Single entry-point include file for all of the "Public" BPSec Lib (BSL) frontend API. More...
#include <stdbool.h>#include <stddef.h>#include <stdint.h>#include "BSLConfig.h"#include "Data.h"
Include dependency graph for BPSecLib_Public.h: This graph shows which files directly or indirectly include this file:Data Structures | |
| struct | BSL_TlmCounters_t |
| The telemetry counter structure to store the enumerations of telemetry. More... | |
| struct | BSL_HostEID_t |
| Opaque pointer to BPA-specific Endpoint ID storage. More... | |
| struct | BSL_HostEIDPattern_t |
| Reference to a EID pattern owned and stored in the BPA. More... | |
| struct | BSL_BundleRef_t |
| Reference to a Bundle owned and stored in the host BPA. More... | |
| struct | BSL_PrimaryBlock_t |
| Contains Bundle Primary Block fields and metadata. More... | |
| struct | BSL_CanonicalBlock_t |
| Structure containing parsed Canonical Block fields. More... | |
| struct | BSL_HostDescriptors_t |
| Dynamic BPA descriptor. More... | |
Macros | |
| #define | BSL_REQUIRE_CHECK |
| This annotation on a function requires the caller to capture and inspect the return value. | |
| #define | BSL_TLM_COUNTERS_ZERO |
Functions | |
| size_t | BSL_LibCtx_Sizeof (void) |
| Return size of library context. | |
| int | BSL_LibCtx_AccumulateTlmCounters (const BSL_LibCtx_t *lib, BSL_TlmCounters_t *tlm) |
| Retrieve copy of the telemetry counters to accumulate in BPA. | |
| void | BSL_PrimaryBlock_deinit (BSL_PrimaryBlock_t *obj) |
| Deinitialize the use of a primary block metadata. | |
| int | BSL_HostDescriptors_Set (BSL_HostDescriptors_t desc) |
| Set the BPA descriptor (callbacks) for this process. | |
| void | BSL_HostDescriptors_Get (BSL_HostDescriptors_t *desc) |
| Copy the BPA descriptor for this process. | |
| void | BSL_HostDescriptors_Clear (void) |
| Reset the host descriptors to their default, unusable state. | |
| BSL_REQUIRE_CHECK int | BSL_API_InitLib (BSL_LibCtx_t *bsl) |
| Initialize the BPSecLib (BSL) library context. | |
| BSL_REQUIRE_CHECK int | BSL_API_DeinitLib (BSL_LibCtx_t *bsl) |
| Deinitialize and release any resources held by the BSL. | |
| BSL_REQUIRE_CHECK int | BSL_API_RegisterSecurityContext (BSL_LibCtx_t *lib, uint64_t sec_ctx_id, BSL_SecCtxDesc_t desc) |
| Register a security context module with the BSL. | |
| BSL_REQUIRE_CHECK int | BSL_API_RegisterPolicyProvider (BSL_LibCtx_t *lib, uint64_t pp_id, BSL_PolicyDesc_t desc) |
| Register a Policy Provider module with the BSL. | |
| BSL_REQUIRE_CHECK int | BSL_API_QuerySecurity (const BSL_LibCtx_t *bsl, BSL_SecurityActionSet_t *output_action_set, const BSL_BundleRef_t *bundle, BSL_PolicyLocation_e location) |
Query BSL to populate a BSL_SecurityActionSet_t containing security processing instructions. | |
| BSL_REQUIRE_CHECK int | BSL_API_ApplySecurity (const BSL_LibCtx_t *bsl, BSL_SecurityResponseSet_t *response_output, BSL_BundleRef_t *bundle, const BSL_SecurityActionSet_t *policy_actions) |
| Performs the given security operations on a Bundle, modifying or even dropping it entirely. | |
Detailed Description
Single entry-point include file for all of the "Public" BPSec Lib (BSL) frontend API.
This contains the interface for the BPA.
Macro Definition Documentation
◆ BSL_TLM_COUNTERS_ZERO
| #define BSL_TLM_COUNTERS_ZERO |
Enumeration Type Documentation
◆ BSL_BundleCRCType_e
| enum BSL_BundleCRCType_e |
Block CRC types.
Defined in Section 4.2.1 of RFC 9171 [6].
| Enumerator | |
|---|---|
| BSL_BUNDLECRCTYPE_NONE | No CRC value. |
| BSL_BUNDLECRCTYPE_16 | CRC-16. |
| BSL_BUNDLECRCTYPE_32 | CRC-32C. |
◆ BSL_PolicyLocation_e
| enum BSL_PolicyLocation_e |
Indicates where in the lifecycle of the BPA the bundle is querying for security policy.
- Note
- The numeric values of the enum are arbitrary. We avoid using 0 as defaults.
◆ BSL_ReasonCode_t
| enum BSL_ReasonCode_t |
IANA "Bundle Status Report Reason Codes" registry [6] [3].
