Botan  2.10.0
Crypto and TLS for C++11
key_constraint.cpp
Go to the documentation of this file.
1 /*
2 * KeyUsage
3 * (C) 1999-2007,2016 Jack Lloyd
4 * (C) 2016 RenĂ© Korthaus, Rohde & Schwarz Cybersecurity
5 *
6 * Botan is released under the Simplified BSD License (see license.txt)
7 */
8 
9 #include <botan/key_constraint.h>
10 #include <botan/pk_keys.h>
11 #include <vector>
12 
13 namespace Botan {
14 
15 std::string key_constraints_to_string(Key_Constraints constraints)
16  {
17  std::vector<std::string> str;
18 
19  if(constraints == NO_CONSTRAINTS)
20  return "no_constraints";
21 
22  if(constraints & DIGITAL_SIGNATURE)
23  str.push_back("digital_signature");
24 
25  if(constraints & NON_REPUDIATION)
26  str.push_back("non_repudiation");
27 
28  if(constraints & KEY_ENCIPHERMENT)
29  str.push_back("key_encipherment");
30 
31  if(constraints & DATA_ENCIPHERMENT)
32  str.push_back("data_encipherment");
33 
34  if(constraints & KEY_AGREEMENT)
35  str.push_back("key_agreement");
36 
37  if(constraints & KEY_CERT_SIGN)
38  str.push_back("key_cert_sign");
39 
40  if(constraints & CRL_SIGN)
41  str.push_back("crl_sign");
42 
43  if(constraints & ENCIPHER_ONLY)
44  str.push_back("encipher_only");
45 
46  if(constraints & DECIPHER_ONLY)
47  str.push_back("decipher_only");
48 
49  // Not 0 (checked at start) but nothing matched above!
50  if(str.empty())
51  return "other_unknown_constraints";
52 
53  if(str.size() == 1)
54  return str[0];
55 
56  std::string out;
57  for(size_t i = 0; i < str.size() - 1; ++i)
58  {
59  out += str[i];
60  out += ',';
61  }
62  out += str[str.size() - 1];
63 
64  return out;
65  }
66 
67 /*
68 * Make sure the given key constraints are permitted for the given key type
69 */
70 void verify_cert_constraints_valid_for_key_type(const Public_Key& pub_key,
71  Key_Constraints constraints)
72  {
73  const std::string name = pub_key.algo_name();
74 
75  size_t permitted = 0;
76 
77  if(name == "DH" || name == "ECDH")
78  {
79  permitted |= KEY_AGREEMENT | ENCIPHER_ONLY | DECIPHER_ONLY;
80  }
81 
82  if(name == "RSA" || name == "ElGamal")
83  {
84  permitted |= KEY_ENCIPHERMENT | DATA_ENCIPHERMENT;
85  }
86 
87  if(name == "RSA" || name == "DSA" ||
88  name == "ECDSA" || name == "ECGDSA" || name == "ECKCDSA" || name == "GOST-34.10" ||
89  name == "Ed25519")
90  {
91  permitted |= DIGITAL_SIGNATURE | NON_REPUDIATION | KEY_CERT_SIGN | CRL_SIGN;
92  }
93 
94  if((constraints & permitted) != constraints)
95  {
96  throw Invalid_Argument("Invalid " + name + " constraints " + key_constraints_to_string(constraints));
97  }
98  }
99 
100 }
Botan::Invalid_Argument
Definition: exceptn.h:119
Botan::Public_Key::algo_name
virtual std::string algo_name() const =0
name
std::string name
Definition: commoncrypto_hash.cpp:23
Botan
Definition: alg_id.cpp:13
Botan::verify_cert_constraints_valid_for_key_type
void verify_cert_constraints_valid_for_key_type(const Public_Key &pub_key, Key_Constraints constraints)
Definition: key_constraint.cpp:70
Botan::Public_Key
Definition: pk_keys.h:24
Botan::key_constraints_to_string
std::string key_constraints_to_string(Key_Constraints constraints)
Definition: key_constraint.cpp:15
Generated by   doxygen 1.8.13