cryptlib  3.4.1
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Properties Macros
acl.h
Go to the documentation of this file.
1 /****************************************************************************
2 * *
3 * ACL Definitions *
4 * Copyright Peter Gutmann 1997-2005 *
5 * *
6 ****************************************************************************/
7 
8 #ifndef _ACL_DEFINED
9 
10 #define _ACL_DEFINED
11 
12 /* Various includes and defines needed for range checking */
13 
14 #include <limits.h> /* For INT_MAX */
15 
16 /****************************************************************************
17 * *
18 * Object Type Information *
19 * *
20 ****************************************************************************/
21 
22 /* Bit flags for specifying valid object subtypes. Since the full field names
23  are rather long, we define a shortened form (only visible within the ACL
24  definitions) that reduces the space required to define them */
25 
26 #define ST_CTX_CONV SUBTYPE_CTX_CONV
27 #define ST_CTX_PKC SUBTYPE_CTX_PKC
28 #define ST_CTX_HASH SUBTYPE_CTX_HASH
29 #define ST_CTX_MAC SUBTYPE_CTX_MAC
30 #define ST_CTX_GENERIC SUBTYPE_CTX_GENERIC
31 #define ST_CTX_ANY ( ST_CTX_CONV | ST_CTX_PKC | ST_CTX_HASH | \
32  ST_CTX_MAC | ST_CTX_GENERIC )
33 
34 #define ST_CERT_CERT SUBTYPE_CERT_CERT
35 #define ST_CERT_CERTREQ SUBTYPE_CERT_CERTREQ
36 #define ST_CERT_REQ_CERT SUBTYPE_CERT_REQ_CERT
37 #define ST_CERT_REQ_REV SUBTYPE_CERT_REQ_REV
38 #define ST_CERT_CERTCHAIN SUBTYPE_CERT_CERTCHAIN
39 #define ST_CERT_ATTRCERT SUBTYPE_CERT_ATTRCERT
40 #define ST_CERT_CRL SUBTYPE_CERT_CRL
41 #define ST_CERT_CMSATTR SUBTYPE_CERT_CMSATTR
42 #define ST_CERT_RTCS_REQ SUBTYPE_CERT_RTCS_REQ
43 #define ST_CERT_RTCS_RESP SUBTYPE_CERT_RTCS_RESP
44 #define ST_CERT_OCSP_REQ SUBTYPE_CERT_OCSP_REQ
45 #define ST_CERT_OCSP_RESP SUBTYPE_CERT_OCSP_RESP
46 #define ST_CERT_PKIUSER SUBTYPE_CERT_PKIUSER
47 #define ST_CERT_ANY_CERT ( ST_CERT_CERT | ST_CERT_CERTREQ | \
48  SUBTYPE_CERT_REQ_CERT | ST_CERT_CERTCHAIN )
49 #define ST_CERT_ANY ( ST_CERT_ANY_CERT | ST_CERT_ATTRCERT | \
50  ST_CERT_REQ_REV | ST_CERT_CRL | \
51  ST_CERT_CMSATTR | ST_CERT_RTCS_REQ | \
52  ST_CERT_RTCS_RESP | ST_CERT_OCSP_REQ | \
53  ST_CERT_OCSP_RESP | ST_CERT_PKIUSER )
54 
55 #define ST_KEYSET_FILE SUBTYPE_KEYSET_FILE
56 #define ST_KEYSET_FILE_PARTIAL SUBTYPE_KEYSET_FILE_PARTIAL
57 #define ST_KEYSET_FILE_RO SUBTYPE_KEYSET_FILE_READONLY
58 #define ST_KEYSET_DBMS SUBTYPE_KEYSET_DBMS
59 #define ST_KEYSET_DBMS_STORE SUBTYPE_KEYSET_DBMS_STORE
60 #define ST_KEYSET_HTTP SUBTYPE_KEYSET_HTTP
61 #define ST_KEYSET_LDAP SUBTYPE_KEYSET_LDAP
62 #define ST_KEYSET_ANY ( ST_KEYSET_FILE | SUBTYPE_KEYSET_FILE_PARTIAL | \
63  ST_KEYSET_FILE_RO | ST_KEYSET_DBMS | \
64  ST_KEYSET_DBMS_STORE | ST_KEYSET_HTTP | \
65  ST_KEYSET_LDAP )
66 
67 #define ST_ENV_ENV SUBTYPE_ENV_ENV
68 #define ST_ENV_ENV_PGP SUBTYPE_ENV_ENV_PGP
69 #define ST_ENV_DEENV SUBTYPE_ENV_DEENV
70 #define ST_ENV_ANY ( ST_ENV_ENV | ST_ENV_ENV_PGP | ST_ENV_DEENV )
71 
72 #define ST_DEV_SYSTEM SUBTYPE_DEV_SYSTEM
73 #define ST_DEV_P11 SUBTYPE_DEV_PKCS11
74 #define ST_DEV_CAPI SUBTYPE_DEV_CRYPTOAPI
75 #define ST_DEV_HW SUBTYPE_DEV_HARDWARE
76 #define ST_DEV_ANY_STD ( ST_DEV_P11 | ST_DEV_CAPI | ST_DEV_HW )
77 #define ST_DEV_ANY ( ST_DEV_ANY_STD | ST_DEV_SYSTEM )
78 
79 #define ST_SESS_SSH SUBTYPE_SESSION_SSH
80 #define ST_SESS_SSH_SVR SUBTYPE_SESSION_SSH_SVR
81 #define ST_SESS_SSL SUBTYPE_SESSION_SSL
82 #define ST_SESS_SSL_SVR SUBTYPE_SESSION_SSL_SVR
83 #define ST_SESS_RTCS SUBTYPE_SESSION_RTCS
84 #define ST_SESS_RTCS_SVR SUBTYPE_SESSION_RTCS_SVR
85 #define ST_SESS_OCSP SUBTYPE_SESSION_OCSP
86 #define ST_SESS_OCSP_SVR SUBTYPE_SESSION_OCSP_SVR
87 #define ST_SESS_TSP SUBTYPE_SESSION_TSP
88 #define ST_SESS_TSP_SVR SUBTYPE_SESSION_TSP_SVR
89 #define ST_SESS_CMP SUBTYPE_SESSION_CMP
90 #define ST_SESS_CMP_SVR SUBTYPE_SESSION_CMP_SVR
91 #define ST_SESS_SCEP SUBTYPE_SESSION_SCEP
92 #define ST_SESS_SCEP_SVR SUBTYPE_SESSION_SCEP_SVR
93 #define ST_SESS_CERT_SVR SUBTYPE_SESSION_CERT_SVR
94 #define ST_SESS_ANY_SVR ( ST_SESS_SSH_SVR | ST_SESS_SSL_SVR | \
95  ST_SESS_RTCS_SVR | ST_SESS_OCSP_SVR | \
96  ST_SESS_TSP_SVR | ST_SESS_CMP_SVR | \
97  ST_SESS_SCEP_SVR | ST_SESS_CERT_SVR )
98 #define ST_SESS_ANY_CLIENT ( ST_SESS_SSH | ST_SESS_SSL | ST_SESS_RTCS | \
99  ST_SESS_OCSP | ST_SESS_TSP | ST_SESS_CMP | \
100  ST_SESS_SCEP )
101 #define ST_SESS_ANY_DATA ( ST_SESS_SSH | ST_SESS_SSH_SVR | \
102  ST_SESS_SSL | ST_SESS_SSL_SVR )
103 #define ST_SESS_ANY_REQRESP ( ST_SESS_RTCS | ST_SESS_RTCS_SVR | \
104  ST_SESS_OCSP | ST_SESS_OCSP_SVR | \
105  ST_SESS_TSP | ST_SESS_TSP_SVR | \
106  ST_SESS_CMP | ST_SESS_CMP_SVR | \
107  ST_SESS_SCEP | ST_SESS_SCEP_SVR | \
108  ST_SESS_CERT_SVR )
109 #define ST_SESS_ANY_SEC ( ST_SESS_ANY_DATA | \
110  ST_SESS_CMP | ST_SESSION_CMP_SVR )
