Merge pull request #396 from nasa/47-static-int32_t-sadb_sa_setarsn

[#47] Reworked setARSN to match SDLS-EP 3.3.3.7.3.4 exe…
nasa · Jan 30, 2025 · 3bb4d53 · 3bb4d53
2 parents 02d99d9 + dfc0d67
commit 3bb4d53
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 23 deletions.
diff --git a/src/sa/internal/sa_interface_inmemory.template.c b/src/sa/internal/sa_interface_inmemory.template.c
@@ -1569,21 +1569,8 @@ static int32_t sa_setARSN(TC_t *tc_frame)
     // Check SPI exists
     if (spi < NUM_SA)
     {
-        if (sa[spi].shivf_len > 0 && sa[spi].ecs == 1 && sa[spi].acs == 1)
-        { // Set IV - authenticated encryption
-#ifdef PDU_DEBUG
-            printf("SPI %d IV updated to: 0x", spi);
-#endif
-            for (x = 0; x < IV_SIZE; x++)
-            {
-                *(sa[spi].iv + x) = (uint8_t)sdls_frame.pdu.data[x + 2];
-#ifdef PDU_DEBUG
-                printf("%02x", *(sa[spi].iv + x));
-#endif
-            }
-            Crypto_increment(sa[spi].iv, sa[spi].shivf_len);
-        }
-        else
+        // Check if Auth or Auth Enc
+        if ((sa[spi].est == 1 && sa[spi].ast == 1) || sa[spi].ast == 1)
         { // Set SN
 #ifdef PDU_DEBUG
             printf("SPI %d ARSN updated to: 0x", spi);
@@ -1595,10 +1582,16 @@ static int32_t sa_setARSN(TC_t *tc_frame)
                 printf("%02x", *(sa[spi].arsn + x));
 #endif
             }
-        }
 #ifdef PDU_DEBUG
         printf("\n");
 #endif
+        }
+        else
+        {
+#ifdef PDU_DEBUG
+        printf("Failed setARSN on SPI %d, ECS %d, ACS %d\n", spi, sa[spi].ecs, sa[spi].acs);
+#endif
+        }
     }
     else
     {
@@ -1744,4 +1737,4 @@ int32_t sa_verify_data(SecurityAssociation_t *sa_ptr)
         status = CRYPTO_LIB_ERR_SHPLF_LEN_GREATER_THAN_MAX_PAD_SIZE;
     }
     return status;
-}
+}
diff --git a/test/unit/ut_ep_sa_mgmt.c b/test/unit/ut_ep_sa_mgmt.c
@@ -283,7 +283,7 @@ UTEST(EP_SA_MGMT, SA_6_SET_ARSN)
     int status = CRYPTO_LIB_SUCCESS;
 
     // NOTE: Added Transfer Frame header to the plaintext
-    char *buffer_SET_h = "2003002800ff000000001880d0b10016197f0b001a000a000600000000000000000000006413b5983e55";
+    char *buffer_SET_h = "2003002800ff000000001880d0b10016197f0b001a000a0007112233445566778899AABB6413b5983e55";
 
     uint8_t *buffer_SET_b   = NULL;
     int      buffer_SET_len = 0;
@@ -306,21 +306,24 @@ UTEST(EP_SA_MGMT, SA_6_SET_ARSN)
     test_association->gvcid_blk.scid = SCID & 0x3FF;
 
     // Modify SA 6
-    sa_if->sa_get_from_spi(6, &test_association);
+    sa_if->sa_get_from_spi(7, &test_association);
     test_association->sa_state = SA_OPERATIONAL;
-    test_association->arsn_len = 16;
+    test_association->arsn_len = 11;
 
     // Convert frames that will be processed
     hex_conversion(buffer_SET_h, (char **)&buffer_SET_b, &buffer_SET_len);
 
     status = Crypto_TC_ProcessSecurity(buffer_SET_b, &buffer_SET_len, &tc_nist_processed_frame);
     ASSERT_EQ(CRYPTO_LIB_SUCCESS, status);
 
-    sa_if->sa_get_from_spi(6, &test_association);
-
+    printf("SA %d ARSN: 0x", test_association->spi);
+    for (int i = 0; i < test_association->arsn_len; i++)
+    {
+        printf("%02x", test_association->arsn[i]);
+    }
     printf("\n");
-    Crypto_Shutdown();
 
+    Crypto_Shutdown();
     free(buffer_SET_b);
 }