[thirdparty/openssl.git] / crypto / x509 / pcy_local.h

/*
 * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

typedef struct X509_POLICY_DATA_st X509_POLICY_DATA;

DEFINE_STACK_OF(X509_POLICY_DATA)

/* Internal structures */

/*
 * This structure and the field names correspond to the Policy 'node' of
 * RFC3280. NB this structure contains no pointers to parent or child data:
 * X509_POLICY_NODE contains that. This means that the main policy data can
 * be kept static and cached with the certificate.
 */

struct X509_POLICY_DATA_st {
    unsigned int flags;
    /* Policy OID and qualifiers for this data */
    ASN1_OBJECT *valid_policy;
    STACK_OF(POLICYQUALINFO) *qualifier_set;
    STACK_OF(ASN1_OBJECT) *expected_policy_set;
};

/* X509_POLICY_DATA flags values */

/*
 * This flag indicates the structure has been mapped using a policy mapping
 * extension. If policy mapping is not active its references get deleted.
 */

#define POLICY_DATA_FLAG_MAPPED                 0x1

/*
 * This flag indicates the data doesn't correspond to a policy in Certificate
 * Policies: it has been mapped to any policy.
 */

#define POLICY_DATA_FLAG_MAPPED_ANY             0x2

/* AND with flags to see if any mapping has occurred */

#define POLICY_DATA_FLAG_MAP_MASK               0x3

/* qualifiers are shared and shouldn't be freed */

#define POLICY_DATA_FLAG_SHARED_QUALIFIERS      0x4

/* Parent node is an extra node and should be freed */

#define POLICY_DATA_FLAG_EXTRA_NODE             0x8

/* Corresponding CertificatePolicies is critical */

#define POLICY_DATA_FLAG_CRITICAL               0x10

/* This structure is cached with a certificate */

struct X509_POLICY_CACHE_st {
    /* anyPolicy data or NULL if no anyPolicy */
    X509_POLICY_DATA *anyPolicy;
    /* other policy data */
    STACK_OF(X509_POLICY_DATA) *data;
    /* If InhibitAnyPolicy present this is its value or -1 if absent. */
    long any_skip;
    /*
     * If policyConstraints and requireExplicitPolicy present this is its
     * value or -1 if absent.
     */
    long explicit_skip;
    /*
     * If policyConstraints and policyMapping present this is its value or -1
     * if absent.
     */
    long map_skip;
};

/*
 * #define POLICY_CACHE_FLAG_CRITICAL POLICY_DATA_FLAG_CRITICAL
 */

/* This structure represents the relationship between nodes */

struct X509_POLICY_NODE_st {
    /* node data this refers to */
    const X509_POLICY_DATA *data;
    /* Parent node */
    X509_POLICY_NODE *parent;
    /* Number of child nodes */
    int nchild;
};

struct X509_POLICY_LEVEL_st {
    /* Cert for this level */
    X509 *cert;
    /* nodes at this level */
    STACK_OF(X509_POLICY_NODE) *nodes;
    /* anyPolicy node */
    X509_POLICY_NODE *anyPolicy;
    /* Extra data */
    /*
     * STACK_OF(X509_POLICY_DATA) *extra_data;
     */
    unsigned int flags;
};

struct X509_POLICY_TREE_st {
    /* This is the tree 'level' data */
    X509_POLICY_LEVEL *levels;
    int nlevel;
    /*
     * Extra policy data when additional nodes (not from the certificate) are
     * required.
     */
    STACK_OF(X509_POLICY_DATA) *extra_data;
    /* This is the authority constrained policy set */
    STACK_OF(X509_POLICY_NODE) *auth_policies;
    STACK_OF(X509_POLICY_NODE) *user_policies;
    unsigned int flags;
};

/* Set if anyPolicy present in user policies */
#define POLICY_FLAG_ANY_POLICY          0x2

/* Useful macros */

#define node_data_critical(data) (data->flags & POLICY_DATA_FLAG_CRITICAL)
#define node_critical(node) node_data_critical(node->data)

/* Internal functions */

X509_POLICY_DATA *ossl_policy_data_new(POLICYINFO *policy, const ASN1_OBJECT *id,
                                       int crit);
void ossl_policy_data_free(X509_POLICY_DATA *data);

X509_POLICY_DATA *ossl_policy_cache_find_data(const X509_POLICY_CACHE *cache,
                                              const ASN1_OBJECT *id);
int ossl_policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps);

