From 702a714c5bdeef779a0073adccfc920a4a0acb43 Mon Sep 17 00:00:00 2001 From: Joshua Stone Date: Mon, 11 Aug 2025 13:47:52 -0400 Subject: [PATCH 01/21] checkpoint --- src/BPSecLib_Private.h | 72 ++++++++---- src/BPSecLib_Public.h | 17 +++ src/CMakeLists.txt | 1 + src/backend/PublicInterfaceImpl.c | 128 +++++++++++---------- src/backend/SecOperation.c | 26 ++++- src/backend/SecOperation.h | 8 +- src/backend/SecurityActionSet.c | 90 ++++----------- src/backend/SecurityActionSet.h | 15 +-- src/backend/SecurityContext.c | 69 ++++++----- src/policy_provider/SamplePolicyProvider.c | 14 ++- src/security_context/BCB_AES_GCM.c | 3 + test/bsl_test_utils.c | 10 +- test/bsl_test_utils.h | 1 + test/test_BackendPolicyProvider.c | 19 +-- test/test_BackendSecurityContext.c | 48 ++++++-- test/test_PublicInterfaceImpl.c | 7 +- 16 files changed, 300 insertions(+), 228 deletions(-) diff --git a/src/BPSecLib_Private.h b/src/BPSecLib_Private.h index bdce3c41..1fa10593 100644 --- a/src/BPSecLib_Private.h +++ b/src/BPSecLib_Private.h @@ -857,6 +857,20 @@ bool BSL_SecOper_IsRoleAcceptor(const BSL_SecOper_t *self); */ bool BSL_SecOper_IsBIB(const BSL_SecOper_t *self); +/** + * Retrieve the conclusion state of a security operation + * @param[in] self The security operation + * @return the conclusion state + */ +BSL_SecOper_ConclusionState_e BSL_SecOper_GetConclusion(const BSL_SecOper_t *self); + +/** + * Set the security operation conclusion state + * @param[in,out] self security operation to change conclusion state of + * @param[in] new_conclusion new conclusion to set to + */ +void BSL_SecOper_SetConclusion(BSL_SecOper_t *self, BSL_SecOper_ConclusionState_e new_conclusion); + /// Forward declaration of this struct typedef struct BSL_AbsSecBlock_s BSL_AbsSecBlock_t; @@ -1041,28 +1055,42 @@ const BSL_SecParam_t *BSL_SecOutcome_GetParamAt(const BSL_SecOutcome_t *self, si /// @return bool BSL_SecOutcome_IsInAbsSecBlock(const BSL_SecOutcome_t *self, const BSL_AbsSecBlock_t *abs_sec_block); -/// @brief Returns size of the struct, helpful for dynamic allocation. -/// @return Size of the struct -size_t BSL_SecurityActionSet_Sizeof(void); +size_t BSL_SecurityAction_Sizeof(void); -/** @brief Initialize a new security action set - * - * @param[in,out] self This pre-allocated action set - */ -void BSL_SecurityActionSet_Init(BSL_SecurityActionSet_t *self); +bool BSL_SecurityAction_IsConsistent(const BSL_SecurityAction_t *self); + +void BSL_SecurityAction_Init(BSL_SecurityAction_t *self); + +void BSL_SecurityAction_Deinit(BSL_SecurityAction_t *self); + +int BSL_SecurityAction_AppendSecOper(BSL_SecurityAction_t *self, BSL_SecOper_t *sec_oper); + +size_t BSL_SecurityAction_CountSecOpers(const BSL_SecurityAction_t *self); + +const BSL_SecOper_t *BSL_SecurityAction_GetSecOperAtIndex(const BSL_SecurityAction_t *self, size_t index); /** @brief Increment a security failure for this action set * * @param[in,out] self Pointer to this security action set. */ -void BSL_SecurityActionSet_IncrError(BSL_SecurityActionSet_t *self); +void BSL_SecurityAction_IncrError(BSL_SecurityAction_t *self); -/** @brief Returns count of failures after processing this action set +/** @brief Returns count of failures after processing this action * - * @param[in] self Pointer to this security action set. + * @param[in] self Pointer to this security action. * @return Count of errors. */ -size_t BSL_SecurityActionSet_CountErrors(const BSL_SecurityActionSet_t *self); +size_t BSL_SecurityAction_CountErrors(const BSL_SecurityAction_t *self); + +/// @brief Returns size of the struct, helpful for dynamic allocation. +/// @return Size of the struct +size_t BSL_SecurityActionSet_Sizeof(void); + +/** @brief Initialize a new security action set + * + * @param[in,out] self This pre-allocated action set + */ +void BSL_SecurityActionSet_Init(BSL_SecurityActionSet_t *self); /** Zeroize, clear, and release itself and any owned resources. * @@ -1073,10 +1101,10 @@ void BSL_SecurityActionSet_Deinit(BSL_SecurityActionSet_t *self); /** @brief Append a security operation to the security action set * * @param[in,out] self This security action set. - * @param[in] sec_oper Security operation to include. + * @param[in] action Action to include. * @return 0 on success, negative on error */ -int BSL_SecurityActionSet_AppendSecOper(BSL_SecurityActionSet_t *self, const BSL_SecOper_t *sec_oper); +int BSL_SecurityActionSet_AppendAction(BSL_SecurityActionSet_t *self, const BSL_SecurityAction_t *action); /** Return true if internal sanity and consistency checks pass * @@ -1088,24 +1116,24 @@ bool BSL_SecurityActionSet_IsConsistent(const BSL_SecurityActionSet_t *self); /** Count number of security operations present in this policy action set. * * @param[in] self This action set. - * @return Number of operations, 0 indicates no policy matched. + * @return Number of actions, 0 indicates no policy matched. */ -size_t BSL_SecurityActionSet_CountSecOpers(const BSL_SecurityActionSet_t *self); +size_t BSL_SecurityActionSet_CountActions(const BSL_SecurityActionSet_t *self); /** Returns the Security Operation at the given index. * * @param[in] self This action set * @param[in] index index - * @return pointer to security operation at given index, asserting false if not in bound + * @return pointer to action at given index, asserting false if not in bound */ -const BSL_SecOper_t *BSL_SecurityActionSet_GetSecOperAtIndex(const BSL_SecurityActionSet_t *self, size_t index); +const BSL_SecurityAction_t *BSL_SecurityActionSet_GetActionAtIndex(const BSL_SecurityActionSet_t *self, size_t index); -/** Get the error code after querying (inspecting) policy actions. Non-zero indicates error +/** @brief Returns count of failures after processing this action set * - * @param[in] self this action set - * @return Anomaly on non-zero + * @param[in] self Pointer to this security action set. + * @return Count of errors. */ -int BSL_SecurityActionSet_GetErrCode(const BSL_SecurityActionSet_t *self); +size_t BSL_SecurityActionSet_CountErrors(const BSL_SecurityActionSet_t *self); /// @brief Returns size of this struct type size_t BSL_SecurityResponseSet_Sizeof(void); diff --git a/src/BPSecLib_Public.h b/src/BPSecLib_Public.h index ca372b9e..6757b3a1 100644 --- a/src/BPSecLib_Public.h +++ b/src/BPSecLib_Public.h @@ -52,6 +52,8 @@ typedef struct BSL_SecurityResponseSet_s BSL_SecurityResponseSet_t; /// @brief Forward declaration of ::BSL_SecurityActionSet_s, which contains information for BSL to process the Bundle. typedef struct BSL_SecurityActionSet_s BSL_SecurityActionSet_t; +typedef struct BSL_SecurityAction_s BSL_SecurityAction_t; + /// @brief Forward-declaration for structure containing callbacks to a security context. typedef struct BSL_SecCtxDesc_s BSL_SecCtxDesc_t; @@ -77,6 +79,21 @@ typedef enum BSL_POLICYLOCATION_CLOUT } BSL_PolicyLocation_e; +/** + * @brief Indicates the conclusion state of a security operation + */ +typedef enum +{ + /// @brief Security operation is still pending action + BSL_SECOP_CONCLUSION_PENDING = 1, + /// @brief Security operation has concluded and succeeded + BSL_SECOP_CONCLUSION_SUCCESS, + /// @brief Security operation is invalid + BSL_SECOP_CONCLUSION_INVALID, + /// @brief Security operation has concluded and failed + BSL_SECOP_CONCLUSION_FAILURE +} BSL_SecOper_ConclusionState_e; + /** Block CRC types. * Defined in Section 4.2.1 of RFC 9171 @cite rfc9171. */ diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index b6398635..09abb3ce 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -128,6 +128,7 @@ set(BSL_DYNAMIC_C ${CMAKE_CURRENT_SOURCE_DIR}/backend/SecOutcome.c ${CMAKE_CURRENT_SOURCE_DIR}/backend/SecParam.c ${CMAKE_CURRENT_SOURCE_DIR}/backend/SecResult.c + ${CMAKE_CURRENT_SOURCE_DIR}/backend/SecurityAction.c ${CMAKE_CURRENT_SOURCE_DIR}/backend/SecurityActionSet.c ${CMAKE_CURRENT_SOURCE_DIR}/backend/SecurityContext.c ${CMAKE_CURRENT_SOURCE_DIR}/backend/SecurityResultSet.c diff --git a/src/backend/PublicInterfaceImpl.c b/src/backend/PublicInterfaceImpl.c index 5ab72465..dfbefb45 100644 --- a/src/backend/PublicInterfaceImpl.c +++ b/src/backend/PublicInterfaceImpl.c @@ -129,30 +129,36 @@ int BSL_API_QuerySecurity(const BSL_LibCtx_t *bsl, BSL_SecurityActionSet_t *outp BSL_LOG_WARNING("Failed to get block number %lu", blocks_array[i]); continue; } - for (size_t sec_op_index = 0; sec_op_index < output_action_set->sec_operations_count; sec_op_index++) + BSL_SecActionList_it_t act_it; + for (BSL_SecActionList_it(act_it, output_action_set->actions); !BSL_SecActionList_end_p(act_it); BSL_SecActionList_next(act_it)) { - BSL_SecOper_t *sec_oper = &output_action_set->sec_operations[sec_op_index]; - if (block.type_code != sec_oper->_service_type) + BSL_SecurityAction_t *act = BSL_SecActionList_ref(act_it); + BSL_SecOperList_it_t secop_it; + for (BSL_SecOperList_it(secop_it, act->sec_op_list); !BSL_SecOperList_end_p(secop_it); BSL_SecOperList_next(secop_it)) { - continue; - } - // Now set it's sec_block - BSL_AbsSecBlock_t *abs_sec_block = calloc(1, BSL_AbsSecBlock_Sizeof()); - BSL_Data_t block_btsd = { 0 }; - BSL_Data_InitView(&block_btsd, block.btsd_len, block.btsd); - if (BSL_AbsSecBlock_DecodeFromCBOR(abs_sec_block, block_btsd) == 0) - { - if (BSL_AbsSecBlock_ContainsTarget(abs_sec_block, sec_oper->target_block_num)) + BSL_SecOper_t *sec_oper = BSL_SecOperList_ref(secop_it); + if (block.type_code != sec_oper->_service_type) { - sec_oper->sec_block_num = block.block_num; + continue; } + // Now set it's sec_block + BSL_AbsSecBlock_t *abs_sec_block = calloc(1, BSL_AbsSecBlock_Sizeof()); + BSL_Data_t block_btsd = { 0 }; + BSL_Data_InitView(&block_btsd, block.btsd_len, block.btsd); + if (BSL_AbsSecBlock_DecodeFromCBOR(abs_sec_block, block_btsd) == 0) + { + if (BSL_AbsSecBlock_ContainsTarget(abs_sec_block, sec_oper->target_block_num)) + { + sec_oper->sec_block_num = block.block_num; + } + } + else + { + BSL_LOG_WARNING("Failed to parse ASB from BTSD"); + } + BSL_AbsSecBlock_Deinit(abs_sec_block); + free(abs_sec_block); } - else - { - BSL_LOG_WARNING("Failed to parse ASB from BTSD"); - } - BSL_AbsSecBlock_Deinit(abs_sec_block); - free(abs_sec_block); } } @@ -188,60 +194,64 @@ int BSL_API_ApplySecurity(const BSL_LibCtx_t *bsl, BSL_SecurityResponseSet_t *re return BSL_ERR_HOST_CALLBACK_FAILED; } - // There should be as many responses as there were sec operations - ASSERT_PROPERTY(response_output->total_operations == policy_actions->sec_operations_count); - int finalize_status = BSL_PolicyRegistry_FinalizeActions(bsl, policy_actions, bundle, response_output); BSL_LOG_INFO("Completed finalize: status=%d", finalize_status); bool must_drop = false; - for (size_t oper_index = 0; oper_index < policy_actions->sec_operations_count; oper_index++) - { - // First, get the error code for the security operation () - int block_err_code = response_output->results[oper_index]; - BSL_PolicyAction_e err_action_code = policy_actions->sec_operations[oper_index].failure_code; - // When the operation was a success, there's nothing further to do. - if (block_err_code == BSL_SUCCESS) + BSL_SecActionList_it_t act_it; + for (BSL_SecActionList_it(act_it, policy_actions->actions); !BSL_SecActionList_end_p(act_it); BSL_SecActionList_next(act_it)) + { + BSL_SecurityAction_t *act = BSL_SecActionList_ref(act_it); + BSL_SecOperList_it_t secop_it; + for (BSL_SecOperList_it(secop_it, act->sec_op_list); !BSL_SecOperList_end_p(secop_it); BSL_SecOperList_next(secop_it)) { - BSL_LOG_DEBUG("Security operation [%lu] success, target block num = %lu", oper_index, - policy_actions->sec_operations[oper_index].target_block_num); - continue; - } + BSL_SecOper_t *sec_oper = BSL_SecOperList_ref(secop_it); - // Now handle a specific error - switch (err_action_code) - { - case BSL_POLICYACTION_NOTHING: + BSL_SecOper_ConclusionState_e conclusion = BSL_SecOper_GetConclusion(sec_oper); + + // When the operation was a success, there's nothing further to do. + if (conclusion == BSL_SECOP_CONCLUSION_SUCCESS) { - // Do nothing, per policy (Indicate in telemetry.) - BSL_LOG_WARNING("Instructed to do nothing for failed security operation"); - break; + BSL_LOG_DEBUG("Security operation success, target block num = %lu", sec_oper->target_block_num); + continue; } - case BSL_POLICYACTION_DROP_BLOCK: + + BSL_PolicyAction_e err_action_code = sec_oper->failure_code; + + // Now handle a specific error + switch (err_action_code) { - // Drop the failed target block, but otherwise continue - BSL_LOG_WARNING("***** Dropping block over which security operation failed *******"); - BSL_BundleCtx_RemoveBlock(bundle, policy_actions->sec_operations[oper_index].target_block_num); - break; + case BSL_POLICYACTION_NOTHING: + { + // Do nothing, per policy (Indicate in telemetry.) + BSL_LOG_WARNING("Instructed to do nothing for failed security operation"); + break; + } + case BSL_POLICYACTION_DROP_BLOCK: + { + // Drop the failed target block, but otherwise continue + BSL_LOG_WARNING("***** Dropping block over which security operation failed *******"); + BSL_BundleCtx_RemoveBlock(bundle, sec_oper->target_block_num); + break; + } + case BSL_POLICYACTION_DROP_BUNDLE: + { + BSL_LOG_WARNING("Deleting bundle due to block target num %lu security failure", sec_oper->target_block_num); + must_drop = true; + break; + } + case BSL_POLICYACTION_UNDEFINED: + default: + { + BSL_LOG_ERR("Unhandled policy action: %lu", err_action_code); + } } - case BSL_POLICYACTION_DROP_BUNDLE: + + if (must_drop) { - BSL_LOG_WARNING("Deleting bundle due to block target num %lu security failure", - policy_actions->sec_operations[oper_index].target_block_num); - must_drop = true; break; } - case BSL_POLICYACTION_UNDEFINED: - default: - { - BSL_LOG_ERR("Unhandled policy action: %lu", err_action_code); - } - } - - if (must_drop) - { - break; } } diff --git a/src/backend/SecOperation.c b/src/backend/SecOperation.c index 0ed0e9fb..0580ab93 100644 --- a/src/backend/SecOperation.c +++ b/src/backend/SecOperation.c @@ -45,6 +45,7 @@ void BSL_SecOper_Init(BSL_SecOper_t *self, uint64_t context_id, uint64_t target_ self->failure_code = failure_code; self->_service_type = sec_type; self->_role = sec_role; + self->conclusion = BSL_SECOP_CONCLUSION_PENDING; ASSERT_POSTCONDITION(BSL_SecOper_IsConsistent(self)); } @@ -53,7 +54,6 @@ void BSL_SecOper_Deinit(BSL_SecOper_t *self) { ASSERT_PRECONDITION(BSL_SecOper_IsConsistent(self)); BSLB_SecParamList_clear(self->_param_list); - memset(self, 0, sizeof(*self)); } size_t BSL_SecOper_CountParams(const BSL_SecOper_t *self) @@ -74,6 +74,7 @@ bool BSL_SecOper_IsConsistent(const BSL_SecOper_t *self) CHK_AS_BOOL(self->_role == BSL_SECROLE_ACCEPTOR || self->_role == BSL_SECROLE_VERIFIER || self->_role == BSL_SECROLE_SOURCE); CHK_AS_BOOL(BSLB_SecParamList_size(self->_param_list) < 1000); + CHK_AS_BOOL(self->conclusion >= BSL_SECOP_CONCLUSION_PENDING && self->conclusion <= BSL_SECOP_CONCLUSION_FAILURE); // NOLINTEND return true; } @@ -97,6 +98,8 @@ uint64_t BSL_SecOper_GetSecurityBlockNum(const BSL_SecOper_t *self) uint64_t BSL_SecOper_GetTargetBlockNum(const BSL_SecOper_t *self) { + BSL_LOG_INFO("GET TARGET BLOCK NUM (SEC_OPER %lu) %d", self, self->target_block_num); + ASSERT_PRECONDITION(BSL_SecOper_IsConsistent(self)); return self->target_block_num; @@ -112,24 +115,37 @@ const BSL_SecParam_t *BSL_SecOper_GetParamAt(const BSL_SecOper_t *self, size_t i bool BSL_SecOper_IsRoleSource(const BSL_SecOper_t *self) { - ASSERT_PRECONDITION(self != NULL); + ASSERT_PRECONDITION(BSL_SecOper_IsConsistent(self)); return self->_role == BSL_SECROLE_SOURCE; } bool BSL_SecOper_IsRoleAcceptor(const BSL_SecOper_t *self) { - ASSERT_PRECONDITION(self != NULL); + ASSERT_PRECONDITION(BSL_SecOper_IsConsistent(self)); return self->_role == BSL_SECROLE_ACCEPTOR; } bool BSL_SecOper_IsRoleVerifier(const BSL_SecOper_t *self) { - ASSERT_PRECONDITION(self != NULL); + ASSERT_PRECONDITION(BSL_SecOper_IsConsistent(self)); return self->_role == BSL_SECROLE_VERIFIER; } bool BSL_SecOper_IsBIB(const BSL_SecOper_t *self) { - ASSERT_PRECONDITION(self != NULL); + ASSERT_PRECONDITION(BSL_SecOper_IsConsistent(self)); return self->_service_type == BSL_SECBLOCKTYPE_BIB; } + +BSL_SecOper_ConclusionState_e BSL_SecOper_GetConclusion(const BSL_SecOper_t *self) +{ + ASSERT_PRECONDITION(BSL_SecOper_IsConsistent(self)); + return self->conclusion; +} + +void BSL_SecOper_SetConclusion(BSL_SecOper_t *self, BSL_SecOper_ConclusionState_e new_conclusion) +{ + ASSERT_PRECONDITION(BSL_SecOper_IsConsistent(self)); + self->conclusion = new_conclusion; + ASSERT_POSTCONDITION(BSL_SecOper_IsConsistent(self)); +} \ No newline at end of file diff --git a/src/backend/SecOperation.h b/src/backend/SecOperation.h index db2ec7cf..9d4329ca 100644 --- a/src/backend/SecOperation.h +++ b/src/backend/SecOperation.h @@ -49,15 +49,13 @@ struct BSL_SecOper_s /// @brief Code for handing what to do to the block or bundle if security processing fails. BSL_PolicyAction_e failure_code; + /// @brief Conclusion state of security operation processing + BSL_SecOper_ConclusionState_e conclusion; + /// @brief Private enumeration indicating the role (e.g., acceptor vs verifier) BSL_SecRole_e _role; BSL_SecBlockType_e _service_type; BSLB_SecParamList_t _param_list; }; -// NOLINTBEGIN -/// @todo - replace with forward declaration. Use new policy structure. -LIST_DEF(BSLB_SecOperList, BSL_SecOper_t, M_POD_OPLIST) -// NOLINTEND - #endif /* BSLB_SECOPERATIONS_H_ */ diff --git a/src/backend/SecurityActionSet.c b/src/backend/SecurityActionSet.c index 9c9b51bd..0efce988 100644 --- a/src/backend/SecurityActionSet.c +++ b/src/backend/SecurityActionSet.c @@ -27,24 +27,7 @@ bool BSL_SecurityActionSet_IsConsistent(const BSL_SecurityActionSet_t *self) { - CHK_AS_BOOL(self != NULL); - CHK_AS_BOOL(self->sec_operations_count <= self->arrays_capacity); - if (self->arrays_capacity > 0) - { - CHK_AS_BOOL(self->arrays_capacity == sizeof(self->sec_operations) / sizeof(BSL_SecOper_t)); - } - - // Make sure the arrays are in sync (have equal lengths) - // 0 means unused. - for (size_t i = 0; i < self->arrays_capacity; i++) - { - if (self->new_block_ids[i] == 0) - { - CHK_AS_BOOL(self->new_block_types[i] == 0); - } - } - // TODO, make sure every element in the array that - // is not a sec oper is set to all zeros. + (void) self; return true; } @@ -56,70 +39,43 @@ size_t BSL_SecurityActionSet_Sizeof(void) void BSL_SecurityActionSet_Init(BSL_SecurityActionSet_t *self) { ASSERT_ARG_NONNULL(self); - - memset(self, 0, sizeof(*self)); - self->arrays_capacity = sizeof(self->sec_operations) / sizeof(BSL_SecOper_t); - - ASSERT_POSTCONDITION(BSL_SecurityActionSet_IsConsistent(self)); -} - -void BSL_SecurityActionSet_IncrError(BSL_SecurityActionSet_t *self) -{ - ASSERT_PRECONDITION(BSL_SecurityActionSet_IsConsistent(self)); - self->err_code++; -} - -size_t BSL_SecurityActionSet_CountErrors(const BSL_SecurityActionSet_t *self) -{ - ASSERT_PRECONDITION(BSL_SecurityActionSet_IsConsistent(self)); - - return self->err_code; + BSL_SecActionList_init(self->actions); + self->action_count = 0; + self->err_count = 0; } void BSL_SecurityActionSet_Deinit(BSL_SecurityActionSet_t *self) { - ASSERT_PRECONDITION(BSL_SecurityActionSet_IsConsistent(self)); - - for (size_t operation_index = 0; operation_index < self->arrays_capacity; operation_index++) - { - BSL_SecOper_Deinit(&(self->sec_operations[operation_index])); - } - memset(self, 0, sizeof(*self)); + ASSERT_ARG_NONNULL(self); + BSL_SecActionList_clear(self->actions); + self->err_count = 0; + self->action_count = 0; } -int BSL_SecurityActionSet_AppendSecOper(BSL_SecurityActionSet_t *self, const BSL_SecOper_t *sec_oper) +int BSL_SecurityActionSet_AppendAction(BSL_SecurityActionSet_t *self, const BSL_SecurityAction_t *action) { - CHK_PRECONDITION(BSL_SecurityActionSet_IsConsistent(self)); - CHK_PRECONDITION(BSL_SecOper_IsConsistent(sec_oper)); - CHK_PRECONDITION(self->sec_operations_count < self->arrays_capacity - 1); - - self->sec_operations[self->sec_operations_count++] = *sec_oper; + ASSERT_ARG_NONNULL(self); + BSL_SecActionList_push_back(self->actions, *action); + self->err_count += action->err_ct; + self->action_count++; - CHK_POSTCONDITION(BSL_SecurityActionSet_IsConsistent(self)); return BSL_SUCCESS; } -size_t BSL_SecurityActionSet_CountSecOpers(const BSL_SecurityActionSet_t *self) +size_t BSL_SecurityActionSet_CountActions(const BSL_SecurityActionSet_t *self) { - ASSERT_PRECONDITION(BSL_SecurityActionSet_IsConsistent(self)); - return self->sec_operations_count; + ASSERT_ARG_NONNULL(self); + return self->action_count; } -const BSL_SecOper_t *BSL_SecurityActionSet_GetSecOperAtIndex(const BSL_SecurityActionSet_t *self, size_t index) +const BSL_SecurityAction_t *BSL_SecurityActionSet_GetActionAtIndex(const BSL_SecurityActionSet_t *self, size_t index) { - ASSERT_PRECONDITION(BSL_SecurityActionSet_IsConsistent(self)); - ASSERT_PRECONDITION(index < BSL_SecurityActionSet_CountSecOpers(self)); - ASSERT_PRECONDITION(index < self->arrays_capacity); - - const BSL_SecOper_t *sec_oper = &self->sec_operations[index]; - - // The return security operation should be valid - ASSERT_POSTCONDITION(BSL_SecOper_IsConsistent(sec_oper)); - return sec_oper; + ASSERT_ARG_NONNULL(self); + return BSL_SecActionList_cget(self->actions, index); } -int BSL_SecurityActionSet_GetErrCode(const BSL_SecurityActionSet_t *self) +size_t BSL_SecurityActionSet_CountErrors(const BSL_SecurityActionSet_t *self) { - CHK_PRECONDITION(BSL_SecurityActionSet_IsConsistent(self)); - return self->err_code; -} + ASSERT_ARG_NONNULL(self); + return self->err_count; +} \ No newline at end of file diff --git a/src/backend/SecurityActionSet.h b/src/backend/SecurityActionSet.h index e3dd7c10..02508553 100644 --- a/src/backend/SecurityActionSet.h +++ b/src/backend/SecurityActionSet.h @@ -27,22 +27,17 @@ #define BSLB_SECACTIONSET_H_ #include +#include "SecurityAction.h" -#include "SecOperation.h" - -#define BSL_SECURITYACTIONSET_MAX_OPS (10) +LIST_DEF(BSL_SecActionList, BSL_SecurityAction_t, M_OPEXTEND(M_POD_OPLIST, CLEAR(API_2(BSL_SecurityAction_Deinit)))) /// @brief Contains the populated security operations for this bundle. /// @note This is intended to be a write-once, read-only struct struct BSL_SecurityActionSet_s { - BSL_SecOper_t sec_operations[BSL_SECURITYACTIONSET_MAX_OPS]; ///< Fixed array of security operations (for simpler - ///< mem management) - size_t sec_operations_count; ///< Count of sec_operations - uint64_t new_block_ids[BSL_SECURITYACTIONSET_MAX_OPS]; ///< Array for IDs of blocks to be created - uint64_t new_block_types[BSL_SECURITYACTIONSET_MAX_OPS]; ///< Array for block type codes of blocks to be created. - size_t arrays_capacity; ///< Capacity of sec_operations - int err_code; ///< General error code + BSL_SecActionList_t actions; + size_t action_count; + size_t err_count; }; #endif /* BSLB_SECACTIONSET_H_ */ diff --git a/src/backend/SecurityContext.c b/src/backend/SecurityContext.c index 382084fc..c253c183 100644 --- a/src/backend/SecurityContext.c +++ b/src/backend/SecurityContext.c @@ -32,6 +32,7 @@ #include "AbsSecBlock.h" #include "PublicInterfaceImpl.h" #include "SecOperation.h" +#include "SecurityActionSet.h" #include "SecurityResultSet.h" static int BSL_ExecBIBSource(BSL_SecCtx_Execute_f sec_context_fn, BSL_LibCtx_t *lib, BSL_BundleRef_t *bundle, @@ -352,6 +353,9 @@ static int BSL_ExecBCBSource(BSL_SecCtx_Execute_f sec_context_fn, BSL_LibCtx_t * BSL_SecOper_t *sec_oper, BSL_SecOutcome_t *outcome) { (void)lib; + + BSL_LOG_INFO("SC BACKEND SOURCE (SEC_OPER %lu) (OUTCOME %lu)", sec_oper, outcome); + CHK_ARG_NONNULL(sec_context_fn); CHK_ARG_NONNULL(bundle); CHK_ARG_NONNULL(sec_oper); @@ -463,7 +467,7 @@ int BSL_SecCtx_ExecutePolicyActionSet(BSL_LibCtx_t *lib, BSL_SecurityResponseSet CHK_PRECONDITION(BSL_SecurityActionSet_IsConsistent(action_set)); // NOLINTEND - BSL_SecurityResponseSet_Init(output_response, BSL_SecurityActionSet_CountSecOpers(action_set), 0); + BSL_SecurityResponseSet_Init(output_response, BSL_SecurityActionSet_CountActions(action_set), 0); /** * Notes: * - It should evaluate every security operation, even if earlier ones failed. @@ -473,44 +477,51 @@ int BSL_SecCtx_ExecutePolicyActionSet(BSL_LibCtx_t *lib, BSL_SecurityResponseSet */ size_t fail_count = 0; BSL_SecOutcome_t *outcome = calloc(BSL_SecOutcome_Sizeof(), 1); - for (size_t sec_oper_index = 0; sec_oper_index < BSL_SecurityActionSet_CountSecOpers(action_set); sec_oper_index++) + + BSL_SecActionList_it_t act_it; + for (BSL_SecActionList_it(act_it, action_set->actions); !BSL_SecActionList_end_p(act_it); BSL_SecActionList_next(act_it)) { - memset(outcome, 0, BSL_SecOutcome_Sizeof()); - // TODO Const correctness below - BSL_SecOper_t *sec_oper = (BSL_SecOper_t *)BSL_SecurityActionSet_GetSecOperAtIndex(action_set, sec_oper_index); - const BSL_SecCtxDesc_t *sec_ctx = BSL_SecCtxDict_cget(lib->sc_reg, sec_oper->context_id); - ASSERT_PROPERTY(sec_ctx != NULL); + BSL_SecurityAction_t *act = BSL_SecActionList_ref(act_it); + BSL_SecOperList_it_t secop_it; + for (BSL_SecOperList_it(secop_it, act->sec_op_list); !BSL_SecOperList_end_p(secop_it); BSL_SecOperList_next(secop_it)) + { + BSL_SecOper_t *sec_oper = BSL_SecOperList_ref(secop_it); + const BSL_SecCtxDesc_t *sec_ctx = BSL_SecCtxDict_cget(lib->sc_reg, sec_oper->context_id); + ASSERT_PROPERTY(sec_ctx != NULL); - // TODO: This is not even used, it does not need to be allocated - BSL_SecOutcome_Init(outcome, sec_oper, 100000); + memset(outcome, 0, BSL_SecOutcome_Sizeof()); - int errcode = -1; - if (BSL_SecOper_IsBIB(sec_oper)) - { - errcode = BSL_SecOper_IsRoleSource(sec_oper) == true - ? BSL_ExecBIBSource(sec_ctx->execute, lib, bundle, sec_oper, outcome) - : BSL_ExecBIBAccept(sec_ctx->execute, lib, bundle, sec_oper, outcome); - } - else - { - if (BSL_SecOper_IsRoleSource(sec_oper)) + BSL_LOG_INFO("SC ABOUT TO ENTER CTX (SEC_OPER %lu) (ACTION %lu)", sec_oper, act); + + int errcode = -1; + if (BSL_SecOper_IsBIB(sec_oper)) { - errcode = BSL_ExecBCBSource(sec_ctx->execute, lib, bundle, sec_oper, outcome); + errcode = BSL_SecOper_IsRoleSource(sec_oper) == true + ? BSL_ExecBIBSource(sec_ctx->execute, lib, bundle, sec_oper, outcome) + : BSL_ExecBIBAccept(sec_ctx->execute, lib, bundle, sec_oper, outcome); } else { - errcode = BSL_ExecBCBAcceptor(sec_ctx->execute, lib, bundle, sec_oper, outcome); + if (BSL_SecOper_IsRoleSource(sec_oper)) + { + errcode = BSL_ExecBCBSource(sec_ctx->execute, lib, bundle, sec_oper, outcome); + } + else + { + errcode = BSL_ExecBCBAcceptor(sec_ctx->execute, lib, bundle, sec_oper, outcome); + } } - } - BSL_SecOutcome_Deinit(outcome); + BSL_SecOutcome_Deinit(outcome); - if (errcode != 0) - { - fail_count += 1; - BSL_LOG_ERR("Security Op failed: %d", errcode); - output_response->results[sec_oper_index] = -1; - continue; + if (errcode != 0) + { + fail_count += 1; + BSL_LOG_ERR("Security Op failed: %d", errcode); + BSL_SecOper_SetConclusion(sec_oper, BSL_SECOP_CONCLUSION_FAILURE); + continue; + } + BSL_SecOper_SetConclusion(sec_oper, BSL_SECOP_CONCLUSION_SUCCESS); } } free(outcome); diff --git a/src/policy_provider/SamplePolicyProvider.c b/src/policy_provider/SamplePolicyProvider.c index f22320d5..115a294b 100644 --- a/src/policy_provider/SamplePolicyProvider.c +++ b/src/policy_provider/SamplePolicyProvider.c @@ -102,8 +102,10 @@ int BSLP_QueryPolicy(const void *user_data, BSL_SecurityActionSet_t *output_acti } BSL_SecurityActionSet_Init(output_action_set); - const size_t capacity = sizeof(self->rules) / sizeof(BSLP_PolicyRule_t); + BSL_SecurityAction_t *action = calloc(BSL_SecurityAction_Sizeof(), 1); + + const size_t capacity = sizeof(self->rules) / sizeof(BSLP_PolicyRule_t); for (size_t index = 0; index < self->rule_count && index < capacity; index++) { const BSLP_PolicyRule_t *rule = &self->rules[index]; @@ -121,23 +123,25 @@ int BSLP_QueryPolicy(const void *user_data, BSL_SecurityActionSet_t *output_acti if (target_block_num == 0 && rule->target_block_type != BSL_BLOCK_TYPE_PRIMARY) { BSL_LOG_WARNING("Cannot find target block type = %lu", rule->target_block_type); - BSL_SecurityActionSet_IncrError(output_action_set); continue; } - BSL_SecOper_t *sec_oper = calloc(BSL_SecurityActionSet_Sizeof(), 1); + BSL_SecOper_t *sec_oper = calloc(BSL_SecOper_Sizeof(), 1); if (BSLP_PolicyRule_EvaluateAsSecOper(rule, sec_oper, bundle, location) < 0) { - BSL_SecurityActionSet_IncrError(output_action_set); + BSL_SecurityAction_IncrError(action); } else { - BSL_SecurityActionSet_AppendSecOper(output_action_set, sec_oper); + BSL_SecurityAction_AppendSecOper(action, sec_oper); } free(sec_oper); BSL_LOG_INFO("Created sec operation for rule `%s`", rule->description); } + BSL_SecurityActionSet_AppendAction(output_action_set, action); + free(action); + CHK_POSTCONDITION(BSL_SecurityActionSet_IsConsistent(output_action_set)); return (int)BSL_SecurityActionSet_CountErrors(output_action_set); } diff --git a/src/security_context/BCB_AES_GCM.c b/src/security_context/BCB_AES_GCM.c index b28a23e9..7252e79d 100644 --- a/src/security_context/BCB_AES_GCM.c +++ b/src/security_context/BCB_AES_GCM.c @@ -562,6 +562,9 @@ int BSLX_BCB_Execute(BSL_LibCtx_t *lib, const BSL_BundleRef_t *bundle, const BSL BSL_SecOutcome_t *sec_outcome) { (void)lib; + + BSL_LOG_INFO("SC BCB SOURCE (SEC_OPER %lu) (OUTCOME %lu)", sec_oper, sec_outcome); + CHK_ARG_NONNULL(bundle); CHK_ARG_NONNULL(sec_oper); CHK_ARG_NONNULL(sec_outcome); diff --git a/test/bsl_test_utils.c b/test/bsl_test_utils.c index dfe47aee..906ecca9 100644 --- a/test/bsl_test_utils.c +++ b/test/bsl_test_utils.c @@ -84,11 +84,11 @@ void BSL_TestUtils_InitBCB_Appendix2(BCBTestContext *context, BSL_SecRole_e role BSL_SecurityActionSet_t *BSL_TestUtils_InitMallocBIBActionSet(BIBTestContext *bib_context) { BSL_SecurityActionSet_t *action_set = calloc(sizeof(BSL_SecurityActionSet_t), 1); - // Populate a PolicyActionSet with one action, of the appendix A1 BIB - action_set->arrays_capacity = sizeof(action_set->sec_operations) / sizeof(BSL_SecOper_t); - action_set->sec_operations_count = 1; - BSL_SecOper_t *bib_oper = &action_set->sec_operations[0]; - *bib_oper = bib_context->sec_oper; + BSL_SecurityActionSet_Init(action_set); + BSL_SecurityAction_t *act = calloc(sizeof(BSL_SecurityAction_t), 1); + BSL_SecurityAction_Init(act); + BSL_SecurityAction_AppendSecOper(act, &bib_context->sec_oper); + BSL_SecurityActionSet_AppendAction(action_set, act); return action_set; } diff --git a/test/bsl_test_utils.h b/test/bsl_test_utils.h index dc0b1940..ffd9d999 100644 --- a/test/bsl_test_utils.h +++ b/test/bsl_test_utils.h @@ -29,6 +29,7 @@ #include #include #include +//#include #include diff --git a/test/test_BackendPolicyProvider.c b/test/test_BackendPolicyProvider.c index 831366e2..18f52daa 100644 --- a/test/test_BackendPolicyProvider.c +++ b/test/test_BackendPolicyProvider.c @@ -83,8 +83,11 @@ void test_PolicyProvider_InspectEmptyRuleset(void) TEST_ASSERT_EQUAL(0, BSL_PolicyRegistry_InspectActions(&LocalTestCtx.bsl, &action_set, &LocalTestCtx.mock_bpa_ctr.bundle_ref, BSL_POLICYLOCATION_APPIN)); - TEST_ASSERT_EQUAL(0, BSL_SecurityActionSet_CountSecOpers(&action_set)); - TEST_ASSERT_EQUAL(0, BSL_SecurityActionSet_GetErrCode(&action_set)); + TEST_ASSERT_EQUAL(1, BSL_SecurityActionSet_CountActions(&action_set)); + const BSL_SecurityAction_t *act = BSL_SecurityActionSet_GetActionAtIndex(&action_set, 0); + TEST_ASSERT_EQUAL(0, BSL_SecurityAction_CountSecOpers(act)); + + BSL_SecurityActionSet_Deinit(&action_set); } /** @@ -116,8 +119,10 @@ void test_PolicyProvider_InspectSingleBIBRuleset(void) TEST_ASSERT_EQUAL(0, BSL_PolicyRegistry_InspectActions(&LocalTestCtx.bsl, &action_set, &LocalTestCtx.mock_bpa_ctr.bundle_ref, BSL_POLICYLOCATION_APPIN)); - TEST_ASSERT_EQUAL(1, BSL_SecurityActionSet_CountSecOpers(&action_set)); - TEST_ASSERT_EQUAL(0, BSL_SecurityActionSet_GetErrCode(&action_set)); + TEST_ASSERT_EQUAL(1, BSL_SecurityActionSet_CountActions(&action_set)); + TEST_ASSERT_EQUAL(1, BSL_SecurityActionSet_GetActionAtIndex(&action_set, 0)->sec_op_list_length); + + BSL_SecurityActionSet_Deinit(&action_set); } /** @@ -147,9 +152,9 @@ void test_PolicyProvider_Inspect_RFC9173_BIB(void) TEST_ASSERT_EQUAL(0, BSL_PolicyRegistry_InspectActions(&LocalTestCtx.bsl, &action_set, &LocalTestCtx.mock_bpa_ctr.bundle_ref, BSL_POLICYLOCATION_APPIN)); - TEST_ASSERT_EQUAL(1, BSL_SecurityActionSet_CountSecOpers(&action_set)); - TEST_ASSERT_EQUAL(0, BSL_SecurityActionSet_GetErrCode(&action_set)); - TEST_ASSERT_EQUAL(3, BSL_SecOper_CountParams(BSL_SecurityActionSet_GetSecOperAtIndex(&action_set, 0))); + const BSL_SecurityAction_t *act = BSL_SecurityActionSet_GetActionAtIndex(&action_set, 0); + TEST_ASSERT_EQUAL(1, BSL_SecurityAction_CountSecOpers(act)); + TEST_ASSERT_EQUAL(3, BSL_SecOper_CountParams(BSL_SecurityAction_GetSecOperAtIndex(act, 0))); BSL_SecurityActionSet_Deinit(&action_set); } diff --git a/test/test_BackendSecurityContext.c b/test/test_BackendSecurityContext.c index b62e788c..a94365aa 100644 --- a/test/test_BackendSecurityContext.c +++ b/test/test_BackendSecurityContext.c @@ -287,9 +287,14 @@ void test_RFC9173_AppendixA_Example3_Acceptor(void) BSL_SecurityActionSet_t *malloced_actionset = calloc(1, BSL_SecurityActionSet_Sizeof()); BSL_SecurityActionSet_Init(malloced_actionset); - BSL_SecurityActionSet_AppendSecOper(malloced_actionset, &bib_oper_primary); - BSL_SecurityActionSet_AppendSecOper(malloced_actionset, &bib_oper_ext_block); - BSL_SecurityActionSet_AppendSecOper(malloced_actionset, &bcb_oper); + + BSL_SecurityAction_t *malloced_action = calloc(1, BSL_SecurityAction_Sizeof()); + BSL_SecurityAction_Init(malloced_action); + BSL_SecurityAction_AppendSecOper(malloced_action, &bib_oper_primary); + BSL_SecurityAction_AppendSecOper(malloced_action, &bib_oper_ext_block); + BSL_SecurityAction_AppendSecOper(malloced_action, &bcb_oper); + + BSL_SecurityActionSet_AppendAction(malloced_actionset, malloced_action); BSL_SecurityResponseSet_t *malloced_responseset = BSL_TestUtils_MallocEmptyPolicyResponse(); @@ -300,6 +305,7 @@ void test_RFC9173_AppendixA_Example3_Acceptor(void) BSL_SecurityResponseSet_Deinit(malloced_responseset); BSL_SecurityActionSet_Deinit(malloced_actionset); + free(malloced_action); free(malloced_actionset); free(malloced_responseset); } @@ -357,9 +363,14 @@ void test_RFC9173_AppendixA_Example3_Source(void) BSL_SecurityActionSet_t *malloced_actionset = calloc(1, BSL_SecurityActionSet_Sizeof()); BSL_SecurityActionSet_Init(malloced_actionset); - BSL_SecurityActionSet_AppendSecOper(malloced_actionset, &bib_oper_primary); - BSL_SecurityActionSet_AppendSecOper(malloced_actionset, &bib_oper_ext_block); - BSL_SecurityActionSet_AppendSecOper(malloced_actionset, &bcb_oper); + + BSL_SecurityAction_t *malloced_action = calloc(1, BSL_SecurityAction_Sizeof()); + BSL_SecurityAction_Init(malloced_action); + BSL_SecurityAction_AppendSecOper(malloced_action, &bib_oper_primary); + BSL_SecurityAction_AppendSecOper(malloced_action, &bib_oper_ext_block); + BSL_SecurityAction_AppendSecOper(malloced_action, &bcb_oper); + + BSL_SecurityActionSet_AppendAction(malloced_actionset, malloced_action); BSL_SecurityResponseSet_t *malloced_responseset = BSL_TestUtils_MallocEmptyPolicyResponse(); @@ -378,6 +389,7 @@ void test_RFC9173_AppendixA_Example3_Source(void) BSL_SecurityResponseSet_Deinit(malloced_responseset); BSL_SecurityActionSet_Deinit(malloced_actionset); + free(malloced_action); free(malloced_actionset); free(malloced_responseset); } @@ -444,9 +456,14 @@ void test_RFC9173_AppendixA_Example4_Acceptor(void) BSL_SecurityActionSet_t *malloced_actionset = calloc(1, BSL_SecurityActionSet_Sizeof()); BSL_SecurityActionSet_Init(malloced_actionset); - BSL_SecurityActionSet_AppendSecOper(malloced_actionset, &bcb_op_tgt_payload); - BSL_SecurityActionSet_AppendSecOper(malloced_actionset, &bcb_op_tgt_bib); - BSL_SecurityActionSet_AppendSecOper(malloced_actionset, &bib_oper_payload); + + BSL_SecurityAction_t *malloced_action = calloc(1, BSL_SecurityAction_Sizeof()); + BSL_SecurityAction_Init(malloced_action); + BSL_SecurityAction_AppendSecOper(malloced_action, &bcb_op_tgt_payload); + BSL_SecurityAction_AppendSecOper(malloced_action, &bcb_op_tgt_bib); + BSL_SecurityAction_AppendSecOper(malloced_action, &bib_oper_payload); + + BSL_SecurityActionSet_AppendAction(malloced_actionset, malloced_action); BSL_SecurityResponseSet_t *malloced_responseset = BSL_TestUtils_MallocEmptyPolicyResponse(); @@ -465,6 +482,7 @@ void test_RFC9173_AppendixA_Example4_Acceptor(void) BSL_SecurityResponseSet_Deinit(malloced_responseset); BSL_SecurityActionSet_Deinit(malloced_actionset); + free(malloced_action); free(malloced_actionset); free(malloced_responseset); } @@ -517,9 +535,14 @@ void test_RFC9173_AppendixA_Example4_Source(void) BSL_SecurityActionSet_t *malloced_actionset = calloc(1, BSL_SecurityActionSet_Sizeof()); BSL_SecurityActionSet_Init(malloced_actionset); - BSL_SecurityActionSet_AppendSecOper(malloced_actionset, &bcb_op_tgt_payload); - BSL_SecurityActionSet_AppendSecOper(malloced_actionset, &bcb_op_tgt_bib); - BSL_SecurityActionSet_AppendSecOper(malloced_actionset, &bib_oper_payload); + + BSL_SecurityAction_t *malloced_action = calloc(1, BSL_SecurityAction_Sizeof()); + BSL_SecurityAction_Init(malloced_action); + BSL_SecurityAction_AppendSecOper(malloced_action, &bcb_op_tgt_payload); + BSL_SecurityAction_AppendSecOper(malloced_action, &bcb_op_tgt_bib); + BSL_SecurityAction_AppendSecOper(malloced_action, &bib_oper_payload); + + BSL_SecurityActionSet_AppendAction(malloced_actionset, malloced_action); BSL_SecurityResponseSet_t *malloced_responseset = BSL_TestUtils_MallocEmptyPolicyResponse(); @@ -534,6 +557,7 @@ void test_RFC9173_AppendixA_Example4_Source(void) BSL_SecurityResponseSet_Deinit(malloced_responseset); BSL_SecurityActionSet_Deinit(malloced_actionset); + free(malloced_action); free(malloced_actionset); free(malloced_responseset); } diff --git a/test/test_PublicInterfaceImpl.c b/test/test_PublicInterfaceImpl.c index cb22c9be..5d18615f 100644 --- a/test/test_PublicInterfaceImpl.c +++ b/test/test_PublicInterfaceImpl.c @@ -149,7 +149,8 @@ void test_SourceSimpleBIB(void) TEST_ASSERT_EQUAL(0, query_result); // We know that it contains one operation (Add a BIB block to payload) - TEST_ASSERT_EQUAL(1, action_set.sec_operations_count); + TEST_ASSERT_EQUAL(1, action_set.action_count); + TEST_ASSERT_EQUAL(1, BSL_SecurityActionSet_GetActionAtIndex(&action_set, 0)->sec_op_list_length); } { @@ -202,7 +203,9 @@ void test_API_RemoveFailedBlock(void) BSL_POLICYLOCATION_CLIN); TEST_ASSERT_EQUAL(0, query_result); - TEST_ASSERT_EQUAL(1, action_set.sec_operations_count); + TEST_ASSERT_EQUAL(1, action_set.action_count); + TEST_ASSERT_EQUAL(1, BSL_SecurityActionSet_GetActionAtIndex(&action_set, 0)->sec_op_list_length); + // We know that we should expect one failure in the result. BSL_SecurityResponseSet_t response_set = { 0 }; From 5105a196166393815fa9f9480e5be62ad564d291 Mon Sep 17 00:00:00 2001 From: Joshua Stone Date: Mon, 11 Aug 2025 13:48:49 -0400 Subject: [PATCH 02/21] new files --- src/backend/SecurityAction.c | 79 ++++++++++++++++++++++++++++++++++++ src/backend/SecurityAction.h | 14 +++++++ 2 files changed, 93 insertions(+) create mode 100644 src/backend/SecurityAction.c create mode 100644 src/backend/SecurityAction.h diff --git a/src/backend/SecurityAction.c b/src/backend/SecurityAction.c new file mode 100644 index 00000000..a5778a3b --- /dev/null +++ b/src/backend/SecurityAction.c @@ -0,0 +1,79 @@ +#include "SecurityAction.h" + +size_t BSL_SecurityAction_Sizeof(void) +{ + return sizeof(BSL_SecurityAction_t); +} + +bool BSL_SecurityAction_IsConsistent(const BSL_SecurityAction_t *self) +{ + (void) self; + return true; +} + +void BSL_SecurityAction_Init(BSL_SecurityAction_t *self) +{ + ASSERT_ARG_NONNULL(self); + + BSL_SecOperList_init(self->sec_op_list); + self->sec_op_list_length = 0; + self->err_ct = 0; +} + +void BSL_SecurityAction_Deinit(BSL_SecurityAction_t *self) +{ + ASSERT_ARG_NONNULL(self); + + BSL_SecOperList_clear(self->sec_op_list); +} + +void BSL_SecurityAction_IncrError(BSL_SecurityAction_t *self) +{ + ASSERT_ARG_NONNULL(self); + self->err_ct++; +} + +size_t BSL_SecurityAction_CountErrors(const BSL_SecurityAction_t *self) +{ + ASSERT_ARG_NONNULL(self); + return self->err_ct; +} + +int BSL_SecurityAction_AppendSecOper(BSL_SecurityAction_t *self, BSL_SecOper_t *sec_oper) +{ + ASSERT_ARG_NONNULL(self); + + BSL_SecOperList_it_t it; + for (BSL_SecOperList_it(it, self->sec_op_list); !BSL_SecOperList_end_p(it); BSL_SecOperList_next(it)) + { + if (BSL_SecOper_GetTargetBlockNum(BSL_SecOperList_cref(it)) == BSL_SecOper_GetTargetBlockNum(sec_oper)) + { + if (!