aboutsummaryrefslogtreecommitdiffstats
path: root/src/cert
diff options
context:
space:
mode:
authorlloyd <[email protected]>2010-03-02 18:19:29 +0000
committerlloyd <[email protected]>2010-03-02 18:19:29 +0000
commitbc6999a27f996747cba2bfffdce70ca9106c3a4e (patch)
treea5823d0019af69e2f29fb0fc935a8b4d05518326 /src/cert
parentf85024b6c52bf276e92854afff7813ae5740de71 (diff)
Lots of internal CVC cleanups
Diffstat (limited to 'src/cert')
-rw-r--r--src/cert/cvc/cvc_ado.h5
-rw-r--r--src/cert/cvc/cvc_ca.cpp44
-rw-r--r--src/cert/cvc/cvc_ca.h51
-rw-r--r--src/cert/cvc/cvc_cert.cpp37
-rw-r--r--src/cert/cvc/cvc_cert.h30
-rw-r--r--src/cert/cvc/cvc_gen_cert.h9
-rw-r--r--src/cert/cvc/cvc_req.h3
-rw-r--r--src/cert/cvc/cvc_self.cpp87
-rw-r--r--src/cert/cvc/eac_asn_obj.h4
-rw-r--r--src/cert/cvc/eac_obj.h11
-rw-r--r--src/cert/cvc/ecdsa_sig.cpp8
-rw-r--r--src/cert/cvc/ecdsa_sig.h22
-rw-r--r--src/cert/cvc/info.txt2
13 files changed, 121 insertions, 192 deletions
diff --git a/src/cert/cvc/cvc_ado.h b/src/cert/cvc/cvc_ado.h
index 100888d29..230ee8b8d 100644
--- a/src/cert/cvc/cvc_ado.h
+++ b/src/cert/cvc/cvc_ado.h
@@ -8,11 +8,8 @@
#ifndef BOTAN_EAC_CVC_ADO_H__
#define BOTAN_EAC_CVC_ADO_H__
-#include <botan/x509_key.h>
-#include <botan/pubkey_enums.h>
-#include <botan/pubkey.h>
-#include <botan/ecdsa.h>
#include <botan/eac_obj.h>
+#include <botan/eac_asn_obj.h>
#include <botan/cvc_req.h>
#include <string>
diff --git a/src/cert/cvc/cvc_ca.cpp b/src/cert/cvc/cvc_ca.cpp
deleted file mode 100644
index af40fcd05..000000000
--- a/src/cert/cvc/cvc_ca.cpp
+++ /dev/null
@@ -1,44 +0,0 @@
-#include <botan/cvc_ca.h>
-#include <botan/cvc_cert.h>
-#include <botan/der_enc.h>
-#include <botan/oids.h>
-namespace Botan {
-
-EAC1_1_CVC EAC1_1_CVC_CA::make_cert(PK_Signer& signer,
- MemoryRegion<byte> const& public_key,
- ASN1_Car const& car,
- ASN1_Chr const& chr,
- byte holder_auth_templ,
- ASN1_Ced ced,
- ASN1_Cex cex,
- RandomNumberGenerator& rng)
- {
- OID chat_oid(OIDS::lookup("CertificateHolderAuthorizationTemplate"));
- MemoryVector<byte> enc_chat_val;
- enc_chat_val.append(holder_auth_templ);
-
- MemoryVector<byte> enc_cpi;
- enc_cpi.append(0x00);
- MemoryVector<byte> tbs = DER_Encoder()
- .encode(enc_cpi, OCTET_STRING, ASN1_Tag(41), APPLICATION) // cpi
- .encode(car)
- .raw_bytes(public_key)
- .encode(chr)
- .start_cons(ASN1_Tag(76), APPLICATION)
- .encode(chat_oid)
- .encode(enc_chat_val, OCTET_STRING, ASN1_Tag(19), APPLICATION)
- .end_cons()
- .encode(ced)
- .encode(cex)
- .get_contents();
-
- MemoryVector<byte> signed_cert =
- EAC1_1_CVC::make_signed(signer,
- EAC1_1_CVC::build_cert_body(tbs),
- rng);
-
- DataSource_Memory source(signed_cert);
- return EAC1_1_CVC(source);
- }
-
-}
diff --git a/src/cert/cvc/cvc_ca.h b/src/cert/cvc/cvc_ca.h
deleted file mode 100644
index 87699808f..000000000
--- a/src/cert/cvc/cvc_ca.h
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
-* EAC1.1 CVC Certificate Authority
-* (C) 2007 FlexSecure GmbH
-* 2008 Jack Lloyd
-*
-* Distributed under the terms of the Botan license
-*/
-
-#ifndef BOTAN_CVC_CA_H__
-#define BOTAN_CVC_CA_H__
-
-#include <botan/pkcs8.h>
-#include <botan/pkcs10.h>
-#include <botan/pubkey.h>
-#include <botan/cvc_cert.h>
-
-namespace Botan {
-
-/**
-* This class represents a CVC CA.