STACK_OF(X509_POLICY_NODE) *ossl_policy_node_cmp_new(void);

void ossl_policy_cache_free(X509_POLICY_CACHE *cache);

X509_POLICY_NODE *ossl_policy_level_find_node(const X509_POLICY_LEVEL *level,
                                              const X509_POLICY_NODE *parent,
                                              const ASN1_OBJECT *id);

X509_POLICY_NODE *ossl_policy_tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk,
                                           const ASN1_OBJECT *id);

X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
                                             X509_POLICY_DATA *data,
                                             X509_POLICY_NODE *parent,
                                             X509_POLICY_TREE *tree);
void ossl_policy_node_free(X509_POLICY_NODE *node);
int ossl_policy_node_match(const X509_POLICY_LEVEL *lvl,
                           const X509_POLICY_NODE *node, const ASN1_OBJECT *oid);

const X509_POLICY_CACHE *ossl_policy_cache_set(X509 *x);
Commit	Line	Data
0f113f3e	1	/*
3c2bdd7d	2	* Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved.
4acc3e90	3	*
4286ca47	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
d2e9e320 RS	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
4acc3e90 DSH	8	*/
4acc3e90 DSH	9
4acc3e90	10	typedef struct X509_POLICY_DATA_st X509_POLICY_DATA;
4acc3e90	11
85885715	12	DEFINE_STACK_OF(X509_POLICY_DATA)
3c07d3a3	13
4acc3e90 DSH	14	/* Internal structures */
4acc3e90 DSH	15
0f113f3e MC	16	/*
	17	* This structure and the field names correspond to the Policy 'node' of
	18	* RFC3280. NB this structure contains no pointers to parent or child data:
	19	* X509_POLICY_NODE contains that. This means that the main policy data can
	20	* be kept static and cached with the certificate.
4acc3e90 DSH	21	*/
4acc3e90 DSH	22
0f113f3e MC	23	struct X509_POLICY_DATA_st {
	24	unsigned int flags;
	25	/* Policy OID and qualifiers for this data */
	26	ASN1_OBJECT *valid_policy;
	27	STACK_OF(POLICYQUALINFO) *qualifier_set;
	28	STACK_OF(ASN1_OBJECT) *expected_policy_set;
	29	};
4acc3e90 DSH	30
	31	/* X509_POLICY_DATA flags values */
	32
0f113f3e MC	33	/*
	34	* This flag indicates the structure has been mapped using a policy mapping
	35	* extension. If policy mapping is not active its references get deleted.
4acc3e90 DSH	36	*/
4acc3e90 DSH	37
0f113f3e	38	#define POLICY_DATA_FLAG_MAPPED 0x1
4acc3e90	39
0f113f3e MC	40	/*
0f113f3e MC	41	* This flag indicates the data doesn't correspond to a policy in Certificate
4acc3e90 DSH	42	* Policies: it has been mapped to any policy.
	43	*/
	44
0f113f3e	45	#define POLICY_DATA_FLAG_MAPPED_ANY 0x2
4acc3e90 DSH	46
	47	/* AND with flags to see if any mapping has occurred */
	48
0f113f3e	49	#define POLICY_DATA_FLAG_MAP_MASK 0x3
4acc3e90 DSH	50
	51	/* qualifiers are shared and shouldn't be freed */
	52
0f113f3e	53	#define POLICY_DATA_FLAG_SHARED_QUALIFIERS 0x4
4acc3e90 DSH	54
	55	/* Parent node is an extra node and should be freed */
	56
0f113f3e	57	#define POLICY_DATA_FLAG_EXTRA_NODE 0x8
4acc3e90 DSH	58
	59	/* Corresponding CertificatePolicies is critical */
	60
0f113f3e	61	#define POLICY_DATA_FLAG_CRITICAL 0x10
4acc3e90	62
4acc3e90 DSH	63	/* This structure is cached with a certificate */
	64
	65	struct X509_POLICY_CACHE_st {
0f113f3e MC	66	/* anyPolicy data or NULL if no anyPolicy */
	67	X509_POLICY_DATA *anyPolicy;
