Fix tc process and tc apply.

fsw/crypto_sadb/sadb_mariadb_admin_scripts/create_sadb.sql

@@ -22,15 +22,15 @@ CREATE TABLE security_associations
   ,shplf_len SMALLINT NOT NULL DEFAULT 0
   ,stmacf_len SMALLINT NOT NULL DEFAULT 0
   ,ecs_len SMALLINT
-  ,ecs BINARY(4) NOT NULL DEFAULT X'00000000' -- ECS_SIZE=4
+  ,ecs VARBINARY(4) NOT NULL DEFAULT X'00000000' -- ECS_SIZE=4
   ,iv_len SMALLINT NOT NULL DEFAULT 12
-  ,iv BINARY(12) NOT NULL DEFAULT X'000000000000000000000000' -- IV_SIZE=12
+  ,iv VARBINARY(20) NOT NULL DEFAULT X'000000000000000000000000' -- IV_SIZE=12
   ,acs_len SMALLINT NOT NULL DEFAULT 0
   ,acs SMALLINT NOT NULL DEFAULT 0
   ,abm_len MEDIUMINT
-  ,abm BINARY(20) NOT NULL DEFAULT X'1111111111111111111111111111111111111111' -- ABM_SIZE=20
+  ,abm VARBINARY(1024) NOT NULL DEFAULT X'1111111111111111111111111111111111111111' -- ABM_SIZE=1024
   ,arc_len SMALLINT NOT NULL DEFAULT 0
-  ,arc BINARY(20) NOT NULL DEFAULT X'0000000000000000000000000000000000000000' -- ARC_SIZE=20 , TBD why so large...
+  ,arc VARBINARY(20) NOT NULL DEFAULT X'0000000000000000000000000000000000000000' -- ARC_SIZE=20 , TBD why so large...
   ,arcw_len SMALLINT
-  ,arcw BINARY(1) NOT NULL DEFAULT X'00' -- ARCW_SIZE=1
+  ,arcw SMALLINT NOT NULL DEFAULT 0 -- ARCW_SIZE=1
 );

fsw/crypto_sadb/sadb_mariadb_admin_scripts/create_sadb_jpl_unit_test_security_associations.sql

@@ -2,21 +2,21 @@ USE sadb;
 
 -- SA 1 - CLEAR MODE
 INSERT INTO security_associations (spi,sa_state,est,ast,arc_len,arc,arcw_len,arcw,tfvn,scid,vcid,mapid)
-VALUES (1,0,0,0,1,X'0000000000000000000000000000000000000000',1,X'05',0,3,0,0);
+VALUES (1,0,0,0,1,X'0000000000000000000000000000000000000000',1,5,0,3,0,0);
 
 -- SA 2 - OPERATIONAL;  ARCW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 44, VC-0
 INSERT INTO security_associations (spi,ekid,sa_state,est,ast,shivf_len,iv_len,iv,abm_len,abm,arcw_len,arcw,arc_len,tfvn,scid,vcid,mapid)
--- VALUES (2,130,3,1,1,12,12,X'000000000000000000000001',20,X'0000000000000000000000000000000000000000',1,X'05',11,0,44,0,0);
-VALUES (2,130,3,1,0,12,12,X'000000000000000000000001',19,X'00000000000000000000000000000000000000',1,X'05',0,0,44,0,0);
+-- VALUES (2,130,3,1,1,12,12,X'000000000000000000000001',20,X'0000000000000000000000000000000000000000',1,5,11,0,44,0,0);
+VALUES (2,130,3,1,0,12,12,X'000000000000000000000001',19,X'00000000000000000000000000000000000000',1,5,0,0,44,0,0);
 
 -- SA 3 - OPERATIONAL;  ARCW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 44, VC-1
 INSERT INTO security_associations (spi,ekid,sa_state,est,ast,shivf_len,iv_len,iv,abm_len,abm,arcw_len,arcw,arc_len,tfvn,scid,vcid,mapid)
-VALUES (3,130,3,1,0,12,12,X'000000000000000000000001',19,X'00000000000000000000000000000000000000',1,X'05',0,0,44,1,0);
+VALUES (3,130,3,1,0,12,12,X'000000000000000000000001',19,X'00000000000000000000000000000000000000',1,5,0,0,44,1,0);
 