-*/
-class BOTAN_DLL EAC1_1_CVC_CA
- {
- public:
-
- /**
- * Create an arbitrary EAC 1.1 CVC.
- * The desired key encoding must be set within the key (if applicable).
- * @param signer the signer used to sign the certificate
- * @param public_key the DER encoded public key to appear in
- * the certificate
- * @param car the CAR of the certificate
- * @param chr the CHR of the certificate
- * @param holder_auth_templ the holder authorization value byte to
- * appear in the CHAT of the certificate
- * @param ced the CED to appear in the certificate
- * @param ced the CEX to appear in the certificate
- */
- static EAC1_1_CVC make_cert(PK_Signer& signer,
- MemoryRegion<byte> const& public_key,
- ASN1_Car const& car,
- ASN1_Chr const& chr,
- byte holder_auth_templ,
- ASN1_Ced ced,
- ASN1_Cex cex,
- RandomNumberGenerator& rng);
- };
-
-}
-
-#endif
diff --git a/src/cert/cvc/cvc_cert.cpp b/src/cert/cvc/cvc_cert.cpp
index 94d80af21..44a3ff508 100644
--- a/src/cert/cvc/cvc_cert.cpp
+++ b/src/cert/cvc/cvc_cert.cpp
@@ -99,4 +99,41 @@ bool EAC1_1_CVC::operator==(EAC1_1_CVC const& rhs) const
&& get_concat_sig() == rhs.get_concat_sig());
}
+EAC1_1_CVC make_cvc_cert(PK_Signer& signer,
+ MemoryRegion<byte> const& public_key,
+ ASN1_Car const& car,
+ ASN1_Chr const& chr,
+ byte holder_auth_templ,
+ ASN1_Ced ced,
+ ASN1_Cex cex,
+ RandomNumberGenerator& rng)
+ {
+ OID chat_oid(OIDS::lookup("CertificateHolderAuthorizationTemplate"));
+ MemoryVector<byte> enc_chat_val;
+ enc_chat_val.append(holder_auth_templ);
+
+ MemoryVector<byte> enc_cpi;
+ enc_cpi.append(0x00);
+ MemoryVector<byte> tbs = DER_Encoder()
+ .encode(enc_cpi, OCTET_STRING, ASN1_Tag(41), APPLICATION) // cpi
+ .encode(car)
+ .raw_bytes(public_key)
+ .encode(chr)
+ .start_cons(ASN1_Tag(76), APPLICATION)
+ .encode(chat_oid)
+ .encode(enc_chat_val, OCTET_STRING, ASN1_Tag(19), APPLICATION)
+ .end_cons()
+ .encode(ced)
+ .encode(cex)
+ .get_contents();
+
+ MemoryVector<byte> signed_cert =
+ EAC1_1_CVC::make_signed(signer,
+ EAC1_1_CVC::build_cert_body(tbs),
+ rng);
+
+ DataSource_Memory source(signed_cert);
+ return EAC1_1_CVC(source);
+ }
+
}
diff --git a/src/cert/cvc/cvc_cert.h b/src/cert/cvc/cvc_cert.h
index ae0c21d7b..14287cfdd 100644
--- a/src/cert/cvc/cvc_cert.h
+++ b/src/cert/cvc/cvc_cert.h
@@ -9,13 +9,6 @@
#ifndef BOTAN_CVC_EAC_H__
#define BOTAN_CVC_EAC_H__
-#include <botan/x509_key.h>
-#include <botan/pubkey_enums.h>
-#include <botan/signed_obj.h>
-#include <botan/pubkey.h>
-#include <botan/ecdsa.h>
-#include <botan/ecdsa_sig.h>
-#include <botan/eac_obj.h>
#include <botan/cvc_gen_cert.h>
#include <string>
@@ -70,7 +63,6 @@ class BOTAN_DLL EAC1_1_CVC : public EAC1_1_gen_CVC<EAC1_1_CVC>//Signed_Object
virtual ~EAC1_1_CVC() {}
private:
void force_decode();
- friend class EAC1_1_CVC_CA;
EAC1_1_CVC() {}
ASN1_Car m_car;
@@ -88,6 +80,28 @@ inline bool operator!=(EAC1_1_CVC const& lhs, EAC1_1_CVC const& rhs)
return !(lhs == rhs);
}
+/**
+* Create an arbitrary EAC 1.1 CVC.
