void Policy::check_peer_key_acceptable(const Public_Key& public_key) const
{
const std::string algo_name = public_key.algo_name();
const size_t keylength = public_key.key_length();
size_t expected_keylength = 0;
if(algo_name == "RSA")
{
expected_keylength = minimum_rsa_bits();
}
else if(algo_name == "DH")
{
expected_keylength = minimum_dh_group_size();
}
else if(algo_name == "DSA")
{
expected_keylength = minimum_dsa_group_size();
}
else if(algo_name == "ECDH" || algo_name == "Curve25519")
{
expected_keylength = minimum_ecdh_group_size();
}
else if(algo_name == "ECDSA")
{
expected_keylength = minimum_ecdsa_group_size();
}
// else some other algo, so leave expected_keylength as zero and the check is a no-op
if(keylength < expected_keylength)
throw TLS_Exception(Alert::INSUFFICIENT_SECURITY,
"Peer sent " +
std::to_string(keylength) + " bit " + algo_name + " key"
", policy requires at least " +
std::to_string(expected_keylength));
}
