Botan 3.3.0
Crypto and TLS for C&
Public Types | Public Member Functions | Static Public Member Functions | List of all members
Botan::Key_Constraints Class Reference

#include <pkix_enums.h>

Public Types

enum  Bits : uint32_t {
  None = 0 , DigitalSignature = 1 << 15 , NonRepudiation = 1 << 14 , KeyEncipherment = 1 << 13 ,
  DataEncipherment = 1 << 12 , KeyAgreement = 1 << 11 , KeyCertSign = 1 << 10 , CrlSign = 1 << 9 ,
  EncipherOnly = 1 << 8 , DecipherOnly = 1 << 7 , NO_CONSTRAINTS = None , DIGITAL_SIGNATURE = DigitalSignature ,
  NON_REPUDIATION = NonRepudiation , KEY_ENCIPHERMENT = KeyEncipherment , DATA_ENCIPHERMENT = DataEncipherment , KEY_AGREEMENT = KeyAgreement ,
  KEY_CERT_SIGN = KeyCertSign , CRL_SIGN = CrlSign , ENCIPHER_ONLY = EncipherOnly , DECIPHER_ONLY = DecipherOnly
}
 

Public Member Functions

bool compatible_with (const Public_Key &key) const
 
bool empty () const
 
bool includes (Key_Constraints other) const
 
bool includes (Key_Constraints::Bits other) const
 
bool includes_any (auto &&... bits) const
 
 Key_Constraints ()
 
 Key_Constraints (const Key_Constraints &other)=default
 
 Key_Constraints (Key_Constraints &&other)=default
 
 Key_Constraints (Key_Constraints::Bits bits)
 
 Key_Constraints (uint32_t bits)
 
Key_Constraintsoperator= (const Key_Constraints &other)=default
 
Key_Constraintsoperator= (Key_Constraints &&other)=default
 
bool operator== (const Key_Constraints &) const =default
 
void operator|= (Key_Constraints::Bits other)
 
std::string to_string () const
 
uint32_t value () const
 

Static Public Member Functions

static Key_Constraints ca_constraints ()
 

Detailed Description

X.509v3 Key Constraints. If updating update copy in ffi.h

Definition at line 106 of file pkix_enums.h.

Member Enumeration Documentation

◆ Bits

Enumerator
None 
DigitalSignature 
NonRepudiation 
KeyEncipherment 
DataEncipherment 
KeyAgreement 
KeyCertSign 
CrlSign 
EncipherOnly 
DecipherOnly 
NO_CONSTRAINTS 
DIGITAL_SIGNATURE 
NON_REPUDIATION 
KEY_ENCIPHERMENT 
DATA_ENCIPHERMENT 
KEY_AGREEMENT 
KEY_CERT_SIGN 
CRL_SIGN 
ENCIPHER_ONLY 
DECIPHER_ONLY 

Definition at line 108 of file pkix_enums.h.

108 : uint32_t {
109 None = 0,
110 DigitalSignature = 1 << 15,
111 NonRepudiation = 1 << 14,
112 KeyEncipherment = 1 << 13,
113 DataEncipherment = 1 << 12,
114 KeyAgreement = 1 << 11,
115 KeyCertSign = 1 << 10,
116 CrlSign = 1 << 9,
117 EncipherOnly = 1 << 8,
118 DecipherOnly = 1 << 7,
119
120 // Deprecated SHOUTING_CASE names for Key_Constraints
121 // will be removed in a future major release
123 DIGITAL_SIGNATURE BOTAN_DEPRECATED("Use DigitalSignature") = DigitalSignature,
124 NON_REPUDIATION BOTAN_DEPRECATED("Use NonRepudiation") = NonRepudiation,
125 KEY_ENCIPHERMENT BOTAN_DEPRECATED("Use KeyEncipherment") = KeyEncipherment,
126 DATA_ENCIPHERMENT BOTAN_DEPRECATED("Use DataEncipherment") = DataEncipherment,
127 KEY_AGREEMENT BOTAN_DEPRECATED("Use KeyAgreement") = KeyAgreement,
128 KEY_CERT_SIGN BOTAN_DEPRECATED("Use KeyCertSign") = KeyCertSign,
129 CRL_SIGN BOTAN_DEPRECATED("Use CrlSign") = CrlSign,
130 ENCIPHER_ONLY BOTAN_DEPRECATED("Use EncipherOnly") = EncipherOnly,
131 DECIPHER_ONLY BOTAN_DEPRECATED("Use DecipherOnly") = DecipherOnly,
132 };
#define BOTAN_DEPRECATED(msg)
Definition compiler.h:125

Constructor & Destructor Documentation

◆ Key_Constraints() [1/5]

Botan::Key_Constraints::Key_Constraints ( const Key_Constraints & other)
default

◆ Key_Constraints() [2/5]

Botan::Key_Constraints::Key_Constraints ( Key_Constraints && other)
default

◆ Key_Constraints() [3/5]

Botan::Key_Constraints::Key_Constraints ( Key_Constraints::Bits bits)
inline

Definition at line 139 of file pkix_enums.h.

139: m_value(bits) {}

◆ Key_Constraints() [4/5]

Botan::Key_Constraints::Key_Constraints ( uint32_t bits)
inlineexplicit

Definition at line 141 of file pkix_enums.h.

141: m_value(bits) {}

◆ Key_Constraints() [5/5]

Botan::Key_Constraints::Key_Constraints ( )
inline

Definition at line 143 of file pkix_enums.h.