(BSL_SecOper_IsBIB(BSL_SecOperList_cref(it)) ^ BSL_SecOper_IsBIB(sec_oper))) + { + BSL_SecOper_SetConclusion(sec_oper, BSL_SECOP_CONCLUSION_INVALID); + } + BSL_SecOperList_insert(self->sec_op_list, it, *sec_oper); + self->sec_op_list_length ++; + return BSL_SUCCESS; + } + } + + // Target not shared, order doesn't matter + + BSL_SecOperList_push_back(self->sec_op_list, *sec_oper); + self->sec_op_list_length ++; + + return BSL_SUCCESS; +} + +size_t BSL_SecurityAction_CountSecOpers(const BSL_SecurityAction_t *self) +{ + ASSERT_ARG_NONNULL(self); + return self->sec_op_list_length; +} + +const BSL_SecOper_t *BSL_SecurityAction_GetSecOperAtIndex(const BSL_SecurityAction_t *self, size_t index) +{ + ASSERT_ARG_NONNULL(self); + return BSL_SecOperList_cget(self->sec_op_list, index); +} \ No newline at end of file diff --git a/src/backend/SecurityAction.h b/src/backend/SecurityAction.h new file mode 100644 index 00000000..a7bbfe70 --- /dev/null +++ b/src/backend/SecurityAction.h @@ -0,0 +1,14 @@ +#include "m-list.h" +#include +#include "SecOperation.h" + +// NOLINTBEGIN +LIST_DEF(BSL_SecOperList, BSL_SecOper_t, M_OPEXTEND(M_POD_OPLIST, CLEAR(API_2(BSL_SecOper_Deinit)))) +// NOLINTEND + +struct BSL_SecurityAction_s +{ + BSL_SecOperList_t sec_op_list; + size_t sec_op_list_length; + size_t err_ct; +}; \ No newline at end of file From 3efcec57fe4312a72ce2f51c84ed4723c80afe5b Mon Sep 17 00:00:00 2001 From: Joshua Stone Date: Mon, 11 Aug 2025 14:27:52 -0400 Subject: [PATCH 03/21] checkpoint 2 --- src/BPSecLib_Private.h | 2 ++ src/backend/SecurityAction.c | 2 ++ src/backend/SecurityActionSet.c | 8 ++++++++ src/backend/SecurityActionSet.h | 1 + src/backend/SecurityContext.c | 6 ++++-- test/test_BackendSecurityContext.c | 14 +++++++------- 6 files changed, 24 insertions(+), 9 deletions(-) diff --git a/src/BPSecLib_Private.h b/src/BPSecLib_Private.h index 1fa10593..f7753178 100644 --- a/src/BPSecLib_Private.h +++ b/src/BPSecLib_Private.h @@ -1113,6 +1113,8 @@ int BSL_SecurityActionSet_AppendAction(BSL_SecurityActionSet_t *self, const BSL_ */ bool BSL_SecurityActionSet_IsConsistent(const BSL_SecurityActionSet_t *self); +size_t BSL_SecurityActionSet_CountOperations(const BSL_SecurityActionSet_t *self); + /** Count number of security operations present in this policy action set. * * @param[in] self This action set. diff --git a/src/backend/SecurityAction.c b/src/backend/SecurityAction.c index a5778a3b..c811d0ba 100644 --- a/src/backend/SecurityAction.c +++ b/src/backend/SecurityAction.c @@ -52,8 +52,10 @@ int BSL_SecurityAction_AppendSecOper(BSL_SecurityAction_t *self, BSL_SecOper_t * { BSL_SecOper_SetConclusion(sec_oper, BSL_SECOP_CONCLUSION_INVALID); } + BSL_LOG_INFO("Inserting secop (tgt=%d) (ctx=%d) AFTER same target", sec_oper->target_block_num, sec_oper->context_id); BSL_SecOperList_insert(self->sec_op_list, it, *sec_oper); self->sec_op_list_length ++; + BSL_LOG_INFO("len struct %lu, len mlib %lu", self->sec_op_list_length, BSL_SecOperList_size(self->sec_op_list)); return BSL_SUCCESS; } } diff --git a/src/backend/SecurityActionSet.c b/src/backend/SecurityActionSet.c index 0efce988..e62db19e 100644 --- a/src/backend/SecurityActionSet.c +++ b/src/backend/SecurityActionSet.c @@ -50,6 +50,7 @@ void BSL_SecurityActionSet_Deinit(BSL_SecurityActionSet_t *self) BSL_SecActionList_clear(self->actions); self->err_count = 0; self->action_count = 0; + self->operation_count = 0; } int BSL_SecurityActionSet_AppendAction(BSL_SecurityActionSet_t *self, const BSL_SecurityAction_t *action) @@ -58,6 +59,7 @@ int BSL_SecurityActionSet_AppendAction(BSL_SecurityActionSet_t *self, const BSL_ BSL_SecActionList_push_back(self->actions, *action); self->err_count += action->err_ct; self->action_count++; + self->operation_count += action->sec_op_list_length; return BSL_SUCCESS; } @@ -68,6 +70,12 @@ size_t BSL_SecurityActionSet_CountActions(const BSL_SecurityActionSet_t *self) return self->action_count; } +size_t BSL_SecurityActionSet_CountOperations(const BSL_SecurityActionSet_t *self) +{ + ASSERT_ARG_NONNULL(self); + return self->operation_count; +} + const BSL_SecurityAction_t *BSL_SecurityActionSet_GetActionAtIndex(const BSL_SecurityActionSet_t *self, size_t index) { ASSERT_ARG_NONNULL(self); diff --git a/src/backend/SecurityActionSet.h b/src/backend/SecurityActionSet.h index 02508553..1cf93e79 100644 --- a/src/backend/SecurityActionSet.h +++ b/src/backend/SecurityActionSet.h @@ -38,6 +38,7 @@ struct BSL_SecurityActionSet_s BSL_SecActionList_t actions; size_t action_count; size_t err_count; + size_t operation_count; }; #endif /* BSLB_SECACTIONSET_H_ */ diff --git a/src/backend/SecurityContext.c b/src/backend/SecurityContext.c index c253c183..2fd322a4 100644 --- a/src/backend/SecurityContext.c +++ b/src/backend/SecurityContext.c @@ -467,7 +467,7 @@ int BSL_SecCtx_ExecutePolicyActionSet(BSL_LibCtx_t *lib, BSL_SecurityResponseSet CHK_PRECONDITION(BSL_SecurityActionSet_IsConsistent(action_set)); // NOLINTEND - BSL_SecurityResponseSet_Init(output_response, BSL_SecurityActionSet_CountActions(action_set), 0); + BSL_SecurityResponseSet_Init(output_response, BSL_SecurityActionSet_CountOperations(action_set), 0); /** * Notes: * - It should evaluate every security operation, even if earlier ones failed. @@ -485,11 +485,13 @@ int BSL_SecCtx_ExecutePolicyActionSet(BSL_LibCtx_t *lib, BSL_SecurityResponseSet BSL_SecOperList_it_t secop_it; for (BSL_SecOperList_it(secop_it, act->sec_op_list); !BSL_SecOperList_end_p(secop_it); BSL_SecOperList_next(secop_it)) { + memset(outcome, 0, BSL_SecOutcome_Sizeof()); + BSL_SecOper_t *sec_oper = BSL_SecOperList_ref(secop_it); const BSL_SecCtxDesc_t *sec_ctx = BSL_SecCtxDict_cget(lib->sc_reg, sec_oper->context_id); ASSERT_PROPERTY(sec_ctx != NULL); - memset(outcome, 0, BSL_SecOutcome_Sizeof()); + BSL_SecOutcome_Init(outcome, sec_oper, 100000); BSL_LOG_INFO("SC ABOUT TO ENTER CTX (SEC_OPER %lu) (ACTION %lu)", sec_oper, act); diff --git a/test/test_BackendSecurityContext.c b/test/test_BackendSecurityContext.c index a94365aa..628629b0 100644 --- a/test/test_BackendSecurityContext.c +++ b/test/test_BackendSecurityContext.c @@ -86,7 +86,7 @@ void tearDown(void) * - Common repeated patterns are in the process of being factored out * - All values are drawn from RFC9173 Appendix A. */ -void test_SecurityContext_BIB_Source(void) +void ntest_SecurityContext_BIB_Source(void) { TEST_ASSERT_EQUAL( 0, BSL_TestUtils_LoadBundleFromCBOR(&LocalTestCtx, RFC9173_TestVectors_AppendixA1.cbor_bundle_original)); @@ -130,7 +130,7 @@ void test_SecurityContext_BIB_Source(void) * - Common repeated patterns are in the process of being factored out * - All values are drawn from RFC9173 Appendix A. */ -void test_SecurityContext_BIB_Verifier(void) +void ntest_SecurityContext_BIB_Verifier(void) { TEST_ASSERT_EQUAL(0, BSL_TestUtils_LoadBundleFromCBOR(&LocalTestCtx, RFC9173_TestVectors_AppendixA1.cbor_bundle_bib)); @@ -169,7 +169,7 @@ void test_SecurityContext_BIB_Verifier(void) * Notes: * - Check more than return code, look deeper into outcome. */ -void test_SecurityContext_BIB_Verifier_Failure(void) +void ntest_SecurityContext_BIB_Verifier_Failure(void) { // TODO(bvb) Note that this is basically identical to above except different key, they should be consolidated TEST_ASSERT_EQUAL(0, @@ -208,7 +208,7 @@ void test_SecurityContext_BIB_Verifier_Failure(void) * - Check that the BIB result was removed from the bundle (by making sure the encoding matches bundle in A1.1) * */ -void test_SecurityContext_BIB_Acceptor(void) +void ntest_SecurityContext_BIB_Acceptor(void) { TEST_ASSERT_EQUAL(0, BSL_TestUtils_LoadBundleFromCBOR(&LocalTestCtx, RFC9173_TestVectors_AppendixA1.cbor_bundle_bib)); @@ -250,7 +250,7 @@ void test_SecurityContext_BIB_Acceptor(void) } // See RFC: https://www.rfc-editor.org/rfc/rfc9173.html#name-example-3-security-blocks-f -void test_RFC9173_AppendixA_Example3_Acceptor(void) +void ntest_RFC9173_AppendixA_Example3_Acceptor(void) { BSL_Crypto_SetRngGenerator(rfc9173_byte_gen_fn_a4); const char *final_bundle = ("9f88070000820282010282028202018202820201820018281a000f4240850b0300" @@ -310,7 +310,7 @@ void test_RFC9173_AppendixA_Example3_Acceptor(void) free(malloced_responseset); } -void test_RFC9173_AppendixA_Example3_Source(void) +void ntest_RFC9173_AppendixA_Example3_Source(void) { // See: https://www.rfc-editor.org/rfc/rfc9173.html#appendix-A.3.1 const char *plain_bundle = ("9f88070000820282010282028202018202820201820018281a000f424085070200" @@ -394,7 +394,7 @@ void test_RFC9173_AppendixA_Example3_Source(void) free(malloced_responseset); } -void test_RFC9173_AppendixA_Example4_Acceptor(void) +void ntest_RFC9173_AppendixA_Example4_Acceptor(void) { BSL_Crypto_SetRngGenerator(rfc9173_byte_gen_fn_a4); // See: https://www.rfc-editor.org/rfc/rfc9173.html#appendix-A.4.5 From 2ba2f419432c1dfd15a952251cffb91eae5b56cb Mon Sep 17 00:00:00 2001 From: Joshua Stone Date: Mon, 11 Aug 2025 17:17:44 -0400 Subject: [PATCH 04/21] working? --- mock-bpa-test/requirements_tests.py | 2 +- src/BPSecLib_Private.h | 2 +- src/backend/SecParam.c | 2 +- src/backend/SecurityAction.c | 62 ++++++++++++++++++++++++++--- test/bsl_test_utils.c | 1 + test/test_BackendSecurityContext.c | 8 ++-- 6 files changed, 66 insertions(+), 11 deletions(-) diff --git a/mock-bpa-test/requirements_tests.py b/mock-bpa-test/requirements_tests.py index 83a71029..6c4d1879 100644 --- a/mock-bpa-test/requirements_tests.py +++ b/mock-bpa-test/requirements_tests.py @@ -45,7 +45,7 @@ def __init__(self): [7, 0, 0, [2, [1, 2]], [2, [2, 1]], [2, [2, 1]], [0, 40], 1000000], [1, 1, 0, 0, bytes.fromhex('526561647920746F2067656E657261746520612033322D62797465207061796C6F6164')] ], - policy_config='0x186,0x187', + policy_config='0x1A6,0x1A7', is_implemented=True, is_working=True, expect_success=True, diff --git a/src/BPSecLib_Private.h b/src/BPSecLib_Private.h index f7753178..2700c869 100644 --- a/src/BPSecLib_Private.h +++ b/src/BPSecLib_Private.h @@ -1067,7 +1067,7 @@ int BSL_SecurityAction_AppendSecOper(BSL_SecurityAction_t *self, BSL_SecOper_t * size_t BSL_SecurityAction_CountSecOpers(const BSL_SecurityAction_t *self); -const BSL_SecOper_t *BSL_SecurityAction_GetSecOperAtIndex(const BSL_SecurityAction_t *self, size_t index); +BSL_SecOper_t *BSL_SecurityAction_GetSecOperAtIndex(const BSL_SecurityAction_t *self, size_t index); /** @brief Increment a security failure for this action set * diff --git a/src/backend/SecParam.c b/src/backend/SecParam.c index c63360e0..d659a1b3 100644 --- a/src/backend/SecParam.c +++ b/src/backend/SecParam.c @@ -107,7 +107,7 @@ bool BSL_SecParam_IsConsistent(const BSL_SecParam_t *self) { CHK_AS_BOOL(self != NULL); CHK_AS_BOOL(self->param_id > 0); - CHK_AS_BOOL(self->_type > BSL_SECPARAM_TYPE_UNKNOWN && self->_type <= BSL_SECPARAM_TYPE_BYTESTR); + CHK_AS_BOOL(self->_type > BSL_SECPARAM_TYPE_UNKNOWN && self->_type <= BSL_SECPARAM_TYPE_STR); if (self->_type == BSL_SECPARAM_TYPE_INT64) { diff --git a/src/backend/SecurityAction.c b/src/backend/SecurityAction.c index c811d0ba..3c9cdfbe 100644 --- a/src/backend/SecurityAction.c +++ b/src/backend/SecurityAction.c @@ -43,21 +43,73 @@ int BSL_SecurityAction_AppendSecOper(BSL_SecurityAction_t *self, BSL_SecOper_t * { ASSERT_ARG_NONNULL(self); + BSL_LOG_INFO("APPENDING SECOP: %lu ; tgt=%d; sc=%d", sec_oper, BSL_SecOper_GetTargetBlockNum(sec_oper), BSL_SecOper_GetSecurityBlockNum(sec_oper)); + BSL_SecOperList_it_t it; + BSL_SecOperList_it_t it2; + bool first_it = true; for (BSL_SecOperList_it(it, self->sec_op_list); !BSL_SecOperList_end_p(it); BSL_SecOperList_next(it)) { + // New sec block shares target with another sec block if (BSL_SecOper_GetTargetBlockNum(BSL_SecOperList_cref(it)) == BSL_SecOper_GetTargetBlockNum(sec_oper)) { + bool before = !(BSL_SecOper_IsBIB(sec_oper) ^ BSL_SecOper_IsRoleSource(sec_oper)); + if (before) + { + BSL_LOG_INFO("INSERTING NEW SEC OP BEFORE (tgt=%d)", BSL_SecOper_GetTargetBlockNum(BSL_SecOperList_cref(it))); + + // It seems the m*lib docs is incorrect here - + // it states that an uninitialized it2 = insert at front, but it was causing errors + // So, let's use a simple bool and check + if (first_it) + { + BSL_SecOperList_push_back(self->sec_op_list, *sec_oper); + } + else + { + BSL_SecOperList_insert(self->sec_op_list, it2, *sec_oper); + } + } + else + { + BSL_LOG_INFO("INSERTING NEW SEC OP AFTER (tgt=%d)", BSL_SecOper_GetTargetBlockNum(BSL_SecOperList_cref(it))); + BSL_SecOperList_insert(self->sec_op_list, it, *sec_oper); + } + if (!(BSL_SecOper_IsBIB(BSL_SecOperList_cref(it)) ^ BSL_SecOper_IsBIB(sec_oper))) { BSL_SecOper_SetConclusion(sec_oper, BSL_SECOP_CONCLUSION_INVALID); } - BSL_LOG_INFO("Inserting secop (tgt=%d) (ctx=%d) AFTER same target", sec_oper->target_block_num, sec_oper->context_id); - BSL_SecOperList_insert(self->sec_op_list, it, *sec_oper); + + self->sec_op_list_length ++; + return BSL_SUCCESS; + } + + // New sec block is the target of another sec block + if (BSL_SecOper_GetTargetBlockNum(BSL_SecOperList_cref(it)) == BSL_SecOper_GetSecurityBlockNum(sec_oper)) + { + BSL_LOG_INFO("NEW SEC OP IS TGT, INSERTING AFTER (ptr=%lu)(tgt=%d)", sec_oper, BSL_SecOper_GetTargetBlockNum(BSL_SecOperList_cref(it))); + if (first_it) + { + BSL_SecOperList_push_back(self->sec_op_list, *sec_oper); + } + else + { + BSL_SecOperList_insert(self->sec_op_list, it2, *sec_oper); + } self->sec_op_list_length ++; - BSL_LOG_INFO("len struct %lu, len mlib %lu", self->sec_op_list_length, BSL_SecOperList_size(self->sec_op_list)); return BSL_SUCCESS; } + + if (first_it) + { + BSL_SecOperList_it(it2, self->sec_op_list); + first_it = false; + } + else + { + BSL_SecOperList_next(it2); + } } // Target not shared, order doesn't matter @@ -74,8 +126,8 @@ size_t BSL_SecurityAction_CountSecOpers(const BSL_SecurityAction_t *self) return self->sec_op_list_length; } -const BSL_SecOper_t *BSL_SecurityAction_GetSecOperAtIndex(const BSL_SecurityAction_t *self, size_t index) +BSL_SecOper_t *BSL_SecurityAction_GetSecOperAtIndex(const BSL_SecurityAction_t *self, size_t index) { ASSERT_ARG_NONNULL(self); - return BSL_SecOperList_cget(self->sec_op_list, index); + return BSL_SecOperList_get(self->sec_op_list, index); } \ No newline at end of file diff --git a/test/bsl_test_utils.c b/test/bsl_test_utils.c index 906ecca9..069f9184 100644 --- a/test/bsl_test_utils.c +++ b/test/bsl_test_utils.c @@ -89,6 +89,7 @@ BSL_SecurityActionSet_t *BSL_TestUtils_InitMallocBIBActionSet(BIBTestContext *bi BSL_SecurityAction_Init(act); BSL_SecurityAction_AppendSecOper(act, &bib_context->sec_oper); BSL_SecurityActionSet_AppendAction(action_set, act); + free(act); return action_set; } diff --git a/test/test_BackendSecurityContext.c b/test/test_BackendSecurityContext.c index 628629b0..8492f339 100644 --- a/test/test_BackendSecurityContext.c +++ b/test/test_BackendSecurityContext.c @@ -394,7 +394,7 @@ void ntest_RFC9173_AppendixA_Example3_Source(void) free(malloced_responseset); } -void ntest_RFC9173_AppendixA_Example4_Acceptor(void) +void test_RFC9173_AppendixA_Example4_Acceptor(void) { BSL_Crypto_SetRngGenerator(rfc9173_byte_gen_fn_a4); // See: https://www.rfc-editor.org/rfc/rfc9173.html#appendix-A.4.5 @@ -459,9 +459,9 @@ void ntest_RFC9173_AppendixA_Example4_Acceptor(void) BSL_SecurityAction_t *malloced_action = calloc(1, BSL_SecurityAction_Sizeof()); BSL_SecurityAction_Init(malloced_action); + BSL_SecurityAction_AppendSecOper(malloced_action, &bib_oper_payload); BSL_SecurityAction_AppendSecOper(malloced_action, &bcb_op_tgt_payload); BSL_SecurityAction_AppendSecOper(malloced_action, &bcb_op_tgt_bib); - BSL_SecurityAction_AppendSecOper(malloced_action, &bib_oper_payload); BSL_SecurityActionSet_AppendAction(malloced_actionset, malloced_action); @@ -487,7 +487,9 @@ void ntest_RFC9173_AppendixA_Example4_Acceptor(void) free(malloced_responseset); } -void test_RFC9173_AppendixA_Example4_Source(void) +// This is currently failing the BCB targets the BIB, but the BIB BTSD hasn't been filled yet. +// so, there is nothing to encrypt +void ntest_RFC9173_AppendixA_Example4_Source(void) { BSL_Crypto_SetRngGenerator(rfc9173_byte_gen_fn_a4); const char *original_bundle = ("9f88070000820282010282028202018202820201820018281a000f424085010100" From 53027290cebf7bbe9fd16eccad6cce278cf85fc1 Mon Sep 17 00:00:00 2001 From: Joshua Stone Date: Mon, 11 Aug 2025 17:24:58 -0400 Subject: [PATCH 05/21] clean up --- src/BPSecLib_Private.h | 29 +++++++++++++++++++++++++++++ src/backend/SecOperation.c | 2 -- src/backend/SecurityAction.c | 8 +------- src/backend/SecurityContext.c | 4 ---- src/security_context/BCB_AES_GCM.c | 2 -- 5 files changed, 30 insertions(+), 15 deletions(-) diff --git a/src/BPSecLib_Private.h b/src/BPSecLib_Private.h index 2700c869..4f35c686 100644 --- a/src/BPSecLib_Private.h +++ b/src/BPSecLib_Private.h @@ -1055,18 +1055,44 @@ const BSL_SecParam_t *BSL_SecOutcome_GetParamAt(const BSL_SecOutcome_t *self, si /// @return bool BSL_SecOutcome_IsInAbsSecBlock(const BSL_SecOutcome_t *self, const BSL_AbsSecBlock_t *abs_sec_block); +/** + * @return size of security operation + */ size_t BSL_SecurityAction_Sizeof(void); +/** + * @return true if security action @param self is consistent + */ bool BSL_SecurityAction_IsConsistent(const BSL_SecurityAction_t *self); +/** + * Initialize security action + * @param self security action + */ void BSL_SecurityAction_Init(BSL_SecurityAction_t *self); +/** + * De-initialize security action + * @param self security action + */ void BSL_SecurityAction_Deinit(BSL_SecurityAction_t *self); +/** + * Add security operation to security action, with deterministic ordering + * @param self action to add security operation to + * @param sec_oper new security operation to add + * @return 0 if successful + */ int BSL_SecurityAction_AppendSecOper(BSL_SecurityAction_t *self, BSL_SecOper_t *sec_oper); +/** + * @return number of security operation in the @param self action + */ size_t BSL_SecurityAction_CountSecOpers(const BSL_SecurityAction_t *self); +/** + * @return the security operation at @param index index in @param self security action + */ BSL_SecOper_t *BSL_SecurityAction_GetSecOperAtIndex(const BSL_SecurityAction_t *self, size_t index); /** @brief Increment a security failure for this action set @@ -1113,6 +1139,9 @@ int BSL_SecurityActionSet_AppendAction(BSL_SecurityActionSet_t *self, const BSL_ */ bool BSL_SecurityActionSet_IsConsistent(const BSL_SecurityActionSet_t *self); +/** + * @return the total number of operations within each of the actions of @param self action set + */ size_t BSL_SecurityActionSet_CountOperations(const BSL_SecurityActionSet_t *self); /** Count number of security operations present in this policy action set. diff --git a/src/backend/SecOperation.c b/src/backend/SecOperation.c index 0580ab93..0851d87c 100644 --- a/src/backend/SecOperation.c +++ b/src/backend/SecOperation.c @@ -98,8 +98,6 @@ uint64_t BSL_SecOper_GetSecurityBlockNum(const BSL_SecOper_t *self) uint64_t BSL_SecOper_GetTargetBlockNum(const BSL_SecOper_t *self) { - BSL_LOG_INFO("GET TARGET BLOCK NUM (SEC_OPER %lu) %d", self, self->target_block_num); - ASSERT_PRECONDITION(BSL_SecOper_IsConsistent(self)); return self->target_block_num; diff --git a/src/backend/SecurityAction.c b/src/backend/SecurityAction.c index 3c9cdfbe..1a62f0ae 100644 --- a/src/backend/SecurityAction.c +++ b/src/backend/SecurityAction.c @@ -43,8 +43,6 @@ int BSL_SecurityAction_AppendSecOper(BSL_SecurityAction_t *self, BSL_SecOper_t * { ASSERT_ARG_NONNULL(self); - BSL_LOG_INFO("APPENDING SECOP: %lu ; tgt=%d; sc=%d", sec_oper, BSL_SecOper_GetTargetBlockNum(sec_oper), BSL_SecOper_GetSecurityBlockNum(sec_oper)); - BSL_SecOperList_it_t it; BSL_SecOperList_it_t it2; bool first_it = true; @@ -55,9 +53,7 @@ int BSL_SecurityAction_AppendSecOper(BSL_SecurityAction_t *self, BSL_SecOper_t * { bool before = !