From 764d88dbb3d32458767c625145e2b5a131b65365 Mon Sep 17 00:00:00 2001
From: Ibraheem Saleh <iysaleh@gmail.com>
Date: Wed, 26 Jan 2022 12:13:39 -0800
Subject: [PATCH 1/3] Fix ABM parsing bug and add some error checking

---
 include/crypto_error.h                        |  1 +
 .../create_sadb.sql                           |  4 +-
 ...db_jpl_unit_test_security_associations.sql |  6 +-
 src/src_main/crypto_tc.c                      | 14 +++++
 src/src_mysql/sadb_routine_mariadb.template.c |  2 +-
 util/src_util/ut_kmc_crypto_aes_cmac.c        | 57 +++++++++++++++++--
 6 files changed, 75 insertions(+), 9 deletions(-)

diff --git a/include/crypto_error.h b/include/crypto_error.h
index e9ee0a40..f25ad170 100644
--- a/include/crypto_error.h
+++ b/include/crypto_error.h
@@ -70,5 +70,6 @@
 #define CRYPTO_LIB_ERR_ABM_TOO_SHORT_FOR_AAD (-19)
 #define CRYPTO_LIB_ERR_MAC_RETRIEVAL_ERROR (-20)
 #define CRYPTO_LIB_ERR_MAC_VALIDATION_ERROR (-21)
+#define CRYPTO_LIB_ERR_INVALID_HEADER (-22)
 
 #endif //_crypto_error_h_
diff --git a/src/crypto_sadb/sadb_mariadb_admin_scripts/create_sadb.sql b/src/crypto_sadb/sadb_mariadb_admin_scripts/create_sadb.sql
index 635147ad..1601a143 100644
--- a/src/crypto_sadb/sadb_mariadb_admin_scripts/create_sadb.sql
+++ b/src/crypto_sadb/sadb_mariadb_admin_scripts/create_sadb.sql
@@ -33,4 +33,6 @@ CREATE TABLE security_associations
   ,arc VARBINARY(20) NOT NULL DEFAULT X'0000000000000000000000000000000000000000' -- ARC_SIZE=20 , TBD why so large...
   ,arcw_len SMALLINT
   ,arcw SMALLINT NOT NULL DEFAULT 0 -- ARCW_SIZE=1
-);
\ No newline at end of file
+);
+
+create unique index if not exists main_spi on security_associations (spi,scid,vcid,tfvn,mapid);
\ No newline at end of file
diff --git a/src/crypto_sadb/sadb_mariadb_admin_scripts/create_sadb_jpl_unit_test_security_associations.sql b/src/crypto_sadb/sadb_mariadb_admin_scripts/create_sadb_jpl_unit_test_security_associations.sql
index fb730d7a..65c41c2d 100644
--- a/src/crypto_sadb/sadb_mariadb_admin_scripts/create_sadb_jpl_unit_test_security_associations.sql
+++ b/src/crypto_sadb/sadb_mariadb_admin_scripts/create_sadb_jpl_unit_test_security_associations.sql
@@ -17,7 +17,7 @@ VALUES (3,'kmc/test/key130',3,X'01',1,0,12,0,X'000000000000000000000001',19,X'00
 INSERT INTO security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,stmacf_len,iv,abm_len,abm,arcw_len,arcw,arc_len,tfvn,scid,vcid,mapid)
 VALUES (4,'kmc/test/key130',3,X'01',0,1,12,16,X'000000000000000000000001',1024,X'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF',1,5,0,0,44,3,0);
 
