aboutsummaryrefslogtreecommitdiffstats
path: root/src/cert/cvc/eac_obj.h
diff options
context:
space:
mode:
authorlloyd <[email protected]>2008-10-08 19:53:53 +0000
committerlloyd <[email protected]>2008-10-08 19:53:53 +0000
commitfa7aa7f8dc857bae547fe6981fa6fc2b065b2004 (patch)
treeb0f8d6d0397d81b38bcbee4e3dfea1112561fe97 /src/cert/cvc/eac_obj.h
parentafd97edf49c9381e434f5f786c59f743a246101b (diff)
Add Card Verifiable Certificates from InSiTo (does not built due to missing parts, not included in build by default)
Diffstat (limited to 'src/cert/cvc/eac_obj.h')
-rw-r--r--src/cert/cvc/eac_obj.h132
1 files changed, 132 insertions, 0 deletions
diff --git a/src/cert/cvc/eac_obj.h b/src/cert/cvc/eac_obj.h
new file mode 100644
index 000000000..5b1912595
--- /dev/null
+++ b/src/cert/cvc/eac_obj.h
@@ -0,0 +1,132 @@
+/*************************************************
+* EAC1_1 objects Header File *
+* (C) 2008 Falko Strenzke *
+*************************************************/
+
+#ifndef BOTAN_EAC_OBJ_H__
+#define BOTAN_EAC_OBJ_H__
+
+#include <botan/pubkey.h>
+#include <botan/x509_key.h>
+#include <botan/x509_obj.h>
+#include <botan/enums.h>
+#include <botan/pubkey.h>
+#include <botan/parsing.h>
+#include <botan/pem.h>
+#include <botan/oids.h>
+#include <botan/look_pk.h>
+#include <botan/ecdsa_sig.h>
+#include <string>
+
+namespace Botan {
+
+const std::string eac_cvc_emsa("EMSA1_BSI");
+
+/*************************************************
+* TR03110 v1.1 EAC CV Certificate *
+*************************************************/
+template<typename Derived>
+class EAC1_1_obj : public X509_Object // CRTP is used enable the call sequence:
+ {
+ // data members first:
+ protected:
+
+ ECDSA_Signature m_sig;
+
+
+ // member functions here:
+ public:
+ /**
+ * Return the signature as a concatenation of the encoded parts.
+ * @result the concatenated signature
+ */
+ SecureVector<byte> get_concat_sig() const;
+
+ /**
+ * Verify the signature of this objects.
+ * @param pub_key the public key to verify the signature with
+ * @result true if the verification succeeded
+ */
+ virtual bool check_signature(Public_Key& pub_key) const;
+
+ protected:
+ void init(SharedPtrConverter<DataSource> in);
+
+ static SecureVector<byte> make_signature(const PK_Signer* signer,
+ const MemoryRegion<byte>& tbs_bits,
+ RandomNumberGenerator& rng);
+
+ virtual ~EAC1_1_obj<Derived>(){}
+
+ };
+
+template<typename Derived> SecureVector<byte> EAC1_1_obj<Derived>::get_concat_sig() const
+ {
+ return m_sig.get_concatenation();
+ }
+template<typename Derived> SecureVector<byte> EAC1_1_obj<Derived>::make_signature(const PK_Signer* signer,
+ const MemoryRegion<byte>& tbs_bits,
+ RandomNumberGenerator& rng)
+ {
+ SecureVector<byte> seq_sig = signer->sign_message(tbs_bits, rng); // this is the signature as a der sequence
+ ECDSA_Signature sig(decode_seq(seq_sig));
+ SecureVector<byte> concat_sig(sig.get_concatenation());
+ return concat_sig;
+ }
+
+template<typename Derived> void EAC1_1_obj<Derived>::init(SharedPtrConverter<DataSource> in)
+ {
+
+ try
+ {
+ Derived::decode_info(in.get_shared(), tbs_bits, m_sig);
+ }
+ catch(Decoding_Error)
+ {
+ throw Decoding_Error(PEM_label_pref + " decoding failed");
+ }
+ }
+
+template<typename Derived> bool EAC1_1_obj<Derived>::check_signature(Public_Key& pub_key) const
+ {
+ try
+ {
+ std::vector<std::string> sig_info =
+ split_on(OIDS::lookup(sig_algo.oid), '/');
+
+ if(sig_info.size() != 2 || sig_info[0] != pub_key.algo_name())
+ {
+ return false;
+ }
+
+ std::string padding = sig_info[1];
+ Signature_Format format =
+ (pub_key.message_parts() >= 2) ? DER_SEQUENCE : IEEE_1363;
+
+ std::auto_ptr<PK_Verifier> verifier;
+ if(dynamic_cast<PK_Verifying_wo_MR_Key*>(&pub_key))
+ {
+ PK_Verifying_wo_MR_Key& sig_key =
+ dynamic_cast<PK_Verifying_wo_MR_Key&>(pub_key);
+ verifier.reset(get_pk_verifier(sig_key, padding, format));
+ }
+ else
+ {
+ return false;
+ }
+ std::auto_ptr<ECDSA_Signature_Encoder> enc = m_sig.x509_encoder();
+ SecureVector<byte> seq_sig = enc->signature_bits();
+ SecureVector<byte> to_sign = tbs_data();
+ return verifier->verify_message(to_sign, seq_sig);
+
+ }
+ catch(...)
+ {
+ return false;
+ }
+ }
+
+}
+
+#endif