Merge branch 'nos3#637' into dev

Author: zlynch2

.github/workflows/ISSUE_TEMPLATE/1-BUG_REPORT.yml renamed to .github/ISSUE_TEMPLATE/1-BUG_REPORT.yml

@@ -47,66 +47,60 @@ jobs:
         export CFLAGS="-fprofile-arcs -ftest-coverage -fcondition-coverage -g"
         bash ${GITHUB_WORKSPACE}/support/scripts/build_internal.sh
 
+
     # - name: Code-Coverage
     #   working-directory: ${{github.workspace}}
     #   run: make gcov
 
     - name: Upload 
-      uses: codecov/codecov-action@v4
-      env:
-        CODECOV_TOKEN: 71699f25-12a3-44a4-8a83-be777b9e577a
+      uses: codecov/codecov-action@v5
       with:
+        token: ${{ secrets.CODECOV_TOKEN }}
         files: 'coverage/*.c.gcov'
         verbose: true
 
   #
   # KMC Build
   #
-  # kmc_build:
-  #   # Container Setup
-  #   runs-on: ubuntu-latest
-  #   steps:
-  #   - uses: actions/checkout@v4
-  #   - name: Update
-  #     run: sudo apt-get update
-  #   - name: Install Dependencies
-  #     run: sudo apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat python3
-  #   - name: Install Python Libraries
-  #     run: sudo pip install pycryptodome
-  #   - name: Install Libgcrypt
-  #     run: >
-  #       curl  
-  #       -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 
-  #       -o /tmp/libgpg-error-1.50.tar.bz2 
-  #       && tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/ 
-  #       && cd /tmp/libgpg-error-1.50 
-  #       && sudo ./configure 
-  #       && sudo make install 
-  #       && curl  
-  #       -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 
-  #       -o /tmp/libgcrypt-1.11.0.tar.bz2 
-  #       && tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/ 
-  #       && cd /tmp/libgcrypt-1.11.0 
-  #       && sudo ./configure 
-  #       && sudo make install
-  #       && sudo ldconfig
-  #   # End Container Setup
-    
-  #   - name: KMC Build Script
-  #     working-directory: ${{github.workspace}}
-  #     run: bash ${GITHUB_WORKSPACE}/support/scripts/build_kmc.sh
-    
-  #   - name: Code-Coverage
-  #     working-directory: ${{github.workspace}}
-  #     run: make gcov
-
-  #   - name: Upload 
-  #     uses: codecov/codecov-action@v4
-  #     env:
-  #       CODECOV_TOKEN: 71699f25-12a3-44a4-8a83-be777b9e577a
-  #     with:
-  #       files: 'coverage/*.c.gcov'
-  #       verbose: true
+  kmc_build:
+    # Container Setup
+    runs-on: ubuntu-latest
+    container:
+        image: ivvitc/cryptolib:20250108
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        repository: NASA-AMMOS/DCS
+        path: DCS
+        submodules: recursive
+    - name: setup python
+      uses: actions/setup-python@v5
+      with:
+        python-version: '3.11'
+    - name: Set current branch
+      run: echo "BRANCH_NAME=$(echo ${{ github.head_ref || github.ref_name }})" >> $GITHUB_ENV
+    - name: Update
+      run: apt-get update
+    - name: Install Dependencies
+      run: apt-get install -y libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat python3 openjdk-17-jdk openjdk-17-jre cmake swig maven podman default-jdk
+    - name: Install Python Libraries
+      run: |
+        pip3 install --break-system-packages pycryptodome cffi invoke
+    - name: update Cryptolib
+      run: |
+        cd DCS/ammos-cryptolib
+        rm -rf CryptoLib
+        git clone --single-branch --branch $BRANCH_NAME https://github.com/nasa/CryptoLib.git
+    - name: add required jars
+      run: |
+        cd DCS/ammos-cryptolib/kmc_sdls/kmc_sdls_java/kmc_sdls_java_test
+        curl -LS https://repo1.maven.org/maven2/junit/junit/4.13.2/junit-4.13.2.jar -o ./junit-4.13.2.jar 
+        curl -LS https://repo1.maven.org/maven2/org/hamcrest/hamcrest/2.2/hamcrest-2.2.jar -o ./hamcrest-2.2.jar
+    - name: build DCS
+      run: |
+        cd ./DCS
+        export JAVA_HOME=/lib/jvm/java-17-openjdk-amd64
+        ./kmc-resources/scripts/build.sh
 
