From 770994ac3ece09dd57891293b32c2ed584460dff Mon Sep 17 00:00:00 2001
From: Ibraheem Saleh <Ibraheem.Y.Saleh@jpl.nasa.gov>
Date: Thu, 17 Mar 2022 14:43:08 -0700
Subject: [PATCH] AMMOSGH34: Add empty response checking/error handling for KMC
 Crypto Interface

---
 include/crypto_error.h                        |  1 +
 ...hy_interface_kmc_crypto_service.template.c | 41 +++++++++++++++++++
 src/src_main/crypto_tc.c                      | 29 +++++++------
 3 files changed, 59 insertions(+), 12 deletions(-)

diff --git a/include/crypto_error.h b/include/crypto_error.h
index 3d55b36a..1ec79ac3 100644
--- a/include/crypto_error.h
+++ b/include/crypto_error.h
@@ -47,6 +47,7 @@
 #define CRYPTOGRAHPY_KMC_ICV_NOT_FOUND_IN_JSON_RESPONSE 511
 #define CRYPTOGRAHPY_KMC_NULL_ENCRYPTION_KEY_REFERENCE_IN_SA 512
 #define CRYPTOGRAHPY_KMC_NULL_AUTHENTICATION_KEY_REFERENCE_IN_SA 513
+#define CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_EMPTY_RESPONSE 514
 
 
 
diff --git a/src/src_cryptography/src_kmc_crypto_service/cryptography_interface_kmc_crypto_service.template.c b/src/src_cryptography/src_kmc_crypto_service/cryptography_interface_kmc_crypto_service.template.c
index 5db55ca4..6b40ede6 100644
--- a/src/src_cryptography/src_kmc_crypto_service/cryptography_interface_kmc_crypto_service.template.c
+++ b/src/src_cryptography/src_kmc_crypto_service/cryptography_interface_kmc_crypto_service.template.c
@@ -199,6 +199,14 @@ static int32_t cryptography_config(void)
             return status;
         }
 
+        if(chunk->response == NULL) // No response, possibly because service is CAM secured.
+        {
+            status = CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_EMPTY_RESPONSE;
+            fprintf(stderr, "curl_easy_perform() unexpected empty response: \n%s\n",
+                    "Empty Crypto Service response can be caused by CAM security, CryptoLib doesn't support a CAM secured KMC Crypto Service.");
+            return status;
+        }
+
 #ifdef DEBUG
         printf("cURL response:\n\t %s\n",chunk->response);
 #endif
@@ -353,6 +361,15 @@ static int32_t cryptography_authenticate(uint8_t* data_out, size_t len_data_out,
     printf("\ncURL Authenticate Response:\n\t %s\n",chunk_write->response);
 #endif
 
+    if(chunk_write->response == NULL) // No response, possibly because service is CAM secured.
+    {
+        status = CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_EMPTY_RESPONSE;
+        fprintf(stderr, "curl_easy_perform() unexpected empty response: \n%s\n",
+                "Empty Crypto Service response can be caused by CAM security, CryptoLib doesn't support a CAM secured KMC Crypto Service.");
+        return status;
+    }
+
+
     /* JSON Response Handling */
 
     // Parse the JSON string response
@@ -588,6 +605,14 @@ static int32_t cryptography_validate_authentication(uint8_t* data_out, size_t le
     printf("\ncURL Authenticate Response:\n\t %s\n",chunk_write->response);
 #endif
 
+    if(chunk_write->response == NULL) // No response, possibly because service is CAM secured.
+    {
+        status = CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_EMPTY_RESPONSE;
+        fprintf(stderr, "curl_easy_perform() unexpected empty response: \n%s\n",
+                "Empty Crypto Service response can be caused by CAM security, CryptoLib doesn't support a CAM secured KMC Crypto Service.");
+        return status;
+    }
+
     /* JSON Response Handling */
 
     // Parse the JSON string response
@@ -801,6 +826,14 @@ static int32_t cryptography_aead_encrypt(uint8_t* data_out, size_t len_data_out,
     printf("\ncURL Encrypt Response:\n\t %s\n",chunk_write->response);
 #endif
 
