| /* This Source Code Form is subject to the terms of the Mozilla Public |
| * License, v. 2.0. If a copy of the MPL was not distributed with this |
| * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| |
| #include "p12plcy.h" |
| #include "secoid.h" |
| #include "secport.h" |
| #include "secpkcs5.h" |
| |
| #define PKCS12_NULL 0x0000 |
| |
| typedef struct pkcs12SuiteMapStr { |
| SECOidTag algTag; |
| unsigned int keyLengthBits; /* in bits */ |
| unsigned long suite; |
| PRBool allowed; |
| PRBool preferred; |
| } pkcs12SuiteMap; |
| |
| static pkcs12SuiteMap pkcs12SuiteMaps[] = { |
| { SEC_OID_RC4, 40, PKCS12_RC4_40, PR_FALSE, PR_FALSE }, |
| { SEC_OID_RC4, 128, PKCS12_RC4_128, PR_FALSE, PR_FALSE }, |
| { SEC_OID_RC2_CBC, 40, PKCS12_RC2_CBC_40, PR_FALSE, PR_TRUE }, |
| { SEC_OID_RC2_CBC, 128, PKCS12_RC2_CBC_128, PR_FALSE, PR_FALSE }, |
| { SEC_OID_DES_CBC, 64, PKCS12_DES_56, PR_FALSE, PR_FALSE }, |
| { SEC_OID_DES_EDE3_CBC, 192, PKCS12_DES_EDE3_168, PR_FALSE, PR_FALSE }, |
| { SEC_OID_AES_128_CBC, 128, PKCS12_AES_CBC_128, PR_FALSE, PR_FALSE }, |
| { SEC_OID_AES_192_CBC, 192, PKCS12_AES_CBC_192, PR_FALSE, PR_FALSE }, |
| { SEC_OID_AES_256_CBC, 256, PKCS12_AES_CBC_256, PR_FALSE, PR_FALSE }, |
| { SEC_OID_UNKNOWN, 0, PKCS12_NULL, PR_FALSE, PR_FALSE }, |
| { SEC_OID_UNKNOWN, 0, 0L, PR_FALSE, PR_FALSE } |
| }; |
| |
| /* determine if algid is an algorithm which is allowed */ |
| PRBool |
| SEC_PKCS12DecryptionAllowed(SECAlgorithmID *algid) |
| { |
| unsigned int keyLengthBits; |
| SECOidTag algId; |
| int i; |
| |
| algId = SEC_PKCS5GetCryptoAlgorithm(algid); |
| if (algId == SEC_OID_UNKNOWN) { |
| return PR_FALSE; |
| } |
| |
| keyLengthBits = (unsigned int)(SEC_PKCS5GetKeyLength(algid) * 8); |
| |
| i = 0; |
| while (pkcs12SuiteMaps[i].algTag != SEC_OID_UNKNOWN) { |
| if ((pkcs12SuiteMaps[i].algTag == algId) && |
| (pkcs12SuiteMaps[i].keyLengthBits == keyLengthBits)) { |
| |
| return pkcs12SuiteMaps[i].allowed; |
| } |
| i++; |
| } |
| |
| return PR_FALSE; |
| } |
| |
| /* is any encryption allowed? */ |
| PRBool |
| SEC_PKCS12IsEncryptionAllowed(void) |
| { |
| int i; |
| |
| i = 0; |
| while (pkcs12SuiteMaps[i].algTag != SEC_OID_UNKNOWN) { |
| if (pkcs12SuiteMaps[i].allowed == PR_TRUE) { |
| return PR_TRUE; |
| } |
| i++; |
| } |
| |
| return PR_FALSE; |
| } |
| |
| SECStatus |
| SEC_PKCS12EnableCipher(long which, int on) |
| { |
| int i; |
| |
| i = 0; |
| while (pkcs12SuiteMaps[i].suite != 0L) { |
| if (pkcs12SuiteMaps[i].suite == (unsigned long)which) { |
| if (on) { |
| pkcs12SuiteMaps[i].allowed = PR_TRUE; |
| } else { |
| pkcs12SuiteMaps[i].allowed = PR_FALSE; |
| } |
| return SECSuccess; |
| } |
| i++; |
| } |
| |
| return SECFailure; |
| } |
| |
| SECStatus |
| SEC_PKCS12SetPreferredCipher(long which, int on) |
| { |
| int i; |
| PRBool turnedOff = PR_FALSE; |
| PRBool turnedOn = PR_FALSE; |
| |
| i = 0; |
| while (pkcs12SuiteMaps[i].suite != 0L) { |
| if (pkcs12SuiteMaps[i].preferred == PR_TRUE) { |
| pkcs12SuiteMaps[i].preferred = PR_FALSE; |
| turnedOff = PR_TRUE; |
| } |
| if (pkcs12SuiteMaps[i].suite == (unsigned long)which) { |
| pkcs12SuiteMaps[i].preferred = PR_TRUE; |
| turnedOn = PR_TRUE; |
| } |
| i++; |
| } |
| |
| if ((turnedOn) && (turnedOff)) { |
| return SECSuccess; |
| } |
| |
| return SECFailure; |
| } |