Header for the implementation of an example default security context (RFC 9173). More...
#include <qcbor/qcbor_encode.h>#include <qcbor/qcbor_spiffy_decode.h>#include <stdio.h>#include <sys/types.h>#include <time.h>#include <BPSecLib_Private.h>#include <CryptoInterface.h>#include "DefaultSecContext.h"#include "DefaultSecContext_Private.h"#include "rfc9173.h"
Include dependency graph for BIB_HMAC_SHA2.c:Functions | |
| bool | BSLX_BIB_Validate (BSL_LibCtx_t *lib, const BSL_BundleRef_t *bundle, const BSL_SecOper_t *sec_oper) |
| bool | BSLX_BCB_Validate (BSL_LibCtx_t *lib, const BSL_BundleRef_t *bundle, const BSL_SecOper_t *sec_oper) |
| static ssize_t | map_rfc9173_sha_variant_to_crypto (size_t rfc9173_sha_variant) |
| Provides the mapping from the security-context-specific ID defined in RFC9173 to the local ID of the SHA variant used by the crypto engine (OpenSSL). | |
| int | BSLX_BIB_InitFromSecOper (BSLX_BIB_t *self, const BSL_BundleRef_t *bundle, const BSL_SecOper_t *sec_oper) |
| Populate the BIB parameters convenience struct from the security operation struct. | |
| void | BSLX_BIB_Deinit (BSLX_BIB_t *self) |
| int | BSLX_BIB_GenIPPT (const BSLX_BIB_t *self, BSL_Data_t *ippt_space) |
| Computes the Integrity-Protected Plaintext (IPPT) according to Section 3.7 of RFC 9173 [4]. | |
| int | BSLX_BIB_GenHMAC (BSLX_BIB_t *self, const BSL_Data_t *ippt_data) |
Performs the actual HMAC over the given IPPT, placing the result in hmac_result. | |
| int | BSLX_BIB_Execute (BSL_LibCtx_t *lib, BSL_BundleRef_t *bundle, const BSL_SecOper_t *sec_oper, BSL_SecOutcome_t *sec_outcome) |
Detailed Description
Header for the implementation of an example default security context (RFC 9173).
Note the prefix "xdefsc" means "Example Default Security Context".
Function Documentation
◆ BSLX_BCB_Validate()
| bool BSLX_BCB_Validate | ( | BSL_LibCtx_t * | lib, |
| const BSL_BundleRef_t * | bundle, | ||
| const BSL_SecOper_t * | sec_oper | ||
| ) |
Referenced by BSL_TestUtils_SetupDefaultSecurityContext(), and MockBPA_Agent_Init().
◆ BSLX_BIB_Deinit()
| void BSLX_BIB_Deinit | ( | BSLX_BIB_t * | self | ) |
References ASSERT_ARG_NONNULL, BSL_Data_Deinit(), BSL_PrimaryBlock_deinit(), BSLX_BIB_t::hmac_result_val, BSLX_BIB_t::primary_block, and BSLX_BIB_t::wrapped_key.
Referenced by BSLX_BIB_Execute().
