The Tor Browser: security/nss/lib/util/secplcy.h@b8a032363ba2

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

     1 /* This Source Code Form is subject to the terms of the Mozilla Public

     2  * License, v. 2.0. If a copy of the MPL was not distributed with this

     3  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

     5 #ifndef __secplcy_h__

     6 #define __secplcy_h__

     8 #include "utilrename.h"

    10 #include "prtypes.h"

    12 /*

    13 ** Cipher policy enforcement. This code isn't very pretty, but it accomplishes

    14 ** the purpose of obscuring policy information from potential fortifiers. :-)

    15 **

    16 ** The following routines are generic and intended for anywhere where cipher

    17 ** policy enforcement is to be done, e.g. SSL and PKCS7&12.

    18 */

    20 #define SEC_CIPHER_NOT_ALLOWED 0

    21 #define SEC_CIPHER_ALLOWED 1

    22 #define SEC_CIPHER_RESTRICTED 2 /* cipher is allowed in limited cases

    23 				   e.g. step-up */

    25 /* The length of the header string for each cipher table.

    26    (It's the same regardless of whether we're using md5 strings or not.) */

    27 #define SEC_POLICY_HEADER_LENGTH 48

    29 /* If we're testing policy stuff, we may want to use the plaintext version */

    30 #define SEC_POLICY_USE_MD5_STRINGS 1

    32 #define SEC_POLICY_THIS_IS_THE \

    33     "\x2a\x3a\x51\xbf\x2f\x71\xb7\x73\xaa\xca\x6b\x57\x70\xcd\xc8\x9f"

    34 #define SEC_POLICY_STRING_FOR_THE \

    35     "\x97\x15\xe2\x70\xd2\x8a\xde\xa9\xe7\xa7\x6a\xe2\x83\xe5\xb1\xf6"

    36 #define SEC_POLICY_SSL_TAIL \

    37     "\x70\x16\x25\xc0\x2a\xb2\x4a\xca\xb6\x67\xb1\x89\x20\xdf\x87\xca"

    38 #define SEC_POLICY_SMIME_TAIL \

    39     "\xdf\xd4\xe7\x2a\xeb\xc4\x1b\xb5\xd8\xe5\xe0\x2a\x16\x9f\xc4\xb9"

    40 #define SEC_POLICY_PKCS12_TAIL \

    41     "\x1c\xf8\xa4\x85\x4a\xc6\x8a\xfe\xe6\xca\x03\x72\x50\x1c\xe2\xc8"

    43 #if defined(SEC_POLICY_USE_MD5_STRINGS)

    45 /* We're not testing.

    46    Use md5 checksums of the strings. */

    48 #define SEC_POLICY_SSL_HEADER \

    49     SEC_POLICY_THIS_IS_THE SEC_POLICY_STRING_FOR_THE SEC_POLICY_SSL_TAIL

    51 #define SEC_POLICY_SMIME_HEADER \

    52     SEC_POLICY_THIS_IS_THE SEC_POLICY_STRING_FOR_THE SEC_POLICY_SMIME_TAIL

    54 #define SEC_POLICY_PKCS12_HEADER \

    55     SEC_POLICY_THIS_IS_THE SEC_POLICY_STRING_FOR_THE SEC_POLICY_PKCS12_TAIL

    57 #else

    59 /* We're testing.

    60    Use plaintext versions of the strings, for testing purposes. */

    61 #define SEC_POLICY_SSL_HEADER \

    62     "This is the string for the SSL policy table.    "

    63 #define SEC_POLICY_SMIME_HEADER \

    64     "This is the string for the PKCS7 policy table.  "

    65 #define SEC_POLICY_PKCS12_HEADER \

    66     "This is the string for the PKCS12 policy table. "

    68 #endif

    70 /* Local cipher tables have to have these members at the top. */

    71 typedef struct _sec_cp_struct

    72 {

    73   char policy_string[SEC_POLICY_HEADER_LENGTH];

    74   long unused; /* placeholder for max keybits in pkcs12 struct */

    75   char num_ciphers;

    76   char begin_ciphers;

    77   /* cipher policy settings follow. each is a char. */

    78 } secCPStruct;

    80 struct SECCipherFindStr

    81 {

    82   /* (policy) and (ciphers) are opaque to the outside world */

    83   void *policy;

    84   void *ciphers;

    85   long index;

    86   PRBool onlyAllowed;

    87 };

    89 typedef struct SECCipherFindStr SECCipherFind;

    91 SEC_BEGIN_PROTOS

    93 SECCipherFind *sec_CipherFindInit(PRBool onlyAllowed,

    94 				  secCPStruct *policy,

    95 				  long *ciphers);

    97 long sec_CipherFindNext(SECCipherFind *find);

    99 char sec_IsCipherAllowed(long cipher, secCPStruct *policies,

   100 			 long *ciphers);

   102 void sec_CipherFindEnd(SECCipherFind *find);

   104 SEC_END_PROTOS

   106 #endif /* __SECPLCY_H__ */

The Tor Browser / file revision