diff options
author | lloyd <[email protected]> | 2012-07-27 17:30:13 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2012-07-27 17:30:13 +0000 |
commit | 4d0008edca9d3c0a119518e7d9b49c81d7dbe33c (patch) | |
tree | c359b14f9f0a0a495fea6eb241cb082fd0dc0717 /src/cert/x509/x509path.h | |
parent | 16ccb3c130ad29aee2e640d498606314ac486f55 (diff) |
Add Public_Key::estimated_strength which gives an approximation of how
hard that key is to break.
Use it in cert path validation, rejecting keys with estimated strength
less than 80 bits.
Diffstat (limited to 'src/cert/x509/x509path.h')
-rw-r--r-- | src/cert/x509/x509path.h | 20 |
1 files changed, 15 insertions, 5 deletions
diff --git a/src/cert/x509/x509path.h b/src/cert/x509/x509path.h index 21b808073..ae28599b0 100644 --- a/src/cert/x509/x509path.h +++ b/src/cert/x509/x509path.h @@ -17,21 +17,29 @@ namespace Botan { class BOTAN_DLL Path_Validation_Restrictions { public: - Path_Validation_Restrictions(bool require_rev = false); + Path_Validation_Restrictions(bool require_rev = false, + size_t minimum_key_strength = 80); - Path_Validation_Restrictions(bool require_rev, - const std::set<std::string>& trusted_hashes) : - m_require_revocation_information(require_rev), - m_trusted_hashes(trusted_hashes) {} + Path_Validation_Restrictions(bool require_rev, + size_t minimum_key_strength, + const std::set<std::string>& trusted_hashes) : + m_require_revocation_information(require_rev), + m_trusted_hashes(trusted_hashes), + m_minimum_key_strength(minimum_key_strength) {} bool require_revocation_information() const { return m_require_revocation_information; } const std::set<std::string>& trusted_hashes() const { return m_trusted_hashes; } + + size_t minimum_key_strength() const + { return m_minimum_key_strength; } + private: bool m_require_revocation_information; std::set<std::string> m_trusted_hashes; + size_t m_minimum_key_strength; }; class BOTAN_DLL Path_Validation_Result @@ -48,6 +56,8 @@ class BOTAN_DLL Path_Validation_Result SIGNATURE_ERROR, POLICY_ERROR, INVALID_USAGE, + + SIGNATURE_METHOD_TOO_WEAK, UNTRUSTED_HASH, CERT_MULTIPLE_ISSUERS_FOUND, |