   #
   # Wolf Build
@@ -155,9 +149,8 @@ jobs:
 
     - name: Upload 
       uses: codecov/codecov-action@v4
-      env:
-        CODECOV_TOKEN: 71699f25-12a3-44a4-8a83-be777b9e577a
       with:
+        token: ${{ secrets.CODECOV_TOKEN }}
         files: 'coverage/*.c.gcov'
         verbose: true
 
@@ -174,7 +167,7 @@ jobs:
     - name: Update
       run: yum update -y
     - name: Install Dependencies
-      run: yum install -y --enablerepo=devel python3-pip python3-devel epel-release libcurl-devel git cmake gcc java-11-openjdk-devel openssl wget bzip2 ldconfig mariadb-devel mariadb-common mariadb-connector-c mariadb-connector-c-config mariadb-errmsg mariadb-gssapi-server
+      run: yum install -y --enablerepo=devel python3-pip python3-devel epel-release libcurl-devel git cmake gcc java-11-openjdk-devel openssl wget bzip2 ldconfig mariadb-devel mariadb-common mariadb-connector-c mariadb-connector-c-config mariadb-errmsg mariadb-gssapi-server libasan
       # Might want to trim this down, but these dependencies should work for KMC
     - name: install lcov
       run: yum install -y --enablerepo=epel lcov
@@ -209,9 +202,8 @@ jobs:
 
     - name: Upload 
       uses: codecov/codecov-action@v4
-      env:
-        CODECOV_TOKEN: 71699f25-12a3-44a4-8a83-be777b9e577a
       with:
+        token: ${{ secrets.CODECOV_TOKEN }}
         files: 'coverage/*.c.gcov'
         verbose: true
 
@@ -243,8 +235,7 @@ jobs:
 
     - name: Upload 
       uses: codecov/codecov-action@v4
-      env:
-        CODECOV_TOKEN: 71699f25-12a3-44a4-8a83-be777b9e577a
       with:
+        token: ${{ secrets.CODECOV_TOKEN }}
         files: 'coverage/*.c.gcov'
         verbose: true

.github/workflows/ISSUE_TEMPLATE/2-FEATURE_REQUEST.yml renamed to .github/ISSUE_TEMPLATE/2-FEATURE_REQUEST.yml

@@ -22,7 +22,7 @@ jobs:
     name: Analyze Build_Internal
     runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
     container:
-        image: ivvitc/cryptolib:20250102
+        image: ivvitc/cryptolib:20250108
     permissions:
       # required for all workflows
       security-events: write
@@ -74,7 +74,7 @@ jobs:
       name: Analyze Build_Minimal
       runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
       container:
-        image: ivvitc/cryptolib:20250102
+        image: ivvitc/cryptolib:20250108
       permissions:
         # required for all workflows
         security-events: write
@@ -126,7 +126,7 @@ jobs:
       name: Analyze Build_Wolf
       runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
       container:
-        image: ivvitc/cryptolib:20250102
+        image: ivvitc/cryptolib:20250108
       permissions:
         # required for all workflows
         security-events: write
@@ -204,7 +204,7 @@ jobs:
       name: Analyze Build_RHEL
       runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
       container:
-        image: ivvitc/cryptolib:20250102
+        image: ivvitc/cryptolib:20250108
       permissions:
         # required for all workflows
         security-events: write
@@ -256,7 +256,7 @@ jobs:
     name: Analyze Build_EP
     runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
     container:
-        image: ivvitc/cryptolib:20250102
+        image: ivvitc/cryptolib:20250108
     permissions:
       # required for all workflows
       security-events: write

.github/workflows/ISSUE_TEMPLATE/config.yml renamed to .github/ISSUE_TEMPLATE/config.yml

