402 quickfix kmc should not call get key

CMakeLists.txt

@@ -35,23 +35,23 @@ set(CRYPTO_CUSTOM_PATH_DEFAULT "../../crypto/custom")
 # For flags with the same prefix, one or more may be enabled
 #
 option(CODECOV "Code Coverage" OFF)
-option(CRYPTO_LIBGCRYPT "Cryptography Module - Libgcrypt" ON)
+option(CRYPTO_LIBGCRYPT "Cryptography Module - Libgcrypt" OFF)
 option(CRYPTO_KMC "Cryptography Module - KMC" OFF)
 option(CRYPTO_WOLFSSL "Cryptography Module - WolfSSL" OFF)
 option(CRYPTO_CUSTOM "Cryptography Module - CUSTOM" OFF)
 option(CRYPTO_CUSTOM_PATH "Cryptography Module - CUSTOM PATH" OFF)
 option(DEBUG "Debug" OFF)
 option(KEY_CUSTOM "Key Module - Custom" OFF)
 option(KEY_CUSTOM_PATH "Custom Key Path" OFF)
-option(KEY_INTERNAL "Key Module - Internal" ON)
+option(KEY_INTERNAL "Key Module - Internal" OFF)
 option(KEY_KMC "Key Module - KMC" OFF)
 option(MC_CUSTOM "Monitoring and Control - Custom" OFF)
 option(MC_CUSTOM_PATH "Custom Monitoring and Control path" OFF)
 option(MC_DISABLED "Monitoring and Control - Disabled" OFF)
-option(MC_INTERNAL "Monitoring and Control - Internal" ON)
+option(MC_INTERNAL "Monitoring and Control - Internal" OFF)
 option(SA_CUSTOM "Security Association - Custom" OFF)
 option(SA_CUSTOM_PATH "Custom Security Association Path" OFF)
-option(SA_INTERNAL "Security Association - Internal" ON)
+option(SA_INTERNAL "Security Association - Internal" OFF)
 option(SA_MARIADB "Security Association - MariaDB" OFF)
 option(SUPPORT "Support" OFF)
 option(SYSTEM_INSTALL "SystemInstall" OFF)
@@ -142,7 +142,6 @@ ENDIF(KMC_MDB_DB)
 IF(CRYPTO_EPROC)
     ADD_DEFINITIONS(-DCRYPTO_EPROC)
     message(WARNING "Cryptolib Extended Procedures NOT complete.  NOT Fully tested.  Use at own risk!")
-
 ENDIF(CRYPTO_EPROC)
 
 if(SYSTEM_INSTALL)

include/crypto_config_structs.h

@@ -190,10 +190,10 @@
 {
     CRYPTO_CIPHER_NONE,
     CRYPTO_CIPHER_AES256_GCM,
-    CRYPTO_CIPHER_AES256_GCM_SIV,
     CRYPTO_CIPHER_AES256_CBC,
     CRYPTO_CIPHER_AES256_CBC_MAC,
-    CRYPTO_CIPHER_AES256_CCM
+    CRYPTO_CIPHER_AES256_CCM,
+    CRYPTO_CIPHER_AES256_GCM_SIV
 } EncCipherSuite;
 
 /*
@@ -222,7 +222,7 @@
 #define CRYPTO_CONFIG_SIZE (sizeof(CryptoConfig_t))
 
 typedef struct _GvcidManagedParameters_t GvcidManagedParameters_t;
 struct _GvcidManagedParameters_t
 {
     uint8_t              tfvn : 4;  // Transfer Frame Version Number
     uint16_t             scid : 10; // SpacecraftID

include/crypto_error.h

@@ -36,6 +36,7 @@
 #define SADB_QUERY_FAILED              301
 #define SADB_QUERY_EMPTY_RESULTS       302
 #define SADB_INSERT_FAILED             303
+#define SADB_INVALID_SA_FIELD_VALUE    304
 
