Botan  2.18.2
Crypto and TLS for C++11
key_constraint.cpp
Go to the documentation of this file.
1 /*
2 * KeyUsage
3 * (C) 1999-2007,2016 Jack Lloyd
4 * (C) 2016 RenĂ© Korthaus, Rohde & Schwarz Cybersecurity
5 *
6 * Botan is released under the Simplified BSD License (see license.txt)
7 */
8 
9 #include <botan/pkix_types.h>
10 #include <botan/pk_keys.h>
11 #include <vector>
12 
13 namespace Botan {
14 
15 std::string key_constraints_to_string(Key_Constraints constraints)
16  {
17  std::vector<std::string> str;
18 
19  if(constraints == NO_CONSTRAINTS)
20  return "no_constraints";
21 
22  if(constraints & DIGITAL_SIGNATURE)
23  str.push_back("digital_signature");
24 
25  if(constraints & NON_REPUDIATION)
26  str.push_back("non_repudiation");
27 
28  if(constraints & KEY_ENCIPHERMENT)
29  str.push_back("key_encipherment");
30 
31  if(constraints & DATA_ENCIPHERMENT)
32  str.push_back("data_encipherment");
33 
34  if(constraints & KEY_AGREEMENT)
35  str.push_back("key_agreement");
36 
37  if(constraints & KEY_CERT_SIGN)
38  str.push_back("key_cert_sign");
39 
40  if(constraints & CRL_SIGN)
41  str.push_back("crl_sign");
42 
43  if(constraints & ENCIPHER_ONLY)
44  str.push_back("encipher_only");
45 
46  if(constraints & DECIPHER_ONLY)
47  str.push_back("decipher_only");
48 
49  // Not 0 (checked at start) but nothing matched above!
50  if(str.empty())
51  return "other_unknown_constraints";
52 
53  if(str.size() == 1)
54  return str[0];
55 
56  std::string out;
57  for(size_t i = 0; i < str.size() - 1; ++i)
58  {
59  out += str[i];
60  out += ',';
61  }
62  out += str[str.size() - 1];
63 
64  return out;
65  }
66 
67 /*
68 * Make sure the given key constraints are permitted for the given key type
69 */
70 void verify_cert_constraints_valid_for_key_type(const Public_Key& pub_key,
71  Key_Constraints constraints)
72  {
73  const std::string name = pub_key.algo_name();
74 
75  size_t permitted = 0;
76 
77  const bool can_agree = (name == "DH" || name == "ECDH");
78  const bool can_encrypt = (name == "RSA" || name == "ElGamal");
79 
80  const bool can_sign =
81  (name == "RSA" || name == "DSA" ||
82  name == "ECDSA" || name == "ECGDSA" || name == "ECKCDSA" || name == "Ed25519" ||
83  name == "GOST-34.10" || name == "GOST-34.10-2012-256" || name == "GOST-34.10-2012-512");
84 
85  if(can_agree)
86  {
87  permitted |= KEY_AGREEMENT | ENCIPHER_ONLY | DECIPHER_ONLY;
88  }
89 
90  if(can_encrypt)
91  {
92  permitted |= KEY_ENCIPHERMENT | DATA_ENCIPHERMENT;
93  }
94 
95  if(can_sign)
96  {
97  permitted |= DIGITAL_SIGNATURE | NON_REPUDIATION | KEY_CERT_SIGN | CRL_SIGN;
98  }
99 
100  if(Key_Constraints(constraints & permitted) != constraints)
101  {
102  throw Invalid_Argument("Invalid " + name + " constraints " + key_constraints_to_string(constraints));
103  }
104  }
105 
106 }
Botan::Invalid_Argument
Definition: exceptn.h:136
Botan::Public_Key::algo_name
virtual std::string algo_name() const =0
name
std::string name
Definition: commoncrypto_hash.cpp:24
Botan
Definition: alg_id.cpp:13
Botan::verify_cert_constraints_valid_for_key_type
void verify_cert_constraints_valid_for_key_type(const Public_Key &pub_key, Key_Constraints constraints)
Definition: key_constraint.cpp:70
Botan::Public_Key
Definition: pk_keys.h:28
Botan::key_constraints_to_string
std::string key_constraints_to_string(Key_Constraints constraints)
Definition: key_constraint.cpp:15
Botan::Key_Constraints
Key_Constraints
Definition: pkix_enums.h:106
Generated by   doxygen 1.8.14