diff options
author | lloyd <[email protected]> | 2010-03-02 18:19:29 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2010-03-02 18:19:29 +0000 |
commit | bc6999a27f996747cba2bfffdce70ca9106c3a4e (patch) | |
tree | a5823d0019af69e2f29fb0fc935a8b4d05518326 /src/cert | |
parent | f85024b6c52bf276e92854afff7813ae5740de71 (diff) |
Lots of internal CVC cleanups
Diffstat (limited to 'src/cert')
-rw-r--r-- | src/cert/cvc/cvc_ado.h | 5 | ||||
-rw-r--r-- | src/cert/cvc/cvc_ca.cpp | 44 | ||||
-rw-r--r-- | src/cert/cvc/cvc_ca.h | 51 | ||||
-rw-r--r-- | src/cert/cvc/cvc_cert.cpp | 37 | ||||
-rw-r--r-- | src/cert/cvc/cvc_cert.h | 30 | ||||
-rw-r--r-- | src/cert/cvc/cvc_gen_cert.h | 9 | ||||
-rw-r--r-- | src/cert/cvc/cvc_req.h | 3 | ||||
-rw-r--r-- | src/cert/cvc/cvc_self.cpp | 87 | ||||
-rw-r--r-- | src/cert/cvc/eac_asn_obj.h | 4 | ||||
-rw-r--r-- | src/cert/cvc/eac_obj.h | 11 | ||||
-rw-r--r-- | src/cert/cvc/ecdsa_sig.cpp | 8 | ||||
-rw-r--r-- | src/cert/cvc/ecdsa_sig.h | 22 | ||||
-rw-r--r-- | src/cert/cvc/info.txt | 2 |
13 files changed, 121 insertions, 192 deletions
diff --git a/src/cert/cvc/cvc_ado.h b/src/cert/cvc/cvc_ado.h index 100888d29..230ee8b8d 100644 --- a/src/cert/cvc/cvc_ado.h +++ b/src/cert/cvc/cvc_ado.h @@ -8,11 +8,8 @@ #ifndef BOTAN_EAC_CVC_ADO_H__ #define BOTAN_EAC_CVC_ADO_H__ -#include <botan/x509_key.h> -#include <botan/pubkey_enums.h> -#include <botan/pubkey.h> -#include <botan/ecdsa.h> #include <botan/eac_obj.h> +#include <botan/eac_asn_obj.h> #include <botan/cvc_req.h> #include <string> diff --git a/src/cert/cvc/cvc_ca.cpp b/src/cert/cvc/cvc_ca.cpp deleted file mode 100644 index af40fcd05..000000000 --- a/src/cert/cvc/cvc_ca.cpp +++ /dev/null @@ -1,44 +0,0 @@ -#include <botan/cvc_ca.h> -#include <botan/cvc_cert.h> -#include <botan/der_enc.h> -#include <botan/oids.h> -namespace Botan { - -EAC1_1_CVC EAC1_1_CVC_CA::make_cert(PK_Signer& signer, - MemoryRegion<byte> const& public_key, - ASN1_Car const& car, - ASN1_Chr const& chr, - byte holder_auth_templ, - ASN1_Ced ced, - ASN1_Cex cex, - RandomNumberGenerator& rng) - { - OID chat_oid(OIDS::lookup("CertificateHolderAuthorizationTemplate")); - MemoryVector<byte> enc_chat_val; - enc_chat_val.append(holder_auth_templ); - - MemoryVector<byte> enc_cpi; - enc_cpi.append(0x00); - MemoryVector<byte> tbs = DER_Encoder() - .encode(enc_cpi, OCTET_STRING, ASN1_Tag(41), APPLICATION) // cpi - .encode(car) - .raw_bytes(public_key) - .encode(chr) - .start_cons(ASN1_Tag(76), APPLICATION) - .encode(chat_oid) - .encode(enc_chat_val, OCTET_STRING, ASN1_Tag(19), APPLICATION) - .end_cons() - .encode(ced) - .encode(cex) - .get_contents(); - - MemoryVector<byte> signed_cert = - EAC1_1_CVC::make_signed(signer, - EAC1_1_CVC::build_cert_body(tbs), - rng); - - DataSource_Memory source(signed_cert); - return EAC1_1_CVC(source); - } - -} diff --git a/src/cert/cvc/cvc_ca.h b/src/cert/cvc/cvc_ca.h deleted