acl.h

cryptlib安全工具包

			{ ATTRIBUTE_VALUE_STRING, subTypeA, subTypeB, access, 0, \
			  routing, range, NULL, attribute }
#endif /* !NDEBUG */

/****************************************************************************
*																			*
*								Keyset ACL Definitions						*
*																			*
****************************************************************************/

/* Key management ACL entry */

typedef struct {
	/* The item type */
	const KEYMGMT_ITEM_TYPE itemType;/* Key management item type */

	/* Valid keyset types and access types for this item type.  This is a
	   matrix giving keyset types for which read/write/delete (R/W/D),
	   getFirst/Next (FN), and query (Q) access are valid */
	const OBJECT_SUBTYPE keysetR_subTypeA, keysetR_subTypeB;
	const OBJECT_SUBTYPE keysetW_subTypeA, keysetW_subTypeB;
	const OBJECT_SUBTYPE keysetD_subTypeA, keysetD_subTypeB;
	const OBJECT_SUBTYPE keysetFN_subTypeA, keysetFN_subTypeB;
	const OBJECT_SUBTYPE keysetQ_subTypeA, keysetQ_subTypeB;

	/* Permitted object types, key IDs, and key management flags for this 
	   item type */
	const OBJECT_SUBTYPE objSubTypeA, objSubTypeB;
									/* Permitted object types for item */
	const CRYPT_KEYID_TYPE *allowedKeyIDs;	/* Permitted key IDs */
	const int allowedFlags;			/* Permitted key management flags */

	/* Parameter flags for the mechanism information.  These define which
	   types of optional/mandatory parameters can and can't be present,
	   using an extended form of the ACCESS_xxx flags to indicate whether
	   the parameter is required or not/permitted or not for read, write,
	   and delete messages */
	const int idUseFlags;			/* ID required/not permitted */
	const int pwUseFlags;			/* Password required/not permitted */

	/* In the case of public/private keys the general-purpose ACL entries
	   aren't quite specific enough since some keysets require specific
	   types of certificates while others require generic public-key objects.
	   In the latter case they can have almost any kind of certificate object
	   attached, which doesn't matter when we're interested only in the
	   public key but does matter if we want a specific type of cert.  If we
	   want a specific cert type, we specify the subset of keysets that this
	   applies to and the cert type(s) here */
	const OBJECT_SUBTYPE specificKeysetSubTypeA, specificKeysetSubTypeB;
	const OBJECT_SUBTYPE specificObjSubTypeA, specificObjSubTypeB;
	} KEYMGMT_ACL;

/* Macros to set up key management ACLs.  The basic form treats the RWD and
   FnQ groups as one value, the _RWD form specifies individual RWD and FnQ
   values, and the _EX form adds special-case checking for specific object
   types that must be written to some keyset types */

#define MK_KEYACL( itemType, keysetRWDSubType, keysetFNQSubType, \
				   objectSubType, keyIDs, flags, idUseFlags, pwUseFlags ) \
			{ itemType, keysetRWDSubType, ST_NONE, keysetRWDSubType, ST_NONE, \
			  keysetRWDSubType, ST_NONE, keysetFNQSubType, ST_NONE, \
			  keysetFNQSubType, ST_NONE, objectSubType, ST_NONE, \
			  keyIDs, flags, idUseFlags, pwUseFlags, ST_NONE, ST_NONE }
#define MK_KEYACL_RWD( itemType, keysetR_SubType, keysetW_SubType, keysetD_SubType, \
  					   keysetFN_SubType, keysetQ_SubType, objectSubType, keyIDs, \
					   flags, idUseFlags, pwUseFlags ) \
			{ itemType, keysetR_SubType, ST_NONE, keysetW_SubType, ST_NONE, \
			  keysetD_SubType, ST_NONE, keysetFN_SubType, ST_NONE, \
			  keysetQ_SubType, ST_NONE, objectSubType, ST_NONE, \
			  keyIDs, flags, idUseFlags, pwUseFlags, ST_NONE, ST_NONE }
#define MK_KEYACL_EX( itemType, keysetR_SubType, keysetW_SubType, keysetD_SubType, \
  					  keysetFN_SubType, keysetQ_SubType, objectSubType, keyIDs, \
					  flags, idUseFlags, pwUseFlags, specificKeysetType, \
					  specificObjectType ) \
			{ itemType, keysetR_SubType, ST_NONE, keysetW_SubType, ST_NONE, \
			  keysetD_SubType, ST_NONE, keysetFN_SubType, ST_NONE, \
			  keysetQ_SubType, ST_NONE, objectSubType, ST_NONE, \
			  keyIDs, flags, idUseFlags, pwUseFlags, specificKeysetType, ST_NONE, \
			  specificObjectType, ST_NONE }

