blob: 8a4b3deb36062d62158e2a7d91a044331efffcc5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
/*
* KeyUsage
* (C) 1999-2007 Jack Lloyd
*
* Distributed under the terms of the Botan license
*/
#include <botan/key_constraint.h>
#include <botan/x509_key.h>
#include <botan/ber_dec.h>
namespace Botan {
namespace BER {
/*
* Decode a BER encoded KeyUsage
*/
void decode(BER_Decoder& source, Key_Constraints& key_usage)
{
BER_Object obj = source.get_next_object();
if(obj.type_tag != BIT_STRING || obj.class_tag != UNIVERSAL)
throw BER_Bad_Tag("Bad tag for usage constraint",
obj.type_tag, obj.class_tag);
if(obj.value.size() != 2 && obj.value.size() != 3)
throw BER_Decoding_Error("Bad size for BITSTRING in usage constraint");
if(obj.value[0] >= 8)
throw BER_Decoding_Error("Invalid unused bits in usage constraint");
const byte mask = (0xFF << obj.value[0]);
obj.value[obj.value.size()-1] &= mask;
u16bit usage = 0;
for(size_t j = 1; j != obj.value.size(); ++j)
usage = (obj.value[j] << 8) | usage;
key_usage = Key_Constraints(usage);
}
}
/*
* Find the allowable key constraints
*/
Key_Constraints find_constraints(const Public_Key& pub_key,
Key_Constraints limits)
{
const std::string name = pub_key.algo_name();
size_t constraints = 0;
if(name == "DH" || name == "ECDH")
constraints |= KEY_AGREEMENT;
if(name == "RSA" || name == "ElGamal")
constraints |= KEY_ENCIPHERMENT | DATA_ENCIPHERMENT;
if(name == "RSA" || name == "RW" || name == "NR" ||
name == "DSA" || name == "ECDSA")
constraints |= DIGITAL_SIGNATURE | NON_REPUDIATION;
if(limits)
constraints &= limits;
return Key_Constraints(constraints);
}
}
|