111 #define ST_SESS_ANY ( ST_SESS_ANY_CLIENT | ST_SESS_ANY_SVR )
112 
113 #define ST_USER_NORMAL SUBTYPE_USER_NORMAL
114 #define ST_USER_SO SUBTYPE_USER_SO
115 #define ST_USER_CA SUBTYPE_USER_CA
116 #define ST_USER_ANY ( ST_USER_NORMAL | ST_USER_SO | ST_USER_CA )
117 
118 /* Subtype values that allow access for any object subtype and for no
119  object subtypes */
120 
121 #define ST_ANY_A ( ST_CTX_ANY | ST_CERT_ANY )
122 #define ST_ANY_B ( ST_ENV_ANY | ST_KEYSET_ANY | ST_DEV_ANY )
123 #define ST_ANY_C ( ST_SESS_ANY | ST_USER_ANY )
124 #define ST_NONE 0
125 
126 /****************************************************************************
127 * *
128 * Access Permission Information *
129 * *
130 ****************************************************************************/
131 
132 #if defined( INC_ALL )
133  #include "acl_perm.h"
134 #else
135  #include "kernel/acl_perm.h"
136 #endif /* Compiler-specific includes */
137 
138 /****************************************************************************
139 * *
140 * Routing Information *
141 * *
142 ****************************************************************************/
143 
144 /* Routing types, which specify the routing used for the message. This
145  routing applies not only for attribute manipulation messages but for all
146  messages in general, so that some of the routing types defined below only
147  apply for non-attribute messages. The routing types are:
148 
149  ROUTE_NONE
150  Not routed (the message or attribute is valid for any object type).
151 
152  ROUTE( target )
153  ROUTE_ALT( target, altTarget )
154  ROUTE_ALT2( target, altTarget1, altTarget2 )
155  Fixed-target messages always routed to a particular object type or
156  set of types (e.g. a certificate attribute is always routed to a
157  certificate object; a generate key message is always routed to a
158  context). In some cases alternative targets are possible, e.g. a
159  get-key message can be sent to a keyset or a device.
160 
161  ROUTE_FIXED( target )
162  ROUTE_FIXED_ALT( target, altTarget )
163  Not routed, but checked to make sure that they're addressed to the
164  required target type. These message types aren't routed because
165  they're specific to a particular object and are explicitly
166  unroutable. For example, a get key message sent to a cert or
167  context tied to a device shouldn't be forwarded on to the device,
168  since it would result in the cert acting as a keyset. This is
169  theoretically justifiable - "Get me another cert from the same place
170  that this one came from" - but it's stretching the orthogonality of
171  objects a bit far.
172 
173  ROUTE_IMPLICIT
174  For object attribute manipulation messages, implicitly routed by
175  attribute type.
176 
177  ROUTE_SPECIAL( routingFunction )
178  Special-case, message-dependent routing */
179 
180 #define ROUTE_NONE \
181  OBJECT_TYPE_NONE, NULL
182 #define ROUTE( target ) \
183  ( target ), findTargetType
184 #define ROUTE_ALT( target, altTarget ) \
185  ( target ) | ( ( altTarget ) << 8 ), findTargetType
186 #define ROUTE_ALT2( target, altTarget1, altTarget2 ) \
187  ( target ) | ( ( altTarget1 ) << 8 ) | ( ( altTarget2 ) << 16 ), findTargetType
188 #define ROUTE_FIXED( target ) \
189  ( target ), checkTargetType
190 #define ROUTE_FIXED_ALT( target, altTarget ) \
191  ( target ) | ( ( altTarget ) << 8 ), checkTargetType
192 #define ROUTE_IMPLICIT \
193  OBJECT_TYPE_LAST, findTargetType
194 #define ROUTE_SPECIAL( function ) \
195  OBJECT_TYPE_NONE, ( route##function )
196 
197 /* Macros to determine which type of routing to apply */
198 
199 #define isImplicitRouting( target ) ( ( target ) == OBJECT_TYPE_LAST )
200 #define isExplicitRouting( target ) ( ( target ) == OBJECT_TYPE_NONE )
201 
202 /****************************************************************************
203 * *
204 * Value Range Information *
205 * *
206 ****************************************************************************/
207 
208 /* The value range (for numeric or boolean values) or length range (for
209  variable-length data). Some values aren't amenable to a simple range
210  check so we also allow various extended types of checking. To denote that
211  an extended check needs to be performed, we set the low range value to
212  RANGE_EXT_MARKER and the high range value to an indicator of the type of
213  check to be performed. The range types are:
214 
215  RANGE_ANY
216  Allow any value
217  RANGE_ALLOWEDVALUES
218  extendedInfo contains int [] of allowed values, terminated by
219  CRYPT_ERROR
220  RANGE_SUBRANGES
221  extendedInfo contains subrange [] of allowed subranges, terminated
222  by { CRYPT_ERROR, CRYPT_ERROR }
223  RANGE_SUBTYPED
224  extendedInfo contains sub-acl [] of object type-specific sub-ACLs.