	68	/* other policy data */
	69	STACK_OF(X509_POLICY_DATA) *data;
	70	/* If InhibitAnyPolicy present this is its value or -1 if absent. */
	71	long any_skip;
	72	/*
	73	* If policyConstraints and requireExplicitPolicy present this is its
	74	* value or -1 if absent.
	75	*/
	76	long explicit_skip;
	77	/*
	78	* If policyConstraints and policyMapping present this is its value or -1
	79	* if absent.
	80	*/
	81	long map_skip;
	82	};
	83
	84	/*
	85	* #define POLICY_CACHE_FLAG_CRITICAL POLICY_DATA_FLAG_CRITICAL
	86	*/
4acc3e90 DSH	87
	88	/* This structure represents the relationship between nodes */
	89
0f113f3e MC	90	struct X509_POLICY_NODE_st {
	91	/* node data this refers to */
	92	const X509_POLICY_DATA *data;
	93	/* Parent node */
	94	X509_POLICY_NODE *parent;
	95	/* Number of child nodes */
	96	int nchild;
	97	};
	98
	99	struct X509_POLICY_LEVEL_st {
	100	/* Cert for this level */
	101	X509 *cert;
	102	/* nodes at this level */
	103	STACK_OF(X509_POLICY_NODE) *nodes;
	104	/* anyPolicy node */
	105	X509_POLICY_NODE *anyPolicy;
	106	/* Extra data */
	107	/*
	108	* STACK_OF(X509_POLICY_DATA) *extra_data;
	109	*/
	110	unsigned int flags;
	111	};
	112
	113	struct X509_POLICY_TREE_st {
	114	/* This is the tree 'level' data */
	115	X509_POLICY_LEVEL *levels;
	116	int nlevel;
	117	/*
	118	* Extra policy data when additional nodes (not from the certificate) are
	119	* required.
	120	*/
	121	STACK_OF(X509_POLICY_DATA) *extra_data;
8483a003	122	/* This is the authority constrained policy set */
0f113f3e MC	123	STACK_OF(X509_POLICY_NODE) *auth_policies;
	124	STACK_OF(X509_POLICY_NODE) *user_policies;
	125	unsigned int flags;
	126	};
4acc3e90 DSH	127
4acc3e90 DSH	128	/* Set if anyPolicy present in user policies */
0f113f3e	129	#define POLICY_FLAG_ANY_POLICY 0x2
4acc3e90 DSH	130
	131	/* Useful macros */
	132
ecf13991 DSH	133	#define node_data_critical(data) (data->flags & POLICY_DATA_FLAG_CRITICAL)
ecf13991 DSH	134	#define node_critical(node) node_data_critical(node->data)
4acc3e90 DSH	135
	136	/* Internal functions */
	137
b54cab31 SL	138	X509_POLICY_DATA ossl_policy_data_new(POLICYINFO policy, const ASN1_OBJECT *id,
	139	int crit);
	140	void ossl_policy_data_free(X509_POLICY_DATA *data);
4acc3e90	141
b54cab31 SL	142	X509_POLICY_DATA ossl_policy_cache_find_data(const X509_POLICY_CACHE cache,
	143	const ASN1_OBJECT *id);
	144	int ossl_policy_cache_set_mapping(X509 x, POLICY_MAPPINGS maps);
4acc3e90	145
b54cab31	146	STACK_OF(X509_POLICY_NODE) *ossl_policy_node_cmp_new(void);
4acc3e90	147
b54cab31	148	void ossl_policy_cache_free(X509_POLICY_CACHE *cache);
4acc3e90	149
b54cab31 SL	150	X509_POLICY_NODE ossl_policy_level_find_node(const X509_POLICY_LEVEL level,
	151	const X509_POLICY_NODE *parent,
	152	const ASN1_OBJECT *id);
2d2a5ba3	153
b54cab31 SL	154	X509_POLICY_NODE ossl_policy_tree_find_sk(STACK_OF(X509_POLICY_NODE) sk,
b54cab31 SL	155	const ASN1_OBJECT *id);
4acc3e90	156
b54cab31 SL	157	X509_POLICY_NODE ossl_policy_level_add_node(X509_POLICY_LEVEL level,
	158	X509_POLICY_DATA *data,
	159	X509_POLICY_NODE *parent,
	160	X509_POLICY_TREE *tree);
	161	void ossl_policy_node_free(X509_POLICY_NODE *node);
	162	int ossl_policy_node_match(const X509_POLICY_LEVEL *lvl,
	163	const X509_POLICY_NODE node, const ASN1_OBJECT oid);
4acc3e90	164
b54cab31	165	const X509_POLICY_CACHE ossl_policy_cache_set(X509 x);