aboutsummaryrefslogtreecommitdiffstats
path: root/src/cert/cvc
diff options
context:
space:
mode:
authorlloyd <[email protected]>2008-10-11 23:44:16 +0000
committerlloyd <[email protected]>2008-10-11 23:44:16 +0000
commit053dfa09e95039022e3c4249655cbe5fe12db9c5 (patch)
tree887f5570708fca65b2d16fa850d7f14e5387aa21 /src/cert/cvc
parent1c45e7840fd7ec7d3d6bbacbb615a4809a84a0a1 (diff)
Move ECDSA_Signature into CVC module. It is not used by ECDSA directly now.
Change several ECC functions to return const references instead of const values.
Diffstat (limited to 'src/cert/cvc')
-rw-r--r--src/cert/cvc/cvc_self.cpp2
-rw-r--r--src/cert/cvc/eac_obj.h38
-rw-r--r--src/cert/cvc/ecdsa_sig.cpp74
-rw-r--r--src/cert/cvc/ecdsa_sig.h86
-rw-r--r--src/cert/cvc/info.txt2
5 files changed, 181 insertions, 21 deletions
diff --git a/src/cert/cvc/cvc_self.cpp b/src/cert/cvc/cvc_self.cpp
index 66b8350a0..8b49d3186 100644
--- a/src/cert/cvc/cvc_self.cpp
+++ b/src/cert/cvc/cvc_self.cpp
@@ -255,7 +255,7 @@ EAC1_1_CVC sign_request(EAC1_1_CVC const& signer_cert,
// for the case that the domain parameters are not set...
// (we use those from the signer because they must fit)
- subj_pk->set_domain_parameters(priv_key->get_domain_parameters());
+ subj_pk->set_domain_parameters(priv_key->domain_parameters());
subj_pk->set_parameter_encoding(ENC_IMPLICITCA);
diff --git a/src/cert/cvc/eac_obj.h b/src/cert/cvc/eac_obj.h
index 6d170ea60..3b692673d 100644
--- a/src/cert/cvc/eac_obj.h
+++ b/src/cert/cvc/eac_obj.h
@@ -26,8 +26,8 @@ const std::string eac_cvc_emsa("EMSA1_BSI");
/*************************************************
* TR03110 v1.1 EAC CV Certificate *
*************************************************/
-template<typename Derived>
-class BOTAN_DLL EAC1_1_obj : public EAC_Signed_Object // CRTP is used enable the call sequence:
+template<typename Derived> // CRTP is used enable the call sequence:
+class BOTAN_DLL EAC1_1_obj : public EAC_Signed_Object
{
// data members first:
protected:
@@ -64,11 +64,15 @@ template<typename Derived> SecureVector<byte> EAC1_1_obj<Derived>::get_concat_si
{
return m_sig.get_concatenation();
}
-template<typename Derived> SecureVector<byte> EAC1_1_obj<Derived>::make_signature(PK_Signer* signer,
- const MemoryRegion<byte>& tbs_bits,
- RandomNumberGenerator& rng)
+
+template<typename Derived> SecureVector<byte>
+EAC1_1_obj<Derived>::make_signature(PK_Signer* signer,
+ const MemoryRegion<byte>& tbs_bits,
+ RandomNumberGenerator& rng)
{
- SecureVector<byte> seq_sig = signer->sign_message(tbs_bits, rng); // this is the signature as a der sequence
+ // this is the signature as a der sequence
+ SecureVector<byte> seq_sig = signer->sign_message(tbs_bits, rng);
+
ECDSA_Signature sig(decode_seq(seq_sig));
SecureVector<byte> concat_sig(sig.get_concatenation());
return concat_sig;
@@ -76,7 +80,6 @@ template<typename Derived> SecureVector<byte> EAC1_1_obj<Derived>::make_signatur
template<typename Derived> void EAC1_1_obj<Derived>::init(SharedPtrConverter<DataSource> in)
