nasa · IbraheemYSaleh · Mar 18, 2022 · Mar 17, 2022
diff --git a/include/crypto_error.h b/include/crypto_error.h
@@ -47,6 +47,7 @@
 #define CRYPTOGRAHPY_KMC_ICV_NOT_FOUND_IN_JSON_RESPONSE 511
 #define CRYPTOGRAHPY_KMC_NULL_ENCRYPTION_KEY_REFERENCE_IN_SA 512
 #define CRYPTOGRAHPY_KMC_NULL_AUTHENTICATION_KEY_REFERENCE_IN_SA 513
+#define CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_EMPTY_RESPONSE 514
 
 
 

diff --git a/..._cryptography/src_kmc_crypto_service/cryptography_interface_kmc_crypto_service.template.c b/..._cryptography/src_kmc_crypto_service/cryptography_interface_kmc_crypto_service.template.c
@@ -199,6 +199,14 @@ static int32_t cryptography_config(void)
             return status;
         }
 
+        if(chunk->response == NULL) // No response, possibly because service is CAM secured.
+        {
+            status = CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_EMPTY_RESPONSE;
+            fprintf(stderr, "curl_easy_perform() unexpected empty response: \n%s\n",
+                    "Empty Crypto Service response can be caused by CAM security, CryptoLib doesn't support a CAM secured KMC Crypto Service.");
+            return status;
+        }
+
 #ifdef DEBUG
         printf("cURL response:\n\t %s\n",chunk->response);
 #endif
@@ -353,6 +361,15 @@ static int32_t cryptography_authenticate(uint8_t* data_out, size_t len_data_out,
     printf("\ncURL Authenticate Response:\n\t %s\n",chunk_write->response);
 #endif
 
+    if(chunk_write->response == NULL) // No response, possibly because service is CAM secured.
+    {
+        status = CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_EMPTY_RESPONSE;
+        fprintf(stderr, "curl_easy_perform() unexpected empty response: \n%s\n",
+                "Empty Crypto Service response can be caused by CAM security, CryptoLib doesn't support a CAM secured KMC Crypto Service.");
+        return status;
+    }
+
+
     /* JSON Response Handling */
 
     // Parse the JSON string response
@@ -588,6 +605,14 @@ static int32_t cryptography_validate_authentication(uint8_t* data_out, size_t le
     printf("\ncURL Authenticate Response:\n\t %s\n",chunk_write->response);
 #endif
 
+    if(chunk_write->response == NULL) // No response, possibly because service is CAM secured.
+    {
+        status = CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_EMPTY_RESPONSE;
+        fprintf(stderr, "curl_easy_perform() unexpected empty response: \n%s\n",
+                "Empty Crypto Service response can be caused by CAM security, CryptoLib doesn't support a CAM secured KMC Crypto Service.");
+        return status;
+    }
+
     /* JSON Response Handling */
 
     // Parse the JSON string response
@@ -801,6 +826,14 @@ static int32_t cryptography_aead_encrypt(uint8_t* data_out, size_t len_data_out,
     printf("\ncURL Encrypt Response:\n\t %s\n",chunk_write->response);
 #endif
 
+    if(chunk_write->response == NULL) // No response, possibly because service is CAM secured.
+    {
+        status = CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_EMPTY_RESPONSE;
+        fprintf(stderr, "curl_easy_perform() unexpected empty response: \n%s\n",
+                "Empty Crypto Service response can be caused by CAM security, CryptoLib doesn't support a CAM secured KMC Crypto Service.");
+        return status;
+    }
+
     /* JSON Response Handling */
 
     // Parse the JSON string response
@@ -1052,6 +1085,14 @@ static int32_t cryptography_aead_decrypt(uint8_t* data_out, size_t len_data_out,
     printf("\ncURL Decrypt Response:\n\t %s\n",chunk_write->response);
 #endif
 
+    if(chunk_write->response == NULL) // No response, possibly because service is CAM secured.
+    {
+        status = CRYPTOGRAHPY_KMC_CRYPTO_SERVICE_EMPTY_RESPONSE;
+        fprintf(stderr, "curl_easy_perform() unexpected empty response: \n%s\n",
+                "Empty Crypto Service response can be caused by CAM security, CryptoLib doesn't support a CAM secured KMC Crypto Service.");
+        return status;
+    }
+
     /* JSON Response Handling */
 
     // Parse the JSON string response

diff --git a/src/src_main/crypto_tc.c b/src/src_main/crypto_tc.c
@@ -485,7 +485,7 @@ int32_t Crypto_TC_ApplySecurity(const uint8_t* p_in_frame, const uint16_t in_fra
                 // TODO - implement non-AEAD algorithm logic
                 if (sa_service_type == SA_ENCRYPTION)
                 {
-                    cryptography_if->cryptography_encrypt();
+                    status = cryptography_if->cryptography_encrypt();
                 }
 
                 if (sa_service_type == SA_AUTHENTICATION)
@@ -506,13 +506,12 @@ int32_t Crypto_TC_ApplySecurity(const uint8_t* p_in_frame, const uint16_t in_fra
                                                                 *sa_ptr->ecs, // encryption cipher
                                                                 *sa_ptr->acs  // authentication cipher
                     );
-                    if (status != CRYPTO_LIB_SUCCESS)
-                    {
-                        return status; // authenticate call failed, return.
-                    }
                 }
             }
-
+            if (status != CRYPTO_LIB_SUCCESS)
+            {
+                return status; // Cryptography IF call failed, return.
+            }
         }
 
         if (sa_service_type != SA_PLAINTEXT)
@@ -834,7 +833,7 @@ int32_t Crypto_TC_ProcessSecurity(uint8_t* ingest, int *len_ingest, TC_t* tc_sdl
 
         if(sa_service_type == SA_ENCRYPTION) 
         { 
-            cryptography_if->cryptography_decrypt();
+            status = cryptography_if->cryptography_decrypt();
         }
         if(sa_service_type == SA_AUTHENTICATION)
         {
@@ -857,11 +856,17 @@ int32_t Crypto_TC_ProcessSecurity(uint8_t* ingest, int *len_ingest, TC_t* tc_sdl
         }
 
     } else // sa_service_type == SA_PLAINTEXT
-      {
-        // TODO: Plaintext ARSN
-        memcpy(tc_sdls_processed_frame->tc_pdu, &(ingest[tc_enc_payload_start_index]),
-               tc_sdls_processed_frame->tc_pdu_len);
-      }
+    {
+      // TODO: Plaintext ARSN
+      memcpy(tc_sdls_processed_frame->tc_pdu, &(ingest[tc_enc_payload_start_index]),
+             tc_sdls_processed_frame->tc_pdu_len);
+    }
+
+    if (status != CRYPTO_LIB_SUCCESS)
+    {
+        return status; // Cryptography IF call failed, return.
+    }
+
     // Now that MAC has been verified, check IV & ARSN if applicable
     if (crypto_config->ignore_anti_replay == TC_IGNORE_ANTI_REPLAY_FALSE && status == CRYPTO_LIB_SUCCESS)
     {