aboutsummaryrefslogtreecommitdiffstats
path: root/src/cert/cvc
diff options
context:
space:
mode:
authorlloyd <[email protected]>2008-10-08 21:08:06 +0000
committerlloyd <[email protected]>2008-10-08 21:08:06 +0000
commit832dfea7d8d664ee186f94213185c51047ea6cfa (patch)
tree392121f7bb1e4f3e84b5ae0aa395d88b87298065 /src/cert/cvc
parent0ffb4257258df236dc469ef086b1871fe7b5afba (diff)
Fix further compilation errors. However some functionality is disabled since
ECDSA keys do not support the EAC serialization mechanism yet.
Diffstat (limited to 'src/cert/cvc')
-rw-r--r--src/cert/cvc/asn1_eac_tm.cpp16
-rw-r--r--src/cert/cvc/cvc_self.cpp73
-rw-r--r--src/cert/cvc/cvc_self.h9
3 files changed, 64 insertions, 34 deletions
diff --git a/src/cert/cvc/asn1_eac_tm.cpp b/src/cert/cvc/asn1_eac_tm.cpp
index 81c99f190..91688879c 100644
--- a/src/cert/cvc/asn1_eac_tm.cpp
+++ b/src/cert/cvc/asn1_eac_tm.cpp
@@ -265,22 +265,6 @@ bool operator<(const EAC_Time& t1, const EAC_Time& t2)
}
/*************************************************
-* Do a validity check *
-*************************************************/
-s32bit validity_check(const EAC_Time& start, const EAC_Time& end,
- u64bit current_time)
- {
-
- const s32bit NOT_YET_VALID = -1, VALID_TIME = 0, EXPIRED = 1;
-
- if (start.cmp(current_time) > 0)
- return NOT_YET_VALID;
- if (end.cmp(current_time) < 0)
- return EXPIRED;
- return VALID_TIME;
- }
-
-/*************************************************
* Decode a BER encoded EAC_Time *
*************************************************/
void EAC_Time::decode_from(BER_Decoder& source)
diff --git a/src/cert/cvc/cvc_self.cpp b/src/cert/cvc/cvc_self.cpp
index 9ea561366..340d01db6 100644
--- a/src/cert/cvc/cvc_self.cpp
+++ b/src/cert/cvc/cvc_self.cpp
@@ -19,6 +19,19 @@ namespace Botan {
namespace {
+/*******************************
+* cvc CHAT values *
+*******************************/
+enum CHAT_values{
+ CVCA = 0xC0,
+ DVCA_domestic = 0x80,
+ DVCA_foreign = 0x40,
+ IS = 0x00,
+
+ IRIS = 0x02,
+ FINGERPRINT = 0x01
+};
+
std::string padding_and_hash_from_oid(OID const& oid)
{
std::string padding_and_hash = OIDS::lookup(oid); // use the hash
@@ -49,7 +62,8 @@ namespace CVC_EAC
{
EAC1_1_CVC create_self_signed_cert(Private_Key const& key,
- EAC1_1_CVC_Options const& opt)
+ EAC1_1_CVC_Options const& opt,
+ RandomNumberGenerator& rng)
{
// NOTE: we ignore
// the value
@@ -70,15 +84,21 @@ EAC1_1_CVC create_self_signed_cert(Private_Key const& key,
std::auto_ptr<Botan::PK_Signer> signer(get_pk_signer(*priv_key, padding_and_hash));
+#if 0
std::auto_ptr<EAC1_1_CVC_Encoder> enc(priv_key->cvc_eac1_1_encoder());
MemoryVector<byte> enc_public_key = enc->public_key(sig_algo);
- return EAC1_1_CVC_CA::make_cert(signer, enc_public_key, opt.car, chr, opt.holder_auth_templ, opt.ced, opt.cex);
+#else
+ MemoryVector<byte> enc_public_key;
+#endif
+
+ return EAC1_1_CVC_CA::make_cert(signer, enc_public_key, opt.car, chr, opt.holder_auth_templ, opt.ced, opt.cex, rng);
}
EAC1_1_Req create_cvc_req(Private_Key const& key,
ASN1_Chr const& chr,
- std::string const& hash_alg)
+ std::string const& hash_alg,
+ RandomNumberGenerator& rng)
{
ECDSA_PrivateKey const* priv_key = dynamic_cast<ECDSA_PrivateKey const*>(&key);
@@ -91,10 +111,15 @@ EAC1_1_Req create_cvc_req(Private_Key const& key,
sig_algo.oid = OIDS::lookup_bsi(priv_key->algo_name() + "/" + padding_and_hash);