143: m_value(0) {}

Member Function Documentation

◆ ca_constraints()

static Key_Constraints Botan::Key_Constraints::ca_constraints ( )
inlinestatic

Return typical constraints for a CA certificate, namely KeyCertSign and CrlSign

Definition at line 149 of file pkix_enums.h.

References CrlSign, and KeyCertSign.

Referenced by Botan::X509_CA::choose_extensions(), Botan::X509::create_cert_req(), and Botan::X509::create_self_signed_cert().

◆ compatible_with()

bool Botan::Key_Constraints::compatible_with ( const Public_Key & key) const

Check that key constraints are permitted for a specific public key.

Parameters
keythe public key on which the constraints shall be enforced on
Returns
false if the constraints are not permitted for this key

Definition at line 70 of file key_constraint.cpp.

70 {
71 uint32_t permitted = 0;
72
73 if(pub_key.supports_operation(PublicKeyOperation::KeyAgreement)) {
75 }
76
77 if(pub_key.supports_operation(PublicKeyOperation::Encryption) ||
78 pub_key.supports_operation(PublicKeyOperation::KeyEncapsulation)) {
80 }
81
82 if(pub_key.supports_operation(PublicKeyOperation::Signature)) {
85 }
86
87 if((m_value & permitted) != m_value) {
88 return false;
89 }
90
91 return true;
92}

References CrlSign, DataEncipherment, DecipherOnly, DigitalSignature, EncipherOnly, Botan::Encryption, Botan::KeyAgreement, KeyAgreement, KeyCertSign, Botan::KeyEncapsulation, KeyEncipherment, NonRepudiation, Botan::Signature, and Botan::Asymmetric_Key::supports_operation().

◆ empty()

bool Botan::Key_Constraints::empty ( ) const
inline

Definition at line 165 of file pkix_enums.h.

165{ return m_value == 0; }

Referenced by Botan::X509_Certificate::to_string().

◆ includes() [1/2]

bool Botan::Key_Constraints::includes ( Key_Constraints other) const
inline

Definition at line 160 of file pkix_enums.h.

160{ return (m_value & other.m_value) == other.m_value; }

◆ includes() [2/2]

bool Botan::Key_Constraints::includes ( Key_Constraints::Bits other) const
inline

Definition at line 158 of file pkix_enums.h.

158{ return (m_value & other) == other; }

Referenced by Botan::X509_Certificate::allowed_usage(), Botan::X509_Certificate::has_constraints(), and Botan::X509_Certificate::to_string().

◆ includes_any()

bool Botan::Key_Constraints::includes_any ( auto &&... bits) const
inline

Definition at line 163 of file pkix_enums.h.

163{ return (m_value & (bits | ...)) > 0; }

◆ operator=() [1/2]

Key_Constraints & Botan::Key_Constraints::operator= ( const Key_Constraints & other)
default

◆ operator=() [2/2]

Key_Constraints & Botan::Key_Constraints::operator= ( Key_Constraints && other)
default

◆ operator==()

bool Botan::Key_Constraints::operator== ( const Key_Constraints & ) const
default

◆ operator|=()

void Botan::Key_Constraints::operator|= ( Key_Constraints::Bits other)
inline

Definition at line 155 of file pkix_enums.h.

155{ m_value |= other; }

◆ to_string()

std::string Botan::Key_Constraints::to_string ( ) const

Definition at line 16 of file key_constraint.cpp.

16 {
17 if(this->m_value == Key_Constraints::None) {
18 return "no_constraints";
19 }
20
21 std::vector<std::string> str;
22
23 if(this->m_value & Key_Constraints::DigitalSignature) {
24 str.push_back("digital_signature");
25 }
26
27 if(this->m_value & Key_Constraints::NonRepudiation) {
28 str.push_back("non_repudiation");
29 }
30
31 if(this->m_value & Key_Constraints::KeyEncipherment) {
32 str.push_back("key_encipherment");
33 }
34
35 if(this->m_value & Key_Constraints::DataEncipherment) {
36 str.push_back("data_encipherment");
37 }
38
39 if(this->m_value & Key_Constraints::KeyAgreement) {
40 str.push_back("key_agreement");
41 }
42
43 if(this->m_value & Key_Constraints::KeyCertSign) {
44 str.push_back("key_cert_sign");
45 }
46
47 if(this->m_value & Key_Constraints::CrlSign) {
48 str.push_back("crl_sign");
49 }
50
51 if(this->m_value & Key_Constraints::EncipherOnly) {
52 str.push_back("encipher_only");
53 }
54
55 if(this->m_value & Key_Constraints::DecipherOnly) {
56 str.push_back("decipher_only");
57 }
58
59 // Not 0 (checked at start) but nothing matched above!
60 if(str.empty()) {
61 return "other_unknown_constraints";
62 }
63
64 return string_join(str, ',');
65}
std::string string_join(const std::vector< std::string > &strs, char delim)
Definition parsing.cpp:140

References CrlSign, DataEncipherment, DecipherOnly, DigitalSignature, EncipherOnly, KeyAgreement, KeyCertSign, KeyEncipherment, None, NonRepudiation, and Botan::string_join().

◆ value()

uint32_t Botan::Key_Constraints::value ( ) const
inline

Definition at line 167 of file pkix_enums.h.

167{ return m_value; }

The documentation for this class was generated from the following files: