monotone

monotone Mtn Source Tree

Root/botan/policy.cpp

1/*************************************************
2* Default Policy Source File *
3* (C) 1999-2005 The Botan Project *
4*************************************************/
5
6#include <botan/look_add.h>
7#include <botan/conf.h>
8#include <botan/init.h>
9#include <botan/oids.h>
10
11namespace Botan {
12
13namespace {
14
15/*************************************************
16* OID loading helper function *
17*************************************************/
18void add_oid(const std::string& oid_str, const std::string& name)
19 {
20 OIDS::add_oid(OID(oid_str), name);
21 }
22
23}
24
25/*************************************************
26* Load all of the default OIDs *
27*************************************************/
28void add_default_oids()
29 {
30 add_oid("1.2.840.113549.1.1.1", "RSA");
31 add_oid("2.5.8.1.1", "RSA");
32 add_oid("1.2.840.10040.4.1", "DSA");
33 add_oid("1.2.840.10046.2.1", "DH");
34 add_oid("1.3.6.1.4.1.3029.1.2.1", "ELG");
35
36 add_oid("1.3.14.3.2.7", "DES/CBC");
37 add_oid("1.2.840.113549.3.7", "TripleDES/CBC");
38 add_oid("1.2.840.113549.3.2", "RC2/CBC");
39 add_oid("1.2.840.113533.7.66.10", "CAST-128/CBC");
40 add_oid("2.16.840.1.101.3.4.1.2", "AES-128/CBC");
41 add_oid("2.16.840.1.101.3.4.1.22", "AES-192/CBC");
42 add_oid("2.16.840.1.101.3.4.1.42", "AES-256/CBC");
43
44 add_oid("1.2.840.113549.2.5", "MD5");
45 add_oid("1.3.14.3.2.26", "SHA-160");
46 add_oid("1.3.6.1.4.1.11591.12.2", "Tiger(24,3)");
47
48 add_oid("1.2.840.113549.1.9.16.3.6", "KeyWrap.TripleDES");
49 add_oid("1.2.840.113549.1.9.16.3.7", "KeyWrap.RC2");
50 add_oid("1.2.840.113533.7.66.15", "KeyWrap.CAST-128");
51 add_oid("2.16.840.1.101.3.4.1.5", "KeyWrap.AES-128");
52 add_oid("2.16.840.1.101.3.4.1.25", "KeyWrap.AES-192");
53 add_oid("2.16.840.1.101.3.4.1.45", "KeyWrap.AES-256");
54
55 add_oid("1.2.840.113549.1.9.16.3.8", "Compression.Zlib");
56
57 add_oid("1.2.840.113549.1.1.1", "RSA/EME-PKCS1-v1_5");
58 add_oid("1.2.840.113549.1.1.2", "RSA/EMSA3(MD2)");
59 add_oid("1.2.840.113549.1.1.4", "RSA/EMSA3(MD5)");
60 add_oid("1.2.840.113549.1.1.5", "RSA/EMSA3(SHA-160)");
61 add_oid("1.2.840.113549.1.1.11", "RSA/EMSA3(SHA-256)");
62 add_oid("1.2.840.113549.1.1.12", "RSA/EMSA3(SHA-384)");
63 add_oid("1.2.840.113549.1.1.13", "RSA/EMSA3(SHA-512)");
64 add_oid("1.3.36.3.3.1.2", "RSA/EMSA3(RIPEMD-160)");
65 add_oid("1.2.840.10040.4.3", "DSA/EMSA1(SHA-160)");
66
67 add_oid("2.5.4.3", "X520.CommonName");
68 add_oid("2.5.4.4", "X520.Surname");
69 add_oid("2.5.4.5", "X520.SerialNumber");
70 add_oid("2.5.4.6", "X520.Country");
71 add_oid("2.5.4.7", "X520.Locality");
72 add_oid("2.5.4.8", "X520.State");
73 add_oid("2.5.4.10", "X520.Organization");
74 add_oid("2.5.4.11", "X520.OrganizationalUnit");
75 add_oid("2.5.4.12", "X520.Title");
76 add_oid("2.5.4.42", "X520.GivenName");
77 add_oid("2.5.4.43", "X520.Initials");
78 add_oid("2.5.4.44", "X520.GenerationalQualifier");
79 add_oid("2.5.4.46", "X520.DNQualifier");
80 add_oid("2.5.4.65", "X520.Pseudonym");
81
82 add_oid("1.2.840.113549.1.5.12", "PKCS5.PBKDF2");
83 add_oid("1.2.840.113549.1.5.1", "PBE-PKCS5v15(MD2,DES/CBC)");
