BSL/src/security_context/DefaultSecContext_Private.h at 41ca701c21fc130bf7feb40aa9970acf7bbc1dbd · NASA-AMMOS/BSL · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
/*
 * Copyright (c) 2025 The Johns Hopkins University Applied Physics
 * Laboratory LLC.
 *
 * This file is part of the Bundle Protocol Security Library (BSL).
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *     http://www.apache.org/licenses/LICENSE-2.0
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 * This work was performed for the Jet Propulsion Laboratory, California
 * Institute of Technology, sponsored by the United States Government under
 * the prime contract 80NM0018D0004 between the Caltech and NASA under
 * subcontract 1700763.
 */

/** @file
 * Contains functions only used internally, however, test utilities can include this to unit test them.
 * @ingroup example_security_context
 */

#ifndef BSLB_DEFAULT_SECURITY_CONTEXT_PRIVATE_H_
#define BSLB_DEFAULT_SECURITY_CONTEXT_PRIVATE_H_

#include <stdint.h>

#include <qcbor/qcbor_encode.h>

#include <BPSecLib_Private.h>
#include <BPSecLib_Public.h>
#include <CryptoInterface.h>

#include "rfc9173.h"

/*
 * Convenience struct containing metadata as a block.
 * Avoids the need to pass many arguments to functions.
 */
typedef struct BSLX_BlockMetadata_s
{
    uint64_t   blk_type;
    uint64_t   blk_num;
    uint64_t   flags;
    uint64_t   crc_type;
    BSL_Data_t btsd;
} BSLX_BlockMetadata_t;

typedef struct BSLX_Bytestr_s
{
    uint8_t _bytes[BSL_DEFAULT_BYTESTR_LEN + 1];
    size_t  bytelen;
} BSLX_Bytestr_t;

size_t     BSLX_Bytestr_GetCapacity(void);
BSL_Data_t BSLX_Bytestr_AsData(BSLX_Bytestr_t *self);

typedef struct BSLX_BIB_s
{
    const char          *key_id;
    BSL_PrimaryBlock_t   primary_block;
    BSL_CanonicalBlock_t target_block;
    BSL_CanonicalBlock_t sec_block;
    int64_t              integrity_scope_flags;
    int64_t              sha_variant;
    int64_t              _crypto_sha_variant;
    BSLX_Bytestr_t       wrapped_key;
    BSLX_Bytestr_t       override_key;
    uint64_t             hmac_result_id;
    BSLX_Bytestr_t       hmac_result_val;
} BSLX_BIB_t;

int BSLX_BIB_InitFromSecOper(BSLX_BIB_t *self, const BSL_SecOper_t *sec_oper);
int BSLX_BIB_GenIPPT(BSLX_BIB_t *self, BSL_Data_t ippt_space);
int BSLX_BIB_GenHMAC(BSLX_BIB_t *self, BSL_Data_t ippt_data);

/**
 * BCB encryption context with crypto primitives.
 */
typedef struct BSLX_BCB_s
{
    size_t      err_count;
    const char *key_id;

    // Data wrappers and containers for borrowed and owned/allocated buffers
    // These will ALL be deinitialized at the end, so _Deinit MUST be called.
    BSL_Data_t authtag;
    BSL_Data_t iv;
    BSL_Data_t wrapped_key;
    BSL_Data_t test_content_enc_key;
    BSL_Data_t test_init_vector;
    BSL_Data_t test_key_enc_key;
    BSL_Data_t btsd_replacement;
    BSL_Data_t debugstr;
    BSL_Data_t aad;

    // Cipher mode variants
    BSL_CipherMode_e          crypto_mode;
    rfc9173_bcb_aes_variant_e aes_variant;

    // Metadata about bundles and blocks
    BSL_PrimaryBlock_t   primary_block;
    BSL_CanonicalBlock_t sec_block;
    BSL_CanonicalBlock_t target_block;

    bool success;
    bool skip_aad_sec_block;
    bool skip_aad_target_block;
    bool skip_aad_prim_block;
    bool skip_keywrap;
} BSLX_BCB_t;

/**
 * Wrapper for large, variable-sized buffer holding all working data to compete a BCB operation.
 * @deprecated
 */
typedef struct BSLX_ScratchSpace_s
{
    uint8_t *buffer;
    size_t   size;
    size_t   position;
} BSLX_ScratchSpace_t;

/**
 * This means "give me len bytes from the scratch space and increment a counter."
 * This is a convenience to assign space within the scratch space for certain structs.
 */
void *BSLX_ScratchSpace_take(BSLX_ScratchSpace_t *scratch, size_t len);
int   BSLX_BCB_GetParams(const BSL_BundleRef_t *bundle, BSLX_BCB_t *bcb_context, const BSL_SecOper_t *sec_oper);

int  BSLX_BCB_Init(BSLX_BCB_t *bcb_context, const BSL_BundleRef_t *bundle, const BSL_SecOper_t *sec_oper);
int  BSLX_BCB_ComputeAAD(BSLX_BCB_t *bcb_context);
int  BSLX_BCB_Encrypt(BSLX_BCB_t *bcb_context);
void BSLX_EncodeHeader(const BSL_CanonicalBlock_t *block, QCBOREncodeContext *encoder);

#endif