The Tor Browser / file comparison

comparison: security/nss/lib/util/secplcy.h

security/nss/lib/util/secplcy.h

changeset 0
6474c204b198
equal deleted inserted replaced
-1:000000000000 0:035527c352d4
1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4
5 #ifndef __secplcy_h__
6 #define __secplcy_h__
7
8 #include "utilrename.h"
9
10 #include "prtypes.h"
11
12 /*
13 ** Cipher policy enforcement. This code isn't very pretty, but it accomplishes
14 ** the purpose of obscuring policy information from potential fortifiers. :-)
15 **
16 ** The following routines are generic and intended for anywhere where cipher
17 ** policy enforcement is to be done, e.g. SSL and PKCS7&12.
18 */
19
20 #define SEC_CIPHER_NOT_ALLOWED 0
21 #define SEC_CIPHER_ALLOWED 1
22 #define SEC_CIPHER_RESTRICTED 2 /* cipher is allowed in limited cases
23 e.g. step-up */
24
25 /* The length of the header string for each cipher table.
26 (It's the same regardless of whether we're using md5 strings or not.) */
27 #define SEC_POLICY_HEADER_LENGTH 48
28
29 /* If we're testing policy stuff, we may want to use the plaintext version */
30 #define SEC_POLICY_USE_MD5_STRINGS 1
31
32 #define SEC_POLICY_THIS_IS_THE \
33 "\x2a\x3a\x51\xbf\x2f\x71\xb7\x73\xaa\xca\x6b\x57\x70\xcd\xc8\x9f"
34 #define SEC_POLICY_STRING_FOR_THE \
35 "\x97\x15\xe2\x70\xd2\x8a\xde\xa9\xe7\xa7\x6a\xe2\x83\xe5\xb1\xf6"
36 #define SEC_POLICY_SSL_TAIL \
37 "\x70\x16\x25\xc0\x2a\xb2\x4a\xca\xb6\x67\xb1\x89\x20\xdf\x87\xca"
38 #define SEC_POLICY_SMIME_TAIL \
39 "\xdf\xd4\xe7\x2a\xeb\xc4\x1b\xb5\xd8\xe5\xe0\x2a\x16\x9f\xc4\xb9"
40 #define SEC_POLICY_PKCS12_TAIL \
41 "\x1c\xf8\xa4\x85\x4a\xc6\x8a\xfe\xe6\xca\x03\x72\x50\x1c\xe2\xc8"
42
43 #if defined(SEC_POLICY_USE_MD5_STRINGS)
44
45 /* We're not testing.
46 Use md5 checksums of the strings. */
47
48 #define SEC_POLICY_SSL_HEADER \
49 SEC_POLICY_THIS_IS_THE SEC_POLICY_STRING_FOR_THE SEC_POLICY_SSL_TAIL
50
51 #define SEC_POLICY_SMIME_HEADER \
52 SEC_POLICY_THIS_IS_THE SEC_POLICY_STRING_FOR_THE SEC_POLICY_SMIME_TAIL
53
54 #define SEC_POLICY_PKCS12_HEADER \
55 SEC_POLICY_THIS_IS_THE SEC_POLICY_STRING_FOR_THE SEC_POLICY_PKCS12_TAIL
56
57 #else
58
59 /* We're testing.
60 Use plaintext versions of the strings, for testing purposes. */
61 #define SEC_POLICY_SSL_HEADER \
62 "This is the string for the SSL policy table. "
63 #define SEC_POLICY_SMIME_HEADER \
64 "This is the string for the PKCS7 policy table. "
65 #define SEC_POLICY_PKCS12_HEADER \
66 "This is the string for the PKCS12 policy table. "
67
68 #endif
69
70 /* Local cipher tables have to have these members at the top. */
71 typedef struct _sec_cp_struct
72 {
73 char policy_string[SEC_POLICY_HEADER_LENGTH];
74 long unused; /* placeholder for max keybits in pkcs12 struct */
75 char num_ciphers;
76 char begin_ciphers;
77 /* cipher policy settings follow. each is a char. */
78 } secCPStruct;
79
80 struct SECCipherFindStr
81 {
82 /* (policy) and (ciphers) are opaque to the outside world */
83 void *policy;
84 void *ciphers;
85 long index;
86 PRBool onlyAllowed;
87 };
88
89 typedef struct SECCipherFindStr SECCipherFind;
90
91 SEC_BEGIN_PROTOS
92
93 SECCipherFind *sec_CipherFindInit(PRBool onlyAllowed,
94 secCPStruct *policy,
95 long *ciphers);
96
97 long sec_CipherFindNext(SECCipherFind *find);
98
99 char sec_IsCipherAllowed(long cipher, secCPStruct *policies,
100 long *ciphers);
101
102 void sec_CipherFindEnd(SECCipherFind *find);
103
104 SEC_END_PROTOS
105
106 #endif /* __SECPLCY_H__ */

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial