BSL v1.0.0 - 16.g9d98179
AMMOS Bundle Protocol Security Library (BSL)
Loading...
Searching...
No Matches
Data Structures | Functions
DefaultSecContext_Private.h File Reference
Default Security Contexts

Contains functions only used internally, however, test utilities can include this to unit test them. More...

#include <stdint.h>
#include <qcbor/qcbor_encode.h>
#include <BPSecLib_Private.h>
#include <BPSecLib_Public.h>
#include <CryptoInterface.h>
#include "rfc9173.h"
+ Include dependency graph for DefaultSecContext_Private.h:
+ This graph shows which files directly or indirectly include this file:

Data Structures

struct  BSLX_BlockMetadata_t
 
struct  BSLX_BIB_t
 
struct  BSLX_BCB_t
 BCB encryption context with crypto primitives. More...
 

Functions

int BSLX_BIB_InitFromSecOper (BSLX_BIB_t *self, const BSL_BundleRef_t *bundle, const BSL_SecOper_t *sec_oper)
 Populate the BIB parameters convenience struct from the security operation struct.
 
void BSLX_BIB_Deinit (BSLX_BIB_t *self)
 
int BSLX_BIB_GenIPPT (const BSLX_BIB_t *self, BSL_Data_t *ippt_space)
 Computes the Integrity-Protected Plaintext (IPPT) according to Section 3.7 of RFC 9173 [4].
 
int BSLX_BIB_GenHMAC (BSLX_BIB_t *self, const BSL_Data_t *ippt_data)
 Performs the actual HMAC over the given IPPT, placing the result in hmac_result.
 
int BSLX_BCB_GetParams (const BSL_BundleRef_t *bundle, BSLX_BCB_t *bcb_context, const BSL_SecOper_t *sec_oper)
 
int BSLX_BCB_Init (BSLX_BCB_t *bcb_context, BSL_BundleRef_t *bundle, const BSL_SecOper_t *sec_oper)
 
void BSLX_BCB_Deinit (BSLX_BCB_t *bcb_context)
 
int BSLX_BCB_ComputeAAD (BSLX_BCB_t *bcb_context)
 
int BSLX_BCB_Encrypt (BSLX_BCB_t *bcb_context)
 
void BSLX_EncodeHeader (const BSL_CanonicalBlock_t *block, QCBOREncodeContext *encoder)
 

Detailed Description

Contains functions only used internally, however, test utilities can include this to unit test them.

Function Documentation

◆ BSLX_BCB_ComputeAAD()

int BSLX_BCB_ComputeAAD ( BSLX_BCB_t bcb_context)

References BSLX_BCB_t::aad, BSL_Data_Deinit(), BSL_Data_InitBuffer(), BSL_Data_Resize(), BSL_ERR_ENCODING, BSL_ERR_INSUFFICIENT_SPACE, BSL_LOG_DEBUG, BSL_LOG_ERR, BSL_SUCCESS, BSLX_EncodeHeader(), CHK_ARG_NONNULL, CHK_PRECONDITION, BSL_PrimaryBlock_t::encoded, BSL_Data_t::len, BSLX_BCB_t::primary_block, BSL_Data_t::ptr, BSLX_BCB_t::sec_block, BSLX_BCB_t::skip_aad_prim_block, BSLX_BCB_t::skip_aad_sec_block, BSLX_BCB_t::skip_aad_target_block, and BSLX_BCB_t::target_block.

Referenced by BSLX_BCB_Execute().

◆ BSLX_BCB_Deinit()

void BSLX_BCB_Deinit ( BSLX_BCB_t bcb_context)

References BSLX_BCB_t::aad, ASSERT_ARG_NONNULL, BSLX_BCB_t::authtag, BSL_Data_Deinit(), BSL_PrimaryBlock_deinit(), BSLX_BCB_t::debugstr, BSLX_BCB_t::iv, BSLX_BCB_t::primary_block, and BSLX_BCB_t::wrapped_key.

Referenced by BSLX_BCB_Execute().

◆ BSLX_BCB_Encrypt()

int BSLX_BCB_Encrypt ( BSLX_BCB_t bcb_context)

wrapped key always 8 bytes greater than CEK [7] (2.2.1)

References BSLX_BCB_t::aad, BSLX_BCB_t::aes_variant, BSLX_BCB_t::authtag, BSL_CanonicalBlock_t::block_num, BSL_BundleCtx_ReadBTSD(), BSL_BundleCtx_WriteBTSD(), BSL_Cipher_AddAAD(), BSL_Cipher_AddSeq(), BSL_Cipher_Deinit(), BSL_Cipher_FinalizeSeq(), BSL_Cipher_GetTag(), BSL_Cipher_Init(), BSL_CRYPTO_AES_128, BSL_CRYPTO_AES_256, BSL_CRYPTO_AESGCM_AUTH_TAG_LEN, BSL_Crypto_ClearGeneratedKeyHandle(), BSL_CRYPTO_ENCRYPT, BSL_Crypto_GenIV(), BSL_Crypto_GenKey(), BSL_Crypto_GetRegistryKey(), BSL_Crypto_WrapKey(), BSL_Data_InitBuffer(), BSL_ERR_HOST_CALLBACK_FAILED, BSL_ERR_SECURITY_CONTEXT_CRYPTO_FAILED, BSL_ERR_SECURITY_CONTEXT_FAILED, BSL_LOG_DEBUG, BSL_LOG_ERR, BSL_LOG_WARNING, BSL_SeqReader_Destroy(), BSL_SeqWriter_Destroy(), BSL_SUCCESS, BSL_CanonicalBlock_t::btsd_len, BSLX_BCB_t::bundle, CHK_ARG_NONNULL, CHK_PRECONDITION, BSLX_BCB_t::iv, BSLX_BCB_t::key_id, BSLX_BCB_t::keywrap, BSL_Data_t::len, BSL_Data_t::ptr, RFC9173_BCB_AES_VARIANT_A128GCM, RFC9173_BCB_DEFAULT_IV_LEN, BSLX_BCB_t::target_block, and BSLX_BCB_t::wrapped_key.

Referenced by BSLX_BCB_Execute().

◆ BSLX_BCB_GetParams()

int BSLX_BCB_GetParams ( const BSL_BundleRef_t bundle,
BSLX_BCB_t bcb_context,
const BSL_SecOper_t *  sec_oper 
)

References BSLX_BCB_t::aad_scope, BSLX_BCB_t::aes_variant, ASSERT_POSTCONDITION, ASSERT_PRECONDITION, BSLX_BCB_t::authtag, BSL_CanonicalBlock_t::block_num, BSL_BundleCtx_GetBlockMetadata(), BSL_Data_InitView(), BSL_ERR_HOST_CALLBACK_FAILED, BSL_ERR_PROPERTY_CHECK_FAILED, BSL_LOG_DEBUG, BSL_LOG_ERR, BSL_LOG_WARNING, BSL_SecOper_CountParams(), BSL_SecOper_GetParamAt(), BSL_SecOper_GetSecurityBlockNum(), BSL_SecParam_GetAsBytestr(), BSL_SecParam_GetAsTextstr(), BSL_SecParam_GetAsUInt64(), BSL_SecParam_GetId(), BSL_SecParam_IsInt64(), BSL_SECPARAM_TYPE_AUTH_TAG, BSL_SECPARAM_TYPE_KEY_ID, BSL_SECPARAM_USE_KEY_WRAP, BSL_SUCCESS, BSL_CanonicalBlock_t::btsd_len, CHK_ARG_NONNULL, CHK_PRECONDITION, BSLX_BCB_t::err_count, BSLX_BCB_t::iv, BSLX_BCB_t::key_id, BSLX_BCB_t::keywrap, BSL_Data_t::len, BSL_Data_t::ptr, RFC9173_BCB_AADSCOPEFLAGID_INC_PRIM_BLOCK, RFC9173_BCB_AADSCOPEFLAGID_INC_SECURITY_HEADER, RFC9173_BCB_AADSCOPEFLAGID_INC_TARGET_HEADER, RFC9173_BCB_AES_VARIANT_A128GCM, RFC9173_BCB_AES_VARIANT_A256GCM, RFC9173_BCB_SECPARAM_AADSCOPE, RFC9173_BCB_SECPARAM_AESVARIANT, RFC9173_BCB_SECPARAM_IV, RFC9173_BCB_SECPARAM_WRAPPEDKEY, BSLX_BCB_t::sec_block, BSLX_BCB_t::skip_aad_prim_block, BSLX_BCB_t::skip_aad_sec_block, BSLX_BCB_t::skip_aad_target_block, BSLX_BCB_t::target_block, and BSLX_BCB_t::wrapped_key.

Referenced by BSLX_BCB_Execute().

◆ BSLX_BCB_Init()

int BSLX_BCB_Init ( BSLX_BCB_t bcb_context,
BSL_BundleRef_t bundle,
const BSL_SecOper_t *  sec_oper 
)

References BSL_PrimaryBlock_t::block_count, BSL_CanonicalBlock_t::block_num, BSL_BundleCtx_GetBlockMetadata(), BSL_BundleCtx_GetBundleMetadata(), BSL_CRYPTO_DECRYPT, BSL_CRYPTO_ENCRYPT, BSL_Data_InitBuffer(), BSL_ERR_HOST_CALLBACK_FAILED, BSL_ERR_INSUFFICIENT_SPACE, BSL_LOG_ERR, BSL_SecOper_GetTargetBlockNum(), BSL_SecOper_IsRoleSource(), BSL_SUCCESS, BSL_CanonicalBlock_t::btsd_len, BSLX_BCB_t::bundle, CHK_ARG_NONNULL, CHK_POSTCONDITION, CHK_PROPERTY, BSLX_BCB_t::crypto_mode, BSLX_BCB_t::debugstr, BSLX_BCB_t::primary_block, and BSLX_BCB_t::target_block.

Referenced by BSLX_BCB_Execute().

◆ BSLX_BIB_Deinit()

void BSLX_BIB_Deinit ( BSLX_BIB_t self)

References ASSERT_ARG_NONNULL, BSL_Data_Deinit(), BSL_PrimaryBlock_deinit(), BSLX_BIB_t::hmac_result_val, BSLX_BIB_t::primary_block, and BSLX_BIB_t::wrapped_key.

Referenced by BSLX_BIB_Execute().

◆ BSLX_BIB_GenHMAC()

int BSLX_BIB_GenHMAC ( BSLX_BIB_t self,
const BSL_Data_t ippt_data 
)

Performs the actual HMAC over the given IPPT, placing the result in hmac_result.

Returns the number of bytes written into hmac_result. Negative indicates error. NOTE: This does NOT resize the result, the caller must do so.

wrapped key always 8 bytes greater than CEK [7] (2.2.1)

References BSL_AuthCtx_Deinit(), BSL_AuthCtx_DigestBuffer(), BSL_AuthCtx_Finalize(), BSL_AuthCtx_Init(), BSL_Crypto_ClearGeneratedKeyHandle(), BSL_Crypto_GenKey(), BSL_Crypto_GetRegistryKey(), BSL_Crypto_UnwrapKey(), BSL_Crypto_WrapKey(), BSL_Data_InitBuffer(), BSL_ERR_SECURITY_CONTEXT_AUTH_FAILED, BSL_ERR_SECURITY_CONTEXT_CRYPTO_FAILED, BSL_ERR_SECURITY_CONTEXT_FAILED, BSL_LOG_DEBUG, BSL_LOG_ERR, BSL_LOG_WARNING, BSL_SUCCESS, CHK_ARG_NONNULL, BSLX_BIB_t::hash_size, BSLX_BIB_t::hmac_result_val, BSLX_BIB_t::is_source, BSLX_BIB_t::key_id, BSLX_BIB_t::keywrap, BSL_Data_t::len, BSL_Data_t::ptr, BSLX_BIB_t::sha_variant, and BSLX_BIB_t::wrapped_key.

Referenced by BSLX_BIB_Execute().

