Single entry-point include file for all of the "Public" BPSec Lib (BSL) frontend API. More...

#include <stdbool.h>
#include <stddef.h>
#include <stdint.h>
#include "BSLConfig.h"

Include dependency graph for BPSecLib_Public.h:

This graph shows which files directly or indirectly include this file:

Data Structures
struct	BSL_HostEID_t
	Opaque pointer to BPA-specific Endpoint ID storage. More...

struct	BSL_HostEIDPattern_t
	Reference to a EID pattern owned and stored in the BPA. More...

struct	BSL_BundleRef_t
	Reference to a Bundle owned and stored in the host BPA. More...

struct	BSL_PrimaryBlock_t
	Contains Bundle Primary Block fields and metadata. More...

struct	BSL_CanonicalBlock_t
	Structure containing parsed Canonical Block fields. More...

struct	BSL_HostDescriptors_t
	Dynamic BPA descriptor. More...

Macros
#define	BSL_REQUIRE_CHECK
	This annotation on a function requires the caller to capture and inspect the return value.

#define	BSL_DEFAULT_STRLEN (128)

Typedefs
typedef struct BSL_SecurityActionSet_s	BSL_SecurityActionSet_t
	Forward declaration of ::BSL_SecurityActionSet_s, which contains actions for BSL to process the Bundle.

typedef char	BSL_StaticString_t[BSL_DEFAULT_STRLEN]

Enumerations
enum	BSL_PolicyLocation_e { BSL_POLICYLOCATION_APPIN = 101 , BSL_POLICYLOCATION_APPOUT , BSL_POLICYLOCATION_CLIN , BSL_POLICYLOCATION_CLOUT }
	Indicates where in the lifecycle of the BPA the bundle is querying for security policy. More...

enum	BSL_SecOper_ConclusionState_e { BSL_SECOP_CONCLUSION_PENDING = 1 , BSL_SECOP_CONCLUSION_SUCCESS , BSL_SECOP_CONCLUSION_INVALID , BSL_SECOP_CONCLUSION_FAILURE }
	Indicates the conclusion state of a security operation. More...

enum	BSL_BundleCRCType_e { BSL_BUNDLECRCTYPE_NONE = 0 , BSL_BUNDLECRCTYPE_16 = 1 , BSL_BUNDLECRCTYPE_32 = 2 }
	Block CRC types. More...

Functions
int	BSL_HostDescriptors_Set (BSL_HostDescriptors_t desc)
	Set the BPA descriptor (callbacks) for this process.

void	BSL_HostDescriptors_Get (BSL_HostDescriptors_t *desc)
	Copy the BPA descriptor for this process.

BSL_REQUIRE_CHECK int	BSL_API_InitLib (BSL_LibCtx_t *bsl)
	Initialize the BPSecLib (BSL) library context.

BSL_REQUIRE_CHECK int	BSL_API_DeinitLib (BSL_LibCtx_t *bsl)
	Deinitialize and release any resources held by the BSL.

BSL_REQUIRE_CHECK int	BSL_API_RegisterSecurityContext (BSL_LibCtx_t *lib, uint64_t sec_ctx_id, BSL_SecCtxDesc_t desc)
	Register a security context module with the BSL.

BSL_REQUIRE_CHECK int	BSL_API_RegisterPolicyProvider (BSL_LibCtx_t *lib, BSL_PolicyDesc_t desc)
	Register a Policy Provider module with the BSL.

BSL_REQUIRE_CHECK int	BSL_API_QuerySecurity (const BSL_LibCtx_t bsl, BSL_SecurityActionSet_t output_action_set, const BSL_BundleRef_t *bundle, BSL_PolicyLocation_e location)
	Query BSL to populate a `BSL_SecurityActionSet_t` containing security processing instructions.

BSL_REQUIRE_CHECK int	BSL_API_ApplySecurity (const BSL_LibCtx_t bsl, BSL_SecurityResponseSet_t response_output, BSL_BundleRef_t bundle, const BSL_SecurityActionSet_t policy_actions)
	Performs the given security operations on a Bundle, modifying or even dropping it entirely.

Detailed Description

Single entry-point include file for all of the "Public" BPSec Lib (BSL) frontend API.

This contains the interface for the BPA.