sig_algo = AlgorithmIdentifier(sig_algo.oid, AlgorithmIdentifier::USE_NULL_PARAM);
- std::auto_ptr<Botan::PK_Signer> signer = get_pk_signer(*priv_key, padding_and_hash);
+ std::auto_ptr<Botan::PK_Signer> signer(get_pk_signer(*priv_key, padding_and_hash));
+#if 0
std::auto_ptr<EAC1_1_CVC_Encoder> enc(priv_key->cvc_eac1_1_encoder());
MemoryVector<byte> enc_public_key = enc->public_key(sig_algo);
+#else
+ MemoryVector<byte> enc_public_key;
+#endif
+
MemoryVector<byte> enc_cpi;
enc_cpi.append(0x00);
MemoryVector<byte> tbs = DER_Encoder()
@@ -103,14 +128,15 @@ EAC1_1_Req create_cvc_req(Private_Key const& key,
.encode(chr)
.get_contents();
- MemoryVector<byte> signed_cert = EAC1_1_gen_CVC<EAC1_1_Req>::make_signed(signer, EAC1_1_gen_CVC<EAC1_1_Req>::build_cert_body(tbs));
+ MemoryVector<byte> signed_cert = EAC1_1_gen_CVC<EAC1_1_Req>::make_signed(signer, EAC1_1_gen_CVC<EAC1_1_Req>::build_cert_body(tbs), rng);
std::tr1::shared_ptr<DataSource> source(new DataSource_Memory(signed_cert));
return EAC1_1_Req(source);
}
EAC1_1_ADO create_ado_req(Private_Key const& key,
EAC1_1_Req const& req,
- ASN1_Car const& car)
+ ASN1_Car const& car,
+ RandomNumberGenerator& rng)
{
ECDSA_PrivateKey const* priv_key = dynamic_cast<ECDSA_PrivateKey const*>(&key);
@@ -122,7 +148,7 @@ EAC1_1_ADO create_ado_req(Private_Key const& key,
std::auto_ptr<Botan::PK_Signer> signer(get_pk_signer(*priv_key, padding_and_hash));
SecureVector<byte> tbs_bits = req.BER_encode();
tbs_bits.append(DER_Encoder().encode(car).get_contents());
- MemoryVector<byte> signed_cert = EAC1_1_ADO::make_signed(signer, tbs_bits);
+ MemoryVector<byte> signed_cert = EAC1_1_ADO::make_signed(signer, tbs_bits, rng);
std::tr1::shared_ptr<DataSource> source(new DataSource_Memory(signed_cert));
return EAC1_1_ADO(source);
}
@@ -130,6 +156,7 @@ EAC1_1_ADO create_ado_req(Private_Key const& key,
} // namespace CVC_EAC
namespace DE_EAC
{
+
EAC1_1_CVC create_cvca(Private_Key const& key, std::string const& hash, ASN1_Car const& car, bool iris, bool fingerpr)
{
ECDSA_PrivateKey const* priv_key = dynamic_cast<ECDSA_PrivateKey const*>(&key);
@@ -153,7 +180,8 @@ EAC1_1_CVC create_cvca(Private_Key const& key, std::string const& hash, ASN1_Car
EAC1_1_CVC link_cvca(EAC1_1_CVC const& signer,
Private_Key const& key,
- EAC1_1_CVC const& signee)
+ EAC1_1_CVC const& signee,
+ RandomNumberGenerator& rng)
{
ECDSA_PrivateKey const* priv_key = dynamic_cast<ECDSA_PrivateKey const*>(&key);
if (priv_key == 0)
@@ -164,7 +192,7 @@ EAC1_1_CVC link_cvca(EAC1_1_CVC const& signer,
ASN1_Cex cex(signee.get_cex());
if (*static_cast<EAC_Time*>(&ced) > *static_cast<EAC_Time*>(&cex))
{
- std::string detail("link_cvca(): validity periods of provided certificates donĀ“t overlap: currend time = ced = ");
+ std::string detail("link_cvca(): validity periods of provided certificates don't overlap: currend time = ced = ");
detail += ced.as_string();
detail += ", signee.cex = ";
detail += cex.as_string();
@@ -176,18 +204,25 @@ EAC1_1_CVC link_cvca(EAC1_1_CVC const& signer,
}
AlgorithmIdentifier sig_algo = signer.signature_algorithm();
std::string padding_and_hash = padding_and_hash_from_oid(sig_algo.oid);
- std::auto_ptr<Botan::PK_Signer> pk_signer = get_pk_signer(*priv_key, padding_and_hash);
+ std::auto_ptr<Botan::PK_Signer> pk_signer(get_pk_signer(*priv_key, padding_and_hash));
std::auto_ptr<Public_Key> pk = signee.subject_public_key();
ECDSA_PublicKey* subj_pk = dynamic_cast<ECDSA_PublicKey*>(pk.get());
subj_pk->set_parameter_encoding(ENC_EXPLICIT);
+
+#if 0
std::auto_ptr<EAC1_1_CVC_Encoder> enc(subj_pk->cvc_eac1_1_encoder());
MemoryVector<byte> enc_public_key = enc->public_key(sig_algo);
+#else
+ MemoryVector<byte> enc_public_key;
+#endif
+
return EAC1_1_CVC_CA::make_cert(pk_signer, enc_public_key,
signer.get_car(),
signee.get_chr(),
signer.get_chat_value(),
ced,
- cex);
+ cex,
+ rng);
}
EAC1_1_CVC sign_request(EAC1_1_CVC const& signer_cert,
@@ -195,7 +230,8 @@ EAC1_1_CVC sign_request(EAC1_1_CVC const& signer_cert,
EAC1_1_Req const& signee,
u32bit seqnr,
u32bit seqnr_len,
- bool domestic)
+ bool domestic,
+ RandomNumberGenerator& rng)
{
ECDSA_PrivateKey const* priv_key = dynamic_cast<ECDSA_PrivateKey const*>(&key);
if (priv_key == 0)
@@ -206,7 +242,7 @@ EAC1_1_CVC sign_request(EAC1_1_CVC const& signer_cert,
chr_str.append(fixed_len_seqnr(seqnr, seqnr_len));
ASN1_Chr chr(chr_str);
std::string padding_and_hash = padding_and_hash_from_oid(signee.signature_algorithm().oid);
- std::auto_ptr<Botan::PK_Signer> pk_signer = get_pk_signer(*priv_key, padding_and_hash);
+ std::auto_ptr<Botan::PK_Signer> pk_signer(get_pk_signer(*priv_key, padding_and_hash));
std::auto_ptr<Public_Key> pk = signee.subject_public_key();
ECDSA_PublicKey* subj_pk = dynamic_cast<ECDSA_PublicKey*>(pk.get());
std::auto_ptr<Public_Key> signer_pk = signer_cert.subject_public_key();
@@ -216,9 +252,15 @@ EAC1_1_CVC sign_request(EAC1_1_CVC const& signer_cert,
subj_pk->set_domain_parameters(priv_key->get_domain_parameters());
subj_pk->set_parameter_encoding(ENC_IMPLICITCA);
+
+#if 0
std::auto_ptr<EAC1_1_CVC_Encoder> enc(subj_pk->cvc_eac1_1_encoder());
- AlgorithmIdentifier sig_algo(signer_cert.signature_algorithm());
MemoryVector<byte> enc_public_key = enc->public_key(sig_algo);
+#else
+ MemoryVector<byte> enc_public_key;
+#endif
+
+ AlgorithmIdentifier sig_algo(signer_cert.signature_algorithm());
const u64bit current_time = system_time();
ASN1_Ced ced(current_time);
u32bit chat_val;
@@ -253,7 +295,8 @@ EAC1_1_CVC sign_request(EAC1_1_CVC const& signer_cert,
chr,
chat_val,
ced,
- cex);
+ cex,
+ rng);
}
EAC1_1_Req create_cvc_req(Private_Key const& prkey,
ASN1_Chr const& chr,
diff --git a/src/cert/cvc/cvc_self.h b/src/cert/cvc/cvc_self.h
index c2eaf9737..608d93af8 100644
--- a/src/cert/cvc/cvc_self.h
+++ b/src/cert/cvc/cvc_self.h
@@ -46,7 +46,8 @@ namespace CVC_EAC
*/
EAC1_1_CVC create_self_signed_cert(Private_Key const& key,
- EAC1_1_CVC_Options const& opts);
+ EAC1_1_CVC_Options const& opts,
+ RandomNumberGenerator& rng);
/**
* Create a CVC request. The key encoding will be according to the provided private key.
* @param priv_key the private key associated with the requesting entity
@@ -107,7 +108,8 @@ EAC1_1_CVC create_cvca(Private_Key const& priv_key,
*/
EAC1_1_CVC link_cvca(EAC1_1_CVC const& signer,
Private_Key const& priv_key,
- EAC1_1_CVC const& to_be_signed);
+ EAC1_1_CVC const& to_be_signed,
+ RandomNumberGenerator& rng);
/**
* Create a CVC request. The key encoding will be implicitCA.
@@ -139,7 +141,8 @@ EAC1_1_CVC sign_request(EAC1_1_CVC const& signer_cert,
EAC1_1_Req const& req,
u32bit seqnr,
u32bit seqnr_len,
- bool domestic);
+ bool domestic,
+ RandomNumberGenerator& rng);
}
}