26 #define ST_CTX_CONV SUBTYPE_CTX_CONV
27 #define ST_CTX_PKC SUBTYPE_CTX_PKC
28 #define ST_CTX_HASH SUBTYPE_CTX_HASH
29 #define ST_CTX_MAC SUBTYPE_CTX_MAC
30 #define ST_CTX_GENERIC SUBTYPE_CTX_GENERIC
31 #define ST_CTX_ANY ( ST_CTX_CONV | ST_CTX_PKC | ST_CTX_HASH | \
32 ST_CTX_MAC | ST_CTX_GENERIC )
34 #define ST_CERT_CERT SUBTYPE_CERT_CERT
35 #define ST_CERT_CERTREQ SUBTYPE_CERT_CERTREQ
36 #define ST_CERT_REQ_CERT SUBTYPE_CERT_REQ_CERT
37 #define ST_CERT_REQ_REV SUBTYPE_CERT_REQ_REV
38 #define ST_CERT_CERTCHAIN SUBTYPE_CERT_CERTCHAIN
39 #define ST_CERT_ATTRCERT SUBTYPE_CERT_ATTRCERT
40 #define ST_CERT_CRL SUBTYPE_CERT_CRL
41 #define ST_CERT_CMSATTR SUBTYPE_CERT_CMSATTR
42 #define ST_CERT_RTCS_REQ SUBTYPE_CERT_RTCS_REQ
43 #define ST_CERT_RTCS_RESP SUBTYPE_CERT_RTCS_RESP
44 #define ST_CERT_OCSP_REQ SUBTYPE_CERT_OCSP_REQ
45 #define ST_CERT_OCSP_RESP SUBTYPE_CERT_OCSP_RESP
46 #define ST_CERT_PKIUSER SUBTYPE_CERT_PKIUSER
47 #define ST_CERT_ANY_CERT ( ST_CERT_CERT | ST_CERT_CERTREQ | \
48 SUBTYPE_CERT_REQ_CERT | ST_CERT_CERTCHAIN )
49 #define ST_CERT_ANY ( ST_CERT_ANY_CERT | ST_CERT_ATTRCERT | \
50 ST_CERT_REQ_REV | ST_CERT_CRL | \
51 ST_CERT_CMSATTR | ST_CERT_RTCS_REQ | \
52 ST_CERT_RTCS_RESP | ST_CERT_OCSP_REQ | \
53 ST_CERT_OCSP_RESP | ST_CERT_PKIUSER )
55 #define ST_KEYSET_FILE SUBTYPE_KEYSET_FILE
56 #define ST_KEYSET_FILE_PARTIAL SUBTYPE_KEYSET_FILE_PARTIAL
57 #define ST_KEYSET_FILE_RO SUBTYPE_KEYSET_FILE_READONLY
58 #define ST_KEYSET_DBMS SUBTYPE_KEYSET_DBMS
59 #define ST_KEYSET_DBMS_STORE SUBTYPE_KEYSET_DBMS_STORE
60 #define ST_KEYSET_HTTP SUBTYPE_KEYSET_HTTP
61 #define ST_KEYSET_LDAP SUBTYPE_KEYSET_LDAP
62 #define ST_KEYSET_ANY ( ST_KEYSET_FILE | SUBTYPE_KEYSET_FILE_PARTIAL | \
63 ST_KEYSET_FILE_RO | ST_KEYSET_DBMS | \
64 ST_KEYSET_DBMS_STORE | ST_KEYSET_HTTP | \
67 #define ST_ENV_ENV SUBTYPE_ENV_ENV
68 #define ST_ENV_ENV_PGP SUBTYPE_ENV_ENV_PGP
69 #define ST_ENV_DEENV SUBTYPE_ENV_DEENV
70 #define ST_ENV_ANY ( ST_ENV_ENV | ST_ENV_ENV_PGP | ST_ENV_DEENV )
72 #define ST_DEV_SYSTEM SUBTYPE_DEV_SYSTEM
73 #define ST_DEV_P11 SUBTYPE_DEV_PKCS11
74 #define ST_DEV_CAPI SUBTYPE_DEV_CRYPTOAPI
75 #define ST_DEV_HW SUBTYPE_DEV_HARDWARE
76 #define ST_DEV_ANY_STD ( ST_DEV_P11 | ST_DEV_CAPI | ST_DEV_HW )
77 #define ST_DEV_ANY ( ST_DEV_ANY_STD | ST_DEV_SYSTEM )
79 #define ST_SESS_SSH SUBTYPE_SESSION_SSH
80 #define ST_SESS_SSH_SVR SUBTYPE_SESSION_SSH_SVR
81 #define ST_SESS_SSL SUBTYPE_SESSION_SSL
82 #define ST_SESS_SSL_SVR SUBTYPE_SESSION_SSL_SVR
83 #define ST_SESS_RTCS SUBTYPE_SESSION_RTCS
84 #define ST_SESS_RTCS_SVR SUBTYPE_SESSION_RTCS_SVR
85 #define ST_SESS_OCSP SUBTYPE_SESSION_OCSP
