BSL v0.0.0
AMMOS Bundle Protocol Security Library (BSL)
Loading...
Searching...
No Matches
SecurityContext.c
Go to the documentation of this file.
1/*
2 * Copyright (c) 2025 The Johns Hopkins University Applied Physics
3 * Laboratory LLC.
4 *
5 * This file is part of the Bundle Protocol Security Library (BSL).
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 * This work was performed for the Jet Propulsion Laboratory, California
18 * Institute of Technology, sponsored by the United States Government under
19 * the prime contract 80NM0018D0004 between the Caltech and NASA under
20 * subcontract 1700763.
21 */
22
30#include <BPSecLib_Private.h>
31
32#include "AbsSecBlock.h"
33#include "PublicInterfaceImpl.h"
34#include "SecOperation.h"
35#include "SecurityResultSet.h"
36
37static int BSL_ExecBIBSource(BSL_SecCtx_Execute_f sec_context_fn, BSL_LibCtx_t *lib, BSL_BundleRef_t *bundle,
38 BSL_SecOper_t *sec_oper, BSL_SecOutcome_t *outcome)
39{
40 (void)lib;
41 CHK_ARG_NONNULL(sec_context_fn);
42 CHK_ARG_NONNULL(bundle);
43 CHK_ARG_NONNULL(sec_oper);
44 CHK_ARG_NONNULL(outcome);
45
46 // TODO(bvb) - This should already have been created ahead of time, around the time of inspect
47 uint64_t created_block_id = 0;
48 int created_result = BSL_BundleCtx_CreateBlock(bundle, BSL_SECBLOCKTYPE_BIB, &created_block_id);
49 if (created_result != BSL_SUCCESS)
50 {
51 BSL_LOG_ERR("Failed to create BIB block, error=%d", created_result);
52 return BSL_ERR_BUNDLE_OPERATION_FAILED;
53 }
54
55 CHK_PROPERTY(created_block_id > 0);
56
57 const int bib_result = (*sec_context_fn)(lib, bundle, sec_oper, outcome);
58 if (bib_result != 0) // || outcome->is_success == false)
59 {
60 BSL_LOG_ERR("BIB Source failed!");
61 return BSL_ERR_SECURITY_OPERATION_FAILED;
62 }
63
64 BSL_CanonicalBlock_t sec_blk = { 0 };
65 if (BSL_BundleCtx_GetBlockMetadata(bundle, created_block_id, &sec_blk) != BSL_SUCCESS)
66 {
67 BSL_LOG_ERR("Could not get BIB block (id=%lu)", created_block_id);
68 return BSL_ERR_SECURITY_OPERATION_FAILED;
69 }
70
71 BSL_HostEID_t sec_source_eid = { 0 };
72 // TODO - The ownership of this should be cleaned up(!)
73 BSL_HostEID_Init(&sec_source_eid);
74 if (BSL_Host_GetSecSrcEID(&sec_source_eid) != BSL_SUCCESS)
75 {
76 BSL_LOG_ERR("Could not get local security source EID");
77 return BSL_ERR_HOST_CALLBACK_FAILED;
78 }
79 BSL_AbsSecBlock_t abs_sec_block = { 0 };
80 BSL_AbsSecBlock_Init(&abs_sec_block, sec_oper->context_id, sec_source_eid);
81 BSL_AbsSecBlock_AddTarget(&abs_sec_block, sec_oper->target_block_num);
82
83 size_t n_results = BSL_SecOutcome_CountResults(outcome);
84 for (size_t index = 0; index < n_results; index++)
85 {
86 BSL_AbsSecBlock_AddResult(&abs_sec_block, BSL_SecOutcome_GetResultAtIndex(outcome, index));
87 }
88
89 size_t n_params = BSL_SecOutcome_CountParams(outcome);
90 for (size_t index = 0; index < n_params; index++)
91 {
92 BSL_AbsSecBlock_AddParam(&abs_sec_block, BSL_SecOutcome_GetParamAt(outcome, index));
93 }
94
95 size_t est_asb_bytelen = BSL_AbsSecBlock_Sizeof() + ((n_params + n_results + 1) * BSL_SecParam_Sizeof());
96 if (BSL_BundleCtx_ReallocBTSD(bundle, created_block_id, est_asb_bytelen) != BSL_SUCCESS)
97 {
98 BSL_LOG_ERR("Failed to prealloc sufficient BTSD space for ASB");
99 return BSL_ERR_HOST_CALLBACK_FAILED;
100 }
101
102 if (BSL_BundleCtx_GetBlockMetadata(bundle, created_block_id, &sec_blk) != BSL_SUCCESS)
103 {
104 BSL_LOG_ERR("Could not get BIB block (id=%lu)", created_block_id);
105 return BSL_ERR_SECURITY_OPERATION_FAILED;
106 }
107
108 CHK_PROPERTY(sec_blk.btsd != NULL);
109 CHK_PROPERTY(sec_blk.btsd_len > 0);
110
111 BSL_Data_t btsd_view;