/****************************************************************************
*																			*
*							Parameter ACL Definitions						*
*																			*
****************************************************************************/

/* The parameter's type.  The basic values are boolean, numeric, or byte
   string, there are also some special types such as object handles that
   place extra constraints on the attribute */

typedef enum {
	PARAM_VALUE_NONE,				/* Non-value */
	PARAM_VALUE_BOOLEAN,			/* Boolean flag */
	PARAM_VALUE_NUMERIC,			/* Numeric value */
	PARAM_VALUE_STRING,				/* Byte string */
	PARAM_VALUE_STRING_OPT,			/* Byte string or (NULL, 0) */
	PARAM_VALUE_STRING_NONE,		/* Empty (NULL, 0) string */
	PARAM_VALUE_OBJECT,				/* Object handle */
	PARAM_VALUE_UNUSED,				/* CRYPT_UNUSED */
	PARAM_VALUE_LAST				/* Last valid parameter type */
	} PARAM_VALUE_TYPE;

/* Parameter ACL entry, which defines the type and valid values for a
   message parameter.  This ACL type is used as a sub-ACL in a variety of
   other kernel ACLs */

typedef struct {
	const PARAM_VALUE_TYPE valueType;/* Parameter value type */
	const int lowRange, highRange;	/* Min/max value or length */
	const OBJECT_SUBTYPE subTypeA, subTypeB;
									/* Object subtypes for which param.valid */
	const int flags;				/* ACL flags */
	} PARAM_ACL;

/* Macros to set up parameter ACLs */

#define MKACP_B() \
			{ PARAM_VALUE_BOOLEAN, 0, 0, 0, 0, 0 }
#define MKACP_N( min, max ) \
			{ PARAM_VALUE_NUMERIC, min, max, 0, 0, 0 }
#define MKACP_S( minLen, maxLen ) \
			{ PARAM_VALUE_STRING, minLen, maxLen, 0, 0, 0 }
#define MKACP_S_OPT( minLen, maxLen ) \
			{ PARAM_VALUE_STRING_OPT, minLen, maxLen, 0, 0, 0 }
#define MKACP_S_NONE() \
			{ PARAM_VALUE_STRING_NONE, 0, 0, 0, 0, 0 }
#define MKACP_O( subTypeA, flags ) \
			{ PARAM_VALUE_OBJECT, 0, 0, subTypeA, ST_NONE, flags }
#define MKACP_UNUSED() \
			{ PARAM_VALUE_UNUSED, 0, 0, 0, 0, 0 }

/* End-of-mechanism-ACL marker */

#define MKACP_END() \
			{ PARAM_VALUE_NONE, 0, 0, 0, 0 }

/* Macro to access the parameter ACL information for a given parameter in a
   list of parameter ACLs */

#define paramInfo( parentACL, paramNo )		parentACL->paramACL[ paramNo ]

/* Macro to get the subtype of an object */

#define objectST( objectHandle )			objectTable[ objectHandle ].subType

/* Macros to check each parameter against a parameter ACL entry */

#define checkParamNumeric( paramACL, value ) \
		( ( paramACL.valueType == PARAM_VALUE_UNUSED && \
			value == CRYPT_UNUSED ) || \
		  ( paramACL.valueType == PARAM_VALUE_BOOLEAN && \
			( value == TRUE || value == FALSE ) ) || \
		  ( paramACL.valueType == PARAM_VALUE_NUMERIC && \
			( value >= paramACL.lowRange && value <= paramACL.highRange ) ) )

