diff options
Diffstat (limited to 'src/cert/x509')
-rw-r--r-- | src/cert/x509/key_constraint.cpp | 69 | ||||
-rw-r--r-- | src/cert/x509/key_constraint.h | 57 | ||||
-rw-r--r-- | src/cert/x509/pkcs10.h | 1 | ||||
-rw-r--r-- | src/cert/x509/x509_ca.cpp | 3 | ||||
-rw-r--r-- | src/cert/x509/x509_obj.cpp | 6 | ||||
-rw-r--r-- | src/cert/x509/x509_obj.h | 6 | ||||
-rw-r--r-- | src/cert/x509/x509cert.h | 2 |
7 files changed, 136 insertions, 8 deletions
diff --git a/src/cert/x509/key_constraint.cpp b/src/cert/x509/key_constraint.cpp new file mode 100644 index 000000000..8a4b3deb3 --- /dev/null +++ b/src/cert/x509/key_constraint.cpp @@ -0,0 +1,69 @@ +/* +* KeyUsage +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#include <botan/key_constraint.h> +#include <botan/x509_key.h> +#include <botan/ber_dec.h> + +namespace Botan { + +namespace BER { + +/* +* Decode a BER encoded KeyUsage +*/ +void decode(BER_Decoder& source, Key_Constraints& key_usage) + { + BER_Object obj = source.get_next_object(); + + if(obj.type_tag != BIT_STRING || obj.class_tag != UNIVERSAL) + throw BER_Bad_Tag("Bad tag for usage constraint", + obj.type_tag, obj.class_tag); + if(obj.value.size() != 2 && obj.value.size() != 3) + throw BER_Decoding_Error("Bad size for BITSTRING in usage constraint"); + if(obj.value[0] >= 8) + throw BER_Decoding_Error("Invalid unused bits in usage constraint"); + + const byte mask = (0xFF << obj.value[0]); + obj.value[obj.value.size()-1] &= mask; + + u16bit usage = 0; + for(size_t j = 1; j != obj.value.size(); ++j) + usage = (obj.value[j] << 8) | usage; + + key_usage = Key_Constraints(usage); + } + +} + +/* +* Find the allowable key constraints +*/ +Key_Constraints find_constraints(const Public_Key& pub_key, + Key_Constraints limits) + { + const std::string name = pub_key.algo_name(); + + size_t constraints = 0; + + if(name == "DH" || name == "ECDH") + constraints |= KEY_AGREEMENT; + + if(name == "RSA" || name == "ElGamal") + constraints |= KEY_ENCIPHERMENT | DATA_ENCIPHERMENT; + + if(name == "RSA" || name == "RW" || name == "NR" || + name == "DSA" || name == "ECDSA") + constraints |= DIGITAL_SIGNATURE | NON_REPUDIATION; + + if(limits) + constraints &= limits; + + return Key_Constraints(constraints); + } + +} diff --git a/src/cert/x509/key_constraint.h b/src/cert/x509/key_constraint.h new file mode 100644 index 000000000..2c9b3778b --- /dev/null +++ b/src/cert/x509/key_constraint.h @@ -0,0 +1,57 @@ +/* +* Enumerations +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#ifndef BOTAN_ENUMS_H__ +#define BOTAN_ENUMS_H__ + +#include <botan/ber_dec.h> + +namespace Botan { + +/** +* X.509v3 Key Constraints. +*/ +enum Key_Constraints { + NO_CONSTRAINTS = 0, + DIGITAL_SIGNATURE = 32768, + NON_REPUDIATION = 16384, + KEY_ENCIPHERMENT = 8192, + DATA_ENCIPHERMENT = 4096, + KEY_AGREEMENT = 2048, + KEY_CERT_SIGN = 1024, + CRL_SIGN = 512, + ENCIPHER_ONLY = 256, + DECIPHER_ONLY = 128 +}; + +class Public_Key; + +/** +* Create the key constraints for a specific public key. +* @param pub_key the public key from which the basic set of +* constraints to be placed in the return value is derived +* @param limits additional limits that will be incorporated into the +* return value +* @return combination of key type specific constraints and +* additional limits +*/ + +BOTAN_DLL Key_Constraints find_constraints(const Public_Key& pub_key, + Key_Constraints limits); + +/** +* BER Decoding Function for key constraints +*/ +namespace BER { + +void BOTAN_DLL decode(BER_Decoder&, Key_Constraints&); + +} + +} + +#endif diff --git a/src/cert/x509/pkcs10.h b/src/cert/x509/pkcs10.h index bd01fb6b5..065dfbdc0 100644 --- a/src/cert/x509/pkcs10.h +++ b/src/cert/x509/pkcs10.h @@ -12,6 +12,7 @@ #include <botan/x509_dn.h> #include <botan/pkcs8.h> #include <botan/datastor.h> +#include <botan/key_constraint.h> #include <vector> namespace Botan { diff --git a/src/cert/x509/x509_ca.cpp b/src/cert/x509/x509_ca.cpp index 40f2e3b3a..77e066533 100644 --- a/src/cert/x509/x509_ca.cpp +++ b/src/cert/x509/x509_ca.cpp @@ -14,6 +14,7 @@ #include <botan/lookup.h> #include <botan/oids.h> #include <botan/time.h> +#include <botan/key_constraint.h> #include <algorithm> #include <typeinfo> #include <iterator> @@ -57,7 +58,7 @@ X509_Certificate X509_CA::sign_request(const PKCS10_Request& req, else { std::auto_ptr<Public_Key> key(req.subject_public_key()); - constraints = X509::find_constraints(*key, req.constraints()); + constraints = find_constraints(*key, req.constraints()); } Extensions extensions; diff --git a/src/cert/x509/x509_obj.cpp b/src/cert/x509/x509_obj.cpp index c58081225..670bd8da6 100644 --- a/src/cert/x509/x509_obj.cpp +++ b/src/cert/x509/x509_obj.cpp @@ -168,16 +168,16 @@ std::string X509_Object::hash_used_for_signature() const /* * Check the signature on an object */ -bool X509_Object::check_signature(Public_Key* pub_key) const +bool X509_Object::check_signature(const Public_Key* pub_key) const { - std::auto_ptr<Public_Key> key(pub_key); + std::auto_ptr<const Public_Key> key(pub_key); return check_signature(*key); } /* * Check the signature on an object */ -bool X509_Object::check_signature(Public_Key& pub_key) const +bool X509_Object::check_signature(const Public_Key& pub_key) const { try { std::vector<std::string> sig_info = diff --git a/src/cert/x509/x509_obj.h b/src/cert/x509/x509_obj.h index 570b00f51..e46e72ce3 100644 --- a/src/cert/x509/x509_obj.h +++ b/src/cert/x509/x509_obj.h @@ -10,7 +10,7 @@ #include <botan/asn1_obj.h> #include <botan/pipe.h> -#include <botan/pubkey_enums.h> +#include <botan/x509_key.h> #include <botan/rng.h> #include <vector> @@ -62,7 +62,7 @@ class BOTAN_DLL X509_Object * @param key the public key purportedly used to sign this data * @return true if the signature is valid, otherwise false */ - bool check_signature(class Public_Key& key) const; + bool check_signature(const Public_Key& key) const; /** * Check the signature on this data @@ -70,7 +70,7 @@ class BOTAN_DLL X509_Object * the pointer will be deleted after use * @return true if the signature is valid, otherwise false */ - bool check_signature(class Public_Key* key) const; + bool check_signature(const Public_Key* key) const; /** * @return BER encoding of this diff --git a/src/cert/x509/x509cert.h b/src/cert/x509/x509cert.h index d25b97694..6a4fd6959 100644 --- a/src/cert/x509/x509cert.h +++ b/src/cert/x509/x509cert.h @@ -12,7 +12,7 @@ #include <botan/x509_dn.h> #include <botan/x509_key.h> #include <botan/datastor.h> -#include <botan/pubkey_enums.h> +#include <botan/key_constraint.h> #include <map> namespace Botan { |