aboutsummaryrefslogtreecommitdiffstats
path: root/src/cert/x509
diff options
context:
space:
mode:
Diffstat (limited to 'src/cert/x509')
-rw-r--r--src/cert/x509/key_constraint.cpp69
-rw-r--r--src/cert/x509/key_constraint.h57
-rw-r--r--src/cert/x509/pkcs10.h1
-rw-r--r--src/cert/x509/x509_ca.cpp3
-rw-r--r--src/cert/x509/x509_obj.cpp6
-rw-r--r--src/cert/x509/x509_obj.h6
-rw-r--r--src/cert/x509/x509cert.h2
7 files changed, 136 insertions, 8 deletions
diff --git a/src/cert/x509/key_constraint.cpp b/src/cert/x509/key_constraint.cpp
new file mode 100644
index 000000000..8a4b3deb3
--- /dev/null
+++ b/src/cert/x509/key_constraint.cpp
@@ -0,0 +1,69 @@
+/*
+* KeyUsage
+* (C) 1999-2007 Jack Lloyd
+*
+* Distributed under the terms of the Botan license
+*/
+
+#include <botan/key_constraint.h>
+#include <botan/x509_key.h>
+#include <botan/ber_dec.h>
+
+namespace Botan {
+
+namespace BER {
+
+/*
+* Decode a BER encoded KeyUsage
+*/
+void decode(BER_Decoder& source, Key_Constraints& key_usage)
+ {
+ BER_Object obj = source.get_next_object();
+
+ if(obj.type_tag != BIT_STRING || obj.class_tag != UNIVERSAL)
+ throw BER_Bad_Tag("Bad tag for usage constraint",
+ obj.type_tag, obj.class_tag);
+ if(obj.value.size() != 2 && obj.value.size() != 3)
+ throw BER_Decoding_Error("Bad size for BITSTRING in usage constraint");
+ if(obj.value[0] >= 8)
+ throw BER_Decoding_Error("Invalid unused bits in usage constraint");
+
+ const byte mask = (0xFF << obj.value[0]);
+ obj.value[obj.value.size()-1] &= mask;
+
+ u16bit usage = 0;
+ for(size_t j = 1; j != obj.value.size(); ++j)
+ usage = (obj.value[j] << 8) | usage;
+
+ key_usage = Key_Constraints(usage);
+ }
+
+}
+
+/*
+* Find the allowable key constraints
+*/
+Key_Constraints find_constraints(const Public_Key& pub_key,
+ Key_Constraints limits)
+ {
+ const std::string name = pub_key.algo_name();
+
+ size_t constraints = 0;
+
+ if(name == "DH" || name == "ECDH")
+ constraints |= KEY_AGREEMENT;
+
+ if(name == "RSA" || name == "ElGamal")
+ constraints |= KEY_ENCIPHERMENT | DATA_ENCIPHERMENT;
+
+ if(name == "RSA" || name == "RW" || name == "NR" ||
+ name == "DSA" || name == "ECDSA")
+ constraints |= DIGITAL_SIGNATURE | NON_REPUDIATION;
+
+ if(limits)
+ constraints &= limits;
+
+ return Key_Constraints(constraints);
+ }
+
+}
diff --git a/src/cert/x509/key_constraint.h b/src/cert/x509/key_constraint.h
new file mode 100644
index 000000000..2c9b3778b
--- /dev/null
+++ b/src/cert/x509/key_constraint.h
@@ -0,0 +1,57 @@
+/*
+* Enumerations
+* (C) 1999-2007 Jack Lloyd
+*
+* Distributed under the terms of the Botan license
+*/
+
+#ifndef BOTAN_ENUMS_H__
+#define BOTAN_ENUMS_H__
+
+#include <botan/ber_dec.h>
+
+namespace Botan {
+
+/**
+* X.509v3 Key Constraints.
+*/
+enum Key_Constraints {
+ NO_CONSTRAINTS = 0,
+ DIGITAL_SIGNATURE = 32768,
+ NON_REPUDIATION = 16384,
+ KEY_ENCIPHERMENT = 8192,
+ DATA_ENCIPHERMENT = 4096,
+ KEY_AGREEMENT = 2048,
+ KEY_CERT_SIGN = 1024,
+ CRL_SIGN = 512,
+ ENCIPHER_ONLY = 256,
+ DECIPHER_ONLY = 128
+};
+
+class Public_Key;
+
+/**
+* Create the key constraints for a specific public key.
