AKMC-113: Add SADB Interfaces for MySQL/Inmemory configurability and basic implementation.

CMakeLists.txt

@@ -20,7 +20,9 @@ project(CRYPTO C)
 
 set(CMAKE_INSTALL_RPATH "$ORIGIN/../lib")
 
-OPTION(DEBUG "Debug" OFF) # Disabled by default
+OPTION(DEBUG "Debug" OFF) # Disabled by default, enable with: -DDEBUG=ON
+OPTION(MYSQL "Mysql" OFF) # Disabled by default, enable with: -DMYSQL=ON
+
 IF(DEBUG)
     ADD_DEFINITIONS(-DDEBUG -DOCF_DEBUG -DFECF_DEBUG -DSA_DEBUG -DPDU_DEBUG -DCCSDS_DEBUG -DTC_DEBUG -DMAC_DEBUG -DTM_DEBUG)
     add_compile_options(-ggdb)

fsw/CMakeLists.txt

@@ -17,6 +17,11 @@
 include_directories(public_inc)
 
 aux_source_directory(src LIB_SRC_FILES)
+if(MYSQL)
+    aux_source_directory(src_mysql LIB_SRC_MYSQL_FILES)
+    list(APPEND LIB_SRC_FILES ${LIB_SRC_MYSQL_FILES})
+endif()
+
 
 if(CMAKE_PROJECT_NAME STREQUAL PROJECT_NAME)
     include(CTest)
@@ -30,6 +35,16 @@ else() #standalone build
     add_library(Crypto SHARED ${LIB_SRC_FILES})
 endif()
 
+if(MYSQL)
+    execute_process(COMMAND mysql_config --cflags
+            OUTPUT_VARIABLE MYSQL_CFLAGS OUTPUT_STRIP_TRAILING_WHITESPACE)
+    execute_process(COMMAND mysql_config --libs
+            OUTPUT_VARIABLE MYSQL_LIBS OUTPUT_STRIP_TRAILING_WHITESPACE)
+
+    target_compile_options(Crypto PUBLIC ${MYSQL_CFLAGS})
+    target_link_libraries(Crypto ${MYSQL_LIBS})
+endif()
+
 # Add libgcrypt
 target_link_libraries(Crypto gcrypt)
 

fsw/crypto_sadb/sadb_mariadb_admin_scripts/create_sadb.sql

@@ -0,0 +1,36 @@
+CREATE DATABASE IF NOT EXISTS sadb;
+
+USE sadb;
+
+-- IV_LEN should probably not have that default -- to be reviewed.
+
+CREATE TABLE security_associations
+(
+  sa_id INT NOT NULL
+  ,ekid MEDIUMINT NOT NULL DEFAULT sa_id
+  ,akid MEDIUMINT NOT NULL DEFAULT sa_id
+  ,sa_state SMALLINT NOT NULL DEFAULT 0
+  ,tfvn TINYINT
+  ,scid SMALLINT
+  ,vcid TINYINT
+  ,mapid TINYINT
+  ,lpid SMALLINT
+  ,est SMALLINT
+  ,ast SMALLINT
+  ,shivf_len SMALLINT
+  ,shsnf_len SMALLINT
+  ,shplf_len SMALLINT
+  ,stmacf_len SMALLINT
+  ,ecs_len SMALLINT
+  ,ecs SMALLINT NOT NULL DEFAULT 0
+  ,iv_len SMALLINT NOT NULL DEFAULT 12
+  ,iv SMALLINT
+  ,acs_len SMALLINT NOT NULL DEFAULT 0
+  ,acs SMALLINT NOT NULL DEFAULT 0
+  ,abm_len MEDIUMINT
+  ,abm SMALLINT
+  ,arc_len SMALLINT NOT NULL DEFAULT 0
+  ,arc SMALLINT NOT NULL DEFAULT 5
+  ,arcw_len SMALLINT
+  ,arcw SMALLINT
+);

fsw/crypto_sadb/sadb_mariadb_admin_scripts/create_sadb_unit_test_security_associations.sql

