Botan 3.1.1
Crypto and TLS for C&
key_constraint.cpp
Go to the documentation of this file.
1/*
2* (C) 1999-2007,2016 Jack Lloyd
3* (C) 2016 René Korthaus, Rohde & Schwarz Cybersecurity
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#include <botan/pkix_enums.h>
9
10#include <botan/pk_keys.h>
11#include <botan/internal/parsing.h>
12#include <vector>
13
14namespace Botan {
15
16std::string Key_Constraints::to_string() const {
17 if(this->m_value == Key_Constraints::None) {
18 return "no_constraints";
19 }
20
21 std::vector<std::string> str;
22
23 if(this->m_value & Key_Constraints::DigitalSignature) {
24 str.push_back("digital_signature");
25 }
26
27 if(this->m_value & Key_Constraints::NonRepudiation) {
28 str.push_back("non_repudiation");
29 }
30
31 if(this->m_value & Key_Constraints::KeyEncipherment) {
32 str.push_back("key_encipherment");
33 }
34
35 if(this->m_value & Key_Constraints::DataEncipherment) {
36 str.push_back("data_encipherment");
37 }
38
39 if(this->m_value & Key_Constraints::KeyAgreement) {
40 str.push_back("key_agreement");
41 }
42
43 if(this->m_value & Key_Constraints::KeyCertSign) {
44 str.push_back("key_cert_sign");
45 }
46
47 if(this->m_value & Key_Constraints::CrlSign) {
48 str.push_back("crl_sign");
49 }
50
51 if(this->m_value & Key_Constraints::EncipherOnly) {
52 str.push_back("encipher_only");
53 }
54
55 if(this->m_value & Key_Constraints::DecipherOnly) {
56 str.push_back("decipher_only");
57 }
58
59 // Not 0 (checked at start) but nothing matched above!
60 if(str.empty()) {
61 return "other_unknown_constraints";
62 }
63
64 return string_join(str, ',');
65}
66
67/*
68* Make sure the given key constraints are permitted for the given key type
69*/
70bool Key_Constraints::compatible_with(const Public_Key& pub_key) const {
71 uint32_t permitted = 0;
72
73 if(pub_key.supports_operation(PublicKeyOperation::KeyAgreement)) {
74 permitted |= Key_Constraints::KeyAgreement | Key_Constraints::EncipherOnly | Key_Constraints::DecipherOnly;
75 }
76
77 if(pub_key.supports_operation(PublicKeyOperation::Encryption) ||
78 pub_key.supports_operation(PublicKeyOperation::KeyEncapsulation)) {
79 permitted |= Key_Constraints::KeyEncipherment | Key_Constraints::DataEncipherment;
80 }
81
82 if(pub_key.supports_operation(PublicKeyOperation::Signature)) {
83 permitted |= Key_Constraints::DigitalSignature | Key_Constraints::NonRepudiation | Key_Constraints::KeyCertSign |
84 Key_Constraints::CrlSign;
85 }
86
87 if((m_value & permitted) != m_value) {
88 return false;
89 }
90
91 return true;
92}
93
94} // namespace Botan
Botan::Asymmetric_Key::supports_operation
virtual bool supports_operation(PublicKeyOperation op) const =0
Botan::Key_Constraints::DigitalSignature
@ DigitalSignature
Definition: pkix_enums.h:110
Botan::Key_Constraints::None
@ None
Definition: pkix_enums.h:109
Botan::Key_Constraints::NonRepudiation
@ NonRepudiation
Definition: pkix_enums.h:111
Botan::Key_Constraints::CrlSign
@ CrlSign
Definition: pkix_enums.h:116
Botan::Key_Constraints::KeyCertSign
@ KeyCertSign
Definition: pkix_enums.h:115
Botan::Key_Constraints::DataEncipherment
@ DataEncipherment
Definition: pkix_enums.h:113
Botan::Key_Constraints::DecipherOnly
@ DecipherOnly
Definition: pkix_enums.h:118
Botan::Key_Constraints::KeyEncipherment
@ KeyEncipherment
Definition: pkix_enums.h:112
Botan::Key_Constraints::KeyAgreement
@ KeyAgreement
Definition: pkix_enums.h:114
Botan::Key_Constraints::EncipherOnly
@ EncipherOnly
Definition: pkix_enums.h:117
Botan::Key_Constraints::compatible_with
bool compatible_with(const Public_Key &key) const
Definition: key_constraint.cpp:70
Botan::Key_Constraints::to_string
std::string to_string() const
Definition: key_constraint.cpp:16
Botan::Public_Key
Definition: pk_keys.h:107
Botan
Definition: alg_id.cpp:13
Botan::string_join
std::string string_join(const std::vector< std::string > &strs, char delim)
Definition: parsing.cpp:140
Generated by doxygen 1.9.6