Merge branch 'main' into mockbpa-decoder-edges

Author: BrianSipos

CMakeLists.txt

@@ -80,6 +80,7 @@ add_compile_options(
     $<$<COMPILE_LANGUAGE:C>:-Wextra>
     $<$<COMPILE_LANGUAGE:C>:-Wpedantic>
     $<$<COMPILE_LANGUAGE:C>:-Werror>
+    $<$<COMPILE_LANGUAGE:C>:-Wformat>
     -Wshadow -Wpointer-arith -Wstrict-prototypes
     -Wmissing-prototypes -Wredundant-decls -Wcast-align
     -Wformat=2

mock-bpa-test/_generate_simple_bundles.py

@@ -152,12 +152,13 @@ def add_bcb_to_bundle_over_x(bundle, x):
 
 b = [
     [7, 0, 0, [2, [1, 2]], [2, [2, 1]], [2, [2, 1]], [0, 40], 1000000],
-    [1, 1, 0, 0, '526561647920746F2067656E657261746520612033322D62797465207061796C6F6164']
+    [1, 1, 0, 0, '526561647920746F2067656E657261746520612033322D62797465207061796C6F6164'],
+    [192, 2, 0, 0, '676f20647261676f6e666c7921']
 ]
 
 
 print (f"ORIGINAL BUNDLE: {b}")
-b = add_bib_to_bundle_over_x(b, 0)
+b = add_bib_to_bundle_over_x(b, 2)
 print(f'BUNDLE AFTER BIB: {b}')
 #b = add_bcb_to_bundle_over_x(b, 1)
 print(f'FINAL BUNDLE: {b}')

mock-bpa-test/_test_util.py

@@ -30,28 +30,21 @@ class DataFormat(Enum):
 # "structure" to hold a simple test case
 class _TestCase:
     '''
-    @param input_data list representation of bundle | TODO hex option / fully hex?
-    @param expected_output either list representation of expected output bundle OR tuple for outcome (FAILURE_CODE, N), (NO_OUTPUT, N), etc.
-    @param policy_config decimal digit representing uint32 for policy configuration | TODO switch to a hex string?
-    @param impl - boolean, true if test is implemented, false if not (placeholder for empty test fixtures)
-    @param success - boolean, true if input bundle is expected to have an output bundle, false if error/no output
+    @param input_data: list representation of bundle
+    @param expected_output: either list representation of expected output bundle OR a string to search log output for match 
+    @param policy_config: decimal digit representing uint32 for policy configuration
+    @param is_working: True if test working
+    @param input/output_data_format: data format of input/output
     '''
-    def __init__(self, input_data, expected_output, policy_config, 
-                 is_implemented : bool, is_working: bool, expect_success: bool, 
+    def __init__(self, input_data, expected_output, policy_config, is_working: bool, 
                  input_data_format : DataFormat, expected_output_format : DataFormat):
         self.input_data = input_data
         self.expected_output = expected_output
         self.policy_config = policy_config
 
-        # can be removed once all tests are implemeneted
-        self.is_implemented = is_implemented
-
         # can be removed once all tests are wworking
         self.is_working = is_working
 
-        # true if test expected to succeed (return output bundle with no errors)
-        self.expect_success = expect_success
-
         self.input_data_format = input_data_format
         self.expected_output_format = expected_output_format
 

mock-bpa-test/requirements_tests.py

@@ -173,11 +173,10 @@ def _single_test(self, testcase: _TestCase):
 
             LOGGER.warning('Check log output to validate reason for no data!!')
 
