diff options
| author | René Korthaus <[email protected]> | 2016-08-04 10:55:43 +0200 |
|---|---|---|
| committer | René Korthaus <[email protected]> | 2016-08-17 20:26:10 +0200 |
| commit | 422e1891987b4aec7019282a623ebf57c79e7866 (patch) | |
| tree | 7c143106128b9f574f2d2dbde9a20620531bc61c /src/lib/cert/x509/key_constraint.cpp | |
| parent | 8d7087066a5343a6f142643cf50d55a7681746a3 (diff) | |
Fix GH #425 and run x509 tests with different signature algorithms
Diffstat (limited to 'src/lib/cert/x509/key_constraint.cpp')
| -rw-r--r-- | src/lib/cert/x509/key_constraint.cpp | 35 |
1 files changed, 3 insertions, 32 deletions
diff --git a/src/lib/cert/x509/key_constraint.cpp b/src/lib/cert/x509/key_constraint.cpp index 24791b34a..137c42144 100644 --- a/src/lib/cert/x509/key_constraint.cpp +++ b/src/lib/cert/x509/key_constraint.cpp @@ -1,45 +1,16 @@ /* * KeyUsage * (C) 1999-2007 Jack Lloyd +* (C) 2016 René Korthaus, Rohde & Schwarz Cybersecurity * * Botan is released under the Simplified BSD License (see license.txt) */ #include <botan/key_constraint.h> #include <botan/x509_key.h> -#include <botan/ber_dec.h> namespace Botan { -namespace BER { - -/* -* Decode a BER encoded KeyUsage -*/ -void decode(BER_Decoder& source, Key_Constraints& key_usage) - { - BER_Object obj = source.get_next_object(); - - if(obj.type_tag != BIT_STRING || obj.class_tag != UNIVERSAL) - throw BER_Bad_Tag("Bad tag for usage constraint", - obj.type_tag, obj.class_tag); - if(obj.value.size() != 2 && obj.value.size() != 3) - throw BER_Decoding_Error("Bad size for BITSTRING in usage constraint"); - if(obj.value[0] >= 8) - throw BER_Decoding_Error("Invalid unused bits in usage constraint"); - - const byte mask = (0xFF << obj.value[0]); - obj.value[obj.value.size()-1] &= mask; - - u16bit usage = 0; - for(size_t j = 1; j != obj.value.size(); ++j) - usage = (obj.value[j] << 8) | usage; - - key_usage = Key_Constraints(usage); - } - -} - /* * Find the allowable key constraints */ @@ -54,10 +25,10 @@ Key_Constraints find_constraints(const Public_Key& pub_key, constraints |= KEY_AGREEMENT; if(name == "RSA" || name == "ElGamal") - constraints |= KEY_ENCIPHERMENT | DATA_ENCIPHERMENT; + constraints |= KEY_ENCIPHERMENT | DATA_ENCIPHERMENT | ENCIPHER_ONLY | DECIPHER_ONLY; if(name == "RSA" || name == "RW" || name == "NR" || - name == "DSA" || name == "ECDSA") + name == "DSA" || name == "ECDSA" || name == "ECGDSA" || name == "ECKCDSA") constraints |= DIGITAL_SIGNATURE | NON_REPUDIATION; if(limits) |