BIB_HMAC_SHA2.c File Reference

Header for the implementation of an example default security context (RFC 9173). More...

#include <qcbor/qcbor_encode.h>
#include <qcbor/qcbor_spiffy_decode.h>
#include <stdio.h>
#include <sys/types.h>
#include <time.h>
#include <BPSecLib_Private.h>
#include <CryptoInterface.h>
#include "DefaultSecContext.h"
#include "DefaultSecContext_Private.h"
#include "rfc9173.h"

Include dependency graph for BIB_HMAC_SHA2.c:

Functions
bool	BSLX_BIB_Validate (BSL_LibCtx_t *lib, const BSL_BundleRef_t *bundle, const BSL_SecOper_t *sec_oper)
bool	BSLX_BCB_Validate (BSL_LibCtx_t *lib, const BSL_BundleRef_t *bundle, const BSL_SecOper_t *sec_oper)
static ssize_t	map_rfc9173_sha_variant_to_crypto (size_t rfc9173_sha_variant)
	Provides the mapping from the security-context-specific ID defined in RFC9173 to the local ID of the SHA variant used by the crypto engine (OpenSSL).
int	BSLX_BIB_InitFromSecOper (BSLX_BIB_t *self, const BSL_BundleRef_t *bundle, const BSL_SecOper_t *sec_oper)
	Populate the BIB parameters convenience struct from the security operation struct.
void	BSLX_BIB_Deinit (BSLX_BIB_t *self)
int	BSLX_BIB_GenIPPT (const BSLX_BIB_t *self, BSL_Data_t *ippt_space)
	Computes the Integrity-Protected Plaintext (IPPT) according to Section 3.7 of RFC 9173 [4].
int	BSLX_BIB_GenHMAC (BSLX_BIB_t *self, const BSL_Data_t *ippt_data)
	Performs the actual HMAC over the given IPPT, placing the result in hmac_result.
int	BSLX_BIB_Execute (BSL_LibCtx_t *lib, BSL_BundleRef_t *bundle, const BSL_SecOper_t *sec_oper, BSL_SecOutcome_t *sec_outcome)

Detailed Description

Header for the implementation of an example default security context (RFC 9173).

Note the prefix "xdefsc" means "Example Default Security Context".

Function Documentation

BSLX_BIB_GenHMAC()

int BSLX_BIB_GenHMAC	(	BSLX_BIB_t *	self,
		const BSL_Data_t *	ippt_data
	)

Performs the actual HMAC over the given IPPT, placing the result in hmac_result.

Returns the number of bytes written into hmac_result. Negative indicates error. NOTE: This does NOT resize the result, the caller must do so.

wrapped key always 8 bytes greater than CEK [7] (2.2.1)

References BSL_AuthCtx_Deinit(), BSL_AuthCtx_DigestBuffer(), BSL_AuthCtx_Finalize(), BSL_AuthCtx_Init(), BSL_Crypto_ClearKeyHandle(), BSL_Crypto_GenKey(), BSL_Crypto_UnwrapKey(), BSL_Crypto_WrapKey(), BSL_Data_InitBuffer(), BSL_ERR_SECURITY_CONTEXT_AUTH_FAILED, BSL_ERR_SECURITY_CONTEXT_CRYPTO_FAILED, BSL_ERR_SECURITY_CONTEXT_FAILED, BSL_LOG_DEBUG, BSL_LOG_ERR, BSL_LOG_WARNING, BSL_SUCCESS, BSLB_Crypto_GetRegistryKey(), BSLX_BIB_t::key_id, BSL_Data_t::len, and BSL_Data_t::ptr.

BSLX_BIB_GenIPPT()

int BSLX_BIB_GenIPPT	(	const BSLX_BIB_t *	self,
		BSL_Data_t *	ippt_space
	)

Computes the Integrity-Protected Plaintext (IPPT) according to Section 3.7 of RFC 9173 [4].

Parameters

[in,out]

ippt_space

Storage for the output, or empty to calculate the needed size.

Returns

A positive value to indicate the needed size, or negative for error.

References BSL_CanonicalBlock_t::block_num, BSL_Data_Deinit(), BSL_Data_InitBuffer(), BSL_ERR_ENCODING, BSL_LOG_ERR, BSL_SeqReader_Destroy(), BSL_SeqReader_Get(), BSL_CanonicalBlock_t::btsd_len, BSLX_BIB_t::bundle, BSL_PrimaryBlock_t::encoded, BSL_Data_t::len, and BSL_Data_t::ptr.

BSLX_BIB_InitFromSecOper()

int BSLX_BIB_InitFromSecOper	(	BSLX_BIB_t *	self,
		const BSL_BundleRef_t *	bundle,
		const BSL_SecOper_t *	sec_oper
	)

Populate the BIB parameters convenience struct from the security operation struct.

TODO: move to common function.

References BSL_Data_InitView(), BSL_ERR_PROPERTY_CHECK_FAILED, BSL_LOG_DEBUG, BSL_LOG_ERR, BSL_LOG_WARNING, BSL_SecOper_CountParams(), BSL_SecOper_GetParamAt(), BSL_SecOper_IsRoleSource(), BSL_SecParam_GetAsBytestr(), BSL_SecParam_GetAsTextstr(), BSL_SecParam_GetAsUInt64(), BSL_SecParam_GetId(), BSL_SecParam_IsInt64(), BSL_SECPARAM_TYPE_KEY_ID, BSL_SECPARAM_USE_KEY_WRAP, BSL_SUCCESS, BSLX_BIB_t::bundle, BSLX_BIB_t::key_id, BSL_Data_t::len, map_rfc9173_sha_variant_to_crypto(), and BSL_Data_t::ptr.