@@ -2,24 +2,29 @@ name: cpp-linter
 
 on:
   pull_request:
-    branches: [ main, dev ]
 
 jobs:
-  cpp-linter:
-    permissions:
-      pull-requests: write
-      contents: write
-      actions: write
+  linter:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-      - uses: cpp-linter/cpp-linter-action@v2
-        id: linter
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Install clang-format
+        run: sudo apt-get update && sudo apt-get install -y clang-format
+
+      - name: Run Linter
+        uses: DoozyX/clang-format-lint-action@v0.15
+        with:
+          source: '.'
+          extensions: 'c,h'
+          clangFormatVersion: 14
+          style: file
+          inplace: true
+
+      - name: Auto-Commit Formatting Changes
+        uses: stefanzweifel/git-auto-commit-action@v5
         with:
-          style: 'file'
-          files-changed-only: false
-          verbosity: 'info'
-          step-summary: 'true'
-          no-lgtm: 'false'
-          passive-reviews: 'true'
-          ignore: 'test/include/utest.h'
+          commit_message: 'style: auto-format via clang-format'
+          
+        

.github/workflows/PULL_REQUEST_TEMPLATE/pull_request_template.md renamed to .github/pull_request_template.md

@@ -12,6 +12,7 @@ __pycache__
 *.dat
 *.so
 build/
+build-*/
 venv
 vgcore*
 core.*
@@ -32,4 +33,10 @@ test/CMakeFiles/*
 Testing/Temporary/*
 docs/wiki/_build
 docs/wiki/_templates
-
+support/fuzz/corpus/
+support/fuzz/output/
+support/scripts/src/*
+support/scripts/test/*
+support/scripts/bin/*
+support/scripts/CMakeFiles/*
+output/*

.github/workflows/build.yml

@@ -18,6 +18,8 @@
 cmake_minimum_required(VERSION 3.14.0)
 project(crypto C)
 
+#set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=address")
+
 #
 # CUSTOM PATH Definiton
 #
@@ -35,36 +37,59 @@ set(CRYPTO_CUSTOM_PATH_DEFAULT "../../crypto/custom")
 # For flags with the same prefix, one or more may be enabled
 #
 option(CODECOV "Code Coverage" OFF)
-option(CRYPTO_LIBGCRYPT "Cryptography Module - Libgcrypt" ON)
+option(CRYPTO_LIBGCRYPT "Cryptography Module - Libgcrypt" OFF)
 option(CRYPTO_KMC "Cryptography Module - KMC" OFF)
 option(CRYPTO_WOLFSSL "Cryptography Module - WolfSSL" OFF)
 option(CRYPTO_CUSTOM "Cryptography Module - CUSTOM" OFF)
 option(CRYPTO_CUSTOM_PATH "Cryptography Module - CUSTOM PATH" OFF)
 option(DEBUG "Debug" OFF)
+option(ENABLE_FUZZING "Enable fuzz testing" OFF)
 option(KEY_CUSTOM "Key Module - Custom" OFF)
 option(KEY_CUSTOM_PATH "Custom Key Path" OFF)
-option(KEY_INTERNAL "Key Module - Internal" ON)
+option(KEY_INTERNAL "Key Module - Internal" OFF)
 option(KEY_KMC "Key Module - KMC" OFF)
 option(MC_CUSTOM "Monitoring and Control - Custom" OFF)
 option(MC_CUSTOM_PATH "Custom Monitoring and Control path" OFF)
 option(MC_DISABLED "Monitoring and Control - Disabled" OFF)
-option(MC_INTERNAL "Monitoring and Control - Internal" ON)
+option(MC_INTERNAL "Monitoring and Control - Internal" OFF)
 option(SA_CUSTOM "Security Association - Custom" OFF)
 option(SA_CUSTOM_PATH "Custom Security Association Path" OFF)
-option(SA_INTERNAL "Security Association - Internal" ON)
+option(SA_INTERNAL "Security Association - Internal" OFF)
 option(SA_MARIADB "Security Association - MariaDB" OFF)
 option(SUPPORT "Support" OFF)
 option(SYSTEM_INSTALL "SystemInstall" OFF)
 option(TEST "Test" OFF)
-# option(TEST_ENC "Tests - Encryption" OFF)
 option(SA_FILE "Save Security Association to File" OFF)
 option(KEY_VALIDATION "Validate existance of key duplication" OFF)
-
 OPTION(KMC_MDB_RH "KMC-MDB-RedHat-Integration-Testing" OFF) #Disabled by default, enable with: -DKMC_MDB_RH=ON
 OPTION(KMC_MDB_DB "KMC-MDB-Debian-Integration-Testing" OFF) #Disabled by default, enable with: -DKMC_MDB_DB=ON
-OPTION(KMC_CFFI_EXCLUDE "KMC-Exclude-Problematic-CFFI-Code" OFF) #Disabled by default, enable with: -DKMC_CFFI_EXCLUDE=ON
-
 OPTION(CRYPTO_EPROC "Enables the building and use of Extended Procedures" OFF) #Disabled by default, enable with -DCRYPTO_EPROC=ON
+OPTION(STANDALONE_TCP "Enables TCP support for standalone" OFF)
+
+OPTION(MAC_SIZE "The size of the max MAC buffer in bytes")
+OPTION(IV_SIZE "The size of the max IV buffer in bytes")
+Option(NUM_SA "The max number of SAs that will be used")
+Option(NUM_KEYS "The max number of keys that will be used")
+
+#
+# Max Size Defines
+#
+if(NUM_SA)
+    add_compile_definitions(NUM_SA=${NUM_SA})
+    message(STATUS "NUM_SA set to: ${NUM_SA}")
+endif()
+if(MAC_SIZE)
+    add_compile_definitions(MAC_SIZE=${MAC_SIZE})
+    message(STATUS "MAC_SIZE set to: ${MAC_SIZE}")
+endif()
+if(IV_SIZE)
+    add_compile_definitions(IV_SIZE=${IV_SIZE})
+    message(STATUS "IV_SIZE set to: ${IV_SIZE}")
+endif()
+if(NUM_KEYS)
+    add_compile_definitions(NUM_KEYS=${NUM_KEYS})
+    message(STATUS "NUM_KEYS set to: ${NUM_KEYS}")
+endif()
 
 #
 # Custom Module Paths
@@ -131,18 +156,15 @@ endif()
 
 IF(KMC_MDB_RH)
     ADD_DEFINITIONS(-DKMC_MDB_RH)
-    ADD_DEFINITIONS(-DKMC_CFFI_EXCLUDE)
 ENDIF(KMC_MDB_RH)
 
 IF(KMC_MDB_DB)
     ADD_DEFINITIONS(-DKMC_MDB_DB)
-    ADD_DEFINITIONS(-DKMC_CFFI_EXCLUDE)
 ENDIF(KMC_MDB_DB)
 
 IF(CRYPTO_EPROC)
     ADD_DEFINITIONS(-DCRYPTO_EPROC)
     message(WARNING "Cryptolib Extended Procedures NOT complete.  NOT Fully tested.  Use at own risk!")
-
 ENDIF(CRYPTO_EPROC)
 
 if(SYSTEM_INSTALL)
@@ -170,7 +192,13 @@ endif()
 #
 # Project Specifics
 #
-set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Werror -g -O0")
+if(ENABLE_FUZZING) 
+    # More permissive flags for fuzzing (afl compiler fails with -Werror for self-assign warnings)
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wno-self-assign -g -O0")
+else()
+    # Stricter flags for normal builds (treat warnings as errors)
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Werror -g -O0")
+endif()
 
 include_directories(include)
 add_subdirectory(src)
@@ -182,3 +210,7 @@ endif()
 if(TEST)
     add_subdirectory(test)
 endif()
+
+if(ENABLE_FUZZING)
+    add_subdirectory(./support/fuzz)
+endif()

.github/workflows/codeql.yml

@@ -1,6 +1,6 @@
 ![Build](https://github.com/nasa/CryptoLib/actions/workflows/build.yml/badge.svg)
 [![CodeCov](https://codecov.io/gh/nasa/CryptoLib/branch/main/graph/badge.svg?token=KCOMCQO0ZU)](https://codecov.io/gh/nasa/CryptoLib)
-[![CodeQL Advanced](https://github.com/nasa/CryptoLib/actions/workflows/codeql.yml/badge.svg?branch=dev)](https://github.com/nasa/CryptoLib/actions/workflows/codeql.yml)
+[![CodeQL Advanced](https://github.com/nasa/CryptoLib/actions/workflows/codeql.yml/badge.svg)](https://github.com/nasa/CryptoLib/actions/workflows/codeql.yml)
 
 ![CryptoLib logo Final All orange](https://github.com/user-attachments/assets/fc02870b-e2d2-4577-83c2-78985d5fbdd6)