Back to index

lightning-sunbird  0.9+nobinonly
secplcy.h
Go to the documentation of this file.
00001 /* ***** BEGIN LICENSE BLOCK *****
00002  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
00003  *
00004  * The contents of this file are subject to the Mozilla Public License Version
00005  * 1.1 (the "License"); you may not use this file except in compliance with
00006  * the License. You may obtain a copy of the License at
00007  * http://www.mozilla.org/MPL/
00008  *
00009  * Software distributed under the License is distributed on an "AS IS" basis,
00010  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
00011  * for the specific language governing rights and limitations under the
00012  * License.
00013  *
00014  * The Original Code is the Netscape security libraries.
00015  *
00016  * The Initial Developer of the Original Code is
00017  * Netscape Communications Corporation.
00018  * Portions created by the Initial Developer are Copyright (C) 1994-2000
00019  * the Initial Developer. All Rights Reserved.
00020  *
00021  * Contributor(s):
00022  *
00023  * Alternatively, the contents of this file may be used under the terms of
00024  * either the GNU General Public License Version 2 or later (the "GPL"), or
00025  * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
00026  * in which case the provisions of the GPL or the LGPL are applicable instead
00027  * of those above. If you wish to allow use of your version of this file only
00028  * under the terms of either the GPL or the LGPL, and not to allow others to
00029  * use your version of this file under the terms of the MPL, indicate your
00030  * decision by deleting the provisions above and replace them with the notice
00031  * and other provisions required by the GPL or the LGPL. If you do not delete
00032  * the provisions above, a recipient may use your version of this file under
00033  * the terms of any one of the MPL, the GPL or the LGPL.
00034  *
00035  * ***** END LICENSE BLOCK ***** */
00036 
00037 #ifndef __secplcy_h__
00038 #define __secplcy_h__
00039 
00040 #include "prtypes.h"
00041 
00042 /*
00043 ** Cipher policy enforcement. This code isn't very pretty, but it accomplishes
00044 ** the purpose of obscuring policy information from potential fortifiers. :-)
00045 **
00046 ** The following routines are generic and intended for anywhere where cipher
00047 ** policy enforcement is to be done, e.g. SSL and PKCS7&12.
00048 */
00049 
00050 #define SEC_CIPHER_NOT_ALLOWED 0
00051 #define SEC_CIPHER_ALLOWED 1
00052 #define SEC_CIPHER_RESTRICTED 2 /* cipher is allowed in limited cases 
00053                                e.g. step-up */
00054 
00055 /* The length of the header string for each cipher table. 
00056    (It's the same regardless of whether we're using md5 strings or not.) */
00057 #define SEC_POLICY_HEADER_LENGTH 48
00058 
00059 /* If we're testing policy stuff, we may want to use the plaintext version */
00060 #define SEC_POLICY_USE_MD5_STRINGS 1
00061 
00062 #define SEC_POLICY_THIS_IS_THE \
00063     "\x2a\x3a\x51\xbf\x2f\x71\xb7\x73\xaa\xca\x6b\x57\x70\xcd\xc8\x9f"
00064 #define SEC_POLICY_STRING_FOR_THE \
00065     "\x97\x15\xe2\x70\xd2\x8a\xde\xa9\xe7\xa7\x6a\xe2\x83\xe5\xb1\xf6"
00066 #define SEC_POLICY_SSL_TAIL \
00067     "\x70\x16\x25\xc0\x2a\xb2\x4a\xca\xb6\x67\xb1\x89\x20\xdf\x87\xca"
00068 #define SEC_POLICY_SMIME_TAIL \
00069     "\xdf\xd4\xe7\x2a\xeb\xc4\x1b\xb5\xd8\xe5\xe0\x2a\x16\x9f\xc4\xb9"
00070 #define SEC_POLICY_PKCS12_TAIL \
00071     "\x1c\xf8\xa4\x85\x4a\xc6\x8a\xfe\xe6\xca\x03\x72\x50\x1c\xe2\xc8"
00072 
00073 #if defined(SEC_POLICY_USE_MD5_STRINGS)
00074 
00075 /* We're not testing. 
00076    Use md5 checksums of the strings. */
00077 
00078 #define SEC_POLICY_SSL_HEADER \
00079     SEC_POLICY_THIS_IS_THE SEC_POLICY_STRING_FOR_THE SEC_POLICY_SSL_TAIL
00080 
00081 #define SEC_POLICY_SMIME_HEADER \
00082     SEC_POLICY_THIS_IS_THE SEC_POLICY_STRING_FOR_THE SEC_POLICY_SMIME_TAIL
00083 
00084 #define SEC_POLICY_PKCS12_HEADER \
00085     SEC_POLICY_THIS_IS_THE SEC_POLICY_STRING_FOR_THE SEC_POLICY_PKCS12_TAIL
00086 
00087 #else
00088 
00089 /* We're testing. 
00090    Use plaintext versions of the strings, for testing purposes. */
00091 #define SEC_POLICY_SSL_HEADER \
00092     "This is the string for the SSL policy table.    "
00093 #define SEC_POLICY_SMIME_HEADER \
00094     "This is the string for the PKCS7 policy table.  "
00095 #define SEC_POLICY_PKCS12_HEADER \
00096     "This is the string for the PKCS12 policy table. "
00097 
00098 #endif
00099 
00100 /* Local cipher tables have to have these members at the top. */
00101 typedef struct _sec_cp_struct
00102 {
00103   char policy_string[SEC_POLICY_HEADER_LENGTH];
00104   long unused; /* placeholder for max keybits in pkcs12 struct */
00105   char num_ciphers;
00106   char begin_ciphers;
00107   /* cipher policy settings follow. each is a char. */
00108 } secCPStruct;
00109 
00110 struct SECCipherFindStr
00111 {
00112   /* (policy) and (ciphers) are opaque to the outside world */
00113   void *policy;
00114   void *ciphers;
00115   long index;
00116   PRBool onlyAllowed;
00117 };
00118 
00119 typedef struct SECCipherFindStr SECCipherFind;
00120 
00121 SEC_BEGIN_PROTOS
00122 
00123 SECCipherFind *sec_CipherFindInit(PRBool onlyAllowed,
00124                               secCPStruct *policy,
00125                               long *ciphers);
00126 
00127 long sec_CipherFindNext(SECCipherFind *find);
00128 
00129 char sec_IsCipherAllowed(long cipher, secCPStruct *policies,
00130                       long *ciphers);
00131 
00132 void sec_CipherFindEnd(SECCipherFind *find);
00133 
00134 SEC_END_PROTOS
00135 
00136 #endif /* __SECPLCY_H__ */