[#344] KMC TC/TM/AOS Apply working

Author: rjbrown6

src/core/crypto_aos.c

@@ -93,31 +93,44 @@ int32_t Crypto_AOS_ApplySecurity(uint8_t *pTfBuffer)
     printf("\n");
 #endif
 
-    status = sa_if->sa_get_operational_sa_from_gvcid(tfvn, scid, vcid, 0, &sa_ptr);
+    status = Crypto_Get_Managed_Parameters_For_Gvcid(tfvn, scid, vcid, gvcid_managed_parameters_array,
+                                                     &current_managed_parameters_struct);
 
-    // No operational/valid SA found
+    // No managed parameters found
     if (status != CRYPTO_LIB_SUCCESS)
     {
 #ifdef AOS_DEBUG
-        printf(KRED "Error: Could not retrieve an SA!\n" RESET);
+        printf(KRED "Error: No managed parameters found!\n" RESET);
 #endif
         mc_if->mc_log(status);
         return status;
     }
 
-    status = Crypto_Get_Managed_Parameters_For_Gvcid(tfvn, scid, vcid, gvcid_managed_parameters_array,
-                                                     &current_managed_parameters_struct);
+    status = sa_if->sa_get_operational_sa_from_gvcid(tfvn, scid, vcid, 0, &sa_ptr);
 
-    // No managed parameters found
+    // No operational/valid SA found
     if (status != CRYPTO_LIB_SUCCESS)
     {
 #ifdef AOS_DEBUG
-        printf(KRED "Error: No managed parameters found!\n" RESET);
+        printf(KRED "Error: Could not retrieve an SA!\n" RESET);
 #endif
         mc_if->mc_log(status);
         return status;
     }
 
+//     status = Crypto_Get_Managed_Parameters_For_Gvcid(tfvn, scid, vcid, gvcid_managed_parameters_array,
+//                                                      &current_managed_parameters_struct);
+
+//     // No managed parameters found
+//     if (status != CRYPTO_LIB_SUCCESS)
+//     {
+// #ifdef AOS_DEBUG
+//         printf(KRED "Error: No managed parameters found!\n" RESET);
+// #endif
+//         mc_if->mc_log(status);
+//         return status;
+//     }
+
 #ifdef AOS_DEBUG
     printf(KYEL "AOS BEFORE Apply Sec:\n\t" RESET);
     for (int16_t i = 0; i < current_managed_parameters_struct.max_frame_size; i++)

src/core/crypto_tm.c

@@ -713,31 +713,44 @@ int32_t Crypto_TM_ApplySecurity(uint8_t *pTfBuffer)
     printf("\n");
 #endif
 
-    status = sa_if->sa_get_operational_sa_from_gvcid(tfvn, scid, vcid, 0, &sa_ptr);
+    status = Crypto_Get_Managed_Parameters_For_Gvcid(tfvn, scid, vcid, gvcid_managed_parameters_array,
+                                                     &current_managed_parameters_struct);
 
-    // No operational/valid SA found
+    // No managed parameters found
     if (status != CRYPTO_LIB_SUCCESS)
     {
 #ifdef TM_DEBUG
-        printf(KRED "Error: Could not retrieve an SA!\n" RESET);
+        printf(KRED "Error: No managed parameters found!\n" RESET);
 #endif
         mc_if->mc_log(status);
         return status;
     }
 
-    status = Crypto_Get_Managed_Parameters_For_Gvcid(tfvn, scid, vcid, gvcid_managed_parameters_array,
-                                                     &current_managed_parameters_struct);
+    status = sa_if->sa_get_operational_sa_from_gvcid(tfvn, scid, vcid, 0, &sa_ptr);
 
-    // No managed parameters found
+    // No operational/valid SA found
     if (status != CRYPTO_LIB_SUCCESS)
     {
 #ifdef TM_DEBUG
-        printf(KRED "Error: No managed parameters found!\n" RESET);
+        printf(KRED "Error: Could not retrieve an SA!\n" RESET);
 #endif
         mc_if->mc_log(status);
         return status;
     }
 
+//     status = Crypto_Get_Managed_Parameters_For_Gvcid(tfvn, scid, vcid, gvcid_managed_parameters_array,
+//                                                      &current_managed_parameters_struct);
+
+//     // No managed parameters found
+//     if (status != CRYPTO_LIB_SUCCESS)
+//     {
+// #ifdef TM_DEBUG
+//         printf(KRED "Error: No managed parameters found!\n" RESET);
+// #endif
+//         mc_if->mc_log(status);
+//         return status;
+//     }
+
 #ifdef TM_DEBUG
     printf(KYEL "TM BEFORE Apply Sec:\n\t" RESET);
     for (int16_t i = 0; i < current_managed_parameters_struct.max_frame_size; i++)