-            # Currently hard-coded for test case 19 but no other instances of DataFormat.NONE
-            case_19_str = r".*Delete bundle due to failed security operation"
+            output_str = testcase.expected_output
 
-            LOGGER.debug("Searching test runner logger for failure string: %s", case_19_str)
-            found = self._agent.wait_for_text(case_19_str)
+            LOGGER.debug("Searching test runner logger for failure string: %s", output_str)
+            found = self._agent.wait_for_text(output_str)
             LOGGER.debug("\nFOUND OCCURENCE: %s", found)
             self.assertTrue(found != "")
 
@@ -192,8 +191,7 @@ def _single_test(self, testcase: _TestCase):
 
             LOGGER.warning('Check log output to validate expected error')
 
-            # TBD - this logic is not used yet
-            err_case_str = r"tbd"
+            err_case_str = testcase.expected_output
 
             LOGGER.debug("Searching test runner logger for error string: %s", err_case_str)
             found = self._agent.wait_for_text(err_case_str)
@@ -208,7 +206,7 @@ def _add_tests(new_tests: _TestSet):
 
     def decorator(cls):
         for id, tc in new_tests.cases.items():
-            if tc.is_implemented and tc.is_working:
+            if tc.is_working:
 
                 def _test(cls, id=id):
                     cls._single_test(new_tests.cases[id])

mock-bpa-test/test_bpa.py

@@ -77,7 +77,9 @@ typedef enum
     /// Security Context errors start at 200
     BSL_ERR_SECURITY_CONTEXT_FAILED       = -200, ///< General error code for errors arising from a Security Context.
     BSL_ERR_SECURITY_CONTEXT_PARTIAL_FAIL = -201, ///< General code where at least some security operations failed.
-    BSL_ERR_SECURITY_CONTEXT_VALIDATION_FAILED = -202 ///< Indicates an HMAC signature did not match
+    BSL_ERR_SECURITY_CONTEXT_VALIDATION_FAILED = -202, ///< Indicates security context validate failed
+    BSL_ERR_SECURITY_CONTEXT_AUTH_FAILED       = -203, ///< Indicates an HMAC Auth failed
+    BSL_ERR_SECURITY_CONTEXT_CRYPTO_FAILED     = -204  ///< Indicates a cryptographic operation failed (encrypt/decrypt)
 } BSL_ErrCodes_e;
 
 /** Mark an unused parameter Within a function definition.
@@ -313,6 +315,11 @@ typedef struct BSL_Data_s
         .owned = false, .ptr = NULL, .len = 0 \
     }
 
+/**
+ * Return size of library context
+ */
+size_t BSL_LibCtx_Sizeof(void);
+
 /** Initialize an empty data struct.
  *
  * @param[in,out] data The data to initialize, which must not be NULL.
@@ -935,7 +942,7 @@ size_t BSL_AbsSecBlock_Sizeof(void);
  * @param[in] sec_context_id Security Context ID
  * @param[in] source_eid Source EID in format native to host BPA.
  */
-void BSL_AbsSecBlock_Init(BSL_AbsSecBlock_t *self, uint64_t sec_context_id, BSL_HostEID_t source_eid);
+void BSL_AbsSecBlock_Init(BSL_AbsSecBlock_t *self, int64_t sec_context_id, BSL_HostEID_t source_eid);
 
 /** Checks internal consistency and sanity of this structure.
  * @param[in] self This ASB

src/BPSecLib_Private.h

@@ -39,7 +39,7 @@ bool BSL_AbsSecBlock_IsConsistent(const BSL_AbsSecBlock_t *self)
 {
     // NOLINTBEGIN
     CHK_AS_BOOL(self != NULL);
-    CHK_AS_BOOL(self->sec_context_id > 0);
+    // CHK_AS_BOOL(self->sec_context_id > 0);
     CHK_AS_BOOL(self->source_eid.handle != NULL);
     CHK_AS_BOOL(BSLB_SecParamList_size(self->params) < 10000);
 
@@ -55,24 +55,24 @@ bool BSL_AbsSecBlock_IsConsistent(const BSL_AbsSecBlock_t *self)
 void BSL_AbsSecBlock_Print(const BSL_AbsSecBlock_t *self)
 {
     BSL_StaticString_t str;
-    BSL_LOG_INFO("ASB  context id: %lu", self->sec_context_id);
+    BSL_LOG_INFO("ASB  context id: %" PRId64, self->sec_context_id);
     for (size_t index = 0; index < uint64_list_size(self->targets); index++)
     {
-        BSL_LOG_INFO("ASB  target[%lu]: %lu", index, *uint64_list_cget(self->targets, index));
+        BSL_LOG_INFO("ASB  target[%zu]: %" PRIu64, index, *uint64_list_cget(self->targets, index));
     }
 