+* The desired key encoding must be set within the key (if applicable).
+* @param signer the signer used to sign the certificate
+* @param public_key the DER encoded public key to appear in
+* the certificate
+* @param car the CAR of the certificate
+* @param chr the CHR of the certificate
+* @param holder_auth_templ the holder authorization value byte to
+* appear in the CHAT of the certificate
+* @param ced the CED to appear in the certificate
+* @param ced the CEX to appear in the certificate
+*/
+EAC1_1_CVC BOTAN_DLL make_cvc_cert(PK_Signer& signer,
+ MemoryRegion<byte> const& public_key,
+ ASN1_Car const& car,
+ ASN1_Chr const& chr,
+ byte holder_auth_templ,
+ ASN1_Ced ced,
+ ASN1_Cex cex,
+ RandomNumberGenerator& rng);
+
}
#endif
diff --git a/src/cert/cvc/cvc_gen_cert.h b/src/cert/cvc/cvc_gen_cert.h
index 0a79d96d2..4e3f3013e 100644
--- a/src/cert/cvc/cvc_gen_cert.h
+++ b/src/cert/cvc/cvc_gen_cert.h
@@ -1,7 +1,7 @@
/*
* EAC1_1 general CVC
* (C) 2008 Falko Strenzke
-* 2008 Jack Lloyd
+* 2008-2010 Jack Lloyd
*
* Distributed under the terms of the Botan license
*/
@@ -9,13 +9,10 @@
#ifndef BOTAN_EAC_CVC_GEN_CERT_H__
#define BOTAN_EAC_CVC_GEN_CERT_H__
-#include <botan/x509_key.h>
+#include <botan/eac_obj.h>
#include <botan/eac_asn_obj.h>
-#include <botan/pubkey_enums.h>
-#include <botan/pubkey.h>
#include <botan/ecdsa.h>
-#include <botan/ecdsa_sig.h>
-#include <string>
+#include <memory>
namespace Botan {
diff --git a/src/cert/cvc/cvc_req.h b/src/cert/cvc/cvc_req.h
index 2abc72c9a..bfd65981f 100644
--- a/src/cert/cvc/cvc_req.h
+++ b/src/cert/cvc/cvc_req.h
@@ -8,10 +8,7 @@
#ifndef BOTAN_EAC_CVC_REQ_H__
#define BOTAN_EAC_CVC_REQ_H__
-#include <botan/x509_key.h>
-#include <botan/pubkey_enums.h>
#include <botan/cvc_gen_cert.h>
-#include <botan/cvc_req.h>
namespace Botan {
diff --git a/src/cert/cvc/cvc_self.cpp b/src/cert/cvc/cvc_self.cpp
index c5ac43b99..bafeea63f 100644
--- a/src/cert/cvc/cvc_self.cpp
+++ b/src/cert/cvc/cvc_self.cpp
@@ -1,13 +1,12 @@
/*
(C) 2007 FlexSecure GmbH
- 2008 Jack Lloyd
+ 2008-2010 Jack Lloyd
*
* Distributed under the terms of the Botan license
*/
#include <botan/cvc_self.h>
#include <botan/cvc_cert.h>
-#include <botan/cvc_ca.h>
#include <botan/alg_id.h>
#include <botan/cvc_key.h>
#include <botan/oids.h>
@@ -16,7 +15,6 @@
#include <botan/cvc_ado.h>
#include <botan/time.h>
#include <sstream>
-#include <assert.h>
namespace Botan {
@@ -35,12 +33,20 @@ enum CHAT_values{
FINGERPRINT = 0x01
};
+MemoryVector<byte> eac_1_1_encoding(const Public_Key* pub_key)
+ {
+ throw Invalid_State("eac_1_1_encoding: Not implemented");
+ return MemoryVector<byte>();
+ }
+
std::string padding_and_hash_from_oid(OID const& oid)
{
std::string padding_and_hash = OIDS::lookup(oid); // use the hash