86 #define ST_SESS_OCSP_SVR SUBTYPE_SESSION_OCSP_SVR
87 #define ST_SESS_TSP SUBTYPE_SESSION_TSP
88 #define ST_SESS_TSP_SVR SUBTYPE_SESSION_TSP_SVR
89 #define ST_SESS_CMP SUBTYPE_SESSION_CMP
90 #define ST_SESS_CMP_SVR SUBTYPE_SESSION_CMP_SVR
91 #define ST_SESS_SCEP SUBTYPE_SESSION_SCEP
92 #define ST_SESS_SCEP_SVR SUBTYPE_SESSION_SCEP_SVR
93 #define ST_SESS_CERT_SVR SUBTYPE_SESSION_CERT_SVR
94 #define ST_SESS_ANY_SVR ( ST_SESS_SSH_SVR | ST_SESS_SSL_SVR | \
95 ST_SESS_RTCS_SVR | ST_SESS_OCSP_SVR | \
96 ST_SESS_TSP_SVR | ST_SESS_CMP_SVR | \
97 ST_SESS_SCEP_SVR | ST_SESS_CERT_SVR )
98 #define ST_SESS_ANY_CLIENT ( ST_SESS_SSH | ST_SESS_SSL | ST_SESS_RTCS | \
99 ST_SESS_OCSP | ST_SESS_TSP | ST_SESS_CMP | \
101 #define ST_SESS_ANY_DATA ( ST_SESS_SSH | ST_SESS_SSH_SVR | \
102 ST_SESS_SSL | ST_SESS_SSL_SVR )
103 #define ST_SESS_ANY_REQRESP ( ST_SESS_RTCS | ST_SESS_RTCS_SVR | \
104 ST_SESS_OCSP | ST_SESS_OCSP_SVR | \
105 ST_SESS_TSP | ST_SESS_TSP_SVR | \
106 ST_SESS_CMP | ST_SESS_CMP_SVR | \
107 ST_SESS_SCEP | ST_SESS_SCEP_SVR | \
109 #define ST_SESS_ANY_SEC ( ST_SESS_ANY_DATA | \
110 ST_SESS_CMP | ST_SESSION_CMP_SVR )
111 #define ST_SESS_ANY ( ST_SESS_ANY_CLIENT | ST_SESS_ANY_SVR )
113 #define ST_USER_NORMAL SUBTYPE_USER_NORMAL
114 #define ST_USER_SO SUBTYPE_USER_SO
115 #define ST_USER_CA SUBTYPE_USER_CA
116 #define ST_USER_ANY ( ST_USER_NORMAL | ST_USER_SO | ST_USER_CA )
121 #define ST_ANY_A ( ST_CTX_ANY | ST_CERT_ANY )
122 #define ST_ANY_B ( ST_ENV_ANY | ST_KEYSET_ANY | ST_DEV_ANY )
123 #define ST_ANY_C ( ST_SESS_ANY | ST_USER_ANY )
132 #if defined( INC_ALL )
181 OBJECT_TYPE_NONE, NULL
182 #define ROUTE( target ) \
183 ( target ), findTargetType
184 #define ROUTE_ALT( target, altTarget ) \
185 ( target ) | ( ( altTarget ) << 8 ), findTargetType
186 #define ROUTE_ALT2( target, altTarget1, altTarget2 ) \
187 ( target ) | ( ( altTarget1 ) << 8 ) | ( ( altTarget2 ) << 16 ), findTargetType
188 #define ROUTE_FIXED( target ) \
189 ( target ), checkTargetType
190 #define ROUTE_FIXED_ALT( target, altTarget ) \
191 ( target ) | ( ( altTarget ) << 8 ), checkTargetType
192 #define ROUTE_IMPLICIT \
193 OBJECT_TYPE_LAST, findTargetType
194 #define ROUTE_SPECIAL( function ) \
195 OBJECT_TYPE_NONE, ( route##function )
199 #define isImplicitRouting( target ) ( ( target ) == OBJECT_TYPE_LAST )
200 #define isExplicitRouting( target ) ( ( target ) == OBJECT_TYPE_NONE )
238 #define RANGE_EXT_MARKER ( -1000 )
240 #define RANGE_ANY RANGE_EXT_MARKER, RANGEVAL_ANY
241 #define RANGE_ALLOWEDVALUES RANGE_EXT_MARKER, RANGEVAL_ALLOWEDVALUES
242 #define RANGE_SUBRANGES RANGE_EXT_MARKER, RANGEVAL_SUBRANGES
243 #define RANGE_SUBTYPED RANGE_EXT_MARKER, RANGEVAL_SUBTYPED
