diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
index 231381cb..19e5e092 100644
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -1,6 +1,6 @@
### All Submissions:
-* [ ] Have you followed the guidelines in our [Contributing](https://github.com/nasa/CryptoLib/blob/main/doc/CryptoLib_Indv_CLA.pdf) document?
+* [ ] Have you followed the guidelines in our [Contributing](https://github.com/nasa/CryptoLib/blob/main/docs/CryptoLib_Indv_CLA.pdf) document?
* [ ] Have you checked to ensure there aren't other open [Pull Requests](https://github.com/nasa/cryptolib/pulls) for the same update/change?
### New Feature Submissions:
@@ -13,4 +13,3 @@
### How do you test these changes?
-
\ No newline at end of file
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 174b2a1d..70c55c39 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -22,7 +22,7 @@ jobs:
name: Analyze Build_Internal
runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
container:
- image: ivvitc/cryptolib:20250108
+ image: ivvitc/cryptolib:dev
permissions:
# required for all workflows
security-events: write
@@ -55,7 +55,7 @@ jobs:
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
- uses: github/codeql-action/init@v3
+ uses: github/codeql-action/init@v4
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
@@ -66,7 +66,7 @@ jobs:
bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING
- name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@v3
+ uses: github/codeql-action/analyze@v4
with:
category: "/language:${{matrix.language}}"
@@ -74,7 +74,7 @@ jobs:
name: Analyze Build_Minimal
runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
container:
- image: ivvitc/cryptolib:20250108
+ image: ivvitc/cryptolib:dev
permissions:
# required for all workflows
security-events: write
@@ -107,7 +107,7 @@ jobs:
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
- uses: github/codeql-action/init@v3
+ uses: github/codeql-action/init@v4
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
@@ -118,7 +118,7 @@ jobs:
bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING
- name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@v3
+ uses: github/codeql-action/analyze@v4
with:
category: "/language:${{matrix.language}}"
@@ -126,7 +126,7 @@ jobs:
name: Analyze Build_Wolf
runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
container:
- image: ivvitc/cryptolib:20250108
+ image: ivvitc/cryptolib:dev
permissions:
# required for all workflows
security-events: write
@@ -185,7 +185,7 @@ jobs:
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
- uses: github/codeql-action/init@v3
+ uses: github/codeql-action/init@v4
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
@@ -196,7 +196,7 @@ jobs:
bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING
- name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@v3
+ uses: github/codeql-action/analyze@v4
with:
category: "/language:${{matrix.language}}"
@@ -204,7 +204,7 @@ jobs:
name: Analyze Build_RHEL
runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
container:
- image: ivvitc/cryptolib:20250108
+ image: ivvitc/cryptolib:dev
permissions:
# required for all workflows
security-events: write
@@ -237,7 +237,7 @@ jobs:
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
- uses: github/codeql-action/init@v3
+ uses: github/codeql-action/init@v4
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
@@ -248,7 +248,7 @@ jobs:
bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING
- name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@v3
+ uses: github/codeql-action/analyze@v4
with:
category: "/language:${{matrix.language}}"
@@ -256,7 +256,7 @@ jobs:
name: Analyze Build_EP
runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
container:
- image: ivvitc/cryptolib:20250108
+ image: ivvitc/cryptolib:dev
permissions:
# required for all workflows
security-events: write
@@ -289,7 +289,7 @@ jobs:
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
- uses: github/codeql-action/init@v3
+ uses: github/codeql-action/init@v4
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
@@ -300,6 +300,6 @@ jobs:
bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING
- name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@v3
+ uses: github/codeql-action/analyze@v4
with:
category: "/language:${{matrix.language}}"
\ No newline at end of file
diff --git a/LICENSE b/LICENSE
index adc436e7..597552aa 100644
--- a/LICENSE
+++ b/LICENSE
@@ -19,7 +19,7 @@ Government Agency Original Software Title:
User Registration Requested. Please Visit
https://github.com/nasa/CryptoLib
Government Agency Point of Contact for Original Software:
- John.P.Lucas@nasa.gov
+ Justin.R.Morris@nasa.gov
1. DEFINITIONS
@@ -260,4 +260,4 @@ Recipient hereby agrees to all terms and conditions herein.
F. Point of Contact: Any Recipient contact with Government Agency is
to be directed to the designated representative as follows:
- John.P.Lucas@nasa.gov
\ No newline at end of file
+ Justin.R.Morris@nasa.gov
\ No newline at end of file
diff --git a/include/crypto.h b/include/crypto.h
index a4017922..599edaf5 100644
--- a/include/crypto.h
+++ b/include/crypto.h
@@ -51,7 +51,7 @@
*/
#define CRYPTO_LIB_MAJOR_VERSION 1
#define CRYPTO_LIB_MINOR_VERSION 4
-#define CRYPTO_LIB_REVISION 1
+#define CRYPTO_LIB_REVISION 3
#define CRYPTO_LIB_MISSION_REV 0
#define GVCID_MAX_PARAM_SIZE 250
@@ -167,12 +167,12 @@ void Crypto_Set_FSR(uint8_t *p_ingest, uint16_t byte_idx, uint16_t pdu_len,
// Telemetry (TM)
extern int32_t Crypto_TM_ApplySecurity(uint8_t *pTfBuffer, uint16_t len_ingest);
-extern int32_t Crypto_TM_ProcessSecurity(uint8_t *p_ingest, uint16_t len_ingest, uint8_t **pp_processed_frame,
+extern int32_t Crypto_TM_ProcessSecurity(uint8_t *p_ingest, uint16_t len_ingest, TM_t *pp_processed_frame,
uint16_t *p_decrypted_length);
// Advanced Orbiting Systems (AOS)
extern int32_t Crypto_AOS_ApplySecurity(uint8_t *pTfBuffer, uint16_t len_ingest);
-extern int32_t Crypto_AOS_ProcessSecurity(uint8_t *p_ingest, uint16_t len_ingest, uint8_t **pp_processed_frame,
+extern int32_t Crypto_AOS_ProcessSecurity(uint8_t *p_ingest, uint16_t len_ingest, AOS_t *pp_processed_frame,
uint16_t *p_decrypted_length);
// Crypo Error Support Functions
@@ -227,7 +227,7 @@ void Crypto_TM_Calc_PDU_MAC(uint16_t *pdu_len, uint16_t byte_idx, SecurityAss
int32_t Crypto_TM_Do_Decrypt(uint8_t sa_service_type, SecurityAssociation_t *sa_ptr, uint8_t ecs_is_aead_algorithm,
uint16_t byte_idx, uint8_t *p_new_dec_frame, uint16_t pdu_len, uint8_t *p_ingest,
crypto_key_t *ekp, crypto_key_t *akp, uint8_t iv_loc, int mac_loc, uint16_t aad_len,
- uint8_t *aad, uint8_t **pp_processed_frame, uint16_t *p_decrypted_length);
+ uint8_t *aad, TM_t *pp_processed_frame, uint16_t *p_decrypted_length);
void Crypto_TM_Process_Debug_Print(uint16_t byte_idx, uint16_t pdu_len, SecurityAssociation_t *sa_ptr);
extern int32_t Crypto_increment(uint8_t *num, int length);
@@ -318,7 +318,7 @@ extern CCSDS_t sdls_frame;
extern SDLS_KEYV_RPLY_t sdls_ep_keyv_reply;
extern uint8_t sdls_ep_reply[TC_MAX_FRAME_SIZE];
// extern TM_t tm_frame;
-extern uint8_t tm_frame[1786];
+// extern uint8_t tm_frame[1786];
extern TM_FramePrimaryHeader_t tm_frame_pri_hdr;
extern TM_FrameSecurityHeader_t tm_frame_sec_hdr; // Used to reduce bit math duplication
// exterm AOS_t aos_frame
@@ -329,6 +329,7 @@ extern uint8_t parity[4]; // Used in FHECF calc
// Global configuration structs
extern CryptoConfig_t crypto_config;
extern SadbMariaDBConfig_t *sa_mariadb_config;
+extern char *mariadb_table_name;
extern CryptographyKmcCryptoServiceConfig_t *cryptography_kmc_crypto_config;
extern CamConfig_t *cam_config;
extern GvcidManagedParameters_t *gvcid_managed_parameters;
@@ -375,4 +376,4 @@ static const uint8_t crypto_gf_log[GF_SIZE] = {0, 0, 1, 4, 2, 8, 5, 10, 3, 14, 9
// Generator polynomial coefficients for g(x) = x^4 + a^3x^3 + ax^2 + a^3x + 1
static const uint8_t crypto_gen_poly[RS_PARITY + 1] = {1, 8, 2, 8, 1};
-#endif // CRYPTO_H
\ No newline at end of file
+#endif // CRYPTO_H
diff --git a/include/crypto_config.h b/include/crypto_config.h
index d4bba63f..02d43c10 100644
--- a/include/crypto_config.h
+++ b/include/crypto_config.h
@@ -123,17 +123,18 @@
#define FHECF_SIZE 2
#define FECF_SIZE 2
#define TC_SEGMENT_HDR_SIZE 1
-#define ECS_SIZE 4 /* bytes */
-#define ABM_SIZE 1786 /* bytes */
-#define ARSN_SIZE 20 /* total messages */
-#define ARSNW_SIZE 1 /* bytes */
-#define SN_SIZE 16 /* bytes */
-#define PAD_SIZE 32 /* bytes */
-#define CHALLENGE_SIZE 16 /* bytes */
-#define CHALLENGE_MAC_SIZE 16 /* bytes */
-#define BYTE_LEN 8 /* bits */
+#define ECS_SIZE 4 /* bytes */
+#define ABM_SIZE 1786 /* bytes */
+#define ARSN_SIZE 20 /* total messages */
+#define ARSNW_SIZE 1 /* bytes */
+#define SN_SIZE 16 /* bytes */
+#define PAD_SIZE 2 /* bytes */ // Max shplf len takes up 2 bytes
+#define CHALLENGE_SIZE 16 /* bytes */
+#define CHALLENGE_MAC_SIZE 16 /* bytes */
+#define BYTE_LEN 8 /* bits */
#define CRYPTOLIB_APPID 128
#define MAX_IV_LEN 32 /* bytes */
+#define MAX_IZ_LEN 32
// Configurable via build flags
#ifndef NUM_SA
@@ -268,4 +269,11 @@
*/
#define TC_BLOCK_SIZE 16
+/*
+** MariaDB Defines
+*/
+#define MARIADB_TC_TABLE_NAME "security_associations"
+#define MARIADB_TM_TABLE_NAME "security_associations_tm"
+#define MARIADB_AOS_TABLE_NAME "security_associations_aos"
+
#endif // CRYPTO_CONFIG_H
diff --git a/include/crypto_error.h b/include/crypto_error.h
index a528d0d3..2966643d 100644
--- a/include/crypto_error.h
+++ b/include/crypto_error.h
@@ -58,6 +58,7 @@
#define CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_EMPTY_RESPONSE 513
#define CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_DECRYPT_ERROR 514
#define CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_ENCRYPT_ERROR 515
+#define CRYPTOGRAHPY_KMC_BASE64_DECRYPT_ERROR 516
#define CAM_CONFIG_NOT_SUPPORTED_ERROR 600
#define CAM_INVALID_COOKIE_FILE_CONFIGURATION_NULL 601
@@ -156,15 +157,16 @@
#define CRYPTO_LIB_ERR_TC_FRAME_LENGTH_MISMATCH (-82)
#define CRYPTO_LIB_ERR_SHPLF_LEN_LESS_THAN_MIN_PAD_SIZE (-83)
#define CRYPTO_LIB_ERR_INVALID_AOS_IZ_LENGTH (-84)
+#define CRYPTO_LIB_ERR_INVALID_AOS_FRAME_LENGTH (-85)
-#define CRYPTO_CORE_ERROR_CODES_MAX -84
+#define CRYPTO_CORE_ERROR_CODES_MAX -85
// Define codes for returning MDB Strings, and determining error based on strings
#define CAM_ERROR_CODES 600
#define CAM_ERROR_CODES_MAX 610
#define KMC_ERROR_CODES 500
-#define KMC_ERROR_CODES_MAX 515
+#define KMC_ERROR_CODES_MAX 516
#define CRYPTO_INTERFACE_ERROR_CODES 400
#define CRYPTO_INTERFACE_ERROR_CODES_MAX 402
diff --git a/include/crypto_print.h b/include/crypto_print.h
index 6d979e8b..dcf087ea 100644
--- a/include/crypto_print.h
+++ b/include/crypto_print.h
@@ -43,6 +43,13 @@ void Crypto_tcPrint(TC_t *tc_frame);
**/
void Crypto_tmPrint(TM_t *tm_frame);
+/**
+ * @brief Function: Crypto_aosPrint
+ * Prints the current AOS in memory.
+ * @param aos_frame: AOS_t*
+ **/
+void Crypto_aosPrint(AOS_t *aos_frame);
+
/**
* @brief Function: Crypto_clcwPrint
* @param clcw: Telemetry_Frame_Clcw_t*
diff --git a/include/crypto_structs.h b/include/crypto_structs.h
index cb2f1251..2a4bfe79 100644
--- a/include/crypto_structs.h
+++ b/include/crypto_structs.h
@@ -518,7 +518,7 @@ typedef struct
uint16_t fhp : 11; // First Header Pointer
// Sync Flag 0 = Contains position of the first byte of the first packet in the data field
// Sync Flag 1 = undefined
-} TM_FramePrimaryHeader_t;
+} __attribute__((packed)) TM_FramePrimaryHeader_t;
#define TM_FRAME_PRIMARYHEADER_SIZE (sizeof(TM_FramePrimaryHeader_t))
/*
@@ -528,7 +528,12 @@ typedef struct
{
uint16_t spi; // Security Parameter Index
uint8_t iv[IV_SIZE]; // Initialization Vector for encryption
-} TM_FrameSecurityHeader_t;
+ uint8_t iv_field_len;
+ uint8_t sn[SN_SIZE]; // Sequence Number for anti-replay
+ uint8_t sn_field_len;
+ uint16_t pad; // Count of the used fill Bytes
+ uint8_t pad_field_len;
+} __attribute__((packed)) TM_FrameSecurityHeader_t;
#define TM_FRAME_SECHEADER_SIZE (sizeof(TM_FrameSecurityHeader_t))
/*
@@ -537,9 +542,11 @@ typedef struct
typedef struct
{
uint8_t mac[MAC_SIZE]; // Message Authentication Code
+ uint8_t mac_field_len;
uint8_t ocf[OCF_SIZE]; // Operational Control Field
- uint16_t fecf; // Frame Error Control Field
-} TM_FrameSecurityTrailer_t;
+ uint8_t ocf_field_len;
+ uint16_t fecf; // Frame Error Control Field
+} __attribute__((packed)) TM_FrameSecurityTrailer_t;
#define TM_FRAME_SECTRAILER_SIZE (sizeof(TM_FrameSecurityTrailer_t))
/*
@@ -551,12 +558,12 @@ typedef struct
TM_FramePrimaryHeader_t tm_header;
TM_FrameSecurityHeader_t tm_sec_header;
uint8_t tm_pdu[TM_FRAME_DATA_SIZE];
+ uint16_t tm_pdu_len;
TM_FrameSecurityTrailer_t tm_sec_trailer;
-} TM_t;
+} __attribute__((packed)) TM_t;
#define TM_SIZE (sizeof(TM_t))
-#define TM_MIN_SIZE \
- (TM_FRAME_PRIMARYHEADER_SIZE + TM_FRAME_SECHEADER_SIZE + TM_FRAME_SECTRAILER_SIZE + TM_FRAME_CLCW_SIZE)
+#define TM_MIN_SIZE 7
/*
** Advanced Orbiting Systems (AOS) Definitions
@@ -573,20 +580,18 @@ typedef struct
// To be all zeros if only one VC used (732.0b4 Section 4.1.2.3)
long vcfc : 24; // Virtual Channel Frame Count (modulo-16,777,216)
/* Begin TF Signalling Field */
- uint8_t rf : 1; // Replay Flag
- uint8_t sf : 1; // VC Frame Count Usgae Flag
- // 0 = Payload is either idle data or octet synchronized forward-ordered packets
- // 1 = Data is a virtual channel access data unit
- uint8_t spare : 2; // Reserved Spare
- // 0 = Shall be set to 0
- // Sync Flag 1 = Undefined
- uint8_t vfcc : 4; // VC Frame Count cycle
- // Sync Flag 0 = Shall be 11
- // Sync Flag 1 = Undefined
- uint16_t fhp : 16; // First Header Pointer
- // Sync Flag 0 = Contains position of the first byte of the first packet in the data field
- // Sync Flag 1 = undefined
-} AOS_FramePrimaryHeader_t;
+ uint8_t rf : 1; // Replay Flag
+ uint8_t sf : 1; // VC Frame Count Usgae Flag
+ // 0 = Payload is either idle data or octet synchronized forward-ordered packets
+ // 1 = Data is a virtual channel access data unit
+ uint8_t spare : 2; // Reserved Spare
+ // 0 = Shall be set to 0
+ // Sync Flag 1 = Undefined
+ uint8_t vfcc : 4; // VC Frame Count cycle
+ // Sync Flag 0 = Shall be 11
+ // Sync Flag 1 = Undefined
+ uint16_t fhecf : 16; // Frame header error control field
+} __attribute__((packed)) AOS_FramePrimaryHeader_t;
#define AOS_FRAME_PRIMARYHEADER_SIZE (sizeof(AOS_FramePrimaryHeader_t))
/*
@@ -594,9 +599,15 @@ typedef struct
*/
typedef struct
{
+ uint8_t iz[MAX_IZ_LEN];
uint16_t spi; // Security Parameter Index
uint8_t iv[IV_SIZE]; // Initialization Vector for encryption
-} AOS_FrameSecurityHeader_t;
+ uint8_t iv_field_len;
+ uint8_t sn[SN_SIZE]; // Sequence Number for anti-replay
+ uint8_t sn_field_len;
+ uint16_t pad; // Count of the used fill Bytes
+ uint8_t pad_field_len;
+} __attribute__((packed)) AOS_FrameSecurityHeader_t;
#define AOS_FRAME_SECHEADER_SIZE (sizeof(AOS_FrameSecurityHeader_t))
/*
@@ -605,9 +616,11 @@ typedef struct
typedef struct
{
uint8_t mac[MAC_SIZE]; // Message Authentication Code
+ uint8_t mac_field_len;
uint8_t ocf[OCF_SIZE]; // Operational Control Field
- uint16_t fecf; // Frame Error Control Field
-} AOS_FrameSecurityTrailer_t;
+ uint8_t ocf_field_len;
+ uint16_t fecf; // Frame Error Control Field
+} __attribute__((packed)) AOS_FrameSecurityTrailer_t;
#define AOS_FRAME_SECTRAILER_SIZE (sizeof(AOS_FrameSecurityTrailer_t))
/*
@@ -616,14 +629,14 @@ typedef struct
*/
typedef struct
{
- AOS_FramePrimaryHeader_t tm_header;
- AOS_FrameSecurityHeader_t tm_sec_header;
+ AOS_FramePrimaryHeader_t aos_header;
+ AOS_FrameSecurityHeader_t aos_sec_header;
uint8_t aos_pdu[AOS_FRAME_DATA_SIZE];
+ uint16_t aos_pdu_len;
AOS_FrameSecurityTrailer_t aos_sec_trailer;
} __attribute__((packed)) AOS_t;
#define AOS_SIZE (sizeof(AOS_t))
-#define AOS_MIN_SIZE \
- (AOS_FRAME_PRIMARYHEADER_SIZE + AOS_FRAME_SECHEADER_SIZE + AOS_FRAME_SECTRAILER_SIZE + AOS_FRAME_OCF_SIZE)
+#define AOS_MIN_SIZE 6
#endif // CRYPTO_STRUCTS_H
\ No newline at end of file
diff --git a/src/core/crypto.c b/src/core/crypto.c
index 45f80588..f452a0a4 100644
--- a/src/core/crypto.c
+++ b/src/core/crypto.c
@@ -46,13 +46,13 @@ SDLS_KEYV_RPLY_t sdls_ep_keyv_reply; // Reply block for challenged keys
uint8_t sdls_ep_reply[TC_MAX_FRAME_SIZE];
CCSDS_t sdls_frame;
// TM
-uint8_t tm_frame[TM_MAX_FRAME_SIZE]; // TM Global Frame
-TM_FramePrimaryHeader_t tm_frame_pri_hdr; // Used to reduce bit math duplication
-TM_FrameSecurityHeader_t tm_frame_sec_hdr; // Used to reduce bit math duplication
+// TM_t tm_frame; // TM Global Frame
+TM_FramePrimaryHeader_t tm_frame_pri_hdr; // Used to reduce bit math duplication
+TM_FrameSecurityHeader_t tm_frame_sec_hdr; // Used to reduce bit math duplication
// AOS
-uint8_t aos_frame[AOS_MAX_FRAME_SIZE]; // AOS Global Frame
-AOS_FramePrimaryHeader_t aos_frame_pri_hdr; // Used to reduce bit math duplication
-AOS_FrameSecurityHeader_t aos_frame_sec_hdr; // Used to reduce bit math duplication
+// uint8_t aos_frame[AOS_MAX_FRAME_SIZE]; // AOS Global Frame
+AOS_FramePrimaryHeader_t aos_frame_pri_hdr; // Used to reduce bit math duplication
+AOS_FrameSecurityHeader_t aos_frame_sec_hdr; // Used to reduce bit math duplication
// OCF
uint8_t ocf = 0;
Telemetry_Frame_Ocf_Fsr_t report;
@@ -72,6 +72,8 @@ uint8_t parity[RS_PARITY];
// CRC
uint32_t crc32Table[CRC32TBL_SIZE];
uint16_t crc16Table[CRC16TBL_SIZE];
+// Mariadb
+char *mariadb_table_name = "security_associations";
/*
** Assisting Functions
diff --git a/src/core/crypto_aos.c b/src/core/crypto_aos.c
index 7e82464d..0d6aa8f0 100644
--- a/src/core/crypto_aos.c
+++ b/src/core/crypto_aos.c
@@ -106,6 +106,10 @@ int32_t Crypto_AOS_ApplySecurity(uint8_t *pTfBuffer, uint16_t len_ingest)
printf("\n");
#endif
+ if (crypto_config.sa_type == SA_TYPE_MARIADB)
+ {
+ mariadb_table_name = MARIADB_AOS_TABLE_NAME;
+ }
status = sa_if->sa_get_operational_sa_from_gvcid(tfvn, scid, vcid, 0, &sa_ptr);
// No operational/valid SA found
@@ -800,6 +804,22 @@ int32_t Crypto_AOS_ApplySecurity(uint8_t *pTfBuffer, uint16_t len_ingest)
return status;
}
+int32_t Crypto_AOS_Verify_Frame_Lengths(uint16_t len_ingest)
+{
+ uint8_t fhec_len = aos_current_managed_parameters_struct.aos_has_fhec == AOS_HAS_FHEC ? FHECF_SIZE : 0;
+ uint16_t iz_len = aos_current_managed_parameters_struct.aos_has_iz == AOS_HAS_IZ
+ ? aos_current_managed_parameters_struct.aos_iz_len
+ : 0;
+ uint8_t ocf_len = aos_current_managed_parameters_struct.has_ocf == AOS_HAS_OCF ? OCF_SIZE : 0;
+ uint8_t fecf_len = aos_current_managed_parameters_struct.has_fecf == AOS_HAS_FECF ? FECF_SIZE : 0;
+ uint16_t expected_frame_length = AOS_MIN_SIZE + fhec_len + SPI_LEN + iz_len + ocf_len + fecf_len;
+ if (len_ingest < expected_frame_length)
+ {
+ return CRYPTO_LIB_ERR_INVALID_AOS_FRAME_LENGTH;
+ }
+ return CRYPTO_LIB_SUCCESS;
+}
+
/**
* @brief Function: Crypto_AOS_ProcessSecurity
* @param ingest: uint8_t*
@@ -808,7 +828,7 @@ int32_t Crypto_AOS_ApplySecurity(uint8_t *pTfBuffer, uint16_t len_ingest)
*
* CCSDS Compliance: CCSDS 355.0-B-2 Section 5 (AOS Protocol), CCSDS 732.0-B-4
**/
-int32_t Crypto_AOS_ProcessSecurity(uint8_t *p_ingest, uint16_t len_ingest, uint8_t **pp_processed_frame,
+int32_t Crypto_AOS_ProcessSecurity(uint8_t *p_ingest, uint16_t len_ingest, AOS_t *pp_processed_frame,
uint16_t *p_decrypted_length)
{
// Local Variables
@@ -885,6 +905,12 @@ int32_t Crypto_AOS_ProcessSecurity(uint8_t *p_ingest, uint16_t len_ingest, uint8
return status;
} // Unable to get necessary Managed Parameters for AOS TF -- return with error.
+ status = Crypto_AOS_Verify_Frame_Lengths(len_ingest);
+ if (status != CRYPTO_LIB_SUCCESS)
+ {
+ return status;
+ }
+
// Increment to end of Primary Header start, depends on FHECF presence
byte_idx = 6;
if (aos_current_managed_parameters_struct.aos_has_fhec == AOS_HAS_FHEC)
@@ -944,11 +970,19 @@ int32_t Crypto_AOS_ProcessSecurity(uint8_t *p_ingest, uint16_t len_ingest, uint8
// Move index to past the SPI
byte_idx += 2;
+ if (crypto_config.sa_type == SA_TYPE_MARIADB)
+ {
+ mariadb_table_name = MARIADB_AOS_TABLE_NAME;
+ }
status = sa_if->sa_get_from_spi(spi, &sa_ptr);
// If no valid SPI, return
if (status != CRYPTO_LIB_SUCCESS)
{
mc_if->mc_log(status);
+ if (crypto_config.sa_type == SA_TYPE_MARIADB)
+ {
+ free(sa_ptr);
+ }
return status;
}
@@ -982,6 +1016,10 @@ int32_t Crypto_AOS_ProcessSecurity(uint8_t *p_ingest, uint16_t len_ingest, uint8
#endif
status = CRYPTO_LIB_ERROR;
mc_if->mc_log(status);
+ if (crypto_config.sa_type == SA_TYPE_MARIADB)
+ {
+ free(sa_ptr);
+ }
return status;
}
@@ -1007,6 +1045,10 @@ int32_t Crypto_AOS_ProcessSecurity(uint8_t *p_ingest, uint16_t len_ingest, uint8
{
status = CRYPTO_LIB_ERR_NO_ECS_SET_FOR_ENCRYPTION_MODE;
mc_if->mc_log(status);
+ if (crypto_config.sa_type == SA_TYPE_MARIADB)
+ {
+ free(sa_ptr);
+ }
return status;
}
@@ -1032,6 +1074,10 @@ int32_t Crypto_AOS_ProcessSecurity(uint8_t *p_ingest, uint16_t len_ingest, uint8
{
status = CRYPTO_LIB_ERR_AOS_FL_LT_MAX_FRAME_SIZE;
mc_if->mc_log(status);
+ if (crypto_config.sa_type == SA_TYPE_MARIADB)
+ {
+ free(sa_ptr);
+ }
return status;
}
@@ -1056,6 +1102,10 @@ int32_t Crypto_AOS_ProcessSecurity(uint8_t *p_ingest, uint16_t len_ingest, uint8
#endif
status = CRYPTO_LIB_ERR_INVALID_FECF;
mc_if->mc_log(status);
+ if (crypto_config.sa_type == SA_TYPE_MARIADB)
+ {
+ free(sa_ptr);
+ }
return status;
}
// Valid FECF, zero out the field
@@ -1077,6 +1127,10 @@ int32_t Crypto_AOS_ProcessSecurity(uint8_t *p_ingest, uint16_t len_ingest, uint8
#endif
status = CRYPTO_LIB_ERR_TC_ENUM_USED_FOR_AOS_CONFIG;
mc_if->mc_log(status);
+ if (crypto_config.sa_type == SA_TYPE_MARIADB)
+ {
+ free(sa_ptr);
+ }
return status;
}
@@ -1089,6 +1143,10 @@ int32_t Crypto_AOS_ProcessSecurity(uint8_t *p_ingest, uint16_t len_ingest, uint8
#endif
status = CRYPTO_LIB_ERROR;
mc_if->mc_log(status);
+ if (crypto_config.sa_type == SA_TYPE_MARIADB)
+ {
+ free(sa_ptr);
+ }
return status;
}
@@ -1122,7 +1180,7 @@ int32_t Crypto_AOS_ProcessSecurity(uint8_t *p_ingest, uint16_t len_ingest, uint8
#ifdef SA_DEBUG
printf(KYEL "IV length of %d bytes\n" RESET, sa_ptr->shivf_len);
- printf(KYEL "ARSN length of %d bytes\n" RESET, sa_ptr->arsn_len - sa_ptr->shsnf_len);
+ printf(KYEL "SHSNF length of %d bytes\n" RESET, sa_ptr->shsnf_len);
printf(KYEL "PAD length field of %d bytes\n" RESET, sa_ptr->shplf_len);
printf(KYEL "First byte past Security Header is at index %d\n" RESET, byte_idx);
#endif
@@ -1198,6 +1256,10 @@ int32_t Crypto_AOS_ProcessSecurity(uint8_t *p_ingest, uint16_t len_ingest, uint8
status = CRYPTO_LIB_ERR_KEY_ID_ERROR;
mc_if->mc_log(status);
free(p_new_dec_frame);
+ if (crypto_config.sa_type == SA_TYPE_MARIADB)
+ {
+ free(sa_ptr);
+ }
return status;
}
if (ekp->key_state != KEY_ACTIVE)
@@ -1205,6 +1267,10 @@ int32_t Crypto_AOS_ProcessSecurity(uint8_t *p_ingest, uint16_t len_ingest, uint8
status = CRYPTO_LIB_ERR_KEY_STATE_INVALID;
mc_if->mc_log(status);
free(p_new_dec_frame);
+ if (crypto_config.sa_type == SA_TYPE_MARIADB)
+ {
+ free(sa_ptr);
+ }
return status;
}
}
@@ -1219,6 +1285,10 @@ int32_t Crypto_AOS_ProcessSecurity(uint8_t *p_ingest, uint16_t len_ingest, uint8
status = CRYPTO_LIB_ERR_KEY_ID_ERROR;
mc_if->mc_log(status);
free(p_new_dec_frame);
+ if (crypto_config.sa_type == SA_TYPE_MARIADB)
+ {
+ free(sa_ptr);
+ }
return status;
}
if (akp->key_state != KEY_ACTIVE)
@@ -1226,6 +1296,10 @@ int32_t Crypto_AOS_ProcessSecurity(uint8_t *p_ingest, uint16_t len_ingest, uint8
status = CRYPTO_LIB_ERR_KEY_STATE_INVALID;
mc_if->mc_log(status);
free(p_new_dec_frame);
+ if (crypto_config.sa_type == SA_TYPE_MARIADB)
+ {
+ free(sa_ptr);
+ }
return status;
}
}
@@ -1262,6 +1336,10 @@ int32_t Crypto_AOS_ProcessSecurity(uint8_t *p_ingest, uint16_t len_ingest, uint8
aad_len);
#endif
mc_if->mc_log(status);
+ if (crypto_config.sa_type == SA_TYPE_MARIADB)
+ {
+ free(sa_ptr);
+ }
return status;
}
@@ -1285,6 +1363,10 @@ int32_t Crypto_AOS_ProcessSecurity(uint8_t *p_ingest, uint16_t len_ingest, uint8
printf(KRED "Error: SA Not Operational \n" RESET);
#endif
free(p_new_dec_frame); // Add cleanup
+ if (crypto_config.sa_type == SA_TYPE_MARIADB)
+ {
+ free(sa_ptr);
+ }
return CRYPTO_LIB_ERR_SA_NOT_OPERATIONAL;
}
@@ -1361,6 +1443,10 @@ int32_t Crypto_AOS_ProcessSecurity(uint8_t *p_ingest, uint16_t len_ingest, uint8
free(p_new_dec_frame); // Add cleanup
status = CRYPTO_LIB_ERR_KEY_LENGTH_ERROR;
mc_if->mc_log(status);
+ if (crypto_config.sa_type == SA_TYPE_MARIADB)
+ {
+ free(sa_ptr);
+ }
return status;
}
@@ -1400,10 +1486,105 @@ int32_t Crypto_AOS_ProcessSecurity(uint8_t *p_ingest, uint16_t len_ingest, uint8
printf("\n");
#endif
- *pp_processed_frame = p_new_dec_frame;
// TODO maybe not just return this without doing the math ourselves
*p_decrypted_length = aos_current_managed_parameters_struct.max_frame_size;
+ // Copy data into struct
+ byte_idx = 0;
+
+ // Primary Header
+ pp_processed_frame->aos_header.tfvn = (p_new_dec_frame[0] & 0xC0) >> 6;
+ pp_processed_frame->aos_header.scid =
+ (((uint16_t)p_new_dec_frame[0] & 0x3F) << 2) | (((uint16_t)p_new_dec_frame[1] & 0xC0) >> 6);
+ pp_processed_frame->aos_header.vcid = (p_new_dec_frame[1] & 0x3F);
+ pp_processed_frame->aos_header.vcfc = (p_new_dec_frame[2] << 16) | (p_new_dec_frame[3] << 8) | (p_new_dec_frame[4]);
+ pp_processed_frame->aos_header.rf = (p_new_dec_frame[5] & 0x80) >> 7;
+ pp_processed_frame->aos_header.sf = (p_new_dec_frame[5] & 0x40) >> 6;
+ pp_processed_frame->aos_header.spare = (p_new_dec_frame[5] & 0x30) >> 4;
+ pp_processed_frame->aos_header.vfcc = (p_new_dec_frame[5] & 0x0F);
+ if (aos_current_managed_parameters_struct.aos_has_fhec == AOS_HAS_FHEC)
+ {
+ pp_processed_frame->aos_header.fhecf = (p_new_dec_frame[6] << 8) | p_new_dec_frame[7];
+ byte_idx += 8;
+ }
+ else
+ {
+ byte_idx += 6;
+ }
+
+ // Security Header
+ if (aos_current_managed_parameters_struct.aos_has_iz == AOS_HAS_IZ)
+ {
+ for (int i = 0; i < aos_current_managed_parameters_struct.aos_iz_len; i++)
+ {
+ memcpy(pp_processed_frame->aos_sec_header.iz + i, &p_new_dec_frame[byte_idx + i], 1);
+ }
+ byte_idx += aos_current_managed_parameters_struct.aos_iz_len;
+ }
+
+ pp_processed_frame->aos_sec_header.spi =
+ (((uint16_t)p_new_dec_frame[byte_idx]) << 8) | ((uint16_t)p_new_dec_frame[byte_idx + 1]);
+ byte_idx += 2;
+
+ for (int i = 0; i < sa_ptr->shivf_len; i++)
+ {
+ memcpy(pp_processed_frame->aos_sec_header.iv + i, &p_new_dec_frame[byte_idx + i], 1);
+ }
+ byte_idx += sa_ptr->shivf_len;
+ pp_processed_frame->aos_sec_header.iv_field_len = sa_ptr->shivf_len;
+
+ for (int i = 0; i < sa_ptr->shsnf_len; i++)
+ {
+ memcpy(pp_processed_frame->aos_sec_header.sn + i, &p_new_dec_frame[byte_idx + i], 1);
+ }
+ byte_idx += sa_ptr->shsnf_len;
+ pp_processed_frame->aos_sec_header.sn_field_len = sa_ptr->shsnf_len;
+
+ for (int i = 0; i < sa_ptr->shplf_len; i++)
+ {
+ pp_processed_frame->aos_sec_header.pad += (p_new_dec_frame[byte_idx + i] << ((sa_ptr->shplf_len - 1 - i) * 8));
+ }
+ byte_idx += sa_ptr->shplf_len;
+ pp_processed_frame->aos_sec_header.pad_field_len = sa_ptr->shplf_len;
+
+ // PDU
+ memcpy(pp_processed_frame->aos_pdu, &p_new_dec_frame[byte_idx], pdu_len);
+ pp_processed_frame->aos_pdu_len = pdu_len;
+ byte_idx += pdu_len;
+
+ // Security Trailer
+ for (int i = 0; i < sa_ptr->stmacf_len; i++)
+ {
+ memcpy(pp_processed_frame->aos_sec_trailer.mac + i, &p_new_dec_frame[byte_idx + i], 1);
+ }
+ byte_idx += sa_ptr->stmacf_len;
+ pp_processed_frame->aos_sec_trailer.mac_field_len = sa_ptr->stmacf_len;
+
+ if (aos_current_managed_parameters_struct.has_ocf == AOS_HAS_OCF)
+ {
+ for (int i = 0; i < OCF_SIZE; i++)
+ {
+ memcpy(pp_processed_frame->aos_sec_trailer.ocf + i, &p_new_dec_frame[byte_idx + i], 1);
+ }
+ byte_idx += OCF_SIZE;
+ pp_processed_frame->aos_sec_trailer.ocf_field_len = OCF_SIZE;
+ }
+ else
+ {
+ pp_processed_frame->aos_sec_trailer.ocf_field_len = 0;
+ }
+
+ if (aos_current_managed_parameters_struct.has_fecf == AOS_HAS_FECF)
+ {
+ pp_processed_frame->aos_sec_trailer.fecf =
+ (uint16_t)(p_new_dec_frame[byte_idx] << 8) | p_new_dec_frame[byte_idx + 1];
+ }
+ free(p_new_dec_frame);
+ if (crypto_config.sa_type == SA_TYPE_MARIADB)
+ {
+ free(sa_ptr);
+ }
+
#ifdef DEBUG
printf(KYEL "----- Crypto_AOS_ProcessSecurity END -----\n" RESET);
#endif
@@ -1411,26 +1592,6 @@ int32_t Crypto_AOS_ProcessSecurity(uint8_t *p_ingest, uint16_t len_ingest, uint8
return status;
}
-/**
- * @brief Function: Crypto_Get_aosLength
- * Returns the total length of the current aos_frame in BYTES!
- * @param len: int
- * @return int32_t Length of AOS
- *
- * CCSDS Compliance: CCSDS 732.0-B-4 Section 4.1 (AOS Transfer Frame Format)
- **/
-int32_t Crypto_Get_aosLength(int len)
-{
-#ifdef FILL
- len = AOS_FILL_SIZE;
-#else
- len =
- AOS_FRAME_PRIMARYHEADER_SIZE + AOS_FRAME_SECHEADER_SIZE + len + AOS_FRAME_SECTRAILER_SIZE + AOS_FRAME_CLCW_SIZE;
-#endif
-
- return len;
-}
-
/**
* @brief Function: Crypto_Prepare_AOS_AAD
* Bitwise ANDs buffer with abm, placing results in aad buffer
@@ -1440,7 +1601,7 @@ int32_t Crypto_Get_aosLength(int len)
* @param aad: uint8_t*
* @return status: uint32_t
*
- * CCSDS Compliance: CCSDS 355.0-B-2 Section 7.2.3 (AAD Construction)
+ * CCSDS Compliance: CCSDS 355.0-B-2 Section 4.2.3 (AAD Construction)
**/
uint32_t Crypto_Prepare_AOS_AAD(const uint8_t *buffer, uint16_t len_aad, const uint8_t *abm_buffer, uint8_t *aad)
{
@@ -1472,4 +1633,4 @@ uint32_t Crypto_Prepare_AOS_AAD(const uint8_t *buffer, uint16_t len_aad, const u
#endif
return status;
-}
\ No newline at end of file
+}
diff --git a/src/core/crypto_config.c b/src/core/crypto_config.c
index 89d53edd..0d46955c 100644
--- a/src/core/crypto_config.c
+++ b/src/core/crypto_config.c
@@ -102,6 +102,10 @@ int32_t Crypto_SC_Init(void)
status = Crypto_Init();
SecurityAssociation_t *sa_ptr = NULL;
+ if (crypto_config.sa_type == SA_TYPE_MARIADB)
+ {
+ mariadb_table_name = MARIADB_TC_TABLE_NAME;
+ }
sa_if->sa_get_from_spi(1, &sa_ptr);
sa_ptr->gvcid_blk.vcid = 0;
sa_if->sa_get_from_spi(2, &sa_ptr);
@@ -113,6 +117,10 @@ int32_t Crypto_SC_Init(void)
sa_ptr->abm_len = ABM_SIZE;
sa_ptr->shivf_len = 0;
sa_ptr->iv_len = 0;
+ if (crypto_config.sa_type == SA_TYPE_MARIADB)
+ {
+ mariadb_table_name = MARIADB_TM_TABLE_NAME;
+ }
sa_if->sa_get_from_spi(5, &sa_ptr);
sa_ptr->sa_state = SA_OPERATIONAL;
sa_ptr->shsnf_len = 0;
@@ -280,14 +288,30 @@ int32_t Crypto_Init(void)
if (crypto_config.key_type == KEY_TYPE_CUSTOM)
{
key_if = get_key_interface_custom();
+ if (key_if == NULL)
+ {
+ return CRYPTO_LIB_ERROR;
+ }
}
else if (crypto_config.key_type == KEY_TYPE_INTERNAL)
{
key_if = get_key_interface_internal();
+ if (key_if == NULL)
+ {
+ return CRYPTO_LIB_ERROR;
+ }
}
- else // KEY_TYPE_KMC
+ else if (crypto_config.key_type == KEY_TYPE_KMC)
{
key_if = get_key_interface_kmc();
+ if (key_if == NULL)
+ {
+ return CRYPTO_LIB_ERROR;
+ }
+ }
+ else
+ {
+ return CRYPTO_LIB_ERROR;
}
}
status = key_if->key_init();
@@ -302,14 +326,30 @@ int32_t Crypto_Init(void)
if (crypto_config.mc_type == MC_TYPE_CUSTOM)
{
mc_if = get_mc_interface_custom();
+ if (mc_if == NULL)
+ {
+ return CRYPTO_LIB_ERROR;
+ }
}
else if (crypto_config.mc_type == MC_TYPE_DISABLED)
{
mc_if = get_mc_interface_disabled();
+ if (mc_if == NULL)
+ {
+ return CRYPTO_LIB_ERROR;
+ }
}
- else // MC_TYPE_INTERNAL
+ else if (crypto_config.mc_type == MC_TYPE_INTERNAL)
{
mc_if = get_mc_interface_internal();
+ if (mc_if == NULL)
+ {
+ return CRYPTO_LIB_ERROR;
+ }
+ }
+ else
+ {
+ return CRYPTO_LIB_ERROR;
}
}
status = mc_if->mc_initialize();
@@ -325,10 +365,18 @@ int32_t Crypto_Init(void)
if (crypto_config.sa_type == SA_TYPE_CUSTOM)
{
sa_if = get_sa_interface_custom();
+ if (sa_if == NULL)
+ {
+ return CRYPTO_LIB_ERROR;
+ }
}
else if (crypto_config.sa_type == SA_TYPE_INMEMORY)
{
sa_if = get_sa_interface_inmemory();
+ if (sa_if == NULL)
+ {
+ return CRYPTO_LIB_ERROR;
+ }
}
else if (crypto_config.sa_type == SA_TYPE_MARIADB)
{
@@ -339,6 +387,10 @@ int32_t Crypto_Init(void)
return status; // MariaDB connection specified but no configuration exists, return!
}
sa_if = get_sa_interface_mariadb();
+ if (sa_if == NULL)
+ {
+ return CRYPTO_LIB_ERROR;
+ }
}
else
{
@@ -699,8 +751,8 @@ int32_t Crypto_Config_Cam(uint8_t cam_enabled, char *cookie_file_path, char *key
char *access_manager_uri, char *username, char *cam_home)
{
int32_t status = CRYPTO_LIB_SUCCESS;
- cam_config = (CamConfig_t *)calloc(1, CAM_CONFIG_SIZE);
+ cam_config = (CamConfig_t *)calloc(1, CAM_CONFIG_SIZE);
if (cam_config == NULL)
{
return CRYPTO_LIB_ERROR;
@@ -708,10 +760,15 @@ int32_t Crypto_Config_Cam(uint8_t cam_enabled, char *cookie_file_path, char *key
if (Crypto_is_safe_username(username) != CRYPTO_LIB_SUCCESS)
{
+ free(cam_config);
+ cam_config = NULL;
return CAM_CONFIG_NOT_SUPPORTED_ERROR;
}
+
if (Crypto_is_safe_path(keytab_file_path) != CRYPTO_LIB_SUCCESS)
{
+ free(cam_config);
+ cam_config = NULL;
return CAM_CONFIG_NOT_SUPPORTED_ERROR;
}
@@ -753,7 +810,7 @@ int32_t Crypto_Config_Cam(uint8_t cam_enabled, char *cookie_file_path, char *key
int32_t Crypto_Config_Add_Gvcid_Managed_Parameters(GvcidManagedParameters_t gvcid_managed_parameters_struct)
{
int32_t status = CRYPTO_LIB_SUCCESS;
- if (gvcid_counter > GVCID_MAN_PARAM_SIZE)
+ if (gvcid_counter >= GVCID_MAN_PARAM_SIZE)
{
status = CRYPTO_LIB_ERR_EXCEEDS_MANAGED_PARAMETER_MAX_LIMIT;
}
diff --git a/src/core/crypto_error.c b/src/core/crypto_error.c
index 83d9d4b6..a4655cb1 100644
--- a/src/core/crypto_error.c
+++ b/src/core/crypto_error.c
@@ -114,7 +114,8 @@ char *crypto_enum_errlist_core[] = {(char *)"CRYPTO_LIB_SUCCESS",
(char *)"CRYPTO_LIB_ERR_TM_SECONDARY_HDR_VN",
(char *)"CRYPTO_LIB_ERR_TC_FRAME_LENGTH_MISMATCH",
(char *)"CRYPTO_LIB_ERR_SHPLF_LEN_LESS_THAN_MIN_PAD_SIZE",
- (char *)"CRYPTO_LIB_ERR_INVALID_AOS_IZ_LENGTH"};
+ (char *)"CRYPTO_LIB_ERR_INVALID_AOS_IZ_LENGTH",
+ (char *)"CRYPTO_LIB_ERR_INVALID_AOS_FRAME_LENGTH"};
char *crypto_enum_errlist_config[] = {
(char *)"CRYPTO_CONFIGURATION_NOT_COMPLETE",
@@ -154,6 +155,7 @@ char *crypto_enum_errlist_crypto_kmc[] = {
(char *)"CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_EMPTY_RESPONSE",
(char *)"CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_DECRYPT_ERROR",
(char *)"CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_ENCRYPT_ERROR",
+ (char *)"CRYPTOGRAHPY_KMC_BASE64_DECRYPT_ERROR",
};
char *crypto_enum_errlist_crypto_cam[] = {
diff --git a/src/core/crypto_mc.c b/src/core/crypto_mc.c
index 0c9d185a..3a75fbbf 100644
--- a/src/core/crypto_mc.c
+++ b/src/core/crypto_mc.c
@@ -291,6 +291,11 @@ int32_t Crypto_SA_readARSN(uint8_t *ingest)
// Read ingest
spi = ((uint8_t)sdls_frame.tlv_pdu.data[0] << BYTE_LEN) | (uint8_t)sdls_frame.tlv_pdu.data[1];
+ // TODO: This is not correct
+ if (crypto_config.sa_type == SA_TYPE_MARIADB)
+ {
+ mariadb_table_name = MARIADB_TC_TABLE_NAME;
+ }
status = sa_if->sa_get_from_spi(spi, &sa_ptr);
if (status != CRYPTO_LIB_SUCCESS)
diff --git a/src/core/crypto_print.c b/src/core/crypto_print.c
index eadae288..163576ab 100644
--- a/src/core/crypto_print.c
+++ b/src/core/crypto_print.c
@@ -60,13 +60,78 @@ void Crypto_tcPrint(TC_t *tc_frame)
* Prints the current TM in memory.
* @param tm_frame: TM_t*
**/
-// TODO - START HERE WORK ON PRINT HERE
void Crypto_tmPrint(TM_t *tm_frame)
{
- tm_frame = tm_frame;
printf("Current TM in memory is: \n");
printf("\t Header\n");
- printf("\t**** THIS IS BLANKED OUT CURRENTLY!!!!!!!***\n");
+ printf("\t\t tfvn = %d \n", tm_frame->tm_header.tfvn);
+ printf("\t\t scid = %d \n", tm_frame->tm_header.scid);
+ printf("\t\t vcid = %d \n", tm_frame->tm_header.vcid);
+ printf("\t\t ocff = %d \n", tm_frame->tm_header.ocff);
+ printf("\t\t mcfc = %d \n", tm_frame->tm_header.mcfc);
+ printf("\t\t vcfc = %d \n", tm_frame->tm_header.vcfc);
+ printf("\t\t sf = %d \n", tm_frame->tm_header.sf);
+ printf("\t\t pof = %d \n", tm_frame->tm_header.pof);
+ printf("\t\t slid = %d \n", tm_frame->tm_header.slid);
+ printf("\t\t fhp = %d \n", tm_frame->tm_header.fhp);
+ printf("\t SDLS Header\n");
+ printf("\t\t spi = %d \n", tm_frame->tm_sec_header.spi);
+ printf("\t\t iv[0] = 0x%02x \n", tm_frame->tm_sec_header.iv[0]);
+ printf("\t\t iv_len = %d \n", tm_frame->tm_sec_header.iv_field_len);
+ printf("\t\t sn[0] = 0x%02x \n", tm_frame->tm_sec_header.sn[0]);
+ printf("\t\t sn_len = %d \n", tm_frame->tm_sec_header.sn_field_len);
+ printf("\t\t pad = %d \n", tm_frame->tm_sec_header.pad);
+ printf("\t\t pad_len= %d \n", tm_frame->tm_sec_header.pad_field_len);
+ printf("\t Payload \n");
+ printf("\t\t data[0]= 0x%02x \n", tm_frame->tm_pdu[0]);
+ printf("\t\t data[1]= 0x%02x \n", tm_frame->tm_pdu[1]);
+ printf("\t\t data[2]= 0x%02x \n", tm_frame->tm_pdu[2]);
+ printf("\t SDLS Trailer\n");
+ printf("\t\t MAC[0] = 0x%02x \n", tm_frame->tm_sec_trailer.mac[0]);
+ printf("\t\t MAC_len= %d \n", tm_frame->tm_sec_trailer.mac_field_len);
+ printf("\t\t OCF[0] = 0x%02x \n", tm_frame->tm_sec_trailer.ocf[0]);
+ printf("\t\t OCF_len= %d \n", tm_frame->tm_sec_trailer.ocf_field_len);
+ printf("\t\t FECF = 0x%04x \n", tm_frame->tm_sec_trailer.fecf);
+ printf("\n");
+}
+
+/**
+ * @brief Function: Crypto_aosPrint
+ * Prints the current AOS in memory.
+ * @param aos_frame: AOS_t*
+ **/
+void Crypto_aosPrint(AOS_t *aos_frame)
+{
+ printf("Current AOS in memory is: \n");
+ printf("\t Header\n");
+ printf("\t\t tfvn = %d \n", aos_frame->aos_header.tfvn);
+ printf("\t\t scid = %d \n", aos_frame->aos_header.scid);
+ printf("\t\t vcid = %d \n", aos_frame->aos_header.vcid);
+ printf("\t\t vcfc = %d \n", aos_frame->aos_header.vcfc);
+ printf("\t\t rf = %d \n", aos_frame->aos_header.rf);
+ printf("\t\t sf = %d \n", aos_frame->aos_header.sf);
+ printf("\t\t spare = %d \n", aos_frame->aos_header.spare);
+ printf("\t\t vfcc = %d \n", aos_frame->aos_header.vfcc);
+ printf("\t\t fhecf = 0x%04x \n", aos_frame->aos_header.fhecf);
+ printf("\t SDLS Header\n");
+ printf("\t\t iz[0] = 0x%02x \n", aos_frame->aos_sec_header.iz[0]);
+ printf("\t\t spi = %d \n", aos_frame->aos_sec_header.spi);
+ printf("\t\t iv[0] = 0x%02x \n", aos_frame->aos_sec_header.iv[0]);
+ printf("\t\t iv_len = %d \n", aos_frame->aos_sec_header.iv_field_len);
+ printf("\t\t sn[0] = 0x%02x \n", aos_frame->aos_sec_header.sn[0]);
+ printf("\t\t sn_len = %d \n", aos_frame->aos_sec_header.sn_field_len);
+ printf("\t\t pad = %d \n", aos_frame->aos_sec_header.pad);
+ printf("\t\t pad_len= %d \n", aos_frame->aos_sec_header.pad_field_len);
+ printf("\t Payload \n");
+ printf("\t\t data[0]= 0x%02x \n", aos_frame->aos_pdu[0]);
+ printf("\t\t data[1]= 0x%02x \n", aos_frame->aos_pdu[1]);
+ printf("\t\t data[2]= 0x%02x \n", aos_frame->aos_pdu[2]);
+ printf("\t SDLS Trailer\n");
+ printf("\t\t MAC[0] = 0x%02x \n", aos_frame->aos_sec_trailer.mac[0]);
+ printf("\t\t MAC_len= %d \n", aos_frame->aos_sec_trailer.mac_field_len);
+ printf("\t\t OCF[0] = 0x%02x \n", aos_frame->aos_sec_trailer.ocf[0]);
+ printf("\t\t OCF_len= %d \n", aos_frame->aos_sec_trailer.ocf_field_len);
+ printf("\t\t FECF = 0x%04x \n", aos_frame->aos_sec_trailer.fecf);
printf("\n");
}
diff --git a/src/core/crypto_tc.c b/src/core/crypto_tc.c
index 8c8621cf..5d07c9e2 100644
--- a/src/core/crypto_tc.c
+++ b/src/core/crypto_tc.c
@@ -488,6 +488,7 @@ int32_t Crypto_TC_Encrypt(uint8_t sa_service_type, SecurityAssociation_t *sa_ptr
{
Crypto_TC_Safe_Free_Ptr(*aad);
status = CRYPTO_LIB_ERR_KEY_LENGTH_ERROR;
+ free(p_new_enc_frame);
mc_if->mc_log(status);
return status;
}
@@ -577,6 +578,7 @@ int32_t Crypto_TC_Encrypt(uint8_t sa_service_type, SecurityAssociation_t *sa_ptr
if (status != CRYPTO_LIB_SUCCESS)
{
Crypto_TC_Safe_Free_Ptr(*aad);
+ free(p_new_enc_frame);
mc_if->mc_log(status);
return status; // Cryptography IF call failed, return.
}
@@ -838,6 +840,10 @@ int32_t Crytpo_TC_Validate_TC_Temp_Header(const uint16_t in_frame_length, TC_Fra
mc_if->mc_log(status);
return status;
}
+ if (crypto_config.sa_type == SA_TYPE_MARIADB)
+ {
+ mariadb_table_name = MARIADB_TC_TABLE_NAME;
+ }
status = sa_if->sa_get_operational_sa_from_gvcid(temp_tc_header.tfvn, temp_tc_header.scid, temp_tc_header.vcid,
*map_id, sa_ptr);
// If unable to get operational SA, can return
@@ -1154,6 +1160,7 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t *p_in_frame, const uint16_t in
if (status != CRYPTO_LIB_SUCCESS)
{
mc_if->mc_log(status);
+ free(p_new_enc_frame);
return status;
}
@@ -1268,6 +1275,10 @@ int32_t Crypto_TC_ApplySecurity_Cam(const uint8_t *p_in_frame, const uint16_t in
if (status != CRYPTO_LIB_SUCCESS)
{
mc_if->mc_log(status);
+ if (crypto_config.sa_type == SA_TYPE_MARIADB)
+ {
+ free(sa_ptr);
+ }
return status;
}
@@ -1818,6 +1829,10 @@ uint32_t Crypto_TC_Sanity_Validations(TC_t *tc_sdls_processed_frame, SecurityAss
{
uint32_t status = CRYPTO_LIB_SUCCESS;
+ if (crypto_config.sa_type == SA_TYPE_MARIADB)
+ {
+ mariadb_table_name = MARIADB_TC_TABLE_NAME;
+ }
status = sa_if->sa_get_from_spi(tc_sdls_processed_frame->tc_sec_header.spi, sa_ptr);
// If no valid SPI, return
if (status == CRYPTO_LIB_SUCCESS)
@@ -2208,7 +2223,6 @@ static int32_t validate_sa_index(SecurityAssociation_t *sa)
{
int32_t returnval = 0;
SecurityAssociation_t *temp_sa;
- sa_if->sa_get_from_spi(sa->spi, &temp_sa);
// Do not validate sa index on KMC
if (crypto_config.sa_type == SA_TYPE_MARIADB)
@@ -2216,6 +2230,8 @@ static int32_t validate_sa_index(SecurityAssociation_t *sa)
return returnval;
}
+ sa_if->sa_get_from_spi(sa->spi, &temp_sa);
+
int sa_index = -1;
sa_index = (int)(sa - temp_sa); // Based on array memory location
#ifdef DEBUG
diff --git a/src/core/crypto_tm.c b/src/core/crypto_tm.c
index b906991f..91c8967e 100644
--- a/src/core/crypto_tm.c
+++ b/src/core/crypto_tm.c
@@ -821,6 +821,10 @@ int32_t Crypto_TM_ApplySecurity(uint8_t *pTfBuffer, uint16_t len_ingest)
printf("\n");
#endif
+ if (crypto_config.sa_type == SA_TYPE_MARIADB)
+ {
+ mariadb_table_name = MARIADB_TM_TABLE_NAME;
+ }
status = sa_if->sa_get_operational_sa_from_gvcid(tfvn, scid, vcid, 0, &sa_ptr);
// No operational/valid SA found
@@ -1542,7 +1546,7 @@ void Crypto_TM_Calc_PDU_MAC(uint16_t *pdu_len, uint16_t byte_idx, SecurityAssoci
int32_t Crypto_TM_Do_Decrypt(uint8_t sa_service_type, SecurityAssociation_t *sa_ptr, uint8_t ecs_is_aead_algorithm,
uint16_t byte_idx, uint8_t *p_new_dec_frame, uint16_t pdu_len, uint8_t *p_ingest,
crypto_key_t *ekp, crypto_key_t *akp, uint8_t iv_loc, int mac_loc, uint16_t aad_len,
- uint8_t *aad, uint8_t **pp_processed_frame, uint16_t *p_decrypted_length)
+ uint8_t *aad, TM_t *pp_processed_frame, uint16_t *p_decrypted_length)
{
int32_t status = CRYPTO_LIB_SUCCESS;
if (sa_service_type != SA_PLAINTEXT && ecs_is_aead_algorithm == CRYPTO_TRUE)
@@ -1579,10 +1583,84 @@ int32_t Crypto_TM_Do_Decrypt(uint8_t sa_service_type, SecurityAssociation_t *sa_
printf("\n");
#endif
- *pp_processed_frame = p_new_dec_frame;
+ // pp_processed_frame = p_new_dec_frame;
+
// TODO maybe not just return this without doing the math ourselves
*p_decrypted_length = tm_current_managed_parameters_struct.max_frame_size;
+ // Copy data into struct
+ byte_idx = 0;
+
+ // Primary Header
+ pp_processed_frame->tm_header.tfvn = (p_new_dec_frame[0] & 0xC0) >> 6;
+ pp_processed_frame->tm_header.scid =
+ (((uint16_t)p_new_dec_frame[0] & 0x3F) << 4) | (((uint16_t)p_new_dec_frame[1] & 0xF0) >> 4);
+ pp_processed_frame->tm_header.vcid = (p_new_dec_frame[1] & 0x0E) >> 1;
+ pp_processed_frame->tm_header.ocff = (p_new_dec_frame[1] & 0x01);
+ pp_processed_frame->tm_header.mcfc = (p_new_dec_frame[2]);
+ pp_processed_frame->tm_header.vcfc = (p_new_dec_frame[3]);
+ pp_processed_frame->tm_header.tfsh = (p_new_dec_frame[4] & 0x80) >> 7;
+ pp_processed_frame->tm_header.sf = (p_new_dec_frame[4] & 0x40) >> 6;
+ pp_processed_frame->tm_header.pof = (p_new_dec_frame[4] & 0x20) >> 5;
+ pp_processed_frame->tm_header.slid = ((p_new_dec_frame[4] & 0x18) >> 3);
+ pp_processed_frame->tm_header.fhp = (((uint16_t)p_new_dec_frame[4] & 0x07) << 8) | p_new_dec_frame[5];
+ byte_idx += 6;
+
+ // Security Header
+ pp_processed_frame->tm_sec_header.spi =
+ (((uint16_t)p_new_dec_frame[byte_idx]) << 8) | ((uint16_t)p_new_dec_frame[byte_idx + 1]);
+ byte_idx += 2;
+ for (int i = 0; i < sa_ptr->shivf_len; i++)
+ {
+ memcpy(pp_processed_frame->tm_sec_header.iv + i, &p_new_dec_frame[byte_idx + i], 1);
+ }
+ byte_idx += sa_ptr->shivf_len;
+ pp_processed_frame->tm_sec_header.iv_field_len = sa_ptr->shivf_len;
+ for (int i = 0; i < sa_ptr->shsnf_len; i++)
+ {
+ memcpy(pp_processed_frame->tm_sec_header.sn + i, &p_new_dec_frame[byte_idx + i], 1);
+ }
+ byte_idx += sa_ptr->shsnf_len;
+ pp_processed_frame->tm_sec_header.sn_field_len = sa_ptr->shsnf_len;
+ for (int i = 0; i < sa_ptr->shplf_len; i++)
+ {
+ pp_processed_frame->tm_sec_header.pad += (p_new_dec_frame[byte_idx + i] << ((sa_ptr->shplf_len - 1 - i) * 8));
+ }
+ byte_idx += sa_ptr->shplf_len;
+ pp_processed_frame->tm_sec_header.pad_field_len = sa_ptr->shplf_len;
+
+ // PDU
+ memcpy(pp_processed_frame->tm_pdu, &p_new_dec_frame[byte_idx], pdu_len);
+ pp_processed_frame->tm_pdu_len = pdu_len;
+ byte_idx += pdu_len;
+
+ // Security Trailer
+ for (int i = 0; i < sa_ptr->stmacf_len; i++)
+ {
+ memcpy(pp_processed_frame->tm_sec_trailer.mac + i, &p_new_dec_frame[byte_idx + i], 1);
+ }
+ byte_idx += sa_ptr->stmacf_len;
+ pp_processed_frame->tm_sec_trailer.mac_field_len = sa_ptr->stmacf_len;
+ if (tm_current_managed_parameters_struct.has_ocf == TM_HAS_OCF)
+ {
+ for (int i = 0; i < OCF_SIZE; i++)
+ {
+ memcpy(pp_processed_frame->tm_sec_trailer.ocf + i, &p_new_dec_frame[byte_idx + i], 1);
+ }
+ byte_idx += OCF_SIZE;
+ pp_processed_frame->tm_sec_trailer.ocf_field_len = OCF_SIZE;
+ }
+ else
+ {
+ pp_processed_frame->tm_sec_trailer.ocf_field_len = 0;
+ }
+ if (tm_current_managed_parameters_struct.has_fecf == TM_HAS_FECF)
+ {
+ pp_processed_frame->tm_sec_trailer.fecf =
+ ((uint16_t)p_new_dec_frame[byte_idx] << 8) | p_new_dec_frame[byte_idx + 1];
+ }
+ free(p_new_dec_frame);
+
#ifdef DEBUG
printf(KYEL "----- Crypto_TM_ProcessSecurity END -----\n" RESET);
#endif
@@ -1630,7 +1708,7 @@ void Crypto_TM_Process_Debug_Print(uint16_t byte_idx, uint16_t pdu_len, Security
* @param len_ingest: int*
* @return int32: Success/Failure
**/
-int32_t Crypto_TM_ProcessSecurity(uint8_t *p_ingest, uint16_t len_ingest, uint8_t **pp_processed_frame,
+int32_t Crypto_TM_ProcessSecurity(uint8_t *p_ingest, uint16_t len_ingest, TM_t *pp_processed_frame,
uint16_t *p_decrypted_length)
{
// Local Variables
@@ -1665,10 +1743,15 @@ int32_t Crypto_TM_ProcessSecurity(uint8_t *p_ingest, uint16_t len_ingest, uint8_
* Reference CCSDS SDLP 3550b1 4.1.1.1.3
**/
// Get SPI
- spi = (uint8_t)p_ingest[byte_idx] << 8 | (uint8_t)p_ingest[byte_idx + 1];
+ spi = (uint8_t)p_ingest[byte_idx] << 8 | (uint8_t)p_ingest[byte_idx + 1];
+ pp_processed_frame->tm_sec_header.spi = spi;
// Move index to past the SPI
byte_idx += 2;
+ if (crypto_config.sa_type == SA_TYPE_MARIADB)
+ {
+ mariadb_table_name = MARIADB_TM_TABLE_NAME;
+ }
status = sa_if->sa_get_from_spi(spi, &sa_ptr);
}
@@ -1713,6 +1796,10 @@ int32_t Crypto_TM_ProcessSecurity(uint8_t *p_ingest, uint16_t len_ingest, uint8_
{
status = CRYPTO_LIB_ERR_TM_FRAME_LENGTH_UNDERFLOW;
mc_if->mc_log(status);
+ if (crypto_config.sa_type == SA_TYPE_MARIADB)
+ {
+ free(sa_ptr);
+ }
return status;
}
@@ -1721,6 +1808,10 @@ int32_t Crypto_TM_ProcessSecurity(uint8_t *p_ingest, uint16_t len_ingest, uint8_
{
status = CRYPTO_LIB_ERR_TM_FRAME_LENGTH_UNDERFLOW;
mc_if->mc_log(status);
+ if (crypto_config.sa_type == SA_TYPE_MARIADB)
+ {
+ free(sa_ptr);
+ }
return status;
}
@@ -1760,7 +1851,7 @@ int32_t Crypto_TM_ProcessSecurity(uint8_t *p_ingest, uint16_t len_ingest, uint8_
#ifdef SA_DEBUG
printf(KYEL "IV length of %d bytes\n" RESET, sa_ptr->shivf_len);
- printf(KYEL "ARSN length of %d bytes\n" RESET, sa_ptr->arsn_len - sa_ptr->shsnf_len);
+ printf(KYEL "SHSNF length of %d bytes\n" RESET, sa_ptr->shsnf_len);
printf(KYEL "PAD length field of %d bytes\n" RESET, sa_ptr->shplf_len);
printf(KYEL "First byte past Security Header is at index %d\n" RESET, byte_idx);
#endif
@@ -1778,6 +1869,11 @@ int32_t Crypto_TM_ProcessSecurity(uint8_t *p_ingest, uint16_t len_ingest, uint8_
{
status = CRYPTO_LIB_ERR_TM_FRAME_LENGTH_UNDERFLOW;
mc_if->mc_log(status);
+ free(p_new_dec_frame);
+ if (crypto_config.sa_type == SA_TYPE_MARIADB)
+ {
+ free(sa_ptr);
+ }
return status;
}
@@ -1790,6 +1886,10 @@ int32_t Crypto_TM_ProcessSecurity(uint8_t *p_ingest, uint16_t len_ingest, uint8_
if (status != CRYPTO_LIB_SUCCESS)
{
free(p_new_dec_frame);
+ if (crypto_config.sa_type == SA_TYPE_MARIADB)
+ {
+ free(sa_ptr);
+ }
return status;
}
}
@@ -1809,6 +1909,10 @@ int32_t Crypto_TM_ProcessSecurity(uint8_t *p_ingest, uint16_t len_ingest, uint8_
printf(KRED "Error: SA Not Operational \n" RESET);
#endif
free(p_new_dec_frame);
+ if (crypto_config.sa_type == SA_TYPE_MARIADB)
+ {
+ free(sa_ptr);
+ }
return CRYPTO_LIB_ERR_SA_NOT_OPERATIONAL;
}
@@ -1817,6 +1921,10 @@ int32_t Crypto_TM_ProcessSecurity(uint8_t *p_ingest, uint16_t len_ingest, uint8_
p_decrypted_length);
}
+ if (crypto_config.sa_type == SA_TYPE_MARIADB)
+ {
+ free(sa_ptr);
+ }
return status;
}
diff --git a/src/core/crypto_user.c b/src/core/crypto_user.c
index 626f1f5d..e127d960 100644
--- a/src/core/crypto_user.c
+++ b/src/core/crypto_user.c
@@ -174,6 +174,12 @@ int32_t Crypto_User_ModifyVCID(void)
int i;
int j;
+ // TODO: This is not correct
+ if (crypto_config.sa_type == SA_TYPE_MARIADB)
+ {
+ mariadb_table_name = MARIADB_TC_TABLE_NAME;
+ }
+
for (i = 0; i < NUM_GVCID; i++)
{
if (sa_if->sa_get_from_spi(i, &sa_ptr) != CRYPTO_LIB_SUCCESS)
diff --git a/src/crypto/kmc/base64.c b/src/crypto/kmc/base64.c
index e2670c07..277ce9c2 100644
--- a/src/crypto/kmc/base64.c
+++ b/src/crypto/kmc/base64.c
@@ -174,7 +174,8 @@ void base64Encode(const void *input, size_t inputLen, char_t *output, size_t *ou
* @return Error code
**/
-int32_t base64Decode(const char_t *input, size_t inputLen, void *output, size_t *outputLen)
+int32_t base64Decode(const char_t *input, size_t inputLen, void *output, uint16_t decoded_buffer_size,
+ size_t *outputLen)
{
int32_t error;
uint32_t value;
@@ -194,6 +195,18 @@ int32_t base64Decode(const char_t *input, size_t inputLen, void *output, size_t
// Initialize status code
error = NO_ERROR;
+ // Check expected output buffer size is large enough for decoded input
+ uint16_t outputLen_expected = 0;
+ uint8_t padding = 0;
+ if (inputLen >= 1 && input[inputLen - 1] == '=')
+ padding++;
+ if (inputLen >= 2 && input[inputLen - 2] == '=')
+ padding++;
+ outputLen_expected = ((inputLen * 3) / 4) - padding;
+
+ if (decoded_buffer_size < outputLen_expected)
+ return ERROR_INVALID_LENGTH;
+
// Point to the buffer where to write the decoded data
p = (uint8_t *)output;
diff --git a/src/crypto/kmc/base64.h b/src/crypto/kmc/base64.h
index ca7407f0..35369326 100644
--- a/src/crypto/kmc/base64.h
+++ b/src/crypto/kmc/base64.h
@@ -47,7 +47,8 @@ extern "C"
// Base64 encoding related functions
void base64Encode(const void *input, size_t inputLen, char_t *output, size_t *outputLen);
- int32_t base64Decode(const char_t *input, size_t inputLen, void *output, size_t *outputLen);
+ int32_t base64Decode(const char_t *input, size_t inputLen, void *output, uint16_t decoded_buffer_size,
+ size_t *outputLen);
#define ERROR_INVALID_PARAMETER 21
#define ERROR_INVALID_LENGTH 22
diff --git a/src/crypto/kmc/base64url.c b/src/crypto/kmc/base64url.c
index 553daec1..589157c5 100644
--- a/src/crypto/kmc/base64url.c
+++ b/src/crypto/kmc/base64url.c
@@ -210,18 +210,25 @@ int32_t base64urlDecode(const char_t *input, size_t inputLen, void *output, size
size_t n;
uint8_t *p;
- // This function does not handle equals signs at the end of base64 encoded output!
- while (input[inputLen - 1] == '=')
- {
- inputLen--;
- }
-
// Check parameters
if (input == NULL && inputLen != 0)
return ERROR_INVALID_PARAMETER;
if (outputLen == NULL)
return ERROR_INVALID_PARAMETER;
+ // Empty input is valid; produce empty output
+ if (inputLen == 0)
+ {
+ *outputLen = 0;
+ return NO_ERROR;
+ }
+
+ // Safely strip optional '=' padding
+ while (inputLen > 0 && input[inputLen - 1] == '=')
+ {
+ inputLen--;
+ }
+
// Check the length of the input string
if ((inputLen % 4) == 1)
return ERROR_INVALID_LENGTH;
diff --git a/src/crypto/kmc/cryptography_interface_kmc_crypto_service.template.c b/src/crypto/kmc/cryptography_interface_kmc_crypto_service.template.c
index 0aa7ec86..a4468c28 100644
--- a/src/crypto/kmc/cryptography_interface_kmc_crypto_service.template.c
+++ b/src/crypto/kmc/cryptography_interface_kmc_crypto_service.template.c
@@ -29,13 +29,15 @@
// JSON marshalling libraries
#include "jsmn.h"
-#define CAM_MAX_AUTH_RETRIES 4
+#define CAM_MAX_AUTH_RETRIES 4
+#define KMC_MAX_RESPONSE_BYTES (1024 * 1024) // 1MB
// libcurl call-back response handling Structures
typedef struct
{
char *response;
size_t size;
+ size_t max_size;
} memory_write;
#define MEMORY_WRITE_SIZE (sizeof(memory_write))
typedef struct
@@ -271,6 +273,7 @@ static int32_t cryptography_encrypt(uint8_t *data_out, size_t len_data_out, uint
if (sa_ptr->ek_ref[0] == '\0')
{
status = CRYPTOGRAHPY_KMC_NULL_ENCRYPTION_KEY_REFERENCE_IN_SA;
+ free(iv_base64);
return status;
}
@@ -289,18 +292,20 @@ static int32_t cryptography_encrypt(uint8_t *data_out, size_t len_data_out, uint
snprintf(encrypt_endpoint_final, len_encrypt_endpoint, encrypt_endpoint, sa_ptr->ek_ref, AES_CBC_TRANSFORMATION,
iv_base64);
}
+ free(iv_base64);
encrypt_uri = (char *)malloc(strlen(kmc_root_uri) + len_encrypt_endpoint);
encrypt_uri[0] = '\0';
strcat(encrypt_uri, kmc_root_uri);
strcat(encrypt_uri, encrypt_endpoint_final);
+ free(encrypt_endpoint_final);
#ifdef DEBUG
printf("Encrypt URI: %s\n", encrypt_uri);
#endif
curl_easy_setopt(curl, CURLOPT_URL, encrypt_uri);
-
curl_easy_setopt(curl, CURLOPT_HTTPHEADER, http_headers_list);
+ free(encrypt_uri);
memory_write *chunk_write = (memory_write *)calloc(1, MEMORY_WRITE_SIZE);
memory_read *chunk_read = (memory_read *)calloc(1, MEMORY_READ_SIZE);
@@ -332,8 +337,11 @@ static int32_t cryptography_encrypt(uint8_t *data_out, size_t len_data_out, uint
status = curl_perform_with_cam_retries(curl, chunk_write, chunk_read);
if (status != CRYPTO_LIB_SUCCESS)
{
+ free(chunk_read);
+ free(chunk_write);
return status;
}
+ free(chunk_read);
/* JSON Response Handling */
@@ -349,6 +357,7 @@ static int32_t cryptography_encrypt(uint8_t *data_out, size_t len_data_out, uint
{
status = CRYPTOGRAHPY_KMC_CRYPTO_JSON_PARSE_ERROR;
printf("Failed to parse JSON: %d\n", parse_result);
+ free(chunk_write);
return status;
}
@@ -368,15 +377,15 @@ static int32_t cryptography_encrypt(uint8_t *data_out, size_t len_data_out, uint
char *line;
char *token;
char temp_buff[256];
- for (line = strtok(ciphertext_IV_base64, ","); line != NULL; line = strtok(line + strlen(line) + 1, ","))
+ for (line = strtok(ciphertext_IV_base64, ","); line != NULL; line = strtok(NULL, ","))
{
strncpy(temp_buff, line, sizeof(temp_buff));
- for (token = strtok(temp_buff, ":"); token != NULL; token = strtok(token + strlen(token) + 1, ":"))
+ for (token = strtok(temp_buff, ":"); token != NULL; token = strtok(NULL, ":"))
{
if (strcmp(token, "initialVector") == 0)
{
- token = strtok(token + strlen(token) + 1, ":");
+ token = strtok(NULL, ":");
char *ciphertext_token_base64 = malloc(strlen(token));
size_t cipher_text_token_len = strlen(token);
memcpy(ciphertext_token_base64, token, cipher_text_token_len);
@@ -404,11 +413,12 @@ static int32_t cryptography_encrypt(uint8_t *data_out, size_t len_data_out, uint
iv_decoded_len);
}
free(ciphertext_token_base64);
+ free(iv_decoded);
break;
}
}
}
-
+ free(ciphertext_IV_base64);
json_idx++;
continue;
}
@@ -451,6 +461,8 @@ static int32_t cryptography_encrypt(uint8_t *data_out, size_t len_data_out, uint
{
status = CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_GENERIC_FAILURE;
fprintf(stderr, "KMC Crypto Failure Response:\n%s\n", chunk_write->response);
+ free(chunk_write);
+ free(http_code_str);
return status;
}
free(http_code_str);
@@ -461,14 +473,22 @@ static int32_t cryptography_encrypt(uint8_t *data_out, size_t len_data_out, uint
if (ciphertext_found == CRYPTO_FALSE)
{
status = CRYPTOGRAHPY_KMC_CIPHER_TEXT_NOT_FOUND_IN_JSON_RESPONSE;
+ free(chunk_write);
return status;
}
/* JSON Response Handling End */
- uint8_t *ciphertext_decoded = malloc((len_data_out)*2 + 1);
+ uint16_t decoded_buffer_size = (len_data_out)*2 + 1;
+ uint8_t *ciphertext_decoded = malloc(decoded_buffer_size);
size_t ciphertext_decoded_len = 0;
- base64Decode(ciphertext_base64, strlen(ciphertext_base64), ciphertext_decoded, &ciphertext_decoded_len);
+ if (base64Decode(ciphertext_base64, strlen(ciphertext_base64), ciphertext_decoded, decoded_buffer_size,
+ &ciphertext_decoded_len) != 0)
+ {
+ free(chunk_write);
+ free(ciphertext_decoded);
+ return CRYPTOGRAHPY_KMC_BASE64_DECRYPT_ERROR;
+ }
#ifdef DEBUG
printf("Decoded Cipher Text Length: %ld\n", ciphertext_decoded_len);
printf("Decoded Cipher Text: \n");
@@ -482,6 +502,8 @@ static int32_t cryptography_encrypt(uint8_t *data_out, size_t len_data_out, uint
// Crypto Service returns aad - cipher_text - tag
memcpy(data_out, ciphertext_decoded, ciphertext_decoded_len);
+ free(chunk_write);
+ free(ciphertext_decoded);
return status;
}
@@ -520,6 +542,7 @@ static int32_t cryptography_decrypt(uint8_t *data_out, size_t len_data_out, uint
if (sa_ptr->ek_ref[0] == '\0')
{
status = CRYPTOGRAHPY_KMC_NULL_ENCRYPTION_KEY_REFERENCE_IN_SA;
+ free(iv_base64);
return status;
}
@@ -531,16 +554,19 @@ static int32_t cryptography_decrypt(uint8_t *data_out, size_t len_data_out, uint
snprintf(decrypt_endpoint_final, len_decrypt_endpoint, decrypt_endpoint, key_len_in_bits_str, sa_ptr->ek_ref,
AES_CBC_TRANSFORMATION, iv_base64, AES_CRYPTO_ALGORITHM);
+ free(iv_base64);
free(key_len_in_bits_str);
decrypt_uri = (char *)malloc(strlen(kmc_root_uri) + len_decrypt_endpoint);
decrypt_uri[0] = '\0';
strcat(decrypt_uri, kmc_root_uri);
strcat(decrypt_uri, decrypt_endpoint_final);
+ free(decrypt_endpoint_final);
#ifdef DEBUG
printf("Decrypt URI: %s\n", decrypt_uri);
#endif
curl_easy_setopt(curl, CURLOPT_URL, decrypt_uri);
+ free(decrypt_uri);
curl_easy_setopt(curl, CURLOPT_HTTPHEADER, http_headers_list);
memory_write *chunk_write = (memory_write *)calloc(1, MEMORY_WRITE_SIZE);
@@ -575,6 +601,8 @@ static int32_t cryptography_decrypt(uint8_t *data_out, size_t len_data_out, uint
status = curl_perform_with_cam_retries(curl, chunk_write, chunk_read);
if (status != CRYPTO_LIB_SUCCESS)
{
+ free(chunk_read);
+ free(chunk_write);
return status;
}
@@ -592,6 +620,8 @@ static int32_t cryptography_decrypt(uint8_t *data_out, size_t len_data_out, uint
{
status = CRYPTOGRAHPY_KMC_CRYPTO_JSON_PARSE_ERROR;
printf("Failed to parse JSON: %d\n", parse_result);
+ free(chunk_read);
+ free(chunk_write);
return status;
}
@@ -638,6 +668,13 @@ static int32_t cryptography_decrypt(uint8_t *data_out, size_t len_data_out, uint
{
status = CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_GENERIC_FAILURE;
fprintf(stderr, "KMC Crypto Failure Response:\n%s\n", chunk_write->response);
+ free(chunk_read);
+ free(chunk_write);
+ free(http_code_str);
+ if (ciphertext_found)
+ {
+ free(cleartext_base64);
+ }
return status;
}
free(http_code_str);
@@ -648,14 +685,23 @@ static int32_t cryptography_decrypt(uint8_t *data_out, size_t len_data_out, uint
if (ciphertext_found == CRYPTO_FALSE)
{
status = CRYPTOGRAHPY_KMC_CIPHER_TEXT_NOT_FOUND_IN_JSON_RESPONSE;
+ free(chunk_read);
+ free(chunk_write);
return status;
}
/* JSON Response Handling End */
- uint8_t *cleartext_decoded = malloc((len_data_out)*2 + 1);
+ uint16_t decoded_buffer_size = (len_data_out)*2 + 1;
+ uint8_t *cleartext_decoded = malloc(decoded_buffer_size);
size_t cleartext_decoded_len = 0;
- base64Decode(cleartext_base64, strlen(cleartext_base64), cleartext_decoded, &cleartext_decoded_len);
+ if (base64Decode(cleartext_base64, strlen(cleartext_base64), cleartext_decoded, decoded_buffer_size,
+ &cleartext_decoded_len) != 0)
+ {
+ free(chunk_write);
+ free(cleartext_decoded);
+ return CRYPTOGRAHPY_KMC_BASE64_DECRYPT_ERROR;
+ }
#ifdef DEBUG
printf("Decoded Cipher Text Length: %ld\n", cleartext_decoded_len);
printf("Decoded Cipher Text: \n");
@@ -668,6 +714,7 @@ static int32_t cryptography_decrypt(uint8_t *data_out, size_t len_data_out, uint
// Copy the decrypted data to the output stream
// Crypto Service returns aad - clear_text
memcpy(data_out, cleartext_decoded, len_data_out);
+ free(cleartext_decoded);
return status;
}
@@ -733,11 +780,13 @@ static int32_t cryptography_authenticate(uint8_t *data_out, size_t len_data_out,
auth_uri[0] = '\0';
strcat(auth_uri, kmc_root_uri);
strcat(auth_uri, auth_endpoint_final);
+ free(auth_endpoint_final);
#ifdef DEBUG
printf("Authentication URI: %s\n", auth_uri);
#endif
curl_easy_setopt(curl, CURLOPT_URL, auth_uri);
+ free(auth_uri);
curl_easy_setopt(curl, CURLOPT_HTTPHEADER, http_headers_list);
@@ -772,6 +821,8 @@ static int32_t cryptography_authenticate(uint8_t *data_out, size_t len_data_out,
status = curl_perform_with_cam_retries(curl, chunk_write, chunk_read);
if (status != CRYPTO_LIB_SUCCESS)
{
+ free(chunk_read);
+ free(chunk_write);
return status;
}
@@ -789,6 +840,8 @@ static int32_t cryptography_authenticate(uint8_t *data_out, size_t len_data_out,
{
status = CRYPTOGRAHPY_KMC_CRYPTO_JSON_PARSE_ERROR;
printf("Failed to parse JSON: %d\n", parse_result);
+ free(chunk_read);
+ free(chunk_write);
return status;
}
@@ -835,9 +888,14 @@ static int32_t cryptography_authenticate(uint8_t *data_out, size_t len_data_out,
if (metadata >= metadata_end)
{
status = CRYPTOGRAHPY_KMC_ICV_NOT_FOUND_IN_JSON_RESPONSE;
+ free(chunk_read);
+ free(chunk_write);
+ free(metadata);
+ free(key);
return status;
}
}
+ free(key);
}
metadata += colon_idx + 1;
@@ -850,6 +908,9 @@ static int32_t cryptography_authenticate(uint8_t *data_out, size_t len_data_out,
#endif
json_idx++;
icvtext_found = CRYPTO_TRUE;
+ free(chunk_read);
+ free(chunk_write);
+ free(metadata);
continue;
}
@@ -872,6 +933,9 @@ static int32_t cryptography_authenticate(uint8_t *data_out, size_t len_data_out,
{
status = CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_GENERIC_FAILURE;
fprintf(stderr, "KMC Crypto Failure Response:\n%s\n", chunk_write->response);
+ free(chunk_read);
+ free(chunk_write);
+ free(icv_base64);
return status;
}
json_idx++;
@@ -882,6 +946,9 @@ static int32_t cryptography_authenticate(uint8_t *data_out, size_t len_data_out,
if (icvtext_found == CRYPTO_FALSE)
{
status = CRYPTOGRAHPY_KMC_ICV_NOT_FOUND_IN_JSON_RESPONSE;
+ free(chunk_read);
+ free(chunk_write);
+ free(icv_base64);
return status;
}
@@ -891,6 +958,7 @@ static int32_t cryptography_authenticate(uint8_t *data_out, size_t len_data_out,
uint8_t *icv_decoded = calloc(1, B64DECODE_OUT_SAFESIZE(strlen(icv_base64)) + 1);
size_t icv_decoded_len = 0;
base64urlDecode(icv_base64, strlen(icv_base64), icv_decoded, &icv_decoded_len);
+ free(icv_base64);
#ifdef DEBUG
printf("Mac size: %d\n", mac_size);
printf("Decoded ICV Length: %ld\n", icv_decoded_len);
@@ -903,6 +971,9 @@ static int32_t cryptography_authenticate(uint8_t *data_out, size_t len_data_out,
#endif
memcpy(mac, icv_decoded, mac_size);
+ free(chunk_read);
+ free(chunk_write);
+ free(icv_decoded);
return status;
}
@@ -1241,7 +1312,7 @@ static int32_t cryptography_aead_encrypt(uint8_t *data_out, size_t len_data_out,
memory_write *chunk_write = (memory_write *)calloc(1, MEMORY_WRITE_SIZE);
memory_read *chunk_read = (memory_read *)calloc(1, MEMORY_READ_SIZE);
- ;
+
/* Configure CURL for POST */
curl_easy_setopt(curl, CURLOPT_POST, 1L);
/* send all data to this function */
@@ -1287,6 +1358,7 @@ static int32_t cryptography_aead_encrypt(uint8_t *data_out, size_t len_data_out,
free(chunk_read);
if (encrypt_payload != NULL && aad_bool == CRYPTO_TRUE) // only needs freed if it has aad
free(encrypt_payload);
+
return status;
}
@@ -1333,22 +1405,27 @@ static int32_t cryptography_aead_encrypt(uint8_t *data_out, size_t len_data_out,
char *line;
char *token;
char temp_buff[256];
- for (line = strtok(ciphertext_IV_base64, ","); line != NULL; line = strtok(line + strlen(line) + 1, ","))
+ for (line = strtok(ciphertext_IV_base64, ","); line != NULL; line = strtok(NULL, ","))
{
strncpy(temp_buff, line, sizeof(temp_buff));
- for (token = strtok(temp_buff, ":"); token != NULL; token = strtok(token + strlen(token) + 1, ":"))
+ for (token = strtok(temp_buff, ":"); token != NULL; token = strtok(NULL, ":"))
{
if (strcmp(token, "initialVector") == 0)
{
- token = strtok(token + strlen(token) + 1, ":");
+ token = strtok(NULL, ":");
char *ciphertext_token_base64 = malloc(strlen(token));
size_t cipher_text_token_len = strlen(token);
memcpy(ciphertext_token_base64, token, cipher_text_token_len);
#ifdef DEBUG
printf("IV LENGTH: %d\n", iv_len);
- printf("IV ENCODED Text: %s\nIV ENCODED TEXT LEN: %ld\n", ciphertext_token_base64,
- cipher_text_token_len);
+ printf("IV ENCODED TEXT LEN: %ld\n", cipher_text_token_len);
+ printf("IV ENCODED Text: \n");
+ for (uint32_t i = 0; i < cipher_text_token_len; i++)
+ {
+ printf("%c", ciphertext_token_base64[i]);
+ }
+ printf("\n");
#endif
char *iv_decoded = malloc((iv_len)*2 + 1);
size_t iv_decoded_len = 0;
@@ -1359,7 +1436,7 @@ static int32_t cryptography_aead_encrypt(uint8_t *data_out, size_t len_data_out,
printf("Decoded IV Text: \n");
for (uint32_t i = 0; i < iv_decoded_len; i++)
{
- printf("%02x ", (uint8_t)iv_decoded[i]);
+ printf("%02x", (uint8_t)iv_decoded[i]);
}
printf("\n");
#endif
@@ -1369,12 +1446,14 @@ static int32_t cryptography_aead_encrypt(uint8_t *data_out, size_t len_data_out,
memcpy(data_out - sa_ptr->shsnf_len - sa_ptr->shivf_len - sa_ptr->shplf_len, iv_decoded,
iv_decoded_len);
}
+ free(iv_decoded);
free(ciphertext_token_base64);
break;
}
}
}
+ free(ciphertext_IV_base64);
json_idx++;
continue;
}
@@ -1456,11 +1535,23 @@ static int32_t cryptography_aead_encrypt(uint8_t *data_out, size_t len_data_out,
return status;
}
+ if (encrypt_payload != NULL && aad_bool == CRYPTO_TRUE)
+ {
+ free(encrypt_payload);
+ }
+
/* JSON Response Handling End */
+ uint16_t decoded_buffer_size = (len_data_out + mac_size + aad_len) * 2 + 1;
uint8_t *ciphertext_decoded = malloc((len_data_out + mac_size + aad_len) * 2 + 1);
size_t ciphertext_decoded_len = 0;
- base64Decode(ciphertext_base64, strlen(ciphertext_base64), ciphertext_decoded, &ciphertext_decoded_len);
+ if (base64Decode(ciphertext_base64, strlen(ciphertext_base64), ciphertext_decoded, decoded_buffer_size,
+ &ciphertext_decoded_len) != 0)
+ {
+ free(chunk_write);
+ free(ciphertext_base64);
+ return CRYPTOGRAHPY_KMC_BASE64_DECRYPT_ERROR;
+ }
#ifdef DEBUG
printf("Mac size: %d\n", mac_size);
printf("Decoded Cipher Text Length: %ld\n", ciphertext_decoded_len);
@@ -1766,9 +1857,16 @@ static int32_t cryptography_aead_decrypt(uint8_t *data_out, size_t len_data_out,
/* JSON Response Handling End */
+ uint16_t decoded_buffer_size = (len_data_out + mac_size + aad_len) * 2 + 1;
uint8_t *cleartext_decoded = malloc((len_data_out + mac_size + aad_len) * 2 + 1);
size_t cleartext_decoded_len = 0;
- base64Decode(cleartext_base64, strlen(cleartext_base64), cleartext_decoded, &cleartext_decoded_len);
+ if (base64Decode(cleartext_base64, strlen(cleartext_base64), cleartext_decoded, decoded_buffer_size,
+ &cleartext_decoded_len) != 0)
+ {
+ free(chunk_write);
+ free(cleartext_base64);
+ return CRYPTOGRAHPY_KMC_BASE64_DECRYPT_ERROR;
+ }
#ifdef DEBUG
printf("Decoded Cipher Text Length: %ld\n", cleartext_decoded_len);
printf("Decoded Cipher Text: \n");
@@ -1828,21 +1926,33 @@ static int32_t get_auth_algorithm_from_acs(uint8_t acs_enum, const char **algo_p
// libcurl local functions
static size_t write_callback(void *data, size_t size, size_t nmemb, void *userp)
{
- size_t realsize = size * nmemb;
memory_write *mem = (memory_write *)userp;
+ size_t realsize = 0;
+ char *ptr;
+
+ if (nmemb != 0 && size > SIZE_MAX / nmemb)
+ return 0;
+ realsize = size * nmemb;
+
+ if (mem->max_size == 0)
+ mem->max_size = KMC_MAX_RESPONSE_BYTES;
+
+ if (mem->size >= mem->max_size)
+ return 0;
+
+ if (realsize > SIZE_MAX - mem->size - 1)
+ return 0;
+
+ if (realsize > mem->max_size - mem->size - 1)
+ return 0;
- char *ptr;
if (mem->response != NULL)
- {
ptr = realloc(mem->response, mem->size + realsize + 1);
- }
else
- {
ptr = malloc(realsize + 1);
- }
if (ptr == NULL)
- return 0; /* out of memory! */
+ return 0;
mem->response = ptr;
memcpy(&(mem->response[mem->size]), data, realsize);
@@ -2144,16 +2254,17 @@ int32_t curl_response_error_check(CURL *curl_handle, char *response)
}
}
+#ifdef DEBUG
+ printf("\ncURL Response Body:\n\t %s\n", response);
+#endif
+
if (response_code != 200) // unhandled error case
{
response_status = CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_GENERIC_FAILURE;
+ free(response);
return response_status;
}
-#ifdef DEBUG
- printf("\ncURL Response Body:\n\t %s\n", response);
-#endif
-
if (response == NULL) // No response, possibly because service is CAM secured.
