summaryrefslogtreecommitdiffstats
path: root/security/nss/lib/pkcs12/p12plcy.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/lib/pkcs12/p12plcy.c')
-rw-r--r--security/nss/lib/pkcs12/p12plcy.c122
1 files changed, 122 insertions, 0 deletions
diff --git a/security/nss/lib/pkcs12/p12plcy.c b/security/nss/lib/pkcs12/p12plcy.c
new file mode 100644
index 000000000..fef288c3e
--- /dev/null
+++ b/security/nss/lib/pkcs12/p12plcy.c
@@ -0,0 +1,122 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "p12plcy.h"
+#include "secoid.h"
+#include "secport.h"
+#include "secpkcs5.h"
+
+#define PKCS12_NULL 0x0000
+
+typedef struct pkcs12SuiteMapStr {
+ SECOidTag algTag;
+ unsigned int keyLengthBits; /* in bits */
+ unsigned long suite;
+ PRBool allowed;
+ PRBool preferred;
+} pkcs12SuiteMap;
+
+static pkcs12SuiteMap pkcs12SuiteMaps[] = {
+ { SEC_OID_RC4, 40, PKCS12_RC4_40, PR_FALSE, PR_FALSE },
+ { SEC_OID_RC4, 128, PKCS12_RC4_128, PR_FALSE, PR_FALSE },
+ { SEC_OID_RC2_CBC, 40, PKCS12_RC2_CBC_40, PR_FALSE, PR_TRUE },
+ { SEC_OID_RC2_CBC, 128, PKCS12_RC2_CBC_128, PR_FALSE, PR_FALSE },
+ { SEC_OID_DES_CBC, 64, PKCS12_DES_56, PR_FALSE, PR_FALSE },
+ { SEC_OID_DES_EDE3_CBC, 192, PKCS12_DES_EDE3_168, PR_FALSE, PR_FALSE },
+ { SEC_OID_UNKNOWN, 0, PKCS12_NULL, PR_FALSE, PR_FALSE },
+ { SEC_OID_UNKNOWN, 0, 0L, PR_FALSE, PR_FALSE }
+};
+
+/* determine if algid is an algorithm which is allowed */
+PRBool
+SEC_PKCS12DecryptionAllowed(SECAlgorithmID *algid)
+{
+ unsigned int keyLengthBits;
+ SECOidTag algId;
+ int i;
+
+ algId = SEC_PKCS5GetCryptoAlgorithm(algid);
+ if (algId == SEC_OID_UNKNOWN) {
+ return PR_FALSE;
+ }
+
+ keyLengthBits = (unsigned int)(SEC_PKCS5GetKeyLength(algid) * 8);
+
+ i = 0;
+ while (pkcs12SuiteMaps[i].algTag != SEC_OID_UNKNOWN) {
+ if ((pkcs12SuiteMaps[i].algTag == algId) &&
+ (pkcs12SuiteMaps[i].keyLengthBits == keyLengthBits)) {
+
+ return pkcs12SuiteMaps[i].allowed;
+ }
+ i++;
+ }
+
+ return PR_FALSE;
+}
+
+/* is any encryption allowed? */
+PRBool
+SEC_PKCS12IsEncryptionAllowed(void)
+{
+ int i;
+
+ i = 0;
+ while (pkcs12SuiteMaps[i].algTag != SEC_OID_UNKNOWN) {
+ if (pkcs12SuiteMaps[i].allowed == PR_TRUE) {
+ return PR_TRUE;
+ }
+ i++;
+ }
+
+ return PR_FALSE;
+}
+
+SECStatus
+SEC_PKCS12EnableCipher(long which, int on)
+{
+ int i;
+
+ i = 0;
+ while (pkcs12SuiteMaps[i].suite != 0L) {
+ if (pkcs12SuiteMaps[i].suite == (unsigned long)which) {
+ if (on) {
+ pkcs12SuiteMaps[i].allowed = PR_TRUE;
+ } else {
+ pkcs12SuiteMaps[i].allowed = PR_FALSE;
+ }
+ return SECSuccess;
+ }
+ i++;
+ }
+
+ return SECFailure;
+}
+
+SECStatus
+SEC_PKCS12SetPreferredCipher(long which, int on)
+{
+ int i;
+ PRBool turnedOff = PR_FALSE;
+ PRBool turnedOn = PR_FALSE;
+
+ i = 0;
+ while (pkcs12SuiteMaps[i].suite != 0L) {
+ if (pkcs12SuiteMaps[i].preferred == PR_TRUE) {
+ pkcs12SuiteMaps[i].preferred = PR_FALSE;
+ turnedOff = PR_TRUE;
+ }
+ if (pkcs12SuiteMaps[i].suite == (unsigned long)which) {
+ pkcs12SuiteMaps[i].preferred = PR_TRUE;
+ turnedOn = PR_TRUE;
+ }
+ i++;
+ }
+
+ if ((turnedOn) && (turnedOff)) {
+ return SECSuccess;
+ }
+
+ return SECFailure;
+}