Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

275 lines
5.7 KiB

  1. /*++
  2. Copyright (C) Microsoft Corporation, 2000
  3. Module Name:
  4. policy
  5. Abstract:
  6. This module provides common CSP Algorithm Limit policy control.
  7. Author:
  8. Doug Barlow (dbarlow) 8/11/2000
  9. Notes:
  10. ?Notes?
  11. --*/
  12. #ifndef WIN32_LEAN_AND_MEAN
  13. #define WIN32_LEAN_AND_MEAN
  14. #endif
  15. #include <windows.h>
  16. #include <wincrypt.h>
  17. #include "policy.h"
  18. /*++
  19. LocateAlgorithm:
  20. This routine searches a PROV_ENUMALGS_EX array for the specified
  21. Algorithm.
  22. Arguments:
  23. rgEnumAlgs supplies the array of PROV_ENUMALGS_EX structures to be
  24. searched. The last entry in the array must be filled with zeroes.
  25. algId supplies the algorithm Id for which to search.
  26. Return Value:
  27. The corresponding PROV_ENUMALGS_EX structure in the array, or NULL if no
  28. such algorithm entry exists.
  29. Remarks:
  30. Author:
  31. Doug Barlow (dbarlow) 8/16/2000
  32. --*/
  33. #undef __SUBROUTINE__
  34. #define __SUBROUTINE__ TEXT("LocateAlgorithm")
  35. CONST PROV_ENUMALGS_EX *
  36. LocateAlgorithm(
  37. IN CONST PROV_ENUMALGS_EX *rgEnumAlgs,
  38. IN ALG_ID algId)
  39. {
  40. CONST PROV_ENUMALGS_EX *pEnumAlg = rgEnumAlgs;
  41. //
  42. // Run through the list and try to find the given algorithm.
  43. //
  44. while (0 != pEnumAlg->aiAlgid)
  45. {
  46. if (pEnumAlg->aiAlgid == algId)
  47. return pEnumAlg;
  48. pEnumAlg += 1;
  49. }
  50. return NULL;
  51. }
  52. /*++
  53. IsLegalAlgorithm:
  54. Given an array of allowed algorithms, is the given algorithm Id in the
  55. list?
  56. Arguments:
  57. rgEnumAlgs supplies the array of PROV_ENUMALGS_EX structures identifying
  58. the policy to enforce. The last entry in the array must be filled
  59. with zeroes.
  60. algId supplies the algorithm Id to be validated.
  61. ppEnumAlg, if supplied, receives the PROV_ENUMALGS_EX structure containing
  62. the policies associated with this algorithm Id. This can be used in
  63. following routines to speed up access to policy information.
  64. Return Value:
  65. TRUE -- That algorithm is supported.
  66. FALSE -- That algorithm is not supported.
  67. Remarks:
  68. Author:
  69. Doug Barlow (dbarlow) 8/16/2000
  70. --*/
  71. #undef __SUBROUTINE__
  72. #define __SUBROUTINE__ TEXT("IsLegalAlgorithm")
  73. BOOL
  74. IsLegalAlgorithm(
  75. IN CONST PROV_ENUMALGS_EX *rgEnumAlgs,
  76. IN ALG_ID algId,
  77. OUT CONST PROV_ENUMALGS_EX **ppEnumAlg)
  78. {
  79. CONST PROV_ENUMALGS_EX *pEnumAlg = LocateAlgorithm(rgEnumAlgs, algId);
  80. if (NULL != ppEnumAlg)
  81. *ppEnumAlg = pEnumAlg;
  82. return (NULL != pEnumAlg);
  83. }
  84. /*++
  85. IsLegalLength:
  86. This routine determines if the requested key length is valid for the given
  87. algorithm, according to policy.
  88. Arguments:
  89. rgEnumAlgs supplies the array of PROV_ENUMALGS_EX structures identifying
  90. the policy to enforce. The last entry in the array must be filled
  91. with zeroes.