112 BSL_Data_InitView(&btsd_view, sec_blk.btsd_len, sec_blk.btsd);
113 int encode_result = BSL_AbsSecBlock_EncodeToCBOR(&abs_sec_block, btsd_view);
114 BSL_AbsSecBlock_Deinit(&abs_sec_block);
115 if (encode_result <= BSL_SUCCESS)
116 {
117 BSL_LOG_ERR("Failed to encode ASB");
118 return BSL_ERR_ENCODING;
119 }
120
121 if (BSL_BundleCtx_ReallocBTSD(bundle, created_block_id, (size_t)encode_result) != BSL_SUCCESS)
122 {
123 BSL_LOG_ERR("Failed to realloc block ASB space");
124 return BSL_ERR_HOST_CALLBACK_FAILED;
125 }
126
127 if (BSL_BundleCtx_GetBlockMetadata(bundle, created_block_id, &sec_blk) != BSL_SUCCESS)
128 {
129 BSL_LOG_ERR("Could not get BIB block (id=%lu)", created_block_id);
130 return BSL_ERR_SECURITY_OPERATION_FAILED;
131 }
132
133 CHK_POSTCONDITION(sec_blk.btsd != NULL);
134 CHK_POSTCONDITION(sec_blk.btsd_len == (size_t)encode_result);
135 return BSL_SUCCESS;
136}
137
138static int BSL_ExecBIBAccept(BSL_SecCtx_Execute_f sec_context_fn, BSL_LibCtx_t *lib, BSL_BundleRef_t *bundle,
139 BSL_SecOper_t *sec_oper, BSL_SecOutcome_t *outcome)
140{
141 CHK_ARG_NONNULL(lib);
142 CHK_ARG_NONNULL(bundle);
143 CHK_PRECONDITION(BSL_SecOper_IsConsistent(sec_oper));
144 CHK_PRECONDITION(BSL_SecOutcome_IsConsistent(outcome));
145
146 BSL_CanonicalBlock_t sec_blk = { 0 };
147 if (BSL_BundleCtx_GetBlockMetadata(bundle, sec_oper->sec_block_num, &sec_blk) != BSL_SUCCESS)
148 {
149 BSL_LOG_ERR("Could not get block metadata");
150 return BSL_ERR_HOST_CALLBACK_FAILED;
151 }
152
153 BSL_AbsSecBlock_t abs_sec_block = { 0 };
154 BSL_AbsSecBlock_InitEmpty(&abs_sec_block);
155 BSL_Data_t btsd_data = { 0 };
156 BSL_Data_InitView(&btsd_data, sec_blk.btsd_len, sec_blk.btsd);
157 if (BSL_AbsSecBlock_DecodeFromCBOR(&abs_sec_block, btsd_data) != BSL_SUCCESS)
158 {
159 BSL_LOG_ERR("Failed to parse ASB CBOR");
160 BSL_AbsSecBlock_Deinit(&abs_sec_block);
161 return BSL_ERR_DECODING;
162 }
163
164 CHK_PROPERTY(BSL_AbsSecBlock_IsConsistent(&abs_sec_block));
165
166 for (size_t i = 0; i < BSLB_SecParamList_size(abs_sec_block.params); i++)
167 {
168 const BSL_SecParam_t *param = BSLB_SecParamList_cget(abs_sec_block.params, i);
169 CHK_PROPERTY(BSL_SecParam_IsConsistent(param));
170 BSLB_SecParamList_push_back(sec_oper->_param_list, *param);
171 }
172
173 const int sec_context_result = (*sec_context_fn)(lib, bundle, sec_oper, outcome);
174 if (sec_context_result != BSL_SUCCESS) // || outcome->is_success == false)
175 {
176 BSL_LOG_ERR("BIB Acceptor failed!");
177 BSL_AbsSecBlock_Deinit(&abs_sec_block);
178 return BSL_ERR_SECURITY_OPERATION_FAILED;
179 }
180
181 bool auth_success = BSL_SecOutcome_IsInAbsSecBlock(outcome, &abs_sec_block);
182 if (!auth_success)
183 {
184 BSL_LOG_ERR("BIB Accepting failed");
185 }
186
187 // TODO/FIXME - This logic seems to be correct, but should be refactored and simplified.
188 // There are too many branches/conditionals each with their own return statement.
189
190 if (BSL_SecOper_IsRoleAccepter(sec_oper))
191 {
192 uint64_t target_block_num = BSL_SecOper_GetTargetBlockNum(sec_oper);
193 int status = BSL_AbsSecBlock_StripResults(&abs_sec_block, target_block_num);
194 if (status < 0)
195 {
196 BSL_LOG_ERR("Failure to strip ASB of results");
197 BSL_AbsSecBlock_Deinit(&abs_sec_block);
198 return BSL_ERR_FAILURE;
199 }
200
201 if (BSL_AbsSecBlock_IsEmpty(&abs_sec_block))
202 {
203 if (BSL_BundleCtx_RemoveBlock(bundle, sec_blk.block_num) != BSL_SUCCESS)
204 {
205 BSL_LOG_ERR("Failed to remove block when ASB is empty");
206 BSL_AbsSecBlock_Deinit(&abs_sec_block);
207 return BSL_ERR_HOST_CALLBACK_FAILED;
208 }
209 }
210 else
211 {
212 // TODO: Realloc sec block's BTSD
213 // And encode ASB into it.
214 // At this point we know that the encoded ASB into BTSD will be smaller than what exists
215 // right now, since we removed a block.
216 // SO encode over it, and then
217 BSL_Data_t block_btsd_data = { 0 };
218 BSL_Data_InitView(&block_btsd_data, sec_blk.btsd_len, sec_blk.btsd);
219 int nbytes = BSL_AbsSecBlock_EncodeToCBOR(&abs_sec_block, block_btsd_data);
220 if (nbytes < 0)
221 {
222 BSL_LOG_ERR("Failed to re-encode ASB into sec block BTSD");
223 BSL_AbsSecBlock_Deinit(&abs_sec_block);
224 return BSL_ERR_ENCODING;
225 }
226 if (BSL_SUCCESS != BSL_BundleCtx_ReallocBTSD(bundle, sec_blk.block_num, (size_t)nbytes))
227 {
228 BSL_LOG_ERR("Failed to realloc BTSD");
229 BSL_AbsSecBlock_Deinit(&abs_sec_block);
230 return BSL_ERR_HOST_CALLBACK_FAILED;
231 }
232 }
233 }
234
235 BSL_AbsSecBlock_Deinit(&abs_sec_block);
236
237 // TODO(bvb) Check postconditions that the block actually was removed
238 if (auth_success)
239 {
240 BSL_LOG_INFO("BIB Accept SUCCESS");
241 }
242 else
243 {
244 BSL_LOG_ERR("BIB Accept FAIL");
245 }
246
247 return auth_success ? BSL_SUCCESS : BSL_ERR_SECURITY_OPERATION_FAILED;
248}
249
250static int BSL_ExecBCBAcceptor(BSL_SecCtx_Execute_f sec_context_fn, BSL_LibCtx_t *lib, BSL_BundleRef_t *bundle,
251 BSL_SecOper_t *sec_oper, BSL_SecOutcome_t *outcome)
252{
253 (void)lib;
254 CHK_ARG_NONNULL(sec_context_fn);
255 CHK_ARG_NONNULL(bundle);
256 CHK_ARG_NONNULL(sec_oper);
257 CHK_ARG_NONNULL(outcome);
258
259 BSL_CanonicalBlock_t sec_blk = { 0 };
260 if (BSL_BundleCtx_GetBlockMetadata(bundle, sec_oper->sec_block_num, &sec_blk) != BSL_SUCCESS)
261 {
262 BSL_LOG_ERR("Could not get block metadata");
263 return BSL_ERR_HOST_CALLBACK_FAILED;
264 }
265
266 BSL_AbsSecBlock_t abs_sec_block = { 0 };
267 BSL_AbsSecBlock_InitEmpty(&abs_sec_block);
268 BSL_Data_t btsd_data = { 0 };
269 BSL_Data_InitView(&btsd_data, sec_blk.btsd_len, sec_blk.btsd);
270 if (BSL_AbsSecBlock_DecodeFromCBOR(&abs_sec_block, btsd_data) != BSL_SUCCESS)
271 {
272 BSL_LOG_ERR("Failed to parse ASB CBOR");
273 BSL_AbsSecBlock_Deinit(&abs_sec_block);
274 return BSL_ERR_DECODING;
275 }
276
277 CHK_PROPERTY(BSL_AbsSecBlock_IsConsistent(&abs_sec_block));
278
279 for (size_t i = 0; i < BSLB_SecParamList_size(abs_sec_block.params); i++)
280 {
281 const BSL_SecParam_t *param = BSLB_SecParamList_cget(abs_sec_block.params, i);
282 CHK_PROPERTY(BSL_SecParam_IsConsistent(param));
283 BSLB_SecParamList_push_back(sec_oper->_param_list, *param);
284 }
285
286 const size_t result_count = BSLB_SecResultList_size(abs_sec_block.results);
287 BSL_SecParam_t results_as_params[result_count];
288 for (size_t i = 0; i < result_count; i++)
289 {
290 BSL_SecResult_t *result = BSLB_SecResultList_get(abs_sec_block.results, i);
291 if (result->target_block_num == sec_oper->target_block_num)
292 {
293 CHK_PROPERTY(BSL_SecResult_IsConsistent(result));
294 BSL_SecParam_t *result_param = &results_as_params[i];
295 BSL_Data_t as_data = { .ptr = result->_bytes, .len = result->_bytelen };
296 BSL_SecParam_InitBytestr(result_param, BSL_SECPARAM_TYPE_AUTH_TAG, as_data);
297 BSLB_SecParamList_push_back(sec_oper->_param_list, *result_param);
298 }
299 }
300
301 const int sec_context_result = (*sec_context_fn)(lib, bundle, sec_oper, outcome);
302 if (sec_context_result != BSL_SUCCESS) // || outcome->is_success == false)
303 {
304 BSL_LOG_ERR("BCB Acceptor failed!");
305 BSL_AbsSecBlock_Deinit(&abs_sec_block);
306 return BSL_ERR_SECURITY_OPERATION_FAILED;
307 }
308
309 // TODO/FIXME - This logic seems to be correct, but should be refactored and simplified.