Author: Bill..nosp@m.Van..nosp@m.Besie.nosp@m.n@jh.nosp@m.uapl..nosp@m.edu

Enumeration Type Documentation

◆ BSL_BundleCRCType_e

enum BSL_BundleCRCType_e

Block CRC types.

Defined in Section 4.2.1 of RFC 9171 [6].

Enumerator
BSL_BUNDLECRCTYPE_NONE	No CRC value.
BSL_BUNDLECRCTYPE_16	CRC-16.
BSL_BUNDLECRCTYPE_32	CRC-32C.

◆ BSL_PolicyLocation_e

enum BSL_PolicyLocation_e

Indicates where in the lifecycle of the BPA the bundle is querying for security policy.

Note: The numeric values of the enum are arbitrary. We avoid using 0 as defaults.

Enumerator
BSL_POLICYLOCATION_APPIN	Bundle source at creation.
BSL_POLICYLOCATION_APPOUT	Bundle destination at delivery.
BSL_POLICYLOCATION_CLIN	Bundle ingress from CLA.
BSL_POLICYLOCATION_CLOUT	Bundle egress to CLA.

◆ BSL_SecOper_ConclusionState_e

enum BSL_SecOper_ConclusionState_e

Indicates the conclusion state of a security operation.

Enumerator
BSL_SECOP_CONCLUSION_PENDING	Security operation is still pending action.
BSL_SECOP_CONCLUSION_SUCCESS	Security operation has concluded and succeeded.
BSL_SECOP_CONCLUSION_INVALID	Security operation is invalid.
BSL_SECOP_CONCLUSION_FAILURE	Security operation has concluded and failed.

Function Documentation

◆ BSL_API_ApplySecurity()

BSL_REQUIRE_CHECK int BSL_API_ApplySecurity	(	const BSL_LibCtx_t *	bsl,
		BSL_SecurityResponseSet_t *	response_output,
		BSL_BundleRef_t *	bundle,
		const BSL_SecurityActionSet_t *	policy_actions
	)

Performs the given security operations on a Bundle, modifying or even dropping it entirely.

Parameters

[in]	bsl	Pointer to BSL context structure.
[out]	response_output	Pointer to host-allocated output structure.
[in,out]	bundle	Reference to host-owned Bundle, which may be modified or dropped by the BSL.
[in]	policy_actions	Pointer to policy actions, which was populated using the `QuerySecurity` function.

References BSL_BundleCtx_DeleteBundle(), BSL_BundleCtx_GetBundleMetadata(), BSL_BundleCtx_RemoveBlock(), BSL_ERR_HOST_CALLBACK_FAILED, BSL_LOG_DEBUG, BSL_LOG_ERR, BSL_LOG_INFO, BSL_LOG_WARNING, BSL_POLICYACTION_DROP_BLOCK, BSL_POLICYACTION_DROP_BUNDLE, BSL_POLICYACTION_NOTHING, BSL_POLICYACTION_UNDEFINED, BSL_PolicyRegistry_FinalizeActions(), BSL_SecCtx_ExecutePolicyActionSet(), BSL_SECOP_CONCLUSION_SUCCESS, BSL_SecOper_GetConclusion(), and BSL_SUCCESS.

◆ BSL_API_DeinitLib()

BSL_REQUIRE_CHECK int BSL_API_DeinitLib ( BSL_LibCtx_t * bsl )

Deinitialize and release any resources held by the BSL.

Note: This only needs to be run once per lifetime of the BSL.

Parameters

[in,out] bsl Pointer to library context

Returns: 0 on success, negative on error.

References BSL_FREE, BSL_LOG_WARNING, and BSL_SUCCESS.

◆ BSL_API_InitLib()

BSL_REQUIRE_CHECK int BSL_API_InitLib ( BSL_LibCtx_t * bsl )

Initialize the BPSecLib (BSL) library context.

Note: This only needs to be done once per lifetime of the BSL.

Parameters

[in,out] bsl Pointer to allocated space for the library context.

Returns: 0 on success, negative on error.

References BSL_SUCCESS.

◆ BSL_API_QuerySecurity()

BSL_REQUIRE_CHECK int BSL_API_QuerySecurity	(	const BSL_LibCtx_t *	bsl,
		BSL_SecurityActionSet_t *	output_action_set,
		const BSL_BundleRef_t *	bundle,
		BSL_PolicyLocation_e	location
	)

Query BSL to populate a BSL_SecurityActionSet_t containing security processing instructions.