◆ BSL_SecOper_ConclusionState_e
Indicates the conclusion state of a security operation.
◆ BSL_TlmCounterIndex_e
Defined indices for the counter structure to hold telemetry and counts.
- Note
- If more telemetry is added, the array in BSL_TlmCounters_t must be updated.
Function Documentation
◆ BSL_API_ApplySecurity()
| BSL_REQUIRE_CHECK int BSL_API_ApplySecurity | ( | const BSL_LibCtx_t * | bsl, |
| BSL_SecurityResponseSet_t * | response_output, | ||
| BSL_BundleRef_t * | bundle, | ||
| const BSL_SecurityActionSet_t * | policy_actions | ||
| ) |
Performs the given security operations on a Bundle, modifying or even dropping it entirely.
- Parameters
-
[in] bsl Pointer to BSL context structure. [out] response_output Pointer to host-allocated output structure. [in,out] bundle Reference to host-owned Bundle, which may be modified or dropped by the BSL. [in] policy_actions Pointer to policy actions, which was populated using the QuerySecurityfunction.
References BSL_LOG_DEBUG, BSL_LOG_ERR, BSL_LOG_INFO, BSL_PolicyRegistry_FinalizeActions(), BSL_SecCtx_ExecutePolicyActionSet(), BSL_SECOP_CONCLUSION_SUCCESS, BSL_SecOper_GetConclusion(), BSL_SecurityResponseSet_Deinit(), BSL_SecurityResponseSet_Init(), and BSL_SUCCESS.
Referenced by MockBPA_Agent_process().
◆ BSL_API_DeinitLib()
| BSL_REQUIRE_CHECK int BSL_API_DeinitLib | ( | BSL_LibCtx_t * | bsl | ) |
Deinitialize and release any resources held by the BSL.
- Note
- This only needs to be run once per lifetime of the BSL.
- Parameters
-
[in,out] bsl Pointer to library context
- Returns
- 0 on success, negative on error.
References BSL_LOG_WARNING, and BSL_SUCCESS.
Referenced by MockBPA_Agent_Deinit().
◆ BSL_API_InitLib()
| BSL_REQUIRE_CHECK int BSL_API_InitLib | ( | BSL_LibCtx_t * | bsl | ) |
Initialize the BPSecLib (BSL) library context.
- Note
- This only needs to be done once per lifetime of the BSL.
- Parameters
-
[in,out] bsl Pointer to allocated space for the library context.
- Returns
- 0 on success, negative on error.
References BSL_SUCCESS.
Referenced by MockBPA_Agent_Init().
◆ BSL_API_QuerySecurity()
| BSL_REQUIRE_CHECK int BSL_API_QuerySecurity | ( | const BSL_LibCtx_t * | bsl, |
| BSL_SecurityActionSet_t * | output_action_set, | ||
| const BSL_BundleRef_t * | bundle, | ||
| BSL_PolicyLocation_e | location | ||
| ) |
Query BSL to populate a BSL_SecurityActionSet_t containing security processing instructions.
This executes a chain of events in the BSL. First by querying the policy provider, then checking with the security context for viability. It returns 0 and a populated BSL_SecurityActionSet_ with the security operations and their parameters, if successful.
- Note
- A BSL guideline is that caller's generally allocate the memory for callee's. In this case, the BPA must create space for the output action set using
_Sizeoffunctions for the respective structures.
- Parameters
-
[in] bsl Pointer to BSL context. [in,out] output_action_set Pointer to pre-allocated structure into which security operations will be populated. [in] bundle Reference to BPA-owned bundle. [in] location "Location" within the BPA (e.g,. "At app egress")
- Returns
- 0 on success, negative on error. On zero,
output_action_setwill be populated.
References BSL_PrimaryBlock_t::block_count, BSL_CanonicalBlock_t::block_num, BSL_PrimaryBlock_t::block_numbers, BSL_AbsSecBlock_ContainsTarget(), BSL_AbsSecBlock_DecodeFromCBOR(), BSL_AbsSecBlock_Deinit(), BSL_AbsSecBlock_InitEmpty(), BSL_AbsSecBlock_Sizeof(), BSL_BundleCtx_GetBlockMetadata(), BSL_BundleCtx_GetBundleMetadata(), BSL_CALLOC, BSL_Data_Deinit(), BSL_Data_InitBuffer(), BSL_ERR_HOST_CALLBACK_FAILED, BSL_ERR_SECURITY_CONTEXT_VALIDATION_FAILED, BSL_FREE, BSL_LOG_ERR, BSL_LOG_INFO, BSL_LOG_WARNING, BSL_PolicyRegistry_InspectActions(), BSL_PrimaryBlock_deinit(), BSL_REASONCODE_BLOCK_UNINTELLIGIBLE, BSL_SecCtx_ValidatePolicyActionSet(), BSL_SecOper_SetReasonCode(), BSL_SecurityActionSet_Init(), BSL_SeqReader_Destroy(), BSL_SeqReader_Get(), BSL_SUCCESS, BSL_TlmCounters_IncrementCounter(), BSL_CanonicalBlock_t::btsd_len, BSL_Data_t::len, BSL_Data_t::ptr, and BSL_CanonicalBlock_t::type_code.
