main.c

来自「支持SSL v2/v3, TLS, PKCS #5, PKCS #7, PKCS」· C语言 代码 · 共 659 行 · 第 1/2 页

/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/*
 * The contents of this file are subject to the Mozilla Public
 * License Version 1.1 (the "License"); you may not use this file
 * except in compliance with the License. You may obtain a copy of
 * the License at http://www.mozilla.org/MPL/
 * 
 * Software distributed under the License is distributed on an "AS
 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
 * implied. See the License for the specific language governing
 * rights and limitations under the License.
 * 
 * The Original Code is the Netscape security libraries.
 * 
 * The Initial Developer of the Original Code is Netscape
 * Communications Corporation.  Portions created by Netscape are 
 * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
 * Rights Reserved.
 * 
 * Contributor(s):
 * 
 * Alternatively, the contents of this file may be used under the
 * terms of the GNU General Public License Version 2 or later (the
 * "GPL"), in which case the provisions of the GPL are applicable 
 * instead of those above.  If you wish to allow use of your 
 * version of this file only under the terms of the GPL and not to
 * allow others to use your version of this file under the MPL,
 * indicate your decision by deleting the provisions above and
 * replace them with the notice and other provisions required by
 * the GPL.  If you do not delete the provisions above, a recipient
 * may use your version of this file under either the MPL or the
 * GPL.
 */

#include "serv.h"
#include "secport.h"
#include "dataconn.h"
#include "ctrlconn.h"
#include "minihttp.h"
#include "ciferfam.h"
#include "secmime.h"
#include "messages.h"
#include "textgen.h"
#include "oldfunc.h"
#include "nss.h"
#include "p12plcy.h"
#include "nlslayer.h"
#include "softoken.h"

void SSM_InitLogging(void);

#ifdef TIMEBOMB
#include "timebomb.h"
#endif

#ifdef WIN32
#include <wtypes.h>
#include <winreg.h>
#include <winerror.h>
#endif

#ifdef XP_UNIX
#include <signal.h>
#include <unistd.h>

#ifndef SIG_ERR
#define SIG_ERR -1
#endif /*SIG_ERR*/

#endif /*XP_UNIX*/

#define POLICY_TYPE_INDEX 0

SSMCollection * connections       = NULL;
SSMHashTable  * tokenList         = NULL;
PRMonitor     * tokenLock         = NULL;
SSMHashTable  * ctrlConnections   = NULL;

SSMPolicyType   policyType        = ssmDomestic;

/*
 * The following is a quick write of enabling various ciphers.  This code is
 * essentially moved from the server core code.  Eventually we will need to
 * place this data and functionality in a more modular way.
 */
#define SSM_POLICY_END 0 /* end of table */
#define SSM_POLICY_SSL 1 /* SSL ciphersuites: not really used */
#define SSM_POLICY_PK12 2 /* PKCS #12 ciphersuites */
#define SSM_POLICY_SMIME 3 /* S/MIME ciphersuites */

typedef struct {
    PRInt32 policy;
    PRInt32 key;
    PRInt32 value;
} SSMPolicyEntry;

static SSMPolicyEntry ssmPK12PolicyTable[] =
{
    {SSM_POLICY_PK12, PKCS12_RC4_40,       (PRInt32)PR_TRUE},
    {SSM_POLICY_PK12, PKCS12_RC4_128,      (PRInt32)PR_TRUE},
    {SSM_POLICY_PK12, PKCS12_RC2_CBC_40,   (PRInt32)PR_TRUE},
    {SSM_POLICY_PK12, PKCS12_RC2_CBC_128,  (PRInt32)PR_TRUE},
    {SSM_POLICY_PK12, PKCS12_DES_56,       (PRInt32)PR_TRUE},
    {SSM_POLICY_PK12, PKCS12_DES_EDE3_168, (PRInt32)PR_TRUE},
    {SSM_POLICY_END, 0, 0}
};