This executes a chain of events in the BSL. First by querying the policy provider, then checking with the security context for viability. It returns 0 and a populated BSL_SecurityActionSet_ with the security operations and their parameters, if successful.

Note: A BSL guideline is that caller's generally allocate the memory for callee's. In this case, the BPA must create space for the output action set using _Sizeof functions for the respective structures.

Parameters

[in]	bsl	Pointer to BSL context.
[in,out]	output_action_set	Pointer to pre-allocated structure into which security operations will be populated.
[in]	bundle	Reference to BPA-owned bundle.
[in]	location	"Location" within the BPA (e.g,. "At app egress")

Returns: 0 on success, negative on error. On zero, output_action_set will be populated.

References BSL_PrimaryBlock_t::block_count, BSL_CanonicalBlock_t::block_num, BSL_AbsSecBlock_ContainsTarget(), BSL_AbsSecBlock_DecodeFromCBOR(), BSL_AbsSecBlock_Deinit(), BSL_AbsSecBlock_Sizeof(), BSL_BundleCtx_GetBlockIds(), BSL_BundleCtx_GetBlockMetadata(), BSL_BundleCtx_GetBundleMetadata(), BSL_CALLOC, BSL_Data_InitView(), BSL_ERR_HOST_CALLBACK_FAILED, BSL_ERR_SECURITY_CONTEXT_VALIDATION_FAILED, BSL_FREE, BSL_LOG_ERR, BSL_LOG_INFO, BSL_LOG_WARNING, BSL_PolicyRegistry_InspectActions(), BSL_SecCtx_ValidatePolicyActionSet(), BSL_SUCCESS, BSL_CanonicalBlock_t::btsd, BSL_CanonicalBlock_t::btsd_len, and BSL_CanonicalBlock_t::type_code.

◆ BSL_API_RegisterPolicyProvider()

BSL_REQUIRE_CHECK int BSL_API_RegisterPolicyProvider	(	BSL_LibCtx_t *	lib,
		BSL_PolicyDesc_t	desc
	)

Register a Policy Provider module with the BSL.

Note: The Policy Provider interface is defined by the policy provider descriptor.

Parameters

[in,out]	lib	Pointer to BSL context.
[in]	desc	Policy Provider callbacks.

References BSL_SUCCESS.

◆ BSL_API_RegisterSecurityContext()

BSL_REQUIRE_CHECK int BSL_API_RegisterSecurityContext	(	BSL_LibCtx_t *	lib,
		uint64_t	sec_ctx_id,
		BSL_SecCtxDesc_t	desc
	)

Register a security context module with the BSL.

Note: The Security Context interface is defined by the security context descriptor.

Parameters

[in,out]	lib	Pointer to BSL context.
[in]	sec_ctx_id	Security context ID
[in]	desc	Descriptor struct containing callbacks.

References BSL_SUCCESS.

◆ BSL_HostDescriptors_Get()

void BSL_HostDescriptors_Get ( BSL_HostDescriptors_t * desc )

Copy the BPA descriptor for this process.

Note: This function is not thread safe.

Parameters

[out] desc The descriptor to copy into.

Referenced by bsl_mock_bpa_agent_deinit().

◆ BSL_HostDescriptors_Set()

int BSL_HostDescriptors_Set ( BSL_HostDescriptors_t desc )

Set the BPA descriptor (callbacks) for this process.

Warning: This function is not thread safe and should be set before any ::BSL_LibCtx_t is initialized or other BSL interfaces used.

Parameters

desc	The descriptor to use for future BPA functions.

Returns: Zero if successful, negative on error.

Referenced by bsl_mock_bpa_agent_deinit(), and bsl_mock_bpa_agent_init().

Data Structures

Macros

Typedefs

Enumerations

Functions

Detailed Description

Enumeration Type Documentation

◆ BSL_BundleCRCType_e

◆ BSL_PolicyLocation_e

◆ BSL_SecOper_ConclusionState_e

Function Documentation

◆ BSL_API_ApplySecurity()

◆ BSL_API_DeinitLib()

◆ BSL_API_InitLib()

◆ BSL_API_QuerySecurity()

◆ BSL_API_RegisterPolicyProvider()

◆ BSL_API_RegisterSecurityContext()

◆ BSL_HostDescriptors_Get()

◆ BSL_HostDescriptors_Set()