225  The main ACL is only used as a general template for checks, the real
226  checking is done via recursive application of the sub-ACL for the
227  specific object sub-type */
228 
229 typedef enum {
230  RANGEVAL_NONE, /* No range type */
231  RANGEVAL_ANY, /* Any value allowed */
232  RANGEVAL_ALLOWEDVALUES, /* List of permissible values */
233  RANGEVAL_SUBRANGES, /* List of permissible subranges */
234  RANGEVAL_SUBTYPED, /* Object-subtype-specific sub-ACL */
235  RANGEVAL_LAST /* Last valid range type */
236  } RANGEVAL_TYPE;
237 
238 #define RANGE_EXT_MARKER ( -1000 )/* Marker to denote extended range value */
239 
240 #define RANGE_ANY RANGE_EXT_MARKER, RANGEVAL_ANY
241 #define RANGE_ALLOWEDVALUES RANGE_EXT_MARKER, RANGEVAL_ALLOWEDVALUES
242 #define RANGE_SUBRANGES RANGE_EXT_MARKER, RANGEVAL_SUBRANGES
243 #define RANGE_SUBTYPED RANGE_EXT_MARKER, RANGEVAL_SUBTYPED
244 #define RANGE( low, high ) ( low ), ( high )
245 
246 /* The maximum possible integer value, used to indicate that any value is
247  allowed (e.g. when returning device-specific error codes). Note that
248  this differs from the MAX_INTLENGTH value defined in crypt.h, which
249  defines the maximum data length value that can be safely specified by a
250  signed integer */
251 
252 #define RANGE_MAX ( INT_MAX - 128 )
253 
254 /* Data structures to contain special-case range information */
255 
256 typedef struct { const int lowRange, highRange; } RANGE_SUBRANGE_TYPE;
257 
258 /* Macro to check whether it's an extended range and to extract the special
259  range type */
260 
261 #define isSpecialRange( attributeACL ) \
262  ( ( attributeACL )->lowRange == RANGE_EXT_MARKER )
263 #define getSpecialRangeType( attributeACL ) ( ( attributeACL )->highRange )
264 #define getSpecialRangeInfo( attributeACL ) ( ( attributeACL )->extendedInfo )
265 
266 /****************************************************************************
267 * *
268 * ACL Flags *
269 * *
270 ****************************************************************************/
271 
272 /* Flags for attribute ACLs:
273 
274  FLAG_OBJECTPROPERTY
275  This is an object property attribute which is handled by the kernel
276  rather than being forwarded to the object.
277 
278  FLAG_TRIGGER
279  Successfully setting this attribute triggers a change from the low to
280  the high state */
281 
282 #define ATTRIBUTE_FLAG_NONE 0x00
283 #define ATTRIBUTE_FLAG_PROPERTY 0x01
284 #define ATTRIBUTE_FLAG_TRIGGER 0x02
285 #define ATTRIBUTE_FLAG_LAST 0x04
286 
287 /* Miscellaneous ACL flags:
288 
289  FLAG_LOW_STATE
290  FLAG_HIGH_STATE
291  FLAG_ANY_STATE
292  Whether the object should be in a particular state.
293 
294  FLAG_ROUTE_TO_CTX
295  FLAG_ROUTE_TO_CERT
296  Whether routing should be applied to an object to locate an
297  underlying object (e.g. a PKC object for a certificate or a
298  certificate for a PKC object). The need to apply routing is
299  unfortunate but is required in order to apply the subtype check to
300  PKC/cert objects, sorting out which (pre-routed) object types are
301  permissible is beyond the scope of the ACL validation routines,
302  which would have to take into consideration the intricacies of all
303  manner of certificate objects paired with public and private keys */
304 
305 #define ACL_FLAG_NONE 0x00
306 #define ACL_FLAG_LOW_STATE 0x01
307 #define ACL_FLAG_HIGH_STATE 0x02
308 #define ACL_FLAG_ANY_STATE 0x03
309 #define ACL_FLAG_ROUTE_TO_CTX 0x04
310 #define ACL_FLAG_ROUTE_TO_CERT 0x08
311 
312 #define ACL_FLAG_STATE_MASK 0x03
313 
314 /* Macros to check the misc.ACL flags */
315 
316 #define checkObjectState( flags, objectHandle ) \
317  ( ( ( flags & ACL_FLAG_LOW_STATE ) && \
318  !isInHighState( objectHandle ) ) || \
319  ( ( flags & ACL_FLAG_HIGH_STATE ) && \
320  isInHighState( objectHandle ) ) )
321 
322 /****************************************************************************
323 * *
324 * Attribute ACL Definitions *
325 * *
326 ****************************************************************************/
327 
328 /* The attribute's type, for attribute ACLs. The basic values are boolean,
329  numeric, or byte string, there are also some special types such as object
330  handles that place extra constraints on the attribute */
331 
332 typedef enum {
333  ATTRIBUTE_VALUE_NONE, /* Non-value */
334  ATTRIBUTE_VALUE_BOOLEAN, /* Boolean flag */
335  ATTRIBUTE_VALUE_NUMERIC, /* Numeric value */
336  ATTRIBUTE_VALUE_STRING, /* Byte string */
337  ATTRIBUTE_VALUE_WCSTRING, /* (Possible) widechar string */
338  ATTRIBUTE_VALUE_OBJECT, /* Object handle */
339  ATTRIBUTE_VALUE_TIME, /* Timestamp */
340  ATTRIBUTE_VALUE_SPECIAL, /* Special-case value with sub-ACLs */
341  ATTRIBUTE_VALUE_LAST /* Last attribute value type */
342  } ATTRIBUTE_VALUE_TYPE;
343 
344 /* Attribute ACL entry. If the code is compiled in debug mode, we also add
345  the attribute type, which is used for an internal consistency check */
346 
347 typedef struct {
348 #ifndef NDEBUG
349  /* The attribute type, used for consistency checking */
350  const CRYPT_ATTRIBUTE_TYPE attribute;/* Attribute */
351 #endif /* NDEBUG */
352 
353  /* Attribute type checking information: The attribute value type and
354  object subtypes for which the attribute is valid */
355  const ATTRIBUTE_VALUE_TYPE valueType;/* Attribute value type */
356  const OBJECT_SUBTYPE subTypeA, subTypeB, subTypeC;
357  /* Object subtypes for which attr.valid */
358 
359  /* Access information: The type of access and object states that are
360  permitted, and attribute flags for this attribute */
361  const int access; /* Permitted access type */
362  const int flags; /* Attribute flags */
363 
364  /* Routing information: The object type (or types, packed into a single
365  value if there are more than one type) that the attribute applies to,
366  and the routing function applied to the attribute message */
367  const long routingTarget; /* Target type(s) if routable */
368  int ( *routingFunction )( const int objectHandle, const long arg );
369 
370  /* Attribute value checking information */
371  const int lowRange; /* Min/max allowed if numeric/boolean, */
372 #ifdef SYSTEM_16BIT
373  const long highRange; /* length if string */
374 #else
375  const int highRange; /* length if string */
376 #endif /* 16- vs. 32-bit systems */
377  const void *extendedInfo; /* Extended ACL/checking information */
378  } ATTRIBUTE_ACL;
379 
380 /* Macros to set up attribute ACL's. We have one for each of the basic types
381  and two general-purpose ones that provide more control over the values */
382 
383 #ifndef NDEBUG
384  /* Standard ACL entries */
385  #define MKACL_B( attribute, subTypeA, subTypeB, subTypeC, access, routing ) \
386  { attribute, ATTRIBUTE_VALUE_BOOLEAN, subTypeA, subTypeB, subTypeC, access, \
387  0, routing, FALSE, TRUE, NULL }
388  #define MKACL_N( attribute, subTypeA, subTypeB, subTypeC, access, routing, range ) \
389  { attribute, ATTRIBUTE_VALUE_NUMERIC, subTypeA, subTypeB, subTypeC, access, \
390  0, routing, range, NULL }
391  #define MKACL_S( attribute, subTypeA, subTypeB, subTypeC, access, routing, range ) \
392  { attribute, ATTRIBUTE_VALUE_STRING, subTypeA, subTypeB, subTypeC, access, \
393  0, routing, range, NULL }
394  #define MKACL_WCS( attribute, subTypeA, subTypeB, subTypeC, access, routing, range ) \
395  { attribute, ATTRIBUTE_VALUE_WCSTRING, subTypeA, subTypeB, subTypeC, access, \
396  0, routing, range, NULL }
397  #define MKACL_O( attribute, subTypeA, subTypeB, subTypeC, access, routing, type ) \
398  { attribute, ATTRIBUTE_VALUE_OBJECT, subTypeA, subTypeB, subTypeC, access, \
399  0, routing, 0, 0, type }
400  #define MKACL_T( attribute, subTypeA, subTypeB, subTypeC, access, routing ) \
401  { attribute, ATTRIBUTE_VALUE_TIME, subTypeA, subTypeB, subTypeC, access, \
402  0, routing, 0, 0, NULL }
403  #define MKACL_X( attribute, subTypeA, subTypeB, subTypeC, access, routing, subACL ) \
404  { attribute, ATTRIBUTE_VALUE_SPECIAL, subTypeA, subTypeB, subTypeC, access, \
405  0, routing, RANGE_SUBTYPED, subACL }
406 
407  /* Extended types */
408  #define MKACL_B_EX( attribute, subTypeA, subTypeB, subTypeC, access, flags, routing ) \
409  { attribute, ATTRIBUTE_VALUE_BOOLEAN, subTypeA, subTypeB, subTypeC, access, \
410  flags, routing, FALSE, TRUE, NULL }
411  #define MKACL_N_EX( attribute, subTypeA, subTypeB, subTypeC, access, flags, routing, range ) \
412  { attribute, ATTRIBUTE_VALUE_NUMERIC, subTypeA, subTypeB, subTypeC, access, \
413  flags, routing, range, NULL }
414  #define MKACL_S_EX( attribute, subTypeA, subTypeB, subTypeC, access, flags, routing, range ) \
415  { attribute, ATTRIBUTE_VALUE_STRING, subTypeA, subTypeB, subTypeC, access, \
416  flags, routing, range, NULL }
417  #define MKACL_O_EX( attribute, subTypeA, subTypeB, subTypeC, access, flags, routing, type ) \
418  { attribute, ATTRIBUTE_VALUE_OBJECT, subTypeA, subTypeB, subTypeC, access, \
419  flags, routing, 0, 0, type }
420  #define MKACL_X_EX( attribute, subTypeA, subTypeB, subTypeC, access, flags, routing, subACL ) \
421  { attribute, ATTRIBUTE_VALUE_SPECIAL, subTypeA, subTypeB, subTypeC, access, \
422  flags, routing, RANGE_SUBTYPED, subACL }
423 
424  /* General-purpose ACL macros */
425  #define MKACL( attribute, valueType, subTypeA, subTypeB, subTypeC, access, flags, routing, range ) \
426  { attribute, valueType, subTypeA, subTypeB, subTypeC, access, flags, \
427  routing, range, NULL }
428  #define MKACL_EX( attribute, valueType, subTypeA, subTypeB, subTypeC, access, flags, routing, range, allowed ) \
429  { attribute, valueType, subTypeA, subTypeB, subTypeC, access, flags, \
430  routing, range, allowed }
431 
432  /* End-of-ACL canary */
433  #define MKACL_END() \
434  { CRYPT_ERROR, ATTRIBUTE_VALUE_NONE, 0, 0, 0, ACCESS_xxx_xxx, \
435  0, 0, NULL, 0, 0, NULL }
436 
437  /* End-of-ACL marker, used to terminate variable-length sub-ACL lists. The
438  ST_ANY_A/B/C match ensures that it matches any object types */
439  #define MKACL_END_SUBACL() \
440  { CRYPT_ERROR, ATTRIBUTE_VALUE_NONE, ST_ANY_A, ST_ANY_B, ST_ANY_C, ACCESS_xxx_xxx, \
441  0, 0, NULL, 0, 0, NULL }
442 #else
443  /* Standard ACL entries */
444  #define MKACL_B( attribute, subTypeA, subTypeB, subTypeC, access, routing ) \
445  { ATTRIBUTE_VALUE_BOOLEAN, subTypeA, subTypeB, subTypeC, access, 0, \
446  routing, FALSE, TRUE, NULL }
447  #define MKACL_N( attribute, subTypeA, subTypeB, subTypeC, access, routing, range ) \
448  { ATTRIBUTE_VALUE_NUMERIC, subTypeA, subTypeB, subTypeC, access, 0, \
449  routing, range, NULL }
450  #define MKACL_S( attribute, subTypeA, subTypeB, subTypeC, access, routing, range ) \
451  { ATTRIBUTE_VALUE_STRING, subTypeA, subTypeB, subTypeC, access, 0, \
452  routing, range, NULL }
453  #define MKACL_WCS( attribute, subTypeA, subTypeB, subTypeC, access, routing, range ) \
454  { ATTRIBUTE_VALUE_WCSTRING, subTypeA, subTypeB, subTypeC, access, 0, \
455  routing, range, NULL }
456  #define MKACL_O( attribute, subTypeA, subTypeB, subTypeC, access, routing, type ) \
457  { ATTRIBUTE_VALUE_OBJECT, subTypeA, subTypeB, subTypeC, access, 0, \
458  routing, 0, 0, type }
459  #define MKACL_T( attribute, subTypeA, subTypeB, subTypeC, access, routing ) \
460  { ATTRIBUTE_VALUE_TIME, subTypeA, subTypeB, subTypeC, access, 0, \
461  routing, 0, 0, NULL }
462  #define MKACL_X( attribute, subTypeA, subTypeB, subTypeC, access, routing, subACL ) \
463  { ATTRIBUTE_VALUE_SPECIAL, subTypeA, subTypeB, subTypeC, access, 0, \
464  routing, RANGE_SUBTYPED, subACL }
465 
466  /* Extended types */
467  #define MKACL_B_EX( attribute, subTypeA, subTypeB, subTypeC, access, flags, routing ) \
468  { ATTRIBUTE_VALUE_BOOLEAN, subTypeA, subTypeB, subTypeC, access, flags, \
469  routing, FALSE, TRUE, NULL }
470  #define MKACL_N_EX( attribute, subTypeA, subTypeB, subTypeC, access, flags, routing, range ) \
471  { ATTRIBUTE_VALUE_NUMERIC, subTypeA, subTypeB, subTypeC, access, flags, \
472  routing, range, NULL }
473  #define MKACL_S_EX( attribute, subTypeA, subTypeB, subTypeC, access, flags, routing, range ) \
474  { ATTRIBUTE_VALUE_STRING, subTypeA, subTypeB, subTypeC, access, flags, \
475  routing, range, NULL }
476  #define MKACL_O_EX( attribute, subTypeA, subTypeB, subTypeC, access, flags, routing, type ) \
477  { ATTRIBUTE_VALUE_OBJECT, subTypeA, subTypeB, subTypeC, access, flags, \
478  routing, 0, 0, type }
479  #define MKACL_X_EX( attribute, subTypeA, subTypeB, subTypeC, access, flags, routing, subACL ) \
480  { ATTRIBUTE_VALUE_SPECIAL, subTypeA, subTypeB, subTypeC, access, flags, \
481  routing, RANGE_SUBTYPED, subACL }
482 
483  /* General-purpose ACL macros */
484  #define MKACL( attribute, valueType, subTypeA, subTypeB, subTypeC, access, flags, routing, range ) \
485  { valueType, subTypeA, subTypeB, subTypeC, access, flags, routing, range, NULL }
486  #define MKACL_EX( attribute, valueType, subTypeA, subTypeB, subTypeC, access, flags, routing, range, allowed ) \
487  { valueType, subTypeA, subTypeB, subTypeC, access, flags, routing, range, allowed }
488 
489  /* End-of-ACL canary */
490  #define MKACL_END() \
491  { ATTRIBUTE_VALUE_NONE, 0, 0, 0, ACCESS_xxx_xxx, \
492  0, 0, NULL, 0, 0, NULL }
493 
494  /* End-of-ACL marker, used to terminate variable-length sub-ACL lists. The
495  ST_ANY_A/B/C match ensures that it matches any object types */
496  #define MKACL_END_SUBACL() \
497  { ATTRIBUTE_VALUE_NONE, ST_ANY_A, ST_ANY_B, ST_ANY_C, ACCESS_xxx_xxx, \
498  0, 0, NULL, 0, 0, NULL }
499 #endif /* NDEBUG */
500 
501 /* The attribute ACLs are usually implemented as a lookup table, but in some
502  cases we may use sparse ACLs to handle special-case situations where only
503  a few attributes need to be checked. In order to locate the appropriate
504  ACL entry, the 'attribute' member (normally only used for debugging
505  purposes) needs to be present. To handle this, we define an alternative
506  ACL entry entry type (and associated setup macros) that differs from the
507  standard one in that the attribute member is present unconditionally.