(BSL_SecOper_IsBIB(sec_oper) ^ BSL_SecOper_IsRoleSource(sec_oper)); if (before) - { - BSL_LOG_INFO("INSERTING NEW SEC OP BEFORE (tgt=%d)", BSL_SecOper_GetTargetBlockNum(BSL_SecOperList_cref(it))); - + { // It seems the m*lib docs is incorrect here - // it states that an uninitialized it2 = insert at front, but it was causing errors // So, let's use a simple bool and check @@ -72,7 +68,6 @@ int BSL_SecurityAction_AppendSecOper(BSL_SecurityAction_t *self, BSL_SecOper_t * } else { - BSL_LOG_INFO("INSERTING NEW SEC OP AFTER (tgt=%d)", BSL_SecOper_GetTargetBlockNum(BSL_SecOperList_cref(it))); BSL_SecOperList_insert(self->sec_op_list, it, *sec_oper); } @@ -88,7 +83,6 @@ int BSL_SecurityAction_AppendSecOper(BSL_SecurityAction_t *self, BSL_SecOper_t * // New sec block is the target of another sec block if (BSL_SecOper_GetTargetBlockNum(BSL_SecOperList_cref(it)) == BSL_SecOper_GetSecurityBlockNum(sec_oper)) { - BSL_LOG_INFO("NEW SEC OP IS TGT, INSERTING AFTER (ptr=%lu)(tgt=%d)", sec_oper, BSL_SecOper_GetTargetBlockNum(BSL_SecOperList_cref(it))); if (first_it) { BSL_SecOperList_push_back(self->sec_op_list, *sec_oper); diff --git a/src/backend/SecurityContext.c b/src/backend/SecurityContext.c index 2fd322a4..1a1baeaa 100644 --- a/src/backend/SecurityContext.c +++ b/src/backend/SecurityContext.c @@ -354,8 +354,6 @@ static int BSL_ExecBCBSource(BSL_SecCtx_Execute_f sec_context_fn, BSL_LibCtx_t * { (void)lib; - BSL_LOG_INFO("SC BACKEND SOURCE (SEC_OPER %lu) (OUTCOME %lu)", sec_oper, outcome); - CHK_ARG_NONNULL(sec_context_fn); CHK_ARG_NONNULL(bundle); CHK_ARG_NONNULL(sec_oper); @@ -493,8 +491,6 @@ int BSL_SecCtx_ExecutePolicyActionSet(BSL_LibCtx_t *lib, BSL_SecurityResponseSet BSL_SecOutcome_Init(outcome, sec_oper, 100000); - BSL_LOG_INFO("SC ABOUT TO ENTER CTX (SEC_OPER %lu) (ACTION %lu)", sec_oper, act); - int errcode = -1; if (BSL_SecOper_IsBIB(sec_oper)) { diff --git a/src/security_context/BCB_AES_GCM.c b/src/security_context/BCB_AES_GCM.c index 7252e79d..79470f70 100644 --- a/src/security_context/BCB_AES_GCM.c +++ b/src/security_context/BCB_AES_GCM.c @@ -563,8 +563,6 @@ int BSLX_BCB_Execute(BSL_LibCtx_t *lib, const BSL_BundleRef_t *bundle, const BSL { (void)lib; - BSL_LOG_INFO("SC BCB SOURCE (SEC_OPER %lu) (OUTCOME %lu)", sec_oper, sec_outcome); - CHK_ARG_NONNULL(bundle); CHK_ARG_NONNULL(sec_oper); CHK_ARG_NONNULL(sec_outcome); From 4ae1f9fd8d7b93166e15120b9419ae1fe72d639d Mon Sep 17 00:00:00 2001 From: Joshua Stone Date: Mon, 11 Aug 2025 17:35:18 -0400 Subject: [PATCH 06/21] reactivate tests --- test/test_BackendSecurityContext.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/test/test_BackendSecurityContext.c b/test/test_BackendSecurityContext.c index 8492f339..8e2ab105 100644 --- a/test/test_BackendSecurityContext.c +++ b/test/test_BackendSecurityContext.c @@ -86,7 +86,7 @@ void tearDown(void) * - Common repeated patterns are in the process of being factored out * - All values are drawn from RFC9173 Appendix A. */ -void ntest_SecurityContext_BIB_Source(void) +void test_SecurityContext_BIB_Source(void) { TEST_ASSERT_EQUAL( 0, BSL_TestUtils_LoadBundleFromCBOR(&LocalTestCtx, RFC9173_TestVectors_AppendixA1.cbor_bundle_original)); @@ -130,7 +130,7 @@ void ntest_SecurityContext_BIB_Source(void) * - Common repeated patterns are in the process of being factored out * - All values are drawn from RFC9173 Appendix A. */ -void ntest_SecurityContext_BIB_Verifier(void) +void test_SecurityContext_BIB_Verifier(void) { TEST_ASSERT_EQUAL(0, BSL_TestUtils_LoadBundleFromCBOR(&LocalTestCtx, RFC9173_TestVectors_AppendixA1.cbor_bundle_bib)); @@ -169,7 +169,7 @@ void ntest_SecurityContext_BIB_Verifier(void) * Notes: * - Check more than return code, look deeper into outcome. */ -void ntest_SecurityContext_BIB_Verifier_Failure(void) +void test_SecurityContext_BIB_Verifier_Failure(void) { // TODO(bvb) Note that this is basically identical to above except different key, they should be consolidated TEST_ASSERT_EQUAL(0, @@ -208,7 +208,7 @@ void ntest_SecurityContext_BIB_Verifier_Failure(void) * - Check that the BIB result was removed from the bundle (by making sure the encoding matches bundle in A1.1) * */ -void ntest_SecurityContext_BIB_Acceptor(void) +void test_SecurityContext_BIB_Acceptor(void) { TEST_ASSERT_EQUAL(0, BSL_TestUtils_LoadBundleFromCBOR(&LocalTestCtx, RFC9173_TestVectors_AppendixA1.cbor_bundle_bib)); @@ -250,7 +250,7 @@ void ntest_SecurityContext_BIB_Acceptor(void) } // See RFC: https://www.rfc-editor.org/rfc/rfc9173.html#name-example-3-security-blocks-f -void ntest_RFC9173_AppendixA_Example3_Acceptor(void) +void test_RFC9173_AppendixA_Example3_Acceptor(void) { BSL_Crypto_SetRngGenerator(rfc9173_byte_gen_fn_a4); const char *final_bundle = ("9f88070000820282010282028202018202820201820018281a000f4240850b0300" @@ -310,7 +310,7 @@ void ntest_RFC9173_AppendixA_Example3_Acceptor(void) free(malloced_responseset); } -void ntest_RFC9173_AppendixA_Example3_Source(void) +void test_RFC9173_AppendixA_Example3_Source(void) { // See: https://www.rfc-editor.org/rfc/rfc9173.html#appendix-A.3.1 const char *plain_bundle = ("9f88070000820282010282028202018202820201820018281a000f424085070200" @@ -487,9 +487,7 @@ void test_RFC9173_AppendixA_Example4_Acceptor(void) free(malloced_responseset); } -// This is currently failing the BCB targets the BIB, but the BIB BTSD hasn't been filled yet. -// so, there is nothing to encrypt -void ntest_RFC9173_AppendixA_Example4_Source(void) +void test_RFC9173_AppendixA_Example4_Source(void) { BSL_Crypto_SetRngGenerator(rfc9173_byte_gen_fn_a4); const char *original_bundle = ("9f88070000820282010282028202018202820201820018281a000f424085010100" From 5f48c0d4faae52a6889a82970bd6d6f1c0cd95f7 Mon Sep 17 00:00:00 2001 From: Joshua Stone Date: Mon, 11 Aug 2025 21:14:09 -0400 Subject: [PATCH 07/21] m i list failing --- src/backend/SecOperation.h | 4 ++- src/backend/SecurityAction.c | 55 +++++++++++++++++------------------- src/backend/SecurityAction.h | 7 +++-- 3 files changed, 33 insertions(+), 33 deletions(-) diff --git a/src/backend/SecOperation.h b/src/backend/SecOperation.h index 9d4329ca..60050e85 100644 --- a/src/backend/SecOperation.h +++ b/src/backend/SecOperation.h @@ -29,7 +29,7 @@ #include -#include +#include #include @@ -56,6 +56,8 @@ struct BSL_SecOper_s BSL_SecRole_e _role; BSL_SecBlockType_e _service_type; BSLB_SecParamList_t _param_list; + + ILIST_INTERFACE (BSL_SecOperList, struct BSL_SecOper_s); }; #endif /* BSLB_SECOPERATIONS_H_ */ diff --git a/src/backend/SecurityAction.c b/src/backend/SecurityAction.c index 1a62f0ae..04351d01 100644 --- a/src/backend/SecurityAction.c +++ b/src/backend/SecurityAction.c @@ -44,8 +44,7 @@ int BSL_SecurityAction_AppendSecOper(BSL_SecurityAction_t *self, BSL_SecOper_t * ASSERT_ARG_NONNULL(self); BSL_SecOperList_it_t it; - BSL_SecOperList_it_t it2; - bool first_it = true; + for (BSL_SecOperList_it(it, self->sec_op_list); !BSL_SecOperList_end_p(it); BSL_SecOperList_next(it)) { // New sec block shares target with another sec block @@ -57,18 +56,15 @@ int BSL_SecurityAction_AppendSecOper(BSL_SecurityAction_t *self, BSL_SecOper_t * // It seems the m*lib docs is incorrect here - // it states that an uninitialized it2 = insert at front, but it was causing errors // So, let's use a simple bool and check - if (first_it) - { - BSL_SecOperList_push_back(self->sec_op_list, *sec_oper); - } - else - { - BSL_SecOperList_insert(self->sec_op_list, it2, *sec_oper); - } + + // TODO BEFORE + BSL_SecOperList_previous(it); + BSL_SecOperList_push_after(BSL_SecOperList_ref(it), sec_oper); + BSL_SecOperList_next(it); } else { - BSL_SecOperList_insert(self->sec_op_list, it, *sec_oper); + BSL_SecOperList_push_after(BSL_SecOperList_ref(it), sec_oper); } if (!(BSL_SecOper_IsBIB(BSL_SecOperList_cref(it)) ^ BSL_SecOper_IsBIB(sec_oper))) @@ -83,32 +79,24 @@ int BSL_SecurityAction_AppendSecOper(BSL_SecurityAction_t *self, BSL_SecOper_t * // New sec block is the target of another sec block if (BSL_SecOper_GetTargetBlockNum(BSL_SecOperList_cref(it)) == BSL_SecOper_GetSecurityBlockNum(sec_oper)) { - if (first_it) - { - BSL_SecOperList_push_back(self->sec_op_list, *sec_oper); - } - else - { - BSL_SecOperList_insert(self->sec_op_list, it2, *sec_oper); - } + BSL_SecOperList_previous(it); + BSL_SecOperList_push_after(BSL_SecOperList_ref(it), sec_oper); + BSL_SecOperList_next(it); self->sec_op_list_length ++; return BSL_SUCCESS; } - if (first_it) + // New sec block targets a block already in list + if (BSL_SecOper_GetTargetBlockNum(sec_oper) == BSL_SecOper_GetSecurityBlockNum(BSL_SecOperList_cref(it))) { - BSL_SecOperList_it(it2, self->sec_op_list); - first_it = false; - } - else - { - BSL_SecOperList_next(it2); + BSL_SecOperList_push_after(BSL_SecOperList_ref(it), sec_oper); + self->sec_op_list_length ++; + return BSL_SUCCESS; } } // Target not shared, order doesn't matter - - BSL_SecOperList_push_back(self->sec_op_list, *sec_oper); + BSL_SecOperList_push_back(self->sec_op_list, sec_oper); self->sec_op_list_length ++; return BSL_SUCCESS; @@ -123,5 +111,14 @@ size_t BSL_SecurityAction_CountSecOpers(const BSL_SecurityAction_t *self) BSL_SecOper_t *BSL_SecurityAction_GetSecOperAtIndex(const BSL_SecurityAction_t *self, size_t index) { ASSERT_ARG_NONNULL(self); - return BSL_SecOperList_get(self->sec_op_list, index); + ASSERT_ARG_NONNULL(self->sec_op_list); + size_t n = 0; + for M_EACH(item, self->sec_op_list, ILIST_OPLIST(BSL_SecOperList)) { + if (n == index) + { + return item; + } + n++; + } + return NULL; } \ No newline at end of file diff --git a/src/backend/SecurityAction.h b/src/backend/SecurityAction.h index a7bbfe70..81ecebb8 100644 --- a/src/backend/SecurityAction.h +++ b/src/backend/SecurityAction.h @@ -1,9 +1,10 @@ -#include "m-list.h" +#include "m-i-list.h" #include #include "SecOperation.h" // NOLINTBEGIN -LIST_DEF(BSL_SecOperList, BSL_SecOper_t, M_OPEXTEND(M_POD_OPLIST, CLEAR(API_2(BSL_SecOper_Deinit)))) +// LIST_DEF(BSL_SecOperList, BSL_SecOper_t, M_OPEXTEND(M_POD_OPLIST, CLEAR(API_2(BSL_SecOper_Deinit)))) +ILIST_DEF(BSL_SecOperList, BSL_SecOper_t, M_OPEXTEND(M_POD_OPLIST, CLEAR(API_2(BSL_SecOper_Deinit)))) // NOLINTEND struct BSL_SecurityAction_s @@ -11,4 +12,4 @@ struct BSL_SecurityAction_s BSL_SecOperList_t sec_op_list; size_t sec_op_list_length; size_t err_ct; -}; \ No newline at end of file +}; From e39774ec15eef3c0e75e4acdf08637538528c05d Mon Sep 17 00:00:00 2001 From: Joshua Stone Date: Mon, 11 Aug 2025 21:25:51 -0400 Subject: [PATCH 08/21] init field --- src/backend/SecOperation.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/backend/SecOperation.c b/src/backend/SecOperation.c index 0851d87c..788a07b5 100644 --- a/src/backend/SecOperation.c +++ b/src/backend/SecOperation.c @@ -47,6 +47,8 @@ void BSL_SecOper_Init(BSL_SecOper_t *self, uint64_t context_id, uint64_t target_ self->_role = sec_role; self->conclusion = BSL_SECOP_CONCLUSION_PENDING; + M_ILIST_INIT_FIELD(BSL_SecOperList, *self); + ASSERT_POSTCONDITION(BSL_SecOper_IsConsistent(self)); } From 05925de0e93f1ab059e8092c46e93344f8d50aab Mon Sep 17 00:00:00 2001 From: Joshua Stone Date: Tue, 12 Aug 2025 11:32:28 -0400 Subject: [PATCH 09/21] working now --- src/BPSecLib_Private.h | 18 ++++-- src/backend/PublicInterfaceImpl.c | 10 ++-- src/backend/SecOperation.c | 2 - src/backend/SecOperation.h | 6 -- src/backend/SecurityAction.c | 93 +++++++++++++----------------- src/backend/SecurityAction.h | 6 +- src/backend/SecurityActionSet.c | 2 +- src/backend/SecurityContext.c | 5 +- test/bsl_test_utils.c | 1 + test/test_BackendPolicyProvider.c | 2 +- test/test_BackendSecurityContext.c | 4 ++ test/test_PublicInterfaceImpl.c | 4 +- 12 files changed, 72 insertions(+), 81 deletions(-) diff --git a/src/BPSecLib_Private.h b/src/BPSecLib_Private.h index 4f35c686..ec46e250 100644 --- a/src/BPSecLib_Private.h +++ b/src/BPSecLib_Private.h @@ -1046,6 +1046,11 @@ void BSL_SecOutcome_AppendParam(BSL_SecOutcome_t *self, const BSL_SecParam_t *pa */ size_t BSL_SecOutcome_CountParams(const BSL_SecOutcome_t *self); +/** Get the security parameter from the security outcome at the provided index + * @param[in] self security outcome + * @param[in] index index to retrieve security parameter from + * @return Security parameter + */ const BSL_SecParam_t *BSL_SecOutcome_GetParamAt(const BSL_SecOutcome_t *self, size_t index); /// @brief Returns true if this (the parameters and results) is contained within the given ASK @@ -1079,19 +1084,24 @@ void BSL_SecurityAction_Deinit(BSL_SecurityAction_t *self); /** * Add security operation to security action, with deterministic ordering - * @param self action to add security operation to - * @param sec_oper new security operation to add + * @param[in,out] self action to add security operation to + * @param[in] sec_oper new security operation to add * @return 0 if successful */ int BSL_SecurityAction_AppendSecOper(BSL_SecurityAction_t *self, BSL_SecOper_t *sec_oper); +/** Order the Security operations such that execution will be successful + * @param[in, out] self action to sort + */ +int BSL_SecurityAction_OrderSecOps(BSL_SecurityAction_t *self); + /** - * @return number of security operation in the @param self action + * @return number of security operation in the @param[in] self action */ size_t BSL_SecurityAction_CountSecOpers(const BSL_SecurityAction_t *self); /** - * @return the security operation at @param index index in @param self security action + * @return the security operation at @param[in] index index in @param[in] self security action */ BSL_SecOper_t *BSL_SecurityAction_GetSecOperAtIndex(const BSL_SecurityAction_t *self, size_t index); diff --git a/src/backend/PublicInterfaceImpl.c b/src/backend/PublicInterfaceImpl.c index dfbefb45..dd207e0a 100644 --- a/src/backend/PublicInterfaceImpl.c +++ b/src/backend/PublicInterfaceImpl.c @@ -133,10 +133,9 @@ int BSL_API_QuerySecurity(const BSL_LibCtx_t *bsl, BSL_SecurityActionSet_t *outp for (BSL_SecActionList_it(act_it, output_action_set->actions); !BSL_SecActionList_end_p(act_it); BSL_SecActionList_next(act_it)) { BSL_SecurityAction_t *act = BSL_SecActionList_ref(act_it); - BSL_SecOperList_it_t secop_it; - for (BSL_SecOperList_it(secop_it, act->sec_op_list); !BSL_SecOperList_end_p(secop_it); BSL_SecOperList_next(secop_it)) + for (size_t j = 0; j < BSL_SecurityAction_CountSecOpers(act); j ++) { - BSL_SecOper_t *sec_oper = BSL_SecOperList_ref(secop_it); + BSL_SecOper_t *sec_oper = BSL_SecurityAction_GetSecOperAtIndex(act, j); if (block.type_code != sec_oper->_service_type) { continue; @@ -203,10 +202,9 @@ int BSL_API_ApplySecurity(const BSL_LibCtx_t *bsl, BSL_SecurityResponseSet_t *re for (BSL_SecActionList_it(act_it, policy_actions->actions); !BSL_SecActionList_end_p(act_it); BSL_SecActionList_next(act_it)) { BSL_SecurityAction_t *act = BSL_SecActionList_ref(act_it); - BSL_SecOperList_it_t secop_it; - for (BSL_SecOperList_it(secop_it, act->sec_op_list); !BSL_SecOperList_end_p(secop_it); BSL_SecOperList_next(secop_it)) + for (size_t i = 0; i < BSL_SecurityAction_CountSecOpers(act); i ++) { - BSL_SecOper_t *sec_oper = BSL_SecOperList_ref(secop_it); + BSL_SecOper_t *sec_oper = BSL_SecurityAction_GetSecOperAtIndex(act, i); BSL_SecOper_ConclusionState_e conclusion = BSL_SecOper_GetConclusion(sec_oper); diff --git a/src/backend/SecOperation.c b/src/backend/SecOperation.c index 788a07b5..0851d87c 100644 --- a/src/backend/SecOperation.c +++ b/src/backend/SecOperation.c @@ -47,8 +47,6 @@ void BSL_SecOper_Init(BSL_SecOper_t *self, uint64_t context_id, uint64_t target_ self->_role = sec_role; self->conclusion = BSL_SECOP_CONCLUSION_PENDING; - M_ILIST_INIT_FIELD(BSL_SecOperList, *self); - ASSERT_POSTCONDITION(BSL_SecOper_IsConsistent(self)); } diff --git a/src/backend/SecOperation.h b/src/backend/SecOperation.h index 60050e85..99403d6e 100644 --- a/src/backend/SecOperation.h +++ b/src/backend/SecOperation.h @@ -28,11 +28,7 @@ #define BSLB_SECOPERATIONS_H_ #include - -#include - #include - #include "SecParam.h" struct BSL_SecOper_s @@ -56,8 +52,6 @@ struct BSL_SecOper_s BSL_SecRole_e _role; BSL_SecBlockType_e _service_type; BSLB_SecParamList_t _param_list; - - ILIST_INTERFACE (BSL_SecOperList, struct BSL_SecOper_s); }; #endif /* BSLB_SECOPERATIONS_H_ */ diff --git a/src/backend/SecurityAction.c b/src/backend/SecurityAction.c index 04351d01..2d5be296 100644 --- a/src/backend/SecurityAction.c +++ b/src/backend/SecurityAction.c @@ -16,7 +16,6 @@ void BSL_SecurityAction_Init(BSL_SecurityAction_t *self) ASSERT_ARG_NONNULL(self); BSL_SecOperList_init(self->sec_op_list); - self->sec_op_list_length = 0; self->err_ct = 0; } @@ -42,83 +41,73 @@ size_t BSL_SecurityAction_CountErrors(const BSL_SecurityAction_t *self) int BSL_SecurityAction_AppendSecOper(BSL_SecurityAction_t *self, BSL_SecOper_t *sec_oper) { ASSERT_ARG_NONNULL(self); - - BSL_SecOperList_it_t it; - - for (BSL_SecOperList_it(it, self->sec_op_list); !BSL_SecOperList_end_p(it); BSL_SecOperList_next(it)) + ASSERT_ARG_NONNULL(self->sec_op_list); + size_t i; + for (i = 0 ; i < BSL_SecOperList_size(self->sec_op_list); i ++) { - // New sec block shares target with another sec block - if (BSL_SecOper_GetTargetBlockNum(BSL_SecOperList_cref(it)) == BSL_SecOper_GetTargetBlockNum(sec_oper)) + BSL_SecOper_t *comp = BSL_SecOperList_get(self->sec_op_list, i); + if (BSL_SecOper_GetTargetBlockNum(comp) == BSL_SecOper_GetTargetBlockNum(sec_oper)) { - bool before = !(BSL_SecOper_IsBIB(sec_oper) ^ BSL_SecOper_IsRoleSource(sec_oper)); - if (before) - { - // It seems the m*lib docs is incorrect here - - // it states that an uninitialized it2 = insert at front, but it was causing errors - // So, let's use a simple bool and check - - // TODO BEFORE - BSL_SecOperList_previous(it); - BSL_SecOperList_push_after(BSL_SecOperList_ref(it), sec_oper); - BSL_SecOperList_next(it); + // SOURCE BIB or ACCEPT BCB should come first + // true if ACC BIB or SRC BCB + if (BSL_SecOper_IsBIB(sec_oper) ^ BSL_SecOper_IsRoleSource(sec_oper)) + { + BSL_SecOperList_push_at(self->sec_op_list, i+1, *sec_oper); } else { - BSL_SecOperList_push_after(BSL_SecOperList_ref(it), sec_oper); + BSL_SecOperList_push_at(self->sec_op_list, i, *sec_oper); } + break; + } - if (!(BSL_SecOper_IsBIB(BSL_SecOperList_cref(it)) ^ BSL_SecOper_IsBIB(sec_oper))) - { - BSL_SecOper_SetConclusion(sec_oper, BSL_SECOP_CONCLUSION_INVALID); - } - - self->sec_op_list_length ++; - return BSL_SUCCESS; + // security operation in list targets security operation + if (BSL_SecOper_GetTargetBlockNum(comp) == BSL_SecOper_GetSecurityBlockNum(sec_oper)) + { + BSL_SecOperList_push_at(self->sec_op_list, i, *sec_oper); + break; } - // New sec block is the target of another sec block - if (BSL_SecOper_GetTargetBlockNum(BSL_SecOperList_cref(it)) == BSL_SecOper_GetSecurityBlockNum(sec_oper)) + // new security operation targets security operation in list + if (BSL_SecOper_GetTargetBlockNum(sec_oper) == BSL_SecOper_GetSecurityBlockNum(comp)) { - BSL_SecOperList_previous(it); - BSL_SecOperList_push_after(BSL_SecOperList_ref(it), sec_oper); - BSL_SecOperList_next(it); - self->sec_op_list_length ++; - return BSL_SUCCESS; + BSL_SecOperList_push_at(self->sec_op_list, i+1, *sec_oper); + break; } - // New sec block targets a block already in list - if (BSL_SecOper_GetTargetBlockNum(sec_oper) == BSL_SecOper_GetSecurityBlockNum(BSL_SecOperList_cref(it))) + // same security block number, order by target + if (BSL_SecOper_GetSecurityBlockNum(sec_oper) == BSL_SecOper_GetSecurityBlockNum(comp)) { - BSL_SecOperList_push_after(BSL_SecOperList_ref(it), sec_oper); - self->sec_op_list_length ++; - return BSL_SUCCESS; + if (BSL_SecOper_GetTargetBlockNum(comp) - BSL_SecOper_GetTargetBlockNum(sec_oper)) + { + BSL_SecOperList_push_at(self->sec_op_list, i, *sec_oper); + } + else + { + BSL_SecOperList_push_at(self->sec_op_list, i+1, *sec_oper); + } + break; } } - // Target not shared, order doesn't matter - BSL_SecOperList_push_back(self->sec_op_list, sec_oper); - self->sec_op_list_length ++; - + if (i >= BSL_SecOperList_size(self->sec_op_list)) + { + BSL_SecOperList_push_back(self->sec_op_list, *sec_oper); + } + return BSL_SUCCESS; } size_t BSL_SecurityAction_CountSecOpers(const BSL_SecurityAction_t *self) { ASSERT_ARG_NONNULL(self); - return self->sec_op_list_length; + ASSERT_ARG_NONNULL(self->sec_op_list); + return BSL_SecOperList_size(self->sec_op_list); } BSL_SecOper_t *BSL_SecurityAction_GetSecOperAtIndex(const BSL_SecurityAction_t *self, size_t index) { ASSERT_ARG_NONNULL(self); ASSERT_ARG_NONNULL(self->sec_op_list); - size_t n = 0; - for M_EACH(item, self->sec_op_list, ILIST_OPLIST(BSL_SecOperList)) { - if (n == index) - { - return item; - } - n++; - } - return NULL; + return BSL_SecOperList_get(self->sec_op_list, index); } \ No newline at end of file diff --git a/src/backend/SecurityAction.h b/src/backend/SecurityAction.h index 81ecebb8..cdf42a87 100644 --- a/src/backend/SecurityAction.h +++ b/src/backend/SecurityAction.h @@ -1,15 +1,13 @@ -#include "m-i-list.h" +#include #include #include "SecOperation.h" // NOLINTBEGIN -// LIST_DEF(BSL_SecOperList, BSL_SecOper_t, M_OPEXTEND(M_POD_OPLIST, CLEAR(API_2(BSL_SecOper_Deinit)))) -ILIST_DEF(BSL_SecOperList, BSL_SecOper_t, M_OPEXTEND(M_POD_OPLIST, CLEAR(API_2(BSL_SecOper_Deinit)))) +ARRAY_DEF(BSL_SecOperList, BSL_SecOper_t, M_OPEXTEND(M_POD_OPLIST, CLEAR(API_2(BSL_SecOper_Deinit)))) // NOLINTEND struct BSL_SecurityAction_s { BSL_SecOperList_t sec_op_list; - size_t sec_op_list_length; size_t err_ct; }; diff --git a/src/backend/SecurityActionSet.c b/src/backend/SecurityActionSet.c index e62db19e..8c14276e 100644 --- a/src/backend/SecurityActionSet.c +++ b/src/backend/SecurityActionSet.c @@ -59,7 +59,7 @@ int BSL_SecurityActionSet_AppendAction(BSL_SecurityActionSet_t *self, const BSL_ BSL_SecActionList_push_back(self->actions, *action); self->err_count += action->err_ct; self->action_count++; - self->operation_count += action->sec_op_list_length; + self->operation_count += BSL_SecurityAction_CountSecOpers(action); return BSL_SUCCESS; } diff --git a/src/backend/SecurityContext.c b/src/backend/SecurityContext.c index 1a1baeaa..6de2ee52 100644 --- a/src/backend/SecurityContext.c +++ b/src/backend/SecurityContext.c @@ -480,12 +480,11 @@ int BSL_SecCtx_ExecutePolicyActionSet(BSL_LibCtx_t *lib, BSL_SecurityResponseSet for (BSL_SecActionList_it(act_it, action_set->actions); !BSL_SecActionList_end_p(act_it); BSL_SecActionList_next(act_it)) { BSL_SecurityAction_t *act = BSL_SecActionList_ref(act_it); - BSL_SecOperList_it_t secop_it; - for (BSL_SecOperList_it(secop_it, act->sec_op_list); !BSL_SecOperList_end_p(secop_it); BSL_SecOperList_next(secop_it)) + for (size_t i = 0; i < BSL_SecurityAction_CountSecOpers(act); i ++) { memset(outcome, 0, BSL_SecOutcome_Sizeof()); - BSL_SecOper_t *sec_oper = BSL_SecOperList_ref(secop_it); + BSL_SecOper_t *sec_oper = BSL_SecurityAction_GetSecOperAtIndex(act, i); const BSL_SecCtxDesc_t *sec_ctx = BSL_SecCtxDict_cget(lib->sc_reg, sec_oper->context_id); ASSERT_PROPERTY(sec_ctx != NULL); diff --git a/test/bsl_test_utils.c b/test/bsl_test_utils.c index 069f9184..4f105da6 100644 --- a/test/bsl_test_utils.c +++ b/test/bsl_test_utils.c @@ -88,6 +88,7 @@ BSL_SecurityActionSet_t *BSL_TestUtils_InitMallocBIBActionSet(BIBTestContext *bi BSL_SecurityAction_t *act = calloc(sizeof(BSL_SecurityAction_t), 1); BSL_SecurityAction_Init(act); BSL_SecurityAction_AppendSecOper(act, &bib_context->sec_oper); + //BSL_SecurityAction_OrderSecOps(act); BSL_SecurityActionSet_AppendAction(action_set, act); free(act); return action_set; diff --git a/test/test_BackendPolicyProvider.c b/test/test_BackendPolicyProvider.c index 18f52daa..a3720de2 100644 --- a/test/test_BackendPolicyProvider.c +++ b/test/test_BackendPolicyProvider.c @@ -120,7 +120,7 @@ void test_PolicyProvider_InspectSingleBIBRuleset(void) &LocalTestCtx.mock_bpa_ctr.bundle_ref, BSL_POLICYLOCATION_APPIN)); TEST_ASSERT_EQUAL(1, BSL_SecurityActionSet_CountActions(&action_set)); - TEST_ASSERT_EQUAL(1, BSL_SecurityActionSet_GetActionAtIndex(&action_set, 0)->sec_op_list_length); + TEST_ASSERT_EQUAL(1, BSL_SecurityAction_CountSecOpers(BSL_SecurityActionSet_GetActionAtIndex(&action_set, 0))); BSL_SecurityActionSet_Deinit(&action_set); } diff --git a/test/test_BackendSecurityContext.c b/test/test_BackendSecurityContext.c index 8e2ab105..e02ecabc 100644 --- a/test/test_BackendSecurityContext.c +++ b/test/test_BackendSecurityContext.c @@ -294,6 +294,7 @@ void test_RFC9173_AppendixA_Example3_Acceptor(void) BSL_SecurityAction_AppendSecOper(malloced_action, &bib_oper_ext_block); BSL_SecurityAction_AppendSecOper(malloced_action, &bcb_oper); + //BSL_SecurityAction_OrderSecOps(malloced_action); BSL_SecurityActionSet_AppendAction(malloced_actionset, malloced_action); BSL_SecurityResponseSet_t *malloced_responseset = BSL_TestUtils_MallocEmptyPolicyResponse(); @@ -370,6 +371,7 @@ void test_RFC9173_AppendixA_Example3_Source(void) BSL_SecurityAction_AppendSecOper(malloced_action, &bib_oper_ext_block); BSL_SecurityAction_AppendSecOper(malloced_action, &bcb_oper); + //BSL_SecurityAction_OrderSecOps(malloced_action); BSL_SecurityActionSet_AppendAction(malloced_actionset, malloced_action); BSL_SecurityResponseSet_t *malloced_responseset = BSL_TestUtils_MallocEmptyPolicyResponse(); @@ -463,6 +465,7 @@ void test_RFC9173_AppendixA_Example4_Acceptor(void) BSL_SecurityAction_AppendSecOper(malloced_action, &bcb_op_tgt_payload); BSL_SecurityAction_AppendSecOper(malloced_action, &bcb_op_tgt_bib); + //BSL_SecurityAction_OrderSecOps(malloced_action); BSL_SecurityActionSet_AppendAction(malloced_actionset, malloced_action); BSL_SecurityResponseSet_t *malloced_responseset = BSL_TestUtils_MallocEmptyPolicyResponse(); @@ -542,6 +545,7 @@ void test_RFC9173_AppendixA_Example4_Source(void) BSL_SecurityAction_AppendSecOper(malloced_action, &bcb_op_tgt_bib); BSL_SecurityAction_AppendSecOper(malloced_action, &bib_oper_payload); + //BSL_SecurityAction_OrderSecOps(malloced_action); BSL_SecurityActionSet_AppendAction(malloced_actionset, malloced_action); BSL_SecurityResponseSet_t *malloced_responseset = BSL_TestUtils_MallocEmptyPolicyResponse(); diff --git a/test/test_PublicInterfaceImpl.c b/test/test_PublicInterfaceImpl.c index 5d18615f..6efe0f4e 100644 --- a/test/test_PublicInterfaceImpl.c +++ b/test/test_PublicInterfaceImpl.c @@ -150,7 +150,7 @@ void test_SourceSimpleBIB(void) TEST_ASSERT_EQUAL(0, query_result); // We know that it contains one operation (Add a BIB block to payload) TEST_ASSERT_EQUAL(1, action_set.action_count); - TEST_ASSERT_EQUAL(1, BSL_SecurityActionSet_GetActionAtIndex(&action_set, 0)->sec_op_list_length); + TEST_ASSERT_EQUAL(1, BSL_SecurityAction_CountSecOpers(BSL_SecurityActionSet_GetActionAtIndex(&action_set, 0))); } { @@ -204,7 +204,7 @@ void test_API_RemoveFailedBlock(void) TEST_ASSERT_EQUAL(0, query_result); TEST_ASSERT_EQUAL(1, action_set.action_count); - TEST_ASSERT_EQUAL(1, BSL_SecurityActionSet_GetActionAtIndex(&action_set, 0)->sec_op_list_length); + TEST_ASSERT_EQUAL(1, BSL_SecurityAction_CountSecOpers(BSL_SecurityActionSet_GetActionAtIndex(&action_set, 0))); // We know that we should expect one failure in the result. From aa5f287bc30f2fc0fa3f98c3df926078bebe5a86 Mon Sep 17 00:00:00 2001 From: Joshua Stone Date: Tue, 12 Aug 2025 11:42:59 -0400 Subject: [PATCH 10/21] fix spelling --- docs/api/dictionary.txt | 2 ++ src/BPSecLib_Public.h | 3 ++- src/backend/SecurityResultSet.h | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/docs/api/dictionary.txt b/docs/api/dictionary.txt index c391bd08..40fbaa16 100644 --- a/docs/api/dictionary.txt +++ b/docs/api/dictionary.txt @@ -160,6 +160,8 @@ RTEMS ruleset sc SCs +SecurityAction +SecurityActionSet SHA sipos speciality diff --git a/src/BPSecLib_Public.h b/src/BPSecLib_Public.h index 6757b3a1..1bc2daa6 100644 --- a/src/BPSecLib_Public.h +++ b/src/BPSecLib_Public.h @@ -49,9 +49,10 @@ typedef struct BSL_LibCtx_s BSL_LibCtx_t; /// process the Bundle. typedef struct BSL_SecurityResponseSet_s BSL_SecurityResponseSet_t; -/// @brief Forward declaration of ::BSL_SecurityActionSet_s, which contains information for BSL to process the Bundle. +/// @brief Forward declaration of ::BSL_SecurityActionSet_s, which contains actions for BSL to process the Bundle. typedef struct BSL_SecurityActionSet_s BSL_SecurityActionSet_t; +/// @brief Forward declaration of ::BSL_SecurityAction_s, which contains security operations for BSL to process the Bundle. typedef struct BSL_SecurityAction_s BSL_SecurityAction_t; /// @brief Forward-declaration for structure containing callbacks to a security context. diff --git a/src/backend/SecurityResultSet.h b/src/backend/SecurityResultSet.h index ea48967a..09ca3d70 100644 --- a/src/backend/SecurityResultSet.h +++ b/src/backend/SecurityResultSet.h @@ -35,7 +35,7 @@ /// @note This struct is still in-concept struct BSL_SecurityResponseSet_s { - /// @brief This maps to the BSL_SecurityActionSet_s::sec_operations, + /// @brief This maps to the Security Action sec_op_list, /// and contains the result code of that security operation. int results[BSL_SECURITYRESPONSESET_ARRAYLEN]; char err_msg[BSL_SECURITYRESPONSESET_STRLEN]; From acd7f7e84e3e45dad02241aad422cccc0d8983d0 Mon Sep 17 00:00:00 2001 From: Joshua Stone Date: Tue, 12 Aug 2025 11:43:47 -0400 Subject: [PATCH 11/21] apply format, license --- src/BPSecLib_Public.h | 3 ++- src/backend/PublicInterfaceImpl.c | 13 +++++++----- src/backend/SecurityAction.c | 33 ++++++++++++++++++++++++------ src/backend/SecurityAction.h | 23 ++++++++++++++++++++- src/backend/SecurityActionSet.c | 8 ++++---- src/backend/SecurityActionSet.h | 6 +++--- src/backend/SecurityContext.c | 13 ++++++------ test/bsl_test_utils.c | 4 ++-- test/test_BackendSecurityContext.c | 8 ++++---- test/test_PublicInterfaceImpl.c | 1 - 10 files changed, 79 insertions(+), 33 deletions(-) diff --git a/src/BPSecLib_Public.h b/src/BPSecLib_Public.h index 1bc2daa6..efa846fa 100644 --- a/src/BPSecLib_Public.h +++ b/src/BPSecLib_Public.h @@ -52,7 +52,8 @@ typedef struct BSL_SecurityResponseSet_s BSL_SecurityResponseSet_t; /// @brief Forward declaration of ::BSL_SecurityActionSet_s, which contains actions for BSL to process the Bundle. typedef struct BSL_SecurityActionSet_s BSL_SecurityActionSet_t; -/// @brief Forward declaration of ::BSL_SecurityAction_s, which contains security operations for BSL to process the Bundle. +/// @brief Forward declaration of ::BSL_SecurityAction_s, which contains security operations for BSL to process the +/// Bundle. typedef struct BSL_SecurityAction_s BSL_SecurityAction_t; /// @brief Forward-declaration for structure containing callbacks to a security context. diff --git a/src/backend/PublicInterfaceImpl.c b/src/backend/PublicInterfaceImpl.c index dd207e0a..7f82d7f7 100644 --- a/src/backend/PublicInterfaceImpl.c +++ b/src/backend/PublicInterfaceImpl.c @@ -130,10 +130,11 @@ int BSL_API_QuerySecurity(const BSL_LibCtx_t *bsl, BSL_SecurityActionSet_t *outp continue; } BSL_SecActionList_it_t act_it; - for (BSL_SecActionList_it(act_it, output_action_set->actions); !BSL_SecActionList_end_p(act_it); BSL_SecActionList_next(act_it)) + for (BSL_SecActionList_it(act_it, output_action_set->actions); !BSL_SecActionList_end_p(act_it); + BSL_SecActionList_next(act_it)) { BSL_SecurityAction_t *act = BSL_SecActionList_ref(act_it); - for (size_t j = 0; j < BSL_SecurityAction_CountSecOpers(act); j ++) + for (size_t j = 0; j < BSL_SecurityAction_CountSecOpers(act); j++) { BSL_SecOper_t *sec_oper = BSL_SecurityAction_GetSecOperAtIndex(act, j); if (block.type_code != sec_oper->_service_type) @@ -199,10 +200,11 @@ int BSL_API_ApplySecurity(const BSL_LibCtx_t *bsl, BSL_SecurityResponseSet_t *re bool must_drop = false; BSL_SecActionList_it_t act_it; - for (BSL_SecActionList_it(act_it, policy_actions->actions); !BSL_SecActionList_end_p(act_it); BSL_SecActionList_next(act_it)) + for (BSL_SecActionList_it(act_it, policy_actions->actions); !BSL_SecActionList_end_p(act_it); + BSL_SecActionList_next(act_it)) { BSL_SecurityAction_t *act = BSL_SecActionList_ref(act_it); - for (size_t i = 0; i < BSL_SecurityAction_CountSecOpers(act); i ++) + for (size_t i = 0; i < BSL_SecurityAction_CountSecOpers(act); i++) { BSL_SecOper_t *sec_oper = BSL_SecurityAction_GetSecOperAtIndex(act, i); @@ -235,7 +237,8 @@ int BSL_API_ApplySecurity(const BSL_LibCtx_t *bsl, BSL_SecurityResponseSet_t *re } case BSL_POLICYACTION_DROP_BUNDLE: { - BSL_LOG_WARNING("Deleting bundle due to block target num %lu security failure", sec_oper->target_block_num); + BSL_LOG_WARNING("Deleting bundle due to block target num %lu security failure", + sec_oper->target_block_num); must_drop = true; break; } diff --git a/src/backend/SecurityAction.c b/src/backend/SecurityAction.c index 2d5be296..8ff15b36 100644 --- a/src/backend/SecurityAction.c +++ b/src/backend/SecurityAction.c @@ -1,3 +1,24 @@ +/* + * Copyright (c) 2025 The Johns Hopkins University Applied Physics + * Laboratory LLC. + * + * This file is part of the Bundle Protocol Security Library (BSL). + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * http://www.apache.org/licenses/LICENSE-2.0 + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This work was performed for the Jet Propulsion Laboratory, California + * Institute of Technology, sponsored by the United States Government under + * the prime contract 80NM0018D0004 between the Caltech and NASA under + * subcontract 1700763. + */ #include "SecurityAction.h" size_t BSL_SecurityAction_Sizeof(void) @@ -7,7 +28,7 @@ size_t BSL_SecurityAction_Sizeof(void) bool BSL_SecurityAction_IsConsistent(const BSL_SecurityAction_t *self) { - (void) self; + (void)self; return true; } @@ -43,7 +64,7 @@ int BSL_SecurityAction_AppendSecOper(BSL_SecurityAction_t *self, BSL_SecOper_t * ASSERT_ARG_NONNULL(self); ASSERT_ARG_NONNULL(self->sec_op_list); size_t i; - for (i = 0 ; i < BSL_SecOperList_size(self->sec_op_list); i ++) + for (i = 0; i < BSL_SecOperList_size(self->sec_op_list); i++) { BSL_SecOper_t *comp = BSL_SecOperList_get(self->sec_op_list, i); if (BSL_SecOper_GetTargetBlockNum(comp) == BSL_SecOper_GetTargetBlockNum(sec_oper)) @@ -52,7 +73,7 @@ int BSL_SecurityAction_AppendSecOper(BSL_SecurityAction_t *self, BSL_SecOper_t * // true if ACC BIB or SRC BCB if (BSL_SecOper_IsBIB(sec_oper) ^ BSL_SecOper_IsRoleSource(sec_oper)) { - BSL_SecOperList_push_at(self->sec_op_list, i+1, *sec_oper); + BSL_SecOperList_push_at(self->sec_op_list, i + 1, *sec_oper); } else { @@ -71,7 +92,7 @@ int BSL_SecurityAction_AppendSecOper(BSL_SecurityAction_t *self, BSL_SecOper_t * // new security operation targets security operation in list if (BSL_SecOper_GetTargetBlockNum(sec_oper) == BSL_SecOper_GetSecurityBlockNum(comp)) { - BSL_SecOperList_push_at(self->sec_op_list, i+1, *sec_oper); + BSL_SecOperList_push_at(self->sec_op_list, i + 1, *sec_oper); break; } @@ -84,7 +105,7 @@ int BSL_SecurityAction_AppendSecOper(BSL_SecurityAction_t *self, BSL_SecOper_t * } else { - BSL_SecOperList_push_at(self->sec_op_list, i+1, *sec_oper); + BSL_SecOperList_push_at(self->sec_op_list, i + 1, *sec_oper); } break; } @@ -94,7 +115,7 @@ int BSL_SecurityAction_AppendSecOper(BSL_SecurityAction_t *self, BSL_SecOper_t * { BSL_SecOperList_push_back(self->sec_op_list, *sec_oper); } - + return BSL_SUCCESS; } diff --git a/src/backend/SecurityAction.h b/src/backend/SecurityAction.h index cdf42a87..92d2dc15 100644 --- a/src/backend/SecurityAction.h +++ b/src/backend/SecurityAction.h @@ -1,3 +1,24 @@ +/* + * Copyright (c) 2025 The Johns Hopkins University Applied Physics + * Laboratory LLC. + * + * This file is part of the Bundle Protocol Security Library (BSL). + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * http://www.apache.org/licenses/LICENSE-2.0 + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This work was performed for the Jet Propulsion Laboratory, California + * Institute of Technology, sponsored by the United States Government under + * the prime contract 80NM0018D0004 between the Caltech and NASA under + * subcontract 1700763. + */ #include #include #include "SecOperation.h" @@ -9,5 +30,5 @@ ARRAY_DEF(BSL_SecOperList, BSL_SecOper_t, M_OPEXTEND(M_POD_OPLIST, CLEAR(API_2(B struct BSL_SecurityAction_s { BSL_SecOperList_t sec_op_list; - size_t err_ct; + size_t err_ct; }; diff --git a/src/backend/SecurityActionSet.c b/src/backend/SecurityActionSet.c index 8c14276e..c1c2fb43 100644 --- a/src/backend/SecurityActionSet.c +++ b/src/backend/SecurityActionSet.c @@ -27,7 +27,7 @@ bool BSL_SecurityActionSet_IsConsistent(const BSL_SecurityActionSet_t *self) { - (void) self; + (void)self; return true; } @@ -41,15 +41,15 @@ void BSL_SecurityActionSet_Init(BSL_SecurityActionSet_t *self) ASSERT_ARG_NONNULL(self); BSL_SecActionList_init(self->actions); self->action_count = 0; - self->err_count = 0; + self->err_count = 0; } void BSL_SecurityActionSet_Deinit(BSL_SecurityActionSet_t *self) { ASSERT_ARG_NONNULL(self); BSL_SecActionList_clear(self->actions); - self->err_count = 0; - self->action_count = 0; + self->err_count = 0; + self->action_count = 0; self->operation_count = 0; } diff --git a/src/backend/SecurityActionSet.h b/src/backend/SecurityActionSet.h index 1cf93e79..b360f16a 100644 --- a/src/backend/SecurityActionSet.h +++ b/src/backend/SecurityActionSet.h @@ -36,9 +36,9 @@ LIST_DEF(BSL_SecActionList, BSL_SecurityAction_t, M_OPEXTEND(M_POD_OPLIST, CLEAR struct BSL_SecurityActionSet_s { BSL_SecActionList_t actions; - size_t action_count; - size_t err_count; - size_t operation_count; + size_t action_count; + size_t err_count; + size_t operation_count; }; #endif /* BSLB_SECACTIONSET_H_ */ diff --git a/src/backend/SecurityContext.c b/src/backend/SecurityContext.c index 6de2ee52..cc814780 100644 --- a/src/backend/SecurityContext.c +++ b/src/backend/SecurityContext.c @@ -477,15 +477,16 @@ int BSL_SecCtx_ExecutePolicyActionSet(BSL_LibCtx_t *lib, BSL_SecurityResponseSet BSL_SecOutcome_t *outcome = calloc(BSL_SecOutcome_Sizeof(), 1); BSL_SecActionList_it_t act_it; - for (BSL_SecActionList_it(act_it, action_set->actions); !BSL_SecActionList_end_p(act_it); BSL_SecActionList_next(act_it)) + for (BSL_SecActionList_it(act_it, action_set->actions); !BSL_SecActionList_end_p(act_it); + BSL_SecActionList_next(act_it)) { BSL_SecurityAction_t *act = BSL_SecActionList_ref(act_it); - for (size_t i = 0; i < BSL_SecurityAction_CountSecOpers(act); i ++) + for (size_t i = 0; i < BSL_SecurityAction_CountSecOpers(act); i++) { memset(outcome, 0, BSL_SecOutcome_Sizeof()); - BSL_SecOper_t *sec_oper = BSL_SecurityAction_GetSecOperAtIndex(act, i); - const BSL_SecCtxDesc_t *sec_ctx = BSL_SecCtxDict_cget(lib->sc_reg, sec_oper->context_id); + BSL_SecOper_t *sec_oper = BSL_SecurityAction_GetSecOperAtIndex(act, i); + const BSL_SecCtxDesc_t *sec_ctx = BSL_SecCtxDict_cget(lib->sc_reg, sec_oper->context_id); ASSERT_PROPERTY(sec_ctx != NULL); BSL_SecOutcome_Init(outcome, sec_oper, 100000); @@ -494,8 +495,8 @@ int BSL_SecCtx_ExecutePolicyActionSet(BSL_LibCtx_t *lib, BSL_SecurityResponseSet if (BSL_SecOper_IsBIB(sec_oper)) { errcode = BSL_SecOper_IsRoleSource(sec_oper) == true - ? BSL_ExecBIBSource(sec_ctx->execute, lib, bundle, sec_oper, outcome) - : BSL_ExecBIBAccept(sec_ctx->execute, lib, bundle, sec_oper, outcome); + ? BSL_ExecBIBSource(sec_ctx->execute, lib, bundle, sec_oper, outcome) + : BSL_ExecBIBAccept(sec_ctx->execute, lib, bundle, sec_oper, outcome); } else { diff --git a/test/bsl_test_utils.c b/test/bsl_test_utils.c index 4f105da6..fbf6c41d 100644 --- a/test/bsl_test_utils.c +++ b/test/bsl_test_utils.c @@ -84,11 +84,11 @@ void BSL_TestUtils_InitBCB_Appendix2(BCBTestContext *context, BSL_SecRole_e role BSL_SecurityActionSet_t *BSL_TestUtils_InitMallocBIBActionSet(BIBTestContext *bib_context) { BSL_SecurityActionSet_t *action_set = calloc(sizeof(BSL_SecurityActionSet_t), 1); - BSL_SecurityActionSet_Init(action_set); + BSL_SecurityActionSet_Init(action_set); BSL_SecurityAction_t *act = calloc(sizeof(BSL_SecurityAction_t), 1); BSL_SecurityAction_Init(act); BSL_SecurityAction_AppendSecOper(act, &bib_context->sec_oper); - //BSL_SecurityAction_OrderSecOps(act); + // BSL_SecurityAction_OrderSecOps(act); BSL_SecurityActionSet_AppendAction(action_set, act); free(act); return action_set; diff --git a/test/test_BackendSecurityContext.c b/test/test_BackendSecurityContext.c index e02ecabc..0f95c24d 100644 --- a/test/test_BackendSecurityContext.c +++ b/test/test_BackendSecurityContext.c @@ -294,7 +294,7 @@ void test_RFC9173_AppendixA_Example3_Acceptor(void) BSL_SecurityAction_AppendSecOper(malloced_action, &bib_oper_ext_block); BSL_SecurityAction_AppendSecOper(malloced_action, &bcb_oper); - //BSL_SecurityAction_OrderSecOps(malloced_action); + // BSL_SecurityAction_OrderSecOps(malloced_action); BSL_SecurityActionSet_AppendAction(malloced_actionset, malloced_action); BSL_SecurityResponseSet_t *malloced_responseset = BSL_TestUtils_MallocEmptyPolicyResponse(); @@ -371,7 +371,7 @@ void test_RFC9173_AppendixA_Example3_Source(void) BSL_SecurityAction_AppendSecOper(malloced_action, &bib_oper_ext_block); BSL_SecurityAction_AppendSecOper(malloced_action, &bcb_oper); - //BSL_SecurityAction_OrderSecOps(malloced_action); + // BSL_SecurityAction_OrderSecOps(malloced_action); BSL_SecurityActionSet_AppendAction(malloced_actionset, malloced_action); BSL_SecurityResponseSet_t *malloced_responseset = BSL_TestUtils_MallocEmptyPolicyResponse(); @@ -465,7 +465,7 @@ void test_RFC9173_AppendixA_Example4_Acceptor(void) BSL_SecurityAction_AppendSecOper(malloced_action, &bcb_op_tgt_payload); BSL_SecurityAction_AppendSecOper(malloced_action, &bcb_op_tgt_bib); - //BSL_SecurityAction_OrderSecOps(malloced_action); + // BSL_SecurityAction_OrderSecOps(malloced_action); BSL_SecurityActionSet_AppendAction(malloced_actionset, malloced_action); BSL_SecurityResponseSet_t *malloced_responseset = BSL_TestUtils_MallocEmptyPolicyResponse(); @@ -545,7 +545,7 @@ void test_RFC9173_AppendixA_Example4_Source(void) BSL_SecurityAction_AppendSecOper(malloced_action, &bcb_op_tgt_bib); BSL_SecurityAction_AppendSecOper(malloced_action, &bib_oper_payload); - //BSL_SecurityAction_OrderSecOps(malloced_action); + // BSL_SecurityAction_OrderSecOps(malloced_action); BSL_SecurityActionSet_AppendAction(malloced_actionset, malloced_action); BSL_SecurityResponseSet_t *malloced_responseset = BSL_TestUtils_MallocEmptyPolicyResponse(); diff --git a/test/test_PublicInterfaceImpl.c b/test/test_PublicInterfaceImpl.c index 6efe0f4e..7dd9c918 100644 --- a/test/test_PublicInterfaceImpl.c +++ b/test/test_PublicInterfaceImpl.c @@ -206,7 +206,6 @@ void test_API_RemoveFailedBlock(void) TEST_ASSERT_EQUAL(1, action_set.action_count); TEST_ASSERT_EQUAL(1, BSL_SecurityAction_CountSecOpers(BSL_SecurityActionSet_GetActionAtIndex(&action_set, 0))); - // We know that we should expect one failure in the result. BSL_SecurityResponseSet_t response_set = { 0 }; From 2f489d359ded160db52134e8c3e584a0c389a8d6 Mon Sep 17 00:00:00 2001 From: Joshua Stone Date: Tue, 12 Aug 2025 11:48:31 -0400 Subject: [PATCH 12/21] invalid conclusion --- src/backend/SecurityAction.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/backend/SecurityAction.c b/src/backend/SecurityAction.c index 8ff15b36..2672a51a 100644 --- a/src/backend/SecurityAction.c +++ b/src/backend/SecurityAction.c @@ -71,6 +71,13 @@ int BSL_SecurityAction_AppendSecOper(BSL_SecurityAction_t *self, BSL_SecOper_t * { // SOURCE BIB or ACCEPT BCB should come first // true if ACC BIB or SRC BCB + + // Both BIBs or BCBs + if (!(BSL_SecOper_IsBIB(sec_oper) ^ BSL_SecOper_IsBIB(comp))) + { + BSL_SecOper_SetConclusion(sec_oper, BSL_SECOP_CONCLUSION_INVALID); + } + if (BSL_SecOper_IsBIB(sec_oper) ^ BSL_SecOper_IsRoleSource(sec_oper)) { BSL_SecOperList_push_at(self->sec_op_list, i + 1, *sec_oper); From 672338181841717a2a7d76fc62bb9468f76a4dfb Mon Sep 17 00:00:00 2001 From: Joshua Stone Date: Tue, 12 Aug 2025 11:56:21 -0400 Subject: [PATCH 13/21] fix format --- test/bsl_test_utils.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/test/bsl_test_utils.h b/test/bsl_test_utils.h index ffd9d999..6fee0271 100644 --- a/test/bsl_test_utils.h +++ b/test/bsl_test_utils.h @@ -29,8 +29,6 @@ #include #include #include -//#include - #include /// @brief Key ID for the Appendix A1 key in OpenSSL From 9ba17a10e102b67894869b6af54595d96e122679 Mon Sep 17 00:00:00 2001 From: Brian Sipos Date: Tue, 12 Aug 2025 13:27:07 -0400 Subject: [PATCH 14/21] Adding and upated OPLIST where necessary to support needed semantics --- src/BPSecLib_Private.h | 57 ++++++++--- src/backend/AbsSecBlock.c | 2 +- src/backend/AbsSecBlock.h | 1 + src/backend/SecOperation.c | 57 +++++++++-- src/backend/SecParam.h | 12 ++- src/backend/SecResult.h | 10 +- src/backend/SecurityAction.c | 17 +++- src/backend/SecurityAction.h | 2 +- src/backend/SecurityActionSet.c | 3 +- src/backend/SecurityActionSet.h | 4 +- src/policy_provider/SamplePolicyProvider.c | 8 +- test/bsl_test_utils.c | 14 ++- test/bsl_test_utils.h | 2 + test/test_BackendSecurityContext.c | 112 ++++++++++++--------- test/test_SamplePolicyProvider.c | 1 + 15 files changed, 215 insertions(+), 87 deletions(-) diff --git a/src/BPSecLib_Private.h b/src/BPSecLib_Private.h index ec46e250..685494b6 100644 --- a/src/BPSecLib_Private.h +++ b/src/BPSecLib_Private.h @@ -774,17 +774,18 @@ typedef struct BSL_SecOper_s BSL_SecOper_t; size_t BSL_SecOper_Sizeof(void); -/** Populate a pre-allocated Security Operation with the given values. +/** Initialize a newly allocated structure. * - * @param[in,out] self Non-NULL pointer to this security operation. - * @param[in] context_id ID of the security context - * @param[in] target_block_num Block ID of security target block - * @param[in] sec_block_num Block ID of security block. - * @param[in] sec_type Member of ::BSL_SecBlockType_e enum indicating BIB or BCB - * @param[in] sec_role Member of ::BSL_SecRole_e enum indicating role. + * @param[in,out] self Non-NULL pointer to this security operation */ -void BSL_SecOper_Init(BSL_SecOper_t *self, uint64_t context_id, uint64_t target_block_num, uint64_t sec_block_num, - BSL_SecBlockType_e sec_type, BSL_SecRole_e sec_role, BSL_PolicyAction_e failure_code); +void BSL_SecOper_Init(BSL_SecOper_t *self); + +/** Initialize from a copy. + * + * @param[in,out] self Non-NULL pointer to this security operation + * @param[in] src Non-NULL pointer to this source to copy from. + */ +void BSL_SecOper_InitSet(BSL_SecOper_t *self, const BSL_SecOper_t *src); /** Empty and release any resources used internally by this structure. * @@ -795,6 +796,29 @@ void BSL_SecOper_Init(BSL_SecOper_t *self, uint64_t context_id, uint64_t target_ */ void BSL_SecOper_Deinit(BSL_SecOper_t *self); +/** Set from a copy. + * + * @param[in,out] self Non-NULL pointer to this security operation + * @param[in] src Non-NULL pointer to this source to copy from. + */ +void BSL_SecOper_Set(BSL_SecOper_t *self, const BSL_SecOper_t *src); + +/// OPLIST for ::BSL_SecOper_t +#define M_OPL_BSL_SecOper_t() \ + (INIT(API_2(BSL_SecOper_Init)), INIT_SET(API_6(BSL_SecOper_InitSet)), SET(API_6(BSL_SecOper_Set)), CLEAR(API_2(BSL_SecOper_Deinit))) + +/** Populate an initialized Security Operation with the given values. + * + * @param[in,out] self Non-NULL pointer to this security operation. + * @param[in] context_id ID of the security context + * @param[in] target_block_num Block ID of security target block + * @param[in] sec_block_num Block ID of security block. + * @param[in] sec_type Member of ::BSL_SecBlockType_e enum indicating BIB or BCB + * @param[in] sec_role Member of ::BSL_SecRole_e enum indicating role. + */ +void BSL_SecOper_Populate(BSL_SecOper_t *self, uint64_t context_id, uint64_t target_block_num, uint64_t sec_block_num, + BSL_SecBlockType_e sec_type, BSL_SecRole_e sec_role, BSL_PolicyAction_e failure_code); + /** Returns true if internal consistency and sanity checks pass * * @todo Formalize invariants @@ -1072,20 +1096,27 @@ bool BSL_SecurityAction_IsConsistent(const BSL_SecurityAction_t *self); /** * Initialize security action - * @param self security action + * @param[out] self security action */ void BSL_SecurityAction_Init(BSL_SecurityAction_t *self); +/** Initialize from a copy. + * + * @param[out] self security action + * @param[in] src The source of the copy. + */ +void BSL_SecurityAction_InitSet(BSL_SecurityAction_t *self, const BSL_SecurityAction_t *src); + /** * De-initialize security action - * @param self security action + * @param[in,out] self security action */ void BSL_SecurityAction_Deinit(BSL_SecurityAction_t *self); /** * Add security operation to security action, with deterministic ordering * @param[in,out] self action to add security operation to - * @param[in] sec_oper new security operation to add + * @param[in,out] sec_oper new security operation to add and move from. * @return 0 if successful */ int BSL_SecurityAction_AppendSecOper(BSL_SecurityAction_t *self, BSL_SecOper_t *sec_oper); @@ -1301,4 +1332,4 @@ struct BSL_SecCtxDesc_s BSL_SecCtx_Execute_f execute; }; -#endif /* BSL_BPSECLIB_PRIVATE_H_ */ \ No newline at end of file +#endif /* BSL_BPSECLIB_PRIVATE_H_ */ diff --git a/src/backend/AbsSecBlock.c b/src/backend/AbsSecBlock.c index 51b3c852..3933e41e 100644 --- a/src/backend/AbsSecBlock.c +++ b/src/backend/AbsSecBlock.c @@ -120,7 +120,7 @@ bool BSL_AbsSecBlock_ContainsTarget(const BSL_AbsSecBlock_t *self, uint64_t targ { ASSERT_PRECONDITION(BSL_AbsSecBlock_IsConsistent(self)); for - M_EACH(target_num, self->targets, LIST_OPLIST(uint64_list)) + M_EACH(target_num, self->targets, M_ARRAY_OPLIST(uint64_list)) { if (*target_num == target_block_num) { diff --git a/src/backend/AbsSecBlock.h b/src/backend/AbsSecBlock.h index cf48c1b5..7ea37686 100644 --- a/src/backend/AbsSecBlock.h +++ b/src/backend/AbsSecBlock.h @@ -48,6 +48,7 @@ // NOLINTBEGIN /// @cond Doxygen_Suppress M_ARRAY_DEF(uint64_list, uint64_t) +/// @endcond // NOLINTEND /** Represents the Abstract Security Block as defined in RFC9172 diff --git a/src/backend/SecOperation.c b/src/backend/SecOperation.c index 0851d87c..d7e1d5ad 100644 --- a/src/backend/SecOperation.c +++ b/src/backend/SecOperation.c @@ -32,13 +32,58 @@ size_t BSL_SecOper_Sizeof(void) return sizeof(BSL_SecOper_t); } -void BSL_SecOper_Init(BSL_SecOper_t *self, uint64_t context_id, uint64_t target_block_num, uint64_t sec_block_num, - BSL_SecBlockType_e sec_type, BSL_SecRole_e sec_role, BSL_PolicyAction_e failure_code) +void BSL_SecOper_Init(BSL_SecOper_t *self) { ASSERT_ARG_NONNULL(self); memset(self, 0, sizeof(*self)); BSLB_SecParamList_init(self->_param_list); + + ASSERT_POSTCONDITION(BSL_SecOper_IsConsistent(self)); +} + +void BSL_SecOper_InitSet(BSL_SecOper_t *self, const BSL_SecOper_t *src) +{ + ASSERT_ARG_NONNULL(self); + ASSERT_ARG_NONNULL(src); + + memset(self, 0, sizeof(*self)); + self->context_id = src->context_id; + self->target_block_num = src->target_block_num; + self->sec_block_num = src->sec_block_num; + self->failure_code = src->failure_code; + self->conclusion = src->conclusion; + self->_role = src->_role; + self->_service_type = src->_service_type; + BSLB_SecParamList_init_set(self->_param_list, src->_param_list); + + ASSERT_POSTCONDITION(BSL_SecOper_IsConsistent(self)); +} + +void BSL_SecOper_Deinit(BSL_SecOper_t *self) +{ + ASSERT_PRECONDITION(BSL_SecOper_IsConsistent(self)); + BSLB_SecParamList_clear(self->_param_list); +} + +void BSL_SecOper_Set(BSL_SecOper_t *self, const BSL_SecOper_t *src) +{ + ASSERT_PRECONDITION(BSL_SecOper_IsConsistent(self)); + + self->context_id = src->context_id; + self->target_block_num = src->target_block_num; + self->sec_block_num = src->sec_block_num; + self->failure_code = src->failure_code; + self->conclusion = src->conclusion; + self->_role = src->_role; + self->_service_type = src->_service_type; + BSLB_SecParamList_set(self->_param_list, src->_param_list); +} + +void BSL_SecOper_Populate(BSL_SecOper_t *self, uint64_t context_id, uint64_t target_block_num, uint64_t sec_block_num, + BSL_SecBlockType_e sec_type, BSL_SecRole_e sec_role, BSL_PolicyAction_e failure_code) +{ + ASSERT_ARG_NONNULL(self); self->context_id = context_id; self->target_block_num = target_block_num; self->sec_block_num = sec_block_num; @@ -50,12 +95,6 @@ void BSL_SecOper_Init(BSL_SecOper_t *self, uint64_t context_id, uint64_t target_ ASSERT_POSTCONDITION(BSL_SecOper_IsConsistent(self)); } -void BSL_SecOper_Deinit(BSL_SecOper_t *self) -{ - ASSERT_PRECONDITION(BSL_SecOper_IsConsistent(self)); - BSLB_SecParamList_clear(self->_param_list); -} - size_t BSL_SecOper_CountParams(const BSL_SecOper_t *self) { ASSERT_PRECONDITION(BSL_SecOper_IsConsistent(self)); @@ -146,4 +185,4 @@ void BSL_SecOper_SetConclusion(BSL_SecOper_t *self, BSL_SecOper_ConclusionState_ ASSERT_PRECONDITION(BSL_SecOper_IsConsistent(self)); self->conclusion = new_conclusion; ASSERT_POSTCONDITION(BSL_SecOper_IsConsistent(self)); -} \ No newline at end of file +} diff --git a/src/backend/SecParam.h b/src/backend/SecParam.h index 4f426c11..9f94f964 100644 --- a/src/backend/SecParam.h +++ b/src/backend/SecParam.h @@ -60,7 +60,7 @@ #include -#include +#include #include @@ -83,11 +83,13 @@ struct BSL_SecParam_s size_t _bytelen; }; -// NOLINTBEGIN -/** - * Defines a MLib basic list of Security Parameters. +/** @struct BSLB_SecParamList_t + * Defines a basic list of Security Parameters (::BSL_SecParam_t). */ -LIST_DEF(BSLB_SecParamList, BSL_SecParam_t, M_POD_OPLIST) +// NOLINTBEGIN +/// @cond Doxygen_Suppress +M_ARRAY_DEF(BSLB_SecParamList, BSL_SecParam_t, M_POD_OPLIST) +/// @endcond // NOLINTEND #endif /* BSLB_SECPARAM_H_ */ diff --git a/src/backend/SecResult.h b/src/backend/SecResult.h index fb343052..caaf5448 100644 --- a/src/backend/SecResult.h +++ b/src/backend/SecResult.h @@ -71,7 +71,7 @@ #include -#include +#include #include @@ -93,9 +93,13 @@ struct BSL_SecResult_s size_t _bytelen; }; -// TODO(BVB) - Doxygen suppress and annotate. +/** @struct BSLB_SecResultList_t + * Defines a basic list of Security Results (::BSL_SecResult_t). + */ // NOLINTBEGIN -LIST_DEF(BSLB_SecResultList, BSL_SecResult_t, M_POD_OPLIST) +/// @cond Doxygen_Suppress +M_ARRAY_DEF(BSLB_SecResultList, BSL_SecResult_t, M_POD_OPLIST) +/// @endcond // NOLINTEND #endif /* BSLB_SECRESULT_H_ */ diff --git a/src/backend/SecurityAction.c b/src/backend/SecurityAction.c index 2672a51a..dcfbfeec 100644 --- a/src/backend/SecurityAction.c +++ b/src/backend/SecurityAction.c @@ -40,6 +40,14 @@ void BSL_SecurityAction_Init(BSL_SecurityAction_t *self) self->err_ct = 0; } +void BSL_SecurityAction_InitSet(BSL_SecurityAction_t *self, const BSL_SecurityAction_t *src) +{ + ASSERT_ARG_NONNULL(self); + + BSL_SecOperList_init_set(self->sec_op_list, src->sec_op_list); + self->err_ct = src->err_ct; +} + void BSL_SecurityAction_Deinit(BSL_SecurityAction_t *self) { ASSERT_ARG_NONNULL(self); @@ -62,7 +70,9 @@ size_t BSL_SecurityAction_CountErrors(const BSL_SecurityAction_t *self) int BSL_SecurityAction_AppendSecOper(BSL_SecurityAction_t *self, BSL_SecOper_t *sec_oper) { ASSERT_ARG_NONNULL(self); - ASSERT_ARG_NONNULL(self->sec_op_list); + ASSERT_ARG_NONNULL(sec_oper); + + size_t i; for (i = 0; i < BSL_SecOperList_size(self->sec_op_list); i++) { @@ -123,6 +133,9 @@ int BSL_SecurityAction_AppendSecOper(BSL_SecurityAction_t *self, BSL_SecOper_t * BSL_SecOperList_push_back(self->sec_op_list, *sec_oper); } + //TODO: better served by moving above + BSL_SecOper_Deinit(sec_oper); + return BSL_SUCCESS; } @@ -138,4 +151,4 @@ BSL_SecOper_t *BSL_SecurityAction_GetSecOperAtIndex(const BSL_SecurityAction_t * ASSERT_ARG_NONNULL(self); ASSERT_ARG_NONNULL(self->sec_op_list); return BSL_SecOperList_get(self->sec_op_list, index); -} \ No newline at end of file +} diff --git a/src/backend/SecurityAction.h b/src/backend/SecurityAction.h index 92d2dc15..0ab5d037 100644 --- a/src/backend/SecurityAction.h +++ b/src/backend/SecurityAction.h @@ -24,7 +24,7 @@ #include "SecOperation.h" // NOLINTBEGIN -ARRAY_DEF(BSL_SecOperList, BSL_SecOper_t, M_OPEXTEND(M_POD_OPLIST, CLEAR(API_2(BSL_SecOper_Deinit)))) +M_ARRAY_DEF(BSL_SecOperList, BSL_SecOper_t, M_OPL_BSL_SecOper_t()) // NOLINTEND struct BSL_SecurityAction_s diff --git a/src/backend/SecurityActionSet.c b/src/backend/SecurityActionSet.c index c1c2fb43..aee8f673 100644 --- a/src/backend/SecurityActionSet.c +++ b/src/backend/SecurityActionSet.c @@ -56,6 +56,7 @@ void BSL_SecurityActionSet_Deinit(BSL_SecurityActionSet_t *self) int BSL_SecurityActionSet_AppendAction(BSL_SecurityActionSet_t *self, const BSL_SecurityAction_t *action) { ASSERT_ARG_NONNULL(self); + ASSERT_ARG_NONNULL(action); BSL_SecActionList_push_back(self->actions, *action); self->err_count += action->err_ct; self->action_count++; @@ -86,4 +87,4 @@ size_t BSL_SecurityActionSet_CountErrors(const BSL_SecurityActionSet_t *self) { ASSERT_ARG_NONNULL(self); return self->err_count; -} \ No newline at end of file +} diff --git a/src/backend/SecurityActionSet.h b/src/backend/SecurityActionSet.h index b360f16a..e01fc0bb 100644 --- a/src/backend/SecurityActionSet.h +++ b/src/backend/SecurityActionSet.h @@ -29,7 +29,9 @@ #include #include "SecurityAction.h" -LIST_DEF(BSL_SecActionList, BSL_SecurityAction_t, M_OPEXTEND(M_POD_OPLIST, CLEAR(API_2(BSL_SecurityAction_Deinit)))) +M_ARRAY_DEF(BSL_SecActionList, BSL_SecurityAction_t, + (INIT(API_2(BSL_SecurityAction_Init)), INIT_SET(API_6(BSL_SecurityAction_InitSet)), SET(0), + CLEAR(API_2(BSL_SecurityAction_Deinit)))) /// @brief Contains the populated security operations for this bundle. /// @note This is intended to be a write-once, read-only struct diff --git a/src/policy_provider/SamplePolicyProvider.c b/src/policy_provider/SamplePolicyProvider.c index 115a294b..4530af6e 100644 --- a/src/policy_provider/SamplePolicyProvider.c +++ b/src/policy_provider/SamplePolicyProvider.c @@ -127,6 +127,7 @@ int BSLP_QueryPolicy(const void *user_data, BSL_SecurityActionSet_t *output_acti } BSL_SecOper_t *sec_oper = calloc(BSL_SecOper_Sizeof(), 1); + BSL_SecOper_Init(sec_oper); if (BSLP_PolicyRule_EvaluateAsSecOper(rule, sec_oper, bundle, location) < 0) { BSL_SecurityAction_IncrError(action); @@ -140,6 +141,7 @@ int BSLP_QueryPolicy(const void *user_data, BSL_SecurityActionSet_t *output_acti } BSL_SecurityActionSet_AppendAction(output_action_set, action); + BSL_SecurityAction_Deinit(action); free(action); CHK_POSTCONDITION(BSL_SecurityActionSet_IsConsistent(output_action_set)); @@ -288,9 +290,9 @@ int BSLP_PolicyRule_EvaluateAsSecOper(const BSLP_PolicyRule_t *self, BSL_SecOper return BSL_ERR_SECURITY_CONTEXT_FAILED; } - // It's found, so initialize the security operation from the rule and bundle. - BSL_SecOper_Init(sec_oper, self->context_id, target_block_num, 0, self->sec_block_type, self->role, - self->failure_action_code); + // It's found, so populate the security operation from the rule and bundle. + BSL_SecOper_Populate(sec_oper, self->context_id, target_block_num, 0, self->sec_block_type, self->role, + self->failure_action_code); // Next, append all the parameters from the matched rule. for (size_t index = 0; index < self->nparams; index++) diff --git a/test/bsl_test_utils.c b/test/bsl_test_utils.c index fbf6c41d..0f7ca53d 100644 --- a/test/bsl_test_utils.c +++ b/test/bsl_test_utils.c @@ -39,6 +39,11 @@ field.len = sizeof(tgt); \ field.ptr = (uint8_t *)tgt +void BIBTestContext_Deinit(BIBTestContext *obj) +{ + BSL_SecOper_Deinit(&obj->sec_oper); +} + void BSL_TestUtils_InitBIB_AppendixA1(BIBTestContext *context, BSL_SecRole_e role, const char *key_id) { quick_data(context->hmac, ApxA1_HMAC); @@ -48,7 +53,8 @@ void BSL_TestUtils_InitBIB_AppendixA1(BIBTestContext *context, BSL_SecRole_e rol BSL_SecParam_InitInt64(&context->param_sha_variant, RFC9173_BIB_PARAMID_SHA_VARIANT, RFC9173_BIB_SHA_HMAC512); BSL_SecParam_InitBytestr(&context->param_hmac, BSL_SECPARAM_TYPE_AUTH_TAG, context->hmac); - BSL_SecOper_Init(&context->sec_oper, 1, 1, 2, BSL_SECBLOCKTYPE_BIB, role, BSL_POLICYACTION_DROP_BLOCK); + BSL_SecOper_Init(&context->sec_oper); + BSL_SecOper_Populate(&context->sec_oper, 1, 1, 2, BSL_SECBLOCKTYPE_BIB, role, BSL_POLICYACTION_DROP_BLOCK); BSL_SecOper_AppendParam(&context->sec_oper, &context->param_sha_variant); BSL_SecOper_AppendParam(&context->sec_oper, &context->param_scope_flags); @@ -70,7 +76,8 @@ void BSL_TestUtils_InitBCB_Appendix2(BCBTestContext *context, BSL_SecRole_e role BSL_SecParam_InitBytestr(&context->param_auth_tag, BSL_SECPARAM_TYPE_AUTH_TAG, context->auth_tag); BSL_SecParam_InitBytestr(&context->param_wrapped_key, RFC9173_BCB_SECPARAM_WRAPPEDKEY, context->wrapped_key); - BSL_SecOper_Init(&context->sec_oper, 2, 1, 2, BSL_SECBLOCKTYPE_BCB, role, BSL_POLICYACTION_NOTHING); + BSL_SecOper_Init(&context->sec_oper); + BSL_SecOper_Populate(&context->sec_oper, 2, 1, 2, BSL_SECBLOCKTYPE_BCB, role, BSL_POLICYACTION_NOTHING); BSL_SecOper_AppendParam(&context->sec_oper, &context->param_init_vec); BSL_SecOper_AppendParam(&context->sec_oper, &context->param_aes_variant); @@ -88,8 +95,11 @@ BSL_SecurityActionSet_t *BSL_TestUtils_InitMallocBIBActionSet(BIBTestContext *bi BSL_SecurityAction_t *act = calloc(sizeof(BSL_SecurityAction_t), 1); BSL_SecurityAction_Init(act); BSL_SecurityAction_AppendSecOper(act, &bib_context->sec_oper); + // ensure consistent context state + BSL_SecOper_Init(&bib_context->sec_oper); // BSL_SecurityAction_OrderSecOps(act); BSL_SecurityActionSet_AppendAction(action_set, act); + BSL_SecurityAction_Deinit(act); free(act); return action_set; } diff --git a/test/bsl_test_utils.h b/test/bsl_test_utils.h index 6fee0271..46b1f061 100644 --- a/test/bsl_test_utils.h +++ b/test/bsl_test_utils.h @@ -85,6 +85,8 @@ typedef struct BSL_SecOper_t sec_oper; } BIBTestContext; +void BIBTestContext_Deinit(BIBTestContext *obj); + void BSL_TestUtils_InitBIB_AppendixA1(BIBTestContext *context, BSL_SecRole_e role, const char *key_id); static const uint8_t ApxA2_InitVec[] = { 0x54, 0x77, 0x65, 0x6c, 0x76, 0x65, 0x31, 0x32, 0x31, 0x32, 0x31, 0x32 }; diff --git a/test/test_BackendSecurityContext.c b/test/test_BackendSecurityContext.c index 0f95c24d..114ef505 100644 --- a/test/test_BackendSecurityContext.c +++ b/test/test_BackendSecurityContext.c @@ -110,9 +110,10 @@ void test_SecurityContext_BIB_Source(void) (BSL_TestUtils_IsB16StrEqualTo(RFC9173_TestVectors_AppendixA1.cbor_bundle_bib, mock_bpa_ctr->encoded)); BSL_SecurityResponseSet_Deinit(malloced_responseset); - BSL_SecurityActionSet_Deinit(malloced_actionset); free(malloced_responseset); + BSL_SecurityActionSet_Deinit(malloced_actionset); free(malloced_actionset); + BIBTestContext_Deinit(&bib_test_context); TEST_ASSERT_TRUE(is_expected); } @@ -149,9 +150,10 @@ void test_SecurityContext_BIB_Verifier(void) (BSL_TestUtils_IsB16StrEqualTo(RFC9173_TestVectors_AppendixA1.cbor_bundle_bib, mock_bpa_ctr->encoded)); BSL_SecurityActionSet_Deinit(malloced_actionset); - BSL_SecurityResponseSet_Deinit(malloced_responseset); free(malloced_actionset); + BSL_SecurityResponseSet_Deinit(malloced_responseset); free(malloced_responseset); + BIBTestContext_Deinit(&bib_test_context); TEST_ASSERT_TRUE(is_match); } @@ -190,10 +192,11 @@ void test_SecurityContext_BIB_Verifier_Failure(void) BSL_SecCtx_ExecutePolicyActionSet(&LocalTestCtx.bsl, malloced_responseset, &mock_bpa_ctr->bundle_ref, malloced_actionset)); - BSL_SecurityResponseSet_Deinit(malloced_responseset); BSL_SecurityActionSet_Deinit(malloced_actionset); free(malloced_actionset); + BSL_SecurityResponseSet_Deinit(malloced_responseset); free(malloced_responseset); + BIBTestContext_Deinit(&bib_test_context); } /** @@ -239,10 +242,11 @@ void test_SecurityContext_BIB_Acceptor(void) goto cleanup; cleanup: - BSL_SecurityResponseSet_Deinit(malloced_responseset); BSL_SecurityActionSet_Deinit(malloced_actionset); free(malloced_actionset); + BSL_SecurityResponseSet_Deinit(malloced_responseset); free(malloced_responseset); + BIBTestContext_Deinit(&bib_test_context); TEST_ASSERT_EQUAL(0, sec_context_result); TEST_ASSERT_EQUAL(0, encode_result); @@ -270,19 +274,22 @@ void test_RFC9173_AppendixA_Example3_Acceptor(void) BSL_SecParam_t param_key = { 0 }; BSL_SecParam_InitStr(¶m_key, BSL_SECPARAM_TYPE_KEY_ID, RFC9173_EXAMPLE_A1_KEY); - BSL_SecOper_t bib_oper_primary = { 0 }; - BSL_SecOper_Init(&bib_oper_primary, 1, 0, 3, BSL_SECBLOCKTYPE_BIB, BSL_SECROLE_ACCEPTOR, - BSL_POLICYACTION_DROP_BLOCK); + BSL_SecOper_t bib_oper_primary; + BSL_SecOper_Init(&bib_oper_primary); + BSL_SecOper_Populate(&bib_oper_primary, 1, 0, 3, BSL_SECBLOCKTYPE_BIB, BSL_SECROLE_ACCEPTOR, + BSL_POLICYACTION_DROP_BLOCK); BSL_SecOper_AppendParam(&bib_oper_primary, ¶m_key); - BSL_SecOper_t bib_oper_ext_block = { 0 }; - BSL_SecOper_Init(&bib_oper_ext_block, 1, 2, 3, BSL_SECBLOCKTYPE_BIB, BSL_SECROLE_ACCEPTOR, - BSL_POLICYACTION_DROP_BLOCK); + BSL_SecOper_t bib_oper_ext_block; + BSL_SecOper_Init(&bib_oper_ext_block); + BSL_SecOper_Populate(&bib_oper_ext_block, 1, 2, 3, BSL_SECBLOCKTYPE_BIB, BSL_SECROLE_ACCEPTOR, + BSL_POLICYACTION_DROP_BLOCK); BSL_SecOper_AppendParam(&bib_oper_ext_block, ¶m_key); BSL_SecParam_t bcb_param_key = { 0 }; BSL_SecParam_InitStr(&bcb_param_key, BSL_SECPARAM_TYPE_KEY_ID, RFC9173_EXAMPLE_A3_KEY); - BSL_SecOper_t bcb_oper = { 0 }; - BSL_SecOper_Init(&bcb_oper, 2, 1, 4, BSL_SECBLOCKTYPE_BCB, BSL_SECROLE_ACCEPTOR, BSL_POLICYACTION_DROP_BLOCK); + BSL_SecOper_t bcb_oper; + BSL_SecOper_Init(&bcb_oper); + BSL_SecOper_Populate(&bcb_oper, 2, 1, 4, BSL_SECBLOCKTYPE_BCB, BSL_SECROLE_ACCEPTOR, BSL_POLICYACTION_DROP_BLOCK); BSL_SecOper_AppendParam(&bcb_oper, &bcb_param_key); BSL_SecurityActionSet_t *malloced_actionset = calloc(1, BSL_SecurityActionSet_Sizeof()); @@ -303,11 +310,11 @@ void test_RFC9173_AppendixA_Example3_Acceptor(void) &mock_bpa_ctr->bundle_ref, malloced_actionset); TEST_ASSERT_EQUAL(BSL_SUCCESS, exec_result); - BSL_SecurityResponseSet_Deinit(malloced_responseset); - BSL_SecurityActionSet_Deinit(malloced_actionset); - + BSL_SecurityAction_Deinit(malloced_action); free(malloced_action); + BSL_SecurityActionSet_Deinit(malloced_actionset); free(malloced_actionset); + BSL_SecurityResponseSet_Deinit(malloced_responseset); free(malloced_responseset); } @@ -334,15 +341,18 @@ void test_RFC9173_AppendixA_Example3_Source(void) BSL_SecParam_t param_integ_scope = { 0 }; BSL_SecParam_InitInt64(¶m_integ_scope, RFC9173_BIB_PARAMID_INTEG_SCOPE_FLAG, 0); - BSL_SecOper_t bib_oper_primary = { 0 }; - BSL_SecOper_Init(&bib_oper_primary, 1, 0, 3, BSL_SECBLOCKTYPE_BIB, BSL_SECROLE_SOURCE, BSL_POLICYACTION_DROP_BLOCK); + BSL_SecOper_t bib_oper_primary; + BSL_SecOper_Init(&bib_oper_primary); + BSL_SecOper_Populate(&bib_oper_primary, 1, 0, 3, BSL_SECBLOCKTYPE_BIB, BSL_SECROLE_SOURCE, + BSL_POLICYACTION_DROP_BLOCK); BSL_SecOper_AppendParam(&bib_oper_primary, ¶m_key); BSL_SecOper_AppendParam(&bib_oper_primary, ¶m_sha_var); BSL_SecOper_AppendParam(&bib_oper_primary, ¶m_integ_scope); - BSL_SecOper_t bib_oper_ext_block = { 0 }; - BSL_SecOper_Init(&bib_oper_ext_block, 1, 2, 3, BSL_SECBLOCKTYPE_BIB, BSL_SECROLE_SOURCE, - BSL_POLICYACTION_DROP_BLOCK); + BSL_SecOper_t bib_oper_ext_block; + BSL_SecOper_Init(&bib_oper_ext_block); + BSL_SecOper_Populate(&bib_oper_ext_block, 1, 2, 3, BSL_SECBLOCKTYPE_BIB, BSL_SECROLE_SOURCE, + BSL_POLICYACTION_DROP_BLOCK); BSL_SecOper_AppendParam(&bib_oper_ext_block, ¶m_key); BSL_SecOper_AppendParam(&bib_oper_ext_block, ¶m_sha_var); BSL_SecOper_AppendParam(&bib_oper_ext_block, ¶m_integ_scope); @@ -356,8 +366,9 @@ void test_RFC9173_AppendixA_Example3_Source(void) BSL_SecParam_t aes_variant = { 0 }; BSL_SecParam_InitInt64(&aes_variant, RFC9173_BCB_SECPARAM_AESVARIANT, 1); - BSL_SecOper_t bcb_oper = { 0 }; - BSL_SecOper_Init(&bcb_oper, 2, 1, 4, BSL_SECBLOCKTYPE_BCB, BSL_SECROLE_SOURCE, BSL_POLICYACTION_DROP_BLOCK); + BSL_SecOper_t bcb_oper; + BSL_SecOper_Init(&bcb_oper); + BSL_SecOper_Populate(&bcb_oper, 2, 1, 4, BSL_SECBLOCKTYPE_BCB, BSL_SECROLE_SOURCE, BSL_POLICYACTION_DROP_BLOCK); BSL_SecOper_AppendParam(&bcb_oper, &bcb_param_key); BSL_SecOper_AppendParam(&bcb_oper, &bcb_scope); BSL_SecOper_AppendParam(&bcb_oper, &aes_variant); @@ -388,11 +399,11 @@ void test_RFC9173_AppendixA_Example3_Source(void) const size_t response_count = BSL_SecurityResponseSet_CountResponses(malloced_responseset); TEST_ASSERT_EQUAL(3, response_count); - BSL_SecurityResponseSet_Deinit(malloced_responseset); - BSL_SecurityActionSet_Deinit(malloced_actionset); - + BSL_SecurityAction_Deinit(malloced_action); free(malloced_action); + BSL_SecurityActionSet_Deinit(malloced_actionset); free(malloced_actionset); + BSL_SecurityResponseSet_Deinit(malloced_responseset); free(malloced_responseset); } @@ -429,15 +440,18 @@ void test_RFC9173_AppendixA_Example4_Acceptor(void) BSL_SecParam_t aes_variant = { 0 }; BSL_SecParam_InitInt64(&aes_variant, RFC9173_BCB_SECPARAM_AESVARIANT, RFC9173_BCB_AES_VARIANT_A256GCM); - BSL_SecOper_t bcb_op_tgt_payload = { 0 }; - BSL_SecOper_Init(&bcb_op_tgt_payload, 2, 1, 2, BSL_SECBLOCKTYPE_BCB, BSL_SECROLE_ACCEPTOR, - BSL_POLICYACTION_DROP_BLOCK); + BSL_SecOper_t bcb_op_tgt_payload; + BSL_SecOper_Init(&bcb_op_tgt_payload); + BSL_SecOper_Populate(&bcb_op_tgt_payload, 2, 1, 2, BSL_SECBLOCKTYPE_BCB, BSL_SECROLE_ACCEPTOR, + BSL_POLICYACTION_DROP_BLOCK); BSL_SecOper_AppendParam(&bcb_op_tgt_payload, &bcb_param_key); BSL_SecOper_AppendParam(&bcb_op_tgt_payload, &aes_variant); BSL_SecOper_AppendParam(&bcb_op_tgt_payload, &bcb_scope); - BSL_SecOper_t bcb_op_tgt_bib = { 0 }; - BSL_SecOper_Init(&bcb_op_tgt_bib, 2, 3, 2, BSL_SECBLOCKTYPE_BCB, BSL_SECROLE_ACCEPTOR, BSL_POLICYACTION_DROP_BLOCK); + BSL_SecOper_t bcb_op_tgt_bib; + BSL_SecOper_Init(&bcb_op_tgt_bib); + BSL_SecOper_Populate(&bcb_op_tgt_bib, 2, 3, 2, BSL_SECBLOCKTYPE_BCB, BSL_SECROLE_ACCEPTOR, + BSL_POLICYACTION_DROP_BLOCK); BSL_SecOper_AppendParam(&bcb_op_tgt_bib, &bcb_param_key); BSL_SecOper_AppendParam(&bcb_op_tgt_bib, &aes_variant); BSL_SecOper_AppendParam(&bcb_op_tgt_bib, &bcb_scope); @@ -449,9 +463,10 @@ void test_RFC9173_AppendixA_Example4_Acceptor(void) BSL_SecParam_t scope_flag = { 0 }; BSL_SecParam_InitInt64(&scope_flag, RFC9173_BIB_PARAMID_INTEG_SCOPE_FLAG, 0x07); - BSL_SecOper_t bib_oper_payload = { 0 }; - BSL_SecOper_Init(&bib_oper_payload, 1, 1, 3, BSL_SECBLOCKTYPE_BIB, BSL_SECROLE_ACCEPTOR, - BSL_POLICYACTION_DROP_BLOCK); + BSL_SecOper_t bib_oper_payload; + BSL_SecOper_Init(&bib_oper_payload); + BSL_SecOper_Populate(&bib_oper_payload, 1, 1, 3, BSL_SECBLOCKTYPE_BIB, BSL_SECROLE_ACCEPTOR, + BSL_POLICYACTION_DROP_BLOCK); BSL_SecOper_AppendParam(&bib_oper_payload, ¶m_key); BSL_SecOper_AppendParam(&bib_oper_payload, &sha_variant); BSL_SecOper_AppendParam(&bib_oper_payload, &scope_flag); @@ -482,11 +497,11 @@ void test_RFC9173_AppendixA_Example4_Acceptor(void) TEST_ASSERT_EQUAL(0, mock_bpa_encode(mock_bpa_ctr)); TEST_ASSERT_TRUE(BSL_TestUtils_IsB16StrEqualTo(expected_processed_bundle, mock_bpa_ctr->encoded)); - BSL_SecurityResponseSet_Deinit(malloced_responseset); - BSL_SecurityActionSet_Deinit(malloced_actionset); - + BSL_SecurityAction_Deinit(malloced_action); free(malloced_action); + BSL_SecurityActionSet_Deinit(malloced_actionset); free(malloced_actionset); + BSL_SecurityResponseSet_Deinit(malloced_responseset); free(malloced_responseset); } @@ -510,8 +525,10 @@ void test_RFC9173_AppendixA_Example4_Source(void) BSL_SecParam_t scope_flag = { 0 }; BSL_SecParam_InitInt64(&scope_flag, RFC9173_BIB_PARAMID_INTEG_SCOPE_FLAG, 0x07); - BSL_SecOper_t bib_oper_payload = { 0 }; - BSL_SecOper_Init(&bib_oper_payload, 1, 1, 2, BSL_SECBLOCKTYPE_BIB, BSL_SECROLE_SOURCE, BSL_POLICYACTION_DROP_BLOCK); + BSL_SecOper_t bib_oper_payload; + BSL_SecOper_Init(&bib_oper_payload); + BSL_SecOper_Populate(&bib_oper_payload, 1, 1, 2, BSL_SECBLOCKTYPE_BIB, BSL_SECROLE_SOURCE, + BSL_POLICYACTION_DROP_BLOCK); BSL_SecOper_AppendParam(&bib_oper_payload, ¶m_key); BSL_SecOper_AppendParam(&bib_oper_payload, &sha_variant); BSL_SecOper_AppendParam(&bib_oper_payload, &scope_flag); @@ -523,15 +540,18 @@ void test_RFC9173_AppendixA_Example4_Source(void) BSL_SecParam_t aes_variant = { 0 }; BSL_SecParam_InitInt64(&aes_variant, RFC9173_BCB_SECPARAM_AESVARIANT, RFC9173_BCB_AES_VARIANT_A256GCM); - BSL_SecOper_t bcb_op_tgt_payload = { 0 }; - BSL_SecOper_Init(&bcb_op_tgt_payload, 2, 1, 3, BSL_SECBLOCKTYPE_BCB, BSL_SECROLE_SOURCE, - BSL_POLICYACTION_DROP_BLOCK); + BSL_SecOper_t bcb_op_tgt_payload; + BSL_SecOper_Init(&bcb_op_tgt_payload); + BSL_SecOper_Populate(&bcb_op_tgt_payload, 2, 1, 3, BSL_SECBLOCKTYPE_BCB, BSL_SECROLE_SOURCE, + BSL_POLICYACTION_DROP_BLOCK); BSL_SecOper_AppendParam(&bcb_op_tgt_payload, &bcb_param_key); BSL_SecOper_AppendParam(&bcb_op_tgt_payload, &aes_variant); BSL_SecOper_AppendParam(&bcb_op_tgt_payload, &bcb_scope); - BSL_SecOper_t bcb_op_tgt_bib = { 0 }; - BSL_SecOper_Init(&bcb_op_tgt_bib, 2, 2, 3, BSL_SECBLOCKTYPE_BCB, BSL_SECROLE_SOURCE, BSL_POLICYACTION_DROP_BLOCK); + BSL_SecOper_t bcb_op_tgt_bib; + BSL_SecOper_Init(&bcb_op_tgt_bib); + BSL_SecOper_Populate(&bcb_op_tgt_bib, 2, 2, 3, BSL_SECBLOCKTYPE_BCB, BSL_SECROLE_SOURCE, + BSL_POLICYACTION_DROP_BLOCK); BSL_SecOper_AppendParam(&bcb_op_tgt_bib, &bcb_param_key); BSL_SecOper_AppendParam(&bcb_op_tgt_bib, &aes_variant); BSL_SecOper_AppendParam(&bcb_op_tgt_bib, &bcb_scope); @@ -558,10 +578,10 @@ void test_RFC9173_AppendixA_Example4_Source(void) BSL_BundleCtx_GetBundleMetadata(&mock_bpa_ctr->bundle_ref, &prim_blk); TEST_ASSERT_TRUE(prim_blk.block_count >= 3 && prim_blk.block_count <= 4); - BSL_SecurityResponseSet_Deinit(malloced_responseset); - BSL_SecurityActionSet_Deinit(malloced_actionset); - + BSL_SecurityAction_Deinit(malloced_action); free(malloced_action); + BSL_SecurityActionSet_Deinit(malloced_actionset); free(malloced_actionset); + BSL_SecurityResponseSet_Deinit(malloced_responseset); free(malloced_responseset); } diff --git a/test/test_SamplePolicyProvider.c b/test/test_SamplePolicyProvider.c index 19ffa8e5..d63cb2d9 100644 --- a/test/test_SamplePolicyProvider.c +++ b/test/test_SamplePolicyProvider.c @@ -96,6 +96,7 @@ void test_SamplePolicyProvider_WildcardPolicyRuleVerifiesBIB(void) // Now evaluate the rule to get as a SecOper // This populates it with actual parameters. BSL_SecOper_t sec_oper; + BSL_SecOper_Init(&sec_oper); TEST_ASSERT_EQUAL(0, BSLP_PolicyRule_EvaluateAsSecOper(&rule, &sec_oper, &LocalTestCtx.mock_bpa_ctr.bundle_ref, BSL_POLICYLOCATION_APPIN)); From 4755f3dea1c0cd361c277985c92220b6f1d6efeb Mon Sep 17 00:00:00 2001 From: Brian Sipos Date: Tue, 12 Aug 2025 13:28:55 -0400 Subject: [PATCH 15/21] fix format --- src/BPSecLib_Private.h | 5 +++-- src/backend/SecOperation.c | 24 ++++++++++++------------ src/backend/SecurityAction.c | 3 +-- 3 files changed, 16 insertions(+), 16 deletions(-) diff --git a/src/BPSecLib_Private.h b/src/BPSecLib_Private.h index 685494b6..cf74f3fd 100644 --- a/src/BPSecLib_Private.h +++ b/src/BPSecLib_Private.h @@ -804,8 +804,9 @@ void BSL_SecOper_Deinit(BSL_SecOper_t *self); void BSL_SecOper_Set(BSL_SecOper_t *self, const BSL_SecOper_t *src); /// OPLIST for ::BSL_SecOper_t -#define M_OPL_BSL_SecOper_t() \ - (INIT(API_2(BSL_SecOper_Init)), INIT_SET(API_6(BSL_SecOper_InitSet)), SET(API_6(BSL_SecOper_Set)), CLEAR(API_2(BSL_SecOper_Deinit))) +#define M_OPL_BSL_SecOper_t() \ + (INIT(API_2(BSL_SecOper_Init)), INIT_SET(API_6(BSL_SecOper_InitSet)), SET(API_6(BSL_SecOper_Set)), \ + CLEAR(API_2(BSL_SecOper_Deinit))) /** Populate an initialized Security Operation with the given values. * diff --git a/src/backend/SecOperation.c b/src/backend/SecOperation.c index d7e1d5ad..398a53e8 100644 --- a/src/backend/SecOperation.c +++ b/src/backend/SecOperation.c @@ -48,13 +48,13 @@ void BSL_SecOper_InitSet(BSL_SecOper_t *self, const BSL_SecOper_t *src) ASSERT_ARG_NONNULL(src); memset(self, 0, sizeof(*self)); - self->context_id = src->context_id; + self->context_id = src->context_id; self->target_block_num = src->target_block_num; - self->sec_block_num = src->sec_block_num; - self->failure_code = src->failure_code; - self->conclusion = src->conclusion; - self->_role = src->_role; - self->_service_type = src->_service_type; + self->sec_block_num = src->sec_block_num; + self->failure_code = src->failure_code; + self->conclusion = src->conclusion; + self->_role = src->_role; + self->_service_type = src->_service_type; BSLB_SecParamList_init_set(self->_param_list, src->_param_list); ASSERT_POSTCONDITION(BSL_SecOper_IsConsistent(self)); @@ -70,13 +70,13 @@ void BSL_SecOper_Set(BSL_SecOper_t *self, const BSL_SecOper_t *src) { ASSERT_PRECONDITION(BSL_SecOper_IsConsistent(self)); - self->context_id = src->context_id; + self->context_id = src->context_id; self->target_block_num = src->target_block_num; - self->sec_block_num = src->sec_block_num; - self->failure_code = src->failure_code; - self->conclusion = src->conclusion; - self->_role = src->_role; - self->_service_type = src->_service_type; + self->sec_block_num = src->sec_block_num; + self->failure_code = src->failure_code; + self->conclusion = src->conclusion; + self->_role = src->_role; + self->_service_type = src->_service_type; BSLB_SecParamList_set(self->_param_list, src->_param_list); } diff --git a/src/backend/SecurityAction.c b/src/backend/SecurityAction.c index dcfbfeec..96724440 100644 --- a/src/backend/SecurityAction.c +++ b/src/backend/SecurityAction.c @@ -72,7 +72,6 @@ int BSL_SecurityAction_AppendSecOper(BSL_SecurityAction_t *self, BSL_SecOper_t * ASSERT_ARG_NONNULL(self); ASSERT_ARG_NONNULL(sec_oper); - size_t i; for (i = 0; i < BSL_SecOperList_size(self->sec_op_list); i++) { @@ -133,7 +132,7 @@ int BSL_SecurityAction_AppendSecOper(BSL_SecurityAction_t *self, BSL_SecOper_t * BSL_SecOperList_push_back(self->sec_op_list, *sec_oper); } - //TODO: better served by moving above + // TODO: better served by moving above BSL_SecOper_Deinit(sec_oper); return BSL_SUCCESS; From a92cd48018e733acac3274e82da015d12a25c424 Mon Sep 17 00:00:00 2001 From: Joshua Stone Date: Tue, 12 Aug 2025 14:26:13 -0400 Subject: [PATCH 16/21] order secops in pp --- src/BSLConfig.h.in | 6 ++ src/CMakeLists.txt | 1 + src/backend/SecurityAction.c | 63 +--------------- src/policy_provider/SamplePolicyProvider.c | 84 ++++++++++++++++++++-- src/policy_provider/SamplePolicyProvider.h | 6 +- test/bsl_test_utils.c | 1 - test/test_BackendSecurityContext.c | 7 +- 7 files changed, 93 insertions(+), 75 deletions(-) diff --git a/src/BSLConfig.h.in b/src/BSLConfig.h.in index 24f5282d..b27b2bb3 100644 --- a/src/BSLConfig.h.in +++ b/src/BSLConfig.h.in @@ -67,6 +67,12 @@ const char * bsl_version(void); #define BSL_FREE free #endif /* BSL_FREE */ +#ifndef BSL_CALLOC +/** Uses the same function signature as C99 calloc(). + */ +#define BSL_CALLOC calloc +#endif /* BSL_CALLOC */ + /** Define to override value/struct allocation. * See m-core.h for details. */ diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 09abb3ce..ec270d51 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -110,6 +110,7 @@ set_target_properties(bsl_sample_pp SOVERSION ${CMAKE_PROJECT_VERSION_MAJOR} ) target_link_libraries(bsl_sample_pp PUBLIC bsl_front) +target_link_libraries(bsl_sample_pp PUBLIC MLIB::mlib) # Dynamic backend library set(BSL_DYNAMIC_H diff --git a/src/backend/SecurityAction.c b/src/backend/SecurityAction.c index 96724440..9e3afcd8 100644 --- a/src/backend/SecurityAction.c +++ b/src/backend/SecurityAction.c @@ -72,68 +72,7 @@ int BSL_SecurityAction_AppendSecOper(BSL_SecurityAction_t *self, BSL_SecOper_t * ASSERT_ARG_NONNULL(self); ASSERT_ARG_NONNULL(sec_oper); - size_t i; - for (i = 0; i < BSL_SecOperList_size(self->sec_op_list); i++) - { - BSL_SecOper_t *comp = BSL_SecOperList_get(self->sec_op_list, i); - if (BSL_SecOper_GetTargetBlockNum(comp) == BSL_SecOper_GetTargetBlockNum(sec_oper)) - { - // SOURCE BIB or ACCEPT BCB should come first - // true if ACC BIB or SRC BCB - - // Both BIBs or BCBs - if (!