Botan 3.9.0
Crypto and TLS for C&
Botan::Key_Constraints Class Referencefinal

#include <pkix_enums.h>

Public Types

enum  Bits : uint16_t {
  None = 0 , DigitalSignature = 1 << 15 , NonRepudiation = 1 << 14 , KeyEncipherment = 1 << 13 ,
  DataEncipherment = 1 << 12 , KeyAgreement = 1 << 11 , KeyCertSign = 1 << 10 , CrlSign = 1 << 9 ,
  EncipherOnly = 1 << 8 , DecipherOnly = 1 << 7 , NO_CONSTRAINTS = None , DIGITAL_SIGNATURE = DigitalSignature ,
  NON_REPUDIATION = NonRepudiation , KEY_ENCIPHERMENT = KeyEncipherment , DATA_ENCIPHERMENT = DataEncipherment , KEY_AGREEMENT = KeyAgreement ,
  KEY_CERT_SIGN = KeyCertSign , CRL_SIGN = CrlSign , ENCIPHER_ONLY = EncipherOnly , DECIPHER_ONLY = DecipherOnly
}

Public Member Functions

bool compatible_with (const Public_Key &key) const
bool empty () const
bool includes (Key_Constraints other) const
bool includes (Key_Constraints::Bits other) const
bool includes_any (auto &&... bits) const
 Key_Constraints ()
 Key_Constraints (const Key_Constraints &other)=default
 Key_Constraints (Key_Constraints &&other)=default
 Key_Constraints (Key_Constraints::Bits bits)
 Key_Constraints (uint32_t bits)
Key_Constraintsoperator= (const Key_Constraints &other)=default
Key_Constraintsoperator= (Key_Constraints &&other)=default
bool operator== (const Key_Constraints &) const =default
void operator|= (Key_Constraints::Bits other)
std::string to_string () const
uint32_t value () const
 ~Key_Constraints ()=default

Static Public Member Functions

static Key_Constraints ca_constraints ()

Detailed Description

X.509v3 Key Constraints. If updating update copy in ffi.h

Definition at line 112 of file pkix_enums.h.

Member Enumeration Documentation

◆ Bits

Enumerator
None 
DigitalSignature 
NonRepudiation 
KeyEncipherment 
DataEncipherment 
KeyAgreement 
KeyCertSign 
CrlSign 
EncipherOnly 
DecipherOnly 
NO_CONSTRAINTS 
DIGITAL_SIGNATURE 
NON_REPUDIATION 
KEY_ENCIPHERMENT 
DATA_ENCIPHERMENT 
KEY_AGREEMENT 
KEY_CERT_SIGN 
CRL_SIGN 
ENCIPHER_ONLY 
DECIPHER_ONLY 

Definition at line 114 of file pkix_enums.h.

114 : uint16_t {
115 None = 0,
116 DigitalSignature = 1 << 15,
117 NonRepudiation = 1 << 14,
118 KeyEncipherment = 1 << 13,
119 DataEncipherment = 1 << 12,
120 KeyAgreement = 1 << 11,
121 KeyCertSign = 1 << 10,
122 CrlSign = 1 << 9,
123 EncipherOnly = 1 << 8,
124 DecipherOnly = 1 << 7,
125
126 // Deprecated SHOUTING_CASE names for Key_Constraints
127 // will be removed in a future major release
129 DIGITAL_SIGNATURE BOTAN_DEPRECATED("Use DigitalSignature") = DigitalSignature,
130 NON_REPUDIATION BOTAN_DEPRECATED("Use NonRepudiation") = NonRepudiation,
131 KEY_ENCIPHERMENT BOTAN_DEPRECATED("Use KeyEncipherment") = KeyEncipherment,
132 DATA_ENCIPHERMENT BOTAN_DEPRECATED("Use DataEncipherment") = DataEncipherment,
133 KEY_AGREEMENT BOTAN_DEPRECATED("Use KeyAgreement") = KeyAgreement,
134 KEY_CERT_SIGN BOTAN_DEPRECATED("Use KeyCertSign") = KeyCertSign,
135 CRL_SIGN BOTAN_DEPRECATED("Use CrlSign") = CrlSign,
136 ENCIPHER_ONLY BOTAN_DEPRECATED("Use EncipherOnly") = EncipherOnly,
137 DECIPHER_ONLY BOTAN_DEPRECATED("Use DecipherOnly") = DecipherOnly,
138 };
#define BOTAN_DEPRECATED(msg)
Definition api.h:73

Constructor & Destructor Documentation

◆ Key_Constraints() [1/5]

Botan::Key_Constraints::Key_Constraints ( const Key_Constraints & other)
default

◆ Key_Constraints() [2/5]

Botan::Key_Constraints::Key_Constraints ( Key_Constraints && other)
default

References Key_Constraints().

◆ ~Key_Constraints()

Botan::Key_Constraints::~Key_Constraints ( )
default

◆ Key_Constraints() [3/5]

Botan::Key_Constraints::Key_Constraints ( Key_Constraints::Bits bits)
inline

Definition at line 147 of file pkix_enums.h.

147: m_value(bits) {}

◆ Key_Constraints() [4/5]

Botan::Key_Constraints::Key_Constraints ( uint32_t bits)
inlineexplicit

Definition at line 149 of file pkix_enums.h.

149: m_value(bits) {}

◆ Key_Constraints() [5/5]

Botan::Key_Constraints::Key_Constraints ( )
inline

Definition at line 151 of file pkix_enums.h.

