From 127a86ff6a0873a4db81acdd56fc0e108094a102 Mon Sep 17 00:00:00 2001 From: Donnie-Ice Date: Tue, 12 Nov 2024 18:53:32 +0000 Subject: [PATCH] [nasa/cryptolib#344] Added a way to parse if using TC/TM/AOS table by querying each of them with the managed parameters values --- src/core/crypto.c | 48 +++---- .../mariadb/sa_interface_mariadb.template.c | 128 ++++++++++++------ 2 files changed, 111 insertions(+), 65 deletions(-) diff --git a/src/core/crypto.c b/src/core/crypto.c index 424774fe..2b0d37e1 100644 --- a/src/core/crypto.c +++ b/src/core/crypto.c @@ -1216,27 +1216,27 @@ uint32_t Crypto_Get_FSR() * @param algo: uint8_t * @return int32: Key Length **/ -char* Crypto_Get_MariaDB_Table_Prefix(uint8_t table) -{ - char *retval = ""; - - switch (table) - { - case MARIADB_TC_TABLE: - retval = MARIADB_TC_TABLE_PREFIX; - break; - case MARIADB_TM_TABLE: - retval = MARIADB_TM_TABLE_PREFIX; - break; - case MARIADB_AOS_TABLE: - retval = MARIADB_AOS_TABLE_PREFIX; - break; - case MARIADB_LEGACY_TABLE: - retval = MARIADB_LEGACY_TABLE_PREFIX; - break; - default: - break; - } - - return retval; -} +// char* Crypto_Get_MariaDB_Table_Prefix(uint8_t table) +// { +// char retval[25]; + +// switch (table) +// { +// case MARIADB_TC_TABLE: +// retval = MARIADB_TC_TABLE_PREFIX; +// break; +// case MARIADB_TM_TABLE: +// retval = MARIADB_TM_TABLE_PREFIX; +// break; +// case MARIADB_AOS_TABLE: +// retval = MARIADB_AOS_TABLE_PREFIX; +// break; +// case MARIADB_LEGACY_TABLE: +// retval = MARIADB_LEGACY_TABLE_PREFIX; +// break; +// default: +// break; +// } + +// return retval; +// } diff --git a/src/sa/mariadb/sa_interface_mariadb.template.c b/src/sa/mariadb/sa_interface_mariadb.template.c index 8348b414..960edc9d 100644 --- a/src/sa/mariadb/sa_interface_mariadb.template.c +++ b/src/sa/mariadb/sa_interface_mariadb.template.c @@ -48,18 +48,18 @@ static const char *SQL_SADB_GET_SA_BY_SPI = "SELECT " "spi,ekid,akid,sa_state,tfvn,scid,vcid,mapid,lpid,est,ast,shivf_len,shsnf_len,shplf_len,stmacf_len,ecs_len,HEX(ecs)" ",HEX(iv),iv_len,acs_len,HEX(acs),abm_len,HEX(abm),arsn_len,HEX(arsn),arsnw" - " FROM %ssecurity_associations WHERE spi='%d'"; + " FROM %s WHERE spi='%d'"; static const char *SQL_SADB_GET_SA_BY_GVCID = "SELECT " "spi,ekid,akid,sa_state,tfvn,scid,vcid,mapid,lpid,est,ast,shivf_len,shsnf_len,shplf_len,stmacf_len,ecs_len,HEX(ecs)" ",HEX(iv),iv_len,acs_len,HEX(acs),abm_len,HEX(abm),arsn_len,HEX(arsn),arsnw" - " FROM %ssecurity_associations WHERE tfvn='%d' AND scid='%d' AND vcid='%d' AND mapid='%d' AND sa_state='%d'"; + " FROM %s WHERE tfvn='%d' AND scid='%d' AND vcid='%d' AND mapid='%d' AND sa_state='%d'"; static const char *SQL_SADB_UPDATE_IV_ARC_BY_SPI = - "UPDATE %ssecurity_associations" + "UPDATE %s" " SET iv=X'%s', arsn=X'%s'" " WHERE spi='%d' AND tfvn='%d' AND scid='%d' AND vcid='%d' AND mapid='%d'"; static const char *SQL_SADB_UPDATE_IV_ARC_BY_SPI_NULL_IV = - "UPDATE %ssecurity_associations" + "UPDATE %s" " SET arsn=X'%s'" " WHERE spi='%d' AND tfvn='%d' AND scid='%d' AND vcid='%d' AND mapid='%d'"; @@ -187,11 +187,13 @@ static int32_t sa_get_from_spi(uint16_t spi, SecurityAssociation_t **security_as int32_t status = CRYPTO_LIB_SUCCESS; char spi_query[2048]; - char* table_prefix = Crypto_Get_MariaDB_Table_Prefix(MARIADB_TC_TABLE); - snprintf(spi_query, sizeof(spi_query), SQL_SADB_GET_SA_BY_SPI, table_prefix, spi); - - status = parse_sa_from_mysql_query(&spi_query[0], security_association); - + char table[25]; + status = query_all_tables(&table); + if (status == CRYPTO_LIB_SUCCESS) + { + snprintf(spi_query, sizeof(spi_query), SQL_SADB_GET_SA_BY_SPI, table, spi); + status = parse_sa_from_mysql_query(&spi_query[0], security_association); + } return status; } static int32_t sa_get_operational_sa_from_gvcid(uint8_t tfvn, uint16_t scid, uint16_t vcid, uint8_t mapid, @@ -200,12 +202,16 @@ static int32_t sa_get_operational_sa_from_gvcid(uint8_t tfvn, uint16_t scid, uin int32_t status = CRYPTO_LIB_SUCCESS; char gvcid_query[2048]; - char* table_prefix = Crypto_Get_MariaDB_Table_Prefix(MARIADB_TC_TABLE); - snprintf(gvcid_query, sizeof(gvcid_query), SQL_SADB_GET_SA_BY_GVCID, table_prefix, tfvn, scid, vcid, mapid, - SA_OPERATIONAL); - status = parse_sa_from_mysql_query(&gvcid_query[0], security_association); + char table[25]; + status = query_all_tables(&table); + if (status == CRYPTO_LIB_SUCCESS) + { + snprintf(gvcid_query, sizeof(gvcid_query), SQL_SADB_GET_SA_BY_GVCID, table_prefix, tfvn, scid, vcid, mapid, + SA_OPERATIONAL); + status = parse_sa_from_mysql_query(&gvcid_query[0], security_association); + } return status; } static int32_t sa_save_sa(SecurityAssociation_t *sa) @@ -226,41 +232,44 @@ static int32_t sa_save_sa(SecurityAssociation_t *sa) char *arsn_h = malloc(sa->arsn_len * 2 + 1); convert_byte_array_to_hexstring(sa->arsn, sa->arsn_len, arsn_h); - char* table_prefix = Crypto_Get_MariaDB_Table_Prefix(MARIADB_TC_TABLE); - - if (sa->iv != NULL) + // insert table queries here, store in variable = table that returned correct response + char table[25]; + status = query_all_tables(&table); + if (status == CRYPTO_LIB_SUCCESS) { - snprintf(update_sa_query, sizeof(update_sa_query), SQL_SADB_UPDATE_IV_ARC_BY_SPI, table_prefix, iv_h, arsn_h, - sa->spi, sa->gvcid_blk.tfvn, sa->gvcid_blk.scid, sa->gvcid_blk.vcid, sa->gvcid_blk.mapid); + if (sa->iv != NULL) + { + snprintf(update_sa_query, sizeof(update_sa_query), SQL_SADB_UPDATE_IV_ARC_BY_SPI, table_prefix, iv_h, arsn_h, + sa->spi, sa->gvcid_blk.tfvn, sa->gvcid_blk.scid, sa->gvcid_blk.vcid, sa->gvcid_blk.mapid); - free(iv_h); - } - else - { - snprintf(update_sa_query, sizeof(update_sa_query), SQL_SADB_UPDATE_IV_ARC_BY_SPI_NULL_IV, table_prefix, arsn_h, - sa->spi, sa->gvcid_blk.tfvn, sa->gvcid_blk.scid, sa->gvcid_blk.vcid, sa->gvcid_blk.mapid); - free(iv_h); - } + free(iv_h); + } + else + { + snprintf(update_sa_query, sizeof(update_sa_query), SQL_SADB_UPDATE_IV_ARC_BY_SPI_NULL_IV, table_prefix, arsn_h, + sa->spi, sa->gvcid_blk.tfvn, sa->gvcid_blk.scid, sa->gvcid_blk.vcid, sa->gvcid_blk.mapid); + free(iv_h); + } - free(arsn_h); + free(arsn_h); #ifdef SA_DEBUG - fprintf(stderr, "MySQL Insert SA Query: %s \n", update_sa_query); + fprintf(stderr, "MySQL Insert SA Query: %s \n", update_sa_query); #endif - // Crypto_saPrint(sa); - if (mysql_query(con, update_sa_query)) - { - status = finish_with_error(&con, SADB_QUERY_FAILED); + // Crypto_saPrint(sa); + if (mysql_query(con, update_sa_query)) + { + status = finish_with_error(&con, SADB_QUERY_FAILED); + } + // todo - if query fails, need to push failure message to error stack instead of just return code. + + // We free the allocated SA memory in the save function. + if (sa->ek_ref[0] != '\0') + clean_ekref(sa); + if (sa->ak_ref[0] != '\0') + clean_akref(sa); + free(sa); } - // todo - if query fails, need to push failure message to error stack instead of just return code. - - // We free the allocated SA memory in the save function. - if (sa->ek_ref[0] != '\0') - clean_ekref(sa); - if (sa->ak_ref[0] != '\0') - clean_akref(sa); - free(sa); - return status; } // Security Association Utility Functions @@ -588,4 +597,41 @@ static int32_t finish_with_error(MYSQL **con_loc, int err) mysql_close(*con_loc); *con_loc = NULL; return err; +} + +static int32_t query_all_tables(char* table) +{ + int32_t status = 0; + char gvcid_query[2048]; + + char *tables[] = {MARIADB_TC_TABLE_PREFIX, MARIADB_TM_TABLE_PREFIX, MARIADB_AOS_TABLE_PREFIX}; + char *mapid[] = {TYPE_TC , TYPE_TM , TYPE_AOS}; + for (int i = 0; i <= 2; i++) + { + snprintf(gvcid_query, sizeof(gvcid_query), SQL_SADB_GET_SA_BY_GVCID, tables[i], current_managed_parameters_struct.tfvn, current_managed_parameters_struct.scid, current_managed_parameters_struct.vcid, mapid[i], + SA_OPERATIONAL); + + MYSQL_RES *result = mysql_store_result(con); + + int num_rows = mysql_num_rows(result); + if (num_rows == 0) + { + continue; + } + else + { + if (status == CRYPTO_LIB_SUCCESS) + { + //Collision + return CRYPTO_LIB_ERROR; + } + else + { + status = CRYPTO_LIB_SUCCESS; + table = tables[i]; + } + } + } + + return status; } \ No newline at end of file