sjzd
/
SLVService
5
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
temp
main
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'main'
${ noResults }
SLVService/include/inc/ssec.h

1106 lines
42 KiB
C
Raw Permalink Blame History

/************************************************************************/
/* SISCO SOFTWARE MODULE HEADER *****************************************/
/************************************************************************/
/* (c) Copyright Systems Integration Specialists Company, Inc., */
/* 2003 - 2005, All Rights Reserved */
/* */
/* MODULE NAME : ssec.h */
/* PRODUCT(S) : */
/* */
/* MODULE DESCRIPTION : This module provides user defines for SISCO's */
/* Security Extensions for MMS-EASE, MMS-EASE Lite,*/
/* ICCP, AXS4-MMS, AXS4-ICCP products. */
/* */
/* GLOBAL FUNCTIONS DEFINED IN THIS MODULE : */
/* */
/* MODIFICATION LOG : */
/* Date Who Rev Comments */
/* -------- --- ------ ------------------------------------------- */
/* 08/09/05 EJV 73 MMS-LITE SECURE: chg version to 1.0050. */
/* Add extern LocalCertStorePath,CACertStorePath*/
/* 02/25/05 MDE 72 Added sSecAssocConfChkEx */
/* 01/31/05 ASK 71 Fix ST_MUTEX_SEM_SSEC to compile on QNX */
/* 01/18/05 ASK 70 Chg ver back to 1.03 for (Win release) */
/* 01/11/05 ASK 69 Added ST_MUTEX_SEM_SSEC for non-Windows */
/* 01/10/05 ASK 68 Added ST_MUTEX_SEM_SSEC struct to ensure */
/* alignment between S_SEC_CFG between */
/* secman.dll and calling application */
/* 01/06/05 ASK 67 Temporarily Chg ver to 1.0260 for Symantec */
/* release. */
/* 09/29/04 EJV 66 Chg ver to 1.03 for (Win release) */
/* 09/02/04 EJV 65 Added S_SEC_PATH for sun. */
/* 08/24/04 EJV 64 Chg from WIN32 to _WIN32. */
/* Chg ver to 1.0251 for Windows ICCP-SECURE. */
/* 04/08/04 EJV 63 _AIX: added S_SEC_PATH. */
/* Chg ver to 1.02 for (AIX release) */
/* 04/01/04 EJV 62 Chg ver to 1.0051 for (AIX beta) */
/* 03/30/04 ASK 61 Added secManLckEnd proto */
/* Added ssleCertFileToText proto for AIX */
/* 03/12/04 ASK 60 Added ssleCertFileToXml proto for AIX */
/* 03/10/04 EJV 59 Corr ver to 1.0050 for (AIX beta) */
/* 03/05/04 MDE 58 Added AE Title for AR Security mode */
/* 02/16/04 EJV 57 Chg S_SEC_DEF_SSL_PORT to 3782. */
/* Added S_SEC_PORT_DELIM_CHAR. */
/* Chg ver to 1.0150 for (AIX beta) */
/* 02/09/04 EJV 56 Changed S_SEC_LITESECURE_NAME. */
/* 01/16/04 EJV 55 Del forward reference to DIB_MATCH_CTRL. */
/* Added _WIN32 for dllimport secManCfgChange. */
/* 01/12/04 EJV 54 Added secManCfgChange proto for MMS_LITE */
/* 12/04/03 ASK 53 Added secManCfgChange proto */
/* 10/31/03 ASK 52 Rem CName type 'Unknown' */
/* 10/21/03 EJV 51 Rem sSecFreeSecParam, sSecFreePartSecParam */
/* 10/20/03 ASK 50 Added params to sSecUpdate, added */
/* secManGetDebugSel proto, added */
/* crlDropExisting to cfg */
/* 10/16/03 ASK 49 Added sSecEnd and stopSSLEngine protos, */
/* Chg ver to 1.00 */
/* 10/10/03 MDE 48 Added crlCheckTime */
/* 09/30/03 EJV 47 MMS-LITE: added S_SEC_LITESECURE_VERSION_STR */
/* and S_SEC_LITESECURE_NAME. */
/* Redefined macros SECLOG..._ to SEC_LOG_... */
/* Added S_SEC_SSLE_LOG_DATA, S_SEC_SOCK_LOG_TX,*/
/* S_SEC_SOCK_LOG_RX (reworked numbers). */
/* Chg secLogMasks from ST_ULONG to ST_UINT. */
/* MMS_LITE: Added global secManCfgXmlFile */
/* 09/29/03 EJV 46 Chg ver to 0.9955 (snap.exe fix) */
/* 08/25/03 EJV 45 Moved protos with GEN_SOCK to ssec_int.h */
/* 08/21/03 ASK 44 Add clearTime to S_MACE_INFO struct. Chg some*/
/* protos to pass this to verify time sig */
/* 08/21/03 EJV 43 Added setGenSockSSL, ssecGetCipherSuite, */
/* sSecGetCertId, sSecGetCertCtrl protos. */
/* Chg ver to 0.9954 */
/* 07/28/03 EJV 42 Chg MMS_LITE protos. */
/* 07/18/03 ASK 41 Add software lock protos from secmanlck.c */
/* 07/16/03 MDE 40 Changes to appAuthRequired values */
/* 07/14/03 ASK 39 Add sSecUpdate and sslUpdate protos */
/* 06/30/03 ASK 38 Added secManAccessCfg and secManReleaseCfg */
/* protos. #include glbsem.h. Add mutex to */
/* S_SEC_CONFIG struct. */
/* 06/26/03 EJV 37 Chg GSOCK_... to SOCK_... log macros */
/* 06/25/03 EJV 36 Chg ver to 0.9953 */
/* 06/24/03 ASK 35 Added dynamic config API func protos */
/* 06/20/03 EJV 34 Added SNAP_EXIT_EVENT_NAME. */
/* 06/20/03 ASK 33 add S_SEC_EVENT_REKEY_FAILURE define */
/* 06/19/03 MDE 32 Added rekeying to S_CERT_CTRL */
/* 06/16/03 EJV 31 Del m_match.h, s_match.h; added suicacse.h; */
/* Changed M_MATCH_CTRL to DIB_MATCH_CTRL. */
/* 06/12/03 MDE 30 sSecAssocConfChk added srcChkDest parameter. */
/* 06/12/03 MDE 29 Fixed up MMS_LITE over Marben */
/* 06/12/03 MDE 28 Added M_MATCH support */
/* 05/27/03 EJV 27 Chg ver to 0.9952 */
/* 05/27/03 EJV 26 sSecAssocIndChk added parameter srcChkDest. */
/* 05/27/03 EJV 25 S_SEC_PORT_DELIM_STR chg to '+' for compatib.*/
/* 05/23/03 ASK 24 Changed secManLog to secManEventLog. Added */
/* event define S_SEC_EVENT_SSL_FAILURE. Change */
/* sSecPrintSrlNum to secManPrintSrlNum. */
/* 05/14/03 MDE 23 Fixed up rekey parameters */
/* 05/09/03 MDE 22 Corrected S_CIPHER_0C04xx, _0D02xx to use MD5*/
/* 05/06/03 ASK 21 Add sSecUsrStart proto, changed secManStart */
/* and startSSLEngine protos for new logging. */
/* 05/01/03 ASK 20 Change to use S_SEC_SPARAMS for SUIC */
/* 04/30/03 ASK 19 Add public key to S_CERT_INFO. Changed */
/* S_SEC_MAX_SIGNED_TIME_LEN to 128 bytes. */
/* Added protos for new signing time functions. */
/* Added sSecCmpIssuer proto. */
/* 04/29/03 EJV 18 Added S_SEC_MAX_IP_ADDR_LEN */
/* Chg ver to 0.9951 */
/* 04/21/03 MDE 17 Added cipher suites */
/* 04/18/03 MDE 16 S_SEC_CONFIG changes */
/* 04/18/03 MDE 15 Added S_APP_AUTHREQ_xxx defines */
/* 04/18/03 MDE 14 Added Masks for Cipher Suite elements */
/* 04/17/03 EJV 13 Moved asn1log.h. */
/* 04/16/03 EJV 12 Added version string. */
/* 04/15/03 JRB 11 Add forward ref for mvl_net_info. */
/* 04/15/03 ASK 10 Added sSecPrintSrlNum proto. */
/* 04/11/03 EJV 09 sSecAuthChk: changed ret to ST_RET */
/* 04/10/03 EJV 08 Added sSecCmpCertId proto. */
/* 04/10/03 MDE 07 Added ArSec support */
/* 04/09/03 MDE 06 Merged ssecusr.c function protos */
/* 04/09/03 MDE 05 Added AR security context declarations */
/* 04/08/03 EJV 05 Added defs for all log masks in secLogMasks. */
/* Changed secLogMasks to ST_ULONG. */
/* 04/07/03 EJV 04 Added protos from ssecusr.c */
/* 04/04/03 ASK 03 Changed serial number format. Added */
/* SECLOG_DATA and SECLOG_DEBUG masks. Added */
/* startSSLEngine proto. */
/* 03/04/03 EJV 02 Added IPAddr string parsing tokens */
/* 02/21/03 MDE 01 Created */
/************************************************************************/
#ifndef S_SEC_INCLUDED
#define S_SEC_INCLUDED
#ifdef __cplusplus
extern "C" {
#endif
#include "glbsem.h"
#include "acseauth.h"
#include "gen_list.h"
#include "asn1r.h"
#include "dibmatch.h"
#if !defined(MMS_LITE) || defined(MAP30_ACSE)
/* for MMS-EASE, MMS-EASE Lite based products over Marben Stack */
#define S_SEC_VERSION_STR "1.03"
#else
/* for MMS-EASE Lite products over LEAN-T Stack */
#define S_SEC_LITESECURE_NAME "MMS-LITE-SECURE-80X-001"
#define S_SEC_LITESECURE_VERSION_STR "1.0050"
#endif
#if !defined(MMS_LITE) || defined(MAP30_ACSE)
/* for MMS-EASE, MMS-EASE Lite based products over Marben Stack */
#if !defined(_WIN32)
/* Security installation path on UNIX systems is fixed but diff on each system */
#if defined(_AIX)
#define S_SEC_PATH "/usr/lpp/osill2/security"
#else /* other UNIX systems */
#define S_SEC_PATH "/usr/osill2/security"
#endif
#endif /* !defined(_WIN32) */
#endif
/************************************************************************/
/************************************************************************/
/* NOTES ON CERTIFICATE NAME MATCHING */
/* This sSec API has a number of functions that must match certificates */
/* based on a S_CERT_ID data structure. In all cases the matching */
/* process works as follows: */
/* */
/* The matching can be based on certificate number, subject, */
/* issuer, or any combination of these as specified in the certId. */
/* For instance, the following specifications are valid: */
/* 1. Serial Number only */
/* 2. Subject only */
/* 3. Issuer only */
/* 4. Subject and Issuer */
/* 5. Subject and Serial Number */
/* 6. Issuer and Serial Number */
/* 7. Subject, Issuer, Serial Number */
/* Note that the all elements of the input 'certId' must be present and */
/* match exactly in the local certificate. That is, all elements of the */
/* certificate name must be present and in the specified order. */
/************************************************************************/
/************************************************************************/
#define SEC_LOG_ERR 0x00000001
#define SEC_LOG_NERR 0x00000002
#define SEC_LOG_FLOW 0x00000004
#define SEC_LOG_DATA 0x00000008
#define SEC_LOG_DEBUG 0x00000010
extern ST_UINT sec_debug_sel;
/************************************************************************/
/* LOGGING */
/* The logging masks defined here are used to set the secLogMasks field */
/* in the S_SEC_CONFIG (defined below). The application can set the */
/* proper module logging masks by examining the secLogMasks. */
/* Note that ERR logging is set by default to ON in all modules. */
/* The name of masks have been copied here and prefixed with S_SEC_... */
/* for easy reference. */
/* log masks for sec_debug_sel (ssec.h) */
#define S_SEC_SEC_LOG_NERR 0x00000001
#define S_SEC_SEC_LOG_FLOW 0x00000002
#define S_SEC_SEC_LOG_DATA 0x00000004
#define S_SEC_SEC_LOG_DEBUG 0x00000008
/* log masks for ssle_debug_sel (sslEngine.h) */
#define S_SEC_SSLE_LOG_NERR 0x00000010
#define S_SEC_SSLE_LOG_FLOW 0x00000020
#define S_SEC_SSLE_LOG_DATA 0x00000040
#define S_SEC_SSLE_LOG_DEBUG 0x00000080
/* log masks for snap_debug_sel (snaplog.h) */
#define S_SEC_SNAP_LOG_NERR 0x00000100
#define S_SEC_SNAP_LOG_FLOW 0x00000200
/* log masks for sock_debug_sel (gensock2.h) */
#define S_SEC_SOCK_LOG_NERR 0x00000400
#define S_SEC_SOCK_LOG_FLOW 0x00000800
#define S_SEC_SOCK_LOG_TX 0x00001000
#define S_SEC_SOCK_LOG_RX 0x00002000
/* log masks for sx_debug_sel (sx_defs.h) */
#define S_SEC_SX_LOG_NERR 0x00004000
#define S_SEC_SX_LOG_DEC 0x00008000
#define S_SEC_SX_LOG_ENC 0x00010000
#define S_SEC_SX_LOG_FLOW 0x00020000
#define S_SEC_SX_LOG_DEBUG 0x00040000
/* log masks for asn1_debug_sel (asn1r.h) */
#define S_SEC_ASN1_LOG_NERR 0x00080000
#define S_SEC_ASN1_LOG_DEC 0x00100000
#define S_SEC_ASN1_LOG_ENC 0x00200000
/* log masks for gs_debug_sel (glbsem.h) */
#define S_SEC_GS_LOG_NERR 0x00400000
#define S_SEC_GS_LOG_FLOW 0x00800000
/* log masks for chk_debug_en (mem_chk.h) */
#define S_SEC_MEM_LOG_CALLOC 0x01000000
#define S_SEC_MEM_LOG_MALLOC 0x02000000
#define S_SEC_MEM_LOG_REALLOC 0x04000000
#define S_SEC_MEM_LOG_FREE 0x08000000
/* the rest of bits are used for memory debugging flags: */
#define S_SEC_m_check_list_enable 0x10000000
#define S_SEC_m_find_node_enable 0x20000000
#define S_SEC_m_no_realloc_smaller 0x40000000
/* 0x80000000 free */
/************************************************************************/
/* SNAP Startup Event Names */
#if defined(_WIN32)
#define SNAP_STARTED_EVENT_NAME "snap.started"
#define SNAP_RUNNING_EVENT_NAME "snap.running"
#define SNAP_EXIT_EVENT_NAME "snap.exit"
#endif
/************************************************************************/
/* Allowed authType values */
#define S_SEC_AUTHTYPE_NONE 0
#define S_SEC_AUTHTYPE_CERTIFICATE 1
#define S_SEC_AUTHTYPE_SYMMETRIC 2
/************************************************************************/
/* General Defines */
/* Maximum signed time data size */
#define S_SEC_MAX_SIGNED_TIME_LEN 128
/* Help in sizing the asn1 buffer (really more like 25 ...) */
#define S_SEC_ASN1_BUF_OH 50
/* Maximum size of the certificate serial number (in bytes) */
#define S_SEC_MAX_SERIAL_LEN 64
/************************************************************************/
/* MACE decode error codes */
#define MACE_ASN1_INCOMPLETE 0x9102
#define MACE_ASN1_SYMMETRIC_NOT_SUPPORTED 0x9103
/************************************************************************/
/* Default Ports */
/* SSL Port */
#define S_SEC_DEF_SSL_PORT 3782
/* IPC Ports */
#define S_SEC_DEF_STACK_PORT 10042
#define S_SEC_DEF_SNAP_PORT 10043
#define S_SEC_DEF_SNAP_CONTROL_PORT 10044
#define S_SEC_DEF_SNAP_MONITOR_PORT 10045
/************************************************************************/
/* Remote address and security info formatting tokens */
#define S_SEC_IP_ADDR_DELIM_STR "SSL:"
#define S_SEC_PORT_DELIM_STR "+"
#define S_SEC_PORT_DELIM_CHAR '+' /* same as above but in ' ' */
#define S_SEC_CIPHER_DELIM_STR "+"
#define S_SEC_CERT_ID_DELIM_STR ","
#define S_SEC_MAX_IP_ADDR_LEN 20
/************************************************************************/
/* Security Subsystem Error Codes */
#define S_SEC_ERR_VALIDITY_TOOSOON 0xA001
#define S_SEC_ERR_VALIDITY_EXPIRED 0xA002
#define S_SEC_ERR_CNAME_TYPE_UNKNOWN 0xA003
#define S_SEC_ERR_CNAME_MISSING 0xA004
#define S_SEC_ERR_CNAME_EXTRA 0xA005
#define S_SEC_ERR_CNAME_MISMATCH 0xA006
#define S_SEC_ERR_TIME_SEAL_INVALID 0xA007
#define S_SEC_ERR_TIME_SEAL_TIME_WINDOW 0xA008
/************************************************************************/
/* Cipher Suite Selection Defines */
#define S_MAX_ALLOWED_CIPHER_SUITES 49
/* Masks for Cipher Suite elements */
#define S_KEYX_MASK 0xff0000
#define S_CRYPT_MASK 0x00ff00
#define S_HASH_MASK 0x0000ff
/* Key Exchange Algorithms */
#define S_KEYX_NONE 0x000000
#define S_KEYX_NULL 0x010000
#define S_KEYX_RSA 0x020000
#define S_KEYX_RSA_EX 0x030000
#define S_KEYX_DH_DSS 0x040000
#define S_KEYX_DH_DSS_EX 0x050000
#define S_KEYX_DH_RSA 0x060000
#define S_KEYX_DH_RSA_EX 0x070000
#define S_KEYX_DHE_DSS 0x080000
#define S_KEYX_DHE_DSS_EX 0x090000
#define S_KEYX_DHE_RSA 0x0A0000
#define S_KEYX_DHE_RSA_EX 0x0B0000
#define S_KEYX_DH_ANON 0x0C0000
#define S_KEYX_DH_ANON_EX 0x0D0000
#define S_KEYX_FORTEZZA_DMS 0x0E0000
/* Encryption Algorithms */
#define S_CRYPT_NONE 0x000000
#define S_CRYPT_NULL 0x000100
#define S_CRYPT_RC4_40 0x000200
#define S_CRYPT_RC4_56 0x000300
#define S_CRYPT_RC4_128 0x000400
#define S_CRYPT_RC2_CBC_40 0x000500
#define S_CRYPT_IDEA_CBC 0x000600
#define S_CRYPT_DES40_CBC 0x000700
#define S_CRYPT_DES_CBC 0x000800
#define S_CRYPT_3DES_EDE_CBC 0x000900
#define S_CRYPT_FORTEZZA_CBC 0x000A00
#define S_CRYPT_AES_128_CBC 0x000B00
#define S_CRYPT_AES_256_CBC 0x000C00
/* Hash Algorithms */
#define S_HASH_NONE 0x000000
#define S_HASH_NULL 0x000001
#define S_HASH_MD5 0x000002
#define S_HASH_SHA 0x000003
/* Cipher Suite Seletion */
#define S_CIPHER_NOSSL 0x000000
#define S_CIPHER_ANY 0xFFFFFF
/* 49 Cipher Suites are defined by SSL 3.0 and TLS 1.0 */
/* Bit fields: Key Exchange Encryption Hash */
#define S_CIPHER_NONE (S_KEYX_NONE | S_CRYPT_NONE | S_HASH_NONE)
#define S_CIPHER_010103 (S_KEYX_NULL | S_CRYPT_NULL | S_HASH_SHA)
#define S_CIPHER_020102 (S_KEYX_RSA | S_CRYPT_NULL | S_HASH_MD5)
#define S_CIPHER_020103 (S_KEYX_RSA | S_CRYPT_NULL | S_HASH_SHA)
#define S_CIPHER_020402 (S_KEYX_RSA | S_CRYPT_RC4_128 | S_HASH_MD5)
#define S_CIPHER_020403 (S_KEYX_RSA | S_CRYPT_RC4_128 | S_HASH_SHA)
#define S_CIPHER_020603 (S_KEYX_RSA | S_CRYPT_IDEA_CBC | S_HASH_SHA)
#define S_CIPHER_020803 (S_KEYX_RSA | S_CRYPT_DES_CBC | S_HASH_SHA)
#define S_CIPHER_020903 (S_KEYX_RSA | S_CRYPT_3DES_EDE_CBC | S_HASH_SHA)
#define S_CIPHER_020B03 (S_KEYX_RSA | S_CRYPT_AES_128_CBC | S_HASH_SHA)
#define S_CIPHER_020C03 (S_KEYX_RSA | S_CRYPT_AES_256_CBC | S_HASH_SHA)
#define S_CIPHER_030202 (S_KEYX_RSA_EX | S_CRYPT_RC4_40 | S_HASH_MD5)
#define S_CIPHER_030303 (S_KEYX_RSA_EX | S_CRYPT_RC4_56 | S_HASH_SHA)
#define S_CIPHER_030502 (S_KEYX_RSA_EX | S_CRYPT_RC2_CBC_40 | S_HASH_MD5)
#define S_CIPHER_030703 (S_KEYX_RSA_EX | S_CRYPT_DES40_CBC | S_HASH_SHA)
#define S_CIPHER_030803 (S_KEYX_RSA_EX | S_CRYPT_DES_CBC | S_HASH_SHA)
#define S_CIPHER_040803 (S_KEYX_DH_DSS | S_CRYPT_DES_CBC | S_HASH_SHA)
#define S_CIPHER_040903 (S_KEYX_DH_DSS | S_CRYPT_3DES_EDE_CBC | S_HASH_SHA)
#define S_CIPHER_040B03 (S_KEYX_DH_DSS | S_CRYPT_AES_128_CBC | S_HASH_SHA)
#define S_CIPHER_040C03 (S_KEYX_DH_DSS | S_CRYPT_AES_256_CBC | S_HASH_SHA)
#define S_CIPHER_050703 (S_KEYX_DH_DSS_EX | S_CRYPT_DES40_CBC | S_HASH_SHA)
#define S_CIPHER_060803 (S_KEYX_DH_RSA | S_CRYPT_DES_CBC | S_HASH_SHA)
#define S_CIPHER_060903 (S_KEYX_DH_RSA | S_CRYPT_3DES_EDE_CBC | S_HASH_SHA)
#define S_CIPHER_060B03 (S_KEYX_DH_RSA | S_CRYPT_AES_128_CBC | S_HASH_SHA)
#define S_CIPHER_060C03 (S_KEYX_DH_RSA | S_CRYPT_AES_256_CBC | S_HASH_SHA)
#define S_CIPHER_070703 (S_KEYX_DH_RSA_EX | S_CRYPT_DES40_CBC | S_HASH_SHA)
#define S_CIPHER_080403 (S_KEYX_DHE_DSS | S_CRYPT_RC4_128 | S_HASH_SHA)
#define S_CIPHER_080803 (S_KEYX_DHE_DSS | S_CRYPT_DES_CBC | S_HASH_SHA)
#define S_CIPHER_080903 (S_KEYX_DHE_DSS | S_CRYPT_3DES_EDE_CBC | S_HASH_SHA)
#define S_CIPHER_090303 (S_KEYX_DHE_DSS_EX | S_CRYPT_RC4_56 | S_HASH_SHA)
#define S_CIPHER_090703 (S_KEYX_DHE_DSS_EX | S_CRYPT_DES40_CBC | S_HASH_SHA)
#define S_CIPHER_090803 (S_KEYX_DHE_DSS_EX | S_CRYPT_DES_CBC | S_HASH_SHA)
#define S_CIPHER_080B03 (S_KEYX_DHE_DSS | S_CRYPT_AES_128_CBC | S_HASH_SHA)
#define S_CIPHER_080C03 (S_KEYX_DHE_DSS | S_CRYPT_AES_256_CBC | S_HASH_SHA)
#define S_CIPHER_0A0803 (S_KEYX_DHE_RSA | S_CRYPT_DES_CBC | S_HASH_SHA)
#define S_CIPHER_0A0903 (S_KEYX_DHE_RSA | S_CRYPT_3DES_EDE_CBC | S_HASH_SHA)
#define S_CIPHER_0A0B03 (S_KEYX_DHE_RSA | S_CRYPT_AES_128_CBC | S_HASH_SHA)
#define S_CIPHER_0A0C03 (S_KEYX_DHE_RSA | S_CRYPT_AES_256_CBC | S_HASH_SHA)
#define S_CIPHER_0B0703 (S_KEYX_DHE_RSA_EX | S_CRYPT_DES40_CBC | S_HASH_SHA)
#define S_CIPHER_0C0402 (S_KEYX_DH_ANON | S_CRYPT_RC4_128 | S_HASH_MD5)
#define S_CIPHER_0C0803 (S_KEYX_DH_ANON | S_CRYPT_DES_CBC | S_HASH_SHA)
#define S_CIPHER_0C0903 (S_KEYX_DH_ANON | S_CRYPT_3DES_EDE_CBC | S_HASH_SHA)
#define S_CIPHER_0C0B03 (S_KEYX_DH_ANON | S_CRYPT_AES_128_CBC | S_HASH_SHA)
#define S_CIPHER_0C0C03 (S_KEYX_DH_ANON | S_CRYPT_AES_256_CBC | S_HASH_SHA)
#define S_CIPHER_0D0202 (S_KEYX_DH_ANON_EX | S_CRYPT_RC4_40 | S_HASH_MD5)
#define S_CIPHER_0D0703 (S_KEYX_DH_ANON_EX | S_CRYPT_DES40_CBC | S_HASH_SHA)
#define S_CIPHER_0E0103 (S_KEYX_FORTEZZA_DMS | S_CRYPT_NULL | S_HASH_SHA)
#define S_CIPHER_0E0403 (S_KEYX_FORTEZZA_DMS | S_CRYPT_RC4_128 | S_HASH_SHA)
#define S_CIPHER_0E0A03 (S_KEYX_FORTEZZA_DMS | S_CRYPT_FORTEZZA_CBC | S_HASH_SHA)
/************************************************************************/
/* Certificate Names */
/* nameType defines */
#define S_CERT_NAME_TYPE_ANY 0
#define S_CERT_NAME_TYPE_COMMON_NAME 1
#define S_CERT_NAME_TYPE_COUNTRY 2
#define S_CERT_NAME_TYPE_STATE_OR_PROVINCE 3