  92. algId supplies the algorithm Id to be validated.
  93. cBitLength supplies the length of the proposed key, in bits.
  94. pEnumAlg, if not NULL, supplies the PROV_ENUMALGS_EX structure containing
  95. the policies associated with this algorithm Id. This can be obtained
  96. from the IsLegalAlgorithm call, above. If this parameter is NULL,
  97. then the PROV_ENUMALGS_EX structure is located from the algId
  98. parameter.
  99. Return Value:
  100. TRUE -- This key length is legal for this algorithm.
  101. FALSE -- This key length is not allowed for this algorithm.
  102. Remarks:
  103. This routine only determines policy rules. It does not address whether or
  104. not the exact keylength is supported by the algorithm.
  105. Author:
  106. Doug Barlow (dbarlow) 8/16/2000
  107. --*/
  108. #undef __SUBROUTINE__
  109. #define __SUBROUTINE__ TEXT("IsLegalLength")
  110. BOOL
  111. IsLegalLength(
  112. IN CONST PROV_ENUMALGS_EX *rgEnumAlgs,
  113. IN ALG_ID algId,
  114. IN DWORD cBitLength,
  115. IN CONST PROV_ENUMALGS_EX *pEnumAlg)
  116. {
  117. //
  118. // Make sure we've got a PROV_ENUMALGS_EX structure to work with.
  119. //
  120. if (NULL == pEnumAlg)
  121. {
  122. pEnumAlg = LocateAlgorithm(rgEnumAlgs, algId);
  123. if (NULL == pEnumAlg)
  124. return FALSE;
  125. }
  126. //
  127. // Now check the length.
  128. //
  129. return ((pEnumAlg->dwMinLen <= cBitLength)
  130. && (pEnumAlg->dwMaxLen >= cBitLength));
  131. }
  132. /*++
  133. GetDefaultLength:
  134. This routine determines the default length for a given algorithm, based on
  135. policy described in an array of PROV_ENUMALGS_EX structures.
  136. Arguments:
  137. rgEnumAlgs supplies the array of PROV_ENUMALGS_EX structures identifying
  138. the policy to enforce. The last entry in the array must be filled
  139. with zeroes.
  140. algId supplies the algorithm Id to be validated.
  141. pEnumAlg, if not NULL, supplies the PROV_ENUMALGS_EX structure containing
  142. the policies associated with this algorithm Id. This can be obtained
  143. from the IsLegalAlgorithm call, above. If this parameter is NULL,
  144. then the PROV_ENUMALGS_EX structure is located from the algId
  145. parameter.
  146. pcBitLength receives the default length of the proposed key, in bits.
  147. Return Value:
  148. TRUE -- The algorithm is supported, and the value returned in pcBitLength
  149. is valid.
  150. FALSE -- The requested algorithm isn't supported.
  151. Remarks:
  152. Author:
  153. Doug Barlow (dbarlow) 8/16/2000
  154. --*/
  155. #undef __SUBROUTINE__
  156. #define __SUBROUTINE__ TEXT("GetDefaultLength")
  157. BOOL
  158. GetDefaultLength(
  159. IN CONST PROV_ENUMALGS_EX *rgEnumAlgs,
  160. IN ALG_ID algId,
  161. IN CONST PROV_ENUMALGS_EX *pEnumAlg,
  162. OUT LPDWORD pcBitLength)
  163. {
  164. //
  165. // Clear the returned bit length, just in case.
  166. //
  167. *pcBitLength = 0;
  168. //
  169. // Make sure we've got a PROV_ENUMALGS_EX structure to work with.
  170. //
  171. if (NULL == pEnumAlg)
  172. {
  173. pEnumAlg = LocateAlgorithm(rgEnumAlgs, algId);
  174. if (NULL == pEnumAlg)
  175. return FALSE;
  176. }
  177. //
  178. // Now return the default length.
  179. //
  180. *pcBitLength = pEnumAlg->dwDefaultLen;
  181. return TRUE;
  182. }