Implementation of the dynamic backend Public API. More...
#include <inttypes.h>#include <BPSecLib_Private.h>#include <BPSecLib_Public.h>#include "PublicInterfaceImpl.h"#include "SecurityActionSet.h"#include "SecurityResultSet.h"
Include dependency graph for PublicInterfaceImpl.c:Go to the source code of this file.
Functions | |
| int | BSL_API_InitLib (BSL_LibCtx_t *lib) |
| Initialize the BPSecLib (BSL) library context. | |
| int | BSL_API_DeinitLib (BSL_LibCtx_t *lib) |
| Deinitialize and release any resources held by the BSL. | |
| int | BSL_API_RegisterSecurityContext (BSL_LibCtx_t *lib, uint64_t sec_ctx_id, BSL_SecCtxDesc_t desc) |
| Register a security context module with the BSL. | |
| int | BSL_API_RegisterPolicyProvider (BSL_LibCtx_t *lib, BSL_PolicyDesc_t desc) |
| Register a Policy Provider module with the BSL. | |
| int | BSL_API_QuerySecurity (const BSL_LibCtx_t *bsl, BSL_SecurityActionSet_t *output_action_set, const BSL_BundleRef_t *bundle, BSL_PolicyLocation_e location) |
Query BSL to populate a BSL_SecurityActionSet_t containg security processing instructions. | |
| int | BSL_API_ApplySecurity (const BSL_LibCtx_t *bsl, BSL_SecurityResponseSet_t *response_output, BSL_BundleRef_t *bundle, const BSL_SecurityActionSet_t *policy_actions) |
| Performs the given security operations on a Bundle, modifying or even dropping it entirely. | |
Detailed Description
Implementation of the dynamic backend Public API.
- Todo:
- MAJOR Complete implementation for ApplySecurity so it can drop blocks or bundles as-needed.
Definition in file PublicInterfaceImpl.c.
Function Documentation
◆ BSL_API_ApplySecurity()
| int BSL_API_ApplySecurity | ( | const BSL_LibCtx_t * | bsl, |
| BSL_SecurityResponseSet_t * | response_output, | ||
| BSL_BundleRef_t * | bundle, | ||
| const BSL_SecurityActionSet_t * | policy_actions | ||
| ) |
Performs the given security operations on a Bundle, modifying or even dropping it entirely.
- Parameters
-
[in] bsl Pointer to BSL context structure. [out] response_output Pointer to host-allocated output structure. [in,out] bundle Reference to host-owned Bundle, which may be modified or dropped by the BSL. [in] policy_actions Pointer to policy actions, which was populated using the QuerySecurityfunction.
Definition at line 178 of file PublicInterfaceImpl.c.
References BSL_BundleCtx_GetBundleMetadata(), BSL_BundleCtx_RemoveBlock(), BSL_ERR_HOST_CALLBACK_FAILED, BSL_ERR_SECURITY_OPERATION_FAILED, BSL_LOG_DEBUG, BSL_LOG_ERR, BSL_LOG_WARNING, BSL_POLICYACTION_DROP_BLOCK, BSL_POLICYACTION_DROP_BUNDLE, BSL_POLICYACTION_NOTHING, BSL_POLICYACTION_UNDEFINED, BSL_SecCtx_ExecutePolicyActionSet(), BSL_SUCCESS, BSL_SecOper_s::failure_code, BSL_SecurityResponseSet_s::results, BSL_SecurityActionSet_s::sec_operations, BSL_SecurityActionSet_s::sec_operations_count, and BSL_SecOper_s::target_block_num.
◆ BSL_API_DeinitLib()
| int BSL_API_DeinitLib | ( | BSL_LibCtx_t * | bsl | ) |
Deinitialize and release any resources held by the BSL.
- Note
- This only needs to be run once per lifetime of the BPA.
- Parameters
-
[in,out] bsl Pointer to library context
- Returns
- 0 on success, negative on error.
Definition at line 45 of file PublicInterfaceImpl.c.
References BSL_LOG_WARNING, BSL_SUCCESS, and BSL_PolicyDesc_s::deinit_fn.
