The following line in the tests setup script dumps a ton of output in the Travis CI console (over 6,000 lines worth):

Redirect this command to a log file to condense the build output during testing.

I have already implemented this on an older branch.

From 1.2 spec:

4.25 Query
This operation is used by the client to interrogate the server to determine its capabilities and/or protocol mechanisms.

4.9 Locate
This operation requests that the server search for one or more Managed Objects, depending on the attributes specified in the request. All attributes are allowed to be used.

As per the libkmip documentation, supported operations include create, get and destroy keys, and supported object types include symmetric and asymmetric encryption keys. So, i should be able to create an RSA keypair.

There is no demo code for creating keypair, so I changed demo_create.c file as follows:

1. Changed cryptographic algorithm to RSA.
2. Changed ceryptographic length to 1024/2048.
3. Changed obejct type to PublicKey/PrivateKey.

I then build the demo_create binary and tried creating key. I am using PyKMIP server as KMS. However, on running demo_create, I am getting following error in response:

Response Batch Item @ 0xf7f5c0
Operation: Create
Unique Batch Item ID @ (nil)
Result Status: Operation Failed
Result Reason: Invalid Field
Result Message @ 0xfa16c0
Value: Cannot create a PublicKey object with the Create operation.
Asynchronous Correlation Value @ (nil)
Create Response Payload @ (nil)

On looking at the KMIP specs, I found that Public/Private keypair can only be created with CreateKeyPair operation. Is my understanding correct? If so, then does libkmip support creating Public/Private keypairs?

I'm using version 0.2.0 of libkmip based off commit 5b4e67, with my custom application in which I connect to pyKMIP server using libkmip library. When pyKMIP server time is not synchronized with my server, that is my server time is in future relative to pyKMIP server time, pyKMIP server rejects requests from my server with following error:
2019-12-16 10:05:37,450 - kmip.server.engine - WARNING - Received request with future timestamp. Received timestamp: 1576515938, Current timestamp: 1576515937
I believe that it is fine for pyKMIP server to reject such request, but when my server receives response with indication of that error then app crashes. I have invesitgated that problem a little bit and found out that there is a likely problem in the libkmip library code:

#0  0x0000000000424e5b in kmip_bio_create_symmetric_key (bio=0x6649e0, template_attribute=0x7fffffffcf50, id=0x7fffffffd010, 
    id_size=0x7fffffffcff4) at kmip_bio.c:200
200	    TextString *unique_identifier = pld->unique_identifier;
(gdb) list
195	    
196	    ResponseBatchItem resp_item = resp_m.batch_items[0];
197	    result = resp_item.result_status;
198	    
199	    CreateResponsePayload *pld = (CreateResponsePayload *)resp_item.response_payload;
200	    TextString *unique_identifier = pld->unique_identifier;
201	    
202	    /* KMIP text strings are not null-terminated by default. Add an extra */
203	    /* character to the end of the UUID copy to make space for the null   */
204	    /* terminator.                                                        */
(gdb) p pld
$5 = (CreateResponsePayload *) 0x0
(gdb) p resp_item.response_payload 
$6 = (void *) 0x0
(gdb) p resp_item
$7 = {operation = (unknown: 0), unique_batch_item_id = 0x0, result_status = KMIP_STATUS_OPERATION_FAILED, 
  result_reason = KMIP_REASON_INVALID_MESSAGE, result_message = 0x6648d0, asynchronous_correlation_value = 0x0, 
  response_payload = 0x0}
(gdb) c
Continuing.

Program terminated with signal SIGSEGV, Segmentation fault.
The program no longer exists.

Actual crash happens in line 200 of kmip_bio.c. while unique_identifier is being dereferenced. I think it should be conditionally dereferenced when resposne result_Status is success. In my scenario
respons result is INVALID_MESSAGE (I believe that due to time synchronization problem that I described earlier)

(gdb) p resp_item
$7 = {operation = (unknown: 0), unique_batch_item_id = 0x0, result_status = KMIP_STATUS_OPERATION_FAILED, 
  result_reason = KMIP_REASON_INVALID_MESSAGE, result_message = 0x6648d0, asynchronous_correlation_value = 0x0, 
  response_payload = 0x0}

All of the kmip_print_* functions currently leverage printf to display libkmip structures and values. This makes it hard to test these functions and limits their utility to a single use case: printing to stdout. Migrate all of these utilities to leverage fprintf instead, updating the function signatures to also require a FILE * argument that will be used by fprintf to send output to any desired buffer.

Once these updates are in place, update the demo applications and documentation to reflect these changes.

Current implementation does not support Cryptographic Parameters attribute such as cipher mode, padding mode, digest algorithm etc. These parameters are needed to describe the object that needs to be created. As an example, I would like to create a symmetric key with key algorithm AES, key length 256 and cipher mode GCM. I cannot do that today.

The current libkmip unit test suite focuses primarily on verifying the functionality of the encoding and decoding library. The OpenSSL BIO client library is not covered.

The PyKMIP client and server are tested together via Travis CI. Add integration tests to libkmip that use the OpenSSL BIO client API to run basic Create/Get/Destroy commands against the PyKMIP server to verify client functionality.

I've been trying to use libkmip with a commercial KMIP server. The same program works correctly with PyKMIP. Has anyone else gotten the the library to work with another server?

Also does one go about debugging an issue like this? The vendor will not provide a hex dump of the encoded packet; with it could probably figure out the problem in a short amount of time.

The error the server is generating:

WARN ... Failed to get ikm type for key (null) rc = -7
WARN ... Failed to get key details for key (null):(null) rc=-7
ERROR ... request.keys.kmip.UnknownOp ClientIP=xx.xx.xx.xx; ServerPort=5696; CN=KMIPtest; Username=KMIPtest;
RequestCount=5812; Operation=1.0_Undefined Operation [0];
info=Exception: ...; ResultReason=GeneralFailure;
errmsg=Unknown key name or insufficient permissions

The addition of the new error code KMIP_ERROR_BUFFER_UNDERFULL is not reflected in kmip_print_error_string, the utility function to print the error code string. Update it to match the current set of error codes.

Here is the output of the git status -sbu command after running the compilation:

$ git status -sbu
## master...origin/master
?? bin/demo_create
?? bin/demo_destroy
?? bin/demo_get
?? bin/demo_query
?? bin/tests

Compiled binaries, being a derived product of source code, need to be ignored. Otherwise, there is a risk of accidentally committing them into Git.

Add another set of tests (that mirror existing ones) but run through Valgrind, like this:

valgrind -v --leak-check=full ./tests

The expected output should ultimately be something like:

==12384== HEAP SUMMARY:
==12384==     in use at exit: 0 bytes in 0 blocks
==12384==   total heap usage: 516 allocs, 516 frees, 13,873 bytes allocated
==12384== 
==12384== All heap blocks were freed -- no leaks are possible
==12384== 
==12384== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
==12384== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)

The test should verify that no leaks are possible.

As per the libkmip documentation, supported operations include create, get and destroy keys, and supported object types include symmetric and asymmetric encryption keys.

I have a requirement for registering a key to KMIP server. My understanding is I can do that only with Register operation. I want to understand if there is a plan to add support for Register operation in libkmip.