{
response_status = CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_EMPTY_RESPONSE;
diff --git a/src/crypto/libgcrypt/cryptography_interface_libgcrypt.template.c b/src/crypto/libgcrypt/cryptography_interface_libgcrypt.template.c
index 1420cd2a..2fa5ee06 100644
--- a/src/crypto/libgcrypt/cryptography_interface_libgcrypt.template.c
+++ b/src/crypto/libgcrypt/cryptography_interface_libgcrypt.template.c
@@ -305,38 +305,38 @@ static int32_t cryptography_validate_authentication(uint8_t *data_out, size_t le
#ifdef MAC_DEBUG
// Commented out due to memory leaks with HMAC
- uint32_t *tmac_size = &mac_size;
- uint8_t tmac[*tmac_size];
- gcry_error = gcry_mac_read(tmp_mac_hd,
- &tmac, // tag output
- (size_t *)&mac_size // tag size
- );
- if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR)
- {
- printf(KRED "ERROR: gcry_mac_read error code %d\n" RESET, gcry_error & GPG_ERR_CODE_MASK);
- status = CRYPTO_LIB_ERR_MAC_RETRIEVAL_ERROR;
- return status;
- }
-
- printf("Calculated Mac Size: %d\n", *tmac_size);
- printf("Calculated MAC (full length):\n\t");
- for (uint32_t i = 0; i < *tmac_size; i++)
- {
- printf("%02X", tmac[i]);
- }
- printf("\nCalculated MAC (truncated to sa_ptr->stmacf_len):\n\t");
- for (uint32_t i = 0; i < mac_size; i++)
- {
- printf("%02X", tmac[i]);
- }
- printf("\n");
-
- printf("Received MAC:\n\t");
- for (uint32_t i = 0; i < mac_size; i++)
- {
- printf("%02X", mac[i]);
- }
- printf("\n");
+ // uint32_t *tmac_size = &mac_size;
+ // uint8_t tmac[*tmac_size];
+ // gcry_error = gcry_mac_read(tmp_mac_hd,
+ // &tmac, // tag output
+ // (size_t *)&mac_size // tag size
+ // );
+ // if ((gcry_error & GPG_ERR_CODE_MASK) != GPG_ERR_NO_ERROR)
+ // {
+ // printf(KRED "ERROR: gcry_mac_read error code %d\n" RESET, gcry_error & GPG_ERR_CODE_MASK);
+ // status = CRYPTO_LIB_ERR_MAC_RETRIEVAL_ERROR;
+ // return status;
+ // }
+
+ // printf("Calculated Mac Size: %d\n", *tmac_size);
+ // printf("Calculated MAC (full length):\n\t");
+ // for (uint32_t i = 0; i < *tmac_size; i++)
+ // {
+ // printf("%02X", tmac[i]);
+ // }
+ // printf("\nCalculated MAC (truncated to sa_ptr->stmacf_len):\n\t");
+ // for (uint32_t i = 0; i < mac_size; i++)
+ // {
+ // printf("%02X", tmac[i]);
+ // }
+ // printf("\n");
+
+ // printf("Received MAC:\n\t");
+ // for (uint32_t i = 0; i < mac_size; i++)
+ // {
+ // printf("%02X", mac[i]);
+ // }
+ // printf("\n");
#endif
// Compare computed mac with MAC in frame
diff --git a/src/sa/mariadb/sa_interface_mariadb.template.c b/src/sa/mariadb/sa_interface_mariadb.template.c
index 6e4e7615..b1bd58e2 100644
--- a/src/sa/mariadb/sa_interface_mariadb.template.c
+++ b/src/sa/mariadb/sa_interface_mariadb.template.c
@@ -42,30 +42,31 @@ static int32_t sa_setARSN(TC_t *tc_frame);
static int32_t sa_setARSNW(TC_t *tc_frame);
static int32_t sa_delete(TC_t *tc_frame);
// MySQL local functions
-static int32_t finish_with_error(MYSQL **con_loc, int err);
+static int32_t finish_with_error_hard(MYSQL **con_loc, int err);
+static int32_t finish_with_error_soft(MYSQL **con_loc, int err);
// MySQL Queries
static const char *SQL_SADB_GET_SA_BY_SPI =
"SELECT "
"spi,ekid,akid,sa_state,tfvn,scid,vcid,mapid,lpid,est,ast,shivf_len,shsnf_len,shplf_len,stmacf_len,ecs_len,HEX(ecs)"
",HEX(iv),iv_len,acs_len,HEX(acs),abm_len,HEX(abm),arsn_len,HEX(arsn),arsnw"
- " FROM security_associations WHERE spi='%d'";
+ " FROM %s WHERE spi='%d'";
static const char *SQL_SADB_GET_SA_BY_GVCID =
"SELECT "
"spi,ekid,akid,sa_state,tfvn,scid,vcid,mapid,lpid,est,ast,shivf_len,shsnf_len,shplf_len,stmacf_len,ecs_len,HEX(ecs)"
",HEX(iv),iv_len,acs_len,HEX(acs),abm_len,HEX(abm),arsn_len,HEX(arsn),arsnw"
- " FROM security_associations WHERE tfvn='%d' AND scid='%d' AND vcid='%d' AND mapid='%d' AND sa_state='%d'";
+ " FROM %s WHERE tfvn='%d' AND scid='%d' AND vcid='%d' AND mapid='%d' AND sa_state='%d'";
static const char *SQL_SADB_UPDATE_IV_ARC_BY_SPI =
- "UPDATE security_associations"
+ "UPDATE %s"
" SET iv=X'%s', arsn=X'%s'"
" WHERE spi='%d' AND tfvn='%d' AND scid='%d' AND vcid='%d' AND mapid='%d'";
// static const char *SQL_SADB_UPDATE_IV_ARC_BY_SPI_NULL_IV =
-// "UPDATE security_associations"
+// "UPDATE %s"
// " SET arsn=X'%s'"
// " WHERE spi='%d' AND tfvn='%d' AND scid='%d' AND vcid='%d' AND mapid='%d'";
// sa_if mariaDB private helper functions
static int32_t parse_sa_from_mysql_query(char *query, SecurityAssociation_t **security_association);
-static int32_t convert_hexstring_to_byte_array(char *hexstr, uint8_t *byte_array);
+static int32_t convert_hexstring_to_byte_array(char *source_str, uint8_t *dest_buffer, uint16_t max_len);
static void convert_byte_array_to_hexstring(void *src_buffer, size_t buffer_length, char *dest_str);
/*
@@ -146,7 +147,7 @@ static int32_t sa_init(void)
sa_mariadb_config->mysql_port, NULL, 0) == NULL)
{
// 0,NULL,0 are port number, unix socket, client flag
- finish_with_error(&con, SADB_MARIADB_CONNECTION_FAILED);
+ finish_with_error_hard(&con, SADB_MARIADB_CONNECTION_FAILED);
status = CRYPTO_LIB_ERROR;
}
else
@@ -187,7 +188,7 @@ static int32_t sa_get_from_spi(uint16_t spi, SecurityAssociation_t **security_as
int32_t status = CRYPTO_LIB_SUCCESS;
char spi_query[2048];
- snprintf(spi_query, sizeof(spi_query), SQL_SADB_GET_SA_BY_SPI, spi);
+ snprintf(spi_query, sizeof(spi_query), SQL_SADB_GET_SA_BY_SPI, mariadb_table_name, spi);
status = parse_sa_from_mysql_query(&spi_query[0], security_association);
@@ -199,7 +200,8 @@ static int32_t sa_get_operational_sa_from_gvcid(uint8_t tfvn, uint16_t scid, uin
int32_t status = CRYPTO_LIB_SUCCESS;
char gvcid_query[2048];
- snprintf(gvcid_query, sizeof(gvcid_query), SQL_SADB_GET_SA_BY_GVCID, tfvn, scid, vcid, mapid, SA_OPERATIONAL);
+ snprintf(gvcid_query, sizeof(gvcid_query), SQL_SADB_GET_SA_BY_GVCID, mariadb_table_name, tfvn, scid, vcid, mapid,
+ SA_OPERATIONAL);
status = parse_sa_from_mysql_query(&gvcid_query[0], security_association);
@@ -221,12 +223,11 @@ static int32_t sa_save_sa(SecurityAssociation_t *sa)
char *arsn_h = malloc(sa->arsn_len * 2 + 1);
convert_byte_array_to_hexstring(sa->arsn, sa->arsn_len, arsn_h);
- snprintf(update_sa_query, sizeof(update_sa_query), SQL_SADB_UPDATE_IV_ARC_BY_SPI, iv_h, arsn_h, sa->spi,
- sa->gvcid_blk.tfvn, sa->gvcid_blk.scid, sa->gvcid_blk.vcid, sa->gvcid_blk.mapid);
+ snprintf(update_sa_query, sizeof(update_sa_query), SQL_SADB_UPDATE_IV_ARC_BY_SPI, mariadb_table_name, iv_h, arsn_h,
+ sa->spi, sa->gvcid_blk.tfvn, sa->gvcid_blk.scid, sa->gvcid_blk.vcid, sa->gvcid_blk.mapid);
free(iv_h);
free(arsn_h);
-
#ifdef SA_DEBUG
fprintf(stderr, "MySQL Insert SA Query: %s \n", update_sa_query);
#endif
@@ -234,7 +235,7 @@ static int32_t sa_save_sa(SecurityAssociation_t *sa)
// Crypto_saPrint(sa);
if (mysql_query(con, update_sa_query))
{
- status = finish_with_error(&con, SADB_QUERY_FAILED);
+ status = finish_with_error_soft(&con, SADB_QUERY_FAILED);
}
// todo - if query fails, need to push failure message to error stack instead of just return code.
@@ -306,7 +307,8 @@ static int32_t parse_sa_from_mysql_query(char *query, SecurityAssociation_t **se
if (mysql_real_query(con, query, strlen(query)))
{ // query should be NUL terminated!
- status = finish_with_error(&con, SADB_QUERY_FAILED);
+ status = finish_with_error_soft(&con, SADB_QUERY_FAILED);
+ free(sa);
return status;
}
// todo - if query fails, need to push failure message to error stack instead of just return code.
@@ -314,14 +316,18 @@ static int32_t parse_sa_from_mysql_query(char *query, SecurityAssociation_t **se
MYSQL_RES *result = mysql_store_result(con);
if (result == NULL)
{
- status = finish_with_error(&con, SADB_QUERY_EMPTY_RESULTS);
+ status = finish_with_error_soft(&con, SADB_QUERY_EMPTY_RESULTS);
+ free(sa);
+ mysql_free_result(result);
return status;
}
int num_rows = mysql_num_rows(result);
if (num_rows == 0) // No rows returned in query!!
{
- status = finish_with_error(&con, SADB_QUERY_EMPTY_RESULTS);
+ status = finish_with_error_soft(&con, SADB_QUERY_EMPTY_RESULTS);
+ free(sa);
+ mysql_free_result(result);
return status;
}
@@ -435,6 +441,8 @@ static int32_t parse_sa_from_mysql_query(char *query, SecurityAssociation_t **se
{
status = SADB_INVALID_SA_FIELD_VALUE;
mc_if->mc_log(status);
+ free(sa);
+ mysql_free_result(result);
return status;
}
continue;
@@ -446,6 +454,8 @@ static int32_t parse_sa_from_mysql_query(char *query, SecurityAssociation_t **se
{
status = SADB_INVALID_SA_FIELD_VALUE;
mc_if->mc_log(status);
+ free(sa);
+ mysql_free_result(result);
return status;
}
continue;
@@ -457,6 +467,8 @@ static int32_t parse_sa_from_mysql_query(char *query, SecurityAssociation_t **se
{
status = SADB_INVALID_SA_FIELD_VALUE;
mc_if->mc_log(status);
+ free(sa);
+ mysql_free_result(result);
return status;
}
continue;
@@ -468,6 +480,8 @@ static int32_t parse_sa_from_mysql_query(char *query, SecurityAssociation_t **se
{
status = SADB_INVALID_SA_FIELD_VALUE;
mc_if->mc_log(status);
+ free(sa);
+ mysql_free_result(result);
return status;
}
continue;
@@ -479,6 +493,8 @@ static int32_t parse_sa_from_mysql_query(char *query, SecurityAssociation_t **se
{
status = SADB_INVALID_SA_FIELD_VALUE;
mc_if->mc_log(status);
+ free(sa);
+ mysql_free_result(result);
return status;
}
continue;
@@ -515,6 +531,8 @@ static int32_t parse_sa_from_mysql_query(char *query, SecurityAssociation_t **se
{
status = SADB_INVALID_SA_FIELD_VALUE;
mc_if->mc_log(status);
+ free(sa);
+ mysql_free_result(result);
return status;
}
continue;
@@ -531,6 +549,8 @@ static int32_t parse_sa_from_mysql_query(char *query, SecurityAssociation_t **se
{
status = SADB_INVALID_SA_FIELD_VALUE;
mc_if->mc_log(status);
+ free(sa);
+ mysql_free_result(result);
return status;
}
continue;
@@ -551,17 +571,34 @@ static int32_t parse_sa_from_mysql_query(char *query, SecurityAssociation_t **se
if (iv_byte_str != NULL)
{
if (sa->iv_len > 0)
- convert_hexstring_to_byte_array(iv_byte_str, sa->iv);
+ {
+ status = convert_hexstring_to_byte_array(iv_byte_str, sa->iv, sa->iv_len);
+ }
}
if (sa->arsn_len > 0)
- convert_hexstring_to_byte_array(arc_byte_str, sa->arsn);
+ {
+ status = convert_hexstring_to_byte_array(arc_byte_str, sa->arsn, sa->arsn_len);
+ }
if (sa->abm_len > 0)
- convert_hexstring_to_byte_array(abm_byte_str, sa->abm);
+ {
+ status = convert_hexstring_to_byte_array(abm_byte_str, sa->abm, sa->abm_len);
+ }
if (sa->ecs_len > 0)
- convert_hexstring_to_byte_array(ecs_byte_str, &sa->ecs);
+ {
+ status = convert_hexstring_to_byte_array(ecs_byte_str, &sa->ecs, sa->ecs_len);
+ }
if (sa->acs_len > 0)
- convert_hexstring_to_byte_array(acs_byte_str, &sa->acs);
+ {
+ status = convert_hexstring_to_byte_array(acs_byte_str, &sa->acs, sa->acs_len);
+ }
+
+ if (status != CRYPTO_LIB_SUCCESS)
+ {
+ status = SADB_INVALID_SA_FIELD_VALUE;
+ mc_if->mc_log(status);
+ return status;
+ }
// arsnw_len is not necessary for mariadb interface, putty dummy/default value for prints.
sa->arsnw_len = 1;
@@ -576,20 +613,31 @@ static int32_t parse_sa_from_mysql_query(char *query, SecurityAssociation_t **se
return status;
}
-static int32_t convert_hexstring_to_byte_array(char *source_str, uint8_t *dest_buffer)
+
+static int32_t convert_hexstring_to_byte_array(char *source_str, uint8_t *dest_buffer, uint16_t max_len)
{ // https://stackoverflow.com/questions/3408706/hexadecimal-string-to-byte-array-in-c/56247335#56247335
- char *line = source_str;
- char *data = line;
int offset;
unsigned int read_byte;
uint32_t data_len = 0;
- while (sscanf(data, " %02x%n", &read_byte, &offset) == 1)
+ if (dest_buffer == NULL || source_str == NULL)
+ {
+ return CRYPTO_LIB_ERROR;
+ }
+
+ uint32_t source_len = (strlen(source_str) / 2);
+ if (source_len > max_len)
+ {
+ return CRYPTO_LIB_ERROR;
+ }
+
+ while (sscanf(source_str, " %02x%n", &read_byte, &offset) == 1)
{
dest_buffer[data_len++] = read_byte;
- data += offset;
+ source_str += offset;
}
- return data_len;
+
+ return CRYPTO_LIB_SUCCESS;
}
static void convert_byte_array_to_hexstring(void *src_buffer, size_t buffer_length, char *dest_str)
@@ -609,11 +657,16 @@ static void convert_byte_array_to_hexstring(void *src_buffer, size_t buffer_leng
}
}
-static int32_t finish_with_error(MYSQL **con_loc, int err)
+static int32_t finish_with_error_hard(MYSQL **con_loc, int err)
{
- fprintf(stderr, "%s\n",
- mysql_error(*con_loc)); // todo - if query fails, need to push failure message to error stack
+ fprintf(stderr, "%s\n", mysql_error(*con_loc));
mysql_close(*con_loc);
*con_loc = NULL;
return err;
-}
\ No newline at end of file
+}
+
+static int32_t finish_with_error_soft(MYSQL **con_loc, int err)
+{
+ fprintf(stderr, "%s\n", mysql_error(*con_loc));
+ return err;
+}
diff --git a/src/sa/sadb_mariadb_sql/create_sadb.sql b/src/sa/sadb_mariadb_sql/create_sadb.sql
index 30733932..33136c52 100644
--- a/src/sa/sadb_mariadb_sql/create_sadb.sql
+++ b/src/sa/sadb_mariadb_sql/create_sadb.sql
@@ -34,4 +34,66 @@ CREATE TABLE IF NOT EXISTS security_associations
,arsnw SMALLINT NOT NULL DEFAULT 0 -- ARSNW_SIZE=1
);
+CREATE TABLE IF NOT EXISTS security_associations_tm
+(
+ spi INT NOT NULL
+ ,ekid VARCHAR(100) CHARACTER SET utf8 DEFAULT NULL -- 'EG, for KMC Crypto KeyRef, 'kmc/test/KEY130', for libgcrypt '130'
+ ,akid VARCHAR(100) CHARACTER SET utf8 DEFAULT NULL -- Same as ekid
+ ,sa_state SMALLINT NOT NULL DEFAULT 0
+ ,tfvn TINYINT NOT NULL
+ ,scid SMALLINT NOT NULL
+ ,vcid TINYINT NOT NULL
+ ,mapid TINYINT NOT NULL DEFAULT 0
+ ,lpid SMALLINT
+ ,est SMALLINT NOT NULL DEFAULT 0
+ ,ast SMALLINT NOT NULL DEFAULT 0
+ ,shivf_len SMALLINT NOT NULL DEFAULT 0
+ ,shsnf_len SMALLINT NOT NULL DEFAULT 0
+ ,shplf_len SMALLINT NOT NULL DEFAULT 0
+ ,stmacf_len SMALLINT NOT NULL DEFAULT 0
+ ,ecs_len SMALLINT NOT NULL DEFAULT 1
+ ,ecs VARBINARY(4) NOT NULL DEFAULT X'01' -- ECS_SIZE=4
+ ,iv_len SMALLINT NOT NULL DEFAULT 0
+ ,iv VARBINARY(20) DEFAULT NULL -- IV_SIZE=12
+ ,acs_len SMALLINT NOT NULL DEFAULT 0
+ ,acs VARBINARY(4) NOT NULL DEFAULT X'00'
+ ,abm_len MEDIUMINT
+ ,abm VARBINARY(1786) NOT NULL DEFAULT X'0000FC0000FFFF000000000000000000000000' -- ABM_SIZE=1786
+ ,arsn_len SMALLINT NOT NULL DEFAULT 0
+ ,arsn VARBINARY(20) NOT NULL DEFAULT X'0000000000000000000000000000000000000000' -- ARSN_SIZE=20 , TBD why so large...
+ ,arsnw SMALLINT NOT NULL DEFAULT 0 -- ARSNW_SIZE=1
+);
+
+CREATE TABLE IF NOT EXISTS security_associations_aos
+(
+ spi INT NOT NULL
+ ,ekid VARCHAR(100) CHARACTER SET utf8 DEFAULT NULL -- 'EG, for KMC Crypto KeyRef, 'kmc/test/KEY130', for libgcrypt '130'
+ ,akid VARCHAR(100) CHARACTER SET utf8 DEFAULT NULL -- Same as ekid
+ ,sa_state SMALLINT NOT NULL DEFAULT 0
+ ,tfvn TINYINT NOT NULL
+ ,scid SMALLINT NOT NULL
+ ,vcid TINYINT NOT NULL
+ ,mapid TINYINT NOT NULL DEFAULT 0
+ ,lpid SMALLINT
+ ,est SMALLINT NOT NULL DEFAULT 0
+ ,ast SMALLINT NOT NULL DEFAULT 0
+ ,shivf_len SMALLINT NOT NULL DEFAULT 0
+ ,shsnf_len SMALLINT NOT NULL DEFAULT 0
+ ,shplf_len SMALLINT NOT NULL DEFAULT 0
+ ,stmacf_len SMALLINT NOT NULL DEFAULT 0
+ ,ecs_len SMALLINT NOT NULL DEFAULT 1
+ ,ecs VARBINARY(4) NOT NULL DEFAULT X'01' -- ECS_SIZE=4
+ ,iv_len SMALLINT NOT NULL DEFAULT 0
+ ,iv VARBINARY(20) DEFAULT NULL -- IV_SIZE=12
+ ,acs_len SMALLINT NOT NULL DEFAULT 0
+ ,acs VARBINARY(4) NOT NULL DEFAULT X'00'
+ ,abm_len MEDIUMINT
+ ,abm VARBINARY(1786) NOT NULL DEFAULT X'0000FC0000FFFF000000000000000000000000' -- ABM_SIZE=1786
+ ,arsn_len SMALLINT NOT NULL DEFAULT 0
+ ,arsn VARBINARY(20) NOT NULL DEFAULT X'0000000000000000000000000000000000000000' -- ARSN_SIZE=20 , TBD why so large...
+ ,arsnw SMALLINT NOT NULL DEFAULT 0 -- ARSNW_SIZE=1
+);
+
create unique index if not exists main_spi on security_associations (spi,scid,vcid,tfvn,mapid);
+create unique index if not exists main_spi on security_associations_tm (spi,scid,vcid,tfvn,mapid);
+create unique index if not exists main_spi on security_associations_aos (spi,scid,vcid,tfvn,mapid);
diff --git a/src/sa/sadb_mariadb_sql/empty_sadb_aos.sql b/src/sa/sadb_mariadb_sql/empty_sadb_aos.sql
new file mode 100644
index 00000000..cac8b183
--- /dev/null
+++ b/src/sa/sadb_mariadb_sql/empty_sadb_aos.sql
@@ -0,0 +1,3 @@
+USE sadb;
+
+TRUNCATE TABLE security_associations_aos;
diff --git a/src/sa/sadb_mariadb_sql/empty_sadb.sql b/src/sa/sadb_mariadb_sql/empty_sadb_tc.sql
similarity index 100%
rename from src/sa/sadb_mariadb_sql/empty_sadb.sql
rename to src/sa/sadb_mariadb_sql/empty_sadb_tc.sql
diff --git a/src/sa/sadb_mariadb_sql/empty_sadb_tm.sql b/src/sa/sadb_mariadb_sql/empty_sadb_tm.sql
new file mode 100644
index 00000000..0980a2e4
--- /dev/null
+++ b/src/sa/sadb_mariadb_sql/empty_sadb_tm.sql
@@ -0,0 +1,3 @@
+USE sadb;
+
+TRUNCATE TABLE security_associations_tm;
diff --git a/src/sa/test_sadb_mariadb_sql/create_sadb_ivv_aos_unit_tests.sql b/src/sa/test_sadb_mariadb_sql/create_sadb_ivv_aos_unit_tests.sql
new file mode 100644
index 00000000..6caaa3c6
--- /dev/null
+++ b/src/sa/test_sadb_mariadb_sql/create_sadb_ivv_aos_unit_tests.sql
@@ -0,0 +1,87 @@
+USE sadb;
+
+-- SCID 03 (MMT) Security Associations AES/GCM/NoPadding --
+-- SA 1 - OPERATIONAL; ENC + AUTH - ARSNW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 3, VC-0
+INSERT INTO security_associations_aos (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid)
+VALUES (1,'kmc/test/key130',3,X'01',1,1,12,12,16,X'000000000000000000000001',19,X'00000000000000000000000000000000000000',5,0,0,3,0,0);
+
+-- SA 2 - OPERATIONAL; ENC; ARSNW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 3, VC-0
+INSERT INTO security_associations_aos (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid)
+VALUES (2,'kmc/test/key130',3,X'01',1,0,12,12,16,X'000000000000000000000001',19,X'00000000000000000000000000000000000000',5,0,0,3,0,0);
+
+-- SA 3 - OPERATIONAL; ENC; ARSNW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 3, VC-1
+INSERT INTO security_associations_aos (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid)
+VALUES (3,'kmc/test/key130',3,X'01',1,1,12,12,16,X'000000000000000000000001',20,X'0000000000000000000000000000000000000000',5,0,0,3,1,0);
+
+-- SA 4 - OPERATIONAL; ENC; ARSNW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 3, VC-2
+INSERT INTO security_associations_aos (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid)
+VALUES (4,'kmc/test/key130',3,X'01',1,1,6,12,16,X'000000000000FFFFFFFFFFFC',20,X'0000000000000000000000000000000000000000',5,0,0,3,2,0);
+
+-- SA 5 - OPERATIONAL; ENC; ARSNW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 3, VC-3
+INSERT INTO security_associations_aos (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,arsn,tfvn,scid,vcid,mapid,ecs_len,acs_len,acs,shsnf_len)
+VALUES (5,'kmc/test/key130',3,X'01',0,1,12,12,16,X'000000000000000000000001',36,X'000000000000000000000000000000000000000000000000000000000000000000000000',5,3,X'05FFFC',0,3,3,0,1,1,X'01',2);
+
+-- SA 6 - OPERATIONAL; ENC; ARSNW:5; AES-CBC; IV:NULL; IV-len:16; MAC-len:16; Key-ID: 130, SCID 3, VC-4
+INSERT INTO security_associations_aos (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,iv,stmacf_len,abm_len,abm,arsnw,arsn_len,arsn,tfvn,scid,vcid,mapid,ecs_len,acs_len,acs,shsnf_len)
+VALUES (6,'kmc/test/key130',3,X'02',1,0,16,16,NULL,0,36,X'000000000000000000000000000000000000000000000000000000000000000000000000',5,3,X'05FFFC',0,3,4,0,1,1,X'00',2);
+
+-- SCID 44 (MMT) Security Associations AES/GCM/NoPadding --
+-- SA 7 - Only Keyed SA Available (VC 33)
+INSERT INTO security_associations_aos (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid)
+VALUES (7,'kmc/test/key130',2,X'01',1,1,12,12,16,X'000000000000000000000001',19,X'00000000000000000000000000000000000000',5,0,0,44,33,0);
+
+-- SA 8 - Only Unkeyed SA Available (VC 32)
+INSERT INTO security_associations_aos (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid)
+VALUES (8,'kmc/test/key130',1,X'01',1,1,12,12,16,X'000000000000000000000001',19,X'00000000000000000000000000000000000000',5,0,0,44,32,0);
+
+-- SA 9 - Null ECS & EKID for AESGCM Error (VC 34)
+INSERT INTO security_associations_aos (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid)
+VALUES (9,NULL,3,'',1,1,12,12,16,X'000000000000000000000001',19,X'00000000000000000000000000000000000000',5,0,0,44,34,0);
+
+-- SA 10 - Invalid Frame Length with Seg Headers Config Set (VC 28)
+INSERT INTO security_associations_aos (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid)
+VALUES (10,'kmc/test/key128',3,X'01',1,1,12,12,16,X'000000000000000000000001',19,X'0000000000000000000000000000000000000000',5,0,0,44,28,1);
+
+-- SA 11 - OPERATIONAL; AUTH Only - ARSNW:5; None/AESCMAC ; ARSN_LEN=4; MAC-len:16; Key-ID: 130, SCID 44, VC-7
+INSERT INTO security_associations_aos (spi,akid,sa_state,ecs,acs,acs_len,est,ast,iv_len,shivf_len,shsnf_len,stmacf_len,arsn,arsn_len,abm_len,abm,arsnw,tfvn,scid,vcid,mapid)
+VALUES (11,'kmc/test/key130',3,X'00',X'01',1,0,1,0,0,4,16,X'00000001',4,1024,X'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF',5,0,44,7,0);
+
+-- SA 12 - OPERATIONAL; AUTH Only - ARSNW:5; None/AESCMAC ; ARSN_LEN=4; MAC-len:16; Key-ID: 130, SCID 44, VC-8
+INSERT INTO security_associations_aos (spi,akid,sa_state,ecs,acs,acs_len,est,ast,iv_len,shivf_len,shsnf_len,stmacf_len,arsn,arsn_len,abm_len,abm,arsnw,tfvn,scid,vcid,mapid)
+VALUES (12,'kmc/test/key130',3,X'00',X'01',1,0,1,0,0,4,16,X'00000001',4,1024,X'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF',5,0,44,8,0);
+
+-- SA 13 - OPERATIONAL; AUTH Only - ARSNW:5; None/HmacSHA256 ; MAC-len:32; Key-ID: 130, SCID 44, VC-8
+INSERT INTO security_associations_aos (spi,akid,sa_state,ecs,acs,acs_len,est,ast,iv_len,shivf_len,shsnf_len,stmacf_len,arsn,arsn_len,abm_len,abm,arsnw,tfvn,scid,vcid,mapid)
+VALUES (13,'kmc/test/nist_hmacsha256',3,X'00',X'02',1,0,1,0,0,4,32,X'00000001',4,1024,X'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF',5,0,44,8,0);
+
+-- SA 14 - OPERATIONAL; AUTH Only - ARSNW:5; None/HmacSHA512 ; IV:00...01; IV-len:12; MAC-len:64; Key-ID: 130, SCID 44, VC-9
+INSERT INTO security_associations_aos (spi,akid,sa_state,ecs,acs,acs_len,est,ast,iv_len,shivf_len,shsnf_len,stmacf_len,arsn,arsn_len,abm_len,abm,arsnw,tfvn,scid,vcid,mapid)
+VALUES (14,'kmc/test/nist_hmacsha512',3,X'00',X'03',1,0,1,0,0,4,64,X'00000001',4,1024,X'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF',5,0,44,9,0);
+
+-- SA 15 - OPERATIONAL; AUTH Only - ARSNW:5; None/HmacSHA512 ; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 44, VC-10
+INSERT INTO security_associations_aos (spi,akid,sa_state,ecs,acs,acs_len,est,ast,iv_len,shivf_len,shsnf_len,stmacf_len,arsn,arsn_len,abm_len,abm,arsnw,tfvn,scid,vcid,mapid)
+VALUES (15,'kmc/test/nist_hmacsha512',3,X'00',X'03',1,0,1,0,0,4,16,X'00000001',4,1024,X'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF',5,0,44,10,0);
+
+-- SA 16 - OPERATIONAL; ENC + AUTH - ARSNW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:8; Key-ID: 130, SCID 44, VC-11
+INSERT INTO security_associations_aos (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid)
+VALUES (16,'kmc/test/key130',3,X'01',1,1,12,12,8,X'000000000000000000000001',19,X'00000000000000000000000000000000000000',5,0,0,44,11,0);
+
+-- SA 17 - OPERATIONAL; ENC + AUTH - ARSNW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:32; Key-ID: 130, SCID 44, VC-12
+INSERT INTO security_associations_aos (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid)
+VALUES (17,'kmc/test/key130',3,X'01',1,1,12,12,32,X'000000000000000000000001',19,X'00000000000000000000000000000000000000',5,0,0,44,12,0);
+
+-- SA 18 - OPERATIONAL; ENC; ARSNW:5; AES-CBC; IV:NULL; IV-len:16; MAC-len:16; Key-ID: 130, SCID 3, VC-6
+INSERT INTO security_associations_aos (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,iv,stmacf_len,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid,ecs_len,acs_len,acs,shsnf_len,shplf_len)
+VALUES (18,'kmc/test/key130',3,X'02',1,0,16,16,X'00000000000000000000000000000001',0,36,X'000000000000000000000000000000000000000000000000000000000000000000000000',5,0,0,3,6,0,1,1,X'00',0,1);
+
+-- SA 19 - OPERATIONAL; ENC + AUTH - ARSNW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 3, VC-55
+INSERT INTO security_associations_aos (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid)
+VALUES (19,'kmc/test/key130',3,X'01',1,1,12,12,16,X'000000000000000000000001',36,X'000000000000000000000000000000000000000000000000000000000000000000000000',5,0,1,3,0,0);
+
+-- SA 20 - OPERATIONAL; AUTH - ARSNW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 3, VC-56
+INSERT INTO security_associations_aos (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid)
+VALUES (20,'kmc/test/key130',3,X'01',0,1,12,12,16,X'000000000000000000000001',36,X'000000000000000000000000000000000000000000000000000000000000000000000000',5,0,0,3,56,0);
+
+-- SA 21 - OPERATIONAL; AUTH - ARSNW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:8; Key-ID: 130, SCID 3, VC-57
+INSERT INTO security_associations_aos (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid)
+VALUES (21,'kmc/test/key130',3,X'01',0,1,12,12,8,X'000000000000000000000001',36,X'000000000000000000000000000000000000000000000000000000000000000000000000',5,0,0,3,57,0);
diff --git a/src/sa/test_sadb_mariadb_sql/create_sadb_ivv_unit_tests.sql b/src/sa/test_sadb_mariadb_sql/create_sadb_ivv_tc_unit_tests.sql
similarity index 99%
rename from src/sa/test_sadb_mariadb_sql/create_sadb_ivv_unit_tests.sql
rename to src/sa/test_sadb_mariadb_sql/create_sadb_ivv_tc_unit_tests.sql
index 9935638e..88c5f3fc 100644
--- a/src/sa/test_sadb_mariadb_sql/create_sadb_ivv_unit_tests.sql
+++ b/src/sa/test_sadb_mariadb_sql/create_sadb_ivv_tc_unit_tests.sql
@@ -76,7 +76,7 @@ VALUES (18,'kmc/test/key130',3,X'02',1,0,16,16,X'0000000000000000000000000000000
-- SA 19 - OPERATIONAL; ENC + AUTH - ARSNW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 3, VC-55
INSERT INTO security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid)
-VALUES (19,'kmc/test/key130',3,X'01',1,1,12,12,16,X'000000000000000000000001',36,X'000000000000000000000000000000000000000000000000000000000000000000000000',5,0,0,3,55,0);
+VALUES (19,'kmc/test/key130',3,X'01',1,1,12,12,16,X'000000000000000000000001',36,X'000000000000000000000000000000000000000000000000000000000000000000000000',5,0,1,3,0,0);
-- SA 20 - OPERATIONAL; AUTH - ARSNW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 3, VC-56
INSERT INTO security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid)
diff --git a/src/sa/test_sadb_mariadb_sql/create_sadb_ivv_tm_unit_tests.sql b/src/sa/test_sadb_mariadb_sql/create_sadb_ivv_tm_unit_tests.sql
new file mode 100644
index 00000000..64d4d71f
--- /dev/null
+++ b/src/sa/test_sadb_mariadb_sql/create_sadb_ivv_tm_unit_tests.sql
@@ -0,0 +1,87 @@
+USE sadb;
+
+-- SCID 03 (MMT) Security Associations AES/GCM/NoPadding --
+-- SA 1 - OPERATIONAL; ENC + AUTH - ARSNW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 3, VC-0
+INSERT INTO security_associations_tm (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid)
+VALUES (1,'kmc/test/key130',3,X'01',1,1,12,12,16,X'000000000000000000000001',19,X'00000000000000000000000000000000000000',5,0,0,3,0,0);
+
+-- SA 2 - OPERATIONAL; ENC; ARSNW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 3, VC-0
+INSERT INTO security_associations_tm (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid)
+VALUES (2,'kmc/test/key130',3,X'01',1,0,12,12,16,X'000000000000000000000001',19,X'00000000000000000000000000000000000000',5,0,0,3,0,0);
+
+-- SA 3 - OPERATIONAL; ENC; ARSNW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 3, VC-1
+INSERT INTO security_associations_tm (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid)
+VALUES (3,'kmc/test/key130',3,X'01',1,1,12,12,16,X'000000000000000000000001',20,X'0000000000000000000000000000000000000000',5,0,0,3,1,0);
+
+-- SA 4 - OPERATIONAL; ENC; ARSNW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 3, VC-2
+INSERT INTO security_associations_tm (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid)
+VALUES (4,'kmc/test/key130',3,X'01',1,1,6,12,16,X'000000000000FFFFFFFFFFFC',20,X'0000000000000000000000000000000000000000',5,0,0,3,2,0);
+
+-- SA 5 - OPERATIONAL; ENC; ARSNW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 3, VC-3
+INSERT INTO security_associations_tm (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,arsn,tfvn,scid,vcid,mapid,ecs_len,acs_len,acs,shsnf_len)
+VALUES (5,'kmc/test/key130',3,X'01',0,1,12,12,16,X'000000000000000000000001',36,X'000000000000000000000000000000000000000000000000000000000000000000000000',5,3,X'05FFFC',0,3,3,0,1,1,X'01',2);
+
+-- SA 6 - OPERATIONAL; ENC; ARSNW:5; AES-CBC; IV:NULL; IV-len:16; MAC-len:16; Key-ID: 130, SCID 3, VC-4
+INSERT INTO security_associations_tm (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,iv,stmacf_len,abm_len,abm,arsnw,arsn_len,arsn,tfvn,scid,vcid,mapid,ecs_len,acs_len,acs,shsnf_len)
+VALUES (6,'kmc/test/key130',3,X'02',1,0,16,16,NULL,0,36,X'000000000000000000000000000000000000000000000000000000000000000000000000',5,3,X'05FFFC',0,3,4,0,1,1,X'00',2);
+
+-- SCID 44 (MMT) Security Associations AES/GCM/NoPadding --
+-- SA 7 - Only Keyed SA Available (VC 33)
+INSERT INTO security_associations_tm (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid)
+VALUES (7,'kmc/test/key130',2,X'01',1,1,12,12,16,X'000000000000000000000001',19,X'00000000000000000000000000000000000000',5,0,0,44,33,0);
+
+-- SA 8 - Only Unkeyed SA Available (VC 32)
+INSERT INTO security_associations_tm (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid)
+VALUES (8,'kmc/test/key130',1,X'01',1,1,12,12,16,X'000000000000000000000001',19,X'00000000000000000000000000000000000000',5,0,0,44,32,0);
+
+-- SA 9 - Null ECS & EKID for AESGCM Error (VC 34)
+INSERT INTO security_associations_tm (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid)
+VALUES (9,NULL,3,'',1,1,12,12,16,X'000000000000000000000001',19,X'00000000000000000000000000000000000000',5,0,0,44,34,0);
+
+-- SA 10 - Invalid Frame Length with Seg Headers Config Set (VC 28)
+INSERT INTO security_associations_tm (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid)
+VALUES (10,'kmc/test/key128',3,X'01',1,1,12,12,16,X'000000000000000000000001',19,X'0000000000000000000000000000000000000000',5,0,0,44,28,1);
+
+-- SA 11 - OPERATIONAL; AUTH Only - ARSNW:5; None/AESCMAC ; ARSN_LEN=4; MAC-len:16; Key-ID: 130, SCID 44, VC-7
+INSERT INTO security_associations_tm (spi,akid,sa_state,ecs,acs,acs_len,est,ast,iv_len,shivf_len,shsnf_len,stmacf_len,arsn,arsn_len,abm_len,abm,arsnw,tfvn,scid,vcid,mapid)
+VALUES (11,'kmc/test/key130',3,X'00',X'01',1,0,1,0,0,4,16,X'00000001',4,1024,X'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF',5,0,44,7,0);
+
+-- SA 12 - OPERATIONAL; AUTH Only - ARSNW:5; None/AESCMAC ; ARSN_LEN=4; MAC-len:16; Key-ID: 130, SCID 44, VC-8
+INSERT INTO security_associations_tm (spi,akid,sa_state,ecs,acs,acs_len,est,ast,iv_len,shivf_len,shsnf_len,stmacf_len,arsn,arsn_len,abm_len,abm,arsnw,tfvn,scid,vcid,mapid)
+VALUES (12,'kmc/test/key130',3,X'00',X'01',1,0,1,0,0,4,16,X'00000001',4,1024,X'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF',5,0,44,8,0);
+
+-- SA 13 - OPERATIONAL; AUTH Only - ARSNW:5; None/HmacSHA256 ; MAC-len:32; Key-ID: 130, SCID 44, VC-8
+INSERT INTO security_associations_tm (spi,akid,sa_state,ecs,acs,acs_len,est,ast,iv_len,shivf_len,shsnf_len,stmacf_len,arsn,arsn_len,abm_len,abm,arsnw,tfvn,scid,vcid,mapid)
+VALUES (13,'kmc/test/nist_hmacsha256',3,X'00',X'02',1,0,1,0,0,4,32,X'00000001',4,1024,X'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF',5,0,44,8,0);
+
+-- SA 14 - OPERATIONAL; AUTH Only - ARSNW:5; None/HmacSHA512 ; IV:00...01; IV-len:12; MAC-len:64; Key-ID: 130, SCID 44, VC-9
+INSERT INTO security_associations_tm (spi,akid,sa_state,ecs,acs,acs_len,est,ast,iv_len,shivf_len,shsnf_len,stmacf_len,arsn,arsn_len,abm_len,abm,arsnw,tfvn,scid,vcid,mapid)
+VALUES (14,'kmc/test/nist_hmacsha512',3,X'00',X'03',1,0,1,0,0,4,64,X'00000001',4,1024,X'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF',5,0,44,9,0);
+
+-- SA 15 - OPERATIONAL; AUTH Only - ARSNW:5; None/HmacSHA512 ; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 44, VC-10
+INSERT INTO security_associations_tm (spi,akid,sa_state,ecs,acs,acs_len,est,ast,iv_len,shivf_len,shsnf_len,stmacf_len,arsn,arsn_len,abm_len,abm,arsnw,tfvn,scid,vcid,mapid)
+VALUES (15,'kmc/test/nist_hmacsha512',3,X'00',X'03',1,0,1,0,0,4,16,X'00000001',4,1024,X'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF',5,0,44,10,0);
+
+-- SA 16 - OPERATIONAL; ENC + AUTH - ARSNW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:8; Key-ID: 130, SCID 44, VC-11
+INSERT INTO security_associations_tm (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid)
+VALUES (16,'kmc/test/key130',3,X'01',1,1,12,12,8,X'000000000000000000000001',19,X'00000000000000000000000000000000000000',5,0,0,44,11,0);
+
+-- SA 17 - OPERATIONAL; ENC + AUTH - ARSNW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:32; Key-ID: 130, SCID 44, VC-12
+INSERT INTO security_associations_tm (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid)
+VALUES (17,'kmc/test/key130',3,X'01',1,1,12,12,32,X'000000000000000000000001',19,X'00000000000000000000000000000000000000',5,0,0,44,12,0);
+
+-- SA 18 - OPERATIONAL; ENC; ARSNW:5; AES-CBC; IV:NULL; IV-len:16; MAC-len:16; Key-ID: 130, SCID 3, VC-6
+INSERT INTO security_associations_tm (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,iv,stmacf_len,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid,ecs_len,acs_len,acs,shsnf_len,shplf_len)
+VALUES (18,'kmc/test/key130',3,X'02',1,0,16,16,X'00000000000000000000000000000001',0,36,X'000000000000000000000000000000000000000000000000000000000000000000000000',5,0,0,3,6,0,1,1,X'00',0,1);
+
+-- SA 19 - OPERATIONAL; ENC + AUTH - ARSNW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 3, VC-55
+INSERT INTO security_associations_tm (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid)
+VALUES (19,'kmc/test/key130',3,X'01',1,1,12,12,16,X'000000000000000000000001',36,X'000000000000000000000000000000000000000000000000000000000000000000000000',5,0,1,3,0,0);
+
+-- SA 20 - OPERATIONAL; AUTH - ARSNW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:16; Key-ID: 130, SCID 3, VC-56
+INSERT INTO security_associations_tm (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid)
+VALUES (20,'kmc/test/key130',3,X'01',0,1,12,12,16,X'000000000000000000000001',36,X'000000000000000000000000000000000000000000000000000000000000000000000000',5,0,0,3,56,0);
+
+-- SA 21 - OPERATIONAL; AUTH - ARSNW:5; AES-GCM; IV:00...01; IV-len:12; MAC-len:8; Key-ID: 130, SCID 3, VC-57
+INSERT INTO security_associations_tm (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid)
+VALUES (21,'kmc/test/key130',3,X'01',0,1,12,12,8,X'000000000000000000000001',36,X'000000000000000000000000000000000000000000000000000000000000000000000000',5,0,0,3,57,0);
diff --git a/support/scripts/build_kmc.sh b/support/scripts/build_kmc.sh
index afa9cbec..f6f2272f 100755
--- a/support/scripts/build_kmc.sh
+++ b/support/scripts/build_kmc.sh
@@ -11,4 +11,4 @@ source $SCRIPT_DIR/env.sh
rm $BASE_DIR/CMakeCache.txt
-cmake $BASE_DIR -DCODECOV=1 -DDEBUG=1 -DCRYPTO_KMC=1 -DKEY_KMC=1 -DMC_DISABLED=1 -DSA_MARIADB=1 -DTEST=1 -DSA_FILE=1 -DKMC_MDB_DB=1 && make && make test
+cmake $BASE_DIR -DCODECOV=1 -DDEBUG=1 -DCRYPTO_KMC=1 -DCRYPTO_LIBGCRYPT=1 -DKEY_KMC=1 -DKEY_INTERNAL=1 -DMC_DISABLED=1 -DMC_INTERNAL=1 -DSA_MARIADB=1 -DSA_INTERNAL=1 -DTEST=1 -DSA_FILE=1 -DKMC_MDB_DB=1 && make && make test
diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt
index 5793ae67..a409c461 100644
--- a/test/CMakeLists.txt
+++ b/test/CMakeLists.txt
@@ -91,7 +91,6 @@ if((KMC_MDB_DB OR KMC_MDB_RH))
COMMAND ${PROJECT_BINARY_DIR}/bin/ut_kmc_cam
WORKING_DIRECTORY ${PROJECT_TEST_DIR})
-endif()
# add_test(NAME UT_SADB_ERR_CASES_KMC_CRYPTO
# COMMAND ${PROJECT_BINARY_DIR}/bin/ut_sa_err_cases_kmc_crypto
# WORKING_DIRECTORY ${PROJECT_TEST_DIR})
@@ -104,13 +103,17 @@ endif()
# COMMAND ${PROJECT_BINARY_DIR}/bin/ut_mysql_m_tls_connection
# WORKING_DIRECTORY ${PROJECT_TEST_DIR})
- # add_test(NAME UT_MARIADB
- # COMMAND ${PROJECT_BINARY_DIR}/bin/ut_mariadb
- # WORKING_DIRECTORY ${PROJECT_TEST_DIR})
+ add_test(NAME UT_MARIADB
+ COMMAND ${PROJECT_BINARY_DIR}/bin/ut_mariadb
+ WORKING_DIRECTORY ${PROJECT_TEST_DIR})
+
+ add_test(NAME UT_B64
+ COMMAND ${PROJECT_BINARY_DIR}/bin/ut_b64
+ WORKING_DIRECTORY ${PROJECT_TEST_DIR})
- # add_test(NAME UT_KMC_CRYPTO
- # COMMAND ${PROJECT_BINARY_DIR}/bin/ut_kmc_crypto
- # WORKING_DIRECTORY ${PROJECT_TEST_DIR})
+ add_test(NAME UT_KMC_CRYPTO
+ COMMAND ${PROJECT_BINARY_DIR}/bin/ut_kmc_crypto
+ WORKING_DIRECTORY ${PROJECT_TEST_DIR})
# add_test(NAME UT_KMC_CRYPTO_WITH_MTLS_SADB
# COMMAND ${PROJECT_BINARY_DIR}/bin/ut_kmc_crypto_with_mtls_sadb
@@ -124,26 +127,20 @@ endif()
# add_test(NAME UT_KMC_CRYPTO_AUTH_ONLY
# COMMAND ${PROJECT_BINARY_DIR}/bin/ut_kmc_crypto_auth_only
# WORKING_DIRECTORY ${PROJECT_TEST_DIR})
-#endif()
-# if(TEST_ENC)
-# add_test(NAME ET_DT_VALIDATION
-# COMMAND ${PROJECT_BINARY_DIR}/bin/et_dt_validation
-# WORKING_DIRECTORY ${PROJECT_TEST_DIR})
-# endif()
+ add_test(NAME UT_TM_KMC
+ COMMAND ${PROJECT_BINARY_DIR}/bin/ut_tm_kmc
+ WORKING_DIRECTORY ${PROJECT_TEST_DIR})
+
+ add_test(NAME UT_AOS_KMC
+ COMMAND ${PROJECT_BINARY_DIR}/bin/ut_aos_kmc
+ WORKING_DIRECTORY ${PROJECT_TEST_DIR})
+endif()
+
include_directories(include)
include_directories(../include)
-# if(TEST_ENC)
-# set(Python3_FIND_STRATEGY VERSION)
-# find_package (Python3 REQUIRED COMPONENTS Interpreter Development)
-# execute_process(COMMAND pip3 show pycryptodome RESULT_VARIABLE EXIT_CODE OUTPUT_QUIET)
-# if(NOT ${EXIT_CODE} EQUAL 0)
-# message(FATAL_ERROR "The \"pycryptodome\" Python3 package is not installed, and is required for TEST_ENC.")
-# endif()
-# endif()
-
file( GLOB UNIT_FILES unit/*.c)
foreach(SOURCE_PATH ${UNIT_FILES})
get_filename_component(EXECUTABLE_NAME ${SOURCE_PATH} NAME_WE)
diff --git a/test/core/shared_util.c b/test/core/shared_util.c
index 0f5111b4..67588c6d 100644
--- a/test/core/shared_util.c
+++ b/test/core/shared_util.c
@@ -65,18 +65,16 @@ char *c_read_file(const char *f_name, long *f_size)
* @param dest_buffer: uint8*, The destination char array from which the hex array will be converted to bytes
* @return int length of dest_buffer
**/
-int convert_hexstring_to_byte_array(char *source_str, char *dest_buffer)
-{
- char *line = source_str;
- char *data = line;
- int offset;
- int read_byte;
- int data_len = 0;
+int32_t convert_hexstring_to_byte_array(char *source_str, char *dest_buffer)
+{ // https://stackoverflow.com/questions/3408706/hexadecimal-string-to-byte-array-in-c/56247335#56247335
+ int offset;
+ unsigned int read_byte;
+ uint32_t data_len = 0;
- while (sscanf(data, " %02x%n", &read_byte, &offset) == 1)
+ while (sscanf(source_str, " %02x%n", &read_byte, &offset) == 1)
{
dest_buffer[data_len++] = read_byte;
- data += offset;
+ source_str += offset;
}
return data_len;
}
@@ -93,8 +91,9 @@ int convert_hexstring_to_byte_array(char *source_str, char *dest_buffer)
void hex_conversion(char *buffer_h, char **buffer_b, int *buffer_b_length)
{
// Convert input plaintext
- *buffer_b = (char *)malloc((strlen(buffer_h) / 2) * sizeof(char));
- *buffer_b_length = convert_hexstring_to_byte_array(buffer_h, *buffer_b);
+ uint16_t dest_len = (strlen(buffer_h) / 2);
+ *buffer_b = (char *)malloc(dest_len * sizeof(char));
+ *buffer_b_length = convert_hexstring_to_byte_array(buffer_h, *buffer_b);
}
#ifdef DEBUG
diff --git a/test/include/ut_b64.h b/test/include/ut_b64.h
new file mode 100644
index 00000000..452e89ac
--- /dev/null
+++ b/test/include/ut_b64.h
@@ -0,0 +1,34 @@
+/* Copyright (C) 2009 - 2022 National Aeronautics and Space Administration.
+ All Foreign Rights are Reserved to the U.S. Government.
+
+ This software is provided "as is" without any warranty of any kind, either expressed, implied, or statutory,
+ including, but not limited to, any warranty that the software will conform to specifications, any implied warranties
+ of merchantability, fitness for a particular purpose, and freedom from infringement, and any warranty that the
+ documentation will conform to the program, or any warranty that the software will be error free.
+
+ In no event shall NASA be liable for any damages, including, but not limited to direct, indirect, special or
+ consequential damages, arising out of, resulting from, or in any way connected with the software or its
+ documentation, whether or not based upon warranty, contract, tort or otherwise, and whether or not loss was sustained
+ from, or arose out of the results of, or use of, the software, documentation or services provided hereunder.
+
+ ITC Team
+ NASA IV&V
+ jstar-development-team@mail.nasa.gov
+*/
+
+#ifndef CRYPTOLIB_UT_B64_H
+#define CRYPTOLIB_UT_B64_H
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+#include "crypto.h"
+#include
+
+#ifdef __cplusplus
+} /* Close scope of 'extern "C"' declaration which encloses file. */
+#endif
+
+#endif // CRYPTOLIB_UT_B64_H
\ No newline at end of file
diff --git a/test/include/ut_mariadb.h b/test/include/ut_mariadb.h
index aaeb37a6..11d23e2c 100644
--- a/test/include/ut_mariadb.h
+++ b/test/include/ut_mariadb.h
@@ -25,7 +25,6 @@ extern "C"
#endif
#include "crypto.h"
-#include "shared_util.h"
#include
#ifdef __cplusplus
diff --git a/test/kmc/ut_aos_kmc.c b/test/kmc/ut_aos_kmc.c
new file mode 100644
index 00000000..6136acdb
--- /dev/null
+++ b/test/kmc/ut_aos_kmc.c
@@ -0,0 +1,390 @@
+/* Copyright (C) 2009 - 2022 National Aeronautics and Space Administration.
+ All Foreign Rights are Reserved to the U.S. Government.
+
+ This software is provided "as is" without any warranty of any kind, either expressed, implied, or statutory,
+ including, but not limited to, any warranty that the software will conform to specifications, any implied warranties
+ of merchantability, fitness for a particular purpose, and freedom from infringement, and any warranty that the
+ documentation will conform to the program, or any warranty that the software will be error free.