--- SCID 44 (MMT) Security Associations HMAC Authentication Only --
+-- SCID 44 (MMT) Security Associations AESCMAC Authentication Only --
 -- SA 5 - OPERATIONAL; AUTH Only - ARCW:5; None/AESCMAC ; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 44, VC-7
-INSERT INTO security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,stmacf_len,iv,abm_len,abm,arcw_len,arcw,arc_len,tfvn,scid,vcid,mapid)
-VALUES (5,'kmc/test/nist_cmac_90',3,X'00',0,1,0,16,X'000000000000000000000001',1024,X'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF',1,5,0,0,44,7,0);
+INSERT INTO security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,shsnf_len,stmacf_len,arc,abm_len,abm,arcw_len,arcw,arc_len,tfvn,scid,vcid,mapid)
+VALUES (5,'kmc/test/key130',3,X'00',0,1,0,4,16,X'00000001',1024,X'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF',1,5,4,0,44,7,0);
diff --git a/src/src_main/crypto_tc.c b/src/src_main/crypto_tc.c
index 9cfba9d0..f79965bc 100644
--- a/src/src_main/crypto_tc.c
+++ b/src/src_main/crypto_tc.c
@@ -819,6 +819,11 @@ int32_t Crypto_TC_ProcessSecurity(uint8_t *ingest, int *len_ingest, TC_t *tc_sdl
     tc_sdls_processed_frame->tc_pdu_len =
             tc_sdls_processed_frame->tc_header.fl + 1 - tc_enc_payload_start_index - sa_ptr->stmacf_len - fecf_len;
 
+    if(tc_sdls_processed_frame->tc_pdu_len > tc_sdls_processed_frame->tc_header.fl) // invalid header parsed, sizes overflowed & make no sense!
+    {
+        return CRYPTO_LIB_ERR_INVALID_HEADER;
+    }
+
 #ifdef DEBUG
     printf(KYEL "TC PDU Calculated Length: %d \n", tc_sdls_processed_frame->tc_pdu_len);
 #endif
@@ -929,6 +934,15 @@ uint8_t *Crypto_Prepare_TC_AAD(uint8_t *buffer, uint16_t len_aad, uint8_t *abm_b
         aad[i] = buffer[i] & abm_buffer[i];
     }
 
+#ifdef MAC_DEBUG
+    printf(KYEL "AAD before ABM Bitmask:\n\t");
+    for (int i = 0; i < len_aad; i++)
+    {
+        printf("%02x", buffer[i]);
+    }
+    printf("\n" RESET);
+#endif
+
 #ifdef MAC_DEBUG
     printf(KYEL "Preparing AAD:\n");
     printf("\tUsing AAD Length of %d\n\t", len_aad);
diff --git a/src/src_mysql/sadb_routine_mariadb.template.c b/src/src_mysql/sadb_routine_mariadb.template.c
index 9c181fe2..7ecf1b72 100644
--- a/src/src_mysql/sadb_routine_mariadb.template.c
+++ b/src/src_mysql/sadb_routine_mariadb.template.c
@@ -491,7 +491,7 @@ static int32_t convert_hexstring_to_byte_array(char *source_str, uint8_t *dest_b
     char *data = line;
     int offset;
     unsigned int read_byte;
-    uint8_t data_len = 0;
+    uint32_t data_len = 0;
 
     while (sscanf(data, " %02x%n", &read_byte, &offset) == 1)
     {
diff --git a/util/src_util/ut_kmc_crypto_aes_cmac.c b/util/src_util/ut_kmc_crypto_aes_cmac.c
index 614dedab..e2460976 100644
--- a/util/src_util/ut_kmc_crypto_aes_cmac.c
+++ b/util/src_util/ut_kmc_crypto_aes_cmac.c
@@ -43,6 +43,7 @@ UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_CMAC_AUTH_ONLY)
     int32_t status = Crypto_Init();
 
     char *raw_tc_jpl_mmt_scid44_vcid1= "202c1c08000001bb40";
+
     char *raw_tc_jpl_mmt_scid44_vcid1_expect = NULL;
     int raw_tc_jpl_mmt_scid44_vcid1_expect_len = 0;
 
@@ -90,14 +91,12 @@ UTEST(KMC_CRYPTO, HAPPY_PATH_PROCESS_SEC_CMAC_AUTH_ONLY)
     Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 7, TC_HAS_FECF, TC_NO_SEGMENT_HDRS);
     int32_t status = Crypto_Init();
 