     for (size_t index = 0; index < BSLB_SecParamList_size(self->params); index++)
     {
         BSL_SecParam_t *param = BSLB_SecParamList_get(self->params, index);
-        BSL_LOG_INFO("ASB  Param[%lu]:  id=%lu val=%lu", index, param->param_id, param->_uint_value);
+        BSL_LOG_INFO("ASB  Param[%zu]:  id=%" PRIu64 " val=%" PRIu64, index, param->param_id, param->_uint_value);
     }
 
     for (size_t index = 0; index < BSLB_SecResultList_size(self->results); index++)
     {
         BSL_SecResult_t *sec_result = BSLB_SecResultList_get(self->results, index);
         BSL_Log_DumpAsHexString((uint8_t *)str, sizeof(str), sec_result->_bytes, sec_result->_bytelen);
-        BSL_LOG_INFO("ASB  Result[%lu]: tgt=%lu, id=%lu %s", index, sec_result->target_block_num, sec_result->result_id,
-                     str);
+        BSL_LOG_INFO("ASB  Result[%zu]: tgt=%" PRIu64 ", id=%" PRIu64 " %s", index, sec_result->target_block_num,
+                     sec_result->result_id, str);
     }
 }
 
@@ -86,7 +86,7 @@ void BSL_AbsSecBlock_InitEmpty(BSL_AbsSecBlock_t *self)
     uint64_list_init(self->targets);
 }
 
-void BSL_AbsSecBlock_Init(BSL_AbsSecBlock_t *self, uint64_t sec_context_id, BSL_HostEID_t source_eid)
+void BSL_AbsSecBlock_Init(BSL_AbsSecBlock_t *self, int64_t sec_context_id, BSL_HostEID_t source_eid)
 {
     ASSERT_ARG_NONNULL(self);
     memset(self, 0, sizeof(*self));
@@ -249,7 +249,7 @@ ssize_t BSL_AbsSecBlock_EncodeToCBOR(const BSL_AbsSecBlock_t *self, UsefulBuf bu
     }
 
     {
-        QCBOREncode_AddUInt64(&encoder, self->sec_context_id);
+        QCBOREncode_AddInt64(&encoder, self->sec_context_id);
     }
 
     {
@@ -347,7 +347,8 @@ int BSL_AbsSecBlock_DecodeFromCBOR(BSL_AbsSecBlock_t *self, BSL_Data_t encoded_c
         QCBORDecode_GetUInt64(&asbdec, &tgt_num);
         BSL_LOG_DEBUG("got tgt %" PRIu64 "", tgt_num);
         uint64_list_push_back(self->targets, tgt_num);
-        assert(quit++ < 20);
+        // TODO better error handling
+        ASSERT_PROPERTY(quit++ < 20);
     }
     QCBORDecode_ExitArray(&asbdec);
 
@@ -393,7 +394,7 @@ int BSL_AbsSecBlock_DecodeFromCBOR(BSL_AbsSecBlock_t *self, BSL_Data_t encoded_c
             {
                 uint64_t param_u64_value = 0;
                 QCBORDecode_GetUInt64(&asbdec, &param_u64_value);
-                BSL_LOG_DEBUG("ASB: Parsed Param[%lu] = %lu", item_id, param_u64_value);
+                BSL_LOG_DEBUG("ASB: Parsed Param[%" PRIu64 "] = %" PRIu64, item_id, param_u64_value);
                 BSL_SecParam_t param;
                 BSL_SecParam_InitInt64(&param, item_id, param_u64_value);
                 BSLB_SecParamList_push_back(self->params, param);
@@ -402,7 +403,7 @@ int BSL_AbsSecBlock_DecodeFromCBOR(BSL_AbsSecBlock_t *self, BSL_Data_t encoded_c
             {
                 UsefulBufC target_buf;
                 QCBORDecode_GetByteString(&asbdec, &target_buf);
-                BSL_LOG_DEBUG("ASB: Parsed Param[%lu] (ByteStr) = %lu bytes", item_id, target_buf.len);
+                BSL_LOG_DEBUG("ASB: Parsed Param[%" PRIu64 "] (ByteStr) = %zu bytes", item_id, target_buf.len);
                 BSL_SecParam_t param;
                 BSL_Data_t     data_view = { .owned = 0, .ptr = (uint8_t *)target_buf.ptr, .len = target_buf.len };
                 BSL_SecParam_InitBytestr(&param, item_id, data_view);
@@ -440,7 +441,7 @@ int BSL_AbsSecBlock_DecodeFromCBOR(BSL_AbsSecBlock_t *self, BSL_Data_t encoded_c
         }
         result_index++;
 
-        BSL_LOG_DEBUG("Parsing ASB results for target[index=%lu, block#=%lu]", result_index, target_id);
+        BSL_LOG_DEBUG("Parsing ASB results for target[index=%zu, block#=%zu]", result_index, target_id);
 
         // variable length array of results
         QCBORDecode_EnterArray(&asbdec, NULL);
@@ -465,7 +466,7 @@ int BSL_AbsSecBlock_DecodeFromCBOR(BSL_AbsSecBlock_t *self, BSL_Data_t encoded_c
                 BSL_SecResult_t result;
                 int result_code = BSL_SecResult_Init(&result, item_id, self->sec_context_id, target_id, bufdata);
                 ASSERT_PROPERTY(result_code == 0);
-                BSL_LOG_DEBUG("ASB: Parsed Result (target_block=%lu, len=%lu)", result.target_block_num,
+                BSL_LOG_DEBUG("ASB: Parsed Result (target_block=%" PRIu64 ", len=%zu)", result.target_block_num,
                               result._bytelen);
                 BSLB_SecResultList_push_back(self->results, result);
             }

src/backend/AbsSecBlock.c

@@ -60,7 +60,7 @@ struct BSL_AbsSecBlock_s
     uint64_list_t targets;
 
     /// @brief Security context id
-    uint64_t sec_context_id;
+    int64_t sec_context_id;
 
     /// @brief Source EID native representation, BSL host must take care of encoding/decoding.
     BSL_HostEID_t source_eid;

src/backend/AbsSecBlock.h

@@ -34,6 +34,11 @@
 #include "SecurityActionSet.h"
 #include "SecurityResultSet.h"
 
+size_t BSL_LibCtx_Sizeof(void)
+{
+    return sizeof(BSL_LibCtx_t);
+}
+
 int BSL_API_InitLib(BSL_LibCtx_t *lib)
 {
     CHK_ARG_NONNULL(lib);
@@ -52,7 +57,7 @@ int BSL_API_DeinitLib(BSL_LibCtx_t *lib)
         (lib->policy_registry.deinit_fn)(lib->policy_registry.user_data);
 
         // TODO - We should not assume this is dynamically allocated.
-        free(lib->policy_registry.user_data);
+        BSL_FREE(lib->policy_registry.user_data);
     }
     else
     {
@@ -126,7 +131,7 @@ int BSL_API_QuerySecurity(const BSL_LibCtx_t *bsl, BSL_SecurityActionSet_t *outp
         BSL_CanonicalBlock_t block = { 0 };
         if (BSL_SUCCESS != BSL_BundleCtx_GetBlockMetadata(bundle, blocks_array[i], &block))
         {
-            BSL_LOG_WARNING("Failed to get block number %lu", blocks_array[i]);
+            BSL_LOG_WARNING("Failed to get block number %" PRIu64, blocks_array[i]);
             continue;
         }
         BSL_SecActionList_it_t act_it;
@@ -142,7 +147,7 @@ int BSL_API_QuerySecurity(const BSL_LibCtx_t *bsl, BSL_SecurityActionSet_t *outp
                     continue;
                 }
                 // Now set it's sec_block
-                BSL_AbsSecBlock_t *abs_sec_block = calloc(1, BSL_AbsSecBlock_Sizeof());
+                BSL_AbsSecBlock_t *abs_sec_block = BSL_CALLOC(1, BSL_AbsSecBlock_Sizeof());
                 BSL_Data_t         block_btsd    = { 0 };
                 BSL_Data_InitView(&block_btsd, block.btsd_len, block.btsd);
                 if (BSL_AbsSecBlock_DecodeFromCBOR(abs_sec_block, block_btsd) == 0)
@@ -157,7 +162,7 @@ int BSL_API_QuerySecurity(const BSL_LibCtx_t *bsl, BSL_SecurityActionSet_t *outp
                     BSL_LOG_WARNING("Failed to parse ASB from BTSD");
                 }
                 BSL_AbsSecBlock_Deinit(abs_sec_block);
-                free(abs_sec_block);
+                BSL_FREE(abs_sec_block);
             }
         }
     }
@@ -197,8 +202,6 @@ int BSL_API_ApplySecurity(const BSL_LibCtx_t *bsl, BSL_SecurityResponseSet_t *re
     int finalize_status = BSL_PolicyRegistry_FinalizeActions(bsl, policy_actions, bundle, response_output);
     BSL_LOG_INFO("Completed finalize: status=%d", finalize_status);
 
