diff --git a/docs/api/Developer_Guide.md b/docs/api/Developer_Guide.md index 11540664..067b3d54 100644 --- a/docs/api/Developer_Guide.md +++ b/docs/api/Developer_Guide.md @@ -104,6 +104,8 @@ More notes forthcoming. * The C standard library does not provide containers. Arrays is all we have, so that's what we have to work with. * Third party libraries providing containers may be more hassle and risk than they are worth. +#### » M\*Lib structures should not be referenced in the Frontend API + * Keep M\*Lib usage to the BSL backend, and use standard/primative structs for frontend API. The frontend should not include any M\*Lib headers. # Documentation diff --git a/src/BPSecLib_Private.h b/src/BPSecLib_Private.h index d41c97b3..6bcbfd76 100644 --- a/src/BPSecLib_Private.h +++ b/src/BPSecLib_Private.h @@ -293,8 +293,8 @@ int BSL_Data_Init(BSL_Data_t *data); * * @todo Clarify to indicate this calls MALLOC. * - * @param[in, out] data The data to initialize. - * @param bytelen Length of buffer to allocate. + * @param[in,out] data The data to initialize. + * @param[in] bytelen Length of buffer to allocate. * @return Zero upon success. */ int BSL_Data_InitBuffer(BSL_Data_t *data, size_t bytelen); @@ -302,8 +302,8 @@ int BSL_Data_InitBuffer(BSL_Data_t *data, size_t bytelen); /** Initialize a data struct as an overlay on optional external data. * * @param[in,out] data The data to initialize, which must not be NULL. - * @param len The total length to allocate, which may be zero. - * @param src An optional source buffer to point to. + * @param[in] len The total length to allocate, which may be zero. + * @param[in] src An optional source buffer to point to. * @return Zero upon success. */ int BSL_Data_InitView(BSL_Data_t *data, size_t len, BSL_DataPtr_t src); @@ -322,7 +322,7 @@ int BSL_Data_Deinit(BSL_Data_t *data); /** Resize the data, copying if necessary. * * @param[in,out] data The data to resize, which must not be NULL. - * @param len The new total size. + * @param[in] len The new total size. * @return Zero upon success. */ int BSL_Data_Resize(BSL_Data_t *data, size_t len); @@ -330,8 +330,8 @@ int BSL_Data_Resize(BSL_Data_t *data, size_t len); /** Set an initialized data struct to a given size. * * @param[in,out] data The data to copy into, which must not be NULL. - * @param len The total length to allocate, which may be non-zero. - * @param src An optional source buffer to copy from, from which @c len + * @param[in] len The total length to allocate, which may be non-zero. + * @param[in] src An optional source buffer to copy from, from which @c len * bytes will be copied. * @return Zero upon success. */ @@ -340,8 +340,8 @@ int BSL_Data_CopyFrom(BSL_Data_t *data, size_t len, BSL_DataConstPtr_t src); /** Append an initialized data struct with a given size. * * @param[in,out] data The data to copy into, which must not be NULL. - * @param len The total length to allocate, which may be non-zero. - * @param src An optional source buffer to copy from, from which @c len + * @param[in] len The total length to allocate, which may be non-zero. + * @param[in] src An optional source buffer to copy from, from which @c len * bytes will be copied. * @return Zero upon success. */ @@ -359,7 +359,7 @@ int BSL_SeqReader_Deinit(BSL_SeqReader_t *obj); /** Iterate a sequential reader. * - * @param obj The reader handle. + * @param[in,out] obj The reader handle. * @param[out] buf The output buffer to fill. * @param[in,out] bufsize The available output buffer size as input, * set to the used buffer size as output. @@ -460,6 +460,9 @@ void BSL_HostEIDPattern_Deinit(BSL_HostEIDPattern_t *pat); /** * Encode a EID into a CBOR sequence + * @param[in] eid + * @param[in] user_data + * @return Zero if successful. */ int BSL_HostEID_EncodeToCBOR(const BSL_HostEID_t *eid, void *user_data); @@ -527,7 +530,7 @@ typedef enum * * @param[in] bundle Bundle context * @param[out] result_primary_block Non-null pointer to result which gets populated on a zero return code. - * @returns 0 on success, negative on error + * @return 0 on success, negative on error */ int BSL_BundleCtx_GetBundleMetadata(const BSL_BundleRef_t *bundle, BSL_PrimaryBlock_t *result_primary_block); @@ -537,6 +540,7 @@ int BSL_BundleCtx_GetBundleMetadata(const BSL_BundleRef_t *bundle, BSL_PrimaryBl * @param[in] array_count Number of elements in `block_id_index_array` * @param[out] block_id_index_array Array of `array_count` elements for results * @param[out] result_count Contains the number of elements put into the array + * @return 0 on success, negative on error */ int BSL_BundleCtx_GetBlockIds(const BSL_BundleRef_t *bundle, size_t array_count, uint64_t block_ids_array[array_count], size_t *result_count); @@ -546,6 +550,7 @@ int BSL_BundleCtx_GetBlockIds(const BSL_BundleRef_t *bundle, size_t array_count, * @param[in] bundle Context bundle * @param[in] block_num The number of the bundle canonical block we seek information on * @param[out] result_block Pointer to allocated memory which contains the results of the query. + * @return 0 on success, negative on error */ int BSL_BundleCtx_GetBlockMetadata(const BSL_BundleRef_t *bundle, uint64_t block_num, BSL_CanonicalBlock_t *result_block); @@ -555,7 +560,7 @@ int BSL_BundleCtx_GetBlockMetadata(const BSL_BundleRef_t *bundle, uint64_t block * @param[in] bundle Context bundle * @param[in] block_type_code The type of block to be created (e.g, 1 means payload) * @param[out] block_num Pointer to integer containing the number of the block just created.abort - * @returns 0 on success, negative on error + * @return 0 on success, negative on error */ int BSL_BundleCtx_CreateBlock(BSL_BundleRef_t *bundle, uint64_t block_type_code, uint64_t *block_num); @@ -563,7 +568,7 @@ int BSL_BundleCtx_CreateBlock(BSL_BundleRef_t *bundle, uint64_t block_type_code, * * @param[in] bundle Context bundle * @param[in] block_num Block number to be removed - * @returns 0 on success, negative on failure. + * @return 0 on success, negative on failure. */ int BSL_BundleCtx_RemoveBlock(BSL_BundleRef_t *bundle, uint64_t block_num); @@ -574,7 +579,7 @@ int BSL_BundleCtx_RemoveBlock(BSL_BundleRef_t *bundle, uint64_t block_num); * @param[in] bundle Context bundle * @param[in] block_num Number of block requesting re-allocated of BTSD * @param[in] bytesize Size of new BTSD - * @returns 0 on success, negative on failure. + * @return 0 on success, negative on failure. */ int BSL_BundleCtx_ReallocBTSD(BSL_BundleRef_t *bundle, uint64_t block_num, size_t bytesize); @@ -610,11 +615,12 @@ typedef struct BSL_SecResult_s BSL_SecResult_t; /** Populate a pre-allocated SecResult. * - * @param self Non-NULL pointer to allocated result. - * @param result_id Result ID of corresponding result bytestring, meaning dependent on security context. - * @param context_id ID of security context. - * @param