{
-
try
{
Derived::decode_info(in.get_shared(), tbs_bits, m_sig);
@@ -87,7 +90,8 @@ template<typename Derived> void EAC1_1_obj<Derived>::init(SharedPtrConverter<Dat
}
}
-template<typename Derived> bool EAC1_1_obj<Derived>::check_signature(Public_Key& pub_key) const
+template<typename Derived>
+bool EAC1_1_obj<Derived>::check_signature(Public_Key& pub_key) const
{
try
{
@@ -103,22 +107,16 @@ template<typename Derived> bool EAC1_1_obj<Derived>::check_signature(Public_Key&
Signature_Format format =
(pub_key.message_parts() >= 2) ? DER_SEQUENCE : IEEE_1363;
- std::auto_ptr<PK_Verifier> verifier;
- if(dynamic_cast<PK_Verifying_wo_MR_Key*>(&pub_key))
- {
- PK_Verifying_wo_MR_Key& sig_key =
- dynamic_cast<PK_Verifying_wo_MR_Key&>(pub_key);
- verifier.reset(get_pk_verifier(sig_key, padding, format));
- }
- else
- {
+ if(!dynamic_cast<PK_Verifying_wo_MR_Key*>(&pub_key))
return false;
- }
- std::auto_ptr<ECDSA_Signature_Encoder> enc(m_sig.x509_encoder());
+
+ std::auto_ptr<ECDSA_Signature_Encoder> enc(new ECDSA_Signature_Encoder(&m_sig));
SecureVector<byte> seq_sig = enc->signature_bits();
SecureVector<byte> to_sign = tbs_data();
- return verifier->verify_message(to_sign, seq_sig);
+ PK_Verifying_wo_MR_Key& sig_key = dynamic_cast<PK_Verifying_wo_MR_Key&>(pub_key);
+ std::auto_ptr<PK_Verifier> verifier(get_pk_verifier(sig_key, padding, format));
+ return verifier->verify_message(to_sign, seq_sig);
}
catch(...)
{
diff --git a/src/cert/cvc/ecdsa_sig.cpp b/src/cert/cvc/ecdsa_sig.cpp
new file mode 100644
index 000000000..f0b407e56
--- /dev/null
+++ b/src/cert/cvc/ecdsa_sig.cpp
@@ -0,0 +1,74 @@
+
+#include <botan/ecdsa_sig.h>
+#include <memory>
+
+namespace Botan {
+
+ECDSA_Signature::ECDSA_Signature(const BigInt& r, const BigInt& s)
+ : m_r(r),
+ m_s(s)
+ {}
+
+ECDSA_Signature::ECDSA_Signature(const ECDSA_Signature& other)
+ : m_r(other.m_r), m_s(other.m_s)
+ {}
+
+ECDSA_Signature const& ECDSA_Signature::operator=(const ECDSA_Signature& other)
+ {
+ m_r = other.m_r;
+ m_s = other.m_s;
+ return *this;
+ }
+
+bool operator==(const ECDSA_Signature& lhs, const ECDSA_Signature& rhs)
+ {
+ return (lhs.get_r() == rhs.get_r() && lhs.get_s() == rhs.get_s());
+ }
+
+ECDSA_Signature_Decoder* ECDSA_Signature::x509_decoder()
+ {
+ return new ECDSA_Signature_Decoder(this);
+ }
+
+ECDSA_Signature_Encoder* ECDSA_Signature::x509_encoder() const
+ {
+ return new ECDSA_Signature_Encoder(this);
+ }
+
+SecureVector<byte> const ECDSA_Signature::get_concatenation() const
+ {
+ u32bit enc_len = m_r > m_s ? m_r.bytes() : m_s.bytes(); // use the larger
+
+ SecureVector<byte> sv_r = BigInt::encode_1363(m_r, enc_len);
+ SecureVector<byte> sv_s = BigInt::encode_1363(m_s, enc_len);
+
+ SecureVector<byte> result(sv_r);
+ result.append(sv_s);
+ return result;
+ }
+
+ECDSA_Signature const decode_seq(MemoryRegion<byte> const& seq)
+ {
+ ECDSA_Signature sig;
+
+ std::auto_ptr<ECDSA_Signature_Decoder> dec(new ECDSA_Signature_Decoder(&sig));
+ dec->signature_bits(seq);