- assert(padding_and_hash.substr(0,6) == "ECDSA/"); // can only be ECDSA for now
- assert(padding_and_hash.find("/",0) == 5);
- padding_and_hash.erase(0, padding_and_hash.find("/",0) + 1);
+
+ if(padding_and_hash.substr(0,6) != "ECDSA/")
+ throw Invalid_State("CVC: Can only use ECDSA, not " + padding_and_hash);
+
+ padding_and_hash.erase(0, padding_and_hash.find("/") + 1);
return padding_and_hash;
}
@@ -89,18 +95,13 @@ EAC1_1_CVC create_self_signed_cert(Private_Key const& key,
std::auto_ptr<Botan::PK_Signer> signer(
get_pk_signer(*priv_key, padding_and_hash));
-#if 0 // FIXME
- std::auto_ptr<EAC1_1_CVC_Encoder> enc(priv_key->cvc_eac1_1_encoder());
- MemoryVector<byte> enc_public_key = enc->public_key(sig_algo);
-#else
- MemoryVector<byte> enc_public_key;
-#endif
-
- return EAC1_1_CVC_CA::make_cert(*signer,
- enc_public_key,
- opt.car, chr,
- opt.holder_auth_templ,
- opt.ced, opt.cex, rng);
+ MemoryVector<byte> enc_public_key = eac_1_1_encoding(priv_key);
+
+ return make_cvc_cert(*signer,
+ enc_public_key,
+ opt.car, chr,
+ opt.holder_auth_templ,
+ opt.ced, opt.cex, rng);
}
EAC1_1_Req create_cvc_req(Private_Key const& key,
@@ -121,12 +122,7 @@ EAC1_1_Req create_cvc_req(Private_Key const& key,
std::auto_ptr<Botan::PK_Signer> signer(get_pk_signer(*priv_key, padding_and_hash));
-#if 0 // FIXME
- std::auto_ptr<EAC1_1_CVC_Encoder> enc(priv_key->cvc_eac1_1_encoder());
- MemoryVector<byte> enc_public_key = enc->public_key(sig_algo);
-#else
- MemoryVector<byte> enc_public_key;
-#endif
+ MemoryVector<byte> enc_public_key = eac_1_1_encoding(priv_key);
MemoryVector<byte> enc_cpi;
enc_cpi.append(0x00);
@@ -226,20 +222,14 @@ EAC1_1_CVC link_cvca(EAC1_1_CVC const& signer,
ECDSA_PublicKey* subj_pk = dynamic_cast<ECDSA_PublicKey*>(pk.get());
subj_pk->set_parameter_encoding(EC_DOMPAR_ENC_EXPLICIT);
-#if 0 // FIXME
- std::auto_ptr<EAC1_1_CVC_Encoder> enc(subj_pk->cvc_eac1_1_encoder());
- MemoryVector<byte> enc_public_key = enc->public_key(sig_algo);
-#else
- MemoryVector<byte> enc_public_key;
-#endif
-
- return EAC1_1_CVC_CA::make_cert(*pk_signer, enc_public_key,
- signer.get_car(),
- signee.get_chr(),
- signer.get_chat_value(),
- ced,
- cex,
- rng);
+ MemoryVector<byte> enc_public_key = eac_1_1_encoding(priv_key);
+
+ return make_cvc_cert(*pk_signer, enc_public_key,
+ signer.get_car(),
+ signee.get_chr(),
+ signer.get_chat_value(),
+ ced, cex,
+ rng);
}
EAC1_1_CVC sign_request(EAC1_1_CVC const& signer_cert,
@@ -272,12 +262,7 @@ EAC1_1_CVC sign_request(EAC1_1_CVC const& signer_cert,
subj_pk->set_parameter_encoding(EC_DOMPAR_ENC_IMPLICITCA);
-#if 0 // FIXME
- std::auto_ptr<EAC1_1_CVC_Encoder> enc(subj_pk->cvc_eac1_1_encoder());
- MemoryVector<byte> enc_public_key = enc->public_key(sig_algo);
-#else
- MemoryVector<byte> enc_public_key;
