BSL v1.1.1 - 19.g31939de
AMMOS Bundle Protocol Security Library (BSL)
Loading...
Searching...
No Matches
BPSecLib_Private.h File Reference

Single entry-point include file for all of the BPSec Lib (BSL) frontend API. More...

#include <inttypes.h>
#include <stdio.h>
#include <stdbool.h>
#include <stddef.h>
#include <stdint.h>
#include <string.h>
#include <syslog.h>
#include <time.h>
#include <sys/types.h>
#include "BPSecLib_Public.h"
+ Include dependency graph for BPSecLib_Private.h:

Data Structures

struct  BSL_BundleTimestamp_t
 Creation Timestamp Defined in Section 4.2.7 of RFC 9171 [6]. More...
 
struct  BSL_PolicyDesc_t
 Descriptor of opaque data and callbacks for Policy Provider. More...
 
struct  BSL_SecCtxDesc_t
 Security Context descriptor (interface) More...
 

Macros

#define _U_
 Mark an unused parameter Within a function definition.
 
#define UNLIKELY(expr)   (expr)
 Hint to the compiler that the expression is expected to evaluate to false and the associated branch is unlikely.
 
#define LIKELY(expr)   (expr)
 Hint to the compiler that the expression is expected to evaluate to true and the associated branch is likely.
 
#define BSL_CHKRET(cond, val)
 Check a condition and if not met return a specific value.
 
#define BSL_CHKVOID(cond)   BSL_CHKRET(cond, )
 Return from void functions if condition fails.
 
#define BSL_CHKNULL(cond)   BSL_CHKRET(cond, NULL)
 Return a null pointer if condition fails.
 
#define BSL_CHKFALSE(cond)   BSL_CHKRET(cond, false)
 Return false if condition fails.
 
#define BSL_CHKERR1(cond)   BSL_CHKRET(cond, 1)
 Return the error value 1 if condition fails.
 
#define BSL_CHKERRVAL(value)   BSL_CHKRET(!(value), (value))
 Check a value for non-zero and return that value.
 
#define BSL_LOG_CRIT(...)   BSL_LogEvent(LOG_CRIT, __FILE__, __LINE__, __func__, __VA_ARGS__)
 Perform LOG_CRIT level logging with auto-filled parameters.
 
#define BSL_LOG_ERR(...)   BSL_LogEvent(LOG_ERR, __FILE__, __LINE__, __func__, __VA_ARGS__)
 This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts.
 
#define BSL_LOG_WARNING(...)   BSL_LogEvent(LOG_WARNING, __FILE__, __LINE__, __func__, __VA_ARGS__)
 This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts.
 
#define BSL_LOG_INFO(...)   BSL_LogEvent(LOG_INFO, __FILE__, __LINE__, __func__, __VA_ARGS__)
 This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts.
 
#define BSL_LOG_DEBUG(...)   BSL_LogEvent(LOG_DEBUG, __FILE__, __LINE__, __func__, __VA_ARGS__)
 This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts.
 
#define BSL_LOG_PLAINTEXT_PTR(title, ctx, ptr, len)
 Log plaintext as hex for debugging only when enabled by compile option BSL_LOG_PLAINTEXT_ENABLE is non-zero.
 
#define CHK_TEMPL(expr, msg, return_code)
 Helpful macros for expressing invariants, pre/post conditions, and arg validation.
 
#define CHK_AS_BOOL(expr)   CHK_TEMPL(expr, "Failed Property Check: Failed to satisfy", BSL_ERR_ARG_INVALID)
 
#define CHK_ARG_EXPR(expr)    CHK_TEMPL(expr, "Illegal Argument: Argument expression check failed to satisfy", BSL_ERR_ARG_INVALID)
 
#define CHK_ARG_NONNULL(var)    CHK_TEMPL((var) != NULL, "Illegal Argument: Argument null check failed to satisfy", BSL_ERR_ARG_NULL)
 
#define CHK_PRECONDITION(expr)   CHK_TEMPL(expr, "Precondition Failed: Did not satisfy", BSL_ERR_FAILURE)
 
#define CHK_PROPERTY(expr)   CHK_TEMPL(expr, "Property Failed: Did not satisfy", BSL_ERR_FAILURE)
 
#define CHK_POSTCONDITION(expr)   CHK_TEMPL(expr, "Postcondition Failed: Did not satisfy", BSL_ERR_FAILURE)
 
#define ASSERT_TEMPL(expr, msg)
 
#define ASSERT_ARG_EXPR(expr)   ASSERT_TEMPL(expr, "Panic: Argument expression check failed to satisfy")
 
#define ASSERT_ARG_NONNULL(var)   ASSERT_TEMPL((var) != NULL, "Panic: Null Argument check failed to satisfy")
 
#define ASSERT_PROPERTY(expr)   ASSERT_TEMPL(expr, "Panic: Property check failed to satisfy")
 
#define ASSERT_PRECONDITION(expr)   ASSERT_TEMPL(expr, "Panic: Precondition failed to satisfy")
 
#define ASSERT_POSTCONDITION(expr)   ASSERT_TEMPL(expr, "Panic: Precondition failed to satisfy")
 
#define BSL_HOSTEID_INIT_INVALID
 Static initializer for an invalid BSL_HostEID_t.
 
#define BSL_HOSTEID_INIT_INVALID
 Static initializer for an invalid BSL_HostEID_t.
 
#define BSL_SECROLE_ISVALID(role_value)   (((role_value) >= BSL_SECROLE_SOURCE) && ((role_value) <= BSL_SECROLE_ACCEPTOR))
 
#define BSL_SecBlockType_IsSecBlock(block_id)    (((block_id) >= BSL_SECBLOCKTYPE_BIB) && ((block_id) <= BSL_SECBLOCKTYPE_BCB))
 Helper to determine if a given block type is security.
 

Typedefs

typedef int(* BSL_PolicyInspect_f) (void *user_data, BSL_SecurityActionSet_t *output_action_set, const BSL_BundleRef_t *bundle, BSL_PolicyLocation_e location)
 Callback interface to query policy provider to populate the action set.
 
typedef int(* BSL_PolicyFinalize_f) (void *user_data, const BSL_SecurityActionSet_t *output_action_set, BSL_BundleRef_t *bundle, const BSL_SecurityResponseSet_t *response_output)
 Callback interface to finalize policy provider over the action set.
 
typedef void(* BSL_PolicyDeinit_f) (void *user_data)
 Callback interface for policy provider to shut down and release any resources.
 
typedef bool(* BSL_SecCtx_Validate_f) (BSL_LibCtx_t *lib, const BSL_BundleRef_t *bundle, const BSL_SecOper_t *sec_oper)
 Signature for Security Context validator for a sec OP.
 
typedef int(* BSL_SecCtx_Execute_f) (BSL_LibCtx_t *lib, BSL_BundleRef_t *bundle, const BSL_SecOper_t *sec_oper, BSL_SecOutcome_t *sec_outcome)
 Signature for Security Context executor for a sec OP.
 

Enumerations

enum  BSL_ErrCodes_e {
  BSL_SUCCESS = 0 , BSL_ERR_FAILURE = -1 , BSL_ERR_ARG_NULL = -2 , BSL_ERR_ARG_INVALID = -3 ,
  BSL_ERR_PROPERTY_CHECK_FAILED = -4 , BSL_ERR_INSUFFICIENT_SPACE = -5 , BSL_ERR_NOT_IMPLEMENTED = -6 , BSL_ERR_ENCODING = -7 ,
  BSL_ERR_DECODING = -8 , BSL_ERR_NOT_FOUND = -9 , BSL_ERR_BUNDLE_OPERATION_FAILED = -10 , BSL_ERR_SECURITY_OPERATION_FAILED = -11 ,
  BSL_ERR_HOST_CALLBACK_FAILED = -12 , BSL_ERR_POLICY_FAILED = -100 , BSL_ERR_POLICY_QUERY = -101 , BSL_ERR_POLICY_FINAL = -102 ,
  BSL_ERR_POLICY_CONFIG = -103 , BSL_ERR_SECURITY_CONTEXT_FAILED = -200 , BSL_ERR_SECURITY_CONTEXT_PARTIAL_FAIL = -201 , BSL_ERR_SECURITY_CONTEXT_VALIDATION_FAILED = -202 ,
  BSL_ERR_SECURITY_CONTEXT_AUTH_FAILED = -203 , BSL_ERR_SECURITY_CONTEXT_CRYPTO_FAILED = -204
}
 Catalog of error code. More...
 
enum  BSL_PolicyAction_e { BSL_POLICYACTION_UNDEFINED = 0 , BSL_POLICYACTION_NOTHING , BSL_POLICYACTION_DROP_BLOCK , BSL_POLICYACTION_DROP_BUNDLE }
 Codes indicating the fate of a block if a security operation over it fails. More...
 
enum  BSL_BundleBlockTypeCode_e {
  BSL_BLOCK_TYPE_PRIMARY = 0 , BSL_BLOCK_TYPE_PAYLOAD = 1 , BSL_BLOCK_TYPE_BUNDLE_AUTH = 2 , BSL_BLOCK_TYPE_PAYLOAD_INTEGRITY = 3 ,
  BSL_BLOCK_TYPE_PAYLOAD_CONFIDENTIALITY = 4 , BSL_BLOCK_TYPE_PREVIOUS_HOP_INSERTION = 5 , BSL_BLOCK_TYPE_PREVIOUS_NODE = 6 , BSL_BLOCK_TYPE_BUNDLE_AGE = 7 ,
  BSL_BLOCK_TYPE_METADATA_EXT = 8 , BSL_BLOCK_TYPE_EXT_SECURITY = 9 , BSL_BLOCK_TYPE_HOP_COUNT = 10 , BSL_BLOCK_TYPE_BIB = 11 ,
  BSL_BLOCK_TYPE_BCB = 12
}
 Block types using IANA-assigned code points from [8]. More...
 
enum  BSL_BundleASBFlag_e { BSL_ASB_FLAG_PARAMS = 1 }
 Flags of the Abstract Security Block [3]. More...
 
enum  BSL_BundleCtrlFlag_e { BSL_BUNDLE_IS_FRAGMENT = 0x0001 }
 Bundle processing control flags. More...
 
enum  BSL_SecRole_e { BSL_SECROLE_SOURCE = 1000 , BSL_SECROLE_VERIFIER , BSL_SECROLE_ACCEPTOR }
 Security role of an operation. More...
 
enum  BSL_SecBlockType_e { BSL_SECBLOCKTYPE_BIB = 11 , BSL_SECBLOCKTYPE_BCB = 12 }
 RFC 9172-specified block type codes for BIB and BCB. More...
 

Functions

char * BSL_Log_DumpAsHexString (char *dstbuf, size_t dstlen, const uint8_t *srcbuf, size_t srclen)
 Helper function to print the ASCII encoding of a given byte stream to a given target buffer.
 
bool BSL_LogIsEnabledFor (int severity)
 Determine if a particular severity is being logged.
 
void BSL_LogEvent (int severity, const char *filename, int lineno, const char *funcname, const char *format,...)
 Log an event.
 
int BSL_SeqReader_Destroy (BSL_SeqReader_t *obj)
 Release resources from a sequential reader.
 
int BSL_SeqReader_Get (BSL_SeqReader_t *obj, uint8_t *buf, size_t *bufsize)
 Iterate a sequential reader.
 
int BSL_SeqWriter_Destroy (BSL_SeqWriter_t *obj)
 Release resources from a sequential writer and commit the writes.
 
int BSL_SeqWriter_Put (BSL_SeqWriter_t *obj, const uint8_t *buf, size_t bufsize)
 Iterate a sequential writer.
 
void BSL_HostEID_Init (BSL_HostEID_t *eid)
 Initialize an abstract EID.
 
void BSL_HostEID_Deinit (BSL_HostEID_t *eid)
 De-initialize an abstract EID.
 
int BSL_Host_GetSecSrcEID (BSL_HostEID_t *eid)
 Get the local EID used when this node is a security source.
 
int BSL_HostEID_DecodeFromText (BSL_HostEID_t *eid, const char *text)
 Decode an EID from its text form.
 
int BSL_HostEID_DecodeFromCBOR (const BSL_Data_t *encoded_bytes, BSL_HostEID_t *eid)
 Decode an EID from CBOR.
 
int BSL_HostEID_EncodeToCBOR (const BSL_HostEID_t *eid, BSL_Data_t *encoded_bytes)
 Encode a EID into CBOR.
 
int BSL_HostEIDPattern_Init (BSL_HostEIDPattern_t *pat)
 Initialize an abstract EID Pattern.
 
void BSL_HostEIDPattern_Deinit (BSL_HostEIDPattern_t *pat)
 De-initialize an abstract EID Pattern.
 
int BSL_HostEIDPattern_DecodeFromText (BSL_HostEIDPattern_t *pat, const char *text)
 Decode an EID Pattern from its text form.
 
bool BSL_HostEIDPattern_IsMatch (const BSL_HostEIDPattern_t *pat, const BSL_HostEID_t *eid)
 Determine if an EID Pattern matches a specific EID.
 
int BSL_BundleCtx_GetBundleMetadata (const BSL_BundleRef_t *bundle, BSL_PrimaryBlock_t *result_primary_block)
 Calls the host interface to get a bundle primary block information.abort.
 
int BSL_BundleCtx_GetBlockMetadata (const BSL_BundleRef_t *bundle, uint64_t block_num, BSL_CanonicalBlock_t *result_block)
 Returns information about the bundle Canonical block.
 
int BSL_BundleCtx_CreateBlock (BSL_BundleRef_t *bundle, uint64_t block_type_code, uint64_t *block_num)
 Request the creation of a new block of a given type in the bundle.
 
int BSL_BundleCtx_RemoveBlock (BSL_BundleRef_t *bundle, uint64_t block_num)
 Requests the removal of a block from a bundle.
 
int BSL_BundleCtx_DeleteBundle (BSL_BundleRef_t *bundle, BSL_ReasonCode_t reason_code)
 Requests dropping of bundle.
 
int BSL_BundleCtx_ReallocBTSD (BSL_BundleRef_t *bundle, uint64_t block_num, size_t btsd_size)
 Requests the re-allocation of a block's BTSD, useful for BCB.
 
