security/nss/lib/pkcs12/p12plcy.c@7e26c7da4463 (annotated)
security/nss/lib/pkcs12/p12plcy.c
Wed, 31 Dec 2014 06:55:50 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:55:50 +0100
- changeset 2
- 7e26c7da4463
- permissions
- -rw-r--r--
Added tag UPSTREAM_283F7C6 for changeset ca08bd8f51b2
| michael@0 | 1 | /* This Source Code Form is subject to the terms of the Mozilla Public |
| michael@0 | 2 | * License, v. 2.0. If a copy of the MPL was not distributed with this |
| michael@0 | 3 | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| michael@0 | 4 | |
| michael@0 | 5 | |
| michael@0 | 6 | #include "p12plcy.h" |
| michael@0 | 7 | #include "secoid.h" |
| michael@0 | 8 | #include "secport.h" |
| michael@0 | 9 | #include "secpkcs5.h" |
| michael@0 | 10 | |
| michael@0 | 11 | #define PKCS12_NULL 0x0000 |
| michael@0 | 12 | |
| michael@0 | 13 | typedef struct pkcs12SuiteMapStr { |
| michael@0 | 14 | SECOidTag algTag; |
| michael@0 | 15 | unsigned int keyLengthBits; /* in bits */ |
| michael@0 | 16 | unsigned long suite; |
| michael@0 | 17 | PRBool allowed; |
| michael@0 | 18 | PRBool preferred; |
| michael@0 | 19 | } pkcs12SuiteMap; |
| michael@0 | 20 | |
| michael@0 | 21 | static pkcs12SuiteMap pkcs12SuiteMaps[] = { |
| michael@0 | 22 | { SEC_OID_RC4, 40, PKCS12_RC4_40, PR_FALSE, PR_FALSE}, |
| michael@0 | 23 | { SEC_OID_RC4, 128, PKCS12_RC4_128, PR_FALSE, PR_FALSE}, |
| michael@0 | 24 | { SEC_OID_RC2_CBC, 40, PKCS12_RC2_CBC_40, PR_FALSE, PR_TRUE}, |
| michael@0 | 25 | { SEC_OID_RC2_CBC, 128, PKCS12_RC2_CBC_128, PR_FALSE, PR_FALSE}, |
| michael@0 | 26 | { SEC_OID_DES_CBC, 64, PKCS12_DES_56, PR_FALSE, PR_FALSE}, |
| michael@0 | 27 | { SEC_OID_DES_EDE3_CBC, 192, PKCS12_DES_EDE3_168, PR_FALSE, PR_FALSE}, |
| michael@0 | 28 | { SEC_OID_UNKNOWN, 0, PKCS12_NULL, PR_FALSE, PR_FALSE}, |
| michael@0 | 29 | { SEC_OID_UNKNOWN, 0, 0L, PR_FALSE, PR_FALSE} |
| michael@0 | 30 | }; |
| michael@0 | 31 | |
| michael@0 | 32 | /* determine if algid is an algorithm which is allowed */ |
| michael@0 | 33 | PRBool |
| michael@0 | 34 | SEC_PKCS12DecryptionAllowed(SECAlgorithmID *algid) |
| michael@0 | 35 | { |
| michael@0 | 36 | unsigned int keyLengthBits; |
| michael@0 | 37 | SECOidTag algId; |
| michael@0 | 38 | int i; |
| michael@0 | 39 | |
| michael@0 | 40 | algId = SEC_PKCS5GetCryptoAlgorithm(algid); |
| michael@0 | 41 | if(algId == SEC_OID_UNKNOWN) { |
| michael@0 | 42 | return PR_FALSE; |
| michael@0 | 43 | } |
| michael@0 | 44 | |
| michael@0 | 45 | keyLengthBits = (unsigned int)(SEC_PKCS5GetKeyLength(algid) * 8); |
| michael@0 | 46 | |
| michael@0 | 47 | i = 0; |
| michael@0 | 48 | while(pkcs12SuiteMaps[i].algTag != SEC_OID_UNKNOWN) { |
| michael@0 | 49 | if((pkcs12SuiteMaps[i].algTag == algId) && |