◆ BSLX_BIB_GenIPPT()

int BSLX_BIB_GenIPPT ( const BSLX_BIB_t self,
BSL_Data_t ippt_space 
)

Computes the Integrity-Protected Plaintext (IPPT) according to Section 3.7 of RFC 9173 [4].

Parameters
[in,out]ippt_spaceStorage for the output, or empty to calculate the needed size.
Returns
A positive value to indicate the needed size, or negative for error.

References ASSERT_ARG_NONNULL, BSL_CanonicalBlock_t::block_num, BSL_BundleCtx_ReadBTSD(), BSL_Data_Deinit(), BSL_Data_InitBuffer(), BSL_ERR_ENCODING, BSL_LOG_ERR, BSL_SeqReader_Destroy(), BSL_SeqReader_Get(), BSLX_EncodeHeader(), BSL_CanonicalBlock_t::btsd_len, buf, BSLX_BIB_t::bundle, CHK_ARG_NONNULL, BSL_PrimaryBlock_t::encoded, encoder, BSLX_BIB_t::integrity_scope_flags, BSL_Data_t::len, BSLX_BIB_t::primary_block, BSL_Data_t::ptr, RFC9173_BIB_INTEGSCOPEFLAG_INC_PRIM, RFC9173_BIB_INTEGSCOPEFLAG_INC_SEC_HDR, RFC9173_BIB_INTEGSCOPEFLAG_INC_TARGET_HDR, BSLX_BIB_t::sec_block, and BSLX_BIB_t::target_block.

Referenced by BSLX_BIB_Execute().

◆ BSLX_BIB_InitFromSecOper()

int BSLX_BIB_InitFromSecOper ( BSLX_BIB_t self,
const BSL_BundleRef_t bundle,
const BSL_SecOper_t *  sec_oper 
)

Populate the BIB parameters convenience struct from the security operation struct.

TODO: move to common function.

References ASSERT_ARG_NONNULL, ASSERT_PRECONDITION, BSL_CRYPTO_SHA_256, BSL_CRYPTO_SHA_384, BSL_CRYPTO_SHA_512, BSL_Data_InitView(), BSL_ERR_PROPERTY_CHECK_FAILED, BSL_LOG_DEBUG, BSL_LOG_ERR, BSL_LOG_WARNING, BSL_SecOper_CountParams(), BSL_SecOper_GetParamAt(), BSL_SecOper_IsRoleSource(), BSL_SecParam_GetAsBytestr(), BSL_SecParam_GetAsTextstr(), BSL_SecParam_GetAsUInt64(), BSL_SecParam_GetId(), BSL_SecParam_IsInt64(), BSL_SECPARAM_TYPE_KEY_ID, BSL_SECPARAM_USE_KEY_WRAP, BSL_SUCCESS, BSLX_BIB_t::bundle, BSLX_BIB_t::hash_size, BSLX_BIB_t::integrity_scope_flags, BSLX_BIB_t::is_source, BSLX_BIB_t::key_id, BSLX_BIB_t::keywrap, BSL_Data_t::len, map_rfc9173_sha_variant_to_crypto(), BSL_Data_t::ptr, RFC9173_BIB_PARAMID_INTEG_SCOPE_FLAG, RFC9173_BIB_PARAMID_SHA_VARIANT, RFC9173_BIB_PARAMID_WRAPPED_KEY, RFC9173_BIB_SHA_HMAC384, BSLX_BIB_t::sha_variant, and BSLX_BIB_t::wrapped_key.

Referenced by BSLX_BIB_Execute().

◆ BSLX_EncodeHeader()

void BSLX_EncodeHeader ( const BSL_CanonicalBlock_t block,
QCBOREncodeContext *  encoder 
)

References ASSERT_ARG_NONNULL, BSL_CanonicalBlock_t::block_num, BSL_LOG_INFO, encoder, BSL_CanonicalBlock_t::flags, and BSL_CanonicalBlock_t::type_code.

Referenced by BSLX_BCB_ComputeAAD(), and BSLX_BIB_GenIPPT().