BSL_SeqReader_t * BSL_BundleCtx_ReadBTSD (const BSL_BundleRef_t *bundle, uint64_t block_num)
 Construct a new sequential reader for BTSD content.
 
BSL_SeqWriter_t * BSL_BundleCtx_WriteBTSD (BSL_BundleRef_t *bundle, uint64_t block_num, size_t btsd_size)
 Construct a new sequential writer for BTSD content.
 
void BSL_IdValPair_Init (BSL_IdValPair_t *self)
 Initialize to a default empty state.
 
void BSL_IdValPair_InitSet (BSL_IdValPair_t *self, const BSL_IdValPair_t *src)
 Initialize to a copy of another value.
 
void BSL_IdValPair_Deinit (BSL_IdValPair_t *self)
 De-initialize a parameter.
 
void BSL_IdValPair_Set (BSL_IdValPair_t *self, const BSL_IdValPair_t *src)
 Overwrite with a copy of another value.
 
void BSL_IdValPair_Move (BSL_IdValPair_t *self, BSL_IdValPair_t *src)
 Move from another value.
 
uint64_t BSL_IdValPair_GetId (const BSL_IdValPair_t *self)
 Get parameter ID of this param.
 
bool BSL_IdValPair_IsConsistent (const BSL_IdValPair_t *self)
 Return true if invariant conditions pass.
 
size_t BSL_IdValPair_Sizeof (void)
 Return size of BSL_IdValPair_s struct type.
 
void BSL_IdValPair_SetInt64 (BSL_IdValPair_t *self, uint64_t param_id, uint64_t value)
 Set to an signed integer value.
 
bool BSL_IdValPair_IsInt64 (const BSL_IdValPair_t *self)
 Returns true when the value type is an integer.
 
int BSL_IdValPair_GetAsInt64 (const BSL_IdValPair_t *self, int64_t *out)
 Retrieve integer value of result when this result type is integer.
 
void BSL_IdValPair_SetBytestr (BSL_IdValPair_t *self, uint64_t param_id, BSL_Data_t value)
 Initialize as a parameter containing a bytestring.
 
bool BSL_IdValPair_IsBytestr (const BSL_IdValPair_t *self)
 Returns true when the value type is a byte string.
 
int BSL_IdValPair_GetAsBytestr (const BSL_IdValPair_t *self, BSL_Data_t *out)
 Retrieve byte string value of a parameter.
 
void BSL_IdValPair_SetTextstr (BSL_IdValPair_t *self, uint64_t param_id, const char *value)
 Initialize as a parameter containing a byte string with a null-terminated text value.
 
bool BSL_IdValPair_IsTextstr (const BSL_IdValPair_t *self)
 Returns true when the value type is a text string.
 
int BSL_IdValPair_GetAsTextstr (const BSL_IdValPair_t *self, const char **out)
 Retrieve bytestring value of result when security parameter type is bytestring.
 
void BSL_IdValPair_SetRaw (BSL_IdValPair_t *self, uint64_t param_id, const void *ptr, size_t len)
 Initialize as a parameter containing raw encoded content.
 
size_t BSL_SecOper_Sizeof (void)
 
void BSL_SecOper_Init (BSL_SecOper_t *self)
 Initialize a newly allocated structure.
 
void BSL_SecOper_InitSet (BSL_SecOper_t *self, const BSL_SecOper_t *src)
 Initialize from a copy.
 
void BSL_SecOper_Deinit (BSL_SecOper_t *self)
 Empty and release any resources used internally by this structure.
 
void BSL_SecOper_Set (BSL_SecOper_t *self, const BSL_SecOper_t *src)
 Set from a copy.
 
void BSL_SecOper_Populate (BSL_SecOper_t *self, int64_t context_id, uint64_t target_block_num, uint64_t sec_block_num, BSL_SecBlockType_e sec_type, BSL_SecRole_e sec_role, BSL_PolicyAction_e policy_action)
 Populate an initialized Security Operation with the given values.
 
bool BSL_SecOper_IsConsistent (const BSL_SecOper_t *self)
 Returns true if internal consistency and sanity checks pass.
 
const BSL_IdValPair_t * BSL_SecOper_FindOption (const BSL_SecOper_t *self, uint64_t option_id)
 Returns a pointer to the Security Parameter at a given index in the list of all parameters.
 
const BSL_IdValPair_t * BSL_SecOper_FindParam (const BSL_SecOper_t *self, uint64_t param_id)
 Returns a pointer to the Security Parameter at a given index in the list of all parameters.
 
const BSL_IdValPair_t * BSL_SecOper_FindResult (const BSL_SecOper_t *self, uint64_t param_id)
 Returns a pointer to the Security Parameter at a given index in the list of all parameters.
 
uint64_t BSL_SecOper_GetSecurityBlockNum (const BSL_SecOper_t *self)
 Get the block number of the security block containing this sec operation.
 
uint64_t BSL_SecOper_GetTargetBlockNum (const BSL_SecOper_t *self)
 Get the block number of the target block covered by this security operation.
 
size_t BSL_SecOper_CountOptions (const BSL_SecOper_t *self)
 Get the count of parameters contained within this security operation.
 
void BSL_SecOper_AppendOption (BSL_SecOper_t *self, const BSL_IdValPair_t *option)
 Add the given option to this operation.
 
void BSL_SecOper_AppendParam (BSL_SecOper_t *self, const BSL_IdValPair_t *param)
 Add the given security parameter to this operation manually.
 
bool BSL_SecOper_IsRoleSource (const BSL_SecOper_t *self)
 Return true if this security operation's role is SOURCE.
 
bool BSL_SecOper_IsRoleVerifier (const BSL_SecOper_t *self)
 Return true if this security operation's role is Verifier.
 
bool BSL_SecOper_IsRoleAcceptor (const BSL_SecOper_t *self)
 Return true if this security operation's role is Acceptor.
 
bool BSL_SecOper_IsBIB (const BSL_SecOper_t *self)
 Return true if this security operation is BIB.
 
BSL_PolicyAction_e BSL_SecOper_GetPolicyAction (const BSL_SecOper_t *self)
 Retrieve the policy action of a security operation.
 
BSL_SecOper_ConclusionState_e BSL_SecOper_GetConclusion (const BSL_SecOper_t *self)
 Retrieve the conclusion state of a security operation.
 
void BSL_SecOper_SetConclusion (BSL_SecOper_t *self, BSL_SecOper_ConclusionState_e new_conclusion)
 Set the security operation conclusion state.
 
BSL_ReasonCode_t BSL_SecOper_GetReasonCode (const BSL_SecOper_t *self)
 Get security operation reason code.
 
void BSL_SecOper_SetReasonCode (BSL_SecOper_t *self, BSL_ReasonCode_t new_reason_code)
 Set the security operation reason code.
 
size_t BSL_AbsSecBlock_Sizeof (void)
 Returns the size of the BSL_AbsSecBlock_s struct in bytes.
 
void BSL_AbsSecBlock_Init (BSL_AbsSecBlock_t *self)
 Populate a pre-allocated Abstract Security Block.
 
bool BSL_AbsSecBlock_IsConsistent (const BSL_AbsSecBlock_t *self)
 Checks internal consistency and sanity of this structure.
 
void BSL_AbsSecBlock_Deinit (BSL_AbsSecBlock_t *self)
 Deinitializes and clears this ASB, clearing and releasing any owned memory.
 
void BSL_AbsSecBlock_Print (const BSL_AbsSecBlock_t *self)
 Logs events exposing the ASB content at LOG DEBUG severity.
 
bool BSL_AbsSecBlock_IsEmpty (const BSL_AbsSecBlock_t *self)
 Returns true if this ASB contains no operations (i.e., no targets and results)
 
int64_t BSL_AbsSecBlock_GetContextID (const BSL_AbsSecBlock_t *self)
 Get the security context ID from a security block.
 
bool BSL_AbsSecBlock_ContainsTarget (const BSL_AbsSecBlock_t *self, uint64_t target_block_num)
 Returns true if a given ASB contains the given block number as a security target.
 
const BSL_IdValPair_t * BSL_AbsSecBlock_FindResult (BSL_AbsSecBlock_t *self, uint64_t target_index, uint64_t result_id)
 Search for a specific security result by its ID.
 
int BSL_AbsSecBlock_StripResults (BSL_AbsSecBlock_t *self, uint64_t target_block_num)
 Remove security parameters and results found in outcome from this ASB.
 
ssize_t BSL_AbsSecBlock_EncodeToCBOR (const BSL_AbsSecBlock_t *self, BSL_Data_t *buf)
 Encodes this ASB into a CBOR string into the space pre-allocated indicated by the argument.
 
int BSL_AbsSecBlock_DecodeFromCBOR (BSL_AbsSecBlock_t *self, const BSL_Data_t *buf)
 Decodes and populates this ASB from a CBOR string.
 
int BSL_TlmCounters_IncrementCounter (BSL_LibCtx_t *bsl, BSL_TlmCounterIndex_e tlm_index, uint64_t count)
 Increments a telemetry counter in the ctx based on telemetry index.
 
size_t BSL_SecOutcome_Sizeof (void)
 Returns the size of the BSL_SecOutcome_s structure.
 
void BSL_SecOutcome_Init (BSL_SecOutcome_t *self, const BSL_SecOper_t *sec_oper)
 Populate a pre-allocated security outcome struct.
 
void BSL_SecOutcome_Deinit (BSL_SecOutcome_t *self)
 Release any resources owned by this security outcome.
 
bool BSL_SecOutcome_IsConsistent (const BSL_SecOutcome_t *self)
 Return true if internal invariants hold.
 
BSL_IdValPair_t * BSL_SecOutcome_AppendResult (BSL_SecOutcome_t *self)
 Append a Security Result to this outcome.
 
const BSL_IdValPair_t * BSL_SecOutcome_GetResultAtIndex (const BSL_SecOutcome_t *self, size_t index)
 Get the result at index i.
 
size_t BSL_SecOutcome_CountResults (const BSL_SecOutcome_t *self)
 Get the number of results.
 
BSL_IdValPair_t * BSL_SecOutcome_AppendParam (BSL_SecOutcome_t *self)
 Append a Security Parameter to this outcome.
 
size_t BSL_SecOutcome_CountParams (const BSL_SecOutcome_t *self)
 Returns number of parameters in this outcome.
 
const BSL_IdValPair_t * BSL_SecOutcome_GetParamAt (const BSL_SecOutcome_t *self, size_t index)
 Get the security parameter from the security outcome at the provided index.
 
size_t BSL_SecurityAction_Sizeof (void)
 
bool BSL_SecurityAction_IsConsistent (const BSL_SecurityAction_t *self)
 
void BSL_SecurityAction_Init (BSL_SecurityAction_t *self)
 Initialize security action.
 
void BSL_SecurityAction_InitSet (BSL_SecurityAction_t *self, const BSL_SecurityAction_t *src)
 Initialize from a copy.
 
void BSL_SecurityAction_Set (BSL_SecurityAction_t *self, const BSL_SecurityAction_t *src)
 Set from a copy.
 
void BSL_SecurityAction_Deinit (BSL_SecurityAction_t *self)
 De-initialize security action.
 
int BSL_SecurityAction_AppendSecOper (BSL_SecurityAction_t *self, BSL_SecOper_t *sec_oper)
 Add security operation to security action.
 
int BSL_SecurityAction_OrderSecOps (BSL_SecurityAction_t *self)
 Order the Security operations such that execution will be successful.
 
size_t BSL_SecurityAction_CountSecOpers (const BSL_SecurityAction_t *self)
 
BSL_SecOper_t * BSL_SecurityAction_GetSecOperAtIndex (const BSL_SecurityAction_t *self, size_t index)
 
void BSL_SecurityAction_IncrError (BSL_SecurityAction_t *self)
 Increment a security failure for this action set.
 
size_t BSL_SecurityAction_CountErrors (const BSL_SecurityAction_t *self)
 Returns count of failures after processing this action.
 
uint64_t BSL_SecurityAction_GetPPID (const BSL_SecurityAction_t *self)
 Returns Policy Provider ID of.
 
size_t BSL_SecurityActionSet_Sizeof (void)
 Returns size of the struct, helpful for dynamic allocation.
 
void BSL_SecurityActionSet_Init (BSL_SecurityActionSet_t *self)
 Initialize a new security action set.
 
void BSL_SecurityActionSet_Deinit (BSL_SecurityActionSet_t *self)
 Zeroize, clear, and release itself and any owned resources.
 
int BSL_SecurityActionSet_AppendAction (BSL_SecurityActionSet_t *self, const BSL_SecurityAction_t *action)
 Append a security operation to the security action set.
 
