nasa · dccutrig · Mar 3, 2022 · Feb 16, 2022 · Feb 16, 2022 · Feb 22, 2022
diff --git a/include/crypto.h b/include/crypto.h
@@ -110,6 +110,7 @@ int32_t Crypto_window(uint8_t* actual, uint8_t* expected, int length, int window
 uint16_t Crypto_Calc_FECF(uint8_t* ingest, int len_ingest);
 void Crypto_Calc_CRC_Init_Table(void);
 uint16_t Crypto_Calc_CRC16(uint8_t* data, int size);
+int32_t Crypto_Check_Anti_Replay(SecurityAssociation_t *sa_ptr, uint8_t *arsn, uint8_t *iv);
 
 // Key Management Functions
 int32_t Crypto_Key_OTAR(void);

diff --git a/include/crypto_config.h b/include/crypto_config.h
@@ -84,8 +84,8 @@
 #define SA_DELETE 0
 // SA Additional Directives
 #define SA_STATUS 8
-#define SA_SETARC 9
-#define SA_SETARCW 10
+#define SA_SETARSN 9
+#define SA_SETARSNW 10
 
 // Key State Defines
 #define KEY_PREACTIVE 0
@@ -116,8 +116,8 @@
 #define SEGMENT_HDR_SIZE 1
 #define ECS_SIZE 4    /* bytes */
 #define ABM_SIZE 1024 // 20      /* bytes */
-#define ARC_SIZE 20   /* total messages */
-#define ARCW_SIZE 1   /* bytes */
+#define ARSN_SIZE 20   /* total messages */
+#define ARSNW_SIZE 1   /* bytes */
 #define SN_SIZE 0
 #define CHALLENGE_SIZE 16     /* bytes */
 #define CHALLENGE_MAC_SIZE 16 /* bytes */
@@ -160,7 +160,7 @@
 
 // TC Defines
 #define TC_SH_SIZE 8 /* bits */
-#define TC_SN_SIZE 0
+#define TC_SN_SIZE 2
 #define TC_SN_WINDOW 10 /* +/- value */
 #define TC_PAD_SIZE 0
 #define TC_FRAME_DATA_SIZE 1740 /* bytes */

diff --git a/include/crypto_error.h b/include/crypto_error.h
@@ -61,7 +61,7 @@
 #define CRYPTO_LIB_ERR_UT_BYTE_MISMATCH (-10)
 #define CRYPTO_LIB_ERR_NO_CONFIG (-11)
 #define CRYPTO_LIB_ERR_INVALID_FECF (-12)
-#define CRYPTO_LIB_ERR_BAD_ANTIREPLAY_WINDOW (-13)
+#define CRYPTO_LIB_ERR_ARSN_OUTSIDE_WINDOW (-13)
 #define CRYPTO_LIB_ERR_LIBGCRYPT_ERROR (-14)
 #define CRYPTO_LIB_ERR_AUTHENTICATION_ERROR (-15)
 #define CRYPTO_LIB_ERR_NULL_IV (-16)
@@ -71,5 +71,7 @@
 #define CRYPTO_LIB_ERR_MAC_RETRIEVAL_ERROR (-20)
 #define CRYPTO_LIB_ERR_MAC_VALIDATION_ERROR (-21)
 #define CRYPTO_LIB_ERR_INVALID_HEADER (-22)
+#define CRYPTO_LIB_ERR_IV_OUTSIDE_WINDOW (-23)
+#define CRYPTO_LIB_ERR_NULL_ARSN (-24)
 
 #endif //_crypto_error_h_
diff --git a/include/crypto_structs.h b/include/crypto_structs.h
@@ -73,13 +73,13 @@ typedef struct
     uint8_t ecs_len : 8;    // Encryption Cipher Suite Length
     uint8_t* iv;            // Initialization Vector
     uint8_t acs_len : 8;    // Authentication Cipher Suite Length
-    uint8_t acs : 8;        // Authentication Cipher Suite (algorithm / mode ID)
+    uint8_t* acs;        // Authentication Cipher Suite (algorithm / mode ID)
     uint16_t abm_len : 16;  // Authentication Bit Mask Length
     uint8_t* abm;           // Authentication Bit Mask (Primary Hdr. through Security Hdr.)
-    uint8_t arc_len : 8;    // Anti-Replay Counter Length
-    uint8_t* arc;           // Anti-Replay Counter
-    uint8_t arcw_len : 8;   // Anti-Replay Counter Window Length
-    uint16_t arcw;          // Anti-Replay Counter Window
+    uint8_t arsn_len : 8;    // Anti-Replay Seq Num Length
+    uint8_t* arsn;           // Anti-Replay Seq Num
+    uint8_t arsnw_len : 8;   // Anti-Replay Seq Num Window Length
+    uint16_t arsnw;          // Anti-Replay Seq Num Window
 