◆ BSLX_BIB_Execute()
| int BSLX_BIB_Execute | ( | BSL_LibCtx_t * | lib, |
| BSL_BundleRef_t * | bundle, | ||
| const BSL_SecOper_t * | sec_oper, | ||
| BSL_SecOutcome_t * | sec_outcome | ||
| ) |
References BSL_BundleCtx_GetBlockMetadata(), BSL_BundleCtx_GetBundleMetadata(), BSL_calloc(), BSL_Data_Deinit(), BSL_DATA_INIT_NULL, BSL_Data_InitBuffer(), BSL_ERR_SECURITY_CONTEXT_FAILED, BSL_free(), BSL_LOG_ERR, BSL_LOG_INFO, BSL_LOG_WARNING, BSL_SecOper_CountParams(), BSL_SecOper_GetParamAt(), BSL_SecOper_GetSecurityBlockNum(), BSL_SecOper_GetTargetBlockNum(), BSL_SecOper_IsConsistent(), BSL_SecOutcome_AppendParam(), BSL_SecOutcome_AppendResult(), BSL_SecParam_Deinit(), BSL_SecParam_GetId(), BSL_SecParam_InitBytestr(), BSL_SecParam_IsParamIDOutput(), BSL_SecParam_Sizeof(), BSL_SecResult_Deinit(), BSL_SecResult_InitFull(), BSL_SecResult_Sizeof(), BSL_SUCCESS, BSLX_BIB_Deinit(), BSLX_BIB_GenHMAC(), BSLX_BIB_GenIPPT(), BSLX_BIB_InitFromSecOper(), CHK_ARG_NONNULL, CHK_PRECONDITION, BSLX_BIB_t::hmac_result_val, BSL_Data_t::len, BSLX_BIB_t::primary_block, RFC9173_BIB_PARAMID_WRAPPED_KEY, RFC9173_BIB_RESULTID_HMAC, RFC9173_CONTEXTID_BIB_HMAC_SHA2, BSLX_BIB_t::sec_block, BSLX_BIB_t::target_block, and BSLX_BIB_t::wrapped_key.
Referenced by BSL_TestUtils_SetupDefaultSecurityContext(), MockBPA_Agent_Init(), test_RFC9173_AppendixA_Example1_BIB_Source(), test_sec_accept_keyunwrap(), and test_sec_source_keywrap().
◆ BSLX_BIB_GenHMAC()
| int BSLX_BIB_GenHMAC | ( | BSLX_BIB_t * | self, |
| const BSL_Data_t * | ippt_data | ||
| ) |
Performs the actual HMAC over the given IPPT, placing the result in hmac_result.
Returns the number of bytes written into hmac_result. Negative indicates error. NOTE: This does NOT resize the result, the caller must do so.
wrapped key always 8 bytes greater than CEK [7] (2.2.1)
References BSL_AuthCtx_Deinit(), BSL_AuthCtx_DigestBuffer(), BSL_AuthCtx_Finalize(), BSL_AuthCtx_Init(), BSL_Crypto_ClearGeneratedKeyHandle(), BSL_Crypto_GenKey(), BSL_Crypto_GetRegistryKey(), BSL_Crypto_UnwrapKey(), BSL_Crypto_WrapKey(), BSL_Data_InitBuffer(), BSL_ERR_SECURITY_CONTEXT_AUTH_FAILED, BSL_ERR_SECURITY_CONTEXT_CRYPTO_FAILED, BSL_ERR_SECURITY_CONTEXT_FAILED, BSL_LOG_DEBUG, BSL_LOG_ERR, BSL_LOG_WARNING, BSL_SUCCESS, CHK_ARG_NONNULL, BSLX_BIB_t::hash_size, BSLX_BIB_t::hmac_result_val, BSLX_BIB_t::is_source, BSLX_BIB_t::key_id, BSLX_BIB_t::keywrap, BSL_Data_t::len, BSL_Data_t::ptr, BSLX_BIB_t::sha_variant, and BSLX_BIB_t::wrapped_key.
Referenced by BSLX_BIB_Execute().
◆ BSLX_BIB_GenIPPT()
| int BSLX_BIB_GenIPPT | ( | const BSLX_BIB_t * | self, |
| BSL_Data_t * | ippt_space | ||
| ) |
Computes the Integrity-Protected Plaintext (IPPT) according to Section 3.7 of RFC 9173 [4].
- Parameters
-
[in,out] ippt_space Storage for the output, or empty to calculate the needed size.
- Returns
- A positive value to indicate the needed size, or negative for error.