| michael@0 | 50 | (pkcs12SuiteMaps[i].keyLengthBits == keyLengthBits)) { |
| michael@0 | 51 | |
| michael@0 | 52 | return pkcs12SuiteMaps[i].allowed; |
| michael@0 | 53 | } |
| michael@0 | 54 | i++; |
| michael@0 | 55 | } |
| michael@0 | 56 | |
| michael@0 | 57 | return PR_FALSE; |
| michael@0 | 58 | } |
| michael@0 | 59 | |
| michael@0 | 60 | /* is any encryption allowed? */ |
| michael@0 | 61 | PRBool |
| michael@0 | 62 | SEC_PKCS12IsEncryptionAllowed(void) |
| michael@0 | 63 | { |
| michael@0 | 64 | int i; |
| michael@0 | 65 | |
| michael@0 | 66 | i = 0; |
| michael@0 | 67 | while(pkcs12SuiteMaps[i].algTag != SEC_OID_UNKNOWN) { |
| michael@0 | 68 | if(pkcs12SuiteMaps[i].allowed == PR_TRUE) { |
| michael@0 | 69 | return PR_TRUE; |
| michael@0 | 70 | } |
| michael@0 | 71 | i++; |
| michael@0 | 72 | } |
| michael@0 | 73 | |
| michael@0 | 74 | return PR_FALSE; |
| michael@0 | 75 | } |
| michael@0 | 76 | |
| michael@0 | 77 | |
| michael@0 | 78 | SECStatus |
| michael@0 | 79 | SEC_PKCS12EnableCipher(long which, int on) |
| michael@0 | 80 | { |
| michael@0 | 81 | int i; |
| michael@0 | 82 | |
| michael@0 | 83 | i = 0; |
| michael@0 | 84 | while(pkcs12SuiteMaps[i].suite != 0L) { |
| michael@0 | 85 | if(pkcs12SuiteMaps[i].suite == (unsigned long)which) { |
| michael@0 | 86 | if(on) { |
| michael@0 | 87 | pkcs12SuiteMaps[i].allowed = PR_TRUE; |
| michael@0 | 88 | } else { |
| michael@0 | 89 | pkcs12SuiteMaps[i].allowed = PR_FALSE; |
| michael@0 | 90 | } |
| michael@0 | 91 | return SECSuccess; |
| michael@0 | 92 | } |
| michael@0 | 93 | i++; |
| michael@0 | 94 | } |
| michael@0 | 95 | |
| michael@0 | 96 | return SECFailure; |
| michael@0 | 97 | } |
| michael@0 | 98 | |
| michael@0 | 99 | SECStatus |
| michael@0 | 100 | SEC_PKCS12SetPreferredCipher(long which, int on) |
| michael@0 | 101 | { |
| michael@0 | 102 | int i; |
| michael@0 | 103 | PRBool turnedOff = PR_FALSE; |
| michael@0 | 104 | PRBool turnedOn = PR_FALSE; |
| michael@0 | 105 | |
| michael@0 | 106 | i = 0; |
| michael@0 | 107 | while(pkcs12SuiteMaps[i].suite != 0L) { |
| michael@0 | 108 | if(pkcs12SuiteMaps[i].preferred == PR_TRUE) { |
| michael@0 | 109 | pkcs12SuiteMaps[i].preferred = PR_FALSE; |
| michael@0 | 110 | turnedOff = PR_TRUE; |
| michael@0 | 111 | } |
| michael@0 | 112 | if(pkcs12SuiteMaps[i].suite == (unsigned long)which) { |
| michael@0 | 113 | pkcs12SuiteMaps[i].preferred = PR_TRUE; |
| michael@0 | 114 | turnedOn = PR_TRUE; |
| michael@0 | 115 | } |
| michael@0 | 116 | i++; |
| michael@0 | 117 | } |
| michael@0 | 118 | |
| michael@0 | 119 | if((turnedOn) && (turnedOff)) { |
| michael@0 | 120 | return SECSuccess; |
| michael@0 | 121 | } |
| michael@0 | 122 | |
| michael@0 | 123 | return SECFailure; |
| michael@0 | 124 | } |
| michael@0 | 125 |