 } SecurityAssociation_t;
 #define SA_SIZE (sizeof(SecurityAssociation_t))

diff --git a/include/cryptography_interface.h b/include/cryptography_interface.h
@@ -51,7 +51,8 @@ typedef struct
                                          uint8_t* iv, uint32_t iv_len,
                                          uint8_t* mac, uint32_t mac_size,
                                          uint8_t* aad, uint32_t aad_len,
-                                         uint8_t ecs, uint8_t acs);
+                                         uint8_t ecs, uint8_t acs,
+                                         uint8_t* arsn);
     int32_t (*cryptography_aead_encrypt)(uint8_t* data_out, size_t len_data_out,
                                          uint8_t* data_in, size_t len_data_in,
                                          uint8_t* key, uint32_t len_key,
@@ -69,7 +70,7 @@ typedef struct
                                          uint8_t* aad, uint32_t aad_len,
                                          uint8_t* mac, uint32_t mac_size,
                                          uint8_t decrypt_bool, uint8_t authenticate_bool,
-                                         uint8_t aad_bool);
+                                         uint8_t aad_bool, uint8_t *arsn);
 
 } CryptographyInterfaceStruct, *CryptographyInterface;
 

diff --git a/src/crypto_sadb/sadb_mariadb_admin_scripts/create_sadb.sql b/src/crypto_sadb/sadb_mariadb_admin_scripts/create_sadb.sql
@@ -29,10 +29,10 @@ CREATE TABLE security_associations
   ,acs SMALLINT NOT NULL DEFAULT 0
   ,abm_len MEDIUMINT
   ,abm VARBINARY(1024) NOT NULL DEFAULT X'1111111111111111111111111111111111111111' -- ABM_SIZE=1024
-  ,arc_len SMALLINT NOT NULL DEFAULT 0
-  ,arc VARBINARY(20) NOT NULL DEFAULT X'0000000000000000000000000000000000000000' -- ARC_SIZE=20 , TBD why so large...
-  ,arcw_len SMALLINT
-  ,arcw SMALLINT NOT NULL DEFAULT 0 -- ARCW_SIZE=1
+  ,arsn_len SMALLINT NOT NULL DEFAULT 0
+  ,arsn VARBINARY(20) NOT NULL DEFAULT X'0000000000000000000000000000000000000000' -- ARSN_SIZE=20 , TBD why so large...
+  ,arsnw_len SMALLINT
+  ,arsnw SMALLINT NOT NULL DEFAULT 0 -- ARSNW_SIZE=1
 );
 
 create unique index if not exists main_spi on security_associations (spi,scid,vcid,tfvn,mapid);
diff --git a/...rypto_sadb/sadb_mariadb_admin_scripts/create_sadb_jpl_unit_test_security_associations.sql b/...rypto_sadb/sadb_mariadb_admin_scripts/create_sadb_jpl_unit_test_security_associations.sql
@@ -1,23 +1,23 @@
 USE sadb;
 
 -- SCID 44 (MMT) Security Associations AES/GCM/NoPadding --
--- SA 1 - OPERATIONAL; ENC + AUTH - ARCW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 44, VC-0
-INSERT INTO security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,stmacf_len,iv,abm_len,abm,arcw_len,arcw,arc_len,tfvn,scid,vcid,mapid)
+-- SA 1 - OPERATIONAL; ENC + AUTH - ARSNW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 44, VC-0
+INSERT INTO security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,stmacf_len,iv,abm_len,abm,arsnw_len,arsnw,arsn_len,tfvn,scid,vcid,mapid)
 VALUES (1,'kmc/test/key130',3,X'01',1,1,12,16,X'000000000000000000000001',19,X'00000000000000000000000000000000000000',1,5,0,0,44,0,0);
 