244 #define RANGE( low, high ) ( low ), ( high )
252 #define RANGE_MAX ( INT_MAX - 128 )
261 #define isSpecialRange( attributeACL ) \
262 ( ( attributeACL )->lowRange == RANGE_EXT_MARKER )
263 #define getSpecialRangeType( attributeACL ) ( ( attributeACL )->highRange )
264 #define getSpecialRangeInfo( attributeACL ) ( ( attributeACL )->extendedInfo )
282 #define ATTRIBUTE_FLAG_NONE 0x00
283 #define ATTRIBUTE_FLAG_PROPERTY 0x01
284 #define ATTRIBUTE_FLAG_TRIGGER 0x02
285 #define ATTRIBUTE_FLAG_LAST 0x04
305 #define ACL_FLAG_NONE 0x00
306 #define ACL_FLAG_LOW_STATE 0x01
307 #define ACL_FLAG_HIGH_STATE 0x02
308 #define ACL_FLAG_ANY_STATE 0x03
309 #define ACL_FLAG_ROUTE_TO_CTX 0x04
310 #define ACL_FLAG_ROUTE_TO_CERT 0x08
312 #define ACL_FLAG_STATE_MASK 0x03
316 #define checkObjectState( flags, objectHandle ) \
317 ( ( ( flags & ACL_FLAG_LOW_STATE ) && \
318 !isInHighState( objectHandle ) ) || \
319 ( ( flags & ACL_FLAG_HIGH_STATE ) && \
320 isInHighState( objectHandle ) ) )
368 int ( *routingFunction )(
const int objectHandle,
const long arg );
373 const long highRange;
385 #define MKACL_B( attribute, subTypeA, subTypeB, subTypeC, access, routing ) \
386 { attribute, ATTRIBUTE_VALUE_BOOLEAN, subTypeA, subTypeB, subTypeC, access, \
387 0, routing, FALSE, TRUE, NULL }
388 #define MKACL_N( attribute, subTypeA, subTypeB, subTypeC, access, routing, range ) \
389 { attribute, ATTRIBUTE_VALUE_NUMERIC, subTypeA, subTypeB, subTypeC, access, \
390 0, routing, range, NULL }
391 #define MKACL_S( attribute, subTypeA, subTypeB, subTypeC, access, routing, range ) \
392 { attribute, ATTRIBUTE_VALUE_STRING, subTypeA, subTypeB, subTypeC, access, \
393 0, routing, range, NULL }
394 #define MKACL_WCS( attribute, subTypeA, subTypeB, subTypeC, access, routing, range ) \
395 { attribute, ATTRIBUTE_VALUE_WCSTRING, subTypeA, subTypeB, subTypeC, access, \
396 0, routing, range, NULL }
397 #define MKACL_O( attribute, subTypeA, subTypeB, subTypeC, access, routing, type ) \
398 { attribute, ATTRIBUTE_VALUE_OBJECT, subTypeA, subTypeB, subTypeC, access, \
399 0, routing, 0, 0, type }
400 #define MKACL_T( attribute, subTypeA, subTypeB, subTypeC, access, routing ) \
401 { attribute, ATTRIBUTE_VALUE_TIME, subTypeA, subTypeB, subTypeC, access, \
402 0, routing, 0, 0, NULL }
403 #define MKACL_X( attribute, subTypeA, subTypeB, subTypeC, access, routing, subACL ) \
404 { attribute, ATTRIBUTE_VALUE_SPECIAL, subTypeA, subTypeB, subTypeC, access, \
405 0, routing, RANGE_SUBTYPED, subACL }
408 #define MKACL_B_EX( attribute, subTypeA, subTypeB, subTypeC, access, flags, routing ) \
409 { attribute, ATTRIBUTE_VALUE_BOOLEAN, subTypeA, subTypeB, subTypeC, access, \
