From 422e1891987b4aec7019282a623ebf57c79e7866 Mon Sep 17 00:00:00 2001
From: René Korthaus <r.korthaus@sirrix.com>
Date: Thu, 4 Aug 2016 10:55:43 +0200
Subject: Fix GH #425 and run x509 tests with different signature algorithms

---
 src/lib/cert/x509/key_constraint.cpp | 35 +++--------------------------------
 1 file changed, 3 insertions(+), 32 deletions(-)

(limited to 'src/lib/cert/x509/key_constraint.cpp')

diff --git a/src/lib/cert/x509/key_constraint.cpp b/src/lib/cert/x509/key_constraint.cpp
index 24791b34a..137c42144 100644
--- a/src/lib/cert/x509/key_constraint.cpp
+++ b/src/lib/cert/x509/key_constraint.cpp
@@ -1,45 +1,16 @@
 /*
 * KeyUsage
 * (C) 1999-2007 Jack Lloyd
+* (C) 2016 René Korthaus, Rohde & Schwarz Cybersecurity
 *
 * Botan is released under the Simplified BSD License (see license.txt)
 */
 
 #include <botan/key_constraint.h>
 #include <botan/x509_key.h>
-#include <botan/ber_dec.h>
 
 namespace Botan {
 
-namespace BER {
-
-/*
-* Decode a BER encoded KeyUsage
-*/
-void decode(BER_Decoder& source, Key_Constraints& key_usage)
-   {
-   BER_Object obj = source.get_next_object();
-
-   if(obj.type_tag != BIT_STRING || obj.class_tag != UNIVERSAL)
-      throw BER_Bad_Tag("Bad tag for usage constraint",
-                        obj.type_tag, obj.class_tag);
-   if(obj.value.size() != 2 && obj.value.size() != 3)
-      throw BER_Decoding_Error("Bad size for BITSTRING in usage constraint");
-   if(obj.value[0] >= 8)
-      throw BER_Decoding_Error("Invalid unused bits in usage constraint");
-
-   const byte mask = (0xFF << obj.value[0]);
-   obj.value[obj.value.size()-1] &= mask;
-
-   u16bit usage = 0;
-   for(size_t j = 1; j != obj.value.size(); ++j)
-      usage = (obj.value[j] << 8) | usage;
-
-   key_usage = Key_Constraints(usage);
-   }
-
-}
-
 /*
 * Find the allowable key constraints
 */
@@ -54,10 +25,10 @@ Key_Constraints find_constraints(const Public_Key& pub_key,
       constraints |= KEY_AGREEMENT;
 
    if(name == "RSA" || name == "ElGamal")
-      constraints |= KEY_ENCIPHERMENT | DATA_ENCIPHERMENT;
+      constraints |= KEY_ENCIPHERMENT | DATA_ENCIPHERMENT | ENCIPHER_ONLY | DECIPHER_ONLY;
 
    if(name == "RSA" || name == "RW" || name == "NR" ||
-      name == "DSA" || name == "ECDSA")
+      name == "DSA" || name == "ECDSA" || name == "ECGDSA" || name == "ECKCDSA")
       constraints |= DIGITAL_SIGNATURE | NON_REPUDIATION;
 
    if(limits)
-- 
cgit v1.2.3