Single entry-point include file for all of the "Public" BPSec Lib (BSL) frontend API. More...
#include <stdbool.h>#include <stddef.h>#include <stdint.h>
Include dependency graph for BPSecLib_Public.h: This graph shows which files directly or indirectly include this file:Go to the source code of this file.
Data Structures | |
| struct | BSL_HostEID_s |
| Opaque pointer to BPA-specific Endpoint ID storage. More... | |
| struct | BSL_HostEIDPattern_s |
| Reference to a EID pattern owned and stored in the BPA. More... | |
| struct | BSL_BundleRef_s |
| Reference to a Bundle owned and stored in the host BPA. More... | |
| struct | BSL_PrimaryBlock_s |
| Contains Bundle Primary Block fields and metadata. More... | |
| struct | BSL_CanonicalBlock_s |
| Structure containing parsed Canonical Block fields. More... | |
| struct | BSL_HostDescriptors_t |
| Dynamic BPA descriptor. More... | |
Macros | |
| #define | BSL_REQUIRE_CHECK |
| This annotation on a function requires the caller to capture and inspect the return value. | |
| #define | BSL_DEFAULT_STRLEN (128) |
Typedefs | |
| typedef struct BSL_LibCtx_s | BSL_LibCtx_t |
| Forward declaration for BSL library context. | |
| typedef struct BSL_SecurityResponseSet_s | BSL_SecurityResponseSet_t |
| Forward declaration of SecurityResponseSet, which contains information for BSL and the host BPA to process the Bundle. | |
| typedef struct BSL_SecurityActionSet_s | BSL_SecurityActionSet_t |
| Forward declaration of PolicyActionSet, which contains information for BSL to process the Bundle. | |
| typedef struct BSL_SecCtxDesc_s | BSL_SecCtxDesc_t |
| Forward-declaration for structure containing callbscks to a security context. | |
| typedef struct BSL_PolicyDesc_s | BSL_PolicyDesc_t |
| Forward-declaration for structure containing callbacks to provider. | |
| typedef char | BSL_StaticString_t[BSL_DEFAULT_STRLEN] |
| typedef struct BSL_HostEID_s | BSL_HostEID_t |
| Opaque pointer to BPA-specific Endpoint ID storage. | |
| typedef struct BSL_HostEIDPattern_s | BSL_HostEIDPattern_t |
| Reference to a EID pattern owned and stored in the BPA. | |
| typedef struct BSL_BundleRef_s | BSL_BundleRef_t |
| Reference to a Bundle owned and stored in the host BPA. | |
| typedef struct BSL_PrimaryBlock_s | BSL_PrimaryBlock_t |
| Contains Bundle Primary Block fields and metadata. | |
| typedef struct BSL_CanonicalBlock_s | BSL_CanonicalBlock_t |
| Structure containing parsed Canonical Block fields. | |
Enumerations | |
| enum | BSL_PolicyLocation_e { BSL_POLICYLOCATION_APPIN = 101 , BSL_POLICYLOCATION_APPOUT , BSL_POLICYLOCATION_CLIN , BSL_POLICYLOCATION_CLOUT } |
| Indicates where in the lifecycle of the BPA the bundle is querying for security policy. More... | |
| enum | BSL_BundleCRCType_e { BSL_BUNDLECRCTYPE_NONE = 0 , BSL_BUNDLECRCTYPE_16 = 1 , BSL_BUNDLECRCTYPE_32 = 2 } |
| Block CRC types. More... | |
Functions | |
| int | BSL_HostDescriptors_Set (BSL_HostDescriptors_t desc) |
| Set the BPA descriptor (callbacks) for this process. | |
| void | BSL_HostDescriptors_Get (BSL_HostDescriptors_t *desc) |
| Copy the BPA descriptor for this process. | |
| BSL_REQUIRE_CHECK int | BSL_API_InitLib (BSL_LibCtx_t *bsl) |
| Initialize the BPSecLib (BSL) library context. | |
| BSL_REQUIRE_CHECK int | BSL_API_DeinitLib (BSL_LibCtx_t *bsl) |
| Deinitialize and release any resources held by the BSL. | |
| BSL_REQUIRE_CHECK int | BSL_API_RegisterSecurityContext (BSL_LibCtx_t *lib, uint64_t sec_ctx_id, BSL_SecCtxDesc_t desc) |
| Register a security context module with the BSL. | |
| BSL_REQUIRE_CHECK int | BSL_API_RegisterPolicyProvider (BSL_LibCtx_t *lib, BSL_PolicyDesc_t desc) |
| Register a Policy Provider module with the BSL. | |
| BSL_REQUIRE_CHECK int | BSL_API_QuerySecurity (const BSL_LibCtx_t *bsl, BSL_SecurityActionSet_t *output_action_set, const BSL_BundleRef_t *bundle, BSL_PolicyLocation_e location) |
Query BSL to populate a BSL_SecurityActionSet_t containg security processing instructions. | |
| BSL_REQUIRE_CHECK int | BSL_API_ApplySecurity (const BSL_LibCtx_t *bsl, BSL_SecurityResponseSet_t *response_output, BSL_BundleRef_t *bundle, const BSL_SecurityActionSet_t *policy_actions) |
| Performs the given security operations on a Bundle, modifying or even dropping it entirely. | |
Detailed Description
Single entry-point include file for all of the "Public" BPSec Lib (BSL) frontend API.
