Botan 3.0.0-alpha0
Crypto and TLS for C&
key_constraint.cpp
Go to the documentation of this file.
1/*
2* KeyUsage
3* (C) 1999-2007,2016 Jack Lloyd
4* (C) 2016 René Korthaus, Rohde & Schwarz Cybersecurity
5*
6* Botan is released under the Simplified BSD License (see license.txt)
7*/
8
9#include <botan/pkix_types.h>
10#include <botan/pk_keys.h>
11#include <vector>
12
13namespace Botan {
14
16 {
17 std::vector<std::string> str;
18
19 if(constraints == NO_CONSTRAINTS)
20 return "no_constraints";
21
22 if(constraints & DIGITAL_SIGNATURE)
23 str.push_back("digital_signature");
24
25 if(constraints & NON_REPUDIATION)
26 str.push_back("non_repudiation");
27
28 if(constraints & KEY_ENCIPHERMENT)
29 str.push_back("key_encipherment");
30
31 if(constraints & DATA_ENCIPHERMENT)
32 str.push_back("data_encipherment");
33
34 if(constraints & KEY_AGREEMENT)
35 str.push_back("key_agreement");
36
37 if(constraints & KEY_CERT_SIGN)
38 str.push_back("key_cert_sign");
39
40 if(constraints & CRL_SIGN)
41 str.push_back("crl_sign");
42
43 if(constraints & ENCIPHER_ONLY)
44 str.push_back("encipher_only");
45
46 if(constraints & DECIPHER_ONLY)
47 str.push_back("decipher_only");
48
49 // Not 0 (checked at start) but nothing matched above!
50 if(str.empty())
51 return "other_unknown_constraints";
52
53 if(str.size() == 1)
54 return str[0];
55
56 std::string out;
57 for(size_t i = 0; i < str.size() - 1; ++i)
58 {
59 out += str[i];
60 out += ',';
61 }
62 out += str[str.size() - 1];
63
64 return out;
65 }
66
67/*
68* Make sure the given key constraints are permitted for the given key type
69*/
71 Key_Constraints constraints)
72 {
73 const std::string name = pub_key.algo_name();
74
75 size_t permitted = 0;
76
77 const bool can_agree = (name == "DH" || name == "ECDH");
78 const bool can_encrypt = (name == "RSA" || name == "ElGamal");
79
80 const bool can_sign =
81 (name == "RSA" || name == "DSA" ||
82 name == "ECDSA" || name == "ECGDSA" || name == "ECKCDSA" || name == "Ed25519" ||
83 name == "GOST-34.10" || name == "GOST-34.10-2012-256" || name == "GOST-34.10-2012-512");
84
85 if(can_agree)
86 {
88 }
89
90 if(can_encrypt)
91 {
93 }
94
95 if(can_sign)
96 {
98 }
99
100 if(Key_Constraints(constraints & permitted) != constraints)
101 {
102 throw Invalid_Argument("Invalid " + name + " constraints " + key_constraints_to_string(constraints));
103 }
104 }
105
106}
virtual std::string algo_name() const =0
std::string name
Definition: alg_id.cpp:13
void verify_cert_constraints_valid_for_key_type(const Public_Key &pub_key, Key_Constraints constraints)
Key_Constraints
Definition: pkix_enums.h:102
@ DATA_ENCIPHERMENT
Definition: pkix_enums.h:107
@ CRL_SIGN
Definition: pkix_enums.h:110
@ KEY_CERT_SIGN
Definition: pkix_enums.h:109
@ NO_CONSTRAINTS
Definition: pkix_enums.h:103
@ ENCIPHER_ONLY
Definition: pkix_enums.h:111
@ DIGITAL_SIGNATURE
Definition: pkix_enums.h:104
@ KEY_AGREEMENT
Definition: pkix_enums.h:108
@ DECIPHER_ONLY
Definition: pkix_enums.h:112
@ KEY_ENCIPHERMENT
Definition: pkix_enums.h:106
@ NON_REPUDIATION
Definition: pkix_enums.h:105
std::string key_constraints_to_string(Key_Constraints constraints)