From 4d0008edca9d3c0a119518e7d9b49c81d7dbe33c Mon Sep 17 00:00:00 2001 From: lloyd Date: Fri, 27 Jul 2012 17:30:13 +0000 Subject: Add Public_Key::estimated_strength which gives an approximation of how hard that key is to break. Use it in cert path validation, rejecting keys with estimated strength less than 80 bits. --- src/cert/x509/x509path.h | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) (limited to 'src/cert/x509/x509path.h') diff --git a/src/cert/x509/x509path.h b/src/cert/x509/x509path.h index 21b808073..ae28599b0 100644 --- a/src/cert/x509/x509path.h +++ b/src/cert/x509/x509path.h @@ -17,21 +17,29 @@ namespace Botan { class BOTAN_DLL Path_Validation_Restrictions { public: - Path_Validation_Restrictions(bool require_rev = false); + Path_Validation_Restrictions(bool require_rev = false, + size_t minimum_key_strength = 80); - Path_Validation_Restrictions(bool require_rev, - const std::set& trusted_hashes) : - m_require_revocation_information(require_rev), - m_trusted_hashes(trusted_hashes) {} + Path_Validation_Restrictions(bool require_rev, + size_t minimum_key_strength, + const std::set& trusted_hashes) : + m_require_revocation_information(require_rev), + m_trusted_hashes(trusted_hashes), + m_minimum_key_strength(minimum_key_strength) {} bool require_revocation_information() const { return m_require_revocation_information; } const std::set& trusted_hashes() const { return m_trusted_hashes; } + + size_t minimum_key_strength() const + { return m_minimum_key_strength; } + private: bool m_require_revocation_information; std::set m_trusted_hashes; + size_t m_minimum_key_strength; }; class BOTAN_DLL Path_Validation_Result @@ -48,6 +56,8 @@ class BOTAN_DLL Path_Validation_Result SIGNATURE_ERROR, POLICY_ERROR, INVALID_USAGE, + + SIGNATURE_METHOD_TOO_WEAK, UNTRUSTED_HASH, CERT_MULTIPLE_ISSUERS_FOUND, -- cgit v1.2.3