310 // There are too many branches/conditionals each with their own return statement.
311
312 if (BSL_SecOper_IsRoleAccepter(sec_oper))
313 {
314 uint64_t target_block_num = BSL_SecOper_GetTargetBlockNum(sec_oper);
315 int status = BSL_AbsSecBlock_StripResults(&abs_sec_block, target_block_num);
316 if (status < 0)
317 {
318 BSL_LOG_ERR("Failure to strip ASB of results");
319 BSL_AbsSecBlock_Deinit(&abs_sec_block);
320 return BSL_ERR_FAILURE;
321 }
322
323 if (BSL_AbsSecBlock_IsEmpty(&abs_sec_block))
324 {
325 if (BSL_BundleCtx_RemoveBlock(bundle, sec_blk.block_num) != BSL_SUCCESS)
326 {
327 BSL_LOG_ERR("Failed to remove block when ASB is empty");
328 BSL_AbsSecBlock_Deinit(&abs_sec_block);
329 return BSL_ERR_HOST_CALLBACK_FAILED;
330 }
331 }
332 else
333 {
334 // TODO: Realloc sec block's BTSD
335 // And encode ASB into it.
336 // At this point we know that the encoded ASB into BTSD will be smaller than what exists
337 // right now, since we removed a block.
338 // SO encode over it, and then
339 BSL_Data_t block_btsd_data = { 0 };
340 BSL_Data_InitView(&block_btsd_data, sec_blk.btsd_len, sec_blk.btsd);
341 int nbytes = BSL_AbsSecBlock_EncodeToCBOR(&abs_sec_block, block_btsd_data);
342 if (nbytes < 0)
343 {
344 BSL_LOG_ERR("Failed to re-encode ASB into sec block BTSD");
345 BSL_AbsSecBlock_Deinit(&abs_sec_block);
346 return BSL_ERR_ENCODING;
347 }
348 if (BSL_SUCCESS != BSL_BundleCtx_ReallocBTSD(bundle, sec_blk.block_num, (size_t)nbytes))
349 {
350 BSL_LOG_ERR("Failed to realloc BTSD");
351 BSL_AbsSecBlock_Deinit(&abs_sec_block);
352 return BSL_ERR_HOST_CALLBACK_FAILED;
353 }
354 }
355 }
356
357 BSL_AbsSecBlock_Deinit(&abs_sec_block);
358
359 // TODO(bvb) Check postconditions that the block actually was removed
360 return BSL_SUCCESS;
361}
362
363static int BSL_ExecBCBSource(BSL_SecCtx_Execute_f sec_context_fn, BSL_LibCtx_t *lib, BSL_BundleRef_t *bundle,
364 BSL_SecOper_t *sec_oper, BSL_SecOutcome_t *outcome)
365{
366 (void)lib;
367 CHK_ARG_NONNULL(sec_context_fn);
368 CHK_ARG_NONNULL(bundle);
369 CHK_ARG_NONNULL(sec_oper);
370 CHK_ARG_NONNULL(outcome);
371
372 uint64_t blk_id = 0;
373 if (BSL_SUCCESS != BSL_BundleCtx_CreateBlock(bundle, BSL_SECBLOCKTYPE_BCB, &blk_id))
374 {
375 BSL_LOG_ERR("Failed to create BCB block");
376 return BSL_ERR_HOST_CALLBACK_FAILED;
377 }
378 BSL_LOG_INFO("Created new BCB block id = %lu", blk_id);
379
380 sec_oper->sec_block_num = blk_id;
381 const int res = (*sec_context_fn)(lib, bundle, sec_oper, outcome);
382 if (res != 0) // || outcome->is_success == false)
383 {
384 BSL_LOG_ERR("BCB Source failed!");
385 return BSL_ERR_SECURITY_OPERATION_FAILED;
386 }
387 BSL_LOG_INFO("BCB SOURCE operation success.");
388
389 BSL_CanonicalBlock_t sec_blk = { 0 };
390 if (BSL_BundleCtx_GetBlockMetadata(bundle, sec_oper->sec_block_num, &sec_blk) != BSL_SUCCESS)
391 {
392 BSL_LOG_ERR("Failed to get security block");
393 return BSL_ERR_HOST_CALLBACK_FAILED;
394 }
395
396 BSL_AbsSecBlock_t abs_sec_block = { 0 };
397 if (sec_blk.btsd != NULL || sec_blk.btsd_len == 0)
398 {
399 BSL_HostEID_t src_eid = { 0 };
400 BSL_HostEID_Init(&src_eid);
401 if (BSL_SUCCESS != BSL_Host_GetSecSrcEID(&src_eid))
402 {
403 BSL_LOG_ERR("Failed to get host EID");
404 return BSL_ERR_HOST_CALLBACK_FAILED;
405 }
406 BSL_AbsSecBlock_Init(&abs_sec_block, sec_oper->context_id, src_eid);
407 }
408 else
409 {
410 BSL_Data_t btsd_data = { 0 };
411 BSL_Data_InitView(&btsd_data, sec_blk.btsd_len, sec_blk.btsd);
412 if (BSL_AbsSecBlock_DecodeFromCBOR(&abs_sec_block, btsd_data) != BSL_SUCCESS)
413 {
414 BSL_LOG_ERR("Failed to parse ASB CBOR");
415 return BSL_ERR_DECODING;
416 }
417 }
418
419 BSL_AbsSecBlock_AddTarget(&abs_sec_block, sec_oper->target_block_num);
420
421 size_t n_results = BSL_SecOutcome_CountResults(outcome);
422 for (size_t index = 0; index < n_results; index++)
423 {
424 const BSL_SecResult_t *result_ptr = BSL_SecOutcome_GetResultAtIndex(outcome, index);
425 BSL_AbsSecBlock_AddResult(&abs_sec_block, result_ptr);
426 }
427