Referenced by MockBPA_Agent_process().
◆ BSL_API_RegisterPolicyProvider()
| BSL_REQUIRE_CHECK int BSL_API_RegisterPolicyProvider | ( | BSL_LibCtx_t * | lib, |
| uint64_t | pp_id, | ||
| BSL_PolicyDesc_t | desc | ||
| ) |
Register a Policy Provider module with the BSL.
- Note
- The Policy Provider interface is defined by the policy provider descriptor.
- Parameters
-
[in,out] lib Pointer to BSL context. [in] desc Policy Provider callbacks.
References BSL_SUCCESS.
Referenced by MockBPA_Agent_Init(), and test_MultiplePolicyProviders().
◆ BSL_API_RegisterSecurityContext()
| BSL_REQUIRE_CHECK int BSL_API_RegisterSecurityContext | ( | BSL_LibCtx_t * | lib, |
| uint64_t | sec_ctx_id, | ||
| BSL_SecCtxDesc_t | desc | ||
| ) |
Register a security context module with the BSL.
- Note
- The Security Context interface is defined by the security context descriptor.
- Parameters
-
[in,out] lib Pointer to BSL context. [in] sec_ctx_id Security context ID [in] desc Descriptor struct containing callbacks.
References BSL_SUCCESS.
Referenced by MockBPA_Agent_Init().
◆ BSL_HostDescriptors_Clear()
| void BSL_HostDescriptors_Clear | ( | void | ) |
Reset the host descriptors to their default, unusable state.
- Warning
- This function is not thread safe and should be used after any ::BSL_LibCtx_t is deinitialized.
Referenced by main().
◆ BSL_HostDescriptors_Get()
| void BSL_HostDescriptors_Get | ( | BSL_HostDescriptors_t * | desc | ) |
Copy the BPA descriptor for this process.
- Note
- This function is not thread safe.
- Parameters
-
[out] desc The descriptor to copy into.
◆ BSL_HostDescriptors_Set()
| int BSL_HostDescriptors_Set | ( | BSL_HostDescriptors_t | desc | ) |
Set the BPA descriptor (callbacks) for this process.
- Warning
- This function is not thread safe and should be used before any ::BSL_LibCtx_t is initialized or other BSL interfaces used.
- Parameters
-
desc The descriptor to use for future BPA functions.
- Returns
- Zero if successful, negative on error.
References BSL_HostDescriptors_t::block_create_fn, BSL_HostDescriptors_t::block_metadata_fn, BSL_HostDescriptors_t::block_realloc_btsd_fn, BSL_HostDescriptors_t::block_remove_fn, BSL_SUCCESS, BSL_HostDescriptors_t::bundle_metadata_fn, BSL_HostDescriptors_t::eid_deinit, BSL_HostDescriptors_t::eid_from_cbor, BSL_HostDescriptors_t::eid_from_text, BSL_HostDescriptors_t::eid_init, BSL_HostDescriptors_t::eidpat_deinit, BSL_HostDescriptors_t::eidpat_from_text, BSL_HostDescriptors_t::eidpat_init, BSL_HostDescriptors_t::eidpat_match, and BSL_HostDescriptors_t::get_sec_src_eid_fn.
Referenced by main().
◆ BSL_LibCtx_AccumulateTlmCounters()
| int BSL_LibCtx_AccumulateTlmCounters | ( | const BSL_LibCtx_t * | lib, |
| BSL_TlmCounters_t * | tlm | ||
| ) |
Retrieve copy of the telemetry counters to accumulate in BPA.
- Parameters
-
[in] lib Pointer to BSL context. [out] sec_ctx_id Pointer to the output telemetry structure
- Returns
- 0 on success, negative on error.
References BSL_SUCCESS.
Referenced by MockBPA_Agent_DumpTelemetry().
◆ BSL_PrimaryBlock_deinit()
| void BSL_PrimaryBlock_deinit | ( | BSL_PrimaryBlock_t * | obj | ) |
Deinitialize the use of a primary block metadata.
- Parameters
-
[in,out] obj The instance to deinit.
References BSL_PrimaryBlock_t::block_numbers, BSL_Data_Deinit(), BSL_FREE, and BSL_PrimaryBlock_t::encoded.
Referenced by BSL_API_QuerySecurity(), BSLP_PolicyRule_EvaluateAsSecOper(), and BSLP_QueryPolicy().
