93 { CRYPT_CERTINFO_FIRST_EXTENSION, CRYPT_CERTINFO_LAST_EXTENSION },
118 { CRYPT_CERTINFO_FIRST_EXTENSION, CRYPT_CERTINFO_LAST_EXTENSION },
119 { CRYPT_CERTINFO_FIRST_GENERALNAME, CRYPT_CERTINFO_LAST_GENERALNAME },
120 { CRYPT_CERTINFO_FIRST_DN, CRYPT_CERTINFO_LAST_DN },
263 subACL_AttributeCurrentGroup ),
270 subACL_AttributeCurrent ),
277 subACL_AttributeCurrentInstance ),
298 static const int FAR_BSS allowedLDAPObjectTypes[] = {
407 RANGE( 1, 20 * 365 ) ),
481 RANGE( 2, MAX_PATH_LENGTH ) ),
487 RANGE( 2, MAX_PATH_LENGTH ) ),
493 RANGE( 2, MAX_PATH_LENGTH ) ),
499 RANGE( 2, MAX_PATH_LENGTH ) ),
505 RANGE( 2, MAX_PATH_LENGTH ) ),
585 static const int FAR_BSS allowedPKCKeysizes[] = {
588 static const int FAR_BSS allowedKeyingAlgos[] = {
680 subACL_CtxinfoBlocksize ),
766 subACL_CtxinfoPersistent ),
776 static const int FAR_BSS allowedIPAddressSizes[] = \
781 #ifdef USE_CMSATTR_OBSCURE
785 #ifdef USE_COMPRESSION
791 #ifdef USE_CMSATTR_OBSCURE
852 subACL_CertinfoFingerprintSHA ),
1309 RANGE( 1, 500000 ) ),
1315 RANGE( 1, 500000 ) ),
1321 RANGE( 1, 500000 ) ),
3166 subACL_EnvinfoContentType ),
3172 subACL_EnvinfoDetachedSig ),
3188 subACL_EnvinfoIntegrity ),
3205 subACL_EnvinfoSignature ),
3211 subACL_EnvinfoSignatureExtraData ),
3254 subACL_EnvinfoTimestamp ),
3284 static const int FAR_BSS allowedAuthResponses[] = \
3569 subACL_SessinfoActive ),
3581 subACL_SessinfoUsername ),
3587 subACL_SessinfoPassword ),
3595 subACL_SessinfoPrivatekey ),
3603 subACL_SessinfoKeyset ),
3628 subACL_SessinfoFingerprint ),
3650 subACL_SessinfoSession ),
3664 subACL_SessinfoVersion ),
3673 subACL_SessinfoRequest ),
3681 subACL_SessinfoResponse ),
3693 subACL_SessinfoRequesttype ),
3706 subACL_SessinfoSSHChannel ),
3712 subACL_SessinfoSSHChannelType ),
3718 subACL_SessinfoSSHChannelArg1 ),
3793 static const int FAR_BSS allowedObjectStatusValues[] = {
3798 CRYPT_IATTRIBUTE_SUBJECT,
3803 CRYPT_IATTRIBUTE_SUBJECT,
3814 CRYPT_IATTRIBUTE_TYPE,
3819 CRYPT_IATTRIBUTE_SUBTYPE,
3831 CRYPT_IATTRIBUTE_INTERNAL,
3836 CRYPT_IATTRIBUTE_ACTIONPERMS,
3841 CRYPT_IATTRIBUTE_LOCKED,
3846 CRYPT_IATTRIBUTE_INITIALISED,
3853 CRYPT_IATTRIBUTE_KEYSIZE,
3858 CRYPT_IATTRIBUTE_KEYFEATURES,
3863 CRYPT_IATTRIBUTE_KEYID,
3868 CRYPT_IATTRIBUTE_KEYID_PGP2,
3878 CRYPT_IATTRIBUTE_KEYID_OPENPGP,
3882 #if !( defined( USE_ECDH ) || defined( USE_ECDSA ) )
3888 CRYPT_IATTRIBUTE_KEY_SPKI,
3897 CRYPT_IATTRIBUTE_KEY_SPKI,
3903 CRYPT_IATTRIBUTE_KEY_PGP,
3907 #if !( defined( USE_ECDH ) || defined( USE_ECDSA ) )
3909 CRYPT_IATTRIBUTE_KEY_SSH,
3915 CRYPT_IATTRIBUTE_KEY_SSH,
3921 CRYPT_IATTRIBUTE_KEY_SSH1,
3925 #if !( defined( USE_ECDH ) || defined( USE_ECDSA ) )
3927 CRYPT_IATTRIBUTE_KEY_SSL,
3933 CRYPT_IATTRIBUTE_KEY_SSL,
3938 #if !( defined( USE_ECDH ) || defined( USE_ECDSA ) )
3946 CRYPT_IATTRIBUTE_KEY_SPKI_PARTIAL,
3952 CRYPT_IATTRIBUTE_KEY_SPKI_PARTIAL,
3958 CRYPT_IATTRIBUTE_KEY_PGP_PARTIAL,
3968 CRYPT_IATTRIBUTE_PGPVALIDITY,
3973 CRYPT_IATTRIBUTE_DEVICEOBJECT,
3978 CRYPT_IATTRIBUTE_DEVICESTORAGEID,
3987 CRYPT_IATTRIBUTE_EXISTINGLABEL,
3992 CRYPT_IATTRIBUTE_ENCPARAMS,
3997 CRYPT_IATTRIBUTE_MACPARAMS,
4002 CRYPT_IATTRIBUTE_AAD,
4008 CRYPT_IATTRIBUTE_ICV,
4021 CRYPT_IATTRIBUTE_SUBJECT,
4027 CRYPT_IATTRIBUTE_ISSUER,
4032 CRYPT_IATTRIBUTE_ISSUERANDSERIALNUMBER,
4037 CRYPT_IATTRIBUTE_HOLDERNAME,
4043 CRYPT_IATTRIBUTE_HOLDERURI,
4056 CRYPT_IATTRIBUTE_SPKI,
4061 CRYPT_IATTRIBUTE_CERTKEYALGO,
4070 CRYPT_IATTRIBUTE_CERTHASHALGO,
4082 CRYPT_IATTRIBUTE_CERTCOLLECTION,
4087 CRYPT_IATTRIBUTE_CRLENTRY,
4092 CRYPT_IATTRIBUTE_RESPONDERURL,
4097 CRYPT_IATTRIBUTE_RTCSREQUEST,
4102 CRYPT_IATTRIBUTE_OCSPREQUEST,
4113 CRYPT_IATTRIBUTE_REVREQUEST,
4118 CRYPT_IATTRIBUTE_PKIUSERINFO,
4123 CRYPT_IATTRIBUTE_BLOCKEDATTRS,
4128 CRYPT_IATTRIBUTE_AUTHCERTID,
4133 CRYPT_IATTRIBUTE_ESSCERTID,
4140 CRYPT_IATTRIBUTE_CERTCOPY,
4145 CRYPT_IATTRIBUTE_CERTCOPY_DATAONLY,
4152 CRYPT_IATTRIBUTE_ENTROPY,
4157 CRYPT_IATTRIBUTE_ENTROPY_QUALITY,
4162 CRYPT_IATTRIBUTE_RANDOM_POLL,
4173 CRYPT_IATTRIBUTE_RANDOM_LOPICKET,
4178 CRYPT_IATTRIBUTE_RANDOM,
4183 CRYPT_IATTRIBUTE_RANDOM_NZ,
4188 CRYPT_IATTRIBUTE_RANDOM_HIPICKET,
4193 CRYPT_IATTRIBUTE_RANDOM_NONCE,
4198 CRYPT_IATTRIBUTE_TIME,
4205 CRYPT_IATTRIBUTE_INCLUDESIGCERT,
4210 CRYPT_IATTRIBUTE_ATTRONLY,
4217 CRYPT_IATTRIBUTE_CONFIGDATA,
4222 CRYPT_IATTRIBUTE_USERINDEX,
4227 CRYPT_IATTRIBUTE_USERID,
4232 CRYPT_IATTRIBUTE_USERINFO,
4237 CRYPT_IATTRIBUTE_TRUSTEDCERT,
4242 CRYPT_IATTRIBUTE_TRUSTEDCERT_NEXT,
4247 CRYPT_IATTRIBUTE_HWSTORAGE,
4254 CRYPT_IATTRIBUTE_ENC_TIMESTAMP,
4261 CRYPT_IATTRUBUTE_CERTKEYSET,
4266 CRYPT_IATTRIBUTE_CTL,
4298 if( rangeVal == NULL )
4300 for( i = 0; i < 10; i++ )
4313 getSpecialRangeInfo( attributeACL );
4316 if( rangeVal == NULL )
4318 for( i = 0; i < 10; i++ )
4330 if( !( rangeVal->
lowRange >= 0 && \
4350 #define ACCESS_RWx_xxx 0x6060
4363 attribute < CRYPT_IATTRIBUTE_LAST );
4373 if( attributeACL->
attribute != attribute )
4405 if( !specialRangeConsistent( attributeACL ) )
4412 if( !( attributeACL->
lowRange < 0 && \
4419 if( !( attributeACL->
lowRange >= 0 && \
4435 if( !specialRangeConsistent( attributeACL ) )
4444 if( attributeACL->
lowRange < 0 || \
4455 if( attributeACL->
lowRange < 0 || \
4462 if( attributeACL->
lowRange != 0 || \
4469 if( attributeACL->
lowRange != 0 || \
4478 int access = attributeACL->
access;
4479 int subTypes = attributeACL->
subTypeA | \
4480 attributeACL->subTypeB | \
4481 attributeACL->subTypeC;
4494 attributeACLPtr++, iterationCount++ )
4496 if( !aclConsistent( attributeACLPtr,