428 size_t n_params = BSL_SecOutcome_CountParams(outcome);
429 for (size_t index = 0; index < n_params; index++)
430 {
431 const BSL_SecParam_t *param_ptr = BSL_SecOutcome_GetParamAt(outcome, index);
432 BSL_AbsSecBlock_AddParam(&abs_sec_block, param_ptr);
433 }
434
435 // Over-allocate size for the ASB BTSD in the block
436 const size_t est_btsd_size = 500 + ((n_params + n_results) * 100);
437 if (BSL_BundleCtx_ReallocBTSD(bundle, sec_blk.block_num, est_btsd_size) != BSL_SUCCESS)
438 {
439 BSL_LOG_ERR("Failed to allocate space for ASB in BTSD");
440 return BSL_ERR_HOST_CALLBACK_FAILED;
441 }
442
443 // Refresh view of block after realloc-ing BTSD
444 if (BSL_BundleCtx_GetBlockMetadata(bundle, sec_oper->sec_block_num, &sec_blk) != BSL_SUCCESS)
445 {
446 BSL_LOG_ERR("Failed to get security block");
447 return BSL_ERR_HOST_CALLBACK_FAILED;
448 }
449
450 // Encode into the over-sized buffer.
451 ASSERT_PROPERTY(sec_blk.btsd != NULL);
452 ASSERT_PROPERTY(sec_blk.btsd_len > 0);
453 BSL_Data_t btsd_data = { 0 };
454 BSL_Data_InitView(&btsd_data, sec_blk.btsd_len, sec_blk.btsd);
455 int encode_result = BSL_AbsSecBlock_EncodeToCBOR(&abs_sec_block, btsd_data);
456 if (encode_result <= 0)
457 {
458 BSL_LOG_ERR("Failed to encode ASB");
459 return BSL_ERR_ENCODING;
460 }
461
462 BSL_AbsSecBlock_Deinit(&abs_sec_block);
463
464 // Now cut the BTSD buffer down to the correct size.
465 if (BSL_BundleCtx_ReallocBTSD(bundle, sec_blk.block_num, est_btsd_size) != BSL_SUCCESS)
466 {
467 BSL_LOG_ERR("Failed to allocate space for ASB in BTSD");
468 return BSL_ERR_HOST_CALLBACK_FAILED;
469 }
470 return BSL_SUCCESS;
471}
472
473int BSL_SecCtx_ExecutePolicyActionSet(BSL_LibCtx_t *lib, BSL_SecurityResponseSet_t *output_response,
474 BSL_BundleRef_t *bundle, const BSL_SecurityActionSet_t *action_set)
475{
476 // NOLINTBEGIN
477 CHK_ARG_NONNULL(lib);
478 CHK_ARG_NONNULL(output_response);
479 CHK_ARG_NONNULL(bundle);
480 CHK_PRECONDITION(BSL_SecurityActionSet_IsConsistent(action_set));
481 // NOLINTEND
482
483 BSL_SecurityResponseSet_Init(output_response, BSL_SecurityActionSet_CountSecOpers(action_set), 0);
491 size_t fail_count = 0;
492 BSL_SecOutcome_t *outcome = calloc(BSL_SecOutcome_Sizeof(), 1);
493 for (size_t sec_oper_index = 0; sec_oper_index < BSL_SecurityActionSet_CountSecOpers(action_set); sec_oper_index++)
494 {
495 memset(outcome, 0, BSL_SecOutcome_Sizeof());
496 // TODO Const correctness below
497 BSL_SecOper_t *sec_oper = (BSL_SecOper_t *)BSL_SecurityActionSet_GetSecOperAtIndex(action_set, sec_oper_index);
498 const BSL_SecCtxDesc_t *sec_ctx = BSL_SecCtxDict_cget(lib->sc_reg, sec_oper->context_id);
499 ASSERT_PROPERTY(sec_ctx != NULL);
500
501 // TODO: This is not even used, it does not need to be allocated
502 BSL_SecOutcome_Init(outcome, sec_oper, 100000);
503
504 int errcode = -1;
505 if (BSL_SecOper_IsBIB(sec_oper))
506 {
507 errcode = BSL_SecOper_IsRoleSource(sec_oper) == true
508 ? BSL_ExecBIBSource(sec_ctx->execute, lib, bundle, sec_oper, outcome)
509 : BSL_ExecBIBAccept(sec_ctx->execute, lib, bundle, sec_oper, outcome);
510 }
511 else
512 {
513 if (BSL_SecOper_IsRoleSource(sec_oper))
514 {
515 errcode = BSL_ExecBCBSource(sec_ctx->execute, lib, bundle, sec_oper, outcome);
516 }
517 else
518 {
519 errcode = BSL_ExecBCBAcceptor(sec_ctx->execute, lib, bundle, sec_oper, outcome);
520 }
521 }
522
523 BSL_SecOutcome_Deinit(outcome);
524
525 if (errcode != 0)
526 {
527 fail_count += 1;
528 BSL_LOG_ERR("Security Op failed: %d", errcode);
529 output_response->results[sec_oper_index] = -1;
530 continue;
531 }
532 }
533 free(outcome);
534
535 output_response->failure_count = fail_count;
536
537 return fail_count == 0 ? BSL_SUCCESS : BSL_ERR_SECURITY_CONTEXT_PARTIAL_FAIL;
538}
539
540bool BSL_SecCtx_ValidatePolicyActionSet(BSL_LibCtx_t *lib, const BSL_BundleRef_t *bundle,
541 const BSL_SecurityActionSet_t *action_set)
542{
543 (void)lib;
544 (void)bundle;
545 (void)action_set;
546 return true;
547}
AbsSecBlock.h
Concrete implementation of ASB and its functionality.
