Botan
2.19.3
Crypto and TLS for C&
src
lib
x509
key_constraint.cpp
Go to the documentation of this file.
1
/*
2
* KeyUsage
3
* (C) 1999-2007,2016 Jack Lloyd
4
* (C) 2016 René Korthaus, Rohde & Schwarz Cybersecurity
5
*
6
* Botan is released under the Simplified BSD License (see license.txt)
7
*/
8
9
#include <botan/pkix_types.h>
10
#include <botan/pk_keys.h>
11
#include <vector>
12
13
namespace
Botan
{
14
15
std::string
key_constraints_to_string
(
Key_Constraints
constraints)
16
{
17
std::vector<std::string> str;
18
19
if
(constraints ==
NO_CONSTRAINTS
)
20
return
"no_constraints"
;
21
22
if
(constraints &
DIGITAL_SIGNATURE
)
23
str.push_back(
"digital_signature"
);
24
25
if
(constraints &
NON_REPUDIATION
)
26
str.push_back(
"non_repudiation"
);
27
28
if
(constraints &
KEY_ENCIPHERMENT
)
29
str.push_back(
"key_encipherment"
);
30
31
if
(constraints &
DATA_ENCIPHERMENT
)
32
str.push_back(
"data_encipherment"
);
33
34
if
(constraints &
KEY_AGREEMENT
)
35
str.push_back(
"key_agreement"
);
36
37
if
(constraints &
KEY_CERT_SIGN
)
38
str.push_back(
"key_cert_sign"
);
39
40
if
(constraints &
CRL_SIGN
)
41
str.push_back(
"crl_sign"
);
42
43
if
(constraints &
ENCIPHER_ONLY
)
44
str.push_back(
"encipher_only"
);
45
46
if
(constraints &
DECIPHER_ONLY
)
47
str.push_back(
"decipher_only"
);
48
49
// Not 0 (checked at start) but nothing matched above!
50
if
(str.empty())
51
return
"other_unknown_constraints"
;
52
53
if
(str.size() == 1)
54
return
str[0];
55
56
std::string out;
57
for
(
size_t
i = 0; i < str.size() - 1; ++i)
58
{
59
out += str[i];
60
out +=
','
;
61
}
62
out += str[str.size() - 1];
63
64
return
out;
65
}
66
67
/*
68
* Make sure the given key constraints are permitted for the given key type
69
*/
70
void
verify_cert_constraints_valid_for_key_type
(
const
Public_Key
& pub_key,
71
Key_Constraints
constraints)
72
{
73
const
std::string
name
= pub_key.
algo_name
();
74
75
size_t
permitted = 0;
76
77
const
bool
can_agree = (
name
==
"DH"
||
name
==
"ECDH"
);
78
const
bool
can_encrypt = (
name
==
"RSA"
||
name
==
"ElGamal"
);
79
80
const
bool
can_sign =
81
(
name
==
"RSA"
||
name
==
"DSA"
||
82
name
==
"ECDSA"
||
name
==
"ECGDSA"
||
name
==
"ECKCDSA"
||
name
==
"Ed25519"
||
83
name
==
"GOST-34.10"
||
name
==
"GOST-34.10-2012-256"
||
name
==
"GOST-34.10-2012-512"
);
84
85
if
(can_agree)
86
{
87
permitted |=
KEY_AGREEMENT
|
ENCIPHER_ONLY
|
DECIPHER_ONLY
;
88
}
89
90
if
(can_encrypt)
91
{
92
permitted |=
KEY_ENCIPHERMENT
|
DATA_ENCIPHERMENT
;
93
}
94
95
if
(can_sign)
96
{
97
permitted |=
DIGITAL_SIGNATURE
|
NON_REPUDIATION
|
KEY_CERT_SIGN
|
CRL_SIGN
;
98
}
99
100
if
(
Key_Constraints
(constraints & permitted) != constraints)
101
{
102
throw
Invalid_Argument
(
"Invalid "
+
name
+
" constraints "
+
key_constraints_to_string
(constraints));
103
}
104
}
105
106
}
Botan::Invalid_Argument
Definition
exceptn.h:137
Botan::Public_Key
Definition
pk_keys.h:29
Botan::Public_Key::algo_name
virtual std::string algo_name() const =0
name
std::string name
Definition
commoncrypto_hash.cpp:24
Botan
Definition
alg_id.cpp:13
Botan::verify_cert_constraints_valid_for_key_type
void verify_cert_constraints_valid_for_key_type(const Public_Key &pub_key, Key_Constraints constraints)
Definition
key_constraint.cpp:70
Botan::Key_Constraints
Key_Constraints
Definition
pkix_enums.h:106
Botan::DATA_ENCIPHERMENT
@ DATA_ENCIPHERMENT
Definition
pkix_enums.h:111
Botan::CRL_SIGN
@ CRL_SIGN
Definition
pkix_enums.h:114
Botan::KEY_CERT_SIGN
@ KEY_CERT_SIGN
Definition
pkix_enums.h:113
Botan::NO_CONSTRAINTS
@ NO_CONSTRAINTS
Definition
pkix_enums.h:107
Botan::ENCIPHER_ONLY
@ ENCIPHER_ONLY
Definition
pkix_enums.h:115
Botan::DIGITAL_SIGNATURE
@ DIGITAL_SIGNATURE
Definition
pkix_enums.h:108
Botan::KEY_AGREEMENT
@ KEY_AGREEMENT
Definition
pkix_enums.h:112
Botan::DECIPHER_ONLY
@ DECIPHER_ONLY
Definition
pkix_enums.h:116
Botan::KEY_ENCIPHERMENT
@ KEY_ENCIPHERMENT
Definition
pkix_enums.h:110
Botan::NON_REPUDIATION
@ NON_REPUDIATION
Definition
pkix_enums.h:109
Botan::key_constraints_to_string
std::string key_constraints_to_string(Key_Constraints constraints)
Definition
key_constraint.cpp:15
Generated by
1.9.8