michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: michael@0: michael@0: #include "p12plcy.h" michael@0: #include "secoid.h" michael@0: #include "secport.h" michael@0: #include "secpkcs5.h" michael@0: michael@0: #define PKCS12_NULL 0x0000 michael@0: michael@0: typedef struct pkcs12SuiteMapStr { michael@0: SECOidTag algTag; michael@0: unsigned int keyLengthBits; /* in bits */ michael@0: unsigned long suite; michael@0: PRBool allowed; michael@0: PRBool preferred; michael@0: } pkcs12SuiteMap; michael@0: michael@0: static pkcs12SuiteMap pkcs12SuiteMaps[] = { michael@0: { SEC_OID_RC4, 40, PKCS12_RC4_40, PR_FALSE, PR_FALSE}, michael@0: { SEC_OID_RC4, 128, PKCS12_RC4_128, PR_FALSE, PR_FALSE}, michael@0: { SEC_OID_RC2_CBC, 40, PKCS12_RC2_CBC_40, PR_FALSE, PR_TRUE}, michael@0: { SEC_OID_RC2_CBC, 128, PKCS12_RC2_CBC_128, PR_FALSE, PR_FALSE}, michael@0: { SEC_OID_DES_CBC, 64, PKCS12_DES_56, PR_FALSE, PR_FALSE}, michael@0: { SEC_OID_DES_EDE3_CBC, 192, PKCS12_DES_EDE3_168, PR_FALSE, PR_FALSE}, michael@0: { SEC_OID_UNKNOWN, 0, PKCS12_NULL, PR_FALSE, PR_FALSE}, michael@0: { SEC_OID_UNKNOWN, 0, 0L, PR_FALSE, PR_FALSE} michael@0: }; michael@0: michael@0: /* determine if algid is an algorithm which is allowed */ michael@0: PRBool michael@0: SEC_PKCS12DecryptionAllowed(SECAlgorithmID *algid) michael@0: { michael@0: unsigned int keyLengthBits; michael@0: SECOidTag algId; michael@0: int i; michael@0: michael@0: algId = SEC_PKCS5GetCryptoAlgorithm(algid); michael@0: if(algId == SEC_OID_UNKNOWN) { michael@0: return PR_FALSE; michael@0: } michael@0: michael@0: keyLengthBits = (unsigned int)(SEC_PKCS5GetKeyLength(algid) * 8); michael@0: michael@0: i = 0; michael@0: while(pkcs12SuiteMaps[i].algTag != SEC_OID_UNKNOWN) { michael@0: if((pkcs12SuiteMaps[i].algTag == algId) && michael@0: (pkcs12SuiteMaps[i].keyLengthBits == keyLengthBits)) { michael@0: michael@0: return pkcs12SuiteMaps[i].allowed; michael@0: } michael@0: i++; michael@0: } michael@0: michael@0: return PR_FALSE; michael@0: } michael@0: michael@0: /* is any encryption allowed? */ michael@0: PRBool michael@0: SEC_PKCS12IsEncryptionAllowed(void) michael@0: { michael@0: int i; michael@0: michael@0: i = 0; michael@0: while(pkcs12SuiteMaps[i].algTag != SEC_OID_UNKNOWN) { michael@0: if(pkcs12SuiteMaps[i].allowed == PR_TRUE) { michael@0: return PR_TRUE; michael@0: } michael@0: i++; michael@0: } michael@0: michael@0: return PR_FALSE; michael@0: } michael@0: michael@0: michael@0: SECStatus michael@0: SEC_PKCS12EnableCipher(long which, int on) michael@0: { michael@0: int i; michael@0: michael@0: i = 0; michael@0: while(pkcs12SuiteMaps[i].suite != 0L) { michael@0: if(pkcs12SuiteMaps[i].suite == (unsigned long)which) { michael@0: if(on) { michael@0: pkcs12SuiteMaps[i].allowed = PR_TRUE; michael@0: } else { michael@0: pkcs12SuiteMaps[i].allowed = PR_FALSE; michael@0: } michael@0: return SECSuccess; michael@0: } michael@0: i++; michael@0: } michael@0: michael@0: return SECFailure; michael@0: } michael@0: michael@0: SECStatus michael@0: SEC_PKCS12SetPreferredCipher(long which, int on) michael@0: { michael@0: int i; michael@0: PRBool turnedOff = PR_FALSE; michael@0: PRBool turnedOn = PR_FALSE; michael@0: michael@0: i = 0; michael@0: while(pkcs12SuiteMaps[i].suite != 0L) { michael@0: if(pkcs12SuiteMaps[i].preferred == PR_TRUE) { michael@0: pkcs12SuiteMaps[i].preferred = PR_FALSE; michael@0: turnedOff = PR_TRUE; michael@0: } michael@0: if(pkcs12SuiteMaps[i].suite == (unsigned long)which) { michael@0: pkcs12SuiteMaps[i].preferred = PR_TRUE; michael@0: turnedOn = PR_TRUE; michael@0: } michael@0: i++; michael@0: } michael@0: michael@0: if((turnedOn) && (turnedOff)) { michael@0: return SECSuccess; michael@0: } michael@0: michael@0: return SECFailure; michael@0: } michael@0: