Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion .github/workflows/fuzzing.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -48,14 +48,17 @@ jobs:
steps:
- name: Set up OS
if: startsWith(matrix.os, 'ubuntu')
env:
PIP_BREAK_SYSTEM_PACKAGES: 1
run: |
sudo apt-get update
sudo apt-get install -y \
cmake ninja-build \
ruby pkg-config ccache patch \
${{matrix.compiler=='clang' && 'clang llvm' || 'gcc g++'}} \
libssl-dev libjansson-dev \
gcovr xmlstarlet
xmlstarlet python3-pip
sudo pip3 install gcovr
sudo gem install cbor-diag
- name: Set up OS
if: startsWith(matrix.os, 'centos')
Expand Down
2 changes: 2 additions & 0 deletions docs/api/dictionary.txt
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ BPA's
BPSec
BPSecLib
BPv
bsl
BSL
BSLs
BSLX
Expand Down Expand Up @@ -121,6 +122,7 @@ Josefsson
JPL
JSON
JWK
JWKs
KEK
len
libc
Expand Down
3 changes: 3 additions & 0 deletions mock-bpa-test/_test_util.py
Original file line number Diff line number Diff line change
Expand Up @@ -64,3 +64,6 @@ class _TestCase:

# destination location of the bundle
bundle_dest_loc: BundleDestLoc = BundleDestLoc.CLIN

# If true, test will use custom rng callback for BCB testing
use_bcb_rng: bool = False
9 changes: 7 additions & 2 deletions mock-bpa-test/test_bpa.py
Original file line number Diff line number Diff line change
Expand Up @@ -78,25 +78,30 @@ def _start(self, testcase: Optional[_TestCase]):
self.assertIsNone(self._ol_sock)

is_json = False
use_bcb_rng = False

if testcase is not None:
policy_config = testcase.policy_config
LOGGER.info('Using policy config %s', policy_config)
is_json = policy_config.endswith(".json")

use_bcb_rng = testcase.use_bcb_rng
key_set = testcase.key_set

else:
policy_config = "0x00"
key_set = "mock-bpa-test/key_set_1.json"

args = compose_args([
arglist = [
'bsl-mock-bpa',
'-s', 'ipn:2.1', # security source
'-u', 'localhost:4556', '-r', 'localhost:14556',
'-o', 'localhost:24556', '-a', 'localhost:34556',
'-j' if is_json else "-p", policy_config,
'-k', key_set
])
]
arglist += ['-c'] if use_bcb_rng else []
args = compose_args(arglist)
self._agent = CmdRunner(args, stderr=subprocess.STDOUT)

# Bind underlayer messaging
Expand Down
3 changes: 2 additions & 1 deletion mock-bpa-test/test_json_policy.py
Original file line number Diff line number Diff line change
Expand Up @@ -50,5 +50,6 @@ def test_json_source_bib_bcb(self):
key_set="mock-bpa-test/key_set_1.json",
is_working=True,
input_data_format=DataFormat.BUNDLEARRAY,
expected_output_format=DataFormat.BUNDLEARRAY
expected_output_format=DataFormat.BUNDLEARRAY,
use_bcb_rng=True
))
9 changes: 6 additions & 3 deletions mock-bpa-test/test_requirements.py
Original file line number Diff line number Diff line change
Expand Up @@ -491,7 +491,8 @@ def test_BSL_27b(self):
key_set="mock-bpa-test/key_set_1.json",
is_working=True,
input_data_format=DataFormat.BUNDLEARRAY,
expected_output_format=DataFormat.BUNDLEARRAY
expected_output_format=DataFormat.BUNDLEARRAY,
use_bcb_rng=True
))

# BSL_28
Expand Down Expand Up @@ -519,7 +520,8 @@ def test_BSL_28(self):
key_set="mock-bpa-test/key_set_1.json",
is_working=True,
input_data_format=DataFormat.BUNDLEARRAY,
expected_output_format=DataFormat.BUNDLEARRAY
expected_output_format=DataFormat.BUNDLEARRAY,
use_bcb_rng=True
))

# BSL_29
Expand Down Expand Up @@ -820,7 +822,8 @@ def test_BSL_49(self):
key_set="mock-bpa-test/key_set_1.json",
is_working=True,
input_data_format=DataFormat.BUNDLEARRAY,
expected_output_format=DataFormat.BUNDLEARRAY
expected_output_format=DataFormat.BUNDLEARRAY,
use_bcb_rng=True
))

def test_BCB_verifier(self):
Expand Down
1 change: 1 addition & 0 deletions src/BPSecLib_Private.h
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,7 @@ typedef enum
BSL_ERR_POLICY_FAILED = -100, ///< General error code for errors arising from a Policy Provider
BSL_ERR_POLICY_QUERY = -101, ///< Error code for errors arising from Policy Provider query
BSL_ERR_POLICY_FINAL = -102, ///< Error code for errors arising from Policy Provider finalize
BSL_ERR_POLICY_CONFIG = -103, ///< Error code for errors arising from Policy Provider configuration