+* @param pub_key the public key from which the basic set of
+* constraints to be placed in the return value is derived
+* @param limits additional limits that will be incorporated into the
+* return value
+* @return combination of key type specific constraints and
+* additional limits
+*/
+
+BOTAN_DLL Key_Constraints find_constraints(const Public_Key& pub_key,
+ Key_Constraints limits);
+
+/**
+* BER Decoding Function for key constraints
+*/
+namespace BER {
+
+void BOTAN_DLL decode(BER_Decoder&, Key_Constraints&);
+
+}
+
+}
+
+#endif
diff --git a/src/cert/x509/pkcs10.h b/src/cert/x509/pkcs10.h
index bd01fb6b5..065dfbdc0 100644
--- a/src/cert/x509/pkcs10.h
+++ b/src/cert/x509/pkcs10.h
@@ -12,6 +12,7 @@
#include <botan/x509_dn.h>
#include <botan/pkcs8.h>
#include <botan/datastor.h>
+#include <botan/key_constraint.h>
#include <vector>
namespace Botan {
diff --git a/src/cert/x509/x509_ca.cpp b/src/cert/x509/x509_ca.cpp
index 40f2e3b3a..77e066533 100644
--- a/src/cert/x509/x509_ca.cpp
+++ b/src/cert/x509/x509_ca.cpp
@@ -14,6 +14,7 @@
#include <botan/lookup.h>
#include <botan/oids.h>
#include <botan/time.h>
+#include <botan/key_constraint.h>
#include <algorithm>
#include <typeinfo>
#include <iterator>
@@ -57,7 +58,7 @@ X509_Certificate X509_CA::sign_request(const PKCS10_Request& req,
else
{
std::auto_ptr<Public_Key> key(req.subject_public_key());
- constraints = X509::find_constraints(*key, req.constraints());
+ constraints = find_constraints(*key, req.constraints());
}
Extensions extensions;
diff --git a/src/cert/x509/x509_obj.cpp b/src/cert/x509/x509_obj.cpp
index c58081225..670bd8da6 100644
--- a/src/cert/x509/x509_obj.cpp
+++ b/src/cert/x509/x509_obj.cpp
@@ -168,16 +168,16 @@ std::string X509_Object::hash_used_for_signature() const
/*
* Check the signature on an object
*/
-bool X509_Object::check_signature(Public_Key* pub_key) const
+bool X509_Object::check_signature(const Public_Key* pub_key) const
{
- std::auto_ptr<Public_Key> key(pub_key);
+ std::auto_ptr<const Public_Key> key(pub_key);
return check_signature(*key);
}
/*
* Check the signature on an object
*/
-bool X509_Object::check_signature(Public_Key& pub_key) const
+bool X509_Object::check_signature(const Public_Key& pub_key) const
{
try {
std::vector<std::string> sig_info =
diff --git a/src/cert/x509/x509_obj.h b/src/cert/x509/x509_obj.h
index 570b00f51..e46e72ce3 100644
--- a/src/cert/x509/x509_obj.h
+++ b/src/cert/x509/x509_obj.h
@@ -10,7 +10,7 @@
#include <botan/asn1_obj.h>
#include <botan/pipe.h>
-#include <botan/pubkey_enums.h>
+#include <botan/x509_key.h>
#include <botan/rng.h>
#include <vector>
@@ -62,7 +62,7 @@ class BOTAN_DLL X509_Object
* @param key the public key purportedly used to sign this data
* @return true if the signature is valid, otherwise false
*/
- bool check_signature(class Public_Key& key) const;
+ bool check_signature(const Public_Key& key) const;
/**
* Check the signature on this data
@@ -70,7 +70,7 @@ class BOTAN_DLL X509_Object
* the pointer will be deleted after use
* @return true if the signature is valid, otherwise false
*/
- bool check_signature(class Public_Key* key) const;
+ bool check_signature(const Public_Key* key) const;
/**
* @return BER encoding of this
diff --git a/src/cert/x509/x509cert.h b/src/cert/x509/x509cert.h
index d25b97694..6a4fd6959 100644
--- a/src/cert/x509/x509cert.h
+++ b/src/cert/x509/x509cert.h
@@ -12,7 +12,7 @@
#include <botan/x509_dn.h>
#include <botan/x509_key.h>
#include <botan/datastor.h>
-#include <botan/pubkey_enums.h>
+#include <botan/key_constraint.h>
#include <map>
namespace Botan {