[#487] remove table parsing function, add MULTI_TABLE build flag, fix UTs, remove always true checks

Donnie-Ice · Donnie-Ice · commit 6a909522c50a · 2025-08-14T16:06:06.000Z
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -56,6 +56,7 @@ option(SA_CUSTOM "Security Association - Custom" OFF)
 option(SA_CUSTOM_PATH "Custom Security Association Path" OFF)
 option(SA_INTERNAL "Security Association - Internal" OFF)
 option(SA_MARIADB "Security Association - MariaDB" OFF)
+option(MARIADB_MULTI_TABLE "Specifies Unique SADB tables for TC, TM, and AOS" OFF)
 option(SUPPORT "Support" OFF)
 option(SYSTEM_INSTALL "SystemInstall" OFF)
 option(TEST "Test" OFF)
diff --git a/include/crypto.h b/include/crypto.h
@@ -324,6 +324,7 @@ extern uint8_t                   parity[4];         // Used in FHECF calc
 // Global configuration structs
 extern CryptoConfig_t                        crypto_config;
 extern SadbMariaDBConfig_t                  *sa_mariadb_config;
+extern char*                                 mariadb_table_name;
 extern CryptographyKmcCryptoServiceConfig_t *cryptography_kmc_crypto_config;
 extern CamConfig_t                          *cam_config;
 extern GvcidManagedParameters_t             *gvcid_managed_parameters;
diff --git a/include/crypto_config.h b/include/crypto_config.h
@@ -269,4 +269,11 @@
 */
 #define TC_BLOCK_SIZE 16
 
+/*
+** MariaDB Defines
+*/
+#define MARIADB_TC_TABLE_NAME "security_associations"
+#define MARIADB_TM_TABLE_NAME "security_associations_tm"
+#define MARIADB_AOS_TABLE_NAME "security_associations_aos"
+
 #endif // CRYPTO_CONFIG_H
diff --git a/src/core/crypto.c b/src/core/crypto.c
@@ -72,6 +72,8 @@ uint8_t parity[RS_PARITY];
 //  CRC
 uint32_t crc32Table[CRC32TBL_SIZE];
 uint16_t crc16Table[CRC16TBL_SIZE];
+// Mariadb
+char* mariadb_table_name = "security_associations";
 
 /*
 ** Assisting Functions
diff --git a/src/core/crypto_aos.c b/src/core/crypto_aos.c
@@ -106,6 +106,9 @@ int32_t Crypto_AOS_ApplySecurity(uint8_t *pTfBuffer, uint16_t len_ingest)
     printf("\n");
 #endif
 
+#ifdef MARIADB_MULTI_TABLE
+    mariadb_table_name = MARIADB_AOS_TABLE_NAME;
+#endif
     status = sa_if->sa_get_operational_sa_from_gvcid(tfvn, scid, vcid, 0, &sa_ptr);
 
     // No operational/valid SA found
@@ -940,11 +943,13 @@ int32_t Crypto_AOS_ProcessSecurity(uint8_t *p_ingest, uint16_t len_ingest, AOS_t
      * Reference CCSDS SDLP 3550b1 4.1.1.1.3
      **/
     // Get SPI
-    printf("byte_idx: %d\n", byte_idx);
     spi = (uint8_t)p_ingest[byte_idx] << 8 | (uint8_t)p_ingest[byte_idx + 1];
     // Move index to past the SPI
     byte_idx += 2;
 