 -- SA 4 - OPERATIONAL;  ARCW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 44, VC-2
 INSERT INTO security_associations (spi,ekid,sa_state,est,ast,shivf_len,iv_len,iv,abm_len,abm,arcw_len,arcw,arc_len,tfvn,scid,vcid,mapid)
-VALUES (4,130,3,1,0,12,12,X'000000000000000000000001',19,X'00000000000000000000000000000000000000',1,X'05',0,0,44,2,0);
+VALUES (4,130,3,1,0,12,12,X'000000000000000000000001',19,X'00000000000000000000000000000000000000',1,5,0,0,44,2,0);
 
 -- SA 5 - OPERATIONAL;  ARCW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 44, VC-3
 INSERT INTO security_associations (spi,ekid,sa_state,est,ast,shivf_len,iv_len,iv,abm_len,abm,arcw_len,arcw,arc_len,tfvn,scid,vcid,mapid)
-VALUES (4,130,3,1,0,12,12,X'000000000000000000000001',19,X'00000000000000000000000000000000000000',1,X'05',0,0,44,3,0);
+VALUES (4,130,3,1,0,12,12,X'000000000000000000000001',19,X'00000000000000000000000000000000000000',1,5,0,0,44,3,0);

fsw/crypto_util/CMakeLists.txt

@@ -21,7 +21,7 @@ include_directories(../crypto/public_inc)
 
 if(${ENCTEST})
     find_package (Python3 REQUIRED COMPONENTS Interpreter Development)
-    execute_process(COMMAND pip show pycryptodome RESULT_VARIABLE EXIT_CODE OUTPUT_QUIET)
+    execute_process(COMMAND pip3 show pycryptodome RESULT_VARIABLE EXIT_CODE OUTPUT_QUIET)
     if(NOT ${EXIT_CODE} EQUAL 0)
         message(FATAL_ERROR "The \"pycryptodome\" Python3 package is not installed, and is required for ENCTEST.")
     endif()

fsw/crypto_util/app/ut_tc_apply.c

@@ -22,8 +22,9 @@
 #include "utest.h"
 #include "crypto.h"
 #include "crypto_error.h"
+#include "sadb_routine.h"
+
 
-// TODO:  I don't believe Crypto Init is cleaned up between each test.  I am fairly certain that the init persists between tests.
 /**
  * @brief Unit Test: No Crypto_Init()
  * 
@@ -38,7 +39,7 @@ UTEST(TC_APPLY_SECURITY, NO_CRYPTO_INIT)
     int raw_tc_sdls_ping_len = 0;
 
     hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len);
-    Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY,CRYPTO_TC_CREATE_FECF_TRUE,TC_PROCESS_SDLS_PDUS_TRUE,TC_HAS_PUS_HDR,TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_TRUE, 0x3F);
+    Crypto_Config_CryptoLib(SADB_TYPE_INMEMORY,CRYPTO_TC_CREATE_FECF_TRUE,TC_PROCESS_SDLS_PDUS_TRUE,TC_HAS_PUS_HDR,TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_TRUE, TC_CHECK_FECF_TRUE, 0x3F);
     Crypto_Config_Add_Gvcid_Managed_Parameter(0,0x0003,0,TC_HAS_FECF,TC_HAS_SEGMENT_HDRS);
 