-    char *enc_tc_jpl_mmt_scid44_vcid1= "202C1C1A0000050001C50827915AEB423F054402D5DC3C67566986";
+    // char *enc_tc_jpl_mmt_scid44_vcid1= "202C1C1A0000050001C50827915AEB423F054402D5DC3C67566986"; // Returns  CRYPTO_LIB_ERR_INVALID_HEADER since SN/ARC missing from header
+    char *enc_tc_jpl_mmt_scid44_vcid1= "202C1C1E000005000000050001C7BA93010000000000000000000000007ACC";
     char *enc_tc_jpl_mmt_scid44_vcid1_expect = NULL;
     int enc_tc_jpl_mmt_scid44_vcid1_expect_len = 0;
 
     // Data=0001
-    // IV=000000000000000000000001
-    // AAD=00000000000000000000000000000000000000
-
 
     TC_t *tc_processed_frame;
     tc_processed_frame = malloc(sizeof(uint8_t) * TC_SIZE);
@@ -134,4 +133,54 @@ UTEST(KMC_CRYPTO, HAPPY_PATH_PROCESS_SEC_CMAC_AUTH_ONLY)
     ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
 }
 
+/**
+ * @brief Unit Test: Nominal Encryption with KMC Crypto Service && JPL Unit Test MariaDB
+ **/
+UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_CMAC_LARGE_FRM_AUTH_ONLY)
+{
+    // Setup & Initialize CryptoLib
+    Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR,
+                            TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE,
+                            TC_CHECK_FECF_TRUE, 0x3F);
+    Crypto_Config_MariaDB("sadb_user", "sadb_password", "localhost","sadb", 3306, CRYPTO_FALSE, NULL, NULL, NULL, NULL);
+    Crypto_Config_Kmc_Crypto_Service("https", "asec-cmdenc-srv1.jpl.nasa.gov", 8443, "crypto-service", "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-cert.pem", "PEM","/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-key.pem",NULL,"/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/ammos-ca-bundle.crt", NULL, NULL, CRYPTO_FALSE);
+    Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 7, TC_HAS_FECF, TC_NO_SEGMENT_HDRS);
+    int32_t status = Crypto_Init();
+
+    char *raw_tc_jpl_mmt_scid44_vcid1= "202c1f0700a6ec42999902579dac3a5af6aabe93288e18d5d4046e24cc5df1f8fa06bac515206d5b0dfcc9861db694f3207175b725bfa6e987fadc1e1e417bff0c30a90b143ca737f2fcf02525c6080c38fde4d4da229387339f363ccdabf42a1defa29f711926c8e0a7479e082ec00b495ae53c8e33b5dc001833aa1d909b4b3aecd60bc6b0af62e8febb58fa15979a5d1e37b9ba48d6d1bf4b9d669306375d7f93942908e410492d6535c91245abbb98a0584aa764815bfdcab44d8c0aeff3a2e2c712649497f95e9440bb1b562cb6fa70a5ff5e5fdbcad40a97fa3bf48f0560bc9c7125b758f25a27678996e5ee3a82a5b864672b80888c2d469fe690aca0501d0de3bec247825f3fbd7f51184f8099dd2ffeb140c9aad86ae8ade912eadbcbef0bb821e684366a084f8d65bd9d0acccfae5fb130d8bf27ff855cea8de4a4e249e5bc8ef9732c06d6d578574b9f936ae1837a61369a7871612337df2dc091dadc8386e53aba816f3a162b71c268e07583a0378805a1f435bf437c0e27193cee4b653273d965fc0b42cfd3c094e2ff89f276153d452814ff016bfcc1b5ec313667de1aaddeb2d31dcaa75f88e4ac758556c7a632374089c53852601385c89aa668b70fd735e9053473538614408241ac47f6ef12aff10c2bce36df6afe7610a5a06997680b579953888684543b7cdefc7cc5987459a9255d187c8790284ad1f2ca38a3a3d56d909a03af87f3788e00d1b9887296ea5ff4087306569c2a3581189a70892e01279812151fdb9f8ec71786edd9cddd8652558503aac1904cf542aeebf269b08c5f648145b498be842080ccbdfe14c8cad1f371e706c0c4ed27d963e2e645224510e7d43ddf50daf8225f484ec841c9e642e489bd70fdbc925c532ab988d0f3999e3e1bdc88d5b0dd61e2b8d72a4a994f3efdc19382cdffdb96ea55ee5a389b003fc91ebc493c0949f56dc7b4b6d69d10dbc937f3757fb36b9000bf67d049c9c768a586b14b5166bffb41fc29c1d5613f2aaa2868fd974a95a3461b0c1c0f1ca87eccf7624fd1ffbe2f45463505b649a0b32410182731dfbe23813e88c3b6bdec7e";
+
+    char *raw_tc_jpl_mmt_scid44_vcid1_expect = NULL;
+    int raw_tc_jpl_mmt_scid44_vcid1_expect_len = 0;
+
+    hex_conversion(raw_tc_jpl_mmt_scid44_vcid1, &raw_tc_jpl_mmt_scid44_vcid1_expect, &raw_tc_jpl_mmt_scid44_vcid1_expect_len);
+
+    uint8_t *ptr_enc_frame = NULL;
+    uint16_t enc_frame_len = 0;
+
+    ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
+
+    printf("Frame before encryption:\n");
+    for (int i=0; i<raw_tc_jpl_mmt_scid44_vcid1_expect_len; i++)
+    {
+        printf("%02x ", (uint8_t)raw_tc_jpl_mmt_scid44_vcid1_expect[i]);
+    }
+    printf("\n");
+
+    status = Crypto_TC_ApplySecurity((uint8_t *)raw_tc_jpl_mmt_scid44_vcid1_expect, raw_tc_jpl_mmt_scid44_vcid1_expect_len, &ptr_enc_frame, &enc_frame_len);
+    ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
+    printf("Frame after encryption:\n");
+    for (int i=0; i<enc_frame_len; i++)
+    {
+        printf("%02x ", ptr_enc_frame[i]);
+    }
+    printf("\n");
+
+
+    Crypto_Shutdown();
+    free(raw_tc_jpl_mmt_scid44_vcid1_expect);
+    free(ptr_enc_frame);
+    ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
+}
+
+
 UTEST_MAIN();

From c2bb6da0a7474d2a8403e15fcd5a3b5950e454ac Mon Sep 17 00:00:00 2001
From: Ibraheem Saleh <ibraheem.y.saleh@jpl.nasa.gov>
Date: Wed, 26 Jan 2022 14:16:02 -0800
Subject: [PATCH 2/3] Remove invalid tests & unit test config -- AES-GCM must
 use tags

---
 ...db_jpl_unit_test_security_associations.sql |   2 +-
 util/src_util/ut_kmc_crypto.c                 | 220 +++++++++---------
 2 files changed, 112 insertions(+), 110 deletions(-)

diff --git a/src/crypto_sadb/sadb_mariadb_admin_scripts/create_sadb_jpl_unit_test_security_associations.sql b/src/crypto_sadb/sadb_mariadb_admin_scripts/create_sadb_jpl_unit_test_security_associations.sql
index 65c41c2d..19e2e9e7 100644
--- a/src/crypto_sadb/sadb_mariadb_admin_scripts/create_sadb_jpl_unit_test_security_associations.sql
+++ b/src/crypto_sadb/sadb_mariadb_admin_scripts/create_sadb_jpl_unit_test_security_associations.sql
@@ -9,7 +9,7 @@ VALUES (1,'kmc/test/key130',3,X'01',1,1,12,16,X'000000000000000000000001',19,X'0
 INSERT INTO security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,stmacf_len,iv,abm_len,abm,arcw_len,arcw,arc_len,tfvn,scid,vcid,mapid)
 VALUES (2,'kmc/test/key130',3,X'01',1,1,12,16,X'000000000000000000000001',19,X'00000000000000000000000000000000000000',1,5,0,0,44,1,0);
 