bool BSL_SecurityActionSet_IsConsistent (const BSL_SecurityActionSet_t *self)
 Return true if internal sanity and consistency checks pass.
 
size_t BSL_SecurityActionSet_CountOperations (const BSL_SecurityActionSet_t *self)
 
size_t BSL_SecurityActionSet_CountActions (const BSL_SecurityActionSet_t *self)
 Count number of security operations present in this policy action set.
 
const BSL_SecurityAction_t * BSL_SecurityActionSet_GetActionAtIndex (const BSL_SecurityActionSet_t *self, size_t index)
 Returns the Security Operation at the given index.
 
size_t BSL_SecurityActionSet_CountErrors (const BSL_SecurityActionSet_t *self)
 Returns count of failures after processing this action set.
 
size_t BSL_SecurityResponseSet_Sizeof (void)
 Returns size of this struct type.
 
void BSL_SecurityResponseSet_Init (BSL_SecurityResponseSet_t *self)
 Initialize with the given count of operations and failures.
 
void BSL_SecurityResponseSet_Deinit (BSL_SecurityResponseSet_t *self)
 Zeroize itself and release any owned resources.
 
bool BSL_SecurityResponseSet_IsConsistent (const BSL_SecurityResponseSet_t *self)
 Return true if internal consistency checks pass.
 
size_t BSL_SecurityResponseSet_CountResponses (const BSL_SecurityResponseSet_t *self)
 Return number of responses (operations acted upon)
 
void BSL_SecurityResponseSet_AppendResult (BSL_SecurityResponseSet_t *self, int64_t result, BSL_PolicyAction_e policy_action)
 Append a result code to the security response set.
 
int BSL_PolicyRegistry_InspectActions (const BSL_LibCtx_t *bsl, BSL_SecurityActionSet_t *output_action_set, const BSL_BundleRef_t *bundle, BSL_PolicyLocation_e location)
 Queries the policy provider for any security operations to take on the bundle.
 
int BSL_PolicyRegistry_FinalizeActions (const BSL_LibCtx_t *bsl, const BSL_SecurityActionSet_t *policy_actions, BSL_BundleRef_t *bundle, const BSL_SecurityResponseSet_t *response_output)
 Finalizes policy provider for sec ops & sec results for a bundle.
 
int BSL_SecCtx_ExecutePolicyActionSet (BSL_LibCtx_t *lib, BSL_SecurityResponseSet_t *output_response, BSL_BundleRef_t *bundle, const BSL_SecurityActionSet_t *action_set)
 Call the underlying security context to perform the given action.
 
bool BSL_SecCtx_ValidatePolicyActionSet (BSL_LibCtx_t *lib, const BSL_BundleRef_t *bundle, const BSL_SecurityActionSet_t *action_set)
 Validate policy action set.
 
int BSL_ExecBIBSource (BSL_SecCtx_Execute_f sec_context_fn, BSL_LibCtx_t *lib, BSL_BundleRef_t *bundle, BSL_SecOper_t *sec_oper, BSL_SecOutcome_t *outcome)
 Internal function to execute an operation as source.
 
int BSL_ExecBIBVerifierAcceptor (BSL_SecCtx_Execute_f sec_context_fn, BSL_LibCtx_t *lib, BSL_BundleRef_t *bundle, BSL_SecOper_t *sec_oper, BSL_SecOutcome_t *outcome)
 
int BSL_ExecBCBSource (BSL_SecCtx_Execute_f sec_context_fn, BSL_LibCtx_t *lib, BSL_BundleRef_t *bundle, BSL_SecOper_t *sec_oper, BSL_SecOutcome_t *outcome)
 
int BSL_ExecBCBVerifierAcceptor (BSL_SecCtx_Execute_f sec_context_fn, BSL_LibCtx_t *lib, BSL_BundleRef_t *bundle, BSL_SecOper_t *sec_oper, BSL_SecOutcome_t *outcome)
 

Detailed Description

Single entry-point include file for all of the BPSec Lib (BSL) frontend API.

This file is for backend and BSL-adjacent modules (the Policy Provider, Security Context, and Test Harness) to have more reach into the BSL, without requiring any of them to have specific dependencies on the other. The Host BPA should only need the purely public header file.

Author
Bill..nosp@m.Van..nosp@m.Besie.nosp@m.n@jh.nosp@m.uapl..nosp@m.edu

Macro Definition Documentation

◆ _U_

#define _U_

Mark an unused parameter Within a function definition.

This avoids compiler warnings when parameters need to be present to satisfy an interface but are otherwise unused.

For example, this second parameter is marked unused:

void myfunc(int param, int unused _U_)
#define _U_
Mark an unused parameter Within a function definition.
Definition BPSecLib_Private.h:101

◆ ASSERT_ARG_EXPR

#define ASSERT_ARG_EXPR (   expr)    ASSERT_TEMPL(expr, "Panic: Argument expression check failed to satisfy")

◆ ASSERT_ARG_NONNULL

#define ASSERT_ARG_NONNULL (   var)    ASSERT_TEMPL((var) != NULL, "Panic: Null Argument check failed to satisfy")

◆ ASSERT_POSTCONDITION

#define ASSERT_POSTCONDITION (   expr)    ASSERT_TEMPL(expr, "Panic: Precondition failed to satisfy")

◆ ASSERT_PRECONDITION

#define ASSERT_PRECONDITION (   expr)    ASSERT_TEMPL(expr, "Panic: Precondition failed to satisfy")

◆ ASSERT_PROPERTY

#define ASSERT_PROPERTY (   expr)    ASSERT_TEMPL(expr, "Panic: Property check failed to satisfy")

◆ ASSERT_TEMPL

#define ASSERT_TEMPL (   expr,
  msg 
)
Value:
do \
{ \
if (!LIKELY(expr)) \
{ \
fprintf(stderr, "%s (%s)\n", msg, #expr); \
abort(); \
} \
} \
while (0)
#define LIKELY(expr)
Hint to the compiler that the expression is expected to evaluate to true and the associated branch is...
Definition BPSecLib_Private.h:122

◆ BSL_CHKERR1

#define BSL_CHKERR1 (   cond)    BSL_CHKRET(cond, 1)

Return the error value 1 if condition fails.

◆ BSL_CHKERRVAL

#define BSL_CHKERRVAL (   value)    BSL_CHKRET(!(value), (value))

Check a value for non-zero and return that value.

Warning
The parameter is evaluated twice so should be a simple variable.
Parameters
valueThe value to check and conditionally return.

◆ BSL_CHKFALSE

#define BSL_CHKFALSE (   cond)    BSL_CHKRET(cond, false)

Return false if condition fails.

◆ BSL_CHKNULL

#define BSL_CHKNULL (   cond)    BSL_CHKRET(cond, NULL)

Return a null pointer if condition fails.

◆ BSL_CHKRET

#define BSL_CHKRET (   cond,
  val 
)
Value:
if (!LIKELY(cond)) \
{ \
return val; \
}

Check a condition and if not met return a specific value.

Parameters
condThe condition to check.
valThe return value if the check fails.
Deprecated:

◆ BSL_CHKVOID

#define BSL_CHKVOID (   cond)    BSL_CHKRET(cond, )

Return from void functions if condition fails.

◆ BSL_HOSTEID_INIT_INVALID [1/2]

#define BSL_HOSTEID_INIT_INVALID
Value:
{ \
.handle = NULL \
}

Static initializer for an invalid BSL_HostEID_t.

Static initializer for an invalid BSL_HostEIDPattern_t.

Even after this, BSL_HostEID_Init() must be used to get into a valid state.

Even after this, BSL_HostEIDPattern_Init() must be used to get into a valid state.

◆ BSL_HOSTEID_INIT_INVALID [2/2]

#define BSL_HOSTEID_INIT_INVALID
Value:
{ \
.handle = NULL \
}

Static initializer for an invalid BSL_HostEID_t.

Static initializer for an invalid BSL_HostEIDPattern_t.

Even after this, BSL_HostEID_Init() must be used to get into a valid state.

Even after this, BSL_HostEIDPattern_Init() must be used to get into a valid state.

◆ BSL_LOG_CRIT

#define BSL_LOG_CRIT (   ...)    BSL_LogEvent(LOG_CRIT, __FILE__, __LINE__, __func__, __VA_ARGS__)

Perform LOG_CRIT level logging with auto-filled parameters.

The arguments to this macro are passed to BSL_LogEvent() as the format and its parameter values.

◆ BSL_LOG_DEBUG

#define BSL_LOG_DEBUG (   ...)    BSL_LogEvent(LOG_DEBUG, __FILE__, __LINE__, __func__, __VA_ARGS__)

This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts.

◆ BSL_LOG_ERR

#define BSL_LOG_ERR (   ...)    BSL_LogEvent(LOG_ERR, __FILE__, __LINE__, __func__, __VA_ARGS__)

This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts.

◆ BSL_LOG_INFO

#define BSL_LOG_INFO (   ...)    BSL_LogEvent(LOG_INFO, __FILE__, __LINE__, __func__, __VA_ARGS__)

This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts.

◆ BSL_LOG_PLAINTEXT_PTR

#define BSL_LOG_PLAINTEXT_PTR (   title,
  ctx,
  ptr,
  len 
)

Log plaintext as hex for debugging only when enabled by compile option BSL_LOG_PLAINTEXT_ENABLE is non-zero.

Parameters
titleThe static C string title.
ctcA correlating context pointer to log.
ptrThe data start pointer.
lenThe data length.

◆ BSL_LOG_WARNING

#define BSL_LOG_WARNING (   ...)    BSL_LogEvent(LOG_WARNING, __FILE__, __LINE__, __func__, __VA_ARGS__)

This is an overloaded member function, provided for convenience. It differs from the above function only in what argument(s) it accepts.

◆ BSL_SecBlockType_IsSecBlock

#define BSL_SecBlockType_IsSecBlock (   block_id)     (((block_id) >= BSL_SECBLOCKTYPE_BIB) && ((block_id) <= BSL_SECBLOCKTYPE_BCB))

Helper to determine if a given block type is security.

◆ BSL_SECROLE_ISVALID

#define BSL_SECROLE_ISVALID (   role_value)    (((role_value) >= BSL_SECROLE_SOURCE) && ((role_value) <= BSL_SECROLE_ACCEPTOR))

◆ CHK_ARG_EXPR

#define CHK_ARG_EXPR (   expr)     CHK_TEMPL(expr, "Illegal Argument: Argument expression check failed to satisfy", BSL_ERR_ARG_INVALID)

◆ CHK_ARG_NONNULL

#define CHK_ARG_NONNULL (   var)     CHK_TEMPL((var) != NULL, "Illegal Argument: Argument null check failed to satisfy", BSL_ERR_ARG_NULL)

◆ CHK_AS_BOOL

#define CHK_AS_BOOL (   expr)    CHK_TEMPL(expr, "Failed Property Check: Failed to satisfy", BSL_ERR_ARG_INVALID)

◆ CHK_POSTCONDITION

#define CHK_POSTCONDITION (   expr)    CHK_TEMPL(expr, "Postcondition Failed: Did not satisfy", BSL_ERR_FAILURE)

◆ CHK_PRECONDITION

#define CHK_PRECONDITION (   expr)    CHK_TEMPL(expr, "Precondition Failed: Did not satisfy", BSL_ERR_FAILURE)

◆ CHK_PROPERTY

#define CHK_PROPERTY (   expr)    CHK_TEMPL(expr, "Property Failed: Did not satisfy", BSL_ERR_FAILURE)

◆ CHK_TEMPL

#define CHK_TEMPL (   expr,
  msg,
  return_code 
)
Value:
do \
{ \
if (!LIKELY(expr)) \
{ \
BSL_LOG_ERR("%s (%s) [errcode=%d]", msg, #expr, return_code); \
return return_code; \
} \
} \
while (0) /* GCOV_EXCL_LINE */

Helpful macros for expressing invariants, pre/post conditions, and arg validation.

The expression is nominally true and only false during exceptional cases.

◆ LIKELY

#define LIKELY (   expr)    (expr)

Hint to the compiler that the expression is expected to evaluate to true and the associated branch is likely.

Parameters
exprThe expression to evaluate.
Returns
The boolean evaluation of the expression.

◆ UNLIKELY

#define UNLIKELY (   expr)    (expr)

Hint to the compiler that the expression is expected to evaluate to false and the associated branch is unlikely.

Parameters
exprThe expression to evaluate.
Returns
The boolean evaluation of the expression.

Typedef Documentation

◆ BSL_PolicyDeinit_f

typedef void(* BSL_PolicyDeinit_f) (void *user_data)

Callback interface for policy provider to shut down and release any resources.

◆ BSL_PolicyFinalize_f

typedef int(* BSL_PolicyFinalize_f) (void *user_data, const BSL_SecurityActionSet_t *output_action_set, BSL_BundleRef_t *bundle, const BSL_SecurityResponseSet_t *response_output)

Callback interface to finalize policy provider over the action set.

Finalize should ignore actions from different policy providers

◆ BSL_PolicyInspect_f

typedef int(* BSL_PolicyInspect_f) (void *user_data, BSL_SecurityActionSet_t *output_action_set, const BSL_BundleRef_t *bundle, BSL_PolicyLocation_e location)

Callback interface to query policy provider to populate the action set.