+
+ In no event shall NASA be liable for any damages, including, but not limited to direct, indirect, special or
+ consequential damages, arising out of, resulting from, or in any way connected with the software or its
+ documentation, whether or not based upon warranty, contract, tort or otherwise, and whether or not loss was sustained
+ from, or arose out of the results of, or use of, the software, documentation or services provided hereunder.
+
+ ITC Team
+ NASA IV&V
+ jstar-development-team@mail.nasa.gov
+*/
+
+/**
+ * Unit Tests that make use of AOS Functionality with KMC Service.
+ **/
+#include "ut_aos_apply.h"
+#include "ut_aos_process.h"
+#include "crypto.h"
+#include "crypto_error.h"
+#include "sa_interface.h"
+#include "utest.h"
+
+#include
+#include
+
+#define KMC_HOSTNAME "itc.kmc.nasa.gov"
+#define CA_PATH "/home/jstar/Desktop/kmc_certs/ca.pem"
+#define CLIENT_CERTIFICATE "/home/jstar/Desktop/kmc_certs/ammos-client-cert.pem"
+#define CLIENT_CERTIFICATE_KEY "/home/jstar/Desktop/kmc_certs/ammos-client-key.pem"
+
+void reload_db(void)
+{
+ printf("Resetting Database\n");
+ system("mysql --host=localhost -u cryptosvc --skip-ssl-verify-server-cert "
+ "--ssl-ca=/home/jstar/Desktop/kmc_certs/ca.pem "
+ "--ssl-cert=/home/jstar/Desktop/kmc_certs/ammos-server-cert.pem "
+ "--ssl-key=/home/jstar/Desktop/kmc_certs/ammos-server-key.pem < "
+ "src/sa/sadb_mariadb_sql/empty_sadb_aos.sql");
+ printf("first call done\n");
+ system("mysql --host=localhost -u cryptosvc --skip-ssl-verify-server-cert "
+ "--ssl-ca=/home/jstar/Desktop/kmc_certs/ca.pem "
+ "--ssl-cert=/home/jstar/Desktop/kmc_certs/ammos-server-cert.pem "
+ "--ssl-key=/home/jstar/Desktop/kmc_certs/ammos-server-key.pem < "
+ "src/sa/test_sadb_mariadb_sql/create_sadb_ivv_aos_unit_tests.sql");
+}
+
+/**
+ * @brief MariaDB: Table Cleanup for Unit Tests
+ * Be sure to use only after initialization
+ * TODO: Move to shared function for all Unit Tests
+ */
+void MDB_DB_RESET()
+{
+ MYSQL *con = mysql_init(NULL);
+ if (sa_mariadb_config->mysql_mtls_key != NULL)
+ {
+ mysql_optionsv(con, MYSQL_OPT_SSL_KEY, sa_mariadb_config->mysql_mtls_key);
+ }
+ if (sa_mariadb_config->mysql_mtls_cert != NULL)
+ {
+ mysql_optionsv(con, MYSQL_OPT_SSL_CERT, sa_mariadb_config->mysql_mtls_cert);
+ }
+ if (sa_mariadb_config->mysql_mtls_ca != NULL)
+ {
+ mysql_optionsv(con, MYSQL_OPT_SSL_CA, sa_mariadb_config->mysql_mtls_ca);
+ }
+ if (sa_mariadb_config->mysql_mtls_capath != NULL)
+ {
+ mysql_optionsv(con, MYSQL_OPT_SSL_CAPATH, sa_mariadb_config->mysql_mtls_capath);
+ }
+ if (sa_mariadb_config->mysql_tls_verify_server != CRYPTO_FALSE)
+ {
+ mysql_optionsv(con, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, &(sa_mariadb_config->mysql_tls_verify_server));
+ }
+ if (sa_mariadb_config->mysql_mtls_client_key_password != NULL)
+ {
+ mysql_optionsv(con, MARIADB_OPT_TLS_PASSPHRASE, sa_mariadb_config->mysql_mtls_client_key_password);
+ }
+ if (sa_mariadb_config->mysql_require_secure_transport == CRYPTO_TRUE)
+ {
+ mysql_optionsv(con, MYSQL_OPT_SSL_ENFORCE, &(sa_mariadb_config->mysql_require_secure_transport));
+ }
+ // if encrypted connection (TLS) connection. No need for SSL Key
+ if (mysql_real_connect(con, sa_mariadb_config->mysql_hostname, sa_mariadb_config->mysql_username,
+ sa_mariadb_config->mysql_password, sa_mariadb_config->mysql_database,
+ sa_mariadb_config->mysql_port, NULL, 0) == NULL)
+ {
+ // 0,NULL,0 are port number, unix socket, client flag
+ // finish_with_error(con);
+ }
+
+ printf("Truncating Tables\n");
+ char *query = "TRUNCATE TABLE security_associations_aos\n";
+ if (mysql_real_query(con, query, strlen(query)))
+ { // query should be NUL terminated!
+ printf("Failed to Truncate Table\n");
+ // finish_with_error(con);
+ }
+ query =
+ "INSERT INTO security_associations_aos "
+ "(spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid,"
+ "ecs_len, shplf_len) VALUES "
+ "(11,'kmc/test/"
+ "key130',3,X'02',1,0,16,16,0,X'00000000000000000000000000000001',1024,X'"
+ "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+ "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+ "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+ "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+ "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+ "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+ "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+ "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+ "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+ "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+ "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+ "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+ "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+ "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+ "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+ "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+ "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+ "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+ "00000000000000000000000000000000000000000000000000000000000000000000',5,0,0,3,0,0,1,1)";
+ if (mysql_real_query(con, query, strlen(query)))
+ { // query should be NUL terminated!
+ printf("Failed to re-create security_association_aos table for SPI 11\n");
+ // finish_with_error(con);
+ }
+}
+
+/**
+ * @brief Unit Test: Nominal Encryption CBC KMC
+ **/
+UTEST(AOS_APPLY_KMC, HAPPY_PATH_ENC_AOS_CBC_KMC)
+{
+ remove("sa_save_file.bin");
+ reload_db();
+ // Setup & Initialize CryptoLib
+ Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO,
+ IV_CRYPTO_MODULE, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR,
+ TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE,
+ TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE);
+ Crypto_Config_MariaDB(KMC_HOSTNAME, "sadb", 3306, CRYPTO_TRUE, CRYPTO_TRUE, CA_PATH, NULL, CLIENT_CERTIFICATE,
+ CLIENT_CERTIFICATE_KEY, "changeit", "cryptosvc", NULL);
+ Crypto_Config_Kmc_Crypto_Service("https", "itc.kmc.nasa.gov", 8443, "crypto-service",
+ "/home/jstar/Desktop/kmc_certs/ca.pem", NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE,
+ "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL);
+ GvcidManagedParameters_t AOS_UT_Managed_Parameters = {
+ 1, 0x0003, 0, AOS_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, AOS_SEGMENT_HDRS_NA, 1786, AOS_NO_OCF, 1};
+ Crypto_Config_Add_Gvcid_Managed_Parameters(AOS_UT_Managed_Parameters);
+
+ int32_t return_val = Crypto_Init();
+ ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val);
+
+ char *raw_aos_sdls_ping_h =
+ "40C0000000000000112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA0000";
+ char *raw_aos_sdls_ping_b = NULL;
+ int raw_aos_sdls_ping_len = 0;
+
+ hex_conversion(raw_aos_sdls_ping_h, &raw_aos_sdls_ping_b, &raw_aos_sdls_ping_len);
+
+ aos_frame_pri_hdr.tfvn = ((uint8_t)raw_aos_sdls_ping_b[0] & 0xC0) >> 6;
+ aos_frame_pri_hdr.scid =
+ (((uint16_t)raw_aos_sdls_ping_b[0] & 0x3F) << 2) | (((uint16_t)raw_aos_sdls_ping_b[1] & 0xC0) >> 6);
+ aos_frame_pri_hdr.vcid = ((uint8_t)raw_aos_sdls_ping_b[1] & 0x3F);
+
+ return_val = Crypto_AOS_ApplySecurity((uint8_t *)raw_aos_sdls_ping_b, raw_aos_sdls_ping_len);
+
+ // Truth frame setup
+ char *truth_aos_h =
+ "40C0000000000013000000000000000000000001BB73A3818AB2D7C51A5A14B6674439BB9B7DC0B21A44256075B5413488F77FC590A9C5"
+ "21DB9A013DC0456F5FE9F99D111B1C31BABCDB7E0FB2822BEA152FAA73F5D3F06EBE6D18CC1B85D5DCF1F293E77A384916E28A7C820670"
+ "8C3758D87CA6BDD7FEAE2225ACDDFA1B878C3F831AD4ECB8026ACC50E58B1367455A1E5879886B414BF33B0BB5F8EE44750E15051A2554"
+ "A6B172BEAA92F03B90DCEB57165CC1CA8ED97A7E76968F655549B28080BF25ED4E9A6377166C137CFEB884A8D9B9405C84883F7880D60F"
+ "EFFDB7CA4E9F8FB4F7D77315A6E8E3F3326751F8855349EDE8797A57B7F07CD8B1531539B05A7FFEF4708864847C3EBEDFA656D6243941"
+ "F06B21132953BA22B5E8F3EC7079F096D2A621D29FF0625147D32A7C0F644FA557A70567579F10D461C4198A360D0BB2361E1599533A4B"
+ "69F8ADC8FA64174E1092B996BC01B87453EE54E961D14BE002FE7D24BE389F892D4C6967B910D650C36FA653BAF214E93CBDD813F8078D"
+ "534303BA8FC795CBB2292A770F9959F60DC0ED141375BBEB86ED099CC1EBCDE6488B911508B7213C9AB1346E4B90D4B9AA8EAE02EC8B8A"
+ "B54957309CE1266FD80907E5B16441CE0A9B2A4146A2885537688577D6C9FECFD9E9F584EC860A276684667BAE255ABC0CB808FD685EA9"
+ "5DC86BFCEC9EC0EA352A317DCF8AA579B0746C8B5359F6E1BB4881BAC194A6D9B3881907621C8EC65FF1AB61B6DCDA3BC9B07165FAE18A"
+ "BA0E849CC09B9C8BBAB5963C8EB855273DC61B4487C85C1BB88943AEFFFF08830852EE074B6DCF71146D28B4AB311A043663E9EC582442"
+ "6553BE583AF18E2C172A11849E70A4814F8ABFFE851F1716B16466011293161DD44FFD1F2519BA82F8B21798004EFD1F2246623CF98C92"
+ "323D202A7E1FF3A7EF204A729CB1EAF6F2E16FCC18FC0826D60D113A17D1BCF887461A0E79B5D0A9A3980CCD7073476D431524EE5E5FEA"
+ "0B3A8F037F5E95213EC3D3FBB04CA49A35D99BDD22AC41150653BD8B75F8C3CC060B0DC09BC062DDF8E3CC3C9DF13BA44A96C53EA336A1"
+ "9138557A23C94E508839CAA76458636B68AB5DFED7D268C1CE329BF430D4306159ECA035B079927A5597F1E80FDCE67F5B23580C85D697"
+ "1D9DF12D1A50556C7F612530B4A5C2C2469E0AD0FAFF88D58C466C3CD601CDCF0AF65D0219E1C94D7461B1D39CF05D1B0F2C1EC94C985E"
+ "4DD1B1C1AD935537B6FE53FA9581C209EDA64340F72F5738D0877ECE4FF2831B6DEE291CAC98CD385BEE07270E44A1CB5635CA36609467"
+ "61293B1BC238C13670D2432BC3A0227A4CF94959E6C61B391E74BB14B27B0D767BD8AE8AAB60FDD6D2593A5E3B83518283B5DF4510A47D"
+ "8B116229EF409F44B8A9AAF5452FB5D7A0C8DBCB8692A479A9BA1C8309E84E8989782D868AE1884150E1D645FE053C7430921514E4E763"
+ "58AD4CC7E096C8BD390488DA2D7AFBB5408299F892A1CFE708D918FED3D7D6BCB27EF17A1E03B50A3EE76D507B19C0AFE7178D4455A2D7"
+ "7A787ACF0B75DEE48757602D6D6DED0224F75B0B64D9381B39436BB9D196F31347B55E346A6C0A335C85CE4E098F07A6CC3DDAC549371D"
+ "DB1447DB0A02E39F96A87BF7ADE1610A51ABE79A84394DEDAAA74B61AC13E5A957079FA2841BD663CDB5CA731536034855AEBE2740248F"
+ "7DE86463FCA8BCC66FCE3F38CE11215FC6890874E458244AB9691818289EF7DF05A0B0C2215BA36654483E7FF73B6630811DD6237414D4"
+ "C7FE8863CCCDB5563FF36F534113B392BCCBE46566BCF10238C8127BCF74389674774996253EA6742242E1D62509AC1EEAB577D7149924"
+ "F5640BFF4EB364EEF4C2664D98824E0F0ED0D91C1065E9FEB96160925BCEB1FB48E6E8658BE8032F01FC10A63D9D79C7F5E49AFEF6C43A"
+ "6D665D95F9D7E46AACDB8FB3F6086EBAF56B3149C2641B4AFBCDA992C8399B915EE2D23F8DAD37023B4E40C07F3341FF3097F25D238C69"
+ "2C5F816E128B922A09249DCA1FE0BA4B1E77A4ECCDC53712A5CE588D688D13370163A925867CB4E1D41FDED4CE244D852ED1D3F17D48A0"
+ "4921973F4D8F34180AF748B6C292181FFAC33D2EEEA7BC91E993EA29E5F2798930C8B149F5478C05F59F7ACA8E862BB37B5A0A792DCE1B"
+ "F4E76DB82DC1408733CD8F06995746726738F3E1416792AC8F8A91532B7F9331111DF835F3A60BB2134009D6BEC469B0CA1AD6352C7E6E"
+ "A928332ECA13CF2862A8C845734B00B230C8EEEA10FD0FE2BC62E7304ECD40E54B8D28C78E4C44FBF535A2F59FCF2D4B4A550FB5AE7AE4"
+ "69B2BA9DDC08C741653A405D5BAFD0C677C8D0B43984C82F7B814CAA0989518C71DB8DD93E12C1F3EFFA453C03A11E2F338DDCD50D4C7C"
+ "DCFC7B32A7DCFEAEA1D66815AA1E91D1FE3D62AAECF9BF9F5CC7C02278E0C5DC0DD322BCF90FF81EC1A5BFBBE2CF708CAEBE520CB89620"
+ "A0AD847A405648E6A01F658313107B1E143EF2D86100F4610000";
+ char *truth_aos_b = NULL;
+ int truth_aos_len = 0;
+ hex_conversion(truth_aos_h, &truth_aos_b, &truth_aos_len);
+
+ for (int i = 0; i < aos_current_managed_parameters_struct.max_frame_size; i++)
+ {
+ printf("Checking %02x against %02X\n", (uint8_t)raw_aos_sdls_ping_b[i], (uint8_t) * (truth_aos_b + i));
+ ASSERT_EQ((uint8_t)raw_aos_sdls_ping_b[i], (uint8_t) * (truth_aos_b + i));
+ }
+
+ Crypto_Shutdown();
+ free(truth_aos_b);
+ free(raw_aos_sdls_ping_b);
+ ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val);
+}
+
+/**
+ * @brief Unit Test: Nominal Decryption CBC KMC
+ **/
+UTEST(AOS_PROCESS_KMC, HAPPY_PATH_DEC_AOS_CBC_KMC)
+{
+ AOS_t *ptr_processed_frame = malloc(AOS_SIZE);
+ uint16_t processed_aos_len = 0;
+
+ remove("sa_save_file.bin");
+ reload_db();
+ // Setup & Initialize CryptoLib
+ Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_INTERNAL, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO,
+ IV_CRYPTO_MODULE, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR,
+ TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE,
+ TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE);
+ Crypto_Config_MariaDB(KMC_HOSTNAME, "sadb", 3306, CRYPTO_TRUE, CRYPTO_TRUE, CA_PATH, NULL, CLIENT_CERTIFICATE,
+ CLIENT_CERTIFICATE_KEY, "changeit", "cryptosvc", NULL);
+ Crypto_Config_Kmc_Crypto_Service("https", "itc.kmc.nasa.gov", 8443, "crypto-service",
+ "/home/jstar/Desktop/kmc_certs/ca.pem", NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE,
+ "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL);
+ GvcidManagedParameters_t AOS_UT_Managed_Parameters = {
+ 1, 0x0003, 0, AOS_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, AOS_SEGMENT_HDRS_NA, 1786, AOS_NO_OCF, 1};
+ Crypto_Config_Add_Gvcid_Managed_Parameters(AOS_UT_Managed_Parameters);
+
+ int32_t return_val = Crypto_Init();
+ ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val);
+
+ char *raw_aos_sdls_ping_h =
+ "40C0000000000013000000000000000000000001BB73A3818AB2D7C51A5A14B6674439BB9B7DC0B21A44256075B5413488F77FC590A9C5"
+ "21DB9A013DC0456F5FE9F99D111B1C31BABCDB7E0FB2822BEA152FAA73F5D3F06EBE6D18CC1B85D5DCF1F293E77A384916E28A7C820670"
+ "8C3758D87CA6BDD7FEAE2225ACDDFA1B878C3F831AD4ECB8026ACC50E58B1367455A1E5879886B414BF33B0BB5F8EE44750E15051A2554"
+ "A6B172BEAA92F03B90DCEB57165CC1CA8ED97A7E76968F655549B28080BF25ED4E9A6377166C137CFEB884A8D9B9405C84883F7880D60F"
+ "EFFDB7CA4E9F8FB4F7D77315A6E8E3F3326751F8855349EDE8797A57B7F07CD8B1531539B05A7FFEF4708864847C3EBEDFA656D6243941"
+ "F06B21132953BA22B5E8F3EC7079F096D2A621D29FF0625147D32A7C0F644FA557A70567579F10D461C4198A360D0BB2361E1599533A4B"
+ "69F8ADC8FA64174E1092B996BC01B87453EE54E961D14BE002FE7D24BE389F892D4C6967B910D650C36FA653BAF214E93CBDD813F8078D"
+ "534303BA8FC795CBB2292A770F9959F60DC0ED141375BBEB86ED099CC1EBCDE6488B911508B7213C9AB1346E4B90D4B9AA8EAE02EC8B8A"
+ "B54957309CE1266FD80907E5B16441CE0A9B2A4146A2885537688577D6C9FECFD9E9F584EC860A276684667BAE255ABC0CB808FD685EA9"
+ "5DC86BFCEC9EC0EA352A317DCF8AA579B0746C8B5359F6E1BB4881BAC194A6D9B3881907621C8EC65FF1AB61B6DCDA3BC9B07165FAE18A"
+ "BA0E849CC09B9C8BBAB5963C8EB855273DC61B4487C85C1BB88943AEFFFF08830852EE074B6DCF71146D28B4AB311A043663E9EC582442"
+ "6553BE583AF18E2C172A11849E70A4814F8ABFFE851F1716B16466011293161DD44FFD1F2519BA82F8B21798004EFD1F2246623CF98C92"
+ "323D202A7E1FF3A7EF204A729CB1EAF6F2E16FCC18FC0826D60D113A17D1BCF887461A0E79B5D0A9A3980CCD7073476D431524EE5E5FEA"
+ "0B3A8F037F5E95213EC3D3FBB04CA49A35D99BDD22AC41150653BD8B75F8C3CC060B0DC09BC062DDF8E3CC3C9DF13BA44A96C53EA336A1"
+ "9138557A23C94E508839CAA76458636B68AB5DFED7D268C1CE329BF430D4306159ECA035B079927A5597F1E80FDCE67F5B23580C85D697"
+ "1D9DF12D1A50556C7F612530B4A5C2C2469E0AD0FAFF88D58C466C3CD601CDCF0AF65D0219E1C94D7461B1D39CF05D1B0F2C1EC94C985E"
+ "4DD1B1C1AD935537B6FE53FA9581C209EDA64340F72F5738D0877ECE4FF2831B6DEE291CAC98CD385BEE07270E44A1CB5635CA36609467"
+ "61293B1BC238C13670D2432BC3A0227A4CF94959E6C61B391E74BB14B27B0D767BD8AE8AAB60FDD6D2593A5E3B83518283B5DF4510A47D"
+ "8B116229EF409F44B8A9AAF5452FB5D7A0C8DBCB8692A479A9BA1C8309E84E8989782D868AE1884150E1D645FE053C7430921514E4E763"
+ "58AD4CC7E096C8BD390488DA2D7AFBB5408299F892A1CFE708D918FED3D7D6BCB27EF17A1E03B50A3EE76D507B19C0AFE7178D4455A2D7"
+ "7A787ACF0B75DEE48757602D6D6DED0224F75B0B64D9381B39436BB9D196F31347B55E346A6C0A335C85CE4E098F07A6CC3DDAC549371D"
+ "DB1447DB0A02E39F96A87BF7ADE1610A51ABE79A84394DEDAAA74B61AC13E5A957079FA2841BD663CDB5CA731536034855AEBE2740248F"
+ "7DE86463FCA8BCC66FCE3F38CE11215FC6890874E458244AB9691818289EF7DF05A0B0C2215BA36654483E7FF73B6630811DD6237414D4"
+ "C7FE8863CCCDB5563FF36F534113B392BCCBE46566BCF10238C8127BCF74389674774996253EA6742242E1D62509AC1EEAB577D7149924"
+ "F5640BFF4EB364EEF4C2664D98824E0F0ED0D91C1065E9FEB96160925BCEB1FB48E6E8658BE8032F01FC10A63D9D79C7F5E49AFEF6C43A"
+ "6D665D95F9D7E46AACDB8FB3F6086EBAF56B3149C2641B4AFBCDA992C8399B915EE2D23F8DAD37023B4E40C07F3341FF3097F25D238C69"
+ "2C5F816E128B922A09249DCA1FE0BA4B1E77A4ECCDC53712A5CE588D688D13370163A925867CB4E1D41FDED4CE244D852ED1D3F17D48A0"
+ "4921973F4D8F34180AF748B6C292181FFAC33D2EEEA7BC91E993EA29E5F2798930C8B149F5478C05F59F7ACA8E862BB37B5A0A792DCE1B"
+ "F4E76DB82DC1408733CD8F06995746726738F3E1416792AC8F8A91532B7F9331111DF835F3A60BB2134009D6BEC469B0CA1AD6352C7E6E"
+ "A928332ECA13CF2862A8C845734B00B230C8EEEA10FD0FE2BC62E7304ECD40E54B8D28C78E4C44FBF535A2F59FCF2D4B4A550FB5AE7AE4"
+ "69B2BA9DDC08C741653A405D5BAFD0C677C8D0B43984C82F7B814CAA0989518C71DB8DD93E12C1F3EFFA453C03A11E2F338DDCD50D4C7C"
+ "DCFC7B32A7DCFEAEA1D66815AA1E91D1FE3D62AAECF9BF9F5CC7C02278E0C5DC0DD322BCF90FF81EC1A5BFBBE2CF708CAEBE520CB89620"
+ "A0AD847A405648E6A01F658313107B1E143EF2D86100F4610000";
+ char *raw_aos_sdls_ping_b = NULL;
+ int raw_aos_sdls_ping_len = 0;
+
+ hex_conversion(raw_aos_sdls_ping_h, &raw_aos_sdls_ping_b, &raw_aos_sdls_ping_len);
+
+ aos_frame_pri_hdr.tfvn = ((uint8_t)raw_aos_sdls_ping_b[0] & 0xC0) >> 6;
+ aos_frame_pri_hdr.scid =
+ (((uint16_t)raw_aos_sdls_ping_b[0] & 0x3F) << 2) | (((uint16_t)raw_aos_sdls_ping_b[1] & 0xC0) >> 6);
+ aos_frame_pri_hdr.vcid = ((uint8_t)raw_aos_sdls_ping_b[1] & 0x3F);
+
+ return_val = Crypto_AOS_ProcessSecurity((uint8_t *)raw_aos_sdls_ping_b, raw_aos_sdls_ping_len, ptr_processed_frame,
+ &processed_aos_len);
+ ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val);
+
+ char *truth_aos_h =
+ "40C0000000000000000000000000000000000000DDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAA000000000000000000000000000000000000";
+ char *truth_aos_b = NULL;
+ int truth_aos_len = 0;
+ hex_conversion(truth_aos_h, &truth_aos_b, &truth_aos_len);
+
+ SecurityAssociation_t *sa_ptr = NULL;
+ sa_if->sa_get_from_spi(19, &sa_ptr); // Enable and setup 9
+ uint16_t sh_len = Crypto_Get_Security_Header_Length(sa_ptr);
+ uint16_t offset = 6 + sh_len;
+ for (int i = 0; i < ptr_processed_frame->aos_pdu_len; i++)
+ {
+ // printf("Checking %02x against %02X\n", (uint8_t)aos_frame->aos_pdu[i], (uint8_t)*(truth_aos_b + offset + i));
+ ASSERT_EQ((uint8_t)ptr_processed_frame->aos_pdu[i], (uint8_t) * (truth_aos_b + offset + i));
+ }
+
+ Crypto_aosPrint(ptr_processed_frame);
+
+ Crypto_Shutdown();
+ free(sa_ptr);
+ free(truth_aos_b);
+ free(ptr_processed_frame);
+ free(raw_aos_sdls_ping_b);
+}
+
+UTEST_MAIN();
\ No newline at end of file
diff --git a/test/kmc/ut_b64.c b/test/kmc/ut_b64.c
new file mode 100644
index 00000000..5c696256
--- /dev/null
+++ b/test/kmc/ut_b64.c
@@ -0,0 +1,248 @@
+/* Copyright (C) 2009 - 2022 National Aeronautics and Space Administration.
+ All Foreign Rights are Reserved to the U.S. Government.
+
+ This software is provided "as is" without any warranty of any kind, either expressed, implied, or statutory,
+ including, but not limited to, any warranty that the software will conform to specifications, any implied warranties
+ of merchantability, fitness for a particular purpose, and freedom from infringement, and any warranty that the
+ documentation will conform to the program, or any warranty that the software will be error free.
+
+ In no event shall NASA be liable for any damages, including, but not limited to direct, indirect, special or
+ consequential damages, arising out of, resulting from, or in any way connected with the software or its
+ documentation, whether or not based upon warranty, contract, tort or otherwise, and whether or not loss was sustained
+ from, or arose out of the results of, or use of, the software, documentation or services provided hereunder.
+
+ ITC Team
+ NASA IV&V
+ jstar-development-team@mail.nasa.gov
+*/
+
+/**
+ * Unit Tests that make use of Maria DB
+ **/
+#include "ut_b64.h"
+#include "utest.h"
+
+typedef char char_t;
+typedef unsigned int uint_t;
+
+// Base64 encoding table
+// static const char_t base64EncTable[64] = {
+// 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V',
+// 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r',
+// 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '+', '/'};
+
+// Base64 decoding table
+static const uint8_t base64DecTable[128] = {
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x3E, 0xFF, 0xFF, 0xFF, 0x3F, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C,
+ 0x3D, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A,
+ 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A,
+ 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
+
+#define ERROR_INVALID_PARAMETER 21
+#define ERROR_INVALID_LENGTH 22
+#define ERROR_INVALID_CHARACTER 23
+#define NO_ERROR 0
+
+// local copy of function from base64.c
+int32_t base64Decode(const char_t *input, size_t inputLen, void *output, uint16_t decoded_buffer_size,
+ size_t *outputLen)
+{
+ int32_t error;
+ uint32_t value;
+ uint_t c;
+ size_t i;
+ size_t j;
+ size_t n;
+ size_t padLen;
+ uint8_t *p;
+
+ // Check parameters
+ if (input == NULL && inputLen != 0)
+ return ERROR_INVALID_PARAMETER;
+ if (outputLen == NULL)
+ return ERROR_INVALID_PARAMETER;
+
+ // Initialize status code
+ error = NO_ERROR;
+
+ // Check expected output buffer size is large enough for decoded input
+ uint16_t outputLen_expected = 0;
+ uint8_t padding = 0;
+ if (inputLen >= 1 && input[inputLen - 1] == '=')
+ padding++;
+ if (inputLen >= 2 && input[inputLen - 2] == '=')
+ padding++;
+ outputLen_expected = ((inputLen * 3) / 4) - padding;
+
+ // Special debug prints for UT
+ printf("InputLen: %ld\n \
+ Expected Dec Buf Length: %d\n \
+ Passed In Dec Length: %d\n",
+ inputLen, outputLen_expected, decoded_buffer_size);
+
+ if (decoded_buffer_size < outputLen_expected)
+ return ERROR_INVALID_LENGTH;
+
+ // Point to the buffer where to write the decoded data
+ p = (uint8_t *)output;
+
+ // Initialize variables
+ j = 0;
+ n = 0;
+ value = 0;
+ padLen = 0;
+
+ // Process the Base64-encoded string
+ for (i = 0; i < inputLen && !error; i++)
+ {
+ // Get current character
+ c = (uint_t)input[i];
+
+ // Check the value of the current character
+ if (c == '\r' || c == '\n')
+ {
+ // CR and LF characters should be ignored
+ }
+ else if (c == '=')
+ {
+ // Increment the number of pad characters
+ padLen++;
+ }
+ else if (c < 128 && base64DecTable[c] < 64 && padLen == 0)
+ {
+ // Decode the current character
+ value = (value << 6) | base64DecTable[c];
+
+ // Divide the input stream into blocks of 4 characters
+ if (++j == 4)
+ {
+ // Map each 4-character block to 3 bytes
+ if (p != NULL)
+ {
+ p[n] = (value >> 16) & 0xFF;
+ p[n + 1] = (value >> 8) & 0xFF;
+ p[n + 2] = value & 0xFF;
+ }
+
+ // Adjust the length of the decoded data
+ n += 3;
+
+ // Decode next block
+ j = 0;
+ value = 0;
+ }
+ }
+ else
+ {
+ // Implementations must reject the encoded data if it contains
+ // characters outside the base alphabet (refer to RFC 4648,
+ // section 3.3)
+ error = ERROR_INVALID_CHARACTER;
+ }
+ }
+
+ // Check status code
+ if (!error)
+ {
+ // Check the number of pad characters
+ if (padLen == 0 && j == 0)
+ {
+ // No pad characters in this case
+ }
+ else if (padLen == 1 && j == 3)
+ {
+ // The "=" sequence indicates that the last block contains only 2 bytes
+ if (p != NULL)
+ {
+ // Decode the last two bytes
+ p[n] = (value >> 10) & 0xFF;
+ p[n + 1] = (value >> 2) & 0xFF;
+ }
+
+ // Adjust the length of the decoded data
+ n += 2;
+ }
+ else if (padLen == 2 && j == 2)
+ {
+ // The "==" sequence indicates that the last block contains only 1 byte
+ if (p != NULL)
+ {
+ // Decode the last byte
+ p[n] = (value >> 4) & 0xFF;
+ }
+
+ // Adjust the length of the decoded data
+ n++;
+ // Skip trailing pad characters
+ i++;
+ }
+ else
+ {
+ // The length of the input string must be a multiple of 4
+ error = ERROR_INVALID_LENGTH;
+ }
+ }
+
+ // Total number of bytes that have been written
+ *outputLen = n;
+
+ // Return status code
+ return error;
+}
+
+UTEST(CRYPTO_B64, OVERSIZE_DECODE)
+{
+ int32_t status = CRYPTO_LIB_ERROR;
+
+ // Success Case, This_one_is_just_the_right_size (len = 31)
+ char *ciphertext_base64 = "VGhpc19vbmVfaXNfanVzdF90aGVfcmlnaHRfc2l6ZQ==";
+ uint8_t len_data_out = 15;
+ uint16_t decoded_buffer_size = (len_data_out)*2 + 1; // 31
+ uint8_t *ciphertext_decoded = malloc(decoded_buffer_size);
+ size_t ciphertext_decoded_len = 0;
+ status = base64Decode(ciphertext_base64, strlen(ciphertext_base64), ciphertext_decoded, decoded_buffer_size,
+ &ciphertext_decoded_len);
+ printf("Status: %d\n\n", status);
+ free(ciphertext_decoded);
+ ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
+
+ // Success Case, This_one_allocates_too_much (len = 27)
+ ciphertext_base64 = "VGhpc19vbmVfYWxsb2NhdGVzX3Rvb19tdWNo";
+ len_data_out = 15;
+ decoded_buffer_size = (len_data_out)*2 + 1; // 31
+ ciphertext_decoded = malloc(decoded_buffer_size);
+ ciphertext_decoded_len = 0;
+ status = base64Decode(ciphertext_base64, strlen(ciphertext_base64), ciphertext_decoded, decoded_buffer_size,
+ &ciphertext_decoded_len);
+ printf("Status: %d\n\n", status);
+ free(ciphertext_decoded);
+ ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
+
+ // Failure Case, This_one_is_2_too_short (len = 23)
+ ciphertext_base64 = "VGhpc19vbmVfaXNfMl90b29fc2hvcnQ=";
+ len_data_out = 10;
+ decoded_buffer_size = (len_data_out)*2 + 1;
+ ciphertext_decoded = malloc(decoded_buffer_size);
+ ciphertext_decoded_len = 0;
+ status = base64Decode(ciphertext_base64, strlen(ciphertext_base64), ciphertext_decoded, decoded_buffer_size,
+ &ciphertext_decoded_len);
+ printf("Status: %d\n\n", status);
+ free(ciphertext_decoded);
+ ASSERT_EQ(ERROR_INVALID_LENGTH, status);
+
+ // Failure Case, This_one_is_1_tooo_short (len = 24)
+ ciphertext_base64 = "VGhpc19vbmVfaXNfMV90b29vX3Nob3J0";
+ len_data_out = 11;
+ decoded_buffer_size = (len_data_out)*2 + 1;
+ ciphertext_decoded = malloc(decoded_buffer_size);
+ ciphertext_decoded_len = 0;
+ status = base64Decode(ciphertext_base64, strlen(ciphertext_base64), ciphertext_decoded, decoded_buffer_size,
+ &ciphertext_decoded_len);
+ printf("Status: %d\n\n", status);
+ free(ciphertext_decoded);
+ ASSERT_EQ(ERROR_INVALID_LENGTH, status);
+}
+UTEST_MAIN()
\ No newline at end of file
diff --git a/test/kmc/ut_kmc_crypto.c b/test/kmc/ut_kmc_crypto.c
index c3c44d84..63c973a8 100644
--- a/test/kmc/ut_kmc_crypto.c
+++ b/test/kmc/ut_kmc_crypto.c
@@ -30,6 +30,27 @@
#include
#include
+#define KMC_HOSTNAME "itc.kmc.nasa.gov"
+#define CA_PATH "/home/jstar/Desktop/kmc_certs/ca.pem"
+#define CLIENT_CERTIFICATE "/home/jstar/Desktop/kmc_certs/ammos-client-cert.pem"
+#define CLIENT_CERTIFICATE_KEY "/home/jstar/Desktop/kmc_certs/ammos-client-key.pem"
+
+void reload_db(void)
+{
+ printf("Resetting Database\n");
+ system("mysql --host=localhost -u cryptosvc --skip-ssl-verify-server-cert "
+ "--ssl-ca=/home/jstar/Desktop/kmc_certs/ca.pem "
+ "--ssl-cert=/home/jstar/Desktop/kmc_certs/ammos-server-cert.pem "
+ "--ssl-key=/home/jstar/Desktop/kmc_certs/ammos-server-key.pem < "
+ "src/sa/sadb_mariadb_sql/empty_sadb_tc.sql");
+ printf("first call done\n");
+ system("mysql --host=localhost -u cryptosvc --skip-ssl-verify-server-cert "
+ "--ssl-ca=/home/jstar/Desktop/kmc_certs/ca.pem "
+ "--ssl-cert=/home/jstar/Desktop/kmc_certs/ammos-server-cert.pem "
+ "--ssl-key=/home/jstar/Desktop/kmc_certs/ammos-server-key.pem < "
+ "src/sa/test_sadb_mariadb_sql/create_sadb_ivv_tc_unit_tests.sql");
+}
+
// #ifdef KMC_MDB_RH
// #define CLIENT_CERTIFICATE "/certs/redhat-cert.pem"
// #define CLIENT_CERTIFICATE_KEY "/certs/redhat-key.pem"
@@ -154,188 +175,216 @@
// /**
// * @brief Unit Test: Nominal Encryption with KMC Crypto Service && JPL Unit Test MariaDB
// **/
-// UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_AUTH_ONLY)
-// {
-// // Setup & Initialize CryptoLib
-// Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO,
-// IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR,
-// TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE,
-// TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE);
-// Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt",
-// NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); Crypto_Config_Kmc_Crypto_Service("https",
-// "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE,
-// "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 56, TC_HAS_FECF,
-// TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init();
-
-// char* raw_tc_jpl_mmt_scid44_vcid1= "2003E008000001bf1a";
-// char* raw_tc_jpl_mmt_scid44_vcid1_expect = NULL;
-// int raw_tc_jpl_mmt_scid44_vcid1_expect_len = 0;
-
-// hex_conversion(raw_tc_jpl_mmt_scid44_vcid1, &raw_tc_jpl_mmt_scid44_vcid1_expect,
-// &raw_tc_jpl_mmt_scid44_vcid1_expect_len);
-
-// uint8_t* ptr_enc_frame = NULL;
-// uint16_t enc_frame_len = 0;
-
-// ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
-
-// printf("Frame before encryption:\n");
-// for (int i=0; i %02x ", ptr_enc_frame[i], truth_data_b[i]);
+ ASSERT_EQ(ptr_enc_frame[i], truth_data_b[i]);
+ }
+
+ printf("Frame after encryption:\n");
+ for (int i = 0; i < enc_frame_len; i++)
+ {
+ printf("%02x ", ptr_enc_frame[i]);
+ }
+ printf("\n");
+
+ Crypto_Shutdown();
+ free(raw_tc_jpl_mmt_scid44_vcid1_expect);
+ free(ptr_enc_frame);
+ free(truth_data_b);
+ ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
+}
-// /**
-// * @brief Unit Test: Nominal Encryption with KMC Crypto Service && JPL Unit Test MariaDB
-// **/
-// UTEST(KMC_CRYPTO, HAPPY_PATH_PROCESS_SEC_ENC_AND_AUTH)
-// {
-// // Setup & Initialize CryptoLib
-// Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO,
-// IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR,
-// TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE,
-// TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE);
-// Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt",
-// NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); Crypto_Config_Kmc_Crypto_Service("https",
-// "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE,
-// "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 55, TC_HAS_FECF,
-// TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init();
-
-// char* enc_tc_jpl_mmt_scid44_vcid1=
-// "2003DC250000130000000000000000000000016746C816E9C1D758FB457D8AAE7A5B83842A5A"; char*
-// enc_tc_jpl_mmt_scid44_vcid1_expect = NULL; int enc_tc_jpl_mmt_scid44_vcid1_expect_len = 0;
-
-// // Data=0001
-// // IV=000000000000000000000001
-// // AAD=00000000000000000000000000000000000000
-
-// TC_t* tc_processed_frame;
-// tc_processed_frame = malloc(sizeof(uint8_t) * TC_SIZE);
-
-// hex_conversion(enc_tc_jpl_mmt_scid44_vcid1, &enc_tc_jpl_mmt_scid44_vcid1_expect,
-// &enc_tc_jpl_mmt_scid44_vcid1_expect_len);
-
-// uint8_t* ptr_enc_frame = NULL;
-
-// ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
-
-// printf("Encrypted Frame Before Processing:\n");
-// for (int i=0; itc_pdu_len; i++)
-// {
-// printf("%02x ", tc_processed_frame->tc_pdu[i]);
-// }
-// printf("\n");
-// ASSERT_EQ(0x01,tc_processed_frame->tc_pdu[0]);
-
-// Crypto_Shutdown();
-// free(enc_tc_jpl_mmt_scid44_vcid1_expect);
-// free(ptr_enc_frame);
-// ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
-// }
-// //// Commenting out test - AEAD algorithms must have a tag -- Enc only config is invalid
-// ///**
-// // * @brief Unit Test: Nominal Encryption with KMC Crypto Service && JPL Unit Test MariaDB
-// // **/
-// //UTEST(KMC_CRYPTO, HAPPY_PATH_PROCESS_SEC_ENC_ONLY)
-// //{
-// // // Setup & Initialize CryptoLib
-// // Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO,
-// // IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR,
-// // TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE,
-// // TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE);
-// // Crypto_Config_MariaDB("sa_user", "sa_password", "localhost","sadb", 3306, CRYPTO_FALSE, NULL, NULL, NULL, NULL,
+/**
+ * @brief Unit Test: Nominal Encryption with KMC Crypto Service && JPL Unit Test MariaDB
+ **/
+UTEST(KMC_CRYPTO, HAPPY_PATH_PROCESS_SEC_ENC_AND_AUTH)
+{
+ remove("sa_save_file.bin");
+ reload_db();
+
+ // Setup & Initialize CryptoLib
+ Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO,
+ IV_CRYPTO_MODULE, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR,
+ TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE,
+ TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE);
+ Crypto_Config_MariaDB(KMC_HOSTNAME, "sadb", 3306, CRYPTO_TRUE, CRYPTO_TRUE, CA_PATH, NULL, CLIENT_CERTIFICATE,
+ CLIENT_CERTIFICATE_KEY, "changeit", "cryptosvc", NULL);
+ Crypto_Config_Kmc_Crypto_Service("https", "itc.kmc.nasa.gov", 8443, "crypto-service",
+ "/home/jstar/Desktop/kmc_certs/ca.pem", NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE,
+ "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL);
+
+ GvcidManagedParameters_t TC_UT_Managed_Parameters = {
+ 0, 0x0003, 55, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_NO_SEGMENT_HDRS, 1024, TC_OCF_NA, 1};
+ Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters);
+ int32_t status = Crypto_Init();
+
+ char *enc_tc_jpl_mmt_scid44_vcid1 = "2003DC250000130000000000000000000000016746C816E9C1D758FB457D8AAE7A5B83842A5A";
+ char *enc_tc_jpl_mmt_scid44_vcid1_expect = NULL;
+ int enc_tc_jpl_mmt_scid44_vcid1_expect_len = 0;
+
+ // Data=0001
+ // IV=000000000000000000000001
+ // AAD=00000000000000000000000000000000000000
+
+ TC_t *tc_processed_frame;
+ tc_processed_frame = malloc(sizeof(uint8_t) * TC_SIZE);
+
+ hex_conversion(enc_tc_jpl_mmt_scid44_vcid1, &enc_tc_jpl_mmt_scid44_vcid1_expect,
+ &enc_tc_jpl_mmt_scid44_vcid1_expect_len);
+
+ uint8_t *ptr_enc_frame = NULL;
+
+ ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
+
+ printf("Encrypted Frame Before Processing:\n");
+ for (int i = 0; i < enc_tc_jpl_mmt_scid44_vcid1_expect_len; i++)
+ {
+ printf("%02x ", (uint8_t)enc_tc_jpl_mmt_scid44_vcid1_expect[i]);
+ }
+ printf("\n");
+
+ status = Crypto_TC_ProcessSecurity((uint8_t *)enc_tc_jpl_mmt_scid44_vcid1_expect,
+ &enc_tc_jpl_mmt_scid44_vcid1_expect_len, tc_processed_frame);
+ if (status != CRYPTO_LIB_SUCCESS)
+ {
+ Crypto_Shutdown();
+ }
+ ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
+ printf("Processed PDU:\n");
+ for (int i = 0; i < tc_processed_frame->tc_pdu_len; i++)
+ {
+ printf("%02x ", tc_processed_frame->tc_pdu[i]);
+ }
+ printf("\n");
+ ASSERT_EQ(0x01, tc_processed_frame->tc_pdu[0]);
+
+ Crypto_Shutdown();
+ free(enc_tc_jpl_mmt_scid44_vcid1_expect);
+ free(ptr_enc_frame);
+ free(tc_processed_frame);
+ ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
+}
+
+//// Commenting out test - AEAD algorithms must have a tag -- Enc only config is invalid
+///**
+// * @brief Unit Test: Nominal Encryption with KMC Crypto Service && JPL Unit Test MariaDB
+// **/
+// UTEST(KMC_CRYPTO, HAPPY_PATH_PROCESS_SEC_ENC_ONLY)
+//{
+// // Setup & Initialize CryptoLib
+// Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO,
+// IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR,
+// TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE,
+// TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE);
+// Crypto_Config_MariaDB("sa_user", "sa_password", "localhost","sadb", 3306, CRYPTO_FALSE, NULL, NULL, NULL, NULL,
// 0, NULL);
-// // Crypto_Config_Kmc_Crypto_Service("https", "asec-cmdenc-srv1.jpl.nasa.gov", 8443, "crypto-service",
+// Crypto_Config_Kmc_Crypto_Service("https", "asec-cmdenc-srv1.jpl.nasa.gov", 8443, "crypto-service",
// "/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-cert.pem",
// "PEM","/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/local-test-key.pem",NULL,"/home/isaleh/git/KMC/CryptoLib-IbraheemYSaleh/util/etc/ammos-ca-bundle.crt",
// NULL, NULL, CRYPTO_FALSE);
-// // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA,
+// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 0, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA,
// AOS_IZ_NA, 0);
-// // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA,
+// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 1, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA,
// AOS_IZ_NA, 0);
-// // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 2, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA,
+// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 2, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA,
// AOS_IZ_NA, 0);
-// // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 3, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA,
+// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x002C, 3, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA,
// AOS_IZ_NA, 0);
-// // int32_t status = Crypto_Init();
-// //
-// // char* enc_tc_jpl_mmt_scid44_vcid1= "202C0816000003000000000000000000000001669CD238";
-// // char* enc_tc_jpl_mmt_scid44_vcid1_expect = NULL;
-// // int enc_tc_jpl_mmt_scid44_vcid1_expect_len = 0;
-// //
-// // // IV = 000000000000000000000001
-// //
-// // TC_t* tc_processed_frame;
-// // tc_processed_frame = malloc(sizeof(uint8_t) * TC_SIZE);
-// //
-// // hex_conversion(enc_tc_jpl_mmt_scid44_vcid1, &enc_tc_jpl_mmt_scid44_vcid1_expect,
-// &enc_tc_jpl_mmt_scid44_vcid1_expect_len);
-// //
-// // uint8_t* ptr_enc_frame = NULL;
-// //
-// // ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
-// //
-// // printf("Encrypted Frame Before Processing:\n");
-// // for (int i=0; itc_pdu_len; i++)
-// // for (int i=0; i<2; i++)
-// // {
-// // printf("%02x ", tc_processed_frame->tc_pdu[i]);
-// // }
-// // printf("\n");
-// //
-// // // ASSERT_EQ(0x00,tc_processed_frame->tc_pdu[0]);
-// // // ASSERT_EQ( 0x01,tc_processed_frame->tc_pdu[1]);
-// //
-// // Crypto_Shutdown();
-// // free(enc_tc_jpl_mmt_scid44_vcid1_expect);
-// // free(ptr_enc_frame);
-// // // ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
-// //}
+// int32_t status = Crypto_Init();
+//
+// char* enc_tc_jpl_mmt_scid44_vcid1= "202C0816000003000000000000000000000001669CD238";
+// char* enc_tc_jpl_mmt_scid44_vcid1_expect = NULL;
+// int enc_tc_jpl_mmt_scid44_vcid1_expect_len = 0;
+//
+// // IV = 000000000000000000000001
+//
+// TC_t* tc_processed_frame;
+// tc_processed_frame = malloc(sizeof(uint8_t) * TC_SIZE);
+//
+// hex_conversion(enc_tc_jpl_mmt_scid44_vcid1, &enc_tc_jpl_mmt_scid44_vcid1_expect,
+// &enc_tc_jpl_mmt_scid44_vcid1_expect_len);
+//
+// uint8_t* ptr_enc_frame = NULL;
+//
+// ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
+//
+// printf("Encrypted Frame Before Processing:\n");
+// for (int i=0; itc_pdu_len; i++)
+// for (int i=0; i<2; i++)
+// {
+// printf("%02x ", tc_processed_frame->tc_pdu[i]);
+// }
+// printf("\n");
+//
+// // ASSERT_EQ(0x00,tc_processed_frame->tc_pdu[0]);
+// // ASSERT_EQ( 0x01,tc_processed_frame->tc_pdu[1]);
+//
+// Crypto_Shutdown();
+// free(enc_tc_jpl_mmt_scid44_vcid1_expect);
+// free(ptr_enc_frame);
+// // ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
+//}
// /**
// * @brief Unit Test: Nominal Encryption with KMC Crypto Service && JPL Unit Test MariaDB
// * This doesn't work -- Apply Security Auth Only doesn't return the proper tag.