#define S_CERT_NAME_TYPE_LOCALITY 4
#define S_CERT_NAME_TYPE_ORGANIZATION 5
#define S_CERT_NAME_TYPE_EMAIL 6
#define S_CERT_NAME_TYPE_ORGANIZATIONAL_UNIT 7
/* A name in a certificate is a list of names and nane types */
typedef struct
{
DBL_LNK l;
ST_INT nameType;
ST_CHAR *nameText;
} S_CERT_NAME;
/************************************************************************/
/* Identifying a Certificate */
#define S_SERIAL_NUM_NONE -1
typedef struct
{
ST_INT serialLen; /* 0 == wildcard */
ST_UCHAR serialNumber[S_SEC_MAX_SERIAL_LEN]; /* reverse from mmc */
S_CERT_NAME *issuerCName; /* NULL == wildcard */
S_CERT_NAME *subjectCName; /* NULL == wildcard */
} S_CERT_ID;
/************************************************************************/
/* Certificate BLOB, X.509 format */
typedef struct
{
ST_INT certDataLen;
ST_UCHAR *certData;
} S_CERT_BLOB;
/************************************************************************/
/* Signed Time */
typedef struct
{
ST_INT signedTimeLen;
ST_UCHAR *signedTimeData;
} S_SIGNED_TIME;
/************************************************************************/
/* MACE authentication information */
typedef struct
{
ST_INT authType;
union
{
struct
{
S_CERT_BLOB certBlob;
time_t signedTimeT;
/* UTC NULL-terminated time string to be verified */
ST_UCHAR clearTime[S_SEC_MAX_SIGNED_TIME_LEN];
/* UTC time string signed by the sender */
S_SIGNED_TIME signedTime;
} certBased;
struct
{
ST_INT placeHolder;
} symmetric;
} u;
} S_MACE_INFO;
/************************************************************************/
/************************************************************************/
/* Certificate Content Information */
typedef struct
{
ST_INT version;
S_CERT_ID certId;
struct
{
time_t validNotBefore;
time_t validNotAfter;
} validity;
#if 0
struct
{
ST_INT publicKeyAlgorithm;
ST_INT algorithmIdentifier;
} algorithms;
#endif
ST_UCHAR *publicKey;
ST_INT publicKeyLen;
} S_CERT_INFO;
/************************************************************************/
/************************************************************************/
/* Security Configuration */
/************************************************************************/
/* List of Certificate ID's */
typedef struct
{
DBL_LNK l;
ST_CHAR *certName; /* Null if no associated name */
S_CERT_ID certId;
/* Rekey Control. These override the global rekey parameters if != 0 */
/* They apply only to remote certificates */
ST_LONG maxTransactionsPerKey;
time_t maxTimePerKey;
ST_INT rekeyTimeout; /* In seconds */
/* Internal use */
ST_INT cfgId;
} S_CERT_CTRL;
/************************************************************************/
/* AR Security Mapping Defines */
/* appAuthRequired defines */
/* These defines come into play only if 'Remote AR Security' is not */
/* found for an incoming connection */
/* 'Remote AR Security' is required; reject all other indications */
#define S_APP_AUTHREQ_AR_SEC 0
/* A configured MACE certificate is required */
#define S_APP_AUTHREQ_MACE 1
/* A configured MACE certificate is required and encryption is required */
#define S_APP_AUTHREQ_MACE_ENCRYPTED 2
/* Encryption is required */
#define S_APP_AUTHREQ_ENCRYPTED 3
/* There are no requirements; all connections are acceptable */
#define S_APP_AUTHREQ_NONE 4
#define S_AR_AUTH_MODE_AETITLE 0
#define S_AR_AUTH_MODE_MACE 1
#define S_AR_AUTH_MODE_SSL 2
/* For backward compatibility only */
#define S_AR_AUTH_MODE_NONE S_AR_AUTH_MODE_AETITLE
/* Note that the Local is used to select the local MACE certificate for */
/* connections to a remote with arAuthMode == S_AR_AUTH_MODE_MACE */
typedef struct
{
DBL_LNK l;
ST_CHAR *arName; /* Local or Remote AR Name */
S_CERT_CTRL *maceCert; /* NULL if none configured */
/* User */
ST_VOID *usr;
} S_SEC_LOC_AR;
/* Remote AR Security Configuration */
/* Note that the Remote is used to determine the ACSE authentication */
/* and encryption to be used for both calling and called connections, */
/* and is used in identifying the remote for called connections */
typedef struct
{
DBL_LNK l;
ST_CHAR *arName; /* Local or Remote AR Name */
/* Authentication */
ST_INT arAuthMode;
/* Authentication Certificate: */
/* arAuthMode == S_AR_AUTH_MODE_MACE : Remote MACE cert */
/* arAuthMode == S_AR_AUTH_MODE_SSL : Remote SSL cert */
/* arAuthMode == S_AR_AUTH_MODE_NONE : NULL */
S_CERT_CTRL *authCert;
/* Encryption */
ST_INT encryptMode;
ST_UINT16 sslPort; /* For S_SEC_ENCRYPT_SSL */
/* User */
ST_VOID *usr;
} S_SEC_REM_AR;
#if defined(_WIN32)
/* Placeholder struct kept only for compatibility purposes with older
* applications. Used in main S_SEC_CFG struct below.
