Botan::Key_Constraints Class Reference

#include <pkix_enums.h>

Public Types

enum

Bits : uint16_t {   None = 0 , DigitalSignature = 1 << 15 , NonRepudiation = 1 << 14 , KeyEncipherment = 1 << 13 ,   DataEncipherment = 1 << 12 , KeyAgreement = 1 << 11 , KeyCertSign = 1 << 10 , CrlSign = 1 << 9 ,   EncipherOnly = 1 << 8 , DecipherOnly = 1 << 7 , NO_CONSTRAINTS = None , DIGITAL_SIGNATURE = DigitalSignature ,   NON_REPUDIATION = NonRepudiation , KEY_ENCIPHERMENT = KeyEncipherment , DATA_ENCIPHERMENT = DataEncipherment , KEY_AGREEMENT = KeyAgreement ,   KEY_CERT_SIGN = KeyCertSign , CRL_SIGN = CrlSign , ENCIPHER_ONLY = EncipherOnly , DECIPHER_ONLY = DecipherOnly }

Public Member Functions
bool	compatible_with (const Public_Key &key) const
bool	empty () const
bool	includes (Key_Constraints other) const
bool	includes (Key_Constraints::Bits other) const
bool	includes_any (auto &&... bits) const
	Key_Constraints ()
	Key_Constraints (const Key_Constraints &other)=default
	Key_Constraints (Key_Constraints &&other)=default
	Key_Constraints (Key_Constraints::Bits bits)
	Key_Constraints (uint32_t bits)
Key_Constraints &	operator= (const Key_Constraints &other)=default
Key_Constraints &	operator= (Key_Constraints &&other)=default
bool	operator== (const Key_Constraints &) const =default
void	operator|= (Key_Constraints::Bits other)
std::string	to_string () const
uint32_t	value () const
	~Key_Constraints ()=default

Static Public Member Functions
static Key_Constraints	ca_constraints ()

Detailed Description

X.509v3 Key Constraints. If updating update copy in ffi.h

Definition at line 112 of file pkix_enums.h.

Member Enumeration Documentation

Bits

enum Botan::Key_Constraints::Bits : uint16_t

Enumerator
None
DigitalSignature
NonRepudiation
KeyEncipherment
DataEncipherment
KeyAgreement
KeyCertSign
CrlSign
EncipherOnly
DecipherOnly
NO_CONSTRAINTS
DIGITAL_SIGNATURE
NON_REPUDIATION
KEY_ENCIPHERMENT
DATA_ENCIPHERMENT
KEY_AGREEMENT
KEY_CERT_SIGN
CRL_SIGN
ENCIPHER_ONLY
DECIPHER_ONLY

Definition at line 114 of file pkix_enums.h.

                : uint16_t {
         None = 0,
         DigitalSignature = 1 << 15,
         NonRepudiation = 1 << 14,
         KeyEncipherment = 1 << 13,
         DataEncipherment = 1 << 12,
         KeyAgreement = 1 << 11,
         KeyCertSign = 1 << 10,
         CrlSign = 1 << 9,
         EncipherOnly = 1 << 8,
         DecipherOnly = 1 << 7,
 
         // Deprecated SHOUTING_CASE names for Key_Constraints
         // will be removed in a future major release
         NO_CONSTRAINTS BOTAN_DEPRECATED("Use None") = None,
         DIGITAL_SIGNATURE BOTAN_DEPRECATED("Use DigitalSignature") = DigitalSignature,
         NON_REPUDIATION BOTAN_DEPRECATED("Use NonRepudiation") = NonRepudiation,
         KEY_ENCIPHERMENT BOTAN_DEPRECATED("Use KeyEncipherment") = KeyEncipherment,
         DATA_ENCIPHERMENT BOTAN_DEPRECATED("Use DataEncipherment") = DataEncipherment,
         KEY_AGREEMENT BOTAN_DEPRECATED("Use KeyAgreement") = KeyAgreement,
         KEY_CERT_SIGN BOTAN_DEPRECATED("Use KeyCertSign") = KeyCertSign,
         CRL_SIGN BOTAN_DEPRECATED("Use CrlSign") = CrlSign,
         ENCIPHER_ONLY BOTAN_DEPRECATED("Use EncipherOnly") = EncipherOnly,
         DECIPHER_ONLY BOTAN_DEPRECATED("Use DecipherOnly") = DecipherOnly,
      };

