1
/* ***** BEGIN LICENSE BLOCK *****
2
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
4
* The contents of this file are subject to the Mozilla Public License Version
5
* 1.1 (the "License"); you may not use this file except in compliance with
6
* the License. You may obtain a copy of the License at
7
* http://www.mozilla.org/MPL/
9
* Software distributed under the License is distributed on an "AS IS" basis,
10
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
11
* for the specific language governing rights and limitations under the
14
* The Original Code is the Netscape security libraries.
16
* The Initial Developer of the Original Code is
17
* Netscape Communications Corporation.
18
* Portions created by the Initial Developer are Copyright (C) 1994-2000
19
* the Initial Developer. All Rights Reserved.
23
* Alternatively, the contents of this file may be used under the terms of
24
* either the GNU General Public License Version 2 or later (the "GPL"), or
25
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
26
* in which case the provisions of the GPL or the LGPL are applicable instead
27
* of those above. If you wish to allow use of your version of this file only
28
* under the terms of either the GPL or the LGPL, and not to allow others to
29
* use your version of this file under the terms of the MPL, indicate your
30
* decision by deleting the provisions above and replace them with the notice
31
* and other provisions required by the GPL or the LGPL. If you do not delete
32
* the provisions above, a recipient may use your version of this file under
33
* the terms of any one of the MPL, the GPL or the LGPL.
35
* ***** END LICENSE BLOCK ***** */
43
** Cipher policy enforcement. This code isn't very pretty, but it accomplishes
44
** the purpose of obscuring policy information from potential fortifiers. :-)
46
** The following routines are generic and intended for anywhere where cipher
47
** policy enforcement is to be done, e.g. SSL and PKCS7&12.
50
#define SEC_CIPHER_NOT_ALLOWED 0
51
#define SEC_CIPHER_ALLOWED 1
52
#define SEC_CIPHER_RESTRICTED 2 /* cipher is allowed in limited cases
55
/* The length of the header string for each cipher table.
56
(It's the same regardless of whether we're using md5 strings or not.) */
57
#define SEC_POLICY_HEADER_LENGTH 48
59
/* If we're testing policy stuff, we may want to use the plaintext version */
60
#define SEC_POLICY_USE_MD5_STRINGS 1
62
#define SEC_POLICY_THIS_IS_THE \
63
"\x2a\x3a\x51\xbf\x2f\x71\xb7\x73\xaa\xca\x6b\x57\x70\xcd\xc8\x9f"
64
#define SEC_POLICY_STRING_FOR_THE \
65
"\x97\x15\xe2\x70\xd2\x8a\xde\xa9\xe7\xa7\x6a\xe2\x83\xe5\xb1\xf6"
66
#define SEC_POLICY_SSL_TAIL \
67
"\x70\x16\x25\xc0\x2a\xb2\x4a\xca\xb6\x67\xb1\x89\x20\xdf\x87\xca"
68
#define SEC_POLICY_SMIME_TAIL \
69
"\xdf\xd4\xe7\x2a\xeb\xc4\x1b\xb5\xd8\xe5\xe0\x2a\x16\x9f\xc4\xb9"
70
#define SEC_POLICY_PKCS12_TAIL \
71
"\x1c\xf8\xa4\x85\x4a\xc6\x8a\xfe\xe6\xca\x03\x72\x50\x1c\xe2\xc8"
73
#if defined(SEC_POLICY_USE_MD5_STRINGS)
76
Use md5 checksums of the strings. */
78
#define SEC_POLICY_SSL_HEADER \
79
SEC_POLICY_THIS_IS_THE SEC_POLICY_STRING_FOR_THE SEC_POLICY_SSL_TAIL
81
#define SEC_POLICY_SMIME_HEADER \
82
SEC_POLICY_THIS_IS_THE SEC_POLICY_STRING_FOR_THE SEC_POLICY_SMIME_TAIL
84
#define SEC_POLICY_PKCS12_HEADER \
85
SEC_POLICY_THIS_IS_THE SEC_POLICY_STRING_FOR_THE SEC_POLICY_PKCS12_TAIL
90
Use plaintext versions of the strings, for testing purposes. */
91
#define SEC_POLICY_SSL_HEADER \
92
"This is the string for the SSL policy table. "
93
#define SEC_POLICY_SMIME_HEADER \
94
"This is the string for the PKCS7 policy table. "
95
#define SEC_POLICY_PKCS12_HEADER \
96
"This is the string for the PKCS12 policy table. "
100
/* Local cipher tables have to have these members at the top. */
101
typedef struct _sec_cp_struct
103
char policy_string[SEC_POLICY_HEADER_LENGTH];
104
long unused; /* placeholder for max keybits in pkcs12 struct */
107
/* cipher policy settings follow. each is a char. */
110
struct SECCipherFindStr
112
/* (policy) and (ciphers) are opaque to the outside world */
119
typedef struct SECCipherFindStr SECCipherFind;
123
SECCipherFind *sec_CipherFindInit(PRBool onlyAllowed,
127
long sec_CipherFindNext(SECCipherFind *find);
129
char sec_IsCipherAllowed(long cipher, secCPStruct *policies,
132
void sec_CipherFindEnd(SECCipherFind *find);
136
#endif /* __SECPLCY_H__ */