-
Notifications
You must be signed in to change notification settings - Fork 28
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AKMC-113: Add SADB Interfaces for MySQL/Inmemory configurability and basic implementation. #7
Changes from 8 commits
447eaa3
0c8dba1
d2e600f
f09e0a3
72ee0db
a786df7
576514e
e9423c7
20aac98
168abd9
cb7b5b5
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
CREATE DATABASE IF NOT EXISTS sadb; | ||
|
||
USE sadb; | ||
|
||
-- IV_LEN should probably not have that default -- to be reviewed. | ||
|
||
CREATE TABLE security_associations | ||
( | ||
sa_id INT NOT NULL | ||
,ekid MEDIUMINT NOT NULL DEFAULT sa_id | ||
,akid MEDIUMINT NOT NULL DEFAULT sa_id | ||
,sa_state SMALLINT NOT NULL DEFAULT 0 | ||
,tfvn TINYINT | ||
,scid SMALLINT | ||
,vcid TINYINT | ||
,mapid TINYINT | ||
,lpid SMALLINT | ||
,est SMALLINT | ||
,ast SMALLINT | ||
,shivf_len SMALLINT | ||
,shsnf_len SMALLINT | ||
,shplf_len SMALLINT | ||
,stmacf_len SMALLINT | ||
,ecs_len SMALLINT | ||
,ecs SMALLINT NOT NULL DEFAULT 0 | ||
,iv_len SMALLINT NOT NULL DEFAULT 12 | ||
,iv SMALLINT | ||
,acs_len SMALLINT NOT NULL DEFAULT 0 | ||
,acs SMALLINT NOT NULL DEFAULT 0 | ||
,abm_len MEDIUMINT | ||
,abm SMALLINT | ||
,arc_len SMALLINT NOT NULL DEFAULT 0 | ||
,arc SMALLINT NOT NULL DEFAULT 5 | ||
,arcw_len SMALLINT | ||
,arcw SMALLINT | ||
); |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
USE sadb; | ||
|
||
-- SA 1 - CLEAR MODE | ||
INSERT INTO security_associations (sa_id,sa_state,est,ast,arc_len,arc,arcw_len,arcw,tfvn,scid,vcid,mapid) | ||
VALUES (1,3,0,0,1,0,1,5,0,3,0,0); | ||
|
||
-- SA 2 - KEYED; ARCW:5; AES-GCM; IV:00...00; IV-len:12; MAC-len:16; Key-ID: 128 | ||
INSERT INTO security_associations (sa_id,ekid,sa_state,est,ast,shivf_len,iv_len,iv,abm_len,abm,arcw_len,arcw,arc_len) | ||
VALUES (2,128,2,1,1,12,12,0,20,0,1,5,11); | ||
|
||
-- SA 3 - KEYED; ARCW:5; AES-GCM; IV:00...00; IV-len:12; MAC-len:16; Key-ID: 129 | ||
INSERT INTO security_associations (sa_id,ekid,sa_state,est,ast,shivf_len,iv_len,iv,abm_len,abm,arcw_len,arcw,arc_len) | ||
VALUES (3,129,2,1,1,12,12,0,20,0,1,5,11); | ||
|
||
-- SA 4 - KEYED; ARCW:5; AES-GCM; IV:00...00; IV-len:12; MAC-len:16; Key-ID: 130 | ||
INSERT INTO security_associations (sa_id,ekid,sa_state,est,ast,shivf_len,iv_len,iv,abm_len,abm,arcw_len,arcw,arc_len,tfvn,scid,vcid,mapid) | ||
VALUES (4,130,2,1,1,12,12,0,20,0,1,5,11,0,3,0,0); | ||
|
||
-- SA 5 - KEYED; ARCW:5; AES-GCM; IV:00...00; IV-len:12; MAC-len:16; Key-ID: 131 | ||
INSERT INTO security_associations (sa_id,ekid,sa_state,est,ast,shivf_len,iv_len,iv,abm_len,abm,arcw_len,arcw,arc_len) | ||
VALUES (5,131,2,1,1,12,12,0,20,0,1,5,11); | ||
|
||
-- SA 6 - UNKEYED; ARCW:5; AES-GCM; IV:00...00; IV-len:12; MAC-len:16; Key-ID: - | ||
INSERT INTO security_associations (sa_id,sa_state,est,ast,shivf_len,iv_len,iv,abm_len,abm,arcw_len,arcw,arc_len) | ||
VALUES (6,1,1,1,12,12,0,20,0,1,5,11); | ||
|
||
-- SA 7 - KEYED; ARCW:5; AES-GCM; IV:00...00; IV-len:12; MAC-len:16; Key-ID: 130 | ||
INSERT INTO security_associations (sa_id,ekid,sa_state,est,ast,shivf_len,iv_len,iv,abm_len,abm,arcw_len,arcw,arc_len,tfvn,scid,vcid,mapid) | ||
VALUES (7,130,2,1,1,12,12,0,20,0,1,5,11,0,3,1,0); | ||
|
||
-- SA 8 - CLEAR MODE | ||
INSERT INTO security_associations (sa_id,sa_state,est,ast,arc_len,arc,arcw_len,arcw,tfvn,scid,vcid,mapid) | ||
VALUES (8,3,0,0,1,0,1,5,0,3,1,0); |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
DROP USER IF EXISTS 'sadb_user'; | ||
CREATE USER IF NOT EXISTS sadb_user IDENTIFIED BY 'sadb_password'; | ||
|
||
GRANT ALL PRIVILEGES ON sadb.* TO 'sadb_user'@'%'; |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
DROP DATABASE IF EXISTS sadb; |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -170,4 +170,10 @@ [email protected] | |
#define SEGMENTATION_HDR 1 //(1=true,0=false) | ||
#define HAS_FECF 1 //(1=true,0=false) | ||
|
||
// MySQL - MariaDB Defines (will be dynamically loaded properties in the future) | ||
#define MYSQL_USER "sadb_user" | ||
#define MYSQL_PASS "sadb_password" | ||
#define MYSQL_HOST "localhost" | ||
#define MYSQL_DB "sadb" | ||
#define MYSQL_PORT 0 | ||
#endif |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
/* Copyright (C) 2009 - 2017 National Aeronautics and Space Administration. All Foreign Rights are Reserved to the U.S. Government. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Note for us - we need to update copyrights and change the email address to the new mailing list. |
