diff --git a/.github/workflows/fuzzing.yaml b/.github/workflows/fuzzing.yaml index e5318a17..62950c11 100644 --- a/.github/workflows/fuzzing.yaml +++ b/.github/workflows/fuzzing.yaml @@ -48,6 +48,8 @@ jobs: steps: - name: Set up OS if: startsWith(matrix.os, 'ubuntu') + env: + PIP_BREAK_SYSTEM_PACKAGES: 1 run: | sudo apt-get update sudo apt-get install -y \ @@ -55,7 +57,8 @@ jobs: ruby pkg-config ccache patch \ ${{matrix.compiler=='clang' && 'clang llvm' || 'gcc g++'}} \ libssl-dev libjansson-dev \ - gcovr xmlstarlet + xmlstarlet python3-pip + sudo pip3 install gcovr sudo gem install cbor-diag - name: Set up OS if: startsWith(matrix.os, 'centos') diff --git a/docs/api/dictionary.txt b/docs/api/dictionary.txt index a12897b4..cfe56944 100644 --- a/docs/api/dictionary.txt +++ b/docs/api/dictionary.txt @@ -33,6 +33,7 @@ BPA's BPSec BPSecLib BPv +bsl BSL BSLs BSLX @@ -121,6 +122,7 @@ Josefsson JPL JSON JWK +JWKs KEK len libc diff --git a/mock-bpa-test/_test_util.py b/mock-bpa-test/_test_util.py index cff5c4e0..1a850055 100644 --- a/mock-bpa-test/_test_util.py +++ b/mock-bpa-test/_test_util.py @@ -64,3 +64,6 @@ class _TestCase: # destination location of the bundle bundle_dest_loc: BundleDestLoc = BundleDestLoc.CLIN + + # If true, test will use custom rng callback for BCB testing + use_bcb_rng: bool = False diff --git a/mock-bpa-test/test_bpa.py b/mock-bpa-test/test_bpa.py index a008bd0f..9c6b1db0 100644 --- a/mock-bpa-test/test_bpa.py +++ b/mock-bpa-test/test_bpa.py @@ -78,25 +78,30 @@ def _start(self, testcase: Optional[_TestCase]): self.assertIsNone(self._ol_sock) is_json = False + use_bcb_rng = False if testcase is not None: policy_config = testcase.policy_config LOGGER.info('Using policy config %s', policy_config) is_json = policy_config.endswith(".json") + use_bcb_rng = testcase.use_bcb_rng key_set = testcase.key_set + else: policy_config = "0x00" key_set = "mock-bpa-test/key_set_1.json" - args = compose_args([ + arglist = [ 'bsl-mock-bpa', '-s', 'ipn:2.1', # security source '-u', 'localhost:4556', '-r', 'localhost:14556', '-o', 'localhost:24556', '-a', 'localhost:34556', '-j' if is_json else "-p", policy_config, '-k', key_set - ]) + ] + arglist += ['-c'] if use_bcb_rng else [] + args = compose_args(arglist) self._agent = CmdRunner(args, stderr=subprocess.STDOUT) # Bind underlayer messaging diff --git a/mock-bpa-test/test_json_policy.py b/mock-bpa-test/test_json_policy.py index 420143a4..70532ebe 100644 --- a/mock-bpa-test/test_json_policy.py +++ b/mock-bpa-test/test_json_policy.py @@ -50,5 +50,6 @@ def test_json_source_bib_bcb(self): key_set="mock-bpa-test/key_set_1.json", is_working=True, input_data_format=DataFormat.BUNDLEARRAY, - expected_output_format=DataFormat.BUNDLEARRAY + expected_output_format=DataFormat.BUNDLEARRAY, + use_bcb_rng=True )) diff --git a/mock-bpa-test/test_requirements.py b/mock-bpa-test/test_requirements.py index 102a89e5..a1f0aa24 100644 --- a/mock-bpa-test/test_requirements.py +++ b/mock-bpa-test/test_requirements.py @@ -491,7 +491,8 @@ def test_BSL_27b(self): key_set="mock-bpa-test/key_set_1.json", is_working=True, input_data_format=DataFormat.BUNDLEARRAY, - expected_output_format=DataFormat.BUNDLEARRAY + expected_output_format=DataFormat.BUNDLEARRAY, + use_bcb_rng=True )) # BSL_28 @@ -519,7 +520,8 @@ def test_BSL_28(self): key_set="mock-bpa-test/key_set_1.json", is_working=True, input_data_format=DataFormat.BUNDLEARRAY, - expected_output_format=DataFormat.BUNDLEARRAY + expected_output_format=DataFormat.BUNDLEARRAY, + use_bcb_rng=True )) # BSL_29 @@ -820,7 +822,8 @@ def test_BSL_49(self): key_set="mock-bpa-test/key_set_1.json", is_working=True, input_data_format=DataFormat.BUNDLEARRAY, - expected_output_format=DataFormat.BUNDLEARRAY + expected_output_format=DataFormat.BUNDLEARRAY, + use_bcb_rng=True )) def test_BCB_verifier(self): diff --git a/src/BPSecLib_Private.h b/src/BPSecLib_Private.h index c9c4526e..e7428fad 100644 --- a/src/BPSecLib_Private.h +++ b/src/BPSecLib_Private.h @@ -74,6 +74,7 @@ typedef enum BSL_ERR_POLICY_FAILED = -100, ///< General error code for errors arising from a Policy Provider BSL_ERR_POLICY_QUERY = -101, ///< Error code for errors arising from Policy Provider query BSL_ERR_POLICY_FINAL = -102, ///< Error code for errors arising from Policy Provider finalize + BSL_ERR_POLICY_CONFIG = -103, ///< Error code for errors arising from Policy Provider configuration /// Security Context errors start at 200 BSL_ERR_SECURITY_CONTEXT_FAILED = -200, ///< General error code for errors arising from a Security Context. diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 4580c806..79a38046 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -99,10 +99,12 @@ target_link_libraries(bsl_default_sc PUBLIC QCBOR::qcbor) # Example Policy Provider library set(BSL_SAMPLE_PP_H ${CMAKE_CURRENT_SOURCE_DIR}/policy_provider/SamplePolicyProvider.h + ${CMAKE_CURRENT_SOURCE_DIR}/policy_provider/SamplePolicyConfigParser.h ) set(BSL_SAMPLE_PP_C ${CMAKE_CURRENT_SOURCE_DIR}/policy_provider/SamplePolicyProvider.c + ${CMAKE_CURRENT_SOURCE_DIR}/policy_provider/SamplePolicyConfigParser.c ) add_library(bsl_sample_pp) @@ -115,6 +117,7 @@ set_target_properties(bsl_sample_pp ) target_link_libraries(bsl_sample_pp PUBLIC bsl_front) target_link_libraries(bsl_sample_pp PUBLIC MLIB::mlib) +target_link_libraries(bsl_sample_pp PUBLIC Jansson::Jansson) # Dynamic backend library set(BSL_DYNAMIC_H diff --git a/src/crypto/CryptoInterface.c b/src/crypto/CryptoInterface.c index 689441ea..d39df1e0 100644 --- a/src/crypto/CryptoInterface.c +++ b/src/crypto/CryptoInterface.c @@ -696,12 +696,8 @@ int BSL_Crypto_AddRegistryKey(const char *keyid, const uint8_t *secret, size_t s CHK_PROPERTY(key_ptr != NULL); // actual key struct BSL_CryptoKey_t *key = BSL_CryptoKeyPtr_ref(key_ptr); - EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HMAC, NULL); - int res = EVP_PKEY_keygen_init(ctx); - CHK_PROPERTY(res == 1); key->pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, secret, (int)secret_len); - EVP_PKEY_CTX_free(ctx); int ecode = 0; if ((ecode = BSL_Data_CopyFrom(&key->raw, secret_len, secret)) < 0) diff --git a/src/mock_bpa/CMakeLists.txt b/src/mock_bpa/CMakeLists.txt index 7869050d..8e1e51cf 100644 --- a/src/mock_bpa/CMakeLists.txt +++ b/src/mock_bpa/CMakeLists.txt @@ -34,9 +34,7 @@ target_sources( ${CMAKE_CURRENT_SOURCE_DIR}/encode.h ${CMAKE_CURRENT_SOURCE_DIR}/decode.h ${CMAKE_CURRENT_SOURCE_DIR}/text_util.h - ${CMAKE_CURRENT_SOURCE_DIR}/policy_config.h - ${CMAKE_CURRENT_SOURCE_DIR}/policy_params.h - ${CMAKE_CURRENT_SOURCE_DIR}/policy_registry.h + ${CMAKE_CURRENT_SOURCE_DIR}/key_registry.h ${CMAKE_CURRENT_SOURCE_DIR}/ctr.h ${CMAKE_CURRENT_SOURCE_DIR}/MockBPA.h ) @@ -51,9 +49,7 @@ target_sources( ${CMAKE_CURRENT_SOURCE_DIR}/encode.c ${CMAKE_CURRENT_SOURCE_DIR}/decode.c ${CMAKE_CURRENT_SOURCE_DIR}/text_util.c - ${CMAKE_CURRENT_SOURCE_DIR}/policy_config.c - ${CMAKE_CURRENT_SOURCE_DIR}/policy_params.c - ${CMAKE_CURRENT_SOURCE_DIR}/policy_registry.c + ${CMAKE_CURRENT_SOURCE_DIR}/key_registry.c ${CMAKE_CURRENT_SOURCE_DIR}/ctr.c ) set_target_properties(bsl_mock_bpa diff --git a/src/mock_bpa/agent.c b/src/mock_bpa/agent.c index e2a68984..34e0dbef 100644 --- a/src/mock_bpa/agent.c +++ b/src/mock_bpa/agent.c @@ -38,8 +38,6 @@ #include "eidpat.h" #include "encode.h" #include "decode.h" -#include "policy_config.h" -#include "policy_registry.h" static int MockBPA_GetEid(void *user_data, BSL_HostEID_t *result_eid) { @@ -960,9 +958,9 @@ int MockBPA_Agent_Exec(MockBPA_Agent_t *agent) int res = poll(pfds, sizeof(pfds) / sizeof(struct pollfd), -1); if (res < 0) { - BSL_LOG_ERR("poll failed with errno: %d", errno); if (errno != EINTR) { + BSL_LOG_ERR("poll failed with errno: %d", errno); retval = 4; } break; diff --git a/src/mock_bpa/agent.h b/src/mock_bpa/agent.h index 9c927441..70a78d4a 100644 --- a/src/mock_bpa/agent.h +++ b/src/mock_bpa/agent.h @@ -28,7 +28,6 @@ #define BSL_MOCK_BPA_AGENT_H_ #include "ctr.h" -#include "policy_registry.h" #include #include diff --git a/src/mock_bpa/key_registry.c b/src/mock_bpa/key_registry.c new file mode 100644 index 00000000..998e7297 --- /dev/null +++ b/src/mock_bpa/key_registry.c @@ -0,0 +1,139 @@ +/* + * Copyright (c) 2025-2026 The Johns Hopkins University Applied Physics + * Laboratory LLC. + * + * This file is part of the Bundle Protocol Security Library (BSL). + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * http://www.apache.org/licenses/LICENSE-2.0 + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This work was performed for the Jet Propulsion Laboratory, California + * Institute of Technology, sponsored by the United States Government under + * the prime contract 80NM0018D0004 between the Caltech and NASA under + * subcontract 1700763. + */ + +/** @file + * @ingroup mock_bpa + */ + +#include "key_registry.h" +#include "text_util.h" + +int mock_bpa_key_registry_init(const char *pp_cfg_file_path) +{ + + int retval = 0; + json_t *root; + json_error_t err; + + BSL_LOG_INFO("Reading keys from %s", pp_cfg_file_path); + root = json_load_file(pp_cfg_file_path, 0, &err); + if (!root) + { + BSL_LOG_ERR("JSON error: line %d: %s", err.line, err.text); + json_decref(root); + return 1; + } + + const json_t *keys = json_object_get(root, "keys"); + if (!keys || !json_is_array(keys)) + { + BSL_LOG_ERR("Missing \"keys\" "); + json_decref(root); + return 1; + } + + const size_t n = json_array_size(keys); + BSL_LOG_INFO("Found %zu key objects", n); + + for (size_t i = 0; i < n; ++i) + { + const json_t *key_obj = json_array_get(keys, i); + if (!json_is_object(key_obj)) + { + continue; + } + + const json_t *kty = json_object_get(key_obj, "kty"); + if (!kty) + { + BSL_LOG_ERR("Missing \"kty\" "); + continue; + } + + if (0 != strcmp("oct", json_string_value(kty))) + { + BSL_LOG_ERR("Not a symmetric key set"); + continue; + } + + const json_t *kid = json_object_get(key_obj, "kid"); + if (!kid || !json_is_string(kid)) + { + BSL_LOG_ERR("Missing \"kid\" "); + continue; + } + const char *kid_str = json_string_value(kid); + BSL_LOG_DEBUG("kid: %s", kid_str); + + const json_t *k = json_object_get(key_obj, "k"); + if (!k || !json_is_string(k)) + { + BSL_LOG_ERR("Missing \"k\" "); + continue; + } + const char *k_str = json_string_value(k); + BSL_LOG_DEBUG("k: %s", k_str); + + m_string_t k_text; + m_string_init_set_cstr(k_text, k_str); + m_bstring_t k_data; + m_bstring_init(k_data); + + retval = mock_bpa_base64_decode(k_data, k_text); + + if (!retval) + { + const size_t k_len = m_bstring_size(k_data); + const uint8_t *k_ptr = m_bstring_view(k_data, 0, k_len); + + retval = BSL_Crypto_AddRegistryKey(kid_str, k_ptr, k_len); + } + m_bstring_clear(k_data); + m_string_clear(k_text); + + if (retval) + { + BSL_LOG_ERR("JKW register failure"); + break; + } + } + + json_decref(root); + + return retval; +} + +int mock_bpa_rfc9173_bcb_cek(unsigned char *buf, int len) +{ + if (len == 12) // IV + { + uint8_t iv[] = { 0x54, 0x77, 0x65, 0x6c, 0x76, 0x65, 0x31, 0x32, 0x31, 0x32, 0x31, 0x32 }; + memcpy(buf, iv, 12); + } + else // A3 KEY + { + uint8_t rfc9173A3_key[] = { 0x71, 0x77, 0x65, 0x72, 0x74, 0x79, 0x75, 0x69, + 0x6f, 0x70, 0x61, 0x73, 0x64, 0x66, 0x67, 0x68 }; + memcpy(buf, rfc9173A3_key, len); + } + return 1; +} diff --git a/src/mock_bpa/policy_params.h b/src/mock_bpa/key_registry.h similarity index 56% rename from src/mock_bpa/policy_params.h rename to src/mock_bpa/key_registry.h index 18e10273..727cdef3 100644 --- a/src/mock_bpa/policy_params.h +++ b/src/mock_bpa/key_registry.h @@ -21,43 +21,34 @@ */ /** @file - * Data structure and calls for the mock bpa policy params * @ingroup mock_bpa */ -#ifndef MOCK_BPA_POLICY_PARAMS_H_ -#define MOCK_BPA_POLICY_PARAMS_H_ +#ifndef BSL_MOCK_BPA_KEY_REGISTRY_H_ +#define BSL_MOCK_BPA_KEY_REGISTRY_H_ -#include +#include +#include +#include + +#include #ifdef __cplusplus extern "C" { #endif -typedef struct mock_bpa_policy_params -{ - // Params related to BIB - BSL_SecParam_t *param_integ_scope_flag; - BSL_SecParam_t *param_sha_variant; - - // Params related to BCB - BSL_SecParam_t *param_aad_scope_flag; - BSL_SecParam_t *param_init_vector; - BSL_SecParam_t *param_aes_variant; - BSL_SecParam_t *param_use_wrapped_key; - - // Params agnostic to BIB vs BCB - BSL_SecParam_t *param_test_key; - - bool active; -} mock_bpa_policy_params_t; +/// @brief Initialize JWKs +/// @param pp_cfg_file_path path to JSON file with JWKs +/// @return 0 if successful +int mock_bpa_key_registry_init(const char *pp_cfg_file_path); -void mock_bpa_policy_params_init(mock_bpa_policy_params_t *params, int policy_num); - -void mock_bpa_policy_params_deinit(mock_bpa_policy_params_t *params, int policy_num); +/** + * Custom RNG function for BCB testing + */ +int mock_bpa_rfc9173_bcb_cek(unsigned char *buf, int len); #ifdef __cplusplus } // extern C #endif -#endif // MOCK_BPA_POLICY_PARAMS_H_ +#endif diff --git a/src/mock_bpa/mock_bpa.c b/src/mock_bpa/mock_bpa.c index 6420c623..78b61d21 100644 --- a/src/mock_bpa/mock_bpa.c +++ b/src/mock_bpa/mock_bpa.c @@ -35,10 +35,11 @@ #include #include #include +#include #include "agent.h" #include "log.h" -#include "policy_config.h" +#include "key_registry.h" // Configuration static BSL_HostEID_t app_eid; @@ -101,7 +102,10 @@ static void show_usage(const char *argv0) " -u -r \n" " -e -s \n" " -p (optional - defaults to none) comma delimited hex list of , " - "e.g. '0x000f,0x0021'\n", + "e.g. '0x000f,0x0021'\n" + " -j (optional - defaults to none) path to JSON file containing policy configuration\n" + " -k (optional - defaults to none) path to JSON file containing JWKs to register\n" + " -c (optional - defaults to OpenSSL RAND) enable custom RNG generator for testing purposes\n", argv0); } @@ -133,14 +137,10 @@ int main(int argc, char **argv) BSL_HostEID_Init(&app_eid); BSL_HostEID_Init(&sec_eid); - /// Definitions of policy for all BSL instances - mock_bpa_policy_registry_t policy_registry; - mock_bpa_policy_registry_init(&policy_registry); - if (!retval) { int opt; - while ((opt = getopt(argc, argv, "ha:o:a:u:r:e:s:p:k:j:")) != -1) + while ((opt = getopt(argc, argv, "hca:o:a:u:r:e:s:p:k:j:")) != -1) { switch (opt) { @@ -173,18 +173,21 @@ int main(int argc, char **argv) break; case 'p': { - retval = !!(mock_bpa_handle_policy_config(optarg, policy, &policy_registry)); + retval = !!(BSLP_RegisterPolicyFromBitstringList(optarg, policy)); break; } case 'j': { - retval = !!(mock_bpa_register_policy_from_json(optarg, policy, &policy_registry)); + retval = !!(BSLP_RegisterPolicyFromJSON(optarg, policy)); break; } case 'k': if (mock_bpa_key_registry_init(optarg)) retval = 1; break; + case 'c': + BSL_Crypto_SetRngGenerator(mock_bpa_rfc9173_bcb_cek); + break; case 'h': // fall-through to default default: @@ -233,7 +236,6 @@ int main(int argc, char **argv) MockBPA_Agent_Join(&agent); } - mock_bpa_policy_registry_deinit(&policy_registry); BSLP_PolicyProvider_Deinit(policy); MockBPA_Agent_Deinit(&agent); BSL_HostEID_Deinit(&sec_eid); diff --git a/src/mock_bpa/policy_params.c b/src/mock_bpa/policy_params.c deleted file mode 100644 index 2ebd69a0..00000000 --- a/src/mock_bpa/policy_params.c +++ /dev/null @@ -1,65 +0,0 @@ -/* - * Copyright (c) 2025-2026 The Johns Hopkins University Applied Physics - * Laboratory LLC. - * - * This file is part of the Bundle Protocol Security Library (BSL). - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * http://www.apache.org/licenses/LICENSE-2.0 - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This work was performed for the Jet Propulsion Laboratory, California - * Institute of Technology, sponsored by the United States Government under - * the prime contract 80NM0018D0004 between the Caltech and NASA under - * subcontract 1700763. - */ - -/** @file - * Data structure and calls for the mock bpa policy params - * @ingroup mock_bpa - */ - -#include "policy_params.h" - -void mock_bpa_policy_params_init(mock_bpa_policy_params_t *params, int policy_num) -{ - params->param_integ_scope_flag = BSL_calloc(1, BSL_SecParam_Sizeof()); - params->param_sha_variant = BSL_calloc(1, BSL_SecParam_Sizeof()); - params->param_aad_scope_flag = BSL_calloc(1, BSL_SecParam_Sizeof()); - params->param_init_vector = BSL_calloc(1, BSL_SecParam_Sizeof()); - params->param_aes_variant = BSL_calloc(1, BSL_SecParam_Sizeof()); - params->param_test_key = BSL_calloc(1, BSL_SecParam_Sizeof()); - params->param_use_wrapped_key = BSL_calloc(1, BSL_SecParam_Sizeof()); - - params->active = true; - - BSL_LOG_DEBUG("Successfully Init policy number %d in registry", policy_num); -} - -void mock_bpa_policy_params_deinit(mock_bpa_policy_params_t *params, int policy_num) -{ - BSL_SecParam_Deinit(params->param_integ_scope_flag); - BSL_free(params->param_integ_scope_flag); - BSL_SecParam_Deinit(params->param_sha_variant); - BSL_free(params->param_sha_variant); - BSL_SecParam_Deinit(params->param_aad_scope_flag); - BSL_free(params->param_aad_scope_flag); - BSL_SecParam_Deinit(params->param_init_vector); - BSL_free(params->param_init_vector); - BSL_SecParam_Deinit(params->param_aes_variant); - BSL_free(params->param_aes_variant); - BSL_SecParam_Deinit(params->param_test_key); - BSL_free(params->param_test_key); - BSL_SecParam_Deinit(params->param_use_wrapped_key); - BSL_free(params->param_use_wrapped_key); - - params->active = false; - - BSL_LOG_DEBUG("Successfully De-init policy number %d in registry", policy_num); -} diff --git a/src/mock_bpa/policy_registry.c b/src/mock_bpa/policy_registry.c deleted file mode 100644 index f95313ae..00000000 --- a/src/mock_bpa/policy_registry.c +++ /dev/null @@ -1,72 +0,0 @@ -/* - * Copyright (c) 2025-2026 The Johns Hopkins University Applied Physics - * Laboratory LLC. - * - * This file is part of the Bundle Protocol Security Library (BSL). - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * http://www.apache.org/licenses/LICENSE-2.0 - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This work was performed for the Jet Propulsion Laboratory, California - * Institute of Technology, sponsored by the United States Government under - * the prime contract 80NM0018D0004 between the Caltech and NASA under - * subcontract 1700763. - */ - -/** @file - * Data structure and calls for the mock bpa policy registry memory pool - * @ingroup mock_bpa - */ - -#include "policy_registry.h" - -void mock_bpa_policy_registry_init(mock_bpa_policy_registry_t *registry) -{ - for (int i = 0; i < MOCK_BPA_MAX_POLICIES; ++i) - { - registry->in_use[i] = false; - } - registry->registry_count = 0; -} - -int mock_bpa_policy_registry_size(const mock_bpa_policy_registry_t *registry) -{ - return registry->registry_count; -} - -mock_bpa_policy_params_t *mock_bpa_policy_registry_get(mock_bpa_policy_registry_t *registry) -{ - for (int i = 0; i < MOCK_BPA_MAX_POLICIES; ++i) - { - int index = registry->registry_count + i; - if (!registry->in_use[index]) - { - registry->in_use[index] = true; - registry->registry_count = index + 1; - mock_bpa_policy_params_init(®istry->registry_params[index], index); - return ®istry->registry_params[index]; - } - } - BSL_LOG_CRIT("POLICY COUNT FULL!"); - return NULL; -} - -void mock_bpa_policy_registry_deinit(mock_bpa_policy_registry_t *registry) -{ - for (int i = 0; i < MOCK_BPA_MAX_POLICIES; ++i) - { - if (registry->in_use[i]) - { - mock_bpa_policy_params_deinit(®istry->registry_params[i], i); - registry->in_use[i] = false; - } - } - registry->registry_count = 0; -} diff --git a/src/mock_bpa/policy_registry.h b/src/mock_bpa/policy_registry.h deleted file mode 100644 index 9c4dfd1a..00000000 --- a/src/mock_bpa/policy_registry.h +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Copyright (c) 2025-2026 The Johns Hopkins University Applied Physics - * Laboratory LLC. - * - * This file is part of the Bundle Protocol Security Library (BSL). - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * http://www.apache.org/licenses/LICENSE-2.0 - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This work was performed for the Jet Propulsion Laboratory, California - * Institute of Technology, sponsored by the United States Government under - * the prime contract 80NM0018D0004 between the Caltech and NASA under - * subcontract 1700763. - */ - -/** @file - * Data structure and calls for the mock bpa policy registry memory pool - * @ingroup mock_bpa - */ - -#ifndef MOCK_BPA_POLICY_REGISTRY_H_ -#define MOCK_BPA_POLICY_REGISTRY_H_ - -#include - -#include "policy_params.h" - -#ifdef __cplusplus -extern "C" { -#endif - -#define MOCK_BPA_MAX_POLICIES 100 - -typedef struct mock_bpa_policy_registry -{ - mock_bpa_policy_params_t registry_params[MOCK_BPA_MAX_POLICIES]; - bool in_use[MOCK_BPA_MAX_POLICIES]; - int registry_count; -} mock_bpa_policy_registry_t; - -void mock_bpa_policy_registry_init(mock_bpa_policy_registry_t *registry); - -int mock_bpa_policy_registry_size(const mock_bpa_policy_registry_t *registry); - -mock_bpa_policy_params_t *mock_bpa_policy_registry_get(mock_bpa_policy_registry_t *registry); - -void mock_bpa_policy_registry_deinit(mock_bpa_policy_registry_t *registry); - -#ifdef __cplusplus -} // extern C -#endif - -#endif // MOCK_BPA_POLICY_REGISTRY_H_ diff --git a/src/mock_bpa/policy_config.c b/src/policy_provider/SamplePolicyConfigParser.c similarity index 65% rename from src/mock_bpa/policy_config.c rename to src/policy_provider/SamplePolicyConfigParser.c index 9ab667ee..c274755c 100644 --- a/src/mock_bpa/policy_config.c +++ b/src/policy_provider/SamplePolicyConfigParser.c @@ -19,42 +19,82 @@ * the prime contract 80NM0018D0004 between the Caltech and NASA under * subcontract 1700763. */ +#include "SamplePolicyConfigParser.h" -/** @file - * @ingroup mock_bpa - * Implementations for permutations of policy configurations. - */ +int BSLP_InitParams_Init(BSLP_InitParams_t *params) +{ + params->param_integ_scope_flag = BSL_calloc(1, BSL_SecParam_Sizeof()); + if (NULL == params->param_integ_scope_flag) + { + return BSL_ERR_INSUFFICIENT_SPACE; + } -#include "policy_config.h" -#include "text_util.h" + params->param_sha_variant = BSL_calloc(1, BSL_SecParam_Sizeof()); + if (NULL == params->param_sha_variant) + { + return BSL_ERR_INSUFFICIENT_SPACE; + } -int mock_bpa_rfc9173_bcb_cek(unsigned char *buf, int len) -{ - if (len == 12) // IV + params->param_aad_scope_flag = BSL_calloc(1, BSL_SecParam_Sizeof()); + if (NULL == params->param_aad_scope_flag) { - uint8_t iv[] = { 0x54, 0x77, 0x65, 0x6c, 0x76, 0x65, 0x31, 0x32, 0x31, 0x32, 0x31, 0x32 }; - memcpy(buf, iv, 12); + return BSL_ERR_INSUFFICIENT_SPACE; } - else // A3 KEY + + params->param_init_vector = BSL_calloc(1, BSL_SecParam_Sizeof()); + if (NULL == params->param_init_vector) + { + return BSL_ERR_INSUFFICIENT_SPACE; + } + + params->param_aes_variant = BSL_calloc(1, BSL_SecParam_Sizeof()); + if (NULL == params->param_aes_variant) { - uint8_t rfc9173A3_key[] = { 0x71, 0x77, 0x65, 0x72, 0x74, 0x79, 0x75, 0x69, - 0x6f, 0x70, 0x61, 0x73, 0x64, 0x66, 0x67, 0x68 }; - memcpy(buf, rfc9173A3_key, len); + return BSL_ERR_INSUFFICIENT_SPACE; } - return 1; + + params->param_test_key = BSL_calloc(1, BSL_SecParam_Sizeof()); + if (NULL == params->param_test_key) + { + return BSL_ERR_INSUFFICIENT_SPACE; + } + + params->param_use_wrapped_key = BSL_calloc(1, BSL_SecParam_Sizeof()); + if (NULL == params->param_use_wrapped_key) + { + return BSL_ERR_INSUFFICIENT_SPACE; + } + + return BSL_SUCCESS; } -/** - * @todo Handle ION events as policy actions - dependent on other BSL issues/ future changes - */ -int mock_bpa_register_policy_from_json(const char *pp_cfg_file_path, BSLP_PolicyProvider_t *policy, - mock_bpa_policy_registry_t *reg) +void BSLP_InitParams_Deinit(BSLP_InitParams_t *params) { + BSL_SecParam_Deinit(params->param_integ_scope_flag); + BSL_free(params->param_integ_scope_flag); + BSL_SecParam_Deinit(params->param_sha_variant); + BSL_free(params->param_sha_variant); + BSL_SecParam_Deinit(params->param_aad_scope_flag); + BSL_free(params->param_aad_scope_flag); + BSL_SecParam_Deinit(params->param_init_vector); + BSL_free(params->param_init_vector); + BSL_SecParam_Deinit(params->param_aes_variant); + BSL_free(params->param_aes_variant); + BSL_SecParam_Deinit(params->param_test_key); + BSL_free(params->param_test_key); + BSL_SecParam_Deinit(params->param_use_wrapped_key); + BSL_free(params->param_use_wrapped_key); +} + +int BSLP_RegisterPolicyFromJSON(const char *policy_cfg_path, BSLP_PolicyProvider_t *policy) +{ + CHK_ARG_NONNULL(policy_cfg_path); + CHK_ARG_NONNULL(policy); - uint32_t sec_block_type; - uint32_t sec_ctx_id; + BSL_SecBlockType_e sec_block_type; + int64_t sec_ctx_id; BSL_SecRole_e sec_role; - uint32_t target_block_type; + uint64_t target_block_type; BSL_PolicyLocation_e