file mode 100644 index 87699808f..000000000 --- a/src/cert/cvc/cvc_ca.h +++ /dev/null @@ -1,51 +0,0 @@ -/* -* EAC1.1 CVC Certificate Authority -* (C) 2007 FlexSecure GmbH -* 2008 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#ifndef BOTAN_CVC_CA_H__ -#define BOTAN_CVC_CA_H__ - -#include <botan/pkcs8.h> -#include <botan/pkcs10.h> -#include <botan/pubkey.h> -#include <botan/cvc_cert.h> - -namespace Botan { - -/** -* This class represents a CVC CA. -*/ -class BOTAN_DLL EAC1_1_CVC_CA - { - public: - - /** - * Create an arbitrary EAC 1.1 CVC. - * The desired key encoding must be set within the key (if applicable). - * @param signer the signer used to sign the certificate - * @param public_key the DER encoded public key to appear in - * the certificate - * @param car the CAR of the certificate - * @param chr the CHR of the certificate - * @param holder_auth_templ the holder authorization value byte to - * appear in the CHAT of the certificate - * @param ced the CED to appear in the certificate - * @param ced the CEX to appear in the certificate - */ - static EAC1_1_CVC make_cert(PK_Signer& signer, - MemoryRegion<byte> const& public_key, - ASN1_Car const& car, - ASN1_Chr const& chr, - byte holder_auth_templ, - ASN1_Ced ced, - ASN1_Cex cex, - RandomNumberGenerator& rng); - }; - -} - -#endif diff --git a/src/cert/cvc/cvc_cert.cpp b/src/cert/cvc/cvc_cert.cpp index 94d80af21..44a3ff508 100644 --- a/src/cert/cvc/cvc_cert.cpp +++ b/src/cert/cvc/cvc_cert.cpp @@ -99,4 +99,41 @@ bool EAC1_1_CVC::operator==(EAC1_1_CVC const& rhs) const && get_concat_sig() == rhs.get_concat_sig()); } +EAC1_1_CVC make_cvc_cert(PK_Signer& signer, + MemoryRegion<byte> const& public_key, + ASN1_Car const& car, + ASN1_Chr const& chr, + byte holder_auth_templ, + ASN1_Ced ced, + ASN1_Cex cex, + RandomNumberGenerator& rng) + { + OID chat_oid(OIDS::lookup("CertificateHolderAuthorizationTemplate")); + MemoryVector<byte> enc_chat_val; + enc_chat_val.append(holder_auth_templ); + + MemoryVector<byte> enc_cpi; + enc_cpi.append(0x00); + MemoryVector<byte> tbs = DER_Encoder() + .encode(enc_cpi, OCTET_STRING, ASN1_Tag(41), APPLICATION) // cpi + .encode(car) + .raw_bytes(public_key) + .encode(chr) + .start_cons(ASN1_Tag(76), APPLICATION) + .encode(chat_oid) + .encode(enc_chat_val, OCTET_STRING, ASN1_Tag(19), APPLICATION) + .end_cons() + .encode(ced) + .encode(cex) + .get_contents(); + + MemoryVector<byte> signed_cert = + EAC1_1_CVC::make_signed(signer, + EAC1_1_CVC::build_cert_body(tbs), + rng); + + DataSource_Memory source(signed_cert); + return EAC1_1_CVC(source); + } + } diff --git a/src/cert/cvc/cvc_cert.h b/src/cert/cvc/cvc_cert.h index ae0c21d7b..14287cfdd 100644 --- a/src/cert/cvc/cvc_cert.h +++ b/src/cert/cvc/cvc_cert.h @@ -9,13 +9,6 @@ #ifndef BOTAN_CVC_EAC_H__ #define BOTAN_CVC_EAC_H__ -#include <botan/x509_key.h> -#include <botan/pubkey_enums.h> -#include <botan/signed_obj.h> -#include <botan/pubkey.h> -#include <botan/ecdsa.h> -#include <botan/ecdsa_sig.h> -#include <botan/eac_obj.h> #include <botan/cvc_gen_cert.h> #include <string> @@ -70,7 +63,6 @@ class BOTAN_DLL EAC1_1_CVC : public EAC1_1_gen_CVC<EAC1_1_CVC>//Signed_Object virtual ~EAC1_1_CVC() {} private: void force_decode(); - friend class EAC1_1_CVC_CA; EAC1_1_CVC() {} ASN1_Car m_car; @@ -88,6 +80,28 @@ inline bool operator!