*/
typedef struct
{
ST_INT mutexType; /* GS_MUTEX_UNNAMED (_NAMED) */
union
{
HANDLE hMutex; /* for named mutex */
CRITICAL_SECTION cs; /* for unnamed mutex */
} u;
} ST_MUTEX_SEM_SSEC;
#else
#define ST_MUTEX_SEM_SSEC ST_MUTEX_SEM
#endif
/************************************************************************/
/**** Main Configuration Structure ****/
#define S_SSL_MAX_LISTEN_PORTS 10
typedef struct
{
/****** General Configuration ******/
ST_BOOLEAN secureModeEnabled;
/* Old struct kept around for alignment purposes with old(er) apps */
ST_MUTEX_SEM_SSEC obsoleteCfgMutex;
/****** MACE Level Configuration ******/
/* Time Signature Window */
time_t timeSealWindow;
/****** Certificate Lists ******/
/* Remote Certificates and associated AR Names */
S_CERT_CTRL *sslRemoteCertList;
/* Local Certificates and associated AR Names */
S_CERT_CTRL *sslLocalCertList;
/* Acceptable CA Certificates */
S_CERT_CTRL *sslTrustedCaCertList;
/****** SSL Configuration ******/
/* Local Certificate to be used */
S_CERT_CTRL *sslLocalCertCtrl;
/* Listen Port Numbers */
ST_INT numSslListenPorts;
ST_UINT16 sslListenPorts[S_SSL_MAX_LISTEN_PORTS];
/* Allowed Ciphers, ordered by preference */
ST_INT numAllowedCipherSuites;
ST_INT allowedCipherSuites[S_MAX_ALLOWED_CIPHER_SUITES];
/* Flags */
ST_BOOLEAN certAuthCalling;
ST_BOOLEAN certAuthCalled;
ST_BOOLEAN encryptReqCalling;
ST_BOOLEAN encryptReqCalled;
/* Rekey Control */
ST_LONG maxTransactionsPerKey;
time_t maxTimePerKey;
ST_INT rekeyTimeout; /* In seconds */
/* CRL Control */
ST_INT crlCheckTime; /* In minutes */
ST_BOOLEAN crlDropExisting;
/****** Application Configuation */
ST_INT appAuthRequired;
DIB_MATCH_CTRL dibMatch;
/* Well Known AR Names */
S_SEC_LOC_AR *secLocArList;
S_SEC_REM_AR *secRemArList;
/****** SNAP Configuation */
/* Default SSL Calling Port Number */
ST_UINT16 defCallingSslPort;
/* Misc */
ST_UINT maxCalling;
ST_UINT maxCalled;
ST_INT cpuAffinity;
/* Calling connection timeout, used by SNAP. Default 10000ms */
ST_INT callingConnectTimeout; /* In milliseconds */
/****** IPC: SNAP/Stack Ports & IP Addresses */
ST_CHAR *stackIPAddress;
ST_UINT16 stackListenPort;
ST_CHAR *snapIPAddress;
ST_UINT16 snapListenPort;
ST_UINT16 snapControlListenPort;
ST_UINT16 snapMonitorListenPort;
/* SNAP/STACK Connect-to-Ctrl timeout, bidirectional. Default 500ms */
ST_INT snapStackCtrlTimeout; /* In milliseconds */
/****** Security Logging ******/
ST_INT secEventLogTimeStampMode;
ST_INT secEventLogFileSize;
ST_CHAR *secEventLogFile;
ST_INT diagLogTimeStampMode;
ST_INT diagLogFileSize;
ST_CHAR *diagLogFileName;
ST_UINT secLogMasks;
} S_SEC_CONFIG;
/************************************************************************/
/************************************************************************/
#define S_SEC_ENCRYPT_NONE 0
#define S_SEC_ENCRYPT_SSL 1
typedef struct
{
ST_INT encryptMode;
union
{
struct
{
ST_UINT16 port;
ST_BOOLEAN sslCertMatched; /* The Subject-to-CertId succeded */
S_CERT_CTRL *sslCert; /* The matched SSL cert ctrl */
ST_INT cipherSuite; /* Cipher suite in use */
} ssl;
} u;
} S_SEC_ENCRYPT_CTRL;
/* Struct passed back and forth to SUIC */
typedef struct
{
ACSE_AUTH_INFO *authInfo;
ACSE_AUTH_INFO *partAuthInfo;
S_SEC_ENCRYPT_CTRL *encryptCtrl;
} S_SEC_SPARAMS;
/************************************************************************/
/* Application Level Authentication Check Result */
typedef struct
{
/* Encryption in use */
S_SEC_ENCRYPT_CTRL encryptInfo;
/* Authentication in use */
ST_INT authPres;
ST_INT mechType;
union
{
struct
{
ST_BOOLEAN timeSealOk; /* Timeseal not reused, in window */
ST_BOOLEAN maceCertTimeValid; /* Certificate validity times OK */
ST_BOOLEAN maceCertIssuerOk; /* The issuer is in the OK list */
ST_BOOLEAN maceCertMatched; /* The Subject-to-CertId succeded */
S_CERT_CTRL *maceCert; /* The matched MACE cert ctrl */
} certBased;
struct
{
ST_INT placeHolder;
} symmetric;
struct
{
ST_INT placeHolder2;
} passsword;
} u;
} S_SEC_AUTHCHK_RSLT;
/************************************************************************/
/* Look up configured security information by AR Name */
ST_RET sSecRemArNameToArSec (ST_CHAR *arName, S_SEC_REM_AR **arSecOut);
ST_RET sSecLocArNameToArSec (ST_CHAR *arName, S_SEC_LOC_AR **arSecOut);
/************************************************************************/
/* These functions can be used to select and examine SSL level info */
/* for the selected connection */
#if defined(MMS_LITE) && !defined(MAP30_ACSE)
/* ssecusr.c functions */
struct mvl_net_info; /* forward reference */
ST_RET sSecAssocIndChk (struct mvl_net_info *cc, DIB_MATCH_CTRL *matchCtrl,
S_SEC_REM_AR **arSecOut, S_SEC_AUTHCHK_RSLT *srcChkDest);
ST_RET sSecAssocConfChkEx (struct mvl_net_info *cc, DIB_MATCH_CTRL *matchCtrl,
S_SEC_REM_AR *remArSec, S_SEC_AUTHCHK_RSLT *srcChkDest);
ST_RET sSecAuthChk (struct mvl_net_info *cc, S_SEC_AUTHCHK_RSLT *srcChkDest);
ST_RET sSecGetSecParam (struct mvl_net_info *cc, S_SEC_SPARAMS *secParams);
ST_RET sSecFreeSecParam (ACSE_AUTH_INFO *authInfo);
ST_RET sSecFreePartSecParam (struct mvl_net_info *cc);
/* For backward compatability */
#define sSecAssocConfChk(cc,remArSec,secChkDest) sSecAssocConfChkEx(cc,NULL,remArSec,secChkDest)
#else
/* ssecusr.c functions */
ST_RET sSecAssocIndChk (ST_INT chan, DIB_MATCH_CTRL *matchCtrl,
S_SEC_REM_AR **arSecOut, S_SEC_AUTHCHK_RSLT *srcChkDest);
ST_RET sSecAssocConfChkEx (ST_INT chan, DIB_MATCH_CTRL *matchCtrl,
S_SEC_REM_AR *remArSec, S_SEC_AUTHCHK_RSLT *srcChkDest);
ST_INT sSecAuthChk (ST_INT chan, S_SEC_AUTHCHK_RSLT *srcChkDest);
ST_RET sSecSetSecParam (ST_INT chan, S_SEC_SPARAMS *secParams);