     uint8 *ptr_enc_frame = NULL;
@@ -55,13 +56,73 @@ UTEST(TC_APPLY_SECURITY, NO_CRYPTO_INIT)
  * @brief Unit Test:  Nominal Case
  * This should read a raw_tc_sdls_ping and continue down the "happy Path", finally returning CRYPTO_LIB_SUCCESS
  **/
-UTEST(TC_APPLY_SECURITY, HAPPY_PATH)
+UTEST(TC_APPLY_SECURITY, HAPPY_PATH_CLEAR)
+{
+    //Setup & Initialize CryptoLib
+    Crypto_Init_Unit_Test();
+    char *raw_tc_sdls_ping_h = "20030015000080d2c70008197f0b00310000b1fe3128";
+    uint8 *raw_tc_sdls_ping_b = NULL;
+    int raw_tc_sdls_ping_len = 0;
+
+    hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len);
+
+    uint8 *ptr_enc_frame = NULL;
+    uint16 enc_frame_len = 0;
+
+    int32 return_val = CRYPTO_LIB_ERROR;
+
+    return_val = Crypto_TC_ApplySecurity(raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len);
+    Crypto_Shutdown();
+    free(raw_tc_sdls_ping_b);
+    free(ptr_enc_frame);
+    ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val);
+}
+
+/**
+ * @brief Unit Test: Nominal Encryption
+ **/
+UTEST(TC_APPLY_SECURITY, HAPPY_PATH_ENC)
+{
+    //Setup & Initialize CryptoLib
+    Crypto_Init_Unit_Test();
+    char *raw_tc_sdls_ping_h = "20030015000080d2c70008197f0b00310000b1fe3128";
+    uint8 *raw_tc_sdls_ping_b = NULL;
+    int raw_tc_sdls_ping_len = 0;
+    SadbRoutine sadb_routine = get_sadb_routine_inmemory();
+
+    hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len);
+
+    uint8 *ptr_enc_frame = NULL;
+    uint16 enc_frame_len = 0;
+
+    int32 return_val = CRYPTO_LIB_ERROR;
+
+    SecurityAssociation_t* test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(unsigned char));
+    //Expose the SADB Security Association for test edits.
+    sadb_routine->sadb_get_sa_from_spi(1,&test_association);
+    test_association->sa_state = SA_NONE;
+    sadb_routine->sadb_get_sa_from_spi(4,&test_association);
+    test_association->sa_state = SA_OPERATIONAL;
+    test_association->ast=0;
+
+    return_val = Crypto_TC_ApplySecurity(raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len);
+    Crypto_Shutdown();
+    free(raw_tc_sdls_ping_b);
+    free(ptr_enc_frame);
+    ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val);
+}
+
+/**
+ * @brief Unit Test: Nominal Authorized Encryption
+ **/
+UTEST(TC_APPLY_SECURITY, HAPPY_PATH_AUTH_ENC)
 {
     //Setup & Initialize CryptoLib
     Crypto_Init_Unit_Test();
     char *raw_tc_sdls_ping_h = "20030015000080d2c70008197f0b00310000b1fe3128";
     uint8 *raw_tc_sdls_ping_b = NULL;
     int raw_tc_sdls_ping_len = 0;
+    SadbRoutine sadb_routine = get_sadb_routine_inmemory();
 
     hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len);
 
@@ -70,6 +131,13 @@ UTEST(TC_APPLY_SECURITY, HAPPY_PATH)
 
     int32 return_val = CRYPTO_LIB_ERROR;
 
+    SecurityAssociation_t* test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(unsigned char));
+    //Expose the SADB Security Association for test edits.
+    sadb_routine->sadb_get_sa_from_spi(1,&test_association);
+    test_association->sa_state = SA_NONE;
+    sadb_routine->sadb_get_sa_from_spi(4,&test_association);
+    test_association->sa_state = SA_OPERATIONAL;
+
     return_val = Crypto_TC_ApplySecurity(raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len);
     Crypto_Shutdown();
     free(raw_tc_sdls_ping_b);
@@ -80,7 +148,8 @@ UTEST(TC_APPLY_SECURITY, HAPPY_PATH)
 /**
  * @brief Unit Test: Bad Spacecraft ID
  * This should pass the flawed hex string, and return CRYPTO_LIB_ERR_INVALID_SCID
- **/
+ * Bad Space Craft ID.  This should pass the flawed .dat file, and return MANAGED_PARAMETERS_FOR_GVCID_NOT_FOUND
+**/
 UTEST(TC_APPLY_SECURITY, BAD_SPACE_CRAFT_ID)
 {
     //Setup & Initialize CryptoLib

fsw/public_inc/crypto.h

@@ -41,7 +41,7 @@
 */
 
 // Crypto Library Configuration functions
-extern int32 Crypto_Config_CryptoLib(uint8 sadb_type, uint8 crypto_create_fecf, uint8 process_sdls_pdus, uint8 has_pus_hdr, uint8 ignore_sa_state, uint8 ignore_anti_replay, uint8 unique_sa_per_mapid, uint8 vcid_bitmask);
+extern int32 Crypto_Config_CryptoLib(uint8 sadb_type, uint8 crypto_create_fecf, uint8 process_sdls_pdus, uint8 has_pus_hdr, uint8 ignore_sa_state, uint8 ignore_anti_replay, uint8 unique_sa_per_mapid, uint8 crypto_check_fecf, uint8 vcid_bitmask);
 extern int32 Crypto_Config_MariaDB(char* mysql_username, char* mysql_password, char* mysql_hostname, char* mysql_database, uint16 mysql_port);
 extern int32 Crypto_Config_Add_Gvcid_Managed_Parameter(uint8 tfvn, uint16 scid, uint8 vcid, uint8 has_fecf, uint8 has_segmentation_hdr);
 