BPSecLib_Private.h
Single entry-point include file for all of the BPSec Lib (BSL) frontend API.
BSL_SECBLOCKTYPE_BIB
@ BSL_SECBLOCKTYPE_BIB
RFC9172 code for BIB.
Definition BPSecLib_Private.h:591
BSL_SECBLOCKTYPE_BCB
@ BSL_SECBLOCKTYPE_BCB
RFC9172 code for BCB.
Definition BPSecLib_Private.h:592
BSL_AbsSecBlock_Deinit
void BSL_AbsSecBlock_Deinit(BSL_AbsSecBlock_t *self)
Deinitializes and clears this ASB, clearing and releasing any owned memory.
BSL_AbsSecBlock_AddResult
void BSL_AbsSecBlock_AddResult(BSL_AbsSecBlock_t *self, const BSL_SecResult_t *result)
Add a security result to this security block (does NOT copy)
BSL_LOG_INFO
#define BSL_LOG_INFO(...)
This is an overloaded member function, provided for convenience. It differs from the above function o...
Definition BPSecLib_Private.h:203
BSL_AbsSecBlock_t
struct BSL_AbsSecBlock_s BSL_AbsSecBlock_t
Forward declaration of BSL_AbsSecBlock_t.
Definition BPSecLib_Private.h:819
BSL_AbsSecBlock_AddTarget
void BSL_AbsSecBlock_AddTarget(BSL_AbsSecBlock_t *self, uint64_t target_block_id)
Adds a given block ID as a security target covered by this ASB.
BSL_AbsSecBlock_StripResults
int BSL_AbsSecBlock_StripResults(BSL_AbsSecBlock_t *self, uint64_t target_block_num)
Remove security parameters and results found in outcome from this ASB.
BSL_AbsSecBlock_Init
void BSL_AbsSecBlock_Init(BSL_AbsSecBlock_t *self, uint64_t sec_context_id, BSL_HostEID_t source_eid)
Populate a pre-allocated Absract Security Block.
BSL_AbsSecBlock_InitEmpty
void BSL_AbsSecBlock_InitEmpty(BSL_AbsSecBlock_t *self)
Initialize a pre-allocated ASB with no contents.
BSL_AbsSecBlock_DecodeFromCBOR
int BSL_AbsSecBlock_DecodeFromCBOR(BSL_AbsSecBlock_t *self, BSL_Data_t encoded_cbor)
Decodes and populates this ASB from a CBOR string.
BSL_AbsSecBlock_IsEmpty
bool BSL_AbsSecBlock_IsEmpty(const BSL_AbsSecBlock_t *self)
Returns true if this ASB contains nothing (i.e., no tarets, params and results)
BSL_AbsSecBlock_Sizeof
size_t BSL_AbsSecBlock_Sizeof(void)
Returns the size of the AbsSecBlock struct in bytes.
BSL_AbsSecBlock_EncodeToCBOR
int BSL_AbsSecBlock_EncodeToCBOR(const BSL_AbsSecBlock_t *self, BSL_Data_t allocated_target)
Encodes this ASB into a CBOR string into the space pre-allocated indicated by the argument.
BSL_SecCtx_Execute_f
int(* BSL_SecCtx_Execute_f)(BSL_LibCtx_t *lib, const BSL_BundleRef_t *bundle, const BSL_SecOper_t *sec_oper, BSL_SecOutcome_t *sec_outcome)
Signature for Security Context executor for a sec OP.
Definition BPSecLib_Private.h:1154
BSL_AbsSecBlock_AddParam
void BSL_AbsSecBlock_AddParam(BSL_AbsSecBlock_t *self, const BSL_SecParam_t *param)
Add a security parameter to this security block (does NOT copy)
BSL_LOG_ERR
#define BSL_LOG_ERR(...)
This is an overloaded member function, provided for convenience. It differs from the above function o...
