The Tor Browser: security/nss/lib/pkcs12/p12plcy.c@7e26c7da4463

     1 /* This Source Code Form is subject to the terms of the Mozilla Public

     2  * License, v. 2.0. If a copy of the MPL was not distributed with this

     3  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

     6 #include "p12plcy.h"

     7 #include "secoid.h"

     8 #include "secport.h"

     9 #include "secpkcs5.h"

    11 #define PKCS12_NULL  0x0000

    13 typedef struct pkcs12SuiteMapStr {

    14     SECOidTag		algTag;

    15     unsigned int	keyLengthBits;	/* in bits */

    16     unsigned long	suite;

    17     PRBool 		allowed;

    18     PRBool		preferred;

    19 } pkcs12SuiteMap;

    21 static pkcs12SuiteMap pkcs12SuiteMaps[] = {

    22     { SEC_OID_RC4,		40,	PKCS12_RC4_40,		PR_FALSE,	PR_FALSE},

    23     { SEC_OID_RC4,	       128,	PKCS12_RC4_128,		PR_FALSE,	PR_FALSE},

    24     { SEC_OID_RC2_CBC,		40,	PKCS12_RC2_CBC_40,	PR_FALSE,	PR_TRUE},

    25     { SEC_OID_RC2_CBC,	       128,	PKCS12_RC2_CBC_128,	PR_FALSE,	PR_FALSE},

    26     { SEC_OID_DES_CBC,		64,	PKCS12_DES_56,		PR_FALSE,	PR_FALSE},

    27     { SEC_OID_DES_EDE3_CBC,    192,	PKCS12_DES_EDE3_168,	PR_FALSE,	PR_FALSE},

    28     { SEC_OID_UNKNOWN,		 0,	PKCS12_NULL,		PR_FALSE,	PR_FALSE},

    29     { SEC_OID_UNKNOWN,		 0,	0L,			PR_FALSE,	PR_FALSE}

    30 };

    32 /* determine if algid is an algorithm which is allowed */

    33 PRBool

    34 SEC_PKCS12DecryptionAllowed(SECAlgorithmID *algid)

    35 {

    36     unsigned int keyLengthBits;

    37     SECOidTag algId;

    38     int i;

    40     algId = SEC_PKCS5GetCryptoAlgorithm(algid);

    41     if(algId == SEC_OID_UNKNOWN) {

    42 	return PR_FALSE;

    43     }

    45     keyLengthBits = (unsigned int)(SEC_PKCS5GetKeyLength(algid) * 8);

    47     i = 0;

    48     while(pkcs12SuiteMaps[i].algTag != SEC_OID_UNKNOWN) {

    49 	if((pkcs12SuiteMaps[i].algTag == algId) &&

    50 	   (pkcs12SuiteMaps[i].keyLengthBits == keyLengthBits)) {

    52 	    return pkcs12SuiteMaps[i].allowed;

    53 	}

    54 	i++;

    55     }

    57     return PR_FALSE;

    58 }

    60 /* is any encryption allowed? */

    61 PRBool

    62 SEC_PKCS12IsEncryptionAllowed(void)

    63 {

    64     int i;

    66     i = 0;

    67     while(pkcs12SuiteMaps[i].algTag != SEC_OID_UNKNOWN) {

    68 	if(pkcs12SuiteMaps[i].allowed == PR_TRUE) {

    69 	    return PR_TRUE;

    70 	}

    71 	i++;

    72     }

    74     return PR_FALSE;

    75 }

    78 SECStatus

    79 SEC_PKCS12EnableCipher(long which, int on)

    80 {

    81     int i;

    83     i = 0;

    84     while(pkcs12SuiteMaps[i].suite != 0L) {

    85 	if(pkcs12SuiteMaps[i].suite == (unsigned long)which) {

    86 	    if(on) {

    87 		pkcs12SuiteMaps[i].allowed = PR_TRUE;

    88 	    } else {

    89 		pkcs12SuiteMaps[i].allowed = PR_FALSE;

    90 	    }

    91 	    return SECSuccess;

    92 	}

    93 	i++;

    94     }

    96     return SECFailure;

    97 }

    99 SECStatus

   100 SEC_PKCS12SetPreferredCipher(long which, int on)

   101 {

   102     int i;

   103     PRBool turnedOff = PR_FALSE;

   104     PRBool turnedOn = PR_FALSE;

   106     i = 0;

   107     while(pkcs12SuiteMaps[i].suite != 0L) {

   108 	if(pkcs12SuiteMaps[i].preferred == PR_TRUE) {

   109 	    pkcs12SuiteMaps[i].preferred = PR_FALSE;

   110 	    turnedOff = PR_TRUE;

   111 	}

   112 	if(pkcs12SuiteMaps[i].suite == (unsigned long)which) {

   113 	    pkcs12SuiteMaps[i].preferred = PR_TRUE;

   114 	    turnedOn = PR_TRUE;

   115 	}

   116 	i++;

   117     }

   119     if((turnedOn) && (turnedOff)) {

   120 	return SECSuccess;

   121     }

   123     return SECFailure;

   124 }

The Tor Browser / file revision