 #define CRYPTOGRAPHY_INVALID_CRYPTO_INTERFACE_TYPE      400
 #define CRYPTOGRAPHY_UNSUPPORTED_OPERATION_FOR_KEY_RING 401
@@ -150,11 +151,11 @@
 #define KMC_ERROR_CODES     500
 #define KMC_ERROR_CODES_MAX 515
 
 #define CRYPTO_INTERFACE_ERROR_CODES     400
 #define CRYPTO_INTERFACE_ERROR_CODES_MAX 402
 
 #define SADB_ERROR_CODES     300
-#define SADB_ERROR_CODES_MAX 303
+#define SADB_ERROR_CODES_MAX 304
 
 #define SADB_INTERFACE_ERROR_CODES     200
 #define SADB_INTERFACE_ERROR_CODES_MAX 201
@@ -171,2 +172,2 @@
 extern char *crypto_enum_errlist_crypto_cam[];
 

src/core/crypto_aos.c

@@ -1,3 +1,3 @@
 /** Copyright (C) 2009 - 2022 National Aeronautics and Space Administration.
    All Foreign Rights are Reserved to the U.S. Government.
 
@@ -360,31 +360,34 @@
     // Get Key
     crypto_key_t *ekp = NULL;
     crypto_key_t *akp = NULL;
-    ekp               = key_if->get_key(sa_ptr->ekid);
-    akp               = key_if->get_key(sa_ptr->akid);
-
-    if (ekp == NULL || akp == NULL)
+    if (crypto_config.key_type != KEY_TYPE_KMC)
     {
-        status = CRYPTO_LIB_ERR_KEY_ID_ERROR;
-        mc_if->mc_log(status);
-        return status;
-    }
-    if (sa_ptr->est == 1)
-    {
-        if (ekp->key_state != KEY_ACTIVE)
+        ekp               = key_if->get_key(sa_ptr->ekid);
+        akp               = key_if->get_key(sa_ptr->akid);
+
+        if (ekp == NULL || akp == NULL)
         {
-            status = CRYPTO_LIB_ERR_KEY_STATE_INVALID;
+            status = CRYPTO_LIB_ERR_KEY_ID_ERROR;
             mc_if->mc_log(status);
             return status;
         }
-    }
-    if (sa_ptr->ast == 1)
-    {
-        if (akp->key_state != KEY_ACTIVE)
+        if (sa_ptr->est == 1)
         {
-            status = CRYPTO_LIB_ERR_KEY_STATE_INVALID;
-            mc_if->mc_log(status);
-            return status;
+            if (ekp->key_state != KEY_ACTIVE)
+            {
+                status = CRYPTO_LIB_ERR_KEY_STATE_INVALID;
+                mc_if->mc_log(status);
+                return status;
+            }
+        }
+        if (sa_ptr->ast == 1)
+        {
+            if (akp->key_state != KEY_ACTIVE)
+            {
+                status = CRYPTO_LIB_ERR_KEY_STATE_INVALID;
+                mc_if->mc_log(status);
+                return status;
+            }
         }
     }
 
@@ -1216,34 +1219,40 @@
 
     if (sa_ptr->est == 1)
     {
-        ekp = key_if->get_key(sa_ptr->ekid);
-        if (ekp == NULL)
-        {
-            status = CRYPTO_LIB_ERR_KEY_ID_ERROR;
-            mc_if->mc_log(status);
-            return status;
-        }
-        if (ekp->key_state != KEY_ACTIVE)
+        if (crypto_config.key_type != KEY_TYPE_KMC)
         {
-            status = CRYPTO_LIB_ERR_KEY_STATE_INVALID;
-            mc_if->mc_log(status);
-            return status;
+            ekp = key_if->get_key(sa_ptr->ekid);
+            if (ekp == NULL)
+            {
+                status = CRYPTO_LIB_ERR_KEY_ID_ERROR;
+                mc_if->mc_log(status);
+                return status;
+            }
+            if (ekp->key_state != KEY_ACTIVE)
+            {
+                status = CRYPTO_LIB_ERR_KEY_STATE_INVALID;
+                mc_if->mc_log(status);
+                return status;
+            }
         }
     }
     if (sa_ptr->ast == 1)
     {
-        akp = key_if->get_key(sa_ptr->akid);
-        if (akp == NULL)
-        {
-            status = CRYPTO_LIB_ERR_KEY_ID_ERROR;
-            mc_if->mc_log(status);
-            return status;
-        }
-        if (akp->key_state != KEY_ACTIVE)
+        if (crypto_config.key_type != KEY_TYPE_KMC)
         {
-            status = CRYPTO_LIB_ERR_KEY_STATE_INVALID;
-            mc_if->mc_log(status);
-            return status;
+            akp = key_if->get_key(sa_ptr->akid);
+            if (akp == NULL)
+            {
+                status = CRYPTO_LIB_ERR_KEY_ID_ERROR;
+                mc_if->mc_log(status);
+                return status;
+            }
+            if (akp->key_state != KEY_ACTIVE)
+            {
+                status = CRYPTO_LIB_ERR_KEY_STATE_INVALID;
+                mc_if->mc_log(status);
+                return status;
+            }
         }
     }
 