84 add_oid("1.2.840.113549.1.5.4", "PBE-PKCS5v15(MD2,RC2/CBC)");
85 add_oid("1.2.840.113549.1.5.3", "PBE-PKCS5v15(MD5,DES/CBC)");
86 add_oid("1.2.840.113549.1.5.6", "PBE-PKCS5v15(MD5,RC2/CBC)");
87 add_oid("1.2.840.113549.1.5.10", "PBE-PKCS5v15(SHA-160,DES/CBC)");
88 add_oid("1.2.840.113549.1.5.11", "PBE-PKCS5v15(SHA-160,RC2/CBC)");
89 add_oid("1.2.840.113549.1.5.13", "PBE-PKCS5v20");
90
91 add_oid("1.2.840.113549.1.9.1", "PKCS9.EmailAddress");
92 add_oid("1.2.840.113549.1.9.2", "PKCS9.UnstructuredName");
93 add_oid("1.2.840.113549.1.9.3", "PKCS9.ContentType");
94 add_oid("1.2.840.113549.1.9.4", "PKCS9.MessageDigest");
95 add_oid("1.2.840.113549.1.9.7", "PKCS9.ChallengePassword");
96 add_oid("1.2.840.113549.1.9.14", "PKCS9.ExtensionRequest");
97
98 add_oid("1.2.840.113549.1.7.1", "CMS.DataContent");
99 add_oid("1.2.840.113549.1.7.2", "CMS.SignedData");
100 add_oid("1.2.840.113549.1.7.3", "CMS.EnvelopedData");
101 add_oid("1.2.840.113549.1.7.5", "CMS.DigestedData");
102 add_oid("1.2.840.113549.1.7.6", "CMS.EncryptedData");
103 add_oid("1.2.840.113549.1.9.16.1.2", "CMS.AuthenticatedData");
104 add_oid("1.2.840.113549.1.9.16.1.9", "CMS.CompressedData");
105
106 add_oid("2.5.29.14", "X509v3.SubjectKeyIdentifier");
107 add_oid("2.5.29.15", "X509v3.KeyUsage");
108 add_oid("2.5.29.17", "X509v3.SubjectAlternativeName");
109 add_oid("2.5.29.18", "X509v3.IssuerAlternativeName");
110 add_oid("2.5.29.19", "X509v3.BasicConstraints");
111 add_oid("2.5.29.20", "X509v3.CRLNumber");
112 add_oid("2.5.29.21", "X509v3.ReasonCode");
113 add_oid("2.5.29.23", "X509v3.HoldInstructionCode");
114 add_oid("2.5.29.24", "X509v3.InvalidityDate");
115 add_oid("2.5.29.32", "X509v3.CertificatePolicies");
116 add_oid("2.5.29.35", "X509v3.AuthorityKeyIdentifier");
117 add_oid("2.5.29.36", "X509v3.PolicyConstraints");
118 add_oid("2.5.29.37", "X509v3.ExtendedKeyUsage");
119
120 add_oid("2.5.29.32.0", "X509v3.AnyPolicy");
121
122 add_oid("1.3.6.1.5.5.7.3.1", "PKIX.ServerAuth");
123 add_oid("1.3.6.1.5.5.7.3.2", "PKIX.ClientAuth");
124 add_oid("1.3.6.1.5.5.7.3.3", "PKIX.CodeSigning");
125 add_oid("1.3.6.1.5.5.7.3.4", "PKIX.EmailProtection");
126 add_oid("1.3.6.1.5.5.7.3.5", "PKIX.IPsecEndSystem");
127 add_oid("1.3.6.1.5.5.7.3.6", "PKIX.IPsecTunnel");
128 add_oid("1.3.6.1.5.5.7.3.7", "PKIX.IPsecUser");
129 add_oid("1.3.6.1.5.5.7.3.8", "PKIX.TimeStamping");
130 add_oid("1.3.6.1.5.5.7.3.9", "PKIX.OCSPSigning");
131
132 add_oid("1.3.6.1.5.5.7.8.5", "PKIX.XMPPAddr");
133 }
134
135/*************************************************
136* Load the list of default aliases *
137*************************************************/
138void add_default_aliases()
139 {
140 add_alias("OpenPGP.Cipher.1", "IDEA");
141 add_alias("OpenPGP.Cipher.2", "TripleDES");
142 add_alias("OpenPGP.Cipher.3", "CAST-128");
143 add_alias("OpenPGP.Cipher.4", "Blowfish");
144 add_alias("OpenPGP.Cipher.5", "SAFER-SK(13)");
145 add_alias("OpenPGP.Cipher.7", "AES-128");
146 add_alias("OpenPGP.Cipher.8", "AES-192");
147 add_alias("OpenPGP.Cipher.9", "AES-256");
148 add_alias("OpenPGP.Cipher.10", "Twofish");
149
150 add_alias("OpenPGP.Digest.1", "MD5");