Definition BPSecLib_Private.h:199
BSL_AbsSecBlock_IsConsistent
bool BSL_AbsSecBlock_IsConsistent(const BSL_AbsSecBlock_t *self)
Checks internal consistency and sanity of this structure.
BSL_ERR_SECURITY_CONTEXT_PARTIAL_FAIL
@ BSL_ERR_SECURITY_CONTEXT_PARTIAL_FAIL
General code where at least some security operations failed.
Definition BPSecLib_Private.h:73
BSL_ERR_ENCODING
@ BSL_ERR_ENCODING
CBOR encoding failure.
Definition BPSecLib_Private.h:61
BSL_ERR_DECODING
@ BSL_ERR_DECODING
CBOR decoding failure.
Definition BPSecLib_Private.h:62
BSL_ERR_SECURITY_OPERATION_FAILED
@ BSL_ERR_SECURITY_OPERATION_FAILED
Security operation failed (e.g., BIB did not have enough parameters)
Definition BPSecLib_Private.h:65
BSL_SUCCESS
@ BSL_SUCCESS
Placeholder for non-error code.
Definition BPSecLib_Private.h:54
BSL_ERR_HOST_CALLBACK_FAILED
@ BSL_ERR_HOST_CALLBACK_FAILED
Callback to the host BPA returned a non-zero code.
Definition BPSecLib_Private.h:66
BSL_ERR_BUNDLE_OPERATION_FAILED
@ BSL_ERR_BUNDLE_OPERATION_FAILED
Bundle manipulation failed (add/remove or change BTSD)
Definition BPSecLib_Private.h:64
BSL_ERR_FAILURE
@ BSL_ERR_FAILURE
Uncategorized failed (prefer to avoid)
Definition BPSecLib_Private.h:55
BSL_BundleCtx_CreateBlock
int BSL_BundleCtx_CreateBlock(BSL_BundleRef_t *bundle, uint64_t block_type_code, uint64_t *block_num)
Request the creation of a new block of a given type in the bundle.
Definition HostInterface.c:96
BSL_Host_GetSecSrcEID
int BSL_Host_GetSecSrcEID(BSL_HostEID_t *eid)
Get the local EID used when this node is a security source.
Definition HostInterface.c:147
BSL_BundleCtx_GetBlockMetadata
int BSL_BundleCtx_GetBlockMetadata(const BSL_BundleRef_t *bundle, uint64_t block_num, BSL_CanonicalBlock_t *result_block)
Returns information about the bundle Canonical block.
Definition HostInterface.c:69
BSL_HostEID_Init
int BSL_HostEID_Init(BSL_HostEID_t *eid)
Initialize an abstract EID.
Definition HostInterface.c:133
BSL_BundleCtx_ReallocBTSD
int BSL_BundleCtx_ReallocBTSD(BSL_BundleRef_t *bundle, uint64_t block_num, size_t bytesize)
Requests the re-allocation of a block's BTSD, useful for BCB.
Definition HostInterface.c:117
BSL_BundleCtx_RemoveBlock
int BSL_BundleCtx_RemoveBlock(BSL_BundleRef_t *bundle, uint64_t block_num)
Requests the removal of a block from a bundle.
Definition HostInterface.c:108
PublicInterfaceImpl.h
Private interface for the dynamic backend library context.
BSL_SecOper_IsBIB
bool BSL_SecOper_IsBIB(const BSL_SecOper_t *self)
Return true if this security operation is BIB.
Definition SecOperation.c:125
BSL_SecOper_GetTargetBlockNum
uint64_t BSL_SecOper_GetTargetBlockNum(const BSL_SecOper_t *self)
Get the block number of the target block covered by this security operation.
Definition SecOperation.c:98
BSL_SecOper_IsRoleSource
bool BSL_SecOper_IsRoleSource(const BSL_SecOper_t *self)
Return true if this security operation's role is SOURCE.
Definition SecOperation.c:113
BSL_SecOper_IsConsistent
bool BSL_SecOper_IsConsistent(const BSL_SecOper_t *self)
Returns true if internal consistency and sanity checks pass.
Definition SecOperation.c:66
BSL_SecOper_IsRoleAccepter
bool BSL_SecOper_IsRoleAccepter(const BSL_SecOper_t *self)
Return true if this security operation's role is Acceptor.
Definition SecOperation.c:119
SecOperation.h
Defines a security operation.
BSL_SecParam_InitBytestr
int BSL_SecParam_InitBytestr(BSL_SecParam_t *self, uint64_t param_id, BSL_Data_t value)
Initialize as a parameter containing a bytestring.
Definition SecParam.c:34
BSL_SecParam_Sizeof
size_t BSL_SecParam_Sizeof(void)
Return size of BSL_SecParam_t struct type.
Definition SecParam.c:29
BSL_SecParam_IsConsistent
bool BSL_SecParam_IsConsistent(const BSL_SecParam_t *self)
Return true if invariant conditions pass.
Definition SecParam.c:92
BSL_SecResult_IsConsistent
bool BSL_SecResult_IsConsistent(const BSL_SecResult_t *self)
Return true when internal invariant checks pass.