target_block_num Target of the given security result, included here for convenience. - * @param content Read-only view to data containing the bytes of the security result, which is copied out of here. + * @param[in,out] self Non-NULL pointer to allocated result. + * @param[in] result_id Result ID of corresponding result bytestring, meaning dependent on security context. + * @param[in] context_id ID of security context. + * @param[in] target_block_num Target of the given security result, included here for convenience. + * @param[in] content Read-only view to data containing the bytes of the security result, which is copied out of here. + * @return 0 on success, negative on error */ int BSL_SecResult_Init(BSL_SecResult_t *self, uint64_t result_id, uint64_t context_id, uint64_t target_block_num, BSL_Data_t content); @@ -636,6 +642,7 @@ enum BSL_SecParam_Types_e BSL_SECPARAM_TYPE_UNKNOWN = 0, ///< Inidcates parsed value not of expected type. BSL_SECPARAM_TYPE_INT64, ///< Indicates value type is an unsigned integer. BSL_SECPARAM_TYPE_BYTESTR, ///< Indicates the value type is a byte string. + BSL_SECPARAM_TYPE_STR }; /** Defines supplementary Security Paramter type used internally by @@ -648,7 +655,7 @@ typedef enum BSL_SECPARAM_TYPE_INT_STARTINDEX = 1000, /// @brief Used to pass in a key id found in the key registry. - BSL_SECPARAM_TYPE_INT_KEY_ID, + BSL_SECPARAM_TYPE_KEY_ID, /// @brief Used by tests to pass in a specific key bytestring BSL_SECPARAM_TYPE_INT_FIXED_KEY, @@ -675,8 +682,8 @@ typedef struct BSL_SecParam_s BSL_SecParam_t; uint64_t BSL_SecParam_GetId(const BSL_SecParam_t *self); /** @brief Return true if invariant conditions pass - * @param self This security parameter - * @returns true if valid, false otherwise. + * @param[in] self This security parameter + * @return true if valid, false otherwise. */ bool BSL_SecParam_IsConsistent(const BSL_SecParam_t *self); @@ -684,7 +691,7 @@ bool BSL_SecParam_IsConsistent(const BSL_SecParam_t *self); * * @todo Rename to avoid using negative logic and clarify. * @param param_id ID of the parameter - * @returns True when this is NOT an internal parameter ID. + * @return True when this is NOT an internal parameter ID. */ bool BSL_SecParam_IsParamIDOutput(uint64_t param_id); @@ -693,34 +700,42 @@ size_t BSL_SecParam_Sizeof(void); /** Initialize as a parameter containing a bytestring. * - * @param self[in,out] This Security Paramter - * @param param_id[in] ID of the parameter - * @param value[in] View of bytes, which get copied into this Security Parameter. - * @returns Negative on an error. + * @param[in,out] self This Security Paramter + * @param[in] param_id ID of the parameter + * @param[in] value View of bytes, which get copied into this Security Parameter. + * @return Negative on an error. */ int BSL_SecParam_InitBytestr(BSL_SecParam_t *self, uint64_t param_id, BSL_Data_t value); /** Initialize as a parameter containing an integer as a value. * - * @param self This Security Paramter - * @param param_id ID of the parameter - * @param value View of bytes, which get copied into this Security Parameter. - * @returns Negative on an error. + * @param[in,out] self This Security Paramter + * @param[in] param_id ID of the parameter + * @param[in] value View of bytes, which get copied into this Security Parameter. + * @return Negative on an error. */ int BSL_SecParam_InitInt64(BSL_SecParam_t *self, uint64_t param_id, uint64_t value); +/** + * @param[in,out] self This Security Paramter + * @param[in] param_id ID of the parameter + * @param[in] value text string of the parameter, copied into self + * @return Negative on an error. + */ +int BSL_SecParam_InitStr(BSL_SecParam_t *self, uint64_t param_id, const char *value); + /** Returns true when the value type is an integer. * - * @param self This Security Parameter - * @returns True when value type is integer. + * @param[in] self This Security Parameter + * @return True when value type is integer. */ int BSL_SecParam_IsInt64(const BSL_SecParam_t *self); /** Retrieve integer value of result when this result type is integer. WARNING: Always check using BSL_SecParam_IsInt64 * first. * - * @param self This Security Parameter - * @returns Integer value of parameter if present, panics/aborts otherwise. + * @param[in] self This Security Parameter + * @return Integer value of parameter if present, panics/aborts otherwise. */ uint64_t BSL_SecParam_GetAsUInt64(const BSL_SecParam_t *self); @@ -728,9 +743,9 @@ uint64_t BSL_SecParam_GetAsUInt64(const BSL_SecParam_t *self); * using. * * @todo Clarify whether result contains copy or view of content - * @param self This Security Parameter - * @param result Pointer to pre-allocated data into which the bytestring is copied. - * @returns Negative on error. + * @param[in] self This Security Parameter + * @param[in,out] result Pointer to pre-allocated data into which the bytestring is copied. + * @return Negative on error. */ int BSL_SecParam_GetAsBytestr(const BSL_SecParam_t *self, BSL_Data_t *result); @@ -743,12 +758,12 @@ size_t BSL_SecOper_Sizeof(void); /** Populate a pre-allocated Security Operation with the given values. * - * @param self Non-NULL pointer to this security operation. - * @param context_id ID of the security context - * @param target_block_num Block ID of security target block - * @param sec_block_num Block ID of security block. - * @param sec_type Member of BSL_SecBlock_Type_e enum indicating BIB or BCB - * @param sec_role Member of BSL_SecRole_e enum indicating role. + * @param[in,out] self Non-NULL pointer to this security operation. + * @param[in] context_id ID of the security context + * @param[in] target_block_num Block ID of security target block + * @param[in] sec_block_num Block ID of security block. + * @param[in] sec_type Member of BSL_SecBlock_Type_e enum indicating BIB or BCB + * @param[in] sec_role Member of BSL_SecRole_e enum indicating role. */ void BSL_SecOper_Init(BSL_SecOper_t *self, uint64_t context_id, uint64_t target_block_num, uint64_t sec_block_num, BSL_SecBlockType_e sec_type, BSL_SecRole_e sec_role, BSL_PolicyAction_e failure_code); @@ -758,69 +773,69 @@ void BSL_SecOper_Init(BSL_SecOper_t *self, uint64_t context_id, uint64_t target_ * Certain backend implementations may create dynamic data structures that may need to be cleaned up, * so it is essential to call this under all circumstances. * - * @param self Non-NULL pointer to this security operation + * @param[in,out] self Non-NULL pointer to this security operation */ void BSL_SecOper_Deinit(BSL_SecOper_t *self); /** Returns true if internal consistency and sanity checks pass * * @todo Formalize invariants - * @param self This security operation + * @param[in] self This security operation * @return True if consistent, may assert false otherwise. */ bool BSL_SecOper_IsConsistent(const BSL_SecOper_t *self); /** Returns a pointer to the Security Parameter at a given index in the list of all paramters. * @todo Clarify behavior if index is out of range. - * @param self This security operation - * @param index Index of security paramter list to retrieve from - * @returns Pointer to security parameter type at given index. + * @param[in] self This security operation + * @param[in] index Index of security paramter list to retrieve from + * @return Pointer to security parameter type at given index. */ const BSL_SecParam_t *BSL_SecOper_GetParamAt(const BSL_SecOper_t *self, size_t index); /// @brief Get the block number of the security block containing this sec operation -/// @param self This security operation +/// @param[in] self This security operation uint64_t BSL_SecOper_GetSecurityBlockNum(const BSL_SecOper_t *self); /// @brief Get the block number of the target block covered by this security operation -/// @param self This security operation +/// @param[in] self This security operation uint64_t BSL_SecOper_GetTargetBlockNum(const BSL_SecOper_t *self); /** Get the count of parameters contained within this security operation. * * @param self This security operation. - * @returns Count of security parameters. + * @return Count of security parameters. */ size_t BSL_SecOper_CountParams(const BSL_SecOper_t *self); /** Add the given security parameter to this list of parameters. * @todo Clarify pointer/copy semantics. - * @param self This security operation - * @param param Security parameter to include. + * @param[in,out] self This security operation + * @param[in] param Security parameter to include. */ void BSL_SecOper_AppendParam(BSL_SecOper_t *self, const BSL_SecParam_t *param); /** Return true if this security operation's role is SOURCE - * @param self This Security Operation - * @returns boolean + * @param[in] self This Security Operation + * @return boolean */ bool BSL_SecOper_IsRoleSource(const BSL_SecOper_t *self); /** Return true if this security operation's role is Verifier - * @param self This Security Operation - * @returns boolean + * @param[in] self This Security Operation + * @return boolean */ bool BSL_SecOper_IsRoleVerifier(const BSL_SecOper_t *self); /** Return true if this security operation's role is Acceptor - * @param self This Security Operation - * @returns boolean + * @param[in] self This Security Operation + * @return boolean */ bool BSL_SecOper_IsRoleAccepter(const BSL_SecOper_t *self); /** Return true if this security operation is BIB - * @param self This security operation - * @returns boolen + * @param[in] self This security operation + * @return boolen */ bool BSL_SecOper_IsBIB(const BSL_SecOper_t *self); @@ -834,62 +849,64 @@ size_t BSL_AbsSecBlock_Sizeof(void); /** Populate a pre-allocated Absract Security Block * @todo - Can be backend-only. * - * @param self This ASB - * @param sec_context_id Security Context ID - * @param source_eid Source EID in format native to host BPA. + * @param[in,out] self This ASB + * @param[in] sec_context_id Security Context ID + * @param[in] source_eid Source EID in format native to host BPA. */ void BSL_AbsSecBlock_Init(BSL_AbsSecBlock_t *self, uint64_t sec_context_id, BSL_HostEID_t source_eid); /** Checks internal consistency and sanity of this structure. - * @param self This ASB + * @param[in] self This ASB */ bool BSL_AbsSecBlock_IsConsistent(const BSL_AbsSecBlock_t *self); /** Initialize a pre-allocated ASB with no contents. - * @param self This ASB + * @param[in,out] self This ASB */ void BSL_AbsSecBlock_InitEmpty(BSL_AbsSecBlock_t *self); /** Deinitializes and clears this ASB, clearing and releasing any owned memory. * - * @param self This ASB + * @param[in,out] self This ASB */ void BSL_AbsSecBlock_Deinit(BSL_AbsSecBlock_t *self); /** Prints to LOG INFO * @todo - Can be backend-only. * - * @param self This ASB + * @param[in] self This ASB * @todo Refactor to dump this to a pre-allocated string. */ void BSL_AbsSecBlock_Print(const BSL_AbsSecBlock_t *self); /** Returns true if this ASB contains nothing (i.e., no tarets, params and results) * - * @param self This ASB. + * @param[in] self This ASB. + * @return true if ASB is empty */ bool BSL_AbsSecBlock_IsEmpty(const BSL_AbsSecBlock_t *self); /** Returns true if a given ASB contains the given block number as a security target. * - * @param self This ASB. - * @param target_block_num ID of a block, 0 indicates primary block + * @param[in,out] self This ASB. + * @param[in] target_block_num ID of a block, 0 indicates primary block + * @return true if ASB contains target */ bool BSL_AbsSecBlock_ContainsTarget(const BSL_AbsSecBlock_t *self, uint64_t target_block_num); /** Adds a given block ID as a security target covered by this ASB * @todo - Can be backend-only. * - * @param self This ASB. - * @param target_block_id ID of a block, 0 indicates primary block as usual. + * @param[in,out] self This ASB. + * @param[in] target_block_id ID of a block, 0 indicates primary block as usual. */ void BSL_AbsSecBlock_AddTarget(BSL_AbsSecBlock_t *self, uint64_t target_block_id); /** Add a security parameter to this security block (does NOT copy) * @todo - Can be backend-only. * - * @param self This security block - * @param param Non-Null Security parameter pointer to add to list + * @param[in,out] self This security block + * @param[in] param Non-Null Security parameter pointer to add to list */ void BSL_AbsSecBlock_AddParam(BSL_AbsSecBlock_t *self, const BSL_SecParam_t *param); @@ -897,8 +914,8 @@ void BSL_AbsSecBlock_AddParam(BSL_AbsSecBlock_t *self, const BSL_SecParam_t *par * * @todo - Can be backend-only. * - * @param self This security block - * @param result Non-Null Security result pointer to add to list + * @param[in,out] self This security block + * @param[in] result Non-Null Security result pointer to add to list */ void BSL_AbsSecBlock_AddResult(BSL_AbsSecBlock_t *self, const BSL_SecResult_t *result); @@ -906,16 +923,16 @@ void BSL_AbsSecBlock_AddResult(BSL_AbsSecBlock_t *self, const BSL_SecResult_t *r * * @todo - Can be backend-only. * - * @param self This ASB - * @param outcome Security Operation outcome containing params and results + * @param[in,out] self This ASB + * @param[in] outcome Security Operation outcome containing params and results * @return Negative on error, otherwise count of things removed. */ int BSL_AbsSecBlock_StripResults(BSL_AbsSecBlock_t *self, uint64_t target_block_num); /** Encodes this ASB into a CBOR string into the space pre-allocated indicated by the argument. * - * @param self This ASB. - * @param allocated_target A buffer with allocated space for the encoded CBOR + * @param[in,out] self This ASB. + * @param[in] allocated_target A buffer with allocated space for the encoded CBOR * @return Integer contains number of bytes written to buffer, negative indicates error. * */ @@ -923,8 +940,8 @@ int BSL_AbsSecBlock_EncodeToCBOR(const BSL_AbsSecBlock_t *self, BSL_Data_t alloc /** Decodes and populates this ASB from a CBOR string. * - * @param self This allocated, but uninitialized ASB to populate. - * @param encoded_cbor A buffer containing a CBOR string representing the ASB + * @param[in,out] self This allocated, but uninitialized ASB to populate. + * @param[in] encoded_cbor A buffer containing a CBOR string representing the ASB * @return Negative on error */ int BSL_AbsSecBlock_DecodeFromCBOR(BSL_AbsSecBlock_t *self, BSL_Data_t encoded_cbor); @@ -938,21 +955,21 @@ size_t BSL_SecOutcome_Sizeof(void); /** Populate a pre-allocated security outcome struct. * - * @param self Non-Null pointer to this security outcome. - * @param sec_oper Security operation containing the necessary info. - * @param allocation_size Size of working space to allocate. + * @param[in,out] self Non-Null pointer to this security outcome. + * @param[in] sec_oper Security operation containing the necessary info. + * @param[in] allocation_size Size of working space to allocate. */ void BSL_SecOutcome_Init(BSL_SecOutcome_t *self, const BSL_SecOper_t *sec_oper, size_t allocation_size); /** Release any resources owned by this security outcome. * - * @param self Non-Null pointer to this security outcome. + * @param[in,out] self Non-Null pointer to this security outcome. */ void BSL_SecOutcome_Deinit(BSL_SecOutcome_t *self); /** Return true if internal invariants hold * - * @param self This sec outcome. + * @param[in] self This sec outcome. * @return true if invariants hold */ bool BSL_SecOutcome_IsConsistent(const BSL_SecOutcome_t *self); @@ -961,21 +978,23 @@ bool BSL_SecOutcome_IsConsistent(const BSL_SecOutcome_t *self); * * @todo Double-check copy semantics. * - * @param self Non-NULL pointer to this security outcome. - * @param sec_result Non-NULL pointer to security result to copy and append. + * @param[in,out] self Non-NULL pointer to this security outcome. + * @param[in] sec_result Non-NULL pointer to security result to copy and append. */ void BSL_SecOutcome_AppendResult(BSL_SecOutcome_t *self, const BSL_SecResult_t *sec_result); /** Get the result at index i. Panics if i is out of range. * - * @param self This outcome - * @param index Index in the list to retrieve + * @param[in] self This outcome + * @param[in] index Index in the list to retrieve + * @return Sec Result at index */ const BSL_SecResult_t *BSL_SecOutcome_GetResultAtIndex(const BSL_SecOutcome_t *self, size_t index); /** Get the number of results * - * @param self this sec outcome + * @param[in] self this sec outcome + * @return number of results in sec outcome */ size_t BSL_SecOutcome_CountResults(const BSL_SecOutcome_t *self); @@ -983,14 +1002,14 @@ size_t BSL_SecOutcome_CountResults(const BSL_SecOutcome_t *self); * * @todo Double-check copy semantics. * - * @param self Non-NULL pointer to this security outcome. - * @param param Non-NULL pointer to security parameter to copy and append. + * @param[in,out] self Non-NULL pointer to this security outcome. + * @param[in] param Non-NULL pointer to security parameter to copy and append. */ void BSL_SecOutcome_AppendParam(BSL_SecOutcome_t *self, const BSL_SecParam_t *param); /** @brief Returns number of parameters in this outcome. * @param[in] self This outcome - * @returns Number of parameters + * @return Number of parameters */ size_t BSL_SecOutcome_CountParams(const BSL_SecOutcome_t *self); @@ -998,8 +1017,8 @@ const BSL_SecParam_t *BSL_SecOutcome_GetParamAt(const BSL_SecOutcome_t *self, si /// @brief Returns true if this (the parameters and results) is contained within the given ASK /// @todo Can move to backend -/// @param self -/// @param outcome +/// @param[in] self +/// @param[in] outcome /// @return bool BSL_SecOutcome_IsInAbsSecBlock(const BSL_SecOutcome_t *self, const BSL_AbsSecBlock_t *abs_sec_block); @@ -1015,48 +1034,49 @@ void BSL_SecurityActionSet_Init(BSL_SecurityActionSet_t *self); /** @brief Increment a security failure for this action set * - * @param[in, out] self Pointer to this security action set. + * @param[in,out] self Pointer to this security action set. */ void BSL_SecurityActionSet_IncrError(BSL_SecurityActionSet_t *self); /** @brief Returns count of failures after processing this action set * * @param[in] self Pointer ot this security action set. - * @returns Count of errors. + * @return Count of errors. */ size_t BSL_SecurityActionSet_CountErrors(const BSL_SecurityActionSet_t *self); /** Zeroize, clear, and release itself and any owned resources. * - * @param self This action set. + * @param[in,out] self This action set. */ void BSL_SecurityActionSet_Deinit(BSL_SecurityActionSet_t *self); /** @brief Append a security operation to the security action set * - * @param[in, out] self This security action set. + * @param[in,out] self This security action set. * @param[in] sec_oper Security operation to include. - * @returns 0 on success, negative on error + * @return 0 on success, negative on error */ int BSL_SecurityActionSet_AppendSecOper(BSL_SecurityActionSet_t *self, const BSL_SecOper_t *sec_oper); /** Return true if internal sanity and consistency checks pass * * @param[in] self This action set. + * @return true if action set is consistent */ bool BSL_SecurityActionSet_IsConsistent(const BSL_SecurityActionSet_t *self); /** Count number of security operations present in this policy action set. * - * @param self This action set. + * @param[in] self This action set. * @return Number of operations, 0 indicates no policy matched. */ size_t BSL_SecurityActionSet_CountSecOpers(const BSL_SecurityActionSet_t *self); /** Returns the Security Operation at the given index. * - * @param self This action set - * @param index index + * @param[in] self This action set + * @param[in] index index * @return pointer to security operation at given index, asserting false if not in bound */ const BSL_SecOper_t *BSL_SecurityActionSet_GetSecOperAtIndex(const BSL_SecurityActionSet_t *self, size_t index); @@ -1080,7 +1100,7 @@ void BSL_SecurityResponseSet_Init(BSL_SecurityResponseSet_t *self, size_t nopera /** Zeroize itself and release any owned resources * - * @param[in, out] self This response set. + * @param[in,out] self This response set. */ void BSL_SecurityResponseSet_Deinit(BSL_SecurityResponseSet_t *self); @@ -1092,7 +1112,7 @@ bool BSL_SecurityResponseSet_IsConsistent(const BSL_SecurityResponseSet_t *self) /** Return number of responses (operations acted upon) * - * @param self This response set. + * @param[in] self This response set. */ size_t BSL_SecurityResponseSet_CountResponses(const BSL_SecurityResponseSet_t *self); @@ -1105,7 +1125,6 @@ size_t BSL_SecurityResponseSet_CountResponses(const BSL_SecurityResponseSet_t *s * @param[out] output_action_set @preallocated Caller-allocated, zeroed space for action set * @param[in,out] bundle Bundle seeking security operations * @param[in] location Where in the BPA lifecycle this query arises from - * * @return A policy action set, which may contain error codes and other info */ int BSL_PolicyRegistry_InspectActions(const BSL_LibCtx_t *bsl, BSL_SecurityActionSet_t *output_action_set, @@ -1132,7 +1151,7 @@ struct BSL_PolicyDesc_s * @param[out] output_response Pointer to allocated, zeroed memory into which the response is populated * @param[in,out] bundle Pointer to bundle, which may be modified. * @param[in] action_set Action containing all params and operations. - * + * @return 0 on success, negative on failure. */ int BSL_SecCtx_ExecutePolicyActionSet(BSL_LibCtx_t *lib, BSL_SecurityResponseSet_t *output_response, BSL_BundleRef_t *bundle, const BSL_SecurityActionSet_t *action_set); @@ -1157,7 +1176,7 @@ typedef bool (*BSL_SecCtx_Validate_f)(BSL_LibCtx_t *lib, const BSL_BundleRef_t * * @param[in] lib The library context. * @param[in,out] bundle The bundle to modify. * @param[in] sec_oper The security operation to perform. - * @param[in, out] sec_outcome The pre-allocated outcome to populate + * @param[in,out] sec_outcome The pre-allocated outcome to populate * @return 0 if security operation performed successfully. */ typedef int (*BSL_SecCtx_Execute_f)(BSL_LibCtx_t *lib, const BSL_BundleRef_t *bundle, const BSL_SecOper_t *sec_oper, diff --git a/src/CryptoInterface.h b/src/CryptoInterface.h index 53123c24..d4b6b815 100644 --- a/src/CryptoInterface.h +++ b/src/CryptoInterface.h @@ -141,7 +141,7 @@ void BSL_CryptoDeinit(void); * @return 0 if successful */ BSL_REQUIRE_CHECK -int BSL_AuthCtx_Init(BSL_AuthCtx_t *hmac_ctx, uint64_t keyid, BSL_CryptoCipherSHAVariant_e sha_var); +int BSL_AuthCtx_Init(BSL_AuthCtx_t *hmac_ctx, const char *keyid, BSL_CryptoCipherSHAVariant_e sha_var); /** * Input data to HMAC sign to context @@ -180,13 +180,13 @@ int BSL_AuthCtx_Deinit(BSL_AuthCtx_t *hmac_ctx); /** * @todo Doxygen */ -int BSL_Crypto_UnwrapKey(BSL_Data_t *unwrapped_key_output, BSL_Data_t wrapped_key_plaintext, size_t key_id, +int BSL_Crypto_UnwrapKey(BSL_Data_t *unwrapped_key_output, BSL_Data_t wrapped_key_plaintext, const char *key_id, size_t aes_variant); /** * @todo Doxygen */ -int BSL_Crypto_WrapKey(BSL_Data_t *wrapped_key, BSL_Data_t cek, size_t content_key_id, size_t aes_variant); +int BSL_Crypto_WrapKey(BSL_Data_t *wrapped_key, BSL_Data_t cek, const char *content_key_id, size_t aes_variant); /** * Initialize crypto context resources and set as encoding or decoding @@ -208,7 +208,7 @@ int BSL_Cipher_Init(BSL_Cipher_t *cipher_ctx, BSL_CipherMode_e enc, BSL_CryptoCi * @param[out] secret_len Pointer to the stored secret length, if successful. * @return Zero upon success. */ -int BSLB_Crypto_GetRegistryKey(uint64_t keyid, const uint8_t **secret, size_t *secret_len); +int BSLB_Crypto_GetRegistryKey(const char *keyid, const uint8_t **secret, size_t *secret_len); /** * Add additional authenticated data (AAD) to cipher context @@ -284,7 +284,7 @@ int BSL_Crypto_GenIV(void *buf, int size); * @param secret_len length of raw key * @return Zero upon success. */ -int BSL_Crypto_AddRegistryKey(uint64_t keyid, const uint8_t *secret, size_t secret_len); +int BSL_Crypto_AddRegistryKey(const char *keyid, const uint8_t *secret, size_t secret_len); #ifdef __cplusplus } // extern C diff --git a/src/backend/AbsSecBlock.c b/src/backend/AbsSecBlock.c index 1d06347e..6d84fbf4 100644 --- a/src/backend/AbsSecBlock.c +++ b/src/backend/AbsSecBlock.c @@ -410,7 +410,7 @@ int BSL_AbsSecBlock_DecodeFromCBOR(BSL_AbsSecBlock_t *self, BSL_Data_t encoded_c // This is a failure case - should more clearly return? BSL_LOG_ERR("Unhandled case"); // NOLINTNEXTLINE - exit(1); + return BSL_ERR_DECODING; } const size_t item_end = QCBORDecode_Tell(&asbdec); diff --git a/src/backend/SecParam.c b/src/backend/SecParam.c index fe306c41..5b491791 100644 --- a/src/backend/SecParam.c +++ b/src/backend/SecParam.c @@ -31,6 +31,20 @@ size_t BSL_SecParam_Sizeof(void) return sizeof(BSL_SecParam_t); } +int BSL_SecParam_InitStr(BSL_SecParam_t *self, uint64_t param_id, const char *value) +{ + CHK_ARG_NONNULL(self); + CHK_ARG_EXPR(value != NULL); + + memset(self, 0, sizeof(*self)); + self->param_id = param_id; + self->_type = BSL_SECPARAM_TYPE_STR; + self->_bytelen = strlen(value); + memcpy(self->_bytes, value, strlen(value)); + + return BSL_SUCCESS; +} + int BSL_SecParam_InitBytestr(BSL_SecParam_t *self, uint64_t param_id, BSL_Data_t value) { CHK_ARG_NONNULL(self); diff --git a/src/crypto/CryptoInterface.c b/src/crypto/CryptoInterface.c index b7601c09..89f92f4e 100644 --- a/src/crypto/CryptoInterface.c +++ b/src/crypto/CryptoInterface.c @@ -27,6 +27,7 @@ #include #include +#include #include #include @@ -53,7 +54,7 @@ static int BSLB_CryptoKey_Deinit(BSLB_CryptoKey_t *key) /// @cond Doxygen_Suppress #define M_OPL_BSLB_CryptoKey_t() M_OPEXTEND(M_POD_OPLIST, CLEAR(API_2(BSLB_CryptoKey_Deinit))) /// Stable dict of crypto keys (key: key ID | value: key) -DICT_DEF2(BSLB_CryptoKeyDict, uint64_t, M_BASIC_OPLIST, BSLB_CryptoKey_t, M_OPL_BSLB_CryptoKey_t()) +DICT_DEF2(BSLB_CryptoKeyDict, string_t, STRING_OPLIST, BSLB_CryptoKey_t, M_OPL_BSLB_CryptoKey_t()) /// @endcond /// Crypto key registry @@ -71,7 +72,7 @@ void BSL_CryptoDeinit(void) BSLB_CryptoKeyDict_clear(StaticKeyRegistry); } -int BSL_Crypto_UnwrapKey(BSL_Data_t *unwrapped_key_output, BSL_Data_t wrapped_key_plaintext, size_t key_id, +int BSL_Crypto_UnwrapKey(BSL_Data_t *unwrapped_key_output, BSL_Data_t wrapped_key_plaintext, const char *key_id, size_t aes_variant) { const EVP_CIPHER *cipher = (aes_variant == BSL_CRYPTO_AES_128) ? EVP_aes_128_wrap() : EVP_aes_256_wrap(); @@ -117,7 +118,7 @@ int BSL_Crypto_UnwrapKey(BSL_Data_t *unwrapped_key_output, BSL_Data_t wrapped_ke return 0; } -int BSL_Crypto_WrapKey(BSL_Data_t *wrapped_key, BSL_Data_t cek, size_t content_key_id, size_t aes_variant) +int BSL_Crypto_WrapKey(BSL_Data_t *wrapped_key, BSL_Data_t cek, const char *content_key_id, size_t aes_variant) { const EVP_CIPHER *cipher = (aes_variant == BSL_CRYPTO_AES_128) ? EVP_aes_128_wrap() : EVP_aes_256_wrap(); EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); @@ -166,7 +167,7 @@ int BSL_Crypto_WrapKey(BSL_Data_t *wrapped_key, BSL_Data_t cek, size_t content_k return 0; } -int BSL_AuthCtx_Init(BSL_AuthCtx_t *hmac_ctx, uint64_t keyid, BSL_CryptoCipherSHAVariant_e sha_var) +int BSL_AuthCtx_Init(BSL_AuthCtx_t *hmac_ctx, const char *keyid, BSL_CryptoCipherSHAVariant_e sha_var) { CHK_ARG_NONNULL(hmac_ctx); @@ -192,8 +193,11 @@ int BSL_AuthCtx_Init(BSL_AuthCtx_t *hmac_ctx, uint64_t keyid, BSL_CryptoCipherSH return BSL_ERR_FAILURE; } + string_t keyid_str; + string_init_set_str(keyid_str, keyid); + pthread_mutex_lock(&StaticCryptoMutex); - const BSLB_CryptoKey_t *key_info = BSLB_CryptoKeyDict_cget(StaticKeyRegistry, keyid); + const BSLB_CryptoKey_t *key_info = BSLB_CryptoKeyDict_cget(StaticKeyRegistry, keyid_str); if (key_info == NULL) { // Special case which should not happen @@ -430,7 +434,7 @@ int BSL_Crypto_GenIV(void *buf, int size) return 0; } -int BSL_Crypto_AddRegistryKey(uint64_t keyid, const uint8_t *secret, size_t secret_len) +int BSL_Crypto_AddRegistryKey(const char *keyid, const uint8_t *secret, size_t secret_len) { CHK_ARG_NONNULL(secret); CHK_ARG_EXPR(secret_len > 0); @@ -452,20 +456,26 @@ int BSL_Crypto_AddRegistryKey(uint64_t keyid, const uint8_t *secret, size_t secr return ecode; } + string_t keyid_str; + string_init_set_str(keyid_str, keyid); + pthread_mutex_lock(&StaticCryptoMutex); - BSLB_CryptoKeyDict_set_at(StaticKeyRegistry, keyid, key); + BSLB_CryptoKeyDict_set_at(StaticKeyRegistry, keyid_str, key); pthread_mutex_unlock(&StaticCryptoMutex); return 0; } -int BSLB_Crypto_GetRegistryKey(uint64_t keyid, const uint8_t **secret, size_t *secret_len) +int BSLB_Crypto_GetRegistryKey(const char *keyid, const uint8_t **secret, size_t *secret_len) { CHK_ARG_NONNULL(secret); // CHK_ARG_NONNULL(secret_len); // Note: secret_len CAN be NULL - this maybe should be fixed. + string_t keyid_str; + string_init_set_str(keyid_str, keyid); + pthread_mutex_lock(&StaticCryptoMutex); - const BSLB_CryptoKey_t *found = BSLB_CryptoKeyDict_cget(StaticKeyRegistry, keyid); + const BSLB_CryptoKey_t *found = BSLB_CryptoKeyDict_cget(StaticKeyRegistry, keyid_str); if (!found) { diff --git a/src/security_context/BCB_AES_GCM.c b/src/security_context/BCB_AES_GCM.c index c031cb2c..f7eb98b8 100644 --- a/src/security_context/BCB_AES_GCM.c +++ b/src/security_context/BCB_AES_GCM.c @@ -105,7 +105,7 @@ static int BSLX_BCB_Decrypt(BSLX_BCB_t *bcb_context) CHK_PRECONDITION(bcb_context->aad.len > 0); // Key must have been set (this feeds the key encryption key) - CHK_PRECONDITION(bcb_context->key_id > 0); + CHK_PRECONDITION(bcb_context->key_id); // BTSD replacement is not yet allocated CHK_PRECONDITION(bcb_context->btsd_replacement.ptr != NULL); @@ -224,7 +224,7 @@ int BSLX_BCB_Encrypt(BSLX_BCB_t *bcb_context) CHK_PRECONDITION(bcb_context->aad.len > 0); // Must have a key ID from the security operation parameters - CHK_PRECONDITION(bcb_context->key_id > 0); + CHK_PRECONDITION(bcb_context->key_id); // BTSD replacement is not yet allocated CHK_PRECONDITION(bcb_context->btsd_replacement.ptr != NULL); @@ -469,12 +469,13 @@ int BSLX_BCB_GetParams(const BSL_BundleRef_t *bundle, BSLX_BCB_t *bcb_context, c } break; } - case BSL_SECPARAM_TYPE_INT_KEY_ID: + case BSL_SECPARAM_TYPE_KEY_ID: { - assert(is_int); - bcb_context->key_id = BSL_SecParam_GetAsUInt64(param); - BSL_LOG_DEBUG("Param[%lu]: KEY_ID value = %lu", param_id, bcb_context->key_id); - BSL_LOG_DEBUG("Key ID = %lu", bcb_context->key_id); + assert(!is_int); + BSL_Data_t res; + assert(BSL_SUCCESS == BSL_SecParam_GetAsBytestr(param, &res)); + bcb_context->key_id = (char *)res.ptr; + BSL_LOG_DEBUG("Param[%lu]: KEY_ID value = %s", param_id, bcb_context->key_id); break; } case BSL_SECPARAM_TYPE_INT_FIXED_KEY: diff --git a/src/security_context/BIB_HMAC_SHA2.c b/src/security_context/BIB_HMAC_SHA2.c index e8c97732..9c6b9a02 100644 --- a/src/security_context/BIB_HMAC_SHA2.c +++ b/src/security_context/BIB_HMAC_SHA2.c @@ -111,7 +111,6 @@ int BSLX_BIB_InitFromSecOper(BSLX_BIB_t *self, const BSL_SecOper_t *sec_oper) memset(self, 0, sizeof(*self)); self->sha_variant = -1; self->integrity_scope_flags = -1; - self->key_id = -1; for (size_t param_index = 0; param_index < BSL_SecOper_CountParams(sec_oper); param_index++) { @@ -124,10 +123,12 @@ int BSLX_BIB_InitFromSecOper(BSLX_BIB_t *self, const BSL_SecOper_t *sec_oper) int_val = BSL_SecParam_GetAsUInt64(param); } - if (param_id == BSL_SECPARAM_TYPE_INT_KEY_ID) + if (param_id == BSL_SECPARAM_TYPE_KEY_ID) { - assert(is_int); - self->key_id = int_val; + assert(!is_int); + BSL_Data_t res; + BSL_SecParam_GetAsBytestr(param, &res); + self->key_id = (char *)res.ptr; } else if (param_id == BSL_SECPARAM_TYPE_INT_FIXED_KEY) { diff --git a/src/security_context/DefaultSecContext_Private.h b/src/security_context/DefaultSecContext_Private.h index b89f1526..4c3a06c8 100644 --- a/src/security_context/DefaultSecContext_Private.h +++ b/src/security_context/DefaultSecContext_Private.h @@ -62,7 +62,8 @@ BSL_Data_t BSLX_Bytestr_AsData(BSLX_Bytestr_t *self); typedef struct BSLX_BIB_s { - int64_t key_id; + /// @brief set to external pointer which will outloast BIB context + const char *key_id; BSL_PrimaryBlock_t primary_block; BSL_CanonicalBlock_t target_block; BSL_CanonicalBlock_t sec_block; @@ -84,8 +85,8 @@ int BSLX_BIB_GenHMAC(BSLX_BIB_t *self, BSL_Data_t ippt_data); */ typedef struct BSLX_BCB_s { - size_t err_count; - uint64_t key_id; + size_t err_count; + const char *key_id; // Data wrappers and containers for borrowed and owned/allocated buffers // These will ALL be deinitialized at the end, so _Deinit MUST be called. diff --git a/test/bsl_test_utils.c b/test/bsl_test_utils.c index 95d4f596..77ed2993 100644 --- a/test/bsl_test_utils.c +++ b/test/bsl_test_utils.c @@ -39,11 +39,11 @@ field.len = sizeof(tgt); \ field.ptr = (uint8_t *)tgt -void BSL_TestUtils_InitBIB_AppendixA1(BIBTestContext *context, BSL_SecRole_e role, uint64_t key_id) +void BSL_TestUtils_InitBIB_AppendixA1(BIBTestContext *context, BSL_SecRole_e role, const char *key_id) { quick_data(context->hmac, ApxA1_HMAC); - BSL_SecParam_InitInt64(&context->param_test_key, BSL_SECPARAM_TYPE_INT_KEY_ID, key_id); + BSL_SecParam_InitStr(&context->param_test_key, BSL_SECPARAM_TYPE_KEY_ID, key_id); BSL_SecParam_InitInt64(&context->param_scope_flags, RFC9173_BIB_PARAMID_INTEG_SCOPE_FLAG, 0); BSL_SecParam_InitInt64(&context->param_sha_variant, RFC9173_BIB_PARAMID_SHA_VARIANT, RFC9173_BIB_SHA_HMAC512); BSL_SecParam_InitBytestr(&context->param_hmac, BSL_SECPARAM_TYPE_AUTH_TAG, context->hmac); @@ -64,7 +64,7 @@ void BSL_TestUtils_InitBCB_Appendix2(BCBTestContext *context, BSL_SecRole_e role quick_data(context->content_enc_key, ApxA2_ContentEncKey); BSL_SecParam_InitInt64(&context->param_scope_flags, RFC9173_BCB_SECPARAM_AADSCOPE, 0); - BSL_SecParam_InitInt64(&context->param_test_key_id, BSL_SECPARAM_TYPE_INT_KEY_ID, RFC9173_EXAMPLE_A2_KEY); + BSL_SecParam_InitStr(&context->param_test_key_id, BSL_SECPARAM_TYPE_KEY_ID, RFC9173_EXAMPLE_A2_KEY); BSL_SecParam_InitInt64(&context->param_aes_variant, RFC9173_BCB_SECPARAM_AESVARIANT, RFC9173_BCB_AES_VARIANT_A128GCM); BSL_SecParam_InitBytestr(&context->param_init_vec, RFC9173_BCB_SECPARAM_IV, context->init_vector); @@ -220,14 +220,14 @@ BSL_HostEIDPattern_t BSL_TestUtils_GetEidPatternFromText(const char *text) return pat; } -RFC9173_A1_Params BSL_TestUtils_GetRFC9173_A1Params(uint64_t key_id) +RFC9173_A1_Params BSL_TestUtils_GetRFC9173_A1Params(const char *key_id) { RFC9173_A1_Params