diff options
author | lloyd <[email protected]> | 2008-10-11 23:44:16 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2008-10-11 23:44:16 +0000 |
commit | 053dfa09e95039022e3c4249655cbe5fe12db9c5 (patch) | |
tree | 887f5570708fca65b2d16fa850d7f14e5387aa21 /src/cert/cvc | |
parent | 1c45e7840fd7ec7d3d6bbacbb615a4809a84a0a1 (diff) |
Move ECDSA_Signature into CVC module. It is not used by ECDSA directly now.
Change several ECC functions to return const references instead of const values.
Diffstat (limited to 'src/cert/cvc')
-rw-r--r-- | src/cert/cvc/cvc_self.cpp | 2 | ||||
-rw-r--r-- | src/cert/cvc/eac_obj.h | 38 | ||||
-rw-r--r-- | src/cert/cvc/ecdsa_sig.cpp | 74 | ||||
-rw-r--r-- | src/cert/cvc/ecdsa_sig.h | 86 | ||||
-rw-r--r-- | src/cert/cvc/info.txt | 2 |
5 files changed, 181 insertions, 21 deletions
diff --git a/src/cert/cvc/cvc_self.cpp b/src/cert/cvc/cvc_self.cpp index 66b8350a0..8b49d3186 100644 --- a/src/cert/cvc/cvc_self.cpp +++ b/src/cert/cvc/cvc_self.cpp @@ -255,7 +255,7 @@ EAC1_1_CVC sign_request(EAC1_1_CVC const& signer_cert, // for the case that the domain parameters are not set... // (we use those from the signer because they must fit) - subj_pk->set_domain_parameters(priv_key->get_domain_parameters()); + subj_pk->set_domain_parameters(priv_key->domain_parameters()); subj_pk->set_parameter_encoding(ENC_IMPLICITCA); diff --git a/src/cert/cvc/eac_obj.h b/src/cert/cvc/eac_obj.h index 6d170ea60..3b692673d 100644 --- a/src/cert/cvc/eac_obj.h +++ b/src/cert/cvc/eac_obj.h @@ -26,8 +26,8 @@ const std::string eac_cvc_emsa("EMSA1_BSI"); /************************************************* * TR03110 v1.1 EAC CV Certificate * *************************************************/ -template<typename Derived> -class BOTAN_DLL EAC1_1_obj : public EAC_Signed_Object // CRTP is used enable the call sequence: +template<typename Derived> // CRTP is used enable the call sequence: +class BOTAN_DLL EAC1_1_obj : public EAC_Signed_Object { // data members first: protected: @@ -64,11 +64,15 @@ template<typename Derived> SecureVector<byte> EAC1_1_obj<Derived>::get_concat_si { return m_sig.get_concatenation(); } -template<typename Derived> SecureVector<byte> EAC1_1_obj<Derived>::make_signature(PK_Signer* signer, - const MemoryRegion<byte>& tbs_bits, - RandomNumberGenerator& rng) + +template<typename Derived> SecureVector<byte> +EAC1_1_obj<Derived>::make_signature(PK_Signer* signer, + const MemoryRegion<byte>& tbs_bits, + RandomNumberGenerator& rng) { - SecureVector<byte> seq_sig = signer->sign_message(tbs_bits, rng); // this is the signature as a der sequence + // this is the signature as a der sequence + SecureVector<byte> seq_sig = signer->sign_message(tbs_bits, rng); + ECDSA_Signature sig(decode_seq(seq_sig)); SecureVector<byte> concat_sig(sig.get_concatenation()); return concat_sig; @@ -76,7 +80,6 @@ template<typename Derived> SecureVector<byte> EAC1_1_obj<Derived>::make_signatur template<typename Derived> void EAC1_1_obj<Derived>::init(SharedPtrConverter<DataSource> in) { - try { Derived::decode_info(in.get_shared(), tbs_bits, m_sig); @@ -87,7 +90,8 @@ template<typename Derived> void EAC1_1_obj<Derived>::init(SharedPtrConverter<Dat } } -template<typename Derived> bool EAC1_1_obj<Derived>::check_signature(Public_Key& pub_key) const +template<typename Derived> +bool EAC1_1_obj<Derived>::check_signature(Public_Key& pub_key) const { try { @@ -103,22 +107,16 @@ template<typename Derived> bool EAC1_1_obj<Derived>::check_signature(Public_Key& Signature_Format format = (pub_key.message_parts() >= 2) ? DER_SEQUENCE : IEEE_1363; - std::auto_ptr<PK_Verifier> verifier; - if(dynamic_cast<PK_Verifying_wo_MR_Key*>(&pub_key)) - { - PK_Verifying_wo_MR_Key& sig_key = - dynamic_cast<PK_Verifying_wo_MR_Key&>(pub_key); - verifier.reset(get_pk_verifier(sig_key, padding, format)); - } - else - { + if(!dynamic_cast<PK_Verifying_wo_MR_Key*>(&pub_key)) return false; - } - std::auto_ptr<ECDSA_Signature_Encoder> enc(m_sig.x509_encoder()); + + std::auto_ptr<ECDSA_Signature_Encoder> enc(new ECDSA_Signature_Encoder(&m_sig)); SecureVector<byte> seq_sig = enc->signature_bits(); SecureVector<byte> to_sign = tbs_data(); - return verifier->verify_message(to_sign, seq_sig); + PK_Verifying_wo_MR_Key& sig_key = dynamic_cast<PK_Verifying_wo_MR_Key&>(pub_key); + std::auto_ptr<PK_Verifier> verifier(get_pk_verifier(sig_key, padding, format)); + return verifier->verify_message(to_sign, seq_sig); } catch(...) { diff --git a/src/cert/cvc/ecdsa_sig.cpp