Definition SecResult.c:47
BSL_SecurityActionSet_GetSecOperAtIndex
const BSL_SecOper_t * BSL_SecurityActionSet_GetSecOperAtIndex(const BSL_SecurityActionSet_t *self, size_t index)
Returns the Security Operation at the given index.
Definition SecurityActionSet.c:108
BSL_SecurityActionSet_IsConsistent
bool BSL_SecurityActionSet_IsConsistent(const BSL_SecurityActionSet_t *self)
Return true if internal sanity and consistency checks pass.
Definition SecurityActionSet.c:28
BSL_SecurityActionSet_CountSecOpers
size_t BSL_SecurityActionSet_CountSecOpers(const BSL_SecurityActionSet_t *self)
Count number of security operations present in this policy action set.
Definition SecurityActionSet.c:102
BSL_SecCtx_ValidatePolicyActionSet
bool BSL_SecCtx_ValidatePolicyActionSet(BSL_LibCtx_t *lib, const BSL_BundleRef_t *bundle, const BSL_SecurityActionSet_t *action_set)
Definition SecurityContext.c:540
BSL_SecCtx_ExecutePolicyActionSet
int BSL_SecCtx_ExecutePolicyActionSet(BSL_LibCtx_t *lib, BSL_SecurityResponseSet_t *output_response, BSL_BundleRef_t *bundle, const BSL_SecurityActionSet_t *action_set)
Call the underying security context to perform the given action.
Definition SecurityContext.c:473
BSL_SecurityResponseSet_Init
void BSL_SecurityResponseSet_Init(BSL_SecurityResponseSet_t *self, size_t noperations, size_t nfailed)
Initialize with the given count of operations and nailures.
Definition SecurityResultSet.c:41
SecurityResultSet.h
SecurityResultSet implementation for result after application of security operations.
BSL_Data_InitView
int BSL_Data_InitView(BSL_Data_t *data, size_t len, const BSL_DataPtr_t src)
Initialize a data struct as an overlay on optional external data.
Definition UtilDefs_Data.c:72
BSL_BundleRef_s
Reference to a Bundle owned and stored in the host BPA.
Definition BPSecLib_Public.h:115
BSL_CanonicalBlock_s
Structure containing parsed Canonical Block fields.
Definition BPSecLib_Public.h:146
BSL_CanonicalBlock_s::block_num
uint64_t block_num
CBOR-decoded block number (should always be > 0)
Definition BPSecLib_Public.h:147
BSL_CanonicalBlock_s::btsd
void * btsd
Pointer to BTSD owned by the host BPA.
Definition BPSecLib_Public.h:151
BSL_CanonicalBlock_s::btsd_len
size_t btsd_len
Length in bytes of the BTSD pointer.
Definition BPSecLib_Public.h:152
BSL_Data_s
Heap data storage and views.
Definition BPSecLib_Private.h:267
BSL_Data_s::ptr
BSL_DataPtr_t ptr
Pointer to the front of the buffer.
Definition BPSecLib_Private.h:271
BSL_HostEID_s
Opaque pointer to BPA-specific Endpoint ID storage.
Definition BPSecLib_Public.h:98
BSL_LibCtx_s
Concrete definition of library context.
Definition PublicInterfaceImpl.h:48
BSL_SecCtxDesc_s
Security Context descriptor (interface)
Definition BPSecLib_Private.h:1160
BSL_SecCtxDesc_s::execute
BSL_SecCtx_Execute_f execute
Callback to execute a sec op within a given bundle.
Definition BPSecLib_Private.h:1166
BSL_SecOper_s
Definition SecOperation.h:39
BSL_SecOper_s::context_id
uint64_t context_id
Security context ID.
Definition SecOperation.h:41
BSL_SecOper_s::target_block_num
uint64_t target_block_num
Bundle's block ID over which the security operation is applied.
Definition SecOperation.h:44
BSL_SecOper_s::sec_block_num
uint64_t sec_block_num
Bundle's block ID which contains the security parameters and results for this operation.
Definition SecOperation.h:47
BSL_SecOutcome_s
Definition SecOutcome.h:43
BSL_SecParam_s
Definition SecParam.h:68
BSL_SecResult_s
Definition SecResult.h:79
BSL_SecResult_s::_bytes
uint8_t _bytes[BSL_DEFAULT_BYTESTR_LEN+1]
Result as byte array, up to a given maximum.
Definition SecResult.h:90
BSL_SecResult_s::target_block_num
uint64_t target_block_num
Target block id, put in here for convenience.
Definition SecResult.h:87
BSL_SecResult_s::_bytelen
size_t _bytelen
Length of data (in bytes) of the contained bytestring. Always less than BSL_DEFAULT_BYTESTR_LEN.
Definition SecResult.h:93
BSL_SecurityActionSet_s
Contains the populated security operations for this bundle.
Definition SecurityActionSet.h:38
BSL_SecurityResponseSet_s
Contains the results and outcomes after performing the security operations.
Definition SecurityResultSet.h:37
BSL_SecurityResponseSet_s::results
int results[BSL_SECURITYRESPONSESET_ARRAYLEN]
This maps to the sec_operations in BSL_SecurityActionSet, and contains the result code of that securi...
Definition SecurityResultSet.h:40