--- SA 3 - OPERATIONAL; ENC Only - ARCW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 44, VC-2
+-- SA 3 - OPERATIONAL; ENC Only (invalid config, AEAD algorithms must have a tag/mac) - ARCW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 44, VC-2
 INSERT INTO security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,stmacf_len,iv,abm_len,abm,arcw_len,arcw,arc_len,tfvn,scid,vcid,mapid)
 VALUES (3,'kmc/test/key130',3,X'01',1,0,12,0,X'000000000000000000000001',19,X'00000000000000000000000000000000000000',1,5,0,0,44,2,0);
 
diff --git a/util/src_util/ut_kmc_crypto.c b/util/src_util/ut_kmc_crypto.c
index 9518b88c..026be9a4 100644
--- a/util/src_util/ut_kmc_crypto.c
+++ b/util/src_util/ut_kmc_crypto.c
@@ -78,56 +78,57 @@ UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_ENC_AND_AUTH)
     free(ptr_enc_frame);
     ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
 }
-/**
- * @brief Unit Test: Nominal Encryption with KMC Crypto Service && JPL Unit Test MariaDB
- **/
-UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_ENC_ONLY)
-{
-    // Setup & Initialize CryptoLib
-    Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR,
-                            TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE,
-                            TC_CHECK_FECF_TRUE, 0x3F);
-    Crypto_Config_MariaDB("sadb_user", "sadb_password", "localhost","sadb", 3306, CRYPTO_FALSE, NULL, NULL, NULL, NULL);
-    Crypto_Config_Kmc_Crypto_Service("https", "asec-cmdenc-srv1.jpl.nasa.gov", 8443, "crypto-service", "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-cert.pem", "PEM","/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-key.pem",NULL,"/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/ammos-ca-bundle.crt", NULL, NULL, CRYPTO_FALSE);
-    Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS);
-    Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS);
-    Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 2, TC_HAS_FECF, TC_NO_SEGMENT_HDRS);
-    Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 3, TC_HAS_FECF, TC_NO_SEGMENT_HDRS);
-    int32_t status = Crypto_Init();
-
-    char *raw_tc_jpl_mmt_scid44_vcid1= "202c0808000001361c";
-    char *raw_tc_jpl_mmt_scid44_vcid1_expect = NULL;
-    int raw_tc_jpl_mmt_scid44_vcid1_expect_len = 0;
-
-    hex_conversion(raw_tc_jpl_mmt_scid44_vcid1, &raw_tc_jpl_mmt_scid44_vcid1_expect, &raw_tc_jpl_mmt_scid44_vcid1_expect_len);
-
-    uint8_t *ptr_enc_frame = NULL;
-    uint16_t enc_frame_len = 0;
-
-    ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
-
-    printf("Frame before encryption:\n");
-    for (int i=0; i<raw_tc_jpl_mmt_scid44_vcid1_expect_len; i++)
-    {
-        printf("%02x ", (uint8_t)raw_tc_jpl_mmt_scid44_vcid1_expect[i]);
-    }
-    printf("\n");
-
-    status = Crypto_TC_ApplySecurity((uint8_t *)raw_tc_jpl_mmt_scid44_vcid1_expect, raw_tc_jpl_mmt_scid44_vcid1_expect_len, &ptr_enc_frame, &enc_frame_len);
-    ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
-    printf("Frame after encryption:\n");
-    for (int i=0; i<enc_frame_len; i++)
-    {
-        printf("%02x ", ptr_enc_frame[i]);
-    }
-    printf("\n");
-
-
-    Crypto_Shutdown();
-    free(raw_tc_jpl_mmt_scid44_vcid1_expect);
-    free(ptr_enc_frame);
-    ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
-}
+//// Commenting out test - AEAD algorithms must have a tag -- Enc only config is invalid
+///**
+// * @brief Unit Test: Nominal Encryption with KMC Crypto Service && JPL Unit Test MariaDB
+// **/
+//UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_ENC_ONLY)
+//{
+//    // Setup & Initialize CryptoLib
+//    Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR,
+//                            TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE,
+//                            TC_CHECK_FECF_TRUE, 0x3F);
+//    Crypto_Config_MariaDB("sadb_user", "sadb_password", "localhost","sadb", 3306, CRYPTO_FALSE, NULL, NULL, NULL, NULL);