ST_RET sSecGetSecParam (ST_INT chan, S_SEC_SPARAMS *secParams);
/* For backward compatability */
#define sSecAssocConfChk(chan,remArSec,secChkDest) sSecAssocConfChkEx(chan,NULL,remArSec,secChkDest)
#endif
/************************************************************************/
/************************************************************************/
/************************************************************************/
/* Initialize/Terminate */
ST_RET sSecUsrStart (S_SEC_CONFIG **secCfgOut);
ST_RET sSecUsrEnd (ST_VOID);
ST_RET sSecStart (S_SEC_CONFIG **secCfg);
ST_RET sSecEnd (ST_VOID);
/* Configuration */
/* Used by configuration app to get SEC_MAN config information */
ST_CHAR *secManGetXmlCfg (ST_VOID);
ST_RET secManSetXmlCfg (ST_CHAR *pw, ST_CHAR *xmlCfg);
ST_RET secManExportLocalCerts (ST_CHAR *pw, ST_INT *destFile);
/* Used by app to reload security components */
ST_RET sSecUpdate(S_SEC_CONFIG *currCfg, S_SEC_CONFIG *newCfg);
/************************************************************************/
/* MACE Authentication */
/* Create/Free MACE Authentication Information for a local CertId */
ST_RET sSecMaceAuthInfoCreate (S_CERT_ID *certId, ACSE_AUTH_INFO *authInfo);
ST_VOID sSecMaceAuthInfoFree (ACSE_AUTH_INFO *auth_info);
/* Decode MACE Authentication Information */
ST_RET sSecMaceAuthInfoDec (ACSE_AUTH_INFO *authInfo,
S_MACE_INFO **maceInfoOut,
S_CERT_INFO **certInfoOut);
ST_VOID sSecFreeCertInfo (S_CERT_INFO *certInfo);
/************************************************************************/
/************************************************************************/
/* Finding things in the Security Configuration */
/**** Find configured local CertCtrl for given certName ****/
ST_RET sSecCertNameToLocCertCtrl (ST_CHAR *certName, S_CERT_CTRL **certCtrlOut);
/**** Find configured remote CertCtrl for given certName ****/
ST_RET sSecCertNameToRemCertCtrl (ST_CHAR *certName, S_CERT_CTRL **certCtrlOut);
/**** Find configured remote CertCtrl for given CertId ****/
ST_RET sSecCertIdToRemCertCtrl (S_CERT_ID *certId, S_CERT_CTRL **certCtrlOut);
/**** Find configured remote CertCtrl for given cfgId ****/
ST_RET sSecCertCfgIdToRemCertCtrl (ST_INT cfgId, S_CERT_CTRL **CertCtrlOut);
/************************************************************************/
/************************************************************************/
/************************************************************************/
/**** Certificate Blob Handling ****/
/* Retrieve local Certificate Blob from Certifcate Store */
ST_RET sSecGetLocalCert (S_CERT_ID *certId, S_CERT_BLOB *certDataOut);
/* Decoding a Certificate blob */
ST_RET sSecCertDec (S_CERT_BLOB *certBlob, S_CERT_INFO **certInfoOut);
/************************************************************************/
/**** Signed Time Handling ****/
/* Verify a Signed Time signature */
ST_RET sSecSignedTimeVerify (S_CERT_INFO *remCert, S_SIGNED_TIME *signedTime, ST_UCHAR *clearTime);
/* Sign a time_t */
ST_RET sSecSignTimeT (S_CERT_ID *localCert, S_SIGNED_TIME *signedTime, time_t timeToSign);
/************************************************************************/
/**** MACE ASN.1 Encode/Decode ****/
/* Encode MACE ACSE Authentication */
ST_RET sSecMaceAsn1Enc (S_MACE_INFO *maceInfo,
ST_CHAR *asn1Buf, ST_INT asn1BufLen,
ST_CHAR **maceAsn1Out, ST_INT *maceAsn1LenOut);
/* Decode Certificate based ACSE Authentication */
ST_RET sSecMaceAsn1Dec (ST_CHAR *maceAsn1, ST_INT maceAsn1Len,
S_MACE_INFO **maceInfoOut);
/************************************************************************/
/**** Remote Certificate Validity Checking ****/
/* Make sure the certificate issuer is OK */
ST_RET sSecChkIssuer (S_CERT_INFO *certInfo);
/* Make sure the certificate validity times are OK */
ST_RET sSecChkValidityTimes (S_CERT_INFO *certInfo);
/* Validate a MACE time seal */
ST_RET sSecChkTimeSeal (S_CERT_INFO *remCert,
time_t signedTimeT,
ST_UCHAR *clearTime,
S_SIGNED_TIME *signedTime);
/************************************************************************/
/************************************************************************/
/************************************************************************/
/* Common functions declarations */
/**** Compare remote cert issuer names with ones that we trust ****/
ST_BOOLEAN sSecCmpIssuer (S_CERT_ID *remCert, S_CERT_ID *trustedCert);
/**** Compare two CertIds ****/
ST_BOOLEAN sSecCmpCertId (S_CERT_ID *certId1, S_CERT_ID *certId2);
/* Export a certificate to XML */
#if !defined(_WIN32)
ST_INT ssleCertFileToXml (ST_CHAR *fileName, ST_CHAR *buf, ST_INT bufLen, ST_CHAR *pass);
#endif
/* Export a certificate to Text */
#if !defined(_WIN32)
ST_INT ssleCertFileToText (ST_CHAR *fileName, ST_CHAR *buf, ST_INT bufLen, ST_CHAR *pass);
#endif
/************************************************************************/
/************************************************************************/
/************************************************************************/
/* secMan Declarations */
/************************************************************************/
/* Set log masks */
ST_UINT* secManGetDebugSel();
/* Start/Stop */
ST_RET secManStart (S_SEC_CONFIG **secCfg, ST_VOID *secLog);
ST_RET secManEnd (ST_VOID);
/* Start the SSL Engine in ssec.lib (genssl.c) */
ST_RET startSSLEngine(S_SEC_CONFIG *sSecCfg, ST_VOID *secLog);
/* Stop the SSL Engine in ssec.lib (genssl.c) */
ST_RET stopSSLEngine();
/* Called by SNAP to reload the security configuration (genssl.c) */
ST_RET sslUpdate();
/* Used by SNAP and user apps to get the configuration.