Constructor & Destructor Documentation

Key_Constraints() [1/5]

Botan::Key_Constraints::Key_Constraints ( const Key_Constraints & other )

default

References Key_Constraints().

Referenced by ca_constraints(), includes(), Key_Constraints(), Key_Constraints(), operator=(), operator=(), and operator==().

Key_Constraints() [2/5]

Botan::Key_Constraints::Key_Constraints ( Key_Constraints && other )

default

References Key_Constraints().

~Key_Constraints()

Botan::Key_Constraints::~Key_Constraints ( )

default

Key_Constraints() [3/5]

Botan::Key_Constraints::Key_Constraints ( Key_Constraints::Bits bits )

inline

Definition at line 147 of file pkix_enums.h.

: m_value(bits) {}

Key_Constraints() [4/5]

Botan::Key_Constraints::Key_Constraints ( uint32_t bits )

inlineexplicit

Definition at line 149 of file pkix_enums.h.

: m_value(bits) {}

Key_Constraints() [5/5]

Botan::Key_Constraints::Key_Constraints ( )

inline

Definition at line 151 of file pkix_enums.h.

: m_value(0) {}

Member Function Documentation

ca_constraints()

Key_Constraints Botan::Key_Constraints::ca_constraints ( )

inlinestatic

Return typical constraints for a CA certificate.

The reasons for KeyCertSign and CrlSign should be obvious

CAB baseline requirements are that DigitalSignature should be set if the certificate is used to sign OCSP responses.

Definition at line 161 of file pkix_enums.h.

                                              {
         return Key_Constraints(Key_Constraints::KeyCertSign | Key_Constraints::CrlSign |
                                Key_Constraints::DigitalSignature);
      }

References CrlSign, DigitalSignature, Key_Constraints(), and KeyCertSign.

Referenced by Botan::X509_CA::choose_extensions(), Botan::X509::create_cert_req(), and Botan::X509::create_self_signed_cert().

compatible_with()

bool Botan::Key_Constraints::compatible_with

(

const Public_Key &

key

)

const

Check that key constraints are permitted for a specific public key.

Parameters

key	the public key on which the constraints shall be enforced on

Returns

false if the constraints are not permitted for this key

Definition at line 72 of file key_constraint.cpp.

                                                                     {
   uint32_t permitted = 0;
 
   if(pub_key.supports_operation(PublicKeyOperation::KeyAgreement)) {
      permitted |= Key_Constraints::KeyAgreement | Key_Constraints::EncipherOnly | Key_Constraints::DecipherOnly;
   }
 
   if(pub_key.supports_operation(PublicKeyOperation::Encryption)) {
      permitted |= Key_Constraints::KeyEncipherment | Key_Constraints::DataEncipherment;
   }
 
   if(pub_key.supports_operation(PublicKeyOperation::KeyEncapsulation)) {
      permitted |= Key_Constraints::KeyEncipherment;
   }
 
   if(pub_key.supports_operation(PublicKeyOperation::Signature)) {
      permitted |= Key_Constraints::DigitalSignature | Key_Constraints::NonRepudiation | Key_Constraints::KeyCertSign |
                   Key_Constraints::CrlSign;
   }
 
   if((m_value & permitted) != m_value) {
      return false;
   }
 
   return true;
}

References CrlSign, DataEncipherment, DecipherOnly, DigitalSignature, EncipherOnly, Botan::Encryption, KeyAgreement, Botan::KeyAgreement, KeyCertSign, Botan::KeyEncapsulation, KeyEncipherment, NonRepudiation, Botan::Signature, and Botan::Asymmetric_Key::supports_operation().

empty()

bool Botan::Key_Constraints::empty ( ) const

inline

Definition at line 178 of file pkix_enums.h.

