diff options
author | lloyd <[email protected]> | 2008-10-08 21:08:06 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2008-10-08 21:08:06 +0000 |
commit | 832dfea7d8d664ee186f94213185c51047ea6cfa (patch) | |
tree | 392121f7bb1e4f3e84b5ae0aa395d88b87298065 /src/cert | |
parent | 0ffb4257258df236dc469ef086b1871fe7b5afba (diff) |
Fix further compilation errors. However some functionality is disabled since
ECDSA keys do not support the EAC serialization mechanism yet.
Diffstat (limited to 'src/cert')
-rw-r--r-- | src/cert/cvc/asn1_eac_tm.cpp | 16 | ||||
-rw-r--r-- | src/cert/cvc/cvc_self.cpp | 73 | ||||
-rw-r--r-- | src/cert/cvc/cvc_self.h | 9 |
3 files changed, 64 insertions, 34 deletions
diff --git a/src/cert/cvc/asn1_eac_tm.cpp b/src/cert/cvc/asn1_eac_tm.cpp index 81c99f190..91688879c 100644 --- a/src/cert/cvc/asn1_eac_tm.cpp +++ b/src/cert/cvc/asn1_eac_tm.cpp @@ -265,22 +265,6 @@ bool operator<(const EAC_Time& t1, const EAC_Time& t2) } /************************************************* -* Do a validity check * -*************************************************/ -s32bit validity_check(const EAC_Time& start, const EAC_Time& end, - u64bit current_time) - { - - const s32bit NOT_YET_VALID = -1, VALID_TIME = 0, EXPIRED = 1; - - if (start.cmp(current_time) > 0) - return NOT_YET_VALID; - if (end.cmp(current_time) < 0) - return EXPIRED; - return VALID_TIME; - } - -/************************************************* * Decode a BER encoded EAC_Time * *************************************************/ void EAC_Time::decode_from(BER_Decoder& source) diff --git a/src/cert/cvc/cvc_self.cpp b/src/cert/cvc/cvc_self.cpp index 9ea561366..340d01db6 100644 --- a/src/cert/cvc/cvc_self.cpp +++ b/src/cert/cvc/cvc_self.cpp @@ -19,6 +19,19 @@ namespace Botan { namespace { +/******************************* +* cvc CHAT values * +*******************************/ +enum CHAT_values{ + CVCA = 0xC0, + DVCA_domestic = 0x80, + DVCA_foreign = 0x40, + IS = 0x00, + + IRIS = 0x02, + FINGERPRINT = 0x01 +}; + std::string padding_and_hash_from_oid(OID const& oid) { std::string padding_and_hash = OIDS::lookup(oid); // use the hash @@ -49,7 +62,8 @@ namespace CVC_EAC { EAC1_1_CVC create_self_signed_cert(Private_Key const& key, - EAC1_1_CVC_Options const& opt) + EAC1_1_CVC_Options const& opt, + RandomNumberGenerator& rng) { // NOTE: we ignore // the value @@ -70,15 +84,21 @@ EAC1_1_CVC create_self_signed_cert(Private_Key const& key, std::auto_ptr<Botan::PK_Signer> signer(get_pk_signer(*priv_key, padding_and_hash)); +#if 0 std::auto_ptr<EAC1_1_CVC_Encoder> enc(priv_key->cvc_eac1_1_encoder()); MemoryVector<byte> enc_public_key = enc->public_key(sig_algo); - return EAC1_1_CVC_CA::make_cert(signer, enc_public_key, opt.car, chr, opt.holder_auth_templ, opt.ced, opt.cex); +#else + MemoryVector<byte> enc_public_key; +#endif + + return EAC1_1_CVC_CA::make_cert(signer, enc_public_key, opt.car, chr, opt.holder_auth_templ, opt.ced, opt.cex, rng); } EAC1_1_Req create_cvc_req(Private_Key const& key, ASN1_Chr const& chr, - std::string const& hash_alg) + std::string const& hash_alg, + RandomNumberGenerator& rng) { ECDSA_PrivateKey const* priv_key = dynamic_cast<ECDSA_PrivateKey const*>(&key); @@ -91,10 +111,15 @@ EAC1_1_Req create_cvc_req(Private_Key const& key, sig_algo.oid = OIDS::lookup_bsi(priv_key->algo_name() + "/" + padding_and_hash); sig_algo = AlgorithmIdentifier(sig_algo.oid, AlgorithmIdentifier::USE_NULL_PARAM); - std::auto_ptr<Botan::PK_Signer> signer = get_pk_signer(*priv_key, padding_and_hash); + std::auto_ptr<Botan::PK_Signer> signer(get_pk_signer(*priv_key, padding_and_hash)); +#if 0 std::auto_ptr<EAC1_1_CVC_Encoder> enc(priv_key->cvc_eac1_1_encoder()); MemoryVector<byte> enc_public_key = enc->public_key(sig_algo); +#else + MemoryVector<byte> enc_public_key; +#endif + MemoryVector<byte> enc_cpi; enc_cpi.append(0x00); MemoryVector<byte> tbs = DER_Encoder() @@ -103,14 +128,15 @@ EAC1_1_Req create_cvc_req(Private_Key const& key, .encode(chr) .get_contents(); - MemoryVector<byte> signed_cert = EAC1_1_gen_CVC<EAC1_1_Req>::make_signed(signer, EAC1_1_gen_CVC<EAC1_1_Req>::build_cert_body(tbs)); + MemoryVector<byte> signed_cert = EAC1_1_gen_CVC<EAC1_1_Req>::make_signed(signer, EAC1_1_gen_CVC<EAC1_1_Req>::build_cert_body(tbs), rng); std::tr1::shared_ptr<DataSource> source(new DataSource_Memory(signed_cert)); return EAC1_1_Req(source); } EAC1_1_ADO create_ado_req(Private_Key const& key, EAC1_1_Req const& req, - ASN1_Car const& car) + ASN1_Car const& car, + RandomNumberGenerator& rng) { ECDSA_PrivateKey const* priv_key = dynamic_cast<ECDSA_PrivateKey const*>(&key); @@ -122,7 +148,7 @@ EAC1_1_ADO create_ado_req(Private_Key const& key, std::auto_ptr<Botan::PK_Signer> signer(get_pk_signer(*priv_key, padding_and_hash)); SecureVector<byte> tbs_bits = req.BER_encode(); tbs_bits.append(DER_Encoder().encode(car).get_contents()); - MemoryVector<byte> signed_cert = EAC1_1_ADO::make_signed(signer, tbs_bits); + MemoryVector<byte> signed_cert = EAC1_1_ADO::make_signed(signer, tbs_bits, rng); std::tr1::shared_ptr<DataSource> source(new DataSource_Memory(signed_cert)); return EAC1_1_ADO(source); } @@ -130,6 +156,7 @@ EAC1_1_ADO create_ado_req(Private_Key const& key, } // namespace CVC_EAC namespace DE_EAC { + EAC1_1_CVC create_cvca(Private_Key const& key, std::string const& hash, ASN1_Car const& car, bool iris, bool fingerpr) { ECDSA_PrivateKey const* priv_key = dynamic_cast<ECDSA_PrivateKey const*>(&key); @@ -153,7 +180,8 @@ EAC1_1_CVC create_cvca(Private_Key const& key, std::string const& hash, ASN1_Car EAC1_1_CVC link_cvca(EAC1_1_CVC const& signer, Private_Key const& key, - EAC1_1_CVC const& signee) + EAC1_1_CVC const& signee, + RandomNumberGenerator& rng) { ECDSA_PrivateKey const* priv_key = dynamic_cast<ECDSA_PrivateKey const*>(&key); if (priv_key == 0) @@ -164,7 +192,7 @@ EAC1_1_CVC link_cvca(EAC1_1_CVC const& signer, ASN1_Cex cex(signee.get_cex()); if (*static_cast<EAC_Time*>(&ced) > *static_cast<EAC_Time*>(&cex)) { - std::string detail("link_cvca(): validity periods of provided certificates donĀ“t overlap: currend time = ced = "); + std::string detail("link_cvca(): validity periods of provided certificates don't overlap: currend time = ced = "); detail += ced.as_string(); detail += ", signee.cex = "; detail += cex.as_string(); @@ -176,18 +204,25 @@ EAC1_1_CVC link_cvca(EAC1_1_CVC const& signer, } AlgorithmIdentifier sig_algo = signer.signature_algorithm(); std::string padding_and_hash = padding_and_hash_from_oid(sig_algo.oid); - std::auto_ptr<Botan::PK_Signer> pk_signer = get_pk_signer(*priv_key, padding_and_hash); + std::auto_ptr<Botan::PK_Signer> pk_signer(get_pk_signer(*priv_key, padding_and_hash)); std::auto_ptr<Public_Key> pk = signee.subject_public_key(); ECDSA_PublicKey* subj_pk = dynamic_cast<ECDSA_PublicKey*>(pk.get()); subj_pk->set_parameter_encoding(ENC_EXPLICIT); + +#if 0 std::auto_ptr<EAC1_1_CVC_Encoder> enc(subj_pk->cvc_eac1_1_encoder()); MemoryVector<byte> enc_public_key = enc->public_key(sig_algo); +#else + MemoryVector<byte> enc_public_key; +#endif + return EAC1_1_CVC_CA::make_cert(pk_signer, enc_public_key, signer.get_car(), signee.get_chr(), signer.get_chat_value(), ced, - cex); + cex, + rng); } EAC1_1_CVC sign_request(EAC1_1_CVC const& signer_cert, @@ -195,7 +230,8 @@ EAC1_1_CVC sign_request(EAC1_1_CVC const& signer_cert, EAC1_1_Req const& signee, u32bit seqnr, u32bit seqnr_len, - bool domestic) + bool domestic, + RandomNumberGenerator& rng) { ECDSA_PrivateKey const* priv_key = dynamic_cast<ECDSA_PrivateKey const*>(&key); if (priv_key == 0) @@ -206,7 +242,7 @@ EAC1_1_CVC sign_request(EAC1_1_CVC const& signer_cert, chr_str.append(fixed_len_seqnr(seqnr, seqnr_len)); ASN1_Chr chr(chr_str); std::string padding_and_hash = padding_and_hash_from_oid(signee.signature_algorithm().oid); - std::auto_ptr<Botan::PK_Signer> pk_signer = get_pk_signer(*priv_key, padding_and_hash); + std::auto_ptr<Botan::PK_Signer> pk_signer(get_pk_signer(*priv_key, padding_and_hash)); std::auto_ptr<Public_Key> pk = signee.subject_public_key(); ECDSA_PublicKey* subj_pk = dynamic_cast<ECDSA_PublicKey*>(pk.get()); std::auto_ptr<Public_Key> signer_pk = signer_cert.subject_public_key(); @@ -216,9 +252,15 @@ EAC1_1_CVC sign_request(EAC1_1_CVC const& signer_cert, subj_pk->set_domain_parameters(priv_key->get_domain_parameters()); subj_pk->set_parameter_encoding(ENC_IMPLICITCA); + +#if 0 std::auto_ptr<EAC1_1_CVC_Encoder> enc(subj_pk->cvc_eac1_1_encoder()); - AlgorithmIdentifier sig_algo(signer_cert.signature_algorithm()); MemoryVector<byte> enc_public_key = enc->public_key(sig_algo); +#else + MemoryVector<byte> enc_public_key; +#endif + + AlgorithmIdentifier sig_algo(signer_cert.signature_algorithm()); const u64bit current_time = system_time(); ASN1_Ced ced(current_time); u32bit chat_val; @@ -253,7 +295,8 @@ EAC1_1_CVC sign_request(EAC1_1_CVC const& signer_cert, chr, chat_val, ced, - cex); + cex, + rng); } EAC1_1_Req create_cvc_req(Private_Key const& prkey, ASN1_Chr const& chr, diff --git a/src/cert/cvc/cvc_self.h b/src/cert/cvc/cvc_self.h index c2eaf9737..608d93af8 100644 --- a/src/cert/cvc/cvc_self.h +++ b/src/cert/cvc/cvc_self.h @@ -46,7 +46,8 @@ namespace CVC_EAC */ EAC1_1_CVC create_self_signed_cert(Private_Key const& key, - EAC1_1_CVC_Options const& opts); + EAC1_1_CVC_Options const& opts, + RandomNumberGenerator& rng); /** * Create a CVC request. The key encoding will be according to the provided private key. * @param priv_key the private key associated with the requesting entity @@ -107,7 +108,8 @@ EAC1_1_CVC create_cvca(Private_Key const& priv_key, */ EAC1_1_CVC link_cvca(EAC1_1_CVC const& signer, Private_Key const& priv_key, - EAC1_1_CVC const& to_be_signed); + EAC1_1_CVC const& to_be_signed, + RandomNumberGenerator& rng); /** * Create a CVC request. The key encoding will be implicitCA. @@ -139,7 +141,8 @@ EAC1_1_CVC sign_request(EAC1_1_CVC const& signer_cert, EAC1_1_Req const& req, u32bit seqnr, u32bit seqnr_len, - bool domestic); + bool domestic, + RandomNumberGenerator& rng); } } |