@@ -404,223 +453,245 @@
// // ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
// }
-// UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_ENC_AND_AUTH_AESGCM_8BYTE_MAC)
+UTEST(KMC_CRYPTO, HAPPY_PATH_APPLY_SEC_ENC_AND_AUTH_AESGCM_8BYTE_MAC)
+{
+ // Setup & Initialize CryptoLib
+ remove("sa_save_file.bin");
+ reload_db();
+ // Setup & Initialize CryptoLib
+ Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO,
+ IV_CRYPTO_MODULE, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR,
+ TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE,
+ TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE);
+ Crypto_Config_MariaDB(KMC_HOSTNAME, "sadb", 3306, CRYPTO_TRUE, CRYPTO_TRUE, CA_PATH, NULL, CLIENT_CERTIFICATE,
+ CLIENT_CERTIFICATE_KEY, "changeit", "cryptosvc", NULL);
+ Crypto_Config_Kmc_Crypto_Service("https", "itc.kmc.nasa.gov", 8443, "crypto-service",
+ "/home/jstar/Desktop/kmc_certs/ca.pem", NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE,
+ "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL);
+ GvcidManagedParameters_t TC_UT_Managed_Parameters = {
+ 0, 0x0003, 57, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_NO_SEGMENT_HDRS, 1024, TC_OCF_NA, 1};
+ Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters);
+ int32_t status = Crypto_Init();
+
+ char *raw_tc_jpl_mmt_scid44_vcid1 = "2003e408000001bd37";
+ char *raw_tc_jpl_mmt_scid44_vcid1_expect = NULL;
+ int raw_tc_jpl_mmt_scid44_vcid1_expect_len = 0;
+
+ hex_conversion(raw_tc_jpl_mmt_scid44_vcid1, &raw_tc_jpl_mmt_scid44_vcid1_expect,
+ &raw_tc_jpl_mmt_scid44_vcid1_expect_len);
+
+ uint8_t *ptr_enc_frame = NULL;
+ uint16_t enc_frame_len = 0;
+
+ ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
+
+ printf("Frame before encryption:\n");
+ for (int i = 0; i < raw_tc_jpl_mmt_scid44_vcid1_expect_len; i++)
+ {
+ printf("%02x ", (uint8_t)raw_tc_jpl_mmt_scid44_vcid1_expect[i]);
+ }
+ printf("\n");
+
+ status = Crypto_TC_ApplySecurity((uint8_t *)raw_tc_jpl_mmt_scid44_vcid1_expect,
+ raw_tc_jpl_mmt_scid44_vcid1_expect_len, &ptr_enc_frame, &enc_frame_len);
+ if (status != CRYPTO_LIB_SUCCESS)
+ {
+ Crypto_Shutdown();
+ }
+ ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
+ printf("Frame after encryption:\n");
+ for (int i = 0; i < enc_frame_len; i++)
+ {
+ printf("%02x ", ptr_enc_frame[i]);
+ }
+ printf("\n");
+
+ Crypto_Shutdown();
+ free(raw_tc_jpl_mmt_scid44_vcid1_expect);
+ free(ptr_enc_frame);
+ ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
+}
+
+UTEST(KMC_CRYPTO, HAPPY_PATH_PROCESS_SEC_ENC_AND_AUTH_AESGCM_8BYTE_MAC)
+{
+ // Setup & Initialize CryptoLib
+ remove("sa_save_file.bin");
+ reload_db();
+ // Setup & Initialize CryptoLib
+ Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO,
+ IV_CRYPTO_MODULE, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR,
+ TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE,
+ TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE);
+ Crypto_Config_MariaDB(KMC_HOSTNAME, "sadb", 3306, CRYPTO_TRUE, CRYPTO_TRUE, CA_PATH, NULL, CLIENT_CERTIFICATE,
+ CLIENT_CERTIFICATE_KEY, "changeit", "cryptosvc", NULL);
+ Crypto_Config_Kmc_Crypto_Service("https", "itc.kmc.nasa.gov", 8443, "crypto-service",
+ "/home/jstar/Desktop/kmc_certs/ca.pem", NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE,
+ "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL);
+ GvcidManagedParameters_t TC_UT_Managed_Parameters = {
+ 0, 0x0003, 57, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_NO_SEGMENT_HDRS, 1024, TC_OCF_NA, 1};
+ Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters);
+ int32_t status = Crypto_Init();
+
+ char *enc_tc_jpl_mmt_scid44_vcid1 = "2003E41E0000150000000000000000000000040001EF029857C5ED7E5B1807";
+ char *enc_tc_jpl_mmt_scid44_vcid1_expect = NULL;
+ int enc_tc_jpl_mmt_scid44_vcid1_expect_len = 0;
+
+ // Data=0001
+ // IV=000000000000000000000001
+ // AAD=00000000000000000000000000000000000000
+
+ TC_t *tc_processed_frame;
+ tc_processed_frame = malloc(sizeof(uint8_t) * TC_SIZE);
+
+ hex_conversion(enc_tc_jpl_mmt_scid44_vcid1, &enc_tc_jpl_mmt_scid44_vcid1_expect,
+ &enc_tc_jpl_mmt_scid44_vcid1_expect_len);
+
+ uint8_t *ptr_enc_frame = NULL;
+
+ ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
+
+ printf("Encrypted Frame Before Processing:\n");
+ for (int i = 0; i < enc_tc_jpl_mmt_scid44_vcid1_expect_len; i++)
+ {
+ printf("%02x ", (uint8_t)enc_tc_jpl_mmt_scid44_vcid1_expect[i]);
+ }
+ printf("\n");
+
+ status = Crypto_TC_ProcessSecurity((uint8_t *)enc_tc_jpl_mmt_scid44_vcid1_expect,
+ &enc_tc_jpl_mmt_scid44_vcid1_expect_len, tc_processed_frame);
+ ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
+
+ printf("Processed PDU:\n");
+ for (int i = 0; i < tc_processed_frame->tc_pdu_len; i++)
+ {
+ printf("%02x ", tc_processed_frame->tc_pdu[i]);
+ }
+ printf("\n");
+
+ // ASSERT_EQ(0x00, tc_processed_frame->tc_pdu[0]);
+ // ASSERT_EQ(0x00, tc_processed_frame->tc_pdu[1]);
+
+ Crypto_Shutdown();
+ free(enc_tc_jpl_mmt_scid44_vcid1_expect);
+ free(ptr_enc_frame);
+ free(tc_processed_frame);
+ ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
+}
+
+// Think this is a bad test, or at least is not erroring how it should. Might want to reevaluate
+// UTEST(KMC_CRYPTO, UNHAPPY_PATH_INVALID_MAC_PROCESS_SEC_ENC_AND_AUTH_AESGCM_8BYTE_MAC)
// {
// // Setup & Initialize CryptoLib
+// remove("sa_save_file.bin");
+// reload_db();
+// // Setup & Initialize CryptoLib
// Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO,
-// IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR,
+// IV_CRYPTO_MODULE, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR,
// TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE,
// TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE);
-// Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE, "/certs/ammos-ca-bundle.crt",
-// NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL); Crypto_Config_Kmc_Crypto_Service("https",
-// "itc-kmc.nasa.gov", 8443, "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE,
-// "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL); Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 57, TC_HAS_FECF,
-// TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); int32_t status = Crypto_Init();
+// Crypto_Config_MariaDB(KMC_HOSTNAME, "sadb", 3306, CRYPTO_TRUE, CRYPTO_TRUE, CA_PATH, NULL, CLIENT_CERTIFICATE,
+// CLIENT_CERTIFICATE_KEY, "changeit", "cryptosvc", NULL);
+// Crypto_Config_Kmc_Crypto_Service("https", "itc.kmc.nasa.gov", 8443, "crypto-service",
+// "/home/jstar/Desktop/kmc_certs/ca.pem", NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE,
+// "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL);
+// GvcidManagedParameters_t TC_UT_Managed_Parameters = {
+// 0, 0x0003, 11, TC_NO_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_NO_SEGMENT_HDRS, 1024, TC_OCF_NA, 1};
+// Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters);
+// int32_t status = Crypto_Init();
+
+// char *enc_tc_jpl_mmt_scid44_vcid1 = "20032C1E000009000000000000000000000001669C5639DCCDEA8C6CE3EEF2";
+// char *enc_tc_jpl_mmt_scid44_vcid1_expect = NULL;
+// int enc_tc_jpl_mmt_scid44_vcid1_expect_len = 0;
-// char* raw_tc_jpl_mmt_scid44_vcid1= "2003e408000001bd37";
-// char* raw_tc_jpl_mmt_scid44_vcid1_expect = NULL;
-// int raw_tc_jpl_mmt_scid44_vcid1_expect_len = 0;
+// // Data=0001
+// // IV=000000000000000000000001
+// // AAD=00000000000000000000000000000000000000
-// hex_conversion(raw_tc_jpl_mmt_scid44_vcid1, &raw_tc_jpl_mmt_scid44_vcid1_expect,
-// &raw_tc_jpl_mmt_scid44_vcid1_expect_len);
+// TC_t *tc_processed_frame;
+// tc_processed_frame = malloc(sizeof(uint8_t) * TC_SIZE);
-// uint8_t* ptr_enc_frame = NULL;
-// uint16_t enc_frame_len = 0;
+// hex_conversion(enc_tc_jpl_mmt_scid44_vcid1, &enc_tc_jpl_mmt_scid44_vcid1_expect,
+// &enc_tc_jpl_mmt_scid44_vcid1_expect_len);
+
+// uint8_t *ptr_enc_frame = NULL;
// ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
-// printf("Frame before encryption:\n");
-// for (int i=0; itc_pdu_len; i++)
-// // {
-// // printf("%02x ", tc_processed_frame->tc_pdu[i]);
-// // }
-// // printf("\n");
-
-// // ASSERT_EQ(0x00,tc_processed_frame->tc_pdu[0]);
-// // ASSERT_EQ( 0x00,tc_processed_frame->tc_pdu[1]);
-
-// // Crypto_Shutdown();
-// // free(enc_tc_jpl_mmt_scid44_vcid1_expect);
-// // free(ptr_enc_frame);
-// // ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
-// // }
-
-// // UTEST(KMC_CRYPTO, UNHAPPY_PATH_INVALID_MAC_PROCESS_SEC_ENC_AND_AUTH_AESGCM_8BYTE_MAC)
-// // {
-// // // Setup & Initialize CryptoLib
-// // Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO,
-// // IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_FALSE, TC_NO_PUS_HDR,
-// // TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE,
-// // TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE);
-// // Crypto_Config_MariaDB("db-itc-kmc.nasa.gov","sadb", 3306,CRYPTO_TRUE,CRYPTO_TRUE,
-// "/certs/ammos-ca-bundle.crt", NULL, CLIENT_CERTIFICATE, CLIENT_CERTIFICATE_KEY, NULL, "root", NULL);
-// // Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443,
-// "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY,
-// NULL, NULL);
-// // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 11, TC_HAS_FECF, TC_NO_SEGMENT_HDRS, 1024, AOS_FHEC_NA,
-// AOS_IZ_NA, 0);
-// // int32_t status = Crypto_Init();
-
-// // char* enc_tc_jpl_mmt_scid44_vcid1= "20032C1E000009000000000000000000000001669C5639DCCDEA8C6CE3EEF2";
-// // char* enc_tc_jpl_mmt_scid44_vcid1_expect = NULL;
-// // int enc_tc_jpl_mmt_scid44_vcid1_expect_len = 0;
-
-// // // Data=0001
-// // // IV=000000000000000000000001
-// // // AAD=00000000000000000000000000000000000000
-
-// // TC_t* tc_processed_frame;
-// // tc_processed_frame = malloc(sizeof(uint8_t) * TC_SIZE);
-
-// // hex_conversion(enc_tc_jpl_mmt_scid44_vcid1, &enc_tc_jpl_mmt_scid44_vcid1_expect,
-// &enc_tc_jpl_mmt_scid44_vcid1_expect_len);
-
-// // uint8_t* ptr_enc_frame = NULL;
-
-// // ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
-
-// // printf("Encrypted Frame Before Processing:\n");
-// // for (int i=0; i= 32 for the \"else\" unit test\n" RESET);
+ ASSERT_EQ(SADB_INVALID_SA_FIELD_VALUE, status);
+ }
+ else
+ {
+ // we expect an InvalidAlgorithmParameterException for macLength of that size.
+ ASSERT_EQ(CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_GENERIC_FAILURE, status);
+ }
+
+ Crypto_Shutdown();
+ free(raw_tc_jpl_mmt_scid44_vcid1_expect);
+ free(ptr_enc_frame);
+}
UTEST_MAIN();
diff --git a/test/kmc/ut_mariadb.c b/test/kmc/ut_mariadb.c
index 830ca65c..715e7f3f 100644
--- a/test/kmc/ut_mariadb.c
+++ b/test/kmc/ut_mariadb.c
@@ -20,13 +20,69 @@
* Unit Tests that make use of Maria DB
**/
#include "ut_mariadb.h"
-#include "crypto_error.h"
-#include "sa_interface.h"
#include "utest.h"
-#include "crypto.h"
-#include "shared_util.h"
-#include
+// local copy of function from mariadb interface
+static int32_t convert_hexstring_to_byte_array(char *source_str, uint8_t *dest_buffer, uint16_t max_len)
+{ // https://stackoverflow.com/questions/3408706/hexadecimal-string-to-byte-array-in-c/56247335#56247335
+ int offset;
+ unsigned int read_byte;
+ uint32_t data_len = 0;
+
+ if (dest_buffer == NULL || source_str == NULL)
+ {
+ return CRYPTO_LIB_ERROR;
+ }
+
+ uint32_t source_len = (strlen(source_str) / 2);
+ if (source_len > max_len)
+ {
+ return CRYPTO_LIB_ERROR;
+ }
+
+ while (sscanf(source_str, " %02x%n", &read_byte, &offset) == 1)
+ {
+ dest_buffer[data_len++] = read_byte;
+ source_str += offset;
+ }
+
+ return CRYPTO_LIB_SUCCESS;
+}
+
+UTEST(CRYPTO_MDB, HEXSTRING_TO_BYTE_ARRAY)
+{
+ int32_t status = CRYPTO_LIB_SUCCESS;
+ uint16_t max_len = IV_SIZE;
+ uint8_t *dest_buffer = malloc(IV_SIZE);
+ uint8_t *dest_buffer_null = NULL;
+
+ // Failure Case, wrong source length
+ char *source_str =
+ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
+ status = convert_hexstring_to_byte_array(source_str, dest_buffer, max_len);
+ printf("Status: %d\n", status);
+ ASSERT_EQ(status, CRYPTO_LIB_ERROR);
+
+ // Failure Case, null dest_buffer
+ source_str = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
+ status = convert_hexstring_to_byte_array(source_str, dest_buffer_null, max_len);
+ printf("Status: %d\n", status);
+ ASSERT_EQ(status, CRYPTO_LIB_ERROR);
+
+ // Failure Case, null source_str
+ source_str = NULL;
+ status = convert_hexstring_to_byte_array(source_str, dest_buffer, max_len);
+ printf("Status: %d\n", status);
+ ASSERT_EQ(status, CRYPTO_LIB_ERROR);
+
+ // Success case, correct length source string and max
+ source_str = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
+ status = convert_hexstring_to_byte_array(source_str, dest_buffer, max_len);
+ printf("Status: %d\n", status);
+ ASSERT_EQ(status, CRYPTO_LIB_SUCCESS);
+
+ free(dest_buffer);
+}
// #ifdef KMC_MDB_RH
// #define CLIENT_CERTIFICATE "/certs/redhat-cert.pem"
diff --git a/test/kmc/ut_tc_kmc.c b/test/kmc/ut_tc_kmc.c
index 7b2a2485..03d83ecf 100644
--- a/test/kmc/ut_tc_kmc.c
+++ b/test/kmc/ut_tc_kmc.c
@@ -31,9 +31,9 @@
#include
#define KMC_HOSTNAME "itc.kmc.nasa.gov"
-#define CA_PATH "/home/itc/Desktop/kmc_oci-3.5.0/files/tls/ammos-ca-bundle.crt"
-#define CLIENT_CERTIFICATE "/home/itc/Desktop/kmc_oci-3.5.0/files/tls/ammos-server-cert.pem"
-#define CLIENT_CERTIFICATE_KEY "/home/itc/Desktop/kmc_oci-3.5.0/files/tls/ammos-server-key.pem"
+#define CA_PATH "/home/jstar/Desktop/kmc_certs/ca.pem"
+#define CLIENT_CERTIFICATE "/home/jstar/Desktop/kmc_certs/ammos-client-cert.pem"
+#define CLIENT_CERTIFICATE_KEY "/home/jstar/Desktop/kmc_certs/ammos-client-key.pem"
/**
* @brief Error Function for MDB_DB_RESET
@@ -50,17 +50,17 @@ void finish_with_error(MYSQL *con)
void reload_db(void)
{
printf("Resetting Database\n");
- system("mysql --host=itc.kmc.nasa.gov -u cryptosvc "
- "--ssl-ca=/home/itc/Desktop/kmc_oci-3.5.0/files/tls/ammos-ca-bundle.crt --ssl-verify-server-cert "
- "--ssl-cert=/home/itc/Desktop/kmc_oci-3.5.0/files/tls/ammos-server-cert.pem "
- "--ssl-key=/home/itc/Desktop/kmc_oci-3.5.0/files/tls/ammos-server-key.pem < "
- "src/sa/sadb_mariadb_sql/empty_sadb.sql");
+ system("mysql --host=localhost -u cryptosvc --skip-ssl-verify-server-cert "
+ "--ssl-ca=/home/jstar/Desktop/kmc_certs/ca.pem "
+ "--ssl-cert=/home/jstar/Desktop/kmc_certs/ammos-server-cert.pem "
+ "--ssl-key=/home/jstar/Desktop/kmc_certs/ammos-server-key.pem < "
+ "src/sa/sadb_mariadb_sql/empty_sadb_tc.sql");
printf("first call done\n");
- system("mysql --host=itc.kmc.nasa.gov -u cryptosvc "
- "--ssl-ca=/home/itc/Desktop/kmc_oci-3.5.0/files/tls/ammos-ca-bundle.crt --ssl-verify-server-cert "
- "--ssl-cert=/home/itc/Desktop/kmc_oci-3.5.0/files/tls/ammos-server-cert.pem "
- "--ssl-key=/home/itc/Desktop/kmc_oci-3.5.0/files/tls/ammos-server-key.pem < "
- "src/sa/test_sadb_mariadb_sql/create_sadb_ivv_unit_tests.sql");
+ system("mysql --host=localhost -u cryptosvc --skip-ssl-verify-server-cert "
+ "--ssl-ca=/home/jstar/Desktop/kmc_certs/ca.pem "
+ "--ssl-cert=/home/jstar/Desktop/kmc_certs/ammos-server-cert.pem "
+ "--ssl-key=/home/jstar/Desktop/kmc_certs/ammos-server-key.pem < "
+ "src/sa/test_sadb_mariadb_sql/create_sadb_ivv_tc_unit_tests.sql");
}
/**
@@ -152,6 +152,7 @@ void MDB_DB_RESET()
**/
UTEST(TC_APPLY_SECURITY, HAPPY_PATH_ENC_CBC_KMC)
{
+ remove("sa_save_file.bin");
reload_db();
// Setup & Initialize CryptoLib
Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO,
@@ -159,54 +160,31 @@ UTEST(TC_APPLY_SECURITY, HAPPY_PATH_ENC_CBC_KMC)
TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE,
TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE);
Crypto_Config_MariaDB(KMC_HOSTNAME, "sadb", 3306, CRYPTO_TRUE, CRYPTO_TRUE, CA_PATH, NULL, CLIENT_CERTIFICATE,
- CLIENT_CERTIFICATE_KEY, NULL, "root", "changeit");
- Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443, "crypto-service", "/certs/ammos-ca-bundle.crt",
- NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL);
- GvcidManagedParameters_t TC_UT_Managed_Parameters0 = {
- 0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, AOS_NO_OCF, 1};
- Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters0);
- GvcidManagedParameters_t TC_UT_Managed_Parameters1 = {
- 0, 0x0003, 1, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, AOS_NO_OCF, 1};
- Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters1);
- GvcidManagedParameters_t TC_UT_Managed_Parameters2 = {
- 0, 0x0003, 2, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, AOS_NO_OCF, 1};
- Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters2);
- GvcidManagedParameters_t TC_UT_Managed_Parameters3 = {
- 0, 0x0003, 3, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, AOS_NO_OCF, 1};
- Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters3);
- // Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA,
- // AOS_IZ_NA, 0); Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024,
- // AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 2, TC_HAS_FECF,
- // TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3,
- // TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0);
- int32_t return_val = Crypto_Init();
- ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val);
+ CLIENT_CERTIFICATE_KEY, "changeit", "cryptosvc", NULL);
+ Crypto_Config_Kmc_Crypto_Service("https", "itc.kmc.nasa.gov", 8443, "crypto-service",
+ "/home/jstar/Desktop/kmc_certs/ca.pem", NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE,
+ "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL);
+ GvcidManagedParameters_t TC_UT_Managed_Parameters = {
+ 0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, TC_OCF_NA, 1};
+ Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters);
+ Crypto_Init();
+ // Setup & Initialize CryptoLib
char *raw_tc_sdls_ping_h = "20030015000080d2c70008197f0b00310000b1fe3128";
char *raw_tc_sdls_ping_b = NULL;
int raw_tc_sdls_ping_len = 0;
- // SaInterface sa_if = get_sa_interface_inmemory();
hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len);
uint8_t *ptr_enc_frame = NULL;
uint16_t enc_frame_len = 0;
+ int32_t return_val = CRYPTO_LIB_ERROR;
- // SecurityAssociation_t* test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t));
- // Expose the SADB Security Association for test edits.
- // sa_if->sa_get_from_spi(1, &test_association);
- // test_association->sa_state = SA_NONE;
- // sa_if->sa_get_from_spi(11, &test_association);
- // test_association->arsn_len = 0;
- // test_association->shsnf_len = 0;
- // test_association->ast = 0;
- // test_association->stmacf_len = 0;
- // test_association->sa_state = SA_OPERATIONAL;
- // sa_if->sa_get_from_spi(11, &test_association);
return_val =
Crypto_TC_ApplySecurity((uint8_t *)raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len);
- char *truth_data_h = "2003002A0000000B00000000000000000000000000000000025364F9BC3344AF359DA06CA886746F59A0AB";
+ char *truth_data_h =
+ "2003003300000002000000000000000000000000E64F9B208554A8CE1CB9BF0C6D100000000000000000000000000000000084C2";
uint8_t *truth_data_b = NULL;
int truth_data_l = 0;
@@ -217,74 +195,84 @@ UTEST(TC_APPLY_SECURITY, HAPPY_PATH_ENC_CBC_KMC)
// printf("%02x -> %02x ", ptr_enc_frame[i], truth_data_b[i]);
ASSERT_EQ(ptr_enc_frame[i], truth_data_b[i]);
}
- // printf("\n");
-
Crypto_Shutdown();
+ free(truth_data_b);
free(raw_tc_sdls_ping_b);
free(ptr_enc_frame);
ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val);
}
-// /**
-// * @brief Unit Test: Encryption CBC KMC 1 Byte of padding
-// **/
-// UTEST(TC_APPLY_SECURITY, ENC_CBC_KMC_1BP)
-// {
-// // Setup & Initialize CryptoLib
-// Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_KMCCRYPTO,
-// IV_INTERNAL, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR,
-// TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE,
-// TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE);
-// Crypto_Config_Kmc_Crypto_Service("https", "itc-kmc.nasa.gov", 8443,
-// "crypto-service","/certs/ammos-ca-bundle.crt",NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM",
-// CLIENT_CERTIFICATE_KEY, NULL, NULL); Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 0, TC_HAS_FECF,
-// TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 1,
-// TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0); Crypto_Config_Add_Gvcid_Managed_Parameter(0,
-// 0x0003, 2, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA, AOS_IZ_NA, 0);
-// Crypto_Config_Add_Gvcid_Managed_Parameter(0, 0x0003, 3, TC_HAS_FECF, TC_HAS_SEGMENT_HDRS, 1024, AOS_FHEC_NA,
-// AOS_IZ_NA, 0); int32_t return_val = Crypto_Init(); ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val);
+/**
+ * @brief Unit Test: Encryption CBC KMC 1 Byte of padding
+ **/
+UTEST(TC_APPLY_SECURITY, ENC_CBC_KMC_1BP)
+{
+ remove("sa_save_file.bin");
+ reload_db();
+ // Setup & Initialize CryptoLib
+ Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO,
+ IV_CRYPTO_MODULE, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR,
+ TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE,
+ TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE);
+ Crypto_Config_MariaDB(KMC_HOSTNAME, "sadb", 3306, CRYPTO_TRUE, CRYPTO_TRUE, CA_PATH, NULL, CLIENT_CERTIFICATE,
+ CLIENT_CERTIFICATE_KEY, "changeit", "cryptosvc", NULL);
+ Crypto_Config_Kmc_Crypto_Service("https", "itc.kmc.nasa.gov", 8443, "crypto-service",
+ "/home/jstar/Desktop/kmc_certs/ca.pem", NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE,
+ "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL);
+ GvcidManagedParameters_t TC_UT_Managed_Parameters = {
+ 0, 0x0003, 0, TC_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TC_HAS_SEGMENT_HDRS, 1024, TC_OCF_NA, 1};
+ Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters);
+ TC_UT_Managed_Parameters.vcid = 1;
+ Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters);
+ TC_UT_Managed_Parameters.vcid = 2;
+ Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters);
+ TC_UT_Managed_Parameters.vcid = 3;
+ Crypto_Config_Add_Gvcid_Managed_Parameters(TC_UT_Managed_Parameters);
-// char* raw_tc_sdls_ping_h = "20030016000080d2c70008197f0b0031000000b1fe3128";
-// char* raw_tc_sdls_ping_b = NULL;
-// int raw_tc_sdls_ping_len = 0;
-// SaInterface sa_if = get_sa_interface_inmemory();
+ int32_t return_val = Crypto_Init();
+ ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val);
-// hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len);
+ char *raw_tc_sdls_ping_h = "20030016000080d2c70008197f0b0031000000b1fe3128";
+ char *raw_tc_sdls_ping_b = NULL;
+ int raw_tc_sdls_ping_len = 0;
-// uint8_t* ptr_enc_frame = NULL;
-// uint16_t enc_frame_len = 0;
+ hex_conversion(raw_tc_sdls_ping_h, &raw_tc_sdls_ping_b, &raw_tc_sdls_ping_len);
-// SecurityAssociation_t* test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t));
-// // Expose the SADB Security Association for test edits.
-// sa_if->sa_get_from_spi(1, &test_association);
-// test_association->sa_state = SA_NONE;
-// sa_if->sa_get_from_spi(11, &test_association);
-// printf("SPI: %d\n", test_association->spi);
-// test_association->sa_state = SA_OPERATIONAL;
-// test_association->ast = 0;
-// test_association->arsn_len = 0;
-// sa_if->sa_get_from_spi(11, &test_association);
-// return_val =
-// Crypto_TC_ApplySecurity((uint8_t* )raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len);
+ uint8_t *ptr_enc_frame = NULL;
+ uint16_t enc_frame_len = 0;
-// char* truth_data_h = "2003002A0000000B00000000000000000000000000000000011C1741A95DE7EF6FCF2B20B6F09E9FD29988";
-// uint8_t* truth_data_b = NULL;
-// int truth_data_l = 0;
+ // SecurityAssociation_t *test_association = malloc(sizeof(SecurityAssociation_t) * sizeof(uint8_t));
+ // // Expose the SADB Security Association for test edits.
+ // sa_if->sa_get_from_spi(1, &test_association);
+ // test_association->sa_state = SA_NONE;
+ // sa_if->sa_get_from_spi(11, &test_association);
+ // printf("SPI: %d\n", test_association->spi);
+ // test_association->sa_state = SA_OPERATIONAL;
+ // test_association->ast = 0;
+ // test_association->arsn_len = 0;
+ return_val =
+ Crypto_TC_ApplySecurity((uint8_t *)raw_tc_sdls_ping_b, raw_tc_sdls_ping_len, &ptr_enc_frame, &enc_frame_len);
-// hex_conversion(truth_data_h, (char **)&truth_data_b, &truth_data_l);
-// //printf("Encrypted Frame:\n");
-// for(int i = 0; i < enc_frame_len; i++)
-// {
-// //printf("%02x -> %02x ", ptr_enc_frame[i], truth_data_b[i]);
-// ASSERT_EQ(ptr_enc_frame[i], truth_data_b[i]);
-// }
-// //printf("\n");
+ char *truth_data_h =
+ "2003003400000002000000000000000000000000E64F9B208554A8CE1CB9BF0CDC5F7C00000000000000000000000000000000DF62";
+ uint8_t *truth_data_b = NULL;
+ int truth_data_l = 0;
-// Crypto_Shutdown();
-// free(raw_tc_sdls_ping_b);
-// free(ptr_enc_frame);
-// ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val);
-// }
+ hex_conversion(truth_data_h, (char **)&truth_data_b, &truth_data_l);
+ // printf("Encrypted Frame:\n");
+ for (int i = 0; i < enc_frame_len; i++)
+ {
+ // printf("%02x -> %02x ", ptr_enc_frame[i], truth_data_b[i]);
+ ASSERT_EQ(ptr_enc_frame[i], truth_data_b[i]);
+ }
+ // printf("\n");
+
+ Crypto_Shutdown();
+ free(truth_data_b);
+ free(raw_tc_sdls_ping_b);
+ free(ptr_enc_frame);
+ ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val);
+}
// /**
// * @brief Unit Test: Encryption CBC KMC 16 Bytes of padding
diff --git a/test/kmc/ut_tm_kmc.c b/test/kmc/ut_tm_kmc.c
new file mode 100644
index 00000000..e62114b0
--- /dev/null
+++ b/test/kmc/ut_tm_kmc.c
@@ -0,0 +1,378 @@
+/* Copyright (C) 2009 - 2022 National Aeronautics and Space Administration.
+ All Foreign Rights are Reserved to the U.S. Government.
+
+ This software is provided "as is" without any warranty of any kind, either expressed, implied, or statutory,
+ including, but not limited to, any warranty that the software will conform to specifications, any implied warranties
+ of merchantability, fitness for a particular purpose, and freedom from infringement, and any warranty that the
+ documentation will conform to the program, or any warranty that the software will be error free.
+
+ In no event shall NASA be liable for any damages, including, but not limited to direct, indirect, special or
+ consequential damages, arising out of, resulting from, or in any way connected with the software or its
+ documentation, whether or not based upon warranty, contract, tort or otherwise, and whether or not loss was sustained
+ from, or arose out of the results of, or use of, the software, documentation or services provided hereunder.
+
+ ITC Team
+ NASA IV&V
+ jstar-development-team@mail.nasa.gov
+*/
+
+/**
+ * Unit Tests that make use of TM Functionality with KMC Service.
+ **/
+
+#include "ut_tm_apply.h"
+#include "ut_tm_process.h"
+#include "crypto.h"
+#include "crypto_error.h"
+#include "sa_interface.h"
+#include "utest.h"
+
+#include
+#include
+
+#define KMC_HOSTNAME "itc.kmc.nasa.gov"
+#define CA_PATH "/home/jstar/Desktop/kmc_certs/ca.pem"
+#define CLIENT_CERTIFICATE "/home/jstar/Desktop/kmc_certs/ammos-client-cert.pem"
+#define CLIENT_CERTIFICATE_KEY "/home/jstar/Desktop/kmc_certs/ammos-client-key.pem"
+
+void reload_db(void)
+{
+ printf("Resetting Database\n");
+ system("mysql --host=localhost -u cryptosvc --skip-ssl-verify-server-cert "
+ "--ssl-ca=/home/jstar/Desktop/kmc_certs/ca.pem "
+ "--ssl-cert=/home/jstar/Desktop/kmc_certs/ammos-server-cert.pem "
+ "--ssl-key=/home/jstar/Desktop/kmc_certs/ammos-server-key.pem < "
+ "src/sa/sadb_mariadb_sql/empty_sadb_tm.sql");
+ printf("first call done\n");
+ system("mysql --host=localhost -u cryptosvc --skip-ssl-verify-server-cert "
+ "--ssl-ca=/home/jstar/Desktop/kmc_certs/ca.pem "
+ "--ssl-cert=/home/jstar/Desktop/kmc_certs/ammos-server-cert.pem "
+ "--ssl-key=/home/jstar/Desktop/kmc_certs/ammos-server-key.pem < "
+ "src/sa/test_sadb_mariadb_sql/create_sadb_ivv_tm_unit_tests.sql");
+}
+
+/**
+ * @brief MariaDB: Table Cleanup for Unit Tests
+ * Be sure to use only after initialization
+ * TODO: Move to shared function for all Unit Tests
+ */
+void MDB_DB_RESET()
+{
+ MYSQL *con = mysql_init(NULL);
+ if (sa_mariadb_config->mysql_mtls_key != NULL)
+ {
+ mysql_optionsv(con, MYSQL_OPT_SSL_KEY, sa_mariadb_config->mysql_mtls_key);
+ }
+ if (sa_mariadb_config->mysql_mtls_cert != NULL)
+ {
+ mysql_optionsv(con, MYSQL_OPT_SSL_CERT, sa_mariadb_config->mysql_mtls_cert);
+ }
+ if (sa_mariadb_config->mysql_mtls_ca != NULL)
+ {
+ mysql_optionsv(con, MYSQL_OPT_SSL_CA, sa_mariadb_config->mysql_mtls_ca);
+ }
+ if (sa_mariadb_config->mysql_mtls_capath != NULL)
+ {
+ mysql_optionsv(con, MYSQL_OPT_SSL_CAPATH, sa_mariadb_config->mysql_mtls_capath);
+ }
+ if (sa_mariadb_config->mysql_tls_verify_server != CRYPTO_FALSE)
+ {
+ mysql_optionsv(con, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, &(sa_mariadb_config->mysql_tls_verify_server));
+ }
+ if (sa_mariadb_config->mysql_mtls_client_key_password != NULL)
+ {
+ mysql_optionsv(con, MARIADB_OPT_TLS_PASSPHRASE, sa_mariadb_config->mysql_mtls_client_key_password);
+ }
+ if (sa_mariadb_config->mysql_require_secure_transport == CRYPTO_TRUE)
+ {
+ mysql_optionsv(con, MYSQL_OPT_SSL_ENFORCE, &(sa_mariadb_config->mysql_require_secure_transport));
+ }
+ // if encrypted connection (TLS) connection. No need for SSL Key
+ if (mysql_real_connect(con, sa_mariadb_config->mysql_hostname, sa_mariadb_config->mysql_username,
+ sa_mariadb_config->mysql_password, sa_mariadb_config->mysql_database,
+ sa_mariadb_config->mysql_port, NULL, 0) == NULL)
+ {
+ // 0,NULL,0 are port number, unix socket, client flag
+ // finish_with_error(con);
+ }
+
+ printf("Truncating Tables\n");
+ char *query = "TRUNCATE TABLE security_associations_tm\n";
+ if (mysql_real_query(con, query, strlen(query)))
+ { // query should be NUL terminated!
+ printf("Failed to Truncate Table\n");
+ // finish_with_error(con);
+ }
+ query =
+ "INSERT INTO security_associations_tm "
+ "(spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid,"
+ "ecs_len, shplf_len) VALUES "
+ "(11,'kmc/test/"
+ "key130',3,X'02',1,0,16,16,0,X'00000000000000000000000000000001',1024,X'"
+ "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+ "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+ "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+ "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+ "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+ "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+ "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+ "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+ "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+ "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+ "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+ "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+ "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+ "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+ "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+ "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+ "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+ "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+ "00000000000000000000000000000000000000000000000000000000000000000000',5,0,0,3,0,0,1,1)";
+ if (mysql_real_query(con, query, strlen(query)))
+ { // query should be NUL terminated!