{ return m_value == 0; }

Referenced by Botan::X509_Certificate::to_string().

includes() [1/2]

bool Botan::Key_Constraints::includes ( Key_Constraints other ) const

inline

Definition at line 173 of file pkix_enums.h.

{ return (m_value & other.m_value) == other.m_value; }

References Key_Constraints().

includes() [2/2]

bool Botan::Key_Constraints::includes ( Key_Constraints::Bits other ) const

inline

Definition at line 171 of file pkix_enums.h.

{ return (m_value & other) == other; }

Referenced by Botan::X509_Certificate::allowed_usage(), and Botan::X509_Certificate::has_constraints().

includes_any()

bool Botan::Key_Constraints::includes_any ( auto &&... bits ) const

inline

Definition at line 176 of file pkix_enums.h.

{ return (m_value & (bits | ...)) > 0; }

operator=() [1/2]

Key_Constraints & Botan::Key_Constraints::operator= ( const Key_Constraints & other )

default

References Key_Constraints().

operator=() [2/2]

Key_Constraints & Botan::Key_Constraints::operator= ( Key_Constraints && other )

default

References Key_Constraints().

operator==()

bool Botan::Key_Constraints::operator== ( const Key_Constraints & ) const

default

References Key_Constraints().

operator|=()

void Botan::Key_Constraints::operator|= ( Key_Constraints::Bits other )

inline

Definition at line 168 of file pkix_enums.h.

{ m_value |= other; }

to_string()

std::string Botan::Key_Constraints::to_string

(

)

const

Definition at line 16 of file key_constraint.cpp.

                                           {
   if(this->m_value == Key_Constraints::None) {
      return "no_constraints";
   }
 
   std::vector<std::string> str;
 
   auto usage_set = [value = m_value](const Key_Constraints::Bits usage) { return ((value & usage) == usage); };
 
   if(usage_set(Key_Constraints::DigitalSignature)) {
      str.push_back("digital_signature");
   }
 
   if(usage_set(Key_Constraints::NonRepudiation)) {
      str.push_back("non_repudiation");
   }
 
   if(usage_set(Key_Constraints::KeyEncipherment)) {
      str.push_back("key_encipherment");
   }
 
   if(usage_set(Key_Constraints::DataEncipherment)) {
      str.push_back("data_encipherment");
   }
 
   if(usage_set(Key_Constraints::KeyAgreement)) {
      str.push_back("key_agreement");
   }
 
   if(usage_set(Key_Constraints::KeyCertSign)) {
      str.push_back("key_cert_sign");
   }
 
   if(usage_set(Key_Constraints::CrlSign)) {
      str.push_back("crl_sign");
   }
 
   if(usage_set(Key_Constraints::EncipherOnly)) {
      str.push_back("encipher_only");
   }
 
   if(usage_set(Key_Constraints::DecipherOnly)) {
      str.push_back("decipher_only");
   }
 
   // Not 0 (checked at start) but nothing matched above!
   if(str.empty()) {
      return "other_unknown_constraints";
   }
 
   return string_join(str, ',');
}

References CrlSign, DataEncipherment, DecipherOnly, DigitalSignature, EncipherOnly, KeyAgreement, KeyCertSign, KeyEncipherment, None, NonRepudiation, Botan::string_join(), and value().

value()

uint32_t Botan::Key_Constraints::value ( ) const

inline

Definition at line 180 of file pkix_enums.h.

{ return m_value; }

Referenced by to_string().

---

The documentation for this class was generated from the following files:

• src/lib/x509/pkix_enums.h
• src/lib/x509/key_constraint.cpp