Skip to content

Commit

Permalink
AMMOSGH34: Add empty response checking/error handling for KMC Crypto …
Browse files Browse the repository at this point in the history 
…Interface
  • Loading branch information
@IbraheemYSaleh
IbraheemYSaleh committed Mar 17, 2022
1 parent d3af74b commit 770994a
Show file tree
Hide file tree
Showing 3 changed files with 59 additions and 12 deletions.
1 change: 1 addition & 0 deletions include/crypto_error.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@
#define CRYPTOGRAHPY_KMC_ICV_NOT_FOUND_IN_JSON_RESPONSE 511
#define CRYPTOGRAHPY_KMC_NULL_ENCRYPTION_KEY_REFERENCE_IN_SA 512
#define CRYPTOGRAHPY_KMC_NULL_AUTHENTICATION_KEY_REFERENCE_IN_SA 513
#define CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_EMPTY_RESPONSE 514



Expand Down
41 changes: 41 additions & 0 deletions ..._cryptography/src_kmc_crypto_service/cryptography_interface_kmc_crypto_service.template.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -199,6 +199,14 @@ static int32_t cryptography_config(void)
return status;
}

if(chunk->response == NULL) // No response, possibly because service is CAM secured.
{
status = CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_EMPTY_RESPONSE;
fprintf(stderr, "curl_easy_perform() unexpected empty response: \n%s\n",
"Empty Crypto Service response can be caused by CAM security, CryptoLib doesn't support a CAM secured KMC Crypto Service.");
return status;
}

#ifdef DEBUG
printf("cURL response:\n\t %s\n",chunk->response);
#endif
Expand Down Expand Up @@ -353,6 +361,15 @@ static int32_t cryptography_authenticate(uint8_t* data_out, size_t len_data_out,
printf("\ncURL Authenticate Response:\n\t %s\n",chunk_write->response);
#endif

if(chunk_write->response == NULL) // No response, possibly because service is CAM secured.
{
status = CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_EMPTY_RESPONSE;
fprintf(stderr, "curl_easy_perform() unexpected empty response: \n%s\n",
"Empty Crypto Service response can be caused by CAM security, CryptoLib doesn't support a CAM secured KMC Crypto Service.");
return status;
}


/* JSON Response Handling */

// Parse the JSON string response
Expand Down Expand Up @@ -588,6 +605,14 @@ static int32_t cryptography_validate_authentication(uint8_t* data_out, size_t le
printf("\ncURL Authenticate Response:\n\t %s\n",chunk_write->response);
#endif

if(chunk_write->response == NULL) // No response, possibly because service is CAM secured.
{
status = CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_EMPTY_RESPONSE;
fprintf(stderr, "curl_easy_perform() unexpected empty response: \n%s\n",
"Empty Crypto Service response can be caused by CAM security, CryptoLib doesn't support a CAM secured KMC Crypto Service.");
return status;
}

/* JSON Response Handling */

// Parse the JSON string response
Expand Down Expand Up @@ -801,6 +826,14 @@ static int32_t cryptography_aead_encrypt(uint8_t* data_out, size_t len_data_out,
printf("\ncURL Encrypt Response:\n\t %s\n",chunk_write->response);
#endif

if(chunk_write->response == NULL) // No response, possibly because service is CAM secured.
{
status = CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_EMPTY_RESPONSE;
fprintf(stderr, "curl_easy_perform() unexpected empty response: \n%s\n",
"Empty Crypto Service response can be caused by CAM security, CryptoLib doesn't support a CAM secured KMC Crypto Service.");
return status;
}

/* JSON Response Handling */

// Parse the JSON string response
Expand Down Expand Up @@ -1052,6 +1085,14 @@ static int32_t cryptography_aead_decrypt(uint8_t* data_out, size_t len_data_out,
printf("\ncURL Decrypt Response:\n\t %s\n",chunk_write->response);
#endif

if(chunk_write->response == NULL) // No response, possibly because service is CAM secured.
{
status = CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_EMPTY_RESPONSE;
fprintf(stderr, "curl_easy_perform() unexpected empty response: \n%s\n",
"Empty Crypto Service response can be caused by CAM security, CryptoLib doesn't support a CAM secured KMC Crypto Service.");
return status;
}

/* JSON Response Handling */

// Parse the JSON string response
Expand Down
29 changes: 17 additions & 12 deletions src/src_main/crypto_tc.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -485,7 +485,7 @@ int32_t Crypto_TC_ApplySecurity(const uint8_t* p_in_frame, const uint16_t in_fra
// TODO - implement non-AEAD algorithm logic
if (sa_service_type == SA_ENCRYPTION)
{
cryptography_if->cryptography_encrypt();
status = cryptography_if->cryptography_encrypt();
}

if (sa_service_type == SA_AUTHENTICATION)
Expand All @@ -506,13 +506,12 @@ int32_t Crypto_TC_ApplySecurity(const uint8_t* p_in_frame, const uint16_t in_fra
*sa_ptr->ecs, // encryption cipher
*sa_ptr->acs // authentication cipher
);
if (status != CRYPTO_LIB_SUCCESS)
{
return status; // authenticate call failed, return.
}
}
}

if (status != CRYPTO_LIB_SUCCESS)
{
return status; // Cryptography IF call failed, return.
}
}

if (sa_service_type != SA_PLAINTEXT)
Expand Down Expand Up @@ -834,7 +833,7 @@ int32_t Crypto_TC_ProcessSecurity(uint8_t* ingest, int *len_ingest, TC_t* tc_sdl

if(sa_service_type == SA_ENCRYPTION)
{
cryptography_if->cryptography_decrypt();
status = cryptography_if->cryptography_decrypt();
}
if(sa_service_type == SA_AUTHENTICATION)
{
Expand All @@ -857,11 +856,17 @@ int32_t Crypto_TC_ProcessSecurity(uint8_t* ingest, int *len_ingest, TC_t* tc_sdl
}

} else // sa_service_type == SA_PLAINTEXT
{
// TODO: Plaintext ARSN
memcpy(tc_sdls_processed_frame->tc_pdu, &(ingest[tc_enc_payload_start_index]),
tc_sdls_processed_frame->tc_pdu_len);
}
{
// TODO: Plaintext ARSN
memcpy(tc_sdls_processed_frame->tc_pdu, &(ingest[tc_enc_payload_start_index]),
tc_sdls_processed_frame->tc_pdu_len);
}

if (status != CRYPTO_LIB_SUCCESS)
{
return status; // Cryptography IF call failed, return.
}

// Now that MAC has been verified, check IV & ARSN if applicable
if (crypto_config->ignore_anti_replay == TC_IGNORE_ANTI_REPLAY_FALSE && status == CRYPTO_LIB_SUCCESS)
{
Expand Down

0 comments on commit 770994a

Please sign in to comment.