src/crypto/kmc/cryptography_interface_kmc_crypto_service.template.c

@@ -1150,27 +1150,25 @@ static int32_t cryptography_aead_encrypt(uint8_t *data_out, size_t len_data_out,
                                          uint32_t aad_len, uint8_t encrypt_bool, uint8_t authenticate_bool,
                                          uint8_t aad_bool, uint8_t *ecs, uint8_t *acs, char *cam_cookies)
 {
-    printf("0\n");
     int32_t status = CRYPTO_LIB_SUCCESS;
     key            = key;     // Direct key input is not supported in KMC interface
     len_key        = len_key; // Direct key input is not supported in KMC interface
     ecs            = ecs;
     acs            = acs;
-    printf("1\n");
+
     curl_easy_reset(curl);
     status = configure_curl_connect_opts(curl, cam_cookies);
     if (status != CRYPTO_LIB_SUCCESS)
     {
         return status;
     }
-    printf("2\n");
     // Base64 URL encode IV for KMC REST Encrypt
     char *iv_base64 = (char *)calloc(1, B64ENCODE_OUT_SAFESIZE(iv_len) + 1);
     if (iv != NULL)
     {
         base64urlEncode(iv, iv_len, iv_base64, NULL);
     }
-    printf("3\n");
+    
 #ifdef DEBUG
     printf("IV_BASE64: %s\n", iv_base64);
 #endif
@@ -1181,14 +1179,14 @@ static int32_t cryptography_aead_encrypt(uint8_t *data_out, size_t len_data_out,
 #ifdef DEBUG
     printf("IV Base64 URL Encoded: %s\n", iv_base64);
 #endif
-    printf("4\n");
+    
     if (sa_ptr->ek_ref[0] == '\0')
     {
         status = CRYPTOGRAHPY_KMC_NULL_ENCRYPTION_KEY_REFERENCE_IN_SA;
         free(iv_base64);
         return status;
     }
-    printf("5\n");
+    
     char *encrypt_uri;
     if (aad_bool == CRYPTO_TRUE)
     {
@@ -1202,7 +1200,7 @@ static int32_t cryptography_aead_encrypt(uint8_t *data_out, size_t len_data_out,
 
         uint32_t mac_size_str_len = 0;
         char    *mac_size_str     = int_to_str(mac_size * 8, &mac_size_str_len);
-        printf("6\n");
+        
         int len_encrypt_endpoint = strlen(encrypt_offset_endpoint) + strlen(sa_ptr->ek_ref) + strlen(iv_base64) +
                                    strlen(AES_GCM_TRANSFORMATION) + aad_offset_str_len + mac_size_str_len;
         char *encrypt_endpoint_final = (char *)malloc(len_encrypt_endpoint);
@@ -1218,7 +1216,7 @@ static int32_t cryptography_aead_encrypt(uint8_t *data_out, size_t len_data_out,
             snprintf(encrypt_endpoint_final, len_encrypt_endpoint, encrypt_offset_endpoint_null_iv, sa_ptr->ek_ref,
                      AES_GCM_TRANSFORMATION, aad_offset_str, mac_size_str);
         }
-        printf("7\n");
+        
         free(aad_offset_str);
         free(mac_size_str);
 #ifdef DEBUG
@@ -1228,7 +1226,7 @@ static int32_t cryptography_aead_encrypt(uint8_t *data_out, size_t len_data_out,
         encrypt_uri[0] = '\0';
         strcat(encrypt_uri, kmc_root_uri);
         strcat(encrypt_uri, encrypt_endpoint_final);
-        printf("8\n");
+        
         // Prepare encrypt_payload with AAD at the front for KMC Crypto Service.
         if (encrypt_bool == CRYPTO_FALSE) // Not encrypting data, only passing in AAD for TAG.
         {
@@ -1252,7 +1250,7 @@ static int32_t cryptography_aead_encrypt(uint8_t *data_out, size_t len_data_out,
     }
     else // No AAD -- just prepare the endpoint URI
     {
-        printf("6.2\n");
+        
         int len_encrypt_endpoint =
             strlen(encrypt_endpoint) + strlen(sa_ptr->ek_ref) + strlen(iv_base64) + strlen(AES_GCM_TRANSFORMATION);
         char *encrypt_endpoint_final = (char *)malloc(len_encrypt_endpoint);

src/sa/test_sadb_mariadb_sql/create_sadb_ivv_unit_tests.sql

@@ -26,9 +26,9 @@ INSERT INTO TC_security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv
 VALUES (6,'kmc/test/key130',3,X'02',1,0,16,16,NULL,0,36,X'000000000000000000000000000000000000000000000000000000000000000000000000',5,3,X'05FFFC',0,3,4,0,1,1,X'00',2);
 
 -- SCID 44 (MMT) Security Associations AES/GCM/NoPadding --
--- SA 7 - Only Keyed SA Available (VC 33)
+-- SA 7 - Only Keyed SA Available (VC 0) (Edited for TM Enc Testing)
 INSERT INTO TC_security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid)
-VALUES (7,'kmc/test/key130',2,X'01',1,1,12,12,16,X'000000000000000000000001',19,X'00000000000000000000000000000000000000',5,0,0,44,33,0);
+VALUES (7,'kmc/test/key130',3,X'01',1,1,12,12,16,X'000000000000000000000001',20,X'00000000000000000000000000000000000000',5,0,0,44,0,0);
 
 -- SA 8 - Only Unkeyed SA Available (VC 32)
 INSERT INTO TC_security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid)
@@ -115,7 +115,7 @@ VALUES (6,'kmc/test/key130',3,X'02',1,0,16,16,NULL,0,36,X'0000000000000000000000
 -- SCID 44 (MMT) Security Associations AES/GCM/NoPadding --
 -- SA 7 - Only Keyed SA Available (VC 33)
 INSERT INTO TM_security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid)
-VALUES (7,'kmc/test/key130',2,X'01',1,1,12,12,16,X'000000000000000000000001',19,X'00000000000000000000000000000000000000',5,0,0,44,33,0);
+VALUES (7,'kmc/test/key130',3,X'01',1,1,12,12,16,X'000000000000000000000001',20,X'00000000000000000000000000000000000000',5,0,0,44,0,0);
 
 -- SA 8 - Only Unkeyed SA Available (VC 32)
 INSERT INTO TM_security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid)
@@ -202,7 +202,7 @@ VALUES (6,'kmc/test/key130',3,X'02',1,0,16,16,NULL,0,36,X'0000000000000000000000
 -- SCID 44 (MMT) Security Associations AES/GCM/NoPadding --
 -- SA 7 - Only Keyed SA Available (VC 33)
 INSERT INTO AOS_security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid)
-VALUES (7,'kmc/test/key130',2,X'01',1,1,12,12,16,X'000000000000000000000001',19,X'00000000000000000000000000000000000000',5,0,0,44,33,0);
+VALUES (7,'kmc/test/key130',3,X'01',1,1,12,12,16,X'000000000000000000000001',20,X'00000000000000000000000000000000000000',5,0,1,3,0,0);
 
 -- SA 8 - Only Unkeyed SA Available (VC 32)
 INSERT INTO AOS_security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid)

test/kmc/ut_aos_kmc.c

@@ -17,7 +17,7 @@
 */
 
 /**
- *  Unit Tests that make use of TC Functionality with KMC Service.
+ *  Unit Tests that make use of AOS Functionality with KMC Service.
  **/
 
 #include "ut_aos_apply.h"
@@ -164,7 +164,7 @@ UTEST(AOS_APPLY_KMC, HAPPY_PATH_ENC_AOS_CBC_KMC)
     Crypto_Config_Kmc_Crypto_Service("https", "itc.kmc.nasa.gov", 8443, "crypto-service", "/certs/ammos-ca-bundle.crt",
                                      NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL);
     GvcidManagedParameters_t AOS_UT_Managed_Parameters0 = {
-        0, 0x0003, 0, AOS_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, AOS_SEGMENT_HDRS_NA, 1786, AOS_NO_OCF, 1};
+        1, 0x0003, 0, AOS_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, AOS_SEGMENT_HDRS_NA, 1786, AOS_NO_OCF, 1};
     Crypto_Config_Add_Gvcid_Managed_Parameters(AOS_UT_Managed_Parameters0);
 
     int32_t return_val = Crypto_Init();

test/kmc/ut_tm_kmc.c

@@ -17,7 +17,7 @@
 */
 
 /**
- *  Unit Tests that make use of TC Functionality with KMC Service.
+ *  Unit Tests that make use of TM Functionality with KMC Service.
  **/
 
 #include "ut_tm_apply.h"
@@ -166,7 +166,7 @@ UTEST(TM_APPLY_KMC, HAPPY_PATH_ENC_TM_CBC_KMC)
     Crypto_Config_Kmc_Crypto_Service("https", "itc.kmc.nasa.gov", 8443, "crypto-service", "/certs/ammos-ca-bundle.crt",
                                      NULL, CRYPTO_TRUE, CLIENT_CERTIFICATE, "PEM", CLIENT_CERTIFICATE_KEY, NULL, NULL);
     GvcidManagedParameters_t TM_UT_Managed_Parameters = {
-        0, 0x0003, 0, TM_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TM_SEGMENT_HDRS_NA, 1786, TM_NO_OCF, 1};
+        0, 0x002C, 0, TM_HAS_FECF, AOS_FHEC_NA, AOS_IZ_NA, 0, TM_SEGMENT_HDRS_NA, 1786, TM_NO_OCF, 1};
     Crypto_Config_Add_Gvcid_Managed_Parameters(TM_UT_Managed_Parameters);
 
     printf("has_fecf: %d\n", current_managed_parameters_struct.has_fecf);