+//    Crypto_Config_Kmc_Crypto_Service("https", "asec-cmdenc-srv1.jpl.nasa.gov", 8443, "crypto-service", "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-cert.pem", "PEM","/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-key.pem",NULL,"/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/ammos-ca-bundle.crt", NULL, NULL, CRYPTO_FALSE);
+//    Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS);
+//    Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS);
+//    Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 2, TC_HAS_FECF, TC_NO_SEGMENT_HDRS);
+//    Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 3, TC_HAS_FECF, TC_NO_SEGMENT_HDRS);
+//    int32_t status = Crypto_Init();
+//
+//    char *raw_tc_jpl_mmt_scid44_vcid1= "202c0808000001361c";
+//    char *raw_tc_jpl_mmt_scid44_vcid1_expect = NULL;
+//    int raw_tc_jpl_mmt_scid44_vcid1_expect_len = 0;
+//
+//    hex_conversion(raw_tc_jpl_mmt_scid44_vcid1, &raw_tc_jpl_mmt_scid44_vcid1_expect, &raw_tc_jpl_mmt_scid44_vcid1_expect_len);
+//
+//    uint8_t *ptr_enc_frame = NULL;
+//    uint16_t enc_frame_len = 0;
+//
+//    ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
+//
+//    printf("Frame before encryption:\n");
+//    for (int i=0; i<raw_tc_jpl_mmt_scid44_vcid1_expect_len; i++)
+//    {
+//        printf("%02x ", (uint8_t)raw_tc_jpl_mmt_scid44_vcid1_expect[i]);
+//    }
+//    printf("\n");
+//
+//    status = Crypto_TC_ApplySecurity((uint8_t *)raw_tc_jpl_mmt_scid44_vcid1_expect, raw_tc_jpl_mmt_scid44_vcid1_expect_len, &ptr_enc_frame, &enc_frame_len);
+//    ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
+//    printf("Frame after encryption:\n");
+//    for (int i=0; i<enc_frame_len; i++)
+//    {
+//        printf("%02x ", ptr_enc_frame[i]);
+//    }
+//    printf("\n");
+//
+//
+//    Crypto_Shutdown();
+//    free(raw_tc_jpl_mmt_scid44_vcid1_expect);
+//    free(ptr_enc_frame);
+//    ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
+//}
 /**
  * @brief Unit Test: Nominal Encryption with KMC Crypto Service && JPL Unit Test MariaDB
  **/
@@ -238,65 +239,66 @@ UTEST(KMC_CRYPTO, HAPPY_PATH_PROCESS_SEC_ENC_AND_AUTH)
     free(ptr_enc_frame);
     ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
 }
-/**
- * @brief Unit Test: Nominal Encryption with KMC Crypto Service && JPL Unit Test MariaDB
- **/
-UTEST(KMC_CRYPTO, HAPPY_PATH_PROCESS_SEC_ENC_ONLY)
-{
-    // Setup & Initialize CryptoLib
-    Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR,
-                            TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE,
-                            TC_CHECK_FECF_TRUE, 0x3F);
-    Crypto_Config_MariaDB("sadb_user", "sadb_password", "localhost","sadb", 3306, CRYPTO_FALSE, NULL, NULL, NULL, NULL);
-    Crypto_Config_Kmc_Crypto_Service("https", "asec-cmdenc-srv1.jpl.nasa.gov", 8443, "crypto-service", "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-cert.pem", "PEM","/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-key.pem",NULL,"/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/ammos-ca-bundle.crt", NULL, NULL, CRYPTO_FALSE);
-    Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS);
-    Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS);
-    Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 2, TC_HAS_FECF, TC_NO_SEGMENT_HDRS);
-    Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 3, TC_HAS_FECF, TC_NO_SEGMENT_HDRS);
-    int32_t status = Crypto_Init();
-
-    char *enc_tc_jpl_mmt_scid44_vcid1= "202C0816000003000000000000000000000001669CD238";
-    char *enc_tc_jpl_mmt_scid44_vcid1_expect = NULL;
-    int enc_tc_jpl_mmt_scid44_vcid1_expect_len = 0;
-
-    // IV = 000000000000000000000001
-
-    TC_t *tc_processed_frame;
-    tc_processed_frame = malloc(sizeof(uint8_t) * TC_SIZE);
-
-    hex_conversion(enc_tc_jpl_mmt_scid44_vcid1, &enc_tc_jpl_mmt_scid44_vcid1_expect, &enc_tc_jpl_mmt_scid44_vcid1_expect_len);
-
-    uint8_t *ptr_enc_frame = NULL;
-
-    ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
-
-    printf("Encrypted Frame Before Processing:\n");
-    for (int i=0; i<enc_tc_jpl_mmt_scid44_vcid1_expect_len; i++)
-    {
-        printf("%02x ", (uint8_t)enc_tc_jpl_mmt_scid44_vcid1_expect[i]);
-    }
-    printf("\n");
-