References ASSERT_ARG_NONNULL, BSL_CanonicalBlock_t::block_num, BSL_BundleCtx_ReadBTSD(), BSL_Data_Deinit(), BSL_Data_InitBuffer(), BSL_ERR_ENCODING, BSL_LOG_ERR, BSL_SeqReader_Destroy(), BSL_SeqReader_Get(), BSLX_EncodeHeader(), BSL_CanonicalBlock_t::btsd_len, buf, BSLX_BIB_t::bundle, CHK_ARG_NONNULL, BSL_PrimaryBlock_t::encoded, encoder, BSLX_BIB_t::integrity_scope_flags, BSL_Data_t::len, BSLX_BIB_t::primary_block, BSL_Data_t::ptr, RFC9173_BIB_INTEGSCOPEFLAG_INC_PRIM, RFC9173_BIB_INTEGSCOPEFLAG_INC_SEC_HDR, RFC9173_BIB_INTEGSCOPEFLAG_INC_TARGET_HDR, BSLX_BIB_t::sec_block, and BSLX_BIB_t::target_block.
Referenced by BSLX_BIB_Execute().
◆ BSLX_BIB_InitFromSecOper()
| int BSLX_BIB_InitFromSecOper | ( | BSLX_BIB_t * | self, |
| const BSL_BundleRef_t * | bundle, | ||
| const BSL_SecOper_t * | sec_oper | ||
| ) |
Populate the BIB parameters convenience struct from the security operation struct.
TODO: move to common function.
References ASSERT_ARG_NONNULL, ASSERT_PRECONDITION, BSL_CRYPTO_SHA_256, BSL_CRYPTO_SHA_384, BSL_CRYPTO_SHA_512, BSL_Data_InitView(), BSL_ERR_PROPERTY_CHECK_FAILED, BSL_LOG_DEBUG, BSL_LOG_ERR, BSL_LOG_WARNING, BSL_SecOper_CountParams(), BSL_SecOper_GetParamAt(), BSL_SecOper_IsRoleSource(), BSL_SecParam_GetAsBytestr(), BSL_SecParam_GetAsTextstr(), BSL_SecParam_GetAsUInt64(), BSL_SecParam_GetId(), BSL_SecParam_IsInt64(), BSL_SECPARAM_TYPE_KEY_ID, BSL_SECPARAM_USE_KEY_WRAP, BSL_SUCCESS, BSLX_BIB_t::bundle, BSLX_BIB_t::hash_size, BSLX_BIB_t::integrity_scope_flags, BSLX_BIB_t::is_source, BSLX_BIB_t::key_id, BSLX_BIB_t::keywrap, BSL_Data_t::len, map_rfc9173_sha_variant_to_crypto(), BSL_Data_t::ptr, RFC9173_BIB_PARAMID_INTEG_SCOPE_FLAG, RFC9173_BIB_PARAMID_SHA_VARIANT, RFC9173_BIB_PARAMID_WRAPPED_KEY, RFC9173_BIB_SHA_HMAC384, BSLX_BIB_t::sha_variant, and BSLX_BIB_t::wrapped_key.
Referenced by BSLX_BIB_Execute().
◆ BSLX_BIB_Validate()
| bool BSLX_BIB_Validate | ( | BSL_LibCtx_t * | lib, |
| const BSL_BundleRef_t * | bundle, | ||
| const BSL_SecOper_t * | sec_oper | ||
| ) |
Referenced by BSL_TestUtils_SetupDefaultSecurityContext(), and MockBPA_Agent_Init().
◆ map_rfc9173_sha_variant_to_crypto()
|
static |
Provides the mapping from the security-context-specific ID defined in RFC9173 to the local ID of the SHA variant used by the crypto engine (OpenSSL).
References BSL_CRYPTO_SHA_256, BSL_CRYPTO_SHA_384, BSL_CRYPTO_SHA_512, BSL_ERR_PROPERTY_CHECK_FAILED, BSL_LOG_DEBUG, BSL_LOG_ERR, RFC9173_BIB_SHA_HMAC256, RFC9173_BIB_SHA_HMAC384, and RFC9173_BIB_SHA_HMAC512.
Referenced by BSLX_BIB_InitFromSecOper().