policy_loc_enum; BSL_PolicyAction_e policy_action_enum; @@ -67,27 +107,27 @@ int mock_bpa_register_policy_from_json(const char *pp_cfg_file_path, BSLP_Policy json_t *root; json_error_t err; - root = json_load_file(pp_cfg_file_path, 0, &err); + root = json_load_file(policy_cfg_path, 0, &err); if (!root) { BSL_LOG_ERR("JSON error: line %d: %s", err.line, err.text); - return -2; + return BSL_ERR_POLICY_CONFIG; } // policyrule_set attr - json_t *policyrule_set = json_object_get(root, "policyrule_set"); + const json_t *policyrule_set = json_object_get(root, "policyrule_set"); if (!policyrule_set || !json_is_array(policyrule_set)) { BSL_LOG_ERR("Missing policyrule set "); json_decref(root); - return -3; + return BSL_ERR_POLICY_CONFIG; } - size_t policy_rule_idx, policy_rule_ct = json_array_size(policyrule_set); + size_t policy_rule_ct = json_array_size(policyrule_set); BSL_LOG_DEBUG(" got (%zu) policyrules:", policy_rule_ct); - for (policy_rule_idx = 0; policy_rule_idx < policy_rule_ct; ++policy_rule_idx) + for (size_t policy_rule_idx = 0; policy_rule_idx < policy_rule_ct; ++policy_rule_idx) { - json_t *policy_rule_elm = json_array_get(policyrule_set, policy_rule_idx); + const json_t *policy_rule_elm = json_array_get(policyrule_set, policy_rule_idx); if (!json_is_object(policy_rule_elm)) { BSL_LOG_ERR("Policy rule not JSON object"); @@ -95,28 +135,29 @@ int mock_bpa_register_policy_from_json(const char *pp_cfg_file_path, BSLP_Policy } // policyrule attr - json_t *policyrule = json_object_get(policy_rule_elm, "policyrule"); + const json_t *policyrule = json_object_get(policy_rule_elm, "policyrule"); if (!policyrule || !json_is_object(policyrule)) { BSL_LOG_ERR("Missing policyrule"); continue; } - mock_bpa_policy_params_t *params = mock_bpa_policy_registry_get(reg); - if (!params) + BSLP_InitParams_t params; + int params_init_retval = BSLP_InitParams_Init(¶ms); + if (BSL_SUCCESS != params_init_retval) { - BSL_LOG_CRIT("POLICY COUNT EXCEEDED, NOT REGISTERING FURTHER"); - return -1; + BSL_LOG_ERR("JSON Policy Parse: Error allocating params"); + return params_init_retval; } // filter attr - json_t *filter = json_object_get(policyrule, "filter"); + const json_t *filter = json_object_get(policyrule, "filter"); if (filter && json_is_object(filter)) { BSL_LOG_DEBUG("filter:"); // Get rule_id - json_t *rule_id = json_object_get(filter, "rule_id"); + const json_t *rule_id = json_object_get(filter, "rule_id"); if (!rule_id) { BSL_LOG_ERR("No rule ID "); @@ -126,7 +167,7 @@ int mock_bpa_register_policy_from_json(const char *pp_cfg_file_path, BSLP_Policy BSL_LOG_DEBUG(" rule_id: %s", rule_id_str); // get sec role - json_t *role = json_object_get(filter, "role"); + const json_t *role = json_object_get(filter, "role"); if (!role) { BSL_LOG_ERR("No sec role"); @@ -154,7 +195,7 @@ int mock_bpa_register_policy_from_json(const char *pp_cfg_file_path, BSLP_Policy continue; } - json_t *src = json_object_get(filter, "src"); + const json_t *src = json_object_get(filter, "src"); if (src) { src_str = json_string_value(src); @@ -165,7 +206,7 @@ int mock_bpa_register_policy_from_json(const char *pp_cfg_file_path, BSLP_Policy src_str = "*:**"; } - json_t *dest = json_object_get(filter, "dest"); + const json_t *dest = json_object_get(filter, "dest"); if (dest) { dest_str = json_string_value(dest); @@ -176,7 +217,7 @@ int mock_bpa_register_policy_from_json(const char *pp_cfg_file_path, BSLP_Policy dest_str = "*:**"; } - json_t *sec_src = json_object_get(filter, "sec_src"); + const json_t *sec_src = json_object_get(filter, "sec_src"); if (sec_src) { sec_src_str = json_string_value(sec_src); @@ -188,19 +229,23 @@ int mock_bpa_register_policy_from_json(const char *pp_cfg_file_path, BSLP_Policy } // check tgt (target block type) - json_t *tgt = json_object_get(filter, "tgt"); + const json_t *tgt = json_object_get(filter, "tgt"); if (!tgt) { BSL_LOG_ERR("No tgt"); continue; } - const long tgt_l = json_integer_value(tgt); + const json_int_t tgt_l = json_integer_value(tgt); BSL_LOG_DEBUG(" tgt : %" JSON_INTEGER_FORMAT, tgt_l); - - target_block_type = tgt_l; + if (tgt_l < 0) + { + BSL_LOG_ERR("Invalid tgt"); + continue; + } + target_block_type = (uint64_t)tgt_l; // check loc (sec location ) - json_t *loc = json_object_get(filter, "loc"); + const json_t *loc = json_object_get(filter, "loc"); if (!loc) { BSL_LOG_ERR("No loc"); @@ -231,16 +276,16 @@ int mock_bpa_register_policy_from_json(const char *pp_cfg_file_path, BSLP_Policy continue; } - json_t *sc_id = json_object_get(filter, "sc_id"); + const json_t *sc_id = json_object_get(filter, "sc_id"); if (!sc_id || !json_is_integer(sc_id)) { BSL_LOG_DEBUG("NO SEC CTX ID"); continue; } - long sc_id_l = json_integer_value(sc_id); + const json_int_t sc_id_l = json_integer_value(sc_id); BSL_LOG_DEBUG(" scid : %" JSON_INTEGER_FORMAT, sc_id_l); - sec_ctx_id = sc_id_l; + sec_ctx_id = (int64_t)sc_id_l; sec_block_type = (sec_ctx_id == 1) ? BSL_SECBLOCKTYPE_BIB : BSL_SECBLOCKTYPE_BCB; } else @@ -250,14 +295,14 @@ int mock_bpa_register_policy_from_json(const char *pp_cfg_file_path, BSLP_Policy } // es_ref - json_t *es_ref = json_object_get(policyrule, "es_ref"); + const json_t *es_ref = json_object_get(policyrule, "es_ref"); if (!es_ref || !json_is_string(es_ref)) { BSL_LOG_DEBUG("NO ES REF"); } // policy_action_on_fail - json_t *policy_action_on_fail = json_object_get(policyrule, "policy_action_on_fail"); + const json_t *policy_action_on_fail = json_object_get(policyrule, "policy_action_on_fail"); if (!policy_action_on_fail || !json_is_string(policy_action_on_fail)) { BSL_LOG_ERR("NO POLICY ACTION"); @@ -286,37 +331,37 @@ int mock_bpa_register_policy_from_json(const char *pp_cfg_file_path, BSLP_Policy uint64_t params_got = 0x0; // spec attr - json_t *spec = json_object_get(policyrule, "spec"); + const json_t *spec = json_object_get(policyrule, "spec"); if (spec && json_is_object(spec)) { // check sec ctx id - json_t *sc_id = json_object_get(spec, "sc_id"); - long sc_id_l = json_integer_value(sc_id); + const json_t *sc_id = json_object_get(spec, "sc_id"); + const json_int_t sc_id_l = json_integer_value(sc_id); BSL_LOG_DEBUG("spec:"); - BSL_LOG_DEBUG(" sc_id: %" JSON_INTEGER_FORMAT, sc_id_l ? sc_id_l : -1); + BSL_LOG_DEBUG(" sc_id: %" JSON_INTEGER_FORMAT, sc_id_l); - json_t *sc_parms = json_object_get(spec, "sc_parms"); + const json_t *sc_parms = json_object_get(spec, "sc_parms"); if (sc_parms && json_is_array(sc_parms)) { - size_t i, n = json_array_size(sc_parms); + const size_t n = json_array_size(sc_parms); BSL_LOG_DEBUG(" sc_parms (%zu):", n); - for (i = 0; i < n; ++i) + for (size_t i = 0; i < n; ++i) { - json_t *entry = json_array_get(sc_parms, i); + const json_t *entry = json_array_get(sc_parms, i); if (!json_is_object(entry)) { continue; } - json_t *id = json_object_get(entry, "id"); + const json_t *id = json_object_get(entry, "id"); if (!id || !json_is_string(id)) { continue; } const char *id_str = json_string_value(id); - json_t *value = json_object_get(entry, "value"); + const json_t *value = json_object_get(entry, "value"); if (!value || !json_is_string(value)) { continue; @@ -332,7 +377,7 @@ int mock_bpa_register_policy_from_json(const char *pp_cfg_file_path, BSLP_Policy { if (0 == strcmp(id_str, "key_name")) { - BSL_SecParam_InitTextstr(params->param_test_key, BSL_SECPARAM_TYPE_KEY_ID, value_str); + BSL_SecParam_InitTextstr(params.param_test_key, BSL_SECPARAM_TYPE_KEY_ID, value_str); params_got |= 0x1; } else if (0 == strcmp(id_str, "sha_variant")) @@ -351,36 +396,27 @@ int mock_bpa_register_policy_from_json(const char *pp_cfg_file_path, BSLP_Policy sha_var = RFC9173_BIB_SHA_HMAC512; } - BSL_SecParam_InitUint64(params->param_sha_variant, RFC9173_BIB_PARAMID_SHA_VARIANT, + BSL_SecParam_InitUint64(params.param_sha_variant, RFC9173_BIB_PARAMID_SHA_VARIANT, sha_var); params_got |= 0x2; } else if (0 == strcmp(id_str, "scope_flags")) { - uint64_t flag = strtol(value_str, NULL, 10); // FIXME - BSL_SecParam_InitUint64(params->param_integ_scope_flag, + uint64_t flag = strtol(value_str, NULL, 10); + BSL_SecParam_InitUint64(params.param_integ_scope_flag, RFC9173_BIB_PARAMID_INTEG_SCOPE_FLAG, flag); params_got |= 0x4; } else if (0 == strcmp(id_str, "key_wrap")) { - uint64_t keywrap; - if (0 == strcmp(value_str, "0")) - { - keywrap = 0; - } - else - { - keywrap = 1; - } - - BSL_SecParam_InitUint64(params->param_use_wrapped_key, BSL_SECPARAM_USE_KEY_WRAP, + uint64_t keywrap = !!strcmp(value_str, "0"); + BSL_SecParam_InitUint64(params.param_use_wrapped_key, BSL_SECPARAM_USE_KEY_WRAP, keywrap); params_got |= 0x8; } else { - BSL_LOG_ERR("INVALID PARAM KEY %s FOR SC ID %d", id_str, sc_id_l); + BSL_LOG_ERR("INVALID PARAM KEY %s FOR SC ID %" JSON_INTEGER_FORMAT, id_str, sc_id_l); continue; } break; @@ -389,57 +425,33 @@ int mock_bpa_register_policy_from_json(const char *pp_cfg_file_path, BSLP_Policy { if (0 == strcmp(id_str, "key_name")) { - BSL_SecParam_InitTextstr(params->param_test_key, BSL_SECPARAM_TYPE_KEY_ID, value_str); + BSL_SecParam_InitTextstr(params.param_test_key, BSL_SECPARAM_TYPE_KEY_ID, value_str); params_got |= 0x1; } - else if (0 == strcmp(id_str, "iv")) - { - // TODO covert value_str to bstring - // BSL_SecParam_InitBytestr(params->param_init_vector, RFC9173_BCB_SECPARAM_IV, ); - params_got |= 0x2; - } else if (0 == strcmp(id_str, "aes_variant")) { - rfc9173_bcb_aes_variant_e aes_var; - if (0 == strcmp(value_str, "1")) - { - aes_var = RFC9173_BCB_AES_VARIANT_A128GCM; - } - else - { - aes_var = RFC9173_BCB_AES_VARIANT_A256GCM; - } - - BSL_SecParam_InitUint64(params->param_aes_variant, RFC9173_BCB_SECPARAM_AESVARIANT, + uint64_t aes_var = strtol(value_str, NULL, 10); + BSL_SecParam_InitUint64(params.param_aes_variant, RFC9173_BCB_SECPARAM_AESVARIANT, aes_var); params_got |= 0x4; } else if (0 == strcmp(id_str, "aad_scope")) { - uint64_t flag = strtol(value_str, NULL, 10); // FIXME - BSL_SecParam_InitUint64(params->param_aad_scope_flag, RFC9173_BCB_SECPARAM_AADSCOPE, + uint64_t flag = strtol(value_str, NULL, 10); + BSL_SecParam_InitUint64(params.param_aad_scope_flag, RFC9173_BCB_SECPARAM_AADSCOPE, flag); params_got |= 0x8; } else if (0 == strcmp(id_str, "key_wrap")) { - uint64_t keywrap; - if (0 == strcmp(value_str, "0")) - { - keywrap = 0; - } - else - { - keywrap = 1; - } - - BSL_SecParam_InitUint64(params->param_use_wrapped_key, BSL_SECPARAM_USE_KEY_WRAP, + uint64_t keywrap = !!strcmp(value_str, "0"); + BSL_SecParam_InitUint64(params.param_use_wrapped_key, BSL_SECPARAM_USE_KEY_WRAP, keywrap); params_got |= 0x10; } else { - BSL_LOG_ERR("INVALID PARAM KEY %s FOR SC ID %d", id_str, sc_id_l); + BSL_LOG_ERR("INVALID PARAM KEY %s FOR SC ID %" JSON_INTEGER_FORMAT, id_str, sc_id_l); continue; } break; @@ -454,32 +466,31 @@ int mock_bpa_register_policy_from_json(const char *pp_cfg_file_path, BSLP_Policy } } - // event set - // TODO currently not utilized - json_t *event_set = json_object_get(root, "event_set"); + // event set (currently parsed, but not utilized/initialized meaningfully) + const json_t *event_set = json_object_get(root, "event_set"); if (event_set && json_is_object(event_set)) { // es_ref - json_t *es_ref_es = json_object_get(policyrule, "es_ref"); + const json_t *es_ref_es = json_object_get(policyrule, "es_ref"); if (!es_ref_es || !json_is_string(es_ref_es)) { BSL_LOG_DEBUG("NO ES REF"); } - json_t *events = json_object_get(event_set, "events"); + const json_t *events = json_object_get(event_set, "events"); if (events && json_is_array(events)) { - size_t i, n = json_array_size(events); + size_t n = json_array_size(events); BSL_LOG_DEBUG("num events (%zu):", n); - for (i = 0; i < n; ++i) + for (size_t i = 0; i < n; ++i) { - json_t *entry = json_array_get(events, i); + const json_t *entry = json_array_get(events, i); if (!json_is_object(entry)) { continue; } - json_t *event_id = json_object_get(entry, "event_id"); + const json_t *event_id = json_object_get(entry, "event_id"); if (!event_id) { continue; @@ -487,14 +498,14 @@ int mock_bpa_register_policy_from_json(const char *pp_cfg_file_path, BSLP_Policy const char *event_id_str = json_string_value(event_id); BSL_LOG_DEBUG("EVENT ID FOUND: %s", event_id_str); - json_t *actions = json_object_get(entry, "actions"); + const json_t *actions = json_object_get(entry, "actions"); if (actions && json_is_array(actions)) { - size_t j, m = json_array_size(actions); + const