-    status = Crypto_TC_ProcessSecurity((uint8_t *)enc_tc_jpl_mmt_scid44_vcid1_expect, &enc_tc_jpl_mmt_scid44_vcid1_expect_len, tc_processed_frame);
-    // ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
-    // Expected to fail -- KMC Crypto Service doesn't support AES/GCM with no AAD/MAC
-    ASSERT_EQ(CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_GENERIC_FAILURE, status);
-    printf("Processed PDU:\n");
-    // for (int i=0; i<tc_processed_frame->tc_pdu_len; i++)
-    for (int i=0; i<2; i++)
-    {
-        printf("%02x ", tc_processed_frame->tc_pdu[i]);
-    }
-    printf("\n");
-
-    // ASSERT_EQ(0x00,tc_processed_frame->tc_pdu[0]);
-    // ASSERT_EQ( 0x01,tc_processed_frame->tc_pdu[1]);
-
-    Crypto_Shutdown();
-    free(enc_tc_jpl_mmt_scid44_vcid1_expect);
-    free(ptr_enc_frame);
-    // ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
-}
+//// Commenting out test - AEAD algorithms must have a tag -- Enc only config is invalid
+///**
+// * @brief Unit Test: Nominal Encryption with KMC Crypto Service && JPL Unit Test MariaDB
+// **/
+//UTEST(KMC_CRYPTO, HAPPY_PATH_PROCESS_SEC_ENC_ONLY)
+//{
+//    // Setup & Initialize CryptoLib
+//    Crypto_Config_CryptoLib(SADB_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR,
+//                            TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE,
+//                            TC_CHECK_FECF_TRUE, 0x3F);
+//    Crypto_Config_MariaDB("sadb_user", "sadb_password", "localhost","sadb", 3306, CRYPTO_FALSE, NULL, NULL, NULL, NULL);
+//    Crypto_Config_Kmc_Crypto_Service("https", "asec-cmdenc-srv1.jpl.nasa.gov", 8443, "crypto-service", "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-cert.pem", "PEM","/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-key.pem",NULL,"/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/ammos-ca-bundle.crt", NULL, NULL, CRYPTO_FALSE);
+//    Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS);
+//    Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS);
+//    Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 2, TC_HAS_FECF, TC_NO_SEGMENT_HDRS);
+//    Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 3, TC_HAS_FECF, TC_NO_SEGMENT_HDRS);
+//    int32_t status = Crypto_Init();
+//
+//    char *enc_tc_jpl_mmt_scid44_vcid1= "202C0816000003000000000000000000000001669CD238";
+//    char *enc_tc_jpl_mmt_scid44_vcid1_expect = NULL;
+//    int enc_tc_jpl_mmt_scid44_vcid1_expect_len = 0;
+//
+//    // IV = 000000000000000000000001
+//
+//    TC_t *tc_processed_frame;
+//    tc_processed_frame = malloc(sizeof(uint8_t) * TC_SIZE);
+//
+//    hex_conversion(enc_tc_jpl_mmt_scid44_vcid1, &enc_tc_jpl_mmt_scid44_vcid1_expect, &enc_tc_jpl_mmt_scid44_vcid1_expect_len);
+//
+//    uint8_t *ptr_enc_frame = NULL;
+//
+//    ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
+//
+//    printf("Encrypted Frame Before Processing:\n");
+//    for (int i=0; i<enc_tc_jpl_mmt_scid44_vcid1_expect_len; i++)
+//    {
+//        printf("%02x ", (uint8_t)enc_tc_jpl_mmt_scid44_vcid1_expect[i]);
+//    }
+//    printf("\n");
+//
+//    status = Crypto_TC_ProcessSecurity((uint8_t *)enc_tc_jpl_mmt_scid44_vcid1_expect, &enc_tc_jpl_mmt_scid44_vcid1_expect_len, tc_processed_frame);
+//    // ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
+//    // Expected to fail -- KMC Crypto Service doesn't support AES/GCM with no AAD/MAC
+//    ASSERT_EQ(CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_GENERIC_FAILURE, status);
+//    printf("Processed PDU:\n");
+//    // for (int i=0; i<tc_processed_frame->tc_pdu_len; i++)
+//    for (int i=0; i<2; i++)
+//    {
+//        printf("%02x ", tc_processed_frame->tc_pdu[i]);
+//    }
+//    printf("\n");
+//
+//    // ASSERT_EQ(0x00,tc_processed_frame->tc_pdu[0]);
+//    // ASSERT_EQ( 0x01,tc_processed_frame->tc_pdu[1]);
+//
+//    Crypto_Shutdown();
+//    free(enc_tc_jpl_mmt_scid44_vcid1_expect);
+//    free(ptr_enc_frame);
+//    // ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
+//}
 /**
  * @brief Unit Test: Nominal Encryption with KMC Crypto Service && JPL Unit Test MariaDB
  * This doesn't work -- Apply Security Auth Only doesn't return the proper tag.

