search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Import from 1.9a8 tarball
[mozilla-nss.git] / security / nss / lib / pkcs12 / p12plcy.c
blobae3ab0b51da8517a4bad10d156d5476e117c7ecc
1 /* ***** BEGIN LICENSE BLOCK *****
2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
3 *
4 * The contents of this file are subject to the Mozilla Public License Version
5 * 1.1 (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
7 * http://www.mozilla.org/MPL/
8 *
9 * Software distributed under the License is distributed on an "AS IS" basis,
10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
11 * for the specific language governing rights and limitations under the
12 * License.
13 *
14 * The Original Code is the Netscape security libraries.
15 *
16 * The Initial Developer of the Original Code is
17 * Netscape Communications Corporation.
18 * Portions created by the Initial Developer are Copyright (C) 1994-2000
19 * the Initial Developer. All Rights Reserved.
20 *
21 * Contributor(s):
22 *
23 * Alternatively, the contents of this file may be used under the terms of
24 * either the GNU General Public License Version 2 or later (the "GPL"), or
25 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
26 * in which case the provisions of the GPL or the LGPL are applicable instead
27 * of those above. If you wish to allow use of your version of this file only
28 * under the terms of either the GPL or the LGPL, and not to allow others to
29 * use your version of this file under the terms of the MPL, indicate your
30 * decision by deleting the provisions above and replace them with the notice
31 * and other provisions required by the GPL or the LGPL. If you do not delete
32 * the provisions above, a recipient may use your version of this file under
33 * the terms of any one of the MPL, the GPL or the LGPL.
34 *
35 * ***** END LICENSE BLOCK ***** */
36
37
38 #include "p12plcy.h"
39 #include "secoid.h"
40 #include "secport.h"
41 #include "secpkcs5.h"
42
43 #define PKCS12_NULL 0x0000
44
45 typedef struct pkcs12SuiteMapStr {
46 SECOidTag algTag;
47 unsigned int keyLengthBits; /* in bits */
48 unsigned long suite;
49 PRBool allowed;
50 PRBool preferred;
51 } pkcs12SuiteMap;
52
53 static pkcs12SuiteMap pkcs12SuiteMaps[] = {
54 { SEC_OID_RC4, 40, PKCS12_RC4_40, PR_FALSE, PR_FALSE},
55 { SEC_OID_RC4, 128, PKCS12_RC4_128, PR_FALSE, PR_FALSE},
56 { SEC_OID_RC2_CBC, 40, PKCS12_RC2_CBC_40, PR_FALSE, PR_TRUE},
57 { SEC_OID_RC2_CBC, 128, PKCS12_RC2_CBC_128, PR_FALSE, PR_FALSE},
58 { SEC_OID_DES_CBC, 64, PKCS12_DES_56, PR_FALSE, PR_FALSE},
59 { SEC_OID_DES_EDE3_CBC, 192, PKCS12_DES_EDE3_168, PR_FALSE, PR_FALSE},
60 { SEC_OID_UNKNOWN, 0, PKCS12_NULL, PR_FALSE, PR_FALSE},
61 { SEC_OID_UNKNOWN, 0, 0L, PR_FALSE, PR_FALSE}
62 };
63
64 /* determine if algid is an algorithm which is allowed */
65 PRBool
66 SEC_PKCS12DecryptionAllowed(SECAlgorithmID *algid)
67 {
68 unsigned int keyLengthBits;
69 SECOidTag algId;
70 int i;
71
72 algId = SEC_PKCS5GetCryptoAlgorithm(algid);
73 if(algId == SEC_OID_UNKNOWN) {
74 return PR_FALSE;
75 }
76
77 keyLengthBits = (unsigned int)(SEC_PKCS5GetKeyLength(algid) * 8);
78
79 i = 0;
80 while(pkcs12SuiteMaps[i].algTag != SEC_OID_UNKNOWN) {
81 if((pkcs12SuiteMaps[i].algTag == algId) &&
82 (pkcs12SuiteMaps[i].keyLengthBits == keyLengthBits)) {
83
84 return pkcs12SuiteMaps[i].allowed;
85 }
86 i++;
87 }
88
89 return PR_FALSE;
90 }
91
92 /* is any encryption allowed? */
93 PRBool
94 SEC_PKCS12IsEncryptionAllowed(void)
95 {
96 int i;
97
98 i = 0;
99 while(pkcs12SuiteMaps[i].algTag != SEC_OID_UNKNOWN) {
100 if(pkcs12SuiteMaps[i].allowed == PR_TRUE) {
101 return PR_TRUE;
102 }
103 i++;
104 }
105
106 return PR_FALSE;
107 }
108
109 /* get the preferred algorithm.