4507 ENSURES_B( iterationCount < FAILSAFE_ITERATIONS_MED );
4515 attributeACLPtr++, iterationCount++ )
4517 subTypes &= ~( attributeACLPtr->
subTypeA | \
4518 attributeACLPtr->subTypeB | \
4519 attributeACLPtr->subTypeC );
4520 access &= ~attributeACLPtr->
access;
4522 ENSURES_B( iterationCount < FAILSAFE_ITERATIONS_MED );
4523 if( subTypes != 0 || access != 0 )
4548 static_assert( CRYPT_CERTINFO_FIRST_CERTINFO == 2001,
"Attribute value" );
4549 static_assert( CRYPT_CERTINFO_LAST_CERTINFO == 2033,
"Attribute value" );
4550 static_assert( CRYPT_CERTINFO_FIRST_PSEUDOINFO == 2001,
"Attribute value" );
4551 static_assert( CRYPT_CERTINFO_LAST_PSEUDOINFO == 2012,
"Attribute value" );
4552 static_assert( CRYPT_CERTINFO_FIRST_NAME == 2100,
"Attribute value" );
4553 static_assert( CRYPT_CERTINFO_LAST_NAME == 2115,
"Attribute value" );
4554 static_assert( CRYPT_CERTINFO_FIRST_DN == 2100,
"Attribute value" );
4555 static_assert( CRYPT_CERTINFO_LAST_DN == 2105,
"Attribute value" );
4556 static_assert( CRYPT_CERTINFO_FIRST_GENERALNAME == 2106,
"Attribute value" );
4557 static_assert( CRYPT_CERTINFO_LAST_GENERALNAME == 2115,
"Attribute value" );
4558 static_assert( CRYPT_CERTINFO_FIRST_EXTENSION == 2200,
"Attribute value" );
4559 static_assert( CRYPT_CERTINFO_FIRST_CMS == 2500,
"Attribute value" );
4560 static_assert( CRYPT_SESSINFO_FIRST_SPECIFIC == 6016,
"Attribute value" );
4561 static_assert( CRYPT_SESSINFO_LAST_SPECIFIC == 6027,
"Attribute value" );
4574 DEBUG_DIAG((
"Property ACLs inconsistent" ));
4638 if( optionACL[ i ].subTypeA !=
ST_NONE || \
4643 DEBUG_DIAG((
"Encryption property ACLs inconsistent" ));
4652 optionACL[ i ].subTypeB ==
ST_NONE );
4656 if( optionACL[ i ].subTypeA !=
ST_NONE || \
4657 optionACL[ i ].subTypeB !=
ST_NONE || \
4660 DEBUG_DIAG((
"Networking property ACLs inconsistent" ));
4689 for( i = 0; i < CRYPT_CERTINFO_LAST_CERTINFO - CRYPT_CERTINFO_FIRST_CERTINFO && \
4692 if( !aclConsistent( &certificateACL[ i ],
4693 i + CRYPT_CERTINFO_FIRST_CERTINFO,
4696 DEBUG_DIAG((
"Certificate ACLs inconsistent" ));
4702 ENSURES( certificateACL[ CRYPT_CERTINFO_LAST_CERTINFO - \
4703 CRYPT_CERTINFO_FIRST_CERTINFO + 1 ].attribute ==
CRYPT_ERROR );
4705 for( i = 0; i < CRYPT_CERTINFO_LAST_NAME - CRYPT_CERTINFO_FIRST_NAME && \
4708 if( !aclConsistent( &certNameACL[ i ], i + CRYPT_CERTINFO_FIRST_NAME,
4711 DEBUG_DIAG((
"Certificate name ACLs inconsistent" ));
4714 #ifdef USE_CERTIFICATES
4725 ENSURES( certNameACL[ CRYPT_CERTINFO_LAST_NAME - \
4726 CRYPT_CERTINFO_FIRST_NAME + 1 ].attribute ==
CRYPT_ERROR );
4728 for( i = 0; i < CRYPT_CERTINFO_LAST_EXTENSION - CRYPT_CERTINFO_FIRST_EXTENSION && \
4731 if( !aclConsistent( &certExtensionACL[ i ],
4732 i + CRYPT_CERTINFO_FIRST_EXTENSION,
4735 DEBUG_DIAG((