151: m_value(0) {}

Member Function Documentation

◆ ca_constraints()

Key_Constraints Botan::Key_Constraints::ca_constraints ( )
inlinestatic

Return typical constraints for a CA certificate.

The reasons for KeyCertSign and CrlSign should be obvious

CAB baseline requirements are that DigitalSignature should be set if the certificate is used to sign OCSP responses.

Definition at line 161 of file pkix_enums.h.

References CrlSign, DigitalSignature, Key_Constraints(), and KeyCertSign.

Referenced by Botan::X509_CA::choose_extensions(), Botan::X509::create_cert_req(), and Botan::X509::create_self_signed_cert().

◆ compatible_with()

bool Botan::Key_Constraints::compatible_with ( const Public_Key & key) const

Check that key constraints are permitted for a specific public key.

Parameters
keythe public key on which the constraints shall be enforced on
Returns
false if the constraints are not permitted for this key

Definition at line 72 of file key_constraint.cpp.

72 {
73 uint32_t permitted = 0;
74
75 if(pub_key.supports_operation(PublicKeyOperation::KeyAgreement)) {
77 }
78
79 if(pub_key.supports_operation(PublicKeyOperation::Encryption)) {
81 }
82
83 if(pub_key.supports_operation(PublicKeyOperation::KeyEncapsulation)) {
85 }
86
87 if(pub_key.supports_operation(PublicKeyOperation::Signature)) {
90 }
91
92 if((m_value & permitted) != m_value) {
93 return false;
94 }
95
96 return true;
97}

References CrlSign, DataEncipherment, DecipherOnly, DigitalSignature, EncipherOnly, Botan::Encryption, KeyAgreement, Botan::KeyAgreement, KeyCertSign, Botan::KeyEncapsulation, KeyEncipherment, NonRepudiation, Botan::Signature, and Botan::Asymmetric_Key::supports_operation().

◆ empty()

bool Botan::Key_Constraints::empty ( ) const
inline

Definition at line 178 of file pkix_enums.h.

178{ return m_value == 0; }

Referenced by Botan::X509_Certificate::to_string().

◆ includes() [1/2]

bool Botan::Key_Constraints::includes ( Key_Constraints other) const
inline

Definition at line 173 of file pkix_enums.h.

173{ return (m_value & other.m_value) == other.m_value; }

References Key_Constraints().

◆ includes() [2/2]

bool Botan::Key_Constraints::includes ( Key_Constraints::Bits other) const
inline

Definition at line 171 of file pkix_enums.h.

171{ return (m_value & other) == other; }

Referenced by Botan::X509_Certificate::allowed_usage(), and Botan::X509_Certificate::has_constraints().

◆ includes_any()

bool Botan::Key_Constraints::includes_any ( auto &&... bits) const
inline

Definition at line 176 of file pkix_enums.h.

176{ return (m_value & (bits | ...)) > 0; }

◆ operator=() [1/2]

Key_Constraints & Botan::Key_Constraints::operator= ( const Key_Constraints & other)
default

References Key_Constraints().

◆ operator=() [2/2]

Key_Constraints & Botan::Key_Constraints::operator= ( Key_Constraints && other)
default

References Key_Constraints().

◆ operator==()

bool Botan::Key_Constraints::operator== ( const Key_Constraints & ) const
default

References Key_Constraints().

◆ operator|=()

void Botan::Key_Constraints::operator|= ( Key_Constraints::Bits other)
inline

Definition at line 168 of file pkix_enums.h.

168{ m_value |= other; }

◆ to_string()

std::string Botan::Key_Constraints::to_string ( ) const

Definition at line 16 of file key_constraint.cpp.

16 {
17 if(this->m_value == Key_Constraints::None) {
18 return "no_constraints";
19 }
20
21 std::vector<std::string> str;
22
23 auto usage_set = [value = m_value](const Key_Constraints::Bits usage) { return ((value & usage) == usage); };
24
26 str.push_back("digital_signature");
27 }
28
29 if(usage_set(Key_Constraints::NonRepudiation)) {
30 str.push_back("non_repudiation");
31 }
32
34 str.push_back("key_encipherment");
35 }
36
38 str.push_back("data_encipherment");
39 }
40
41 if(usage_set(Key_Constraints::KeyAgreement)) {
42 str.push_back("key_agreement");
43 }
44
45 if(usage_set(Key_Constraints::KeyCertSign)) {
46 str.push_back("key_cert_sign");
47 }
48
49 if(usage_set(Key_Constraints::CrlSign)) {
50 str.push_back("crl_sign");
51 }
52
53 if(usage_set(Key_Constraints::EncipherOnly)) {
54 str.push_back("encipher_only");
55 }
56
57 if(usage_set(Key_Constraints::DecipherOnly)) {
58 str.push_back("decipher_only");
59 }
60
61 // Not 0 (checked at start) but nothing matched above!
62 if(str.empty()) {
63 return "other_unknown_constraints";
64 }
65
66 return string_join(str, ',');
67}
uint32_t value() const
Definition pkix_enums.h:180
std::string string_join(const std::vector< std::string > &strs, char delim)
Definition parsing.cpp:140

References CrlSign, DataEncipherment, DecipherOnly, DigitalSignature, EncipherOnly, KeyAgreement, KeyCertSign, KeyEncipherment, None, NonRepudiation, Botan::string_join(), and value().

◆ value()

uint32_t Botan::Key_Constraints::value ( ) const
inline

Definition at line 180 of file pkix_enums.h.

180{ return m_value; }

Referenced by to_string().


The documentation for this class was generated from the following files: