[#344] Made TC, TM, AOS databases. Added SADB_TABLE define

nasa · Nov 4, 2024 · 2af12f1 · 2af12f1
1 parent da65f0d
commit 2af12f1
Show file tree

Hide file tree

Showing 10 changed files with 309 additions and 58 deletions.
diff --git a/include/crypto_config.h b/include/crypto_config.h
@@ -41,6 +41,9 @@
 #define RESET
 #endif
 
+// KMC Defines
+#define SADB_TABLE "TC"
+
 // Managed Parameters Size
 #define GVCID_MAN_PARAM_SIZE 250
 

diff --git a/src/sa/mariadb/sa_interface_mariadb.template.c b/src/sa/mariadb/sa_interface_mariadb.template.c
@@ -48,18 +48,18 @@ static const char *SQL_SADB_GET_SA_BY_SPI =
     "SELECT "
     "spi,ekid,akid,sa_state,tfvn,scid,vcid,mapid,lpid,est,ast,shivf_len,shsnf_len,shplf_len,stmacf_len,ecs_len,HEX(ecs)"
     ",HEX(iv),iv_len,acs_len,HEX(acs),abm_len,HEX(abm),arsn_len,HEX(arsn),arsnw"
-    " FROM security_associations WHERE spi='%d'";
+    " FROM %s_security_associations WHERE spi='%d'";
 static const char *SQL_SADB_GET_SA_BY_GVCID =
     "SELECT "
     "spi,ekid,akid,sa_state,tfvn,scid,vcid,mapid,lpid,est,ast,shivf_len,shsnf_len,shplf_len,stmacf_len,ecs_len,HEX(ecs)"
     ",HEX(iv),iv_len,acs_len,HEX(acs),abm_len,HEX(abm),arsn_len,HEX(arsn),arsnw"
-    " FROM security_associations WHERE tfvn='%d' AND scid='%d' AND vcid='%d' AND mapid='%d' AND sa_state='%d'";
+    " FROM %s_security_associations WHERE tfvn='%d' AND scid='%d' AND vcid='%d' AND mapid='%d' AND sa_state='%d'";
 static const char *SQL_SADB_UPDATE_IV_ARC_BY_SPI =
-    "UPDATE security_associations"
+    "UPDATE %s_security_associations"
     " SET iv=X'%s', arsn=X'%s'"
     " WHERE spi='%d' AND tfvn='%d' AND scid='%d' AND vcid='%d' AND mapid='%d'";
 static const char *SQL_SADB_UPDATE_IV_ARC_BY_SPI_NULL_IV =
-    "UPDATE security_associations"
+    "UPDATE %s_security_associations"
     " SET arsn=X'%s'"
     " WHERE spi='%d' AND tfvn='%d' AND scid='%d' AND vcid='%d' AND mapid='%d'";
 
@@ -187,7 +187,7 @@ static int32_t sa_get_from_spi(uint16_t spi, SecurityAssociation_t **security_as
     int32_t status = CRYPTO_LIB_SUCCESS;
 
     char spi_query[2048];
-    snprintf(spi_query, sizeof(spi_query), SQL_SADB_GET_SA_BY_SPI, spi);
+    snprintf(spi_query, sizeof(spi_query), SQL_SADB_GET_SA_BY_SPI, SADB_TABLE, spi);
 
     status = parse_sa_from_mysql_query(&spi_query[0], security_association);
 
@@ -199,7 +199,7 @@ static int32_t sa_get_operational_sa_from_gvcid(uint8_t tfvn, uint16_t scid, uin
     int32_t status = CRYPTO_LIB_SUCCESS;
 
     char gvcid_query[2048];
-    snprintf(gvcid_query, sizeof(gvcid_query), SQL_SADB_GET_SA_BY_GVCID, tfvn, scid, vcid, mapid, SA_OPERATIONAL);
+    snprintf(gvcid_query, sizeof(gvcid_query), SQL_SADB_GET_SA_BY_GVCID, SADB_TABLE, tfvn, scid, vcid, mapid, SA_OPERATIONAL);
 
     status = parse_sa_from_mysql_query(&gvcid_query[0], security_association);
 
@@ -226,14 +226,14 @@ static int32_t sa_save_sa(SecurityAssociation_t *sa)
 
     if (sa->iv != NULL)
     {
-        snprintf(update_sa_query, sizeof(update_sa_query), SQL_SADB_UPDATE_IV_ARC_BY_SPI, iv_h, arsn_h, sa->spi,
+        snprintf(update_sa_query, sizeof(update_sa_query), SQL_SADB_UPDATE_IV_ARC_BY_SPI, SADB_TABLE, iv_h, arsn_h, sa->spi,
                  sa->gvcid_blk.tfvn, sa->gvcid_blk.scid, sa->gvcid_blk.vcid, sa->gvcid_blk.mapid);
 
         free(iv_h);
     }
     else
     {
-        snprintf(update_sa_query, sizeof(update_sa_query), SQL_SADB_UPDATE_IV_ARC_BY_SPI_NULL_IV, arsn_h, sa->spi,
+        snprintf(update_sa_query, sizeof(update_sa_query), SQL_SADB_UPDATE_IV_ARC_BY_SPI_NULL_IV, SADB_TABLE, arsn_h, sa->spi,
                  sa->gvcid_blk.tfvn, sa->gvcid_blk.scid, sa->gvcid_blk.vcid, sa->gvcid_blk.mapid);
         free(iv_h);
     }

diff --git a/src/sa/sadb_mariadb_sql/create_sadb.sql b/src/sa/sadb_mariadb_sql/create_sadb.sql
@@ -4,7 +4,7 @@ USE sadb;
 
 -- IV_LEN should probably not have that default -- to be reviewed.
 