+#ifdef MARIADB_MULTI_TABLE
+    mariadb_table_name = MARIADB_AOS_TABLE_NAME;
+#endif
     status = sa_if->sa_get_from_spi(spi, &sa_ptr);
     // If no valid SPI, return
     if (status != CRYPTO_LIB_SUCCESS)
@@ -1417,7 +1422,7 @@ int32_t Crypto_AOS_ProcessSecurity(uint8_t *p_ingest, uint16_t len_ingest, AOS_t
     pp_processed_frame->aos_header.sf   = (p_new_dec_frame[5] & 0x40) >> 6;
     pp_processed_frame->aos_header.spare = (p_new_dec_frame[5] & 0x30) >> 4;
     pp_processed_frame->aos_header.vfcc  = (p_new_dec_frame[5] & 0x0F);
-    if (current_managed_parameters_struct.aos_has_fhec == AOS_HAS_FHEC)
+    if (aos_current_managed_parameters_struct.aos_has_fhec == AOS_HAS_FHEC)
     {
         pp_processed_frame->aos_header.fhecf = (p_new_dec_frame[6] << 8) | p_new_dec_frame[7];
         byte_idx += 8;
@@ -1428,13 +1433,13 @@ int32_t Crypto_AOS_ProcessSecurity(uint8_t *p_ingest, uint16_t len_ingest, AOS_t
     }
 
     // Security Header
-    if (current_managed_parameters_struct.aos_has_iz == AOS_HAS_IZ)
+    if (aos_current_managed_parameters_struct.aos_has_iz == AOS_HAS_IZ)
     {
-        for (int i = 0; i < current_managed_parameters_struct.aos_iz_len; i++)
+        for (int i = 0; i < aos_current_managed_parameters_struct.aos_iz_len; i++)
         {
             memcpy(pp_processed_frame->aos_sec_header.iz + i, &p_new_dec_frame[byte_idx + i], 1);
         }
-        byte_idx += current_managed_parameters_struct.aos_iz_len;
+        byte_idx += aos_current_managed_parameters_struct.aos_iz_len;
     }
 
     pp_processed_frame->aos_sec_header.spi =
@@ -1475,7 +1480,7 @@ int32_t Crypto_AOS_ProcessSecurity(uint8_t *p_ingest, uint16_t len_ingest, AOS_t
     byte_idx += sa_ptr->stmacf_len;
     pp_processed_frame->aos_sec_trailer.mac_field_len = sa_ptr->stmacf_len;
 
-    if (current_managed_parameters_struct.has_ocf == AOS_HAS_OCF)
+    if (aos_current_managed_parameters_struct.has_ocf == AOS_HAS_OCF)
     {
         for (int i = 0; i < OCF_SIZE; i++)
         {
@@ -1489,7 +1494,7 @@ int32_t Crypto_AOS_ProcessSecurity(uint8_t *p_ingest, uint16_t len_ingest, AOS_t
         pp_processed_frame->aos_sec_trailer.ocf_field_len = 0;
     }
 
-    if (current_managed_parameters_struct.has_fecf == AOS_HAS_FECF)
+    if (aos_current_managed_parameters_struct.has_fecf == AOS_HAS_FECF)
     {
         pp_processed_frame->aos_sec_trailer.fecf =
             (uint16_t)(p_new_dec_frame[byte_idx] << 8) | p_new_dec_frame[byte_idx + 1];
diff --git a/src/core/crypto_config.c b/src/core/crypto_config.c
@@ -97,6 +97,9 @@ int32_t Crypto_SC_Init(void)
     status = Crypto_Init();
 
     SecurityAssociation_t *sa_ptr = NULL;
+#ifdef MARIADB_MULTI_TABLE
+    mariadb_table_name = MARIADB_TC_TABLE_NAME;
+#endif
     sa_if->sa_get_from_spi(1, &sa_ptr);
     sa_ptr->gvcid_blk.vcid = 0;
     sa_if->sa_get_from_spi(2, &sa_ptr);
@@ -108,6 +111,9 @@ int32_t Crypto_SC_Init(void)
     sa_ptr->abm_len        = ABM_SIZE;
     sa_ptr->shivf_len      = 0;
     sa_ptr->iv_len         = 0;
+#ifdef MARIADB_MULTI_TABLE
+    mariadb_table_name = MARIADB_TM_TABLE_NAME;
+#endif
     sa_if->sa_get_from_spi(5, &sa_ptr);
     sa_ptr->sa_state       = SA_OPERATIONAL;
     sa_ptr->shsnf_len      = 0;
diff --git a/src/core/crypto_mc.c b/src/core/crypto_mc.c
@@ -291,6 +291,10 @@ int32_t Crypto_SA_readARSN(uint8_t *ingest)
         // Read ingest
         spi = ((uint8_t)sdls_frame.tlv_pdu.data[0] << BYTE_LEN) | (uint8_t)sdls_frame.tlv_pdu.data[1];
 
+        // TODO: This is not correct
+#ifdef MARIADB_MULTI_TABLE
+    mariadb_table_name = MARIADB_TC_TABLE_NAME;
+#endif
         status = sa_if->sa_get_from_spi(spi, &sa_ptr);
 
         if (status != CRYPTO_LIB_SUCCESS)
diff --git a/src/core/crypto_tc.c b/src/core/crypto_tc.c
@@ -838,6 +838,9 @@ int32_t Crytpo_TC_Validate_TC_Temp_Header(const uint16_t in_frame_length, TC_Fra
         mc_if->mc_log(status);
         return status;
     }
+#ifdef MARIADB_MULTI_TABLE
+    mariadb_table_name = MARIADB_TC_TABLE_NAME;
+#endif
     status = sa_if->sa_get_operational_sa_from_gvcid(temp_tc_header.tfvn, temp_tc_header.scid, temp_tc_header.vcid,
                                                      *map_id, sa_ptr);
     // If unable to get operational SA, can return
@@ -1818,6 +1821,9 @@ uint32_t Crypto_TC_Sanity_Validations(TC_t *tc_sdls_processed_frame, SecurityAss
 {
     uint32_t status = CRYPTO_LIB_SUCCESS;
 
+#ifdef MARIADB_MULTI_TABLE
+    mariadb_table_name = MARIADB_TC_TABLE_NAME;
+#endif
     status = sa_if->sa_get_from_spi(tc_sdls_processed_frame->tc_sec_header.spi, sa_ptr);
     // If no valid SPI, return
     if (status == CRYPTO_LIB_SUCCESS)
@@ -2208,6 +2214,10 @@ static int32_t validate_sa_index(SecurityAssociation_t *sa)
 {
     int32_t                returnval = 0;
     SecurityAssociation_t *temp_sa;
+
+#ifdef MARIADB_MULTI_TABLE
+    mariadb_table_name = MARIADB_TC_TABLE_NAME;
+#endif
     sa_if->sa_get_from_spi(sa->spi, &temp_sa);
 
     // Do not validate sa index on KMC
diff --git a/src/core/crypto_tm.c b/src/core/crypto_tm.c
@@ -821,6 +821,9 @@ int32_t Crypto_TM_ApplySecurity(uint8_t *pTfBuffer, uint16_t len_ingest)
     printf("\n");
 #endif
 
+#ifdef MARIADB_MULTI_TABLE
+    mariadb_table_name = MARIADB_TM_TABLE_NAME;
+#endif
     status = sa_if->sa_get_operational_sa_from_gvcid(tfvn, scid, vcid, 0, &sa_ptr);
 
     // No operational/valid SA found
@@ -1637,7 +1640,7 @@ int32_t Crypto_TM_Do_Decrypt(uint8_t sa_service_type, SecurityAssociation_t *sa_
     }
     byte_idx += sa_ptr->stmacf_len;
     pp_processed_frame->tm_sec_trailer.mac_field_len = sa_ptr->stmacf_len;
-    if (current_managed_parameters_struct.has_ocf == TM_HAS_OCF)
+    if (tm_current_managed_parameters_struct.has_ocf == TM_HAS_OCF)
     {
         for (int i = 0; i < OCF_SIZE; i++)
         {
@@ -1650,7 +1653,7 @@ int32_t Crypto_TM_Do_Decrypt(uint8_t sa_service_type, SecurityAssociation_t *sa_
     {
         pp_processed_frame->tm_sec_trailer.ocf_field_len = 0;
     }
-    if (current_managed_parameters_struct.has_fecf == TM_HAS_FECF)
+    if (tm_current_managed_parameters_struct.has_fecf == TM_HAS_FECF)
     {
         pp_processed_frame->tm_sec_trailer.fecf =
             ((uint16_t)p_new_dec_frame[byte_idx] << 8) | p_new_dec_frame[byte_idx + 1];
@@ -1744,6 +1747,9 @@ int32_t Crypto_TM_ProcessSecurity(uint8_t *p_ingest, uint16_t len_ingest, TM_t *
         // Move index to past the SPI
         byte_idx += 2;
 