--- SA 2 - OPERATIONAL; ENC + AUTH - ARCW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 44, VC-1
-INSERT INTO security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,stmacf_len,iv,abm_len,abm,arcw_len,arcw,arc_len,tfvn,scid,vcid,mapid)
+-- SA 2 - OPERATIONAL; ENC + AUTH - ARSNW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 44, VC-1
+INSERT INTO security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,stmacf_len,iv,abm_len,abm,arsnw_len,arsnw,arsn_len,tfvn,scid,vcid,mapid)
 VALUES (2,'kmc/test/key130',3,X'01',1,1,12,16,X'000000000000000000000001',19,X'00000000000000000000000000000000000000',1,5,0,0,44,1,0);
 
--- SA 3 - OPERATIONAL; ENC + AUTH - ARCW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 44, VC-1
-INSERT INTO security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,stmacf_len,iv,abm_len,abm,arcw_len,arcw,arc_len,tfvn,scid,vcid,mapid)
+-- SA 3 - OPERATIONAL; ENC + AUTH - ARSNW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 44, VC-1
+INSERT INTO security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,stmacf_len,iv,abm_len,abm,arsnw_len,arsnw,arsn_len,tfvn,scid,vcid,mapid)
 VALUES (3,'kmc/test/key130',3,X'01',1,1,12,16,X'000000000000000000000001',19,X'00000000000000000000000000000000000000',1,5,0,0,44,2,0);
 
--- SA 4 - OPERATIONAL; AUTH Only - ARCW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 44, VC-3
-INSERT INTO security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,stmacf_len,iv,abm_len,abm,arcw_len,arcw,arc_len,tfvn,scid,vcid,mapid)
+-- SA 4 - OPERATIONAL; AUTH Only - ARSNW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 44, VC-3
+INSERT INTO security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,stmacf_len,iv,abm_len,abm,arsnw_len,arsnw,arsn_len,tfvn,scid,vcid,mapid)
 VALUES (4,'kmc/test/key130',3,X'01',0,1,12,16,X'000000000000000000000001',1024,X'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF',1,5,0,0,44,3,0);
 
 -- SCID 44 (MMT) Security Associations AESCMAC Authentication Only --
--- SA 5 - OPERATIONAL; AUTH Only - ARCW:5; None/AESCMAC ; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 44, VC-7
-INSERT INTO security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,shsnf_len,stmacf_len,arc,abm_len,abm,arcw_len,arcw,arc_len,tfvn,scid,vcid,mapid)
+-- SA 5 - OPERATIONAL; AUTH Only - ARSNW:5; None/AESCMAC ; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 44, VC-7
+INSERT INTO security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,shsnf_len,stmacf_len,arsn,abm_len,abm,arsnw_len,arsnw,arsn_len,tfvn,scid,vcid,mapid)
 VALUES (5,'kmc/test/key130',3,X'00',0,1,0,4,16,X'00000001',1024,X'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF',1,5,4,0,44,7,0);
diff --git a/src/crypto_sadb/sadb_mariadb_admin_scripts/create_sadb_unit_test_security_associations.sql b/src/crypto_sadb/sadb_mariadb_admin_scripts/create_sadb_unit_test_security_associations.sql
@@ -1,33 +1,33 @@
 USE sadb;
 
 -- SA 1 - CLEAR MODE
-INSERT INTO security_associations (spi,sa_state,est,ast,arc_len,arc,arcw_len,arcw,tfvn,scid,vcid,mapid)
+INSERT INTO security_associations (spi,sa_state,est,ast,arsn_len,arsn,arsnw_len,arsnw,tfvn,scid,vcid,mapid)
 VALUES (1,3,0,0,1,X'0000000000000000000000000000000000000000',1,X'05',0,3,0,0);
 