* The release function MUST be called when the app is done using the
* configuration.
*/
ST_RET secManAccessCfg (S_SEC_CONFIG **secCfgOut);
ST_RET secManReleaseCfg (ST_VOID);
/* Used by the stack to get the configuration */
ST_RET secManAccessCfgByStack (S_SEC_CONFIG **secCfgOut);
/* Dynamic Configuration functions */
ST_BOOLEAN secManChkNewCfgAvail();
ST_RET secManLoadCfg(S_SEC_CONFIG *secCfgOut);
ST_RET secManUpdateCfg(S_SEC_CONFIG *currCfg, S_SEC_CONFIG *newCfg);
ST_RET secManFreeCfg(S_SEC_CONFIG *secCfg);
#if !defined(MMS_LITE) || defined(MAP30_ACSE)
#if defined (_WIN32)
/* Called by app or SecCfg to signal change in configuration file */
__declspec(dllimport) ST_VOID WINAPI secManCfgChange(ST_VOID);
#endif
#else /* MMS_LITE */
ST_VOID secManCfgChange(ST_VOID);
#endif /* MMS_LITE */
#if !defined(MMS_LITE) || defined(MAP30_ACSE)
/* Software Lock access */
ST_RET secManLckStart();
ST_VOID secManLckEnd();
ST_RET secManLckCheck();
#else
/* MMS_LITE */
extern ST_CHAR *secManCfgXmlFile;
#endif
#if !defined(_WIN32)
/* If needed these paths can be changed by app before sSecStart() is called */
extern ST_CHAR LocalCertStorePath[256]; /* defaults to CERT_STORE_LOCAL */
extern ST_CHAR CACertStorePath[256]; /* defaults to CERT_STORE_CA */
#endif /* !defined(_WIN32) */
/* Logging */
/* destLog defines */
#define S_SEC_LOGTYPE_NONE 0
#define S_SEC_LOGTYPE_DIAG 1
#define S_SEC_LOGTYPE_SECURITY 2
/* eventType defines */
#define S_SEC_EVENT_NO_CIPHERS 1
#define S_SEC_EVENT_UNKNOWN_CA 2
#define S_SEC_EVENT_UNKNOWN_REMOTE 3
#define S_SEC_EVENT_SSL_FAILURE 4
#define S_SEC_EVENT_REKEY_FAILURE 5
typedef struct
{
ST_INT destLog; /* Select Diagnoistic or Security log */
/* This section needs work */
ST_BOOLEAN logSystemEvent; /* Log to System event system */
ST_INT eventType;
ST_INT8 numArgs;
ST_CHAR *eventArgs[32];
ST_BOOLEAN logToSlog; /* Log to SLOG file */
ST_INT logType; /* Standard SLOG information */
ST_CHAR *SD_CONST logTypeStr;
ST_CHAR *SD_CONST sourceFile;
ST_INT lineNum;
ST_INT bufLen;
ST_CHAR *buf;
} S_SEC_EVENT;
/* Logging to Event Viewer via secman.dll */
ST_VOID secManEventLog (S_SEC_EVENT *secEvent, S_CERT_INFO *cert);
/**** Output the serial number as a string ****/
ST_VOID secManPrintSrlNum (S_CERT_ID *certId, ST_CHAR *outBuf);
/* Log configuration to diagnostic log */
ST_VOID secManLogCfg ();
/* Clone the log file */
ST_VOID secManCloneLog (ST_INT logType);
/************************************************************************/
/************************************************************************/
/* Log Macros */
/* Log type strings */
extern SD_CONST ST_CHAR *SD_CONST _sec_err_logstr;
extern SD_CONST ST_CHAR *SD_CONST _sec_nerr_logstr;
extern SD_CONST ST_CHAR *SD_CONST _sec_flow_logstr;
extern SD_CONST ST_CHAR *SD_CONST _sec_data_logstr;
extern SD_CONST ST_CHAR *SD_CONST _sec_debug_logstr;
#define SECLOG_ERR0(a) \
SLOG_0 (sec_debug_sel & SEC_LOG_ERR, _sec_err_logstr, a)
#define SECLOG_ERR1(a,b) \
SLOG_1 (sec_debug_sel & SEC_LOG_ERR, _sec_err_logstr, a,b)
#define SECLOG_ERR2(a,b,c) \
SLOG_2 (sec_debug_sel & SEC_LOG_ERR, _sec_err_logstr, a,b,c)
#define SECLOG_ERR3(a,b,c,d) \
SLOG_3 (sec_debug_sel & SEC_LOG_ERR, _sec_err_logstr, a,b,c,d)
#define SECLOG_CERR0(a) \
SLOGC_0 (sec_debug_sel & SEC_LOG_ERR,a)
#define SECLOG_CERR1(a,b) \
SLOGC_1 (sec_debug_sel & SEC_LOG_ERR,a,b)
#define SECLOG_CERR2(a,b,c) \
SLOGC_2 (sec_debug_sel & SEC_LOG_ERR,a,b,c)
#define SECLOG_NERR0(a) \
SLOG_0 (sec_debug_sel & SEC_LOG_NERR, _sec_nerr_logstr, a)
#define SECLOG_NERR1(a,b) \
SLOG_1 (sec_debug_sel & SEC_LOG_NERR, _sec_nerr_logstr, a,b)
#define SECLOG_NERR2(a,b,c) \
SLOG_2 (sec_debug_sel & SEC_LOG_NERR, _sec_nerr_logstr, a,b,c)
#define SECLOG_NERR3(a,b,c,d) \
SLOG_3 (sec_debug_sel & SEC_LOG_NERR, _sec_nerr_logstr, a,b,c,d)
#define SECLOG_FLOW0(a) \
SLOG_0 (sec_debug_sel & SEC_LOG_FLOW, _sec_flow_logstr, a)
#define SECLOG_FLOW1(a,b) \
SLOG_1 (sec_debug_sel & SEC_LOG_FLOW, _sec_flow_logstr, a,b)
#define SECLOG_FLOW2(a,b,c) \
SLOG_2 (sec_debug_sel & SEC_LOG_FLOW, _sec_flow_logstr, a,b,c)
#define SECLOG_FLOW3(a,b,c,d) \
SLOG_3 (sec_debug_sel & SEC_LOG_FLOW, _sec_flow_logstr, a,b,c,d)
#define SECLOG_CFLOW0(a) \
SLOGC_0 (sec_debug_sel & SEC_LOG_FLOW,a)
/************************************************************************/
#ifdef __cplusplus
}
#endif
#endif /* S_SEC_INCLUDED */
/************************************************************************/
Reference in New Issue View Git Blame Copy Permalink