+#ifdef MARIADB_MULTI_TABLE
+        mariadb_table_name = MARIADB_TM_TABLE_NAME;
+#endif
         status = sa_if->sa_get_from_spi(spi, &sa_ptr);
     }
 
diff --git a/src/core/crypto_user.c b/src/core/crypto_user.c
@@ -174,6 +174,11 @@ int32_t Crypto_User_ModifyVCID(void)
     int                    i;
     int                    j;
 
+    // TODO: This is not correct
+#ifdef MARIADB_MULTI_TABLE
+    mariadb_table_name = MARIADB_TC_TABLE_NAME;
+#endif
+
     for (i = 0; i < NUM_GVCID; i++)
     {
         if (sa_if->sa_get_from_spi(i, &sa_ptr) != CRYPTO_LIB_SUCCESS)
diff --git a/src/sa/mariadb/sa_interface_mariadb.template.c b/src/sa/mariadb/sa_interface_mariadb.template.c
@@ -48,20 +48,20 @@ static const char *SQL_SADB_GET_SA_BY_SPI =
     "SELECT "
     "spi,ekid,akid,sa_state,tfvn,scid,vcid,mapid,lpid,est,ast,shivf_len,shsnf_len,shplf_len,stmacf_len,ecs_len,HEX(ecs)"
     ",HEX(iv),iv_len,acs_len,HEX(acs),abm_len,HEX(abm),arsn_len,HEX(arsn),arsnw"
-    " FROM security_associations WHERE spi='%d'";
+    " FROM %s WHERE spi='%d'";
 static const char *SQL_SADB_GET_SA_BY_GVCID =
     "SELECT "
     "spi,ekid,akid,sa_state,tfvn,scid,vcid,mapid,lpid,est,ast,shivf_len,shsnf_len,shplf_len,stmacf_len,ecs_len,HEX(ecs)"
     ",HEX(iv),iv_len,acs_len,HEX(acs),abm_len,HEX(abm),arsn_len,HEX(arsn),arsnw"
-    " FROM security_associations WHERE tfvn='%d' AND scid='%d' AND vcid='%d' AND mapid='%d' AND sa_state='%d'";
+    " FROM %s WHERE tfvn='%d' AND scid='%d' AND vcid='%d' AND mapid='%d' AND sa_state='%d'";
 static const char *SQL_SADB_UPDATE_IV_ARC_BY_SPI =
-    "UPDATE security_associations"
+    "UPDATE %s"
     " SET iv=X'%s', arsn=X'%s'"
     " WHERE spi='%d' AND tfvn='%d' AND scid='%d' AND vcid='%d' AND mapid='%d'";
-static const char *SQL_SADB_UPDATE_IV_ARC_BY_SPI_NULL_IV =
-    "UPDATE security_associations"
-    " SET arsn=X'%s'"
-    " WHERE spi='%d' AND tfvn='%d' AND scid='%d' AND vcid='%d' AND mapid='%d'";
+// static const char *SQL_SADB_UPDATE_IV_ARC_BY_SPI_NULL_IV =
+//     "UPDATE %s"
+//     " SET arsn=X'%s'"
+//     " WHERE spi='%d' AND tfvn='%d' AND scid='%d' AND vcid='%d' AND mapid='%d'";
 
 // sa_if mariaDB private helper functions
 static int32_t parse_sa_from_mysql_query(char *query, SecurityAssociation_t **security_association);
@@ -187,7 +187,7 @@ static int32_t sa_get_from_spi(uint16_t spi, SecurityAssociation_t **security_as
     int32_t status = CRYPTO_LIB_SUCCESS;
 
     char spi_query[2048];
-    snprintf(spi_query, sizeof(spi_query), SQL_SADB_GET_SA_BY_SPI, spi);
+    snprintf(spi_query, sizeof(spi_query), SQL_SADB_GET_SA_BY_SPI, mariadb_table_name, spi);
 
     status = parse_sa_from_mysql_query(&spi_query[0], security_association);
 