#define checkParamString( paramACL, data, dataLen ) \
		( ( ( paramACL.valueType == PARAM_VALUE_STRING_NONE || \
			  paramACL.valueType == PARAM_VALUE_STRING_OPT ) && \
			data == NULL && dataLen == 0 ) || \
		  ( ( paramACL.valueType == PARAM_VALUE_STRING || \
			  paramACL.valueType == PARAM_VALUE_STRING_OPT ) && \
			( dataLen >= paramACL.lowRange && \
			  dataLen <= paramACL.highRange ) && \
			isReadPtr( data, dataLen ) ) )

#define checkParamObject( paramACL, objectHandle ) \
		( ( paramACL.valueType == PARAM_VALUE_UNUSED && \
			objectHandle == CRYPT_UNUSED ) || \
		  ( paramACL.valueType == PARAM_VALUE_OBJECT && \
			( ( paramACL.subTypeA & objectST( objectHandle ) ) == \
									objectST( objectHandle ) || \
			  ( paramACL.subTypeB & objectST( objectHandle ) ) == \
									objectST( objectHandle ) ) && \
			checkObjectState( paramACL.flags, objectHandle ) ) )

/****************************************************************************
*																			*
*								Misc.ACL Definitions						*
*																			*
****************************************************************************/

/* Object ACL entry for object parameters for messages.  This is used as a
   composite entry in various ACLs that apply to objects */

typedef struct {
	const OBJECT_SUBTYPE subTypeA, subTypeB;
									/* Object subtypes for which attr.valid */
	const int flags;				/* ACL flags */
	} OBJECT_ACL;

/* Message ACL entry */

typedef struct {
	const MESSAGE_TYPE type;		/* Message type */
	const OBJECT_ACL objectACL;		/* Valid objects for message type */
	} MESSAGE_ACL;

/* Mechanism ACL entry */

typedef struct {
	const MECHANISM_TYPE type;		/* Mechanism type */
	const PARAM_ACL paramACL[ 6 ];	/* Parameter ACL information */
	} MECHANISM_ACL;

/* Create-object ACL entry */

typedef struct CRA {
	const OBJECT_TYPE type;			/* Object type */
	const PARAM_ACL paramACL[ 4 ];	/* Parameter ACL information */
	const int exceptions[ 2 ];		/* Subtypes that need special handling */
	const struct CRA *exceptionACL;	/* Special-handling ACL */
	} CREATE_ACL;

/* Cert mgmt.ACL entry.  These have parameters that work similarly to the
   mechanism ACLs, except that only a small subset (objects and unused) are
   used in practice.  In addition some objects require the presence of
   secondary objects (dependent objects for the main object), for example
   a CA's PKC context requires an attached CA certificate.  This is
   specified in the secondary parameter ACL, which mirrors the main
   parameter ACL */

typedef struct {
	const CRYPT_CERTACTION_TYPE action;	/* Cert mgmt.action */
	const int access;				/* Permitted access type */
	const PARAM_ACL paramACL[ 3 ];	/* Parameter ACL information */
	const PARAM_ACL secParamACL[ 3 ];/* Parameter ACL for dep.objects */
	} CERTMGMT_ACL;

/* Compare-message ACL entry */

typedef struct {
	const MESSAGE_COMPARE_TYPE compareType;	/* Compare message type */
	const OBJECT_ACL objectACL;		/* Valid objects for message type */
	const PARAM_ACL paramACL[ 1 ];	/* Parameter ACL information */
	} COMPARE_ACL;

/* Macros to set up compare ACLs */

#define MK_CMPACL_S( objSTA, lowRange, highRange ) \
			{ objSTA, ST_NONE, ACL_FLAG_HIGH_STATE }, \
			{ MKACP_S( lowRange, highRange ) }
#define MK_CMPACL_O( objSTA, pObjSTA ) \
			{ objSTA, ST_NONE, ACL_FLAG_HIGH_STATE }, \
			{ MKACP_O( pObjSTA, ACL_FLAG_HIGH_STATE ) }
#define MK_CMPACL_END() \
			{ ST_NONE, ST_NONE, ACL_FLAG_NONE }, \
			{ MKACP_END() }