410 flags, routing, FALSE, TRUE, NULL }
411 #define MKACL_N_EX( attribute, subTypeA, subTypeB, subTypeC, access, flags, routing, range ) \
412 { attribute, ATTRIBUTE_VALUE_NUMERIC, subTypeA, subTypeB, subTypeC, access, \
413 flags, routing, range, NULL }
414 #define MKACL_S_EX( attribute, subTypeA, subTypeB, subTypeC, access, flags, routing, range ) \
415 { attribute, ATTRIBUTE_VALUE_STRING, subTypeA, subTypeB, subTypeC, access, \
416 flags, routing, range, NULL }
417 #define MKACL_O_EX( attribute, subTypeA, subTypeB, subTypeC, access, flags, routing, type ) \
418 { attribute, ATTRIBUTE_VALUE_OBJECT, subTypeA, subTypeB, subTypeC, access, \
419 flags, routing, 0, 0, type }
420 #define MKACL_X_EX( attribute, subTypeA, subTypeB, subTypeC, access, flags, routing, subACL ) \
421 { attribute, ATTRIBUTE_VALUE_SPECIAL, subTypeA, subTypeB, subTypeC, access, \
422 flags, routing, RANGE_SUBTYPED, subACL }
425 #define MKACL( attribute, valueType, subTypeA, subTypeB, subTypeC, access, flags, routing, range ) \
426 { attribute, valueType, subTypeA, subTypeB, subTypeC, access, flags, \
427 routing, range, NULL }
428 #define MKACL_EX( attribute, valueType, subTypeA, subTypeB, subTypeC, access, flags, routing, range, allowed ) \
429 { attribute, valueType, subTypeA, subTypeB, subTypeC, access, flags, \
430 routing, range, allowed }
433 #define MKACL_END() \
434 { CRYPT_ERROR, ATTRIBUTE_VALUE_NONE, 0, 0, 0, ACCESS_xxx_xxx, \
435 0, 0, NULL, 0, 0, NULL }
439 #define MKACL_END_SUBACL() \
440 { CRYPT_ERROR, ATTRIBUTE_VALUE_NONE, ST_ANY_A, ST_ANY_B, ST_ANY_C, ACCESS_xxx_xxx, \
441 0, 0, NULL, 0, 0, NULL }
444 #define MKACL_B( attribute, subTypeA, subTypeB, subTypeC, access, routing ) \
445 { ATTRIBUTE_VALUE_BOOLEAN, subTypeA, subTypeB, subTypeC, access, 0, \
446 routing, FALSE, TRUE, NULL }
447 #define MKACL_N( attribute, subTypeA, subTypeB, subTypeC, access, routing, range ) \
448 { ATTRIBUTE_VALUE_NUMERIC, subTypeA, subTypeB, subTypeC, access, 0, \
449 routing, range, NULL }
450 #define MKACL_S( attribute, subTypeA, subTypeB, subTypeC, access, routing, range ) \
451 { ATTRIBUTE_VALUE_STRING, subTypeA, subTypeB, subTypeC, access, 0, \
452 routing, range, NULL }
453 #define MKACL_WCS( attribute, subTypeA, subTypeB, subTypeC, access, routing, range ) \
454 { ATTRIBUTE_VALUE_WCSTRING, subTypeA, subTypeB, subTypeC, access, 0, \
455 routing, range, NULL }
456 #define MKACL_O( attribute, subTypeA, subTypeB, subTypeC, access, routing, type ) \
457 { ATTRIBUTE_VALUE_OBJECT, subTypeA, subTypeB, subTypeC, access, 0, \
458 routing, 0, 0, type }
459 #define MKACL_T( attribute, subTypeA, subTypeB, subTypeC, access, routing ) \
