diff options
author | lloyd <[email protected]> | 2012-03-28 23:35:36 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2012-03-28 23:35:36 +0000 |
commit | 9594979caf775dc4062850044715b804d1fda60c (patch) | |
tree | 0eb8470483a12e64cca065d5e8bfad3cd28dfeef /src/cert/x509/key_constraint.cpp | |
parent | 0da08c29d55ddea710767267af3ec690e91a77a6 (diff) |
Kill off the quite vestigal pubkey_enums header. Move most of the code
to key_constraints.{h,cpp} in cert/x509. Move the X509_Encoding enum
to x509_key.h
Constify argument to X509_Object::check_signature, accidental ommision
Diffstat (limited to 'src/cert/x509/key_constraint.cpp')
-rw-r--r-- | src/cert/x509/key_constraint.cpp | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/src/cert/x509/key_constraint.cpp b/src/cert/x509/key_constraint.cpp new file mode 100644 index 000000000..8a4b3deb3 --- /dev/null +++ b/src/cert/x509/key_constraint.cpp @@ -0,0 +1,69 @@ +/* +* KeyUsage +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#include <botan/key_constraint.h> +#include <botan/x509_key.h> +#include <botan/ber_dec.h> + +namespace Botan { + +namespace BER { + +/* +* Decode a BER encoded KeyUsage +*/ +void decode(BER_Decoder& source, Key_Constraints& key_usage) + { + BER_Object obj = source.get_next_object(); + + if(obj.type_tag != BIT_STRING || obj.class_tag != UNIVERSAL) + throw BER_Bad_Tag("Bad tag for usage constraint", + obj.type_tag, obj.class_tag); + if(obj.value.size() != 2 && obj.value.size() != 3) + throw BER_Decoding_Error("Bad size for BITSTRING in usage constraint"); + if(obj.value[0] >= 8) + throw BER_Decoding_Error("Invalid unused bits in usage constraint"); + + const byte mask = (0xFF << obj.value[0]); + obj.value[obj.value.size()-1] &= mask; + + u16bit usage = 0; + for(size_t j = 1; j != obj.value.size(); ++j) + usage = (obj.value[j] << 8) | usage; + + key_usage = Key_Constraints(usage); + } + +} + +/* +* Find the allowable key constraints +*/ +Key_Constraints find_constraints(const Public_Key& pub_key, + Key_Constraints limits) + { + const std::string name = pub_key.algo_name(); + + size_t constraints = 0; + + if(name == "DH" || name == "ECDH") + constraints |= KEY_AGREEMENT; + + if(name == "RSA" || name == "ElGamal") + constraints |= KEY_ENCIPHERMENT | DATA_ENCIPHERMENT; + + if(name == "RSA" || name == "RW" || name == "NR" || + name == "DSA" || name == "ECDSA") + constraints |= DIGITAL_SIGNATURE | NON_REPUDIATION; + + if(limits) + constraints &= limits; + + return Key_Constraints(constraints); + } + +} |