◆ BSL_SecCtx_Execute_f

typedef int(* BSL_SecCtx_Execute_f) (BSL_LibCtx_t *lib, BSL_BundleRef_t *bundle, const BSL_SecOper_t *sec_oper, BSL_SecOutcome_t *sec_outcome)

Signature for Security Context executor for a sec OP.

Parameters
[in]libThe library context.
[in,out]bundleThe bundle to modify.
[in]sec_operThe security operation to perform.
[in]asbFor verifier or acceptor, this is the existing ASB structure.
[in,out]sec_outcomeThe pre-allocated outcome to populate
Returns
0 if security operation performed successfully.

◆ BSL_SecCtx_Validate_f

typedef bool(* BSL_SecCtx_Validate_f) (BSL_LibCtx_t *lib, const BSL_BundleRef_t *bundle, const BSL_SecOper_t *sec_oper)

Signature for Security Context validator for a sec OP.

Parameters
[in]libThe library context.
[in]bundleThe bundle to inspect.
[in]sec_operThe security operation to perform.
Returns
True if security operation is deemed valid.

Enumeration Type Documentation

◆ BSL_BundleASBFlag_e

Flags of the Abstract Security Block [3].

Enumerator
BSL_ASB_FLAG_PARAMS 

Flag set when parameters are present.

◆ BSL_BundleBlockTypeCode_e

Block types using IANA-assigned code points from [8].

Enumerator
BSL_BLOCK_TYPE_PRIMARY 

Primary block ID (a special case)

BSL_BLOCK_TYPE_PAYLOAD 

Payload block.

BSL_BLOCK_TYPE_BUNDLE_AUTH 
BSL_BLOCK_TYPE_PAYLOAD_INTEGRITY 
BSL_BLOCK_TYPE_PAYLOAD_CONFIDENTIALITY 
BSL_BLOCK_TYPE_PREVIOUS_HOP_INSERTION 
BSL_BLOCK_TYPE_PREVIOUS_NODE 
BSL_BLOCK_TYPE_BUNDLE_AGE 
BSL_BLOCK_TYPE_METADATA_EXT 
BSL_BLOCK_TYPE_EXT_SECURITY 
BSL_BLOCK_TYPE_HOP_COUNT 
BSL_BLOCK_TYPE_BIB 

Block Integrity [8].

BSL_BLOCK_TYPE_BCB 

Block Confidentiality [8].

◆ BSL_BundleCtrlFlag_e

Bundle processing control flags.

Defined in Section 4.2.3 of RFC 9171 [6].

Enumerator
BSL_BUNDLE_IS_FRAGMENT 

Set if this bundle is a fragment.

◆ BSL_ErrCodes_e

Catalog of error code.

Note
BSL error codes are negative, such that a caller can check if (BSL_MyFunc(...) < 0) for errors.
Enumerator
BSL_SUCCESS 

Placeholder for non-error code.

BSL_ERR_FAILURE 

Uncategorized failed (prefer to avoid)

BSL_ERR_ARG_NULL 

Function pointer argument is NULL.

BSL_ERR_ARG_INVALID 

Function argument does not satisfy a given predicate.

BSL_ERR_PROPERTY_CHECK_FAILED 

The BSL of a structure within it is not in a valid state.

BSL_ERR_INSUFFICIENT_SPACE 

Insufficient space to complete.

BSL_ERR_NOT_IMPLEMENTED 

Requested functionality not yet implemented.

BSL_ERR_ENCODING 

CBOR encoding failure.

BSL_ERR_DECODING 

CBOR decoding failure.

BSL_ERR_NOT_FOUND 

Requested value not found for key.

BSL_ERR_BUNDLE_OPERATION_FAILED 

Bundle manipulation failed (add/remove or change BTSD)

BSL_ERR_SECURITY_OPERATION_FAILED 

Security operation failed (e.g., BIB did not have enough parameters)

BSL_ERR_HOST_CALLBACK_FAILED 

Callback to the host BPA returned a non-zero code.

BSL_ERR_POLICY_FAILED 

Policy Errors start at 100.

General error code for errors arising from a Policy Provider

BSL_ERR_POLICY_QUERY 

Error code for errors arising from Policy Provider query.

BSL_ERR_POLICY_FINAL 

Error code for errors arising from Policy Provider finalize.

BSL_ERR_POLICY_CONFIG 

Error code for errors arising from Policy Provider configuration.

BSL_ERR_SECURITY_CONTEXT_FAILED 

Security Context errors start at 200.

General error code for errors arising from a Security Context.

BSL_ERR_SECURITY_CONTEXT_PARTIAL_FAIL 

General code where at least some security operations failed.

BSL_ERR_SECURITY_CONTEXT_VALIDATION_FAILED 

Indicates security context validate failed.

BSL_ERR_SECURITY_CONTEXT_AUTH_FAILED 

Indicates an HMAC Auth failed.

BSL_ERR_SECURITY_CONTEXT_CRYPTO_FAILED 

Indicates a cryptographic operation failed (encrypt/decrypt)

◆ BSL_PolicyAction_e

Codes indicating the fate of a block if a security operation over it fails.

Enumerator
BSL_POLICYACTION_UNDEFINED 

Placeholder for zero - should never occur.

BSL_POLICYACTION_NOTHING 

Do nothing, keep the block even if it fails.

BSL_POLICYACTION_DROP_BLOCK 

Drop on the target block.

BSL_POLICYACTION_DROP_BUNDLE 

Drop the entire bundle.

◆ BSL_SecBlockType_e

RFC 9172-specified block type codes for BIB and BCB.

Todo:
Consider making an RFC9172 header file.
Enumerator
BSL_SECBLOCKTYPE_BIB 

RFC9172 code for BIB.

BSL_SECBLOCKTYPE_BCB 

RFC9172 code for BCB.

◆ BSL_SecRole_e

Security role of an operation.

Enumerator
BSL_SECROLE_SOURCE 

Source producing the security result.

BSL_SECROLE_VERIFIER 

Only check the security result.

BSL_SECROLE_ACCEPTOR 

Check and then remove the security result if correct.

Function Documentation

◆ BSL_AbsSecBlock_ContainsTarget()

bool BSL_AbsSecBlock_ContainsTarget ( const BSL_AbsSecBlock_t *  self,
uint64_t  target_block_num 
)

Returns true if a given ASB contains the given block number as a security target.

Parameters
[in]selfThis ASB.
[in]target_block_numID of a block, 0 indicates primary block
Returns
true if ASB contains target

References ASSERT_PRECONDITION, BSL_AbsSecBlock_IsConsistent(), and BSL_AbsSecBlock_Target_t::target_block_num.

Referenced by BSL_API_QuerySecurity(), and TestASBDecodeEncodeClosure().

◆ BSL_AbsSecBlock_DecodeFromCBOR()

int BSL_AbsSecBlock_DecodeFromCBOR ( BSL_AbsSecBlock_t *  self,
const BSL_Data_t buf 
)

◆ BSL_AbsSecBlock_Deinit()

void BSL_AbsSecBlock_Deinit ( BSL_AbsSecBlock_t *  self)

◆ BSL_AbsSecBlock_EncodeToCBOR()

ssize_t BSL_AbsSecBlock_EncodeToCBOR ( const BSL_AbsSecBlock_t *  self,
BSL_Data_t buf 
)

Encodes this ASB into a CBOR string into the space pre-allocated indicated by the argument.

Parameters
[in]selfThis ASB.
[in]bufA buffer with allocated space for the encoded CBOR or a zero-length buffer to calculate the needed size.
Returns
Integer contains number of bytes written to buffer, negative indicates error.

References BSL_AbsSecBlock_IsConsistent(), BSL_Data_Deinit(), BSL_Data_InitBuffer(), BSL_ERR_ENCODING, BSL_HostEID_EncodeToCBOR(), BSL_IdValPair_Encode(), BSL_LOG_DEBUG, BSL_LOG_ERR, BSL_LOG_PLAINTEXT_PTR, BSL_SUCCESS, buf, CHK_PRECONDITION, encoder, BSL_Data_t::len, BSL_Data_t::ptr, BSL_AbsSecBlock_Target_t::results, and BSL_AbsSecBlock_Target_t::target_block_num.

Referenced by Encode_ASB(), LLVMFuzzerTestOneInput(), and TestASBDecodeEncodeClosure().

◆ BSL_AbsSecBlock_FindResult()

const BSL_IdValPair_t * BSL_AbsSecBlock_FindResult ( BSL_AbsSecBlock_t *  self,
uint64_t  target_index,
uint64_t  result_id 
)

Search for a specific security result by its ID.

Parameters
[in,out]selfThis security block
target_indexThe target index in the block. This is not the block number, it is the zero-based index.
result_idThe result ID to search for.
Returns
Non-null pointer if the result is found.

◆ BSL_AbsSecBlock_GetContextID()

int64_t BSL_AbsSecBlock_GetContextID ( const BSL_AbsSecBlock_t *  self)

Get the security context ID from a security block.

Parameters
[in]selfThis ASB.
Returns
The context ID integer.

References ASSERT_ARG_NONNULL.

Referenced by TestASBDecodeEncodeClosure().

◆ BSL_AbsSecBlock_Init()

void BSL_AbsSecBlock_Init ( BSL_AbsSecBlock_t *  self)

◆ BSL_AbsSecBlock_IsConsistent()

bool BSL_AbsSecBlock_IsConsistent ( const BSL_AbsSecBlock_t *  self)

◆ BSL_AbsSecBlock_IsEmpty()

bool BSL_AbsSecBlock_IsEmpty ( const BSL_AbsSecBlock_t *  self)

Returns true if this ASB contains no operations (i.e., no targets and results)

Parameters
[in]selfThis ASB.
Returns
true if ASB is empty

References ASSERT_ARG_NONNULL.

Referenced by BSL_ExecBCBVerifierAcceptor(), and BSL_ExecBIBVerifierAcceptor().

◆ BSL_AbsSecBlock_Print()

void BSL_AbsSecBlock_Print ( const BSL_AbsSecBlock_t *  self)

Logs events exposing the ASB content at LOG DEBUG severity.

Parameters
[in]selfThis ASB

References BSL_IdValPair_Print(), BSL_LOG_DEBUG, BSL_AbsSecBlock_Target_t::results, and BSL_AbsSecBlock_Target_t::target_block_num.

◆ BSL_AbsSecBlock_Sizeof()

size_t BSL_AbsSecBlock_Sizeof ( void  )

Returns the size of the BSL_AbsSecBlock_s struct in bytes.

Returns
size of the struct

Referenced by BSL_API_QuerySecurity(), LLVMFuzzerTestOneInput(), TEST_CASE(), and TestASBDecodeEncodeClosure().

◆ BSL_AbsSecBlock_StripResults()

int BSL_AbsSecBlock_StripResults ( BSL_AbsSecBlock_t *  self,
uint64_t  target_block_num 
)

Remove security parameters and results found in outcome from this ASB.

Todo:
  • Can be backend-only.
Parameters
[in,out]selfThis ASB
[in]outcomeSecurity Operation outcome containing params and results
Returns
Negative on error, otherwise count of things removed.

References BSL_AbsSecBlock_IsConsistent(), CHK_POSTCONDITION, CHK_PRECONDITION, BSL_AbsSecBlock_Target_t::results, and BSL_AbsSecBlock_Target_t::target_block_num.

Referenced by BSL_ExecBCBVerifierAcceptor(), and BSL_ExecBIBVerifierAcceptor().

◆ BSL_BundleCtx_CreateBlock()

int BSL_BundleCtx_CreateBlock ( BSL_BundleRef_t bundle,
uint64_t  block_type_code,
uint64_t *  block_num 
)

Request the creation of a new block of a given type in the bundle.

Parameters
[in]bundleContext bundle
[in]block_type_codeThe type of block to be created (e.g, 1 means payload)
[out]block_numPointer to integer containing the number of the block just created.abort
Returns
0 on success, negative on error

References BSL_HostDescriptors_t::block_create_fn, BSL_ERR_HOST_CALLBACK_FAILED, BSL_SUCCESS, CHK_ARG_EXPR, CHK_ARG_NONNULL, CHK_PRECONDITION, and HostDescriptorTable.

Referenced by BSL_ExecBCBSource(), and BSL_ExecBIBSource().

◆ BSL_BundleCtx_DeleteBundle()

int BSL_BundleCtx_DeleteBundle ( BSL_BundleRef_t bundle,
BSL_ReasonCode_t  reason_code 
)

Requests dropping of bundle.

Parameters
[in]bundleContext bundle
[in]reason_codereason code indicating reason for bundle deletion
Returns
0 on success, negative on failure.

References BSL_ERR_HOST_CALLBACK_FAILED, BSL_SUCCESS, BSL_HostDescriptors_t::bundle_delete_fn, CHK_ARG_NONNULL, CHK_PRECONDITION, and HostDescriptorTable.

Referenced by BSLP_PolicyProvider_HandleFailures().

◆ BSL_BundleCtx_GetBlockMetadata()

int BSL_BundleCtx_GetBlockMetadata ( const BSL_BundleRef_t bundle,
uint64_t  block_num,
BSL_CanonicalBlock_t result_block 
)

Returns information about the bundle Canonical block.

Parameters
[in]bundleContext bundle
[in]block_numThe number of the bundle canonical block we seek information on
[out]result_blockPointer to allocated memory which contains the results of the query.
Returns
0 on success, negative on error

References BSL_HostDescriptors_t::block_metadata_fn, BSL_ERR_HOST_CALLBACK_FAILED, BSL_SUCCESS, CHK_ARG_EXPR, CHK_ARG_NONNULL, CHK_PRECONDITION, and HostDescriptorTable.