508 
509  We have to be especially careful here because the parent type differs
510  depending on whether it's a normal or debug build. For the debug build
511  the 'attribute' member is present at the start, for the release build
512  it's absent so we place it at the end where it doesn't interfere with the
513  other struct members */
514 
515 typedef struct {
516 #ifndef NDEBUG
517  const CRYPT_ATTRIBUTE_TYPE attribute;/* Attribute */
518 #endif /* !NDEBUG */
519  const ATTRIBUTE_VALUE_TYPE valueType;/* Attribute value type */
520  const OBJECT_SUBTYPE subTypeA, subTypeB, subTypeC;
521  const int access; /* Permitted access type */
522  const int flags; /* Attribute flags */
523  const long routingTarget; /* Target type if routable */
524  int ( *routingFunction )( const int objectHandle, const long arg );
525  const int lowRange; /* Min/max allowed if numeric/boolean, */
526  const int highRange; /* length if string */
527  const void *extendedInfo; /* Extended access information */
528 #ifdef NDEBUG
529  const CRYPT_ATTRIBUTE_TYPE attribute;/* Attribute */
530 #endif /* NDEBUG */
531  } ATTRIBUTE_ACL_ALT;
532 
533 #ifndef NDEBUG
534  #define MKACL_S_ALT( attribute, subTypeA, subTypeB, subTypeC, access, routing, range ) \
535  { attribute, ATTRIBUTE_VALUE_STRING, subTypeA, subTypeB, subTypeC, access, \
536  0, routing, range, NULL }
537 #else
538  #define MKACL_S_ALT( attribute, subTypeA, subTypeB, subTypeC, access, routing, range ) \
539  { ATTRIBUTE_VALUE_STRING, subTypeA, subTypeB, subTypeC, access, 0, \
540  routing, range, NULL, attribute }
541 #endif /* !NDEBUG */
542 
543 /****************************************************************************
544 * *
545 * Keyset ACL Definitions *
546 * *
547 ****************************************************************************/
548 
549 /* Key management ACL entry */
550 
551 typedef struct {
552  /* The item type */
553  const KEYMGMT_ITEM_TYPE itemType;/* Key management item type */
554 
555  /* Valid keyset types and access types for this item type. This is a
556  matrix giving keyset types for which read/write/delete (R/W/D),
557  getFirst/Next (FN), and query (Q) access are valid */
558  const OBJECT_SUBTYPE keysetR_subTypeA, keysetR_subTypeB, keysetR_subTypeC;
559  const OBJECT_SUBTYPE keysetW_subTypeA, keysetW_subTypeB, keysetW_subTypeC;
560  const OBJECT_SUBTYPE keysetD_subTypeA, keysetD_subTypeB, keysetD_subTypeC;
561  const OBJECT_SUBTYPE keysetFN_subTypeA, keysetFN_subTypeB, keysetFN_subTypeC;
562  const OBJECT_SUBTYPE keysetQ_subTypeA, keysetQ_subTypeB, keysetQ_subTypeC;
563 
564  /* Permitted object types, key IDs, and key management flags for this
565  item type */
566  const OBJECT_SUBTYPE objSubTypeA, objSubTypeB, objSubTypeC;
567  /* Permitted object types for item */
568  const CRYPT_KEYID_TYPE *allowedKeyIDs; /* Permitted key IDs */
569  const int allowedFlags; /* Permitted key management flags */
570 
571  /* Parameter flags for the mechanism information. These define which
572  types of optional/mandatory parameters can and can't be present,
573  using an extended form of the ACCESS_xxx flags to indicate whether
574  the parameter is required or not/permitted or not for read, write,
575  and delete messages */
576  const int idUseFlags; /* ID required/not permitted */
577  const int pwUseFlags; /* Password required/not permitted */
578 
579  /* In the case of public/private keys the general-purpose ACL entries
580  aren't quite specific enough since some keysets require specific
581  types of certificates while others require generic public-key objects.
582  In the latter case they can have almost any kind of certificate object
583  attached, which doesn't matter when we're interested only in the
584  public key but does matter if we want a specific type of cert. If we
585  want a specific cert type, we specify the subset of keysets that this
586  applies to and the cert type(s) here */
587  const OBJECT_SUBTYPE specificKeysetSubTypeA, specificKeysetSubTypeB, \
588  specificKeysetSubTypeC;
589  const OBJECT_SUBTYPE specificObjSubTypeA, specificObjSubTypeB, \
590  specificObjSubTypeC;
591  } KEYMGMT_ACL;
592 
593 /* Macros to set up key management ACLs. The basic form treats the RWD and
594  FnQ groups as one value, the _RWD form specifies individual RWD and FnQ
595  values, and the _EX form adds special-case checking for specific object
596  types that must be written to some keyset types */
597 
598 #define MK_KEYACL( itemType, keysetRWDSubType, keysetFNQSubType, \
599  objectSubType, keyIDs, flags, idUseFlags, pwUseFlags ) \
600  { itemType, ST_NONE, keysetRWDSubType, ST_NONE, \
601  ST_NONE, keysetRWDSubType, ST_NONE, \
602  ST_NONE, keysetRWDSubType, ST_NONE, \
603  ST_NONE, keysetFNQSubType, ST_NONE, \
604  ST_NONE, keysetFNQSubType, ST_NONE, \
605  objectSubType, ST_NONE, ST_NONE, \
606  keyIDs, flags, idUseFlags, pwUseFlags, \
607  ST_NONE, ST_NONE, ST_NONE, ST_NONE, ST_NONE, ST_NONE }
608 #define MK_KEYACL_RWD( itemType, keysetR_SubType, keysetW_SubType, keysetD_SubType, \
609  keysetFN_SubType, keysetQ_SubType, objectSubType, keyIDs, \
610  flags, idUseFlags, pwUseFlags ) \
611  { itemType, ST_NONE, keysetR_SubType, ST_NONE, \
612  ST_NONE, keysetW_SubType, ST_NONE, \
613  ST_NONE, keysetD_SubType, ST_NONE, \
614  ST_NONE, keysetFN_SubType, ST_NONE, \
615  ST_NONE, keysetQ_SubType, ST_NONE, \
616  objectSubType, ST_NONE, ST_NONE, \
617  keyIDs, flags, idUseFlags, pwUseFlags, \
618  ST_NONE, ST_NONE, ST_NONE, ST_NONE, ST_NONE, ST_NONE }