--- SA 2 - KEYED;  ARCW:5; AES-GCM; IV:00...00; IV-len:12; MAC-len:16; Key-ID: 128
-INSERT INTO security_associations (spi,ekid,sa_state,est,ast,shivf_len,iv_len,iv,abm_len,abm,arcw_len,arcw,arc_len)
+-- SA 2 - KEYED;  ARSNW:5; AES-GCM; IV:00...00; IV-len:12; MAC-len:16; Key-ID: 128
+INSERT INTO security_associations (spi,ekid,sa_state,est,ast,shivf_len,iv_len,iv,abm_len,abm,arsnw_len,arsnw,arsn_len)
 VALUES (2,128,2,1,1,12,12,X'000000000000000000000000',20,X'0000000000000000000000000000000000000000',1,X'05',11);
 
--- SA 3 - KEYED;   ARCW:5; AES-GCM; IV:00...00; IV-len:12; MAC-len:16; Key-ID: 129
-INSERT INTO security_associations (spi,ekid,sa_state,est,ast,shivf_len,stmacf_len,iv_len,iv,abm_len,abm,arcw_len,arcw,arc_len)
+-- SA 3 - KEYED;   ARSNW:5; AES-GCM; IV:00...00; IV-len:12; MAC-len:16; Key-ID: 129
+INSERT INTO security_associations (spi,ekid,sa_state,est,ast,shivf_len,stmacf_len,iv_len,iv,abm_len,abm,arsnw_len,arsnw,arsn_len)
 VALUES (3,129,2,1,1,12,16,12,X'000000000000000000000000',20,X'0000000000000000000000000000000000000000',1,X'05',11);
 
--- SA 4 - KEYED;  ARCW:5; AES-GCM; IV:00...00; IV-len:12; MAC-len:16; Key-ID: 130
-INSERT INTO security_associations (spi,ekid,sa_state,est,ast,shivf_len,iv_len,iv,abm_len,abm,arcw_len,arcw,arc_len,tfvn,scid,vcid,mapid)
+-- SA 4 - KEYED;  ARSNW:5; AES-GCM; IV:00...00; IV-len:12; MAC-len:16; Key-ID: 130
+INSERT INTO security_associations (spi,ekid,sa_state,est,ast,shivf_len,iv_len,iv,abm_len,abm,arsnw_len,arsnw,arsn_len,tfvn,scid,vcid,mapid)
 VALUES (4,130,2,1,1,12,12,X'000000000000000000000001',20,X'0000000000000000000000000000000000000000',1,X'05',11,0,3,0,0);
 
--- SA 5 - KEYED;   ARCW:5; AES-GCM; IV:00...00; IV-len:12; MAC-len:16; Key-ID: 131
-INSERT INTO security_associations (spi,ekid,sa_state,est,ast,shivf_len,iv_len,iv,abm_len,abm,arcw_len,arcw,arc_len)
+-- SA 5 - KEYED;   ARSNW:5; AES-GCM; IV:00...00; IV-len:12; MAC-len:16; Key-ID: 131
+INSERT INTO security_associations (spi,ekid,sa_state,est,ast,shivf_len,iv_len,iv,abm_len,abm,arsnw_len,arsnw,arsn_len)
 VALUES (5,131,2,1,1,12,12,X'000000000000000000000000',20,X'0000000000000000000000000000000000000000',1,X'05',11);
 
--- SA 6 - UNKEYED; ARCW:5; AES-GCM; IV:00...00; IV-len:12; MAC-len:16; Key-ID: -
-INSERT INTO security_associations (spi,sa_state,est,ast,shivf_len,iv_len,iv,abm_len,abm,arcw_len,arcw,arc_len)
+-- SA 6 - UNKEYED; ARSNW:5; AES-GCM; IV:00...00; IV-len:12; MAC-len:16; Key-ID: -
+INSERT INTO security_associations (spi,sa_state,est,ast,shivf_len,iv_len,iv,abm_len,abm,arsnw_len,arsnw,arsn_len)
 VALUES (6,1,1,1,12,12,X'000000000000000000000000',20,X'0000000000000000000000000000000000000000',1,X'05',11);
 