||
|
||
This software is provided "as is" without any warranty of any, kind either express, implied, or statutory, including, but not | ||
limited to, any warranty that the software will conform to, specifications any implied warranties of merchantability, fitness | ||
for a particular purpose, and freedom from infringement, and any warranty that the documentation will conform to the program, or | ||
any warranty that the software will be error free. | ||
|
||
In no event shall NASA be liable for any damages, including, but not limited to direct, indirect, special or consequential damages, | ||
arising out of, resulting from, or in any way connected with the software or its documentation. Whether or not based upon warranty, | ||
contract, tort or otherwise, and whether or not loss was sustained from, or arose out of the results of, or use of, the software, | ||
documentation or services provided hereunder | ||
|
||
ITC Team | ||
NASA IV&V | ||
[email protected] | ||
*/ | ||
#ifndef _crypto_error_h_ | ||
#define _crypto_error_h_ | ||
|
||
#include "sadb_mariadb_error.h" | ||
|
||
|
||
#endif //_crypto_error_h_ |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
// | ||
// Created by isaleh on 11/3/2021. | ||
// | ||
|
||
#ifndef _sadb_mariadb_error_h_ | ||
#define _sadb_mariadb_error_h_ | ||
|
||
#define SADB_MARIADB_CONNECTION_FAILED 300 | ||
#define SADB_QUERY_BY_SPI_FAILED 301 | ||
#define SADB_QUERY_BY_SPI_EMPTY_RESULTS 302 | ||
|
||
#endif //_sadb_mariadb_error_h_ |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
/* | ||
* Copyright 2021, by the California Institute of Technology. | ||
* ALL RIGHTS RESERVED. United States Government Sponsorship acknowledged. | ||
* Any commercial use must be negotiated with the Office of Technology | ||
* Transfer at the California Institute of Technology. | ||
* | ||
* This software may be subject to U.S. export control laws. By accepting | ||
* this software, the user agrees to comply with all applicable U.S. | ||
* export laws and regulations. User has the responsibility to obtain | ||
* export licenses, or other export authority as may be required before | ||
* exporting such information to foreign countries or providing access to | ||
* foreign persons. | ||
*/ | ||
|
||
#ifndef CRYPTOLIB_SADB_ROUTINE_H | ||
#define CRYPTOLIB_SADB_ROUTINE_H | ||
|
||
#ifdef NOS3 //NOS3/cFS build is ready | ||
#include "common_types.h" | ||
#include "osapi.h" | ||
#else //Assume build outside of NOS3/cFS infrastructure | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Good assumption that the build is outside nos3/cFS by default. We're still having discussions about how to ensure that we maintain the spacecraft build/functionality. Right now, we're leaning toward CryptoLib being a generic lib, and we will go back and adapt for spacecraft. (This is a role reversal for how CryptoLib was first designed.) |
||
#include "common_types_minimum.h" | ||
#include "osapi_minimum.h" | ||
#endif | ||
|
||
#include "crypto_structs.h" | ||
|
||
typedef struct { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Like this. Clean and straightforward. |
||
// Security Association Initialization & Management Functions | ||
int32 (*sadb_config)(void); | ||
int32 (*sadb_init)(void); | ||
int32 (*sadb_close)(void); | ||
// Security Association Interaction Functions | ||
int32 (*sadb_get_sa_from_spi)(uint16,SecurityAssociation_t**); | ||
// Security Association Utility Functions | ||
int32 (*sadb_sa_stop)(void); | ||
int32 (*sadb_sa_start)(TC_t* tc_frame); | ||
int32 (*sadb_sa_expire)(void); | ||
int32 (*sadb_sa_rekey)(void); | ||
int32 (*sadb_sa_status)(char*); | ||
int32 (*sadb_sa_create)(void); | ||
int32 (*sadb_sa_setARSN)(void); | ||
int32 (*sadb_sa_setARSNW)(void); | ||
int32 (*sadb_sa_delete)(void); | ||
|
||
} SadbRoutineStruct, *SadbRoutine; | ||
|
||
SadbRoutine get_sadb_routine_mariadb(void); | ||
SadbRoutine get_sadb_routine_inmemory(void); | ||
SadbRoutine init_parse_sadb_routine(char *); | ||
|
||
#endif //CRYPTOLIB_SADB_ROUTINE_H |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Like the directory structure for the SADB / maria / SQL scripts. We were just talking this week about doing something like this to keep things separated for the different SA implementations.