This contains the interface for the BPA.
Definition in file BPSecLib_Public.h.
Macro Definition Documentation
◆ BSL_DEFAULT_STRLEN
| #define BSL_DEFAULT_STRLEN (128) |
Definition at line 61 of file BPSecLib_Public.h.
◆ BSL_REQUIRE_CHECK
| #define BSL_REQUIRE_CHECK |
This annotation on a function requires the caller to capture and inspect the return value.
Definition at line 42 of file BPSecLib_Public.h.
Typedef Documentation
◆ BSL_BundleRef_t
| typedef struct BSL_BundleRef_s BSL_BundleRef_t |
Reference to a Bundle owned and stored in the host BPA.
- Note
- The BSL internally never attempts to parse the opaque pointer contained here.
◆ BSL_CanonicalBlock_t
| typedef struct BSL_CanonicalBlock_s BSL_CanonicalBlock_t |
Structure containing parsed Canonical Block fields.
- Note
- This contains a snapshot of the fields at the time it was queried. It is not a pointer.
◆ BSL_HostEID_t
| typedef struct BSL_HostEID_s BSL_HostEID_t |
Opaque pointer to BPA-specific Endpoint ID storage.
Ownership of the object is kept by the BPA, and these are only references.
◆ BSL_LibCtx_t
| typedef struct BSL_LibCtx_s BSL_LibCtx_t |
Forward declaration for BSL library context.
Definition at line 46 of file BPSecLib_Public.h.
◆ BSL_PolicyDesc_t
| typedef struct BSL_PolicyDesc_s BSL_PolicyDesc_t |
Forward-declaration for structure containing callbacks to provider.
Definition at line 59 of file BPSecLib_Public.h.
◆ BSL_PrimaryBlock_t
| typedef struct BSL_PrimaryBlock_s BSL_PrimaryBlock_t |
Contains Bundle Primary Block fields and metadata.
- Note
- This contains a snapshot of the fields at the time it was queried. It is not a pointer.
◆ BSL_SecCtxDesc_t
| typedef struct BSL_SecCtxDesc_s BSL_SecCtxDesc_t |
Forward-declaration for structure containing callbscks to a security context.
Definition at line 56 of file BPSecLib_Public.h.
◆ BSL_SecurityActionSet_t
| typedef struct BSL_SecurityActionSet_s BSL_SecurityActionSet_t |
Forward declaration of PolicyActionSet, which contains information for BSL to process the Bundle.
Definition at line 53 of file BPSecLib_Public.h.
◆ BSL_SecurityResponseSet_t
| typedef struct BSL_SecurityResponseSet_s BSL_SecurityResponseSet_t |
Forward declaration of SecurityResponseSet, which contains information for BSL and the host BPA to process the Bundle.
Definition at line 50 of file BPSecLib_Public.h.
◆ BSL_StaticString_t
| typedef char BSL_StaticString_t[BSL_DEFAULT_STRLEN] |
Definition at line 62 of file BPSecLib_Public.h.
Enumeration Type Documentation
◆ BSL_BundleCRCType_e
| enum BSL_BundleCRCType_e |
Block CRC types.
Defined in Section 4.2.1 of RFC 9171 [3].
| Enumerator | |
|---|---|
| BSL_BUNDLECRCTYPE_NONE | No CRC value. |
| BSL_BUNDLECRCTYPE_16 | CRC-16. |
| BSL_BUNDLECRCTYPE_32 | CRC-32C. |
Definition at line 83 of file BPSecLib_Public.h.