Referenced by BSL_API_QuerySecurity(), BSL_ExecAnySource_Post(), BSL_ExecAnyVerifierAcceptor_Pre(), BSL_ExecBIBSource(), BSLX_BCB_Execute(), BSLX_BCB_Init(), BSLX_BIB_Execute(), get_target_block_id(), n_test_BSL_6(), test_BSL_32(), TEST_CASE(), test_dyn_mem_cbs_BSL_32(), and test_RFC9173_AppendixA_Example4_Acceptor().

◆ BSL_BundleCtx_GetBundleMetadata()

int BSL_BundleCtx_GetBundleMetadata ( const BSL_BundleRef_t bundle,
BSL_PrimaryBlock_t result_primary_block 
)

◆ BSL_BundleCtx_ReadBTSD()

BSL_SeqReader_t * BSL_BundleCtx_ReadBTSD ( const BSL_BundleRef_t bundle,
uint64_t  block_num 
)

Construct a new sequential reader for BTSD content.

Parameters
[in]bundleContext bundle
[in]block_numThe unique block number for which BTSD will be read from.
Returns
Pointer to the new reader or NULL if some failure occurs.

References BSL_HostDescriptors_t::block_read_btsd_fn, and HostDescriptorTable.

Referenced by BSL_API_QuerySecurity(), BSL_ExecAnyVerifierAcceptor_Pre(), BSLX_BCB_Decrypt(), BSLX_BCB_Encrypt(), BSLX_BIB_GenIPPT(), and TEST_CASE().

◆ BSL_BundleCtx_ReallocBTSD()

int BSL_BundleCtx_ReallocBTSD ( BSL_BundleRef_t bundle,
uint64_t  block_num,
size_t  btsd_size 
)

Requests the re-allocation of a block's BTSD, useful for BCB.

Note
Uses semantics similar to memcpy().
Parameters
[in]bundleContext bundle
[in]block_numThe unique block number for which BTSD will be resized.
[in]btsd_sizeSize of new BTSD content.
Returns
0 on success, negative on failure.

References BSL_HostDescriptors_t::block_realloc_btsd_fn, BSL_HostDescriptors_t::block_remove_fn, BSL_ERR_HOST_CALLBACK_FAILED, BSL_SUCCESS, CHK_ARG_EXPR, CHK_ARG_NONNULL, CHK_PRECONDITION, and HostDescriptorTable.

◆ BSL_BundleCtx_RemoveBlock()

int BSL_BundleCtx_RemoveBlock ( BSL_BundleRef_t bundle,
uint64_t  block_num 
)

Requests the removal of a block from a bundle.

Parameters
[in]bundleContext bundle
[in]block_numBlock number to be removed
Returns
0 on success, negative on failure.

References BSL_HostDescriptors_t::block_remove_fn, BSL_ERR_HOST_CALLBACK_FAILED, BSL_SUCCESS, CHK_ARG_EXPR, CHK_ARG_NONNULL, CHK_PRECONDITION, and HostDescriptorTable.

Referenced by BSL_ExecBCBVerifierAcceptor(), BSL_ExecBIBVerifierAcceptor(), and BSLP_PolicyProvider_HandleFailures().

◆ BSL_BundleCtx_WriteBTSD()

BSL_SeqWriter_t * BSL_BundleCtx_WriteBTSD ( BSL_BundleRef_t bundle,
uint64_t  block_num,
size_t  btsd_size 
)

Construct a new sequential writer for BTSD content.

Parameters
[in]bundleContext bundle
[in]block_numThe unique block number for which BTSD will be overwritten.
btsd_sizeThe total total size of BTSD content that will be written. The actual sequence of writes must not exceed this total size or it will be considered an error. If the actual sequence of writes does not reach this size it should be zero-padded and logged as an anomaly.
Returns
Pointer to the new writer or NULL if some failure occurs.

References BSL_HostDescriptors_t::block_write_btsd_fn, and HostDescriptorTable.

Referenced by BSLX_BCB_Decrypt(), BSLX_BCB_Encrypt(), and Encode_ASB().

◆ BSL_ExecBCBSource()

◆ BSL_ExecBCBVerifierAcceptor()

◆ BSL_ExecBIBSource()

int BSL_ExecBIBSource ( BSL_SecCtx_Execute_f  sec_context_fn,
BSL_LibCtx_t *  lib,
BSL_BundleRef_t bundle,
BSL_SecOper_t *  sec_oper,
BSL_SecOutcome_t *  outcome 
)

◆ BSL_ExecBIBVerifierAcceptor()

◆ BSL_Host_GetSecSrcEID()

int BSL_Host_GetSecSrcEID ( BSL_HostEID_t eid)

Get the local EID used when this node is a security source.

Parameters
[out]eidThe EID to write into. This must already be initialized.
Returns
Zero if successful.
See also
BSL_ROLE_SOURCE

References CHK_ARG_NONNULL, CHK_PRECONDITION, BSL_HostDescriptors_t::get_sec_src_eid_fn, HostDescriptorTable, and BSL_HostDescriptors_t::user_data.

Referenced by BSL_ExecAnySource_Post().

◆ BSL_HostEID_DecodeFromCBOR()

int BSL_HostEID_DecodeFromCBOR ( const BSL_Data_t encoded_bytes,
BSL_HostEID_t eid 
)

Decode an EID from CBOR.

Parameters
[in]encoded_bytesCBOR encoded bytes
[in,out]eidThe value to decode into
Returns
0 on success

References CHK_ARG_NONNULL, CHK_PRECONDITION, BSL_HostDescriptors_t::eid_from_cbor, BSL_HostEID_t::handle, and HostDescriptorTable.

Referenced by BSL_AbsSecBlock_DecodeFromCBOR(), and LLVMFuzzerTestOneInput().

◆ BSL_HostEID_DecodeFromText()

int BSL_HostEID_DecodeFromText ( BSL_HostEID_t eid,
const char *  text 
)

Decode an EID from its text form.

Parameters
[out]eidThe EID to write into. This must already be initialized.
[in]textThe text to read from, which must be non-null.
Returns
Zero if successful.

References CHK_ARG_NONNULL, CHK_PRECONDITION, BSL_HostDescriptors_t::eid_from_text, BSL_HostEID_t::handle, HostDescriptorTable, and BSL_HostDescriptors_t::user_data.

Referenced by LLVMFuzzerTestOneInput(), main(), test_BSL_HostEID_DecodeFromText_invalid(), test_BSL_HostEID_DecodeFromText_ipn(), test_BSL_HostEID_DecodeFromText_valid(), test_BSL_HostEIDPattern_IsMatch(), test_bsl_mock_encode_bundle(), and test_bsl_mock_encode_primary().

◆ BSL_HostEID_Deinit()

◆ BSL_HostEID_EncodeToCBOR()

int BSL_HostEID_EncodeToCBOR ( const BSL_HostEID_t eid,
BSL_Data_t encoded_bytes 
)

Encode a EID into CBOR.

Parameters
[in]eidThe value to encode
[in,out]encoded_bytesCBOR encoded bytes
Returns
Zero if successful.

References CHK_ARG_NONNULL, BSL_HostDescriptors_t::eid_to_cbor, and HostDescriptorTable.

Referenced by BSL_AbsSecBlock_EncodeToCBOR(), bsl_mock_encode_eid_from_ctx(), and LLVMFuzzerTestOneInput().

◆ BSL_HostEID_Init()

◆ BSL_HostEIDPattern_DecodeFromText()

int BSL_HostEIDPattern_DecodeFromText ( BSL_HostEIDPattern_t pat,
const char *  text 
)

Decode an EID Pattern from its text form.

Parameters
[out]patThe pattern to write into. This must already be initialized.
[in]textThe text to read from, which must be non-null.
Returns
Zero if successful.

References CHK_ARG_NONNULL, CHK_PRECONDITION, BSL_HostDescriptors_t::eidpat_from_text, HostDescriptorTable, and BSL_HostDescriptors_t::user_data.

Referenced by BSL_TestUtils_GetEidPatternFromText(), BSLP_PolicyPredicate_InitFrom(), LLVMFuzzerTestOneInput(), test_BSL_HostEIDPattern_DecodeFromText_invalid(), test_BSL_HostEIDPattern_DecodeFromText_valid(), test_BSL_HostEIDPattern_IsMatch(), and TEST_CASE().

◆ BSL_HostEIDPattern_Deinit()

◆ BSL_HostEIDPattern_Init()

◆ BSL_HostEIDPattern_IsMatch()

bool BSL_HostEIDPattern_IsMatch ( const BSL_HostEIDPattern_t pat,
const BSL_HostEID_t eid 
)

Determine if an EID Pattern matches a specific EID.

Parameters
[in]patThe pattern to compare.
[in]eidThe EID to compare.
Returns
True if the EID is a match to the pattern.

References ASSERT_ARG_NONNULL, ASSERT_PRECONDITION, BSL_HostDescriptors_t::eidpat_match, HostDescriptorTable, and BSL_HostDescriptors_t::user_data.

Referenced by BSLP_PolicyPredicate_IsMatch(), and test_BSL_HostEIDPattern_IsMatch().

◆ BSL_IdValPair_Deinit()

◆ BSL_IdValPair_GetAsBytestr()

int BSL_IdValPair_GetAsBytestr ( const BSL_IdValPair_t *  self,
BSL_Data_t out 
)

Retrieve byte string value of a parameter.

Parameters
[in]selfThis Security Parameter
[out]outPointer to optional struct which will be made a view onto this parameter value. That view must not outlive this pair instance.
Returns
Negative on error.

References BSL_Data_InitView(), BSL_IdValPair_IsConsistent(), BSL_IDVALPAIR_TYPE_BYTESTR, BSL_SUCCESS, CHK_PRECONDITION, and CHK_PROPERTY.

Referenced by BSL_IdValPair_Encode(), BSL_IdValPair_Print(), BSLX_BCB_Execute(), BSLX_BCB_GetOptions(), BSLX_BIB_Execute(), BSLX_BIB_InitFromSecOper(), test_RFC9173_AppendixA_Example1_BIB_Source(), test_RFC9173_AppendixA_Example2_BCB_Source(), and test_sec_source_keywrap().

◆ BSL_IdValPair_GetAsInt64()

int BSL_IdValPair_GetAsInt64 ( const BSL_IdValPair_t *  self,
int64_t *  out 
)

Retrieve integer value of result when this result type is integer.

Parameters
[in]selfThis Security Parameter
[out]outThe optional value
Returns
Zero if the value is an integer.

References ASSERT_ARG_NONNULL, ASSERT_PRECONDITION, BSL_IDVALPAIR_TYPE_INT64, and BSL_SUCCESS.

Referenced by BSL_IdValPair_Encode(), BSLX_BCB_Execute(), BSLX_BCB_GetOptions(), BSLX_BIB_Execute(), and BSLX_BIB_InitFromSecOper().

◆ BSL_IdValPair_GetAsTextstr()

int BSL_IdValPair_GetAsTextstr ( const BSL_IdValPair_t *  self,
const char **  out 
)

Retrieve bytestring value of result when security parameter type is bytestring.

Warning
Always check type before using this.
Todo:
Clarify whether result contains copy or view of content
Parameters
[in]selfThis Security Parameter
[in,out]outPointer to optional string pointer for view onto this parameter value.
Returns
Negative on error.

References BSL_IdValPair_IsConsistent(), BSL_IDVALPAIR_TYPE_TEXTSTR, BSL_SUCCESS, CHK_PRECONDITION, and CHK_PROPERTY.

Referenced by BSL_IdValPair_Print(), BSLX_BCB_GetOptions(), and BSLX_BIB_InitFromSecOper().

◆ BSL_IdValPair_GetId()

uint64_t BSL_IdValPair_GetId ( const BSL_IdValPair_t *  self)

Get parameter ID of this param.

Parameters
[in]selfThis BPSec Param type
Returns
The parameter ID value

References ASSERT_PRECONDITION, and BSL_IdValPair_IsConsistent().

Referenced by BSLX_BCB_GetOptions(), BSLX_BIB_InitFromSecOper(), and test_SecurityContext_BIB_Verifier_Failure().

◆ BSL_IdValPair_Init()

void BSL_IdValPair_Init ( BSL_IdValPair_t *  self)

◆ BSL_IdValPair_InitSet()

void BSL_IdValPair_InitSet ( BSL_IdValPair_t *  self,
const BSL_IdValPair_t *  src 
)

Initialize to a copy of another value.

Parameters
[out]selfThe object to initialize.
[in]srcThe source of the copy.

References BSL_IdValPair_Init(), and BSL_IdValPair_Set().

◆ BSL_IdValPair_IsBytestr()

bool BSL_IdValPair_IsBytestr ( const BSL_IdValPair_t *  self)

Returns true when the value type is a byte string.

Parameters
[in]selfThis Security Parameter
Returns
True when value type is byte string.

References BSL_IDVALPAIR_TYPE_BYTESTR, and CHK_AS_BOOL.

Referenced by BSL_IdValPair_Encode(), BSL_IdValPair_Print(), and BSLX_BIB_Execute().

◆ BSL_IdValPair_IsConsistent()

bool BSL_IdValPair_IsConsistent ( const BSL_IdValPair_t *  self)

Return true if invariant conditions pass.

Parameters
[in]selfThis security parameter
Returns
true if valid, false otherwise.

