Botan  1.11.15
src/lib/cert/x509/key_constraint.cpp
Go to the documentation of this file.
00001 /*
00002 * KeyUsage
00003 * (C) 1999-2007 Jack Lloyd
00004 *
00005 * Botan is released under the Simplified BSD License (see license.txt)
00006 */
00007 
00008 #include <botan/key_constraint.h>
00009 #include <botan/x509_key.h>
00010 #include <botan/ber_dec.h>
00011 
00012 namespace Botan {
00013 
00014 namespace BER {
00015 
00016 /*
00017 * Decode a BER encoded KeyUsage
00018 */
00019 void decode(BER_Decoder& source, Key_Constraints& key_usage)
00020    {
00021    BER_Object obj = source.get_next_object();
00022 
00023    if(obj.type_tag != BIT_STRING || obj.class_tag != UNIVERSAL)
00024       throw BER_Bad_Tag("Bad tag for usage constraint",
00025                         obj.type_tag, obj.class_tag);
00026    if(obj.value.size() != 2 && obj.value.size() != 3)
00027       throw BER_Decoding_Error("Bad size for BITSTRING in usage constraint");
00028    if(obj.value[0] >= 8)
00029       throw BER_Decoding_Error("Invalid unused bits in usage constraint");
00030 
00031    const byte mask = (0xFF << obj.value[0]);
00032    obj.value[obj.value.size()-1] &= mask;
00033 
00034    u16bit usage = 0;
00035    for(size_t j = 1; j != obj.value.size(); ++j)
00036       usage = (obj.value[j] << 8) | usage;
00037 
00038    key_usage = Key_Constraints(usage);
00039    }
00040 
00041 }
00042 
00043 /*
00044 * Find the allowable key constraints
00045 */
00046 Key_Constraints find_constraints(const Public_Key& pub_key,
00047                                  Key_Constraints limits)
00048    {
00049    const std::string name = pub_key.algo_name();
00050 
00051    size_t constraints = 0;
00052 
00053    if(name == "DH" || name == "ECDH")
00054       constraints |= KEY_AGREEMENT;
00055 
00056    if(name == "RSA" || name == "ElGamal")
00057       constraints |= KEY_ENCIPHERMENT | DATA_ENCIPHERMENT;
00058 
00059    if(name == "RSA" || name == "RW" || name == "NR" ||
00060       name == "DSA" || name == "ECDSA")
00061       constraints |= DIGITAL_SIGNATURE | NON_REPUDIATION;
00062 
00063    if(limits)
00064       constraints &= limits;
00065 
00066    return Key_Constraints(constraints);
00067    }
00068 
00069 }