◆ BSL_PolicyLocation_e
| enum BSL_PolicyLocation_e |
Indicates where in the lifecycle of the BPA the bundle is querying for security policy.
- Note
- The numeric values of the enum are arbitrary. We avoid using 0 as defaults.
Definition at line 68 of file BPSecLib_Public.h.
Function Documentation
◆ BSL_API_ApplySecurity()
| BSL_REQUIRE_CHECK int BSL_API_ApplySecurity | ( | const BSL_LibCtx_t * | bsl, |
| BSL_SecurityResponseSet_t * | response_output, | ||
| BSL_BundleRef_t * | bundle, | ||
| const BSL_SecurityActionSet_t * | policy_actions | ||
| ) |
Performs the given security operations on a Bundle, modifying or even dropping it entirely.
- Parameters
-
[in] bsl Pointer to BSL context structure. [out] response_output Pointer to host-allocated output structure. [in,out] bundle Reference to host-owned Bundle, which may be modified or dropped by the BSL. [in] policy_actions Pointer to policy actions, which was populated using the QuerySecurityfunction.
Definition at line 178 of file PublicInterfaceImpl.c.
References BSL_BundleCtx_GetBundleMetadata(), BSL_BundleCtx_RemoveBlock(), BSL_ERR_HOST_CALLBACK_FAILED, BSL_ERR_SECURITY_OPERATION_FAILED, BSL_LOG_DEBUG, BSL_LOG_ERR, BSL_LOG_WARNING, BSL_POLICYACTION_DROP_BLOCK, BSL_POLICYACTION_DROP_BUNDLE, BSL_POLICYACTION_NOTHING, BSL_POLICYACTION_UNDEFINED, BSL_SecCtx_ExecutePolicyActionSet(), BSL_SUCCESS, BSL_SecOper_s::failure_code, BSL_SecurityResponseSet_s::results, BSL_SecurityActionSet_s::sec_operations, BSL_SecurityActionSet_s::sec_operations_count, and BSL_SecOper_s::target_block_num.
◆ BSL_API_DeinitLib()
| BSL_REQUIRE_CHECK int BSL_API_DeinitLib | ( | BSL_LibCtx_t * | bsl | ) |
Deinitialize and release any resources held by the BSL.
- Note
- This only needs to be run once per lifetime of the BPA.
- Parameters
-
[in,out] bsl Pointer to library context
- Returns
- 0 on success, negative on error.
Definition at line 45 of file PublicInterfaceImpl.c.
References BSL_LOG_WARNING, BSL_SUCCESS, and BSL_PolicyDesc_s::deinit_fn.
◆ BSL_API_InitLib()
| BSL_REQUIRE_CHECK int BSL_API_InitLib | ( | BSL_LibCtx_t * | bsl | ) |
Initialize the BPSecLib (BSL) library context.
- Note
- This only needs to be done once per lifetime of the BPA
- Parameters
-
[in,out] bsl Pointer to allocated space for the library context.
- Returns
- 0 on success, negative on error.
Definition at line 37 of file PublicInterfaceImpl.c.
References BSL_SUCCESS.
◆ BSL_API_QuerySecurity()
| BSL_REQUIRE_CHECK int BSL_API_QuerySecurity | ( | const BSL_LibCtx_t * | bsl, |
| BSL_SecurityActionSet_t * | output_action_set, | ||
| const BSL_BundleRef_t * | bundle, | ||
| BSL_PolicyLocation_e | location | ||
| ) |
Query BSL to populate a BSL_SecurityActionSet_t containg security processing instructions.
This executes a chain of events in the BSL. First by querying the policy provider, then checking with the security context for viability. It returns 0 and a populated BSL_SecurityActionSet_ with the security operations and their parameters, if successful.
- Note
- A BSL guideline is that caller's generally allocate the memory for callee's. In this case, the BPA must create space for the output action set using
_Sizeoffunctions for the respective structures.
- Parameters
-
[in] bsl Pointer to BSL context. [in,out] output_action_set Pointer to pre-allocated structure into which security operations will be populated. [in] bundle Reference to BPA-owned bundle. [in] location "Location" within the BPA (e.g,. "At app egress")
- Returns
- 0 on success, negative on error. On zero,
output_action_setwill be populated.
Definition at line 85 of file PublicInterfaceImpl.c.