+    if(chunk_write->response == NULL) // No response, possibly because service is CAM secured.
+    {
+        status = CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_EMPTY_RESPONSE;
+        fprintf(stderr, "curl_easy_perform() unexpected empty response: \n%s\n",
+                "Empty Crypto Service response can be caused by CAM security, CryptoLib doesn't support a CAM secured KMC Crypto Service.");
+        return status;
+    }
+
     /* JSON Response Handling */
 
     // Parse the JSON string response
@@ -1052,6 +1085,14 @@ static int32_t cryptography_aead_decrypt(uint8_t* data_out, size_t len_data_out,
     printf("\ncURL Decrypt Response:\n\t %s\n",chunk_write->response);
 #endif
 
+    if(chunk_write->response == NULL) // No response, possibly because service is CAM secured.
+    {
+        status = CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_EMPTY_RESPONSE;
+        fprintf(stderr, "curl_easy_perform() unexpected empty response: \n%s\n",
+                "Empty Crypto Service response can be caused by CAM security, CryptoLib doesn't support a CAM secured KMC Crypto Service.");
+        return status;
+    }
+
     /* JSON Response Handling */
 
     // Parse the JSON string response
diff --git a/src/src_main/crypto_tc.c b/src/src_main/crypto_tc.c
index f37bdbb9..d6fbe7cc 100644
--- a/src/src_main/crypto_tc.c
+++ b/src/src_main/crypto_tc.c
@@ -485,7 +485,7 @@ int32_t Crypto_TC_ApplySecurity(const uint8_t* p_in_frame, const uint16_t in_fra
                 // TODO - implement non-AEAD algorithm logic
                 if (sa_service_type == SA_ENCRYPTION)
                 {
-                    cryptography_if->cryptography_encrypt();
+                    status = cryptography_if->cryptography_encrypt();
                 }
 
                 if (sa_service_type == SA_AUTHENTICATION)
@@ -506,13 +506,12 @@ int32_t Crypto_TC_ApplySecurity(const uint8_t* p_in_frame, const uint16_t in_fra
                                                                 *sa_ptr->ecs, // encryption cipher
                                                                 *sa_ptr->acs  // authentication cipher
                     );
-                    if (status != CRYPTO_LIB_SUCCESS)
-                    {
-                        return status; // authenticate call failed, return.
-                    }
                 }
             }
-
+            if (status != CRYPTO_LIB_SUCCESS)
+            {
+                return status; // Cryptography IF call failed, return.
+            }
         }
 
         if (sa_service_type != SA_PLAINTEXT)
@@ -834,7 +833,7 @@ int32_t Crypto_TC_ProcessSecurity(uint8_t* ingest, int *len_ingest, TC_t* tc_sdl
 
         if(sa_service_type == SA_ENCRYPTION) 
         { 
-            cryptography_if->cryptography_decrypt();
+            status = cryptography_if->cryptography_decrypt();
         }
         if(sa_service_type == SA_AUTHENTICATION)
         {
@@ -857,11 +856,17 @@ int32_t Crypto_TC_ProcessSecurity(uint8_t* ingest, int *len_ingest, TC_t* tc_sdl
         }
 
     } else // sa_service_type == SA_PLAINTEXT
-      {
-        // TODO: Plaintext ARSN
-        memcpy(tc_sdls_processed_frame->tc_pdu, &(ingest[tc_enc_payload_start_index]),
-               tc_sdls_processed_frame->tc_pdu_len);
-      }
+    {
+      // TODO: Plaintext ARSN
+      memcpy(tc_sdls_processed_frame->tc_pdu, &(ingest[tc_enc_payload_start_index]),
+             tc_sdls_processed_frame->tc_pdu_len);
+    }
+
+    if (status != CRYPTO_LIB_SUCCESS)
+    {
+        return status; // Cryptography IF call failed, return.
+    }
+
     // Now that MAC has been verified, check IV & ARSN if applicable
     if (crypto_config->ignore_anti_replay == TC_IGNORE_ANTI_REPLAY_FALSE && status == CRYPTO_LIB_SUCCESS)
     {