+ printf("Failed to re-create security_association_tm table for SPI 11\n");
+ // finish_with_error(con);
+ }
+}
+
+/**
+ * @brief Unit Test: Nominal Encryption CBC KMC
+ **/
+UTEST(TM_APPLY_KMC, HAPPY_PATH_ENC_TM_GCM_KMC)
+{
+ remove("sa_save_file.bin");
+ reload_db();
+ // Setup & Initialize CryptoLib
+ Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO,
+ IV_CRYPTO_MODULE, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR,
+ TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE,
+ TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE);
+ Crypto_Config_MariaDB(KMC_HOSTNAME, "sadb", 3306, CRYPTO_TRUE, CRYPTO_TRUE, CA_PATH, NULL, CLIENT_CERTIFICATE,
+ CLIENT_CERTIFICATE_KEY, "changeit", "cryptosvc", NULL);
+ Crypto_Config_Kmc_Crypto_Service("https", "itc.kmc.nasa.gov", 8443, "crypto-service",
+ "/home/jstar/Desktop/kmc_certs/ca.pem", NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE,
+ "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL);
+ GvcidManagedParameters_t TM_UT_Managed_Parameters = {
+ 0, 0x0003, 1, TM_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TM_SEGMENT_HDRS_NA, 1786, TM_NO_OCF, 1};
+ Crypto_Config_Add_Gvcid_Managed_Parameters(TM_UT_Managed_Parameters);
+
+ int32_t return_val = Crypto_Init();
+ ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val);
+
+ char *raw_tm_sdls_ping_h =
+ "003200001800000008010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABB00000000000000000000000000000000415B";
+ char *raw_tm_sdls_ping_b = NULL;
+ int raw_tm_sdls_ping_len = 0;
+ // SaInterface sa_if = get_sa_interface_inmemory();
+
+ hex_conversion(raw_tm_sdls_ping_h, &raw_tm_sdls_ping_b, &raw_tm_sdls_ping_len);
+
+ return_val = Crypto_TM_ApplySecurity((uint8_t *)raw_tm_sdls_ping_b, raw_tm_sdls_ping_len);
+ ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val);
+
+ char *truth_tm_h =
+ "003200001800000300000000000000000000000100EAD4B927F61B18F2771E0B23EE8217F27CC1A30B55347164A4502599E66ED481B8D4"
+ "30CA8B102CD1547E4EF8E88C000A0D20ABADCA6F1EA3933AFB043EBB62E4C2E17FAF7C09DD0A94C4CDE0E382F66B295807F39B6D931761"
+ "9D2649C96DB7ACC6EFBF3334BDCCEB0A969D2E920BC5FDA9137BDD41F49A0276544B0F4968997A505AE22A1AA4E9FF55641F04140B3445"
+ "B7A063AFBB83E12A81CDFA46074DD0DB9FC86B6F67879E744458A39191AE34FC5F8B7266077D026DEFA995B9C8A8514D95992E6991C71E"
+ "FEECA6DB5F8E9EA5E6C66204B7F9F2E2237640E9944258FCF9686B46A6E16DC9A0420428A14B6EEFE5619975956D2FAFCEB747C7352850"
+ "E17A30023842AB33A4F9E2FD6168E187C3B730C38EE1734056C23B6D1E755EB446B61476468E01C570D5089B271C1AA3270F0488422B5A"
+ "78E9BCD9EB75065F0183A887AD10A96542FF45F870C05AF113EF6C35AF298E983C5D7876A801C741D27EB742ABE305F82DACC902E9169C"
+ "425212AB9ED684DAA3383B661E8848E71CD1FC050264AAFA97FC188DD0FADCF7599A800419A6302D8BA0257F5A81C5A8BB9FBF13FD9A9B"
+ "A45846218DF0377EC91816F4A07550DF1B8A3B5057B3994426799466C7D8EFDEC8F8E495FD971B367795776ABF344BAD1DA919EC794FB8"
+ "4CD97AEDFD8FD1FB243B206CDE9BB468A1657D9A4248E7F0AA5990ABD085B7C8A2990816730D9FD74EE0BA70A7CDCB2AD8A16074EBF09B"
+ "AB1F958DD18A8D9AABA4872D9FA944362CD70A5596D94D0AA99852BFEEEE19921943FF165A7CDE60057C39A5BA200B152772F8FD493553"
+ "7442AF492BE09F3D063B00958F61B5905E9BAEEF940E0607A07577100382070CC55EEC0E3408AB93E9A30689115FEC0E3357732DE89D83"
+ "232C313B6F0EE2B6FE315B638DA0FBE7E3F07EDD09ED1937C71C002B06C0ADE996570B1F68A4C1B8B2891DDC6162567C520435FF4F4EFB"
+ "1A2B9E126E4F84302FD2C2EAA15DB58B24C88ACC33BD50041742AC9A64E9D2DD171A1CD18AD173CCE9F2DD2D8CE02AB55B87D42FB227B0"
+ "8029446B32D85F419928DBB67549727A79BA4CEFC6C379D0DF238AE521C5217048FDB124A168836B4486E0F91ECDF76E4A32491D94C786"
+ "0C8CE03C0B41447D6E703421A5B4D3D3578F1BC1EBEE99C49D577D2DC710DCDE1BE74C1308F0D85C6570A0C28DE14C0A1E3D0FD85D894F"
+ "5CC0A0D0BC824426A7EF42EB8490D318FCB75251E63E4629C1966FDF5EE3920A7CFF380DBD89DC294AFF16361F55B0DA4724DB27718576"
+ "70382A0AD329D02761C3523AD2B1336B5DE85848F7D70A280F65AA05A36A1C676AC9BF9BBA71ECC7C3482B4F2A92409392A4CE5401B56C"
+ "9A007338FE518E55A9B8BBE4543EA4C6B1D9CADA9783B568B8AB0D9218F95F9898693C979BF0995041F0C754EF142D6521830405F5F672"
+ "49BC5DD6F187D9AC281599CB3C6BEAA4519388E983B0DEF619C809EFC2C6C7ADA36FE06B0F12A41B2FF67C416A08D1BEF6069C5544B3C6"
+ "6B696BDE1A64CFF59646713C7C7CFC1335E64A1A75C8290A28527AA8C087E20256A44F257B7D1B224D94DF5F189E16B7DD2CCBD458260C"
+ "CA0556CA1B13F28E87B96AE6BCF0701B40BAF68B95285CFCBBB65A70BD02F4B846168EB3950AC772DCA4DB620427125944BFAF3651359E"
+ "6CF97572EDB9ADD77EDF2E29DF00304ED7981965F549355BA8780909398FE6CE14B1A1D3304AB27745592F6EE62A7721900CC7326505C5"
+ "D6EF9972DDDCA4472EE27E425002A283ADDAF57477ADE01329D9036ADE65298765665887342FB7653353F0C73418BD0FFBA466C6058835"
+ "E4751AEE5FA275FFE5D3775C89935F1E1FC1C80D0174F8EFA87071834ADFA0EA59F7F9749AF9123E10ED01B72C8C68D6E4F58BEFE7D52B"
+ "7C774C84E8C6F57BBDCA9EA2E7197FABE47A2058D3750A5BEADCB883D9288A804FF3C32E9CBC26132A5F51D16E2250EE2186E34C329D78"
+ "3D4E907F039A833B18358CDB0EF1AB5A0F66B5FDDCD42603B4DF499C799C02261072B834976DA5F0C50ECFC5DF355C943FC0C2E06C59B1"
+ "5830862E5C9E25091BE659A7D383090EEBD22C3FFFB6AD80F882FB38F4E3689821D9A058E4569D14E48E6BDB9F973AA26A4B1B683CDF0A"
+ "E5F67CA93CD0519622DC9E17884657637629E2F0507683BD9E9B80423A6E8220000CE924E2B71AA3025118C7AFD578A1DB0BC7243D6F7F"
+ "B839223FDB02DE3973B9D954625A11A321D9FFFB01EC1EF3AD73F6215FDC51F45A9C39D69F5D55EAE424B3E48EDE3C5A5B441EA4BF6BF5"
+ "78A3AB8CCD19D650742B514C4ABEC1D766D9C1A52895D93E6A905DBB1898409D60CA9CC82F03D0E2FEEB542D12B00F3E229CCDC41C5D6D"
+ "CDED6A23B6CDEFBFB0C77904BB0F80C0EF2C73BBFDE8AE8E4DD6D13369F1D4CD1CC233ADE81EE90FD0B4AEAAF3DE619DBFAF431DA98731"
+ "B1BC956B514759F75CCF0497561450560E01656399DDC34B0000";
+ char *truth_tm_b = NULL;
+ int truth_tm_len = 0;
+ hex_conversion(truth_tm_h, &truth_tm_b, &truth_tm_len);
+
+ for (int i = 0; i < tm_current_managed_parameters_struct.max_frame_size; i++)
+ {
+ // printf("Checking %02x against %02X\n", (uint8_t)raw_tm_sdls_ping_b[i], (uint8_t) * (truth_tm_b + i));
+ ASSERT_EQ((uint8_t)raw_tm_sdls_ping_b[i], (uint8_t) * (truth_tm_b + i));
+ }
+
+ Crypto_Shutdown();
+ free(truth_tm_b);
+ free(raw_tm_sdls_ping_b);
+}
+
+/**
+ * @brief Unit Test: Nominal Encryption CBC KMC
+ **/
+UTEST(TM_PROCESS_KMC, HAPPY_PATH_DEC_TM_GCM_KMC)
+{
+ remove("sa_save_file.bin");
+ reload_db();
+ // Setup & Initialize CryptoLib
+ Crypto_Config_CryptoLib(KEY_TYPE_KMC, MC_TYPE_DISABLED, SA_TYPE_MARIADB, CRYPTOGRAPHY_TYPE_KMCCRYPTO,
+ IV_CRYPTO_MODULE, CRYPTO_TC_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR,
+ TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_TRUE, TC_UNIQUE_SA_PER_MAP_ID_FALSE,
+ TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE);
+ Crypto_Config_MariaDB(KMC_HOSTNAME, "sadb", 3306, CRYPTO_TRUE, CRYPTO_TRUE, CA_PATH, NULL, CLIENT_CERTIFICATE,
+ CLIENT_CERTIFICATE_KEY, "changeit", "cryptosvc", NULL);
+ Crypto_Config_Kmc_Crypto_Service("https", "itc.kmc.nasa.gov", 8443, "crypto-service",
+ "/home/jstar/Desktop/kmc_certs/ca.pem", NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE,
+ "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL);
+ GvcidManagedParameters_t TM_UT_Managed_Parameters = {
+ 0, 0x0003, 1, TM_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TM_SEGMENT_HDRS_NA, 1786, TM_NO_OCF, 1};
+ Crypto_Config_Add_Gvcid_Managed_Parameters(TM_UT_Managed_Parameters);
+
+ int32_t return_val = Crypto_Init();
+ ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val);
+
+ char *raw_tm_sdls_ping_h =
+ "003200001800000300000000000000000000000100EAD4B927F61B18F2771E0B23EE8217F27CC1A30B55347164A4502599E66ED481B8D4"
+ "30CA8B102CD1547E4EF8E88C000A0D20ABADCA6F1EA3933AFB043EBB62E4C2E17FAF7C09DD0A94C4CDE0E382F66B295807F39B6D931761"
+ "9D2649C96DB7ACC6EFBF3334BDCCEB0A969D2E920BC5FDA9137BDD41F49A0276544B0F4968997A505AE22A1AA4E9FF55641F04140B3445"
+ "B7A063AFBB83E12A81CDFA46074DD0DB9FC86B6F67879E744458A39191AE34FC5F8B7266077D026DEFA995B9C8A8514D95992E6991C71E"
+ "FEECA6DB5F8E9EA5E6C66204B7F9F2E2237640E9944258FCF9686B46A6E16DC9A0420428A14B6EEFE5619975956D2FAFCEB747C7352850"
+ "E17A30023842AB33A4F9E2FD6168E187C3B730C38EE1734056C23B6D1E755EB446B61476468E01C570D5089B271C1AA3270F0488422B5A"
+ "78E9BCD9EB75065F0183A887AD10A96542FF45F870C05AF113EF6C35AF298E983C5D7876A801C741D27EB742ABE305F82DACC902E9169C"
+ "425212AB9ED684DAA3383B661E8848E71CD1FC050264AAFA97FC188DD0FADCF7599A800419A6302D8BA0257F5A81C5A8BB9FBF13FD9A9B"
+ "A45846218DF0377EC91816F4A07550DF1B8A3B5057B3994426799466C7D8EFDEC8F8E495FD971B367795776ABF344BAD1DA919EC794FB8"
+ "4CD97AEDFD8FD1FB243B206CDE9BB468A1657D9A4248E7F0AA5990ABD085B7C8A2990816730D9FD74EE0BA70A7CDCB2AD8A16074EBF09B"
+ "AB1F958DD18A8D9AABA4872D9FA944362CD70A5596D94D0AA99852BFEEEE19921943FF165A7CDE60057C39A5BA200B152772F8FD493553"
+ "7442AF492BE09F3D063B00958F61B5905E9BAEEF940E0607A07577100382070CC55EEC0E3408AB93E9A30689115FEC0E3357732DE89D83"
+ "232C313B6F0EE2B6FE315B638DA0FBE7E3F07EDD09ED1937C71C002B06C0ADE996570B1F68A4C1B8B2891DDC6162567C520435FF4F4EFB"
+ "1A2B9E126E4F84302FD2C2EAA15DB58B24C88ACC33BD50041742AC9A64E9D2DD171A1CD18AD173CCE9F2DD2D8CE02AB55B87D42FB227B0"
+ "8029446B32D85F419928DBB67549727A79BA4CEFC6C379D0DF238AE521C5217048FDB124A168836B4486E0F91ECDF76E4A32491D94C786"
+ "0C8CE03C0B41447D6E703421A5B4D3D3578F1BC1EBEE99C49D577D2DC710DCDE1BE74C1308F0D85C6570A0C28DE14C0A1E3D0FD85D894F"
+ "5CC0A0D0BC824426A7EF42EB8490D318FCB75251E63E4629C1966FDF5EE3920A7CFF380DBD89DC294AFF16361F55B0DA4724DB27718576"
+ "70382A0AD329D02761C3523AD2B1336B5DE85848F7D70A280F65AA05A36A1C676AC9BF9BBA71ECC7C3482B4F2A92409392A4CE5401B56C"
+ "9A007338FE518E55A9B8BBE4543EA4C6B1D9CADA9783B568B8AB0D9218F95F9898693C979BF0995041F0C754EF142D6521830405F5F672"
+ "49BC5DD6F187D9AC281599CB3C6BEAA4519388E983B0DEF619C809EFC2C6C7ADA36FE06B0F12A41B2FF67C416A08D1BEF6069C5544B3C6"
+ "6B696BDE1A64CFF59646713C7C7CFC1335E64A1A75C8290A28527AA8C087E20256A44F257B7D1B224D94DF5F189E16B7DD2CCBD458260C"
+ "CA0556CA1B13F28E87B96AE6BCF0701B40BAF68B95285CFCBBB65A70BD02F4B846168EB3950AC772DCA4DB620427125944BFAF3651359E"
+ "6CF97572EDB9ADD77EDF2E29DF00304ED7981965F549355BA8780909398FE6CE14B1A1D3304AB27745592F6EE62A7721900CC7326505C5"
+ "D6EF9972DDDCA4472EE27E425002A283ADDAF57477ADE01329D9036ADE65298765665887342FB7653353F0C73418BD0FFBA466C6058835"
+ "E4751AEE5FA275FFE5D3775C89935F1E1FC1C80D0174F8EFA87071834ADFA0EA59F7F9749AF9123E10ED01B72C8C68D6E4F58BEFE7D52B"
+ "7C774C84E8C6F57BBDCA9EA2E7197FABE47A2058D3750A5BEADCB883D9288A804FF3C32E9CBC26132A5F51D16E2250EE2186E34C329D78"
+ "3D4E907F039A833B18358CDB0EF1AB5A0F66B5FDDCD42603B4DF499C799C02261072B834976DA5F0C50ECFC5DF355C943FC0C2E06C59B1"
+ "5830862E5C9E25091BE659A7D383090EEBD22C3FFFB6AD80F882FB38F4E3689821D9A058E4569D14E48E6BDB9F973AA26A4B1B683CDF0A"
+ "E5F67CA93CD0519622DC9E17884657637629E2F0507683BD9E9B80423A6E8220000CE924E2B71AA3025118C7AFD578A1DB0BC7243D6F7F"
+ "B839223FDB02DE3973B9D954625A11A321D9FFFB01EC1EF3AD73F6215FDC51F45A9C39D69F5D55EAE424B3E48EDE3C5A5B441EA4BF6BF5"
+ "78A3AB8CCD19D650742B514C4ABEC1D766D9C1A52895D93E6A905DBB1898409D60CA9CC82F03D0E2FEEB542D12B00F3E229CCDC41C5D6D"
+ "CDED6A23B6CDEFBFB0C77904BB0F80C0EF2C73BBFDE8AE8E4DD6D13369F1D4CD1CC233ADE81EE90FD0B4AEAAF3DE619DBFAF431DA98731"
+ "B1BC956B514759F75CCF0497561450560E01656399DDC34B0000";
+ char *raw_tm_sdls_ping_b = NULL;
+ int raw_tm_sdls_ping_len = 0;
+
+ hex_conversion(raw_tm_sdls_ping_h, &raw_tm_sdls_ping_b, &raw_tm_sdls_ping_len);
+ TM_t *tm_frame;
+ tm_frame = malloc(sizeof(uint8_t) * TM_SIZE);
+ memset(tm_frame, 0, (sizeof(uint8_t) * TM_SIZE));
+ uint16_t processed_tm_len = 0;
+
+ return_val =
+ Crypto_TM_ProcessSecurity((uint8_t *)raw_tm_sdls_ping_b, raw_tm_sdls_ping_len, tm_frame, &processed_tm_len);
+ ASSERT_EQ(CRYPTO_LIB_SUCCESS, return_val);
+
+ char *truth_tm_h =
+ "003200001800000000000000000000000000000066778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABB000000000000000000000000000000000000";
+ char *truth_tm_b = NULL;
+ int truth_tm_len = 0;
+ hex_conversion(truth_tm_h, &truth_tm_b, &truth_tm_len);
+ SecurityAssociation_t *sa_ptr = NULL;
+ sa_if->sa_get_from_spi(3, &sa_ptr);
+ uint16_t offset = TM_FRAME_PRIMARYHEADER_SIZE + SPI_LEN + sa_ptr->shivf_len + sa_ptr->shsnf_len + sa_ptr->shplf_len;
+ for (int i = 0; i < tm_frame->tm_pdu_len; i++)
+ {
+ // printf("Checking %02x against %02X\n", (uint8_t)raw_tm_sdls_ping_b[i], (uint8_t) * (truth_tm_b + i));
+ ASSERT_EQ((uint8_t)tm_frame->tm_pdu[i], (uint8_t) * (truth_tm_b + i + offset));
+ }
+
+ Crypto_Shutdown();
+ free(sa_ptr);
+ free(tm_frame);
+ free(truth_tm_b);
+ free(raw_tm_sdls_ping_b);
+}
+
+UTEST_MAIN();
\ No newline at end of file
diff --git a/test/unit/ut_aos_apply.c b/test/unit/ut_aos_apply.c
index 430ff5cf..16d94331 100644
--- a/test/unit/ut_aos_apply.c
+++ b/test/unit/ut_aos_apply.c
@@ -1058,39 +1058,39 @@ UTEST(AOS_APPLY, AES_GCM)
// Truth frame setup
char *truth_aos_h =
- "40C000000000000ACCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABB"
- "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
- "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
- "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
- "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
- "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
- "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
- "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
- "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
- "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
- "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
- "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
- "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
- "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
- "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
- "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
- "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
- "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
- "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
- "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
- "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
- "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
- "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
- "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
- "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
- "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
- "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
- "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
- "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
- "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
- "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
- "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
- "BBAABBAABBAABBAA778A1E133306963F1D9DCA32D6D60C23C5D4";
+ "40C000000000000A00000000000000000000000000000000CE71F3496571490305748611F14D391E4164572834AB5A587C3C7410653592"
+ "9FFB39F358756E14C0C23FC2F46000DBFCD1BD14574E7BDA13DC488F44AB377F09052FE462E1E4692AEB5280BB75FB4455DA4A29AB381C"
+ "B42795D6FCA9FCB5E7F4E305926D1EA5C0FE2F5C9C97788A3680D558804765667EDDCE4AF4AADCDCA477871580FA77F5F042C9A31EB798"
+ "BD9BC2B45C3D9499556D284DD54FC8309748A20DBF27729A4A7436B706CA842F0DBC78001266B93767BE5A4E741319292D754F481F5E96"
+ "3DD38C74F47D9B2973F3654273936DC76FA77B6FC7158B9192C3EF99DB3F001EE16708005FA0963DADC2C55199520DA898AD6723E7A49F"
+ "F1619E7FE643D83007C3D359809629971B06E6C8C0C6CBA8D04DF3AF7A598887AF8E5217907CD2AFC1FFA61C40B59CE165F619E716BDD9"
+ "65EB66A395CC6B1F7F91AE58F11A24B380BD1DC22BE894FB4AB52A3F43373919618C0C2F823E57CED61E1323916B02B0F02F06487D455F"
+ "A4E42428FBA47D60E49C142A93B7C87DAF2C1A37C97761155F94B15B70927FC0770457378035AF6CD97634A373441D91ACFEB033915C00"
+ "6C64FCBD81DF116CAE34F00D581106E6413035B439972E1A79F406955DF174845EC93CB4FB78C012A24D7FAC31AA7A874F0A80D92490E6"
+ "63E2A42DB14E3255EF241CE727646C3E69FE69DA782E81CC4CF37D49FB1440B5368A984A253CCB033935EDA4D8DDC9C4DD78A92277B569"
+ "1AB1523F5057EBBB1BBF7C98E51C6873966D0B948C46F12CF9031AD8C99AB236CDB24A3D2817AABB507D319091F21179477060160B5921"
+ "EC21B71E726204E5B9CC283AE12A79967E89BCD4943A8F2037F75AC6F31E11E24F95EC7CA9F9184A865B5C6E82EDE317C740E6007227F6"
+ "50C2B74950C1C803D6129EC2FC956EFC6035D537761904B1EDFFCF6EC850349DEACDD0A8815C0886FF3270BBA29B792BEB5349C72E1264"
+ "8ED7B0FFE9B1D5551D411190DC95B0EB80DA89B90FD0B9F2483446AAF313470C58C6D026E3D8FF3F4A3D7638C4B9CD38903EA6215628FC"
+ "F05EDAD8AD3C087FC69BD9C2A070A191D8A2816D16F60785A1AE9F31751A72CAA619560658B309269DF16E27A3B65254AF76851AA633DC"
+ "33D1011ED9A54C1C155A9F2E58D6D72ACFB33180C487A0B8505EC33464E27958BF455F6C2C964461F45BEAC9D4771B3871FCC57C1C0751"
+ "F76732701D1B4D147F89B0E40947BB83954295CA58C6E3464CF21EB4EB0BADFC6F16D9731A734DF1945225594A54CC7B3A2E61740229A8"
+ "4755A4F8F827BA38BCA38D830575339DDDD02298DF5170558527E1864656ADCB59D738CA541E3DEF8F159AE839FA161622643F1F09BEFC"
+ "BC54847663AE8D2DF6ED7515E559102426C3E19296DA77A9FC65DC3BA01B1BA79DEF5C302667C80CAE12B9911B6E764ED32F39FE55B4CD"
+ "2E79F6431485B8057364F4E0ECDCEE98511E5CEACFD40054488CC0F98FEB7273147D47CFB5A809866B267B707E6C781A5BD169CC0990AF"
+ "695ABA6D4097F1BA1EEF99C02CEEED6501B0BAA5FDE61BF8A98A93DDB5AE7BC92C309EBC27E2BE1B7B8C8B3DB32B8A8732D77B263B8B11"
+ "354B54ABBAA93AB39EE1603DBA7987CA37B8A2B251F79506A8EB200F86AEC6ABF481ACE061D39A214EECDC637BBF9D653DA0CB4DA4531A"
+ "655F4BBB12EC8284FC6898C46B311416F59ABF55C69631C290A0EDB0298DD809D63C9B7132ECD205D9359A181555560F5BF7CD24D15818"
+ "B5175868DDE5A4B0495F87CDE03F04800416B3F50F3AD56FD00CCD70D7D86E9B7E840864B08B1F99B930787061C473CAD1A41E578AD4C0"
+ "7DFF34928D579B5E6C02B457E0AA7542E653CF4FA3C4F1A83B7CC1B22A16EED574A98DA1CADEEFB35D4C2D0E1F81110F41E23A70C29B65"
+ "7897623DA52DA288433F2DC35FB2CE4591888BBEFD694069BB0550486E2B88EF89E7052AD7FD7838989038F9748BD890E238956DAFE015"
+ "23C4A91E79A4AB2C866BAA82A591062A4D71B3AABF0415A5F52A3005922C457ECEA6CDC2D53FA2585EBC2D465D4BF734A123A234320C58"
+ "B2F0D097E655AA7D32DB38B17296A6218A817F049CDA81587AA346306C1A308AA8836B0BA6AEEFEA5204DF601FE70052B484BDBBB7951E"
+ "A74145B985827816C6685C9202C2FD97735C21677A3BE1B846276ECB12465A5756F7287BCA76C404BBC4E37E4386F8771F7E3CCD45F5A7"
+ "20D8CE10C8704279A84EF1BF25069808AF027D9C4C60343C886D5A26A856F14D7C6A64C2D12635D6C7CF075D98E141A399B70AA2295241"
+ "6774BF2804E2F56DB75077F8C642E08BF27A62CA5A0B91B412D59D2B655EC9F3F6BD46776F9A5FA6BA7731C0E076E57CDE6B4B0749C76C"
+ "F225EA560D86113FB96AB4F23478895039403438E6CA7EA2534D8EB04C9BFAB2C844839D840D02256FEEB674B82F9ABBCD9255F27261FB"
+ "35A2C61B3A8DECD2138DB3482D65F1818DE8AE03C080045F68C1";
char *truth_aos_b = NULL;
int truth_aos_len = 0;
hex_conversion(truth_aos_h, &truth_aos_b, &truth_aos_len);
@@ -1101,6 +1101,12 @@ UTEST(AOS_APPLY, AES_GCM)
aos_frame_pri_hdr.vcid = ((uint8_t)test_aos_b[1] & 0x3F);
sa_if->sa_get_from_spi(10, &sa_ptr);
+ sa_ptr->ecs_len = 1;
+ sa_ptr->ecs = CRYPTO_CIPHER_AES256_GCM;
+ sa_ptr->est = 1;
+ sa_ptr->ast = 1;
+ sa_ptr->iv_len = 16;
+ sa_ptr->shivf_len = 16;
crypto_key_t *ekp = NULL;
ekp = key_if->get_key(sa_ptr->ekid);
ekp->key_state = KEY_ACTIVE;
diff --git a/test/unit/ut_aos_process.c b/test/unit/ut_aos_process.c
index 3ca10c53..0aec4805 100644
--- a/test/unit/ut_aos_process.c
+++ b/test/unit/ut_aos_process.c
@@ -37,9 +37,8 @@ UTEST(AOS_PROCESS, NO_CONFIG)
{
remove("sa_save_file.bin");
// Local variables
- int32_t status = CRYPTO_LIB_ERROR;
- int framed_aos_len = 0;
- uint8_t *ptr_processed_frame = NULL;
+ int32_t status = CRYPTO_LIB_ERROR;
+ int framed_aos_len = 0;
uint16_t processed_aos_len;
// 01 01000100 00000000
char *framed_aos_h =
@@ -79,11 +78,15 @@ UTEST(AOS_PROCESS, NO_CONFIG)
char *framed_aos_b = NULL;
hex_conversion(framed_aos_h, &framed_aos_b, &framed_aos_len);
- status =
- Crypto_AOS_ProcessSecurity((uint8_t *)framed_aos_h, framed_aos_len, &ptr_processed_frame, &processed_aos_len);
+ AOS_t *aos_frame;
+ aos_frame = malloc(sizeof(uint8_t) * AOS_SIZE);
+ memset(aos_frame, 0, (sizeof(uint8_t) * AOS_SIZE));
+
+ status = Crypto_AOS_ProcessSecurity((uint8_t *)framed_aos_h, framed_aos_len, aos_frame, &processed_aos_len);
ASSERT_EQ(CRYPTO_LIB_ERR_NO_CONFIG, status);
free(framed_aos_b);
+ free(aos_frame);
Crypto_Shutdown();
}
@@ -95,9 +98,9 @@ UTEST(AOS_PROCESS, NO_INIT)
{
remove("sa_save_file.bin");
// Local variables
- int32_t status = CRYPTO_LIB_ERROR;
- int framed_aos_len = 0;
- uint8_t *ptr_processed_frame = NULL;
+ int32_t status = CRYPTO_LIB_ERROR;
+ int framed_aos_len = 0;
+
uint16_t processed_aos_len;
// No Crypto_Init(), but we still Configure It:
@@ -145,14 +148,32 @@ UTEST(AOS_PROCESS, NO_INIT)
char *framed_aos_b = NULL;
hex_conversion(framed_aos_h, &framed_aos_b, &framed_aos_len);
- status =
- Crypto_AOS_ProcessSecurity((uint8_t *)framed_aos_h, framed_aos_len, &ptr_processed_frame, &processed_aos_len);
+ // Bit math to give concise access to values already set in the static transfer frame
+ // TFVN Mask (2 bits) = 1100 0000 = 0xCO
+ aos_frame_pri_hdr.tfvn = ((uint8_t)framed_aos_b[0] & 0xC0) >> 6;
+ // SCID Mask (8 bits) = 0011 1111 1100 0000 = 0x3F 0xC0
+ aos_frame_pri_hdr.scid = (((uint16_t)framed_aos_b[0] & 0x3F) << 2) | (((uint16_t)framed_aos_b[1] & 0xC0) >> 6);
+ // VCID Mask (6 bits) = 0011 1111 = 0x3F
+ aos_frame_pri_hdr.vcid = ((uint8_t)framed_aos_b[1] & 0x3F);
+
+ // Sanity checks on the above bit math
+ // Note: This is only checked in this UT, as the bit math is duplicated in other tests
+ ASSERT_EQ(aos_frame_pri_hdr.tfvn, 0x01); // TFVN - AOS Version 2 is set to '0b01' per protocol
+ ASSERT_EQ(aos_frame_pri_hdr.scid, 0x03); // SCID 3
+ ASSERT_EQ(aos_frame_pri_hdr.vcid, 0x00); // VCID 0
+
+ AOS_t *aos_frame;
+ aos_frame = malloc(sizeof(uint8_t) * AOS_SIZE);
+ memset(aos_frame, 0, (sizeof(uint8_t) * AOS_SIZE));
+
+ status = Crypto_AOS_ProcessSecurity((uint8_t *)framed_aos_h, framed_aos_len, aos_frame, &processed_aos_len);
ASSERT_EQ(CRYPTO_LIB_ERR_NO_CONFIG, status);
char *error_enum = Crypto_Get_Error_Code_Enum_String(status);
ASSERT_STREQ("CRYPTO_LIB_ERR_NO_CONFIG", error_enum);
free(framed_aos_b);
+ free(aos_frame);
Crypto_Shutdown();
}
@@ -166,8 +187,8 @@ UTEST(AOS_PROCESS, HAPPY_PATH_CLEAR_FECF)
{
remove("sa_save_file.bin");
// Local Variables
- int32_t status = CRYPTO_LIB_SUCCESS;
- uint8_t *ptr_processed_frame = NULL;
+ int32_t status = CRYPTO_LIB_SUCCESS;
+
uint16_t processed_aos_len;
// Configure Parameters
@@ -176,8 +197,6 @@ UTEST(AOS_PROCESS, HAPPY_PATH_CLEAR_FECF)
TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE,
AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE);
// AOS Tests
- // Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786,
- // AOS_FHEC_NA, AOS_IZ_NA, 0);
GvcidManagedParameters_t AOS_UT_Managed_Parameters = {
1, 0x0003, 0, AOS_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, AOS_SEGMENT_HDRS_NA, 1786, AOS_NO_OCF, 1};
Crypto_Config_Add_Gvcid_Managed_Parameters(AOS_UT_Managed_Parameters);
@@ -265,31 +284,36 @@ UTEST(AOS_PROCESS, HAPPY_PATH_CLEAR_FECF)
SecurityAssociation_t *sa_ptr = NULL;
SaInterface sa_if = get_sa_interface_inmemory();
- sa_if->sa_get_from_spi(10, &sa_ptr); // Disable SPI 10
- sa_ptr->sa_state = SA_KEYED;
sa_if->sa_get_from_spi(9, &sa_ptr); // Enable and setup 9
sa_ptr->sa_state = SA_OPERATIONAL;
sa_ptr->arsn_len = 0;
sa_ptr->shsnf_len = 0;
- status =
- Crypto_AOS_ProcessSecurity((uint8_t *)framed_aos_b, framed_aos_len, &ptr_processed_frame, &processed_aos_len);
+ AOS_t *aos_frame;
+ aos_frame = malloc(sizeof(uint8_t) * AOS_SIZE);
+ memset(aos_frame, 0, (sizeof(uint8_t) * AOS_SIZE));
+
+ status = Crypto_AOS_ProcessSecurity((uint8_t *)framed_aos_b, framed_aos_len, aos_frame, &processed_aos_len);
ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
// Determine managed parameters by GVCID, which nominally happens in TO
status =
Crypto_Get_Managed_Parameters_For_Gvcid(aos_frame_pri_hdr.tfvn, aos_frame_pri_hdr.scid, aos_frame_pri_hdr.vcid,
gvcid_managed_parameters_array, &aos_current_managed_parameters_struct);
// Now, byte by byte verify the static frame in memory is equivalent to what we started with
- for (int i = 0; i < aos_current_managed_parameters_struct.max_frame_size; i++)
+ uint16_t sh_len = Crypto_Get_Security_Header_Length(sa_ptr);
+ uint16_t offset = 6 + sh_len;
+ for (int i = 0; i < aos_frame->aos_pdu_len; i++)
{
- // printf("Checking %02x against %02X\n", (uint8_t)ptr_processed_frame[i], (uint8_t)*(truth_aos_b + i));
- ASSERT_EQ((uint8_t)ptr_processed_frame[i], (uint8_t) * (truth_aos_b + i));
+ // printf("Checking %02x against %02X\n", (uint8_t)aos_frame->aos_pdu[i], (uint8_t)*(truth_aos_b + offset + i));
+ ASSERT_EQ((uint8_t)aos_frame->aos_pdu[i], (uint8_t) * (truth_aos_b + offset + i));
}
+ Crypto_aosPrint(aos_frame);
+
Crypto_Shutdown();
free(framed_aos_b);
free(truth_aos_b);
- free(ptr_processed_frame);
+ free(aos_frame);
}
// /**
@@ -303,8 +327,8 @@ UTEST(AOS_PROCESS, SECONDARY_HDR_PRESENT_PLAINTEXT)
{
remove("sa_save_file.bin");
// Local Variables
- int32_t status = CRYPTO_LIB_SUCCESS;
- uint8_t *ptr_processed_frame = NULL;
+ int32_t status = CRYPTO_LIB_SUCCESS;
+
uint16_t processed_aos_len;
// Configure Parameters
@@ -404,8 +428,11 @@ UTEST(AOS_PROCESS, SECONDARY_HDR_PRESENT_PLAINTEXT)
sa_ptr->arsn_len = 0;
sa_ptr->shsnf_len = 0;
- status =
- Crypto_AOS_ProcessSecurity((uint8_t *)framed_aos_b, framed_aos_len, &ptr_processed_frame, &processed_aos_len);
+ AOS_t *aos_frame;
+ aos_frame = malloc(sizeof(uint8_t) * AOS_SIZE);
+ memset(aos_frame, 0, (sizeof(uint8_t) * AOS_SIZE));
+
+ status = Crypto_AOS_ProcessSecurity((uint8_t *)framed_aos_b, framed_aos_len, aos_frame, &processed_aos_len);
ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
// Determine managed parameters by GVCID, which nominally happens in TO
status =
@@ -413,16 +440,20 @@ UTEST(AOS_PROCESS, SECONDARY_HDR_PRESENT_PLAINTEXT)
gvcid_managed_parameters_array, &aos_current_managed_parameters_struct);
// Now, byte by byte verify the static frame in memory is equivalent to what we started with
- for (int i = 0; i < aos_current_managed_parameters_struct.max_frame_size; i++)
+ uint16_t sh_len = Crypto_Get_Security_Header_Length(sa_ptr);
+ uint16_t offset = 6 + 2 + sh_len;
+ for (int i = 0; i < aos_frame->aos_pdu_len; i++)
{
- // printf("Checking %02x against %02X\n", aos_frame[i], (uint8_t)*(truth_aos_b + i));
- ASSERT_EQ(ptr_processed_frame[i], (uint8_t) * (truth_aos_b + i));
+ // printf("Checking %02x against %02X\n", aos_frame[i], (uint8_t)*(truth_aos_b + offset + i));
+ ASSERT_EQ(aos_frame->aos_pdu[i], (uint8_t) * (truth_aos_b + offset + i));
}
+ Crypto_aosPrint(aos_frame);
+
Crypto_Shutdown();
free(framed_aos_b);
free(truth_aos_b);
- free(ptr_processed_frame);
+ free(aos_frame);
}
/**
@@ -435,8 +466,8 @@ UTEST(AOS_PROCESS, INSERT_ZONE_PRESENT_PLAINTEXT)
{
remove("sa_save_file.bin");
// Local Variables
- int32_t status = CRYPTO_LIB_SUCCESS;
- uint8_t *ptr_processed_frame = NULL;
+ int32_t status = CRYPTO_LIB_SUCCESS;
+
uint16_t processed_aos_len;
// Configure Parameters
@@ -445,8 +476,6 @@ UTEST(AOS_PROCESS, INSERT_ZONE_PRESENT_PLAINTEXT)
TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE,
AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE);
// AOS Tests
- // Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786,
- // AOS_NO_FHEC, AOS_HAS_IZ, 10);
GvcidManagedParameters_t AOS_UT_Managed_Parameters = {
1, 0x0003, 0, AOS_HAS_FECF, AOS_NO_FHEC, AOS_HAS_IZ, 10, AOS_SEGMENT_HDRS_NA, 1786, AOS_NO_OCF, 1};
Crypto_Config_Add_Gvcid_Managed_Parameters(AOS_UT_Managed_Parameters);
@@ -541,24 +570,31 @@ UTEST(AOS_PROCESS, INSERT_ZONE_PRESENT_PLAINTEXT)
sa_ptr->arsn_len = 0;
sa_ptr->shsnf_len = 0;
- status =
- Crypto_AOS_ProcessSecurity((uint8_t *)framed_aos_b, framed_aos_len, &ptr_processed_frame, &processed_aos_len);
+ AOS_t *aos_frame;
+ aos_frame = malloc(sizeof(uint8_t) * AOS_SIZE);
+ memset(aos_frame, 0, (sizeof(uint8_t) * AOS_SIZE));
+
+ status = Crypto_AOS_ProcessSecurity((uint8_t *)framed_aos_b, framed_aos_len, aos_frame, &processed_aos_len);
ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
// Determine managed parameters by GVCID, which nominally happens in TO
status =
Crypto_Get_Managed_Parameters_For_Gvcid(aos_frame_pri_hdr.tfvn, aos_frame_pri_hdr.scid, aos_frame_pri_hdr.vcid,
gvcid_managed_parameters_array, &aos_current_managed_parameters_struct);
// Now, byte by byte verify the static frame in memory is equivalent to what we started with
- for (int i = 0; i < aos_current_managed_parameters_struct.max_frame_size; i++)
+ uint16_t sh_len = Crypto_Get_Security_Header_Length(sa_ptr);
+ uint16_t offset = 6 + 10 + sh_len;
+ for (int i = 0; i < aos_frame->aos_pdu_len; i++)
{
- printf("Checking %02x against %02X\n", ptr_processed_frame[i], (uint8_t) * (truth_aos_b + i));
- ASSERT_EQ(ptr_processed_frame[i], (uint8_t)truth_aos_b[i]);
+ printf("Checking %02x against %02X\n", aos_frame->aos_pdu[i], (uint8_t) * (truth_aos_b + offset + i));
+ ASSERT_EQ(aos_frame->aos_pdu[i], (uint8_t)truth_aos_b[i + offset]);
}
+ Crypto_aosPrint(aos_frame);
+
Crypto_Shutdown();
free(framed_aos_b);
free(truth_aos_b);
- free(ptr_processed_frame);
+ free(aos_frame);
}
/**
@@ -571,8 +607,8 @@ UTEST(AOS_PROCESS, AES_CMAC_256_TEST_0)
{
remove("sa_save_file.bin");
// Local Variables
- int32_t status = CRYPTO_LIB_SUCCESS;
- uint8_t *ptr_processed_frame = NULL;
+ int32_t status = CRYPTO_LIB_SUCCESS;
+
uint16_t processed_aos_len;
SecurityAssociation_t *sa_ptr = NULL;
@@ -685,24 +721,31 @@ UTEST(AOS_PROCESS, AES_CMAC_256_TEST_0)
int truth_aos_len = 0;
hex_conversion(truth_aos_h, &truth_aos_b, &truth_aos_len);
- status =
- Crypto_AOS_ProcessSecurity((uint8_t *)framed_aos_b, framed_aos_len, &ptr_processed_frame, &processed_aos_len);
+ AOS_t *aos_frame;
+ aos_frame = malloc(sizeof(uint8_t) * AOS_SIZE);
+ memset(aos_frame, 0, (sizeof(uint8_t) * AOS_SIZE));
+
+ status = Crypto_AOS_ProcessSecurity((uint8_t *)framed_aos_b, framed_aos_len, aos_frame, &processed_aos_len);
ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
// Determine managed parameters by GVCID, which nominally happens in TO
status =
Crypto_Get_Managed_Parameters_For_Gvcid(aos_frame_pri_hdr.tfvn, aos_frame_pri_hdr.scid, aos_frame_pri_hdr.vcid,
gvcid_managed_parameters_array, &aos_current_managed_parameters_struct);
// Now, byte by byte verify the static frame in memory is equivalent to what we started with
- for (int i = 0; i < aos_current_managed_parameters_struct.max_frame_size; i++)
+ uint16_t sh_len = Crypto_Get_Security_Header_Length(sa_ptr);
+ uint16_t offset = 6 + sh_len;
+ for (int i = 0; i < aos_frame->aos_pdu_len; i++)
{
- // printf("Checking %02x against %02X\n", (uint8_t)ptr_processed_frame[i], (uint8_t)*(truth_aos_b + i));
- ASSERT_EQ((uint8_t)ptr_processed_frame[i], (uint8_t) * (truth_aos_b + i));
+ // printf("Checking %02x against %02X\n", (uint8_t)aos_frame->aos_pdu[i], (uint8_t)*(truth_aos_b + offset + i));
+ ASSERT_EQ((uint8_t)aos_frame->aos_pdu[i], (uint8_t) * (truth_aos_b + offset + i));
}
+ Crypto_aosPrint(aos_frame);
+
Crypto_Shutdown();
free(framed_aos_b);
free(truth_aos_b);
- free(ptr_processed_frame);
+ free(aos_frame);
}
/**
@@ -717,8 +760,8 @@ UTEST(AOS_PROCESS, AES_CMAC_256_TEST_1)
{
remove("sa_save_file.bin");
// Local Variables
- int32_t status = CRYPTO_LIB_SUCCESS;
- uint8_t *ptr_processed_frame = NULL;
+ int32_t status = CRYPTO_LIB_SUCCESS;
+
uint16_t processed_aos_len;
SecurityAssociation_t *sa_ptr = NULL;
@@ -728,8 +771,6 @@ UTEST(AOS_PROCESS, AES_CMAC_256_TEST_1)
TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE,
AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE);
// AOS Tests
- // Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786,
- // AOS_FHEC_NA, AOS_IZ_NA, 0);
GvcidManagedParameters_t AOS_UT_Managed_Parameters = {
1, 0x0003, 0, AOS_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, AOS_SEGMENT_HDRS_NA, 1786, AOS_NO_OCF, 1};
Crypto_Config_Add_Gvcid_Managed_Parameters(AOS_UT_Managed_Parameters);
@@ -837,24 +878,31 @@ UTEST(AOS_PROCESS, AES_CMAC_256_TEST_1)
int truth_aos_len = 0;
hex_conversion(truth_aos_h, &truth_aos_b, &truth_aos_len);
- status =
- Crypto_AOS_ProcessSecurity((uint8_t *)framed_aos_b, framed_aos_len, &ptr_processed_frame, &processed_aos_len);
+ AOS_t *aos_frame;
+ aos_frame = malloc(sizeof(uint8_t) * AOS_SIZE);
+ memset(aos_frame, 0, (sizeof(uint8_t) * AOS_SIZE));
+
+ status = Crypto_AOS_ProcessSecurity((uint8_t *)framed_aos_b, framed_aos_len, aos_frame, &processed_aos_len);
ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
// Determine managed parameters by GVCID, which nominally happens in TO
status =
Crypto_Get_Managed_Parameters_For_Gvcid(aos_frame_pri_hdr.tfvn, aos_frame_pri_hdr.scid, aos_frame_pri_hdr.vcid,
gvcid_managed_parameters_array, &aos_current_managed_parameters_struct);
// Now, byte by byte verify the static frame in memory is equivalent to what we started with
- for (int i = 0; i < aos_current_managed_parameters_struct.max_frame_size; i++)
+ uint16_t sh_len = Crypto_Get_Security_Header_Length(sa_ptr);
+ uint16_t offset = 6 + sh_len;
+ for (int i = 0; i < aos_frame->aos_pdu_len; i++)
{
- // printf("Checking %02x against %02X\n", (uint8_t)ptr_processed_frame[i], (uint8_t)*(truth_aos_b + i));
- ASSERT_EQ((uint8_t)ptr_processed_frame[i], (uint8_t) * (truth_aos_b + i));
+ // printf("Checking %02x against %02X\n", (uint8_t)aos_frame->aos_pdu[i], (uint8_t)*(truth_aos_b + offset + i));
+ ASSERT_EQ((uint8_t)aos_frame->aos_pdu[i], (uint8_t) * (truth_aos_b + offset + i));
}
+ Crypto_aosPrint(aos_frame);
+
Crypto_Shutdown();
free(framed_aos_b);
free(truth_aos_b);
- free(ptr_processed_frame);
+ free(aos_frame);
}
/**
@@ -867,8 +915,8 @@ UTEST(AOS_PROCESS, AES_HMAC_256_TEST_0)
{
remove("sa_save_file.bin");
// Local Variables
- int32_t status = CRYPTO_LIB_SUCCESS;
- uint8_t *ptr_processed_frame = NULL;
+ int32_t status = CRYPTO_LIB_SUCCESS;
+
uint16_t processed_aos_len;
SecurityAssociation_t *sa_ptr = NULL;
@@ -878,8 +926,6 @@ UTEST(AOS_PROCESS, AES_HMAC_256_TEST_0)
TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE,
AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE);
// AOS Tests
- // Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786,
- // AOS_FHEC_NA, AOS_IZ_NA, 0);
GvcidManagedParameters_t AOS_UT_Managed_Parameters = {
1, 0x0003, 0, AOS_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, AOS_SEGMENT_HDRS_NA, 1786, AOS_NO_OCF, 1};
Crypto_Config_Add_Gvcid_Managed_Parameters(AOS_UT_Managed_Parameters);
@@ -983,27 +1029,35 @@ UTEST(AOS_PROCESS, AES_HMAC_256_TEST_0)
sa_ptr->gvcid_blk.scid = 0x44;
sa_ptr->iv_len = 0;
sa_ptr->shivf_len = 0;
- sa_ptr->shsnf_len = 0;
+ sa_ptr->shsnf_len = 2;
+ sa_ptr->shplf_len = 0;
memset(sa_ptr->abm, 0x00, (sa_ptr->abm_len * sizeof(uint8_t))); // Bitmask of zeros
- status =
- Crypto_AOS_ProcessSecurity((uint8_t *)framed_aos_b, framed_aos_len, &ptr_processed_frame, &processed_aos_len);
+ AOS_t *aos_frame;
+ aos_frame = malloc(sizeof(uint8_t) * AOS_SIZE);
+ memset(aos_frame, 0, (sizeof(uint8_t) * AOS_SIZE));
+
+ status = Crypto_AOS_ProcessSecurity((uint8_t *)framed_aos_b, framed_aos_len, aos_frame, &processed_aos_len);
ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
// Determine managed parameters by GVCID, which nominally happens in TO
status =
Crypto_Get_Managed_Parameters_For_Gvcid(aos_frame_pri_hdr.tfvn, aos_frame_pri_hdr.scid, aos_frame_pri_hdr.vcid,
gvcid_managed_parameters_array, &aos_current_managed_parameters_struct);
// Now, byte by byte verify the static frame in memory is equivalent to what we started with
- for (int i = 0; i < aos_current_managed_parameters_struct.max_frame_size; i++)
+ uint16_t sh_len = Crypto_Get_Security_Header_Length(sa_ptr);
+ uint16_t offset = 6 + sh_len;
+ for (int i = 0; i < aos_frame->aos_pdu_len; i++)
{
- // printf("Checking %02x against %02X\n", (uint8_t)ptr_processed_frame[i], (uint8_t)*(truth_aos_b + i));
- ASSERT_EQ((uint8_t)ptr_processed_frame[i], (uint8_t) * (truth_aos_b + i));
+ // printf("Checking %02x against %02X\n", (uint8_t)aos_frame->aos_pdu[i], (uint8_t)*(truth_aos_b + offset + i));
+ ASSERT_EQ((uint8_t)aos_frame->aos_pdu[i], (uint8_t) * (truth_aos_b + offset + i));
}
+ Crypto_aosPrint(aos_frame);
+
Crypto_Shutdown();
free(framed_aos_b);
free(truth_aos_b);
- free(ptr_processed_frame);
+ free(aos_frame);
}
/**
@@ -1018,8 +1072,8 @@ UTEST(AOS_PROCESS, AES_HMAC_256_TEST_1)
{
remove("sa_save_file.bin");
// Local Variables
- int32_t status = CRYPTO_LIB_SUCCESS;
- uint8_t *ptr_processed_frame = NULL;
+ int32_t status = CRYPTO_LIB_SUCCESS;
+
uint16_t processed_aos_len;
SecurityAssociation_t *sa_ptr = NULL;
@@ -1029,8 +1083,6 @@ UTEST(AOS_PROCESS, AES_HMAC_256_TEST_1)
TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE,
AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE);
// AOS Tests
- // Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786,
- // AOS_FHEC_NA, AOS_IZ_NA, 0);
GvcidManagedParameters_t AOS_UT_Managed_Parameters = {
1, 0x0003, 0, AOS_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, AOS_SEGMENT_HDRS_NA, 1786, AOS_NO_OCF, 1};
Crypto_Config_Add_Gvcid_Managed_Parameters(AOS_UT_Managed_Parameters);
@@ -1131,27 +1183,34 @@ UTEST(AOS_PROCESS, AES_HMAC_256_TEST_1)
sa_ptr->gvcid_blk.scid = 0x44;
sa_ptr->iv_len = 0;
sa_ptr->shivf_len = 0;
- sa_ptr->shsnf_len = 0;
+ sa_ptr->shsnf_len = 2;
memset(sa_ptr->abm, 0xFF, (sa_ptr->abm_len * sizeof(uint8_t))); // Bitmask of ones
- status =
- Crypto_AOS_ProcessSecurity((uint8_t *)framed_aos_b, framed_aos_len, &ptr_processed_frame, &processed_aos_len);
+ AOS_t *aos_frame;
+ aos_frame = malloc(sizeof(uint8_t) * AOS_SIZE);
+ memset(aos_frame, 0, (sizeof(uint8_t) * AOS_SIZE));
+
+ status = Crypto_AOS_ProcessSecurity((uint8_t *)framed_aos_b, framed_aos_len, aos_frame, &processed_aos_len);
ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
// Determine managed parameters by GVCID, which nominally happens in TO
status =
Crypto_Get_Managed_Parameters_For_Gvcid(aos_frame_pri_hdr.tfvn, aos_frame_pri_hdr.scid, aos_frame_pri_hdr.vcid,
gvcid_managed_parameters_array, &aos_current_managed_parameters_struct);
// Now, byte by byte verify the static frame in memory is equivalent to what we started with
- for (int i = 0; i < aos_current_managed_parameters_struct.max_frame_size; i++)
+ uint16_t sh_len = Crypto_Get_Security_Header_Length(sa_ptr);