References BSL_IDVALPAIR_TYPE_TEXTSTR, BSL_IDVALPAIR_TYPE_UNKNOWN, and CHK_AS_BOOL.

Referenced by BSL_IdValPair_GetAsBytestr(), BSL_IdValPair_GetAsTextstr(), BSL_IdValPair_GetId(), BSL_SecOper_AppendOption(), and BSL_SecOper_AppendParam().

◆ BSL_IdValPair_IsInt64()

bool BSL_IdValPair_IsInt64 ( const BSL_IdValPair_t *  self)

Returns true when the value type is an integer.

Parameters
[in]selfThis Security Parameter
Returns
True when value type is integer.

References BSL_IDVALPAIR_TYPE_INT64, and CHK_AS_BOOL.

Referenced by BSL_IdValPair_Encode(), and BSL_IdValPair_Print().

◆ BSL_IdValPair_IsTextstr()

bool BSL_IdValPair_IsTextstr ( const BSL_IdValPair_t *  self)

Returns true when the value type is a text string.

Parameters
[in]selfThis Security Parameter
Returns
True when value type is text string.

References BSL_IDVALPAIR_TYPE_TEXTSTR, and CHK_AS_BOOL.

Referenced by BSL_IdValPair_Print().

◆ BSL_IdValPair_Move()

void BSL_IdValPair_Move ( BSL_IdValPair_t *  self,
BSL_IdValPair_t *  src 
)

Move from another value.

The other value is left deinitialized.

Parameters
[in,out]selfThe object to overwrite.
[in]srcThe source of the copy.

References ASSERT_ARG_NONNULL, BSL_IdValPair_Deinit(), BSL_IDVALPAIR_TYPE_BYTESTR, BSL_IDVALPAIR_TYPE_INT64, BSL_IDVALPAIR_TYPE_RAW, BSL_IDVALPAIR_TYPE_TEXTSTR, and BSL_IDVALPAIR_TYPE_UNKNOWN.

Referenced by test_MultiplePolicyProviders(), and test_PolicyProvider_Inspect_RFC9173_BIB().

◆ BSL_IdValPair_Set()

void BSL_IdValPair_Set ( BSL_IdValPair_t *  self,
const BSL_IdValPair_t *  src 
)

Overwrite with a copy of another value.

Parameters
[in,out]selfThe object to overwrite.
[in]srcThe source of the copy.

References ASSERT_ARG_NONNULL, BSL_IdValPair_Deinit(), BSL_IDVALPAIR_TYPE_BYTESTR, BSL_IDVALPAIR_TYPE_INT64, BSL_IDVALPAIR_TYPE_RAW, BSL_IDVALPAIR_TYPE_TEXTSTR, and BSL_IDVALPAIR_TYPE_UNKNOWN.

Referenced by _setUp(), BSL_IdValPair_InitSet(), BSLP_RegisterPolicyFromBitstring(), BSLP_RegisterPolicyFromJSON(), and setUp().

◆ BSL_IdValPair_SetBytestr()

void BSL_IdValPair_SetBytestr ( BSL_IdValPair_t *  self,
uint64_t  param_id,
BSL_Data_t  value 
)

Initialize as a parameter containing a bytestring.

Parameters
[in,out]selfThis Security Parameter
[in]param_idID of the parameter
[in]valueView of bytes, which get copied into this Security Parameter.

References ASSERT_ARG_NONNULL, BSL_IdValPair_Deinit(), BSL_IDVALPAIR_TYPE_BYTESTR, BSL_Data_t::len, and BSL_Data_t::ptr.

Referenced by BSL_IdValPair_Decode(), BSLX_BCB_Execute(), BSLX_BIB_Execute(), and setUp().

◆ BSL_IdValPair_SetInt64()

◆ BSL_IdValPair_SetRaw()

void BSL_IdValPair_SetRaw ( BSL_IdValPair_t *  self,
uint64_t  param_id,
const void *  ptr,
size_t  len 
)

Initialize as a parameter containing raw encoded content.

Parameters
[in,out]selfThis Security Parameter
[in]param_idID of the parameter
[in]ptrThe stat of the data.
lenThe length to copy.

References ASSERT_ARG_NONNULL, BSL_IdValPair_Deinit(), and BSL_IDVALPAIR_TYPE_RAW.

Referenced by BSL_IdValPair_Decode().

◆ BSL_IdValPair_SetTextstr()

void BSL_IdValPair_SetTextstr ( BSL_IdValPair_t *  self,
uint64_t  param_id,
const char *  value 
)

◆ BSL_IdValPair_Sizeof()

size_t BSL_IdValPair_Sizeof ( void  )

Return size of BSL_IdValPair_s struct type.

Referenced by BSLP_InitParams_Init().

◆ BSL_Log_DumpAsHexString()

char * BSL_Log_DumpAsHexString ( char *  dstbuf,
size_t  dstlen,
const uint8_t *  srcbuf,
size_t  srclen 
)

Helper function to print the ASCII encoding of a given byte stream to a given target buffer.

Todo:
  • Can be moved to backend.
Parameters
dstbufPointer to a buffer where the C string should go.
dstlenThe length in bytes of dstbuf
srcbufPointer to the buffer containing the byte stream to be printed.
srclenThe length in bytes of srcbuf.
Returns
A copy of dstbuf.

References ASSERT_ARG_NONNULL.

Referenced by BSL_IdValPair_Print(), BSL_TestUtils_PrintHexToBuffer(), test_RFC9173_AppendixA_Example2_BCB_Acceptor(), test_RFC9173_AppendixA_Example2_BCB_Source(), test_sec_accept_keyunwrap(), and test_sec_source_keywrap().

◆ BSL_LogEvent()

void BSL_LogEvent ( int  severity,
const char *  filename,
int  lineno,
const char *  funcname,
const char *  format,
  ... 
)

Log an event.

Parameters
severityThe severity from a subset of the POSIX syslog values.
[in]filenameThe originating file name, which may include directory parts.
[in]linenoThe originating file line number.
[in]funcnameThe originating function name.
[in]formatThe log message format string.
...Values for the format string.

References BSL_LogIsEnabledFor(), HostDescriptorTable, BSL_HostDescriptors_t::log_event, and log_sev_names.

◆ BSL_LogIsEnabledFor()

bool BSL_LogIsEnabledFor ( int  severity)

Determine if a particular severity is being logged.

This function is multi-thread safe.

Parameters
severityThe severity from a subset of the POSIX syslog values.
Returns
True if the severity level will be logged.
See also
BSL_log_set_least_severity()

References HostDescriptorTable, and BSL_HostDescriptors_t::log_is_enabled_for.

Referenced by BSL_LogEvent().

◆ BSL_PolicyRegistry_FinalizeActions()

int BSL_PolicyRegistry_FinalizeActions ( const BSL_LibCtx_t *  bsl,
const BSL_SecurityActionSet_t *  policy_actions,
BSL_BundleRef_t bundle,
const BSL_SecurityResponseSet_t *  response_output 
)

Finalizes policy provider for sec ops & sec results for a bundle.

Note
Currently the implementation is such that the Policy Provider callback handles the policy action on failure that is stored in the the Security Operations in the Action Set. As such, the backend and Security Context do not use the policy action field of the BSL_SecOper_s and the Policy Provider is the sole executor of policy actions regarding failures.
Parameters
[in]bslBSL library context
[in]policy_actionsA policy action set, which may contain error codes and other info. [Zeroed, pre-allocated and memory owned by caller] Caller-allocated, zeroed space for action set
[in,out]bundleBundle seeking security operations
[in]response_outputresults from security context
[in]locationWhere in the BPA lifecycle this query arises from
Returns
0 if success

References bsl, BSL_ERR_POLICY_FINAL, BSL_SecurityActionSet_CountActions(), BSL_SUCCESS, CHK_ARG_NONNULL, and policy.

Referenced by BSL_API_ApplySecurity(), and test_MultiplePolicyProviders().

◆ BSL_PolicyRegistry_InspectActions()

int BSL_PolicyRegistry_InspectActions ( const BSL_LibCtx_t *  bsl,
BSL_SecurityActionSet_t *  output_action_set,
const BSL_BundleRef_t bundle,
BSL_PolicyLocation_e  location 
)

Queries the policy provider for any security operations to take on the bundle.

Note
The caller is obligated to allocate space for the policy_action_set output. This memory must be zeroed before being passed, doing otherwise will raise an assertion.
Parameters
[in]bslBSL library context
[out]output_action_setpolicy action set, which may contain error codes and other info. [Zeroed, pre-allocated and memory owned by caller] Caller-allocated, zeroed space for action set
[in,out]bundleBundle seeking security operations
[in]locationWhere in the BPA lifecycle this query arises from
Returns
0 if success

References bsl, BSL_ERR_POLICY_FINAL, BSL_LOG_INFO, BSL_SecurityActionSet_CountActions(), BSL_SUCCESS, CHK_ARG_NONNULL, and policy.

Referenced by BSL_API_QuerySecurity(), test_MultiplePolicyProviders(), test_PolicyProvider_Inspect_RFC9173_BIB(), test_PolicyProvider_InspectEmptyRuleset(), and test_PolicyProvider_InspectSingleBIBRuleset().

◆ BSL_SecCtx_ExecutePolicyActionSet()

int BSL_SecCtx_ExecutePolicyActionSet ( BSL_LibCtx_t *  lib,
BSL_SecurityResponseSet_t *  output_response,
BSL_BundleRef_t bundle,
const BSL_SecurityActionSet_t *  action_set 
)

Call the underlying security context to perform the given action.

Parameters
[in]libThis BSL context
[out]output_responsePointer to allocated, zeroed memory into which the response is populated
[in,out]bundlePointer to bundle, which may be modified.
[in]action_setAction containing all params and operations.
Returns
0 on success, negative on failure.

Notes:

  • It should evaluate every security operation, even if earlier ones failed.
  • The outcome can indicate in the policy action response how exactly it fared (pass, fail, etc)
  • BCB will be a special case, since it actively manipulates the BTSD

References action_set, ASSERT_PROPERTY, BSL_calloc(), BSL_ExecBCBSource(), BSL_ExecBCBVerifierAcceptor(), BSL_ExecBIBSource(), BSL_ExecBIBVerifierAcceptor(), BSL_free(), BSL_LOG_ERR, BSL_LOG_INFO, BSL_REASONCODE_FAILED_SECOP, BSL_REASONCODE_NO_ADDITIONAL_INFO, BSL_SECOP_CONCLUSION_FAILURE, BSL_SECOP_CONCLUSION_SUCCESS, BSL_SecOper_GetReasonCode(), BSL_SecOper_IsBIB(), BSL_SecOper_IsRoleSource(), BSL_SecOper_SetConclusion(), BSL_SecOper_SetReasonCode(), BSL_SecOutcome_Deinit(), BSL_SecOutcome_Init(), BSL_SecOutcome_Sizeof(), BSL_SecurityAction_CountSecOpers(), BSL_SecurityAction_GetSecOperAtIndex(), BSL_SecurityActionSet_IsConsistent(), BSL_SecurityResponseSet_AppendResult(), BSL_SUCCESS, CHK_ARG_NONNULL, and CHK_PRECONDITION.

Referenced by BSL_API_ApplySecurity(), test_RFC9173_AppendixA_Example3_Acceptor(), test_RFC9173_AppendixA_Example3_Source(), test_RFC9173_AppendixA_Example4_Acceptor(), test_RFC9173_AppendixA_Example4_Source(), test_SecurityContext_BIB_Acceptor(), test_SecurityContext_BIB_Source(), test_SecurityContext_BIB_Verifier(), and test_SecurityContext_BIB_Verifier_Failure().

◆ BSL_SecCtx_ValidatePolicyActionSet()

bool BSL_SecCtx_ValidatePolicyActionSet ( BSL_LibCtx_t *  lib,
const BSL_BundleRef_t bundle,
const BSL_SecurityActionSet_t *  action_set 
)

Validate policy action set.

Parameters
[in]libThis BSL context
[in,out]bundlePointer to bundle, which may be modified.
[in]action_setAction containing all params and operations.
Returns
true on success, false on failure.

References action_set.

Referenced by BSL_API_QuerySecurity().

◆ BSL_SecOper_AppendOption()

◆ BSL_SecOper_AppendParam()

void BSL_SecOper_AppendParam ( BSL_SecOper_t *  self,
const BSL_IdValPair_t *  param 
)

Add the given security parameter to this operation manually.

Warning
This is for internal testing only, parameters normally come from the input ASB.
Parameters
[in,out]selfThis security operation
[in]paramSecurity parameter to include.

References ASSERT_ARG_EXPR, ASSERT_POSTCONDITION, ASSERT_PRECONDITION, BSL_IdValPair_IsConsistent(), and BSL_SecOper_IsConsistent().

◆ BSL_SecOper_CountOptions()

size_t BSL_SecOper_CountOptions ( const BSL_SecOper_t *  self)

Get the count of parameters contained within this security operation.

Parameters
selfThis security operation.
Returns
Count of security parameters.

References ASSERT_PRECONDITION, and BSL_SecOper_IsConsistent().

Referenced by test_PolicyProvider_Inspect_RFC9173_BIB().

◆ BSL_SecOper_Deinit()

void BSL_SecOper_Deinit ( BSL_SecOper_t *  self)

Empty and release any resources used internally by this structure.

Certain backend implementations may create dynamic data structures that may need to be cleaned up, so it is essential to call this under all circumstances.