@@ -0,0 +1,33 @@
+USE sadb;
+
+-- SA 1 - CLEAR MODE
+INSERT INTO security_associations (sa_id,sa_state,est,ast,arc_len,arc,arcw_len,arcw,tfvn,scid,vcid,mapid)
+VALUES (1,3,0,0,1,0,1,5,0,3,0,0);
+
+-- SA 2 - KEYED;  ARCW:5; AES-GCM; IV:00...00; IV-len:12; MAC-len:16; Key-ID: 128
+INSERT INTO security_associations (sa_id,ekid,sa_state,est,ast,shivf_len,iv_len,iv,abm_len,abm,arcw_len,arcw,arc_len)
+VALUES (2,128,2,1,1,12,12,0,20,0,1,5,11);
+
+-- SA 3 - KEYED;   ARCW:5; AES-GCM; IV:00...00; IV-len:12; MAC-len:16; Key-ID: 129
+INSERT INTO security_associations (sa_id,ekid,sa_state,est,ast,shivf_len,iv_len,iv,abm_len,abm,arcw_len,arcw,arc_len)
+VALUES (3,129,2,1,1,12,12,0,20,0,1,5,11);
+
+-- SA 4 - KEYED;  ARCW:5; AES-GCM; IV:00...00; IV-len:12; MAC-len:16; Key-ID: 130
+INSERT INTO security_associations (sa_id,ekid,sa_state,est,ast,shivf_len,iv_len,iv,abm_len,abm,arcw_len,arcw,arc_len,tfvn,scid,vcid,mapid)
+VALUES (4,130,2,1,1,12,12,0,20,0,1,5,11,0,3,0,0);
+
+-- SA 5 - KEYED;   ARCW:5; AES-GCM; IV:00...00; IV-len:12; MAC-len:16; Key-ID: 131
+INSERT INTO security_associations (sa_id,ekid,sa_state,est,ast,shivf_len,iv_len,iv,abm_len,abm,arcw_len,arcw,arc_len)
+VALUES (5,131,2,1,1,12,12,0,20,0,1,5,11);
+
+-- SA 6 - UNKEYED; ARCW:5; AES-GCM; IV:00...00; IV-len:12; MAC-len:16; Key-ID: -
+INSERT INTO security_associations (sa_id,sa_state,est,ast,shivf_len,iv_len,iv,abm_len,abm,arcw_len,arcw,arc_len)
+VALUES (6,1,1,1,12,12,0,20,0,1,5,11);
+
+-- SA 7 - KEYED;  ARCW:5; AES-GCM; IV:00...00; IV-len:12; MAC-len:16; Key-ID: 130
+INSERT INTO security_associations (sa_id,ekid,sa_state,est,ast,shivf_len,iv_len,iv,abm_len,abm,arcw_len,arcw,arc_len,tfvn,scid,vcid,mapid)
+VALUES (7,130,2,1,1,12,12,0,20,0,1,5,11,0,3,1,0);
+
+-- SA 8 - CLEAR MODE
+INSERT INTO security_associations (sa_id,sa_state,est,ast,arc_len,arc,arcw_len,arcw,tfvn,scid,vcid,mapid)
+VALUES (8,3,0,0,1,0,1,5,0,3,1,0);

fsw/crypto_sadb/sadb_mariadb_admin_scripts/create_sadb_user_grant_permissions.sql

@@ -0,0 +1,4 @@
+DROP USER IF EXISTS 'sadb_user';
+CREATE USER IF NOT EXISTS sadb_user IDENTIFIED BY 'sadb_password';
+
+GRANT ALL PRIVILEGES ON sadb.* TO 'sadb_user'@'%';

fsw/crypto_sadb/sadb_mariadb_admin_scripts/delete_sadb.sql

@@ -0,0 +1 @@
+DROP DATABASE IF EXISTS sadb;

fsw/public_inc/crypto.h

@@ -52,5 +52,13 @@ extern int32 Crypto_AOS_ProcessSecurity(char* ingest, int* len_ingest);
 extern int32 Crypto_ApplySecurity(char* ingest, int* len_ingest);
 extern int32 Crypto_ProcessSecurity(char* ingest, int* len_ingest);
 
+// Data stores used in multiple components
+extern CCSDS_t sdls_frame;
+extern TM_t tm_frame;
+extern crypto_key_t ek_ring[NUM_KEYS];
+// Assisting functions used in multiple components
+extern uint8 Crypto_Prep_Reply(char* ingest, uint8 appID);
+extern int32 Crypto_increment(uint8 *num, int length);
+
 
 #endif

fsw/public_inc/crypto_config.h

@@ -170,4 +170,10 @@ [email protected]
     #define SEGMENTATION_HDR            1 //(1=true,0=false)
     #define HAS_FECF                    1 //(1=true,0=false)
 
+// MySQL - MariaDB Defines (will be dynamically loaded properties in the future)
+    #define MYSQL_USER                  "sadb_user"
+    #define MYSQL_PASS                  "sadb_password"
+    #define MYSQL_HOST                  "localhost"
+    #define MYSQL_DB                    "sadb"
+    #define MYSQL_PORT                  0
 #endif

fsw/public_inc/crypto_error.h

@@ -0,0 +1,23 @@
+/* Copyright (C) 2009 - 2017 National Aeronautics and Space Administration. All Foreign Rights are Reserved to the U.S. Government.
+
+This software is provided "as is" without any warranty of any, kind either express, implied, or statutory, including, but not
+limited to, any warranty that the software will conform to, specifications any implied warranties of merchantability, fitness
+for a particular purpose, and freedom from infringement, and any warranty that the documentation will conform to the program, or
+any warranty that the software will be error free.
+
+In no event shall NASA be liable for any damages, including, but not limited to direct, indirect, special or consequential damages,
+arising out of, resulting from, or in any way connected with the software or its documentation.  Whether or not based upon warranty,
+contract, tort or otherwise, and whether or not loss was sustained from, or arose out of the results of, or use of, the software,
+documentation or services provided hereunder
+
+ITC Team
+NASA IV&V
+[email protected]
+*/
+#ifndef _crypto_error_h_
+#define _crypto_error_h_
+
+#include "sadb_mariadb_error.h"
+
+
+#endif //_crypto_error_h_

fsw/public_inc/crypto_structs.h

@@ -53,7 +53,7 @@ typedef struct
     uint16 						ekid;    // Encryption Key ID
     uint16                      akid;    // Authentication Key ID
     uint8						sa_state:2;
-    crypto_gvcid_t				gvcid_tc_blk[NUM_GVCID];
+    crypto_gvcid_t				gvcid_tc_blk;
     crypto_gvcid_t				gvcid_tm_blk[NUM_GVCID];
     uint8                       lpid;
 

fsw/public_inc/sadb_mariadb_error.h

@@ -0,0 +1,12 @@
+//
+// Created by isaleh on 11/3/2021.
+//
+
+#ifndef _sadb_mariadb_error_h_
+#define _sadb_mariadb_error_h_
+
+#define SADB_MARIADB_CONNECTION_FAILED 300
+#define SADB_QUERY_BY_SPI_FAILED 301
+#define SADB_QUERY_BY_SPI_EMPTY_RESULTS 302
+
+#endif //_sadb_mariadb_error_h_

fsw/public_inc/sadb_routine.h

@@ -0,0 +1,52 @@
+/*
+ * Copyright 2021, by the California Institute of Technology.
+ * ALL RIGHTS RESERVED. United States Government Sponsorship acknowledged.
+ * Any commercial use must be negotiated with the Office of Technology
+ * Transfer at the California Institute of Technology.
+ *
+ * This software may be subject to U.S. export control laws. By accepting
+ * this software, the user agrees to comply with all applicable U.S.
+ * export laws and regulations. User has the responsibility to obtain
+ * export licenses, or other export authority as may be required before
+ * exporting such information to foreign countries or providing access to
+ * foreign persons.
+ */
+
+#ifndef CRYPTOLIB_SADB_ROUTINE_H
+#define CRYPTOLIB_SADB_ROUTINE_H
+
+#ifdef NOS3 //NOS3/cFS build is ready
+#include "common_types.h"
+#include "osapi.h"
+#else //Assume build outside of NOS3/cFS infrastructure
+#include "common_types_minimum.h"
+#include "osapi_minimum.h"
+#endif
+
+#include "crypto_structs.h"
+
+typedef struct {
+    // Security Association Initialization & Management Functions
+    int32 (*sadb_config)(void);
+    int32 (*sadb_init)(void);
+    int32 (*sadb_close)(void);
+    // Security Association Interaction Functions
+    int32 (*sadb_get_sa_from_spi)(uint16,SecurityAssociation_t**);
+    // Security Association Utility Functions
+    int32 (*sadb_sa_stop)(void);
+    int32  (*sadb_sa_start)(TC_t* tc_frame);
+    int32  (*sadb_sa_expire)(void);
+    int32  (*sadb_sa_rekey)(void);
+    int32  (*sadb_sa_status)(char*);
+    int32  (*sadb_sa_create)(void);
+    int32  (*sadb_sa_setARSN)(void);
+    int32  (*sadb_sa_setARSNW)(void);
+    int32  (*sadb_sa_delete)(void);
+
+} SadbRoutineStruct, *SadbRoutine;
+
+SadbRoutine get_sadb_routine_mariadb(void);
+SadbRoutine get_sadb_routine_inmemory(void);
+SadbRoutine init_parse_sadb_routine(char *);
+
+#endif //CRYPTOLIB_SADB_ROUTINE_H