+ uint16_t offset = 6 + sh_len;
+ for (int i = 0; i < aos_frame->aos_pdu_len; i++)
{
- // printf("Checking %02x against %02X\n", (uint8_t)ptr_processed_frame[i], (uint8_t)*(truth_aos_b + i));
- ASSERT_EQ((uint8_t)ptr_processed_frame[i], (uint8_t) * (truth_aos_b + i));
+ // printf("Checking %02x against %02X\n", (uint8_t)aos_frame->aos_pdu[i], (uint8_t)*(truth_aos_b + offset + i));
+ ASSERT_EQ((uint8_t)aos_frame->aos_pdu[i], (uint8_t) * (truth_aos_b + offset + i));
}
+ Crypto_aosPrint(aos_frame);
+
Crypto_Shutdown();
free(framed_aos_b);
free(truth_aos_b);
- free(ptr_processed_frame);
+ free(aos_frame);
}
/**
@@ -1164,8 +1223,8 @@ UTEST(AOS_PROCESS, AES_HMAC_512_TEST_0)
{
remove("sa_save_file.bin");
// Local Variables
- int32_t status = CRYPTO_LIB_SUCCESS;
- uint8_t *ptr_processed_frame = NULL;
+ int32_t status = CRYPTO_LIB_SUCCESS;
+
uint16_t processed_aos_len;
SecurityAssociation_t *sa_ptr = NULL;
@@ -1175,8 +1234,6 @@ UTEST(AOS_PROCESS, AES_HMAC_512_TEST_0)
TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE,
AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE);
// AOS Tests
- // Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786,
- // AOS_FHEC_NA, AOS_IZ_NA, 0);
GvcidManagedParameters_t AOS_UT_Managed_Parameters = {
1, 0x0003, 0, AOS_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, AOS_SEGMENT_HDRS_NA, 1786, AOS_NO_OCF, 1};
Crypto_Config_Add_Gvcid_Managed_Parameters(AOS_UT_Managed_Parameters);
@@ -1281,27 +1338,34 @@ UTEST(AOS_PROCESS, AES_HMAC_512_TEST_0)
sa_ptr->gvcid_blk.scid = 0x44;
sa_ptr->iv_len = 0;
sa_ptr->shivf_len = 0;
- sa_ptr->shsnf_len = 0;
+ sa_ptr->shsnf_len = 2;
memset(sa_ptr->abm, 0x00, (sa_ptr->abm_len * sizeof(uint8_t))); // Bitmask of zeros
- status =
- Crypto_AOS_ProcessSecurity((uint8_t *)framed_aos_b, framed_aos_len, &ptr_processed_frame, &processed_aos_len);
+ AOS_t *aos_frame;
+ aos_frame = malloc(sizeof(uint8_t) * AOS_SIZE);
+ memset(aos_frame, 0, (sizeof(uint8_t) * AOS_SIZE));
+
+ status = Crypto_AOS_ProcessSecurity((uint8_t *)framed_aos_b, framed_aos_len, aos_frame, &processed_aos_len);
ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
// Determine managed parameters by GVCID, which nominally happens in TO
status =
Crypto_Get_Managed_Parameters_For_Gvcid(aos_frame_pri_hdr.tfvn, aos_frame_pri_hdr.scid, aos_frame_pri_hdr.vcid,
gvcid_managed_parameters_array, &aos_current_managed_parameters_struct);
// Now, byte by byte verify the static frame in memory is equivalent to what we started with
- for (int i = 0; i < aos_current_managed_parameters_struct.max_frame_size; i++)
+ uint16_t sh_len = Crypto_Get_Security_Header_Length(sa_ptr);
+ uint16_t offset = 6 + sh_len;
+ for (int i = 0; i < aos_frame->aos_pdu_len; i++)
{
- // printf("Checking %02x against %02X\n", (uint8_t)ptr_processed_frame[i], (uint8_t)*(truth_aos_b + i));
- ASSERT_EQ((uint8_t)ptr_processed_frame[i], (uint8_t) * (truth_aos_b + i));
+ // printf("Checking %02x against %02X\n", (uint8_t)aos_frame->aos_pdu[i], (uint8_t)*(truth_aos_b + offset + i));
+ ASSERT_EQ((uint8_t)aos_frame->aos_pdu[i], (uint8_t) * (truth_aos_b + offset + i));
}
+ Crypto_aosPrint(aos_frame);
+
Crypto_Shutdown();
free(framed_aos_b);
free(truth_aos_b);
- free(ptr_processed_frame);
+ free(aos_frame);
}
/**
@@ -1314,8 +1378,8 @@ UTEST(AOS_PROCESS, AES_HMAC_512_TEST_1)
{
remove("sa_save_file.bin");
// Local Variables
- int32_t status = CRYPTO_LIB_SUCCESS;
- uint8_t *ptr_processed_frame = NULL;
+ int32_t status = CRYPTO_LIB_SUCCESS;
+
uint16_t processed_aos_len;
SecurityAssociation_t *sa_ptr = NULL;
@@ -1325,8 +1389,6 @@ UTEST(AOS_PROCESS, AES_HMAC_512_TEST_1)
TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE,
AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE);
// AOS Tests
- // Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786,
- // AOS_FHEC_NA, AOS_IZ_NA, 0);
GvcidManagedParameters_t AOS_UT_Managed_Parameters = {
1, 0x0003, 0, AOS_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, AOS_SEGMENT_HDRS_NA, 1786, AOS_NO_OCF, 1};
Crypto_Config_Add_Gvcid_Managed_Parameters(AOS_UT_Managed_Parameters);
@@ -1431,27 +1493,34 @@ UTEST(AOS_PROCESS, AES_HMAC_512_TEST_1)
sa_ptr->gvcid_blk.scid = 0x44;
sa_ptr->iv_len = 0;
sa_ptr->shivf_len = 0;
- sa_ptr->shsnf_len = 0;
+ sa_ptr->shsnf_len = 2;
memset(sa_ptr->abm, 0xFF, (sa_ptr->abm_len * sizeof(uint8_t))); // Bitmask of ones
- status =
- Crypto_AOS_ProcessSecurity((uint8_t *)framed_aos_b, framed_aos_len, &ptr_processed_frame, &processed_aos_len);
+ AOS_t *aos_frame;
+ aos_frame = malloc(sizeof(uint8_t) * AOS_SIZE);
+ memset(aos_frame, 0, (sizeof(uint8_t) * AOS_SIZE));
+
+ status = Crypto_AOS_ProcessSecurity((uint8_t *)framed_aos_b, framed_aos_len, aos_frame, &processed_aos_len);
ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
// Determine managed parameters by GVCID, which nominally happens in TO
status =
Crypto_Get_Managed_Parameters_For_Gvcid(aos_frame_pri_hdr.tfvn, aos_frame_pri_hdr.scid, aos_frame_pri_hdr.vcid,
gvcid_managed_parameters_array, &aos_current_managed_parameters_struct);
// Now, byte by byte verify the static frame in memory is equivalent to what we started with
- for (int i = 0; i < aos_current_managed_parameters_struct.max_frame_size; i++)
+ uint16_t sh_len = Crypto_Get_Security_Header_Length(sa_ptr);
+ uint16_t offset = 6 + sh_len;
+ for (int i = 0; i < aos_frame->aos_pdu_len; i++)
{
- // printf("Checking %02x against %02X\n", (uint8_t)ptr_processed_frame[i], (uint8_t)*(truth_aos_b + i));
- ASSERT_EQ((uint8_t)ptr_processed_frame[i], (uint8_t) * (truth_aos_b + i));
+ // printf("Checking %02x against %02X\n", (uint8_t)aos_frame->aos_pdu[i], (uint8_t)*(truth_aos_b + offset + i));
+ ASSERT_EQ((uint8_t)aos_frame->aos_pdu[i], (uint8_t) * (truth_aos_b + offset + i));
}
+ Crypto_aosPrint(aos_frame);
+
Crypto_Shutdown();
free(framed_aos_b);
free(truth_aos_b);
- free(ptr_processed_frame);
+ free(aos_frame);
}
/**
@@ -1462,8 +1531,8 @@ UTEST(AOS_PROCESS, AES_GCM_DEC_ONLY)
{
remove("sa_save_file.bin");
// Local Variables
- int32_t status = CRYPTO_LIB_SUCCESS;
- uint8_t *ptr_processed_frame = NULL;
+ int32_t status = CRYPTO_LIB_SUCCESS;
+
uint16_t processed_aos_len;
// Setup & Initialize CryptoLib
@@ -1471,8 +1540,6 @@ UTEST(AOS_PROCESS, AES_GCM_DEC_ONLY)
IV_INTERNAL, CRYPTO_AOS_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR,
TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE,
TC_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE);
- // Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786,
- // AOS_FHEC_NA, AOS_IZ_NA, 0);
GvcidManagedParameters_t AOS_UT_Managed_Parameters = {
1, 0x0003, 0, AOS_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, AOS_SEGMENT_HDRS_NA, 1786, AOS_NO_OCF, 1};
Crypto_Config_Add_Gvcid_Managed_Parameters(AOS_UT_Managed_Parameters);
@@ -1483,78 +1550,79 @@ UTEST(AOS_PROCESS, AES_GCM_DEC_ONLY)
// Test frame setup Header |SPI| IV | Data
char *framed_aos_h =
- "40C000000000000B0000000000000000000000000000000010df143c92a39b3568cc9916c9d06c715bf8017168f88ef107a8016a03207f"
- "7d12fe4ccd79ab24043982fe6a8b9675c3b819e2d7dfad32bd85381fb54544d76668a6ab58b988158702e91afe55cd71f1ba50d72bbd1c"
- "cc41529101ee1a39c46ecd8a7feb503444606611239d31102dc6371b0e2152dd301e3268d0a45e1bcb58779642e883b6a26546094ba39f"
- "b0ce11b39c49092c9b366059e773e4789052311a465f39ba677458510c09826f1ea580fa5c9d5b9677ede38e46fc33fe8d303f9529c15c"
- "2bed4c879c5bfdacd86210a431e0f3852b3798369ae1230b4ed5ae66e153757508ead77e85ddac804e8a409cca8b9d3cef0dd1d0298bcd"
- "bda1dda336d66ee6b59f2f10ffa6d4bf99885b9082b83cd20c9a44a002c460530a9741e26e78b6e8f9349df8e618b904ed01306ee9ed3a"
- "389374efe43e5ed2bcd528943057762f9dc1d392fe2dd2fc6d9cab9e347a25839c07ba47113bad0633b6b5f09228be87631cc1538c2f6e"
- "79e9df0f18d658bd8b3ac45b396cfeadd1700ca2ec95cdbe38e5ec013c74cd68d0035bb975c392f5116b661a928bf113c3cacc801a84cb"
- "d3f8d3dc2273e0c5270d656648a48db16f860e4a36ee7e8979da4135e40e6952041a0d16b6f51cf67519b80a472b4cf5614d5a0b18dd75"
- "5b7c8d63936e43de25a3cdf0d03179aebd5cc85fa1cc0c03fbdd240dd878d647619cbf367a7e486e572c5636c7a7d9b517c565a547597d"
- "311b69110985b5f7c5d47904a6f6699e93c02ea7559d4ba94d139824e9ef0840ad3e31afdaaa71f7baba8835d568443b0dab10a4f40043"
- "160fde9961038bcb823ab570bac0e609e17311a6b0edab4fce98f8df059194393f5109e766f6bf7e21c9a4441acff0cfd28658d4830433"
- "1cb0c982da833c94cf6a7aadc8e2a696b69df49efcd7efadfd2e95bd3a9ab605c221e08b5f61f3aff2496b7c89f98a76aa305116220c50"
- "142cfa4490916f7a6b8732839280d39a402d87ff7e7b1f71b6a243c316307e82b16071ad18e99a548bacc4ed648df49c6eafca0db764b9"
- "8c75a9e953161cb6d384421b473f95d6801d5413dbde4373abab3269c0fade85ab66a9beea1d32462796dac0024f44ade919286b5e9248"
- "8e52b51ada1deb0730c9b2e66b9b3c75dab5194cf452cb626ea4d9425b28e6d97a9d93d5c61d1fd02eea18d2b42058de6453abac116574"
- "0be3c352d7291f8df7abd0c24e90bc8fbdadc32c31942e82f09f74f3ff75e20e597d87d136998b94d99370a8d6c3eedf44503ccc2d7d56"
- "0a3c068f8914fb67a976cb15d3be212bc549b26613113a509079ad19e5abd26467e26571c98f17e248e31ad5b0f489a05b71e38725574e"
- "9a076bf55d546f970cbc1892801b6a4b4bc7e3b82723cf251dcf3bfee0cb3b8c54a51a99d5272e8165a6cf8b2b05a549d091090c8b7a62"
- "3541f2b29542eecc1234bc172038f8fcb0fe14413601f2d255708e4a30a789ec92a3f7bb286c80899886d2f59edfe5e120039b2e0e6fce"
- "7fa81dd15b14c61afc0c334015cf975b42cb53bc33dc511c6aac87f1e38f48287c4ede88b8a22ab013200d4d894709bc0668ac5ff06add"
- "5c28ef3764e3a6f51ba519256574734b0ad395d80ee886018ce0a1b935b1af4747b47011eb030c2ca2ab77cf33019cfca4bbbde219d326"
- "66ce9a2db7a9e1f0f3fdff22a0b2cf6d245f0c5de470a40025a9f2e743c1fd626a01eb34293544c3dee8b72892c8a2d4fbe0cb2dec2bda"
- "572ba4a1246b811331d80e5078b310eb9090a89216b390df62671425f89e73ca736e49848368be1eca4cc5c3036df2dcee5ca648d199f6"
- "4b9bb792a2b7eb7ddc5ae43f35bcd9b9a7f4b9b8d493f958666af4dff6a2dec6a4ca908cd67f98d8845a631b3ecff4c5e527a0654ae737"
- "885885425f6780da2e53f4e612ee8caf42e4d25cec899e7788e1652f0aa1536c488df58f750b7b63a1573d4df0e3eda5c8359daae00626"
- "9cc4f79aab4360ce37b2227bc17a7feb2bd62108404b9d4ec6ca9d4a2c903a34d03db5d68004d5235789e61a22ec75f98680b0829cbf90"
- "5668c9631a5157d39d73d1ab7e558ae6ced855939ea79b80f7256dc29fbf01bacbd718e96916218e41c3fb221f5b9ac58eb3bb694edfc6"
- "0a9a518f392ba97d542034d17cba204ea92572677c3b6af86383f013fb537ba8441d1b8f645289d8c1347377f3698a830aa82ebe912380"
- "8eb105ef216502cee4cd7ef05a14f1e87b5a66eb937a5f7dfd704fb6ad693c90c941a3e4853a148ada9269de95852b412d4d9fc8920120"
- "835156c0c6ed168027115535edbf4ff5b72a3f556234c68245c604188572d3a372a898bd6a439bd4a8d6402b28260e81ece7bbf0cdf5a2"
- "a2983403289cb060f81d3aedf8b4a82dcdadfed35a86a8b6df4d57801f7718a15660f9b03e0c0450a717e14e92e278d65cc11b7e07277b"
- "6992050f69a101af3c11340d640ef7a98d89c32f485221351edc";
+ "40C000000000000A00000000000000000000000000000000CE71F3496571490305748611F14D391E4164572834AB5A587C3C7410653592"
+ "9FFB39F358756E14C0C23FC2F46000DBFCD1BD14574E7BDA13DC488F44AB377F09052FE462E1E4692AEB5280BB75FB4455DA4A29AB381C"
+ "B42795D6FCA9FCB5E7F4E305926D1EA5C0FE2F5C9C97788A3680D558804765667EDDCE4AF4AADCDCA477871580FA77F5F042C9A31EB798"
+ "BD9BC2B45C3D9499556D284DD54FC8309748A20DBF27729A4A7436B706CA842F0DBC78001266B93767BE5A4E741319292D754F481F5E96"
+ "3DD38C74F47D9B2973F3654273936DC76FA77B6FC7158B9192C3EF99DB3F001EE16708005FA0963DADC2C55199520DA898AD6723E7A49F"
+ "F1619E7FE643D83007C3D359809629971B06E6C8C0C6CBA8D04DF3AF7A598887AF8E5217907CD2AFC1FFA61C40B59CE165F619E716BDD9"
+ "65EB66A395CC6B1F7F91AE58F11A24B380BD1DC22BE894FB4AB52A3F43373919618C0C2F823E57CED61E1323916B02B0F02F06487D455F"
+ "A4E42428FBA47D60E49C142A93B7C87DAF2C1A37C97761155F94B15B70927FC0770457378035AF6CD97634A373441D91ACFEB033915C00"
+ "6C64FCBD81DF116CAE34F00D581106E6413035B439972E1A79F406955DF174845EC93CB4FB78C012A24D7FAC31AA7A874F0A80D92490E6"
+ "63E2A42DB14E3255EF241CE727646C3E69FE69DA782E81CC4CF37D49FB1440B5368A984A253CCB033935EDA4D8DDC9C4DD78A92277B569"
+ "1AB1523F5057EBBB1BBF7C98E51C6873966D0B948C46F12CF9031AD8C99AB236CDB24A3D2817AABB507D319091F21179477060160B5921"
+ "EC21B71E726204E5B9CC283AE12A79967E89BCD4943A8F2037F75AC6F31E11E24F95EC7CA9F9184A865B5C6E82EDE317C740E6007227F6"
+ "50C2B74950C1C803D6129EC2FC956EFC6035D537761904B1EDFFCF6EC850349DEACDD0A8815C0886FF3270BBA29B792BEB5349C72E1264"
+ "8ED7B0FFE9B1D5551D411190DC95B0EB80DA89B90FD0B9F2483446AAF313470C58C6D026E3D8FF3F4A3D7638C4B9CD38903EA6215628FC"
+ "F05EDAD8AD3C087FC69BD9C2A070A191D8A2816D16F60785A1AE9F31751A72CAA619560658B309269DF16E27A3B65254AF76851AA633DC"
+ "33D1011ED9A54C1C155A9F2E58D6D72ACFB33180C487A0B8505EC33464E27958BF455F6C2C964461F45BEAC9D4771B3871FCC57C1C0751"
+ "F76732701D1B4D147F89B0E40947BB83954295CA58C6E3464CF21EB4EB0BADFC6F16D9731A734DF1945225594A54CC7B3A2E61740229A8"
+ "4755A4F8F827BA38BCA38D830575339DDDD02298DF5170558527E1864656ADCB59D738CA541E3DEF8F159AE839FA161622643F1F09BEFC"
+ "BC54847663AE8D2DF6ED7515E559102426C3E19296DA77A9FC65DC3BA01B1BA79DEF5C302667C80CAE12B9911B6E764ED32F39FE55B4CD"
+ "2E79F6431485B8057364F4E0ECDCEE98511E5CEACFD40054488CC0F98FEB7273147D47CFB5A809866B267B707E6C781A5BD169CC0990AF"
+ "695ABA6D4097F1BA1EEF99C02CEEED6501B0BAA5FDE61BF8A98A93DDB5AE7BC92C309EBC27E2BE1B7B8C8B3DB32B8A8732D77B263B8B11"
+ "354B54ABBAA93AB39EE1603DBA7987CA37B8A2B251F79506A8EB200F86AEC6ABF481ACE061D39A214EECDC637BBF9D653DA0CB4DA4531A"
+ "655F4BBB12EC8284FC6898C46B311416F59ABF55C69631C290A0EDB0298DD809D63C9B7132ECD205D9359A181555560F5BF7CD24D15818"
+ "B5175868DDE5A4B0495F87CDE03F04800416B3F50F3AD56FD00CCD70D7D86E9B7E840864B08B1F99B930787061C473CAD1A41E578AD4C0"
+ "7DFF34928D579B5E6C02B457E0AA7542E653CF4FA3C4F1A83B7CC1B22A16EED574A98DA1CADEEFB35D4C2D0E1F81110F41E23A70C29B65"
+ "7897623DA52DA288433F2DC35FB2CE4591888BBEFD694069BB0550486E2B88EF89E7052AD7FD7838989038F9748BD890E238956DAFE015"
+ "23C4A91E79A4AB2C866BAA82A591062A4D71B3AABF0415A5F52A3005922C457ECEA6CDC2D53FA2585EBC2D465D4BF734A123A234320C58"
+ "B2F0D097E655AA7D32DB38B17296A6218A817F049CDA81587AA346306C1A308AA8836B0BA6AEEFEA5204DF601FE70052B484BDBBB7951E"
+ "A74145B985827816C6685C9202C2FD97735C21677A3BE1B846276ECB12465A5756F7287BCA76C404BBC4E37E4386F8771F7E3CCD45F5A7"
+ "20D8CE10C8704279A84EF1BF25069808AF027D9C4C60343C886D5A26A856F14D7C6A64C2D12635D6C7CF075D98E141A399B70AA2295241"
+ "6774BF2804E2F56DB75077F8C642E08BF27A62CA5A0B91B412D59D2B655EC9F3F6BD46776F9A5FA6BA7731C0E076E57CDE6B4B0749C76C"
+ "F225EA560D86113FB96AB4F23478895039403438E6CA7EA2534D8EB04C9BFAB2C844839D840D02256FEEB674B82F9ABBCD9255F27261FB"
+ "35A2C61B3A8DECD2138DB3482D65F1818DE8AE03C080045F68C1";
char *framed_aos_b = NULL;
int framed_aos_len = 0;
hex_conversion(framed_aos_h, &framed_aos_b, &framed_aos_len);
// Truth frame setup
char *truth_aos_h =
- "40C00000000000000000000000000000000000000000000000974F555545E8114714352C43BCAB3B62E961FEE145A672C3B292FFAE9A45"
- "63F5B359B8E199115C12A3A1DC24D78BB36CE3D2922E3C9567AF7D87DA9B58A13B64B5BEDE209DDEE5722C2FBC6E96346150A270BF3C12"
- "A6957E57ED061A65DB0B4F8307548270670D2C9CC70BC9772E62F39CC41B8BFEC800D1AAE21935136BCAF6F6FD4C6536917F484A065594"
- "ACC4A9F68AC02628FAB4B06B11F5785BEBA3091B326CFC348BDCD519ADAEB41358677850C5B168C75806D4D5218708F974A2C2D2403110"
- "B6AB129D7FE0D69B6865D59A3E170AA7EB4A0B1385AC35F644F901FFBD5CB821D384B65F7442A3AF9AA8824A7C73E46AB9E66B533C39D9"
- "F2988457E6E7D50B5DB046035DF52D9BD81D03646DAD98350EBE73E6D5ADC72C35B629D90B46EFD849C0B3451F627DF0FFA7D00A9B24ED"
- "C346CBE73814D3DF35F53EA294A42B03CBB1AB76E71EFE6575F58AA027C30E1BB7C4CB828149D85C1615F59B482FFB2F83CEE16E9F2F43"
- "B8D71A597C4444A3B901FD39E7D5B541B58EC8AD14BFC02DDD8DD83B451A962E8733012F108E5E34639D072B2DB99367234AE98A18C041"
- "3316900B80EB0C15B4AD0DDA725D07560DE690252D2AC31A5391FF565F16CBA7D31DCBE4AE14E90B2D8D18BCE4F6377D1E7A5FB14D98F7"
- "26582AEAAC9777F70A4AF0C2956D8B032DC97BD36524F8F6872E6EA6A8C3BADEE8717F4FDF471E32C2B170DEEED4FE807A551353853676"
- "D5E68C4686FE1D87294EC27F05F5C42391CA6ED51A4D65AB3F940F32BBA4D7BBADC0A8233557218832F76C22CC660542F49F3428D3440B"
- "B8E251BF32B9BA1EB6CEE36F45F5310C6A1D3EA1488B438A5960489BDF8A2B74EC3F1A29F030ABB17FE5B6299EEE10C63302E46ABB0876"
- "60B065A53A21C51EBDDB43EEE219C60057FE5C853FDE54EB2C8A5DDF195F50BDD1DA749C6D6EC01FF589C6A97F0E77FDAD73B16CB45921"
- "99936D6FECEE356A88C4E2ABEBA487CF8FEC48B31EA8656BE4E9F45FA5D14CC5125577E235378B090731D4CBDD623D9481D334D3483322"
- "547C8A148B20D75DF232D996FE552473FD419B7908E2D93158911D2B5BBEBAA8AB58D4B7E32C0247C9A79027FF0BEA60E7E2C2F739F118"
- "C423D30BA8F1DA0AE8EB259DE8985D2713986EBBB780C510C766DCCBB0A6B1E8D806C029B6978A1B358429410C6AA3256CB5805F0B0770"
- "25C89239D62331324EBC6288BE3DBC8F1C14E097B0D7641FEE519AB693406616B68D956E47BDD78B5F4DE011839E87320D776EE92E2961"
- "7326919131F0B450C810BEF3FBC7B24F3294DD12CB293C66BE0CD9F81C62F863642811682A8464FE959D63689A0E0141B4E3865D4457E7"
- "B76F9BEFE8EDE58FAE6B6E138C165A5F491C3D3344C1DD652A61B3AF5B4F608E60C73368B6559E5E5D0BD130AFF07F77CFD72B0F54140A"
- "03E0739C665EE3D73CE54AB3BEE154B401320A9D2360C179634A6F5E44F08A873B673949232B613F12FFF97236A96A24ECC977392EE26E"
- "FC9A2F8736048EA10F48F211C846543E36D9D52D5AEEEE9C87803B923570C7AE89C827AAB260147D2F5DE616042740322DFC37CD05A0CA"
- "48ADDA09B1AFCC6BB1291DD69B531DC7EEA9CEB2B7B516851E1EA55074548DE1F02D109A6B7DABEF210DB1F77178D239E73D748296E1D6"
- "A4FFDAC5C6F265E0BEBE2FF70E86808B6B8DBF66E133A2B99FFC7729AB3409E195A91D22D00A771340A29B529671DFD648E27D3422D92C"
- "F66D2BAF512CAB215DD4381FB36F4497DB7DE865EB469B26B8E24F224C73E30605AC6E3A05A0FC86E213CFE0E00D9B440916209305218A"
- "DB134AF7C8247E2B761D8FFA7ED9C1B052FE8470F5E60892E07CAFC3BCF61D67CCC5F737044EDA410283FBB2838CA2B4F6FFF19F4DBC4B"
- "5D20CCFCEDA7CBDB0245B42402B1BCCC95B97015BF06BB1451BC76B9EAD99CA21BC3EC702C314DCE2083F8F2E050F2BD0DB950C8553E00"
- "E662D70AD86855A79A0D3FA973EF00820084606A326EF92C2B48DF8486FEA8ECF63339A9AA2570372AE6CC4D92897CF5D081B8CF2B9A92"
- "3AF3D5D31FB371CE63E82E5E3937ABF1E65AAB0A5CE9A613726510267E87296117C42DD03356364ED20EF5463C73393C1902A7C92A3883"
- "F1F726F43C5C6D4EA5360B4E7E4CD83CEE27BF13D2D4CEC198F9C755CA7FB6C0864737D128FE50A7ECE5B02C01C8E09EE6C455B89C7D44"
- "7DEF0C6D0CE9607DD9458DC1CB3BE8DB613D70A392A6323639251AB6DA3A5431477EEE0BC3BF82EB3C3083482FADEFDC2B6EA5713BB872"
- "2CD5EC36FC1C7097F150FE1CD6E4404E633E23C9525CA165B649318D8D4AF0387256EAE754C45245B2B3C6DC21879D4E27466057FEED75"
- "52383C07CE7C4EDAD9310E0F12C62E75788DDEEFE70D1E8AE8EFCFECE71C3AB0BEDC048D9FAC161E071B02E7C39879FEA64EEBB825F75E"
- "936C93AE48881846000000000000000000000000000000000000";
+ "40C0000000000000CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
+ "AABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA"
+ "BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAA0000";
+
char *truth_aos_b = NULL;
int truth_aos_len = 0;
hex_conversion(truth_aos_h, &truth_aos_b, &truth_aos_len);
@@ -1571,35 +1639,21 @@ UTEST(AOS_PROCESS, AES_GCM_DEC_ONLY)
// Expose/setup SAs for testing
SecurityAssociation_t ta;
- SecurityAssociation_t *test_association = &ta;
-
- sa_if->sa_get_from_spi(10, &test_association); // Disable SPI 10
- test_association->sa_state = SA_KEYED;
- sa_if->sa_get_from_spi(11, &test_association); // Enable and setup 11
- test_association->sa_state = SA_OPERATIONAL;
- test_association->akid = 0;
- test_association->ekid = 136;
- test_association->est = 1;
- test_association->ast = 0;
- test_association->acs_len = 1;
- test_association->ecs_len = 1;
- test_association->ecs = CRYPTO_CIPHER_AES256_GCM;
- test_association->acs = CRYPTO_MAC_NONE;
- test_association->stmacf_len = 16;
- test_association->abm_len = 1786;
- test_association->arsn_len = 0;
- test_association->gvcid_blk.scid = SCID & 0x3FF;
- test_association->iv_len = 16;
- test_association->shivf_len = 16;
- test_association->shsnf_len = 0;
- memset(test_association->abm, 0xFF, (test_association->abm_len * sizeof(uint8_t))); // Bitmask of ones
+ SecurityAssociation_t *sa_ptr = &ta;
+ sa_if->sa_get_from_spi(10, &sa_ptr);
+ sa_ptr->ecs_len = 1;
+ sa_ptr->ecs = CRYPTO_CIPHER_AES256_GCM;
+ sa_ptr->est = 1;
+ sa_ptr->ast = 1;
+ sa_ptr->iv_len = 16;
+ sa_ptr->shivf_len = 16;
crypto_key_t *ekp = NULL;
- ekp = key_if->get_key(test_association->ekid);
+ ekp = key_if->get_key(sa_ptr->ekid);
ekp->key_state = KEY_ACTIVE;
crypto_key_t *akp = NULL;
- akp = key_if->get_key(test_association->akid);
+ akp = key_if->get_key(sa_ptr->akid);
akp->key_state = KEY_ACTIVE;
// Set a more obvious IV for test purposes
@@ -1607,21 +1661,24 @@ UTEST(AOS_PROCESS, AES_GCM_DEC_ONLY)
char *iv_b = NULL;
int iv_len = 0;
hex_conversion(iv_h, &iv_b, &iv_len);
- memcpy(test_association->iv, iv_b, iv_len);
+ memcpy(sa_ptr->iv, iv_b, iv_len);
- status =
- Crypto_AOS_ProcessSecurity((uint8_t *)framed_aos_b, framed_aos_len, &ptr_processed_frame, &processed_aos_len);
+ AOS_t *aos_frame;
+ aos_frame = malloc(sizeof(uint8_t) * AOS_SIZE);
+ memset(aos_frame, 0, (sizeof(uint8_t) * AOS_SIZE));
+
+ status = Crypto_AOS_ProcessSecurity((uint8_t *)framed_aos_b, framed_aos_len, aos_frame, &processed_aos_len);
ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
// printf("Decrypted frame contents:\n\t");
- // for (int i = 0; i < 1786; i++)
+ // for (int i = 0; i < aos_frame->aos_pdu_len; i++)
// {
- // printf("%02x", ptr_processed_frame[i]);
- // // ASSERT_EQ(ptr_processed_frame[i], (uint8_t)*(truth_aos_b + i));
+ // printf("%02x", aos_frame->aos_pdu[i]);
+ // // ASSERT_EQ(aos_frame->aos_pdu[i], (uint8_t)*(truth_aos_b + offset + i));
// }
// printf("\n Truth Contents\n\t");
- // for (int i = 0; i < 1786; i++)
+ // for (int i = 0; i < aos_frame->aos_pdu_len; i++)
// {
// // printf("[%d]: %02x -> %02x \n", i, aos_frame[i], truth_aos_b[i]);
// printf("%02x", (uint8_t)*(truth_aos_b+i));
@@ -1631,15 +1688,19 @@ UTEST(AOS_PROCESS, AES_GCM_DEC_ONLY)
// printf("\n");
// printf("\nDoing final checks:\n\t");
- for (int i = 0; i < 1786; i++)
+ uint16_t sh_len = Crypto_Get_Security_Header_Length(sa_ptr);
+ uint16_t offset = 6 + sh_len;
+ for (int i = 0; i < aos_frame->aos_pdu_len; i++)
{
- // printf("%02x", ptr_processed_frame[i]);
- ASSERT_EQ(ptr_processed_frame[i], (uint8_t) * (truth_aos_b + i));
+ // printf("%02x", aos_frame->aos_pdu[i]);
+ ASSERT_EQ(aos_frame->aos_pdu[i], (uint8_t) * (truth_aos_b + offset + i));
}
+ Crypto_aosPrint(aos_frame);
+
// printf("\n\n");
Crypto_Shutdown();
- free(ptr_processed_frame);
+ free(aos_frame);
free(truth_aos_b);
free(framed_aos_b);
free(iv_b);
@@ -1657,8 +1718,8 @@ UTEST(AOS_PROCESS, AEAD_GCM_BITMASK_1)
{
remove("sa_save_file.bin");
// Local Variables
- int32_t status = CRYPTO_LIB_SUCCESS;
- uint8_t *ptr_processed_frame = NULL;
+ int32_t status = CRYPTO_LIB_SUCCESS;
+
uint16_t processed_aos_len;
SecurityAssociation_t *sa_ptr = NULL;
@@ -1668,8 +1729,6 @@ UTEST(AOS_PROCESS, AEAD_GCM_BITMASK_1)
TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE,
AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE);
// AOS Tests
- // Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786,
- // AOS_FHEC_NA, AOS_IZ_NA, 0);
GvcidManagedParameters_t AOS_UT_Managed_Parameters = {
1, 0x0003, 0, AOS_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, AOS_SEGMENT_HDRS_NA, 1786, AOS_NO_OCF, 1};
Crypto_Config_Add_Gvcid_Managed_Parameters(AOS_UT_Managed_Parameters);
@@ -1712,7 +1771,8 @@ UTEST(AOS_PROCESS, AEAD_GCM_BITMASK_1)
"9FA014FE307413DFF5DC6FE14B05E0F96A4B77FA826B4E6CEC615EA7BC782D81D850B2F5942B059BCB8378CF84943A503C5C8ED9831031"
"924047D1D7FC079136004424FCAE5EE4A63B2E447325D79354D715099463C2B263B989AC7B528AC5B9C7513A39371F90FDF6AAE1DCE4B3"
"B3892512398DA171E90C2BFCE9A5B93CDCBCEFC24B97B9A7CE5C46910E6609B04771E8A12F1D1541B606F05F83F369C74DD00A6F16366A"
- "7883141E78B010BE83D71977C7641BFB68B93231C825ACD0B4b8";
+ "7883141E78B010BE83D71977C7641BFB68B93231C825ACD0B4B8";
+
char *framed_aos_b = NULL;
int framed_aos_len = 0;
hex_conversion(framed_aos_h, &framed_aos_b, &framed_aos_len);
@@ -1756,7 +1816,6 @@ UTEST(AOS_PROCESS, AEAD_GCM_BITMASK_1)
int truth_aos_len = 0;
hex_conversion(truth_aos_h, &truth_aos_b, &truth_aos_len);
- SaInterface sa_if = get_sa_interface_inmemory();
sa_if->sa_get_from_spi(10, &sa_ptr);
sa_ptr->sa_state = SA_OPERATIONAL;
sa_ptr->ekid = 130;
@@ -1769,24 +1828,31 @@ UTEST(AOS_PROCESS, AEAD_GCM_BITMASK_1)
sa_ptr->shivf_len = 16;
sa_ptr->stmacf_len = 16;
- status =
- Crypto_AOS_ProcessSecurity((uint8_t *)framed_aos_b, framed_aos_len, &ptr_processed_frame, &processed_aos_len);
+ AOS_t *aos_frame;
+ aos_frame = malloc(sizeof(uint8_t) * AOS_SIZE);
+ memset(aos_frame, 0, (sizeof(uint8_t) * AOS_SIZE));
+
+ status = Crypto_AOS_ProcessSecurity((uint8_t *)framed_aos_b, framed_aos_len, aos_frame, &processed_aos_len);
ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
// Determine managed parameters by GVCID, which nominally happens in TO
status =
Crypto_Get_Managed_Parameters_For_Gvcid(aos_frame_pri_hdr.tfvn, aos_frame_pri_hdr.scid, aos_frame_pri_hdr.vcid,
gvcid_managed_parameters_array, &aos_current_managed_parameters_struct);
// Now, byte by byte verify the static frame in memory is equivalent to what we started with
- for (int i = 0; i < aos_current_managed_parameters_struct.max_frame_size; i++)
+ uint16_t sh_len = Crypto_Get_Security_Header_Length(sa_ptr);
+ uint16_t offset = 6 + sh_len;
+ for (int i = 0; i < aos_frame->aos_pdu_len; i++)
{
- // printf("Checking %02x against %02X\n", (uint8_t)ptr_processed_frame[i], (uint8_t)*(truth_aos_b + i));
- ASSERT_EQ((uint8_t)ptr_processed_frame[i], (uint8_t) * (truth_aos_b + i));
+ // printf("Checking %02x against %02X\n", (uint8_t)aos_frame->aos_pdu[i], (uint8_t)*(truth_aos_b + offset + i));
+ ASSERT_EQ((uint8_t)aos_frame->aos_pdu[i], (uint8_t) * (truth_aos_b + offset + i));
}
+ Crypto_aosPrint(aos_frame);
+
Crypto_Shutdown();
free(framed_aos_b);
free(truth_aos_b);
- free(ptr_processed_frame);
+ free(aos_frame);
}
UTEST(AOS_PROCESS, AOS_SA_SEGFAULT_TEST)
@@ -1794,8 +1860,8 @@ UTEST(AOS_PROCESS, AOS_SA_SEGFAULT_TEST)
remove("sa_save_file.bin");
// Local Variables
- int32_t status = CRYPTO_LIB_SUCCESS;
- uint8_t *ptr_processed_frame = NULL;
+ int32_t status = CRYPTO_LIB_SUCCESS;
+
uint16_t processed_aos_len;
// Configure Parameters
@@ -1804,8 +1870,6 @@ UTEST(AOS_PROCESS, AOS_SA_SEGFAULT_TEST)
TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE,
AOS_CHECK_FECF_TRUE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE);
// AOS Tests
- // Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786,
- // AOS_NO_FHEC, AOS_HAS_IZ, 10);
GvcidManagedParameters_t AOS_UT_Managed_Parameters = {
1, 0x0003, 0, AOS_HAS_FECF, AOS_NO_FHEC, AOS_HAS_IZ, 10, AOS_SEGMENT_HDRS_NA, 18, AOS_NO_OCF, 1};
Crypto_Config_Add_Gvcid_Managed_Parameters(AOS_UT_Managed_Parameters);
@@ -1818,13 +1882,16 @@ UTEST(AOS_PROCESS, AOS_SA_SEGFAULT_TEST)
int framed_aos_len = 0;
hex_conversion(framed_aos_h, &framed_aos_b, &framed_aos_len);
- status =
- Crypto_AOS_ProcessSecurity((uint8_t *)framed_aos_b, framed_aos_len, &ptr_processed_frame, &processed_aos_len);
- ASSERT_EQ(CRYPTO_LIB_ERR_SPI_INDEX_OOB, status);
+ AOS_t *aos_frame;
+ aos_frame = malloc(sizeof(uint8_t) * AOS_SIZE);
+ memset(aos_frame, 0, (sizeof(uint8_t) * AOS_SIZE));
+
+ status = Crypto_AOS_ProcessSecurity((uint8_t *)framed_aos_b, framed_aos_len, aos_frame, &processed_aos_len);
+ ASSERT_EQ(CRYPTO_LIB_ERR_INVALID_AOS_FRAME_LENGTH, status);
Crypto_Shutdown();
free(framed_aos_b);
- free(ptr_processed_frame);
+ free(aos_frame);
}
UTEST(AOS_PROCESS, AOS_SA_NOT_OPERATIONAL)
@@ -1832,8 +1899,8 @@ UTEST(AOS_PROCESS, AOS_SA_NOT_OPERATIONAL)
remove("sa_save_file.bin");
// Local Variables
- int32_t status = CRYPTO_LIB_SUCCESS;
- uint8_t *ptr_processed_frame = NULL;
+ int32_t status = CRYPTO_LIB_SUCCESS;
+
uint16_t processed_aos_len;
// Configure Parameters
@@ -1842,8 +1909,6 @@ UTEST(AOS_PROCESS, AOS_SA_NOT_OPERATIONAL)
TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE,
AOS_CHECK_FECF_FALSE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE);
// AOS Tests
- // Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786,
- // AOS_NO_FHEC, AOS_HAS_IZ, 10);
GvcidManagedParameters_t AOS_UT_Managed_Parameters = {
1, 0x0003, 0, AOS_HAS_FECF, AOS_NO_FHEC, AOS_IZ_NA, 0, AOS_SEGMENT_HDRS_NA, 18, AOS_NO_OCF, 1};
Crypto_Config_Add_Gvcid_Managed_Parameters(AOS_UT_Managed_Parameters);
@@ -1871,13 +1936,16 @@ UTEST(AOS_PROCESS, AOS_SA_NOT_OPERATIONAL)
akp = key_if->get_key(sa_ptr->akid);
akp->key_state = KEY_ACTIVE;
- status =
- Crypto_AOS_ProcessSecurity((uint8_t *)framed_aos_b, framed_aos_len, &ptr_processed_frame, &processed_aos_len);
+ AOS_t *aos_frame;
+ aos_frame = malloc(sizeof(uint8_t) * AOS_SIZE);
+ memset(aos_frame, 0, (sizeof(uint8_t) * AOS_SIZE));
+
+ status = Crypto_AOS_ProcessSecurity((uint8_t *)framed_aos_b, framed_aos_len, aos_frame, &processed_aos_len);
ASSERT_EQ(CRYPTO_LIB_ERR_SA_NOT_OPERATIONAL, status);
Crypto_Shutdown();
free(framed_aos_b);
- free(ptr_processed_frame);
+ free(aos_frame);
}
UTEST(AOS_PROCESS, AOS_OCF_TEST)
@@ -1885,8 +1953,8 @@ UTEST(AOS_PROCESS, AOS_OCF_TEST)
remove("sa_save_file.bin");
// Local Variables
- int32_t status = CRYPTO_LIB_SUCCESS;
- uint8_t *ptr_processed_frame = NULL;
+ int32_t status = CRYPTO_LIB_SUCCESS;
+
uint16_t processed_aos_len;
// Configure Parameters
@@ -1920,22 +1988,25 @@ UTEST(AOS_PROCESS, AOS_OCF_TEST)
sa_ptr->arsnw_len = 0;
sa_ptr->arsn_len = 0;
- status =
- Crypto_AOS_ProcessSecurity((uint8_t *)framed_aos_b, framed_aos_len, &ptr_processed_frame, &processed_aos_len);
+ AOS_t *aos_frame;
+ aos_frame = malloc(sizeof(uint8_t) * AOS_SIZE);
+ memset(aos_frame, 0, (sizeof(uint8_t) * AOS_SIZE));
+
+ status = Crypto_AOS_ProcessSecurity((uint8_t *)framed_aos_b, framed_aos_len, aos_frame, &processed_aos_len);
ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
printf("FSR: %08X\n", Crypto_Get_FSR());
Crypto_Shutdown();
free(framed_aos_b);
- free(ptr_processed_frame);
+ free(aos_frame);
}
UTEST(AOS_PROCESS, AOS_KEY_STATE_TEST)
{
// Local Variables
- int32_t status = CRYPTO_LIB_SUCCESS;
- uint8_t *ptr_processed_frame = NULL;
+ int32_t status = CRYPTO_LIB_SUCCESS;
+
uint16_t processed_aos_len;
// Configure Parameters
@@ -1944,8 +2015,6 @@ UTEST(AOS_PROCESS, AOS_KEY_STATE_TEST)
TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE,
AOS_CHECK_FECF_FALSE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE);
// AOS Tests
- // Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786,
- // AOS_NO_FHEC, AOS_HAS_IZ, 10);
GvcidManagedParameters_t AOS_UT_Managed_Parameters = {
1, 0x0003, 0, AOS_HAS_FECF, AOS_NO_FHEC, AOS_IZ_NA, 0, AOS_SEGMENT_HDRS_NA, 18, AOS_NO_OCF, 1};
Crypto_Config_Add_Gvcid_Managed_Parameters(AOS_UT_Managed_Parameters);
@@ -1957,6 +2026,7 @@ UTEST(AOS_PROCESS, AOS_KEY_STATE_TEST)
char *framed_aos_b = NULL;
int framed_aos_len = 0;
hex_conversion(framed_aos_h, &framed_aos_b, &framed_aos_len);
+ printf("FL: %d", framed_aos_len);
SecurityAssociation_t *sa_ptr = NULL;
sa_if->sa_get_from_spi(10, &sa_ptr); // Disable SPI 10
@@ -1976,21 +2046,24 @@ UTEST(AOS_PROCESS, AOS_KEY_STATE_TEST)
akp = key_if->get_key(sa_ptr->akid);
akp->key_state = KEY_DEACTIVATED;
- status =
- Crypto_AOS_ProcessSecurity((uint8_t *)framed_aos_b, framed_aos_len, &ptr_processed_frame, &processed_aos_len);
+ AOS_t *aos_frame;
+ aos_frame = malloc(sizeof(uint8_t) * AOS_SIZE);
+ memset(aos_frame, 0, (sizeof(uint8_t) * AOS_SIZE));
+
+ status = Crypto_AOS_ProcessSecurity((uint8_t *)framed_aos_b, framed_aos_len, aos_frame, &processed_aos_len);
ASSERT_EQ(CRYPTO_LIB_ERR_KEY_STATE_INVALID, status);
Crypto_Shutdown();
free(framed_aos_b);
- free(ptr_processed_frame);
+ free(aos_frame);
}
UTEST(AOS_PROCESS, AOS_PROCESS_HEAP_UNDERFLOW_TEST)
{
remove("sa_save_file.bin");
// Local Variables
- int32_t status = CRYPTO_LIB_SUCCESS;
- uint8_t *ptr_processed_frame = NULL;
+ int32_t status = CRYPTO_LIB_SUCCESS;
+
uint16_t processed_aos_len;
// Configure Parameters
@@ -1999,8 +2072,6 @@ UTEST(AOS_PROCESS, AOS_PROCESS_HEAP_UNDERFLOW_TEST)
TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE,
AOS_CHECK_FECF_FALSE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE);
// AOS Tests
- // Crypto_Config_Add_Gvcid_Managed_Parameter(1, 0x0003, 0, AOS_HAS_FECF, AOS_SEGMENT_HDRS_NA, AOS_NO_OCF, 1786,
- // AOS_NO_FHEC, AOS_HAS_IZ, 10);
GvcidManagedParameters_t AOS_UT_Managed_Parameters = {
1, 0x0000, 48, AOS_NO_FECF, AOS_NO_FHEC, AOS_IZ_NA, 0, AOS_SEGMENT_HDRS_NA, 1786, AOS_NO_OCF, 1};
@@ -2024,28 +2095,26 @@ UTEST(AOS_PROCESS, AOS_PROCESS_HEAP_UNDERFLOW_TEST)
ekp = key_if->get_key(sa_ptr->ekid);
ekp->key_state = KEY_ACTIVE;
- status =
- Crypto_AOS_ProcessSecurity((uint8_t *)framed_aos_b, framed_aos_len, &ptr_processed_frame, &processed_aos_len);
+ AOS_t *aos_frame;
+ aos_frame = malloc(sizeof(uint8_t) * AOS_SIZE);
+ memset(aos_frame, 0, (sizeof(uint8_t) * AOS_SIZE));
+
+ status = Crypto_AOS_ProcessSecurity((uint8_t *)framed_aos_b, framed_aos_len, aos_frame, &processed_aos_len);
ASSERT_EQ(CRYPTO_LIB_ERR_AOS_FL_LT_MAX_FRAME_SIZE, status);
Crypto_Shutdown();
free(framed_aos_b);
- free(ptr_processed_frame);
+ free(aos_frame);
}
UTEST(AOS_PROCESS, AOS_FHECF_TEST)
{
remove("sa_save_file.bin");
// Local Variables
- int32_t status = CRYPTO_LIB_SUCCESS;
- uint8_t *ptr_processed_frame = NULL;
- uint16_t processed_aos_len;
+ int32_t status = CRYPTO_LIB_SUCCESS;
- for (int i = 0; i < RS_PARITY; i++)
- {
- printf("Parity[%d] is: %01X\n", i, parity[i]);
- }
+ uint16_t processed_aos_len;
// Configure Parameters
Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT,
@@ -2079,19 +2148,130 @@ UTEST(AOS_PROCESS, AOS_FHECF_TEST)
ekp = key_if->get_key(sa_ptr->ekid);
ekp->key_state = KEY_ACTIVE;
- status =
- Crypto_AOS_ProcessSecurity((uint8_t *)framed_aos_b, framed_aos_len, &ptr_processed_frame, &processed_aos_len);
+ AOS_t *aos_frame;
+ aos_frame = malloc(sizeof(uint8_t) * AOS_SIZE);
+ memset(aos_frame, 0, (sizeof(uint8_t) * AOS_SIZE));
+
+ status = Crypto_AOS_ProcessSecurity((uint8_t *)framed_aos_b, framed_aos_len, aos_frame, &processed_aos_len);
ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
- for (int i = 6; i < 6 + (RS_PARITY / 2); i++) // bytes 6-8 of header
- {
- printf("Framed: %02x\nProcessed: %02x\n", (uint8_t) * (framed_aos_b + i), (uint8_t)ptr_processed_frame[i]);
- ASSERT_EQ((uint8_t)ptr_processed_frame[i], (uint8_t) * (framed_aos_b + i));
- }
+ printf("Framed: %04x\nProcessed: %04x\n", (uint16_t)(((uint8_t)framed_aos_b[6] << 8) | (uint8_t)framed_aos_b[7]),
+ aos_frame->aos_header.fhecf);
+ ASSERT_EQ(aos_frame->aos_header.fhecf, (uint16_t)(((uint8_t)framed_aos_b[6] << 8) | (uint8_t)framed_aos_b[7]));
+
+ Crypto_aosPrint(aos_frame);
+
+ Crypto_Shutdown();
+ free(framed_aos_b);
+ free(aos_frame);
+}
+
+UTEST(AOS_PROCESS, AOS_6BYTE_TEST)
+{
+ remove("sa_save_file.bin");
+ // Local Variables
+ int32_t status = CRYPTO_LIB_SUCCESS;
+
+ uint16_t processed_aos_len;
+
+ // Configure Parameters
+ Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT,
+ IV_INTERNAL, CRYPTO_AOS_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR,
+ TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE,
+ AOS_CHECK_FECF_FALSE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE);
+ // AOS Test
+ GvcidManagedParameters_t AOS_UT_Managed_Parameters = {
+ 1, 0x0003, 0, AOS_HAS_FECF, AOS_NO_FHEC, AOS_IZ_NA, 0, AOS_SEGMENT_HDRS_NA, 6, AOS_NO_OCF, 1};
+ Crypto_Config_Add_Gvcid_Managed_Parameters(AOS_UT_Managed_Parameters);
+ status = Crypto_Init();
+
+ // Test frame setup
+ char *framed_aos_h = "40C0FEDCBA98";
+ char *framed_aos_b = NULL;
+ int framed_aos_len = 0;
+ hex_conversion(framed_aos_h, &framed_aos_b, &framed_aos_len);
+
+ SecurityAssociation_t *sa_ptr = NULL;
+ SaInterface sa_if = get_sa_interface_inmemory();
+ sa_if->sa_get_from_spi(10, &sa_ptr); // Disable SPI 10
+ sa_ptr->sa_state = SA_KEYED;
+ sa_if->sa_get_from_spi(5, &sa_ptr); // Enable and setup 5
+ sa_ptr->sa_state = SA_OPERATIONAL;
+ sa_ptr->est = 1;
+ sa_ptr->ecs = CRYPTO_CIPHER_AES256_GCM;
+ sa_ptr->arsn_len = 0;
+ sa_ptr->shsnf_len = 0;
+
+ crypto_key_t *ekp = NULL;
+ ekp = key_if->get_key(sa_ptr->ekid);
+ ekp->key_state = KEY_ACTIVE;
+
+ AOS_t *aos_frame;
+ aos_frame = malloc(sizeof(uint8_t) * AOS_SIZE);
+ memset(aos_frame, 0, (sizeof(uint8_t) * AOS_SIZE));
+
+ status = Crypto_AOS_ProcessSecurity((uint8_t *)framed_aos_b, framed_aos_len, aos_frame, &processed_aos_len);
+ ASSERT_EQ(CRYPTO_LIB_ERR_INVALID_AOS_FRAME_LENGTH, status);
+
+ Crypto_aosPrint(aos_frame);
+
+ Crypto_Shutdown();
+ free(framed_aos_b);
+ free(aos_frame);
+}
+
+UTEST(AOS_PROCESS, AOS_8BYTE_TEST)
+{
+ remove("sa_save_file.bin");
+ // Local Variables
+ int32_t status = CRYPTO_LIB_SUCCESS;
+
+ uint16_t processed_aos_len;
+
+ // Configure Parameters
+ Crypto_Config_CryptoLib(KEY_TYPE_INTERNAL, MC_TYPE_INTERNAL, SA_TYPE_INMEMORY, CRYPTOGRAPHY_TYPE_LIBGCRYPT,
+ IV_INTERNAL, CRYPTO_AOS_CREATE_FECF_TRUE, TC_PROCESS_SDLS_PDUS_TRUE, TC_HAS_PUS_HDR,
+ TC_IGNORE_SA_STATE_FALSE, TC_IGNORE_ANTI_REPLAY_FALSE, TC_UNIQUE_SA_PER_MAP_ID_FALSE,
+ AOS_CHECK_FECF_FALSE, 0x3F, SA_INCREMENT_NONTRANSMITTED_IV_TRUE);
+ // AOS Test
+ GvcidManagedParameters_t AOS_UT_Managed_Parameters = {
+ 1, 0x0003, 0, AOS_HAS_FECF, AOS_NO_FHEC, AOS_IZ_NA, 0, AOS_SEGMENT_HDRS_NA, 8, AOS_NO_OCF, 1};
+ Crypto_Config_Add_Gvcid_Managed_Parameters(AOS_UT_Managed_Parameters);
+ status = Crypto_Init();
+
+ // Test frame setup
+ char *framed_aos_h = "40C0FEDCBA987605";
+ char *framed_aos_b = NULL;
+ int framed_aos_len = 0;
+ hex_conversion(framed_aos_h, &framed_aos_b, &framed_aos_len);
+
+ SecurityAssociation_t *sa_ptr = NULL;
+ SaInterface sa_if = get_sa_interface_inmemory();
+ sa_if->sa_get_from_spi(10, &sa_ptr); // Disable SPI 10
+ sa_ptr->sa_state = SA_KEYED;
+ sa_if->sa_get_from_spi(5, &sa_ptr); // Enable and setup 5
+ sa_ptr->sa_state = SA_OPERATIONAL;
+ sa_ptr->est = 1;
+ sa_ptr->ecs = CRYPTO_CIPHER_AES256_GCM;
+ sa_ptr->arsn_len = 0;
+ sa_ptr->shsnf_len = 0;
+
+ crypto_key_t *ekp = NULL;
+ ekp = key_if->get_key(sa_ptr->ekid);
+ ekp->key_state = KEY_ACTIVE;
+
+ AOS_t *aos_frame;
+ aos_frame = malloc(sizeof(uint8_t) * AOS_SIZE);
+ memset(aos_frame, 0, (sizeof(uint8_t) * AOS_SIZE));
+
+ status = Crypto_AOS_ProcessSecurity((uint8_t *)framed_aos_b, framed_aos_len, aos_frame, &processed_aos_len);
+ ASSERT_EQ(CRYPTO_LIB_ERR_INVALID_AOS_FRAME_LENGTH, status);
+
+ Crypto_aosPrint(aos_frame);