110 */
111 SECOidTag
112 SEC_PKCS12GetPreferredEncryptionAlgorithm(void)
113 {
114 int i;
115
116 i = 0;
117 while(pkcs12SuiteMaps[i].algTag != SEC_OID_UNKNOWN) {
118 if((pkcs12SuiteMaps[i].preferred == PR_TRUE) &&
119 (pkcs12SuiteMaps[i].allowed == PR_TRUE)) {
120 return SEC_PKCS5GetPBEAlgorithm(pkcs12SuiteMaps[i].algTag,
121 pkcs12SuiteMaps[i].keyLengthBits);
122 }
123 i++;
124 }
125
126 return SEC_OID_UNKNOWN;
127 }
128
129 /* return the strongest algorithm allowed */
130 SECOidTag
131 SEC_PKCS12GetStrongestAllowedAlgorithm(void)
132 {
133 int i, keyLengthBits = 0;
134 SECOidTag algorithm = SEC_OID_UNKNOWN;
135
136 i = 0;
137 while(pkcs12SuiteMaps[i].algTag != SEC_OID_UNKNOWN) {
138 if((pkcs12SuiteMaps[i].allowed == PR_TRUE) &&
139 (pkcs12SuiteMaps[i].keyLengthBits > (unsigned int)keyLengthBits) &&
140 (pkcs12SuiteMaps[i].algTag != SEC_OID_RC4)) {
141 algorithm = pkcs12SuiteMaps[i].algTag;
142 keyLengthBits = pkcs12SuiteMaps[i].keyLengthBits;
143 }
144 i++;
145 }
146
147 if(algorithm == SEC_OID_UNKNOWN) {
148 return SEC_OID_UNKNOWN;
149 }
150
151 return SEC_PKCS5GetPBEAlgorithm(algorithm, keyLengthBits);
152 }
153
154 SECStatus
155 SEC_PKCS12EnableCipher(long which, int on)
156 {
157 int i;
158
159 i = 0;
160 while(pkcs12SuiteMaps[i].suite != 0L) {
161 if(pkcs12SuiteMaps[i].suite == (unsigned long)which) {
162 if(on) {
163 pkcs12SuiteMaps[i].allowed = PR_TRUE;
164 } else {
165 pkcs12SuiteMaps[i].allowed = PR_FALSE;
166 }
167 return SECSuccess;
168 }
169 i++;
170 }
171
172 return SECFailure;
173 }
174
175 SECStatus
176 SEC_PKCS12SetPreferredCipher(long which, int on)
177 {
178 int i;
179 PRBool turnedOff = PR_FALSE;
180 PRBool turnedOn = PR_FALSE;
181
182 i = 0;
183 while(pkcs12SuiteMaps[i].suite != 0L) {
184 if(pkcs12SuiteMaps[i].preferred == PR_TRUE) {
185 pkcs12SuiteMaps[i].preferred = PR_FALSE;
186 turnedOff = PR_TRUE;
187 }
188 if(pkcs12SuiteMaps[i].suite == (unsigned long)which) {
189 pkcs12SuiteMaps[i].preferred = PR_TRUE;
190 turnedOn = PR_TRUE;
191 }
192 i++;
193 }
194
195 if((turnedOn) && (turnedOff)) {
196 return SECSuccess;
197 }
198
199 return SECFailure;
200 }
201
Mozilla NSS module