params = { 0 }; BSL_SecParam_InitInt64(¶ms.sha_variant, RFC9173_TestVectors_AppendixA1.bib_asb_sha_variant_key, RFC9173_TestVectors_AppendixA1.bib_asb_sha_variant_value); BSL_SecParam_InitInt64(¶ms.scope_flags, RFC9173_TestVectors_AppendixA1.bib_asb_scope_flags_key, RFC9173_TestVectors_AppendixA1.bib_asb_scope_flags_value); - BSL_SecParam_InitInt64(¶ms.test_key_id, BSL_SECPARAM_TYPE_INT_KEY_ID, key_id); + BSL_SecParam_InitStr(¶ms.test_key_id, BSL_SECPARAM_TYPE_KEY_ID, key_id); return params; } diff --git a/test/bsl_test_utils.h b/test/bsl_test_utils.h index d05e1160..0e4cdec8 100644 --- a/test/bsl_test_utils.h +++ b/test/bsl_test_utils.h @@ -33,15 +33,15 @@ #include /// @brief Key ID for the Appendix A1 key in OpenSSL -#define RFC9173_EXAMPLE_A1_KEY (9100) +#define RFC9173_EXAMPLE_A1_KEY "9100" /// @brief Key ID for the Appendix A2 key in OpenSSL -#define RFC9173_EXAMPLE_A2_KEY (9102) +#define RFC9173_EXAMPLE_A2_KEY "9102" /// @brief Key ID for the Appendix A3 key in OpenSSL -#define RFC9173_EXAMPLE_A3_KEY (9103) +#define RFC9173_EXAMPLE_A3_KEY "9103" -#define RFC9173_EXAMPLE_A4_BCB_KEY (9104) +#define RFC9173_EXAMPLE_A4_BCB_KEY "9104" #define quick_data_t(field, tgt) \ field.len = sizeof(tgt); \ @@ -86,7 +86,7 @@ typedef struct BSL_SecOper_t sec_oper; } BIBTestContext; -void BSL_TestUtils_InitBIB_AppendixA1(BIBTestContext *context, BSL_SecRole_e role, uint64_t key_id); +void BSL_TestUtils_InitBIB_AppendixA1(BIBTestContext *context, BSL_SecRole_e role, const char *key_id); static const uint8_t ApxA2_InitVec[] = { 0x54, 0x77, 0x65, 0x6c, 0x76, 0x65, 0x31, 0x32, 0x31, 0x32, 0x31, 0x32 }; static const uint8_t ApxA2_AuthTag[] = { 0xef, 0xa4, 0xb5, 0xac, 0x01, 0x08, 0xe3, 0x81, @@ -276,7 +276,7 @@ typedef struct BSL_SecParam_t test_key_id; } RFC9173_A1_Params; -RFC9173_A1_Params BSL_TestUtils_GetRFC9173_A1Params(uint64_t key_id); +RFC9173_A1_Params BSL_TestUtils_GetRFC9173_A1Params(const char *key_id); typedef struct { @@ -291,7 +291,7 @@ typedef struct uint64_t scope_flag; } RFC9173_AppendixA2_BCB; -RFC9173_A1_Params BSL_TestUtils_GetRFC9173_A2Params(uint64_t key_id); +RFC9173_A1_Params BSL_TestUtils_GetRFC9173_A2Params(const char *key_id); typedef struct BSL_TestContext_s { diff --git a/test/test_BackendSecurityContext.c b/test/test_BackendSecurityContext.c index 0eceb520..d353f005 100644 --- a/test/test_BackendSecurityContext.c +++ b/test/test_BackendSecurityContext.c @@ -180,7 +180,8 @@ void test_SecurityContext_BIB_Verifier_Failure(void) BSL_TestUtils_InitBIB_AppendixA1(&bib_test_context, BSL_SECROLE_VERIFIER, RFC9173_EXAMPLE_A2_KEY); // Note - switch to use the WRONG KEY - bib_test_context.param_test_key._uint_value = RFC9173_EXAMPLE_A2_KEY; + memcpy(bib_test_context.param_test_key._bytes, RFC9173_EXAMPLE_A2_KEY, strlen(RFC9173_EXAMPLE_A2_KEY)); + bib_test_context.param_test_key._bytelen = strlen(RFC9173_EXAMPLE_A2_KEY); BSL_SecurityActionSet_t *malloced_actionset = BSL_TestUtils_InitMallocBIBActionSet(&bib_test_context); BSL_SecurityResponseSet_t *malloced_responseset = BSL_TestUtils_MallocEmptyPolicyResponse(); @@ -267,7 +268,7 @@ void test_RFC9173_AppendixA_Example3_Acceptor(void) TEST_ASSERT_EQUAL(4, primary_block.block_count); BSL_SecParam_t param_key = { 0 }; - BSL_SecParam_InitInt64(¶m_key, BSL_SECPARAM_TYPE_INT_KEY_ID, RFC9173_EXAMPLE_A1_KEY); + BSL_SecParam_InitStr(¶m_key, BSL_SECPARAM_TYPE_KEY_ID, RFC9173_EXAMPLE_A1_KEY); BSL_SecOper_t bib_oper_primary = { 0 }; BSL_SecOper_Init(&bib_oper_primary, 1, 0, 3, BSL_SECBLOCKTYPE_BIB, BSL_SECROLE_ACCEPTOR, BSL_POLICYACTION_DROP_BLOCK); @@ -278,7 +279,7 @@ void test_RFC9173_AppendixA_Example3_Acceptor(void) BSL_SecOper_AppendParam(&bib_oper_ext_block, ¶m_key); BSL_SecParam_t bcb_param_key = { 0 }; - BSL_SecParam_InitInt64(&bcb_param_key, BSL_SECPARAM_TYPE_INT_KEY_ID, RFC9173_EXAMPLE_A3_KEY); + BSL_SecParam_InitStr(&bcb_param_key, BSL_SECPARAM_TYPE_KEY_ID, RFC9173_EXAMPLE_A3_KEY); BSL_SecOper_t bcb_oper = { 0 }; BSL_SecOper_Init(&bcb_oper, 2, 1, 4, BSL_SECBLOCKTYPE_BCB, BSL_SECROLE_ACCEPTOR, BSL_POLICYACTION_DROP_BLOCK); BSL_SecOper_AppendParam(&bcb_oper, &bcb_param_key); @@ -317,7 +318,7 @@ void test_RFC9173_AppendixA_Example3_Source(void) TEST_ASSERT_EQUAL(2, primary_block.block_count); BSL_SecParam_t param_key = { 0 }; - BSL_SecParam_InitInt64(¶m_key, BSL_SECPARAM_TYPE_INT_KEY_ID, RFC9173_EXAMPLE_A1_KEY); + BSL_SecParam_InitStr(¶m_key, BSL_SECPARAM_TYPE_KEY_ID, RFC9173_EXAMPLE_A1_KEY); BSL_SecParam_t param_sha_var = { 0 }; BSL_SecParam_InitInt64(¶m_sha_var, RFC9173_BIB_PARAMID_SHA_VARIANT, RFC9173_BIB_SHA_HMAC256); @@ -339,7 +340,7 @@ void test_RFC9173_AppendixA_Example3_Source(void) BSL_SecOper_AppendParam(&bib_oper_ext_block, ¶m_integ_scope); BSL_SecParam_t bcb_param_key = { 0 }; - BSL_SecParam_InitInt64(&bcb_param_key, BSL_SECPARAM_TYPE_INT_KEY_ID, RFC9173_EXAMPLE_A3_KEY); + BSL_SecParam_InitStr(&bcb_param_key, BSL_SECPARAM_TYPE_KEY_ID, RFC9173_EXAMPLE_A3_KEY); BSL_SecParam_t bcb_scope = { 0 }; BSL_SecParam_InitInt64(&bcb_scope, RFC9173_BCB_SECPARAM_AADSCOPE, 0); @@ -406,7 +407,7 @@ void test_RFC9173_AppendixA_Example4_Acceptor(void) // FIRST we must decrypt the BCB targets. BSL_SecParam_t bcb_param_key = { 0 }; - BSL_SecParam_InitInt64(&bcb_param_key, BSL_SECPARAM_TYPE_INT_KEY_ID, RFC9173_EXAMPLE_A4_BCB_KEY); + BSL_SecParam_InitStr(&bcb_param_key, BSL_SECPARAM_TYPE_KEY_ID, RFC9173_EXAMPLE_A4_BCB_KEY); BSL_SecParam_t bcb_scope = { 0 }; BSL_SecParam_InitInt64(&bcb_scope, RFC9173_BCB_SECPARAM_AADSCOPE, 0x07); BSL_SecParam_t aes_variant = { 0 }; @@ -426,7 +427,7 @@ void test_RFC9173_AppendixA_Example4_Acceptor(void) BSL_SecOper_AppendParam(&bcb_op_tgt_bib, &bcb_scope); BSL_SecParam_t param_key = { 0 }; - BSL_SecParam_InitInt64(¶m_key, BSL_SECPARAM_TYPE_INT_KEY_ID, RFC9173_EXAMPLE_A1_KEY); + BSL_SecParam_InitStr(¶m_key, BSL_SECPARAM_TYPE_KEY_ID, RFC9173_EXAMPLE_A1_KEY); BSL_SecParam_t sha_variant = { 0 }; BSL_SecParam_InitInt64(&sha_variant, RFC9173_BIB_PARAMID_SHA_VARIANT, RFC9173_BIB_SHA_HMAC384); BSL_SecParam_t scope_flag = { 0 }; @@ -479,7 +480,7 @@ void test_RFC9173_AppendixA_Example4_Source(void) TEST_ASSERT_EQUAL(1, primary_block.block_count); BSL_SecParam_t param_key = { 0 }; - BSL_SecParam_InitInt64(¶m_key, BSL_SECPARAM_TYPE_INT_KEY_ID, RFC9173_EXAMPLE_A1_KEY); + BSL_SecParam_InitStr(¶m_key, BSL_SECPARAM_TYPE_KEY_ID, RFC9173_EXAMPLE_A1_KEY); BSL_SecParam_t sha_variant = { 0 }; BSL_SecParam_InitInt64(&sha_variant, RFC9173_BIB_PARAMID_SHA_VARIANT, RFC9173_BIB_SHA_HMAC384); BSL_SecParam_t scope_flag = { 0 }; @@ -492,7 +493,7 @@ void test_RFC9173_AppendixA_Example4_Source(void) BSL_SecOper_AppendParam(&bib_oper_payload, &scope_flag); BSL_SecParam_t bcb_param_key = { 0 }; - BSL_SecParam_InitInt64(&bcb_param_key, BSL_SECPARAM_TYPE_INT_KEY_ID, RFC9173_EXAMPLE_A4_BCB_KEY); + BSL_SecParam_InitStr(&bcb_param_key, BSL_SECPARAM_TYPE_KEY_ID, RFC9173_EXAMPLE_A4_BCB_KEY); BSL_SecParam_t