460 { ATTRIBUTE_VALUE_TIME, subTypeA, subTypeB, subTypeC, access, 0, \
461 routing, 0, 0, NULL }
462 #define MKACL_X( attribute, subTypeA, subTypeB, subTypeC, access, routing, subACL ) \
463 { ATTRIBUTE_VALUE_SPECIAL, subTypeA, subTypeB, subTypeC, access, 0, \
464 routing, RANGE_SUBTYPED, subACL }
467 #define MKACL_B_EX( attribute, subTypeA, subTypeB, subTypeC, access, flags, routing ) \
468 { ATTRIBUTE_VALUE_BOOLEAN, subTypeA, subTypeB, subTypeC, access, flags, \
469 routing, FALSE, TRUE, NULL }
470 #define MKACL_N_EX( attribute, subTypeA, subTypeB, subTypeC, access, flags, routing, range ) \
471 { ATTRIBUTE_VALUE_NUMERIC, subTypeA, subTypeB, subTypeC, access, flags, \
472 routing, range, NULL }
473 #define MKACL_S_EX( attribute, subTypeA, subTypeB, subTypeC, access, flags, routing, range ) \
474 { ATTRIBUTE_VALUE_STRING, subTypeA, subTypeB, subTypeC, access, flags, \
475 routing, range, NULL }
476 #define MKACL_O_EX( attribute, subTypeA, subTypeB, subTypeC, access, flags, routing, type ) \
477 { ATTRIBUTE_VALUE_OBJECT, subTypeA, subTypeB, subTypeC, access, flags, \
478 routing, 0, 0, type }
479 #define MKACL_X_EX( attribute, subTypeA, subTypeB, subTypeC, access, flags, routing, subACL ) \
480 { ATTRIBUTE_VALUE_SPECIAL, subTypeA, subTypeB, subTypeC, access, flags, \
481 routing, RANGE_SUBTYPED, subACL }
484 #define MKACL( attribute, valueType, subTypeA, subTypeB, subTypeC, access, flags, routing, range ) \
485 { valueType, subTypeA, subTypeB, subTypeC, access, flags, routing, range, NULL }
486 #define MKACL_EX( attribute, valueType, subTypeA, subTypeB, subTypeC, access, flags, routing, range, allowed ) \
487 { valueType, subTypeA, subTypeB, subTypeC, access, flags, routing, range, allowed }
490 #define MKACL_END() \
491 { ATTRIBUTE_VALUE_NONE, 0, 0, 0, ACCESS_xxx_xxx, \
492 0, 0, NULL, 0, 0, NULL }
496 #define MKACL_END_SUBACL() \
497 { ATTRIBUTE_VALUE_NONE, ST_ANY_A, ST_ANY_B, ST_ANY_C, ACCESS_xxx_xxx, \
498 0, 0, NULL, 0, 0, NULL }
524 int ( *routingFunction )(
const int objectHandle,
const long arg );
534 #define MKACL_S_ALT( attribute, subTypeA, subTypeB, subTypeC, access, routing, range ) \
535 { attribute, ATTRIBUTE_VALUE_STRING, subTypeA, subTypeB, subTypeC, access, \
536 0, routing, range, NULL }
538 #define MKACL_S_ALT( attribute, subTypeA, subTypeB, subTypeC, access, routing, range ) \
539 { ATTRIBUTE_VALUE_STRING, subTypeA, subTypeB, subTypeC, access, 0, \
540 routing, range, NULL, attribute }
588 specificKeysetSubTypeC;
598 #define MK_KEYACL( itemType, keysetRWDSubType, keysetFNQSubType, \
599 objectSubType, keyIDs, flags, idUseFlags, pwUseFlags ) \
600 { itemType, ST_NONE, keysetRWDSubType, ST_NONE, \
601 ST_NONE, keysetRWDSubType, ST_NONE, \
602 ST_NONE, keysetRWDSubType, ST_NONE, \
603 ST_NONE, keysetFNQSubType, ST_NONE, \
604 ST_NONE, keysetFNQSubType, ST_NONE, \
605 objectSubType, ST_NONE, ST_NONE, \
606 keyIDs, flags, idUseFlags, pwUseFlags, \
607 ST_NONE, ST_NONE, ST_NONE, ST_NONE, ST_NONE, ST_NONE }
608 #define MK_KEYACL_RWD( itemType, keysetR_SubType, keysetW_SubType, keysetD_SubType, \
609 keysetFN_SubType, keysetQ_SubType, objectSubType, keyIDs, \
610 flags, idUseFlags, pwUseFlags ) \
611 { itemType, ST_NONE, keysetR_SubType, ST_NONE, \
612 ST_NONE, keysetW_SubType, ST_NONE, \
613 ST_NONE, keysetD_SubType, ST_NONE, \
614 ST_NONE, keysetFN_SubType, ST_NONE, \
615 ST_NONE, keysetQ_SubType, ST_NONE, \
616 objectSubType, ST_NONE, ST_NONE, \
617 keyIDs, flags, idUseFlags, pwUseFlags, \
618 ST_NONE, ST_NONE, ST_NONE, ST_NONE, ST_NONE, ST_NONE }
619 #define MK_KEYACL_EX( itemType, keysetR_SubType, keysetW_SubType, keysetD_SubType, \
620 keysetFN_SubType, keysetQ_SubType, objectSubType, keyIDs, \
621 flags, idUseFlags, pwUseFlags, specificKeysetType, \
622 specificObjectType ) \
623 { itemType, ST_NONE, keysetR_SubType, ST_NONE, \
624 ST_NONE, keysetW_SubType, ST_NONE, \
625 ST_NONE, keysetD_SubType, ST_NONE, \
626 ST_NONE, keysetFN_SubType, ST_NONE, \
627 ST_NONE, keysetQ_SubType, ST_NONE, \
628 objectSubType, ST_NONE, ST_NONE, \
629 keyIDs, flags, idUseFlags, pwUseFlags, \
630 ST_NONE, specificKeysetType, ST_NONE, \
631 specificObjectType, ST_NONE, ST_NONE }
670 { PARAM_VALUE_BOOLEAN, 0, 0, 0, 0, 0, 0 }
671 #define MKACP_N( min, max ) \
672 { PARAM_VALUE_NUMERIC, min, max, 0, 0, 0, 0 }
673 #define MKACP_S( minLen, maxLen ) \
674 { PARAM_VALUE_STRING, minLen, maxLen, 0, 0, 0, 0 }
675 #define MKACP_S_OPT( minLen, maxLen ) \
676 { PARAM_VALUE_STRING_OPT, minLen, maxLen, 0, 0, 0, 0 }
677 #define MKACP_S_NONE() \
678 { PARAM_VALUE_STRING_NONE, 0, 0, 0, 0, 0, 0 }
679 #define MKACP_O( subTypeA, flags ) \
680 { PARAM_VALUE_OBJECT, 0, 0, subTypeA, ST_NONE, ST_NONE, flags }
681 #define MKACP_UNUSED() \
682 { PARAM_VALUE_UNUSED, 0, 0, 0, 0, 0, 0 }
686 #define MKACP_END() \
687 { PARAM_VALUE_NONE, 0, 0, 0, 0, 0 }
692 #define paramInfo( parentACL, paramNo ) parentACL->paramACL[ paramNo ]
696 #define objectST( objectHandle ) objectTable[ objectHandle ].subType
700 #define checkParamNumeric( paramACL, value ) \
701 ( ( paramACL.valueType == PARAM_VALUE_UNUSED && \
702 value == CRYPT_UNUSED ) || \
703 ( paramACL.valueType == PARAM_VALUE_BOOLEAN && \
704 ( value == TRUE || value == FALSE ) ) || \
705 ( paramACL.valueType == PARAM_VALUE_NUMERIC && \
706 ( value >= paramACL.lowRange && value <= paramACL.highRange ) ) )
708 #define checkParamString( paramACL, data, dataLen ) \
709 ( ( ( paramACL.valueType == PARAM_VALUE_STRING_NONE || \
710 paramACL.valueType == PARAM_VALUE_STRING_OPT ) && \
711 data == NULL && dataLen == 0 ) || \
712 ( ( paramACL.valueType == PARAM_VALUE_STRING || \
713 paramACL.valueType == PARAM_VALUE_STRING_OPT ) && \
714 ( dataLen >= paramACL.lowRange && \
715 dataLen <= paramACL.highRange ) && \
716 isReadPtr( data, dataLen ) ) )
718 #define checkParamObject( paramACL, objectHandle ) \
719 ( ( paramACL.valueType == PARAM_VALUE_UNUSED && \
720 objectHandle == CRYPT_UNUSED ) || \
721 ( paramACL.valueType == PARAM_VALUE_OBJECT && \
722 ( ( paramACL.subTypeA & objectST( objectHandle ) ) == \
723 objectST( objectHandle ) || \
724 ( paramACL.subTypeB & objectST( objectHandle ) ) == \
725 objectST( objectHandle ) || \
726 ( paramACL.subTypeC & objectST( objectHandle ) ) == \
727 objectST( objectHandle ) ) && \
728 checkObjectState( paramACL.flags, objectHandle ) ) )
793 #define MK_CMPACL_S( objSTA, lowRange, highRange ) \
794 { objSTA, ST_NONE, ST_NONE, ACL_FLAG_HIGH_STATE }, \
795 { MKACP_S( lowRange, highRange ) }
796 #define MK_CMPACL_O( objSTA, pObjSTA ) \
797 { objSTA, ST_NONE, ST_NONE, ACL_FLAG_HIGH_STATE }, \
798 { MKACP_O( pObjSTA, ACL_FLAG_HIGH_STATE ) }
799 #define MK_CMPACL_END() \
800 { ST_NONE, ST_NONE, ST_NONE, ACL_FLAG_NONE }, \
835 #define MK_CHKACL( action, objSTA ) \
836 action, { objSTA, ST_NONE, ST_NONE, ACL_FLAG_HIGH_STATE }, NULL
837 #define MK_CHKACL_EX( action, objSTA, objSTB, flags ) \
838 action, { objSTA, objSTB, ST_NONE, flags }
839 #define MK_CHKACL_EXT( action, objSTA, extACL ) \
840 action, { objSTA, ST_NONE, ST_NONE, ACL_FLAG_HIGH_STATE }, extACL
841 #define MK_CHKACL_END() \
842 MESSAGE_NONE, { ST_NONE, ST_NONE, ST_NONE, ACL_FLAG_NONE }
844 #define MK_CHKACL_ALT( depObj, depObjSTA, fdCheck ) \
845 depObj, { depObjSTA, ST_NONE, ST_NONE, ACL_FLAG_HIGH_STATE }, fdCheck
846 #define MK_CHKACL_ALT_END() \
848 OBJECT_TYPE_NONE, { ST_NONE, ST_NONE, ST_NONE, ACL_FLAG_NONE }, MESSAGE_NONE,
863 #define MK_DEPACL( objType, objSTA, objSTB, objSTC, dObjType, dObjSTA, dObjSTB, dObjSTC ) \
864 { objType, objSTA, objSTB, objSTC, dObjType, dObjSTA, dObjSTB, dObjSTC, DEP_FLAG_NONE }
865 #define MK_DEPACL_EX( objType, objSTA, objSTB, objSTC, dObjType, dObjSTA, dObjSTB, dObjSTC, flags ) \
866 { objType, objSTA, objSTB, objSTC, dObjType, dObjSTA, dObjSTB, dObjSTC, flags }
867 #define MK_DEPACL_END() \
868 { OBJECT_TYPE_NONE, 0, 0, 0, OBJECT_TYPE_NONE, 0, 0, 0, DEP_FLAG_NONE }
872 #define DEP_FLAG_NONE 0x00
873 #define DEP_FLAG_UPDATEDEP 0x01