(BSL_SecOper_IsBIB(sec_oper) ^ BSL_SecOper_IsBIB(comp))) - { - BSL_SecOper_SetConclusion(sec_oper, BSL_SECOP_CONCLUSION_INVALID); - } - - if (BSL_SecOper_IsBIB(sec_oper) ^ BSL_SecOper_IsRoleSource(sec_oper)) - { - BSL_SecOperList_push_at(self->sec_op_list, i + 1, *sec_oper); - } - else - { - BSL_SecOperList_push_at(self->sec_op_list, i, *sec_oper); - } - break; - } - - // security operation in list targets security operation - if (BSL_SecOper_GetTargetBlockNum(comp) == BSL_SecOper_GetSecurityBlockNum(sec_oper)) - { - BSL_SecOperList_push_at(self->sec_op_list, i, *sec_oper); - break; - } - - // new security operation targets security operation in list - if (BSL_SecOper_GetTargetBlockNum(sec_oper) == BSL_SecOper_GetSecurityBlockNum(comp)) - { - BSL_SecOperList_push_at(self->sec_op_list, i + 1, *sec_oper); - break; - } - - // same security block number, order by target - if (BSL_SecOper_GetSecurityBlockNum(sec_oper) == BSL_SecOper_GetSecurityBlockNum(comp)) - { - if (BSL_SecOper_GetTargetBlockNum(comp) - BSL_SecOper_GetTargetBlockNum(sec_oper)) - { - BSL_SecOperList_push_at(self->sec_op_list, i, *sec_oper); - } - else - { - BSL_SecOperList_push_at(self->sec_op_list, i + 1, *sec_oper); - } - break; - } - } - - if (i >= BSL_SecOperList_size(self->sec_op_list)) - { - BSL_SecOperList_push_back(self->sec_op_list, *sec_oper); - } - - // TODO: better served by moving above - BSL_SecOper_Deinit(sec_oper); + BSL_SecOperList_push_move(self->sec_op_list, sec_oper); return BSL_SUCCESS; } diff --git a/src/policy_provider/SamplePolicyProvider.c b/src/policy_provider/SamplePolicyProvider.c index 4530af6e..219936ee 100644 --- a/src/policy_provider/SamplePolicyProvider.c +++ b/src/policy_provider/SamplePolicyProvider.c @@ -103,7 +103,9 @@ int BSLP_QueryPolicy(const void *user_data, BSL_SecurityActionSet_t *output_acti BSL_SecurityActionSet_Init(output_action_set); - BSL_SecurityAction_t *action = calloc(BSL_SecurityAction_Sizeof(), 1); + BSL_SecurityAction_t *action = BSL_CALLOC(BSL_SecurityAction_Sizeof(), 1); + BSLP_SecOperPtrList_t secops; + BSLP_SecOperPtrList_init(secops); const size_t capacity = sizeof(self->rules) / sizeof(BSLP_PolicyRule_t); for (size_t index = 0; index < self->rule_count && index < capacity; index++) @@ -126,7 +128,7 @@ int BSLP_QueryPolicy(const void *user_data, BSL_SecurityActionSet_t *output_acti continue; } - BSL_SecOper_t *sec_oper = calloc(BSL_SecOper_Sizeof(), 1); + BSL_SecOper_t *sec_oper = BSL_CALLOC(BSL_SecOper_Sizeof(), 1); BSL_SecOper_Init(sec_oper); if (BSLP_PolicyRule_EvaluateAsSecOper(rule, sec_oper, bundle, location) < 0) { @@ -134,15 +136,83 @@ int BSLP_QueryPolicy(const void *user_data, BSL_SecurityActionSet_t *output_acti } else { - BSL_SecurityAction_AppendSecOper(action, sec_oper); + size_t i; + for (i = 0; i < BSLP_SecOperPtrList_size(secops); i++) + { + BSL_SecOper_t **comp = BSLP_SecOperPtrList_get(secops, i); + BSL_LOG_INFO("NEW SECOP (tgt=%d)(bib?=%d)(secblk=%d)", BSL_SecOper_GetTargetBlockNum(sec_oper), BSL_SecOper_IsBIB(sec_oper), BSL_SecOper_GetSecurityBlockNum(sec_oper)); + BSL_LOG_INFO("comp SECOP (tgt=%d)(bib?=%d)(secblk=%d)", BSL_SecOper_GetTargetBlockNum(*comp), BSL_SecOper_IsBIB(*comp), BSL_SecOper_GetSecurityBlockNum(*comp)); + if (BSL_SecOper_GetTargetBlockNum(*comp) == BSL_SecOper_GetTargetBlockNum(sec_oper)) + { + // Both BIBs or BCBs + if (!(BSL_SecOper_IsBIB(sec_oper) ^ BSL_SecOper_IsBIB(*comp))) + { + BSL_SecOper_SetConclusion(sec_oper, BSL_SECOP_CONCLUSION_INVALID); + } + // SOURCE BIB or ACCEPT BCB should come first + // true if ACC BIB or SRC BCB + if (BSL_SecOper_IsBIB(sec_oper) ^ BSL_SecOper_IsRoleSource(sec_oper)) + { + BSL_LOG_INFO("NEW OP AFTER COMP"); + BSLP_SecOperPtrList_push_at(secops, i + 1, sec_oper); + } + else + { + BSL_LOG_INFO("NEW OP BEFORE COMP"); + BSLP_SecOperPtrList_push_at(secops, i, sec_oper); + } + break; + } + + // security operation in list targets security operation + if (BSL_SecOper_GetTargetBlockNum(*comp) == BSL_SecOper_GetSecurityBlockNum(sec_oper)) + { + BSLP_SecOperPtrList_push_at(secops, i, sec_oper); + break; + } + + // new security operation targets security operation in list + if (BSL_SecOper_GetTargetBlockNum(sec_oper) == BSL_SecOper_GetSecurityBlockNum(*comp)) + { + BSLP_SecOperPtrList_push_at(secops, i + 1, sec_oper); + break; + } + + // same security block number, order by target + if (BSL_SecOper_GetSecurityBlockNum(sec_oper) == BSL_SecOper_GetSecurityBlockNum(*comp)) + { + if (BSL_SecOper_GetTargetBlockNum(*comp) - BSL_SecOper_GetTargetBlockNum(sec_oper)) + { + BSLP_SecOperPtrList_push_at(secops, i, sec_oper); + } + else + { + BSLP_SecOperPtrList_push_at(secops, i + 1, sec_oper); + } + break; + } + } + + if (i >= BSLP_SecOperPtrList_size(secops)) + { + BSL_LOG_INFO("append to end"); + BSLP_SecOperPtrList_push_back(secops, sec_oper); + } } - free(sec_oper); BSL_LOG_INFO("Created sec operation for rule `%s`", rule->description); } + for (size_t i = 0 ; i < BSLP_SecOperPtrList_size(secops); i ++) + { + BSL_SecOper_t **secop = BSLP_SecOperPtrList_get(secops, i); + BSL_SecurityAction_AppendSecOper(action, *secop); + BSL_FREE(*secop); + } + BSLP_SecOperPtrList_clear(secops); + BSL_SecurityActionSet_AppendAction(output_action_set, action); BSL_SecurityAction_Deinit(action); - free(action); + BSL_FREE(action); CHK_POSTCONDITION(BSL_SecurityActionSet_IsConsistent(output_action_set)); return (int)BSL_SecurityActionSet_CountErrors(output_action_set); @@ -238,7 +308,7 @@ int BSLP_PolicyRule_Init(BSLP_PolicyRule_t *self, const char *desc, BSLP_PolicyP // TODO(bvb) assert Role in expected range self->failure_action_code = failure_action_code; self->role = role; - self->params = calloc(BSL_SecParam_Sizeof() * 10, 1); + self->params = BSL_CALLOC(BSL_SecParam_Sizeof() * 10, 1); self->nparams = 0; assert(BSLP_PolicyRule_IsConsistent(self)); return BSL_SUCCESS; @@ -248,7 +318,7 @@ void BSLP_PolicyRule_Deinit(BSLP_PolicyRule_t *self) { assert(BSLP_PolicyRule_IsConsistent(self)); BSL_LOG_INFO("BSLP_PolicyRule_Deinit: %s, nparams=%lu", self->description, self->nparams); - free(self->params); + BSL_FREE(self->params); memset(self, 0, sizeof(*self)); } diff --git a/src/policy_provider/SamplePolicyProvider.h b/src/policy_provider/SamplePolicyProvider.h index a8c972f8..fe400c7b 100644 --- a/src/policy_provider/SamplePolicyProvider.h +++ b/src/policy_provider/SamplePolicyProvider.h @@ -29,9 +29,13 @@ #define BSLP_SAMPLE_POLICY_PROVIDER_H #include - +#include #include +// NOLINTBEGIN +M_ARRAY_DEF(BSLP_SecOperPtrList, BSL_SecOper_t*, M_PTR_OPLIST) +// NOLINTEND + /** * THE key function that matches a bundle against a rule to provide the output action and specific parameters to use for * the security operation. diff --git a/test/bsl_test_utils.c b/test/bsl_test_utils.c index 0f7ca53d..9e00d8ab 100644 --- a/test/bsl_test_utils.c +++ b/test/bsl_test_utils.c @@ -97,7 +97,6 @@ BSL_SecurityActionSet_t *BSL_TestUtils_InitMallocBIBActionSet(BIBTestContext *bi BSL_SecurityAction_AppendSecOper(act, &bib_context->sec_oper); // ensure consistent context state BSL_SecOper_Init(&bib_context->sec_oper); - // BSL_SecurityAction_OrderSecOps(act); BSL_SecurityActionSet_AppendAction(action_set, act); BSL_SecurityAction_Deinit(act); free(act); diff --git a/test/test_BackendSecurityContext.c b/test/test_BackendSecurityContext.c index 114ef505..e4eed44c 100644 --- a/test/test_BackendSecurityContext.c +++ b/test/test_BackendSecurityContext.c @@ -297,11 +297,10 @@ void test_RFC9173_AppendixA_Example3_Acceptor(void) BSL_SecurityAction_t *malloced_action = calloc(1, BSL_SecurityAction_Sizeof()); BSL_SecurityAction_Init(malloced_action); - BSL_SecurityAction_AppendSecOper(malloced_action, &bib_oper_primary); BSL_SecurityAction_AppendSecOper(malloced_action, &bib_oper_ext_block); BSL_SecurityAction_AppendSecOper(malloced_action, &bcb_oper); + BSL_SecurityAction_AppendSecOper(malloced_action, &bib_oper_primary); - // BSL_SecurityAction_OrderSecOps(malloced_action); BSL_SecurityActionSet_AppendAction(malloced_actionset, malloced_action); BSL_SecurityResponseSet_t *malloced_responseset = BSL_TestUtils_MallocEmptyPolicyResponse(); @@ -476,9 +475,9 @@ void test_RFC9173_AppendixA_Example4_Acceptor(void) BSL_SecurityAction_t *malloced_action = calloc(1, BSL_SecurityAction_Sizeof()); BSL_SecurityAction_Init(malloced_action); - BSL_SecurityAction_AppendSecOper(malloced_action, &bib_oper_payload); BSL_SecurityAction_AppendSecOper(malloced_action, &bcb_op_tgt_payload); BSL_SecurityAction_AppendSecOper(malloced_action, &bcb_op_tgt_bib); + BSL_SecurityAction_AppendSecOper(malloced_action, &bib_oper_payload); // BSL_SecurityAction_OrderSecOps(malloced_action); BSL_SecurityActionSet_AppendAction(malloced_actionset, malloced_action); @@ -561,9 +560,9 @@ void test_RFC9173_AppendixA_Example4_Source(void) BSL_SecurityAction_t *malloced_action = calloc(1, BSL_SecurityAction_Sizeof()); BSL_SecurityAction_Init(malloced_action); + BSL_SecurityAction_AppendSecOper(malloced_action, &bib_oper_payload); BSL_SecurityAction_AppendSecOper(malloced_action, &bcb_op_tgt_payload); BSL_SecurityAction_AppendSecOper(malloced_action, &bcb_op_tgt_bib); - BSL_SecurityAction_AppendSecOper(malloced_action, &bib_oper_payload); // BSL_SecurityAction_OrderSecOps(malloced_action); BSL_SecurityActionSet_AppendAction(malloced_actionset, malloced_action); From f5181a12a8505db62bb8ad698782d669b26e8d23 Mon Sep 17 00:00:00 2001 From: Joshua Stone Date: Tue, 12 Aug 2025 14:30:41 -0400 Subject: [PATCH 17/21] remove comments, dict --- docs/api/dictionary.txt | 3 +++ test/test_BackendSecurityContext.c | 3 --- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/api/dictionary.txt b/docs/api/dictionary.txt index 40fbaa16..a89aac61 100644 --- a/docs/api/dictionary.txt +++ b/docs/api/dictionary.txt @@ -160,6 +160,9 @@ RTEMS ruleset sc SCs +SecOper +SecParam +SecResult SecurityAction SecurityActionSet SHA diff --git a/test/test_BackendSecurityContext.c b/test/test_BackendSecurityContext.c index e4eed44c..b8d6f7c4 100644 --- a/test/test_BackendSecurityContext.c +++ b/test/test_BackendSecurityContext.c @@ -381,7 +381,6 @@ void test_RFC9173_AppendixA_Example3_Source(void) BSL_SecurityAction_AppendSecOper(malloced_action, &bib_oper_ext_block); BSL_SecurityAction_AppendSecOper(malloced_action, &bcb_oper); - // BSL_SecurityAction_OrderSecOps(malloced_action); BSL_SecurityActionSet_AppendAction(malloced_actionset, malloced_action); BSL_SecurityResponseSet_t *malloced_responseset = BSL_TestUtils_MallocEmptyPolicyResponse(); @@ -479,7 +478,6 @@ void test_RFC9173_AppendixA_Example4_Acceptor(void) BSL_SecurityAction_AppendSecOper(malloced_action, &bcb_op_tgt_bib); BSL_SecurityAction_AppendSecOper(malloced_action, &bib_oper_payload); - // BSL_SecurityAction_OrderSecOps(malloced_action); BSL_SecurityActionSet_AppendAction(malloced_actionset, malloced_action); BSL_SecurityResponseSet_t *malloced_responseset = BSL_TestUtils_MallocEmptyPolicyResponse(); @@ -564,7 +562,6 @@ void test_RFC9173_AppendixA_Example4_Source(void) BSL_SecurityAction_AppendSecOper(malloced_action, &bcb_op_tgt_payload); BSL_SecurityAction_AppendSecOper(malloced_action, &bcb_op_tgt_bib); - // BSL_SecurityAction_OrderSecOps(malloced_action); BSL_SecurityActionSet_AppendAction(malloced_actionset, malloced_action); BSL_SecurityResponseSet_t *malloced_responseset = BSL_TestUtils_MallocEmptyPolicyResponse(); From 05d0db46bebadd93fb2ef7e0faec4a4d22642a72 Mon Sep 17 00:00:00 2001 From: Joshua Stone Date: Tue, 12 Aug 2025 14:31:10 -0400 Subject: [PATCH 18/21] apply format --- src/policy_provider/SamplePolicyProvider.c | 8 +++++--- src/policy_provider/SamplePolicyProvider.h | 2 +- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/src/policy_provider/SamplePolicyProvider.c b/src/policy_provider/SamplePolicyProvider.c index 219936ee..0ea5b186 100644 --- a/src/policy_provider/SamplePolicyProvider.c +++ b/src/policy_provider/SamplePolicyProvider.c @@ -140,8 +140,10 @@ int BSLP_QueryPolicy(const void *user_data, BSL_SecurityActionSet_t *output_acti for (i = 0; i < BSLP_SecOperPtrList_size(secops); i++) { BSL_SecOper_t **comp = BSLP_SecOperPtrList_get(secops, i); - BSL_LOG_INFO("NEW SECOP (tgt=%d)(bib?=%d)(secblk=%d)", BSL_SecOper_GetTargetBlockNum(sec_oper), BSL_SecOper_IsBIB(sec_oper), BSL_SecOper_GetSecurityBlockNum(sec_oper)); - BSL_LOG_INFO("comp SECOP (tgt=%d)(bib?=%d)(secblk=%d)", BSL_SecOper_GetTargetBlockNum(*comp), BSL_SecOper_IsBIB(*comp), BSL_SecOper_GetSecurityBlockNum(*comp)); + BSL_LOG_INFO("NEW SECOP (tgt=%d)(bib?=%d)(secblk=%d)", BSL_SecOper_GetTargetBlockNum(sec_oper), + BSL_SecOper_IsBIB(sec_oper), BSL_SecOper_GetSecurityBlockNum(sec_oper)); + BSL_LOG_INFO("comp SECOP (tgt=%d)(bib?=%d)(secblk=%d)", BSL_SecOper_GetTargetBlockNum(*comp), + BSL_SecOper_IsBIB(*comp), BSL_SecOper_GetSecurityBlockNum(*comp)); if (BSL_SecOper_GetTargetBlockNum(*comp) == BSL_SecOper_GetTargetBlockNum(sec_oper)) { // Both BIBs or BCBs @@ -202,7 +204,7 @@ int BSLP_QueryPolicy(const void *user_data, BSL_SecurityActionSet_t *output_acti BSL_LOG_INFO("Created sec operation for rule `%s`", rule->description); } - for (size_t i = 0 ; i < BSLP_SecOperPtrList_size(secops); i ++) + for (size_t i = 0; i < BSLP_SecOperPtrList_size(secops); i++) { BSL_SecOper_t **secop = BSLP_SecOperPtrList_get(secops, i); BSL_SecurityAction_AppendSecOper(action, *secop); diff --git a/src/policy_provider/SamplePolicyProvider.h b/src/policy_provider/SamplePolicyProvider.h index fe400c7b..e16ff509 100644 --- a/src/policy_provider/SamplePolicyProvider.h +++ b/src/policy_provider/SamplePolicyProvider.h @@ -33,7 +33,7 @@ #include // NOLINTBEGIN -M_ARRAY_DEF(BSLP_SecOperPtrList, BSL_SecOper_t*, M_PTR_OPLIST) +M_ARRAY_DEF(BSLP_SecOperPtrList, BSL_SecOper_t *, M_PTR_OPLIST) // NOLINTEND /** From 93afccbb7e161b69a679a5aec201ff1ce2ad7b62 Mon Sep 17 00:00:00 2001 From: Joshua Stone <99224714+jeronstone@users.noreply.github.com> Date: Tue, 12 Aug 2025 15:12:08 -0400 Subject: [PATCH 19/21] Update dictionary.txt --- docs/api/dictionary.txt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/api/dictionary.txt b/docs/api/dictionary.txt index a89aac61..736d92e2 100644 --- a/docs/api/dictionary.txt +++ b/docs/api/dictionary.txt @@ -42,6 +42,8 @@ bytestream bytestring bytestrings callee's +calloc +CALLOC CBOR cek centric From 370eddfe9ef1cc2e26a53d40b6de89b1f98614c6 Mon Sep 17 00:00:00 2001 From: Joshua Stone Date: Wed, 13 Aug 2025 09:01:29 -0400 Subject: [PATCH 20/21] move oplist to secation --- src/BPSecLib_Private.h | 5 ----- src/backend/SecurityAction.h | 5 +++++ 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/BPSecLib_Private.h b/src/BPSecLib_Private.h index cf74f3fd..d9a27484 100644 --- a/src/BPSecLib_Private.h +++ b/src/BPSecLib_Private.h @@ -803,11 +803,6 @@ void BSL_SecOper_Deinit(BSL_SecOper_t *self); */ void BSL_SecOper_Set(BSL_SecOper_t *self, const BSL_SecOper_t *src); -/// OPLIST for ::BSL_SecOper_t -#define M_OPL_BSL_SecOper_t() \ - (INIT(API_2(BSL_SecOper_Init)), INIT_SET(API_6(BSL_SecOper_InitSet)), SET(API_6(BSL_SecOper_Set)), \ - CLEAR(API_2(BSL_SecOper_Deinit))) - /** Populate an initialized Security Operation with the given values. * * @param[in,out] self Non-NULL pointer to this security operation. diff --git a/src/backend/SecurityAction.h b/src/backend/SecurityAction.h index 0ab5d037..e20dd859 100644 --- a/src/backend/SecurityAction.h +++ b/src/backend/SecurityAction.h @@ -23,6 +23,11 @@ #include #include "SecOperation.h" +/// OPLIST for ::BSL_SecOper_t +#define M_OPL_BSL_SecOper_t() \ + (INIT(API_2(BSL_SecOper_Init)), INIT_SET(API_6(BSL_SecOper_InitSet)), SET(API_6(BSL_SecOper_Set)), \ + CLEAR(API_2(BSL_SecOper_Deinit))) + // NOLINTBEGIN M_ARRAY_DEF(BSL_SecOperList, BSL_SecOper_t, M_OPL_BSL_SecOper_t()) // NOLINTEND From 1270aab94aefcd99e842253d7816ad920a36ec9b Mon Sep 17 00:00:00 2001 From: Joshua Stone Date: Wed, 13 Aug 2025 11:21:04 -0400 Subject: [PATCH 21/21] param limit define --- src/policy_provider/SamplePolicyProvider.c | 4 ++-- src/policy_provider/SamplePolicyProvider.h | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/policy_provider/SamplePolicyProvider.c b/src/policy_provider/SamplePolicyProvider.c index 0ea5b186..a7d25b0b 100644 --- a/src/policy_provider/SamplePolicyProvider.c +++ b/src/policy_provider/SamplePolicyProvider.c @@ -310,7 +310,7 @@ int BSLP_PolicyRule_Init(BSLP_PolicyRule_t *self, const char *desc, BSLP_PolicyP // TODO(bvb) assert Role in expected range self->failure_action_code = failure_action_code; self->role = role; - self->params = BSL_CALLOC(BSL_SecParam_Sizeof() * 10, 1); + self->params = BSL_CALLOC(BSL_SecParam_Sizeof() * BSL_PP_POLICYRULE_PARAM_MAX_COUNT, 1); self->nparams = 0; assert(BSLP_PolicyRule_IsConsistent(self)); return BSL_SUCCESS; @@ -330,7 +330,7 @@ void BSLP_PolicyRule_AddParam(BSLP_PolicyRule_t *self, const BSL_SecParam_t *par assert(BSLP_PolicyRule_IsConsistent(self)); // TODO(bvb) - BOUNDS CHECKING - assert(self->nparams < 10); + assert(self->nparams < BSL_PP_POLICYRULE_PARAM_MAX_COUNT); size_t offset = self->nparams * BSL_SecParam_Sizeof(); memcpy(&((uint8_t *)self->params)[offset], param, BSL_SecParam_Sizeof()); diff --git a/src/policy_provider/SamplePolicyProvider.h b/src/policy_provider/SamplePolicyProvider.h index e16ff509..ed1006cb 100644 --- a/src/policy_provider/SamplePolicyProvider.h +++ b/src/policy_provider/SamplePolicyProvider.h @@ -81,6 +81,8 @@ void BSLP_PolicyPredicate_Deinit(BSLP_PolicyPredicate_t *self); bool BSLP_PolicyPredicate_IsMatch(const BSLP_PolicyPredicate_t *self, BSL_PolicyLocation_e location, BSL_HostEID_t src_eid, BSL_HostEID_t dst_eid); +// FIXME remove hard limit on params +#define BSL_PP_POLICYRULE_PARAM_MAX_COUNT 10 /** * @brief Represents a policy rule *