH_PROCESS_NONTRANSMITTED_INCREMENTING_IV_ROLLOVER) free(dec_test_fe_b); free(dec_test_ff_b); free(dec_test_00_b); - free(tc_sdls_processed_frame->tc_sec_header.iv); - free(tc_sdls_processed_frame->tc_sec_header.sn); - free(tc_sdls_processed_frame->tc_sec_header.pad); - free(tc_sdls_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? free(tc_sdls_processed_frame); } @@ -593,10 +549,6 @@ UTEST(TC_PROCESS, ERROR_TC_INPUT_FRAME_TOO_SHORT_FOR_SPEC) ASSERT_EQ(CRYPTO_LIB_ERR_INPUT_FRAME_TOO_SHORT_FOR_TC_STANDARD, status); Crypto_Shutdown(); - free(tc_sdls_processed_frame->tc_sec_header.iv); - free(tc_sdls_processed_frame->tc_sec_header.sn); - free(tc_sdls_processed_frame->tc_sec_header.pad); - free(tc_sdls_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? free(tc_sdls_processed_frame); free(test_frame_pt_b); } @@ -635,10 +587,6 @@ UTEST(TC_PROCESS, ERROR_TC_INPUT_FRAME_TOO_SHORT_FOR_SPECIFIED_FRAME_LENGTH_HEAD Crypto_Shutdown(); free(test_frame_pt_b); - free(tc_sdls_processed_frame->tc_sec_header.iv); - free(tc_sdls_processed_frame->tc_sec_header.sn); - free(tc_sdls_processed_frame->tc_sec_header.pad); - free(tc_sdls_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? free(tc_sdls_processed_frame); } @@ -691,10 +639,6 @@ UTEST(TC_PROCESS, HAPPY_PATH_DECRYPT_CBC) //printf("\n"); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - free(tc_sdls_processed_frame->tc_sec_header.iv); - free(tc_sdls_processed_frame->tc_sec_header.sn); - free(tc_sdls_processed_frame->tc_sec_header.pad); - free(tc_sdls_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? free(tc_sdls_processed_frame); free(test_frame_pt_b); free(truth_data_b); @@ -757,10 +701,6 @@ UTEST(TC_PROCESS, DECRYPT_CBC_1B) ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); free(test_frame_pt_b); - free(tc_sdls_processed_frame->tc_sec_header.iv); - free(tc_sdls_processed_frame->tc_sec_header.sn); - free(tc_sdls_processed_frame->tc_sec_header.pad); - free(tc_sdls_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? free(tc_sdls_processed_frame); free(truth_data_b); Crypto_Shutdown(); @@ -820,10 +760,6 @@ UTEST(TC_PROCESS, DECRYPT_CBC_16B) ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); free(test_frame_pt_b); - free(tc_sdls_processed_frame->tc_sec_header.iv); - free(tc_sdls_processed_frame->tc_sec_header.sn); - free(tc_sdls_processed_frame->tc_sec_header.pad); - free(tc_sdls_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? free(tc_sdls_processed_frame); free(truth_data_b); Crypto_Shutdown(); @@ -915,10 +851,6 @@ UTEST(TC_PROCESS, GCM_IV_AND_ARSN) printf(KGRN "Checking replay - using previous received ARSN and previous IV...\n" RESET); status = Crypto_TC_ProcessSecurity(buffer_bad_iv_bad_arsn_b, &buffer_bad_iv_bad_arsn_len, tc_nist_processed_frame); ASSERT_EQ(CRYPTO_LIB_ERR_ARSN_OUTSIDE_WINDOW, status); - free(tc_nist_processed_frame->tc_sec_header.iv); - free(tc_nist_processed_frame->tc_sec_header.sn); - free(tc_nist_processed_frame->tc_sec_header.pad); - free(tc_nist_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? // Expect to fail on ARSN (Good IV, bad ARSN) printf(KGRN "Checking replay - using previous received ARSN...\n" RESET); @@ -929,10 +861,6 @@ UTEST(TC_PROCESS, GCM_IV_AND_ARSN) { ASSERT_EQ(test_association->iv[i], buffer_nist_iv_b[i]); } - free(tc_nist_processed_frame->tc_sec_header.iv); - free(tc_nist_processed_frame->tc_sec_header.sn); - free(tc_nist_processed_frame->tc_sec_header.pad); - free(tc_nist_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? // Expect to fail on IV (Bad IV, Good ARSN) printf(KGRN "Checking replay - using previous received IV...\n" RESET); @@ -943,30 +871,18 @@ UTEST(TC_PROCESS, GCM_IV_AND_ARSN) { ASSERT_EQ(test_association->arsn[i], buffer_arsn_b[i]); } - free(tc_nist_processed_frame->tc_sec_header.iv); - free(tc_nist_processed_frame->tc_sec_header.sn); - free(tc_nist_processed_frame->tc_sec_header.pad); - free(tc_nist_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? // Expect to fail on IV counter being too high // Check w/ Mike printf(KGRN "Checking replay - using IV outside (above) the window...\n" RESET); status = Crypto_TC_ProcessSecurity(buffer_high_iv_good_arsn_b, &buffer_high_iv_good_arsn_len, tc_nist_processed_frame); ASSERT_EQ(CRYPTO_LIB_ERR_IV_OUTSIDE_WINDOW, status); - free(tc_nist_processed_frame->tc_sec_header.iv); - free(tc_nist_processed_frame->tc_sec_header.sn); - free(tc_nist_processed_frame->tc_sec_header.pad); - free(tc_nist_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? // Expect to fail on ARSN counter being too high // Check w/ Mike printf(KGRN "Checking replay - using ARSN outside (above) the window...\n" RESET); status = Crypto_TC_ProcessSecurity(buffer_good_iv_high_arsn_b, &buffer_good_iv_high_arsn_len, tc_nist_processed_frame); ASSERT_EQ(CRYPTO_LIB_ERR_ARSN_OUTSIDE_WINDOW, status); - free(tc_nist_processed_frame->tc_sec_header.iv); - free(tc_nist_processed_frame->tc_sec_header.sn); - free(tc_nist_processed_frame->tc_sec_header.pad); - free(tc_nist_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? // Expect success on next valid IV && ARSN printf(KGRN "Checking next valid IV && valid ARSN... should be able to receive it... \n" RESET); @@ -977,19 +893,10 @@ UTEST(TC_PROCESS, GCM_IV_AND_ARSN) // Verify ARSN LSB incremented ASSERT_EQ(test_association->arsn[test_association->arsn_len-1], 0x24); - free(tc_nist_processed_frame->tc_sec_header.iv); - free(tc_nist_processed_frame->tc_sec_header.sn); - free(tc_nist_processed_frame->tc_sec_header.pad); - free(tc_nist_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? - // Expect success on valid IV and ARSNs within window, but have a gap printf(KGRN "Checking valid IV and ARSN within window... should be able to receive it... \n" RESET); status = Crypto_TC_ProcessSecurity(buffer_good_iv_gap_good_arsn_gap_b, &buffer_good_iv_gap_good_arsn_gap_len, tc_nist_processed_frame); ASSERT_EQ(CRYPTO_LIB_SUCCESS, status); - free(tc_nist_processed_frame->tc_sec_header.iv); - free(tc_nist_processed_frame->tc_sec_header.sn); - free(tc_nist_processed_frame->tc_sec_header.pad); - free(tc_nist_processed_frame->tc_sec_trailer.mac); // TODO: Is there a method to free all of this? // Validate that the SA IV is updated to the most recently received IV // IV length in this testing is 12 bytes