"Certificate extension ACLs inconsistent" ));
4738 #ifndef USE_CERTIFICATES
4745 DEBUG_DIAG((
"Certificate extension ACLs inconsistent" ));
4751 ENSURES( certExtensionACL[ CRYPT_CERTINFO_LAST_EXTENSION - \
4752 CRYPT_CERTINFO_FIRST_EXTENSION + 1 ].attribute ==
CRYPT_ERROR );
4754 for( i = 0; i < CRYPT_CERTINFO_LAST_CMS - CRYPT_CERTINFO_FIRST_CMS && \
4757 if( !aclConsistent( &certSmimeACL[ i ], i + CRYPT_CERTINFO_FIRST_CMS,
4760 DEBUG_DIAG((
"CMS attribute ACLs inconsistent" ));
4769 DEBUG_DIAG((
"CMS attribute ACLs inconsistent" ));
4777 DEBUG_DIAG((
"CMS attribute ACLs inconsistent" ));
4782 #ifndef USE_CERTIFICATES
4787 if( ( certSmimeACL[ i ].access & ACCESS_RWD_xxx ) !=
ACCESS_Rxx_xxx )
4789 DEBUG_DIAG((
"CMS attribute ACLs inconsistent" ));
4795 ENSURES( certSmimeACL[ CRYPT_CERTINFO_LAST_CMS - \
4796 CRYPT_CERTINFO_FIRST_CMS + 1 ].attribute ==
CRYPT_ERROR );
4845 DEBUG_DIAG((
"Envelope ACLs inconsistent" ));
4848 #ifndef USE_ENVELOPES
4868 #ifndef USE_SESSIONS
4896 for( i = 0; i < CRYPT_IATTRIBUTE_LAST - CRYPT_IATTRIBUTE_FIRST - 1 && \
4899 if( !aclConsistent( &internalACL[ i ],
4900 i + CRYPT_IATTRIBUTE_FIRST + 1,
4903 DEBUG_DIAG((
"Internal ACLs inconsistent" ));
4910 ENSURES( internalACL[ CRYPT_IATTRIBUTE_LAST - \
4911 CRYPT_IATTRIBUTE_FIRST - 1 ].attribute ==
CRYPT_ERROR );
4991 if( attribute < CRYPT_CERTINFO_FIRST_EXTENSION )
4993 if( attribute >= CRYPT_CERTINFO_FIRST_CERTINFO && \
4994 attribute <= CRYPT_CERTINFO_LAST_CERTINFO )
4996 assert( certificateACL[ attribute - CRYPT_CERTINFO_FIRST_CERTINFO ].attribute == attribute );
4997 return( &certificateACL[ attribute - CRYPT_CERTINFO_FIRST_CERTINFO ] );
4999 if( attribute >= CRYPT_CERTINFO_FIRST_NAME && \
5000 attribute <= CRYPT_CERTINFO_LAST_NAME )
5002 assert( certNameACL[ attribute - CRYPT_CERTINFO_FIRST_NAME ].attribute == attribute );
5003 return( &certNameACL[ attribute - CRYPT_CERTINFO_FIRST_NAME ] );
5008 if( attribute >= CRYPT_CERTINFO_FIRST_EXTENSION && \
5009 attribute <= CRYPT_CERTINFO_LAST_EXTENSION )
5011 assert( certExtensionACL[ attribute - CRYPT_CERTINFO_FIRST_EXTENSION ].attribute == attribute );
5012 return( &certExtensionACL[ attribute - CRYPT_CERTINFO_FIRST_EXTENSION ] );
5014 if( attribute >= CRYPT_CERTINFO_FIRST_CMS && \
5015 attribute <= CRYPT_CERTINFO_LAST_CMS )
5017 assert( certSmimeACL[ attribute - CRYPT_CERTINFO_FIRST_CMS ].attribute == attribute );
5018 return( &certSmimeACL[ attribute - CRYPT_CERTINFO_FIRST_CMS ] );
5063 if( !isInternalMessage )
5065 if( attribute > CRYPT_IATTRIBUTE_FIRST && \
5066 attribute < CRYPT_IATTRIBUTE_LAST )
5068 assert( internalACL[ attribute - CRYPT_IATTRIBUTE_FIRST - 1 ].attribute == attribute );
5069 return( &internalACL[ attribute - CRYPT_IATTRIBUTE_FIRST - 1 ] );