/// Security Context errors start at 200
BSL_ERR_SECURITY_CONTEXT_FAILED = -200, ///< General error code for errors arising from a Security Context.
Expand Down
3 changes: 3 additions & 0 deletions src/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -99,10 +99,12 @@ target_link_libraries(bsl_default_sc PUBLIC QCBOR::qcbor)
# Example Policy Provider library
set(BSL_SAMPLE_PP_H
${CMAKE_CURRENT_SOURCE_DIR}/policy_provider/SamplePolicyProvider.h
${CMAKE_CURRENT_SOURCE_DIR}/policy_provider/SamplePolicyConfigParser.h
)

set(BSL_SAMPLE_PP_C
${CMAKE_CURRENT_SOURCE_DIR}/policy_provider/SamplePolicyProvider.c
${CMAKE_CURRENT_SOURCE_DIR}/policy_provider/SamplePolicyConfigParser.c
)

add_library(bsl_sample_pp)
Expand All @@ -115,6 +117,7 @@ set_target_properties(bsl_sample_pp
)
target_link_libraries(bsl_sample_pp PUBLIC bsl_front)
target_link_libraries(bsl_sample_pp PUBLIC MLIB::mlib)
target_link_libraries(bsl_sample_pp PUBLIC Jansson::Jansson)

# Dynamic backend library
set(BSL_DYNAMIC_H
Expand Down
4 changes: 0 additions & 4 deletions src/crypto/CryptoInterface.c
Original file line number Diff line number Diff line change
Expand Up @@ -696,12 +696,8 @@ int BSL_Crypto_AddRegistryKey(const char *keyid, const uint8_t *secret, size_t s
CHK_PROPERTY(key_ptr != NULL);
// actual key struct
BSL_CryptoKey_t *key = BSL_CryptoKeyPtr_ref(key_ptr);
EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HMAC, NULL);
int res = EVP_PKEY_keygen_init(ctx);
CHK_PROPERTY(res == 1);

key->pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, secret, (int)secret_len);
EVP_PKEY_CTX_free(ctx);

int ecode = 0;
if ((ecode = BSL_Data_CopyFrom(&key->raw, secret_len, secret)) < 0)
Expand Down
8 changes: 2 additions & 6 deletions src/mock_bpa/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -34,9 +34,7 @@ target_sources(
${CMAKE_CURRENT_SOURCE_DIR}/encode.h
${CMAKE_CURRENT_SOURCE_DIR}/decode.h
${CMAKE_CURRENT_SOURCE_DIR}/text_util.h
${CMAKE_CURRENT_SOURCE_DIR}/policy_config.h
${CMAKE_CURRENT_SOURCE_DIR}/policy_params.h
${CMAKE_CURRENT_SOURCE_DIR}/policy_registry.h
${CMAKE_CURRENT_SOURCE_DIR}/key_registry.h
${CMAKE_CURRENT_SOURCE_DIR}/ctr.h
${CMAKE_CURRENT_SOURCE_DIR}/MockBPA.h
)
Expand All @@ -51,9 +49,7 @@ target_sources(
${CMAKE_CURRENT_SOURCE_DIR}/encode.c
${CMAKE_CURRENT_SOURCE_DIR}/decode.c
${CMAKE_CURRENT_SOURCE_DIR}/text_util.c
${CMAKE_CURRENT_SOURCE_DIR}/policy_config.c
${CMAKE_CURRENT_SOURCE_DIR}/policy_params.c
${CMAKE_CURRENT_SOURCE_DIR}/policy_registry.c
${CMAKE_CURRENT_SOURCE_DIR}/key_registry.c
${CMAKE_CURRENT_SOURCE_DIR}/ctr.c
)
set_target_properties(bsl_mock_bpa
Expand Down
4 changes: 1 addition & 3 deletions src/mock_bpa/agent.c
Original file line number Diff line number Diff line change
Expand Up @@ -38,8 +38,6 @@
#include "eidpat.h"
#include "encode.h"
#include "decode.h"
#include "policy_config.h"
#include "policy_registry.h"

static int MockBPA_GetEid(void *user_data, BSL_HostEID_t *result_eid)
{
Expand Down Expand Up @@ -960,9 +958,9 @@ int MockBPA_Agent_Exec(MockBPA_Agent_t *agent)
int res = poll(pfds, sizeof(pfds) / sizeof(struct pollfd), -1);
if (res < 0)
{
BSL_LOG_ERR("poll failed with errno: %d", errno);
if (errno != EINTR)
{
BSL_LOG_ERR("poll failed with errno: %d", errno);
retval = 4;
}
break;
Expand Down
1 change: 0 additions & 1 deletion src/mock_bpa/agent.h
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,6 @@
#define BSL_MOCK_BPA_AGENT_H_