-CREATE TABLE IF NOT EXISTS security_associations
+CREATE TABLE IF NOT EXISTS TC_security_associations
 (
   spi INT NOT NULL
   ,ekid VARCHAR(100) CHARACTER SET utf8 DEFAULT NULL -- 'EG, for KMC Crypto KeyRef, 'kmc/test/KEY130', for libgcrypt '130'
@@ -34,4 +34,66 @@ CREATE TABLE IF NOT EXISTS security_associations
   ,arsnw SMALLINT NOT NULL DEFAULT 0 -- ARSNW_SIZE=1
 );
 
-create unique index if not exists main_spi on security_associations (spi,scid,vcid,tfvn,mapid);
+CREATE TABLE IF NOT EXISTS TM_security_associations
+(
+  spi INT NOT NULL
+  ,ekid VARCHAR(100) CHARACTER SET utf8 DEFAULT NULL -- 'EG, for KMC Crypto KeyRef, 'kmc/test/KEY130', for libgcrypt '130'
+  ,akid VARCHAR(100) CHARACTER SET utf8 DEFAULT NULL -- Same as ekid
+  ,sa_state SMALLINT NOT NULL DEFAULT 0
+  ,tfvn TINYINT NOT NULL
+  ,scid SMALLINT NOT NULL
+  ,vcid TINYINT NOT NULL
+  ,mapid TINYINT NOT NULL DEFAULT 0
+  ,lpid SMALLINT
+  ,est SMALLINT NOT NULL DEFAULT 0
+  ,ast SMALLINT NOT NULL DEFAULT 0
+  ,shivf_len SMALLINT NOT NULL DEFAULT 0
+  ,shsnf_len SMALLINT NOT NULL DEFAULT 0
+  ,shplf_len SMALLINT NOT NULL DEFAULT 0
+  ,stmacf_len SMALLINT NOT NULL DEFAULT 0
+  ,ecs_len SMALLINT NOT NULL DEFAULT 1
+  ,ecs VARBINARY(4) NOT NULL DEFAULT X'01' -- ECS_SIZE=4
+  ,iv_len SMALLINT NOT NULL DEFAULT 0
+  ,iv VARBINARY(20) DEFAULT NULL -- IV_SIZE=12
+  ,acs_len SMALLINT NOT NULL DEFAULT 0
+  ,acs VARBINARY(4) NOT NULL DEFAULT X'00'
+  ,abm_len MEDIUMINT
+  ,abm VARBINARY(1024) NOT NULL DEFAULT X'0000FC0000FFFF000000000000000000000000' -- ABM_SIZE=1024
+  ,arsn_len SMALLINT NOT NULL DEFAULT 0
+  ,arsn VARBINARY(20) NOT NULL DEFAULT X'0000000000000000000000000000000000000000' -- ARSN_SIZE=20 , TBD why so large...
+  ,arsnw SMALLINT NOT NULL DEFAULT 0 -- ARSNW_SIZE=1
+);
+
+CREATE TABLE IF NOT EXISTS AOS_security_associations
+(
+  spi INT NOT NULL
+  ,ekid VARCHAR(100) CHARACTER SET utf8 DEFAULT NULL -- 'EG, for KMC Crypto KeyRef, 'kmc/test/KEY130', for libgcrypt '130'
+  ,akid VARCHAR(100) CHARACTER SET utf8 DEFAULT NULL -- Same as ekid
+  ,sa_state SMALLINT NOT NULL DEFAULT 0
+  ,tfvn TINYINT NOT NULL
+  ,scid SMALLINT NOT NULL
+  ,vcid TINYINT NOT NULL
+  ,mapid TINYINT NOT NULL DEFAULT 0
+  ,lpid SMALLINT
+  ,est SMALLINT NOT NULL DEFAULT 0
+  ,ast SMALLINT NOT NULL DEFAULT 0
+  ,shivf_len SMALLINT NOT NULL DEFAULT 0
+  ,shsnf_len SMALLINT NOT NULL DEFAULT 0
+  ,shplf_len SMALLINT NOT NULL DEFAULT 0
+  ,stmacf_len SMALLINT NOT NULL DEFAULT 0
+  ,ecs_len SMALLINT NOT NULL DEFAULT 1
+  ,ecs VARBINARY(4) NOT NULL DEFAULT X'01' -- ECS_SIZE=4
+  ,iv_len SMALLINT NOT NULL DEFAULT 0
+  ,iv VARBINARY(20) DEFAULT NULL -- IV_SIZE=12
+  ,acs_len SMALLINT NOT NULL DEFAULT 0
+  ,acs VARBINARY(4) NOT NULL DEFAULT X'00'
+  ,abm_len MEDIUMINT
+  ,abm VARBINARY(1024) NOT NULL DEFAULT X'0000FC0000FFFF000000000000000000000000' -- ABM_SIZE=1024
+  ,arsn_len SMALLINT NOT NULL DEFAULT 0
+  ,arsn VARBINARY(20) NOT NULL DEFAULT X'0000000000000000000000000000000000000000' -- ARSN_SIZE=20 , TBD why so large...
+  ,arsnw SMALLINT NOT NULL DEFAULT 0 -- ARSNW_SIZE=1
+);
+
+create unique index if not exists main_spi on TC_security_associations (spi,scid,vcid,tfvn,mapid);
+create unique index if not exists main_spi on TM_security_associations (spi,scid,vcid,tfvn,mapid);
+create unique index if not exists main_spi on AOS_security_associations (spi,scid,vcid,tfvn,mapid);
diff --git a/src/sa/sadb_mariadb_sql/empty_sadb.sql b/src/sa/sadb_mariadb_sql/empty_sadb.sql
@@ -1,3 +1,5 @@
 USE sadb;
 