b/src/cert/cvc/ecdsa_sig.cpp new file mode 100644 index 000000000..f0b407e56 --- /dev/null +++ b/src/cert/cvc/ecdsa_sig.cpp @@ -0,0 +1,74 @@ + +#include <botan/ecdsa_sig.h> +#include <memory> + +namespace Botan { + +ECDSA_Signature::ECDSA_Signature(const BigInt& r, const BigInt& s) + : m_r(r), + m_s(s) + {} + +ECDSA_Signature::ECDSA_Signature(const ECDSA_Signature& other) + : m_r(other.m_r), m_s(other.m_s) + {} + +ECDSA_Signature const& ECDSA_Signature::operator=(const ECDSA_Signature& other) + { + m_r = other.m_r; + m_s = other.m_s; + return *this; + } + +bool operator==(const ECDSA_Signature& lhs, const ECDSA_Signature& rhs) + { + return (lhs.get_r() == rhs.get_r() && lhs.get_s() == rhs.get_s()); + } + +ECDSA_Signature_Decoder* ECDSA_Signature::x509_decoder() + { + return new ECDSA_Signature_Decoder(this); + } + +ECDSA_Signature_Encoder* ECDSA_Signature::x509_encoder() const + { + return new ECDSA_Signature_Encoder(this); + } + +SecureVector<byte> const ECDSA_Signature::get_concatenation() const + { + u32bit enc_len = m_r > m_s ? m_r.bytes() : m_s.bytes(); // use the larger + + SecureVector<byte> sv_r = BigInt::encode_1363(m_r, enc_len); + SecureVector<byte> sv_s = BigInt::encode_1363(m_s, enc_len); + + SecureVector<byte> result(sv_r); + result.append(sv_s); + return result; + } + +ECDSA_Signature const decode_seq(MemoryRegion<byte> const& seq) + { + ECDSA_Signature sig; + + std::auto_ptr<ECDSA_Signature_Decoder> dec(new ECDSA_Signature_Decoder(&sig)); + dec->signature_bits(seq); + return sig; + } + +ECDSA_Signature const decode_concatenation(MemoryRegion<byte> const& concat) + { + if(concat.size() % 2 != 0) + throw Invalid_Argument("Erroneous length of signature"); + + u32bit rs_len = concat.size()/2; + SecureVector<byte> sv_r; + SecureVector<byte> sv_s; + sv_r.set(concat.begin(), rs_len); + sv_s.set(&concat[rs_len], rs_len); + BigInt r = BigInt::decode(sv_r, sv_r.size()); + BigInt s = BigInt::decode(sv_s, sv_s.size()); + return ECDSA_Signature(r, s); + } + +} diff --git a/src/cert/cvc/ecdsa_sig.h b/src/cert/cvc/ecdsa_sig.h new file mode 100644 index 000000000..720acaedc --- /dev/null +++ b/src/cert/cvc/ecdsa_sig.h @@ -0,0 +1,86 @@ +/************************************************* +* ECDSA Header File * +* (C) 2007 Falko Strenzke, FlexSecure GmbH * +* (C) 2008 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_ECDSA_SIGNATURE_H__ +#define BOTAN_ECDSA_SIGNATURE_H__ + +#include <botan/bigint.h> +#include <botan/der_enc.h> +#include <botan/ber_dec.h> + +namespace Botan { + +class BOTAN_DLL ECDSA_Signature + { + public: + friend class ECDSA_Signature_Decoder; + + ECDSA_Signature() {} + ECDSA_Signature(const BigInt& r, const BigInt& s); + ECDSA_Signature(ECDSA_Signature const& other); + ECDSA_Signature const& operator=(ECDSA_Signature const& other); + + const BigInt& get_r() const { return m_r; } + const BigInt& get_s() const { return m_s; } + + /** + * return the r||s + */ + SecureVector<byte> const get_concatenation() const; + private: + BigInt m_r; + BigInt m_s; + }; + +/* Equality of ECDSA_Signature */ +bool operator==(const ECDSA_Signature& lhs, const ECDSA_Signature& rhs); +inline bool operator!=(const ECDSA_Signature& lhs, const ECDSA_Signature& rhs) + { + return !(lhs == rhs); + } + +class BOTAN_DLL ECDSA_Signature_Decoder + { + public: + void signature_bits(const MemoryRegion<byte>& bits) + { + BER_Decoder(bits) + .start_cons(SEQUENCE) + .decode(m_signature->m_r) + .decode(m_signature->m_s) + .verify_end() + .end_cons(); + } + ECDSA_Signature_Decoder(ECDSA_Signature* signature) : m_signature(signature) + {} + private: + ECDSA_Signature* m_signature; + }; + +class BOTAN_DLL ECDSA_Signature_Encoder + { + public: + MemoryVector<byte> signature_bits() const + { + return DER_Encoder() + .start_cons(SEQUENCE) + .encode(m_signature->get_r()) + .encode(m_signature->get_s()) + .end_cons() + .get_contents(); + } + ECDSA_Signature_Encoder(const ECDSA_Signature* signature) : m_signature(signature) + {} + private: + const ECDSA_Signature* m_signature; + }; + +ECDSA_Signature const decode_seq(MemoryRegion<byte> const& seq); +ECDSA_Signature const decode_concatenation(MemoryRegion<byte> const& concatenation); + +} + +#endif diff --git a/src/cert/cvc/info.txt b/src/cert/cvc/info.txt index 9a7565424..229c431bc 100644 --- a/src/cert/cvc/info.txt +++ b/src/cert/cvc/info.txt @@ -12,6 +12,8 @@ ecdsa <add> asn1_eac_str.cpp asn1_eac_tm.cpp +ecdsa_sig.cpp +ecdsa_sig.h cvc_ado.cpp cvc_ado.h cvc_ca.cpp |