-#endif
+ MemoryVector<byte> enc_public_key = eac_1_1_encoding(priv_key);
AlgorithmIdentifier sig_algo(signer_cert.signature_algorithm());
const u64bit current_time = system_time();
@@ -309,13 +294,13 @@ EAC1_1_CVC sign_request(EAC1_1_CVC const& signer_cert,
throw Invalid_Argument("sign_request(): encountered illegal value for CHAT");
// (IS cannot sign certificates)
}
- return EAC1_1_CVC_CA::make_cert(*pk_signer, enc_public_key,
- ASN1_Car(signer_cert.get_chr().iso_8859()),
- chr,
- chat_val,
- ced,
- cex,
- rng);
+ return make_cvc_cert(*pk_signer, enc_public_key,
+ ASN1_Car(signer_cert.get_chr().iso_8859()),
+ chr,
+ chat_val,
+ ced,
+ cex,
+ rng);
}
EAC1_1_Req create_cvc_req(Private_Key const& prkey,
diff --git a/src/cert/cvc/eac_asn_obj.h b/src/cert/cvc/eac_asn_obj.h
index 652c9a6e6..9eaf02f63 100644
--- a/src/cert/cvc/eac_asn_obj.h
+++ b/src/cert/cvc/eac_asn_obj.h
@@ -1,7 +1,7 @@
/*
* EAC ASN.1 Objects
* (C) 2007-2008 FlexSecure GmbH
-* 2008 Jack Lloyd
+* 2008-2010 Jack Lloyd
*
* Distributed under the terms of the Botan license
*/
@@ -10,8 +10,6 @@
#define BOTAN_EAC_ASN1_OBJ_H__
#include <botan/asn1_obj.h>
-#include <vector>
-#include <map>
namespace Botan {
diff --git a/src/cert/cvc/eac_obj.h b/src/cert/cvc/eac_obj.h
index f41d0af2b..1c6802d58 100644
--- a/src/cert/cvc/eac_obj.h
+++ b/src/cert/cvc/eac_obj.h
@@ -8,16 +8,11 @@
#ifndef BOTAN_EAC_OBJ_H__
#define BOTAN_EAC_OBJ_H__
-#include <botan/pubkey.h>
-#include <botan/x509_key.h>
+#include <botan/ecdsa_sig.h>
#include <botan/signed_obj.h>
-#include <botan/pubkey_enums.h>
-#include <botan/pubkey.h>
-#include <botan/parsing.h>
-#include <botan/pem.h>
-#include <botan/oids.h>
#include <botan/look_pk.h>
-#include <botan/ecdsa_sig.h>
+#include <botan/oids.h>
+#include <memory>
#include <string>
namespace Botan {
diff --git a/src/cert/cvc/ecdsa_sig.cpp b/src/cert/cvc/ecdsa_sig.cpp
index c33a4550a..f49aa1b09 100644
--- a/src/cert/cvc/ecdsa_sig.cpp
+++ b/src/cert/cvc/ecdsa_sig.cpp
@@ -13,7 +13,7 @@ ECDSA_Signature::ECDSA_Signature(const ECDSA_Signature& other)
: m_r(other.m_r), m_s(other.m_s)
{}
-ECDSA_Signature const& ECDSA_Signature::operator=(const ECDSA_Signature& other)
+ECDSA_Signature& ECDSA_Signature::operator=(const ECDSA_Signature& other)
{
m_r = other.m_r;
m_s = other.m_s;
@@ -25,7 +25,7 @@ bool operator==(const ECDSA_Signature& lhs, const ECDSA_Signature& rhs)
return (lhs.get_r() == rhs.get_r() && lhs.get_s() == rhs.get_s());
}
-SecureVector<byte> const ECDSA_Signature::get_concatenation() const
+SecureVector<byte> ECDSA_Signature::get_concatenation() const
{
u32bit enc_len = m_r > m_s ? m_r.bytes() : m_s.bytes(); // use the larger
@@ -37,7 +37,7 @@ SecureVector<byte> const ECDSA_Signature::get_concatenation() const
return result;