Parameters
[in,out]selfNon-NULL pointer to this security operation

References ASSERT_ARG_NONNULL.

Referenced by BCBTestContext_Deinit(), BIBTestContext_Deinit(), BSLP_QueryPolicy(), and test_SamplePolicyProvider_WildcardPolicyRuleVerifiesBIB().

◆ BSL_SecOper_FindOption()

const BSL_IdValPair_t * BSL_SecOper_FindOption ( const BSL_SecOper_t *  self,
uint64_t  option_id 
)

Returns a pointer to the Security Parameter at a given index in the list of all parameters.

Parameters
[in]selfThis security operation
option_idThe internal option ID value to search for.
Returns
Pointer to security parameter if found, otherwise NULL.

References ASSERT_PRECONDITION, and BSL_SecOper_IsConsistent().

Referenced by BSLX_BCB_GetOptions(), and BSLX_BIB_InitFromSecOper().

◆ BSL_SecOper_FindParam()

const BSL_IdValPair_t * BSL_SecOper_FindParam ( const BSL_SecOper_t *  self,
uint64_t  param_id 
)

Returns a pointer to the Security Parameter at a given index in the list of all parameters.

Parameters
[in]selfThis security operation
param_idThe parameter ID value to search for.
Returns
Pointer to security parameter if found, otherwise NULL.

References ASSERT_PRECONDITION, and BSL_SecOper_IsConsistent().

Referenced by BSLX_BCB_Execute(), and BSLX_BIB_Execute().

◆ BSL_SecOper_FindResult()

const BSL_IdValPair_t * BSL_SecOper_FindResult ( const BSL_SecOper_t *  self,
uint64_t  param_id 
)

Returns a pointer to the Security Parameter at a given index in the list of all parameters.

Parameters
[in]selfThis security operation
[in]indexIndex of security parameter list to retrieve from
Returns
Pointer to security result if found, otherwise NULL.

References ASSERT_PRECONDITION, and BSL_SecOper_IsConsistent().

Referenced by BSLX_BCB_Execute(), and BSLX_BIB_Execute().

◆ BSL_SecOper_GetConclusion()

BSL_SecOper_ConclusionState_e BSL_SecOper_GetConclusion ( const BSL_SecOper_t *  self)

Retrieve the conclusion state of a security operation.

Parameters
[in]selfThe security operation
Returns
the conclusion state

References ASSERT_PRECONDITION, and BSL_SecOper_IsConsistent().

Referenced by BSL_API_ApplySecurity(), BSLP_FinalizePolicy(), test_BSL_32(), TEST_CASE(), and test_dyn_mem_cbs_BSL_32().

◆ BSL_SecOper_GetPolicyAction()

BSL_PolicyAction_e BSL_SecOper_GetPolicyAction ( const BSL_SecOper_t *  self)

Retrieve the policy action of a security operation.

Parameters
[in]selfThe security operation
Returns
the policy action

References ASSERT_PRECONDITION, and BSL_SecOper_IsConsistent().

Referenced by BSLP_PolicyProvider_HandleFailures().

◆ BSL_SecOper_GetReasonCode()

BSL_ReasonCode_t BSL_SecOper_GetReasonCode ( const BSL_SecOper_t *  self)

Get security operation reason code.

Parameters
[in]selfthe security operation
Returns
the reason code of the security operation

References ASSERT_PRECONDITION, and BSL_SecOper_IsConsistent().

Referenced by BSL_SecCtx_ExecutePolicyActionSet(), and BSLP_PolicyProvider_HandleFailures().

◆ BSL_SecOper_GetSecurityBlockNum()

uint64_t BSL_SecOper_GetSecurityBlockNum ( const BSL_SecOper_t *  self)

Get the block number of the security block containing this sec operation.

Parameters
[in]selfThis security operation

References ASSERT_PRECONDITION, and BSL_SecOper_IsConsistent().

Referenced by BSLP_QueryPolicy(), BSLX_BCB_Execute(), and BSLX_BIB_Execute().

◆ BSL_SecOper_GetTargetBlockNum()

uint64_t BSL_SecOper_GetTargetBlockNum ( const BSL_SecOper_t *  self)

Get the block number of the target block covered by this security operation.

Parameters
[in]selfThis security operation

References ASSERT_PRECONDITION, and BSL_SecOper_IsConsistent().

Referenced by BSL_ExecBCBVerifierAcceptor(), BSL_ExecBIBVerifierAcceptor(), BSLP_PolicyProvider_HandleFailures(), BSLP_QueryPolicy(), BSLX_BCB_Execute(), BSLX_BCB_Init(), and BSLX_BIB_Execute().

◆ BSL_SecOper_Init()

◆ BSL_SecOper_InitSet()

void BSL_SecOper_InitSet ( BSL_SecOper_t *  self,
const BSL_SecOper_t *  src 
)

Initialize from a copy.

Parameters
[in,out]selfNon-NULL pointer to this security operation
[in]srcNon-NULL pointer to this source to copy from.

References ASSERT_ARG_NONNULL, ASSERT_POSTCONDITION, and BSL_SecOper_IsConsistent().

◆ BSL_SecOper_IsBIB()

bool BSL_SecOper_IsBIB ( const BSL_SecOper_t *  self)

Return true if this security operation is BIB.

Parameters
[in]selfThis security operation
Returns
boolean

References ASSERT_PRECONDITION, BSL_SECBLOCKTYPE_BIB, and BSL_SecOper_IsConsistent().

Referenced by BSL_SecCtx_ExecutePolicyActionSet(), BSLP_QueryPolicy(), and test_SamplePolicyProvider_WildcardPolicyRuleVerifiesBIB().

◆ BSL_SecOper_IsConsistent()

◆ BSL_SecOper_IsRoleAcceptor()

bool BSL_SecOper_IsRoleAcceptor ( const BSL_SecOper_t *  self)

Return true if this security operation's role is Acceptor.

Parameters
[in]selfThis Security Operation
Returns
boolean

References ASSERT_PRECONDITION, BSL_SecOper_IsConsistent(), and BSL_SECROLE_ACCEPTOR.

Referenced by BSLX_BCB_Execute().

◆ BSL_SecOper_IsRoleSource()

bool BSL_SecOper_IsRoleSource ( const BSL_SecOper_t *  self)

Return true if this security operation's role is SOURCE.

Parameters
[in]selfThis Security Operation
Returns
boolean

References ASSERT_PRECONDITION, BSL_SecOper_IsConsistent(), and BSL_SECROLE_SOURCE.

Referenced by BSL_SecCtx_ExecutePolicyActionSet(), BSLP_QueryPolicy(), BSLX_BCB_Init(), and BSLX_BIB_InitFromSecOper().

◆ BSL_SecOper_IsRoleVerifier()

bool BSL_SecOper_IsRoleVerifier ( const BSL_SecOper_t *  self)

Return true if this security operation's role is Verifier.

Parameters
[in]selfThis Security Operation
Returns
boolean

References ASSERT_PRECONDITION, BSL_SecOper_IsConsistent(), and BSL_SECROLE_VERIFIER.

Referenced by BSL_ExecBCBVerifierAcceptor(), and BSL_ExecBIBVerifierAcceptor().

◆ BSL_SecOper_Populate()

void BSL_SecOper_Populate ( BSL_SecOper_t *  self,
int64_t  context_id,
uint64_t  target_block_num,
uint64_t  sec_block_num,
BSL_SecBlockType_e  sec_type,
BSL_SecRole_e  sec_role,
BSL_PolicyAction_e  policy_action 
)

Populate an initialized Security Operation with the given values.

Parameters
[in,out]selfNon-NULL pointer to this security operation.
[in]context_idID of the security context
[in]target_block_numBlock ID of security target block
[in]sec_block_numBlock ID of security block.
[in]sec_typeMember of BSL_SecBlockType_e enum indicating BIB or BCB
[in]sec_roleMember of BSL_SecRole_e enum indicating role.
[in]policy_actionMember of BSL_PolicyAction_e enum indicating failure policy

References ASSERT_ARG_NONNULL, ASSERT_POSTCONDITION, BSL_REASONCODE_NO_ADDITIONAL_INFO, BSL_SECOP_CONCLUSION_PENDING, and BSL_SecOper_IsConsistent().

Referenced by BSL_TestUtils_InitBCB_Appendix2(), BSL_TestUtils_InitBIB_AppendixA1(), BSLP_PolicyRule_EvaluateAsSecOper(), test_RFC9173_AppendixA_Example3_Acceptor(), test_RFC9173_AppendixA_Example3_Source(), test_RFC9173_AppendixA_Example4_Acceptor(), test_RFC9173_AppendixA_Example4_Source(), test_sec_accept_keyunwrap(), and test_sec_source_keywrap().

◆ BSL_SecOper_Set()

void BSL_SecOper_Set ( BSL_SecOper_t *  self,
const BSL_SecOper_t *  src 
)

Set from a copy.

Parameters
[in,out]selfNon-NULL pointer to this security operation
[in]srcNon-NULL pointer to this source to copy from.

References ASSERT_POSTCONDITION, ASSERT_PRECONDITION, and BSL_SecOper_IsConsistent().

◆ BSL_SecOper_SetConclusion()

void BSL_SecOper_SetConclusion ( BSL_SecOper_t *  self,
BSL_SecOper_ConclusionState_e  new_conclusion 
)

Set the security operation conclusion state.

Parameters
[in,out]selfsecurity operation to change conclusion state of
[in]new_conclusionnew conclusion to set to

References ASSERT_POSTCONDITION, ASSERT_PRECONDITION, and BSL_SecOper_IsConsistent().

Referenced by BSL_SecCtx_ExecutePolicyActionSet(), and BSLP_QueryPolicy().

◆ BSL_SecOper_SetReasonCode()

void BSL_SecOper_SetReasonCode ( BSL_SecOper_t *  self,
BSL_ReasonCode_t  new_reason_code 
)

Set the security operation reason code.

Parameters
[in,out]selfsecurity operation to change reason code of
[in]new_reason_codenew reason code to set to

References ASSERT_POSTCONDITION, ASSERT_PRECONDITION, and BSL_SecOper_IsConsistent().

Referenced by BSL_API_QuerySecurity(), and BSL_SecCtx_ExecutePolicyActionSet().

◆ BSL_SecOper_Sizeof()

size_t BSL_SecOper_Sizeof ( void  )

Referenced by BSLP_QueryPolicy().

◆ BSL_SecOutcome_AppendParam()

BSL_IdValPair_t * BSL_SecOutcome_AppendParam ( BSL_SecOutcome_t *  self)

Append a Security Parameter to this outcome.

Parameters
[in,out]selfNon-NULL pointer to this security outcome.
Returns
Non-NULL pointer to the initialized security parameter.

References ASSERT_PRECONDITION, and BSL_SecOutcome_IsConsistent().

Referenced by BSLX_BCB_Execute(), and BSLX_BIB_Execute().

◆ BSL_SecOutcome_AppendResult()

BSL_IdValPair_t * BSL_SecOutcome_AppendResult ( BSL_SecOutcome_t *  self)

Append a Security Result to this outcome.

Parameters
[in,out]selfNon-NULL pointer to this security outcome.
Returns
Non-NULL pointer to security result just appended.

References ASSERT_PRECONDITION, and BSL_SecOutcome_IsConsistent().

Referenced by BSLX_BCB_Execute(), and BSLX_BIB_Execute().

◆ BSL_SecOutcome_CountParams()

size_t BSL_SecOutcome_CountParams ( const BSL_SecOutcome_t *  self)

Returns number of parameters in this outcome.

Parameters
[in]selfThis outcome
Returns
Number of parameters

References ASSERT_PRECONDITION, and BSL_SecOutcome_IsConsistent().

Referenced by test_sec_source_keywrap().

◆ BSL_SecOutcome_CountResults()

size_t BSL_SecOutcome_CountResults ( const BSL_SecOutcome_t *  self)

Get the number of results.

Parameters
[in]selfthis sec outcome
Returns
number of results in sec outcome

References ASSERT_PRECONDITION, and BSL_SecOutcome_IsConsistent().

Referenced by test_RFC9173_AppendixA_Example1_BIB_Source(), test_RFC9173_AppendixA_Example2_BCB_Acceptor(), test_RFC9173_AppendixA_Example2_BCB_Source(), and test_sec_source_keywrap().

◆ BSL_SecOutcome_Deinit()

void BSL_SecOutcome_Deinit ( BSL_SecOutcome_t *  self)

◆ BSL_SecOutcome_GetParamAt()

const BSL_IdValPair_t * BSL_SecOutcome_GetParamAt ( const BSL_SecOutcome_t *  self,
size_t  index 
)

Get the security parameter from the security outcome at the provided index.

Parameters
[in]selfsecurity outcome
[in]indexindex to retrieve security parameter from
Returns
Security parameter

References ASSERT_PRECONDITION, and BSL_SecOutcome_IsConsistent().

Referenced by test_sec_source_keywrap().

◆ BSL_SecOutcome_GetResultAtIndex()

const BSL_IdValPair_t * BSL_SecOutcome_GetResultAtIndex ( const BSL_SecOutcome_t *  self,
size_t  index 
)

Get the result at index i.

Panics if i is out of range.

Parameters
[in]selfThis outcome
[in]indexIndex in the list to retrieve
Returns
Sec Result at index

References ASSERT_PRECONDITION, and BSL_SecOutcome_IsConsistent().