static SSMPolicyEntry ssmSMIMEPolicyTable[] =
{
    {SSM_POLICY_SMIME, SMIME_RC2_CBC_40,       (PRInt32)PR_TRUE},
    {SSM_POLICY_SMIME, SMIME_RC2_CBC_64,       (PRInt32)PR_TRUE},
    {SSM_POLICY_SMIME, SMIME_RC2_CBC_128,      (PRInt32)PR_TRUE},
    {SSM_POLICY_SMIME, SMIME_DES_CBC_56,       (PRInt32)PR_TRUE},
    {SSM_POLICY_SMIME, SMIME_DES_EDE3_168,     (PRInt32)PR_TRUE},
    {SSM_POLICY_SMIME, SMIME_RC5PAD_64_16_40,  (PRInt32)PR_TRUE},
    {SSM_POLICY_SMIME, SMIME_RC5PAD_64_16_64,  (PRInt32)PR_TRUE},
    {SSM_POLICY_SMIME, SMIME_RC5PAD_64_16_128, (PRInt32)PR_TRUE},
    {SSM_POLICY_END, 0, 0}
};

static SSMStatus SSM_InstallPK12Policy(void)
{
    const SSMPolicyEntry* entry = ssmPK12PolicyTable;
    int i;

    for (i = 0; entry[i].policy != SSM_POLICY_END; i++) {
        if (SEC_PKCS12EnableCipher(entry[i].key, entry[i].value) != 
            SECSuccess) {
            return SSM_FAILURE;
        }
    }
    return SSM_SUCCESS;
}

static SSMStatus SSM_InstallSMIMEPolicy(void)
{
    const SSMPolicyEntry* entry = ssmSMIMEPolicyTable;
    int i;
    
    for (i = 0; entry[i].policy != SSM_POLICY_END; i++) {
        if (SECMIME_SetPolicy(entry[i].key, entry[i].value) != SECSuccess) {
            return SSM_FAILURE;
        }
    }
    return SSM_SUCCESS;
}

/* XXX sjlee: we don't need to do a similar thing for SSL as we can call an
 *     NSS function to do it
 */

#if 0
/*
 * This function is required by svrplcy to set the
 * utility policy.  This will tell us what kind of 
 * policy we are running.
 */
SECStatus Utility_SetPolicy(long which, int policy)
{
    policyType = ssmDomestic;
    return SECSuccess;
}
#endif

void SSM_SetPolicy(void)
{
#if 0
    SVRPLCY_InstallSSLPolicy();
    SVRPLCY_InstallPK12Policy();
    SVRPLCY_InstallSMIMEPolicy();
    SVRPLCY_InstallUtilityPolicy();
#else
	/* Always domestic policy now */
	NSS_SetDomesticPolicy();
    SSM_InstallPK12Policy();
    SSM_InstallSMIMEPolicy();
#endif
}

SSMPolicyType
SSM_GetPolicy(void)
{
    return policyType;
}

static void
enable_SMIME_cipher_prefs(void)
{
    SSMPolicyType policy;

    policy = SSM_GetPolicy();

    switch (policy)
    {
    case ssmDomestic:
        SECMIME_EnableCipher(SMIME_DES_EDE3_168, 1);
        SECMIME_EnableCipher(SMIME_RC2_CBC_128, 1);
        SECMIME_EnableCipher(SMIME_RC2_CBC_64, 1);
        SECMIME_EnableCipher(SMIME_DES_CBC_56, 1);
#if 0
        SECMIME_EnableCipher(SMIME_RC5PAD_64_16_128, 1);
        SECMIME_EnableCipher(SMIME_RC5PAD_64_16_64, 1);
        SECMIME_EnableCipher(SMIME_FORTEZZA, 1);
#endif
    case ssmExport:
        SECMIME_EnableCipher(SMIME_RC2_CBC_40, 1);
#if 0
        SECMIME_EnableCipher(SMIME_RC5PAD_64_16_40, 1);
#endif
    case ssmFrance:
    default:
        break;
    }

    /* now tell secmime that we've sent it the last preference */
    SECMIME_EnableCipher(CIPHER_FAMILYID_MASK, 0);
}

#define SHORT_PK11_STRING 33
#define LONG_PK11_STRING  65

static char*
ssm_ConverToLength(char *origString, PRUint32 newLen)
{
    char *newString;
    PRUint32 origLen;
    PRUint32 copyLen;

    newString = SSM_NEW_ARRAY(char,newLen+1);
    if (newString == NULL) {
        return origString;
    }
    origLen = PL_strlen(origString);
    copyLen = (origLen > newLen) ? newLen : origLen;
    memcpy(newString, origString, copyLen);
    memset(newString+copyLen, ' ' ,newLen - copyLen);
    newString[newLen]='\0';
    PR_Free(origString);
    return newString;
}