@@ -199,7 +199,7 @@ static int32_t sa_get_operational_sa_from_gvcid(uint8_t tfvn, uint16_t scid, uin
     int32_t status = CRYPTO_LIB_SUCCESS;
 
     char gvcid_query[2048];
-    snprintf(gvcid_query, sizeof(gvcid_query), SQL_SADB_GET_SA_BY_GVCID, tfvn, scid, vcid, mapid, SA_OPERATIONAL);
+    snprintf(gvcid_query, sizeof(gvcid_query), SQL_SADB_GET_SA_BY_GVCID, mariadb_table_name, tfvn, scid, vcid, mapid, SA_OPERATIONAL);
 
     status = parse_sa_from_mysql_query(&gvcid_query[0], security_association);
 
@@ -216,28 +216,15 @@ static int32_t sa_save_sa(SecurityAssociation_t *sa)
     char  update_sa_query[2048];
     char *iv_h = malloc(sa->iv_len * 2 + 1);
 
-    if (sa->iv != NULL)
-    {
-        convert_byte_array_to_hexstring(sa->iv, sa->iv_len, iv_h);
-    }
+    convert_byte_array_to_hexstring(sa->iv, sa->iv_len, iv_h);
 
     char *arsn_h = malloc(sa->arsn_len * 2 + 1);
     convert_byte_array_to_hexstring(sa->arsn, sa->arsn_len, arsn_h);
 
-    if (sa->iv != NULL)
-    {
-        snprintf(update_sa_query, sizeof(update_sa_query), SQL_SADB_UPDATE_IV_ARC_BY_SPI, iv_h, arsn_h, sa->spi,
+    snprintf(update_sa_query, sizeof(update_sa_query), SQL_SADB_UPDATE_IV_ARC_BY_SPI, iv_h, arsn_h, sa->spi,
                  sa->gvcid_blk.tfvn, sa->gvcid_blk.scid, sa->gvcid_blk.vcid, sa->gvcid_blk.mapid);
-
-        free(iv_h);
-    }
-    else
-    {
-        snprintf(update_sa_query, sizeof(update_sa_query), SQL_SADB_UPDATE_IV_ARC_BY_SPI_NULL_IV, arsn_h, sa->spi,
-                 sa->gvcid_blk.tfvn, sa->gvcid_blk.scid, sa->gvcid_blk.vcid, sa->gvcid_blk.mapid);
-        free(iv_h);
-    }
-
+    
+    free(iv_h);
     free(arsn_h);
 #ifdef SA_DEBUG
     fprintf(stderr, "MySQL Insert SA Query: %s \n", update_sa_query);
@@ -629,26 +616,3 @@ static int32_t finish_with_error(MYSQL **con_loc, int err)
     *con_loc = NULL;
     return err;
 }
-
-static int32_t parse_table_from_gvcid(char* table, GvcidManagedParameters_t current_managed_parameters_struct)
-{
-    int32_t status = CRYPTO_LIB_SUCCESS;
-    if (current_managed_parameters_struct.has_fecf == TC_HAS_FECF || current_managed_parameters_struct.has_fecf == TC_NO_FECF)
-    {
-        strcpy(table, MARIADB_TC_TABLE_NAME);
-    }
-    else if (current_managed_parameters_struct.has_fecf == TM_HAS_FECF || current_managed_parameters_struct.has_fecf == TM_NO_FECF)
-    {
-        strcpy(table, MARIADB_TM_TABLE_NAME);
-    }
-    else if (current_managed_parameters_struct.has_fecf == AOS_HAS_FECF || current_managed_parameters_struct.has_fecf == AOS_NO_FECF)
-    {
-        strcpy(table, MARIADB_AOS_TABLE_NAME);
-    }
-    else
-    {
-        table = table;
-        status = CRYPTO_LIB_ERROR;
-    }    
-    return status;
-}
diff --git a/support/scripts/build_kmc.sh b/support/scripts/build_kmc.sh
@@ -11,4 +11,4 @@ source $SCRIPT_DIR/env.sh
 