619 #define MK_KEYACL_EX( itemType, keysetR_SubType, keysetW_SubType, keysetD_SubType, \
620  keysetFN_SubType, keysetQ_SubType, objectSubType, keyIDs, \
621  flags, idUseFlags, pwUseFlags, specificKeysetType, \
622  specificObjectType ) \
623  { itemType, ST_NONE, keysetR_SubType, ST_NONE, \
624  ST_NONE, keysetW_SubType, ST_NONE, \
625  ST_NONE, keysetD_SubType, ST_NONE, \
626  ST_NONE, keysetFN_SubType, ST_NONE, \
627  ST_NONE, keysetQ_SubType, ST_NONE, \
628  objectSubType, ST_NONE, ST_NONE, \
629  keyIDs, flags, idUseFlags, pwUseFlags, \
630  ST_NONE, specificKeysetType, ST_NONE, \
631  specificObjectType, ST_NONE, ST_NONE }
632 
633 /****************************************************************************
634 * *
635 * Parameter ACL Definitions *
636 * *
637 ****************************************************************************/
638 
639 /* The parameter's type. The basic values are boolean, numeric, or byte
640  string, there are also some special types such as object handles that
641  place extra constraints on the attribute */
642 
643 typedef enum {
644  PARAM_VALUE_NONE, /* Non-value */
645  PARAM_VALUE_BOOLEAN, /* Boolean flag */
646  PARAM_VALUE_NUMERIC, /* Numeric value */
647  PARAM_VALUE_STRING, /* Byte string */
648  PARAM_VALUE_STRING_OPT, /* Byte string or (NULL, 0) */
649  PARAM_VALUE_STRING_NONE, /* Empty (NULL, 0) string */
650  PARAM_VALUE_OBJECT, /* Object handle */
651  PARAM_VALUE_UNUSED, /* CRYPT_UNUSED */
652  PARAM_VALUE_LAST /* Last valid parameter type */
653  } PARAM_VALUE_TYPE;
654 
655 /* Parameter ACL entry, which defines the type and valid values for a
656  message parameter. This ACL type is used as a sub-ACL in a variety of
657  other kernel ACLs */
658 
659 typedef struct {
660  const PARAM_VALUE_TYPE valueType;/* Parameter value type */
661  const int lowRange, highRange; /* Min/max value or length */
662  const OBJECT_SUBTYPE subTypeA, subTypeB, subTypeC;
663  /* Object subtypes for which param.valid */
664  const int flags; /* ACL flags */
665  } PARAM_ACL;
666 
667 /* Macros to set up parameter ACLs */
668 
669 #define MKACP_B() \
670  { PARAM_VALUE_BOOLEAN, 0, 0, 0, 0, 0, 0 }
671 #define MKACP_N( min, max ) \
672  { PARAM_VALUE_NUMERIC, min, max, 0, 0, 0, 0 }
673 #define MKACP_S( minLen, maxLen ) \
674  { PARAM_VALUE_STRING, minLen, maxLen, 0, 0, 0, 0 }
675 #define MKACP_S_OPT( minLen, maxLen ) \
676  { PARAM_VALUE_STRING_OPT, minLen, maxLen, 0, 0, 0, 0 }
677 #define MKACP_S_NONE() \
678  { PARAM_VALUE_STRING_NONE, 0, 0, 0, 0, 0, 0 }
679 #define MKACP_O( subTypeA, flags ) \
680  { PARAM_VALUE_OBJECT, 0, 0, subTypeA, ST_NONE, ST_NONE, flags }
681 #define MKACP_UNUSED() \
682  { PARAM_VALUE_UNUSED, 0, 0, 0, 0, 0, 0 }
683 
684 /* End-of-mechanism-ACL marker */
685 
686 #define MKACP_END() \
687  { PARAM_VALUE_NONE, 0, 0, 0, 0, 0 }
688 
689 /* Macro to access the parameter ACL information for a given parameter in a
690  list of parameter ACLs */
691 
692 #define paramInfo( parentACL, paramNo ) parentACL->paramACL[ paramNo ]
693 
694 /* Macro to get the subtype of an object */
695 
696 #define objectST( objectHandle ) objectTable[ objectHandle ].subType
697 
698 /* Macros to check each parameter against a parameter ACL entry */
699 
700 #define checkParamNumeric( paramACL, value ) \
701  ( ( paramACL.valueType == PARAM_VALUE_UNUSED && \
702  value == CRYPT_UNUSED ) || \
703  ( paramACL.valueType == PARAM_VALUE_BOOLEAN && \
704  ( value == TRUE || value == FALSE ) ) || \
705  ( paramACL.valueType == PARAM_VALUE_NUMERIC && \
706  ( value >= paramACL.lowRange && value <= paramACL.highRange ) ) )
707 
708 #define checkParamString( paramACL, data, dataLen ) \
709  ( ( ( paramACL.valueType == PARAM_VALUE_STRING_NONE || \
710  paramACL.valueType == PARAM_VALUE_STRING_OPT ) && \
711  data == NULL && dataLen == 0 ) || \
712  ( ( paramACL.valueType == PARAM_VALUE_STRING || \
713  paramACL.valueType == PARAM_VALUE_STRING_OPT ) && \
714  ( dataLen >= paramACL.lowRange && \
715  dataLen <= paramACL.highRange ) && \
716  isReadPtr( data, dataLen ) ) )
717 
718 #define checkParamObject( paramACL, objectHandle ) \
719  ( ( paramACL.valueType == PARAM_VALUE_UNUSED && \
720  objectHandle == CRYPT_UNUSED ) || \
721  ( paramACL.valueType == PARAM_VALUE_OBJECT && \
722  ( ( paramACL.subTypeA & objectST( objectHandle ) ) == \
723  objectST( objectHandle ) || \
724  ( paramACL.subTypeB & objectST( objectHandle ) ) == \
725  objectST( objectHandle ) || \
726  ( paramACL.subTypeC & objectST( objectHandle ) ) == \
727  objectST( objectHandle ) ) && \
728  checkObjectState( paramACL.flags, objectHandle ) ) )
729 
730 /****************************************************************************
731 * *
732 * Misc.ACL Definitions *
733 * *
734 ****************************************************************************/
735 
736 /* Object ACL entry for object parameters for messages. This is used as a
737  composite entry in various ACLs that apply to objects */
738 
739 typedef struct {
740  const OBJECT_SUBTYPE subTypeA, subTypeB, subTypeC;
741  /* Object subtypes for which attr.valid */
742  const int flags; /* ACL flags */
743  } OBJECT_ACL;
744 
745 /* Message ACL entry */
746 
747 typedef struct {
748  const MESSAGE_TYPE type; /* Message type */
749  const OBJECT_ACL objectACL; /* Valid objects for message type */
750  } MESSAGE_ACL;
751 
752 /* Mechanism ACL entry */
753 
754 typedef struct {
755  const MECHANISM_TYPE type; /* Mechanism type */
756  const PARAM_ACL paramACL[ 6 ]; /* Parameter ACL information */
757  } MECHANISM_ACL;
758 
759 /* Create-object ACL entry */