fsw/public_inc/crypto_config.h

@@ -175,4 +175,7 @@
 // TC Behavior Defines
     #define TC_SDLS_EP_VCID             4 //VCID which has SDLS PDUs (JPL uses VCIDs to determine TC type, there is no space packet layer with APIDs). Set to -1 if uses SP APIDs.
 
+// Logic Behavior Defines
+    #define CRYPTO_FALSE                0
+    #define CRYPTO_TRUE                 1
 #endif

fsw/public_inc/crypto_config_structs.h

@@ -36,6 +36,7 @@ typedef enum { TC_NO_PUS_HDR, TC_HAS_PUS_HDR } TcPusHdrPresent;
 typedef enum { TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_SA_STATE_TRUE } TcIgnoreSaState;
 typedef enum { TC_IGNORE_ANTI_REPLAY_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE } TcIgnoreAntiReplay;
 typedef enum { TC_UNIQUE_SA_PER_MAP_ID_FALSE, TC_UNIQUE_SA_PER_MAP_ID_TRUE } TcUniqueSaPerMapId;
+typedef enum { TC_CHECK_FECF_FALSE, TC_CHECK_FECF_TRUE } TcCheckFecfBool;
 
 /*
 ** Main Crypto Configuration Block
@@ -49,6 +50,7 @@ typedef struct
     TcIgnoreSaState ignore_sa_state; //TODO - add logic that uses this configuration
     TcIgnoreAntiReplay ignore_anti_replay;
     TcUniqueSaPerMapId unique_sa_per_mapid;
+    TcCheckFecfBool crypto_check_fecf;
     uint8 vcid_bitmask;
 } CryptoConfig_t;
 #define CRYPTO_CONFIG_SIZE (sizeof(CryptoConfig_t))

fsw/public_inc/crypto_error.h

@@ -20,23 +20,35 @@
 #include "sadb_mariadb_error.h"
 
 #define SADB_INVALID_SADB_TYPE                                    201
+#define SADB_NULL_SA_USED                                         202
 #define CRYPTO_CONFIGURATION_NOT_COMPLETE                         101
 #define CRYPTO_MANAGED_PARAM_CONFIGURATION_NOT_COMPLETE           102
 #define CRYPTO_MARIADB_CONFIGURATION_NOT_COMPLETE                 103
 #define MANAGED_PARAMETERS_FOR_GVCID_NOT_FOUND                    104
 
 
-#define CRYPTO_LIB_SUCCESS                  (0)
-#define CRYPTO_LIB_ERROR                    (-1)
-#define CRYPTO_LIB_ERR_NO_INIT              (-2)
-#define CRYPTO_LIB_ERR_INVALID_TFVN         (-3)
-#define CRYPTO_LIB_ERR_INVALID_SCID         (-4)
-#define CRYPTO_LIB_ERR_INVALID_VCID         (-5)
-#define CRYPTO_LIB_ERR_INVALID_MAPID        (-6)
-#define CRYPTO_LIB_ERR_INVALID_CC_FLAG      (-7)
-#define CRYPTO_LIB_ERR_NO_OPERATIONAL_SA    (-8)
-#define CRYPTO_LIB_ERR_NULL_BUFFER          (-9)
-#define CRYPTO_LIB_ERR_UT_BYTE_MISMATCH     (-10)
-#define CRYPTO_LIB_ERR_NO_CONFIG            (-11)
+#define CRYPTO_LIB_SUCCESS                      (0)
+#define CRYPTO_LIB_ERROR                        (-1)
+#define CRYPTO_LIB_ERR_NO_INIT                  (-2)
+#define CRYPTO_LIB_ERR_INVALID_TFVN             (-3)
+#define CRYPTO_LIB_ERR_INVALID_SCID             (-4)
+#define CRYPTO_LIB_ERR_INVALID_VCID             (-5)
+#define CRYPTO_LIB_ERR_INVALID_MAPID            (-6)
+#define CRYPTO_LIB_ERR_INVALID_CC_FLAG          (-7)
+#define CRYPTO_LIB_ERR_NO_OPERATIONAL_SA        (-8)
+#define CRYPTO_LIB_ERR_NULL_BUFFER              (-9)
+#define CRYPTO_LIB_ERR_UT_BYTE_MISMATCH         (-10)
+#define CRYPTO_LIB_ERR_NO_CONFIG                (-11)
+#define CRYPTO_LIB_ERR_INVALID_FECF             (-12)
+#define CRYPTO_LIB_ERR_BAD_ANTIREPLAY_WINDOW    (-13)
+#define CRYPTO_LIB_ERR_LIBGCRYPT_ERROR          (-14)
+#define CRYPTO_LIB_ERR_AUTHENTICATION_ERROR     (-15)
+#define CRYPTO_LIB_ERR_NULL_IV                  (-16)
+#define CRYPTO_LIB_ERR_NULL_ABM                 (-17)
+#define CRYPTO_LIB_ERR_DECRYPT_ERROR            (-18)
+#define CRYPTO_LIB_ERR_ABM_TOO_SHORT_FOR_AAD    (-19)
+#define CRYPTO_LIB_ERR_MAC_RETRIEVAL_ERROR      (-20)
+#define CRYPTO_LIB_ERR_MAC_VALIDATION_ERROR     (-21)
+
 
 #endif //_crypto_error_h_

fsw/public_inc/crypto_structs.h

@@ -68,16 +68,15 @@ typedef struct
     uint8		stmacf_len:8;		// Sec. Trailer MAC Field Length
     uint8		ecs_len	:8;			// Encryption Cipher Suite Length
     uint8		ecs[ECS_SIZE];		// Encryption Cipher Suite (algorithm / mode ID)
-    uint8		iv_len	:8;			// Initialization Vector Length
-    uint8		iv[IV_SIZE];		        // Initialization Vector
+    uint8*		iv;		            // Initialization Vector
     uint8		acs_len	:8;			// Authentication Cipher Suite Length
     uint8		acs		:8;			// Authentication Cipher Suite (algorithm / mode ID)
     uint16		abm_len	:16;		// Authentication Bit Mask Length
-    uint8		abm[ABM_SIZE];		// Authentication Bit Mask (Primary Hdr. through Security Hdr.)
+    uint8*		abm;        		// Authentication Bit Mask (Primary Hdr. through Security Hdr.)
     uint8		arc_len	:8;			// Anti-Replay Counter Length
-    uint8		arc[ARC_SIZE];		// Anti-Replay Counter
+    uint8*		arc;        		// Anti-Replay Counter
     uint8		arcw_len:8;			// Anti-Replay Counter Window Length
-    uint8		arcw[ARCW_SIZE];	// Anti-Replay Counter Window
+    uint16		arcw;           	// Anti-Replay Counter Window
 
 } SecurityAssociation_t;
 #define SA_SIZE	(sizeof(SecurityAssociation_t))
@@ -258,8 +257,8 @@ typedef struct
     uint8   sh:TC_SH_SIZE;		// Segment Header
     uint16	spi;				// Security Parameter Index
     uint8	iv[IV_SIZE]; 	    // Initialization Vector for encryption
-    //uint8	sn[TC_SN_SIZE]; 	// Sequence Number for anti-replay
-    //uint8	pad[TC_PAD_SIZE]; 	// Count of the used fill Bytes
+    uint8	sn[TC_SN_SIZE]; 	// Sequence Number for anti-replay
+    uint8	pad[TC_PAD_SIZE]; 	// Count of the used fill Bytes
 } TC_FrameSecurityHeader_t;
 #define TC_FRAME_SECHEADER_SIZE     (sizeof(TC_FrameSecurityHeader_t))
 

fsw/public_inc/sadb_routine.h

@@ -47,10 +47,6 @@ typedef struct {
 
 } SadbRoutineStruct, *SadbRoutine;
 
-#ifdef ENCTEST
-int32 expose_sadb_get_sa_from_spi(uint16, SecurityAssociation_t**);
-#endif
-
 SadbRoutine get_sadb_routine_mariadb(void);
 SadbRoutine get_sadb_routine_inmemory(void);
 SadbRoutine init_parse_sadb_routine(char *);