-    bool must_drop = false;
-
     BSL_SecActionList_it_t act_it;
     for (BSL_SecActionList_it(act_it, policy_actions->actions); !BSL_SecActionList_end_p(act_it);
          BSL_SecActionList_next(act_it))
@@ -213,7 +216,7 @@ int BSL_API_ApplySecurity(const BSL_LibCtx_t *bsl, BSL_SecurityResponseSet_t *re
             // When the operation was a success, there's nothing further to do.
             if (conclusion == BSL_SECOP_CONCLUSION_SUCCESS)
             {
-                BSL_LOG_DEBUG("Security operation success, target block num = %lu", sec_oper->target_block_num);
+                BSL_LOG_DEBUG("Security operation success, target block num = %" PRIu64, sec_oper->target_block_num);
                 continue;
             }
 
@@ -237,32 +240,22 @@ int BSL_API_ApplySecurity(const BSL_LibCtx_t *bsl, BSL_SecurityResponseSet_t *re
                 }
                 case BSL_POLICYACTION_DROP_BUNDLE:
                 {
-                    BSL_LOG_WARNING("Deleting bundle due to block target num %lu security failure",
+                    BSL_LOG_WARNING("Deleting bundle due to block target num %" PRIu64 " security failure",
                                     sec_oper->target_block_num);
-                    must_drop = true;
+                    // Drop the bundle and return operation error
+                    BSL_LOG_WARNING("***** Delete bundle due to failed security operation *******");
+                    BSL_BundleCtx_DeleteBundle(bundle);
                     break;
                 }
                 case BSL_POLICYACTION_UNDEFINED:
                 default:
                 {
-                    BSL_LOG_ERR("Unhandled policy action: %lu", err_action_code);
+                    BSL_LOG_ERR("Unhandled policy action: %" PRIu64, err_action_code);
                 }
             }
-
-            if (must_drop)
-            {
-                break;
-            }
         }
     }
 
-    if (must_drop)
-    {
-        // Drop the bundle and return operation error
-        BSL_LOG_WARNING("***** Delete bundle due to failed security operation *******");
-        BSL_BundleCtx_DeleteBundle(bundle);
-    }
-
     // TODO CHK_POSTCONDITION
-    return (must_drop) ? BSL_ERR_SECURITY_OPERATION_FAILED : BSL_SUCCESS;
+    return BSL_SUCCESS;
 }

src/backend/PublicInterfaceImpl.c

@@ -184,9 +184,10 @@ bool BSL_SecOutcome_IsInAbsSecBlock(const BSL_SecOutcome_t *self, const BSL_AbsS
         }
         else
         {
-            BSL_LOG_ERR("Security operation mismatch - ASB does NOT contain block %lu", actual_res->target_block_num);
+            BSL_LOG_ERR("Security operation mismatch - ASB does NOT contain block %" PRIu64,
+                        actual_res->target_block_num);
         }
     }
-    BSL_LOG_DEBUG("Checking results: %lu expected, %lu found", expected_matches, found_matches);
+    BSL_LOG_DEBUG("Checking results: %zu expected, %zu found", expected_matches, found_matches);
     return (expected_matches == found_matches) && (found_matches > 0);
 }