aboutsummaryrefslogtreecommitdiffstats
path: root/src/cert/x509/x509path.h
diff options
context:
space:
mode:
authorlloyd <[email protected]>2012-07-27 17:30:13 +0000
committerlloyd <[email protected]>2012-07-27 17:30:13 +0000
commit4d0008edca9d3c0a119518e7d9b49c81d7dbe33c (patch)
treec359b14f9f0a0a495fea6eb241cb082fd0dc0717 /src/cert/x509/x509path.h
parent16ccb3c130ad29aee2e640d498606314ac486f55 (diff)
Add Public_Key::estimated_strength which gives an approximation of how
hard that key is to break. Use it in cert path validation, rejecting keys with estimated strength less than 80 bits.
Diffstat (limited to 'src/cert/x509/x509path.h')
-rw-r--r--src/cert/x509/x509path.h20
1 files changed, 15 insertions, 5 deletions
diff --git a/src/cert/x509/x509path.h b/src/cert/x509/x509path.h
index 21b808073..ae28599b0 100644
--- a/src/cert/x509/x509path.h
+++ b/src/cert/x509/x509path.h
@@ -17,21 +17,29 @@ namespace Botan {
class BOTAN_DLL Path_Validation_Restrictions
{
public:
- Path_Validation_Restrictions(bool require_rev = false);
+ Path_Validation_Restrictions(bool require_rev = false,
+ size_t minimum_key_strength = 80);
- Path_Validation_Restrictions(bool require_rev,
- const std::set<std::string>& trusted_hashes) :
- m_require_revocation_information(require_rev),
- m_trusted_hashes(trusted_hashes) {}
+ Path_Validation_Restrictions(bool require_rev,
+ size_t minimum_key_strength,
+ const std::set<std::string>& trusted_hashes) :
+ m_require_revocation_information(require_rev),
+ m_trusted_hashes(trusted_hashes),
+ m_minimum_key_strength(minimum_key_strength) {}
bool require_revocation_information() const
{ return m_require_revocation_information; }
const std::set<std::string>& trusted_hashes() const
{ return m_trusted_hashes; }
+
+ size_t minimum_key_strength() const
+ { return m_minimum_key_strength; }
+
private:
bool m_require_revocation_information;
std::set<std::string> m_trusted_hashes;
+ size_t m_minimum_key_strength;
};
class BOTAN_DLL Path_Validation_Result
@@ -48,6 +56,8 @@ class BOTAN_DLL Path_Validation_Result
SIGNATURE_ERROR,
POLICY_ERROR,
INVALID_USAGE,
+
+ SIGNATURE_METHOD_TOO_WEAK,
UNTRUSTED_HASH,
CERT_MULTIPLE_ISSUERS_FOUND,