/* Check-message ACL entry.  Most checks are for the same capability in a
   single object type (e.g. encryption capability in a PKC context and/or
   cert), for which we check the object type and action corresponding to the
   check.  However, some checks apply to dependent but object pairs but with
   different capabilities (for example a PKC context and a CA certificate).
   In this case the check can be applied to either of the two object types,
   so we allow for a secondary ACL entry for the related object type.  In
   addition once we've applied the check to the primary object, we have to
   forward it to the secondary object, however in order to avoid message
   loops the forwarded check type applies only to the secondary object
   rather than being the same as the one that was applied to the primary
   object */

typedef struct {
	const MESSAGE_CHECK_TYPE checkType;	/* Check message type */
	const MESSAGE_TYPE actionType;	/* Action corresponding to check */
	const OBJECT_ACL objectACL;		/* Valid objects for message type */
	const struct CAA *altACL;		/* Ptr. to alt.ACL */
	} CHECK_ACL;

typedef struct CAA {
	const OBJECT_TYPE object;		/* Object type this entry applies to */
	const MESSAGE_CHECK_TYPE checkType;	/* Check message type */
	const OBJECT_TYPE depObject;	/* Dependent object type */
	const OBJECT_ACL depObjectACL;	/* Valid objects for message type */
	const MESSAGE_CHECK_TYPE fdCheckType; /* Fwded check type for related obj.*/
	} CHECK_ALT_ACL;

/* Macros to set up check ACLs.  For the standard check ACL the first
   parameter, the check type, is supplied explicitly and isn't present in
   the macro */

#define MK_CHKACL( action, objSTA ) \
			action, { objSTA, ST_NONE, ACL_FLAG_HIGH_STATE }, NULL
#define MK_CHKACL_EX( action, objSTA, flags ) \
			action, { objSTA, ST_NONE, flags }
#define MK_CHKACL_EXT( action, objSTA, extACL ) \
			action, { objSTA, ST_NONE, ACL_FLAG_HIGH_STATE }, extACL
#define MK_CHKACL_END() \
			MESSAGE_NONE, { ST_NONE, ST_NONE, ACL_FLAG_NONE }

#define MK_CHKACL_ALT( depObj, depObjSTA, fdCheck ) \
			depObj, { depObjSTA, ST_NONE, ACL_FLAG_HIGH_STATE }, fdCheck
#define MK_CHKACL_ALT_END() \
			MESSAGE_NONE, \
			OBJECT_TYPE_NONE, { ST_NONE, ST_NONE, ACL_FLAG_NONE }, MESSAGE_NONE

/* Object dependency ACL entry, used when making one object dependent on
   another */

typedef struct {
	const OBJECT_TYPE type;			/* Object type and subtype */
	const OBJECT_SUBTYPE subTypeA, subTypeB;
	const OBJECT_TYPE dType;		/* Dependent object type and subtype */
	const OBJECT_SUBTYPE dSubTypeA, dSubTypeB;
	const int flags;				/* Dependency flags */
	} DEPENDENCY_ACL;

/* Macros to set up dependency ACLs */

#define MK_DEPACL( objType, objSTA, objSTB, dObjType, dObjSTA, dObjSTB ) \
			{ objType, objSTA, objSTB, dObjType, dObjSTA, dObjSTB, DEP_FLAG_NONE }
#define MK_DEPACL_EX( objType, objSTA, objSTB, dObjType, dObjSTA, dObjSTB, flags ) \
			{ objType, objSTA, objSTB, dObjType, dObjSTA, dObjSTB, flags }
#define MK_DEPACL_END() \
			{ OBJECT_TYPE_NONE, 0, 0, OBJECT_TYPE_NONE, 0, 0, DEP_FLAG_NONE }

/* Flags for the dependency ACLs */

#define DEP_FLAG_NONE		0x00	/* No dependency flag */
#define DEP_FLAG_MORE		0x01	/* Further ACL entries follow */
#define DEP_FLAG_UPDATEDEP	0x02	/* Update dependent object */

#endif /* _ACL_DEFINED */