-TRUNCATE TABLE security_associations;
+TRUNCATE TABLE TC_security_associations;
+TRUNCATE TABLE TM_security_associations;
+TRUNCATE TABLE AOS_security_associations;
diff --git a/src/sa/sadb_mariadb_sql/list_sadb.sql b/src/sa/sadb_mariadb_sql/list_sadb.sql
@@ -1,3 +1,5 @@
 USE sadb;
 
-select spi,ekid,akid,sa_state,tfvn,scid,vcid,mapid,est,ast,shivf_len,shsnf_len,shplf_len,stmacf_len,ecs_len,HEX(ecs),iv_len,HEX(iv),acs_len,HEX(acs),abm_len,arsn_len,HEX(arsn),arsnw from security_associations;
+select spi,ekid,akid,sa_state,tfvn,scid,vcid,mapid,est,ast,shivf_len,shsnf_len,shplf_len,stmacf_len,ecs_len,HEX(ecs),iv_len,HEX(iv),acs_len,HEX(acs),abm_len,arsn_len,HEX(arsn),arsnw from TC_security_associations;
+select spi,ekid,akid,sa_state,tfvn,scid,vcid,mapid,est,ast,shivf_len,shsnf_len,shplf_len,stmacf_len,ecs_len,HEX(ecs),iv_len,HEX(iv),acs_len,HEX(acs),abm_len,arsn_len,HEX(arsn),arsnw from TM_security_associations;
+select spi,ekid,akid,sa_state,tfvn,scid,vcid,mapid,est,ast,shivf_len,shsnf_len,shplf_len,stmacf_len,ecs_len,HEX(ecs),iv_len,HEX(iv),acs_len,HEX(acs),abm_len,arsn_len,HEX(arsn),arsnw from AOS_security_associations;
diff --git a/src/sa/test_sadb_mariadb_sql/create_sadb_error_path_unit_test_security_associations.sql b/src/sa/test_sadb_mariadb_sql/create_sadb_error_path_unit_test_security_associations.sql
@@ -2,19 +2,19 @@ USE sadb;
 
 -- SCID 44 (MMT) Security Associations AES/GCM/NoPadding --
 -- SA 1 - Only Keyed SA Available (VC 33)
-INSERT INTO security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid)
+INSERT INTO TC_security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid)
 VALUES (1,'kmc/test/key130',2,X'01',1,1,12,12,16,X'000000000000000000000001',19,X'00000000000000000000000000000000000000',5,0,0,44,33,0);
 
 -- SA 2 - Only Unkeyed SA Available (VC 32)
-INSERT INTO security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid)
+INSERT INTO TC_security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid)
 VALUES (2,'kmc/test/key130',1,X'01',1,1,12,12,16,X'000000000000000000000001',19,X'00000000000000000000000000000000000000',5,0,0,44,32,0);
 
 -- SA 3 - Null ECS & EKID for AESGCM Error (VC 34)
-INSERT INTO security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid)
+INSERT INTO TC_security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid)
 VALUES (3,NULL,3,'',1,1,12,12,16,X'000000000000000000000001',19,X'00000000000000000000000000000000000000',5,0,0,44,34,0);
 
 -- SA 4 - Invalid Frame Length with Seg Headers Config Set (VC 28)
-INSERT INTO security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid)
+INSERT INTO TC_security_associations (spi,ekid,sa_state,ecs,est,ast,shivf_len,iv_len,stmacf_len,iv,abm_len,abm,arsnw,arsn_len,tfvn,scid,vcid,mapid)
 VALUES (4,'kmc/test/key128',3,X'01',1,1,12,12,16,X'000000000000000000000001',19,X'0000000000000000000000000000000000000000',5,0,0,44,28,1);