src/core/crypto_config.c

@@ -1,3 +1,3 @@
 /* Copyright (C) 2009 - 2022 National Aeronautics and Space Administration.
    All Foreign Rights are Reserved to the U.S. Government.
 
@@ -297,29 +297,32 @@
     // Determine which cryptographic module is in use
     if (cryptography_if == NULL)
     {
-        cryptography_if = get_cryptography_interface_libgcrypt();
-        if (cryptography_if == NULL)
+        if (crypto_config.cryptography_type == CRYPTOGRAPHY_TYPE_LIBGCRYPT)
+        {
+            cryptography_if = get_cryptography_interface_libgcrypt();
+        }
+        else if (crypto_config.cryptography_type == CRYPTOGRAPHY_TYPE_WOLFSSL)
         {
             cryptography_if = get_cryptography_interface_wolfssl();
         }
-        if (cryptography_if == NULL)
+        else if (crypto_config.cryptography_type == CRYPTOGRAPHY_TYPE_CUSTOM)
         {
             cryptography_if = get_cryptography_interface_custom();
         }
-        if (cryptography_if == NULL)
-        { // Note this needs to be the last option in the chain due to addition configuration required
+        else if (crypto_config.cryptography_type == CRYPTOGRAPHY_TYPE_KMCCRYPTO)
+        {
             if (cryptography_kmc_crypto_config != NULL)
             {
                 cryptography_if = get_cryptography_interface_kmc_crypto_service();
             }
         }
-        if (cryptography_if == NULL)
+        else
         {
 #ifdef DEBUG
             printf("Fatal Error: Unable to identify Cryptography Interface!\n");
 #endif
             status = CRYPTOGRAPHY_INVALID_CRYPTO_INTERFACE_TYPE;
-        }
+        }       
     }
 
     if (status == CRYPTO_LIB_SUCCESS)
@@ -388,8 +391,6 @@
 {
     int32_t status = CRYPTO_LIB_SUCCESS;
 
-    crypto_free_config_structs();
-
     // current_managed_parameters = NULL;
     current_managed_parameters_struct = gvcid_null_struct;
     for (int i = 0; i <= gvcid_counter; i++)
@@ -423,6 +424,8 @@
         cryptography_if = NULL;
     }
 
+    crypto_free_config_structs();
+
     return status;
 }
 

src/core/crypto_error.c

@@ -1,3 +1,3 @@
 /* Copyright (C) 2009 - 2022 National Aeronautics and Space Administration.
    All Foreign Rights are Reserved to the U.S. Government.
 
@@ -108,6 +108,7 @@
     (char *)"SADB_QUERY_FAILED",
     (char *)"SADB_QUERY_EMPTY_RESULTS",
     (char *)"SADB_INSERT_FAILED",
+    (char *)"SADB_INVALID_SA_FIELD_VALUE",
 };
 char *crypto_enum_errlist_crypto_if[] = {
     (char *)"CRYPTOGRAPHY_INVALID_CRYPTO_INTERFACE_TYPE",