}
-ECDSA_Signature const decode_seq(MemoryRegion<byte> const& seq)
+ECDSA_Signature decode_seq(const MemoryRegion<byte>& seq)
{
ECDSA_Signature sig;
@@ -46,7 +46,7 @@ ECDSA_Signature const decode_seq(MemoryRegion<byte> const& seq)
return sig;
}
-ECDSA_Signature const decode_concatenation(MemoryRegion<byte> const& concat)
+ECDSA_Signature decode_concatenation(const MemoryRegion<byte>& concat)
{
if(concat.size() % 2 != 0)
throw Invalid_Argument("Erroneous length of signature");
diff --git a/src/cert/cvc/ecdsa_sig.h b/src/cert/cvc/ecdsa_sig.h
index 15015c76d..3e202d703 100644
--- a/src/cert/cvc/ecdsa_sig.h
+++ b/src/cert/cvc/ecdsa_sig.h
@@ -1,7 +1,7 @@
/*
* ECDSA
* (C) 2007 Falko Strenzke, FlexSecure GmbH
-* (C) 2008 Jack Lloyd
+* (C) 2008-2010 Jack Lloyd
*
* Distributed under the terms of the Botan license
*/
@@ -22,8 +22,8 @@ class BOTAN_DLL ECDSA_Signature
ECDSA_Signature() {}
ECDSA_Signature(const BigInt& r, const BigInt& s);
- ECDSA_Signature(ECDSA_Signature const& other);
- ECDSA_Signature const& operator=(ECDSA_Signature const& other);
+ ECDSA_Signature(const ECDSA_Signature& other);
+ ECDSA_Signature& operator=(const ECDSA_Signature& other);
const BigInt& get_r() const { return m_r; }
const BigInt& get_s() const { return m_s; }
@@ -31,7 +31,7 @@ class BOTAN_DLL ECDSA_Signature
/**
* return the r||s
*/
- SecureVector<byte> const get_concatenation() const;
+ SecureVector<byte> get_concatenation() const;
private:
BigInt m_r;
BigInt m_s;
@@ -56,8 +56,11 @@ class BOTAN_DLL ECDSA_Signature_Decoder
.verify_end()
.end_cons();
}
- ECDSA_Signature_Decoder(ECDSA_Signature* signature) : m_signature(signature)
+
+ ECDSA_Signature_Decoder(ECDSA_Signature* signature) :
+ m_signature(signature)
{}
+
private:
ECDSA_Signature* m_signature;
};
@@ -74,14 +77,17 @@ class BOTAN_DLL ECDSA_Signature_Encoder
.end_cons()
.get_contents();
}
- ECDSA_Signature_Encoder(const ECDSA_Signature* signature) : m_signature(signature)
+
+ ECDSA_Signature_Encoder(const ECDSA_Signature* signature) :
+ m_signature(signature)
{}
+
private:
const ECDSA_Signature* m_signature;
};
-ECDSA_Signature const decode_seq(MemoryRegion<byte> const& seq);
-ECDSA_Signature const decode_concatenation(MemoryRegion<byte> const& concatenation);
+ECDSA_Signature decode_seq(const MemoryRegion<byte>& seq);
+ECDSA_Signature decode_concatenation(const MemoryRegion<byte>& concatenation);
}
diff --git a/src/cert/cvc/info.txt b/src/cert/cvc/info.txt
index f3cf42a0e..3b83781f7 100644
--- a/src/cert/cvc/info.txt
+++ b/src/cert/cvc/info.txt
@@ -4,7 +4,6 @@ load_on auto
<header:public>
cvc_ado.h
-cvc_ca.h
cvc_cert.h
cvc_gen_cert.h
cvc_key.h
@@ -21,7 +20,6 @@ asn1_eac_str.cpp
asn1_eac_tm.cpp
ecdsa_sig.cpp
cvc_ado.cpp
-cvc_ca.cpp
cvc_cert.cpp
cvc_req.cpp
cvc_self.cpp