151 add_alias("OpenPGP.Digest.2", "SHA-1");
152 add_alias("OpenPGP.Digest.3", "RIPEMD-160");
153 add_alias("OpenPGP.Digest.5", "MD2");
154 add_alias("OpenPGP.Digest.6", "Tiger(24,3)");
155 add_alias("OpenPGP.Digest.7", "HAVAL(20,5)");
156 add_alias("OpenPGP.Digest.8", "SHA-256");
157
158 add_alias("TLS.Digest.0", "Parallel(MD5,SHA-160)");
159
160 add_alias("EME-PKCS1-v1_5", "PKCS1v15");
161 add_alias("OAEP-MGF1", "EME1");
162 add_alias("EME-OAEP", "EME1");
163 add_alias("X9.31", "EMSA2");
164 add_alias("EMSA-PKCS1-v1_5", "EMSA3");
165 add_alias("PSS-MGF1", "EMSA4");
166 add_alias("EMSA-PSS", "EMSA4");
167
168 add_alias("Rijndael", "AES");
169 add_alias("3DES", "TripleDES");
170 add_alias("DES-EDE", "TripleDES");
171 add_alias("CAST5", "CAST-128");
172 add_alias("SHA1", "SHA-160");
173 add_alias("SHA-1", "SHA-160");
174 add_alias("SEAL", "SEAL-3.0-BE");
175 add_alias("MARK-4", "ARC4(256)");
176 add_alias("OMAC", "CMAC");
177 }
178
179namespace Init {
180
181/*************************************************
182* Set the default options *
183*************************************************/
184void set_default_options()
185 {
186 Config::set("base/memory_chunk", "32*1024");
187 Config::set("base/default_pbe", "PBE-PKCS5v20(SHA-1,TripleDES/CBC)");
188 Config::set("base/pkcs8_tries", "3");
189
190 Config::set("pk/blinder_size", "64");
191 Config::set("pk/test/public", "basic");
192 Config::set("pk/test/private", "basic");
193 Config::set("pk/test/private_gen", "all");
194
195 Config::set("pem/search", "4*1024");
196 Config::set("pem/forgive", "8");
197 Config::set("pem/width", "64");
198
199 Config::set("rng/min_entropy", "384", false);
200 Config::set("rng/es_files", "/dev/urandom:/dev/random");
201 Config::set("rng/egd_path", "/var/run/egd-pool:/dev/egd-pool");
202 Config::set("rng/ms_capi_prov_type", "INTEL_SEC:RSA_FULL");
203 Config::set("rng/unix_path", "/usr/ucb:/usr/etc:/etc");
204
205 Config::set("x509/validity_slack", "24h");
206 Config::set("x509/v1_assume_ca", "false");
207 Config::set("x509/cache_verify_results", "30m");
208
209 Config::set("x509/ca/allow_ca", "false");
210 Config::set("x509/ca/basic_constraints", "always");
211 Config::set("x509/ca/default_expire", "1y");
212 Config::set("x509/ca/signing_offset", "30s");
213 Config::set("x509/ca/rsa_hash", "SHA-1");
214 Config::set("x509/ca/str_type", "latin1");
215
216 Config::set("x509/crl/unknown_critical", "ignore");
217 Config::set("x509/crl/next_update", "7d");
218
219 Config::set("x509/exts/basic_constraints", "critical");
220 Config::set("x509/exts/subject_key_id", "yes");
221 Config::set("x509/exts/authority_key_id", "yes");
222 Config::set("x509/exts/subject_alternative_name", "yes");
223 Config::set("x509/exts/issuer_alternative_name", "yes");
224 Config::set("x509/exts/key_usage", "critical");
225 Config::set("x509/exts/extended_key_usage", "yes");
226 Config::set("x509/exts/crl_number", "yes");
227 }
228
229}
230
231}

Archive Download this file

Branches

Tags

Quick Links:     www.monotone.ca    -     Downloads    -     Documentation    -     Wiki    -     Code Forge    -     Build Status