size_t m = json_array_size(actions); BSL_LOG_DEBUG("num actions in %s (%zu):", event_id_str, m); - for (j = 0; j < m; ++j) + for (size_t j = 0; j < m; ++j) { - json_t *act = json_array_get(actions, j); + const json_t *act = json_array_get(actions, j); if (!json_is_string(act)) { continue; @@ -515,39 +526,39 @@ int mock_bpa_register_policy_from_json(const char *pp_cfg_file_path, BSLP_Policy BSLP_PolicyRule_InitFrom(&rule, rule_id_str, sec_ctx_id, sec_role, sec_block_type, target_block_type, policy_action_enum); - // TODO validate params_got + // validate params_got (void)params_got; if (sec_ctx_id == 2) // BCB { - BSLP_PolicyRule_CopyParam(&rule, params->param_aes_variant); + BSLP_PolicyRule_CopyParam(&rule, params.param_aes_variant); if (sec_role == BSL_SECROLE_SOURCE) { - BSLP_PolicyRule_CopyParam(&rule, params->param_aad_scope_flag); - BSL_Crypto_SetRngGenerator(mock_bpa_rfc9173_bcb_cek); + BSLP_PolicyRule_CopyParam(&rule, params.param_aad_scope_flag); } } else { - BSLP_PolicyRule_CopyParam(&rule, params->param_sha_variant); - BSLP_PolicyRule_CopyParam(&rule, params->param_integ_scope_flag); + BSLP_PolicyRule_CopyParam(&rule, params.param_sha_variant); + BSLP_PolicyRule_CopyParam(&rule, params.param_integ_scope_flag); } - BSLP_PolicyRule_CopyParam(&rule, params->param_test_key); - BSLP_PolicyRule_CopyParam(&rule, params->param_use_wrapped_key); + BSLP_PolicyRule_CopyParam(&rule, params.param_test_key); + BSLP_PolicyRule_CopyParam(&rule, params.param_use_wrapped_key); BSLP_PolicyProvider_AddRule(policy, &rule, &predicate); + + BSLP_InitParams_Deinit(¶ms); } json_decref(root); - return 0; + return BSL_SUCCESS; } -static void mock_bpa_register_policy(const bsl_mock_policy_configuration_t policy_bits, BSLP_PolicyProvider_t *policy, - mock_bpa_policy_params_t *params) +static void BSLP_RegisterPolicyFromBitstring(const BSLP_BitstringPolicyConfiguration_t policy_bits, + BSLP_PolicyProvider_t *policy, BSLP_InitParams_t *params) { - - BSL_LOG_DEBUG("Interpreted policy: 0x%X", policy_bits); + BSL_LOG_DEBUG("Interpreting policy: 0x%X", policy_bits); uint32_t sec_block_type = policy_bits & 0x01; uint32_t policy_loc = (policy_bits >> 1) & 0x01; @@ -557,7 +568,7 @@ static void mock_bpa_register_policy(const bsl_mock_policy_configuration_t polic uint32_t use_wrapped_key = (policy_bits >> 8) & 0x01; uint32_t policy_ignore = (policy_bits >> 9) & 0x01; - uint64_t sec_context; + int64_t sec_context; // Init params for BCB if equal to 1, otherwise BIB if (sec_block_type == 1) @@ -585,16 +596,16 @@ static void mock_bpa_register_policy(const bsl_mock_policy_configuration_t polic BSL_SecParam_InitUint64(params->param_use_wrapped_key, BSL_SECPARAM_USE_KEY_WRAP, 0); } - BSL_SecBlockType_e sec_block_emum; + BSL_SecBlockType_e sec_block_enum; if (sec_block_type == 1) { - sec_block_emum = BSL_SECBLOCKTYPE_BCB; + sec_block_enum = BSL_SECBLOCKTYPE_BCB; sec_context = 2; BSL_LOG_DEBUG("Policy: 0x%X - BSL Security Block Type: BCB", policy_bits); } else { - sec_block_emum = BSL_SECBLOCKTYPE_BIB; + sec_block_enum = BSL_SECBLOCKTYPE_BIB; sec_context = 1; BSL_LOG_DEBUG("Policy: 0x%X - BSL Security Block Type: BIB", policy_bits); } @@ -695,16 +706,15 @@ static void mock_bpa_register_policy(const bsl_mock_policy_configuration_t polic BSLP_PolicyPredicate_InitFrom(&predicate_all_in, policy_loc_enum, eid_src_pat_str, "*:**", "*:**"); BSLP_PolicyRule_t rule_all_in; - BSLP_PolicyRule_InitFrom(&rule_all_in, policybits_str, sec_context, sec_role_enum, sec_block_emum, + BSLP_PolicyRule_InitFrom(&rule_all_in, policybits_str, sec_context, sec_role_enum, sec_block_enum, bundle_block_enum, policy_action_enum); - if (sec_block_emum == BSL_SECBLOCKTYPE_BCB) + if (sec_block_enum == BSL_SECBLOCKTYPE_BCB) { BSLP_PolicyRule_CopyParam(&rule_all_in, params->param_aes_variant); if (sec_role_enum == BSL_SECROLE_SOURCE) { BSLP_PolicyRule_CopyParam(&rule_all_in, params->param_aad_scope_flag); - BSL_Crypto_SetRngGenerator(mock_bpa_rfc9173_bcb_cek); } } else @@ -718,27 +728,32 @@ static void mock_bpa_register_policy(const bsl_mock_policy_configuration_t polic BSLP_PolicyProvider_AddRule(policy, &rule_all_in, &predicate_all_in); } -int mock_bpa_handle_policy_config(const char *policies, BSLP_PolicyProvider_t *policy, mock_bpa_policy_registry_t *reg) +int BSLP_RegisterPolicyFromBitstringList(const char *policies, BSLP_PolicyProvider_t *policy) { + CHK_ARG_NONNULL(policies); + CHK_ARG_NONNULL(policy); + // Split up and register each policy const char *curs = policies; char *pend; while (true) { - mock_bpa_policy_params_t *params = mock_bpa_policy_registry_get(reg); - if (!params) + BSLP_InitParams_t params; + int params_init_retval = BSLP_InitParams_Init(¶ms); + if (BSL_SUCCESS != params_init_retval) { - BSL_LOG_CRIT("POLICY COUNT EXCEEDED, NOT REGISTERING FURTHER"); - return -1; + BSL_LOG_ERR("JSON Policy Parse: Error allocating params"); + return params_init_retval; } - uint32_t val = strtoul(curs, &pend, 0); - if (pend == curs) + unsigned long val = strtoul(curs, &pend, 0); + if ((pend == curs) || (val > INT_MAX)) { BSL_LOG_ERR("Failed to decode policy integer at: %s", curs); } curs = pend; - mock_bpa_register_policy(val, policy, params); + BSLP_RegisterPolicyFromBitstring((int)val, policy, ¶ms); + BSLP_InitParams_Deinit(¶ms); if (*curs == '\0') { @@ -751,95 +766,5 @@ int mock_bpa_handle_policy_config(const char *policies, BSLP_PolicyProvider_t *p curs += 1; } - BSL_LOG_DEBUG("Successfully created policy registry of size: %d", mock_bpa_policy_registry_size(reg)); - return 0; -} - -int mock_bpa_key_registry_init(const char *pp_cfg_file_path) -{ - - int retval = 0; - json_t *root; - json_error_t err; - - BSL_LOG_INFO("Reading keys from %s", pp_cfg_file_path); - root = json_load_file(pp_cfg_file_path, 0, &err); - if (!root) - { - BSL_LOG_ERR("JSON error: line %d: %s", err.line, err.text); - json_decref(root); - return 1; - } - - json_t *keys = json_object_get(root, "keys"); - if (!keys || !json_is_array(keys)) - { - BSL_LOG_ERR("Missing \"keys\" "); - json_decref(root); - return 1; - } - - size_t n = json_array_size(keys); - BSL_LOG_INFO("Found %zu key objects", n); - - for (size_t i = 0; !retval && (i < n); ++i) - { - json_t *key_obj = json_array_get(keys, i); - if (!json_is_object(key_obj)) - { - continue; - } - - json_t *kty = json_object_get(key_obj, "kty"); - if (!kty) - { - BSL_LOG_ERR("Missing \"kty\" "); - continue; - } - - if (0 != strcmp("oct", json_string_value(kty))) - { - BSL_LOG_ERR("Not a symmetric key set"); - continue; - } - - json_t *kid = json_object_get(key_obj, "kid"); - if (!kid || !json_is_string(kid)) - { - BSL_LOG_ERR("Missing \"kid\" "); - continue; - } - const char *kid_str = json_string_value(kid); - BSL_LOG_DEBUG("kid: %s", kid_str); - - json_t *k = json_object_get(key_obj, "k"); - if (!k || !json_is_string(k)) - { - BSL_LOG_ERR("Missing \"k\" "); - continue; - } - const char *k_str = json_string_value(k); - BSL_LOG_DEBUG("k: %s", k_str); - - m_string_t k_text; - m_string_init_set_cstr(k_text, k_str); - m_bstring_t k_data; - m_bstring_init(k_data); - - retval = mock_bpa_base64_decode(k_data, k_text); - - if (!retval) - { - const size_t k_len = m_bstring_size(k_data); - const uint8_t *k_ptr = m_bstring_view(k_data, 0, k_len); - - retval = BSL_Crypto_AddRegistryKey(kid_str, k_ptr, k_len); - } - m_bstring_clear(k_data); - m_string_clear(k_text); - } - - json_decref(root); - - return retval; + return BSL_SUCCESS; } diff --git a/src/mock_bpa/policy_config.h b/src/policy_provider/SamplePolicyConfigParser.h similarity index 65% rename from src/mock_bpa/policy_config.h rename to src/policy_provider/SamplePolicyConfigParser.h index b8ac521e..c6dcd3a0 100644 --- a/src/mock_bpa/policy_config.h +++ b/src/policy_provider/SamplePolicyConfigParser.h @@ -20,28 +20,57 @@ * subcontract 1700763. */ -/** @file - * @ingroup mock_bpa - * Definitions for permutations of policy configurations. +/** + * @file + * @ingroup example_pp */ - -#ifndef BSL_MOCK_BPA_POLICY_CONFIG_H_ -#define BSL_MOCK_BPA_POLICY_CONFIG_H_ +#ifndef BSLP_SAMPLE_POLICY_CONFIG_PARSER_H +#define BSLP_SAMPLE_POLICY_CONFIG_PARSER_H #include #include #include #include -#include -#include #include +#include -#include "policy_registry.h" +#include "SamplePolicyProvider.h" -#ifdef __cplusplus -extern "C" { -#endif +typedef struct BSLP_InitParams_s +{ + // Params related to BIB + BSL_SecParam_t *param_integ_scope_flag; + BSL_SecParam_t *param_sha_variant; + + // Params related to BCB + BSL_SecParam_t *param_aad_scope_flag; + BSL_SecParam_t *param_init_vector; + BSL_SecParam_t *param_aes_variant; + BSL_SecParam_t *param_use_wrapped_key; + + // Params agnostic to BIB vs BCB + BSL_SecParam_t *param_test_key; +} BSLP_InitParams_t; + +/** + * Initialize local policy provider parameters + * @param[in,out] params structure to initialize + */ +int BSLP_InitParams_Init(BSLP_InitParams_t *params); + +/** + * Deinitialize local policy provider parameters + * @param[in] params structure to deinitialize + */ +void BSLP_InitParams_Deinit(BSLP_InitParams_t *params); + +/** + * Initialize local policy provider from JSON file + * @param[in] policy_cfg_path path to JSON file containing policy configuration + * @param[in,out] policy policy provider to configure. Must be initialize/allocated + */ +int BSLP_RegisterPolicyFromJSON(const char *policy_cfg_path, BSLP_PolicyProvider_t *policy); /** Bitwise Diagram of the mock bpa config data structure: * @code{.unparsed} @@ -72,19 +101,13 @@ extern "C" { * * @endcode */ -typedef uint32_t bsl_mock_policy_configuration_t; - -int mock_bpa_handle_policy_config(const char *policies, BSLP_PolicyProvider_t *policy, mock_bpa_policy_registry_t *reg); +typedef uint32_t BSLP_BitstringPolicyConfiguration_t; -int mock_bpa_register_policy_from_json(const char *pp_cfg_file_path, BSLP_PolicyProvider_t *policy, - mock_bpa_policy_registry_t *reg); - -int mock_bpa_key_registry_init(const char *pp_cfg_file_path); - -int mock_bpa_rfc9173_bcb_cek(unsigned char *buf, int len); +/** + * Initialize local policy provider from list of bit strings + * @param[in] policies comma separated policy bit strings as described by @ref BSLP_BitstringPolicyConfiguration_t + * @param[in,out] policy policy provider to configure. Must be initialize/allocated + */ +int BSLP_RegisterPolicyFromBitstringList(const char *policies, BSLP_PolicyProvider_t *policy); -#ifdef __cplusplus -} // extern C #endif - -#endif // BSL_MOCK_BPA_POLICY_CONFIG_H_ diff --git a/src/policy_provider/SamplePolicyProvider.c b/src/policy_provider/SamplePolicyProvider.c index 2c6a31ba..b6810037 100644 --- a/src/policy_provider/SamplePolicyProvider.c +++ b/src/policy_provider/SamplePolicyProvider.c @@ -473,7 +473,7 @@ bool BSLP_PolicyPredicate_IsMatch(const BSLP_PolicyPredicate_t *self, BSL_Policy } int BSLP_PolicyRule_InitFrom(BSLP_PolicyRule_t *self, const char *desc, int64_t context_id, BSL_SecRole_e role, - BSL_SecBlockType_e sec_block_type, BSL_BundleBlockTypeCode_e target_block_type, + BSL_SecBlockType_e sec_block_type, uint64_t target_block_type, BSL_PolicyAction_e failure_action_code) { BSLP_PolicyRule_Init(self); diff --git a/src/policy_provider/SamplePolicyProvider.h b/src/policy_provider/SamplePolicyProvider.h index 2d5eb059..2d39588f 100644 --- a/src/policy_provider/SamplePolicyProvider.h +++ b/src/policy_provider/SamplePolicyProvider.h @@ -139,13 +139,13 @@ bool BSLP_PolicyPredicate_IsMatch(const BSLP_PolicyPredicate_t *self, BSL_Policy */ typedef struct BSLP_PolicyRule_s { - string_t description; - BSL_SecRole_e role; - BSL_BundleBlockTypeCode_e target_block_type; - BSL_SecBlockType_e sec_block_type; - int64_t context_id; - BSLB_SecParamList_t params; - BSL_PolicyAction_e failure_action_code; + string_t description; + BSL_SecRole_e role; + uint64_t target_block_type; + BSL_SecBlockType_e sec_block_type; + int64_t context_id; + BSLB_SecParamList_t params; + BSL_PolicyAction_e failure_action_code; } BSLP_PolicyRule_t; /** @@ -163,7 +163,7 @@ typedef struct BSLP_PolicyRule_s * @returns Zero on success */ int BSLP_PolicyRule_InitFrom(BSLP_PolicyRule_t *self, const char *desc, int64_t context_id, BSL_SecRole_e role, - BSL_SecBlockType_e sec_block_type, BSL_BundleBlockTypeCode_e target_block_type, + BSL_SecBlockType_e sec_block_type, uint64_t target_block_type, BSL_PolicyAction_e failure_action_code); /** Initialize policy rule