SECStatus
ssm_InitializePKCS11Strings(void)
{
    char *manufacturerID             = NULL;
    char *libraryDescription         = NULL;
    char *tokenDescription           = NULL;
    char *privateTokenDescription    = NULL;
    char *slotDescription            = NULL;
    char *privateSlotDescription     = NULL;
    char *fipsSlotDescription        = NULL;
    char *fipsPrivateSlotDescription = NULL; 

    SSMTextGenContext *cx;
    SSMStatus rv;

    rv = SSMTextGen_NewTopLevelContext(NULL, &cx);
    if (rv != SSM_SUCCESS) {
        goto loser;
    }
    rv = SSM_FindUTF8StringInBundles(cx, "manufacturerID", &manufacturerID);
    if (rv != SSM_SUCCESS) {
        goto loser;
    }
    if (PL_strlen(manufacturerID) != SHORT_PK11_STRING) {
        manufacturerID = ssm_ConverToLength(manufacturerID, SHORT_PK11_STRING);
    }
    rv = SSM_FindUTF8StringInBundles(cx, "libraryDescription", 
                                     &libraryDescription);
    if (rv != SSM_SUCCESS) {
        goto loser;
    }
    if (PL_strlen(libraryDescription) != SHORT_PK11_STRING) {
        libraryDescription = ssm_ConverToLength(libraryDescription, 
                                                SHORT_PK11_STRING);
    }
    rv = SSM_FindUTF8StringInBundles(cx, "tokenDescription", 
                                     &tokenDescription);
    if (rv != SSM_SUCCESS) {
        goto loser;
    }
    if (PL_strlen(tokenDescription) != SHORT_PK11_STRING) {
        tokenDescription = ssm_ConverToLength(tokenDescription, 
                                              SHORT_PK11_STRING);
    }
    rv = SSM_FindUTF8StringInBundles(cx, "privateTokenDescription",
                                     &privateTokenDescription);
    if (rv != SSM_SUCCESS) {
        goto loser;
    }
    if (PL_strlen(privateTokenDescription) != SHORT_PK11_STRING) {
        privateTokenDescription = ssm_ConverToLength(privateTokenDescription,
                                                     SHORT_PK11_STRING);
    }
    rv = SSM_FindUTF8StringInBundles(cx, "slotDescription", &slotDescription);
    if (rv != SSM_SUCCESS) {
        goto loser;
    }
    if (PL_strlen(slotDescription) != LONG_PK11_STRING) {
        slotDescription = ssm_ConverToLength(slotDescription,
                                             LONG_PK11_STRING);
    }
    rv = SSM_FindUTF8StringInBundles(cx, "privateSlotDescription",
                                     &privateSlotDescription);
    if (rv != SSM_SUCCESS) {
        goto loser;
    }
    if (PL_strlen(privateSlotDescription) != LONG_PK11_STRING) {
        privateSlotDescription = ssm_ConverToLength(privateSlotDescription,
                                                    LONG_PK11_STRING);
    }
    rv = SSM_FindUTF8StringInBundles(cx, "fipsSlotDescription",
                                     &fipsSlotDescription);
    if (rv != SSM_SUCCESS) {
        goto loser;
    }
    if (PL_strlen(fipsSlotDescription) != LONG_PK11_STRING) {
        fipsSlotDescription = ssm_ConverToLength(fipsSlotDescription,
                                                 LONG_PK11_STRING);
    }
    rv = SSM_FindUTF8StringInBundles(cx, "fipsPrivateSlotDescription",
                                     &fipsPrivateSlotDescription);
    if (rv != SSM_SUCCESS) {
        goto loser;
    }
    if (PL_strlen(fipsPrivateSlotDescription) != LONG_PK11_STRING) {
        fipsPrivateSlotDescription = 
            ssm_ConverToLength(fipsPrivateSlotDescription, LONG_PK11_STRING);
    }
    if (cx != NULL) {