The Tor Browser / file comparison
comparison: security/nss/lib/pkcs12/p12plcy.c
security/nss/lib/pkcs12/p12plcy.c
- changeset 2
- 7e26c7da4463
equal
deleted
inserted
replaced
| -1:000000000000 | 0:581dec35b46d |
|---|---|
| 1 /* This Source Code Form is subject to the terms of the Mozilla Public | |
| 2 * License, v. 2.0. If a copy of the MPL was not distributed with this | |
| 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | |
| 4 | |
| 5 | |
| 6 #include "p12plcy.h" | |
| 7 #include "secoid.h" | |
| 8 #include "secport.h" | |
| 9 #include "secpkcs5.h" | |
| 10 | |
| 11 #define PKCS12_NULL 0x0000 | |
| 12 | |
| 13 typedef struct pkcs12SuiteMapStr { | |
| 14 SECOidTag algTag; | |
| 15 unsigned int keyLengthBits; /* in bits */ | |
| 16 unsigned long suite; | |
| 17 PRBool allowed; | |
| 18 PRBool preferred; | |
| 19 } pkcs12SuiteMap; | |
| 20 | |
| 21 static pkcs12SuiteMap pkcs12SuiteMaps[] = { | |
| 22 { SEC_OID_RC4, 40, PKCS12_RC4_40, PR_FALSE, PR_FALSE}, | |
| 23 { SEC_OID_RC4, 128, PKCS12_RC4_128, PR_FALSE, PR_FALSE}, | |
| 24 { SEC_OID_RC2_CBC, 40, PKCS12_RC2_CBC_40, PR_FALSE, PR_TRUE}, | |
| 25 { SEC_OID_RC2_CBC, 128, PKCS12_RC2_CBC_128, PR_FALSE, PR_FALSE}, | |
| 26 { SEC_OID_DES_CBC, 64, PKCS12_DES_56, PR_FALSE, PR_FALSE}, | |
| 27 { SEC_OID_DES_EDE3_CBC, 192, PKCS12_DES_EDE3_168, PR_FALSE, PR_FALSE}, | |
| 28 { SEC_OID_UNKNOWN, 0, PKCS12_NULL, PR_FALSE, PR_FALSE}, | |
| 29 { SEC_OID_UNKNOWN, 0, 0L, PR_FALSE, PR_FALSE} | |
| 30 }; | |
| 31 | |
| 32 /* determine if algid is an algorithm which is allowed */ | |
| 33 PRBool | |
| 34 SEC_PKCS12DecryptionAllowed(SECAlgorithmID *algid) | |
| 35 { | |
| 36 unsigned int keyLengthBits; | |
| 37 SECOidTag algId; | |
| 38 int i; | |
| 39 | |
| 40 algId = SEC_PKCS5GetCryptoAlgorithm(algid); | |
| 41 if(algId == SEC_OID_UNKNOWN) { | |
| 42 return PR_FALSE; | |
| 43 } | |
| 44 | |
| 45 keyLengthBits = (unsigned int)(SEC_PKCS5GetKeyLength(algid) * 8); | |
| 46 | |
| 47 i = 0; | |
| 48 while(pkcs12SuiteMaps[i].algTag != SEC_OID_UNKNOWN) { | |
| 49 if((pkcs12SuiteMaps[i].algTag == algId) && | |
| 50 (pkcs12SuiteMaps[i].keyLengthBits == keyLengthBits)) { | |
| 51 | |
| 52 return pkcs12SuiteMaps[i].allowed; | |
| 53 } | |
| 54 i++; | |
| 55 } | |
| 56 | |
| 57 return PR_FALSE; | |
| 58 } | |
| 59 | |
| 60 /* is any encryption allowed? */ | |
| 61 PRBool | |
| 62 SEC_PKCS12IsEncryptionAllowed(void) | |
| 63 { | |
| 64 int i; | |
| 65 | |
| 66 i = 0; | |
| 67 while(pkcs12SuiteMaps[i].algTag != SEC_OID_UNKNOWN) { | |
| 68 if(pkcs12SuiteMaps[i].allowed == PR_TRUE) { | |
| 69 return PR_TRUE; | |
| 70 } | |
| 71 i++; | |
| 72 } | |
| 73 | |
| 74 return PR_FALSE; | |
| 75 } | |
| 76 | |
| 77 | |
| 78 SECStatus | |
| 79 SEC_PKCS12EnableCipher(long which, int on) | |
| 80 { | |
| 81 int i; | |
| 82 | |
| 83 i = 0; | |
| 84 while(pkcs12SuiteMaps[i].suite != 0L) { | |
| 85 if(pkcs12SuiteMaps[i].suite == (unsigned long)which) { | |
| 86 if(on) { | |
| 87 pkcs12SuiteMaps[i].allowed = PR_TRUE; | |
| 88 } else { | |
| 89 pkcs12SuiteMaps[i].allowed = PR_FALSE; | |
| 90 } | |
| 91 return SECSuccess; | |
| 92 } | |
| 93 i++; | |
| 94 } | |
| 95 | |
| 96 return SECFailure; | |
| 97 } | |
| 98 | |
| 99 SECStatus | |
| 100 SEC_PKCS12SetPreferredCipher(long which, int on) | |
| 101 { | |
| 102 int i; | |
| 103 PRBool turnedOff = PR_FALSE; | |
| 104 PRBool turnedOn = PR_FALSE; | |
| 105 | |
| 106 i = 0; | |
| 107 while(pkcs12SuiteMaps[i].suite != 0L) { | |
| 108 if(pkcs12SuiteMaps[i].preferred == PR_TRUE) { | |
| 109 pkcs12SuiteMaps[i].preferred = PR_FALSE; | |
| 110 turnedOff = PR_TRUE; | |
| 111 } | |
| 112 if(pkcs12SuiteMaps[i].suite == (unsigned long)which) { | |
| 113 pkcs12SuiteMaps[i].preferred = PR_TRUE; | |
| 114 turnedOn = PR_TRUE; | |
| 115 } | |
| 116 i++; | |
| 117 } | |
| 118 | |
| 119 if((turnedOn) && (turnedOff)) { | |
| 120 return SECSuccess; | |
| 121 } | |
| 122 | |
| 123 return SECFailure; | |
| 124 } | |
| 125 |