bcb_scope = { 0 }; BSL_SecParam_InitInt64(&bcb_scope, RFC9173_BCB_SECPARAM_AADSCOPE, 0x07); BSL_SecParam_t aes_variant = { 0 }; diff --git a/test/test_CryptoInterface.c b/test/test_CryptoInterface.c index 85918b49..bc6f9068 100644 --- a/test/test_CryptoInterface.c +++ b/test/test_CryptoInterface.c @@ -201,16 +201,16 @@ void suiteSetUp(void) uint8_t test1[20] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b }; uint8_t test2[4] = { 0x4a, 0x65, 0x66, 0x65 }; - BSL_Crypto_AddRegistryKey(1, test1, 20); - BSL_Crypto_AddRegistryKey(2, test2, 4); + BSL_Crypto_AddRegistryKey("Key1", test1, 20); + BSL_Crypto_AddRegistryKey("Key2", test2, 4); uint8_t test_128[16] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b }; uint8_t test_256[32] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b }; - BSL_Crypto_AddRegistryKey(8, test_256, 32); - BSL_Crypto_AddRegistryKey(9, test_128, 16); + BSL_Crypto_AddRegistryKey("Key8", test_256, 32); + BSL_Crypto_AddRegistryKey("Key9", test_128, 16); } int suiteTearDown(int failures) @@ -232,23 +232,23 @@ void tearDown(void) // test vectors from RFC 4231 // Test vector 1 -TEST_MATRIX([ 0, 1 ], [1], [BSL_CRYPTO_SHA_256], ["4869205468657265"], +TEST_MATRIX([ 0, 1 ], ["Key1"], [BSL_CRYPTO_SHA_256], ["4869205468657265"], ["b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7"]) -TEST_MATRIX([ 0, 1 ], [1], [BSL_CRYPTO_SHA_384], ["4869205468657265"], +TEST_MATRIX([ 0, 1 ], ["Key1"], [BSL_CRYPTO_SHA_384], ["4869205468657265"], ["afd03944d84895626b0825f4ab46907f15f9dadbe4101ec682aa034c7cebc59cfaea9ea9076ede7f4af152e8b2fa9cb6"]) -TEST_MATRIX([ 0, 1 ], [1], [BSL_CRYPTO_SHA_512], ["4869205468657265"], +TEST_MATRIX([ 0, 1 ], ["Key1"], [BSL_CRYPTO_SHA_512], ["4869205468657265"], ["87aa7cdea5ef619d4ff0b4241a1d6cb02379f4e2ce4ec2787ad0b30545e17cdedaa833b7d6b8a702038b274eaea3f4e4be9d914ee" "b61f1702e696c203a126854"]) // Test vector 2 -TEST_MATRIX([ 0, 1 ], [2], [BSL_CRYPTO_SHA_256], ["7768617420646f2079612077616e7420666f72206e6f7468696e673f"], +TEST_MATRIX([ 0, 1 ], ["Key2"], [BSL_CRYPTO_SHA_256], ["7768617420646f2079612077616e7420666f72206e6f7468696e673f"], ["5bdcc146bf60754e6a042426089575c75a003f089d2739839dec58b964ec3843"]) -TEST_MATRIX([ 0, 1 ], [2], [BSL_CRYPTO_SHA_384], ["7768617420646f2079612077616e7420666f72206e6f7468696e673f"], +TEST_MATRIX([ 0, 1 ], ["Key2"], [BSL_CRYPTO_SHA_384], ["7768617420646f2079612077616e7420666f72206e6f7468696e673f"], ["af45d2e376484031617f78d2b58a6b1b9c7ef464f5a01b47e42ec3736322445e8e2240ca5e69e2c78b3239ecfab21649"]) -TEST_MATRIX([ 0, 1 ], [2], [BSL_CRYPTO_SHA_512], ["7768617420646f2079612077616e7420666f72206e6f7468696e673f"], +TEST_MATRIX([ 0, 1 ], ["Key2"], [BSL_CRYPTO_SHA_512], ["7768617420646f2079612077616e7420666f72206e6f7468696e673f"], ["164b7a7bfcf819e2e395fbe73b56e0a387bd64222e831fd610270cd7ea2505549758bf75c05a994a6d034f65f8f0e6fdcaeab1a34" "d4a6b4b636e070a38bce737"]) -void test_hmac_in(int input_case, uint64_t keyid, BSL_CryptoCipherSHAVariant_e sha_var, const char *plaintext_in, +void test_hmac_in(int input_case, const char *keyid, BSL_CryptoCipherSHAVariant_e sha_var, const char *plaintext_in, char *expected) { string_t exp_txt; @@ -318,8 +318,8 @@ void test_hmac_in(int input_case, uint64_t keyid, BSL_CryptoCipherSHAVariant_e s /** * Test library encrypt using OpenSSL example decrypt */ -TEST_MATRIX([ "plaintext", "0123456789", "" ], [ 8, 9 ]) -void test_encrypt(const char *plaintext_in, uint64_t keyid) +TEST_MATRIX([ "plaintext", "0123456789", "" ], [ "Key8", "Key9" ]) +void test_encrypt(const char *plaintext_in, const char *keyid) { int res; @@ -340,7 +340,7 @@ void test_encrypt(const char *plaintext_in, uint64_t keyid) res = BSL_SeqWriter_InitFlat(&writer, &ciphertext, &ct_size); TEST_ASSERT_EQUAL(0, res); - int aes_var = (keyid == 8) ? BSL_CRYPTO_AES_256 : BSL_CRYPTO_AES_128; + int aes_var = (0 == strcmp(keyid, "Key8")) ? BSL_CRYPTO_AES_256 : BSL_CRYPTO_AES_128; BSL_Cipher_t ctx; const uint8_t *ekey; @@ -377,7 +377,7 @@ void test_encrypt(const char *plaintext_in, uint64_t keyid) TEST_ASSERT_EQUAL_INT(0, BSLB_Crypto_GetRegistryKey(keyid, &key, NULL)); TEST_ASSERT_NOT_NULL(key); - const EVP_CIPHER *cipher = (keyid == 8) ? EVP_aes_256_gcm() : EVP_aes_128_gcm(); + const EVP_CIPHER *cipher = (0 == strcmp(keyid, "Key8")) ? EVP_aes_256_gcm() : EVP_aes_128_gcm(); res = gcm_decrypt(cipher, ciphertext, ct_size, aad, 2, (unsigned char *)tag, (unsigned char *)key, iv, iv_len, plaintext, &plaintext_len); TEST_ASSERT_EQUAL(0, res); @@ -394,8 +394,8 @@ void test_encrypt(const char *plaintext_in, uint64_t keyid) /** * Test library decrypt using OpenSSL example encrypt */ -TEST_MATRIX([ "plaintext", "0123456789", "" ], [ 8, 9 ]) -void test_decrypt(const char *plaintext_in, uint64_t keyid) +TEST_MATRIX([ "plaintext", "0123456789", "" ], [ "Key8", "Key9" ]) +void test_decrypt(const char *plaintext_in, const char *keyid) { int res; @@ -414,7 +414,7 @@ void test_decrypt(const char *plaintext_in, uint64_t keyid) TEST_ASSERT_EQUAL_INT(0, BSLB_Crypto_GetRegistryKey(keyid, &key, NULL)); TEST_ASSERT_NOT_NULL(key); - const EVP_CIPHER *cipher = (keyid == 8) ? EVP_aes_256_gcm() : EVP_aes_128_gcm(); + const EVP_CIPHER *cipher = (0 == strcmp(keyid, "Key8")) ? EVP_aes_256_gcm() : EVP_aes_128_gcm(); res = gcm_encrypt(cipher, (unsigned char *)plaintext_in, strlen(plaintext_in), aad, 2, (unsigned char *)key, iv, iv_len, ciphertext, &ciphertext_len, tag); TEST_ASSERT_EQUAL(0, res); @@ -431,7 +431,7 @@ void test_decrypt(const char *plaintext_in, uint64_t keyid) res = BSL_SeqWriter_InitFlat(&writer, &plaintext, &pt_size); TEST_ASSERT_EQUAL(0, res); - int aes_var = (keyid == 8) ? BSL_CRYPTO_AES_256 : BSL_CRYPTO_AES_128; + int aes_var = (0 == strcmp(keyid, "Key8")) ? BSL_CRYPTO_AES_256 : BSL_CRYPTO_AES_128; const uint8_t *ckey; size_t ckeylen; diff --git a/test/test_PublicInterfaceImpl.c b/test/test_PublicInterfaceImpl.c index 77e3499e..438bb405 100644 --- a/test/test_PublicInterfaceImpl.c +++ b/test/test_PublicInterfaceImpl.c @@ -67,9 +67,9 @@ void setUp(void) BSL_SecParam_t param_sha_variant = { 0 }; BSL_SecParam_InitInt64(¶m_sha_variant, RFC9173_BIB_PARAMID_SHA_VARIANT, RFC9173_BIB_SHA_HMAC512); BSL_SecParam_t param_test_key_correct = { 0 }; - BSL_SecParam_InitInt64(¶m_test_key_correct, BSL_SECPARAM_TYPE_INT_KEY_ID, RFC9173_EXAMPLE_A1_KEY); + BSL_SecParam_InitStr(¶m_test_key_correct, BSL_SECPARAM_TYPE_KEY_ID, RFC9173_EXAMPLE_A1_KEY); BSL_SecParam_t param_test_key_bad = { 0 }; - BSL_SecParam_InitInt64(¶m_test_key_bad, BSL_SECPARAM_TYPE_INT_KEY_ID, RFC9173_EXAMPLE_A2_KEY); + BSL_SecParam_InitStr(¶m_test_key_bad, BSL_SECPARAM_TYPE_KEY_ID, RFC9173_EXAMPLE_A2_KEY); // Create a rule to Accept BIB blocks on all bundle from everywhere/to everywhere at APPIN (app ingress) BSLP_PolicyPredicate_t *predicate_all_appin = &policy->predicates[policy->predicate_count++];