=(EAC1_1_CVC const& lhs, EAC1_1_CVC const& rhs) return !(lhs == rhs); } +/** +* Create an arbitrary EAC 1.1 CVC. +* The desired key encoding must be set within the key (if applicable). +* @param signer the signer used to sign the certificate +* @param public_key the DER encoded public key to appear in +* the certificate +* @param car the CAR of the certificate +* @param chr the CHR of the certificate +* @param holder_auth_templ the holder authorization value byte to +* appear in the CHAT of the certificate +* @param ced the CED to appear in the certificate +* @param ced the CEX to appear in the certificate +*/ +EAC1_1_CVC BOTAN_DLL make_cvc_cert(PK_Signer& signer, + MemoryRegion<byte> const& public_key, + ASN1_Car const& car, + ASN1_Chr const& chr, + byte holder_auth_templ, + ASN1_Ced ced, + ASN1_Cex cex, + RandomNumberGenerator& rng); + } #endif diff --git a/src/cert/cvc/cvc_gen_cert.h b/src/cert/cvc/cvc_gen_cert.h index 0a79d96d2..4e3f3013e 100644 --- a/src/cert/cvc/cvc_gen_cert.h +++ b/src/cert/cvc/cvc_gen_cert.h @@ -1,7 +1,7 @@ /* * EAC1_1 general CVC * (C) 2008 Falko Strenzke -* 2008 Jack Lloyd +* 2008-2010 Jack Lloyd * * Distributed under the terms of the Botan license */ @@ -9,13 +9,10 @@ #ifndef BOTAN_EAC_CVC_GEN_CERT_H__ #define BOTAN_EAC_CVC_GEN_CERT_H__ -#include <botan/x509_key.h> +#include <botan/eac_obj.h> #include <botan/eac_asn_obj.h> -#include <botan/pubkey_enums.h> -#include <botan/pubkey.h> #include <botan/ecdsa.h> -#include <botan/ecdsa_sig.h> -#include <string> +#include <memory> namespace Botan { diff --git a/src/cert/cvc/cvc_req.h b/src/cert/cvc/cvc_req.h index 2abc72c9a..bfd65981f 100644 --- a/src/cert/cvc/cvc_req.h +++ b/src/cert/cvc/cvc_req.h @@ -8,10 +8,7 @@ #ifndef BOTAN_EAC_CVC_REQ_H__ #define BOTAN_EAC_CVC_REQ_H__ -#include <botan/x509_key.h> -#include <botan/pubkey_enums.h> #include <botan/cvc_gen_cert.h> -#include <botan/cvc_req.h> namespace Botan { diff --git a/src/cert/cvc/cvc_self.cpp b/src/cert/cvc/cvc_self.cpp index c5ac43b99..bafeea63f 100644 --- a/src/cert/cvc/cvc_self.cpp +++ b/src/cert/cvc/cvc_self.cpp @@ -1,13 +1,12 @@ /* (C) 2007 FlexSecure GmbH - 2008 Jack Lloyd + 2008-2010 Jack Lloyd * * Distributed under the terms of the Botan license */ #include <botan/cvc_self.h> #include <botan/cvc_cert.h> -#include <botan/cvc_ca.h> #include <botan/alg_id.h> #include <botan/cvc_key.h> #include <botan/oids.h> @@ -16,7 +15,6 @@ #include <botan/cvc_ado.h> #include <botan/time.h> #include <sstream> -#include <assert.h> namespace Botan { @@ -35,12 +33,20 @@ enum CHAT_values{ FINGERPRINT = 0x01 }; +MemoryVector<byte> eac_1_1_encoding(const Public_Key* pub_key) + { + throw Invalid_State("eac_1_1_encoding: Not implemented"); + return MemoryVector<byte>(); + } + std::string padding_and_hash_from_oid(OID const& oid) { std::string padding_and_hash = OIDS::lookup(oid); // use the hash - assert(padding_and_hash.substr(0,6) == "ECDSA/"); // can only be ECDSA for now - assert(padding_and_hash.find("/",0) == 5); - padding_and_hash.erase(0, padding_and_hash.find("/",0) + 1); + + if(padding_and_hash.substr(0,6) != "ECDSA/") + throw Invalid_State("CVC: Can only use ECDSA, not " + padding_and_hash); + + padding_and_hash.erase(0, padding_and_hash.find("/") + 1); return padding_and_hash; } @@ -89,18 +95,13 @@ EAC1_1_CVC create_self_signed_cert(Private_Key const& key, std::auto_ptr<Botan::PK_Signer> signer( get_pk_signer(*priv_key, padding_and_hash)); -#if 0 // FIXME - std::auto_ptr<EAC1_1_CVC_Encoder> enc(priv_key->cvc_eac1_1_encoder()); - MemoryVector<byte> enc_public_key = enc->public_key(sig_algo); -#else - MemoryVector<byte> enc_public_key; -#endif - - return EAC1_1_CVC_CA::make_cert(*signer, - enc_public_key, - opt.car, chr, - opt.holder_auth_templ, - opt.ced, opt.cex, rng); + MemoryVector<byte> enc_public_key = eac_1_1_encoding(priv_key); + + return make_cvc_cert(*signer, + enc_public_key, + opt.car, chr, + opt.holder_auth_templ, + opt.ced, opt.cex, rng); } EAC1_1_Req create_cvc_req(Private_Key const& key, @@ -121,12 +122,7 @@ EAC1_1_Req create_cvc_req(Private_Key const& key, std::auto_ptr<Botan::PK_Signer> signer(get_pk_signer(*priv_key, padding_and_hash)); -#if 0 // FIXME - std::auto_ptr<EAC1_1_CVC_Encoder> enc(priv_key->cvc_eac1_1_encoder()); - MemoryVector<byte> enc_public_key = enc->public_key(sig_algo); -#else - MemoryVector<byte> enc_public_key; -#endif + MemoryVector<byte> enc_public_key = eac_1_1_encoding(priv_key); MemoryVector<byte> enc_cpi; enc_cpi.append(0x00); @@ -226,20 +222,14 @@ EAC1_1_CVC link_cvca(EAC1_1_CVC const& signer, ECDSA_PublicKey* subj_pk = dynamic_cast<ECDSA_PublicKey*>(pk.get()); subj_pk->set_parameter_encoding(EC_DOMPAR_ENC_EXPLICIT); -#if 0 // FIXME - std::auto_ptr<EAC1_1_CVC_Encoder> enc(subj_pk->cvc_eac1_1_encoder()); - MemoryVector<byte> enc_public_key = enc->public_key(sig_algo); -#else - MemoryVector<byte> enc_public_key; -#endif - - return EAC1_1_CVC_CA::make_cert(*pk_signer, enc_public_key, - signer.get_car(), - signee.get_chr(), - signer.get_chat_value(), - ced, - cex, - rng); + MemoryVector<byte> enc_public_key = eac_1_1_encoding(priv_key); + + return make_cvc_cert(*pk_signer, enc_public_key, + signer.get_car(), + signee.get_chr(), + signer.get_chat_value(), + ced, cex, + rng); } EAC1_1_CVC sign_request(EAC1_1_CVC const& signer_cert, @@ -272,12 +262,7 @@ EAC1_1_CVC sign_request(EAC1_1_CVC