+ return sig;
+ }
+
+ECDSA_Signature const decode_concatenation(MemoryRegion<byte> const& concat)
+ {
+ if(concat.size() % 2 != 0)
+ throw Invalid_Argument("Erroneous length of signature");
+
+ u32bit rs_len = concat.size()/2;
+ SecureVector<byte> sv_r;
+ SecureVector<byte> sv_s;
+ sv_r.set(concat.begin(), rs_len);
+ sv_s.set(&concat[rs_len], rs_len);
+ BigInt r = BigInt::decode(sv_r, sv_r.size());
+ BigInt s = BigInt::decode(sv_s, sv_s.size());
+ return ECDSA_Signature(r, s);
+ }
+
+}
diff --git a/src/cert/cvc/ecdsa_sig.h b/src/cert/cvc/ecdsa_sig.h
new file mode 100644
index 000000000..720acaedc
--- /dev/null
+++ b/src/cert/cvc/ecdsa_sig.h
@@ -0,0 +1,86 @@
+/*************************************************
+* ECDSA Header File *
+* (C) 2007 Falko Strenzke, FlexSecure GmbH *
+* (C) 2008 Jack Lloyd *
+*************************************************/
+
+#ifndef BOTAN_ECDSA_SIGNATURE_H__
+#define BOTAN_ECDSA_SIGNATURE_H__
+
+#include <botan/bigint.h>
+#include <botan/der_enc.h>
+#include <botan/ber_dec.h>
+
+namespace Botan {
+
+class BOTAN_DLL ECDSA_Signature
+ {
+ public:
+ friend class ECDSA_Signature_Decoder;
+
+ ECDSA_Signature() {}
+ ECDSA_Signature(const BigInt& r, const BigInt& s);
+ ECDSA_Signature(ECDSA_Signature const& other);
+ ECDSA_Signature const& operator=(ECDSA_Signature const& other);
+
+ const BigInt& get_r() const { return m_r; }
+ const BigInt& get_s() const { return m_s; }
+
+ /**
+ * return the r||s
+ */
+ SecureVector<byte> const get_concatenation() const;
+ private:
+ BigInt m_r;
+ BigInt m_s;
+ };
+
+/* Equality of ECDSA_Signature */
+bool operator==(const ECDSA_Signature& lhs, const ECDSA_Signature& rhs);
+inline bool operator!=(const ECDSA_Signature& lhs, const ECDSA_Signature& rhs)
+ {
+ return !(lhs == rhs);
+ }
+
+class BOTAN_DLL ECDSA_Signature_Decoder
+ {
+ public:
+ void signature_bits(const MemoryRegion<byte>& bits)
+ {
+ BER_Decoder(bits)
+ .start_cons(SEQUENCE)
+ .decode(m_signature->m_r)
+ .decode(m_signature->m_s)
+ .verify_end()
+ .end_cons();
+ }
+ ECDSA_Signature_Decoder(ECDSA_Signature* signature) : m_signature(signature)
+ {}
+ private:
+ ECDSA_Signature* m_signature;
+ };
+
+class BOTAN_DLL ECDSA_Signature_Encoder
+ {
+ public:
+ MemoryVector<byte> signature_bits() const
+ {
+ return DER_Encoder()
+ .start_cons(SEQUENCE)
+ .encode(m_signature->get_r())
+ .encode(m_signature->get_s())
+ .end_cons()
+ .get_contents();
+ }
+ ECDSA_Signature_Encoder(const ECDSA_Signature* signature) : m_signature(signature)
+ {}
+ private:
+ const ECDSA_Signature* m_signature;
+ };
+
+ECDSA_Signature const decode_seq(MemoryRegion<byte> const& seq);
+ECDSA_Signature const decode_concatenation(MemoryRegion<byte> const& concatenation);
+
+}
+
+#endif
diff --git a/src/cert/cvc/info.txt b/src/cert/cvc/info.txt
index 9a7565424..229c431bc 100644
--- a/src/cert/cvc/info.txt
+++ b/src/cert/cvc/info.txt
@@ -12,6 +12,8 @@ ecdsa
<add>
asn1_eac_str.cpp
asn1_eac_tm.cpp
+ecdsa_sig.cpp
+ecdsa_sig.h
cvc_ado.cpp
cvc_ado.h
cvc_ca.cpp