From e69534eeb0ce4e9a3a493df2e4772a4059ec1344 Mon Sep 17 00:00:00 2001
From: Ibraheem Saleh <iysaleh@gmail.com>
Date: Wed, 26 Jan 2022 14:20:27 -0800
Subject: [PATCH 3/3] Remove invalid SA configuration from unit test script

---
 .../create_sadb_jpl_unit_test_security_associations.sql       | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/crypto_sadb/sadb_mariadb_admin_scripts/create_sadb_jpl_unit_test_security_associations.sql b/src/crypto_sadb/sadb_mariadb_admin_scripts/create_sadb_jpl_unit_test_security_associations.sql
index 19e2e9e7..be535691 100644
--- a/src/crypto_sadb/sadb_mariadb_admin_scripts/create_sadb_jpl_unit_test_security_associations.sql
+++ b/src/crypto_sadb/sadb_mariadb_admin_scripts/create_sadb_jpl_unit_test_security_associations.sql
@@ -9,9 +9,9 @@ VALUES (1,'kmc/test/key130',3,X'01',1,1,12,16,X'000000000000000000000001',19,X'0
 INSERT INTO security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,stmacf_len,iv,abm_len,abm,arcw_len,arcw,arc_len,tfvn,scid,vcid,mapid)
 VALUES (2,'kmc/test/key130',3,X'01',1,1,12,16,X'000000000000000000000001',19,X'00000000000000000000000000000000000000',1,5,0,0,44,1,0);
 
--- SA 3 - OPERATIONAL; ENC Only (invalid config, AEAD algorithms must have a tag/mac) - ARCW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 44, VC-2
+-- SA 3 - OPERATIONAL; ENC + AUTH - ARCW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 44, VC-1
 INSERT INTO security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,stmacf_len,iv,abm_len,abm,arcw_len,arcw,arc_len,tfvn,scid,vcid,mapid)
-VALUES (3,'kmc/test/key130',3,X'01',1,0,12,0,X'000000000000000000000001',19,X'00000000000000000000000000000000000000',1,5,0,0,44,2,0);
+VALUES (3,'kmc/test/key130',3,X'01',1,1,12,16,X'000000000000000000000001',19,X'00000000000000000000000000000000000000',1,5,0,0,44,2,0);
 
 -- SA 4 - OPERATIONAL; AUTH Only - ARCW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 44, VC-3
 INSERT INTO security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,stmacf_len,iv,abm_len,abm,arcw_len,arcw,arc_len,tfvn,scid,vcid,mapid)