Referenced by test_RFC9173_AppendixA_Example1_BIB_Source(), test_RFC9173_AppendixA_Example2_BCB_Source(), and test_sec_source_keywrap().

◆ BSL_SecOutcome_Init()

void BSL_SecOutcome_Init ( BSL_SecOutcome_t *  self,
const BSL_SecOper_t *  sec_oper 
)

Populate a pre-allocated security outcome struct.

Parameters
[in,out]selfNon-Null pointer to this security outcome.
[in]sec_operSecurity operation containing the necessary info.

References ASSERT_ARG_NONNULL, ASSERT_POSTCONDITION, ASSERT_PRECONDITION, BSL_SecOper_IsConsistent(), and BSL_SecOutcome_IsConsistent().

Referenced by BSL_SecCtx_ExecutePolicyActionSet(), test_RFC9173_AppendixA_Example1_BIB_Source(), test_RFC9173_AppendixA_Example2_BCB_Acceptor(), test_RFC9173_AppendixA_Example2_BCB_Source(), test_sec_accept_keyunwrap(), and test_sec_source_keywrap().

◆ BSL_SecOutcome_IsConsistent()

bool BSL_SecOutcome_IsConsistent ( const BSL_SecOutcome_t *  self)

◆ BSL_SecOutcome_Sizeof()

◆ BSL_SecurityAction_AppendSecOper()

int BSL_SecurityAction_AppendSecOper ( BSL_SecurityAction_t *  self,
BSL_SecOper_t *  sec_oper 
)

Add security operation to security action.

Parameters
[in,out]selfaction to add security operation to
[in,out]sec_opernew security operation to add and move from.
Returns
0 if successful

References ASSERT_ARG_NONNULL, and BSL_SUCCESS.

Referenced by BSL_TestUtils_InitMallocBIBActionSet(), BSLP_QueryPolicy(), test_RFC9173_AppendixA_Example3_Acceptor(), test_RFC9173_AppendixA_Example3_Source(), test_RFC9173_AppendixA_Example4_Acceptor(), and test_RFC9173_AppendixA_Example4_Source().

◆ BSL_SecurityAction_CountErrors()

size_t BSL_SecurityAction_CountErrors ( const BSL_SecurityAction_t *  self)

Returns count of failures after processing this action.

Parameters
[in]selfPointer to this security action.
Returns
Count of errors.

References ASSERT_ARG_NONNULL.

◆ BSL_SecurityAction_CountSecOpers()

◆ BSL_SecurityAction_Deinit()

void BSL_SecurityAction_Deinit ( BSL_SecurityAction_t *  self)

◆ BSL_SecurityAction_GetPPID()

uint64_t BSL_SecurityAction_GetPPID ( const BSL_SecurityAction_t *  self)

Returns Policy Provider ID of.

Parameters
[in]selfaction

References ASSERT_ARG_NONNULL.

Referenced by BSLP_FinalizePolicy().

◆ BSL_SecurityAction_GetSecOperAtIndex()

BSL_SecOper_t * BSL_SecurityAction_GetSecOperAtIndex ( const BSL_SecurityAction_t *  self,
size_t  index 
)

◆ BSL_SecurityAction_IncrError()

void BSL_SecurityAction_IncrError ( BSL_SecurityAction_t *  self)

Increment a security failure for this action set.

Parameters
[in,out]selfPointer to this security action set.

References ASSERT_ARG_NONNULL.

Referenced by BSLP_QueryPolicy().

◆ BSL_SecurityAction_Init()

void BSL_SecurityAction_Init ( BSL_SecurityAction_t *  self)

◆ BSL_SecurityAction_InitSet()

void BSL_SecurityAction_InitSet ( BSL_SecurityAction_t *  self,
const BSL_SecurityAction_t *  src 
)

Initialize from a copy.

Parameters
[out]selfsecurity action
[in]srcThe source of the copy.

References ASSERT_ARG_NONNULL.

◆ BSL_SecurityAction_IsConsistent()

bool BSL_SecurityAction_IsConsistent ( const BSL_SecurityAction_t *  self)
Returns
true if security action
Parameters
selfis consistent

◆ BSL_SecurityAction_OrderSecOps()

int BSL_SecurityAction_OrderSecOps ( BSL_SecurityAction_t *  self)

Order the Security operations such that execution will be successful.

Parameters
[in,out]selfaction to sort

◆ BSL_SecurityAction_Set()

void BSL_SecurityAction_Set ( BSL_SecurityAction_t *  self,
const BSL_SecurityAction_t *  src 
)

Set from a copy.

References ASSERT_ARG_NONNULL.

◆ BSL_SecurityAction_Sizeof()

◆ BSL_SecurityActionSet_AppendAction()

int BSL_SecurityActionSet_AppendAction ( BSL_SecurityActionSet_t *  self,
const BSL_SecurityAction_t *  action 
)

Append a security operation to the security action set.

Parameters
[in,out]selfThis security action set.
[in]actionAction to include.
Returns
0 on success, negative on error

References ASSERT_ARG_NONNULL, BSL_SecurityAction_CountSecOpers(), and BSL_SUCCESS.

Referenced by BSL_TestUtils_InitMallocBIBActionSet(), BSLP_QueryPolicy(), test_RFC9173_AppendixA_Example3_Acceptor(), test_RFC9173_AppendixA_Example3_Source(), test_RFC9173_AppendixA_Example4_Acceptor(), and test_RFC9173_AppendixA_Example4_Source().

◆ BSL_SecurityActionSet_CountActions()

size_t BSL_SecurityActionSet_CountActions ( const BSL_SecurityActionSet_t *  self)

Count number of security operations present in this policy action set.

Parameters
[in]selfThis action set.
Returns
Number of actions, 0 indicates no policy matched.

References ASSERT_ARG_NONNULL.

Referenced by BSL_PolicyRegistry_FinalizeActions(), BSL_PolicyRegistry_InspectActions(), BSLP_FinalizePolicy(), test_BSL_32(), TEST_CASE(), test_dyn_mem_cbs_BSL_32(), test_MultiplePolicyProviders(), test_PolicyProvider_InspectEmptyRuleset(), and test_PolicyProvider_InspectSingleBIBRuleset().

◆ BSL_SecurityActionSet_CountErrors()

size_t BSL_SecurityActionSet_CountErrors ( const BSL_SecurityActionSet_t *  self)

Returns count of failures after processing this action set.

Parameters
[in]selfPointer to this security action set.
Returns
Count of errors.

References ASSERT_ARG_NONNULL.

Referenced by BSLP_QueryPolicy().

◆ BSL_SecurityActionSet_CountOperations()

size_t BSL_SecurityActionSet_CountOperations ( const BSL_SecurityActionSet_t *  self)
Returns
the total number of operations within each of the actions of
Parameters
selfaction set

References ASSERT_ARG_NONNULL.

Referenced by test_BSL_32(), TEST_CASE(), and test_dyn_mem_cbs_BSL_32().

◆ BSL_SecurityActionSet_Deinit()

◆ BSL_SecurityActionSet_GetActionAtIndex()

const BSL_SecurityAction_t * BSL_SecurityActionSet_GetActionAtIndex ( const BSL_SecurityActionSet_t *  self,
size_t  index 
)

Returns the Security Operation at the given index.

Parameters
[in]selfThis action set
[in]indexindex
Returns
pointer to action at given index, asserting false if not in bound

References ASSERT_ARG_NONNULL.

Referenced by BSLP_FinalizePolicy(), n_test_BSL_6(), test_BSL_32(), TEST_CASE(), test_dyn_mem_cbs_BSL_32(), test_MultiplePolicyProviders(), test_PolicyProvider_Inspect_RFC9173_BIB(), test_PolicyProvider_InspectEmptyRuleset(), test_PolicyProvider_InspectSingleBIBRuleset(), and test_SecurityContext_BIB_Verifier_Failure().

◆ BSL_SecurityActionSet_Init()

void BSL_SecurityActionSet_Init ( BSL_SecurityActionSet_t *  self)

◆ BSL_SecurityActionSet_IsConsistent()

bool BSL_SecurityActionSet_IsConsistent ( const BSL_SecurityActionSet_t *  self)

Return true if internal sanity and consistency checks pass.

Parameters
[in]selfThis action set.
Returns
true if action set is consistent

Referenced by BSL_SecCtx_ExecutePolicyActionSet(), and BSLP_QueryPolicy().

◆ BSL_SecurityActionSet_Sizeof()

size_t BSL_SecurityActionSet_Sizeof ( void  )

◆ BSL_SecurityResponseSet_AppendResult()

void BSL_SecurityResponseSet_AppendResult ( BSL_SecurityResponseSet_t *  self,
int64_t  result,
BSL_PolicyAction_e  policy_action 
)

Append a result code to the security response set.

Parameters
[in,out]selfthe response set to append result to
[in]resultthe result code to append
[in]policy_actionthe on-failure policy action associated with the response

References ASSERT_ARG_NONNULL.

Referenced by BSL_SecCtx_ExecutePolicyActionSet().

◆ BSL_SecurityResponseSet_CountResponses()

size_t BSL_SecurityResponseSet_CountResponses ( const BSL_SecurityResponseSet_t *  self)

Return number of responses (operations acted upon)

Parameters
[in]selfThis response set.

References ASSERT_PRECONDITION, and BSL_SecurityResponseSet_IsConsistent().

Referenced by test_RFC9173_AppendixA_Example3_Source().

◆ BSL_SecurityResponseSet_Deinit()

◆ BSL_SecurityResponseSet_Init()

void BSL_SecurityResponseSet_Init ( BSL_SecurityResponseSet_t *  self)

Initialize with the given count of operations and failures.

References ASSERT_ARG_NONNULL.

Referenced by MockBPA_Agent_process(), n_test_BSL_6(), test_BSL_32(), TEST_CASE(), test_dyn_mem_cbs_BSL_32(), and test_RFC9173_AppendixA_Example3_Source().

◆ BSL_SecurityResponseSet_IsConsistent()

bool BSL_SecurityResponseSet_IsConsistent ( const BSL_SecurityResponseSet_t *  self)

Return true if internal consistency checks pass.

Parameters
[in]selfThis response set.

References ASSERT_PROPERTY, and CHK_AS_BOOL.

Referenced by BSL_SecurityResponseSet_CountResponses(), and BSL_SecurityResponseSet_Deinit().

◆ BSL_SecurityResponseSet_Sizeof()

size_t BSL_SecurityResponseSet_Sizeof ( void  )

Returns size of this struct type.

Referenced by BSL_TestUtils_MallocEmptyPolicyResponse(), and MockBPA_Agent_process().

◆ BSL_SeqReader_Destroy()

int BSL_SeqReader_Destroy ( BSL_SeqReader_t *  obj)

Release resources from a sequential reader.

This also frees memory of the instance itself.

Parameters
[in,out]objThe reader handle.
Returns
Zero if successful.

References BSL_free(), BSL_SUCCESS, and CHK_ARG_NONNULL.

Referenced by BSL_API_QuerySecurity(), BSL_ExecAnyVerifierAcceptor_Pre(), BSLX_BCB_Decrypt(), BSLX_BCB_Encrypt(), BSLX_BIB_GenIPPT(), switch(), TEST_CASE(), test_decrypt(), test_encrypt(), and test_SeqReader_flat().

◆ BSL_SeqReader_Get()

int BSL_SeqReader_Get ( BSL_SeqReader_t *  obj,
uint8_t *  buf,
size_t *  bufsize 
)

Iterate a sequential reader.

Parameters
[in,out]objThe reader handle.
[out]bufThe output buffer to fill.
[in,out]bufsizeThe available output buffer size as input, set to the used buffer size as output.
Returns
Zero if successful.

References buf, and CHK_ARG_NONNULL.

Referenced by BSL_API_QuerySecurity(), BSL_AuthCtx_DigestSeq(), BSL_Cipher_AddSeq(), BSL_ExecAnyVerifierAcceptor_Pre(), BSLX_BIB_GenIPPT(), TEST_CASE(), and test_SeqReader_flat().

◆ BSL_SeqWriter_Destroy()

int BSL_SeqWriter_Destroy ( BSL_SeqWriter_t *  obj)

Release resources from a sequential writer and commit the writes.

This also frees memory of the instance itself.

Parameters
[in,out]objThe writer handle.
Returns
Zero if successful.

References BSL_free(), BSL_SUCCESS, and CHK_ARG_NONNULL.

Referenced by BSLX_BCB_Decrypt(), BSLX_BCB_Encrypt(), Encode_ASB(), test_decrypt(), test_encrypt(), and test_SeqWriter_flat().

◆ BSL_SeqWriter_Put()

int BSL_SeqWriter_Put ( BSL_SeqWriter_t *  obj,
const uint8_t *  buf,
size_t  bufsize 
)

Iterate a sequential writer.

Parameters
objThe writer handle.
[in]bufThe input buffer to copy from.
[in,out]bufsizeThe available input buffer size as input, set to the used buffer size as output.
Returns
Zero if successful.

References buf, and CHK_ARG_NONNULL.

Referenced by BSL_Cipher_AddSeq(), BSL_Cipher_FinalizeSeq(), Encode_ASB(), and test_SeqWriter_flat().

◆ BSL_TlmCounters_IncrementCounter()

int BSL_TlmCounters_IncrementCounter ( BSL_LibCtx_t *  bsl,
BSL_TlmCounterIndex_e  tlm_index,
uint64_t  count 
)