◆ BSL_API_InitLib()
| int BSL_API_InitLib | ( | BSL_LibCtx_t * | bsl | ) |
Initialize the BPSecLib (BSL) library context.
- Note
- This only needs to be done once per lifetime of the BPA
- Parameters
-
[in,out] bsl Pointer to allocated space for the library context.
- Returns
- 0 on success, negative on error.
Definition at line 37 of file PublicInterfaceImpl.c.
References BSL_SUCCESS.
◆ BSL_API_QuerySecurity()
| int BSL_API_QuerySecurity | ( | const BSL_LibCtx_t * | bsl, |
| BSL_SecurityActionSet_t * | output_action_set, | ||
| const BSL_BundleRef_t * | bundle, | ||
| BSL_PolicyLocation_e | location | ||
| ) |
Query BSL to populate a BSL_SecurityActionSet_t containg security processing instructions.
This executes a chain of events in the BSL. First by querying the policy provider, then checking with the security context for viability. It returns 0 and a populated BSL_SecurityActionSet_ with the security operations and their parameters, if successful.
- Note
- A BSL guideline is that caller's generally allocate the memory for callee's. In this case, the BPA must create space for the output action set using
_Sizeoffunctions for the respective structures.
- Parameters
-
[in] bsl Pointer to BSL context. [in,out] output_action_set Pointer to pre-allocated structure into which security operations will be populated. [in] bundle Reference to BPA-owned bundle. [in] location "Location" within the BPA (e.g,. "At app egress")
- Returns
- 0 on success, negative on error. On zero,
output_action_setwill be populated.
Definition at line 85 of file PublicInterfaceImpl.c.
References BSL_PrimaryBlock_s::block_count, BSL_CanonicalBlock_s::block_num, BSL_AbsSecBlock_ContainsTarget(), BSL_AbsSecBlock_DecodeFromCBOR(), BSL_AbsSecBlock_Deinit(), BSL_AbsSecBlock_Sizeof(), BSL_BundleCtx_GetBlockIds(), BSL_BundleCtx_GetBlockMetadata(), BSL_BundleCtx_GetBundleMetadata(), BSL_Data_InitView(), BSL_ERR_HOST_CALLBACK_FAILED, BSL_ERR_NOT_FOUND, BSL_ERR_SECURITY_CONTEXT_VALIDATION_FAILED, BSL_LOG_ERR, BSL_LOG_INFO, BSL_LOG_WARNING, BSL_SecCtx_ValidatePolicyActionSet(), BSL_SUCCESS, BSL_CanonicalBlock_s::btsd, BSL_CanonicalBlock_s::btsd_len, BSL_PolicyDesc_s::deinit_fn, BSL_PolicyDesc_s::query_fn, BSL_SecOper_s::sec_block_num, BSL_SecurityActionSet_s::sec_operations, BSL_SecurityActionSet_s::sec_operations_count, BSL_SecOper_s::target_block_num, and BSL_CanonicalBlock_s::type_code.
◆ BSL_API_RegisterPolicyProvider()
| int BSL_API_RegisterPolicyProvider | ( | BSL_LibCtx_t * | lib, |
| BSL_PolicyDesc_t | desc | ||
| ) |
Register a Policy Provider module with the BSL.
- Note
- The Policy Provider interface is defined by the policy provider descriptor.
- Parameters
-
[in,out] lib Pointer to BSL context. [in] desc Policy Provider callbacks.
Definition at line 76 of file PublicInterfaceImpl.c.
References BSL_SUCCESS, and BSL_PolicyDesc_s::query_fn.
◆ BSL_API_RegisterSecurityContext()
| int BSL_API_RegisterSecurityContext | ( | BSL_LibCtx_t * | lib, |
| uint64_t | sec_ctx_id, | ||
| BSL_SecCtxDesc_t | desc | ||
| ) |
Register a security context module with the BSL.
- Note
- The Security Context interface is defined by the security context descriptor.
- Parameters
-
[in,out] lib Pointer to BSL context. [in] sec_ctx_id Security context ID [in] desc Descriptor struct containing callbacks.
Definition at line 66 of file PublicInterfaceImpl.c.
References BSL_SUCCESS, BSL_SecCtxDesc_s::execute, and BSL_SecCtxDesc_s::validate.