const& signer_cert, subj_pk->set_parameter_encoding(EC_DOMPAR_ENC_IMPLICITCA); -#if 0 // FIXME - std::auto_ptr<EAC1_1_CVC_Encoder> enc(subj_pk->cvc_eac1_1_encoder()); - MemoryVector<byte> enc_public_key = enc->public_key(sig_algo); -#else - MemoryVector<byte> enc_public_key; -#endif + MemoryVector<byte> enc_public_key = eac_1_1_encoding(priv_key); AlgorithmIdentifier sig_algo(signer_cert.signature_algorithm()); const u64bit current_time = system_time(); @@ -309,13 +294,13 @@ EAC1_1_CVC sign_request(EAC1_1_CVC const& signer_cert, throw Invalid_Argument("sign_request(): encountered illegal value for CHAT"); // (IS cannot sign certificates) } - return EAC1_1_CVC_CA::make_cert(*pk_signer, enc_public_key, - ASN1_Car(signer_cert.get_chr().iso_8859()), - chr, - chat_val, - ced, - cex, - rng); + return make_cvc_cert(*pk_signer, enc_public_key, + ASN1_Car(signer_cert.get_chr().iso_8859()), + chr, + chat_val, + ced, + cex, + rng); } EAC1_1_Req create_cvc_req(Private_Key const& prkey, diff --git a/src/cert/cvc/eac_asn_obj.h b/src/cert/cvc/eac_asn_obj.h index 652c9a6e6..9eaf02f63 100644 --- a/src/cert/cvc/eac_asn_obj.h +++ b/src/cert/cvc/eac_asn_obj.h @@ -1,7 +1,7 @@ /* * EAC ASN.1 Objects * (C) 2007-2008 FlexSecure GmbH -* 2008 Jack Lloyd +* 2008-2010 Jack Lloyd * * Distributed under the terms of the Botan license */ @@ -10,8 +10,6 @@ #define BOTAN_EAC_ASN1_OBJ_H__ #include <botan/asn1_obj.h> -#include <vector> -#include <map> namespace Botan { diff --git a/src/cert/cvc/eac_obj.h b/src/cert/cvc/eac_obj.h index f41d0af2b..1c6802d58 100644 --- a/src/cert/cvc/eac_obj.h +++ b/src/cert/cvc/eac_obj.h @@ -8,16 +8,11 @@ #ifndef BOTAN_EAC_OBJ_H__ #define BOTAN_EAC_OBJ_H__ -#include <botan/pubkey.h> -#include <botan/x509_key.h> +#include <botan/ecdsa_sig.h> #include <botan/signed_obj.h> -#include <botan/pubkey_enums.h> -#include <botan/pubkey.h> -#include <botan/parsing.h> -#include <botan/pem.h> -#include <botan/oids.h> #include <botan/look_pk.h> -#include <botan/ecdsa_sig.h> +#include <botan/oids.h> +#include <memory> #include <string> namespace Botan { diff --git a/src/cert/cvc/ecdsa_sig.cpp b/src/cert/cvc/ecdsa_sig.cpp index c33a4550a..f49aa1b09 100644 --- a/src/cert/cvc/ecdsa_sig.cpp +++ b/src/cert/cvc/ecdsa_sig.cpp @@ -13,7 +13,7 @@ ECDSA_Signature::ECDSA_Signature(const ECDSA_Signature& other) : m_r(other.m_r), m_s(other.m_s) {} -ECDSA_Signature const& ECDSA_Signature::operator=(const ECDSA_Signature& other) +ECDSA_Signature& ECDSA_Signature::operator=(const ECDSA_Signature& other) { m_r = other.m_r; m_s = other.m_s; @@ -25,7 +25,7 @@ bool operator==(const ECDSA_Signature& lhs, const ECDSA_Signature& rhs) return (lhs.get_r() == rhs.get_r() && lhs.get_s() == rhs.get_s()); } -SecureVector<byte> const ECDSA_Signature::get_concatenation() const +SecureVector<byte> ECDSA_Signature::get_concatenation() const { u32bit enc_len = m_r > m_s ? m_r.bytes() : m_s.bytes(); // use the larger @@ -37,7 +37,7 @@ SecureVector<byte> const ECDSA_Signature::get_concatenation() const return result; } -ECDSA_Signature const decode_seq(MemoryRegion<byte> const& seq) +ECDSA_Signature decode_seq(const MemoryRegion<byte>& seq) { ECDSA_Signature sig; @@ -46,7 +46,7 @@ ECDSA_Signature const decode_seq(MemoryRegion<byte> const& seq) return sig; } -ECDSA_Signature const decode_concatenation(MemoryRegion<byte> const& concat) +ECDSA_Signature decode_concatenation(const MemoryRegion<byte>& concat) { if(concat.size() % 2 != 0) throw Invalid_Argument("Erroneous length of signature"); diff --git a/src/cert/cvc/ecdsa_sig.h b/src/cert/cvc/ecdsa_sig.h index 15015c76d..3e202d703 100644 --- a/src/cert/cvc/ecdsa_sig.h +++ b/src/cert/cvc/ecdsa_sig.h @@ -1,7 +1,7 @@ /* * ECDSA * (C) 2007 Falko Strenzke, FlexSecure GmbH -* (C) 2008 Jack Lloyd +* (C) 2008-2010 Jack Lloyd * * Distributed under the terms of the Botan license */ @@ -22,8 +22,8 @@ class BOTAN_DLL ECDSA_Signature ECDSA_Signature() {} ECDSA_Signature(const BigInt& r, const BigInt& s); - ECDSA_Signature(ECDSA_Signature const& other); - ECDSA_Signature const& operator=(ECDSA_Signature const& other); + ECDSA_Signature(const ECDSA_Signature& other); + ECDSA_Signature& operator=(const ECDSA_Signature& other); const BigInt& get_r() const { return m_r; } const BigInt& get_s() const { return m_s; } @@ -31,7 +31,7 @@ class BOTAN_DLL ECDSA_Signature /** * return the r||s */ - SecureVector<byte> const get_concatenation() const; + SecureVector<byte> get_concatenation() const; private: BigInt m_r; BigInt m_s; @@ -56,8 +56,11 @@ class BOTAN_DLL ECDSA_Signature_Decoder .verify_end() .end_cons(); } - ECDSA_Signature_Decoder(ECDSA_Signature* signature) : m_signature(signature) + + ECDSA_Signature_Decoder(ECDSA_Signature* signature) : + m_signature(signature) {} + private: ECDSA_Signature* m_signature; }; @@ -74,14 +77,17 @@ class BOTAN_DLL ECDSA_Signature_Encoder .end_cons() .get_contents(); } - ECDSA_Signature_Encoder(const ECDSA_Signature* signature) : m_signature(signature) + + ECDSA_Signature_Encoder(const ECDSA_Signature* signature) : + m_signature(signature) {} + private: const ECDSA_Signature* m_signature; }; -ECDSA_Signature const decode_seq(MemoryRegion<byte> const& seq); -ECDSA_Signature const decode_concatenation(MemoryRegion<byte> const& concatenation); +ECDSA_Signature decode_seq(const MemoryRegion<byte>& seq); +ECDSA_Signature decode_concatenation(const MemoryRegion<byte>& concatenation); } diff --git a/src/cert/cvc/info.txt b/src/cert/cvc/info.txt index f3cf42a0e..3b83781f7 100644 --- a/src/cert/cvc/info.txt +++ b/src/cert/cvc/info.txt @@ -4,7 +4,6 @@ load_on auto <header:public> cvc_ado.h -cvc_ca.h cvc_cert.h cvc_gen_cert.h cvc_key.h @@ -21,7 +20,6 @@ asn1_eac_str.cpp asn1_eac_tm.cpp ecdsa_sig.cpp cvc_ado.cpp -cvc_ca.cpp cvc_cert.cpp cvc_req.cpp cvc_self.cpp |