760 
761 typedef struct CRA {
762  const OBJECT_TYPE type; /* Object type */
763  const PARAM_ACL paramACL[ 4 ]; /* Parameter ACL information */
764  const int exceptions[ 2 ]; /* Subtypes that need special handling */
765  const struct CRA *exceptionACL; /* Special-handling ACL */
766  } CREATE_ACL;
767 
768 /* Cert mgmt.ACL entry. These have parameters that work similarly to the
769  mechanism ACLs, except that only a small subset (objects and unused) are
770  used in practice. In addition some objects require the presence of
771  secondary objects (dependent objects for the main object), for example
772  a CA's PKC context requires an attached CA certificate. This is
773  specified in the secondary parameter ACL, which mirrors the main
774  parameter ACL */
775 
776 typedef struct {
777  const CRYPT_CERTACTION_TYPE action; /* Cert mgmt.action */
778  const int access; /* Permitted access type */
779  const PARAM_ACL paramACL[ 3 ]; /* Parameter ACL information */
780  const PARAM_ACL secParamACL[ 3 ];/* Parameter ACL for dep.objects */
781  } CERTMGMT_ACL;
782 
783 /* Compare-message ACL entry */
784 
785 typedef struct {
786  const MESSAGE_COMPARE_TYPE compareType; /* Compare message type */
787  const OBJECT_ACL objectACL; /* Valid objects for message type */
788  const PARAM_ACL paramACL[ 1 ]; /* Parameter ACL information */
789  } COMPARE_ACL;
790 
791 /* Macros to set up compare ACLs */
792 
793 #define MK_CMPACL_S( objSTA, lowRange, highRange ) \
794  { objSTA, ST_NONE, ST_NONE, ACL_FLAG_HIGH_STATE }, \
795  { MKACP_S( lowRange, highRange ) }
796 #define MK_CMPACL_O( objSTA, pObjSTA ) \
797  { objSTA, ST_NONE, ST_NONE, ACL_FLAG_HIGH_STATE }, \
798  { MKACP_O( pObjSTA, ACL_FLAG_HIGH_STATE ) }
799 #define MK_CMPACL_END() \
800  { ST_NONE, ST_NONE, ST_NONE, ACL_FLAG_NONE }, \
801  { MKACP_END() }
802 
803 /* Check-message ACL entry. Most checks are for the same capability in a
804  single object type (e.g. encryption capability in a PKC context and/or
805  cert), for which we check the object type and action corresponding to the
806  check. However, some checks apply to dependent but object pairs but with
807  different capabilities (for example a PKC context and a CA certificate).
808  In this case the check can be applied to either of the two object types,
809  so we allow for a secondary ACL entry for the related object type. In
810  addition once we've applied the check to the primary object, we have to
811  forward it to the secondary object, however in order to avoid message
812  loops the forwarded check type applies only to the secondary object
813  rather than being the same as the one that was applied to the primary
814  object */
815 
816 typedef struct {
817  const MESSAGE_CHECK_TYPE checkType; /* Check message type */
818  const MESSAGE_TYPE actionType; /* Action corresponding to check */
819  const OBJECT_ACL objectACL; /* Valid objects for message type */
820  const struct CAA *altACL; /* Ptr. to alt.ACL */
821  } CHECK_ACL;
822 
823 typedef struct CAA {
824  const OBJECT_TYPE object; /* Object type this entry applies to */
825  const MESSAGE_CHECK_TYPE checkType; /* Check message type */
826  const OBJECT_TYPE depObject; /* Dependent object type */
827  const OBJECT_ACL depObjectACL; /* Valid objects for message type */
828  const MESSAGE_CHECK_TYPE fdCheckType; /* Fwded check type for related obj.*/
829  } CHECK_ALT_ACL;
830 
831 /* Macros to set up check ACLs. For the standard check ACL the first
832  parameter, the check type, is supplied explicitly and isn't present in
833  the macro */
834 
835 #define MK_CHKACL( action, objSTA ) \
836  action, { objSTA, ST_NONE, ST_NONE, ACL_FLAG_HIGH_STATE }, NULL
837 #define MK_CHKACL_EX( action, objSTA, objSTB, flags ) \
838  action, { objSTA, objSTB, ST_NONE, flags }
839 #define MK_CHKACL_EXT( action, objSTA, extACL ) \
840  action, { objSTA, ST_NONE, ST_NONE, ACL_FLAG_HIGH_STATE }, extACL
841 #define MK_CHKACL_END() \
842  MESSAGE_NONE, { ST_NONE, ST_NONE, ST_NONE, ACL_FLAG_NONE }
843 
844 #define MK_CHKACL_ALT( depObj, depObjSTA, fdCheck ) \
845  depObj, { depObjSTA, ST_NONE, ST_NONE, ACL_FLAG_HIGH_STATE }, fdCheck
846 #define MK_CHKACL_ALT_END() \
847  MESSAGE_NONE, \
848  OBJECT_TYPE_NONE, { ST_NONE, ST_NONE, ST_NONE, ACL_FLAG_NONE }, MESSAGE_NONE,
849 
850 /* Object dependency ACL entry, used when making one object dependent on
851  another */
852 
853 typedef struct {
854  const OBJECT_TYPE type; /* Object type and subtype */
855  const OBJECT_SUBTYPE subTypeA, subTypeB, subTypeC;
856  const OBJECT_TYPE dType; /* Dependent object type and subtype */
857  const OBJECT_SUBTYPE dSubTypeA, dSubTypeB, dSubTypeC;
858  const int flags; /* Dependency flags */
859  } DEPENDENCY_ACL;
860 
861 /* Macros to set up dependency ACLs */
862 
863 #define MK_DEPACL( objType, objSTA, objSTB, objSTC, dObjType, dObjSTA, dObjSTB, dObjSTC ) \
864  { objType, objSTA, objSTB, objSTC, dObjType, dObjSTA, dObjSTB, dObjSTC, DEP_FLAG_NONE }
865 #define MK_DEPACL_EX( objType, objSTA, objSTB, objSTC, dObjType, dObjSTA, dObjSTB, dObjSTC, flags ) \
866  { objType, objSTA, objSTB, objSTC, dObjType, dObjSTA, dObjSTB, dObjSTC, flags }
867 #define MK_DEPACL_END() \
868  { OBJECT_TYPE_NONE, 0, 0, 0, OBJECT_TYPE_NONE, 0, 0, 0, DEP_FLAG_NONE }
869 
870 /* Flags for the dependency ACLs */
871 
872 #define DEP_FLAG_NONE 0x00 /* No dependency flag */
873 #define DEP_FLAG_UPDATEDEP 0x01 /* Update dependent object */
874 
875 #endif /* _ACL_DEFINED */
Generated on Thu Jan 10 2013 10:00:48 for cryptlib by   doxygen 1.8.2