References BSL_PrimaryBlock_s::block_count, BSL_CanonicalBlock_s::block_num, BSL_AbsSecBlock_ContainsTarget(), BSL_AbsSecBlock_DecodeFromCBOR(), BSL_AbsSecBlock_Deinit(), BSL_AbsSecBlock_Sizeof(), BSL_BundleCtx_GetBlockIds(), BSL_BundleCtx_GetBlockMetadata(), BSL_BundleCtx_GetBundleMetadata(), BSL_Data_InitView(), BSL_ERR_HOST_CALLBACK_FAILED, BSL_ERR_NOT_FOUND, BSL_ERR_SECURITY_CONTEXT_VALIDATION_FAILED, BSL_LOG_ERR, BSL_LOG_INFO, BSL_LOG_WARNING, BSL_SecCtx_ValidatePolicyActionSet(), BSL_SUCCESS, BSL_CanonicalBlock_s::btsd, BSL_CanonicalBlock_s::btsd_len, BSL_PolicyDesc_s::deinit_fn, BSL_PolicyDesc_s::query_fn, BSL_SecOper_s::sec_block_num, BSL_SecurityActionSet_s::sec_operations, BSL_SecurityActionSet_s::sec_operations_count, BSL_SecOper_s::target_block_num, and BSL_CanonicalBlock_s::type_code.
◆ BSL_API_RegisterPolicyProvider()
| BSL_REQUIRE_CHECK int BSL_API_RegisterPolicyProvider | ( | BSL_LibCtx_t * | lib, |
| BSL_PolicyDesc_t | desc | ||
| ) |
Register a Policy Provider module with the BSL.
- Note
- The Policy Provider interface is defined by the policy provider descriptor.
- Parameters
-
[in,out] lib Pointer to BSL context. [in] desc Policy Provider callbacks.
Definition at line 76 of file PublicInterfaceImpl.c.
References BSL_SUCCESS, and BSL_PolicyDesc_s::query_fn.
◆ BSL_API_RegisterSecurityContext()
| BSL_REQUIRE_CHECK int BSL_API_RegisterSecurityContext | ( | BSL_LibCtx_t * | lib, |
| uint64_t | sec_ctx_id, | ||
| BSL_SecCtxDesc_t | desc | ||
| ) |
Register a security context module with the BSL.
- Note
- The Security Context interface is defined by the security context descriptor.
- Parameters
-
[in,out] lib Pointer to BSL context. [in] sec_ctx_id Security context ID [in] desc Descriptor struct containing callbacks.
Definition at line 66 of file PublicInterfaceImpl.c.
References BSL_SUCCESS, BSL_SecCtxDesc_s::execute, and BSL_SecCtxDesc_s::validate.
◆ BSL_HostDescriptors_Get()
| void BSL_HostDescriptors_Get | ( | BSL_HostDescriptors_t * | desc | ) |
Copy the BPA descriptor for this process.
- Parameters
-
[out] desc The descriptor to copy into.
Definition at line 127 of file HostInterface.c.
Referenced by bsl_mock_bpa_deinit().
◆ BSL_HostDescriptors_Set()
| int BSL_HostDescriptors_Set | ( | BSL_HostDescriptors_t | desc | ) |
Set the BPA descriptor (callbacks) for this process.
- Parameters
-
desc The descriptor to use for future BPA functions.
- Returns
- Zero if successful, negative on error.
Definition at line 31 of file HostInterface.c.
References BSL_HostDescriptors_t::block_create_fn, BSL_HostDescriptors_t::block_metadata_fn, BSL_HostDescriptors_t::block_realloc_btsd_fn, BSL_HostDescriptors_t::block_remove_fn, BSL_SUCCESS, BSL_HostDescriptors_t::bundle_get_block_ids, BSL_HostDescriptors_t::bundle_metadata_fn, BSL_HostDescriptors_t::eid_deinit, BSL_HostDescriptors_t::eid_from_cbor, BSL_HostDescriptors_t::eid_from_text, BSL_HostDescriptors_t::eid_init, BSL_HostDescriptors_t::eidpat_deinit, BSL_HostDescriptors_t::eidpat_from_text, BSL_HostDescriptors_t::eidpat_init, BSL_HostDescriptors_t::eidpat_match, and BSL_HostDescriptors_t::get_host_eid_fn.
Referenced by bsl_mock_bpa_deinit(), and bsl_mock_bpa_init().