#include "ctr.h"
#include "policy_registry.h"

#include <BPSecLib_Public.h>
#include <BPSecLib_Private.h>
Expand Down
139 changes: 139 additions & 0 deletions src/mock_bpa/key_registry.c
Original file line number Diff line number Diff line change
@@ -0,0 +1,139 @@
/*
* Copyright (c) 2025-2026 The Johns Hopkins University Applied Physics
* Laboratory LLC.
*
* This file is part of the Bundle Protocol Security Library (BSL).
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This work was performed for the Jet Propulsion Laboratory, California
* Institute of Technology, sponsored by the United States Government under
* the prime contract 80NM0018D0004 between the Caltech and NASA under
* subcontract 1700763.
*/

/** @file
* @ingroup mock_bpa
*/

#include "key_registry.h"
#include "text_util.h"

int mock_bpa_key_registry_init(const char *pp_cfg_file_path)
{

int retval = 0;
json_t *root;
json_error_t err;

BSL_LOG_INFO("Reading keys from %s", pp_cfg_file_path);
root = json_load_file(pp_cfg_file_path, 0, &err);
if (!root)
{
BSL_LOG_ERR("JSON error: line %d: %s", err.line, err.text);
json_decref(root);
return 1;
}

const json_t *keys = json_object_get(root, "keys");
if (!keys || !json_is_array(keys))
{
BSL_LOG_ERR("Missing \"keys\" ");
json_decref(root);
return 1;
}

const size_t n = json_array_size(keys);
BSL_LOG_INFO("Found %zu key objects", n);

for (size_t i = 0; i < n; ++i)
{
const json_t *key_obj = json_array_get(keys, i);
if (!json_is_object(key_obj))
{
continue;
}

const json_t *kty = json_object_get(key_obj, "kty");
if (!kty)
{
BSL_LOG_ERR("Missing \"kty\" ");
continue;
}

if (0 != strcmp("oct", json_string_value(kty)))
{
BSL_LOG_ERR("Not a symmetric key set");
continue;
}

const json_t *kid = json_object_get(key_obj, "kid");
if (!kid || !json_is_string(kid))
{
BSL_LOG_ERR("Missing \"kid\" ");
continue;
}
const char *kid_str = json_string_value(kid);
BSL_LOG_DEBUG("kid: %s", kid_str);

const json_t *k = json_object_get(key_obj, "k");
if (!k || !json_is_string(k))
{
BSL_LOG_ERR("Missing \"k\" ");
continue;
}
const char *k_str = json_string_value(k);
BSL_LOG_DEBUG("k: %s", k_str);

m_string_t k_text;
m_string_init_set_cstr(k_text, k_str);
m_bstring_t k_data;
m_bstring_init(k_data);

retval = mock_bpa_base64_decode(k_data, k_text);

if (!retval)
{
const size_t k_len = m_bstring_size(k_data);
const uint8_t *k_ptr = m_bstring_view(k_data, 0, k_len);

retval = BSL_Crypto_AddRegistryKey(kid_str, k_ptr, k_len);
}
m_bstring_clear(k_data);
m_string_clear(k_text);

if (retval)
{
BSL_LOG_ERR("JKW register failure");
break;
}
}

json_decref(root);

return retval;
}

int mock_bpa_rfc9173_bcb_cek(unsigned char *buf, int len)
{
if (len == 12) // IV
{
uint8_t iv[] = { 0x54, 0x77, 0x65, 0x6c, 0x76, 0x65, 0x31, 0x32, 0x31, 0x32, 0x31, 0x32 };
memcpy(buf, iv, 12);
}
else // A3 KEY
{
uint8_t rfc9173A3_key[] = { 0x71, 0x77, 0x65, 0x72, 0x74, 0x79, 0x75, 0x69,
0x6f, 0x70, 0x61, 0x73, 0x64, 0x66, 0x67, 0x68 };
memcpy(buf, rfc9173A3_key, len);
}
return 1;
}
Loading
Loading