1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/lib/pkcs12/p12plcy.c Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,125 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +
1.8 +
1.9 +#include "p12plcy.h"
1.10 +#include "secoid.h"
1.11 +#include "secport.h"
1.12 +#include "secpkcs5.h"
1.13 +
1.14 +#define PKCS12_NULL 0x0000
1.15 +
1.16 +typedef struct pkcs12SuiteMapStr {
1.17 + SECOidTag algTag;
1.18 + unsigned int keyLengthBits; /* in bits */
1.19 + unsigned long suite;
1.20 + PRBool allowed;
1.21 + PRBool preferred;
1.22 +} pkcs12SuiteMap;
1.23 +
1.24 +static pkcs12SuiteMap pkcs12SuiteMaps[] = {
1.25 + { SEC_OID_RC4, 40, PKCS12_RC4_40, PR_FALSE, PR_FALSE},
1.26 + { SEC_OID_RC4, 128, PKCS12_RC4_128, PR_FALSE, PR_FALSE},
1.27 + { SEC_OID_RC2_CBC, 40, PKCS12_RC2_CBC_40, PR_FALSE, PR_TRUE},
1.28 + { SEC_OID_RC2_CBC, 128, PKCS12_RC2_CBC_128, PR_FALSE, PR_FALSE},
1.29 + { SEC_OID_DES_CBC, 64, PKCS12_DES_56, PR_FALSE, PR_FALSE},
1.30 + { SEC_OID_DES_EDE3_CBC, 192, PKCS12_DES_EDE3_168, PR_FALSE, PR_FALSE},
1.31 + { SEC_OID_UNKNOWN, 0, PKCS12_NULL, PR_FALSE, PR_FALSE},
1.32 + { SEC_OID_UNKNOWN, 0, 0L, PR_FALSE, PR_FALSE}
1.33 +};
1.34 +
1.35 +/* determine if algid is an algorithm which is allowed */
1.36 +PRBool
1.37 +SEC_PKCS12DecryptionAllowed(SECAlgorithmID *algid)
1.38 +{
1.39 + unsigned int keyLengthBits;
1.40 + SECOidTag algId;
1.41 + int i;
1.42 +
1.43 + algId = SEC_PKCS5GetCryptoAlgorithm(algid);
1.44 + if(algId == SEC_OID_UNKNOWN) {
1.45 + return PR_FALSE;
1.46 + }
1.47 +
1.48 + keyLengthBits = (unsigned int)(SEC_PKCS5GetKeyLength(algid) * 8);
1.49 +
1.50 + i = 0;
1.51 + while(pkcs12SuiteMaps[i].algTag != SEC_OID_UNKNOWN) {
1.52 + if((pkcs12SuiteMaps[i].algTag == algId) &&
1.53 + (pkcs12SuiteMaps[i].keyLengthBits == keyLengthBits)) {
1.54 +
1.55 + return pkcs12SuiteMaps[i].allowed;
1.56 + }
1.57 + i++;
1.58 + }
1.59 +
1.60 + return PR_FALSE;
1.61 +}
1.62 +
1.63 +/* is any encryption allowed? */
1.64 +PRBool
1.65 +SEC_PKCS12IsEncryptionAllowed(void)
1.66 +{
1.67 + int i;
1.68 +
1.69 + i = 0;
1.70 + while(pkcs12SuiteMaps[i].algTag != SEC_OID_UNKNOWN) {
1.71 + if(pkcs12SuiteMaps[i].allowed == PR_TRUE) {
1.72 + return PR_TRUE;
1.73 + }
1.74 + i++;
1.75 + }
1.76 +
1.77 + return PR_FALSE;
1.78 +}
1.79 +
1.80 +
1.81 +SECStatus
1.82 +SEC_PKCS12EnableCipher(long which, int on)
1.83 +{
1.84 + int i;
1.85 +
1.86 + i = 0;
1.87 + while(pkcs12SuiteMaps[i].suite != 0L) {
1.88 + if(pkcs12SuiteMaps[i].suite == (unsigned long)which) {
1.89 + if(on) {
1.90 + pkcs12SuiteMaps[i].allowed = PR_TRUE;
1.91 + } else {
1.92 + pkcs12SuiteMaps[i].allowed = PR_FALSE;
1.93 + }
1.94 + return SECSuccess;
1.95 + }
1.96 + i++;
1.97 + }
1.98 +
1.99 + return SECFailure;
1.100 +}
1.101 +
1.102 +SECStatus
1.103 +SEC_PKCS12SetPreferredCipher(long which, int on)
1.104 +{
1.105 + int i;
1.106 + PRBool turnedOff = PR_FALSE;
1.107 + PRBool turnedOn = PR_FALSE;
1.108 +
1.109 + i = 0;
1.110 + while(pkcs12SuiteMaps[i].suite != 0L) {
1.111 + if(pkcs12SuiteMaps[i].preferred == PR_TRUE) {
1.112 + pkcs12SuiteMaps[i].preferred = PR_FALSE;
1.113 + turnedOff = PR_TRUE;
1.114 + }
1.115 + if(pkcs12SuiteMaps[i].suite == (unsigned long)which) {
1.116 + pkcs12SuiteMaps[i].preferred = PR_TRUE;
1.117 + turnedOn = PR_TRUE;
1.118 + }
1.119 + i++;
1.120 + }
1.121 +
1.122 + if((turnedOn) && (turnedOff)) {
1.123 + return SECSuccess;
1.124 + }
1.125 +
1.126 + return SECFailure;
1.127 +}
1.128 +