Crypto_Shutdown();
free(framed_aos_b);
- free(ptr_processed_frame);
+ free(aos_frame);
}
UTEST_MAIN();
\ No newline at end of file
diff --git a/test/unit/ut_crypto.c b/test/unit/ut_crypto.c
index a9998c8c..716c49ab 100644
--- a/test/unit/ut_crypto.c
+++ b/test/unit/ut_crypto.c
@@ -364,14 +364,14 @@ UTEST(CRYPTO_C, STRUCT_SIZE_VERIFICATION)
ASSERT_EQ(SDLS_TLV_HDR_SIZE, (size_t)3);
ASSERT_EQ(SDLS_TLV_SIZE, (size_t)497);
ASSERT_EQ(SDLS_EKB_SIZE, (size_t)514);
- ASSERT_EQ(SDLS_OTAR_SIZE, (size_t)(2 + 16 + 30 * 514 + 16));
+ ASSERT_EQ(SDLS_OTAR_SIZE, (size_t)(2 + IV_SIZE + SDLS_EKB_LEN * 514 + MAC_SIZE));
ASSERT_EQ(SDLS_KEY_SIZE, (size_t)2);
ASSERT_EQ(SDLS_KEY_INVENTORY_CMD_SIZE, (size_t)4);
ASSERT_EQ(SDLS_KEY_INVENTORY_RPLY_SIZE, (size_t)3);
ASSERT_EQ(SDLS_KEYV_CMD_BLK_SIZE, (size_t)18);
ASSERT_EQ(SDLS_KEYV_CMD_SIZE, (size_t)(29 * 18));
- ASSERT_EQ(SDLS_KEYV_RPLY_BLK_SIZE, (size_t)46);
- ASSERT_EQ(SDLS_KEYV_RPLY_SIZE, (size_t)(46 * 29));
+ ASSERT_EQ(SDLS_KEYV_RPLY_BLK_SIZE, (size_t)30 + MAC_SIZE);
+ ASSERT_EQ(SDLS_KEYV_RPLY_SIZE, (size_t)((30 + MAC_SIZE) * 29));
ASSERT_EQ(SDLS_KEYDB_CMD_SIZE, (size_t)12);
ASSERT_EQ(SDLS_KEYDB_RPLY_SIZE, (size_t)38);
ASSERT_EQ(SDLS_SA_STATUS_RPLY_SIZE, (size_t)3);
@@ -382,22 +382,22 @@ UTEST(CRYPTO_C, STRUCT_SIZE_VERIFICATION)
ASSERT_EQ(SDLS_MC_ST_RPLY_SIZE, (size_t)1);
ASSERT_EQ(SDLS_MC_SN_RPLY_SIZE, (size_t)16);
ASSERT_EQ(TC_FRAME_PRIMARYHEADER_STRUCT_SIZE, (size_t)5);
- ASSERT_EQ(TC_FRAME_SECHEADER_SIZE, (size_t)70);
- ASSERT_EQ(TC_FRAME_SECTRAILER_SIZE, (size_t)19);
- ASSERT_EQ(TC_SIZE, (size_t)(5 + 70 + 19 + 2 + 1019));
+ ASSERT_EQ(TC_FRAME_SECHEADER_SIZE, (size_t)40);
+ ASSERT_EQ(TC_FRAME_SECTRAILER_SIZE, (size_t)MAC_SIZE + 3);
+ ASSERT_EQ(TC_SIZE, (size_t)(5 + 40 + MAC_SIZE + 3 + 2 + 1019));
ASSERT_EQ(CCSDS_HDR_SIZE, (size_t)6);
ASSERT_EQ(ECSS_PUS_SIZE, (size_t)4);
ASSERT_EQ(CCSDS_SIZE, (size_t)(6 + 4 + 497));
ASSERT_EQ(TELEMETRY_FRAME_OCF_CLCW_SIZE, (size_t)4);
ASSERT_EQ(TELEMETRY_FRAME_OCF_FSR_SIZE, (size_t)4);
ASSERT_EQ(TM_FRAME_PRIMARYHEADER_SIZE, (size_t)6);
- ASSERT_EQ(TM_FRAME_SECHEADER_SIZE, (size_t)18);
- ASSERT_EQ(TM_FRAME_SECTRAILER_SIZE, (size_t)22);
- ASSERT_EQ(TM_SIZE, (size_t)(6 + 18 + 1786 + 22));
+ ASSERT_EQ(TM_FRAME_SECHEADER_SIZE, (size_t)39);
+ ASSERT_EQ(TM_FRAME_SECTRAILER_SIZE, (size_t)MAC_SIZE + 8);
+ ASSERT_EQ(TM_SIZE, (size_t)(6 + 39 + 1786 + MAC_SIZE + 8 + 2));
ASSERT_EQ(AOS_FRAME_PRIMARYHEADER_SIZE, (size_t)8);
- ASSERT_EQ(AOS_FRAME_SECHEADER_SIZE, (size_t)18);
- ASSERT_EQ(AOS_FRAME_SECTRAILER_SIZE, (size_t)22);
- ASSERT_EQ(AOS_SIZE, (size_t)(8 + 18 + 1786 + 22));
+ ASSERT_EQ(AOS_FRAME_SECHEADER_SIZE, (size_t)71);
+ ASSERT_EQ(AOS_FRAME_SECTRAILER_SIZE, (size_t)MAC_SIZE + 8);
+ ASSERT_EQ(AOS_SIZE, (size_t)(8 + 71 + 1786 + MAC_SIZE + 8 + 2));
}
#ifndef CRYPTO_EPROC
diff --git a/test/unit/ut_tm_process.c b/test/unit/ut_tm_process.c
index 2e0aaf33..e9a36b11 100644
--- a/test/unit/ut_tm_process.c
+++ b/test/unit/ut_tm_process.c
@@ -34,11 +34,15 @@ UTEST(TM_PROCESS_SECURITY, NO_CRYPTO_INIT)
{
remove("sa_save_file.bin");
// Local variables
- int32_t status = CRYPTO_LIB_ERROR;
- int framed_tm_len = 0;
- uint8_t *ptr_processed_frame = NULL;
+ int32_t status = CRYPTO_LIB_ERROR;
+ int framed_tm_len = 0;
+
uint16_t processed_tm_len;
+ TM_t *tm_frame;
+ tm_frame = malloc(sizeof(uint8_t) * TM_SIZE);
+ memset(tm_frame, 0, (sizeof(uint8_t) * TM_SIZE));
+
char *framed_tm_h =
"02C000001800000C08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAA"
"BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
@@ -101,12 +105,13 @@ UTEST(TM_PROCESS_SECURITY, NO_CRYPTO_INIT)
// (uint8_t)framed_tm_b[1],
// (((uint8_t)framed_tm_b[2] & 0xFC) >> 2), map_id, &sa);
- status = Crypto_TM_ProcessSecurity((uint8_t *)framed_tm_h, framed_tm_len, &ptr_processed_frame, &processed_tm_len);
+ status = Crypto_TM_ProcessSecurity((uint8_t *)framed_tm_h, framed_tm_len, tm_frame, &processed_tm_len);
ASSERT_EQ(CRYPTO_LIB_ERR_NO_CONFIG, status);
char *error_enum = Crypto_Get_Error_Code_Enum_String(status);
ASSERT_STREQ("CRYPTO_LIB_ERR_NO_CONFIG", error_enum);
free(framed_tm_b);
+ free(tm_frame);
Crypto_Shutdown();
}
@@ -117,11 +122,14 @@ UTEST(TM_PROCESS_SECURITY, NO_CONFIG)
{
remove("sa_save_file.bin");
// Local variables
- int32_t status = CRYPTO_LIB_ERROR;
- int framed_tm_len = 0;
- uint8_t *ptr_processed_frame = NULL;
+ int32_t status = CRYPTO_LIB_ERROR;
+ int framed_tm_len = 0;
uint16_t processed_tm_len;
+ TM_t *tm_frame;
+ tm_frame = malloc(sizeof(uint8_t) * TM_SIZE);
+ memset(tm_frame, 0, (sizeof(uint8_t) * TM_SIZE));
+
char *framed_tm_h =
"02C000001800000C08010000000F00112233445566778899AABBCCDDEEFFA107FF000006D2ABBABBAABBAABBAABBAABBAABBAABBAABBAA"
"BBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABBAABB"
@@ -171,13 +179,14 @@ UTEST(TM_PROCESS_SECURITY, NO_CONFIG)
// Determine security association by GVCID, which nominally happens in TO
// status = sa_if->sa_get_operational_sa_from_gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid,
// tm_frame_pri_hdr.vcid, map_id, &sa_ptr); printf("STATUS is %d\n", status);
- status = Crypto_TM_ProcessSecurity((uint8_t *)framed_tm_h, framed_tm_len, &ptr_processed_frame, &processed_tm_len);
+ status = Crypto_TM_ProcessSecurity((uint8_t *)framed_tm_h, framed_tm_len, tm_frame, &processed_tm_len);
ASSERT_EQ(CRYPTO_LIB_ERR_NO_CONFIG, status);
char *error_enum = Crypto_Get_Error_Code_Enum_String(status);
ASSERT_STREQ("CRYPTO_LIB_ERR_NO_CONFIG", error_enum);
free(framed_tm_b);
+ free(tm_frame);
Crypto_Shutdown();
}
@@ -191,8 +200,8 @@ UTEST(TM_PROCESS_SECURITY, HAPPY_PATH_CLEAR_FECF)
{
remove("sa_save_file.bin");
// Local Variables
- int32_t status = CRYPTO_LIB_SUCCESS;
- uint8_t *ptr_processed_frame = NULL;
+ int32_t status = CRYPTO_LIB_SUCCESS;
+
uint16_t processed_tm_len;
// Configure Parameters
@@ -209,6 +218,10 @@ UTEST(TM_PROCESS_SECURITY, HAPPY_PATH_CLEAR_FECF)
status = Crypto_Init();
ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
+ TM_t *tm_frame;
+ tm_frame = malloc(sizeof(uint8_t) * TM_SIZE);
+ memset(tm_frame, 0, (sizeof(uint8_t) * TM_SIZE));
+
// Test frame setup
// Note: SPI 5 (0x05)
char *framed_tm_h =
@@ -303,23 +316,28 @@ UTEST(TM_PROCESS_SECURITY, HAPPY_PATH_CLEAR_FECF)
akp = key_if->get_key(sa_ptr->akid);
akp->key_state = KEY_ACTIVE;
- status = Crypto_TM_ProcessSecurity((uint8_t *)framed_tm_b, framed_tm_len, &ptr_processed_frame, &processed_tm_len);
+ status = Crypto_TM_ProcessSecurity((uint8_t *)framed_tm_b, framed_tm_len, tm_frame, &processed_tm_len);
ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
// Determine managed parameters by GVCID, which nominally happens in TO
status =
Crypto_Get_Managed_Parameters_For_Gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid,
gvcid_managed_parameters_array, &tm_current_managed_parameters_struct);
+
// Now, byte by byte verify the static frame in memory is equivalent to what we started with
- for (int i = 0; i < tm_current_managed_parameters_struct.max_frame_size; i++)
+ uint16_t sh_len = Crypto_Get_Security_Header_Length(sa_ptr);
+ uint16_t offset = TM_FRAME_PRIMARYHEADER_SIZE + sh_len;
+ for (int i = 0; i < tm_frame->tm_pdu_len; i++)
{
- // printf("Checking %02x against %02X\n", (uint8_t)ptr_processed_frame[i], (uint8_t)*(truth_tm_b + i));
- ASSERT_EQ((uint8_t)ptr_processed_frame[i], (uint8_t) * (truth_tm_b + i));
+ printf("Checking %02x against %02X\n", (uint8_t)tm_frame->tm_pdu[i], (uint8_t) * (truth_tm_b + offset + i));
+ ASSERT_EQ((uint8_t)tm_frame->tm_pdu[i], (uint8_t) * (truth_tm_b + offset + i));
}
+ Crypto_tmPrint(tm_frame);
+
Crypto_Shutdown();
free(framed_tm_b);
free(truth_tm_b);
- free(ptr_processed_frame);
+ free(tm_frame);
}
/**
@@ -332,8 +350,8 @@ UTEST(TM_PROCESS_SECURITY, SECONDARY_HDR_PRESENT_PLAINTEXT)
{
remove("sa_save_file.bin");
// Local Variables
- int32_t status = CRYPTO_LIB_SUCCESS;
- uint8_t *ptr_processed_frame = NULL;
+ int32_t status = CRYPTO_LIB_SUCCESS;
+
uint16_t processed_tm_len;
// Configure Parameters
@@ -457,23 +475,32 @@ UTEST(TM_PROCESS_SECURITY, SECONDARY_HDR_PRESENT_PLAINTEXT)
akp = key_if->get_key(sa_ptr->akid);
akp->key_state = KEY_ACTIVE;
- status = Crypto_TM_ProcessSecurity((uint8_t *)framed_tm_b, framed_tm_len, &ptr_processed_frame, &processed_tm_len);
+ TM_t *tm_frame;
+ tm_frame = malloc(sizeof(uint8_t) * TM_SIZE);
+ memset(tm_frame, 0, (sizeof(uint8_t) * TM_SIZE));
+
+ status = Crypto_TM_ProcessSecurity((uint8_t *)framed_tm_b, framed_tm_len, tm_frame, &processed_tm_len);
ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
// Determine managed parameters by GVCID, which nominally happens in TO
status =
Crypto_Get_Managed_Parameters_For_Gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid, tm_frame_pri_hdr.vcid,
gvcid_managed_parameters_array, &tm_current_managed_parameters_struct);
+
// Now, byte by byte verify the static frame in memory is equivalent to what we started with
- for (int i = 0; i < tm_current_managed_parameters_struct.max_frame_size; i++)
+ uint16_t sh_len = Crypto_Get_Security_Header_Length(sa_ptr);
+ uint16_t offset = TM_FRAME_PRIMARYHEADER_SIZE + sh_len;
+ for (int i = 0; i < tm_frame->tm_pdu_len; i++)
{
- // printf("Checking %02x against %02X\n", tm_frame[i], (uint8_t)*(truth_tm_b + i));
- ASSERT_EQ(ptr_processed_frame[i], (uint8_t) * (truth_tm_b + i));
+ // printf("Checking %02x against %02X\n", tm_frame->tm_pdu[i], (uint8_t)*(truth_tm_b + offset + i));
+ ASSERT_EQ(tm_frame->tm_pdu[i], (uint8_t) * (truth_tm_b + offset + i));
}
+ Crypto_tmPrint(tm_frame);
+
Crypto_Shutdown();
free(framed_tm_b);
free(truth_tm_b);
- free(ptr_processed_frame);
+ free(tm_frame);
}
/**
@@ -487,8 +514,8 @@ UTEST(TM_PROCESS_SECURITY, SECONDARY_HDR_PRESENT_MAC)
{
remove("sa_save_file.bin");
// Local Variables
- int32_t status = CRYPTO_LIB_SUCCESS;
- uint8_t *ptr_processed_frame = NULL;
+ int32_t status = CRYPTO_LIB_SUCCESS;
+
uint16_t processed_tm_len;
SecurityAssociation_t *sa_ptr = NULL;
@@ -586,8 +613,9 @@ UTEST(TM_PROCESS_SECURITY, SECONDARY_HDR_PRESENT_MAC)
int truth_tm_len = 0;
hex_conversion(truth_tm_h, &truth_tm_b, &truth_tm_len);
- // Memcpy test frame into static TM - Make STATIC BLOCK size of standard max
- memcpy(&tm_frame, framed_tm_b, framed_tm_len);
+ TM_t *tm_frame;
+ tm_frame = malloc(sizeof(uint8_t) * TM_SIZE);
+ memset(tm_frame, 0, (sizeof(uint8_t) * TM_SIZE));
// Bit math to give concise access to values already set in the static transfer frame
tm_frame_pri_hdr.tfvn = ((uint8_t)framed_tm_b[0] & 0xC0) >> 6;
@@ -627,19 +655,23 @@ UTEST(TM_PROCESS_SECURITY, SECONDARY_HDR_PRESENT_MAC)
// status = Crypto_Get_Managed_Parameters_For_Gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid,
// tm_frame_pri_hdr.vcid,
// gvcid_managed_parameters, ¤t_managed_parameters);
- status = Crypto_TM_ProcessSecurity((uint8_t *)framed_tm_b, framed_tm_len, &ptr_processed_frame, &processed_tm_len);
+ status = Crypto_TM_ProcessSecurity((uint8_t *)framed_tm_b, framed_tm_len, tm_frame, &processed_tm_len);
ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
// Now, byte by byte verify the static frame in memory is equivalent to what we started with
- for (int i = 0; i < tm_current_managed_parameters_struct.max_frame_size; i++)
+ uint16_t sh_len = Crypto_Get_Security_Header_Length(sa_ptr);
+ uint16_t offset = TM_FRAME_PRIMARYHEADER_SIZE + sh_len;
+ for (int i = 0; i < tm_frame->tm_pdu_len; i++)
{
// printf("Checking %02x against %02X\n", ptr_processed_frame[i], (uint8_t)*(truth_tm_b + i));
- ASSERT_EQ(ptr_processed_frame[i], (uint8_t) * (truth_tm_b + i));
+ ASSERT_EQ(tm_frame->tm_pdu[i], (uint8_t) * (truth_tm_b + offset + i));
}
+ Crypto_tmPrint(tm_frame);
+
Crypto_Shutdown();
free(framed_tm_b);
free(truth_tm_b);
- free(ptr_processed_frame);
+ free(tm_frame);
}
/**
@@ -649,8 +681,8 @@ UTEST(TM_PROCESS_SECURITY, AES_CMAC_256_TEST_0)
{
remove("sa_save_file.bin");
// Local Variables
- int32_t status = CRYPTO_LIB_SUCCESS;
- uint8_t *ptr_processed_frame = NULL;
+ int32_t status = CRYPTO_LIB_SUCCESS;
+
uint16_t processed_tm_len;
SecurityAssociation_t *sa_ptr = NULL;
@@ -749,9 +781,6 @@ UTEST(TM_PROCESS_SECURITY, AES_CMAC_256_TEST_0)
int truth_tm_len = 0;
hex_conversion(truth_tm_h, &truth_tm_b, &truth_tm_len);
- // Memcpy test frame into static TM - Make STATIC BLOCK size of standard max
- memcpy(&tm_frame, framed_tm_b, framed_tm_len);
-
// Expose/setup SA for testing
// Configure SA 12
sa_if->sa_get_from_spi(12, &sa_ptr);
@@ -794,10 +823,14 @@ UTEST(TM_PROCESS_SECURITY, AES_CMAC_256_TEST_0)
// status = sa_if->sa_get_operational_sa_from_gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid,
// tm_frame_pri_hdr.vcid, map_id, &sa_ptr);
+ TM_t *tm_frame;
+ tm_frame = malloc(sizeof(uint8_t) * TM_SIZE);
+ memset(tm_frame, 0, (sizeof(uint8_t) * TM_SIZE));
+
// Pass these references to ProcessSecurity to avoid duplications of call in real setup onboard
// e.g. so TO doesn't make the call, and then it's doubled within ProcessSecurity
// managed_parameters are a global, don't need passed
- status = Crypto_TM_ProcessSecurity((uint8_t *)framed_tm_b, framed_tm_len, &ptr_processed_frame, &processed_tm_len);
+ status = Crypto_TM_ProcessSecurity((uint8_t *)framed_tm_b, framed_tm_len, tm_frame, &processed_tm_len);
ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
// Byte by byte verify:
@@ -805,16 +838,20 @@ UTEST(TM_PROCESS_SECURITY, AES_CMAC_256_TEST_0)
// 2) SPI is set correctly
// 3) MAC is calculated and placed correctly
// 4) FECF is re-calculated and updated
- for (int i = 0; i < tm_current_managed_parameters_struct.max_frame_size; i++)
+ uint16_t sh_len = Crypto_Get_Security_Header_Length(sa_ptr);
+ uint16_t offset = TM_FRAME_PRIMARYHEADER_SIZE + sh_len;
+ for (int i = 0; i < tm_frame->tm_pdu_len; i++)
{
// printf("Checking %02x against %02X\n", ptr_processed_frame[i], (uint8_t)*(truth_tm_b + i));
- ASSERT_EQ(ptr_processed_frame[i], (uint8_t) * (truth_tm_b + i));
+ ASSERT_EQ(tm_frame->tm_pdu[i], (uint8_t) * (truth_tm_b + offset + i));
}
+ Crypto_tmPrint(tm_frame);
+
Crypto_Shutdown();
free(framed_tm_b);
free(truth_tm_b);
- free(ptr_processed_frame);
+ free(tm_frame);
}
/**
@@ -824,8 +861,8 @@ UTEST(TM_PROCESS_SECURITY, AES_CMAC_256_TEST_1)
{
remove("sa_save_file.bin");
// Local Variables
- int32_t status = CRYPTO_LIB_SUCCESS;
- uint8_t *ptr_processed_frame = NULL;
+ int32_t status = CRYPTO_LIB_SUCCESS;
+
uint16_t processed_tm_len;
SecurityAssociation_t *sa_ptr = NULL;
// uint8_t map_id = TYPE_TM; // Not used in TM, but simplifies getting SA
@@ -926,9 +963,6 @@ UTEST(TM_PROCESS_SECURITY, AES_CMAC_256_TEST_1)
int truth_tm_len = 0;
hex_conversion(truth_tm_h, &truth_tm_b, &truth_tm_len);
- // Memcpy test frame into static TM - Make STATIC BLOCK size of standard max
- memcpy(&tm_frame, framed_tm_b, framed_tm_len);
-
// Expose/setup SA for testing
// Configure SA 12
sa_if->sa_get_from_spi(12, &sa_ptr);
@@ -972,10 +1006,14 @@ UTEST(TM_PROCESS_SECURITY, AES_CMAC_256_TEST_1)
// status = sa_if->sa_get_operational_sa_from_gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid,
// tm_frame_pri_hdr.vcid, map_id, &sa_ptr);
+ TM_t *tm_frame;
+ tm_frame = malloc(sizeof(uint8_t) * TM_SIZE);
+ memset(tm_frame, 0, (sizeof(uint8_t) * TM_SIZE));
+
// Pass these references to ProcessSecurity to avoid duplications of call in real setup onboard
// e.g. so TO doesn't make the call, and then it's doubled within ProcessSecurity
// managed_parameters are a global, don't need passed
- status = Crypto_TM_ProcessSecurity((uint8_t *)framed_tm_b, framed_tm_len, &ptr_processed_frame, &processed_tm_len);
+ status = Crypto_TM_ProcessSecurity((uint8_t *)framed_tm_b, framed_tm_len, tm_frame, &processed_tm_len);
ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
// Byte by byte verify:
@@ -983,16 +1021,20 @@ UTEST(TM_PROCESS_SECURITY, AES_CMAC_256_TEST_1)
// 2) SPI is zeroed
// 3) MAC is zeroed
// 4) FECF is zeroed
- for (int i = 0; i < tm_current_managed_parameters_struct.max_frame_size; i++)
+ uint16_t sh_len = Crypto_Get_Security_Header_Length(sa_ptr);
+ uint16_t offset = TM_FRAME_PRIMARYHEADER_SIZE + sh_len;
+ for (int i = 0; i < tm_frame->tm_pdu_len; i++)
{
// printf("Checking %02x against %02X\n", ptr_processed_frame[i], (uint8_t)*(truth_tm_b + i));
- ASSERT_EQ(ptr_processed_frame[i], (uint8_t) * (truth_tm_b + i));
+ ASSERT_EQ(tm_frame->tm_pdu[i], (uint8_t) * (truth_tm_b + offset + i));
}
+ Crypto_tmPrint(tm_frame);
+
Crypto_Shutdown();
free(framed_tm_b);
free(truth_tm_b);
- free(ptr_processed_frame);
+ free(tm_frame);
}
/**
@@ -1002,8 +1044,8 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_256_TEST_0)
{
remove("sa_save_file.bin");
// Local Variables
- int32_t status = CRYPTO_LIB_SUCCESS;
- uint8_t *ptr_processed_frame = NULL;
+ int32_t status = CRYPTO_LIB_SUCCESS;
+
uint16_t processed_tm_len;
SecurityAssociation_t *sa_ptr = NULL;
@@ -1102,9 +1144,6 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_256_TEST_0)
int truth_tm_len = 0;
hex_conversion(truth_tm_h, &truth_tm_b, &truth_tm_len);
- // Memcpy test frame into static TM - Make STATIC BLOCK size of standard max
- memcpy(&tm_frame, framed_tm_b, framed_tm_len);
-
// Expose/setup SA for testing
// Configure SA 12
sa_if->sa_get_from_spi(12, &sa_ptr);
@@ -1148,10 +1187,14 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_256_TEST_0)
// status = sa_if->sa_get_operational_sa_from_gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid,
// tm_frame_pri_hdr.vcid, map_id, &sa_ptr);
+ TM_t *tm_frame;
+ tm_frame = malloc(sizeof(uint8_t) * TM_SIZE);
+ memset(tm_frame, 0, (sizeof(uint8_t) * TM_SIZE));
+
// Pass these references to ProcessSecurity to avoid duplications of call in real setup onboard
// e.g. so TO doesn't make the call, and then it's doubled within ProcessSecurity
// managed_parameters are a global, don't need passed
- status = Crypto_TM_ProcessSecurity((uint8_t *)framed_tm_b, framed_tm_len, &ptr_processed_frame, &processed_tm_len);
+ status = Crypto_TM_ProcessSecurity((uint8_t *)framed_tm_b, framed_tm_len, tm_frame, &processed_tm_len);
ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
// Byte by byte verify:
@@ -1159,16 +1202,20 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_256_TEST_0)
// 2) SPI is set correctly
// 3) MAC is calculated and placed correctly
// 4) FECF is re-calculated and updated
- for (int i = 0; i < tm_current_managed_parameters_struct.max_frame_size; i++)
+ uint16_t sh_len = Crypto_Get_Security_Header_Length(sa_ptr);
+ uint16_t offset = TM_FRAME_PRIMARYHEADER_SIZE + sh_len;
+ for (int i = 0; i < tm_frame->tm_pdu_len; i++)
{
// printf("Checking %02x against %02X\n", ptr_processed_frame[i], (uint8_t)*(truth_tm_b + i));
- ASSERT_EQ(ptr_processed_frame[i], (uint8_t) * (truth_tm_b + i));
+ ASSERT_EQ(tm_frame->tm_pdu[i], (uint8_t) * (truth_tm_b + offset + i));
}
+ Crypto_tmPrint(tm_frame);
+
Crypto_Shutdown();
free(framed_tm_b);
free(truth_tm_b);
- free(ptr_processed_frame);
+ free(tm_frame);
}
/**
@@ -1178,8 +1225,8 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_256_TEST_1)
{
remove("sa_save_file.bin");
// Local Variables
- int32_t status = CRYPTO_LIB_SUCCESS;
- uint8_t *ptr_processed_frame = NULL;
+ int32_t status = CRYPTO_LIB_SUCCESS;
+
uint16_t processed_tm_len;
SecurityAssociation_t *sa_ptr = NULL;
@@ -1278,9 +1325,6 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_256_TEST_1)
int truth_tm_len = 0;
hex_conversion(truth_tm_h, &truth_tm_b, &truth_tm_len);
- // Memcpy test frame into static TM - Make STATIC BLOCK size of standard max
- memcpy(&tm_frame, framed_tm_b, framed_tm_len);
-
// Expose/setup SA for testing
// Configure SA 12
sa_if->sa_get_from_spi(12, &sa_ptr);
@@ -1324,10 +1368,14 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_256_TEST_1)
// status = sa_if->sa_get_operational_sa_from_gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid,
// tm_frame_pri_hdr.vcid, map_id, &sa_ptr);
+ TM_t *tm_frame;
+ tm_frame = malloc(sizeof(uint8_t) * TM_SIZE);
+ memset(tm_frame, 0, (sizeof(uint8_t) * TM_SIZE));
+
// Pass these references to ProcessSecurity to avoid duplications of call in real setup onboard
// e.g. so TO doesn't make the call, and then it's doubled within ProcessSecurity
// managed_parameters are a global, don't need passed
- status = Crypto_TM_ProcessSecurity((uint8_t *)framed_tm_b, framed_tm_len, &ptr_processed_frame, &processed_tm_len);
+ status = Crypto_TM_ProcessSecurity((uint8_t *)framed_tm_b, framed_tm_len, tm_frame, &processed_tm_len);
ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
// Byte by byte verify:
@@ -1335,16 +1383,20 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_256_TEST_1)
// 2) SPI is set correctly
// 3) MAC is calculated and placed correctly
// 4) FECF is re-calculated and updated
- for (int i = 0; i < tm_current_managed_parameters_struct.max_frame_size; i++)
+ uint16_t sh_len = Crypto_Get_Security_Header_Length(sa_ptr);
+ uint16_t offset = TM_FRAME_PRIMARYHEADER_SIZE + sh_len;
+ for (int i = 0; i < tm_frame->tm_pdu_len; i++)
{
// printf("Checking %02x against %02X\n", ptr_processed_frame[i], (uint8_t)*(truth_tm_b + i));
- ASSERT_EQ(ptr_processed_frame[i], (uint8_t) * (truth_tm_b + i));
+ ASSERT_EQ(tm_frame->tm_pdu[i], (uint8_t) * (truth_tm_b + offset + i));
}
+ Crypto_tmPrint(tm_frame);
+
Crypto_Shutdown();
free(framed_tm_b);
free(truth_tm_b);
- free(ptr_processed_frame);
+ free(tm_frame);
}
/**
@@ -1354,8 +1406,8 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_512_TEST_0)
{
remove("sa_save_file.bin");
// Local Variables
- int32_t status = CRYPTO_LIB_SUCCESS;
- uint8_t *ptr_processed_frame = NULL;
+ int32_t status = CRYPTO_LIB_SUCCESS;
+
uint16_t processed_tm_len;
SecurityAssociation_t *sa_ptr = NULL;
@@ -1456,9 +1508,6 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_512_TEST_0)
int truth_tm_len = 0;
hex_conversion(truth_tm_h, &truth_tm_b, &truth_tm_len);
- // Memcpy test frame into static TM - Make STATIC BLOCK size of standard max
- memcpy(&tm_frame, framed_tm_b, framed_tm_len);
-
// Expose/setup SA for testing
// Configure SA 12
sa_if->sa_get_from_spi(12, &sa_ptr);
@@ -1503,10 +1552,14 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_512_TEST_0)
// status = sa_if->sa_get_operational_sa_from_gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid,
// tm_frame_pri_hdr.vcid, map_id, &sa_ptr);
+ TM_t *tm_frame;
+ tm_frame = malloc(sizeof(uint8_t) * TM_SIZE);
+ memset(tm_frame, 0, (sizeof(uint8_t) * TM_SIZE));
+
// Pass these references to ProcessSecurity to avoid duplications of call in real setup onboard
// e.g. so TO doesn't make the call, and then it's doubled within ProcessSecurity
// managed_parameters are a global, don't need passed
- status = Crypto_TM_ProcessSecurity((uint8_t *)framed_tm_b, framed_tm_len, &ptr_processed_frame, &processed_tm_len);
+ status = Crypto_TM_ProcessSecurity((uint8_t *)framed_tm_b, framed_tm_len, tm_frame, &processed_tm_len);
ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
// Byte by byte verify:
@@ -1514,16 +1567,20 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_512_TEST_0)
// 2) SPI is set correctly
// 3) MAC is calculated and placed correctly
// 4) FECF is re-calculated and updated
- for (int i = 0; i < tm_current_managed_parameters_struct.max_frame_size; i++)
+ uint16_t sh_len = Crypto_Get_Security_Header_Length(sa_ptr);
+ uint16_t offset = TM_FRAME_PRIMARYHEADER_SIZE + sh_len;
+ for (int i = 0; i < tm_frame->tm_pdu_len; i++)
{
// printf("Checking %02x against %02X\n", ptr_processed_frame[i], (uint8_t)*(truth_tm_b + i));
- ASSERT_EQ(ptr_processed_frame[i], (uint8_t) * (truth_tm_b + i));
+ ASSERT_EQ(tm_frame->tm_pdu[i], (uint8_t) * (truth_tm_b + offset + i));
}
+ Crypto_tmPrint(tm_frame);
+
Crypto_Shutdown();
free(framed_tm_b);
free(truth_tm_b);
- free(ptr_processed_frame);
+ free(tm_frame);
}
/**
@@ -1533,8 +1590,8 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_512_TEST_1)
{
remove("sa_save_file.bin");
// Local Variables
- int32_t status = CRYPTO_LIB_SUCCESS;
- uint8_t *ptr_processed_frame = NULL;
+ int32_t status = CRYPTO_LIB_SUCCESS;
+
uint16_t processed_tm_len;
SecurityAssociation_t *sa_ptr = NULL;
@@ -1635,9 +1692,6 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_512_TEST_1)
int truth_tm_len = 0;
hex_conversion(truth_tm_h, &truth_tm_b, &truth_tm_len);
- // Memcpy test frame into static TM - Make STATIC BLOCK size of standard max
- memcpy(&tm_frame, framed_tm_b, framed_tm_len);
-
// Expose/setup SA for testing
// Configure SA 12
sa_if->sa_get_from_spi(12, &sa_ptr);
@@ -1682,10 +1736,14 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_512_TEST_1)
// status = sa_if->sa_get_operational_sa_from_gvcid(tm_frame_pri_hdr.tfvn, tm_frame_pri_hdr.scid,
// tm_frame_pri_hdr.vcid, map_id, &sa_ptr);
+ TM_t *tm_frame;
+ tm_frame = malloc(sizeof(uint8_t) * TM_SIZE);
+ memset(tm_frame, 0, (sizeof(uint8_t) * TM_SIZE));
+
// Pass these references to ProcessSecurity to avoid duplications of call in real setup onboard
// e.g. so TO doesn't make the call, and then it's doubled within ProcessSecurity
// managed_parameters are a global, don't need passed
- status = Crypto_TM_ProcessSecurity((uint8_t *)framed_tm_b, framed_tm_len, &ptr_processed_frame, &processed_tm_len);
+ status = Crypto_TM_ProcessSecurity((uint8_t *)framed_tm_b, framed_tm_len, tm_frame, &processed_tm_len);
ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
// Byte by byte verify:
@@ -1693,16 +1751,20 @@ UTEST(TM_PROCESS_ENC_VAL, AES_HMAC_SHA_512_TEST_1)
// 2) SPI is set correctly
// 3) MAC is calculated and placed correctly
// 4) FECF is re-calculated and updated
- for (int i = 0; i < tm_current_managed_parameters_struct.max_frame_size; i++)
+ uint16_t sh_len = Crypto_Get_Security_Header_Length(sa_ptr);
+ uint16_t offset = TM_FRAME_PRIMARYHEADER_SIZE + sh_len;
+ for (int i = 0; i < tm_frame->tm_pdu_len; i++)
{
// printf("Checking %02x against %02X\n", ptr_processed_frame[i], (uint8_t)*(truth_tm_b + i));
- ASSERT_EQ(ptr_processed_frame[i], (uint8_t) * (truth_tm_b + i));
+ ASSERT_EQ(tm_frame->tm_pdu[i], (uint8_t) * (truth_tm_b + offset + i));
}
+ Crypto_tmPrint(tm_frame);
+
Crypto_Shutdown();
free(framed_tm_b);
free(truth_tm_b);
- free(ptr_processed_frame);
+ free(tm_frame);
}
/**
@@ -1713,8 +1775,8 @@ UTEST(TM_PROCESS_ENC_VAL, AES_GCM_BITMASK_1)
{
remove("sa_save_file.bin");
// Local Variables
- int32_t status = CRYPTO_LIB_SUCCESS;
- uint8_t *ptr_processed_frame = NULL;
+ int32_t status = CRYPTO_LIB_SUCCESS;
+
uint16_t processed_tm_len;
// SecurityAssociation_t *sa_ptr = NULL;
@@ -1735,7 +1797,7 @@ UTEST(TM_PROCESS_ENC_VAL, AES_GCM_BITMASK_1)
// Test frame setup Header |SPI| IV | Data
char *framed_tm_h =
- "02c0000018000006deadbeefdeadbeefdeadbeefdeadbeef0b355a29091cc09b6434ca743273c0a1f0529d44cedd32f09b9dbb45ab35c4"
+ "02c0B0B018000006deadbeefdeadbeefdeadbeefdeadbeef0b355a29091cc09b6434ca743273c0a1f0529d44cedd32f09b9dbb45ab35c4"
"b607c4783aaefe7068f6924f069e335dacbf11cb0aba3268b6e1f5b12d6a9ce5e26bf249125ce02cecd90f17f642a9ed8524e73cbca4a1"
"25d16a00babca86146b264f2e36d3f81a8645b8b8a66214c473efdbf6f8faa435c9dc3b839bde4fadea2d8a5c9edfd7e1db8b1ba6c1b10"
"e20f82d98c3959104e826c5dc4f63228f5d3fda431adcb775a2300000113e3fee4b87f2f87550b66fa001494c23357a2f095f3593790f6"
@@ -1833,15 +1895,19 @@ UTEST(TM_PROCESS_ENC_VAL, AES_GCM_BITMASK_1)
ekp = key_if->get_key(test_association->ekid);
ekp->key_state = KEY_ACTIVE;
- status = Crypto_TM_ProcessSecurity((uint8_t *)framed_tm_b, framed_tm_len, &ptr_processed_frame, &processed_tm_len);
+ TM_t *tm_frame;
+ tm_frame = malloc(sizeof(uint8_t) * TM_SIZE);
+ memset(tm_frame, 0, (sizeof(uint8_t) * TM_SIZE));
+
+ status = Crypto_TM_ProcessSecurity((uint8_t *)framed_tm_b, framed_tm_len, tm_frame, &processed_tm_len);
ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
- printf("Decrypted frame contents:\n\t");
- for (int i = 0; i < 1786; i++)
- {
- printf("%02x", ptr_processed_frame[i]);
- // ASSERT_EQ(ptr_processed_frame[i], (uint8_t)*(truth_tm_b + i));
- }
+ // printf("Decrypted frame contents:\n\t");
+ // for (int i = 0; i < 1786; i++)
+ // {
+ // printf("%02x", ptr_processed_frame[i]);
+ // // ASSERT_EQ(ptr_processed_frame[i], (uint8_t)*(truth_tm_b + i));
+ // }
printf("\n Truth Contents\n\t");
for (int i = 0; i < 1786; i++)
@@ -1854,17 +1920,21 @@ UTEST(TM_PROCESS_ENC_VAL, AES_GCM_BITMASK_1)
printf("\n");
printf("\nDoing final checks:\n\t");
- for (int i = 0; i < 1786; i++)
+ uint16_t sh_len = Crypto_Get_Security_Header_Length(test_association);
+ uint16_t offset = TM_FRAME_PRIMARYHEADER_SIZE + sh_len;
+ for (int i = 0; i < tm_frame->tm_pdu_len; i++)
{
- printf("%02x", ptr_processed_frame[i]);
- ASSERT_EQ(ptr_processed_frame[i], (uint8_t) * (truth_tm_b + i));
+ printf("%02x", tm_frame->tm_pdu[i]);
+ ASSERT_EQ(tm_frame->tm_pdu[i], (uint8_t) * (truth_tm_b + offset + i));
}
printf("\n\n");
+ Crypto_tmPrint(tm_frame);
+
free(truth_tm_b);
free(framed_tm_b);
- free(ptr_processed_frame);
+ free(tm_frame);
// free(iv_b);
}
@@ -1876,8 +1946,8 @@ UTEST(TM_PROCESS_ENC_VAL, AEAD_AES_GCM_BITMASK_1)
{
remove("sa_save_file.bin");
// Local Variables
- int32_t status = CRYPTO_LIB_SUCCESS;
- uint8_t *ptr_processed_frame = NULL;
+ int32_t status = CRYPTO_LIB_SUCCESS;
+
uint16_t processed_tm_len;
// SecurityAssociation_t *sa_ptr = NULL;
@@ -2023,36 +2093,43 @@ UTEST(TM_PROCESS_ENC_VAL, AEAD_AES_GCM_BITMASK_1)
// hex_conversion(iv_h, &iv_b, &iv_len);
// memcpy(test_association->iv, iv_b, iv_len);
- status = Crypto_TM_ProcessSecurity((uint8_t *)framed_tm_b, framed_tm_len, &ptr_processed_frame, &processed_tm_len);
+ TM_t *tm_frame;
+ tm_frame = malloc(sizeof(uint8_t) * TM_SIZE);
+ memset(tm_frame, 0, (sizeof(uint8_t) * TM_SIZE));
+
+ status = Crypto_TM_ProcessSecurity((uint8_t *)framed_tm_b, framed_tm_len, tm_frame, &processed_tm_len);
ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
- printf("Decrypted frame contents:\n\t");
- for (int i = 0; i < 1786; i++)
- {
- printf("%02x", ptr_processed_frame[i]);
- }
+ // printf("Decrypted frame contents:\n\t");
+ // for (int i = 0; i < 1786; i++)
+ // {
+ // printf("%02x", ptr_processed_frame[i]);
+ // }
printf("\nDoing final checks:\n\t");
- for (int i = 0; i < 1786; i++)
+ uint16_t sh_len = Crypto_Get_Security_Header_Length(test_association);
+ uint16_t offset = TM_FRAME_PRIMARYHEADER_SIZE + sh_len;
+ for (int i = 0; i < tm_frame->tm_pdu_len; i++)
{
- printf("%02x", ptr_processed_frame[i]);
- ASSERT_EQ(ptr_processed_frame[i], (uint8_t) * (truth_tm_b + i));
+ printf("%02x", tm_frame->tm_pdu[i]);
+ ASSERT_EQ(tm_frame->tm_pdu[i], (uint8_t) * (truth_tm_b + offset + i));
}
printf("\n\n");
+ Crypto_tmPrint(tm_frame);
Crypto_Shutdown();
free(truth_tm_b);
free(framed_tm_b);
- free(ptr_processed_frame);
+ free(tm_frame);
// free(iv_b);
}
UTEST(TM_PROCESS, TM_SA_SEGFAULT_TEST)
{
// Local Variables
- int32_t status = CRYPTO_LIB_SUCCESS;
- uint8_t *ptr_processed_frame = NULL;
+ int32_t status = CRYPTO_LIB_SUCCESS;
+
uint16_t processed_tm_len;
// Configure Parameters
@@ -2076,19 +2153,23 @@ UTEST(TM_PROCESS, TM_SA_SEGFAULT_TEST)
int framed_tm_len = 0;
hex_conversion(framed_tm_h, &framed_tm_b, &framed_tm_len);
- status = Crypto_TM_ProcessSecurity((uint8_t *)framed_tm_b, framed_tm_len, &ptr_processed_frame, &processed_tm_len);
+ TM_t *tm_frame;
+ tm_frame = malloc(sizeof(uint8_t) * TM_SIZE);
+ memset(tm_frame, 0, (sizeof(uint8_t) * TM_SIZE));
+
+ status = Crypto_TM_ProcessSecurity((uint8_t *)framed_tm_b, framed_tm_len, tm_frame, &processed_tm_len);
ASSERT_EQ(CRYPTO_LIB_ERR_SPI_INDEX_OOB, status);
Crypto_Shutdown();
free(framed_tm_b);
- free(ptr_processed_frame);
+ free(tm_frame);
}
UTEST(TM_PROCESS, TM_OCF_TEST)
{
// Local Variables
- int32_t status = CRYPTO_LIB_SUCCESS;
- uint8_t *ptr_processed_frame = NULL;
+ int32_t status = CRYPTO_LIB_SUCCESS;
+
uint16_t processed_tm_len;
// Configure Parameters
@@ -2105,6 +2186,10 @@ UTEST(TM_PROCESS, TM_OCF_TEST)
status = Crypto_Init();
ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
+ TM_t *tm_frame;
+ tm_frame = malloc(sizeof(uint8_t) * TM_SIZE);
+ memset(tm_frame, 0, (sizeof(uint8_t) * TM_SIZE));
+
// Test frame setup
char *framed_tm_h = "02C0000D180000000000DEADBEEFFFFF";
char *framed_tm_b = NULL;
@@ -2119,21 +2204,23 @@ UTEST(TM_PROCESS, TM_OCF_TEST)
sa_if->sa_get_from_spi(0, &test_association);
test_association->sa_state = SA_OPERATIONAL;
- status = Crypto_TM_ProcessSecurity((uint8_t *)framed_tm_b, framed_tm_len, &ptr_processed_frame, &processed_tm_len);
+ status = Crypto_TM_ProcessSecurity((uint8_t *)framed_tm_b, framed_tm_len, tm_frame, &processed_tm_len);
ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
printf("FSR: %08X\n", Crypto_Get_FSR());
+ Crypto_tmPrint(tm_frame);
+
Crypto_Shutdown();
free(framed_tm_b);
- free(ptr_processed_frame);
+ free(tm_frame);
}
UTEST(TM_PROCESS, TM_SA_NOT_OPERATIONAL)
{
// Local Variables
- int32_t status = CRYPTO_LIB_SUCCESS;
- uint8_t *ptr_processed_frame = NULL;
+ int32_t status = CRYPTO_LIB_SUCCESS;
+
uint16_t processed_tm_len;
// Configure Parameters
@@ -2167,18 +2254,23 @@ UTEST(TM_PROCESS, TM_SA_NOT_OPERATIONAL)
akp = key_if->get_key(sa_ptr->akid);
akp->key_state = KEY_ACTIVE;
- status = Crypto_TM_ProcessSecurity((uint8_t *)framed_tm_b, framed_tm_len, &ptr_processed_frame, &processed_tm_len);
+ TM_t *tm_frame;
+ tm_frame = malloc(sizeof(uint8_t) * TM_SIZE);
+ memset(tm_frame, 0, (sizeof(uint8_t) * TM_SIZE));
+
+ status = Crypto_TM_ProcessSecurity((uint8_t *)framed_tm_b, framed_tm_len, tm_frame, &processed_tm_len);
ASSERT_EQ(CRYPTO_LIB_ERR_SA_NOT_OPERATIONAL, status);
free(framed_tm_b);
+ free(tm_frame);
Crypto_Shutdown();
}
UTEST(TM_PROCESS, TM_KEY_STATE_TEST)
{
// Local Variables
- int32_t status = CRYPTO_LIB_SUCCESS;
- uint8_t *ptr_processed_frame = NULL;
+ int32_t status = CRYPTO_LIB_SUCCESS;
+
uint16_t processed_tm_len;
// Configure Parameters
@@ -2217,10 +2309,15 @@ UTEST(TM_PROCESS, TM_KEY_STATE_TEST)
akp = key_if->get_key(sa_ptr->akid);
akp->key_state = KEY_DEACTIVATED;
- status = Crypto_TM_ProcessSecurity((uint8_t *)framed_tm_b, framed_tm_len, &ptr_processed_frame, &processed_tm_len);
+ TM_t *tm_frame;
+ tm_frame = malloc(sizeof(uint8_t) * TM_SIZE);
+ memset(tm_frame, 0, (sizeof(uint8_t) * TM_SIZE));
+
+ status = Crypto_TM_ProcessSecurity((uint8_t *)framed_tm_b, framed_tm_len, tm_frame, &processed_tm_len);
ASSERT_EQ(CRYPTO_LIB_ERR_KEY_STATE_INVALID, status);
free(framed_tm_b);
+ free(tm_frame);
Crypto_Shutdown();
}
@@ -2230,8 +2327,8 @@ UTEST(TM_PROCESS, TM_KEY_STATE_TEST)
UTEST(TM_PROCESS, TM_PROCESS_HEAP_UNDERFLOW_TEST)
{
// Local Variables
- int32_t status = CRYPTO_LIB_SUCCESS;
- uint8_t *ptr_processed_frame = NULL;
+ int32_t status = CRYPTO_LIB_SUCCESS;
+
uint16_t processed_tm_len;
// Configure Parameters
@@ -2260,10 +2357,15 @@ UTEST(TM_PROCESS, TM_PROCESS_HEAP_UNDERFLOW_TEST)
ekp = key_if->get_key(sa_ptr->ekid);
ekp->key_state = KEY_ACTIVE;
- status = Crypto_TM_ProcessSecurity((uint8_t *)framed_tm_b, framed_tm_len, &ptr_processed_frame, &processed_tm_len);
+ TM_t *tm_frame;
+ tm_frame = malloc(sizeof(uint8_t) * TM_SIZE);
+ memset(tm_frame, 0, (sizeof(uint8_t) * TM_SIZE));
+
+ status = Crypto_TM_ProcessSecurity((uint8_t *)framed_tm_b, framed_tm_len, tm_frame, &processed_tm_len);
ASSERT_EQ(CRYPTO_LIB_ERR_TM_FRAME_LENGTH_UNDERFLOW, status);
free(framed_tm_b);
+ free(tm_frame);
Crypto_Shutdown();
}
@@ -2274,8 +2376,8 @@ UTEST(TM_PROCESS, TM_PROCESS_HEAP_UNDERFLOW_TEST)
UTEST(TM_PROCESS, TM_PROCESS_Secondary_Hdr_OVERFLOW_TEST)
{
// Local Variables
- int32_t status = CRYPTO_LIB_SUCCESS;
- uint8_t *ptr_processed_frame = NULL;
+ int32_t status = CRYPTO_LIB_SUCCESS;
+
uint16_t processed_tm_len;
// Configure Parameters
@@ -2295,10 +2397,15 @@ UTEST(TM_PROCESS, TM_PROCESS_Secondary_Hdr_OVERFLOW_TEST)
int framed_tm_len = 0;
hex_conversion(framed_tm_h, &framed_tm_b, &framed_tm_len);
- status = Crypto_TM_ProcessSecurity((uint8_t *)framed_tm_b, framed_tm_len, &ptr_processed_frame, &processed_tm_len);
+ TM_t *tm_frame;
+ tm_frame = malloc(sizeof(uint8_t) * TM_SIZE);
+ memset(tm_frame, 0, (sizeof(uint8_t) * TM_SIZE));
+
+ status = Crypto_TM_ProcessSecurity((uint8_t *)framed_tm_b, framed_tm_len, tm_frame, &processed_tm_len);
ASSERT_EQ(CRYPTO_LIB_ERR_TM_SECONDARY_HDR_SIZE, status);
free(framed_tm_b);
+ free(tm_frame);
Crypto_Shutdown();
}
@@ -2308,8 +2415,8 @@ UTEST(TM_PROCESS, TM_PROCESS_Secondary_Hdr_OVERFLOW_TEST)
UTEST(TM_PROCESS, TM_PROCESS_Secondary_Hdr_Spec_Violation)
{
// Local Variables
- int32_t status = CRYPTO_LIB_SUCCESS;
- uint8_t *ptr_processed_frame = NULL;
+ int32_t status = CRYPTO_LIB_SUCCESS;
+
uint16_t processed_tm_len;
// Configure Parameters
@@ -2330,10 +2437,15 @@ UTEST(TM_PROCESS, TM_PROCESS_Secondary_Hdr_Spec_Violation)
int framed_tm_len = 0;
hex_conversion(framed_tm_h, &framed_tm_b, &framed_tm_len);
- status = Crypto_TM_ProcessSecurity((uint8_t *)framed_tm_b, framed_tm_len, &ptr_processed_frame, &processed_tm_len);
+ TM_t *tm_frame;
+ tm_frame = malloc(sizeof(uint8_t) * TM_SIZE);
+ memset(tm_frame, 0, (sizeof(uint8_t) * TM_SIZE));
+
+ status = Crypto_TM_ProcessSecurity((uint8_t *)framed_tm_b, framed_tm_len, tm_frame, &processed_tm_len);
ASSERT_EQ(CRYPTO_LIB_ERR_TM_SECONDARY_HDR_VN, status);
free(framed_tm_b);
+ free(tm_frame);
Crypto_Shutdown();
}
@@ -2343,8 +2455,8 @@ UTEST(TM_PROCESS, TM_PROCESS_Secondary_Hdr_Spec_Violation)
UTEST(TM_PROCESS, TM_PROCESS_Secondary_Hdr_One_Too_Big)
{
// Local Variables
- int32_t status = CRYPTO_LIB_SUCCESS;
- uint8_t *ptr_processed_frame = NULL;
+ int32_t status = CRYPTO_LIB_SUCCESS;
+
uint16_t processed_tm_len;
// Configure Parameters
@@ -2365,10 +2477,15 @@ UTEST(TM_PROCESS, TM_PROCESS_Secondary_Hdr_One_Too_Big)
int framed_tm_len = 0;
hex_conversion(framed_tm_h, &framed_tm_b, &framed_tm_len);
- status = Crypto_TM_ProcessSecurity((uint8_t *)framed_tm_b, framed_tm_len, &ptr_processed_frame, &processed_tm_len);
+ TM_t *tm_frame;
+ tm_frame = malloc(sizeof(uint8_t) * TM_SIZE);
+ memset(tm_frame, 0, (sizeof(uint8_t) * TM_SIZE));
+
+ status = Crypto_TM_ProcessSecurity((uint8_t *)framed_tm_b, framed_tm_len, tm_frame, &processed_tm_len);
ASSERT_EQ(CRYPTO_LIB_ERR_TM_SECONDARY_HDR_SIZE, status);
free(framed_tm_b);
+ free(tm_frame);
Crypto_Shutdown();
}