--- SA 7 - KEYED;  ARCW:5; AES-GCM; IV:00...00; IV-len:12; MAC-len:16; Key-ID: 130
-INSERT INTO security_associations (spi,ekid,sa_state,est,ast,shivf_len,iv_len,iv,abm_len,abm,arcw_len,arcw,arc_len,tfvn,scid,vcid,mapid)
+-- SA 7 - KEYED;  ARSNW:5; AES-GCM; IV:00...00; IV-len:12; MAC-len:16; Key-ID: 130
+INSERT INTO security_associations (spi,ekid,sa_state,est,ast,shivf_len,iv_len,iv,abm_len,abm,arsnw_len,arsnw,arsn_len,tfvn,scid,vcid,mapid)
 VALUES (7,130,2,1,1,12,12,X'000000000000000000000000',20,X'0000000000000000000000000000000000000000',1,X'05',11,0,3,1,0);
 
 -- SA 8 - CLEAR MODE
-INSERT INTO security_associations (spi,sa_state,est,ast,arc_len,arc,arcw_len,arcw,tfvn,scid,vcid,mapid)
+INSERT INTO security_associations (spi,sa_state,est,ast,arsn_len,arsn,arsnw_len,arsnw,tfvn,scid,vcid,mapid)
 VALUES (8,3,0,0,1,X'0000000000000000000000000000000000000000',1,X'05',0,3,1,0);
diff --git a/..._cryptography/src_kmc_crypto_service/cryptography_interface_kmc_crypto_service.template.c b/..._cryptography/src_kmc_crypto_service/cryptography_interface_kmc_crypto_service.template.c
@@ -50,7 +50,8 @@ static int32_t cryptography_validate_authentication(uint8_t* data_out, size_t le
                                                     uint8_t* iv, uint32_t iv_len,
                                                     uint8_t* mac, uint32_t mac_size,
                                                     uint8_t* aad, uint32_t aad_len,
-                                                    uint8_t ecs, uint8_t acs);
+                                                    uint8_t ecs, uint8_t acs,
+                                                    uint8_t* arsn);
 static int32_t cryptography_aead_encrypt(uint8_t* data_out, size_t len_data_out,
                                          uint8_t* data_in, size_t len_data_in,
                                          uint8_t* key, uint32_t len_key,
@@ -68,7 +69,7 @@ static int32_t cryptography_aead_decrypt(uint8_t* data_out, size_t len_data_out,
                                          uint8_t* mac, uint32_t mac_size,
                                          uint8_t* aad, uint32_t aad_len,
                                          uint8_t decrypt_bool, uint8_t authenticate_bool,
-                                         uint8_t aad_bool);
+                                         uint8_t aad_bool, uint8_t *arsn);
 
 // libcurl call back and support function declarations
 static void configure_curl_connect_opts(CURL* curl);
@@ -468,7 +469,8 @@ static int32_t cryptography_validate_authentication(uint8_t* data_out, size_t le
                                                     uint8_t* iv, uint32_t iv_len,
                                                     uint8_t* mac, uint32_t mac_size,
                                                     uint8_t* aad, uint32_t aad_len,
-                                                    uint8_t ecs, uint8_t acs)
+                                                    uint8_t ecs, uint8_t acs,
+                                                    uint8_t* arsn)
 {
     int32_t status = CRYPTO_LIB_SUCCESS;
 
@@ -480,6 +482,7 @@ static int32_t cryptography_validate_authentication(uint8_t* data_out, size_t le
     iv_len = iv_len;
     ecs = ecs;
     acs = acs;
+    arsn = arsn;
 
 
     // Need to copy the data over, since authentication won't change/move the data directly
@@ -856,11 +859,14 @@ static int32_t cryptography_aead_decrypt(uint8_t* data_out, size_t len_data_out,
                                          uint8_t* mac, uint32_t mac_size,
                                          uint8_t* aad, uint32_t aad_len,
                                          uint8_t decrypt_bool, uint8_t authenticate_bool,
-                                         uint8_t aad_bool)
+                                         uint8_t aad_bool, uint8_t *arsn)
 {
     int32_t status = CRYPTO_LIB_SUCCESS;
     key = key; // Direct key input is not supported in KMC interface
 
+    // For build warnings
+    arsn = arsn;
+
     // Get the key length in bits, in string format.
     // TODO -- Parse the key length from the keyInfo endpoint of the Crypto Service!
     uint32_t key_len_in_bits = len_key * 8; // 8 bits per byte.