 rm $BASE_DIR/CMakeCache.txt
 
-cmake $BASE_DIR -DCODECOV=1 -DDEBUG=1 -DCRYPTO_KMC=1 -DKEY_KMC=1 -DMC_DISABLED=1 -DSA_MARIADB=1 -DTEST=1 -DSA_FILE=1 -DKMC_MDB_DB=1 && make && make test
+cmake $BASE_DIR -DCODECOV=1 -DDEBUG=1 -DCRYPTO_KMC=1 -DMARIADB_MULTI_TABLE=1 -DKEY_KMC=1 -DMC_DISABLED=1 -DSA_MARIADB=1 -DTEST=1 -DSA_FILE=1 -DKMC_MDB_DB=1 && make && make test
diff --git a/test/unit/ut_aos_process.c b/test/unit/ut_aos_process.c
diff --git a/test/unit/ut_tm_process.c b/test/unit/ut_tm_process.c

Original file line number	Diff line number	Diff line change
`@@ -821,6 +821,9 @@ int32_t Crypto_TM_ApplySecurity(uint8_t *pTfBuffer, uint16_t len_ingest)`
`821`	`821`	`printf("\n");`
`822`	`822`	`#endif`
`823`	`823`
	`824`	`+#ifdef MARIADB_MULTI_TABLE`
	`825`	`+ mariadb_table_name = MARIADB_TM_TABLE_NAME;`
	`826`	`+#endif`
`824`	`827`	`status = sa_if->sa_get_operational_sa_from_gvcid(tfvn, scid, vcid, 0, &sa_ptr);`
`825`	`828`
`826`	`829`	`// No operational/valid SA found`
`@@ -1637,7 +1640,7 @@ int32_t Crypto_TM_Do_Decrypt(uint8_t sa_service_type, SecurityAssociation_t *sa_`
`1637`	`1640`	`}`
`1638`	`1641`	`byte_idx += sa_ptr->stmacf_len;`
`1639`	`1642`	`pp_processed_frame->tm_sec_trailer.mac_field_len = sa_ptr->stmacf_len;`
`1640`		`- if (current_managed_parameters_struct.has_ocf == TM_HAS_OCF)`
	`1643`	`+ if (tm_current_managed_parameters_struct.has_ocf == TM_HAS_OCF)`
`1641`	`1644`	`{`
`1642`	`1645`	`for (int i = 0; i < OCF_SIZE; i++)`
`1643`	`1646`	`{`
`@@ -1650,7 +1653,7 @@ int32_t Crypto_TM_Do_Decrypt(uint8_t sa_service_type, SecurityAssociation_t *sa_`
`1650`	`1653`	`{`
`1651`	`1654`	`pp_processed_frame->tm_sec_trailer.ocf_field_len = 0;`
`1652`	`1655`	`}`
`1653`		`- if (current_managed_parameters_struct.has_fecf == TM_HAS_FECF)`
	`1656`	`+ if (tm_current_managed_parameters_struct.has_fecf == TM_HAS_FECF)`
`1654`	`1657`	`{`
`1655`	`1658`	`pp_processed_frame->tm_sec_trailer.fecf =`
`1656`	`1659`	`((uint16_t)p_new_dec_frame[byte_idx] << 8) \| p_new_dec_frame[byte_idx + 1];`
`@@ -1744,6 +1747,9 @@ int32_t Crypto_TM_ProcessSecurity(uint8_t p_ingest, uint16_t len_ingest, TM_t `
`1744`	`1747`	`// Move index to past the SPI`
`1745`	`1748`	`byte_idx += 2;`
`1746`	`1749`
	`1750`	`+#ifdef MARIADB_MULTI_TABLE`
	`1751`	`+ mariadb_table_name = MARIADB_TM_TABLE_NAME;`
	`1752`	`+#endif`
`1747`	`1753`	`status = sa_if->sa_get_from_spi(spi, &sa_ptr);`
`1748`	`1754`	`}`
`1749`	`1755`